cryptoLayer.h   cryptoLayer.h 
/* /*
* cryptoLayer.h * cryptoLayer.h
* Release $Name: MATRIXSSL_1_8_6_OPEN $ * Release $Name: MATRIXSSL_1_8_8_OPEN $
* *
* Cryptography provider layered header. This layer decouples * Cryptography provider layered header. This layer decouples
* the cryptography implementation from the SSL protocol implementation . * the cryptography implementation from the SSL protocol implementation .
* Contributors adding new providers must implement all functions * Contributors adding new providers must implement all functions
* externed below. * externed below.
*/ */
/* /*
* Copyright (c) PeerSec Networks, 2002-2008. All Rights Reserved. * Copyright (c) PeerSec Networks, 2002-2009. All Rights Reserved.
* The latest version of this code is available at http://www.matrixssl .org * The latest version of this code is available at http://www.matrixssl .org
* *
* This software is open source; you can redistribute it and/or modify * This software is open source; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version. * (at your option) any later version.
* *
* This General Public License does NOT permit incorporating this softw are * This General Public License does NOT permit incorporating this softw are
* into proprietary programs. If you are unable to comply with the GPL , a * into proprietary programs. If you are unable to comply with the GPL , a
* commercial license for this software may be purchased from PeerSec N etworks * commercial license for this software may be purchased from PeerSec N etworks
 End of changes. 2 change blocks. 
2 lines changed or deleted 2 lines changed or added


 matrixCommon.h   matrixCommon.h 
/* /*
* matrixCommon.h * matrixCommon.h
* Release $Name: MATRIXSSL_1_8_6_OPEN $ * Release $Name: MATRIXSSL_1_8_8_OPEN $
* *
* Public common header file * Public common header file
*/ */
/* /*
* Copyright (c) PeerSec Networks, 2002-2008. All Rights Reserved. * Copyright (c) PeerSec Networks, 2002-2009. All Rights Reserved.
* The latest version of this code is available at http://www.matrixssl .org * The latest version of this code is available at http://www.matrixssl .org
* *
* This software is open source; you can redistribute it and/or modify * This software is open source; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version. * (at your option) any later version.
* *
* This General Public License does NOT permit incorporating this softw are * This General Public License does NOT permit incorporating this softw are
* into proprietary programs. If you are unable to comply with the GPL , a * into proprietary programs. If you are unable to comply with the GPL , a
* commercial license for this software may be purchased from PeerSec N etworks * commercial license for this software may be purchased from PeerSec N etworks
skipping to change at line 79 skipping to change at line 79
/************************************************************************** ****/ /************************************************************************** ****/
/* /*
matrixSslSetSessionOption defines matrixSslSetSessionOption defines
*/ */
#define SSL_OPTION_DELETE_SESSION 0 #define SSL_OPTION_DELETE_SESSION 0
/************************************************************************** ****/ /************************************************************************** ****/
/* /*
Typdefs required for public apis. From an end user perspective, the Typdefs required for public apis. From an end user perspective, the
sslBuf_t and sslCertInfo_t types have internal fields that are publi c, sslBuf_t and sslCertInfo_t types have internal fields that are publi c,
but ssl_t, sslKeys_t, sslRsaCert_t,and sslSessionId_t do not. Defin ing but ssl_t, sslKeys_t, sslCert_t,and sslSessionId_t do not. Defining
those as 'int32' requires it to be treated as an opaque data type to be those as 'int32' requires it to be treated as an opaque data type to be
passed to public apis passed to public apis
*/ */
#ifndef _h_EXPORT_SYMBOLS #ifndef _h_EXPORT_SYMBOLS
typedef int32 ssl_t; typedef int32 ssl_t;
typedef int32 sslKeys_t; typedef int32 sslKeys_t;
typedef int32 sslSessionId_t; typedef int32 sslSessionId_t;
typedef int32 sslRsaCert_t; typedef int32 sslCert_t;
/************************************************************************** ****/ /************************************************************************** ****/
/* /*
Explicitly import MATRIXPUBLIC apis on Windows. If we're being incl uded Explicitly import MATRIXPUBLIC apis on Windows. If we're being incl uded
from an internal header, we export them instead! from an internal header, we export them instead!
*/ */
#ifdef WIN32 #ifdef WIN32
#define MATRIXPUBLIC extern __declspec(dllimport) #define MATRIXPUBLIC extern __declspec(dllimport)
#endif /* WIN */ #endif /* WIN */
#else /* h_EXPORT_SYMOBOLS */ #else /* h_EXPORT_SYMOBOLS */
 End of changes. 4 change blocks. 
4 lines changed or deleted 4 lines changed or added


 matrixConfig.h   matrixConfig.h 
/* /*
* matrixConfig.h * matrixConfig.h
* Release $Name: MATRIXSSL_1_8_6_OPEN $ * Release $Name: MATRIXSSL_1_8_8_OPEN $
* *
* Configuration settings for building the MatrixSSL library. * Configuration settings for building the MatrixSSL library.
* These options affect the size and algorithms present in the library. * These options affect the size and algorithms present in the library.
*/ */
/* /*
* Copyright (c) PeerSec Networks, 2002-2008. All Rights Reserved. * Copyright (c) PeerSec Networks, 2002-2009. All Rights Reserved.
* The latest version of this code is available at http://www.matrixssl .org * The latest version of this code is available at http://www.matrixssl .org
* *
* This software is open source; you can redistribute it and/or modify * This software is open source; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version. * (at your option) any later version.
