asn1.h   asn1.h 
/* /*
* asn1.h * asn1.h
* Release $Name: MATRIXSSL-3-1-2-OPEN $ * Release $Name: MATRIXSSL-3-1-3-OPEN $
*/ */
/* /*
* Copyright (c) PeerSec Networks, 2002-2010. All Rights Reserved. * Copyright (c) PeerSec Networks, 2002-2010. All Rights Reserved.
* The latest version of this code is available at http://www.matrixssl .org * The latest version of this code is available at http://www.matrixssl .org
* *
* This software is open source; you can redistribute it and/or modify * This software is open source; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version. * (at your option) any later version.
* *
 End of changes. 1 change blocks. 
1 lines changed or deleted 1 lines changed or added


 coreApi.h   coreApi.h 
/* /*
* coreApi.h * coreApi.h
* Release $Name: MATRIXSSL-3-1-2-OPEN $ * Release $Name: MATRIXSSL-3-1-3-OPEN $
* *
* Prototypes for the PeerSec core public APIs * Prototypes for the PeerSec core public APIs
*/ */
/* /*
* Copyright (c) PeerSec Networks, 2002-2010. All Rights Reserved. * Copyright (c) PeerSec Networks, 2002-2010. All Rights Reserved.
* The latest version of this code is available at http://www.matrixssl .org * The latest version of this code is available at http://www.matrixssl .org
* *
* This software is open source; you can redistribute it and/or modify * This software is open source; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
skipping to change at line 38 skipping to change at line 38
* http://www.gnu.org/copyleft/gpl.html * http://www.gnu.org/copyleft/gpl.html
*/ */
/************************************************************************** ****/ /************************************************************************** ****/
#ifndef _h_PS_COREAPI #ifndef _h_PS_COREAPI
#define _h_PS_COREAPI #define _h_PS_COREAPI
/************************************************************************** ****/ /************************************************************************** ****/
#include "coreConfig.h" /* Must be first included */ #include "coreConfig.h" /* Must be first included */
#include "osdep.h" #include "osdep.h"
#include "util.h" #include "list.h"
#include "psmalloc.h" #include "psmalloc.h"
/************************************************************************** ****/ /************************************************************************** ****/
/* /*
psCore return codes psCore return codes
*/ */
#define PS_CORE_IS_OPEN 1 #define PS_CORE_IS_OPEN 1
/************************************************************************** ****/ /************************************************************************** ****/
/* /*
skipping to change at line 113 skipping to change at line 113
int32 size; /* Size of buffer in bytes */ int32 size; /* Size of buffer in bytes */
} psBuf_t; } psBuf_t;
/************************************************************************** ****/ /************************************************************************** ****/
/* /*
Public APIs Public APIs
*/ */
/************************************************************************** ****/ /************************************************************************** ****/
PSPUBLIC int32 psCoreOpen(void); PSPUBLIC int32 psCoreOpen(void);
PSPUBLIC int32 psCoreClose(void); PSPUBLIC int32 psCoreClose(void);
PSPUBLIC void psBurnStack(uint32 len);
/************************************************************************** ****/ /************************************************************************** ****/
/* /*
Public interface to OS-dependant core functionality Public interface to OS-dependant core functionality
OS/osdep.c must implement the below functions OS/osdep.c must implement the below functions
*/ */
PSPUBLIC int32 psGetEntropy(unsigned char *bytes, uint32 size); PSPUBLIC int32 psGetEntropy(unsigned char *bytes, uint32 size);
PSPUBLIC int32 psGetTime(psTime_t *t); PSPUBLIC int32 psGetTime(psTime_t *t);
 End of changes. 3 change blocks. 
2 lines changed or deleted 3 lines changed or added


 coreConfig.h   coreConfig.h 
/* /*
* coreConfig.h * coreConfig.h
* Release $Name: MATRIXSSL-3-1-2-OPEN $ * Release $Name: MATRIXSSL-3-1-3-OPEN $
* *
* Configuration settings for PeerSec core module * Configuration settings for PeerSec core module
*/ */
/* /*
* Copyright (c) PeerSec Networks, 2002-2010. All Rights Reserved. * Copyright (c) PeerSec Networks, 2002-2010. All Rights Reserved.
* The latest version of this code is available at http://www.matrixssl .org * The latest version of this code is available at http://www.matrixssl .org
* *
* This software is open source; you can redistribute it and/or modify * This software is open source; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
 End of changes. 1 change blocks. 
1 lines changed or deleted 1 lines changed or added


 cryptoApi.h   cryptoApi.h 
/* /*
* cryptoApi.h * cryptoApi.h
* Release $Name: MATRIXSSL-3-1-2-OPEN $ * Release $Name: MATRIXSSL-3-1-3-OPEN $
* *
* Prototypes for the PeerSec crypto public APIs * Prototypes for the PeerSec crypto public APIs
*/ */
/* /*
* Copyright (c) PeerSec Networks, 2002-2010. All Rights Reserved. * Copyright (c) PeerSec Networks, 2002-2010. All Rights Reserved.
* The latest version of this code is available at http://www.matrixssl .org * The latest version of this code is available at http://www.matrixssl .org
* *
* This software is open source; you can redistribute it and/or modify * This software is open source; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
skipping to change at line 255 skipping to change at line 255
/************************************************************************** ****/ /************************************************************************** ****/
#ifdef USE_X509 #ifdef USE_X509
/************************************************************************** ****/ /************************************************************************** ****/
/* /*
X.509 Certificate support X.509 Certificate support
*/ */
PSPUBLIC int32 psX509ParseCertFile(psPool_t *pool, char *fileName, PSPUBLIC int32 psX509ParseCertFile(psPool_t *pool, char *fileName,
psX509Cert_t **outcert, int32 flags) ; psX509Cert_t **outcert, int32 flags) ;
PSPUBLIC int32 psX509ParseCert(psPool_t *pool, unsigned char *pp, uint32 si ze, PSPUBLIC int32 psX509ParseCert(psPool_t *pool, unsigned char *pp, uint32 si ze,
psX509Cert_t **outcert, int32 flags) ; psX509Cert_t **outcert, int32 flags) ;
PSPUBLIC void psX509FreeCert(psX509Cert_t *cert);
#ifdef USE_CERT_PARSE
PSPUBLIC int32 psX509AuthenticateCert(psPool_t *pool, psX509Cert_t *subject Cert, PSPUBLIC int32 psX509AuthenticateCert(psPool_t *pool, psX509Cert_t *subject Cert,
psX509Cert_t *issuerCert); psX509Cert_t *issuerCert);
PSPUBLIC void psX509FreeCert(psX509Cert_t *cert); #endif
#endif /* USE_X509 */ #endif /* USE_X509 */
/************************************************************************** ****/ /************************************************************************** ****/
/************************************************************************** ****/ /************************************************************************** ****/
PSPUBLIC int32 psInitPrng(psRandom_t *ctx);
PSPUBLIC int32 psGetPrng(psRandom_t *ctx, unsigned char *bytes, uint32 size
);
#ifdef USE_YARROW
PSPUBLIC int32 psYarrowStart(psYarrow_t *ctx);
PSPUBLIC int32 psYarrowAddEntropy(unsigned char *in, uint32 inlen,
psYarrow_t *prng);
PSPUBLIC int32 psYarrowReseed(psYarrow_t *ctx);
PSPUBLIC uint32 psYarrowRead(unsigned char *out, uint32 outlen, psYarrow_t
*cx);
PSPUBLIC int32 psYarrowDone(psYarrow_t *ctx);
PSPUBLIC int32 psYarrowExport(unsigned char *out, uint32 *outlen,
psYarrow_t *ctx);
PSPUBLIC int32 psYarrowImport(unsigned char *in, uint32 inlen, psYarrow_t *
ctx);
#endif /* USE_YARROW */
/************************************************************************** ****/ /************************************************************************** ****/
#endif /* _h_PS_CRYPTOAPI */ #endif /* _h_PS_CRYPTOAPI */
/************************************************************************** ****/ /************************************************************************** ****/
 End of changes. 4 change blocks. 
2 lines changed or deleted 21 lines changed or added


