Cyassl Conditional Compile

Developers
elsevers
2010-10-01
2013-04-23
  • elsevers
    elsevers
    2010-10-01

    Hi,

    I think I have found a mistake in ssl.c - and I just thought I'd point it out in case you are interested in such feedback.

    Around line 118 you have this function:

    int CyaSSL_negotiate(SSL* ssl)
    {
        int err;

        if (ssl->options.side == SERVER_END)
            err = SSL_accept(ssl);
        else
            err = SSL_connect(ssl);

        if (err == SSL_SUCCESS)
            return 0;
        else
            return err;
    }

    I think the server options check was supposed to be conditionally compiled in, as follows:

    int CyaSSL_negotiate(SSL* ssl)
    {
        int err;

    #ifndef NO_CYASSL_SERVER  //elsevers added
        if (ssl->options.side == SERVER_END)
            err = SSL_accept(ssl);
        else
    #endif //elsevers added
            err = SSL_connect(ssl);

        if (err == SSL_SUCCESS)
            return 0;
        else
            return err;
    }

    I also seem to be coming across an issue with the #USE_FAST_MATH define. Everything compiles without error, but my SSL handshake fails with error -229 when it is defined in the server code (whereas if I don't use fast math, I have no problems). Anyway, if I get around to looking at this more and come up with something more concrete I'll let you know.

     
  • Todd Ouska
    Todd Ouska
    2010-10-01

    Yes, both the client and server ifdefs need to be checked there, thanks.

    The normal math library can handle RSA key lengths of any size.  The fastmath library by default can only handle keys up to 2048 bits.  You can change this by changing FP_MAX_SIZE in tfm.h.  So if you need support for 3072 bit keys with fastmath you'll need to change the 4096 in FP_MAX_SIZE from 4096 to 6144 to allow for 3072 by 3072 multiplies.