asn1.h   asn1.h 
/* /*
* asn1.h * asn1.h
* Release $Name: MATRIXSSL-3-3-0-OPEN $ * Release $Name: MATRIXSSL-3-3-1-OPEN $
*/ */
/* /*
* Copyright (c) AuthenTec, Inc. 2011-2012 * Copyright (c) AuthenTec, Inc. 2011-2012
* Copyright (c) PeerSec Networks, 2002-2011 * Copyright (c) PeerSec Networks, 2002-2011
* All Rights Reserved * All Rights Reserved
* *
* The latest version of this code is available at http://www.matrixssl .org * The latest version of this code is available at http://www.matrixssl .org
* *
* This software is open source; you can redistribute it and/or modify * This software is open source; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
 End of changes. 1 change blocks. 
1 lines changed or deleted 1 lines changed or added


 coreApi.h   coreApi.h 
/* /*
* coreApi.h * coreApi.h
* Release $Name: MATRIXSSL-3-3-0-OPEN $ * Release $Name: MATRIXSSL-3-3-1-OPEN $
* *
* Prototypes for the Matrix core public APIs * Prototypes for the Matrix core public APIs
*/ */
/* /*
* Copyright (c) AuthenTec, Inc. 2011-2012 * Copyright (c) AuthenTec, Inc. 2011-2012
* Copyright (c) PeerSec Networks, 2002-2011 * Copyright (c) PeerSec Networks, 2002-2011
* All Rights Reserved * All Rights Reserved
* *
* The latest version of this code is available at http://www.matrixssl .org * The latest version of this code is available at http://www.matrixssl .org
* *
 End of changes. 1 change blocks. 
1 lines changed or deleted 1 lines changed or added


 coreConfig.h   coreConfig.h 
/* /*
* coreConfig.h * coreConfig.h
* Release $Name: MATRIXSSL-3-3-0-OPEN $ * Release $Name: MATRIXSSL-3-3-1-OPEN $
* *
* Configuration settings for Matrix core module * Configuration settings for Matrix core module
*/ */
/* /*
* Copyright (c) AuthenTec, Inc. 2011-2012 * Copyright (c) AuthenTec, Inc. 2011-2012
* Copyright (c) PeerSec Networks, 2002-2011 * Copyright (c) PeerSec Networks, 2002-2011
* All Rights Reserved * All Rights Reserved
* *
* The latest version of this code is available at http://www.matrixssl .org * The latest version of this code is available at http://www.matrixssl .org
* *
 End of changes. 1 change blocks. 
1 lines changed or deleted 1 lines changed or added


 cryptoApi.h   cryptoApi.h 
/* /*
* cryptoApi.h * cryptoApi.h
* Release $Name: MATRIXSSL-3-3-0-OPEN $ * Release $Name: MATRIXSSL-3-3-1-OPEN $
* *
* Prototypes for the Matrix crypto public APIs * Prototypes for the Matrix crypto public APIs
*/ */
/* /*
* Copyright (c) AuthenTec, Inc. 2011-2012 * Copyright (c) AuthenTec, Inc. 2011-2012
* Copyright (c) PeerSec Networks, 2002-2011 * Copyright (c) PeerSec Networks, 2002-2011
* All Rights Reserved * All Rights Reserved
* *
* The latest version of this code is available at http://www.matrixssl .org * The latest version of this code is available at http://www.matrixssl .org
* *
skipping to change at line 265 skipping to change at line 265
/************************************************************************** ****/ /************************************************************************** ****/
#ifdef USE_RSA #ifdef USE_RSA
/************************************************************************** ****/ /************************************************************************** ****/
/* /*
RSA crypto RSA crypto
*/ */
PSPUBLIC int32 psRsaDecryptPriv(psPool_t *pool, psRsaKey_t *key, PSPUBLIC int32 psRsaDecryptPriv(psPool_t *pool, psRsaKey_t *key,
unsigned char *in, uint32 inlen, unsigned char *in, uint32 inlen,
unsigned char *out, uint32 outlen); unsigned char *out, uint32 outlen, v oid *data);
PSPUBLIC int32 psRsaDecryptPub(psPool_t *pool, psRsaKey_t *key, PSPUBLIC int32 psRsaDecryptPub(psPool_t *pool, psRsaKey_t *key,
unsigned char *in, uint32 inlen, unsigned char *in, uint32 inlen,
unsigned char *out, uint32 outlen); unsigned char *out, uint32 outlen, v oid *data);
PSPUBLIC int32 psRsaEncryptPub(psPool_t *pool, psRsaKey_t *key, PSPUBLIC int32 psRsaEncryptPub(psPool_t *pool, psRsaKey_t *key,
unsigned char *in, uint32 inlen, unsigned char *in, uint32 inlen,
unsigned char *out, uint32 outlen); unsigned char *out, uint32 outlen, void *dat a);
PSPUBLIC int32 psRsaCrypt(psPool_t *pool, const unsigned char *in, uint32 i nlen, PSPUBLIC int32 psRsaCrypt(psPool_t *pool, const unsigned char *in, uint32 i nlen,
unsigned char *out, uint32 *outlen, psRs unsigned char *out, uint32 *outlen, psRs
aKey_t *key,int32 type); aKey_t *key,
int32 type, void *data);
#endif /* USE_RSA */ #endif /* USE_RSA */
/************************************************************************** ****/ /************************************************************************** ****/
/************************************************************************** ****/ /************************************************************************** ****/
/************************************************************************** ****/ /************************************************************************** ****/
/************************************************************************** ****/ /************************************************************************** ****/
#ifdef USE_X509 #ifdef USE_X509
/************************************************************************** ****/ /************************************************************************** ****/
/* /*
 End of changes. 5 change blocks. 
6 lines changed or deleted 7 lines changed or added


 cryptoConfig.h   cryptoConfig.h 
/* /*
* cryptoConfig.h * cryptoConfig.h
* Release $Name: MATRIXSSL-3-3-0-OPEN $ * Release $Name: MATRIXSSL-3-3-1-OPEN $
*/ */
/* /*
* Copyright (c) AuthenTec, Inc. 2011-2012 * Copyright (c) AuthenTec, Inc. 2011-2012
* Copyright (c) PeerSec Networks, 2002-2011 * Copyright (c) PeerSec Networks, 2002-2011
* All Rights Reserved * All Rights Reserved
* *
* The latest version of this code is available at http://www.matrixssl .org * The latest version of this code is available at http://www.matrixssl .org
* *
* This software is open source; you can redistribute it and/or modify * This software is open source; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
 End of changes. 1 change blocks. 
1 lines changed or deleted 1 lines changed or added


