diff --git a/.gitignore b/.gitignore index f5e254412..b96cadc36 100644 --- a/.gitignore +++ b/.gitignore @@ -237,3 +237,6 @@ IDE/LINUX-SGX/*.a wolfcrypt/src/port/intel/qat_test /mplabx/wolfssl.X/dist/default/ /mplabx/wolfcrypt_test.X/dist/default/ + +# Arduino Generated Files +/IDE/ARDUINO/wolfSSL diff --git a/ChangeLog b/ChangeLog deleted file mode 100644 index 87ed82401..000000000 --- a/ChangeLog +++ /dev/null @@ -1 +0,0 @@ -Please see the file 'README' in this directory. diff --git a/README b/ChangeLog.md similarity index 73% rename from README rename to ChangeLog.md index ace91ea4c..750274aed 100644 --- a/README +++ b/ChangeLog.md @@ -1,163 +1,178 @@ -*** Resources *** +# wolfSSL Release 3.15.0 (06/05/2018) - wolfSSL website: https://www.wolfssl.com/ - wolfSSL wiki: https://github.com/wolfSSL/wolfssl/wiki - wolfSSL manual: https://wolfssl.com/wolfSSL/Docs-wolfssl-manual-toc.html +Release 3.15.0 of wolfSSL embedded TLS has bug fixes and new features including: - FIPS FAQ: https://www.wolfssl.com/wolfSSL/fips.html +* Support for TLS 1.3 Draft versions 23, 26 and 28. +* Add FIPS SGX support! +* Single Precision assembly code added for ARM and 64-bit ARM to enhance performance. +* Improved performance for Single Precision maths on 32-bit. +* Improved downgrade support for the TLS 1.3 handshake. +* Improved TLS 1.3 support from interoperability testing. +* Added option to allow TLS 1.2 to be compiled out to reduce size and enhance security. +* Added option to support Ed25519 in TLS 1.2 and 1.3. +* Update wolfSSL_HMAC_Final() so the length parameter is optional. +* Various fixes for Coverity static analysis reports. +* Add define to use internal struct timeval (USE_WOLF_TIMEVAL_T). +* Switch LowResTimer() to call XTIME instead of time(0) for better portability. +* Expanded OpenSSL compatibility layer with a bevy of new functions. +* Added Renesas CS+ project files. +* Align DH support with NIST SP 800-56A, add wc_DhSetKey_ex() for q parameter. +* Add build option for CAVP self test build (--enable-selftest). +* Expose mp_toradix() when WOLFSSL_PUBLIC_MP is defined. +* Example certificate expiration dates and generation script updated. +* Additional optimizations to trim out unused strings depending on build options. +* Fix for DN tag strings to have “=” when returning the string value to users. +* Fix for wolfSSL_ERR_get_error_line_data return value if no more errors are in the queue. +* Fix for AES-CBC IV value with PIC32 hardware acceleration. +* Fix for wolfSSL_X509_print with ECC certificates. +* Fix for strict checking on URI absolute vs relative path. +* Added crypto device framework to handle PK RSA/ECC operations using callbacks, which adds new build option `./configure --enable-cryptodev` or `WOLF_CRYPTO_DEV`. +* Added devId support to ECC and PKCS7 for hardware based private key. +* Fixes in PKCS7 for handling possible memory leak in some error cases. +* Added test for invalid cert common name when set with `wolfSSL_check_domain_name`. +* Refactor of the cipher suite names to use single array, which contains internal name, IANA name and cipher suite bytes. +* Added new function `wolfSSL_get_cipher_name_from_suite` for getting IANA cipher suite name using bytes. +* Fixes for fsanitize reports. +* Fix for openssl compatibility function `wolfSSL_RSA_verify` to check returned size. +* Fixes and improvements for FreeRTOS AWS. +* Fixes for building openssl compatibility with FreeRTOS. +* Fix and new test for handling match on domain name that may have a null terminator inside. +* Cleanup of the socket close code used for examples, CRL/OCSP and BIO to use single macro `CloseSocket`. +* Refactor of the TLSX code to support returning error codes. +* Added new signature wrapper functions `wc_SignatureVerifyHash` and `wc_SignatureGenerateHash` to allow direct use of hash. +* Improvement to GCC-ARM IDE example. +* Enhancements and cleanups for the ASN date/time code including new API's `wc_GetDateInfo`, `wc_GetCertDates` and `wc_GetDateAsCalendarTime`. +* Fixes to resolve issues with C99 compliance. Added build option `WOLF_C99` to force C99. +* Added a new `--enable-opensslall` option to enable all openssl compatibility features. +* Added new `--enable-webclient` option for enabling a few HTTP API's. +* Added new `wc_OidGetHash` API for getting the hash type from a hash OID. +* Moved `wolfSSL_CertPemToDer`, `wolfSSL_KeyPemToDer`, `wolfSSL_PubKeyPemToDer` to asn.c and renamed to `wc_`. Added backwards compatibility macro for old function names. +* Added new `WC_MAX_SYM_KEY_SIZE` macro for helping determine max key size. +* Added `--enable-enckeys` or (`WOLFSSL_ENCRYPTED_KEYS`) to enable support for encrypted PEM private keys using password callback without having to use opensslextra. +* Added ForceZero on the password buffer after done using it. +* Refactor unique hash types to use same internal values (ex WC_MD5 == WC_HASH_TYPE_MD5). +* Refactor the Sha3 types to use `wc_` naming, while retaining old names for compatibility. +* Improvements to `wc_PBKDF1` to support more hash types and the non-standard extra data option. +* Fix TLS 1.3 with ECC disabled and CURVE25519 enabled. +* Added new define `NO_DEV_URANDOM` to disable the use of `/dev/urandom`. +* Added `WC_RNG_BLOCKING` to indicate block w/sleep(0) is okay. +* Fix for `HAVE_EXT_CACHE` callbacks not being available without `OPENSSL_EXTRA` defined. +* Fix for ECC max bits `MAX_ECC_BITS` not always calculating correctly due to macro order. +* Added support for building and using PKCS7 without RSA (assuming ECC is enabled). +* Fixes and additions for Cavium Nitrox V to support ECC, AES-GCM and HMAC (SHA-224 and SHA3). +* Enabled ECC, AES-GCM and SHA-512/384 by default in (Linux and Windows) +* Added `./configure --enable-base16` and `WOLFSSL_BASE16` configuration option to enable Base16 API's. +* Improvements to ATECC508A support for building without `WOLFSSL_ATMEL` defined. +* Refactor IO callback function names to use `_CTX_` to eliminate confusion about the first parameter. +* Added support for not loading a private key for server or client when `HAVE_PK_CALLBACK` is defined and the private PK callback is set. +* Added new ECC API `wc_ecc_sig_size_calc` to return max signature size for a key size. +* Cleanup ECC point import/export code and added new API `wc_ecc_import_unsigned`. +* Fixes for handling OCSP with non-blocking. +* Added new PK (Primary Key) callbacks for the VerifyRsaSign. The new callbacks API's are `wolfSSL_CTX_SetRsaVerifySignCb` and `wolfSSL_CTX_SetRsaPssVerifySignCb`. +* Added new ECC API `wc_ecc_rs_raw_to_sig` to take raw unsigned R and S and encodes them into ECDSA signature format. +* Added support for `WOLFSSL_STM32F1`. +* Cleanup of the ASN X509 header/footer and XSTRNCPY logic. +* Add copyright notice to autoconf files. (Thanks Brian Aker!) +* Updated the M4 files for autotools. (Thanks Brian Aker!) +* Add support for the cipher suite TLS_DH_anon_WITH_AES256_GCM_SHA384 with test cases. (Thanks Thivya Ashok!) +* Add the TLS alert message unknown_psk_identity (115) from RFC 4279, section 2. (Thanks Thivya Ashok!) +* Fix the case when using TCP with timeouts with TLS. wolfSSL shall be agnostic to network socket behavior for TLS. (DTLS is another matter.) The functions `wolfSSL_set_using_nonblock()` and `wolfSSL_get_using_nonblock()` are deprecated. +* Hush the AR warning when building the static library with autotools. +* Hush the “-pthread” warning when building in some environments. +* Added a dist-hook target to the Makefile to reset the default options.h file. +* Removed the need for the darwin-clang.m4 file with the updates provided by Brian A. +* Renamed the AES assembly file so GCC on the Mac will build it using the preprocessor. +* Add a disable option (--disable-optflags) to turn off the default optimization flags so user may supply their own custom flags. +* Correctly touch the dummy fips.h header. - wolfSSL API: https://wolfssl.com/wolfSSL/Docs-wolfssl-manual-17-wolfssl-api-reference.html - wolfCrypt API: https://wolfssl.com/wolfSSL/Docs-wolfssl-manual-18-wolfcrypt-api-reference.html - - TLS 1.3 https://www.wolfssl.com/docs/tls13/ - -*** Description *** - -The wolfSSL embedded SSL library (formerly CyaSSL) is a lightweight SSL/TLS -library written in ANSI C and targeted for embedded, RTOS, and -resource-constrained environments - primarily because of its small size, speed, -and feature set. It is commonly used in standard operating environments as well -because of its royalty-free pricing and excellent cross platform support. wolfSSL -supports industry standards up to the current TLS 1.3 and DTLS 1.3 levels, is up -to 20 times smaller than OpenSSL, and offers progressive ciphers such as ChaCha20, -Curve25519, NTRU, and Blake2b. User benchmarking and feedback reports -dramatically better performance when using wolfSSL over OpenSSL. - -wolfSSL is powered by the wolfCrypt library. A version of the wolfCrypt -cryptography library has been FIPS 140-2 validated (Certificate #2425). For -additional information, visit the wolfCrypt FIPS FAQ -(https://www.wolfssl.com/license/fips/) or contact fips@wolfssl.com - -*** Why choose wolfSSL? *** - -There are many reasons to choose wolfSSL as your embedded SSL solution. Some of -the top reasons include size (typical footprint sizes range from 20-100 kB), -support for the newest standards (SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3, -DTLS 1.0, and DTLS 1.2), current and progressive cipher support (including stream -ciphers), multi-platform, royalty free, and an OpenSSL compatibility API to ease -porting into existing applications which have previously used the OpenSSL package. -For a complete feature list, see https://www.wolfssl.com/docs/wolfssl-manual/ch4/ - -*** Notes, Please read *** - -Note 1) -wolfSSL as of 3.6.6 no longer enables SSLv3 by default. wolfSSL also no -longer supports static key cipher suites with PSK, RSA, or ECDH. This means -if you plan to use TLS cipher suites you must enable DH (DH is on by default), -or enable ECC (ECC is on by default), or you must enable static -key cipher suites with - WOLFSSL_STATIC_DH - WOLFSSL_STATIC_RSA - or - WOLFSSL_STATIC_PSK - -though static key cipher suites are deprecated and will be removed from future -versions of TLS. They also lower your security by removing PFS. Since current -NTRU suites available do not use ephemeral keys, WOLFSSL_STATIC_RSA needs to be -used in order to build with NTRU suites. - -When compiling ssl.c, wolfSSL will now issue a compiler error if no cipher suites -are available. You can remove this error by defining WOLFSSL_ALLOW_NO_SUITES -in the event that you desire that, i.e., you're not using TLS cipher suites. - -Note 2) -wolfSSL takes a different approach to certificate verification than OpenSSL -does. The default policy for the client is to verify the server, this means -that if you don't load CAs to verify the server you'll get a connect error, -no signer error to confirm failure (-188). -If you want to mimic OpenSSL behavior of having SSL_connect succeed even if -verifying the server fails and reducing security you can do this by calling: - -wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0); - -before calling wolfSSL_new(); Though it's not recommended. - -*** end Notes *** +If you have questions on any of this, then email us at info@wolfssl.com. +See INSTALL file for build instructions. +More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html -********* wolfSSL Release 3.14.0 (3/02/2018) +# wolfSSL Release 3.14.0 (03/02/2018) Release 3.14.0 of wolfSSL embedded TLS has bug fixes and new features including: -- TLS 1.3 draft 22 and 23 support added -- Additional unit tests for; SHA3, AES-CMAC, Ed25519, ECC, RSA-PSS, AES-GCM -- Many additions to the OpenSSL compatibility layer were made in this release. Some of these being enhancements to PKCS12, WOLFSSL_X509 use, WOLFSSL_EVP_PKEY, and WOLFSSL_BIO operations -- AVX1 and AVX2 performance improvements with ChaCha20 and Poly1305 -- Added i.MX CAAM driver support with Integrity OS support -- Improvements to logging with debugging, including exposing more API calls and adding options to reduce debugging code size -- Fix for signature type detection with PKCS7 RSA SignedData -- Public key call back functions added for DH Agree -- RSA-PSS API added for operating on non inline buffers (separate input and output buffers) -- API added for importing and exporting raw DSA parameters -- Updated DSA key generation to be FIPS 186-4 compliant -- Fix for wolfSSL_check_private_key when comparing ECC keys -- Support for AES Cipher Feedback(CFB) mode added -- Updated RSA key generation to be FIPS 186-4 compliant -- Update added for the ARM CMSIS software pack -- WOLFSSL_IGNORE_FILE_WARN macro added for avoiding build warnings when not working with autotools -- Performance improvements for AES-GCM with AVX1 and AVX2 -- Fix for possible memory leak on error case with wc_RsaKeyToDer function -- Make wc_PKCS7_PadData function available -- Updates made to building SGX on Linux -- STM32 hashing algorithm improvements including clock/power optimizations and auto detection of if SHA2 is supported -- Update static memory feature for FREERTOS use -- Reverse the order that certificates are compared during PKCS12 parse to account for case where multiple certificates have the same matching private key -- Update NGINX port to version 1.13.8 -- Support for HMAC-SHA3 added -- Added stricter ASN checks to enforce RFC 5280 rules. Thanks to the report from Professor Zhenhua Duan, Professor Cong Tian, and Ph.D candidate Chu Chen from Institute of Computing Theory and Technology (ICTT) of Xidian University. -- Option to have ecc_mul2add function public facing -- Getter function wc_PKCS7_GetAttributeValue added for PKCS7 attributes -- Macros NO_AES_128, NO_AES_192, NO_AES_256 added for AES key size selection at compile time -- Support for writing multiple organizations units (OU) and domain components (DC) with CSR and certificate creation -- Support for indefinite length BER encodings in PKCS7 -- Added API for additional validation of prime q in a public DH key -- Added support for RSA encrypt and decrypt without padding +* TLS 1.3 draft 22 and 23 support added +* Additional unit tests for; SHA3, AES-CMAC, Ed25519, ECC, RSA-PSS, AES-GCM +* Many additions to the OpenSSL compatibility layer were made in this release. Some of these being enhancements to PKCS12, WOLFSSL_X509 use, WOLFSSL_EVP_PKEY, and WOLFSSL_BIO operations +* AVX1 and AVX2 performance improvements with ChaCha20 and Poly1305 +* Added i.MX CAAM driver support with Integrity OS support +* Improvements to logging with debugging, including exposing more API calls and adding options to reduce debugging code size +* Fix for signature type detection with PKCS7 RSA SignedData +* Public key call back functions added for DH Agree +* RSA-PSS API added for operating on non inline buffers (separate input and output buffers) +* API added for importing and exporting raw DSA parameters +* Updated DSA key generation to be FIPS 186-4 compliant +* Fix for wolfSSL_check_private_key when comparing ECC keys +* Support for AES Cipher Feedback(CFB) mode added +* Updated RSA key generation to be FIPS 186-4 compliant +* Update added for the ARM CMSIS software pack +* WOLFSSL_IGNORE_FILE_WARN macro added for avoiding build warnings when not working with autotools +* Performance improvements for AES-GCM with AVX1 and AVX2 +* Fix for possible memory leak on error case with wc_RsaKeyToDer function +* Make wc_PKCS7_PadData function available +* Updates made to building SGX on Linux +* STM32 hashing algorithm improvements including clock/power optimizations and auto detection of if SHA2 is supported +* Update static memory feature for FREERTOS use +* Reverse the order that certificates are compared during PKCS12 parse to account for case where multiple certificates have the same matching private key +* Update NGINX port to version 1.13.8 +* Support for HMAC-SHA3 added +* Added stricter ASN checks to enforce RFC 5280 rules. Thanks to the report from Professor Zhenhua Duan, Professor Cong Tian, and Ph.D candidate Chu Chen from Institute of Computing Theory and Technology (ICTT) of Xidian University. +* Option to have ecc_mul2add function public facing +* Getter function wc_PKCS7_GetAttributeValue added for PKCS7 attributes +* Macros NO_AES_128, NO_AES_192, NO_AES_256 added for AES key size selection at compile time +* Support for writing multiple organizations units (OU) and domain components (DC) with CSR and certificate creation +* Support for indefinite length BER encodings in PKCS7 +* Added API for additional validation of prime q in a public DH key +* Added support for RSA encrypt and decrypt without padding See INSTALL file for build instructions. More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html -********* wolfSSL (Formerly CyaSSL) Release 3.13.0 (12/21/2017) +# wolfSSL (Formerly CyaSSL) Release 3.13.0 (12/21/2017) wolfSSL 3.13.0 includes bug fixes and new features, including support for TLS 1.3 Draft 21, performance and footprint optimizations, build fixes, updated examples and project files, and one vulnerability fix. The full list of changes and additions in this release include: -- Fixes for TLS 1.3, support for Draft 21 -- TLS 1.0 disabled by default, addition of “--enable-tlsv10” configure option -- New option to reduce SHA-256 code size at expense of performance +* Fixes for TLS 1.3, support for Draft 21 +* TLS 1.0 disabled by default, addition of “--enable-tlsv10” configure option +* New option to reduce SHA-256 code size at expense of performance (USE_SLOW_SHA256) -- New option for memory reduced build (--enable-lowresource) -- AES-GCM performance improvements on AVX1 (IvyBridge) and AVX2 -- SHA-256 and SHA-512 performance improvements using AVX1/2 ASM -- SHA-3 size and performance optimizations -- Fixes for Intel AVX2 builds on Mac/OSX -- Intel assembly for Curve25519, and Ed25519 performance optimizations -- New option to force 32-bit mode with “--enable-32bit” -- New option to disable all inline assembly with “--disable-asm” -- Ability to override maximum signature algorithms using WOLFSSL_MAX_SIGALGO -- Fixes for handling of unsupported TLS extensions. -- Fixes for compiling AES-GCM code with GCC 4.8.* -- Allow adjusting static I/O buffer size with WOLFMEM_IO_SZ -- Fixes for building without a filesystem -- Removes 3DES and SHA1 dependencies from PKCS#7 -- Adds ability to disable PKCS#7 EncryptedData type (NO_PKCS7_ENCRYPTED_DATA) -- Add ability to get client-side SNI -- Expanded OpenSSL compatibility layer -- Fix for logging file names with OpenSSL compatibility layer enabled, with +* New option for memory reduced build (--enable-lowresource) +* AES-GCM performance improvements on AVX1 (IvyBridge) and AVX2 +* SHA-256 and SHA-512 performance improvements using AVX1/2 ASM +* SHA-3 size and performance optimizations +* Fixes for Intel AVX2 builds on Mac/OSX +* Intel assembly for Curve25519, and Ed25519 performance optimizations +* New option to force 32-bit mode with “--enable-32bit” +* New option to disable all inline assembly with “--disable-asm” +* Ability to override maximum signature algorithms using WOLFSSL_MAX_SIGALGO +* Fixes for handling of unsupported TLS extensions. +* Fixes for compiling AES-GCM code with GCC 4.8.* +* Allow adjusting static I/O buffer size with WOLFMEM_IO_SZ +* Fixes for building without a filesystem +* Removes 3DES and SHA1 dependencies from PKCS#7 +* Adds ability to disable PKCS#7 EncryptedData type (NO_PKCS7_ENCRYPTED_DATA) +* Add ability to get client-side SNI +* Expanded OpenSSL compatibility layer +* Fix for logging file names with OpenSSL compatibility layer enabled, with WOLFSSL_MAX_ERROR_SZ user-overridable -- Adds static memory support to the wolfSSL example client -- Fixes for sniffer to use TLS 1.2 client method -- Adds option to wolfCrypt benchmark to benchmark individual algorithms -- Adds option to wolfCrypt benchmark to display benchmarks in powers +* Adds static memory support to the wolfSSL example client +* Fixes for sniffer to use TLS 1.2 client method +* Adds option to wolfCrypt benchmark to benchmark individual algorithms +* Adds option to wolfCrypt benchmark to display benchmarks in powers of 10 (-base10) -- Updated Visual Studio for ARM builds (for ECC supported curves and SHA-384) -- Updated Texas Instruments TI-RTOS build -- Updated STM32 CubeMX build with fixes for SHA -- Updated IAR EWARM project files -- Updated Apple Xcode projects with the addition of a benchmark example project +* Updated Visual Studio for ARM builds (for ECC supported curves and SHA-384) +* Updated Texas Instruments TI-RTOS build +* Updated STM32 CubeMX build with fixes for SHA +* Updated IAR EWARM project files +* Updated Apple Xcode projects with the addition of a benchmark example project This release of wolfSSL fixes 1 security vulnerability. @@ -170,68 +185,68 @@ who have explicitly enabled static RSA cipher suites with WOLFSSL_STATIC_RSA and use those suites on a host are affected. More information will be available on our website at: - https://wolfssl.com/wolfSSL/security/vulnerabilities.php +https://wolfssl.com/wolfSSL/security/vulnerabilities.php See INSTALL file for build instructions. More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html -********* wolfSSL (Formerly CyaSSL) Release 3.12.2 (10/23/2017) +# wolfSSL (Formerly CyaSSL) Release 3.12.2 (10/23/2017) -Release 3.12.2 of wolfSSL has bug fixes and new features including: +## Release 3.12.2 of wolfSSL has bug fixes and new features including: This release includes many performance improvements with Intel ASM (AVX/AVX2) and AES-NI. New single precision math option to speedup RSA, DH and ECC. Embedded hardware support has been expanded for STM32, PIC32MZ and ATECC508A. AES now supports XTS mode for disk encryption. Certificate improvements for setting serial number, key usage and extended key usage. Refactor of SSL_ and hash types to allow openssl coexistence. Improvements for TLS 1.3. Fixes for OCSP stapling to allow disable and WOLFSSL specific user context for callbacks. Fixes for openssl and MySQL compatibility. Updated Micrium port. Fixes for asynchronous modes. -- Added TLS extension for Supported Point Formats (ec_point_formats) -- Fix to not send OCSP stapling extensions in client_hello when not enabled -- Added new API's for disabling OCSP stapling -- Add check for SIZEOF_LONG with sun and LP64 -- Fixes for various TLS 1.3 disable options (RSA, ECC and ED/Curve 25519). -- Fix to disallow upgrading to TLS v1.3 -- Fixes for wolfSSL_EVP_CipherFinal() when message size is a round multiple of a block size. -- Add HMAC benchmark and expanded AES key size benchmarks -- Added simple GCC ARM Makefile example -- Add tests for 3072-bit RSA and DH. -- Fixed DRAFT_18 define and fixed downgrading with TLS v1.3 -- Fixes to allow custom serial number during certificate generation -- Add method to get WOLFSSL_CTX certificate manager -- Improvement to `wolfSSL_SetOCSP_Cb` to allow context per WOLFSSL object -- Alternate certificate chain support `WOLFSSL_ALT_CERT_CHAINS`. Enables checking cert against multiple CA's. -- Added new `--disable-oldnames` option to allow for using openssl along-side wolfssl headers (without OPENSSL_EXTRA). -- Refactor SSL_ and hashing types to use wolf specific prefix (WOLFSSL and WC_) to allow openssl coexistence. -- Fixes for HAVE_INTEL_MULX -- Cleanup include paths for MySQL cmake build -- Added configure option for building library for wolfSSH (--enable-wolfssh) -- Openssl compatibility layer improvements -- Expanded API unit tests -- Fixes for STM32 crypto hardware acceleration -- Added AES XTS mode (--enable-xts) -- Added ASN Extended Key Usage Support (see wc_SetExtKeyUsage). -- Math updates and added TFM_MIPS speedup. -- Fix for creation of the KeyUsage BitString -- Fix for 8k keys with MySQL compatibility -- Fixes for ATECC508A. -- Fixes for PIC32MZ hashing. -- Fixes and improvements to asynchronous modes for Intel QuickAssist and Cavium Nitrox V. -- Update HASH_DRBG Reseed mechanism and add test case -- Rename the file io.h/io.c to wolfio.h/wolfio.c -- Cleanup the wolfIO_Send function. -- OpenSSL Compatibility Additions and Fixes -- Improvements to Visual Studio DLL project/solution. -- Added function to generate public ECC key from private key -- Added async blocking support for sniffer tool. -- Added wolfCrypt hash tests for empty string and large data. -- Added ability to use of wolf implementation of `strtok` using `USE_WOLF_STRTOK`. -- Updated Micrium uC/OS-III Port -- Updated root certs for OCSP scripts -- New Single Precision math option for RSA, DH and ECC (off by default). See `--enable-sp`. -- Speedups for AES GCM with AESNI (--enable-aesni) -- Speedups for SHA2, ChaCha20/Poly1035 using AVX/AVX2 +* Added TLS extension for Supported Point Formats (ec_point_formats) +* Fix to not send OCSP stapling extensions in client_hello when not enabled +* Added new API's for disabling OCSP stapling +* Add check for SIZEOF_LONG with sun and LP64 +* Fixes for various TLS 1.3 disable options (RSA, ECC and ED/Curve 25519). +* Fix to disallow upgrading to TLS v1.3 +* Fixes for wolfSSL_EVP_CipherFinal() when message size is a round multiple of a block size. +* Add HMAC benchmark and expanded AES key size benchmarks +* Added simple GCC ARM Makefile example +* Add tests for 3072-bit RSA and DH. +* Fixed DRAFT_18 define and fixed downgrading with TLS v1.3 +* Fixes to allow custom serial number during certificate generation +* Add method to get WOLFSSL_CTX certificate manager +* Improvement to `wolfSSL_SetOCSP_Cb` to allow context per WOLFSSL object +* Alternate certificate chain support `WOLFSSL_ALT_CERT_CHAINS`. Enables checking cert against multiple CA's. +* Added new `--disable-oldnames` option to allow for using openssl along-side wolfssl headers (without OPENSSL_EXTRA). +* Refactor SSL_ and hashing types to use wolf specific prefix (WOLFSSL and WC_) to allow openssl coexistence. +* Fixes for HAVE_INTEL_MULX +* Cleanup include paths for MySQL cmake build +* Added configure option for building library for wolfSSH (--enable-wolfssh) +* Openssl compatibility layer improvements +* Expanded API unit tests +* Fixes for STM32 crypto hardware acceleration +* Added AES XTS mode (--enable-xts) +* Added ASN Extended Key Usage Support (see wc_SetExtKeyUsage). +* Math updates and added TFM_MIPS speedup. +* Fix for creation of the KeyUsage BitString +* Fix for 8k keys with MySQL compatibility +* Fixes for ATECC508A. +* Fixes for PIC32MZ hashing. +* Fixes and improvements to asynchronous modes for Intel QuickAssist and Cavium Nitrox V. +* Update HASH_DRBG Reseed mechanism and add test case +* Rename the file io.h/io.c to wolfio.h/wolfio.c +* Cleanup the wolfIO_Send function. +* OpenSSL Compatibility Additions and Fixes +* Improvements to Visual Studio DLL project/solution. +* Added function to generate public ECC key from private key +* Added async blocking support for sniffer tool. +* Added wolfCrypt hash tests for empty string and large data. +* Added ability to use of wolf implementation of `strtok` using `USE_WOLF_STRTOK`. +* Updated Micrium uC/OS-III Port +* Updated root certs for OCSP scripts +* New Single Precision math option for RSA, DH and ECC (off by default). See `--enable-sp`. +* Speedups for AES GCM with AESNI (--enable-aesni) +* Speedups for SHA2, ChaCha20/Poly1035 using AVX/AVX2 -********* wolfSSL (Formerly CyaSSL) Release 3.12.0 (8/04/2017) +# wolfSSL (Formerly CyaSSL) Release 3.12.0 (8/04/2017) -Release 3.12.0 of wolfSSL has bug fixes and new features including: +## Release 3.12.0 of wolfSSL has bug fixes and new features including: - TLS 1.3 with Nginx! TLS 1.3 with ARMv8! TLS 1.3 with Async Crypto! (--enable-tls13) - TLS 1.3 0RTT feature added @@ -286,9 +301,9 @@ See INSTALL file for build instructions. More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html -********* wolfSSL (Formerly CyaSSL) Release 3.11.1 (5/11/2017) +# wolfSSL (Formerly CyaSSL) Release 3.11.1 (5/11/2017) -Release 3.11.1 of wolfSSL is a TLS 1.3 BETA release, which includes: +## Release 3.11.1 of wolfSSL is a TLS 1.3 BETA release, which includes: - TLS 1.3 client and server support for TLS 1.3 with Draft 18 support @@ -300,9 +315,9 @@ See INSTALL file for build instructions. More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html -********* wolfSSL (Formerly CyaSSL) Release 3.11.0 (5/04/2017) +# wolfSSL (Formerly CyaSSL) Release 3.11.0 (5/04/2017) -Release 3.11.0 of wolfSSL has bug fixes and new features including: +## Release 3.11.0 of wolfSSL has bug fixes and new features including: - Code updates for warnings reported by Coverity scans - Testing and warning fixes for FreeBSD on PowerPC @@ -316,7 +331,7 @@ Release 3.11.0 of wolfSSL has bug fixes and new features including: - Added support for HAproxy load balancer - Added option to allow SHA1 with TLS 1.2 for IIS compatibility (WOLFSSL_ALLOW_TLS_SHA1) - Added Curve25519 51-bit Implementation, increasing performance on systems that have 128 bit types -- Fix to not send session ID on server side if session cache is off unless we're echoing +- Fix to not send session ID on server side if session cache is off unless we're echoing session ID as part of session tickets - Fixes for ensuring all default ciphers are setup correctly (see PR #830) - Added NXP Hexiwear example in `IDE/HEXIWEAR`. @@ -324,7 +339,7 @@ session ID as part of session tickets - Fixes for TLS elliptic curve selection on private key import. - Fixes for RNG with Intel rdrand and rdseed speedups. - Improved performance with Intel rdrand to use full 64-bit output -- Added new --enable-intelrand option to indicate use of RDRAND preference for RNG source +- Added new --enable-intelrand option to indicate use of RDRAND preference for RNG source - Removed RNG ARC4 support - Added ECC helpers to get size and id from curve name. - Added ECC Cofactor DH (ECC-CDH) support @@ -346,7 +361,6 @@ session ID as part of session tickets - Added a sanity check for minimum authentication tag size with AES-GCM. Thanks to Yueh-Hsun Lin and Peng Li at KNOX Security at Samsung Research America for suggesting this. - Added a sanity check that subject key identifier is marked as non-critical and a check that no policy OIDS appear more than once in the cert policies extension. Thanks to the report from Professor Zhenhua Duan, Professor Cong Tian, and Ph.D candidate Chu Chen from Institute of Computing Theory and Technology (ICTT) of Xidian University, China. Profs. Zhenhua Duan and Cong Tian are supervisors of Ph.D candidate Chu Chen. - This release of wolfSSL fixes 5 low and 1 medium level security vulnerability. 3 Low level fixes reported by Yueh-Hsun Lin and Peng Li from KNOX Security, Samsung Research America. @@ -356,6 +370,7 @@ This release of wolfSSL fixes 5 low and 1 medium level security vulnerability. Low level fix for memory management with static memory feature enabled. By default static memory is disabled. Thanks to GitHub user hajjihraf for reporting this. + Low level fix for out of bounds write in the function wolfSSL_X509_NAME_get_text_by_NID. This function is not used by TLS or crypto operations but could result in a buffer out of bounds write by one if called explicitly in an application. Discovered by Aleksandar Nikolic of Cisco Talos. http://talosintelligence.com/vulnerability-reports/ Medium level fix for check on certificate signature. There is a case in release versions 3.9.10, 3.10.0 and 3.10.2 where a corrupted signature on a peer certificate would not be properly flagged. Thanks to Wens Lo, James Tsai, Kenny Chang, and Oscar Yang at Castles Technology. @@ -365,9 +380,9 @@ See INSTALL file for build instructions. More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html -********* wolfSSL (Formerly CyaSSL) Release 3.10.2 (2/10/2017) +# wolfSSL (Formerly CyaSSL) Release 3.10.2 (2/10/2017) -Release 3.10.2 of wolfSSL has bug fixes and new features including: +## Release 3.10.2 of wolfSSL has bug fixes and new features including: - Poly1305 Windows macros fix. Thanks to GitHub user Jay Satiro - Compatibility layer expanded with multiple functions added @@ -399,9 +414,10 @@ Low level fix for potential cache attack on RSA operations. If using wolfSSL RSA See INSTALL file for build instructions. More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html -********* wolfSSL (Formerly CyaSSL) Release 3.10.0 (12/21/2016) -Release 3.10.0 of wolfSSL has bug fixes and new features including: +# wolfSSL (Formerly CyaSSL) Release 3.10.0 (12/21/2016) + +## Release 3.10.0 of wolfSSL has bug fixes and new features including: - Added support for SHA224 - Added scrypt feature @@ -436,9 +452,10 @@ https://wolfssl.com/wolfSSL/security/vulnerabilities.php See INSTALL file for build instructions. More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html -********* wolfSSL (Formerly CyaSSL) Release 3.9.10 (9/23/2016) -Release 3.9.10 of wolfSSL has bug fixes and new features including: +# wolfSSL (Formerly CyaSSL) Release 3.9.10 (9/23/2016) + +## Release 3.9.10 of wolfSSL has bug fixes and new features including: - Default configure option changes: 1. DES3 disabled by default @@ -470,14 +487,15 @@ need to update if they utilize AES, RSA private keys, or ECC private keys. Thanks to Gorka Irazoqui Apecechea and Xiaofei Guo from Intel Corporation for the report. More information will be available on our site: - https://wolfssl.com/wolfSSL/security/vulnerabilities.php +https://wolfssl.com/wolfSSL/security/vulnerabilities.php See INSTALL file for build instructions. -More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html +More info can be found on-line at https://wolfssl.com/wolfSSL/Docs.html -********* wolfSSL (Formerly CyaSSL) Release 3.9.8 (7/29/2016) -Release 3.9.8 of wolfSSL has bug fixes and new features including: +# wolfSSL (Formerly CyaSSL) Release 3.9.8 (7/29/2016) + +##Release 3.9.8 of wolfSSL has bug fixes and new features including: - Add support for custom ECC curves. - Add cipher suite ECDHE-ECDSA-AES128-CCM. @@ -519,9 +537,9 @@ Release 3.9.8 of wolfSSL has bug fixes and new features including: See INSTALL file for build instructions. More info can be found on-line at //http://wolfssl.com/wolfSSL/Docs.html - ********* wolfSSL (Formerly CyaSSL) Release 3.9.6 (6/14/2016) +# wolfSSL (Formerly CyaSSL) Release 3.9.6 (6/14/2016) -Release 3.9.6 of wolfSSL has bug fixes and new features including: +##Release 3.9.6 of wolfSSL has bug fixes and new features including: - Add staticmemory feature - Add public wc_GetTime API with base64encode feature @@ -556,14 +574,13 @@ Release 3.9.6 of wolfSSL has bug fixes and new features including: recommend updating to the latest - (1) Code changes for ECC fix can be found at pull requests #411, #416, and #428 - (2) Builds using RSA with using normal math and not RSA_LOW_MEM should update -- Tag 3.9.6w is for a Windows example echoserver fix See INSTALL file for build instructions. More info can be found on-line at //http://wolfssl.com/wolfSSL/Docs.html - ********* wolfSSL (Formerly CyaSSL) Release 3.9.0 (3/18/2016) +# wolfSSL (Formerly CyaSSL) Release 3.9.0 (03/18/2016) -Release 3.9.0 of wolfSSL has bug fixes and new features including: +##Release 3.9.0 of wolfSSL has bug fixes and new features including: - Add new leantls configuration - Add RSA OAEP padding at wolfCrypt level @@ -596,9 +613,9 @@ sized hash fix See INSTALL file for build instructions. More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html - ********* wolfSSL (Formerly CyaSSL) Release 3.8.0 (12/30/2015) +# wolfSSL (Formerly CyaSSL) Release 3.8.0 (12/30/2015) -Release 3.8.0 of wolfSSL has bug fixes and new features including: +##Release 3.8.0 of wolfSSL has bug fixes and new features including: - Example client/server with VxWorks - AESNI use with AES-GCM @@ -619,9 +636,9 @@ recommend updating to the latest See INSTALL file for build instructions. More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html - ********* wolfSSL (Formerly CyaSSL) Release 3.7.0 (10/26/2015) +# wolfSSL (Formerly CyaSSL) Release 3.7.0 (10/26/2015) -Release 3.7.0 of wolfSSL has bug fixes and new features including: +##Release 3.7.0 of wolfSSL has bug fixes and new features including: - ALPN extension support added for HTTP2 connections with --enable-alpn - Change of example/client/client max fragment flag -L -> -F @@ -650,33 +667,33 @@ recommend updating to the latest See INSTALL file for build instructions. More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html - ********* wolfSSL (Formerly CyaSSL) Release 3.6.8 (09/17/2015) +#wolfSSL (Formerly CyaSSL) Release 3.6.8 (09/17/2015) -Release 3.6.8 of wolfSSL fixes two high severity vulnerabilities. It also -includes bug fixes and new features including: +##Release 3.6.8 of wolfSSL fixes two high severity vulnerabilities. +##It also includes bug fixes and new features including: - Two High level security fixes, all users SHOULD update. a) If using wolfSSL for DTLS on the server side of a publicly accessible machine you MUST update. b) If using wolfSSL for TLS on the server side with private RSA keys allowing - ephemeral key exchange without low memory optimizations you MUST update and + ephemeral key exchange without low memory optimziations you MUST update and regenerate the private RSA keys. Please see https://www.wolfssl.com/wolfSSL/Blog/Blog.html for more details - No filesystem build fixes for various configurations - Certificate generation now supports several extensions including KeyUsage, - SKID, AKID, and Certificate Policies + SKID, AKID, and Ceritifcate Policies - CRLs can be loaded from buffers as well as files now -- SHA-512 Certificate Signing generation +- SHA-512 Ceritifcate Signing generation - Fixes for sniffer reassembly processing See INSTALL file for build instructions. More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html - ********* wolfSSL (Formerly CyaSSL) Release 3.6.6 (08/20/2015) +#wolfSSL (Formerly CyaSSL) Release 3.6.6 (08/20/2015) -Release 3.6.6 of wolfSSL has bug fixes and new features including: +##Release 3.6.6 of wolfSSL has bug fixes and new features including: - OpenSSH compatibility with --enable-openssh - stunnel compatibility with --enable-stunnel @@ -692,22 +709,23 @@ Release 3.6.6 of wolfSSL has bug fixes and new features including: size is smaller than the total message size, no user action required. - DTLS duplicate message fixes - Visual Studio project files now support DLL and static builds for 32/64bit. -- Support for new Freescale I/O +- Support for new Freesacle I/O - FreeRTOS FIPS support - No high level security fixes that requires an update though we always recommend updating to the latest See INSTALL file for build instructions. -More information can be found on-line at //http://wolfssl.com/yaSSL/Docs.html +More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html - **************** wolfSSL (Formerly CyaSSL) Release 3.6.0 (06/19/2015) -Release 3.6.0 of wolfSSL has bug fixes and new features including: +#wolfSSL (Formerly CyaSSL) Release 3.6.0 (06/19/2015) + +##Release 3.6.0 of wolfSSL has bug fixes and new features including: - Max Strength build that only allows TLSv1.2, AEAD ciphers, and PFS (Perfect Forward Secrecy). With --enable-maxstrength -- Server side session ticket support, the example server and echoserver use the +- Server side session ticket support, the example server and echosever use the example callback myTicketEncCb(), see wolfSSL_CTX_set_TicketEncCb() - FIPS version submitted for iOS. - TI Crypto Hardware Acceleration @@ -723,8 +741,8 @@ Release 3.6.0 of wolfSSL has bug fixes and new features including: - ECC make key crash fix on RNG failure, ECC users must update. - Improvements to usage of time code. - Improvements to VS solution files. -- GNU Binutils 2.24 (and late 2.23) ld has problems with some debug builds, - to fix an ld error add C_EXTRA_FLAGS="-fdebug-types-section -g1". +- GNU Binutils 2.24 ld has problems with some debug builds, to fix an ld error + add -fdebug-types-section to C_EXTRA_FLAGS - No high level security fixes that requires an update though we always recommend updating to the latest (except note 14, ecc RNG failure) @@ -733,9 +751,22 @@ See INSTALL file for build instructions. More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html - *****************wolfSSL (Formerly CyaSSL) Release 3.4.6 (03/30/2015) +#wolfSSL (Formerly CyaSSL) Release 3.4.8 (04/06/2015) -Release 3.4.6 of wolfSSL has bug fixes and new features including: +##Release 3.4.8 of wolfSSL has bug fixes and new features including: + +- FIPS version submitted for iOS. +- Max Strength build that only allows TLSv1.2, AEAD ciphers, and PFS. +- Improvements to usage of time code. +- Improvements to VS solution files. + +See INSTALL file for build instructions. +More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html + + +#wolfSSL (Formerly CyaSSL) Release 3.4.6 (03/30/2015) + +##Release 3.4.6 of wolfSSL has bug fixes and new features including: - Intel Assembly Speedups using instructions rdrand, rdseed, aesni, avx1/2, rorx, mulx, adox, adcx . They can be enabled with --enable-intelasm. @@ -771,9 +802,9 @@ See INSTALL file for build instructions. More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html - *****************wolfSSL (Formerly CyaSSL) Release 3.4.0 (02/23/2015) +#wolfSSL (Formerly CyaSSL) Release 3.4.0 (02/23/2015) -Release 3.4.0 wolfSSL has bug fixes and new features including: +## Release 3.4.0 wolfSSL has bug fixes and new features including: - wolfSSL API and wolfCrypt API, you can still include the cyassl and ctaocrypt headers which will enable the compatibility APIs for the foreseeable future @@ -797,14 +828,14 @@ Release 3.4.0 wolfSSL has bug fixes and new features including: recommend updating to the latest - ***********CyaSSL Release 3.3.0 (12/05/2014) +# CyaSSL Release 3.3.0 (12/05/2014) - Countermeasuers for Handshake message duplicates, CHANGE CIPHER without FINISHED, and fast forward attempts. Thanks to Karthikeyan Bhargavan from the Prosecco team at INRIA Paris-Rocquencourt for the report. - FIPS version submitted - Removes SSLv2 Client Hello processing, can be enabled with OLD_HELLO_ALLOWED -- User can set minimum downgrade version with CyaSSL_SetMinVersion() +- User can set mimimum downgrade version with CyaSSL_SetMinVersion() - Small stack improvements at TLS/SSL layer - TLS Master Secret generation and Key Expansion are now exposed - Adds client side Secure Renegotiation, * not recommended * @@ -824,9 +855,9 @@ http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions and comments about the new features please check the manual. -***********CyaSSL Release 3.2.0 (09/10/2014) +# CyaSSL Release 3.2.0 (09/10/2014) -Release 3.2.0 CyaSSL has bug fixes and new features including: +#### Release 3.2.0 CyaSSL has bug fixes and new features including: - ChaCha20 and Poly1305 crypto and suites - Small stack improvements for OCSP, CRL, TLS, DTLS @@ -849,9 +880,9 @@ http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions and comments about the new features please check the manual. -************ CyaSSL Release 3.1.0 (07/14/2014) +# CyaSSL Release 3.1.0 (07/14/2014) -Release 3.1.0 CyaSSL has bug fixes and new features including: +#### Release 3.1.0 CyaSSL has bug fixes and new features including: - Fix for older versions of icc without 128-bit type - Intel ASM syntax for AES-NI @@ -867,13 +898,13 @@ Release 3.1.0 CyaSSL has bug fixes and new features including: - Updated example certificates The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions and comments about the new features please check the manual. -************ CyaSSL Release 3.0.2 (05/30/2014) +# CyaSSL Release 3.0.2 (05/30/2014) -Release 3.0.2 CyaSSL has bug fixes and new features including: +#### Release 3.0.2 CyaSSL has bug fixes and new features including: - Added the following cipher suites: * TLS_PSK_WITH_AES_128_GCM_SHA256 @@ -893,13 +924,13 @@ Release 3.0.2 CyaSSL has bug fixes and new features including: - Updated the Hash DRBG and provided a configure option to enable. The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions and comments about the new features please check the manual. -************ CyaSSL Release 3.0.0 (04/29/2014) +# CyaSSL Release 3.0.0 (04/29/2014) -Release 3.0.0 CyaSSL has bug fixes and new features including: +#### Release 3.0.0 CyaSSL has bug fixes and new features including: - FIPS release candidate - X.509 improvements that address items reported by Suman Jana with security @@ -909,13 +940,13 @@ Release 3.0.0 CyaSSL has bug fixes and new features including: - Updated AES-CCM-8 cipher suites to use approved suite numbers. The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions and comments about the new features please check the manual. -************ CyaSSL Release 2.9.4 (04/09/2014) +# CyaSSL Release 2.9.4 (04/09/2014) -Release 2.9.4 CyaSSL has bug fixes and new features including: +#### Release 2.9.4 CyaSSL has bug fixes and new features including: - Security fixes that address items reported by Ivan Fratric of the Google Security Team @@ -931,13 +962,13 @@ Release 2.9.4 CyaSSL has bug fixes and new features including: handling and reduce memory fragmentation on I/O large sizes The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions and comments about the new features please check the manual. -************ CyaSSL Release 2.9.0 (02/07/2014) +# CyaSSL Release 2.9.0 (02/07/2014) -Release 2.9.0 CyaSSL has bug fixes and new features including: +#### Release 2.9.0 CyaSSL has bug fixes and new features including: - Freescale Kinetis RNGB support - Freescale Kinetis mmCAU support - TLS Hello extensions @@ -973,9 +1004,9 @@ User Guide": http://cache.freescale.com/files/32bit/doc/user_guide/CAUAPIUG.pdf -*****************CyaSSL Release 2.8.0 (8/30/2013) +# CyaSSL Release 2.8.0 (8/30/2013) -Release 2.8.0 CyaSSL has bug fixes and new features including: +#### Release 2.8.0 CyaSSL has bug fixes and new features including: - AES-GCM and AES-CCM use AES-NI - NetX default IO callback handlers - IPv6 fixes for DTLS Hello Cookies @@ -989,13 +1020,13 @@ Release 2.8.0 CyaSSL has bug fixes and new features including: The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions and comments about the new features please check the manual. -*****************CyaSSL Release 2.7.0 (6/17/2013) +# CyaSSL Release 2.7.0 (6/17/2013) -Release 2.7.0 CyaSSL has bug fixes and new features including: +#### Release 2.7.0 CyaSSL has bug fixes and new features including: - SNI support for client and server - KEIL MDK-ARM projects - Wildcard check to domain name match, and Subject altnames are checked too @@ -1015,21 +1046,23 @@ Release 2.7.0 CyaSSL has bug fixes and new features including: When compiling with Mingw, libtool may give the following warning due to path conversion errors: - + +``` libtool: link: Could not determine host file name corresponding to ** libtool: link: Continuing, but uninstalled executables may not work. +``` If so, examples and testsuite will have problems when run, showing an error while loading shared libraries. To resolve, please run "make install". The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions and comments about the new features please check the manual. -************** CyaSSL Release 2.6.0 (04/15/2013) +# CyaSSL Release 2.6.0 (04/15/2013) -Release 2.6.0 CyaSSL has bug fixes and new features including: +#### Release 2.6.0 CyaSSL has bug fixes and new features including: - DTLS 1.2 support including AEAD ciphers - SHA-3 finalist Blake2 support, it's fast and uses little resources - SHA-384 cipher suites including ECC ones @@ -1059,7 +1092,7 @@ Release 2.6.0 CyaSSL has bug fixes and new features including: 3) C_EXTRA_FLAGS=-DTFM_NO_ASM , turn off assembly use 4) use clang, it just seems to work 5) play around with no PIC options to force all registers being open, - e.g, --without-pic + e.g., --without-pic 6) if static lib is still a problem try removing fPIE - Many new ./configure switches for option enable/disable for example * rsa @@ -1078,14 +1111,14 @@ Release 2.6.0 CyaSSL has bug fixes and new features including: automake to 1.11 and autoconf to 2.63 The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions and comments about the new features please check the manual. -************** CyaSSL Release 2.5.0 (02/04/2013) +# CyaSSL Release 2.5.0 (02/04/2013) -Release 2.5.0 CyaSSL has bug fixes and new features including: +#### Release 2.5.0 CyaSSL has bug fixes and new features including: - Fix for TLS CBC padding timing attack identified by Nadhem Alfardan and Kenny Paterson: http://www.isg.rhul.ac.uk/tls/ - Microchip PIC32 (MIPS16, MIPS32) support @@ -1126,14 +1159,14 @@ STM32F2 Standard Peripheral Library can be found in the following document: http://www.st.com/internet/com/TECHNICAL_RESOURCES/TECHNICAL_LITERATURE/USER_MANUAL/DM00023896.pdf The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions and comments about the new features please check the manual. -*************** CyaSSL Release 2.4.6 (12/20/2012) +# CyaSSL Release 2.4.6 (12/20/2012) -Release 2.4.6 CyaSSL has bug fixes and a few new features including: +#### Release 2.4.6 CyaSSL has bug fixes and a few new features including: - ECC into main version - Lean PSK build (reduced code size, RAM usage, and stack usage) - FreeBSD CRL monitor support @@ -1154,26 +1187,26 @@ K70 Sub-Family Reference Manual: http://cache.freescale.com/files/microcontrollers/doc/ref_manual/K70P256M150SF3RM.pdf The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions and comments about the new features please check the manual. -*************** CyaSSL Release 2.4.0 (10/10/2012) +# CyaSSL Release 2.4.0 (10/10/2012) -Release 2.4.0 CyaSSL has bug fixes and a few new features including: +#### Release 2.4.0 CyaSSL has bug fixes and a few new features including: - DTLS reliability - Reduced memory usage after handshake - Updated build process The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions and comments about the new features please check the manual. -*************** CyaSSL Release 2.3.0 (8/10/2012) +# CyaSSL Release 2.3.0 (8/10/2012) -Release 2.3.0 CyaSSL has bug fixes and a few new features including: +#### Release 2.3.0 CyaSSL has bug fixes and a few new features including: - AES-GCM crypto and cipher suites - make test cipher suite checks - Subject AltName processing @@ -1185,14 +1218,14 @@ Release 2.3.0 CyaSSL has bug fixes and a few new features including: - DTLS Cookie support, reliability coming soon The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions and comments about the new features please check the manual. -***************CyaSSL Release 2.2.0 (5/18/2012) +# CyaSSL Release 2.2.0 (5/18/2012) -Release 2.2.0 CyaSSL has bug fixes and a few new features including: +#### Release 2.2.0 CyaSSL has bug fixes and a few new features including: - Initial CRL support (--enable-crl) - Initial OCSP support (--enable-ocsp) - Add static ECDH suites @@ -1204,14 +1237,14 @@ Release 2.2.0 CyaSSL has bug fixes and a few new features including: The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions and comments about the new features please check the manual. -***************CyaSSL Release 2.0.8 (2/24/2012) +# CyaSSL Release 2.0.8 (2/24/2012) -Release 2.0.8 CyaSSL has bug fixes and a few new features including: +#### Release 2.0.8 CyaSSL has bug fixes and a few new features including: - A fix for malicious certificates pointed out by Remi Gacogne (thanks) resulting in NULL pointer use. - Respond to renegotiation attempt with no_renegoatation alert @@ -1221,14 +1254,14 @@ Release 2.0.8 CyaSSL has bug fixes and a few new features including: The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions and comments about the new features please check the manual. -************* CyaSSL Release 2.0.6 (1/27/2012) +# CyaSSL Release 2.0.6 (1/27/2012) -Release 2.0.6 CyaSSL has bug fixes and a few new features including: +#### Release 2.0.6 CyaSSL has bug fixes and a few new features including: - Fixes for CA basis constraint check - CTX reference counting - Initial unit test additions @@ -1240,14 +1273,14 @@ Release 2.0.6 CyaSSL has bug fixes and a few new features including: - Export Base64_Encode for general use The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions and comments about the new features please check the manual. -************* CyaSSL Release 2.0.2 (12/05/2011) +# CyaSSL Release 2.0.2 (12/05/2011) -Release 2.0.2 CyaSSL has bug fixes and a few new features including: +#### Release 2.0.2 CyaSSL has bug fixes and a few new features including: - CTaoCrypt Runtime library detection settings when directly using the crypto library - Default certificate generation now uses SHAwRSA and adds SHA256wRSA generation @@ -1257,14 +1290,14 @@ Release 2.0.2 CyaSSL has bug fixes and a few new features including: - Microchip pic32 support The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions and comments about the new features please check the manual. -************* CyaSSL Release 2.0.0rc3 (9/28/2011) +# CyaSSL Release 2.0.0rc3 (9/28/2011) -Release 2.0.0rc3 for CyaSSL has bug fixes and a few new features including: +#### Release 2.0.0rc3 for CyaSSL has bug fixes and a few new features including: - updated autoconf support - better make install and uninstall (uses system directories) - make test / make check @@ -1281,12 +1314,12 @@ changes are required. Special Thanks to Brian Aker for his autoconf, install, and header patches. The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions and comments about the new features please check the manual. -************CyaSSL Release 2.0.0rc2 (6/6/2011) +# CyaSSL Release 2.0.0rc2 (6/6/2011) -Release 2.0.0rc2 for CyaSSL has bug fixes and a few new features including: +#### Release 2.0.0rc2 for CyaSSL has bug fixes and a few new features including: - bug fixes (Alerts, DTLS with DHE) - FreeRTOS support - lwIP support @@ -1297,15 +1330,15 @@ Release 2.0.0rc2 for CyaSSL has bug fixes and a few new features including: - and more. This is the 2nd and perhaps final release candidate for version 2. -Please send any comments or questions to support@wolfssl.com. +Please send any comments or questions to support@yassl.com. The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions and comments about the new features please check the manual. -***********CyaSSL Release 2.0.0rc1 (5/2/2011) +# CyaSSL Release 2.0.0rc1 (5/2/2011) -Release 2.0.0rc1 for CyaSSL has many new features including: +#### Release 2.0.0rc1 for CyaSSL has many new features including: - bug fixes - SHA-256 cipher suites - Root Certificate Verification (instead of needing all certs in the chain) @@ -1330,13 +1363,13 @@ Release 2.0.0rc1 for CyaSSL has many new features including: Because of all the new features and the multiple OS, compiler, feature-set options that CyaSSL allows, there may be some configuration fixes needed. -Please send any comments or questions to support@wolfssl.com. +Please send any comments or questions to support@yassl.com. The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions and comments about the new features please check the manual. -****************** CyaSSL Release 1.9.0 (3/2/2011) +# CyaSSL Release 1.9.0 (3/2/2011) Release 1.9.0 for CyaSSL adds bug fixes, improved TLSv1.2 through testing and better hash/sig algo ids, --enable-webServer for the yaSSL embedded web server, @@ -1346,9 +1379,9 @@ more. The CyaSSL manual offering is included in the doc/ directory. For build instructions and comments about the new features please check the manual. -Please send any comments or questions to support@wolfssl.com. +Please send any comments or questions to support@yassl.com. -****************** CyaSSL Release 1.8.0 (12/23/2010) +# CyaSSL Release 1.8.0 (12/23/2010) Release 1.8.0 for CyaSSL adds bug fixes, x509 v3 CA signed certificate generation, a C standard library abstraction layer, lower memory use, increased @@ -1358,12 +1391,12 @@ suites when used in conjunction with an NTRU license and library. The initial CyaSSL manual offering is included in the doc/ directory. For build instructions and comments about the new features please check the manual. -Please send any comments or questions to support@wolfssl.com. +Please send any comments or questions to support@yassl.com. Happy Holidays. -********************* CyaSSL Release 1.6.5 (9/9/2010) +# CyaSSL Release 1.6.5 (9/9/2010) Release 1.6.5 for CyaSSL adds bug fixes and x509 v3 self signed certificate generation. @@ -1376,7 +1409,7 @@ To enable certificate generation support add this option to ./configure An example is included in ctaocrypt/test/test.c and documentation is provided in doc/CyaSSL_Extensions_Reference.pdf item 11. -********************** CyaSSL Release 1.6.0 (8/27/2010) +# CyaSSL Release 1.6.0 (8/27/2010) Release 1.6.0 for CyaSSL adds bug fixes, RIPEMD-160, SHA-512, and RSA key generation. @@ -1399,7 +1432,7 @@ off by default. To turn key generation on add the define CYASSL_KEY_GEN to CyaSSL. -************* CyaSSL Release 1.5.6 (7/28/2010) +# CyaSSL Release 1.5.6 (7/28/2010) Release 1.5.6 for CyaSSL adds bug fixes, compatibility for our JSSE provider, and a fix for GCC builds on some systems. @@ -1411,7 +1444,7 @@ To add AES-NI support add this option to ./configure You'll need GCC 4.4.3 or later to make use of the assembly. -************** CyaSSL Release 1.5.4 (7/7/2010) +# CyaSSL Release 1.5.4 (7/7/2010) Release 1.5.4 for CyaSSL adds bug fixes, support for AES-NI, SHA1 speed improvements from loop unrolling, and support for the Mongoose Web Server. @@ -1423,7 +1456,7 @@ To add AES-NI support add this option to ./configure You'll need GCC 4.4.3 or later to make use of the assembly. -*************** CyaSSL Release 1.5.0 (5/11/2010) +# CyaSSL Release 1.5.0 (5/11/2010) Release 1.5.0 for CyaSSL adds bug fixes, GoAhead WebServer support, sniffer support, and initial swig interface support. @@ -1442,79 +1475,87 @@ WinPcap on windows. A swig interface file is now located in the swig directory for using Python, Java, Perl, and others with CyaSSL. This is initial support and experimental, -please send questions or comments to support@wolfssl.com. +please send questions or comments to support@yassl.com. When doing load testing with CyaSSL, on the echoserver example say, the client machine may run out of tcp ephemeral ports, they will end up in the TIME_WAIT queue, and can't be reused by default. There are generally two ways to fix -this. 1) Reduce the length sockets remain on the TIME_WAIT queue or 2) Allow -items on the TIME_WAIT queue to be reused. +this. + +1. Reduce the length sockets remain on the TIME_WAIT queue OR +2. Allow items on the TIME_WAIT queue to be reused. To reduce the TIME_WAIT length in OS X to 3 seconds (3000 milliseconds) -sudo sysctl -w net.inet.tcp.msl=3000 +`sudo sysctl -w net.inet.tcp.msl=3000` In Linux -sudo sysctl -w net.ipv4.tcp_tw_reuse=1 +`sudo sysctl -w net.ipv4.tcp_tw_reuse=1` allows reuse of sockets in TIME_WAIT -sudo sysctl -w net.ipv4.tcp_tw_recycle=1 +`sudo sysctl -w net.ipv4.tcp_tw_recycle=1` works but seems to remove sockets from TIME_WAIT entirely? -sudo sysctl -w net.ipv4.tcp_fin_timeout=1 +`sudo