diff --git a/AUTHORS b/AUTHORS index ce7d33a..7105003 100644 --- a/AUTHORS +++ b/AUTHORS @@ -2,11 +2,15 @@ J Harper Janne Johansson Bryan Klisch Steve Lokos +Jani Malin Arto Niemi Marko Nippula +Yiming Yang Tom St.Denis PeerSec Networks AuthenTec INSIDE Secure +Verimatrix +Rambus Inc. diff --git a/Makefile b/Makefile index 95edec0..a5e2185 100644 --- a/Makefile +++ b/Makefile @@ -1,7 +1,7 @@ # # Top-level Makefile for building various versions of MatrixSSL. # -# Copyright (c) 2016 INSIDE Secure Corporation. All Rights Reserved. +# Copyright (c) 2016 Rambus Inc. All Rights Reserved. # # @version $Format:%h%d$ diff --git a/apps/common/Makefile b/apps/common/Makefile index a5f4690..0f81a75 100644 --- a/apps/common/Makefile +++ b/apps/common/Makefile @@ -1,7 +1,7 @@ # # Makefile for common apps code # -# Copyright (c) 2013-2016 INSIDE Secure Corporation. All Rights Reserved. +# Copyright (c) 2013-2016 Rambus Inc. All Rights Reserved. # MATRIXSSL_ROOT:=../.. diff --git a/apps/common/client_common.c b/apps/common/client_common.c index 2ee5c32..a3c2820 100644 --- a/apps/common/client_common.c +++ b/apps/common/client_common.c @@ -5,7 +5,7 @@ * MatrixSSL client common code. */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/apps/common/client_common.h b/apps/common/client_common.h index 703991f..d836f65 100644 --- a/apps/common/client_common.h +++ b/apps/common/client_common.h @@ -5,7 +5,7 @@ * MatrixSSL client common code. */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/apps/common/clientconfig.c b/apps/common/clientconfig.c index bfcc0bc..790e023 100644 --- a/apps/common/clientconfig.c +++ b/apps/common/clientconfig.c @@ -5,7 +5,7 @@ * MatrixSSL client configuration code. */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/apps/common/load_keys.c b/apps/common/load_keys.c index a2f6f29..a0f3012 100644 --- a/apps/common/load_keys.c +++ b/apps/common/load_keys.c @@ -5,7 +5,7 @@ * MatrixSSL key loading helpers. */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/apps/dtls/Makefile b/apps/dtls/Makefile index 0ac66f0..715256a 100644 --- a/apps/dtls/Makefile +++ b/apps/dtls/Makefile @@ -3,7 +3,7 @@ # 'make' builds debug (Default). # 'make gold' builds optimized. # -# Copyright (c) 2013-2016 INSIDE Secure Corporation. All Rights Reserved. +# Copyright (c) 2013-2016 Rambus Inc. All Rights Reserved. # MATRIXSSL_ROOT:=../.. diff --git a/apps/dtls/dtlsClient.c b/apps/dtls/dtlsClient.c index 02b8720..25d08bc 100644 --- a/apps/dtls/dtlsClient.c +++ b/apps/dtls/dtlsClient.c @@ -5,7 +5,7 @@ * MatrixDTLS client example. */ /* - * Copyright (c) 2014-2017 INSIDE Secure Corporation + * Copyright (c) 2014-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/apps/dtls/dtlsCommon.c b/apps/dtls/dtlsCommon.c index 7ae78ad..94bdb55 100644 --- a/apps/dtls/dtlsCommon.c +++ b/apps/dtls/dtlsCommon.c @@ -3,7 +3,7 @@ * @version $Format:%h%d$ */ /* - * Copyright (c) 2014-2017 INSIDE Secure Corporation + * Copyright (c) 2014-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -16,8 +16,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/apps/dtls/dtlsCommon.h b/apps/dtls/dtlsCommon.h index bd97152..0d3e16e 100644 --- a/apps/dtls/dtlsCommon.h +++ b/apps/dtls/dtlsCommon.h @@ -3,7 +3,7 @@ * @version $Format:%h%d$ */ /* - * Copyright (c) 2014-2017 INSIDE Secure Corporation + * Copyright (c) 2014-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -16,8 +16,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/apps/dtls/dtlsServer.c b/apps/dtls/dtlsServer.c index b4ebb34..7ac2fc4 100644 --- a/apps/dtls/dtlsServer.c +++ b/apps/dtls/dtlsServer.c @@ -6,7 +6,7 @@ * Supports multiple simultaneous clients and non-blocking sockets */ /* - * Copyright (c) 2014-2017 INSIDE Secure Corporation + * Copyright (c) 2014-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -19,8 +19,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. @@ -43,8 +43,11 @@ #include "dtlsCommon.h" /* Currently this example uses _psTrace for tracing, so osdep.h is needed: */ + +#ifndef ENABLE_COMBINED_TLS_DTLS #include "core/osdep.h" #include "core/psUtil.h" +#endif #include "osdep_sys_time.h" #include "osdep_stdio.h" @@ -89,7 +92,9 @@ static SOCKET newUdpSocket(char *ip, short port, int *err); static int sigsetup(void); static void sigsegv_handler(int); static void sigintterm_handler(int); -static void usage(void); +#ifndef ENABLE_COMBINED_TLS_DTLS +static void dtls_usage(void); +#endif static int32 process_cmd_options(int32 argc, char **argv); # ifdef USE_DTLS_DEBUG_TRACE @@ -327,12 +332,12 @@ static char ecCAFile[] = "testkeys/EC/ALL_EC_CAS_EXCEPT_P192_AND_P521.pem"; -static int exitFlag; +static int dtls_exitFlag; -static uint32_t g_rsaKeySize; -static uint32_t g_eccKeySize; -static uint32_t g_ecdhKeySize; -static int g_port; +static uint32_t g_rsaKeySize_dtls; +static uint32_t g_eccKeySize_dtls; +static uint32_t g_ecdhKeySize_dtls; +static int g_dtls_port = 4433; # ifdef USE_CERT_VALIDATOR /******************************************************************************/ @@ -370,7 +375,8 @@ static int32 certValidator(ssl_t *ssl, psX509Cert_t *cert, int32 alert) # define certValidator NULL # endif /* USE_CERT_VALIDATOR */ -static void usage(void) +#ifndef ENABLE_COMBINED_TLS_DTLS +static void dtls_usage(void) { Printf("\nusage: dltsServer { option }\n" "\n" @@ -387,6 +393,7 @@ static void usage(void) "-p - Port number to use\n" ); } +#endif /* Return 0 on good set of cmd options, return -1 if a bad cmd option is encountered OR a request for help is seen (i.e. '-h' option). */ @@ -395,8 +402,8 @@ static int32 process_cmd_options(int32 argc, char **argv) int32 optionChar; /* Set some default options: */ - g_rsaKeySize = 2048; - g_eccKeySize = g_ecdhKeySize = 256; + g_rsaKeySize_dtls = 2048; + g_eccKeySize_dtls = g_ecdhKeySize_dtls = 256; opterr = 0; while ((optionChar = getopt(argc, argv, "hr:e:d:l:p:")) != -1) @@ -410,9 +417,9 @@ static int32 process_cmd_options(int32 argc, char **argv) break; case 'r': - g_rsaKeySize = atoi(optarg); - if ((g_rsaKeySize != 1024) && (g_rsaKeySize != 2048) - && (g_rsaKeySize != 3072) && (g_rsaKeySize != 4096)) + g_rsaKeySize_dtls = atoi(optarg); + if ((g_rsaKeySize_dtls != 1024) && (g_rsaKeySize_dtls != 2048) + && (g_rsaKeySize_dtls != 3072) && (g_rsaKeySize_dtls != 4096)) { Printf("invalid -r option\n"); return -1; @@ -420,10 +427,10 @@ static int32 process_cmd_options(int32 argc, char **argv) break; case 'e': - g_eccKeySize = atoi(optarg); - if ((g_eccKeySize != 192) && (g_eccKeySize != 224) - && (g_eccKeySize != 256) && (g_eccKeySize != 384) - && (g_eccKeySize != 521)) + g_eccKeySize_dtls = atoi(optarg); + if ((g_eccKeySize_dtls != 192) && (g_eccKeySize_dtls != 224) + && (g_eccKeySize_dtls != 256) && (g_eccKeySize_dtls != 384) + && (g_eccKeySize_dtls != 521)) { Printf("invalid -e option\n"); return -1; @@ -431,8 +438,8 @@ static int32 process_cmd_options(int32 argc, char **argv) break; case 'd': - g_ecdhKeySize = atoi(optarg); - if ((g_ecdhKeySize != 256) && (g_ecdhKeySize != 521)) + g_ecdhKeySize_dtls = atoi(optarg); + if ((g_ecdhKeySize_dtls != 256) && (g_ecdhKeySize_dtls != 521)) { Printf("invalid -d option\n"); return -1; @@ -455,8 +462,8 @@ static int32 process_cmd_options(int32 argc, char **argv) break; # endif /* DTLS_PACKET_LOSS_TEST */ case 'p': - g_port = atoi(optarg); - if (g_port < 0) + g_dtls_port = atoi(optarg); + if (g_dtls_port < 0) { Printf("invalid -p option\n"); return -1; @@ -482,9 +489,6 @@ int main(int argc, char **argv) fd_set readfd; unsigned char *sslBuf, *recvfromBuf, *CAstream; -# ifdef USE_DTLS_DEBUG_TRACE - unsigned char *addrstr; -# endif # if !defined(ID_PSK) && !defined(ID_DHE_PSK) unsigned char *keyValue, *certValue; int32 keyLen, certLen; @@ -507,8 +511,10 @@ int main(int argc, char **argv) if (0 != process_cmd_options(argc, argv)) { - usage(); +#ifndef ENABLE_COMBINED_TLS_DTLS + dtls_usage(); return 0; +#endif } if (sigsetup() < 0) { @@ -564,7 +570,7 @@ int main(int argc, char **argv) # endif # ifdef EXAMPLE_RSA_KEYS - switch (g_rsaKeySize) + switch (g_rsaKeySize_dtls) { case 1024: certValue = (unsigned char *) RSA1024; @@ -591,7 +597,7 @@ int main(int argc, char **argv) keyLen = sizeof(RSA4096KEY); break; default: - _psTraceInt("Invalid RSA key length (%d)\n", g_rsaKeySize); + _psTraceInt("Invalid RSA key length (%d)\n", g_rsaKeySize_dtls); goto CLIENT_EXIT; } @@ -606,7 +612,7 @@ int main(int argc, char **argv) # ifdef EXAMPLE_ECDH_RSA_KEYS - switch (g_ecdhKeySize) + switch (g_ecdhKeySize_dtls) { case 256: certValue = (unsigned char *) ECDHRSA256; @@ -621,7 +627,7 @@ int main(int argc, char **argv) keyLen = sizeof(ECDHRSA521KEY); break; default: - _psTraceInt("Invalid ECDH_RSA key length (%d)\n", g_ecdhKeySize); + _psTraceInt("Invalid ECDH_RSA key length (%d)\n", g_ecdhKeySize_dtls); goto CLIENT_EXIT; } @@ -635,7 +641,7 @@ int main(int argc, char **argv) # endif # ifdef EXAMPLE_EC_KEYS - switch (g_eccKeySize) + switch (g_eccKeySize_dtls) { case 192: certValue = (unsigned char *) EC192; @@ -668,7 +674,7 @@ int main(int argc, char **argv) keyLen = sizeof(EC521KEY); break; default: - _psTraceInt("Invalid ECC key length (%d)\n", g_eccKeySize); + _psTraceInt("Invalid ECC key length (%d)\n", g_eccKeySize_dtls); goto CLIENT_EXIT; } @@ -694,7 +700,7 @@ int main(int argc, char **argv) */ CAstreamLen = 0; # ifdef USE_RSA - if (g_rsaKeySize == 3072) + if (g_rsaKeySize_dtls == 3072) { CAstreamLen += (int32) Strlen(rsaCA3072File) + 1; } @@ -714,7 +720,7 @@ int main(int argc, char **argv) CAstreamLen = 0; # ifdef USE_RSA - if (g_rsaKeySize == 3072) + if (g_rsaKeySize_dtls == 3072) { Memcpy(CAstream, rsaCA3072File, Strlen(rsaCA3072File)); CAstreamLen += Strlen(rsaCA3072File); @@ -799,7 +805,19 @@ int main(int argc, char **argv) } # endif /* PSK */ - recvfromBufLen = matrixDtlsGetPmtu(); + for (int i = 0; i < 10; i++) { + recvfromBufLen = matrixDtlsGetPmtu(); + if (recvfromBufLen) break; + Sleep(1); + } + _psTraceInt("RECVFROM buf len:%d\n", recvfromBufLen); + + if (recvfromBufLen == 0) { + rc = PS_PLATFORM_FAIL; + _psTrace("Init error getting pmtu?!\n"); + goto CLIENT_EXIT; + } + if ((recvfromBuf = psMalloc(MATRIX_NO_POOL, recvfromBufLen)) == NULL) { rc = PS_MEM_FAIL; @@ -807,15 +825,15 @@ int main(int argc, char **argv) goto CLIENT_EXIT; } - if ((sock = newUdpSocket(NULL, g_port, &err)) == INVALID_SOCKET) + if ((sock = newUdpSocket(NULL, g_dtls_port, &err)) == INVALID_SOCKET) { _psTrace("Error creating UDP socket\n"); goto DTLS_EXIT; } - _psTraceInt("DTLS server running on port %d\n", g_port); + _psTraceInt("DTLS server running on port %d\n", g_dtls_port); /* Server loop */ - for (exitFlag = 0; exitFlag == 0; ) + for (dtls_exitFlag = 0; dtls_exitFlag == 0; ) { timeout.tv_sec = 1; timeout.tv_usec = 0; @@ -831,12 +849,13 @@ int main(int argc, char **argv) if (val > 0 && FD_ISSET(sock, &readfd)) { - _psTraceInt("Select woke %d\n", val); /* recvfrom data must always go into generic buffer becuase we don't yet know who it is from */ inaddrlen = sizeof(struct sockaddr_in); - if ((recvLen = (int32) recvfrom(sock, recvfromBuf, recvfromBufLen, 0, - (struct sockaddr *) &inaddr, &inaddrlen)) < 0) + recvLen = (int32) recvfrom(sock, recvfromBuf, recvfromBufLen, 0, + (struct sockaddr *) &inaddr, &inaddrlen); + + if (recvLen < 0) { # ifdef WIN32 if (SOCKET_ERRNO != EWOULDBLOCK && @@ -854,7 +873,7 @@ int main(int argc, char **argv) # ifdef USE_DTLS_DEBUG_TRACE /* nice for debugging */ { - const char *addrstr; + unsigned char *addrstr; addrstr = getaddrstring((struct sockaddr *) &inaddr, 1); _psTraceInt("Read %d bytes ", recvLen); _psTraceStr("from %s\n", (char *) addrstr); @@ -1151,6 +1170,8 @@ static SOCKET newUdpSocket(char *ip, short port, int *err) struct sockaddr_in addr = { 0 }; SOCKET fd; + _psTraceInt("New UDP Socket %d\n", port); + if ((fd = Socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) < 0) { _psTraceInt("Error creating socket %d\n", SOCKET_ERRNO); @@ -1192,7 +1213,7 @@ static void sigsegv_handler(int arg) /* catch ctrl-c or sigterm */ static void sigintterm_handler(int arg) { - exitFlag = 1; /* Rudimentary exit flagging */ + dtls_exitFlag = 1; /* Rudimentary exit flagging */ } static int sigsetup(void) diff --git a/apps/ssl/Makefile b/apps/ssl/Makefile index fcd498b..966b875 100644 --- a/apps/ssl/Makefile +++ b/apps/ssl/Makefile @@ -3,7 +3,7 @@ # 'make' builds debug (Default). # 'make gold' builds optimized. # -# Copyright (c) 2013-2019 INSIDE Secure Corporation. All Rights Reserved. +# Copyright (c) 2013-2019 Rambus Inc. All Rights Reserved. # MATRIXSSL_ROOT:=../.. @@ -16,6 +16,9 @@ CLIENT_EXE:=client$(E) NET_EXE:=matrixnet$(E) EXE=$(SERVER_EXE) $(CLIENT_EXE) +TLSDTLS_SERVER_SRC:=tlsDtlsServer.c http.c +TLSDTLS_SERVER_EXE:=tlsDtlsServer$(E) + SIMPLE_CLIENT_SRC:=simpleClient.c SIMPLE_CLIENT_EXE:=simpleClient$(E) SIMPLE_SERVER_SRC:=simpleServer.c @@ -34,6 +37,8 @@ SRC+=$(IA_CLIENT_SRC) EXE+=$(IA_CLIENT_EXE) SRC+=$(IA_SERVER_SRC) EXE+=$(IA_SERVER_EXE) +SRC+=$(TLSDTLS_SERVER_SRC) +EXE+=$(TLSDTLS_SERVER_EXE) #The Mac OS X Xcode project has a target name of 'server' or 'client' ifneq (,$(TARGET_NAME)) @@ -71,6 +76,7 @@ STATIC_CLIENT:=\ # Allow selecting the client auth identity (ID_RSA, ID_ECDH_ECDSA, # etc.) via an environment variable. +CIPHER_OPTION?=ID_RSA ifneq '$(CIPHER_OPTION)' '' CFLAGS+=-D$(CIPHER_OPTION) endif @@ -101,6 +107,9 @@ $(IA_SERVER_EXE): $(IA_SERVER_SRC:.c=.o) $(STATIC) $(NET_EXE): $(NET_SRC:.c=.o) $(STATIC) $(CC) -o $@ $^ $(LDFLAGS) $(CFLAGS) +$(TLSDTLS_SERVER_EXE): $(TLSDTLS_SERVER_SRC:.c=.o) $(STATIC) + $(CC) -o $@ $^ $(LDFLAGS) $(CFLAGS) + clean: rm -f $(EXE) $(OBJS) TLS_*.tmp SSL_*.tmp diff --git a/apps/ssl/app.h b/apps/ssl/app.h index b8d0e53..37a9c36 100644 --- a/apps/ssl/app.h +++ b/apps/ssl/app.h @@ -5,7 +5,7 @@ * Header for MatrixSSL example sockets client and server applications. */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/apps/ssl/client.c b/apps/ssl/client.c index 13f2e47..4e360ba 100644 --- a/apps/ssl/client.c +++ b/apps/ssl/client.c @@ -5,7 +5,7 @@ * Simple MatrixSSL blocking client example. */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. @@ -45,7 +45,7 @@ # define NEED_PS_TIME_CONCRETE #endif -#ifndef USE_MULTITHREADING +#if !defined(NO_MULTITHREADING) && !defined(USE_MULTITHREADING) # define USE_MULTITHREADING #endif @@ -1885,6 +1885,12 @@ static int32 certCb(ssl_t *ssl, psX509Cert_t *cert, int32 alert) psTrace("Maximum cert chain verify depth exceeded\n"); return SSL_ALERT_UNKNOWN_CA; } + + /* Check if this is the last validated certificate. */ + if (next->pathEnd == PS_TRUE) + { + break; + } } } /* Example to allow anonymous connections based on a define */ @@ -1963,6 +1969,12 @@ static int32 certCb(ssl_t *ssl, psX509Cert_t *cert, int32 alert) alert = SSL_ALERT_BAD_CERTIFICATE; break; } + + /* Check if this is the last validated certificate. */ + if (next->pathEnd == PS_TRUE) + { + break; + } } /* @@ -2013,6 +2025,12 @@ static int32 certCb(ssl_t *ssl, psX509Cert_t *cert, int32 alert) psTrace("Cert extendedKeyUsage extension doesn't allow TLS\n"); } } + + /* Check if this is the last validated certificate. */ + if (next->pathEnd == PS_TRUE) + { + break; + } } if (alert == SSL_ALERT_BAD_CERTIFICATE) @@ -2147,6 +2165,12 @@ RETRY_CRL_TEST_ONCE: default: break; } + + /* Check if this is the last validated certificate. */ + if (next->pathEnd == PS_TRUE) + { + break; + } } } /* End CRL local code block */ # endif diff --git a/apps/ssl/http.c b/apps/ssl/http.c index 77130ea..2f6369d 100644 --- a/apps/ssl/http.c +++ b/apps/ssl/http.c @@ -5,7 +5,7 @@ * Simple INCOMPLETE HTTP parser for example applications. */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/apps/ssl/interactiveClient.c b/apps/ssl/interactiveClient.c index 009b801..3eab5ca 100644 --- a/apps/ssl/interactiveClient.c +++ b/apps/ssl/interactiveClient.c @@ -5,7 +5,7 @@ * Interactive client-side test tool. */ /* - * Copyright (c) 2013-2019 INSIDE Secure Corporation + * Copyright (c) 2013-2019 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/apps/ssl/interactiveCommon.c b/apps/ssl/interactiveCommon.c index 680f231..1a149fd 100644 --- a/apps/ssl/interactiveCommon.c +++ b/apps/ssl/interactiveCommon.c @@ -5,7 +5,7 @@ * Common parts of interactiveClient.c and interactiveServer.c */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. @@ -689,7 +689,8 @@ psRes_t getUserCiphersuites(psCipher16_t *ciphersuites, "(5) TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256\n" \ "(6) TLS_RSA_WITH_AES_128_GCM_SHA256\n" \ "(7) All TLS 1.3 suites (prefer SHA256)\n" \ - "(8) All TLS 1.3 suites (prefer SHA384)\n"; + "(8) All TLS 1.3 suites (prefer SHA384)\n" \ + "(9) TLS_RSA_WITH_NULL_SHA256\n"; int rc; char c; int got_it = 0; @@ -735,6 +736,9 @@ psRes_t getUserCiphersuites(psCipher16_t *ciphersuites, ciphersuites[i++] = TLS_AES_128_GCM_SHA256; ciphersuites[i++] = TLS_CHACHA20_POLY1305_SHA256; break; + case '9': + ciphersuites[i++] = TLS_RSA_WITH_NULL_SHA256; + break; case 'q': return PS_FAILURE; default: diff --git a/apps/ssl/interactiveCommon.h b/apps/ssl/interactiveCommon.h index 9a067a4..827e4c9 100644 --- a/apps/ssl/interactiveCommon.h +++ b/apps/ssl/interactiveCommon.h @@ -5,7 +5,7 @@ * Common parts of interactiveClient.c and interactiveServer.c */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/apps/ssl/interactiveServer.c b/apps/ssl/interactiveServer.c index 7a66eda..3505804 100644 --- a/apps/ssl/interactiveServer.c +++ b/apps/ssl/interactiveServer.c @@ -5,7 +5,7 @@ * Interactive client-side test tool. */ /* - * Copyright (c) 2013-2019 INSIDE Secure Corporation + * Copyright (c) 2013-2019 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/apps/ssl/net.c b/apps/ssl/net.c index 3275ba7..13f36eb 100644 --- a/apps/ssl/net.c +++ b/apps/ssl/net.c @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2017 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2017 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/apps/ssl/net.sh b/apps/ssl/net.sh index 02c7c95..2c27e97 100755 --- a/apps/ssl/net.sh +++ b/apps/ssl/net.sh @@ -4,7 +4,7 @@ if [ -e apps/ssl ];then cd apps/ssl;fi set -x ./matrixnet --help -./matrixnet --get http://www.insidesecure.com/ || echo Failed expectedly. +./matrixnet --get http://www.rambus.com/ || echo Failed expectedly. (./matrixnet --get http://essjira.insidesecure.com | fold -w 80 | head -10) (./matrixnet --get http://localhost/ | fold -w 80 | head -10) diff --git a/apps/ssl/server.c b/apps/ssl/server.c index c5ccfd2..49a8c4f 100644 --- a/apps/ssl/server.c +++ b/apps/ssl/server.c @@ -6,7 +6,7 @@ * Uses a single, hardcoded RSA identity. No client authentication. */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -19,8 +19,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. @@ -48,6 +48,7 @@ #include "app.h" #include "matrixssl/matrixsslApi.h" +#include "osdep.h" #include "core/psUtil.h" #include "osdep_sys_socket.h" #include "osdep_sys_types.h" @@ -370,6 +371,7 @@ out: return rc; } + /******************************************************************************/ /* Non-blocking socket event handler @@ -1223,6 +1225,7 @@ static int32 process_cmd_options(int32 argc, char **argv) g_disabledCiphers = 0; opterr = 0; + optind = 1; while ((optionChar = getopt(argc, argv, "c:d:g:a:Bb:AD:hKk:n:oOp:P:v:V:x:r:S:C:W:E:")) != -1) @@ -1386,6 +1389,7 @@ static int32 process_cmd_options(int32 argc, char **argv) case 'v': /* Single version. */ version = matrixSslVersionFromMinorDigit(atoi(optarg)); + if (!matrixSslTlsVersionRangeSupported(version, version)) { @@ -1870,7 +1874,7 @@ static SOCKET lsocketListen(short port, int32 *err) static int setSocketOptions(SOCKET fd) { int rc; - + # ifdef POSIX if (fcntl(fd, F_SETFD, FD_CLOEXEC) < 0) { @@ -1968,4 +1972,5 @@ int main(int argc, char **argv) return 1; } + #endif /* MATRIX_USE_FILE_SYSTEM */ diff --git a/apps/ssl/simpleClient.c b/apps/ssl/simpleClient.c index 824bd77..2c83f9f 100644 --- a/apps/ssl/simpleClient.c +++ b/apps/ssl/simpleClient.c @@ -9,7 +9,7 @@ * - Only 1 simultaneous connection. */ /* - * Copyright (c) 2013-2019 INSIDE Secure Corporation + * Copyright (c) 2013-2019 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -22,8 +22,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/apps/ssl/simpleServer.c b/apps/ssl/simpleServer.c index d4f46b2..f6a4b18 100644 --- a/apps/ssl/simpleServer.c +++ b/apps/ssl/simpleServer.c @@ -9,7 +9,7 @@ * - Only 1 simultaneous connection. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -22,8 +22,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/apps/ssl/simpleServerRecvFile.c b/apps/ssl/simpleServerRecvFile.c index ef96f77..280b5af 100644 --- a/apps/ssl/simpleServerRecvFile.c +++ b/apps/ssl/simpleServerRecvFile.c @@ -8,7 +8,7 @@ * - Only 1 simultaneous connection. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -21,8 +21,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/apps/ssl/tlsDtlsServer.c b/apps/ssl/tlsDtlsServer.c new file mode 100644 index 0000000..d6e3063 --- /dev/null +++ b/apps/ssl/tlsDtlsServer.c @@ -0,0 +1,129 @@ +/** + * @file server.c + * @version $Format:%h%d$ + * + * Simple non-blocking MatrixSSL server example for multiple connections. + * Uses a single, hardcoded RSA identity. No client authentication. + */ +/* + * Copyright (c) 2013-2017 Rambus Inc. + * Copyright (c) PeerSec Networks, 2002-2011 + * All Rights Reserved + * + * The latest version of this code is available at http://www.matrixssl.org + * + * This software is open source; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This General Public License does NOT permit incorporating this software + * into proprietary programs. If you are unable to comply with the GPL, a + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ + * + * This program is distributed in WITHOUT ANY WARRANTY; without even the + * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + * See the GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + * http://www.gnu.org/copyleft/gpl.html + */ +/******************************************************************************/ + +#define ENABLE_COMBINED_TLS_DTLS + +#define main tls_main +#include "server.c" +#undef main + +#ifdef USE_MULTITHREADING + +# define sigsegv_handler dtls_sigsegv_handler +# define sigintterm_handler dtls_sigintterm_handler +# define setSocketOptions dtls_setSocketOptions +# define process_cmd_options dtls_process_cmd_options +# define usage dtls_usage +# define main dtls_main + + +# include "../dtls/dtlsCommon.c" +# include "../dtls/dtlsServer.c" + +# undef main + +static pthread_t tls_server_thread = 0; +static pthread_t dtls_server_thread = 0; + +char **argv_server; +int argc_server = 0; + +static void closedown_exit(const char *msg, int rc) +{ + + if (msg) + { + Fprintf(stderr, "%s\n", msg); + } + exit(rc); +} + +void *tls_server_main_pthread(void *null_arg) +{ + int rc; + + psAssert(null_arg == NULL); + Printf("Launching TLS server\n"); + rc = tls_main(argc_server, argv_server); + return (void *) (uintptr_t) rc; +} + +void *dtls_server_main_pthread(void *null_arg) +{ + int rc; + + psAssert(null_arg == NULL); + Printf("Launching DTLS server\n"); + rc = dtls_main(argc_server, argv_server); + return (void *) (uintptr_t) rc; +} + +int main(int argc, char **argv) +{ + int rc; + void *rcv; + + argc_server = argc; + argv_server = argv; +// for (int i = 0; i < argc_server ; i++) { +// argv_server[i] = argv[i + 1]; +// } + rc = Pthread_create(&tls_server_thread, NULL, &tls_server_main_pthread, NULL); + if (rc != 0) + { + closedown_exit("unable to launch TLS server", EXIT_FAILURE); + } + rc = Pthread_create(&dtls_server_thread, NULL, &dtls_server_main_pthread, NULL); + if (rc != 0) + { + closedown_exit("unable to launch DTLS server", EXIT_FAILURE); + } + + Pthread_join(dtls_server_thread, &rcv); + Printf("Shutting down server\n"); + pthread_kill(tls_server_thread, SIGINT); + Pthread_join(tls_server_thread, &rcv); + return 0; +} + +#else +int main(int argc, char **argv) +{ + Printf("You need to #define USE_MULTITHREADING for this test\n"); + return 1; +} + +#endif + diff --git a/common.mk b/common.mk index 5d1192a..f99e7c4 100644 --- a/common.mk +++ b/common.mk @@ -1,7 +1,7 @@ ## # Common Makefile definitions. # @version $Format:%h%d$ -# Copyright (c) 2013-2017 INSIDE Secure Corporation. All Rights Reserved. +# Copyright (c) 2013-2017 Rambus Inc. All Rights Reserved. # #------------------------------------------------------------------------------- diff --git a/configs/default/coreConfig.h b/configs/default/coreConfig.h index e36e01f..69a6182 100644 --- a/configs/default/coreConfig.h +++ b/configs/default/coreConfig.h @@ -5,7 +5,7 @@ * Configuration settings for Matrix core module. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/configs/default/cryptoConfig.h b/configs/default/cryptoConfig.h index 082b544..d9724d0 100644 --- a/configs/default/cryptoConfig.h +++ b/configs/default/cryptoConfig.h @@ -5,7 +5,7 @@ * Configuration file for crypto features. */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/configs/default/matrixsslConfig.h b/configs/default/matrixsslConfig.h index b9a98ef..3194ea4 100644 --- a/configs/default/matrixsslConfig.h +++ b/configs/default/matrixsslConfig.h @@ -8,7 +8,7 @@ * to enable the most commonly used cipher suites. */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -21,8 +21,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/configs/fulltest/coreConfig.h b/configs/fulltest/coreConfig.h index e36e01f..69a6182 100644 --- a/configs/fulltest/coreConfig.h +++ b/configs/fulltest/coreConfig.h @@ -5,7 +5,7 @@ * Configuration settings for Matrix core module. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/configs/fulltest/cryptoConfig.h b/configs/fulltest/cryptoConfig.h index 31da90d..e4f7310 100644 --- a/configs/fulltest/cryptoConfig.h +++ b/configs/fulltest/cryptoConfig.h @@ -5,7 +5,7 @@ * Configuration file for crypto features. */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/configs/fulltest/matrixsslConfig.h b/configs/fulltest/matrixsslConfig.h index a9e4556..ac69595 100644 --- a/configs/fulltest/matrixsslConfig.h +++ b/configs/fulltest/matrixsslConfig.h @@ -8,7 +8,7 @@ * to enable the most commonly used cipher suites. */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -21,8 +21,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/configs/noecc/coreConfig.h b/configs/noecc/coreConfig.h index e36e01f..69a6182 100644 --- a/configs/noecc/coreConfig.h +++ b/configs/noecc/coreConfig.h @@ -5,7 +5,7 @@ * Configuration settings for Matrix core module. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/configs/noecc/cryptoConfig.h b/configs/noecc/cryptoConfig.h index 81f0b79..357386f 100644 --- a/configs/noecc/cryptoConfig.h +++ b/configs/noecc/cryptoConfig.h @@ -5,7 +5,7 @@ * Configuration file for crypto features. */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/configs/noecc/matrixsslConfig.h b/configs/noecc/matrixsslConfig.h index 961dc3e..ef8940c 100644 --- a/configs/noecc/matrixsslConfig.h +++ b/configs/noecc/matrixsslConfig.h @@ -8,7 +8,7 @@ * to enable the most commonly used cipher suites. */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -21,8 +21,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/configs/psk/coreConfig.h b/configs/psk/coreConfig.h index 8d31801..37cb3f2 100644 --- a/configs/psk/coreConfig.h +++ b/configs/psk/coreConfig.h @@ -5,7 +5,7 @@ * Configuration settings for Matrix core module. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/configs/psk/cryptoConfig.h b/configs/psk/cryptoConfig.h index 608d58e..7104eab 100644 --- a/configs/psk/cryptoConfig.h +++ b/configs/psk/cryptoConfig.h @@ -5,7 +5,7 @@ * Configuration file for crypto features. */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/configs/psk/matrixsslConfig.h b/configs/psk/matrixsslConfig.h index 33720c4..5b9bd84 100644 --- a/configs/psk/matrixsslConfig.h +++ b/configs/psk/matrixsslConfig.h @@ -8,7 +8,7 @@ * to enable the most commonly used cipher suites. */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -21,8 +21,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/configs/rsaonly/coreConfig.h b/configs/rsaonly/coreConfig.h index e36e01f..69a6182 100644 --- a/configs/rsaonly/coreConfig.h +++ b/configs/rsaonly/coreConfig.h @@ -5,7 +5,7 @@ * Configuration settings for Matrix core module. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/configs/rsaonly/cryptoConfig.h b/configs/rsaonly/cryptoConfig.h index 2589d73..34002b3 100644 --- a/configs/rsaonly/cryptoConfig.h +++ b/configs/rsaonly/cryptoConfig.h @@ -5,7 +5,7 @@ * Configuration file for crypto features. */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/configs/rsaonly/matrixsslConfig.h b/configs/rsaonly/matrixsslConfig.h index 000ac11..d63009f 100644 --- a/configs/rsaonly/matrixsslConfig.h +++ b/configs/rsaonly/matrixsslConfig.h @@ -8,7 +8,7 @@ * to enable the most commonly used cipher suites. */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -21,8 +21,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/configs/tls/coreConfig.h b/configs/tls/coreConfig.h index e36e01f..69a6182 100644 --- a/configs/tls/coreConfig.h +++ b/configs/tls/coreConfig.h @@ -5,7 +5,7 @@ * Configuration settings for Matrix core module. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/configs/tls/cryptoConfig.h b/configs/tls/cryptoConfig.h index 454c0f7..5cd1abf 100644 --- a/configs/tls/cryptoConfig.h +++ b/configs/tls/cryptoConfig.h @@ -5,7 +5,7 @@ * Configuration file for crypto features. */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/configs/tls/matrixsslConfig.h b/configs/tls/matrixsslConfig.h index b9a98ef..3194ea4 100644 --- a/configs/tls/matrixsslConfig.h +++ b/configs/tls/matrixsslConfig.h @@ -8,7 +8,7 @@ * to enable the most commonly used cipher suites. */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -21,8 +21,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/configs/tls12-minimal-client-ecc/coreConfig.h b/configs/tls12-minimal-client-ecc/coreConfig.h index 98ac4cd..33834a4 100644 --- a/configs/tls12-minimal-client-ecc/coreConfig.h +++ b/configs/tls12-minimal-client-ecc/coreConfig.h @@ -5,7 +5,7 @@ * Configuration settings for Matrix core module. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/configs/tls12-minimal-client-ecc/cryptoConfig.h b/configs/tls12-minimal-client-ecc/cryptoConfig.h index cdb051a..a4f5883 100644 --- a/configs/tls12-minimal-client-ecc/cryptoConfig.h +++ b/configs/tls12-minimal-client-ecc/cryptoConfig.h @@ -5,7 +5,7 @@ * Configuration file for crypto features. */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/configs/tls12-minimal-client-ecc/matrixsslConfig.h b/configs/tls12-minimal-client-ecc/matrixsslConfig.h index 11bf843..8f7ba01 100644 --- a/configs/tls12-minimal-client-ecc/matrixsslConfig.h +++ b/configs/tls12-minimal-client-ecc/matrixsslConfig.h @@ -8,7 +8,7 @@ * to enable the most commonly used cipher suites. */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -21,8 +21,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/configs/tls12-minimal/coreConfig.h b/configs/tls12-minimal/coreConfig.h index 98ac4cd..33834a4 100644 --- a/configs/tls12-minimal/coreConfig.h +++ b/configs/tls12-minimal/coreConfig.h @@ -5,7 +5,7 @@ * Configuration settings for Matrix core module. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/configs/tls12-minimal/cryptoConfig.h b/configs/tls12-minimal/cryptoConfig.h index 284fcc2..78e94a4 100644 --- a/configs/tls12-minimal/cryptoConfig.h +++ b/configs/tls12-minimal/cryptoConfig.h @@ -5,7 +5,7 @@ * Configuration file for crypto features. */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/configs/tls12-minimal/matrixsslConfig.h b/configs/tls12-minimal/matrixsslConfig.h index 4a34d34..79882b6 100644 --- a/configs/tls12-minimal/matrixsslConfig.h +++ b/configs/tls12-minimal/matrixsslConfig.h @@ -8,7 +8,7 @@ * to enable the most commonly used cipher suites. */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -21,8 +21,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/configs/tls13-minimal-client-ecc/coreConfig.h b/configs/tls13-minimal-client-ecc/coreConfig.h index 98ac4cd..33834a4 100644 --- a/configs/tls13-minimal-client-ecc/coreConfig.h +++ b/configs/tls13-minimal-client-ecc/coreConfig.h @@ -5,7 +5,7 @@ * Configuration settings for Matrix core module. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/configs/tls13-minimal-client-ecc/cryptoConfig.h b/configs/tls13-minimal-client-ecc/cryptoConfig.h index 05cdf39..1f7763e 100644 --- a/configs/tls13-minimal-client-ecc/cryptoConfig.h +++ b/configs/tls13-minimal-client-ecc/cryptoConfig.h @@ -5,7 +5,7 @@ * Configuration file for crypto features. */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/configs/tls13-minimal-client-ecc/matrixsslConfig.h b/configs/tls13-minimal-client-ecc/matrixsslConfig.h index 7089c32..b4b30ef 100644 --- a/configs/tls13-minimal-client-ecc/matrixsslConfig.h +++ b/configs/tls13-minimal-client-ecc/matrixsslConfig.h @@ -8,7 +8,7 @@ * to enable the most commonly used cipher suites. */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -21,8 +21,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/configs/tls13-minimal/coreConfig.h b/configs/tls13-minimal/coreConfig.h index 98ac4cd..33834a4 100644 --- a/configs/tls13-minimal/coreConfig.h +++ b/configs/tls13-minimal/coreConfig.h @@ -5,7 +5,7 @@ * Configuration settings for Matrix core module. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/configs/tls13-minimal/cryptoConfig.h b/configs/tls13-minimal/cryptoConfig.h index ed46ea3..f5c19dc 100644 --- a/configs/tls13-minimal/cryptoConfig.h +++ b/configs/tls13-minimal/cryptoConfig.h @@ -5,7 +5,7 @@ * Configuration file for crypto features. */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/configs/tls13-minimal/matrixsslConfig.h b/configs/tls13-minimal/matrixsslConfig.h index 1fa0a24..cbae8c2 100644 --- a/configs/tls13-minimal/matrixsslConfig.h +++ b/configs/tls13-minimal/matrixsslConfig.h @@ -8,7 +8,7 @@ * to enable the most commonly used cipher suites. */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -21,8 +21,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/configs/tls13/coreConfig.h b/configs/tls13/coreConfig.h index e36e01f..69a6182 100644 --- a/configs/tls13/coreConfig.h +++ b/configs/tls13/coreConfig.h @@ -5,7 +5,7 @@ * Configuration settings for Matrix core module. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/configs/tls13/cryptoConfig.h b/configs/tls13/cryptoConfig.h index 082b544..d9724d0 100644 --- a/configs/tls13/cryptoConfig.h +++ b/configs/tls13/cryptoConfig.h @@ -5,7 +5,7 @@ * Configuration file for crypto features. */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/configs/tls13/matrixsslConfig.h b/configs/tls13/matrixsslConfig.h index b9a98ef..3194ea4 100644 --- a/configs/tls13/matrixsslConfig.h +++ b/configs/tls13/matrixsslConfig.h @@ -8,7 +8,7 @@ * to enable the most commonly used cipher suites. */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -21,8 +21,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/GNUmakefile b/core/GNUmakefile index 8a0cddd..32097be 100644 --- a/core/GNUmakefile +++ b/core/GNUmakefile @@ -1,7 +1,7 @@ # # Makefile for core static library # -# Copyright (c) 2013-2017 INSIDE Secure Corporation. All Rights Reserved. +# Copyright (c) 2013-2017 Rambus Inc. All Rights Reserved. # ifeq ($(wildcard Makefile),) diff --git a/core/Makefile.inc b/core/Makefile.inc index e521327..8ef82b0 100644 --- a/core/Makefile.inc +++ b/core/Makefile.inc @@ -1,7 +1,7 @@ # # Path and linkage information for core static library # -# Copyright (c) 2017 INSIDE Secure. All Rights Reserved. +# Copyright (c) 2017 Rambus Inc. All Rights Reserved. # # This Makefile.inc is used from other Makefiles to reference @@ -17,5 +17,6 @@ CFLAGS_CORE_INCLUDE=\ -I$(CORE_PATH)/config -I$(CORE_PATH)/include -I$(CORE_PATH)/osdep/include \ -I$(CORE_PATH)/include/sfzcl -I$(CORE_PATH)/osdep/include +LIBTHREAD=-lpthread LIB_CORE_S=$(CORE_PATH)/libcore_s.a -LDADD_CORE_S=$(CORE_PATH)/libcore_s.a -lpthread +LDADD_CORE_S=$(CORE_PATH)/libcore_s.a $(LIBTHREAD) diff --git a/core/apps/GNUmakefile b/core/apps/GNUmakefile index a2efd07..d5253d6 100644 --- a/core/apps/GNUmakefile +++ b/core/apps/GNUmakefile @@ -1,7 +1,7 @@ # # Makefile for core testing # -# Copyright (c) 2013-2016 INSIDE Secure Corporation. All Rights Reserved. +# Copyright (c) 2013-2016 Rambus Inc. All Rights Reserved. # ifeq ($(wildcard Makefile),) diff --git a/core/config/cf_impldefs.h b/core/config/cf_impldefs.h index 12ba371..b6023dc 100644 --- a/core/config/cf_impldefs.h +++ b/core/config/cf_impldefs.h @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2007-2016 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2007-2016 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/config/cfg_pkcslib.h b/core/config/cfg_pkcslib.h index e057741..a13b97e 100644 --- a/core/config/cfg_pkcslib.h +++ b/core/config/cfg_pkcslib.h @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2007-2017 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2007-2017 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/config/cfg_spal.h b/core/config/cfg_spal.h index 2db31bb..e4c470c 100644 --- a/core/config/cfg_spal.h +++ b/core/config/cfg_spal.h @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2007-2016 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2007-2016 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/config/coreConfig.h b/core/config/coreConfig.h index e36e01f..69a6182 100644 --- a/core/config/coreConfig.h +++ b/core/config/coreConfig.h @@ -5,7 +5,7 @@ * Configuration settings for Matrix core module. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/config/sl_chacha20poly1305ietf_config.h b/core/config/sl_chacha20poly1305ietf_config.h index 168b2ab..75b71a9 100644 --- a/core/config/sl_chacha20poly1305ietf_config.h +++ b/core/config/sl_chacha20poly1305ietf_config.h @@ -6,7 +6,7 @@ */ /***************************************************************************** -* Copyright (c) 2017 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2017 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -17,8 +17,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/include/c_lib.h b/core/include/c_lib.h index 438acb2..20dc54e 100644 --- a/core/include/c_lib.h +++ b/core/include/c_lib.h @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2007-2016 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2007-2016 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/include/cl_basic.h b/core/include/cl_basic.h index eeb1798..c04c10a 100644 --- a/core/include/cl_basic.h +++ b/core/include/cl_basic.h @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2016-2017 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2016-2017 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/include/cl_header_begin.h b/core/include/cl_header_begin.h index 5f49684..d4790cd 100644 --- a/core/include/cl_header_begin.h +++ b/core/include/cl_header_begin.h @@ -1,6 +1,6 @@ /** @file cl_header_start.h - @copyright Copyright (c) 2017 INSIDE Secure Oy. All Rights Reserved. + @copyright Copyright (c) 2017 Rambus Inc. All Rights Reserved. Start header file. */ diff --git a/core/include/cl_header_end.h b/core/include/cl_header_end.h index b5d4aa4..6e52cb8 100644 --- a/core/include/cl_header_end.h +++ b/core/include/cl_header_end.h @@ -1,6 +1,6 @@ /** @file cl_header_start.h - @copyright Copyright (c) 2017 INSIDE Secure Oy. All Rights Reserved. + @copyright Copyright (c) 2017 Rambus Inc. All Rights Reserved. End header file. */ diff --git a/core/include/cl_types_base.h b/core/include/cl_types_base.h index b2734d0..5891501 100644 --- a/core/include/cl_types_base.h +++ b/core/include/cl_types_base.h @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2011-2017 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2011-2017 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/include/coreApi.h b/core/include/coreApi.h index 02bb01f..89682d5 100644 --- a/core/include/coreApi.h +++ b/core/include/coreApi.h @@ -5,7 +5,7 @@ * Prototypes for the Matrix core public APIs. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus Inc at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/include/implementation_defs.h b/core/include/implementation_defs.h index f7b85e2..9730cf3 100644 --- a/core/include/implementation_defs.h +++ b/core/include/implementation_defs.h @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2007-2016 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2007-2016 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/include/implementation_defs_log.h b/core/include/implementation_defs_log.h index fa310f5..0a036c5 100644 --- a/core/include/implementation_defs_log.h +++ b/core/include/implementation_defs_log.h @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2016 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2016 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/include/list.h b/core/include/list.h index 3456bf0..7540523 100644 --- a/core/include/list.h +++ b/core/include/list.h @@ -5,7 +5,7 @@ * List utilities. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus Inc at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/include/private/coreApiExt.h b/core/include/private/coreApiExt.h index 6da7ea7..4c769e8 100644 --- a/core/include/private/coreApiExt.h +++ b/core/include/private/coreApiExt.h @@ -5,7 +5,7 @@ * Internal or extended definitions for Matrix core. */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus Inc at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/include/psLog.h b/core/include/psLog.h index f5f3dbe..0351d64 100644 --- a/core/include/psLog.h +++ b/core/include/psLog.h @@ -8,7 +8,7 @@ * and MatrixSSL software or related software components. */ /* - * Copyright (c) 2017 INSIDE Secure Corporation + * Copyright (c) 2017 Rambus Inc. * All Rights Reserved * * The latest version of this code is available at http://www.matrixssl.org @@ -20,8 +20,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus Inc at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/include/psPrnf.h b/core/include/psPrnf.h index b05ab02..39d332a 100644 --- a/core/include/psPrnf.h +++ b/core/include/psPrnf.h @@ -9,7 +9,7 @@ * and MatrixSSL software or related software components. */ /* - * Copyright (c) 2017 INSIDE Secure Corporation + * Copyright (c) 2017 Rambus Inc. * All Rights Reserved * * The latest version of this code is available at http://www.matrixssl.org @@ -21,8 +21,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus Inc at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/include/psStat.h b/core/include/psStat.h index f20c4b8..52a1642 100644 --- a/core/include/psStat.h +++ b/core/include/psStat.h @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2018 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2018 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. @@ -165,6 +165,7 @@ typedef enum PS_STAT_ID_IKEV2_EXTRACT_SKEYSEED_REKEY, PS_STAT_ID_IKEV1_DERIVE_KEYING_MATERIAL, PS_STAT_ID_RBG_TEST_VECTOR, + PS_STAT_ID_RBG_RAW_ENTROPY, PS_STAT_ID_ASSET_ALLOCATE_EX, PS_STAT_ID_ASSET_REBIND, PS_STAT_ID_ASSET_ALLOCATE_AND_ASSOCIATE_KEY_EXTRA_EX, diff --git a/core/include/psUtil.h b/core/include/psUtil.h index 8302cbc..1763711 100644 --- a/core/include/psUtil.h +++ b/core/include/psUtil.h @@ -10,7 +10,7 @@ * and MatrixSSL software or related software components. */ /* - * Copyright (c) 2017 INSIDE Secure Corporation + * Copyright (c) 2017 Rambus Inc. * All Rights Reserved * * The latest version of this code is available at http://www.matrixssl.org @@ -22,8 +22,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus Inc at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. @@ -272,6 +272,12 @@ char *psStrdupN(const char *string); /* Free (no pool specified): This must be a real function. */ void psFreeN(void *ptr); +/* Perform initialization just once (built on mutexes.) */ +typedef void (*psOnceInitFunction)(void); +typedef int psOnce_t; +#define PS_ONCE_INIT 0 +void psOnce(psOnce_t *once_control, psOnceInitFunction init_routine); + /* These are implemented as macros, to allow compiler intrinsics to be used. */ # include "osdep_string.h" diff --git a/core/include/psbuf.h b/core/include/psbuf.h index dc55fb4..67959d6 100644 --- a/core/include/psbuf.h +++ b/core/include/psbuf.h @@ -5,7 +5,7 @@ * API for handling buffers containing binary data. */ /* - * Copyright (c) 2017 INSIDE Secure Corporation + * Copyright (c) 2017 Rambus Inc. * All Rights Reserved * * The latest version of this code is available at http://www.matrixssl.org @@ -17,8 +17,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus Inc at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/include/pscompilerdep.h b/core/include/pscompilerdep.h index 867fa11..5558f82 100644 --- a/core/include/pscompilerdep.h +++ b/core/include/pscompilerdep.h @@ -5,7 +5,7 @@ * Compiler Pragmas/Diagnostics Capabilities Abstraction. */ /* - * Copyright (c) 2018 INSIDE Secure Corporation + * Copyright (c) 2018 Rambus Inc. * All Rights Reserved * * The latest version of this code is available at http://www.matrixssl.org @@ -17,8 +17,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus Inc at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/include/pscompilerwarning.h b/core/include/pscompilerwarning.h index 043bfe1..259cb25 100644 --- a/core/include/pscompilerwarning.h +++ b/core/include/pscompilerwarning.h @@ -6,7 +6,7 @@ * to support as many compilers as possible. */ /* - * Copyright (c) 2018 INSIDE Secure Corporation + * Copyright (c) 2018 Rambus Inc. * All Rights Reserved * * The latest version of this code is available at http://www.matrixssl.org @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus Inc at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. @@ -54,8 +54,12 @@ # endif /* for compilers with #warning support. */ /* Default branches for for common compile time warnings. */ -# if defined WARNING_MESSAGE_DEFAULT_KEY && defined COMPILER_CAN_DO_WARNING -# warning "DO NOT USE THESE DEFAULT KEYS IN PRODUCTION ENVIRONMENTS." +# if defined COMPILER_CAN_DO_WARNING +# if defined WARNING_MESSAGE_DEFAULT_KEY +# warning "DO NOT USE THESE DEFAULT KEYS IN PRODUCTION ENVIRONMENTS." +# elif defined WARNING_LOC_DEPRECATED +# warning "WARNING: libopenssl-compat HAS BEEN DEPRECATED AND WILL NO LONGER BE SUPPORTED. THE PACKAGE WILL BE REMOVED FROM FUTURE RELEASES." +# endif /* Use the common #pragma message syntax for producing warnings. */ # elif !defined COMPILER_DOES_NOT_SUPPORT_PRAGMA_MESSAGE # define PSCOMPILERWARNING_STRING_(m_arg_) #m_arg_ diff --git a/core/include/pslist.h b/core/include/pslist.h index 2966b96..61e7702 100644 --- a/core/include/pslist.h +++ b/core/include/pslist.h @@ -5,7 +5,7 @@ * List utilities. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus Inc at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/include/psmalloc.h b/core/include/psmalloc.h index 5bab2ab..1c6ae50 100644 --- a/core/include/psmalloc.h +++ b/core/include/psmalloc.h @@ -5,7 +5,7 @@ * Header for psMalloc functions. */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus Inc at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/include/psnet.h b/core/include/psnet.h index 0e4e84d..ba218be 100644 --- a/core/include/psnet.h +++ b/core/include/psnet.h @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2007-2018 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2007-2018 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/include/psreadwriteutil.h b/core/include/psreadwriteutil.h index a625574..0ef1140 100644 --- a/core/include/psreadwriteutil.h +++ b/core/include/psreadwriteutil.h @@ -6,7 +6,7 @@ * */ /* - * Copyright (c) 2019 INSIDE Secure Corporation + * Copyright (c) 2019 Rambus Inc. * All Rights Reserved * * The latest version of this code is available at http://www.matrixssl.org @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus Inc at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/include/psunreachable_begin.h b/core/include/psunreachable_begin.h index 0449af7..a7b7d1f 100644 --- a/core/include/psunreachable_begin.h +++ b/core/include/psunreachable_begin.h @@ -5,7 +5,7 @@ * Mark unreachable code. */ /* - * Copyright (c) 2018 INSIDE Secure Corporation + * Copyright (c) 2018 Rambus Inc. * All Rights Reserved * * The latest version of this code is available at http://www.matrixssl.org @@ -17,8 +17,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus Inc at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/include/psunreachable_end.h b/core/include/psunreachable_end.h index cfb89a7..b5d4a01 100644 --- a/core/include/psunreachable_end.h +++ b/core/include/psunreachable_end.h @@ -5,7 +5,7 @@ * Mark unreachable code. */ /* - * Copyright (c) 2018 INSIDE Secure Corporation + * Copyright (c) 2018 Rambus Inc. * All Rights Reserved * * The latest version of this code is available at http://www.matrixssl.org @@ -17,8 +17,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus Inc at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/include/public_defs.h b/core/include/public_defs.h index 4677bdf..21c9c49 100644 --- a/core/include/public_defs.h +++ b/core/include/public_defs.h @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2007-2016 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2007-2016 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/include/sfzcl/sfzclbase64.h b/core/include/sfzcl/sfzclbase64.h index fa5eb9d..3257f7b 100644 --- a/core/include/sfzcl/sfzclbase64.h +++ b/core/include/sfzcl/sfzclbase64.h @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2006-2016 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2006-2016 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/include/sfzcl/sfzclbuffer.h b/core/include/sfzcl/sfzclbuffer.h index 9c75382..d2070ce 100644 --- a/core/include/sfzcl/sfzclbuffer.h +++ b/core/include/sfzcl/sfzclbuffer.h @@ -8,7 +8,7 @@ */ /***************************************************************************** -* Copyright (c) 2006-2016 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2006-2016 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -19,8 +19,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/include/sfzcl/sfzcldsprintf.h b/core/include/sfzcl/sfzcldsprintf.h index 6d670f7..13cf6a3 100644 --- a/core/include/sfzcl/sfzcldsprintf.h +++ b/core/include/sfzcl/sfzcldsprintf.h @@ -2,7 +2,7 @@ */ /***************************************************************************** -* Copyright (c) 2006-2016 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2006-2016 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -13,8 +13,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/include/sfzcl/sfzclenum.h b/core/include/sfzcl/sfzclenum.h index 28ffb70..8ebf169 100644 --- a/core/include/sfzcl/sfzclenum.h +++ b/core/include/sfzcl/sfzclenum.h @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2006-2016 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2006-2016 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/include/sfzcl/sfzclfastalloc.h b/core/include/sfzcl/sfzclfastalloc.h index 93a1d82..bb320b9 100644 --- a/core/include/sfzcl/sfzclfastalloc.h +++ b/core/include/sfzcl/sfzclfastalloc.h @@ -2,7 +2,7 @@ */ /***************************************************************************** -* Copyright (c) 2006-2016 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2006-2016 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -13,8 +13,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/include/sfzcl/sfzclfileio.h b/core/include/sfzcl/sfzclfileio.h index 92e15cd..4b3eb7b 100644 --- a/core/include/sfzcl/sfzclfileio.h +++ b/core/include/sfzcl/sfzclfileio.h @@ -7,7 +7,7 @@ */ /***************************************************************************** -* Copyright (c) 2006-2016 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2006-2016 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/include/sfzcl/sfzclgetput.h b/core/include/sfzcl/sfzclgetput.h index cd6234e..79a2af5 100644 --- a/core/include/sfzcl/sfzclgetput.h +++ b/core/include/sfzcl/sfzclgetput.h @@ -6,7 +6,7 @@ */ /***************************************************************************** -* Copyright (c) 2006-2016 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2006-2016 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -17,8 +17,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/include/sfzcl/sfzclglobals.h b/core/include/sfzcl/sfzclglobals.h index a1db19d..95ffd83 100644 --- a/core/include/sfzcl/sfzclglobals.h +++ b/core/include/sfzcl/sfzclglobals.h @@ -2,7 +2,7 @@ */ /***************************************************************************** -* Copyright (c) 2006-2016 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2006-2016 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -13,8 +13,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/include/sfzcl/sfzclincludes.h b/core/include/sfzcl/sfzclincludes.h index b58ade6..1954160 100644 --- a/core/include/sfzcl/sfzclincludes.h +++ b/core/include/sfzcl/sfzclincludes.h @@ -2,7 +2,7 @@ */ /***************************************************************************** -* Copyright (c) 2002-2016 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2002-2016 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -13,8 +13,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/include/sfzcl/sfzclmalloc.h b/core/include/sfzcl/sfzclmalloc.h index 2a57dc8..a6da10a 100644 --- a/core/include/sfzcl/sfzclmalloc.h +++ b/core/include/sfzcl/sfzclmalloc.h @@ -7,7 +7,7 @@ */ /***************************************************************************** -* Copyright (c) 2006-2016 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2006-2016 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/include/sfzcl/sfzclmemparser.h b/core/include/sfzcl/sfzclmemparser.h index eaf770e..2a3937e 100644 --- a/core/include/sfzcl/sfzclmemparser.h +++ b/core/include/sfzcl/sfzclmemparser.h @@ -5,7 +5,7 @@ */ /***************************************************************************** -* Copyright (c) 2016 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2016 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -16,8 +16,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/include/sfzcl/sfzclobstack.h b/core/include/sfzcl/sfzclobstack.h index 3def60e..6143488 100644 --- a/core/include/sfzcl/sfzclobstack.h +++ b/core/include/sfzcl/sfzclobstack.h @@ -2,7 +2,7 @@ */ /***************************************************************************** -* Copyright (c) 2006-2016 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2006-2016 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -13,8 +13,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/include/sfzcl/sfzclsnprintf.h b/core/include/sfzcl/sfzclsnprintf.h index 937f872..59012b1 100644 --- a/core/include/sfzcl/sfzclsnprintf.h +++ b/core/include/sfzcl/sfzclsnprintf.h @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2006-2016 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2006-2016 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/include/sfzcl/sfzclstr.h b/core/include/sfzcl/sfzclstr.h index f8b5190..e800e15 100644 --- a/core/include/sfzcl/sfzclstr.h +++ b/core/include/sfzcl/sfzclstr.h @@ -2,7 +2,7 @@ */ /***************************************************************************** -* Copyright (c) 2006-2016 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2006-2016 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -13,8 +13,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/include/sfzcl/sfzcltime.h b/core/include/sfzcl/sfzcltime.h index ab97b16..ad2ab08 100644 --- a/core/include/sfzcl/sfzcltime.h +++ b/core/include/sfzcl/sfzcltime.h @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2006-2016 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2006-2016 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/include/sfzcl/sfzcltimemeasure.h b/core/include/sfzcl/sfzcltimemeasure.h index 5f8c936..c796a53 100644 --- a/core/include/sfzcl/sfzcltimemeasure.h +++ b/core/include/sfzcl/sfzcltimemeasure.h @@ -2,7 +2,7 @@ */ /***************************************************************************** -* Copyright (c) 2006-2016 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2006-2016 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -13,8 +13,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/include/testsupp/info.h b/core/include/testsupp/info.h index 1a8dc45..75eddb0 100644 --- a/core/include/testsupp/info.h +++ b/core/include/testsupp/info.h @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2018 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2018 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/include/testsupp/sfzutf-perf.h b/core/include/testsupp/sfzutf-perf.h index 09d3c2a..2182d16 100644 --- a/core/include/testsupp/sfzutf-perf.h +++ b/core/include/testsupp/sfzutf-perf.h @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2008-2016 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2008-2016 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/include/testsupp/sfzutf-utils.h b/core/include/testsupp/sfzutf-utils.h index dfc3a48..4efad19 100644 --- a/core/include/testsupp/sfzutf-utils.h +++ b/core/include/testsupp/sfzutf-utils.h @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2008-2016 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2008-2016 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/include/testsupp/sfzutf.h b/core/include/testsupp/sfzutf.h index 04472a2..f9d4166 100644 --- a/core/include/testsupp/sfzutf.h +++ b/core/include/testsupp/sfzutf.h @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2008-2016 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2008-2016 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/include/testsupp/testsupp.h b/core/include/testsupp/testsupp.h index 5627847..33fea53 100644 --- a/core/include/testsupp/testsupp.h +++ b/core/include/testsupp/testsupp.h @@ -5,7 +5,7 @@ * Common testing framework for building test programs. */ /* - * Copyright (c) 2017-2018 INSIDE Secure Corporation + * Copyright (c) 2017-2018 Rambus Inc. * All Rights Reserved * * The latest version of this code is available at http://www.matrixssl.org @@ -17,8 +17,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus Inc at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/include/testsupp/testsupp.hpp b/core/include/testsupp/testsupp.hpp index fb7a833..ec809d4 100644 --- a/core/include/testsupp/testsupp.hpp +++ b/core/include/testsupp/testsupp.hpp @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2017 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2017 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/makefiles/detect-and-rules.mk b/core/makefiles/detect-and-rules.mk index 682c4c6..b6228fc 100644 --- a/core/makefiles/detect-and-rules.mk +++ b/core/makefiles/detect-and-rules.mk @@ -1,7 +1,7 @@ ## # Environment detection and common build rules for MatrixSSL components. # @version $Format:%h%d$ -# Copyright (c) 2013-2017 INSIDE Secure Corporation. All Rights Reserved. +# Copyright (c) 2013-2017 Rambus Inc. All Rights Reserved. # #------------------------------------------------------------------------------- diff --git a/core/makefiles/platform_specific.mk b/core/makefiles/platform_specific.mk index df906c0..eeac0c3 100644 --- a/core/makefiles/platform_specific.mk +++ b/core/makefiles/platform_specific.mk @@ -1,7 +1,7 @@ ## # Support for platform specific build instructions. # @version $Format:%h%d$ -# Copyright (c) 2013-2017 INSIDE Secure Corporation. All Rights Reserved. +# Copyright (c) 2013-2017 Rambus Inc. All Rights Reserved. # #------------------------------------------------------------------------------- diff --git a/core/makefiles/rules.mk b/core/makefiles/rules.mk index b4e9239..729f87e 100644 --- a/core/makefiles/rules.mk +++ b/core/makefiles/rules.mk @@ -1,7 +1,7 @@ # # Build rules file for test applications using CL. # -# Copyright (c) 2016-2017 INSIDE Secure Corporation. All Rights Reserved. +# Copyright (c) 2016-2017 Rambus Inc. All Rights Reserved. # # This file is included from Makefile with include rules.mk @@ -28,6 +28,10 @@ ifneq '$(USE_EXPORT_LEVEL_CRYPTO)' '' CPPFLAGS += -DUSE_EXPORT_LEVEL_CRYPTO endif +ifneq '$(USE_CRYPTO_SM)' '' +CPPFLAGS += -DUSE_CRYPTO_SM +endif + # Provide CFLAGS if it has not been specified on command line or base makefile # and if CFLAGS has not been overriden on command line or env override ifeq '$(filter file override command automatic,$(origin CFLAGS))' '' diff --git a/core/makefiles/use_ar.mk b/core/makefiles/use_ar.mk index 68a247e..168c60d 100644 --- a/core/makefiles/use_ar.mk +++ b/core/makefiles/use_ar.mk @@ -1,7 +1,7 @@ ## # Environment detection: detect flags for ar. # @version $Format:%h%d$ -# Copyright (c) 2018 INSIDE Secure Oy. All Rights Reserved. +# Copyright (c) 2018 Rambus Inc. All Rights Reserved. # #------------------------------------------------------------------------------- diff --git a/core/osdep/ANSI/osdep_break.c b/core/osdep/ANSI/osdep_break.c index 6a1c7ab..d54b4e4 100644 --- a/core/osdep/ANSI/osdep_break.c +++ b/core/osdep/ANSI/osdep_break.c @@ -5,7 +5,7 @@ * Any ANSI-C compatible system including POSIX. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus Inc at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/osdep/ANSI/spal_memory_ansi.c b/core/osdep/ANSI/spal_memory_ansi.c index d61e308..74a4b3a 100644 --- a/core/osdep/ANSI/spal_memory_ansi.c +++ b/core/osdep/ANSI/spal_memory_ansi.c @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2007-2016 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2007-2016 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/osdep/POSIX/osdep.c b/core/osdep/POSIX/osdep.c index 76969cb..22a472e 100644 --- a/core/osdep/POSIX/osdep.c +++ b/core/osdep/POSIX/osdep.c @@ -7,7 +7,7 @@ * Linux */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -20,8 +20,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus Inc at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/osdep/POSIX/psLog.c b/core/osdep/POSIX/psLog.c index 644a79f..7078b05 100644 --- a/core/osdep/POSIX/psLog.c +++ b/core/osdep/POSIX/psLog.c @@ -8,14 +8,7 @@ #include "osdep_string.h" #include "osdep_stdlib.h" #include "osdep_assert.h" - -#ifdef USE_MULTITHREADING -#include "osdep_pthread.h" -#endif /* USE_MULTITHREADING */ - -#ifdef USE_MULTITHREADING -static pthread_mutex_t out_file_mutex = PTHREAD_MUTEX_INITIALIZER; -#endif /* USE_MULTITHREADING */ +#include "psUtil.h" #define PS_LOGF_UNIT_MAX_LEN 64 @@ -43,28 +36,16 @@ typedef enum PS_LOGF_FATAL } psLogfLevel_t; -/* Check if logging is on. */ - -/* File handle to use for log output. */ -FILE *psLogfGetFile(const char *level, const char *unit) +/* Opening of the target file: */ +static FILE * volatile pslogf_out_file = NULL; +static void psLogfGetFile_once(void) { - static volatile FILE *out_file = NULL; FILE *file; const char *str; - /* Note: implementation of this function may choose to use different - file handles for different log levels or units. */ - (void)level; - (void)unit; - - if (out_file == NULL) - { -#ifdef USE_MULTITHREADING - pthread_mutex_lock(&out_file_mutex); -#endif /* USE_MULTITHREADING */ - } - - file = (FILE *) out_file; + /* psLogfGetFile will open target file once. It happens inside psOnce(). + Because of psOnce API, the file pointer needs to be passed via a global variable. */ + file = pslogf_out_file; if (file == NULL) { str = getenv("PS_LOG_FILE"); @@ -115,11 +96,26 @@ FILE *psLogfGetFile(const char *level, const char *unit) setvbuf(file, NULL, _IONBF, 0); } - out_file = file; -#ifdef USE_MULTITHREADING - pthread_mutex_unlock(&out_file_mutex); -#endif /* USE_MULTITHREADING */ - return file; + pslogf_out_file = file; +} + +/* File handle to use for log output. */ +FILE *psLogfGetFile(const char *level, const char *unit) +{ + + /* Note: implementation of this function may choose to use different + file handles for different log levels or units. */ + (void)level; + (void)unit; + + if (pslogf_out_file == NULL) + { + static psOnce_t once_control = PS_ONCE_INIT; + + psOnce(&once_control, psLogfGetFile_once); + } + + return pslogf_out_file; } /* Function called for fatal logs. */ diff --git a/core/osdep/POSIX/spal_posix_mutex.c b/core/osdep/POSIX/spal_posix_mutex.c index 425268b..638bd4a 100644 --- a/core/osdep/POSIX/spal_posix_mutex.c +++ b/core/osdep/POSIX/spal_posix_mutex.c @@ -1,5 +1,5 @@ /***************************************************************************** -* Copyright (c) 2007-2016 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2007-2016 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -10,8 +10,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/osdep/POSIX/spal_posix_semaphore.c b/core/osdep/POSIX/spal_posix_semaphore.c index ee5c072..525b877 100644 --- a/core/osdep/POSIX/spal_posix_semaphore.c +++ b/core/osdep/POSIX/spal_posix_semaphore.c @@ -1,5 +1,5 @@ /***************************************************************************** -* Copyright (c) 2007-2016 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2007-2016 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -10,8 +10,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/osdep/POSIX/spal_posix_sleep.c b/core/osdep/POSIX/spal_posix_sleep.c index 91c6d82..07b4b39 100644 --- a/core/osdep/POSIX/spal_posix_sleep.c +++ b/core/osdep/POSIX/spal_posix_sleep.c @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2010-2016 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2010-2016 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/osdep/POSIX/spal_posix_thread.c b/core/osdep/POSIX/spal_posix_thread.c index 7b16bb6..f7c0920 100644 --- a/core/osdep/POSIX/spal_posix_thread.c +++ b/core/osdep/POSIX/spal_posix_thread.c @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2007-2016 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2007-2016 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/osdep/WIN32/osdep.c b/core/osdep/WIN32/osdep.c index 4186580..f8c3c45 100644 --- a/core/osdep/WIN32/osdep.c +++ b/core/osdep/WIN32/osdep.c @@ -5,7 +5,7 @@ * WIN32 platform PScore . */ /* - * Copyright (c) 2013-2016 INSIDE Secure Corporation + * Copyright (c) 2013-2016 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus Inc at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/osdep/include/Makefile b/core/osdep/include/Makefile index 118e73f..153bedd 100644 --- a/core/osdep/include/Makefile +++ b/core/osdep/include/Makefile @@ -1,12 +1,12 @@ ############################################################################## -# Copyright (c) 2017 INSIDE Secure Oy. All Rights Reserved. +# Copyright (c) 2017 Rambus Inc. All Rights Reserved. # # This confidential and proprietary software may be used only as authorized -# by a licensing agreement from INSIDE Secure. +# by a licensing agreement from Rambus Inc. # # The entire notice above must be reproduced on all authorized copies that # may only be made to the extent permitted by a licensing agreement from -# INSIDE Secure. +# Rambus Inc. ############################################################################## all: diff --git a/core/osdep/include/osdep-types.h b/core/osdep/include/osdep-types.h index e23d98d..47c1127 100644 --- a/core/osdep/include/osdep-types.h +++ b/core/osdep/include/osdep-types.h @@ -5,7 +5,7 @@ * Operating System and Hardware Abstraction Layer: type definitions. */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus Inc at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/osdep/include/osdep.h b/core/osdep/include/osdep.h index 15c3d49..841a7a7 100644 --- a/core/osdep/include/osdep.h +++ b/core/osdep/include/osdep.h @@ -5,7 +5,7 @@ * Operating System and Hardware Abstraction Layer. */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus Inc at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/osdep/include/osdep_arm_acle.h b/core/osdep/include/osdep_arm_acle.h index 68d992b..3d138a2 100644 --- a/core/osdep/include/osdep_arm_acle.h +++ b/core/osdep/include/osdep_arm_acle.h @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2017 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2017 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/osdep/include/osdep_arm_neon.h b/core/osdep/include/osdep_arm_neon.h index dc75ccf..709dc3f 100644 --- a/core/osdep/include/osdep_arm_neon.h +++ b/core/osdep/include/osdep_arm_neon.h @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2017 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2017 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/osdep/include/osdep_assert.h b/core/osdep/include/osdep_assert.h index 808a076..47ec63a 100644 --- a/core/osdep/include/osdep_assert.h +++ b/core/osdep/include/osdep_assert.h @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2017 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2017 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/osdep/include/osdep_cpu-features.h b/core/osdep/include/osdep_cpu-features.h index 7c613b9..43010c3 100644 --- a/core/osdep/include/osdep_cpu-features.h +++ b/core/osdep/include/osdep_cpu-features.h @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2017 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2017 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/osdep/include/osdep_ctype.h b/core/osdep/include/osdep_ctype.h index a1be91d..346d2ef 100644 --- a/core/osdep/include/osdep_ctype.h +++ b/core/osdep/include/osdep_ctype.h @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2017 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2017 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/osdep/include/osdep_dlfcn.h b/core/osdep/include/osdep_dlfcn.h index 18ff18c..b2a538f 100644 --- a/core/osdep/include/osdep_dlfcn.h +++ b/core/osdep/include/osdep_dlfcn.h @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2017 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2017 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/osdep/include/osdep_emmintrin.h b/core/osdep/include/osdep_emmintrin.h index 7982896..32b00f1 100644 --- a/core/osdep/include/osdep_emmintrin.h +++ b/core/osdep/include/osdep_emmintrin.h @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2017 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2017 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/osdep/include/osdep_errno.h b/core/osdep/include/osdep_errno.h index d5b013a..6b26e59 100644 --- a/core/osdep/include/osdep_errno.h +++ b/core/osdep/include/osdep_errno.h @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2017 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2017 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/osdep/include/osdep_fcntl.h b/core/osdep/include/osdep_fcntl.h index 6220331..4bfb23b 100644 --- a/core/osdep/include/osdep_fcntl.h +++ b/core/osdep/include/osdep_fcntl.h @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2017 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2017 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/osdep/include/osdep_immintrin.h b/core/osdep/include/osdep_immintrin.h index 147d51b..528ee7c 100644 --- a/core/osdep/include/osdep_immintrin.h +++ b/core/osdep/include/osdep_immintrin.h @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2017 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2017 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/osdep/include/osdep_intrin.h b/core/osdep/include/osdep_intrin.h index a7ee166..2b94af6 100644 --- a/core/osdep/include/osdep_intrin.h +++ b/core/osdep/include/osdep_intrin.h @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2017 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2017 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/osdep/include/osdep_inttypes.h b/core/osdep/include/osdep_inttypes.h index 9c403f2..cc9b899 100644 --- a/core/osdep/include/osdep_inttypes.h +++ b/core/osdep/include/osdep_inttypes.h @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2017 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2017 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/osdep/include/osdep_libc-version.h b/core/osdep/include/osdep_libc-version.h index c1b77c3..5f8f3de 100644 --- a/core/osdep/include/osdep_libc-version.h +++ b/core/osdep/include/osdep_libc-version.h @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2017 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2017 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/osdep/include/osdep_limits.h b/core/osdep/include/osdep_limits.h index 5e42a5b..8c771d3 100644 --- a/core/osdep/include/osdep_limits.h +++ b/core/osdep/include/osdep_limits.h @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2017 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2017 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/osdep/include/osdep_malloc.h b/core/osdep/include/osdep_malloc.h index bdeb555..a853764 100644 --- a/core/osdep/include/osdep_malloc.h +++ b/core/osdep/include/osdep_malloc.h @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2017 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2017 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/osdep/include/osdep_math.h b/core/osdep/include/osdep_math.h index 0e0b1b4..fbfb430 100644 --- a/core/osdep/include/osdep_math.h +++ b/core/osdep/include/osdep_math.h @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2017 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2017 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/osdep/include/osdep_netdb.h b/core/osdep/include/osdep_netdb.h index 06bc84a..de9f355 100644 --- a/core/osdep/include/osdep_netdb.h +++ b/core/osdep/include/osdep_netdb.h @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2017 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2017 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/osdep/include/osdep_netinet_in.h b/core/osdep/include/osdep_netinet_in.h index d149aea..d4cb7d0 100644 --- a/core/osdep/include/osdep_netinet_in.h +++ b/core/osdep/include/osdep_netinet_in.h @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2017 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2017 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/osdep/include/osdep_netinet_tcp.h b/core/osdep/include/osdep_netinet_tcp.h index dc31bf5..53aed9f 100644 --- a/core/osdep/include/osdep_netinet_tcp.h +++ b/core/osdep/include/osdep_netinet_tcp.h @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2017 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2017 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/osdep/include/osdep_nmmintrin.h b/core/osdep/include/osdep_nmmintrin.h index 87848eb..06e3076 100644 --- a/core/osdep/include/osdep_nmmintrin.h +++ b/core/osdep/include/osdep_nmmintrin.h @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2017 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2017 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/osdep/include/osdep_pthread.h b/core/osdep/include/osdep_pthread.h index acebf04..80d3af0 100644 --- a/core/osdep/include/osdep_pthread.h +++ b/core/osdep/include/osdep_pthread.h @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2017 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2017 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/osdep/include/osdep_sched.h b/core/osdep/include/osdep_sched.h index 2633473..9b4c478 100644 --- a/core/osdep/include/osdep_sched.h +++ b/core/osdep/include/osdep_sched.h @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2017 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2017 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/osdep/include/osdep_semaphore.h b/core/osdep/include/osdep_semaphore.h index 7ab884c..ef5766b 100644 --- a/core/osdep/include/osdep_semaphore.h +++ b/core/osdep/include/osdep_semaphore.h @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2017 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2017 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/osdep/include/osdep_setjmp.h b/core/osdep/include/osdep_setjmp.h index 6bdb5f0..efbe80f 100644 --- a/core/osdep/include/osdep_setjmp.h +++ b/core/osdep/include/osdep_setjmp.h @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2017 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2017 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/osdep/include/osdep_signal.h b/core/osdep/include/osdep_signal.h index d726e4e..a1e14af 100644 --- a/core/osdep/include/osdep_signal.h +++ b/core/osdep/include/osdep_signal.h @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2017 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2017 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/osdep/include/osdep_smmintrin.h b/core/osdep/include/osdep_smmintrin.h index bc54742..c213b06 100644 --- a/core/osdep/include/osdep_smmintrin.h +++ b/core/osdep/include/osdep_smmintrin.h @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2017 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2017 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/osdep/include/osdep_stdarg.h b/core/osdep/include/osdep_stdarg.h index 624d122..d8e62ea 100644 --- a/core/osdep/include/osdep_stdarg.h +++ b/core/osdep/include/osdep_stdarg.h @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2017 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2017 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/osdep/include/osdep_stdbool.h b/core/osdep/include/osdep_stdbool.h index 723f2a9..3fd2489 100644 --- a/core/osdep/include/osdep_stdbool.h +++ b/core/osdep/include/osdep_stdbool.h @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2017 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2017 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/osdep/include/osdep_stddef.h b/core/osdep/include/osdep_stddef.h index 8ab7d15..3dd5217 100644 --- a/core/osdep/include/osdep_stddef.h +++ b/core/osdep/include/osdep_stddef.h @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2017 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2017 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/osdep/include/osdep_stdint.h b/core/osdep/include/osdep_stdint.h index 0755b70..9503172 100644 --- a/core/osdep/include/osdep_stdint.h +++ b/core/osdep/include/osdep_stdint.h @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2017 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2017 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/osdep/include/osdep_stdio.h b/core/osdep/include/osdep_stdio.h index 3abdffb..2680943 100644 --- a/core/osdep/include/osdep_stdio.h +++ b/core/osdep/include/osdep_stdio.h @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2017 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2017 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/osdep/include/osdep_stdlib.h b/core/osdep/include/osdep_stdlib.h index 738683b..bda4635 100644 --- a/core/osdep/include/osdep_stdlib.h +++ b/core/osdep/include/osdep_stdlib.h @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2017 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2017 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/osdep/include/osdep_strict.h b/core/osdep/include/osdep_strict.h index 8dd53a5..03822e5 100644 --- a/core/osdep/include/osdep_strict.h +++ b/core/osdep/include/osdep_strict.h @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2017 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2017 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/osdep/include/osdep_string.h b/core/osdep/include/osdep_string.h index 803c31d..d35c4ce 100644 --- a/core/osdep/include/osdep_string.h +++ b/core/osdep/include/osdep_string.h @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2017 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2017 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/osdep/include/osdep_strings.h b/core/osdep/include/osdep_strings.h index 839154e..3f41dc3 100644 --- a/core/osdep/include/osdep_strings.h +++ b/core/osdep/include/osdep_strings.h @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2017 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2017 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/osdep/include/osdep_sys_auxv.h b/core/osdep/include/osdep_sys_auxv.h index 0c3115f..28cc43f 100644 --- a/core/osdep/include/osdep_sys_auxv.h +++ b/core/osdep/include/osdep_sys_auxv.h @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2017 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2017 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/osdep/include/osdep_sys_ioctl.h b/core/osdep/include/osdep_sys_ioctl.h index 510f5bc..6423214 100644 --- a/core/osdep/include/osdep_sys_ioctl.h +++ b/core/osdep/include/osdep_sys_ioctl.h @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2017 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2017 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/osdep/include/osdep_sys_mman.h b/core/osdep/include/osdep_sys_mman.h index 4c38b12..3c28978 100644 --- a/core/osdep/include/osdep_sys_mman.h +++ b/core/osdep/include/osdep_sys_mman.h @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2017 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2017 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/osdep/include/osdep_sys_random.h b/core/osdep/include/osdep_sys_random.h index 3530f99..33a17c6 100644 --- a/core/osdep/include/osdep_sys_random.h +++ b/core/osdep/include/osdep_sys_random.h @@ -4,14 +4,14 @@ */ /***************************************************************************** -* Copyright (c) 2018 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2018 Rambus Inc. All Rights Reserved. * * This confidential and proprietary software may be used only as authorized -* by a licensing agreement from INSIDE Secure. +* by a licensing agreement from Rambus Inc. * * The entire notice above must be reproduced on all authorized copies that * may only be made to the extent permitted by a licensing agreement from -* INSIDE Secure. +* Rambus Inc. *****************************************************************************/ /* This file just includes system header sys_random.h. diff --git a/core/osdep/include/osdep_sys_socket.h b/core/osdep/include/osdep_sys_socket.h index 6914394..f40e5af 100644 --- a/core/osdep/include/osdep_sys_socket.h +++ b/core/osdep/include/osdep_sys_socket.h @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2017 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2017 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/osdep/include/osdep_sys_time.h b/core/osdep/include/osdep_sys_time.h index 287c167..323b7e9 100644 --- a/core/osdep/include/osdep_sys_time.h +++ b/core/osdep/include/osdep_sys_time.h @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2017 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2017 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/osdep/include/osdep_sys_types.h b/core/osdep/include/osdep_sys_types.h index ccdeb2e..e81142c 100644 --- a/core/osdep/include/osdep_sys_types.h +++ b/core/osdep/include/osdep_sys_types.h @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2017 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2017 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/osdep/include/osdep_termios.h b/core/osdep/include/osdep_termios.h index c341bfb..56047db 100644 --- a/core/osdep/include/osdep_termios.h +++ b/core/osdep/include/osdep_termios.h @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2017 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2017 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/osdep/include/osdep_time.h b/core/osdep/include/osdep_time.h index 79d0e61..75daedb 100644 --- a/core/osdep/include/osdep_time.h +++ b/core/osdep/include/osdep_time.h @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2017-2018 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2017-2018 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/osdep/include/osdep_time_gmtime_r.h b/core/osdep/include/osdep_time_gmtime_r.h index de37459..ed6f675 100644 --- a/core/osdep/include/osdep_time_gmtime_r.h +++ b/core/osdep/include/osdep_time_gmtime_r.h @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2017-2018 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2017-2018 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/osdep/include/osdep_tmmintrin.h b/core/osdep/include/osdep_tmmintrin.h index ffb6b89..662208b 100644 --- a/core/osdep/include/osdep_tmmintrin.h +++ b/core/osdep/include/osdep_tmmintrin.h @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2017 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2017 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/osdep/include/osdep_unistd.h b/core/osdep/include/osdep_unistd.h index b324139..4ded916 100644 --- a/core/osdep/include/osdep_unistd.h +++ b/core/osdep/include/osdep_unistd.h @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2017 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2017 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/osdep/include/osdep_wchar.h b/core/osdep/include/osdep_wchar.h index 1e3d998..41f9b1f 100644 --- a/core/osdep/include/osdep_wchar.h +++ b/core/osdep/include/osdep_wchar.h @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2017 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2017 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/osdep/include/osdep_wincrypt.h b/core/osdep/include/osdep_wincrypt.h index 521e4dc..94663f6 100644 --- a/core/osdep/include/osdep_wincrypt.h +++ b/core/osdep/include/osdep_wincrypt.h @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2017 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2017 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/osdep/include/osdep_windows.h b/core/osdep/include/osdep_windows.h index f5f67aa..1f387b1 100644 --- a/core/osdep/include/osdep_windows.h +++ b/core/osdep/include/osdep_windows.h @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2017 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2017 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/osdep/include/osdep_wmmintrin.h b/core/osdep/include/osdep_wmmintrin.h index 4a13a99..67b9795 100644 --- a/core/osdep/include/osdep_wmmintrin.h +++ b/core/osdep/include/osdep_wmmintrin.h @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2017 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2017 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/osdep/include/osdep_x86intrin.h b/core/osdep/include/osdep_x86intrin.h index f858bfa..9695518 100644 --- a/core/osdep/include/osdep_x86intrin.h +++ b/core/osdep/include/osdep_x86intrin.h @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2017 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2017 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/osdep/include/osdep_zmmintrin.h b/core/osdep/include/osdep_zmmintrin.h index ff87007..45caf8c 100644 --- a/core/osdep/include/osdep_zmmintrin.h +++ b/core/osdep/include/osdep_zmmintrin.h @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2017 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2017 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/osdep/include/spal_memory.h b/core/osdep/include/spal_memory.h index c982eba..76a2506 100644 --- a/core/osdep/include/spal_memory.h +++ b/core/osdep/include/spal_memory.h @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2007-2016 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2007-2016 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/osdep/include/spal_mutex.h b/core/osdep/include/spal_mutex.h index 187b067..0b17cb4 100644 --- a/core/osdep/include/spal_mutex.h +++ b/core/osdep/include/spal_mutex.h @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2007-2016 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2007-2016 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/osdep/include/spal_result.h b/core/osdep/include/spal_result.h index 792b50b..e458d05 100644 --- a/core/osdep/include/spal_result.h +++ b/core/osdep/include/spal_result.h @@ -5,7 +5,7 @@ */ /***************************************************************************** -* Copyright (c) 2007-2016 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2007-2016 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -16,8 +16,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/osdep/include/spal_semaphore.h b/core/osdep/include/spal_semaphore.h index f120615..9b6ecb9 100644 --- a/core/osdep/include/spal_semaphore.h +++ b/core/osdep/include/spal_semaphore.h @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2007-2016 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2007-2016 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/osdep/include/spal_thread.h b/core/osdep/include/spal_thread.h index 427da3f..d078f90 100644 --- a/core/osdep/include/spal_thread.h +++ b/core/osdep/include/spal_thread.h @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2007-2016 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2007-2016 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/osdep/include/template.h b/core/osdep/include/template.h index 7ad1f51..e3f7c59 100644 --- a/core/osdep/include/template.h +++ b/core/osdep/include/template.h @@ -11,18 +11,18 @@ __END__ #ifdef MATRIX_COMMERCIAL /***************************************************************************** -* Copyright (c) 2017 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2017 Rambus Inc. All Rights Reserved. * * This confidential and proprietary software may be used only as authorized -* by a licensing agreement from INSIDE Secure. +* by a licensing agreement from Rambus Inc. * * The entire notice above must be reproduced on all authorized copies that * may only be made to the extent permitted by a licensing agreement from -* INSIDE Secure. +* Rambus Inc. *****************************************************************************/ #else /***************************************************************************** -* Copyright (c) 2017 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2017 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -33,8 +33,8 @@ __END__ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/osdep/src/cl_memset.c b/core/osdep/src/cl_memset.c index 57d809a..06db200 100644 --- a/core/osdep/src/cl_memset.c +++ b/core/osdep/src/cl_memset.c @@ -5,7 +5,7 @@ * Secure memset api that will not be optimized out by compiler. */ /* - * Copyright (c) 2013-2016 INSIDE Secure Corporation + * Copyright (c) 2013-2016 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus Inc at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/osdep/src/runtime.c b/core/osdep/src/runtime.c index c8dcd2a..65ede62 100644 --- a/core/osdep/src/runtime.c +++ b/core/osdep/src/runtime.c @@ -48,7 +48,7 @@ SLSodium_runtime_arm_cpu_features(CPUFeatures * const cpu_features) #else /* some ARM platform. */ # define NO_INTEL /* This architecture is definitely not x86/x86-64. No need to probe for Intel CPU features. */ - /* Customization for INSIDE Secure FIPS Toolkit: */ + /* Customization for Rambus Inc.FIPS Toolkit: */ /* Use sl_cpu.c for ARM feature detection, instead of the default sodium code. */ diff --git a/core/src/Cryptopp-License.txt b/core/src/Cryptopp-License.txt index c5d56b6..4b48832 100644 --- a/core/src/Cryptopp-License.txt +++ b/core/src/Cryptopp-License.txt @@ -1,4 +1,4 @@ -Most of the files in this package have been implemented by INSIDE Secure +Most of the files in this package have been implemented by Rambus Inc. and are copyrighted accordingly. sl_neon.c and sl_cpu.c are based on public domain files from Crypto++. diff --git a/core/src/bmp.c b/core/src/bmp.c index 89e171a..d41f0cb 100644 --- a/core/src/bmp.c +++ b/core/src/bmp.c @@ -5,7 +5,7 @@ * Bitmap file creation (http://www.fileformat.info/format/bmp/egff.htm). */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus Inc at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/src/c_lib.c b/core/src/c_lib.c index 8b1e27d..44225a1 100644 --- a/core/src/c_lib.c +++ b/core/src/c_lib.c @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2007-2016 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2007-2016 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/src/cl_basic.c b/core/src/cl_basic.c index 297eb64..d2a5ba2 100644 --- a/core/src/cl_basic.c +++ b/core/src/cl_basic.c @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2016 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2016 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/src/corelib_date.c b/core/src/corelib_date.c index 3332d34..c4a9dda 100644 --- a/core/src/corelib_date.c +++ b/core/src/corelib_date.c @@ -5,7 +5,7 @@ * Broken down date support. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus Inc at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/src/corelib_list.c b/core/src/corelib_list.c index 53cc093..aea7ce6 100644 --- a/core/src/corelib_list.c +++ b/core/src/corelib_list.c @@ -5,7 +5,7 @@ * Processing of lists. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus Inc at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/src/corelib_main.c b/core/src/corelib_main.c index afe9cd9..97fb17e 100644 --- a/core/src/corelib_main.c +++ b/core/src/corelib_main.c @@ -5,7 +5,7 @@ * Open and Close APIs. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus Inc at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/src/corelib_main.h b/core/src/corelib_main.h index 0b49ee9..2ad32f6 100644 --- a/core/src/corelib_main.h +++ b/core/src/corelib_main.h @@ -5,7 +5,7 @@ * Open and Close APIs: Internal APIs. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus Inc at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/src/corelib_strings.c b/core/src/corelib_strings.c index bfa52c8..69810d3 100644 --- a/core/src/corelib_strings.c +++ b/core/src/corelib_strings.c @@ -5,7 +5,7 @@ * Strings and conversion of strings. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus Inc at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/src/corelib_trace.c b/core/src/corelib_trace.c index 984e4cf..b50f27a 100644 --- a/core/src/corelib_trace.c +++ b/core/src/corelib_trace.c @@ -5,7 +5,7 @@ * Tracing and error functions. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus Inc at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/src/debug_abort.c b/core/src/debug_abort.c index a7a9754..3d7174b 100644 --- a/core/src/debug_abort.c +++ b/core/src/debug_abort.c @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2007-2016 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2007-2016 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/src/debug_printf.c b/core/src/debug_printf.c index eba3a31..c2b0157 100644 --- a/core/src/debug_printf.c +++ b/core/src/debug_printf.c @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2007-2016 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2007-2016 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/src/memset_s.c b/core/src/memset_s.c index 90429cc..daa1cf1 100644 --- a/core/src/memset_s.c +++ b/core/src/memset_s.c @@ -5,7 +5,7 @@ * Secure memset api that will not be optimized out by compiler. */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus Inc at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/src/psStat.c b/core/src/psStat.c index a2cb2f1..dff3a73 100644 --- a/core/src/psStat.c +++ b/core/src/psStat.c @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2018 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2018 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/src/psUtil.c b/core/src/psUtil.c index 1068c2e..b9bf917 100644 --- a/core/src/psUtil.c +++ b/core/src/psUtil.c @@ -10,7 +10,7 @@ * and MatrixSSL software or related software components. */ /* - * Copyright (c) 2017 INSIDE Secure Corporation + * Copyright (c) 2017 Rambus Inc. * All Rights Reserved * * The latest version of this code is available at http://www.matrixssl.org @@ -22,8 +22,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus Inc at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. @@ -134,4 +134,49 @@ void *psFreeFRR(void (*free_func)(void *ptr), void *ptr, void *ret) return ret; } +#ifdef USE_MULTITHREADING +#include "osdep_pthread.h" +#ifdef PTHREAD_MUTEX_INITIALIZER +#define PS_ONCE_CAN_LOCK 1 +#endif /* PTHREAD_MUTEX_INITIALIZER */ +#endif /* USE_MULTITHREADING */ + +static +void psOnce_internal(psOnce_t *once_control, psOnceInitFunction init_routine); + +void psOnce(psOnce_t *once_control, psOnceInitFunction init_routine) +{ + if (*once_control == PS_ONCE_INIT) + { + /* slow path: not yet initialized. */ + psOnce_internal(once_control, init_routine); + } +} + +/* Perform initialization. */ +static +void psOnce_internal(psOnce_t *once_control, psOnceInitFunction init_routine) +{ +#ifdef PS_ONCE_CAN_LOCK + static pthread_mutex_t once_mutex = PTHREAD_MUTEX_INITIALIZER; +#endif /* PS_ONCE_CAN_LOCK */ + +#ifdef PS_ONCE_CAN_LOCK + Pthread_mutex_lock(&once_mutex); +#endif /* PS_ONCE_CAN_LOCK */ + + /* Ensure *once_control is still uninitialized. */ + if (*once_control == PS_ONCE_INIT) + { + /* slow path: perform initialization. */ + init_routine(); + *once_control = 1; + } + +#ifdef PS_ONCE_CAN_LOCK + Pthread_mutex_unlock(&once_mutex); +#endif /* PS_ONCE_CAN_LOCK */ + +} + /* end of file psUtil.c */ diff --git a/core/src/psbuf.c b/core/src/psbuf.c index f475135..8762680 100644 --- a/core/src/psbuf.c +++ b/core/src/psbuf.c @@ -5,7 +5,7 @@ * Implementation of API for handling buffers containing binary data. */ /* - * Copyright (c) 2017 INSIDE Secure Corporation + * Copyright (c) 2017 Rambus Inc. * All Rights Reserved * * The latest version of this code is available at http://www.matrixssl.org @@ -17,8 +17,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus Inc at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/src/psmalloc.c b/core/src/psmalloc.c index eb8813b..99f7fea 100644 --- a/core/src/psmalloc.c +++ b/core/src/psmalloc.c @@ -5,7 +5,7 @@ * Highly optimised malloc implementation designed for low memory environments. */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus Inc at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/src/psmalloc_ext.c b/core/src/psmalloc_ext.c index 64ffa0e..89f6626 100644 --- a/core/src/psmalloc_ext.c +++ b/core/src/psmalloc_ext.c @@ -5,7 +5,7 @@ * Additional helper functions for memory allocation. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus Inc at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/src/psprintf.c b/core/src/psprintf.c index 9e3b1b5..9b69be5 100644 --- a/core/src/psprintf.c +++ b/core/src/psprintf.c @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2007-2018 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2007-2018 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/src/psprintf.h b/core/src/psprintf.h index fc1c563..5fbb1b9 100644 --- a/core/src/psprintf.h +++ b/core/src/psprintf.h @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2007-2018 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2007-2018 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/src/sfzclbase64.c b/core/src/sfzclbase64.c index 79ff821..9dc0448 100644 --- a/core/src/sfzclbase64.c +++ b/core/src/sfzclbase64.c @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2006-2016 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2006-2016 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/src/sfzclbuffer.c b/core/src/sfzclbuffer.c index 79ddeca..88ac2cf 100644 --- a/core/src/sfzclbuffer.c +++ b/core/src/sfzclbuffer.c @@ -6,7 +6,7 @@ */ /***************************************************************************** -* Copyright (c) 2006-2016 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2006-2016 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -17,8 +17,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/src/sfzclcalendar.c b/core/src/sfzclcalendar.c index ea2a291..093faef 100644 --- a/core/src/sfzclcalendar.c +++ b/core/src/sfzclcalendar.c @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2006-2016 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2006-2016 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/src/sfzclfastalloc.c b/core/src/sfzclfastalloc.c index 9f837a4..df5b2f0 100644 --- a/core/src/sfzclfastalloc.c +++ b/core/src/sfzclfastalloc.c @@ -2,7 +2,7 @@ */ /***************************************************************************** -* Copyright (c) 2006-2016 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2006-2016 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -13,8 +13,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/src/sfzclfileio.c b/core/src/sfzclfileio.c index eb75892..45ba2e7 100644 --- a/core/src/sfzclfileio.c +++ b/core/src/sfzclfileio.c @@ -5,7 +5,7 @@ */ /***************************************************************************** -* Copyright (c) 2006-2016 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2006-2016 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -16,8 +16,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/src/sfzclmalloc.c b/core/src/sfzclmalloc.c index ff5a062..71fe174 100644 --- a/core/src/sfzclmalloc.c +++ b/core/src/sfzclmalloc.c @@ -2,7 +2,7 @@ */ /***************************************************************************** -* Copyright (c) 2006-2016 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2006-2016 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -13,8 +13,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/src/sfzclmemparser.c b/core/src/sfzclmemparser.c index 45f85cc..c529cfa 100644 --- a/core/src/sfzclmemparser.c +++ b/core/src/sfzclmemparser.c @@ -5,7 +5,7 @@ */ /***************************************************************************** -* Copyright (c) 2016 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2016 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -16,8 +16,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/src/sfzclobstack.c b/core/src/sfzclobstack.c index 81b432b..eb7c731 100644 --- a/core/src/sfzclobstack.c +++ b/core/src/sfzclobstack.c @@ -2,7 +2,7 @@ */ /***************************************************************************** -* Copyright (c) 2006-2016 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2006-2016 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -13,8 +13,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/src/sfzclsnprintf.c b/core/src/sfzclsnprintf.c index 9525ce0..24a7abf 100644 --- a/core/src/sfzclsnprintf.c +++ b/core/src/sfzclsnprintf.c @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2006-2016 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2006-2016 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/src/sfzclstr.c b/core/src/sfzclstr.c index 8442f4c..c0ec854 100644 --- a/core/src/sfzclstr.c +++ b/core/src/sfzclstr.c @@ -25,7 +25,7 @@ */ /***************************************************************************** -* Copyright (c) 2006-2016 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2006-2016 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -36,8 +36,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/src/sfzcltime.c b/core/src/sfzcltime.c index f6c6b0e..94f84a9 100644 --- a/core/src/sfzcltime.c +++ b/core/src/sfzcltime.c @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2006-2017 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2006-2017 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/src/sfzcltimemeasure.c b/core/src/sfzcltimemeasure.c index baf3719..1d0fa31 100644 --- a/core/src/sfzcltimemeasure.c +++ b/core/src/sfzcltimemeasure.c @@ -2,7 +2,7 @@ */ /***************************************************************************** -* Copyright (c) 2006-2016 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2006-2016 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -13,8 +13,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/src/sl_cpu.c b/core/src/sl_cpu.c index d89c8f4..adbb8b5 100644 --- a/core/src/sl_cpu.c +++ b/core/src/sl_cpu.c @@ -5,7 +5,7 @@ */ /***************************************************************************** -* Copyright (c) 2017 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2017 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -16,8 +16,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/src/sl_neon.c b/core/src/sl_neon.c index 6731de4..d314554 100644 --- a/core/src/sl_neon.c +++ b/core/src/sl_neon.c @@ -5,7 +5,7 @@ */ /***************************************************************************** -* Copyright (c) 2017 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2017 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -16,8 +16,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/src/utils.c b/core/src/utils.c index 0acf50a..92b0e23 100644 --- a/core/src/utils.c +++ b/core/src/utils.c @@ -290,6 +290,7 @@ SLSodium_add(unsigned char *a, const unsigned char *b, const size_t len) } } +#ifndef FL_EXCLUDE_FEATURE /* Derived from original code by CodesInChaos */ char * SLSodium_bin2hex(char *const hex, const size_t hex_maxlen, @@ -372,6 +373,7 @@ SLSodium_hex2bin(unsigned char *const bin, const size_t bin_maxlen, } return ret; } +#endif /* FL_EXCLUDE_FEATURE */ #ifndef NO_SODIUM_MEMORY_MANAGEMENT int @@ -398,6 +400,7 @@ SLSodium_alloc_init(void) } #endif /* NO_SODIUM_MEMORY_MANAGEMENT */ +#ifndef FL_EXCLUDE_FEATURE int SLSodium_mlock(void *const addr, const size_t len) { @@ -472,6 +475,7 @@ SLMprotect_readwrite(void *ptr, size_t size) return -1; # endif } +#endif /* FL_EXCLUDE_FEATURE */ #ifndef NO_SODIUM_MEMORY_MANAGEMENT # ifdef HAVE_ALIGNED_MALLOC @@ -667,6 +671,7 @@ SLSodium_free(void *ptr) #endif /* NO_SODIUM_MEMORY_MANAGEMENT */ +#ifndef FL_EXCLUDE_FEATURE # ifndef HAVE_PAGE_PROTECTION static int SLSodium_mprotect(void *ptr, int (*cb)(void *ptr, size_t size)) @@ -709,5 +714,6 @@ SLSodium_mprotect_readwrite(void *ptr) { return SLSodium_mprotect(ptr, SLMprotect_readwrite); } +#endif /* FL_EXCLUDE_FEATURE */ #endif /* USE_SL_CHACHA20_POLY1305_IETF || USE_SL_SODIUM */ diff --git a/core/testsupp/src/sfzutf/sfzutf-heap.c b/core/testsupp/src/sfzutf/sfzutf-heap.c index 49efe13..86d80e7 100644 --- a/core/testsupp/src/sfzutf/sfzutf-heap.c +++ b/core/testsupp/src/sfzutf/sfzutf-heap.c @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2008-2016 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2008-2016 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/testsupp/src/sfzutf/sfzutf-perf.c b/core/testsupp/src/sfzutf/sfzutf-perf.c index 4c38c2d..e26b92d 100644 --- a/core/testsupp/src/sfzutf/sfzutf-perf.c +++ b/core/testsupp/src/sfzutf/sfzutf-perf.c @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2008-2016 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2008-2016 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/testsupp/src/sfzutf/sfzutf-stack.c b/core/testsupp/src/sfzutf/sfzutf-stack.c index a78ce9c..ded0d89 100644 --- a/core/testsupp/src/sfzutf/sfzutf-stack.c +++ b/core/testsupp/src/sfzutf/sfzutf-stack.c @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2008-2016 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2008-2016 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/testsupp/src/sfzutf/sfzutf-utils.c b/core/testsupp/src/sfzutf/sfzutf-utils.c index 0a8906c..4da22eb 100644 --- a/core/testsupp/src/sfzutf/sfzutf-utils.c +++ b/core/testsupp/src/sfzutf/sfzutf-utils.c @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2008-2016 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2008-2016 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/testsupp/src/sfzutf/sfzutf.c b/core/testsupp/src/sfzutf/sfzutf.c index 220d38a..d1680ac 100644 --- a/core/testsupp/src/sfzutf/sfzutf.c +++ b/core/testsupp/src/sfzutf/sfzutf.c @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2007-2016 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2007-2016 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/testsupp/src/sfzutf/sfzutf_interactive.c b/core/testsupp/src/sfzutf/sfzutf_interactive.c index 83cd235..9f2f28a 100644 --- a/core/testsupp/src/sfzutf/sfzutf_interactive.c +++ b/core/testsupp/src/sfzutf/sfzutf_interactive.c @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2016-2018 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2016-2018 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/testsupp/src/sfzutf/sfzutf_internal.h b/core/testsupp/src/sfzutf/sfzutf_internal.h index 1a061c6..72baf9f 100644 --- a/core/testsupp/src/sfzutf/sfzutf_internal.h +++ b/core/testsupp/src/sfzutf/sfzutf_internal.h @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2008-2016 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2008-2016 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/testsupp/src/sfzutf/sfzutf_main_stdio.c b/core/testsupp/src/sfzutf/sfzutf_main_stdio.c index 03f4e35..c97e0ee 100644 --- a/core/testsupp/src/sfzutf/sfzutf_main_stdio.c +++ b/core/testsupp/src/sfzutf/sfzutf_main_stdio.c @@ -5,7 +5,7 @@ */ /***************************************************************************** -* Copyright (c) 2007-2016 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2007-2016 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -16,8 +16,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/testsupp/src/testsupp.c b/core/testsupp/src/testsupp.c index 791a0da..d54f650 100644 --- a/core/testsupp/src/testsupp.c +++ b/core/testsupp/src/testsupp.c @@ -5,7 +5,7 @@ * Common testing framework for building test programs. */ /* - * Copyright (c) 2017-2018 INSIDE Secure Corporation + * Copyright (c) 2017-2018 Rambus Inc. * All Rights Reserved * * The latest version of this code is available at http://www.matrixssl.org @@ -17,8 +17,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus Inc at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/core/unit_tests/GNUmakefile b/core/unit_tests/GNUmakefile index faacab5..a35971e 100644 --- a/core/unit_tests/GNUmakefile +++ b/core/unit_tests/GNUmakefile @@ -1,7 +1,7 @@ # # Makefile for unit testing applications. # -# Copyright (c) 2018 INSIDE Secure Corporation. All Rights Reserved. +# Copyright (c) 2018 Rambus Inc. All Rights Reserved. # # diff --git a/core/unit_tests/test_psGetFileBuf.cc b/core/unit_tests/test_psGetFileBuf.cc index 302c26d..ba7967d 100644 --- a/core/unit_tests/test_psGetFileBuf.cc +++ b/core/unit_tests/test_psGetFileBuf.cc @@ -3,7 +3,7 @@ */ /***************************************************************************** -* Copyright (c) 2018 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2018 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -14,8 +14,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus Inc at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/Makefile b/crypto/Makefile index 72cbe2e..f374089 100644 --- a/crypto/Makefile +++ b/crypto/Makefile @@ -1,7 +1,7 @@ # # Makefile for MatrixSSL crypto static library # -# Copyright (c) 2013-2018 INSIDE Secure Corporation. All Rights Reserved. +# Copyright (c) 2013-2018 Rambus Inc. All Rights Reserved. # MATRIXSSL_ROOT:=.. @@ -37,6 +37,7 @@ SRC:=\ keyformat/pem_decode_mem.c \ keyformat/pem_decode_file.c \ keyformat/pkcs.c \ + keyformat/pbkdf2.c \ keyformat/x509.c \ layer/matrix.c \ math/pstm.c \ diff --git a/crypto/aead/chacha20poly1305ietf/ps_chacha20poly1305ietf.c b/crypto/aead/chacha20poly1305ietf/ps_chacha20poly1305ietf.c index 16d843a..a5b59cf 100644 --- a/crypto/aead/chacha20poly1305ietf/ps_chacha20poly1305ietf.c +++ b/crypto/aead/chacha20poly1305ietf/ps_chacha20poly1305ietf.c @@ -7,7 +7,7 @@ * For algorithm, see RFC 7539 ChaCha20 and Poly1305 for IETF Protocols. */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -20,8 +20,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/aead/chacha20poly1305ietf/ps_chacha20poly1305ietf_config.h b/crypto/aead/chacha20poly1305ietf/ps_chacha20poly1305ietf_config.h index 23402a2..c7fb4b1 100644 --- a/crypto/aead/chacha20poly1305ietf/ps_chacha20poly1305ietf_config.h +++ b/crypto/aead/chacha20poly1305ietf/ps_chacha20poly1305ietf_config.h @@ -5,7 +5,7 @@ * Header for MatrixSSL Chacha20-poly1305: Configuration. */ /* - * Copyright (c) 2017 INSIDE Secure Corporation + * Copyright (c) 2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/common/alg_info.c b/crypto/common/alg_info.c index 4662ede..c57684c 100644 --- a/crypto/common/alg_info.c +++ b/crypto/common/alg_info.c @@ -6,7 +6,7 @@ * algorithms such as output length. */ /* - * Copyright (c) 2018 INSIDE Secure Corporation + * Copyright (c) 2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -19,8 +19,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. @@ -70,6 +70,8 @@ psResSize_t psGetOutputBlockLength(psCipherType_e alg) return SHA384_HASHLEN; case HASH_SHA512: return SHA512_HASHLEN; + case HMAC_SM3: + return SM3_HASHLEN; default: return PS_ARG_FAIL; } @@ -99,6 +101,8 @@ psResSize_t psSigAlgToHashLen(int32_t sigAlg) case OID_SHA512_RSA_SIG: case OID_SHA512_ECDSA_SIG: return SHA512_HASH_SIZE; + case OID_SM3_SM2_SIG: + return SM3_HASH_SIZE; # ifdef USE_PKCS1_PSS /* The PSS IDs are not part of the same range as the above OIDs, @@ -400,6 +404,10 @@ uint16_t psGetNamedSigAlgId(const char *name) { return sigalg_ecdsa_sha1; } + if (!Strcmp(name, "sm2sig_sm3")) + { + return sigalg_sm2sig_sm3; + } return 0; } @@ -424,6 +432,9 @@ psBool_t psIsEcdheGroup(uint16_t namedGroup) # endif # ifdef USE_SECP224R1 namedGroup == namedgroup_secp224r1 || +# endif +# ifdef USE_SM2 + namedGroup == namedgroup_curveSM2 || # endif namedGroup == namedgroup_x25519) { @@ -592,7 +603,6 @@ psBool_t psIsGroupSupported(uint16_t namedGroup) return PS_TRUE; } # endif - return PS_FALSE; } @@ -634,6 +644,10 @@ uint16_t psGetNamedGroupId(const char *name) { return namedgroup_ffdhe8192; } + if (!Strcmp(name, "curveSM2")) + { + return namedgroup_curveSM2; + } return 0; } @@ -650,6 +664,11 @@ psBool_t psVerifyNeedPreHash(int32_t sigAlg) return PS_FALSE; } # endif - +# if defined(USE_SM2) && defined(USE_SM3) + if (sigAlg == OID_SM3_SM2_SIG) + { + return PS_FALSE; + } +# endif return PS_TRUE; } diff --git a/crypto/common/digest_info.c b/crypto/common/digest_info.c index f7d9a54..ca8ff68 100644 --- a/crypto/common/digest_info.c +++ b/crypto/common/digest_info.c @@ -5,7 +5,7 @@ * Static DigestInfo prefixes and querying functions for PKCS #1.5. */ /* - * Copyright (c) 2018 INSIDE Secure Corporation + * Copyright (c) 2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/cryptoApi.h b/crypto/cryptoApi.h index 7c2d196..e83d54d 100644 --- a/crypto/cryptoApi.h +++ b/crypto/cryptoApi.h @@ -5,7 +5,7 @@ * Prototypes for the Matrix crypto public APIs. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. @@ -205,6 +205,7 @@ typedef enum HMAC_SHA1, HMAC_SHA256, HMAC_SHA384, + HMAC_SM3, } psCipherType_e; diff --git a/crypto/cryptoCheck.h b/crypto/cryptoCheck.h index d01d347..2bbf64d 100644 --- a/crypto/cryptoCheck.h +++ b/crypto/cryptoCheck.h @@ -5,7 +5,7 @@ * Configuration validation/sanity checks. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/cryptoImpl.h b/crypto/cryptoImpl.h index 098588f..f8ba348 100644 --- a/crypto/cryptoImpl.h +++ b/crypto/cryptoImpl.h @@ -5,7 +5,7 @@ * Include common include files for compiling part of MatrixSSL's crypto. */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/crypto_sign/ps_ed25519.c b/crypto/crypto_sign/ps_ed25519.c index c71ee17..975f421 100644 --- a/crypto/crypto_sign/ps_ed25519.c +++ b/crypto/crypto_sign/ps_ed25519.c @@ -5,7 +5,7 @@ * Implementation for Matrix Ed25519 interface. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/crypto_sign/ps_ed25519.h b/crypto/crypto_sign/ps_ed25519.h index 143cf18..0197565 100644 --- a/crypto/crypto_sign/ps_ed25519.h +++ b/crypto/crypto_sign/ps_ed25519.h @@ -5,7 +5,7 @@ * Matrix Ed25519 interface. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/cryptolib.h b/crypto/cryptolib.h index 2268f7d..e3b525f 100644 --- a/crypto/cryptolib.h +++ b/crypto/cryptolib.h @@ -5,7 +5,7 @@ * Header file for definitions used with crypto lib. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. @@ -162,6 +162,30 @@ extern int32_t psGetPrngLocked(unsigned char *bytes, psSize_t size, # define OID_MD5_ALG_STR "1.2.840.113549.2.5" # define OID_MD5_ALG 649 # define OID_MD5_ALG_HEX "\x06\x08\x2A\x86\x48\x86\xF7\x0D\x02\x05" +# define OID_SM3_ALG_STR "1.2.156.10197.1.401" +# define OID_SM3_ALG 640 +# define OID_SM3_ALG_HEX "\x06\x08\x2A\x81\x1C\xCF\x55\x01\x83\x11" +# define OID_HMAC_WITH_SHA1_STR "1.2.840.113549.2.7" +# define OID_HMAC_WITH_SHA1 (651 + OID_COLLISION) +# define OID_HMAC_WITH_SHA1_HEX "\x06\x08\x2A\x86\x48\x86\xF7\x0D\x02\x07" +# define OID_HMAC_WITH_SHA224_STR "1.2.840.113549.2.8" +# define OID_HMAC_WITH_SHA224 (652 + OID_COLLISION * 3) +# define OID_HMAC_WITH_SHA224_HEX "\x06\x08\x2A\x86\x48\x86\xF7\x0D\x02\x08" +# define OID_HMAC_WITH_SHA256_STR "1.2.840.113549.2.9" +# define OID_HMAC_WITH_SHA256 (653 + OID_COLLISION) +# define OID_HMAC_WITH_SHA256_HEX "\x06\x08\x2A\x86\x48\x86\xF7\x0D\x02\x09" +# define OID_HMAC_WITH_SHA384_STR "1.2.840.113549.2.10" +# define OID_HMAC_WITH_SHA384 (654 + OID_COLLISION * 2) +# define OID_HMAC_WITH_SHA384_HEX "\x06\x08\x2A\x86\x48\x86\xF7\x0D\x02\x0A" +# define OID_HMAC_WITH_SHA512_STR "1.2.840.113549.2.11" +# define OID_HMAC_WITH_SHA512 (655 + OID_COLLISION * 2) +# define OID_HMAC_WITH_SHA512_HEX "\x06\x08\x2A\x86\x48\x86\xF7\x0D\x02\x0B" +# define OID_HMAC_WITH_SHA512_224_STR "1.2.840.113549.2.12" +# define OID_HMAC_WITH_SHA512_224 (656 + OID_COLLISION * 2) +# define OID_HMAC_WITH_SHA512_224_HEX "\x06\x08\x2A\x86\x48\x86\xF7\x0D\x02\x0C" +# define OID_HMAC_WITH_SHA512_256_STR "1.2.840.113549.2.13" +# define OID_HMAC_WITH_SHA512_256 (657 + OID_COLLISION * 2) +# define OID_HMAC_WITH_SHA512_256_HEX "\x06\x08\x2A\x86\x48\x86\xF7\x0D\x02\x0D" /* Signature algorithms */ # define OID_MD2_RSA_SIG_STR "1.2.840.113549.1.1.2" @@ -215,6 +239,9 @@ extern int32_t psGetPrngLocked(unsigned char *bytes, psSize_t size, # define OID_SHA512_ECDSA_SIG_STR "1.2.840.10045.4.3.4" # define OID_SHA512_ECDSA_SIG 526 # define OID_SHA512_ECDSA_SIG_HEX "\x06\x08\x2A\x86\x48\xCE\x3D\x04\x03\x04" +# define OID_SM3_SM2_SIG_STR "1.2.156.10197.1.501" +# define OID_SM3_SM2_SIG 740 +# define OID_SM3_SM2_SIG_HEX "\x06\x08\x2A\x81\x1C\xCF\x55\x01\x83\x75" /* The SSL 3.0, TLS 1.0/1.1 MD5-SHA1 based signature scheme for RSA. Not based on an OID (because there isn't one). @@ -240,6 +267,9 @@ extern int32_t psGetPrngLocked(unsigned char *bytes, psSize_t size, # define OID_ED25519_KEY_STR "1.3.101.112" # define OID_ED25519_KEY_ALG 256 # define OID_ED25519_KEY_ALG_HEX "\x06\x03\x2B\x65\x70" +# define OID_SM2_KEY_ALG_STR "1.2.156.10197.1.301.3" +# define OID_SM2_KEY_ALG (670 + OID_COLLISION) +# define OID_SM2_KEY_ALG_HEX "\x06\x09\x2A\x81\x1C\xCF\x55\x01\x82\x2D\x03" /* Encryption algorithms */ # define OID_DES_EDE3_CBC_STR "1.2.840.113549.3.7" @@ -434,6 +464,7 @@ extern int32_t psGetPrngLocked(unsigned char *bytes, psSize_t size, # define sigalg_rsa_pss_pss_sha512 0x080b # define sigalg_rsa_pkcs1_sha1 0x0201 # define sigalg_ecdsa_sha1 0x0203 +# define sigalg_sm2sig_sm3 0x0708 /* TLS 1.3 NamedGroup values. */ # define namedgroup_secp192r1 0x0013 @@ -451,6 +482,7 @@ extern int32_t psGetPrngLocked(unsigned char *bytes, psSize_t size, # define namedgroup_ffdhe4096 0x0102 # define namedgroup_ffdhe6144 0x0103 # define namedgroup_ffdhe8192 0x0104 +# define namedgroup_curveSM2 0x0029 /******************************************************************************/ /* These values are all mutually exlusive bits to define Cipher flags */ @@ -461,14 +493,16 @@ extern int32_t psGetPrngLocked(unsigned char *bytes, psSize_t size, # define CRYPTO_FLAGS_SEED (1 << 4) # define CRYPTO_FLAGS_IDEA (1 << 5) # define CRYPTO_FLAGS_CHACHA (1 << 6) /* Short for CHACHA20_POLY1305_IETF */ +# define CRYPTO_FLAGS_SM4 (1 << 7) # define CRYPTO_FLAGS_SHA1 (1 << 8) # define CRYPTO_FLAGS_SHA2 (1 << 9) # define CRYPTO_FLAGS_SHA3 (1 << 10) # define CRYPTO_FLAGS_GCM (1 << 11) # define CRYPTO_FLAGS_CCM (1 << 12) -# define CRYPTO_FLAGS_CCM8 (1 << 13)/* CCM mode with 8 byte ICV */ +# define CRYPTO_FLAGS_CCM_8 (1 << 13)/* CCM mode with 8 byte ICV */ # define CRYPTO_FLAGS_MD5 (1 << 14) +# define CRYPTO_FLAGS_SM3 (1 << 15) # define CRYPTO_FLAGS_TLS (1 << 16) # define CRYPTO_FLAGS_TLS_1_1 (1 << 17) diff --git a/crypto/digest/digest.h b/crypto/digest/digest.h index 80523a9..9617da2 100644 --- a/crypto/digest/digest.h +++ b/crypto/digest/digest.h @@ -5,7 +5,7 @@ * Header for internal symmetric key cryptography support. */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. @@ -45,6 +45,7 @@ # define MD2_HASH_SIZE 16 # define MD5_HASH_SIZE 16 # define MD5SHA1_HASH_SIZE 36 +# define SM3_HASH_SIZE 32 # define SHA1_HASHLEN 20 # define SHA224_HASHLEN 28 @@ -55,12 +56,13 @@ # define MD4_HASHLEN 16 # define MD5_HASHLEN 16 # define MD5SHA1_HASHLEN 36 +# define SM3_HASHLEN 32 # if defined(USE_SHA512) # define MAX_HASH_SIZE SHA512_HASHLEN # elif defined(USE_SHA384) # define MAX_HASH_SIZE SHA384_HASHLEN -# elif defined(USE_SHA256) +# elif defined(USE_SHA256) || defined(USE_SM3) # define MAX_HASH_SIZE SHA256_HASHLEN # else # define MAX_HASH_SIZE SHA1_HASHLEN @@ -108,6 +110,9 @@ typedef struct # endif # ifdef USE_MD4 psMd4_t md4; +# endif +# ifdef USE_SM3 + psSm3_t sm3; # endif } u; int32_t hashAlgId; @@ -128,6 +133,9 @@ typedef struct # endif # ifdef USE_HMAC_SHA384 psHmacSha384_t sha384; +# endif +# ifdef USE_HMAC_SM3 + psHmacSm3_t sm3; # endif } u; uint8_t type; /* psCipherType_e */ diff --git a/crypto/digest/digest_libsodium.c b/crypto/digest/digest_libsodium.c index 7390766..d8036bc 100644 --- a/crypto/digest/digest_libsodium.c +++ b/crypto/digest/digest_libsodium.c @@ -5,7 +5,7 @@ * Digest compatibility layer between MatrixSSL and libsodium. */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/digest/digest_libsodium.h b/crypto/digest/digest_libsodium.h index 723aaf4..2bd841a 100644 --- a/crypto/digest/digest_libsodium.h +++ b/crypto/digest/digest_libsodium.h @@ -5,7 +5,7 @@ * Header for libsodium crypto Layer. */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/digest/digest_matrix.h b/crypto/digest/digest_matrix.h index 1c48554..be497b4 100644 --- a/crypto/digest/digest_matrix.h +++ b/crypto/digest/digest_matrix.h @@ -5,7 +5,7 @@ * Header for internal digest support. */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/digest/digest_openssl.c b/crypto/digest/digest_openssl.c index 6ac7ec1..eb0bfb4 100644 --- a/crypto/digest/digest_openssl.c +++ b/crypto/digest/digest_openssl.c @@ -5,7 +5,7 @@ * Digest compatibility layer between MatrixSSL and OpenSSL. */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/digest/digest_openssl.h b/crypto/digest/digest_openssl.h index f50465c..0227ba5 100644 --- a/crypto/digest/digest_openssl.h +++ b/crypto/digest/digest_openssl.h @@ -5,7 +5,7 @@ * Header for OpenSSL Crypto Layer. */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/digest/hash.c b/crypto/digest/hash.c index 55d7ce2..2824370 100644 --- a/crypto/digest/hash.c +++ b/crypto/digest/hash.c @@ -6,7 +6,7 @@ * Supports SHA-256, SHA-384 and SHA-512. */ /* - * Copyright (c) 2013-2019 INSIDE Secure Corporation + * Copyright (c) 2013-2019 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -19,8 +19,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/digest/hkdf.c b/crypto/digest/hkdf.c index a9af124..a9599ea 100644 --- a/crypto/digest/hkdf.c +++ b/crypto/digest/hkdf.c @@ -5,7 +5,7 @@ * HKDF (RFC 5869) implementation. */ /* - * Copyright (c) 2018 INSIDE Secure Corporation + * Copyright (c) 2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. @@ -61,7 +61,8 @@ int32_t psHkdfExpand(psCipherType_e hmacAlg, #endif if (hmacAlg != HMAC_MD5 && hmacAlg != HMAC_SHA1 && - hmacAlg != HMAC_SHA256 && hmacAlg != HMAC_SHA384) + hmacAlg != HMAC_SHA256 && hmacAlg != HMAC_SHA384 + ) { return PS_ARG_FAIL; } @@ -149,7 +150,8 @@ int32_t psHkdfExtract(psCipherType_e hmacAlg, int32_t rc; if (hmacAlg != HMAC_MD5 && hmacAlg != HMAC_SHA1 && - hmacAlg != HMAC_SHA256 && hmacAlg != HMAC_SHA384) + hmacAlg != HMAC_SHA256 && hmacAlg != HMAC_SHA384 + ) { return PS_ARG_FAIL; } diff --git a/crypto/digest/hmac.c b/crypto/digest/hmac.c index c533d3d..c4c498f 100644 --- a/crypto/digest/hmac.c +++ b/crypto/digest/hmac.c @@ -5,7 +5,7 @@ * HMAC implementation. */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/digest/md2.c b/crypto/digest/md2.c index e5250a0..d64303a 100644 --- a/crypto/digest/md2.c +++ b/crypto/digest/md2.c @@ -5,7 +5,7 @@ * MD2 hash implementation. */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/digest/md4.c b/crypto/digest/md4.c index a9110a5..31a5ffd 100644 --- a/crypto/digest/md4.c +++ b/crypto/digest/md4.c @@ -5,7 +5,7 @@ * MD4 hash implementation. */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/digest/md5.c b/crypto/digest/md5.c index 070342f..593e388 100644 --- a/crypto/digest/md5.c +++ b/crypto/digest/md5.c @@ -5,7 +5,7 @@ * MD5 hash implementation. */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/digest/md5sha1.c b/crypto/digest/md5sha1.c index 4f7b7e7..7d42606 100644 --- a/crypto/digest/md5sha1.c +++ b/crypto/digest/md5sha1.c @@ -5,7 +5,7 @@ * Combined MD5+SHA1 hash for SSL 3.0 and TLS 1.0/1.1 handshake hash. */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/digest/sha1.c b/crypto/digest/sha1.c index 342fdbb..dc6f1a0 100644 --- a/crypto/digest/sha1.c +++ b/crypto/digest/sha1.c @@ -5,7 +5,7 @@ * SHA1 hash implementation. */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/digest/sha256.c b/crypto/digest/sha256.c index 49794ed..3cb0dec 100644 --- a/crypto/digest/sha256.c +++ b/crypto/digest/sha256.c @@ -5,7 +5,7 @@ * SHA256 hash implementation. */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/digest/sha256_standalone.c b/crypto/digest/sha256_standalone.c index a6f7d1b..2c384d6 100644 --- a/crypto/digest/sha256_standalone.c +++ b/crypto/digest/sha256_standalone.c @@ -5,7 +5,7 @@ * SHA256 hash implementation. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/digest/sha256_standalone.h b/crypto/digest/sha256_standalone.h index e8f25fe..0edf1f6 100644 --- a/crypto/digest/sha256_standalone.h +++ b/crypto/digest/sha256_standalone.h @@ -5,7 +5,7 @@ * Header for sha256 standalone use. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/digest/sha512.c b/crypto/digest/sha512.c index f067669..4403b26 100644 --- a/crypto/digest/sha512.c +++ b/crypto/digest/sha512.c @@ -5,7 +5,7 @@ * SHA256 hash implementation. */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/keyformat/asn1.c b/crypto/keyformat/asn1.c index a44adae..3c1c30f 100644 --- a/crypto/keyformat/asn1.c +++ b/crypto/keyformat/asn1.c @@ -5,7 +5,7 @@ * DER/BER coding. */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. @@ -630,6 +630,13 @@ static void checkAsnOidDatabase(int32_t *oi, case OID_MD2_ALG: oid_hex = OID_MD2_ALG_HEX; break; case OID_MD4_ALG: oid_hex = OID_MD4_ALG_HEX; break; case OID_MD5_ALG: oid_hex = OID_MD5_ALG_HEX; break; + case OID_HMAC_WITH_SHA1: oid_hex = OID_HMAC_WITH_SHA1_HEX; break; + case OID_HMAC_WITH_SHA224: oid_hex = OID_HMAC_WITH_SHA224_HEX; break; + case OID_HMAC_WITH_SHA256: oid_hex = OID_HMAC_WITH_SHA256_HEX; break; + case OID_HMAC_WITH_SHA384: oid_hex = OID_HMAC_WITH_SHA384_HEX; break; + case OID_HMAC_WITH_SHA512: oid_hex = OID_HMAC_WITH_SHA512_HEX; break; + case OID_HMAC_WITH_SHA512_224: oid_hex = OID_HMAC_WITH_SHA512_224_HEX; break; + case OID_HMAC_WITH_SHA512_256: oid_hex = OID_HMAC_WITH_SHA512_256_HEX; break; case OID_MD2_RSA_SIG: oid_hex = OID_MD2_RSA_SIG_HEX; break; case OID_MD4_RSA_SIG: oid_hex = OID_MD4_RSA_SIG_HEX; break; case OID_MD5_RSA_SIG: oid_hex = OID_MD5_RSA_SIG_HEX; break; @@ -647,6 +654,7 @@ static void checkAsnOidDatabase(int32_t *oi, case OID_SHA256_ECDSA_SIG: oid_hex = OID_SHA256_ECDSA_SIG_HEX; break; case OID_SHA384_ECDSA_SIG: oid_hex = OID_SHA384_ECDSA_SIG_HEX; break; case OID_SHA512_ECDSA_SIG: oid_hex = OID_SHA512_ECDSA_SIG_HEX; break; + case OID_SM3_SM2_SIG: oid_hex = OID_SM3_SM2_SIG_HEX; break; case OID_RSA_KEY_ALG: oid_hex = OID_RSA_KEY_ALG_HEX; break; case OID_DSA_KEY_ALG: oid_hex = OID_DSA_KEY_ALG_HEX; break; case OID_ECDSA_KEY_ALG: oid_hex = OID_ECDSA_KEY_ALG_HEX; break; diff --git a/crypto/keyformat/asn1.h b/crypto/keyformat/asn1.h index 087ffa2..cc93a98 100644 --- a/crypto/keyformat/asn1.h +++ b/crypto/keyformat/asn1.h @@ -5,7 +5,7 @@ * ASN.1 header. */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. @@ -109,7 +109,7 @@ extern int32_t getAsnOID(const unsigned char **pp, psSizeL_t size, uint8_t checkForParams, psSize_t *paramLen); # define MAX_OID_LEN 16 /**< Maximum number of segments in OID */ -# define MAX_OID_BYTES 32 /**< Maximum number of bytes in OID. */ +# define MAX_OID_BYTES 48 /**< Maximum number of bytes in OID. */ # define MAX_OID_PRINTED_LEN_NAMED 64 /* Maximum length of known OID in printed form. */ # define MAX_OID_PRINTED_LEN_BYTES (4 * MAX_OID_BYTES) /* Maximum length of diff --git a/crypto/keyformat/asn1fmt.c b/crypto/keyformat/asn1fmt.c index 326b16c..bee6958 100644 --- a/crypto/keyformat/asn1fmt.c +++ b/crypto/keyformat/asn1fmt.c @@ -5,7 +5,7 @@ * ASN.1 Parsing: convenience functions for formatting ASN.1. */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/keyformat/base64.c b/crypto/keyformat/base64.c index 519fe25..00277f6 100644 --- a/crypto/keyformat/base64.c +++ b/crypto/keyformat/base64.c @@ -5,7 +5,7 @@ * Base64 operations. */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/keyformat/crl.c b/crypto/keyformat/crl.c index 396870d..239d63e 100644 --- a/crypto/keyformat/crl.c +++ b/crypto/keyformat/crl.c @@ -5,7 +5,7 @@ * Certificate Revocation List tools */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * All Rights Reserved * * The latest version of this code is available at http://www.matrixssl.org @@ -17,8 +17,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/keyformat/pbkdf2.c b/crypto/keyformat/pbkdf2.c new file mode 100644 index 0000000..a719d9c --- /dev/null +++ b/crypto/keyformat/pbkdf2.c @@ -0,0 +1,55 @@ +/** + * @file pbkdf2.c + * @version $Format:%h%d$ + * + * PBKDF2. + */ + +/* + * Copyright (c) 2020 Rambus Inc. + * All Rights Reserved + * + * The latest version of this code is available at http://www.matrixssl.org + * + * This software is open source; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This General Public License does NOT permit incorporating this software + * into proprietary programs. If you are unable to comply with the GPL, a + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ + * + * This program is distributed in WITHOUT ANY WARRANTY; without even the + * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + * See the GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + * http://www.gnu.org/copyleft/gpl.html + */ +/******************************************************************************/ + +#include "../cryptoImpl.h" + +#ifdef USE_PRIVATE_KEY_PARSING +# ifdef MATRIX_USE_FILE_SYSTEM +# ifdef USE_PKCS8 +# ifdef USE_PKCS12 + +int32 pkcs12pbkdf2(psPool_t *pool, int32 hash_alg, + const unsigned char *password, uint32 passLen, + const unsigned char *salt, int saltLen, uint32 keyLen, + uint16 count, unsigned char **out) +{ + psTraceCrypto("PBES2 key derivation not supported.\n"); + return PS_PARSE_FAIL; +} + +# endif /* USE_PKCS12 */ +# endif /* USE_PKCS8 */ +# endif /* MATRIX_USE_FILE_SYSTEM */ +#endif /* USE_PRIVATE_KEY_PARSING */ +/******************************************************************************/ diff --git a/crypto/keyformat/pem_decode_file.c b/crypto/keyformat/pem_decode_file.c index 438cada..d6b72fd 100644 --- a/crypto/keyformat/pem_decode_file.c +++ b/crypto/keyformat/pem_decode_file.c @@ -6,7 +6,7 @@ * pem_decode_mem.c */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -19,8 +19,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/keyformat/pem_decode_mem.c b/crypto/keyformat/pem_decode_mem.c index ed07c49..edb991c 100644 --- a/crypto/keyformat/pem_decode_mem.c +++ b/crypto/keyformat/pem_decode_mem.c @@ -5,7 +5,7 @@ * Functions for in-memory PEM decoding. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/keyformat/pkcs.c b/crypto/keyformat/pkcs.c index b5a2632..de66ab0 100644 --- a/crypto/keyformat/pkcs.c +++ b/crypto/keyformat/pkcs.c @@ -6,7 +6,7 @@ */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -19,8 +19,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. @@ -55,12 +55,14 @@ int32_t pkcs1Pad(const unsigned char *in, psSize_t inlen, unsigned char *c; uint32_t randomLen; - randomLen = outlen - 3 - inlen; - if (randomLen < 8) + if (outlen < 3 + inlen + 8) { psTraceCrypto("pkcs1Pad failure\n"); return PS_LIMIT_FAIL; } + + randomLen = outlen - 3 - inlen; + c = out; *c = 0x00; c++; @@ -212,6 +214,12 @@ int32_t pkcs1Unpad(const unsigned char *in, # ifdef MATRIX_USE_FILE_SYSTEM # ifdef USE_PKCS8 # ifdef USE_PKCS12 + +int32 pkcs12pbkdf2(psPool_t *pool, int32 hash_alg, + const unsigned char *password, uint32 passLen, + const unsigned char *salt, int saltLen, uint32 keyLen, + uint16 count, unsigned char **out); + /******************************************************************************/ /* A PKCS #7 ContentInfo, whose contentType is signedData in public-key @@ -280,15 +288,22 @@ static int32 psParseIntegrityMode(const unsigned char **buf, int32 totLen) Assumptions: hash is SHA-1, password is < 128 bytes */ static int32 pkcs12pbe(psPool_t *pool, unsigned char *password, uint32 passLen, - unsigned char *salt, int saltLen, int32 iter, int32 id, + unsigned char *salt, int saltLen, int32 iter, int32 id, int32 oi, unsigned char **out, uint32 *outlen) { psSha1_t ctx; + psSha256_t sha256ctx; pstm_int bigb, bigone, bigtmp; - unsigned char diversifier[64], saltpass[192], hash[SHA1_HASH_SIZE]; + unsigned char diversifier[64], saltpass[192], hash[SHA256_HASH_SIZE]; unsigned char B[65]; unsigned char *p, *front; int32 i, j, copy, count, cpyLen, binsize, plen; + uint32 hash_size = 20; + + if (oi == OID_SHA256_ALG) + { + hash_size = 32; + } *out = NULL; Memset(diversifier, id, 64); @@ -317,13 +332,13 @@ static int32 pkcs12pbe(psPool_t *pool, unsigned char *password, uint32 passLen, saltpass[64 + i] = password[i % passLen]; } - if (*outlen == SHA1_HASH_SIZE) + if (*outlen == hash_size) { count = 1; } else { - count = (*outlen / SHA1_HASH_SIZE) + 1; + count = (*outlen / hash_size) + 1; } cpyLen = *outlen; @@ -335,18 +350,35 @@ static int32 pkcs12pbe(psPool_t *pool, unsigned char *password, uint32 passLen, while (count) { - psSha1Init(&ctx); - psSha1Update(&ctx, diversifier, 64); - psSha1Update(&ctx, saltpass, 64 + plen); - psSha1Final(&ctx, hash); - for (j = 1; j < iter; j++) + if (hash_size == 20) { psSha1Init(&ctx); - psSha1Update(&ctx, hash, SHA1_HASH_SIZE); + psSha1Update(&ctx, diversifier, 64); + psSha1Update(&ctx, saltpass, 64 + plen); psSha1Final(&ctx, hash); + for (j = 1; j < iter; j++) + { + psSha1Init(&ctx); + psSha1Update(&ctx, hash, SHA1_HASH_SIZE); + psSha1Final(&ctx, hash); + } + } + else + if (hash_size == 32) + { + psSha256Init(&sha256ctx); + psSha256Update(&sha256ctx, diversifier, 64); + psSha256Update(&sha256ctx, saltpass, 64 + plen); + psSha256Final(&sha256ctx, hash); + for (j = 1; j < iter; j++) + { + psSha256Init(&sha256ctx); + psSha256Update(&sha256ctx, hash, SHA256_HASH_SIZE); + psSha256Final(&sha256ctx, hash); + } } /* Copy into outgoing key now */ - copy = min(cpyLen, SHA1_HASH_SIZE); + copy = min(cpyLen, hash_size); Memcpy(p, hash, copy); p += copy; count--; @@ -357,7 +389,7 @@ static int32 pkcs12pbe(psPool_t *pool, unsigned char *password, uint32 passLen, /* manipulate saltpass */ for (j = 0; j < 64; j++) { - B[j] = hash[j % SHA1_HASH_SIZE]; + B[j] = hash[j % hash_size]; } if (pstm_init_for_read_unsigned_bin(pool, &bigb, 64) < 0) { @@ -470,12 +502,12 @@ static int32 pkcs12import(psPool_t *pool, const unsigned char **buf, psCipherContext_t ctx; const unsigned char *p, *start, *end; unsigned char *iv, *decryptKey, *pt; - unsigned char salt[8]; + unsigned char salt[8] = {0}; int32 rc, oi, asnint; uint32_t keyLen, ivLen; psSize_t tmplen, tmpint; short cipher; - const short armor = PBE12; + short armor = PBE12; *plaintext = NULL; *ptLen = 0; @@ -507,6 +539,10 @@ static int32 pkcs12import(psPool_t *pool, const unsigned char **buf, cipher = AUTH_SAFE_3DES; keyLen = DES3_KEYLEN; } + else if (oi == OID_PKCS_PBES2) + { + armor = PBES2; + } else { psTraceIntCrypto("Unsupported PBE algorithm %d\n", oi); @@ -544,14 +580,14 @@ static int32 pkcs12import(psPool_t *pool, const unsigned char **buf, return PS_PARSE_FAIL; } if (pkcs12pbe(pool, password, passLen, salt, 8, asnint, - PKCS12_KEY_ID, &decryptKey, &keyLen) < 0) + PKCS12_KEY_ID, 0, &decryptKey, &keyLen) < 0) { psTraceCrypto("Error generating pkcs12 key\n"); return PS_UNSUPPORTED_FAIL; } ivLen = 8; if (pkcs12pbe(pool, password, passLen, salt, 8, asnint, - PKCS12_IV_ID, &iv, &ivLen) < 0) + PKCS12_IV_ID, 0, &iv, &ivLen) < 0) { psTraceCrypto("Error generating pkcs12 iv\n"); if (decryptKey) @@ -562,6 +598,238 @@ static int32 pkcs12import(psPool_t *pool, const unsigned char **buf, return PS_UNSUPPORTED_FAIL; } } + else /* (armor == PBES2) */ + { + const unsigned char *end_KDF, *end_ENC, *p_salt; + int prf_oi, salt_oi, enc_oi, count; + psSize_t salt_len = 0; + /* PBES2 */ + /* + PBES2-params ::= SEQUENCE { + keyDerivationFunc AlgorithmIdentifier {{PBES2-KDFs}}, + encryptionScheme AlgorithmIdentifier {{PBES2-Encs}} + } + */ + if ((rc = getAsnSequence(&p, (int32) (end - p), &tmplen)) < 0) + { + psTraceCrypto("Initial PBE2 parse failure\n"); + return rc; + } + + end_ENC = p + tmplen; + + if ((rc = getAsnSequence(&p, (int32) (end_ENC - p), &tmplen)) < 0) + { + psTraceCrypto("Initial PBKDF2 parse failure\n"); + return rc; + } + + end_KDF = p + tmplen; + + /* + PBES2-KDFs ALGORITHM-IDENTIFIER ::= { + {PBKDF2-params IDENTIFIED BY id-PBKDF2}, + ... + } + */ + if ((rc = getAsnOID(&p, (int32) (end_KDF - p), &prf_oi, 0, &tmpint)) < 0) + { + psTraceCrypto("PBKDF2 algorithm parse failure\n"); + return rc; + } + + /* if ( oi == OID_PKCS_PBKDF2 ) */ + /* + PBKDF2-params ::= SEQUENCE { + salt CHOICE { + specified OCTET STRING, + otherSource AlgorithmIdentifier {{PBKDF2-SaltSources}} + }, + iterationCount INTEGER (1..MAX), + keyLength INTEGER (1..MAX) OPTIONAL, + prf AlgorithmIdentifier {{PBKDF2-PRFs}} + DEFAULT algid-hmacWithSHA1 + } + */ + if ((rc = getAsnSequence(&p, (int32) (end_KDF - p), &tmplen)) < 0) + { + psTraceCrypto("PBKDF2 param parse failure\n"); + return rc; + } + + /* + salt CHOICE { + specified OCTET STRING, + otherSource AlgorithmIdentifier {{PBKDF2-SaltSources}} + }, + */ + if (tmplen > 0 && (*p == ASN_OCTET_STRING)) + { + /* salt len */ + p = p + 1; + if (getAsnLength(&p, (int32) (end_KDF - p), &tmplen) < 0 || + (uint32) (end_KDF - p) < tmplen) + { + psTraceCrypto("Bad salt length parsing import\n"); + return PS_PARSE_FAIL; + } + p_salt = p; + salt_len = tmplen; + p += tmplen; + salt_oi = -1; + } + else if ((rc = getAsnSequence(&p, (int32) (end_KDF - p), &tmplen)) < 0) + { + psTraceCrypto("Bad PBKDF2 salt parse\n"); + return rc; + } + else + { + /* salt source algorithm + * reserved for future version + * should not enter this branch for now. */ + if ((rc = getAsnOID(&p, (int32) (end_KDF - p), &salt_oi, 0, &tmpint)) < 0) + { + psTraceCrypto("PBKDF2 salt source algorithm parse failure\n"); + return rc; + } + psTraceCrypto("PBKDF2 salt source not supported\n"); + return PS_UNSUPPORTED_FAIL; + } + + /* iteration count */ + /* + iterationCount INTEGER (1..MAX), + */ + if ((rc = getAsnInteger(&p, (int32) (end_KDF - p), &count)) < 0) + { + psTraceCrypto("Bad PBKDF2 iteration count\n"); + return rc; + } + + /* key length */ + /* + keyLength INTEGER (1..MAX) OPTIONAL, + */ + if (*p == ASN_INTEGER) + { + if ((rc = getAsnInteger(&p, (int32) (end_KDF - p), + (int32_t*)&keyLen)) < 0) + { + psTraceCrypto("Bad PBES2 key length\n"); + return rc; + } + } + else + { + keyLen = -1; + } + + /* prf algorithm */ + /* + prf AlgorithmIdentifier {{PBKDF2-PRFs}} + DEFAULT algid-hmacWithSHA1 + */ + if ((rc = getAsnSequence(&p, (int32) (end_KDF - p), &tmplen)) < 0) + { + /* default prf is hmacWithSHA1 */ + prf_oi = OID_HMAC_WITH_SHA1; + } + else + { + if ((rc = getAsnOID(&p, (int32) (end_KDF - p), &prf_oi, + 0, &tmpint)) < 0) + { + psTraceCrypto("PBKDF2 prf algorithm parse failure\n"); + return rc; + } + if ((*p++ != ASN_NULL) || (*p++ != 0)) + { + psTraceCrypto("PBKDF2 prf algorithm parse failure\n"); + return PS_PARSE_FAIL; + } + } + if (p != end_KDF) + { + psTraceCrypto("PBKDF2 parse failure\n"); + return PS_PARSE_FAIL; + } + + /* + PBES2-Encs ALGORITHM-IDENTIFIER ::= { ... } + */ + if ((rc = getAsnSequence(&p, (int32) (end_ENC - p), &tmplen)) < 0) + { + psTraceCrypto("Initial PBES2-Enc parse failure\n"); + return rc; + } + + if ((rc = getAsnOID(&p, (int32) (end_ENC - p), &enc_oi, 0, &tmpint)) + < 0) + { + psTraceCrypto("PBES2 enc algorithm parse failure\n"); + return rc; + } + + switch (enc_oi) + { + case OID_AES_128_CBC: + case OID_AES_192_CBC: + case OID_AES_256_CBC: + if ((uint32) (end_ENC - p) < 18 || + (*p++ != ASN_OCTET_STRING) || + getAsnLength(&p, (int32) (end_ENC - p), &tmplen) < 0 || + tmplen != 16) + { + /* get iv set the cipher algorithm foe later use */ + psTraceCrypto("PBES2 enc algorithm aram parse failure\n"); + return PS_PARSE_FAIL; + } + if ((iv = psMalloc(pool, tmplen)) == NULL) + { + psTraceCrypto("Out-of-memory. \ + Increase SSL_KEY_POOL_SIZE\n"); + return PS_MEM_FAIL; + } + Memcpy(iv, p, tmplen); + ivLen = tmplen; + p += tmplen; + + switch (enc_oi) + { + case OID_AES_128_CBC: + keyLen = 16; + break; + case OID_AES_192_CBC: + keyLen = 24; + break; + case OID_AES_256_CBC: + keyLen = 32; + break; + } + break; + + default: + psTraceCrypto("PBE encryption algorithm not supported\n"); + return PS_UNSUPPORTED_FAIL; + } + cipher = enc_oi; + + if (p != end_ENC) + { + psTraceCrypto("PBES2-ENC parse failure\n"); + psFree(iv, pool); + return PS_PARSE_FAIL; + } + + if (pkcs12pbkdf2(pool, prf_oi, password, passLen, + p_salt, salt_len, keyLen, count, &decryptKey) < 0) + { + psTraceCrypto("Error generating pkcs12 key from password\n"); + psFree(iv, pool); + return PS_UNSUPPORTED_FAIL; + } + } /* Got the keys but we still need to find the start of the encrypted data. Have seen a few different BER variations at this point in the spec @@ -569,6 +837,7 @@ static int32 pkcs12import(psPool_t *pool, const unsigned char **buf, */ if ((uint32) (end - p) < 1) { + psFree(iv, pool); return PS_PARSE_FAIL; } if (*p == (ASN_CONTEXT_SPECIFIC | ASN_PRIMITIVE)) @@ -702,6 +971,31 @@ static int32 pkcs12import(psPool_t *pool, const unsigned char **buf, } # endif /* USE_RC2 */ + switch (cipher) + { + case OID_AES_128_CBC: + case OID_AES_192_CBC: + case OID_AES_256_CBC: + { + if ((rc = psAesInitCBC(&ctx.aes, iv, decryptKey, keyLen, + PS_AES_DECRYPT)) < 0) + { + memset_s(&ctx, sizeof(psCipherContext_t), 0x0, + sizeof(psCipherContext_t)); + if (decryptKey) + { + memset_s(decryptKey, keyLen, 0x0, keyLen); + psFree(decryptKey, pool); + } + psFree(iv, pool); + psFree(pt, pool); + return rc; + } + psAesDecryptCBC(&ctx.aes, p, pt, tmplen); + } + break; + } + if (decryptKey) { memset_s(decryptKey, keyLen, 0x0, keyLen); @@ -709,8 +1003,10 @@ static int32 pkcs12import(psPool_t *pool, const unsigned char **buf, } psFree(iv, pool); + *plaintext = pt; *ptLen = tmplen; + return (int32) (p - start); } @@ -1136,13 +1432,14 @@ int32 psPkcs12ParseMem(psPool_t *pool, psX509Cert_t **cert, psPubKey_t *privKey, int32 pLen, unsigned char *macPass, int32 macPassLen) { psHmacSha1_t hmac; + psHmacSha256_t sha256hmac; const unsigned char *p, *end, *macStart, *macEnd; unsigned char *macKey; unsigned char iwidePass[128]; /* 63 char password max */ unsigned char mwidePass[128]; - unsigned char mac[SHA1_HASH_SIZE]; + unsigned char mac[SHA256_HASH_SIZE]; unsigned char macSalt[20]; - unsigned char digest[SHA1_HASH_SIZE]; + unsigned char digest[SHA256_HASH_SIZE]; psSize_t tmplen, tmpint; uint32 digestLen, macKeyLen; int32 i, j, rc, mpassLen, ipassLen, integrity, oi, asnint; @@ -1293,7 +1590,7 @@ int32 psPkcs12ParseMem(psPool_t *pool, psX509Cert_t **cert, psPubKey_t *privKey, of the content field of the authSafe field in the PFX PDU */ macKeyLen = 20; if (pkcs12pbe(pool, mwidePass, mpassLen, macSalt, tmplen, - asnint, PKCS12_MAC_ID, &macKey, &macKeyLen) < 0) + asnint, PKCS12_MAC_ID, 0, &macKey, &macKeyLen) < 0) { psTraceCrypto("Error generating pkcs12 hmac key\n"); rc = PS_UNSUPPORTED_FAIL; @@ -1312,6 +1609,29 @@ int32 psPkcs12ParseMem(psPool_t *pool, psX509Cert_t **cert, psPubKey_t *privKey, } } else + if (oi == OID_SHA256_ALG) + { + macKeyLen = SHA256_HASH_SIZE; + if (pkcs12pbe(pool, mwidePass, mpassLen, macSalt, tmplen, + asnint, PKCS12_MAC_ID, OID_SHA256_ALG, &macKey, &macKeyLen) < 0) + { + psTraceCrypto("Error generating pkcs12 hmac key\n"); + rc = PS_UNSUPPORTED_FAIL; + goto ERR_PARSE; + } + digestLen = (uint32) (macEnd - macStart); + psHmacSha256Init(&sha256hmac, macKey, macKeyLen); + psHmacSha256Update(&sha256hmac, macStart, digestLen); + psHmacSha256Final(&sha256hmac, mac); + psFree(macKey, pool); + if (Memcmp(digest, mac, SHA256_HASH_SIZE) != 0) + { + psTraceCrypto("CAUTION: PKCS#12 MAC did not validate\n"); + rc = PS_AUTH_FAIL; + goto ERR_PARSE; + } + } + else { psTraceCrypto("PKCS#12 must use SHA1 HMAC validation\n"); rc = PS_UNSUPPORTED_FAIL; diff --git a/crypto/keyformat/x509.c b/crypto/keyformat/x509.c index d0db849..8fcf9ab 100644 --- a/crypto/keyformat/x509.c +++ b/crypto/keyformat/x509.c @@ -5,7 +5,7 @@ * X.509 Parser. */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. @@ -1203,7 +1203,9 @@ static int parse_single_cert(psPool_t *pool, const unsigned char **pp, /* Most algorithms and APIs use pre-hashing before signature verification. Others (such as Ed25519) want the original message (i.e. TBSCertificate) as input data. */ -# if defined(USE_ROT_CRYPTO) || defined(USE_ED25519) || (defined(USE_CL_RSA) && defined(USE_PKCS1_PSS)) +# if defined(USE_ROT_CRYPTO) || defined(USE_ED25519)\ + || (defined(USE_CL_RSA) && defined(USE_PKCS1_PSS))\ + || (defined(USE_SM2) && defined(USE_SM3)) if (!psVerifyNeedPreHash(cert->certAlgorithm)) { /* Skip pre-hashing and instead buffer the TBS. */ @@ -3904,6 +3906,29 @@ int32_t parsePolicyMappings(psPool_t *pool, # endif /* USE_CERT_POLICY_EXTENSIONS */ # ifdef USE_CRL +static +int32_t getAsnLengthWithPointers( + const unsigned char **pp, + const unsigned char *currentPtr, + const unsigned char *endPtr, + psSize_t *asnLength) +{ + int32_t result = PS_PARSE_FAIL; + + if (endPtr > currentPtr) + { + psSizeL_t len = endPtr - currentPtr; + + if ((getAsnLength(pp, len, asnLength) == PS_SUCCESS) && + (len >= *asnLength)) + { + result = PS_SUCCESS; + } + } + + return result; +} + static int32_t parseAuthorityInfoAccess(psPool_t *pool, const unsigned char *p, @@ -3940,7 +3965,7 @@ int32_t parseAuthorityInfoAccess(psPool_t *pool, /* AuthorityInfoAccessSyntax. */ if (getAsnSequence(&p, (int32) (extEnd - p), &len) < 0) { - psTraceCrypto("Error parsing authKeyId extension\n"); + psTraceCrypto("Error parsing authInfo extension\n"); return PS_PARSE_FAIL; } @@ -3990,7 +4015,7 @@ int32_t parseAuthorityInfoAccess(psPool_t *pool, /* AccessDescription. */ if (getAsnSequence(&p, (int32) (extEnd - p), &adLen) < 0) { - psTraceCrypto("Error parsing authKeyId extension\n"); + psTraceCrypto("Error parsing authInfo extension\n"); return PS_PARSE_FAIL; } /* accessMethod. */ @@ -3999,8 +4024,8 @@ int32_t parseAuthorityInfoAccess(psPool_t *pool, psTraceCrypto("Malformed extension header\n"); return PS_PARSE_FAIL; } - if (getAsnLength(&p, (uint32) (authInfoEnd - p), &len) < 0 || - (uint32) (authInfoEnd - p) < len) + + if (getAsnLengthWithPointers(&p, p, authInfoEnd, &len) < 0) { psTraceCrypto("getAsnLength failure in authInfo parsing\n"); return PS_PARSE_FAIL; @@ -4025,8 +4050,7 @@ int32_t parseAuthorityInfoAccess(psPool_t *pool, { case (ASN_CONTEXT_SPECIFIC + 6): /* uniformResourceIdentifier [6] IA5String. */ - if (getAsnLength(&p, (uint32) (authInfoEnd - p), &len) < 0 || - (uint32) (authInfoEnd - p) < len) + if (getAsnLengthWithPointers(&p, p, authInfoEnd, &len) < 0) { psTraceCrypto("getAsnLength failure in authInfo parsing\n"); return PS_PARSE_FAIL; @@ -4439,10 +4463,17 @@ KNOWN_EXT: case OID_ENUM(id_ce_nameConstraints): if (critical) { +# ifdef IGNORE_CRITICAL_NAME_CONSTRAINTS_EXTENSION + psTraceCrypto( + "WARNING: Ignoring critical Name Constraints extension " + "due to #define " + "IGNORE_CRITICAL_NAME_CONSTRAINTS_EXTENSION\n"); +# else /* We're going to fail if critical since no real pattern matching is happening yet */ psTraceCrypto("ERROR: critical nameConstraints unsupported\n"); return PS_PARSE_FAIL; +# endif /* IGNORE_CRITICAL_NAME_CONSTRAINTS_EXTENSION */ } if (getAsnSequence(&p, (int32) (extEnd - p), &fullExtLen) < 0) { @@ -4519,7 +4550,8 @@ KNOWN_EXT: /* A required extension within a CRL. Our getSerialNum is the version of getInteger that allows very large numbers. Spec says this could be 20 octets long */ - if (getSerialNum(pool, &p, (int32) (extEnd - p), + if (extensions->crlNum != NULL || + getSerialNum(pool, &p, (int32) (extEnd - p), &(extensions->crlNum), &len) < 0) { psTraceCrypto("Error parsing ak.serialNum\n"); @@ -4671,6 +4703,15 @@ KNOWN_EXT: psTraceCrypto("Error keyLen in authKeyId extension\n"); return PS_PARSE_FAIL; } + if (extensions->ak.keyId != NULL) + { + /* + RFC5280: A certificate MUST NOT include more + than one instance of a particular extension. + */ + psTraceCrypto("Error: more than one authKeyId extension\n"); + return PS_PARSE_FAIL; + } extensions->ak.keyId = psMalloc(pool, extensions->ak.keyLen); if (extensions->ak.keyId == NULL) { @@ -4716,7 +4757,8 @@ KNOWN_EXT: /* Treat as a serial number (not a native INTEGER) */ - if (getSerialNum(pool, &p, (int32) (extEnd - p), + if (extensions->ak.serialNum != NULL || + getSerialNum(pool, &p, (int32) (extEnd - p), &(extensions->ak.serialNum), &len) < 0) { psTraceCrypto("Error parsing ak.serialNum\n"); @@ -4740,6 +4782,15 @@ KNOWN_EXT: psTraceCrypto("Error parsing subjectKeyId extension\n"); return PS_PARSE_FAIL; } + if (extensions->sk.id != NULL) + { + /* + RFC5280: A certificate MUST NOT include more + than one instance of a particular extension. + */ + psTraceCrypto("Error: more than one subjectKeyId extension\n"); + return PS_PARSE_FAIL; + } extensions->sk.id = psMalloc(pool, extensions->sk.len); if (extensions->sk.id == NULL) { @@ -5293,6 +5344,7 @@ int32_t psX509GetDNAttributes(psPool_t *pool, const unsigned char **pp, psSize_t llen, setlen, arcLen; char *stringOut; uint32_t i; + psBool_t attributeStored = PS_TRUE; # ifdef USE_SHA1 psSha1_t hash; @@ -5577,8 +5629,6 @@ oid_parsing_done: return PS_UNSUPPORTED_FAIL; } - psBool_t attributeStored = PS_TRUE; - switch (id) { case ATTRIB_COUNTRY_NAME: @@ -6073,6 +6123,14 @@ int32 psX509AuthenticateCert(psPool_t *pool, psX509Cert_t *subjectCert, opts.msgIsDigestInfo = PS_FALSE; } # endif /* USE_ED25519 */ +# if defined(USE_SM2) && defined(USE_SM3) + if (sc->sigAlgorithm == OID_SM3_SM2_SIG) + { + tbs = sc->tbsCertStart; + tbsLen = sc->tbsCertLen; + opts.msgIsDigestInfo = PS_FALSE; + } +# endif # if defined(USE_ROT_CRYPTO) && (defined(USE_ROT_ECC) || defined(USE_ROT_RSA)) tbs = sc->tbsCertStart; tbsLen = sc->tbsCertLen; @@ -7242,7 +7300,9 @@ int32_t psOcspResponseValidate(psPool_t *pool, psX509Cert_t *trustedOCSP, static psValidateOCSPResponseOptions_t vOptsDefault; psX509Cert_t *curr, *issuer, *subject, *ocspResIssuer; psOcspSingleResponse_t *subjectResponse = NULL; +# ifdef USE_RSA unsigned char sigOut[MAX_HASH_SIZE]; +# endif int32 sigOutLen, sigType, index; psPool_t *pkiPool = NULL; diff --git a/crypto/keyformat/x509.h b/crypto/keyformat/x509.h index 50cf84e..4ce9e99 100644 --- a/crypto/keyformat/x509.h +++ b/crypto/keyformat/x509.h @@ -5,7 +5,7 @@ * X.509 header. */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. @@ -695,6 +695,8 @@ typedef struct psCert uint16_t publicKeyDerOffsetIntoUnparsedBin; psSize_t publicKeyDerLen; uint16_t subjectKeyDerOffsetIntoUnparsedBin; + /* Set to PS_TRUE if validation ends to this certificate. */ + psBool_t pathEnd; struct psCert *next; } psX509Cert_t; diff --git a/crypto/layer/layer.h b/crypto/layer/layer.h index 665721b..003b412 100644 --- a/crypto/layer/layer.h +++ b/crypto/layer/layer.h @@ -5,7 +5,7 @@ * Header file to determine crypto algorithm provider. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/layer/matrix.c b/crypto/layer/matrix.c index 73a3ff2..53d85a1 100644 --- a/crypto/layer/matrix.c +++ b/crypto/layer/matrix.c @@ -5,7 +5,7 @@ * Matrix Crypto Initialization and utility layer. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. @@ -151,6 +151,9 @@ void psCryptoClose(void) *g_config = 'N'; psClosePrng(); psCoreClose(); +#ifdef USE_FLPS_BINDING + CL_LibUnInit(); +#endif #ifdef USE_CRL psCrlClose(); #endif diff --git a/crypto/math/pstm.c b/crypto/math/pstm.c index a88dbf8..373c17f 100644 --- a/crypto/math/pstm.c +++ b/crypto/math/pstm.c @@ -5,7 +5,7 @@ * Multiprecision number implementation. */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/math/pstm.h b/crypto/math/pstm.h index 61935e1..2b0e703 100644 --- a/crypto/math/pstm.h +++ b/crypto/math/pstm.h @@ -5,7 +5,7 @@ * multiple-precision integer library. */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. @@ -156,6 +156,8 @@ typedef struct # endif } pstm_int; +#define PSTM_INT_INIT { 0 } + /******************************************************************************/ /* Operations on large integers diff --git a/crypto/math/pstm_montgomery_reduce.c b/crypto/math/pstm_montgomery_reduce.c index 6bbc8f1..cc53d72 100644 --- a/crypto/math/pstm_montgomery_reduce.c +++ b/crypto/math/pstm_montgomery_reduce.c @@ -5,7 +5,7 @@ * Multiprecision Montgomery Reduction. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/math/pstm_mul_comba.c b/crypto/math/pstm_mul_comba.c index 49145f8..c89cc8c 100644 --- a/crypto/math/pstm_mul_comba.c +++ b/crypto/math/pstm_mul_comba.c @@ -5,7 +5,7 @@ * Multiprecision multiplication with Comba technique. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/math/pstm_sqr_comba.c b/crypto/math/pstm_sqr_comba.c index 28cc0c6..6c8e483 100644 --- a/crypto/math/pstm_sqr_comba.c +++ b/crypto/math/pstm_sqr_comba.c @@ -5,7 +5,7 @@ * Multiprecision Squaring with Comba technique. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/math/pstm_str.c b/crypto/math/pstm_str.c index ddeb47a..d17e60a 100644 --- a/crypto/math/pstm_str.c +++ b/crypto/math/pstm_str.c @@ -5,7 +5,7 @@ * Multiprecision number implementation. */ /* - * Copyright (c) 2017 INSIDE Secure Corporation + * Copyright (c) 2017 Rambus Inc. * All Rights Reserved * * The latest version of this code is available at http://www.matrixssl.org @@ -17,8 +17,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/math/pstm_str.h b/crypto/math/pstm_str.h index f15543e..c439068 100644 --- a/crypto/math/pstm_str.h +++ b/crypto/math/pstm_str.h @@ -5,7 +5,7 @@ * Multiprecision number implementation: debug output. */ /* - * Copyright (c) 2017 INSIDE Secure Corporation + * Copyright (c) 2017 Rambus Inc. * All Rights Reserved * * The latest version of this code is available at http://www.matrixssl.org @@ -17,8 +17,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/math/pstmnt.c b/crypto/math/pstmnt.c index 463d8e8..3fb7ab1 100644 --- a/crypto/math/pstmnt.c +++ b/crypto/math/pstmnt.c @@ -5,7 +5,7 @@ * Multiprecision number implementation: constant time montgomery. */ /* - * Copyright (c) 2017 INSIDE Secure Corporation + * Copyright (c) 2017 Rambus Inc. * All Rights Reserved * * The latest version of this code is available at http://www.matrixssl.org @@ -17,8 +17,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/math/pstmnt.h b/crypto/math/pstmnt.h index 99a17c7..7afa9a5 100644 --- a/crypto/math/pstmnt.h +++ b/crypto/math/pstmnt.h @@ -5,7 +5,7 @@ * Multiprecision number implementation: constant time montgomery. */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/prng/prng.c b/crypto/prng/prng.c index 2224d82..9e7a4e0 100644 --- a/crypto/prng/prng.c +++ b/crypto/prng/prng.c @@ -5,7 +5,7 @@ * Psuedo random number generation. */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/prng/prng.h b/crypto/prng/prng.h index 3a52483..481b09a 100644 --- a/crypto/prng/prng.h +++ b/crypto/prng/prng.h @@ -5,7 +5,7 @@ * Pseudorandom Number Generator header. */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/prng/yarrow.c b/crypto/prng/yarrow.c index 475788b..0850d89 100644 --- a/crypto/prng/yarrow.c +++ b/crypto/prng/yarrow.c @@ -5,7 +5,7 @@ * Yarrow PRNG implementation. */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/ps_chacha20poly1305ietf.h b/crypto/ps_chacha20poly1305ietf.h index ff9daa8..ccbd65e 100644 --- a/crypto/ps_chacha20poly1305ietf.h +++ b/crypto/ps_chacha20poly1305ietf.h @@ -5,7 +5,7 @@ * Header for MatrixSSL Chacha20-poly1305 (IETF) interface. */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/pubkey/dh.c b/crypto/pubkey/dh.c index 7e2794f..dc0e77d 100644 --- a/crypto/pubkey/dh.c +++ b/crypto/pubkey/dh.c @@ -5,7 +5,7 @@ * Diffie-Hellman: Key structure. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/pubkey/dh_export.c b/crypto/pubkey/dh_export.c index a9006d4..ae96577 100644 --- a/crypto/pubkey/dh_export.c +++ b/crypto/pubkey/dh_export.c @@ -5,7 +5,7 @@ * Diffie-Hellman: Public key export. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/pubkey/dh_gen_key.c b/crypto/pubkey/dh_gen_key.c index ba1b3b2..930ed1b 100644 --- a/crypto/pubkey/dh_gen_key.c +++ b/crypto/pubkey/dh_gen_key.c @@ -5,7 +5,7 @@ * Diffie-Hellman: Key generation. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/pubkey/dh_gen_secret.c b/crypto/pubkey/dh_gen_secret.c index e52b0ba..99eb986 100644 --- a/crypto/pubkey/dh_gen_secret.c +++ b/crypto/pubkey/dh_gen_secret.c @@ -5,7 +5,7 @@ * Diffie-Hellman: Secret generation. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/pubkey/dh_import.c b/crypto/pubkey/dh_import.c index e7eafe0..3a59569 100644 --- a/crypto/pubkey/dh_import.c +++ b/crypto/pubkey/dh_import.c @@ -5,7 +5,7 @@ * Diffie-Hellman: Import (public) key. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/pubkey/dh_import_priv.c b/crypto/pubkey/dh_import_priv.c index a658016..5629add 100644 --- a/crypto/pubkey/dh_import_priv.c +++ b/crypto/pubkey/dh_import_priv.c @@ -5,7 +5,7 @@ * Diffie-Hellman: Import private key. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/pubkey/dh_params.c b/crypto/pubkey/dh_params.c index c99a4ba..38a360b 100644 --- a/crypto/pubkey/dh_params.c +++ b/crypto/pubkey/dh_params.c @@ -5,7 +5,7 @@ * Diffie-Hellman: parameters */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. @@ -94,11 +94,8 @@ int32_t psPkcs3ParseDhParamBin(psPool_t *pool, const unsigned char *dhBin, { /* Read desired length of private key. (Note: currently ignored by MatrixSSL). */ - pstm_int bitlen; - if (pstm_init_size(pool, &bitlen, 1) < 0) - { - goto L_ERR; - } + pstm_int bitlen = PSTM_INT_INIT; + if (pstm_read_asn(pool, &c, (uint16_t) (end - c), &bitlen) < 0) { pstm_clear(&bitlen); diff --git a/crypto/pubkey/ecc.c b/crypto/pubkey/ecc.c index 0a28ca1..8c9abd4 100644 --- a/crypto/pubkey/ecc.c +++ b/crypto/pubkey/ecc.c @@ -5,7 +5,7 @@ * Implements ECC over Z/pZ for curve y^2 = x^3 + ax + b. */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/pubkey/ecc_curve.c b/crypto/pubkey/ecc_curve.c index 8af19a3..42b8d49 100644 --- a/crypto/pubkey/ecc_curve.c +++ b/crypto/pubkey/ecc_curve.c @@ -5,7 +5,7 @@ * ECC curve data getter functions. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. @@ -100,8 +100,18 @@ void psGetEccCurveIdList(unsigned char *curveList, uint8_t *len) { if (listLen < (*len - 2)) { - curveList[listLen++] = (eccCurves[i].curveId & 0xFF00) >> 8; - curveList[listLen++] = eccCurves[i].curveId & 0xFF; +# if defined(USE_SM2) && defined(USE_SM3) + if (eccCurves[i].curveId == IANA_CURVESM2) + { + curveList[listLen++] = (30 & 0xFF00) >> 8; + curveList[listLen++] = 30 & 0xFF; + } + else +# endif + { + curveList[listLen++] = (eccCurves[i].curveId & 0xFF00) >> 8; + curveList[listLen++] = eccCurves[i].curveId & 0xFF; + } } i++; } diff --git a/crypto/pubkey/ecc_curve_config.c b/crypto/pubkey/ecc_curve_config.c index 96205ce..f5b5bed 100644 --- a/crypto/pubkey/ecc_curve_config.c +++ b/crypto/pubkey/ecc_curve_config.c @@ -7,7 +7,7 @@ * non-FIPS modes or for different crypto libraries. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -20,8 +20,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/pubkey/ecc_curve_data.c b/crypto/pubkey/ecc_curve_data.c index 0ab7d9b..79e7271 100644 --- a/crypto/pubkey/ecc_curve_data.c +++ b/crypto/pubkey/ecc_curve_data.c @@ -5,7 +5,7 @@ * ECC curve data. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2021 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. @@ -196,6 +196,21 @@ const psEccCurve_t eccCurves[] = { "188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012", /* Gx */ "07192B95FFC8DA78631011ED6B24CDD573F977A11E794811", /* Gy */ }, +# endif +# ifdef USE_SM2 + { + 32, + IANA_CURVESM2, + 1, + 667, /* 1.2.156.10197.1.301 */ + "curvesm2", + "FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000FFFFFFFFFFFFFFFF", + "FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000FFFFFFFFFFFFFFFC", + "28E9FA9E9D9F5E344D5A9E4BCF6509A7F39789F515AB8F92DDBCBD414D940E93", + "FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFF7203DF6B21C6052B53BBF40939D54123", + "32C4AE2C1F1981195F9904466A39C9948FE30BBFF2660BE1715A4589334C74C7", + "BC3736A2F4F6779C59BDCEE36B692153D0A9877CC62A474002DF32E52139F0A0", + }, # endif { 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL, NULL, NULL diff --git a/crypto/pubkey/ecc_export.c b/crypto/pubkey/ecc_export.c index 82f4dec..97c2b63 100644 --- a/crypto/pubkey/ecc_export.c +++ b/crypto/pubkey/ecc_export.c @@ -6,7 +6,7 @@ * Matrix Crypto. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -19,8 +19,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/pubkey/ecc_gen_shared.c b/crypto/pubkey/ecc_gen_shared.c index 96c08df..12e161f 100644 --- a/crypto/pubkey/ecc_gen_shared.c +++ b/crypto/pubkey/ecc_gen_shared.c @@ -5,7 +5,7 @@ * ECC shared secret generation using Matrix Crypto. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/pubkey/ecc_import.c b/crypto/pubkey/ecc_import.c index 38892ec..fdf333d 100644 --- a/crypto/pubkey/ecc_import.c +++ b/crypto/pubkey/ecc_import.c @@ -5,7 +5,7 @@ * Implements ECC over Z/pZ for curve y^2 = x^3 + ax + b. */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/pubkey/ecc_keygen.c b/crypto/pubkey/ecc_keygen.c index 72ae305..7297bd3 100644 --- a/crypto/pubkey/ecc_keygen.c +++ b/crypto/pubkey/ecc_keygen.c @@ -5,7 +5,7 @@ * ECC key generation using Matrix Crypto. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/pubkey/ecc_math.c b/crypto/pubkey/ecc_math.c index 6c535e0..9f5ad55 100644 --- a/crypto/pubkey/ecc_math.c +++ b/crypto/pubkey/ecc_math.c @@ -5,7 +5,7 @@ * Elliptic curve mathematical operations for Matrix Crypto. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/pubkey/ecc_parse_file.c b/crypto/pubkey/ecc_parse_file.c index 0a381ae..cac15f5 100644 --- a/crypto/pubkey/ecc_parse_file.c +++ b/crypto/pubkey/ecc_parse_file.c @@ -5,7 +5,7 @@ * Functions for parsing ECC keys from file. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/pubkey/ecc_parse_mem.c b/crypto/pubkey/ecc_parse_mem.c index e8eaaf9..9ccc461 100644 --- a/crypto/pubkey/ecc_parse_mem.c +++ b/crypto/pubkey/ecc_parse_mem.c @@ -5,7 +5,7 @@ * Functions for parsing ECC keys from memory. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/pubkey/ecc_priv.c b/crypto/pubkey/ecc_priv.c index 943c569..f6dc789 100644 --- a/crypto/pubkey/ecc_priv.c +++ b/crypto/pubkey/ecc_priv.c @@ -5,7 +5,7 @@ * ECDSA private key operations using Matrix Crypto. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/pubkey/ecc_priv_el_gamal.c b/crypto/pubkey/ecc_priv_el_gamal.c index 2544b2e..c8f691b 100644 --- a/crypto/pubkey/ecc_priv_el_gamal.c +++ b/crypto/pubkey/ecc_priv_el_gamal.c @@ -5,7 +5,7 @@ * ElGamal decryption using Matrix Crypto. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/pubkey/ecc_pub.c b/crypto/pubkey/ecc_pub.c index 381d638..b418a00 100644 --- a/crypto/pubkey/ecc_pub.c +++ b/crypto/pubkey/ecc_pub.c @@ -5,7 +5,7 @@ * ECDSA public key operations for Matrix Crypto. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/pubkey/ecc_write_file.c b/crypto/pubkey/ecc_write_file.c index 3dd2766..e6be011 100644 --- a/crypto/pubkey/ecc_write_file.c +++ b/crypto/pubkey/ecc_write_file.c @@ -5,7 +5,7 @@ * Functions for writing ECC keys to file. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/pubkey/ecc_write_mem.c b/crypto/pubkey/ecc_write_mem.c index b45033c..4bccd50 100644 --- a/crypto/pubkey/ecc_write_mem.c +++ b/crypto/pubkey/ecc_write_mem.c @@ -5,7 +5,7 @@ * Functions for writing ECC private keys to memory. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/pubkey/pubkey.c b/crypto/pubkey/pubkey.c index 806a49c..9f25899 100644 --- a/crypto/pubkey/pubkey.c +++ b/crypto/pubkey/pubkey.c @@ -5,7 +5,7 @@ * Public and Private key operations shared by crypto implementations. */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/pubkey/pubkey.h b/crypto/pubkey/pubkey.h index 7af28d9..b68cd62 100644 --- a/crypto/pubkey/pubkey.h +++ b/crypto/pubkey/pubkey.h @@ -5,7 +5,7 @@ * Public and Private key header. */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. @@ -76,6 +76,7 @@ # define IS_SECP256R1 0x00000004 # define IS_SECP384R1 0x00000008 # define IS_SECP521R1 0x00000010 +# define IS_CURVESM2 0x00000020 /* WARNING: Public points on Brainpool curves are not validated */ # define IS_BRAIN224R1 0x00010000 # define IS_BRAIN256R1 0x00020000 @@ -99,6 +100,7 @@ enum IANA_BRAIN512R1 = 28, IANA_X25519 = 29, IANA_X448 = 30, + IANA_CURVESM2 = 41, /** for tls1.2 is 30 */ IANA_BRAIN224R1 = 255 /**< @note this is not defined by IANA */ }; @@ -181,7 +183,7 @@ enum PACKED PS_DH, PS_CL_PK, /* A public key for CL Library. May contain any key format. */ PS_X25519, - PS_ED25519 + PS_ED25519, }; /** Signature types */ @@ -191,7 +193,8 @@ enum PACKED ECDSA_TYPE_SIG, RSAPSS_TYPE_SIG, DSA_TYPE_SIG, - ED25519_TYPE_SIG + ED25519_TYPE_SIG, + SM2_TYPE_SIG }; typedef struct psX25519Key @@ -240,6 +243,7 @@ typedef struct # define PS_SIGN_OPTS_ECDSA_INCLUDE_SIZE (1ULL << 0) # define PS_SIGN_OPTS_USE_PREALLOCATED_OUTBUF (1ULL << 1) +# define PS_SIGN_OPTS_SM2_SIGN (1ULL << 2) typedef struct { uint32_t flags; @@ -284,6 +288,15 @@ psRes_t psComputeHashForSig(const unsigned char *dataBegin, int32_t signatureAlgorithm, unsigned char hashOut[SHA512_HASH_SIZE], psSize_t * hashOutLen); +# if defined(USE_SM2) && defined(USE_SM3) +psRes_t psComputeHashForSm2(const unsigned char *dataBegin, + psSizeL_t dataLen, + const psEccKey_t *key, + const char *id, + psSizeL_t idLen, + unsigned char hashOut[SM3_HASH_SIZE], + psSize_t *hashOutLen); +# endif /** Algorithm-independent function for signing hashes. diff --git a/crypto/pubkey/pubkey_matrix.h b/crypto/pubkey/pubkey_matrix.h index 39d3395..3cfd9e0 100644 --- a/crypto/pubkey/pubkey_matrix.h +++ b/crypto/pubkey/pubkey_matrix.h @@ -5,7 +5,7 @@ * MatrixSSL Crypto Implementation for RSA, DH and ECC. */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/pubkey/pubkey_openssl.h b/crypto/pubkey/pubkey_openssl.h index f561326..14d6a2f 100644 --- a/crypto/pubkey/pubkey_openssl.h +++ b/crypto/pubkey/pubkey_openssl.h @@ -5,7 +5,7 @@ * OpenSSL Layer for RSA, DH and ECC. */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/pubkey/pubkey_parse_file.c b/crypto/pubkey/pubkey_parse_file.c index 7756352..9c83226 100644 --- a/crypto/pubkey/pubkey_parse_file.c +++ b/crypto/pubkey/pubkey_parse_file.c @@ -5,7 +5,7 @@ * Generic public and private key parsing from file. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/pubkey/pubkey_parse_mem.c b/crypto/pubkey/pubkey_parse_mem.c index 619ba55..91c080f 100644 --- a/crypto/pubkey/pubkey_parse_mem.c +++ b/crypto/pubkey/pubkey_parse_mem.c @@ -5,7 +5,7 @@ * Generic public and private key parsing from memory. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/pubkey/pubkey_sign.c b/crypto/pubkey/pubkey_sign.c index 57efe9e..3bc26bf 100644 --- a/crypto/pubkey/pubkey_sign.c +++ b/crypto/pubkey/pubkey_sign.c @@ -5,7 +5,7 @@ * Algorithm-independent signing API. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. @@ -68,6 +68,7 @@ int32_t psSignHashEcdsaInternal(psPool_t *pool, } sigLen = sizeof(tmp); + rc = psEccDsaSign(pool, &privKey->key.ecc, in, @@ -76,6 +77,7 @@ int32_t psSignHashEcdsaInternal(psPool_t *pool, &sigLen, includeSize, opts ? opts->userData : NULL); + if (rc < 0) { return rc; @@ -203,6 +205,15 @@ int32_t psSignHash(psPool_t *pool, } break; # endif /* USE_ECC */ +# ifdef USE_SM2 + case OID_SM3_SM2_SIG: + if (privKey->type == PS_ECC) + { + return psSignHashEcdsaInternal(pool, privKey, sigAlg, + in, inLen, out, outLen, opts); + } + break; +# endif # ifdef USE_RSA # ifdef USE_PKCS1_PSS case OID_RSASSA_PSS: @@ -246,7 +257,10 @@ int32_t psSign(psPool_t *pool, psSizeL_t sigLen; # endif psSize_t sigLenPsSize = 0; - +# if defined(USE_SM2) && defined(USE_SM3) + unsigned char sm3_out[SM3_HASH_SIZE] = { 0 }; + psSize_t sm3_out_len = SM3_HASH_SIZE; +# endif # ifdef DEBUG_PUBKEY_SIGN psTraceBytes("psSign in", in, inLen); # endif @@ -285,14 +299,34 @@ int32_t psSign(psPool_t *pool, # endif /* USE_ED25519 */ default: /* All sig algs other than Ed25519 operate on hashes. */ - rc = psSignHash(pool, - privKey, - sigAlg, - in, - inLen, - &sigOut, - &sigLenPsSize, - opts); +# if defined(USE_SM2) && defined(USE_SM3) + if (opts && (opts->flags & PS_SIGN_OPTS_SM2_SIGN)) + { + psComputeHashForSm2(in, inLen, + &privKey->key.ecc, + "1234567812345678", 16, + sm3_out, &sm3_out_len); + rc = psSignHash(pool, + privKey, + OID_SM3_SM2_SIG, + sm3_out, + sm3_out_len, + &sigOut, + &sigLenPsSize, + opts); + } + else +# endif + { + rc = psSignHash(pool, + privKey, + sigAlg, + in, + inLen, + &sigOut, + &sigLenPsSize, + opts); + } *outLen = sigLenPsSize; } @@ -304,6 +338,61 @@ int32_t psSign(psPool_t *pool, return rc; } + +#if defined(USE_SM2) && defined(USE_SM3) +psRes_t psComputeHashForSm2(const unsigned char *dataBegin, + psSizeL_t dataLen, + const psEccKey_t *key, + const char *id, + psSizeL_t idLen, + unsigned char hashOut[SM3_HASH_SIZE], + psSize_t *hashOutLen) +{ + unsigned char hashTmp[SM3_HASH_SIZE]; + unsigned char idBits[2]; + psDigestContext_t hash; + unsigned char parameters[] = + { + 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFC, 0x28, 0xE9, 0xFA, 0x9E, 0x9D, 0x9F, 0x5E, 0x34, + 0x4D, 0x5A, 0x9E, 0x4B, 0xCF, 0x65, 0x09, 0xA7, 0xF3, 0x97, + 0x89, 0xF5, 0x15, 0xAB, 0x8F, 0x92, 0xDD, 0xBC, 0xBD, 0x41, + 0x4D, 0x94, 0x0E, 0x93, 0x32, 0xC4, 0xAE, 0x2C, 0x1F, 0x19, + 0x81, 0x19, 0x5F, 0x99, 0x04, 0x46, 0x6A, 0x39, 0xC9, 0x94, + 0x8F, 0xE3, 0x0B, 0xBF, 0xF2, 0x66, 0x0B, 0xE1, 0x71, 0x5A, + 0x45, 0x89, 0x33, 0x4C, 0x74, 0xC7, 0xBC, 0x37, 0x36, 0xA2, + 0xF4, 0xF6, 0x77, 0x9C, 0x59, 0xBD, 0xCE, 0xE3, 0x6B, 0x69, + 0x21, 0x53, 0xD0, 0xA9, 0x87, 0x7C, 0xC6, 0x2A, 0x47, 0x40, + 0x02, 0xDF, 0x32, 0xE5, 0x21, 0x39, 0xF0, 0xA0 + }; + + if (*hashOutLen < SM3_HASH_SIZE) + { + return PS_OUTPUT_LENGTH; + } + *hashOutLen = SM3_HASH_SIZE; + idBits[0] = ((idLen * 8) >> 8) % 256; + idBits[1] = (idLen * 8) % 256; + + psSm3PreInit(&hash.u.sm3); + psSm3Init(&hash.u.sm3); + psSm3Update(&hash.u.sm3, idBits, 2); + psSm3Update(&hash.u.sm3, id, idLen); + psSm3Update(&hash.u.sm3, parameters, sizeof(parameters)); + psSm3Update(&hash.u.sm3, key->pubvalue, key->pubvalue_len); + psSm3Final(&hash.u.sm3, hashTmp); + + psSm3PreInit(&hash.u.sm3); + psSm3Init(&hash.u.sm3); + psSm3Update(&hash.u.sm3, hashTmp, SM3_HASH_SIZE); + psSm3Update(&hash.u.sm3, dataBegin, dataLen); + psSm3Final(&hash.u.sm3, hashOut); + return PS_SUCCESS; +} +#endif + psRes_t psComputeHashForSig(const unsigned char *dataBegin, psSizeL_t dataLen, int32_t signatureAlgorithm, diff --git a/crypto/pubkey/pubkey_verify.c b/crypto/pubkey/pubkey_verify.c index 93a524e..b1c300b 100644 --- a/crypto/pubkey/pubkey_verify.c +++ b/crypto/pubkey/pubkey_verify.c @@ -5,7 +5,7 @@ * Algorithm-independent signature verification API. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. @@ -49,6 +49,10 @@ psRes_t psVerifySig(psPool_t *pool, # ifdef USE_RSA unsigned char out[SHA512_HASH_SIZE] = { 0 }; # endif +# if defined(USE_SM2) && defined(USE_SM3) + unsigned char sm3_out[SM3_HASH_SIZE] = { 0 }; + psSize_t sm3_out_len = SM3_HASH_SIZE; +# endif # ifdef USE_ECC int32 eccRet; # endif @@ -136,14 +140,36 @@ psRes_t psVerifySig(psPool_t *pool, # endif /* USE_RSA */ # ifdef USE_ECC case PS_ECC: - rc = psEccDsaVerify(pool, - &key->key.ecc, - msgIn, - msgInLen, - sig, - sigLen, - &eccRet, - NULL); +# if defined(USE_SM2) && defined(USE_SM3) + if (signatureAlgorithm == OID_SM3_SM2_SIG && + !(opts && opts->msgIsDigestInfo)) + { + psComputeHashForSm2(msgIn, msgInLen, + &key->key.ecc, + "1234567812345678", 16, + sm3_out, &sm3_out_len); + rc = psEccDsaVerify(pool, + &key->key.ecc, + sm3_out, + sm3_out_len, + sig, + sigLen, + &eccRet, + NULL); + } + else +# endif + { + rc = psEccDsaVerify(pool, + &key->key.ecc, + msgIn, + msgInLen, + sig, + sigLen, + &eccRet, + NULL); + } + if (rc < 0) { psTraceIntCrypto("psEccDsaVerify failed: %d\n", rc); @@ -202,9 +228,27 @@ psRes_t psHashDataAndVerifySig(psPool_t *pool, *verifyResult = PS_FALSE; - rc = psComputeHashForSig(dataBegin, dataLen, - signatureAlgorithm, digest, - &digestLen); +#if defined(USE_SM2) && defined(USE_SM3) + if (signatureAlgorithm == OID_SM3_SM2_SIG) + { + rc = psComputeHashForSm2( + dataBegin, + dataLen, + &key->key.ecc, + "TLSv1.3+GM+Cipher+Suite", + 23, + digest, + &digestLen); + opts->msgIsDigestInfo = PS_TRUE; + } + else +#endif + { + rc = psComputeHashForSig(dataBegin, dataLen, + signatureAlgorithm, digest, + &digestLen); + } + if (rc != PS_SUCCESS) { return rc; diff --git a/crypto/pubkey/rsa.c b/crypto/pubkey/rsa.c index edfdf55..11599e7 100644 --- a/crypto/pubkey/rsa.c +++ b/crypto/pubkey/rsa.c @@ -5,7 +5,7 @@ * RSA crypto. */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/pubkey/rsa_keygen.c b/crypto/pubkey/rsa_keygen.c index 9c88c5b..dae26e0 100644 --- a/crypto/pubkey/rsa_keygen.c +++ b/crypto/pubkey/rsa_keygen.c @@ -5,7 +5,7 @@ * RSA key generation. */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/pubkey/rsa_openssl.c b/crypto/pubkey/rsa_openssl.c index 3fe3480..54a5d46 100644 --- a/crypto/pubkey/rsa_openssl.c +++ b/crypto/pubkey/rsa_openssl.c @@ -5,7 +5,7 @@ * RSA compatibility layer between MatrixSSL and OpenSSL. */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/pubkey/rsa_parse_file.c b/crypto/pubkey/rsa_parse_file.c index c159218..d68fb16 100644 --- a/crypto/pubkey/rsa_parse_file.c +++ b/crypto/pubkey/rsa_parse_file.c @@ -5,7 +5,7 @@ * Functions for parsing RSA keys from file. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/pubkey/rsa_parse_mem.c b/crypto/pubkey/rsa_parse_mem.c index fcda030..6d87faa 100644 --- a/crypto/pubkey/rsa_parse_mem.c +++ b/crypto/pubkey/rsa_parse_mem.c @@ -5,7 +5,7 @@ * Functions for parsing RSA keys from memory. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/pubkey/rsa_priv.c b/crypto/pubkey/rsa_priv.c index 3b43aa4..471deb1 100644 --- a/crypto/pubkey/rsa_priv.c +++ b/crypto/pubkey/rsa_priv.c @@ -5,7 +5,7 @@ * RSA private key operations. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. @@ -62,15 +62,26 @@ static const unsigned char asn384dsWrap[] = { 0x30, 0x41, 0x30, 0x0D, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, 0x05, - 0x00, 0x04, 0x30 + 0x00, 0x04, 0x30 }; # endif +# ifdef USE_SHA512 +static const unsigned char asn512dsWrap[] = +{ + 0x30, 0x51, 0x30, 0x0D, 0x06, 0x09, 0x60, 0x86, + 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x05, + 0x00, 0x04, 0x40 +}; +# endif + +# ifdef USE_SHA1 static const unsigned char asn1dsWrap[] = { 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A, 0x05, 0x00, 0x04, 0x14 }; +# endif int32_t privRsaEncryptSignedElement(psPool_t *pool, psRsaKey_t *key, const unsigned char *in, psSize_t inlen, @@ -102,6 +113,13 @@ int32_t privRsaEncryptSignedElement(psPool_t *pool, psRsaKey_t *key, Memcpy(c, asn384dsWrap, ASN_OVERHEAD_LEN_RSA_SHA2); Memcpy(c + ASN_OVERHEAD_LEN_RSA_SHA2, in, inlen); break; +# endif +# ifdef USE_SHA512 + case SHA512_HASH_SIZE: + inlenWithAsn = inlen + ASN_OVERHEAD_LEN_RSA_SHA2; + Memcpy(c, asn512dsWrap, ASN_OVERHEAD_LEN_RSA_SHA2); + Memcpy(c + ASN_OVERHEAD_LEN_RSA_SHA2, in, inlen); + break; # endif default: return PS_UNSUPPORTED_FAIL; diff --git a/crypto/pubkey/rsa_pub.c b/crypto/pubkey/rsa_pub.c index 8f62f5a..4064c6f 100644 --- a/crypto/pubkey/rsa_pub.c +++ b/crypto/pubkey/rsa_pub.c @@ -5,7 +5,7 @@ * RSA public key operations. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/pubkey/rsa_write_file.c b/crypto/pubkey/rsa_write_file.c index d394601..075b2f9 100644 --- a/crypto/pubkey/rsa_write_file.c +++ b/crypto/pubkey/rsa_write_file.c @@ -5,7 +5,7 @@ * Functions for writing RSA keys to file. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/pubkey/rsa_write_mem.c b/crypto/pubkey/rsa_write_mem.c index c650977..772e0ea 100644 --- a/crypto/pubkey/rsa_write_mem.c +++ b/crypto/pubkey/rsa_write_mem.c @@ -5,7 +5,7 @@ * Functions for writing RSA keys to memory. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/scalarmult/ps_x25519.c b/crypto/scalarmult/ps_x25519.c index b643847..4fd94c6 100644 --- a/crypto/scalarmult/ps_x25519.c +++ b/crypto/scalarmult/ps_x25519.c @@ -6,7 +6,7 @@ */ /***************************************************************************** -* Copyright (c) 2018 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2018 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -17,8 +17,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/scalarmult/ps_x25519.h b/crypto/scalarmult/ps_x25519.h index 45967cc..8286472 100644 --- a/crypto/scalarmult/ps_x25519.h +++ b/crypto/scalarmult/ps_x25519.h @@ -6,7 +6,7 @@ */ /***************************************************************************** -* Copyright (c) 2018 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2018 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -17,8 +17,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/symmetric/aes.c b/crypto/symmetric/aes.c index c894a1a..f8bff57 100644 --- a/crypto/symmetric/aes.c +++ b/crypto/symmetric/aes.c @@ -5,7 +5,7 @@ * AES block cipher implementation. */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/symmetric/aesCBC.c b/crypto/symmetric/aesCBC.c index 30c11c3..4c287ad 100644 --- a/crypto/symmetric/aesCBC.c +++ b/crypto/symmetric/aesCBC.c @@ -5,7 +5,7 @@ * AES CBC block cipher implementation. */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/symmetric/aesGCM.c b/crypto/symmetric/aesGCM.c index d050e86..b7c20be 100644 --- a/crypto/symmetric/aesGCM.c +++ b/crypto/symmetric/aesGCM.c @@ -5,7 +5,7 @@ * AES GCM block cipher implementation. */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/symmetric/aes_aesni.c b/crypto/symmetric/aes_aesni.c index c69838f..ef3ebec 100644 --- a/crypto/symmetric/aes_aesni.c +++ b/crypto/symmetric/aes_aesni.c @@ -5,7 +5,7 @@ * Support for AES-NI Hardware Crypto Instructions (x86-64 platforms). */ /* - * Copyright (c) 2014-2017 INSIDE Secure Corporation + * Copyright (c) 2014-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/symmetric/aes_aesni.h b/crypto/symmetric/aes_aesni.h index 60f6bbf..8ca02e1 100644 --- a/crypto/symmetric/aes_aesni.h +++ b/crypto/symmetric/aes_aesni.h @@ -5,7 +5,7 @@ * Header for AES-NI Hardware Crypto Instructions. */ /* - * Copyright (c) 2014-2017 INSIDE Secure Corporation + * Copyright (c) 2014-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/symmetric/aes_matrix.h b/crypto/symmetric/aes_matrix.h index b0db6bb..4407a6a 100644 --- a/crypto/symmetric/aes_matrix.h +++ b/crypto/symmetric/aes_matrix.h @@ -5,7 +5,7 @@ * Header for internal symmetric key cryptography support. */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/symmetric/arc4.c b/crypto/symmetric/arc4.c index 1157402..901bce7 100644 --- a/crypto/symmetric/arc4.c +++ b/crypto/symmetric/arc4.c @@ -5,7 +5,7 @@ * ARC4 stream cipher implementation. */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/symmetric/des3.c b/crypto/symmetric/des3.c index f95424f..efa31bd 100644 --- a/crypto/symmetric/des3.c +++ b/crypto/symmetric/des3.c @@ -5,7 +5,7 @@ * 3DES (and single DES) block cipher implementation for low memory usage. */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/symmetric/idea.c b/crypto/symmetric/idea.c index f934f5b..d4119e4 100644 --- a/crypto/symmetric/idea.c +++ b/crypto/symmetric/idea.c @@ -8,7 +8,7 @@ * was Bruce Schneier: Applied Cryptography, John Wiley & Sons, 1994 */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * All Rights Reserved * * The latest version of this code is available at http://www.matrixssl.org @@ -20,8 +20,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/symmetric/rc2.c b/crypto/symmetric/rc2.c index f3915fb..2c0132e 100644 --- a/crypto/symmetric/rc2.c +++ b/crypto/symmetric/rc2.c @@ -5,7 +5,7 @@ * rc2 cipher implementation. */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/symmetric/seed.c b/crypto/symmetric/seed.c index 2e526a1..dfd7b2d 100644 --- a/crypto/symmetric/seed.c +++ b/crypto/symmetric/seed.c @@ -5,7 +5,7 @@ * seed implementation of SEED derived from RFC4269. */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/symmetric/symmetric.h b/crypto/symmetric/symmetric.h index 7aea2e5..50ec55d 100644 --- a/crypto/symmetric/symmetric.h +++ b/crypto/symmetric/symmetric.h @@ -5,7 +5,7 @@ * Header for symmetric key API implementations. */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. @@ -54,10 +54,14 @@ # define SEED_KEYLEN 16 # define CHACHA20POLY1305_IETF_IV_FIXED_LENGTH 12 # define CHACHA20POLY1305_IETF /* Always use IETF mode */ +# define SM4_BLOCKLEN 16 +# define SM4_IVLEN SM4_BLOCKLEN +# define SM4_KEYLEN 16 # define MAX_IVLEN AES_IVLEN # define MAX_KEYLEN AES256_KEYLEN # define AES_MAXKEYLEN AES256_KEYLEN +# define SM4_MAXKEYLEN 16 /******************************************************************************/ /* Layer includes */ @@ -83,6 +87,9 @@ typedef union # ifdef USE_AES_GCM psAesGcm_t aesgcm; # endif +# ifdef USE_AES_CCM + psAesCcm_t aesccm; +# endif # ifdef USE_AES_CBC psAesCbc_t aes; # endif @@ -104,6 +111,11 @@ typedef union # ifdef USE_MATRIX_SEED psSeed_t seed; # endif +# ifdef USE_SM4 + psSm4Gcm_t sm4gcm; + psSm4Ccm_t sm4ccm; + psSm4Cbc_t sm4; +# endif } psCipherContext_t; typedef struct diff --git a/crypto/symmetric/symmetric_libsodium.c b/crypto/symmetric/symmetric_libsodium.c index 111ae84..de7c44a 100644 --- a/crypto/symmetric/symmetric_libsodium.c +++ b/crypto/symmetric/symmetric_libsodium.c @@ -5,7 +5,7 @@ * Symmetric compatibility layer between MatrixSSL and libsodium. */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/symmetric/symmetric_libsodium.h b/crypto/symmetric/symmetric_libsodium.h index 63c23df..cbd423d 100644 --- a/crypto/symmetric/symmetric_libsodium.h +++ b/crypto/symmetric/symmetric_libsodium.h @@ -5,7 +5,7 @@ * Header for libsodium crypto layer. */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/symmetric/symmetric_openssl.c b/crypto/symmetric/symmetric_openssl.c index 0460fac..0174b8f 100644 --- a/crypto/symmetric/symmetric_openssl.c +++ b/crypto/symmetric/symmetric_openssl.c @@ -5,7 +5,7 @@ * Symmetric compatibility layer between MatrixSSL and OpenSSL. */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/symmetric/symmetric_openssl.h b/crypto/symmetric/symmetric_openssl.h index 66aabe2..f8299c5 100644 --- a/crypto/symmetric/symmetric_openssl.h +++ b/crypto/symmetric/symmetric_openssl.h @@ -5,7 +5,7 @@ * Header for OpenSSL Crypto Layer. */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/test/Makefile b/crypto/test/Makefile index 39b9b21..639799e 100644 --- a/crypto/test/Makefile +++ b/crypto/test/Makefile @@ -4,7 +4,7 @@ # 'make gold' builds optimized. # # Copyright (c) PeerSec Networks, 2002-2010. All Rights Reserved -# Copyright (c) 2013-2017 INSIDE Secure Corporation. All Rights Reserved. +# Copyright (c) 2013-2017 Rambus Inc. All Rights Reserved. # MATRIXSSL_ROOT:=../.. diff --git a/crypto/test/Makefile.dev b/crypto/test/Makefile.dev index c92a1d3..c0f00d6 100644 --- a/crypto/test/Makefile.dev +++ b/crypto/test/Makefile.dev @@ -1,6 +1,6 @@ # # Makefile for crypto testing: Additional development features. # -# Copyright (c) 2019 INSIDE Secure Oy. All Rights Reserved. +# Copyright (c) 2019 Rambus Inc. All Rights Reserved. # diff --git a/crypto/test/algorithmTest.c b/crypto/test/algorithmTest.c index 5ef5faa..d2ee741 100644 --- a/crypto/test/algorithmTest.c +++ b/crypto/test/algorithmTest.c @@ -5,7 +5,7 @@ * Crypto harness to check algorithms against known inputs/outputs. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/test/dhperf/Makefile b/crypto/test/dhperf/Makefile index 3d625e4..09ec6a5 100644 --- a/crypto/test/dhperf/Makefile +++ b/crypto/test/dhperf/Makefile @@ -1,7 +1,7 @@ # # Makefile for crypto testing # -# Copyright (c) 2013-2016 INSIDE Secure Corporation. All Rights Reserved. +# Copyright (c) 2013-2016 Rambus Inc. All Rights Reserved. # # SRC and MATRIXSSL_ROOT must be defined before including common.mk diff --git a/crypto/test/dhperf/dhperf.c b/crypto/test/dhperf/dhperf.c index 3572119..5732f47 100644 --- a/crypto/test/dhperf/dhperf.c +++ b/crypto/test/dhperf/dhperf.c @@ -5,7 +5,7 @@ * DH performance testing . */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/test/eccperf/Makefile b/crypto/test/eccperf/Makefile index 5339797..9de7e85 100644 --- a/crypto/test/eccperf/Makefile +++ b/crypto/test/eccperf/Makefile @@ -1,7 +1,7 @@ # # Makefile for crypto testing # -# Copyright (c) 2013-2016 INSIDE Secure Corporation. All Rights Reserved. +# Copyright (c) 2013-2016 Rambus Inc. All Rights Reserved. # # SRC and MATRIXSSL_ROOT must be defined before including common.mk diff --git a/crypto/test/eccperf/eccperf.c b/crypto/test/eccperf/eccperf.c index d9e9727..05a39c3 100644 --- a/crypto/test/eccperf/eccperf.c +++ b/crypto/test/eccperf/eccperf.c @@ -5,7 +5,7 @@ * ECC performance testing . */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/test/hmac_test_vectors.h b/crypto/test/hmac_test_vectors.h index 99f279c..a046b2e 100644 --- a/crypto/test/hmac_test_vectors.h +++ b/crypto/test/hmac_test_vectors.h @@ -5,7 +5,7 @@ * HMAC test vectors for crypto harness. */ /* - * Copyright (c) 2015-2017 INSIDE Secure Corporation + * Copyright (c) 2015-2017 Rambus Inc. * All Rights Reserved * * The latest version of this code is available at http://www.matrixssl.org @@ -17,8 +17,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/test/rsaperf/Makefile b/crypto/test/rsaperf/Makefile index fe77684..2fceb07 100644 --- a/crypto/test/rsaperf/Makefile +++ b/crypto/test/rsaperf/Makefile @@ -1,7 +1,7 @@ # # Makefile for crypto testing # -# Copyright (c) 2013-2016 INSIDE Secure Corporation. All Rights Reserved. +# Copyright (c) 2013-2016 Rambus Inc. All Rights Reserved. # # SRC and MATRIXSSL_ROOT must be defined before including common.mk diff --git a/crypto/test/rsaperf/rsaperf.c b/crypto/test/rsaperf/rsaperf.c index 0831adf..6763e4e 100644 --- a/crypto/test/rsaperf/rsaperf.c +++ b/crypto/test/rsaperf/rsaperf.c @@ -5,7 +5,7 @@ * RSA performance testing. */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/crypto/test/throughputTest.c b/crypto/test/throughputTest.c index cc65daf..7ae6897 100644 --- a/crypto/test/throughputTest.c +++ b/crypto/test/throughputTest.c @@ -4,7 +4,7 @@ * */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -17,8 +17,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/doc/CHANGES_up_to_v3.9.0.html b/doc/CHANGES_up_to_v3.9.0.html index 2327a13..4f3e607 100644 --- a/doc/CHANGES_up_to_v3.9.0.html +++ b/doc/CHANGES_up_to_v3.9.0.html @@ -1,28 +1,23 @@ - - - - - - - - - - -