 cryptolib.h   cryptolib.h 
/* /*
* cryptolib.h * cryptolib.h
* Release $Name: MATRIXSSL-3-3-0-OPEN $ * Release $Name: MATRIXSSL-3-3-1-OPEN $
*/ */
/* /*
* Copyright (c) AuthenTec, Inc. 2011-2012 * Copyright (c) AuthenTec, Inc. 2011-2012
* Copyright (c) PeerSec Networks, 2002-2011 * Copyright (c) PeerSec Networks, 2002-2011
* All Rights Reserved * All Rights Reserved
* *
* The latest version of this code is available at http://www.matrixssl .org * The latest version of this code is available at http://www.matrixssl .org
* *
* This software is open source; you can redistribute it and/or modify * This software is open source; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
skipping to change at line 195 skipping to change at line 195
#define CRYPTO_FLAGS_AES 0x01 #define CRYPTO_FLAGS_AES 0x01
#define CRYPTO_FLAGS_AES256 0x02 #define CRYPTO_FLAGS_AES256 0x02
#define CRYPTO_FLAGS_3DES 0x04 #define CRYPTO_FLAGS_3DES 0x04
#define CRYPTO_FLAGS_ARC4 0x08 #define CRYPTO_FLAGS_ARC4 0x08
#define CRYPTO_FLAGS_SEED 0x10 #define CRYPTO_FLAGS_SEED 0x10
#define CRYPTO_FLAGS_SHA1 0x20 #define CRYPTO_FLAGS_SHA1 0x20
#define CRYPTO_FLAGS_SHA2 0x40 #define CRYPTO_FLAGS_SHA2 0x40
#define CRYPTO_FLAGS_MD5 0x80 #define CRYPTO_FLAGS_MD5 0x80
#define CRYPTO_FLAGS_TLS 0x100 #define CRYPTO_FLAGS_TLS 0x100
#define CRYPTO_FLAGS_TLS_1_1 0x200
#define CRYPTO_FLAGS_TLS_1_2 0x400
#define CRYPTO_FLAGS_INBOUND 0x800
#define CRYPTO_FLAGS_ARC4INIT 0x1000
#define CRYPTO_FLAGS_BLOCKING 0x2000
#define CRYPTO_FLAGS_INBOUND 0x200 #define CRYPTO_FLAGS_DISABLED 0x4000
#define CRYPTO_FLAGS_ARC4INIT 0x400 #define CRYPTO_FLAGS_GCM 0x8000
#define CRYPTO_FLAGS_BLOCKING 0x800
#define CRYPTO_FLAGS_DISABLED 0x1000 #define CRYPTO_FLAGS_SHA3 0x10000 /* SHA-384 */
/************************************************************************** ****/ /************************************************************************** ****/
#define CRYPT_INVALID_KEYSIZE -21 #define CRYPT_INVALID_KEYSIZE -21
#define CRYPT_INVALID_ROUNDS -22 #define CRYPT_INVALID_ROUNDS -22
/************************************************************************** ****/ /************************************************************************** ****/
/* 32-bit Rotates */ /* 32-bit Rotates */
/************************************************************************** ****/ /************************************************************************** ****/
#if defined(_MSC_VER) #if defined(_MSC_VER)
 End of changes. 4 change blocks. 
6 lines changed or deleted 11 lines changed or added


 digest.h   digest.h 
/* /*
* digest.h * digest.h
* Release $Name: MATRIXSSL-3-3-0-OPEN $ * Release $Name: MATRIXSSL-3-3-1-OPEN $
* *
* Header for internal symmetric key cryptography support * Header for internal symmetric key cryptography support
*/ */
/* /*
* Copyright (c) AuthenTec, Inc. 2011-2012 * Copyright (c) AuthenTec, Inc. 2011-2012
* Copyright (c) PeerSec Networks, 2002-2011 * Copyright (c) PeerSec Networks, 2002-2011
* All Rights Reserved * All Rights Reserved
* *
* The latest version of this code is available at http://www.matrixssl .org * The latest version of this code is available at http://www.matrixssl .org
* *
skipping to change at line 68 skipping to change at line 68
uint64 length; uint64 length;
#else #else
uint32 lengthHi; uint32 lengthHi;
uint32 lengthLo; uint32 lengthLo;
#endif /* HAVE_NATIVE_INT64 */ #endif /* HAVE_NATIVE_INT64 */
uint32 state[4], curlen; uint32 state[4], curlen;
unsigned char buf[64]; unsigned char buf[64];
}; };
#endif /* USE_MD5 */ #endif /* USE_MD5 */
#define SHA384_HASH_SIZE 48
#define MAX_HASH_SIZE SHA1_HASH_SIZE #define MAX_HASH_SIZE SHA1_HASH_SIZE
/************************************************************************** ****/ /************************************************************************** ****/
typedef union { typedef union {
#ifdef USE_SHA1 #ifdef USE_SHA1
struct sha1_state sha1; struct sha1_state sha1;
#endif /* USE_SHA1 */ #endif /* USE_SHA1 */
#ifdef USE_MD5 #ifdef USE_MD5
struct md5_state md5; struct md5_state md5;
skipping to change at line 91 skipping to change at line 93
/************************************************************************** ****/ /************************************************************************** ****/
#ifdef USE_HMAC #ifdef USE_HMAC
/************************************************************************** ****/ /************************************************************************** ****/
typedef struct { typedef struct {
unsigned char pad[64]; unsigned char pad[64];
union { union {
psDigestContext_t md5; psDigestContext_t md5;
psDigestContext_t sha1; psDigestContext_t sha1;
psDigestContext_t sha256; psDigestContext_t sha256;
psDigestContext_t sha512;
} u; } u;
} psHmacContext_t; } psHmacContext_t;
#endif /* USE_HMAC */ #endif /* USE_HMAC */
/************************************************************************** ****/ /************************************************************************** ****/
#endif /* _h_PS_DIGEST */ #endif /* _h_PS_DIGEST */
/************************************************************************** ****/ /************************************************************************** ****/
 End of changes. 3 change blocks. 
1 lines changed or deleted 4 lines changed or added


 list.h   list.h 
/* /*
* list.h * list.h
* Release $Name: MATRIXSSL-3-3-0-OPEN $ * Release $Name: MATRIXSSL-3-3-1-OPEN $
*/ */
/* /*
* Copyright (c) AuthenTec, Inc. 2011-2012 * Copyright (c) AuthenTec, Inc. 2011-2012
* Copyright (c) PeerSec Networks, 2002-2011 * Copyright (c) PeerSec Networks, 2002-2011
* All Rights Reserved * All Rights Reserved
* *
* The latest version of this code is available at http://www.matrixssl .org * The latest version of this code is available at http://www.matrixssl .org
* *
* This software is open source; you can redistribute it and/or modify * This software is open source; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
skipping to change at line 47 skipping to change at line 47
/* /*
* Fast circular doubly-linked list and branchless macro-functions. * Fast circular doubly-linked list and branchless macro-functions.
* Provides a struct-independent way to have a small head and hang a li st * Provides a struct-independent way to have a small head and hang a li st
* of structs off of it. Examples of use: * of structs off of it. Examples of use:
* *
* typedef struct { * typedef struct {
* int bar; * int bar;
* DLListEntry List; * DLListEntry List;
* } foo; * } foo;
* *
* Global foo list head: * Define foo list head:
* DLListEntry FooListHead; * DLListEntry FooListHead;
* *
* Init for list head: * Init for list head:
* DLListInit(&FooListHead); * DLListInit(&FooListHead);
* *
* Define and init list head:
* DEFINE_DLLIST(FooListHead);
* or
* static DEFINE_DLLIST(FooListHead);
*
* Insert *pMyFoo after the head: * Insert *pMyFoo after the head:
* foo *pMyFoo; * foo *pMyFoo;
* pMyFoo = malloc(sizeof(foo)); * pMyFoo = malloc(sizeof(foo));
* DLListInsertHead(&FooListHead, &pMyFoo->List); * DLListInsertHead(&FooListHead, &pMyFoo->List);
* *
* Do the same but place at tail: * Do the same but place at tail:
* DLListInsertTail(&FooListHead, &pMyFoo->List); * DLListInsertTail(&FooListHead, &pMyFoo->List);
* *
* Given a foo that you know is in a list, detach it from the list: * Given a foo that you know is in a list, detach it from the list:
* DLListRemove(&pMyFoo->List); * DLListRemove(&pMyFoo->List);
skipping to change at line 91 skipping to change at line 96
* pList = DLListGetHead(&FooListHead); * pList = DLListGetHead(&FooListHead);
* pMyFoo = DLListGetContainer(pList, foo, List); * pMyFoo = DLListGetContainer(pList, foo, List);
* DestroyFoo(pMyFoo); * DestroyFoo(pMyFoo);
* free(pMyFoo); * free(pMyFoo);
* } * }
*/ */
typedef struct _DLListEntry { typedef struct _DLListEntry {
struct _DLListEntry *pNext, *pPrev; struct _DLListEntry *pNext, *pPrev;
} DLListEntry; } DLListEntry;
#define DEFINE_DLLIST(x) DLListEntry x = { .pNext = &x, .pPrev = &x };
#define DLListInit(__pList) \ #define DLListInit(__pList) \
(__pList)->pNext = (__pList)->pPrev = (__pList) (__pList)->pNext = (__pList)->pPrev = (__pList)
/* Inserts an item as the first item of the list */ /* Inserts an item as the first item of the list */
#define DLListInsertHead(__pHead, __pNode) { \ #define DLListInsertHead(__pHead, __pNode) { \
psAssert((__pHead) != (__pNode)); \ psAssert((__pHead) != (__pNode)); \
(__pNode)->pNext = (__pHead)->pNext; \ (__pNode)->pNext = (__pHead)->pNext; \
(__pNode)->pPrev = (__pHead); \ (__pNode)->pPrev = (__pHead); \
(__pHead)->pNext->pPrev = (__pNode); \ (__pHead)->pNext->pPrev = (__pNode); \
(__pHead)->pNext = (__pNode); \ (__pHead)->pNext = (__pNode); \
 End of changes. 4 change blocks. 
2 lines changed or deleted 9 lines changed or added


