Update axtls, and also enable CONFIG_SSL_CTX_MUTEXING to work with mongoose multithread

myaxtls/axtls.cbp

@@ -7,13 +7,14 @@
 		<Option compiler="gcc" />
 		<Build>
 			<Target title="Debug">
-				<Option output="axtls" prefix_auto="1" extension_auto="1" />
+				<Option output="axtls-dbg" prefix_auto="1" extension_auto="1" />
 				<Option working_dir="" />
 				<Option object_output="obj/Debug/" />
 				<Option type="2" />
 				<Option compiler="gcc" />
 				<Option createDefFile="1" />
 				<Compiler>
+					<Add option="-Wall" />
 					<Add option="-g" />
 				</Compiler>
 			</Target>

myaxtls/bigint.c

@@ -1,18 +1,18 @@
 /*
  * Copyright (c) 2007, Cameron Rich
- * 
+ *
  * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without 
+ *
+ * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are met:
  *
- * * Redistributions of source code must retain the above copyright notice, 
+ * * Redistributions of source code must retain the above copyright notice,
  *   this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright notice, 
- *   this list of conditions and the following disclaimer in the documentation 
+ * * Redistributions in binary form must reproduce the above copyright notice,
+ *   this list of conditions and the following disclaimer in the documentation
  *   and/or other materials provided with the distribution.
- * * Neither the name of the axTLS project nor the names of its contributors 
- *   may be used to endorse or promote products derived from this software 
+ * * Neither the name of the axTLS project nor the names of its contributors
+ *   may be used to endorse or promote products derived from this software
  *   without specific prior written permission.
  *
  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
@@ -33,8 +33,8 @@
  * @brief The bigint implementation as used by the axTLS project.
  *
  * The bigint library is for RSA encryption/decryption as well as signing.
- * This code tries to minimise use of malloc/free by maintaining a small 
- * cache. A bigint context may maintain state by being made "permanent". 
+ * This code tries to minimise use of malloc/free by maintaining a small
+ * cache. A bigint context may maintain state by being made "permanent".
  * It be be later released with a bi_depermanent() and bi_free() call.
  *
  * It supports the following reduction techniques:
@@ -99,9 +99,9 @@ BI_CTX *bi_initialize(void)
 {
     /* calloc() sets everything to zero */
     BI_CTX *ctx = (BI_CTX *)calloc(1, sizeof(BI_CTX));
-   
+
     /* the radix */
-    ctx->bi_radix = alloc(ctx, 2); 
+    ctx->bi_radix = alloc(ctx, 2);
     ctx->bi_radix->comps[0] = 0;
     ctx->bi_radix->comps[1] = 1;
     bi_permanent(ctx->bi_radix);
@@ -111,13 +111,13 @@ BI_CTX *bi_initialize(void)
 /**
  * @brief Close the bigint context and free any resources.
  *
- * Free up any used memory - a check is done if all objects were not 
+ * Free up any used memory - a check is done if all objects were not
  * properly freed.
  * @param ctx [in]   The bigint session context.
  */
 void bi_terminate(BI_CTX *ctx)
 {
-    bi_depermanent(ctx->bi_radix); 
+    bi_depermanent(ctx->bi_radix);
     bi_free(ctx, ctx->bi_radix);
 
     if (ctx->active_count != 0)
@@ -142,7 +142,7 @@ void bi_clear_cache(BI_CTX *ctx)
 
     if (ctx->free_list == NULL)
         return;
-    
+
     for (p = ctx->free_list; p != NULL; p = pn)
     {
         pn = p->next;
@@ -155,7 +155,7 @@ void bi_clear_cache(BI_CTX *ctx)
 }
 
 /**
- * @brief Increment the number of references to this object. 
+ * @brief Increment the number of references to this object.
  * It does not do a full copy.
  * @param bi [in]   The bigint to copy.
  * @return A reference to the same bigint.
@@ -207,9 +207,9 @@ void bi_depermanent(bigint *bi)
 }
 
 /**
- * @brief Free a bigint object so it can be used again. 
+ * @brief Free a bigint object so it can be used again.
  *
- * The memory itself it not actually freed, just tagged as being available 
+ * The memory itself it not actually freed, just tagged as being available
  * @param ctx [in]   The bigint session context.
  * @param bi [in]    The bigint to be freed.
  */
@@ -244,7 +244,7 @@ void bi_free(BI_CTX *ctx, bigint *bi)
  * @brief Convert an (unsigned) integer into a bigint.
  * @param ctx [in]   The bigint session context.
  * @param i [in]     The (unsigned) integer to be converted.
- * 
+ *
  */
 bigint *int_to_bi(BI_CTX *ctx, comp i)
 {
@@ -312,7 +312,7 @@ bigint *bi_add(BI_CTX *ctx, bigint *bia, bigint *bib)
  * is_negative may be null.
  * @return The result of the subtraction. The result is always positive.
  */
-bigint *bi_subtract(BI_CTX *ctx, 
+bigint *bi_subtract(BI_CTX *ctx,
         bigint *bia, bigint *bib, int *is_negative)
 {
     int n = bia->size;
@@ -325,7 +325,7 @@ bigint *bi_subtract(BI_CTX *ctx,
     pa = bia->comps;
     pb = bib->comps;
 
-    do 
+    do
     {
         comp sl, rl, cy1;
         sl = *pa - *pb++;
@@ -373,7 +373,7 @@ static bigint *bi_int_multiply(BI_CTX *ctx, bigint *bia, comp b)
 }
 
 /**
- * @brief Does both division and modulo calculations. 
+ * @brief Does both division and modulo calculations.
  *
  * Used extensively when doing classical reduction.
  * @param ctx [in]  The bigint session context.
@@ -447,9 +447,9 @@ bigint *bi_divide(BI_CTX *ctx, bigint *u, bigint *v, int is_mod)
             if (v->size > 1 && V2)
             {
                 /* we are implementing the following:
-                if (V2*q_dash > (((U(0)*COMP_RADIX + U(1) - 
+                if (V2*q_dash > (((U(0)*COMP_RADIX + U(1) -
                         q_dash*V1)*COMP_RADIX) + U(2))) ... */
-                comp inner = (comp)((long_comp)COMP_RADIX*U(0) + U(1) - 
+                comp inner = (comp)((long_comp)COMP_RADIX*U(0) + U(1) -
                                             (long_comp)q_dash*V1);
                 if ((long_comp)V2*q_dash > (long_comp)inner*COMP_RADIX + U(2))
                 {
@@ -462,11 +462,11 @@ bigint *bi_divide(BI_CTX *ctx, bigint *u, bigint *v, int is_mod)
         if (q_dash)
         {
             int is_negative;
-            tmp_u = bi_subtract(ctx, tmp_u, 
+            tmp_u = bi_subtract(ctx, tmp_u,
                     bi_int_multiply(ctx, bi_copy(v), q_dash), &is_negative);
             more_comps(tmp_u, n+1);
 
-            Q(j) = q_dash; 
+            Q(j) = q_dash;
 
             /* add back */
             if (is_negative)
@@ -481,7 +481,7 @@ bigint *bi_divide(BI_CTX *ctx, bigint *u, bigint *v, int is_mod)
         }
         else
         {
-            Q(j) = 0; 
+            Q(j) = 0;
         }
 
         /* copy back to u */
@@ -525,10 +525,10 @@ static bigint *bi_int_divide(BI_CTX *ctx, bigint *biR, comp denom)
 
