asn1.h   asn1.h 
/* /*
* asn1.h * asn1.h
* Release $Name: MATRIXSSL-3-2-1-OPEN $ * Release $Name: MATRIXSSL-3-3-0-OPEN $
*/ */
/* /*
* Copyright (c) PeerSec Networks, 2002-2011. All Rights Reserved. * Copyright (c) AuthenTec, Inc. 2011-2012
* Copyright (c) PeerSec Networks, 2002-2011
* All Rights Reserved
*
* The latest version of this code is available at http://www.matrixssl .org * The latest version of this code is available at http://www.matrixssl .org
* *
* This software is open source; you can redistribute it and/or modify * This software is open source; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version. * (at your option) any later version.
* *
* This General Public License does NOT permit incorporating this softw are * This General Public License does NOT permit incorporating this softw are
* into proprietary programs. If you are unable to comply with the GPL , a * into proprietary programs. If you are unable to comply with the GPL , a
* commercial license for this software may be purchased from PeerSec N * commercial license for this software may be purchased from AuthenTec
etworks at
* at http://www.peersec.com * http://www.authentec.com/Products/EmbeddedSecurity/SecurityToolkits.
aspx
* *
* This program is distributed in WITHOUT ANY WARRANTY; without even th e * This program is distributed in WITHOUT ANY WARRANTY; without even th e
* implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURP OSE. * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURP OSE.
* See the GNU General Public License for more details. * See the GNU General Public License for more details.
* *
* You should have received a copy of the GNU General Public License * You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software * along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
* http://www.gnu.org/copyleft/gpl.html * http://www.gnu.org/copyleft/gpl.html
*/ */
skipping to change at line 69 skipping to change at line 72
ASN_SET, ASN_SET,
ASN_PRINTABLESTRING = 19, ASN_PRINTABLESTRING = 19,
ASN_T61STRING, ASN_T61STRING,
ASN_IA5STRING = 22, ASN_IA5STRING = 22,
ASN_UTCTIME, ASN_UTCTIME,
ASN_GENERALIZEDTIME, ASN_GENERALIZEDTIME,
ASN_GENERAL_STRING = 27, ASN_GENERAL_STRING = 27,
ASN_BMPSTRING = 30 ASN_BMPSTRING = 30
}; };
#define ASN_UNKNOWN_LEN 876
extern int32 getAsnLength(unsigned char **p, uint32 size, uint32 *valLen); extern int32 getAsnLength(unsigned char **p, uint32 size, uint32 *valLen);
extern int32 getAsnBig(psPool_t *pool, unsigned char **pp, uint32 len, extern int32 getAsnBig(psPool_t *pool, unsigned char **pp, uint32 len,
pstm_int *big); pstm_int *big);
extern int32 getAsnSequence(unsigned char **pp, uint32 len, uint32 *seqlen) ; extern int32 getAsnSequence(unsigned char **pp, uint32 len, uint32 *seqlen) ;
extern int32 getAsnSet(unsigned char **pp, uint32 len, uint32 *setlen); extern int32 getAsnSet(unsigned char **pp, uint32 len, uint32 *setlen);
extern int32 getAsnInteger(unsigned char **pp, uint32 len, int32 *val); extern int32 getAsnInteger(unsigned char **pp, uint32 len, int32 *val);
extern int32 getAsnAlgorithmIdentifier(unsigned char **pp, uint32 len, extern int32 getAsnAlgorithmIdentifier(unsigned char **pp, uint32 len,
int32 *oi, int32 isPubKey, int32 *paramLen); int32 *oi, int32 isPubKey, int32 *paramLen);
#ifdef USE_RSA #ifdef USE_RSA
 End of changes. 4 change blocks. 
5 lines changed or deleted 11 lines changed or added


 coreApi.h   coreApi.h 
/* /*
* coreApi.h * coreApi.h
* Release $Name: MATRIXSSL-3-2-1-OPEN $ * Release $Name: MATRIXSSL-3-3-0-OPEN $
* *
* Prototypes for the PeerSec core public APIs * Prototypes for the Matrix core public APIs
*/ */
/* /*
* Copyright (c) PeerSec Networks, 2002-2011. All Rights Reserved. * Copyright (c) AuthenTec, Inc. 2011-2012
* Copyright (c) PeerSec Networks, 2002-2011
* All Rights Reserved
*
* The latest version of this code is available at http://www.matrixssl .org * The latest version of this code is available at http://www.matrixssl .org
* *
* This software is open source; you can redistribute it and/or modify * This software is open source; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version. * (at your option) any later version.
* *
* This General Public License does NOT permit incorporating this softw are * This General Public License does NOT permit incorporating this softw are
* into proprietary programs. If you are unable to comply with the GPL , a * into proprietary programs. If you are unable to comply with the GPL , a
* commercial license for this software may be purchased from PeerSec N * commercial license for this software may be purchased from AuthenTec
etworks at
* at http://www.peersec.com * http://www.authentec.com/Products/EmbeddedSecurity/SecurityToolkits.
aspx
* *
* This program is distributed in WITHOUT ANY WARRANTY; without even th e * This program is distributed in WITHOUT ANY WARRANTY; without even th e
* implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURP OSE. * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURP OSE.
* See the GNU General Public License for more details. * See the GNU General Public License for more details.
* *
* You should have received a copy of the GNU General Public License * You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software * along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
* http://www.gnu.org/copyleft/gpl.html * http://www.gnu.org/copyleft/gpl.html
*/ */
skipping to change at line 128 skipping to change at line 131
Public interface to OS-dependant core functionality Public interface to OS-dependant core functionality
OS/osdep.c must implement the below functions OS/osdep.c must implement the below functions
*/ */
PSPUBLIC int32 psGetEntropy(unsigned char *bytes, uint32 size); PSPUBLIC int32 psGetEntropy(unsigned char *bytes, uint32 size);
PSPUBLIC int32 psGetTime(psTime_t *t); PSPUBLIC int32 psGetTime(psTime_t *t);
PSPUBLIC int32 psDiffMsecs(psTime_t then, psTime_t now); PSPUBLIC int32 psDiffMsecs(psTime_t then, psTime_t now);
PSPUBLIC int32 psCompareTime(psTime_t a, psTime_t b); PSPUBLIC int32 psCompareTime(psTime_t a, psTime_t b);
#ifdef PS_USE_FILE_SYSTEM #ifdef MATRIX_USE_FILE_SYSTEM
PSPUBLIC int32 psGetFileBuf(psPool_t *pool, const char *fileName, PSPUBLIC int32 psGetFileBuf(psPool_t *pool, const char *fileName,
unsigned ch ar **buf, int32 *bufLen); unsigned ch ar **buf, int32 *bufLen);
#endif /* PS_USE_FILE_SYSTEM */ #endif /* MATRIX_USE_FILE_SYSTEM */
#ifdef USE_MULTITHREADING #ifdef USE_MULTITHREADING
PSPUBLIC int32 psCreateMutex(psMutex_t *mutex); PSPUBLIC int32 psCreateMutex(psMutex_t *mutex);
PSPUBLIC int32 psLockMutex(psMutex_t *mutex); PSPUBLIC int32 psLockMutex(psMutex_t *mutex);
PSPUBLIC int32 psUnlockMutex(psMutex_t *mutex); PSPUBLIC int32 psUnlockMutex(psMutex_t *mutex);
PSPUBLIC void psDestroyMutex(psMutex_t *mutex); PSPUBLIC void psDestroyMutex(psMutex_t *mutex);
#endif /* USE_MULTITHREADING */ #endif /* USE_MULTITHREADING */
/************************************************************************** ****/ /************************************************************************** ****/
/* /*
 End of changes. 6 change blocks. 
8 lines changed or deleted 12 lines changed or added


 coreConfig.h   coreConfig.h 
/* /*
* coreConfig.h * coreConfig.h
* Release $Name: MATRIXSSL-3-2-1-OPEN $ * Release $Name: MATRIXSSL-3-3-0-OPEN $
* *
* Configuration settings for PeerSec core module * Configuration settings for Matrix core module
*/ */
/* /*
* Copyright (c) PeerSec Networks, 2002-2011. All Rights Reserved. * Copyright (c) AuthenTec, Inc. 2011-2012
* Copyright (c) PeerSec Networks, 2002-2011
* All Rights Reserved
*
* The latest version of this code is available at http://www.matrixssl .org * The latest version of this code is available at http://www.matrixssl .org
* *
* This software is open source; you can redistribute it and/or modify * This software is open source; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version. * (at your option) any later version.
* *
* This General Public License does NOT permit incorporating this softw are * This General Public License does NOT permit incorporating this softw are
* into proprietary programs. If you are unable to comply with the GPL , a * into proprietary programs. If you are unable to comply with the GPL , a
* commercial license for this software may be purchased from PeerSec N * commercial license for this software may be purchased from AuthenTec
etworks at
* at http://www.peersec.com * http://www.authentec.com/Products/EmbeddedSecurity/SecurityToolkits.
aspx
* *
* This program is distributed in WITHOUT ANY WARRANTY; without even th e * This program is distributed in WITHOUT ANY WARRANTY; without even th e
* implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURP OSE. * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURP OSE.
* See the GNU General Public License for more details. * See the GNU General Public License for more details.
* *
* You should have received a copy of the GNU General Public License * You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software * along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
* http://www.gnu.org/copyleft/gpl.html * http://www.gnu.org/copyleft/gpl.html
*/ */
 End of changes. 4 change blocks. 
6 lines changed or deleted 10 lines changed or added