 matrixsslApi.h   matrixsslApi.h 
/* /*
* matrixsslApi.h * matrixsslApi.h
* Release $Name: MATRIXSSL-3-3-0-OPEN $ * Release $Name: MATRIXSSL-3-3-1-OPEN $
* *
* Public header file for MatrixSSL * Public header file for MatrixSSL
* Implementations interacting with the matrixssl library should * Implementations interacting with the matrixssl library should
* only use the APIs and definitions used in this file. * only use the APIs and definitions used in this file.
*/ */
/* /*
* Copyright (c) AuthenTec, Inc. 2011-2012 * Copyright (c) AuthenTec, Inc. 2011-2012
* Copyright (c) PeerSec Networks, 2002-2011 * Copyright (c) PeerSec Networks, 2002-2011
* All Rights Reserved * All Rights Reserved
* *
 End of changes. 1 change blocks. 
1 lines changed or deleted 1 lines changed or added


 matrixsslConfig.h   matrixsslConfig.h 
/* /*
* matrixsslConfig.h * matrixsslConfig.h
* Release $Name: MATRIXSSL-3-3-0-OPEN $ * Release $Name: MATRIXSSL-3-3-1-OPEN $
* *
* Configuration settings for building the MatrixSSL library. * Configuration settings for building the MatrixSSL library.
*/ */
/* /*
* Copyright (c) AuthenTec, Inc. 2011-2012 * Copyright (c) AuthenTec, Inc. 2011-2012
* Copyright (c) PeerSec Networks, 2002-2011 * Copyright (c) PeerSec Networks, 2002-2011
* All Rights Reserved * All Rights Reserved
* *
* The latest version of this code is available at http://www.matrixssl .org * The latest version of this code is available at http://www.matrixssl .org
* *
skipping to change at line 68 skipping to change at line 68
These cipher suites do not combine authentication and encryption and These cipher suites do not combine authentication and encryption and
are not recommended for use-cases that require strong security are not recommended for use-cases that require strong security
*/ */
/* #define USE_SSL_RSA_WITH_NULL_SHA */ /* #define USE_SSL_RSA_WITH_NULL_SHA */
/* #define USE_SSL_RSA_WITH_NULL_MD5 */ /* #define USE_SSL_RSA_WITH_NULL_MD5 */
/************************************************************************** ****/ /************************************************************************** ****/
/* /*
Support for TLS protocols. Support for TLS protocols.
- SSLv3 is always on unless disabled below - USE_TLS versions must 'stack' for compiling purposes
- TLS versions must 'stack'
- must enable TLS if enabling TLS 1.1 - must enable TLS if enabling TLS 1.1
- must enable TLS 1.1 if enabling TLS 1.2 - must enable TLS 1.1 if enabling TLS 1.2
- Use the DISABLE_TLS_ defines to disallow specific protocols at run
time
that have been enabled via USE_TLS_.
- There is no DISABLE_TLS_ for the latest version of the protocol.
If
you don't want to use that version disable the USE_TLS_ defi
ne instead
*/ */
#define USE_TLS /* TLS 1.0 aka SSL 3.1 */ #define USE_TLS /* TLS 1.0 aka SSL 3.1 */
#define USE_TLS_1_1 #define USE_TLS_1_1
/* #define DISABLE_SSLV3 */ /* Disable SSL 3.0 */ /* #define DISABLE_TLS_1_1 */
/* #define DISABLE_TLS_1_0 */
#define DISABLE_SSLV3 /* Disable SSL 3.0 */
/************************************************************************** ****/ /************************************************************************** ****/
/* /*
Compile time support for server or client side SSL Compile time support for server or client side SSL
*/ */
#define USE_CLIENT_SIDE_SSL #define USE_CLIENT_SIDE_SSL
#define USE_SERVER_SIDE_SSL #define USE_SERVER_SIDE_SSL
/************************************************************************** ****/ /************************************************************************** ****/
/* /*
skipping to change at line 100 skipping to change at line 105
buffer again drops below SSL_DEFAULT_X_BUF_SIZE, the buffer will be reduced buffer again drops below SSL_DEFAULT_X_BUF_SIZE, the buffer will be reduced
to this size. Most standard SSL handshakes require on the order of 1 024 B. to this size. Most standard SSL handshakes require on the order of 1 024 B.
SSL_DEFAULT_X_BUF_SIZE value in bytes, maximum SSL_MAX_BUF_SIZE SSL_DEFAULT_X_BUF_SIZE value in bytes, maximum SSL_MAX_BUF_SIZE
*/ */
#define SSL_DEFAULT_IN_BUF_SIZE 1500 /* Baseline recv buf size */ #define SSL_DEFAULT_IN_BUF_SIZE 1500 /* Baseline recv buf size */
#define SSL_DEFAULT_OUT_BUF_SIZE 1500 /* Baseline send buf size */ #define SSL_DEFAULT_OUT_BUF_SIZE 1500 /* Baseline send buf size */
/************************************************************************** ****/ /************************************************************************** ****/
/* /*
The TLS specifications sets the maximum plaintext length at 16KB.
However, RFC 4366 introduces a "max_fragment_length" extension that
enables
a client to request a smaller max from the server. If not default (
0x4000),
the ONLY possible options for REQUESTED_MAX_PLAINTEXT_RECORD_LEN are
:
0x200 (512 bytes), 0x400 (1K), 0x800 (2K), or 0x1000 (4K)
The "catch" to this request is that the server is not required to su
pport
this extension. MatrixSSL servers do support this.
*/
#define REQUESTED_MAX_PLAINTEXT_RECORD_LEN 0x4000
/**************************************************************************
****/
/*
If SERVER you may define the number of sessions to cache and how If SERVER you may define the number of sessions to cache and how
long a session will remain valid in the cache from first access. long a session will remain valid in the cache from first access.
Session caching enables very fast "session resumption handshakes". S ession Session caching enables very fast "session resumption handshakes". S ession
caching can effectively by disabled by setting SSL_SESSION_ENTRY_LIF E to 0 caching can effectively by disabled by setting SSL_SESSION_ENTRY_LIF E to 0
SSL_SESSION_TABLE_SIZE minimum value is 1 SSL_SESSION_TABLE_SIZE minimum value is 1
SSL_SESSION_ENTRY_LIFE is in milliseconds, minimum 0 SSL_SESSION_ENTRY_LIFE is in milliseconds, minimum 0
*/ */
skipping to change at line 171 skipping to change at line 190
sensitive HTTP request. sensitive HTTP request.
Apparently most other SSL implementations do allow this "trick" to Apparently most other SSL implementations do allow this "trick" to
succeed, and so we have added support as well using a conditional co mpile. succeed, and so we have added support as well using a conditional co mpile.
Enabling this allows Chrome browsers to connect to HTTPS servers run ning Enabling this allows Chrome browsers to connect to HTTPS servers run ning
MatrixSSL. Sending app data with a client finished message from Matr ixSSL MatrixSSL. Sending app data with a client finished message from Matr ixSSL
is still NOT SUPPORTED for the security reasons above. is still NOT SUPPORTED for the security reasons above.
For more information: For more information:
http://tools.ietf.org/html/draft-bmoeller-tls-falsestart-00 http://tools.ietf.org/html/draft-bmoeller-tls-falsestart-00
UPDATE April 2012: Google has announced this feature will be removed
in
version 20 of their browser due to industry compatibility issues.
*/ */
#define ENABLE_FALSE_START #define ENABLE_FALSE_START
/************************************************************************** ****/ /************************************************************************** ****/
/* /*
In Sept. 2011 security researchers demonstrated how a previously known In Sept. 2011 security researchers demonstrated how a previously known
CBC encryption weakness could be used to decrypt HTTP data over SSL. CBC encryption weakness could be used to decrypt HTTP data over SSL.
The attack was named BEAST (Browser Exploit Against SSL/TLS). The attack was named BEAST (Browser Exploit Against SSL/TLS).
This issue only effects TLS 1.0 (and SSL) and only if the cipher sui te This issue only effects TLS 1.0 (and SSL) and only if the cipher sui te
 End of changes. 6 change blocks. 
4 lines changed or deleted 35 lines changed or added