MatrixSSL Release Notes

-

Changes in 3.9.0

+

MatrixSSL Release Notes

+ +

Changes in 3.9.0

+
-

Version 3.9.0 March 2017 (C) Copyright 2017 INSIDE Secure - All Rights Reserved

+

Version 3.9.0 +March 2017 +(C) Copyright 2017 Rambus Inc.- All Rights Reserved

-
    -
  1. BUG FIXES SINCE 3.8.7b
    2. -
+ +
    +

  1. BUG FIXES SINCE 3.8.7b

    +
    • Fixed server-side handling of client authentication with Server Name Indication
    • Constant Time Modular Exponentiation
      • -
    -
      -
    1. NEW FEATURES SINCE 3.8.7b
      2. + +

    2. NEW FEATURES SINCE 3.8.7b

    +
    • RFC 5280 Compliant Certificate Matching
    • Certificate Validation Configuration Options
      • @@ -31,62 +26,151 @@
    • Added psX509GetOnelineDN API
    • Added matrixValidateCertsExt API
    • Support for RSA-MD2 and RSA-MD5 Signatures in CSR and CRL Parsing
      • -
    • ALLOW_CRL_ISSUERS_WITHOUT_KEYUSAGE Compatibility Option
      • +
    • ALLOWCRLISSUERSWITHOUTKEYUSAGE Compatibility Option
    -
      -
    1. OTHER CHANGES SINCE 3.8.7b
      2. -
    + +
      +
    1. OTHER CHANGES SINCE 3.8.7b +
      • Indent style changes
        • -
      -

      1. BUG FIXES SINCE 3.8.7b

      -

      Fixed server-side handling of client authentication with Server Name Indication

      -

      This bug caused client authentication to fail when MatrixSSL was used as the server and the client was sending the Server Name Indication extension.

      -

      Constant Time Modular Exponentiation

      -

      It was reported by Andreas Zankl that Matrix Crypto implementation had a side-channel information leak via instruction cache. In response to the research, Matrix Crypto modular exponentiation was changed to use code that does not leak information via instruction cache and uses constant-time execution. The new code is slower. (Note: The SafeZone CL/CLS cryptography used in MatrixSSL FIPS Edition has been using constant time modular exponention before.)

      -

      2. NEW FEATURES SINCE 3.8.7b

      -

      RFC 5280 Compliant Certificate Matching

      -

      Matching certificate fields in MatrixSSL has been improved. MatrixSSL now implements the requirement from RFC 5280 that Subject Alternative Name is used for matching instead of subject Common Name if alternative name is available. Subject Alternative Name contain more precise information on the type of the field and thus avoids false positive field matches. MatrixSSL now allows RFC 5280 compliant matching of email addresses, where only domain name part is case insensitive. It is now possible to specify the type of name to match with new session options. See the Session Options section in the MatrixSSL APIs manual for details.

      -

      The issues in certificate matching were reported by a team of researchers from Columbia University, consisting of Suphannee Sivakorn, George Argyros, Kexin Pei, Suman Jana and Angelos D. Keromytis.

      -

      Certificate Validation Configuration Options

      -

      New session options have been added for configuring MatrixSSL's internal certificate validation process. These include options for specifying the field in the server certificate against which the expected server name should be matched, an option to limit the maximum certificate chain validation depth and options for retaining the peer certificate after processing. See the Session Options section in the MatrixSSL APIs manual for details.

      -

      Client Authentication using an External Security Token

      -

      MatrixSSL's external client authentication feature allows client-side private key operation in TLS client authentication, i.e. the signing of the handshake_messages hash in the CertificateVerify handshake message, to be offloaded from MatrixSSL to an external module such as a security or authentication token. See the MatrixSSL External Module Integration manual for details.

      -

      X.509 Generation Improvements (Commercial Edition Only)

      -

      Support has been added for encoding the netscape-comment certificate extension. The psParseCertReqBufExt API has been added. This version of psParseCertReqBufExt allows storing additional information from the parsed CSR. Another additional API is psX509SetPublicKey, which can be used to set the public key in a psCertConfig_t struct, before it is passed to the CSR or certificate encoding routines. See the MatrixSSL Certificates and Certificate Revocation Lists manual for details.

      -

      Added psX509GetOnelineDN API

      -

      The new psX509GetOnelineDN API can be used to generate a one-line string representation of a Distinguished Name.

      -

      Added matrixValidateCertsExt API

      -

      The new matrixValidateCertsExt API has an additional options struct argument for configuring some aspects of the certificate chain validation process. The old matrixValidateCerts API is now deprecated.

      -

      Support for RSA-MD2 and RSA-MD5 Signatures in CSR and CRL Parsing

      -

      Support for RSA-MD2 and RSA-MD5 signature verification has been added to CSR parsing, and support for RSA-MD2 signature verification has been added to CRL parsing. These insecure, legacy algorithms are disabled by default, but they can be enabled by defining USE_MD2 or USE_MD5.

      -

      ALLOW_CRL_ISSUERS_WITHOUT_KEYUSAGE Compatibility Option

      -

      The ALLOW_CRL_ISSUERS_WITHOUT_KEYUSAGE build-time option allows CRL authentication to succeed even when signer CA's cert does not have the keyUsage extension and thus no cRLSign bit. This option is for compatibility with old CRL issuer certs. RFC 5280 requires CRL issuer certs to have the keyUsage extension and the cRLSign bit.

      -

      3. OTHER CHANGES SINCE 3.8.7b

      -

      Indent style changes

      -

      Indent style has been changed and made more consistent accross source and header files.

      -

      Changes in 3.8.7b

      -
      -

      Version 3.8.7b January 2017 (C) Copyright 2017 INSIDE Secure - All Rights Reserved

      -
      -
        -
      1. BUG FIXES SINCE 3.8.7
        2. +
      -
        + +

        1. BUG FIXES SINCE 3.8.7b

        + +

        Fixed server-side handling of client authentication with Server Name Indication

        + +

        This bug caused client authentication to fail when MatrixSSL was used +as the server and the client was sending the Server Name Indication +extension.

        + +

        Constant Time Modular Exponentiation

        + +

        It was reported by Andreas Zankl that Matrix Crypto implementation had +a side-channel information leak via instruction cache. In response to +the research, Matrix Crypto modular exponentiation was changed to use +code that does not leak information via instruction cache and uses +constant-time execution. The new code is slower. (Note: The SafeZone +CL/CLS cryptography used in MatrixSSL FIPS Edition has been using +constant time modular exponention before.)

        + +

        2. NEW FEATURES SINCE 3.8.7b

        + +

        RFC 5280 Compliant Certificate Matching

        + +

        Matching certificate fields in MatrixSSL has been improved. MatrixSSL +now implements the requirement from RFC 5280 that Subject Alternative Name +is used for matching instead of subject Common Name if alternative +name is available. Subject Alternative Name contain more precise +information on the type of the field and thus avoids false positive field +matches. MatrixSSL now allows RFC 5280 compliant matching of email +addresses, where only domain name part is case insensitive. It is now +possible to specify the type of name to match with new session +options. See the Session Options section in the MatrixSSL APIs manual +for details.

        + +

        The issues in certificate matching were reported by a team of +researchers from Columbia University, consisting of Suphannee +Sivakorn, George Argyros, Kexin Pei, Suman Jana and Angelos +D. Keromytis.

        + +

        Certificate Validation Configuration Options

        + +

        New session options have been added for configuring MatrixSSL's +internal certificate validation process. These include options for +specifying the field in the server certificate against which the +expected server name should be matched, an option to limit the maximum +certificate chain validation depth and options for retaining the peer +certificate after processing. See the Session Options section in the +MatrixSSL APIs manual for details.

        + +

        Client Authentication using an External Security Token

        + +

        MatrixSSL's external client authentication feature allows +client-side private key operation in TLS client authentication, +i.e. the signing of the handshake_messages hash in the +CertificateVerify handshake message, to be offloaded from MatrixSSL to +an external module such as a security or authentication token. See +the MatrixSSL External Module Integration manual for details.

        + +

        X.509 Generation Improvements (Commercial Edition Only)

        + +

        Support has been added for encoding the netscape-comment certificate +extension. The psParseCertReqBufExt API has been added. This version +of psParseCertReqBufExt allows storing additional information from +the parsed CSR. Another additional API is psX509SetPublicKey, which +can be used to set the public key in a psCertConfig_t struct, before +it is passed to the CSR or certificate encoding routines. See the +MatrixSSL Certificates and Certificate Revocation Lists manual for +details.

        + +

        Added psX509GetOnelineDN API

        + +

        The new psX509GetOnelineDN API can be used to generate a one-line +string representation of a Distinguished Name.

        + +

        Added matrixValidateCertsExt API

        + +

        The new matrixValidateCertsExt API has an additional options struct +argument for configuring some aspects of the certificate chain +validation process. The old matrixValidateCerts API is now deprecated.

        + +

        Support for RSA-MD2 and RSA-MD5 Signatures in CSR and CRL Parsing

        + +

        Support for RSA-MD2 and RSA-MD5 signature verification has been added +to CSR parsing, and support for RSA-MD2 signature verification has +been added to CRL parsing. These insecure, legacy algorithms are +disabled by default, but they can be enabled by defining USEMD2 or +USEMD5.

        + +

        ALLOWCRLISSUERSWITHOUTKEYUSAGE Compatibility Option

        + +

        The ALLOWCRLISSUERSWITHOUTKEYUSAGE build-time option allows CRL +authentication to succeed even when signer CA's cert does not have the +keyUsage extension and thus no cRLSign bit. This option is for +compatibility with old CRL issuer certs. RFC 5280 requires CRL issuer +certs to have the keyUsage extension and the cRLSign bit.

        + +

        3. OTHER CHANGES SINCE 3.8.7b

        + +

        Indent style changes

        + +

        Indent style has been changed and made more consistent accross source +and header files.

        + +

        Changes in 3.8.7b

        + +
        +

        Version 3.8.7b +January 2017 +(C) Copyright 2017 Rambus Inc.- All Rights Reserved

        +
        + +
          +
        1. BUG FIXES SINCE 3.8.7
        2. Fixed compile error if SHA224 was enabled.
        3. Fixed compile warning around HTTP2 alpn detection.
        4. Fixed issue where a cipher suite could be negotiated that did not match the authentication type for the keys.
          5. -
      -

      1. BUG FIXES SINCE 3.8.7

      -

      Fixed issue where a cipher suite could be negotiated that did not match the authentication type for the keys.

      -

      This manifested in the default apps/ssl/server.c example when Chrome was connected. It negotiated an ECDSA based cipher even though keys loaded by default were RSA keys.

      -

      Changes in 3.8.7

      -
      -

      Version 3.8.7 November 2016 (C) Copyright 2016 INSIDE Secure - All Rights Reserved

      -
      -
        -
      1. BUG FIXES SINCE 3.8.6
      + +

      1. BUG FIXES SINCE 3.8.7

      + +

      Fixed issue where a cipher suite could be negotiated that did not match the authentication type for the keys.

      + +

      This manifested in the default apps/ssl/server.c example when Chrome was connected. It negotiated an ECDSA based cipher even though keys loaded by default were RSA keys.

      + +

      Changes in 3.8.7

      + +
      +

      Version 3.8.7 +November 2016 +(C) Copyright 2016 Rambus Inc.- All Rights Reserved

      +
      + +
        +

      1. BUG FIXES SINCE 3.8.6

        +
        • Fixed Wrong Computation Results Bug In pstm.c Division
        • Fixed Memory Corruption In psDhImportPubKey
          • @@ -105,115 +189,234 @@
        • MD5 and SHA-1 Combined Digest Function
        • Coverity Issues Fixed
        • Yarrow Build Issues Fixed
          • -
        -
          -
        1. NEW FEATURES SINCE 3.8.6
          2. -
        +
        2. +

      2. NEW FEATURES SINCE 3.8.6

        +
        • SHA-512 for X.509 Certificates Improvements
        • OCSP Improvements
        • X.509 Certificate Domain Components
        • New Configuration: Minimal PSK
          • -
        -

        1. BUG FIXES SINCE 3.8.6

        -

        Fixed Wrong Computation Results Bug In pstm.c Division

        -

        The bug could cause some big number mathematics to return wrong values when divisor and dividend are very far from each other. This issue is related to public key computation problems reported by Security Researcher Hanno Böck.

        -

        Fixed Memory Corruption In psDhImportPubKey

        -

        Importing Diffie-Hellman public key cleared some memory beyond end of the key. On some systems this bug may have caused memory corruption.

        -

        Fixed RSA Public Key Read Overflow

        -

        When importing RSA key from certificate, maliciously crafted RSA public key could cause read buffer overflow and crash.

        -

        X.509/CRL/OCSP Timestamp Validation

        -

        MatrixSSL accepted some X.509 certificates with illegal timestamps, such as leap day in an ordinary year. In additional, some two digit years were parsed incorrectly. Timestamp parsing has been altered everywhere to use new psBrokenDownDate API, which correctly handles these corner cases. Some of X.509 time parsing issues were reported by Sze Yiu Chau.

        -

        Unix Year 2038 Problem Fix

        -

        On 32-bit Unix devices, time_t type, which is signed will overflow in 2038. A workaround was added that will allow timestamps and dates to be processed correctly by MatrixSSL on and after Tuesday 19 January 2038.

        -

        Stricter OID Comparison

        -

        The OID comparison in MatrixSSL uses a simple non-cryptographic digest function, based on sum of bytes, which is not collision free. Comparison of OID binary representation was added to ensure unknown OIDs are not accidentally interpreted the same than some of existing OIDs. This issue was reported by Sze Yiu Chau.

        -

        Multibyte String Handling

        -

        The MatrixSSL now includes function to recode strings containing multibyte (BMPString) characters as UTF-8 strings. This handling is applied to X.509 certificate fields, such as Subject Name. This allows code using MatrixSSL to work with BMPString input without actually knowing the encoding used.

        -

        Configuration Robustness Improvements

        -

        MatrixSSL has been made more robust with configurations: changing configuration options is less likely to cause problems building the software.

        -

        These improvements allow smaller configurations for embedded systems. (E.g. build without DTLS, or build only server-side or client-side support.)

        -

        X.509 Certificate Parsing Read Overflow

        -

        Fixed read overflow from X.509 certificate date handling and removed possible buffer read overflow in parseGeneralNames(). Without these fixes maliciously crafted X.509 certificate could cause software crash.

        -

        PKCS #8 Buffer Read Overflow

        -

        Fixed reading overly large invalid PKCS #8 encoded private key. Without this fix, maliciously crafted PKCS #8 file could cause software crash.

        -

        OCSP Bug Fixes

        -

        In lieu of OCSP improvements, small bugs in OCSP implementation have been fixed. The most notable bug was a memory leak.

        -

        Generic Bug Fixes For Test Programs

        -

        Removed some warnings and memory leaks from test programs. Made test programs confirm to Unix/POSIX return value scheme on relevant platforms.

        - -

        The recommended configurations have been edited slightly. Most notably, the tracing is disabled by default on non-debug configurations.

        -

        psMutex Locking and Unlocking APIs Compiler Warnings Removed

        -

        Removed return value from psLockMutex() and psUnlockMutex() APIs. This removes several warnings regarding return values not being used.

        -

        MD5 and SHA-1 Combined Digest Function

        -

        The MatrixSSL will now invoke combined MD5 and SHA-1 hash function psMd5Sha1, whenever possible instead of separate MD5 and SHA-1 hash functions.

        -

        Coverity Issues Fixed

        -

        Implementation of getTicketKeys and parseSSLHandshake functions was changed to remove issues detected by Coverity.

        -

        Yarrow Build Issues Fixed

        -

        MatrixSSL comes with a version of Yarrow PRNG. Its use has been deprecated, but the PRNG continued to be shipped with MatrixSSL. Unfortunately, the latest versions of MatrixSSL had compilation errors in yarrow.c. Those errors have been fixed, and the source code file has been marked deprecated.

        -

        2. NEW FEATURES SINCE 3.8.6

        -

        SHA-512 for X.509 Certificates Improvements

        -

        MatrixSSL can use SHA-512 to sign self-signed certificate or certificate request. SHA-512 was already previously supported for verification of X.509 certificates. (This feature can be used only on MatrixSSL Commercial Edition.)

        -

        OCSP Improvements

        -

        OCSP example application apps/crypto/ocsp.c (Commercial Edition Only) and MatrixSSL Developer Guide have been improved to give more documentation regarding OCSP request. OCSP request can now use requestorId feature and request status of list of certificates.

        -

        X.509 Certificate Domain Components

        -

        Added Functions for obtaining contents of X.509 certificate Domain Component field(s).

        -

        New Configuration: Minimal PSK

        -

        New configuration psk added. This configuration provides small footprint MatrixSSL build with only Pre-Shared Key and TLS 1.2 functionality using Matrix Crypto.

        -

        Changes in 3.8.6

        -
        -

        Version 3.8.6 October 2016 (C) Copyright 2016 INSIDE Secure - All Rights Reserved

        -
        -
          -
        1. BUG FIXES
          2. +
        + +

        1. BUG FIXES SINCE 3.8.6

        + +

        Fixed Wrong Computation Results Bug In pstm.c Division

        + +

        The bug could cause some big number mathematics to return wrong values when divisor and dividend are very far from each other. +This issue is related to public key computation problems +reported by Security Researcher Hanno Böck.

        + +

        Fixed Memory Corruption In psDhImportPubKey

        + +

        Importing Diffie-Hellman public key cleared some memory beyond end of the key. +On some systems this bug may have caused memory corruption.

        + +

        Fixed RSA Public Key Read Overflow

        + +

        When importing RSA key from certificate, maliciously crafted RSA public key could cause read buffer overflow and crash.

        + +

        X.509/CRL/OCSP Timestamp Validation

        + +

        MatrixSSL accepted some X.509 certificates with illegal timestamps, +such as leap day in an ordinary year. In additional, some two +digit years were parsed incorrectly. Timestamp parsing has been +altered everywhere to use new psBrokenDownDate API, which correctly +handles these corner cases. Some of X.509 time parsing issues were +reported by Sze Yiu Chau.

        + +

        Unix Year 2038 Problem Fix

        + +

        On 32-bit Unix devices, time_t type, which is signed will overflow in 2038. +A workaround was added that will allow timestamps and dates to be processed +correctly by MatrixSSL on and after Tuesday 19 January 2038.

        + +

        Stricter OID Comparison

        + +

        The OID comparison in MatrixSSL uses a simple non-cryptographic digest +function, based on sum of bytes, which is not collision free. Comparison of OID +binary representation was added to ensure unknown OIDs are not accidentally +interpreted the same than some of existing OIDs. +This issue was reported by Sze Yiu Chau.

        + +

        Multibyte String Handling

        + +

        The MatrixSSL now includes function to recode strings containing multibyte +(BMPString) characters as UTF-8 strings. This handling is applied to +X.509 certificate fields, such as Subject Name. This allows code using +MatrixSSL to work with BMPString input without actually knowing the encoding +used.

        + +

        Configuration Robustness Improvements

        + +

        MatrixSSL has been made more robust with configurations: changing +configuration options is less likely to cause problems building the software.

        + +

        These improvements allow smaller configurations for embedded systems. +(E.g. build without DTLS, or build only server-side or client-side support.)

        + +

        X.509 Certificate Parsing Read Overflow

        + +

        Fixed read overflow from X.509 certificate date handling and +removed possible buffer read overflow in parseGeneralNames(). +Without these fixes maliciously crafted X.509 certificate could +cause software crash.

        + +

        PKCS #8 Buffer Read Overflow

        + +

        Fixed reading overly large invalid PKCS #8 encoded private key. +Without this fix, maliciously crafted PKCS #8 file could cause +software crash.

        + +

        OCSP Bug Fixes

        + +

        In lieu of OCSP improvements, small bugs in OCSP implementation have +been fixed. The most notable bug was a memory leak.

        + +

        Generic Bug Fixes For Test Programs

        + +

        Removed some warnings and memory leaks from test programs. +Made test programs confirm to Unix/POSIX return value scheme on relevant +platforms.

        + +

        Changes to Recommended Configurations

        + +

        The recommended configurations have been edited slightly. +Most notably, the tracing is disabled by default on non-debug configurations.

        + +

        psMutex Locking and Unlocking APIs Compiler Warnings Removed

        + +

        Removed return value from psLockMutex() and psUnlockMutex() APIs. +This removes several warnings regarding return values not being used.

        + +

        MD5 and SHA-1 Combined Digest Function

        + +

        The MatrixSSL will now invoke combined MD5 and SHA-1 hash function psMd5Sha1, +whenever possible instead of separate MD5 and SHA-1 hash functions.

        + +

        Coverity Issues Fixed

        + +

        Implementation of getTicketKeys and parseSSLHandshake +functions was changed to remove issues detected by Coverity.

        + +

        Yarrow Build Issues Fixed

        + +

        MatrixSSL comes with a version of Yarrow PRNG. Its use has been deprecated, +but the PRNG continued to be shipped with MatrixSSL. Unfortunately, the +latest versions of MatrixSSL had compilation errors in yarrow.c. +Those errors have been fixed, and the source code file has been marked +deprecated.

        + +

        2. NEW FEATURES SINCE 3.8.6

        + +

        SHA-512 for X.509 Certificates Improvements

        + +

        MatrixSSL can use SHA-512 to sign self-signed certificate or certificate request. SHA-512 was already previously supported for verification of X.509 certificates. +(This feature can be used only on MatrixSSL Commercial Edition.)

        + +

        OCSP Improvements

        + +

        OCSP example application apps/crypto/ocsp.c +(Commercial Edition Only) and MatrixSSL Developer Guide have +been improved to give more documentation regarding OCSP request. +OCSP request can now use requestorId feature and request status of list of certificates.

        + +

        X.509 Certificate Domain Components

        + +

        Added Functions for obtaining contents of X.509 certificate Domain +Component field(s).

        + +

        New Configuration: Minimal PSK

        + +

        New configuration psk added. This configuration provides small footprint MatrixSSL build with only Pre-Shared Key and TLS 1.2 functionality using Matrix Crypto.

        + +

        Changes in 3.8.6

        + +
        +

        Version 3.8.6 +October 2016 +(C) Copyright 2016 Rambus Inc.- All Rights Reserved

        +
        + +
          +
        1. BUG FIXES +
          • Critical parsing bug for X.509 certificates
          • Critical TLS handshake parsing bugs
          • 4096 bit RSA key generation regression
          • General cleanup of build
          • MatrixSSH compatibility issue
            • -
          -
            -
          1. FEATURES AND IMPROVEMENTS
            2. -
          +
          2. +
        2. FEATURES AND IMPROVEMENTS +
          • New configuration system for build options
          • core/ changes
          • X.509 parsing and generation
          • crypto/ changes
          • Removed OpenSSL API Emulation
            • -
          -

          1 BUG FIXES

          -

          Critical parsing bug for X.509 certificates

          +
          3. +
        + +

        1 BUG FIXES

        + +

        Critical parsing bug for X.509 certificates

        +

        Security Researcher Craig Young reported two issues related to X.509 certificate parsing. An error in parsing a maliciously formatted Subject Alt Name field in a certificate could cause a crash due to a write beyond buffer and subsequent free of an unallocated block of memory. An error in parsing a maliciously formatted ASN.1 Bit Field primitive could cause a crash due to a memory read beyond allocated memory.

        -

        Critical TLS handshake parsing bugs

        + +

        Critical TLS handshake parsing bugs

        +

        Security Researcher Andreas Walz reported three issues related to processing the ClientHello message.

        +
        • The length of the TLS record was not being strictly checked against the length of the extensions field, so that additional unparsed data could be added between the end of extensions and the end of the record. This presents some level of uncertainty in how extensions may be interpreted and could present a security issue.
        • ClientHello parsing was not verifying that a NULL compression suite was sent by the client, as required by the RFC. This did not present a security issue (NULL compression was always forced), but improves strict adherence to the specification.
        • For TLS connections (not DTLS), the major version proposed in the ClientHello suggested by RFC 5246 to only allow the byte value 0x03. Now the connection is terminated if a value other than this is suggested. Previously the suggested major version field was simply echoed back in the ServerHello message, and treated as 0x03.
        -

        4096 bit RSA key generation regression

        + +

        4096 bit RSA key generation regression

        +

        In some cases RSA key generation of 4096 bit keys would fail and return with an error code. This regression issue has been fixed and key generation will once again succeed.

        -

        General cleanup of build

        + +

        General cleanup of build

        +

        Warnings across multiple platforms and compilers were fixed. Various compile time configuration combination build issues were fixed.

        -

        MatrixSSH compatibility issue

        -

        Newer versions of MatrixSSH server were incompatible with the PuTTY client. A fix has been included and enabled by default USE_PUTTY_WORKAROUND. Note this does not affect the standard MatrixSSL codebase.

        -

        2 FEATURES AND IMPROVEMENTS

        -

        New configuration system for build options

        + +

        MatrixSSH compatibility issue

        + +

        Newer versions of MatrixSSH server were incompatible with the PuTTY client. A fix has been included and enabled by default USE_PUTTY_WORKAROUND. +Note this does not affect the standard MatrixSSL codebase.