 cryptoConfig.h   cryptoConfig.h 
/* /*
* cryptoConfig.h * cryptoConfig.h
* Release $Name: MATRIXSSL-3-1-2-OPEN $ * Release $Name: MATRIXSSL-3-1-3-OPEN $
*/ */
/* /*
* Copyright (c) PeerSec Networks, 2002-2010. All Rights Reserved. * Copyright (c) PeerSec Networks, 2002-2010. All Rights Reserved.
* The latest version of this code is available at http://www.matrixssl .org * The latest version of this code is available at http://www.matrixssl .org
* *
* This software is open source; you can redistribute it and/or modify * This software is open source; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version. * (at your option) any later version.
* *
skipping to change at line 76 skipping to change at line 76
#define USE_SHA1 #define USE_SHA1
#define USE_MD5 #define USE_MD5
#define USE_HMAC /* Requires USE_MD5 and/or USE_SHA1 */ #define USE_HMAC /* Requires USE_MD5 and/or USE_SHA1 */
/************************************************************************** ****/ /************************************************************************** ****/
/* /*
X.509 Certificate X.509 Certificate
*/ */
#define USE_X509 #define USE_X509
/* #define USE_FULL_CERT_PARSE */ #define USE_CERT_PARSE /* Usually required. USE_X509 must be enabled */
#define USE_PRIVATE_KEY_PARSING /* #define USE_FULL_CERT_PARSE */ /* USE_CERT_PARSE must be enabled */
#define USE_BASE64_DECODE
/************************************************************************** ****/ /************************************************************************** ****/
/* /*
PKCS support PKCS support
*/ */
#define USE_PKCS5 /* PBKDF key generation for encrypted private keys */ #define USE_PRIVATE_KEY_PARSING
/* #define USE_PKCS5 */ /* PBKDF key generation for encrypted private keys
*/
/************************************************************************** ****/ /************************************************************************** ****/
/* /*
Configurable tweaks (do not need to touch, in general) PRNG Algorithms
*/
#define USE_YARROW
/**************************************************************************
****/
/*
All below here are configurable tweaks (do not need to touch, in genera
l)
*/ */
#define USE_BURN_STACK
#define SMALL_CODE #define SMALL_CODE
#define USE_BURN_STACK
#endif /* _h_PS_CRYPTOCONFIG */ #endif /* _h_PS_CRYPTOCONFIG */
/************************************************************************** ****/ /************************************************************************** ****/
 End of changes. 6 change blocks. 
6 lines changed or deleted 18 lines changed or added


 cryptolib.h   cryptolib.h 
/* /*
* cryptolib.h * cryptolib.h
* Release $Name: MATRIXSSL-3-1-2-OPEN $ * Release $Name: MATRIXSSL-3-1-3-OPEN $
*/ */
/* /*
* Copyright (c) PeerSec Networks, 2002-2010. All Rights Reserved. * Copyright (c) PeerSec Networks, 2002-2010. All Rights Reserved.
* The latest version of this code is available at http://www.matrixssl .org * The latest version of this code is available at http://www.matrixssl .org
* *
* This software is open source; you can redistribute it and/or modify * This software is open source; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version. * (at your option) any later version.
* *
skipping to change at line 39 skipping to change at line 39
#ifndef _h_PS_CRYPTOLIB #ifndef _h_PS_CRYPTOLIB
#define _h_PS_CRYPTOLIB #define _h_PS_CRYPTOLIB
#include "symmetric/symmetric.h" #include "symmetric/symmetric.h"
#include "digest/digest.h" #include "digest/digest.h"
#include "math/pstm.h" #include "math/pstm.h"
#include "pubkey/pubkey.h" #include "pubkey/pubkey.h"
#include "keyformat/asn1.h" #include "keyformat/asn1.h"
#include "keyformat/x509.h" #include "keyformat/x509.h"
#include "prng/prng.h"
/************************************************************************** ****/ /************************************************************************** ****/
/* /*
Configuration checks Configuration checks
*/ */
#ifdef USE_X509 #ifdef USE_CERT_PARSE
#ifndef USE_X509
#error "Must enable USE_X509 if USE_CERT_PARSE is enabled"
#endif
#if !defined(USE_MD5) || !defined(USE_SHA1) #if !defined(USE_MD5) || !defined(USE_SHA1)
#error "Both USE_MD5 and USE_SHA1 must be enabled when enabling USE_ X509" #error "Both USE_MD5 and USE_SHA1 must be enabled when enabling USE_ X509"
#endif #endif
#endif #endif
#ifdef USE_HMAC #ifdef USE_HMAC
#if !defined(USE_MD5) && !defined(USE_SHA1) #if !defined(USE_MD5) && !defined(USE_SHA1)
#error "Must enable either MD5 or SHA1 in cryptoConfig.h for HMAC su pport" #error "Must enable either MD5 or SHA1 in cryptoConfig.h for HMAC su pport"
#endif #endif
#endif #endif
skipping to change at line 87 skipping to change at line 91
#define psTraceIntCrypto(x, y) _psTraceInt(x, y) #define psTraceIntCrypto(x, y) _psTraceInt(x, y)
#define psTracePtrCrypto(x, y) _psTracePtr(x, y) #define psTracePtrCrypto(x, y) _psTracePtr(x, y)
#endif /* USE_CRYPTO_TRACE */ #endif /* USE_CRYPTO_TRACE */
/************************************************************************** ****/ /************************************************************************** ****/
/* /*
Helpers Helpers
*/ */
extern int32 psBase64decode(const unsigned char *in, uint32 len, extern int32 psBase64decode(const unsigned char *in, uint32 len,
unsigned char *out, uint32 *outlen); unsigned char *out, uint32 *outlen);
#ifdef USE_BURN_STACK
extern void psBurnStack(uint32 len);
#endif
/************************************************************************** ****/ /************************************************************************** ****/
/* /*
RFC 3279 OID RFC 3279 OID
PeerSec uses an oid summing mechanism to arrive at these defines. PeerSec uses an oid summing mechanism to arrive at these defines.
The byte values of the OID are summed to produce a "relatively uniqu e" int The byte values of the OID are summed to produce a "relatively uniqu e" int
The duplicate defines do not pose a problem as long as they don't The duplicate defines do not pose a problem as long as they don't
exist in the same OID groupings exist in the same OID groupings
*/ */
#ifdef USE_X509 #ifdef USE_X509
/* Raw digest algorithms */ /* Raw digest algorithms */
#define OID_SHA1_ALG 88 #define OID_SHA1_ALG 88
#define OID_MD2_ALG 646 #define OID_MD2_ALG 646
#define OID_MD5_ALG 649 #define OID_MD5_ALG 649
/* Signature algorithms */ /* Signature algorithms */
#define OID_MD2_RSA_SIG 646 #define OID_MD2_RSA_SIG 646
#define OID_MD5_RSA_SIG 648 /* 42.134.72.134.247.13. 1.1.4 */ #define OID_MD5_RSA_SIG 648 /* 42.134.72.134.247.13. 1.1.4 */
#define OID_SHA1_RSA_SIG 649 /* 42.134.72.134.247.13.1.1.5 */ #define OID_SHA1_RSA_SIG 649 /* 42.134.72.134.247.13.1.1.5 */
#define OID_SHA1_ECDSA_SIG 520 #define OID_SHA1_ECDSA_SIG 520 /* 42.134.72.206.61.4.1 */
#define OID_SHA224_ECDSA_SIG 523 /* 42.134.72.206.61.4.3.1 */
#define OID_SHA256_ECDSA_SIG 524 /* 42.134.72.206.61.4.3.2 */
#endif /* USE_X509 */ #endif /* USE_X509 */
/* Public key algorithms */ /* Public key algorithms */
#define OID_RSA_KEY_ALG 645 /* 42.134.72.134.247.13. 1.1.1 */ #define OID_RSA_KEY_ALG 645 /* 42.134.72.134.247.13. 1.1.1 */
#define OID_ECDSA_KEY_ALG 518 #define OID_ECDSA_KEY_ALG 518 /* 42.134.72.206.61.2.1 */
#ifdef USE_PKCS5 #ifdef USE_PKCS5
#define OID_DES_EDE3_CBC 652 /* 42.134.72.134.247.13.3.7 */ #define OID_DES_EDE3_CBC 652 /* 42.134.72.134.247.13.3.7 */
#define OID_PKCS_PBKDF2 660 /* 42.134.72.134.247.13. 1.5.12 */ #define OID_PKCS_PBKDF2 660 /* 42.134.72.134.247.13. 1.5.12 */
#define OID_PKCS_PBES2 661 /* 42.134.72.134.247.13.1.5.13 * / #define OID_PKCS_PBES2 661 /* 42.134.72.134.247.13.1.5.13 * /
#endif /* USE_PKCS5 */ #endif /* USE_PKCS5 */
/************************************************************************** ****/ /************************************************************************** ****/
 End of changes. 6 change blocks. 
7 lines changed or deleted 10 lines changed or added