 matrixssllib.h   matrixssllib.h 
/* /*
* matrixssllib.h * matrixssllib.h
* Release $Name: MATRIXSSL-3-3-0-OPEN $ * Release $Name: MATRIXSSL-3-3-1-OPEN $
* *
* Internal header file used for the MatrixSSL implementation. * Internal header file used for the MatrixSSL implementation.
* Only modifiers of the library should be intersted in this file * Only modifiers of the library should be intersted in this file
*/ */
/* /*
* Copyright (c) AuthenTec, Inc. 2011-2012 * Copyright (c) AuthenTec, Inc. 2011-2012
* Copyright (c) PeerSec Networks, 2002-2011 * Copyright (c) PeerSec Networks, 2002-2011
* All Rights Reserved * All Rights Reserved
* *
* The latest version of this code is available at http://www.matrixssl .org * The latest version of this code is available at http://www.matrixssl .org
skipping to change at line 55 skipping to change at line 55
Start with compile-time checks for the necessary proto and crypto su pport. Start with compile-time checks for the necessary proto and crypto su pport.
*/ */
#if !defined(USE_TLS) && defined(DISABLE_SSLV3) #if !defined(USE_TLS) && defined(DISABLE_SSLV3)
#error "Must enable a protocol: USE_TLS enabled or DISABLE_SSLV3 disabled" #error "Must enable a protocol: USE_TLS enabled or DISABLE_SSLV3 disabled"
#endif #endif
#if defined(USE_TLS_1_1) && !defined(USE_TLS) #if defined(USE_TLS_1_1) && !defined(USE_TLS)
#error "Must define USE_TLS if defining USE_TLS_1_1" #error "Must define USE_TLS if defining USE_TLS_1_1"
#endif #endif
#ifdef USE_TLS
#if !defined(USE_TLS_1_2) && defined(DISABLE_TLS_1_0) && defined(DISABLE_TL
S_1_1) && defined(DISABLE_SSLV3)
#error "Bad combination of USE_TLS and DISABLE_TLS"
#endif
#endif
#define USE_NATIVE_CRYPTO
/************************************************************************** ****/ /************************************************************************** ****/
/* /*
SHA1 and MD5 are essential elements for SSL key derivation during pr otocol SHA1 and MD5 are essential elements for SSL key derivation during pr otocol
*/ */
#if !defined USE_MD5 || !defined USE_SHA1 #if !defined USE_MD5 || !defined USE_SHA1
#error "Must enable both USE_MD5 and USE_SHA1 in cryptoConfig.h for MatrixS SL" #error "Must enable both USE_MD5 and USE_SHA1 in cryptoConfig.h for MatrixS SL"
#endif #endif
#if !defined USE_CLIENT_SIDE_SSL && !defined USE_SERVER_SIDE_SSL #if !defined USE_CLIENT_SIDE_SSL && !defined USE_SERVER_SIDE_SSL
#error "Must enable either USE_CLIENT_SIDE_SSL or USE_SERVER_SIDE_SSL (or b oth)" #error "Must enable either USE_CLIENT_SIDE_SSL or USE_SERVER_SIDE_SSL (or b oth)"
skipping to change at line 239 skipping to change at line 246
#define SSL_ALERT -54 /* we've decoded an alert */ #define SSL_ALERT -54 /* we've decoded an alert */
#define SSL_FILE_NOT_FOUND -55 /* File not found */ #define SSL_FILE_NOT_FOUND -55 /* File not found */
#define SSL_MEM_ERROR PS_MEM_FAIL /* Memory allocation failure * / #define SSL_MEM_ERROR PS_MEM_FAIL /* Memory allocation failure * /
/* /*
Magic numbers for handshake header lengths Magic numbers for handshake header lengths
*/ */
#define SSL2_HEADER_LEN 2 #define SSL2_HEADER_LEN 2
#define SSL3_HEADER_LEN 5 #define SSL3_HEADER_LEN 5
#define SSL3_HANDSHAKE_HEADER_LEN 4 #define SSL3_HANDSHAKE_HEADER_LEN 4
#define TLS_GCM_TAG_LEN 16
#define TLS_GCM_NONCE_LEN 8
/* /*
matrixSslSetSessionOption defines matrixSslSetSessionOption defines
*/ */
#define SSL_OPTION_FULL_HANDSHAKE 1 #define SSL_OPTION_FULL_HANDSHAKE 1
/* /*
SSL Alert levels and descriptions SSL Alert levels and descriptions
This implementation treats all alerts that are not related to This implementation treats all alerts that are not related to
certificate validation as fatal certificate validation as fatal
skipping to change at line 286 skipping to change at line 295
/* /*
Use as return code in user validation callback to allow Use as return code in user validation callback to allow
anonymous connections to proceed. anonymous connections to proceed.
MUST NOT OVERLAP WITH ANY OF THE ALERT CODES ABOVE MUST NOT OVERLAP WITH ANY OF THE ALERT CODES ABOVE
*/ */
#define SSL_ALLOW_ANON_CONNECTION 254 #define SSL_ALLOW_ANON_CONNECTION 254
/* /*
Internal flags for ssl_t.flags field. Internal flags for ssl_t.flags field.
*/ */
#define SSL_FLAGS_SERVER 0x000001 #define SSL_FLAGS_SERVER 0x00000001
#define SSL_FLAGS_READ_SECURE 0x000002 #define SSL_FLAGS_READ_SECURE 0x00000002
#define SSL_FLAGS_WRITE_SECURE 0x000004 #define SSL_FLAGS_WRITE_SECURE 0x00000004
#define SSL_FLAGS_RESUMED 0x000008 #define SSL_FLAGS_RESUMED 0x00000008
#define SSL_FLAGS_CLOSED 0x000010 #define SSL_FLAGS_CLOSED 0x00000010
#define SSL_FLAGS_NEED_ENCODE 0x000020 #define SSL_FLAGS_NEED_ENCODE 0x00000020
#define SSL_FLAGS_ERROR 0x000040 #define SSL_FLAGS_ERROR 0x00000040
#define SSL_FLAGS_TLS 0x000080 #define SSL_FLAGS_TLS 0x00000080
#define SSL_FLAGS_CLIENT_AUTH 0x000100 #define SSL_FLAGS_CLIENT_AUTH 0x00000100
#define SSL_FLAGS_ANON_CIPHER 0x000200 #define SSL_FLAGS_ANON_CIPHER 0x00000200
#define SSL_FLAGS_FALSE_START 0x000400 #define SSL_FLAGS_FALSE_START 0x00000400
#define SSL_FLAGS_TLS_1_1 0x000800 #define SSL_FLAGS_TLS_1_1 0x00000800
#define SSL_FLAGS_TLS_1_2 0x400000 #define SSL_FLAGS_TLS_1_2 0x00001000
/* /*
Buffer flags (ssl->bFlags) Buffer flags (ssl->bFlags)
*/ */
#define BFLAG_CLOSE_AFTER_SENT 0x01 #define BFLAG_CLOSE_AFTER_SENT 0x01
#define BFLAG_HS_COMPLETE 0x02 #define BFLAG_HS_COMPLETE 0x02
#define BFLAG_STOP_BEAST 0x04 #define BFLAG_STOP_BEAST 0x04
/* /*
Number of bytes server must send before creating a re-handshake cred it Number of bytes server must send before creating a re-handshake cred it
skipping to change at line 323 skipping to change at line 332
/* /*
Cipher types Cipher types
*/ */
#define CS_NULL 0 #define CS_NULL 0
#define CS_RSA 1 #define CS_RSA 1
/* /*
These are defines rather than enums because we want to store them as char, These are defines rather than enums because we want to store them as char,
not int32 (enum size) not int32 (enum size)
*/ */
#define SSL_RECORD_TYPE_CHANGE_CIPHER_SPEC 20 #define SSL_RECORD_TYPE_CHANGE_CIPHER_SPEC 20
#define SSL_RECORD_TYPE_ALERT 21 #define SSL_RECORD_TYPE_ALERT 21
#define SSL_RECORD_TYPE_HANDSHAKE 22 #define SSL_RECORD_TYPE_HANDSHAKE 22
#define SSL_RECORD_TYPE_APPLICATION_DATA 23 #define SSL_RECORD_TYPE_APPLICATION_DATA 23
#define SSL_RECORD_TYPE_HANDSHAKE 22
#define SSL_RECORD_TYPE_HANDSHAKE_FIRST_FRAG 90 /* internal */
#define SSL_RECORD_TYPE_HANDSHAKE_FRAG 91 /* non-standard t
ypes */
#define SSL_HS_HELLO_REQUEST 0 #define SSL_HS_HELLO_REQUEST 0
#define SSL_HS_CLIENT_HELLO 1 #define SSL_HS_CLIENT_HELLO 1
#define SSL_HS_SERVER_HELLO 2 #define SSL_HS_SERVER_HELLO 2
#define SSL_HS_HELLO_VERIFY_REQUEST 3 #define SSL_HS_HELLO_VERIFY_REQUEST 3
#define SSL_HS_CERTIFICATE 11 #define SSL_HS_CERTIFICATE 11
#define SSL_HS_SERVER_KEY_EXCHANGE 12 #define SSL_HS_SERVER_KEY_EXCHANGE 12
#define SSL_HS_CERTIFICATE_REQUEST 13 #define SSL_HS_CERTIFICATE_REQUEST 13
#define SSL_HS_SERVER_HELLO_DONE 14 #define SSL_HS_SERVER_HELLO_DONE 14
#define SSL_HS_CERTIFICATE_VERIFY 15 #define SSL_HS_CERTIFICATE_VERIFY 15
skipping to change at line 383 skipping to change at line 395
#define SSL_RSA_WITH_RC4_128_MD5 0x0004 #define SSL_RSA_WITH_RC4_128_MD5 0x0004
#define SSL_RSA_WITH_RC4_128_SHA 0x0005 #define SSL_RSA_WITH_RC4_128_SHA 0x0005
#define SSL_RSA_WITH_3DES_EDE_CBC_SHA 0x000A /* 10 */ #define SSL_RSA_WITH_3DES_EDE_CBC_SHA 0x000A /* 10 */
#define TLS_RSA_WITH_AES_128_CBC_SHA 0x002F /* 47 */ #define TLS_RSA_WITH_AES_128_CBC_SHA 0x002F /* 47 */
#define TLS_RSA_WITH_AES_256_CBC_SHA 0x0035 /* 53 */ #define TLS_RSA_WITH_AES_256_CBC_SHA 0x0035 /* 53 */
#define TLS_EMPTY_RENEGOTIATION_INFO_SCSV 0x00FF #define TLS_EMPTY_RENEGOTIATION_INFO_SCSV 0x00FF
/* /*
Supported HELLO extensions Supported HELLO extensions
*/ */
#define EXT_MAX_FRAGMENT_LEN 0x01
#define EXT_RENEGOTIATION_INFO 0xFF01 #define EXT_RENEGOTIATION_INFO 0xFF01
#define EXT_SIGNATURE_ALGORITHMS 0x00D #define EXT_SIGNATURE_ALGORITHMS 0x00D
/* /*
Maximum key block size for any defined cipher Maximum key block size for any defined cipher
This must be validated if new ciphers are added This must be validated if new ciphers are added
Value is largest total among all cipher suites for Value is largest total among all cipher suites for
2*macSize + 2*keySize + 2*ivSize 2*macSize + 2*keySize + 2*ivSize
*/ */
#define SSL_MAX_KEY_BLOCK_SIZE 2*32 + 2*32 + 2*16 + SHA1_HA SH_SIZE #define SSL_MAX_KEY_BLOCK_SIZE 2*32 + 2*32 + 2*16 + SHA1_HA SH_SIZE
skipping to change at line 501 skipping to change at line 514
#ifdef USE_CLIENT_SIDE_SSL #ifdef USE_CLIENT_SIDE_SSL
int32 certMatch; int32 certMatch;
#endif /* USE_CLIENT_SIDE_SSL */ #endif /* USE_CLIENT_SIDE_SSL */
psDigestContext_t msgHashMd5; psDigestContext_t msgHashMd5;
psDigestContext_t msgHashSha1; psDigestContext_t msgHashSha1;
psCipherContext_t encryptCtx; psCipherContext_t encryptCtx;
psCipherContext_t decryptCtx; psCipherContext_t decryptCtx;
#ifdef USE_TLS_1_1
int32 explicitIv;
#endif /* USE_TLS_1_1 */
int32 anon; int32 anon;
} sslSec_t; } sslSec_t;
typedef struct { typedef struct {
uint16 ident; /* Official cipher ID */ uint16 ident; /* Official cipher ID */
uint16 type; /* Key exchange method */ uint16 type; /* Key exchange method */
uint32 flags; /* from CRYPTO_FLAGS_* */ uint32 flags; /* from CRYPTO_FLAGS_* */
unsigned char macSize; unsigned char macSize;
unsigned char keySize; unsigned char keySize;
unsigned char ivSize; unsigned char ivSize;
unsigned char blockSize; unsigned char blockSize;
/* Init function */ /* Init function */
int32 (*init)(sslSec_t *sec, int32 type, uint32 keysize); int32 (*init)(sslSec_t *sec, int32 type, uint32 keysize);
/* Cipher functions */ /* Cipher functions */