 #ifdef CONFIG_BIGINT_MONTGOMERY
 /**
- * There is a need for the value of integer N' such that B^-1(B-1)-N^-1N'=1, 
- * where B^-1(B-1) mod N=1. Actually, only the least significant part of 
- * N' is needed, hence the definition N0'=N' mod b. We reproduce below the 
- * simple algorithm from an article by Dusse and Kaliski to efficiently 
+ * There is a need for the value of integer N' such that B^-1(B-1)-N^-1N'=1,
+ * where B^-1(B-1) mod N=1. Actually, only the least significant part of
+ * N' is needed, hence the definition N0'=N' mod b. We reproduce below the
+ * simple algorithm from an article by Dusse and Kaliski to efficiently
  * find N0' from N0 and b */
 static comp modular_inverse(bigint *bim)
 {
@@ -556,7 +556,7 @@ static comp modular_inverse(bigint *bim)
 #if defined(CONFIG_BIGINT_KARATSUBA) || defined(CONFIG_BIGINT_BARRETT) || \
     defined(CONFIG_BIGINT_MONTGOMERY)
 /**
- * Take each component and shift down (in terms of components) 
+ * Take each component and shift down (in terms of components)
  */
 static bigint *comp_right_shift(bigint *biR, int num_shifts)
 {
@@ -583,7 +583,7 @@ static bigint *comp_right_shift(bigint *biR, int num_shifts)
 }
 
 /**
- * Take each component and shift it up (in terms of components) 
+ * Take each component and shift it up (in terms of components)
  */
 static bigint *comp_left_shift(bigint *biR, int num_shifts)
 {
@@ -642,7 +642,7 @@ bigint *bi_import(BI_CTX *ctx, const uint8_t *data, int size)
 
 #ifdef CONFIG_SSL_FULL_MODE
 /**
- * @brief The testharness uses this code to import text hex-streams and 
+ * @brief The testharness uses this code to import text hex-streams and
  * convert them into bigints.
  * @param ctx [in]  The bigint session context.
  * @param data [in] A string consisting of hex characters. The characters must
@@ -690,14 +690,14 @@ void bi_print(const char *label, bigint *x)
             comp num = (x->comps[i] & mask) >> (j*4);
             putc((num <= 9) ? (num + '0') : (num + 'A' - 10), stdout);
         }
-    }  
+    }
 
     printf("\n");
 }
 #endif
 
 /**
- * @brief Take a bigint and convert it into a byte sequence. 
+ * @brief Take a bigint and convert it into a byte sequence.
  *
  * This is useful after a decrypt operation.
  * @param ctx [in]  The bigint session context.
@@ -733,7 +733,7 @@ buf_done:
 }
 
 /**
- * @brief Pre-calculate some of the expensive steps in reduction. 
+ * @brief Pre-calculate some of the expensive steps in reduction.
  *
  * This function should only be called once (normally when a session starts).
  * When the session is over, bi_free_mod() should be called. bi_mod_power()
@@ -771,7 +771,7 @@ void bi_set_mod(BI_CTX *ctx, bigint *bim, int mod_offset)
     ctx->N0_dash[mod_offset] = modular_inverse(ctx->bi_mod[mod_offset]);
 
 #elif defined (CONFIG_BIGINT_BARRETT)
-    ctx->bi_mu[mod_offset] = 
+    ctx->bi_mu[mod_offset] =
         bi_divide(ctx, comp_left_shift(
             bi_clone(ctx, ctx->bi_radix), k*2-1), ctx->bi_mod[mod_offset], 0);
     bi_permanent(ctx->bi_mu[mod_offset]);
@@ -794,21 +794,21 @@ void bi_free_mod(BI_CTX *ctx, int mod_offset)
     bi_free(ctx, ctx->bi_RR_mod_m[mod_offset]);
     bi_free(ctx, ctx->bi_R_mod_m[mod_offset]);
 #elif defined(CONFIG_BIGINT_BARRETT)
-    bi_depermanent(ctx->bi_mu[mod_offset]); 
+    bi_depermanent(ctx->bi_mu[mod_offset]);
     bi_free(ctx, ctx->bi_mu[mod_offset]);
 #endif
-    bi_depermanent(ctx->bi_normalised_mod[mod_offset]); 
+    bi_depermanent(ctx->bi_normalised_mod[mod_offset]);
     bi_free(ctx, ctx->bi_normalised_mod[mod_offset]);
 }
 
-/** 
+/**
  * Perform a standard multiplication between two bigints.
  *
  * Barrett reduction has no need for some parts of the product, so ignore bits
  * of the multiply. This routine gives Barrett its big performance
- * improvements over Classical/Montgomery reduction methods. 
+ * improvements over Classical/Montgomery reduction methods.
  */
-static bigint *regular_multiply(BI_CTX *ctx, bigint *bia, bigint *bib, 
+static bigint *regular_multiply(BI_CTX *ctx, bigint *bia, bigint *bib,
         int inner_partial, int outer_partial)
 {
     int i = 0, j;
@@ -825,7 +825,7 @@ static bigint *regular_multiply(BI_CTX *ctx, bigint *bia, bigint *bib,
     /* clear things to start with */
     memset(biR->comps, 0, ((n+t)*COMP_BYTE_SIZE));
 
-    do 
+    do
     {
         long_comp tmp;
         comp carry = 0;
@@ -840,7 +840,7 @@ static bigint *regular_multiply(BI_CTX *ctx, bigint *bia, bigint *bib,
 
         do
         {
-            if (inner_partial && r_index >= inner_partial) 
+            if (inner_partial && r_index >= inner_partial)
             {
                 break;
             }
@@ -860,9 +860,9 @@ static bigint *regular_multiply(BI_CTX *ctx, bigint *bia, bigint *bib,
 
 #ifdef CONFIG_BIGINT_KARATSUBA
 /*
- * Karatsuba improves on regular multiplication due to only 3 multiplications 
- * being done instead of 4. The additional additions/subtractions are O(N) 
- * rather than O(N^2) and so for big numbers it saves on a few operations 
+ * Karatsuba improves on regular multiplication due to only 3 multiplications
+ * being done instead of 4. The additional additions/subtractions are O(N)
+ * rather than O(N^2) and so for big numbers it saves on a few operations
  */
 static bigint *karatsuba(BI_CTX *ctx, bigint *bia, bigint *bib, int is_square)
 {
@@ -906,7 +906,7 @@ static bigint *karatsuba(BI_CTX *ctx, bigint *bia, bigint *bib, int is_square)
         p1 = bi_multiply(ctx, bi_add(ctx, x0, x1), bi_add(ctx, y0, y1));
     }
 
-    p1 = bi_subtract(ctx, 
+    p1 = bi_subtract(ctx,
             bi_subtract(ctx, p1, bi_copy(p2), NULL), bi_copy(p0), NULL);
 
     comp_left_shift(p1, m);
@@ -1004,7 +1004,7 @@ bigint *bi_square(BI_CTX *ctx, bigint *bia)
     check(bia);
 
 #ifdef CONFIG_BIGINT_KARATSUBA
-    if (bia->size < SQU_KARATSUBA_THRESH) 
+    if (bia->size < SQU_KARATSUBA_THRESH)
     {
         return regular_square(ctx, bia);
     }
@@ -1035,25 +1035,25 @@ int bi_compare(bigint *bia, bigint *bib)
         r = -1;
     else
     {
-        comp *a = bia->comps; 
-        comp *b = bib->comps; 
+        comp *a = bia->comps;
+        comp *b = bib->comps;
 