 cryptoApi.h   cryptoApi.h 
/* /*
* cryptoApi.h * cryptoApi.h
* Release $Name: MATRIXSSL-3-2-1-OPEN $ * Release $Name: MATRIXSSL-3-3-0-OPEN $
* *
* Prototypes for the PeerSec crypto public APIs * Prototypes for the Matrix crypto public APIs
*/ */
/* /*
* Copyright (c) PeerSec Networks, 2002-2011. All Rights Reserved. * Copyright (c) AuthenTec, Inc. 2011-2012
* Copyright (c) PeerSec Networks, 2002-2011
* All Rights Reserved
*
* The latest version of this code is available at http://www.matrixssl .org * The latest version of this code is available at http://www.matrixssl .org
* *
* This software is open source; you can redistribute it and/or modify * This software is open source; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version. * (at your option) any later version.
* *
* This General Public License does NOT permit incorporating this softw are * This General Public License does NOT permit incorporating this softw are
* into proprietary programs. If you are unable to comply with the GPL , a * into proprietary programs. If you are unable to comply with the GPL , a
* commercial license for this software may be purchased from PeerSec N * commercial license for this software may be purchased from AuthenTec
etworks at
* at http://www.peersec.com * http://www.authentec.com/Products/EmbeddedSecurity/SecurityToolkits.
aspx
* *
* This program is distributed in WITHOUT ANY WARRANTY; without even th e * This program is distributed in WITHOUT ANY WARRANTY; without even th e
* implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURP OSE. * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURP OSE.
* See the GNU General Public License for more details. * See the GNU General Public License for more details.
* *
* You should have received a copy of the GNU General Public License * You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software * along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
* http://www.gnu.org/copyleft/gpl.html * http://www.gnu.org/copyleft/gpl.html
*/ */
skipping to change at line 114 skipping to change at line 117
psDes3Key_t *skey); psDes3Key_t *skey);
PSPUBLIC void psDes3EncryptBlock(const unsigned char *pt, unsigned char *ct , PSPUBLIC void psDes3EncryptBlock(const unsigned char *pt, unsigned char *ct ,
psDes3Key_t *skey); psDes3Key_t *skey);
PSPUBLIC void psDes3DecryptBlock(const unsigned char *ct, unsigned char *pt , PSPUBLIC void psDes3DecryptBlock(const unsigned char *ct, unsigned char *pt ,
psDes3Key_t *skey); psDes3Key_t *skey);
#endif /* USE_3DES */ #endif /* USE_3DES */
/************************************************************************** ****/ /************************************************************************** ****/
/************************************************************************** ****/ /************************************************************************** ****/
#ifdef USE_DES #ifdef USE_DES
/************************************************************************** ****/
PSPUBLIC int32 psDesInitKey(const unsigned char *key, int32 keylen, PSPUBLIC int32 psDesInitKey(const unsigned char *key, int32 keylen,
psDes3Key_t *skey); psDes3Key_t *skey);
PSPUBLIC void psDesEncryptBlock(const unsigned char *pt, unsigned char *ct, PSPUBLIC void psDesEncryptBlock(const unsigned char *pt, unsigned char *ct,
psDes3Key_t *skey); psDes3Key_t *skey);
PSPUBLIC void psDesDecryptBlock(const unsigned char *ct, unsigned char *pt, PSPUBLIC void psDesDecryptBlock(const unsigned char *ct, unsigned char *pt,
psDes3Key_t *skey); psDes3Key_t *skey);
#endif /* USE_DES */ #endif /* USE_DES */
/************************************************************************** ****/ /************************************************************************** ****/
/************************************************************************** ****/ /************************************************************************** ****/
#ifdef USE_ARC4 #ifdef USE_ARC4
/************************************************************************** ****/
PSPUBLIC void psArc4Init(psCipherContext_t *ctx, unsigned char *key, PSPUBLIC void psArc4Init(psCipherContext_t *ctx, unsigned char *key,
uint32 keylen); uint32 keylen);
PSPUBLIC int32 psArc4(psCipherContext_t *ctx, unsigned char *in, PSPUBLIC int32 psArc4(psCipherContext_t *ctx, unsigned char *in,
unsigned char *out, uint32 l en); unsigned char *out, uint32 l en);
#endif /* USE_ARC4 */ #endif /* USE_ARC4 */
/************************************************************************** ****/ /************************************************************************** ****/
#ifdef USE_RC2
/**************************************************************************
****/
PSPUBLIC int32 psRc2Init(psCipherContext_t *ctx, unsigned char *IV,
unsigned char *key, uint32 k
eylen);
PSPUBLIC int32 psRc2Decrypt(psCipherContext_t *ctx, unsigned char *ct,
unsigned char *pt, uint32 le
n);
PSPUBLIC int32 psRc2Encrypt(psCipherContext_t *ctx, unsigned char *pt,
unsigned char *ct, uint32 le
n);
PSPUBLIC int32 psRc2InitKey(unsigned char *key, uint32 keylen, uint32 rds,
psRc2Key_t *skey);
PSPUBLIC int32 psRc2EncryptBlock(unsigned char *pt, unsigned char *ct,
psRc2Key_t *skey);
PSPUBLIC int32 psRc2DecryptBlock(unsigned char *ct, unsigned char *pt,
psRc2Key_t *skey);
#endif /* USE_RC2 */
/**************************************************************************
****/
/************************************************************************** ****/ /************************************************************************** ****/
#ifdef USE_SHA1 #ifdef USE_SHA1
/************************************************************************** ****/ /************************************************************************** ****/
PSPUBLIC void psSha1Init(psDigestContext_t * md); PSPUBLIC void psSha1Init(psDigestContext_t * md);
PSPUBLIC void psSha1Update(psDigestContext_t * md, const unsigned char *buf , PSPUBLIC void psSha1Update(psDigestContext_t * md, const unsigned char *buf ,
uint32 len); uint32 len);
PSPUBLIC int32 psSha1Final(psDigestContext_t * md, unsigned char *hash); PSPUBLIC int32 psSha1Final(psDigestContext_t * md, unsigned char *hash);
#ifdef USE_HMAC #ifdef USE_HMAC
PSPUBLIC int32 psHmacSha1(unsigned char *key, uint32 keyLen, PSPUBLIC int32 psHmacSha1(unsigned char *key, uint32 keyLen,
skipping to change at line 163 skipping to change at line 180
#endif /* USE_SHA1 */ #endif /* USE_SHA1 */
/************************************************************************** ****/ /************************************************************************** ****/
/************************************************************************** ****/ /************************************************************************** ****/
#ifdef USE_MD5 #ifdef USE_MD5
/************************************************************************** ****/ /************************************************************************** ****/
PSPUBLIC void psMd5Init(psDigestContext_t * md); PSPUBLIC void psMd5Init(psDigestContext_t * md);
PSPUBLIC void psMd5Update(psDigestContext_t * md, const unsigned char *buf, PSPUBLIC void psMd5Update(psDigestContext_t * md, const unsigned char *buf,
uint32 len); uint32 len);
PSPUBLIC int32 psMd5Final(psDigestContext_t * md, unsigned char *hash); PSPUBLIC int32 psMd5Final(psDigestContext_t * md, unsigned char *hash);
#ifdef USE_HMAC #ifdef USE_HMAC
PSPUBLIC int32 psHmacMd5(unsigned char *key, uint32 keyLen, PSPUBLIC int32 psHmacMd5(unsigned char *key, uint32 keyLen,
const unsigned char *buf, uint32 len, const unsigned char *buf, uint32 len,
unsigned char *hash, unsigned char *hmacKey, unsigned char *hash, unsigned char *hmacKey,
uint32 *hmacKeyLen); uint32 *hmacKeyLen);
PSPUBLIC void psHmacMd5Init(psHmacContext_t *ctx, unsigned char *key, PSPUBLIC void psHmacMd5Init(psHmacContext_t *ctx, unsigned char *key,
uint32 keyLen); uint32 keyLen);
PSPUBLIC void psHmacMd5Update(psHmacContext_t *ctx, const unsigned char *bu f, PSPUBLIC void psHmacMd5Update(psHmacContext_t *ctx, const unsigned char *bu f,
uint32 len); uint32 len);
PSPUBLIC int32 psHmacMd5Final(psHmacContext_t *ctx, unsigned char *hash); PSPUBLIC int32 psHmacMd5Final(psHmacContext_t *ctx, unsigned char *hash);
skipping to change at line 197 skipping to change at line 215
Private Key Parsing Private Key Parsing
PKCS#1 - RSA specific PKCS#1 - RSA specific
PKCS#8 - General private key storage format PKCS#8 - General private key storage format
*/ */
#ifdef USE_PRIVATE_KEY_PARSING #ifdef USE_PRIVATE_KEY_PARSING
PSPUBLIC int32 pkcs1ParsePrivBin(psPool_t *pool, unsigned char *p, PSPUBLIC int32 pkcs1ParsePrivBin(psPool_t *pool, unsigned char *p,
uint32 size, psPubKey_t **key); uint32 size, psPubKey_t **key);
#ifdef USE_PKCS8 #ifdef USE_PKCS8
PSPUBLIC int32 pkcs8ParsePrivBin(psPool_t *pool, unsigned char *p, PSPUBLIC int32 pkcs8ParsePrivBin(psPool_t *pool, unsigned char *p,
int32 size, char *pass, psPubKey_t **key); int32 size, char *pass, psPubKey_t **key);
#ifdef MATRIX_USE_FILE_SYSTEM
#ifdef USE_PKCS12
PSPUBLIC int32 psPkcs12Parse(psPool_t *pool, psX509Cert_t **cert,
psPubKey_t **privKey, const unsigned char *f
ile, int32 flags,
unsigned char *importPass, int32 ipasslen,
unsigned char *privkeyPass, int32 kpasslen);
#endif /* USE_PKCS12 */
#endif /* MATRIX_USE_FILE_SYSTEM */
#endif /* USE_PKCS8 */ #endif /* USE_PKCS8 */
#ifdef PS_USE_FILE_SYSTEM
#ifdef MATRIX_USE_FILE_SYSTEM
PSPUBLIC int32 pkcs1ParsePrivFile(psPool_t *pool, char *fileName, PSPUBLIC int32 pkcs1ParsePrivFile(psPool_t *pool, char *fileName,
char *password, psPubKey_t **outkey); char *password, psPubKey_t **outkey);
PSPUBLIC int32 pkcs1DecodePrivFile(psPool_t *pool, char *fileName, PSPUBLIC int32 pkcs1DecodePrivFile(psPool_t *pool, char *fileName,
char *password, unsigned char **DERout, uint 32 *DERlen); char *password, unsigned char **DERout, uint 32 *DERlen);
#endif /* PS_USE_FILE_SYSTEM */ #endif /* MATRIX_USE_FILE_SYSTEM */
#endif /* USE_PRIVATE_KEY_PARSING */ #endif /* USE_PRIVATE_KEY_PARSING */
#endif /* USE_RSA */ #endif /* USE_RSA */
/************************************************************************** ****/ /************************************************************************** ****/
/************************************************************************** ****/ /************************************************************************** ****/
#ifdef USE_PKCS5 #ifdef USE_PKCS5
/************************************************************************** ****/ /************************************************************************** ****/
/* /*
PKCS#5 PBKDF v1 and v2 key generation PKCS#5 PBKDF v1 and v2 key generation
*/ */
PSPUBLIC void pkcs5pbkdf1(unsigned char *pass, uint32 passlen, PSPUBLIC void pkcs5pbkdf1(unsigned char *pass, uint32 passlen,
unsigned char *salt, int32 iter, unsigned ch ar *key); unsigned char *salt, int32 iter, unsigned ch ar *key);
PSPUBLIC void pkcs5pbkdf2(unsigned char *password, uint32 pLen,
unsigned char *salt, uint32 sLen, int32 rou
nds,
unsigned char *key, uint32 kLen);
#endif /* USE_PKCS5 */ #endif /* USE_PKCS5 */
/************************************************************************** ****/ /************************************************************************** ****/
/* /*
Public Key Cryptography Public Key Cryptography
*/ */
PSPUBLIC psPubKey_t *psNewPubKey(psPool_t *pool); PSPUBLIC psPubKey_t *psNewPubKey(psPool_t *pool);
PSPUBLIC void psFreePubKey(psPubKey_t *key); PSPUBLIC void psFreePubKey(psPubKey_t *key);
/************************************************************************** ****/ /************************************************************************** ****/
 End of changes. 12 change blocks. 
10 lines changed or deleted 48 lines changed or added


 cryptoConfig.h   cryptoConfig.h 
/* /*
* cryptoConfig.h * cryptoConfig.h
* Release $Name: MATRIXSSL-3-2-1-OPEN $ * Release $Name: MATRIXSSL-3-3-0-OPEN $
*/ */
/* /*
* Copyright (c) PeerSec Networks, 2002-2011. All Rights Reserved. * Copyright (c) AuthenTec, Inc. 2011-2012
* Copyright (c) PeerSec Networks, 2002-2011
* All Rights Reserved
*
* The latest version of this code is available at http://www.matrixssl .org * The latest version of this code is available at http://www.matrixssl .org
* *
* This software is open source; you can redistribute it and/or modify * This software is open source; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version. * (at your option) any later version.
* *
* This General Public License does NOT permit incorporating this softw are * This General Public License does NOT permit incorporating this softw are
* into proprietary programs. If you are unable to comply with the GPL , a * into proprietary programs. If you are unable to comply with the GPL , a
* commercial license for this software may be purchased from PeerSec N * commercial license for this software may be purchased from AuthenTec
etworks at
* at http://www.peersec.com * http://www.authentec.com/Products/EmbeddedSecurity/SecurityToolkits.
aspx
* *
* This program is distributed in WITHOUT ANY WARRANTY; without even th e * This program is distributed in WITHOUT ANY WARRANTY; without even th e
* implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURP OSE. * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURP OSE.
* See the GNU General Public License for more details. * See the GNU General Public License for more details.
* *
* You should have received a copy of the GNU General Public License * You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software * along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
* http://www.gnu.org/copyleft/gpl.html * http://www.gnu.org/copyleft/gpl.html
*/ */
skipping to change at line 78 skipping to change at line 81
boost at the cost of 10-20 kilobytes (per algorithm). boost at the cost of 10-20 kilobytes (per algorithm).
*/ */
/* #define PS_AES_IMPROVE_PERF_INCREASE_CODESIZE */ /* #define PS_AES_IMPROVE_PERF_INCREASE_CODESIZE */
/* #define PS_3DES_IMPROVE_PERF_INCREASE_CODESIZE */ /* #define PS_3DES_IMPROVE_PERF_INCREASE_CODESIZE */
/************************************************************************** ****/ /************************************************************************** ****/
/* /*
Symmetric stream ciphers Symmetric stream ciphers
*/ */
/* #define USE_ARC4 */ /* #define USE_ARC4 */
/* #define USE_RC2 */ /* Only PKCS#12 parse should ever want this algorithm */
/************************************************************************** ****/ /************************************************************************** ****/
/* /*
Digest algorithms Digest algorithms
*/ */
#define USE_SHA1 #define USE_SHA1
#define USE_MD5 #define USE_MD5
#define USE_HMAC /* Requires USE_MD5 and/or USE_SHA1 */ #define USE_HMAC /* Requires USE_MD5 and/or USE_SHA1 */
skipping to change at line 111 skipping to change at line 115
#define USE_CERT_PARSE /* Usually required. USE_X509 must be enabled */ #define USE_CERT_PARSE /* Usually required. USE_X509 must be enabled */
/* #define USE_FULL_CERT_PARSE */ /* USE_CERT_PARSE must be enabled */ /* #define USE_FULL_CERT_PARSE */ /* USE_CERT_PARSE must be enabled */
#define USE_BASE64_DECODE #define USE_BASE64_DECODE
/************************************************************************** ****/ /************************************************************************** ****/
/* /*
PKCS support PKCS support
*/ */
#define USE_PRIVATE_KEY_PARSING #define USE_PRIVATE_KEY_PARSING
#define USE_PKCS5 /* v2.0 3des PBKDF encrypted private keys */
#define USE_PKCS8 /* Alternative private key storage format */ #define USE_PKCS8 /* Alternative private key storage format */
/* #define USE_PKCS5 */ /* PBKDF key generation for encrypted private keys */ /* #define USE_PKCS12 */ /* You must enable USE_PKCS8 if enabling PKCS12 */
/************************************************************************** ****/ /************************************************************************** ****/
/* /*
PRNG Algorithms PRNG Algorithms
*/ */
#define USE_YARROW #define USE_YARROW
/************************************************************************** ****/ /************************************************************************** ****/
/* /*
All below here are configurable tweaks (do not need to touch, in genera l) All below here are configurable tweaks (do not need to touch, in genera l)
 End of changes. 6 change blocks. 
6 lines changed or deleted 12 lines changed or added