* *
* This General Public License does NOT permit incorporating this softw are * This General Public License does NOT permit incorporating this softw are
* into proprietary programs. If you are unable to comply with the GPL , a * into proprietary programs. If you are unable to comply with the GPL , a
* commercial license for this software may be purchased from PeerSec N etworks * commercial license for this software may be purchased from PeerSec N etworks
skipping to change at line 88 skipping to change at line 88
/************************************************************************** ****/ /************************************************************************** ****/
/* /*
Hi-res POSIX timer. Use rdtscll() for timing routines in linux.c Hi-res POSIX timer. Use rdtscll() for timing routines in linux.c
*/ */
/* #define USE_RDTSCLL_TIME */ /* #define USE_RDTSCLL_TIME */
/************************************************************************** ****/ /************************************************************************** ****/
/* /*
Support for multithreading environment. This should be enabled Support for multithreading environment. This should be enabled
if multiple SSL sessions will be active at the same time in if multiple SSL sessions will be active at the same time in
different threads. The library will still be single threaded, different threads. The library will serialize access to the session
but will serialize access to the session cache with a mutex. cache and memory pools with a mutex.
By default this is off, so that on POSIX platforms, pthreads isn't r
eq'd
*/ */
#define USE_MULTITHREADING /* #define USE_MULTITHREADING */
/************************************************************************** ****/ /************************************************************************** ****/
/* /*
Support for file system. Support for file system.
*/ */
#define USE_FILE_SYSTEM #define USE_FILE_SYSTEM
/**************************************************************************
****/
/*
Allow servers to proceed with rehandshakes.
SECURITY: A protocol flaw has been demonstrated in which an "authentica
tion
gap" is possible during rehandshakes that enable a man-in-the-middle to
inject plain-text HTTP traffic into an authenticated client-server sess
ion
It is advised to leave this disabled if you are using HTTPS
*/
/* #define ALLOW_SERVER_REHANDSHAKES */
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif
#endif /* _h_MATRIXCONFIG */ #endif /* _h_MATRIXCONFIG */
/************************************************************************** ****/ /************************************************************************** ****/
 End of changes. 5 change blocks. 
5 lines changed or deleted 22 lines changed or added


 matrixCrypto.h   matrixCrypto.h 
/* /*
* matrixCrypto.h * matrixCrypto.h
* Release $Name: MATRIXSSL_1_8_6_OPEN $ * Release $Name: MATRIXSSL_1_8_8_OPEN $
* *
* Public API set for matrixCrypto * Public API set for matrixCrypto
*/ */
/* /*
* Copyright (c) PeerSec Networks, 2002-2008. All Rights Reserved. * Copyright (c) PeerSec Networks, 2002-2009. All Rights Reserved.
* The latest version of this code is available at http://www.matrixssl .org * The latest version of this code is available at http://www.matrixssl .org
* *
* This software is open source; you can redistribute it and/or modify * This software is open source; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version. * (at your option) any later version.
* *
* This General Public License does NOT permit incorporating this softw are * This General Public License does NOT permit incorporating this softw are
* into proprietary programs. If you are unable to comply with the GPL , a * into proprietary programs. If you are unable to comply with the GPL , a
* commercial license for this software may be purchased from PeerSec N etworks * commercial license for this software may be purchased from PeerSec N etworks
 End of changes. 2 change blocks. 
2 lines changed or deleted 2 lines changed or added


 matrixInternal.h   matrixInternal.h 
/* /*
* matrixInternal.h * matrixInternal.h
* Release $Name: MATRIXSSL_1_8_6_OPEN $ * Release $Name: MATRIXSSL_1_8_8_OPEN $
* *
* Internal header file used for the MatrixSSL implementation. * Internal header file used for the MatrixSSL implementation.
* Only modifiers of the library should be intersted in this file * Only modifiers of the library should be intersted in this file
*/ */
/* /*
* Copyright (c) PeerSec Networks, 2002-2008. All Rights Reserved. * Copyright (c) PeerSec Networks, 2002-2009. All Rights Reserved.
* The latest version of this code is available at http://www.matrixssl .org * The latest version of this code is available at http://www.matrixssl .org
* *
* This software is open source; you can redistribute it and/or modify * This software is open source; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version. * (at your option) any later version.