 digest.h   digest.h 
/* /*
* digest.h * digest.h
* Release $Name: MATRIXSSL-3-1-2-OPEN $ * Release $Name: MATRIXSSL-3-1-3-OPEN $
* *
* Header for internal symmetric key cryptography support * Header for internal symmetric key cryptography support
*/ */
/* /*
* Copyright (c) PeerSec Networks, 2002-2010. All Rights Reserved. * Copyright (c) PeerSec Networks, 2002-2010. All Rights Reserved.
* The latest version of this code is available at http://www.matrixssl .org * The latest version of this code is available at http://www.matrixssl .org
* *
* This software is open source; you can redistribute it and/or modify * This software is open source; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
 End of changes. 1 change blocks. 
1 lines changed or deleted 1 lines changed or added


 matrixsslApi.h   matrixsslApi.h 
/* /*
* matrixsslApi.h * matrixsslApi.h
* Release $Name: MATRIXSSL-3-1-2-OPEN $ * Release $Name: MATRIXSSL-3-1-3-OPEN $
* *
* Public header file for MatrixSSL * Public header file for MatrixSSL
* Implementations interacting with the matrixssl library should * Implementations interacting with the matrixssl library should
* only use the APIs and definitions used in this file. * only use the APIs and definitions used in this file.
*/ */
/* /*
* Copyright (c) PeerSec Networks, 2002-2010. All Rights Reserved. * Copyright (c) PeerSec Networks, 2002-2010. All Rights Reserved.
* The latest version of this code is available at http://www.matrixssl .org * The latest version of this code is available at http://www.matrixssl .org
* *
* This software is open source; you can redistribute it and/or modify * This software is open source; you can redistribute it and/or modify
skipping to change at line 70 skipping to change at line 70
/************************************************************************** ****/ /************************************************************************** ****/
/* /*
* Public API set * Public API set
*/ */
PSPUBLIC int32 matrixSslOpen(void); PSPUBLIC int32 matrixSslOpen(void);
PSPUBLIC void matrixSslClose(void); PSPUBLIC void matrixSslClose(void);
PSPUBLIC int32 matrixSslNewKeys(sslKeys_t **keys); PSPUBLIC int32 matrixSslNewKeys(sslKeys_t **keys);
PSPUBLIC int32 matrixSslLoadRsaKeys(sslKeys_t *keys, const char *certFile,
const char *privFile, const
char *privPass,
const char *trustedCAFile);
PSPUBLIC int32 matrixSslLoadRsaKeysMem(sslKeys_t *keys,
unsigned char *certBuf, int3
2 certLen,
unsigned char *privBuf, int3
2 privLen,
unsigned char *trustedCABuf,
int32 trustedCALen);
PSPUBLIC void matrixSslDeleteKeys(sslKeys_t *keys); PSPUBLIC void matrixSslDeleteKeys(sslKeys_t *keys);
PSPUBLIC void matrixSslDeleteSession(ssl_t *ssl); PSPUBLIC void matrixSslDeleteSession(ssl_t *ssl);
PSPUBLIC int32 matrixSslGetReadbuf(ssl_t *ssl, unsigned char **buf); PSPUBLIC int32 matrixSslGetReadbuf(ssl_t *ssl, unsigned char **buf);
PSPUBLIC int32 matrixSslGetOutdata(ssl_t *ssl, unsigned char **buf); PSPUBLIC int32 matrixSslGetOutdata(ssl_t *ssl, unsigned char **buf);
PSPUBLIC int32 matrixSslGetWritebuf(ssl_t *ssl, unsigned char **buf, PSPUBLIC int32 matrixSslGetWritebuf(ssl_t *ssl, unsigned char **buf,
uint32 reqLen); uint32 reqLen);
PSPUBLIC int32 matrixSslEncodeWritebuf(ssl_t *ssl, uint32 len); PSPUBLIC int32 matrixSslEncodeWritebuf(ssl_t *ssl, uint32 len);
PSPUBLIC int32 matrixSslSentData(ssl_t *ssl, uint32 bytes); PSPUBLIC int32 matrixSslSentData(ssl_t *ssl, uint32 bytes);
PSPUBLIC int32 matrixSslReceivedData(ssl_t *ssl, uint32 bytes, PSPUBLIC int32 matrixSslReceivedData(ssl_t *ssl, uint32 bytes,
unsigned char **ptbuf, uint32 *ptlen); unsigned char **ptbuf, uint32 *ptlen);
PSPUBLIC int32 matrixSslProcessedData(ssl_t *ssl, PSPUBLIC int32 matrixSslProcessedData(ssl_t *ssl,
unsigned char **ptbuf, uint32 *ptlen); unsigned char **ptbuf, uint32 *ptlen);
PSPUBLIC int32 matrixSslEncodeClosureAlert(ssl_t *ssl); PSPUBLIC int32 matrixSslEncodeClosureAlert(ssl_t *ssl);
PSPUBLIC int32 matrixSslLoadRsaKeys(sslKeys_t *keys, const char *certFile,
const char *privFile, const
char *privPass,
const char *trustedCAFile);
PSPUBLIC int32 matrixSslLoadRsaKeysMem(sslKeys_t *keys,
unsigned char *certBuf, int3
2 certLen,
unsigned char *privBuf, int3
2 privLen,
unsigned char *trustedCABuf,
int32 trustedCALen);
/************************************************************************** ****/ /************************************************************************** ****/
/* /*
Advanced feature public APIS Advanced feature public APIS
*/ */
PSPUBLIC void matrixSslGetAnonStatus(ssl_t *ssl, int32 *anonArg); PSPUBLIC void matrixSslGetAnonStatus(ssl_t *ssl, int32 *anonArg);
PSPUBLIC int32 matrixSslEncodeRehandshake(ssl_t *ssl, sslKeys_t *keys, PSPUBLIC int32 matrixSslEncodeRehandshake(ssl_t *ssl, sslKeys_t *keys,
int32 (*certCb)(ssl_t *ssl, psX509Ce rt_t *cert,int32 alert), int32 (*certCb)(ssl_t *ssl, psX509Ce rt_t *cert,int32 alert),
uint32 sessionOption, uint32 cipherS pec); uint32 sessionOption, uint32 cipherS pec);
#ifdef USE_CLIENT_SIDE_SSL #ifdef USE_CLIENT_SIDE_SSL
 End of changes. 3 change blocks. 
14 lines changed or deleted 13 lines changed or added