         /* Same number of components.  Compare starting from the high end
          * and working down. */
         r = 0;
         i = bia->size - 1;
 
-        do 
+        do
         {
             if (a[i] > b[i])
-            { 
+            {
                 r = 1;
-                break; 
+                break;
             }
             else if (a[i] < b[i])
-            { 
+            {
                 r = -1;
-                break; 
+                break;
             }
         } while (--i >= 0);
     }
@@ -1062,7 +1062,7 @@ int bi_compare(bigint *bia, bigint *bib)
 }
 
 /*
- * Allocate and zero more components.  Does not consume bi. 
+ * Allocate and zero more components.  Does not consume bi.
  */
 static void more_comps(bigint *bi, int n)
 {
@@ -1244,7 +1244,7 @@ bigint *bi_mont(BI_CTX *ctx, bigint *bixy)
 #elif defined(CONFIG_BIGINT_BARRETT)
 /*
  * Stomp on the most significant components to give the illusion of a "mod base
- * radix" operation 
+ * radix" operation
  */
 static bigint *comp_mod(bigint *bi, int mod)
 {
@@ -1283,7 +1283,7 @@ bigint *bi_barrett(BI_CTX *ctx, bigint *bi)
     q1 = comp_right_shift(bi_clone(ctx, bi), k-1);
 
     /* do outer partial multiply */
-    q2 = regular_multiply(ctx, q1, ctx->bi_mu[mod_offset], 0, k-1); 
+    q2 = regular_multiply(ctx, q1, ctx->bi_mu[mod_offset], 0, k-1);
     q3 = comp_right_shift(q2, k+1);
     r1 = comp_mod(bi, k+1);
 
@@ -1303,7 +1303,7 @@ bigint *bi_barrett(BI_CTX *ctx, bigint *bi)
 
 #ifdef CONFIG_BIGINT_SLIDING_WINDOW
 /*
- * Work out g1, g3, g5, g7... etc for the sliding-window algorithm 
+ * Work out g1, g3, g5, g7... etc for the sliding-window algorithm
  */
 static void precompute_slide_window(BI_CTX *ctx, int window, bigint *g1)
 {
@@ -1334,7 +1334,7 @@ static void precompute_slide_window(BI_CTX *ctx, int window, bigint *g1)
 /**
  * @brief Perform a modular exponentiation.
  *
- * This function requires bi_set_mod() to have been called previously. This is 
+ * This function requires bi_set_mod() to have been called previously. This is
  * one of the optimisations used for performance.
  * @param ctx [in]  The bigint session context.
  * @param bi  [in]  The bigint on which to perform the mod power operation.
@@ -1352,7 +1352,7 @@ bigint *bi_mod_power(BI_CTX *ctx, bigint *bi, bigint *biexp)
     if (!ctx->use_classical)
     {
         /* preconvert */
-        bi = bi_mont(ctx, 
+        bi = bi_mont(ctx,
                 bi_multiply(ctx, bi, ctx->bi_RR_mod_m[mod_offset]));    /* x' */
         bi_free(ctx, biR);
         biR = ctx->bi_R_mod_m[mod_offset];                              /* A */
@@ -1413,7 +1413,7 @@ bigint *bi_mod_power(BI_CTX *ctx, bigint *bi, bigint *biexp)
             i--;
         }
     } while (i >= 0);
-     
+
     /* cleanup */
     for (i = 0; i < ctx->window; i++)
     {
@@ -1454,8 +1454,8 @@ bigint *bi_mod_power2(BI_CTX *ctx, bigint *bi, bigint *bim, bigint *biexp)
      * doing peer verification, and so is not expensive :-) */
     BI_CTX *tmp_ctx = bi_initialize();
     bi_set_mod(tmp_ctx, bi_clone(tmp_ctx, bim), BIGINT_M_OFFSET);
-    tmp_biR = bi_mod_power(tmp_ctx, 
-                bi_clone(tmp_ctx, bi), 
+    tmp_biR = bi_mod_power(tmp_ctx,
+                bi_clone(tmp_ctx, bi),
                 bi_clone(tmp_ctx, biexp));
     biR = bi_clone(ctx, tmp_biR);
     bi_free(tmp_ctx, tmp_biR);