* *
* This General Public License does NOT permit incorporating this softw are * This General Public License does NOT permit incorporating this softw are
* into proprietary programs. If you are unable to comply with the GPL , a * into proprietary programs. If you are unable to comply with the GPL , a
* commercial license for this software may be purchased from PeerSec N etworks * commercial license for this software may be purchased from PeerSec N etworks
skipping to change at line 177 skipping to change at line 177
unsigned char readMAC[SSL_MAX_MAC_SIZE]; unsigned char readMAC[SSL_MAX_MAC_SIZE];
unsigned char writeKey[SSL_MAX_SYM_KEY_SIZE]; unsigned char writeKey[SSL_MAX_SYM_KEY_SIZE];
unsigned char readKey[SSL_MAX_SYM_KEY_SIZE]; unsigned char readKey[SSL_MAX_SYM_KEY_SIZE];
unsigned char writeIV[SSL_MAX_IV_SIZE]; unsigned char writeIV[SSL_MAX_IV_SIZE];
unsigned char readIV[SSL_MAX_IV_SIZE]; unsigned char readIV[SSL_MAX_IV_SIZE];
unsigned char seq[8]; unsigned char seq[8];
unsigned char remSeq[8]; unsigned char remSeq[8];
#ifdef USE_CLIENT_SIDE_SSL #ifdef USE_CLIENT_SIDE_SSL
sslRsaCert_t *cert; sslCert_t *cert;
int32 (*validateCert)(sslCertInfo_t *certInfo, void *arg); int32 (*validateCert)(sslCertInfo_t *certInfo, void *arg);
void *validateCertArg; void *validateCertArg;
int32 certMatch; int32 certMatch;
#endif /* USE_CLIENT_SIDE_SSL */ #endif /* USE_CLIENT_SIDE_SSL */
sslMd5Context_t msgHashMd5; sslMd5Context_t msgHashMd5;
sslSha1Context_t msgHashSha1; sslSha1Context_t msgHashSha1;
sslCipherContext_t encryptCtx; sslCipherContext_t encryptCtx;
sslCipherContext_t decryptCtx; sslCipherContext_t decryptCtx;
skipping to change at line 204 skipping to change at line 204
unsigned char keySize; unsigned char keySize;
unsigned char ivSize; unsigned char ivSize;
unsigned char blockSize; unsigned char blockSize;
/* Init function */ /* Init function */
int32 (*init)(sslSec_t *sec, int32 type); int32 (*init)(sslSec_t *sec, int32 type);
/* Cipher functions */ /* Cipher functions */
int32 (*encrypt)(sslCipherContext_t *ctx, unsigned char *in, int32 (*encrypt)(sslCipherContext_t *ctx, unsigned char *in,
unsigned char *out, int32 len); unsigned char *out, int32 len);
int32 (*decrypt)(sslCipherContext_t *ctx, unsigned char *in, int32 (*decrypt)(sslCipherContext_t *ctx, unsigned char *in,
unsigned char *out, int32 len); unsigned char *out, int32 len);
int32 (*encryptPriv)(psPool_t *pool, sslRsaKey_t *key,
unsigned char *in, int32 inlen,
unsigned char *out, int32 outlen);
int32 (*decryptPub)(psPool_t *pool, sslRsaKey_t *key,
unsigned char *in, int32 inlen,
unsigned char *out, int32 outlen);
int32 (*encryptPub)(psPool_t *pool, sslRsaKey_t *key, int32 (*encryptPub)(psPool_t *pool, sslRsaKey_t *key,
unsigned char *in, int32 inlen, unsigned char *in, int32 inlen,
unsigned char *out, int32 outlen); unsigned char *out, int32 outlen);
int32 (*decryptPriv)(psPool_t *pool, sslRsaKey_t *key, int32 (*decryptPriv)(psPool_t *pool, sslRsaKey_t *key,
unsigned char *in, int32 inlen, unsigned char *in, int32 inlen,
unsigned char *out, int32 outlen); unsigned char *out, int32 outlen);
int32 (*generateMac)(void *ssl, unsigned char type, unsigned char *d ata, int32 (*generateMac)(void *ssl, unsigned char type, unsigned char *d ata,
int32 len, unsigned char *mac); int32 len, unsigned char *mac);
int32 (*verifyMac)(void *ssl, unsigned char type, unsigned char *dat a, int32 (*verifyMac)(void *ssl, unsigned char type, unsigned char *dat a,
int32 len, unsigned char *mac); int32 len, unsigned char *mac);
skipping to change at line 244 skipping to change at line 250
We duplicate these here from 'cipher' because we need to set the We duplicate these here from 'cipher' because we need to set the
various callbacks at different times in the handshake protoc ol various callbacks at different times in the handshake protoc ol
Also, there are 64 bit alignment issues in using the functio n pointers Also, there are 64 bit alignment issues in using the functio n pointers
within 'cipher' directly within 'cipher' directly
*/ */
int32 (*encrypt)(sslCipherContext_t *ctx, unsigned char *in, int32 (*encrypt)(sslCipherContext_t *ctx, unsigned char *in,
unsigned char *out, int32 len); unsigned char *out, int32 len);
int32 (*decrypt)(sslCipherContext_t *ctx, unsigned char *in, int32 (*decrypt)(sslCipherContext_t *ctx, unsigned char *in,
unsigned char *out, int32 len); unsigned char *out, int32 len);
/* Public key ciphers */ /* Public key ciphers */
int32 (*encryptPriv)(psPool_t *pool, sslRsaKey_t *key,
unsigned char *in, int32 inlen,
unsigned char *out, int32 outlen);
int32 (*decryptPub)(psPool_t *pool, sslRsaKey_t *key,
unsigned char *in, int32 inlen,
unsigned char *out, int32 outlen);
int32 (*encryptPub)(psPool_t *pool, sslRsaKey_t *key, int32 (*encryptPub)(psPool_t *pool, sslRsaKey_t *key,
unsigned char *in, int32 inlen, unsigned char *in, int32 inlen,
unsigned char *out, int32 outlen); unsigned char *out, int32 outlen);
int32 (*decryptPriv)(psPool_t *pool, sslRsaKey_t *key, int32 (*decryptPriv)(psPool_t *pool, sslRsaKey_t *key,
unsigned char *in, int32 inlen, unsigned char *in, int32 inlen,
unsigned char *out, int32 outlen); unsigned char *out, int32 outlen);
/* Message Authentication Codes */ /* Message Authentication Codes */
int32 (*generateMac)(void *ssl, unsigned char type, unsigned char *d ata, int32 (*generateMac)(void *ssl, unsigned char type, unsigned char *d ata,
int32 len, unsigned char *mac); int32 len, unsigned char *mac);
int32 (*verifyMac)(void *ssl, unsigned char type, unsigned char *dat a, int32 (*verifyMac)(void *ssl, unsigned char type, unsigned char *dat a,
 End of changes. 5 change blocks. 