 matrixsslConfig.h   matrixsslConfig.h 
/* /*
* matrixsslConfig.h * matrixsslConfig.h
* Release $Name: MATRIXSSL-3-1-2-OPEN $ * Release $Name: MATRIXSSL-3-1-3-OPEN $
* *
* Configuration settings for building the MatrixSSL library. * Configuration settings for building the MatrixSSL library.
*/ */
/* /*
* Copyright (c) PeerSec Networks, 2002-2010. All Rights Reserved. * Copyright (c) PeerSec Networks, 2002-2010. All Rights Reserved.
* The latest version of this code is available at http://www.matrixssl .org * The latest version of this code is available at http://www.matrixssl .org
* *
* This software is open source; you can redistribute it and/or modify * This software is open source; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
 End of changes. 1 change blocks. 
1 lines changed or deleted 1 lines changed or added


 matrixssllib.h   matrixssllib.h 
/* /*
* matrixssllib.h * matrixssllib.h
* Release $Name: MATRIXSSL-3-1-2-OPEN $ * Release $Name: MATRIXSSL-3-1-3-OPEN $
* *
* Internal header file used for the MatrixSSL implementation. * Internal header file used for the MatrixSSL implementation.
* Only modifiers of the library should be intersted in this file * Only modifiers of the library should be intersted in this file
*/ */
/* /*
* Copyright (c) PeerSec Networks, 2002-2010. All Rights Reserved. * Copyright (c) PeerSec Networks, 2002-2010. All Rights Reserved.
* The latest version of this code is available at http://www.matrixssl .org * The latest version of this code is available at http://www.matrixssl .org
* *
* This software is open source; you can redistribute it and/or modify * This software is open source; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
skipping to change at line 52 skipping to change at line 52
Start with compile-time checks for the necessary crypto support. Start with compile-time checks for the necessary crypto support.
*/ */
/************************************************************************** ****/ /************************************************************************** ****/
/* /*
SHA1 and MD5 are essential elements for SSL key derivation during pr otocol SHA1 and MD5 are essential elements for SSL key derivation during pr otocol
*/ */
#if !defined USE_MD5 || !defined USE_SHA1 #if !defined USE_MD5 || !defined USE_SHA1
#error "Must enable both USE_MD5 and USE_SHA1 in cryptoConfig.h for MatrixS SL" #error "Must enable both USE_MD5 and USE_SHA1 in cryptoConfig.h for MatrixS SL"
#endif #endif
#ifndef USE_CERT_PARSE
#ifdef USE_CLIENT_SIDE_SSL
#error "Must enable USE_CERT_PARSE if building client with USE_CLIENT_SIDE_
SSL"
#endif
#endif
/* /*
X.509 is required for all configurations of SSL below X.509 is required for all configurations of SSL below
*/ */
#ifndef USE_X509 #ifndef USE_X509
#error "Must enable USE_X509 in cryptoConfig.h for MatrixSSL" #error "Must enable USE_X509 in cryptoConfig.h for MatrixSSL"
#endif #endif
#ifdef USE_TLS #ifdef USE_TLS
#ifndef USE_HMAC #ifndef USE_HMAC
#error "Must enable USE_HMAC in cryptoConfig.h for TLS protocol supp ort" #error "Must enable USE_HMAC in cryptoConfig.h for TLS protocol supp ort"
skipping to change at line 91 skipping to change at line 97
/************************************************************************** ****/ /************************************************************************** ****/
/* /*
Test specific crypto features based on which cipher suites are enabl ed Test specific crypto features based on which cipher suites are enabl ed
*/ */
#ifdef USE_SSL_RSA_WITH_NULL_MD5 #ifdef USE_SSL_RSA_WITH_NULL_MD5
#ifndef USE_RSA #ifndef USE_RSA
#error "Enable USE_RSA in cryptoConfig.h for SSL_RSA_WITH_NULL_MD5 s uite" #error "Enable USE_RSA in cryptoConfig.h for SSL_RSA_WITH_NULL_MD5 s uite"
#endif #endif
#define USE_MD5_MAC #define USE_MD5_MAC
#define USE_RSA_CIPHER_SUITE #define USE_RSA_CIPHER_SUITE
#define REQUIRE_RSA_KEYS
#endif #endif
#ifdef USE_SSL_RSA_WITH_NULL_SHA #ifdef USE_SSL_RSA_WITH_NULL_SHA
#ifndef USE_RSA #ifndef USE_RSA
#error "Enable USE_RSA in cryptoConfig.h for SSL_RSA_WITH_NULL_SHA s uite" #error "Enable USE_RSA in cryptoConfig.h for SSL_RSA_WITH_NULL_SHA s uite"
#endif #endif
#define USE_SHA1_MAC #define USE_SHA1_MAC
#define USE_RSA_CIPHER_SUITE #define USE_RSA_CIPHER_SUITE
#define REQUIRE_RSA_KEYS
#endif #endif
#ifdef USE_SSL_RSA_WITH_RC4_128_SHA #ifdef USE_SSL_RSA_WITH_RC4_128_SHA
#ifndef USE_RSA #ifndef USE_RSA
#error "Enable USE_RSA in cryptoConfig.h for SSL_RSA_WITH_RC4_128_SH A suite" #error "Enable USE_RSA in cryptoConfig.h for SSL_RSA_WITH_RC4_128_SH A suite"
#endif #endif
#ifndef USE_ARC4 #ifndef USE_ARC4
#error "Enable USE_ARC4 in cryptoConfig.h for SSL_RSA_WITH_RC4_128_S HA suite" #error "Enable USE_ARC4 in cryptoConfig.h for SSL_RSA_WITH_RC4_128_S HA suite"
#endif #endif
#define USE_SHA1_MAC #define USE_SHA1_MAC
#define USE_RSA_CIPHER_SUITE #define USE_RSA_CIPHER_SUITE
#define USE_ARC4_CIPHER_SUITE #define USE_ARC4_CIPHER_SUITE
#define REQUIRE_RSA_KEYS
#endif #endif
#ifdef USE_SSL_RSA_WITH_RC4_128_MD5 #ifdef USE_SSL_RSA_WITH_RC4_128_MD5
#ifndef USE_RSA #ifndef USE_RSA
#error "Enable USE_RSA in cryptoConfig.h for SSL_RSA_WITH_RC4_128_MD 5 suite" #error "Enable USE_RSA in cryptoConfig.h for SSL_RSA_WITH_RC4_128_MD 5 suite"
#endif #endif
#ifndef USE_ARC4 #ifndef USE_ARC4
#error "Enable USE_ARC4 in cryptoConfig.h for SSL_RSA_WITH_RC4_128_M D5 suite" #error "Enable USE_ARC4 in cryptoConfig.h for SSL_RSA_WITH_RC4_128_M D5 suite"
#endif #endif
#define USE_MD5_MAC #define USE_MD5_MAC
#define USE_RSA_CIPHER_SUITE #define USE_RSA_CIPHER_SUITE
#define USE_ARC4_CIPHER_SUITE #define USE_ARC4_CIPHER_SUITE
#define REQUIRE_RSA_KEYS
#endif #endif
#ifdef USE_SSL_RSA_WITH_3DES_EDE_CBC_SHA #ifdef USE_SSL_RSA_WITH_3DES_EDE_CBC_SHA
#ifndef USE_RSA #ifndef USE_RSA
#error "Enable USE_RSA in cryptoConfig.h for SSL_RSA_WITH_3DES_EDE_C BC_SHA" #error "Enable USE_RSA in cryptoConfig.h for SSL_RSA_WITH_3DES_EDE_C BC_SHA"
#endif #endif
#ifndef USE_3DES #ifndef USE_3DES
#error "Enable USE_3DES in cryptoConfig.h for SSL_RSA_WITH_3DES_EDE_ CBC_SHA" #error "Enable USE_3DES in cryptoConfig.h for SSL_RSA_WITH_3DES_EDE_ CBC_SHA"
#endif #endif
#define USE_SHA1_MAC #define USE_SHA1_MAC
#define USE_RSA_CIPHER_SUITE #define USE_RSA_CIPHER_SUITE
#define USE_3DES_CIPHER_SUITE #define USE_3DES_CIPHER_SUITE
#define REQUIRE_RSA_KEYS
#endif #endif
#ifdef USE_TLS_RSA_WITH_AES_128_CBC_SHA #ifdef USE_TLS_RSA_WITH_AES_128_CBC_SHA
#ifndef USE_RSA #ifndef USE_RSA
#error "Enable USE_RSA in cryptoConfig.h for TLS_RSA_WITH_AES_256_CB C_SHA" #error "Enable USE_RSA in cryptoConfig.h for TLS_RSA_WITH_AES_256_CB C_SHA"
#endif #endif
#ifndef USE_AES #ifndef USE_AES
#error "Enable USE_AES in cryptoConfig.h for TLS_RSA_WITH_AES_256_CB C_SHA" #error "Enable USE_AES in cryptoConfig.h for TLS_RSA_WITH_AES_256_CB C_SHA"
#endif #endif
#define USE_SHA1_MAC #define USE_SHA1_MAC
#define USE_AES_CIPHER_SUITE #define USE_AES_CIPHER_SUITE
#define USE_RSA_CIPHER_SUITE #define USE_RSA_CIPHER_SUITE
#define REQUIRE_RSA_KEYS
#endif #endif