myaxtls/cert.h

@@ -1,70 +1,43 @@
-unsigned char default_certificate[] = {
-  0x30, 0x82, 0x03, 0x1a, 0x30, 0x82, 0x02, 0xc4, 0xa0, 0x03, 0x02, 0x01,
-  0x02, 0x02, 0x09, 0x00, 0xff, 0xcc, 0xec, 0x95, 0x69, 0xdc, 0x45, 0x8b,
-  0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
-  0x05, 0x05, 0x00, 0x30, 0x81, 0x92, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03,
-  0x55, 0x04, 0x06, 0x13, 0x02, 0x45, 0x53, 0x31, 0x0f, 0x30, 0x0d, 0x06,
-  0x03, 0x55, 0x04, 0x08, 0x13, 0x06, 0x4d, 0x61, 0x6c, 0x61, 0x67, 0x61,
-  0x31, 0x0f, 0x30, 0x0d, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x06, 0x4d,
-  0x61, 0x6c, 0x61, 0x67, 0x61, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55,
-  0x04, 0x0a, 0x13, 0x0b, 0x44, 0x41, 0x44, 0x42, 0x49, 0x5a, 0x20, 0x49,
-  0x6e, 0x63, 0x2e, 0x31, 0x0f, 0x30, 0x0d, 0x06, 0x03, 0x55, 0x04, 0x0b,
-  0x13, 0x06, 0x4f, 0x75, 0x72, 0x42, 0x69, 0x7a, 0x31, 0x19, 0x30, 0x17,
-  0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x10, 0x6f, 0x75, 0x72, 0x62, 0x69,
-  0x7a, 0x2e, 0x64, 0x61, 0x64, 0x62, 0x69, 0x7a, 0x2e, 0x65, 0x73, 0x31,
-  0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
-  0x09, 0x01, 0x16, 0x10, 0x6f, 0x75, 0x72, 0x62, 0x69, 0x7a, 0x40, 0x64,
-  0x61, 0x64, 0x62, 0x69, 0x7a, 0x2e, 0x65, 0x73, 0x30, 0x1e, 0x17, 0x0d,
-  0x31, 0x32, 0x30, 0x37, 0x31, 0x39, 0x32, 0x32, 0x33, 0x34, 0x34, 0x31,
-  0x5a, 0x17, 0x0d, 0x34, 0x35, 0x30, 0x35, 0x32, 0x37, 0x32, 0x32, 0x33,
-  0x34, 0x34, 0x31, 0x5a, 0x30, 0x81, 0x92, 0x31, 0x0b, 0x30, 0x09, 0x06,
-  0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x45, 0x53, 0x31, 0x0f, 0x30, 0x0d,
-  0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x06, 0x4d, 0x61, 0x6c, 0x61, 0x67,
-  0x61, 0x31, 0x0f, 0x30, 0x0d, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x06,
-  0x4d, 0x61, 0x6c, 0x61, 0x67, 0x61, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03,
-  0x55, 0x04, 0x0a, 0x13, 0x0b, 0x44, 0x41, 0x44, 0x42, 0x49, 0x5a, 0x20,
-  0x49, 0x6e, 0x63, 0x2e, 0x31, 0x0f, 0x30, 0x0d, 0x06, 0x03, 0x55, 0x04,
-  0x0b, 0x13, 0x06, 0x4f, 0x75, 0x72, 0x42, 0x69, 0x7a, 0x31, 0x19, 0x30,
-  0x17, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x10, 0x6f, 0x75, 0x72, 0x62,
-  0x69, 0x7a, 0x2e, 0x64, 0x61, 0x64, 0x62, 0x69, 0x7a, 0x2e, 0x65, 0x73,
-  0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
-  0x01, 0x09, 0x01, 0x16, 0x10, 0x6f, 0x75, 0x72, 0x62, 0x69, 0x7a, 0x40,
-  0x64, 0x61, 0x64, 0x62, 0x69, 0x7a, 0x2e, 0x65, 0x73, 0x30, 0x5c, 0x30,
-  0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
-  0x05, 0x00, 0x03, 0x4b, 0x00, 0x30, 0x48, 0x02, 0x41, 0x00, 0xf3, 0x0b,
-  0xcc, 0x40, 0x70, 0x40, 0x2f, 0xb0, 0x0b, 0xf9, 0x4a, 0x39, 0xf0, 0xcf,
-  0xd3, 0x85, 0xb8, 0x0b, 0x03, 0x42, 0xeb, 0xbb, 0x5a, 0xd7, 0xcb, 0x2d,
-  0x4e, 0x03, 0xff, 0xa9, 0xb3, 0xd3, 0xfc, 0x4c, 0x96, 0x61, 0xd6, 0xdf,
-  0xc5, 0xb9, 0x14, 0xea, 0x23, 0x6b, 0xf1, 0x02, 0x5b, 0xd6, 0x05, 0x46,
-  0xf6, 0xb8, 0x36, 0xb3, 0xdb, 0xe7, 0x80, 0x57, 0xa8, 0xf3, 0x37, 0x5f,
-  0xab, 0x57, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x81, 0xfa, 0x30, 0x81,
-  0xf7, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14,
-  0x95, 0xbb, 0x63, 0x95, 0x5f, 0x2e, 0x83, 0x18, 0xd6, 0xb2, 0x3d, 0xba,
-  0xcb, 0xcb, 0x49, 0x84, 0x8b, 0xd1, 0x14, 0x04, 0x30, 0x81, 0xc7, 0x06,
-  0x03, 0x55, 0x1d, 0x23, 0x04, 0x81, 0xbf, 0x30, 0x81, 0xbc, 0x80, 0x14,
-  0x95, 0xbb, 0x63, 0x95, 0x5f, 0x2e, 0x83, 0x18, 0xd6, 0xb2, 0x3d, 0xba,
-  0xcb, 0xcb, 0x49, 0x84, 0x8b, 0xd1, 0x14, 0x04, 0xa1, 0x81, 0x98, 0xa4,
-  0x81, 0x95, 0x30, 0x81, 0x92, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55,
-  0x04, 0x06, 0x13, 0x02, 0x45, 0x53, 0x31, 0x0f, 0x30, 0x0d, 0x06, 0x03,
-  0x55, 0x04, 0x08, 0x13, 0x06, 0x4d, 0x61, 0x6c, 0x61, 0x67, 0x61, 0x31,
-  0x0f, 0x30, 0x0d, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x06, 0x4d, 0x61,
-  0x6c, 0x61, 0x67, 0x61, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04,
-  0x0a, 0x13, 0x0b, 0x44, 0x41, 0x44, 0x42, 0x49, 0x5a, 0x20, 0x49, 0x6e,
-  0x63, 0x2e, 0x31, 0x0f, 0x30, 0x0d, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13,
-  0x06, 0x4f, 0x75, 0x72, 0x42, 0x69, 0x7a, 0x31, 0x19, 0x30, 0x17, 0x06,
-  0x03, 0x55, 0x04, 0x03, 0x13, 0x10, 0x6f, 0x75, 0x72, 0x62, 0x69, 0x7a,
-  0x2e, 0x64, 0x61, 0x64, 0x62, 0x69, 0x7a, 0x2e, 0x65, 0x73, 0x31, 0x1f,
-  0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09,
-  0x01, 0x16, 0x10, 0x6f, 0x75, 0x72, 0x62, 0x69, 0x7a, 0x40, 0x64, 0x61,
-  0x64, 0x62, 0x69, 0x7a, 0x2e, 0x65, 0x73, 0x82, 0x09, 0x00, 0xff, 0xcc,
-  0xec, 0x95, 0x69, 0xdc, 0x45, 0x8b, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d,
-  0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0d, 0x06, 0x09,
-  0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03,
-  0x41, 0x00, 0xac, 0x01, 0x9f, 0xb1, 0xb6, 0xf6, 0xdc, 0xd5, 0x7d, 0x15,
-  0x37, 0x35, 0xf7, 0xd8, 0x51, 0x9e, 0x1e, 0xef, 0x3c, 0x65, 0x3b, 0x1c,
-  0x65, 0x98, 0x6f, 0xa0, 0x91, 0x47, 0x61, 0x73, 0xec, 0x82, 0xa4, 0x58,
-  0xbe, 0x54, 0xf6, 0x4b, 0x7b, 0xbc, 0x8c, 0x32, 0x57, 0x37, 0x89, 0x8e,
-  0x1b, 0xf8, 0x12, 0xb5, 0xc0, 0x0a, 0x1e, 0xa3, 0x48, 0x3b, 0x0c, 0x47,
-  0x0b, 0x78, 0xb5, 0xb2, 0xd2, 0xe2
-};
-unsigned int default_certificate_len = 798;
+unsigned char default_certificate[] = {
+  0x30, 0x82, 0x01, 0xd7, 0x30, 0x82, 0x01, 0x40, 0x02, 0x09, 0x00, 0xa6,
+  0xb9, 0x3f, 0xfc, 0xa1, 0x60, 0x9c, 0x15, 0x30, 0x0d, 0x06, 0x09, 0x2a,
+  0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x34,
+  0x31, 0x32, 0x30, 0x30, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x29, 0x61,
+  0x78, 0x54, 0x4c, 0x53, 0x20, 0x50, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74,
+  0x20, 0x44, 0x6f, 0x64, 0x67, 0x79, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69,
+  0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f,
+  0x72, 0x69, 0x74, 0x79, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x36, 0x30, 0x33,
+  0x32, 0x30, 0x32, 0x30, 0x35, 0x39, 0x31, 0x31, 0x5a, 0x17, 0x0d, 0x32,
+  0x39, 0x31, 0x31, 0x32, 0x37, 0x32, 0x30, 0x35, 0x39, 0x31, 0x31, 0x5a,
+  0x30, 0x2c, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13,
+  0x0d, 0x61, 0x78, 0x54, 0x4c, 0x53, 0x20, 0x50, 0x72, 0x6f, 0x6a, 0x65,
+  0x63, 0x74, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
+  0x09, 0x31, 0x32, 0x37, 0x2e, 0x30, 0x2e, 0x30, 0x2e, 0x31, 0x30, 0x81,
+  0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
+  0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02,
+  0x81, 0x81, 0x00, 0xdc, 0x49, 0xa6, 0xe0, 0x4a, 0x8a, 0x2b, 0x2d, 0x11,
+  0xf1, 0xc6, 0x3b, 0x39, 0x48, 0xd0, 0xd3, 0x2d, 0x65, 0xdf, 0x9b, 0x40,
+  0xb7, 0xbe, 0xa3, 0x11, 0xbc, 0x43, 0xd0, 0x58, 0x0d, 0x7a, 0x48, 0xb0,
+  0x51, 0x15, 0x17, 0xa9, 0xa2, 0x9e, 0x9c, 0x9f, 0x1a, 0x0f, 0xee, 0xe2,
+  0x00, 0x5f, 0xed, 0x90, 0x6b, 0x98, 0xa9, 0xe6, 0x4e, 0x67, 0x87, 0xb2,
+  0x10, 0x5c, 0xff, 0xc4, 0x46, 0x85, 0x40, 0x20, 0x92, 0xef, 0xe1, 0xbc,
+  0x89, 0x4a, 0xc9, 0xa1, 0xeb, 0xfc, 0xe5, 0x67, 0x13, 0x0c, 0xdb, 0x53,
+  0x59, 0x49, 0xd5, 0x9c, 0x4d, 0x4d, 0x8b, 0x68, 0xb6, 0x99, 0xdf, 0x6b,
+  0xec, 0x26, 0xd5, 0x9d, 0x3b, 0xc0, 0x2e, 0xc4, 0xce, 0xca, 0x13, 0xbb,
+  0x27, 0xdd, 0x51, 0xf3, 0x7b, 0x0c, 0xd4, 0xe6, 0xd1, 0x18, 0xd2, 0xa9,
+  0xae, 0xc5, 0x6f, 0x88, 0x4c, 0xce, 0x77, 0x19, 0x36, 0x48, 0x5b, 0x02,
+  0x03, 0x01, 0x00, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
+  0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x81, 0x81, 0x00, 0x17,
+  0xa3, 0x1d, 0xdc, 0x7c, 0x54, 0xa9, 0x03, 0xe4, 0x32, 0x0c, 0x73, 0x0a,
+  0x8f, 0x36, 0x5d, 0xd4, 0x25, 0x8f, 0x61, 0xf0, 0x12, 0xfd, 0x8f, 0xb0,
+  0x30, 0xb5, 0x49, 0x00, 0x6d, 0x01, 0x41, 0xc3, 0x71, 0x43, 0xe9, 0x91,
+  0x56, 0x54, 0x1a, 0xdb, 0xaa, 0xd7, 0xec, 0xab, 0xc8, 0xa0, 0x21, 0x6f,
+  0x71, 0x50, 0x31, 0x55, 0xe0, 0x8c, 0xa1, 0x9d, 0xb7, 0x85, 0x83, 0xbd,
+  0xff, 0xd0, 0x75, 0xdb, 0xb2, 0x71, 0x4b, 0x52, 0x8c, 0xf2, 0x08, 0x9b,
+  0x2f, 0x07, 0xa4, 0x07, 0x31, 0x9d, 0xa2, 0x66, 0x77, 0xf2, 0x11, 0x07,
+  0x7a, 0x2f, 0xa8, 0xdc, 0xf0, 0xec, 0x59, 0x8d, 0x96, 0xe4, 0x70, 0x96,
+  0xf6, 0x8a, 0xce, 0x1c, 0x62, 0xe2, 0x64, 0x86, 0x7d, 0x4d, 0x71, 0xe1,
+  0x95, 0xa2, 0xd8, 0xe3, 0xd4, 0x83, 0xbb, 0x89, 0x84, 0x0a, 0x00, 0x6e,
+  0x5e, 0xd0, 0x8a, 0xf4, 0x20, 0x93, 0xc8
+};
+unsigned int default_certificate_len = 475;