3 lines changed or deleted 15 lines changed or added


 matrixPki.h   matrixPki.h 
/* /*
* matrixPki.h * matrixPki.h
* Release $Name: MATRIXSSL_1_8_6_OPEN $ * Release $Name: MATRIXSSL_1_8_8_OPEN $
* *
* Public header file for MatrixPKI extension * Public header file for MatrixPKI extension
* Implementations interacting with the PKI portion of the * Implementations interacting with the PKI portion of the
* matrixssl library should only use the APIs and definitions * matrixssl library should only use the APIs and definitions
* used in this file. * used in this file.
*/ */
/* /*
* Copyright (c) PeerSec Networks, 2002-2008. All Rights Reserved. * Copyright (c) PeerSec Networks, 2002-2009. All Rights Reserved.
* The latest version of this code is available at http://www.matrixssl .org * The latest version of this code is available at http://www.matrixssl .org
* *
* This software is open source; you can redistribute it and/or modify * This software is open source; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version. * (at your option) any later version.
* *
* This General Public License does NOT permit incorporating this softw are * This General Public License does NOT permit incorporating this softw are
* into proprietary programs. If you are unable to comply with the GPL , a * into proprietary programs. If you are unable to comply with the GPL , a
* commercial license for this software may be purchased from PeerSec N etworks * commercial license for this software may be purchased from PeerSec N etworks
skipping to change at line 68 skipping to change at line 68
* PKI documented APIs * PKI documented APIs
*/ */
MATRIXPUBLIC int32 matrixPkiOpen(void); MATRIXPUBLIC int32 matrixPkiOpen(void);
MATRIXPUBLIC void matrixPkiClose(void); MATRIXPUBLIC void matrixPkiClose(void);
#ifdef USE_RSA #ifdef USE_RSA
/* /*
Private key reading and conversions Private key reading and conversions
*/ */
#ifdef USE_FILE_SYSTEM #ifdef USE_FILE_SYSTEM
MATRIXPUBLIC int32 matrixRsaReadPrivKey(psPool_t *pool, const char *fileNam e, MATRIXPUBLIC int32 matrixX509ReadPrivKey(psPool_t *pool, const char *fileNa me,
const char *password, unsigned char **out, const char *password, unsigned char **out,
int32 *out Len); int32 *out Len);
#endif /* USE_FILE_SYSTEM */ #endif /* USE_FILE_SYSTEM */
MATRIXPUBLIC int32 matrixRsaParsePrivKey(psPool_t *pool, unsigned char *key Buf, MATRIXPUBLIC int32 matrixRsaParsePrivKey(psPool_t *pool, unsigned char *key Buf,
int3 2 keyBufLen, sslRsaKey_t **key); int3 2 keyBufLen, sslRsaKey_t **key);
MATRIXPUBLIC int32 matrixRsaParsePubKey(psPool_t *pool, unsigned char *keyB uf, MATRIXPUBLIC int32 matrixRsaParsePubKey(psPool_t *pool, unsigned char *keyB uf,
int3 2 keyBufLen, sslRsaKey_t **key); int3 2 keyBufLen, sslRsaKey_t **key);
MATRIXPUBLIC void matrixRsaFreeKey(sslRsaKey_t *key); MATRIXPUBLIC void matrixRsaFreeKey(sslRsaKey_t *key);
MATRIXPUBLIC int32 matrixRsaConvertToPublicKey(psPool_t *pool, MATRIXPUBLIC int32 matrixRsaConvertToPublicKey(psPool_t *pool,
sslRsaKey_t *privKey, sslRsaKey_t **pubKey); sslRsaKey_t *privKey, sslRsaKey_t **pubKey);
/* /*
USE_X509 adds certificate support USE_X509 adds certificate support
*/ */
#ifdef USE_X509 #ifdef USE_X509
MATRIXPUBLIC int32 matrixRsaReadKeysMem(sslKeys_t **keys, MATRIXPUBLIC int32 matrixX509ReadKeysMem(sslKeys_t **keys,
unsigned char *certBuf, int3 2 certLen, unsigned char *certBuf, int3 2 certLen,
unsigned char *privBuf, int3 2 privLen, unsigned char *privBuf, int3 2 privLen,
unsigned char *trustedCABuf, int32 trustedCALen); unsigned char *trustedCABuf, int32 trustedCALen);
MATRIXPUBLIC void matrixRsaFreeKeys(sslKeys_t *keys); MATRIXPUBLIC void matrixRsaFreeKeys(sslKeys_t *keys);
#ifdef USE_FILE_SYSTEM #ifdef USE_FILE_SYSTEM
MATRIXPUBLIC int32 matrixRsaReadKeys(sslKeys_t **keys, const char *cert File, MATRIXPUBLIC int32 matrixX509ReadKeys(sslKeys_t **keys, const char *cer tFile,
const char *privFile, const char *privPass, const char *privFile, const char *privPass,
const char *trustedCAFile); const char *trustedCAFile);
MATRIXPUBLIC int32 matrixRsaReadKeysEx(psPool_t *pool, sslKeys_t **keys, MATRIXPUBLIC int32 matrixX509ReadKeysEx(psPool_t *pool, sslKeys_t **keys,
const char *certFile, const char *privFile, const char *certFile, const char *privFile,