sysctl -w net.ipv4.tcp_fin_timeout=1` doen't control TIME_WAIT, it controls FIN_WAIT(2) contrary to some posts -******************** CyaSSL Release 1.4.0 (2/18/2010) +# CyaSSL Release 1.4.0 (2/18/2010) Release 1.3.0 for CyaSSL adds bug fixes, better multi TLS/SSL version support through SSLv23_server_method(), and improved documentation in the doc/ folder. For general build instructions doc/Building_CyaSSL.pdf. -******************** CyaSSL Release 1.3.0 (1/21/2010) +# CyaSSL Release 1.3.0 (1/21/2010) Release 1.3.0 for CyaSSL adds bug fixes, a potential security problem fix, better porting support, removal of assert()s, and a complete THREADX port. For general build instructions see rc1 below. -******************** CyaSSL Release 1.2.0 (11/2/2009) +# CyaSSL Release 1.2.0 (11/2/2009) Release 1.2.0 for CyaSSL adds bug fixes and session negotiation if first use is read or write. For general build instructions see rc1 below. -******************** CyaSSL Release 1.1.0 (9/2/2009) +# CyaSSL Release 1.1.0 (9/2/2009) Release 1.1.0 for CyaSSL adds bug fixes, a check against malicious session cache use, support for lighttpd, and TLS 1.2. To get TLS 1.2 support please use the client and server functions: +```c SSL_METHOD *TLSv1_2_server_method(void); SSL_METHOD *TLSv1_2_client_method(void); +``` CyaSSL was tested against lighttpd 1.4.23. To build CyaSSL for use with lighttpd use the following commands from the CyaSSL install dir : +``` ./configure --disable-shared --enable-opensslExtra --enable-fastmath --without-zlib make make openssl-links +``` Then to build lighttpd with CyaSSL use the following commands from the lighttpd install dir: +``` ./configure --with-openssl --with-openssl-includes=/include --with-openssl-libs=/lib LDFLAGS=-lm make +``` On some systems you may get a linker error about a duplicate symbol for MD5_Init or other MD5 calls. This seems to be caused by the lighttpd src file @@ -1523,41 +1564,44 @@ When liblightcomp is linked with the SSL_LIBs the linker may complain about the duplicate symbol. This can be fixed by editing the lighttpd src file md5.c and adding this line to the beginning of the file: -#if 0 +\#if 0 and this line to the end of the file -#endif +\#endif Then from the lighttpd src dir do a: +``` make clean make - +``` If you get link errors about undefined symbols more than likely the actual OpenSSL libraries are found by the linker before the CyaSSL openssl-links that point to the CyaSSL library, causing the linker confusion. This can be fixed by editing the Makefile in the lighttpd src directory and changing the line: -SSL_LIB = -lssl -lcrypto +`SSL_LIB = -lssl -lcrypto` to -SSL_LIB = -lcyassl +`SSL_LIB = -lcyassl` Then from the lighttpd src dir do a: +``` make clean make +``` This should remove any confusion the linker may be having with missing symbols. -For any questions or concerns please contact support@wolfssl.com . +For any questions or concerns please contact support@yassl.com . For general build instructions see rc1 below. -******************CyaSSL Release 1.0.6 (8/03/2009) +# CyaSSL Release 1.0.6 (8/03/2009) Release 1.0.6 for CyaSSL adds bug fixes, an improved session cache, and faster math with a huge code option. @@ -1574,7 +1618,7 @@ the benchmark utility to compare public key operations. For general build instructions see rc1 below. -******************CyaSSL Release 1.0.3 (5/10/2009) +# CyaSSL Release 1.0.3 (5/10/2009) Release 1.0.3 for CyaSSL adds bug fixes and add increased support for OpenSSL compatibility when building other applications. @@ -1585,7 +1629,7 @@ aren't fully implemented at this time but will be for the next release. For general build instructions see rc1 below. -******************CyaSSL Release 1.0.2 (4/3/2009) +# CyaSSL Release 1.0.2 (4/3/2009) Release 1.0.2 for CyaSSL adds bug fixes for a couple I/O issues. Some systems will send a SIGPIPE on socket recv() at any time and this should be handled by @@ -1598,7 +1642,7 @@ aren't fully implemented at this time but will be for the next release. For general build instructions see rc1 below. -*****************CyaSSL Release Candidate 3 rc3-1.0.0 (2/25/2009) +## CyaSSL Release Candidate 3 rc3-1.0.0 (2/25/2009) Release Candidate 3 for CyaSSL 1.0.0 adds bug fixes and adds a project file for @@ -1609,36 +1653,42 @@ lost when cyassl i/o was re-implemented but is now fixed. For general build instructions see rc1 below. -*****************CyaSSL Release Candidate 2 rc2-1.0.0 (1/21/2009) +## CyaSSL Release Candidate 2 rc2-1.0.0 (1/21/2009) Release Candidate 2 for CyaSSL 1.0.0 adds bug fixes and adds two new stream ciphers along with their respective cipher suites. CyaSSL adds support for HC-128 and RABBIT stream ciphers. The new suites are: +``` TLS_RSA_WITH_HC_128_SHA TLS_RSA_WITH_RABBIT_SHA +``` And the corresponding cipher names are +``` HC128-SHA RABBIT-SHA +``` CyaSSL also adds support for building with devkitPro for PPC by changing the library proper to use libogc. The examples haven't been changed yet but if there's interest they can be. Here's an example ./configure to build CyaSSL for devkitPro: +``` ./configure --disable-shared CC=/pathTo/devkitpro/devkitPPC/bin/powerpc-gekko-gcc --host=ppc --without-zlib --enable-singleThreaded RANLIB=/pathTo/devkitpro/devkitPPC/bin/powerpc-gekko-ranlib CFLAGS="-DDEVKITPRO -DGEKKO" +``` For linking purposes you'll need -LDFLAGS="-g -mrvl -mcpu=750 -meabi -mhard-float -Wl,-Map,$(notdir $@).map" +`LDFLAGS="-g -mrvl -mcpu=750 -meabi -mhard-float -Wl,-Map,$(notdir $@).map"` For general build instructions see rc1 below. -********************CyaSSL Release Candidate 1 rc1-1.0.0 (12/17/2008) +## CyaSSL Release Candidate 1 rc1-1.0.0 (12/17/2008) Release Candidate 1 for CyaSSL 1.0.0 contains major internal changes. Several @@ -1649,40 +1699,40 @@ Many thanks to Thierry Fournier for providing these ideas and most of the work. Because of these changes, this release is only a candidate since some problems are probably inevitable on some platform with some I/O use. Please report any problems and we'll try to resolve them as soon as possible. You can contact us -at support@wolfssl.com or todd@wolfssl.com. +at support@yassl.com or todd@yassl.com. Using TomsFastMath by passing --enable-fastmath to ./configure now uses assembly on some platforms. This is new so please report any problems as every compiler, mode, OS combination hasn't been tested. On ia32 all of the registers need to be available so be sure to pass these options to CFLAGS: -CFLAGS="-O3 -fomit-frame-pointer" +`CFLAGS="-O3 -fomit-frame-pointer"` OS X will also need -mdynamic-no-pic added to CFLAGS Also if you're building in shared mode for ia32 you'll need to pass options to LDFLAGS as well on OS X: -LDFLAGS=-Wl,-read_only_relocs,warning +`LDFLAGS=-Wl,-read_only_relocs,warning` This gives warnings for some symbols but seems to work. ---To build on Linux, Solaris, *BSD, Mac OS X, or Cygwin: +#### To build on Linux, Solaris, *BSD, Mac OS X, or Cygwin: ./configure make from the ./testsuite/ directory run ./testsuite -to make a debug build: +#### To make a debug build: ./configure --enable-debug --disable-shared make ---To build on Win32 +#### To build on Win32 Choose (Re)Build All from the project workspace @@ -1692,7 +1742,7 @@ Run the testsuite program -*************************CyaSSL version 0.9.9 (7/25/2008) +# CyaSSL version 0.9.9 (7/25/2008) This release of CyaSSL adds bug fixes, Pre-Shared Keys, over-rideable memory handling, and optionally TomsFastMath. Thanks to Moisés Guimarães for the @@ -1707,12 +1757,12 @@ always seems to be faster. On x86-64 machines with GCC the normal math library may outperform the fast one when using CFLAGS=-m64 because TomsFastMath can't yet use -m64 because of GCCs inability to do 128bit division. - **** UPDATE GCC 4.2.1 can now do 128bit division *** + *** UPDATE GCC 4.2.1 can now do 128bit division *** See notes below (0.2.0) for complete build instructions. -****************CyaSSL version 0.9.8 (5/7/2008) +# CyaSSL version 0.9.8 (5/7/2008) This release of CyaSSL adds bug fixes, client side Diffie-Hellman, and better socket handling. @@ -1720,7 +1770,7 @@ socket handling. See notes below (0.2.0) for complete build instructions. -****************CyaSSL version 0.9.6 (1/31/2008) +# CyaSSL version 0.9.6 (1/31/2008) This release of CyaSSL adds bug fixes, increased session management, and a fix for gnutls. @@ -1728,7 +1778,7 @@ for gnutls. See notes below (0.2.0) for complete build instructions. -****************CyaSSL version 0.9.0 (10/15/2007) +# CyaSSL version 0.9.0 (10/15/2007) This release of CyaSSL adds bug fixes, MSVC 2005 support, GCC 4.2 support, IPV6 support and test, and new test certificates. @@ -1736,7 +1786,7 @@ IPV6 support and test, and new test certificates. See notes below (0.2.0) for complete build instructions. -****************CyaSSL version 0.8.0 (1/10/2007) +# CyaSSL version 0.8.0 (1/10/2007) This release of CyaSSL adds increased socket support, for non-blocking writes, connects, and interrupted system calls. @@ -1744,7 +1794,7 @@ connects, and interrupted system calls. See notes below (0.2.0) for complete build instructions. -****************CyaSSL version 0.6.3 (10/30/2006) +# CyaSSL version 0.6.3 (10/30/2006) This release of CyaSSL adds debug logging to stderr to aid in the debugging of CyaSSL on systems that may not provide the best support. @@ -1762,7 +1812,7 @@ To turn logging back off call CyaSSL_Debugging_OFF() See notes below (0.2.0) for complete build instructions. -*****************CyaSSL version 0.6.2 (10/29/2006) +# CyaSSL version 0.6.2 (10/29/2006) This release of CyaSSL adds TLS 1.1. @@ -1774,7 +1824,7 @@ CyaSSL_check_domain_name() to prevent man in the middle attacks. See notes below (0.2.0) for build instructions. -*****************CyaSSL version 0.6.0 (10/25/2006) +# CyaSSL version 0.6.0 (10/25/2006) This release of CyaSSL adds more SSL functions, better autoconf, nonblocking I/O for accept, connect, and read. There is now an --enable-small configure @@ -1784,7 +1834,7 @@ for the defines. Note that TLS requires HMAC and AES requires TLS. See notes below (0.2.0) for build instructions. -*****************CyaSSL version 0.5.5 (09/27/2006) +# CyaSSL version 0.5.5 (09/27/2006) This mini release of CyaSSL adds better input processing through buffered input and big message support. Added SSL_pending() and some sanity checks on user @@ -1793,28 +1843,28 @@ settings. See notes below (0.2.0) for build instructions. -*****************CyaSSL version 0.5.0 (03/27/2006) +# CyaSSL version 0.5.0 (03/27/2006) This release of CyaSSL adds AES support and minor bug fixes. See notes below (0.2.0) for build instructions. -*****************CyaSSL version 0.4.0 (03/15/2006) +# CyaSSL version 0.4.0 (03/15/2006) This release of CyaSSL adds TLSv1 client/server support and libtool. See notes below for build instructions. -*****************CyaSSL version 0.3.0 (02/26/2006) +# CyaSSL version 0.3.0 (02/26/2006) This release of CyaSSL adds SSLv3 server support and session resumption. See notes below for build instructions. -*****************CyaSSL version 0.2.0 (02/19/2006) +# CyaSSL version 0.2.0 (02/19/2006) This is the first release of CyaSSL and its crypt brother, CTaoCrypt. CyaSSL @@ -1830,21 +1880,21 @@ The first release of CyaSSL supports normal client RSA mode SSLv3 connections with support for SHA-1 and MD5 digests. Ciphers include 3DES and RC4. ---To build on Linux, Solaris, *BSD, Mac OS X, or Cygwin: +#### To build on Linux, Solaris, *BSD, Mac OS X, or Cygwin: ./configure make from the ./testsuite/ directory run ./testsuite -to make a debug build: +#### to make a debug build: ./configure --enable-debug --disable-shared make ---To build on Win32 +#### To build on Win32 Choose (Re)Build All from the project workspace @@ -1857,4 +1907,3 @@ compatibility functions. Please send questions or comments to todd@wolfssl.com - diff --git a/IDE/ARDUINO/README.md b/IDE/ARDUINO/README.md index b16d492e5..7376c026b 100644 --- a/IDE/ARDUINO/README.md +++ b/IDE/ARDUINO/README.md @@ -4,22 +4,23 @@ This is a shell script that will re-organize the wolfSSL library to be compatible with Arduino projects. The Arduino IDE requires a library's source files to be in the library's root directory with a header file in the name of -the library. This script moves all src/ files to the root wolfssl directory and -creates a stub header file called wolfssl.h. +the library. This script moves all src/ files to the `IDE/ARDUINO/wolfSSL` +directory and creates a stub header file called `wolfssl.h`. Step 1: To configure wolfSSL with Arduino, enter the following from within the wolfssl/IDE/ARDUINO directory: - ./wolfssl-arduino.sh + `./wolfssl-arduino.sh` -Step 2: Edit /wolfssl/wolfcrypt/settings.h uncomment the define for -WOLFSSL_ARDUINO +Step 2: Edit `/IDE/ARDUINO/wolfSSL/wolfssl/wolfcrypt/settings.h` uncomment the define for `WOLFSSL_ARDUINO` +If building for Intel Galileo platform also uncomment the define for `INTEL_GALILEO`. -also uncomment the define for INTEL_GALILEO if building for that platform - #####Including wolfSSL in Arduino Libraries (for Arduino version 1.6.6) -1. Copy the wolfSSL directory into Arduino/libraries (or wherever Arduino searches for libraries). -2. In the Arduino IDE: - - Go to ```Sketch > Include Libraries > Manage Libraries```. This refreshes your changes to the libraries. - - Next go to ```Sketch > Include Libraries > wolfSSL```. This includes wolfSSL in your sketch. + +1. In the Arduino IDE: + - In `Sketch -> Include Library -> Add .ZIP Library...` and choose the + `IDE/ARDUNIO/wolfSSL` folder. + - In `Sketch -> Include Library` choose wolfSSL. + +An example wolfSSL client INO sketch exists here: `sketches/wolfssl_client/wolfssl_client.ino` diff --git a/IDE/ARDUINO/sketches/wolfssl_client/wolfssl_client.ino b/IDE/ARDUINO/sketches/wolfssl_client/wolfssl_client.ino index 6d52690c2..879a19109 100644 --- a/IDE/ARDUINO/sketches/wolfssl_client/wolfssl_client.ino +++ b/IDE/ARDUINO/sketches/wolfssl_client/wolfssl_client.ino @@ -1,6 +1,6 @@ /* wolfssl_client.ino * - * Copyright (C) 2006-2016 wolfSSL Inc. + * Copyright (C) 2006-2018 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -142,4 +142,3 @@ void loop() { } delay(1000); } - diff --git a/IDE/ARDUINO/wolfssl-arduino.sh b/IDE/ARDUINO/wolfssl-arduino.sh index 4da3ff4b6..2d84f26c0 100755 --- a/IDE/ARDUINO/wolfssl-arduino.sh +++ b/IDE/ARDUINO/wolfssl-arduino.sh @@ -7,20 +7,29 @@ DIR=${PWD##*/} if [ "$DIR" = "ARDUINO" ]; then - cp ../../src/*.c ../../ - cp ../../wolfcrypt/src/*.c ../../ - echo "/* stub header file for Arduino compatibility */" >> ../../wolfssl.h + rm -rf wolfSSL + mkdir wolfSSL + + cp ../../src/*.c ./wolfSSL + cp ../../wolfcrypt/src/*.c ./wolfSSL + + mkdir wolfSSL/wolfssl + cp ../../wolfssl/*.h ./wolfSSL/wolfssl + mkdir wolfSSL/wolfssl/wolfcrypt + cp ../../wolfssl/wolfcrypt/*.h ./wolfSSL/wolfssl/wolfcrypt + + # support misc.c as include in wolfcrypt/src + mkdir ./wolfSSL/wolfcrypt + mkdir ./wolfSSL/wolfcrypt/src + cp ../../wolfcrypt/src/misc.c ./wolfSSL/wolfcrypt/src + + # put bio and evp as includes + mv ./wolfSSL/bio.c ./wolfSSL/wolfssl + mv ./wolfSSL/evp.c ./wolfSSL/wolfssl + + echo "/* Generated wolfSSL header file for Arduino */" >> ./wolfSSL/wolfssl.h + echo "#include " >> ./wolfSSL/wolfssl.h + echo "#include " >> ./wolfSSL/wolfssl.h else echo "ERROR: You must be in the IDE/ARDUINO directory to run this script" fi - -#UPDATED: 19 Apr 2017 to remove bio.c and evp.c from the root directory since -# they are included inline and should not be compiled directly - -ARDUINO_DIR=${PWD} -cd ../../ -rm bio.c -rm evp.c -cd $ARDUINO_DIR -# end script in the origin directory for any future functionality that may be added. -#End UPDATE: 19 Apr 2017 diff --git a/IDE/INTIME-RTOS/libwolfssl.vcxproj b/IDE/INTIME-RTOS/libwolfssl.vcxproj index 5fc200943..85bb1d783 100755 --- a/IDE/INTIME-RTOS/libwolfssl.vcxproj +++ b/IDE/INTIME-RTOS/libwolfssl.vcxproj @@ -27,7 +27,6 @@ - @@ -40,7 +39,6 @@ - @@ -192,12 +190,8 @@ Async - _USRDLL;WOLFSSL_DLL;BUILDING_WOLFSSL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + _USRDLL;WOLFSSL_DLL;BUILDING_WOLFSSL;WOLFSSL_USER_SETTINGS;_USE_64BIT_TIME_T;%(PreprocessorDefinitions) $(ProjectDir);$(ProjectDir)..\..\;%(AdditionalIncludeDirectories) - $(IntDir) - $(IntDir) - $(IntDir) - $(IntDir)vc$(PlatformToolsetVersion).pdb @@ -211,12 +205,8 @@ Async - _USRDLL;WOLFSSL_DLL;BUILDING_WOLFSSL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + _USRDLL;WOLFSSL_DLL;BUILDING_WOLFSSL;WOLFSSL_USER_SETTINGS;_USE_64BIT_TIME_T;%(PreprocessorDefinitions) $(ProjectDir);$(ProjectDir)..\..\;%(AdditionalIncludeDirectories) - $(IntDir) - $(IntDir) - $(IntDir) - $(IntDir)vc$(PlatformToolsetVersion).pdb diff --git a/IDE/INTIME-RTOS/wolfExamples.vcxproj b/IDE/INTIME-RTOS/wolfExamples.vcxproj index 81f82318e..81b1e6d4f 100755 --- a/IDE/INTIME-RTOS/wolfExamples.vcxproj +++ b/IDE/INTIME-RTOS/wolfExamples.vcxproj @@ -68,10 +68,6 @@ Async WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) $(ProjectDir);$(ProjectDir)..\..\;%(AdditionalIncludeDirectories) - $(IntDir) - $(IntDir) - $(IntDir)vc$(PlatformToolsetVersion).pdb - $(IntDir) @@ -88,10 +84,7 @@ Async WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) $(ProjectDir);$(ProjectDir)..\..\;%(AdditionalIncludeDirectories) - $(IntDir) - $(IntDir) $(IntDir)vc$(PlatformToolsetVersion).pdb - $(IntDir) diff --git a/IDE/Renesas/cs+/Projects/common/user_settings.h b/IDE/Renesas/cs+/Projects/common/user_settings.h index 5f2854334..c7133877d 100644 --- a/IDE/Renesas/cs+/Projects/common/user_settings.h +++ b/IDE/Renesas/cs+/Projects/common/user_settings.h @@ -44,3 +44,5 @@ #define HAVE_CURVE25519 #define CURVE25519_SMALL #define HAVE_ED25519 + +/* #define NO_WOLFSSL_STUB */ diff --git a/Makefile.am b/Makefile.am index d92dc4462..036401fbf 100644 --- a/Makefile.am +++ b/Makefile.am @@ -84,6 +84,7 @@ EXTRA_DIST+= wolfssl64.sln EXTRA_DIST+= valgrind-error.sh EXTRA_DIST+= gencertbuf.pl EXTRA_DIST+= README.md +EXTRA_DIST+= ChangeLog.md EXTRA_DIST+= LICENSING EXTRA_DIST+= INSTALL EXTRA_DIST+= IPP @@ -94,10 +95,6 @@ include wrapper/include.am include cyassl/include.am include wolfssl/include.am include certs/include.am -include certs/1024/include.am -include certs/crl/include.am -include certs/external/include.am -include certs/ocsp/include.am include doc/include.am include swig/include.am @@ -208,6 +205,3 @@ merge-clean: @find ./ | $(GREP) \.BASE | xargs rm -f @find ./ | $(GREP) \~$$ | xargs rm -f -dist-hook: - cp $(distdir)/wolfssl/options.h.in $(distdir)/wolfssl/options.h - diff --git a/NEWS b/NEWS deleted file mode 100644 index e69de29bb..000000000 diff --git a/README.md b/README.md index abe15739f..0c8c2d775 100644 --- a/README.md +++ b/README.md @@ -69,1820 +69,102 @@ before calling wolfSSL_new(); Though it's not recommended. * Added AES performance enhancements on AMD processors using Intel ASM instructions -# wolfSSL Release 3.14.0 (3/02/2018) +## Note 3 +``` +The enum values SHA, SHA256, SHA384, SHA512 are no longer available when +wolfSSL is built with --enable-opensslextra (OPENSSL_EXTRA) or with the macro +NO_OLD_SHA_NAMES. These names get mapped to the OpenSSL API for a single call +hash function. Instead the name WC_SHA, WC_SHA256, WC_SHA384 and WC_SHA512 +should be used for the enum name. +``` -Release 3.14.0 of wolfSSL embedded TLS has bug fixes and new features including: +# wolfSSL Release 3.15.0 (06/05/2018) -* TLS 1.3 draft 22 and 23 support added -* Additional unit tests for; SHA3, AES-CMAC, Ed25519, ECC, RSA-PSS, AES-GCM -* Many additions to the OpenSSL compatibility layer were made in this release. Some of these being enhancements to PKCS12, WOLFSSL_X509 use, WOLFSSL_EVP_PKEY, and WOLFSSL_BIO operations -* AVX1 and AVX2 performance improvements with ChaCha20 and Poly1305 -* Added i.MX CAAM driver support with Integrity OS support -* Improvements to logging with debugging, including exposing more API calls and adding options to reduce debugging code size -* Fix for signature type detection with PKCS7 RSA SignedData -* Public key call back functions added for DH Agree -* RSA-PSS API added for operating on non inline buffers (separate input and output buffers) -* API added for importing and exporting raw DSA parameters -* Updated DSA key generation to be FIPS 186-4 compliant -* Fix for wolfSSL_check_private_key when comparing ECC keys -* Support for AES Cipher Feedback(CFB) mode added -* Updated RSA key generation to be FIPS 186-4 compliant -* Update added for the ARM CMSIS software pack -* WOLFSSL_IGNORE_FILE_WARN macro added for avoiding build warnings when not working with autotools -* Performance improvements for AES-GCM with AVX1 and AVX2 -* Fix for possible memory leak on error case with wc_RsaKeyToDer function -* Make wc_PKCS7_PadData function available -* Updates made to building SGX on Linux -* STM32 hashing algorithm improvements including clock/power optimizations and auto detection of if SHA2 is supported -* Update static memory feature for FREERTOS use -* Reverse the order that certificates are compared during PKCS12 parse to account for case where multiple certificates have the same matching private key -* Update NGINX port to version 1.13.8 -* Support for HMAC-SHA3 added -* Added stricter ASN checks to enforce RFC 5280 rules. Thanks to the report from Professor Zhenhua Duan, Professor Cong Tian, and Ph.D candidate Chu Chen from Institute of Computing Theory and Technology (ICTT) of Xidian University. -* Option to have ecc_mul2add function public facing -* Getter function wc_PKCS7_GetAttributeValue added for PKCS7 attributes -* Macros NO_AES_128, NO_AES_192, NO_AES_256 added for AES key size selection at compile time -* Support for writing multiple organizations units (OU) and domain components (DC) with CSR and certificate creation -* Support for indefinite length BER encodings in PKCS7 -* Added API for additional validation of prime q in a public DH key -* Added support for RSA encrypt and decrypt without padding +Release 3.15.0 of wolfSSL embedded TLS has bug fixes and new features including: +* Support for TLS 1.3 Draft versions 23, 26 and 28. +* Add FIPS SGX support! +* Single Precision assembly code added for ARM and 64-bit ARM to enhance performance. +* Improved performance for Single Precision maths on 32-bit. +* Improved downgrade support for the TLS 1.3 handshake. +* Improved TLS 1.3 support from interoperability testing. +* Added option to allow TLS 1.2 to be compiled out to reduce size and enhance security. +* Added option to support Ed25519 in TLS 1.2 and 1.3. +* Update wolfSSL_HMAC_Final() so the length parameter is optional. +* Various fixes for Coverity static analysis reports. +* Add define to use internal struct timeval (USE_WOLF_TIMEVAL_T). +* Switch LowResTimer() to call XTIME instead of time(0) for better portability. +* Expanded OpenSSL compatibility layer with a bevy of new functions. +* Added Renesas CS+ project files. +* Align DH support with NIST SP 800-56A, add wc_DhSetKey_ex() for q parameter. +* Add build option for CAVP self test build (--enable-selftest). +* Expose mp_toradix() when WOLFSSL_PUBLIC_MP is defined. +* Example certificate expiration dates and generation script updated. +* Additional optimizations to trim out unused strings depending on build options. +* Fix for DN tag strings to have “=” when returning the string value to users. +* Fix for wolfSSL_ERR_get_error_line_data return value if no more errors are in the queue. +* Fix for AES-CBC IV value with PIC32 hardware acceleration. +* Fix for wolfSSL_X509_print with ECC certificates. +* Fix for strict checking on URI absolute vs relative path. +* Added crypto device framework to handle PK RSA/ECC operations using callbacks, which adds new build option `./configure --enable-cryptodev` or `WOLF_CRYPTO_DEV`. +* Added devId support to ECC and PKCS7 for hardware based private key. +* Fixes in PKCS7 for handling possible memory leak in some error cases. +* Added test for invalid cert common name when set with `wolfSSL_check_domain_name`. +* Refactor of the cipher suite names to use single array, which contains internal name, IANA name and cipher suite bytes. +* Added new function `wolfSSL_get_cipher_name_from_suite` for getting IANA cipher suite name using bytes. +* Fixes for fsanitize reports. +* Fix for openssl compatibility function `wolfSSL_RSA_verify` to check returned size. +* Fixes and improvements for FreeRTOS AWS. +* Fixes for building openssl compatibility with FreeRTOS. +* Fix and new test for handling match on domain name that may have a null terminator inside. +* Cleanup of the socket close code used for examples, CRL/OCSP and BIO to use single macro `CloseSocket`. +* Refactor of the TLSX code to support returning error codes. +* Added new signature wrapper functions `wc_SignatureVerifyHash` and `wc_SignatureGenerateHash` to allow direct use of hash. +* Improvement to GCC-ARM IDE example. +* Enhancements and cleanups for the ASN date/time code including new API's `wc_GetDateInfo`, `wc_GetCertDates` and `wc_GetDateAsCalendarTime`. +* Fixes to resolve issues with C99 compliance. Added build option `WOLF_C99` to force C99. +* Added a new `--enable-opensslall` option to enable all openssl compatibility features. +* Added new `--enable-webclient` option for enabling a few HTTP API's. +* Added new `wc_OidGetHash` API for getting the hash type from a hash OID. +* Moved `wolfSSL_CertPemToDer`, `wolfSSL_KeyPemToDer`, `wolfSSL_PubKeyPemToDer` to asn.c and renamed to `wc_`. Added backwards compatibility macro for old function names. +* Added new `WC_MAX_SYM_KEY_SIZE` macro for helping determine max key size. +* Added `--enable-enckeys` or (`WOLFSSL_ENCRYPTED_KEYS`) to enable support for encrypted PEM private keys using password callback without having to use opensslextra. +* Added ForceZero on the password buffer after done using it. +* Refactor unique hash types to use same internal values (ex WC_MD5 == WC_HASH_TYPE_MD5). +* Refactor the Sha3 types to use `wc_` naming, while retaining old names for compatibility. +* Improvements to `wc_PBKDF1` to support more hash types and the non-standard extra data option. +* Fix TLS 1.3 with ECC disabled and CURVE25519 enabled. +* Added new define `NO_DEV_URANDOM` to disable the use of `/dev/urandom`. +* Added `WC_RNG_BLOCKING` to indicate block w/sleep(0) is okay. +* Fix for `HAVE_EXT_CACHE` callbacks not being available without `OPENSSL_EXTRA` defined. +* Fix for ECC max bits `MAX_ECC_BITS` not always calculating correctly due to macro order. +* Added support for building and using PKCS7 without RSA (assuming ECC is enabled). +* Fixes and additions for Cavium Nitrox V to support ECC, AES-GCM and HMAC (SHA-224 and SHA3). +* Enabled ECC, AES-GCM and SHA-512/384 by default in (Linux and Windows) +* Added `./configure --enable-base16` and `WOLFSSL_BASE16` configuration option to enable Base16 API's. +* Improvements to ATECC508A support for building without `WOLFSSL_ATMEL` defined. +* Refactor IO callback function names to use `_CTX_` to eliminate confusion about the first parameter. +* Added support for not loading a private key for server or client when `HAVE_PK_CALLBACK` is defined and the private PK callback is set. +* Added new ECC API `wc_ecc_sig_size_calc` to return max signature size for a key size. +* Cleanup ECC point import/export code and added new API `wc_ecc_import_unsigned`. +* Fixes for handling OCSP with non-blocking. +* Added new PK (Primary Key) callbacks for the VerifyRsaSign. The new callbacks API's are `wolfSSL_CTX_SetRsaVerifySignCb` and `wolfSSL_CTX_SetRsaPssVerifySignCb`. +* Added new ECC API `wc_ecc_rs_raw_to_sig` to take raw unsigned R and S and encodes them into ECDSA signature format. +* Added support for `WOLFSSL_STM32F1`. +* Cleanup of the ASN X509 header/footer and XSTRNCPY logic. +* Add copyright notice to autoconf files. (Thanks Brian Aker!) +* Updated the M4 files for autotools. (Thanks Brian Aker!) +* Add support for the cipher suite TLS_DH_anon_WITH_AES256_GCM_SHA384 with test cases. (Thanks Thivya Ashok!) +* Add the TLS alert message unknown_psk_identity (115) from RFC 4279, section 2. (Thanks Thivya Ashok!) +* Fix the case when using TCP with timeouts with TLS. wolfSSL shall be agnostic to network socket behavior for TLS. (DTLS is another matter.) The functions `wolfSSL_set_using_nonblock()` and `wolfSSL_get_using_nonblock()` are deprecated. +* Hush the AR warning when building the static library with autotools. +* Hush the “-pthread” warning when building in some environments. +* Added a dist-hook target to the Makefile to reset the default options.h file. +* Removed the need for the darwin-clang.m4 file with the updates provided by Brian A. +* Renamed the AES assembly file so GCC on the Mac will build it using the preprocessor. +* Add a disable option (--disable-optflags) to turn off the default optimization flags so user may supply their own custom flags. +* Correctly touch the dummy fips.h header. +If you have questions on any of this, then email us at info@wolfssl.com. See INSTALL file for build instructions. More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html - - -# wolfSSL (Formerly CyaSSL) Release 3.13.0 (12/21/2017) - -wolfSSL 3.13.0 includes bug fixes and new features, including support for -TLS 1.3 Draft 21, performance and footprint optimizations, build fixes, -updated examples and project files, and one vulnerability fix. The full list -of changes and additions in this release include: - -* Fixes for TLS 1.3, support for Draft 21 -* TLS 1.0 disabled by default, addition of “--enable-tlsv10” configure option -* New option to reduce SHA-256 code size at expense of performance - (USE_SLOW_SHA256) -* New option for memory reduced build (--enable-lowresource) -* AES-GCM performance improvements on AVX1 (IvyBridge) and AVX2 -* SHA-256 and SHA-512 performance improvements using AVX1/2 ASM -* SHA-3 size and performance optimizations -* Fixes for Intel AVX2 builds on Mac/OSX -* Intel assembly for Curve25519, and Ed25519 performance optimizations -* New option to force 32-bit mode with “--enable-32bit” -* New option to disable all inline assembly with “--disable-asm” -* Ability to override maximum signature algorithms using WOLFSSL_MAX_SIGALGO -* Fixes for handling of unsupported TLS extensions. -* Fixes for compiling AES-GCM code with GCC 4.8.* -* Allow adjusting static I/O buffer size with WOLFMEM_IO_SZ -* Fixes for building without a filesystem -* Removes 3DES and SHA1 dependencies from PKCS#7 -* Adds ability to disable PKCS#7 EncryptedData type (NO_PKCS7_ENCRYPTED_DATA) -* Add ability to get client-side SNI -* Expanded OpenSSL compatibility layer -* Fix for logging file names with OpenSSL compatibility layer enabled, with - WOLFSSL_MAX_ERROR_SZ user-overridable -* Adds static memory support to the wolfSSL example client -* Fixes for sniffer to use TLS 1.2 client method -* Adds option to wolfCrypt benchmark to benchmark individual algorithms -* Adds option to wolfCrypt benchmark to display benchmarks in powers - of 10 (-base10) -* Updated Visual Studio for ARM builds (for ECC supported curves and SHA-384) -* Updated Texas Instruments TI-RTOS build -* Updated STM32 CubeMX build with fixes for SHA -* Updated IAR EWARM project files -* Updated Apple Xcode projects with the addition of a benchmark example project - -This release of wolfSSL fixes 1 security vulnerability. - -wolfSSL is cited in the recent ROBOT Attack by Böck, Somorovsky, and Young. -The paper notes that wolfSSL only gives a weak oracle without a practical -attack but this is still a flaw. This release contains a fix for this report. -Please note that wolfSSL has static RSA cipher suites disabled by default as -of version 3.6.6 because of the lack of perfect forward secrecy. Only users -who have explicitly enabled static RSA cipher suites with WOLFSSL_STATIC_RSA -and use those suites on a host are affected. More information will be -available on our website at: - -https://wolfssl.com/wolfSSL/security/vulnerabilities.php - -See INSTALL file for build instructions. -More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html - - -# wolfSSL (Formerly CyaSSL) Release 3.12.2 (10/23/2017) - -## Release 3.12.2 of wolfSSL has bug fixes and new features including: - -This release includes many performance improvements with Intel ASM (AVX/AVX2) and AES-NI. New single precision math option to speedup RSA, DH and ECC. Embedded hardware support has been expanded for STM32, PIC32MZ and ATECC508A. AES now supports XTS mode for disk encryption. Certificate improvements for setting serial number, key usage and extended key usage. Refactor of SSL_ and hash types to allow openssl coexistence. Improvements for TLS 1.3. Fixes for OCSP stapling to allow disable and WOLFSSL specific user context for callbacks. Fixes for openssl and MySQL compatibility. Updated Micrium port. Fixes for asynchronous modes. - -* Added TLS extension for Supported Point Formats (ec_point_formats) -* Fix to not send OCSP stapling extensions in client_hello when not enabled -* Added new API's for disabling OCSP stapling -* Add check for SIZEOF_LONG with sun and LP64 -* Fixes for various TLS 1.3 disable options (RSA, ECC and ED/Curve 25519). -* Fix to disallow upgrading to TLS v1.3 -* Fixes for wolfSSL_EVP_CipherFinal() when message size is a round multiple of a block size. -* Add HMAC benchmark and expanded AES key size benchmarks -* Added simple GCC ARM Makefile example -* Add tests for 3072-bit RSA and DH. -* Fixed DRAFT_18 define and fixed downgrading with TLS v1.3 -* Fixes to allow custom serial number during certificate generation -* Add method to get WOLFSSL_CTX certificate manager -* Improvement to `wolfSSL_SetOCSP_Cb` to allow context per WOLFSSL object -* Alternate certificate chain support `WOLFSSL_ALT_CERT_CHAINS`. Enables checking cert against multiple CA's. -* Added new `--disable-oldnames` option to allow for using openssl along-side wolfssl headers (without OPENSSL_EXTRA). -* Refactor SSL_ and hashing types to use wolf specific prefix (WOLFSSL and WC_) to allow openssl coexistence. -* Fixes for HAVE_INTEL_MULX -* Cleanup include paths for MySQL cmake build -* Added configure option for building library for wolfSSH (--enable-wolfssh) -* Openssl compatibility layer improvements -* Expanded API unit tests -* Fixes for STM32 crypto hardware acceleration -* Added AES XTS mode (--enable-xts) -* Added ASN Extended Key Usage Support (see wc_SetExtKeyUsage). -* Math updates and added TFM_MIPS speedup. -* Fix for creation of the KeyUsage BitString -* Fix for 8k keys with MySQL compatibility -* Fixes for ATECC508A. -* Fixes for PIC32MZ hashing. -* Fixes and improvements to asynchronous modes for Intel QuickAssist and Cavium Nitrox V. -* Update HASH_DRBG Reseed mechanism and add test case -* Rename the file io.h/io.c to wolfio.h/wolfio.c -* Cleanup the wolfIO_Send function. -* OpenSSL Compatibility Additions and Fixes -* Improvements to Visual Studio DLL project/solution. -* Added function to generate public ECC key from private key -* Added async blocking support for sniffer tool. -* Added wolfCrypt hash tests for empty string and large data. -* Added ability to use of wolf implementation of `strtok` using `USE_WOLF_STRTOK`. -* Updated Micrium uC/OS-III Port -* Updated root certs for OCSP scripts -* New Single Precision math option for RSA, DH and ECC (off by default). See `--enable-sp`. -* Speedups for AES GCM with AESNI (--enable-aesni) -* Speedups for SHA2, ChaCha20/Poly1035 using AVX/AVX2 - - -# wolfSSL (Formerly CyaSSL) Release 3.12.0 (8/04/2017) - -## Release 3.12.0 of wolfSSL has bug fixes and new features including: - -- TLS 1.3 with Nginx! TLS 1.3 with ARMv8! TLS 1.3 with Async Crypto! (--enable-tls13) -- TLS 1.3 0RTT feature added -- Added port for using Intel SGX with Linux -- Update and fix PIC32MZ port -- Additional unit testing for MD5, SHA, SHA224, SHA256, SHA384, SHA512, RipeMd, HMAC, 3DES, IDEA, ChaCha20, ChaCha20Poly1305 AEAD, Camellia, Rabbit, ARC4, AES, RSA, Hc128 -- AVX and AVX2 assembly for improved ChaCha20 performance -- Intel QAT fixes for when using --disable-fastmath -- Update how DTLS handles decryption and MAC failures -- Update DTLS session export version number for --enable-sessionexport feature -- Add additional input argument sanity checks to ARMv8 assembly port -- Fix for making PKCS12 dynamic types match -- Fixes for potential memory leaks when using --enable-fast-rsa -- Fix for when using custom ECC curves and add BRAINPOOLP256R1 test -- Update TI-RTOS port for dependency on new wolfSSL source files -- DTLS multicast feature added, --enable-mcast -- Fix for Async crypto with GCC 7.1 and HMAC when not using Intel QuickAssist -- Improvements and enhancements to Intel QuickAssist support -- Added Xilinx port -- Added SHA3 Keccak feature, --enable-sha3 -- Expand wolfSSL Python wrapper to now include a client side implementation -- Adjust example servers to not treat a peer closed error as a hard error -- Added more sanity checks to fp_read_unsigned_bin function -- Add SHA224 and AES key wrap to ARMv8 port -- Update MQX classics and mmCAU ports -- Fix for potential buffer over read with wolfSSL_CertPemToDer -- Add PKCS7/CMS decode support for KARI with IssuerAndSerialNumber -- Fix ThreadX/NetX warning -- Fixes for OCSP and CRL non blocking sockets and for incomplete cert chain with OCSP -- Added RSA PSS sign and verify -- Fix for STM32F4 AES-GCM -- Added enable all feature (--enable-all) -- Added trackmemory feature (--enable-trackmemory) -- Fixes for AES key wrap and PKCS7 on Windows VS -- Added benchmark block size argument -- Support use of staticmemory with PKCS7 -- Fix for Blake2b build with GCC 5.4 -- Fixes for compiling wolfSSL with GCC version 7, most dealing with switch statement fall through warnings. -- Added warning when compiling without hardened math operations - - -Note: -There is a known issue with using ChaCha20 AVX assembly on versions of GCC earlier than 5.2. This is encountered with using the wolfSSL enable options --enable-intelasm and --enable-chacha. To avoid this issue ChaCha20 can be enabled with --enable-chacha=noasm. -If using --enable-intelasm and also using --enable-sha224 or --enable-sha256 there is a known issue with trying to use -fsanitize=address. - -This release of wolfSSL fixes 1 low level security vulnerability. - -Low level fix for a potential DoS attack on a wolfSSL client. Previously a client would accept many warning alert messages without a limit. This fix puts a limit to the number of warning alert messages received and if this limit is reached a fatal error ALERT_COUNT_E is returned. The max number of warning alerts by default is set to 5 and can be adjusted with the macro WOLFSSL_ALERT_COUNT_MAX. Thanks for the report from Tarun Yadav and Koustav Sadhukhan from Defence Research and Development Organization, INDIA. - - -See INSTALL file for build instructions. -More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html - - -# wolfSSL (Formerly CyaSSL) Release 3.11.1 (5/11/2017) - -## Release 3.11.1 of wolfSSL is a TLS 1.3 BETA release, which includes: - -- TLS 1.3 client and server support for TLS 1.3 with Draft 18 support - -This is strictly a BETA release, and designed for testing and user feedback. -Please send any comments, testing results, or feedback to wolfSSL at -support@wolfssl.com. - -See INSTALL file for build instructions. -More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html - - -# wolfSSL (Formerly CyaSSL) Release 3.11.0 (5/04/2017) - -## Release 3.11.0 of wolfSSL has bug fixes and new features including: - -- Code updates for warnings reported by Coverity scans -- Testing and warning fixes for FreeBSD on PowerPC -- Updates and refactoring done to ASN1 parsing functions -- Change max PSK identity buffer to account for an identity length of 128 characters -- Update Arduino script to handle recent files and additions -- Added support for PKCS#7 Signed Data with ECDSA -- Fix for interoperability with ChaCha20-Poly1305 suites using older draft versions -- DTLS update to allow multiple handshake messages in one DTLS record. Thanks to Eric Samsel over at Welch Allyn for reporting this bug. -- Intel QuickAssist asynchronous support (PR #715 - https://www.wolfssl.com/wolfSSL/Blog/Entries/2017/1/18_wolfSSL_Asynchronous_Intel_QuickAssist_Support.html) -- Added support for HAproxy load balancer -- Added option to allow SHA1 with TLS 1.2 for IIS compatibility (WOLFSSL_ALLOW_TLS_SHA1) -- Added Curve25519 51-bit Implementation, increasing performance on systems that have 128 bit types -- Fix to not send session ID on server side if session cache is off unless we're echoing -session ID as part of session tickets -- Fixes for ensuring all default ciphers are setup correctly (see PR #830) -- Added NXP Hexiwear example in `IDE/HEXIWEAR`. -- Added wolfSSL_write_dup() to create write only WOLFSSL object for concurrent access -- Fixes for TLS elliptic curve selection on private key import. -- Fixes for RNG with Intel rdrand and rdseed speedups. -- Improved performance with Intel rdrand to use full 64-bit output -- Added new --enable-intelrand option to indicate use of RDRAND preference for RNG source -- Removed RNG ARC4 support -- Added ECC helpers to get size and id from curve name. -- Added ECC Cofactor DH (ECC-CDH) support -- Added ECC private key only import / export functions. -- Added PKCS8 create function -- Improvements to TLS layer CTX handling for switching keys / certs. -- Added check for duplicate certificate policy OID in certificates. -- Normal math speed-up to not allocate on mp_int and defer until mp_grow -- Reduce heap usage with fast math when not using ALT_ECC_SIZE -- Fixes for building CRL with Windows -- Added support for inline CRL lookup when HAVE_CRL_IO is defined -- Added port for tenAsys INtime RTOS -- Improvements to uTKernel port (WOLFSSL_uTKERNEL2) -- Updated WPA Supplicant support -- Added support for Nginx -- Update stunnel port for version 5.40 -- Fixes for STM32 hardware crypto acceleration -- Extended test code coverage in bundled test.c -- Added a sanity check for minimum authentication tag size with AES-GCM. Thanks to Yueh-Hsun Lin and Peng Li at KNOX Security at Samsung Research America for suggesting this. -- Added a sanity check that subject key identifier is marked as non-critical and a check that no policy OIDS appear more than once in the cert policies extension. Thanks to the report from Professor Zhenhua Duan, Professor Cong Tian, and Ph.D candidate Chu Chen from Institute of Computing Theory and Technology (ICTT) of Xidian University, China. Profs. Zhenhua Duan and Cong Tian are supervisors of Ph.D candidate Chu Chen. - -This release of wolfSSL fixes 5 low and 1 medium level security vulnerability. - -3 Low level fixes reported by Yueh-Hsun Lin and Peng Li from KNOX Security, Samsung Research America. -- Fix for out of bounds memory access in wc_DhParamsLoad() when GetLength() returns a zero. Before this fix there is a case where wolfSSL would read out of bounds memory in the function wc_DhParamsLoad. -- Fix for DH key accepted by wc_DhAgree when the key was malformed. -- Fix for a double free case when adding CA cert into X509_store. - -Low level fix for memory management with static memory feature enabled. By default static memory is disabled. Thanks to GitHub user hajjihraf for reporting this. - - -Low level fix for out of bounds write in the function wolfSSL_X509_NAME_get_text_by_NID. This function is not used by TLS or crypto operations but could result in a buffer out of bounds write by one if called explicitly in an application. Discovered by Aleksandar Nikolic of Cisco Talos. http://talosintelligence.com/vulnerability-reports/ - -Medium level fix for check on certificate signature. There is a case in release versions 3.9.10, 3.10.0 and 3.10.2 where a corrupted signature on a peer certificate would not be properly flagged. Thanks to Wens Lo, James Tsai, Kenny Chang, and Oscar Yang at Castles Technology. - - -See INSTALL file for build instructions. -More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html - - -# wolfSSL (Formerly CyaSSL) Release 3.10.2 (2/10/2017) - -## Release 3.10.2 of wolfSSL has bug fixes and new features including: - -- Poly1305 Windows macros fix. Thanks to GitHub user Jay Satiro -- Compatibility layer expanded with multiple functions added -- Improve fp_copy performance with ALT_ECC_SIZE -- OCSP updates and improvements -- Fixes for IAR EWARM 8 compiler warnings -- Reduce stack usage with ECC_CACHE_CURVE disabled -- Added ECC export raw for public and private key -- Fix for NO_ASN_TIME build -- Supported curves extensions now populated by default -- Add DTLS build without big integer math -- Fix for static memory feature with wc_ecc_verify_hash_ex and not SHAMIR -- Added PSK interoperability testing to script bundled with wolfSSL -- Fix for Python wrapper random number generation. Compiler optimizations with Python could place the random number in same buffer location each time. Thanks to GitHub user Erik Bray (embray) -- Fix for tests on unaligned memory with static memory feature -- Add macro WOLFSSL_NO_OCSP_OPTIONAL_CERTS to skip optional OCSP certificates -- Sanity checks on NULL arguments added to wolfSSL_set_fd and wolfSSL_DTLS_SetCookieSecret -- mp_jacobi stack use reduced, thanks to Szabi Tolnai for providing a solution to reduce stack usage - - -This release of wolfSSL fixes 2 low and 1 medium level security vulnerability. - -Low level fix of buffer overflow for when loading in a malformed temporary DH file. Thanks to Yueh-Hsun Lin and Peng Li from KNOX Security, Samsung Research America for the report. - -Medium level fix for processing of OCSP response. If using OCSP without hard faults enforced and no alternate revocation checks like OCSP stapling then it is recommended to update. - -Low level fix for potential cache attack on RSA operations. If using wolfSSL RSA on a server that other users can have access to monitor the cache, then it is recommended to update wolfSSL. Thanks to Andreas Zankl, Johann Heyszl and Georg Sigl at Fraunhofer AISEC for the initial report. - -See INSTALL file for build instructions. -More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html - - -# wolfSSL (Formerly CyaSSL) Release 3.10.0 (12/21/2016) - -## Release 3.10.0 of wolfSSL has bug fixes and new features including: - -- Added support for SHA224 -- Added scrypt feature -- Build for Intel SGX use, added in directory IDE/WIN-SGX -- Fix for ChaCha20-Poly1305 ECDSA certificate type request -- Enhance PKCS#7 with ECC enveloped data and AES key wrap support -- Added support for RIOT OS -- Add support for parsing PKCS#12 files -- ECC performance increased with custom curves -- ARMv8 expanded to AArch32 and performance increased -- Added ANSI-X9.63-KDF support -- Port to STM32 F2/F4 CubeMX -- Port to Atmel ATECC508A board -- Removed fPIE by default when wolfSSL library is compiled -- Update to Python wrapper, dropping DES and adding wc_RSASetRNG -- Added support for NXP K82 hardware acceleration -- Added SCR client and server verify check -- Added a disable rng option with autoconf -- Added more tests vectors to test.c with AES-CTR -- Updated DTLS session export version number -- Updated DTLS for 64 bit sequence numbers -- Fix for memory management with TI and WOLFSSL_SMALL_STACK -- Hardening RSA CRT to be constant time -- Fix uninitialized warning with IAR compiler -- Fix for C# wrapper example IO hang on unexpected connection termination - - -This release of wolfSSL fixes a low level security vulnerability. The vulnerability reported was a potential cache attack on RSA operations. If using wolfSSL RSA on a server that other users can have access to monitor the cache, then it is recommended to update wolfSSL. Thanks to Andreas Zankl, Johann Heyszl and Georg Sigl at Fraunhofer AISEC for the report. More information will be available on our site: - -https://wolfssl.com/wolfSSL/security/vulnerabilities.php - -See INSTALL file for build instructions. -More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html - - -# wolfSSL (Formerly CyaSSL) Release 3.9.10 (9/23/2016) - -## Release 3.9.10 of wolfSSL has bug fixes and new features including: - -- Default configure option changes: - 1. DES3 disabled by default - 2. ECC Supported Curves Extension enabled by default - 3. New option Extended Master Secret enabled by default -- Added checking CA certificate path length, and new test certs -- Fix to DSA pre padding and sanity check on R/S values -- Added CTX level RNG for single-threaded builds -- Intel RDSEED enhancements -- ARMv8 hardware acceleration support for AES-CBC/CTR/GCM, SHA-256 -- Arduino support updates -- Added the Extended Master Secret TLS extension - 1. Enabled by default in configure options, API to disable - 2. Added support for Extended Master Secret to sniffer -- OCSP fix with issuer key hash, lookup refactor -- Added support for Frosted OS -- Added support for DTLS over SCTP -- Added support for static memory with wolfCrypt -- Fix to ECC Custom Curve support -- Support for asynchronous wolfCrypt RSA and TLS client -- Added distribution build configure option -- Update the test certificates - -This release of wolfSSL fixes medium level security vulnerabilities. Fixes for -potential AES, RSA, and ECC side channel leaks is included that a local user -monitoring the same CPU core cache could exploit. VM users, hyper-threading -users, and users where potential attackers have access to the CPU cache will -need to update if they utilize AES, RSA private keys, or ECC private keys. -Thanks to Gorka Irazoqui Apecechea and Xiaofei Guo from Intel Corporation for -the report. More information will be available on our site: - -https://wolfssl.com/wolfSSL/security/vulnerabilities.php - -See INSTALL file for build instructions. -More info can be found on-line at https://wolfssl.com/wolfSSL/Docs.html - - -# wolfSSL (Formerly CyaSSL) Release 3.9.8 (7/29/2016) - -##Release 3.9.8 of wolfSSL has bug fixes and new features including: - -- Add support for custom ECC curves. -- Add cipher suite ECDHE-ECDSA-AES128-CCM. -- Add compkey enable option. This option is for compressed ECC keys. -- Add in the option to use test.h without gettimeofday function using the macro - WOLFSSL_USER_CURRTIME. -- Add RSA blinding for private key operations. Enable option of harden which is - on by default. This negates timing attacks. -- Add ECC and TLS support for all SECP, Koblitz and Brainpool curves. -- Add helper functions for static memory option to allow getting optimum buffer - sizes. -- Update DTLS behavior on bad MAC. DTLS silently drops packets with bad MACs now. -- Update fp_isprime function from libtom enchancement/cleanup repository. -- Update sanity checks on inputs and return values for AES-CMAC. -- Update wolfSSL for use with MYSQL v5.6.30. -- Update LPCXpresso eclipse project to not include misc.c when not needed. -- Fix retransmit of last DTLS flight with timeout notification. The last flight - is no longer retransmitted on timeout. -- Fixes to some code in math sections for compressed ECC keys. This includes - edge cases for buffer size on allocation and adjustments for compressed curves - build. The code and full list can be found on github with pull request #456. -- Fix function argument mismatch for build with secure renegotiation. -- X.509 bug fixes for reading in malformed certificates, reported by researchers - at Columbia University -- Fix GCC version 6 warning about hard tabs in poly1305.c. This was a warning - produced by GCC 6 trying to determine the intent of code. -- Fixes for static memory option. Including avoid potential race conditions with - counters, decrement handshake counter correctly. -- Fix anonymous cipher with Diffie Hellman on the server side. Was an issue of a - possible buffer corruption. For information and code see pull request #481. - - -- One high level security fix that requires an update for use with static RSA - cipher suites was submitted. This fix was the addition of RSA blinding for - private RSA operations. We recommend servers who allow static RSA cipher - suites to also generate new private RSA keys. Static RSA cipher suites are - turned off by default. - -See INSTALL file for build instructions. -More info can be found on-line at //http://wolfssl.com/wolfSSL/Docs.html - -# wolfSSL (Formerly CyaSSL) Release 3.9.6 (6/14/2016) - -##Release 3.9.6 of wolfSSL has bug fixes and new features including: - -- Add staticmemory feature -- Add public wc_GetTime API with base64encode feature -- Add AES CMAC algorithm -- Add DTLS sessionexport feature -- Add python wolfCrypt wrapper -- Add ECC encrypt/decrypt benchmarks -- Add dynamic session tickets -- Add eccshamir option -- Add Whitewood netRandom support --with-wnr -- Add embOS port -- Add minimum key size checks for RSA and ECC -- Add STARTTLS support to examples -- Add uTasker port -- Add asynchronous crypto and wolf event support -- Add compile check for misc.c with inline -- Add RNG benchmark -- Add reduction to stack usage with hash-based RNG -- Update STM32F2_CRYPTO port with additional algorithms supported -- Update MDK5 projects -- Update AES-NI -- Fix for STM32 with STM32F2_HASH defined -- Fix for building with MinGw -- Fix ECC math bugs with ALT_ECC_SIZE and key sizes over 256 bit (1) -- Fix certificate buffers github issue #422 -- Fix decrypt max size with RSA OAEP -- Fix DTLS sanity check with DTLS timeout notification -- Fix free of WOLFSSL_METHOD on failure to create CTX -- Fix memory leak in failure case with wc_RsaFunction (2) - -- No high level security fixes that requires an update though we always -recommend updating to the latest -- (1) Code changes for ECC fix can be found at pull requests #411, #416, and #428 -- (2) Builds using RSA with using normal math and not RSA_LOW_MEM should update - -See INSTALL file for build instructions. -More info can be found on-line at //http://wolfssl.com/wolfSSL/Docs.html - -# wolfSSL (Formerly CyaSSL) Release 3.9.0 (03/18/2016) - -##Release 3.9.0 of wolfSSL has bug fixes and new features including: - -- Add new leantls configuration -- Add RSA OAEP padding at wolfCrypt level -- Add Arduino port and example client -- Add fixed point DH operation -- Add CUSTOM_RAND_GENRATE_SEED_OS and CUSTOM_RAND_GENERATE_BLOCK -- Add ECDHE-PSK cipher suites -- Add PSK ChaCha20-Poly1305 cipher suites -- Add option for fail on no peer cert except PSK suites -- Add port for Nordic nRF51 -- Add additional ECC NIST test vectors for 256, 384 and 521 -- Add more granular ECC, Ed25519/Curve25519 and AES configs -- Update to ChaCha20-Poly1305 -- Update support for Freescale KSDK 1.3.0 -- Update DER buffer handling code, refactoring and reducing memory -- Fix to AESNI 192 bit key expansion -- Fix to C# wrapper character encoding -- Fix sequence number issue with DTLS epoch 0 messages -- Fix RNGA with K64 build -- Fix ASN.1 X509 V3 certificate policy extension parsing -- Fix potential free of uninitialized RSA key in asn.c -- Fix potential underflow when using ECC build with FP_ECC -- Fixes for warnings in Visual Studio 2015 build - -- No high level security fixes that requires an update though we always -recommend updating to the latest -- FP_ECC is off by default, users with it enabled should update for the zero -sized hash fix - -See INSTALL file for build instructions. -More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html - -# wolfSSL (Formerly CyaSSL) Release 3.8.0 (12/30/2015) - -##Release 3.8.0 of wolfSSL has bug fixes and new features including: - -- Example client/server with VxWorks -- AESNI use with AES-GCM -- Stunnel compatibility enhancements -- Single shot hash and signature/verify API added -- Update cavium nitrox port -- LPCXpresso IDE support added -- C# wrapper to support wolfSSL use by a C# program -- (BETA version)OCSP stapling added -- Update OpenSSH compatibility -- Improve DTLS handshake when retransmitting finished message -- fix idea_mult() for 16 and 32bit systems -- fix LowResTimer on Microchip ports - -- No high level security fixes that requires an update though we always -recommend updating to the latest - -See INSTALL file for build instructions. -More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html - -# wolfSSL (Formerly CyaSSL) Release 3.7.0 (10/26/2015) - -##Release 3.7.0 of wolfSSL has bug fixes and new features including: - -- ALPN extension support added for HTTP2 connections with --enable-alpn -- Change of example/client/client max fragment flag -L -> -F -- Throughput benchmarking, added scripts/benchmark.test -- Sniffer API ssl_FreeDecodeBuffer added -- Addition of AES_GCM to Sniffer -- Sniffer change to handle unlimited decrypt buffer size -- New option for the sniffer where it will try to pick up decoding after a - sequence number acknowldgement fault. Also includes some additional stats. -- JNI API setter and getter function for jobject added -- User RSA crypto plugin abstraction. An example placed in wolfcrypt/user-crypto -- fix to asn configuration bug -- AES-GCM/CCM fixes. -- Port for Rowley added -- Rowley Crossworks bare metal examples added -- MDK5-ARM project update -- FreeRTOS support updates. -- VXWorks support updates. -- Added the IDEA cipher and support in wolfSSL. -- Update wolfSSL website CA. -- CFLAGS is usable when configuring source. - -- No high level security fixes that requires an update though we always -recommend updating to the latest - -See INSTALL file for build instructions. -More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html - -#wolfSSL (Formerly CyaSSL) Release 3.6.8 (09/17/2015) - -##Release 3.6.8 of wolfSSL fixes two high severity vulnerabilities. -##It also includes bug fixes and new features including: - -- Two High level security fixes, all users SHOULD update. - a) If using wolfSSL for DTLS on the server side of a publicly accessible - machine you MUST update. - b) If using wolfSSL for TLS on the server side with private RSA keys allowing - ephemeral key exchange without low memory optimziations you MUST update and - regenerate the private RSA keys. - - Please see https://www.wolfssl.com/wolfSSL/Blog/Blog.html for more details - -- No filesystem build fixes for various configurations -- Certificate generation now supports several extensions including KeyUsage, - SKID, AKID, and Ceritifcate Policies -- CRLs can be loaded from buffers as well as files now -- SHA-512 Ceritifcate Signing generation -- Fixes for sniffer reassembly processing - -See INSTALL file for build instructions. -More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html - -#wolfSSL (Formerly CyaSSL) Release 3.6.6 (08/20/2015) - -##Release 3.6.6 of wolfSSL has bug fixes and new features including: - -- OpenSSH compatibility with --enable-openssh -- stunnel compatibility with --enable-stunnel -- lighttpd compatibility with --enable-lighty -- SSLv3 is now disabled by default, can be enabled with --enable-sslv3 -- Ephemeral key cipher suites only are now supported by default - To enable static ECDH cipher suites define WOLFSSL_STATIC_DH - To enable static RSA cipher suites define WOLFSSL_STATIC_RSA - To enable static PSK cipher suites define WOLFSSL_STATIC_PSK -- Added QSH (quantum-safe handshake) extension with --enable-ntru -- SRP is now part of