myaxtls/config.h

@@ -273,7 +273,8 @@
 //
 //        The default is to allow one certificate + 1 certificate in the chain
 //        (which may be the certificate authority certificate).
-//
+//
+#define CONFIG_SSL_CTX_MUTEXING 1
 //config CONFIG_SSL_CTX_MUTEXING
 //    bool "Enable SSL_CTX mutexing"
 //    default n

myaxtls/gen_cert.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2007, Cameron Rich
+ * Copyright (c) 2007-2014, Cameron Rich
  * 
  * All rights reserved.
  * 
@@ -142,7 +142,7 @@ static int gen_dn(const char *name, uint8_t dn_type,
     buf[(*offset)++] = dn_type;
     buf[(*offset)++] = ASN1_PRINTABLE_STR;
     buf[(*offset)++] = name_size;
-    strcpy(&buf[*offset], name);
+    strcpy((char *)&buf[*offset], name);
     *offset += name_size;
 
 error:
@@ -165,7 +165,13 @@ static int gen_issuer(const char * dn[], uint8_t *buf, int *offset)
         gethostname(fqdn, sizeof(fqdn));
         fqdn_len = strlen(fqdn);
         fqdn[fqdn_len++] = '.';
-        getdomainname(&fqdn[fqdn_len], sizeof(fqdn)-fqdn_len);
+
+        if (getdomainname(&fqdn[fqdn_len], sizeof(fqdn)-fqdn_len) < 0)
+        {
+            ret = X509_NOT_OK;
+            goto error;
+        }
+
         fqdn_len = strlen(fqdn);
 
         if (fqdn[fqdn_len-1] == '.')    /* ensure '.' is not last char */

myaxtls/loader.c

@@ -1,6 +1,6 @@
 /*
- * Copyright (c) 2007, Cameron Rich
- *
+ * Copyright (c) 2007-2014, Cameron Rich
+ * 
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

myaxtls/os_port.h

@@ -1,6 +1,6 @@
 /*
- * Copyright (c) 2007, Cameron Rich
- *
+ * Copyright (c) 2007-2015, Cameron Rich
+ * 
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -42,6 +42,7 @@ extern "C" {
 #endif
 
 #include "os_int.h"
+#include "config.h"
 #include <stdio.h>
 
 #if defined(WIN32)
@@ -163,6 +164,7 @@ EXP_FUNC int STDCALL getdomainname(char *buf, int buf_size);
 #include <sys/wait.h>
 #include <netinet/in.h>
 #include <arpa/inet.h>
+#include <asm/byteorder.h>
 
 #define SOCKET_READ(A,B,C)      read(A,B,C)
 #define SOCKET_WRITE(A,B,C)     write(A,B,C)
@@ -171,6 +173,10 @@ EXP_FUNC int STDCALL getdomainname(char *buf, int buf_size);
                                 fcntl(A, F_SETFL, fd & ~O_NONBLOCK)
 #define TTY_FLUSH()
 
+#ifndef be64toh
+#define be64toh(x) __be64_to_cpu(x)
+#endif
+
 #endif  /* Not Win32 */
 