const char *privPass, const char *trustedCAF iles); const char *privPass, const char *trustedCAF iles);
MATRIXPUBLIC int32 matrixX509ReadCert(psPool_t *pool, const char *fileName, MATRIXPUBLIC int32 matrixX509ReadCert(psPool_t *pool, const char *fileName,
unsigned char **o ut, int32 *outLen, unsigned char **o ut, int32 *outLen,
sslChainLen_t *ch ain); sslChainLen_t *ch ain);
MATRIXPUBLIC int32 matrixX509ReadPubKey(psPool_t *pool, const char *certFil e, MATRIXPUBLIC int32 matrixX509ReadPubKey(psPool_t *pool, const char *certFil e,
sslRsaKey_t **key); sslRsaKey_t **key);
#endif /* USE_FILE_SYSTEM */ #endif /* USE_FILE_SYSTEM */
MATRIXPUBLIC int32 matrixRsaParseKeysMem(psPool_t *pool, sslKeys_t **keys, MATRIXPUBLIC int32 matrixRsaParseKeysMem(psPool_t *pool, sslKeys_t **keys,
unsigned char *certBuf, int32 certLen, unsigned char *privBuf, unsigned char *certBuf, int32 certLen, unsigned char *privBuf,
int32 privLen, unsigned char *trustedCABuf, int32 tr ustedCALen); int32 privLen, unsigned char *trustedCABuf, int32 tr ustedCALen);
MATRIXPUBLIC int32 matrixX509ParseCert(psPool_t *pool, unsigned char *certB uf, MATRIXPUBLIC int32 matrixX509ParseCert(psPool_t *pool, unsigned char *certB uf,
int32 certlen, ss int32 certlen, ss
lRsaCert_t **cert); lCert_t **cert);
MATRIXPUBLIC void matrixX509FreeCert(sslRsaCert_t *cert); MATRIXPUBLIC void matrixX509FreeCert(sslCert_t *cert);
MATRIXPUBLIC int32 matrixX509ParsePubKey(psPool_t *pool, unsigned char *cer tBuf, MATRIXPUBLIC int32 matrixX509ParsePubKey(psPool_t *pool, unsigned char *cer tBuf,
int3 2 certLen, sslRsaKey_t **key); int3 2 certLen, sslRsaKey_t **key);
MATRIXPUBLIC int32 matrixX509ValidateCert(psPool_t *pool, MATRIXPUBLIC int32 matrixX509ValidateCert(psPool_t *pool,
sslRsaCert_t *subjectCert, s slRsaCert_t *issuerCert, sslCert_t *subjectCert, sslC ert_t *issuerCert,
int32 *valid); int32 *valid);
MATRIXPUBLIC int32 matrixX509ValidateCertChain(psPool_t *pool, MATRIXPUBLIC int32 matrixX509ValidateCertChain(psPool_t *pool,
sslRsaCert_t *chain, sslRsaC ert_t **subjectCert, sslCert_t *chain, sslCert_t **subjectCert,
int32 *valid); int32 *valid);
MATRIXPUBLIC int32 matrixX509UserValidator(psPool_t *pool, MATRIXPUBLIC int32 matrixX509UserValidator(psPool_t *pool,
sslRsaCert_t *subjectCert, sslCert_t *subjectCert,
int32 (*certValidator)(sslCe rtInfo_t *t, void *arg), int32 (*certValidator)(sslCe rtInfo_t *t, void *arg),
void *arg); void *arg);
#endif /* USE_X509 */ #endif /* USE_X509 */
#endif /* USE_RSA */ #endif /* USE_RSA */
/************************************************************************** ****/ /************************************************************************** ****/
#ifdef __cplusplus #ifdef __cplusplus
} }
 End of changes. 10 change blocks. 
12 lines changed or deleted 12 lines changed or added


 matrixSsl.h   matrixSsl.h 
/* /*
* matrixSsl.h * matrixSsl.h
* Release $Name: MATRIXSSL_1_8_6_OPEN $ * Release $Name: MATRIXSSL_1_8_8_OPEN $
* *
* Public header file for MatrixSSL * Public header file for MatrixSSL
* Implementations interacting with the matrixssl library should * Implementations interacting with the matrixssl library should
* only use the APIs and definitions used in this file. * only use the APIs and definitions used in this file.
*/ */
/* /*
* Copyright (c) PeerSec Networks, 2002-2008. All Rights Reserved. * Copyright (c) PeerSec Networks, 2002-2009. All Rights Reserved.
* The latest version of this code is available at http://www.matrixssl .org * The latest version of this code is available at http://www.matrixssl .org
* *
* This software is open source; you can redistribute it and/or modify * This software is open source; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version. * (at your option) any later version.
* *
* This General Public License does NOT permit incorporating this softw are * This General Public License does NOT permit incorporating this softw are
* into proprietary programs. If you are unable to comply with the GPL , a * into proprietary programs. If you are unable to comply with the GPL , a
* commercial license for this software may be purchased from PeerSec N etworks * commercial license for this software may be purchased from PeerSec N etworks
 End of changes. 2 change blocks. 