wolfCrypt, enable with --enabe-srp -- Certificate handshake messages can now be sent fragmented if the record - size is smaller than the total message size, no user action required. -- DTLS duplicate message fixes -- Visual Studio project files now support DLL and static builds for 32/64bit. -- Support for new Freesacle I/O -- FreeRTOS FIPS support - -- No high level security fixes that requires an update though we always - recommend updating to the latest - -See INSTALL file for build instructions. -More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html - - -#wolfSSL (Formerly CyaSSL) Release 3.6.0 (06/19/2015) - -##Release 3.6.0 of wolfSSL has bug fixes and new features including: - -- Max Strength build that only allows TLSv1.2, AEAD ciphers, and PFS (Perfect - Forward Secrecy). With --enable-maxstrength -- Server side session ticket support, the example server and echosever use the - example callback myTicketEncCb(), see wolfSSL_CTX_set_TicketEncCb() -- FIPS version submitted for iOS. -- TI Crypto Hardware Acceleration -- DTLS fragmentation fixes -- ECC key check validation with wc_ecc_check_key() -- 32bit code options to reduce memory for Curve25519 and Ed25519 -- wolfSSL JNI build switch with --enable-jni -- PicoTCP support improvements -- DH min ephemeral key size enforcement with wolfSSL_CTX_SetMinDhKey_Sz() -- KEEP_PEER_CERT and AltNames can now be used together -- ChaCha20 big endian fix -- SHA-512 signature algorithm support for key exchange and verify messages -- ECC make key crash fix on RNG failure, ECC users must update. -- Improvements to usage of time code. -- Improvements to VS solution files. -- GNU Binutils 2.24 ld has problems with some debug builds, to fix an ld error - add -fdebug-types-section to C_EXTRA_FLAGS - -- No high level security fixes that requires an update though we always - recommend updating to the latest (except note 14, ecc RNG failure) - -See INSTALL file for build instructions. -More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html - - -#wolfSSL (Formerly CyaSSL) Release 3.4.8 (04/06/2015) - -##Release 3.4.8 of wolfSSL has bug fixes and new features including: - -- FIPS version submitted for iOS. -- Max Strength build that only allows TLSv1.2, AEAD ciphers, and PFS. -- Improvements to usage of time code. -- Improvements to VS solution files. - -See INSTALL file for build instructions. -More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html - - -#wolfSSL (Formerly CyaSSL) Release 3.4.6 (03/30/2015) - -##Release 3.4.6 of wolfSSL has bug fixes and new features including: - -- Intel Assembly Speedups using instructions rdrand, rdseed, aesni, avx1/2, - rorx, mulx, adox, adcx . They can be enabled with --enable-intelasm. - These speedup the use of RNG, SHA2, and public key algorithms. -- Ed25519 support at the crypto level. Turn on with --enable-ed25519. Examples - in wolcrypt/test/test.c ed25519_test(). -- Post Handshake Memory reductions. wolfSSL can now hold less than 1,000 bytes - of memory per secure connection including cipher state. -- wolfSSL API and wolfCrypt API fixes, you can still include the cyassl and - ctaocrypt headers which will enable the compatibility APIs for the - foreseeable future -- INSTALL file to help direct users to build instructions for their environment -- For ECC users with the normal math library a fix that prevents a crash when - verify signature fails. Users of 3.4.0 with ECC and the normal math library - must update -- RC4 is now disabled by default in autoconf mode -- AES-GCM and ChaCha20/Poly1305 are now enabled by default to make AEAD ciphers - available without a switch -- External ChaCha-Poly AEAD API, thanks to Andrew Burks for the contribution -- DHE-PSK cipher suites can now be built without ASN or Cert support -- Fix some NO MD5 build issues with optional features -- Freescale CodeWarrior project updates -- ECC curves can be individually turned on/off at build time. -- Sniffer handles Cert Status message and other minor fixes -- SetMinVersion() at the wolfSSL Context level instead of just SSL session level - to allow minimum protocol version allowed at runtime -- RNG failure resource cleanup fix - -- No high level security fixes that requires an update though we always - recommend updating to the latest (except note 6 use case of ecc/normal math) - -See INSTALL file for build instructions. -More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html - - -#wolfSSL (Formerly CyaSSL) Release 3.4.0 (02/23/2015) - -## Release 3.4.0 wolfSSL has bug fixes and new features including: - -- wolfSSL API and wolfCrypt API, you can still include the cyassl and ctaocrypt - headers which will enable the compatibility APIs for the foreseeable future -- Example use of the wolfCrypt API can be found in wolfcrypt/test/test.c -- Example use of the wolfSSL API can be found in examples/client/client.c -- Curve25519 now supported at the wolfCrypt level, wolfSSL layer coming soon -- Improvements in the build configuration under AIX -- Microchip Pic32 MZ updates -- TIRTOS updates -- PowerPC updates -- Xcode project update -- Bidirectional shutdown examples in client/server with -w (wait for full - shutdown) option -- Cycle counts on benchmarks for x86_64, more coming soon -- ALT_ECC_SIZE for reducing ecc heap use with fastmath when also using large RSA - keys -- Various compile warnings -- Scan-build warning fixes -- Changed a memcpy to memmove in the sniffer (if using sniffer please update) -- No high level security fixes that requires an update though we always - recommend updating to the latest - - -# CyaSSL Release 3.3.0 (12/05/2014) - -- Countermeasuers for Handshake message duplicates, CHANGE CIPHER without - FINISHED, and fast forward attempts. Thanks to Karthikeyan Bhargavan from - the Prosecco team at INRIA Paris-Rocquencourt for the report. -- FIPS version submitted -- Removes SSLv2 Client Hello processing, can be enabled with OLD_HELLO_ALLOWED -- User can set mimimum downgrade version with CyaSSL_SetMinVersion() -- Small stack improvements at TLS/SSL layer -- TLS Master Secret generation and Key Expansion are now exposed -- Adds client side Secure Renegotiation, * not recommended * -- Client side session ticket support, not fully tested with Secure Renegotiation -- Allows up to 4096bit DHE at TLS Key Exchange layer -- Handles non standard SessionID sizes in Hello Messages -- PicoTCP Support -- Sniffer now supports SNI Virtual Hosts -- Sniffer now handles non HTTPS protocols using STARTTLS -- Sniffer can now parse records with multiple messages -- TI-RTOS updates -- Fix for ColdFire optimized fp_digit read only in explicit 32bit case -- ADH Cipher Suite ADH-AES128-SHA for EAP-FAST - -The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - -# CyaSSL Release 3.2.0 (09/10/2014) - -#### Release 3.2.0 CyaSSL has bug fixes and new features including: - -- ChaCha20 and Poly1305 crypto and suites -- Small stack improvements for OCSP, CRL, TLS, DTLS -- NTRU Encrypt and Decrypt benchmarks -- Updated Visual Studio project files -- Updated Keil MDK5 project files -- Fix for DTLS sequence numbers with GCM/CCM -- Updated HashDRBG with more secure struct declaration -- TI-RTOS support and example Code Composer Studio project files -- Ability to get enabled cipher suites, CyaSSL_get_ciphers() -- AES-GCM/CCM/Direct support for Freescale mmCAU and CAU -- Sniffer improvement checking for decrypt key setup -- Support for raw ECC key import -- Ability to convert ecc_key to DER, EccKeyToDer() -- Security fix for RSA Padding check vulnerability reported by Intel Security - Advanced Threat Research team - -The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - -# CyaSSL Release 3.1.0 (07/14/2014) - -#### Release 3.1.0 CyaSSL has bug fixes and new features including: - -- Fix for older versions of icc without 128-bit type -- Intel ASM syntax for AES-NI -- Updated NTRU support, keygen benchmark -- FIPS check for minimum required HMAC key length -- Small stack (--enable-smallstack) improvements for PKCS#7, ASN -- TLS extension support for DTLS -- Default I/O callbacks external to user -- Updated example client with bad clock test -- Ability to set optional ECC context info -- Ability to enable/disable DH separate from opensslextra -- Additional test key/cert buffers for CA and server -- Updated example certificates - -The CyaSSL manual is available at: -http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - -# CyaSSL Release 3.0.2 (05/30/2014) - -#### Release 3.0.2 CyaSSL has bug fixes and new features including: - -- Added the following cipher suites: - * TLS_PSK_WITH_AES_128_GCM_SHA256 - * TLS_PSK_WITH_AES_256_GCM_SHA384 - * TLS_PSK_WITH_AES_256_CBC_SHA384 - * TLS_PSK_WITH_NULL_SHA384 - * TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 - * TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 - * TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 - * TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 - * TLS_DHE_PSK_WITH_NULL_SHA256 - * TLS_DHE_PSK_WITH_NULL_SHA384 - * TLS_DHE_PSK_WITH_AES_128_CCM - * TLS_DHE_PSK_WITH_AES_256_CCM -- Added AES-NI support for Microsoft Visual Studio builds. -- Changed small stack build to be disabled by default. -- Updated the Hash DRBG and provided a configure option to enable. - -The CyaSSL manual is available at: -http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - -# CyaSSL Release 3.0.0 (04/29/2014) - -#### Release 3.0.0 CyaSSL has bug fixes and new features including: - -- FIPS release candidate -- X.509 improvements that address items reported by Suman Jana with security - researchers at UT Austin and UC Davis -- Small stack size improvements, --enable-smallstack. Offloads large local - variables to the heap. (Note this is not complete.) -- Updated AES-CCM-8 cipher suites to use approved suite numbers. - -The CyaSSL manual is available at: -http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - -# CyaSSL Release 2.9.4 (04/09/2014) - -#### Release 2.9.4 CyaSSL has bug fixes and new features including: - -- Security fixes that address items reported by Ivan Fratric of the Google - Security Team -- X.509 Unknown critical extensions treated as errors, report by Suman Jana with - security researchers at UT Austin and UC Davis -- Sniffer fixes for corrupted packet length and Jumbo frames -- ARM thumb mode assembly fixes -- Xcode 5.1 support including new clang -- PIC32 MZ hardware support -- CyaSSL Object has enough room to read the Record Header now w/o allocs -- FIPS wrappers for AES, 3DES, SHA1, SHA256, SHA384, HMAC, and RSA. -- A sample I/O pool is demonstrated with --enable-iopool to overtake memory - handling and reduce memory fragmentation on I/O large sizes - -The CyaSSL manual is available at: -http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - -# CyaSSL Release 2.9.0 (02/07/2014) - -#### Release 2.9.0 CyaSSL has bug fixes and new features including: -- Freescale Kinetis RNGB support -- Freescale Kinetis mmCAU support -- TLS Hello extensions - - ECC - - Secure Renegotiation (null) - - Truncated HMAC -- SCEP support - - PKCS #7 Enveloped data and signed data - - PKCS #10 Certificate Signing Request generation -- DTLS sliding window -- OCSP Improvements - - API change to integrate into Certificate Manager - - IPv4/IPv6 agnostic - - example client/server support for OCSP - - OCSP nonces are optional -- GMAC hashing -- Windows build additions -- Windows CYGWIN build fixes -- Updated test certificates -- Microchip MPLAB Harmony support -- Update autoconf scripts -- Additional X.509 inspection functions -- ECC encrypt/decrypt primitives -- ECC Certificate generation - -The Freescale Kinetis K53 RNGB documentation can be found in Chapter 33 of the -K53 Sub-Family Reference Manual: -http://cache.freescale.com/files/32bit/doc/ref_manual/K53P144M100SF2RM.pdf - -Freescale Kinetis K60 mmCAU (AES, DES, 3DES, MD5, SHA, SHA256) documentation -can be found in the "ColdFire/ColdFire+ CAU and Kinetis mmCAU Software Library -User Guide": -http://cache.freescale.com/files/32bit/doc/user_guide/CAUAPIUG.pdf - - -# CyaSSL Release 2.8.0 (8/30/2013) - -#### Release 2.8.0 CyaSSL has bug fixes and new features including: -- AES-GCM and AES-CCM use AES-NI -- NetX default IO callback handlers -- IPv6 fixes for DTLS Hello Cookies -- The ability to unload Certs/Keys after the handshake, CyaSSL_UnloadCertsKeys() -- SEP certificate extensions -- Callback getters for easier resource freeing -- External CYASSL_MAX_ERROR_SZ for correct error buffer sizing -- MacEncrypt and DecryptVerify Callbacks for User Atomic Record Layer Processing -- Public Key Callbacks for ECC and RSA -- Client now sends blank cert upon request if doesn't have one with TLS <= 1.2 - - -The CyaSSL manual is available at: -http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - -# CyaSSL Release 2.7.0 (6/17/2013) - -#### Release 2.7.0 CyaSSL has bug fixes and new features including: -- SNI support for client and server -- KEIL MDK-ARM projects -- Wildcard check to domain name match, and Subject altnames are checked too -- Better error messages for certificate verification errors -- Ability to discard session during handshake verify -- More consistent error returns across all APIs -- Ability to unload CAs at the CTX or CertManager level -- Authority subject id support for Certificate matching -- Persistent session cache functionality -- Persistent CA cache functionality -- Client session table lookups to push serverID table to library level -- Camellia support to sniffer -- User controllable settings for DTLS timeout values -- Sniffer fixes for caching long lived sessions -- DTLS reliability enhancements for the handshake -- Better ThreadX support - -When compiling with Mingw, libtool may give the following warning due to -path conversion errors: - -``` -libtool: link: Could not determine host file name corresponding to ** -libtool: link: Continuing, but uninstalled executables may not work. -``` - -If so, examples and testsuite will have problems when run, showing an -error while loading shared libraries. To resolve, please run "make install". - -The CyaSSL manual is available at: -http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - -# CyaSSL Release 2.6.0 (04/15/2013) - -#### Release 2.6.0 CyaSSL has bug fixes and new features including: -- DTLS 1.2 support including AEAD ciphers -- SHA-3 finalist Blake2 support, it's fast and uses little resources -- SHA-384 cipher suites including ECC ones -- HMAC now supports SHA-512 -- Track memory use for example client/server with -t option -- Better IPv6 examples with --enable-ipv6, before if ipv6 examples/tests were - turned on, localhost only was used. Now link-local (with scope ids) and ipv6 - hosts can be used as well. -- Xcode v4.6 project for iOS v6.1 update -- settings.h is now checked in all *.c files for true one file setting detection -- Better alignment at SSL layer for hardware crypto alignment needs - * Note, SSL itself isn't friendly to alignment with 5 byte TLS headers and - 13 bytes DTLS headers, but every effort is now made to align with the - CYASSL_GENERAL_ALIGNMENT flag which sets desired alignment requirement -- NO_64BIT flag to turn off 64bit data type accumulators in public key code - * Note, some systems are faster with 32bit accumulators -- --enable-stacksize for example client/server stack use - * Note, modern desktop Operating Systems may add bytes to each stack frame -- Updated compression/decompression with direct crypto access -- All ./configure options are now lowercase only for consistency -- ./configure builds default to fastmath option - * Note, if on ia32 and building in shared mode this may produce a problem - with a missing register being available because of PIC, there are at least - 6 solutions to this: - 1) --disable-fastmath , don't use fastmath - 2) --disable-shared, don't build a shared library - 3) C_EXTRA_FLAGS=-DTFM_NO_ASM , turn off assembly use - 4) use clang, it just seems to work - 5) play around with no PIC options to force all registers being open, - e.g., --without-pic - 6) if static lib is still a problem try removing fPIE -- Many new ./configure switches for option enable/disable for example - * rsa - * dh - * dsa - * md5 - * sha - * arc4 - * null (allow NULL ciphers) - * oldtls (only use TLS 1.2) - * asn (no certs or public keys allowed) -- ./configure generates cyassl/options.h which allows a header the user can - include in their app to make sure the same options are set at the app and - CyaSSL level. -- autoconf no longer needs serial-tests which lowers version requirements of - automake to 1.11 and autoconf to 2.63 - -The CyaSSL manual is available at: -http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - - -# CyaSSL Release 2.5.0 (02/04/2013) - -#### Release 2.5.0 CyaSSL has bug fixes and new features including: -- Fix for TLS CBC padding timing attack identified by Nadhem Alfardan and - Kenny Paterson: http://www.isg.rhul.ac.uk/tls/ -- Microchip PIC32 (MIPS16, MIPS32) support -- Microchip MPLAB X example projects for PIC32 Ethernet Starter Kit -- Updated CTaoCrypt benchmark app for embedded systems -- 1024-bit test certs/keys and cert/key buffers -- AES-CCM-8 crypto and cipher suites -- Camellia crypto and cipher suites -- Bumped minimum autoconf version to 2.65, automake version to 1.12 -- Addition of OCSP callbacks -- STM32F2 support with hardware crypto and RNG -- Cavium NITROX support - -CTaoCrypt now has support for the Microchip PIC32 and has been tested with -the Microchip PIC32 Ethernet Starter Kit, the XC32 compiler and -MPLAB X IDE in both MIPS16 and MIPS32 instruction set modes. See the README -located under the /mplabx directory for more details. - -To add Cavium NITROX support do: - -./configure --with-cavium=/home/user/cavium/software - -pointing to your licensed cavium/software directory. Since Cavium doesn't -build a library we pull in the cavium_common.o file which gives a libtool -warning about the portability of this. Also, if you're using the github source -tree you'll need to remove the -Wredundant-decls warning from the generated -Makefile because the cavium headers don't conform to this warning. Currently -CyaSSL supports Cavium RNG, AES, 3DES, RC4, HMAC, and RSA directly at the crypto -layer. Support at the SSL level is partial and currently just does AES, 3DES, -and RC4. RSA and HMAC are slower until the Cavium calls can be utilized in non -blocking mode. The example client turns on cavium support as does the crypto -test and benchmark. Please see the HAVE_CAVIUM define. - -CyaSSL is able to use the STM32F2 hardware-based cryptography and random number -generator through the STM32F2 Standard Peripheral Library. For necessary -defines, see the CYASSL_STM32F2 define in settings.h. Documentation for the -STM32F2 Standard Peripheral Library can be found in the following document: -http://www.st.com/internet/com/TECHNICAL_RESOURCES/TECHNICAL_LITERATURE/USER_MANUAL/DM00023896.pdf - -The CyaSSL manual is available at: -http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - - -# CyaSSL Release 2.4.6 (12/20/2012) - -#### Release 2.4.6 CyaSSL has bug fixes and a few new features including: -- ECC into main version -- Lean PSK build (reduced code size, RAM usage, and stack usage) -- FreeBSD CRL monitor support -- CyaSSL_peek() -- CyaSSL_send() and CyaSSL_recv() for I/O flag setting -- CodeWarrior Support -- MQX Support -- Freescale Kinetis support including Hardware RNG -- autoconf builds use jobserver -- cyassl-config -- Sniffer memory reductions - -Thanks to Brian Aker for the improved autoconf system, make rpm, cyassl-config, -warning system, and general good ideas for improving CyaSSL! - -The Freescale Kinetis K70 RNGA documentation can be found in Chapter 37 of the -K70 Sub-Family Reference Manual: -http://cache.freescale.com/files/microcontrollers/doc/ref_manual/K70P256M150SF3RM.pdf - -The CyaSSL manual is available at: -http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - -# CyaSSL Release 2.4.0 (10/10/2012) - -#### Release 2.4.0 CyaSSL has bug fixes and a few new features including: -- DTLS reliability -- Reduced memory usage after handshake -- Updated build process - -The CyaSSL manual is available at: -http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - - -# CyaSSL Release 2.3.0 (8/10/2012) - -#### Release 2.3.0 CyaSSL has bug fixes and a few new features including: -- AES-GCM crypto and cipher suites -- make test cipher suite checks -- Subject AltName processing -- Command line support for client/server examples -- Sniffer SessionTicket support -- SHA-384 cipher suites -- Verify cipher suite validity when user overrides -- CRL dir monitoring -- DTLS Cookie support, reliability coming soon - -The CyaSSL manual is available at: -http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - - -# CyaSSL Release 2.2.0 (5/18/2012) - -#### Release 2.2.0 CyaSSL has bug fixes and a few new features including: -- Initial CRL support (--enable-crl) -- Initial OCSP support (--enable-ocsp) -- Add static ECDH suites -- SHA-384 support -- ECC client certificate support -- Add medium session cache size (1055 sessions) -- Updated unit tests -- Protection against mutex reinitialization - - -The CyaSSL manual is available at: -http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - - -# CyaSSL Release 2.0.8 (2/24/2012) - -#### Release 2.0.8 CyaSSL has bug fixes and a few new features including: -- A fix for malicious certificates pointed out by Remi Gacogne (thanks) - resulting in NULL pointer use. -- Respond to renegotiation attempt with no_renegoatation alert -- Add basic path support for load_verify_locations() -- Add set Temp EC-DHE key size -- Extra checks on rsa test when porting into - - -The CyaSSL manual is available at: -http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - - -# CyaSSL Release 2.0.6 (1/27/2012) - -#### Release 2.0.6 CyaSSL has bug fixes and a few new features including: -- Fixes for CA basis constraint check -- CTX reference counting -- Initial unit test additions -- Lean and Mean Windows fix -- ECC benchmarking -- SSMTP build support -- Ability to group handshake messages with set_group_messages(ctx/ssl) -- CA cache addition callback -- Export Base64_Encode for general use - -The CyaSSL manual is available at: -http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - - -# CyaSSL Release 2.0.2 (12/05/2011) - -#### Release 2.0.2 CyaSSL has bug fixes and a few new features including: -- CTaoCrypt Runtime library detection settings when directly using the crypto - library -- Default certificate generation now uses SHAwRSA and adds SHA256wRSA generation -- All test certificates now use 2048bit and SHA-1 for better modern browser - support -- Direct AES block access and AES-CTR (counter) mode -- Microchip pic32 support - -The CyaSSL manual is available at: -http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - - -# CyaSSL Release 2.0.0rc3 (9/28/2011) - -#### Release 2.0.0rc3 for CyaSSL has bug fixes and a few new features including: -- updated autoconf support -- better make install and uninstall (uses system directories) -- make test / make check -- CyaSSL headers now in -- CTaocrypt headers now in -- OpenSSL compatibility headers now in -- examples and tests all run from home directory so can use certs in ./certs - (see note 1) - -So previous applications that used the OpenSSL compatibility header - now need to include instead, no other -changes are required. - -Special Thanks to Brian Aker for his autoconf, install, and header patches. - -The CyaSSL manual is available at: -http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - -# CyaSSL Release 2.0.0rc2 (6/6/2011) - -#### Release 2.0.0rc2 for CyaSSL has bug fixes and a few new features including: -- bug fixes (Alerts, DTLS with DHE) -- FreeRTOS support -- lwIP support -- Wshadow warnings removed -- asn public header -- CTaoCrypt public headers now all have ctc_ prefix (the manual is still being - updated to reflect this change) -- and more. - -This is the 2nd and perhaps final release candidate for version 2. -Please send any comments or questions to support@yassl.com. - -The CyaSSL manual is available at: -http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - -# CyaSSL Release 2.0.0rc1 (5/2/2011) - -#### Release 2.0.0rc1 for CyaSSL has many new features including: -- bug fixes -- SHA-256 cipher suites -- Root Certificate Verification (instead of needing all certs in the chain) -- PKCS #8 private key encryption (supports PKCS #5 v1-v2 and PKCS #12) -- Serial number retrieval for x509 -- PBKDF2 and PKCS #12 PBKDF -- UID parsing for x509 -- SHA-256 certificate signatures -- Client and server can send chains (SSL_CTX_use_certificate_chain_file) -- CA loading can now parse multiple certificates per file -- Dynamic memory runtime hooks -- Runtime hooks for logging -- EDH on server side -- More informative error codes -- More informative logging messages -- Version downgrade more robust (use SSL_v23*) -- Shared build only by default through ./configure -- Compiler visibility is now used, internal functions not polluting namespace -- Single Makefile, no recursion, for faster and simpler building -- Turn on all warnings possible build option, warning fixes -- and more. - -Because of all the new features and the multiple OS, compiler, feature-set -options that CyaSSL allows, there may be some configuration fixes needed. -Please send any comments or questions to support@yassl.com. - -The CyaSSL manual is available at: -http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - -# CyaSSL Release 1.9.0 (3/2/2011) - -Release 1.9.0 for CyaSSL adds bug fixes, improved TLSv1.2 through testing and -better hash/sig algo ids, --enable-webServer for the yaSSL embedded web server, -improper AES key setup detection, user cert verify callback improvements, and -more. - -The CyaSSL manual offering is included in the doc/ directory. For build -instructions and comments about the new features please check the manual. - -Please send any comments or questions to support@yassl.com. - -# CyaSSL Release 1.8.0 (12/23/2010) - -Release 1.8.0 for CyaSSL adds bug fixes, x509 v3 CA signed certificate -generation, a C standard library abstraction layer, lower memory use, increased -portability through the os_settings.h file, and the ability to use NTRU cipher -suites when used in conjunction with an NTRU license and library. - -The initial CyaSSL manual offering is included in the doc/ directory. For -build instructions and comments about the new features please check the manual. - -Please send any comments or questions to support@yassl.com. - -Happy Holidays. - - -# CyaSSL Release 1.6.5 (9/9/2010) - -Release 1.6.5 for CyaSSL adds bug fixes and x509 v3 self signed certificate -generation. - -For general build instructions see doc/Building_CyaSSL.pdf. - -To enable certificate generation support add this option to ./configure -./configure --enable-certgen - -An example is included in ctaocrypt/test/test.c and documentation is provided -in doc/CyaSSL_Extensions_Reference.pdf item 11. - -# CyaSSL Release 1.6.0 (8/27/2010) - -Release 1.6.0 for CyaSSL adds bug fixes, RIPEMD-160, SHA-512, and RSA key -generation. - -For general build instructions see doc/Building_CyaSSL.pdf. - -To add RIPEMD-160 support add this option to ./configure -./configure --enable-ripemd - -To add SHA-512 support add this option to ./configure -./configure --enable-sha512 - -To add RSA key generation support add this option to ./configure -./configure --enable-keygen - -Please see ctaocrypt/test/test.c for examples and usage. - -For Windows, RIPEMD-160 and SHA-512 are enabled by default but key generation is -off by default. To turn key generation on add the define CYASSL_KEY_GEN to -CyaSSL. - - -# CyaSSL Release 1.5.6 (7/28/2010) - -Release 1.5.6 for CyaSSL adds bug fixes, compatibility for our JSSE provider, -and a fix for GCC builds on some systems. - -For general build instructions see doc/Building_CyaSSL.pdf. - -To add AES-NI support add this option to ./configure -./configure --enable-aesni - -You'll need GCC 4.4.3 or later to make use of the assembly. - -# CyaSSL Release 1.5.4 (7/7/2010) - -Release 1.5.4 for CyaSSL adds bug fixes, support for AES-NI, SHA1 speed -improvements from loop unrolling, and support for the Mongoose Web Server. - -For general build instructions see doc/Building_CyaSSL.pdf. - -To add AES-NI support add this option to ./configure -./configure --enable-aesni - -You'll need GCC 4.4.3 or later to make use of the assembly. - -# CyaSSL Release 1.5.0 (5/11/2010) - -Release 1.5.0 for CyaSSL adds bug fixes, GoAhead WebServer support, sniffer -support, and initial swig interface support. - -For general build instructions see doc/Building_CyaSSL.pdf. - -To add support for GoAhead WebServer either --enable-opensslExtra or if you -don't want all the features of opensslExtra you can just define GOAHEAD_WS -instead. GOAHEAD_WS can be added to ./configure with CFLAGS=-DGOAHEAD_WS or -you can define it yourself. - -To look at the sniffer support please see the sniffertest app in -sslSniffer/sslSnifferTest. Build with --enable-sniffer on *nix or use the -vcproj files on windows. You'll need to have pcap installed on *nix and -WinPcap on windows. - -A swig interface file is now located in the swig directory for using Python, -Java, Perl, and others with CyaSSL. This is initial support and experimental, -please send questions or comments to support@yassl.com. - -When doing load testing with CyaSSL, on the echoserver example say, the client -machine may run out of tcp ephemeral ports, they will end up in the TIME_WAIT -queue, and can't be reused by default. There are generally two ways to fix -this. - -1. Reduce the length sockets remain on the TIME_WAIT queue OR -2. Allow items on the TIME_WAIT queue to be reused. - - -To reduce the TIME_WAIT length in OS X to 3 seconds (3000 milliseconds) - -`sudo sysctl -w net.inet.tcp.msl=3000` - -In Linux - -`sudo sysctl -w net.ipv4.tcp_tw_reuse=1` - -allows reuse of sockets in TIME_WAIT - -`sudo sysctl -w net.ipv4.tcp_tw_recycle=1` - -works but seems to remove sockets from TIME_WAIT entirely? - -`sudo sysctl -w net.ipv4.tcp_fin_timeout=1` - -doen't control TIME_WAIT, it controls FIN_WAIT(2) contrary to some posts - - -# CyaSSL Release 1.4.0 (2/18/2010) - -Release 1.3.0 for CyaSSL adds bug fixes, better multi TLS/SSL version support -through SSLv23_server_method(), and improved documentation in the doc/ folder. - -For general build instructions doc/Building_CyaSSL.pdf. - -# CyaSSL Release 1.3.0 (1/21/2010) - -Release 1.3.0 for CyaSSL adds bug fixes, a potential security problem fix, -better porting support, removal of assert()s, and a complete THREADX port. - -For general build instructions see rc1 below. - -# CyaSSL Release 1.2.0 (11/2/2009) - -Release 1.2.0 for CyaSSL adds bug fixes and session negotiation if first use is -read or write. - -For general build instructions see rc1 below. - -# CyaSSL Release 1.1.0 (9/2/2009) - -Release 1.1.0 for CyaSSL adds bug fixes, a check against malicious session -cache use, support for lighttpd, and TLS 1.2. - -To get TLS 1.2 support please use the client and server functions: - -```c -SSL_METHOD *TLSv1_2_server_method(void); -SSL_METHOD *TLSv1_2_client_method(void); -``` - -CyaSSL was tested against lighttpd 1.4.23. To build CyaSSL for use with -lighttpd use the following commands from the CyaSSL install dir : - -``` -./configure --disable-shared --enable-opensslExtra --enable-fastmath --without-zlib - -make -make openssl-links -``` - -Then to build lighttpd with CyaSSL use the following commands from the -lighttpd install dir: - -``` -./configure --with-openssl --with-openssl-includes=/include --with-openssl-libs=/lib LDFLAGS=-lm - -make -``` - -On some systems you may get a linker error about a duplicate symbol for -MD5_Init or other MD5 calls. This seems to be caused by the lighttpd src file -md5.c, which defines MD5_Init(), and is included in liblightcomp_la-md5.o. -When liblightcomp is linked with the SSL_LIBs the linker may complain about -the duplicate symbol. This can be fixed by editing the lighttpd src file md5.c -and adding this line to the beginning of the file: - -\#if 0 - -and this line to the end of the file - -\#endif - -Then from the lighttpd src dir do a: - -``` -make clean -make -``` - -If you get link errors about undefined symbols more than likely the actual -OpenSSL libraries are found by the linker before the CyaSSL openssl-links that -point to the CyaSSL library, causing the linker confusion. This can be fixed -by editing the Makefile in the lighttpd src directory and changing the line: - -`SSL_LIB = -lssl -lcrypto` - -to - -`SSL_LIB = -lcyassl` - -Then from the lighttpd src dir do a: - -``` -make clean -make -``` - -This should remove any confusion the linker may be having with missing symbols. - -For any questions or concerns please contact support@yassl.com . - -For general build instructions see rc1 below. - -# CyaSSL Release 1.0.6 (8/03/2009) - -Release 1.0.6 for CyaSSL adds bug fixes, an improved session cache, and faster -math with a huge code option. - -The session cache now defaults to a client mode, also good for embedded servers. -For servers not under heavy load (less than 200 new sessions per minute), define -BIG_SESSION_CACHE. If the server will be under heavy load, define -HUGE_SESSION_CACHE. - -There is now a fasthugemath option for configure. This enables fastmath plus -even faster math by greatly increasing the code size of the math library. Use -the benchmark utility to compare public key operations. - - -For general build instructions see rc1 below. - -# CyaSSL Release 1.0.3 (5/10/2009) - -Release 1.0.3 for CyaSSL adds bug fixes and add increased support for OpenSSL -compatibility when building other applications. - -Release 1.0.3 includes an alpha release of DTLS for both client and servers. -This is only for testing purposes at this time. Rebroadcast and reordering -aren't fully implemented at this time but will be for the next release. - -For general build instructions see rc1 below. - -# CyaSSL Release 1.0.2 (4/3/2009) - -Release 1.0.2 for CyaSSL adds bug fixes for a couple I/O issues. Some systems -will send a SIGPIPE on socket recv() at any time and this should be handled by -the application by turning off SIGPIPE through setsockopt() or returning from -the handler. - -Release 1.0.2 includes an alpha release of DTLS for both client and servers. -This is only for testing purposes at this time. Rebroadcast and reordering -aren't fully implemented at this time but will be for the next release. - -For general build instructions see rc1 below. - -## CyaSSL Release Candidate 3 rc3-1.0.0 (2/25/2009) - - -Release Candidate 3 for CyaSSL 1.0.0 adds bug fixes and adds a project file for -iPhone development with Xcode. cyassl-iphone.xcodeproj is located in the root -directory. This release also includes a fix for supporting other -implementations that bundle multiple messages at the record layer, this was -lost when cyassl i/o was re-implemented but is now fixed. - -For general build instructions see rc1 below. - -## CyaSSL Release Candidate 2 rc2-1.0.0 (1/21/2009) - - -Release Candidate 2 for CyaSSL 1.0.0 adds bug fixes and adds two new stream -ciphers along with their respective cipher suites. CyaSSL adds support for -HC-128 and RABBIT stream ciphers. The new suites are: - -``` -TLS_RSA_WITH_HC_128_SHA -TLS_RSA_WITH_RABBIT_SHA -``` - -And the corresponding cipher names are - -``` -HC128-SHA -RABBIT-SHA -``` - -CyaSSL also adds support for building with devkitPro for PPC by changing the -library proper to use libogc. The examples haven't been changed yet but if -there's interest they can be. Here's an example ./configure to build CyaSSL -for devkitPro: - -``` -./configure --disable-shared CC=/pathTo/devkitpro/devkitPPC/bin/powerpc-gekko-gcc --host=ppc --without-zlib --enable-singleThreaded RANLIB=/pathTo/devkitpro/devkitPPC/bin/powerpc-gekko-ranlib CFLAGS="-DDEVKITPRO -DGEKKO" -``` - -For linking purposes you'll need - -`LDFLAGS="-g -mrvl -mcpu=750 -meabi -mhard-float -Wl,-Map,$(notdir $@).map"` - -For general build instructions see rc1 below. - - -## CyaSSL Release Candidate 1 rc1-1.0.0 (12/17/2008) - - -Release Candidate 1 for CyaSSL 1.0.0 contains major internal changes. Several -areas have optimization improvements, less dynamic memory use, and the I/O -strategy has been refactored to allow alternate I/O handling or Library use. -Many thanks to Thierry Fournier for providing these ideas and most of the work. - -Because of these changes, this release is only a candidate since some problems -are probably inevitable on some platform with some I/O use. Please report any -problems and we'll try to resolve them as soon as possible. You can contact us -at support@yassl.com or todd@yassl.com. - -Using TomsFastMath by passing --enable-fastmath to ./configure now uses assembly -on some platforms. This is new so please report any problems as every compiler, -mode, OS combination hasn't been tested. On ia32 all of the registers need to -be available so be sure to pass these options to CFLAGS: - -`CFLAGS="-O3 -fomit-frame-pointer"` - -OS X will also need -mdynamic-no-pic added to CFLAGS - -Also if you're building in shared mode for ia32 you'll need to pass options to -LDFLAGS as well on OS X: - -`LDFLAGS=-Wl,-read_only_relocs,warning` - -This gives warnings for some symbols but seems to work. - - -#### To build on Linux, Solaris, *BSD, Mac OS X, or Cygwin: - - ./configure - make - - from the ./testsuite/ directory run ./testsuite - -#### To make a debug build: - - ./configure --enable-debug --disable-shared - make - - - -#### To build on Win32 - -Choose (Re)Build All from the project workspace - -Run the testsuite program - - - - - -# CyaSSL version 0.9.9 (7/25/2008) - -This release of CyaSSL adds bug fixes, Pre-Shared Keys, over-rideable memory -handling, and optionally TomsFastMath. Thanks to Moisés Guimarães for the -work on TomsFastMath. - -To optionally use TomsFastMath pass --enable-fastmath to ./configure -Or define USE_FAST_MATH in each project from CyaSSL for MSVC. - -Please use the benchmark routine before and after to see the performance -difference, on some platforms the gains will be little but RSA encryption -always seems to be faster. On x86-64 machines with GCC the normal math library -may outperform the fast one when using CFLAGS=-m64 because TomsFastMath can't -yet use -m64 because of GCCs inability to do 128bit division. - - *** UPDATE GCC 4.2.1 can now do 128bit division *** - -See notes below (0.2.0) for complete build instructions. - - -# CyaSSL version 0.9.8 (5/7/2008) - -This release of CyaSSL adds bug fixes, client side Diffie-Hellman, and better -socket handling. - -See notes below (0.2.0) for complete build instructions. - - -# CyaSSL version 0.9.6 (1/31/2008) - -This release of CyaSSL adds bug fixes, increased session management, and a fix -for gnutls. - -See notes below (0.2.0) for complete build instructions. - - -# CyaSSL version 0.9.0 (10/15/2007) - -This release of CyaSSL adds bug fixes, MSVC 2005 support, GCC 4.2 support, -IPV6 support and test, and new test certificates. - -See notes below (0.2.0) for complete build instructions. - - -# CyaSSL version 0.8.0 (1/10/2007) - -This release of CyaSSL adds increased socket support, for non-blocking writes, -connects, and interrupted system calls. - -See notes below (0.2.0) for complete build instructions. - - -# CyaSSL version 0.6.3 (10/30/2006) - -This release of CyaSSL adds debug logging to stderr to aid in the debugging of -CyaSSL on systems that may not provide the best support. - -If CyaSSL is built with debugging support then you need to call -CyaSSL_Debugging_ON() to turn logging on. - -On Unix use ./configure --enable-debug - -On Windows define DEBUG_CYASSL when building CyaSSL - - -To turn logging back off call CyaSSL_Debugging_OFF() - -See notes below (0.2.0) for complete build instructions. - - -# CyaSSL version 0.6.2 (10/29/2006) - -This release of CyaSSL adds TLS 1.1. - -Note that CyaSSL has certificate verification on by default, unlike OpenSSL. -To emulate OpenSSL behavior, you must call SSL_CTX_set_verify() with -SSL_VERIFY_NONE. In order to have full security you should never do this, -provide CyaSSL with the proper certificates to eliminate impostors and call -CyaSSL_check_domain_name() to prevent man in the middle attacks. - -See notes below (0.2.0) for build instructions. - -# CyaSSL version 0.6.0 (10/25/2006) - -This release of CyaSSL adds more SSL functions, better autoconf, nonblocking -I/O for accept, connect, and read. There is now an --enable-small configure -option that turns off TLS, AES, DES3, HMAC, and ERROR_STRINGS, see configure.in -for the defines. Note that TLS requires HMAC and AES requires TLS. - -See notes below (0.2.0) for build instructions. - - -# CyaSSL version 0.5.5 (09/27/2006) - -This mini release of CyaSSL adds better input processing through buffered input -and big message support. Added SSL_pending() and some sanity checks on user -settings. - -See notes below (0.2.0) for build instructions. - - -# CyaSSL version 0.5.0 (03/27/2006) - -This release of CyaSSL adds AES support and minor bug fixes. - -See notes below (0.2.0) for build instructions. - - -# CyaSSL version 0.4.0 (03/15/2006) - -This release of CyaSSL adds TLSv1 client/server support and libtool. - -See notes below for build instructions. - - -# CyaSSL version 0.3.0 (02/26/2006) - -This release of CyaSSL adds SSLv3 server support and session resumption. - -See notes below for build instructions. - - -# CyaSSL version 0.2.0 (02/19/2006) - - -This is the first release of CyaSSL and its crypt brother, CTaoCrypt. CyaSSL -is written in ANSI C with the idea of a small code size, footprint, and memory -usage in mind. CTaoCrypt can be as small as 32K, and the current client -version of CyaSSL can be as small as 12K. - - -The first release of CTaoCrypt supports MD5, SHA-1, 3DES, ARC4, Big Integer -Support, RSA, ASN parsing, and basic x509 (en/de)coding. - -The first release of CyaSSL supports normal client RSA mode SSLv3 connections -with support for SHA-1 and MD5 digests. Ciphers include 3DES and RC4. - - -#### To build on Linux, Solaris, *BSD, Mac OS X, or Cygwin: - - ./configure - make - - from the ./testsuite/ directory run ./testsuite - -#### to make a debug build: - - ./configure --enable-debug --disable-shared - make - - - -#### To build on Win32 - -Choose (Re)Build All from the project workspace - -Run the testsuite program - - - -*** The next release of CyaSSL will support a server and more OpenSSL -compatibility functions. - - -Please send questions or comments to todd@wolfssl.com diff --git a/SCRIPTS-LIST b/SCRIPTS-LIST index c2f36b3d2..d4635b6f3 100644 --- a/SCRIPTS-LIST +++ b/SCRIPTS-LIST @@ -10,6 +10,8 @@ commit-tests.sh - our commit tests, must pass before a commit is accepted, use fips-check.sh - checks if current wolfSSL version works against FIPS wolfCrypt comment out last line to leave working directory +async-check.sh - internal script for validating wolfSSL Async using the simulator. + gencertbuf.pl - creates certs_test.h, our certs / keys C array for easy non filesystem testing diff --git a/async-check.sh b/async-check.sh new file mode 100755 index 000000000..ed8ab5084 --- /dev/null +++ b/async-check.sh @@ -0,0 +1,80 @@ +#!/bin/bash + +# async-check.sh + +# This script creates symbolic links to the required asynchronous +# file for using the asynchronous simulator and make check +# +# $ ./async-check [keep] +# +# - keep: (default off) ./async and links kept around for inspection +# + +function Usage() { + printf '\n%s\n' "Usage: $0 [keep]" + printf '\n%s\n\n' "Where \"keep\" means keep (default off) async files around for inspection" + printf '%s\n' "EXAMPLE:" + printf '%s\n' "---------------------------------" + printf '%s\n' "./async-check.sh keep" + printf '%s\n\n' "---------------------------------" +} + +ASYNC_REPO=git@github.com:wolfSSL/wolfAsyncCrypt.git +#ASYNC_REPO=../wolfAsyncCrypt + +# Optionally keep async files +if [ "x$1" == "xkeep" ]; then KEEP="yes"; else KEEP="no"; fi + + +if [ -d ./async ]; +then + echo "\n\nUsing existing async repo\n\n" +else + # make a clone of the wolfAsyncCrypt repository + git clone $ASYNC_REPO async + [ $? -ne 0 ] && echo "\n\nCouldn't checkout the wolfAsyncCrypt repository\n\n" && exit 1 +fi + +# setup auto-conf +./autogen.sh + + +# link files +ln -s -F ../../async/wolfcrypt/src/async.c ./wolfcrypt/src/async.c +ln -s -F ../../async/wolfssl/wolfcrypt/async.h ./wolfssl/wolfcrypt/async.h +ln -s -F ../../../../async/wolfcrypt/src/port/intel/quickassist.c ./wolfcrypt/src/port/intel/quickassist.c +ln -s -F ../../../../async/wolfcrypt/src/port/intel/quickassist_mem.c ./wolfcrypt/src/port/intel/quickassist_mem.c +ln -s -F ../../../../async/wolfcrypt/src/port/intel/README.md ./wolfcrypt/src/port/intel/README.md +ln -s -F ../../../../async/wolfssl/wolfcrypt/port/intel/quickassist.h ./wolfssl/wolfcrypt/port/intel/quickassist.h +ln -s -F ../../../../async/wolfssl/wolfcrypt/port/intel/quickassist_mem.h ./wolfssl/wolfcrypt/port/intel/quickassist_mem.h +ln -s -F ../../../../async/wolfcrypt/src/port/cavium/cavium_nitrox.c ./wolfcrypt/src/port/cavium/cavium_nitrox.c +ln -s -F ../../../../async/wolfssl/wolfcrypt/port/cavium/cavium_nitrox.h ./wolfssl/wolfcrypt/port/cavium/cavium_nitrox.h +ln -s -F ../../../../async/wolfcrypt/src/port/cavium/README.md ./wolfcrypt/src/port/cavium/README.md + + +./configure --enable-asynccrypt --enable-all +make check +[ $? -ne 0 ] && echo "\n\nMake check failed. Debris left for analysis." && exit 1 + + +# Clean up +popd +if [ "x$KEEP" == "xno" ]; +then + unlink ./wolfcrypt/src/async.c + unlink ./wolfssl/wolfcrypt/async.h + unlink ./wolfcrypt/src/port/intel/quickassist.c + unlink ./wolfcrypt/src/port/intel/quickassist_mem.c + unlink ./wolfcrypt/src/port/intel/README.md + unlink ./wolfssl/wolfcrypt/port/intel/quickassist.h + unlink ./wolfssl/wolfcrypt/port/intel/quickassist_mem.h + unlink ./wolfcrypt/src/port/cavium/cavium_nitrox.c + unlink ./wolfssl/wolfcrypt/port/cavium/cavium_nitrox.h + unlink ./wolfcrypt/src/port/cavium/README.md + + rm -rf ./async + + # restore original README.md files + git checkout -- wolfcrypt/src/port/cavium/README.md + git checkout -- wolfcrypt/src/port/intel/README.md +fi diff --git a/certs/1024/ca-cert.der b/certs/1024/ca-cert.der index 89921fd18..6a2b06e40 100644 Binary files a/certs/1024/ca-cert.der and b/certs/1024/ca-cert.der differ diff --git a/certs/1024/ca-cert.pem b/certs/1024/ca-cert.pem index 36b03380f..6f8a188f3 100644 --- a/certs/1024/ca-cert.pem +++ b/certs/1024/ca-cert.pem @@ -1,13 +1,12 @@ Certificate: Data: Version: 3 (0x2) - Serial Number: - b5:4e:78:83:dd:ef:e7:8f + Serial Number: 15779322327764802375 (0xdafb6a0dfecf9b47) Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting_1024, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Aug 11 20:07:37 2016 GMT - Not After : May 8 20:07:37 2019 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting_1024, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -29,25 +28,25 @@ Certificate: X509v3 Authority Key Identifier: keyid:D3:22:8F:28:2C:E0:05:EE:D3:ED:C3:71:3D:C9:B2:36:3A:1D:BF:A8 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting_1024/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:B5:4E:78:83:DD:EF:E7:8F + serial:DA:FB:6A:0D:FE:CF:9B:47 X509v3 Basic Constraints: CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 5a:09:c3:7e:d5:cd:73:6f:d6:5d:1d:6c:a8:4a:12:82:3d:be: - fe:09:d6:02:24:23:9a:07:67:4b:6e:60:a6:6d:42:aa:86:36: - 07:20:a9:44:b4:95:d6:81:db:9d:28:13:5f:a9:75:38:2d:80: - c6:60:f7:4a:48:23:c0:97:ee:f7:65:35:19:8d:20:a2:00:24: - 5c:d9:35:22:99:1f:dd:5f:0c:83:f8:ab:4d:88:69:6a:b0:f4: - 82:5c:77:a5:50:b1:09:d1:5d:94:d8:b0:26:bf:c1:55:14:9f: - e2:f0:2e:48:d1:7b:fc:52:bf:ac:6d:1a:3a:dd:36:ee:ca:51: - 4c:1d + 1d:48:f6:40:41:04:06:f2:e4:72:2f:ea:ff:c1:67:6b:15:bb: + 0a:28:23:28:07:c6:d7:13:2c:be:00:00:ac:1d:f7:f4:92:d3: + 2b:af:23:eb:9f:1a:e2:11:3c:2d:97:f2:0f:ac:ae:97:86:0a: + fb:a8:4f:74:1b:de:19:51:db:cd:e2:11:38:c1:a4:9d:56:ab: + 47:5c:de:ba:eb:27:df:6d:c8:7e:3a:bd:2e:9b:2a:ad:22:3b: + 95:a9:f2:28:03:bc:e5:ec:cc:f2:08:d4:c8:2f:db:ea:fb:2e: + 52:16:8c:42:02:a4:59:6d:4c:33:b4:9a:d2:73:4a:1e:9f:d9: + c8:83 -----BEGIN CERTIFICATE----- -MIIDtTCCAx6gAwIBAgIJALVOeIPd7+ePMA0GCSqGSIb3DQEBCwUAMIGZMQswCQYD +MIIDtTCCAx6gAwIBAgIJANr7ag3+z5tHMA0GCSqGSIb3DQEBCwUAMIGZMQswCQYD VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G A1UECgwIU2F3dG9vdGgxGDAWBgNVBAsMD0NvbnN1bHRpbmdfMTAyNDEYMBYGA1UE AwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu -Y29tMB4XDTE2MDgxMTIwMDczN1oXDTE5MDUwODIwMDczN1owgZkxCzAJBgNVBAYT +Y29tMB4XDTE4MDQxMzE1MjMxMFoXDTIxMDEwNzE1MjMxMFowgZkxCzAJBgNVBAYT AlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQK DAhTYXd0b290aDEYMBYGA1UECwwPQ29uc3VsdGluZ18xMDI0MRgwFgYDVQQDDA93 d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20w @@ -59,8 +58,8 @@ ybI2Oh2/qDCBzgYDVR0jBIHGMIHDgBTTIo8oLOAF7tPtw3E9ybI2Oh2/qKGBn6SB nDCBmTELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0Jv emVtYW4xETAPBgNVBAoMCFNhd3Rvb3RoMRgwFgYDVQQLDA9Db25zdWx0aW5nXzEw MjQxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5m -b0B3b2xmc3NsLmNvbYIJALVOeIPd7+ePMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcN -AQELBQADgYEAWgnDftXNc2/WXR1sqEoSgj2+/gnWAiQjmgdnS25gpm1CqoY2ByCp -RLSV1oHbnSgTX6l1OC2AxmD3SkgjwJfu92U1GY0gogAkXNk1Ipkf3V8Mg/irTYhp -arD0glx3pVCxCdFdlNiwJr/BVRSf4vAuSNF7/FK/rG0aOt027spRTB0= +b0B3b2xmc3NsLmNvbYIJANr7ag3+z5tHMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcN +AQELBQADgYEAHUj2QEEEBvLkci/q/8FnaxW7CigjKAfG1xMsvgAArB339JLTK68j +658a4hE8LZfyD6yul4YK+6hPdBveGVHbzeIROMGknVarR1zeuusn323Ifjq9Lpsq +rSI7lanyKAO85ezM8gjUyC/b6vsuUhaMQgKkWW1MM7Sa0nNKHp/ZyIM= -----END CERTIFICATE----- diff --git a/certs/1024/client-cert.der b/certs/1024/client-cert.der index c7677b265..0195f9de9 100644 Binary files a/certs/1024/client-cert.der and b/certs/1024/client-cert.der differ diff --git a/certs/1024/client-cert.pem b/certs/1024/client-cert.pem index ffa017747..d36383d25 100644 --- a/certs/1024/client-cert.pem +++ b/certs/1024/client-cert.pem @@ -1,13 +1,12 @@ Certificate: Data: Version: 3 (0x2) - Serial Number: - f3:63:b8:35:1d:0a:d8:d9 + Serial Number: 13534178914118477827 (0xbbd31003e69d2803) Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Montana, L=Bozeman, O=wolfSSL_1024, OU=Programming-1024, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Aug 11 20:07:37 2016 GMT - Not After : May 8 20:07:37 2019 GMT + Not Before: Apr 13 15:23:09 2018 GMT + Not After : Jan 7 15:23:09 2021 GMT Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL_1024, OU=Programming-1024, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -29,25 +28,25 @@ Certificate: X509v3 Authority Key Identifier: keyid:81:69:0F:F8:DF:DD:CF:34:29:D5:67:75:71:85:C7:75:10:69:59:EC DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL_1024/OU=Programming-1024/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:F3:63:B8:35:1D:0A:D8:D9 + serial:BB:D3:10:03:E6:9D:28:03 X509v3 Basic Constraints: CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 31:5e:c5:8c:6f:b7:c5:47:1b:51:5f:99:91:a1:23:45:3c:36: - 59:20:fe:90:46:95:79:e8:b8:d9:db:44:7f:63:42:71:59:d5: - 59:a5:3c:d3:43:83:a0:7d:1e:56:36:02:92:e2:0a:19:f6:97: - f2:82:12:a6:b2:bf:3b:b6:b0:07:fc:7a:5b:78:22:a0:31:f4: - 3d:eb:0a:c5:e4:e5:b4:c7:bb:4f:a9:b8:37:19:bf:c7:64:9d: - 74:9e:78:df:09:f5:d6:dd:c2:fb:ce:94:d5:bf:97:b0:76:b5: - e9:10:65:6c:48:85:c4:1b:ff:5b:64:c7:11:30:06:e4:40:f5: - 90:2b + 84:99:d9:e5:37:c4:44:7d:ce:29:b8:b6:80:0e:ea:a3:e2:fa: + a2:2f:5c:d2:4a:85:67:b9:8b:fa:9f:7d:da:6d:85:2a:c2:20: + f3:18:c8:d4:6b:26:b2:7a:68:e7:82:52:87:e7:0c:5b:08:47: + 7a:55:a5:0d:fa:72:ce:6b:a1:b2:ae:5a:a1:63:ff:68:db:e5: + 49:ef:f1:0e:98:96:09:b5:04:5f:d4:0a:9b:8a:af:d2:31:1f: + 95:e5:0f:a8:cd:bb:a1:2d:64:b0:b7:ee:47:a7:58:d9:c7:db: + b0:92:bb:aa:cf:b8:8a:04:5b:0f:9f:3e:e0:d2:42:52:bd:5d: + a7:48 -----BEGIN CERTIFICATE----- -MIIDxTCCAy6gAwIBAgIJAPNjuDUdCtjZMA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD +MIIDxTCCAy6gAwIBAgIJALvTEAPmnSgDMA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEVMBMG A1UECgwMd29sZlNTTF8xMDI0MRkwFwYDVQQLDBBQcm9ncmFtbWluZy0xMDI0MRgw FgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29s -ZnNzbC5jb20wHhcNMTYwODExMjAwNzM3WhcNMTkwNTA4MjAwNzM3WjCBnjELMAkG +ZnNzbC5jb20wHhcNMTgwNDEzMTUyMzA5WhcNMjEwMTA3MTUyMzA5WjCBnjELMAkG A1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFTAT BgNVBAoMDHdvbGZTU0xfMTAyNDEZMBcGA1UECwwQUHJvZ3JhbW1pbmctMTAyNDEY MBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv @@ -59,9 +58,9 @@ D/jf3c80KdVndXGFx3UQaVnsMIHTBgNVHSMEgcswgciAFIFpD/jf3c80KdVndXGF x3UQaVnsoYGkpIGhMIGeMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQ MA4GA1UEBwwHQm96ZW1hbjEVMBMGA1UECgwMd29sZlNTTF8xMDI0MRkwFwYDVQQL DBBQcm9ncmFtbWluZy0xMDI0MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAd -BgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CCQDzY7g1HQrY2TAMBgNVHRME -BTADAQH/MA0GCSqGSIb3DQEBCwUAA4GBADFexYxvt8VHG1FfmZGhI0U8Nlkg/pBG -lXnouNnbRH9jQnFZ1VmlPNNDg6B9HlY2ApLiChn2l/KCEqayvzu2sAf8elt4IqAx -9D3rCsXk5bTHu0+puDcZv8dknXSeeN8J9dbdwvvOlNW/l7B2tekQZWxIhcQb/1tk -xxEwBuRA9ZAr +BgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CCQC70xAD5p0oAzAMBgNVHRME +BTADAQH/MA0GCSqGSIb3DQEBCwUAA4GBAISZ2eU3xER9zim4toAO6qPi+qIvXNJK +hWe5i/qffdpthSrCIPMYyNRrJrJ6aOeCUofnDFsIR3pVpQ36cs5robKuWqFj/2jb +5Unv8Q6Ylgm1BF/UCpuKr9IxH5XlD6jNu6EtZLC37kenWNnH27CSu6rPuIoEWw+f +PuDSQlK9XadI -----END CERTIFICATE----- diff --git a/certs/1024/server-cert.der b/certs/1024/server-cert.der index 9ef470288..3e9b678a6 100644 Binary files a/certs/1024/server-cert.der and b/certs/1024/server-cert.der differ diff --git a/certs/1024/server-cert.pem b/certs/1024/server-cert.pem index 92f631e1e..4b432fbbf 100644 --- a/certs/1024/server-cert.pem +++ b/certs/1024/server-cert.pem @@ -5,8 +5,8 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting_1024, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Aug 11 20:07:38 2016 GMT - Not After : May 8 20:07:38 2019 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL, OU=Support_1024, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -28,25 +28,25 @@ Certificate: X509v3 Authority Key Identifier: keyid:D3:22:8F:28:2C:E0:05:EE:D3:ED:C3:71:3D:C9:B2:36:3A:1D:BF:A8 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting_1024/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:B5:4E:78:83:DD:EF:E7:8F + serial:DA:FB:6A:0D:FE:CF:9B:47 X509v3 Basic Constraints: CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 2c:aa:a2:46:f7:79:c7:7f:ce:ef:4d:e6:04:aa:7c:5c:77:72: - 55:66:41:97:7f:c5:6e:98:a0:c4:10:c6:d6:9c:70:0a:ee:ba: - ea:98:47:78:6f:33:8f:44:7a:d5:74:8a:7e:ab:49:1d:d7:95: - 12:11:8e:a0:54:5d:7d:0b:da:c2:c3:01:1a:e7:20:5e:5a:f7: - 16:81:89:b7:cd:e7:dc:46:e6:5e:f9:1a:c2:40:a5:59:f1:f5: - fa:55:db:15:ea:3c:c6:39:fd:e6:7b:5b:01:5f:a7:c9:36:a0: - 1e:73:11:b5:d3:b8:3f:8d:88:32:6a:e7:cd:b7:1d:31:4e:49: - e8:b9 + 0b:c3:af:43:85:64:61:e7:ab:5a:2a:1b:b2:29:d5:66:68:44: + 1a:6d:66:fc:3d:b1:88:ec:a5:41:18:67:62:34:a4:5e:c9:69: + cd:40:c8:56:7e:bf:eb:bc:61:1f:33:34:58:be:57:fd:e6:98: + dd:51:27:7c:b7:2c:bc:c9:39:e5:e5:95:82:e1:3f:d9:b9:97: + 30:4e:33:2c:ef:f8:db:b4:ee:35:75:9e:7a:3f:22:8f:a5:71: + d4:01:64:6c:f2:85:f7:72:99:2c:80:0f:a4:31:1d:d4:0b:1e: + a5:0f:e7:53:0a:de:15:0d:b2:d0:6b:f4:d6:2f:e2:0b:a3:8a: + 5a:6e -----BEGIN CERTIFICATE----- MIIDqTCCAxKgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBmTELMAkGA1UEBhMCVVMx EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh d3Rvb3RoMRgwFgYDVQQLDA9Db25zdWx0aW5nXzEwMjQxGDAWBgNVBAMMD3d3dy53 b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0x -NjA4MTEyMDA3MzhaFw0xOTA1MDgyMDA3MzhaMIGVMQswCQYDVQQGEwJVUzEQMA4G +ODA0MTMxNTIzMTBaFw0yMTAxMDcxNTIzMTBaMIGVMQswCQYDVQQGEwJVUzEQMA4G A1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEQMA4GA1UECgwHd29sZlNT TDEVMBMGA1UECwwMU3VwcG9ydF8xMDI0MRgwFgYDVQQDDA93d3cud29sZnNzbC5j b20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wgZ8wDQYJKoZIhvcN @@ -58,21 +58,20 @@ VR0jBIHGMIHDgBTTIo8oLOAF7tPtw3E9ybI2Oh2/qKGBn6SBnDCBmTELMAkGA1UE BhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNV BAoMCFNhd3Rvb3RoMRgwFgYDVQQLDA9Db25zdWx0aW5nXzEwMjQxGDAWBgNVBAMM D3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNv -bYIJALVOeIPd7+ePMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADgYEALKqi -Rvd5x3/O703mBKp8XHdyVWZBl3/FbpigxBDG1pxwCu666phHeG8zj0R61XSKfqtJ -HdeVEhGOoFRdfQvawsMBGucgXlr3FoGJt83n3EbmXvkawkClWfH1+lXbFeo8xjn9 -5ntbAV+nyTagHnMRtdO4P42IMmrnzbcdMU5J6Lk= +bYIJANr7ag3+z5tHMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADgYEAC8Ov +Q4VkYeerWiobsinVZmhEGm1m/D2xiOylQRhnYjSkXslpzUDIVn6/67xhHzM0WL5X +/eaY3VEnfLcsvMk55eWVguE/2bmXME4zLO/427TuNXWeej8ij6Vx1AFkbPKF93KZ +LIAPpDEd1AsepQ/nUwreFQ2y0Gv01i/iC6OKWm4= -----END CERTIFICATE----- Certificate: Data: Version: 3 (0x2) - Serial Number: - b5:4e:78:83:dd:ef:e7:8f + Serial Number: 15779322327764802375 (0xdafb6a0dfecf9b47) Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting_1024, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Aug 11 20:07:37 2016 GMT - Not After : May 8 20:07:37 2019 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting_1024, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -94,25 +93,25 @@ Certificate: X509v3 Authority Key Identifier: keyid:D3:22:8F:28:2C:E0:05:EE:D3:ED:C3:71:3D:C9:B2:36:3A:1D:BF:A8 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting_1024/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:B5:4E:78:83:DD:EF:E7:8F + serial:DA:FB:6A:0D:FE:CF:9B:47 X509v3 Basic Constraints: CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 5a:09:c3:7e:d5:cd:73:6f:d6:5d:1d:6c:a8:4a:12:82:3d:be: - fe:09:d6:02:24:23:9a:07:67:4b:6e:60:a6:6d:42:aa:86:36: - 07:20:a9:44:b4:95:d6:81:db:9d:28:13:5f:a9:75:38:2d:80: - c6:60:f7:4a:48:23:c0:97:ee:f7:65:35:19:8d:20:a2:00:24: - 5c:d9:35:22:99:1f:dd:5f:0c:83:f8:ab:4d:88:69:6a:b0:f4: - 82:5c:77:a5:50:b1:09:d1:5d:94:d8:b0:26:bf:c1:55:14:9f: - e2:f0:2e:48:d1:7b:fc:52:bf:ac:6d:1a:3a:dd:36:ee:ca:51: - 4c:1d + 1d:48:f6:40:41:04:06:f2:e4:72:2f:ea:ff:c1:67:6b:15:bb: + 0a:28:23:28:07:c6:d7:13:2c:be:00:00:ac:1d:f7:f4:92:d3: + 2b:af:23:eb:9f:1a:e2:11:3c:2d:97:f2:0f:ac:ae:97:86:0a: + fb:a8:4f:74:1b:de:19:51:db:cd:e2:11:38:c1:a4:9d:56:ab: + 47:5c:de:ba:eb:27:df:6d:c8:7e:3a:bd:2e:9b:2a:ad:22:3b: + 95:a9:f2:28:03:bc:e5:ec:cc:f2:08:d4:c8:2f:db:ea:fb:2e: + 52:16:8c:42:02:a4:59:6d:4c:33:b4:9a:d2:73:4a:1e:9f:d9: + c8:83 -----BEGIN CERTIFICATE----- -MIIDtTCCAx6gAwIBAgIJALVOeIPd7+ePMA0GCSqGSIb3DQEBCwUAMIGZMQswCQYD +MIIDtTCCAx6gAwIBAgIJANr7ag3+z5tHMA0GCSqGSIb3DQEBCwUAMIGZMQswCQYD VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G A1UECgwIU2F3dG9vdGgxGDAWBgNVBAsMD0NvbnN1bHRpbmdfMTAyNDEYMBYGA1UE AwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu -Y29tMB4XDTE2MDgxMTIwMDczN1oXDTE5MDUwODIwMDczN1owgZkxCzAJBgNVBAYT +Y29tMB4XDTE4MDQxMzE1MjMxMFoXDTIxMDEwNzE1MjMxMFowgZkxCzAJBgNVBAYT AlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQK DAhTYXd0b290aDEYMBYGA1UECwwPQ29uc3VsdGluZ18xMDI0MRgwFgYDVQQDDA93 d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20w @@ -124,8 +123,8 @@ ybI2Oh2/qDCBzgYDVR0jBIHGMIHDgBTTIo8oLOAF7tPtw3E9ybI2Oh2/qKGBn6SB nDCBmTELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0Jv emVtYW4xETAPBgNVBAoMCFNhd3Rvb3RoMRgwFgYDVQQLDA9Db25zdWx0aW5nXzEw MjQxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5m -b0B3b2xmc3NsLmNvbYIJALVOeIPd7+ePMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcN -AQELBQADgYEAWgnDftXNc2/WXR1sqEoSgj2+/gnWAiQjmgdnS25gpm1CqoY2ByCp -RLSV1oHbnSgTX6l1OC2AxmD3SkgjwJfu92U1GY0gogAkXNk1Ipkf3V8Mg/irTYhp -arD0glx3pVCxCdFdlNiwJr/BVRSf4vAuSNF7/FK/rG0aOt027spRTB0= +b0B3b2xmc3NsLmNvbYIJANr7ag3+z5tHMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcN +AQELBQADgYEAHUj2QEEEBvLkci/q/8FnaxW7CigjKAfG1xMsvgAArB339JLTK68j +658a4hE8LZfyD6yul4YK+6hPdBveGVHbzeIROMGknVarR1zeuusn323Ifjq9Lpsq +rSI7lanyKAO85ezM8gjUyC/b6vsuUhaMQgKkWW1MM7Sa0nNKHp/ZyIM= -----END CERTIFICATE----- diff --git a/certs/ca-cert.der b/certs/ca-cert.der index 6a823ef93..8c0c64445 100644 Binary files a/certs/ca-cert.der and b/certs/ca-cert.der differ diff --git a/certs/ca-cert.pem b/certs/ca-cert.pem index 8b34ea43d..7a8a56385 100644 --- a/certs/ca-cert.pem +++ b/certs/ca-cert.pem @@ -1,13 +1,12 @@ Certificate: Data: Version: 3 (0x2) - Serial Number: - b7:b6:90:33:66:1b:6b:23 + Serial Number: 9727763710660753659 (0x86fff58e10deb8fb) Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Aug 11 20:07:37 2016 GMT - Not After : May 8 20:07:37 2019 GMT + Not Before: Apr 13 15:23:09 2018 GMT + Not After : Jan 7 15:23:09 2021 GMT Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -38,32 +37,32 @@ Certificate: X509v3 Authority Key Identifier: keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:B7:B6:90:33:66:1B:6B:23 + serial:86:FF:F5:8E:10:DE:B8:FB X509v3 Basic Constraints: CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 0e:93:48:44:4a:72:96:60:71:25:82:a9:2c:ca:60:5b:f2:88: - 3e:cf:11:74:5a:11:4a:dc:d9:d8:f6:58:2c:05:d3:56:d9:e9: - 8f:37:ef:8e:3e:3b:ff:22:36:00:ca:d8:e2:96:3f:a7:d1:ed: - 1f:de:7a:b0:d7:8f:36:bd:41:55:1e:d4:b9:86:3b:87:25:69: - 35:60:48:d6:e4:5a:94:ce:a2:fa:70:38:36:c4:85:b4:4b:23: - fe:71:9e:2f:db:06:c7:b5:9c:21:f0:3e:7c:eb:91:f8:5c:09: - fd:84:43:a4:b3:4e:04:0c:22:31:71:6a:48:c8:ab:bb:e8:ce: - fa:67:15:1a:3a:82:98:43:33:b5:0e:1f:1e:89:f8:37:de:1b: - e6:b5:a0:f4:a2:8b:b7:1c:90:ba:98:6d:94:21:08:80:5d:f3: - bf:66:ad:c9:72:28:7a:6a:48:ee:cf:63:69:31:8c:c5:8e:66: - da:4b:78:65:e8:03:3a:4b:f8:cc:42:54:d3:52:5c:2d:04:ae: - 26:87:e1:7e:40:cb:45:41:16:4b:6e:a3:2e:4a:76:bd:29:7f: - 1c:53:37:06:ad:e9:5b:6a:d6:b7:4e:94:a2:7c:e8:ac:4e:a6: - 50:3e:2b:32:9e:68:42:1b:e4:59:67:61:ea:c7:9a:51:9c:1c: - 55:a3:77:76 + 9e:28:88:72:00:ca:e6:e7:97:ca:c1:f1:1f:9e:12:b2:b8:c7: + 51:ea:28:e1:36:b5:2d:e6:2f:08:23:cb:a9:4a:87:25:c6:5d: + 89:45:ea:f5:00:98:ac:76:fb:1b:af:f0:ce:64:9e:da:08:bf: + b6:eb:b4:b5:0c:a0:e7:f6:47:59:1c:61:cf:2e:0e:58:a4:82: + ac:0f:3f:ec:c4:ae:80:f7:b0:8a:1e:85:41:e8:ff:fe:fe:4f: + 1a:24:d5:49:fa:fb:fe:5e:e5:d3:91:0e:4f:4e:0c:21:51:71: + 83:04:6b:62:7b:4f:59:76:48:81:1e:b4:f7:04:47:8a:91:57: + a3:11:a9:f2:20:b4:78:33:62:3d:b0:5e:0d:f9:86:38:82:da: + a1:98:8d:19:06:87:21:39:b7:02:f7:da:7d:58:ba:52:15:d8: + 3b:c9:7b:58:34:a0:c7:e2:7c:a9:83:13:e1:b6:ec:01:bf:52: + 33:0b:c4:fe:43:d3:c6:a4:8e:2f:87:7f:7a:44:ea:ca:53:6c: + 85:ed:65:76:73:31:03:4e:ea:bd:35:54:13:f3:64:87:6b:df: + 34:dd:34:a1:88:3b:db:4d:af:1b:64:90:92:71:30:8e:c8:cc: + e5:60:24:af:31:16:39:33:91:50:f9:ab:68:42:74:7a:35:d9: + dd:c8:c4:52 -----BEGIN CERTIFICATE----- -MIIEqjCCA5KgAwIBAgIJALe2kDNmG2sjMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD +MIIEqjCCA5KgAwIBAgIJAIb/9Y4Q3rj7MA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3 dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAe -Fw0xNjA4MTEyMDA3MzdaFw0xOTA1MDgyMDA3MzdaMIGUMQswCQYDVQQGEwJVUzEQ +Fw0xODA0MTMxNTIzMDlaFw0yMTAxMDcxNTIzMDlaMIGUMQswCQYDVQQGEwJVUzEQ MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3 dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZI @@ -77,11 +76,11 @@ XDjNdyXvvYB1U5Q8PcpjW58VtdMdEy8Z0TzbdjrMuH3J5cLX2kBv2CHccxtCLVOc J45nEXTDJh0/7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYD VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290 aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t -MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkAt7aQM2YbayMwDAYD -VR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEADpNIREpylmBxJYKpLMpgW/KI -Ps8RdFoRStzZ2PZYLAXTVtnpjzfvjj47/yI2AMrY4pY/p9HtH956sNePNr1BVR7U -uYY7hyVpNWBI1uRalM6i+nA4NsSFtEsj/nGeL9sGx7WcIfA+fOuR+FwJ/YRDpLNO -BAwiMXFqSMiru+jO+mcVGjqCmEMztQ4fHon4N94b5rWg9KKLtxyQuphtlCEIgF3z -v2atyXIoempI7s9jaTGMxY5m2kt4ZegDOkv4zEJU01JcLQSuJofhfkDLRUEWS26j -Lkp2vSl/HFM3Bq3pW2rWt06UonzorE6mUD4rMp5oQhvkWWdh6seaUZwcVaN3dg== +MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkAhv/1jhDeuPswDAYD +VR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAniiIcgDK5ueXysHxH54SsrjH +Ueoo4Ta1LeYvCCPLqUqHJcZdiUXq9QCYrHb7G6/wzmSe2gi/tuu0tQyg5/ZHWRxh +zy4OWKSCrA8/7MSugPewih6FQej//v5PGiTVSfr7/l7l05EOT04MIVFxgwRrYntP +WXZIgR609wRHipFXoxGp8iC0eDNiPbBeDfmGOILaoZiNGQaHITm3AvfafVi6UhXY +O8l7WDSgx+J8qYMT4bbsAb9SMwvE/kPTxqSOL4d/ekTqylNshe1ldnMxA07qvTVU +E/Nkh2vfNN00oYg7202vG2SQknEwjsjM5WAkrzEWOTORUPmraEJ0ejXZ3cjEUg== -----END CERTIFICATE----- diff --git a/certs/ca-ecc-cert.der b/certs/ca-ecc-cert.der old mode 100755 new mode 100644 index 1c34f6bf9..b3f2f1ef5 Binary files a/certs/ca-ecc-cert.der and b/certs/ca-ecc-cert.der differ diff --git a/certs/ca-ecc-cert.pem b/certs/ca-ecc-cert.pem old mode 100755 new mode 100644 index c292b14fd..c613f7694 --- a/certs/ca-ecc-cert.pem +++ b/certs/ca-ecc-cert.pem @@ -1,13 +1,12 @@ Certificate: Data: Version: 3 (0x2) - Serial Number: - 97:b4:bd:16:78:f8:47:f2 + Serial Number: 18234557164704975011 (0xfd0e292166cb48a3) Signature Algorithm: ecdsa-with-SHA256 Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Oct 20 18:19:06 2017 GMT - Not After : Oct 15 18:19:06 2037 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: id-ecPublicKey @@ -31,16 +30,16 @@ Certificate: X509v3 Key Usage: critical Digital Signature, Certificate Sign, CRL Sign Signature Algorithm: ecdsa-with-SHA256 - 30:45:02:20:32:26:81:e4:15:ec:e3:aa:d3:e5:b8:2a:ca:a3: - 06:a7:04:97:d8:43:7f:d4:94:47:f8:18:0d:93:52:23:8b:08: - 02:21:00:e1:9e:34:d0:92:ee:56:0d:23:38:4a:20:bc:cf:11: - c3:33:77:96:81:56:2b:ca:c4:d5:c6:65:5d:36:73:2f:ba + 30:46:02:21:00:f0:7b:cc:24:73:19:3f:61:68:ed:c8:0a:54: + 4a:b8:ac:79:ef:10:32:91:52:2c:3e:bf:50:aa:5f:18:c1:97: + f5:02:21:00:d9:4b:63:67:6f:9b:29:a9:d7:6b:63:9b:98:9f: + 32:82:36:da:f0:a9:f7:51:b4:97:aa:fa:fa:dd:ef:ef:4a:ae -----BEGIN CERTIFICATE----- -MIICijCCAjCgAwIBAgIJAJe0vRZ4+EfyMAoGCCqGSM49BAMCMIGXMQswCQYDVQQG +MIICizCCAjCgAwIBAgIJAP0OKSFmy0ijMAoGCCqGSM49BAMCMIGXMQswCQYDVQQG EwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEQMA4G A1UECgwHd29sZlNTTDEUMBIGA1UECwwLRGV2ZWxvcG1lbnQxGDAWBgNVBAMMD3d3 dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAe -Fw0xNzEwMjAxODE5MDZaFw0zNzEwMTUxODE5MDZaMIGXMQswCQYDVQQGEwJVUzET +Fw0xODA0MTMxNTIzMTBaFw0yMTAxMDcxNTIzMTBaMIGXMQswCQYDVQQGEwJVUzET MBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEQMA4GA1UECgwH d29sZlNTTDEUMBIGA1UECwwLRGV2ZWxvcG1lbnQxGDAWBgNVBAMMD3d3dy53b2xm c3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTBZMBMGByqG @@ -48,6 +47,6 @@ SM49AgEGCCqGSM49AwEHA0IABALT2W7WAY5FyLmQMeXATOOerSk4mLoQ1ukJKoCp LhcquYq/M4NG45UL5HdAtTtDRTMPYVN8N0TBy/yAyuhD6qejYzBhMB0GA1UdDgQW BBRWjprD8ELeGLlFVW75k8/qw/OlITAfBgNVHSMEGDAWgBRWjprD8ELeGLlFVW75 k8/qw/OlITAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAKBggqhkjO -PQQDAgNIADBFAiAyJoHkFezjqtPluCrKowanBJfYQ3/UlEf4GA2TUiOLCAIhAOGe -NNCS7lYNIzhKILzPEcMzd5aBVivKxNXGZV02cy+6 +PQQDAgNJADBGAiEA8HvMJHMZP2Fo7cgKVEq4rHnvEDKRUiw+v1CqXxjBl/UCIQDZ +S2Nnb5spqddrY5uYnzKCNtrwqfdRtJeq+vrd7+9Krg== -----END CERTIFICATE----- diff --git a/certs/ca-ecc-key.der b/certs/ca-ecc-key.der old mode 100755 new mode 100644 diff --git a/certs/ca-ecc-key.pem b/certs/ca-ecc-key.pem old mode 100755 new mode 100644 diff --git a/certs/ca-ecc384-cert.der b/certs/ca-ecc384-cert.der old mode 100755 new mode 100644 index 8aafaf51a..756876f9e Binary files a/certs/ca-ecc384-cert.der and b/certs/ca-ecc384-cert.der differ diff --git a/certs/ca-ecc384-cert.pem b/certs/ca-ecc384-cert.pem old mode 100755 new mode 100644 index 46ce36378..b17122ad7 --- a/certs/ca-ecc384-cert.pem +++ b/certs/ca-ecc384-cert.pem @@ -1,13 +1,12 @@ Certificate: Data: Version: 3 (0x2) - Serial Number: - f5:e1:8f:f1:4b:a6:83:8e + Serial Number: 18174562873897217159 (0xfc3904a40ea56c87) Signature Algorithm: ecdsa-with-SHA384 Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Oct 20 18:19:06 2017 GMT - Not After : Oct 15 18:19:06 2037 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: id-ecPublicKey @@ -33,18 +32,18 @@ Certificate: X509v3 Key Usage: critical Digital Signature, Certificate Sign, CRL Sign Signature Algorithm: ecdsa-with-SHA384 - 30:65:02:30:17:dd:b9:a5:e0:ec:8a:03:8b:66:45:69:ad:5e: - ad:32:bc:45:4c:89:85:3f:a1:dd:a4:74:4b:5d:08:65:1b:d8: - 07:00:49:5d:ef:10:fc:eb:8f:64:a8:62:99:88:20:59:02:31: - 00:94:40:64:29:86:d0:00:76:1c:98:23:9c:b7:9b:be:78:73: - 3a:88:be:52:00:3f:e3:81:36:d9:14:22:3d:9e:a2:8a:4a:56: - 9c:c4:3f:5f:88:2e:b1:a7:6c:4d:0e:cc:92 + 30:65:02:30:0d:0a:62:fb:e6:3a:fe:71:d8:2b:44:e5:97:34: + 04:a9:8c:0a:99:88:a0:bd:1f:b0:df:94:59:27:bb:2b:c6:2a: + be:a4:69:1b:cf:97:78:2a:28:96:ee:ba:d4:87:45:fd:02:31: + 00:c0:73:19:66:76:5e:9f:a3:65:85:41:ef:b7:7b:3d:63:6d: + 98:71:99:6f:9c:db:a8:5e:53:6e:a0:68:11:65:bc:78:74:28: + 69:c7:64:9d:88:f2:d8:c2:3d:29:03:83:23 -----BEGIN CERTIFICATE----- -MIICxzCCAk2gAwIBAgIJAPXhj/FLpoOOMAoGCCqGSM49BAMDMIGXMQswCQYDVQQG +MIICxzCCAk2gAwIBAgIJAPw5BKQOpWyHMAoGCCqGSM49BAMDMIGXMQswCQYDVQQG EwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEQMA4G A1UECgwHd29sZlNTTDEUMBIGA1UECwwLRGV2ZWxvcG1lbnQxGDAWBgNVBAMMD3d3 dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAe -Fw0xNzEwMjAxODE5MDZaFw0zNzEwMTUxODE5MDZaMIGXMQswCQYDVQQGEwJVUzET +Fw0xODA0MTMxNTIzMTBaFw0yMTAxMDcxNTIzMTBaMIGXMQswCQYDVQQGEwJVUzET MBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEQMA4GA1UECgwH d29sZlNTTDEUMBIGA1UECwwLRGV2ZWxvcG1lbnQxGDAWBgNVBAMMD3d3dy53b2xm c3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTB2MBAGByqG @@ -52,7 +51,7 @@ SM49AgEGBSuBBAAiA2IABO6C1DmasSeC9NfqxrwDHU2DYfQDrn692FqlufCOoqXa zoc7WqtEFpz1n2Ld9iDNnHY8QLE/lxffWfbN3s1GNcDtXi5ItmaRcXS3DD+5mreD vZM/X1AtcD/eNSXhkDuG4KNjMGEwHQYDVR0OBBYEFKvgwyZMGNRyu9KEjJwKBZKA ElNSMB8GA1UdIwQYMBaAFKvgwyZMGNRyu9KEjJwKBZKAElNSMA8GA1UdEwEB/wQF -MAMBAf8wDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMDA2gAMGUCMBfduaXg7IoD -i2ZFaa1erTK8RUyJhT+h3aR0S10IZRvYBwBJXe8Q/OuPZKhimYggWQIxAJRAZCmG -0AB2HJgjnLebvnhzOoi+UgA/44E22RQiPZ6iikpWnMQ/X4gusadsTQ7Mkg== +MAMBAf8wDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMDA2gAMGUCMA0KYvvmOv5x +2CtE5Zc0BKmMCpmIoL0fsN+UWSe7K8YqvqRpG8+XeCoolu661IdF/QIxAMBzGWZ2 +Xp+jZYVB77d7PWNtmHGZb5zbqF5TbqBoEWW8eHQoacdknYjy2MI9KQODIw== -----END CERTIFICATE----- diff --git a/certs/ca-ecc384-key.der b/certs/ca-ecc384-key.der old mode 100755 new mode 100644 diff --git a/certs/ca-ecc384-key.pem b/certs/ca-ecc384-key.pem old mode 100755 new mode 100644 diff --git a/certs/client-ca.pem b/certs/client-ca.pem index 5cf8269a4..795d5f7ab 100644 --- a/certs/client-ca.pem +++ b/certs/client-ca.pem @@ -1,13 +1,12 @@ Certificate: Data: Version: 3 (0x2) - Serial Number: - b9:bc:90:ed:ad:aa:0a:8c + Serial Number: 12305170416376042871 (0xaac4bf4c50bd5577) Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Montana, L=Bozeman, O=wolfSSL_2048, OU=Programming-2048, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Aug 11 20:07:37 2016 GMT - Not After : May 8 20:07:37 2019 GMT + Not Before: Apr 13 15:23:09 2018 GMT + Not After : Jan 7 15:23:09 2021 GMT Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL_2048, OU=Programming-2048, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -38,32 +37,32 @@ Certificate: X509v3 Authority Key Identifier: keyid:33:D8:45:66:D7:68:87:18:7E:54:0D:70:27:91:C7:26:D7:85:65:C0 DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL_2048/OU=Programming-2048/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:B9:BC:90:ED:AD:AA:0A:8C + serial:AA:C4:BF:4C:50:BD:55:77 X509v3 Basic Constraints: CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 33:85:08:b4:58:0e:a2:00:03:74:de:77:fb:d1:2b:76:9c:97: - 90:20:21:a2:e8:2e:22:50:26:04:76:ba:5b:47:79:e5:52:f7: - c4:0d:79:ff:62:3f:05:7c:c3:08:6c:e0:b7:81:d0:ce:c6:c9: - 46:b9:8e:4b:5f:56:79:4b:13:b6:d1:6b:66:4b:ce:00:0d:e3: - 76:5e:fb:cb:b5:5d:12:31:05:f1:bb:39:f6:86:90:ca:92:56: - a4:a0:75:21:b6:1d:4c:96:c3:45:eb:5a:91:94:32:d3:59:b8: - c9:73:1f:03:a9:81:63:e0:43:c0:1e:c8:65:be:3b:a7:53:c3: - 44:ff:b3:fb:47:84:a8:b6:9d:00:d5:6b:ae:87:f8:bb:35:b2: - 6c:66:0b:11:ee:6f:fe:12:ed:59:79:f1:3e:f2:d3:61:27:8b: - 95:7e:99:75:8d:a4:9f:34:85:f1:25:4d:48:1e:9b:6b:70:f6: - 66:cc:56:b1:a3:02:52:8a:7c:aa:af:07:da:97:c6:0c:a5:8f: - ed:cb:f5:d8:04:5d:97:0a:5d:5a:2b:49:f5:bd:93:e5:23:9b: - 99:b5:0c:ff:0c:7e:38:82:b2:6e:ab:8a:c9:a7:45:ab:d6:d7: - 93:35:70:07:7e:c8:3d:a5:fe:33:8f:d9:85:c0:c7:5a:02:e4: - 7c:d6:35:9e + 80:52:54:61:2a:77:80:53:44:a9:80:6d:45:ff:0d:25:7d:1a: + 8f:23:93:53:74:35:12:6f:f0:2e:20:ea:ed:80:63:69:88:e6: + 0c:a1:49:30:e0:82:db:68:0f:7e:84:ac:ff:ff:7b:42:fa:7e: + 2f:b2:52:9f:d2:79:5e:35:12:27:36:bc:df:96:58:44:96:55: + c8:4a:94:02:5f:4a:9d:dc:d3:3a:f7:6d:ac:8b:79:6e:fc:be: + 8f:23:58:6a:8a:f5:38:0a:42:f6:98:74:88:53:2e:02:af:e1: + 0e:be:6f:cc:74:33:7c:ec:b4:cb:a7:49:6d:82:42:4f:eb:73: + 29:c3:32:00:2b:15:f8:88:7a:8f:6d:20:1b:ae:65:5f:c5:d0: + 8a:d1:e2:64:6d:a3:a8:fe:64:e1:a9:5b:e6:d0:23:d6:02:72: + 5a:ec:03:8e:87:67:19:8d:e4:a8:99:15:c1:3d:91:48:99:8d: + fe:ae:1c:bf:f6:28:1b:45:be:ad:ef:72:83:9a:f6:c7:3b:51: + a3:6e:7a:73:bd:83:aa:97:fd:63:b4:f4:6b:1c:14:81:9a:ef: + 14:24:d3:e1:8b:f4:04:04:84:54:0f:61:a2:a8:f2:50:37:0c: + 17:0c:bc:e0:c2:84:85:f4:0b:ae:00:ca:9f:27:e2:44:4f:15: + 0b:8b:1d:b4 -----BEGIN CERTIFICATE----- -MIIEyjCCA7KgAwIBAgIJALm8kO2tqgqMMA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD +MIIEyjCCA7KgAwIBAgIJAKrEv0xQvVV3MA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEVMBMG A1UECgwMd29sZlNTTF8yMDQ4MRkwFwYDVQQLDBBQcm9ncmFtbWluZy0yMDQ4MRgw FgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29s -ZnNzbC5jb20wHhcNMTYwODExMjAwNzM3WhcNMTkwNTA4MjAwNzM3WjCBnjELMAkG +ZnNzbC5jb20wHhcNMTgwNDEzMTUyMzA5WhcNMjEwMTA3MTUyMzA5WjCBnjELMAkG A1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFTAT BgNVBAoMDHdvbGZTU0xfMjA0ODEZMBcGA1UECwwQUHJvZ3JhbW1pbmctMjA0ODEY MBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv @@ -78,24 +77,23 @@ xybXhWXAMIHTBgNVHSMEgcswgciAFDPYRWbXaIcYflQNcCeRxybXhWXAoYGkpIGh MIGeMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96 ZW1hbjEVMBMGA1UECgwMd29sZlNTTF8yMDQ4MRkwFwYDVQQLDBBQcm9ncmFtbWlu Zy0yMDQ4MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEW -EGluZm9Ad29sZnNzbC5jb22CCQC5vJDtraoKjDAMBgNVHRMEBTADAQH/MA0GCSqG -SIb3DQEBCwUAA4IBAQAzhQi0WA6iAAN03nf70St2nJeQICGi6C4iUCYEdrpbR3nl -UvfEDXn/Yj8FfMMIbOC3gdDOxslGuY5LX1Z5SxO20WtmS84ADeN2XvvLtV0SMQXx -uzn2hpDKklakoHUhth1MlsNF61qRlDLTWbjJcx8DqYFj4EPAHshlvjunU8NE/7P7 -R4Sotp0A1Wuuh/i7NbJsZgsR7m/+Eu1ZefE+8tNhJ4uVfpl1jaSfNIXxJU1IHptr -cPZmzFaxowJSinyqrwfal8YMpY/ty/XYBF2XCl1aK0n1vZPlI5uZtQz/DH44grJu -q4rJp0Wr1teTNXAHfsg9pf4zj9mFwMdaAuR81jWe +EGluZm9Ad29sZnNzbC5jb22CCQCqxL9MUL1VdzAMBgNVHRMEBTADAQH/MA0GCSqG +SIb3DQEBCwUAA4IBAQCAUlRhKneAU0SpgG1F/w0lfRqPI5NTdDUSb/AuIOrtgGNp +iOYMoUkw4ILbaA9+hKz//3tC+n4vslKf0nleNRInNrzfllhEllXISpQCX0qd3NM6 +922si3lu/L6PI1hqivU4CkL2mHSIUy4Cr+EOvm/MdDN87LTLp0ltgkJP63MpwzIA +KxX4iHqPbSAbrmVfxdCK0eJkbaOo/mThqVvm0CPWAnJa7AOOh2cZjeSomRXBPZFI +mY3+rhy/9igbRb6t73KDmvbHO1GjbnpzvYOql/1jtPRrHBSBmu8UJNPhi/QEBIRU +D2GiqPJQNwwXDLzgwoSF9AuuAMqfJ+JETxULix20 -----END CERTIFICATE----- Certificate: Data: Version: 3 (0x2) - Serial Number: - e7:72:a6:9e:13:1d:17:5c + Serial Number: 10646345548447194541 (0x93bf6ade9b419dad) Signature Algorithm: ecdsa-with-SHA256 Issuer: C=US, ST=Oregon, L=Salem, O=Client ECC, OU=Fast, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Aug 11 20:07:38 2016 GMT - Not After : May 8 20:07:38 2019 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Oregon, L=Salem, O=Client ECC, OU=Fast, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: id-ecPublicKey @@ -114,21 +112,21 @@ Certificate: X509v3 Authority Key Identifier: keyid:EB:D4:4B:59:6B:95:61:3F:51:57:B6:04:4D:89:41:88:44:5C:AB:F2 DirName:/C=US/ST=Oregon/L=Salem/O=Client ECC/OU=Fast/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:E7:72:A6:9E:13:1D:17:5C + serial:93:BF:6A:DE:9B:41:9D:AD X509v3 Basic Constraints: CA:TRUE Signature Algorithm: ecdsa-with-SHA256 - 30:45:02:20:43:9a:b6:7e:87:8e:8c:d7:16:f1:0d:d2:50:11: - a4:ac:b6:ac:07:ef:e9:60:e1:90:a2:5f:c9:76:e6:54:1a:81: - 02:21:00:d6:8b:7c:ba:53:12:05:06:fa:8f:c5:c7:58:c3:9a: - 9f:a1:84:8c:b4:88:83:4d:6a:b4:b7:85:7a:b3:3c:f3:df + 30:44:02:20:61:bc:9d:4d:88:64:86:b8:71:aa:35:59:68:b8: + ee:2c:f3:23:b5:1a:b9:ba:41:50:a8:c6:c3:58:eb:58:bd:60: + 02:20:61:aa:eb:b5:73:0d:01:db:69:8f:52:f5:72:6d:37:42: + b5:fd:94:b6:6e:b1:c4:25:2e:96:96:f3:39:b2:5d:ea -----BEGIN CERTIFICATE----- -MIIDCTCCAq+gAwIBAgIJAOdypp4THRdcMAoGCCqGSM49BAMCMIGNMQswCQYDVQQG +MIIDCDCCAq+gAwIBAgIJAJO/at6bQZ2tMAoGCCqGSM49BAMCMIGNMQswCQYDVQQG EwJVUzEPMA0GA1UECAwGT3JlZ29uMQ4wDAYDVQQHDAVTYWxlbTETMBEGA1UECgwK Q2xpZW50IEVDQzENMAsGA1UECwwERmFzdDEYMBYGA1UEAwwPd3d3LndvbGZzc2wu -Y29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE2MDgxMTIw -MDczOFoXDTE5MDUwODIwMDczOFowgY0xCzAJBgNVBAYTAlVTMQ8wDQYDVQQIDAZP +Y29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE4MDQxMzE1 +MjMxMFoXDTIxMDEwNzE1MjMxMFowgY0xCzAJBgNVBAYTAlVTMQ8wDQYDVQQIDAZP cmVnb24xDjAMBgNVBAcMBVNhbGVtMRMwEQYDVQQKDApDbGllbnQgRUNDMQ0wCwYD VQQLDARGYXN0MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0B CQEWEGluZm9Ad29sZnNzbC5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARV @@ -138,7 +136,7 @@ RFyr8jCBwgYDVR0jBIG6MIG3gBTr1EtZa5VhP1FXtgRNiUGIRFyr8qGBk6SBkDCB jTELMAkGA1UEBhMCVVMxDzANBgNVBAgMBk9yZWdvbjEOMAwGA1UEBwwFU2FsZW0x EzARBgNVBAoMCkNsaWVudCBFQ0MxDTALBgNVBAsMBEZhc3QxGDAWBgNVBAMMD3d3 dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIJ -AOdypp4THRdcMAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIgQ5q2foeO -jNcW8Q3SUBGkrLasB+/pYOGQol/JduZUGoECIQDWi3y6UxIFBvqPxcdYw5qfoYSM -tIiDTWq0t4V6szzz3w== +AJO/at6bQZ2tMAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgYbydTYhk +hrhxqjVZaLjuLPMjtRq5ukFQqMbDWOtYvWACIGGq67VzDQHbaY9S9XJtN0K1/ZS2 +brHEJS6WlvM5sl3q -----END CERTIFICATE----- diff --git a/certs/client-cert-3072.pem b/certs/client-cert-3072.pem index 43484635d..f855437cc 100644 --- a/certs/client-cert-3072.pem +++ b/certs/client-cert-3072.pem @@ -1,108 +1,107 @@ Certificate: Data: Version: 3 (0x2) - Serial Number: - c9:72:2a:eb:e8:4a:47:e7 + Serial Number: 13102646209338242161 (0xb5d5f34e7d397471) Signature Algorithm: sha256WithRSAEncryption - Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_3072, OU = Programming-3072, CN = www.wolfssl.com, emailAddress = info@wolfssl.com + Issuer: C=US, ST=Montana, L=Bozeman, O=wolfSSL_3072, OU=Programming-3072, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Aug 11 05:14:40 2017 GMT - Not After : May 7 05:14:40 2020 GMT - Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_3072, OU = Programming-3072, CN = www.wolfssl.com, emailAddress = info@wolfssl.com + Not Before: Apr 13 15:23:09 2018 GMT + Not After : Jan 7 15:23:09 2021 GMT + Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL_3072, OU=Programming-3072, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (3072 bit) Modulus: - 00:c1:00:b0:1a:0a:ba:88:03:cc:92:d6:f7:2e:0d: - ad:be:60:f4:a4:53:a3:dc:f9:b6:48:6c:21:33:cf: - 7c:a0:c5:35:37:1a:5f:7e:65:33:07:b4:9a:d1:2e: - b2:ed:35:a1:c8:67:b3:db:39:05:8d:aa:81:74:00: - 85:22:72:f8:7d:39:47:53:00:56:71:cf:82:d7:fc: - a2:7d:a0:6e:10:a2:96:db:cc:8e:e4:2d:9d:9d:5b: - 4a:43:5e:cb:3d:48:72:af:f4:6a:da:34:2f:ed:99: - c1:1b:fb:4c:56:8a:a0:66:8c:fb:5d:10:d5:5b:0f: - 96:04:d9:c5:b1:55:f5:88:76:db:d3:da:a1:dc:e9: - ee:d1:67:dd:bf:54:50:07:ef:2f:79:fb:4e:59:2a: - bf:92:0d:80:6f:7b:ec:79:65:9a:c3:08:c0:4f:c6: - 6b:33:bf:9d:4d:af:f9:83:af:25:42:4c:93:f1:9f: - d6:33:7d:d4:85:2a:77:44:1d:1f:ca:d3:22:ab:69: - 50:35:d8:47:3e:f7:9c:a8:e3:f9:84:60:9e:36:10: - 02:5c:9c:1f:33:1c:e6:bb:d0:5f:28:63:27:4c:b5: - 1c:71:b3:f4:7a:33:aa:45:70:a9:54:88:70:07:0e: - 45:4f:b1:7f:2a:fd:bf:31:da:97:96:c8:55:49:f2: - c3:b6:e6:08:78:ca:40:8b:2e:5d:8e:4e:6c:65:6b: - 57:f4:1d:ee:41:b6:ed:24:0d:38:f2:40:bd:7d:59: - 6b:c5:d6:67:e2:12:9b:10:05:fe:eb:40:1d:c5:73: - 75:ac:e9:9c:07:63:72:e4:c5:04:fe:c9:17:13:bf: - 04:02:0e:44:e9:9d:59:6e:7e:63:38:e6:db:31:21: - 28:5e:82:20:36:ad:26:fe:ba:6d:af:57:2e:32:aa: - a6:2c:54:b4:25:50:11:ac:25:8b:84:1b:7b:5d:ae: - df:e1:c4:32:3a:b4:60:6c:16:ef:9c:2c:a8:67:d0: - 53:f5:c8:97:9a:9e:81:25:e6:c7 + 00:af:48:ed:92:25:bb:e3:2a:ea:05:68:44:8d:c0: + 94:7f:06:d0:12:3e:ff:56:5d:7d:c9:75:a9:43:6a: + 0b:73:6b:ff:20:a2:d8:a7:fa:b5:28:04:72:7e:e8: + 16:a6:a9:03:61:e7:ec:85:67:38:6f:15:8c:81:91: + ca:92:d5:5f:41:11:71:e8:81:76:20:b6:a1:60:35: + 84:33:9d:e6:a5:5d:75:c8:8f:df:03:9d:7e:c3:7c: + 89:08:be:95:8f:39:9c:37:06:8f:53:6b:0c:e2:63: + dd:da:49:35:e4:52:8b:c1:69:00:12:c5:e2:74:b9: + be:10:a3:23:96:af:fa:34:54:e3:31:db:ac:ec:58: + 2e:98:9e:11:1e:df:9f:a1:cc:44:1d:3e:b0:b4:37: + 79:8c:c3:f9:19:9c:ff:08:79:ba:4b:0b:1c:7b:a7: + d6:d2:50:b6:d6:ba:af:95:50:97:10:9e:f9:6e:49: + d1:9d:68:f5:95:2b:09:27:a3:68:76:2c:c1:a8:aa: + ca:98:cb:c9:37:77:0c:fc:7c:3a:5d:81:56:5e:65: + ee:f0:e0:1f:1c:b6:c6:f7:dd:19:18:6b:a5:5b:a8: + 71:7f:de:35:c9:19:26:b1:90:d6:6d:d0:b4:82:cd: + 5f:1a:0c:66:b5:de:94:d3:bd:09:ff:fb:96:f0:b5: + 32:fe:0e:c1:06:09:79:07:0e:cc:d9:f6:f4:d6:f6: + 7b:a3:bb:82:37:b3:54:02:66:4f:b9:8a:20:f4:53: + 35:23:ad:c8:40:c1:e0:50:98:51:20:52:ae:ef:a3: + 1a:1c:2b:18:8c:c3:88:2e:91:a4:c1:dd:7b:20:b7: + 9b:6a:6a:57:0a:59:f6:cd:b7:ea:42:d5:45:21:67: + 37:0f:57:b0:bf:f5:bd:01:30:2c:ad:08:3f:77:10: + 2c:b4:57:29:c0:8a:b3:b6:41:ea:c7:b3:96:19:9a: + 4c:31:f6:bc:ce:1e:48:dd:ce:88:a5:86:b1:d0:dd: + a3:d4:7d:f8:d7:dc:d2:27:d0:45 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - FA:B8:8A:0E:1D:E7:2B:22:BA:2D:F4:54:DD:7E:D4:63:8A:AB:E7:95 + CC:81:03:F3:0A:30:C9:1E:66:9D:CE:D4:9C:2A:2A:A7:EB:53:93:5B X509v3 Authority Key Identifier: - keyid:FA:B8:8A:0E:1D:E7:2B:22:BA:2D:F4:54:DD:7E:D4:63:8A:AB:E7:95 + keyid:CC:81:03:F3:0A:30:C9:1E:66:9D:CE:D4:9C:2A:2A:A7:EB:53:93:5B DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL_3072/OU=Programming-3072/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:C9:72:2A:EB:E8:4A:47:E7 + serial:B5:D5:F3:4E:7D:39:74:71 X509v3 Basic Constraints: CA:TRUE Signature Algorithm: sha256WithRSAEncryption - b3:20:83:3d:56:e2:b9:a6:8f:a9:46:fe:ad:9f:c7:d5:e2:dc: - db:78:1e:4c:ca:d5:bd:38:5d:20:bc:18:f9:a0:33:7e:09:df: - 89:61:15:85:6d:80:78:3d:b4:6b:30:e6:f3:8a:8f:b2:5d:a0: - 6b:41:51:24:1c:4c:5e:db:0d:af:6d:56:12:1b:91:01:ed:0e: - 1c:1a:15:95:8f:99:1f:7f:e7:65:e7:0a:fe:24:0c:e0:a1:1f: - 16:7f:55:2e:48:98:97:3f:98:a7:90:1f:20:ec:b6:16:fa:2a: - d2:91:3a:5f:83:df:cd:a3:51:37:19:69:c3:be:c9:35:bb:32: - 47:e9:e5:30:1f:cd:27:ac:4d:05:31:d9:06:33:5c:6e:f5:bb: - 22:b6:7c:68:3d:82:f2:c0:2e:00:34:d9:ed:ba:fc:f5:39:04: - 53:32:b7:bb:ff:c6:a1:bc:50:8e:d5:43:b6:48:07:8b:3d:47: - 4a:f7:22:f1:c3:4d:3d:db:d4:ca:e6:77:4d:94:7c:79:36:df: - 81:de:a7:fc:24:0e:7c:ec:72:2e:4d:b2:dc:7c:93:98:29:62: - 8b:67:0a:dd:c5:2f:ea:e1:b0:1d:d2:9d:91:74:30:3f:14:10: - 03:95:36:1b:02:2a:84:22:51:fa:26:fb:a4:a7:a7:d0:3f:12: - 0d:bc:14:c8:cd:60:a1:53:44:e3:5b:7a:63:ee:3e:50:f8:4a: - ea:0a:2e:c2:9d:69:0c:4b:c6:ea:cd:b2:0d:d0:de:13:09:c9: - f9:d5:7c:e4:f4:b1:55:8f:59:9e:86:b9:51:77:ad:35:06:35: - fa:2c:76:06:41:b9:21:13:dd:94:02:34:66:e0:21:86:8e:08: - 9d:06:71:f2:bc:c3:34:10:ff:3d:d4:0c:70:8a:3c:bb:8a:ea: - af:a1:b3:63:78:95:e4:c8:54:3c:87:c5:b4:97:7a:19:a3:59: - 75:ac:d6:5b:48:47:55:e8:24:20:fa:e8:2b:66:5d:6a:17:47: - ce:38:93:a7:d1:ed + a6:ac:1e:20:0c:ea:46:15:52:0e:14:39:36:f5:2a:44:39:e7: + c5:6b:42:1c:00:7a:ca:58:b5:d0:17:44:70:ea:5c:45:4d:99: + e9:2c:8d:89:1b:53:f9:5a:00:86:ed:b1:45:c4:71:c5:13:b2: + ce:79:b5:27:b1:92:f0:fd:c6:e2:7e:71:e9:a1:0d:92:b5:a9: + 91:70:21:a0:32:60:05:98:0b:30:6e:26:81:4b:6a:90:e2:1b: + e0:7d:c4:e9:ae:84:cb:38:e7:00:1a:c8:9a:98:5e:80:d4:c2: + 10:ad:4e:e8:9b:f9:e8:24:95:42:05:34:11:a8:2e:19:14:75: + f9:ed:f9:e7:ae:20:fd:a3:8b:5e:87:dd:b9:fa:46:eb:26:67: + 61:40:7a:32:4f:55:d5:90:21:b7:dc:05:06:d8:a3:06:2e:44: + ac:28:8a:79:6a:bc:2a:ef:47:44:b6:7c:98:a7:6a:99:6e:0e: + 55:23:a4:db:ff:95:f3:03:04:87:53:56:6d:95:c2:0e:61:90: + 4a:ca:54:76:a9:41:2f:3f:22:8e:33:a3:b2:e3:b5:04:c0:bd: + f0:05:03:f1:6a:fa:39:b1:49:55:d4:bc:71:fb:22:79:4f:e5: + 68:fe:c7:e1:df:29:3b:26:82:a3:eb:a6:ba:0a:9e:c3:ef:53: + a1:75:16:ce:2c:0b:8b:5d:a0:26:43:00:15:0f:12:72:ed:de: + 62:91:5c:83:c8:a2:b9:9d:be:f4:1f:5a:44:be:d2:86:0f:7c: + 11:16:1d:34:67:ef:03:2b:ff:81:83:cc:5d:a7:47:65:a5:cf: + 56:9f:e5:57:33:a0:3f:03:e9:48:46:e9:4c:6c:d2:b4:10:f0: + 0c:1f:ea:32:d1:6b:cb:97:27:ca:3b:24:52:21:c5:e3:ca:c3: + c1:83:d7:91:03:61:20:af:e2:2c:94:fb:a2:39:16:6a:2f:78: + f3:d7:ad:a7:a6:e1:7e:c0:98:2c:56:a1:84:14:b8:37:60:d3: + e8:ef:1c:3e:69:2b -----BEGIN CERTIFICATE----- -MIIFyjCCBDKgAwIBAgIJAMlyKuvoSkfnMA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD +MIIFyjCCBDKgAwIBAgIJALXV8059OXRxMA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEVMBMG A1UECgwMd29sZlNTTF8zMDcyMRkwFwYDVQQLDBBQcm9ncmFtbWluZy0zMDcyMRgw FgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29s -ZnNzbC5jb20wHhcNMTcwODExMDUxNDQwWhcNMjAwNTA3MDUxNDQwWjCBnjELMAkG +ZnNzbC5jb20wHhcNMTgwNDEzMTUyMzA5WhcNMjEwMTA3MTUyMzA5WjCBnjELMAkG A1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFTAT BgNVBAoMDHdvbGZTU0xfMzA3MjEZMBcGA1UECwwQUHJvZ3JhbW1pbmctMzA3MjEY MBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv -bGZzc2wuY29tMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAwQCwGgq6 -iAPMktb3Lg2tvmD0pFOj3Pm2SGwhM898oMU1NxpffmUzB7Sa0S6y7TWhyGez2zkF -jaqBdACFInL4fTlHUwBWcc+C1/yifaBuEKKW28yO5C2dnVtKQ17LPUhyr/Rq2jQv -7ZnBG/tMVoqgZoz7XRDVWw+WBNnFsVX1iHbb09qh3Onu0Wfdv1RQB+8veftOWSq/ -kg2Ab3vseWWawwjAT8ZrM7+dTa/5g68lQkyT8Z/WM33UhSp3RB0fytMiq2lQNdhH -PvecqOP5hGCeNhACXJwfMxzmu9BfKGMnTLUccbP0ejOqRXCpVIhwBw5FT7F/Kv2/ -MdqXlshVSfLDtuYIeMpAiy5djk5sZWtX9B3uQbbtJA048kC9fVlrxdZn4hKbEAX+ -60AdxXN1rOmcB2Ny5MUE/skXE78EAg5E6Z1Zbn5jOObbMSEoXoIgNq0m/rptr1cu -MqqmLFS0JVARrCWLhBt7Xa7f4cQyOrRgbBbvnCyoZ9BT9ciXmp6BJebHAgMBAAGj -ggEHMIIBAzAdBgNVHQ4EFgQU+riKDh3nKyK6LfRU3X7UY4qr55UwgdMGA1UdIwSB -yzCByIAU+riKDh3nKyK6LfRU3X7UY4qr55WhgaSkgaEwgZ4xCzAJBgNVBAYTAlVT +bGZzc2wuY29tMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAr0jtkiW7 +4yrqBWhEjcCUfwbQEj7/Vl19yXWpQ2oLc2v/IKLYp/q1KARyfugWpqkDYefshWc4 +bxWMgZHKktVfQRFx6IF2ILahYDWEM53mpV11yI/fA51+w3yJCL6VjzmcNwaPU2sM +4mPd2kk15FKLwWkAEsXidLm+EKMjlq/6NFTjMdus7FgumJ4RHt+focxEHT6wtDd5 +jMP5GZz/CHm6Swsce6fW0lC21rqvlVCXEJ75bknRnWj1lSsJJ6NodizBqKrKmMvJ +N3cM/Hw6XYFWXmXu8OAfHLbG990ZGGulW6hxf941yRkmsZDWbdC0gs1fGgxmtd6U +070J//uW8LUy/g7BBgl5Bw7M2fb01vZ7o7uCN7NUAmZPuYog9FM1I63IQMHgUJhR +IFKu76MaHCsYjMOILpGkwd17ILebampXCln2zbfqQtVFIWc3D1ewv/W9ATAsrQg/ +dxAstFcpwIqztkHqx7OWGZpMMfa8zh5I3c6IpYax0N2j1H3419zSJ9BFAgMBAAGj +ggEHMIIBAzAdBgNVHQ4EFgQUzIED8wowyR5mnc7UnCoqp+tTk1swgdMGA1UdIwSB +yzCByIAUzIED8wowyR5mnc7UnCoqp+tTk1uhgaSkgaEwgZ4xCzAJBgNVBAYTAlVT MRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRUwEwYDVQQKDAx3 b2xmU1NMXzMwNzIxGTAXBgNVBAsMEFByb2dyYW1taW5nLTMwNzIxGDAWBgNVBAMM D3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNv -bYIJAMlyKuvoSkfnMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggGBALMg -gz1W4rmmj6lG/q2fx9Xi3Nt4HkzK1b04XSC8GPmgM34J34lhFYVtgHg9tGsw5vOK -j7JdoGtBUSQcTF7bDa9tVhIbkQHtDhwaFZWPmR9/52XnCv4kDOChHxZ/VS5ImJc/ -mKeQHyDsthb6KtKROl+D382jUTcZacO+yTW7Mkfp5TAfzSesTQUx2QYzXG71uyK2 -fGg9gvLALgA02e26/PU5BFMyt7v/xqG8UI7VQ7ZIB4s9R0r3IvHDTT3b1Mrmd02U -fHk234Hep/wkDnzsci5Nstx8k5gpYotnCt3FL+rhsB3SnZF0MD8UEAOVNhsCKoQi -Ufom+6Snp9A/Eg28FMjNYKFTRONbemPuPlD4SuoKLsKdaQxLxurNsg3Q3hMJyfnV -fOT0sVWPWZ6GuVF3rTUGNfosdgZBuSET3ZQCNGbgIYaOCJ0GcfK8wzQQ/z3UDHCK -PLuK6q+hs2N4leTIVDyHxbSXehmjWXWs1ltIR1XoJCD66CtmXWoXR844k6fR7Q== +bYIJALXV8059OXRxMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggGBAKas +HiAM6kYVUg4UOTb1KkQ558VrQhwAespYtdAXRHDqXEVNmeksjYkbU/laAIbtsUXE +ccUTss55tSexkvD9xuJ+cemhDZK1qZFwIaAyYAWYCzBuJoFLapDiG+B9xOmuhMs4 +5wAayJqYXoDUwhCtTuib+egklUIFNBGoLhkUdfnt+eeuIP2ji16H3bn6RusmZ2FA +ejJPVdWQIbfcBQbYowYuRKwoinlqvCrvR0S2fJinapluDlUjpNv/lfMDBIdTVm2V +wg5hkErKVHapQS8/Io4zo7LjtQTAvfAFA/Fq+jmxSVXUvHH7InlP5Wj+x+HfKTsm +gqPrproKnsPvU6F1Fs4sC4tdoCZDABUPEnLt3mKRXIPIormdvvQfWkS+0oYPfBEW +HTRn7wMr/4GDzF2nR2Wlz1af5VczoD8D6UhG6Uxs0rQQ8Awf6jLRa8uXJ8o7JFIh +xePKw8GD15EDYSCv4iyU+6I5FmovePPXraem4X7AmCxWoYQUuDdg0+jvHD5pKw== -----END CERTIFICATE----- diff --git a/certs/client-cert.der b/certs/client-cert.der index 4c19dd8e7..5241ec374 100644 Binary files a/certs/client-cert.der and b/certs/client-cert.der differ diff --git a/certs/client-cert.pem b/certs/client-cert.pem index 9262ad609..9b6a8190d 100644 --- a/certs/client-cert.pem +++ b/certs/client-cert.pem @@ -1,13 +1,12 @@ Certificate: Data: Version: 3 (0x2) - Serial Number: - b9:bc:90:ed:ad:aa:0a:8c + Serial Number: 12305170416376042871 (0xaac4bf4c50bd5577) Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Montana, L=Bozeman, O=wolfSSL_2048, OU=Programming-2048, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Aug 11 20:07:37 2016 GMT - Not After : May 8 20:07:37 2019 GMT + Not Before: Apr 13 15:23:09 2018 GMT + Not After : Jan 7 15:23:09 2021 GMT Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL_2048, OU=Programming-2048, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -38,32 +37,32 @@ Certificate: X509v3 Authority Key Identifier: keyid:33:D8:45:66:D7:68:87:18:7E:54:0D:70:27:91:C7:26:D7:85:65:C0 DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL_2048/OU=Programming-2048/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:B9:BC:90:ED:AD:AA:0A:8C + serial:AA:C4:BF:4C:50:BD:55:77 X509v3 Basic Constraints: CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 33:85:08:b4:58:0e:a2:00:03:74:de:77:fb:d1:2b:76:9c:97: - 90:20:21:a2:e8:2e:22:50:26:04:76:ba:5b:47:79:e5:52:f7: - c4:0d:79:ff:62:3f:05:7c:c3:08:6c:e0:b7:81:d0:ce:c6:c9: - 46:b9:8e:4b:5f:56:79:4b:13:b6:d1:6b:66:4b:ce:00:0d:e3: - 76:5e:fb:cb:b5:5d:12:31:05:f1:bb:39:f6:86:90:ca:92:56: - a4:a0:75:21:b6:1d:4c:96:c3:45:eb:5a:91:94:32:d3:59:b8: - c9:73:1f:03:a9:81:63:e0:43:c0:1e:c8:65:be:3b:a7:53:c3: - 44:ff:b3:fb:47:84:a8:b6:9d:00:d5:6b:ae:87:f8:bb:35:b2: - 6c:66:0b:11:ee:6f:fe:12:ed:59:79:f1:3e:f2:d3:61:27:8b: - 95:7e:99:75:8d:a4:9f:34:85:f1:25:4d:48:1e:9b:6b:70:f6: - 66:cc:56:b1:a3:02:52:8a:7c:aa:af:07:da:97:c6:0c:a5:8f: - ed:cb:f5:d8:04:5d:97:0a:5d:5a:2b:49:f5:bd:93:e5:23:9b: - 99:b5:0c:ff:0c:7e:38:82:b2:6e:ab:8a:c9:a7:45:ab:d6:d7: - 93:35:70:07:7e:c8:3d:a5:fe:33:8f:d9:85:c0:c7:5a:02:e4: - 7c:d6:35:9e + 80:52:54:61:2a:77:80:53:44:a9:80:6d:45:ff:0d:25:7d:1a: + 8f:23:93:53:74:35:12:6f:f0:2e:20:ea:ed:80:63:69:88:e6: + 0c:a1:49:30:e0:82:db:68:0f:7e:84:ac:ff:ff:7b:42:fa:7e: + 2f:b2:52:9f:d2:79:5e:35:12:27:36:bc:df:96:58:44:96:55: + c8:4a:94:02:5f:4a:9d:dc:d3:3a:f7:6d:ac:8b:79:6e:fc:be: + 8f:23:58:6a:8a:f5:38:0a:42:f6:98:74:88:53:2e:02:af:e1: + 0e:be:6f:cc:74:33:7c:ec:b4:cb:a7:49:6d:82:42:4f:eb:73: + 29:c3:32:00:2b:15:f8:88:7a:8f:6d:20:1b:ae:65:5f:c5:d0: + 8a:d1:e2:64:6d:a3:a8:fe:64:e1:a9:5b:e6:d0:23:d6:02:72: + 5a:ec:03:8e:87:67:19:8d:e4:a8:99:15:c1:3d:91:48:99:8d: + fe:ae:1c:bf:f6:28:1b:45:be:ad:ef:72:83:9a:f6:c7:3b:51: + a3:6e:7a:73:bd:83:aa:97:fd:63:b4:f4:6b:1c:14:81:9a:ef: + 14:24:d3:e1:8b:f4:04:04:84:54:0f:61:a2:a8:f2:50:37:0c: + 17:0c:bc:e0:c2:84:85:f4:0b:ae:00:ca:9f:27:e2:44:4f:15: + 0b:8b:1d:b4 -----BEGIN CERTIFICATE----- -MIIEyjCCA7KgAwIBAgIJALm8kO2tqgqMMA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD +MIIEyjCCA7KgAwIBAgIJAKrEv0xQvVV3MA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEVMBMG A1UECgwMd29sZlNTTF8yMDQ4MRkwFwYDVQQLDBBQcm9ncmFtbWluZy0yMDQ4MRgw FgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29s -ZnNzbC5jb20wHhcNMTYwODExMjAwNzM3WhcNMTkwNTA4MjAwNzM3WjCBnjELMAkG +ZnNzbC5jb20wHhcNMTgwNDEzMTUyMzA5WhcNMjEwMTA3MTUyMzA5WjCBnjELMAkG A1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFTAT BgNVBAoMDHdvbGZTU0xfMjA0ODEZMBcGA1UECwwQUHJvZ3JhbW1pbmctMjA0ODEY MBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv @@ -78,11 +77,11 @@ xybXhWXAMIHTBgNVHSMEgcswgciAFDPYRWbXaIcYflQNcCeRxybXhWXAoYGkpIGh MIGeMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96 ZW1hbjEVMBMGA1UECgwMd29sZlNTTF8yMDQ4MRkwFwYDVQQLDBBQcm9ncmFtbWlu Zy0yMDQ4MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEW -EGluZm9Ad29sZnNzbC5jb22CCQC5vJDtraoKjDAMBgNVHRMEBTADAQH/MA0GCSqG -SIb3DQEBCwUAA4IBAQAzhQi0WA6iAAN03nf70St2nJeQICGi6C4iUCYEdrpbR3nl -UvfEDXn/Yj8FfMMIbOC3gdDOxslGuY5LX1Z5SxO20WtmS84ADeN2XvvLtV0SMQXx -uzn2hpDKklakoHUhth1MlsNF61qRlDLTWbjJcx8DqYFj4EPAHshlvjunU8NE/7P7 -R4Sotp0A1Wuuh/i7NbJsZgsR7m/+Eu1ZefE+8tNhJ4uVfpl1jaSfNIXxJU1IHptr -cPZmzFaxowJSinyqrwfal8YMpY/ty/XYBF2XCl1aK0n1vZPlI5uZtQz/DH44grJu -q4rJp0Wr1teTNXAHfsg9pf4zj9mFwMdaAuR81jWe +EGluZm9Ad29sZnNzbC5jb22CCQCqxL9MUL1VdzAMBgNVHRMEBTADAQH/MA0GCSqG +SIb3DQEBCwUAA4IBAQCAUlRhKneAU0SpgG1F/w0lfRqPI5NTdDUSb/AuIOrtgGNp +iOYMoUkw4ILbaA9+hKz//3tC+n4vslKf0nleNRInNrzfllhEllXISpQCX0qd3NM6 +922si3lu/L6PI1hqivU4CkL2mHSIUy4Cr+EOvm/MdDN87LTLp0ltgkJP63MpwzIA +KxX4iHqPbSAbrmVfxdCK0eJkbaOo/mThqVvm0CPWAnJa7AOOh2cZjeSomRXBPZFI +mY3+rhy/9igbRb6t73KDmvbHO1GjbnpzvYOql/1jtPRrHBSBmu8UJNPhi/QEBIRU +D2GiqPJQNwwXDLzgwoSF9AuuAMqfJ+JETxULix20 -----END CERTIFICATE----- diff --git a/certs/client-ecc-cert.der b/certs/client-ecc-cert.der index 346a6e4b0..d6c5dbba9 100644 Binary files a/certs/client-ecc-cert.der and b/certs/client-ecc-cert.der differ diff --git a/certs/client-ecc-cert.pem b/certs/client-ecc-cert.pem index 459871429..217035bdd 100644 --- a/certs/client-ecc-cert.pem +++ b/certs/client-ecc-cert.pem @@ -1,13 +1,12 @@ Certificate: Data: Version: 3 (0x2) - Serial Number: - e7:72:a6:9e:13:1d:17:5c + Serial Number: 10646345548447194541 (0x93bf6ade9b419dad) Signature Algorithm: ecdsa-with-SHA256 Issuer: C=US, ST=Oregon, L=Salem, O=Client ECC, OU=Fast, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Aug 11 20:07:38 2016 GMT - Not After : May 8 20:07:38 2019 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Oregon, L=Salem, O=Client ECC, OU=Fast, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: id-ecPublicKey @@ -26,21 +25,21 @@ Certificate: X509v3 Authority Key Identifier: keyid:EB:D4:4B:59:6B:95:61:3F:51:57:B6:04:4D:89:41:88:44:5C:AB:F2 DirName:/C=US/ST=Oregon/L=Salem/O=Client ECC/OU=Fast/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:E7:72:A6:9E:13:1D:17:5C + serial:93:BF:6A:DE:9B:41:9D:AD X509v3 Basic Constraints: CA:TRUE Signature Algorithm: ecdsa-with-SHA256 - 30:45:02:20:43:9a:b6:7e:87:8e:8c:d7:16:f1:0d:d2:50:11: - a4:ac:b6:ac:07:ef:e9:60:e1:90:a2:5f:c9:76:e6:54:1a:81: - 02:21:00:d6:8b:7c:ba:53:12:05:06:fa:8f:c5:c7:58:c3:9a: - 9f:a1:84:8c:b4:88:83:4d:6a:b4:b7:85:7a:b3:3c:f3:df + 30:44:02:20:61:bc:9d:4d:88:64:86:b8:71:aa:35:59:68:b8: + ee:2c:f3:23:b5:1a:b9:ba:41:50:a8:c6:c3:58:eb:58:bd:60: + 02:20:61:aa:eb:b5:73:0d:01:db:69:8f:52:f5:72:6d:37:42: + b5:fd:94:b6:6e:b1:c4:25:2e:96:96:f3:39:b2:5d:ea -----BEGIN CERTIFICATE----- -MIIDCTCCAq+gAwIBAgIJAOdypp4THRdcMAoGCCqGSM49BAMCMIGNMQswCQYDVQQG +MIIDCDCCAq+gAwIBAgIJAJO/at6bQZ2tMAoGCCqGSM49BAMCMIGNMQswCQYDVQQG EwJVUzEPMA0GA1UECAwGT3JlZ29uMQ4wDAYDVQQHDAVTYWxlbTETMBEGA1UECgwK Q2xpZW50IEVDQzENMAsGA1UECwwERmFzdDEYMBYGA1UEAwwPd3d3LndvbGZzc2wu -Y29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE2MDgxMTIw -MDczOFoXDTE5MDUwODIwMDczOFowgY0xCzAJBgNVBAYTAlVTMQ8wDQYDVQQIDAZP +Y29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE4MDQxMzE1 +MjMxMFoXDTIxMDEwNzE1MjMxMFowgY0xCzAJBgNVBAYTAlVTMQ8wDQYDVQQIDAZP cmVnb24xDjAMBgNVBAcMBVNhbGVtMRMwEQYDVQQKDApDbGllbnQgRUNDMQ0wCwYD VQQLDARGYXN0MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0B CQEWEGluZm9Ad29sZnNzbC5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARV @@ -50,7 +49,7 @@ RFyr8jCBwgYDVR0jBIG6MIG3gBTr1EtZa5VhP1FXtgRNiUGIRFyr8qGBk6SBkDCB jTELMAkGA1UEBhMCVVMxDzANBgNVBAgMBk9yZWdvbjEOMAwGA1UEBwwFU2FsZW0x EzARBgNVBAoMCkNsaWVudCBFQ0MxDTALBgNVBAsMBEZhc3QxGDAWBgNVBAMMD3d3 dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIJ -AOdypp4THRdcMAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIgQ5q2foeO -jNcW8Q3SUBGkrLasB+/pYOGQol/JduZUGoECIQDWi3y6UxIFBvqPxcdYw5qfoYSM -tIiDTWq0t4V6szzz3w== +AJO/at6bQZ2tMAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgYbydTYhk +hrhxqjVZaLjuLPMjtRq5ukFQqMbDWOtYvWACIGGq67VzDQHbaY9S9XJtN0K1/ZS2 +brHEJS6WlvM5sl3q -----END CERTIFICATE----- diff --git a/certs/client-key-3072.pem b/certs/client-key-3072.pem index 431a4a66c..1d0d05b8a 100644 --- a/certs/client-key-3072.pem +++ b/certs/client-key-3072.pem @@ -1,40 +1,40 @@ -----BEGIN PRIVATE KEY----- -MIIG/wIBADANBgkqhkiG9w0BAQEFAASCBukwggblAgEAAoIBgQDBALAaCrqIA8yS -1vcuDa2+YPSkU6Pc+bZIbCEzz3ygxTU3Gl9+ZTMHtJrRLrLtNaHIZ7PbOQWNqoF0 -AIUicvh9OUdTAFZxz4LX/KJ9oG4QopbbzI7kLZ2dW0pDXss9SHKv9GraNC/tmcEb -+0xWiqBmjPtdENVbD5YE2cWxVfWIdtvT2qHc6e7RZ92/VFAH7y95+05ZKr+SDYBv -e+x5ZZrDCMBPxmszv51Nr/mDryVCTJPxn9YzfdSFKndEHR/K0yKraVA12Ec+95yo -4/mEYJ42EAJcnB8zHOa70F8oYydMtRxxs/R6M6pFcKlUiHAHDkVPsX8q/b8x2peW -yFVJ8sO25gh4ykCLLl2OTmxla1f0He5Btu0kDTjyQL19WWvF1mfiEpsQBf7rQB3F -c3Ws6ZwHY3LkxQT+yRcTvwQCDkTpnVlufmM45tsxIShegiA2rSb+um2vVy4yqqYs -VLQlUBGsJYuEG3tdrt/hxDI6tGBsFu+cLKhn0FP1yJeanoEl5scCAwEAAQKCAYA4 -2WMFyLM47SWM+xTD0/OhaB2naZuSs1sl6fO9txgWowARwwrtyBFH68LOatr5VBrb -VPB9WkZwfBC1gpG0m/jlqcGAiVDtJRp9VETojCDfdYTKKW7Nd0I93234eiuTWYuu -mGgA7e5QJkHjZBoQQ7ULf+tqdlLiB61AsISyv4cbMyd9N6EF2UInHFkMymDodWOe -oo9pZFYZRzDVpcL53xu+5wz+couRKpfDElqEl0p6ROQu/82wTRgUQXXv8kQzEg1Z -Ccm9D66IPLHviG19utUSNll2Fq3i7V88It+NFzBp4yzNvoXOiUFWwDoqHUve2ifV -UDKITEE8Zh3Cm/UGdbNk+lkMOu5tmE0l1tOe2F+9RAjB1SnN8qxMqgMnmftEKYja -3Do9feU0H2ZmKfK6dfECB7NsuVg9mI66Dew0rjQJ0oRG1+qqvPgHROcVnMBMmeU1 -bsF2yV2RWCc/4RFuAEi0VM2SgYOst5Voa+Os15rFxZ3APC+FqDmzYyyKVfXpgMEC -gcEA7NuwxVGiseKGVZXG1/JJm86hCNkyAFMx1soGQDXyCZfTKFTwuJr+rImkOLnj -J8i5cGa8v8E8obH/bMeM6hI8qsJ5jr1yHluZBGOy+VNmeV1pCLpCeXF/enn9gTq4 -m+X6SCxCn/SQdnr1Z5HT9yTcsWSzKk+T7uVKCZomfmBJyK3hhYsUsCaE0eQjgGfm -yY/HKFVni/wmYLxnDwrMNtIK6aBA3cRrUr8MG8DZDVdourXMUo+G61kEaAV2Wu2R -QrEzAoHBANCZrjOcPOZ5ojRmvqIiwX39U5Ucu9gkYvi63fJgzUcZKoH67D4pK1T7 -lvQ93hVnno0tKW16+lUS7EkQs4xmSPK07jQn0xYOkTcBnu4b/lkSIaFouecFd+ls -XKlMz9VR91s89Hnuz0qXL7gpO2D9/bfonAXTsQyyTgNK3opwA4J0AKT+9PUTehGe -pT7OtupGMh7osuNzX7v/9L5VBz24ZOiI35yypOnK/DHJDKzXnXGBxHhEwmdAQe0T -BKMQ8nDcHQKBwQDCdCpQFJFpUPvQT8KLj1J3I9B5Hzc5pROJrxoqpR8sWQT2W6W1 -KSpkJCw6lgGzq8rySKY1F0Pby/JTMBC0Kny8BCUf1tBVtAWP4PoSTzIV+WY90Ay6 -/z8VIgnJipf9BXXQwuV/xJzFaHUIrmRCxnSY/n9JAUQGISADehaYMhzhMD+yD1jQ -tQ7d8lpjFOoYGH380wDLoBsx1/sUEl1NtGtZGkOmzZb+u/II5u5LUbOddZtlPIgb -t10yuSlNxTQ4eJkCgcEAgxbg23wm5Wuw3J9o03lmAWgOe5mIDqenLso4KlZdCn4t -MWvfxJyYp5pH3gt3IhpxECU+cJek84ulw7DkNKoe06+SNmKEi8rxxRCWsOoUqCL1 -0Xp/wUe1eJJplNc5kMQm30ZqGKpTyHtEOMZok2ZqaIWcbyj+jY0L65PEUFleSz/d -G9NBWzY3MxVwoQzE9GrSmov/x2I82mdahbXnjAjyGRPS+qVlb6rpW9wNxBzny2oS -bsY/KSW/iF24P0WqJfSdAoHBAMrAqYYkbFVboqKXci8ngzrBIPTweUaQetseywd3 -EsBoCuIub/zOHrXPyEHpQpsWBoyCs7/wFy+e2E8qWJ9GBqVaUdpO1PQbgDBTg3C4 -lx91pXJ9wHFFMX7evHYLFLLce6ofhrRDch97aFvdDP0dB7fh32FRUyJzPQwVXOcL -OEyaN2q+5mTLVIohiiryb6SmsD2qbAzym32/826Fku2zwX8j2xdCP/AkdnIPz/L0 -H3pgMZYSzYmd0dbSva225DqVew== +MIIG/AIBADANBgkqhkiG9w0BAQEFAASCBuYwggbiAgEAAoIBgQCvSO2SJbvjKuoF +aESNwJR/BtASPv9WXX3JdalDagtza/8gotin+rUoBHJ+6BamqQNh5+yFZzhvFYyB +kcqS1V9BEXHogXYgtqFgNYQznealXXXIj98DnX7DfIkIvpWPOZw3Bo9TawziY93a +STXkUovBaQASxeJ0ub4QoyOWr/o0VOMx26zsWC6YnhEe35+hzEQdPrC0N3mMw/kZ +nP8IebpLCxx7p9bSULbWuq+VUJcQnvluSdGdaPWVKwkno2h2LMGoqsqYy8k3dwz8 +fDpdgVZeZe7w4B8ctsb33RkYa6VbqHF/3jXJGSaxkNZt0LSCzV8aDGa13pTTvQn/ ++5bwtTL+DsEGCXkHDszZ9vTW9nuju4I3s1QCZk+5iiD0UzUjrchAweBQmFEgUq7v +oxocKxiMw4gukaTB3Xsgt5tqalcKWfbNt+pC1UUhZzcPV7C/9b0BMCytCD93ECy0 +VynAirO2QerHs5YZmkwx9rzOHkjdzoilhrHQ3aPUffjX3NIn0EUCAwEAAQKCAYBz +146qd6WkjEf9KtujkxKQoMACTwAQ49itu8UReJP4w/boarckzNvMhqPkmx3dJvXF +TrFRuNXjFCq3ttJaGAnLxuuw7V5UYF5mZvfn5QL5ZrrgwbRxfzS3nSYzUUEmVryW +4Q734lexhq6oBJpJOwSB3hLeVUlEOz0RYb+zZrnEvBUqbjPqPp0M3+oQrVmiZIzf +hv7hG4iJLzsBYnBp+YjU75LzZgjjFdTANMC1vX0Yzvepm7+ceDFVVAvI1oXDE/AQ +ABIzyDGk4qmypwLJ7jqAQcZVpIltJRVYBqq7UE7ZlsJ3Z08Vy0XkTyYliogWlPYW +c612Jcabp8z6P1KTcWGo2EfKmj8kRqs9Z3y1AFr3Zsd3KwscjgoKl/C8JnKlPYQo +tsnRhJneqXz61fa11kgRo7KWrS3gzEc9R5FpeYR8zU80ycXNC3LT/r9kIbpEHe6u +ju5S7sINTMd6GMz5uXOzoSiojZeHLgYatvMpoEMpSTJrYZEd8iHg+lbQr8rafgEC +gcEA46EqlOF9sTa3JP25P51+Dpd4LAwR81b2LKLNEYYH8uRnlkM126DqA6/WFy7O +xwIV3xr2irYZXEF/pZDGegxxcNTVmtHTjtXuxKiXBGzxyIgDsAHa8ZNLmA37W1cn +t2TaPqeh89eh8FZDHjKsRN6OWBreNk9iSouZOEkK/7KwDObgYI1vdOMKgKvjdIri +XTSmltfmRmfbcp6z56ViboSLkh29mRzijokLGo9xM69uTzDKMh8UFoyzUfv6gTfw +rRUtAoHBAMUhofp9yqStYepPL/hvNuPsr/CMwFxzYHZT6LeVE3fdH3w5pjK6XeAp +AGe+2YcKqtpso6alnfnnTH4XhGnGO0wCTxQDGkWX0Xs8bt2eiHyG0Rn6Ry6/r1hr +DrAEYbXDuFm0MCC11glJhWvCaWvKhNzsWc7WtQB6+QVgk1ek8Ich4DnC9TtbG4SK +agAsDBrtbJbOgWa9BA1vLIkriuAfzOYTLQevAViIzmvfIKpM7BcyPmBfaMWM/gPO +jIGKJNjGeQKBwGVWQpa1LDfQnAgjzGy9uHjWhfFWDke+1ylX8ON0P+WqOVNz6G42 +XPf3N+BqPjPqgcIpRsjJ+NBReHpE0ZdUIsyQc+fQsdZM91clltWpipozszCQIuCZ +KnYvA0/OpSfIBkEOb9MWlElinc670GV4jvY6P+L9xExbiYK9QeBDtIyJ3CofzRbE +XNCbtU8U5WGJJwDQbPu7EL8eWAkwX3nEGD6cbuPTMCk0aXURltvjpcArgFh/7Xl8 +efhtrUAJn2PuoQKBwAvHcrJRCebFJXCmwqsJmjIMVob9IhFkI4NuiB1QHxWudM8r +cq7dS/a0/H02fjD/hi3/B9hRVRs1ovB130eivLBSAv+jH9LAu5etiMJdUrJ+K8ht +mAtHEOcrnnkOCfiedUmG5slNlDiB2CMUPtBeDYpV5Rfi5HXe4zpbBvLZvDWW5JsO +9zBQxVgqHSNdfmutfCuWs0y8Rp224uZfX7D8tXWZ97rZzi7IHe18K6uBZSoNqoR/ +rvb+8b6wfNzQsFrzoQKBwF69oVncsP7Nv8awy6D/MppuhwCi24vFTa7h4BfCQxS5 +vlWYdjsQZNyRH2mpEWiHMQuTXXFX2c5JYJx4cKe0MkqtTESfC4APkjShTCxxGrA3 +TfyWsZ0dO6XdWKIJuRBD9dcrOTt/PYYBdJveFEja4ts6taOH78whvX7bVA5SmpSY +l2i77spfstkfUGgtEJipZbUs0ZSHSRVbSpgxOIFwIhRe+wSfN8t8e+g8PvhX1kM9 +YHkIqaBL1AXGLFCRYm4FIA== -----END PRIVATE KEY----- diff --git a/certs/client-relative-uri.pem b/certs/client-relative-uri.pem new file mode 100644 index 000000000..f4e0f5ca0 --- /dev/null +++ b/certs/client-relative-uri.pem @@ -0,0 +1,90 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 9930516258332383263 (0x89d047ec3e24981f) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Montana, L=Bozeman, O=wolfSSL_2048, OU=RELATIVE_URI, CN=www.wolfssl.com/emailAddress=info@wolfssl.com + Validity + Not Before: May 14 20:24:06 2018 GMT + Not After : Feb 7 20:24:06 2021 GMT + Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL_2048, OU=RELATIVE_URI, CN=www.wolfssl.com/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c3:03:d1:2b:fe:39:a4:32:45:3b:53:c8:84:2b: + 2a:7c:74:9a:bd:aa:2a:52:07:47:d6:a6:36:b2:07: + 32:8e:d0:ba:69:7b:c6:c3:44:9e:d4:81:48:fd:2d: + 68:a2:8b:67:bb:a1:75:c8:36:2c:4a:d2:1b:f7:8b: + ba:cf:0d:f9:ef:ec:f1:81:1e:7b:9b:03:47:9a:bf: + 65:cc:7f:65:24:69:a6:e8:14:89:5b:e4:34:f7:c5: + b0:14:93:f5:67:7b:3a:7a:78:e1:01:56:56:91:a6: + 13:42:8d:d2:3c:40:9c:4c:ef:d1:86:df:37:51:1b: + 0c:a1:3b:f5:f1:a3:4a:35:e4:e1:ce:96:df:1b:7e: + bf:4e:97:d0:10:e8:a8:08:30:81:af:20:0b:43:14: + c5:74:67:b4:32:82:6f:8d:86:c2:88:40:99:36:83: + ba:1e:40:72:22:17:d7:52:65:24:73:b0:ce:ef:19: + cd:ae:ff:78:6c:7b:c0:12:03:d4:4e:72:0d:50:6d: + 3b:a3:3b:a3:99:5e:9d:c8:d9:0c:85:b3:d9:8a:d9: + 54:26:db:6d:fa:ac:bb:ff:25:4c:c4:d1:79:f4:71: + d3:86:40:18:13:b0:63:b5:72:4e:30:c4:97:84:86: + 2d:56:2f:d7:15:f7:7f:c0:ae:f5:fc:5b:e5:fb:a1: + ba:d3 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 33:D8:45:66:D7:68:87:18:7E:54:0D:70:27:91:C7:26:D7:85:65:C0 + X509v3 Authority Key Identifier: + keyid:33:D8:45:66:D7:68:87:18:7E:54:0D:70:27:91:C7:26:D7:85:65:C0 + DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL_2048/OU=RELATIVE_URI/CN=www.wolfssl.com/emailAddress=info@wolfssl.com + serial:89:D0:47:EC:3E:24:98:1F + + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Alternative Name: + URI:../relative/page.html + Signature Algorithm: sha256WithRSAEncryption + 29:cb:c0:50:61:da:51:c5:da:50:15:b7:bd:c3:f4:9b:c5:b8: + 2a:9b:6c:c7:91:7a:26:e3:eb:48:d2:40:fa:e3:ab:f9:b7:e2: + 4a:37:9b:b6:03:ad:9c:f4:f2:5d:12:eb:5c:c6:97:c4:3a:18: + 99:70:47:49:93:f3:a5:32:ab:aa:22:71:6f:5c:36:1c:42:2f: + d4:19:da:64:73:84:d3:1e:a8:5f:af:8a:58:e7:64:18:38:79: + 69:f2:08:d4:f2:be:b0:9c:18:d8:f1:a5:eb:b6:9c:67:21:0f: + ba:bf:95:68:e9:d2:23:56:84:cf:87:7c:a4:2a:3a:0d:c1:72: + 3a:43:da:53:bb:6c:f0:b5:f1:03:3c:ff:b6:0a:1f:54:c5:1b: + d5:40:80:24:74:e2:f6:4c:41:88:f1:df:a3:36:64:78:e9:c2: + 0e:c3:0f:f3:5f:19:e6:44:85:79:e1:6a:ee:78:39:9b:58:e3: + c4:39:27:d7:05:1a:b9:7c:21:75:61:7a:71:53:fd:fc:7f:57: + ef:3a:19:be:69:c6:cb:73:49:bd:72:7d:2b:eb:68:52:8e:0f: + d7:47:d3:90:86:5a:14:03:0d:dc:6b:07:10:57:2b:e0:b6:d2: + a0:49:2d:63:88:d0:17:b3:b2:50:c4:60:15:1e:b6:ce:13:14: + 0d:ec:45:eb +-----BEGIN CERTIFICATE----- +MIIE3TCCA8WgAwIBAgIJAInQR+w+JJgfMA0GCSqGSIb3DQEBCwUAMIGaMQswCQYD +VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEVMBMG +A1UECgwMd29sZlNTTF8yMDQ4MRUwEwYDVQQLDAxSRUxBVElWRV9VUkkxGDAWBgNV +BAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3Ns +LmNvbTAeFw0xODA1MTQyMDI0MDZaFw0yMTAyMDcyMDI0MDZaMIGaMQswCQYDVQQG +EwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEVMBMGA1UE +CgwMd29sZlNTTF8yMDQ4MRUwEwYDVQQLDAxSRUxBVElWRV9VUkkxGDAWBgNVBAMM +D3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNv +bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMMD0Sv+OaQyRTtTyIQr +Knx0mr2qKlIHR9amNrIHMo7Quml7xsNEntSBSP0taKKLZ7uhdcg2LErSG/eLus8N ++e/s8YEee5sDR5q/Zcx/ZSRppugUiVvkNPfFsBST9Wd7Onp44QFWVpGmE0KN0jxA +nEzv0YbfN1EbDKE79fGjSjXk4c6W3xt+v06X0BDoqAgwga8gC0MUxXRntDKCb42G +wohAmTaDuh5AciIX11JlJHOwzu8Zza7/eGx7wBID1E5yDVBtO6M7o5lencjZDIWz +2YrZVCbbbfqsu/8lTMTRefRx04ZAGBOwY7VyTjDEl4SGLVYv1xX3f8Cu9fxb5fuh +utMCAwEAAaOCASIwggEeMB0GA1UdDgQWBBQz2EVm12iHGH5UDXAnkccm14VlwDCB +zwYDVR0jBIHHMIHEgBQz2EVm12iHGH5UDXAnkccm14VlwKGBoKSBnTCBmjELMAkG +A1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFTAT +BgNVBAoMDHdvbGZTU0xfMjA0ODEVMBMGA1UECwwMUkVMQVRJVkVfVVJJMRgwFgYD +VQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNz +bC5jb22CCQCJ0EfsPiSYHzAJBgNVHRMEAjAAMCAGA1UdEQQZMBeGFS4uL3JlbGF0 +aXZlL3BhZ2UuaHRtbDANBgkqhkiG9w0BAQsFAAOCAQEAKcvAUGHaUcXaUBW3vcP0 +m8W4Kptsx5F6JuPrSNJA+uOr+bfiSjebtgOtnPTyXRLrXMaXxDoYmXBHSZPzpTKr +qiJxb1w2HEIv1BnaZHOE0x6oX6+KWOdkGDh5afII1PK+sJwY2PGl67acZyEPur+V +aOnSI1aEz4d8pCo6DcFyOkPaU7ts8LXxAzz/tgofVMUb1UCAJHTi9kxBiPHfozZk +eOnCDsMP818Z5kSFeeFq7ng5m1jjxDkn1wUauXwhdWF6cVP9/H9X7zoZvmnGy3NJ +vXJ9K+toUo4P10fTkIZaFAMN3GsHEFcr4LbSoEktY4jQF7OyUMRgFR62zhMUDexF +6w== +-----END CERTIFICATE----- diff --git a/certs/client-uri-cert.pem b/certs/client-uri-cert.pem new file mode 100644 index 000000000..1a96baccd --- /dev/null +++ b/certs/client-uri-cert.pem @@ -0,0 +1,89 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 9402123678722384441 (0x827b0dabd4896239) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Montana, L=Bozeman, O=wolfSSL_2048, OU=URI, CN=www.wolfssl.com/emailAddress=info@wolfssl.com + Validity + Not Before: May 8 21:54:16 2018 GMT + Not After : Feb 1 21:54:16 2021 GMT + Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL_2048, OU=URI, CN=www.wolfssl.com/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c3:03:d1:2b:fe:39:a4:32:45:3b:53:c8:84:2b: + 2a:7c:74:9a:bd:aa:2a:52:07:47:d6:a6:36:b2:07: + 32:8e:d0:ba:69:7b:c6:c3:44:9e:d4:81:48:fd:2d: + 68:a2:8b:67:bb:a1:75:c8:36:2c:4a:d2:1b:f7:8b: + ba:cf:0d:f9:ef:ec:f1:81:1e:7b:9b:03:47:9a:bf: + 65:cc:7f:65:24:69:a6:e8:14:89:5b:e4:34:f7:c5: + b0:14:93:f5:67:7b:3a:7a:78:e1:01:56:56:91:a6: + 13:42:8d:d2:3c:40:9c:4c:ef:d1:86:df:37:51:1b: + 0c:a1:3b:f5:f1:a3:4a:35:e4:e1:ce:96:df:1b:7e: + bf:4e:97:d0:10:e8:a8:08:30:81:af:20:0b:43:14: + c5:74:67:b4:32:82:6f:8d:86:c2:88:40:99:36:83: + ba:1e:40:72:22:17:d7:52:65:24:73:b0:ce:ef:19: + cd:ae:ff:78:6c:7b:c0:12:03:d4:4e:72:0d:50:6d: + 3b:a3:3b:a3:99:5e:9d:c8:d9:0c:85:b3:d9:8a:d9: + 54:26:db:6d:fa:ac:bb:ff:25:4c:c4:d1:79:f4:71: + d3:86:40:18:13:b0:63:b5:72:4e:30:c4:97:84:86: + 2d:56:2f:d7:15:f7:7f:c0:ae:f5:fc:5b:e5:fb:a1: + ba:d3 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 33:D8:45:66:D7:68:87:18:7E:54:0D:70:27:91:C7:26:D7:85:65:C0 + X509v3 Authority Key Identifier: + keyid:33:D8:45:66:D7:68:87:18:7E:54:0D:70:27:91:C7:26:D7:85:65:C0 + DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL_2048/OU=URI/CN=www.wolfssl.com/emailAddress=info@wolfssl.com + serial:82:7B:0D:AB:D4:89:62:39 + + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Alternative Name: + URI:https://www.wolfssl.com + Signature Algorithm: sha256WithRSAEncryption + 18:bb:46:7a:13:a5:32:c2:aa:1c:60:cf:d1:b7:59:f3:86:fd: + b4:db:62:6e:40:4d:d3:cb:b5:8f:0a:45:43:9f:0b:50:7b:ac: + 41:ed:27:32:a5:b3:fb:6a:a5:9c:36:00:f2:88:da:dd:80:b5: + 49:29:6c:4d:1c:22:24:07:5b:7b:9a:88:8b:21:a0:62:43:1c: + 14:23:d2:08:a8:27:cc:f2:d5:4f:e2:5c:b1:f8:3c:f5:7c:b2: + ef:b1:ad:1e:fe:a9:92:5f:00:26:fb:f3:8d:e2:c7:38:8a:9a: + e4:a8:4a:29:61:44:f6:80:61:09:5d:49:9b:1c:10:e0:1e:27: + 03:26:e2:46:01:83:49:6a:1d:5f:6e:71:c8:1e:61:44:32:2a: + 84:cd:5a:45:d3:9f:a4:ec:76:4b:1a:6c:26:ca:55:d7:c3:ad: + 94:57:7b:8b:d4:9f:be:25:3d:e2:30:08:d5:fb:18:9a:aa:ee: + c1:ce:bb:ea:de:5d:a7:77:40:c2:b1:57:aa:11:43:41:69:73: + 0c:bd:87:0e:b9:8d:ba:f9:cc:ac:38:60:8a:62:32:2a:c0:0d: + 1c:88:d3:d3:92:d6:f1:2e:82:67:8e:f5:42:b9:e4:28:b3:fd: + fb:7c:9a:16:5f:fe:20:da:37:5f:c2:5e:74:9b:99:f3:de:35: + 45:8d:49:28 +-----BEGIN CERTIFICATE----- +MIIExDCCA6ygAwIBAgIJAIJ7DavUiWI5MA0GCSqGSIb3DQEBCwUAMIGRMQswCQYD +VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEVMBMG +A1UECgwMd29sZlNTTF8yMDQ4MQwwCgYDVQQLDANVUkkxGDAWBgNVBAMMD3d3dy53 +b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0x +ODA1MDgyMTU0MTZaFw0yMTAyMDEyMTU0MTZaMIGRMQswCQYDVQQGEwJVUzEQMA4G +A1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEVMBMGA1UECgwMd29sZlNT +TF8yMDQ4MQwwCgYDVQQLDANVUkkxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEf +MB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBAMMD0Sv+OaQyRTtTyIQrKnx0mr2qKlIHR9amNrIHMo7Q +uml7xsNEntSBSP0taKKLZ7uhdcg2LErSG/eLus8N+e/s8YEee5sDR5q/Zcx/ZSRp +pugUiVvkNPfFsBST9Wd7Onp44QFWVpGmE0KN0jxAnEzv0YbfN1EbDKE79fGjSjXk +4c6W3xt+v06X0BDoqAgwga8gC0MUxXRntDKCb42GwohAmTaDuh5AciIX11JlJHOw +zu8Zza7/eGx7wBID1E5yDVBtO6M7o5lencjZDIWz2YrZVCbbbfqsu/8lTMTRefRx +04ZAGBOwY7VyTjDEl4SGLVYv1xX3f8Cu9fxb5fuhutMCAwEAAaOCARswggEXMB0G +A1UdDgQWBBQz2EVm12iHGH5UDXAnkccm14VlwDCBxgYDVR0jBIG+MIG7gBQz2EVm +12iHGH5UDXAnkccm14VlwKGBl6SBlDCBkTELMAkGA1UEBhMCVVMxEDAOBgNVBAgM +B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFTATBgNVBAoMDHdvbGZTU0xfMjA0 +ODEMMAoGA1UECwwDVVJJMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkq +hkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CCQCCew2r1IliOTAJBgNVHRMEAjAA +MCIGA1UdEQQbMBmGF2h0dHBzOi8vd3d3LndvbGZzc2wuY29tMA0GCSqGSIb3DQEB +CwUAA4IBAQAYu0Z6E6UywqocYM/Rt1nzhv2022JuQE3Ty7WPCkVDnwtQe6xB7Scy +pbP7aqWcNgDyiNrdgLVJKWxNHCIkB1t7moiLIaBiQxwUI9IIqCfM8tVP4lyx+Dz1 +fLLvsa0e/qmSXwAm+/ON4sc4iprkqEopYUT2gGEJXUmbHBDgHicDJuJGAYNJah1f +bnHIHmFEMiqEzVpF05+k7HZLGmwmylXXw62UV3uL1J++JT3iMAjV+xiaqu7Bzrvq +3l2nd0DCsVeqEUNBaXMMvYcOuY26+cysOGCKYjIqwA0ciNPTktbxLoJnjvVCueQo +s/37fJoWX/4g2jdfwl50m5nz3jVFjUko +-----END CERTIFICATE----- diff --git a/certs/crl/caEcc384Crl.pem b/certs/crl/caEcc384Crl.pem old mode 100755 new mode 100644 index 705551493..f8b35397c --- a/certs/crl/caEcc384Crl.pem +++ b/certs/crl/caEcc384Crl.pem @@ -2,29 +2,28 @@ Certificate Revocation List (CRL): Version 2 (0x1) Signature Algorithm: ecdsa-with-SHA256 Issuer: /C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Development/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - Last Update: Oct 20 18:19:08 2017 GMT - Next Update: Jul 16 18:19:08 2020 GMT + Last Update: May 29 22:47:57 2018 GMT + Next Update: Jan 7 22:47:57 2021 GMT CRL extensions: - X509v3 Authority Key Identifier: - keyid:AB:E0:C3:26:4C:18:D4:72:BB:D2:84:8C:9C:0A:05:92:80:12:53:52 - X509v3 CRL Number: - 8193 -No Revoked Certificates. + 5 +Revoked Certificates: + Serial Number: 02 + Revocation Date: May 29 22:47:57 2018 GMT Signature Algorithm: ecdsa-with-SHA256 - 30:65:02:31:00:ad:70:4b:08:03:b6:ab:d4:9e:8d:dd:2a:05: - ec:07:6b:86:61:08:69:08:1e:01:02:42:22:5f:a9:6d:4f:de: - 20:6b:aa:a0:8f:e4:0a:8e:40:7c:cf:84:fb:10:50:01:90:02: - 30:50:35:d3:6c:44:bd:ad:56:9d:3e:47:09:ac:b8:0d:db:5c: - 54:f2:1c:25:fb:d2:cb:63:2b:9e:17:a3:1e:0b:ba:15:a8:65: - 7e:5b:94:c0:11:f4:e2:c9:f1:25:ba:08:26 + 30:65:02:31:00:93:d7:82:a5:dc:83:90:fd:67:07:55:0a:70: + f4:61:8c:7d:9a:22:49:e7:a2:27:02:90:99:9e:cd:5d:58:ef: + 5e:fc:cb:ad:88:6a:ac:93:39:b2:85:e5:7b:22:fd:f4:23:02: + 30:5a:a8:08:73:d1:ac:59:02:7d:5c:33:16:b2:18:d1:8b:98: + a4:16:f5:bd:cb:aa:60:07:7a:39:17:0b:06:8d:58:f2:12:98: + 2e:09:01:a7:f2:b6:7d:69:3c:35:ef:4b:e0 -----BEGIN X509 CRL----- -MIIBcjCB+QIBATAKBggqhkjOPQQDAjCBlzELMAkGA1UEBhMCVVMxEzARBgNVBAgM +MIIBZjCB7QIBATAKBggqhkjOPQQDAjCBlzELMAkGA1UEBhMCVVMxEzARBgNVBAgM Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZTU0wx FDASBgNVBAsMC0RldmVsb3BtZW50MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20x -HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTE3MTAyMDE4MTkwOFoX -DTIwMDcxNjE4MTkwOFqgMDAuMB8GA1UdIwQYMBaAFKvgwyZMGNRyu9KEjJwKBZKA -ElNSMAsGA1UdFAQEAgIgATAKBggqhkjOPQQDAgNoADBlAjEArXBLCAO2q9Sejd0q -BewHa4ZhCGkIHgECQiJfqW1P3iBrqqCP5AqOQHzPhPsQUAGQAjBQNdNsRL2tVp0+ -RwmsuA3bXFTyHCX70stjK54Xox4LuhWoZX5blMAR9OLJ8SW6CCY= +HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTE4MDUyOTIyNDc1N1oX +DTIxMDEwNzIyNDc1N1owFDASAgECFw0xODA1MjkyMjQ3NTdaoA4wDDAKBgNVHRQE +AwIBBTAKBggqhkjOPQQDAgNoADBlAjEAk9eCpdyDkP1nB1UKcPRhjH2aIknnoicC +kJmezV1Y7178y62IaqyTObKF5Xsi/fQjAjBaqAhz0axZAn1cMxayGNGLmKQW9b3L +qmAHejkXCwaNWPISmC4JAafytn1pPDXvS+A= -----END X509 CRL----- diff --git a/certs/crl/caEccCrl.pem b/certs/crl/caEccCrl.pem old mode 100755 new mode 100644 index 5d8341bac..23799573c --- a/certs/crl/caEccCrl.pem +++ b/certs/crl/caEccCrl.pem @@ -2,27 +2,25 @@ Certificate Revocation List (CRL): Version 2 (0x1) Signature Algorithm: ecdsa-with-SHA256 Issuer: /C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Development/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - Last Update: Oct 20 18:19:08 2017 GMT - Next Update: Jul 16 18:19:08 2020 GMT + Last Update: May 29 22:47:57 2018 GMT + Next Update: Jan 7 22:47:57 2021 GMT CRL extensions: - X509v3 Authority Key Identifier: - keyid:56:8E:9A:C3:F0:42:DE:18:B9:45:55:6E:F9:93:CF:EA:C3:F3:A5:21 - X509v3 CRL Number: - 8192 -No Revoked Certificates. + 4 +Revoked Certificates: + Serial Number: 02 + Revocation Date: May 29 22:47:57 2018 GMT Signature Algorithm: ecdsa-with-SHA256 - 30:45:02:20:51:84:45:49:4b:69:3a:e0:84:d2:9c:e4:62:c9: - 4c:30:83:ba:3e:5a:f6:ea:2c:54:50:17:26:4d:fc:82:5f:d2: - 02:21:00:e5:6b:a6:1c:e3:83:07:cd:59:04:66:00:a0:76:77: - 11:d8:82:76:fd:a9:2d:cc:3a:db:3a:0f:b5:1a:a6:f3:a8 + 30:45:02:20:56:6f:9b:7d:a8:f2:8e:f1:f5:76:fa:f2:89:1a: + a4:0f:c4:5c:e8:60:33:a5:39:2d:d1:0a:72:4e:4e:ac:5e:fe: + 02:21:00:b9:66:ac:5c:dc:8c:98:f1:f8:bb:cf:ff:13:06:3e: + 47:b8:24:22:54:89:95:60:11:ab:31:60:27:4d:c4:9c:70 -----BEGIN X509 CRL----- -MIIBUjCB+QIBATAKBggqhkjOPQQDAjCBlzELMAkGA1UEBhMCVVMxEzARBgNVBAgM +MIIBRjCB7QIBATAKBggqhkjOPQQDAjCBlzELMAkGA1UEBhMCVVMxEzARBgNVBAgM Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZTU0wx FDASBgNVBAsMC0RldmVsb3BtZW50MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20x -HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTE3MTAyMDE4MTkwOFoX -DTIwMDcxNjE4MTkwOFqgMDAuMB8GA1UdIwQYMBaAFFaOmsPwQt4YuUVVbvmTz+rD -86UhMAsGA1UdFAQEAgIgADAKBggqhkjOPQQDAgNIADBFAiBRhEVJS2k64ITSnORi -yUwwg7o+WvbqLFRQFyZN/IJf0gIhAOVrphzjgwfNWQRmAKB2dxHYgnb9qS3MOts6 -D7UapvOo +HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTE4MDUyOTIyNDc1N1oX +DTIxMDEwNzIyNDc1N1owFDASAgECFw0xODA1MjkyMjQ3NTdaoA4wDDAKBgNVHRQE +AwIBBDAKBggqhkjOPQQDAgNIADBFAiBWb5t9qPKO8fV2+vKJGqQPxFzoYDOlOS3R +CnJOTqxe/gIhALlmrFzcjJjx+LvP/xMGPke4JCJUiZVgEasxYCdNxJxw -----END X509 CRL----- diff --git a/certs/crl/cliCrl.pem b/certs/crl/cliCrl.pem index 99f639640..6a0ce1b37 100644 --- a/certs/crl/cliCrl.pem +++ b/certs/crl/cliCrl.pem @@ -2,38 +2,41 @@ Certificate Revocation List (CRL): Version 2 (0x1) Signature Algorithm: sha256WithRSAEncryption Issuer: /C=US/ST=Montana/L=Bozeman/O=wolfSSL_2048/OU=Programming-2048/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - Last Update: Aug 11 20:07:38 2016 GMT - Next Update: May 8 20:07:38 2019 GMT + Last Update: May 29 22:47:57 2018 GMT + Next Update: Jan 7 22:47:57 2021 GMT CRL extensions: X509v3 CRL Number: - 3 -No Revoked Certificates. + 6 +Revoked Certificates: + Serial Number: 02 + Revocation Date: May 29 22:47:57 2018 GMT Signature Algorithm: sha256WithRSAEncryption - 14:85:d5:c8:db:62:74:48:94:5e:dc:52:0f:5e:43:8b:29:83: - 32:e0:7a:4c:5c:76:e3:7e:c1:87:74:40:b2:6f:f8:33:4c:2c: - 32:08:f0:5f:d9:85:b3:20:05:34:5d:15:4d:ba:45:bc:2d:9c: - ae:40:d0:d8:9a:b3:a1:4f:0b:94:ce:c4:23:c6:bf:a2:f8:a6: - 02:4c:6d:ad:5a:59:b3:83:55:dd:37:91:f6:75:d4:6f:83:5f: - 1c:29:94:cd:01:09:dc:38:d8:6c:c0:9f:1e:76:9d:f9:8f:70: - 0d:48:e5:99:82:90:3a:36:f1:33:17:69:73:8a:ee:a7:22:4c: - 58:93:a1:dc:59:b9:44:8f:88:99:0b:c4:d3:74:aa:02:9a:84: - 36:48:d8:a0:05:73:bc:14:32:1e:76:23:85:c5:94:56:b2:2c: - 61:3b:07:d7:bd:0c:27:f7:d7:23:40:bd:0c:6c:c7:e0:f7:28: - 74:67:98:20:93:72:16:b6:6e:67:3f:9e:c9:34:c5:64:09:bf: - b1:ab:87:0c:80:b6:1f:89:d8:0e:67:c2:c7:19:df:ee:9f:b2: - e6:fb:64:3d:82:7a:47:e2:8d:a3:93:1d:29:f6:94:db:83:2f: - b6:0a:a0:da:77:e3:56:ec:d7:d2:22:3c:88:4d:4a:87:de:b5: - 1c:eb:7b:08 + 7b:c2:9a:bc:3a:b4:15:d0:fc:7c:8c:cd:da:23:30:08:7b:2d: + 8e:a7:2a:d7:e0:2e:c7:a6:2b:54:c9:0b:2f:d6:52:6c:98:c6: + 2a:fb:5d:68:0f:43:26:d6:c6:63:8c:79:1f:53:df:55:a9:64: + 88:da:da:09:49:90:11:dd:d2:43:87:14:f7:54:37:8d:57:52: + 72:af:56:0a:cf:93:f1:46:fa:ed:f8:cd:af:a9:9e:26:ec:45: + e3:ec:3f:ed:7e:48:10:cf:3a:94:45:8f:24:e0:e6:41:2e:1e: + bf:11:a9:4b:d3:d9:b3:1e:95:5b:6b:9b:68:18:a3:74:08:a6: + 87:b2:f3:a8:9a:33:5b:8b:97:09:16:72:68:8b:52:a2:79:2a: + e7:b5:aa:17:4e:b3:99:60:8f:30:35:c0:19:6a:0f:1a:23:b9: + bc:5a:8c:99:0e:cd:e4:bd:a3:6e:47:5e:e9:c1:53:97:40:ec: + 56:0b:24:cf:e5:7f:aa:1e:62:4d:46:a1:21:85:c7:b8:1b:74: + d4:03:52:d7:50:58:70:e0:db:03:66:ef:77:cc:6d:1e:a1:4d: + 84:45:c5:c2:15:d0:88:76:73:44:be:7b:8b:f2:94:b6:5b:99: + d4:69:7e:0f:4a:4e:90:ed:a9:b8:19:92:e1:b5:64:75:56:26: + f9:c1:2f:06 -----BEGIN X509 CRL----- -MIIB+DCB4QIBATANBgkqhkiG9w0BAQsFADCBnjELMAkGA1UEBhMCVVMxEDAOBgNV +MIICDjCB9wIBATANBgkqhkiG9w0BAQsFADCBnjELMAkGA1UEBhMCVVMxEDAOBgNV BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFTATBgNVBAoMDHdvbGZTU0xf MjA0ODEZMBcGA1UECwwQUHJvZ3JhbW1pbmctMjA0ODEYMBYGA1UEAwwPd3d3Lndv -bGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0xNjA4 -MTEyMDA3MzhaFw0xOTA1MDgyMDA3MzhaoA4wDDAKBgNVHRQEAwIBAzANBgkqhkiG -9w0BAQsFAAOCAQEAFIXVyNtidEiUXtxSD15DiymDMuB6TFx2437Bh3RAsm/4M0ws -MgjwX9mFsyAFNF0VTbpFvC2crkDQ2JqzoU8LlM7EI8a/ovimAkxtrVpZs4NV3TeR -9nXUb4NfHCmUzQEJ3DjYbMCfHnad+Y9wDUjlmYKQOjbxMxdpc4rupyJMWJOh3Fm5 -RI+ImQvE03SqApqENkjYoAVzvBQyHnYjhcWUVrIsYTsH170MJ/fXI0C9DGzH4Pco -dGeYIJNyFrZuZz+eyTTFZAm/sauHDIC2H4nYDmfCxxnf7p+y5vtkPYJ6R+KNo5Md -KfaU24Mvtgqg2nfjVuzX0iI8iE1Kh961HOt7CA== +bGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0xODA1 +MjkyMjQ3NTdaFw0yMTAxMDcyMjQ3NTdaMBQwEgIBAhcNMTgwNTI5MjI0NzU3WqAO +MAwwCgYDVR0UBAMCAQYwDQYJKoZIhvcNAQELBQADggEBAHvCmrw6tBXQ/HyMzdoj +MAh7LY6nKtfgLsemK1TJCy/WUmyYxir7XWgPQybWxmOMeR9T31WpZIja2glJkBHd +0kOHFPdUN41XUnKvVgrPk/FG+u34za+pnibsRePsP+1+SBDPOpRFjyTg5kEuHr8R +qUvT2bMelVtrm2gYo3QIpoey86iaM1uLlwkWcmiLUqJ5Kue1qhdOs5lgjzA1wBlq +DxojubxajJkOzeS9o25HXunBU5dA7FYLJM/lf6oeYk1GoSGFx7gbdNQDUtdQWHDg +2wNm73fMbR6hTYRFxcIV0Ih2c0S+e4vylLZbmdRpfg9KTpDtqbgZkuG1ZHVWJvnB +LwY= -----END X509 CRL----- diff --git a/certs/crl/crl.pem b/certs/crl/crl.pem index f9e8562b5..bbcf5ecdd 100644 --- a/certs/crl/crl.pem +++ b/certs/crl/crl.pem @@ -2,40 +2,40 @@ Certificate Revocation List (CRL): Version 2 (0x1) Signature Algorithm: sha256WithRSAEncryption Issuer: /C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - Last Update: Aug 11 20:07:38 2016 GMT - Next Update: May 8 20:07:38 2019 GMT + Last Update: May 29 22:47:57 2018 GMT + Next Update: Jan 7 22:47:57 2021 GMT CRL extensions: X509v3 CRL Number: - 1 + 2 Revoked Certificates: Serial Number: 02 - Revocation Date: Aug 11 20:07:38 2016 GMT + Revocation Date: May 29 22:47:57 2018 GMT Signature Algorithm: sha256WithRSAEncryption - 35:c6:7f:57:9a:e5:86:5a:15:1a:e2:e5:2b:9f:54:79:2a:58: - 51:a2:12:0c:4e:53:58:eb:99:e3:c2:ee:2b:d7:23:e4:3c:4d: - 0a:ab:ae:71:9b:ce:b1:c1:75:a1:b6:e5:32:5f:10:b0:72:28: - 2e:74:b1:99:dd:47:53:20:f6:9a:83:5c:bd:20:b0:aa:df:32: - f6:95:54:98:9e:59:96:55:7b:0a:74:be:94:66:44:b7:32:82: - f0:eb:16:f8:30:86:16:9f:73:43:98:82:b5:5e:ad:58:c0:c8: - 79:da:ad:b1:b4:d7:fb:34:c1:cc:3a:67:af:a4:56:5a:70:5c: - 2d:1f:73:16:78:92:01:06:e3:2c:fb:f1:ba:d5:8f:f9:be:dd: - e1:4a:ce:de:ca:e6:2d:96:09:24:06:40:9e:10:15:2e:f2:cd: - 85:d6:84:88:db:9c:4a:7b:75:7a:06:0e:40:02:20:60:7e:91: - f7:92:53:1e:34:7a:ea:ee:df:e7:cd:a8:9e:a6:61:b4:56:50: - 4d:dc:b1:78:0d:86:cf:45:c3:a6:0a:b9:88:2c:56:a7:b1:d3: - d3:0d:44:aa:93:a4:05:4d:ce:9f:01:b0:c6:1e:e4:ea:6b:92: - 6f:93:dd:98:cf:fb:1d:06:72:ac:d4:99:e7:f2:b4:11:57:bd: - 9d:63:e5:dc + 6b:c1:26:13:77:62:8e:4e:a9:e5:87:b6:f6:66:c8:1f:cc:6a: + 20:94:f0:f6:a5:c6:b7:aa:03:b7:60:cf:74:16:5e:2f:c6:10: + 8c:82:c9:31:da:20:23:c0:9e:f0:64:4b:cc:d8:6c:ec:57:1a: + 5c:27:ec:36:db:64:f0:28:b2:34:33:d2:aa:1b:55:e7:4a:1f: + c2:51:e9:b8:32:a8:be:53:ee:21:65:f7:c5:92:d0:0d:98:db: + 65:50:7f:35:98:21:5b:52:a0:1e:ce:79:af:66:de:55:81:11: + 0f:b0:8d:20:a8:48:f3:ff:ca:99:69:04:d8:c6:ec:98:de:8b: + 56:e1:53:cf:0b:da:47:91:9e:27:ff:d2:2d:a3:65:61:80:89: + 64:20:65:12:41:ce:8e:c8:55:a5:90:8d:fa:02:45:6b:28:6e: + 28:ab:5a:94:c3:49:37:d0:b1:8e:d1:3b:9f:da:7e:36:73:d9: + 8d:a5:60:97:71:51:6f:7b:88:90:84:14:0a:50:31:3c:e1:63: + d6:dd:26:e9:f5:63:b2:ae:54:4e:8f:80:aa:2b:4c:94:ab:08: + 16:03:b0:31:3a:16:f3:c6:20:0a:00:c9:52:7c:88:72:23:8d: + 80:c9:98:45:c3:44:1e:84:99:b8:53:1e:67:23:bc:aa:80:f6: + 77:58:0a:7a -----BEGIN X509 CRL----- MIICBDCB7QIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMxEDAOBgNV BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3Ro MRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20x -HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTE2MDgxMTIwMDczOFoX -DTE5MDUwODIwMDczOFowFDASAgECFw0xNjA4MTEyMDA3MzhaoA4wDDAKBgNVHRQE -AwIBATANBgkqhkiG9w0BAQsFAAOCAQEANcZ/V5rlhloVGuLlK59UeSpYUaISDE5T -WOuZ48LuK9cj5DxNCquucZvOscF1obblMl8QsHIoLnSxmd1HUyD2moNcvSCwqt8y -9pVUmJ5ZllV7CnS+lGZEtzKC8OsW+DCGFp9zQ5iCtV6tWMDIedqtsbTX+zTBzDpn -r6RWWnBcLR9zFniSAQbjLPvxutWP+b7d4UrO3srmLZYJJAZAnhAVLvLNhdaEiNuc -Snt1egYOQAIgYH6R95JTHjR66u7f582onqZhtFZQTdyxeA2Gz0XDpgq5iCxWp7HT -0w1EqpOkBU3OnwGwxh7k6muSb5PdmM/7HQZyrNSZ5/K0EVe9nWPl3A== +HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTE4MDUyOTIyNDc1N1oX +DTIxMDEwNzIyNDc1N1owFDASAgECFw0xODA1MjkyMjQ3NTdaoA4wDDAKBgNVHRQE +AwIBAjANBgkqhkiG9w0BAQsFAAOCAQEAa8EmE3dijk6p5Ye29mbIH8xqIJTw9qXG +t6oDt2DPdBZeL8YQjILJMdogI8Ce8GRLzNhs7FcaXCfsNttk8CiyNDPSqhtV50of +wlHpuDKovlPuIWX3xZLQDZjbZVB/NZghW1KgHs55r2beVYERD7CNIKhI8//KmWkE +2MbsmN6LVuFTzwvaR5GeJ//SLaNlYYCJZCBlEkHOjshVpZCN+gJFayhuKKtalMNJ +N9CxjtE7n9p+NnPZjaVgl3FRb3uIkIQUClAxPOFj1t0m6fVjsq5UTo+AqitMlKsI +FgOwMToW88YgCgDJUnyIciONgMmYRcNEHoSZuFMeZyO8qoD2d1gKeg== -----END X509 CRL----- diff --git a/certs/crl/crl.revoked b/certs/crl/crl.revoked index 7cbbce547..df6c204e8 100644 --- a/certs/crl/crl.revoked +++ b/certs/crl/crl.revoked @@ -2,43 +2,43 @@ Certificate Revocation List (CRL): Version 2 (0x1) Signature Algorithm: sha256WithRSAEncryption Issuer: /C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - Last Update: Aug 11 20:07:38 2016 GMT - Next Update: May 8 20:07:38 2019 GMT + Last Update: May 29 22:47:57 2018 GMT + Next Update: Jan 7 22:47:57 2021 GMT CRL extensions: X509v3 CRL Number: - 2 + 3 Revoked Certificates: Serial Number: 01 - Revocation Date: Aug 11 20:07:38 2016 GMT + Revocation Date: May 29 22:47:57 2018 GMT Serial Number: 02 - Revocation Date: Aug 11 20:07:38 2016 GMT + Revocation Date: May 29 22:47:57 2018 GMT Signature Algorithm: sha256WithRSAEncryption - 91:67:3d:34:8f:85:87:cd:11:0f:e2:af:cd:77:3f:d8:f2:15: - cb:c3:0d:49:02:87:13:f5:82:9e:a9:6f:ed:6a:aa:28:b7:6c: - 61:7b:ac:90:d0:e5:a1:3d:80:2c:31:6f:4e:0b:e9:9a:44:db: - 6b:24:71:34:9f:d1:51:53:8a:bd:bd:1c:20:e0:96:73:7b:29: - 1c:e3:56:97:46:a2:5e:db:ae:fe:1f:4a:c1:5c:5b:30:74:a4: - 70:dc:7e:70:7f:42:9f:48:d3:99:16:ff:34:f9:a7:db:ad:3d: - bc:a6:9d:ee:6a:ed:e7:e0:2f:ef:24:ab:4c:9b:44:d8:fc:1c: - 48:9f:f4:3c:14:f3:6c:a2:0f:a7:93:00:32:29:96:7e:98:5d: - c9:85:fa:94:4c:e2:03:7e:fb:bf:f0:0e:93:52:3b:8a:e1:43: - fe:3f:f2:57:02:21:e8:ff:43:da:3e:f0:3d:1a:eb:96:7a:0a: - d8:27:56:e2:30:2a:3c:a3:93:ff:1e:3f:98:6b:4e:ea:78:90: - 8b:d7:24:0a:98:b8:c1:e8:f5:02:d2:18:07:17:c3:6c:b5:db: - a7:61:c5:5d:8e:36:80:f5:aa:c1:a7:5b:66:4a:dd:17:62:da: - 80:70:83:4d:69:fa:c4:f4:2d:27:90:8d:7f:28:34:19:e0:a3: - 8a:6b:73:55 + b4:bb:8c:be:03:d7:e3:38:93:ef:31:1c:11:a4:de:77:9a:5d: + 11:4c:5c:e4:7b:e5:c7:ac:6a:b4:bc:2a:f9:5a:01:bd:72:20: + 77:b6:46:4b:8c:c3:25:d7:c4:a6:39:fe:cf:9a:99:9d:af:02: + 3e:15:fe:38:b2:04:7e:99:74:63:61:07:8e:8e:f7:23:b4:96: + b8:85:2f:01:cb:e6:e4:c3:3d:cb:31:e7:60:38:02:3b:8a:da: + 15:d2:37:34:8b:da:3d:c7:c8:0d:f6:1f:da:f5:ac:66:a1:0d: + 22:73:a5:78:76:88:04:ec:7c:80:8b:a0:99:40:4b:56:aa:aa: + 8e:01:7b:66:b7:6e:9e:5b:82:e7:4c:9d:99:27:8f:cb:cb:26: + c1:38:ed:bc:3c:e5:07:79:0b:79:7c:29:60:08:72:01:fc:9a: + 2a:60:7e:93:f3:a8:a5:29:93:58:e6:8d:2f:6a:02:d5:70:7e: + cc:fd:69:6f:b4:09:60:c0:da:bb:ca:b1:e1:e2:91:85:9c:a3: + 46:73:99:19:4d:77:e5:1c:80:33:04:34:5d:c1:e3:88:6d:b1: + 10:6c:79:9a:dd:e9:ac:d8:82:f6:0d:f0:7c:4b:de:fd:f1:17: + 04:54:8e:56:ec:3c:79:06:17:30:42:39:d5:98:0d:bb:78:b3: + 9f:4e:5b:87 -----BEGIN X509 CRL----- MIICGTCCAQECAQEwDQYJKoZIhvcNAQELBQAwgZQxCzAJBgNVBAYTAlVTMRAwDgYD VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290 aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t -MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0xNjA4MTEyMDA3Mzha -Fw0xOTA1MDgyMDA3MzhaMCgwEgIBARcNMTYwODExMjAwNzM4WjASAgECFw0xNjA4 -MTEyMDA3MzhaoA4wDDAKBgNVHRQEAwIBAjANBgkqhkiG9w0BAQsFAAOCAQEAkWc9 -NI+Fh80RD+KvzXc/2PIVy8MNSQKHE/WCnqlv7WqqKLdsYXuskNDloT2ALDFvTgvp -mkTbayRxNJ/RUVOKvb0cIOCWc3spHONWl0aiXtuu/h9KwVxbMHSkcNx+cH9Cn0jT -mRb/NPmn2609vKad7mrt5+Av7ySrTJtE2PwcSJ/0PBTzbKIPp5MAMimWfphdyYX6 -lEziA377v/AOk1I7iuFD/j/yVwIh6P9D2j7wPRrrlnoK2CdW4jAqPKOT/x4/mGtO -6niQi9ckCpi4wej1AtIYBxfDbLXbp2HFXY42gPWqwadbZkrdF2LagHCDTWn6xPQt -J5CNfyg0GeCjimtzVQ== +MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0xODA1MjkyMjQ3NTda +Fw0yMTAxMDcyMjQ3NTdaMCgwEgIBARcNMTgwNTI5MjI0NzU3WjASAgECFw0xODA1 +MjkyMjQ3NTdaoA4wDDAKBgNVHRQEAwIBAzANBgkqhkiG9w0BAQsFAAOCAQEAtLuM +vgPX4ziT7zEcEaTed5pdEUxc5Hvlx6xqtLwq+VoBvXIgd7ZGS4zDJdfEpjn+z5qZ +na8CPhX+OLIEfpl0Y2EHjo73I7SWuIUvAcvm5MM9yzHnYDgCO4raFdI3NIvaPcfI +DfYf2vWsZqENInOleHaIBOx8gIugmUBLVqqqjgF7ZrdunluC50ydmSePy8smwTjt +vDzlB3kLeXwpYAhyAfyaKmB+k/OopSmTWOaNL2oC1XB+zP1pb7QJYMDau8qx4eKR +hZyjRnOZGU135RyAMwQ0XcHjiG2xEGx5mt3prNiC9g3wfEve/fEXBFSOVuw8eQYX +MEI51ZgNu3izn05bhw== -----END X509 CRL----- diff --git a/certs/crl/crl2.pem b/certs/crl/crl2.pem index e357de068..75a916a91 100644 --- a/certs/crl/crl2.pem +++ b/certs/crl/crl2.pem @@ -2,79 +2,79 @@ Certificate Revocation List (CRL): Version 2 (0x1) Signature Algorithm: sha256WithRSAEncryption Issuer: /C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - Last Update: Aug 11 20:07:38 2016 GMT - Next Update: May 8 20:07:38 2019 GMT + Last Update: May 29 22:47:57 2018 GMT + Next Update: Jan 7 22:47:57 2021 GMT CRL extensions: X509v3 CRL Number: - 1 + 2 Revoked Certificates: Serial Number: 02 - Revocation Date: Aug 11 20:07:38 2016 GMT + Revocation Date: May 29 22:47:57 2018 GMT Signature Algorithm: sha256WithRSAEncryption - 35:c6:7f:57:9a:e5:86:5a:15:1a:e2:e5:2b:9f:54:79:2a:58: - 51:a2:12:0c:4e:53:58:eb:99:e3:c2:ee:2b:d7:23:e4:3c:4d: - 0a:ab:ae:71:9b:ce:b1:c1:75:a1:b6:e5:32:5f:10:b0:72:28: - 2e:74:b1:99:dd:47:53:20:f6:9a:83:5c:bd:20:b0:aa:df:32: - f6:95:54:98:9e:59:96:55:7b:0a:74:be:94:66:44:b7:32:82: - f0:eb:16:f8:30:86:16:9f:73:43:98:82:b5:5e:ad:58:c0:c8: - 79:da:ad:b1:b4:d7:fb:34:c1:cc:3a:67:af:a4:56:5a:70:5c: - 2d:1f:73:16:78:92:01:06:e3:2c:fb:f1:ba:d5:8f:f9:be:dd: - e1:4a:ce:de:ca:e6:2d:96:09:24:06:40:9e:10:15:2e:f2:cd: - 85:d6:84:88:db:9c:4a:7b:75:7a:06:0e:40:02:20:60:7e:91: - f7:92:53:1e:34:7a:ea:ee:df:e7:cd:a8:9e:a6:61:b4:56:50: - 4d:dc:b1:78:0d:86:cf:45:c3:a6:0a:b9:88:2c:56:a7:b1:d3: - d3:0d:44:aa:93:a4:05:4d:ce:9f:01:b0:c6:1e:e4:ea:6b:92: - 6f:93:dd:98:cf:fb:1d:06:72:ac:d4:99:e7:f2:b4:11:57:bd: - 9d:63:e5:dc + 6b:c1:26:13:77:62:8e:4e:a9:e5:87:b6:f6:66:c8:1f:cc:6a: + 20:94:f0:f6:a5:c6:b7:aa:03:b7:60:cf:74:16:5e:2f:c6:10: + 8c:82:c9:31:da:20:23:c0:9e:f0:64:4b:cc:d8:6c:ec:57:1a: + 5c:27:ec:36:db:64:f0:28:b2:34:33:d2:aa:1b:55:e7:4a:1f: + c2:51:e9:b8:32:a8:be:53:ee:21:65:f7:c5:92:d0:0d:98:db: + 65:50:7f:35:98:21:5b:52:a0:1e:ce:79:af:66:de:55:81:11: + 0f:b0:8d:20:a8:48:f3:ff:ca:99:69:04:d8:c6:ec:98:de:8b: + 56:e1:53:cf:0b:da:47:91:9e:27:ff:d2:2d:a3:65:61:80:89: + 64:20:65:12:41:ce:8e:c8:55:a5:90:8d:fa:02:45:6b:28:6e: + 28:ab:5a:94:c3:49:37:d0:b1:8e:d1:3b:9f:da:7e:36:73:d9: + 8d:a5:60:97:71:51:6f:7b:88:90:84:14:0a:50:31:3c:e1:63: + d6:dd:26:e9:f5:63:b2:ae:54:4e:8f:80:aa:2b:4c:94:ab:08: + 16:03:b0:31:3a:16:f3:c6:20:0a:00:c9:52:7c:88:72:23:8d: + 80:c9:98:45:c3:44:1e:84:99:b8:53:1e:67:23:bc:aa:80:f6: + 77:58:0a:7a -----BEGIN X509 CRL----- MIICBDCB7QIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMxEDAOBgNV BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3Ro MRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20x -HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTE2MDgxMTIwMDczOFoX -DTE5MDUwODIwMDczOFowFDASAgECFw0xNjA4MTEyMDA3MzhaoA4wDDAKBgNVHRQE -AwIBATANBgkqhkiG9w0BAQsFAAOCAQEANcZ/V5rlhloVGuLlK59UeSpYUaISDE5T -WOuZ48LuK9cj5DxNCquucZvOscF1obblMl8QsHIoLnSxmd1HUyD2moNcvSCwqt8y -9pVUmJ5ZllV7CnS+lGZEtzKC8OsW+DCGFp9zQ5iCtV6tWMDIedqtsbTX+zTBzDpn -r6RWWnBcLR9zFniSAQbjLPvxutWP+b7d4UrO3srmLZYJJAZAnhAVLvLNhdaEiNuc -Snt1egYOQAIgYH6R95JTHjR66u7f582onqZhtFZQTdyxeA2Gz0XDpgq5iCxWp7HT -0w1EqpOkBU3OnwGwxh7k6muSb5PdmM/7HQZyrNSZ5/K0EVe9nWPl3A== +HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTE4MDUyOTIyNDc1N1oX +DTIxMDEwNzIyNDc1N1owFDASAgECFw0xODA1MjkyMjQ3NTdaoA4wDDAKBgNVHRQE +AwIBAjANBgkqhkiG9w0BAQsFAAOCAQEAa8EmE3dijk6p5Ye29mbIH8xqIJTw9qXG +t6oDt2DPdBZeL8YQjILJMdogI8Ce8GRLzNhs7FcaXCfsNttk8CiyNDPSqhtV50of +wlHpuDKovlPuIWX3xZLQDZjbZVB/NZghW1KgHs55r2beVYERD7CNIKhI8//KmWkE +2MbsmN6LVuFTzwvaR5GeJ//SLaNlYYCJZCBlEkHOjshVpZCN+gJFayhuKKtalMNJ +N9CxjtE7n9p+NnPZjaVgl3FRb3uIkIQUClAxPOFj1t0m6fVjsq5UTo+AqitMlKsI +FgOwMToW88YgCgDJUnyIciONgMmYRcNEHoSZuFMeZyO8qoD2d1gKeg== -----END X509 CRL----- Certificate Revocation List (CRL): Version 2 (0x1) Signature Algorithm: sha256WithRSAEncryption Issuer: /C=US/ST=Montana/L=Bozeman/O=wolfSSL_2048/OU=Programming-2048/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - Last Update: Aug 11 20:07:38 2016 GMT - Next Update: May 8 20:07:38 2019 GMT + Last Update: May 29 22:47:57 2018 GMT + Next Update: Jan 7 22:47:57 2021 GMT CRL extensions: X509v3 CRL Number: - 3 + 1 No Revoked Certificates. Signature Algorithm: sha256WithRSAEncryption - 14:85:d5:c8:db:62:74:48:94:5e:dc:52:0f:5e:43:8b:29:83: - 32:e0:7a:4c:5c:76:e3:7e:c1:87:74:40:b2:6f:f8:33:4c:2c: - 32:08:f0:5f:d9:85:b3:20:05:34:5d:15:4d:ba:45:bc:2d:9c: - ae:40:d0:d8:9a:b3:a1:4f:0b:94:ce:c4:23:c6:bf:a2:f8:a6: - 02:4c:6d:ad:5a:59:b3:83:55:dd:37:91:f6:75:d4:6f:83:5f: - 1c:29:94:cd:01:09:dc:38:d8:6c:c0:9f:1e:76:9d:f9:8f:70: - 0d:48:e5:99:82:90:3a:36:f1:33:17:69:73:8a:ee:a7:22:4c: - 58:93:a1:dc:59:b9:44:8f:88:99:0b:c4:d3:74:aa:02:9a:84: - 36:48:d8:a0:05:73:bc:14:32:1e:76:23:85:c5:94:56:b2:2c: - 61:3b:07:d7:bd:0c:27:f7:d7:23:40:bd:0c:6c:c7:e0:f7:28: - 74:67:98:20:93:72:16:b6:6e:67:3f:9e:c9:34:c5:64:09:bf: - b1:ab:87:0c:80:b6:1f:89:d8:0e:67:c2:c7:19:df:ee:9f:b2: - e6:fb:64:3d:82:7a:47:e2:8d:a3:93:1d:29:f6:94:db:83:2f: - b6:0a:a0:da:77:e3:56:ec:d7:d2:22:3c:88:4d:4a:87:de:b5: - 1c:eb:7b:08 + 84:f8:1b:da:76:f6:ea:e9:17:f3:01:18:8f:4e:51:10:37:4b: + b4:2a:2d:6f:9b:0e:47:d4:f0:3d:c1:44:3d:67:9c:77:21:eb: + 26:c0:93:f6:19:7c:21:a1:d5:1a:72:e4:7d:5d:9b:a8:67:83: + bc:d1:f1:c8:17:1b:55:d6:eb:bc:59:46:ca:95:15:76:55:be: + 99:b9:de:3a:b0:d7:aa:dd:36:16:43:29:61:8d:7a:50:ee:e7: + 44:f8:d0:b0:9a:96:39:a8:62:86:3b:6c:28:85:b3:66:27:38: + c3:81:f7:38:32:bd:0a:be:db:33:3e:2f:3b:85:32:1a:56:d4: + 5d:b9:c1:ac:a1:f0:2a:34:1f:30:85:3b:2b:8f:95:bc:7b:21: + 52:86:3a:d2:b1:f7:6e:b3:98:47:6c:df:2f:6d:e1:e4:86:d9: + 06:08:ee:f1:7f:ae:02:3b:3f:99:dc:01:3e:41:1a:4d:76:fd: + 53:fa:84:9c:11:fd:81:b7:ce:e1:31:c5:eb:f8:57:39:11:0d: + 77:44:dd:ae:80:26:ef:48:cd:fe:7d:25:83:5f:54:b2:a1:50: + 82:10:25:47:b1:c7:86:12:37:b1:09:22:ef:97:3e:45:15:e0: + 21:69:61:e8:4c:0e:c1:74:1a:e1:e4:bb:80:92:dd:9b:b5:9b: + e7:1b:57:d7 -----BEGIN X509 CRL----- MIIB+DCB4QIBATANBgkqhkiG9w0BAQsFADCBnjELMAkGA1UEBhMCVVMxEDAOBgNV BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFTATBgNVBAoMDHdvbGZTU0xf MjA0ODEZMBcGA1UECwwQUHJvZ3JhbW1pbmctMjA0ODEYMBYGA1UEAwwPd3d3Lndv -bGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0xNjA4 -MTEyMDA3MzhaFw0xOTA1MDgyMDA3MzhaoA4wDDAKBgNVHRQEAwIBAzANBgkqhkiG -9w0BAQsFAAOCAQEAFIXVyNtidEiUXtxSD15DiymDMuB6TFx2437Bh3RAsm/4M0ws -MgjwX9mFsyAFNF0VTbpFvC2crkDQ2JqzoU8LlM7EI8a/ovimAkxtrVpZs4NV3TeR -9nXUb4NfHCmUzQEJ3DjYbMCfHnad+Y9wDUjlmYKQOjbxMxdpc4rupyJMWJOh3Fm5 -RI+ImQvE03SqApqENkjYoAVzvBQyHnYjhcWUVrIsYTsH170MJ/fXI0C9DGzH4Pco -dGeYIJNyFrZuZz+eyTTFZAm/sauHDIC2H4nYDmfCxxnf7p+y5vtkPYJ6R+KNo5Md -KfaU24Mvtgqg2nfjVuzX0iI8iE1Kh961HOt7CA== +bGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0xODA1 +MjkyMjQ3NTdaFw0yMTAxMDcyMjQ3NTdaoA4wDDAKBgNVHRQEAwIBATANBgkqhkiG +9w0BAQsFAAOCAQEAhPgb2nb26ukX8wEYj05REDdLtCotb5sOR9TwPcFEPWecdyHr +JsCT9hl8IaHVGnLkfV2bqGeDvNHxyBcbVdbrvFlGypUVdlW+mbneOrDXqt02FkMp +YY16UO7nRPjQsJqWOahihjtsKIWzZic4w4H3ODK9Cr7bMz4vO4UyGlbUXbnBrKHw +KjQfMIU7K4+VvHshUoY60rH3brOYR2zfL23h5IbZBgju8X+uAjs/mdwBPkEaTXb9 +U/qEnBH9gbfO4THF6/hXORENd0TdroAm70jN/n0lg19UsqFQghAlR7HHhhI3sQki +75c+RRXgIWlh6EwOwXQa4eS7gJLdm7Wb5xtX1w== -----END X509 CRL----- diff --git a/certs/crl/eccCliCRL.pem b/certs/crl/eccCliCRL.pem index 01c6404d0..ffa155b49 100644 --- a/certs/crl/eccCliCRL.pem +++ b/certs/crl/eccCliCRL.pem @@ -2,23 +2,25 @@ Certificate Revocation List (CRL): Version 2 (0x1) Signature Algorithm: ecdsa-with-SHA256 Issuer: /C=US/ST=Oregon/L=Salem/O=Client ECC/OU=Fast/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - Last Update: Aug 11 20:07:38 2016 GMT - Next Update: May 8 20:07:38 2019 GMT + Last Update: May 29 22:47:57 2018 GMT + Next Update: Jan 7 22:47:57 2021 GMT CRL extensions: X509v3 CRL Number: - 4 -No Revoked Certificates. + 7 +Revoked Certificates: + Serial Number: 02 + Revocation Date: May 29 22:47:57 2018 GMT Signature Algorithm: ecdsa-with-SHA256 - 30:45:02:20:05:17:4f:0c:42:51:f6:f5:a3:2e:52:3e:e3:f4: - ed:99:ca:4d:16:75:f7:80:9d:7a:cf:64:5e:ec:cd:9d:f0:86: - 02:21:00:e0:38:31:16:e2:ab:e4:d5:4b:cd:67:2f:e1:f0:e5: - ac:f2:8a:4b:03:9b:f1:69:60:2c:bf:dc:02:11:e8:71:f7 + 30:44:02:20:7b:58:a3:78:b4:fa:98:8b:bb:ce:83:a0:36:ee: + d5:69:ac:d2:8b:f6:67:86:c3:1d:44:2a:58:28:de:29:3e:d8: + 02:20:5a:56:34:28:7f:2b:75:0e:81:7f:80:2b:53:6c:13:e5: + d8:3a:2d:68:78:8d:c3:d6:e6:39:11:82:ee:ed:1f:5b -----BEGIN X509 CRL----- -MIIBJjCBzQIBATAKBggqhkjOPQQDAjCBjTELMAkGA1UEBhMCVVMxDzANBgNVBAgM +MIIBOzCB4wIBATAKBggqhkjOPQQDAjCBjTELMAkGA1UEBhMCVVMxDzANBgNVBAgM Bk9yZWdvbjEOMAwGA1UEBwwFU2FsZW0xEzARBgNVBAoMCkNsaWVudCBFQ0MxDTAL BgNVBAsMBEZhc3QxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3 -DQEJARYQaW5mb0B3b2xmc3NsLmNvbRcNMTYwODExMjAwNzM4WhcNMTkwNTA4MjAw -NzM4WqAOMAwwCgYDVR0UBAMCAQQwCgYIKoZIzj0EAwIDSAAwRQIgBRdPDEJR9vWj -LlI+4/TtmcpNFnX3gJ16z2Re7M2d8IYCIQDgODEW4qvk1UvNZy/h8OWs8opLA5vx -aWAsv9wCEehx9w== +DQEJARYQaW5mb0B3b2xmc3NsLmNvbRcNMTgwNTI5MjI0NzU3WhcNMjEwMTA3MjI0 +NzU3WjAUMBICAQIXDTE4MDUyOTIyNDc1N1qgDjAMMAoGA1UdFAQDAgEHMAoGCCqG +SM49BAMCA0cAMEQCIHtYo3i0+piLu86DoDbu1Wms0ov2Z4bDHUQqWCjeKT7YAiBa +VjQofyt1DoF/gCtTbBPl2DotaHiNw9bmORGC7u0fWw== -----END X509 CRL----- diff --git a/certs/crl/eccSrvCRL.pem b/certs/crl/eccSrvCRL.pem index 2293f2c51..1af3e8f8e 100644 --- a/certs/crl/eccSrvCRL.pem +++ b/certs/crl/eccSrvCRL.pem @@ -2,23 +2,25 @@ Certificate Revocation List (CRL): Version 2 (0x1) Signature Algorithm: ecdsa-with-SHA256 Issuer: /C=US/ST=Washington/L=Seattle/O=Eliptic/OU=ECC/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - Last Update: Aug 11 20:07:38 2016 GMT - Next Update: May 8 20:07:38 2019 GMT + Last Update: May 29 22:47:57 2018 GMT + Next Update: Jan 7 22:47:57 2021 GMT CRL extensions: X509v3 CRL Number: - 5 -No Revoked Certificates. + 8 +Revoked Certificates: + Serial Number: 02 + Revocation Date: May 29 22:47:57 2018 GMT Signature Algorithm: ecdsa-with-SHA256 - 30:46:02:21:00:dd:0a:1e:ff:5b:19:4e:40:a1:a8:65:b3:48: - fb:2b:a0:e5:6b:c4:27:31:2b:0b:1e:8c:c2:12:f5:74:74:c2: - 5b:02:21:00:f9:67:2e:5c:26:7b:14:a1:16:db:d4:7d:b1:a9: - 75:c7:5f:db:6f:c9:57:12:9b:44:99:40:71:70:7d:f9:b6:c8 + 30:44:02:20:17:18:ac:ac:96:28:7b:87:6a:d4:10:03:df:d8: + 34:23:33:67:ed:ad:20:df:ab:da:a9:7c:f4:61:c0:d1:d5:4b: + 02:20:74:47:c1:26:c7:8c:92:f3:7c:c2:91:96:26:91:90:ff: + d2:23:b8:dc:e9:62:f9:d2:19:18:11:94:e5:b2:ff:85 -----BEGIN X509 CRL----- -MIIBKTCBzwIBATAKBggqhkjOPQQDAjCBjzELMAkGA1UEBhMCVVMxEzARBgNVBAgM +MIIBPTCB5QIBATAKBggqhkjOPQQDAjCBjzELMAkGA1UEBhMCVVMxEzARBgNVBAgM Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB0VsaXB0aWMx DDAKBgNVBAsMA0VDQzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZI -hvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0xNjA4MTEyMDA3MzhaFw0xOTA1MDgy -MDA3MzhaoA4wDDAKBgNVHRQEAwIBBTAKBggqhkjOPQQDAgNJADBGAiEA3Qoe/1sZ -TkChqGWzSPsroOVrxCcxKwsejMIS9XR0wlsCIQD5Zy5cJnsUoRbb1H2xqXXHX9tv -yVcSm0SZQHFwffm2yA== +hvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0xODA1MjkyMjQ3NTdaFw0yMTAxMDcy +MjQ3NTdaMBQwEgIBAhcNMTgwNTI5MjI0NzU3WqAOMAwwCgYDVR0UBAMCAQgwCgYI +KoZIzj0EAwIDRwAwRAIgFxisrJYoe4dq1BAD39g0IzNn7a0g36vaqXz0YcDR1UsC +IHRHwSbHjJLzfMKRliaRkP/SI7jc6WL50hkYEZTlsv+F -----END X509 CRL----- diff --git a/certs/crl/gencrls.sh b/certs/crl/gencrls.sh index 8ef69a43d..378c3f507 100755 --- a/certs/crl/gencrls.sh +++ b/certs/crl/gencrls.sh @@ -30,6 +30,8 @@ setup_files # caCrl # revoke server-revoked-cert.pem +openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out crl2.pem -keyfile ../client-key.pem -cert ../client-cert.pem + openssl ca -config ../renewcerts/wolfssl.cnf -revoke ../server-revoked-cert.pem -keyfile ../ca-key.pem -cert ../ca-cert.pem openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out crl.pem -keyfile ../ca-key.pem -cert ../ca-cert.pem @@ -40,6 +42,11 @@ mv tmp crl.pem # install (only needed if working outside wolfssl) #cp crl.pem ~/wolfssl/certs/crl/crl.pem +# crl2 create +openssl crl -in crl.pem -text > tmp +openssl crl -in crl2.pem -text >> tmp +mv tmp crl2.pem + # caCrl server revoked openssl ca -config ../renewcerts/wolfssl.cnf -revoke ../server-cert.pem -keyfile ../ca-key.pem -cert ../ca-cert.pem @@ -52,6 +59,7 @@ mv tmp crl.revoked # install (only needed if working outside wolfssl) #cp crl.revoked ~/wolfssl/certs/crl/crl.revoked + # remove revoked so next time through the normal CA won't have server revoked cp blank.index.txt demoCA/index.txt diff --git a/certs/ecc-privOnlyCert.pem b/certs/ecc-privOnlyCert.pem index adbf9c482..e6034bed8 100644 --- a/certs/ecc-privOnlyCert.pem +++ b/certs/ecc-privOnlyCert.pem @@ -1,44 +1,9 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 11535733361370405423 (0xa017285f8c1b1a2f) - Signature Algorithm: ecdsa-with-SHA256 - Issuer: O=WR, C=DE - Validity - Not Before: Mar 2 21:02:20 2018 GMT - Not After : Mar 2 21:02:20 2019 GMT - Subject: O=WR, C=DE - Subject Public Key Info: - Public Key Algorithm: id-ecPublicKey - Public-Key: (256 bit) - pub: - 04:25:c0:fd:16:b8:2b:f2:b8:0a:1e:dd:ac:ce:62: - 52:7c:58:0a:60:7d:57:75:da:bd:11:c1:d5:2a:ea: - 54:6b:76:e6:3d:36:f7:dd:51:97:6b:a8:26:fe:7b: - a6:bd:96:55:85:50:9d:9a:7e:69:01:d8:43:45:89: - d9:fe:4a:2b:26 - ASN1 OID: prime256v1 - NIST CURVE: P-256 - X509v3 extensions: - X509v3 Subject Key Identifier: - B2:B1:0D:05:AC:6A:0C:A1:AD:92:0A:7E:C7:E1:68:56:35:40:19:EA - X509v3 Authority Key Identifier: - keyid:B2:B1:0D:05:AC:6A:0C:A1:AD:92:0A:7E:C7:E1:68:56:35:40:19:EA - - X509v3 Basic Constraints: - CA:TRUE - Signature Algorithm: ecdsa-with-SHA256 - 30:44:02:20:2f:5e:f3:52:0b:39:4c:1a:69:6d:52:cf:a5:7a: - 63:03:0b:ff:48:9a:32:fb:57:66:10:60:7d:6e:e2:e4:87:e2: - 02:20:24:21:fd:a9:88:74:07:79:5f:e5:15:89:41:39:51:32: - a9:62:8d:ef:4b:8a:3c:81:ca:7f:2e:32:f1:fe:c2:f3 -----BEGIN CERTIFICATE----- -MIIBejCCASGgAwIBAgIJAKAXKF+MGxovMAoGCCqGSM49BAMCMBoxCzAJBgNVBAoT -AldSMQswCQYDVQQGEwJERTAeFw0xODAzMDIyMTAyMjBaFw0xOTAzMDIyMTAyMjBa -MBoxCzAJBgNVBAoTAldSMQswCQYDVQQGEwJERTBZMBMGByqGSM49AgEGCCqGSM49 -AwEHA0IABCXA/Ra4K/K4Ch7drM5iUnxYCmB9V3XavRHB1SrqVGt25j02991Rl2uo -Jv57pr2WVYVQnZp+aQHYQ0WJ2f5KKyajUDBOMB0GA1UdDgQWBBSysQ0FrGoMoa2S -Cn7H4WhWNUAZ6jAfBgNVHSMEGDAWgBSysQ0FrGoMoa2SCn7H4WhWNUAZ6jAMBgNV -HRMEBTADAQH/MAoGCCqGSM49BAMCA0cAMEQCIC9e81ILOUwaaW1Sz6V6YwML/0ia -MvtXZhBgfW7i5IfiAiAkIf2piHQHeV/lFYlBOVEyqWKN70uKPIHKfy4y8f7C8w== +MIIBIzCBygIJAIQV31BIhAeYMAoGCCqGSM49BAMCMBoxCzAJBgNVBAoMAldSMQsw +CQYDVQQDDAJERTAeFw0xODA0MTMxNTIzMTBaFw0yMTAxMDcxNTIzMTBaMBoxCzAJ +BgNVBAoMAldSMQswCQYDVQQDDAJERTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA +BCXA/Ra4K/K4Ch7drM5iUnxYCmB9V3XavRHB1SrqVGt25j02991Rl2uoJv57pr2W +VYVQnZp+aQHYQ0WJ2f5KKyYwCgYIKoZIzj0EAwIDSAAwRQIhAJvs7Y00EWq/Yv9A +ymP/fVWsxz8/fhbZKi09eq2eqV/gAiBW9u61nV2snwijm5r6EWrnlGKoNb9niPCD +qg/y+r8d1A== -----END CERTIFICATE----- diff --git a/certs/ecc-rsa-server.p12 b/certs/ecc-rsa-server.p12 index e1682b5cd..84cb0a4b6 100644 Binary files a/certs/ecc-rsa-server.p12 and b/certs/ecc-rsa-server.p12 differ diff --git a/certs/ed25519/ca-ed25519-key.der b/certs/ed25519/ca-ed25519-key.der index 01156fec2..fd4449c86 100644 Binary files a/certs/ed25519/ca-ed25519-key.der and b/certs/ed25519/ca-ed25519-key.der differ diff --git a/certs/ed25519/ca-ed25519-key.pem b/certs/ed25519/ca-ed25519-key.pem index e21c1100c..a4b1eb08b 100644 --- a/certs/ed25519/ca-ed25519-key.pem +++ b/certs/ed25519/ca-ed25519-key.pem @@ -1,4 +1,4 @@ -----BEGIN EDDSA PRIVATE KEY----- -MFICAQAwBQYDK2VwBCIEIE3EyZVR/gbofvUgIsCeuA3yZ9E7DbTQxW7HMDYQhbxl -oSIEIEEH7HUMaHISPASCB24Wb0BBbaSPCPLinadDwiQomH6s +MFICAQAwBQYDK2VwBCIEIALLg+oVSN6eOx+rCjIui2cYL3VyBkk2pWBdv1+JXJBy +oSIEIGWqfwWkBDSg6q0fqYbw2H9y36kOE6A4ZiZe60gwgEhJ -----END EDDSA PRIVATE KEY----- diff --git a/certs/ed25519/ca-ed25519-priv.der b/certs/ed25519/ca-ed25519-priv.der new file mode 100644 index 000000000..1618c73b2 Binary files /dev/null and b/certs/ed25519/ca-ed25519-priv.der differ diff --git a/certs/ed25519/ca-ed25519-priv.pem b/certs/ed25519/ca-ed25519-priv.pem new file mode 100644 index 000000000..7edc455eb --- /dev/null +++ b/certs/ed25519/ca-ed25519-priv.pem @@ -0,0 +1,3 @@ +-----BEGIN PRIVATE KEY----- +MC4CAQAwBQYDK2VwBCIEIALLg+oVSN6eOx+rCjIui2cYL3VyBkk2pWBdv1+JXJBy +-----END PRIVATE KEY----- diff --git a/certs/ed25519/ca-ed25519.der b/certs/ed25519/ca-ed25519.der index fd6f31d1d..b6c11045e 100644 Binary files a/certs/ed25519/ca-ed25519.der and b/certs/ed25519/ca-ed25519.der differ diff --git a/certs/ed25519/ca-ed25519.pem b/certs/ed25519/ca-ed25519.pem index ec31ac9cc..9b4070d9b 100644 --- a/certs/ed25519/ca-ed25519.pem +++ b/certs/ed25519/ca-ed25519.pem @@ -1,15 +1,15 @@ -----BEGIN CERTIFICATE----- -MIICWTCCAgugAwIBAgIIAfbhPrx5oYUwBQYDK2VwMIGfMQswCQYDVQQGEwJVUzEQ -MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjENMAsGA1UEBAwEUm9v -dDEQMA4GA1UECgwHd29sZlNTTDEQMA4GA1UECwwHRUQyNTUxOTEYMBYGA1UEAwwP -d3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29t -MCIYDzIwMTcwNTI4MjMyNjI5WhgPMjAxOTA1MjkyMzI2MjlaMIGdMQswCQYDVQQG -EwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjELMAkGA1UE -BAwCQ0ExEDAOBgNVBAoMB3dvbGZTU0wxEDAOBgNVBAsMB0VEMjU1MTkxGDAWBgNV -BAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3Ns -LmNvbTAqMAUGAytlcAMhAEEH7HUMaHISPASCB24Wb0BBbaSPCPLinadDwiQomH6s -o2EwXzAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBSS1Qva8QSLuaGLAwKfWAA1Ngd6 -yTAfBgNVHSMEGDAWgBSGwCfpnvqFwf3jb/xUWXI3xzOSuzAPBgNVHQ8BAf8EBQMC -AcYAMAUGAytlcANBACIbBhfAEXQfZNGj9nsGABoLUI7rsWOSRbrc4sFoFCMMbiyV -PLEcGSeYUD5VUczESVivuUZP7ZxXOAQp1KkS/gg= +MIICYDCCAhKgAwIBAgIQAIC6aHfvpeVCfcZzLFSFuDAFBgMrZXAwgZ8xCzAJBgNV +BAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMQ0wCwYD +VQQEDARSb290MRAwDgYDVQQKDAd3b2xmU1NMMRAwDgYDVQQLDAdFRDI1NTE5MRgw +FgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29s +ZnNzbC5jb20wIhgPMjAxODA0MTIxNjIyMTdaGA8yMDIxMDEwNzE1MjIxN1owgZ0x +CzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFu +MQswCQYDVQQEDAJDQTEQMA4GA1UECgwHd29sZlNTTDEQMA4GA1UECwwHRUQyNTUx +OTEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZv +QHdvbGZzc2wuY29tMCowBQYDK2VwAyEAZap/BaQENKDqrR+phvDYf3LfqQ4ToDhm +Jl7rSDCASEmjYDBeMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFJI/lnIC+mEcIW2I +3evdPJsXxJ+3MB8GA1UdIwQYMBaAFP4BRn9vKz4csG/hzE0CJfdNCpW4MA4GA1Ud +DwEB/wQEAwIBxjAFBgMrZXADQQBMQNB/vPv0ohpY9nLj6NoYDZTcDv3B5wKleu7L +wn76ofwVmv4e4Dfff6t2UAbUPRplcz+S1ERip0yzKgGH4wYG -----END CERTIFICATE----- diff --git a/certs/ed25519/client-ed25519-key.der b/certs/ed25519/client-ed25519-key.der index 9356cff4b..f4990b312 100644 Binary files a/certs/ed25519/client-ed25519-key.der and b/certs/ed25519/client-ed25519-key.der differ diff --git a/certs/ed25519/client-ed25519-key.pem b/certs/ed25519/client-ed25519-key.pem index fc4eef62f..fa3c91922 100644 --- a/certs/ed25519/client-ed25519-key.pem +++ b/certs/ed25519/client-ed25519-key.pem @@ -1,4 +1,4 @@ -----BEGIN EDDSA PRIVATE KEY----- -MFICAQAwBQYDK2VwBCIEIBGdNYxa3ommO8aYO1oGaGSRQBqDYB0sKOdR3bqejqIQ -oSIEIDY9UZ60w5FgsDoJuIdapQUPW1PlZBc+cLkNZhKk5fFR +MFICAQAwBQYDK2VwBCIEICejNCo11Lu44dzY7A/BoNGiXPkG8ERdO5dNvd9KO6NO +oSIEIKLxJkCbolna2+YVf5oRtUhfVbpe7Ub3mGe+DJPjpI4Y -----END EDDSA PRIVATE KEY----- diff --git a/certs/ed25519/client-ed25519-priv.der b/certs/ed25519/client-ed25519-priv.der new file mode 100644 index 000000000..6ca194a93 Binary files /dev/null and b/certs/ed25519/client-ed25519-priv.der differ diff --git a/certs/ed25519/client-ed25519-priv.pem b/certs/ed25519/client-ed25519-priv.pem new file mode 100644 index 000000000..0104b1620 --- /dev/null +++ b/certs/ed25519/client-ed25519-priv.pem @@ -0,0 +1,3 @@ +-----BEGIN PRIVATE KEY----- +MC4CAQAwBQYDK2VwBCIEICejNCo11Lu44dzY7A/BoNGiXPkG8ERdO5dNvd9KO6NO +-----END PRIVATE KEY----- diff --git a/certs/ed25519/client-ed25519.der b/certs/ed25519/client-ed25519.der index c209b3435..0fab773ca 100644 Binary files a/certs/ed25519/client-ed25519.der and b/certs/ed25519/client-ed25519.der differ diff --git a/certs/ed25519/client-ed25519.pem b/certs/ed25519/client-ed25519.pem index 5cd6a6e34..5cc566714 100644 --- a/certs/ed25519/client-ed25519.pem +++ b/certs/ed25519/client-ed25519.pem @@ -1,15 +1,15 @@ -----BEGIN CERTIFICATE----- -MIICUTCCAgOgAwIBAgIIAckQps/YSE8wBQYDK2VwMIGhMQswCQYDVQQGEwJVUzEQ -MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEPMA0GA1UEBAwGY2xp -ZW50MRAwDgYDVQQKDAd3b2xmU1NMMRAwDgYDVQQLDAdFRDI1NTE5MRgwFgYDVQQD -DA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j -b20wIhgPMjAxNzA1MjgyMzI2MjlaGA8yMDE5MDUyOTIzMjYyOVowgaExCzAJBgNV +MIICWDCCAgqgAwIBAgIQAI8vNbJTvU+S0f8dS0ClSTAFBgMrZXAwgaExCzAJBgNV BAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMQ8wDQYD VQQEDAZjbGllbnQxEDAOBgNVBAoMB3dvbGZTU0wxEDAOBgNVBAsMB0VEMjU1MTkx GDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3 -b2xmc3NsLmNvbTAqMAUGAytlcAMhADY9UZ60w5FgsDoJuIdapQUPW1PlZBc+cLkN -ZhKk5fFRo1MwUTAdBgNVHQ4EFgQUppdwk1xpkyuWMh6Heza6k5opV/EwHwYDVR0j -BBgwFoAUppdwk1xpkyuWMh6Heza6k5opV/EwDwYDVR0PAQH/BAUDAgbAADAFBgMr -ZXADQQCUo3bb4Zv2vjs09vniOoogAIHBlj4tOdodJ/vVfSFRGfo5MTbFOa4RmAvZ -kz+W324RkBsIl8R8ksENe87bJwAP +b2xmc3NsLmNvbTAiGA8yMDE4MDQxMjE2MjIxN1oYDzIwMjEwMTA3MTUyMjE3WjCB +oTELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVt +YW4xDzANBgNVBAQMBmNsaWVudDEQMA4GA1UECgwHd29sZlNTTDEQMA4GA1UECwwH +RUQyNTUxOTEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkB +FhBpbmZvQHdvbGZzc2wuY29tMCowBQYDK2VwAyEAovEmQJuiWdrb5hV/mhG1SF9V +ul7tRveYZ74Mk+OkjhijUjBQMB0GA1UdDgQWBBT+AUZ/bys+HLBv4cxNAiX3TQqV +uDAfBgNVHSMEGDAWgBT+AUZ/bys+HLBv4cxNAiX3TQqVuDAOBgNVHQ8BAf8EBAMC +BsAwBQYDK2VwA0EAKfZp4rlzEtFk64/pa2HbX+mnYmwQiUGA4+j9H9ATrpUAr/d3 +4SIyrUZP3H7+rryKH5YK2p/Jk1InGLCL2r6BCQ== -----END CERTIFICATE----- diff --git a/certs/ed25519/gen-ed25519.sh b/certs/ed25519/gen-ed25519.sh index 5bf72adc4..87aa71a42 100755 --- a/certs/ed25519/gen-ed25519.sh +++ b/certs/ed25519/gen-ed25519.sh @@ -16,3 +16,17 @@ popd mv ${EXAMPLE}/*.pem . mv ${EXAMPLE}/*.der . +convert() { + echo -en "\x30\x2e" > ${NAME}-ed25519-priv.der + head -c 48 ${NAME}-ed25519-key.der | tail -c 46 >> ${NAME}-ed25519-priv.der + + echo "-----BEGIN PRIVATE KEY-----" > ${NAME}-ed25519-priv.pem + openssl base64 -in ${NAME}-ed25519-priv.der >> ${NAME}-ed25519-priv.pem + echo "-----END PRIVATE KEY-----" >> ${NAME}-ed25519-priv.pem +} + +NAME=server convert +NAME=client convert +NAME=root convert +NAME=ca convert + diff --git a/certs/ed25519/include.am b/certs/ed25519/include.am new file mode 100644 index 000000000..3bd79c6d1 --- /dev/null +++ b/certs/ed25519/include.am @@ -0,0 +1,29 @@ +# vim:ft=automake +# All paths should be given relative to the root +# + +EXTRA_DIST += \ + certs/ed25519/ca-ed25519.der \ + certs/ed25519/ca-ed25519.pem \ + certs/ed25519/ca-ed25519-key.der \ + certs/ed25519/ca-ed25519-key.pem \ + certs/ed25519/ca-ed25519-priv.der \ + certs/ed25519/ca-ed25519-priv.pem \ + certs/ed25519/client-ed25519.der \ + certs/ed25519/client-ed25519.pem \ + certs/ed25519/client-ed25519-key.der \ + certs/ed25519/client-ed25519-key.pem \ + certs/ed25519/client-ed25519-priv.der \ + certs/ed25519/client-ed25519-priv.pem \ + certs/ed25519/root-ed25519.der \ + certs/ed25519/root-ed25519.pem \ + certs/ed25519/root-ed25519-key.der \ + certs/ed25519/root-ed25519-key.pem \ + certs/ed25519/root-ed25519-priv.der \ + certs/ed25519/root-ed25519-priv.pem \ + certs/ed25519/server-ed25519.der \ + certs/ed25519/server-ed25519.pem \ + certs/ed25519/server-ed25519-key.der \ + certs/ed25519/server-ed25519-key.pem \ + certs/ed25519/server-ed25519-priv.der \ + certs/ed25519/server-ed25519-priv.pem diff --git a/certs/ed25519/root-ed25519-key.der b/certs/ed25519/root-ed25519-key.der index 230383d33..f4990b312 100644 Binary files a/certs/ed25519/root-ed25519-key.der and b/certs/ed25519/root-ed25519-key.der differ diff --git a/certs/ed25519/root-ed25519-key.pem b/certs/ed25519/root-ed25519-key.pem index 2db2a669e..fa3c91922 100644 --- a/certs/ed25519/root-ed25519-key.pem +++ b/certs/ed25519/root-ed25519-key.pem @@ -1,4 +1,4 @@ -----BEGIN EDDSA PRIVATE KEY----- -MFICAQAwBQYDK2VwBCIEIFwOftlJ9QL4yEBIBh9UmTRwCu+A6puPK9OFmVk0A19P -oSIEIKZgKbt92EfL1B7QbQ9XANgqH1BqQrxd5bgZZbLfJK9Q +MFICAQAwBQYDK2VwBCIEICejNCo11Lu44dzY7A/BoNGiXPkG8ERdO5dNvd9KO6NO +oSIEIKLxJkCbolna2+YVf5oRtUhfVbpe7Ub3mGe+DJPjpI4Y -----END EDDSA PRIVATE KEY----- diff --git a/certs/ed25519/root-ed25519-priv.der b/certs/ed25519/root-ed25519-priv.der new file mode 100644 index 000000000..6ca194a93 Binary files /dev/null and b/certs/ed25519/root-ed25519-priv.der differ diff --git a/certs/ed25519/root-ed25519-priv.pem b/certs/ed25519/root-ed25519-priv.pem new file mode 100644 index 000000000..0104b1620 --- /dev/null +++ b/certs/ed25519/root-ed25519-priv.pem @@ -0,0 +1,3 @@ +-----BEGIN PRIVATE KEY----- +MC4CAQAwBQYDK2VwBCIEICejNCo11Lu44dzY7A/BoNGiXPkG8ERdO5dNvd9KO6NO +-----END PRIVATE KEY----- diff --git a/certs/ed25519/root-ed25519.der b/certs/ed25519/root-ed25519.der index f4da216c4..c1675faf0 100644 Binary files a/certs/ed25519/root-ed25519.der and b/certs/ed25519/root-ed25519.der differ diff --git a/certs/ed25519/root-ed25519.pem b/certs/ed25519/root-ed25519.pem index 1356b21cc..75d7a9dbd 100644 --- a/certs/ed25519/root-ed25519.pem +++ b/certs/ed25519/root-ed25519.pem @@ -1,15 +1,15 @@ -----BEGIN CERTIFICATE----- -MIICWzCCAg2gAwIBAgIIAcUx7uhNOB4wBQYDK2VwMIGfMQswCQYDVQQGEwJVUzEQ -MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjENMAsGA1UEBAwEUm9v -dDEQMA4GA1UECgwHd29sZlNTTDEQMA4GA1UECwwHRUQyNTUxOTEYMBYGA1UEAwwP -d3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29t -MCIYDzIwMTcwNTI4MjMyNjI5WhgPMjAxOTA1MjkyMzI2MjlaMIGfMQswCQYDVQQG -EwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjENMAsGA1UE -BAwEUm9vdDEQMA4GA1UECgwHd29sZlNTTDEQMA4GA1UECwwHRUQyNTUxOTEYMBYG -A1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZz -c2wuY29tMCowBQYDK2VwAyEApmApu33YR8vUHtBtD1cA2CofUGpCvF3luBllst8k -r1CjYTBfMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFIbAJ+me+oXB/eNv/FRZcjfH -M5K7MB8GA1UdIwQYMBaAFIbAJ+me+oXB/eNv/FRZcjfHM5K7MA8GA1UdDwEB/wQF -AwIBxgAwBQYDK2VwA0EAGj129Ed4mXezQYuGBMzeglOtvFvz3UqPLBGTRI49gqqw -2/VnVoX532VvhensyCrk3/tRluh1wMnenEQlncm/CQ== +MIICYjCCAhSgAwIBAgIQAI8vNbJTvU+S0f8dS0ClSTAFBgMrZXAwgZ8xCzAJBgNV +BAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMQ0wCwYD +VQQEDARSb290MRAwDgYDVQQKDAd3b2xmU1NMMRAwDgYDVQQLDAdFRDI1NTE5MRgw +FgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29s +ZnNzbC5jb20wIhgPMjAxODA0MTIxNjIyMTdaGA8yMDIxMDEwNzE1MjIxN1owgZ8x +CzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFu +MQ0wCwYDVQQEDARSb290MRAwDgYDVQQKDAd3b2xmU1NMMRAwDgYDVQQLDAdFRDI1 +NTE5MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGlu +Zm9Ad29sZnNzbC5jb20wKjAFBgMrZXADIQCi8SZAm6JZ2tvmFX+aEbVIX1W6Xu1G +95hnvgyT46SOGKNgMF4wDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQU/gFGf28rPhyw +b+HMTQIl900KlbgwHwYDVR0jBBgwFoAU/gFGf28rPhywb+HMTQIl900KlbgwDgYD +VR0PAQH/BAQDAgHGMAUGAytlcANBAEaxLiB1c316UlvcVyZ3bJ19dvCgG0Y8+2De +GGbS7KdC/RauChf9sxLzVoNj2P5Al5dsHeqpECevSCbCD9LGpAA= -----END CERTIFICATE----- diff --git a/certs/ed25519/server-ed25519-key.der b/certs/ed25519/server-ed25519-key.der index 3c966a31b..a15640668 100644 Binary files a/certs/ed25519/server-ed25519-key.der and b/certs/ed25519/server-ed25519-key.der differ diff --git a/certs/ed25519/server-ed25519-key.pem b/certs/ed25519/server-ed25519-key.pem index 1f1e769ce..60d9106c1 100644 --- a/certs/ed25519/server-ed25519-key.pem +++ b/certs/ed25519/server-ed25519-key.pem @@ -1,4 +1,4 @@ -----BEGIN EDDSA PRIVATE KEY----- -MFICAQAwBQYDK2VwBCIEINjpdrI/H/eIdfXd+HrGSTBu6Z/LnR4rwBjvu3WJ5ndn -oSIEIBowiBhHL5faBPSk471sDBa5SMHRQteOkoSgdCpDng4p +MFICAQAwBQYDK2VwBCIEIAIvxf+6jtDSvwOOdo/IhoBxh5cx4kCs37uQFVJuJKE5 +oSIEIGFd7LdFk8mEe2ghSk30BIu9zWxdPbdiLC0lwyJJyIby -----END EDDSA PRIVATE KEY----- diff --git a/certs/ed25519/server-ed25519-priv.der b/certs/ed25519/server-ed25519-priv.der new file mode 100644 index 000000000..2245c976d Binary files /dev/null and b/certs/ed25519/server-ed25519-priv.der differ diff --git a/certs/ed25519/server-ed25519-priv.pem b/certs/ed25519/server-ed25519-priv.pem new file mode 100644 index 000000000..86b0d2843 --- /dev/null +++ b/certs/ed25519/server-ed25519-priv.pem @@ -0,0 +1,3 @@ +-----BEGIN PRIVATE KEY----- +MC4CAQAwBQYDK2VwBCIEIAIvxf+6jtDSvwOOdo/IhoBxh5cx4kCs37uQFVJuJKE5 +-----END PRIVATE KEY----- diff --git a/certs/ed25519/server-ed25519.der b/certs/ed25519/server-ed25519.der index 9dc76898a..1100e971d 100644 Binary files a/certs/ed25519/server-ed25519.der and b/certs/ed25519/server-ed25519.der differ diff --git a/certs/ed25519/server-ed25519.pem b/certs/ed25519/server-ed25519.pem index cafd77a99..e38cb58bb 100644 --- a/certs/ed25519/server-ed25519.pem +++ b/certs/ed25519/server-ed25519.pem @@ -1,30 +1,30 @@ -----BEGIN CERTIFICATE----- -MIICSzCCAf2gAwIBAgIIAdCSEGpaRlcwBQYDK2VwMIGdMQswCQYDVQQGEwJVUzEQ -MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjELMAkGA1UEBAwCQ0Ex -EDAOBgNVBAoMB3dvbGZTU0wxEDAOBgNVBAsMB0VEMjU1MTkxGDAWBgNVBAMMD3d3 -dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAi -GA8yMDE3MDUyODIzMjYyOVoYDzIwMTkwNTI5MjMyNjI5WjCBnzELMAkGA1UEBhMC -VVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xDTALBgNVBAQM -BExlYWYxEDAOBgNVBAoMB3dvbGZTU0wxEDAOBgNVBAsMB0VEMjU1MTkxGDAWBgNV -BAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3Ns -LmNvbTAqMAUGAytlcAMhABowiBhHL5faBPSk471sDBa5SMHRQteOkoSgdCpDng4p -o1MwUTAdBgNVHQ4EFgQU9rKEGpW0cDJT/tnrmymAS9a18cAwHwYDVR0jBBgwFoAU -ktUL2vEEi7mhiwMCn1gANTYHeskwDwYDVR0PAQH/BAUDAgbAADAFBgMrZXADQQAS -VncMlkKY2skVbE5IlQUd0Hgy+IZGmkabZIsxsBlrd5mL//wCNgULaTeHYnXaUCwt -XVKUPwCdGEVvNxKO9OQA +MIICUjCCAgSgAwIBAgIQAM3yL77cB/q7ZQPi/+pqmTAFBgMrZXAwgZ0xCzAJBgNV +BAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMQswCQYD +VQQEDAJDQTEQMA4GA1UECgwHd29sZlNTTDEQMA4GA1UECwwHRUQyNTUxOTEYMBYG +A1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZz +c2wuY29tMCIYDzIwMTgwNDEyMTYyMjE3WhgPMjAyMTAxMDcxNTIyMTdaMIGfMQsw +CQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEN +MAsGA1UEBAwETGVhZjEQMA4GA1UECgwHd29sZlNTTDEQMA4GA1UECwwHRUQyNTUx +OTEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZv +QHdvbGZzc2wuY29tMCowBQYDK2VwAyEAYV3st0WTyYR7aCFKTfQEi73NbF09t2Is +LSXDIknIhvKjUjBQMB0GA1UdDgQWBBQzyChjjPRX7h6wxxISdoqAMDrLEDAfBgNV +HSMEGDAWgBSSP5ZyAvphHCFtiN3r3TybF8SftzAOBgNVHQ8BAf8EBAMCBsAwBQYD +K2VwA0EAFYiG/GbR4PbPyQlG0FDiAV33z1e4upCEy/EkS++llX1pkoioiWPMkEDC +QTpAdrEtqKiXyXPHgjAkYbCqyqpoAA== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIICWTCCAgugAwIBAgIIAfbhPrx5oYUwBQYDK2VwMIGfMQswCQYDVQQGEwJVUzEQ -MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjENMAsGA1UEBAwEUm9v -dDEQMA4GA1UECgwHd29sZlNTTDEQMA4GA1UECwwHRUQyNTUxOTEYMBYGA1UEAwwP -d3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29t -MCIYDzIwMTcwNTI4MjMyNjI5WhgPMjAxOTA1MjkyMzI2MjlaMIGdMQswCQYDVQQG -EwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjELMAkGA1UE -BAwCQ0ExEDAOBgNVBAoMB3dvbGZTU0wxEDAOBgNVBAsMB0VEMjU1MTkxGDAWBgNV -BAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3Ns -LmNvbTAqMAUGAytlcAMhAEEH7HUMaHISPASCB24Wb0BBbaSPCPLinadDwiQomH6s -o2EwXzAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBSS1Qva8QSLuaGLAwKfWAA1Ngd6 -yTAfBgNVHSMEGDAWgBSGwCfpnvqFwf3jb/xUWXI3xzOSuzAPBgNVHQ8BAf8EBQMC -AcYAMAUGAytlcANBACIbBhfAEXQfZNGj9nsGABoLUI7rsWOSRbrc4sFoFCMMbiyV -PLEcGSeYUD5VUczESVivuUZP7ZxXOAQp1KkS/gg= +MIICYDCCAhKgAwIBAgIQAIC6aHfvpeVCfcZzLFSFuDAFBgMrZXAwgZ8xCzAJBgNV +BAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMQ0wCwYD +VQQEDARSb290MRAwDgYDVQQKDAd3b2xmU1NMMRAwDgYDVQQLDAdFRDI1NTE5MRgw +FgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29s +ZnNzbC5jb20wIhgPMjAxODA0MTIxNjIyMTdaGA8yMDIxMDEwNzE1MjIxN1owgZ0x +CzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFu +MQswCQYDVQQEDAJDQTEQMA4GA1UECgwHd29sZlNTTDEQMA4GA1UECwwHRUQyNTUx +OTEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZv +QHdvbGZzc2wuY29tMCowBQYDK2VwAyEAZap/BaQENKDqrR+phvDYf3LfqQ4ToDhm +Jl7rSDCASEmjYDBeMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFJI/lnIC+mEcIW2I +3evdPJsXxJ+3MB8GA1UdIwQYMBaAFP4BRn9vKz4csG/hzE0CJfdNCpW4MA4GA1Ud +DwEB/wQEAwIBxjAFBgMrZXADQQBMQNB/vPv0ohpY9nLj6NoYDZTcDv3B5wKleu7L +wn76ofwVmv4e4Dfff6t2UAbUPRplcz+S1ERip0yzKgGH4wYG -----END CERTIFICATE----- diff --git a/certs/external/include.am b/certs/external/include.am index 4f242068b..05bf83968 100644 --- a/certs/external/include.am +++ b/certs/external/include.am @@ -4,4 +4,5 @@ EXTRA_DIST += \ certs/external/ca-globalsign-root-r3.pem \ + certs/external/ca-digicert-ev.pem \ certs/external/baltimore-cybertrust-root.pem diff --git a/certs/include.am b/certs/include.am old mode 100755 new mode 100644 index 55e8632f2..4964f59de --- a/certs/include.am +++ b/certs/include.am @@ -8,6 +8,8 @@ EXTRA_DIST += \ certs/client-cert.pem \ certs/client-keyEnc.pem \ certs/client-key.pem \ + certs/client-uri-cert.pem \ + certs/client-relative-uri.pem \ certs/ecc-key.pem \ certs/ecc-privkey.pem \ certs/ecc-keyPkcs8Enc.pem \ @@ -63,23 +65,6 @@ EXTRA_DIST += \ certs/server-ecc-self.der \ certs/server-ecc-rsa.der \ certs/server-cert-chain.der -EXTRA_DIST += \ - certs/ed25519/ca-ed25519.der \ - certs/ed25519/ca-ed25519-key.der \ - certs/ed25519/ca-ed25519-key.pem \ - certs/ed25519/ca-ed25519.pem \ - certs/ed25519/client-ed25519.der \ - certs/ed25519/client-ed25519-key.der \ - certs/ed25519/client-ed25519-key.pem \ - certs/ed25519/client-ed25519.pem \ - certs/ed25519/root-ed25519.der \ - certs/ed25519/root-ed25519-key.der \ - certs/ed25519/root-ed25519-key.pem \ - certs/ed25519/root-ed25519.pem \ - certs/ed25519/server-ed25519.der \ - certs/ed25519/server-ed25519-key.der \ - certs/ed25519/server-ed25519-key.pem \ - certs/ed25519/server-ed25519.pem # ECC CA prime256v1 EXTRA_DIST += \ @@ -99,7 +84,11 @@ dist_doc_DATA+= certs/taoCert.txt EXTRA_DIST+= certs/ntru-key.raw +include certs/1024/include.am +include certs/crl/include.am +include certs/ecc/include.am +include certs/ed25519/include.am +include certs/external/include.am +include certs/ocsp/include.am include certs/test/include.am include certs/test-pathlen/include.am -include certs/test/include.am -include certs/ecc/include.am diff --git a/certs/ntru-cert.pem b/certs/ntru-cert.pem index 0a6de9f15..47677f70b 100644 --- a/certs/ntru-cert.pem +++ b/certs/ntru-cert.pem @@ -1,28 +1,29 @@ -----BEGIN CERTIFICATE----- -MIIEzzCCA7egAwIBAgIIAVNfm0lhPEQwDQYJKoZIhvcNAQEFBQAwgZQxCzAJBgNV -BAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYD -VQQKDAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3 -LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMCIY -DzIwMTYwODEwMjEwNzUxWhgPMjAxOTA1MDgyMTA3NTFaMIGKMQswCQYDVQQGEwJV -UzELMAkGA1UECAwCT1IxETAPBgNVBAcMCFBvcnRsYW5kMQ4wDAYDVQQKDAV5YVNT -TDEUMBIGA1UECwwLRGV2ZWxvcG1lbnQxFjAUBgNVBAMMDXd3dy55YXNzbC5jb20x -HTAbBgkqhkiG9w0BCQEWDmluZm9AeWFzc2wuY29tMIICTTAaBgsrBgEEAcEWAQEB -AQYLKwYBBAHBFgEBAi4DggItAASCAijLUTkEtmdP3XEQ1fYC88/8P8FWqx1kiHFU -GjaK22nUi1i1bsqu+k61/sUzbATXavpA2ay2MUbO9f5YpYYPOLdSCaWrNd9nzlxa -lzqj67x/h7qSKubotJd4U0Bk084Hjqbkxt1MK8SkUz7nFHVbvBmh29WNAyuzf6jt -03Hrc+/tUHLKAEvrygkymsFl9ArSGi141AusGIX0vkN5T+4JfSkFACi3Ux43eCFA -1M7qGUbOl7ylUF76Y6ME7e/uEDa/kIBGu/r52u1yxbxLCJOZPjtJYFaXGgDN4Xal -QWoeTP/7GICdZEttivaxI5Z0IAxt+DlQcLMm3xlppnzVD0FqRR9SQbJ1pvGt2eQO -7D7Y9mJsJU+DCpp4fB42q0JqM/j8w3WwbzN5AOyA9XMiUCHM1c/k5L2GpX6Rs+VS -bhr0uiTo8/ux3ca5l/aHlmlBLcBPNDrasrCCKrs7Tok6ek2R3o3umCmKIGSgcLEv -Ifyg/c/6jc3tipSQkYbtIiitBXoiGk/eEd9fxkhp/+qtOKWUnNsaJUC09KOsA7TB -bK4hJGzzR5TL/45FjDJCspKmOnASaO51hGaoWAyMZPFsCwfkEg9/84bfmw8YmD6k -qBwtkYDrqRHJZB1enmQ61TogoIcxO1F7EPGOCih+Av5xcgWmjD/4Y8lvBCBkHKDh -Adp0B3QFk481vAdk2A5lbeuizXajvWGhvWY2Wzc/Ge3YjcYvo5C34Sx/Ujd5r8Aw -DQYJKoZIhvcNAQEFBQADggEBAFPgoyA+vFwaEeuJ5AxuOEwWyqfLqjBbW3MrMXd3 -LqUd+7VmXW7MGgMtyvXDrVi+PCCAdXijKpHgiHdUNz59JmYliAH75tI+EdsQsO3T -zxNZiM/++K5w2o2NFiz4LOm95IxAsXnviYNMBOrzdn4RaAYQ1NYiho6h85SBlfYY -m8kYktgQ4iok9oCkSeKzFDOZbl5ax+iHvSqpcWQmJxU9D2HzToO5kCN2zAHfxowt -PT9SDnIYxzivTbG39HSdG/+p/paVIb7Kj1VOmQjz7e7hYztmqIV2BPg34MNOxKv0 -JBIqYQH/F1p9N03IQREMXbh9XNlv35PX5pFj14k8NuhiEhs= +MIIE8DCCA9igAwIBAgIQAJRoi3ieHovpl5HPgCG/LTANBgkqhkiG9w0BAQUFADCB +lDELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVt +YW4xETAPBgNVBAoMCFNhd3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYD +VQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNz +bC5jb20wIhgPMjAxODA0MTIxNjIzMDJaGA8yMDIxMDEwNzE1MjMwMlowgaMxCzAJ +BgNVBAYTAlVTMQ8wDQYDVQQIDAZPcmdlb24xETAPBgNVBAcMCFBvcnRsYW5kMQ0w +CwYDVQQEDARUZXN0MRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9w +bWVudDEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBp +bmZvQHdvbGZzc2wuY29tMIICTTAaBgsrBgEEAcEWAQEBAQYLKwYBBAHBFgEBAi4D +ggItAASCAiiZEHm4vGsXiO64RwVglZIonsSRfqdQno0pBIk93shwAryAnF7ufVJf +4+Bhb9E4GJap88Kof6kSF8FsyWYU3xly0ZSitmGCHXpF7pqQ2V5n1n6mnvYcV4Ql +WR0tPe+1CEkxYsdQaIr7QXLW5ZW4rmZGmL42uioCro4k13x/YhWBsmHuo1C3vnj8 +t5D215pZ6FOD1SMcWIwEzQVncLzvMIous804sY5WYvGzJAkmSv+hgWY52+CoYxUU +LlYA81m5VksOLV8DxsNRvRIOYiUkBqKxzXMcuoOO/TzS/POYoyZ/DupuveP8fNFn +GuvpFwApCFEfVSz3uwHctziuQUnXvpstRY6mmdqbipISrddXwxfTgIp//M4JlV8X +wC3PrfoGx4xR6xmu0iUaJuBmwx1D4l0m4dPXFLKrMV+evZVo5rlYPBbNot7c9BeN +yE9nqnsKFT2PphPM1JlSEQHTZoVYGopAVRES/L+wBiy023gjU3Q9/HrQy5TWwkwH +RhyhvP1WTumNCB6Z+cofi02e7CJr20BX0+T9Q6xkOiX2rZ7bii4j68lxITcs7mWk +FHvlgWk+sdxZ0CPm+V4VmU7kRouZVmXuTE8lZuXByayKiDEUcB7fC7uynV7Vd+UR +XaXw2iU6ytK1qPw2i5O3cCO+BSjDYyVDHrvaJOfyi+1WfzZLJav3ogm5FtaUmr/+ +tAe/4sxscqwUmmPjgab5y+WL9AMXNEuUJnBGG4R3MwAwDQYJKoZIhvcNAQEFBQAD +ggEBAKFpalpswsMwzjLbT2UL/TpR8CpQ5tdN0OmDvW6Rr70RgFp8FDT50+H9b+Db +OdoT8CI5dlTK47sN/R/Q1IoABUr8ymW4oFwSmyNgEK4RdQg4MN9PEeChR0V1TLKM +p77IMksd9RZpiDsrmZl+rOTwGDkt+7INZmyvrJqurjmxYYZs4UsgEivUPZqA48xF +LbwLdfifLe0O+2tDixiiVPdL5RarT90SVB1yyU7EMHUmI4Mv6dssn9qd0Wou1fVf +bL66woDcr/vkV9O94RqlKsWKSnHNKQxmItHM3yO5yWWpTcITQLokyVPBxl1e3cT0 +Hln0y5owdmjr0+rPnvUZoZROfto= -----END CERTIFICATE----- diff --git a/certs/ntru-key.raw b/certs/ntru-key.raw index 46b41aebe..725f6c82a 100644 Binary files a/certs/ntru-key.raw and b/certs/ntru-key.raw differ diff --git a/certs/ocsp/intermediate1-ca-cert.pem b/certs/ocsp/intermediate1-ca-cert.pem index 42f681889..a0593b2f7 100644 --- a/certs/ocsp/intermediate1-ca-cert.pem +++ b/certs/ocsp/intermediate1-ca-cert.pem @@ -5,8 +5,8 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com Validity - Not Before: Dec 30 19:12:46 2015 GMT - Not After : Sep 25 19:12:46 2018 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL intermediate CA 1/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -47,27 +47,27 @@ Certificate: OCSP - URI:http://127.0.0.1:22220 Signature Algorithm: sha256WithRSAEncryption - 0f:a2:19:93:09:2f:c8:c5:91:62:2b:1e:9c:69:93:ea:5f:f1: - 5e:b8:15:8e:0f:c9:82:08:3a:6b:60:3f:ad:1b:fa:47:94:a7: - 31:33:34:6c:cf:09:63:fd:8c:de:62:c4:2e:5f:71:19:2e:a8: - 96:63:37:16:e7:bf:37:67:2d:46:36:72:d0:e4:03:a7:89:a1: - e4:4c:2f:76:31:79:0d:84:ae:c8:61:cf:98:03:2f:12:fc:17: - 60:60:88:b0:96:a0:a8:59:f5:96:1d:3d:1e:e0:c0:26:fd:1b: - 3e:42:73:ad:1d:39:0f:ff:d9:f0:71:52:e3:9a:9b:7a:b4:a2: - af:50:e7:33:7f:66:40:65:bd:31:0c:c9:21:b0:d1:3f:df:b6: - 77:e5:05:ca:24:b9:72:c9:82:c6:9f:be:12:f6:5d:39:34:b7: - 20:df:e1:24:c3:b2:fe:98:b6:d3:6c:3e:43:62:6b:e2:6d:56: - 65:99:3e:aa:2e:a8:cb:82:2d:9b:11:da:8a:b6:63:20:12:c7: - a0:5b:5d:5b:09:29:47:50:ad:4e:1f:68:29:d2:d9:0e:5f:5c: - 83:e8:e6:fd:c7:e5:f9:14:0d:14:8e:6e:34:dd:4f:ec:01:75: - 54:2d:24:c8:c6:98:c3:7f:d8:1d:4f:c5:ae:e0:b2:8e:f5:a8: - bb:4b:1f:aa + 18:a3:09:fe:c3:53:c7:ce:11:f0:36:86:43:9c:46:9b:43:42: + a0:20:6e:b6:32:29:34:22:fa:27:a1:00:0c:e5:51:c3:35:7b: + 2f:ce:2c:48:7f:47:cf:1b:45:f9:30:b2:d0:17:15:a0:c3:a8: + 3a:e4:5f:a4:96:e4:25:ea:4e:80:90:2e:8d:f5:19:98:ae:2a: + 6d:39:f0:06:8f:e6:0b:c4:2b:dd:07:4a:ad:3d:34:11:79:3d: + 15:db:65:c6:33:60:6b:2f:2d:47:26:bb:91:53:28:35:5c:fd: + 57:3b:27:1b:a1:85:03:24:74:84:f4:f2:b2:e3:53:41:83:9c: + 6b:5a:0c:0f:3b:c4:5f:a7:4b:8b:04:f2:0d:f5:81:aa:16:33: + d2:f4:f5:8d:83:c1:10:2d:57:55:f8:d3:16:62:27:50:b2:57: + 20:1d:a3:07:0c:b8:8d:c5:5a:2f:d9:d3:c4:6a:c3:1e:51:10: + de:7e:60:cf:d0:78:2c:00:d4:da:df:de:de:ee:ed:1d:25:da: + 6c:9f:57:69:2a:f1:a2:6c:8a:fe:72:c0:57:9f:f8:6e:b7:47: + f1:4f:f6:4b:9c:a2:2a:d2:10:9c:4e:bc:b4:8a:a2:8e:51:5a: + c1:e7:9c:f1:7c:9c:f9:7d:d7:9c:8f:ed:e9:57:91:0a:6c:4b: + b4:ac:6f:30 -----BEGIN CERTIFICATE----- MIIE8DCCA9igAwIBAgIBATANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM -IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx -MjMwMTkxMjQ2WhcNMTgwOTI1MTkxMjQ2WjCBoTELMAkGA1UEBhMCVVMxEzARBgNV +IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTgw +NDEzMTUyMzEwWhcNMjEwMTA3MTUyMzEwWjCBoTELMAkGA1UEBhMCVVMxEzARBgNV BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSIwIAYDVQQDDBl3b2xmU1NMIGludGVy bWVkaWF0ZSBDQSAxMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIB @@ -84,12 +84,12 @@ DAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdpbmVlcmlu ZzEYMBYGA1UEAwwPd29sZlNTTCByb290IENBMR8wHQYJKoZIhvcNAQkBFhBpbmZv QHdvbGZzc2wuY29tggFjMAsGA1UdDwQEAwIBBjAyBggrBgEFBQcBAQQmMCQwIgYI KwYBBQUHMAGGFmh0dHA6Ly8xMjcuMC4wLjE6MjIyMjAwDQYJKoZIhvcNAQELBQAD -ggEBAA+iGZMJL8jFkWIrHpxpk+pf8V64FY4PyYIIOmtgP60b+keUpzEzNGzPCWP9 -jN5ixC5fcRkuqJZjNxbnvzdnLUY2ctDkA6eJoeRML3YxeQ2Ershhz5gDLxL8F2Bg -iLCWoKhZ9ZYdPR7gwCb9Gz5Cc60dOQ//2fBxUuOam3q0oq9Q5zN/ZkBlvTEMySGw -0T/ftnflBcokuXLJgsafvhL2XTk0tyDf4STDsv6YttNsPkNia+JtVmWZPqouqMuC -LZsR2oq2YyASx6BbXVsJKUdQrU4faCnS2Q5fXIPo5v3H5fkUDRSObjTdT+wBdVQt -JMjGmMN/2B1Pxa7gso71qLtLH6o= +ggEBABijCf7DU8fOEfA2hkOcRptDQqAgbrYyKTQi+iehAAzlUcM1ey/OLEh/R88b +RfkwstAXFaDDqDrkX6SW5CXqToCQLo31GZiuKm058AaP5gvEK90HSq09NBF5PRXb +ZcYzYGsvLUcmu5FTKDVc/Vc7JxuhhQMkdIT08rLjU0GDnGtaDA87xF+nS4sE8g31 +gaoWM9L09Y2DwRAtV1X40xZiJ1CyVyAdowcMuI3FWi/Z08Rqwx5REN5+YM/QeCwA +1Nrf3t7u7R0l2myfV2kq8aJsiv5ywFef+G63R/FP9kucoirSEJxOvLSKoo5RWsHn +nPF8nPl915yP7elXkQpsS7SsbzA= -----END CERTIFICATE----- Certificate: Data: @@ -98,8 +98,8 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com Validity - Not Before: Dec 30 19:12:46 2015 GMT - Not After : Sep 25 19:12:46 2018 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -140,27 +140,27 @@ Certificate: OCSP - URI:http://127.0.0.1:22220 Signature Algorithm: sha256WithRSAEncryption - 99:a3:7d:72:17:b7:c0:cd:98:bb:55:fa:f2:ea:9f:17:81:6e: - 8e:02:25:c6:4d:42:cd:32:64:13:f4:bf:42:0c:a6:4e:39:45: - 52:92:40:ed:16:78:17:a2:45:5e:d9:19:ac:1d:d4:56:68:c8: - 55:de:65:ae:ba:72:b0:c0:57:52:5e:5b:08:d9:dd:72:ca:18: - 6e:16:61:32:9a:8b:c0:7d:3e:5a:27:bc:2d:81:aa:36:d4:44: - 26:52:07:f2:41:3b:d1:0f:2e:64:2e:a7:f8:0f:c3:0e:d3:9d: - 73:b9:24:12:e8:ca:28:db:4f:48:c2:43:bb:b7:a8:14:be:8d: - 3a:2f:d3:3a:1a:eb:5f:15:61:e3:e8:03:65:88:d5:03:7e:25: - 7a:35:8d:45:17:3f:0d:10:fd:8e:27:31:65:ee:de:9d:5c:68: - 7f:68:95:bc:85:5a:fa:2a:10:37:82:ca:11:84:9b:90:1e:23: - d6:2b:a6:c5:af:89:ef:31:37:56:0a:91:9e:0f:5b:3e:6c:c1: - 7d:29:cd:bb:38:3f:0e:cb:fb:05:04:e6:4f:5c:6a:c5:b6:a4: - 0f:0b:6a:25:bf:e9:ed:82:19:bb:6b:9a:2e:7d:40:58:0b:45: - 0e:ff:c2:73:39:9c:c2:ef:f4:7c:d0:9e:ae:c9:05:e1:e3:5e: - bf:dd:65:6d + 6b:10:b1:f8:cb:77:ef:72:f5:f8:fc:70:6d:18:dc:34:fe:d7: + 95:d8:fd:85:8e:ca:4b:f3:be:1f:eb:14:08:dc:23:34:78:98: + 39:d7:9f:c3:52:f6:14:3d:e9:de:5c:c2:d8:b1:4b:a8:4c:5b: + 91:42:66:da:7f:3c:e9:03:20:5e:08:0f:76:79:b9:21:10:89: + b7:73:46:44:7e:6e:28:0c:00:e4:f4:3e:65:aa:f5:c6:27:57: + 2c:bb:1d:ae:e5:94:57:a3:73:9e:6b:44:00:35:4a:f3:c7:34: + 9c:a2:a7:aa:62:9f:1d:ef:a8:6c:be:07:ad:ef:ae:ee:93:0b: + ba:c3:59:4e:90:40:2d:00:5e:f0:0f:0a:de:18:2a:b3:97:31: + 63:84:ff:18:1c:b6:d8:7d:ee:33:ed:99:f0:f5:7f:88:58:b3: + 0d:90:db:eb:44:7e:06:37:61:d4:34:b9:f6:fd:3e:8d:07:e4: + b5:b0:ae:09:ce:98:e4:b0:1b:d5:7b:53:94:dd:8a:b2:20:d6: + b0:72:f8:b1:bc:76:df:16:86:39:7b:e4:a9:15:47:57:ae:ca: + 41:d6:3a:ba:15:d1:c0:b5:38:66:0b:0f:80:8b:a2:07:b4:fc: + 80:1f:a3:4c:1f:d2:65:97:c1:2c:ae:46:31:61:49:0d:d7:5f: + ac:d2:a6:05 -----BEGIN CERTIFICATE----- MIIE5jCCA86gAwIBAgIBYzANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM -IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx -MjMwMTkxMjQ2WhcNMTgwOTI1MTkxMjQ2WjCBlzELMAkGA1UEBhMCVVMxEzARBgNV +IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTgw +NDEzMTUyMzEwWhcNMjEwMTA3MTUyMzEwWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NMIHJvb3Qg Q0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3 @@ -176,11 +176,11 @@ A1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUx EDAOBgNVBAoMB3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQD DA93b2xmU1NMIHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j b22CAWMwCwYDVR0PBAQDAgEGMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYW -aHR0cDovLzEyNy4wLjAuMToyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAmaN9che3 -wM2Yu1X68uqfF4FujgIlxk1CzTJkE/S/QgymTjlFUpJA7RZ4F6JFXtkZrB3UVmjI -Vd5lrrpysMBXUl5bCNndcsoYbhZhMpqLwH0+Wie8LYGqNtREJlIH8kE70Q8uZC6n -+A/DDtOdc7kkEujKKNtPSMJDu7eoFL6NOi/TOhrrXxVh4+gDZYjVA34lejWNRRc/ -DRD9jicxZe7enVxof2iVvIVa+ioQN4LKEYSbkB4j1iumxa+J7zE3VgqRng9bPmzB -fSnNuzg/Dsv7BQTmT1xqxbakDwtqJb/p7YIZu2uaLn1AWAtFDv/Cczmcwu/0fNCe -rskF4eNev91lbQ== +aHR0cDovLzEyNy4wLjAuMToyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAaxCx+Mt3 +73L1+PxwbRjcNP7Xldj9hY7KS/O+H+sUCNwjNHiYOdefw1L2FD3p3lzC2LFLqExb +kUJm2n886QMgXggPdnm5IRCJt3NGRH5uKAwA5PQ+Zar1xidXLLsdruWUV6NznmtE +ADVK88c0nKKnqmKfHe+obL4Hre+u7pMLusNZTpBALQBe8A8K3hgqs5cxY4T/GBy2 +2H3uM+2Z8PV/iFizDZDb60R+Bjdh1DS59v0+jQfktbCuCc6Y5LAb1XtTlN2KsiDW +sHL4sbx23xaGOXvkqRVHV67KQdY6uhXRwLU4ZgsPgIuiB7T8gB+jTB/SZZfBLK5G +MWFJDddfrNKmBQ== -----END CERTIFICATE----- diff --git a/certs/ocsp/intermediate2-ca-cert.pem b/certs/ocsp/intermediate2-ca-cert.pem index cacb413d2..7305fe0e1 100644 --- a/certs/ocsp/intermediate2-ca-cert.pem +++ b/certs/ocsp/intermediate2-ca-cert.pem @@ -5,8 +5,8 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com Validity - Not Before: Dec 30 19:12:46 2015 GMT - Not After : Sep 25 19:12:46 2018 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL intermediate CA 2/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -47,27 +47,27 @@ Certificate: OCSP - URI:http://127.0.0.1:22220 Signature Algorithm: sha256WithRSAEncryption - 1d:d6:14:6c:f5:cc:f9:c9:0d:c4:27:c1:50:49:ab:d7:39:6e: - 86:31:cf:67:99:c0:5d:37:d0:14:ee:d8:e3:da:17:a5:82:c2: - 25:86:33:28:0d:f6:ca:6b:7a:c7:72:f1:d8:b9:20:27:ee:0c: - 7d:77:e5:8b:03:46:9a:f8:99:6a:8e:57:1a:c9:a2:b1:79:d6: - b6:b6:e5:1a:39:80:2e:88:2b:17:c8:b9:36:37:38:58:8a:f0: - 62:68:97:25:b5:7a:62:5c:4d:22:2c:30:62:0c:11:f0:4d:70: - 95:c7:2d:9e:ab:c5:ef:2e:a4:29:25:8b:e2:e4:d2:9d:2c:5e: - 60:79:36:98:13:a8:38:6c:00:0d:6a:f0:11:3c:3f:d8:f9:6b: - 16:d1:61:f9:db:53:56:02:43:56:a8:01:3b:88:77:91:a5:6e: - a0:ab:2c:6c:e6:ec:cf:ff:5a:07:94:ea:49:92:d4:87:98:f8: - 89:f0:f7:4f:77:b0:df:c9:89:03:76:d9:31:30:86:f7:e9:8a: - 74:fa:f2:b2:f3:4d:f7:43:41:48:9c:1f:db:ea:23:e3:1e:4c: - 15:76:92:e0:f8:ce:71:35:fd:25:f0:97:cd:99:5d:2c:af:33: - 64:5e:bd:be:35:e3:53:78:6c:10:c8:0e:cc:83:e5:d9:2e:7a: - d9:6d:52:95 + 92:6e:c1:af:88:af:46:f2:6e:8a:8c:27:06:8e:b4:38:35:9b: + 47:92:24:20:e5:a5:13:d8:35:d3:2e:37:ca:74:47:e5:16:a3: + 03:63:16:b4:28:2b:d9:04:ab:ee:e4:0a:e5:87:da:d4:00:3a: + 53:c6:c9:25:6a:8f:49:d2:2e:34:f2:40:65:6e:02:fc:b9:42: + 3f:ef:cb:8c:79:84:03:84:dc:a0:68:1e:c7:c7:36:8c:60:14: + 55:f2:5f:f9:c1:3f:2b:f6:a2:1e:34:1f:83:ba:73:bc:b7:62: + bc:97:66:84:09:b9:2d:76:71:c8:91:fd:e2:e1:39:cf:dd:ec: + 98:a8:49:69:89:a8:18:2a:42:e7:fc:ab:2c:cf:13:ab:63:fe: + b0:19:ea:1a:38:22:16:11:31:34:43:fc:50:c6:ec:19:97:03: + db:e8:07:28:48:88:3a:e5:35:a2:fd:83:12:df:55:70:72:61: + 0d:f8:66:18:52:58:c9:46:97:86:31:9e:a2:43:0c:b9:0f:d3: + eb:35:c9:e5:19:4e:b4:8b:d2:ac:ea:bf:83:2a:48:9d:20:a0: + 08:45:60:92:8a:27:06:93:77:74:bb:0e:22:8e:54:17:f2:d4: + e7:7f:f3:90:4d:cc:75:e7:16:c5:9c:4a:cf:dc:f2:19:18:12: + f5:72:8e:2e -----BEGIN CERTIFICATE----- MIIE8DCCA9igAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM -IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx -MjMwMTkxMjQ2WhcNMTgwOTI1MTkxMjQ2WjCBoTELMAkGA1UEBhMCVVMxEzARBgNV +IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTgw +NDEzMTUyMzEwWhcNMjEwMTA3MTUyMzEwWjCBoTELMAkGA1UEBhMCVVMxEzARBgNV BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSIwIAYDVQQDDBl3b2xmU1NMIGludGVy bWVkaWF0ZSBDQSAyMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIB @@ -84,12 +84,12 @@ DAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdpbmVlcmlu ZzEYMBYGA1UEAwwPd29sZlNTTCByb290IENBMR8wHQYJKoZIhvcNAQkBFhBpbmZv QHdvbGZzc2wuY29tggFjMAsGA1UdDwQEAwIBBjAyBggrBgEFBQcBAQQmMCQwIgYI KwYBBQUHMAGGFmh0dHA6Ly8xMjcuMC4wLjE6MjIyMjAwDQYJKoZIhvcNAQELBQAD -ggEBAB3WFGz1zPnJDcQnwVBJq9c5boYxz2eZwF030BTu2OPaF6WCwiWGMygN9spr -esdy8di5ICfuDH135YsDRpr4mWqOVxrJorF51ra25Ro5gC6IKxfIuTY3OFiK8GJo -lyW1emJcTSIsMGIMEfBNcJXHLZ6rxe8upCkli+Lk0p0sXmB5NpgTqDhsAA1q8BE8 -P9j5axbRYfnbU1YCQ1aoATuId5GlbqCrLGzm7M//WgeU6kmS1IeY+Inw9093sN/J -iQN22TEwhvfpinT68rLzTfdDQUicH9vqI+MeTBV2kuD4znE1/SXwl82ZXSyvM2Re -vb4141N4bBDIDsyD5dkuetltUpU= +ggEBAJJuwa+Ir0byboqMJwaOtDg1m0eSJCDlpRPYNdMuN8p0R+UWowNjFrQoK9kE +q+7kCuWH2tQAOlPGySVqj0nSLjTyQGVuAvy5Qj/vy4x5hAOE3KBoHsfHNoxgFFXy +X/nBPyv2oh40H4O6c7y3YryXZoQJuS12cciR/eLhOc/d7JioSWmJqBgqQuf8qyzP +E6tj/rAZ6ho4IhYRMTRD/FDG7BmXA9voByhIiDrlNaL9gxLfVXByYQ34ZhhSWMlG +l4YxnqJDDLkP0+s1yeUZTrSL0qzqv4MqSJ0goAhFYJKKJwaTd3S7DiKOVBfy1Od/ +85BNzHXnFsWcSs/c8hkYEvVyji4= -----END CERTIFICATE----- Certificate: Data: @@ -98,8 +98,8 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com Validity - Not Before: Dec 30 19:12:46 2015 GMT - Not After : Sep 25 19:12:46 2018 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -140,27 +140,27 @@ Certificate: OCSP - URI:http://127.0.0.1:22220 Signature Algorithm: sha256WithRSAEncryption - 99:a3:7d:72:17:b7:c0:cd:98:bb:55:fa:f2:ea:9f:17:81:6e: - 8e:02:25:c6:4d:42:cd:32:64:13:f4:bf:42:0c:a6:4e:39:45: - 52:92:40:ed:16:78:17:a2:45:5e:d9:19:ac:1d:d4:56:68:c8: - 55:de:65:ae:ba:72:b0:c0:57:52:5e:5b:08:d9:dd:72:ca:18: - 6e:16:61:32:9a:8b:c0:7d:3e:5a:27:bc:2d:81:aa:36:d4:44: - 26:52:07:f2:41:3b:d1:0f:2e:64:2e:a7:f8:0f:c3:0e:d3:9d: - 73:b9:24:12:e8:ca:28:db:4f:48:c2:43:bb:b7:a8:14:be:8d: - 3a:2f:d3:3a:1a:eb:5f:15:61:e3:e8:03:65:88:d5:03:7e:25: - 7a:35:8d:45:17:3f:0d:10:fd:8e:27:31:65:ee:de:9d:5c:68: - 7f:68:95:bc:85:5a:fa:2a:10:37:82:ca:11:84:9b:90:1e:23: - d6:2b:a6:c5:af:89:ef:31:37:56:0a:91:9e:0f:5b:3e:6c:c1: - 7d:29:cd:bb:38:3f:0e:cb:fb:05:04:e6:4f:5c:6a:c5:b6:a4: - 0f:0b:6a:25:bf:e9:ed:82:19:bb:6b:9a:2e:7d:40:58:0b:45: - 0e:ff:c2:73:39:9c:c2:ef:f4:7c:d0:9e:ae:c9:05:e1:e3:5e: - bf:dd:65:6d + 6b:10:b1:f8:cb:77:ef:72:f5:f8:fc:70:6d:18:dc:34:fe:d7: + 95:d8:fd:85:8e:ca:4b:f3:be:1f:eb:14:08:dc:23:34:78:98: + 39:d7:9f:c3:52:f6:14:3d:e9:de:5c:c2:d8:b1:4b:a8:4c:5b: + 91:42:66:da:7f:3c:e9:03:20:5e:08:0f:76:79:b9:21:10:89: + b7:73:46:44:7e:6e:28:0c:00:e4:f4:3e:65:aa:f5:c6:27:57: + 2c:bb:1d:ae:e5:94:57:a3:73:9e:6b:44:00:35:4a:f3:c7:34: + 9c:a2:a7:aa:62:9f:1d:ef:a8:6c:be:07:ad:ef:ae:ee:93:0b: + ba:c3:59:4e:90:40:2d:00:5e:f0:0f:0a:de:18:2a:b3:97:31: + 63:84:ff:18:1c:b6:d8:7d:ee:33:ed:99:f0:f5:7f:88:58:b3: + 0d:90:db:eb:44:7e:06:37:61:d4:34:b9:f6:fd:3e:8d:07:e4: + b5:b0:ae:09:ce:98:e4:b0:1b:d5:7b:53:94:dd:8a:b2:20:d6: + b0:72:f8:b1:bc:76:df:16:86:39:7b:e4:a9:15:47:57:ae:ca: + 41:d6:3a:ba:15:d1:c0:b5:38:66:0b:0f:80:8b:a2:07:b4:fc: + 80:1f:a3:4c:1f:d2:65:97:c1:2c:ae:46:31:61:49:0d:d7:5f: + ac:d2:a6:05 -----BEGIN CERTIFICATE----- MIIE5jCCA86gAwIBAgIBYzANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM -IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx -MjMwMTkxMjQ2WhcNMTgwOTI1MTkxMjQ2WjCBlzELMAkGA1UEBhMCVVMxEzARBgNV +IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTgw +NDEzMTUyMzEwWhcNMjEwMTA3MTUyMzEwWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NMIHJvb3Qg Q0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3 @@ -176,11 +176,11 @@ A1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUx EDAOBgNVBAoMB3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQD DA93b2xmU1NMIHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j b22CAWMwCwYDVR0PBAQDAgEGMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYW -aHR0cDovLzEyNy4wLjAuMToyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAmaN9che3 -wM2Yu1X68uqfF4FujgIlxk1CzTJkE/S/QgymTjlFUpJA7RZ4F6JFXtkZrB3UVmjI -Vd5lrrpysMBXUl5bCNndcsoYbhZhMpqLwH0+Wie8LYGqNtREJlIH8kE70Q8uZC6n -+A/DDtOdc7kkEujKKNtPSMJDu7eoFL6NOi/TOhrrXxVh4+gDZYjVA34lejWNRRc/ -DRD9jicxZe7enVxof2iVvIVa+ioQN4LKEYSbkB4j1iumxa+J7zE3VgqRng9bPmzB -fSnNuzg/Dsv7BQTmT1xqxbakDwtqJb/p7YIZu2uaLn1AWAtFDv/Cczmcwu/0fNCe -rskF4eNev91lbQ== +aHR0cDovLzEyNy4wLjAuMToyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAaxCx+Mt3 +73L1+PxwbRjcNP7Xldj9hY7KS/O+H+sUCNwjNHiYOdefw1L2FD3p3lzC2LFLqExb +kUJm2n886QMgXggPdnm5IRCJt3NGRH5uKAwA5PQ+Zar1xidXLLsdruWUV6NznmtE +ADVK88c0nKKnqmKfHe+obL4Hre+u7pMLusNZTpBALQBe8A8K3hgqs5cxY4T/GBy2 +2H3uM+2Z8PV/iFizDZDb60R+Bjdh1DS59v0+jQfktbCuCc6Y5LAb1XtTlN2KsiDW +sHL4sbx23xaGOXvkqRVHV67KQdY6uhXRwLU4ZgsPgIuiB7T8gB+jTB/SZZfBLK5G +MWFJDddfrNKmBQ== -----END CERTIFICATE----- diff --git a/certs/ocsp/intermediate3-ca-cert.pem b/certs/ocsp/intermediate3-ca-cert.pem index d3fc21682..365426bb5 100644 --- a/certs/ocsp/intermediate3-ca-cert.pem +++ b/certs/ocsp/intermediate3-ca-cert.pem @@ -5,8 +5,8 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com Validity - Not Before: Dec 30 19:12:46 2015 GMT - Not After : Sep 25 