/************************************************************************** ****/ /************************************************************************** ****/
/************************************************************************** ****/ /************************************************************************** ****/
/************************************************************************** ****/ /************************************************************************** ****/
/* /*
Leave this enabled for run-time check of sslKeys_t content when a ci pher Leave this enabled for run-time check of sslKeys_t content when a ci pher
suite is matched. Disable only if you need to manage key material y suite is matched. Disable only if you need to manage key material y
ourself ourself.
Always conditional on whether certificate parsing is enabled because
it
looks at members that only exist if certificates have been parsed
*/ */
#ifdef USE_CERT_PARSE
#define VALIDATE_KEY_MATERIAL #define VALIDATE_KEY_MATERIAL
#endif /* USE_CERT_PARSE */
/************************************************************************** ****/ /************************************************************************** ****/
/************************************************************************** ****/ /************************************************************************** ****/
/* SSL protocol and MatrixSSL defines */ /* SSL protocol and MatrixSSL defines */
/************************************************************************** ****/ /************************************************************************** ****/
/* /*
Maximum SSL record size, per specification Maximum SSL record size, per specification
*/ */
#define SSL_MAX_PLAINTEXT_LEN 0x4000 /* 16KB */ #define SSL_MAX_PLAINTEXT_LEN 0x4000 /* 16KB */
#define SSL_MAX_RECORD_LEN SSL_MAX_PLAINTEXT_LEN + 2048 #define SSL_MAX_RECORD_LEN SSL_MAX_PLAINTEXT_LEN + 2048
skipping to change at line 245 skipping to change at line 261
MUST NOT OVERLAP WITH ANY OF THE ALERT CODES ABOVE MUST NOT OVERLAP WITH ANY OF THE ALERT CODES ABOVE
*/ */
#define SSL_ALLOW_ANON_CONNECTION 254 #define SSL_ALLOW_ANON_CONNECTION 254
/* /*
Flags. DO NOT TOUCH Flags. DO NOT TOUCH
*/ */
#define SSL_FLAGS_SERVER 0x1 #define SSL_FLAGS_SERVER 0x1
#define SSL_FLAGS_READ_SECURE 0x2 #define SSL_FLAGS_READ_SECURE 0x2
#define SSL_FLAGS_WRITE_SECURE 0x4 #define SSL_FLAGS_WRITE_SECURE 0x4
#define SSL_FLAGS_PUBLIC_SECURE 0x8
#define SSL_FLAGS_RESUMED 0x10 #define SSL_FLAGS_RESUMED 0x10
#define SSL_FLAGS_CLOSED 0x20 #define SSL_FLAGS_CLOSED 0x20
#define SSL_FLAGS_NEED_ENCODE 0x40 #define SSL_FLAGS_NEED_ENCODE 0x40
#define SSL_FLAGS_ERROR 0x80 #define SSL_FLAGS_ERROR 0x80
#define SSL_FLAGS_TLS 0x100 #define SSL_FLAGS_TLS 0x100
#define SSL_FLAGS_CLIENT_AUTH 0x200 #define SSL_FLAGS_CLIENT_AUTH 0x200
#define SSL_FLAGS_ANON_CIPHER 0x2000 #define SSL_FLAGS_ANON_CIPHER 0x2000
/* /*
Buffer flags (ssl->bFlags) Buffer flags (ssl->bFlags)
skipping to change at line 321 skipping to change at line 336
#endif /* USE_TLS */ #endif /* USE_TLS */
/* /*
SSL cipher suite specification IDs SSL cipher suite specification IDs
*/ */
#define SSL_NULL_WITH_NULL_NULL 0x0000 #define SSL_NULL_WITH_NULL_NULL 0x0000
#define SSL_RSA_WITH_NULL_MD5 0x0001 #define SSL_RSA_WITH_NULL_MD5 0x0001
#define SSL_RSA_WITH_NULL_SHA 0x0002 #define SSL_RSA_WITH_NULL_SHA 0x0002
#define SSL_RSA_WITH_RC4_128_MD5 0x0004 #define SSL_RSA_WITH_RC4_128_MD5 0x0004
#define SSL_RSA_WITH_RC4_128_SHA 0x0005 #define SSL_RSA_WITH_RC4_128_SHA 0x0005
#define SSL_RSA_WITH_3DES_EDE_CBC_SHA 0x000A #define SSL_RSA_WITH_3DES_EDE_CBC_SHA 0x000A /* 10 */
#define TLS_RSA_WITH_AES_128_CBC_SHA 0x002F #define TLS_RSA_WITH_AES_128_CBC_SHA 0x002F /* 47 */
#define TLS_EMPTY_RENEGOTIATION_INFO_SCSV 0x00FF #define TLS_EMPTY_RENEGOTIATION_INFO_SCSV 0x00FF
/* /*
Supported HELLO extensions Supported HELLO extensions
*/ */
#define EXT_RENEGOTIATION_INFO 0xFF01 #define EXT_RENEGOTIATION_INFO 0xFF01
/* /*
Maximum key block size for any defined cipher Maximum key block size for any defined cipher
This must be validated if new ciphers are added This must be validated if new ciphers are added
skipping to change at line 461 skipping to change at line 476
unsigned char keySize; unsigned char keySize;
unsigned char ivSize; unsigned char ivSize;
unsigned char blockSize; unsigned char blockSize;
/* Init function */ /* Init function */
int32 (*init)(sslSec_t *sec, int32 type, uint32 keysize); int32 (*init)(sslSec_t *sec, int32 type, uint32 keysize);
/* Cipher functions */ /* Cipher functions */
int32 (*encrypt)(psCipherContext_t *ctx, unsigned char *in, int32 (*encrypt)(psCipherContext_t *ctx, unsigned char *in,
unsigned char *out, uint32 len); unsigned char *out, uint32 len);
int32 (*decrypt)(psCipherContext_t *ctx, unsigned char *in, int32 (*decrypt)(psCipherContext_t *ctx, unsigned char *in,
unsigned char *out, uint32 len); unsigned char *out, uint32 len);
int32 (*encryptPriv)(psPool_t *pool, psPubKey_t *key,
unsigned char *in, uint32 inlen,
unsigned char *out, uint32 outlen);
int32 (*decryptPub)(psPool_t *pool, psPubKey_t *key,
unsigned char *in, uint32 inlen,
unsigned char *out, uint32 outlen);
int32 (*encryptPub)(psPool_t *pool, psPubKey_t *key,
unsigned char *in, uint32 inlen,
unsigned char *out, uint32 outlen);
int32 (*decryptPriv)(psPool_t *pool, psPubKey_t *key,
unsigned char *in, uint32 inlen,
unsigned char *out, uint32 outlen);
int32 (*generateMac)(void *ssl, unsigned char type, unsigned char *d ata, int32 (*generateMac)(void *ssl, unsigned char type, unsigned char *d ata,
uint32 len, unsigned char *mac); uint32 len, unsigned char *mac);
int32 (*verifyMac)(void *ssl, unsigned char type, unsigned char *dat a, int32 (*verifyMac)(void *ssl, unsigned char type, unsigned char *dat a,
uint32 len, unsigned char *mac); uint32 len, unsigned char *mac);
} sslCipherSpec_t; } sslCipherSpec_t;
typedef struct { typedef struct {
unsigned char id[SSL_MAX_SESSION_ID_SIZE]; unsigned char id[SSL_MAX_SESSION_ID_SIZE];
unsigned char masterSecret[SSL_HS_MASTER_SIZE]; unsigned char masterSecret[SSL_HS_MASTER_SIZE];
uint32 cipherId; uint32 cipherId;
skipping to change at line 540 skipping to change at line 543
We duplicate these here from 'cipher' because we need to set the We duplicate these here from 'cipher' because we need to set the
various callbacks at different times in the handshake protoc ol various callbacks at different times in the handshake protoc ol
Also, there are 64 bit alignment issues in using the functio n pointers Also, there are 64 bit alignment issues in using the functio n pointers
within 'cipher' directly within 'cipher' directly
*/ */
int32 (*encrypt)(psCipherContext_t *ctx, unsigned char *in, int32 (*encrypt)(psCipherContext_t *ctx, unsigned char *in,
unsigned char *out, uint32 len); unsigned char *out, uint32 len);
int32 (*decrypt)(psCipherContext_t *ctx, unsigned char *in, int32 (*decrypt)(psCipherContext_t *ctx, unsigned char *in,
unsigned char *out, uint32 len); unsigned char *out, uint32 len);
/* Public key ciphers */