        + +

        2 FEATURES AND IMPROVEMENTS

        + +

        New configuration system for build options

        +

        A new top level directory configs/ now holds several sets of configuration files for MatrixSSL to simplify configuration sets. This method also allows custom sets to be developed specific to a given use case (for example a RSA only build). The following three configuration files now are copied at build time from the configs directory:

        -
        core/coreConfig.h
+
+
        
+core/coreConfig.h
 crypto/cryptoConfig.h
-matrixssl/matrixsslConfig.h
        +matrixssl/matrixsslConfig.h +

        +

        The default configuration settings for MatrixSSL may have changed from your current settings. Please confirm all settings in these three files after updating.

        +

        From a fresh package, the build process is the same as before: simply type make. It will build the software using the default configuration options.

        +

        To use a different configuration, for example configs/noecc:

        -
        $ make clean && make all-noecc
        + +

        +$ make clean && make all-noecc +

        +

        Once a configuration is set, make and make clean will continue to use the same configuration unless a new one is selected as above.

        -

        core/ changes

        + +

        core/ changes

        +
        • Added warning helper macros
        • Additional PS_ return codes
          • @@ -223,9 +426,13 @@ matrixssl/matrixsslConfig.h
        • test/ new self-test directory
        • Change in default Linux compile options in common.mk
        -

        X.509 parsing and generation

        + +

        X.509 parsing and generation

        +

        Added additional field parsing support for X.509, including multiple OU support. Commercial release adds additional certificate creation support, as well as an API set and test suite for programmatically creating certificates. See MatrixKeyAndCertGeneration.pdf for full description.

        -

        crypto/ changes

        + +

        crypto/ changes

        +
        • Added *PreInit() APIs for hash functions for compatibility with FIPS library and hardware token requirements
        • Added psX509GetCertPublicKeyDer() API
          • @@ -236,21 +443,32 @@ matrixssl/matrixsslConfig.h
        • Added PKCS#8 import
        • ALLOW_VERSION_1_ROOT_CERT_PARSE configuration option for loading legacy v1 certificates as trusted roots only (default not enabled). Loading as intermediate or leaf certificates is insecure and still not allowed.
        -

        Removed OpenSSL API Emulation

        + +

        Removed OpenSSL API Emulation

        +
        • opensslApi.c and opensslSocket.c files removed temporarily in anticipation of moving to a more fully supported OpenSSL layer.
        -

        Changes in 3.8.5

        + +

        Changes in 3.8.5

        +
        -

        Version 3.8.5 September 2016 Note: 3.8.5 was a limited customer release only.

        +

        Version 3.8.5 +September 2016 +Note: 3.8.5 was a limited customer release only.

        -

        Changes in 3.8.4

        + +

        Changes in 3.8.4

        +
        -

        Version 3.8.4 July 2016 (C) Copyright 2016 INSIDE Secure - All Rights Reserved

        +

        Version 3.8.4 +July 2016 +(C) Copyright 2016 Rambus Inc.- All Rights Reserved

        -
          -
        1. FEATURES AND IMPROVEMENTS
          2. -
        + +
          +
        1. FEATURES AND IMPROVEMENTS +
          • Coverity coverage
          • HTTP/2 restrictions via ALPN
            • @@ -258,10 +476,9 @@ matrixssl/matrixsslConfig.h
          • Process shared Session Cache
          • Enhanced CRL and OCSP support
          • Windows support for certificate date validation
            • -
          -
            -
          1. BUG FIXES
            2. -
          +
          2. +
        2. BUG FIXES +
          • Critical parsing bug for RSA encrypted blobs
          • Additional restrictions on bignum operations
            • @@ -269,40 +486,72 @@ matrixssl/matrixsslConfig.h
          • Fixed error in DTLS encoding
          • SSLv3 only support fixed
          • Assembly compatibility with more compilers
            • -
          -

          1 FEATURES AND IMPROVEMENTS

          -

          Coverity coverage

          -

          MatrixSSL now has zero outstanding defects in Coverity Static Analysis.

          -

          HTTP/2 restrictions via ALPN

          -

          MatrixSSL server code will automatically evaluate the ALPN extension and appropriately restrict the cipher suites and key exchange methods if the HTTP/2 protocol is being used. Per the HTTP/2 spec, only AEAD cipher suites and Ephemeral key exchange methods are allowed.

          -

          Enhanced example apps

          -

          Example applications now take additional command line options and also support CRL request and response generation.

          -

          Process shared Session Cache

          -

          Minimal support for a process-shared server session resumption cache is now supported via process-shared mutexes on Linux.

          -

          Enhanced CRL and OCSP support

          -

          A new file crypto/keyformat/crl.c defines additional apis for more complex CRL (Certificate Revocation List) and OCSP support.

          -

          Windows support for certificate date validation

          -

          Previously only Posix based platforms were supported.

          -

          2 BUG FIXES

          -

          Critical parsing bug for RSA encrypted blobs

          -

          Security Researcher Hanno Böck reported several issues related to RSA and bignum operations. An error in parsing a maliciously formatted public key block could produce a remotely triggered crash in SSL server parsing. Additional restrictions on the values provided to RSA and DH operations were also added, although an exploit has not been found.

          -

          Additional restrictions on bignum operations

          -

          The MatrixSSL bignum library, located in crypto/math/ was optimized and reduced in size to support only key sizes and operations used by standard RSA, ECC and DH operations (those apis present in crypto/cryptoApi.h). Additional constraint checking has been added to the code to prevent unsupported key sizes and values. Users requiring generic bignum operations should take a look at libtomcrypt, GMP, Python or OpenSSL.

          -

          Fixed error in disabled cipher flags

          -

          The optional disabling or enabling of specific ciphers at runtime per session was recently broken (now fixed) due to an errant flags calculation using < instead of <<.

          -

          Fixed error in DTLS encoding

          -

          An error was returned if attempting to encode a DTLS message exactly the PMTU size.

          -

          SSLv3 only support fixed

          -

          SSLv3 mode is not recommended for deployment, but had become broken in a recent build. It can now be enabled again.

          -

          Assembly compatibility with more compilers

          -

          Fixed "invalid register constraints" error on some versions of GCC and LLVM for ARM, MIPS and x86_64.

          -

          Changes in 3.8.3

          -
          -

          Version 3.8.3 April 2016 (C) Copyright 2016 INSIDE Secure - All Rights Reserved

          -
          -
            -
          1. FEATURES AND IMPROVEMENTS
            2. +
          + +

          1 FEATURES AND IMPROVEMENTS

          + +

          Coverity coverage

          + +

          MatrixSSL now has zero outstanding defects in Coverity Static Analysis.

          + +

          HTTP/2 restrictions via ALPN

          + +

          MatrixSSL server code will automatically evaluate the ALPN extension and appropriately restrict the cipher suites and key exchange methods if the HTTP/2 protocol is being used. Per the HTTP/2 spec, only AEAD cipher suites and Ephemeral key exchange methods are allowed.

          + +

          Enhanced example apps

          + +

          Example applications now take additional command line options and also support CRL request and response generation.

          + +

          Process shared Session Cache

          + +

          Minimal support for a process-shared server session resumption cache is now supported via process-shared mutexes on Linux.

          + +

          Enhanced CRL and OCSP support

          + +

          A new file crypto/keyformat/crl.c defines additional apis for more complex CRL (Certificate Revocation List) and OCSP support.

          + +

          Windows support for certificate date validation

          + +

          Previously only Posix based platforms were supported.

          + +

          2 BUG FIXES

          + +

          Critical parsing bug for RSA encrypted blobs

          + +

          Security Researcher Hanno Böck reported several issues related to RSA and bignum operations. An error in parsing a maliciously formatted public key block could produce a remotely triggered crash in SSL server parsing. Additional restrictions on the values provided to RSA and DH operations were also added, although an exploit has not been found.

          + +

          Additional restrictions on bignum operations

          + +

          The MatrixSSL bignum library, located in crypto/math/ was optimized and reduced in size to support only key sizes and operations used by standard RSA, ECC and DH operations (those apis present in crypto/cryptoApi.h). Additional constraint checking has been added to the code to prevent unsupported key sizes and values. Users requiring generic bignum operations should take a look at libtomcrypt, GMP, Python or OpenSSL.

          + +

          Fixed error in disabled cipher flags

          + +

          The optional disabling or enabling of specific ciphers at runtime per session was recently broken (now fixed) due to an errant flags calculation using < instead of <<.

          + +

          Fixed error in DTLS encoding

          + +

          An error was returned if attempting to encode a DTLS message exactly the PMTU size.

          + +

          SSLv3 only support fixed

          + +

          SSLv3 mode is not recommended for deployment, but had become broken in a recent build. It can now be enabled again.

          + +

          Assembly compatibility with more compilers

          + +

          Fixed "invalid register constraints" error on some versions of GCC and LLVM for ARM, MIPS and x86_64.

          + +

          Changes in 3.8.3

          + +
          +

          Version 3.8.3 +April 2016 +(C) Copyright 2016 Rambus Inc.- All Rights Reserved

          +
          + +
            +
          1. FEATURES AND IMPROVEMENTS +
            • Simplified Configuration Options
            • DTLS Combined Package
              • @@ -312,13 +561,12 @@ matrixssl/matrixsslConfig.h
            • Online Certificate Status Protocol
            • TLS Fallback SCSV
            • Trusted CA Indication Extension
              • -
            • Removed gmt_unix_time from client and server random
              • +
            • Removed gmtunixtime from client and server random
            • Removed support for SSLv2 CLIENT_HELLO messages
            • Ephemeral ECC Key Caching
              • -
            -
              -
            1. BUG FIXES
              2. -
            +
            2. +
          2. BUG FIXES +
            • Support for parsing large certificate blobs
            • X.509 certificate parse fix for issuerUniqueID and subjectUniqueID
              • @@ -330,100 +578,170 @@ matrixssl/matrixsslConfig.h
            • Validation of RSA Signature Creation
            • Side Channel Vulnerability on RSA Cipher Suites
            • Access Violation on Malicious TLS Record
              • -
            -

            1 FEATURES AND IMPROVEMENTS

            -

            Simplified Configuration Options

            +
            3. +
          + +

          1 FEATURES AND IMPROVEMENTS

          + +

          Simplified Configuration Options

          +

          The configuration files coreConfig.h, cryptoConfig.h and matrixsslConfig.h have been simplified, and the default options have been changed to improve security and code size.

          +
            -
          • Many of the insecure algorithms or deprecated options that can be enabled in cryptoConfig.h and matrixsslConfig.h have been moved into cryptolib.h and matrixssllib.h, respectively.
            -
            • -
          • TLS 1.1 is now the default minimum TLS version compiled in. The new USE_TLS_1_1_AND_ABOVE setting enables this.
            • -
          • Rehandshaking on an existing connection is now disabled completely by default with the USE_REHANDSHAKING configuration option.
            • +
          • Many of the insecure algorithms or deprecated options that can be +enabled in cryptoConfig.h and matrixsslConfig.h have been moved +into cryptolib.h and matrixssllib.h, respectively.
            • +
          • TLS 1.1 is now the default minimum TLS version compiled in. The new +USE_TLS_1_1_AND_ABOVE setting enables this.
            • +
          • Rehandshaking on an existing connection is now disabled completely by +default with the USE_REHANDSHAKING configuration option.
          -

          DTLS Combined Package

          + +

          DTLS Combined Package

          +

          DTLS is now packaged with MatrixSSL, and can be enabled with the USE_DTLS configuration option. TLS and DTLS connections can be made simultaneously with the same application.

          -

          CHACHA20_POLY1305 Cipher Suites

          -

          MatrixSSL now has support for ChaCha20-Poly1305 cipher suites compatible with RFC draft https://tools.ietf.org/html/draft-ietf-tls-chacha20-poly1305. The supported cipher suites are defined for TLS 1.2 and can be enabled at compile time.

          -
          -
          cryptoConfig.h
          -
          USE_CHACHA20_POLY1305_IETF -
          -
          matrixsslConfig.h
          -
          TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 -
          -
          + +

          CHACHA20_POLY1305 Cipher Suites

          + +

          MatrixSSL now has support for ChaCha20-Poly1305 cipher suites compatible with RFC draft https://tools.ietf.org/html/draft-ietf-tls-chacha20-poly1305. +The supported cipher suites are defined for TLS 1.2 and can be enabled at compile time.

          + +

          cryptoConfig.h +: USE_CHACHA20_POLY1305_IETF

          + +

          matrixsslConfig.h +: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 +TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256

          +

          MatrixSSL must be linked with the libsodium library to provide implementation of the crypto primitives.

          -

          Libsodium Crypto Provider

          + +

          Libsodium Crypto Provider

          +

          MatrixSSL now includes a layer for crypto primitives to the libsodium crypto library, in addition to the OpenSSL libcrypto and the native (default) MatrixSSL crypto library. libsodium provides crypto primitives for ChaCha20 and Poly1305. In addition, enabling the layer will use libsodium primitives for SHA256/SHA384/SHA512 based hashes and AES-256-GCM ciphers that provide high performance on Intel platforms.

          +
          -

          As of this release, the current version of libsodium is available here: https://download.libsodium.org/libsodium/releases/libsodium-1.0.8.tar.gz To build libsodium, follow the instructions here: https://download.libsodium.org/doc/installation/index.html

          +

          As of this release, the current version of libsodium is available here: +https://download.libsodium.org/libsodium/releases/libsodium-1.0.8.tar.gz +To build libsodium, follow the instructions here: +https://download.libsodium.org/doc/installation/index.html

          +

          To enable in the MatrixSSL make system, enable the following and rebuild:

          -
          -
          common.mk
          -
          PS_LIBSODIUM:=1 LIBSODIUM_ROOT:=(path_to_libsodium_build) -
          -
          -

          Extended Master Secret

          -

          The “extended master secret” as specified in RFC 7627 is an important security feature for TLS implementations that use session resumption. The extended master secret feature associates the internal TLS master secret directly to the connection context to prevent man-in-the-middle attacks during session resumption. One such attack is a synchronizing triple handshake as described in Triple Handshakes and Cookie Cutters: Breaking and Fixing Authentication over TLS.

          + +

          common.mk +: PS_LIBSODIUM:=1 +LIBSODIUM_ROOT:=(pathtolibsodium_build)

          + +

          Extended Master Secret

          + +

          The “extended master secret” as specified in RFC 7627 is an important security feature for TLS implementations that use session resumption. The extended master secret feature associates the internal TLS master secret directly to the connection context to prevent man-in-the-middle attacks during session resumption. One such attack is a synchronizing triple handshake as described in Triple Handshakes and Cookie Cutters: Breaking and Fixing Authentication over TLS.

          +

          See the Extended Master Secret section in the MatrixSSL API document for details.

          -

          Online Certificate Status Protocol

          -

          The Online Certificate Status Protocol (OCSP) is an alternative to the Certificate Revocation List (CRL) mechanism for performing certificate revocation tests on server keys. TLS integrates with OCSP in a mechanism known as “OCSP stapling”. This feature allows the client to request that the server provide a time-stamped OCSP response when presenting the X.509 certificate during the TLS handshake. The primary goal for this scheme is to allow resource constrained clients to perform certificate revocation tests without having to communicate with an OCSP Responder themselves.

          + +

          Online Certificate Status Protocol

          + +

          The Online Certificate Status Protocol (OCSP) is an alternative to the Certificate Revocation List (CRL) mechanism for performing certificate revocation tests on server keys. TLS integrates with OCSP in a mechanism known as “OCSP stapling”. This feature allows the client to request that the server provide a time-stamped OCSP response when presenting the X.509 certificate during the TLS handshake. The primary goal for this scheme is to allow resource constrained clients to perform certificate revocation tests without having to communicate with an OCSP Responder themselves.

          +

          See the OCSP Revocation section in the MatrixSSL API document for details.

          -

          TLS Fallback SCSV

          + +

          TLS Fallback SCSV

          +

          The RFC for detecting version rollback attacks has been implemented per RFC7507. See the MatrixSSL Developer’s Guide for more information.

          -

          Trusted CA Indication Extension

          -

          The Trusted CA Indication extension is specified in RFC 6066. This feature allows TLS clients to send their list of certificate authorities to servers in the CLIENT_HELLO message.
          -See the Trusted CA Indication section in the MatrixSSL_API document for details.

          -

          Removed gmt_unix_time from client and server random

          + +

          Trusted CA Indication Extension

          + +

          The Trusted CA Indication extension is specified in RFC 6066. This feature allows TLS clients to send their list of certificate authorities to servers in the CLIENT_HELLO message.
          +See the Trusted CA Indication section in the MatrixSSLAPI_ document for details.

          + +

          Removed gmtunixtime from client and server random

          +

          The TLS RFC specifies that the first 4 bytes of the CLIENT_HELLO and SERVER_HELLO random values be the current platform time. Current best practices recommend using random data for all 32 bytes. MatrixSSL now uses all random data by default.

          -

          Removed support for SSLv2 CLIENT_HELLO messages

          + +

          Removed support for SSLv2 CLIENT_HELLO messages

          +

          SSLv2 CLIENT_HELLO parsing was previously supported to maintain compatibility with very old TLS implementations. Although this does not present a security risk at this time, the code has been removed, and only modern TLS record header parsing is supported.

          -

          Ephemeral ECC Key Caching

          + +

          Ephemeral ECC Key Caching

          +

          Previous versions of MatrixSSL generated new, unique ephemeral keys for each connection using ECDHE_ cipher suites, as per NIST recommendations. Beginning with this version, ephemeral keys are cached and re-used for connections within a time frame of two hours and a maximum usage of 1000 times. This improves performance of ECDHE suites, and is inline with the configuration current web browsers. This feature can be configured in matrixsslConfig.h.

          -

          2 BUG FIXES

          -

          Support for parsing large certificate blobs

          -

          Certificate collections larger than 64KB were not being parsed correctly after a change to some data types (32 bit to 16 bit) in the parsing code. This bug is now fixed and large collections of certificates are now parsing correctly.

          -

          X.509 certificate parse fix for issuerUniqueID and subjectUniqueID

          + +

          2 BUG FIXES

          + +

          Support for parsing large certificate blobs

          + +

          Certificate collections larger than 64KB were not being parsed correctly after a change to some data types (32 bit to 16 bit) in the parsing code. This bug is now fixed and large collections of certificates are now parsing correctly.

          + +

          X.509 certificate parse fix for issuerUniqueID and subjectUniqueID

          +

          Previous MatrixSSL versions could not parse these rarely encountered members of X.509 certificates.

          -

          Diffie-Hellman public key exchange bug

          -

          MatrixSSL clients would not successfully handshake with servers that sent Diffie-Hellman public keys that were not the same byte length as the DH group Prime parameter. Clients will now successfully handshake with servers that provide shorter length public keys.

          -

          SHA512 based Server Key Exchange signatures

          + +

          Diffie-Hellman public key exchange bug

          + +

          MatrixSSL clients would not successfully handshake with servers that sent Diffie-Hellman public keys that were not the same byte length as the DH group Prime parameter. Clients will now successfully handshake with servers that provide shorter length public keys.

          + +

          SHA512 based Server Key Exchange signatures

          +

          SHA512 was not supported for SERVER_KEY_EXCHANGE messages in previous versions.

          -

          Allow independent hashSigAlg identifiers in Certificate Request message

          -

          Previous client versions of MatrixSSL would not allow servers to send signature algorithm identifiers that were not already specified by the client in the CLIENT_HELLO message. Now, the client will correctly allow the server to send an independent list of supported algorithms and the client will look for matches from that list.

          - + +

          Allow independent hashSigAlg identifiers in Certificate Request message

          + +

          Previous client versions of MatrixSSL would not allow servers to send signature algorithm identifiers that were not already specified by the client in the CLIENT_HELLO message. Now, the client will correctly allow the server to send an independent list of supported algorithms and the client will look for matches from that list.

          + +

          Improvements to DTLS Cookie handling

          +

          HMAC-SHA1 or HMAC-SHA256 are now used to generate the DTLS cookie, and additional checking is done on the cookie for Denial-of-Service prevention.

          -

          Fixed key type verification for chosen cipher suite

          -

          An internal verification function that determined whether the server key type was correct for the chosen cipher suite has now been fixed. Previous versions would sometimes incorrectly determine the server was using the wrong key type if the server was using a certificate chain where parent certificates did not use the same key type. This bug resulted in a failed handshake and is now fixed.

          -

          Validation of RSA Signature Creation

          + +

          Fixed key type verification for chosen cipher suite

          + +

          An internal verification function that determined whether the server key type was correct for the chosen cipher suite has now been fixed. Previous versions would sometimes incorrectly determine the server was using the wrong key type if the server was using a certificate chain where parent certificates did not use the same key type. This bug resulted in a failed handshake and is now fixed.

          + +

          Validation of RSA Signature Creation

          +

          An internal RSA validation of created signatures has been added to the library in the psRsaEncryptPriv() function.

          -

          Security researcher Florian Weimer has shown it is possible for RSA private key information to leak under some special failure circumstances. Information on the exploit can be found here: https://people.redhat.com/~fweimer/rsa-crt-leaks.pdf

          -

          The potential leak is only possible if a DHE_RSA based cipher suite is supported on the server side. This is the only handshake combination in which an RSA signature is sent over the wire (during the SERVER_KEY_EXCHANGE message). The signature itself must have been incorrectly generated for the exploit to be possible.

          + +

          Security researcher Florian Weimer has shown it is possible for RSA private key information to leak under some special failure circumstances. Information on the exploit can be found here: https://people.redhat.com/~fweimer/rsa-crt-leaks.pdf

          + +

          The potential leak is only possible if a DHE_RSA based cipher suite is supported on the server side. This is the only handshake combination in which an RSA signature is sent over the wire (during the SERVER_KEY_EXCHANGE message). The signature itself must have been incorrectly generated for the exploit to be possible.

          +

          The additional signature validation test will now cause the TLS handshake to fail prior to a faulty signature being sent to the client.

          -

          Side Channel Vulnerability on RSA Cipher Suites

          -

          A Bleichenbacher variant attack, where certain information is leaked from the results of a RSA private key operation has been reported by a security researcher. The code has been updated to error without providing any information on the premaster contents. Thank you to Juraj Somorovsky, author of TLS-Attacker > Note that other side channel attacks may still be possible as MatrixSSL non-FIPS crypto is not always constant-time.

          -

          Access Violation on Malicious TLS Record

          + +

          Side Channel Vulnerability on RSA Cipher Suites

          + +

          A Bleichenbacher variant attack, where certain information is leaked from the results of a RSA private key operation has been reported by a security researcher. The code has been updated to error without providing any information on the premaster contents. +Thank you to Juraj Somorovsky, author of TLS-Attacker

          + +
          +

          Note that other side channel attacks may still be possible as MatrixSSL non-FIPS crypto is not always constant-time.

          +
          + +

          Access Violation on Malicious TLS Record

          +

          TLS cipher suites with CBC mode in TLS 1.1 and 1.2 could have an access violation (read beyond memory) with a maliciously crafted message. Thank you to Juraj Somorovsky, author of TLS-Attacker

          -

          3 KNOWN ISSUES

          + +

          3 KNOWN ISSUES

          +
          • Microsoft Windows targets do not support certificate date validation currently. Users requiring this feature can use Windows APIs to get and parse the current date, using the POSIX implementation as a reference.
            • -
          • Arm platforms linking with some versions of OpenSSL libcrypto library may have errors in AES-CBC cipher suites due to the library's inability to handle in-situ encryption within the same block.
            • +
          • Arm platforms linking with some versions of OpenSSL libcrypto library may have errors in AES-CBC cipher suites due to the library's inability to handle in-situ encryption within the same block.
          -

          Changes in 3.8.2

          + +

          Changes in 3.8.2

          +
          -

          Version 3.8.2 December 2015 (C) Copyright 2015 INSIDE Secure - All Rights Reserved

          +

          Version 3.8.2 +December 2015 +(C) Copyright 2015 Rambus Inc.- All Rights Reserved

          -
            -
          1. FILE/API REORGANIZATION
            2. -
          + +
            +
          1. FILE/API REORGANIZATION +
            • File Locations
            • Crypto API
              • -
            -
              -
            1. SECURITY IMPROVEMENTS
              2. -
            +
            2. +
          2. SECURITY IMPROVEMENTS +
            • Simplified Configuration
            • Deprecated Ciphers
              • @@ -434,10 +752,9 @@ See the Trusted CA Indication section in the MatrixSSL_API document for
            • Reordered cipher suite preferences
            • memset_s()
            • Handshake State Machine Improvements
              • -
            -
              -
            1. FEATURES AND IMPROVEMENTS
              2. -
            +
            3. +
          3. FEATURES AND IMPROVEMENTS +
            • DTLS Protocol Included
            • Optimized Diffie-Hellman performance
              • @@ -451,10 +768,9 @@ See the Trusted CA Indication section in the MatrixSSL_API document for
            • Per digest control of HMAC algorithms
            • Default high resolution timing
            • Assert and Error Optimizations
              • -
            -
              -
            1. BUG FIXES
              2. -
            +
            4. +
          4. BUG FIXES +
            • 64 bit little endian platforms
            • X.509 KeyUsage extension
              • @@ -466,83 +782,144 @@ See the Trusted CA Indication section in the MatrixSSL_API document for
            • AES-GCM with AESNI
            • Library configuration test
            • Windows psGetFileBuf
              • -
            -

            1 FILE/API REORGANIZATION

            -

            File Locations

            +
            5. +
          + +

          1 FILE/API REORGANIZATION

          + +

          File Locations

          +

          MatrixSSL 3.8.2 introduces directory changes to the distribution since 3.7.2

          -

          TLS/DTLS example apps moved from ./apps to ./apps/ssl and ./apps/dtls. Test keys and certificates moved from ./sampleCerts to ./testkeys. XCode and Visual Studio projects moved to ./xcode and ./visualstudio.

          + +

          TLS/DTLS example apps moved from ./apps to ./apps/ssl and ./apps/dtls. +Test keys and certificates moved from ./sampleCerts to ./testkeys. +XCode and Visual Studio projects moved to ./xcode and ./visualstudio.

          +

          Several file changes and renames are present as well:

          -

          TLS Decoding moved ./matrixssl/sslDecode.c from ./matrixssl/sslDecode.c, ./matrixssl/hsDecode.c and ./matrixssl/extDecode.c. Private key import/export from ./crypto/pubkey/pkcs.c. to ./crypto/keyformat/pkcs.c. Configuration consistency and sanity checks from ./matrixssl/matrixssllib.h to ./matrixssl/matrixsslCheck.h.

          -

          Crypto API

          + +

          TLS Decoding moved ./matrixssl/sslDecode.c from ./matrixssl/sslDecode.c, +./matrixssl/hsDecode.c and ./matrixssl/extDecode.c. +Private key import/export from ./crypto/pubkey/pkcs.c. to +./crypto/keyformat/pkcs.c. +Configuration consistency and sanity checks from ./matrixssl/matrixssllib.h +to ./matrixssl/matrixsslCheck.h.

          + +

          Crypto API

          +

          The API layers into the raw cryptographic operations have been significantly changed. The crypto API changes do not affect the main MatrixSSL API for creating TLS sessions, etc. However, developers who interface with crypto directly, or who want to write a custom hardware layer will be interested in the new layer.

          -

          API Model

          + +

          API Model

          +

          The cryptography API for symmetric crypto, digests and HMAC follow the common model:

          -
          -
          Init API
          -
          Initializes the cipher and returns an error on failure (typically due to bad input parameters or insufficient memory). -
          -
          Encrypt/Decrypt/Update API
          -
          Performs the operation and does not return an error code (previously some APIs would return the number of bytes decrypted). -
          -
          Clear API
          -
          Zero and/or free any associated memory associated with the cipher. -
          -
          -

          Standard Types

          + +

          Init API +: Initializes the cipher and returns an error on failure (typically due to bad input parameters or insufficient memory).

          + +

          Encrypt/Decrypt/Update API +: Performs the operation and does not return an error code (previously some APIs would return the number of bytes decrypted).

          + +

          Clear API +: Zero and/or free any associated memory associated with the cipher.

          + +

          Standard Types

          +

          Standard C99 types from <stdint.h> are used to specify integer parameters.

          -
          -
          uint8_t
          -
          The length of an IV, password or an AES-GCM tag -
          -
          uint16_t
          -
          The length of an asymmetric key (RSA/DH/ECC), a HMAC key or Additional Authenticated Data (AAD) for an AEAD cipher such as AES-GCM. -
          -
          uint32_t
          -
          The length of data to be processed by the cipher -
          -
          + +

          uint8_t +: The length of an IV, password or an AES-GCM tag

          + +

          uint16_t +: The length of an asymmetric key (RSA/DH/ECC), a HMAC key or Additional Authenticated Data (AAD) for an AEAD cipher such as AES-GCM.

          + +

          uint32_t +: The length of data to be processed by the cipher

          +

          uint64_t: Internally used by crypto library to store large counter values and when optimizing for 64 bit platforms.

          -

          Const Correctness

          + +

          Const Correctness

          +

          Pointers to values that are not modified are marked const.

          -

          API Name changes

          + +

          API Name changes

          +

          API names have been standardized as follows:

          -

          Initialization of low level AES block cipher from psAesInitKey to psAesInitBlockKey. AES CBC from psAesInit, psAesDecrypt and psAesEncrypt to psAesInitCBC, psAesDecryptCBC and psAesEncryptCBC. SHA2 HMAC from psHmacSha2 to psHmacSha256 and psHmacSha384. ECC signature creation from psEccSignHash to psEccDsaSign. ECC signature validation from psEcDsaValidateSignature to psEccDsaVerify.

          -

          Standardized Context Names

          + +

          Initialization of low level AES block cipher from psAesInitKey to psAesInitBlockKey. +AES CBC from psAesInit, psAesDecrypt and psAesEncrypt to psAesInitCBC, psAesDecryptCBC and psAesEncryptCBC. +SHA2 HMAC from psHmacSha2 to psHmacSha256 and psHmacSha384. +ECC signature creation from psEccSignHash to psEccDsaSign. +ECC signature validation from psEcDsaValidateSignature to psEccDsaVerify.

          + +

          Standardized Context Names

          +

          Cryptographic functions that used to accept generic “context” identifiers now require the specific key/algorithm structure, for example:

          -

          HMAC family from psHmacContext_t to psHmacSha1_t, psHmacSha256_t, ... Digest family from psDigestContext_t to psSha1_t, psSha256_t, etc... Symmetric family from psCipherContext_t to psAesCbc_t, psAesGcm_t, psDes3Key_t RSA private key parse (pkcs1) from psPubKey_t to psRsaKey_t. ECC private key parse from psPubKey_t to psEccKey_t.

          -

          Standardized Return Types

          -

          In general, Init apis return a standard PS_* status code. A status code that is not PS_SUCCESS typically indicates invalid input parameters or a resource allocation failure. Update and Clear APIs no longer have a return. For example:

          -

          HMAC Init from void to int32_t. HMAC Final from int32_t to void. Digest Init from void to int32_t. Digest Final from int32_t to void.

          -

          Memory Model

          + +

          HMAC family from psHmacContextt to psHmacSha1t, psHmacSha256t, ... +Digest family from psDigestContextt to psSha1t, psSha256t, etc... +Symmetric family from psCipherContextt to psAesCbct, psAesGcmt, psDes3Keyt +RSA private key parse (pkcs1) from psPubKeyt to psRsaKeyt. +ECC private key parse from psPubKeyt to psEccKeyt.

          + +

          Standardized Return Types

          + +

          In general, Init apis return a standard PS_* status code. A status code that is not PS_SUCCESS typically indicates invalid input parameters or a resource allocation failure. Update and Clear APIs no longer have a return. For example:

          + +

          HMAC Init from void to int32t. +HMAC Final from int32t to void. +Digest Init from void to int32t. +Digest Final from int32t to void.

          + +

          Memory Model

          +

          In general, APIs now take an allocated cipher structure, and do not allocate the structure in the Init routine. In the past, the memory allocation model was inconsistent.

          +

          For ECC and DH, there are now additional APIs that allow the key to be allocated and initialized, to complement the APIs which just initialize the keys.

          +

          The Clear API must always be called when done with a context, as some algorithms internally allocate additional memory for operation.

          -

          2 SECURITY IMPROVEMENTS

          -

          Simplified Configuration

          + +

          2 SECURITY IMPROVEMENTS

          + +

          Simplified Configuration

          +

          The configuration of ciphers and cipher suites in crypto/cryptoConfig.h and matrixssl/matrixsslConfig.h has been simplified considerably. Existing and new users of MatrixSSL should take a look at these files to understand the various options and features supported.

          -

          Deprecated Ciphers

          + +

          Deprecated Ciphers

          +
          • ARC4, SEED, IDEA, RC2, MD4 and MD2 are deprecated, and not enabled by default in cryptoConfig.h
          • MD5 and SHA1 are not recommended for use, but enabled by default because they are required for TLS protocols before version 1.2. Although they are enabled in cryptoConfig.h, their use within the TLS protocol is limited to where required, and they can be independently disabled from use as a certificate signature algorithm and an HMAC algorithm. The new crypto primitive psMd5Sha1_t is intended to replace standalone MD5 or SHA1 use outside of where required in TLS.
          • 3DES is not deprecated, but be aware of key strength limitations vs. AES-128 and AES-256.
          -

          Deprecated TLS Features

          + +

          Deprecated TLS Features

          +
          • TLS cipher suites that rely on deprecated crypto algorithms have also been deprecated in matrixsslConfig.h
          • TLS Compression support is now deprecated and the option removed from the configuration.
          • False Start support is now deprecated and the option removed from the configuration.
          -

          Key Strength

          + +

          Key Strength

          +

          Key strength defines have not changed since previous releases, however it should be noted that the default minimum RSA/DH sizes of 1024 and ECC sizes of 192 do not meet a growing number of security standards and larger keys should be beginning to be deployed.

          -

          Ephemeral Cipher Suites Enabled by Default

          + +

          Ephemeral Cipher Suites Enabled by Default

          +

          ECDHE and DHE cipher suites are now enabled by default. Be aware that for embedded platforms, this may require significant additional CPU load.

          -

          ECC Curve List

          + +

          ECC Curve List

          +

          The supported ECC Curve list is now always given in bit-strength order. This ensures that when negotiating EC Parameters, the strongest available will be used.

          -

          Reordered cipher suite preferences

          + +

          Reordered cipher suite preferences

          +

          Clients send a priority list order of cipher suites during TLS negotiations, and servers use a priority list of ciphers to pick a common cipher for the connection.

          +

          MatrixSSL orders this list using the following rules, resulting in some change to the cipher suite preference order in cipherSuite.c. In order to make as secure a connection as possible, the parameters of Authentication, Data Integrity and Data Security were taken in that order to generate a new cipher preference list. In places where these parameters are of equivalent strength, the faster algorithm is preferred (although the “faster” algorithm often depends on the platform). Currently DHE is prioritized over ECDHE due only to performance. In future releases, ECDHE may be the preferred key exchange mode.

          +

          The ordering of the ciphers is grouped and sub-grouped by the following:

          -
            + +
            1. Non-deprecated
            2. Ephemeral
            3. Authentication Method (PKI > PSK > anon)
              4. @@ -552,66 +929,128 @@ See the Trusted CA Indication section in the MatrixSSL_API document for
            4. Cipher Mode (GCM > CBC)
            5. PKI Authentication Method (ECDSA > RSA > PSK)
            -

            memset_s()

            + +

            memset_s()

            +

            Use the memset_s() api to zero memory regardless of compiler optimization which might skip zeroing for memory that is not subsequently used. For platforms without a built in implementation, memset_s() is automatically built in core/memset_s.c

            -

            Handshake State Machine Improvements

            -

            Simplified code paths

            + +

            Handshake State Machine Improvements

            + +

            Simplified code paths

            +

            The handshake decode state machine was split among additional files and functions. Switch statements replace other logic to more clearly show each case and its result. The state machine is still quite complex due to the large number of modes and states that are supported in MatrixSSL. Always consult support when making changes to the state machine.

            -

            Multiple state tracking

            + +

            Multiple state tracking

            +

            Connection state tracking has always been implemented as "expected next state", with no security issues. However for a double check, MatrixSSL now implements independent tracking of the last state encoded and decoded, as well as the expected next state.

            -

            More strict extension processing

            + +

            More strict extension processing

            +

            The extension parsing is more strict in what can be accepted and when.

            -

            3 FEATURES AND IMPROVEMENTS

            -

            DTLS Protocol Included

            + +

            3 FEATURES AND IMPROVEMENTS

            + +

            DTLS Protocol Included

            +

            Beginning in the 3.8.2 version of MatrixSSL, the DTLS 1.0 and DTLS 1.2 protocols are included in MatrixSSL open source package.

            +

            Enable USE_DTLS in ./matrixssl/matrixsslConfig.h to include it in library. Additional documentation, app examples, and test code is included to aid in development.

            -

            Optimized Diffie-Hellman performance

            + +

            Optimized Diffie-Hellman performance

            +

            Use smaller generated key sizes for a given DH prime field size per NIST SP 800-57 Part 1. This provides up to a 9x performance gain for DH operations, greatly increasing the speed of ephemeral ciphers using DH.

            -

            Optimized EC signature generation performance

            + +

            Optimized EC signature generation performance

            +

            Improved performance for finding valid ECC key pairs, especially on larger key sizes.

            -

            OpenSSL Crypto Primitive Provider

            + +

            OpenSSL Crypto Primitive Provider

            +

            Allows MatrixSSL to be linked against OpenSSL libcrypto as a crypto primitive provider. This allows platforms that use OpenSSL as their crypto API (such as Cavium Octeon) provide hardware acceleration to MatrixSSL applications.

            -

            OpenSSL TLS API layer

            -

            Users wishing to replace OpenSSL with MatrixSSL often desire a layer that will ease the integration. MatrixSSL 3.8.2 includes an OpenSSL_API layer that was previously provided upon request. This layer is found in the ./matrixssl_ directory in the _opensslApi.c_and opensslSocket.c files. The opensslApi.h and opensslSocket.h headers define the interface.

            -

            Reduced TLS session footprint

            + +

            OpenSSL TLS API layer

            + +

            Users wishing to replace OpenSSL with MatrixSSL often desire a layer that will ease the integration. MatrixSSL 3.8.2 includes an OpenSSLAPI layer that was previously provided upon request. This layer is found in the ./matrixssl directory in the opensslApi.cand opensslSocket.c files. The opensslApi.h and opensslSocket.h headers define the interface.

            + +

            Reduced TLS session footprint

            +

            The size of each TLS session was reduced by 512 bytes for AES cipher suites, and additionally by ~100 bytes for all cipher suites.

            -

            X.509 Improvements

            + +

            X.509 Improvements

            +

            OID parsing has been improved and provides better feedback on error. SHA-512 signed certificates are now supported.

            -

            PKCS#12 Key Parsing

            + +

            PKCS#12 Key Parsing

            +

            Support for longer passwords and additional private key bag.

            -

            Improved certificate callback example

            + +

            Improved certificate callback example

            +

            The ./apps/ssl/client.c application now has a more robust processing example to help integrators understand the relationship between the incoming alert value and the individual authStatus members of the server’s certificate chain.

            -

            Per digest control of HMAC algorithms

            + +

            Per digest control of HMAC algorithms

            +

            Each HMAC algorithm can now be specifically enabled/disabled with USE_HMAC_(digest) defines in cryptoConfig.h

            -

            Default high resolution timing

            + +

            Default high resolution timing

            +

            POSIX platforms will have high-resolution timers active by default

            -

            Assert and Error Optimizations

            + +

            Assert and Error Optimizations

            +

            USE_CORE_ASSERT and USE_CORE_ERROR can now be disabled in coreConfig.h. This can reduce code size by removing the static strings used in errors and asserts. Recommended for final deployment only.

            -

            4 BUG FIXES

            -

            64 bit little endian platforms

            -

            The STORE32L macro in cryptolib.h has been fixed for little endian 64 platforms. The STORE32H macro in cryptolib.h has been fixed for big endian 64 platforms not using assembly language optimizations. Platforms such as MIPS64 are now automatically detected by the build system.

            -

            X.509 KeyUsage extension

            + +

            4 BUG FIXES

            + +

            64 bit little endian platforms

            + +

            The STORE32L macro in cryptolib.h has been fixed for little endian 64 platforms. The STORE32H macro in cryptolib.h has been fixed for big endian 64 platforms not using assembly language optimizations. +Platforms such as MIPS64 are now automatically detected by the build system.

            + +

            X.509 KeyUsage extension

            +

            Fixed the parse to allow for BIT_STRING lengths longer than should be expected.

            -

            X.509 date validation fix

            + +

            X.509 date validation fix

            +

            A bug has been fixed in the validateDateRange() function in x509.c. In previous versions, the time format (ASN_UTCTIME, etc..) of the notAfter date was being set based on the notBefore field. This bug would have caused problems for certificates that used different time formats for the notBefore and notAfter fields.

            -

            Fixed handshake parse issue

            + +

            Fixed handshake parse issue

            +

            A bug was found on the server side while parsing a specific case of handshake messages from a client. If the cipher suite used a key exchange mechanism of ECDHE or ECHE, and the handshake was using client authentication, and the client was sending the CLIENT_KEY_EXCHANGE message and CERTIFICATE_VERIFY message in a single record, the MatrixSSL server was unable to parse that flight and would close the connection. This is now fixed.

            -

            TLS server sending old self-signed certificate

            -

            A bug has been fixed so that if a server sends a self-signed certificate that does not contain the AuthorityKeyIdentifier extension, the authentication logic will detect that and not report an error to the certificate callback. > Servers shouldn’t send self-signed certificates in the CERTIFICATE message. Client must still always have the same self-signed cert loaded in order to authenticate.

            -

            Fixed ECC variable encoding bugs

            -

            For Client Auth rehandshakes, the variable signature sizes of ECDSA resulted in an issue when clients were creating the encrypted CERTIFICATE_VERIFY message. secp224r1 curves also had an additional bug that could cause an invalid signature in some cases due to the variable encoding rules.

            -

            DHE_PSK compatibility

            + +

            TLS server sending old self-signed certificate

            + +

            A bug has been fixed so that if a server sends a self-signed certificate that does not contain the AuthorityKeyIdentifier extension, the authentication logic will detect that and not report an error to the certificate callback.

            + +
            +

            Servers shouldn’t send self-signed certificates in the CERTIFICATE message. Client must still always have the same self-signed cert loaded in order to authenticate.

            +
            + +

            Fixed ECC variable encoding bugs

            + +

            For Client Auth rehandshakes, the variable signature sizes of ECDSA resulted in an issue when clients were creating the encrypted CERTIFICATE_VERIFY message. +secp224r1 curves also had an additional bug that could cause an invalid signature in some cases due to the variable encoding rules.

            + +

            DHE_PSK compatibility

            +

            Fixed issue with DHE_PSK ciphers when a PSK_ID was not used. Previously a handshake alert would occur.

            -

            AES-GCM with AESNI

            + +

            AES-GCM with AESNI

            +

            Fixed an issue causing an invalid encoding of large data buffers with aes-gcm on Intel platforms with AESNI.

            -

            Library configuration test

            + +

            Library configuration test

            +

            The mechanism to test that MatrixSSL applications have been compiled using the same configuration as the MatrixSSL static libraries has been fixed.

            -

            Windows psGetFileBuf

            + +

            Windows psGetFileBuf

            +

            Parameters to CreateFileA() are now correct for opening existing files.