int32 (*encrypt)(psCipherContext_t *ctx, unsigned char *in, int32 (*encrypt)(void *ssl, unsigned char *in,
unsigned char *out, uint32 len); unsigned char *out, uint32 len);
int32 (*decrypt)(psCipherContext_t *ctx, unsigned char *in, int32 (*decrypt)(void *ssl, unsigned char *in,
unsigned char *out, uint32 len); unsigned char *out, uint32 len);
int32 (*generateMac)(void *ssl, unsigned char type, unsigned char *d ata, int32 (*generateMac)(void *ssl, unsigned char type, unsigned char *d ata,
uint32 len, unsigned char *mac); uint32 len, unsigned char *mac);
int32 (*verifyMac)(void *ssl, unsigned char type, unsigned char *dat a, int32 (*verifyMac)(void *ssl, unsigned char type, unsigned char *dat a,
uint32 len, unsigned char *mac); uint32 len, unsigned char *mac);
} sslCipherSpec_t; } sslCipherSpec_t;
typedef struct { typedef struct {
unsigned char id[SSL_MAX_SESSION_ID_SIZE]; unsigned char id[SSL_MAX_SESSION_ID_SIZE];
unsigned char masterSecret[SSL_HS_MASTER_SIZE]; unsigned char masterSecret[SSL_HS_MASTER_SIZE];
skipping to change at line 578 skipping to change at line 588
#endif /* USE_SERVER_SIDE_SSL */ #endif /* USE_SERVER_SIDE_SSL */
unsigned char *inbuf; unsigned char *inbuf;
unsigned char *outbuf; unsigned char *outbuf;
int32 inlen; /* Bytes unprocessed in inbu f */ int32 inlen; /* Bytes unprocessed in inbu f */
int32 outlen; /* Bytes unsent in outbuf */ int32 outlen; /* Bytes unsent in outbuf */
int32 insize; /* Total allocated size of i nbuf */ int32 insize; /* Total allocated size of i nbuf */
int32 outsize; /* Total allocated size of o utbuf */ int32 outsize; /* Total allocated size of o utbuf */
uint32 bFlags; /* Buffer related flags */ uint32 bFlags; /* Buffer related flags */
int32 maxPtFrag; /* 16K by default - SSL_MAX_
PLAINTEXT_LEN */
unsigned char *fragMessage; /* holds the constructed fragmented me
ssage */
uint32 fragIndex; /* How much data has been wr
itten to msg */
uint32 fragTotal; /* Total length of fragmente
d message */
/* Pointer to the negotiated cipher information */ /* Pointer to the negotiated cipher information */
sslCipherSpec_t *cipher; sslCipherSpec_t *cipher;
/* Symmetric cipher callbacks /* Symmetric cipher callbacks
We duplicate these here from 'cipher' because we need to set the We duplicate these here from 'cipher' because we need to set the
various callbacks at different times in the handshake protoc ol various callbacks at different times in the handshake protoc ol
Also, there are 64 bit alignment issues in using the functio n pointers Also, there are 64 bit alignment issues in using the functio n pointers
within 'cipher' directly within 'cipher' directly
*/ */
int32 (*encrypt)(psCipherContext_t *ctx, unsigned char *in, int32 (*encrypt)(void *ctx, unsigned char *in,
unsigned char *out, uint32 len); unsigned char *out, uint32 len);
int32 (*decrypt)(psCipherContext_t *ctx, unsigned char *in, int32 (*decrypt)(void *ctx, unsigned char *in,
unsigned char *out, uint32 len); unsigned char *out, uint32 len);
/* Message Authentication Codes */ /* Message Authentication Codes */
int32 (*generateMac)(void *ssl, unsigned char type, unsigned char *d ata, int32 (*generateMac)(void *ssl, unsigned char type, unsigned char *d ata,
uint32 len, unsigned char *mac); uint32 len, unsigned char *mac);
int32 (*verifyMac)(void *ssl, unsigned char type, unsigned char *dat a, int32 (*verifyMac)(void *ssl, unsigned char type, unsigned char *dat a,
uint32 len, unsigned char *mac); uint32 len, unsigned char *mac);
/* Current encryption/decryption parameters */ /* Current encryption/decryption parameters */
unsigned char enMacSize; unsigned char enMacSize;
unsigned char enIvSize; unsigned char enIvSize;
skipping to change at line 615 skipping to change at line 630
int32 flags; int32 flags;
int32 hsState; /* Next expected han dshake message type */ int32 hsState; /* Next expected han dshake message type */
int32 err; /* SSL errno of last api call */ int32 err; /* SSL errno of last api call */
int32 ignoredMessageCount; int32 ignoredMessageCount;
unsigned char reqMajVer; unsigned char reqMajVer;
unsigned char reqMinVer; unsigned char reqMinVer;
unsigned char majVer; unsigned char majVer;
unsigned char minVer; unsigned char minVer;
unsigned char outRecType;
#ifdef ENABLE_SECURE_REHANDSHAKES #ifdef ENABLE_SECURE_REHANDSHAKES
unsigned char myVerifyData[MD5_HASH_SIZE + SHA1_HASH_SIZE]; /*SSLv 3 max*/ unsigned char myVerifyData[MD5_HASH_SIZE + SHA1_HASH_SIZE]; /*SSLv 3 max*/
unsigned char peerVerifyData[MD5_HASH_SIZE + SHA1_HASH_SIZE]; unsigned char peerVerifyData[MD5_HASH_SIZE + SHA1_HASH_SIZE];
uint32 myVerifyDataLen; uint32 myVerifyDataLen;
uint32 peerVerifyDataLen; uint32 peerVerifyDataLen;
int32 secureRenegotiationFlag; int32 secureRenegotiationFlag;
#endif /* ENABLE_SECURE_REHANDSHAKES */ #endif /* ENABLE_SECURE_REHANDSHAKES */
#ifdef SSL_REHANDSHAKES_ENABLED #ifdef SSL_REHANDSHAKES_ENABLED
int32 rehandshakeCount; /* Make this an internal d efine of 1 */ int32 rehandshakeCount; /* Make this an internal d efine of 1 */
int32 rehandshakeBytes; /* Make this an internal d efine of 10MB */ int32 rehandshakeBytes; /* Make this an internal d efine of 10MB */
#endif /* SSL_REHANDSHAKES_ENABLED */ #endif /* SSL_REHANDSHAKES_ENABLED */
int32 (*extCb)(void *ssl, unsigned short extType, int32 (*extCb)(void *ssl, unsigned short extType,
unsigned short extLen, void *e); unsigned short extLen, void *e);
int32 recordHeadLen; int32 recordHeadLen;
int32 hshakeHeadLen; int32 hshakeHeadLen;
} ssl_t; } ssl_t;
/************************************************************************** ****/ /************************************************************************** ****/
/* /*
Former public APIS in 1.x and 2.x. Now deprecated in 3.x Former public APIS in 1.x and 2.x. Now deprecated in 3.x
These functions are still heavily used internally, just no longer pu blically These functions are still heavily used internally, just no longer pu blically
supported. supported.
*/ */
skipping to change at line 722 skipping to change at line 739
#endif /* USE_SERVER_SIDE_SSL */ #endif /* USE_SERVER_SIDE_SSL */
/* /*
cipherSuite.c cipherSuite.c
*/ */
extern sslCipherSpec_t *sslGetCipherSpec(ssl_t *ssl, uint32 cid); extern sslCipherSpec_t *sslGetCipherSpec(ssl_t *ssl, uint32 cid);
extern int32 sslGetCipherSpecListLen(ssl_t *ssl); extern int32 sslGetCipherSpecListLen(ssl_t *ssl);
extern int32 sslGetCipherSpecList(ssl_t *ssl, unsigned char *c, int32 len, extern int32 sslGetCipherSpecList(ssl_t *ssl, unsigned char *c, int32 len,
int32 addScsv); int32 addScsv);
extern int32 csRsaEncryptPub(psPool_t *pool, psPubKey_t *key, extern int32 csRsaEncryptPub(psPool_t *pool, psPubKey_t *key,
unsigned char *in, uint32 inlen, unsigned char *out, unsigned char *in, uint32 inlen, unsigned char *out,
uint32 outlen); uint32 outlen,
void *data);
extern int32 csRsaDecryptPub(psPool_t *pool, psPubKey_t *key, extern int32 csRsaDecryptPub(psPool_t *pool, psPubKey_t *key,
unsigned char *in, uint32 inlen, unsigned char *out, unsigned char *in, uint32 inlen, unsigned char *out,
uint32 outlen); uint32 outlen,
void *data);
extern int32 csRsaEncryptPriv(psPool_t *pool, psPubKey_t *key, extern int32 csRsaEncryptPriv(psPool_t *pool, psPubKey_t *key,
unsigned char *in, uint32 inlen, unsigned char *out, unsigned char *in, uint32 inlen, unsigned char *out,
uint32 outlen); uint32 outlen,
void *data);
extern int32 csRsaDecryptPriv(psPool_t *pool, psPubKey_t *key, extern int32 csRsaDecryptPriv(psPool_t *pool, psPubKey_t *key,
unsigned char *in, uint32 inlen, unsigned char *out, unsigned char *in, uint32 inlen, unsigned char *out,
uint32 outlen); uint32 outlen,
void *data);
#ifndef DISABLE_SSLV3 #ifndef DISABLE_SSLV3
/************************************************************************** ****/ /************************************************************************** ****/
/* /*
sslv3.c sslv3.c
*/ */
extern int32 sslGenerateFinishedHash(psDigestContext_t *md5, extern int32 sslGenerateFinishedHash(psDigestContext_t *md5,
psDigestContext_t *sha1, unsigned char *mast erSecret, psDigestContext_t *sha1, unsigned char *mast erSecret,
unsigned char *out, int32 sender); unsigned char *out, int32 sender);
skipping to change at line 772 skipping to change at line 793
unsigned char *masterSecret, unsigned char * out, int32 sender); unsigned char *masterSecret, unsigned char * out, int32 sender);
extern int32 tlsHMACSha1(ssl_t *ssl, int32 mode, unsigned char type, extern int32 tlsHMACSha1(ssl_t *ssl, int32 mode, unsigned char type,
unsigned char *data, uint32 len, unsigned char *mac); unsigned char *data, uint32 len, unsigned char *mac);
extern int32 tlsHMACMd5(ssl_t *ssl, int32 mode, unsigned char type, extern int32 tlsHMACMd5(ssl_t *ssl, int32 mode, unsigned char type,
unsigned char *data, uint32 len, unsigned char *mac); unsigned char *data, uint32 len, unsigned char *mac);
#endif /* USE_TLS */ #endif /* USE_TLS */
#ifdef USE_AES_CIPHER_SUITE
extern int32 csAesInit(sslSec_t *sec, int32 type, uint32 keysize);
extern int32 csAesEncrypt(void *ssl, unsigned char *pt,
unsigned char *ct, uint32 len);
extern int32 csAesDecrypt(void *ssl, unsigned char *ct,
unsigned char *pt, uint32 len);
#endif /* USE_AES_CIPHER_SUITE */
/************************************************************************** ****/ /************************************************************************** ****/
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif
#endif /* _h_MATRIXSSLLIB */ #endif /* _h_MATRIXSSLLIB */
/************************************************************************** ****/ /************************************************************************** ****/
 End of changes. 19 change blocks. 
33 lines changed or deleted 68 lines changed or added