int32 (*encryptPriv)(psPool_t *pool, psPubKey_t *key,
unsigned char *in, uint32 inlen,
unsigned char *out, uint32 outlen);
int32 (*decryptPub)(psPool_t *pool, psPubKey_t *key,
unsigned char *in, uint32 inlen,
unsigned char *out, uint32 outlen);
int32 (*encryptPub)(psPool_t *pool, psPubKey_t *key,
unsigned char *in, uint32 inlen,
unsigned char *out, uint32 outlen);
int32 (*decryptPriv)(psPool_t *pool, psPubKey_t *key,
unsigned char *in, uint32 inlen,
unsigned char *out, uint32 outlen);
/* Message Authentication Codes */ /* Message Authentication Codes */
int32 (*generateMac)(void *ssl, unsigned char type, unsigned char *d ata, int32 (*generateMac)(void *ssl, unsigned char type, unsigned char *d ata,
uint32 len, unsigned char *mac); uint32 len, unsigned char *mac);
int32 (*verifyMac)(void *ssl, unsigned char type, unsigned char *dat a, int32 (*verifyMac)(void *ssl, unsigned char type, unsigned char *dat a,
uint32 len, unsigned char *mac); uint32 len, unsigned char *mac);
/* Current encryption/decryption parameters */ /* Current encryption/decryption parameters */
unsigned char enMacSize; unsigned char enMacSize;
unsigned char enIvSize; unsigned char enIvSize;
unsigned char enBlockSize; unsigned char enBlockSize;
skipping to change at line 626 skipping to change at line 616
extern int32 matrixSslEncodeHelloRequest(ssl_t *ssl, sslBuf_t *out, extern int32 matrixSslEncodeHelloRequest(ssl_t *ssl, sslBuf_t *out,
uint32 *reqLen); uint32 *reqLen);
extern int32 matrixSslEncodeClientHello(ssl_t *ssl, sslBuf_t *out, extern int32 matrixSslEncodeClientHello(ssl_t *ssl, sslBuf_t *out,
uint32 cipherSpec, uint32 *requiredL en, uint32 cipherSpec, uint32 *requiredL en,
tlsExtension_t *userExt); tlsExtension_t *userExt);
#ifdef USE_CLIENT_SIDE_SSL #ifdef USE_CLIENT_SIDE_SSL
extern int32 matrixSslGetSessionId(ssl_t *ssl, sslSessionId_t *sessionId) ; extern int32 matrixSslGetSessionId(ssl_t *ssl, sslSessionId_t *sessionId) ;
#endif /* USE_CLIENT_SIDE_SSL */ #endif /* USE_CLIENT_SIDE_SSL */
extern int32 matrixSslGetPrngData(unsigned char *bytes, uint32 size);
/************************************************************************** ****/ /************************************************************************** ****/
/* /*
MatrixSSL internal cert functions MatrixSSL internal cert functions
*/ */
typedef int32 (*sslCertCb_t)(void *, psX509Cert_t *, int32); typedef int32 (*sslCertCb_t)(void *, psX509Cert_t *, int32);
extern int32 matrixValidateCerts(psPool_t *pool, psX509Cert_t *subjectCerts , extern int32 matrixValidateCerts(psPool_t *pool, psX509Cert_t *subjectCerts ,
psX509Cert_t *issuerCerts); psX509Cert_t *issuerCerts);
extern int32 matrixUserCertValidator(ssl_t *ssl, int32 alert, extern int32 matrixUserCertValidator(ssl_t *ssl, int32 alert,
psX509Cert_t *subjectCert, sslCertCb_t cert Cb); psX509Cert_t *subjectCert, sslCertCb_t cert Cb);
/************************************************************************** ****/ /************************************************************************** ****/
/* /*
sslEncode.c and sslDecode.c sslEncode.c and sslDecode.c
*/ */
extern int32 psWriteRecordInfo(ssl_t *ssl, unsigned char type, int32 len, extern int32 psWriteRecordInfo(ssl_t *ssl, unsigned char type, int32 len,
skipping to change at line 649 skipping to change at line 640
sslEncode.c and sslDecode.c sslEncode.c and sslDecode.c
*/ */
extern int32 psWriteRecordInfo(ssl_t *ssl, unsigned char type, int32 len, extern int32 psWriteRecordInfo(ssl_t *ssl, unsigned char type, int32 len,
unsigned char *c); unsigned char *c);
extern int32 psWriteHandshakeHeader(ssl_t *ssl, unsigned char type, int32 l en, extern int32 psWriteHandshakeHeader(ssl_t *ssl, unsigned char type, int32 l en,
int32 seq, i nt32 fragOffset, int32 fragLen, int32 seq, i nt32 fragOffset, int32 fragLen,
unsigned cha r *c); unsigned cha r *c);
extern int32 sslEncodeResponse(ssl_t *ssl, psBuf_t *out, uint32 *requiredLe n); extern int32 sslEncodeResponse(ssl_t *ssl, psBuf_t *out, uint32 *requiredLe n);
extern int32 sslActivateReadCipher(ssl_t *ssl); extern int32 sslActivateReadCipher(ssl_t *ssl);
extern int32 sslActivateWriteCipher(ssl_t *ssl); extern int32 sslActivateWriteCipher(ssl_t *ssl);
extern int32 sslActivatePublicCipher(ssl_t *ssl);
extern int32 sslUpdateHSHash(ssl_t *ssl, unsigned char *in, uint32 len); extern int32 sslUpdateHSHash(ssl_t *ssl, unsigned char *in, uint32 len);
extern int32 sslInitHSHash(ssl_t *ssl); extern int32 sslInitHSHash(ssl_t *ssl);
extern int32 sslSnapshotHSHash(ssl_t *ssl, unsigned char *out, int32 sender Flag); extern int32 sslSnapshotHSHash(ssl_t *ssl, unsigned char *out, int32 sender Flag);
extern int32 sslWritePad(unsigned char *p, unsigned char padLen); extern int32 sslWritePad(unsigned char *p, unsigned char padLen);
extern int32 sslCreateKeys(ssl_t *ssl); extern int32 sslCreateKeys(ssl_t *ssl);
extern void sslResetContext(ssl_t *ssl); extern void sslResetContext(ssl_t *ssl);
#ifdef USE_SERVER_SIDE_SSL #ifdef USE_SERVER_SIDE_SSL
extern int32 matrixRegisterSession(ssl_t *ssl); extern int32 matrixRegisterSession(ssl_t *ssl);
extern int32 matrixResumeSession(ssl_t *ssl); extern int32 matrixResumeSession(ssl_t *ssl);
extern int32 matrixClearSession(ssl_t *ssl, int32 remove); extern int32 matrixClearSession(ssl_t *ssl, int32 remove);
extern int32 matrixUpdateSession(ssl_t *ssl); extern int32 matrixUpdateSession(ssl_t *ssl);
#endif /* USE_SERVER_SIDE_SSL */ #endif /* USE_SERVER_SIDE_SSL */
/* /*
cipherSuite.c cipherSuite.c
*/ */
extern sslCipherSpec_t *sslGetCipherSpec(ssl_t *ssl, uint32 cid); extern sslCipherSpec_t *sslGetCipherSpec(ssl_t *ssl, uint32 cid);
extern int32 sslGetCipherSpecListLen(void); extern int32 sslGetCipherSpecListLen(ssl_t *ssl);
extern int32 sslGetCipherSpecList(unsigned char *c, int32 len, int32 addScs extern int32 sslGetCipherSpecList(ssl_t *ssl, unsigned char *c, int32 len,
v); int32 addScsv);
extern int32 csRsaEncryptPub(psPool_t *pool, psPubKey_t *key,
unsigned char *in, uint32 inlen, unsigned char *out,
uint32 outlen);
extern int32 csRsaDecryptPub(psPool_t *pool, psPubKey_t *key,
unsigned char *in, uint32 inlen, unsigned char *out,
uint32 outlen);
extern int32 csRsaEncryptPriv(psPool_t *pool, psPubKey_t *key,
unsigned char *in, uint32 inlen, unsigned char *out,
uint32 outlen);
extern int32 csRsaDecryptPriv(psPool_t *pool, psPubKey_t *key,
unsigned char *in, uint32 inlen, unsigned char *out,
uint32 outlen);
/************************************************************************** ****/ /************************************************************************** ****/
/* /*
sslv3.c sslv3.c
*/ */
extern int32 sslGenerateFinishedHash(psDigestContext_t *md5, extern int32 sslGenerateFinishedHash(psDigestContext_t *md5,
psDigestContext_t *sha1, unsigned char *mast erSecret, psDigestContext_t *sha1, unsigned char *mast erSecret,
unsigned char *out, int32 sender); unsigned char *out, int32 sender);
extern int32 sslDeriveKeys(ssl_t *ssl); extern int32 sslDeriveKeys(ssl_t *ssl);
 End of changes. 19 change blocks. 
36 lines changed or deleted 40 lines changed or added