            -

            5 KNOWN ISSUES

            + +

            5 KNOWN ISSUES

            +
            • Microsoft Windows targets do not support certificate date validation currently. Users requiring this feature can use Windows APIs to get and parse the current date, using the POSIX implementation as a reference.
              • -
            • Arm platforms linking with some versions of OpenSSL libcrypto library may have errors in AES-CBC cipher suites due to the library's inability to handle in-situ encryption within the same block.
              • +
            • Arm platforms linking with some versions of OpenSSL libcrypto library may have errors in AES-CBC cipher suites due to the library's inability to handle in-situ encryption within the same block.
            - - diff --git a/doc/CHANGES_up_to_v3.9.0.md b/doc/CHANGES_up_to_v3.9.0.md index a58985f..ae4bf54 100644 --- a/doc/CHANGES_up_to_v3.9.0.md +++ b/doc/CHANGES_up_to_v3.9.0.md @@ -6,7 +6,7 @@ Changes in 3.9.0 > **Version 3.9.0** > March 2017 -> (C) Copyright 2017 INSIDE Secure - All Rights Reserved +> (C) Copyright 2017 Rambus Inc.- All Rights Reserved 1. BUG FIXES SINCE 3.8.7b - Fixed server-side handling of client authentication with Server Name Indication @@ -133,7 +133,7 @@ Changes in 3.8.7b > **Version 3.8.7b** > January 2017 -> (C) Copyright 2017 INSIDE Secure - All Rights Reserved +> (C) Copyright 2017 Rambus Inc.- All Rights Reserved @@ -154,7 +154,7 @@ Changes in 3.8.7 > **Version 3.8.7** > November 2016 -> (C) Copyright 2016 INSIDE Secure - All Rights Reserved +> (C) Copyright 2016 Rambus Inc.- All Rights Reserved @@ -327,7 +327,7 @@ Changes in 3.8.6 > **Version 3.8.6** > October 2016 -> (C) Copyright 2016 INSIDE Secure - All Rights Reserved +> (C) Copyright 2016 Rambus Inc.- All Rights Reserved 1. BUG FIXES - Critical parsing bug for X.509 certificates @@ -424,7 +424,7 @@ Changes in 3.8.4 > **Version 3.8.4** > July 2016 -> (C) Copyright 2016 INSIDE Secure - All Rights Reserved +> (C) Copyright 2016 Rambus Inc.- All Rights Reserved 1. FEATURES AND IMPROVEMENTS - Coverity coverage @@ -486,7 +486,7 @@ Changes in 3.8.3 > **Version 3.8.3** > April 2016 -> (C) Copyright 2016 INSIDE Secure - All Rights Reserved +> (C) Copyright 2016 Rambus Inc.- All Rights Reserved 1. FEATURES AND IMPROVEMENTS - Simplified Configuration Options @@ -631,7 +631,7 @@ Changes in 3.8.2 > **Version 3.8.2** > December 2015 -> (C) Copyright 2015 INSIDE Secure - All Rights Reserved +> (C) Copyright 2015 Rambus Inc.- All Rights Reserved 1. FILE/API REORGANIZATION - File Locations diff --git a/doc/CHANGES_up_to_v3.9.0.txt b/doc/CHANGES_up_to_v3.9.0.txt index de3d007..c80dc87 100644 --- a/doc/CHANGES_up_to_v3.9.0.txt +++ b/doc/CHANGES_up_to_v3.9.0.txt @@ -1,1391 +1,1226 @@ - - -MATRIXSSL RELEASE NOTES - - -Changes in 3.9.0 - - VERSION 3.9.0 March 2017 (C) Copyright 2017 INSIDE Secure - All Rights - Reserved - -1. BUG FIXES SINCE 3.8.7b - -- Fixed server-side handling of client authentication with Server Name - Indication -- Constant Time Modular Exponentiation - -2. NEW FEATURES SINCE 3.8.7b - -- RFC 5280 Compliant Certificate Matching -- Certificate Validation Configuration Options -- Client Authentication using an External Security Token -- X.509 Generation Improvements (Commercial Edition Only) -- Added psX509GetOnelineDN API -- Added matrixValidateCertsExt API -- Support for RSA-MD2 and RSA-MD5 Signatures in CSR and CRL Parsing -- ALLOW_CRL_ISSUERS_WITHOUT_KEYUSAGE Compatibility Option - -3. OTHER CHANGES SINCE 3.8.7b - -- Indent style changes - - - -1. BUG FIXES SINCE 3.8.7B - - -Fixed server-side handling of client authentication with Server Name Indication - -This bug caused client authentication to fail when MatrixSSL was used as -the server and the client was sending the Server Name Indication -extension. - - -Constant Time Modular Exponentiation - -It was reported by Andreas Zankl that Matrix Crypto implementation had a -side-channel information leak via instruction cache. In response to the -research, Matrix Crypto modular exponentiation was changed to use code -that does not leak information via instruction cache and uses -constant-time execution. The new code is slower. (Note: The SafeZone -CL/CLS cryptography used in MatrixSSL FIPS Edition has been using -constant time modular exponention before.) - - - -2. NEW FEATURES SINCE 3.8.7B - - -RFC 5280 Compliant Certificate Matching - -Matching certificate fields in MatrixSSL has been improved. MatrixSSL -now implements the requirement from RFC 5280 that Subject Alternative -Name is used for matching instead of subject Common Name if alternative -name is available. Subject Alternative Name contain more precise -information on the type of the field and thus avoids false positive -field matches. MatrixSSL now allows RFC 5280 compliant matching of email -addresses, where only domain name part is case insensitive. It is now -possible to specify the type of name to match with new session options. -See the Session Options section in the MatrixSSL APIs manual for -details. - -The issues in certificate matching were reported by a team of -researchers from Columbia University, consisting of Suphannee Sivakorn, -George Argyros, Kexin Pei, Suman Jana and Angelos D. Keromytis. - - -Certificate Validation Configuration Options - -New session options have been added for configuring MatrixSSL's internal -certificate validation process. These include options for specifying the -field in the server certificate against which the expected server name -should be matched, an option to limit the maximum certificate chain -validation depth and options for retaining the peer certificate after -processing. See the Session Options section in the MatrixSSL APIs manual -for details. - - -Client Authentication using an External Security Token - -MatrixSSL's external client authentication feature allows client-side -private key operation in TLS client authentication, i.e. the signing of -the handshake_messages hash in the CertificateVerify handshake message, -to be offloaded from MatrixSSL to an external module such as a security -or authentication token. See the MatrixSSL External Module Integration -manual for details. - - -X.509 Generation Improvements (Commercial Edition Only) - -Support has been added for encoding the netscape-comment certificate -extension. The psParseCertReqBufExt API has been added. This version of -psParseCertReqBufExt allows storing additional information from the -parsed CSR. Another additional API is psX509SetPublicKey, which can be -used to set the public key in a psCertConfig_t struct, before it is -passed to the CSR or certificate encoding routines. See the MatrixSSL -Certificates and Certificate Revocation Lists manual for details. - - -Added psX509GetOnelineDN API - -The new psX509GetOnelineDN API can be used to generate a one-line string -representation of a Distinguished Name. - - -Added matrixValidateCertsExt API - -The new matrixValidateCertsExt API has an additional options struct -argument for configuring some aspects of the certificate chain -validation process. The old matrixValidateCerts API is now deprecated. - - -Support for RSA-MD2 and RSA-MD5 Signatures in CSR and CRL Parsing - -Support for RSA-MD2 and RSA-MD5 signature verification has been added to -CSR parsing, and support for RSA-MD2 signature verification has been -added to CRL parsing. These insecure, legacy algorithms are disabled by -default, but they can be enabled by defining USE_MD2 or USE_MD5. - - -ALLOW_CRL_ISSUERS_WITHOUT_KEYUSAGE Compatibility Option - -The ALLOW_CRL_ISSUERS_WITHOUT_KEYUSAGE build-time option allows CRL -authentication to succeed even when signer CA's cert does not have the -keyUsage extension and thus no cRLSign bit. This option is for -compatibility with old CRL issuer certs. RFC 5280 requires CRL issuer -certs to have the keyUsage extension and the cRLSign bit. - - - -3. OTHER CHANGES SINCE 3.8.7B - - -Indent style changes - -Indent style has been changed and made more consistent accross source -and header files. - - -Changes in 3.8.7b - - VERSION 3.8.7B January 2017 (C) Copyright 2017 INSIDE Secure - All - Rights Reserved - -1. BUG FIXES SINCE 3.8.7 - -- Fixed compile error if SHA224 was enabled. -- Fixed compile warning around HTTP2 alpn detection. -- Fixed issue where a cipher suite could be negotiated that did not - match the authentication type for the keys. - - - -1. BUG FIXES SINCE 3.8.7 - - -Fixed issue where a cipher suite could be negotiated that did not match the authentication type for the keys. - -This manifested in the default apps/ssl/server.c example when Chrome was -connected. It negotiated an ECDSA based cipher even though keys loaded -by default were RSA keys. - - -Changes in 3.8.7 - - VERSION 3.8.7 November 2016 (C) Copyright 2016 INSIDE Secure - All - Rights Reserved - -1. BUG FIXES SINCE 3.8.6 - -- Fixed Wrong Computation Results Bug In pstm.c Division -- Fixed Memory Corruption In psDhImportPubKey -- Fixed RSA Public Key Read Overflow -- X.509/CRL/OCSP Timestamp Validation -- Unix Year 2038 Problem Fix -- Stricter OID Comparison -- Multibyte String Handling -- Configuration Robustness Improvements -- X.509 Certificate Parsing Read Overflow -- PKCS #8 Buffer Read Overflow -- OCSP Bug Fixes -- Generic Bug Fixes For Test Programs -- Changes to Recommended Configurations -- psMutex Locking and Unlocking APIs Compiler Warnings Removed -- MD5 and SHA-1 Combined Digest Function -- Coverity Issues Fixed -- Yarrow Build Issues Fixed - -2. NEW FEATURES SINCE 3.8.6 - -- SHA-512 for X.509 Certificates Improvements -- OCSP Improvements -- X.509 Certificate Domain Components -- New Configuration: Minimal PSK - - - -1. BUG FIXES SINCE 3.8.6 - - -Fixed Wrong Computation Results Bug In pstm.c Division - -The bug could cause some big number mathematics to return wrong values -when divisor and dividend are very far from each other. This issue is -related to public key computation problems reported by Security -Researcher Hanno Böck. - - -Fixed Memory Corruption In psDhImportPubKey - -Importing Diffie-Hellman public key cleared some memory beyond end of -the key. On some systems this bug may have caused memory corruption. - - -Fixed RSA Public Key Read Overflow - -When importing RSA key from certificate, maliciously crafted RSA public -key could cause read buffer overflow and crash. - - -X.509/CRL/OCSP Timestamp Validation - -MatrixSSL accepted some X.509 certificates with illegal timestamps, such -as leap day in an ordinary year. In additional, some two digit years -were parsed incorrectly. Timestamp parsing has been altered everywhere -to use new psBrokenDownDate API, which correctly handles these corner -cases. Some of X.509 time parsing issues were reported by Sze Yiu Chau. - - -Unix Year 2038 Problem Fix - -On 32-bit Unix devices, time_t type, which is signed will overflow in -2038. A workaround was added that will allow timestamps and dates to be -processed correctly by MatrixSSL on and after Tuesday 19 January 2038. - - -Stricter OID Comparison - -The OID comparison in MatrixSSL uses a simple non-cryptographic digest -function, based on sum of bytes, which is not collision free. Comparison -of OID binary representation was added to ensure unknown OIDs are not -accidentally interpreted the same than some of existing OIDs. This issue -was reported by Sze Yiu Chau. - - -Multibyte String Handling - -The MatrixSSL now includes function to recode strings containing -multibyte (BMPString) characters as UTF-8 strings. This handling is -applied to X.509 certificate fields, such as Subject Name. This allows -code using MatrixSSL to work with BMPString input without actually -knowing the encoding used. - - -Configuration Robustness Improvements - -MatrixSSL has been made more robust with configurations: changing -configuration options is less likely to cause problems building the -software. - -These improvements allow smaller configurations for embedded systems. -(E.g. build without DTLS, or build only server-side or client-side -support.) - - -X.509 Certificate Parsing Read Overflow - -Fixed read overflow from X.509 certificate date handling and removed -possible buffer read overflow in parseGeneralNames(). Without these -fixes maliciously crafted X.509 certificate could cause software crash. - - -PKCS #8 Buffer Read Overflow - -Fixed reading overly large invalid PKCS #8 encoded private key. Without -this fix, maliciously crafted PKCS #8 file could cause software crash. - - -OCSP Bug Fixes - -In lieu of OCSP improvements, small bugs in OCSP implementation have -been fixed. The most notable bug was a memory leak. - - -Generic Bug Fixes For Test Programs - -Removed some warnings and memory leaks from test programs. Made test -programs confirm to Unix/POSIX return value scheme on relevant -platforms. - - -Changes to Recommended Configurations - -The recommended configurations have been edited slightly. Most notably, -the tracing is disabled by default on non-debug configurations. - - -psMutex Locking and Unlocking APIs Compiler Warnings Removed - -Removed return value from psLockMutex() and psUnlockMutex() APIs. This -removes several warnings regarding return values not being used. - - -MD5 and SHA-1 Combined Digest Function - -The MatrixSSL will now invoke combined MD5 and SHA-1 hash function -psMd5Sha1, whenever possible instead of separate MD5 and SHA-1 hash -functions. - - -Coverity Issues Fixed - -Implementation of getTicketKeys and parseSSLHandshake functions was -changed to remove issues detected by Coverity. - - -Yarrow Build Issues Fixed - -MatrixSSL comes with a version of Yarrow PRNG. Its use has been -deprecated, but the PRNG continued to be shipped with MatrixSSL. -Unfortunately, the latest versions of MatrixSSL had compilation errors -in yarrow.c. Those errors have been fixed, and the source code file has -been marked deprecated. - - - -2. NEW FEATURES SINCE 3.8.6 - - -SHA-512 for X.509 Certificates Improvements - -MatrixSSL can use SHA-512 to sign self-signed certificate or certificate -request. SHA-512 was already previously supported for verification of -X.509 certificates. (This feature can be used only on MatrixSSL -Commercial Edition.) - - -OCSP Improvements - -OCSP example application apps/crypto/ocsp.c (Commercial Edition Only) -and MatrixSSL Developer Guide have been improved to give more -documentation regarding OCSP request. OCSP request can now use -requestorId feature and request status of list of certificates. - - -X.509 Certificate Domain Components - -Added Functions for obtaining contents of X.509 certificate Domain -Component field(s). - - -New Configuration: Minimal PSK - -New configuration psk added. This configuration provides small footprint -MatrixSSL build with only Pre-Shared Key and TLS 1.2 functionality using -Matrix Crypto. - - -Changes in 3.8.6 - - VERSION 3.8.6 October 2016 (C) Copyright 2016 INSIDE Secure - All - Rights Reserved - -1. BUG FIXES - -- Critical parsing bug for X.509 certificates -- Critical TLS handshake parsing bugs -- 4096 bit RSA key generation regression -- General cleanup of build -- MatrixSSH compatibility issue - -2. FEATURES AND IMPROVEMENTS - -- New configuration system for build options -- core/ changes -- X.509 parsing and generation -- crypto/ changes -- Removed OpenSSL API Emulation - - - -1 BUG FIXES - - -Critical parsing bug for X.509 certificates - -Security Researcher Craig Young reported two issues related to X.509 -certificate parsing. An error in parsing a maliciously formatted Subject -Alt Name field in a certificate could cause a crash due to a write -beyond buffer and subsequent free of an unallocated block of memory. An -error in parsing a maliciously formatted ASN.1 Bit Field primitive could -cause a crash due to a memory read beyond allocated memory. - - -Critical TLS handshake parsing bugs - -Security Researcher Andreas Walz reported three issues related to -processing the ClientHello message. - -- The length of the TLS record was not being strictly checked against - the length of the extensions field, so that additional unparsed data - could be added between the end of extensions and the end of - the record. This presents some level of uncertainty in how - extensions may be interpreted and could present a security issue. -- ClientHello parsing was not verifying that a NULL compression suite - was sent by the client, as required by the RFC. This did not present - a security issue (NULL compression was always forced), but improves - strict adherence to the specification. -- For TLS connections (not DTLS), the major version proposed in the - ClientHello suggested by RFC 5246 to only allow the byte value 0x03. - Now the connection is terminated if a value other than this - is suggested. Previously the suggested major version field was - simply echoed back in the ServerHello message, and treated as 0x03. - - -4096 bit RSA key generation regression - -In some cases RSA key generation of 4096 bit keys would fail and return -with an error code. This regression issue has been fixed and key -generation will once again succeed. - - -General cleanup of build - -Warnings across multiple platforms and compilers were fixed. Various -compile time configuration combination build issues were fixed. - - -MatrixSSH compatibility issue - -Newer versions of MatrixSSH server were incompatible with the PuTTY -client. A fix has been included and enabled by default -USE_PUTTY_WORKAROUND. _Note this does not affect the standard MatrixSSL -codebase_. - - - -2 FEATURES AND IMPROVEMENTS - - -New configuration system for build options - -A new top level directory configs/ now holds several sets of -configuration files for MatrixSSL to simplify configuration sets. This -method also allows custom sets to be developed specific to a given use -case (for example a RSA only build). The following three configuration -files now are copied at build time from the configs directory: - - core/coreConfig.h - crypto/cryptoConfig.h - matrixssl/matrixsslConfig.h - - THE DEFAULT CONFIGURATION SETTINGS FOR MATRIXSSL MAY HAVE CHANGED FROM - YOUR CURRENT SETTINGS. PLEASE CONFIRM ALL SETTINGS IN THESE THREE - FILES AFTER UPDATING. - -From a fresh package, the build process is the same as before: simply -type make. It will build the software using the default configuration -options. - -To use a different configuration, for example configs/noecc: - - $ make clean && make all-noecc - -Once a configuration is set, make and make clean will continue to use -the same configuration unless a new one is selected as above. - - -core/ changes - -- Added warning helper macros -- Additional PS_ return codes -- Buffer helper APIs in psbuf.h -- Foundation for PS_NETWORKING support for sockets level API -- psMutex_t API return code change, now returns void and will call - abort() on POSIX platforms. -- test/ new self-test directory -- Change in default Linux compile options in common.mk - - -X.509 parsing and generation - -Added additional field parsing support for X.509, including multiple OU -support. Commercial release adds additional certificate creation -support, as well as an API set and test suite for programmatically -creating certificates. See _MatrixKeyAndCertGeneration.pdf_ for full -description. - - -crypto/ changes - -- Added *PreInit() APIs for hash functions for compatibility with FIPS - library and hardware token requirements -- Added psX509GetCertPublicKeyDer() API -- Support dsa_sig OID for certificates` -- Support for ASN_VISIBLE_STRING -- Moved CRL functionality into keyformat/crl.c -- Support for parsing an implicitly encoded ECC key without a DER - header, as sometimes encountered in the wild. -- Added PKCS#8 import -- ALLOW_VERSION_1_ROOT_CERT_PARSE configuration option for loading - legacy v1 certificates as trusted roots only (default not enabled). - Loading as intermediate or leaf certificates is insecure and still - not allowed. - - -Removed OpenSSL API Emulation - -- opensslApi.c and opensslSocket.c files removed temporarily in - anticipation of moving to a more fully supported OpenSSL layer. - - -Changes in 3.8.5 - - VERSION 3.8.5 September 2016 _Note: 3.8.5 was a limited customer - release only._ - - -Changes in 3.8.4 - - VERSION 3.8.4 July 2016 (C) Copyright 2016 INSIDE Secure - All Rights - Reserved - -1. FEATURES AND IMPROVEMENTS - -- Coverity coverage -- HTTP/2 restrictions via ALPN -- Enhanced example apps -- Process shared Session Cache -- Enhanced CRL and OCSP support -- Windows support for certificate date validation - -2. BUG FIXES - -- Critical parsing bug for RSA encrypted blobs -- Additional restrictions on bignum operations -- Fixed error in disabled cipher flags -- Fixed error in DTLS encoding -- SSLv3 only support fixed -- Assembly compatibility with more compilers - - - -1 FEATURES AND IMPROVEMENTS - - -Coverity coverage - -MatrixSSL now has zero outstanding defects in Coverity Static Analysis. - - -HTTP/2 restrictions via ALPN - -MatrixSSL server code will automatically evaluate the ALPN extension and -appropriately restrict the cipher suites and key exchange methods if the -HTTP/2 protocol is being used. Per the HTTP/2 spec, only AEAD cipher -suites and Ephemeral key exchange methods are allowed. - - -Enhanced example apps - -Example applications now take additional command line options and also -support CRL request and response generation. - - -Process shared Session Cache - -Minimal support for a process-shared server session resumption cache is -now supported via process-shared mutexes on Linux. - - -Enhanced CRL and OCSP support - -A new file _crypto/keyformat/crl.c_ defines additional apis for more -complex CRL (Certificate Revocation List) and OCSP support. - - -Windows support for certificate date validation - -Previously only Posix based platforms were supported. - - - -2 BUG FIXES - - -Critical parsing bug for RSA encrypted blobs - -Security Researcher Hanno Böck reported several issues related to RSA -and bignum operations. An error in parsing a maliciously formatted -public key block could produce a remotely triggered crash in SSL server -parsing. Additional restrictions on the values provided to RSA and DH -operations were also added, although an exploit has not been found. - - -Additional restrictions on bignum operations - -The MatrixSSL bignum library, located in _crypto/math/_ was optimized -and reduced in size to support only key sizes and operations used by -standard RSA, ECC and DH operations (those apis present in -_crypto/cryptoApi.h_). Additional constraint checking has been added to -the code to prevent unsupported key sizes and values. Users requiring -generic bignum operations should take a look at libtomcrypt, GMP, Python -or OpenSSL. - - -Fixed error in disabled cipher flags - -The optional disabling or enabling of specific ciphers at runtime per -session was recently broken (now fixed) due to an errant flags -calculation using < instead of <<. - - -Fixed error in DTLS encoding - -An error was returned if attempting to encode a DTLS message exactly the -PMTU size. - - -SSLv3 only support fixed - -SSLv3 mode is not recommended for deployment, but had become broken in a -recent build. It can now be enabled again. - - -Assembly compatibility with more compilers - -Fixed "invalid register constraints" error on some versions of GCC and -LLVM for ARM, MIPS and x86_64. - - -Changes in 3.8.3 - - VERSION 3.8.3 April 2016 (C) Copyright 2016 INSIDE Secure - All Rights - Reserved - -1. FEATURES AND IMPROVEMENTS - -- Simplified Configuration Options -- DTLS Combined Package -- CHACHA20_POLY1305 Cipher Suites -- Libsodium Crypto Provider -- Extended Master Secret -- Online Certificate Status Protocol -- TLS Fallback SCSV -- Trusted CA Indication Extension -- Removed gmt_unix_time from client and server random -- Removed support for SSLv2 CLIENT_HELLO messages -- Ephemeral ECC Key Caching - -2. BUG FIXES - -- Support for parsing large certificate blobs -- X.509 certificate parse fix for issuerUniqueID and subjectUniqueID -- Diffie-Hellman public key exchange bug -- SHA512 based Server Key Exchange signatures -- Allow independent hashSigAlg identifiers in Certificate Request - message -- Improvements to DTLS Cookie handling -- Fixed key type verification for chosen cipher suite -- Validation of RSA Signature Creation -- Side Channel Vulnerability on RSA Cipher Suites -- Access Violation on Malicious TLS Record - - - -1 FEATURES AND IMPROVEMENTS - - -Simplified Configuration Options - -The configuration files _coreConfig.h_, _cryptoConfig.h_ and -_matrixsslConfig.h_ have been simplified, and the default options have -been changed to improve security and code size. - -- Many of the insecure algorithms or deprecated options that can be - enabled in _cryptoConfig.h_ and _matrixsslConfig.h_ have been moved - into _cryptolib.h_ and _matrixssllib.h_, respectively. -- TLS 1.1 is now the default minimum TLS version compiled in. The new - USE_TLS_1_1_AND_ABOVE setting enables this. -- Rehandshaking on an existing connection is now disabled completely - by default with the USE_REHANDSHAKING configuration option. - - -DTLS Combined Package - -DTLS is now packaged with MatrixSSL, and can be enabled with the -USE_DTLS configuration option. TLS and DTLS connections can be made -simultaneously with the same application. - - -CHACHA20_POLY1305 Cipher Suites - -MatrixSSL now has support for ChaCha20-Poly1305 cipher suites compatible -with RFC draft -https://tools.ietf.org/html/draft-ietf-tls-chacha20-poly1305. The -supported cipher suites are defined for TLS 1.2 and can be enabled at -compile time. - -_cryptoConfig.h_ - USE_CHACHA20_POLY1305_IETF - -_matrixsslConfig.h_ - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 - -MatrixSSL must be linked with the libsodium library to provide -implementation of the crypto primitives. - - -Libsodium Crypto Provider - -MatrixSSL now includes a layer for crypto primitives to the _libsodium_ -crypto library, in addition to the _OpenSSL libcrypto_ and the native -(default) MatrixSSL crypto library. _libsodium_ provides crypto -primitives for ChaCha20 and Poly1305. In addition, enabling the layer -will use _libsodium_ primitives for SHA256/SHA384/SHA512 based hashes -and AES-256-GCM ciphers that provide high performance on _Intel_ -platforms. - - As of this release, the current version of libsodium is available - here: - https://download.libsodium.org/libsodium/releases/libsodium-1.0.8.tar.gz - To build libsodium, follow the instructions here: - https://download.libsodium.org/doc/installation/index.html - -To enable in the MatrixSSL make system, enable the following and -rebuild: - -_common.mk_ - PS_LIBSODIUM:=1 LIBSODIUM_ROOT:=_(path_to_libsodium_build)_ - - -Extended Master Secret - -The “extended master secret” as specified in RFC 7627 is an important -security feature for TLS implementations that use session resumption. -The extended master secret feature associates the internal TLS master -secret directly to the connection context to prevent man-in-the-middle -attacks during session resumption. One such attack is a synchronizing -triple handshake as described in Triple Handshakes and Cookie Cutters: -Breaking and Fixing Authentication over TLS. - -See the _Extended Master Secret_ section in the _MatrixSSL API_ document -for details. - - -Online Certificate Status Protocol - -The Online Certificate Status Protocol (OCSP) is an alternative to the -Certificate Revocation List (CRL) mechanism for performing certificate -revocation tests on server keys. TLS integrates with OCSP in a mechanism -known as “OCSP stapling”. This feature allows the client to request that -the server provide a time-stamped OCSP response when presenting the -X.509 certificate during the TLS handshake. The primary goal for this -scheme is to allow resource constrained clients to perform certificate -revocation tests without having to communicate with an OCSP Responder -themselves. - -See the _OCSP Revocation_ section in the _MatrixSSL API_ document for -details. - - -TLS Fallback SCSV - -The RFC for detecting version rollback attacks has been implemented per -RFC7507. See the _MatrixSSL Developer’s Guide_ for more information. - - -Trusted CA Indication Extension - -The Trusted CA Indication extension is specified in RFC 6066. This -feature allows TLS clients to send their list of certificate authorities -to servers in the CLIENT_HELLO message. -See the Trusted CA Indication section in the _MatrixSSL_API_ document -for details. - - -Removed gmt_unix_time from client and server random - -The TLS RFC specifies that the first 4 bytes of the CLIENT_HELLO and -SERVER_HELLO random values be the current platform time. Current best -practices recommend using random data for all 32 bytes. MatrixSSL now -uses all random data by default. - - -Removed support for SSLv2 CLIENT_HELLO messages - -SSLv2 CLIENT_HELLO parsing was previously supported to maintain -compatibility with very old TLS implementations. Although this does not -present a security risk at this time, the code has been removed, and -only modern TLS record header parsing is supported. - - -Ephemeral ECC Key Caching - -Previous versions of MatrixSSL generated new, unique ephemeral keys for -each connection using ECDHE_ cipher suites, as per NIST recommendations. -Beginning with this version, ephemeral keys are cached and re-used for -connections within a time frame of two hours and a maximum usage of 1000 -times. This improves performance of ECDHE suites, and is inline with the -configuration current web browsers. This feature can be configured in -_matrixsslConfig.h_. - - - -2 BUG FIXES - - -Support for parsing large certificate blobs - -Certificate collections larger than 64KB were not being parsed correctly -after a change to some data types (32 bit to 16 bit) in the parsing -code. This bug is now fixed and large collections of certificates are -now parsing correctly. - - -X.509 certificate parse fix for issuerUniqueID and subjectUniqueID - -Previous MatrixSSL versions could not parse these rarely encountered -members of X.509 certificates. - - -Diffie-Hellman public key exchange bug - -MatrixSSL clients would not successfully handshake with servers that -sent Diffie-Hellman public keys that were not the same byte length as -the DH group Prime parameter. Clients will now successfully handshake -with servers that provide shorter length public keys. - - -SHA512 based Server Key Exchange signatures - -SHA512 was not supported for SERVER_KEY_EXCHANGE messages in previous -versions. - - -Allow independent hashSigAlg identifiers in Certificate Request message - -Previous client versions of MatrixSSL would not allow servers to send -signature algorithm identifiers that were not already specified by the -client in the CLIENT_HELLO message. Now, the client will correctly allow -the server to send an independent list of supported algorithms and the -client will look for matches from that list. - - -Improvements to DTLS Cookie handling - -HMAC-SHA1 or HMAC-SHA256 are now used to generate the DTLS cookie, and -additional checking is done on the cookie for Denial-of-Service -prevention. - - -Fixed key type verification for chosen cipher suite - -An internal verification function that determined whether the server key -type was correct for the chosen cipher suite has now been fixed. -Previous versions would sometimes incorrectly determine the server was -using the wrong key type if the server was using a certificate chain -where parent certificates did not use the same key type. This bug -resulted in a failed handshake and is now fixed. - - -Validation of RSA Signature Creation - -An internal RSA validation of created signatures has been added to the -library in the psRsaEncryptPriv() function. - -Security researcher Florian Weimer has shown it is possible for RSA -private key information to leak under some special failure -circumstances. Information on the exploit can be found here: -https://people.redhat.com/~fweimer/rsa-crt-leaks.pdf - -The potential leak is only possible if a DHE_RSA based cipher suite is -supported on the server side. This is the only handshake combination in -which an RSA signature is sent over the wire (during the -SERVER_KEY_EXCHANGE message). The signature itself must have been -incorrectly generated for the exploit to be possible. - -The additional signature validation test will now cause the TLS -handshake to fail prior to a faulty signature being sent to the client. - - -Side Channel Vulnerability on RSA Cipher Suites - -A Bleichenbacher variant attack, where certain information is leaked -from the results of a RSA private key operation has been reported by a -security researcher. The code has been updated to error without -providing any information on the premaster contents. Thank you to Juraj -Somorovsky, author of TLS-Attacker > Note that other side channel -attacks may still be possible as MatrixSSL non-FIPS crypto is not always -constant-time. - - -Access Violation on Malicious TLS Record - -TLS cipher suites with CBC mode in TLS 1.1 and 1.2 could have an access -violation (read beyond memory) with a maliciously crafted message. Thank -you to Juraj Somorovsky, author of TLS-Attacker - - - -3 KNOWN ISSUES - - -- _Microsoft Windows_ targets do not support certificate date - validation currently. Users requiring this feature can use Windows - APIs to get and parse the current date, using the POSIX - implementation as a reference. -- _Arm_ platforms linking with some versions of _OpenSSL_ libcrypto - library may have errors in AES-CBC cipher suites due to the - library's inability to handle in-situ encryption within the - same block. - - -Changes in 3.8.2 - - VERSION 3.8.2 December 2015 (C) Copyright 2015 INSIDE Secure - All - Rights Reserved - -1. FILE/API REORGANIZATION - -- File Locations -- Crypto API - -2. SECURITY IMPROVEMENTS - -- Simplified Configuration -- Deprecated Ciphers -- Deprecated TLS Features -- Key Strength -- Ephemeral Cipher Suites Enabled by Default -- ECC Curve List -- Reordered cipher suite preferences -- memset_s() -- Handshake State Machine Improvements - -3. FEATURES AND IMPROVEMENTS - -- DTLS Protocol Included -- Optimized Diffie-Hellman performance -- Optimized EC signature generation performance -- OpenSSL Crypto Primitive Provider -- OpenSSL TLS API layer -- Reduced TLS session footprint -- X.509 Improvements -- PKCS#12 Key Parsing -- Improved certificate callback example -- Per digest control of HMAC algorithms -- Default high resolution timing -- Assert and Error Optimizations - -4. BUG FIXES - -- 64 bit little endian platforms -- X.509 KeyUsage extension -- X.509 date validation fix -- Fixed handshake parse issue -- TLS server sending old self-signed certificate -- Fixed ECC variable encoding bugs -- DHE_PSK compatibility -- AES-GCM with AESNI -- Library configuration test -- Windows psGetFileBuf - - - -1 FILE/API REORGANIZATION - - -File Locations - -MatrixSSL 3.8.2 introduces directory changes to the distribution since -3.7.2 - -TLS/DTLS example apps moved from ./apps to ./apps/ssl and ./apps/dtls. -Test keys and certificates moved from ./sampleCerts to ./testkeys. XCode -and Visual Studio projects moved to ./xcode and ./visualstudio. - -Several file changes and renames are present as well: - -TLS Decoding moved ./matrixssl/sslDecode.c from ./matrixssl/sslDecode.c, -./matrixssl/hsDecode.c and ./matrixssl/extDecode.c. Private key -import/export from ./crypto/pubkey/pkcs.c. to ./crypto/keyformat/pkcs.c. -Configuration consistency and sanity checks from -./matrixssl/matrixssllib.h to ./matrixssl/matrixsslCheck.h. - - -Crypto API - -The API layers into the raw cryptographic operations have been -significantly changed. The crypto API changes do not affect the main -MatrixSSL API for creating TLS sessions, etc. However, developers who -interface with crypto directly, or who want to write a custom hardware -layer will be interested in the new layer. - -API Model - -The cryptography API for symmetric crypto, digests and HMAC follow the -common model: - -INIT API - Initializes the cipher and returns an error on failure (typically - due to bad input parameters or insufficient memory). - -ENCRYPT/DECRYPT/UPDATE API - Performs the operation and does not return an error code (previously - some APIs would return the number of bytes decrypted). - -CLEAR API - Zero and/or free any associated memory associated with the cipher. - -Standard Types - -Standard C99 types from are used to specify integer -parameters. - -uint8_t - The length of an IV, password or an AES-GCM tag - -uint16_t - The length of an asymmetric key (RSA/DH/ECC), a HMAC key or - Additional Authenticated Data (AAD) for an AEAD cipher such - as AES-GCM. - -uint32_t - The length of data to be processed by the cipher - -uint64_t: Internally used by crypto library to store large counter -values and when optimizing for 64 bit platforms. - -Const Correctness - -Pointers to values that are not modified are marked const. - -API Name changes - -API names have been standardized as follows: - -Initialization of low level AES block cipher from psAesInitKey to -psAesInitBlockKey. AES CBC from psAesInit, psAesDecrypt and psAesEncrypt -to psAesInitCBC, psAesDecryptCBC and psAesEncryptCBC. SHA2 HMAC from -psHmacSha2 to psHmacSha256 and psHmacSha384. ECC signature creation from -psEccSignHash to psEccDsaSign. ECC signature validation from -psEcDsaValidateSignature to psEccDsaVerify. - -Standardized Context Names - -Cryptographic functions that used to accept generic “context” -identifiers now require the specific key/algorithm structure, for -example: - -HMAC family from psHmacContext_t to psHmacSha1_t, psHmacSha256_t, ... -Digest family from psDigestContext_t to psSha1_t, psSha256_t, etc... -Symmetric family from psCipherContext_t to psAesCbc_t, psAesGcm_t, -psDes3Key_t RSA private key parse (pkcs1) from psPubKey_t to psRsaKey_t. -ECC private key parse from psPubKey_t to psEccKey_t. - -Standardized Return Types - -In general, Init apis return a standard PS_* status code. A status code -that is not PS_SUCCESS typically indicates invalid input parameters or a -resource allocation failure. Update and Clear APIs no longer have a -return. For example: - -HMAC Init from void to int32_t. HMAC Final from int32_t to void. Digest -Init from void to int32_t. Digest Final from int32_t to void. - -Memory Model - -In general, APIs now take an allocated cipher structure, and do not -allocate the structure in the Init routine. In the past, the memory -allocation model was inconsistent. - -For ECC and DH, there are now additional APIs that allow the key to be -allocated and initialized, to complement the APIs which just initialize -the keys. - -The Clear API must always be called when done with a context, as some -algorithms internally allocate additional memory for operation. - - - -2 SECURITY IMPROVEMENTS - - -Simplified Configuration - -The configuration of ciphers and cipher suites in -_crypto/cryptoConfig.h_ and _matrixssl/matrixsslConfig.h_ has been -simplified considerably. Existing and new users of MatrixSSL should take -a look at these files to understand the various options and features -supported. - - -Deprecated Ciphers - -- ARC4, SEED, IDEA, RC2, MD4 and MD2 are deprecated, and not enabled - by default in _cryptoConfig.h_ -- MD5 and SHA1 are not recommended for use, but enabled by default - because they are required for TLS protocols before version 1.2. - Although they are enabled in _cryptoConfig.h,_ their use within the - TLS protocol is limited to where required, and they can be - independently disabled from use as a certificate signature algorithm - and an HMAC algorithm. The new crypto primitive psMd5Sha1_t is - intended to replace standalone MD5 or SHA1 use outside of where - required in TLS. -- 3DES is not deprecated, but be aware of key strength limitations vs. - AES-128 and AES-256. - - -Deprecated TLS Features - -- TLS cipher suites that rely on deprecated crypto algorithms have - also been deprecated in matrixsslConfig.h -- TLS Compression support is now deprecated and the option removed - from the configuration. -- False Start support is now deprecated and the option removed from - the configuration. - - -Key Strength - -Key strength defines have not changed since previous releases, however -it should be noted that the default minimum RSA/DH sizes of 1024 and ECC -sizes of 192 do not meet a growing number of security standards and -larger keys should be beginning to be deployed. - - -Ephemeral Cipher Suites Enabled by Default - -ECDHE and DHE cipher suites are now enabled by default. Be aware that -for embedded platforms, this may require significant additional CPU -load. - - -ECC Curve List - -The supported ECC Curve list is now always given in bit-strength order. -This ensures that when negotiating EC Parameters, the strongest -available will be used. - - -Reordered cipher suite preferences - -Clients send a priority list order of cipher suites during TLS -negotiations, and servers use a priority list of ciphers to pick a -common cipher for the connection. - -MatrixSSL orders this list using the following rules, resulting in some -change to the cipher suite preference order in _cipherSuite.c_. In order -to make as secure a connection as possible, the parameters of -Authentication, Data Integrity and Data Security were taken in that -order to generate a new cipher preference list. In places where these -parameters are of equivalent strength, the faster algorithm is preferred -(although the “faster” algorithm often depends on the platform). -_Currently DHE is prioritized over ECDHE due only to performance. In -future releases, ECDHE may be the preferred key exchange mode._ - -The ordering of the ciphers is grouped and sub-grouped by the following: - -1. Non-deprecated -2. Ephemeral -3. Authentication Method (PKI > PSK > anon) -4. Hash Strength (SHA384 > SHA256 > SHA > MD5) -5. Cipher Strength (AES256 > AES128 > 3DES > ARC4 > SEED > IDEA > NULL) -6. PKI Key Exchange (DHE* > ECDHE > ECDH > RSA > PSK) -7. Cipher Mode (GCM > CBC) -8. PKI Authentication Method (ECDSA > RSA > PSK) - - -memset_s() - -Use the memset_s() api to zero memory regardless of compiler -optimization which might skip zeroing for memory that is not -subsequently used. For platforms without a built in implementation, -memset_s() is automatically built in core/memset_s.c - - -Handshake State Machine Improvements - -Simplified code paths - -The handshake decode state machine was split among additional files and -functions. Switch statements replace other logic to more clearly show -each case and its result. The state machine is still quite complex due -to the large number of modes and states that are supported in MatrixSSL. -Always consult support when making changes to the state machine. - -Multiple state tracking - -Connection state tracking has always been implemented as "expected next -state", with no security issues. However for a double check, MatrixSSL -now implements independent tracking of the last state encoded and -decoded, as well as the expected next state. - -More strict extension processing - -The extension parsing is more strict in what can be accepted and when. - - - -3 FEATURES AND IMPROVEMENTS - - -DTLS Protocol Included - -Beginning in the 3.8.2 version of MatrixSSL, the DTLS 1.0 and DTLS 1.2 -protocols are included in MatrixSSL open source package. - -Enable USE_DTLS in _./matrixssl/matrixsslConfig.h_ to include it in -library. Additional documentation, app examples, and test code is -included to aid in development. - - -Optimized Diffie-Hellman performance - -Use smaller generated key sizes for a given DH prime field size per NIST -SP 800-57 Part 1. This provides up to a 9x performance gain for DH -operations, greatly increasing the speed of ephemeral ciphers using DH. - - -Optimized EC signature generation performance - -Improved performance for finding valid ECC key pairs, especially on -larger key sizes. - - -OpenSSL Crypto Primitive Provider - -Allows MatrixSSL to be linked against _OpenSSL_ libcrypto as a crypto -primitive provider. This allows platforms that use _OpenSSL_ as their -crypto API (such as _Cavium Octeon_) provide hardware acceleration to -MatrixSSL applications. - - -OpenSSL TLS API layer - -Users wishing to replace _OpenSSL_ with MatrixSSL often desire a layer -that will ease the integration. MatrixSSL 3.8.2 includes an _OpenSSL_API -layer that was previously provided upon request. This layer is found in -the _./matrixssl_ directory in the _opensslApi.c_and _opensslSocket.c_ -files. The _opensslApi.h_ and _opensslSocket.h_ headers define the -interface. - - -Reduced TLS session footprint - -The size of each TLS session was reduced by 512 bytes for AES cipher -suites, and additionally by ~100 bytes for all cipher suites. - - -X.509 Improvements - -OID parsing has been improved and provides better feedback on error. -SHA-512 signed certificates are now supported. - - -PKCS#12 Key Parsing - -Support for longer passwords and additional private key bag. - - -Improved certificate callback example - -The _./apps/ssl/client.c_ application now has a more robust processing -example to help integrators understand the relationship between the -incoming alert value and the individual authStatus members of the -server’s certificate chain. - - -Per digest control of HMAC algorithms - -Each HMAC algorithm can now be specifically enabled/disabled with -USE_HMAC_(digest) defines in _cryptoConfig.h_ - - -Default high resolution timing - -POSIX platforms will have high-resolution timers active by default - - -Assert and Error Optimizations - -USE_CORE_ASSERT and USE_CORE_ERROR can now be disabled in -_coreConfig.h_. This can reduce code size by removing the static strings -used in errors and asserts. Recommended for final deployment only. - - - -4 BUG FIXES - - -64 bit little endian platforms - -The STORE32L macro in _cryptolib.h_ has been fixed for little endian 64 -platforms. The STORE32H macro in _cryptolib.h_ has been fixed for big -endian 64 platforms not using assembly language optimizations. Platforms -such as _MIPS64_ are now automatically detected by the build system. - - -X.509 KeyUsage extension - -Fixed the parse to allow for BIT_STRING lengths longer than should be -expected. - - -X.509 date validation fix - -A bug has been fixed in the validateDateRange() function in _x509.c_. In -previous versions, the time format (ASN_UTCTIME, etc..) of the notAfter -date was being set based on the notBefore field. This bug would have -caused problems for certificates that used different time formats for -the notBefore and notAfter fields. - - -Fixed handshake parse issue - -A bug was found on the server side while parsing a specific case of -handshake messages from a client. If the cipher suite used a key -exchange mechanism of ECDHE or ECHE, and the handshake was using client -authentication, and the client was sending the CLIENT_KEY_EXCHANGE -message and CERTIFICATE_VERIFY message in a single record, the MatrixSSL -server was unable to parse that flight and would close the connection. -This is now fixed. - - -TLS server sending old self-signed certificate - -A bug has been fixed so that if a server sends a self-signed certificate -that does not contain the AuthorityKeyIdentifier extension, the -authentication logic will detect that and not report an error to the -certificate callback. > Servers shouldn’t send self-signed certificates -in the CERTIFICATE message. Client must still always have the same -self-signed cert loaded in order to authenticate. - - -Fixed ECC variable encoding bugs - -For Client Auth rehandshakes, the variable signature sizes of ECDSA -resulted in an issue when clients were creating the encrypted -CERTIFICATE_VERIFY message. secp224r1 curves also had an additional bug -that could cause an invalid signature in some cases due to the variable -encoding rules. - - -DHE_PSK compatibility - -Fixed issue with DHE_PSK ciphers when a PSK_ID was not used. Previously -a handshake alert would occur. - - -AES-GCM with AESNI - -Fixed an issue causing an invalid encoding of large data buffers with -aes-gcm on Intel platforms with AESNI. - - -Library configuration test - -The mechanism to test that MatrixSSL applications have been compiled -using the same configuration as the MatrixSSL static libraries has been -fixed. - - -Windows psGetFileBuf - -Parameters to CreateFileA() are now correct for opening existing files. - - - -5 KNOWN ISSUES - - -- _Microsoft Windows_ targets do not support certificate date - validation currently. Users requiring this feature can use Windows - APIs to get and parse the current date, using the POSIX - implementation as a reference. -- _Arm_ platforms linking with some versions of _OpenSSL_ libcrypto - library may have errors in AES-CBC cipher suites due to the - library's inability to handle in-situ encryption within the - same block. + MatrixSSL Release Notes + +Changes in 3.9.0 + + Version 3.9.0 March 2017 (C) Copyright 2017 Rambus Inc.- All Rights + Reserved + + 1. BUG FIXES SINCE 3.8.7b + + Fixed server-side handling of client authentication with + Server Name Indication + + Constant Time Modular Exponentiation + 2. NEW FEATURES SINCE 3.8.7b + + * RFC 5280 Compliant Certificate Matching + * Certificate Validation Configuration Options + * Client Authentication using an External Security Token + * X.509 Generation Improvements (Commercial Edition Only) + * Added psX509GetOnelineDN API + * Added matrixValidateCertsExt API + * Support for RSA-MD2 and RSA-MD5 Signatures in CSR and CRL Parsing + * ALLOWCRLISSUERSWITHOUTKEYUSAGE Compatibility Option + + 1. OTHER CHANGES SINCE 3.8.7b + + Indent style changes + + 1. BUG FIXES SINCE 3.8.7b + +Fixed server-side handling of client authentication with Server Name Indication + + This bug caused client authentication to fail when MatrixSSL was used + as the server and the client was sending the Server Name Indication + extension. + +Constant Time Modular Exponentiation + + It was reported by Andreas Zankl that Matrix Crypto implementation had + a side-channel information leak via instruction cache. In response to + the research, Matrix Crypto modular exponentiation was changed to use + code that does not leak information via instruction cache and uses + constant-time execution. The new code is slower. (Note: The SafeZone + CL/CLS cryptography used in MatrixSSL FIPS Edition has been using + constant time modular exponention before.) + + 2. NEW FEATURES SINCE 3.8.7b + +RFC 5280 Compliant Certificate Matching + + Matching certificate fields in MatrixSSL has been improved. MatrixSSL + now implements the requirement from RFC 5280 that Subject Alternative + Name is used for matching instead of subject Common Name if alternative + name is available. Subject Alternative Name contain more precise + information on the type of the field and thus avoids false positive + field matches. MatrixSSL now allows RFC 5280 compliant matching of + email addresses, where only domain name part is case insensitive. It is + now possible to specify the type of name to match with new session + options. See the Session Options section in the MatrixSSL APIs manual + for details. + + The issues in certificate matching were reported by a team of + researchers from Columbia University, consisting of Suphannee Sivakorn, + George Argyros, Kexin Pei, Suman Jana and Angelos D. Keromytis. + +Certificate Validation Configuration Options + + New session options have been added for configuring MatrixSSL's + internal certificate validation process. These include options for + specifying the field in the server certificate against which the + expected server name should be matched, an option to limit the maximum + certificate chain validation depth and options for retaining the peer + certificate after processing. See the Session Options section in the + MatrixSSL APIs manual for details. + +Client Authentication using an External Security Token + + MatrixSSL's external client authentication feature allows client-side + private key operation in TLS client authentication, i.e. the signing of + the handshake_messages hash in the CertificateVerify handshake message, + to be offloaded from MatrixSSL to an external module such as a security + or authentication token. See the MatrixSSL External Module Integration + manual for details. + +X.509 Generation Improvements (Commercial Edition Only) + + Support has been added for encoding the netscape-comment certificate + extension. The psParseCertReqBufExt API has been added. This version of + psParseCertReqBufExt allows storing additional information from the + parsed CSR. Another additional API is psX509SetPublicKey, which can be + used to set the public key in a psCertConfig_t struct, before it is + passed to the CSR or certificate encoding routines. See the MatrixSSL + Certificates and Certificate Revocation Lists manual for details. + +Added psX509GetOnelineDN API + + The new psX509GetOnelineDN API can be used to generate a one-line + string representation of a Distinguished Name. + +Added matrixValidateCertsExt API + + The new matrixValidateCertsExt API has an additional options struct + argument for configuring some aspects of the certificate chain + validation process. The old matrixValidateCerts API is now deprecated. + +Support for RSA-MD2 and RSA-MD5 Signatures in CSR and CRL Parsing + + Support for RSA-MD2 and RSA-MD5 signature verification has been added + to CSR parsing, and support for RSA-MD2 signature verification has been + added to CRL parsing. These insecure, legacy algorithms are disabled by + default, but they can be enabled by defining USEMD2 or USEMD5. + +ALLOWCRLISSUERSWITHOUTKEYUSAGE Compatibility Option + + The ALLOWCRLISSUERSWITHOUTKEYUSAGE build-time option allows CRL + authentication to succeed even when signer CA's cert does not have the + keyUsage extension and thus no cRLSign bit. This option is for + compatibility with old CRL issuer certs. RFC 5280 requires CRL issuer + certs to have the keyUsage extension and the cRLSign bit. + + 3. OTHER CHANGES SINCE 3.8.7b + +Indent style changes + + Indent style has been changed and made more consistent accross source + and header files. + +Changes in 3.8.7b + + Version 3.8.7b January 2017 (C) Copyright 2017 Rambus Inc.- All + Rights Reserved + + 1. BUG FIXES SINCE 3.8.7 + 2. Fixed compile error if SHA224 was enabled. + 3. Fixed compile warning around HTTP2 alpn detection. + 4. Fixed issue where a cipher suite could be negotiated that did not + match the authentication type for the keys. + + 1. BUG FIXES SINCE 3.8.7 + +Fixed issue where a cipher suite could be negotiated that did not match the +authentication type for the keys. + + This manifested in the default apps/ssl/server.c example when Chrome + was connected. It negotiated an ECDSA based cipher even though keys + loaded by default were RSA keys. + +Changes in 3.8.7 + + Version 3.8.7 November 2016 (C) Copyright 2016 Rambus Inc.- All + Rights Reserved + + 1. BUG FIXES SINCE 3.8.6 + + Fixed Wrong Computation Results Bug In pstm.c Division + + Fixed Memory Corruption In psDhImportPubKey + + Fixed RSA Public Key Read Overflow + + X.509/CRL/OCSP Timestamp Validation + + Unix Year 2038 Problem Fix + + Stricter OID Comparison + + Multibyte String Handling + + Configuration Robustness Improvements + + X.509 Certificate Parsing Read Overflow + + PKCS #8 Buffer Read Overflow + + OCSP Bug Fixes + + Generic Bug Fixes For Test Programs + + Changes to Recommended Configurations + + psMutex Locking and Unlocking APIs Compiler Warnings Removed + + MD5 and SHA-1 Combined Digest Function + + Coverity Issues Fixed + + Yarrow Build Issues Fixed + 2. NEW FEATURES SINCE 3.8.6 + + SHA-512 for X.509 Certificates Improvements + + OCSP Improvements + + X.509 Certificate Domain Components + + New Configuration: Minimal PSK + + 1. BUG FIXES SINCE 3.8.6 + +Fixed Wrong Computation Results Bug In pstm.c Division + + The bug could cause some big number mathematics to return wrong values + when divisor and dividend are very far from each other. This issue is + related to public key computation problems reported by Security + Researcher [1]Hanno Böck. + +Fixed Memory Corruption In psDhImportPubKey + + Importing Diffie-Hellman public key cleared some memory beyond end of + the key. On some systems this bug may have caused memory corruption. + +Fixed RSA Public Key Read Overflow + + When importing RSA key from certificate, maliciously crafted RSA public + key could cause read buffer overflow and crash. + +X.509/CRL/OCSP Timestamp Validation + + MatrixSSL accepted some X.509 certificates with illegal timestamps, + such as leap day in an ordinary year. In additional, some two digit + years were parsed incorrectly. Timestamp parsing has been altered + everywhere to use new psBrokenDownDate API, which correctly handles + these corner cases. Some of X.509 time parsing issues were reported by + Sze Yiu Chau. + +Unix Year 2038 Problem Fix + + On 32-bit Unix devices, time_t type, which is signed will overflow in + 2038. A workaround was added that will allow timestamps and dates to be + processed correctly by MatrixSSL on and after Tuesday 19 January 2038. + +Stricter OID Comparison + + The OID comparison in MatrixSSL uses a simple non-cryptographic digest + function, based on sum of bytes, which is not collision free. + Comparison of OID binary representation was added to ensure unknown + OIDs are not accidentally interpreted the same than some of existing + OIDs. This issue was reported by Sze Yiu Chau. + +Multibyte String Handling + + The MatrixSSL now includes function to recode strings containing + multibyte (BMPString) characters as UTF-8 strings. This handling is + applied to X.509 certificate fields, such as Subject Name. This allows + code using MatrixSSL to work with BMPString input without actually + knowing the encoding used. + +Configuration Robustness Improvements + + MatrixSSL has been made more robust with configurations: changing + configuration options is less likely to cause problems building the + software. + + These improvements allow smaller configurations for embedded systems. + (E.g. build without DTLS, or build only server-side or client-side + support.) + +X.509 Certificate Parsing Read Overflow + + Fixed read overflow from X.509 certificate date handling and removed + possible buffer read overflow in parseGeneralNames(). Without these + fixes maliciously crafted X.509 certificate could cause software crash. + +PKCS #8 Buffer Read Overflow + + Fixed reading overly large invalid PKCS #8 encoded private key. Without + this fix, maliciously crafted PKCS #8 file could cause software crash. + +OCSP Bug Fixes + + In lieu of OCSP improvements, small bugs in OCSP implementation have + been fixed. The most notable bug was a memory leak. + +Generic Bug Fixes For Test Programs + + Removed some warnings and memory leaks from test programs. Made test + programs confirm to Unix/POSIX return value scheme on relevant + platforms. + +Changes to Recommended Configurations + + The recommended configurations have been edited slightly. Most notably, + the tracing is disabled by default on non-debug configurations. + +psMutex Locking and Unlocking APIs Compiler Warnings Removed + + Removed return value from psLockMutex() and psUnlockMutex() APIs. This + removes several warnings regarding return values not being used. + +MD5 and SHA-1 Combined Digest Function + + The MatrixSSL will now invoke combined MD5 and SHA-1 hash function + psMd5Sha1, whenever possible instead of separate MD5 and SHA-1 hash + functions. + +Coverity Issues Fixed + + Implementation of getTicketKeys and parseSSLHandshake functions was + changed to remove issues detected by Coverity. + +Yarrow Build Issues Fixed + + MatrixSSL comes with a version of Yarrow PRNG. Its use has been + deprecated, but the PRNG continued to be shipped with MatrixSSL. + Unfortunately, the latest versions of MatrixSSL had compilation errors + in yarrow.c. Those errors have been fixed, and the source code file has + been marked deprecated. + + 2. NEW FEATURES SINCE 3.8.6 + +SHA-512 for X.509 Certificates Improvements + + MatrixSSL can use SHA-512 to sign self-signed certificate or + certificate request. SHA-512 was already previously supported for + verification of X.509 certificates. (This feature can be used only on + MatrixSSL Commercial Edition.) + +OCSP Improvements + + OCSP example application apps/crypto/ocsp.c (Commercial Edition Only) + and MatrixSSL Developer Guide have been improved to give more + documentation regarding OCSP request. OCSP request can now use + requestorId feature and request status of list of certificates. + +X.509 Certificate Domain Components + + Added Functions for obtaining contents of X.509 certificate Domain + Component field(s). + +New Configuration: Minimal PSK + + New configuration psk added. This configuration provides small + footprint MatrixSSL build with only Pre-Shared Key and TLS 1.2 + functionality using Matrix Crypto. + +Changes in 3.8.6 + + Version 3.8.6 October 2016 (C) Copyright 2016 Rambus Inc.- All + Rights Reserved + + 1. BUG FIXES + + Critical parsing bug for X.509 certificates + + Critical TLS handshake parsing bugs + + 4096 bit RSA key generation regression + + General cleanup of build + + MatrixSSH compatibility issue + 2. FEATURES AND IMPROVEMENTS + + New configuration system for build options + + core/ changes + + X.509 parsing and generation + + crypto/ changes + + Removed OpenSSL API Emulation + + 1 BUG FIXES + +Critical parsing bug for X.509 certificates + + Security Researcher [2]Craig Young reported two issues related to X.509 + certificate parsing. An error in parsing a maliciously formatted + Subject Alt Name field in a certificate could cause a crash due to a + write beyond buffer and subsequent free of an unallocated block of + memory. An error in parsing a maliciously formatted ASN.1 Bit Field + primitive could cause a crash due to a memory read beyond allocated + memory. + +Critical TLS handshake parsing bugs + + Security Researcher [3]Andreas Walz reported three issues related to + processing the ClientHello message. + * The length of the TLS record was not being strictly checked against + the length of the extensions field, so that additional unparsed + data could be added between the end of extensions and the end of + the record. This presents some level of uncertainty in how + extensions may be interpreted and could present a security issue. + * ClientHello parsing was not verifying that a NULL compression suite + was sent by the client, as required by the RFC. This did not + present a security issue (NULL compression was always forced), but + improves strict adherence to the specification. + * For TLS connections (not DTLS), the major version proposed in the + ClientHello suggested by RFC 5246 to only allow the byte value + 0x03. Now the connection is terminated if a value other than this + is suggested. Previously the suggested major version field was + simply echoed back in the ServerHello message, and treated as 0x03. + +4096 bit RSA key generation regression + + In some cases RSA key generation of 4096 bit keys would fail and return + with an error code. This regression issue has been fixed and key + generation will once again succeed. + +General cleanup of build + + Warnings across multiple platforms and compilers were fixed. Various + compile time configuration combination build issues were fixed. + +MatrixSSH compatibility issue + + Newer versions of MatrixSSH server were incompatible with the PuTTY + client. A fix has been included and enabled by default + USE_PUTTY_WORKAROUND. Note this does not affect the standard MatrixSSL + codebase. + + 2 FEATURES AND IMPROVEMENTS + +New configuration system for build options + + A new top level directory configs/ now holds several sets of + configuration files for MatrixSSL to simplify configuration sets. This + method also allows custom sets to be developed specific to a given use + case (for example a RSA only build). The following three configuration + files now are copied at build time from the configs directory: + + core/coreConfig.h crypto/cryptoConfig.h matrixssl/matrixsslConfig.h + + The default configuration settings for MatrixSSL may have changed + from your current settings. Please confirm all settings in these + three files after updating. + + From a fresh package, the build process is the same as before: simply + type make. It will build the software using the default configuration + options. + + To use a different configuration, for example configs/noecc: + + $ make clean && make all-noecc + + Once a configuration is set, make and make clean will continue to use + the same configuration unless a new one is selected as above. + +core/ changes + + * Added warning helper macros + * Additional PS_ return codes + * Buffer helper APIs in psbuf.h + * Foundation for PS_NETWORKING support for sockets level API + * psMutex_t API return code change, now returns void and will call + abort() on POSIX platforms. + * test/ new self-test directory + * Change in default Linux compile options in common.mk + +X.509 parsing and generation + + Added additional field parsing support for X.509, including multiple OU + support. Commercial release adds additional certificate creation + support, as well as an API set and test suite for programmatically + creating certificates. See MatrixKeyAndCertGeneration.pdf for full + description. + +crypto/ changes + + * Added *PreInit() APIs for hash functions for compatibility with + FIPS library and hardware token requirements + * Added psX509GetCertPublicKeyDer() API + * Support dsa_sig OID for certificates` + * Support for ASN_VISIBLE_STRING + * Moved CRL functionality into keyformat/crl.c + * Support for parsing an implicitly encoded ECC key without a DER + header, as sometimes encountered in the wild. + * Added PKCS#8 import + * ALLOW_VERSION_1_ROOT_CERT_PARSE configuration option for loading + legacy v1 certificates as trusted roots only (default not enabled). + Loading as intermediate or leaf certificates is insecure and still + not allowed. + +Removed OpenSSL API Emulation + + * opensslApi.c and opensslSocket.c files removed temporarily in + anticipation of moving to a more fully supported OpenSSL layer. + +Changes in 3.8.5 + + Version 3.8.5 September 2016 Note: 3.8.5 was a limited customer + release only. + +Changes in 3.8.4 + + Version 3.8.4 July 2016 (C) Copyright 2016 Rambus Inc.- All Rights + Reserved + + 1. FEATURES AND IMPROVEMENTS + + Coverity coverage + + HTTP/2 restrictions via ALPN + + Enhanced example apps + + Process shared Session Cache + + Enhanced CRL and OCSP support + + Windows support for certificate date validation + 2. BUG FIXES + + Critical parsing bug for RSA encrypted blobs + + Additional restrictions on bignum operations + + Fixed error in disabled cipher flags + + Fixed error in DTLS encoding + + SSLv3 only support fixed + + Assembly compatibility with more compilers + + 1 FEATURES AND IMPROVEMENTS + +Coverity coverage + + MatrixSSL now has zero outstanding defects in [4]Coverity Static + Analysis. + +HTTP/2 restrictions via ALPN + + MatrixSSL server code will automatically evaluate the ALPN extension + and appropriately restrict the cipher suites and key exchange methods + if the HTTP/2 protocol is being used. Per the [5]HTTP/2 spec, only AEAD + cipher suites and Ephemeral key exchange methods are allowed. + +Enhanced example apps + + Example applications now take additional command line options and also + support CRL request and response generation. + +Process shared Session Cache + + Minimal support for a process-shared server session resumption cache is + now supported via process-shared mutexes on Linux. + +Enhanced CRL and OCSP support + + A new file crypto/keyformat/crl.c defines additional apis for more + complex CRL (Certificate Revocation List) and OCSP support. + +Windows support for certificate date validation + + Previously only Posix based platforms were supported. + + 2 BUG FIXES + +Critical parsing bug for RSA encrypted blobs + + Security Researcher [6]Hanno Böck reported several issues related to + RSA and bignum operations. An error in parsing a maliciously formatted + public key block could produce a remotely triggered crash in SSL server + parsing. Additional restrictions on the values provided to RSA and DH + operations were also added, although an exploit has not been found. + +Additional restrictions on bignum operations + + The MatrixSSL bignum library, located in crypto/math/ was optimized and + reduced in size to support only key sizes and operations used by + standard RSA, ECC and DH operations (those apis present in + crypto/cryptoApi.h). Additional constraint checking has been added to + the code to prevent unsupported key sizes and values. Users requiring + generic bignum operations should take a look at libtomcrypt, GMP, + Python or OpenSSL. + +Fixed error in disabled cipher flags + + The optional disabling or enabling of specific ciphers at runtime per + session was recently broken (now fixed) due to an errant flags + calculation using < instead of <<. + +Fixed error in DTLS encoding + + An error was returned if attempting to encode a DTLS message exactly + the PMTU size. + +SSLv3 only support fixed + + SSLv3 mode is not recommended for deployment, but had become broken in + a recent build. It can now be enabled again. + +Assembly compatibility with more compilers + + Fixed "invalid register constraints" error on some versions of GCC and + LLVM for ARM, MIPS and x86_64. + +Changes in 3.8.3 + + Version 3.8.3 April 2016 (C) Copyright 2016 Rambus Inc.- All Rights + Reserved + + 1. FEATURES AND IMPROVEMENTS + + Simplified Configuration Options + + DTLS Combined Package + + CHACHA20_POLY1305 Cipher Suites + + Libsodium Crypto Provider + + Extended Master Secret + + Online Certificate Status Protocol + + TLS Fallback SCSV + + Trusted CA Indication Extension + + Removed gmtunixtime from client and server random + + Removed support for SSLv2 CLIENT_HELLO messages + + Ephemeral ECC Key Caching + 2. BUG FIXES + + Support for parsing large certificate blobs + + X.509 certificate parse fix for issuerUniqueID and + subjectUniqueID + + Diffie-Hellman public key exchange bug + + SHA512 based Server Key Exchange signatures + + Allow independent hashSigAlg identifiers in Certificate + Request message + + Improvements to DTLS Cookie handling + + Fixed key type verification for chosen cipher suite + + Validation of RSA Signature Creation + + Side Channel Vulnerability on RSA Cipher Suites + + Access Violation on Malicious TLS Record + + 1 FEATURES AND IMPROVEMENTS + +Simplified Configuration Options + + The configuration files coreConfig.h, cryptoConfig.h and + matrixsslConfig.h have been simplified, and the default options have + been changed to improve security and code size. + * Many of the insecure algorithms or deprecated options that can be + enabled in cryptoConfig.h and matrixsslConfig.h have been moved + into cryptolib.h and matrixssllib.h, respectively. + * TLS 1.1 is now the default minimum TLS version compiled in. The new + USE_TLS_1_1_AND_ABOVE setting enables this. + * Rehandshaking on an existing connection is now disabled completely + by default with the USE_REHANDSHAKING configuration option. + +DTLS Combined Package + + DTLS is now packaged with MatrixSSL, and can be enabled with the + USE_DTLS configuration option. TLS and DTLS connections can be made + simultaneously with the same application. + +CHACHA20_POLY1305 Cipher Suites + + MatrixSSL now has support for ChaCha20-Poly1305 cipher suites + compatible with RFC draft + https://tools.ietf.org/html/draft-ietf-tls-chacha20-poly1305. The + supported cipher suites are defined for TLS 1.2 and can be enabled at + compile time. + + cryptoConfig.h : USE_CHACHA20_POLY1305_IETF + + matrixsslConfig.h : TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 + TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 + + MatrixSSL must be linked with the libsodium library to provide + implementation of the crypto primitives. + +Libsodium Crypto Provider + + MatrixSSL now includes a layer for crypto primitives to the libsodium + crypto library, in addition to the OpenSSL libcrypto and the native + (default) MatrixSSL crypto library. libsodium provides crypto + primitives for ChaCha20 and Poly1305. In addition, enabling the layer + will use libsodium primitives for SHA256/SHA384/SHA512 based hashes and + AES-256-GCM ciphers that provide high performance on Intel platforms. + + As of this release, the current version of libsodium is available + here: + https://download.libsodium.org/libsodium/releases/libsodium-1.0.8.ta + r.gz To build libsodium, follow the instructions here: + https://download.libsodium.org/doc/installation/index.html + + To enable in the MatrixSSL make system, enable the following and + rebuild: + + common.mk : PS_LIBSODIUM:=1 LIBSODIUM_ROOT:=(pathtolibsodium_build) + +Extended Master Secret + + The “extended master secret” as specified in [7]RFC 7627 is an + important security feature for TLS implementations that use session + resumption. The extended master secret feature associates the internal + TLS master secret directly to the connection context to prevent + man-in-the-middle attacks during session resumption. One such attack is + a synchronizing triple handshake as described in [8]Triple Handshakes + and Cookie Cutters: Breaking and Fixing Authentication over TLS. + + See the Extended Master Secret section in the MatrixSSL API document + for details. + +Online Certificate Status Protocol + + The Online Certificate Status Protocol (OCSP) is an alternative to the + Certificate Revocation List (CRL) mechanism for performing certificate + revocation tests on server keys. TLS integrates with OCSP in a + mechanism known as “OCSP stapling”. This feature allows the client to + request that the server provide a time-stamped OCSP response when + presenting the X.509 certificate during the TLS handshake. The primary + goal for this scheme is to allow resource constrained clients to + perform certificate revocation tests without having to communicate with + an OCSP Responder themselves. + + See the OCSP Revocation section in the MatrixSSL API document for + details. + +TLS Fallback SCSV + + The RFC for detecting version rollback attacks has been implemented per + [9]RFC7507. See the MatrixSSL Developer’s Guide for more information. + +Trusted CA Indication Extension + + The Trusted CA Indication extension is specified in [10]RFC 6066. This + feature allows TLS clients to send their list of certificate + authorities to servers in the CLIENT_HELLO message. + See the Trusted CA Indication section in the MatrixSSLAPI_ document for + details. + +Removed gmtunixtime from client and server random + + The TLS RFC specifies that the first 4 bytes of the CLIENT_HELLO and + SERVER_HELLO random values be the current platform time. Current best + practices recommend using random data for all 32 bytes. MatrixSSL now + uses all random data by default. + +Removed support for SSLv2 CLIENT_HELLO messages + + SSLv2 CLIENT_HELLO parsing was previously supported to maintain + compatibility with very old TLS implementations. Although this does not + present a security risk at this time, the code has been removed, and + only modern TLS record header parsing is supported. + +Ephemeral ECC Key Caching + + Previous versions of MatrixSSL generated new, unique ephemeral keys for + each connection using ECDHE_ cipher suites, as per NIST + recommendations. Beginning with this version, ephemeral keys are cached + and re-used for connections within a time frame of two hours and a + maximum usage of 1000 times. This improves performance of ECDHE suites, + and is inline with the configuration current web browsers. This feature + can be configured in matrixsslConfig.h. + + 2 BUG FIXES + +Support for parsing large certificate blobs + + Certificate collections larger than 64KB were not being parsed + correctly after a change to some data types (32 bit to 16 bit) in the + parsing code. This bug is now fixed and large collections of + certificates are now parsing correctly. + +X.509 certificate parse fix for issuerUniqueID and subjectUniqueID + + Previous MatrixSSL versions could not parse these rarely encountered + members of X.509 certificates. + +Diffie-Hellman public key exchange bug + + MatrixSSL clients would not successfully handshake with servers that + sent Diffie-Hellman public keys that were not the same byte length as + the DH group Prime parameter. Clients will now successfully handshake + with servers that provide shorter length public keys. + +SHA512 based Server Key Exchange signatures + + SHA512 was not supported for SERVER_KEY_EXCHANGE messages in previous + versions. + +Allow independent hashSigAlg identifiers in Certificate Request message + + Previous client versions of MatrixSSL would not allow servers to send + signature algorithm identifiers that were not already specified by the + client in the CLIENT_HELLO message. Now, the client will correctly + allow the server to send an independent list of supported algorithms + and the client will look for matches from that list. + +Improvements to DTLS Cookie handling + + HMAC-SHA1 or HMAC-SHA256 are now used to generate the DTLS cookie, and + additional checking is done on the cookie for Denial-of-Service + prevention. + +Fixed key type verification for chosen cipher suite + + An internal verification function that determined whether the server + key type was correct for the chosen cipher suite has now been fixed. + Previous versions would sometimes incorrectly determine the server was + using the wrong key type if the server was using a certificate chain + where parent certificates did not use the same key type. This bug + resulted in a failed handshake and is now fixed. + +Validation of RSA Signature Creation + + An internal RSA validation of created signatures has been added to the + library in the psRsaEncryptPriv() function. + + Security researcher Florian Weimer has shown it is possible for RSA + private key information to leak under some special failure + circumstances. Information on the exploit can be found here: + https://people.redhat.com/~fweimer/rsa-crt-leaks.pdf + + The potential leak is only possible if a DHE_RSA based cipher suite is + supported on the server side. This is the only handshake combination in + which an RSA signature is sent over the wire (during the + SERVER_KEY_EXCHANGE message). The signature itself must have been + incorrectly generated for the exploit to be possible. + + The additional signature validation test will now cause the TLS + handshake to fail prior to a faulty signature being sent to the client. + +Side Channel Vulnerability on RSA Cipher Suites + + A Bleichenbacher variant attack, where certain information is leaked + from the results of a RSA private key operation has been reported by a + security researcher. The code has been updated to error without + providing any information on the premaster contents. Thank you to Juraj + Somorovsky, author of [11]TLS-Attacker + + Note that other side channel attacks may still be possible as + MatrixSSL non-FIPS crypto is not always constant-time. + +Access Violation on Malicious TLS Record + + TLS cipher suites with CBC mode in TLS 1.1 and 1.2 could have an access + violation (read beyond memory) with a maliciously crafted message. + Thank you to Juraj Somorovsky, author of [12]TLS-Attacker + + 3 KNOWN ISSUES + + * Microsoft Windows targets do not support certificate date + validation currently. Users requiring this feature can use Windows + APIs to get and parse the current date, using the POSIX + implementation as a reference. + * Arm platforms linking with some versions of OpenSSL libcrypto + library may have errors in AES-CBC cipher suites due to the + library's inability to handle in-situ encryption within the same + block. + +Changes in 3.8.2 + + Version 3.8.2 December 2015 (C) Copyright 2015 Rambus Inc.- All + Rights Reserved + + 1. FILE/API REORGANIZATION + + File Locations + + Crypto API + 2. SECURITY IMPROVEMENTS + + Simplified Configuration + + Deprecated Ciphers + + Deprecated TLS Features + + Key Strength + + Ephemeral Cipher Suites Enabled by Default + + ECC Curve List + + Reordered cipher suite preferences + + memset_s() + + Handshake State Machine Improvements + 3. FEATURES AND IMPROVEMENTS + + DTLS Protocol Included + + Optimized Diffie-Hellman performance + + Optimized EC signature generation performance + + OpenSSL Crypto Primitive Provider + + OpenSSL TLS API layer + + Reduced TLS session footprint + + X.509 Improvements + + PKCS#12 Key Parsing + + Improved certificate callback example + + Per digest control of HMAC algorithms + + Default high resolution timing + + Assert and Error Optimizations + 4. BUG FIXES + + 64 bit little endian platforms + + X.509 KeyUsage extension + + X.509 date validation fix + + Fixed handshake parse issue + + TLS server sending old self-signed certificate + + Fixed ECC variable encoding bugs + + DHE_PSK compatibility + + AES-GCM with AESNI + + Library configuration test + + Windows psGetFileBuf + + 1 FILE/API REORGANIZATION + +File Locations + + MatrixSSL 3.8.2 introduces directory changes to the distribution since + 3.7.2 + + TLS/DTLS example apps moved from ./apps to ./apps/ssl and ./apps/dtls. + Test keys and certificates moved from ./sampleCerts to ./testkeys. + XCode and Visual Studio projects moved to ./xcode and ./visualstudio. + + Several file changes and renames are present as well: + + TLS Decoding moved ./matrixssl/sslDecode.c from + ./matrixssl/sslDecode.c, ./matrixssl/hsDecode.c and + ./matrixssl/extDecode.c. Private key import/export from + ./crypto/pubkey/pkcs.c. to ./crypto/keyformat/pkcs.c. Configuration + consistency and sanity checks from ./matrixssl/matrixssllib.h to + ./matrixssl/matrixsslCheck.h. + +Crypto API + + The API layers into the raw cryptographic operations have been + significantly changed. The crypto API changes do not affect the main + MatrixSSL API for creating TLS sessions, etc. However, developers who + interface with crypto directly, or who want to write a custom hardware + layer will be interested in the new layer. + + API Model + + The cryptography API for symmetric crypto, digests and HMAC follow the + common model: + + Init API : Initializes the cipher and returns an error on failure + (typically due to bad input parameters or insufficient memory). + + Encrypt/Decrypt/Update API : Performs the operation and does not return + an error code (previously some APIs would return the number of bytes + decrypted). + + Clear API : Zero and/or free any associated memory associated with the + cipher. + + Standard Types + + Standard C99 types from are used to specify integer + parameters. + + uint8_t : The length of an IV, password or an AES-GCM tag + + uint16_t : The length of an asymmetric key (RSA/DH/ECC), a HMAC key or + Additional Authenticated Data (AAD) for an AEAD cipher such as AES-GCM. + + uint32_t : The length of data to be processed by the cipher + + uint64_t: Internally used by crypto library to store large counter + values and when optimizing for 64 bit platforms. + + Const Correctness + + Pointers to values that are not modified are marked const. + + API Name changes + + API names have been standardized as follows: + + Initialization of low level AES block cipher from psAesInitKey to + psAesInitBlockKey. AES CBC from psAesInit, psAesDecrypt and + psAesEncrypt to psAesInitCBC, psAesDecryptCBC and psAesEncryptCBC. SHA2 + HMAC from psHmacSha2 to psHmacSha256 and psHmacSha384. ECC signature + creation from psEccSignHash to psEccDsaSign. ECC signature validation + from psEcDsaValidateSignature to psEccDsaVerify. + + Standardized Context Names + + Cryptographic functions that used to accept generic “context” + identifiers now require the specific key/algorithm structure, for + example: + + HMAC family from psHmacContextt to psHmacSha1t, psHmacSha256t, ... + Digest family from psDigestContextt to psSha1t, psSha256t, etc... + Symmetric family from psCipherContextt to psAesCbct, psAesGcmt, + psDes3Keyt RSA private key parse (pkcs1) from psPubKeyt to psRsaKeyt. + ECC private key parse from psPubKeyt to psEccKeyt. + + Standardized Return Types + + In general, Init apis return a standard PS_* status code. A status code + that is not PS_SUCCESS typically indicates invalid input parameters or + a resource allocation failure. Update and Clear APIs no longer have a + return. For example: + + HMAC Init from void to int32t. HMAC Final from int32t to void. Digest + Init from void to int32t. Digest Final from int32t to void. + + Memory Model + + In general, APIs now take an allocated cipher structure, and do not + allocate the structure in the Init routine. In the past, the memory + allocation model was inconsistent. + + For ECC and DH, there are now additional APIs that allow the key to be + allocated and initialized, to complement the APIs which just initialize + the keys. + + The Clear API must always be called when done with a context, as some + algorithms internally allocate additional memory for operation. + + 2 SECURITY IMPROVEMENTS + +Simplified Configuration + + The configuration of ciphers and cipher suites in crypto/cryptoConfig.h + and matrixssl/matrixsslConfig.h has been simplified considerably. + Existing and new users of MatrixSSL should take a look at these files + to understand the various options and features supported. + +Deprecated Ciphers + + * ARC4, SEED, IDEA, RC2, MD4 and MD2 are deprecated, and not enabled + by default in cryptoConfig.h + * MD5 and SHA1 are not recommended for use, but enabled by default + because they are required for TLS protocols before version 1.2. + Although they are enabled in cryptoConfig.h, their use within the + TLS protocol is limited to where required, and they can be + independently disabled from use as a certificate signature + algorithm and an HMAC algorithm. The new crypto primitive + psMd5Sha1_t is intended to replace standalone MD5 or SHA1 use + outside of where required in TLS. + * 3DES is not deprecated, but be aware of key strength limitations + vs. AES-128 and AES-256. + +Deprecated TLS Features + + * TLS cipher suites that rely on deprecated crypto algorithms have + also been deprecated in matrixsslConfig.h + * TLS Compression support is now deprecated and the option removed + from the configuration. + * False Start support is now deprecated and the option removed from + the configuration. + +Key Strength + + Key strength defines have not changed since previous releases, however + it should be noted that the default minimum RSA/DH sizes of 1024 and + ECC sizes of 192 do not meet a growing number of security standards and + larger keys should be beginning to be deployed. + +Ephemeral Cipher Suites Enabled by Default + + ECDHE and DHE cipher suites are now enabled by default. Be aware that + for embedded platforms, this may require significant additional CPU + load. + +ECC Curve List + + The supported ECC Curve list is now always given in bit-strength order. + This ensures that when negotiating EC Parameters, the strongest + available will be used. + +Reordered cipher suite preferences + + Clients send a priority list order of cipher suites during TLS + negotiations, and servers use a priority list of ciphers to pick a + common cipher for the connection. + + MatrixSSL orders this list using the following rules, resulting in some + change to the cipher suite preference order in cipherSuite.c. In order + to make as secure a connection as possible, the parameters of + Authentication, Data Integrity and Data Security were taken in that + order to generate a new cipher preference list. In places where these + parameters are of equivalent strength, the faster algorithm is + preferred (although the “faster” algorithm often depends on the + platform). Currently DHE is prioritized over ECDHE due only to + performance. In future releases, ECDHE may be the preferred key + exchange mode. + + The ordering of the ciphers is grouped and sub-grouped by the + following: + 1. Non-deprecated + 2. Ephemeral + 3. Authentication Method (PKI > PSK > anon) + 4. Hash Strength (SHA384 > SHA256 > SHA > MD5) + 5. Cipher Strength (AES256 > AES128 > 3DES > ARC4 > SEED > IDEA > + NULL) + 6. PKI Key Exchange (DHE* > ECDHE > ECDH > RSA > PSK) + 7. Cipher Mode (GCM > CBC) + 8. PKI Authentication Method (ECDSA > RSA > PSK) + +memset_s() + + Use the memset_s() api to zero memory regardless of compiler + optimization which might skip zeroing for memory that is not + subsequently used. For platforms without a built in implementation, + memset_s() is automatically built in core/memset_s.c + +Handshake State Machine Improvements + + Simplified code paths + + The handshake decode state machine was split among additional files and + functions. Switch statements replace other logic to more clearly show + each case and its result. The state machine is still quite complex due + to the large number of modes and states that are supported in + MatrixSSL. Always consult support when making changes to the state + machine. + + Multiple state tracking + + Connection state tracking has always been implemented as "expected next + state", with no security issues. However for a double check, MatrixSSL + now implements independent tracking of the last state encoded and + decoded, as well as the expected next state. + + More strict extension processing + + The extension parsing is more strict in what can be accepted and when. + + 3 FEATURES AND IMPROVEMENTS + +DTLS Protocol Included + + Beginning in the 3.8.2 version of MatrixSSL, the DTLS 1.0 and DTLS 1.2 + protocols are included in MatrixSSL open source package. + + Enable USE_DTLS in ./matrixssl/matrixsslConfig.h to include it in + library. Additional documentation, app examples, and test code is + included to aid in development. + +Optimized Diffie-Hellman performance + + Use smaller generated key sizes for a given DH prime field size per + [13]NIST SP 800-57 Part 1. This provides up to a 9x performance gain + for DH operations, greatly increasing the speed of ephemeral ciphers + using DH. + +Optimized EC signature generation performance + + Improved performance for finding valid ECC key pairs, especially on + larger key sizes. + +OpenSSL Crypto Primitive Provider + + Allows MatrixSSL to be linked against OpenSSL libcrypto as a crypto + primitive provider. This allows platforms that use OpenSSL as their + crypto API (such as Cavium Octeon) provide hardware acceleration to + MatrixSSL applications. + +OpenSSL TLS API layer + + Users wishing to replace OpenSSL with MatrixSSL often desire a layer + that will ease the integration. MatrixSSL 3.8.2 includes an OpenSSLAPI + layer that was previously provided upon request. This layer is found in + the ./matrixssl directory in the opensslApi.cand opensslSocket.c files. + The opensslApi.h and opensslSocket.h headers define the interface. + +Reduced TLS session footprint + + The size of each TLS session was reduced by 512 bytes for AES cipher + suites, and additionally by ~100 bytes for all cipher suites. + +X.509 Improvements + + OID parsing has been improved and provides better feedback on error. + SHA-512 signed certificates are now supported. + +PKCS#12 Key Parsing + + Support for longer passwords and additional private key bag. + +Improved certificate callback example + + The ./apps/ssl/client.c application now has a more robust processing + example to help integrators understand the relationship between the + incoming alert value and the individual authStatus members of the + server’s certificate chain. + +Per digest control of HMAC algorithms + + Each HMAC algorithm can now be specifically enabled/disabled with + USE_HMAC_(digest) defines in cryptoConfig.h + +Default high resolution timing + + POSIX platforms will have high-resolution timers active by default + +Assert and Error Optimizations + + USE_CORE_ASSERT and USE_CORE_ERROR can now be disabled in coreConfig.h. + This can reduce code size by removing the static strings used in errors + and asserts. Recommended for final deployment only. + + 4 BUG FIXES + +64 bit little endian platforms + + The STORE32L macro in cryptolib.h has been fixed for little endian 64 + platforms. The STORE32H macro in cryptolib.h has been fixed for big + endian 64 platforms not using assembly language optimizations. + Platforms such as MIPS64 are now automatically detected by the build + system. + +X.509 KeyUsage extension + + Fixed the parse to allow for BIT_STRING lengths longer than should be + expected. + +X.509 date validation fix + + A bug has been fixed in the validateDateRange() function in x509.c. In + previous versions, the time format (ASN_UTCTIME, etc..) of the notAfter + date was being set based on the notBefore field. This bug would have + caused problems for certificates that used different time formats for + the notBefore and notAfter fields. + +Fixed handshake parse issue + + A bug was found on the server side while parsing a specific case of + handshake messages from a client. If the cipher suite used a key + exchange mechanism of ECDHE or ECHE, and the handshake was using client + authentication, and the client was sending the CLIENT_KEY_EXCHANGE + message and CERTIFICATE_VERIFY message in a single record, the + MatrixSSL server was unable to parse that flight and would close the + connection. This is now fixed. + +TLS server sending old self-signed certificate + + A bug has been fixed so that if a server sends a self-signed + certificate that does not contain the AuthorityKeyIdentifier extension, + the authentication logic will detect that and not report an error to + the certificate callback. + + Servers shouldn’t send self-signed certificates in the CERTIFICATE + message. Client must still always have the same self-signed cert + loaded in order to authenticate. + +Fixed ECC variable encoding bugs + + For Client Auth rehandshakes, the variable signature sizes of ECDSA + resulted in an issue when clients were creating the encrypted + CERTIFICATE_VERIFY message. secp224r1 curves also had an additional bug + that could cause an invalid signature in some cases due to the variable + encoding rules. + +DHE_PSK compatibility + + Fixed issue with DHE_PSK ciphers when a PSK_ID was not used. Previously + a handshake alert would occur. + +AES-GCM with AESNI + + Fixed an issue causing an invalid encoding of large data buffers with + aes-gcm on Intel platforms with AESNI. + +Library configuration test + + The mechanism to test that MatrixSSL applications have been compiled + using the same configuration as the MatrixSSL static libraries has been + fixed. + +Windows psGetFileBuf + + Parameters to CreateFileA() are now correct for opening existing files. + + 5 KNOWN ISSUES + + * Microsoft Windows targets do not support certificate date + validation currently. Users requiring this feature can use Windows + APIs to get and parse the current date, using the POSIX + implementation as a reference. + * Arm platforms linking with some versions of OpenSSL libcrypto + library may have errors in AES-CBC cipher suites due to the + library's inability to handle in-situ encryption within the same + block. + +References + + 1. https://hboeck.de/ + 2. http://www.tripwire.com/state-of-security/contributors/craig-young/ + 3. http://ivesk.hs-offenburg.de/ + 4. https://scan.coverity.com/projects/matrixssl-matrixssl + 5. https://tools.ietf.org/html/rfc7540#appendix-A + 6. https://hboeck.de/ + 7. https://tools.ietf.org/html/rfc7627 + 8. https://mitls.org/pages/attacks/3SHAKE + 9. https://tools.ietf.org/html/rfc7507 + 10. https://tools.ietf.org/html/rfc6066 + 11. https://github.com/RUB-NDS/TLS-Attacker + 12. https://github.com/RUB-NDS/TLS-Attacker + 13. http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r4.pdf diff --git a/doc/CHANGES_v4.x.html b/doc/CHANGES_v4.x.html index 3816ab2..565bdfc 100644 --- a/doc/CHANGES_v4.x.html +++ b/doc/CHANGES_v4.x.html @@ -1,15 +1,41 @@ - - - - - - - - - - -

            MatrixSSL 4.x changelog

            -

            Changes between 4.2.2 and 4.3.0 [June 2020]

            +

            MatrixSSL 4.x changelog

            + +

            Changes between 4.5.0 and 4.5.1 [July 2022]

            + +
            * Fix a usage of return value of psX509ParseCert when a flag is set
+
            + +

            Changes between 4.4.0 and 4.5.0 [June 2022]

            + +
            * Enabled RSA SHA512 signature algorithm in TLS1.2 certrequest.
+* Enabled SHA512 in privRsaEncryptSignedElement.
+* Fixed DTLS change cipher spec retransmit epoch.
+* Compilation warning fixes.
+* Memory leak fixes.
+
            + +

            Changes between 4.3.0 and 4.4.0 [December 2021]

            + +
            * Fixed a type mismatch in matrixCmsParseEnvelopedDataBuf.
+* Increased the value of MAX_OID_BYTES to 48.
+* Changes to the handling of the validity time in self generated certs.
+* Fixed a possible vulnerability in parseAuthorityInfoAccess 
+  discovered by Tavis Ormandy (Github issue #44). 
+* Fixed a memory leak in getExplicitExtensions 
+  discovered by Tavis Ormandy (Github issue #43). 
+* Fixed vulnerability in SHA256 intialisation discovered by Marcel Maehren,
+  Philipp Nieting, Sven Hebrok, Robert Merget, Juraj Somorovsky and
+  Jörg Schwenk from Ruhr University Bochum and Paderborn-University.
+* Fixes in cross certificate handling.
+* Fixed a bug in pkcs1Pad.
+* Fixed a bug in psX963KeyDerivation.
+* Fixed the default behaviour when TLS version is not explicitly specified.
+* Fixed compilation errors when using debugging.
+* Memory leak fixes.
+
            + +

            Changes between 4.2.2 and 4.3.0 [June 2020]

            + 
            * Added a constant-time variant of eccMulmod, in response to the Minerva attack.
 * Fixed a possible infinite loop in message parsing discovered by 
   Andreas Walz (ivESK).
@@ -28,98 +54,206 @@
   MatrixSSL binary but will enable building software that is not
   dependent on exact binary layout of structures such as ssl_t.
 * Fixes the bug when NULL keydata was used in sslLoadKeyPair() function.
-* Other bug fixes.
            -

            Changes between 4.2.1 and 4.2.2 [August 2019]

            -

            This version fixes a few security issues related to DTLS and handshake message length. It also defines the size of psBool_t to be equivalent to bool on both x86 and ARM platforms.

            +* Other bug fixes. + + +

            Changes between 4.2.1 and 4.2.2 [August 2019]

            + +

            This version fixes a few security issues related to DTLS and +handshake message length. It also defines the size of psBool_t +to be equivalent to bool on both x86 and ARM platforms.

            +

            • TLS:

              +
                -

              • Fixed vulenerabilities and bugs related to DTLS discovered by Jakub Botwicz (Samsung R&D Poland).

                • -

              • Limited handshake message length.

                • +
              • Fixed vulenerabilities and bugs related to DTLS discovered by +Jakub Botwicz (Samsung R&D Poland).
                • +
              • Limited handshake message length.

            • Crypto

              +
                -
              • Added support for parsing public keys in OpenSSL ECC DER/PEM format.
                -
                • -
              • Fixed support for SHA224 RSA.
                • +
              • Added support for parsing public keys in OpenSSL ECC DER/PEM format.
                • +
              • Fixed support for SHA224 RSA.
            -

            Changes between 4.2.0 and 4.2.1 [June 2019]

            -

            This version fixes an out of bounds read in ASN.1 handling found by Tyler Nighswander (ForAllSecure).

            -

            Changes between 4.1.0 and 4.2.0 [May 2019]

            -

            This version adds a compile-time option that allows TLS 1.3 only builds, adds new getter APIs and fixes several bugs.

            + +

            Changes between 4.2.0 and 4.2.1 [June 2019]

            + +

            This version fixes an out of bounds read in ASN.1 handling +found by Tyler Nighswander (ForAllSecure).

            + +

            Changes between 4.1.0 and 4.2.0 [May 2019]

            + +

            This version adds a compile-time option that allows TLS 1.3 only +builds, adds new getter APIs and fixes several bugs.

            +

            • TLS:

              +
                -

              • Allow TLS 1.3 only builds by introducing the USE_TLS_1_3_ONLY compile-time option. This significantly reduces the minimum code footprint of TLS 1.3 builds. The example configuration tls13-minimal makes use of the new compile-time option.

                • -

              • Add the matrixSslGetUserPtr API. This getter API should be used instead of raw access to ssl->userPtr.

                • -

              • Added the matrixSslGetNegotiatedCiphersuite and matrixSslGetActiveCiphersuite APIs.

                • -

              • Added the matrixSslGetMasterSecret API. This API requires the ENABLE_MASTER_SECRET_EXPORT compile-time option, which is disabled by default.

                • -

              • Completely remove support for TLS record compression (unifdef USE_ZLIB_COMPRESSION). TLS record compression is almost never used in practice due to serious vulnerabilities associated with the feature (see e.g. the CRIME attack).

                • -

              • Fixed a bug where decrypting an alert in TLS 1.3 could cause matrixSslProcessed data to erroneously indicate that there is more application data to process.

                • -

              • Allow storing the unparsed certificate DER octets (in the unparsedBin member of psX509Cert_t) even in TLS 1.3.

                • -

              • Fix segfault when receiving a server certificate without the commonName component.

                • -

              • Fixed handshake failure with some clients that attempted to use a TLS 1.2 session ticket in a TLS 1.3 connection.

                • -

              • Fix build error with the USE_EXT_CERTIFICATE_VERIFY_SIGNING compile-time option.

                • -

              • Fix sslTest failure when using the USE_EXT_CERTIFICATE_VERIFY_SIGNING compile-time option.

                • -

              • Fix a bug that caused the server to sometimes select a TLS 1.3 ciphersuite even when TLS 1.2 or below had been negotiated.

                • -

              • Add Ed25519 test keys and certificates.

                • -

              • Add Ed25519 testing to sslTest. (Note that Ed25519 is only supported in TLS 1.3.)

                • +
              • Allow TLS 1.3 only builds by introducing the USETLS13ONLY +compile-time option. This significantly reduces the minimum code +footprint of TLS 1.3 builds. The example configuration +tls13-minimal makes use of the new compile-time option.
                • +
              • Add the matrixSslGetUserPtr API. This getter API should be used +instead of raw access to ssl->userPtr.
                • +
              • Added the matrixSslGetNegotiatedCiphersuite and +matrixSslGetActiveCiphersuite APIs.
                • +
              • Added the matrixSslGetMasterSecret API. This API requires the +ENABLEMASTERSECRET_EXPORT compile-time option, which is +disabled by default.
                • +
              • Completely remove support for TLS record compression (unifdef +USEZLIBCOMPRESSION). TLS record compression is almost never +used in practice due to serious vulnerabilities associated with +the feature (see e.g. the CRIME attack).
                • +
              • Fixed a bug where decrypting an alert in TLS 1.3 could cause +matrixSslProcessed data to erroneously indicate that there is +more application data to process.
                • +
              • Allow storing the unparsed certificate DER octets (in the +unparsedBin member of psX509Cert_t) even in TLS 1.3.
                • +
              • Fix segfault when receiving a server certificate without the +commonName component.
                • +
              • Fixed handshake failure with some clients that attempted to use +a TLS 1.2 session ticket in a TLS 1.3 connection.
                • +
              • Fix build error with the USEEXTCERTIFICATEVERIFYSIGNING +compile-time option.
                • +
              • Fix sslTest failure when using the +USEEXTCERTIFICATEVERIFYSIGNING compile-time option.
                • +
              • Fix a bug that caused the server to sometimes select a TLS 1.3 +ciphersuite even when TLS 1.2 or below had been negotiated.
                • +
              • Add Ed25519 test keys and certificates.
                • +
              • Add Ed25519 testing to sslTest. (Note that Ed25519 is only +supported in TLS 1.3.)

            • Crypto:

              +
                -

              • (FIPS Edition only): Fix a bug that prevented verification of RSA-SHA-1 signatures in FIPS mode. FIPS 140-2 allows verification of SHA-1 based signatures, but forbids generating such signatures.

                • -

              • Store the order of DN attributes in certificate subject and issuer fields.

                • -

              • Add an option to the psX509GetOnelineDN API that allows printing the DN attributes in the original order they were encoded in the parsed certificate.

                • -

              • Fix parsing of Ed25519 certificates.

                • -

              • Fix parsing of ECDSA-SHA224 certificates.

                • +
              • (FIPS Edition only): Fix a bug that prevented verification of +RSA-SHA-1 signatures in FIPS mode. FIPS 140-2 allows +verification of SHA-1 based signatures, but forbids generating +such signatures.
                • +
              • Store the order of DN attributes in certificate subject and +issuer fields.
                • +
              • Add an option to the psX509GetOnelineDN API that allows printing +the DN attributes in the original order they were encoded in the +parsed certificate.
                • +
              • Fix parsing of Ed25519 certificates.
                • +
              • Fix parsing of ECDSA-SHA224 certificates.
            -

            Changes between 4.0.2 and 4.1.0 [April 2019]

            + +

            Changes between 4.0.2 and 4.1.0 [April 2019]

            +

            • TLS:

              +
                -

              • (RoT Edition only): Added support for Inside Secure VaultIP (Root-of-Trust) crypto provider.

                • -

              • Improved the separation of private and public TLS header files for better private-public separation. The public headers now of the form matrixsslApi*.h, while private headers are of the form matrixssllib_*.h.

                • -

              • Added client-side support for X25519 in TLS 1.2.

                • -

              • Added client-side support for RSASSA-PSS signatures in TLS 1.2.

                • -

              • Added support for RSASSA-PSS key/cert pairs.

                • -

              • Fix vulnerabilities reported by Robert Święcki (discovered using Hongfuzzer): a server-side heap buffer read overflow when parsing maliciously crafted ClientHello extensions and a segfault in TLS 1.2 GCM decryption of maliciously crafted records with small ciphertext.

                • -

              • Added the simpleClient.c and simpleServer.c example applications. These are intended as minimalistic examples of how to use the top-level TLS API.

                • -

              • Fixed bugs in matrixSslSessOptsServerTlsVersionRange and matrixSslSessOptsClientTlsVersionRange.

                • -

              • Fixed bug that caused non-insitu app data encryption to fail in tls13EncodeAppData when using the matrixSslEncodeToOutdata API instead of the more standard matrixSslGetWriteBuf + matrixSslEncodeWritebuf pattern.

                • -

              • Added new minimal example configurations: tls12-minimal, tls12-minimal-client-ecc, tls13-minimal, tls13-minimal-client-ecc

                • -

              • When performing TLS 1.2 renegotiation, re-send the original ClientHello cipher list.

                • -

              • Added the USE_LENIENT_TLS_RECORD_VERSION_MATCHING compatibility option.

                • +
              • (RoT Edition only): Added support for Inside Secure VaultIP +(Root-of-Trust) crypto provider.
                • +
              • Improved the separation of private and public TLS header files +for better private-public separation. The public headers now of +the form matrixsslApi*.h, while private headers are of the form +matrixssllib_*.h.
                • +
              • Added client-side support for X25519 in TLS 1.2.
                • +
              • Added client-side support for RSASSA-PSS signatures in TLS 1.2.
                • +
              • Added support for RSASSA-PSS key/cert pairs.
                • +
              • Fix vulnerabilities reported by Robert Święcki (discovered using +Hongfuzzer): a server-side heap buffer read overflow when +parsing maliciously crafted ClientHello extensions and a +segfault in TLS 1.2 GCM decryption of maliciously crafted +records with small ciphertext.
                • +
              • Added the simpleClient.c and simpleServer.c example +applications. These are intended as minimalistic examples of how +to use the top-level TLS API.
                • +
              • Fixed bugs in matrixSslSessOptsServerTlsVersionRange and +matrixSslSessOptsClientTlsVersionRange.
                • +
              • Fixed bug that caused non-insitu app data encryption to fail in +tls13EncodeAppData when using the matrixSslEncodeToOutdata API +instead of the more standard matrixSslGetWriteBuf + +matrixSslEncodeWritebuf pattern.
                • +
              • Added new minimal example configurations: tls12-minimal, +tls12-minimal-client-ecc, tls13-minimal, +tls13-minimal-client-ecc
                • +
              • When performing TLS 1.2 renegotiation, re-send the original +ClientHello cipher list.
                • +
              • Added the USELENIENTTLSRECORDVERSION_MATCHING compatibility +option.
            -

            Changes between 4.0.1 and 4.0.2 [February 2019]

            -

            This version fixes a critical vulnerability in RSA signature verification. A maliciously crafted certificate can be used to trigger a stack buffer overflow, allowing potential remote code execution attacks. The vulnerability only affects version 4.0.1 and the standard Matrix Crypto provider. Other providers, such as the FIPS crypto provider, are not affected by the bug. Thanks to Tavis Ormandy for reporting this.

            -

            Changes between 4.0.0 and 4.0.1 [November 2018]

            -

            This version improves the security of RSA PKCS #1.5 signature verification and adds better support for run-time security configuration.

            + +

            Changes between 4.0.1 and 4.0.2 [February 2019]

            + +

            This version fixes a critical vulnerability in RSA signature +verification. A maliciously crafted certificate can be used to trigger +a stack buffer overflow, allowing potential remote code execution +attacks. The vulnerability only affects version 4.0.1 and the standard +Matrix Crypto provider. Other providers, such as the FIPS crypto +provider, are not affected by the bug. Thanks to Tavis Ormandy for +reporting this.

            + +

            Changes between 4.0.0 and 4.0.1 [November 2018]

            + +

            This version improves the security of RSA PKCS #1.5 signature +verification and adds better support for run-time security +configuration.

            +

            • TLS:

              +
                -

              • Added a run-time security callback feature (matrixSslRegisterSecurityCallback). The security callback can allow or deny a cryptographic operation based on the operation type and the key size. Currently only authentication and key exchange operations are supported. The default security callback supports pre-defined security profiles (matrixSslSetSecurityProfile).

                • -

              • Added an example security profile: WPA3 1.0 Enterprise 192-bit mode restrictions for EAP-TLS.

                • -

              • Added support for the TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 ciphersuite.

                • -

              • Changed the way how protocol version IDs are stored internally and rewrote most of the version negotiation code. This is almost entirely an internal code refactoring. To the API user, the only visible change is that version selection APIs now take in an argument of type psProtocolVersion_t instead of int32_t. See the API reference guide for details.

                • -

              • Refactored ServerKeyExchange signature generation and verification code.

                • +
              • Added a run-time security callback feature +(matrixSslRegisterSecurityCallback). The security callback can +allow or deny a cryptographic operation based on the operation +type and the key size. Currently only authentication and key +exchange operations are supported. The default security callback +supports pre-defined security profiles +(matrixSslSetSecurityProfile).
                • +
              • Added an example security profile: WPA3 1.0 Enterprise 192-bit +mode restrictions for EAP-TLS.
                • +
              • Added support for the TLSDHERSAWITHAES256GCM_SHA384 +ciphersuite.
                • +
              • Changed the way how protocol version IDs are stored internally +and rewrote most of the version negotiation code. This is almost +entirely an internal code refactoring. To the API user, the only +visible change is that version selection APIs now take in an +argument of type psProtocolVersiont instead of int32t. See the +API reference guide for details.
                • +
              • Refactored ServerKeyExchange signature generation and +verification code.

            • Crypto:

              +
                -

              • Changed from a parsing-based to a comparison-based approach in DigestInfo validation when verifying RSA PKCS #1.5 signatures. There are no known practical attacks against the old code, but the comparison-based approach is theoretically more sound. Thanks to Sze Yiu Chau from Purdue University for pointing this out.

                • -

              • (MatrixSSL FIPS Edition only:) Fix DH key exchange when using DH parameter files containing optional privateValueLength argument.

                • -

              • psX509AuthenticateCert now uses the common psVerifySig API for signature verification. Previously, CRLs and certificates used different code paths for signature verification.

                • +
              • Changed from a parsing-based to a comparison-based approach in +DigestInfo validation when verifying RSA PKCS #1.5 +signatures. There are no known practical attacks against the old +code, but the comparison-based approach is theoretically more +sound. Thanks to Sze Yiu Chau from Purdue University for +pointing this out.
                • +
              • (MatrixSSL FIPS Edition only:) Fix DH key exchange when using DH +parameter files containing optional privateValueLength argument.
                • +
              • psX509AuthenticateCert now uses the common psVerifySig API for +signature verification. Previously, CRLs and certificates used +different code paths for signature verification.
            -

            Changes between 3.9.5 and 4.0.0 [August 2018]

            -

            This version adds support for RFC 8446 (TLS 1.3), new APIs for configuring session options as well as fixes to security vulnerabilities.

            + +

            Changes between 3.9.5 and 4.0.0 [August 2018]

            + +

            This version adds support for RFC 8446 (TLS 1.3), new APIs for +configuring session options as well as fixes to security +vulnerabilities.

            +

            • TLS:

              +
                -
              • Added support for TLS 1.3 (RFC 8446 version) as well as draft versions 23, 24, 26 and 28.
                • +
              • Added support for TLS 1.3 (RFC 8446 version) as well as draft +versions 23, 24, 26 and 28.
              • Supported TLS 1.3 handshake types: +
                • Basic handshake with server authentication
                • Incorrect DHE key share (HelloRetryRequest) handshake
                  • @@ -128,12 +262,14 @@
                • 0RTT data handshake
              • Supported TLS 1.3 ciphersuites: +
                  -
                • TLS_AES_128_GCM_SHA256
                  • -
                • TLS_AES_256_GCM_SHA384
                  • -
                • TLS_CHACHA20_POLY1305_SHA256
                  • +
                • TLSAES128GCMSHA256
                  • +
                • TLSAES256GCMSHA384
                  • +
                • TLSCHACHA20POLY1305_SHA256
              • Supported key exchange modes in TLS 1.3: +
                • DHE with the ffdhe2048, ffdhe3072 and ffdhe4096 groups
                • ECDHE with the P-256, P-384, P-521 and X25519 groups
                  • @@ -141,6 +277,7 @@
                • PSK only
              • Supported signature algorithms in TLS 1.3: +
                • ECDSA with P-256, P-384 and P-521
                • Ed25519
                  • @@ -148,28 +285,37 @@
                • RSA PKCS #1.5 (certificates only)
              • Supported PKI features in TLS 1.3: +
                • X.509 certificates
                • CRLs
                • OCSP stapling
              • Supported TLS 1.3 extensions: +
                • supported_versions
                • supported_groups
                • key_share
                • signature_algorithms
                  • -
                • signature_algorithms_cert
                  • +
                • signaturealgorithmscert
                • server_name
                • certificate_authorities
                • cookie
                • status_request
                  • -
                • max_fragment_length
                  • +
                • maxfragmentlength
              • Support for TLS 1.3 record padding
                • -
              • Fixed several client-side crashes and undefined behaviours on maliciously crafted server messages. The bugs were found using TLS-Attacker. Thanks to Robert Merget from the Ruhr-University Bochum for reporting these.
                • -
              • Added the matrixSslSessOptsSetServerTlsVersions and matrixSslSessOptsSetClientTlsVersions APIs for selecting the supported protocol versions at run-time. Please consult the API reference for details.
                • +
              • Fixed several client-side crashes and undefined behaviours on +maliciously crafted server messages. The bugs were found using +TLS-Attacker. Thanks to Robert Merget from the Ruhr-University +Bochum for reporting these.
                • +
              • Added the matrixSslSessOptsSetServerTlsVersions and +matrixSslSessOptsSetClientTlsVersions APIs for selecting the +supported protocol versions at run-time. Please consult the API +reference for details.
              • Added a couple of TLS 1.3 specific APIs: +
                • matrixSslSessOptsSetSigAlgsCert
                • matrixSslSessOptsSetKeyExGroups
                  • @@ -178,52 +324,87 @@
                • matrixSslLoadTls13Psks
                • matrixSslSetTls13BlockPadding
                • -
              • Added an API for selecting supported signature algorithms: (usable in both TLS 1.3 and TLS 1.2): +
              • Added an API for selecting supported signature algorithms: +(usable in both TLS 1.3 and TLS 1.2): +
                • matrixSslSessOptsSetSigAlgs
                • -
              • Added new example configurations. The recommended configuration for using TLS 1.3 and below is tls13 (Commercial Edition) or nonfips-tls13 (FIPS Edition)
                • -
              • Updated and improved the Developer Guide and the MatrixSSL APIs reference document.
                • +
              • Added new example configurations. The recommended configuration +for using TLS 1.3 and below is tls13 (Commercial Edition) or +nonfips-tls13 (FIPS Edition)
                • +
              • Updated and improved the Developer Guide and the MatrixSSL APIs +reference document.
              • Improved the example client and server programs and fixed bugs.
              • Resend user extensions (e.g. SNI) when responding to HelloRequest
                • -
              • sslTest now allows specifying the ciphersuites and protocol versions to test via environment variables.
                • -
              • Improvements to identity management, including support for loading multiple identities (key and cert pairs) during initialization and postponed key and cert loading. See the MatrixSSL Developer Guide for details.
                • +
              • sslTest now allows specifying the ciphersuites and protocol +versions to test via environment variables.
                • +
              • Improvements to identity management, including support for +loading multiple identities (key and cert pairs) during +initialization and postponed key and cert loading. See the +MatrixSSL Developer Guide for details.
              • Refactored key loading and protocol version negotiation.
                • -
              • Fixed server-side signature algorithm selection when the server certificate is signed with a different algorithm (RSA or ECDSA) than the public key contain therein.
                • -
              • Much improved TLS-level debug prints and logging (tlsTrace.c). USE_SSL_HANDSHAKE_MSG_TRACE now consistently enables messages such as "parsing/creating handshake message X or extension Y". USE_SSL_INFORMATIONAL_TRACE now prints out more details on the contents of handshake messages and extensions.
                • +
              • Fixed server-side signature algorithm selection when the server +certificate is signed with a different algorithm (RSA or ECDSA) +than the public key contain therein.
                • +
              • Much improved TLS-level debug prints and logging +(tlsTrace.c). USESSLHANDSHAKEMSGTRACE now consistently +enables messages such as "parsing/creating handshake message X +or extension Y". USESSLINFORMATIONAL_TRACE now prints out more +details on the contents of handshake messages and extensions.
              • Refactored public header files.