 cryptolib.h   cryptolib.h 
/* /*
* cryptolib.h * cryptolib.h
* Release $Name: MATRIXSSL-3-2-1-OPEN $ * Release $Name: MATRIXSSL-3-3-0-OPEN $
*/ */
/* /*
* Copyright (c) PeerSec Networks, 2002-2011. All Rights Reserved. * Copyright (c) AuthenTec, Inc. 2011-2012
* Copyright (c) PeerSec Networks, 2002-2011
* All Rights Reserved
*
* The latest version of this code is available at http://www.matrixssl .org * The latest version of this code is available at http://www.matrixssl .org
* *
* This software is open source; you can redistribute it and/or modify * This software is open source; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version. * (at your option) any later version.
* *
* This General Public License does NOT permit incorporating this softw are * This General Public License does NOT permit incorporating this softw are
* into proprietary programs. If you are unable to comply with the GPL , a * into proprietary programs. If you are unable to comply with the GPL , a
* commercial license for this software may be purchased from PeerSec N * commercial license for this software may be purchased from AuthenTec
etworks at
* at http://www.peersec.com * http://www.authentec.com/Products/EmbeddedSecurity/SecurityToolkits.
aspx
* *
* This program is distributed in WITHOUT ANY WARRANTY; without even th e * This program is distributed in WITHOUT ANY WARRANTY; without even th e
* implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURP OSE. * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURP OSE.
* See the GNU General Public License for more details. * See the GNU General Public License for more details.
* *
* You should have received a copy of the GNU General Public License * You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software * along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
* http://www.gnu.org/copyleft/gpl.html * http://www.gnu.org/copyleft/gpl.html
*/ */
skipping to change at line 69 skipping to change at line 72
#ifdef USE_PKCS5 #ifdef USE_PKCS5
#ifndef USE_MD5 #ifndef USE_MD5
#error "Enable USE_MD5 in cryptoConfig.h for PKCS5 support" #error "Enable USE_MD5 in cryptoConfig.h for PKCS5 support"
#endif #endif
#ifndef USE_3DES #ifndef USE_3DES
#error "Enable USE_3DES in cryptoConfig.h for PKCS5 support" #error "Enable USE_3DES in cryptoConfig.h for PKCS5 support"
#endif #endif
#endif #endif
#ifdef USE_PKCS8
#ifndef USE_HMAC
#error "Enable USE_HMAC in cryptoConfig.h for PKCS8 support"
#endif
#endif
#ifdef USE_PKCS12
#ifndef USE_PKCS8
#error "Enable USE_PKCS8 in cryptoConfig.h for PKCS12 support"
#endif
#endif
/************************************************************************** ****/ /************************************************************************** ****/
/* /*
Crypto trace Crypto trace
*/ */
#ifndef USE_CRYPTO_TRACE #ifndef USE_CRYPTO_TRACE
#define psTraceCrypto(x) #define psTraceCrypto(x)
#define psTraceStrCrypto(x, y) #define psTraceStrCrypto(x, y)
#define psTraceIntCrypto(x, y) #define psTraceIntCrypto(x, y)
#define psTracePtrCrypto(x, y) #define psTracePtrCrypto(x, y)
#else #else
skipping to change at line 95 skipping to change at line 110
/************************************************************************** ****/ /************************************************************************** ****/
/* /*
Helpers Helpers
*/ */
extern int32 psBase64decode(const unsigned char *in, uint32 len, extern int32 psBase64decode(const unsigned char *in, uint32 len,
unsigned char *out, uint32 *outlen); unsigned char *out, uint32 *outlen);
/************************************************************************** ****/ /************************************************************************** ****/
/* /*
RFC 3279 OID RFC 3279 OID
PeerSec uses an oid summing mechanism to arrive at these defines. Matrix uses an oid summing mechanism to arrive at these defines.
The byte values of the OID are summed to produce a "relatively uniqu e" int The byte values of the OID are summed to produce a "relatively uniqu e" int
The duplicate defines do not pose a problem as long as they don't The duplicate defines do not pose a problem as long as they don't
exist in the same OID groupings exist in the same OID groupings
*/ */
#ifdef USE_X509 #ifdef USE_X509
/* Raw digest algorithms */ /* Raw digest algorithms */
#define OID_SHA1_ALG 88 #define OID_SHA1_ALG 88
#define OID_SHA256_ALG 414 #define OID_SHA256_ALG 414
#define OID_SHA512_ALG 416 #define OID_SHA512_ALG 416
skipping to change at line 133 skipping to change at line 148
#define OID_RSA_KEY_ALG 645 /* 42.134.72.134.247.13. 1.1.1 */ #define OID_RSA_KEY_ALG 645 /* 42.134.72.134.247.13. 1.1.1 */
#define OID_ECDSA_KEY_ALG 518 /* 42.134.72.206.61.2.1 */ #define OID_ECDSA_KEY_ALG 518 /* 42.134.72.206.61.2.1 */
#ifdef USE_PKCS5 #ifdef USE_PKCS5
#define OID_DES_EDE3_CBC 652 /* 42.134.72.134.247.13.3.7 */ #define OID_DES_EDE3_CBC 652 /* 42.134.72.134.247.13.3.7 */
#define OID_PKCS_PBKDF2 660 /* 42.134.72.134.247.13. 1.5.12 */ #define OID_PKCS_PBKDF2 660 /* 42.134.72.134.247.13. 1.5.12 */
#define OID_PKCS_PBES2 661 /* 42.134.72.134.247.13.1.5.13 * / #define OID_PKCS_PBES2 661 /* 42.134.72.134.247.13.1.5.13 * /
#endif /* USE_PKCS5 */ #endif /* USE_PKCS5 */
#ifdef USE_PKCS12
#define OID_PKCS_PBESHA128RC4 657
#define OID_PKCS_PBESHA40RC4 658
#define OID_PKCS_PBESHA3DES3 659
#define OID_PKCS_PBESHA3DES2 660 /* warning: collision with pkcs5 */
#define OID_PKCS_PBESHA128RC2 661 /* warning: collision with pkcs5 */
#define OID_PKCS_PBESHA40RC2 662
#define PKCS7_DATA 651
#define PKCS7_SIGNED_DATA 652
#define PKCS7_ENVELOPED_DATA 653
#define PKCS7_SIGNED_ENVELOPED_DATA 654
#define PKCS7_DIGESTED_DATA 655
#define PKCS7_ENCRYPTED_DATA 656
#define PKCS12_BAG_TYPE_KEY 667
#define PKCS12_BAG_TYPE_SHROUD 668
#define PKCS12_BAG_TYPE_CERT 669
#define PKCS12_BAG_TYPE_CRL 670
#define PKCS12_BAG_TYPE_SECRET 671
#define PKCS12_BAG_TYPE_SAFE 672
#define PBE12 1
#define PBES2 2
#define AUTH_SAFE_3DES 1
#define AUTH_SAFE_RC2 2
#define PKCS12_KEY_ID 1
#define PKCS12_IV_ID 2
#define PKCS12_MAC_ID 3
#define PKCS9_CERT_TYPE_X509 675
#define PKCS9_CERT_TYPE_SDSI 676
#endif /* USE_PKCS12 */
/************************************************************************** ****/ /************************************************************************** ****/
/* These values are all mutually exlusive bits to define Cipher flags */ /* These values are all mutually exlusive bits to define Cipher flags */
#define CRYPTO_FLAGS_AES 0x01 #define CRYPTO_FLAGS_AES 0x01
#define CRYPTO_FLAGS_AES256 0x02 #define CRYPTO_FLAGS_AES256 0x02
#define CRYPTO_FLAGS_3DES 0x04 #define CRYPTO_FLAGS_3DES 0x04
#define CRYPTO_FLAGS_ARC4 0x08 #define CRYPTO_FLAGS_ARC4 0x08
#define CRYPTO_FLAGS_SEED 0x10 #define CRYPTO_FLAGS_SEED 0x10
#define CRYPTO_FLAGS_SHA1 0x20 #define CRYPTO_FLAGS_SHA1 0x20
#define CRYPTO_FLAGS_MD5 0x40 #define CRYPTO_FLAGS_SHA2 0x40
#define CRYPTO_FLAGS_MD5 0x80
#define CRYPTO_FLAGS_TLS 0x80 #define CRYPTO_FLAGS_TLS 0x100
#define CRYPTO_FLAGS_INBOUND 0x100 #define CRYPTO_FLAGS_INBOUND 0x200
#define CRYPTO_FLAGS_ARC4INIT 0x200 #define CRYPTO_FLAGS_ARC4INIT 0x400
#define CRYPTO_FLAGS_BLOCKING 0x400 #define CRYPTO_FLAGS_BLOCKING 0x800
#define CRYPTO_FLAGS_DISABLED 0x800 #define CRYPTO_FLAGS_DISABLED 0x1000
/************************************************************************** ****/ /************************************************************************** ****/
#define CRYPT_INVALID_KEYSIZE -21 #define CRYPT_INVALID_KEYSIZE -21
#define CRYPT_INVALID_ROUNDS -22 #define CRYPT_INVALID_ROUNDS -22
/************************************************************************** ****/ /************************************************************************** ****/
/* 32-bit Rotates */ /* 32-bit Rotates */
/************************************************************************** ****/ /************************************************************************** ****/
#if defined(_MSC_VER) #if defined(_MSC_VER)
 End of changes. 10 change blocks. 
12 lines changed or deleted 64 lines changed or added


 digest.h   digest.h 
/* /*
* digest.h * digest.h
* Release $Name: MATRIXSSL-3-2-1-OPEN $ * Release $Name: MATRIXSSL-3-3-0-OPEN $
* *
* Header for internal symmetric key cryptography support * Header for internal symmetric key cryptography support
*/ */
/* /*
* Copyright (c) PeerSec Networks, 2002-2011. All Rights Reserved. * Copyright (c) AuthenTec, Inc. 2011-2012
* Copyright (c) PeerSec Networks, 2002-2011
* All Rights Reserved
*
* The latest version of this code is available at http://www.matrixssl .org * The latest version of this code is available at http://www.matrixssl .org
* *
* This software is open source; you can redistribute it and/or modify * This software is open source; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version. * (at your option) any later version.
* *
* This General Public License does NOT permit incorporating this softw are * This General Public License does NOT permit incorporating this softw are
* into proprietary programs. If you are unable to comply with the GPL , a * into proprietary programs. If you are unable to comply with the GPL , a
* commercial license for this software may be purchased from PeerSec N * commercial license for this software may be purchased from AuthenTec
etworks at
* at http://www.peersec.com * http://www.authentec.com/Products/EmbeddedSecurity/SecurityToolkits.
aspx
* *
* This program is distributed in WITHOUT ANY WARRANTY; without even th e * This program is distributed in WITHOUT ANY WARRANTY; without even th e
* implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURP OSE. * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURP OSE.
* See the GNU General Public License for more details. * See the GNU General Public License for more details.
* *
* You should have received a copy of the GNU General Public License * You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software * along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
* http://www.gnu.org/copyleft/gpl.html * http://www.gnu.org/copyleft/gpl.html
*/ */
skipping to change at line 87 skipping to change at line 90
} psDigestContext_t; } psDigestContext_t;
/************************************************************************** ****/ /************************************************************************** ****/
#ifdef USE_HMAC #ifdef USE_HMAC
/************************************************************************** ****/ /************************************************************************** ****/
typedef struct { typedef struct {
unsigned char pad[64]; unsigned char pad[64];
union { union {
psDigestContext_t md5; psDigestContext_t md5;
psDigestContext_t sha1; psDigestContext_t sha1;
psDigestContext_t sha256;
} u; } u;
} psHmacContext_t; } psHmacContext_t;
#endif /* USE_HMAC */ #endif /* USE_HMAC */
/************************************************************************** ****/ /************************************************************************** ****/
#endif /* _h_PS_DIGEST */ #endif /* _h_PS_DIGEST */
/************************************************************************** ****/ /************************************************************************** ****/
 End of changes. 4 change blocks. 
5 lines changed or deleted 10 lines changed or added


 list.h   list.h 
/* /*
* list.h * list.h
* Release $Name: MATRIXSSL-3-2-1-OPEN $ * Release $Name: MATRIXSSL-3-3-0-OPEN $
*/ */
/* /*
* Copyright (c) PeerSec Networks, 2002-2011. All Rights Reserved. * Copyright (c) AuthenTec, Inc. 2011-2012
* Copyright (c) PeerSec Networks, 2002-2011
* All Rights Reserved
*
* The latest version of this code is available at http://www.matrixssl .org * The latest version of this code is available at http://www.matrixssl .org
* *
* This software is open source; you can redistribute it and/or modify * This software is open source; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version. * (at your option) any later version.
* *
* This General Public License does NOT permit incorporating this softw are * This General Public License does NOT permit incorporating this softw are
* into proprietary programs. If you are unable to comply with the GPL , a * into proprietary programs. If you are unable to comply with the GPL , a
* commercial license for this software may be purchased from PeerSec N * commercial license for this software may be purchased from AuthenTec
etworks at
* at http://www.peersec.com * http://www.authentec.com/Products/EmbeddedSecurity/SecurityToolkits.
aspx
* *
* This program is distributed in WITHOUT ANY WARRANTY; without even th e * This program is distributed in WITHOUT ANY WARRANTY; without even th e
* implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURP OSE. * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURP OSE.
* See the GNU General Public License for more details. * See the GNU General Public License for more details.
* *
* You should have received a copy of the GNU General Public License * You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software * along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
* http://www.gnu.org/copyleft/gpl.html * http://www.gnu.org/copyleft/gpl.html
*/ */
 End of changes. 3 change blocks. 
5 lines changed or deleted 9 lines changed or added