 /* some functions to mutate the way these work */

myaxtls/private_key.h

@@ -1,30 +1,54 @@
-unsigned char default_private_key[] = {
-  0x30, 0x82, 0x01, 0x3a, 0x02, 0x01, 0x00, 0x02, 0x41, 0x00, 0xf3, 0x0b,
-  0xcc, 0x40, 0x70, 0x40, 0x2f, 0xb0, 0x0b, 0xf9, 0x4a, 0x39, 0xf0, 0xcf,
-  0xd3, 0x85, 0xb8, 0x0b, 0x03, 0x42, 0xeb, 0xbb, 0x5a, 0xd7, 0xcb, 0x2d,
-  0x4e, 0x03, 0xff, 0xa9, 0xb3, 0xd3, 0xfc, 0x4c, 0x96, 0x61, 0xd6, 0xdf,
-  0xc5, 0xb9, 0x14, 0xea, 0x23, 0x6b, 0xf1, 0x02, 0x5b, 0xd6, 0x05, 0x46,
-  0xf6, 0xb8, 0x36, 0xb3, 0xdb, 0xe7, 0x80, 0x57, 0xa8, 0xf3, 0x37, 0x5f,
-  0xab, 0x57, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x41, 0x00, 0xbb, 0xe3,
-  0x9a, 0xfb, 0x15, 0xcc, 0x09, 0x11, 0xa7, 0xb0, 0x08, 0x59, 0xd2, 0x78,
-  0x57, 0xa5, 0x40, 0x2a, 0x03, 0x53, 0x70, 0xb9, 0x5d, 0xf9, 0x04, 0xf0,
-  0xf9, 0x26, 0xce, 0x36, 0x7a, 0xf5, 0x1c, 0x9d, 0x64, 0x6c, 0x09, 0xe2,
-  0xf8, 0x8c, 0x1c, 0x04, 0xb7, 0x34, 0xc3, 0x38, 0x92, 0xb8, 0x23, 0x58,
-  0x7c, 0xaa, 0x31, 0xe0, 0xa5, 0x0d, 0x88, 0xb5, 0xc4, 0x5a, 0xf4, 0xf6,
-  0x42, 0xc1, 0x02, 0x21, 0x00, 0xfc, 0x35, 0x4e, 0xac, 0x2f, 0xb5, 0xfd,
-  0x40, 0xa5, 0x84, 0xc1, 0xbe, 0x13, 0x82, 0xbb, 0x83, 0x8c, 0x16, 0x63,
-  0x17, 0xcc, 0xed, 0x34, 0xa6, 0x55, 0xaa, 0x15, 0xa7, 0x3a, 0x1a, 0x4b,
-  0x83, 0x02, 0x21, 0x00, 0xf6, 0xb3, 0x3a, 0x3d, 0xce, 0x8a, 0x57, 0x7e,
-  0x07, 0xe8, 0x94, 0x33, 0x5e, 0xe8, 0x17, 0x14, 0xf5, 0x87, 0x3e, 0x71,
-  0x01, 0x10, 0xcb, 0x7b, 0xa1, 0x43, 0x51, 0x52, 0x92, 0x58, 0x74, 0x9d,
-  0x02, 0x20, 0x4c, 0xc3, 0x40, 0xd5, 0xc1, 0x93, 0xc7, 0xa8, 0x24, 0x78,
-  0xba, 0xab, 0x4a, 0xae, 0xf0, 0xb9, 0xc2, 0x2a, 0x92, 0x30, 0x8d, 0x4b,
-  0xe9, 0x49, 0x73, 0x2b, 0x58, 0x79, 0xd4, 0x82, 0x6a, 0x57, 0x02, 0x20,
-  0x45, 0xbe, 0xa5, 0xd8, 0x93, 0x6b, 0xc9, 0x10, 0x78, 0x6b, 0xe8, 0x7a,
-  0x1d, 0x7a, 0xc0, 0x0b, 0xcc, 0xde, 0x4f, 0x68, 0xe3, 0x44, 0x3c, 0x42,
-  0xd7, 0x74, 0x90, 0xa9, 0x27, 0x76, 0x9a, 0x81, 0x02, 0x20, 0x2d, 0x7f,
-  0xc5, 0xde, 0xce, 0xe9, 0x17, 0x8d, 0x1c, 0xd6, 0x57, 0x8b, 0xd9, 0x30,
-  0xd6, 0x34, 0x15, 0x9a, 0xa2, 0x5a, 0xa3, 0xb3, 0x4f, 0x95, 0x34, 0x52,
-  0xb7, 0x4a, 0x65, 0x0c, 0x05, 0xa9
-};
-unsigned int default_private_key_len = 318;
+unsigned char default_private_key[] = {
+  0x30, 0x82, 0x02, 0x5d, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xdc,
+  0x49, 0xa6, 0xe0, 0x4a, 0x8a, 0x2b, 0x2d, 0x11, 0xf1, 0xc6, 0x3b, 0x39,
+  0x48, 0xd0, 0xd3, 0x2d, 0x65, 0xdf, 0x9b, 0x40, 0xb7, 0xbe, 0xa3, 0x11,
+  0xbc, 0x43, 0xd0, 0x58, 0x0d, 0x7a, 0x48, 0xb0, 0x51, 0x15, 0x17, 0xa9,
+  0xa2, 0x9e, 0x9c, 0x9f, 0x1a, 0x0f, 0xee, 0xe2, 0x00, 0x5f, 0xed, 0x90,
+  0x6b, 0x98, 0xa9, 0xe6, 0x4e, 0x67, 0x87, 0xb2, 0x10, 0x5c, 0xff, 0xc4,
+  0x46, 0x85, 0x40, 0x20, 0x92, 0xef, 0xe1, 0xbc, 0x89, 0x4a, 0xc9, 0xa1,
+  0xeb, 0xfc, 0xe5, 0x67, 0x13, 0x0c, 0xdb, 0x53, 0x59, 0x49, 0xd5, 0x9c,
+  0x4d, 0x4d, 0x8b, 0x68, 0xb6, 0x99, 0xdf, 0x6b, 0xec, 0x26, 0xd5, 0x9d,
+  0x3b, 0xc0, 0x2e, 0xc4, 0xce, 0xca, 0x13, 0xbb, 0x27, 0xdd, 0x51, 0xf3,
+  0x7b, 0x0c, 0xd4, 0xe6, 0xd1, 0x18, 0xd2, 0xa9, 0xae, 0xc5, 0x6f, 0x88,
+  0x4c, 0xce, 0x77, 0x19, 0x36, 0x48, 0x5b, 0x02, 0x03, 0x01, 0x00, 0x01,
+  0x02, 0x81, 0x81, 0x00, 0xbf, 0x6c, 0xa9, 0x3c, 0xc2, 0xc9, 0x6a, 0x57,
+  0x91, 0xfe, 0x5d, 0x5a, 0x5d, 0x9f, 0x2f, 0x08, 0x33, 0xad, 0x11, 0x30,
+  0xa2, 0x7e, 0x89, 0x84, 0xbf, 0x06, 0xb0, 0x8f, 0x3d, 0xd5, 0x08, 0x6c,
+  0x5d, 0xfb, 0x37, 0xaf, 0x06, 0x54, 0x30, 0x2c, 0xbd, 0xfd, 0x31, 0xd7,
+  0x4e, 0x41, 0x31, 0x1b, 0x09, 0xa2, 0xd6, 0x58, 0xdd, 0xaf, 0x48, 0x3c,
+  0x1c, 0xba, 0x27, 0x76, 0x82, 0xa3, 0x1d, 0x6a, 0x4d, 0x8f, 0x64, 0x85,
+  0xf5, 0x1f, 0xa7, 0x1b, 0xbb, 0x93, 0xc1, 0xc9, 0xd4, 0x1b, 0x1f, 0x35,
+  0x41, 0xf1, 0xfb, 0x5e, 0x80, 0xc9, 0x77, 0x94, 0x6e, 0x22, 0x77, 0x7c,
+  0x8b, 0x5d, 0x61, 0x49, 0xfd, 0x7d, 0xe3, 0xeb, 0x80, 0x6e, 0xd2, 0x6d,
+  0x65, 0xd2, 0xb0, 0x1a, 0x4a, 0x79, 0x72, 0x6f, 0xce, 0xc8, 0x7c, 0x69,
+  0x97, 0x30, 0x7c, 0xe9, 0x8c, 0xbf, 0xb2, 0x53, 0x6b, 0x5c, 0xc4, 0x61,
+  0x02, 0x41, 0x00, 0xf2, 0xf6, 0xa5, 0xcc, 0x4d, 0x9c, 0xac, 0x6a, 0x46,
+  0xb7, 0x05, 0xd6, 0x31, 0x01, 0x1c, 0xeb, 0x09, 0x0e, 0xd6, 0x5c, 0xb0,
+  0x8a, 0x1e, 0xf3, 0xeb, 0x80, 0x09, 0x26, 0x05, 0x98, 0xb4, 0x6c, 0x0c,
+  0x53, 0xec, 0x6d, 0x72, 0x0b, 0xdd, 0xc7, 0x26, 0xbc, 0x59, 0x78, 0x0f,
+  0xe8, 0xab, 0x16, 0x5a, 0x72, 0x6a, 0x3a, 0x81, 0x81, 0x35, 0x41, 0xf6,
+  0x52, 0x9e, 0x0b, 0x38, 0xbb, 0xcf, 0x03, 0x02, 0x41, 0x00, 0xe8, 0x1b,
+  0x87, 0x82, 0x37, 0xd0, 0xb3, 0xdc, 0xb6, 0xeb, 0x6f, 0x98, 0x44, 0xfb,
+  0x13, 0xf1, 0x78, 0xc3, 0xec, 0x33, 0x93, 0xe6, 0x62, 0xf3, 0xb4, 0x4f,
+  0x98, 0x9c, 0xfa, 0x37, 0xa9, 0xf0, 0x86, 0x8a, 0x4d, 0xa3, 0xd5, 0x58,
+  0x3d, 0x61, 0xce, 0x09, 0xe8, 0x40, 0x39, 0x32, 0x6e, 0xca, 0xec, 0x2b,
+  0x6c, 0x35, 0x96, 0xaf, 0xd9, 0xcc, 0xbc, 0x9c, 0xe6, 0x88, 0xa3, 0x6c,
+  0x95, 0xc9, 0x02, 0x40, 0x75, 0xb2, 0xce, 0x76, 0xbe, 0x52, 0x5b, 0xa3,
+  0xd0, 0x45, 0xf1, 0x69, 0xe5, 0xab, 0x68, 0x5a, 0xe3, 0xb4, 0x70, 0x5b,
+  0xce, 0x99, 0xda, 0x8c, 0xc7, 0x54, 0xeb, 0x19, 0xa4, 0x34, 0x69, 0x92,
+  0xbe, 0x16, 0x19, 0xbe, 0x9b, 0x34, 0xec, 0x67, 0x01, 0x78, 0xd4, 0xce,
+  0xb8, 0xc6, 0x39, 0xbb, 0x46, 0x6d, 0x8e, 0xd0, 0x70, 0xd4, 0x2a, 0xfc,
+  0x9d, 0x5b, 0x40, 0x7c, 0xa7, 0x2b, 0x34, 0x09, 0x02, 0x41, 0x00, 0x94,
+  0xf2, 0x55, 0x9b, 0x32, 0xc6, 0x33, 0x25, 0xc8, 0x1c, 0x7d, 0x98, 0x71,
+  0x6b, 0xcd, 0xf8, 0x7f, 0x4e, 0xfb, 0x1c, 0x7e, 0x24, 0xb2, 0x0b, 0x42,
+  0x02, 0x72, 0x25, 0x0a, 0x4c, 0xfe, 0x38, 0xe3, 0x9d, 0x8d, 0x05, 0x3d,
+  0xbb, 0x4a, 0x68, 0xa1, 0x17, 0xaa, 0x7a, 0xcc, 0x39, 0x98, 0xef, 0x8f,
+  0x6e, 0xae, 0x1a, 0x15, 0x80, 0xf3, 0x7b, 0x76, 0xee, 0x18, 0xe2, 0x46,
+  0x3d, 0x40, 0x41, 0x02, 0x40, 0x4a, 0x2b, 0x94, 0xa4, 0xa1, 0x2a, 0x33,
+  0xcd, 0x7c, 0x0c, 0x9a, 0xb3, 0x72, 0x68, 0xc2, 0x52, 0xa3, 0x6e, 0xef,
+  0xe6, 0xeb, 0x0d, 0xc5, 0x47, 0x81, 0xc7, 0xd4, 0x60, 0xb4, 0xeb, 0xc3,
+  0x90, 0x94, 0x8e, 0x54, 0x50, 0x94, 0x81, 0x10, 0x6a, 0xa7, 0x5d, 0x38,
+  0xad, 0xa6, 0x8e, 0x33, 0x70, 0x29, 0xc0, 0x71, 0x70, 0x24, 0xcb, 0x85,
+  0x12, 0xc2, 0x3a, 0xd0, 0x6b, 0x23, 0xf2, 0x2f, 0xb1
+};
+unsigned int default_private_key_len = 609;