2 lines changed or deleted 2 lines changed or added


 mpi.h   mpi.h 
/* /*
* mpi.h * mpi.h
* Release $Name: MATRIXSSL_1_8_6_OPEN $ * Release $Name: MATRIXSSL_1_8_8_OPEN $
* *
* multiple-precision integer library * multiple-precision integer library
*/ */
/* /*
* Copyright (c) PeerSec Networks, 2002-2008. All Rights Reserved. * Copyright (c) PeerSec Networks, 2002-2009. All Rights Reserved.
* The latest version of this code is available at http://www.matrixssl .org * The latest version of this code is available at http://www.matrixssl .org
* *
* This software is open source; you can redistribute it and/or modify * This software is open source; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version. * (at your option) any later version.
* *
* This General Public License does NOT permit incorporating this softw are * This General Public License does NOT permit incorporating this softw are
* into proprietary programs. If you are unable to comply with the GPL , a * into proprietary programs. If you are unable to comply with the GPL , a
* commercial license for this software may be purchased from PeerSec N etworks * commercial license for this software may be purchased from PeerSec N etworks
 End of changes. 2 change blocks. 
2 lines changed or deleted 2 lines changed or added


 osLayer.h   osLayer.h 
/* /*
* osLayer.h * osLayer.h
* Release $Name: MATRIXSSL_1_8_6_OPEN $ * Release $Name: MATRIXSSL_1_8_8_OPEN $
* *
* Layered header for OS specific functions * Layered header for OS specific functions
* Contributors adding new OS support must implement all functions * Contributors adding new OS support must implement all functions
* externed below. * externed below.
*/ */
/* /*
* Copyright (c) PeerSec Networks, 2002-2008. All Rights Reserved. * Copyright (c) PeerSec Networks, 2002-2009. All Rights Reserved.
* The latest version of this code is available at http://www.matrixssl .org * The latest version of this code is available at http://www.matrixssl .org
* *
* This software is open source; you can redistribute it and/or modify * This software is open source; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version. * (at your option) any later version.
* *
* This General Public License does NOT permit incorporating this softw are * This General Public License does NOT permit incorporating this softw are
* into proprietary programs. If you are unable to comply with the GPL , a * into proprietary programs. If you are unable to comply with the GPL , a
* commercial license for this software may be purchased from PeerSec N etworks * commercial license for this software may be purchased from PeerSec N etworks
skipping to change at line 79 skipping to change at line 79
typedef CRITICAL_SECTION sslMutex_t; typedef CRITICAL_SECTION sslMutex_t;
#define sslCreateMutex(M) InitializeCriticalSection((CRITICAL_SECTION *) M); #define sslCreateMutex(M) InitializeCriticalSection((CRITICAL_SECTION *) M);
#define sslLockMutex(M) EnterCriticalSection((CRITICAL_SECTI ON *) M); #define sslLockMutex(M) EnterCriticalSection((CRITICAL_SECTI ON *) M);
#define sslUnlockMutex(M) LeaveCriticalSection((CRITICAL_SECTION *) M) ; #define sslUnlockMutex(M) LeaveCriticalSection((CRITICAL_SECTION *) M) ;
#define sslDestroyMutex(M) DeleteCriticalSection((CRITICAL_SECTION *) M ); #define sslDestroyMutex(M) DeleteCriticalSection((CRITICAL_SECTION *) M );
#elif LINUX #elif LINUX
#include <pthread.h> #include <pthread.h>
#include <string.h> #include <string.h>
/*
On some *NIX versions such as MAC OS X 10.4, CLK_TCK has been deprec
ated
*/
#ifndef CLK_TCK
#define CLK_TCK CLOCKS_PER_SEC
#endif /* CLK_TCK */
typedef pthread_mutex_t sslMutex_t; typedef pthread_mutex_t sslMutex_t;
extern int32 sslCreateMutex(sslMutex_t *mutex); extern int32 sslCreateMutex(sslMutex_t *mutex);
extern int32 sslLockMutex(sslMutex_t *mutex); extern int32 sslLockMutex(sslMutex_t *mutex);
extern int32 sslUnlockMutex(sslMutex_t *mutex); extern int32 sslUnlockMutex(sslMutex_t *mutex);
extern void sslDestroyMutex(sslMutex_t *mutex); extern void sslDestroyMutex(sslMutex_t *mutex);
#elif VXWORKS #elif VXWORKS
#include "semLib.h" #include "semLib.h"
typedef SEM_ID sslMutex_t; typedef SEM_ID sslMutex_t;
extern int32 sslCreateMutex(sslMutex_t *mutex); extern int32 sslCreateMutex(sslMutex_t *mutex);
skipping to change at line 114 skipping to change at line 107
#define sslLockMutex(M) #define sslLockMutex(M)
#define sslUnlockMutex(M) #define sslUnlockMutex(M)
#define sslDestroyMutex(M) #define sslDestroyMutex(M)
#endif /* USE_MULTITHREADING */ #endif /* USE_MULTITHREADING */
/* /*
Make sslTime_t an opaque time value. Make sslTime_t an opaque time value.