 matrixsslApi.h   matrixsslApi.h 
/* /*
* matrixsslApi.h * matrixsslApi.h
* Release $Name: MATRIXSSL-3-2-1-OPEN $ * Release $Name: MATRIXSSL-3-3-0-OPEN $
* *
* Public header file for MatrixSSL * Public header file for MatrixSSL
* Implementations interacting with the matrixssl library should * Implementations interacting with the matrixssl library should
* only use the APIs and definitions used in this file. * only use the APIs and definitions used in this file.
*/ */
/* /*
* Copyright (c) PeerSec Networks, 2002-2011. All Rights Reserved. * Copyright (c) AuthenTec, Inc. 2011-2012
* Copyright (c) PeerSec Networks, 2002-2011
* All Rights Reserved
*
* The latest version of this code is available at http://www.matrixssl .org * The latest version of this code is available at http://www.matrixssl .org
* *
* This software is open source; you can redistribute it and/or modify * This software is open source; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version. * (at your option) any later version.
* *
* This General Public License does NOT permit incorporating this softw are * This General Public License does NOT permit incorporating this softw are
* into proprietary programs. If you are unable to comply with the GPL , a * into proprietary programs. If you are unable to comply with the GPL , a
* commercial license for this software may be purchased from PeerSec N * commercial license for this software may be purchased from AuthenTec
etworks at
* at http://www.peersec.com * http://www.authentec.com/Products/EmbeddedSecurity/SecurityToolkits.
aspx
* *
* This program is distributed in WITHOUT ANY WARRANTY; without even th e * This program is distributed in WITHOUT ANY WARRANTY; without even th e
* implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURP OSE. * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURP OSE.
* See the GNU General Public License for more details. * See the GNU General Public License for more details.
* *
* You should have received a copy of the GNU General Public License * You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software * along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
* http://www.gnu.org/copyleft/gpl.html * http://www.gnu.org/copyleft/gpl.html
*/ */
skipping to change at line 63 skipping to change at line 66
#define MATRIXSSL_ERROR PS_PROTOCOL_FAIL /* Generic SSL error */ #define MATRIXSSL_ERROR PS_PROTOCOL_FAIL /* Generic SSL error */
#define MATRIXSSL_REQUEST_SEND 1 /* API produced data to be s ent */ #define MATRIXSSL_REQUEST_SEND 1 /* API produced data to be s ent */
#define MATRIXSSL_REQUEST_RECV 2 /* API requres more data to continue */ #define MATRIXSSL_REQUEST_RECV 2 /* API requres more data to continue */
#define MATRIXSSL_REQUEST_CLOSE 3 /* API indicates cle an close is req'd */ #define MATRIXSSL_REQUEST_CLOSE 3 /* API indicates cle an close is req'd */
#define MATRIXSSL_APP_DATA 4 /* App data is avail . to caller */ #define MATRIXSSL_APP_DATA 4 /* App data is avail . to caller */
#define MATRIXSSL_HANDSHAKE_COMPLETE 5 /* Handshake completed */ #define MATRIXSSL_HANDSHAKE_COMPLETE 5 /* Handshake completed */
#define MATRIXSSL_RECEIVED_ALERT 6 /* An alert was received */ #define MATRIXSSL_RECEIVED_ALERT 6 /* An alert was received */
/************************************************************************** ****/ /************************************************************************** ****/
/* /*
* Public API set * Library init and close
*/ */
PSPUBLIC int32 matrixSslOpen(void); PSPUBLIC int32 matrixSslOpen(void);
PSPUBLIC void matrixSslClose(void); PSPUBLIC void matrixSslClose(void);
/**************************************************************************
****/
/*
* Certificate and key material loading
*/
PSPUBLIC int32 matrixSslNewKeys(sslKeys_t **keys); PSPUBLIC int32 matrixSslNewKeys(sslKeys_t **keys);
PSPUBLIC void matrixSslDeleteKeys(sslKeys_t *keys); PSPUBLIC void matrixSslDeleteKeys(sslKeys_t *keys);
PSPUBLIC void matrixSslDeleteSession(ssl_t *ssl);
PSPUBLIC int32 matrixSslGetReadbuf(ssl_t *ssl, unsigned char **buf);
PSPUBLIC int32 matrixSslGetOutdata(ssl_t *ssl, unsigned char **buf);
PSPUBLIC int32 matrixSslGetWritebuf(ssl_t *ssl, unsigned char **buf,
uint32 reqLen);
PSPUBLIC int32 matrixSslEncodeWritebuf(ssl_t *ssl, uint32 len);
PSPUBLIC int32 matrixSslEncodeToOutdata(ssl_t *ssl, unsigned char *buf,
uint32 len);
PSPUBLIC int32 matrixSslSentData(ssl_t *ssl, uint32 bytes);
PSPUBLIC int32 matrixSslReceivedData(ssl_t *ssl, uint32 bytes,
unsigned char **ptbuf, uint32 *ptlen);
PSPUBLIC int32 matrixSslProcessedData(ssl_t *ssl,
unsigned char **ptbuf, uint32 *ptlen);
PSPUBLIC int32 matrixSslEncodeClosureAlert(ssl_t *ssl);
PSPUBLIC int32 matrixSslLoadRsaKeys(sslKeys_t *keys, const char *certFile, PSPUBLIC int32 matrixSslLoadRsaKeys(sslKeys_t *keys, const char *certFile,
const char *privFile, const char *privPass, const char *privFile, const char *privPass,
const char *trustedCAFile); const char *trustedCAFile);
PSPUBLIC int32 matrixSslLoadRsaKeysMem(sslKeys_t *keys, PSPUBLIC int32 matrixSslLoadRsaKeysMem(sslKeys_t *keys,
unsigned char *certBuf, int3 2 certLen, unsigned char *certBuf, int3 2 certLen,
unsigned char *privBuf, int3 2 privLen, unsigned char *privBuf, int3 2 privLen,
unsigned char *trustedCABuf, int32 trustedCALen); unsigned char *trustedCABuf, int32 trustedCALen);
PSPUBLIC int32 matrixSslLoadPkcs12(sslKeys_t *keys, unsigned char *p12File,
unsigned char *importPass, i
nt32 ipasslen,
unsigned char *macPass, int3
2 mpasslen, int32 flags);
/**************************************************************************
****/
/*
* Essential public APIs
*/
PSPUBLIC int32 matrixSslGetReadbuf(ssl_t *ssl, unsigned char **buf);
PSPUBLIC int32 matrixSslGetOutdata(ssl_t *ssl, unsigned char **buf);
PSPUBLIC int32 matrixSslGetWritebuf(ssl_t *ssl, unsigned char **buf,
uint32 reqLen);
PSPUBLIC int32 matrixSslEncodeWritebuf(ssl_t *ssl, uint32 len);
PSPUBLIC int32 matrixSslEncodeToOutdata(ssl_t *ssl, unsigned char *buf,
uint32 len);
PSPUBLIC int32 matrixSslSentData(ssl_t *ssl, uint32 bytes);
PSPUBLIC int32 matrixSslReceivedData(ssl_t *ssl, uint32 bytes,
unsigned char **ptbuf, uint32 *ptlen
);
PSPUBLIC int32 matrixSslProcessedData(ssl_t *ssl,
unsigned char **ptbuf, uint32 *ptlen
);
PSPUBLIC int32 matrixSslEncodeClosureAlert(ssl_t *ssl);
PSPUBLIC void matrixSslDeleteSession(ssl_t *ssl);
/************************************************************************** ****/ /************************************************************************** ****/
/* /*
Advanced feature public APIS Advanced feature public APIS
*/ */
PSPUBLIC void matrixSslGetAnonStatus(ssl_t *ssl, int32 *anonArg); PSPUBLIC void matrixSslGetAnonStatus(ssl_t *ssl, int32 *anonArg);
PSPUBLIC int32 matrixSslEncodeRehandshake(ssl_t *ssl, sslKeys_t *keys, PSPUBLIC int32 matrixSslEncodeRehandshake(ssl_t *ssl, sslKeys_t *keys,
int32 (*certCb)(ssl_t *ssl, psX509Ce rt_t *cert,int32 alert), int32 (*certCb)(ssl_t *ssl, psX509Ce rt_t *cert,int32 alert),
uint32 sessionOption, uint32 cipherS pec); uint32 sessionOption, uint32 cipherS pec);
#ifdef USE_CLIENT_SIDE_SSL #ifdef USE_CLIENT_SIDE_SSL
/************************************************************************** ****/ /************************************************************************** ****/
/* /*
Client side APIs Client side APIs
*/ */
#define matrixSslInitSessionId(SID) SID.cipherId = SSL_NULL_WITH_NUL L_NULL #define matrixSslInitSessionId(SID) SID.cipherId = SSL_NULL_WITH_NUL L_NULL
PSPUBLIC int32 matrixSslNewClientSession(ssl_t **ssl, sslKeys_t *keys, PSPUBLIC int32 matrixSslNewClientSession(ssl_t **ssl, sslKeys_t *keys,
sslSessionId_t *sid, uint32 cipherSpec, sslSessionId_t *sid, uint32 cipherSp
int32 (*certCb)(ssl_t *ssl, psX509Cert_t *cert, int3 ec,
2 alert), int32 (*certCb)(ssl_t *ssl, psX509Ce
tlsExtension_t *extensions, int32 (*extCb)(ssl_t rt_t *cert,int32 alert),
*ssl, tlsExtension_t *extensions, int3
unsigned short extType, unsigned short extLen, void 2 (*extCb)(ssl_t *ssl,
*e)); unsigned short extType, unsigned sho
rt extLen, void *e));
/* Hello extension support. RFC 3546 */ /* Hello extension support. RFC 3546 */
PSPUBLIC int32 matrixSslNewHelloExtension(tlsExtension_t **extension); PSPUBLIC int32 matrixSslNewHelloExtension(tlsExtension_t **extension);
PSPUBLIC int32 matrixSslLoadHelloExtension(tlsExtension_t *extension, PSPUBLIC int32 matrixSslLoadHelloExtension(tlsExtension_t *extension,
unsigned char *extData, uint32 leng th, uint32 extType); unsigned char *extData, uint32 leng th, uint32 extType);
PSPUBLIC void matrixSslDeleteHelloExtension(tlsExtension_t *extension); PSPUBLIC void matrixSslDeleteHelloExtension(tlsExtension_t *extension);
#endif /* USE_CLIENT_SIDE_SSL */ #endif /* USE_CLIENT_SIDE_SSL */
/************************************************************************** ****/ /************************************************************************** ****/
#ifdef USE_SERVER_SIDE_SSL #ifdef USE_SERVER_SIDE_SSL
/************************************************************************** ****/ /************************************************************************** ****/
 End of changes. 9 change blocks. 
32 lines changed or deleted 52 lines changed or added