19:12:46 2018 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL REVOKED intermediate CA/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -47,27 +47,27 @@ Certificate: OCSP - URI:http://127.0.0.1:22220 Signature Algorithm: sha256WithRSAEncryption - 9a:47:17:70:ff:92:e7:b5:51:a0:d2:5d:f3:e3:dd:90:ec:c9: - 8f:ad:61:74:30:ba:d9:60:ba:5b:cf:da:03:4f:c8:50:5a:f4: - 5e:e0:e3:a0:ce:de:43:6c:56:e0:bc:35:e9:0d:bb:53:0e:22: - 7f:21:42:6c:2a:0f:67:b2:8a:1a:f5:e8:1f:a9:a1:90:11:d0: - ec:18:90:ba:ee:cf:d4:18:28:1b:9c:96:8e:d6:48:bd:6f:66: - 79:df:04:0d:04:d3:13:69:b8:24:15:7c:3b:bc:b9:fc:1d:dd: - cc:45:a5:c1:04:c9:d3:68:a7:de:cd:1e:aa:cc:bd:3d:f4:12: - eb:3d:01:44:11:fd:1d:bd:a0:7a:4c:24:f2:39:78:17:c1:1f: - 8c:b8:ab:01:f3:98:88:ff:bd:2c:1b:43:bb:fe:37:94:65:b4: - 3c:e6:11:8c:5d:36:de:ab:84:a5:6d:30:23:dc:ad:b1:74:24: - 2a:bb:49:f0:37:ef:db:9a:eb:4e:fc:f9:a2:47:06:3a:09:9d: - 4f:c3:c6:dc:18:90:47:42:f4:bc:8d:75:be:7c:c8:d5:47:a6: - bb:c2:1e:55:16:8f:a4:62:cc:1f:7c:cf:5a:b5:41:6d:98:f4: - 15:b9:fc:5a:3e:47:75:a0:f7:b0:df:33:54:a9:7c:f0:da:3c: - 65:c2:e6:1a + 63:bf:90:58:0c:44:08:57:7d:94:7e:eb:fd:9d:90:f6:1d:a5: + 91:2a:32:38:a7:f7:39:c2:c0:9c:93:26:bc:f4:4b:81:0a:0f: + 07:2d:4f:a9:20:9a:3e:2c:24:0c:30:10:d7:be:96:ab:ee:1f: + 2c:f8:71:7c:1a:c1:ae:b7:64:e1:7e:18:53:c3:ae:d5:04:16: + f7:e5:34:c2:d1:a3:31:d4:9b:f4:b7:c1:96:1f:a7:3c:3a:bf: + fd:06:be:76:f4:da:95:f9:6f:be:4f:24:a7:0f:b0:2c:12:4d: + d6:55:ea:f8:0a:30:91:32:4f:a3:14:6d:ec:cd:85:12:1f:da: + 78:8a:b1:9a:74:fb:fd:00:45:4a:30:83:45:16:a0:8f:b7:7f: + 23:33:91:c6:81:ac:f3:9b:cd:53:6b:9a:fa:36:9b:5d:3c:72: + a8:73:4f:1e:b5:da:ba:08:3d:9b:ca:7a:d6:c2:bf:6e:9f:a5: + 9e:db:61:bc:a5:42:a7:d4:92:4a:7e:a3:3d:1b:aa:d3:c2:93: + ad:ce:3b:0e:2b:61:44:1e:3c:61:54:0d:6a:26:21:54:c6:e0: + ed:3d:da:27:cd:89:5a:f8:1f:0f:46:80:c1:f2:80:cc:52:f1: + 7f:ce:10:68:66:3f:ee:90:25:45:d4:f8:87:f9:5d:5d:74:3d: + aa:3d:43:1c -----BEGIN CERTIFICATE----- MIIE9jCCA96gAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM -IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx -MjMwMTkxMjQ2WhcNMTgwOTI1MTkxMjQ2WjCBpzELMAkGA1UEBhMCVVMxEzARBgNV +IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTgw +NDEzMTUyMzEwWhcNMjEwMTA3MTUyMzEwWjCBpzELMAkGA1UEBhMCVVMxEzARBgNV BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSgwJgYDVQQDDB93b2xmU1NMIFJFVk9L RUQgaW50ZXJtZWRpYXRlIENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu @@ -84,12 +84,12 @@ DgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdp bmVlcmluZzEYMBYGA1UEAwwPd29sZlNTTCByb290IENBMR8wHQYJKoZIhvcNAQkB FhBpbmZvQHdvbGZzc2wuY29tggFjMAsGA1UdDwQEAwIBBjAyBggrBgEFBQcBAQQm MCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly8xMjcuMC4wLjE6MjIyMjAwDQYJKoZIhvcN -AQELBQADggEBAJpHF3D/kue1UaDSXfPj3ZDsyY+tYXQwutlgulvP2gNPyFBa9F7g -46DO3kNsVuC8NekNu1MOIn8hQmwqD2eyihr16B+poZAR0OwYkLruz9QYKBuclo7W -SL1vZnnfBA0E0xNpuCQVfDu8ufwd3cxFpcEEydNop97NHqrMvT30Eus9AUQR/R29 -oHpMJPI5eBfBH4y4qwHzmIj/vSwbQ7v+N5RltDzmEYxdNt6rhKVtMCPcrbF0JCq7 -SfA379ua6078+aJHBjoJnU/DxtwYkEdC9LyNdb58yNVHprvCHlUWj6RizB98z1q1 -QW2Y9BW5/Fo+R3Wg97DfM1SpfPDaPGXC5ho= +AQELBQADggEBAGO/kFgMRAhXfZR+6/2dkPYdpZEqMjin9znCwJyTJrz0S4EKDwct +T6kgmj4sJAwwENe+lqvuHyz4cXwawa63ZOF+GFPDrtUEFvflNMLRozHUm/S3wZYf +pzw6v/0Gvnb02pX5b75PJKcPsCwSTdZV6vgKMJEyT6MUbezNhRIf2niKsZp0+/0A +RUowg0UWoI+3fyMzkcaBrPObzVNrmvo2m108cqhzTx612roIPZvKetbCv26fpZ7b +YbylQqfUkkp+oz0bqtPCk63OOw4rYUQePGFUDWomIVTG4O092ifNiVr4Hw9GgMHy +gMxS8X/OEGhmP+6QJUXU+If5XV10Pao9Qxw= -----END CERTIFICATE----- Certificate: Data: @@ -98,8 +98,8 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com Validity - Not Before: Dec 30 19:12:46 2015 GMT - Not After : Sep 25 19:12:46 2018 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -140,27 +140,27 @@ Certificate: OCSP - URI:http://127.0.0.1:22220 Signature Algorithm: sha256WithRSAEncryption - 99:a3:7d:72:17:b7:c0:cd:98:bb:55:fa:f2:ea:9f:17:81:6e: - 8e:02:25:c6:4d:42:cd:32:64:13:f4:bf:42:0c:a6:4e:39:45: - 52:92:40:ed:16:78:17:a2:45:5e:d9:19:ac:1d:d4:56:68:c8: - 55:de:65:ae:ba:72:b0:c0:57:52:5e:5b:08:d9:dd:72:ca:18: - 6e:16:61:32:9a:8b:c0:7d:3e:5a:27:bc:2d:81:aa:36:d4:44: - 26:52:07:f2:41:3b:d1:0f:2e:64:2e:a7:f8:0f:c3:0e:d3:9d: - 73:b9:24:12:e8:ca:28:db:4f:48:c2:43:bb:b7:a8:14:be:8d: - 3a:2f:d3:3a:1a:eb:5f:15:61:e3:e8:03:65:88:d5:03:7e:25: - 7a:35:8d:45:17:3f:0d:10:fd:8e:27:31:65:ee:de:9d:5c:68: - 7f:68:95:bc:85:5a:fa:2a:10:37:82:ca:11:84:9b:90:1e:23: - d6:2b:a6:c5:af:89:ef:31:37:56:0a:91:9e:0f:5b:3e:6c:c1: - 7d:29:cd:bb:38:3f:0e:cb:fb:05:04:e6:4f:5c:6a:c5:b6:a4: - 0f:0b:6a:25:bf:e9:ed:82:19:bb:6b:9a:2e:7d:40:58:0b:45: - 0e:ff:c2:73:39:9c:c2:ef:f4:7c:d0:9e:ae:c9:05:e1:e3:5e: - bf:dd:65:6d + 6b:10:b1:f8:cb:77:ef:72:f5:f8:fc:70:6d:18:dc:34:fe:d7: + 95:d8:fd:85:8e:ca:4b:f3:be:1f:eb:14:08:dc:23:34:78:98: + 39:d7:9f:c3:52:f6:14:3d:e9:de:5c:c2:d8:b1:4b:a8:4c:5b: + 91:42:66:da:7f:3c:e9:03:20:5e:08:0f:76:79:b9:21:10:89: + b7:73:46:44:7e:6e:28:0c:00:e4:f4:3e:65:aa:f5:c6:27:57: + 2c:bb:1d:ae:e5:94:57:a3:73:9e:6b:44:00:35:4a:f3:c7:34: + 9c:a2:a7:aa:62:9f:1d:ef:a8:6c:be:07:ad:ef:ae:ee:93:0b: + ba:c3:59:4e:90:40:2d:00:5e:f0:0f:0a:de:18:2a:b3:97:31: + 63:84:ff:18:1c:b6:d8:7d:ee:33:ed:99:f0:f5:7f:88:58:b3: + 0d:90:db:eb:44:7e:06:37:61:d4:34:b9:f6:fd:3e:8d:07:e4: + b5:b0:ae:09:ce:98:e4:b0:1b:d5:7b:53:94:dd:8a:b2:20:d6: + b0:72:f8:b1:bc:76:df:16:86:39:7b:e4:a9:15:47:57:ae:ca: + 41:d6:3a:ba:15:d1:c0:b5:38:66:0b:0f:80:8b:a2:07:b4:fc: + 80:1f:a3:4c:1f:d2:65:97:c1:2c:ae:46:31:61:49:0d:d7:5f: + ac:d2:a6:05 -----BEGIN CERTIFICATE----- MIIE5jCCA86gAwIBAgIBYzANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM -IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx -MjMwMTkxMjQ2WhcNMTgwOTI1MTkxMjQ2WjCBlzELMAkGA1UEBhMCVVMxEzARBgNV +IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTgw +NDEzMTUyMzEwWhcNMjEwMTA3MTUyMzEwWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NMIHJvb3Qg Q0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3 @@ -176,11 +176,11 @@ A1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUx EDAOBgNVBAoMB3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQD DA93b2xmU1NMIHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j b22CAWMwCwYDVR0PBAQDAgEGMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYW -aHR0cDovLzEyNy4wLjAuMToyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAmaN9che3 -wM2Yu1X68uqfF4FujgIlxk1CzTJkE/S/QgymTjlFUpJA7RZ4F6JFXtkZrB3UVmjI -Vd5lrrpysMBXUl5bCNndcsoYbhZhMpqLwH0+Wie8LYGqNtREJlIH8kE70Q8uZC6n -+A/DDtOdc7kkEujKKNtPSMJDu7eoFL6NOi/TOhrrXxVh4+gDZYjVA34lejWNRRc/ -DRD9jicxZe7enVxof2iVvIVa+ioQN4LKEYSbkB4j1iumxa+J7zE3VgqRng9bPmzB -fSnNuzg/Dsv7BQTmT1xqxbakDwtqJb/p7YIZu2uaLn1AWAtFDv/Cczmcwu/0fNCe -rskF4eNev91lbQ== +aHR0cDovLzEyNy4wLjAuMToyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAaxCx+Mt3 +73L1+PxwbRjcNP7Xldj9hY7KS/O+H+sUCNwjNHiYOdefw1L2FD3p3lzC2LFLqExb +kUJm2n886QMgXggPdnm5IRCJt3NGRH5uKAwA5PQ+Zar1xidXLLsdruWUV6NznmtE +ADVK88c0nKKnqmKfHe+obL4Hre+u7pMLusNZTpBALQBe8A8K3hgqs5cxY4T/GBy2 +2H3uM+2Z8PV/iFizDZDb60R+Bjdh1DS59v0+jQfktbCuCc6Y5LAb1XtTlN2KsiDW +sHL4sbx23xaGOXvkqRVHV67KQdY6uhXRwLU4ZgsPgIuiB7T8gB+jTB/SZZfBLK5G +MWFJDddfrNKmBQ== -----END CERTIFICATE----- diff --git a/certs/ocsp/ocsp-responder-cert.pem b/certs/ocsp/ocsp-responder-cert.pem index 9e76a90f8..447bc0f77 100644 --- a/certs/ocsp/ocsp-responder-cert.pem +++ b/certs/ocsp/ocsp-responder-cert.pem @@ -5,8 +5,8 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com Validity - Not Before: Dec 30 19:12:46 2015 GMT - Not After : Sep 25 19:12:46 2018 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL OCSP Responder/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -44,27 +44,27 @@ Certificate: X509v3 Extended Key Usage: OCSP Signing Signature Algorithm: sha256WithRSAEncryption - 0a:4e:f7:89:58:26:5f:35:b7:ee:45:2f:2a:a6:ac:37:93:c8: - a8:97:74:6e:64:60:c0:6e:0e:1d:3c:f2:f5:b4:6e:c7:40:c2: - a5:3a:e1:f5:de:7e:73:df:f8:e6:a6:58:2b:bf:4b:8e:0c:fa: - 6f:08:b6:27:da:ad:21:d1:a5:c1:97:1e:fb:5b:06:c7:d5:dc: - 8d:1a:e3:cc:b2:c0:e6:54:f5:dc:b7:58:1a:eb:84:6e:14:c3: - 9a:57:f1:16:c6:ea:f0:e5:5f:e7:cb:f8:d0:86:73:c8:87:83: - d5:91:9d:6d:16:01:f7:8d:84:5e:f4:8d:17:f5:30:a8:94:36: - 4c:2e:33:03:ca:06:17:f0:51:5f:db:ea:65:3f:1f:bb:f6:50: - 26:ac:36:78:3a:8d:03:ab:7d:f9:32:d6:38:7e:6b:3c:93:49: - df:18:d2:5b:25:b6:70:f7:83:a8:b1:18:b8:85:53:c7:b6:be: - fe:30:b8:78:8a:e3:ec:6b:48:ce:41:f5:56:da:52:2a:9f:c9: - 40:62:d3:44:f7:2d:aa:94:94:fa:3e:0f:59:3a:2f:06:92:4f: - d5:3f:2c:3c:0e:79:b7:7c:9f:34:ca:9c:b5:ce:6b:b1:8e:40: - 3a:6f:76:3d:de:18:c9:a5:1a:bb:68:19:2b:7a:58:22:67:8b: - 8d:48:b1:f7 + 9b:56:c5:5f:b9:b2:00:30:ca:05:2a:e8:c6:96:ba:aa:23:40: + 40:89:6d:a2:7a:93:f2:c9:8a:6f:0e:5d:5f:6f:ce:5e:4b:38: + a9:d2:ab:97:78:e3:73:3d:3d:27:e9:00:ce:16:d9:c5:c5:06: + a8:eb:c6:e5:76:4c:f7:60:1a:69:ae:35:d6:f8:0f:da:9c:83: + c6:fb:74:a6:12:e5:c7:64:ae:e7:2c:b6:d3:62:1f:f3:20:11: + 2e:09:9b:14:f0:a3:17:d0:2c:be:4a:39:3a:55:58:2f:90:37: + 04:c5:54:27:9d:0e:51:97:da:21:df:05:ec:ca:79:a8:ca:02: + ca:cf:b7:05:ef:04:fa:f9:81:20:10:c1:7d:4a:a7:93:13:28: + 1e:98:a7:3e:4c:01:13:c3:6b:14:e1:87:37:5f:3a:d3:7d:b6: + d4:d9:0d:56:93:7f:1d:e9:c2:35:c7:11:7f:42:d0:d5:3d:5f: + f6:fc:23:24:e3:45:7f:4f:9e:18:df:7b:41:80:fa:bb:bd:16: + e1:eb:c5:78:52:88:cd:82:c7:92:3a:ce:cb:c6:07:05:ec:70: + 0e:e8:db:44:8f:3b:f3:41:de:b2:19:b0:f6:e0:5a:06:48:d9: + b9:e2:2b:0f:ec:ec:1f:fb:83:4d:80:d4:6e:34:ed:78:a1:be: + a2:cb:07:ab -----BEGIN CERTIFICATE----- MIIEvjCCA6agAwIBAgIBBDANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM -IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx -MjMwMTkxMjQ2WhcNMTgwOTI1MTkxMjQ2WjCBnjELMAkGA1UEBhMCVVMxEzARBgNV +IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTgw +NDEzMTUyMzEwWhcNMjEwMTA3MTUyMzEwWjCBnjELMAkGA1UEBhMCVVMxEzARBgNV BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMR8wHQYDVQQDDBZ3b2xmU1NMIE9DU1Ag UmVzcG9uZGVyMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIBIjAN @@ -80,12 +80,12 @@ CzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0 dGxlMRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEYMBYG A1UEAwwPd29sZlNTTCByb290IENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZz c2wuY29tggFjMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA0GCSqGSIb3DQEBCwUAA4IB -AQAKTveJWCZfNbfuRS8qpqw3k8iol3RuZGDAbg4dPPL1tG7HQMKlOuH13n5z3/jm -plgrv0uODPpvCLYn2q0h0aXBlx77WwbH1dyNGuPMssDmVPXct1ga64RuFMOaV/EW -xurw5V/ny/jQhnPIh4PVkZ1tFgH3jYRe9I0X9TColDZMLjMDygYX8FFf2+plPx+7 -9lAmrDZ4Oo0Dq335MtY4fms8k0nfGNJbJbZw94OosRi4hVPHtr7+MLh4iuPsa0jO -QfVW2lIqn8lAYtNE9y2qlJT6Pg9ZOi8Gkk/VPyw8Dnm3fJ80ypy1zmuxjkA6b3Y9 -3hjJpRq7aBkrelgiZ4uNSLH3 +AQCbVsVfubIAMMoFKujGlrqqI0BAiW2iepPyyYpvDl1fb85eSzip0quXeONzPT0n +6QDOFtnFxQao68bldkz3YBpprjXW+A/anIPG+3SmEuXHZK7nLLbTYh/zIBEuCZsU +8KMX0Cy+Sjk6VVgvkDcExVQnnQ5Rl9oh3wXsynmoygLKz7cF7wT6+YEgEMF9SqeT +EygemKc+TAETw2sU4Yc3XzrTfbbU2Q1Wk38d6cI1xxF/QtDVPV/2/CMk40V/T54Y +33tBgPq7vRbh68V4UojNgseSOs7LxgcF7HAO6NtEjzvzQd6yGbD24FoGSNm54isP +7Owf+4NNgNRuNO14ob6iywer -----END CERTIFICATE----- Certificate: Data: @@ -94,8 +94,8 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com Validity - Not Before: Dec 30 19:12:46 2015 GMT - Not After : Sep 25 19:12:46 2018 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -136,27 +136,27 @@ Certificate: OCSP - URI:http://127.0.0.1:22220 Signature Algorithm: sha256WithRSAEncryption - 99:a3:7d:72:17:b7:c0:cd:98:bb:55:fa:f2:ea:9f:17:81:6e: - 8e:02:25:c6:4d:42:cd:32:64:13:f4:bf:42:0c:a6:4e:39:45: - 52:92:40:ed:16:78:17:a2:45:5e:d9:19:ac:1d:d4:56:68:c8: - 55:de:65:ae:ba:72:b0:c0:57:52:5e:5b:08:d9:dd:72:ca:18: - 6e:16:61:32:9a:8b:c0:7d:3e:5a:27:bc:2d:81:aa:36:d4:44: - 26:52:07:f2:41:3b:d1:0f:2e:64:2e:a7:f8:0f:c3:0e:d3:9d: - 73:b9:24:12:e8:ca:28:db:4f:48:c2:43:bb:b7:a8:14:be:8d: - 3a:2f:d3:3a:1a:eb:5f:15:61:e3:e8:03:65:88:d5:03:7e:25: - 7a:35:8d:45:17:3f:0d:10:fd:8e:27:31:65:ee:de:9d:5c:68: - 7f:68:95:bc:85:5a:fa:2a:10:37:82:ca:11:84:9b:90:1e:23: - d6:2b:a6:c5:af:89:ef:31:37:56:0a:91:9e:0f:5b:3e:6c:c1: - 7d:29:cd:bb:38:3f:0e:cb:fb:05:04:e6:4f:5c:6a:c5:b6:a4: - 0f:0b:6a:25:bf:e9:ed:82:19:bb:6b:9a:2e:7d:40:58:0b:45: - 0e:ff:c2:73:39:9c:c2:ef:f4:7c:d0:9e:ae:c9:05:e1:e3:5e: - bf:dd:65:6d + 6b:10:b1:f8:cb:77:ef:72:f5:f8:fc:70:6d:18:dc:34:fe:d7: + 95:d8:fd:85:8e:ca:4b:f3:be:1f:eb:14:08:dc:23:34:78:98: + 39:d7:9f:c3:52:f6:14:3d:e9:de:5c:c2:d8:b1:4b:a8:4c:5b: + 91:42:66:da:7f:3c:e9:03:20:5e:08:0f:76:79:b9:21:10:89: + b7:73:46:44:7e:6e:28:0c:00:e4:f4:3e:65:aa:f5:c6:27:57: + 2c:bb:1d:ae:e5:94:57:a3:73:9e:6b:44:00:35:4a:f3:c7:34: + 9c:a2:a7:aa:62:9f:1d:ef:a8:6c:be:07:ad:ef:ae:ee:93:0b: + ba:c3:59:4e:90:40:2d:00:5e:f0:0f:0a:de:18:2a:b3:97:31: + 63:84:ff:18:1c:b6:d8:7d:ee:33:ed:99:f0:f5:7f:88:58:b3: + 0d:90:db:eb:44:7e:06:37:61:d4:34:b9:f6:fd:3e:8d:07:e4: + b5:b0:ae:09:ce:98:e4:b0:1b:d5:7b:53:94:dd:8a:b2:20:d6: + b0:72:f8:b1:bc:76:df:16:86:39:7b:e4:a9:15:47:57:ae:ca: + 41:d6:3a:ba:15:d1:c0:b5:38:66:0b:0f:80:8b:a2:07:b4:fc: + 80:1f:a3:4c:1f:d2:65:97:c1:2c:ae:46:31:61:49:0d:d7:5f: + ac:d2:a6:05 -----BEGIN CERTIFICATE----- MIIE5jCCA86gAwIBAgIBYzANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM -IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx -MjMwMTkxMjQ2WhcNMTgwOTI1MTkxMjQ2WjCBlzELMAkGA1UEBhMCVVMxEzARBgNV +IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTgw +NDEzMTUyMzEwWhcNMjEwMTA3MTUyMzEwWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NMIHJvb3Qg Q0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3 @@ -172,11 +172,11 @@ A1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUx EDAOBgNVBAoMB3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQD DA93b2xmU1NMIHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j b22CAWMwCwYDVR0PBAQDAgEGMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYW -aHR0cDovLzEyNy4wLjAuMToyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAmaN9che3 -wM2Yu1X68uqfF4FujgIlxk1CzTJkE/S/QgymTjlFUpJA7RZ4F6JFXtkZrB3UVmjI -Vd5lrrpysMBXUl5bCNndcsoYbhZhMpqLwH0+Wie8LYGqNtREJlIH8kE70Q8uZC6n -+A/DDtOdc7kkEujKKNtPSMJDu7eoFL6NOi/TOhrrXxVh4+gDZYjVA34lejWNRRc/ -DRD9jicxZe7enVxof2iVvIVa+ioQN4LKEYSbkB4j1iumxa+J7zE3VgqRng9bPmzB -fSnNuzg/Dsv7BQTmT1xqxbakDwtqJb/p7YIZu2uaLn1AWAtFDv/Cczmcwu/0fNCe -rskF4eNev91lbQ== +aHR0cDovLzEyNy4wLjAuMToyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAaxCx+Mt3 +73L1+PxwbRjcNP7Xldj9hY7KS/O+H+sUCNwjNHiYOdefw1L2FD3p3lzC2LFLqExb +kUJm2n886QMgXggPdnm5IRCJt3NGRH5uKAwA5PQ+Zar1xidXLLsdruWUV6NznmtE +ADVK88c0nKKnqmKfHe+obL4Hre+u7pMLusNZTpBALQBe8A8K3hgqs5cxY4T/GBy2 +2H3uM+2Z8PV/iFizDZDb60R+Bjdh1DS59v0+jQfktbCuCc6Y5LAb1XtTlN2KsiDW +sHL4sbx23xaGOXvkqRVHV67KQdY6uhXRwLU4ZgsPgIuiB7T8gB+jTB/SZZfBLK5G +MWFJDddfrNKmBQ== -----END CERTIFICATE----- diff --git a/certs/ocsp/root-ca-cert.pem b/certs/ocsp/root-ca-cert.pem index b62a03c7a..a6fb14512 100644 --- a/certs/ocsp/root-ca-cert.pem +++ b/certs/ocsp/root-ca-cert.pem @@ -5,8 +5,8 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com Validity - Not Before: Dec 30 19:12:46 2015 GMT - Not After : Sep 25 19:12:46 2018 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -47,27 +47,27 @@ Certificate: OCSP - URI:http://127.0.0.1:22220 Signature Algorithm: sha256WithRSAEncryption - 99:a3:7d:72:17:b7:c0:cd:98:bb:55:fa:f2:ea:9f:17:81:6e: - 8e:02:25:c6:4d:42:cd:32:64:13:f4:bf:42:0c:a6:4e:39:45: - 52:92:40:ed:16:78:17:a2:45:5e:d9:19:ac:1d:d4:56:68:c8: - 55:de:65:ae:ba:72:b0:c0:57:52:5e:5b:08:d9:dd:72:ca:18: - 6e:16:61:32:9a:8b:c0:7d:3e:5a:27:bc:2d:81:aa:36:d4:44: - 26:52:07:f2:41:3b:d1:0f:2e:64:2e:a7:f8:0f:c3:0e:d3:9d: - 73:b9:24:12:e8:ca:28:db:4f:48:c2:43:bb:b7:a8:14:be:8d: - 3a:2f:d3:3a:1a:eb:5f:15:61:e3:e8:03:65:88:d5:03:7e:25: - 7a:35:8d:45:17:3f:0d:10:fd:8e:27:31:65:ee:de:9d:5c:68: - 7f:68:95:bc:85:5a:fa:2a:10:37:82:ca:11:84:9b:90:1e:23: - d6:2b:a6:c5:af:89:ef:31:37:56:0a:91:9e:0f:5b:3e:6c:c1: - 7d:29:cd:bb:38:3f:0e:cb:fb:05:04:e6:4f:5c:6a:c5:b6:a4: - 0f:0b:6a:25:bf:e9:ed:82:19:bb:6b:9a:2e:7d:40:58:0b:45: - 0e:ff:c2:73:39:9c:c2:ef:f4:7c:d0:9e:ae:c9:05:e1:e3:5e: - bf:dd:65:6d + 6b:10:b1:f8:cb:77:ef:72:f5:f8:fc:70:6d:18:dc:34:fe:d7: + 95:d8:fd:85:8e:ca:4b:f3:be:1f:eb:14:08:dc:23:34:78:98: + 39:d7:9f:c3:52:f6:14:3d:e9:de:5c:c2:d8:b1:4b:a8:4c:5b: + 91:42:66:da:7f:3c:e9:03:20:5e:08:0f:76:79:b9:21:10:89: + b7:73:46:44:7e:6e:28:0c:00:e4:f4:3e:65:aa:f5:c6:27:57: + 2c:bb:1d:ae:e5:94:57:a3:73:9e:6b:44:00:35:4a:f3:c7:34: + 9c:a2:a7:aa:62:9f:1d:ef:a8:6c:be:07:ad:ef:ae:ee:93:0b: + ba:c3:59:4e:90:40:2d:00:5e:f0:0f:0a:de:18:2a:b3:97:31: + 63:84:ff:18:1c:b6:d8:7d:ee:33:ed:99:f0:f5:7f:88:58:b3: + 0d:90:db:eb:44:7e:06:37:61:d4:34:b9:f6:fd:3e:8d:07:e4: + b5:b0:ae:09:ce:98:e4:b0:1b:d5:7b:53:94:dd:8a:b2:20:d6: + b0:72:f8:b1:bc:76:df:16:86:39:7b:e4:a9:15:47:57:ae:ca: + 41:d6:3a:ba:15:d1:c0:b5:38:66:0b:0f:80:8b:a2:07:b4:fc: + 80:1f:a3:4c:1f:d2:65:97:c1:2c:ae:46:31:61:49:0d:d7:5f: + ac:d2:a6:05 -----BEGIN CERTIFICATE----- MIIE5jCCA86gAwIBAgIBYzANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM -IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx -MjMwMTkxMjQ2WhcNMTgwOTI1MTkxMjQ2WjCBlzELMAkGA1UEBhMCVVMxEzARBgNV +IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTgw +NDEzMTUyMzEwWhcNMjEwMTA3MTUyMzEwWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NMIHJvb3Qg Q0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3 @@ -83,11 +83,11 @@ A1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUx EDAOBgNVBAoMB3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQD DA93b2xmU1NMIHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j b22CAWMwCwYDVR0PBAQDAgEGMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYW -aHR0cDovLzEyNy4wLjAuMToyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAmaN9che3 -wM2Yu1X68uqfF4FujgIlxk1CzTJkE/S/QgymTjlFUpJA7RZ4F6JFXtkZrB3UVmjI -Vd5lrrpysMBXUl5bCNndcsoYbhZhMpqLwH0+Wie8LYGqNtREJlIH8kE70Q8uZC6n -+A/DDtOdc7kkEujKKNtPSMJDu7eoFL6NOi/TOhrrXxVh4+gDZYjVA34lejWNRRc/ -DRD9jicxZe7enVxof2iVvIVa+ioQN4LKEYSbkB4j1iumxa+J7zE3VgqRng9bPmzB -fSnNuzg/Dsv7BQTmT1xqxbakDwtqJb/p7YIZu2uaLn1AWAtFDv/Cczmcwu/0fNCe -rskF4eNev91lbQ== +aHR0cDovLzEyNy4wLjAuMToyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAaxCx+Mt3 +73L1+PxwbRjcNP7Xldj9hY7KS/O+H+sUCNwjNHiYOdefw1L2FD3p3lzC2LFLqExb +kUJm2n886QMgXggPdnm5IRCJt3NGRH5uKAwA5PQ+Zar1xidXLLsdruWUV6NznmtE +ADVK88c0nKKnqmKfHe+obL4Hre+u7pMLusNZTpBALQBe8A8K3hgqs5cxY4T/GBy2 +2H3uM+2Z8PV/iFizDZDb60R+Bjdh1DS59v0+jQfktbCuCc6Y5LAb1XtTlN2KsiDW +sHL4sbx23xaGOXvkqRVHV67KQdY6uhXRwLU4ZgsPgIuiB7T8gB+jTB/SZZfBLK5G +MWFJDddfrNKmBQ== -----END CERTIFICATE----- diff --git a/certs/ocsp/server1-cert.pem b/certs/ocsp/server1-cert.pem index 1226f27aa..f41c534f5 100644 --- a/certs/ocsp/server1-cert.pem +++ b/certs/ocsp/server1-cert.pem @@ -5,8 +5,8 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL intermediate CA 1/emailAddress=info@wolfssl.com Validity - Not Before: Dec 30 19:12:46 2015 GMT - Not After : Sep 25 19:12:46 2018 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=www1.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -47,27 +47,27 @@ Certificate: OCSP - URI:http://127.0.0.1:22221 Signature Algorithm: sha256WithRSAEncryption - 05:65:8d:f5:fa:47:b1:4d:b9:9b:86:b0:18:9d:c8:94:64:7d: - 16:5e:69:69:bb:62:06:9d:8c:be:4f:83:22:f1:0a:7d:ae:f5: - ca:68:78:63:b2:bc:43:12:4f:d3:eb:ce:30:82:d6:be:81:c0: - 68:f4:3b:97:5f:3a:2c:88:62:36:0b:83:1d:ba:56:b1:06:65: - cd:4d:ac:1d:92:3f:73:77:10:5b:17:44:1f:66:cf:a8:f2:1f: - 18:29:c0:5f:20:b6:cb:15:d4:35:b1:b0:a6:41:a8:6e:f0:29: - 83:28:3b:4a:68:e5:b7:42:2f:b4:8a:96:ed:65:84:de:0b:72: - 6f:2b:91:10:56:7f:cd:89:5e:22:30:cc:5a:df:39:88:a9:ea: - af:1d:ba:9a:8a:3d:61:a6:c7:45:2d:ce:9f:76:f9:b2:45:9d: - 19:68:5d:e7:d6:3e:32:0e:65:83:79:63:81:0e:b5:44:51:47: - 9c:a7:6a:c1:5a:04:36:f3:b9:be:4d:76:80:55:2a:76:cd:61: - 15:c1:1a:5f:1f:62:b5:0f:ad:7f:48:66:81:eb:7a:04:b4:0a: - 92:a4:40:ff:bf:59:34:86:5c:1b:79:10:b4:d4:09:fa:45:3d: - 4f:bf:4c:30:b3:18:f2:b9:e9:8d:7c:5f:c0:67:ea:94:fb:ac: - 2e:90:ef:0d + 13:fc:55:34:0b:04:b3:16:06:81:b7:11:e8:ec:b4:37:3e:52: + 21:50:8a:48:3f:9b:3d:80:04:8e:d1:8e:b2:0f:84:f8:0a:8c: + 79:6e:65:e3:33:5f:29:9c:39:2b:3c:20:80:96:94:ee:87:2e: + 4a:05:7e:a7:30:8f:d8:ea:56:6d:ce:4b:e5:23:34:80:b1:cb: + 37:11:39:ad:60:3d:ce:87:d1:af:96:3c:53:03:5e:50:c9:70: + ab:d1:38:ba:ea:53:d8:17:03:59:42:f3:cf:8f:68:98:31:4b: + 6b:8f:e6:67:b6:42:d1:9d:24:b5:ab:d3:40:81:bd:6d:d4:d7: + 8a:0d:49:11:eb:b6:be:27:d2:bb:f2:6d:3c:7e:e4:f4:d4:f1: + 03:88:57:8b:25:ce:3e:6e:62:2c:01:9d:1f:c1:11:15:ab:37: + 5a:56:1f:75:aa:5a:70:ac:57:d1:8a:38:c1:e5:a1:b0:1f:33: + e3:84:7d:6b:f9:1a:f2:0a:9c:fa:ed:10:41:ad:56:57:9d:76: + d0:d8:3d:ac:fd:f5:13:3d:01:8e:a3:2c:8f:bd:ab:4d:a9:39: + 52:c9:76:a2:80:49:18:20:8b:4b:85:86:11:1e:19:d1:26:6c: + 92:72:2c:28:eb:38:67:ce:a0:d3:4f:7c:f7:a8:fe:1a:3f:17: + 83:2b:b6:9a -----BEGIN CERTIFICATE----- MIIE7jCCA9agAwIBAgIBBTANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSIwIAYDVQQDDBl3b2xmU1NM IGludGVybWVkaWF0ZSBDQSAxMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu -Y29tMB4XDTE1MTIzMDE5MTI0NloXDTE4MDkyNTE5MTI0NlowgZgxCzAJBgNVBAYT +Y29tMB4XDTE4MDQxMzE1MjMxMFoXDTIxMDEwNzE1MjMxMFowgZgxCzAJBgNVBAYT AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYD VQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEZMBcGA1UEAwwQd3d3 MS53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCC @@ -84,12 +84,12 @@ U2VhdHRsZTEQMA4GA1UECgwHd29sZlNTTDEUMBIGA1UECwwLRW5naW5lZXJpbmcx GDAWBgNVBAMMD3dvbGZTU0wgcm9vdCBDQTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3 b2xmc3NsLmNvbYIBATALBgNVHQ8EBAMCBeAwMgYIKwYBBQUHAQEEJjAkMCIGCCsG AQUFBzABhhZodHRwOi8vMTI3LjAuMC4xOjIyMjIxMA0GCSqGSIb3DQEBCwUAA4IB -AQAFZY31+kexTbmbhrAYnciUZH0WXmlpu2IGnYy+T4Mi8Qp9rvXKaHhjsrxDEk/T -684wgta+gcBo9DuXXzosiGI2C4MdulaxBmXNTawdkj9zdxBbF0QfZs+o8h8YKcBf -ILbLFdQ1sbCmQahu8CmDKDtKaOW3Qi+0ipbtZYTeC3JvK5EQVn/NiV4iMMxa3zmI -qeqvHbqaij1hpsdFLc6fdvmyRZ0ZaF3n1j4yDmWDeWOBDrVEUUecp2rBWgQ287m+ -TXaAVSp2zWEVwRpfH2K1D61/SGaB63oEtAqSpED/v1k0hlwbeRC01An6RT1Pv0ww -sxjyuemNfF/AZ+qU+6wukO8N +AQAT/FU0CwSzFgaBtxHo7LQ3PlIhUIpIP5s9gASO0Y6yD4T4Cox5bmXjM18pnDkr +PCCAlpTuhy5KBX6nMI/Y6lZtzkvlIzSAscs3ETmtYD3Oh9GvljxTA15QyXCr0Ti6 +6lPYFwNZQvPPj2iYMUtrj+ZntkLRnSS1q9NAgb1t1NeKDUkR67a+J9K78m08fuT0 +1PEDiFeLJc4+bmIsAZ0fwREVqzdaVh91qlpwrFfRijjB5aGwHzPjhH1r+RryCpz6 +7RBBrVZXnXbQ2D2s/fUTPQGOoyyPvatNqTlSyXaigEkYIItLhYYRHhnRJmySciwo +6zhnzqDTT3z3qP4aPxeDK7aa -----END CERTIFICATE----- Certificate: Data: @@ -98,8 +98,8 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com Validity - Not Before: Dec 30 19:12:46 2015 GMT - Not After : Sep 25 19:12:46 2018 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL intermediate CA 1/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -140,27 +140,27 @@ Certificate: OCSP - URI:http://127.0.0.1:22220 Signature Algorithm: sha256WithRSAEncryption - 0f:a2:19:93:09:2f:c8:c5:91:62:2b:1e:9c:69:93:ea:5f:f1: - 5e:b8:15:8e:0f:c9:82:08:3a:6b:60:3f:ad:1b:fa:47:94:a7: - 31:33:34:6c:cf:09:63:fd:8c:de:62:c4:2e:5f:71:19:2e:a8: - 96:63:37:16:e7:bf:37:67:2d:46:36:72:d0:e4:03:a7:89:a1: - e4:4c:2f:76:31:79:0d:84:ae:c8:61:cf:98:03:2f:12:fc:17: - 60:60:88:b0:96:a0:a8:59:f5:96:1d:3d:1e:e0:c0:26:fd:1b: - 3e:42:73:ad:1d:39:0f:ff:d9:f0:71:52:e3:9a:9b:7a:b4:a2: - af:50:e7:33:7f:66:40:65:bd:31:0c:c9:21:b0:d1:3f:df:b6: - 77:e5:05:ca:24:b9:72:c9:82:c6:9f:be:12:f6:5d:39:34:b7: - 20:df:e1:24:c3:b2:fe:98:b6:d3:6c:3e:43:62:6b:e2:6d:56: - 65:99:3e:aa:2e:a8:cb:82:2d:9b:11:da:8a:b6:63:20:12:c7: - a0:5b:5d:5b:09:29:47:50:ad:4e:1f:68:29:d2:d9:0e:5f:5c: - 83:e8:e6:fd:c7:e5:f9:14:0d:14:8e:6e:34:dd:4f:ec:01:75: - 54:2d:24:c8:c6:98:c3:7f:d8:1d:4f:c5:ae:e0:b2:8e:f5:a8: - bb:4b:1f:aa + 18:a3:09:fe:c3:53:c7:ce:11:f0:36:86:43:9c:46:9b:43:42: + a0:20:6e:b6:32:29:34:22:fa:27:a1:00:0c:e5:51:c3:35:7b: + 2f:ce:2c:48:7f:47:cf:1b:45:f9:30:b2:d0:17:15:a0:c3:a8: + 3a:e4:5f:a4:96:e4:25:ea:4e:80:90:2e:8d:f5:19:98:ae:2a: + 6d:39:f0:06:8f:e6:0b:c4:2b:dd:07:4a:ad:3d:34:11:79:3d: + 15:db:65:c6:33:60:6b:2f:2d:47:26:bb:91:53:28:35:5c:fd: + 57:3b:27:1b:a1:85:03:24:74:84:f4:f2:b2:e3:53:41:83:9c: + 6b:5a:0c:0f:3b:c4:5f:a7:4b:8b:04:f2:0d:f5:81:aa:16:33: + d2:f4:f5:8d:83:c1:10:2d:57:55:f8:d3:16:62:27:50:b2:57: + 20:1d:a3:07:0c:b8:8d:c5:5a:2f:d9:d3:c4:6a:c3:1e:51:10: + de:7e:60:cf:d0:78:2c:00:d4:da:df:de:de:ee:ed:1d:25:da: + 6c:9f:57:69:2a:f1:a2:6c:8a:fe:72:c0:57:9f:f8:6e:b7:47: + f1:4f:f6:4b:9c:a2:2a:d2:10:9c:4e:bc:b4:8a:a2:8e:51:5a: + c1:e7:9c:f1:7c:9c:f9:7d:d7:9c:8f:ed:e9:57:91:0a:6c:4b: + b4:ac:6f:30 -----BEGIN CERTIFICATE----- MIIE8DCCA9igAwIBAgIBATANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM -IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx -MjMwMTkxMjQ2WhcNMTgwOTI1MTkxMjQ2WjCBoTELMAkGA1UEBhMCVVMxEzARBgNV +IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTgw +NDEzMTUyMzEwWhcNMjEwMTA3MTUyMzEwWjCBoTELMAkGA1UEBhMCVVMxEzARBgNV BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSIwIAYDVQQDDBl3b2xmU1NMIGludGVy bWVkaWF0ZSBDQSAxMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIB @@ -177,12 +177,12 @@ DAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdpbmVlcmlu ZzEYMBYGA1UEAwwPd29sZlNTTCByb290IENBMR8wHQYJKoZIhvcNAQkBFhBpbmZv QHdvbGZzc2wuY29tggFjMAsGA1UdDwQEAwIBBjAyBggrBgEFBQcBAQQmMCQwIgYI KwYBBQUHMAGGFmh0dHA6Ly8xMjcuMC4wLjE6MjIyMjAwDQYJKoZIhvcNAQELBQAD -ggEBAA+iGZMJL8jFkWIrHpxpk+pf8V64FY4PyYIIOmtgP60b+keUpzEzNGzPCWP9 -jN5ixC5fcRkuqJZjNxbnvzdnLUY2ctDkA6eJoeRML3YxeQ2Ershhz5gDLxL8F2Bg -iLCWoKhZ9ZYdPR7gwCb9Gz5Cc60dOQ//2fBxUuOam3q0oq9Q5zN/ZkBlvTEMySGw -0T/ftnflBcokuXLJgsafvhL2XTk0tyDf4STDsv6YttNsPkNia+JtVmWZPqouqMuC -LZsR2oq2YyASx6BbXVsJKUdQrU4faCnS2Q5fXIPo5v3H5fkUDRSObjTdT+wBdVQt -JMjGmMN/2B1Pxa7gso71qLtLH6o= +ggEBABijCf7DU8fOEfA2hkOcRptDQqAgbrYyKTQi+iehAAzlUcM1ey/OLEh/R88b +RfkwstAXFaDDqDrkX6SW5CXqToCQLo31GZiuKm058AaP5gvEK90HSq09NBF5PRXb +ZcYzYGsvLUcmu5FTKDVc/Vc7JxuhhQMkdIT08rLjU0GDnGtaDA87xF+nS4sE8g31 +gaoWM9L09Y2DwRAtV1X40xZiJ1CyVyAdowcMuI3FWi/Z08Rqwx5REN5+YM/QeCwA +1Nrf3t7u7R0l2myfV2kq8aJsiv5ywFef+G63R/FP9kucoirSEJxOvLSKoo5RWsHn +nPF8nPl915yP7elXkQpsS7SsbzA= -----END CERTIFICATE----- Certificate: Data: @@ -191,8 +191,8 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com Validity - Not Before: Dec 30 19:12:46 2015 GMT - Not After : Sep 25 19:12:46 2018 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -233,27 +233,27 @@ Certificate: OCSP - URI:http://127.0.0.1:22220 Signature Algorithm: sha256WithRSAEncryption - 99:a3:7d:72:17:b7:c0:cd:98:bb:55:fa:f2:ea:9f:17:81:6e: - 8e:02:25:c6:4d:42:cd:32:64:13:f4:bf:42:0c:a6:4e:39:45: - 52:92:40:ed:16:78:17:a2:45:5e:d9:19:ac:1d:d4:56:68:c8: - 55:de:65:ae:ba:72:b0:c0:57:52:5e:5b:08:d9:dd:72:ca:18: - 6e:16:61:32:9a:8b:c0:7d:3e:5a:27:bc:2d:81:aa:36:d4:44: - 26:52:07:f2:41:3b:d1:0f:2e:64:2e:a7:f8:0f:c3:0e:d3:9d: - 73:b9:24:12:e8:ca:28:db:4f:48:c2:43:bb:b7:a8:14:be:8d: - 3a:2f:d3:3a:1a:eb:5f:15:61:e3:e8:03:65:88:d5:03:7e:25: - 7a:35:8d:45:17:3f:0d:10:fd:8e:27:31:65:ee:de:9d:5c:68: - 7f:68:95:bc:85:5a:fa:2a:10:37:82:ca:11:84:9b:90:1e:23: - d6:2b:a6:c5:af:89:ef:31:37:56:0a:91:9e:0f:5b:3e:6c:c1: - 7d:29:cd:bb:38:3f:0e:cb:fb:05:04:e6:4f:5c:6a:c5:b6:a4: - 0f:0b:6a:25:bf:e9:ed:82:19:bb:6b:9a:2e:7d:40:58:0b:45: - 0e:ff:c2:73:39:9c:c2:ef:f4:7c:d0:9e:ae:c9:05:e1:e3:5e: - bf:dd:65:6d + 6b:10:b1:f8:cb:77:ef:72:f5:f8:fc:70:6d:18:dc:34:fe:d7: + 95:d8:fd:85:8e:ca:4b:f3:be:1f:eb:14:08:dc:23:34:78:98: + 39:d7:9f:c3:52:f6:14:3d:e9:de:5c:c2:d8:b1:4b:a8:4c:5b: + 91:42:66:da:7f:3c:e9:03:20:5e:08:0f:76:79:b9:21:10:89: + b7:73:46:44:7e:6e:28:0c:00:e4:f4:3e:65:aa:f5:c6:27:57: + 2c:bb:1d:ae:e5:94:57:a3:73:9e:6b:44:00:35:4a:f3:c7:34: + 9c:a2:a7:aa:62:9f:1d:ef:a8:6c:be:07:ad:ef:ae:ee:93:0b: + ba:c3:59:4e:90:40:2d:00:5e:f0:0f:0a:de:18:2a:b3:97:31: + 63:84:ff:18:1c:b6:d8:7d:ee:33:ed:99:f0:f5:7f:88:58:b3: + 0d:90:db:eb:44:7e:06:37:61:d4:34:b9:f6:fd:3e:8d:07:e4: + b5:b0:ae:09:ce:98:e4:b0:1b:d5:7b:53:94:dd:8a:b2:20:d6: + b0:72:f8:b1:bc:76:df:16:86:39:7b:e4:a9:15:47:57:ae:ca: + 41:d6:3a:ba:15:d1:c0:b5:38:66:0b:0f:80:8b:a2:07:b4:fc: + 80:1f:a3:4c:1f:d2:65:97:c1:2c:ae:46:31:61:49:0d:d7:5f: + ac:d2:a6:05 -----BEGIN CERTIFICATE----- MIIE5jCCA86gAwIBAgIBYzANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM -IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx -MjMwMTkxMjQ2WhcNMTgwOTI1MTkxMjQ2WjCBlzELMAkGA1UEBhMCVVMxEzARBgNV +IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTgw +NDEzMTUyMzEwWhcNMjEwMTA3MTUyMzEwWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NMIHJvb3Qg Q0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3 @@ -269,11 +269,11 @@ A1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUx EDAOBgNVBAoMB3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQD DA93b2xmU1NMIHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j b22CAWMwCwYDVR0PBAQDAgEGMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYW -aHR0cDovLzEyNy4wLjAuMToyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAmaN9che3 -wM2Yu1X68uqfF4FujgIlxk1CzTJkE/S/QgymTjlFUpJA7RZ4F6JFXtkZrB3UVmjI -Vd5lrrpysMBXUl5bCNndcsoYbhZhMpqLwH0+Wie8LYGqNtREJlIH8kE70Q8uZC6n -+A/DDtOdc7kkEujKKNtPSMJDu7eoFL6NOi/TOhrrXxVh4+gDZYjVA34lejWNRRc/ -DRD9jicxZe7enVxof2iVvIVa+ioQN4LKEYSbkB4j1iumxa+J7zE3VgqRng9bPmzB -fSnNuzg/Dsv7BQTmT1xqxbakDwtqJb/p7YIZu2uaLn1AWAtFDv/Cczmcwu/0fNCe -rskF4eNev91lbQ== +aHR0cDovLzEyNy4wLjAuMToyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAaxCx+Mt3 +73L1+PxwbRjcNP7Xldj9hY7KS/O+H+sUCNwjNHiYOdefw1L2FD3p3lzC2LFLqExb +kUJm2n886QMgXggPdnm5IRCJt3NGRH5uKAwA5PQ+Zar1xidXLLsdruWUV6NznmtE +ADVK88c0nKKnqmKfHe+obL4Hre+u7pMLusNZTpBALQBe8A8K3hgqs5cxY4T/GBy2 +2H3uM+2Z8PV/iFizDZDb60R+Bjdh1DS59v0+jQfktbCuCc6Y5LAb1XtTlN2KsiDW +sHL4sbx23xaGOXvkqRVHV67KQdY6uhXRwLU4ZgsPgIuiB7T8gB+jTB/SZZfBLK5G +MWFJDddfrNKmBQ== -----END CERTIFICATE----- diff --git a/certs/ocsp/server2-cert.pem b/certs/ocsp/server2-cert.pem index 51c56fd40..455d18de5 100644 --- a/certs/ocsp/server2-cert.pem +++ b/certs/ocsp/server2-cert.pem @@ -5,8 +5,8 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL intermediate CA 1/emailAddress=info@wolfssl.com Validity - Not Before: Dec 30 19:12:46 2015 GMT - Not After : Sep 25 19:12:46 2018 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=www2.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -47,27 +47,27 @@ Certificate: OCSP - URI:http://127.0.0.1:22221 Signature Algorithm: sha256WithRSAEncryption - dd:b6:17:51:62:83:8d:32:7f:2f:21:2f:0a:ea:6b:3f:f0:c9: - 59:9d:1e:4b:82:7d:aa:1d:6d:a8:f5:c0:20:78:a8:fd:a3:ca: - cb:1f:2b:99:28:97:d2:ce:71:48:95:82:ee:e4:a4:d9:32:75: - 7f:1d:b2:97:8d:5c:3c:96:9a:b9:4c:05:fe:d1:af:81:4a:25: - c5:66:a1:f3:c7:0e:f3:76:db:3d:a2:87:7e:5c:c4:0a:d3:d3: - 97:a1:7c:46:fc:94:2c:dc:0a:7e:a1:b2:f2:7f:c7:cb:d9:7a: - c2:fa:8d:5b:4a:75:c0:e4:dc:57:4b:84:2a:5a:84:35:13:7b: - 15:49:a0:e8:9e:d8:1d:90:a4:99:4e:a4:dd:fc:ba:d3:f5:12: - aa:36:f2:87:04:b4:09:04:6f:94:a1:18:3e:46:ce:ae:55:f4: - 0f:d8:26:ee:11:cf:d4:8e:e5:33:da:17:e2:ad:43:05:50:e2: - 38:c7:d2:15:18:23:f0:fa:cd:cc:b3:e9:ea:00:5a:af:29:90: - 6a:69:8c:ba:c8:f7:84:84:57:0d:80:b1:10:2c:bd:9d:33:42: - 6d:f1:58:d5:b4:6a:79:e4:26:8f:41:ef:a2:b5:84:6b:c2:6d: - be:5e:76:8f:29:25:13:e8:ba:dd:aa:64:3e:74:bc:90:2d:aa: - bb:1a:cd:c9 + 1d:d0:b5:1d:a1:ae:ef:5e:36:00:36:b3:ae:22:13:32:37:22: + 00:24:b6:b9:c2:b3:a2:55:e5:de:e1:82:83:e9:78:5c:a1:50: + 62:c3:ca:92:2f:21:aa:85:d9:26:56:b1:b0:a1:3c:1f:41:ca: + e6:1a:a3:b0:c1:b1:4c:d2:c0:ab:55:dc:fa:e9:d6:46:63:83: + 2f:8e:c5:ec:28:0e:a9:e5:1b:d9:de:2b:8a:5d:58:56:3a:f8: + 88:bd:99:c4:3a:33:6a:83:4a:26:aa:e3:74:40:a4:82:5a:b2: + 26:23:3b:6d:aa:09:bc:c0:78:2c:c4:75:74:f1:19:e9:ad:39: + 74:53:11:6d:ad:33:b2:f8:45:51:06:f5:5b:19:fd:a7:26:d1: + 11:77:09:f4:c5:07:97:a1:fe:36:3a:6a:fb:64:f1:ed:9b:c4: + 4c:64:cd:6a:bf:17:b8:5b:3f:b7:36:20:4a:cc:34:3e:ec:f5: + a2:68:ae:8d:87:e5:4e:e3:c0:d8:70:67:6a:3c:41:04:0a:36: + 07:40:52:6c:97:15:52:d3:13:a0:fb:c5:b7:f1:c9:40:03:40: + e6:1e:fb:b0:11:77:80:fa:ec:17:24:88:ca:e6:17:1b:b4:f3: + b2:38:bc:bf:c2:98:ec:69:14:c9:2e:75:99:6c:16:78:cc:c5: + 36:d9:0f:f0 -----BEGIN CERTIFICATE----- MIIE7jCCA9agAwIBAgIBBjANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSIwIAYDVQQDDBl3b2xmU1NM IGludGVybWVkaWF0ZSBDQSAxMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu -Y29tMB4XDTE1MTIzMDE5MTI0NloXDTE4MDkyNTE5MTI0NlowgZgxCzAJBgNVBAYT +Y29tMB4XDTE4MDQxMzE1MjMxMFoXDTIxMDEwNzE1MjMxMFowgZgxCzAJBgNVBAYT AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYD VQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEZMBcGA1UEAwwQd3d3 Mi53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCC @@ -84,12 +84,12 @@ U2VhdHRsZTEQMA4GA1UECgwHd29sZlNTTDEUMBIGA1UECwwLRW5naW5lZXJpbmcx GDAWBgNVBAMMD3dvbGZTU0wgcm9vdCBDQTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3 b2xmc3NsLmNvbYIBATALBgNVHQ8EBAMCBeAwMgYIKwYBBQUHAQEEJjAkMCIGCCsG AQUFBzABhhZodHRwOi8vMTI3LjAuMC4xOjIyMjIxMA0GCSqGSIb3DQEBCwUAA4IB -AQDdthdRYoONMn8vIS8K6ms/8MlZnR5Lgn2qHW2o9cAgeKj9o8rLHyuZKJfSznFI -lYLu5KTZMnV/HbKXjVw8lpq5TAX+0a+BSiXFZqHzxw7zdts9ood+XMQK09OXoXxG -/JQs3Ap+obLyf8fL2XrC+o1bSnXA5NxXS4QqWoQ1E3sVSaDontgdkKSZTqTd/LrT -9RKqNvKHBLQJBG+UoRg+Rs6uVfQP2CbuEc/UjuUz2hfirUMFUOI4x9IVGCPw+s3M -s+nqAFqvKZBqaYy6yPeEhFcNgLEQLL2dM0Jt8VjVtGp55CaPQe+itYRrwm2+XnaP -KSUT6LrdqmQ+dLyQLaq7Gs3J +AQAd0LUdoa7vXjYANrOuIhMyNyIAJLa5wrOiVeXe4YKD6XhcoVBiw8qSLyGqhdkm +VrGwoTwfQcrmGqOwwbFM0sCrVdz66dZGY4MvjsXsKA6p5RvZ3iuKXVhWOviIvZnE +OjNqg0omquN0QKSCWrImIzttqgm8wHgsxHV08RnprTl0UxFtrTOy+EVRBvVbGf2n +JtERdwn0xQeXof42Omr7ZPHtm8RMZM1qvxe4Wz+3NiBKzDQ+7PWiaK6Nh+VO48DY +cGdqPEEECjYHQFJslxVS0xOg+8W38clAA0DmHvuwEXeA+uwXJIjK5hcbtPOyOLy/ +wpjsaRTJLnWZbBZ4zMU22Q/w -----END CERTIFICATE----- Certificate: Data: @@ -98,8 +98,8 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com Validity - Not Before: Dec 30 19:12:46 2015 GMT - Not After : Sep 25 19:12:46 2018 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL intermediate CA 1/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -140,27 +140,27 @@ Certificate: OCSP - URI:http://127.0.0.1:22220 Signature Algorithm: sha256WithRSAEncryption - 0f:a2:19:93:09:2f:c8:c5:91:62:2b:1e:9c:69:93:ea:5f:f1: - 5e:b8:15:8e:0f:c9:82:08:3a:6b:60:3f:ad:1b:fa:47:94:a7: - 31:33:34:6c:cf:09:63:fd:8c:de:62:c4:2e:5f:71:19:2e:a8: - 96:63:37:16:e7:bf:37:67:2d:46:36:72:d0:e4:03:a7:89:a1: - e4:4c:2f:76:31:79:0d:84:ae:c8:61:cf:98:03:2f:12:fc:17: - 60:60:88:b0:96:a0:a8:59:f5:96:1d:3d:1e:e0:c0:26:fd:1b: - 3e:42:73:ad:1d:39:0f:ff:d9:f0:71:52:e3:9a:9b:7a:b4:a2: - af:50:e7:33:7f:66:40:65:bd:31:0c:c9:21:b0:d1:3f:df:b6: - 77:e5:05:ca:24:b9:72:c9:82:c6:9f:be:12:f6:5d:39:34:b7: - 20:df:e1:24:c3:b2:fe:98:b6:d3:6c:3e:43:62:6b:e2:6d:56: - 65:99:3e:aa:2e:a8:cb:82:2d:9b:11:da:8a:b6:63:20:12:c7: - a0:5b:5d:5b:09:29:47:50:ad:4e:1f:68:29:d2:d9:0e:5f:5c: - 83:e8:e6:fd:c7:e5:f9:14:0d:14:8e:6e:34:dd:4f:ec:01:75: - 54:2d:24:c8:c6:98:c3:7f:d8:1d:4f:c5:ae:e0:b2:8e:f5:a8: - bb:4b:1f:aa + 18:a3:09:fe:c3:53:c7:ce:11:f0:36:86:43:9c:46:9b:43:42: + a0:20:6e:b6:32:29:34:22:fa:27:a1:00:0c:e5:51:c3:35:7b: + 2f:ce:2c:48:7f:47:cf:1b:45:f9:30:b2:d0:17:15:a0:c3:a8: + 3a:e4:5f:a4:96:e4:25:ea:4e:80:90:2e:8d:f5:19:98:ae:2a: + 6d:39:f0:06:8f:e6:0b:c4:2b:dd:07:4a:ad:3d:34:11:79:3d: + 15:db:65:c6:33:60:6b:2f:2d:47:26:bb:91:53:28:35:5c:fd: + 57:3b:27:1b:a1:85:03:24:74:84:f4:f2:b2:e3:53:41:83:9c: + 6b:5a:0c:0f:3b:c4:5f:a7:4b:8b:04:f2:0d:f5:81:aa:16:33: + d2:f4:f5:8d:83:c1:10:2d:57:55:f8:d3:16:62:27:50:b2:57: + 20:1d:a3:07:0c:b8:8d:c5:5a:2f:d9:d3:c4:6a:c3:1e:51:10: + de:7e:60:cf:d0:78:2c:00:d4:da:df:de:de:ee:ed:1d:25:da: + 6c:9f:57:69:2a:f1:a2:6c:8a:fe:72:c0:57:9f:f8:6e:b7:47: + f1:4f:f6:4b:9c:a2:2a:d2:10:9c:4e:bc:b4:8a:a2:8e:51:5a: + c1:e7:9c:f1:7c:9c:f9:7d:d7:9c:8f:ed:e9:57:91:0a:6c:4b: + b4:ac:6f:30 -----BEGIN CERTIFICATE----- MIIE8DCCA9igAwIBAgIBATANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM -IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx -MjMwMTkxMjQ2WhcNMTgwOTI1MTkxMjQ2WjCBoTELMAkGA1UEBhMCVVMxEzARBgNV +IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTgw +NDEzMTUyMzEwWhcNMjEwMTA3MTUyMzEwWjCBoTELMAkGA1UEBhMCVVMxEzARBgNV BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSIwIAYDVQQDDBl3b2xmU1NMIGludGVy bWVkaWF0ZSBDQSAxMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIB @@ -177,12 +177,12 @@ DAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdpbmVlcmlu ZzEYMBYGA1UEAwwPd29sZlNTTCByb290IENBMR8wHQYJKoZIhvcNAQkBFhBpbmZv QHdvbGZzc2wuY29tggFjMAsGA1UdDwQEAwIBBjAyBggrBgEFBQcBAQQmMCQwIgYI KwYBBQUHMAGGFmh0dHA6Ly8xMjcuMC4wLjE6MjIyMjAwDQYJKoZIhvcNAQELBQAD -ggEBAA+iGZMJL8jFkWIrHpxpk+pf8V64FY4PyYIIOmtgP60b+keUpzEzNGzPCWP9 -jN5ixC5fcRkuqJZjNxbnvzdnLUY2ctDkA6eJoeRML3YxeQ2Ershhz5gDLxL8F2Bg -iLCWoKhZ9ZYdPR7gwCb9Gz5Cc60dOQ//2fBxUuOam3q0oq9Q5zN/ZkBlvTEMySGw -0T/ftnflBcokuXLJgsafvhL2XTk0tyDf4STDsv6YttNsPkNia+JtVmWZPqouqMuC -LZsR2oq2YyASx6BbXVsJKUdQrU4faCnS2Q5fXIPo5v3H5fkUDRSObjTdT+wBdVQt -JMjGmMN/2B1Pxa7gso71qLtLH6o= +ggEBABijCf7DU8fOEfA2hkOcRptDQqAgbrYyKTQi+iehAAzlUcM1ey/OLEh/R88b +RfkwstAXFaDDqDrkX6SW5CXqToCQLo31GZiuKm058AaP5gvEK90HSq09NBF5PRXb +ZcYzYGsvLUcmu5FTKDVc/Vc7JxuhhQMkdIT08rLjU0GDnGtaDA87xF+nS4sE8g31 +gaoWM9L09Y2DwRAtV1X40xZiJ1CyVyAdowcMuI3FWi/Z08Rqwx5REN5+YM/QeCwA +1Nrf3t7u7R0l2myfV2kq8aJsiv5ywFef+G63R/FP9kucoirSEJxOvLSKoo5RWsHn +nPF8nPl915yP7elXkQpsS7SsbzA= -----END CERTIFICATE----- Certificate: Data: @@ -191,8 +191,8 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com Validity - Not Before: Dec 30 19:12:46 2015 GMT - Not After : Sep 25 19:12:46 2018 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -233,27 +233,27 @@ Certificate: OCSP - URI:http://127.0.0.1:22220 Signature Algorithm: sha256WithRSAEncryption - 99:a3:7d:72:17:b7:c0:cd:98:bb:55:fa:f2:ea:9f:17:81:6e: - 8e:02:25:c6:4d:42:cd:32:64:13:f4:bf:42:0c:a6:4e:39:45: - 52:92:40:ed:16:78:17:a2:45:5e:d9:19:ac:1d:d4:56:68:c8: - 55:de:65:ae:ba:72:b0:c0:57:52:5e:5b:08:d9:dd:72:ca:18: - 6e:16:61:32:9a:8b:c0:7d:3e:5a:27:bc:2d:81:aa:36:d4:44: - 26:52:07:f2:41:3b:d1:0f:2e:64:2e:a7:f8:0f:c3:0e:d3:9d: - 73:b9:24:12:e8:ca:28:db:4f:48:c2:43:bb:b7:a8:14:be:8d: - 3a:2f:d3:3a:1a:eb:5f:15:61:e3:e8:03:65:88:d5:03:7e:25: - 7a:35:8d:45:17:3f:0d:10:fd:8e:27:31:65:ee:de:9d:5c:68: - 7f:68:95:bc:85:5a:fa:2a:10:37:82:ca:11:84:9b:90:1e:23: - d6:2b:a6:c5:af:89:ef:31:37:56:0a:91:9e:0f:5b:3e:6c:c1: - 7d:29:cd:bb:38:3f:0e:cb:fb:05:04:e6:4f:5c:6a:c5:b6:a4: - 0f:0b:6a:25:bf:e9:ed:82:19:bb:6b:9a:2e:7d:40:58:0b:45: - 0e:ff:c2:73:39:9c:c2:ef:f4:7c:d0:9e:ae:c9:05:e1:e3:5e: - bf:dd:65:6d + 6b:10:b1:f8:cb:77:ef:72:f5:f8:fc:70:6d:18:dc:34:fe:d7: + 95:d8:fd:85:8e:ca:4b:f3:be:1f:eb:14:08:dc:23:34:78:98: + 39:d7:9f:c3:52:f6:14:3d:e9:de:5c:c2:d8:b1:4b:a8:4c:5b: + 91:42:66:da:7f:3c:e9:03:20:5e:08:0f:76:79:b9:21:10:89: + b7:73:46:44:7e:6e:28:0c:00:e4:f4:3e:65:aa:f5:c6:27:57: + 2c:bb:1d:ae:e5:94:57:a3:73:9e:6b:44:00:35:4a:f3:c7:34: + 9c:a2:a7:aa:62:9f:1d:ef:a8:6c:be:07:ad:ef:ae:ee:93:0b: + ba:c3:59:4e:90:40:2d:00:5e:f0:0f:0a:de:18:2a:b3:97:31: + 63:84:ff:18:1c:b6:d8:7d:ee:33:ed:99:f0:f5:7f:88:58:b3: + 0d:90:db:eb:44:7e:06:37:61:d4:34:b9:f6:fd:3e:8d:07:e4: + b5:b0:ae:09:ce:98:e4:b0:1b:d5:7b:53:94:dd:8a:b2:20:d6: + b0:72:f8:b1:bc:76:df:16:86:39:7b:e4:a9:15:47:57:ae:ca: + 41:d6:3a:ba:15:d1:c0:b5:38:66:0b:0f:80:8b:a2:07:b4:fc: + 80:1f:a3:4c:1f:d2:65:97:c1:2c:ae:46:31:61:49:0d:d7:5f: + ac:d2:a6:05 -----BEGIN CERTIFICATE----- MIIE5jCCA86gAwIBAgIBYzANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM -IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx -MjMwMTkxMjQ2WhcNMTgwOTI1MTkxMjQ2WjCBlzELMAkGA1UEBhMCVVMxEzARBgNV +IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTgw +NDEzMTUyMzEwWhcNMjEwMTA3MTUyMzEwWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NMIHJvb3Qg Q0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3 @@ -269,11 +269,11 @@ A1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUx EDAOBgNVBAoMB3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQD DA93b2xmU1NMIHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j b22CAWMwCwYDVR0PBAQDAgEGMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYW -aHR0cDovLzEyNy4wLjAuMToyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAmaN9che3 -wM2Yu1X68uqfF4FujgIlxk1CzTJkE/S/QgymTjlFUpJA7RZ4F6JFXtkZrB3UVmjI -Vd5lrrpysMBXUl5bCNndcsoYbhZhMpqLwH0+Wie8LYGqNtREJlIH8kE70Q8uZC6n -+A/DDtOdc7kkEujKKNtPSMJDu7eoFL6NOi/TOhrrXxVh4+gDZYjVA34lejWNRRc/ -DRD9jicxZe7enVxof2iVvIVa+ioQN4LKEYSbkB4j1iumxa+J7zE3VgqRng9bPmzB -fSnNuzg/Dsv7BQTmT1xqxbakDwtqJb/p7YIZu2uaLn1AWAtFDv/Cczmcwu/0fNCe -rskF4eNev91lbQ== +aHR0cDovLzEyNy4wLjAuMToyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAaxCx+Mt3 +73L1+PxwbRjcNP7Xldj9hY7KS/O+H+sUCNwjNHiYOdefw1L2FD3p3lzC2LFLqExb +kUJm2n886QMgXggPdnm5IRCJt3NGRH5uKAwA5PQ+Zar1xidXLLsdruWUV6NznmtE +ADVK88c0nKKnqmKfHe+obL4Hre+u7pMLusNZTpBALQBe8A8K3hgqs5cxY4T/GBy2 +2H3uM+2Z8PV/iFizDZDb60R+Bjdh1DS59v0+jQfktbCuCc6Y5LAb1XtTlN2KsiDW +sHL4sbx23xaGOXvkqRVHV67KQdY6uhXRwLU4ZgsPgIuiB7T8gB+jTB/SZZfBLK5G +MWFJDddfrNKmBQ== -----END CERTIFICATE----- diff --git a/certs/ocsp/server3-cert.pem b/certs/ocsp/server3-cert.pem index 7f1873535..34cc27c12 100644 --- a/certs/ocsp/server3-cert.pem +++ b/certs/ocsp/server3-cert.pem @@ -5,8 +5,8 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL intermediate CA 2/emailAddress=info@wolfssl.com Validity - Not Before: Dec 30 19:12:46 2015 GMT - Not After : Sep 25 19:12:46 2018 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=www3.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -47,27 +47,27 @@ Certificate: OCSP - URI:http://127.0.0.1:22222 Signature Algorithm: sha256WithRSAEncryption - 3a:2f:11:d6:45:96:cc:68:80:ed:dd:25:1f:1c:b2:b2:c8:42: - 71:11:ed:3b:f8:69:73:d3:bc:49:38:0e:5f:f8:bb:a1:69:a0: - fe:bd:a0:6f:c2:68:74:4c:c8:c0:cc:00:83:6b:b2:c3:15:3c: - bb:08:51:3e:2a:36:2e:f7:48:00:a0:74:11:b7:db:00:56:82: - 52:17:94:b1:a6:a8:82:c7:33:ac:20:ef:3d:93:e2:56:01:62: - 99:d4:c4:8e:4b:4d:bf:36:1e:f7:bb:83:85:81:6d:46:fb:8d: - c2:12:99:87:ae:7a:fd:83:3c:df:7b:51:12:79:44:4f:df:17: - 74:d5:d9:ab:19:d3:49:8b:33:4c:82:e4:83:1a:4d:fa:d3:84: - ea:37:86:58:77:93:41:2e:f9:30:3a:09:d6:72:3a:aa:d8:e7: - 13:f6:2f:80:7a:47:fc:c8:c2:98:34:07:ca:ed:21:c5:3f:21: - fb:f2:1a:4c:cb:ff:fb:db:7d:6c:1b:f2:4a:1d:58:43:8f:58: - 3c:c8:de:80:c8:79:fa:0a:97:a1:02:a8:5b:b6:96:ed:b7:24: - 9e:ac:79:b6:e1:e6:3f:f1:66:8e:4d:22:47:a2:df:90:f2:d1: - 0a:3c:be:bb:ce:34:46:e5:c2:13:50:e9:8c:49:e7:31:51:73: - c3:b1:b5:03 + 4e:22:d8:3b:f8:92:f0:1a:0d:6f:94:a6:88:d8:27:b8:28:a4: + 86:4a:2f:4e:6e:ed:38:62:8e:6d:d8:de:33:e9:9d:c8:b1:a8: + f2:0a:66:b8:17:f0:34:79:c0:bf:4a:0b:fe:00:c3:38:db:c0: + 40:1b:84:22:58:b1:e6:60:87:c8:28:f7:52:5c:2b:02:cf:3d: + d4:28:84:3c:cb:74:8a:5a:da:4b:50:ce:95:81:ef:df:c8:dd: + 45:f0:8d:a0:62:3e:4a:b3:d8:0b:3d:d9:75:d5:0d:43:65:01: + fc:f4:70:92:ae:f9:30:6c:21:7c:17:d4:b6:00:1d:97:7b:e6: + 1d:c4:9f:a7:d5:00:87:e7:bd:5a:80:ba:14:9f:56:fc:f1:b5: + f8:ed:14:61:1c:24:7f:ac:39:03:41:dc:c2:da:b2:2e:df:06: + 70:6a:81:1d:6d:a6:e4:cf:f1:5a:c8:80:8d:ea:13:f3:3b:73: + 17:41:87:f2:fa:25:c8:47:73:86:d5:ba:e3:8f:ab:f7:f0:b1: + 1f:b7:33:57:0f:76:01:5c:59:55:fe:13:05:69:2c:e1:02:85: + ac:28:72:48:f7:2d:8c:6b:da:72:fa:95:d5:8f:23:1d:d0:37: + 5d:70:97:af:53:aa:37:11:5d:9e:c3:79:da:bf:c2:01:f3:32: + a2:e4:b0:bd -----BEGIN CERTIFICATE----- MIIE7jCCA9agAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSIwIAYDVQQDDBl3b2xmU1NM IGludGVybWVkaWF0ZSBDQSAyMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu -Y29tMB4XDTE1MTIzMDE5MTI0NloXDTE4MDkyNTE5MTI0NlowgZgxCzAJBgNVBAYT +Y29tMB4XDTE4MDQxMzE1MjMxMFoXDTIxMDEwNzE1MjMxMFowgZgxCzAJBgNVBAYT AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYD VQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEZMBcGA1UEAwwQd3d3 My53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCC @@ -84,12 +84,12 @@ U2VhdHRsZTEQMA4GA1UECgwHd29sZlNTTDEUMBIGA1UECwwLRW5naW5lZXJpbmcx GDAWBgNVBAMMD3dvbGZTU0wgcm9vdCBDQTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3 b2xmc3NsLmNvbYIBAjALBgNVHQ8EBAMCBeAwMgYIKwYBBQUHAQEEJjAkMCIGCCsG AQUFBzABhhZodHRwOi8vMTI3LjAuMC4xOjIyMjIyMA0GCSqGSIb3DQEBCwUAA4IB -AQA6LxHWRZbMaIDt3SUfHLKyyEJxEe07+Glz07xJOA5f+LuhaaD+vaBvwmh0TMjA -zACDa7LDFTy7CFE+KjYu90gAoHQRt9sAVoJSF5SxpqiCxzOsIO89k+JWAWKZ1MSO -S02/Nh73u4OFgW1G+43CEpmHrnr9gzzfe1ESeURP3xd01dmrGdNJizNMguSDGk36 -04TqN4ZYd5NBLvkwOgnWcjqq2OcT9i+Aekf8yMKYNAfK7SHFPyH78hpMy//7231s -G/JKHVhDj1g8yN6AyHn6CpehAqhbtpbttySerHm24eY/8WaOTSJHot+Q8tEKPL67 -zjRG5cITUOmMSecxUXPDsbUD +AQBOItg7+JLwGg1vlKaI2Ce4KKSGSi9Obu04Yo5t2N4z6Z3IsajyCma4F/A0ecC/ +Sgv+AMM428BAG4QiWLHmYIfIKPdSXCsCzz3UKIQ8y3SKWtpLUM6Vge/fyN1F8I2g +Yj5Ks9gLPdl11Q1DZQH89HCSrvkwbCF8F9S2AB2Xe+YdxJ+n1QCH571agLoUn1b8 +8bX47RRhHCR/rDkDQdzC2rIu3wZwaoEdbabkz/FayICN6hPzO3MXQYfy+iXIR3OG +1brjj6v38LEftzNXD3YBXFlV/hMFaSzhAoWsKHJI9y2Ma9py+pXVjyMd0DddcJev +U6o3EV2ew3nav8IB8zKi5LC9 -----END CERTIFICATE----- Certificate: Data: @@ -98,8 +98,8 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com Validity - Not Before: Dec 30 19:12:46 2015 GMT - Not After : Sep 25 19:12:46 2018 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL intermediate CA 2/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -140,27 +140,27 @@ Certificate: OCSP - URI:http://127.0.0.1:22220 Signature Algorithm: sha256WithRSAEncryption - 1d:d6:14:6c:f5:cc:f9:c9:0d:c4:27:c1:50:49:ab:d7:39:6e: - 86:31:cf:67:99:c0:5d:37:d0:14:ee:d8:e3:da:17:a5:82:c2: - 25:86:33:28:0d:f6:ca:6b:7a:c7:72:f1:d8:b9:20:27:ee:0c: - 7d:77:e5:8b:03:46:9a:f8:99:6a:8e:57:1a:c9:a2:b1:79:d6: - b6:b6:e5:1a:39:80:2e:88:2b:17:c8:b9:36:37:38:58:8a:f0: - 62:68:97:25:b5:7a:62:5c:4d:22:2c:30:62:0c:11:f0:4d:70: - 95:c7:2d:9e:ab:c5:ef:2e:a4:29:25:8b:e2:e4:d2:9d:2c:5e: - 60:79:36:98:13:a8:38:6c:00:0d:6a:f0:11:3c:3f:d8:f9:6b: - 16:d1:61:f9:db:53:56:02:43:56:a8:01:3b:88:77:91:a5:6e: - a0:ab:2c:6c:e6:ec:cf:ff:5a:07:94:ea:49:92:d4:87:98:f8: - 89:f0:f7:4f:77:b0:df:c9:89:03:76:d9:31:30:86:f7:e9:8a: - 74:fa:f2:b2:f3:4d:f7:43:41:48:9c:1f:db:ea:23:e3:1e:4c: - 15:76:92:e0:f8:ce:71:35:fd:25:f0:97:cd:99:5d:2c:af:33: - 64:5e:bd:be:35:e3:53:78:6c:10:c8:0e:cc:83:e5:d9:2e:7a: - d9:6d:52:95 + 92:6e:c1:af:88:af:46:f2:6e:8a:8c:27:06:8e:b4:38:35:9b: + 47:92:24:20:e5:a5:13:d8:35:d3:2e:37:ca:74:47:e5:16:a3: + 03:63:16:b4:28:2b:d9:04:ab:ee:e4:0a:e5:87:da:d4:00:3a: + 53:c6:c9:25:6a:8f:49:d2:2e:34:f2:40:65:6e:02:fc:b9:42: + 3f:ef:cb:8c:79:84:03:84:dc:a0:68:1e:c7:c7:36:8c:60:14: + 55:f2:5f:f9:c1:3f:2b:f6:a2:1e:34:1f:83:ba:73:bc:b7:62: + bc:97:66:84:09:b9:2d:76:71:c8:91:fd:e2:e1:39:cf:dd:ec: + 98:a8:49:69:89:a8:18:2a:42:e7:fc:ab:2c:cf:13:ab:63:fe: + b0:19:ea:1a:38:22:16:11:31:34:43:fc:50:c6:ec:19:97:03: + db:e8:07:28:48:88:3a:e5:35:a2:fd:83:12:df:55:70:72:61: + 0d:f8:66:18:52:58:c9:46:97:86:31:9e:a2:43:0c:b9:0f:d3: + eb:35:c9:e5:19:4e:b4:8b:d2:ac:ea:bf:83:2a:48:9d:20:a0: + 08:45:60:92:8a:27:06:93:77:74:bb:0e:22:8e:54:17:f2:d4: + e7:7f:f3:90:4d:cc:75:e7:16:c5:9c:4a:cf:dc:f2:19:18:12: + f5:72:8e:2e -----BEGIN CERTIFICATE----- MIIE8DCCA9igAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM -IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx -MjMwMTkxMjQ2WhcNMTgwOTI1MTkxMjQ2WjCBoTELMAkGA1UEBhMCVVMxEzARBgNV +IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTgw +NDEzMTUyMzEwWhcNMjEwMTA3MTUyMzEwWjCBoTELMAkGA1UEBhMCVVMxEzARBgNV BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSIwIAYDVQQDDBl3b2xmU1NMIGludGVy bWVkaWF0ZSBDQSAyMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIB @@ -177,12 +177,12 @@ DAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdpbmVlcmlu ZzEYMBYGA1UEAwwPd29sZlNTTCByb290IENBMR8wHQYJKoZIhvcNAQkBFhBpbmZv QHdvbGZzc2wuY29tggFjMAsGA1UdDwQEAwIBBjAyBggrBgEFBQcBAQQmMCQwIgYI KwYBBQUHMAGGFmh0dHA6Ly8xMjcuMC4wLjE6MjIyMjAwDQYJKoZIhvcNAQELBQAD -ggEBAB3WFGz1zPnJDcQnwVBJq9c5boYxz2eZwF030BTu2OPaF6WCwiWGMygN9spr -esdy8di5ICfuDH135YsDRpr4mWqOVxrJorF51ra25Ro5gC6IKxfIuTY3OFiK8GJo -lyW1emJcTSIsMGIMEfBNcJXHLZ6rxe8upCkli+Lk0p0sXmB5NpgTqDhsAA1q8BE8 -P9j5axbRYfnbU1YCQ1aoATuId5GlbqCrLGzm7M//WgeU6kmS1IeY+Inw9093sN/J -iQN22TEwhvfpinT68rLzTfdDQUicH9vqI+MeTBV2kuD4znE1/SXwl82ZXSyvM2Re -vb4141N4bBDIDsyD5dkuetltUpU= +ggEBAJJuwa+Ir0byboqMJwaOtDg1m0eSJCDlpRPYNdMuN8p0R+UWowNjFrQoK9kE +q+7kCuWH2tQAOlPGySVqj0nSLjTyQGVuAvy5Qj/vy4x5hAOE3KBoHsfHNoxgFFXy +X/nBPyv2oh40H4O6c7y3YryXZoQJuS12cciR/eLhOc/d7JioSWmJqBgqQuf8qyzP +E6tj/rAZ6ho4IhYRMTRD/FDG7BmXA9voByhIiDrlNaL9gxLfVXByYQ34ZhhSWMlG +l4YxnqJDDLkP0+s1yeUZTrSL0qzqv4MqSJ0goAhFYJKKJwaTd3S7DiKOVBfy1Od/ +85BNzHXnFsWcSs/c8hkYEvVyji4= -----END CERTIFICATE----- Certificate: Data: @@ -191,8 +191,8 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com Validity - Not Before: Dec 30 19:12:46 2015 GMT - Not After : Sep 25 19:12:46 2018 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -233,27 +233,27 @@ Certificate: OCSP - URI:http://127.0.0.1:22220 Signature Algorithm: sha256WithRSAEncryption - 99:a3:7d:72:17:b7:c0:cd:98:bb:55:fa:f2:ea:9f:17:81:6e: - 8e:02:25:c6:4d:42:cd:32:64:13:f4:bf:42:0c:a6:4e:39:45: - 52:92:40:ed:16:78:17:a2:45:5e:d9:19:ac:1d:d4:56:68:c8: - 55:de:65:ae:ba:72:b0:c0:57:52:5e:5b:08:d9:dd:72:ca:18: - 6e:16:61:32:9a:8b:c0:7d:3e:5a:27:bc:2d:81:aa:36:d4:44: - 26:52:07:f2:41:3b:d1:0f:2e:64:2e:a7:f8:0f:c3:0e:d3:9d: - 73:b9:24:12:e8:ca:28:db:4f:48:c2:43:bb:b7:a8:14:be:8d: - 3a:2f:d3:3a:1a:eb:5f:15:61:e3:e8:03:65:88:d5:03:7e:25: - 7a:35:8d:45:17:3f:0d:10:fd:8e:27:31:65:ee:de:9d:5c:68: - 7f:68:95:bc:85:5a:fa:2a:10:37:82:ca:11:84:9b:90:1e:23: - d6:2b:a6:c5:af:89:ef:31:37:56:0a:91:9e:0f:5b:3e:6c:c1: - 7d:29:cd:bb:38:3f:0e:cb:fb:05:04:e6:4f:5c:6a:c5:b6:a4: - 0f:0b:6a:25:bf:e9:ed:82:19:bb:6b:9a:2e:7d:40:58:0b:45: - 0e:ff:c2:73:39:9c:c2:ef:f4:7c:d0:9e:ae:c9:05:e1:e3:5e: - bf:dd:65:6d + 6b:10:b1:f8:cb:77:ef:72:f5:f8:fc:70:6d:18:dc:34:fe:d7: + 95:d8:fd:85:8e:ca:4b:f3:be:1f:eb:14:08:dc:23:34:78:98: + 39:d7:9f:c3:52:f6:14:3d:e9:de:5c:c2:d8:b1:4b:a8:4c:5b: + 91:42:66:da:7f:3c:e9:03:20:5e:08:0f:76:79:b9:21:10:89: + b7:73:46:44:7e:6e:28:0c:00:e4:f4:3e:65:aa:f5:c6:27:57: + 2c:bb:1d:ae:e5:94:57:a3:73:9e:6b:44:00:35:4a:f3:c7:34: + 9c:a2:a7:aa:62:9f:1d:ef:a8:6c:be:07:ad:ef:ae:ee:93:0b: + ba:c3:59:4e:90:40:2d:00:5e:f0:0f:0a:de:18:2a:b3:97:31: + 63:84:ff:18:1c:b6:d8:7d:ee:33:ed:99:f0:f5:7f:88:58:b3: + 0d:90:db:eb:44:7e:06:37:61:d4:34:b9:f6:fd:3e:8d:07:e4: + b5:b0:ae:09:ce:98:e4:b0:1b:d5:7b:53:94:dd:8a:b2:20:d6: + b0:72:f8:b1:bc:76:df:16:86:39:7b:e4:a9:15:47:57:ae:ca: + 41:d6:3a:ba:15:d1:c0:b5:38:66:0b:0f:80:8b:a2:07:b4:fc: + 80:1f:a3:4c:1f:d2:65:97:c1:2c:ae:46:31:61:49:0d:d7:5f: + ac:d2:a6:05 -----BEGIN CERTIFICATE----- MIIE5jCCA86gAwIBAgIBYzANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM -IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx -MjMwMTkxMjQ2WhcNMTgwOTI1MTkxMjQ2WjCBlzELMAkGA1UEBhMCVVMxEzARBgNV +IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTgw +NDEzMTUyMzEwWhcNMjEwMTA3MTUyMzEwWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NMIHJvb3Qg Q0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3 @@ -269,11 +269,11 @@ A1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUx EDAOBgNVBAoMB3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQD DA93b2xmU1NMIHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j b22CAWMwCwYDVR0PBAQDAgEGMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYW -aHR0cDovLzEyNy4wLjAuMToyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAmaN9che3 -wM2Yu1X68uqfF4FujgIlxk1CzTJkE/S/QgymTjlFUpJA7RZ4F6JFXtkZrB3UVmjI -Vd5lrrpysMBXUl5bCNndcsoYbhZhMpqLwH0+Wie8LYGqNtREJlIH8kE70Q8uZC6n -+A/DDtOdc7kkEujKKNtPSMJDu7eoFL6NOi/TOhrrXxVh4+gDZYjVA34lejWNRRc/ -DRD9jicxZe7enVxof2iVvIVa+ioQN4LKEYSbkB4j1iumxa+J7zE3VgqRng9bPmzB -fSnNuzg/Dsv7BQTmT1xqxbakDwtqJb/p7YIZu2uaLn1AWAtFDv/Cczmcwu/0fNCe -rskF4eNev91lbQ== +aHR0cDovLzEyNy4wLjAuMToyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAaxCx+Mt3 +73L1+PxwbRjcNP7Xldj9hY7KS/O+H+sUCNwjNHiYOdefw1L2FD3p3lzC2LFLqExb +kUJm2n886QMgXggPdnm5IRCJt3NGRH5uKAwA5PQ+Zar1xidXLLsdruWUV6NznmtE +ADVK88c0nKKnqmKfHe+obL4Hre+u7pMLusNZTpBALQBe8A8K3hgqs5cxY4T/GBy2 +2H3uM+2Z8PV/iFizDZDb60R+Bjdh1DS59v0+jQfktbCuCc6Y5LAb1XtTlN2KsiDW +sHL4sbx23xaGOXvkqRVHV67KQdY6uhXRwLU4ZgsPgIuiB7T8gB+jTB/SZZfBLK5G +MWFJDddfrNKmBQ== -----END CERTIFICATE----- diff --git a/certs/ocsp/server4-cert.pem b/certs/ocsp/server4-cert.pem index d9909f676..95eb15a0a 100644 --- a/certs/ocsp/server4-cert.pem +++ b/certs/ocsp/server4-cert.pem @@ -5,8 +5,8 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL intermediate CA 2/emailAddress=info@wolfssl.com Validity - Not Before: Dec 30 19:12:46 2015 GMT - Not After : Sep 25 19:12:46 2018 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=www4.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -47,27 +47,27 @@ Certificate: OCSP - URI:http://127.0.0.1:22222 Signature Algorithm: sha256WithRSAEncryption - 33:15:a7:22:85:5d:69:97:b2:33:1b:39:8f:0b:0f:57:d6:84: - 99:eb:53:e9:35:14:a2:93:9c:11:45:01:6e:45:c7:5b:b7:fc: - 7c:2c:a9:e5:34:0f:f2:79:26:a0:4b:99:f8:16:ec:f1:e1:15: - 2c:09:d5:f9:7f:c5:8a:ef:16:d7:85:e6:d4:87:35:cd:9d:a2: - 6f:c6:f6:39:f6:b7:57:1d:e8:bf:01:71:d5:0b:8d:99:db:84: - ab:39:36:24:80:bd:ef:ca:04:2d:f1:fa:fa:a9:4e:e1:e1:28: - 58:0c:81:8e:ed:2f:f8:41:91:2d:49:2d:05:55:6d:fd:c1:47: - 01:a9:f8:92:13:29:62:7b:a6:7d:f0:04:dd:54:9b:e2:23:95: - 63:91:2c:16:10:b1:af:5a:5e:e4:fc:6d:94:76:bb:2a:1f:c2: - 12:01:8e:7f:1e:22:d7:71:e0:60:5b:af:a2:25:b8:bd:7e:88: - fe:46:17:63:8c:b7:71:db:da:74:17:4e:8e:c6:93:9c:73:77: - 4d:6e:9c:75:75:7b:76:fe:6b:ad:00:7a:58:da:c0:f4:2a:be: - ef:88:74:5a:80:3f:79:9b:b7:1e:e8:5f:0c:da:b3:27:bb:1f: - aa:dd:ad:cb:4f:00:fe:c6:fe:c2:44:06:49:01:4f:a8:ff:24: - 64:6b:ae:9a + 18:72:41:57:9a:c3:fa:b0:30:f4:bc:16:81:bf:3a:38:99:d2: + ac:24:b9:80:24:57:d2:9b:e6:29:ad:5d:7c:7c:f7:50:dd:9d: + 0b:0f:90:b5:cb:96:a1:19:3f:5b:6d:28:52:ee:a4:bb:28:3e: + 38:54:73:bb:9a:13:91:3d:f5:57:cf:bc:a8:21:64:dc:5c:d1: + 19:94:a6:8a:80:f8:92:e4:10:f9:19:c2:2b:b3:78:6b:2c:3d: + 81:9c:e9:3d:61:78:01:34:dd:f1:be:54:db:31:54:ed:ef:67: + a3:9b:c1:a1:5b:9b:ce:be:23:3a:6b:ab:92:34:1b:a1:d6:0b: + 1d:65:8a:cd:e2:f3:d1:ce:a9:c5:bf:19:a9:25:15:e6:98:f5: + 3f:3f:fa:22:72:48:a6:65:64:06:74:0c:49:bd:fe:7d:4e:5b: + 23:20:a8:a7:18:0e:7a:39:7e:d2:1f:a6:03:c2:31:6e:ce:49: + de:81:3c:7d:9f:1c:39:bb:df:8b:5c:58:8f:7a:08:77:f7:f8: + e3:f0:fe:14:73:0f:40:35:6a:1c:5a:46:79:b8:8b:4e:dd:75: + e0:55:89:57:d9:19:43:91:ca:66:39:00:7e:9b:0d:b2:3d:fc: + 35:7e:15:74:ed:36:61:94:7b:37:e2:17:37:4a:43:63:2e:24: + a7:e6:01:cb -----BEGIN CERTIFICATE----- MIIE7jCCA9agAwIBAgIBCDANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSIwIAYDVQQDDBl3b2xmU1NM IGludGVybWVkaWF0ZSBDQSAyMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu -Y29tMB4XDTE1MTIzMDE5MTI0NloXDTE4MDkyNTE5MTI0NlowgZgxCzAJBgNVBAYT +Y29tMB4XDTE4MDQxMzE1MjMxMFoXDTIxMDEwNzE1MjMxMFowgZgxCzAJBgNVBAYT AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYD VQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEZMBcGA1UEAwwQd3d3 NC53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCC @@ -84,12 +84,12 @@ U2VhdHRsZTEQMA4GA1UECgwHd29sZlNTTDEUMBIGA1UECwwLRW5naW5lZXJpbmcx GDAWBgNVBAMMD3dvbGZTU0wgcm9vdCBDQTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3 b2xmc3NsLmNvbYIBAjALBgNVHQ8EBAMCBeAwMgYIKwYBBQUHAQEEJjAkMCIGCCsG AQUFBzABhhZodHRwOi8vMTI3LjAuMC4xOjIyMjIyMA0GCSqGSIb3DQEBCwUAA4IB -AQAzFacihV1pl7IzGzmPCw9X1oSZ61PpNRSik5wRRQFuRcdbt/x8LKnlNA/yeSag -S5n4Fuzx4RUsCdX5f8WK7xbXhebUhzXNnaJvxvY59rdXHei/AXHVC42Z24SrOTYk -gL3vygQt8fr6qU7h4ShYDIGO7S/4QZEtSS0FVW39wUcBqfiSEylie6Z98ATdVJvi -I5VjkSwWELGvWl7k/G2UdrsqH8ISAY5/HiLXceBgW6+iJbi9foj+RhdjjLdx29p0 -F06OxpOcc3dNbpx1dXt2/mutAHpY2sD0Kr7viHRagD95m7ce6F8M2rMnux+q3a3L -TwD+xv7CRAZJAU+o/yRka66a +AQAYckFXmsP6sDD0vBaBvzo4mdKsJLmAJFfSm+YprV18fPdQ3Z0LD5C1y5ahGT9b +bShS7qS7KD44VHO7mhORPfVXz7yoIWTcXNEZlKaKgPiS5BD5GcIrs3hrLD2BnOk9 +YXgBNN3xvlTbMVTt72ejm8GhW5vOviM6a6uSNBuh1gsdZYrN4vPRzqnFvxmpJRXm +mPU/P/oickimZWQGdAxJvf59TlsjIKinGA56OX7SH6YDwjFuzknegTx9nxw5u9+L +XFiPegh39/jj8P4Ucw9ANWocWkZ5uItO3XXgVYlX2RlDkcpmOQB+mw2yPfw1fhV0 +7TZhlHs34hc3SkNjLiSn5gHL -----END CERTIFICATE----- Certificate: Data: @@ -98,8 +98,8 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com Validity - Not Before: Dec 30 19:12:46 2015 GMT - Not After : Sep 25 19:12:46 2018 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL intermediate CA 2/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -140,27 +140,27 @@ Certificate: OCSP - URI:http://127.0.0.1:22220 Signature Algorithm: sha256WithRSAEncryption - 1d:d6:14:6c:f5:cc:f9:c9:0d:c4:27:c1:50:49:ab:d7:39:6e: - 86:31:cf:67:99:c0:5d:37:d0:14:ee:d8:e3:da:17:a5:82:c2: - 25:86:33:28:0d:f6:ca:6b:7a:c7:72:f1:d8:b9:20:27:ee:0c: - 7d:77:e5:8b:03:46:9a:f8:99:6a:8e:57:1a:c9:a2:b1:79:d6: - b6:b6:e5:1a:39:80:2e:88:2b:17:c8:b9:36:37:38:58:8a:f0: - 62:68:97:25:b5:7a:62:5c:4d:22:2c:30:62:0c:11:f0:4d:70: - 95:c7:2d:9e:ab:c5:ef:2e:a4:29:25:8b:e2:e4:d2:9d:2c:5e: - 60:79:36:98:13:a8:38:6c:00:0d:6a:f0:11:3c:3f:d8:f9:6b: - 16:d1:61:f9:db:53:56:02:43:56:a8:01:3b:88:77:91:a5:6e: - a0:ab:2c:6c:e6:ec:cf:ff:5a:07:94:ea:49:92:d4:87:98:f8: - 89:f0:f7:4f:77:b0:df:c9:89:03:76:d9:31:30:86:f7:e9:8a: - 74:fa:f2:b2:f3:4d:f7:43:41:48:9c:1f:db:ea:23:e3:1e:4c: - 15:76:92:e0:f8:ce:71:35:fd:25:f0:97:cd:99:5d:2c:af:33: - 64:5e:bd:be:35:e3:53:78:6c:10:c8:0e:cc:83:e5:d9:2e:7a: - d9:6d:52:95 + 92:6e:c1:af:88:af:46:f2:6e:8a:8c:27:06:8e:b4:38:35:9b: + 47:92:24:20:e5:a5:13:d8:35:d3:2e:37:ca:74:47:e5:16:a3: + 03:63:16:b4:28:2b:d9:04:ab:ee:e4:0a:e5:87:da:d4:00:3a: + 53:c6:c9:25:6a:8f:49:d2:2e:34:f2:40:65:6e:02:fc:b9:42: + 3f:ef:cb:8c:79:84:03:84:dc:a0:68:1e:c7:c7:36:8c:60:14: + 55:f2:5f:f9:c1:3f:2b:f6:a2:1e:34:1f:83:ba:73:bc:b7:62: + bc:97:66:84:09:b9:2d:76:71:c8:91:fd:e2:e1:39:cf:dd:ec: + 98:a8:49:69:89:a8:18:2a:42:e7:fc:ab:2c:cf:13:ab:63:fe: + b0:19:ea:1a:38:22:16:11:31:34:43:fc:50:c6:ec:19:97:03: + db:e8:07:28:48:88:3a:e5:35:a2:fd:83:12:df:55:70:72:61: + 0d:f8:66:18:52:58:c9:46:97:86:31:9e:a2:43:0c:b9:0f:d3: + eb:35:c9:e5:19:4e:b4:8b:d2:ac:ea:bf:83:2a:48:9d:20:a0: + 08:45:60:92:8a:27:06:93:77:74:bb:0e:22:8e:54:17:f2:d4: + e7:7f:f3:90:4d:cc:75:e7:16:c5:9c:4a:cf:dc:f2:19:18:12: + f5:72:8e:2e -----BEGIN CERTIFICATE----- MIIE8DCCA9igAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM -IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx -MjMwMTkxMjQ2WhcNMTgwOTI1MTkxMjQ2WjCBoTELMAkGA1UEBhMCVVMxEzARBgNV +IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTgw +NDEzMTUyMzEwWhcNMjEwMTA3MTUyMzEwWjCBoTELMAkGA1UEBhMCVVMxEzARBgNV BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSIwIAYDVQQDDBl3b2xmU1NMIGludGVy bWVkaWF0ZSBDQSAyMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIB @@ -177,12 +177,12 @@ DAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdpbmVlcmlu ZzEYMBYGA1UEAwwPd29sZlNTTCByb290IENBMR8wHQYJKoZIhvcNAQkBFhBpbmZv QHdvbGZzc2wuY29tggFjMAsGA1UdDwQEAwIBBjAyBggrBgEFBQcBAQQmMCQwIgYI KwYBBQUHMAGGFmh0dHA6Ly8xMjcuMC4wLjE6MjIyMjAwDQYJKoZIhvcNAQELBQAD -ggEBAB3WFGz1zPnJDcQnwVBJq9c5boYxz2eZwF030BTu2OPaF6WCwiWGMygN9spr -esdy8di5ICfuDH135YsDRpr4mWqOVxrJorF51ra25Ro5gC6IKxfIuTY3OFiK8GJo -lyW1emJcTSIsMGIMEfBNcJXHLZ6rxe8upCkli+Lk0p0sXmB5NpgTqDhsAA1q8BE8 -P9j5axbRYfnbU1YCQ1aoATuId5GlbqCrLGzm7M//WgeU6kmS1IeY+Inw9093sN/J -iQN22TEwhvfpinT68rLzTfdDQUicH9vqI+MeTBV2kuD4znE1/SXwl82ZXSyvM2Re -vb4141N4bBDIDsyD5dkuetltUpU= +ggEBAJJuwa+Ir0byboqMJwaOtDg1m0eSJCDlpRPYNdMuN8p0R+UWowNjFrQoK9kE +q+7kCuWH2tQAOlPGySVqj0nSLjTyQGVuAvy5Qj/vy4x5hAOE3KBoHsfHNoxgFFXy +X/nBPyv2oh40H4O6c7y3YryXZoQJuS12cciR/eLhOc/d7JioSWmJqBgqQuf8qyzP +E6tj/rAZ6ho4IhYRMTRD/FDG7BmXA9voByhIiDrlNaL9gxLfVXByYQ34ZhhSWMlG +l4YxnqJDDLkP0+s1yeUZTrSL0qzqv4MqSJ0goAhFYJKKJwaTd3S7DiKOVBfy1Od/ +85BNzHXnFsWcSs/c8hkYEvVyji4= -----END CERTIFICATE----- Certificate: Data: @@ -191,8 +191,8 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com Validity - Not Before: Dec 30 19:12:46 2015 GMT - Not After : Sep 25 19:12:46 2018 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -233,27 +233,27 @@ Certificate: OCSP - URI:http://127.0.0.1:22220 Signature Algorithm: sha256WithRSAEncryption - 99:a3:7d:72:17:b7:c0:cd:98:bb:55:fa:f2:ea:9f:17:81:6e: - 8e:02:25:c6:4d:42:cd:32:64:13:f4:bf:42:0c:a6:4e:39:45: - 52:92:40:ed:16:78:17:a2:45:5e:d9:19:ac:1d:d4:56:68:c8: - 55:de:65:ae:ba:72:b0:c0:57:52:5e:5b:08:d9:dd:72:ca:18: - 6e:16:61:32:9a:8b:c0:7d:3e:5a:27:bc:2d:81:aa:36:d4:44: - 26:52:07:f2:41:3b:d1:0f:2e:64:2e:a7:f8:0f:c3:0e:d3:9d: - 73:b9:24:12:e8:ca:28:db:4f:48:c2:43:bb:b7:a8:14:be:8d: - 3a:2f:d3:3a:1a:eb:5f:15:61:e3:e8:03:65:88:d5:03:7e:25: - 7a:35:8d:45:17:3f:0d:10:fd:8e:27:31:65:ee:de:9d:5c:68: - 7f:68:95:bc:85:5a:fa:2a:10:37:82:ca:11:84:9b:90:1e:23: - d6:2b:a6:c5:af:89:ef:31:37:56:0a:91:9e:0f:5b:3e:6c:c1: - 7d:29:cd:bb:38:3f:0e:cb:fb:05:04:e6:4f:5c:6a:c5:b6:a4: - 0f:0b:6a:25:bf:e9:ed:82:19:bb:6b:9a:2e:7d:40:58:0b:45: - 0e:ff:c2:73:39:9c:c2:ef:f4:7c:d0:9e:ae:c9:05:e1:e3:5e: - bf:dd:65:6d + 6b:10:b1:f8:cb:77:ef:72:f5:f8:fc:70:6d:18:dc:34:fe:d7: + 95:d8:fd:85:8e:ca:4b:f3:be:1f:eb:14:08:dc:23:34:78:98: + 39:d7:9f:c3:52:f6:14:3d:e9:de:5c:c2:d8:b1:4b:a8:4c:5b: + 91:42:66:da:7f:3c:e9:03:20:5e:08:0f:76:79:b9:21:10:89: + b7:73:46:44:7e:6e:28:0c:00:e4:f4:3e:65:aa:f5:c6:27:57: + 2c:bb:1d:ae:e5:94:57:a3:73:9e:6b:44:00:35:4a:f3:c7:34: + 9c:a2:a7:aa:62:9f:1d:ef:a8:6c:be:07:ad:ef:ae:ee:93:0b: + ba:c3:59:4e:90:40:2d:00:5e:f0:0f:0a:de:18:2a:b3:97:31: + 63:84:ff:18:1c:b6:d8:7d:ee:33:ed:99:f0:f5:7f:88:58:b3: + 0d:90:db:eb:44:7e:06:37:61:d4:34:b9:f6:fd:3e:8d:07:e4: + b5:b0:ae:09:ce:98:e4:b0:1b:d5:7b:53:94:dd:8a:b2:20:d6: + b0:72:f8:b1:bc:76:df:16:86:39:7b:e4:a9:15:47:57:ae:ca: + 41:d6:3a:ba:15:d1:c0:b5:38:66:0b:0f:80:8b:a2:07:b4:fc: + 80:1f:a3:4c:1f:d2:65:97:c1:2c:ae:46:31:61:49:0d:d7:5f: + ac:d2:a6:05 -----BEGIN CERTIFICATE----- MIIE5jCCA86gAwIBAgIBYzANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM -IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx -MjMwMTkxMjQ2WhcNMTgwOTI1MTkxMjQ2WjCBlzELMAkGA1UEBhMCVVMxEzARBgNV +IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTgw +NDEzMTUyMzEwWhcNMjEwMTA3MTUyMzEwWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NMIHJvb3Qg Q0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3 @@ -269,11 +269,11 @@ A1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUx EDAOBgNVBAoMB3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQD DA93b2xmU1NMIHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j b22CAWMwCwYDVR0PBAQDAgEGMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYW -aHR0cDovLzEyNy4wLjAuMToyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAmaN9che3 -wM2Yu1X68uqfF4FujgIlxk1CzTJkE/S/QgymTjlFUpJA7RZ4F6JFXtkZrB3UVmjI -Vd5lrrpysMBXUl5bCNndcsoYbhZhMpqLwH0+Wie8LYGqNtREJlIH8kE70Q8uZC6n -+A/DDtOdc7kkEujKKNtPSMJDu7eoFL6NOi/TOhrrXxVh4+gDZYjVA34lejWNRRc/ -DRD9jicxZe7enVxof2iVvIVa+ioQN4LKEYSbkB4j1iumxa+J7zE3VgqRng9bPmzB -fSnNuzg/Dsv7BQTmT1xqxbakDwtqJb/p7YIZu2uaLn1AWAtFDv/Cczmcwu/0fNCe -rskF4eNev91lbQ== +aHR0cDovLzEyNy4wLjAuMToyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAaxCx+Mt3 +73L1+PxwbRjcNP7Xldj9hY7KS/O+H+sUCNwjNHiYOdefw1L2FD3p3lzC2LFLqExb +kUJm2n886QMgXggPdnm5IRCJt3NGRH5uKAwA5PQ+Zar1xidXLLsdruWUV6NznmtE +ADVK88c0nKKnqmKfHe+obL4Hre+u7pMLusNZTpBALQBe8A8K3hgqs5cxY4T/GBy2 +2H3uM+2Z8PV/iFizDZDb60R+Bjdh1DS59v0+jQfktbCuCc6Y5LAb1XtTlN2KsiDW +sHL4sbx23xaGOXvkqRVHV67KQdY6uhXRwLU4ZgsPgIuiB7T8gB+jTB/SZZfBLK5G +MWFJDddfrNKmBQ== -----END CERTIFICATE----- diff --git a/certs/ocsp/server5-cert.pem b/certs/ocsp/server5-cert.pem index 43ecf9c83..1a6b81c67 100644 --- a/certs/ocsp/server5-cert.pem +++ b/certs/ocsp/server5-cert.pem @@ -5,8 +5,8 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL REVOKED intermediate CA/emailAddress=info@wolfssl.com Validity - Not Before: Dec 30 19:12:47 2015 GMT - Not After : Sep 25 19:12:47 2018 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=www5.