 osdep.h   osdep.h 
/* /*
* osdep.h * osdep.h
* Operating System and Hardware Abstraction Layer * Operating System and Hardware Abstraction Layer
* Release $Name: MATRIXSSL-3-1-2-OPEN $ * Release $Name: MATRIXSSL-3-1-3-OPEN $
*/ */
/* /*
* Copyright (c) PeerSec Networks, 2002-2010. All Rights Reserved. * Copyright (c) PeerSec Networks, 2002-2010. All Rights Reserved.
* The latest version of this code is available at http://www.matrixssl .org * The latest version of this code is available at http://www.matrixssl .org
* *
* This software is open source; you can redistribute it and/or modify * This software is open source; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version. * (at your option) any later version.
* *
 End of changes. 1 change blocks. 
1 lines changed or deleted 1 lines changed or added


 psmalloc.h   psmalloc.h 
/* /*
* psmalloc.h * psmalloc.h
* Release $Name: MATRIXSSL-3-1-2-OPEN $ * Release $Name: MATRIXSSL-3-1-3-OPEN $
* *
* Header for psMalloc functions * Header for psMalloc functions
*/ */
/* /*
* Copyright (c) PeerSec Networks, 2002-2010. All Rights Reserved. * Copyright (c) PeerSec Networks, 2002-2010. All Rights Reserved.
* The latest version of this code is available at http://www.matrixssl .org * The latest version of this code is available at http://www.matrixssl .org
* *
* This software is open source; you can redistribute it and/or modify * This software is open source; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
 End of changes. 1 change blocks. 
1 lines changed or deleted 1 lines changed or added


 pstm.h   pstm.h 
/* /*
* pstm.h * pstm.h
* Release $Name: MATRIXSSL-3-1-2-OPEN $ * Release $Name: MATRIXSSL-3-1-3-OPEN $
* *
* multiple-precision integer library * multiple-precision integer library
*/ */
/* /*
* Copyright (c) PeerSec Networks, 2002-2010. All Rights Reserved. * Copyright (c) PeerSec Networks, 2002-2010. All Rights Reserved.
* The latest version of this code is available at http://www.matrixssl .org * The latest version of this code is available at http://www.matrixssl .org
* *
* This software is open source; you can redistribute it and/or modify * This software is open source; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
 End of changes. 1 change blocks. 
1 lines changed or deleted 1 lines changed or added


 pubkey.h   pubkey.h 
/* /*
* pubkey.h * pubkey.h
* Release $Name: MATRIXSSL-3-1-2-OPEN $ * Release $Name: MATRIXSSL-3-1-3-OPEN $
*/ */
/* /*
* Copyright (c) PeerSec Networks, 2002-2010. All Rights Reserved. * Copyright (c) PeerSec Networks, 2002-2010. All Rights Reserved.
* The latest version of this code is available at http://www.matrixssl .org * The latest version of this code is available at http://www.matrixssl .org
* *
* This software is open source; you can redistribute it and/or modify * This software is open source; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version. * (at your option) any later version.
* *
skipping to change at line 40 skipping to change at line 40
#ifndef _h_PS_PUBKEY #ifndef _h_PS_PUBKEY
#define _h_PS_PUBKEY #define _h_PS_PUBKEY
#define PUBKEY_TYPE 0x01 #define PUBKEY_TYPE 0x01
#define PRIVKEY_TYPE 0x02 #define PRIVKEY_TYPE 0x02
/* Public Key types for psPubKey_t */ /* Public Key types for psPubKey_t */
#define PS_RSA 1 #define PS_RSA 1
#define PS_ECC 2 #define PS_ECC 2
#define PS_DH 3 #define PS_DH 3
/* Sig types */
#define RSA_TYPE_SIG 5
#define DSA_TYPE_SIG 6
/************************************************************************** ****/ /************************************************************************** ****/
#ifdef USE_RSA #ifdef USE_RSA
/************************************************************************** ****/ /************************************************************************** ****/
/* /*
Primary RSA Key struct. Define here for crypto Primary RSA Key struct. Define here for crypto
*/ */
typedef struct { typedef struct {
pstm_int e, d, N, qP, dP, dQ, p, q; pstm_int e, d, N, qP, dP, dQ, p, q;
uint32 size; /* Size of the key in bytes */ uint32 size; /* Size of the key in bytes */
int32 optimized; /* 1 for optimized */ int32 optimized; /* 1 for optimized */
 End of changes. 2 change blocks. 
1 lines changed or deleted 6 lines changed or added


 symmetric.h   symmetric.h 
/* /*
* symmetric.h * symmetric.h
* Release $Name: MATRIXSSL-3-1-2-OPEN $ * Release $Name: MATRIXSSL-3-1-3-OPEN $
* *
* Header for internal symmetric key cryptography support * Header for internal symmetric key cryptography support
*/ */
/* /*
* Copyright (c) PeerSec Networks, 2002-2010. All Rights Reserved. * Copyright (c) PeerSec Networks, 2002-2010. All Rights Reserved.
* The latest version of this code is available at http://www.matrixssl .org * The latest version of this code is available at http://www.matrixssl .org
* *
* This software is open source; you can redistribute it and/or modify * This software is open source; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
 End of changes. 1 change blocks. 
1 lines changed or deleted 1 lines changed or added