 matrixsslConfig.h   matrixsslConfig.h 
/* /*
* matrixsslConfig.h * matrixsslConfig.h
* Release $Name: MATRIXSSL-3-2-1-OPEN $ * Release $Name: MATRIXSSL-3-3-0-OPEN $
* *
* Configuration settings for building the MatrixSSL library. * Configuration settings for building the MatrixSSL library.
*/ */
/* /*
* Copyright (c) PeerSec Networks, 2002-2011. All Rights Reserved. * Copyright (c) AuthenTec, Inc. 2011-2012
* Copyright (c) PeerSec Networks, 2002-2011
* All Rights Reserved
*
* The latest version of this code is available at http://www.matrixssl .org * The latest version of this code is available at http://www.matrixssl .org
* *
* This software is open source; you can redistribute it and/or modify * This software is open source; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version. * (at your option) any later version.
* *
* This General Public License does NOT permit incorporating this softw are * This General Public License does NOT permit incorporating this softw are
* into proprietary programs. If you are unable to comply with the GPL , a * into proprietary programs. If you are unable to comply with the GPL , a
* commercial license for this software may be purchased from PeerSec N * commercial license for this software may be purchased from AuthenTec
etworks at
* at http://www.peersec.com * http://www.authentec.com/Products/EmbeddedSecurity/SecurityToolkits.
aspx
* *
* This program is distributed in WITHOUT ANY WARRANTY; without even th e * This program is distributed in WITHOUT ANY WARRANTY; without even th e
* implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURP OSE. * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURP OSE.
* See the GNU General Public License for more details. * See the GNU General Public License for more details.
* *
* You should have received a copy of the GNU General Public License * You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software * along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
* http://www.gnu.org/copyleft/gpl.html * http://www.gnu.org/copyleft/gpl.html
*/ */
skipping to change at line 65 skipping to change at line 68
These cipher suites do not combine authentication and encryption and These cipher suites do not combine authentication and encryption and
are not recommended for use-cases that require strong security are not recommended for use-cases that require strong security
*/ */
/* #define USE_SSL_RSA_WITH_NULL_SHA */ /* #define USE_SSL_RSA_WITH_NULL_SHA */
/* #define USE_SSL_RSA_WITH_NULL_MD5 */ /* #define USE_SSL_RSA_WITH_NULL_MD5 */
/************************************************************************** ****/ /************************************************************************** ****/
/* /*
Support for TLS protocols. Support for TLS protocols.
- SSLv3 is always on unless disabled - SSLv3 is always on unless disabled below
- TLS versions must 'stack' (can't support 1.1 without 1.0) - TLS versions must 'stack'
- must enable TLS if enabling TLS 1.1
- must enable TLS 1.1 if enabling TLS 1.2
*/ */
#define USE_TLS /* TLS 1.0 aka SSL 3.1 */ #define USE_TLS /* TLS 1.0 aka SSL 3.1 */
#define USE_TLS_1_1 #define USE_TLS_1_1
/* #define DISABLE_SSLV3 */ /* Disable SSL 3.0 */ /* #define DISABLE_SSLV3 */ /* Disable SSL 3.0 */
/************************************************************************** ****/ /************************************************************************** ****/
/* /*
Compile time support for server or client side SSL Compile time support for server or client side SSL
*/ */
skipping to change at line 171 skipping to change at line 176
MatrixSSL. Sending app data with a client finished message from Matr ixSSL MatrixSSL. Sending app data with a client finished message from Matr ixSSL
is still NOT SUPPORTED for the security reasons above. is still NOT SUPPORTED for the security reasons above.
For more information: For more information:
http://tools.ietf.org/html/draft-bmoeller-tls-falsestart-00 http://tools.ietf.org/html/draft-bmoeller-tls-falsestart-00
*/ */
#define ENABLE_FALSE_START #define ENABLE_FALSE_START
/************************************************************************** ****/ /************************************************************************** ****/
/* /*
In Sept. 2011 security researchers demonstrated how a previously known
CBC encryption weakness could be used to decrypt HTTP data over SSL.
The attack was named BEAST (Browser Exploit Against SSL/TLS).
This issue only effects TLS 1.0 (and SSL) and only if the cipher sui
te
is using a symmetric CBC block cipher. Enable USE_TLS_1_1 above to
completely negate this workaround if TLS 1.1 is also supported by pe
ers.
As with previous SSL vulnerabilities, the attack is generally considere
d
a very low risk for individual browsers as it requires the attacker
to have control over the network to become a MITM. They will also have
to have knowledge of the first couple blocks of underlying plaintext
in order to mount the attack.
A zero length record proceeding a data record has been a known fix to t
his
problem for years and MatrixSSL has always supported the handling of em
pty
records. So alternatively, an implementation could always encode a zero
length record before each record encode. Some old SSL implementation
s do
not handle decoding zero length records, however.
This BEAST fix is on the client side and moves the implementation down
to
the SSL library level so users do not need to manually send zero length
records. This fix uses the same IV obfuscation logic as a zero length
record by breaking up each application data record in two. Because some
implementations don't handle zero-length records, the the first reco
rd
is the first byte of the plaintext message, and the second record
contains the remainder of the message.
This fix is based on the workaround implemented in Google Chrome:
http://src.chromium.org/viewvc/chrome?view=rev&revision=97269
This workaround adds approximagely 53 bytes to the encoded length of
each
SSL record that is encoded, due to the additional header, padding an
d MAC
of the second record.
*/
#define USE_BEAST_WORKAROUND
/**************************************************************************
****/
/*
Enable certificate chain message "stream" parsing. This allows sing le Enable certificate chain message "stream" parsing. This allows sing le
certificates to be parsed on-the-fly without having to wait for the entire certificates to be parsed on-the-fly without having to wait for the entire
certificate chain to be recieved in the buffer. This is a memory sa ving certificate chain to be recieved in the buffer. This is a memory sa ving
feature for the application buffer but will add a small amount of co de feature for the application buffer but will add a small amount of co de
size for the parsing and structure overhead. size for the parsing and structure overhead.
This feature will only save memory if the CERTIFICATE message is the This feature will only save memory if the CERTIFICATE message is the
only message in the record, and multiple certs are present in the ch ain. only message in the record, and multiple certs are present in the ch ain.
*/ */
/* #define USE_CERT_CHAIN_PARSING */ /* #define USE_CERT_CHAIN_PARSING */
 End of changes. 5 change blocks. 
7 lines changed or deleted 63 lines changed or added