myaxtls/tls1.c

@@ -400,7 +400,7 @@ error:
  */
 int add_cert_auth(SSL_CTX *ssl_ctx, const uint8_t *buf, int len)
 {
-    int ret = SSL_OK; /* ignore errors for now */
+    int ret = X509_OK; /* ignore errors for now */
     int i = 0;
     CA_CERT_CTX *ca_cert_ctx;
 
@@ -422,10 +422,10 @@ int add_cert_auth(SSL_CTX *ssl_ctx, const uint8_t *buf, int len)
                     "compile-time configuration required\n",
                     CONFIG_X509_MAX_CA_CERTS);
 #endif
+            ret = X509_MAX_CERTS;
             break;
         }
 
-
         /* ignore the return code */
         if (x509_new(buf, &offset, &ca_cert_ctx->cert[i]) == X509_OK)
         {
@@ -1083,12 +1083,13 @@ int send_packet(SSL *ssl, uint8_t protocol, const uint8_t *in, int length)
         /* add the explicit IV for TLS1.1 */
         if (ssl->version >= SSL_PROTOCOL_VERSION1_1 &&
                         ssl->cipher_info->iv_size)
-
         {
             uint8_t iv_size = ssl->cipher_info->iv_size;
             uint8_t *t_buf = alloca(msg_length + iv_size);
             memcpy(t_buf + iv_size, ssl->bm_data, msg_length);
-            get_random(iv_size, t_buf);
+            if (get_random(iv_size, t_buf) < 0)
+                return SSL_NOT_OK;
+
             msg_length += iv_size;
             memcpy(ssl->bm_data, t_buf, msg_length);
         }
@@ -1143,7 +1144,7 @@ static int set_key_block(SSL *ssl, int is_write)
             ssl->dc->master_secret, ssl->dc->key_block,
             ciph_info->key_block_size);
 #if 0
-        print_blob("keyblock", ssl->key_block, ciph_info->key_block_size);
+        print_blob("keyblock", ssl->dc->key_block, ciph_info->key_block_size);
 #endif
     }
 
@@ -1173,7 +1174,7 @@ static int set_key_block(SSL *ssl, int is_write)
         memcpy(client_iv, q, ciph_info->iv_size);
         q += ciph_info->iv_size;
         memcpy(server_iv, q, ciph_info->iv_size);
-        //q += ciph_info->iv_size;
+        q += ciph_info->iv_size;
     }
 #endif
 