 osdep.h   osdep.h 
/* /*
* osdep.h * osdep.h
* Operating System and Hardware Abstraction Layer * Operating System and Hardware Abstraction Layer
* Release $Name: MATRIXSSL-3-3-0-OPEN $ * Release $Name: MATRIXSSL-3-3-1-OPEN $
*/ */
/* /*
* Copyright (c) AuthenTec, Inc. 2011-2012 * Copyright (c) AuthenTec, Inc. 2011-2012
* Copyright (c) PeerSec Networks, 2002-2011 * Copyright (c) PeerSec Networks, 2002-2011
* All Rights Reserved * All Rights Reserved
* *
* The latest version of this code is available at http://www.matrixssl .org * The latest version of this code is available at http://www.matrixssl .org
* *
* This software is open source; you can redistribute it and/or modify * This software is open source; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
 End of changes. 1 change blocks. 
1 lines changed or deleted 1 lines changed or added


 prng.h   prng.h 
/* /*
* prng.h * prng.h
* Release $Name: MATRIXSSL-3-3-0-OPEN $ * Release $Name: MATRIXSSL-3-3-1-OPEN $
*/ */
/* /*
* Copyright (c) AuthenTec, Inc. 2011-2012 * Copyright (c) AuthenTec, Inc. 2011-2012
* Copyright (c) PeerSec Networks, 2002-2011 * Copyright (c) PeerSec Networks, 2002-2011
* All Rights Reserved * All Rights Reserved
* *
* The latest version of this code is available at http://www.matrixssl .org * The latest version of this code is available at http://www.matrixssl .org
* *
* This software is open source; you can redistribute it and/or modify * This software is open source; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
 End of changes. 1 change blocks. 
1 lines changed or deleted 1 lines changed or added