 matrixssllib.h   matrixssllib.h 
/* /*
* matrixssllib.h * matrixssllib.h
* Release $Name: MATRIXSSL-3-2-1-OPEN $ * Release $Name: MATRIXSSL-3-3-0-OPEN $
* *
* Internal header file used for the MatrixSSL implementation. * Internal header file used for the MatrixSSL implementation.
* Only modifiers of the library should be intersted in this file * Only modifiers of the library should be intersted in this file
*/ */
/* /*
* Copyright (c) PeerSec Networks, 2002-2011. All Rights Reserved. * Copyright (c) AuthenTec, Inc. 2011-2012
* Copyright (c) PeerSec Networks, 2002-2011
* All Rights Reserved
*
* The latest version of this code is available at http://www.matrixssl .org * The latest version of this code is available at http://www.matrixssl .org
* *
* This software is open source; you can redistribute it and/or modify * This software is open source; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version. * (at your option) any later version.
* *
* This General Public License does NOT permit incorporating this softw are * This General Public License does NOT permit incorporating this softw are
* into proprietary programs. If you are unable to comply with the GPL , a * into proprietary programs. If you are unable to comply with the GPL , a
* commercial license for this software may be purchased from PeerSec N * commercial license for this software may be purchased from AuthenTec
etworks at
* at http://www.peersec.com * http://www.authentec.com/Products/EmbeddedSecurity/SecurityToolkits.
aspx
* *
* This program is distributed in WITHOUT ANY WARRANTY; without even th e * This program is distributed in WITHOUT ANY WARRANTY; without even th e
* implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURP OSE. * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURP OSE.
* See the GNU General Public License for more details. * See the GNU General Public License for more details.
* *
* You should have received a copy of the GNU General Public License * You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software * along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
* http://www.gnu.org/copyleft/gpl.html * http://www.gnu.org/copyleft/gpl.html
*/ */
skipping to change at line 116 skipping to change at line 119
#endif #endif
#define USE_MD5_MAC #define USE_MD5_MAC
#define USE_RSA_CIPHER_SUITE #define USE_RSA_CIPHER_SUITE
#define REQUIRE_RSA_KEYS #define REQUIRE_RSA_KEYS
#endif #endif
#ifdef USE_SSL_RSA_WITH_NULL_SHA #ifdef USE_SSL_RSA_WITH_NULL_SHA
#ifndef USE_RSA #ifndef USE_RSA
#error "Enable USE_RSA in cryptoConfig.h for SSL_RSA_WITH_NULL_SHA s uite" #error "Enable USE_RSA in cryptoConfig.h for SSL_RSA_WITH_NULL_SHA s uite"
#endif #endif
#define USE_SHA1_MAC #define USE_SHA_MAC
#define USE_RSA_CIPHER_SUITE #define USE_RSA_CIPHER_SUITE
#define REQUIRE_RSA_KEYS #define REQUIRE_RSA_KEYS
#endif #endif
#ifdef USE_SSL_RSA_WITH_RC4_128_SHA #ifdef USE_SSL_RSA_WITH_RC4_128_SHA
#ifndef USE_RSA #ifndef USE_RSA
#error "Enable USE_RSA in cryptoConfig.h for SSL_RSA_WITH_RC4_128_SH A suite" #error "Enable USE_RSA in cryptoConfig.h for SSL_RSA_WITH_RC4_128_SH A suite"
#endif #endif
#ifndef USE_ARC4 #ifndef USE_ARC4
#error "Enable USE_ARC4 in cryptoConfig.h for SSL_RSA_WITH_RC4_128_S HA suite" #error "Enable USE_ARC4 in cryptoConfig.h for SSL_RSA_WITH_RC4_128_S HA suite"
#endif #endif
#define USE_SHA1_MAC #define USE_SHA_MAC
#define USE_RSA_CIPHER_SUITE #define USE_RSA_CIPHER_SUITE
#define USE_ARC4_CIPHER_SUITE #define USE_ARC4_CIPHER_SUITE
#define REQUIRE_RSA_KEYS #define REQUIRE_RSA_KEYS
#endif #endif
#ifdef USE_SSL_RSA_WITH_RC4_128_MD5 #ifdef USE_SSL_RSA_WITH_RC4_128_MD5
#ifndef USE_RSA #ifndef USE_RSA
#error "Enable USE_RSA in cryptoConfig.h for SSL_RSA_WITH_RC4_128_MD 5 suite" #error "Enable USE_RSA in cryptoConfig.h for SSL_RSA_WITH_RC4_128_MD 5 suite"
#endif #endif
#ifndef USE_ARC4 #ifndef USE_ARC4
skipping to change at line 154 skipping to change at line 157
#define REQUIRE_RSA_KEYS #define REQUIRE_RSA_KEYS
#endif #endif
#ifdef USE_SSL_RSA_WITH_3DES_EDE_CBC_SHA #ifdef USE_SSL_RSA_WITH_3DES_EDE_CBC_SHA
#ifndef USE_RSA #ifndef USE_RSA
#error "Enable USE_RSA in cryptoConfig.h for SSL_RSA_WITH_3DES_EDE_C BC_SHA" #error "Enable USE_RSA in cryptoConfig.h for SSL_RSA_WITH_3DES_EDE_C BC_SHA"
#endif #endif
#ifndef USE_3DES #ifndef USE_3DES
#error "Enable USE_3DES in cryptoConfig.h for SSL_RSA_WITH_3DES_EDE_ CBC_SHA" #error "Enable USE_3DES in cryptoConfig.h for SSL_RSA_WITH_3DES_EDE_ CBC_SHA"
#endif #endif
#define USE_SHA1_MAC #define USE_SHA_MAC
#define USE_RSA_CIPHER_SUITE #define USE_RSA_CIPHER_SUITE
#define USE_3DES_CIPHER_SUITE #define USE_3DES_CIPHER_SUITE
#define REQUIRE_RSA_KEYS #define REQUIRE_RSA_KEYS
#endif #endif
#ifdef USE_TLS_RSA_WITH_AES_128_CBC_SHA #ifdef USE_TLS_RSA_WITH_AES_128_CBC_SHA
#ifndef USE_RSA #ifndef USE_RSA
#error "Enable USE_RSA in cryptoConfig.h for TLS_RSA_WITH_AES_128_CB
C_SHA"
#endif
#ifndef USE_AES
#error "Enable USE_AES in cryptoConfig.h for TLS_RSA_WITH_AES_128_CB
C_SHA"
#endif
#define USE_SHA_MAC
#define USE_AES_CIPHER_SUITE
#define USE_RSA_CIPHER_SUITE
#define REQUIRE_RSA_KEYS
#endif
#ifdef USE_TLS_RSA_WITH_AES_256_CBC_SHA
#ifndef USE_RSA
#error "Enable USE_RSA in cryptoConfig.h for TLS_RSA_WITH_AES_256_CB C_SHA" #error "Enable USE_RSA in cryptoConfig.h for TLS_RSA_WITH_AES_256_CB C_SHA"
#endif #endif
#ifndef USE_AES #ifndef USE_AES
#error "Enable USE_AES in cryptoConfig.h for TLS_RSA_WITH_AES_256_CB C_SHA" #error "Enable USE_AES in cryptoConfig.h for TLS_RSA_WITH_AES_256_CB C_SHA"
#endif #endif
#define USE_SHA1_MAC #define USE_SHA_MAC
#define USE_AES_CIPHER_SUITE #define USE_AES_CIPHER_SUITE
#define USE_RSA_CIPHER_SUITE #define USE_RSA_CIPHER_SUITE
#define REQUIRE_RSA_KEYS #define REQUIRE_RSA_KEYS
#endif #endif
/************************************************************************** ****/ /************************************************************************** ****/
/************************************************************************** ****/ /************************************************************************** ****/
/************************************************************************** ****/ /************************************************************************** ****/
/* /*
skipping to change at line 201 skipping to change at line 217
/* /*
Maximum SSL record size, per specification Maximum SSL record size, per specification
*/ */
#define SSL_MAX_PLAINTEXT_LEN 0x4000 /* 16KB */ #define SSL_MAX_PLAINTEXT_LEN 0x4000 /* 16KB */
#define SSL_MAX_RECORD_LEN SSL_MAX_PLAINTEXT_LEN + 2048 #define SSL_MAX_RECORD_LEN SSL_MAX_PLAINTEXT_LEN + 2048
#define SSL_MAX_BUF_SIZE SSL_MAX_RECORD_LEN + 0x5 #define SSL_MAX_BUF_SIZE SSL_MAX_RECORD_LEN + 0x5
#define SSL_MAX_DISABLED_CIPHERS 8 #define SSL_MAX_DISABLED_CIPHERS 8
/* /*
Maximum buffer sizes for static SSL array types Maximum buffer sizes for static SSL array types
*/ */
#define SSL_MAX_MAC_SIZE 20 #define SSL_MAX_MAC_SIZE 32
#define SSL_MAX_IV_SIZE 16 #define SSL_MAX_IV_SIZE 16
#define SSL_MAX_BLOCK_SIZE 16 #define SSL_MAX_BLOCK_SIZE 16
#define SSL_MAX_SYM_KEY_SIZE 32 #define SSL_MAX_SYM_KEY_SIZE 32
/* /*
Negative return codes must be between -50 and -69 in the MatrixSSL m odule Negative return codes must be between -50 and -69 in the MatrixSSL m odule
*/ */
#define SSL_FULL -50 /* must call sslRead before decoding * / #define SSL_FULL -50 /* must call sslRead before decoding * /
#define SSL_PARTIAL -51 /* more data reqired to parse full msg */ #define SSL_PARTIAL -51 /* more data reqired to parse full msg */
#define SSL_SEND_RESPONSE -52 /* decode produced output data */ #define SSL_SEND_RESPONSE -52 /* decode produced output data */
skipping to change at line 282 skipping to change at line 298
#define SSL_FLAGS_WRITE_SECURE 0x000004 #define SSL_FLAGS_WRITE_SECURE 0x000004
#define SSL_FLAGS_RESUMED 0x000008 #define SSL_FLAGS_RESUMED 0x000008
#define SSL_FLAGS_CLOSED 0x000010 #define SSL_FLAGS_CLOSED 0x000010
#define SSL_FLAGS_NEED_ENCODE 0x000020 #define SSL_FLAGS_NEED_ENCODE 0x000020
#define SSL_FLAGS_ERROR 0x000040 #define SSL_FLAGS_ERROR 0x000040
#define SSL_FLAGS_TLS 0x000080 #define SSL_FLAGS_TLS 0x000080
#define SSL_FLAGS_CLIENT_AUTH 0x000100 #define SSL_FLAGS_CLIENT_AUTH 0x000100
#define SSL_FLAGS_ANON_CIPHER 0x000200 #define SSL_FLAGS_ANON_CIPHER 0x000200
#define SSL_FLAGS_FALSE_START 0x000400 #define SSL_FLAGS_FALSE_START 0x000400
#define SSL_FLAGS_TLS_1_1 0x000800 #define SSL_FLAGS_TLS_1_1 0x000800
#define SSL_FLAGS_TLS_1_2 0x400000
/* /*
Buffer flags (ssl->bFlags) Buffer flags (ssl->bFlags)
*/ */
#define BFLAG_CLOSE_AFTER_SENT 0x01 #define BFLAG_CLOSE_AFTER_SENT 0x01
#define BFLAG_HS_COMPLETE 0x02 #define BFLAG_HS_COMPLETE 0x02
#define BFLAG_STOP_BEAST 0x04
/*
Number of bytes server must send before creating a re-handshake cred
it
*/
#define DEFAULT_RH_CREDITS 1 /* Allow for one rehandshake by de
fault */
#define BYTES_BEFORE_RH_CREDIT 20 * 1024 * 1024
/* /*
Cipher types Cipher types
*/ */
#define CS_NULL 0 #define CS_NULL 0
#define CS_RSA 1 #define CS_RSA 1
/* /*
These are defines rather than enums because we want to store them as char, These are defines rather than enums because we want to store them as char,
not int32 (enum size) not int32 (enum size)
skipping to change at line 335 skipping to change at line 359
*/ */
#define SSL_ALERT_NONE 255 /* No error */ #define SSL_ALERT_NONE 255 /* No error */
#define SSL_HS_RANDOM_SIZE 32 #define SSL_HS_RANDOM_SIZE 32
#define SSL_HS_RSA_PREMASTER_SIZE 48 #define SSL_HS_RSA_PREMASTER_SIZE 48
#define SSL2_MAJ_VER 2 #define SSL2_MAJ_VER 2
#define SSL3_MAJ_VER 3 #define SSL3_MAJ_VER 3
#define SSL3_MIN_VER 0 #define SSL3_MIN_VER 0
#define TLS_MIN_VER 1 #define TLS_MIN_VER 1
#define TLS_1_1_MIN_VER 2
#define TLS_1_2_MIN_VER 3
#ifdef USE_TLS #ifdef USE_TLS
#define TLS_1_1_MIN_VER 2
#define TLS_HS_FINISHED_SIZE 12 #define TLS_HS_FINISHED_SIZE 12
#define TLS_MAJ_VER 3 #define TLS_MAJ_VER 3
#endif /* USE_TLS */ #endif /* USE_TLS */
/* /*
SSL cipher suite specification IDs SSL cipher suite specification IDs
*/ */
#define SSL_NULL_WITH_NULL_NULL 0x0000 #define SSL_NULL_WITH_NULL_NULL 0x0000
#define SSL_RSA_WITH_NULL_MD5 0x0001 #define SSL_RSA_WITH_NULL_MD5 0x0001
#define SSL_RSA_WITH_NULL_SHA 0x0002 #define SSL_RSA_WITH_NULL_SHA 0x0002
#define SSL_RSA_WITH_RC4_128_MD5 0x0004 #define SSL_RSA_WITH_RC4_128_MD5 0x0004
#define SSL_RSA_WITH_RC4_128_SHA 0x0005 #define SSL_RSA_WITH_RC4_128_SHA 0x0005
#define SSL_RSA_WITH_3DES_EDE_CBC_SHA 0x000A /* 10 */ #define SSL_RSA_WITH_3DES_EDE_CBC_SHA 0x000A /* 10 */
#define TLS_RSA_WITH_AES_128_CBC_SHA 0x002F /* 47 */ #define TLS_RSA_WITH_AES_128_CBC_SHA 0x002F /* 47 */
#define TLS_RSA_WITH_AES_256_CBC_SHA 0x0035 /* 53 */
#define TLS_EMPTY_RENEGOTIATION_INFO_SCSV 0x00FF #define TLS_EMPTY_RENEGOTIATION_INFO_SCSV 0x00FF
/* /*
Supported HELLO extensions Supported HELLO extensions
*/ */
#define EXT_RENEGOTIATION_INFO 0xFF01 #define EXT_RENEGOTIATION_INFO 0xFF01
#define EXT_SIGNATURE_ALGORITHMS 0x00D
/* /*
Maximum key block size for any defined cipher Maximum key block size for any defined cipher
This must be validated if new ciphers are added This must be validated if new ciphers are added
Value is largest total among all cipher suites for Value is largest total among all cipher suites for
2*macSize + 2*keySize + 2*ivSize 2*macSize + 2*keySize + 2*ivSize
*/ */
#define SSL_MAX_KEY_BLOCK_SIZE 2*20 + 2*32 + 2*16 + SHA1_HA SH_SIZE #define SSL_MAX_KEY_BLOCK_SIZE 2*32 + 2*32 + 2*16 + SHA1_HA SH_SIZE
/* /*
Master secret is 48 bytes, sessionId is 32 bytes max Master secret is 48 bytes, sessionId is 32 bytes max
*/ */
#define SSL_HS_MASTER_SIZE 48 #define SSL_HS_MASTER_SIZE 48
#define SSL_MAX_SESSION_ID_SIZE 32 #define SSL_MAX_SESSION_ID_SIZE 32
#ifndef USE_SSL_HANDSHAKE_MSG_TRACE #ifndef USE_SSL_HANDSHAKE_MSG_TRACE
#define psTraceHs(x) #define psTraceHs(x)
#define psTraceStrHs(x, y) #define psTraceStrHs(x, y)
skipping to change at line 389 skipping to change at line 416
#endif /* USE_SSL_HANDSHAKE_MSG_TRACE */ #endif /* USE_SSL_HANDSHAKE_MSG_TRACE */
#ifndef USE_SSL_INFORMATIONAL_TRACE #ifndef USE_SSL_INFORMATIONAL_TRACE
#define psTraceInfo(x) #define psTraceInfo(x)
#define psTraceStrInfo(x, y) #define psTraceStrInfo(x, y)
#define psTraceIntInfo(x, y) #define psTraceIntInfo(x, y)
#else #else
#define psTraceInfo(x) _psTrace(x) #define psTraceInfo(x) _psTrace(x)
#define psTraceStrInfo(x, y) _psTraceStr(x, y) #define psTraceStrInfo(x, y) _psTraceStr(x, y)
#define psTraceIntInfo(x, y) _psTraceInt(x, y) #define psTraceIntInfo(x, y) _psTraceInt(x, y)
#endif /* USE_SSL_INFORMATIONA_TRACE */ #endif /* USE_SSL_INFORMATIONAL_TRACE */
/************************************************************************** ****/ /************************************************************************** ****/
typedef psBuf_t sslBuf_t; typedef psBuf_t sslBuf_t;
/************************************************************************** ****/ /************************************************************************** ****/
/************************************************************************** ****/ /************************************************************************** ****/
/* /*
SSL certificate public-key structure SSL certificate public-key structure
skipping to change at line 596 skipping to change at line 623
unsigned char majVer; unsigned char majVer;
unsigned char minVer; unsigned char minVer;
#ifdef ENABLE_SECURE_REHANDSHAKES #ifdef ENABLE_SECURE_REHANDSHAKES
unsigned char myVerifyData[MD5_HASH_SIZE + SHA1_HASH_SIZE]; /*SSLv 3 max*/ unsigned char myVerifyData[MD5_HASH_SIZE + SHA1_HASH_SIZE]; /*SSLv 3 max*/
unsigned char peerVerifyData[MD5_HASH_SIZE + SHA1_HASH_SIZE]; unsigned char peerVerifyData[MD5_HASH_SIZE + SHA1_HASH_SIZE];
uint32 myVerifyDataLen; uint32 myVerifyDataLen;
uint32 peerVerifyDataLen; uint32 peerVerifyDataLen;
int32 secureRenegotiationFlag; int32 secureRenegotiationFlag;
#endif /* ENABLE_SECURE_REHANDSHAKES */ #endif /* ENABLE_SECURE_REHANDSHAKES */
#ifdef SSL_REHANDSHAKES_ENABLED
int32 rehandshakeCount; /* Make this an internal d
efine of 1 */
int32 rehandshakeBytes; /* Make this an internal d
efine of 10MB */
#endif /* SSL_REHANDSHAKES_ENABLED */
int32 (*extCb)(void *ssl, unsigned short extType, int32 (*extCb)(void *ssl, unsigned short extType,
unsigned short extLen, void *e); unsigned short extLen, void *e);
int32 recordHeadLen; int32 recordHeadLen;
int32 hshakeHeadLen; int32 hshakeHeadLen;
} ssl_t; } ssl_t;
/************************************************************************** ****/ /************************************************************************** ****/
/* /*
Former public APIS in 1.x and 2.x. Now deprecated in 3.x Former public APIS in 1.x and 2.x. Now deprecated in 3.x
These functions are still heavily used internally, just no longer pu blically These functions are still heavily used internally, just no longer pu blically
skipping to change at line 639 skipping to change at line 670
extern int32 matrixSslEncodeClientHello(ssl_t *ssl, sslBuf_t *out, extern int32 matrixSslEncodeClientHello(ssl_t *ssl, sslBuf_t *out,
uint32 cipherSpec, uint32 *requiredL en, uint32 cipherSpec, uint32 *requiredL en,
tlsExtension_t *userExt); tlsExtension_t *userExt);
#ifdef USE_CLIENT_SIDE_SSL #ifdef USE_CLIENT_SIDE_SSL
extern int32 matrixSslGetSessionId(ssl_t *ssl, sslSessionId_t *sessionId) ; extern int32 matrixSslGetSessionId(ssl_t *ssl, sslSessionId_t *sessionId) ;
#endif /* USE_CLIENT_SIDE_SSL */ #endif /* USE_CLIENT_SIDE_SSL */
extern int32 matrixSslGetPrngData(unsigned char *bytes, uint32 size); extern int32 matrixSslGetPrngData(unsigned char *bytes, uint32 size);
#ifdef USE_SSL_INFORMATIONAL_TRACE
extern void matrixSslPrintHSDetails(ssl_t *ssl);
#endif /* USE_SSL_INFORMATIONAL_TRACE */
#ifdef SSL_REHANDSHAKES_ENABLED
PSPUBLIC void matrixSslAddRehandshakeCredits(ssl_t *ssl, int32 credits);
#endif
/************************************************************************** ****/ /************************************************************************** ****/
/* /*
MatrixSSL internal cert functions MatrixSSL internal cert functions
*/ */
typedef int32 (*sslCertCb_t)(void *, psX509Cert_t *, int32); typedef int32 (*sslCertCb_t)(void *, psX509Cert_t *, int32);
extern int32 matrixValidateCerts(psPool_t *pool, psX509Cert_t *subjectCerts , extern int32 matrixValidateCerts(psPool_t *pool, psX509Cert_t *subjectCerts ,
psX509Cert_t *issuerCerts); psX509Cert_t *issuerCerts);
extern int32 matrixUserCertValidator(ssl_t *ssl, int32 alert, extern int32 matrixUserCertValidator(ssl_t *ssl, int32 alert,
psX509Cert_t *subjectCert, sslCertCb_t cert Cb); psX509Cert_t *subjectCert, sslCertCb_t cert Cb);
skipping to change at line 702 skipping to change at line 741
/************************************************************************** ****/ /************************************************************************** ****/
/* /*
sslv3.c sslv3.c
*/ */
extern int32 sslGenerateFinishedHash(psDigestContext_t *md5, extern int32 sslGenerateFinishedHash(psDigestContext_t *md5,
psDigestContext_t *sha1, unsigned char *mast erSecret, psDigestContext_t *sha1, unsigned char *mast erSecret,
unsigned char *out, int32 sender); unsigned char *out, int32 sender);
extern int32 sslDeriveKeys(ssl_t *ssl); extern int32 sslDeriveKeys(ssl_t *ssl);
#ifdef USE_SHA1_MAC #ifdef USE_SHA_MAC
extern int32 ssl3HMACSha1(unsigned char *key, unsigned char *seq, extern int32 ssl3HMACSha1(unsigned char *key, unsigned char *seq,
unsigned char type, unsigned char *data, uint32 len, unsigned char type, unsigned char *data, uint32 len,
unsigned char *mac); unsigned char *mac);
#endif /* USE_SHA1_MAC */ #endif /* USE_SHA_MAC */
#ifdef USE_MD5_MAC #ifdef USE_MD5_MAC
extern int32 ssl3HMACMd5(unsigned char *key, unsigned char *seq, extern int32 ssl3HMACMd5(unsigned char *key, unsigned char *seq,
unsigned char type, unsigned char *data, uint32 len, unsigned char type, unsigned char *data, uint32 len,
unsigned char *mac); unsigned char *mac);
#endif /* USE_MD5_MAC */ #endif /* USE_MD5_MAC */
#endif /* DISABLE_SSLV3 */ #endif /* DISABLE_SSLV3 */
#ifdef USE_TLS #ifdef USE_TLS
/************************************************************************** ****/ /************************************************************************** ****/
/* /*
tls.c tls.c
*/ */
extern int32 tlsDeriveKeys(ssl_t *ssl); extern int32 tlsDeriveKeys(ssl_t *ssl);
extern int32 tlsGenerateFinishedHash(psDigestContext_t *md5, extern int32 tlsGenerateFinishedHash(ssl_t *ssl, psDigestContext_t *md5,
psDigestContext_t *sha1, unsigned char *mast psDigestContext_t *sha1, psDigestContext_t *
erSecret, sha256,
unsigned char *out, int32 sender); unsigned char *masterSecret, unsigned char *
out, int32 sender);
extern int32 tlsHMACSha1(ssl_t *ssl, int32 mode, unsigned char type, extern int32 tlsHMACSha1(ssl_t *ssl, int32 mode, unsigned char type,
unsigned char *data, uint32 len, unsigned char *mac); unsigned char *data, uint32 len, unsigned char *mac);
extern int32 tlsHMACMd5(ssl_t *ssl, int32 mode, unsigned char type, extern int32 tlsHMACMd5(ssl_t *ssl, int32 mode, unsigned char type,
unsigned char *data, uint32 len, unsigned char *mac); unsigned char *data, uint32 len, unsigned char *mac);
#endif /* USE_TLS */ #endif /* USE_TLS */
/************************************************************************** ****/ /************************************************************************** ****/
 End of changes. 22 change blocks. 
19 lines changed or deleted 66 lines changed or added