FUTURE - use high res time instead of time_t FUTURE - use high res time instead of time_t
*/ */
#ifdef LINUX
/*
On some *NIX versions such as MAC OS X 10.4, CLK_TCK has been deprec
ated
*/
#ifndef CLK_TCK
#define CLK_TCK CLOCKS_PER_SEC
#endif /* CLK_TCK */
#endif /* LINUX */
#if defined(WIN32) #if defined(WIN32)
#include <windows.h> #include <windows.h>
typedef LARGE_INTEGER sslTime_t; typedef LARGE_INTEGER sslTime_t;
#elif VXWORKS #elif VXWORKS
typedef struct { typedef struct {
long sec; long sec;
long usec; long usec;
} sslTime_t; } sslTime_t;
#elif (defined(USE_RDTSCLL_TIME) || defined(RDTSC)) #elif (defined(USE_RDTSCLL_TIME) || defined(RDTSC))
typedef unsigned long long LARGE_INTEGER; typedef unsigned long long LARGE_INTEGER;
 End of changes. 4 change blocks. 
10 lines changed or deleted 12 lines changed or added


 pkiInternal.h   pkiInternal.h 
/* /*
* pkiInternal.h * pkiInternal.h
* Release $Name: MATRIXSSL_1_8_6_OPEN $ * Release $Name: MATRIXSSL_1_8_8_OPEN $
* *
* Public header file for MatrixSSL PKI extension * Public header file for MatrixSSL PKI extension
* Implementations interacting with the PKI portion of the * Implementations interacting with the PKI portion of the
* matrixssl library should only use the APIs and definitions * matrixssl library should only use the APIs and definitions
* used in this file. * used in this file.
*/ */
/* /*
* Copyright (c) PeerSec Networks, 2002-2008. All Rights Reserved. * Copyright (c) PeerSec Networks, 2002-2009. All Rights Reserved.
* The latest version of this code is available at http://www.matrixssl .org * The latest version of this code is available at http://www.matrixssl .org
* *
* This software is open source; you can redistribute it and/or modify * This software is open source; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version. * (at your option) any later version.
* *
* This General Public License does NOT permit incorporating this softw are * This General Public License does NOT permit incorporating this softw are
* into proprietary programs. If you are unable to comply with the GPL , a * into proprietary programs. If you are unable to comply with the GPL , a
* commercial license for this software may be purchased from PeerSec N etworks * commercial license for this software may be purchased from PeerSec N etworks
skipping to change at line 113 skipping to change at line 113
/* /*
Define to enable more extension parsing Define to enable more extension parsing
*/ */
#define USE_FULL_CERT_PARSE #define USE_FULL_CERT_PARSE
/************************************************************************** ****/ /************************************************************************** ****/
/* /*
The USE_RSA define is primarily for future compat when more key exch ange The USE_RSA define is primarily for future compat when more key exch ange
protocols are added. Crypto should always define this for now. protocols are added. Crypto should always define this for now.
*/ */
#ifdef USE_RSA
#define OID_RSA_MD2 646 #define OID_RSA_MD2 646
#define OID_RSA_MD5 648 #define OID_RSA_MD5 648
#define OID_RSA_SHA1 649 #define OID_RSA_SHA1 649
/* /*
DN attributes are used outside the X509 area for cert requests, DN attributes are used outside the X509 area for cert requests,
which have been included in the RSA portions of the code which have been included in the RSA portions of the code
*/ */
typedef struct { typedef struct {
char *country; char *country;
skipping to change at line 166 skipping to change at line 164
extBasicConstraints_t bc; extBasicConstraints_t bc;
sslSubjectAltName_t *san; sslSubjectAltName_t *san;
#ifdef USE_FULL_CERT_PARSE #ifdef USE_FULL_CERT_PARSE
extSubjectKeyId_t sk; extSubjectKeyId_t sk;
extAuthKeyId_t ak; extAuthKeyId_t ak;
unsigned char *keyUsage; unsigned char *keyUsage;
int32 keyUsageLen; int32 keyUsageLen;
#endif /* USE_FULL_CERT_PARSE */ #endif /* USE_FULL_CERT_PARSE */
} v3extensions_t; } v3extensions_t;
typedef struct sslRsaCert { typedef struct sslCert {
int32 version; int32 version;
int32 valid; int32 valid;
unsigned char *serialNumber; unsigned char *serialNumber;
int32 serialNumberLen; int32 serialNumberLen;
DNattributes_t issuer; DNattributes_t issuer;
DNattributes_t subject; DNattributes_t subject;
char *notBefore; char *notBefore;
char *notAfter; char *notAfter;
sslRsaKey_t publicKey; sslRsaKey_t publicKey;
int32 certAlgorithm; int32 certAlgorithm;
int32 sigAlgorithm; int32 sigAlgorithm;
int32 pubKeyAlgorithm; int32 pubKeyAlgorithm;
unsigned char *signature; unsigned char *signature;
int32 signatureLen; int32 signatureLen;
unsigned char sigHash[SSL_SHA1_HASH_SIZE]; unsigned char sigHash[SSL_SHA1_HASH_SIZE];
unsigned char *uniqueUserId; unsigned char *uniqueUserId;
int32 uniqueUserIdLen; int32 uniqueUserIdLen;
unsigned char *uniqueSubjectId; unsigned char *uniqueSubjectId;
int32 uniqueSubjectIdLen; int32 uniqueSubjectIdLen;
v3extensions_t extensions; v3extensions_t extensions;
struct sslRsaCert *next; struct sslCert *next;
} sslRsaCert_t; } sslCert_t;