 psmalloc.h   psmalloc.h 
/* /*
* psmalloc.h * psmalloc.h
* Release $Name: MATRIXSSL-3-3-0-OPEN $ * Release $Name: MATRIXSSL-3-3-1-OPEN $
* *
* Header for psMalloc functions * Header for psMalloc functions
*/ */
/* /*
* Copyright (c) AuthenTec, Inc. 2011-2012 * Copyright (c) AuthenTec, Inc. 2011-2012
* Copyright (c) PeerSec Networks, 2002-2011 * Copyright (c) PeerSec Networks, 2002-2011
* All Rights Reserved * All Rights Reserved
* *
* The latest version of this code is available at http://www.matrixssl .org * The latest version of this code is available at http://www.matrixssl .org
* *
 End of changes. 1 change blocks. 
1 lines changed or deleted 1 lines changed or added


 pstm.h   pstm.h 
/* /*
* pstm.h * pstm.h
* Release $Name: MATRIXSSL-3-3-0-OPEN $ * Release $Name: MATRIXSSL-3-3-1-OPEN $
* *
* multiple-precision integer library * multiple-precision integer library
*/ */
/* /*
* Copyright (c) AuthenTec, Inc. 2011-2012 * Copyright (c) AuthenTec, Inc. 2011-2012
* Copyright (c) PeerSec Networks, 2002-2011 * Copyright (c) PeerSec Networks, 2002-2011
* All Rights Reserved * All Rights Reserved
* *
* The latest version of this code is available at http://www.matrixssl .org * The latest version of this code is available at http://www.matrixssl .org
* *
skipping to change at line 150 skipping to change at line 150
extern int32 pstm_init_for_read_unsigned_bin(psPool_t *pool, pstm_int *a, extern int32 pstm_init_for_read_unsigned_bin(psPool_t *pool, pstm_int *a,
uint32 len); uint32 len);
extern int32 pstm_read_unsigned_bin(pstm_int *a, unsigned char *b, int32 c) ; extern int32 pstm_read_unsigned_bin(pstm_int *a, unsigned char *b, int32 c) ;
extern int32 pstm_unsigned_bin_size(pstm_int *a); extern int32 pstm_unsigned_bin_size(pstm_int *a);
extern int32 pstm_copy(pstm_int * a, pstm_int * b); extern int32 pstm_copy(pstm_int * a, pstm_int * b);
extern void pstm_exch(pstm_int * a, pstm_int * b);
extern void pstm_clear(pstm_int * a); extern void pstm_clear(pstm_int * a);
extern void pstm_clear_multi(pstm_int *mp0, pstm_int *mp1, pstm_int *mp2, extern void pstm_clear_multi(pstm_int *mp0, pstm_int *mp1, pstm_int *mp2,
pstm_int *mp3, pstm_int *mp4, pstm_int *mp5, pstm_int *mp6, pstm_int *mp3, pstm_int *mp4, pstm_int *mp5, pstm_int *mp6,
pstm_int *mp7); pstm_int *mp7);
extern int32 pstm_grow(pstm_int * a, int16 size); extern int32 pstm_grow(pstm_int * a, int16 size);
extern void pstm_clamp(pstm_int * a); extern void pstm_clamp(pstm_int * a);
 End of changes. 2 change blocks. 
1 lines changed or deleted 3 lines changed or added