 osdep.h   osdep.h 
/* /*
* osdep.h * osdep.h
* Operating System and Hardware Abstraction Layer * Operating System and Hardware Abstraction Layer
* Release $Name: MATRIXSSL-3-2-1-OPEN $ * Release $Name: MATRIXSSL-3-3-0-OPEN $
*/ */
/* /*
* Copyright (c) PeerSec Networks, 2002-2011. All Rights Reserved. * Copyright (c) AuthenTec, Inc. 2011-2012
* Copyright (c) PeerSec Networks, 2002-2011
* All Rights Reserved
*
* The latest version of this code is available at http://www.matrixssl .org * The latest version of this code is available at http://www.matrixssl .org
* *
* This software is open source; you can redistribute it and/or modify * This software is open source; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version. * (at your option) any later version.
* *
* This General Public License does NOT permit incorporating this softw are * This General Public License does NOT permit incorporating this softw are
* into proprietary programs. If you are unable to comply with the GPL , a * into proprietary programs. If you are unable to comply with the GPL , a
* commercial license for this software may be purchased from PeerSec N * commercial license for this software may be purchased from AuthenTec
etworks at
* at http://www.peersec.com * http://www.authentec.com/Products/EmbeddedSecurity/SecurityToolkits.
aspx
* *
* This program is distributed in WITHOUT ANY WARRANTY; without even th e * This program is distributed in WITHOUT ANY WARRANTY; without even th e
* implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURP OSE. * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURP OSE.
* See the GNU General Public License for more details. * See the GNU General Public License for more details.
* *
* You should have received a copy of the GNU General Public License * You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software * along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
* http://www.gnu.org/copyleft/gpl.html * http://www.gnu.org/copyleft/gpl.html
*/ */
skipping to change at line 53 skipping to change at line 56
extern void osdepEntropyClose(void); extern void osdepEntropyClose(void);
#ifdef HALT_ON_PS_ERROR #ifdef HALT_ON_PS_ERROR
extern void osdepBreak(void); extern void osdepBreak(void);
#endif #endif
#ifndef min #ifndef min
#define min(a,b) (((a) < (b)) ? (a) : (b)) #define min(a,b) (((a) < (b)) ? (a) : (b))
#endif /* min */ #endif /* min */
/************************************************************************** ****/ /************************************************************************** ****/
/* /*
If the Makefile specifies that PeerSec MatrixSSL does not currently hav e If the Makefile specifies that MatrixSSL does not currently have
a layer for the given OS, or the port is to "bare metal" hardware, a layer for the given OS, or the port is to "bare metal" hardware,
do basic defines here and include externally provided file "matrixos.h" . do basic defines here and include externally provided file "matrixos.h" .
In addition, if building for such a platform, a C file defining the abo ve In addition, if building for such a platform, a C file defining the abo ve
functions must be linked with the final executable. functions must be linked with the final executable.
*/ */
#ifdef PS_UNSUPPORTED_OS #ifdef PS_UNSUPPORTED_OS
#define PSPUBLIC extern #define PSPUBLIC extern
#include "matrixos.h" #include "matrixos.h"
#else #else
/************************************************************************** ****/ /************************************************************************** ****/
skipping to change at line 199 skipping to change at line 202
_psErrorStr(a,b) _psErrorStr(a,b)
#define psErrorInt(a,b) \ #define psErrorInt(a,b) \
halAlert();_psTraceStr("psError %s", __FILE__);_psTraceInt(":%d ", __LINE_ _); \ halAlert();_psTraceStr("psError %s", __FILE__);_psTraceInt(":%d ", __LINE_ _); \
_psErrorInt(a,b) _psErrorInt(a,b)
/************************************************************************** ****/ /************************************************************************** ****/
/* /*
OS specific file system apis OS specific file system apis
*/ */
#ifdef PS_USE_FILE_SYSTEM #ifdef MATRIX_USE_FILE_SYSTEM
#ifdef POSIX #ifdef POSIX
#include <sys/stat.h> #include <sys/stat.h>
#endif /* POSIX */ #endif /* POSIX */
#endif /* PS_USE_FILE_SYSTEM */ #endif /* MATRIX_USE_FILE_SYSTEM */
#ifdef USE_MULTITHREADING #ifdef USE_MULTITHREADING
/************************************************************************** ****/ /************************************************************************** ****/
/* /*
Defines to make library multithreading safe Defines to make library multithreading safe
*/ */
extern int32 osdepMutexOpen(void); extern int32 osdepMutexOpen(void);
extern int32 osdepMutexClose(void); extern int32 osdepMutexClose(void);
#ifdef WIN32 #ifdef WIN32
 End of changes. 6 change blocks. 
8 lines changed or deleted 12 lines changed or added


 prng.h   prng.h 
/* /*
* prng.h * prng.h
* Release $Name: MATRIXSSL-3-2-1-OPEN $ * Release $Name: MATRIXSSL-3-3-0-OPEN $
*/ */
/* /*
* Copyright (c) PeerSec Networks, 2002-2011. All Rights Reserved. * Copyright (c) AuthenTec, Inc. 2011-2012
* Copyright (c) PeerSec Networks, 2002-2011
* All Rights Reserved
*
* The latest version of this code is available at http://www.matrixssl .org * The latest version of this code is available at http://www.matrixssl .org
* *
* This software is open source; you can redistribute it and/or modify * This software is open source; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version. * (at your option) any later version.
* *
* This General Public License does NOT permit incorporating this softw are * This General Public License does NOT permit incorporating this softw are
* into proprietary programs. If you are unable to comply with the GPL , a * into proprietary programs. If you are unable to comply with the GPL , a
* commercial license for this software may be purchased from PeerSec N * commercial license for this software may be purchased from AuthenTec
etworks at
* at http://www.peersec.com * http://www.authentec.com/Products/EmbeddedSecurity/SecurityToolkits.
aspx
* *
* This program is distributed in WITHOUT ANY WARRANTY; without even th e * This program is distributed in WITHOUT ANY WARRANTY; without even th e
* implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURP OSE. * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURP OSE.
* See the GNU General Public License for more details. * See the GNU General Public License for more details.
* *
* You should have received a copy of the GNU General Public License * You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software * along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
* http://www.gnu.org/copyleft/gpl.html * http://www.gnu.org/copyleft/gpl.html
*/ */
 End of changes. 3 change blocks. 
5 lines changed or deleted 9 lines changed or added


 psmalloc.h   psmalloc.h 
/* /*
* psmalloc.h * psmalloc.h
* Release $Name: MATRIXSSL-3-2-1-OPEN $ * Release $Name: MATRIXSSL-3-3-0-OPEN $
* *
* Header for psMalloc functions * Header for psMalloc functions
*/ */
/* /*
* Copyright (c) PeerSec Networks, 2002-2011. All Rights Reserved. * Copyright (c) AuthenTec, Inc. 2011-2012
* Copyright (c) PeerSec Networks, 2002-2011
* All Rights Reserved
*
* The latest version of this code is available at http://www.matrixssl .org * The latest version of this code is available at http://www.matrixssl .org
* *
* This software is open source; you can redistribute it and/or modify * This software is open source; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version. * (at your option) any later version.
* *
* This General Public License does NOT permit incorporating this softw are * This General Public License does NOT permit incorporating this softw are
* into proprietary programs. If you are unable to comply with the GPL , a * into proprietary programs. If you are unable to comply with the GPL , a
* commercial license for this software may be purchased from PeerSec N * commercial license for this software may be purchased from AuthenTec
etworks at
* at http://www.peersec.com * http://www.authentec.com/Products/EmbeddedSecurity/SecurityToolkits.
aspx
* *
* This program is distributed in WITHOUT ANY WARRANTY; without even th e * This program is distributed in WITHOUT ANY WARRANTY; without even th e
* implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURP OSE. * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURP OSE.
* See the GNU General Public License for more details. * See the GNU General Public License for more details.
* *
* You should have received a copy of the GNU General Public License * You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software * along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
* http://www.gnu.org/copyleft/gpl.html * http://www.gnu.org/copyleft/gpl.html
*/ */
skipping to change at line 47 skipping to change at line 50
*/ */
#ifdef PS_UNSUPPORTED_OS #ifdef PS_UNSUPPORTED_OS
#include "matrixos.h" #include "matrixos.h"
#else #else
/************************************************************************** ****/ /************************************************************************** ****/
/* /*
*/ */
#include <string.h> /* memset, memcpy */ #include <string.h> /* memset, memcpy */
#define PEERSEC_NO_POOL (void *)0x0 #define MATRIX_NO_POOL (void *)0x0
/************************************************************************** ****/ /************************************************************************** ****/
/* /*
Native memory routines Native memory routines
*/ */
#include <stdlib.h> /* malloc, free, etc... */ #include <stdlib.h> /* malloc, free, etc... */
#define MAX_MEMORY_USAGE 0 #define MAX_MEMORY_USAGE 0
#define psOpenMalloc() 0 #define psOpenMalloc() 0
#define psCloseMalloc() #define psCloseMalloc()
 End of changes. 4 change blocks. 
6 lines changed or deleted 10 lines changed or added