@@ -1375,8 +1376,7 @@ int basic_read(SSL *ssl, uint8_t **in_data, int in_num)
             break;
 
         case PT_APP_PROTOCOL_DATA:
-            ret = read_len;
-            if (in_data)
+            if (in_data && ssl->hs_status == SSL_OK)
             {
                 *in_data = buf;   /* point to the work buffer */
                 (*in_data)[read_len] = 0;  /* null terminate just in case */
@@ -1387,7 +1387,10 @@ int basic_read(SSL *ssl, uint8_t **in_data, int in_num)
                     ssl->read_data_in_buffer_bytes = read_len - in_num;
                     memcpy(ssl->bm_read_data, buf+in_num, ssl->read_data_in_buffer_bytes);
                 }
+	            ret = read_len;
             }
+            else
+                ret = SSL_ERROR_INVALID_PROT_MSG;
             break;
 
         case PT_ALERT_PROTOCOL:

myaxtls/tls1.h

@@ -1,6 +1,6 @@
 /*
- * Copyright (c) 2007, Cameron Rich
- *
+ * Copyright (c) 2007-2014, Cameron Rich
+ * 
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

myaxtls/tls1_clnt.c

@@ -187,7 +187,9 @@ static int send_client_hello(SSL *ssl)
     *tm_ptr++ = (uint8_t)(((long)tm & 0x00ff0000) >> 16);
     *tm_ptr++ = (uint8_t)(((long)tm & 0x0000ff00) >> 8);
     *tm_ptr++ = (uint8_t)(((long)tm & 0x000000ff));
-    get_random(SSL_RANDOM_SIZE-4, &buf[10]);
+    if (get_random(SSL_RANDOM_SIZE-4, &buf[10]) < 0)
+        return SSL_NOT_OK;
+
     memcpy(ssl->dc->client_random, &buf[6], SSL_RANDOM_SIZE);
     offset = 6 + SSL_RANDOM_SIZE;
 
@@ -313,7 +315,9 @@ static int send_client_key_xchg(SSL *ssl)
 
     premaster_secret[0] = 0x03; /* encode the version number */
     premaster_secret[1] = SSL_PROTOCOL_MINOR_VERSION; /* must be TLS 1.1 */
-    get_random(SSL_SECRET_SIZE-2, &premaster_secret[2]);
+    if (get_random(SSL_SECRET_SIZE-2, &premaster_secret[2]) < 0)
+        return SSL_NOT_OK;
+
     DISPLAY_RSA(ssl, ssl->x509_ctx->rsa_ctx);
 
     /* rsa_ctx->bi_ctx is not thread-safe */

myaxtls/x509.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2007-2014, Cameron Rich
+ * Copyright (c) 2007-2015, Cameron Rich
  * 
  * All rights reserved.
  * 
@@ -120,33 +120,63 @@ int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx)
     bi_ctx = x509_ctx->rsa_ctx->bi_ctx;
 
 #ifdef CONFIG_SSL_CERT_VERIFICATION /* only care if doing verification */
-    /* use the appropriate signature algorithm (SHA1/MD5/SHA256) */
-    if (x509_ctx->sig_type == SIG_TYPE_MD5)
+    /* use the appropriate signature algorithm */
+    switch (x509_ctx->sig_type)
     {
-        MD5_CTX md5_ctx;
-        uint8_t md5_dgst[MD5_SIZE];
-        MD5_Init(&md5_ctx);
-        MD5_Update(&md5_ctx, &cert[begin_tbs], end_tbs-begin_tbs);
-        MD5_Final(md5_dgst, &md5_ctx);
-        x509_ctx->digest = bi_import(bi_ctx, md5_dgst, MD5_SIZE);
-    }
-    else if (x509_ctx->sig_type == SIG_TYPE_SHA1)
-    {
-        SHA1_CTX sha_ctx;
-        uint8_t sha_dgst[SHA1_SIZE];
-        SHA1_Init(&sha_ctx);
-        SHA1_Update(&sha_ctx, &cert[begin_tbs], end_tbs-begin_tbs);
-        SHA1_Final(sha_dgst, &sha_ctx);
-        x509_ctx->digest = bi_import(bi_ctx, sha_dgst, SHA1_SIZE);
-    }
-    else if (x509_ctx->sig_type == SIG_TYPE_SHA256)
-    {
-        SHA256_CTX sha256_ctx;
-        uint8_t sha256_dgst[SHA256_SIZE];
-        SHA256_Init(&sha256_ctx);
-        SHA256_Update(&sha256_ctx, &cert[begin_tbs], end_tbs-begin_tbs);
-        SHA256_Final(sha256_dgst, &sha256_ctx);
-        x509_ctx->digest = bi_import(bi_ctx, sha256_dgst, SHA256_SIZE);
+        case SIG_TYPE_MD5:
+        {
+            MD5_CTX md5_ctx;
+            uint8_t md5_dgst[MD5_SIZE];
+            MD5_Init(&md5_ctx);
+            MD5_Update(&md5_ctx, &cert[begin_tbs], end_tbs-begin_tbs);
+            MD5_Final(md5_dgst, &md5_ctx);
+            x509_ctx->digest = bi_import(bi_ctx, md5_dgst, MD5_SIZE);
+        }
+            break;
+
+        case SIG_TYPE_SHA1:
+        {
+            SHA1_CTX sha_ctx;
+            uint8_t sha_dgst[SHA1_SIZE];
+            SHA1_Init(&sha_ctx);
+            SHA1_Update(&sha_ctx, &cert[begin_tbs], end_tbs-begin_tbs);
+            SHA1_Final(sha_dgst, &sha_ctx);
+            x509_ctx->digest = bi_import(bi_ctx, sha_dgst, SHA1_SIZE);
+        }
+            break;
+
+        case SIG_TYPE_SHA256:
+        {
+            SHA256_CTX sha256_ctx;
+            uint8_t sha256_dgst[SHA256_SIZE];
+            SHA256_Init(&sha256_ctx);
+            SHA256_Update(&sha256_ctx, &cert[begin_tbs], end_tbs-begin_tbs);
+            SHA256_Final(sha256_dgst, &sha256_ctx);
+            x509_ctx->digest = bi_import(bi_ctx, sha256_dgst, SHA256_SIZE);
+        }
+            break;
+
+        case SIG_TYPE_SHA384:
+        {
+            SHA384_CTX sha384_ctx;
+            uint8_t sha384_dgst[SHA384_SIZE];
+            SHA384_Init(&sha384_ctx);
+            SHA384_Update(&sha384_ctx, &cert[begin_tbs], end_tbs-begin_tbs);
+            SHA384_Final(sha384_dgst, &sha384_ctx);
+            x509_ctx->digest = bi_import(bi_ctx, sha384_dgst, SHA384_SIZE);
+        }
+            break;
+
+        case SIG_TYPE_SHA512:
+        {
+            SHA512_CTX sha512_ctx;
+            uint8_t sha512_dgst[SHA512_SIZE];
+            SHA512_Init(&sha512_ctx);
+            SHA512_Update(&sha512_ctx, &cert[begin_tbs], end_tbs-begin_tbs);
+            SHA512_Final(sha512_dgst, &sha512_ctx);
+            x509_ctx->digest = bi_import(bi_ctx, sha512_dgst, SHA512_SIZE);
+        }
+            break;
     }
 
     if (cert[offset] == ASN1_V3_DATA)
@@ -495,6 +525,12 @@ void x509_print(const X509_CTX *cert, CA_CERT_CTX *ca_cert_ctx)
         case SIG_TYPE_SHA256:
             printf("SHA256\n");
             break;
+        case SIG_TYPE_SHA384:
+            printf("SHA384\n");
+            break;
+        case SIG_TYPE_SHA512:
+            printf("SHA512\n");
+            break;
         default:
             printf("Unrecognized: %d\n", cert->sig_type);
             break;