 version.h   version.h 
/* /*
Copyright 2010 PeerSec Networks, Inc. Copyright 2010 PeerSec Networks, Inc.
This file is auto-generated This file is auto-generated
*/ */
#ifndef _h_MATRIXSSL_VERSION #ifndef _h_MATRIXSSL_VERSION
#define _h_MATRIXSSL_VERSION #define _h_MATRIXSSL_VERSION
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif
#define MATRIXSSL_VERSION "3.1.2-OPEN" #define MATRIXSSL_VERSION "3.1.3-OPEN"
#define MATRIXSSL_VERSION_MAJOR 3 #define MATRIXSSL_VERSION_MAJOR 3
#define MATRIXSSL_VERSION_MINOR 1 #define MATRIXSSL_VERSION_MINOR 1
#define MATRIXSSL_VERSION_PATCH 2 #define MATRIXSSL_VERSION_PATCH 3
#define MATRIXSSL_VERSION_CODE "OPEN" #define MATRIXSSL_VERSION_CODE "OPEN"
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif
#endif /* _h_MATRIXSSL_VERSION */ #endif /* _h_MATRIXSSL_VERSION */
 End of changes. 2 change blocks. 
2 lines changed or deleted 2 lines changed or added


 x509.h   x509.h 
/* /*
* x509.h * x509.h
* Release $Name: MATRIXSSL-3-1-2-OPEN $ * Release $Name: MATRIXSSL-3-1-3-OPEN $
*/ */
/* /*
* Copyright (c) PeerSec Networks, 2002-2010. All Rights Reserved. * Copyright (c) PeerSec Networks, 2002-2010. All Rights Reserved.
* The latest version of this code is available at http://www.matrixssl .org * The latest version of this code is available at http://www.matrixssl .org
* *
* This software is open source; you can redistribute it and/or modify * This software is open source; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version. * (at your option) any later version.
* *
skipping to change at line 42 skipping to change at line 42
/************************************************************************** ****/ /************************************************************************** ****/
#ifdef USE_X509 #ifdef USE_X509
/************************************************************************** ****/ /************************************************************************** ****/
/* ClientCertificateType */ /* ClientCertificateType */
enum { enum {
RSA_SIGN = 1, RSA_SIGN = 1,
DSS_SIGN, DSS_SIGN,
RSA_FIXED_DH, RSA_FIXED_DH,
DSS_FIXED_DH DSS_FIXED_DH,
ECDSA_SIGN = 64,
RSA_FIXED_ECDH,
ECDSA_FIXED_ECDH
}; };
/* /*
Parsing flags Parsing flags
*/ */
#define CERT_STORE_UNPARSED_BUFFER 0x1 #define CERT_STORE_UNPARSED_BUFFER 0x1
#define CERT_STORE_DN_BUFFER 0x2 #define CERT_STORE_DN_BUFFER 0x2
#ifdef USE_CERT_PARSE
/* /*
DN attributes are used outside the X509 area for cert requests, DN attributes are used outside the X509 area for cert requests,
which have been included in the RSA portions of the code which have been included in the RSA portions of the code
*/ */
typedef struct { typedef struct {
char *country; char *country;
char *state; char *state;
char *locality; char *locality;
char *organization; char *organization;
char *orgUnit; char *orgUnit;
char *commonName; char *commonName;
char hash[SHA1_HASH_SIZE]; char hash[SHA1_HASH_SIZE];
char *dnenc; /* CERT_STORE_DN_BUFFER */ char *dnenc; /* CERT_STORE_DN_BUFFER */
uint32 dnencLen; uint32 dnencLen;
short countryType;
short countryLen;
short stateType;
short stateLen;
short localityType;
short localityLen;
short organizationType;
short organizationLen;
short orgUnitType;
short orgUnitLen;
short commonNameType;
short commonNameLen;
} x509DNattributes_t; } x509DNattributes_t;
typedef struct { typedef struct {
int32 cA; int32 cA;
int32 pathLenConstraint; int32 pathLenConstraint;
} x509extBasicConstraints_t; } x509extBasicConstraints_t;
typedef struct psSubjectAltNameEntry { typedef struct psSubjectAltNameEntry {
int32 id; int32 id;
unsigned char name[16]; unsigned char name[16];
skipping to change at line 106 skipping to change at line 122
x509extBasicConstraints_t bc; x509extBasicConstraints_t bc;
x509SubjectAltName_t *san; x509SubjectAltName_t *san;
#ifdef USE_FULL_CERT_PARSE #ifdef USE_FULL_CERT_PARSE
x509extSubjectKeyId_t sk; x509extSubjectKeyId_t sk;
x509extAuthKeyId_t ak; x509extAuthKeyId_t ak;
unsigned char *keyUsage; unsigned char *keyUsage;
int32 keyUsageLen; int32 keyUsageLen;
#endif /* USE_FULL_CERT_PARSE */ #endif /* USE_FULL_CERT_PARSE */
} x509v3extensions_t; } x509v3extensions_t;
#endif /* USE_CERT_PARSE */
typedef struct psCert { typedef struct psCert {
#ifdef USE_CERT_PARSE
int32 version; int32 version;
unsigned char *serialNumber; unsigned char *serialNumber;
uint32 serialNumberLen; uint32 serialNumberLen;
x509DNattributes_t issuer; x509DNattributes_t issuer;
x509DNattributes_t subject; x509DNattributes_t subject;
int32 timeType; int32 timeType;
char *notBefore; char *notBefore;
char *notAfter; char *notAfter;
psPubKey_t publicKey; psPubKey_t publicKey;
int32 pubKeyAlgorithm; /* public key algor ithm OID */ int32 pubKeyAlgorithm; /* public key algor ithm OID */
int32 certAlgorithm; /* signature algorith m OID */ int32 certAlgorithm; /* signature algorith m OID */
int32 sigAlgorithm; /* signature algorithm OID */ int32 sigAlgorithm; /* signature algorithm OID */
unsigned char *signature; unsigned char *signature;
uint32 signatureLen; uint32 signatureLen;
unsigned char sigHash[SHA1_HASH_SIZE]; unsigned char sigHash[32]; /* SHA256 MAX */
unsigned char *uniqueIssuerId; unsigned char *uniqueIssuerId;
uint32 uniqueIssuerIdLen; uint32 uniqueIssuerIdLen;
unsigned char *uniqueSubjectId; unsigned char *uniqueSubjectId;
uint32 uniqueSubjectIdLen; uint32 uniqueSubjectIdLen;
x509v3extensions_t extensions; x509v3extensions_t extensions;
int32 authStatus; /* See psX509Authenticat eCert doc */ int32 authStatus; /* See psX509Authenticat eCert doc */
#endif /* USE_CERT_PARSE */
unsigned char *unparsedBin; /* see psX509ParseCertFile */ unsigned char *unparsedBin; /* see psX509ParseCertFile */
uint32 binLen; uint32 binLen;
struct psCert *next; struct psCert *next;
} psX509Cert_t; } psX509Cert_t;
#ifdef USE_CERT_PARSE
extern int32 psX509GetSignature(psPool_t *pool, unsigned char **pp, uint32 len, extern int32 psX509GetSignature(psPool_t *pool, unsigned char **pp, uint32 len,
unsigned char **sig, uint32 *sigLen) ; unsigned char **sig, uint32 *sigLen) ;
extern int32 psX509GetDNAttributes(psPool_t *pool, unsigned char **pp, extern int32 psX509GetDNAttributes(psPool_t *pool, unsigned char **pp,
uint32 len, x509DNattributes_t *attribs, int 32 flags); uint32 len, x509DNattributes_t *attribs, int 32 flags);
extern void psX509FreeDNStruct(x509DNattributes_t *dn); extern void psX509FreeDNStruct(x509DNattributes_t *dn);
#endif /* USE_CERT_PARSE */
#endif /* USE_X509 */ #endif /* USE_X509 */
/************************************************************************** ****/ /************************************************************************** ****/
#endif /* _h_PS_X509 */ #endif /* _h_PS_X509 */
 End of changes. 10 change blocks. 
3 lines changed or deleted 25 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/