 pstm.h   pstm.h 
/* /*
* pstm.h * pstm.h
* Release $Name: MATRIXSSL-3-2-1-OPEN $ * Release $Name: MATRIXSSL-3-3-0-OPEN $
* *
* multiple-precision integer library * multiple-precision integer library
*/ */
/* /*
* Copyright (c) PeerSec Networks, 2002-2011. All Rights Reserved. * Copyright (c) AuthenTec, Inc. 2011-2012
* Copyright (c) PeerSec Networks, 2002-2011
* All Rights Reserved
*
* The latest version of this code is available at http://www.matrixssl .org * The latest version of this code is available at http://www.matrixssl .org
* *
* This software is open source; you can redistribute it and/or modify * This software is open source; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version. * (at your option) any later version.
* *
* This General Public License does NOT permit incorporating this softw are * This General Public License does NOT permit incorporating this softw are
* into proprietary programs. If you are unable to comply with the GPL , a * into proprietary programs. If you are unable to comply with the GPL , a
* commercial license for this software may be purchased from PeerSec N * commercial license for this software may be purchased from AuthenTec
etworks at
* at http://www.peersec.com * http://www.authentec.com/Products/EmbeddedSecurity/SecurityToolkits.
aspx
* *
* This program is distributed in WITHOUT ANY WARRANTY; without even th e * This program is distributed in WITHOUT ANY WARRANTY; without even th e
* implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURP OSE. * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURP OSE.
* See the GNU General Public License for more details. * See the GNU General Public License for more details.
* *
* You should have received a copy of the GNU General Public License * You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software * along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
* http://www.gnu.org/copyleft/gpl.html * http://www.gnu.org/copyleft/gpl.html
*/ */
 End of changes. 3 change blocks. 
5 lines changed or deleted 9 lines changed or added


 pubkey.h   pubkey.h 
/* /*
* pubkey.h * pubkey.h
* Release $Name: MATRIXSSL-3-2-1-OPEN $ * Release $Name: MATRIXSSL-3-3-0-OPEN $
*/ */
/* /*
* Copyright (c) PeerSec Networks, 2002-2011. All Rights Reserved. * Copyright (c) AuthenTec, Inc. 2011-2012
* Copyright (c) PeerSec Networks, 2002-2011
* All Rights Reserved
*
* The latest version of this code is available at http://www.matrixssl .org * The latest version of this code is available at http://www.matrixssl .org
* *
* This software is open source; you can redistribute it and/or modify * This software is open source; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version. * (at your option) any later version.
* *
* This General Public License does NOT permit incorporating this softw are * This General Public License does NOT permit incorporating this softw are
* into proprietary programs. If you are unable to comply with the GPL , a * into proprietary programs. If you are unable to comply with the GPL , a
* commercial license for this software may be purchased from PeerSec N * commercial license for this software may be purchased from AuthenTec
etworks at
* at http://www.peersec.com * http://www.authentec.com/Products/EmbeddedSecurity/SecurityToolkits.
aspx
* *
* This program is distributed in WITHOUT ANY WARRANTY; without even th e * This program is distributed in WITHOUT ANY WARRANTY; without even th e
* implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURP OSE. * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURP OSE.
* See the GNU General Public License for more details. * See the GNU General Public License for more details.
* *
* You should have received a copy of the GNU General Public License * You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software * along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
* http://www.gnu.org/copyleft/gpl.html * http://www.gnu.org/copyleft/gpl.html
*/ */
 End of changes. 3 change blocks. 
5 lines changed or deleted 9 lines changed or added


 symmetric.h   symmetric.h 
/* /*
* symmetric.h * symmetric.h
* Release $Name: MATRIXSSL-3-2-1-OPEN $ * Release $Name: MATRIXSSL-3-3-0-OPEN $
* *
* Header for internal symmetric key cryptography support * Header for internal symmetric key cryptography support
*/ */
/* /*
* Copyright (c) PeerSec Networks, 2002-2011. All Rights Reserved. * Copyright (c) AuthenTec, Inc. 2011-2012
* Copyright (c) PeerSec Networks, 2002-2011
* All Rights Reserved
*
* The latest version of this code is available at http://www.matrixssl .org * The latest version of this code is available at http://www.matrixssl .org
* *
* This software is open source; you can redistribute it and/or modify * This software is open source; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version. * (at your option) any later version.
* *
* This General Public License does NOT permit incorporating this softw are * This General Public License does NOT permit incorporating this softw are
* into proprietary programs. If you are unable to comply with the GPL , a * into proprietary programs. If you are unable to comply with the GPL , a
* commercial license for this software may be purchased from PeerSec N * commercial license for this software may be purchased from AuthenTec
etworks at
* at http://www.peersec.com * http://www.authentec.com/Products/EmbeddedSecurity/SecurityToolkits.
aspx
* *
* This program is distributed in WITHOUT ANY WARRANTY; without even th e * This program is distributed in WITHOUT ANY WARRANTY; without even th e
* implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURP OSE. * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURP OSE.
* See the GNU General Public License for more details. * See the GNU General Public License for more details.
* *
* You should have received a copy of the GNU General Public License * You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software * along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
* http://www.gnu.org/copyleft/gpl.html * http://www.gnu.org/copyleft/gpl.html
*/ */
/************************************************************************** ****/ /************************************************************************** ****/
#ifndef _h_PS_SYMMETRIC #ifndef _h_PS_SYMMETRIC
#define _h_PS_SYMMETRIC #define _h_PS_SYMMETRIC
/************************************************************************** ****/ /************************************************************************** ****/
#ifdef USE_AES #ifdef USE_AES
/************************************************************************** ****/ /************************************************************************** ****/
typedef struct { typedef struct {
uint32 eK[64], dK[64]; uint32 eK[64], dK[64];
int32 Nr; int32 Nr;
} psAesKey_t; } psAesKey_t;
typedef struct { typedef struct {
int32 blocklen; int32 blocklen;
unsigned char IV[16]; unsigned char IV[16];
psAesKey_t key; psAesKey_t key;
int32 explicitIV; int32 explicitIV;
} aes_CBC; } aes_CBC;
#endif /* USE_AES */ #endif /* USE_AES */
/************************************************************************** ****/ /************************************************************************** ****/
skipping to change at line 79 skipping to change at line 82
unsigned char IV[8]; unsigned char IV[8];
psDes3Key_t key; psDes3Key_t key;
int32 explicitIV; /* 1 if yes */ int32 explicitIV; /* 1 if yes */
} des3_CBC; } des3_CBC;
#endif /* USE_3DES || USE_DES */ #endif /* USE_3DES || USE_DES */
/************************************************************************** ****/ /************************************************************************** ****/
/************************************************************************** ****/ /************************************************************************** ****/
#ifdef USE_ARC4 #ifdef USE_ARC4
/************************************************************************** ****/
typedef struct { typedef struct {
unsigned char state[256]; unsigned char state[256];
uint32 byteCount; uint32 byteCount;
unsigned char x; unsigned char x;
unsigned char y; unsigned char y;
} psRc4Key_t; } psRc4Key_t;
#endif /* USE_ARC4 */ #endif /* USE_ARC4 */
/************************************************************************** ****/ /************************************************************************** ****/
#ifdef USE_RC2
typedef struct {
unsigned xkey[64];
} psRc2Key_t;
typedef struct {
int32 blocklen;
unsigned char IV[8];
psRc2Key_t key;
} rc2_CBC;
#endif /* USE_RC2 */
/************************************************************************** ****/ /************************************************************************** ****/
/* Universal types and defines */ /* Universal types and defines */
/************************************************************************** ****/ /************************************************************************** ****/
#define MAXBLOCKSIZE 24 #define MAXBLOCKSIZE 24
typedef union { typedef union {
#ifdef USE_RC2
rc2_CBC rc2;
#endif
#ifdef USE_ARC4 #ifdef USE_ARC4
psRc4Key_t arc4; psRc4Key_t arc4;
#endif #endif
#ifdef USE_3DES #ifdef USE_3DES
des3_CBC des3; des3_CBC des3;
#endif #endif
#ifdef USE_AES #ifdef USE_AES
aes_CBC aes; aes_CBC aes;
#endif #endif
} psCipherContext_t; } psCipherContext_t;
 End of changes. 9 change blocks. 
11 lines changed or deleted 26 lines changed or added


 version.h   version.h 
/* /*
Copyright 2011 PeerSec Networks, Inc. Copyright 2012 AuthenTec
This file is auto-generated This file is auto-generated
*/ */
#ifndef _h_MATRIXSSL_VERSION #ifndef _h_MATRIXSSL_VERSION
#define _h_MATRIXSSL_VERSION #define _h_MATRIXSSL_VERSION
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif
#define MATRIXSSL_VERSION "3.2.1-OPEN" #define MATRIXSSL_VERSION "3.3.0-OPEN"
#define MATRIXSSL_VERSION_MAJOR 3 #define MATRIXSSL_VERSION_MAJOR 3
#define MATRIXSSL_VERSION_MINOR 2 #define MATRIXSSL_VERSION_MINOR 3
#define MATRIXSSL_VERSION_PATCH 1 #define MATRIXSSL_VERSION_PATCH 0
#define MATRIXSSL_VERSION_CODE "OPEN" #define MATRIXSSL_VERSION_CODE "OPEN"
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif
#endif /* _h_MATRIXSSL_VERSION */ #endif /* _h_MATRIXSSL_VERSION */
 End of changes. 3 change blocks. 
4 lines changed or deleted 4 lines changed or added


 x509.h   x509.h 
/* /*
* x509.h * x509.h
* Release $Name: MATRIXSSL-3-2-1-OPEN $ * Release $Name: MATRIXSSL-3-3-0-OPEN $
*/ */
/* /*
* Copyright (c) PeerSec Networks, 2002-2011. All Rights Reserved. * Copyright (c) AuthenTec, Inc. 2011-2012
* Copyright (c) PeerSec Networks, 2002-2011
* All Rights Reserved
*
* The latest version of this code is available at http://www.matrixssl .org * The latest version of this code is available at http://www.matrixssl .org
* *
* This software is open source; you can redistribute it and/or modify * This software is open source; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version. * (at your option) any later version.
* *
* This General Public License does NOT permit incorporating this softw are * This General Public License does NOT permit incorporating this softw are
* into proprietary programs. If you are unable to comply with the GPL , a * into proprietary programs. If you are unable to comply with the GPL , a
* commercial license for this software may be purchased from PeerSec N * commercial license for this software may be purchased from AuthenTec
etworks at
* at http://www.peersec.com * http://www.authentec.com/Products/EmbeddedSecurity/SecurityToolkits.
aspx
* *
* This program is distributed in WITHOUT ANY WARRANTY; without even th e * This program is distributed in WITHOUT ANY WARRANTY; without even th e
* implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURP OSE. * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURP OSE.
* See the GNU General Public License for more details. * See the GNU General Public License for more details.
* *
* You should have received a copy of the GNU General Public License * You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software * along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
* http://www.gnu.org/copyleft/gpl.html * http://www.gnu.org/copyleft/gpl.html
*/ */
skipping to change at line 88 skipping to change at line 91
short orgUnitLen; short orgUnitLen;
short commonNameType; short commonNameType;
short commonNameLen; short commonNameLen;
} x509DNattributes_t; } x509DNattributes_t;
typedef struct { typedef struct {
int32 cA; int32 cA;
int32 pathLenConstraint; int32 pathLenConstraint;
} x509extBasicConstraints_t; } x509extBasicConstraints_t;
typedef struct psSubjectAltNameEntry { typedef struct psGeneralNameEntry {
int32 id; int32 id;
unsigned char name[16]; unsigned char name[16];
unsigned char *data; unsigned char *data;
uint32 dataLen; uint32 dataLen;
struct psSubjectAltNameEntry *next; struct psGeneralNameEntry *next;
} x509SubjectAltName_t; } x509GeneralName_t;
#ifdef USE_FULL_CERT_PARSE #ifdef USE_FULL_CERT_PARSE
typedef struct { typedef struct {
uint32 len; uint32 len;
unsigned char *id; unsigned char *id;
} x509extSubjectKeyId_t; } x509extSubjectKeyId_t;
typedef struct { typedef struct {
uint32 keyLen; uint32 keyLen;
unsigned char *keyId; unsigned char *keyId;
x509DNattributes_t attribs; x509DNattributes_t attribs;
uint32 serialNumLen; uint32 serialNumLen;
unsigned char *serialNum; unsigned char *serialNum;
} x509extAuthKeyId_t; } x509extAuthKeyId_t;
#endif /* USE_FULL_CERT_PARSE */ #endif /* USE_FULL_CERT_PARSE */
typedef struct { typedef struct {
x509extBasicConstraints_t bc; x509extBasicConstraints_t bc;
x509SubjectAltName_t *san; x509GeneralName_t *san;
#ifdef USE_FULL_CERT_PARSE #ifdef USE_FULL_CERT_PARSE
x509extSubjectKeyId_t sk; x509extSubjectKeyId_t sk;
x509extAuthKeyId_t ak; x509extAuthKeyId_t ak;
unsigned char *keyUsage; unsigned char *keyUsage;
int32 keyUsageLen; int32 keyUsageLen;
#endif /* USE_FULL_CERT_PARSE */ #endif /* USE_FULL_CERT_PARSE */
} x509v3extensions_t; } x509v3extensions_t;
#endif /* USE_CERT_PARSE */ #endif /* USE_CERT_PARSE */
 End of changes. 6 change blocks. 
9 lines changed or deleted 13 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/