            • Crypto:

              +
                -
              • NCC Group'ss Keegan Ryan has found a side-channel attack affecting multiple cryptographic libraries. The "ROHNP" Key Extraction Side Channel (CVE-2018-0495) has been fixed.
                • +
              • NCC Group'ss Keegan Ryan has found a side-channel attack +affecting multiple cryptographic libraries. The "ROHNP" Key +Extraction Side Channel (CVE-2018-0495) has been fixed.
              • Added support for Ed25519 signatures in TLS 1.3
              • Added support for ECDHE with X25519 in TLS 1.3
                • -
              • Added algorithm-independent signature and verification APIs: psSign and psVerify.
                • -
              • Source file reorganization. New new naming scheme aims for better consistency, clarity and makes it easier to ifdef out unneeded features.
                • -
              • Added psEccWritePrivKeyMem and psEccWritePrivKeyFile the public crypto API
                • +
              • Added algorithm-independent signature and verification APIs: +psSign and psVerify.
                • +
              • Source file reorganization. New new naming scheme aims for +better consistency, clarity and makes it easier to ifdef out +unneeded features.
                • +
              • Added psEccWritePrivKeyMem and psEccWritePrivKeyFile the public +crypto API

            • X.509 and PKCS standards

              +
              • Fixed processing of indefinite expiration date (31.12.9999).
              • Basic Constraints no longer unconditionally added when generating CSR data
              • Session option for requesting subrange of allowed tls versions.
              • Specify certificate validity dates when generating certificate.
                • -
              • Support for reading PKCS #12 and CA certificates from memory (der encoded).
                • -
              • Support for key usage encipher only and decipher only bits in generating certificate generation.
                • +
              • Support for reading PKCS #12 and CA certificates from memory +(der encoded).
                • +
              • Support for key usage encipher only and decipher only bits +in generating certificate generation.
              • Option for MD2/MD4/MD5 signatures compatibility on certificates.
                • -
              • X.509 certificates allow NIL character at the end of GeneralName field. This is for compatibility with various other products.
                • -
              • It is now possible to compile X.509 certificate and CSR generation code only ECC or RSA support for smaller footprint.
                • -
              • Added Ed25519 specific functions such as psEd25519ParsePrivKey, psEd25519Sign, etc.
                • +
              • X.509 certificates allow NIL character at the end of GeneralName field. +This is for compatibility with various other products.
                • +
              • It is now possible to compile X.509 certificate and CSR +generation code only ECC or RSA support for smaller footprint.
                • +
              • Added Ed25519 specific functions such as psEd25519ParsePrivKey, +psEd25519Sign, etc.

            • Other changes

              +
                -
              • Added export.mk, which generates example binary packaging of a previously compiled MatrixSSL package and includes two of the example applications within the package. This package shows how to export MatrixSSL includes and libraries outside the source tree keeping configuration with the includes.
                • +
              • Added export.mk, which generates example binary packaging of a +previously compiled MatrixSSL package and includes two of the +example applications within the package. This package shows how +to export MatrixSSL includes and libraries outside the source tree +keeping configuration with the includes.

            • Known issues

              +
              • The TLS 1.3 code has not yet been fully optimized for footprint.
                • -
              • If the client sends a TLS 1.3 ClientHello with X25519 as the key exchange group, the server downgrades to TLS 1.2 but still wishes to use X25519, the handshake will fail, because MatrixSSL does not yet support X25519 in TLS 1.2 and below.
                • +
              • If the client sends a TLS 1.3 ClientHello with X25519 as the key +exchange group, the server downgrades to TLS 1.2 but still +wishes to use X25519, the handshake will fail, because MatrixSSL +does not yet support X25519 in TLS 1.2 and below.
            - - diff --git a/doc/CHANGES_v4.x.md b/doc/CHANGES_v4.x.md index 4e54014..6d2f6bd 100644 --- a/doc/CHANGES_v4.x.md +++ b/doc/CHANGES_v4.x.md @@ -1,5 +1,36 @@ # MatrixSSL 4.x changelog +## Changes between 4.5.0 and 4.5.1 [July 2022] + + * Fix a usage of return value of psX509ParseCert when a flag is set + +## Changes between 4.4.0 and 4.5.0 [June 2022] + + * Enabled RSA SHA512 signature algorithm in TLS1.2 certrequest. + * Enabled SHA512 in privRsaEncryptSignedElement. + * Fixed DTLS change cipher spec retransmit epoch. + * Compilation warning fixes. + * Memory leak fixes. + +## Changes between 4.3.0 and 4.4.0 [December 2021] + + * Fixed a type mismatch in matrixCmsParseEnvelopedDataBuf. + * Increased the value of MAX_OID_BYTES to 48. + * Changes to the handling of the validity time in self generated certs. + * Fixed a possible vulnerability in parseAuthorityInfoAccess + discovered by Tavis Ormandy (Github issue #44). + * Fixed a memory leak in getExplicitExtensions + discovered by Tavis Ormandy (Github issue #43). + * Fixed vulnerability in SHA256 intialisation discovered by Marcel Maehren, + Philipp Nieting, Sven Hebrok, Robert Merget, Juraj Somorovsky and + Jörg Schwenk from Ruhr University Bochum and Paderborn-University. + * Fixes in cross certificate handling. + * Fixed a bug in pkcs1Pad. + * Fixed a bug in psX963KeyDerivation. + * Fixed the default behaviour when TLS version is not explicitly specified. + * Fixed compilation errors when using debugging. + * Memory leak fixes. + ## Changes between 4.2.2 and 4.3.0 [June 2020] * Added a constant-time variant of eccMulmod, in response to the Minerva attack. diff --git a/doc/CHANGES_v4.x.txt b/doc/CHANGES_v4.x.txt index 52d11f6..23fef3e 100644 --- a/doc/CHANGES_v4.x.txt +++ b/doc/CHANGES_v4.x.txt @@ -1,367 +1,343 @@ - - -MATRIXSSL 4.X CHANGELOG - - -Changes between 4.2.2 and 4.3.0 [June 2020] - - * Added a constant-time variant of eccMulmod, in response to the Minerva attack. - * Fixed a possible infinite loop in message parsing discovered by - Andreas Walz (ivESK). - * Timing sidechannel mitigation (Github issue #23). - * Change hard coded values to enums in matrixSslLoadKeys (Github issue #35). - * Disabled TLS 1.3 draft versions by default. - * Fixes TLS 1.2 session ticket based resumption. - * May only enable either PS_PUBKEY_OPTIMIZE_FOR_FASTER_SPEED or - PS_PUBKEY_OPTIMIZE_FOR_SMALLER_RAM (Github issue #37). - * Channel Bindings for TLS (only for TLS 1.2 and below), new APIs added - - matrixSslGetFinished - - matrixSslGetPeerFinished - - matrixSslGetTlsUniqueChannelBindings - * Added API for accessing MatrixSSL structures without direct access - to structure members. Use of this API will slightly enlarge the - MatrixSSL binary but will enable building software that is not - dependent on exact binary layout of structures such as ssl_t. - * Fixes the bug when NULL keydata was used in sslLoadKeyPair() function. - * Other bug fixes. - - -Changes between 4.2.1 and 4.2.2 [August 2019] - -This version fixes a few security issues related to DTLS and handshake -message length. It also defines the size of psBool_t to be equivalent to -bool on both x86 and ARM platforms. - -- TLS: - - - Fixed vulenerabilities and bugs related to DTLS discovered by - Jakub Botwicz (Samsung R&D Poland). - - - Limited handshake message length. - -- Crypto - - - Added support for parsing public keys in OpenSSL ECC DER/PEM - format. - - Fixed support for SHA224 RSA. - - -Changes between 4.2.0 and 4.2.1 [June 2019] - -This version fixes an out of bounds read in ASN.1 handling found by -Tyler Nighswander (ForAllSecure). - - -Changes between 4.1.0 and 4.2.0 [May 2019] - -This version adds a compile-time option that allows TLS 1.3 only builds, -adds new getter APIs and fixes several bugs. - -- TLS: - - - Allow TLS 1.3 only builds by introducing the USE_TLS_1_3_ONLY - compile-time option. This significantly reduces the minimum code - footprint of TLS 1.3 builds. The example configuration - tls13-minimal makes use of the new compile-time option. - - - Add the matrixSslGetUserPtr API. This getter API should be used - instead of raw access to ssl->userPtr. - - - Added the matrixSslGetNegotiatedCiphersuite and - matrixSslGetActiveCiphersuite APIs. - - - Added the matrixSslGetMasterSecret API. This API requires the - ENABLE_MASTER_SECRET_EXPORT compile-time option, which is - disabled by default. - - - Completely remove support for TLS record compression - (unifdef USE_ZLIB_COMPRESSION). TLS record compression is almost - never used in practice due to serious vulnerabilities associated - with the feature (see e.g. the CRIME attack). - - - Fixed a bug where decrypting an alert in TLS 1.3 could cause - matrixSslProcessed data to erroneously indicate that there is - more application data to process. - - - Allow storing the unparsed certificate DER octets (in the - unparsedBin member of psX509Cert_t) even in TLS 1.3. - - - Fix segfault when receiving a server certificate without the - commonName component. - - - Fixed handshake failure with some clients that attempted to use - a TLS 1.2 session ticket in a TLS 1.3 connection. - - - Fix build error with the USE_EXT_CERTIFICATE_VERIFY_SIGNING - compile-time option. - - - Fix sslTest failure when using the - USE_EXT_CERTIFICATE_VERIFY_SIGNING compile-time option. - - - Fix a bug that caused the server to sometimes select a TLS 1.3 - ciphersuite even when TLS 1.2 or below had been negotiated. - - - Add Ed25519 test keys and certificates. - - - Add Ed25519 testing to sslTest. (Note that Ed25519 is only - supported in TLS 1.3.) - -- Crypto: - - - (FIPS Edition only): Fix a bug that prevented verification of - RSA-SHA-1 signatures in FIPS mode. FIPS 140-2 allows - verification of SHA-1 based signatures, but forbids generating - such signatures. - - - Store the order of DN attributes in certificate subject and - issuer fields. - - - Add an option to the psX509GetOnelineDN API that allows printing - the DN attributes in the original order they were encoded in the - parsed certificate. - - - Fix parsing of Ed25519 certificates. - - - Fix parsing of ECDSA-SHA224 certificates. - - -Changes between 4.0.2 and 4.1.0 [April 2019] - -- TLS: - - - (RoT Edition only): Added support for Inside Secure - VaultIP (Root-of-Trust) crypto provider. - - - Improved the separation of private and public TLS header files - for better private-public separation. The public headers now of - the form matrixsslApi*.h, while private headers are of the - form matrixssllib_*.h. - - - Added client-side support for X25519 in TLS 1.2. - - - Added client-side support for RSASSA-PSS signatures in TLS 1.2. - - - Added support for RSASSA-PSS key/cert pairs. - - - Fix vulnerabilities reported by Robert Święcki (discovered using - Hongfuzzer): a server-side heap buffer read overflow when - parsing maliciously crafted ClientHello extensions and a - segfault in TLS 1.2 GCM decryption of maliciously crafted - records with small ciphertext. - - - Added the simpleClient.c and simpleServer.c - example applications. These are intended as minimalistic - examples of how to use the top-level TLS API. - - - Fixed bugs in matrixSslSessOptsServerTlsVersionRange - and matrixSslSessOptsClientTlsVersionRange. - - - Fixed bug that caused non-insitu app data encryption to fail in - tls13EncodeAppData when using the matrixSslEncodeToOutdata API - instead of the more standard matrixSslGetWriteBuf + - matrixSslEncodeWritebuf pattern. - - - Added new minimal example configurations: tls12-minimal, - tls12-minimal-client-ecc, tls13-minimal, - tls13-minimal-client-ecc - - - When performing TLS 1.2 renegotiation, re-send the original - ClientHello cipher list. - - - Added the USE_LENIENT_TLS_RECORD_VERSION_MATCHING - compatibility option. - - -Changes between 4.0.1 and 4.0.2 [February 2019] - -This version fixes a critical vulnerability in RSA signature -verification. A maliciously crafted certificate can be used to trigger a -stack buffer overflow, allowing potential remote code execution attacks. -The vulnerability only affects version 4.0.1 and the standard Matrix -Crypto provider. Other providers, such as the FIPS crypto provider, are -not affected by the bug. Thanks to Tavis Ormandy for reporting this. - - -Changes between 4.0.0 and 4.0.1 [November 2018] - -This version improves the security of RSA PKCS #1.5 signature -verification and adds better support for run-time security -configuration. - -- TLS: - - - Added a run-time security callback - feature (matrixSslRegisterSecurityCallback). The security - callback can allow or deny a cryptographic operation based on - the operation type and the key size. Currently only - authentication and key exchange operations are supported. The - default security callback supports pre-defined security - profiles (matrixSslSetSecurityProfile). - - - Added an example security profile: WPA3 1.0 Enterprise 192-bit - mode restrictions for EAP-TLS. - - - Added support for the - TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 ciphersuite. - - - Changed the way how protocol version IDs are stored internally - and rewrote most of the version negotiation code. This is almost - entirely an internal code refactoring. To the API user, the only - visible change is that version selection APIs now take in an - argument of type psProtocolVersion_t instead of int32_t. See the - API reference guide for details. - - - Refactored ServerKeyExchange signature generation and - verification code. - -- Crypto: - - - Changed from a parsing-based to a comparison-based approach in - DigestInfo validation when verifying RSA PKCS #1.5 signatures. - There are no known practical attacks against the old code, but - the comparison-based approach is theoretically more sound. - Thanks to Sze Yiu Chau from Purdue University for pointing - this out. - - - (MatrixSSL FIPS Edition only:) Fix DH key exchange when using DH - parameter files containing optional privateValueLength argument. - - - psX509AuthenticateCert now uses the common psVerifySig API for - signature verification. Previously, CRLs and certificates used - different code paths for signature verification. - - -Changes between 3.9.5 and 4.0.0 [August 2018] - -This version adds support for RFC 8446 (TLS 1.3), new APIs for -configuring session options as well as fixes to security -vulnerabilities. - -- TLS: - - - Added support for TLS 1.3 (RFC 8446 version) as well as draft - versions 23, 24, 26 and 28. - - Supported TLS 1.3 handshake types: - - Basic handshake with server authentication - - Incorrect DHE key share (HelloRetryRequest) handshake - - PSK handshake - - Resumed handshake - - 0RTT data handshake - - Supported TLS 1.3 ciphersuites: - - TLS_AES_128_GCM_SHA256 - - TLS_AES_256_GCM_SHA384 - - TLS_CHACHA20_POLY1305_SHA256 - - Supported key exchange modes in TLS 1.3: - - DHE with the ffdhe2048, ffdhe3072 and ffdhe4096 groups - - ECDHE with the P-256, P-384, P-521 and X25519 groups - - PSK with (EC)DHE - - PSK only - - Supported signature algorithms in TLS 1.3: - - ECDSA with P-256, P-384 and P-521 - - Ed25519 - - RSASSA-PSS - - RSA PKCS #1.5 (certificates only) - - Supported PKI features in TLS 1.3: - - X.509 certificates - - CRLs - - OCSP stapling - - Supported TLS 1.3 extensions: - - supported_versions - - supported_groups - - key_share - - signature_algorithms - - signature_algorithms_cert - - server_name - - certificate_authorities - - cookie - - status_request - - max_fragment_length - - Support for TLS 1.3 record padding - - Fixed several client-side crashes and undefined behaviours on - maliciously crafted server messages. The bugs were found - using TLS-Attacker. Thanks to Robert Merget from the - Ruhr-University Bochum for reporting these. - - Added the matrixSslSessOptsSetServerTlsVersions and - matrixSslSessOptsSetClientTlsVersions APIs for selecting the - supported protocol versions at run-time. Please consult the API - reference for details. - - Added a couple of TLS 1.3 specific APIs: - - matrixSslSessOptsSetSigAlgsCert - - matrixSslSessOptsSetKeyExGroups - - matrixSslGetEarlyDataStatus - - matrixSslGetMaxEarlyData - - matrixSslLoadTls13Psks - - matrixSslSetTls13BlockPadding - - Added an API for selecting supported signature algorithms: - (usable in both TLS 1.3 and TLS 1.2): - - matrixSslSessOptsSetSigAlgs - - Added new example configurations. The recommended configuration - for using TLS 1.3 and below is tls13 (Commercial Edition) or - nonfips-tls13 (FIPS Edition) - - Updated and improved the Developer Guide and the MatrixSSL APIs - reference document. - - Improved the example client and server programs and fixed bugs. - - Resend user extensions (e.g. SNI) when responding to - HelloRequest - - sslTest now allows specifying the ciphersuites and protocol - versions to test via environment variables. - - Improvements to identity management, including support for - loading multiple identities (key and cert pairs) during - initialization and postponed key and cert loading. See the - MatrixSSL Developer Guide for details. - - Refactored key loading and protocol version negotiation. - - Fixed server-side signature algorithm selection when the server - certificate is signed with a different algorithm (RSA or ECDSA) - than the public key contain therein. - - Much improved TLS-level debug prints and logging (tlsTrace.c). - USE_SSL_HANDSHAKE_MSG_TRACE now consistently enables messages - such as "parsing/creating handshake message X or extension Y". - USE_SSL_INFORMATIONAL_TRACE now prints out more details on the - contents of handshake messages and extensions. - - Refactored public header files. -- Crypto: - - - NCC Group'ss Keegan Ryan has found a side-channel attack - affecting multiple cryptographic libraries. The "ROHNP" Key - Extraction Side Channel (CVE-2018-0495) has been fixed. - - Added support for Ed25519 signatures in TLS 1.3 - - Added support for ECDHE with X25519 in TLS 1.3 - - Added algorithm-independent signature and verification APIs: - psSign and psVerify. - - Source file reorganization. New new naming scheme aims for - better consistency, clarity and makes it easier to ifdef out - unneeded features. - - Added psEccWritePrivKeyMem and psEccWritePrivKeyFile the public - crypto API -- X.509 and PKCS standards - - - Fixed processing of indefinite expiration date (31.12.9999). - - Basic Constraints no longer unconditionally added when - generating CSR data - - Session option for requesting subrange of allowed tls versions. - - Specify certificate validity dates when generating certificate. - - Support for reading PKCS #12 and CA certificates from memory - (der encoded). - - Support for key usage encipher only and decipher only bits in - generating certificate generation. - - Option for MD2/MD4/MD5 signatures compatibility on certificates. - - X.509 certificates allow NIL character at the end of GeneralName - field. This is for compatibility with various other products. - - It is now possible to compile X.509 certificate and CSR - generation code only ECC or RSA support for smaller footprint. - - Added Ed25519 specific functions such as psEd25519ParsePrivKey, - psEd25519Sign, etc. -- Other changes - - - Added export.mk, which generates example binary packaging of a - previously compiled MatrixSSL package and includes two of the - example applications within the package. This package shows how - to export MatrixSSL includes and libraries outside the source - tree keeping configuration with the includes. -- Known issues - - - The TLS 1.3 code has not yet been fully optimized for footprint. - - If the client sends a TLS 1.3 ClientHello with X25519 as the key - exchange group, the server downgrades to TLS 1.2 but still - wishes to use X25519, the handshake will fail, because MatrixSSL - does not yet support X25519 in TLS 1.2 and below. + MatrixSSL 4.x changelog + +Changes between 4.5.0 and 4.5.1 [July 2022] + +* Fix a usage of return value of psX509ParseCert when a flag is set + +Changes between 4.4.0 and 4.5.0 [June 2022] + +* Enabled RSA SHA512 signature algorithm in TLS1.2 certrequest. +* Enabled SHA512 in privRsaEncryptSignedElement. +* Fixed DTLS change cipher spec retransmit epoch. +* Compilation warning fixes. +* Memory leak fixes. + +Changes between 4.3.0 and 4.4.0 [December 2021] + +* Fixed a type mismatch in matrixCmsParseEnvelopedDataBuf. +* Increased the value of MAX_OID_BYTES to 48. +* Changes to the handling of the validity time in self generated certs. +* Fixed a possible vulnerability in parseAuthorityInfoAccess + discovered by Tavis Ormandy (Github issue #44). +* Fixed a memory leak in getExplicitExtensions + discovered by Tavis Ormandy (Github issue #43). +* Fixed vulnerability in SHA256 intialisation discovered by Marcel Maehren, + Philipp Nieting, Sven Hebrok, Robert Merget, Juraj Somorovsky and + Jörg Schwenk from Ruhr University Bochum and Paderborn-University. +* Fixes in cross certificate handling. +* Fixed a bug in pkcs1Pad. +* Fixed a bug in psX963KeyDerivation. +* Fixed the default behaviour when TLS version is not explicitly specified. +* Fixed compilation errors when using debugging. +* Memory leak fixes. + +Changes between 4.2.2 and 4.3.0 [June 2020] + +* Added a constant-time variant of eccMulmod, in response to the Minerva attack. +* Fixed a possible infinite loop in message parsing discovered by + Andreas Walz (ivESK). +* Timing sidechannel mitigation (Github issue #23). +* Change hard coded values to enums in matrixSslLoadKeys (Github issue #35). +* Disabled TLS 1.3 draft versions by default. +* Fixes TLS 1.2 session ticket based resumption. +* May only enable either PS_PUBKEY_OPTIMIZE_FOR_FASTER_SPEED or + PS_PUBKEY_OPTIMIZE_FOR_SMALLER_RAM (Github issue #37). +* Channel Bindings for TLS (only for TLS 1.2 and below), new APIs added + - matrixSslGetFinished + - matrixSslGetPeerFinished + - matrixSslGetTlsUniqueChannelBindings +* Added API for accessing MatrixSSL structures without direct access + to structure members. Use of this API will slightly enlarge the + MatrixSSL binary but will enable building software that is not + dependent on exact binary layout of structures such as ssl_t. +* Fixes the bug when NULL keydata was used in sslLoadKeyPair() function. +* Other bug fixes. + +Changes between 4.2.1 and 4.2.2 [August 2019] + + This version fixes a few security issues related to DTLS and handshake + message length. It also defines the size of psBool_t to be equivalent + to bool on both x86 and ARM platforms. + * TLS: + + Fixed vulenerabilities and bugs related to DTLS discovered by + Jakub Botwicz (Samsung R&D Poland). + + Limited handshake message length. + * Crypto + + Added support for parsing public keys in OpenSSL ECC DER/PEM + format. + + Fixed support for SHA224 RSA. + +Changes between 4.2.0 and 4.2.1 [June 2019] + + This version fixes an out of bounds read in ASN.1 handling found by + Tyler Nighswander (ForAllSecure). + +Changes between 4.1.0 and 4.2.0 [May 2019] + + This version adds a compile-time option that allows TLS 1.3 only + builds, adds new getter APIs and fixes several bugs. + * TLS: + + Allow TLS 1.3 only builds by introducing the USETLS13ONLY + compile-time option. This significantly reduces the minimum + code footprint of TLS 1.3 builds. The example configuration + tls13-minimal makes use of the new compile-time option. + + Add the matrixSslGetUserPtr API. This getter API should be + used instead of raw access to ssl->userPtr. + + Added the matrixSslGetNegotiatedCiphersuite and + matrixSslGetActiveCiphersuite APIs. + + Added the matrixSslGetMasterSecret API. This API requires the + ENABLEMASTERSECRET_EXPORT compile-time option, which is + disabled by default. + + Completely remove support for TLS record compression (unifdef + USEZLIBCOMPRESSION). TLS record compression is almost never + used in practice due to serious vulnerabilities associated + with the feature (see e.g. the CRIME attack). + + Fixed a bug where decrypting an alert in TLS 1.3 could cause + matrixSslProcessed data to erroneously indicate that there is + more application data to process. + + Allow storing the unparsed certificate DER octets (in the + unparsedBin member of psX509Cert_t) even in TLS 1.3. + + Fix segfault when receiving a server certificate without the + commonName component. + + Fixed handshake failure with some clients that attempted to + use a TLS 1.2 session ticket in a TLS 1.3 connection. + + Fix build error with the USEEXTCERTIFICATEVERIFYSIGNING + compile-time option. + + Fix sslTest failure when using the + USEEXTCERTIFICATEVERIFYSIGNING compile-time option. + + Fix a bug that caused the server to sometimes select a TLS 1.3 + ciphersuite even when TLS 1.2 or below had been negotiated. + + Add Ed25519 test keys and certificates. + + Add Ed25519 testing to sslTest. (Note that Ed25519 is only + supported in TLS 1.3.) + * Crypto: + + (FIPS Edition only): Fix a bug that prevented verification of + RSA-SHA-1 signatures in FIPS mode. FIPS 140-2 allows + verification of SHA-1 based signatures, but forbids generating + such signatures. + + Store the order of DN attributes in certificate subject and + issuer fields. + + Add an option to the psX509GetOnelineDN API that allows + printing the DN attributes in the original order they were + encoded in the parsed certificate. + + Fix parsing of Ed25519 certificates. + + Fix parsing of ECDSA-SHA224 certificates. + +Changes between 4.0.2 and 4.1.0 [April 2019] + + * TLS: + + (RoT Edition only): Added support for Inside Secure VaultIP + (Root-of-Trust) crypto provider. + + Improved the separation of private and public TLS header files + for better private-public separation. The public headers now + of the form matrixsslApi*.h, while private headers are of the + form matrixssllib_*.h. + + Added client-side support for X25519 in TLS 1.2. + + Added client-side support for RSASSA-PSS signatures in TLS + 1.2. + + Added support for RSASSA-PSS key/cert pairs. + + Fix vulnerabilities reported by Robert Święcki (discovered + using Hongfuzzer): a server-side heap buffer read overflow + when parsing maliciously crafted ClientHello extensions and a + segfault in TLS 1.2 GCM decryption of maliciously crafted + records with small ciphertext. + + Added the simpleClient.c and simpleServer.c example + applications. These are intended as minimalistic examples of + how to use the top-level TLS API. + + Fixed bugs in matrixSslSessOptsServerTlsVersionRange and + matrixSslSessOptsClientTlsVersionRange. + + Fixed bug that caused non-insitu app data encryption to fail + in tls13EncodeAppData when using the matrixSslEncodeToOutdata + API instead of the more standard matrixSslGetWriteBuf + + matrixSslEncodeWritebuf pattern. + + Added new minimal example configurations: tls12-minimal, + tls12-minimal-client-ecc, tls13-minimal, + tls13-minimal-client-ecc + + When performing TLS 1.2 renegotiation, re-send the original + ClientHello cipher list. + + Added the USELENIENTTLSRECORDVERSION_MATCHING compatibility + option. + +Changes between 4.0.1 and 4.0.2 [February 2019] + + This version fixes a critical vulnerability in RSA signature + verification. A maliciously crafted certificate can be used to trigger + a stack buffer overflow, allowing potential remote code execution + attacks. The vulnerability only affects version 4.0.1 and the standard + Matrix Crypto provider. Other providers, such as the FIPS crypto + provider, are not affected by the bug. Thanks to Tavis Ormandy for + reporting this. + +Changes between 4.0.0 and 4.0.1 [November 2018] + + This version improves the security of RSA PKCS #1.5 signature + verification and adds better support for run-time security + configuration. + * TLS: + + Added a run-time security callback feature + (matrixSslRegisterSecurityCallback). The security callback can + allow or deny a cryptographic operation based on the operation + type and the key size. Currently only authentication and key + exchange operations are supported. The default security + callback supports pre-defined security profiles + (matrixSslSetSecurityProfile). + + Added an example security profile: WPA3 1.0 Enterprise 192-bit + mode restrictions for EAP-TLS. + + Added support for the TLSDHERSAWITHAES256GCM_SHA384 + ciphersuite. + + Changed the way how protocol version IDs are stored internally + and rewrote most of the version negotiation code. This is + almost entirely an internal code refactoring. To the API user, + the only visible change is that version selection APIs now + take in an argument of type psProtocolVersiont instead of + int32t. See the API reference guide for details. + + Refactored ServerKeyExchange signature generation and + verification code. + * Crypto: + + Changed from a parsing-based to a comparison-based approach in + DigestInfo validation when verifying RSA PKCS #1.5 signatures. + There are no known practical attacks against the old code, but + the comparison-based approach is theoretically more sound. + Thanks to Sze Yiu Chau from Purdue University for pointing + this out. + + (MatrixSSL FIPS Edition only:) Fix DH key exchange when using + DH parameter files containing optional privateValueLength + argument. + + psX509AuthenticateCert now uses the common psVerifySig API for + signature verification. Previously, CRLs and certificates used + different code paths for signature verification. + +Changes between 3.9.5 and 4.0.0 [August 2018] + + This version adds support for RFC 8446 (TLS 1.3), new APIs for + configuring session options as well as fixes to security + vulnerabilities. + * TLS: + + Added support for TLS 1.3 (RFC 8446 version) as well as draft + versions 23, 24, 26 and 28. + + Supported TLS 1.3 handshake types: + o Basic handshake with server authentication + o Incorrect DHE key share (HelloRetryRequest) handshake + o PSK handshake + o Resumed handshake + o 0RTT data handshake + + Supported TLS 1.3 ciphersuites: + o TLSAES128GCMSHA256 + o TLSAES256GCMSHA384 + o TLSCHACHA20POLY1305_SHA256 + + Supported key exchange modes in TLS 1.3: + o DHE with the ffdhe2048, ffdhe3072 and ffdhe4096 groups + o ECDHE with the P-256, P-384, P-521 and X25519 groups + o PSK with (EC)DHE + o PSK only + + Supported signature algorithms in TLS 1.3: + o ECDSA with P-256, P-384 and P-521 + o Ed25519 + o RSASSA-PSS + o RSA PKCS #1.5 (certificates only) + + Supported PKI features in TLS 1.3: + o X.509 certificates + o CRLs + o OCSP stapling + + Supported TLS 1.3 extensions: + o supported_versions + o supported_groups + o key_share + o signature_algorithms + o signaturealgorithmscert + o server_name + o certificate_authorities + o cookie + o status_request + o maxfragmentlength + + Support for TLS 1.3 record padding + + Fixed several client-side crashes and undefined behaviours on + maliciously crafted server messages. The bugs were found using + TLS-Attacker. Thanks to Robert Merget from the Ruhr-University + Bochum for reporting these. + + Added the matrixSslSessOptsSetServerTlsVersions and + matrixSslSessOptsSetClientTlsVersions APIs for selecting the + supported protocol versions at run-time. Please consult the + API reference for details. + + Added a couple of TLS 1.3 specific APIs: + o matrixSslSessOptsSetSigAlgsCert + o matrixSslSessOptsSetKeyExGroups + o matrixSslGetEarlyDataStatus + o matrixSslGetMaxEarlyData + o matrixSslLoadTls13Psks + o matrixSslSetTls13BlockPadding + + Added an API for selecting supported signature algorithms: + (usable in both TLS 1.3 and TLS 1.2): + o matrixSslSessOptsSetSigAlgs + + Added new example configurations. The recommended + configuration for using TLS 1.3 and below is tls13 (Commercial + Edition) or nonfips-tls13 (FIPS Edition) + + Updated and improved the Developer Guide and the MatrixSSL + APIs reference document. + + Improved the example client and server programs and fixed + bugs. + + Resend user extensions (e.g. SNI) when responding to + HelloRequest + + sslTest now allows specifying the ciphersuites and protocol + versions to test via environment variables. + + Improvements to identity management, including support for + loading multiple identities (key and cert pairs) during + initialization and postponed key and cert loading. See the + MatrixSSL Developer Guide for details. + + Refactored key loading and protocol version negotiation. + + Fixed server-side signature algorithm selection when the + server certificate is signed with a different algorithm (RSA + or ECDSA) than the public key contain therein. + + Much improved TLS-level debug prints and logging (tlsTrace.c). + USESSLHANDSHAKEMSGTRACE now consistently enables messages such + as "parsing/creating handshake message X or extension Y". + USESSLINFORMATIONAL_TRACE now prints out more details on the + contents of handshake messages and extensions. + + Refactored public header files. + * Crypto: + + NCC Group'ss Keegan Ryan has found a side-channel attack + affecting multiple cryptographic libraries. The "ROHNP" Key + Extraction Side Channel (CVE-2018-0495) has been fixed. + + Added support for Ed25519 signatures in TLS 1.3 + + Added support for ECDHE with X25519 in TLS 1.3 + + Added algorithm-independent signature and verification APIs: + psSign and psVerify. + + Source file reorganization. New new naming scheme aims for + better consistency, clarity and makes it easier to ifdef out + unneeded features. + + Added psEccWritePrivKeyMem and psEccWritePrivKeyFile the + public crypto API + * X.509 and PKCS standards + + Fixed processing of indefinite expiration date (31.12.9999). + + Basic Constraints no longer unconditionally added when + generating CSR data + + Session option for requesting subrange of allowed tls + versions. + + Specify certificate validity dates when generating + certificate. + + Support for reading PKCS #12 and CA certificates from memory + (der encoded). + + Support for key usage encipher only and decipher only bits in + generating certificate generation. + + Option for MD2/MD4/MD5 signatures compatibility on + certificates. + + X.509 certificates allow NIL character at the end of + GeneralName field. This is for compatibility with various + other products. + + It is now possible to compile X.509 certificate and CSR + generation code only ECC or RSA support for smaller footprint. + + Added Ed25519 specific functions such as + psEd25519ParsePrivKey, psEd25519Sign, etc. + * Other changes + + Added export.mk, which generates example binary packaging of a + previously compiled MatrixSSL package and includes two of the + example applications within the package. This package shows + how to export MatrixSSL includes and libraries outside the + source tree keeping configuration with the includes. + * Known issues + + The TLS 1.3 code has not yet been fully optimized for + footprint. + + If the client sends a TLS 1.3 ClientHello with X25519 as the + key exchange group, the server downgrades to TLS 1.2 but still + wishes to use X25519, the handshake will fail, because + MatrixSSL does not yet support X25519 in TLS 1.2 and below. diff --git a/doc/MatrixCMS_API.pdf b/doc/MatrixCMS_API.pdf index 738bbee..df2f371 100644 Binary files a/doc/MatrixCMS_API.pdf and b/doc/MatrixCMS_API.pdf differ diff --git a/doc/MatrixDTLS_DeveloperGuide.pdf b/doc/MatrixDTLS_DeveloperGuide.pdf index 2431804..d3c0f88 100644 Binary files a/doc/MatrixDTLS_DeveloperGuide.pdf and b/doc/MatrixDTLS_DeveloperGuide.pdf differ diff --git a/doc/MatrixKeyAndCertGeneration.pdf b/doc/MatrixKeyAndCertGeneration.pdf index b003b8c..9a75430 100644 Binary files a/doc/MatrixKeyAndCertGeneration.pdf and b/doc/MatrixKeyAndCertGeneration.pdf differ diff --git a/doc/MatrixSSL_API.pdf b/doc/MatrixSSL_API.pdf index e9c3455..0998dc8 100644 Binary files a/doc/MatrixSSL_API.pdf and b/doc/MatrixSSL_API.pdf differ diff --git a/doc/MatrixSSL_CertificatesAndCRLs.pdf b/doc/MatrixSSL_CertificatesAndCRLs.pdf index bbb3190..6dc5206 100644 Binary files a/doc/MatrixSSL_CertificatesAndCRLs.pdf and b/doc/MatrixSSL_CertificatesAndCRLs.pdf differ diff --git a/doc/MatrixSSL_DiffieHellman.pdf b/doc/MatrixSSL_DiffieHellman.pdf index 48adaa0..1a88b3f 100644 Binary files a/doc/MatrixSSL_DiffieHellman.pdf and b/doc/MatrixSSL_DiffieHellman.pdf differ diff --git a/doc/MatrixSSL_EllipticCurveCiphers.pdf b/doc/MatrixSSL_EllipticCurveCiphers.pdf index 0c331f2..12e5cb3 100644 Binary files a/doc/MatrixSSL_EllipticCurveCiphers.pdf and b/doc/MatrixSSL_EllipticCurveCiphers.pdf differ diff --git a/doc/MatrixSSL_ExternalModuleIntegration.pdf b/doc/MatrixSSL_ExternalModuleIntegration.pdf index c5d0b8b..5d7b21a 100644 Binary files a/doc/MatrixSSL_ExternalModuleIntegration.pdf and b/doc/MatrixSSL_ExternalModuleIntegration.pdf differ diff --git a/doc/MatrixSSL_GettingStarted.pdf b/doc/MatrixSSL_GettingStarted.pdf index d9e4fe2..909d70f 100644 Binary files a/doc/MatrixSSL_GettingStarted.pdf and b/doc/MatrixSSL_GettingStarted.pdf differ diff --git a/doc/MatrixSSL_PortingGuide.pdf b/doc/MatrixSSL_PortingGuide.pdf index e0a2036..4d1e537 100644 Binary files a/doc/MatrixSSL_PortingGuide.pdf and b/doc/MatrixSSL_PortingGuide.pdf differ diff --git a/doc/MatrixSSL_PreSharedKeys.pdf b/doc/MatrixSSL_PreSharedKeys.pdf index 4dc8f20..05c42ff 100644 Binary files a/doc/MatrixSSL_PreSharedKeys.pdf and b/doc/MatrixSSL_PreSharedKeys.pdf differ diff --git a/doc/matrixssl_dev_guide.html b/doc/matrixssl_dev_guide.html index bb0a70e..929c312 100644 --- a/doc/matrixssl_dev_guide.html +++ b/doc/matrixssl_dev_guide.html @@ -9,11 +9,11 @@

            MatrixSSL Developer Guide

            -

            MatrixSSL 4.0.0

            +

            MatrixSSL 4.4.0

            -

            August 2018

            +

            December 2021

            -

            Copyright © Inside Secure 2018. All Rights Reserved.

            +

            Copyright © Rambus Inc 2021. All Rights Reserved.