typedef struct sslLocalCert { typedef struct sslLocalCert {
sslRsaKey_t *privKey; sslRsaKey_t *privKey;
unsigned char *certBin; unsigned char *certBin;
uint32 certLen; uint32 certLen;
struct sslLocalCert *next; struct sslLocalCert *next;
} sslLocalCert_t; } sslLocalCert_t;
typedef struct { typedef struct {
sslLocalCert_t cert; sslLocalCert_t cert;
#ifdef USE_CLIENT_SIDE_SSL #ifdef USE_CLIENT_SIDE_SSL
sslRsaCert_t *caCerts; sslCert_t *caCerts;
#endif /* USE_CLIENT_SIDE_SSL */ #endif /* USE_CLIENT_SIDE_SSL */
} sslKeys_t; } sslKeys_t;
#endif /* USE_X509 */ #endif /* USE_X509 */
/* /*
Helpers for inter-pki communications Helpers for inter-pki communications
*/ */
extern int32 asnParseLength(unsigned char **p, int32 size, int32 *valLen); extern int32 asnParseLength(unsigned char **p, int32 size, int32 *valLen);
extern int32 psAsnConfirmSignature(unsigned char *sigHash, extern int32 psAsnConfirmSignature(unsigned char *sigHash,
unsi gned char *sigOut, int32 sigLen); unsi gned char *sigOut, int32 sigLen);
extern int32 getDNAttributes(psPool_t *pool, unsigned char **pp, int32 len, extern int32 getDNAttributes(psPool_t *pool, unsigned char **pp, int32 len,
DNattributes_t *attribs); DNattributes_t *attribs);
extern int32 getPubKey(psPool_t *pool, unsigned char **pp, int32 len, extern int32 getPubKey(psPool_t *pool, unsigned char **pp, int32 len,
sslRsaKey_t *pubKey); sslRsaKey_t *pubKey);
extern void psFreeDNStruct(DNattributes_t *dn); extern void psFreeDNStruct(DNattributes_t *dn);
#endif /* USE_RSA */
#ifdef USE_FILE_SYSTEM #ifdef USE_FILE_SYSTEM
extern int32 readCertChain(psPool_t *pool, const char *certFiles, extern int32 readCertChain(psPool_t *pool, const char *certFiles,
sslLocalCert_t *lkeys); sslLocalCert_t *lkeys);
extern int32 psGetFileBin(psPool_t *pool, const char *fileName, extern int32 psGetFileBin(psPool_t *pool, const char *fileName,
unsigned char **bin, int32 *binLen); unsigned char **bin, int32 *binLen);
extern int32 base64encodeAndWrite(psPool_t *pool, const char *fileName, extern int32 base64encodeAndWrite(psPool_t *pool, const char *fileName,
unsigned char *bin, int32 binLen, int32 fileType, unsigned char *bin, int32 binLen, int32 fileType,
char *hexCipherIV, i nt32 hexCipherIVLen); char *hexCipherIV, i nt32 hexCipherIVLen);
#endif /* USE_FILE_SYSTEM */ #endif /* USE_FILE_SYSTEM */
 End of changes. 9 change blocks. 
12 lines changed or deleted 8 lines changed or added


 psMalloc.h   psMalloc.h 
/* /*
* psMalloc.h * psMalloc.h
* Release $Name: MATRIXSSL_1_8_6_OPEN $ * Release $Name: MATRIXSSL_1_8_8_OPEN $
* *
* Header for psMalloc functions * Header for psMalloc functions
*/ */
/* /*
* Copyright (c) PeerSec Networks, 2002-2008. All Rights Reserved. * Copyright (c) PeerSec Networks, 2002-2009. All Rights Reserved.
* The latest version of this code is available at http://www.matrixssl .org * The latest version of this code is available at http://www.matrixssl .org
* *
* This software is open source; you can redistribute it and/or modify * This software is open source; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version. * (at your option) any later version.
* *
* This General Public License does NOT permit incorporating this softw are * This General Public License does NOT permit incorporating this softw are
* into proprietary programs. If you are unable to comply with the GPL , a * into proprietary programs. If you are unable to comply with the GPL , a
* commercial license for this software may be purchased from PeerSec N etworks * commercial license for this software may be purchased from PeerSec N etworks
 End of changes. 2 change blocks. 
2 lines changed or deleted 2 lines changed or added


 pscrypto.h   pscrypto.h 
/* /*
* pscrypto.h * pscrypto.h
* Release $Name: MATRIXSSL_1_8_6_OPEN $ * Release $Name: MATRIXSSL_1_8_8_OPEN $
* *
* Internal definitions for PeerSec Networks MatrixSSL cryptography pro vider * Internal definitions for PeerSec Networks MatrixSSL cryptography pro vider
*/ */
/* /*
* Copyright (c) PeerSec Networks, 2002-2008. All Rights Reserved. * Copyright (c) PeerSec Networks, 2002-2009. All Rights Reserved.
* The latest version of this code is available at http://www.matrixssl .org * The latest version of this code is available at http://www.matrixssl .org
* *
* This software is open source; you can redistribute it and/or modify * This software is open source; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version. * (at your option) any later version.
* *
* This General Public License does NOT permit incorporating this softw are * This General Public License does NOT permit incorporating this softw are
* into proprietary programs. If you are unable to comply with the GPL , a * into proprietary programs. If you are unable to comply with the GPL , a
* commercial license for this software may be purchased from PeerSec N etworks * commercial license for this software may be purchased from PeerSec N etworks
 End of changes. 2 change blocks. 
2 lines changed or deleted 2 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/