 pubkey.h   pubkey.h 
/* /*
* pubkey.h * pubkey.h
* Release $Name: MATRIXSSL-3-3-0-OPEN $ * Release $Name: MATRIXSSL-3-3-1-OPEN $
*/ */
/* /*
* Copyright (c) AuthenTec, Inc. 2011-2012 * Copyright (c) AuthenTec, Inc. 2011-2012
* Copyright (c) PeerSec Networks, 2002-2011 * Copyright (c) PeerSec Networks, 2002-2011
* All Rights Reserved * All Rights Reserved
* *
* The latest version of this code is available at http://www.matrixssl .org * The latest version of this code is available at http://www.matrixssl .org
* *
* This software is open source; you can redistribute it and/or modify * This software is open source; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
skipping to change at line 78 skipping to change at line 78
#ifdef USE_RSA #ifdef USE_RSA
/************************************************************************** ****/ /************************************************************************** ****/
/* /*
Primary RSA Key struct. Define here for crypto Primary RSA Key struct. Define here for crypto
*/ */
typedef struct { typedef struct {
pstm_int e, d, N, qP, dP, dQ, p, q; pstm_int e, d, N, qP, dP, dQ, p, q;
uint32 size; /* Size of the key in bytes */ uint32 size; /* Size of the key in bytes */
int32 optimized; /* 1 for optimized */ int32 optimized; /* 1 for optimized */
} psRsaKey_t; } psRsaKey_t;
#endif /* USE_RSA */ #endif /* USE_RSA */
/************************************************************************** ****/ /************************************************************************** ****/
/************************************************************************** ****/ /************************************************************************** ****/
/************************************************************************** ****/ /************************************************************************** ****/
/************************************************************************** ****/ /************************************************************************** ****/
/************************************************************************** ****/ /************************************************************************** ****/
/************************************************************************** ****/ /************************************************************************** ****/
 End of changes. 2 change blocks. 
1 lines changed or deleted 2 lines changed or added


 symmetric.h   symmetric.h 
/* /*
* symmetric.h * symmetric.h
* Release $Name: MATRIXSSL-3-3-0-OPEN $ * Release $Name: MATRIXSSL-3-3-1-OPEN $
* *
* Header for internal symmetric key cryptography support * Header for internal symmetric key cryptography support
*/ */
/* /*
* Copyright (c) AuthenTec, Inc. 2011-2012 * Copyright (c) AuthenTec, Inc. 2011-2012
* Copyright (c) PeerSec Networks, 2002-2011 * Copyright (c) PeerSec Networks, 2002-2011
* All Rights Reserved * All Rights Reserved
* *
* The latest version of this code is available at http://www.matrixssl .org * The latest version of this code is available at http://www.matrixssl .org
* *
skipping to change at line 50 skipping to change at line 50
/************************************************************************** ****/ /************************************************************************** ****/
typedef struct { typedef struct {
uint32 eK[64], dK[64]; uint32 eK[64], dK[64];
int32 Nr; int32 Nr;
} psAesKey_t; } psAesKey_t;
typedef struct { typedef struct {
int32 blocklen; int32 blocklen;
unsigned char IV[16]; unsigned char IV[16];
psAesKey_t key; psAesKey_t key;
int32 explicitIV;
} aes_CBC; } aes_CBC;
#endif /* USE_AES */ #endif /* USE_AES */
/************************************************************************** ****/ /************************************************************************** ****/
/************************************************************************** ****/ /************************************************************************** ****/
#if defined(USE_3DES) || defined(USE_DES) #if defined(USE_3DES) || defined(USE_DES)
/************************************************************************** ****/ /************************************************************************** ****/
#define DES3_KEY_LEN 24 #define DES3_KEY_LEN 24
#define DES3_IV_LEN 8 #define DES3_IV_LEN 8
skipping to change at line 74 skipping to change at line 73
uint32 ek[3][32], dk[3][32]; uint32 ek[3][32], dk[3][32];
} psDes3Key_t; } psDes3Key_t;
/* /*
A block cipher CBC structure A block cipher CBC structure
*/ */
typedef struct { typedef struct {
int32 blocklen; int32 blocklen;
unsigned char IV[8]; unsigned char IV[8];
psDes3Key_t key; psDes3Key_t key;
int32 explicitIV; /* 1 if yes */
} des3_CBC; } des3_CBC;
#endif /* USE_3DES || USE_DES */ #endif /* USE_3DES || USE_DES */
/************************************************************************** ****/ /************************************************************************** ****/
/************************************************************************** ****/ /************************************************************************** ****/
#ifdef USE_ARC4 #ifdef USE_ARC4
typedef struct { typedef struct {
unsigned char state[256]; unsigned char state[256];
uint32 byteCount; uint32 byteCount;
 End of changes. 3 change blocks. 
3 lines changed or deleted 1 lines changed or added


 version.h   version.h 
/* /*
Copyright 2012 AuthenTec Copyright 2012 AuthenTec
This file is auto-generated This file is auto-generated
*/ */
#ifndef _h_MATRIXSSL_VERSION #ifndef _h_MATRIXSSL_VERSION
#define _h_MATRIXSSL_VERSION #define _h_MATRIXSSL_VERSION
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif
#define MATRIXSSL_VERSION "3.3.0-OPEN" #define MATRIXSSL_VERSION "3.3.1-OPEN"
#define MATRIXSSL_VERSION_MAJOR 3 #define MATRIXSSL_VERSION_MAJOR 3
#define MATRIXSSL_VERSION_MINOR 3 #define MATRIXSSL_VERSION_MINOR 3
#define MATRIXSSL_VERSION_PATCH 0 #define MATRIXSSL_VERSION_PATCH 1
#define MATRIXSSL_VERSION_CODE "OPEN" #define MATRIXSSL_VERSION_CODE "OPEN"
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif
#endif /* _h_MATRIXSSL_VERSION */ #endif /* _h_MATRIXSSL_VERSION */
 End of changes. 2 change blocks. 
2 lines changed or deleted 2 lines changed or added


 x509.h   x509.h 
/* /*
* x509.h * x509.h
* Release $Name: MATRIXSSL-3-3-0-OPEN $ * Release $Name: MATRIXSSL-3-3-1-OPEN $
*/ */
/* /*
* Copyright (c) AuthenTec, Inc. 2011-2012 * Copyright (c) AuthenTec, Inc. 2011-2012
* Copyright (c) PeerSec Networks, 2002-2011 * Copyright (c) PeerSec Networks, 2002-2011
* All Rights Reserved * All Rights Reserved
* *
* The latest version of this code is available at http://www.matrixssl .org * The latest version of this code is available at http://www.matrixssl .org
* *
* This software is open source; you can redistribute it and/or modify * This software is open source; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
 End of changes. 1 change blocks. 
1 lines changed or deleted 1 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/