              @@ -442,6 +442,7 @@ TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 +TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 @@ -490,6 +491,7 @@ TLS_PSK_WITH_AES_128_CBC_SHA TLS_RSA_WITH_SEED_CBC_SHA TLS_RSA_WITH_IDEA_CBC_SHA SSL_RSA_WITH_RC4_128_MD5 +TLS_RSA_WITH_NULL_SHA256 SSL_RSA_WITH_NULL_SHA SSL_RSA_WITH_NULL_MD5 TLS_DH_anon_WITH_AES_256_CBC_SHA @@ -1304,7 +1306,7 @@ All other MD5 based ciphers disabled by default.
              USE_FIPS_CRYPTO
              USE_CL_CRYPTO
              -
              cryptoConfig.h - (MatrixSSL FIPS Edition only:) Enable using the FIPS 140-2 validated SafeZone CL/FIPSLib 1.1 as the cryptographic library in MatrixSSL. For more information on FIPS 140-2 specific configuration options, please consult the MatrixSSL with CL Library document, included with the MatrixSSL FIPS Edition.
              +
              cryptoConfig.h - (MatrixSSL FIPS Edition only:) Enable using the FIPS 140-2 validated SafeZone CL/FIPSLib 1.2 as the cryptographic library in MatrixSSL. For more information on FIPS 140-2 specific configuration options, please consult the MatrixSSL with CL Library document, included with the MatrixSSL FIPS Edition.
              USE_CMS
              cryptoConfig.h - (MatrixSSL Commercial Edition only:) Enable support for Cryptographic Messaging Syntax (CMS).
              diff --git a/makefiles/libsodium_support.mk b/makefiles/libsodium_support.mk index 2305d18..24dd1af 100644 --- a/makefiles/libsodium_support.mk +++ b/makefiles/libsodium_support.mk @@ -1,7 +1,7 @@ ## # Optional libsodium inclusion. # @version $Format:%h%d$ -# Copyright (c) 2017 INSIDE Secure Corporation. All Rights Reserved. +# Copyright (c) 2017 Rambus Inc. All Rights Reserved. # #------------------------------------------------------------------------------- diff --git a/makefiles/prepkg.mk b/makefiles/prepkg.mk index e9c7e90..f8ddfd1 100644 --- a/makefiles/prepkg.mk +++ b/makefiles/prepkg.mk @@ -2,7 +2,7 @@ # Construct header files from keys and other cryptographic properties. # The constructed files can be built during packaging. # -# Copyright (c) 2013-2016 INSIDE Secure Corporation. All Rights Reserved. +# Copyright (c) 2013-2016 Rambus Inc. All Rights Reserved. # # Check if prepkg has already been done diff --git a/makefiles/rules.mk b/makefiles/rules.mk index 4da236f..fafe24c 100644 --- a/makefiles/rules.mk +++ b/makefiles/rules.mk @@ -1,7 +1,7 @@ # # Skeleton of build file with generic rules # -# Copyright (c) 2017 INSIDE Secure Oy. All Rights Reserved. +# Copyright (c) 2017 Rambus Inc. All Rights Reserved. # # Generate list of generated executables (currently supports test) diff --git a/makefiles/testsupp.mk b/makefiles/testsupp.mk index 073a1e4..7a4f1e9 100644 --- a/makefiles/testsupp.mk +++ b/makefiles/testsupp.mk @@ -1,7 +1,7 @@ # # Build test executable(s) using testsupp and catch.hpp # -# Copyright (c) 2013-2016 INSIDE Secure Corporation. All Rights Reserved. +# Copyright (c) 2013-2016 Rambus Inc. All Rights Reserved. # # Include test materials to path diff --git a/matrixssl/Makefile b/matrixssl/Makefile index 7ff8835..6adff4d 100644 --- a/matrixssl/Makefile +++ b/matrixssl/Makefile @@ -3,7 +3,7 @@ # 'make' builds debug (Default). # 'make gold' builds optimized. # -# Copyright (c) 2013-2016 INSIDE Secure Corporation. All Rights Reserved. +# Copyright (c) 2013-2016 Rambus Inc. All Rights Reserved. # MATRIXSSL_ROOT:=.. diff --git a/matrixssl/cipherSuite.c b/matrixssl/cipherSuite.c index e18567d..c21f85b 100644 --- a/matrixssl/cipherSuite.c +++ b/matrixssl/cipherSuite.c @@ -6,7 +6,7 @@ * Enable specific suites at compile time in matrixsslConfig.h */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -19,8 +19,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. @@ -590,6 +590,229 @@ int32 csChacha20Poly1305IetfDecrypt(void *ssl, unsigned char *ct, } #endif /* USE_CHACHA20_POLY1305_IETF_CIPHER_SUITE */ +# ifdef USE_SM4 +/******************************************************************************/ +int32 csSm4GcmInit(sslSec_t *sec, int32 type, uint32 keysize) +{ + int32 err; + + if (type == INIT_ENCRYPT_CIPHER) + { + Memset(&sec->encryptCtx.sm4gcm, 0, sizeof(psSm4Gcm_t)); + if ((err = psSm4InitGCM(&sec->encryptCtx.sm4gcm, sec->writeKey, + keysize)) < 0) + { + return err; + } + } + else + { + Memset(&sec->decryptCtx.sm4gcm, 0, sizeof(psSm4Gcm_t)); + if ((err = psSm4InitGCM(&sec->decryptCtx.sm4gcm, sec->readKey, + keysize)) < 0) + { + return err; + } + } + return 0; +} +int32 csSm4GcmEncrypt(void *ssl, unsigned char *pt, + unsigned char *ct, uint32 len) +{ + ssl_t *lssl = ssl; + psSm4Gcm_t *ctx; + unsigned char nonce[12]; + unsigned char aad[TLS_GCM_AAD_LEN]; + int32 i, ptLen, seqNotDone; + + if (len == 0) + { + return PS_SUCCESS; + } + + if (len < 16 + 1) + { + return PS_LIMIT_FAIL; + } + ptLen = len - TLS_GCM_TAG_LEN; + ctx = &lssl->sec.encryptCtx.sm4gcm; + Memcpy(nonce, lssl->sec.writeIV, 4); + + seqNotDone = 1; + /* Each value of the nonce_explicit MUST be distinct for each distinct + invocation of the GCM encrypt function for any fixed key. Failure to + meet this uniqueness requirement can significantly degrade security. + The nonce_explicit MAY be the 64-bit sequence number. */ +# ifdef USE_DTLS + if (NGTD_VER(lssl, v_dtls_any)) + { + Memcpy(nonce + 4, lssl->epoch, 2); + Memcpy(nonce + 4 + 2, lssl->rsn, 6); + /* In the case of DTLS the counter is formed from the concatenation of + the 16-bit epoch with the 48-bit sequence number.*/ + Memcpy(aad, lssl->epoch, 2); + Memcpy(aad + 2, lssl->rsn, 6); + seqNotDone = 0; + } +# endif + + if (seqNotDone) + { + Memcpy(nonce + 4, lssl->sec.seq, TLS_EXPLICIT_NONCE_LEN); + Memcpy(aad, lssl->sec.seq, 8); + } + aad[8] = lssl->outRecType; + aad[9] = psEncodeVersionMaj(GET_NGTD_VER(lssl)); + aad[10] = psEncodeVersionMin(GET_NGTD_VER(lssl)); + aad[11] = ptLen >> 8 & 0xFF; + aad[12] = ptLen & 0xFF; + + psSm4ReadyGCM(ctx, nonce, aad, TLS_GCM_AAD_LEN); + psSm4EncryptGCMImplicitIV(ctx, pt, ct, ptLen); + psSm4GetGCMTag(ctx, 16, ct + ptLen); + +# ifdef USE_DTLS + if (NGTD_VER(lssl, v_dtls_any)) + { + return len; + } +# endif + + /* Normally HMAC would increment the sequence */ + for (i = 7; i >= 0; i--) + { + lssl->sec.seq[i]++; + if (lssl->sec.seq[i] != 0) + { + break; + } + } + return len; +} +int32 csSm4GcmDecrypt(void *ssl, unsigned char *ct, + unsigned char *pt, uint32 len) +{ + ssl_t *lssl = ssl; + psAesGcm_t *ctx; + int32 i, ctLen, bytes, seqNotDone; + unsigned char nonce[12]; + unsigned char aad[TLS_GCM_AAD_LEN]; + + /* + Minimum GCM ciphertext length in TLS 1.2: + 25 = 1 + 16 (tag) + 8 (nonce_explicit). + */ + if (len < 25) + { + psTraceErrr("Invalid GCM ciphertext length\n"); + psTraceIntInfo("(%u)\n", len); + return PS_FAILURE; + } + ctx = &lssl->sec.decryptCtx.sm4gcm; + + seqNotDone = 1; + Memcpy(nonce, lssl->sec.readIV, 4); + Memcpy(nonce + 4, ct, TLS_EXPLICIT_NONCE_LEN); + ct += TLS_EXPLICIT_NONCE_LEN; + len -= TLS_EXPLICIT_NONCE_LEN; + +# ifdef USE_DTLS + if (NGTD_VER(lssl, v_dtls_any)) + { + /* In the case of DTLS the counter is formed from the concatenation of + the 16-bit epoch with the 48-bit sequence number. */ + Memcpy(aad, lssl->rec.epoch, 2); + Memcpy(aad + 2, lssl->rec.rsn, 6); + seqNotDone = 0; + } +# endif + + if (seqNotDone) + { + Memcpy(aad, lssl->sec.remSeq, 8); + } + ctLen = len - TLS_GCM_TAG_LEN; + aad[8] = lssl->rec.type; + aad[9] = psEncodeVersionMaj(GET_NGTD_VER(lssl)); + aad[10] = psEncodeVersionMin(GET_NGTD_VER(lssl)); + aad[11] = ctLen >> 8 & 0xFF; + aad[12] = ctLen & 0xFF; + + psSm4ReadyGCM(ctx, nonce, aad, TLS_GCM_AAD_LEN); + + if ((bytes = psSm4DecryptGCM(ctx, ct, len, pt, len - TLS_GCM_TAG_LEN)) < 0) + { + return -1; + } + for (i = 7; i >= 0; i--) + { + lssl->sec.remSeq[i]++; + if (lssl->sec.remSeq[i] != 0) + { + break; + } + } + return bytes; +} +int32 csSm4Init(sslSec_t *sec, int32 type, uint32 keysize) +{ + int32 err; + + if (type == INIT_ENCRYPT_CIPHER) + { + Memset(&(sec->encryptCtx), 0, sizeof(psSm4Cbc_t)); + if ((err = psSm4InitCBC(&sec->encryptCtx.sm4, sec->writeIV, sec->writeKey, + keysize, PS_TRUE)) < 0) + { + return err; + } + } + else /* Init for decrypt */ + { + Memset(&(sec->decryptCtx), 0, sizeof(psSm4Cbc_t)); + if ((err = psSm4InitCBC(&sec->decryptCtx.sm4, sec->readIV, sec->readKey, + keysize, PS_FALSE)) < 0) + { + return err; + } + } + return PS_SUCCESS; +} + +int32 csSm4Encrypt(void *ssl, unsigned char *pt, + unsigned char *ct, uint32 len) +{ + ssl_t *lssl = ssl; + psAesCbc_t *ctx = &lssl->sec.encryptCtx.sm4; + + if ((len & 0xf) != 0) + { + psTraceErrr("Invalid plaintext size in csSm4Encrypt.\n"); + return PS_FAILURE; + } + + psSm4EncryptCBC(ctx, pt, ct, len); + return len; +} + +int32 csSm4Decrypt(void *ssl, unsigned char *ct, + unsigned char *pt, uint32 len) +{ + ssl_t *lssl = ssl; + psAesCbc_t *ctx = &lssl->sec.decryptCtx.sm4; + + if ((len & 0xf) != 0) + { + psTraceErrr("Invalid ciphertext size in csSm4Decrypt.\n"); + return PS_FAILURE; + } + + psSm4DecryptCBC(ctx, ct, pt, len); + return len; +} +# endif /*USE_SM4 */ + + /******************************************************************************/ #if defined(USE_IDEA) && defined(USE_IDEA_CIPHER_SUITE) @@ -816,6 +1039,71 @@ static int32 csShaVerifyMac(void *sslv, unsigned char type, #endif /* USE_SHA_MAC */ /******************************************************************************/ +#ifdef USE_HMAC_SM3 +/******************************************************************************/ +static int32 csSm3GenerateMac(void *sslv, unsigned char type, + unsigned char *data, uint32 len, unsigned char *macOut) +{ + ssl_t *ssl = (ssl_t *) sslv; + unsigned char mac[SM3_HASH_SIZE]; + + if (NGTD_VER(ssl, v_tls_with_hmac)) + { + switch (ssl->nativeEnMacSize) + { +# ifdef USE_SM3 + case SM3_HASH_SIZE: + tlsHMACSm3(ssl, HMAC_CREATE, type, + data, len, mac, ssl->nativeEnMacSize); + break; +# endif /* USE_SM3 */ + default: + return PS_ARG_FAIL; + } + } + else + { + return PS_ARG_FAIL; + } + + Memcpy(macOut, mac, ssl->enMacSize); + return ssl->enMacSize; +} + +static int32 csSm3VerifyMac(void *sslv, unsigned char type, + unsigned char *data, uint32 len, unsigned char *mac) +{ + unsigned char buf[SM3_HASH_SIZE]; + ssl_t *ssl = (ssl_t *) sslv; + + if (NGTD_VER(ssl, v_tls_with_hmac)) + { + switch (ssl->nativeDeMacSize) + { +# ifdef USE_SM3 + case SM3_HASH_SIZE: + tlsHMACSm3(ssl, HMAC_VERIFY, type, data, len, buf, + ssl->nativeDeMacSize); + break; +# endif + default: + memzero_s(buf, ssl->nativeDeMacSize); /* Will fail below */ + break; + } + } + else + { + memzero_s(buf, SM3_HASH_SIZE); /* Will fail below */ + } + if (memcmpct(buf, mac, ssl->deMacSize) == 0) + { + return PS_SUCCESS; + } + return PS_FAILURE; +} +#endif /* USE_HMAC_SM3 */ +/******************************************************************************/ + /******************************************************************************/ #if defined(USE_MD5) && defined(USE_MD5_MAC) /******************************************************************************/ @@ -949,7 +1237,40 @@ const static sslCipherSpec_t supportedCiphers[] = { NULL, /* generateMac */ NULL }, /* verifyMac */ # endif /* USE_TLS_CHACHA20_POLY1305_SHA256 */ + +# if defined(USE_CL_CRYPTO) && \ + defined(USE_SM2) && defined(USE_SM3) && defined(USE_SM4) +# ifdef USE_TLS_SM4_GCM_SM3 + { TLS_SM4_GCM_SM3, /* ident */ + CS_TLS13, /* type */ + CRYPTO_FLAGS_SM4 | CRYPTO_FLAGS_GCM | CRYPTO_FLAGS_SM3, /* flags */ + 0, /* macSize */ + 16, /* keySize */ + 12, /* ivSize */ + 0, /* blocksize */ + csSm4GcmInitTls13, /* init */ + csSm4GcmEncryptTls13, /* encrypt */ + csSm4GcmDecryptTls13, /* decrypt */ + NULL, /* generateMac */ + NULL }, /* verifyMac */ +# endif /* USE_TLS_SM4_GCM_SM3 */ +# ifdef USE_TLS_SM4_CCM_SM3 + { TLS_SM4_CCM_SM3, /* ident */ + CS_TLS13, /* type */ + CRYPTO_FLAGS_SM4 | CRYPTO_FLAGS_CCM | CRYPTO_FLAGS_SM3, /* flags */ + 0, /* macSize */ + 16, /* keySize */ + 12, /* ivSize */ + 0, /* blocksize */ + csSm4CcmInitTls13, /* init */ + csSm4CcmEncryptTls13, /* encrypt */ + csSm4CcmDecryptTls13, /* decrypt */ + NULL, /* generateMac */ + NULL }, /* verifyMac */ +# endif /* USE_TLS_SM4_CCM_SM3 */ +# endif #endif /* USE_TLS_1_3 */ + /* Ephemeral ciphersuites */ #ifdef USE_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 { TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, /* ident */ @@ -1297,6 +1618,52 @@ const static sslCipherSpec_t supportedCiphers[] = { csShaVerifyMac }, #endif /* USE_TLS_DHE_PSK_WITH_AES_128_CBC_SHA */ +#if defined(USE_CL_CRYPTO) && \ + defined(USE_SM2) && defined(USE_SM3) && defined(USE_SM4) +#ifdef USE_TLS_ECDHE_SM2_WITH_SMS4_SM3 + { TLS_ECDHE_SM2_WITH_SMS4_SM3, /* ident */ + CS_ECDHE_SM2, /* type */ + CRYPTO_FLAGS_SM4 | CRYPTO_FLAGS_SM3, /* flags */ + 32, /* macSize */ + 16, /* keySize */ + 16, /* ivSize */ + 16, /* blocksize */ + csSm4Init, /* init */ + csSm4Encrypt, /* encrypt */ + csSm4Decrypt, /* decrypt */ + csSm3GenerateMac, /* generateMac */ + csSm3VerifyMac }, /* verifyMac */ +#endif /* USE_TLS_ECDHE_SM2_WITH_SMS4_SM3 */ +#ifdef USE_TLS_ECDHE_SM2_WITH_SMS4_SHA256 + { TLS_ECDHE_SM2_WITH_SMS4_SHA256, /* ident */ + CS_ECDHE_SM2, /* type */ + CRYPTO_FLAGS_SM4 | CRYPTO_FLAGS_SHA2, /* flags */ + 32, /* macSize */ + 16, /* keySize */ + 16, /* ivSize */ + 16, /* blocksize */ + csSm4Init, /* init */ + csSm4Encrypt, /* encrypt */ + csSm4Decrypt, /* decrypt */ + csShaGenerateMac, /* generateMac */ + csShaVerifyMac }, /* verifyMac */ +#endif /* USE_TLS_ECDHE_SM2_WITH_SMS4_SHA256 */ +#ifdef USE_TLS_ECDHE_SM2_WITH_SMS4_GCM_SM3 + { TLS_ECDHE_SM2_WITH_SMS4_GCM_SM3, /* ident */ + CS_ECDHE_SM2, /* type */ + CRYPTO_FLAGS_SM4 | CRYPTO_FLAGS_GCM | CRYPTO_FLAGS_SM3, /* flags */ + 0, /* macSize */ + 16, /* keySize */ + 4, /* ivSize */ + 0, /* blocksize */ + csSm4GcmInit, /* init */ + csSm4GcmEncrypt, /* encrypt */ + csSm4GcmDecrypt, /* decrypt */ + NULL, /* generateMac */ + NULL }, /* verifyMac */ +#endif /* USE_TLS_ECDHE_SM2_WITH_SMS4_GCM_SM3 */ +#endif + /* Non-ephemeral ciphersuites */ #ifdef USE_TLS_RSA_WITH_AES_256_GCM_SHA384 @@ -1708,6 +2075,21 @@ const static sslCipherSpec_t supportedCiphers[] = { /* @security Deprecated unencrypted ciphers */ +#ifdef USE_TLS_RSA_WITH_NULL_SHA256 + { TLS_RSA_WITH_NULL_SHA256, + CS_RSA, + CRYPTO_FLAGS_SHA2, + 32, /* macSize */ + 0, /* keySize */ + 0, /* ivSize */ + 0, /* blocksize */ + csNullInit, + csNullEncrypt, + csNullDecrypt, + csShaGenerateMac, + csShaVerifyMac }, +#endif /* USE_TLS_RSA_WITH_NULL_SHA256 */ + #ifdef USE_SSL_RSA_WITH_NULL_SHA { SSL_RSA_WITH_NULL_SHA, CS_RSA, @@ -1950,7 +2332,8 @@ static uint16 getKeyTypeFromCipherType(uint16 type, uint16 *dhParamsRequired, case CS_ECDH_RSA: *ecKeyExchange = 1; return RSA_TYPE_SIG; - + case CS_ECDHE_SM2: + return SM2_TYPE_SIG; default: /* CS_NULL or CS_PSK type */ return CS_NULL; /* a cipher suite with no pub key or DH */ } @@ -1960,7 +2343,11 @@ static uint16 getKeyTypeFromCipherType(uint16 type, uint16 *dhParamsRequired, # define KEY_ALG_ANY 1 # define KEY_ALG_FIRST 2 -#if defined(USE_SERVER_SIDE_SSL) && !defined(USE_ONLY_PSK_CIPHER_SUITE) + +#ifndef USE_ONLY_PSK_CIPHER_SUITE +# if ((defined(USE_SERVER_SIDE_SSL) && defined(USE_X509)) || \ + (defined(USE_CLIENT_SIDE_SSL) && defined(USE_ECC_CIPHER_SUITE) && \ + defined(USE_CERT_PARSE))) /* This is the signature algorithm that the client will be using to encrypt @@ -1981,13 +2368,22 @@ static int32 haveCorrectSigAlg(psX509Cert_t *cert, int32 sigType) { return PS_SUCCESS; } +# ifdef USE_SM2 + if (sigType == SM2_TYPE_SIG && cert->pubKeyAlgorithm == OID_ECDSA_KEY_ALG + && cert->sigAlgorithm == OID_SM3_SM2_SIG) + { + return PS_SUCCESS; + } +# endif # else /* Without certificate parsing assume success by proper configuration */ return PS_SUCCESS; # endif return PS_FAILURE; } +# endif +# ifdef USE_SERVER_SIDE_SSL /* If using TLS 1.2 we need to test agains the sigHashAlg and eccParams */ static psRes_t validateKeyForExtensions(ssl_t *ssl, const sslCipherSpec_t *spec, sslIdentity_t *givenKey) @@ -2034,7 +2430,7 @@ static psRes_t validateKeyForExtensions(ssl_t *ssl, const sslCipherSpec_t *spec, suites where we'll be sending a signature in the ServerKeyExchange message */ if (spec->type == CS_DHE_RSA || spec->type == CS_ECDHE_RSA || - spec->type == CS_ECDHE_ECDSA) + spec->type == CS_ECDHE_ECDSA || spec->type == CS_ECDHE_SM2) { # ifdef USE_CERT_PARSE # ifdef USE_RSA @@ -2068,6 +2464,9 @@ static psRes_t validateKeyForExtensions(ssl_t *ssl, const sslCipherSpec_t *spec, # endif # ifdef USE_SHA512 !(ssl->peerSigAlg & HASH_SIG_SHA512_ECDSA_MASK) && +# endif +# if defined(USE_SM2) && defined(USE_SM3) + !(ssl->peerSigAlg & HASH_SIG_SM3_SM2_MASK) && # endif !(ssl->peerSigAlg & HASH_SIG_SHA256_ECDSA_MASK)) { @@ -2118,6 +2517,7 @@ static psRes_t validateKeyForExtensions(ssl_t *ssl, const sslCipherSpec_t *spec, return PS_SUCCESS; } # endif /* USE_SERVER_SIDE_SSL */ +#endif /* USE_ONLY_PSK_CIPHER_SUITE*/ #if defined(USE_X509) && !defined(USE_ONLY_PSK_CIPHER_SUITE) /* if firstMatch == true, then the subject cert keyAlg on the chain needs to @@ -2152,6 +2552,33 @@ static psBool_t certValidForUse(psX509Cert_t *certs, return PS_TRUE; #endif } + +# if defined (USE_ECC_CIPHER_SUITE) && defined(USE_CLIENT_SIDE_SSL) +static psBool_t certValidForUseSig(psX509Cert_t *certs, + int32 sigType, + psBool_t firstMatch) +{ +# if !defined(USE_ONLY_PSK_CIPHER_SUITE) && defined(USE_CERT_PARSE) + psX509Cert_t *cert; + + for (cert = certs; cert; cert = cert->next) + { + if (sigType == 0 || haveCorrectSigAlg(cert, sigType)) + { + return PS_TRUE; + } + if (firstMatch) + { + return PS_FALSE; + } + } + return PS_FALSE; +#else + /* PSK only or no certificate parsing - assume OK. */ + return PS_TRUE; +#endif +} +#endif #endif #if defined(USE_SERVER_SIDE_SSL) && !defined(USE_ONLY_PSK_CIPHER_SUITE) @@ -2276,7 +2703,8 @@ int32_t haveKeyMaterial(const ssl_t *ssl, identity and clients have a CA so we don't repeat them everywhere */ if (cipherType == CS_RSA || cipherType == CS_DHE_RSA || cipherType == CS_ECDHE_RSA || cipherType == CS_ECDH_RSA || - cipherType == CS_ECDHE_ECDSA || cipherType == CS_ECDH_ECDSA) + cipherType == CS_ECDHE_ECDSA || cipherType == CS_ECDH_ECDSA || + cipherType == CS_ECDHE_SM2) { if (ssl->flags & SSL_FLAGS_SERVER) { @@ -2497,6 +2925,34 @@ int32_t haveKeyMaterial(const ssl_t *ssl, # endif } } + +/* + ECDHE_SM2 ciphers must have SM2 keys + */ + if (cipherType == CS_ECDHE_SM2) + { + if (ssl->flags & SSL_FLAGS_SERVER) + { +# ifdef USE_SERVER_SIDE_SSL + if (haveKeyForAlg(ssl->keys, + OID_ECDSA_KEY_ALG, SM2_TYPE_SIG, + KEY_ALG_FIRST) < 0) + { + return PS_FAILURE; + } +# endif +# ifdef USE_CLIENT_SIDE_SSL + } + else + { + if (!certValidForUseSig(ssl->keys->CAcerts, SM2_TYPE_SIG, PS_FALSE)) + { + return PS_FAILURE; + } +# endif + } + } + # endif /* USE_ECC_CIPHER_SUITE */ # endif /* USE_ONLY_PSK_CIPHER_SUITE */ @@ -2595,6 +3051,10 @@ chooseCS(ssl_t *ssl, uint32_t *suites, psSize_t nsuites) # ifdef USE_IDENTITY_CERTIFICATES ssl->chosenIdentity = ssl->keys->identity; # endif + if (spec->flags & CRYPTO_FLAGS_SM4) + { + ssl->tls13SelectedSMSuite = PS_TRUE; + } goto out_ok; } else @@ -2709,7 +3169,8 @@ chooseCS(ssl_t *ssl, uint32_t *suites, psSize_t nsuites) { reqKeyAlg = OID_RSA_KEY_ALG; } - else if (reqSigType == ECDSA_TYPE_SIG) + else if (reqSigType == ECDSA_TYPE_SIG || + reqSigType == SM2_TYPE_SIG) { reqKeyAlg = OID_ECDSA_KEY_ALG; } @@ -2719,7 +3180,6 @@ chooseCS(ssl_t *ssl, uint32_t *suites, psSize_t nsuites) reqKeyAlg = 0; } } - if (haveCorrectKeyAlg(idKey, reqKeyAlg, reqSigType, KEY_ALG_FIRST) < 0 || @@ -2908,6 +3368,15 @@ int32_t eccSuitesSupported(const ssl_t *ssl, # ifdef USE_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 || sslGetCipherSpec(ssl, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256) # endif +# ifdef USE_TLS_ECDHE_SM2_WITH_SMS4_SM3 + || cipherSpecs[i] == TLS_ECDHE_SM2_WITH_SMS4_SM3 +# endif +# ifdef USE_TLS_ECDHE_SM2_WITH_SMS4_SHA256 + || cipherSpecs[i] == TLS_ECDHE_SM2_WITH_SMS4_SHA256 +# endif +# ifdef USE_TLS_ECDHE_SM2_WITH_SMS4_GCM_SM3 + || cipherSpecs[i] == TLS_ECDHE_SM2_WITH_SMS4_GCM_SM3 +# endif # endif /* USE_TLS_1_2 */ ) { @@ -3001,6 +3470,15 @@ int32_t eccSuitesSupported(const ssl_t *ssl, # ifdef USE_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 || cipherSpecs[i] == TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 # endif +# ifdef USE_TLS_ECDHE_SM2_WITH_SMS4_SM3 + || cipherSpecs[i] == TLS_ECDHE_SM2_WITH_SMS4_SM3 +# endif +# ifdef USE_TLS_ECDHE_SM2_WITH_SMS4_SHA256 + || cipherSpecs[i] == TLS_ECDHE_SM2_WITH_SMS4_SHA256 +# endif +# ifdef USE_TLS_ECDHE_SM2_WITH_SMS4_GCM_SM3 + || cipherSpecs[i] == TLS_ECDHE_SM2_WITH_SMS4_GCM_SM3 +# endif #endif /* USE_TLS_1_2 */ ) { @@ -3034,7 +3512,7 @@ int32 csCheckCertAgainstCipherSuite(int32 pubKey, int32 cipherType) if (pubKey == PS_ECC) { if (cipherType == CS_ECDHE_ECDSA || cipherType == CS_ECDH_ECDSA || - cipherType == CS_ECDH_RSA) + cipherType == CS_ECDH_RSA || cipherType == CS_ECDHE_SM2) { return 1; } @@ -3183,6 +3661,44 @@ const sslCipherSpec_t *sslGetCipherSpec(const ssl_t *ssl, uint16_t id) return NULL; } #endif + +#if defined(USE_SM2) && defined(USE_SM3) && \ + defined(USE_SM4) && defined(USE_CL_CRYPTO) + if (supportedCiphers[i].flags & + (CRYPTO_FLAGS_SM4 | CRYPTO_FLAGS_SM3)) + { + if (flps_provider_is_fl()) + { + return NULL; + } + + if (findFromUint16Array( + ssl->supportedSigAlgs, + ssl->supportedSigAlgsLen, + sigalg_sm2sig_sm3) == PS_FAILURE) + { + return NULL; + } + if (supportedCiphers[i].type == CS_TLS13 && + (findFromUint16Array( + ssl->tls13SupportedSigAlgsCert, + ssl->tls13SupportedSigAlgsCertLen, + sigalg_sm2sig_sm3) == PS_FAILURE + || findFromUint16Array( + ssl->tls13SupportedGroups, + ssl->tls13SupportedGroupsLen, + namedgroup_curveSM2) == PS_FAILURE)) + { + return NULL; + } + } +#else + if (supportedCiphers[i].flags & + (CRYPTO_FLAGS_SM4 | CRYPTO_FLAGS_SM3)) + { + return NULL; + } +#endif #ifdef USE_SEC_CONFIG if (!ciphersuiteAllowedBySecConfig(ssl, id)) { @@ -3314,6 +3830,7 @@ const sslCipherSpec_t *sslGetCipherSpec(const ssl_t *ssl, uint16_t id) know of server public key yet. */ return &supportedCiphers[i]; } + if (haveKeyMaterial(ssl, &supportedCiphers[i], 0) == PS_SUCCESS) { @@ -3331,7 +3848,6 @@ const sslCipherSpec_t *sslGetCipherSpec(const ssl_t *ssl, uint16_t id) #endif /* VALIDATE_KEY_MATERIAL */ } while (supportedCiphers[i++].ident != SSL_NULL_WITH_NULL_NULL); - return NULL; } @@ -3586,7 +4102,8 @@ void matrixSslSetKexFlags(ssl_t *ssl) ssl->flags |= SSL_FLAGS_DHE_KEY_EXCH; ssl->flags |= SSL_FLAGS_DHE_WITH_RSA; } - if (ssl->cipher->type == CS_ECDHE_ECDSA) + if (ssl->cipher->type == CS_ECDHE_ECDSA || + ssl->cipher->type == CS_ECDHE_SM2) { ssl->flags |= SSL_FLAGS_ECC_CIPHER; ssl->flags |= SSL_FLAGS_DHE_KEY_EXCH; diff --git a/matrixssl/dtls.c b/matrixssl/dtls.c index 6ecae8a..34eb0b0 100644 --- a/matrixssl/dtls.c +++ b/matrixssl/dtls.c @@ -5,7 +5,7 @@ * DTLS specific code. */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. @@ -359,7 +359,9 @@ static int32 fragmentHSMessage(ssl_t *ssl, unsigned char *msg, int32 msgLen, overhead = ssl->recordHeadLen + ssl->hshakeHeadLen; - if ((ssl->flags & SSL_FLAGS_WRITE_SECURE) && (ssl->enBlockSize > 1)) + if ((ssl->flags & SSL_FLAGS_WRITE_SECURE) && + ((ssl->enBlockSize > 1) || + ((ssl->enBlockSize == 0) && (ssl->enMacSize > 0)))) { secureOverhead = ssl->enMacSize + /* handshake msg hash */ (ssl->enBlockSize * 2); /* explictIV and max pad */ @@ -384,8 +386,10 @@ static int32 fragmentHSMessage(ssl_t *ssl, unsigned char *msg, int32 msgLen, } /* Make secure adjustments */ - if ((ssl->flags & SSL_FLAGS_WRITE_SECURE) && (ssl->enBlockSize > 1)) - { + if ((ssl->flags & SSL_FLAGS_WRITE_SECURE) && + ((ssl->enBlockSize > 1) || + ((ssl->enBlockSize == 0) && (ssl->enMacSize > 0)))) + { recordLen = fragLen + ssl->hshakeHeadLen + ssl->enMacSize + ssl->enBlockSize; padLen = psPadLenPwr2(recordLen, ssl->enBlockSize); @@ -541,7 +545,7 @@ int32 dtlsEncryptFragRecord(ssl_t *ssl, flightEncode_t *msg, ssl->outRecType = (unsigned char) msg->type; } - if ((ssl->flags & SSL_FLAGS_WRITE_SECURE) && (ssl->enBlockSize > 1)) + if ((ssl->flags & SSL_FLAGS_WRITE_SECURE) && (ssl->enMacSize > 1)) { *c += ssl->generateMac(ssl, (unsigned char) msg->type, encryptStart + ssl->enBlockSize, @@ -791,12 +795,6 @@ void incrTwoByte(ssl_t *ssl, unsigned char *c, int sending) { int32 i; - if (sending) - { - c[0] = ssl->largestEpoch[0]; - c[1] = ssl->largestEpoch[1]; - } - for (i = 1; i >= 0; i--) { if ((int) c[i] < 0xFF) diff --git a/matrixssl/extDecode.c b/matrixssl/extDecode.c index a94113f..1540aa1 100644 --- a/matrixssl/extDecode.c +++ b/matrixssl/extDecode.c @@ -5,7 +5,7 @@ * CLIENT_HELLO and SERVER_HELLO extension parsing */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. @@ -102,6 +102,13 @@ int32_t tlsParseSignatureAlgorithms(ssl_t *ssl, sigAlg = (c[0] << 8) + c[1]; /* Those algorithms that are not supported by us will be filtered out here; ssl->hashSigAlg will contain the shared ones. */ +#if defined(USE_SM2) && defined(USE_SM3) + /*Fix SM2-SM3 in message*/ + if (sigAlg == 0x0707) + { + sigAlg = sigalg_sm2sig_sm3; + } +#endif if (findFromUint16Array(ssl->supportedSigAlgs, ssl->supportedSigAlgsLen, sigAlg) != PS_FAILURE) @@ -176,6 +183,12 @@ int32_t tlsParseSupportedGroups(ssl_t *ssl, curveId = *c << 8; c++; curveId += *c; c++; +# if defined(USE_SM2) && defined(USE_SM3) + if (curveId == namedgroup_x448) + { + curveId = namedgroup_curveSM2; + } +# endif dataLen -= 2; extLen -= 2; # ifdef USE_TLS_1_3 diff --git a/matrixssl/hsDecode.c b/matrixssl/hsDecode.c index 46c1fc9..6da2e57 100644 --- a/matrixssl/hsDecode.c +++ b/matrixssl/hsDecode.c @@ -5,7 +5,7 @@ * SSL/TLS handshake message parsing for TLS 1.2 and below. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. @@ -144,9 +144,9 @@ int32 parseSslv2ClientHelloContent(ssl_t *ssl, int32 parseClientHello(ssl_t *ssl, unsigned char **cp, unsigned char *end) { - unsigned char *suiteStart, *suiteEnd; + unsigned char *suiteStart = NULL, *suiteEnd = NULL; unsigned char compLen; - uint32 suiteLen; + uint32 suiteLen = 0; uint32 resumptionOnTrack, cipher = 0; int32 rc, i; unsigned char *c; @@ -1399,7 +1399,6 @@ int32 parseCertificateVerify(ssl_t *ssl, psTraceErrr("Invalid Certificate Verify message 1\n"); return MATRIXSSL_ERROR; } - hashAlg = c[0]; sigAlg = (uint16_t)((c[0] << 8) | c[1]); /* Convert from official SignatureAndHashAlgorithm ID to MatrixSSL @@ -1451,6 +1450,13 @@ int32 parseCertificateVerify(ssl_t *ssl, sslSha512RetrieveHSHash(ssl, hsMsgHash); refMsgLen = SHA512_HASH_SIZE; break; +# endif +# ifdef USE_SM3 + case HASH_SIG_SM3: + sslSm3RetrieveHSHash(ssl, hsMsgHash); + refMsgLen = SM3_HASH_SIZE; + opts.msgIsDigestInfo = PS_TRUE; + break; # endif default: ssl->err = SSL_ALERT_DECODE_ERROR; @@ -1959,6 +1965,12 @@ int32 parseServerKeyExchange(ssl_t *ssl, /* Next is curveId */ i = *c << 8; c++; i |= *c; c++; +# if defined(USE_SM2) && defined(USE_SM3) + if (i == namedgroup_x448) + { + i = namedgroup_curveSM2; + } +# endif if (!psIsEcdheGroup(i)) { ssl->err = SSL_ALERT_ILLEGAL_PARAMETER; @@ -1966,6 +1978,12 @@ int32 parseServerKeyExchange(ssl_t *ssl, psTraceIntInfo("Group ID: %d\n", i); } ssl->sec.peerCurveId = i; +# if defined(USE_SM2) && defined(USE_SM3) + if (i == namedgroup_x448) + { + i = namedgroup_curveSM2; + } +# endif # ifdef USE_X25519 if (i == namedgroup_x25519) @@ -3021,6 +3039,10 @@ SKIP_CERT_CHAIN_INIT: if (i++ == 0) { + if(ssl->sec.cert) + { + psX509FreeCert(ssl->sec.cert); + } ssl->sec.cert = cert; currentCert = ssl->sec.cert; } @@ -3176,6 +3198,13 @@ RESUME_VALIDATE_CERTS: default: break; } + + /* Check if this is the last validated certificate. */ + if (cert->pathEnd == PS_TRUE) + { + break; + } + cert = cert->next; } diff --git a/matrixssl/hsHash.c b/matrixssl/hsHash.c index 7eb57de..848fe16 100644 --- a/matrixssl/hsHash.c +++ b/matrixssl/hsHash.c @@ -6,7 +6,7 @@ * TLS 1.0/1.1/1.2. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -19,8 +19,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. @@ -110,6 +110,9 @@ int32_t sslInitHSHash(ssl_t *ssl) # ifdef USE_SHA512 psSha512Init(&ssl->sec.msgHashSha512); # endif +# ifdef USE_SM3 + psSm3Init(&ssl->sec.msgHashSm3); +# endif # endif return 0; @@ -170,6 +173,9 @@ int32_t sslUpdateHSHash(ssl_t *ssl, const unsigned char *in, psSize_t len) # endif # ifdef USE_SHA512 psSha512Update(&ssl->sec.msgHashSha512, in, len); +# endif +# ifdef USE_SM3 + psSm3Update(&ssl->sec.msgHashSm3, in, len); # endif } # endif /* USE_TLS_1_2 */ @@ -211,6 +217,13 @@ int32 sslSha512RetrieveHSHash(ssl_t *ssl, unsigned char *out) return SHA512_HASH_SIZE; } # endif +# ifdef USE_SM3 +int32 sslSm3RetrieveHSHash(ssl_t *ssl, unsigned char *out) +{ + Memcpy(out, ssl->sec.sm3Snapshot, SM3_HASH_SIZE); + return SM3_HASH_SIZE; +} +# endif # endif /* USE_SERVER_SIDE_SSL && USE_CLIENT_AUTH */ # if defined(USE_CLIENT_SIDE_SSL) && defined(USE_CLIENT_AUTH) @@ -247,6 +260,16 @@ void sslSha512SnapshotHSHash(ssl_t *ssl, unsigned char *out) psSha512Final(&sha512, out); } # endif +# ifdef USE_SM3 +void sslSm3SnapshotHSHash(ssl_t *ssl, unsigned char *out) +{ + psSm3_t sm3; + + psSm3Sync(&ssl->sec.msgHashSm3, 0); + sm3 = ssl->sec.msgHashSm3; + psSm3Final(&sm3, out); +} +# endif # endif /* USE_CLIENT_SIDE_SSL && USE_CLIENT_AUTH */ # endif /* USE_TLS_1_2 */ @@ -272,6 +295,9 @@ static int32_t tlsGenerateFinishedHash(ssl_t *ssl, # ifdef USE_SHA512 psSha512_t *sha512, # endif +# ifdef USE_SM3 + psSm3_t *sm3, +# endif # endif /* USE_TLS_1_2 */ unsigned char *masterSecret, unsigned char *out, int32 senderFlag) @@ -305,6 +331,17 @@ static int32_t tlsGenerateFinishedHash(ssl_t *ssl, TLS_HS_FINISHED_SIZE, CRYPTO_FLAGS_SHA3); # endif } +# ifdef USE_SM3 + else if (ssl->cipher->flags & CRYPTO_FLAGS_SM3) + { + psSm3_t sm3_backup; + psSm3Cpy(&sm3_backup, sm3); + psSm3Final(&sm3_backup, tmp + FINISHED_LABEL_SIZE); + return prf2(masterSecret, SSL_HS_MASTER_SIZE, tmp, + FINISHED_LABEL_SIZE + SM3_HASH_SIZE, out, + TLS_HS_FINISHED_SIZE, CRYPTO_FLAGS_SM3); + } +# endif else { psSha256_t sha256_backup; @@ -372,6 +409,13 @@ static int32_t tlsGenerateFinishedHash(ssl_t *ssl, psSha512Final(&sha512_backup, ssl->sec.sha512Snapshot); } # endif +# ifdef USE_SM3 + { + psSm3_t sm3_backup; + psSm3Cpy(&sm3_backup, sm3); + psSm3Final(&sm3_backup, ssl->sec.sm3Snapshot); + } +# endif # ifdef USE_SHA1 { psSha1_t sha1_backup; @@ -437,6 +481,15 @@ int32_t extMasterSecretSnapshotHSHash(ssl_t *ssl, unsigned char *out, *outLen = SHA384_HASH_SIZE; # endif } +# ifdef USE_SM3 + else if (ssl->cipher->flags & CRYPTO_FLAGS_SM3) + { + psSm3_t sm3; + psSm3Cpy(&sm3, &ssl->sec.msgHashSm3); + psSm3Final(&sm3, out); + *outLen = SM3_HASH_SIZE; + } +# endif else { # ifdef USE_SHA256 @@ -527,6 +580,9 @@ int32_t sslSnapshotHSHash(ssl_t *ssl, # ifdef USE_SHA512 &ssl->sec.msgHashSha512, # endif +# ifdef USE_SM3 + &ssl->sec.msgHashSm3, +# endif # endif /* USE_TLS_1_2 */ ssl->sec.masterSecret, out, senderFlag); diff --git a/matrixssl/hsHashBuffered.c b/matrixssl/hsHashBuffered.c index 46ba418..1083a9c 100644 --- a/matrixssl/hsHashBuffered.c +++ b/matrixssl/hsHashBuffered.c @@ -5,7 +5,7 @@ * Buffered handshake hash implementation for TLS. */ /* - * Copyright (c) 2013-2019 INSIDE Secure Corporation + * Copyright (c) 2013-2019 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/matrixssl/hsNegotiateVersion.c b/matrixssl/hsNegotiateVersion.c index 36e97d4..9d38c3a 100644 --- a/matrixssl/hsNegotiateVersion.c +++ b/matrixssl/hsNegotiateVersion.c @@ -6,7 +6,7 @@ * originally in hsDecode.c */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -19,8 +19,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/matrixssl/matrixssl.c b/matrixssl/matrixssl.c index 2ce99f8..f4ee2f7 100644 --- a/matrixssl/matrixssl.c +++ b/matrixssl/matrixssl.c @@ -5,7 +5,7 @@ * The session and authentication management portions of the MatrixSSL library. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. @@ -44,7 +44,7 @@ /******************************************************************************/ static const char copyright[] = - "Copyright Inside Secure Corporation. All rights reserved."; + "Copyright Rambus Inc. All rights reserved."; #ifdef USE_SERVER_SIDE_SSL @@ -180,6 +180,9 @@ void matrixSslClose(void) { # ifdef USE_SERVER_SIDE_SSL int i; +# ifdef USE_STATELESS_SESSION_TICKETS + psDestroyMutex(&g_sessTicketLock); +# endif /* USE_STATELESS_SESSION_TICKETS */ psLockMutex(&g_sessionTableLock); for (i = 0; i < SSL_SESSION_TABLE_SIZE; i++) @@ -2352,6 +2355,9 @@ int32 matrixValidateCertsExt(psPool_t *pool, psX509Cert_t *subjectCerts, x509v3extensions_t *ext; char ip[16]; int32 rc, foundSupportedSAN, pathLen = 0; + int32 crossCertPathLen = 0; + int32 previousAuthStatus = PS_FALSE; + psBool_t crossCertLoopActive = PS_FALSE; /* Check for illegal option combinations. @@ -2467,6 +2473,7 @@ int32 matrixValidateCertsExt(psPool_t *pool, psX509Cert_t *subjectCerts, If subject cert was a chain, that has already been authenticated above so we only need to pass in the single parent-most cert to be tested against */ + crossCertPathLen = pathLen; *foundIssuer = NULL; ic = issuerCerts; while (ic != NULL) @@ -2475,6 +2482,22 @@ int32 matrixValidateCertsExt(psPool_t *pool, psX509Cert_t *subjectCerts, if ((rc = psX509AuthenticateCert(pool, sc, ic, foundIssuer, hwCtx, poolUserPtr)) == PS_SUCCESS) { + /* Validation ends to this certificate. */ + sc->pathEnd = PS_TRUE; + + /* If cross-certificate loop is active set PS_CERT_AUTH_FAIL to + other certificates in the chain. */ + if (crossCertLoopActive == PS_TRUE) + { + psX509Cert_t *nextSc = sc->next; + + while (nextSc != NULL) + { + nextSc->authStatus = PS_CERT_AUTH_FAIL; + nextSc = nextSc->next; + } + } + rc = checkPathLenConstraint(ic, sc, pathLen); if (rc < 0) { @@ -2635,6 +2658,42 @@ int32 matrixValidateCertsExt(psPool_t *pool, psX509Cert_t *subjectCerts, return rc; } ic = ic->next; + + /* + It is possible that the issuer cert which authenticates the last cert + in the chain is not in the list of issuer certs. Instead, the list of + issuer certs may contain a cross-certificate for some other cert in + the chain. Therefore, check if the loop has to be started again and + try to authenticate the previous certs in the chain against the + issuer certs. + */ + if (ic == NULL) + { + if (crossCertLoopActive == PS_TRUE) + { + /* Restore authStatus from previous round. */ + sc->authStatus = previousAuthStatus; + } + + if (crossCertPathLen > 0) + { + uint32 i; + + sc = subjectCerts; + for (i = 1; i < crossCertPathLen && sc->next != NULL; i++) + { + sc = sc->next; + } + + crossCertPathLen--; + pathLen = crossCertPathLen; + + ic = issuerCerts; + + previousAuthStatus = sc->authStatus; + crossCertLoopActive = PS_TRUE; + } + } } /* Success would have returned if it happen diff --git a/matrixssl/matrixsslApi.c b/matrixssl/matrixsslApi.c index 5d1043d..ab2b69c 100644 --- a/matrixssl/matrixsslApi.c +++ b/matrixssl/matrixsslApi.c @@ -5,7 +5,7 @@ * MatrixSSL Public API Layer. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. @@ -900,7 +900,6 @@ int32 matrixSslGetReadbufOfSize(ssl_t *ssl, int32 size, unsigned char **buf) if ((p = psRealloc(ssl->inbuf, ssl->inlen + size, ssl->bufferPool)) == NULL) { - ssl->inbuf = NULL; ssl->insize = 0; ssl->inlen = 0; return PS_MEM_FAIL; } ssl->inbuf = p; @@ -1885,10 +1884,6 @@ int32_t matrixSslEncodeRehandshake(ssl_t *ssl, sslKeys_t *keys, unsigned char *p; sslSessOpts_t options; - /* Clear extFlags for rehandshakes */ - ssl->extFlags.truncated_hmac = 0; - ssl->extFlags.sni = 0; - if (ssl == NULL || ssl->cipher == NULL) { return PS_ARG_FAIL; @@ -1903,6 +1898,10 @@ int32_t matrixSslEncodeRehandshake(ssl_t *ssl, sslKeys_t *keys, } psAssert(ssl->outsize > 0 && ssl->outbuf != NULL); + /* Clear extFlags for rehandshakes */ + ssl->extFlags.truncated_hmac = 0; + ssl->extFlags.sni = 0; + # ifdef DISABLE_DTLS_CLIENT_CHANGE_CIPHER_FROM_GCM_TO_GCM # endif /* DISABLE_DTLS_CLIENT_CHANGE_CIPHER_FROM_GCM_TO_GCM */ diff --git a/matrixssl/matrixsslApi.h b/matrixssl/matrixsslApi.h index 94edb8d..42f5e18 100644 --- a/matrixssl/matrixsslApi.h +++ b/matrixssl/matrixsslApi.h @@ -7,7 +7,7 @@ * only use the APIs and definitions used in this file. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -20,8 +20,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/matrixssl/matrixsslApiAlert.h b/matrixssl/matrixsslApiAlert.h index 533db42..f14a078 100644 --- a/matrixssl/matrixsslApiAlert.h +++ b/matrixssl/matrixsslApiAlert.h @@ -6,7 +6,7 @@ * This sub-header of matrixsslApi.h contains alert constants. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -19,8 +19,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/matrixssl/matrixsslApiCipher.h b/matrixssl/matrixsslApiCipher.h index cb95340..becd263 100644 --- a/matrixssl/matrixsslApiCipher.h +++ b/matrixssl/matrixsslApiCipher.h @@ -6,7 +6,7 @@ * This sub-header of matrixsslApi.h contains ciphersuite IDs. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -19,8 +19,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. @@ -53,6 +53,7 @@ # define TLS_RSA_WITH_AES_256_CBC_SHA 0x0035 /* 53 */ # define TLS_DHE_RSA_WITH_AES_256_CBC_SHA 0x0039 /* 57 */ # define TLS_DH_anon_WITH_AES_256_CBC_SHA 0x003A /* 58 */ +# define TLS_RSA_WITH_NULL_SHA256 0x003B /* 59 */ # define TLS_RSA_WITH_AES_128_CBC_SHA256 0x003C /* 60 */ # define TLS_RSA_WITH_AES_256_CBC_SHA256 0x003D /* 61 */ # define TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 0x0067 /* 103 */ @@ -99,11 +100,18 @@ /* Defined in https://tools.ietf.org/html/draft-ietf-tls-chacha20-poly1305 */ # define TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 0xCCA8 /* 52392 */ # define TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 0xCCA9 /* 52393 */ +/* TLS 1.2 ciphersuites with SM algorithms*/ +# define TLS_ECDHE_SM2_WITH_SMS4_SM3 0xE102 /* 57602 */ +# define TLS_ECDHE_SM2_WITH_SMS4_SHA256 0xE105 /* 57605 */ +# define TLS_ECDHE_SM2_WITH_SMS4_GCM_SM3 0xE107 /* 57607 */ + /* TLS 1.3 ciphersuites. */ # define TLS_AES_128_GCM_SHA256 0x1301 /* 4865 */ # define TLS_AES_256_GCM_SHA384 0x1302 /* 4866 */ # define TLS_CHACHA20_POLY1305_SHA256 0x1303 /* 4867 */ -# define TLS_AES_128_CCM_SHA_256 0x1304 /* 4868 */ +# define TLS_AES_128_CCM_SHA256 0x1304 /* 4868 */ # define TLS_AES_128_CCM_8_SHA256 0x1305 /* 4869 */ +# define TLS_SM4_GCM_SM3 0x00C6 /* 198 */ +# define TLS_SM4_CCM_SM3 0x00C7 /* 199 */ #endif diff --git a/matrixssl/matrixsslApiExt.h b/matrixssl/matrixsslApiExt.h index 635ad69..764cc69 100644 --- a/matrixssl/matrixsslApiExt.h +++ b/matrixssl/matrixsslApiExt.h @@ -6,7 +6,7 @@ * This sub-header of matrixsslApi.h contains TLS extension IDs. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -19,8 +19,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/matrixssl/matrixsslApiLimits.h b/matrixssl/matrixsslApiLimits.h index 1e9f21f..f74de1d 100644 --- a/matrixssl/matrixsslApiLimits.h +++ b/matrixssl/matrixsslApiLimits.h @@ -7,7 +7,7 @@ * buffer size and other limits. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -20,8 +20,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/matrixssl/matrixsslApiPre.h b/matrixssl/matrixsslApiPre.h index a67fec9..d1e3204 100644 --- a/matrixssl/matrixsslApiPre.h +++ b/matrixssl/matrixsslApiPre.h @@ -6,7 +6,7 @@ * This sub-header of matrixsslApi.h contains a preamble. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -19,8 +19,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/matrixssl/matrixsslApiRet.h b/matrixssl/matrixsslApiRet.h index 7480343..63045cf 100644 --- a/matrixssl/matrixsslApiRet.h +++ b/matrixssl/matrixsslApiRet.h @@ -6,7 +6,7 @@ * This sub-header of matrixsslApi.h contains return codes. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -19,8 +19,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/matrixssl/matrixsslApiTypes.h b/matrixssl/matrixsslApiTypes.h index 6c698ff..944d5a3 100644 --- a/matrixssl/matrixsslApiTypes.h +++ b/matrixssl/matrixsslApiTypes.h @@ -7,7 +7,7 @@ * needed when using the matrixSsl* API. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -20,8 +20,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/matrixssl/matrixsslApiVer.h b/matrixssl/matrixsslApiVer.h index b2ebd63..fbfa827 100644 --- a/matrixssl/matrixsslApiVer.h +++ b/matrixssl/matrixsslApiVer.h @@ -7,7 +7,7 @@ * defines. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -20,8 +20,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/matrixssl/matrixsslCheck.h b/matrixssl/matrixsslCheck.h index 11d9692..8f5c87c 100644 --- a/matrixssl/matrixsslCheck.h +++ b/matrixssl/matrixsslCheck.h @@ -5,7 +5,7 @@ * Configuration validation/sanity checks. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. @@ -239,6 +239,14 @@ extern "C" { # define USE_RSA_CIPHER_SUITE # endif +# ifdef USE_TLS_RSA_WITH_NULL_SHA256 +# ifndef USE_RSA +# error "Enable USE_RSA in cryptoConfig.h for TLS_RSA_WITH_NULL_SHA256 suite" +# endif +# define USE_SHA_MAC +# define USE_RSA_CIPHER_SUITE +# endif + /******************************************************************************/ /* @@ -249,7 +257,8 @@ extern "C" { */ # ifdef USE_TLS_1_3 -# if defined(USE_TLS_AES_256_GCM_SHA384) || defined(USE_TLS_AES_128_GCM_SHA256) +# if defined(USE_TLS_AES_256_GCM_SHA384) || defined(USE_TLS_AES_128_GCM_SHA256) ||\ + defined(USE_TLS_AES_128_CCM_SHA256) || defined(USE_TLS_AES_128_CCM_8_SHA256) # define USE_DHE_CIPHER_SUITE # ifdef USE_RSA # define USE_RSA_CIPHER_SUITE @@ -270,6 +279,15 @@ extern "C" { # define USE_TLS_1_3_CIPHER_SUITE # endif +# if defined(USE_TLS_SM4_GCM_SM3) || defined(USE_TLS_SM4_CCM_SM3) +# define USE_SM2 +# define USE_SM3 +# define USE_SM4 +# define USE_ECC_CIPHER_SUITE +# define USE_DHE_CIPHER_SUITE +# define USE_TLS_1_3_CIPHER_SUITE +# endif + # endif /* USE_TLS_1_3 */ # ifdef USE_TLS_1_2 @@ -280,6 +298,15 @@ extern "C" { # error "Enable USE_SHA256 in matrixsslConfig.h for TLS_1_2 support" # endif +# if defined(USE_TLS_ECDHE_SM2_WITH_SMS4_SM3) || defined(USE_TLS_ECDHE_SM2_WITH_SMS4_SHA256) ||\ + defined(USE_TLS_ECDHE_SM2_WITH_SMS4_GCM_SM3) +# define USE_SM2 +# define USE_SM3 +# define USE_SM4 +# define USE_ECC_CIPHER_SUITE +# define USE_DHE_CIPHER_SUITE +# endif + # ifdef USE_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 # ifndef USE_CHACHA20_POLY1305_IETF # error "Enable USE_CHACHA20_POLY1305_IETF in cryptoConfig.h for USE_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256" @@ -1247,6 +1274,26 @@ typedef int32 psX509Cert_t; #endif +/* Check SM2/3/4 algorithms support */ +#if defined(USE_SM2) +# if !defined(USE_SM3) +# error "SM2 SigAlg requires SM3 support." +# endif +# define USE_ECC +# error "Need to use CL for SM2 algorithms" +#endif + +#if defined(USE_SM3) +# define USE_HMAC +# define USE_HMAC_SM3 +# define USE_TLS_PRF2 +# error "Need to use CL for SM3 algorithms" +#endif + +#if defined(USE_SM4) +# error "Need to use CL for SM4 algorithms" +#endif + # ifdef __cplusplus } # endif diff --git a/matrixssl/matrixsslConfigStr.h b/matrixssl/matrixsslConfigStr.h index fb35455..827ea43 100644 --- a/matrixssl/matrixsslConfigStr.h +++ b/matrixssl/matrixsslConfigStr.h @@ -122,6 +122,15 @@ static const char psConfigStrSsl[] = # ifdef USE_CHACHA20_POLY1305_IETF_CIPHER_SUITE "USE_CHACHA20_POLY1305_IETF_CIPHER_SUITE\n" # endif +# ifdef USE_SM2 + "USE_SM2\n" +# endif +# ifdef USE_SM3 + "USE_SM3\n" +# endif +# ifdef USE_SM4 + "USE_SM4\n" +# endif # ifdef USE_CLIENT_AUTH "USE_CLIENT_AUTH\n" # endif @@ -326,6 +335,12 @@ static const char psConfigStrSsl[] = # ifdef USE_TLS_CHACHA20_POLY1305_SHA256 "USE_TLS_CHACHA20_POLY1305_SHA256\n" # endif +# ifdef USE_TLS_SM4_GCM_SM3 + "USE_TLS_SM4_GCM_SM3\n" +# endif +# ifdef USE_TLS_SM4_CCM_SM3 + "USE_TLS_SM4_CCM_SM3\n" +# endif # ifdef USE_TLS_DH_anon_WITH_AES_128_CBC_SHA "USE_TLS_DH_anon_WITH_AES_128_CBC_SHA\n" # endif @@ -467,6 +482,9 @@ static const char psConfigStrSsl[] = # ifdef USE_TLS_PSK_WITH_AES_256_GCM_SHA384 "USE_TLS_PSK_WITH_AES_256_GCM_SHA384\n" # endif +# ifdef USE_TLS_RSA_WITH_NULL_SHA256 + "USE_TLS_RSA_WITH_NULL_SHA256\n" +# endif # ifdef USE_TLS_RSA_WITH_AES_128_CBC_SHA "USE_TLS_RSA_WITH_AES_128_CBC_SHA\n" # endif @@ -494,6 +512,15 @@ static const char psConfigStrSsl[] = # ifdef USE_TLS_RSA_WITH_SEED_CBC_SHA "USE_TLS_RSA_WITH_SEED_CBC_SHA\n" # endif +# ifdef USE_TLS_ECDHE_SM2_WITH_SMS4_SM3 + "USE_TLS_ECDHE_SM2_WITH_SMS4_SM3\n" +# endif +# ifdef USE_TLS_ECDHE_SM2_WITH_SMS4_SHA256 + "USE_TLS_ECDHE_SM2_WITH_SMS4_SHA256\n" +# endif +# ifdef USE_TLS_ECDHE_SM2_WITH_SMS4_GCM_SM3 + "USE_TLS_ECDHE_SM2_WITH_SMS4_GCM_SM3\n" +# endif # ifdef USE_TRUSTED_CA_INDICATION "USE_TRUSTED_CA_INDICATION\n" # endif diff --git a/matrixssl/matrixsslGetSet.c b/matrixssl/matrixsslGetSet.c index 60daa4e..8037e36 100644 --- a/matrixssl/matrixsslGetSet.c +++ b/matrixssl/matrixsslGetSet.c @@ -10,7 +10,7 @@ /* * Copyright (c) 2019 Verimatrix - * Copyright (c) 2013-2019 INSIDE Secure Corporation + * Copyright (c) 2013-2019 Rambus Inc. * All Rights Reserved * * This file can be edited to modify exact set of accessor functions @@ -19,11 +19,11 @@ * The copyright notice above does not evidence any actual or intended * publication of such source code. * - * This Module contains Proprietary Information of INSIDE and should be + * This Module contains Proprietary Information of Rambus and should be * treated as Confidential. * * The information in this file is provided for the exclusive use of the - * licensees of INSIDE. Such users have the right to use, modify, + * licensees of Rambus. Such users have the right to use, modify, * and incorporate this code into products for purposes authorized by the * license agreement provided they include this notice and the associated * copyright notice with any such product. diff --git a/matrixssl/matrixsslGetSet.h b/matrixssl/matrixsslGetSet.h index 0c6cd3f..ff569f1 100644 --- a/matrixssl/matrixsslGetSet.h +++ b/matrixssl/matrixsslGetSet.h @@ -10,7 +10,7 @@ /* * Copyright (c) 2019 Verimatrix - * Copyright (c) 2013-2019 INSIDE Secure Corporation + * Copyright (c) 2013-2019 Rambus Inc. * All Rights Reserved * * This file can be edited to modify exact set of accessor functions @@ -19,11 +19,11 @@ * The copyright notice above does not evidence any actual or intended * publication of such source code. * - * This Module contains Proprietary Information of INSIDE and should be + * This Module contains Proprietary Information of Rambus and should be * treated as Confidential. * * The information in this file is provided for the exclusive use of the - * licensees of INSIDE. Such users have the right to use, modify, + * licensees of Rambus. Such users have the right to use, modify, * and incorporate this code into products for purposes authorized by the * license agreement provided they include this notice and the associated * copyright notice with any such product. diff --git a/matrixssl/matrixsslImpl.h b/matrixssl/matrixsslImpl.h index b75ec8d..182c1f3 100644 --- a/matrixssl/matrixsslImpl.h +++ b/matrixssl/matrixsslImpl.h @@ -5,7 +5,7 @@ * Include common include files for compiling part of MatrixSSL's ssl/tls. */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/matrixssl/matrixsslInitVer.c b/matrixssl/matrixsslInitVer.c index 78c11d5..0361c21 100644 --- a/matrixssl/matrixsslInitVer.c +++ b/matrixssl/matrixsslInitVer.c @@ -5,7 +5,7 @@ * Functions for initialization protocol versions in a session. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/matrixssl/matrixsslKeys.c b/matrixssl/matrixsslKeys.c index 777b2cf..139e51f 100644 --- a/matrixssl/matrixsslKeys.c +++ b/matrixssl/matrixsslKeys.c @@ -5,7 +5,7 @@ * The session and authentication management portions of the MatrixSSL library. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. @@ -381,7 +381,7 @@ static psRes_t sslLoadKeyPair(psPool_t *pool, psTraceInfo("sslLoadKeyPair(): no key material"); key->type = PS_NOKEY; key->keysize = 0; - return PS_SUCCESS; + return PS_SUCCESS; } rc = psPemTryDecode(pool, keydata, @@ -415,7 +415,7 @@ static psRes_t sslLoadKeyPair(psPool_t *pool, unarmored_len, NULL, key); - if (err < 0) + if (err >= 0) { goto out; } @@ -443,7 +443,7 @@ static psRes_t sslLoadKeyPair(psPool_t *pool, unarmored_len, NULL, key); - if (err < 0) + if (err >= 0) { goto out; } @@ -466,7 +466,12 @@ static psRes_t sslLoadKeyPair(psPool_t *pool, goto out; } key->keysize = 32; + break; # endif /* USE_ED25519 */ + default: + psTraceErrr("Unknown key type in sslLoadKeyPair\n"); + err = PS_UNSUPPORTED_FAIL; + break; } /* end switch */ out: @@ -751,6 +756,7 @@ int32_t matrixSslLoadKeysMem(sslKeys_t *keys, PS_ECC, opts); break; +# ifdef USE_ED25519 case PS_ED25519: rc = matrixSslLoadKeyMaterialMem(keys, certBuf, @@ -762,9 +768,15 @@ int32_t matrixSslLoadKeysMem(sslKeys_t *keys, PS_ED25519, opts); break; +# endif /* USE_ED25519 */ case 0: { - int32 try[] = { PS_RSA, PS_ECC, PS_ED25519, -1}, i; + int32 try[] = { PS_RSA, PS_ECC, +# ifdef USE_ED25519 + PS_ED25519, +# endif /* USE_ED25519 */ + -1}; + int32 i; for (i = 0; try[i] != -1; i++) { rc = matrixSslLoadKeyMaterialMem( @@ -777,7 +789,7 @@ int32_t matrixSslLoadKeysMem(sslKeys_t *keys, break; } } - if (CAbuf && CAlen > 0) + if (rc == PS_SUCCESS && CAbuf && CAlen > 0) { rc = matrixSslLoadKeyMaterialMem( keys, NULL, 0, NULL, 0, @@ -787,6 +799,7 @@ int32_t matrixSslLoadKeysMem(sslKeys_t *keys, break; default: /* Unknown key type */ + psTraceErrr("Unknown key type in matrixSslLoadKeysMem\n"); rc = PS_FAILURE; } return rc; @@ -976,6 +989,7 @@ static struct { { 27, IS_BRAIN384R1 }, { 28, IS_BRAIN512R1 }, { 255, IS_BRAIN224R1 }, + { 41, IS_CURVESM2 }, { 0, 0 } }; @@ -1412,6 +1426,7 @@ psRes_t matrixSslLoadKeys(sslKeys_t *keys, PS_ECC, opts); break; +# ifdef USE_ED25519 case PS_ED25519: rc = matrixSslLoadKeyMaterial(keys, certFile, @@ -1421,9 +1436,15 @@ psRes_t matrixSslLoadKeys(sslKeys_t *keys, PS_ED25519, opts); break; +# endif /* USE_ED25519 */ case 0: { - int32 try[] = { PS_RSA, PS_ECC, PS_ED25519, -1}, i; + int32 try[] = { PS_RSA, PS_ECC, +# ifdef USE_ED25519 + PS_ED25519, +# endif /* USE_ED25519 */ + -1}; + int32 i; for (i = 0; try[i] != -1; i++) { rc = matrixSslLoadKeyMaterial( @@ -1435,7 +1456,7 @@ psRes_t matrixSslLoadKeys(sslKeys_t *keys, break; } } - if (CAfile) + if (rc == PS_SUCCESS && CAfile) { rc = matrixSslLoadKeyMaterial( keys, NULL, NULL, NULL, CAfile, 0, opts); @@ -1444,6 +1465,7 @@ psRes_t matrixSslLoadKeys(sslKeys_t *keys, break; default: + psTraceErrr("Unknown key type in matrixSslLoadKeys\n"); rc = PS_FAILURE; break; } diff --git a/matrixssl/matrixsslNet.c b/matrixssl/matrixsslNet.c index 76cbfee..c887004 100644 --- a/matrixssl/matrixsslNet.c +++ b/matrixssl/matrixsslNet.c @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2017 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2017 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/matrixssl/matrixsslNet.h b/matrixssl/matrixsslNet.h index 008ff8f..b46e1fe 100644 --- a/matrixssl/matrixsslNet.h +++ b/matrixssl/matrixsslNet.h @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2017 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2017 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/matrixssl/matrixsslSecConfig.c b/matrixssl/matrixsslSecConfig.c index 780f305..7cf5a90 100644 --- a/matrixssl/matrixsslSecConfig.c +++ b/matrixssl/matrixsslSecConfig.c @@ -5,7 +5,7 @@ * Functions for changing MatrixSSL's security configuration. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/matrixssl/matrixsslSocket.c b/matrixssl/matrixsslSocket.c index 3d5a8a0..842ef9e 100644 --- a/matrixssl/matrixsslSocket.c +++ b/matrixssl/matrixsslSocket.c @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2017 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2017 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/matrixssl/matrixsslSocket.h b/matrixssl/matrixsslSocket.h index b109804..467501d 100644 --- a/matrixssl/matrixsslSocket.h +++ b/matrixssl/matrixsslSocket.h @@ -4,7 +4,7 @@ */ /***************************************************************************** -* Copyright (c) 2017 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2017 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -15,8 +15,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/matrixssl/matrixssllib.h b/matrixssl/matrixssllib.h index 81731fb..c130dc5 100644 --- a/matrixssl/matrixssllib.h +++ b/matrixssl/matrixssllib.h @@ -6,7 +6,7 @@ * Only modifiers of the library should be intersted in this file */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -19,8 +19,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. @@ -264,14 +264,14 @@ extern "C" { # define TLS_GCM_TAG_LEN 16 # define TLS_CHACHA20_POLY1305_IETF_TAG_LEN 16 # define TLS_CCM_TAG_LEN 16 -# define TLS_CCM8_TAG_LEN 8 +# define TLS_CCM_8_TAG_LEN 8 # define TLS_AEAD_NONCE_MAXLEN 12/* Maximum length for an AEAD's nonce */ # define TLS_EXPLICIT_NONCE_LEN 8 # define TLS_CHACHA20_POLY1305_IETF_NONCE_LEN 0 # define AEAD_NONCE_LEN(SSL) ((SSL->flags & SSL_FLAGS_NONCE_W) ? TLS_EXPLICIT_NONCE_LEN : 0) -# define AEAD_TAG_LEN(SSL) ((SSL->cipher->flags & CRYPTO_FLAGS_CCM8) ? 8 : 16) +# define AEAD_TAG_LEN(SSL) ((SSL->cipher->flags & CRYPTO_FLAGS_CCM_8) ? 8 : 16) /* matrixSslSetSessionOption defines @@ -383,7 +383,9 @@ enum PACKED CS_ECDHE_RSA, CS_ECDH_ECDSA, CS_ECDH_RSA, - CS_TLS13 /* TLS 1.3 suites only specify the symmetric and hash algs. */ + CS_TLS13, /* TLS 1.3 suites only specify the symmetric and hash algs. */ + CS_ECDHE_SM2, + CS_SM2 }; /* @@ -495,13 +497,15 @@ enum PACKED HASH_SIG_SHA1, HASH_SIG_SHA256 = 4, HASH_SIG_SHA384, - HASH_SIG_SHA512 + HASH_SIG_SHA512, + HASH_SIG_SM3 }; enum PACKED { HASH_SIG_RSA = 1, - HASH_SIG_ECDSA = 3 /* This 3 is correct for hashSigAlg */ + HASH_SIG_ECDSA = 3, /* This 3 is correct for hashSigAlg */ + HASH_SIG_SM2 = 7 }; /* Internal flag format for algorithms */ @@ -519,6 +523,7 @@ enum PACKED HASH_SIG_SHA256_ECDSA_MASK = 0x100 << HASH_SIG_SHA256, HASH_SIG_SHA384_ECDSA_MASK = 0x100 << HASH_SIG_SHA384, HASH_SIG_SHA512_ECDSA_MASK = 0x100 << HASH_SIG_SHA512, + HASH_SIG_SM3_SM2_MASK = 0x100 << HASH_SIG_SM3, }; /** Return a unique flag for the given HASH_SIG_ALG. */ @@ -895,6 +900,9 @@ struct sslSec tls13_flight_state_t tls13KsState; psSha256_t tls13msgHashSha256; psSha384_t tls13msgHashSha384; +# ifdef USE_SM3 + psSm3_t tls13msgHashSm3; +# endif # endif /* USE_TLS_1_3 */ # ifdef USE_NATIVE_TLS_ALGS @@ -963,6 +971,9 @@ struct sslSec # ifdef USE_SHA512 psSha512_t msgHashSha512; # endif +# ifdef USE_SM3 + psSm3_t msgHashSm3; +# endif # endif # endif /* USE_TLS_1_2 */ @@ -971,6 +982,9 @@ struct sslSec unsigned char sha384Snapshot[SHA384_HASH_SIZE]; /* HW crypto uses outside TLS 1.2 */ unsigned char sha512Snapshot[SHA512_HASH_SIZE]; +# ifdef USE_SM3 + unsigned char sm3Snapshot[SM3_HASH_SIZE]; +# endif # endif # if defined(USE_PSK_CIPHER_SUITE) && defined(USE_CLIENT_SIDE_SSL) @@ -1109,6 +1123,9 @@ typedef struct uint16_t type; /* one of PKA_AFTER_* */ uint16_t user; /* user size */ psPool_t *pool; +# if defined(USE_SM2) && defined(USE_SM3) + uint16_t sigAlg; +# endif } pkaAfter_t; typedef struct nextMsgInFlight @@ -1338,6 +1355,7 @@ struct ssl psBool_t tls13CiphersuitesEnabledClient; psBool_t tls13CHContainsSha256Suite; psBool_t tls13CHContainsSha384Suite; + psBool_t tls13CHContainsSMSuite; unsigned char *tls13CertRequestContext; psSize_t tls13CertRequestContextLen; psBool_t tls13GotCertificateRequest; @@ -1349,6 +1367,7 @@ struct ssl uint32_t tls13EarlyDataStatus; psSizeL_t tls13PadLen; psSizeL_t tls13BlockSize; + psBool_t tls13SelectedSMSuite; #endif /* This is shared between all TLS versions. */ uint16_t supportedSigAlgs[TLS_MAX_SIGNATURE_ALGORITHMS]; @@ -2141,6 +2160,39 @@ extern int32 csChacha20Poly1305IetfDecryptTls13(void *ssl, unsigned char *ct, unsigned char *pt, uint32 len); +extern int32 csAesCcmInitTls13(sslSec_t *sec, + int32 type, + uint32 keysize); +extern int32 csAesCcmEncryptTls13(void *ssl, + unsigned char *pt, + unsigned char *ct, + uint32 ptLen); +extern int32 csAesCcmDecryptTls13(void *ssl, + unsigned char *ct, + unsigned char *pt, + uint32 len); +extern int32 csSm4CcmInitTls13(sslSec_t *sec, + int32 type, + uint32 keysize); +extern int32 csSm4CcmEncryptTls13(void *ssl, + unsigned char *pt, + unsigned char *ct, + uint32 ptLen); +extern int32 csSm4CcmDecryptTls13(void *ssl, + unsigned char *ct, + unsigned char *pt, + uint32 len); +extern int32 csSm4GcmInitTls13(sslSec_t *sec, + int32 type, + uint32 keysize); +extern int32 csSm4GcmEncryptTls13(void *ssl, + unsigned char *pt, + unsigned char *ct, + uint32 ptLen); +extern int32 csSm4GcmDecryptTls13(void *ssl, + unsigned char *ct, + unsigned char *pt, + uint32 len); /* Misc. */ extern void tls13ClearPeerSupportedGroupList(ssl_t *ssl); @@ -2254,6 +2306,11 @@ extern int32 tlsHMACSha2(ssl_t *ssl, int32 mode, unsigned char type, unsigned char *data, uint32 len, unsigned char *mac, int32 hashSize); # endif +# ifdef USE_SM3 +extern int32 tlsHMACSm3(ssl_t *ssl, int32 mode, unsigned char type, + unsigned char *data, uint32 len, unsigned char *mac, + int32 hashSize); +# endif /******************************************************************************/ @@ -2266,6 +2323,9 @@ extern int32 sslSha384RetrieveHSHash(ssl_t *ssl, unsigned char *out); # ifdef USE_SHA512 extern int32 sslSha512RetrieveHSHash(ssl_t *ssl, unsigned char *out); # endif +# ifdef USE_SM3 +extern int32 sslSm3RetrieveHSHash(ssl_t *ssl, unsigned char *out); +# endif # endif # ifdef USE_CLIENT_SIDE_SSL extern void sslSha1SnapshotHSHash(ssl_t *ssl, unsigned char *out); @@ -2275,6 +2335,9 @@ extern void sslSha384SnapshotHSHash(ssl_t *ssl, unsigned char *out); # ifdef USE_SHA512 extern void sslSha512SnapshotHSHash(ssl_t *ssl, unsigned char *out); # endif +# ifdef USE_SM3 +extern void sslSm3SnapshotHSHash(ssl_t *ssl, unsigned char *out); +# endif # endif # endif /* USE_TLS_1_2 */ diff --git a/matrixssl/matrixssllib_secconfig.h b/matrixssl/matrixssllib_secconfig.h index 234f6a7..a0d63cd 100644 --- a/matrixssl/matrixssllib_secconfig.h +++ b/matrixssl/matrixssllib_secconfig.h @@ -8,7 +8,7 @@ * and constants. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -21,8 +21,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/matrixssl/matrixssllib_version.h b/matrixssl/matrixssllib_version.h index 6215986..661ae06 100644 --- a/matrixssl/matrixssllib_version.h +++ b/matrixssl/matrixssllib_version.h @@ -7,7 +7,7 @@ * This file contains protocol version related macros and constants. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -20,8 +20,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/matrixssl/prf.c b/matrixssl/prf.c index 12ebfda..ea9a4c1 100644 --- a/matrixssl/prf.c +++ b/matrixssl/prf.c @@ -5,7 +5,7 @@ * "Native" Pseudo Random Function. */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. @@ -54,6 +54,13 @@ int32_t prf2(const unsigned char *sec, psSize_t secLen, const unsigned char *seed, psSize_t seedLen, unsigned char *out, psSize_t outLen, uint32_t flags) { +# ifdef USE_SM3 + if (flags & CRYPTO_FLAGS_SM3) + { + return psPrf2_Sm3(sec, secLen, seed, seedLen, + out, outLen, SM3_HASH_SIZE); + } +# endif return psPrf2(sec, secLen, seed, seedLen, out, outLen, (flags & CRYPTO_FLAGS_SHA3) ? SHA384_HASH_SIZE : SHA256_HASH_SIZE); diff --git a/matrixssl/psExt.h b/matrixssl/psExt.h index d00884b..6158c95 100644 --- a/matrixssl/psExt.h +++ b/matrixssl/psExt.h @@ -6,7 +6,7 @@ */ /***************************************************************************** -* Copyright (c) 2007-2017 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2007-2017 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -17,8 +17,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/matrixssl/psk.c b/matrixssl/psk.c index 9462874..34a20fd 100644 --- a/matrixssl/psk.c +++ b/matrixssl/psk.c @@ -5,7 +5,7 @@ * Pre-Shared Key cipher suite support. */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/matrixssl/sslDecode.c b/matrixssl/sslDecode.c index 11ea845..b20d951 100644 --- a/matrixssl/sslDecode.c +++ b/matrixssl/sslDecode.c @@ -5,7 +5,7 @@ * SSL/TLS protocol message decoding portion of MatrixSSL. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. @@ -1149,13 +1149,14 @@ ADVANCE_TO_APP_DATA: # ifdef USE_SHA256 case SHA256_HASH_SIZE: psSha256PreInit(&md.u.sha256); + psSha256Init(&md.u.sha256); break; # endif # ifdef USE_SHA384 case SHA384_HASH_SIZE: psSha384PreInit(&md.u.sha384); psSha384Init(&md.u.sha384); - break; + break; # endif # ifdef USE_SHA1 case SHA1_HASH_SIZE: @@ -1176,7 +1177,6 @@ ADVANCE_TO_APP_DATA: { # ifdef USE_SHA256 case SHA256_HASH_SIZE: - psSha256Init(&md.u.sha256); while (rc > 0) { psSha256Update(&md.u.sha256, tmp, 64); diff --git a/matrixssl/sslEncode.c b/matrixssl/sslEncode.c index 7cf8b1b..5b21f3f 100644 --- a/matrixssl/sslEncode.c +++ b/matrixssl/sslEncode.c @@ -5,7 +5,7 @@ * Secure Sockets Layer protocol message encoding portion of MatrixSSL. */ /* - * Copyright (c) 2013-2019 INSIDE Secure Corporation + * Copyright (c) 2013-2019 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. @@ -1240,6 +1240,9 @@ ok: /* TLS 1.2 has a SigAndHashAlgorithm member in certRequest */ certReqLen += 2; # ifdef USE_ECC +# if defined(USE_SM2) && defined(USE_SM3) + certReqLen += 2; +# endif # ifdef USE_SHA384 certReqLen += 6; # else @@ -1247,6 +1250,9 @@ ok: # endif /* USE_SHA */ # endif /* USE_ECC */ # ifdef USE_RSA +# ifdef USE_SHA512 + certReqLen += 2; +# endif # ifdef USE_SHA384 certReqLen += 6; # else @@ -2738,6 +2744,9 @@ void clearPkaAfter(ssl_t *ssl) ssl->pkaAfter[0].data = NULL; ssl->pkaAfter[0].inlen = 0; ssl->pkaAfter[0].user = 0; +# if defined(USE_SM2) && defined(USE_SM3) + ssl->pkaAfter[0].sigAlg = 0; +# endif if (ssl->pkaAfter[1].type != 0) { @@ -2746,12 +2755,18 @@ void clearPkaAfter(ssl_t *ssl) ssl->pkaAfter[0].data = ssl->pkaAfter[1].data; ssl->pkaAfter[0].inlen = ssl->pkaAfter[1].inlen; ssl->pkaAfter[0].user = ssl->pkaAfter[1].user; +# if defined(USE_SM2) && defined(USE_SM3) + ssl->pkaAfter[0].sigAlg = ssl->pkaAfter[1].sigAlg; +# endif ssl->pkaAfter[1].type = 0; ssl->pkaAfter[1].outbuf = NULL; ssl->pkaAfter[1].data = NULL; ssl->pkaAfter[1].inlen = 0; ssl->pkaAfter[1].user = 0; +# if defined(USE_SM2) && defined(USE_SM3) + ssl->pkaAfter[1].sigAlg = 0; +# endif } } @@ -4173,8 +4188,18 @@ static int32 writeServerKeyExchange(ssl_t *ssl, sslBuf_t *out, uint32 pLen, 2 byte - NamedCurve id */ *c = 3; c++; /* NamedCurve enum */ - *c = (ssl->sec.eccKeyPriv->curve->curveId & 0xFF00) >> 8; c++; - *c = (ssl->sec.eccKeyPriv->curve->curveId & 0xFF); c++; +# if defined(USE_SM2) && defined(USE_SM3) + if (ssl->sec.eccKeyPriv->curve->curveId == IANA_CURVESM2) + { + *c = (30 & 0xFF00) >> 8; c++; + *c = (30 & 0xFF); c++; + } + else +# endif + { + *c = (ssl->sec.eccKeyPriv->curve->curveId & 0xFF00) >> 8; c++; + *c = (ssl->sec.eccKeyPriv->curve->curveId & 0xFF); c++; + } *c = eccPubKeyLen & 0xFF; c++; if (psEccX963ExportKey(ssl->hsPool, ssl->sec.eccKeyPriv, c, &eccPubKeyLen) != 0) @@ -5202,6 +5227,13 @@ int32_t matrixSslEncodeClientHello(ssl_t *ssl, sslBuf_t *out, addRenegotiationScsv = 1; if (cipherSpecLen > 0) { + /* Free existing cipherlist if new ClientHello generated after + receiving HELLO_VERIFY_REQUEST. */ + if (ssl->tlsClientCipherSuites != NULL) + { + psFree(ssl->tlsClientCipherSuites, ssl->hsPool); + } + /* Store the initial ClientHello cipherlist for re-sending during possible server-initiated renegotiations. */ ssl->tlsClientCipherSuites = psMalloc(ssl->hsPool, @@ -5422,6 +5454,13 @@ int32_t matrixSslEncodeClientHello(ssl_t *ssl, sslBuf_t *out, for (i = 0; i < ssl->supportedSigAlgsLen; i++) { +# if defined(USE_SM2) && defined(USE_SM3) + if (ssl->supportedSigAlgs[i] == sigalg_sm2sig_sm3) + { + ADD_SIG_HASH(0x7, 0x7); + continue; + } +# endif ADD_SIG_HASH((ssl->supportedSigAlgs[i] & 0xff00) >> 8, ssl->supportedSigAlgs[i] & 0xff); } @@ -6654,6 +6693,12 @@ static int32 getSnapshotHSHash(ssl_t *ssl, break; # endif default: +# ifdef USE_SM3 + if (pka->sigAlg == OID_SM3_SM2_SIG) + { + sslSm3SnapshotHSHash(ssl, msgHash); + } +# endif break; } } @@ -6675,6 +6720,7 @@ static int nowDoCvPkaInnerECDSA(ssl_t *ssl, pkaAfter_t *pka, unsigned char *sig; psSize_t sigLen; int32_t sigAlg; + psSignOpts_t opts = {0}; if (chosen == NULL) { @@ -6772,7 +6818,7 @@ static int nowDoCvPkaInnerECDSA(ssl_t *ssl, pkaAfter_t *pka, hashTbsLen, &sig, &sigLen, - NULL); + &opts); if (rc != PS_SUCCESS) { goto out; @@ -7222,6 +7268,9 @@ static int32 writeCertificateVerify(ssl_t *ssl, sslBuf_t *out) # endif pkaAfter->inlen = hashSize; +# if defined(USE_SM2) && defined(USE_SM3) + pkaAfter->sigAlg = sigAlg; +# endif pkaAfter->type = PKA_AFTER_ECDSA_SIG_GEN; pkaAfter->data = pkiData; pkaAfter->outbuf = c; @@ -7411,6 +7460,9 @@ static int32 writeCertificateRequest(ssl_t *ssl, sslBuf_t *out, int32 certLen, /* TLS 1.2 has a SignatureAndHashAlgorithm type after CertType */ sigHashLen = 2; # ifdef USE_ECC +# if defined(USE_SM2) && defined(USE_SM3) + sigHashLen += 2; +# endif # ifdef USE_SHA384 sigHashLen += 6; # else @@ -7418,6 +7470,9 @@ static int32 writeCertificateRequest(ssl_t *ssl, sslBuf_t *out, int32 certLen, # endif /* USE_SHA */ # endif /* USE_ECC */ # ifdef USE_RSA +# ifdef USE_SHA512 + sigHashLen += 2; +# endif # ifdef USE_SHA384 sigHashLen += 6; # else @@ -7495,6 +7550,9 @@ static int32 writeCertificateRequest(ssl_t *ssl, sslBuf_t *out, int32 certLen, *c++ = 0x0; *c++ = sigHashLen - 2; # ifdef USE_ECC +# if defined(USE_SM2) && defined(USE_SM3) + *c++ = 0x7; *c++ = 0x7; +# endif # ifdef USE_SHA384 *c++ = 0x5; /* SHA384 */ *c++ = 0x3; /* ECDSA */ @@ -7511,6 +7569,9 @@ static int32 writeCertificateRequest(ssl_t *ssl, sslBuf_t *out, int32 certLen, # endif # ifdef USE_RSA +# ifdef USE_SHA512 + *c++ = 0x6; *c++ = 0x1; +# endif # ifdef USE_SHA384 *c++ = 0x5; /* SHA384 */ *c++ = 0x1; /* RSA */ diff --git a/matrixssl/sslv3.c b/matrixssl/sslv3.c index 1d780d6..d5b23e4 100644 --- a/matrixssl/sslv3.c +++ b/matrixssl/sslv3.c @@ -7,7 +7,7 @@ * and handshake hashing. */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -20,8 +20,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/matrixssl/test/Makefile b/matrixssl/test/Makefile index f1250ca..c0f5133 100644 --- a/matrixssl/test/Makefile +++ b/matrixssl/test/Makefile @@ -1,14 +1,15 @@ # # Makefile for MatrixSSL testing # -# Copyright (c) 2013-2016 INSIDE Secure Corporation. All Rights Reserved. +# Copyright (c) 2013-2016 Rambus Inc. All Rights Reserved. # MATRIXSSL_ROOT:=../.. TEST_SRC:=sslTest.c CERT_SRC:=certValidate.c PROVIDER_SRC:=provider.c -SRC:=$(TEST_SRC) $(CERT_SRC) $(PROVIDER_SRC) +PKCS_SRC:=pkcs12Test.c +SRC:=$(TEST_SRC) $(CERT_SRC) $(PROVIDER_SRC) $(PKCS_SRC) # Linked files STATIC:=../libssl_s.a $(MATRIXSSL_ROOT)/crypto/libcrypt_s.a $(MATRIXSSL_ROOT)/core/libcore_s.a @@ -26,6 +27,7 @@ STATIC+=$(LIBDRIVER_VAL_UP_PATH) CERT_EXE:=certValidate$(E) TEST_EXE:=sslTest$(E) PROVIDER_EXE:=provider$(E) +PKCS_EXE:=pkcs12Test$(E) ifeq '$(CL_NO_PKCS)' '' CFLAGS+=-DUSE_CL_PKCS -DUSE_CL_CERTLIB @@ -59,5 +61,8 @@ $(CERT_EXE): $(CERT_SRC:.c=.o) $(STATIC) $(PROVIDER_EXE): $(PROVIDER_SRC:.c=.o) $(STATIC) $(CC) -o $@ $^ $(EXTRA_CFLAGS) $(LDFLAGS) +$(PKCS_EXE): $(PKCS_SRC:.c=.o) $(STATIC) + $(CC) -o $@ $^ $(EXTRA_CFLAGS) $(LDFLAGS) + clean: - rm -f $(TEST_EXE) $(CERT_EXE) $(PROVIDER_EXE) $(OBJS) $(CLEAN_EXTRA_FILES) *.map + rm -f $(TEST_EXE) $(PKCS_EXE) $(CERT_EXE) $(PROVIDER_EXE) $(OBJS) $(CLEAN_EXTRA_FILES) *.map diff --git a/matrixssl/test/certValidate.c b/matrixssl/test/certValidate.c index a4bbd71..9d0f623 100644 --- a/matrixssl/test/certValidate.c +++ b/matrixssl/test/certValidate.c @@ -5,7 +5,7 @@ * Standalone certificate parsing and chain validation test. */ /* - * Copyright (c) 2013-2017 INSIDE Secure Corporation + * Copyright (c) 2013-2017 Rambus Inc Secure Corporation * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus Inc at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/matrixssl/test/pfx/test-onepass-corrupt.pfx b/matrixssl/test/pfx/test-onepass-corrupt.pfx new file mode 100644 index 0000000..39a47f5 Binary files /dev/null and b/matrixssl/test/pfx/test-onepass-corrupt.pfx differ diff --git a/matrixssl/test/pfx/test-onepass.pfx b/matrixssl/test/pfx/test-onepass.pfx new file mode 100644 index 0000000..af84ce2 Binary files /dev/null and b/matrixssl/test/pfx/test-onepass.pfx differ diff --git a/matrixssl/test/pfx/test-twopass-corrupt.pfx b/matrixssl/test/pfx/test-twopass-corrupt.pfx new file mode 100644 index 0000000..f8a111b Binary files /dev/null and b/matrixssl/test/pfx/test-twopass-corrupt.pfx differ diff --git a/matrixssl/test/pfx/test-twopass.pfx b/matrixssl/test/pfx/test-twopass.pfx new file mode 100644 index 0000000..5710945 Binary files /dev/null and b/matrixssl/test/pfx/test-twopass.pfx differ diff --git a/matrixssl/test/pkcs12Test.c b/matrixssl/test/pkcs12Test.c new file mode 100644 index 0000000..cb822b7 --- /dev/null +++ b/matrixssl/test/pkcs12Test.c @@ -0,0 +1,123 @@ +/** + * @file pkcs12Test.c + * @version $Format:%h%d$ + * + * Test program that tries out the new extensions to pkcs12 parsing. + */ +/* + * Copyright (c) 2020 Rambus Inc + * All Rights Reserved + * + * The latest version of this code is available at http://www.matrixssl.org + * + * This software is open source; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This General Public License does NOT permit incorporating this software + * into proprietary programs. If you are unable to comply with the GPL, a + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ + * + * This program is distributed in WITHOUT ANY WARRANTY; without even the + * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + * See the GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + * http://www.gnu.org/copyleft/gpl.html + */ +/******************************************************************************/ +#ifndef _POSIX_C_SOURCE +# define _POSIX_C_SOURCE 200112L +#endif + +#include "matrixssl/matrixsslImpl.h" +#include + +#include "osdep_stdio.h" + +void test_parse_pfx(int32 expected_rc, + const char* file, + const char* pass, int32 passlen, + const char* mpass, int32 mpasslen) +{ + sslKeys_t *keys = NULL; + int32 rc = 0; + + if (matrixSslNewKeys(&keys, NULL) < 0) + { + _psTrace("MatrixSSL library key init failure. Exiting\n"); + return; + } + + rc = matrixSslLoadPkcs12(keys, + (unsigned char*)file, + (const unsigned char*)pass, + passlen, + (const unsigned char*)mpass, + mpasslen, + 0); + if (rc == expected_rc) + { + Printf("SUCCESS: File %s parsed with expected return value: %d\n", file, rc); + } + else + { + Printf("FAIL: File %s parsed with return value %d, expected %d\n", + file, rc, expected_rc); + } + + matrixSslDeleteKeys(keys); +} + +int main() +{ + int rc = 0; + Printf("Parsing self generated files.\n"); + /* + Generated with: + openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 + openssl pkcs12 -export -inkey key.pem -in cert.pem -out test.pfx \ + -keypbe aes-256-cbc -macalg sha256 -certpbe NONE + */ + test_parse_pfx(PS_SUCCESS, + "pfx/test-onepass.pfx", "1234", 4, NULL, 0); + + /* Test wrong password */ + test_parse_pfx(PS_FAILURE, + "pfx/test-onepass.pfx", "0000", 4, NULL, 0); + + /* + Generated with: + openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 + openssl pkcs12 -export -inkey key.pem -in cert.pem -out test.pfx \ + -keypbe aes-256-cbc -macalg sha256 -certpbe NONE -twopass + */ + test_parse_pfx(PS_SUCCESS, + "pfx/test-twopass.pfx", "1234", 4, "2345", 4); + + /* Test wrong encryption password. */ + test_parse_pfx(PS_FAILURE, + "pfx/test-twopass.pfx", "0000", 4, "2345", 4); + + /* Test wrong authentication password. */ + test_parse_pfx(PS_AUTH_FAIL, + "pfx/test-twopass.pfx", "1234", 4, "0000", 4); + + /* + Same as pfx/test-twopass.pfx, but one bit corrupted in integrity hash. + */ + test_parse_pfx(PS_AUTH_FAIL, + "pfx/test-onepass-corrupt.pfx", "1234", 4, NULL, 0); + + /* + Same as pfx/test-twopass.pfx, but one bit corrupted in the middle of file. + */ + test_parse_pfx(PS_AUTH_FAIL, + "pfx/test-twopass-corrupt.pfx", "1234", 4, "2345", 4); + + return rc; +} diff --git a/matrixssl/test/provider.c b/matrixssl/test/provider.c index 909b732..6dd0622 100644 --- a/matrixssl/test/provider.c +++ b/matrixssl/test/provider.c @@ -5,7 +5,7 @@ * Example how to set crypto provider programmatically. */ /* - * Copyright (c) 2017-2017 INSIDE Secure Corporation + * Copyright (c) 2017-2017 Rambus Inc * All Rights Reserved * * The latest version of this code is available at http://www.matrixssl.org @@ -17,8 +17,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/matrixssl/test/sslTest.c b/matrixssl/test/sslTest.c index ae5fb5d..d5330ff 100644 --- a/matrixssl/test/sslTest.c +++ b/matrixssl/test/sslTest.c @@ -7,7 +7,7 @@ * Iterates over all supported protocol versions and ciphersuites. */ /* - * Copyright (c) 2014-2018 INSIDE Secure Corporation + * Copyright (c) 2014-2018 Rambus Inc * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -20,8 +20,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. @@ -532,6 +532,12 @@ const static __THREAD testCipherSpec_t ciphers[] = { #ifdef USE_TLS_CHACHA20_POLY1305_SHA256 CS(TLS_CHACHA20_POLY1305_SHA256), #endif +#ifdef USE_TLS_AES_128_CCM_SHA256 + CS(TLS_AES_128_CCM_SHA256), +#endif +#ifdef USE_TLS_AES_128_CCM_8_SHA256 + CS(TLS_AES_128_CCM_8_SHA256), +#endif /* RSA */ # ifdef USE_TLS_RSA_WITH_AES_128_CBC_SHA @@ -778,6 +784,10 @@ const static __THREAD testCipherSpec_t ciphers[] = { CS(SSL_RSA_WITH_NULL_MD5), # endif +# ifdef USE_TLS_RSA_WITH_NULL_SHA256 + CS(TLS_RSA_WITH_NULL_SHA256), +# endif + { "NULL", 0 } /* must be last */ }; diff --git a/matrixssl/tls.c b/matrixssl/tls.c index 90a00a7..d1b39f4 100644 --- a/matrixssl/tls.c +++ b/matrixssl/tls.c @@ -8,7 +8,7 @@ * and handshake hashing. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -21,8 +21,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. @@ -682,6 +682,105 @@ int32_t tlsHMACSha2(ssl_t *ssl, int32 mode, unsigned char type, # endif /* USE_SHA256 || USE_SHA384 */ # endif /* USE_SHA_MAC */ +# if defined(USE_HMAC_SM3) +/******************************************************************************/ +/* + TLS SM3 HMAC generate/verify + */ +int32_t tlsHMACSm3(ssl_t *ssl, int32 mode, unsigned char type, + unsigned char *data, uint32 len, unsigned char *mac, int32 hashLen) +{ +# ifndef USE_HMAC_TLS + psHmac_t ctx; +# endif + unsigned char *key, *seq; + unsigned char majVer, minVer, tmp[5]; + int32 i; +# ifdef USE_DTLS + unsigned char dtls_seq[8]; +# endif /* USE_DTLS */ +# ifdef USE_HMAC_TLS + uint32 alt_len; +# endif /* USE_HMAC_TLS */ + + majVer = psEncodeVersionMaj(GET_ACTV_VER(ssl)); + minVer = psEncodeVersionMin(GET_ACTV_VER(ssl)); + + if (mode == HMAC_CREATE) + { + key = ssl->sec.writeMAC; + seq = ssl->sec.seq; + } + else /* HMAC_VERIFY */ + { + key = ssl->sec.readMAC; + seq = ssl->sec.remSeq; + } + /* Sanity */ + if (key == NULL) + { + return PS_FAILURE; + } + +# ifdef USE_DTLS + if (ACTV_VER(ssl, v_dtls_any)) + { + if (mode == HMAC_CREATE) + { + seq = dtls_seq; + Memcpy(dtls_seq, ssl->epoch, 2); + Memcpy(dtls_seq + 2, ssl->rsn, 6); + } + else /* HMAC_VERIFY */ + { + seq = dtls_seq; + Memcpy(dtls_seq, ssl->rec.epoch, 2); + Memcpy(dtls_seq + 2, ssl->rec.rsn, 6); + } + } +# endif /* USE_DTLS */ + + tmp[0] = type; + tmp[1] = majVer; + tmp[2] = minVer; + tmp[3] = (len & 0xFF00) >> 8; + tmp[4] = len & 0xFF; + +# ifdef USE_HMAC_TLS +# ifdef USE_HMAC_TLS_LUCKY13_COUNTERMEASURE + /* Lucky13 countermeasure is only used on the decryption side. */ + alt_len = computeLucky13WorkAmount(ssl, mode, len); +# else + alt_len = len; +# endif + (void) psHmacSm3Tls(key, hashLen, + seq, 8, + tmp, 5, + data, len, alt_len, + mac, hashLen); +# else + if (psHmacInit(&ctx, HMAC_SM3, key, hashLen) < 0) + { + return PS_FAIL; + } + psHmacUpdate(&ctx, seq, 8); + psHmacUpdate(&ctx, tmp, 5); + psHmacUpdate(&ctx, data, len); + psHmacFinal(&ctx, mac); +# endif + /* Update seq (only for normal TLS) */ + for (i = 7; i >= 0; i--) + { + seq[i]++; + if (seq[i] != 0) + { + break; + } + } + return PS_SUCCESS; +} +# endif /* USE_SM3 */ + # ifdef USE_MD5 # ifdef USE_MD5_MAC /******************************************************************************/ diff --git a/matrixssl/tls13Adapter.c b/matrixssl/tls13Adapter.c index 3faedc9..f5dbb4e 100644 --- a/matrixssl/tls13Adapter.c +++ b/matrixssl/tls13Adapter.c @@ -5,7 +5,7 @@ * Adapter layer for internal TLS 1.3 APIs. */ /* - * Copyright (c) 2013-2019 INSIDE Secure Corporation + * Copyright (c) 2013-2019 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. @@ -165,6 +165,10 @@ psBool_t peerSupportsSigAlg(int32_t sigAlg, { yes = ((peerSigAlgs & HASH_SIG_SHA512_ECDSA_MASK) != 0); } + else if (sigAlg == OID_SM3_SM2_SIG) + { + yes = ((peerSigAlgs & HASH_SIG_SM3_SM2_MASK) != 0); + } else { return PS_FALSE; /* Unknown/unsupported sig alg. */ diff --git a/matrixssl/tls13Authenticate.c b/matrixssl/tls13Authenticate.c index 37d454c..4df98af 100644 --- a/matrixssl/tls13Authenticate.c +++ b/matrixssl/tls13Authenticate.c @@ -5,7 +5,7 @@ * Functions for certificate chain validation in TLS 1.3. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. @@ -207,6 +207,13 @@ int32_t psCheckValidationResult(ssl_t *ssl, default: break; } + + /* Check if this is the last validated certificate. */ + if (cert->pathEnd == PS_TRUE) + { + break; + } + cert = cert->next; } diff --git a/matrixssl/tls13CipherSuite.c b/matrixssl/tls13CipherSuite.c index 484e9af..64c4914 100644 --- a/matrixssl/tls13CipherSuite.c +++ b/matrixssl/tls13CipherSuite.c @@ -5,7 +5,7 @@ * Functions for TLS 1.3 ciphersuites. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. @@ -508,6 +508,11 @@ int32_t tls13GetCipherHmacAlg(ssl_t *ssl) return 0; } + if (ssl->cipher->flags & CRYPTO_FLAGS_SM3) + { + return HMAC_SM3; + } + if (ssl->cipher->flags & CRYPTO_FLAGS_SHA3) { return HMAC_SHA384; @@ -529,11 +534,14 @@ int32_t tls13CipherIdToHmacAlg(uint32_t cipherId) { case TLS_AES_128_GCM_SHA256: case TLS_CHACHA20_POLY1305_SHA256: - case TLS_AES_128_CCM_SHA_256: + case TLS_AES_128_CCM_SHA256: case TLS_AES_128_CCM_8_SHA256: return HMAC_SHA256; case TLS_AES_256_GCM_SHA384: return HMAC_SHA384; + case TLS_SM4_GCM_SM3: + case TLS_SM4_CCM_SM3: + return HMAC_SM3; } return 0; @@ -545,9 +553,11 @@ psBool_t isTls13Ciphersuite(uint16_t suite) { case TLS_AES_128_GCM_SHA256: case TLS_CHACHA20_POLY1305_SHA256: - case TLS_AES_128_CCM_SHA_256: + case TLS_AES_128_CCM_SHA256: case TLS_AES_128_CCM_8_SHA256: case TLS_AES_256_GCM_SHA384: + case TLS_SM4_GCM_SM3: + case TLS_SM4_CCM_SM3: return PS_TRUE; default: return PS_FALSE; diff --git a/matrixssl/tls13Decode.c b/matrixssl/tls13Decode.c index f5d23e4..2ae88e2 100644 --- a/matrixssl/tls13Decode.c +++ b/matrixssl/tls13Decode.c @@ -5,7 +5,7 @@ * Functions for decoding TLS 1.3 records. */ /* - * Copyright (c) 2013-2019 INSIDE Secure Corporation + * Copyright (c) 2013-2019 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. @@ -63,7 +63,7 @@ int32_t tls13ParseRecordHeader(ssl_t* ssl, } static inline -int32_t tls13ValidateRecordHeader(sslRec_t *rec) +int32_t tls13ValidateRecordHeader(sslRec_t *rec, size_t tagLen) { /* Validate length. */ if (rec->len > TLS_1_3_MAX_CIPHERTEXT_LEN || rec->len == 0) @@ -73,7 +73,7 @@ int32_t tls13ValidateRecordHeader(sslRec_t *rec) } if (rec->type == SSL_RECORD_TYPE_ALERT) { - if (rec->len < 2 || rec->len > 2 + TLS_GCM_TAG_LEN) + if (rec->len < 2 || rec->len > 2 + tagLen) psTraceErrr("Invalid alert length\n"); } /* Ignore legacy_version field. */ @@ -219,7 +219,7 @@ parse_next_record_header: #ifdef DEBUG_TLS_1_3_DECODE psTracePrintRecordHeader(&ssl->rec, PS_TRUE); #endif - rc = tls13ValidateRecordHeader(&ssl->rec); + rc = tls13ValidateRecordHeader(&ssl->rec, AEAD_TAG_LEN(ssl)); HANDLE_PARSE_RC(rc, SSL_ALERT_ILLEGAL_PARAMETER); if (!psParseCanRead(&pb, ssl->rec.len)) @@ -283,7 +283,7 @@ parse_next_record_header: } else if (ssl->rec.type == SSL_RECORD_TYPE_ALERT) { - if (ssl->rec.len < 2 + TLS_GCM_TAG_LEN) + if (ssl->rec.len < 2 + AEAD_TAG_LEN(ssl)) { /* If it's this short, it cannot be an encrypted. */ rc = tls13ParseAndHandleAlert(ssl, @@ -416,18 +416,18 @@ parse_next_record_header: /* Deal with the decrypted message. */ if (innerType == SSL_RECORD_TYPE_HANDSHAKE) { - unsigned char *p_start = p; end = p + ptLen; /* Parse handshake messages until buffer runs out */ while (p != end) { - rc = tls13ParseHandshakeMessage(ssl, - &p, end); + unsigned char *p_start = p; + + rc = tls13ParseHandshakeMessage(ssl, &p, end); if (rc < 0) { if (DECRYPTING_RECORDS(ssl)) { - p += TLS_GCM_TAG_LEN; + p += AEAD_TAG_LEN(ssl); p += 1; p += padLen; } @@ -446,12 +446,13 @@ parse_next_record_header: * Either handshake message or alert */ goto encodeResponse; } - /* If we got a parse return of >= 0 but p did not move forward, - * return an error to avoid infinite loop */ - if (p_start == p) - { - return PS_FAILURE; - } + + /* If we got a parse return of >= 0 but p did not move forward, + * return an error to avoid infinite loop */ + if (p_start == p) + { + return PS_FAILURE; + } } } else if (innerType == SSL_RECORD_TYPE_APPLICATION_DATA) @@ -1430,7 +1431,7 @@ int32_t tls13ParseServerHello(ssl_t *ssl, } rc = tls13ParseServerHelloExtensions(ssl, pb); - if (rc < 0) + if (rc < 0 && rc != SSL_ENCODE_RESPONSE) { /* In addition to failure cases, we can end up here if we negotiated TLS <1.3. In that case, return @@ -1447,6 +1448,20 @@ int32_t tls13ParseServerHello(ssl_t *ssl, psTraceIntInfo("Can't support requested cipher: %d\n", cipher); return MATRIXSSL_ERROR; } + + if (rc == SSL_ENCODE_RESPONSE) + { + /* Return after selecting a ciphersuite for a + correct Transcript Hash */ + psTraceInfo("Need to re-send TLS 1.3 ClientHello\n"); + return rc; + } + + if (ssl->cipher->flags & CRYPTO_FLAGS_SM4) + { + ssl->tls13SelectedSMSuite = PS_TRUE; + } + if (compressionMethod != 0) { ssl->err = SSL_ALERT_ILLEGAL_PARAMETER; diff --git a/matrixssl/tls13DecodeExt.c b/matrixssl/tls13DecodeExt.c index 4f8c027..f385f6c 100644 --- a/matrixssl/tls13DecodeExt.c +++ b/matrixssl/tls13DecodeExt.c @@ -5,7 +5,7 @@ * Functions for decoding TLS 1.3 extensions */ /* - * Copyright (c) 2013-2019 INSIDE Secure Corporation + * Copyright (c) 2013-2019 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. @@ -1747,12 +1747,17 @@ int32_t tls13ParseSignatureAlgorithms(ssl_t *ssl, /* Save the algoritm based on which extension this is */ if (isCert) { -# ifdef USE_IDENTITY_CERTIFICATES +# ifdef USE_IDENTITY_CERTIFICATES /* Make sure this sig_alg_cert is in our supported list */ if (findFromUint16Array( ssl->tls13SupportedSigAlgsCert, ssl->tls13SupportedSigAlgsCertLen, - sigAlg) != PS_FAILURE) + sigAlg) != PS_FAILURE +# ifdef USE_SM2 + && !(sigAlg != sigalg_sm2sig_sm3 && + ssl->tls13SelectedSMSuite) +# endif + ) { mask = HASH_SIG_MASK(((sigAlg >> 8) & 0xff), (sigAlg & 0xff)); @@ -1769,7 +1774,12 @@ int32_t tls13ParseSignatureAlgorithms(ssl_t *ssl, if (findFromUint16Array( ssl->supportedSigAlgs, ssl->supportedSigAlgsLen, - sigAlg) != PS_FAILURE) + sigAlg) != PS_FAILURE +# ifdef USE_SM2 + && !(sigAlg != sigalg_sm2sig_sm3 && + ssl->tls13SelectedSMSuite) +# endif + ) { mask = HASH_SIG_MASK(((sigAlg >> 8) & 0xff), (sigAlg & 0xff)); diff --git a/matrixssl/tls13DhGroups.h b/matrixssl/tls13DhGroups.h index c7c4e57..5580555 100644 --- a/matrixssl/tls13DhGroups.h +++ b/matrixssl/tls13DhGroups.h @@ -5,7 +5,7 @@ * Static DH group parameters for TLS 1.3. */ /* - * Copyright (c) 2018 INSIDE Secure Corporation + * Copyright (c) 2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/matrixssl/tls13Encode.c b/matrixssl/tls13Encode.c index cd3c821..cbb7da4 100644 --- a/matrixssl/tls13Encode.c +++ b/matrixssl/tls13Encode.c @@ -5,7 +5,7 @@ * TLS 1.3 specific functions for handshake message and record encoding. */ /* - * Copyright (c) 2018 INSIDE Secure Corporation + * Copyright (c) 2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. @@ -140,7 +140,8 @@ int32_t tls13WriteRecordHeader(ssl_t *ssl, psDynBuf_t Handshake; unsigned char *body, *pt, *inner, *ct; size_t bodyLen, ptLen, innerLen, ctLen, cipherOutputLen; - unsigned char tagPlaceholder[TLS_GCM_TAG_LEN] = {0}; + size_t tagLen = AEAD_TAG_LEN(ssl); + unsigned char tagPlaceholder[16] = {0}; psPool_t *pool = ssl->hsPool; psBool_t mustFreeBody = PS_FALSE; @@ -271,19 +272,20 @@ int32_t tls13WriteRecordHeader(ssl_t *ssl, opaque encrypted_record[TLSCiphertext.length]; } TLSCiphertext; */ - psDynBufInit(pool, &TLSCiphertext, innerLen + 5 + TLS_GCM_TAG_LEN); + psDynBufInit(pool, &TLSCiphertext, + innerLen + 5 + tagLen); psDynBufAppendByte(&TLSCiphertext, SSL_RECORD_TYPE_APPLICATION_DATA); psDynBufAppendByte(&TLSCiphertext, TLS_MAJ_VER); psDynBufAppendByte(&TLSCiphertext, TLS_1_2_MIN_VER); - cipherOutputLen = innerLen + TLS_GCM_TAG_LEN; + cipherOutputLen = innerLen + tagLen; psDynBufAppendAsBigEndianUint16(&TLSCiphertext, cipherOutputLen); /* To be encrypted in-situ in encryptRecord. */ psDynBufAppendOctets(&TLSCiphertext, inner, innerLen); psFree(inner, pool); psDynBufUninit(&TLSInnerPlaintext); - psDynBufAppendOctets(&TLSCiphertext, tagPlaceholder, TLS_GCM_TAG_LEN); + psDynBufAppendOctets(&TLSCiphertext, tagPlaceholder, tagLen); ct = psDynBufDetach(&TLSCiphertext, &ctLen); if (ct == NULL) @@ -1026,6 +1028,15 @@ static int32 tls13WriteCertificate(ssl_t *ssl, sslBuf_t *out) break; } } +# endif +# ifdef USE_SM2 + if (c->sigAlgorithm == OID_SM3_SM2_SIG) + { + if (ssl->sec.keySelect.peerCertSigAlgs[i] == sigalg_sm2sig_sm3) + { + break; + } + } # endif } } @@ -2012,6 +2023,7 @@ int32_t tls13EncryptMessage(ssl_t *ssl, unsigned char **end) { int32_t rc; + size_t tagLen = AEAD_TAG_LEN(ssl); # ifdef DEBUG_TLS_1_3_ENCODE switch(msg->hsMsg) @@ -2046,7 +2058,7 @@ int32_t tls13EncryptMessage(ssl_t *ssl, msg->start, msg->len, SSL_RECORD_TYPE_APPLICATION_DATA, - msg->len + TLS_GCM_TAG_LEN); + msg->len + tagLen); if (rc < 0) { psTraceIntInfo("Error encrypting: %d\n", rc); @@ -2059,7 +2071,7 @@ int32_t tls13EncryptMessage(ssl_t *ssl, *end = msg->start + rc; if (ENCRYPTING_RECORDS(ssl)) { - *end += TLS_GCM_TAG_LEN; + *end += tagLen; } /* Update state machine after having successfully written and @@ -2160,6 +2172,7 @@ int32_t tls13EncodeAppData(ssl_t *ssl, psSize_t messageSize, recLen; int32_t rc; psSizeL_t padLen = ssl->tls13PadLen; + size_t tagLen = AEAD_TAG_LEN(ssl); if (!isGoodStateForAppDataEncrypt(ssl)) { @@ -2201,7 +2214,7 @@ int32_t tls13EncodeAppData(ssl_t *ssl, return rc; } c += *len; - recLen = (encryptEnd - encryptStart) + TLS_GCM_TAG_LEN; + recLen = (encryptEnd - encryptStart) + tagLen; rc = tls13Encrypt(ssl, encryptStart, @@ -2250,6 +2263,7 @@ int32_t tls13EncodeAlert(ssl_t *ssl, psBool_t mustEncrypt = PS_FALSE; unsigned char alertBody[2]; psSizeL_t padLen = ssl->tls13PadLen; + size_t tagLen = AEAD_TAG_LEN(ssl); psTracePrintAlertEncodeInfo(ssl, type); @@ -2305,7 +2319,7 @@ int32_t tls13EncodeAlert(ssl_t *ssl, encryptStart, encryptEnd - encryptStart, SSL_RECORD_TYPE_ALERT, - (encryptEnd - encryptStart) + TLS_GCM_TAG_LEN); + (encryptEnd - encryptStart) + tagLen); if (rc < 0) { psTraceIntInfo("Error encrypting: %d\n", rc); @@ -2504,12 +2518,18 @@ int32 tls13WriteClientHello(ssl_t *ssl, sslBuf_t *out, in the list. This affects which PSKs we can choose to offer. Not relying on the user to give us compatible ciphersuite and PSK lists. */ + /* Store info if a SM ciphersuite is proposed. */ for (i = 0; i < ssl->tls13ClientCipherSuitesLen; i++) { if (ssl->tls13ClientCipherSuites[i] == TLS_AES_256_GCM_SHA384) { ssl->tls13CHContainsSha384Suite = PS_TRUE; } + if (ssl->tls13ClientCipherSuites[i] == TLS_SM4_GCM_SM3 || + ssl->tls13ClientCipherSuites[i] == TLS_SM4_CCM_SM3) + { + ssl->tls13CHContainsSMSuite = PS_TRUE; + } else { ssl->tls13CHContainsSha256Suite = PS_TRUE; diff --git a/matrixssl/tls13EncodeExt.c b/matrixssl/tls13EncodeExt.c index 01197d5..6abbdb5 100644 --- a/matrixssl/tls13EncodeExt.c +++ b/matrixssl/tls13EncodeExt.c @@ -5,7 +5,7 @@ * TLS 1.3 specific functions for extension encoding. */ /* - * Copyright (c) 2018 INSIDE Secure Corporation + * Copyright (c) 2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. @@ -1420,6 +1420,11 @@ int32_t tls13WriteClientHelloExtensions(ssl_t *ssl, return rc; } + /* mark the flag for elliptic_curve extension because it shares + * the same ID with supported_group, the server may send it back + * if downgrade to TLS 1.2 */ + ssl->extFlags.req_elliptic_curve = 1; + rc = tls13WriteClientKeyShare(ssl, extBuf); if (rc < 0) { diff --git a/matrixssl/tls13KeyAgree.c b/matrixssl/tls13KeyAgree.c index 2323429..03fbdea 100644 --- a/matrixssl/tls13KeyAgree.c +++ b/matrixssl/tls13KeyAgree.c @@ -5,7 +5,7 @@ * TLS 1.3 specific functions for key agreement. */ /* - * Copyright (c) 2018 INSIDE Secure Corporation + * Copyright (c) 2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. @@ -628,6 +628,13 @@ uint16_t tls13NegotiateGroup(ssl_t *ssl, uint16_t negotiatedGroup; int32_t rc; +# ifdef USE_SM2 + if (ssl->tls13SelectedSMSuite == PS_TRUE) + { + return namedgroup_curveSM2; + } +# endif + psAssert(ssl->tls13SupportedGroups[0] != 0); /* Default. If anything goes wrong, use this. */ @@ -1053,6 +1060,13 @@ psBool_t tls13WeSupportGroup(ssl_t *ssl, { if (ssl->tls13SupportedGroups[i] == namedGroup) { +#ifdef USE_SM2 + if (ssl->tls13SelectedSMSuite == PS_TRUE && + namedGroup != namedgroup_curveSM2) + { + return PS_FALSE; + } +#endif return PS_TRUE; } } diff --git a/matrixssl/tls13KeySchedule.c b/matrixssl/tls13KeySchedule.c index 4762db4..2698ab5 100644 --- a/matrixssl/tls13KeySchedule.c +++ b/matrixssl/tls13KeySchedule.c @@ -5,7 +5,7 @@ * TLS 1.3 secret and key derivation. */ /* - * Copyright (c) 2018 INSIDE Secure Corporation + * Copyright (c) 2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. @@ -76,6 +76,12 @@ static unsigned char sha384OfEmptyInput[] = 0x4c, 0x0c, 0xc7, 0xbf, 0x63, 0xf6, 0xe1, 0xda, 0x27, 0x4e, 0xde, 0xbf, 0xe7, 0x6f, 0x65, 0xfb, 0xd5, 0x1a, 0xd2, 0xf1, 0x48, 0x98, 0xb9, 0x5b }; +static unsigned char sm3OfEmptyInput[] = +{ + 0x1a, 0xb2, 0x1d, 0x83, 0x55, 0xcf, 0xa1, 0x7f, 0x8e, 0x61, 0x19, 0x48, + 0x31, 0xe8, 0x1a, 0x8f, 0x22, 0xbe, 0xc8, 0xc7, 0x28, 0xfe, 0xfb, 0x74, + 0x7e, 0xd0, 0x35, 0xeb, 0x50, 0x82, 0xaa, 0x2b +}; static inline void tls13ClearSecret(unsigned char *secret, @@ -122,11 +128,16 @@ int32_t tls13DeriveSecret(ssl_t *ssl, pHash = sha256OfEmptyInput; trHashLen = 32; } - else + else if (hmacAlg == HMAC_SHA384) { pHash = sha384OfEmptyInput; trHashLen = 48; } + else if (hmacAlg == HMAC_SM3) + { + pHash = sm3OfEmptyInput; + trHashLen = 32; + } } rc = psHkdfExpandLabel(ssl->hsPool, diff --git a/matrixssl/tls13Negotiate.c b/matrixssl/tls13Negotiate.c index ed81e84..2c02043 100644 --- a/matrixssl/tls13Negotiate.c +++ b/matrixssl/tls13Negotiate.c @@ -5,7 +5,7 @@ * TLS 1.3 specific functions for parameter negotiation. */ /* - * Copyright (c) 2018 INSIDE Secure Corporation + * Copyright (c) 2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. @@ -89,6 +89,14 @@ int32_t tls13TryNegotiateParams(ssl_t *ssl, peerCanVerifyCvSig = PS_TRUE; break; } +# endif +# ifdef USE_SM2 + if (givenKey->privKey.type == PS_ECC && + ssl->sec.keySelect.peerSigAlgs[i] == sigalg_sm2sig_sm3) + { + peerCanVerifyCvSig = PS_TRUE; + break; + } # endif } @@ -149,6 +157,13 @@ int32_t tls13TryNegotiateParams(ssl_t *ssl, { peerCanVerifyCert = PS_TRUE; } +# endif +# ifdef USE_SM2 + else if (cert->sigAlgorithm == OID_SM3_SM2_SIG && + ssl->sec.keySelect.peerSigAlgs[i] == sigalg_sm2sig_sm3) + { + peerCanVerifyCert = PS_TRUE; + } # endif else { diff --git a/matrixssl/tls13Psk.c b/matrixssl/tls13Psk.c index 6a5ad45..316c763 100644 --- a/matrixssl/tls13Psk.c +++ b/matrixssl/tls13Psk.c @@ -5,7 +5,7 @@ * Functions for dealing with TLS 1.3 PSKs. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/matrixssl/tls13Resume.c b/matrixssl/tls13Resume.c index 5728de4..427b513 100644 --- a/matrixssl/tls13Resume.c +++ b/matrixssl/tls13Resume.c @@ -5,7 +5,7 @@ * TLS 1.3 session resumption. */ /* - * Copyright (c) 2018 INSIDE Secure Corporation + * Copyright (c) 2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. @@ -158,6 +158,7 @@ int32_t tls13NewTicket(ssl_t *ssl, psSizeL_t stateLen, outLen; psTls13Psk_t *psk; psTls13SessionParams_t params; + int32_t tagLen = AEAD_TAG_LEN(ssl); if (pskValLen < 0) { /* this is an error code */ @@ -268,15 +269,15 @@ int32_t tls13NewTicket(ssl_t *ssl, psTraceBytes("ct", state, stateLen); # endif - tag = psMalloc(ssl->hsPool, TLS_GCM_TAG_LEN); + tag = psMalloc(ssl->hsPool, tagLen); psAesGetGCMTag(&ctx, - TLS_GCM_TAG_LEN, + tagLen, tag); # ifdef DEBUG_TLS_1_3_RESUMPTION - psTraceBytes("tag", tag, TLS_GCM_TAG_LEN); + psTraceBytes("tag", tag, tagLen); # endif - psDynBufAppendOctets(&buf, tag, TLS_GCM_TAG_LEN); + psDynBufAppendOctets(&buf, tag, tagLen); psAesClearGCM(&ctx); @@ -317,6 +318,7 @@ int32_t tls13DecryptTicket(ssl_t *ssl, psParseBuf_t encStateBuf; const unsigned char *ticketEnd = ticket + ticketLen; psTls13Psk_t *psk; + int32_t tagLen = AEAD_TAG_LEN(ssl); /* struct { @@ -357,7 +359,7 @@ int32_t tls13DecryptTicket(ssl_t *ssl, goto out_illegal_parameter; } if (encStateLen < 1 || - !psParseCanRead(&encStateBuf, encStateLen + TLS_GCM_TAG_LEN)) + !psParseCanRead(&encStateBuf, encStateLen + tagLen)) { psTrace("Decrypted ticket too short\n"); goto out_illegal_parameter; @@ -381,7 +383,7 @@ int32_t tls13DecryptTicket(ssl_t *ssl, rc = psAesDecryptGCM(&ctx, encStateBuf.buf.start, - encStateLen + TLS_GCM_TAG_LEN, + encStateLen + tagLen, pt, ptLen); diff --git a/matrixssl/tls13SigVer.c b/matrixssl/tls13SigVer.c index 291ff04..a91fd13 100644 --- a/matrixssl/tls13SigVer.c +++ b/matrixssl/tls13SigVer.c @@ -6,7 +6,7 @@ * verification. */ /* - * Copyright (c) 2018 INSIDE Secure Corporation + * Copyright (c) 2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -19,8 +19,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. @@ -114,6 +114,13 @@ uint16_t tls13ChooseSigAlg(ssl_t *ssl, ourSigAlgs[0] = sigalg_ecdsa_secp521r1_sha512; ourSigAlgsLen = 1; } +# ifdef USE_SM2 + else if (p->privKey.key.ecc.curve->curveId == IANA_CURVESM2) + { + ourSigAlgs[0] = sigalg_sm2sig_sm3; + ourSigAlgsLen = 1; + } +# endif else { psTraceInfo("TODO: add support for more curves in TLS 1.3\n"); @@ -310,6 +317,12 @@ int32_t tls13Sign(psPool_t *pool, sigAlgOid = OID_ED25519_KEY_ALG; break; # endif +# ifdef USE_SM2 + case sigalg_sm2sig_sm3: + hashSigAlg = OID_SM3_SM2_SIG; + sigAlgOid = OID_SM3_SM2_SIG; + break; +# endif # ifdef USE_RSA case sigalg_rsa_pss_pss_sha256: case sigalg_rsa_pss_rsae_sha256: @@ -344,10 +357,24 @@ int32_t tls13Sign(psPool_t *pool, if (tls13RequiresPreHash(sigAlg)) { - rc = psComputeHashForSig(tbs, tbsLen, - hashSigAlg, - hashTbs, - &hashTbsLen); +#ifdef USE_SM2 + if (sigAlg == sigalg_sm2sig_sm3) + { + rc = psComputeHashForSm2(tbs, tbsLen, + &privKey->key.ecc, + "TLSv1.3+GM+Cipher+Suite", + 23, + hashTbs, + &hashTbsLen); + } + else +#endif + { + rc = psComputeHashForSig(tbs, tbsLen, + hashSigAlg, + hashTbs, + &hashTbsLen); + } if (rc != PS_SUCCESS) { goto out_fail; @@ -471,6 +498,12 @@ int32_t tls13Verify(psPool_t *pool, cryptoLayerSigAlg = OID_ED25519_KEY_ALG; psAssert(pubKey->type == PS_ED25519); break; +#endif +#ifdef USE_SM2 + case sigalg_sm2sig_sm3: + cryptoLayerSigAlg = OID_SM3_SM2_SIG; + psAssert(pubKey->key.ecc.curve->curveId == IANA_CURVESM2); + break; #endif default: psTraceIntInfo("Unsupported sig alg in tls13Verify: %u\n", @@ -571,7 +604,12 @@ psBool_t tls13RequiresPreHash(uint16_t alg) { return PS_FALSE; } - +# ifdef USE_SM2 + else if (alg == sigalg_sm2sig_sm3) + { + return PS_TRUE; + } +# endif # ifdef USE_RSA else if (tls13IsRsaPssSigAlg(alg)) { diff --git a/matrixssl/tls13TrHash.c b/matrixssl/tls13TrHash.c index 40599b4..17e0175 100644 --- a/matrixssl/tls13TrHash.c +++ b/matrixssl/tls13TrHash.c @@ -5,7 +5,7 @@ * TLS 1.3 Transcript-Hash, also called session hash or handshake hash. */ /* - * Copyright (c) 2018 INSIDE Secure Corporation + * Copyright (c) 2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. @@ -49,7 +49,12 @@ static inline int32_t getHashAlg(ssl_t *ssl) { return OID_SHA256_ALG; } - +# ifdef USE_SM3 + if (ssl->cipher->flags & CRYPTO_FLAGS_SM3) + { + return OID_SM3_ALG; + } +# endif if (ssl->cipher->flags & CRYPTO_FLAGS_SHA3) { return OID_SHA384_ALG; @@ -72,6 +77,9 @@ int32_t tls13TranscriptHashInit(ssl_t *ssl) psTraceInfo("Initialising Transcript-Hash with both SHA-256 and 384\n"); psSha256Init(&ssl->sec.tls13msgHashSha256); psSha384Init(&ssl->sec.tls13msgHashSha384); +# ifdef USE_SM3 + psSm3Init(&ssl->sec.tls13msgHashSm3); +# endif return MATRIXSSL_SUCCESS; } @@ -87,6 +95,12 @@ int32_t tls13TranscriptHashInit(ssl_t *ssl) psTraceInfo("Initialising Transcript-Hash with Hash == SHA384\n"); psSha384Init(&ssl->sec.tls13msgHashSha384); break; +# ifdef USE_SM3 + case OID_SM3_ALG: + psTraceInfo("Initialising Transcript-Hash with Hash == SM3\n"); + psSm3Init(&ssl->sec.tls13msgHashSm3); + break; +# endif default: psTraceErrr("Unsupported TLS 1.3 hash alg\n"); return PS_UNSUPPORTED_FAIL; @@ -140,7 +154,7 @@ int32_t tls13TranscriptHashReinit(ssl_t *ssl) SHA256_HASH_SIZE); messageHashLen += SHA256_HASH_SIZE; } - else + else if (alg == OID_SHA384_ALG) { messageHash[3] = SHA384_HASH_SIZE; Memcpy(messageHash + 4, @@ -148,6 +162,14 @@ int32_t tls13TranscriptHashReinit(ssl_t *ssl) SHA384_HASH_SIZE); messageHashLen += SHA384_HASH_SIZE; } + else if (alg == OID_SM3_ALG) + { + messageHash[3] = SM3_HASH_SIZE; + Memcpy(messageHash + 4, + ssl->sec.tls13TrHashSnapshotCH1, + SM3_HASH_SIZE); + messageHashLen += SM3_HASH_SIZE; + } rc = tls13TranscriptHashUpdate(ssl, messageHash, @@ -190,9 +212,15 @@ int32_t tls13TranscriptHashUpdate(ssl_t *ssl, Update both.*/ psSha256Update(&ssl->sec.tls13msgHashSha256, in, len); psSha384Update(&ssl->sec.tls13msgHashSha384, in, len); +# ifdef USE_SM3 + psSm3Update(&ssl->sec.tls13msgHashSm3, in, len); +# endif # ifdef DEBUG_TLS_1_3_TRANSCRIPT_HASH psTracePrintTranscriptHashUpdate(ssl, in, len, OID_SHA256_ALG); psTracePrintTranscriptHashUpdate(ssl, in, len, OID_SHA384_ALG); +# ifdef USE_SM3 + psTracePrintTranscriptHashUpdate(ssl, in, len, OID_SM3_ALG); +# endif # endif return MATRIXSSL_SUCCESS; } @@ -207,6 +235,11 @@ int32_t tls13TranscriptHashUpdate(ssl_t *ssl, case OID_SHA384_ALG: psSha384Update(&ssl->sec.tls13msgHashSha384, in, len); break; +# ifdef USE_SM3 + case OID_SM3_ALG: + psSm3Update(&ssl->sec.tls13msgHashSm3, in, len); + break; +# endif default: psTraceErrr("Unsupported TLS 1.3 hash alg\n"); return PS_UNSUPPORTED_FAIL; @@ -248,6 +281,19 @@ int32_t tls13TranscriptHashFinish(ssl_t *ssl, # endif } break; +# ifdef USE_SM3 + case OID_SM3_ALG: + { + psSm3_t sm3; + + psSm3Cpy(&sm3, &ssl->sec.tls13msgHashSm3); + psSm3Final(&sm3, out); +# ifdef DEBUG_TLS_1_3_TRANSCRIPT_HASH + psTraceBytes("Transcript-Hash SM3 snapshot", out, 32); +# endif + } + break; +# endif default: psTraceErrr("Unsupported TLS 1.3 hash alg\n"); return PS_UNSUPPORTED_FAIL; @@ -287,6 +333,19 @@ int32_t tls13TranscriptHashSnapshotAlg(ssl_t *ssl, # endif } break; +# ifdef USE_SM3 + case OID_SM3_ALG: + { + psSm3_t sm3; + + psSm3Cpy(&sm3, &ssl->sec.tls13msgHashSm3); + psSm3Final(&sm3, out); +# ifdef DEBUG_TLS_1_3_TRANSCRIPT_HASH + psTraceBytes("Transcript-Hash SM3 snapshot", out, 32); +# endif + } + break; +# endif default: psTraceErrr("Unsupported TLS 1.3 hash alg\n"); return PS_UNSUPPORTED_FAIL; diff --git a/matrixssl/tls13TrHashBuffered.c b/matrixssl/tls13TrHashBuffered.c index a208e57..190b191 100644 --- a/matrixssl/tls13TrHashBuffered.c +++ b/matrixssl/tls13TrHashBuffered.c @@ -6,7 +6,7 @@ * Buffered implementation. */ /* - * Copyright (c) 2018 INSIDE Secure Corporation + * Copyright (c) 2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -19,8 +19,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/matrixssl/tlsDefaults.c b/matrixssl/tlsDefaults.c index 0cb7456..a62baad 100644 --- a/matrixssl/tlsDefaults.c +++ b/matrixssl/tlsDefaults.c @@ -6,7 +6,7 @@ * */ /* - * Copyright (c) 2018 INSIDE Secure Corporation + * Copyright (c) 2018 Rambus Inc. * All Rights Reserved * * The latest version of this code is available at http://www.matrixssl.org @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. @@ -67,6 +67,9 @@ static const uint16_t tls12SigAlgs[] = sigalg_rsa_pss_rsae_sha256, sigalg_rsa_pss_rsae_sha384, sigalg_rsa_pss_rsae_sha512, +# endif +# ifdef USE_SM2 + sigalg_sm2sig_sm3, # endif 0 }; @@ -80,6 +83,9 @@ static const uint16_t tls13SigAlgs[] = sigalg_ecdsa_secp521r1_sha512, # ifdef USE_ED25519 sigalg_ed25519, +# endif +# ifdef USE_SM2 + sigalg_sm2sig_sm3, # endif sigalg_rsa_pss_rsae_sha256, sigalg_rsa_pss_rsae_sha384, @@ -103,6 +109,9 @@ static const uint16_t allSigAlgs[] = # ifdef USE_ED25519 sigalg_ed25519, # endif +# ifdef USE_SM2 + sigalg_sm2sig_sm3, +# endif # ifdef USE_PKCS1_PSS sigalg_rsa_pss_rsae_sha256, sigalg_rsa_pss_rsae_sha384, @@ -295,6 +304,7 @@ int32 getDefaultVersions(ssl_t *ssl) enabled via compile-time config. */ if (!supportTls13Draft && (mask & v_tls_1_3_draft_any)) { + mask >>= 1; continue; } /* Supported by the build-time config? */ diff --git a/matrixssl/tlsSelectKeys.c b/matrixssl/tlsSelectKeys.c index 671e06c..316f4e6 100644 --- a/matrixssl/tlsSelectKeys.c +++ b/matrixssl/tlsSelectKeys.c @@ -5,7 +5,7 @@ * Client-side key and certificate selection. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -18,8 +18,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/matrixssl/tlsSigVer.c b/matrixssl/tlsSigVer.c index 6ca4524..44f0ec0 100644 --- a/matrixssl/tlsSigVer.c +++ b/matrixssl/tlsSigVer.c @@ -6,7 +6,7 @@ * and below. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -19,8 +19,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. @@ -317,6 +317,13 @@ psRes_t tlsPrepareSkeSignature(ssl_t *ssl, } # endif +# if defined(USE_SM2) && defined(USE_SM3) + if (skeSigAlg == OID_SM3_SM2_SIG) + { + needPreHash = PS_FALSE; + } +# endif + if (needPreHash) { /* Reserve space for the hash of signed_params. */ @@ -325,7 +332,6 @@ psRes_t tlsPrepareSkeSignature(ssl_t *ssl, { return PS_MEM_FAIL; } - /* Compute the hash. */ rc = computeSkeHash(ssl, &digestCtx, @@ -520,6 +526,12 @@ psRes_t tlsMakeSkeSignature(ssl_t *ssl, ssl->ecdsaSizeChange = 0; # endif opts.flags |= PS_SIGN_OPTS_ECDSA_INCLUDE_SIZE; +# if defined(USE_SM2) && defined(USE_SM3) + if (privKey->key.ecc.curve->curveId == IANA_CURVESM2) + { + opts.flags |= PS_SIGN_OPTS_SM2_SIGN; + } +# endif break; # endif /* USE_ECC_CIPHER_SUITE */ default: @@ -692,6 +704,8 @@ psResSize_t tlsSigAlgToHashLen(uint16_t alg) case sigalg_rsa_pss_pss_sha512: case sigalg_ecdsa_secp521r1_sha512: return SHA512_HASH_SIZE; + case sigalg_sm2sig_sm3: + return SM3_HASH_SIZE; default: return PS_UNSUPPORTED_FAIL; } @@ -724,6 +738,9 @@ int32_t tlsSigAlgToMatrix(uint16_t alg) return OID_SHA384_ECDSA_SIG; case sigalg_ecdsa_secp521r1_sha512: return OID_SHA512_ECDSA_SIG; + case sigalg_sm2sig_sm3: + case 0x0707: /*in tls1.2 case*/ + return OID_SM3_SM2_SIG; default: return PS_UNSUPPORTED_FAIL; } @@ -780,6 +797,14 @@ int32_t tlsVerify(ssl_t *ssl, } sigAlgTls = *c << 8; c++; sigAlgTls += *c; c++; +# if defined(USE_SM2) && defined(USE_SM3) + if (sigAlgTls == 0x0707) + { + sigAlgTls = sigalg_sm2sig_sm3; + opts->noPreHash = PS_TRUE; + } +# endif + if (tlsIsSupportedRsaSigAlg(sigAlgTls)) { useRsa = PS_TRUE; @@ -928,6 +953,12 @@ int32_t tlsVerify(ssl_t *ssl, { opts->msgIsDigestInfo = PS_TRUE; } +# if defined(USE_SM2) && defined(USE_SM3) + if (sigAlgTls == sigalg_sm2sig_sm3) + { + opts->msgIsDigestInfo = PS_FALSE; + } +# endif if (sigAlgTls == 0) { matrixSigAlg = useRsa ? OID_RSA_TLS_SIG_ALG : OID_SHA1_ECDSA_SIG; @@ -1039,6 +1070,10 @@ psBool_t peerSupportsSigAlg(int32_t sigAlg, { yes = ((peerSigAlgs & HASH_SIG_SHA512_ECDSA_MASK) != 0); } + else if (sigAlg == OID_SM3_SM2_SIG) + { + yes = ((peerSigAlgs & HASH_SIG_SM3_SM2_MASK) != 0); + } else { return PS_FALSE; /* Unknown/unsupported sig alg. */ @@ -1151,6 +1186,13 @@ psBool_t weSupportSigAlg(int32_t sigAlg, { #ifdef USE_SHA512 we_support = 1; +#endif + } + else if (sigAlg == OID_SM3_SM2_SIG) + { +#if defined(USE_SM2) && defined(USE_SM3) + we_support = 1; + is_non_fips =1; #endif } else @@ -1400,7 +1442,8 @@ int32_t chooseSigAlgInt(int32_t certSigAlg, if (certSigAlg != OID_SHA1_ECDSA_SIG && certSigAlg != OID_SHA256_ECDSA_SIG && certSigAlg != OID_SHA384_ECDSA_SIG && - certSigAlg != OID_SHA512_ECDSA_SIG) + certSigAlg != OID_SHA512_ECDSA_SIG && + certSigAlg != OID_SM3_SM2_SIG) { /* Pubkey is ECDSA, but cert is signed with RSA. Convert to corresponding ECDSA alg. */ @@ -1535,11 +1578,17 @@ int32_t getSignatureAndHashAlgorithmEncoding(uint16_t sigAlgOid, b2 = 0x1; /* RSA */ hLen = SHA512_HASH_SIZE; break; +#endif +#if defined(USE_SM2) && defined(USE_SM3) + case OID_SM3_SM2_SIG: + b1 = 0x7; + b2 = 0x7; + hLen = SM3_HASH_SIZE; + break; #endif default: return PS_UNSUPPORTED_FAIL; /* algorithm not supported */ } - if (octet1 && octet2 && hashSize) { *octet1 = b1; diff --git a/matrixssl/tlsTrace.c b/matrixssl/tlsTrace.c index 2b8e8a3..60f71f2 100644 --- a/matrixssl/tlsTrace.c +++ b/matrixssl/tlsTrace.c @@ -7,7 +7,7 @@ * defined in matrixssllib.h. */ /* - * Copyright (c) 2013-2018 INSIDE Secure Corporation + * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * @@ -20,8 +20,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from INSIDE at - * http://www.insidesecure.com/ + * commercial license for this software may be purchased from Rambus at + * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. @@ -548,6 +548,10 @@ void psPrintSigAlgs(psSize_t indentLevel, { tlsTraceIndent(indentLevel, "ECDSA-SHA512\n"); } + if (sigAlgs & HASH_SIG_SM3_SM2_MASK) + { + tlsTraceIndent(indentLevel, "SM2-SM3\n"); + } if (addNewline) { @@ -615,6 +619,9 @@ void psPrintMatrixSigAlg(psSize_t indentLevel, case OID_RSA_TLS_SIG_ALG: tlsTrace("rsa_md5sha1"); break; + case OID_SM3_SM2_SIG: + tlsTrace("sm2sig_sm3"); + break; default: tlsTraceInt("Unknown/unexpected sig alg: %d", alg); } @@ -707,6 +714,10 @@ void psPrintTls13SigAlg(psSize_t indentLevel, { tlsTrace("ecdsa_sha1"); } + else if (alg == sigalg_sm2sig_sm3) + { + tlsTrace("sm2sig_sm3"); + } else { tlsTraceInt("Unknown signature algorithm: %hu\n", alg); @@ -752,12 +763,12 @@ void psPrintTls13SigAlgList(psSize_t indentLevel, psSize_t numAlgs, psBool_t addNewline) { - return psPrintTls13SigAlgListInner(indentLevel, - where, - algs, - numAlgs, - PS_FALSE, - PS_TRUE); + psPrintTls13SigAlgListInner(indentLevel, + where, + algs, + numAlgs, + PS_FALSE, + PS_TRUE); } void psPrintTls13SigAlgListBigEndian(psSize_t indentLevel, @@ -766,12 +777,12 @@ void psPrintTls13SigAlgListBigEndian(psSize_t indentLevel, psSize_t numAlgs, psBool_t addNewline) { - return psPrintTls13SigAlgListInner(indentLevel, - where, - algs, - numAlgs, - PS_TRUE, - PS_TRUE); + psPrintTls13SigAlgListInner(indentLevel, + where, + algs, + numAlgs, + PS_TRUE, + PS_TRUE); } void psPrintVer(psProtocolVersion_t ver) @@ -1005,6 +1016,10 @@ void psPrintTls13NamedGroup(psSize_t indentLevel, { tlsTrace("ffdhe8192"); } + else if (namedGroup == 0x0029) + { + tlsTrace("curveSM2"); + } else if (namedGroup >= 0x01fc && namedGroup <= 0x1ff) { tlsTrace("ffdhe_private_use"); @@ -1100,6 +1115,10 @@ void psPrintEcFlags(psSize_t indentLevel, { tlsTrace("P-521\n"); } + else if (ecFlags & IS_CURVESM2) + { + tlsTrace("SM2\n"); + } # else tlsTrace("Need USE_ECC for this\n"); # endif @@ -1598,6 +1617,12 @@ void psPrintTranscriptHashUpdate(ssl_t *ssl, { tlsTrace("SHA-256"); } +#ifdef USE_SM3 + else if (hashAlg == OID_SM3_ALG) + { + tlsTrace("SM3"); + } +#endif else { tlsTrace("Unknown digest"); @@ -1671,6 +1696,9 @@ void psPrintCiphersuiteName(psSize_t indentLevel, case TLS_DH_anon_WITH_AES_256_CBC_SHA: tlsTrace("TLS_DH_anon_WITH_AES_256_CBC_SHA"); break; + case TLS_RSA_WITH_NULL_SHA256: + tlsTrace("TLS_RSA_WITH_NULL_SHA256"); + break; case TLS_RSA_WITH_AES_128_CBC_SHA256: tlsTrace("TLS_RSA_WITH_AES_128_CBC_SHA256"); break; @@ -1806,12 +1834,27 @@ void psPrintCiphersuiteName(psSize_t indentLevel, case TLS_CHACHA20_POLY1305_SHA256: tlsTrace("TLS_CHACHA20_POLY1305_SHA256"); break; - case TLS_AES_128_CCM_SHA_256: - tlsTrace("TLS_AES_128_CCM_SHA_256"); + case TLS_AES_128_CCM_SHA256: + tlsTrace("TLS_AES_128_CCM_SHA256"); break; case TLS_AES_128_CCM_8_SHA256: tlsTrace("TLS_AES_128_CCM_8_SHA_256"); break; + case TLS_SM4_GCM_SM3: + tlsTrace("TLS_SM4_GCM_SM3"); + break; + case TLS_SM4_CCM_SM3: + tlsTrace("TLS_SM4_CCM_SM3"); + break; + case TLS_ECDHE_SM2_WITH_SMS4_SM3: + tlsTrace("TLS_ECDHE_SM2_WITH_SMS4_SM3"); + break; + case TLS_ECDHE_SM2_WITH_SMS4_SHA256: + tlsTrace("TLS_ECDHE_SM2_WITH_SMS4_SHA256"); + break; + case TLS_ECDHE_SM2_WITH_SMS4_GCM_SM3: + tlsTrace("TLS_ECDHE_SM2_WITH_SMS4_GCM_SM3"); + break; default: tlsTraceInt("Unknown ciphersuite: %d", cipherId); } diff --git a/matrixssl/version.h b/matrixssl/version.h index 2a1a650..8b313b9 100644 --- a/matrixssl/version.h +++ b/matrixssl/version.h @@ -1,5 +1,5 @@ /* - Copyright 2020 INSIDE Secure Corporation + Copyright 2022 Rambus Inc. This file is auto-generated */ #ifndef _h_MATRIXSSL_VERSION @@ -8,10 +8,10 @@ extern "C" { #endif -#define MATRIXSSL_VERSION "4.3.0-OPEN" +#define MATRIXSSL_VERSION "4.5.1-OPEN" #define MATRIXSSL_VERSION_MAJOR 4 -#define MATRIXSSL_VERSION_MINOR 3 -#define MATRIXSSL_VERSION_PATCH 0 +#define MATRIXSSL_VERSION_MINOR 5 +#define MATRIXSSL_VERSION_PATCH 1 #define MATRIXSSL_VERSION_CODE "OPEN" #ifdef __cplusplus diff --git a/release_notes-4-3-0-open.html b/release_notes-4-3-0-open.html deleted file mode 100644 index 3816ab2..0000000 --- a/release_notes-4-3-0-open.html +++ /dev/null @@ -1,229 +0,0 @@ - - - - - - - - - - -

              MatrixSSL 4.x changelog

              -

              Changes between 4.2.2 and 4.3.0 [June 2020]

              -
              * Added a constant-time variant of eccMulmod, in response to the Minerva attack.
-* Fixed a possible infinite loop in message parsing discovered by 
-  Andreas Walz (ivESK).
-* Timing sidechannel mitigation (Github issue #23).
-* Change hard coded values to enums in matrixSslLoadKeys (Github issue #35).
-* Disabled TLS 1.3 draft versions by default.
-* Fixes TLS 1.2 session ticket based resumption.
-* May only enable either PS_PUBKEY_OPTIMIZE_FOR_FASTER_SPEED or
-  PS_PUBKEY_OPTIMIZE_FOR_SMALLER_RAM (Github issue #37). 
-* Channel Bindings for TLS (only for TLS 1.2 and below), new APIs added
-    - matrixSslGetFinished
-    - matrixSslGetPeerFinished
-    - matrixSslGetTlsUniqueChannelBindings
-* Added API for accessing MatrixSSL structures without direct access
-  to structure members. Use of this API will slightly enlarge the
-  MatrixSSL binary but will enable building software that is not
-  dependent on exact binary layout of structures such as ssl_t.
-* Fixes the bug when NULL keydata was used in sslLoadKeyPair() function.
-* Other bug fixes.
              -

              Changes between 4.2.1 and 4.2.2 [August 2019]

              -

              This version fixes a few security issues related to DTLS and handshake message length. It also defines the size of psBool_t to be equivalent to bool on both x86 and ARM platforms.

              -
                -

              • TLS:

                -
                  -

                • Fixed vulenerabilities and bugs related to DTLS discovered by Jakub Botwicz (Samsung R&D Poland).

                  • -

                • Limited handshake message length.

                  • -
                • -

              • Crypto

                -
                  -
                • Added support for parsing public keys in OpenSSL ECC DER/PEM format.
                  -
                  • -
                • Fixed support for SHA224 RSA.
                  • -
                • -
              -

              Changes between 4.2.0 and 4.2.1 [June 2019]

              -

              This version fixes an out of bounds read in ASN.1 handling found by Tyler Nighswander (ForAllSecure).

              -

              Changes between 4.1.0 and 4.2.0 [May 2019]

              -

              This version adds a compile-time option that allows TLS 1.3 only builds, adds new getter APIs and fixes several bugs.

              -
                -

              • TLS:

                -
                  -

                • Allow TLS 1.3 only builds by introducing the USE_TLS_1_3_ONLY compile-time option. This significantly reduces the minimum code footprint of TLS 1.3 builds. The example configuration tls13-minimal makes use of the new compile-time option.

                  • -

                • Add the matrixSslGetUserPtr API. This getter API should be used instead of raw access to ssl->userPtr.

                  • -

                • Added the matrixSslGetNegotiatedCiphersuite and matrixSslGetActiveCiphersuite APIs.

                  • -

                • Added the matrixSslGetMasterSecret API. This API requires the ENABLE_MASTER_SECRET_EXPORT compile-time option, which is disabled by default.

                  • -

                • Completely remove support for TLS record compression (unifdef USE_ZLIB_COMPRESSION). TLS record compression is almost never used in practice due to serious vulnerabilities associated with the feature (see e.g. the CRIME attack).

                  • -

                • Fixed a bug where decrypting an alert in TLS 1.3 could cause matrixSslProcessed data to erroneously indicate that there is more application data to process.

                  • -

                • Allow storing the unparsed certificate DER octets (in the unparsedBin member of psX509Cert_t) even in TLS 1.3.

                  • -

                • Fix segfault when receiving a server certificate without the commonName component.

                  • -

                • Fixed handshake failure with some clients that attempted to use a TLS 1.2 session ticket in a TLS 1.3 connection.

                  • -

                • Fix build error with the USE_EXT_CERTIFICATE_VERIFY_SIGNING compile-time option.

                  • -

                • Fix sslTest failure when using the USE_EXT_CERTIFICATE_VERIFY_SIGNING compile-time option.

                  • -

                • Fix a bug that caused the server to sometimes select a TLS 1.3 ciphersuite even when TLS 1.2 or below had been negotiated.

                  • -

                • Add Ed25519 test keys and certificates.

                  • -

                • Add Ed25519 testing to sslTest. (Note that Ed25519 is only supported in TLS 1.3.)

                  • -
                • -

              • Crypto:

                -
                  -

                • (FIPS Edition only): Fix a bug that prevented verification of RSA-SHA-1 signatures in FIPS mode. FIPS 140-2 allows verification of SHA-1 based signatures, but forbids generating such signatures.

                  • -

                • Store the order of DN attributes in certificate subject and issuer fields.

                  • -

                • Add an option to the psX509GetOnelineDN API that allows printing the DN attributes in the original order they were encoded in the parsed certificate.

                  • -

                • Fix parsing of Ed25519 certificates.

                  • -

                • Fix parsing of ECDSA-SHA224 certificates.

                  • -
                • -
              -

              Changes between 4.0.2 and 4.1.0 [April 2019]

              -
                -

              • TLS:

                -
                  -

                • (RoT Edition only): Added support for Inside Secure VaultIP (Root-of-Trust) crypto provider.

                  • -

                • Improved the separation of private and public TLS header files for better private-public separation. The public headers now of the form matrixsslApi*.h, while private headers are of the form matrixssllib_*.h.

                  • -

                • Added client-side support for X25519 in TLS 1.2.

                  • -

                • Added client-side support for RSASSA-PSS signatures in TLS 1.2.

                  • -

                • Added support for RSASSA-PSS key/cert pairs.

                  • -

                • Fix vulnerabilities reported by Robert Święcki (discovered using Hongfuzzer): a server-side heap buffer read overflow when parsing maliciously crafted ClientHello extensions and a segfault in TLS 1.2 GCM decryption of maliciously crafted records with small ciphertext.

                  • -

                • Added the simpleClient.c and simpleServer.c example applications. These are intended as minimalistic examples of how to use the top-level TLS API.

                  • -

                • Fixed bugs in matrixSslSessOptsServerTlsVersionRange and matrixSslSessOptsClientTlsVersionRange.

                  • -

                • Fixed bug that caused non-insitu app data encryption to fail in tls13EncodeAppData when using the matrixSslEncodeToOutdata API instead of the more standard matrixSslGetWriteBuf + matrixSslEncodeWritebuf pattern.

                  • -

                • Added new minimal example configurations: tls12-minimal, tls12-minimal-client-ecc, tls13-minimal, tls13-minimal-client-ecc

                  • -

                • When performing TLS 1.2 renegotiation, re-send the original ClientHello cipher list.

                  • -

                • Added the USE_LENIENT_TLS_RECORD_VERSION_MATCHING compatibility option.

                  • -
                • -
              -

              Changes between 4.0.1 and 4.0.2 [February 2019]

              -

              This version fixes a critical vulnerability in RSA signature verification. A maliciously crafted certificate can be used to trigger a stack buffer overflow, allowing potential remote code execution attacks. The vulnerability only affects version 4.0.1 and the standard Matrix Crypto provider. Other providers, such as the FIPS crypto provider, are not affected by the bug. Thanks to Tavis Ormandy for reporting this.

              -

              Changes between 4.0.0 and 4.0.1 [November 2018]

              -

              This version improves the security of RSA PKCS #1.5 signature verification and adds better support for run-time security configuration.

              -
                -

              • TLS:

                -
                  -

                • Added a run-time security callback feature (matrixSslRegisterSecurityCallback). The security callback can allow or deny a cryptographic operation based on the operation type and the key size. Currently only authentication and key exchange operations are supported. The default security callback supports pre-defined security profiles (matrixSslSetSecurityProfile).

                  • -

                • Added an example security profile: WPA3 1.0 Enterprise 192-bit mode restrictions for EAP-TLS.

                  • -

                • Added support for the TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 ciphersuite.

                  • -

                • Changed the way how protocol version IDs are stored internally and rewrote most of the version negotiation code. This is almost entirely an internal code refactoring. To the API user, the only visible change is that version selection APIs now take in an argument of type psProtocolVersion_t instead of int32_t. See the API reference guide for details.

                  • -

                • Refactored ServerKeyExchange signature generation and verification code.

                  • -
                • -

              • Crypto:

                -
                  -

                • Changed from a parsing-based to a comparison-based approach in DigestInfo validation when verifying RSA PKCS #1.5 signatures. There are no known practical attacks against the old code, but the comparison-based approach is theoretically more sound. Thanks to Sze Yiu Chau from Purdue University for pointing this out.

                  • -

                • (MatrixSSL FIPS Edition only:) Fix DH key exchange when using DH parameter files containing optional privateValueLength argument.

                  • -

                • psX509AuthenticateCert now uses the common psVerifySig API for signature verification. Previously, CRLs and certificates used different code paths for signature verification.

                  • -
                • -
              -

              Changes between 3.9.5 and 4.0.0 [August 2018]

              -

              This version adds support for RFC 8446 (TLS 1.3), new APIs for configuring session options as well as fixes to security vulnerabilities.

              -
                -

              • TLS:

                -
                  -
                • Added support for TLS 1.3 (RFC 8446 version) as well as draft versions 23, 24, 26 and 28.
                  • -
                • Supported TLS 1.3 handshake types: -
                    -
                  • Basic handshake with server authentication
                    • -
                  • Incorrect DHE key share (HelloRetryRequest) handshake
                    • -
                  • PSK handshake
                    • -
                  • Resumed handshake
                    • -
                  • 0RTT data handshake
                    • -
                  • -
                • Supported TLS 1.3 ciphersuites: -
                    -
                  • TLS_AES_128_GCM_SHA256
                    • -
                  • TLS_AES_256_GCM_SHA384
                    • -
                  • TLS_CHACHA20_POLY1305_SHA256
                    • -
                  • -
                • Supported key exchange modes in TLS 1.3: -
                    -
                  • DHE with the ffdhe2048, ffdhe3072 and ffdhe4096 groups
                    • -
                  • ECDHE with the P-256, P-384, P-521 and X25519 groups
                    • -
                  • PSK with (EC)DHE
                    • -
                  • PSK only
                    • -
                  • -
                • Supported signature algorithms in TLS 1.3: -
                    -
                  • ECDSA with P-256, P-384 and P-521
                    • -
                  • Ed25519
                    • -
                  • RSASSA-PSS
                    • -
                  • RSA PKCS #1.5 (certificates only)
                    • -
                  • -
                • Supported PKI features in TLS 1.3: -
                    -
                  • X.509 certificates
                    • -
                  • CRLs
                    • -
                  • OCSP stapling
                    • -
                  • -
                • Supported TLS 1.3 extensions: -
                    -
                  • supported_versions
                    • -
                  • supported_groups
                    • -
                  • key_share
                    • -
                  • signature_algorithms
                    • -
                  • signature_algorithms_cert
                    • -
                  • server_name
                    • -
                  • certificate_authorities
                    • -
                  • cookie
                    • -
                  • status_request
                    • -
                  • max_fragment_length
                    • -
                  • -
                • Support for TLS 1.3 record padding
                  • -
                • Fixed several client-side crashes and undefined behaviours on maliciously crafted server messages. The bugs were found using TLS-Attacker. Thanks to Robert Merget from the Ruhr-University Bochum for reporting these.
                  • -
                • Added the matrixSslSessOptsSetServerTlsVersions and matrixSslSessOptsSetClientTlsVersions APIs for selecting the supported protocol versions at run-time. Please consult the API reference for details.
                  • -
                • Added a couple of TLS 1.3 specific APIs: -
                    -
                  • matrixSslSessOptsSetSigAlgsCert
                    • -
                  • matrixSslSessOptsSetKeyExGroups
                    • -
                  • matrixSslGetEarlyDataStatus
                    • -
                  • matrixSslGetMaxEarlyData
                    • -
                  • matrixSslLoadTls13Psks
                    • -
                  • matrixSslSetTls13BlockPadding
                    • -
                  • -
                • Added an API for selecting supported signature algorithms: (usable in both TLS 1.3 and TLS 1.2): -
                    -
                  • matrixSslSessOptsSetSigAlgs
                    • -
                  • -
                • Added new example configurations. The recommended configuration for using TLS 1.3 and below is tls13 (Commercial Edition) or nonfips-tls13 (FIPS Edition)
                  • -
                • Updated and improved the Developer Guide and the MatrixSSL APIs reference document.
                  • -
                • Improved the example client and server programs and fixed bugs.
                  • -
                • Resend user extensions (e.g. SNI) when responding to HelloRequest
                  • -
                • sslTest now allows specifying the ciphersuites and protocol versions to test via environment variables.
                  • -
                • Improvements to identity management, including support for loading multiple identities (key and cert pairs) during initialization and postponed key and cert loading. See the MatrixSSL Developer Guide for details.
                  • -
                • Refactored key loading and protocol version negotiation.
                  • -
                • Fixed server-side signature algorithm selection when the server certificate is signed with a different algorithm (RSA or ECDSA) than the public key contain therein.
                  • -
                • Much improved TLS-level debug prints and logging (tlsTrace.c). USE_SSL_HANDSHAKE_MSG_TRACE now consistently enables messages such as "parsing/creating handshake message X or extension Y". USE_SSL_INFORMATIONAL_TRACE now prints out more details on the contents of handshake messages and extensions.
                  • -
                • Refactored public header files.
                  • -
                • -

              • Crypto:

                -
                  -
                • NCC Group'ss Keegan Ryan has found a side-channel attack affecting multiple cryptographic libraries. The "ROHNP" Key Extraction Side Channel (CVE-2018-0495) has been fixed.
                  • -
                • Added support for Ed25519 signatures in TLS 1.3
                  • -
                • Added support for ECDHE with X25519 in TLS 1.3
                  • -
                • Added algorithm-independent signature and verification APIs: psSign and psVerify.
                  • -
                • Source file reorganization. New new naming scheme aims for better consistency, clarity and makes it easier to ifdef out unneeded features.
                  • -
                • Added psEccWritePrivKeyMem and psEccWritePrivKeyFile the public crypto API
                  • -
                • -

              • X.509 and PKCS standards

                -
                  -
                • Fixed processing of indefinite expiration date (31.12.9999).
                  • -
                • Basic Constraints no longer unconditionally added when generating CSR data
                  • -
                • Session option for requesting subrange of allowed tls versions.
                  • -
                • Specify certificate validity dates when generating certificate.
                  • -
                • Support for reading PKCS #12 and CA certificates from memory (der encoded).
                  • -
                • Support for key usage encipher only and decipher only bits in generating certificate generation.
                  • -
                • Option for MD2/MD4/MD5 signatures compatibility on certificates.
                  • -
                • X.509 certificates allow NIL character at the end of GeneralName field. This is for compatibility with various other products.
                  • -
                • It is now possible to compile X.509 certificate and CSR generation code only ECC or RSA support for smaller footprint.
                  • -
                • Added Ed25519 specific functions such as psEd25519ParsePrivKey, psEd25519Sign, etc.
                  • -
                • -

              • Other changes

                -
                  -
                • Added export.mk, which generates example binary packaging of a previously compiled MatrixSSL package and includes two of the example applications within the package. This package shows how to export MatrixSSL includes and libraries outside the source tree keeping configuration with the includes.
                  • -
                • -

              • Known issues

                -
                  -
                • The TLS 1.3 code has not yet been fully optimized for footprint.
                  • -
                • If the client sends a TLS 1.3 ClientHello with X25519 as the key exchange group, the server downgrades to TLS 1.2 but still wishes to use X25519, the handshake will fail, because MatrixSSL does not yet support X25519 in TLS 1.2 and below.
                  • -
                • -
              - - diff --git a/release_notes-4-5-1-open.html b/release_notes-4-5-1-open.html new file mode 100644 index 0000000..565bdfc --- /dev/null +++ b/release_notes-4-5-1-open.html @@ -0,0 +1,410 @@ +

              MatrixSSL 4.x changelog

              + +

              Changes between 4.5.0 and 4.5.1 [July 2022]

              + +
              * Fix a usage of return value of psX509ParseCert when a flag is set
+
              + +

              Changes between 4.4.0 and 4.5.0 [June 2022]

              + +
              * Enabled RSA SHA512 signature algorithm in TLS1.2 certrequest.
+* Enabled SHA512 in privRsaEncryptSignedElement.
+* Fixed DTLS change cipher spec retransmit epoch.
+* Compilation warning fixes.
+* Memory leak fixes.
+
              + +

              Changes between 4.3.0 and 4.4.0 [December 2021]

              + +
              * Fixed a type mismatch in matrixCmsParseEnvelopedDataBuf.
+* Increased the value of MAX_OID_BYTES to 48.
+* Changes to the handling of the validity time in self generated certs.
+* Fixed a possible vulnerability in parseAuthorityInfoAccess 
+  discovered by Tavis Ormandy (Github issue #44). 
+* Fixed a memory leak in getExplicitExtensions 
+  discovered by Tavis Ormandy (Github issue #43). 
+* Fixed vulnerability in SHA256 intialisation discovered by Marcel Maehren,
+  Philipp Nieting, Sven Hebrok, Robert Merget, Juraj Somorovsky and
+  Jörg Schwenk from Ruhr University Bochum and Paderborn-University.
+* Fixes in cross certificate handling.
+* Fixed a bug in pkcs1Pad.
+* Fixed a bug in psX963KeyDerivation.
+* Fixed the default behaviour when TLS version is not explicitly specified.
+* Fixed compilation errors when using debugging.
+* Memory leak fixes.
+
              + +

              Changes between 4.2.2 and 4.3.0 [June 2020]

              + +
              * Added a constant-time variant of eccMulmod, in response to the Minerva attack.
+* Fixed a possible infinite loop in message parsing discovered by 
+  Andreas Walz (ivESK).
+* Timing sidechannel mitigation (Github issue #23).
+* Change hard coded values to enums in matrixSslLoadKeys (Github issue #35).
+* Disabled TLS 1.3 draft versions by default.
+* Fixes TLS 1.2 session ticket based resumption.
+* May only enable either PS_PUBKEY_OPTIMIZE_FOR_FASTER_SPEED or
+  PS_PUBKEY_OPTIMIZE_FOR_SMALLER_RAM (Github issue #37). 
+* Channel Bindings for TLS (only for TLS 1.2 and below), new APIs added
+    - matrixSslGetFinished
+    - matrixSslGetPeerFinished
+    - matrixSslGetTlsUniqueChannelBindings
+* Added API for accessing MatrixSSL structures without direct access
+  to structure members. Use of this API will slightly enlarge the
+  MatrixSSL binary but will enable building software that is not
+  dependent on exact binary layout of structures such as ssl_t.
+* Fixes the bug when NULL keydata was used in sslLoadKeyPair() function.
+* Other bug fixes.
+
              + +

              Changes between 4.2.1 and 4.2.2 [August 2019]

              + +

              This version fixes a few security issues related to DTLS and +handshake message length. It also defines the size of psBool_t +to be equivalent to bool on both x86 and ARM platforms.

              + +
                +

              • TLS:

                + +
                  +
                • Fixed vulenerabilities and bugs related to DTLS discovered by +Jakub Botwicz (Samsung R&D Poland).
                  • +
                • Limited handshake message length.
                  • +
                • +

              • Crypto

                + +
                  +
                • Added support for parsing public keys in OpenSSL ECC DER/PEM format.
                  • +
                • Fixed support for SHA224 RSA.
                  • +
                • +
              + +

              Changes between 4.2.0 and 4.2.1 [June 2019]

              + +

              This version fixes an out of bounds read in ASN.1 handling +found by Tyler Nighswander (ForAllSecure).

              + +

              Changes between 4.1.0 and 4.2.0 [May 2019]

              + +

              This version adds a compile-time option that allows TLS 1.3 only +builds, adds new getter APIs and fixes several bugs.

              + +
                +

              • TLS:

                + +
                  +
                • Allow TLS 1.3 only builds by introducing the USETLS13ONLY +compile-time option. This significantly reduces the minimum code +footprint of TLS 1.3 builds. The example configuration +tls13-minimal makes use of the new compile-time option.
                  • +
                • Add the matrixSslGetUserPtr API. This getter API should be used +instead of raw access to ssl->userPtr.
                  • +
                • Added the matrixSslGetNegotiatedCiphersuite and +matrixSslGetActiveCiphersuite APIs.
                  • +
                • Added the matrixSslGetMasterSecret API. This API requires the +ENABLEMASTERSECRET_EXPORT compile-time option, which is +disabled by default.
                  • +
                • Completely remove support for TLS record compression (unifdef +USEZLIBCOMPRESSION). TLS record compression is almost never +used in practice due to serious vulnerabilities associated with +the feature (see e.g. the CRIME attack).
                  • +
                • Fixed a bug where decrypting an alert in TLS 1.3 could cause +matrixSslProcessed data to erroneously indicate that there is +more application data to process.
                  • +
                • Allow storing the unparsed certificate DER octets (in the +unparsedBin member of psX509Cert_t) even in TLS 1.3.
                  • +
                • Fix segfault when receiving a server certificate without the +commonName component.
                  • +
                • Fixed handshake failure with some clients that attempted to use +a TLS 1.2 session ticket in a TLS 1.3 connection.
                  • +
                • Fix build error with the USEEXTCERTIFICATEVERIFYSIGNING +compile-time option.
                  • +
                • Fix sslTest failure when using the +USEEXTCERTIFICATEVERIFYSIGNING compile-time option.
                  • +
                • Fix a bug that caused the server to sometimes select a TLS 1.3 +ciphersuite even when TLS 1.2 or below had been negotiated.
                  • +
                • Add Ed25519 test keys and certificates.
                  • +
                • Add Ed25519 testing to sslTest. (Note that Ed25519 is only +supported in TLS 1.3.)
                  • +
                • +

              • Crypto:

                + +
                  +
                • (FIPS Edition only): Fix a bug that prevented verification of +RSA-SHA-1 signatures in FIPS mode. FIPS 140-2 allows +verification of SHA-1 based signatures, but forbids generating +such signatures.
                  • +
                • Store the order of DN attributes in certificate subject and +issuer fields.
                  • +
                • Add an option to the psX509GetOnelineDN API that allows printing +the DN attributes in the original order they were encoded in the +parsed certificate.
                  • +
                • Fix parsing of Ed25519 certificates.
                  • +
                • Fix parsing of ECDSA-SHA224 certificates.
                  • +
                • +
              + +

              Changes between 4.0.2 and 4.1.0 [April 2019]

              + +
                +

              • TLS:

                + +
                  +
                • (RoT Edition only): Added support for Inside Secure VaultIP +(Root-of-Trust) crypto provider.
                  • +
                • Improved the separation of private and public TLS header files +for better private-public separation. The public headers now of +the form matrixsslApi*.h, while private headers are of the form +matrixssllib_*.h.
                  • +
                • Added client-side support for X25519 in TLS 1.2.
                  • +
                • Added client-side support for RSASSA-PSS signatures in TLS 1.2.
                  • +
                • Added support for RSASSA-PSS key/cert pairs.
                  • +
                • Fix vulnerabilities reported by Robert Święcki (discovered using +Hongfuzzer): a server-side heap buffer read overflow when +parsing maliciously crafted ClientHello extensions and a +segfault in TLS 1.2 GCM decryption of maliciously crafted +records with small ciphertext.
                  • +
                • Added the simpleClient.c and simpleServer.c example +applications. These are intended as minimalistic examples of how +to use the top-level TLS API.
                  • +
                • Fixed bugs in matrixSslSessOptsServerTlsVersionRange and +matrixSslSessOptsClientTlsVersionRange.
                  • +
                • Fixed bug that caused non-insitu app data encryption to fail in +tls13EncodeAppData when using the matrixSslEncodeToOutdata API +instead of the more standard matrixSslGetWriteBuf + +matrixSslEncodeWritebuf pattern.
                  • +
                • Added new minimal example configurations: tls12-minimal, +tls12-minimal-client-ecc, tls13-minimal, +tls13-minimal-client-ecc
                  • +
                • When performing TLS 1.2 renegotiation, re-send the original +ClientHello cipher list.
                  • +
                • Added the USELENIENTTLSRECORDVERSION_MATCHING compatibility +option.
                  • +
                • +
              + +

              Changes between 4.0.1 and 4.0.2 [February 2019]

              + +

              This version fixes a critical vulnerability in RSA signature +verification. A maliciously crafted certificate can be used to trigger +a stack buffer overflow, allowing potential remote code execution +attacks. The vulnerability only affects version 4.0.1 and the standard +Matrix Crypto provider. Other providers, such as the FIPS crypto +provider, are not affected by the bug. Thanks to Tavis Ormandy for +reporting this.

              + +

              Changes between 4.0.0 and 4.0.1 [November 2018]

              + +

              This version improves the security of RSA PKCS #1.5 signature +verification and adds better support for run-time security +configuration.

              + +
                +

              • TLS:

                + +
                  +
                • Added a run-time security callback feature +(matrixSslRegisterSecurityCallback). The security callback can +allow or deny a cryptographic operation based on the operation +type and the key size. Currently only authentication and key +exchange operations are supported. The default security callback +supports pre-defined security profiles +(matrixSslSetSecurityProfile).
                  • +
                • Added an example security profile: WPA3 1.0 Enterprise 192-bit +mode restrictions for EAP-TLS.
                  • +
                • Added support for the TLSDHERSAWITHAES256GCM_SHA384 +ciphersuite.
                  • +
                • Changed the way how protocol version IDs are stored internally +and rewrote most of the version negotiation code. This is almost +entirely an internal code refactoring. To the API user, the only +visible change is that version selection APIs now take in an +argument of type psProtocolVersiont instead of int32t. See the +API reference guide for details.
                  • +
                • Refactored ServerKeyExchange signature generation and +verification code.
                  • +
                • +

              • Crypto:

                + +
                  +
                • Changed from a parsing-based to a comparison-based approach in +DigestInfo validation when verifying RSA PKCS #1.5 +signatures. There are no known practical attacks against the old +code, but the comparison-based approach is theoretically more +sound. Thanks to Sze Yiu Chau from Purdue University for +pointing this out.
                  • +
                • (MatrixSSL FIPS Edition only:) Fix DH key exchange when using DH +parameter files containing optional privateValueLength argument.
                  • +
                • psX509AuthenticateCert now uses the common psVerifySig API for +signature verification. Previously, CRLs and certificates used +different code paths for signature verification.
                  • +
                • +
              + +

              Changes between 3.9.5 and 4.0.0 [August 2018]

              + +

              This version adds support for RFC 8446 (TLS 1.3), new APIs for +configuring session options as well as fixes to security +vulnerabilities.

              + +
                +

              • TLS:

                + +
                  +
                • Added support for TLS 1.3 (RFC 8446 version) as well as draft +versions 23, 24, 26 and 28.
                  • +
                • Supported TLS 1.3 handshake types: + +
                    +
                  • Basic handshake with server authentication
                    • +
                  • Incorrect DHE key share (HelloRetryRequest) handshake
                    • +
                  • PSK handshake
                    • +
                  • Resumed handshake
                    • +
                  • 0RTT data handshake
                    • +
                  • +
                • Supported TLS 1.3 ciphersuites: + +
                    +
                  • TLSAES128GCMSHA256
                    • +
                  • TLSAES256GCMSHA384
                    • +
                  • TLSCHACHA20POLY1305_SHA256
                    • +
                  • +
                • Supported key exchange modes in TLS 1.3: + +
                    +
                  • DHE with the ffdhe2048, ffdhe3072 and ffdhe4096 groups
                    • +
                  • ECDHE with the P-256, P-384, P-521 and X25519 groups
                    • +
                  • PSK with (EC)DHE
                    • +
                  • PSK only
                    • +
                  • +
                • Supported signature algorithms in TLS 1.3: + +
                    +
                  • ECDSA with P-256, P-384 and P-521
                    • +
                  • Ed25519
                    • +
                  • RSASSA-PSS
                    • +
                  • RSA PKCS #1.5 (certificates only)
                    • +
                  • +
                • Supported PKI features in TLS 1.3: + +
                    +
                  • X.509 certificates
                    • +
                  • CRLs
                    • +
                  • OCSP stapling
                    • +
                  • +
                • Supported TLS 1.3 extensions: + +
                    +
                  • supported_versions
                    • +
                  • supported_groups
                    • +
                  • key_share
                    • +
                  • signature_algorithms
                    • +
                  • signaturealgorithmscert
                    • +
                  • server_name
                    • +
                  • certificate_authorities
                    • +
                  • cookie
                    • +
                  • status_request
                    • +
                  • maxfragmentlength
                    • +
                  • +
                • Support for TLS 1.3 record padding
                  • +
                • Fixed several client-side crashes and undefined behaviours on +maliciously crafted server messages. The bugs were found using +TLS-Attacker. Thanks to Robert Merget from the Ruhr-University +Bochum for reporting these.
                  • +
                • Added the matrixSslSessOptsSetServerTlsVersions and +matrixSslSessOptsSetClientTlsVersions APIs for selecting the +supported protocol versions at run-time. Please consult the API +reference for details.
                  • +
                • Added a couple of TLS 1.3 specific APIs: + +
                    +
                  • matrixSslSessOptsSetSigAlgsCert
                    • +
                  • matrixSslSessOptsSetKeyExGroups
                    • +
                  • matrixSslGetEarlyDataStatus
                    • +
                  • matrixSslGetMaxEarlyData
                    • +
                  • matrixSslLoadTls13Psks
                    • +
                  • matrixSslSetTls13BlockPadding
                    • +
                  • +
                • Added an API for selecting supported signature algorithms: +(usable in both TLS 1.3 and TLS 1.2): + +
                    +
                  • matrixSslSessOptsSetSigAlgs
                    • +
                  • +
                • Added new example configurations. The recommended configuration +for using TLS 1.3 and below is tls13 (Commercial Edition) or +nonfips-tls13 (FIPS Edition)
                  • +
                • Updated and improved the Developer Guide and the MatrixSSL APIs +reference document.
                  • +
                • Improved the example client and server programs and fixed bugs.
                  • +
                • Resend user extensions (e.g. SNI) when responding to HelloRequest
                  • +
                • sslTest now allows specifying the ciphersuites and protocol +versions to test via environment variables.
                  • +
                • Improvements to identity management, including support for +loading multiple identities (key and cert pairs) during +initialization and postponed key and cert loading. See the +MatrixSSL Developer Guide for details.
                  • +
                • Refactored key loading and protocol version negotiation.
                  • +
                • Fixed server-side signature algorithm selection when the server +certificate is signed with a different algorithm (RSA or ECDSA) +than the public key contain therein.
                  • +
                • Much improved TLS-level debug prints and logging +(tlsTrace.c). USESSLHANDSHAKEMSGTRACE now consistently +enables messages such as "parsing/creating handshake message X +or extension Y". USESSLINFORMATIONAL_TRACE now prints out more +details on the contents of handshake messages and extensions.
                  • +
                • Refactored public header files.
                  • +
                • +

              • Crypto:

                + +
                  +
                • NCC Group'ss Keegan Ryan has found a side-channel attack +affecting multiple cryptographic libraries. The "ROHNP" Key +Extraction Side Channel (CVE-2018-0495) has been fixed.
                  • +
                • Added support for Ed25519 signatures in TLS 1.3
                  • +
                • Added support for ECDHE with X25519 in TLS 1.3
                  • +
                • Added algorithm-independent signature and verification APIs: +psSign and psVerify.
                  • +
                • Source file reorganization. New new naming scheme aims for +better consistency, clarity and makes it easier to ifdef out +unneeded features.
                  • +
                • Added psEccWritePrivKeyMem and psEccWritePrivKeyFile the public +crypto API
                  • +
                • +

              • X.509 and PKCS standards

                + +
                  +
                • Fixed processing of indefinite expiration date (31.12.9999).
                  • +
                • Basic Constraints no longer unconditionally added when generating CSR data
                  • +
                • Session option for requesting subrange of allowed tls versions.
                  • +
                • Specify certificate validity dates when generating certificate.
                  • +
                • Support for reading PKCS #12 and CA certificates from memory +(der encoded).
                  • +
                • Support for key usage encipher only and decipher only bits +in generating certificate generation.
                  • +
                • Option for MD2/MD4/MD5 signatures compatibility on certificates.
                  • +
                • X.509 certificates allow NIL character at the end of GeneralName field. +This is for compatibility with various other products.
                  • +
                • It is now possible to compile X.509 certificate and CSR +generation code only ECC or RSA support for smaller footprint.
                  • +
                • Added Ed25519 specific functions such as psEd25519ParsePrivKey, +psEd25519Sign, etc.
                  • +
                • +

              • Other changes

                + +
                  +
                • Added export.mk, which generates example binary packaging of a +previously compiled MatrixSSL package and includes two of the +example applications within the package. This package shows how +to export MatrixSSL includes and libraries outside the source tree +keeping configuration with the includes.
                  • +
                • +

              • Known issues

                + +
                  +
                • The TLS 1.3 code has not yet been fully optimized for footprint.
                  • +
                • If the client sends a TLS 1.3 ClientHello with X25519 as the key +exchange group, the server downgrades to TLS 1.2 but still +wishes to use X25519, the handshake will fail, because MatrixSSL +does not yet support X25519 in TLS 1.2 and below.
                  • +
                • +
              diff --git a/testkeys/DH/ffdhe2048_DH_PARAMS.h b/testkeys/DH/ffdhe2048_DH_PARAMS.h index 238e650..61702ed 100644 --- a/testkeys/DH/ffdhe2048_DH_PARAMS.h +++ b/testkeys/DH/ffdhe2048_DH_PARAMS.h @@ -6,7 +6,7 @@ */ /***************************************************************************** -* Copyright (c) 2018 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2018 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -17,8 +17,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/testkeys/DH/ffdhe3072_DH_PARAMS.h b/testkeys/DH/ffdhe3072_DH_PARAMS.h index ab7fe7d..01216e9 100644 --- a/testkeys/DH/ffdhe3072_DH_PARAMS.h +++ b/testkeys/DH/ffdhe3072_DH_PARAMS.h @@ -6,7 +6,7 @@ */ /***************************************************************************** -* Copyright (c) 2018 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2018 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -17,8 +17,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/testkeys/DH/ffdhe4096_DH_PARAMS.h b/testkeys/DH/ffdhe4096_DH_PARAMS.h index 04d63a7..c91bc9b 100644 --- a/testkeys/DH/ffdhe4096_DH_PARAMS.h +++ b/testkeys/DH/ffdhe4096_DH_PARAMS.h @@ -6,7 +6,7 @@ */ /***************************************************************************** -* Copyright (c) 2018 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2018 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -17,8 +17,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/testkeys/DH/ffdhe6144_DH_PARAMS.h b/testkeys/DH/ffdhe6144_DH_PARAMS.h index aad8f71..a179b7d 100644 --- a/testkeys/DH/ffdhe6144_DH_PARAMS.h +++ b/testkeys/DH/ffdhe6144_DH_PARAMS.h @@ -6,7 +6,7 @@ */ /***************************************************************************** -* Copyright (c) 2018 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2018 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -17,8 +17,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/testkeys/DH/ffdhe8192_DH_PARAMS.h b/testkeys/DH/ffdhe8192_DH_PARAMS.h index a27e344..1702914 100644 --- a/testkeys/DH/ffdhe8192_DH_PARAMS.h +++ b/testkeys/DH/ffdhe8192_DH_PARAMS.h @@ -6,7 +6,7 @@ */ /***************************************************************************** -* Copyright (c) 2018 INSIDE Secure Oy. All Rights Reserved. +* Copyright (c) 2018 Rambus Inc. All Rights Reserved. * * The latest version of this code is available at http://www.matrixssl.org * @@ -17,8 +17,8 @@ * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a -* commercial license for this software may be purchased from INSIDE at -* http://www.insidesecure.com/ +* commercial license for this software may be purchased from Rambus at +* http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/testkeys/configuration-files/serialNum123.conf b/testkeys/configuration-files/serialNum123.conf new file mode 100644 index 0000000..92fe6f6 --- /dev/null +++ b/testkeys/configuration-files/serialNum123.conf @@ -0,0 +1,11 @@ +ca="1"; +serialNum="123"; +pathLen="3"; +validDays="365"; +algorithm="sha1"; +country="FI"; +organization="MatrixSSL"; +commonName="testing.matrixssl.com"; +organizationalUnit="Testing"; +stateOrProvince="Uusimaa"; +locality="Espoo"; diff --git a/testkeys/configuration-files/serialNumLong.conf b/testkeys/configuration-files/serialNumLong.conf new file mode 100644 index 0000000..b20e0b6 --- /dev/null +++ b/testkeys/configuration-files/serialNumLong.conf @@ -0,0 +1,11 @@ +ca="1"; +serialNum="9999999999999999999999"; +pathLen="3"; +validDays="365"; +algorithm="sha1"; +country="FI"; +organization="MatrixSSL"; +commonName="testing.matrixssl.com"; +organizationalUnit="Testing"; +stateOrProvince="Uusimaa"; +locality="Espoo"; diff --git a/testkeys/configuration-files/serialNumVeryLong.conf b/testkeys/configuration-files/serialNumVeryLong.conf new file mode 100644 index 0000000..e48b929 --- /dev/null +++ b/testkeys/configuration-files/serialNumVeryLong.conf @@ -0,0 +1,11 @@ +ca="1"; +serialNum="36813648611982091966298198764130123498061951520223"; +pathLen="3"; +validDays="365"; +algorithm="sha1"; +country="FI"; +organization="MatrixSSL"; +commonName="testing.matrixssl.com"; +organizationalUnit="Testing"; +stateOrProvince="Uusimaa"; +locality="Espoo"; diff --git a/testkeys/configuration-files/validDays18250.conf b/testkeys/configuration-files/validDays18250.conf new file mode 100644 index 0000000..898b880 --- /dev/null +++ b/testkeys/configuration-files/validDays18250.conf @@ -0,0 +1,11 @@ +ca="1"; +serialNum="123"; +pathLen="3"; +validDays="18250"; +algorithm="sha1"; +country="FI"; +organization="MatrixSSL"; +commonName="testing.matrixssl.com"; +organizationalUnit="Testing"; +stateOrProvince="Uusimaa"; +locality="Espoo"; diff --git a/xcode/client.xcodeproj/project.pbxproj b/xcode/client.xcodeproj/project.pbxproj index 67dbffd..74b93f7 100644 --- a/xcode/client.xcodeproj/project.pbxproj +++ b/xcode/client.xcodeproj/project.pbxproj @@ -102,7 +102,7 @@ isa = PBXProject; attributes = { LastUpgradeCheck = 0640; - ORGANIZATIONNAME = "INSIDE Secure"; + ORGANIZATIONNAME = "Rambus Inc."; TargetAttributes = { DD2B4E911BA8E17B000FD8BC = { CreatedOnToolsVersion = 6.4; diff --git a/xcode/core.xcodeproj/project.pbxproj b/xcode/core.xcodeproj/project.pbxproj index f3237e6..dcef341 100644 --- a/xcode/core.xcodeproj/project.pbxproj +++ b/xcode/core.xcodeproj/project.pbxproj @@ -69,7 +69,7 @@ isa = PBXProject; attributes = { LastUpgradeCheck = 0700; - ORGANIZATIONNAME = "INSIDE Secure"; + ORGANIZATIONNAME = "Rambus Inc."; TargetAttributes = { DD7EB84D1B8D2A83000F7458 = { CreatedOnToolsVersion = 6.4; diff --git a/xcode/crypto.xcodeproj/project.pbxproj b/xcode/crypto.xcodeproj/project.pbxproj index 6c577db..b04acdb 100644 --- a/xcode/crypto.xcodeproj/project.pbxproj +++ b/xcode/crypto.xcodeproj/project.pbxproj @@ -245,7 +245,7 @@ isa = PBXProject; attributes = { LastUpgradeCheck = 0700; - ORGANIZATIONNAME = "INSIDE Secure"; + ORGANIZATIONNAME = "Rambus Inc."; TargetAttributes = { DD11442E1B8D2D7D00721CD4 = { CreatedOnToolsVersion = 6.4; diff --git a/xcode/dtlsClient.xcodeproj/project.pbxproj b/xcode/dtlsClient.xcodeproj/project.pbxproj index 3fe48bc..efc7b05 100644 --- a/xcode/dtlsClient.xcodeproj/project.pbxproj +++ b/xcode/dtlsClient.xcodeproj/project.pbxproj @@ -102,7 +102,7 @@ isa = PBXProject; attributes = { LastUpgradeCheck = 0640; - ORGANIZATIONNAME = "INSIDE Secure"; + ORGANIZATIONNAME = "Rambus Inc."; TargetAttributes = { DD2B4E911BA8E17B000FD8BC = { CreatedOnToolsVersion = 6.4; diff --git a/xcode/dtlsServer.xcodeproj/project.pbxproj b/xcode/dtlsServer.xcodeproj/project.pbxproj index 4873df8..f70585f 100644 --- a/xcode/dtlsServer.xcodeproj/project.pbxproj +++ b/xcode/dtlsServer.xcodeproj/project.pbxproj @@ -102,7 +102,7 @@ isa = PBXProject; attributes = { LastUpgradeCheck = 0700; - ORGANIZATIONNAME = "INSIDE Secure"; + ORGANIZATIONNAME = "Rambus Inc."; TargetAttributes = { DD8B3B831BA91D85008FCF6E = { CreatedOnToolsVersion = 6.4; diff --git a/xcode/matrixssl.xcodeproj/project.pbxproj b/xcode/matrixssl.xcodeproj/project.pbxproj index e31b6ff..0935e1c 100644 --- a/xcode/matrixssl.xcodeproj/project.pbxproj +++ b/xcode/matrixssl.xcodeproj/project.pbxproj @@ -80,7 +80,7 @@ isa = PBXProject; attributes = { LastUpgradeCheck = 0700; - ORGANIZATIONNAME = "INSIDE Secure"; + ORGANIZATIONNAME = "Rambus Inc."; TargetAttributes = { DD1144441B8D2EE600721CD4 = { CreatedOnToolsVersion = 6.4; diff --git a/xcode/server.xcodeproj/project.pbxproj b/xcode/server.xcodeproj/project.pbxproj index 34541b4..320ee85 100644 --- a/xcode/server.xcodeproj/project.pbxproj +++ b/xcode/server.xcodeproj/project.pbxproj @@ -102,7 +102,7 @@ isa = PBXProject; attributes = { LastUpgradeCheck = 0700; - ORGANIZATIONNAME = "INSIDE Secure"; + ORGANIZATIONNAME = "Rambus Inc."; TargetAttributes = { DD8B3B831BA91D85008FCF6E = { CreatedOnToolsVersion = 6.4; diff --git a/xcode/sshServer.xcodeproj/project.pbxproj b/xcode/sshServer.xcodeproj/project.pbxproj index ed05b7f..3903024 100644 --- a/xcode/sshServer.xcodeproj/project.pbxproj +++ b/xcode/sshServer.xcodeproj/project.pbxproj @@ -125,7 +125,7 @@ isa = PBXProject; attributes = { LastUpgradeCheck = 0710; - ORGANIZATIONNAME = "INSIDE Secure"; + ORGANIZATIONNAME = "Rambus Inc."; TargetAttributes = { DD7AB3161B979AF40047DE55 = { CreatedOnToolsVersion = 6.4; diff --git a/xcode/sslTest.xcodeproj/project.pbxproj b/xcode/sslTest.xcodeproj/project.pbxproj index eb3a66e..b0ae230 100644 --- a/xcode/sslTest.xcodeproj/project.pbxproj +++ b/xcode/sslTest.xcodeproj/project.pbxproj @@ -96,7 +96,7 @@ isa = PBXProject; attributes = { LastUpgradeCheck = 0710; - ORGANIZATIONNAME = "INSIDE Secure"; + ORGANIZATIONNAME = "Rambus Inc."; TargetAttributes = { DD11448A1B8D37F700721CD4 = { CreatedOnToolsVersion = 6.4;