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -47,27 +47,27 @@ Certificate: OCSP - URI:http://127.0.0.1:22223 Signature Algorithm: sha256WithRSAEncryption - 79:1c:0f:7c:7d:e5:3d:ec:60:00:c9:a4:d6:f1:67:32:66:57: - 0a:8a:97:af:a6:53:92:c4:4d:cb:a7:3d:24:24:74:19:fb:9c: - d0:25:90:00:ba:32:e2:b2:a8:aa:61:eb:f8:7c:ca:52:5f:8c: - ef:e8:9a:d1:9d:73:a7:6e:72:04:0a:6f:d0:b3:88:de:8d:50: - c5:da:fc:e7:81:f8:12:b0:12:4a:a2:54:84:50:87:2d:ee:08: - 33:dc:2f:ae:2a:ce:57:5e:1d:57:8c:ce:90:4d:9a:a7:4e:cd: - 33:4c:f8:47:5d:9f:68:c3:2c:ed:84:b3:b6:ea:dd:1a:f4:ba: - 9d:fa:b9:a1:df:82:4a:ed:fc:3f:8c:bf:c5:5a:ab:81:93:6b: - a1:65:05:be:00:7b:6c:81:f9:2c:a7:92:60:80:70:de:8d:65: - c7:fa:51:e7:b8:02:de:c0:4d:d8:88:6f:41:18:7a:6f:f4:eb: - e1:7a:ab:f2:0d:e8:f9:9c:c4:64:fc:e8:d6:e2:c2:79:95:b1: - 0a:89:73:e6:4e:bf:35:3f:0b:9f:0c:d5:98:01:15:fe:fb:a3: - 0f:1a:75:21:10:0b:32:16:a9:4e:72:d1:de:1e:a6:df:9d:b3: - bd:2a:14:67:e0:8d:4e:a2:9d:ae:f4:08:97:a5:f7:df:fa:e1: - 00:50:1f:f7 + ba:fe:ad:1d:d4:33:69:13:86:4d:1a:ea:fc:a0:61:00:9a:bd: + 83:7d:53:3d:b5:63:a9:c8:c2:b6:10:4d:fb:5f:f2:e5:b1:e4: + 1a:9b:85:36:8f:3c:d3:09:98:4c:c5:3e:10:ed:a3:74:a5:3c: + fc:d9:b2:80:38:6c:be:f4:8b:52:40:0e:45:e8:fd:a2:29:d8: + 5c:f9:1d:14:76:3d:8d:41:74:3c:56:05:d2:a3:2e:14:5b:35: + 95:97:cf:c1:01:cf:a2:26:38:0b:76:12:bd:c4:68:f2:f5:49: + ed:7e:eb:4e:08:73:fe:82:06:8e:ce:c4:22:d5:16:ef:0e:62: + d5:f1:08:b8:2e:02:75:23:52:04:cf:cb:aa:1c:ce:77:b6:3a: + e9:78:53:c4:37:d4:cc:7f:96:5d:97:89:35:da:a6:23:77:87: + 60:4a:a8:f8:b6:e6:1a:00:c5:74:98:88:b2:01:fd:23:81:05: + f5:bb:96:60:55:ae:3b:9f:bf:c9:82:e1:24:d6:1d:1f:5d:9c: + f7:1b:cb:37:3e:4f:c8:ca:65:c1:33:69:75:62:83:bb:87:45: + 47:bd:b2:b6:55:ef:8f:7c:5f:fd:14:75:96:4f:3e:19:d8:88: + 67:5d:75:ae:77:8f:38:3f:a2:7e:f6:f8:b8:c8:57:28:10:9d: + 1e:cd:c3:5c -----BEGIN CERTIFICATE----- MIIE9DCCA9ygAwIBAgIBCTANBgkqhkiG9w0BAQsFADCBpzELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSgwJgYDVQQDDB93b2xmU1NM IFJFVk9LRUQgaW50ZXJtZWRpYXRlIENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv -bGZzc2wuY29tMB4XDTE1MTIzMDE5MTI0N1oXDTE4MDkyNTE5MTI0N1owgZgxCzAJ +bGZzc2wuY29tMB4XDTE4MDQxMzE1MjMxMFoXDTIxMDEwNzE1MjMxMFowgZgxCzAJ BgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxl MRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEZMBcGA1UE AwwQd3d3NS53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3Ns @@ -84,12 +84,12 @@ A1UEBwwHU2VhdHRsZTEQMA4GA1UECgwHd29sZlNTTDEUMBIGA1UECwwLRW5naW5l ZXJpbmcxGDAWBgNVBAMMD3dvbGZTU0wgcm9vdCBDQTEfMB0GCSqGSIb3DQEJARYQ aW5mb0B3b2xmc3NsLmNvbYIBAzALBgNVHQ8EBAMCBeAwMgYIKwYBBQUHAQEEJjAk MCIGCCsGAQUFBzABhhZodHRwOi8vMTI3LjAuMC4xOjIyMjIzMA0GCSqGSIb3DQEB -CwUAA4IBAQB5HA98feU97GAAyaTW8WcyZlcKipevplOSxE3Lpz0kJHQZ+5zQJZAA -ujLisqiqYev4fMpSX4zv6JrRnXOnbnIECm/Qs4jejVDF2vzngfgSsBJKolSEUIct -7ggz3C+uKs5XXh1XjM6QTZqnTs0zTPhHXZ9owyzthLO26t0a9Lqd+rmh34JK7fw/ -jL/FWquBk2uhZQW+AHtsgfksp5JggHDejWXH+lHnuALewE3YiG9BGHpv9Ovheqvy -Dej5nMRk/OjW4sJ5lbEKiXPmTr81PwufDNWYARX++6MPGnUhEAsyFqlOctHeHqbf -nbO9KhRn4I1Oop2u9AiXpfff+uEAUB/3 +CwUAA4IBAQC6/q0d1DNpE4ZNGur8oGEAmr2DfVM9tWOpyMK2EE37X/LlseQam4U2 +jzzTCZhMxT4Q7aN0pTz82bKAOGy+9ItSQA5F6P2iKdhc+R0Udj2NQXQ8VgXSoy4U +WzWVl8/BAc+iJjgLdhK9xGjy9UntfutOCHP+ggaOzsQi1RbvDmLV8Qi4LgJ1I1IE +z8uqHM53tjrpeFPEN9TMf5Zdl4k12qYjd4dgSqj4tuYaAMV0mIiyAf0jgQX1u5Zg +Va47n7/JguEk1h0fXZz3G8s3Pk/IymXBM2l1YoO7h0VHvbK2Ve+PfF/9FHWWTz4Z +2IhnXXWud484P6J+9vi4yFcoEJ0ezcNc -----END CERTIFICATE----- Certificate: Data: @@ -98,8 +98,8 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com Validity - Not Before: Dec 30 19:12:46 2015 GMT - Not After : Sep 25 19:12:46 2018 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL REVOKED intermediate CA/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -140,27 +140,27 @@ Certificate: OCSP - URI:http://127.0.0.1:22220 Signature Algorithm: sha256WithRSAEncryption - 9a:47:17:70:ff:92:e7:b5:51:a0:d2:5d:f3:e3:dd:90:ec:c9: - 8f:ad:61:74:30:ba:d9:60:ba:5b:cf:da:03:4f:c8:50:5a:f4: - 5e:e0:e3:a0:ce:de:43:6c:56:e0:bc:35:e9:0d:bb:53:0e:22: - 7f:21:42:6c:2a:0f:67:b2:8a:1a:f5:e8:1f:a9:a1:90:11:d0: - ec:18:90:ba:ee:cf:d4:18:28:1b:9c:96:8e:d6:48:bd:6f:66: - 79:df:04:0d:04:d3:13:69:b8:24:15:7c:3b:bc:b9:fc:1d:dd: - cc:45:a5:c1:04:c9:d3:68:a7:de:cd:1e:aa:cc:bd:3d:f4:12: - eb:3d:01:44:11:fd:1d:bd:a0:7a:4c:24:f2:39:78:17:c1:1f: - 8c:b8:ab:01:f3:98:88:ff:bd:2c:1b:43:bb:fe:37:94:65:b4: - 3c:e6:11:8c:5d:36:de:ab:84:a5:6d:30:23:dc:ad:b1:74:24: - 2a:bb:49:f0:37:ef:db:9a:eb:4e:fc:f9:a2:47:06:3a:09:9d: - 4f:c3:c6:dc:18:90:47:42:f4:bc:8d:75:be:7c:c8:d5:47:a6: - bb:c2:1e:55:16:8f:a4:62:cc:1f:7c:cf:5a:b5:41:6d:98:f4: - 15:b9:fc:5a:3e:47:75:a0:f7:b0:df:33:54:a9:7c:f0:da:3c: - 65:c2:e6:1a + 63:bf:90:58:0c:44:08:57:7d:94:7e:eb:fd:9d:90:f6:1d:a5: + 91:2a:32:38:a7:f7:39:c2:c0:9c:93:26:bc:f4:4b:81:0a:0f: + 07:2d:4f:a9:20:9a:3e:2c:24:0c:30:10:d7:be:96:ab:ee:1f: + 2c:f8:71:7c:1a:c1:ae:b7:64:e1:7e:18:53:c3:ae:d5:04:16: + f7:e5:34:c2:d1:a3:31:d4:9b:f4:b7:c1:96:1f:a7:3c:3a:bf: + fd:06:be:76:f4:da:95:f9:6f:be:4f:24:a7:0f:b0:2c:12:4d: + d6:55:ea:f8:0a:30:91:32:4f:a3:14:6d:ec:cd:85:12:1f:da: + 78:8a:b1:9a:74:fb:fd:00:45:4a:30:83:45:16:a0:8f:b7:7f: + 23:33:91:c6:81:ac:f3:9b:cd:53:6b:9a:fa:36:9b:5d:3c:72: + a8:73:4f:1e:b5:da:ba:08:3d:9b:ca:7a:d6:c2:bf:6e:9f:a5: + 9e:db:61:bc:a5:42:a7:d4:92:4a:7e:a3:3d:1b:aa:d3:c2:93: + ad:ce:3b:0e:2b:61:44:1e:3c:61:54:0d:6a:26:21:54:c6:e0: + ed:3d:da:27:cd:89:5a:f8:1f:0f:46:80:c1:f2:80:cc:52:f1: + 7f:ce:10:68:66:3f:ee:90:25:45:d4:f8:87:f9:5d:5d:74:3d: + aa:3d:43:1c -----BEGIN CERTIFICATE----- MIIE9jCCA96gAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM -IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx -MjMwMTkxMjQ2WhcNMTgwOTI1MTkxMjQ2WjCBpzELMAkGA1UEBhMCVVMxEzARBgNV +IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTgw +NDEzMTUyMzEwWhcNMjEwMTA3MTUyMzEwWjCBpzELMAkGA1UEBhMCVVMxEzARBgNV BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSgwJgYDVQQDDB93b2xmU1NMIFJFVk9L RUQgaW50ZXJtZWRpYXRlIENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu @@ -177,12 +177,12 @@ DgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdp bmVlcmluZzEYMBYGA1UEAwwPd29sZlNTTCByb290IENBMR8wHQYJKoZIhvcNAQkB FhBpbmZvQHdvbGZzc2wuY29tggFjMAsGA1UdDwQEAwIBBjAyBggrBgEFBQcBAQQm MCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly8xMjcuMC4wLjE6MjIyMjAwDQYJKoZIhvcN -AQELBQADggEBAJpHF3D/kue1UaDSXfPj3ZDsyY+tYXQwutlgulvP2gNPyFBa9F7g -46DO3kNsVuC8NekNu1MOIn8hQmwqD2eyihr16B+poZAR0OwYkLruz9QYKBuclo7W -SL1vZnnfBA0E0xNpuCQVfDu8ufwd3cxFpcEEydNop97NHqrMvT30Eus9AUQR/R29 -oHpMJPI5eBfBH4y4qwHzmIj/vSwbQ7v+N5RltDzmEYxdNt6rhKVtMCPcrbF0JCq7 -SfA379ua6078+aJHBjoJnU/DxtwYkEdC9LyNdb58yNVHprvCHlUWj6RizB98z1q1 -QW2Y9BW5/Fo+R3Wg97DfM1SpfPDaPGXC5ho= +AQELBQADggEBAGO/kFgMRAhXfZR+6/2dkPYdpZEqMjin9znCwJyTJrz0S4EKDwct +T6kgmj4sJAwwENe+lqvuHyz4cXwawa63ZOF+GFPDrtUEFvflNMLRozHUm/S3wZYf +pzw6v/0Gvnb02pX5b75PJKcPsCwSTdZV6vgKMJEyT6MUbezNhRIf2niKsZp0+/0A +RUowg0UWoI+3fyMzkcaBrPObzVNrmvo2m108cqhzTx612roIPZvKetbCv26fpZ7b +YbylQqfUkkp+oz0bqtPCk63OOw4rYUQePGFUDWomIVTG4O092ifNiVr4Hw9GgMHy +gMxS8X/OEGhmP+6QJUXU+If5XV10Pao9Qxw= -----END CERTIFICATE----- Certificate: Data: @@ -191,8 +191,8 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com Validity - Not Before: Dec 30 19:12:46 2015 GMT - Not After : Sep 25 19:12:46 2018 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -233,27 +233,27 @@ Certificate: OCSP - URI:http://127.0.0.1:22220 Signature Algorithm: sha256WithRSAEncryption - 99:a3:7d:72:17:b7:c0:cd:98:bb:55:fa:f2:ea:9f:17:81:6e: - 8e:02:25:c6:4d:42:cd:32:64:13:f4:bf:42:0c:a6:4e:39:45: - 52:92:40:ed:16:78:17:a2:45:5e:d9:19:ac:1d:d4:56:68:c8: - 55:de:65:ae:ba:72:b0:c0:57:52:5e:5b:08:d9:dd:72:ca:18: - 6e:16:61:32:9a:8b:c0:7d:3e:5a:27:bc:2d:81:aa:36:d4:44: - 26:52:07:f2:41:3b:d1:0f:2e:64:2e:a7:f8:0f:c3:0e:d3:9d: - 73:b9:24:12:e8:ca:28:db:4f:48:c2:43:bb:b7:a8:14:be:8d: - 3a:2f:d3:3a:1a:eb:5f:15:61:e3:e8:03:65:88:d5:03:7e:25: - 7a:35:8d:45:17:3f:0d:10:fd:8e:27:31:65:ee:de:9d:5c:68: - 7f:68:95:bc:85:5a:fa:2a:10:37:82:ca:11:84:9b:90:1e:23: - d6:2b:a6:c5:af:89:ef:31:37:56:0a:91:9e:0f:5b:3e:6c:c1: - 7d:29:cd:bb:38:3f:0e:cb:fb:05:04:e6:4f:5c:6a:c5:b6:a4: - 0f:0b:6a:25:bf:e9:ed:82:19:bb:6b:9a:2e:7d:40:58:0b:45: - 0e:ff:c2:73:39:9c:c2:ef:f4:7c:d0:9e:ae:c9:05:e1:e3:5e: - bf:dd:65:6d + 6b:10:b1:f8:cb:77:ef:72:f5:f8:fc:70:6d:18:dc:34:fe:d7: + 95:d8:fd:85:8e:ca:4b:f3:be:1f:eb:14:08:dc:23:34:78:98: + 39:d7:9f:c3:52:f6:14:3d:e9:de:5c:c2:d8:b1:4b:a8:4c:5b: + 91:42:66:da:7f:3c:e9:03:20:5e:08:0f:76:79:b9:21:10:89: + b7:73:46:44:7e:6e:28:0c:00:e4:f4:3e:65:aa:f5:c6:27:57: + 2c:bb:1d:ae:e5:94:57:a3:73:9e:6b:44:00:35:4a:f3:c7:34: + 9c:a2:a7:aa:62:9f:1d:ef:a8:6c:be:07:ad:ef:ae:ee:93:0b: + ba:c3:59:4e:90:40:2d:00:5e:f0:0f:0a:de:18:2a:b3:97:31: + 63:84:ff:18:1c:b6:d8:7d:ee:33:ed:99:f0:f5:7f:88:58:b3: + 0d:90:db:eb:44:7e:06:37:61:d4:34:b9:f6:fd:3e:8d:07:e4: + b5:b0:ae:09:ce:98:e4:b0:1b:d5:7b:53:94:dd:8a:b2:20:d6: + b0:72:f8:b1:bc:76:df:16:86:39:7b:e4:a9:15:47:57:ae:ca: + 41:d6:3a:ba:15:d1:c0:b5:38:66:0b:0f:80:8b:a2:07:b4:fc: + 80:1f:a3:4c:1f:d2:65:97:c1:2c:ae:46:31:61:49:0d:d7:5f: + ac:d2:a6:05 -----BEGIN CERTIFICATE----- MIIE5jCCA86gAwIBAgIBYzANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM -IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx -MjMwMTkxMjQ2WhcNMTgwOTI1MTkxMjQ2WjCBlzELMAkGA1UEBhMCVVMxEzARBgNV +IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTgw +NDEzMTUyMzEwWhcNMjEwMTA3MTUyMzEwWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NMIHJvb3Qg Q0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3 @@ -269,11 +269,11 @@ A1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUx EDAOBgNVBAoMB3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQD DA93b2xmU1NMIHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j b22CAWMwCwYDVR0PBAQDAgEGMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYW -aHR0cDovLzEyNy4wLjAuMToyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAmaN9che3 -wM2Yu1X68uqfF4FujgIlxk1CzTJkE/S/QgymTjlFUpJA7RZ4F6JFXtkZrB3UVmjI -Vd5lrrpysMBXUl5bCNndcsoYbhZhMpqLwH0+Wie8LYGqNtREJlIH8kE70Q8uZC6n -+A/DDtOdc7kkEujKKNtPSMJDu7eoFL6NOi/TOhrrXxVh4+gDZYjVA34lejWNRRc/ -DRD9jicxZe7enVxof2iVvIVa+ioQN4LKEYSbkB4j1iumxa+J7zE3VgqRng9bPmzB -fSnNuzg/Dsv7BQTmT1xqxbakDwtqJb/p7YIZu2uaLn1AWAtFDv/Cczmcwu/0fNCe -rskF4eNev91lbQ== +aHR0cDovLzEyNy4wLjAuMToyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAaxCx+Mt3 +73L1+PxwbRjcNP7Xldj9hY7KS/O+H+sUCNwjNHiYOdefw1L2FD3p3lzC2LFLqExb +kUJm2n886QMgXggPdnm5IRCJt3NGRH5uKAwA5PQ+Zar1xidXLLsdruWUV6NznmtE +ADVK88c0nKKnqmKfHe+obL4Hre+u7pMLusNZTpBALQBe8A8K3hgqs5cxY4T/GBy2 +2H3uM+2Z8PV/iFizDZDb60R+Bjdh1DS59v0+jQfktbCuCc6Y5LAb1XtTlN2KsiDW +sHL4sbx23xaGOXvkqRVHV67KQdY6uhXRwLU4ZgsPgIuiB7T8gB+jTB/SZZfBLK5G +MWFJDddfrNKmBQ== -----END CERTIFICATE----- diff --git a/certs/renewcerts.sh b/certs/renewcerts.sh index 39bcc135d..693abb9c6 100755 --- a/certs/renewcerts.sh +++ b/certs/renewcerts.sh @@ -22,6 +22,8 @@ # client-ca.pem # test/digsigku.pem # ecc-privOnlyCert.pem +# client-uri-cert.pem +# client-relative-uri.pem # updates the following crls: # crl/cliCrl.pem # crl/crl.pem @@ -45,6 +47,36 @@ function run_renewcerts(){ # To generate these all in sha1 add the flag "-sha1" on appropriate lines # That is all lines beginning with: "openssl req" + ############################################################ + #### update the self-signed (2048-bit) client-uri-cert.pem # + ############################################################ + echo "Updating 2048-bit client-uri-cert.pem" + echo "" + #pipe the following arguments to openssl req... + echo -e "US\nMontana\nBozeman\nwolfSSL_2048\nURI\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key client-key.pem -nodes -out client-cert.csr + + + openssl x509 -req -in client-cert.csr -days 1000 -extfile wolfssl.cnf -extensions uri -signkey client-key.pem -out client-uri-cert.pem + rm client-cert.csr + + openssl x509 -in client-uri-cert.pem -text > tmp.pem + mv tmp.pem client-uri-cert.pem + + ############################################################ + #### update the self-signed (2048-bit) client-relative-uri.pem + ############################################################ + echo "Updating 2048-bit client-relative-uri.pem" + echo "" + #pipe the following arguments to openssl req... + echo -e "US\nMontana\nBozeman\nwolfSSL_2048\nRELATIVE_URI\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key client-key.pem -nodes -out client-cert.csr + + + openssl x509 -req -in client-cert.csr -days 1000 -extfile wolfssl.cnf -extensions relative_uri -signkey client-key.pem -out client-relative-uri.pem + rm client-cert.csr + + openssl x509 -in client-relative-uri.pem -text > tmp.pem + mv tmp.pem client-relative-uri.pem + ############################################################ #### update the self-signed (2048-bit) client-cert.pem ##### ############################################################ diff --git a/certs/renewcerts/wolfssl.cnf b/certs/renewcerts/wolfssl.cnf index c251cc71e..421194bc2 100644 --- a/certs/renewcerts/wolfssl.cnf +++ b/certs/renewcerts/wolfssl.cnf @@ -220,6 +220,20 @@ keyUsage=critical, digitalSignature, keyEncipherment, keyAgreement extendedKeyUsage=serverAuth nsCertType=server +# test parsing URI +[ uri ] +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid:always,issuer:always +basicConstraints=CA:false +subjectAltName=URI:https://www.wolfssl.com + +# test parsing relative URI +[ relative_uri ] +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid:always,issuer:always +basicConstraints=CA:false +subjectAltName=URI:../relative/page.html + #tsa default [ tsa ] default_tsa = tsa_config1 diff --git a/certs/server-cert.der b/certs/server-cert.der index e678c3d6e..0dc446b09 100644 Binary files a/certs/server-cert.der and b/certs/server-cert.der differ diff --git a/certs/server-cert.pem b/certs/server-cert.pem index 5504c822f..c44ba3e64 100644 --- a/certs/server-cert.pem +++ b/certs/server-cert.pem @@ -5,8 +5,8 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Aug 11 20:07:37 2016 GMT - Not After : May 8 20:07:37 2019 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL, OU=Support, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -37,32 +37,32 @@ Certificate: X509v3 Authority Key Identifier: keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:B7:B6:90:33:66:1B:6B:23 + serial:86:FF:F5:8E:10:DE:B8:FB X509v3 Basic Constraints: CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 51:fe:2a:df:07:7e:43:ca:66:8d:15:c4:2b:db:57:b2:06:6d: - 0d:90:66:ff:a5:24:9c:14:ef:81:f2:a4:ab:99:a9:6a:49:20: - a5:d2:71:e7:1c:3c:99:07:c7:47:fc:e8:96:b4:f5:42:30:ce: - 39:01:4b:d1:c2:e8:bc:95:84:87:ce:55:5d:97:9f:cf:78:f3: - 56:9b:a5:08:6d:ac:f6:a5:5c:c4:ef:3e:2a:39:a6:48:26:29: - 7b:2d:e0:cd:a6:8c:57:48:0b:bb:31:32:c2:bf:d9:43:4c:47: - 25:18:81:a8:c9:33:82:41:9b:ba:61:86:d7:84:93:17:24:25: - 36:ca:4d:63:6b:4f:95:79:d8:60:e0:1e:f5:ac:c1:8a:a1:b1: - 7e:85:8e:87:20:2f:08:31:ad:5e:c6:4a:c8:61:f4:9e:07:1e: - a2:22:ed:73:7c:85:ee:fa:62:dc:50:36:aa:fd:c7:9d:aa:18: - 04:fb:ea:cc:2c:68:9b:b3:a9:c2:96:d8:c1:cc:5a:7e:f7:0d: - 9e:08:e0:9d:29:8b:84:46:8f:d3:91:6a:b5:b8:7a:5c:cc:4f: - 55:01:b8:9a:48:a0:94:43:ca:25:47:52:0a:f7:f4:be:b0:d1: - 71:6d:a5:52:4a:65:50:b2:ad:4e:1d:e0:6c:01:d8:fb:43:80: - e6:e4:0c:37 + b4:54:60:ad:a0:03:32:de:02:7f:21:4a:81:c6:ed:cd:cd:d8: + 12:8a:c0:ba:82:5b:75:ad:54:e3:7c:80:6a:ac:2e:6c:20:4e: + be:4d:82:a7:47:13:5c:f4:c6:6a:2b:10:99:58:de:ab:6b:7c: + 22:05:c1:83:9d:cb:ff:3c:e4:2d:57:6a:a6:96:df:d3:c1:68: + e3:d2:c6:83:4b:97:e2:c6:32:0e:be:c4:03:b9:07:8a:5b:b8: + 84:ba:c5:39:3f:1c:58:a7:55:d7:f0:9b:e8:d2:45:b9:e3:83: + 2e:ee:b6:71:56:b9:3a:ee:3f:27:d8:77:e8:fb:44:48:65:27: + 47:4c:fb:fe:72:c3:ac:05:7b:1d:cb:eb:5e:65:9a:ab:02:e4: + 88:5b:3b:8b:0b:c7:cc:a9:a6:8b:e1:87:b0:19:1a:0c:28:58: + 6f:99:52:7e:ed:b0:3a:68:3b:8c:0a:08:74:72:ab:b9:09:c5: + ed:04:7e:6f:0b:1c:09:21:d0:cd:7f:f9:c4:5e:27:20:e4:85: + 73:52:05:d2:ba:f8:d5:8f:41:cc:23:2e:12:6d:bc:31:98:e7: + 63:a3:8e:26:cd:e8:2b:88:ee:e2:fe:3a:74:52:34:0e:fd:12: + e5:5e:69:50:20:31:34:e4:31:f1:e7:e4:5b:03:13:da:ac:41: + 6c:e7:cf:2b -----BEGIN CERTIFICATE----- MIIEnjCCA4agAwIBAgIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz -bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTYwODEx -MjAwNzM3WhcNMTkwNTA4MjAwNzM3WjCBkDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM +bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTgwNDEz +MTUyMzEwWhcNMjEwMTA3MTUyMzEwWjCBkDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xEDAOBgNVBAoMB3dvbGZTU0wxEDAO BgNVBAsMB1N1cHBvcnQxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP @@ -76,24 +76,23 @@ sxEyyZKYhOLJ+NA7bgNCyh8OjjwwgckGA1UdIwSBwTCBvoAUJ45nEXTDJh0/7TNj s6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5h MRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwK Q29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcN -AQkBFhBpbmZvQHdvbGZzc2wuY29tggkAt7aQM2YbayMwDAYDVR0TBAUwAwEB/zAN -BgkqhkiG9w0BAQsFAAOCAQEAUf4q3wd+Q8pmjRXEK9tXsgZtDZBm/6UknBTvgfKk -q5mpakkgpdJx5xw8mQfHR/zolrT1QjDOOQFL0cLovJWEh85VXZefz3jzVpulCG2s -9qVcxO8+KjmmSCYpey3gzaaMV0gLuzEywr/ZQ0xHJRiBqMkzgkGbumGG14STFyQl -NspNY2tPlXnYYOAe9azBiqGxfoWOhyAvCDGtXsZKyGH0ngceoiLtc3yF7vpi3FA2 -qv3HnaoYBPvqzCxom7OpwpbYwcxafvcNngjgnSmLhEaP05Fqtbh6XMxPVQG4mkig -lEPKJUdSCvf0vrDRcW2lUkplULKtTh3gbAHY+0OA5uQMNw== +AQkBFhBpbmZvQHdvbGZzc2wuY29tggkAhv/1jhDeuPswDAYDVR0TBAUwAwEB/zAN +BgkqhkiG9w0BAQsFAAOCAQEAtFRgraADMt4CfyFKgcbtzc3YEorAuoJbda1U43yA +aqwubCBOvk2Cp0cTXPTGaisQmVjeq2t8IgXBg53L/zzkLVdqppbf08Fo49LGg0uX +4sYyDr7EA7kHilu4hLrFOT8cWKdV1/Cb6NJFueODLu62cVa5Ou4/J9h36PtESGUn +R0z7/nLDrAV7HcvrXmWaqwLkiFs7iwvHzKmmi+GHsBkaDChYb5lSfu2wOmg7jAoI +dHKruQnF7QR+bwscCSHQzX/5xF4nIOSFc1IF0rr41Y9BzCMuEm28MZjnY6OOJs3o +K4ju4v46dFI0Dv0S5V5pUCAxNOQx8efkWwMT2qxBbOfPKw== -----END CERTIFICATE----- Certificate: Data: Version: 3 (0x2) - Serial Number: - b7:b6:90:33:66:1b:6b:23 + Serial Number: 9727763710660753659 (0x86fff58e10deb8fb) Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Aug 11 20:07:37 2016 GMT - Not After : May 8 20:07:37 2019 GMT + Not Before: Apr 13 15:23:09 2018 GMT + Not After : Jan 7 15:23:09 2021 GMT Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -124,32 +123,32 @@ Certificate: X509v3 Authority Key Identifier: keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:B7:B6:90:33:66:1B:6B:23 + serial:86:FF:F5:8E:10:DE:B8:FB X509v3 Basic Constraints: CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 0e:93:48:44:4a:72:96:60:71:25:82:a9:2c:ca:60:5b:f2:88: - 3e:cf:11:74:5a:11:4a:dc:d9:d8:f6:58:2c:05:d3:56:d9:e9: - 8f:37:ef:8e:3e:3b:ff:22:36:00:ca:d8:e2:96:3f:a7:d1:ed: - 1f:de:7a:b0:d7:8f:36:bd:41:55:1e:d4:b9:86:3b:87:25:69: - 35:60:48:d6:e4:5a:94:ce:a2:fa:70:38:36:c4:85:b4:4b:23: - fe:71:9e:2f:db:06:c7:b5:9c:21:f0:3e:7c:eb:91:f8:5c:09: - fd:84:43:a4:b3:4e:04:0c:22:31:71:6a:48:c8:ab:bb:e8:ce: - fa:67:15:1a:3a:82:98:43:33:b5:0e:1f:1e:89:f8:37:de:1b: - e6:b5:a0:f4:a2:8b:b7:1c:90:ba:98:6d:94:21:08:80:5d:f3: - bf:66:ad:c9:72:28:7a:6a:48:ee:cf:63:69:31:8c:c5:8e:66: - da:4b:78:65:e8:03:3a:4b:f8:cc:42:54:d3:52:5c:2d:04:ae: - 26:87:e1:7e:40:cb:45:41:16:4b:6e:a3:2e:4a:76:bd:29:7f: - 1c:53:37:06:ad:e9:5b:6a:d6:b7:4e:94:a2:7c:e8:ac:4e:a6: - 50:3e:2b:32:9e:68:42:1b:e4:59:67:61:ea:c7:9a:51:9c:1c: - 55:a3:77:76 + 9e:28:88:72:00:ca:e6:e7:97:ca:c1:f1:1f:9e:12:b2:b8:c7: + 51:ea:28:e1:36:b5:2d:e6:2f:08:23:cb:a9:4a:87:25:c6:5d: + 89:45:ea:f5:00:98:ac:76:fb:1b:af:f0:ce:64:9e:da:08:bf: + b6:eb:b4:b5:0c:a0:e7:f6:47:59:1c:61:cf:2e:0e:58:a4:82: + ac:0f:3f:ec:c4:ae:80:f7:b0:8a:1e:85:41:e8:ff:fe:fe:4f: + 1a:24:d5:49:fa:fb:fe:5e:e5:d3:91:0e:4f:4e:0c:21:51:71: + 83:04:6b:62:7b:4f:59:76:48:81:1e:b4:f7:04:47:8a:91:57: + a3:11:a9:f2:20:b4:78:33:62:3d:b0:5e:0d:f9:86:38:82:da: + a1:98:8d:19:06:87:21:39:b7:02:f7:da:7d:58:ba:52:15:d8: + 3b:c9:7b:58:34:a0:c7:e2:7c:a9:83:13:e1:b6:ec:01:bf:52: + 33:0b:c4:fe:43:d3:c6:a4:8e:2f:87:7f:7a:44:ea:ca:53:6c: + 85:ed:65:76:73:31:03:4e:ea:bd:35:54:13:f3:64:87:6b:df: + 34:dd:34:a1:88:3b:db:4d:af:1b:64:90:92:71:30:8e:c8:cc: + e5:60:24:af:31:16:39:33:91:50:f9:ab:68:42:74:7a:35:d9: + dd:c8:c4:52 -----BEGIN CERTIFICATE----- -MIIEqjCCA5KgAwIBAgIJALe2kDNmG2sjMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD +MIIEqjCCA5KgAwIBAgIJAIb/9Y4Q3rj7MA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3 dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAe -Fw0xNjA4MTEyMDA3MzdaFw0xOTA1MDgyMDA3MzdaMIGUMQswCQYDVQQGEwJVUzEQ +Fw0xODA0MTMxNTIzMDlaFw0yMTAxMDcxNTIzMDlaMIGUMQswCQYDVQQGEwJVUzEQ MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3 dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZI @@ -163,11 +162,11 @@ XDjNdyXvvYB1U5Q8PcpjW58VtdMdEy8Z0TzbdjrMuH3J5cLX2kBv2CHccxtCLVOc J45nEXTDJh0/7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYD VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290 aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t -MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkAt7aQM2YbayMwDAYD -VR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEADpNIREpylmBxJYKpLMpgW/KI -Ps8RdFoRStzZ2PZYLAXTVtnpjzfvjj47/yI2AMrY4pY/p9HtH956sNePNr1BVR7U -uYY7hyVpNWBI1uRalM6i+nA4NsSFtEsj/nGeL9sGx7WcIfA+fOuR+FwJ/YRDpLNO -BAwiMXFqSMiru+jO+mcVGjqCmEMztQ4fHon4N94b5rWg9KKLtxyQuphtlCEIgF3z -v2atyXIoempI7s9jaTGMxY5m2kt4ZegDOkv4zEJU01JcLQSuJofhfkDLRUEWS26j -Lkp2vSl/HFM3Bq3pW2rWt06UonzorE6mUD4rMp5oQhvkWWdh6seaUZwcVaN3dg== +MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkAhv/1jhDeuPswDAYD +VR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAniiIcgDK5ueXysHxH54SsrjH +Ueoo4Ta1LeYvCCPLqUqHJcZdiUXq9QCYrHb7G6/wzmSe2gi/tuu0tQyg5/ZHWRxh +zy4OWKSCrA8/7MSugPewih6FQej//v5PGiTVSfr7/l7l05EOT04MIVFxgwRrYntP +WXZIgR609wRHipFXoxGp8iC0eDNiPbBeDfmGOILaoZiNGQaHITm3AvfafVi6UhXY +O8l7WDSgx+J8qYMT4bbsAb9SMwvE/kPTxqSOL4d/ekTqylNshe1ldnMxA07qvTVU +E/Nkh2vfNN00oYg7202vG2SQknEwjsjM5WAkrzEWOTORUPmraEJ0ejXZ3cjEUg== -----END CERTIFICATE----- diff --git a/certs/server-ecc-comp.der b/certs/server-ecc-comp.der index 4de0dac00..b53fe8c81 100644 Binary files a/certs/server-ecc-comp.der and b/certs/server-ecc-comp.der differ diff --git a/certs/server-ecc-comp.pem b/certs/server-ecc-comp.pem index cdff9f74d..1f40a07a8 100644 --- a/certs/server-ecc-comp.pem +++ b/certs/server-ecc-comp.pem @@ -1,13 +1,12 @@ Certificate: Data: Version: 3 (0x2) - Serial Number: - c3:cd:c5:e4:24:18:70:ca + Serial Number: 9257370821982864771 (0x8078c9b7065ac583) Signature Algorithm: ecdsa-with-SHA256 Issuer: C=US, ST=Montana, L=Bozeman, O=Elliptic - comp, OU=Server ECC-comp, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Aug 11 20:07:38 2016 GMT - Not After : May 8 20:07:38 2019 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Montana, L=Bozeman, O=Elliptic - comp, OU=Server ECC-comp, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: id-ecPublicKey @@ -24,21 +23,21 @@ Certificate: X509v3 Authority Key Identifier: keyid:8C:38:3A:6B:B8:24:B7:DF:6E:F4:59:AC:56:4E:AA:E2:58:A6:5A:18 DirName:/C=US/ST=Montana/L=Bozeman/O=Elliptic - comp/OU=Server ECC-comp/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:C3:CD:C5:E4:24:18:70:CA + serial:80:78:C9:B7:06:5A:C5:83 X509v3 Basic Constraints: CA:TRUE Signature Algorithm: ecdsa-with-SHA256 - 30:45:02:21:00:ca:10:ec:8f:f1:eb:92:19:76:d7:16:54:f2: - 21:1c:38:0e:6e:22:3d:95:a4:bd:c8:8c:d2:d8:28:d3:9c:21: - 6d:02:20:71:39:0b:0d:ec:68:8c:64:b6:2c:68:da:03:b1:d8: - e7:d4:f7:cb:a6:73:7e:08:00:c6:b8:04:9d:17:3e:66:7f + 30:44:02:20:31:44:d0:4e:d7:c4:b4:96:a3:e6:25:fd:fa:d6: + 28:a8:67:51:72:90:95:31:f9:cd:10:bf:11:e4:ec:b7:42:5b: + 02:20:45:db:45:0a:24:58:8e:2e:e6:ea:0c:6c:bc:72:4f:0a: + 1b:f3:2d:97:e9:c2:19:f9:97:3a:60:dd:08:d3:52:3e -----BEGIN CERTIFICATE----- -MIIDJDCCAsqgAwIBAgIJAMPNxeQkGHDKMAoGCCqGSM49BAMCMIGgMQswCQYDVQQG +MIIDIzCCAsqgAwIBAgIJAIB4ybcGWsWDMAoGCCqGSM49BAMCMIGgMQswCQYDVQQG EwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEYMBYGA1UE CgwPRWxsaXB0aWMgLSBjb21wMRgwFgYDVQQLDA9TZXJ2ZXIgRUNDLWNvbXAxGDAW BgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xm -c3NsLmNvbTAeFw0xNjA4MTEyMDA3MzhaFw0xOTA1MDgyMDA3MzhaMIGgMQswCQYD +c3NsLmNvbTAeFw0xODA0MTMxNTIzMTBaFw0yMTAxMDcxNTIzMTBaMIGgMQswCQYD VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEYMBYG A1UECgwPRWxsaXB0aWMgLSBjb21wMRgwFgYDVQQLDA9TZXJ2ZXIgRUNDLWNvbXAx GDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3 @@ -48,7 +47,7 @@ bvRZrFZOquJYploYMIHVBgNVHSMEgc0wgcqAFIw4Omu4JLffbvRZrFZOquJYploY oYGmpIGjMIGgMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UE BwwHQm96ZW1hbjEYMBYGA1UECgwPRWxsaXB0aWMgLSBjb21wMRgwFgYDVQQLDA9T ZXJ2ZXIgRUNDLWNvbXAxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG -SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIJAMPNxeQkGHDKMAwGA1UdEwQFMAMB -Af8wCgYIKoZIzj0EAwIDSAAwRQIhAMoQ7I/x65IZdtcWVPIhHDgObiI9laS9yIzS -2CjTnCFtAiBxOQsN7GiMZLYsaNoDsdjn1PfLpnN+CADGuASdFz5mfw== +SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIJAIB4ybcGWsWDMAwGA1UdEwQFMAMB +Af8wCgYIKoZIzj0EAwIDRwAwRAIgMUTQTtfEtJaj5iX9+tYoqGdRcpCVMfnNEL8R +5Oy3QlsCIEXbRQokWI4u5uoMbLxyTwob8y2X6cIZ+Zc6YN0I01I+ -----END CERTIFICATE----- diff --git a/certs/server-ecc-rsa.der b/certs/server-ecc-rsa.der index 1c6f8f5f1..82aba2a5d 100644 Binary files a/certs/server-ecc-rsa.der and b/certs/server-ecc-rsa.der differ diff --git a/certs/server-ecc-rsa.pem b/certs/server-ecc-rsa.pem index 41f13fded..ab51f6dd6 100644 --- a/certs/server-ecc-rsa.pem +++ b/certs/server-ecc-rsa.pem @@ -5,8 +5,8 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Aug 11 20:07:38 2016 GMT - Not After : May 8 20:07:38 2019 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Montana, L=Bozeman, O=Elliptic - RSAsig, OU=ECC-RSAsig, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: id-ecPublicKey @@ -25,32 +25,32 @@ Certificate: X509v3 Authority Key Identifier: keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:B7:B6:90:33:66:1B:6B:23 + serial:86:FF:F5:8E:10:DE:B8:FB X509v3 Basic Constraints: CA:TRUE Signature Algorithm: sha256WithRSAEncryption - ab:b7:78:c8:18:6e:6a:27:5d:bb:16:a1:d3:ae:b5:fd:46:50: - cf:dc:82:f9:4a:19:ec:bf:44:cd:f5:1f:15:2c:5a:e9:65:27: - b2:e1:88:62:0f:bc:a1:3c:95:fb:62:8a:71:e0:c6:22:ce:2e: - 00:ca:4e:7a:03:2a:12:90:98:7b:53:9f:46:a0:ff:6b:04:dc: - 2a:8d:bb:93:e7:b9:0b:d0:61:0f:62:97:18:99:bb:e7:1c:e3: - a2:ab:70:8f:32:47:7f:1e:3b:cb:62:55:41:a4:af:1f:01:2c: - 9b:b2:cc:06:8d:28:04:57:5b:f6:32:b8:e8:18:b6:6b:a1:b9: - aa:3f:49:ea:c1:02:c7:92:d9:c7:23:ea:a2:f7:70:a9:da:9e: - 5e:82:ef:30:07:c7:89:da:c9:e0:cf:ed:e9:4c:34:d4:72:0e: - 16:49:82:c5:a9:b4:a7:05:07:cc:5d:eb:b4:ef:9a:09:73:a2: - d4:b6:c5:be:34:c0:c9:09:29:a5:d5:f1:e4:82:49:70:bf:75: - 79:15:cd:c1:c8:a3:4d:9b:b4:e2:94:5e:27:61:ea:34:69:88: - 47:bd:61:e9:0d:f3:95:8f:ff:53:e7:5c:11:e3:f4:d0:70:ad: - 9a:73:5d:29:30:fc:23:2e:c0:62:d4:d3:a8:ce:b2:e9:d3:b9: - 3f:10:0a:f2 + 0c:bb:67:bd:fc:cd:53:6c:fb:4e:58:c8:ea:52:92:eb:e4:c8: + bc:57:0f:08:20:c8:83:b0:d5:ea:57:27:bd:68:91:fb:99:84: + 8d:15:9e:4f:8f:c4:cb:34:61:c0:59:12:9b:c8:82:17:38:4f: + 9e:53:08:a3:69:2e:2f:c0:b4:2f:a2:4e:10:64:b0:07:a1:51: + 08:1d:91:53:a2:79:55:20:41:65:35:3e:0b:38:01:57:02:8c: + 25:e7:ab:4f:8b:59:f0:ed:8e:4a:15:0b:32:fb:7a:8b:02:ea: + 9d:e1:ab:c4:07:cc:da:0f:a3:16:db:8e:5b:bc:96:ab:10:b8: + de:09:8b:f7:cb:a7:78:66:17:e3:25:6e:57:9d:13:61:7b:55: + 1a:df:8f:39:15:4e:42:22:00:85:c4:51:0b:6b:a6:67:c0:fb: + ea:22:77:7d:48:76:ab:39:20:09:d5:52:89:3e:6b:30:7b:50: + 18:e8:62:05:be:bb:7f:16:77:9c:bb:5a:22:96:99:b0:96:83: + b7:43:31:97:cf:fd:85:52:d8:52:c8:67:5c:f8:22:72:35:93: + 92:6c:ec:3c:6a:c6:81:20:a5:cd:50:f9:21:7a:a6:7a:1e:e7: + 59:22:5d:8a:93:51:8e:fb:29:56:fb:be:9b:87:48:5f:a5:72: + e7:4e:fe:5e -----BEGIN CERTIFICATE----- MIID4DCCAsigAwIBAgIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz -bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTYwODEx -MjAwNzM4WhcNMTkwNTA4MjAwNzM4WjCBnTELMAkGA1UEBhMCVVMxEDAOBgNVBAgM +bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTgwNDEz +MTUyMzEwWhcNMjEwMTA3MTUyMzEwWjCBnTELMAkGA1UEBhMCVVMxEDAOBgNVBAgM B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xGjAYBgNVBAoMEUVsbGlwdGljIC0g UlNBc2lnMRMwEQYDVQQLDApFQ0MtUlNBc2lnMRgwFgYDVQQDDA93d3cud29sZnNz bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wWTATBgcqhkjO @@ -60,11 +60,11 @@ BBRdXSbvrH42+Zt2FStKJQIj77KJMDCByQYDVR0jBIHBMIG+gBQnjmcRdMMmHT/t M2OzpNgdMOXo1aGBmqSBlzCBlDELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRh bmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3RoMRMwEQYDVQQL DApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG -9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CCQC3tpAzZhtrIzAMBgNVHRMEBTADAQH/ -MA0GCSqGSIb3DQEBCwUAA4IBAQCrt3jIGG5qJ127FqHTrrX9RlDP3IL5Shnsv0TN -9R8VLFrpZSey4YhiD7yhPJX7Yopx4MYizi4Ayk56AyoSkJh7U59GoP9rBNwqjbuT -57kL0GEPYpcYmbvnHOOiq3CPMkd/HjvLYlVBpK8fASybsswGjSgEV1v2MrjoGLZr -obmqP0nqwQLHktnHI+qi93Cp2p5egu8wB8eJ2sngz+3pTDTUcg4WSYLFqbSnBQfM -Xeu075oJc6LUtsW+NMDJCSml1fHkgklwv3V5Fc3ByKNNm7TilF4nYeo0aYhHvWHp -DfOVj/9T51wR4/TQcK2ac10pMPwjLsBi1NOozrLp07k/EAry +9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CCQCG//WOEN64+zAMBgNVHRMEBTADAQH/ +MA0GCSqGSIb3DQEBCwUAA4IBAQAMu2e9/M1TbPtOWMjqUpLr5Mi8Vw8IIMiDsNXq +Vye9aJH7mYSNFZ5Pj8TLNGHAWRKbyIIXOE+eUwijaS4vwLQvok4QZLAHoVEIHZFT +onlVIEFlNT4LOAFXAowl56tPi1nw7Y5KFQsy+3qLAuqd4avEB8zaD6MW245bvJar +ELjeCYv3y6d4ZhfjJW5XnRNhe1Ua3485FU5CIgCFxFELa6ZnwPvqInd9SHarOSAJ +1VKJPmswe1AY6GIFvrt/Fnecu1oilpmwloO3QzGXz/2FUthSyGdc+CJyNZOSbOw8 +asaBIKXNUPkheqZ6HudZIl2Kk1GO+ylW+76bh0hfpXLnTv5e -----END CERTIFICATE----- diff --git a/certs/server-ecc.der b/certs/server-ecc.der old mode 100755 new mode 100644 diff --git a/certs/server-ecc.pem b/certs/server-ecc.pem old mode 100755 new mode 100644 diff --git a/certs/server-revoked-cert.pem b/certs/server-revoked-cert.pem index 7908e8791..09dbb1dd0 100644 --- a/certs/server-revoked-cert.pem +++ b/certs/server-revoked-cert.pem @@ -5,8 +5,8 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Aug 11 20:07:37 2016 GMT - Not After : May 8 20:07:37 2019 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL_revoked, OU=Support_revoked, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -37,32 +37,32 @@ Certificate: X509v3 Authority Key Identifier: keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:B7:B6:90:33:66:1B:6B:23 + serial:86:FF:F5:8E:10:DE:B8:FB X509v3 Basic Constraints: CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 79:13:f5:c1:05:42:12:3a:61:f2:f1:ac:05:6e:15:05:9b:ab: - 58:74:b2:3f:00:38:82:77:f7:9a:57:32:e2:af:66:3d:81:25: - 09:40:5a:d9:bc:d7:34:18:20:cd:89:b8:7e:c6:94:22:9a:28: - fe:0e:55:73:1d:77:7c:c3:e6:c6:4b:f3:40:0c:8b:cc:93:c1: - 11:d1:0f:0e:50:0c:c2:b2:38:73:35:d1:db:d0:55:0d:6d:d7: - 33:15:13:e8:a0:77:f3:f1:4d:c2:24:4a:f6:45:4c:67:dd:fd: - 7e:46:b9:85:67:06:5a:4e:c1:4f:1f:94:f7:e6:b0:1a:b1:42: - 80:97:d2:7d:ed:8e:02:b2:2f:7e:c4:1b:60:d9:84:6e:dd:78: - ef:41:82:81:05:6f:d7:b1:36:59:74:e6:ba:9c:5a:48:a7:58: - d9:71:bd:16:53:32:21:55:89:75:7d:a0:48:12:a9:3d:77:73: - 51:a7:c3:e3:c9:df:e1:df:37:29:de:49:47:cf:7f:3c:30:86: - d2:26:f9:45:dc:71:c1:b8:5b:9e:ef:05:64:5a:63:7c:c4:60: - e2:67:f7:cd:e3:be:0b:d2:78:7f:66:c4:f5:c0:1c:6c:f1:e1: - 56:c3:01:07:c3:7d:50:73:1f:48:2c:89:88:fb:ec:b2:0b:aa: - bb:0a:1f:f4 + 41:29:ba:25:3f:17:70:85:1e:5c:e2:2c:8c:8d:16:1b:d5:1f: + d6:05:e8:e8:8b:43:a0:5b:62:e8:19:7d:d1:1c:60:26:2f:3a: + 6f:7a:3f:ec:ad:96:c6:9a:cc:53:3f:12:d9:12:14:ee:2a:f0: + a5:2c:31:c7:ae:5c:12:9a:80:3f:ef:de:f3:be:bc:9d:0e:d6: + c6:8b:e2:8c:58:4e:15:78:4f:16:2e:20:ef:f8:c9:57:6e:a3: + d2:d0:03:32:47:72:84:59:af:5a:46:dd:65:54:d4:9b:7c:42: + 5d:9d:86:eb:21:e8:fc:0f:f7:37:ae:95:43:75:6d:f2:12:f3: + a5:e5:10:25:7c:63:ee:03:ce:8f:48:c8:ab:a5:74:2d:1c:dd: + d4:28:9a:eb:c6:94:fa:ed:57:31:aa:7e:d9:44:40:69:9f:44: + f6:b3:9f:0e:d3:d8:58:66:d4:fc:c0:83:67:a7:85:ae:03:f7: + 83:b4:45:3b:0f:a9:3d:4f:f8:07:31:b0:8a:50:6d:80:f4:36: + be:86:df:ae:da:7c:f5:bc:e2:fc:d3:ed:da:18:7a:f4:f0:ac: + 84:1f:6a:73:00:41:42:71:d4:19:3f:d7:d3:29:9e:b1:94:fd: + 49:d8:a5:e6:1d:a9:40:b5:1d:c4:28:42:a9:24:b7:54:c2:94: + 5d:16:05:c0 -----BEGIN CERTIFICATE----- MIIErjCCA5agAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz -bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTYwODEx -MjAwNzM3WhcNMTkwNTA4MjAwNzM3WjCBoDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM +bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTgwNDEz +MTUyMzEwWhcNMjEwMTA3MTUyMzEwWjCBoDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xGDAWBgNVBAoMD3dvbGZTU0xfcmV2 b2tlZDEYMBYGA1UECwwPU3VwcG9ydF9yZXZva2VkMRgwFgYDVQQDDA93d3cud29s ZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0G @@ -76,25 +76,24 @@ gfwwgfkwHQYDVR0OBBYEFNgJK1nhKu7Z7kCqnKvwXSgJTyK7MIHJBgNVHSMEgcEw gb6AFCeOZxF0wyYdP+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYDVQQGEwJVUzEQ MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3 dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns -LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIJALe2kDNmG2sj -MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAHkT9cEFQhI6YfLxrAVu -FQWbq1h0sj8AOIJ395pXMuKvZj2BJQlAWtm81zQYIM2JuH7GlCKaKP4OVXMdd3zD -5sZL80AMi8yTwRHRDw5QDMKyOHM10dvQVQ1t1zMVE+igd/PxTcIkSvZFTGfd/X5G -uYVnBlpOwU8flPfmsBqxQoCX0n3tjgKyL37EG2DZhG7deO9BgoEFb9exNll05rqc -WkinWNlxvRZTMiFViXV9oEgSqT13c1Gnw+PJ3+HfNyneSUfPfzwwhtIm+UXcccG4 -W57vBWRaY3zEYOJn983jvgvSeH9mxPXAHGzx4VbDAQfDfVBzH0gsiYj77LILqrsK -H/Q= +LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIJAIb/9Y4Q3rj7 +MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAEEpuiU/F3CFHlziLIyN +FhvVH9YF6OiLQ6BbYugZfdEcYCYvOm96P+ytlsaazFM/EtkSFO4q8KUsMceuXBKa +gD/v3vO+vJ0O1saL4oxYThV4TxYuIO/4yVduo9LQAzJHcoRZr1pG3WVU1Jt8Ql2d +hush6PwP9zeulUN1bfIS86XlECV8Y+4Dzo9IyKuldC0c3dQomuvGlPrtVzGqftlE +QGmfRPaznw7T2Fhm1PzAg2enha4D94O0RTsPqT1P+AcxsIpQbYD0Nr6G367afPW8 +4vzT7doYevTwrIQfanMAQUJx1Bk/19MpnrGU/UnYpeYdqUC1HcQoQqkkt1TClF0W +BcA= -----END CERTIFICATE----- Certificate: Data: Version: 3 (0x2) - Serial Number: - b7:b6:90:33:66:1b:6b:23 + Serial Number: 9727763710660753659 (0x86fff58e10deb8fb) Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Aug 11 20:07:37 2016 GMT - Not After : May 8 20:07:37 2019 GMT + Not Before: Apr 13 15:23:09 2018 GMT + Not After : Jan 7 15:23:09 2021 GMT Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -125,32 +124,32 @@ Certificate: X509v3 Authority Key Identifier: keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:B7:B6:90:33:66:1B:6B:23 + serial:86:FF:F5:8E:10:DE:B8:FB X509v3 Basic Constraints: CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 0e:93:48:44:4a:72:96:60:71:25:82:a9:2c:ca:60:5b:f2:88: - 3e:cf:11:74:5a:11:4a:dc:d9:d8:f6:58:2c:05:d3:56:d9:e9: - 8f:37:ef:8e:3e:3b:ff:22:36:00:ca:d8:e2:96:3f:a7:d1:ed: - 1f:de:7a:b0:d7:8f:36:bd:41:55:1e:d4:b9:86:3b:87:25:69: - 35:60:48:d6:e4:5a:94:ce:a2:fa:70:38:36:c4:85:b4:4b:23: - fe:71:9e:2f:db:06:c7:b5:9c:21:f0:3e:7c:eb:91:f8:5c:09: - fd:84:43:a4:b3:4e:04:0c:22:31:71:6a:48:c8:ab:bb:e8:ce: - fa:67:15:1a:3a:82:98:43:33:b5:0e:1f:1e:89:f8:37:de:1b: - e6:b5:a0:f4:a2:8b:b7:1c:90:ba:98:6d:94:21:08:80:5d:f3: - bf:66:ad:c9:72:28:7a:6a:48:ee:cf:63:69:31:8c:c5:8e:66: - da:4b:78:65:e8:03:3a:4b:f8:cc:42:54:d3:52:5c:2d:04:ae: - 26:87:e1:7e:40:cb:45:41:16:4b:6e:a3:2e:4a:76:bd:29:7f: - 1c:53:37:06:ad:e9:5b:6a:d6:b7:4e:94:a2:7c:e8:ac:4e:a6: - 50:3e:2b:32:9e:68:42:1b:e4:59:67:61:ea:c7:9a:51:9c:1c: - 55:a3:77:76 + 9e:28:88:72:00:ca:e6:e7:97:ca:c1:f1:1f:9e:12:b2:b8:c7: + 51:ea:28:e1:36:b5:2d:e6:2f:08:23:cb:a9:4a:87:25:c6:5d: + 89:45:ea:f5:00:98:ac:76:fb:1b:af:f0:ce:64:9e:da:08:bf: + b6:eb:b4:b5:0c:a0:e7:f6:47:59:1c:61:cf:2e:0e:58:a4:82: + ac:0f:3f:ec:c4:ae:80:f7:b0:8a:1e:85:41:e8:ff:fe:fe:4f: + 1a:24:d5:49:fa:fb:fe:5e:e5:d3:91:0e:4f:4e:0c:21:51:71: + 83:04:6b:62:7b:4f:59:76:48:81:1e:b4:f7:04:47:8a:91:57: + a3:11:a9:f2:20:b4:78:33:62:3d:b0:5e:0d:f9:86:38:82:da: + a1:98:8d:19:06:87:21:39:b7:02:f7:da:7d:58:ba:52:15:d8: + 3b:c9:7b:58:34:a0:c7:e2:7c:a9:83:13:e1:b6:ec:01:bf:52: + 33:0b:c4:fe:43:d3:c6:a4:8e:2f:87:7f:7a:44:ea:ca:53:6c: + 85:ed:65:76:73:31:03:4e:ea:bd:35:54:13:f3:64:87:6b:df: + 34:dd:34:a1:88:3b:db:4d:af:1b:64:90:92:71:30:8e:c8:cc: + e5:60:24:af:31:16:39:33:91:50:f9:ab:68:42:74:7a:35:d9: + dd:c8:c4:52 -----BEGIN CERTIFICATE----- -MIIEqjCCA5KgAwIBAgIJALe2kDNmG2sjMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD +MIIEqjCCA5KgAwIBAgIJAIb/9Y4Q3rj7MA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3 dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAe -Fw0xNjA4MTEyMDA3MzdaFw0xOTA1MDgyMDA3MzdaMIGUMQswCQYDVQQGEwJVUzEQ +Fw0xODA0MTMxNTIzMDlaFw0yMTAxMDcxNTIzMDlaMIGUMQswCQYDVQQGEwJVUzEQ MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3 dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZI @@ -164,11 +163,11 @@ XDjNdyXvvYB1U5Q8PcpjW58VtdMdEy8Z0TzbdjrMuH3J5cLX2kBv2CHccxtCLVOc J45nEXTDJh0/7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYD VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290 aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t -MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkAt7aQM2YbayMwDAYD -VR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEADpNIREpylmBxJYKpLMpgW/KI -Ps8RdFoRStzZ2PZYLAXTVtnpjzfvjj47/yI2AMrY4pY/p9HtH956sNePNr1BVR7U -uYY7hyVpNWBI1uRalM6i+nA4NsSFtEsj/nGeL9sGx7WcIfA+fOuR+FwJ/YRDpLNO -BAwiMXFqSMiru+jO+mcVGjqCmEMztQ4fHon4N94b5rWg9KKLtxyQuphtlCEIgF3z -v2atyXIoempI7s9jaTGMxY5m2kt4ZegDOkv4zEJU01JcLQSuJofhfkDLRUEWS26j -Lkp2vSl/HFM3Bq3pW2rWt06UonzorE6mUD4rMp5oQhvkWWdh6seaUZwcVaN3dg== +MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkAhv/1jhDeuPswDAYD +VR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAniiIcgDK5ueXysHxH54SsrjH +Ueoo4Ta1LeYvCCPLqUqHJcZdiUXq9QCYrHb7G6/wzmSe2gi/tuu0tQyg5/ZHWRxh +zy4OWKSCrA8/7MSugPewih6FQej//v5PGiTVSfr7/l7l05EOT04MIVFxgwRrYntP +WXZIgR609wRHipFXoxGp8iC0eDNiPbBeDfmGOILaoZiNGQaHITm3AvfafVi6UhXY +O8l7WDSgx+J8qYMT4bbsAb9SMwvE/kPTxqSOL4d/ekTqylNshe1ldnMxA07qvTVU +E/Nkh2vfNN00oYg7202vG2SQknEwjsjM5WAkrzEWOTORUPmraEJ0ejXZ3cjEUg== -----END CERTIFICATE----- diff --git a/certs/test-pathlen/server-0-1-ca.pem b/certs/test-pathlen/server-0-1-ca.pem index 2a7b3dc8d..70d78ea46 100644 --- a/certs/test-pathlen/server-0-1-ca.pem +++ b/certs/test-pathlen/server-0-1-ca.pem @@ -5,8 +5,8 @@ Certificate: Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 0 CA/emailAddress=info@wolfssl.com Validity - Not Before: Sep 20 00:22:35 2016 GMT - Not After : Jun 17 00:22:35 2019 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 0-1 CA/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -44,27 +44,27 @@ Certificate: X509v3 Key Usage: Certificate Sign, CRL Sign Signature Algorithm: sha1WithRSAEncryption - 22:dd:95:9c:dc:e6:7f:ad:df:55:68:c8:21:f8:84:12:fd:13: - 22:80:2b:ba:1f:da:9d:d2:55:00:a1:22:fc:50:44:6d:0f:ac: - 8a:61:2c:32:c5:63:e1:26:37:10:7c:5e:05:f1:90:0f:21:57: - b4:61:e0:40:0b:4f:1b:bf:8b:d8:fd:28:d6:55:73:bd:a9:5c: - 5e:61:89:4f:e1:07:b6:5a:78:c5:0c:65:7a:38:11:e7:86:46: - 2a:0c:a5:70:71:aa:16:9c:79:d6:c2:18:4c:b8:fb:86:1a:78: - 70:e5:0a:27:48:2a:d4:14:d7:3f:31:76:33:a0:4b:f9:f8:34: - 2e:c9:06:e4:e2:a0:0c:02:1e:c4:a0:d3:2b:ce:77:0e:b8:31: - d5:02:66:b1:62:10:5b:63:e2:7f:aa:23:0a:63:d9:33:76:2d: - 88:9b:0f:6a:a2:ab:e8:b7:a4:83:7c:8e:1d:8c:45:d7:90:78: - 5c:3d:41:85:ac:79:ce:6c:fc:36:6b:20:fa:0c:19:a1:2b:91: - d0:5f:fd:72:86:cb:17:22:02:70:76:ed:61:78:1c:ce:d0:e3: - 17:9c:4d:58:9e:30:d5:c7:33:5b:44:0d:16:5c:ca:a4:67:13: - 3a:18:f8:94:ac:5e:17:a5:c2:2c:11:89:7b:7a:fd:f5:9a:e3: - 19:93:c0:60 + 15:ef:23:ef:d6:6d:8a:77:cd:20:47:64:1f:c3:65:0c:93:79: + a9:9e:a0:c7:bc:10:57:e6:ab:58:20:af:b1:fd:25:09:c9:72: + a9:18:16:24:e7:8e:9a:e2:6d:17:2d:66:8a:5f:75:83:ee:ac: + 58:be:81:51:11:0d:4b:ee:f1:08:de:dc:ac:24:44:ab:08:a6: + ad:ee:72:91:45:0e:f9:c9:ea:14:81:21:d2:09:02:20:f3:ea: + ab:75:f1:33:a9:32:2e:a2:f9:06:e9:bf:a4:0e:88:a0:4a:9c: + 25:6f:40:34:9c:62:49:26:6f:bb:68:a9:c5:e5:a3:49:35:0b: + 76:f3:44:1c:53:1d:e2:d6:5b:b7:a4:a3:9a:a9:b2:f9:06:43: + 23:17:e7:3e:f5:01:ac:e8:11:39:d6:5f:23:3c:43:c5:01:6a: + 45:b7:15:4e:82:89:45:f9:8b:ab:ba:4e:f2:ff:f3:5d:5d:fe: + e1:e9:ee:e4:bf:b3:a6:58:2e:79:11:47:ce:5d:5c:52:82:d1: + 45:bd:1f:50:41:57:a7:39:34:ec:e5:50:de:e5:9c:5f:ef:e3: + 9c:39:de:e4:7e:d1:03:ad:96:06:f9:69:bc:80:25:da:75:88: + 61:99:8d:6e:f1:51:ce:a0:ba:56:d4:de:78:65:ed:2a:b2:82: + ce:7a:c4:ef -----BEGIN CERTIFICATE----- MIIEtjCCA56gAwIBAgIBbjANBgkqhkiG9w0BAQUFADCBmDELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxFDASBgNVBAMMC1Nl -cnZlciAwIENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE2 -MDkyMDAwMjIzNVoXDTE5MDYxNzAwMjIzNVowgZoxCzAJBgNVBAYTAlVTMRMwEQYD +cnZlciAwIENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE4 +MDQxMzE1MjMxMFoXDTIxMDEwNzE1MjMxMFowgZoxCzAJBgNVBAYTAlVTMRMwEQYD VQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRUwEwYDVQQKDAx3b2xm U1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMRYwFAYDVQQDDA1TZXJ2ZXIg MC0xIENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIBIjANBgkq @@ -79,11 +79,11 @@ gbaAFLMRMsmSmITiyfjQO24DQsofDo48oYGapIGXMIGUMQswCQYDVQQGEwJVUzEQ MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3 dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIBZDAPBgNVHRME -CDAGAQH/AgEBMAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAIt2VnNzm -f63fVWjIIfiEEv0TIoAruh/andJVAKEi/FBEbQ+simEsMsVj4SY3EHxeBfGQDyFX -tGHgQAtPG7+L2P0o1lVzvalcXmGJT+EHtlp4xQxlejgR54ZGKgylcHGqFpx51sIY -TLj7hhp4cOUKJ0gq1BTXPzF2M6BL+fg0LskG5OKgDAIexKDTK853Drgx1QJmsWIQ -W2Pif6ojCmPZM3YtiJsPaqKr6Lekg3yOHYxF15B4XD1Bhax5zmz8Nmsg+gwZoSuR -0F/9cobLFyICcHbtYXgcztDjF5xNWJ4w1cczW0QNFlzKpGcTOhj4lKxeF6XCLBGJ -e3r99ZrjGZPAYA== +CDAGAQH/AgEBMAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAFe8j79Zt +infNIEdkH8NlDJN5qZ6gx7wQV+arWCCvsf0lCclyqRgWJOeOmuJtFy1mil91g+6s +WL6BURENS+7xCN7crCREqwimre5ykUUO+cnqFIEh0gkCIPPqq3XxM6kyLqL5Bum/ +pA6IoEqcJW9ANJxiSSZvu2ipxeWjSTULdvNEHFMd4tZbt6Sjmqmy+QZDIxfnPvUB +rOgROdZfIzxDxQFqRbcVToKJRfmLq7pO8v/zXV3+4enu5L+zplgueRFHzl1cUoLR +Rb0fUEFXpzk07OVQ3uWcX+/jnDne5H7RA62WBvlpvIAl2nWIYZmNbvFRzqC6VtTe +eGXtKrKCznrE7w== -----END CERTIFICATE----- diff --git a/certs/test-pathlen/server-0-1-cert.pem b/certs/test-pathlen/server-0-1-cert.pem index 9caa7bed3..529db411f 100644 --- a/certs/test-pathlen/server-0-1-cert.pem +++ b/certs/test-pathlen/server-0-1-cert.pem @@ -5,8 +5,8 @@ Certificate: Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 0-1 CA/emailAddress=info@wolfssl.com Validity - Not Before: Sep 20 00:24:02 2016 GMT - Not After : Jun 17 00:24:02 2019 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 0-1/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -42,27 +42,27 @@ Certificate: X509v3 Basic Constraints: CA:FALSE Signature Algorithm: sha1WithRSAEncryption - 80:ab:40:d2:72:bd:c9:24:e2:b7:cf:b0:f0:39:3d:36:88:9e: - 5c:c9:cd:92:64:fe:8a:09:48:fb:42:38:ae:a9:f3:69:61:f0: - 58:38:9c:0b:99:d3:d1:67:7a:cf:21:e1:8e:97:2c:98:14:c1: - a9:62:64:70:d6:bf:5b:ff:85:3d:47:c3:81:84:c4:c5:3d:d3: - 41:35:62:e1:25:fc:78:fd:9e:04:44:bf:62:f5:52:a0:38:57: - a1:45:30:38:35:c2:e5:d2:b6:52:8f:c4:3f:c4:d5:f5:22:25: - 25:70:c3:b2:4d:9e:29:10:a7:13:84:1a:fc:44:a9:df:35:62: - f9:39:e2:9a:13:2d:84:7e:02:11:b6:f3:95:2c:93:c8:45:26: - 2f:d8:c9:23:b5:fa:f1:aa:da:c7:6f:a8:e4:52:4e:f3:94:60: - dc:3e:b3:db:5e:4b:92:a9:55:c1:0e:28:8d:6a:fd:98:65:da: - 05:0f:25:ae:7f:20:50:60:43:59:a2:f5:1a:e2:a4:e1:92:ae: - f6:cb:19:39:60:fe:96:a8:f3:40:e4:93:9c:a6:b4:18:12:3d: - d1:78:e3:b0:07:72:fc:9a:75:9f:25:17:f3:00:2c:bc:04:fe: - 1a:23:ad:e4:2d:55:a4:d3:0d:3d:60:e5:9f:cf:47:f0:c3:02: - 68:b1:07:72 + 84:51:4f:e0:a5:4a:bc:2f:6d:e2:aa:13:6a:30:c0:f9:61:3d: + 59:9a:7a:42:9d:c6:c5:c1:79:3a:f8:83:8a:6e:0d:47:b9:b0: + 9b:49:e8:77:d9:e4:b0:6a:24:93:c8:32:52:e9:a5:8b:6f:17: + d4:5a:d3:b8:aa:1e:0a:50:15:a9:69:3c:3c:63:14:1f:ce:ed: + cd:58:3e:68:2e:1e:6f:f0:a8:ab:6d:68:60:9d:8c:3f:95:be: + ee:65:b9:e7:25:1a:f3:d2:6b:8f:70:d1:9f:5d:a7:2f:0d:b2: + a4:0b:a0:d2:4a:3d:4e:9b:e3:e5:db:5c:d3:ba:08:41:07:aa: + c4:b7:d7:f9:fe:a4:2d:69:94:4a:b7:e9:fa:18:52:90:01:53: + 57:08:a2:25:85:92:f7:f2:35:fd:05:c2:ce:e3:e5:18:b8:34: + b6:80:6e:a5:e6:06:4f:92:a5:ea:56:7e:00:ff:5b:5d:17:90: + 83:bb:10:ac:11:f4:49:d0:81:f5:f3:ce:f8:f3:46:c1:fc:53: + 38:eb:0b:46:4c:1b:ec:df:ee:74:c0:3a:66:f1:a4:02:f6:51: + 5d:72:bf:6b:68:7b:2c:11:7d:08:4c:70:dd:93:cc:b4:b9:6a: + aa:29:de:79:b9:93:6d:c4:52:8a:b7:c5:e9:a3:43:11:59:48: + 51:b0:9c:ce -----BEGIN CERTIFICATE----- MIIEpDCCA4ygAwIBAgIBbzANBgkqhkiG9w0BAQUFADCBmjELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxFjAUBgNVBAMMDVNl cnZlciAwLTEgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcN -MTYwOTIwMDAyNDAyWhcNMTkwNjE3MDAyNDAyWjCBlzELMAkGA1UEBhMCVVMxEzAR +MTgwNDEzMTUyMzEwWhcNMjEwMTA3MTUyMzEwWjCBlzELMAkGA1UEBhMCVVMxEzAR BgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdv bGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxEzARBgNVBAMMClNlcnZl ciAwLTExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqG @@ -77,10 +77,10 @@ FLMRMsmSmITiyfjQO24DQsofDo48oYGepIGbMIGYMQswCQYDVQQGEwJVUzETMBEG A1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEVMBMGA1UECgwMd29s ZlNTTCBJbmMuMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEUMBIGA1UEAwwLU2VydmVy IDAgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CAW4wCQYDVR0T -BAIwADANBgkqhkiG9w0BAQUFAAOCAQEAgKtA0nK9ySTit8+w8Dk9NoieXMnNkmT+ -iglI+0I4rqnzaWHwWDicC5nT0Wd6zyHhjpcsmBTBqWJkcNa/W/+FPUfDgYTExT3T -QTVi4SX8eP2eBES/YvVSoDhXoUUwODXC5dK2Uo/EP8TV9SIlJXDDsk2eKRCnE4Qa -/ESp3zVi+TnimhMthH4CEbbzlSyTyEUmL9jJI7X68arax2+o5FJO85Rg3D6z215L -kqlVwQ4ojWr9mGXaBQ8lrn8gUGBDWaL1GuKk4ZKu9ssZOWD+lqjzQOSTnKa0GBI9 -0XjjsAdy/Jp1nyUX8wAsvAT+GiOt5C1VpNMNPWDln89H8MMCaLEHcg== +BAIwADANBgkqhkiG9w0BAQUFAAOCAQEAhFFP4KVKvC9t4qoTajDA+WE9WZp6Qp3G +xcF5OviDim4NR7mwm0nod9nksGokk8gyUumli28X1FrTuKoeClAVqWk8PGMUH87t +zVg+aC4eb/Coq21oYJ2MP5W+7mW55yUa89Jrj3DRn12nLw2ypAug0ko9Tpvj5dtc +07oIQQeqxLfX+f6kLWmUSrfp+hhSkAFTVwiiJYWS9/I1/QXCzuPlGLg0toBupeYG +T5Kl6lZ+AP9bXReQg7sQrBH0SdCB9fPO+PNGwfxTOOsLRkwb7N/udMA6ZvGkAvZR +XXK/a2h7LBF9CExw3ZPMtLlqqineebmTbcRSirfF6aNDEVlIUbCczg== -----END CERTIFICATE----- diff --git a/certs/test-pathlen/server-0-1-chain.pem b/certs/test-pathlen/server-0-1-chain.pem index 721d0baf8..63fdcae6f 100644 --- a/certs/test-pathlen/server-0-1-chain.pem +++ b/certs/test-pathlen/server-0-1-chain.pem @@ -5,8 +5,8 @@ Certificate: Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 0-1 CA/emailAddress=info@wolfssl.com Validity - Not Before: Sep 20 00:24:02 2016 GMT - Not After : Jun 17 00:24:02 2019 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 0-1/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -42,27 +42,27 @@ Certificate: X509v3 Basic Constraints: CA:FALSE Signature Algorithm: sha1WithRSAEncryption - 80:ab:40:d2:72:bd:c9:24:e2:b7:cf:b0:f0:39:3d:36:88:9e: - 5c:c9:cd:92:64:fe:8a:09:48:fb:42:38:ae:a9:f3:69:61:f0: - 58:38:9c:0b:99:d3:d1:67:7a:cf:21:e1:8e:97:2c:98:14:c1: - a9:62:64:70:d6:bf:5b:ff:85:3d:47:c3:81:84:c4:c5:3d:d3: - 41:35:62:e1:25:fc:78:fd:9e:04:44:bf:62:f5:52:a0:38:57: - a1:45:30:38:35:c2:e5:d2:b6:52:8f:c4:3f:c4:d5:f5:22:25: - 25:70:c3:b2:4d:9e:29:10:a7:13:84:1a:fc:44:a9:df:35:62: - f9:39:e2:9a:13:2d:84:7e:02:11:b6:f3:95:2c:93:c8:45:26: - 2f:d8:c9:23:b5:fa:f1:aa:da:c7:6f:a8:e4:52:4e:f3:94:60: - dc:3e:b3:db:5e:4b:92:a9:55:c1:0e:28:8d:6a:fd:98:65:da: - 05:0f:25:ae:7f:20:50:60:43:59:a2:f5:1a:e2:a4:e1:92:ae: - f6:cb:19:39:60:fe:96:a8:f3:40:e4:93:9c:a6:b4:18:12:3d: - d1:78:e3:b0:07:72:fc:9a:75:9f:25:17:f3:00:2c:bc:04:fe: - 1a:23:ad:e4:2d:55:a4:d3:0d:3d:60:e5:9f:cf:47:f0:c3:02: - 68:b1:07:72 + 84:51:4f:e0:a5:4a:bc:2f:6d:e2:aa:13:6a:30:c0:f9:61:3d: + 59:9a:7a:42:9d:c6:c5:c1:79:3a:f8:83:8a:6e:0d:47:b9:b0: + 9b:49:e8:77:d9:e4:b0:6a:24:93:c8:32:52:e9:a5:8b:6f:17: + d4:5a:d3:b8:aa:1e:0a:50:15:a9:69:3c:3c:63:14:1f:ce:ed: + cd:58:3e:68:2e:1e:6f:f0:a8:ab:6d:68:60:9d:8c:3f:95:be: + ee:65:b9:e7:25:1a:f3:d2:6b:8f:70:d1:9f:5d:a7:2f:0d:b2: + a4:0b:a0:d2:4a:3d:4e:9b:e3:e5:db:5c:d3:ba:08:41:07:aa: + c4:b7:d7:f9:fe:a4:2d:69:94:4a:b7:e9:fa:18:52:90:01:53: + 57:08:a2:25:85:92:f7:f2:35:fd:05:c2:ce:e3:e5:18:b8:34: + b6:80:6e:a5:e6:06:4f:92:a5:ea:56:7e:00:ff:5b:5d:17:90: + 83:bb:10:ac:11:f4:49:d0:81:f5:f3:ce:f8:f3:46:c1:fc:53: + 38:eb:0b:46:4c:1b:ec:df:ee:74:c0:3a:66:f1:a4:02:f6:51: + 5d:72:bf:6b:68:7b:2c:11:7d:08:4c:70:dd:93:cc:b4:b9:6a: + aa:29:de:79:b9:93:6d:c4:52:8a:b7:c5:e9:a3:43:11:59:48: + 51:b0:9c:ce -----BEGIN CERTIFICATE----- MIIEpDCCA4ygAwIBAgIBbzANBgkqhkiG9w0BAQUFADCBmjELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxFjAUBgNVBAMMDVNl cnZlciAwLTEgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcN -MTYwOTIwMDAyNDAyWhcNMTkwNjE3MDAyNDAyWjCBlzELMAkGA1UEBhMCVVMxEzAR +MTgwNDEzMTUyMzEwWhcNMjEwMTA3MTUyMzEwWjCBlzELMAkGA1UEBhMCVVMxEzAR BgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdv bGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxEzARBgNVBAMMClNlcnZl ciAwLTExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqG @@ -77,12 +77,12 @@ FLMRMsmSmITiyfjQO24DQsofDo48oYGepIGbMIGYMQswCQYDVQQGEwJVUzETMBEG A1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEVMBMGA1UECgwMd29s ZlNTTCBJbmMuMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEUMBIGA1UEAwwLU2VydmVy IDAgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CAW4wCQYDVR0T -BAIwADANBgkqhkiG9w0BAQUFAAOCAQEAgKtA0nK9ySTit8+w8Dk9NoieXMnNkmT+ -iglI+0I4rqnzaWHwWDicC5nT0Wd6zyHhjpcsmBTBqWJkcNa/W/+FPUfDgYTExT3T -QTVi4SX8eP2eBES/YvVSoDhXoUUwODXC5dK2Uo/EP8TV9SIlJXDDsk2eKRCnE4Qa -/ESp3zVi+TnimhMthH4CEbbzlSyTyEUmL9jJI7X68arax2+o5FJO85Rg3D6z215L -kqlVwQ4ojWr9mGXaBQ8lrn8gUGBDWaL1GuKk4ZKu9ssZOWD+lqjzQOSTnKa0GBI9 -0XjjsAdy/Jp1nyUX8wAsvAT+GiOt5C1VpNMNPWDln89H8MMCaLEHcg== +BAIwADANBgkqhkiG9w0BAQUFAAOCAQEAhFFP4KVKvC9t4qoTajDA+WE9WZp6Qp3G +xcF5OviDim4NR7mwm0nod9nksGokk8gyUumli28X1FrTuKoeClAVqWk8PGMUH87t +zVg+aC4eb/Coq21oYJ2MP5W+7mW55yUa89Jrj3DRn12nLw2ypAug0ko9Tpvj5dtc +07oIQQeqxLfX+f6kLWmUSrfp+hhSkAFTVwiiJYWS9/I1/QXCzuPlGLg0toBupeYG +T5Kl6lZ+AP9bXReQg7sQrBH0SdCB9fPO+PNGwfxTOOsLRkwb7N/udMA6ZvGkAvZR +XXK/a2h7LBF9CExw3ZPMtLlqqineebmTbcRSirfF6aNDEVlIUbCczg== -----END CERTIFICATE----- Certificate: Data: @@ -91,8 +91,8 @@ Certificate: Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 0 CA/emailAddress=info@wolfssl.com Validity - Not Before: Sep 20 00:22:35 2016 GMT - Not After : Jun 17 00:22:35 2019 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 0-1 CA/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -130,27 +130,27 @@ Certificate: X509v3 Key Usage: Certificate Sign, CRL Sign Signature Algorithm: sha1WithRSAEncryption - 22:dd:95:9c:dc:e6:7f:ad:df:55:68:c8:21:f8:84:12:fd:13: - 22:80:2b:ba:1f:da:9d:d2:55:00:a1:22:fc:50:44:6d:0f:ac: - 8a:61:2c:32:c5:63:e1:26:37:10:7c:5e:05:f1:90:0f:21:57: - b4:61:e0:40:0b:4f:1b:bf:8b:d8:fd:28:d6:55:73:bd:a9:5c: - 5e:61:89:4f:e1:07:b6:5a:78:c5:0c:65:7a:38:11:e7:86:46: - 2a:0c:a5:70:71:aa:16:9c:79:d6:c2:18:4c:b8:fb:86:1a:78: - 70:e5:0a:27:48:2a:d4:14:d7:3f:31:76:33:a0:4b:f9:f8:34: - 2e:c9:06:e4:e2:a0:0c:02:1e:c4:a0:d3:2b:ce:77:0e:b8:31: - d5:02:66:b1:62:10:5b:63:e2:7f:aa:23:0a:63:d9:33:76:2d: - 88:9b:0f:6a:a2:ab:e8:b7:a4:83:7c:8e:1d:8c:45:d7:90:78: - 5c:3d:41:85:ac:79:ce:6c:fc:36:6b:20:fa:0c:19:a1:2b:91: - d0:5f:fd:72:86:cb:17:22:02:70:76:ed:61:78:1c:ce:d0:e3: - 17:9c:4d:58:9e:30:d5:c7:33:5b:44:0d:16:5c:ca:a4:67:13: - 3a:18:f8:94:ac:5e:17:a5:c2:2c:11:89:7b:7a:fd:f5:9a:e3: - 19:93:c0:60 + 15:ef:23:ef:d6:6d:8a:77:cd:20:47:64:1f:c3:65:0c:93:79: + a9:9e:a0:c7:bc:10:57:e6:ab:58:20:af:b1:fd:25:09:c9:72: + a9:18:16:24:e7:8e:9a:e2:6d:17:2d:66:8a:5f:75:83:ee:ac: + 58:be:81:51:11:0d:4b:ee:f1:08:de:dc:ac:24:44:ab:08:a6: + ad:ee:72:91:45:0e:f9:c9:ea:14:81:21:d2:09:02:20:f3:ea: + ab:75:f1:33:a9:32:2e:a2:f9:06:e9:bf:a4:0e:88:a0:4a:9c: + 25:6f:40:34:9c:62:49:26:6f:bb:68:a9:c5:e5:a3:49:35:0b: + 76:f3:44:1c:53:1d:e2:d6:5b:b7:a4:a3:9a:a9:b2:f9:06:43: + 23:17:e7:3e:f5:01:ac:e8:11:39:d6:5f:23:3c:43:c5:01:6a: + 45:b7:15:4e:82:89:45:f9:8b:ab:ba:4e:f2:ff:f3:5d:5d:fe: + e1:e9:ee:e4:bf:b3:a6:58:2e:79:11:47:ce:5d:5c:52:82:d1: + 45:bd:1f:50:41:57:a7:39:34:ec:e5:50:de:e5:9c:5f:ef:e3: + 9c:39:de:e4:7e:d1:03:ad:96:06:f9:69:bc:80:25:da:75:88: + 61:99:8d:6e:f1:51:ce:a0:ba:56:d4:de:78:65:ed:2a:b2:82: + ce:7a:c4:ef -----BEGIN CERTIFICATE----- MIIEtjCCA56gAwIBAgIBbjANBgkqhkiG9w0BAQUFADCBmDELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxFDASBgNVBAMMC1Nl -cnZlciAwIENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE2 -MDkyMDAwMjIzNVoXDTE5MDYxNzAwMjIzNVowgZoxCzAJBgNVBAYTAlVTMRMwEQYD +cnZlciAwIENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE4 +MDQxMzE1MjMxMFoXDTIxMDEwNzE1MjMxMFowgZoxCzAJBgNVBAYTAlVTMRMwEQYD VQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRUwEwYDVQQKDAx3b2xm U1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMRYwFAYDVQQDDA1TZXJ2ZXIg MC0xIENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIBIjANBgkq @@ -165,13 +165,13 @@ gbaAFLMRMsmSmITiyfjQO24DQsofDo48oYGapIGXMIGUMQswCQYDVQQGEwJVUzEQ MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3 dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIBZDAPBgNVHRME -CDAGAQH/AgEBMAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAIt2VnNzm -f63fVWjIIfiEEv0TIoAruh/andJVAKEi/FBEbQ+simEsMsVj4SY3EHxeBfGQDyFX -tGHgQAtPG7+L2P0o1lVzvalcXmGJT+EHtlp4xQxlejgR54ZGKgylcHGqFpx51sIY -TLj7hhp4cOUKJ0gq1BTXPzF2M6BL+fg0LskG5OKgDAIexKDTK853Drgx1QJmsWIQ -W2Pif6ojCmPZM3YtiJsPaqKr6Lekg3yOHYxF15B4XD1Bhax5zmz8Nmsg+gwZoSuR -0F/9cobLFyICcHbtYXgcztDjF5xNWJ4w1cczW0QNFlzKpGcTOhj4lKxeF6XCLBGJ -e3r99ZrjGZPAYA== +CDAGAQH/AgEBMAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAFe8j79Zt +infNIEdkH8NlDJN5qZ6gx7wQV+arWCCvsf0lCclyqRgWJOeOmuJtFy1mil91g+6s +WL6BURENS+7xCN7crCREqwimre5ykUUO+cnqFIEh0gkCIPPqq3XxM6kyLqL5Bum/ +pA6IoEqcJW9ANJxiSSZvu2ipxeWjSTULdvNEHFMd4tZbt6Sjmqmy+QZDIxfnPvUB +rOgROdZfIzxDxQFqRbcVToKJRfmLq7pO8v/zXV3+4enu5L+zplgueRFHzl1cUoLR +Rb0fUEFXpzk07OVQ3uWcX+/jnDne5H7RA62WBvlpvIAl2nWIYZmNbvFRzqC6VtTe +eGXtKrKCznrE7w== -----END CERTIFICATE----- Certificate: Data: @@ -180,8 +180,8 @@ Certificate: Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Sep 19 23:03:51 2016 GMT - Not After : Jun 16 23:03:51 2019 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 0 CA/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -212,34 +212,34 @@ Certificate: X509v3 Authority Key Identifier: keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:B7:B6:90:33:66:1B:6B:23 + serial:86:FF:F5:8E:10:DE:B8:FB X509v3 Basic Constraints: CA:TRUE, pathlen:0 X509v3 Key Usage: Certificate Sign, CRL Sign Signature Algorithm: sha1WithRSAEncryption - a4:3b:22:20:6f:07:33:d0:ae:6d:13:fd:4f:48:dc:03:c6:9c: - e0:34:73:fa:e8:2f:aa:bd:15:1c:87:fe:6f:e4:c6:8e:36:b8: - b6:bb:53:c1:ea:e4:5c:d9:de:44:d5:05:89:88:79:d9:87:c9: - 05:78:57:bf:c0:25:1f:18:b6:f6:02:50:c8:b1:d1:0d:64:b0: - da:7e:68:e0:fa:64:68:51:1a:05:7f:7d:33:c5:27:71:0f:f6: - d7:72:19:7c:9f:57:34:5f:45:7a:b5:48:2e:d1:83:36:85:90: - 0c:c8:c1:be:3f:c3:7a:a3:ad:9b:3a:ce:a7:b4:50:1b:76:2e: - 8a:a4:a4:61:96:75:b4:a7:63:6e:7c:43:2f:98:18:39:92:57: - 87:54:76:37:73:53:37:cb:f1:95:34:11:9d:f4:94:e7:19:4a: - 9d:5f:91:cc:ff:b4:ed:39:53:82:42:86:2e:24:13:41:a4:4a: - 6c:d1:d9:00:ac:76:2c:59:9e:c4:28:33:b5:01:bf:74:63:01: - 23:8a:a8:78:e4:b7:e0:8b:ab:ec:b0:43:d8:0b:b8:ff:9e:62: - 0a:5d:e4:7c:73:f9:b4:d7:dd:6a:13:a5:28:05:90:f1:26:c1: - 4d:2b:db:a2:c6:f5:aa:13:19:a5:28:27:f8:c7:94:e8:ef:21: - 85:5b:32:02 + 8c:bd:c3:71:57:ce:dd:02:36:8c:d3:71:ec:d1:25:65:7b:48: + 4d:e2:77:d7:62:00:bd:0f:c9:50:4b:50:cb:d0:5a:8b:09:3f: + 21:d1:f5:1f:2f:14:44:87:0d:99:fa:0c:5c:1d:12:d8:e6:c5: + a0:2c:c1:12:ee:fa:3c:fd:e9:2e:23:58:be:60:a2:9f:e7:50: + be:d1:d8:2f:27:67:90:8a:1f:34:13:ca:81:07:bb:ca:de:86: + 59:bb:80:65:4f:b7:fa:5d:42:6d:e5:c8:08:25:5d:c9:78:3d: + 70:09:42:27:85:82:7f:5c:22:32:30:94:21:47:3f:09:bf:c4: + d2:1a:98:1b:f0:5d:3d:51:12:da:9f:1c:a7:44:d5:54:bc:5e: + 04:69:72:cc:cf:4f:f3:b1:d7:49:db:4c:0e:d1:42:8f:ad:ba: + 90:92:5b:7b:9d:13:8f:58:46:3d:a4:2d:9d:a2:9d:6d:4b:e5: + e4:d6:4c:61:a9:e1:78:33:5c:3d:78:0e:4f:0b:3d:fc:4a:6d: + 44:71:27:e1:1d:95:95:b6:9e:ba:0e:ca:72:01:fe:8e:f6:12: + ad:71:15:82:54:68:23:ea:49:0c:30:05:ea:1e:68:cc:c0:7c: + 63:04:8e:1b:fa:79:96:95:1b:a0:0d:af:f7:85:7d:09:49:24: + 2e:8f:9e:ff -----BEGIN CERTIFICATE----- MIIEuDCCA6CgAwIBAgIBZDANBgkqhkiG9w0BAQUFADCBlDELMAkGA1UEBhMCVVMx EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz -bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTYwOTE5 -MjMwMzUxWhcNMTkwNjE2MjMwMzUxWjCBmDELMAkGA1UEBhMCVVMxEzARBgNVBAgM +bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTgwNDEz +MTUyMzEwWhcNMjEwMTA3MTUyMzEwWjCBmDELMAkGA1UEBhMCVVMxEzARBgNVBAgM Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdvbGZTU0wg SW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxFDASBgNVBAMMC1NlcnZlciAwIENB MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIBIjANBgkqhkiG9w0B @@ -253,12 +253,12 @@ HQYDVR0OBBYEFLMRMsmSmITiyfjQO24DQsofDo48MIHJBgNVHSMEgcEwgb6AFCeO ZxF0wyYdP+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYDVQQGEwJVUzEQMA4GA1UE CAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3dG9vdGgx EzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEf -MB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIJALe2kDNmG2sjMA8GA1Ud -EwQIMAYBAf8CAQAwCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQCkOyIg -bwcz0K5tE/1PSNwDxpzgNHP66C+qvRUch/5v5MaONri2u1PB6uRc2d5E1QWJiHnZ -h8kFeFe/wCUfGLb2AlDIsdENZLDafmjg+mRoURoFf30zxSdxD/bXchl8n1c0X0V6 -tUgu0YM2hZAMyMG+P8N6o62bOs6ntFAbdi6KpKRhlnW0p2NufEMvmBg5kleHVHY3 -c1M3y/GVNBGd9JTnGUqdX5HM/7TtOVOCQoYuJBNBpEps0dkArHYsWZ7EKDO1Ab90 -YwEjiqh45Lfgi6vssEPYC7j/nmIKXeR8c/m0191qE6UoBZDxJsFNK9uixvWqExml -KCf4x5To7yGFWzIC +MB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIJAIb/9Y4Q3rj7MA8GA1Ud +EwQIMAYBAf8CAQAwCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQCMvcNx +V87dAjaM03Hs0SVle0hN4nfXYgC9D8lQS1DL0FqLCT8h0fUfLxREhw2Z+gxcHRLY +5sWgLMES7vo8/ekuI1i+YKKf51C+0dgvJ2eQih80E8qBB7vK3oZZu4BlT7f6XUJt +5cgIJV3JeD1wCUInhYJ/XCIyMJQhRz8Jv8TSGpgb8F09URLanxynRNVUvF4EaXLM +z0/zsddJ20wO0UKPrbqQklt7nROPWEY9pC2dop1tS+Xk1kxhqeF4M1w9eA5PCz38 +Sm1EcSfhHZWVtp66DspyAf6O9hKtcRWCVGgj6kkMMAXqHmjMwHxjBI4b+nmWlRug +Da/3hX0JSSQuj57/ -----END CERTIFICATE----- diff --git a/certs/test-pathlen/server-0-ca.pem b/certs/test-pathlen/server-0-ca.pem index a0cdea5ba..cbbdca9ea 100644 --- a/certs/test-pathlen/server-0-ca.pem +++ b/certs/test-pathlen/server-0-ca.pem @@ -5,8 +5,8 @@ Certificate: Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Sep 19 23:03:51 2016 GMT - Not After : Jun 16 23:03:51 2019 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 0 CA/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -37,34 +37,34 @@ Certificate: X509v3 Authority Key Identifier: keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:B7:B6:90:33:66:1B:6B:23 + serial:86:FF:F5:8E:10:DE:B8:FB X509v3 Basic Constraints: CA:TRUE, pathlen:0 X509v3 Key Usage: Certificate Sign, CRL Sign Signature Algorithm: sha1WithRSAEncryption - a4:3b:22:20:6f:07:33:d0:ae:6d:13:fd:4f:48:dc:03:c6:9c: - e0:34:73:fa:e8:2f:aa:bd:15:1c:87:fe:6f:e4:c6:8e:36:b8: - b6:bb:53:c1:ea:e4:5c:d9:de:44:d5:05:89:88:79:d9:87:c9: - 05:78:57:bf:c0:25:1f:18:b6:f6:02:50:c8:b1:d1:0d:64:b0: - da:7e:68:e0:fa:64:68:51:1a:05:7f:7d:33:c5:27:71:0f:f6: - d7:72:19:7c:9f:57:34:5f:45:7a:b5:48:2e:d1:83:36:85:90: - 0c:c8:c1:be:3f:c3:7a:a3:ad:9b:3a:ce:a7:b4:50:1b:76:2e: - 8a:a4:a4:61:96:75:b4:a7:63:6e:7c:43:2f:98:18:39:92:57: - 87:54:76:37:73:53:37:cb:f1:95:34:11:9d:f4:94:e7:19:4a: - 9d:5f:91:cc:ff:b4:ed:39:53:82:42:86:2e:24:13:41:a4:4a: - 6c:d1:d9:00:ac:76:2c:59:9e:c4:28:33:b5:01:bf:74:63:01: - 23:8a:a8:78:e4:b7:e0:8b:ab:ec:b0:43:d8:0b:b8:ff:9e:62: - 0a:5d:e4:7c:73:f9:b4:d7:dd:6a:13:a5:28:05:90:f1:26:c1: - 4d:2b:db:a2:c6:f5:aa:13:19:a5:28:27:f8:c7:94:e8:ef:21: - 85:5b:32:02 + 8c:bd:c3:71:57:ce:dd:02:36:8c:d3:71:ec:d1:25:65:7b:48: + 4d:e2:77:d7:62:00:bd:0f:c9:50:4b:50:cb:d0:5a:8b:09:3f: + 21:d1:f5:1f:2f:14:44:87:0d:99:fa:0c:5c:1d:12:d8:e6:c5: + a0:2c:c1:12:ee:fa:3c:fd:e9:2e:23:58:be:60:a2:9f:e7:50: + be:d1:d8:2f:27:67:90:8a:1f:34:13:ca:81:07:bb:ca:de:86: + 59:bb:80:65:4f:b7:fa:5d:42:6d:e5:c8:08:25:5d:c9:78:3d: + 70:09:42:27:85:82:7f:5c:22:32:30:94:21:47:3f:09:bf:c4: + d2:1a:98:1b:f0:5d:3d:51:12:da:9f:1c:a7:44:d5:54:bc:5e: + 04:69:72:cc:cf:4f:f3:b1:d7:49:db:4c:0e:d1:42:8f:ad:ba: + 90:92:5b:7b:9d:13:8f:58:46:3d:a4:2d:9d:a2:9d:6d:4b:e5: + e4:d6:4c:61:a9:e1:78:33:5c:3d:78:0e:4f:0b:3d:fc:4a:6d: + 44:71:27:e1:1d:95:95:b6:9e:ba:0e:ca:72:01:fe:8e:f6:12: + ad:71:15:82:54:68:23:ea:49:0c:30:05:ea:1e:68:cc:c0:7c: + 63:04:8e:1b:fa:79:96:95:1b:a0:0d:af:f7:85:7d:09:49:24: + 2e:8f:9e:ff -----BEGIN CERTIFICATE----- MIIEuDCCA6CgAwIBAgIBZDANBgkqhkiG9w0BAQUFADCBlDELMAkGA1UEBhMCVVMx EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz -bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTYwOTE5 -MjMwMzUxWhcNMTkwNjE2MjMwMzUxWjCBmDELMAkGA1UEBhMCVVMxEzARBgNVBAgM +bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTgwNDEz +MTUyMzEwWhcNMjEwMTA3MTUyMzEwWjCBmDELMAkGA1UEBhMCVVMxEzARBgNVBAgM Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdvbGZTU0wg SW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxFDASBgNVBAMMC1NlcnZlciAwIENB MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIBIjANBgkqhkiG9w0B @@ -78,12 +78,12 @@ HQYDVR0OBBYEFLMRMsmSmITiyfjQO24DQsofDo48MIHJBgNVHSMEgcEwgb6AFCeO ZxF0wyYdP+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYDVQQGEwJVUzEQMA4GA1UE CAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3dG9vdGgx EzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEf -MB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIJALe2kDNmG2sjMA8GA1Ud -EwQIMAYBAf8CAQAwCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQCkOyIg -bwcz0K5tE/1PSNwDxpzgNHP66C+qvRUch/5v5MaONri2u1PB6uRc2d5E1QWJiHnZ -h8kFeFe/wCUfGLb2AlDIsdENZLDafmjg+mRoURoFf30zxSdxD/bXchl8n1c0X0V6 -tUgu0YM2hZAMyMG+P8N6o62bOs6ntFAbdi6KpKRhlnW0p2NufEMvmBg5kleHVHY3 -c1M3y/GVNBGd9JTnGUqdX5HM/7TtOVOCQoYuJBNBpEps0dkArHYsWZ7EKDO1Ab90 -YwEjiqh45Lfgi6vssEPYC7j/nmIKXeR8c/m0191qE6UoBZDxJsFNK9uixvWqExml -KCf4x5To7yGFWzIC +MB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIJAIb/9Y4Q3rj7MA8GA1Ud +EwQIMAYBAf8CAQAwCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQCMvcNx +V87dAjaM03Hs0SVle0hN4nfXYgC9D8lQS1DL0FqLCT8h0fUfLxREhw2Z+gxcHRLY +5sWgLMES7vo8/ekuI1i+YKKf51C+0dgvJ2eQih80E8qBB7vK3oZZu4BlT7f6XUJt +5cgIJV3JeD1wCUInhYJ/XCIyMJQhRz8Jv8TSGpgb8F09URLanxynRNVUvF4EaXLM +z0/zsddJ20wO0UKPrbqQklt7nROPWEY9pC2dop1tS+Xk1kxhqeF4M1w9eA5PCz38 +Sm1EcSfhHZWVtp66DspyAf6O9hKtcRWCVGgj6kkMMAXqHmjMwHxjBI4b+nmWlRug +Da/3hX0JSSQuj57/ -----END CERTIFICATE----- diff --git a/certs/test-pathlen/server-0-cert.pem b/certs/test-pathlen/server-0-cert.pem index f9a7015af..c72ae8043 100644 --- a/certs/test-pathlen/server-0-cert.pem +++ b/certs/test-pathlen/server-0-cert.pem @@ -5,8 +5,8 @@ Certificate: Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 0 CA/emailAddress=info@wolfssl.com Validity - Not Before: Sep 20 00:03:21 2016 GMT - Not After : Jun 17 00:03:21 2019 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 0/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -42,27 +42,27 @@ Certificate: X509v3 Basic Constraints: CA:FALSE Signature Algorithm: sha1WithRSAEncryption - 09:2d:8f:57:0a:4c:f7:b1:30:48:1c:eb:00:c3:06:8c:d6:49: - dd:45:92:25:5c:29:1a:86:90:74:28:46:18:65:8f:fb:13:c4: - a7:85:3d:93:42:37:a1:44:aa:17:f6:b3:99:68:05:99:02:e5: - ac:cd:5e:3d:fc:fe:1f:a8:b2:2c:b4:2b:9c:a2:0b:94:f0:7b: - ef:5c:e9:ae:e5:fa:72:b9:a4:d5:b5:09:54:01:02:6a:da:09: - 0c:72:4b:14:bd:1d:64:b7:70:80:be:cd:33:86:5e:1f:a0:49: - 54:9d:af:eb:5c:dc:d5:15:97:7b:5f:8f:b3:6f:54:ce:16:f7: - d4:be:0b:40:f0:5b:31:54:04:49:37:d2:9d:c8:9a:05:1a:6e: - 27:db:37:60:de:32:a7:d9:33:da:4b:a8:9e:08:0a:13:c4:ec: - 75:e9:17:39:da:14:21:f5:c4:2b:9c:b6:31:ad:61:df:ed:52: - d2:d6:1f:d9:e0:f9:bb:29:15:9f:40:f5:e2:41:43:90:46:24: - e2:34:55:57:44:7b:46:c5:87:84:80:46:02:a5:db:7d:bc:0d: - 69:ce:aa:9e:3e:e3:7a:bf:69:61:88:f7:a1:6e:01:0b:f4:59: - c2:42:d4:e0:32:d4:13:16:8a:39:fe:0b:9d:31:26:47:92:8c: - 8f:1e:a4:4e + 3d:b1:b9:4a:c7:79:a6:1c:ea:27:76:16:32:3c:96:56:f3:62: + ce:2e:f5:78:d6:bd:e8:dd:07:2f:fc:38:3d:54:89:bd:ab:dd: + 39:58:4d:78:e3:37:d3:90:98:ea:9f:b9:72:96:eb:5d:28:22: + 2d:6c:8b:3a:c0:67:1d:3e:d5:bd:13:3e:f1:d7:c2:d7:ea:5f: + cc:da:57:58:c7:e6:66:e3:21:85:65:34:38:59:86:93:ae:1e: + 1c:ba:e5:19:80:96:20:5b:e9:9f:ea:c7:99:b1:db:89:17:7f: + f9:b4:e8:20:3f:34:e6:79:54:99:86:ee:8c:aa:c2:a3:ce:20: + c5:00:60:65:73:06:90:8a:88:12:7e:7a:ca:33:99:11:2e:84: + 82:cf:d7:df:83:73:c2:e6:9f:86:f1:f9:ba:ac:cb:95:ad:0f: + 3e:4b:1d:23:57:75:ce:57:bb:cc:78:a2:72:35:b3:c1:a2:e5: + 14:a6:b1:c2:0d:99:2b:83:95:8a:62:69:17:50:1f:9c:a5:0e: + 17:67:47:8a:a9:77:be:c2:03:3a:3b:2b:ab:fb:8a:22:81:e9: + 79:41:76:41:1b:ce:fc:68:24:40:83:88:10:ec:d6:3e:62:63: + de:f2:2d:bd:08:1d:a5:9b:4c:bc:82:56:59:66:2f:1a:c2:c7: + 60:9d:7a:f7 -----BEGIN CERTIFICATE----- MIIEnDCCA4SgAwIBAgIBZTANBgkqhkiG9w0BAQUFADCBmDELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxFDASBgNVBAMMC1Nl -cnZlciAwIENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE2 -MDkyMDAwMDMyMVoXDTE5MDYxNzAwMDMyMVowgZUxCzAJBgNVBAYTAlVTMRMwEQYD +cnZlciAwIENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE4 +MDQxMzE1MjMxMFoXDTIxMDEwNzE1MjMxMFowgZUxCzAJBgNVBAYTAlVTMRMwEQYD VQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRUwEwYDVQQKDAx3b2xm U1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMREwDwYDVQQDDAhTZXJ2ZXIg MDEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZIhvcN @@ -77,10 +77,10 @@ yZKYhOLJ+NA7bgNCyh8OjjyhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYDVQQI DAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290aDET MBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8w HQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggFkMAkGA1UdEwQCMAAwDQYJ -KoZIhvcNAQEFBQADggEBAAktj1cKTPexMEgc6wDDBozWSd1FkiVcKRqGkHQoRhhl -j/sTxKeFPZNCN6FEqhf2s5loBZkC5azNXj38/h+osiy0K5yiC5Twe+9c6a7l+nK5 -pNW1CVQBAmraCQxySxS9HWS3cIC+zTOGXh+gSVSdr+tc3NUVl3tfj7NvVM4W99S+ -C0DwWzFUBEk30p3ImgUabifbN2DeMqfZM9pLqJ4IChPE7HXpFznaFCH1xCuctjGt -Yd/tUtLWH9ng+bspFZ9A9eJBQ5BGJOI0VVdEe0bFh4SARgKl2328DWnOqp4+43q/ -aWGI96FuAQv0WcJC1OAy1BMWijn+C50xJkeSjI8epE4= +KoZIhvcNAQEFBQADggEBAD2xuUrHeaYc6id2FjI8llbzYs4u9XjWvejdBy/8OD1U +ib2r3TlYTXjjN9OQmOqfuXKW610oIi1sizrAZx0+1b0TPvHXwtfqX8zaV1jH5mbj +IYVlNDhZhpOuHhy65RmAliBb6Z/qx5mx24kXf/m06CA/NOZ5VJmG7oyqwqPOIMUA +YGVzBpCKiBJ+esozmREuhILP19+Dc8Lmn4bx+bqsy5WtDz5LHSNXdc5Xu8x4onI1 +s8Gi5RSmscINmSuDlYpiaRdQH5ylDhdnR4qpd77CAzo7K6v7iiKB6XlBdkEbzvxo +JECDiBDs1j5iY97yLb0IHaWbTLyCVllmLxrCx2Cdevc= -----END CERTIFICATE----- diff --git a/certs/test-pathlen/server-0-chain.pem b/certs/test-pathlen/server-0-chain.pem index 73c7d7346..a79c6458b 100644 --- a/certs/test-pathlen/server-0-chain.pem +++ b/certs/test-pathlen/server-0-chain.pem @@ -5,8 +5,8 @@ Certificate: Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 0 CA/emailAddress=info@wolfssl.com Validity - Not Before: Sep 20 00:03:21 2016 GMT - Not After : Jun 17 00:03:21 2019 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 0/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -42,27 +42,27 @@ Certificate: X509v3 Basic Constraints: CA:FALSE Signature Algorithm: sha1WithRSAEncryption - 09:2d:8f:57:0a:4c:f7:b1:30:48:1c:eb:00:c3:06:8c:d6:49: - dd:45:92:25:5c:29:1a:86:90:74:28:46:18:65:8f:fb:13:c4: - a7:85:3d:93:42:37:a1:44:aa:17:f6:b3:99:68:05:99:02:e5: - ac:cd:5e:3d:fc:fe:1f:a8:b2:2c:b4:2b:9c:a2:0b:94:f0:7b: - ef:5c:e9:ae:e5:fa:72:b9:a4:d5:b5:09:54:01:02:6a:da:09: - 0c:72:4b:14:bd:1d:64:b7:70:80:be:cd:33:86:5e:1f:a0:49: - 54:9d:af:eb:5c:dc:d5:15:97:7b:5f:8f:b3:6f:54:ce:16:f7: - d4:be:0b:40:f0:5b:31:54:04:49:37:d2:9d:c8:9a:05:1a:6e: - 27:db:37:60:de:32:a7:d9:33:da:4b:a8:9e:08:0a:13:c4:ec: - 75:e9:17:39:da:14:21:f5:c4:2b:9c:b6:31:ad:61:df:ed:52: - d2:d6:1f:d9:e0:f9:bb:29:15:9f:40:f5:e2:41:43:90:46:24: - e2:34:55:57:44:7b:46:c5:87:84:80:46:02:a5:db:7d:bc:0d: - 69:ce:aa:9e:3e:e3:7a:bf:69:61:88:f7:a1:6e:01:0b:f4:59: - c2:42:d4:e0:32:d4:13:16:8a:39:fe:0b:9d:31:26:47:92:8c: - 8f:1e:a4:4e + 3d:b1:b9:4a:c7:79:a6:1c:ea:27:76:16:32:3c:96:56:f3:62: + ce:2e:f5:78:d6:bd:e8:dd:07:2f:fc:38:3d:54:89:bd:ab:dd: + 39:58:4d:78:e3:37:d3:90:98:ea:9f:b9:72:96:eb:5d:28:22: + 2d:6c:8b:3a:c0:67:1d:3e:d5:bd:13:3e:f1:d7:c2:d7:ea:5f: + cc:da:57:58:c7:e6:66:e3:21:85:65:34:38:59:86:93:ae:1e: + 1c:ba:e5:19:80:96:20:5b:e9:9f:ea:c7:99:b1:db:89:17:7f: + f9:b4:e8:20:3f:34:e6:79:54:99:86:ee:8c:aa:c2:a3:ce:20: + c5:00:60:65:73:06:90:8a:88:12:7e:7a:ca:33:99:11:2e:84: + 82:cf:d7:df:83:73:c2:e6:9f:86:f1:f9:ba:ac:cb:95:ad:0f: + 3e:4b:1d:23:57:75:ce:57:bb:cc:78:a2:72:35:b3:c1:a2:e5: + 14:a6:b1:c2:0d:99:2b:83:95:8a:62:69:17:50:1f:9c:a5:0e: + 17:67:47:8a:a9:77:be:c2:03:3a:3b:2b:ab:fb:8a:22:81:e9: + 79:41:76:41:1b:ce:fc:68:24:40:83:88:10:ec:d6:3e:62:63: + de:f2:2d:bd:08:1d:a5:9b:4c:bc:82:56:59:66:2f:1a:c2:c7: + 60:9d:7a:f7 -----BEGIN CERTIFICATE----- MIIEnDCCA4SgAwIBAgIBZTANBgkqhkiG9w0BAQUFADCBmDELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxFDASBgNVBAMMC1Nl -cnZlciAwIENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE2 -MDkyMDAwMDMyMVoXDTE5MDYxNzAwMDMyMVowgZUxCzAJBgNVBAYTAlVTMRMwEQYD +cnZlciAwIENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE4 +MDQxMzE1MjMxMFoXDTIxMDEwNzE1MjMxMFowgZUxCzAJBgNVBAYTAlVTMRMwEQYD VQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRUwEwYDVQQKDAx3b2xm U1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMREwDwYDVQQDDAhTZXJ2ZXIg MDEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZIhvcN @@ -77,12 +77,12 @@ yZKYhOLJ+NA7bgNCyh8OjjyhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYDVQQI DAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290aDET MBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8w HQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggFkMAkGA1UdEwQCMAAwDQYJ -KoZIhvcNAQEFBQADggEBAAktj1cKTPexMEgc6wDDBozWSd1FkiVcKRqGkHQoRhhl -j/sTxKeFPZNCN6FEqhf2s5loBZkC5azNXj38/h+osiy0K5yiC5Twe+9c6a7l+nK5 -pNW1CVQBAmraCQxySxS9HWS3cIC+zTOGXh+gSVSdr+tc3NUVl3tfj7NvVM4W99S+ -C0DwWzFUBEk30p3ImgUabifbN2DeMqfZM9pLqJ4IChPE7HXpFznaFCH1xCuctjGt -Yd/tUtLWH9ng+bspFZ9A9eJBQ5BGJOI0VVdEe0bFh4SARgKl2328DWnOqp4+43q/ -aWGI96FuAQv0WcJC1OAy1BMWijn+C50xJkeSjI8epE4= +KoZIhvcNAQEFBQADggEBAD2xuUrHeaYc6id2FjI8llbzYs4u9XjWvejdBy/8OD1U +ib2r3TlYTXjjN9OQmOqfuXKW610oIi1sizrAZx0+1b0TPvHXwtfqX8zaV1jH5mbj +IYVlNDhZhpOuHhy65RmAliBb6Z/qx5mx24kXf/m06CA/NOZ5VJmG7oyqwqPOIMUA +YGVzBpCKiBJ+esozmREuhILP19+Dc8Lmn4bx+bqsy5WtDz5LHSNXdc5Xu8x4onI1 +s8Gi5RSmscINmSuDlYpiaRdQH5ylDhdnR4qpd77CAzo7K6v7iiKB6XlBdkEbzvxo +JECDiBDs1j5iY97yLb0IHaWbTLyCVllmLxrCx2Cdevc= -----END CERTIFICATE----- Certificate: Data: @@ -91,8 +91,8 @@ Certificate: Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Sep 19 23:03:51 2016 GMT - Not After : Jun 16 23:03:51 2019 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 0 CA/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -123,34 +123,34 @@ Certificate: X509v3 Authority Key Identifier: keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:B7:B6:90:33:66:1B:6B:23 + serial:86:FF:F5:8E:10:DE:B8:FB X509v3 Basic Constraints: CA:TRUE, pathlen:0 X509v3 Key Usage: Certificate Sign, CRL Sign Signature Algorithm: sha1WithRSAEncryption - a4:3b:22:20:6f:07:33:d0:ae:6d:13:fd:4f:48:dc:03:c6:9c: - e0:34:73:fa:e8:2f:aa:bd:15:1c:87:fe:6f:e4:c6:8e:36:b8: - b6:bb:53:c1:ea:e4:5c:d9:de:44:d5:05:89:88:79:d9:87:c9: - 05:78:57:bf:c0:25:1f:18:b6:f6:02:50:c8:b1:d1:0d:64:b0: - da:7e:68:e0:fa:64:68:51:1a:05:7f:7d:33:c5:27:71:0f:f6: - d7:72:19:7c:9f:57:34:5f:45:7a:b5:48:2e:d1:83:36:85:90: - 0c:c8:c1:be:3f:c3:7a:a3:ad:9b:3a:ce:a7:b4:50:1b:76:2e: - 8a:a4:a4:61:96:75:b4:a7:63:6e:7c:43:2f:98:18:39:92:57: - 87:54:76:37:73:53:37:cb:f1:95:34:11:9d:f4:94:e7:19:4a: - 9d:5f:91:cc:ff:b4:ed:39:53:82:42:86:2e:24:13:41:a4:4a: - 6c:d1:d9:00:ac:76:2c:59:9e:c4:28:33:b5:01:bf:74:63:01: - 23:8a:a8:78:e4:b7:e0:8b:ab:ec:b0:43:d8:0b:b8:ff:9e:62: - 0a:5d:e4:7c:73:f9:b4:d7:dd:6a:13:a5:28:05:90:f1:26:c1: - 4d:2b:db:a2:c6:f5:aa:13:19:a5:28:27:f8:c7:94:e8:ef:21: - 85:5b:32:02 + 8c:bd:c3:71:57:ce:dd:02:36:8c:d3:71:ec:d1:25:65:7b:48: + 4d:e2:77:d7:62:00:bd:0f:c9:50:4b:50:cb:d0:5a:8b:09:3f: + 21:d1:f5:1f:2f:14:44:87:0d:99:fa:0c:5c:1d:12:d8:e6:c5: + a0:2c:c1:12:ee:fa:3c:fd:e9:2e:23:58:be:60:a2:9f:e7:50: + be:d1:d8:2f:27:67:90:8a:1f:34:13:ca:81:07:bb:ca:de:86: + 59:bb:80:65:4f:b7:fa:5d:42:6d:e5:c8:08:25:5d:c9:78:3d: + 70:09:42:27:85:82:7f:5c:22:32:30:94:21:47:3f:09:bf:c4: + d2:1a:98:1b:f0:5d:3d:51:12:da:9f:1c:a7:44:d5:54:bc:5e: + 04:69:72:cc:cf:4f:f3:b1:d7:49:db:4c:0e:d1:42:8f:ad:ba: + 90:92:5b:7b:9d:13:8f:58:46:3d:a4:2d:9d:a2:9d:6d:4b:e5: + e4:d6:4c:61:a9:e1:78:33:5c:3d:78:0e:4f:0b:3d:fc:4a:6d: + 44:71:27:e1:1d:95:95:b6:9e:ba:0e:ca:72:01:fe:8e:f6:12: + ad:71:15:82:54:68:23:ea:49:0c:30:05:ea:1e:68:cc:c0:7c: + 63:04:8e:1b:fa:79:96:95:1b:a0:0d:af:f7:85:7d:09:49:24: + 2e:8f:9e:ff -----BEGIN CERTIFICATE----- MIIEuDCCA6CgAwIBAgIBZDANBgkqhkiG9w0BAQUFADCBlDELMAkGA1UEBhMCVVMx EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz -bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTYwOTE5 -MjMwMzUxWhcNMTkwNjE2MjMwMzUxWjCBmDELMAkGA1UEBhMCVVMxEzARBgNVBAgM +bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTgwNDEz +MTUyMzEwWhcNMjEwMTA3MTUyMzEwWjCBmDELMAkGA1UEBhMCVVMxEzARBgNVBAgM Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdvbGZTU0wg SW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxFDASBgNVBAMMC1NlcnZlciAwIENB MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIBIjANBgkqhkiG9w0B @@ -164,12 +164,12 @@ HQYDVR0OBBYEFLMRMsmSmITiyfjQO24DQsofDo48MIHJBgNVHSMEgcEwgb6AFCeO ZxF0wyYdP+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYDVQQGEwJVUzEQMA4GA1UE CAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3dG9vdGgx EzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEf -MB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIJALe2kDNmG2sjMA8GA1Ud -EwQIMAYBAf8CAQAwCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQCkOyIg -bwcz0K5tE/1PSNwDxpzgNHP66C+qvRUch/5v5MaONri2u1PB6uRc2d5E1QWJiHnZ -h8kFeFe/wCUfGLb2AlDIsdENZLDafmjg+mRoURoFf30zxSdxD/bXchl8n1c0X0V6 -tUgu0YM2hZAMyMG+P8N6o62bOs6ntFAbdi6KpKRhlnW0p2NufEMvmBg5kleHVHY3 -c1M3y/GVNBGd9JTnGUqdX5HM/7TtOVOCQoYuJBNBpEps0dkArHYsWZ7EKDO1Ab90 -YwEjiqh45Lfgi6vssEPYC7j/nmIKXeR8c/m0191qE6UoBZDxJsFNK9uixvWqExml -KCf4x5To7yGFWzIC +MB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIJAIb/9Y4Q3rj7MA8GA1Ud +EwQIMAYBAf8CAQAwCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQCMvcNx +V87dAjaM03Hs0SVle0hN4nfXYgC9D8lQS1DL0FqLCT8h0fUfLxREhw2Z+gxcHRLY +5sWgLMES7vo8/ekuI1i+YKKf51C+0dgvJ2eQih80E8qBB7vK3oZZu4BlT7f6XUJt +5cgIJV3JeD1wCUInhYJ/XCIyMJQhRz8Jv8TSGpgb8F09URLanxynRNVUvF4EaXLM +z0/zsddJ20wO0UKPrbqQklt7nROPWEY9pC2dop1tS+Xk1kxhqeF4M1w9eA5PCz38 +Sm1EcSfhHZWVtp66DspyAf6O9hKtcRWCVGgj6kkMMAXqHmjMwHxjBI4b+nmWlRug +Da/3hX0JSSQuj57/ -----END CERTIFICATE----- diff --git a/certs/test-pathlen/server-1-0-ca.pem b/certs/test-pathlen/server-1-0-ca.pem index 055d0fe2e..bba882ee5 100644 --- a/certs/test-pathlen/server-1-0-ca.pem +++ b/certs/test-pathlen/server-1-0-ca.pem @@ -5,8 +5,8 @@ Certificate: Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 1 CA/emailAddress=info@wolfssl.com Validity - Not Before: Sep 20 21:23:18 2016 GMT - Not After : Jun 16 21:23:18 2019 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 1-0 CA/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -44,27 +44,27 @@ Certificate: X509v3 Key Usage: Certificate Sign, CRL Sign Signature Algorithm: sha1WithRSAEncryption - 37:78:ec:5f:82:05:c6:19:f6:3a:be:82:5f:1e:d3:69:26:20: - 92:f2:24:e8:6d:5f:44:70:ca:bd:53:24:ab:1f:58:6b:24:08: - d0:3a:a6:46:d3:1d:63:7c:22:8b:4a:e2:69:9e:de:03:08:91: - b5:37:bb:55:fe:91:fc:b4:2f:ce:9f:58:f7:80:6c:77:ed:82: - 6d:93:f0:30:9b:42:21:dc:98:64:87:df:f5:2f:f6:90:d9:af: - 7b:e0:98:68:07:3a:bd:70:60:e6:c8:4b:a2:c7:aa:9d:3b:cf: - 79:07:44:57:86:cc:e2:3a:7d:b1:ee:c7:61:48:8c:0e:b0:8d: - 0c:f6:c2:3e:e2:68:2d:50:a7:ac:5b:86:6e:f5:d1:5e:24:dd: - b7:c4:23:c0:90:82:e1:4f:bb:a7:6f:94:d3:9b:a3:28:30:12: - 8b:57:18:79:91:92:44:97:ff:08:75:49:74:3b:a8:91:ca:30: - e0:d0:5b:90:b7:26:14:69:b8:fe:72:fa:cd:8a:da:75:28:6d: - e2:e4:82:83:83:01:e4:60:c8:67:5b:ef:04:a9:29:2a:6d:64: - 1a:fc:fd:52:57:57:56:b3:bb:06:0e:e5:5f:22:d1:88:6b:12: - aa:f1:d5:91:09:c9:5c:1c:55:18:e6:34:fa:cd:d7:aa:bf:04: - fa:58:7d:cf + 2b:e5:fc:8a:56:f9:f4:37:84:c8:9a:b4:9d:46:33:24:9d:03: + 59:a2:c7:dd:31:75:31:ac:bf:f2:78:15:7d:31:82:dd:f4:d1: + e8:f8:01:ac:02:cb:b6:32:5f:18:a5:20:37:1e:5d:3f:29:f6: + 8a:4b:16:c3:64:5e:98:6d:09:3b:6f:24:fe:58:c0:12:1f:86: + 18:0e:4d:e8:d9:bd:4d:44:e6:58:0d:69:fb:52:4d:b5:da:38: + 6d:c0:59:70:f5:5a:6b:51:98:f8:94:bd:d6:14:72:1f:38:fd: + 63:53:c6:f6:eb:f5:f2:c0:ce:b3:fc:35:6e:7a:78:32:28:dd: + 90:65:a1:03:02:69:2c:c9:04:22:70:c4:a8:44:8e:88:99:1c: + 3d:fb:21:a3:b0:d5:f1:29:d0:b8:44:6b:e5:34:bb:74:49:f2: + 29:10:e2:74:98:d5:11:68:a0:c1:b1:15:ae:cc:5f:d9:bb:83: + 78:7f:d2:3f:aa:c0:fc:a3:36:24:bf:b2:ab:94:7f:86:79:94: + 23:dc:8d:4d:83:fa:9d:00:ed:14:15:c7:2c:1d:e2:05:6f:2e: + ba:f9:af:9c:6a:ef:05:0c:64:2d:f8:0a:61:7b:2d:67:3e:f1: + fb:2b:e3:09:47:98:2e:a5:68:64:7a:f8:67:5a:56:b8:68:42: + 90:8d:3b:cb -----BEGIN CERTIFICATE----- MIIEtjCCA56gAwIBAgIBZzANBgkqhkiG9w0BAQUFADCBmDELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxFDASBgNVBAMMC1Nl -cnZlciAxIENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE2 -MDkyMDIxMjMxOFoXDTE5MDYxNjIxMjMxOFowgZoxCzAJBgNVBAYTAlVTMRMwEQYD +cnZlciAxIENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE4 +MDQxMzE1MjMxMFoXDTIxMDEwNzE1MjMxMFowgZoxCzAJBgNVBAYTAlVTMRMwEQYD VQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRUwEwYDVQQKDAx3b2xm U1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMRYwFAYDVQQDDA1TZXJ2ZXIg MS0wIENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIBIjANBgkq @@ -79,11 +79,11 @@ gbaAFLMRMsmSmITiyfjQO24DQsofDo48oYGapIGXMIGUMQswCQYDVQQGEwJVUzEQ MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3 dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIBZjAPBgNVHRME -CDAGAQH/AgEAMAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAN3jsX4IF -xhn2Or6CXx7TaSYgkvIk6G1fRHDKvVMkqx9YayQI0DqmRtMdY3wii0riaZ7eAwiR -tTe7Vf6R/LQvzp9Y94Bsd+2CbZPwMJtCIdyYZIff9S/2kNmve+CYaAc6vXBg5shL -oseqnTvPeQdEV4bM4jp9se7HYUiMDrCNDPbCPuJoLVCnrFuGbvXRXiTdt8QjwJCC -4U+7p2+U05ujKDASi1cYeZGSRJf/CHVJdDuokcow4NBbkLcmFGm4/nL6zYradSht -4uSCg4MB5GDIZ1vvBKkpKm1kGvz9UldXVrO7Bg7lXyLRiGsSqvHVkQnJXBxVGOY0 -+s3Xqr8E+lh9zw== +CDAGAQH/AgEAMAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAK+X8ilb5 +9DeEyJq0nUYzJJ0DWaLH3TF1May/8ngVfTGC3fTR6PgBrALLtjJfGKUgNx5dPyn2 +iksWw2RemG0JO28k/ljAEh+GGA5N6Nm9TUTmWA1p+1JNtdo4bcBZcPVaa1GY+JS9 +1hRyHzj9Y1PG9uv18sDOs/w1bnp4MijdkGWhAwJpLMkEInDEqESOiJkcPfsho7DV +8SnQuERr5TS7dEnyKRDidJjVEWigwbEVrsxf2buDeH/SP6rA/KM2JL+yq5R/hnmU +I9yNTYP6nQDtFBXHLB3iBW8uuvmvnGrvBQxkLfgKYXstZz7x+yvjCUeYLqVoZHr4 +Z1pWuGhCkI07yw== -----END CERTIFICATE----- diff --git a/certs/test-pathlen/server-1-0-cert.pem b/certs/test-pathlen/server-1-0-cert.pem index 78f215e38..fd21f61fb 100644 --- a/certs/test-pathlen/server-1-0-cert.pem +++ b/certs/test-pathlen/server-1-0-cert.pem @@ -5,8 +5,8 @@ Certificate: Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 1-0 CA/emailAddress=info@wolfssl.com Validity - Not Before: Sep 20 00:07:57 2016 GMT - Not After : Jun 17 00:07:57 2019 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 1-0/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -42,27 +42,27 @@ Certificate: X509v3 Basic Constraints: CA:FALSE Signature Algorithm: sha1WithRSAEncryption - 6d:98:b9:e7:03:b3:0e:36:15:f5:6f:6c:60:59:9d:60:95:cb: - 8c:31:f6:b7:7d:27:6a:37:99:79:cb:06:89:4a:87:c8:a6:d7: - 86:46:5c:f3:02:f9:37:98:3a:d2:59:3a:37:59:7e:46:58:ee: - 18:b2:77:a9:85:39:45:e1:05:d4:a7:bc:1e:cc:4a:a3:be:1e: - 7e:58:15:79:c4:25:8f:1d:3f:f4:e2:5d:3c:c1:a5:45:f3:e0: - fd:97:96:49:78:c7:c7:e2:e9:78:97:91:9c:44:a3:f9:b4:cc: - 14:61:b4:03:55:ef:d2:33:3b:8d:8e:01:e1:a1:27:a4:1e:66: - 06:13:0b:e0:5b:6b:69:8a:8a:c8:c5:a9:a3:8f:6e:dd:25:03: - 5f:3f:65:21:8e:d5:b2:dc:0e:e1:b6:d2:fd:9c:d8:99:33:f6: - 4b:8c:71:2b:9e:0a:3a:40:a5:28:ef:d8:65:fb:08:2f:f4:e9: - 2b:d6:7c:9c:09:1c:6e:aa:f0:7f:67:13:dc:a3:e6:fa:5c:49: - 04:ba:55:d4:3e:4d:17:3d:e9:13:bf:b1:95:e8:71:41:47:4a: - 73:52:97:85:71:ac:a1:b7:32:82:64:77:c2:53:5c:f0:35:81: - 34:10:77:09:69:04:73:05:39:b6:62:2e:fd:37:a4:20:3e:40: - 98:a5:e5:dc + 88:e6:c7:a7:fc:33:31:f6:e3:1d:fe:92:c5:69:59:07:cb:70: + 7a:18:8a:cc:4c:10:7a:6b:f4:1a:32:78:1f:55:90:72:8d:e2: + 78:93:86:b6:9d:2f:3b:12:cc:f6:81:87:59:0b:54:61:b4:ea: + da:7a:4c:27:82:49:89:78:41:f4:57:58:b2:17:fc:f1:35:c7: + 20:a9:51:84:21:e9:4a:68:5c:1b:1d:2c:1a:b3:47:93:27:59: + a4:e4:73:e8:b8:30:5b:b7:5f:1f:10:07:59:0c:bd:d4:a6:e1: + 7c:d6:91:23:4e:b9:fd:85:22:4c:06:f3:08:58:18:48:85:db: + 46:40:b1:d7:9f:13:b5:aa:34:a5:b9:38:ff:b7:08:1a:5e:e3: + 76:80:16:6c:b9:8e:57:51:dc:5e:a1:03:e6:e9:ee:ac:a2:d0: + 26:3d:ff:97:96:0b:66:06:9a:c9:26:4a:c1:a3:02:f5:47:d5: + 87:d9:ea:a8:af:21:70:77:f8:9b:15:ec:c0:ee:fd:d4:16:b7: + 8a:4d:c0:8f:25:2d:6b:dd:dd:6f:4c:7f:b5:6c:59:b7:a4:7c: + e9:52:a9:bc:79:8a:62:7c:ab:a1:ec:0b:fa:5b:6e:f8:db:11: + 72:a1:e9:c6:4a:83:82:64:ea:4e:13:44:d4:04:17:c3:ee:8d: + ea:4b:9b:69 -----BEGIN CERTIFICATE----- MIIEpDCCA4ygAwIBAgIBaDANBgkqhkiG9w0BAQUFADCBmjELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxFjAUBgNVBAMMDVNl cnZlciAxLTAgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcN -MTYwOTIwMDAwNzU3WhcNMTkwNjE3MDAwNzU3WjCBlzELMAkGA1UEBhMCVVMxEzAR +MTgwNDEzMTUyMzEwWhcNMjEwMTA3MTUyMzEwWjCBlzELMAkGA1UEBhMCVVMxEzAR BgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdv bGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxEzARBgNVBAMMClNlcnZl ciAxLTAxHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqG @@ -77,10 +77,10 @@ FLMRMsmSmITiyfjQO24DQsofDo48oYGepIGbMIGYMQswCQYDVQQGEwJVUzETMBEG A1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEVMBMGA1UECgwMd29s ZlNTTCBJbmMuMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEUMBIGA1UEAwwLU2VydmVy IDEgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CAWcwCQYDVR0T -BAIwADANBgkqhkiG9w0BAQUFAAOCAQEAbZi55wOzDjYV9W9sYFmdYJXLjDH2t30n -ajeZecsGiUqHyKbXhkZc8wL5N5g60lk6N1l+RljuGLJ3qYU5ReEF1Ke8HsxKo74e -flgVecQljx0/9OJdPMGlRfPg/ZeWSXjHx+LpeJeRnESj+bTMFGG0A1Xv0jM7jY4B -4aEnpB5mBhML4FtraYqKyMWpo49u3SUDXz9lIY7VstwO4bbS/ZzYmTP2S4xxK54K -OkClKO/YZfsIL/TpK9Z8nAkcbqrwf2cT3KPm+lxJBLpV1D5NFz3pE7+xlehxQUdK -c1KXhXGsobcygmR3wlNc8DWBNBB3CWkEcwU5tmIu/TekID5AmKXl3A== +BAIwADANBgkqhkiG9w0BAQUFAAOCAQEAiObHp/wzMfbjHf6SxWlZB8twehiKzEwQ +emv0GjJ4H1WQco3ieJOGtp0vOxLM9oGHWQtUYbTq2npMJ4JJiXhB9FdYshf88TXH +IKlRhCHpSmhcGx0sGrNHkydZpORz6LgwW7dfHxAHWQy91KbhfNaRI065/YUiTAbz +CFgYSIXbRkCx158Ttao0pbk4/7cIGl7jdoAWbLmOV1HcXqED5unurKLQJj3/l5YL +ZgaaySZKwaMC9UfVh9nqqK8hcHf4mxXswO791Ba3ik3AjyUta93db0x/tWxZt6R8 +6VKpvHmKYnyroewL+ltu+NsRcqHpxkqDgmTqThNE1AQXw+6N6kubaQ== -----END CERTIFICATE----- diff --git a/certs/test-pathlen/server-1-0-chain.pem b/certs/test-pathlen/server-1-0-chain.pem index 38aa3733d..15b3b5d5f 100644 --- a/certs/test-pathlen/server-1-0-chain.pem +++ b/certs/test-pathlen/server-1-0-chain.pem @@ -5,8 +5,8 @@ Certificate: Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 1-0 CA/emailAddress=info@wolfssl.com Validity - Not Before: Sep 20 00:07:57 2016 GMT - Not After : Jun 17 00:07:57 2019 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 1-0/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -42,27 +42,27 @@ Certificate: X509v3 Basic Constraints: CA:FALSE Signature Algorithm: sha1WithRSAEncryption - 6d:98:b9:e7:03:b3:0e:36:15:f5:6f:6c:60:59:9d:60:95:cb: - 8c:31:f6:b7:7d:27:6a:37:99:79:cb:06:89:4a:87:c8:a6:d7: - 86:46:5c:f3:02:f9:37:98:3a:d2:59:3a:37:59:7e:46:58:ee: - 18:b2:77:a9:85:39:45:e1:05:d4:a7:bc:1e:cc:4a:a3:be:1e: - 7e:58:15:79:c4:25:8f:1d:3f:f4:e2:5d:3c:c1:a5:45:f3:e0: - fd:97:96:49:78:c7:c7:e2:e9:78:97:91:9c:44:a3:f9:b4:cc: - 14:61:b4:03:55:ef:d2:33:3b:8d:8e:01:e1:a1:27:a4:1e:66: - 06:13:0b:e0:5b:6b:69:8a:8a:c8:c5:a9:a3:8f:6e:dd:25:03: - 5f:3f:65:21:8e:d5:b2:dc:0e:e1:b6:d2:fd:9c:d8:99:33:f6: - 4b:8c:71:2b:9e:0a:3a:40:a5:28:ef:d8:65:fb:08:2f:f4:e9: - 2b:d6:7c:9c:09:1c:6e:aa:f0:7f:67:13:dc:a3:e6:fa:5c:49: - 04:ba:55:d4:3e:4d:17:3d:e9:13:bf:b1:95:e8:71:41:47:4a: - 73:52:97:85:71:ac:a1:b7:32:82:64:77:c2:53:5c:f0:35:81: - 34:10:77:09:69:04:73:05:39:b6:62:2e:fd:37:a4:20:3e:40: - 98:a5:e5:dc + 88:e6:c7:a7:fc:33:31:f6:e3:1d:fe:92:c5:69:59:07:cb:70: + 7a:18:8a:cc:4c:10:7a:6b:f4:1a:32:78:1f:55:90:72:8d:e2: + 78:93:86:b6:9d:2f:3b:12:cc:f6:81:87:59:0b:54:61:b4:ea: + da:7a:4c:27:82:49:89:78:41:f4:57:58:b2:17:fc:f1:35:c7: + 20:a9:51:84:21:e9:4a:68:5c:1b:1d:2c:1a:b3:47:93:27:59: + a4:e4:73:e8:b8:30:5b:b7:5f:1f:10:07:59:0c:bd:d4:a6:e1: + 7c:d6:91:23:4e:b9:fd:85:22:4c:06:f3:08:58:18:48:85:db: + 46:40:b1:d7:9f:13:b5:aa:34:a5:b9:38:ff:b7:08:1a:5e:e3: + 76:80:16:6c:b9:8e:57:51:dc:5e:a1:03:e6:e9:ee:ac:a2:d0: + 26:3d:ff:97:96:0b:66:06:9a:c9:26:4a:c1:a3:02:f5:47:d5: + 87:d9:ea:a8:af:21:70:77:f8:9b:15:ec:c0:ee:fd:d4:16:b7: + 8a:4d:c0:8f:25:2d:6b:dd:dd:6f:4c:7f:b5:6c:59:b7:a4:7c: + e9:52:a9:bc:79:8a:62:7c:ab:a1:ec:0b:fa:5b:6e:f8:db:11: + 72:a1:e9:c6:4a:83:82:64:ea:4e:13:44:d4:04:17:c3:ee:8d: + ea:4b:9b:69 -----BEGIN CERTIFICATE----- MIIEpDCCA4ygAwIBAgIBaDANBgkqhkiG9w0BAQUFADCBmjELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxFjAUBgNVBAMMDVNl cnZlciAxLTAgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcN -MTYwOTIwMDAwNzU3WhcNMTkwNjE3MDAwNzU3WjCBlzELMAkGA1UEBhMCVVMxEzAR +MTgwNDEzMTUyMzEwWhcNMjEwMTA3MTUyMzEwWjCBlzELMAkGA1UEBhMCVVMxEzAR BgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdv bGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxEzARBgNVBAMMClNlcnZl ciAxLTAxHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqG @@ -77,12 +77,12 @@ FLMRMsmSmITiyfjQO24DQsofDo48oYGepIGbMIGYMQswCQYDVQQGEwJVUzETMBEG A1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEVMBMGA1UECgwMd29s ZlNTTCBJbmMuMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEUMBIGA1UEAwwLU2VydmVy IDEgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CAWcwCQYDVR0T -BAIwADANBgkqhkiG9w0BAQUFAAOCAQEAbZi55wOzDjYV9W9sYFmdYJXLjDH2t30n -ajeZecsGiUqHyKbXhkZc8wL5N5g60lk6N1l+RljuGLJ3qYU5ReEF1Ke8HsxKo74e -flgVecQljx0/9OJdPMGlRfPg/ZeWSXjHx+LpeJeRnESj+bTMFGG0A1Xv0jM7jY4B -4aEnpB5mBhML4FtraYqKyMWpo49u3SUDXz9lIY7VstwO4bbS/ZzYmTP2S4xxK54K -OkClKO/YZfsIL/TpK9Z8nAkcbqrwf2cT3KPm+lxJBLpV1D5NFz3pE7+xlehxQUdK -c1KXhXGsobcygmR3wlNc8DWBNBB3CWkEcwU5tmIu/TekID5AmKXl3A== +BAIwADANBgkqhkiG9w0BAQUFAAOCAQEAiObHp/wzMfbjHf6SxWlZB8twehiKzEwQ +emv0GjJ4H1WQco3ieJOGtp0vOxLM9oGHWQtUYbTq2npMJ4JJiXhB9FdYshf88TXH +IKlRhCHpSmhcGx0sGrNHkydZpORz6LgwW7dfHxAHWQy91KbhfNaRI065/YUiTAbz +CFgYSIXbRkCx158Ttao0pbk4/7cIGl7jdoAWbLmOV1HcXqED5unurKLQJj3/l5YL +ZgaaySZKwaMC9UfVh9nqqK8hcHf4mxXswO791Ba3ik3AjyUta93db0x/tWxZt6R8 +6VKpvHmKYnyroewL+ltu+NsRcqHpxkqDgmTqThNE1AQXw+6N6kubaQ== -----END CERTIFICATE----- Certificate: Data: @@ -91,8 +91,8 @@ Certificate: Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 1 CA/emailAddress=info@wolfssl.com Validity - Not Before: Sep 20 21:23:18 2016 GMT - Not After : Jun 16 21:23:18 2019 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 1-0 CA/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -130,27 +130,27 @@ Certificate: X509v3 Key Usage: Certificate Sign, CRL Sign Signature Algorithm: sha1WithRSAEncryption - 37:78:ec:5f:82:05:c6:19:f6:3a:be:82:5f:1e:d3:69:26:20: - 92:f2:24:e8:6d:5f:44:70:ca:bd:53:24:ab:1f:58:6b:24:08: - d0:3a:a6:46:d3:1d:63:7c:22:8b:4a:e2:69:9e:de:03:08:91: - b5:37:bb:55:fe:91:fc:b4:2f:ce:9f:58:f7:80:6c:77:ed:82: - 6d:93:f0:30:9b:42:21:dc:98:64:87:df:f5:2f:f6:90:d9:af: - 7b:e0:98:68:07:3a:bd:70:60:e6:c8:4b:a2:c7:aa:9d:3b:cf: - 79:07:44:57:86:cc:e2:3a:7d:b1:ee:c7:61:48:8c:0e:b0:8d: - 0c:f6:c2:3e:e2:68:2d:50:a7:ac:5b:86:6e:f5:d1:5e:24:dd: - b7:c4:23:c0:90:82:e1:4f:bb:a7:6f:94:d3:9b:a3:28:30:12: - 8b:57:18:79:91:92:44:97:ff:08:75:49:74:3b:a8:91:ca:30: - e0:d0:5b:90:b7:26:14:69:b8:fe:72:fa:cd:8a:da:75:28:6d: - e2:e4:82:83:83:01:e4:60:c8:67:5b:ef:04:a9:29:2a:6d:64: - 1a:fc:fd:52:57:57:56:b3:bb:06:0e:e5:5f:22:d1:88:6b:12: - aa:f1:d5:91:09:c9:5c:1c:55:18:e6:34:fa:cd:d7:aa:bf:04: - fa:58:7d:cf + 2b:e5:fc:8a:56:f9:f4:37:84:c8:9a:b4:9d:46:33:24:9d:03: + 59:a2:c7:dd:31:75:31:ac:bf:f2:78:15:7d:31:82:dd:f4:d1: + e8:f8:01:ac:02:cb:b6:32:5f:18:a5:20:37:1e:5d:3f:29:f6: + 8a:4b:16:c3:64:5e:98:6d:09:3b:6f:24:fe:58:c0:12:1f:86: + 18:0e:4d:e8:d9:bd:4d:44:e6:58:0d:69:fb:52:4d:b5:da:38: + 6d:c0:59:70:f5:5a:6b:51:98:f8:94:bd:d6:14:72:1f:38:fd: + 63:53:c6:f6:eb:f5:f2:c0:ce:b3:fc:35:6e:7a:78:32:28:dd: + 90:65:a1:03:02:69:2c:c9:04:22:70:c4:a8:44:8e:88:99:1c: + 3d:fb:21:a3:b0:d5:f1:29:d0:b8:44:6b:e5:34:bb:74:49:f2: + 29:10:e2:74:98:d5:11:68:a0:c1:b1:15:ae:cc:5f:d9:bb:83: + 78:7f:d2:3f:aa:c0:fc:a3:36:24:bf:b2:ab:94:7f:86:79:94: + 23:dc:8d:4d:83:fa:9d:00:ed:14:15:c7:2c:1d:e2:05:6f:2e: + ba:f9:af:9c:6a:ef:05:0c:64:2d:f8:0a:61:7b:2d:67:3e:f1: + fb:2b:e3:09:47:98:2e:a5:68:64:7a:f8:67:5a:56:b8:68:42: + 90:8d:3b:cb -----BEGIN CERTIFICATE----- MIIEtjCCA56gAwIBAgIBZzANBgkqhkiG9w0BAQUFADCBmDELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxFDASBgNVBAMMC1Nl -cnZlciAxIENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE2 -MDkyMDIxMjMxOFoXDTE5MDYxNjIxMjMxOFowgZoxCzAJBgNVBAYTAlVTMRMwEQYD +cnZlciAxIENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE4 +MDQxMzE1MjMxMFoXDTIxMDEwNzE1MjMxMFowgZoxCzAJBgNVBAYTAlVTMRMwEQYD VQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRUwEwYDVQQKDAx3b2xm U1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMRYwFAYDVQQDDA1TZXJ2ZXIg MS0wIENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIBIjANBgkq @@ -165,13 +165,13 @@ gbaAFLMRMsmSmITiyfjQO24DQsofDo48oYGapIGXMIGUMQswCQYDVQQGEwJVUzEQ MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3 dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIBZjAPBgNVHRME -CDAGAQH/AgEAMAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAN3jsX4IF -xhn2Or6CXx7TaSYgkvIk6G1fRHDKvVMkqx9YayQI0DqmRtMdY3wii0riaZ7eAwiR -tTe7Vf6R/LQvzp9Y94Bsd+2CbZPwMJtCIdyYZIff9S/2kNmve+CYaAc6vXBg5shL -oseqnTvPeQdEV4bM4jp9se7HYUiMDrCNDPbCPuJoLVCnrFuGbvXRXiTdt8QjwJCC -4U+7p2+U05ujKDASi1cYeZGSRJf/CHVJdDuokcow4NBbkLcmFGm4/nL6zYradSht -4uSCg4MB5GDIZ1vvBKkpKm1kGvz9UldXVrO7Bg7lXyLRiGsSqvHVkQnJXBxVGOY0 -+s3Xqr8E+lh9zw== +CDAGAQH/AgEAMAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAK+X8ilb5 +9DeEyJq0nUYzJJ0DWaLH3TF1May/8ngVfTGC3fTR6PgBrALLtjJfGKUgNx5dPyn2 +iksWw2RemG0JO28k/ljAEh+GGA5N6Nm9TUTmWA1p+1JNtdo4bcBZcPVaa1GY+JS9 +1hRyHzj9Y1PG9uv18sDOs/w1bnp4MijdkGWhAwJpLMkEInDEqESOiJkcPfsho7DV +8SnQuERr5TS7dEnyKRDidJjVEWigwbEVrsxf2buDeH/SP6rA/KM2JL+yq5R/hnmU +I9yNTYP6nQDtFBXHLB3iBW8uuvmvnGrvBQxkLfgKYXstZz7x+yvjCUeYLqVoZHr4 +Z1pWuGhCkI07yw== -----END CERTIFICATE----- Certificate: Data: @@ -180,8 +180,8 @@ Certificate: Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Sep 19 23:16:34 2016 GMT - Not After : Jun 16 23:16:34 2019 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 1 CA/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -212,34 +212,34 @@ Certificate: X509v3 Authority Key Identifier: keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:B7:B6:90:33:66:1B:6B:23 + serial:86:FF:F5:8E:10:DE:B8:FB X509v3 Basic Constraints: CA:TRUE, pathlen:1 X509v3 Key Usage: Certificate Sign, CRL Sign Signature Algorithm: sha1WithRSAEncryption - 83:fd:d4:aa:5d:ba:bd:55:4a:76:80:0b:7b:fb:ac:61:46:e5: - e7:0d:2c:2b:85:d3:6a:af:40:4c:f1:51:2b:7d:8b:52:ce:77: - 4e:73:39:b2:77:79:95:a6:49:b9:8c:c3:99:8d:d5:71:f4:33: - ca:dc:5a:81:7a:b3:ec:1e:97:ee:c8:b8:c7:ec:7e:91:74:5c: - 0a:78:e3:db:a4:6f:90:69:4c:4a:a8:4c:cd:96:f3:8e:94:31: - 86:48:b4:77:0a:c6:ee:8d:43:c9:2e:11:86:4c:0d:67:e0:8b: - 4c:d2:84:9d:18:88:ef:93:34:bb:69:93:c0:96:a0:d1:4f:b7: - 7e:a8:05:99:09:8e:39:66:13:8d:91:fe:05:12:c7:99:6a:2f: - 38:5e:58:2f:5d:0c:54:14:6b:c9:8a:dc:c2:21:ce:44:38:09: - f3:13:96:23:12:a6:fc:24:a1:bc:8c:7e:65:9c:1f:e3:f9:58: - a4:42:b7:20:97:29:c6:f2:b7:61:d2:67:25:ba:bb:c0:79:00: - 69:e1:30:6d:46:1d:ee:6e:44:ee:7d:9a:35:ef:bb:41:b4:ac: - e0:78:9e:ef:c5:e4:19:09:05:22:0d:06:b3:16:52:df:90:fc: - d5:fb:6f:52:bd:44:55:13:4b:86:81:0b:a9:75:74:64:33:32: - 8f:98:a8:50 + 38:60:36:73:96:77:51:dc:fe:99:5a:1d:b4:b8:0e:c2:1b:96: + 13:b0:e9:6c:42:24:db:d2:20:6c:0c:1b:2e:d4:de:cb:7b:fd: + 0f:91:7d:18:23:50:87:29:51:fc:97:1c:8a:2f:3a:5c:89:59: + 18:54:24:d3:5b:6c:f9:5d:99:11:2c:2d:4d:1f:6b:e6:59:4e: + e8:ba:37:b5:f8:b0:44:3d:e5:47:4d:ac:b0:a0:55:6b:89:a3: + e4:65:87:91:5f:71:51:55:e6:ea:30:d0:13:a1:11:b2:04:b1: + c7:62:cc:55:2e:ac:d4:87:a1:87:48:7a:45:bc:2b:c5:c5:90: + 1a:a2:98:93:63:6c:97:18:a3:18:58:7a:ba:b3:84:8f:ed:b3: + 9a:bf:5a:31:2f:4e:24:43:74:7a:23:dd:c3:7b:76:8b:6c:aa: + ad:76:d9:39:4b:7f:e5:c2:24:65:75:b5:1c:29:ca:c4:a3:9d: + 6d:d6:9f:cd:05:3b:c5:54:db:76:01:51:dc:2e:60:08:74:81: + 83:1b:d1:e8:77:3e:ac:67:49:f6:1b:4c:5e:56:6a:93:40:15: + 86:dc:c0:c1:70:7d:62:66:ed:ff:32:2d:b6:f8:0f:a4:4f:75: + 92:22:37:04:3a:32:16:e8:bc:b6:15:a4:0f:17:6e:72:6e:43: + 1a:13:d9:87 -----BEGIN CERTIFICATE----- MIIEuDCCA6CgAwIBAgIBZjANBgkqhkiG9w0BAQUFADCBlDELMAkGA1UEBhMCVVMx EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz -bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTYwOTE5 -MjMxNjM0WhcNMTkwNjE2MjMxNjM0WjCBmDELMAkGA1UEBhMCVVMxEzARBgNVBAgM +bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTgwNDEz +MTUyMzEwWhcNMjEwMTA3MTUyMzEwWjCBmDELMAkGA1UEBhMCVVMxEzARBgNVBAgM Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdvbGZTU0wg SW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxFDASBgNVBAMMC1NlcnZlciAxIENB MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIBIjANBgkqhkiG9w0B @@ -253,12 +253,12 @@ HQYDVR0OBBYEFLMRMsmSmITiyfjQO24DQsofDo48MIHJBgNVHSMEgcEwgb6AFCeO ZxF0wyYdP+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYDVQQGEwJVUzEQMA4GA1UE CAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3dG9vdGgx EzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEf -MB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIJALe2kDNmG2sjMA8GA1Ud -EwQIMAYBAf8CAQEwCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQCD/dSq -Xbq9VUp2gAt7+6xhRuXnDSwrhdNqr0BM8VErfYtSzndOczmyd3mVpkm5jMOZjdVx -9DPK3FqBerPsHpfuyLjH7H6RdFwKeOPbpG+QaUxKqEzNlvOOlDGGSLR3CsbujUPJ -LhGGTA1n4ItM0oSdGIjvkzS7aZPAlqDRT7d+qAWZCY45ZhONkf4FEseZai84Xlgv -XQxUFGvJitzCIc5EOAnzE5YjEqb8JKG8jH5lnB/j+VikQrcglynG8rdh0mclurvA -eQBp4TBtRh3ubkTufZo177tBtKzgeJ7vxeQZCQUiDQazFlLfkPzV+29SvURVE0uG -gQupdXRkMzKPmKhQ +MB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIJAIb/9Y4Q3rj7MA8GA1Ud +EwQIMAYBAf8CAQEwCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQA4YDZz +lndR3P6ZWh20uA7CG5YTsOlsQiTb0iBsDBsu1N7Le/0PkX0YI1CHKVH8lxyKLzpc +iVkYVCTTW2z5XZkRLC1NH2vmWU7ouje1+LBEPeVHTaywoFVriaPkZYeRX3FRVebq +MNAToRGyBLHHYsxVLqzUh6GHSHpFvCvFxZAaopiTY2yXGKMYWHq6s4SP7bOav1ox +L04kQ3R6I93De3aLbKqtdtk5S3/lwiRldbUcKcrEo51t1p/NBTvFVNt2AVHcLmAI +dIGDG9Hodz6sZ0n2G0xeVmqTQBWG3MDBcH1iZu3/Mi22+A+kT3WSIjcEOjIW6Ly2 +FaQPF25ybkMaE9mH -----END CERTIFICATE----- diff --git a/certs/test-pathlen/server-1-ca.pem b/certs/test-pathlen/server-1-ca.pem index f13f3e949..d1625ee40 100644 --- a/certs/test-pathlen/server-1-ca.pem +++ b/certs/test-pathlen/server-1-ca.pem @@ -5,8 +5,8 @@ Certificate: Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Sep 19 23:16:34 2016 GMT - Not After : Jun 16 23:16:34 2019 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 1 CA/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -37,34 +37,34 @@ Certificate: X509v3 Authority Key Identifier: keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:B7:B6:90:33:66:1B:6B:23 + serial:86:FF:F5:8E:10:DE:B8:FB X509v3 Basic Constraints: CA:TRUE, pathlen:1 X509v3 Key Usage: Certificate Sign, CRL Sign Signature Algorithm: sha1WithRSAEncryption - 83:fd:d4:aa:5d:ba:bd:55:4a:76:80:0b:7b:fb:ac:61:46:e5: - e7:0d:2c:2b:85:d3:6a:af:40:4c:f1:51:2b:7d:8b:52:ce:77: - 4e:73:39:b2:77:79:95:a6:49:b9:8c:c3:99:8d:d5:71:f4:33: - ca:dc:5a:81:7a:b3:ec:1e:97:ee:c8:b8:c7:ec:7e:91:74:5c: - 0a:78:e3:db:a4:6f:90:69:4c:4a:a8:4c:cd:96:f3:8e:94:31: - 86:48:b4:77:0a:c6:ee:8d:43:c9:2e:11:86:4c:0d:67:e0:8b: - 4c:d2:84:9d:18:88:ef:93:34:bb:69:93:c0:96:a0:d1:4f:b7: - 7e:a8:05:99:09:8e:39:66:13:8d:91:fe:05:12:c7:99:6a:2f: - 38:5e:58:2f:5d:0c:54:14:6b:c9:8a:dc:c2:21:ce:44:38:09: - f3:13:96:23:12:a6:fc:24:a1:bc:8c:7e:65:9c:1f:e3:f9:58: - a4:42:b7:20:97:29:c6:f2:b7:61:d2:67:25:ba:bb:c0:79:00: - 69:e1:30:6d:46:1d:ee:6e:44:ee:7d:9a:35:ef:bb:41:b4:ac: - e0:78:9e:ef:c5:e4:19:09:05:22:0d:06:b3:16:52:df:90:fc: - d5:fb:6f:52:bd:44:55:13:4b:86:81:0b:a9:75:74:64:33:32: - 8f:98:a8:50 + 38:60:36:73:96:77:51:dc:fe:99:5a:1d:b4:b8:0e:c2:1b:96: + 13:b0:e9:6c:42:24:db:d2:20:6c:0c:1b:2e:d4:de:cb:7b:fd: + 0f:91:7d:18:23:50:87:29:51:fc:97:1c:8a:2f:3a:5c:89:59: + 18:54:24:d3:5b:6c:f9:5d:99:11:2c:2d:4d:1f:6b:e6:59:4e: + e8:ba:37:b5:f8:b0:44:3d:e5:47:4d:ac:b0:a0:55:6b:89:a3: + e4:65:87:91:5f:71:51:55:e6:ea:30:d0:13:a1:11:b2:04:b1: + c7:62:cc:55:2e:ac:d4:87:a1:87:48:7a:45:bc:2b:c5:c5:90: + 1a:a2:98:93:63:6c:97:18:a3:18:58:7a:ba:b3:84:8f:ed:b3: + 9a:bf:5a:31:2f:4e:24:43:74:7a:23:dd:c3:7b:76:8b:6c:aa: + ad:76:d9:39:4b:7f:e5:c2:24:65:75:b5:1c:29:ca:c4:a3:9d: + 6d:d6:9f:cd:05:3b:c5:54:db:76:01:51:dc:2e:60:08:74:81: + 83:1b:d1:e8:77:3e:ac:67:49:f6:1b:4c:5e:56:6a:93:40:15: + 86:dc:c0:c1:70:7d:62:66:ed:ff:32:2d:b6:f8:0f:a4:4f:75: + 92:22:37:04:3a:32:16:e8:bc:b6:15:a4:0f:17:6e:72:6e:43: + 1a:13:d9:87 -----BEGIN CERTIFICATE----- MIIEuDCCA6CgAwIBAgIBZjANBgkqhkiG9w0BAQUFADCBlDELMAkGA1UEBhMCVVMx EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz -bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTYwOTE5 -MjMxNjM0WhcNMTkwNjE2MjMxNjM0WjCBmDELMAkGA1UEBhMCVVMxEzARBgNVBAgM +bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTgwNDEz +MTUyMzEwWhcNMjEwMTA3MTUyMzEwWjCBmDELMAkGA1UEBhMCVVMxEzARBgNVBAgM Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdvbGZTU0wg SW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxFDASBgNVBAMMC1NlcnZlciAxIENB MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIBIjANBgkqhkiG9w0B @@ -78,12 +78,12 @@ HQYDVR0OBBYEFLMRMsmSmITiyfjQO24DQsofDo48MIHJBgNVHSMEgcEwgb6AFCeO ZxF0wyYdP+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYDVQQGEwJVUzEQMA4GA1UE CAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3dG9vdGgx EzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEf -MB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIJALe2kDNmG2sjMA8GA1Ud -EwQIMAYBAf8CAQEwCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQCD/dSq -Xbq9VUp2gAt7+6xhRuXnDSwrhdNqr0BM8VErfYtSzndOczmyd3mVpkm5jMOZjdVx -9DPK3FqBerPsHpfuyLjH7H6RdFwKeOPbpG+QaUxKqEzNlvOOlDGGSLR3CsbujUPJ -LhGGTA1n4ItM0oSdGIjvkzS7aZPAlqDRT7d+qAWZCY45ZhONkf4FEseZai84Xlgv -XQxUFGvJitzCIc5EOAnzE5YjEqb8JKG8jH5lnB/j+VikQrcglynG8rdh0mclurvA -eQBp4TBtRh3ubkTufZo177tBtKzgeJ7vxeQZCQUiDQazFlLfkPzV+29SvURVE0uG -gQupdXRkMzKPmKhQ +MB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIJAIb/9Y4Q3rj7MA8GA1Ud +EwQIMAYBAf8CAQEwCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQA4YDZz +lndR3P6ZWh20uA7CG5YTsOlsQiTb0iBsDBsu1N7Le/0PkX0YI1CHKVH8lxyKLzpc +iVkYVCTTW2z5XZkRLC1NH2vmWU7ouje1+LBEPeVHTaywoFVriaPkZYeRX3FRVebq +MNAToRGyBLHHYsxVLqzUh6GHSHpFvCvFxZAaopiTY2yXGKMYWHq6s4SP7bOav1ox +L04kQ3R6I93De3aLbKqtdtk5S3/lwiRldbUcKcrEo51t1p/NBTvFVNt2AVHcLmAI +dIGDG9Hodz6sZ0n2G0xeVmqTQBWG3MDBcH1iZu3/Mi22+A+kT3WSIjcEOjIW6Ly2 +FaQPF25ybkMaE9mH -----END CERTIFICATE----- diff --git a/certs/test-pathlen/server-1-cert.pem b/certs/test-pathlen/server-1-cert.pem index beb05ecce..c091d8e59 100644 --- a/certs/test-pathlen/server-1-cert.pem +++ b/certs/test-pathlen/server-1-cert.pem @@ -5,8 +5,8 @@ Certificate: Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 1 CA/emailAddress=info@wolfssl.com Validity - Not Before: Sep 20 00:06:27 2016 GMT - Not After : Jun 17 00:06:27 2019 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 1/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -42,27 +42,27 @@ Certificate: X509v3 Basic Constraints: CA:FALSE Signature Algorithm: sha1WithRSAEncryption - 13:f9:04:1c:01:40:c5:1c:e9:51:fc:95:da:cb:d1:44:9f:25: - 63:e8:85:f7:85:78:f1:ac:01:2d:25:34:16:96:62:a8:5a:fd: - 41:a2:2a:60:b1:c3:97:92:59:0d:ba:2c:74:ae:a5:ff:ae:3d: - 22:99:1e:ca:f9:89:4e:7c:c1:65:00:0e:84:61:3f:2d:5f:47: - 7f:a9:90:bf:fa:83:64:55:2c:0c:ec:34:92:59:07:b0:86:9d: - 66:a4:d4:16:82:e1:a8:ab:d1:12:00:b2:a4:af:c7:69:c4:54: - 0b:bb:4f:64:9b:77:94:ed:5d:aa:42:70:4e:7c:5f:ae:46:91: - 17:95:0b:27:b3:fd:28:87:34:8c:a8:4e:7d:07:9e:c1:d4:fd: - 6b:e5:c5:a9:ca:c3:24:35:26:b5:7e:aa:11:78:f4:fa:c7:66: - 59:cd:58:8f:13:7a:cf:00:8d:ba:75:8d:0d:ed:ca:ef:70:93: - d7:8c:d9:a4:c0:4b:b1:00:b3:da:5f:71:a6:6a:4d:3b:40:36: - 76:12:75:45:50:a1:32:ca:14:76:9d:d8:3d:92:7e:80:e1:d0: - 24:c3:a1:56:77:06:a6:d8:d3:f3:18:c1:69:d4:e3:4d:95:2b: - 05:00:1b:e5:2a:a8:ca:69:01:7e:c4:c8:e5:e5:09:b5:3b:65: - 73:5f:ba:46 + 0a:13:4d:88:d8:79:0d:79:f7:44:0d:81:c8:5d:c4:ae:86:b5: + a3:ed:58:20:83:f4:6c:15:bc:1f:fc:fb:de:c5:88:1f:41:19: + 0b:a9:5f:21:39:87:33:0f:fe:e2:3c:e4:b3:94:9e:eb:0b:6f: + 40:c0:e2:c3:bd:2d:04:c4:ca:67:32:3d:44:89:60:de:b8:df: + 1d:07:4a:f6:50:94:2d:9e:57:f7:21:89:66:af:1c:fc:67:d0: + 14:59:46:12:bd:6e:cb:ea:cd:30:2d:f4:4c:9f:57:64:33:96: + 71:4b:71:cc:3a:da:40:46:03:88:4c:3e:b1:86:fd:48:af:61: + 42:f0:05:78:2a:f8:10:ec:11:f5:32:95:f6:83:d4:fc:d2:d3: + 0c:33:a6:22:62:2f:f1:4b:b6:ec:85:69:8c:19:16:9e:65:06: + 4d:71:2b:e1:36:25:a6:86:29:52:92:28:f9:5e:d3:b3:e4:fa: + 69:8f:d6:ee:39:6f:66:57:89:fa:9d:e5:05:d6:fe:53:0a:1d: + 18:aa:05:27:da:11:3d:a2:55:cb:31:f9:8d:78:07:56:db:a4: + 46:a2:07:e6:92:7b:8c:b9:65:7b:5c:05:29:aa:18:3e:a3:a2: + ff:4e:84:52:d7:06:72:eb:6c:ee:cc:93:88:77:85:2f:f0:99: + 65:32:58:b4 -----BEGIN CERTIFICATE----- MIIEnDCCA4SgAwIBAgIBaTANBgkqhkiG9w0BAQUFADCBmDELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxFDASBgNVBAMMC1Nl -cnZlciAxIENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE2 -MDkyMDAwMDYyN1oXDTE5MDYxNzAwMDYyN1owgZUxCzAJBgNVBAYTAlVTMRMwEQYD +cnZlciAxIENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE4 +MDQxMzE1MjMxMFoXDTIxMDEwNzE1MjMxMFowgZUxCzAJBgNVBAYTAlVTMRMwEQYD VQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRUwEwYDVQQKDAx3b2xm U1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMREwDwYDVQQDDAhTZXJ2ZXIg MTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZIhvcN @@ -77,10 +77,10 @@ yZKYhOLJ+NA7bgNCyh8OjjyhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYDVQQI DAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290aDET MBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8w HQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggFmMAkGA1UdEwQCMAAwDQYJ -KoZIhvcNAQEFBQADggEBABP5BBwBQMUc6VH8ldrL0USfJWPohfeFePGsAS0lNBaW -Yqha/UGiKmCxw5eSWQ26LHSupf+uPSKZHsr5iU58wWUADoRhPy1fR3+pkL/6g2RV -LAzsNJJZB7CGnWak1BaC4air0RIAsqSvx2nEVAu7T2Sbd5TtXapCcE58X65GkReV -Cyez/SiHNIyoTn0HnsHU/WvlxanKwyQ1JrV+qhF49PrHZlnNWI8Tes8Ajbp1jQ3t -yu9wk9eM2aTAS7EAs9pfcaZqTTtANnYSdUVQoTLKFHad2D2SfoDh0CTDoVZ3BqbY -0/MYwWnU402VKwUAG+UqqMppAX7EyOXlCbU7ZXNfukY= +KoZIhvcNAQEFBQADggEBAAoTTYjYeQ1590QNgchdxK6GtaPtWCCD9GwVvB/8+97F +iB9BGQupXyE5hzMP/uI85LOUnusLb0DA4sO9LQTEymcyPUSJYN643x0HSvZQlC2e +V/chiWavHPxn0BRZRhK9bsvqzTAt9EyfV2QzlnFLccw62kBGA4hMPrGG/UivYULw +BXgq+BDsEfUylfaD1PzS0wwzpiJiL/FLtuyFaYwZFp5lBk1xK+E2JaaGKVKSKPle +07Pk+mmP1u45b2ZXifqd5QXW/lMKHRiqBSfaET2iVcsx+Y14B1bbpEaiB+aSe4y5 +ZXtcBSmqGD6jov9OhFLXBnLrbO7Mk4h3hS/wmWUyWLQ= -----END CERTIFICATE----- diff --git a/certs/test-pathlen/server-1-chain.pem b/certs/test-pathlen/server-1-chain.pem index c4e9c445e..80ab114c9 100644 --- a/certs/test-pathlen/server-1-chain.pem +++ b/certs/test-pathlen/server-1-chain.pem @@ -5,8 +5,8 @@ Certificate: Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 1 CA/emailAddress=info@wolfssl.com Validity - Not Before: Sep 20 00:06:27 2016 GMT - Not After : Jun 17 00:06:27 2019 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 1/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -42,27 +42,27 @@ Certificate: X509v3 Basic Constraints: CA:FALSE Signature Algorithm: sha1WithRSAEncryption - 13:f9:04:1c:01:40:c5:1c:e9:51:fc:95:da:cb:d1:44:9f:25: - 63:e8:85:f7:85:78:f1:ac:01:2d:25:34:16:96:62:a8:5a:fd: - 41:a2:2a:60:b1:c3:97:92:59:0d:ba:2c:74:ae:a5:ff:ae:3d: - 22:99:1e:ca:f9:89:4e:7c:c1:65:00:0e:84:61:3f:2d:5f:47: - 7f:a9:90:bf:fa:83:64:55:2c:0c:ec:34:92:59:07:b0:86:9d: - 66:a4:d4:16:82:e1:a8:ab:d1:12:00:b2:a4:af:c7:69:c4:54: - 0b:bb:4f:64:9b:77:94:ed:5d:aa:42:70:4e:7c:5f:ae:46:91: - 17:95:0b:27:b3:fd:28:87:34:8c:a8:4e:7d:07:9e:c1:d4:fd: - 6b:e5:c5:a9:ca:c3:24:35:26:b5:7e:aa:11:78:f4:fa:c7:66: - 59:cd:58:8f:13:7a:cf:00:8d:ba:75:8d:0d:ed:ca:ef:70:93: - d7:8c:d9:a4:c0:4b:b1:00:b3:da:5f:71:a6:6a:4d:3b:40:36: - 76:12:75:45:50:a1:32:ca:14:76:9d:d8:3d:92:7e:80:e1:d0: - 24:c3:a1:56:77:06:a6:d8:d3:f3:18:c1:69:d4:e3:4d:95:2b: - 05:00:1b:e5:2a:a8:ca:69:01:7e:c4:c8:e5:e5:09:b5:3b:65: - 73:5f:ba:46 + 0a:13:4d:88:d8:79:0d:79:f7:44:0d:81:c8:5d:c4:ae:86:b5: + a3:ed:58:20:83:f4:6c:15:bc:1f:fc:fb:de:c5:88:1f:41:19: + 0b:a9:5f:21:39:87:33:0f:fe:e2:3c:e4:b3:94:9e:eb:0b:6f: + 40:c0:e2:c3:bd:2d:04:c4:ca:67:32:3d:44:89:60:de:b8:df: + 1d:07:4a:f6:50:94:2d:9e:57:f7:21:89:66:af:1c:fc:67:d0: + 14:59:46:12:bd:6e:cb:ea:cd:30:2d:f4:4c:9f:57:64:33:96: + 71:4b:71:cc:3a:da:40:46:03:88:4c:3e:b1:86:fd:48:af:61: + 42:f0:05:78:2a:f8:10:ec:11:f5:32:95:f6:83:d4:fc:d2:d3: + 0c:33:a6:22:62:2f:f1:4b:b6:ec:85:69:8c:19:16:9e:65:06: + 4d:71:2b:e1:36:25:a6:86:29:52:92:28:f9:5e:d3:b3:e4:fa: + 69:8f:d6:ee:39:6f:66:57:89:fa:9d:e5:05:d6:fe:53:0a:1d: + 18:aa:05:27:da:11:3d:a2:55:cb:31:f9:8d:78:07:56:db:a4: + 46:a2:07:e6:92:7b:8c:b9:65:7b:5c:05:29:aa:18:3e:a3:a2: + ff:4e:84:52:d7:06:72:eb:6c:ee:cc:93:88:77:85:2f:f0:99: + 65:32:58:b4 -----BEGIN CERTIFICATE----- MIIEnDCCA4SgAwIBAgIBaTANBgkqhkiG9w0BAQUFADCBmDELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxFDASBgNVBAMMC1Nl -cnZlciAxIENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE2 -MDkyMDAwMDYyN1oXDTE5MDYxNzAwMDYyN1owgZUxCzAJBgNVBAYTAlVTMRMwEQYD +cnZlciAxIENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE4 +MDQxMzE1MjMxMFoXDTIxMDEwNzE1MjMxMFowgZUxCzAJBgNVBAYTAlVTMRMwEQYD VQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRUwEwYDVQQKDAx3b2xm U1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMREwDwYDVQQDDAhTZXJ2ZXIg MTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZIhvcN @@ -77,12 +77,12 @@ yZKYhOLJ+NA7bgNCyh8OjjyhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYDVQQI DAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290aDET MBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8w HQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggFmMAkGA1UdEwQCMAAwDQYJ -KoZIhvcNAQEFBQADggEBABP5BBwBQMUc6VH8ldrL0USfJWPohfeFePGsAS0lNBaW -Yqha/UGiKmCxw5eSWQ26LHSupf+uPSKZHsr5iU58wWUADoRhPy1fR3+pkL/6g2RV -LAzsNJJZB7CGnWak1BaC4air0RIAsqSvx2nEVAu7T2Sbd5TtXapCcE58X65GkReV -Cyez/SiHNIyoTn0HnsHU/WvlxanKwyQ1JrV+qhF49PrHZlnNWI8Tes8Ajbp1jQ3t -yu9wk9eM2aTAS7EAs9pfcaZqTTtANnYSdUVQoTLKFHad2D2SfoDh0CTDoVZ3BqbY -0/MYwWnU402VKwUAG+UqqMppAX7EyOXlCbU7ZXNfukY= +KoZIhvcNAQEFBQADggEBAAoTTYjYeQ1590QNgchdxK6GtaPtWCCD9GwVvB/8+97F +iB9BGQupXyE5hzMP/uI85LOUnusLb0DA4sO9LQTEymcyPUSJYN643x0HSvZQlC2e +V/chiWavHPxn0BRZRhK9bsvqzTAt9EyfV2QzlnFLccw62kBGA4hMPrGG/UivYULw +BXgq+BDsEfUylfaD1PzS0wwzpiJiL/FLtuyFaYwZFp5lBk1xK+E2JaaGKVKSKPle +07Pk+mmP1u45b2ZXifqd5QXW/lMKHRiqBSfaET2iVcsx+Y14B1bbpEaiB+aSe4y5 +ZXtcBSmqGD6jov9OhFLXBnLrbO7Mk4h3hS/wmWUyWLQ= -----END CERTIFICATE----- Certificate: Data: @@ -91,8 +91,8 @@ Certificate: Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Sep 19 23:16:34 2016 GMT - Not After : Jun 16 23:16:34 2019 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 1 CA/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -123,34 +123,34 @@ Certificate: X509v3 Authority Key Identifier: keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:B7:B6:90:33:66:1B:6B:23 + serial:86:FF:F5:8E:10:DE:B8:FB X509v3 Basic Constraints: CA:TRUE, pathlen:1 X509v3 Key Usage: Certificate Sign, CRL Sign Signature Algorithm: sha1WithRSAEncryption - 83:fd:d4:aa:5d:ba:bd:55:4a:76:80:0b:7b:fb:ac:61:46:e5: - e7:0d:2c:2b:85:d3:6a:af:40:4c:f1:51:2b:7d:8b:52:ce:77: - 4e:73:39:b2:77:79:95:a6:49:b9:8c:c3:99:8d:d5:71:f4:33: - ca:dc:5a:81:7a:b3:ec:1e:97:ee:c8:b8:c7:ec:7e:91:74:5c: - 0a:78:e3:db:a4:6f:90:69:4c:4a:a8:4c:cd:96:f3:8e:94:31: - 86:48:b4:77:0a:c6:ee:8d:43:c9:2e:11:86:4c:0d:67:e0:8b: - 4c:d2:84:9d:18:88:ef:93:34:bb:69:93:c0:96:a0:d1:4f:b7: - 7e:a8:05:99:09:8e:39:66:13:8d:91:fe:05:12:c7:99:6a:2f: - 38:5e:58:2f:5d:0c:54:14:6b:c9:8a:dc:c2:21:ce:44:38:09: - f3:13:96:23:12:a6:fc:24:a1:bc:8c:7e:65:9c:1f:e3:f9:58: - a4:42:b7:20:97:29:c6:f2:b7:61:d2:67:25:ba:bb:c0:79:00: - 69:e1:30:6d:46:1d:ee:6e:44:ee:7d:9a:35:ef:bb:41:b4:ac: - e0:78:9e:ef:c5:e4:19:09:05:22:0d:06:b3:16:52:df:90:fc: - d5:fb:6f:52:bd:44:55:13:4b:86:81:0b:a9:75:74:64:33:32: - 8f:98:a8:50 + 38:60:36:73:96:77:51:dc:fe:99:5a:1d:b4:b8:0e:c2:1b:96: + 13:b0:e9:6c:42:24:db:d2:20:6c:0c:1b:2e:d4:de:cb:7b:fd: + 0f:91:7d:18:23:50:87:29:51:fc:97:1c:8a:2f:3a:5c:89:59: + 18:54:24:d3:5b:6c:f9:5d:99:11:2c:2d:4d:1f:6b:e6:59:4e: + e8:ba:37:b5:f8:b0:44:3d:e5:47:4d:ac:b0:a0:55:6b:89:a3: + e4:65:87:91:5f:71:51:55:e6:ea:30:d0:13:a1:11:b2:04:b1: + c7:62:cc:55:2e:ac:d4:87:a1:87:48:7a:45:bc:2b:c5:c5:90: + 1a:a2:98:93:63:6c:97:18:a3:18:58:7a:ba:b3:84:8f:ed:b3: + 9a:bf:5a:31:2f:4e:24:43:74:7a:23:dd:c3:7b:76:8b:6c:aa: + ad:76:d9:39:4b:7f:e5:c2:24:65:75:b5:1c:29:ca:c4:a3:9d: + 6d:d6:9f:cd:05:3b:c5:54:db:76:01:51:dc:2e:60:08:74:81: + 83:1b:d1:e8:77:3e:ac:67:49:f6:1b:4c:5e:56:6a:93:40:15: + 86:dc:c0:c1:70:7d:62:66:ed:ff:32:2d:b6:f8:0f:a4:4f:75: + 92:22:37:04:3a:32:16:e8:bc:b6:15:a4:0f:17:6e:72:6e:43: + 1a:13:d9:87 -----BEGIN CERTIFICATE----- MIIEuDCCA6CgAwIBAgIBZjANBgkqhkiG9w0BAQUFADCBlDELMAkGA1UEBhMCVVMx EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz -bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTYwOTE5 -MjMxNjM0WhcNMTkwNjE2MjMxNjM0WjCBmDELMAkGA1UEBhMCVVMxEzARBgNVBAgM +bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTgwNDEz +MTUyMzEwWhcNMjEwMTA3MTUyMzEwWjCBmDELMAkGA1UEBhMCVVMxEzARBgNVBAgM Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdvbGZTU0wg SW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxFDASBgNVBAMMC1NlcnZlciAxIENB MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIBIjANBgkqhkiG9w0B @@ -164,12 +164,12 @@ HQYDVR0OBBYEFLMRMsmSmITiyfjQO24DQsofDo48MIHJBgNVHSMEgcEwgb6AFCeO ZxF0wyYdP+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYDVQQGEwJVUzEQMA4GA1UE CAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3dG9vdGgx EzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEf -MB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIJALe2kDNmG2sjMA8GA1Ud -EwQIMAYBAf8CAQEwCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQCD/dSq -Xbq9VUp2gAt7+6xhRuXnDSwrhdNqr0BM8VErfYtSzndOczmyd3mVpkm5jMOZjdVx -9DPK3FqBerPsHpfuyLjH7H6RdFwKeOPbpG+QaUxKqEzNlvOOlDGGSLR3CsbujUPJ -LhGGTA1n4ItM0oSdGIjvkzS7aZPAlqDRT7d+qAWZCY45ZhONkf4FEseZai84Xlgv -XQxUFGvJitzCIc5EOAnzE5YjEqb8JKG8jH5lnB/j+VikQrcglynG8rdh0mclurvA -eQBp4TBtRh3ubkTufZo177tBtKzgeJ7vxeQZCQUiDQazFlLfkPzV+29SvURVE0uG -gQupdXRkMzKPmKhQ +MB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIJAIb/9Y4Q3rj7MA8GA1Ud +EwQIMAYBAf8CAQEwCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQA4YDZz +lndR3P6ZWh20uA7CG5YTsOlsQiTb0iBsDBsu1N7Le/0PkX0YI1CHKVH8lxyKLzpc +iVkYVCTTW2z5XZkRLC1NH2vmWU7ouje1+LBEPeVHTaywoFVriaPkZYeRX3FRVebq +MNAToRGyBLHHYsxVLqzUh6GHSHpFvCvFxZAaopiTY2yXGKMYWHq6s4SP7bOav1ox +L04kQ3R6I93De3aLbKqtdtk5S3/lwiRldbUcKcrEo51t1p/NBTvFVNt2AVHcLmAI +dIGDG9Hodz6sZ0n2G0xeVmqTQBWG3MDBcH1iZu3/Mi22+A+kT3WSIjcEOjIW6Ly2 +FaQPF25ybkMaE9mH -----END CERTIFICATE----- diff --git a/certs/test-pathlen/server-127-ca.pem b/certs/test-pathlen/server-127-ca.pem index b89598548..a2189c6f3 100644 --- a/certs/test-pathlen/server-127-ca.pem +++ b/certs/test-pathlen/server-127-ca.pem @@ -5,8 +5,8 @@ Certificate: Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Sep 19 23:24:16 2016 GMT - Not After : Jun 16 23:24:16 2019 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 127 CA/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -37,34 +37,34 @@ Certificate: X509v3 Authority Key Identifier: keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:B7:B6:90:33:66:1B:6B:23 + serial:86:FF:F5:8E:10:DE:B8:FB X509v3 Basic Constraints: CA:TRUE, pathlen:127 X509v3 Key Usage: Certificate Sign, CRL Sign Signature Algorithm: sha1WithRSAEncryption - 34:c3:f2:9a:80:df:5c:8a:b4:c1:08:f5:c6:72:a2:74:90:1d: - e9:f9:7a:e7:6e:3b:df:be:01:28:6b:10:ee:5f:9d:8d:5b:7a: - fc:40:12:7f:b6:bb:ac:d9:07:73:78:d0:4f:53:5d:f8:c3:50: - ba:f7:76:a2:e5:12:fa:8f:01:24:a2:b7:8a:e4:6c:0b:62:51: - 37:39:4a:90:eb:11:16:26:58:44:ed:3f:41:57:8e:32:7a:e4: - 85:a7:ce:44:d2:46:28:9e:29:34:9b:16:a5:17:ef:56:11:0a: - 60:b8:88:7c:3e:ed:ec:5e:57:5f:b1:b9:b7:55:38:a0:ea:04: - 58:22:04:7e:30:f3:40:33:a1:cd:3f:24:72:7b:a4:b4:2d:b5: - 96:b3:80:7a:48:85:83:3c:6e:55:43:7c:13:d3:5e:f8:70:32: - da:5a:78:db:d0:54:54:9c:e9:38:05:da:7c:ac:bb:ec:79:cf: - 3e:56:32:ce:29:31:70:07:9a:c7:b4:00:02:33:af:1b:ce:7c: - 16:ff:8b:c0:8b:80:1e:0d:c7:d4:07:95:49:d4:9a:ed:55:b6: - 1f:bd:e7:77:b9:fa:af:29:6a:49:79:02:3c:b9:ea:6c:68:c3: - ef:ca:40:27:d0:15:d0:da:31:9c:2f:3d:a5:66:e3:f8:a4:98: - d5:00:5f:b2 + 44:50:b4:96:71:e5:9a:61:36:7b:c7:fa:05:88:39:e9:46:5b: + b0:b3:63:0d:5a:1b:c1:70:fd:d7:6a:9c:9d:0c:95:b7:ad:4f: + 9b:c2:34:24:90:d9:4b:bf:07:f7:18:d7:b8:13:3a:d5:01:8d: + e6:b6:15:ff:a4:94:36:4d:7b:b6:03:2f:12:ae:40:e1:ed:be: + 95:2d:2c:6c:22:9e:3e:87:12:7c:5c:bc:95:90:2a:cb:e3:e1: + 85:3e:60:4f:09:d6:44:83:15:7e:4f:c8:bb:b7:83:c9:13:17: + 9b:60:56:47:7c:cf:6d:83:5b:9e:9a:84:f5:fd:2b:aa:55:7c: + b7:fc:66:b5:49:66:77:e4:48:b6:3a:b2:d5:6f:a8:d8:25:a3: + a2:fa:4d:6f:ac:7a:b3:17:a9:5d:60:52:57:80:f3:5e:3b:2b: + c2:b5:85:af:f0:a2:c8:0b:ff:66:11:90:d9:25:12:e1:43:04: + c5:21:1f:b7:24:8a:c3:6d:a9:1d:32:de:72:5b:7e:fe:a2:aa: + 6f:54:e3:ca:25:fd:f2:86:41:4b:3c:eb:b6:0b:36:fe:93:14: + 5e:36:4e:79:22:15:45:64:a1:aa:78:d9:51:79:78:2f:72:f6: + 91:bd:f7:4b:d2:4a:24:ff:db:2d:4c:8f:ea:5d:b0:db:7a:cf: + b9:ad:43:f5 -----BEGIN CERTIFICATE----- MIIEujCCA6KgAwIBAgIBajANBgkqhkiG9w0BAQUFADCBlDELMAkGA1UEBhMCVVMx EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz -bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTYwOTE5 -MjMyNDE2WhcNMTkwNjE2MjMyNDE2WjCBmjELMAkGA1UEBhMCVVMxEzARBgNVBAgM +bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTgwNDEz +MTUyMzEwWhcNMjEwMTA3MTUyMzEwWjCBmjELMAkGA1UEBhMCVVMxEzARBgNVBAgM Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdvbGZTU0wg SW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxFjAUBgNVBAMMDVNlcnZlciAxMjcg Q0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3 @@ -78,12 +78,12 @@ CTAdBgNVHQ4EFgQUsxEyyZKYhOLJ+NA7bgNCyh8OjjwwgckGA1UdIwSBwTCBvoAU J45nEXTDJh0/7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYD VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290 aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t -MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkAt7aQM2YbayMwDwYD -VR0TBAgwBgEB/wIBfzALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQEFBQADggEBADTD -8pqA31yKtMEI9cZyonSQHen5euduO9++AShrEO5fnY1bevxAEn+2u6zZB3N40E9T -XfjDULr3dqLlEvqPASSit4rkbAtiUTc5SpDrERYmWETtP0FXjjJ65IWnzkTSRiie -KTSbFqUX71YRCmC4iHw+7exeV1+xubdVOKDqBFgiBH4w80Azoc0/JHJ7pLQttZaz -gHpIhYM8blVDfBPTXvhwMtpaeNvQVFSc6TgF2nysu+x5zz5WMs4pMXAHmse0AAIz -rxvOfBb/i8CLgB4Nx9QHlUnUmu1Vth+953e5+q8pakl5Ajy56mxow+/KQCfQFdDa -MZwvPaVm4/ikmNUAX7I= +MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkAhv/1jhDeuPswDwYD +VR0TBAgwBgEB/wIBfzALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQEFBQADggEBAERQ +tJZx5ZphNnvH+gWIOelGW7CzYw1aG8Fw/ddqnJ0MlbetT5vCNCSQ2Uu/B/cY17gT +OtUBjea2Ff+klDZNe7YDLxKuQOHtvpUtLGwinj6HEnxcvJWQKsvj4YU+YE8J1kSD +FX5PyLu3g8kTF5tgVkd8z22DW56ahPX9K6pVfLf8ZrVJZnfkSLY6stVvqNglo6L6 +TW+serMXqV1gUleA8147K8K1ha/wosgL/2YRkNklEuFDBMUhH7ckisNtqR0y3nJb +fv6iqm9U48ol/fKGQUs867YLNv6TFF42TnkiFUVkoap42VF5eC9y9pG990vSSiT/ +2y1Mj+pdsNt6z7mtQ/U= -----END CERTIFICATE----- diff --git a/certs/test-pathlen/server-127-cert.pem b/certs/test-pathlen/server-127-cert.pem index fe6697952..1b9d50a26 100644 --- a/certs/test-pathlen/server-127-cert.pem +++ b/certs/test-pathlen/server-127-cert.pem @@ -5,8 +5,8 @@ Certificate: Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 127 CA/emailAddress=info@wolfssl.com Validity - Not Before: Sep 20 00:09:11 2016 GMT - Not After : Jun 17 00:09:11 2019 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 127/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -42,27 +42,27 @@ Certificate: X509v3 Basic Constraints: CA:FALSE Signature Algorithm: sha1WithRSAEncryption - 65:05:63:43:5f:91:a4:54:31:3e:e8:55:ac:7b:b2:57:c2:f2: - 2e:3d:f2:53:cf:13:b5:35:7c:b6:f9:a7:86:e2:41:aa:14:6a: - 65:69:17:fb:02:39:7c:31:78:80:9a:0d:27:10:9a:7c:2c:17: - 30:03:32:6a:3f:06:fa:19:02:83:91:71:4d:50:e0:55:17:ed: - ec:62:3b:29:51:2e:c9:9a:75:3b:91:f9:bc:d0:2d:4f:ff:30: - d8:1d:b6:7e:8e:39:70:a1:c9:d1:f7:a3:81:a5:7c:5d:e4:e0: - cf:43:60:a1:c0:b8:e7:16:ed:43:6d:b2:09:cd:bc:51:57:f0: - 73:a2:cb:03:b6:c7:56:97:96:c6:8c:93:aa:44:3d:62:0c:b5: - ca:b8:65:1b:98:8f:ad:98:9e:9b:2e:83:0d:e6:d0:76:d8:c5: - 5c:4a:9e:40:88:65:c0:0e:bc:5c:87:dd:c1:e0:51:b7:8b:d5: - 73:da:8d:83:0d:16:60:a3:ff:f4:7c:4a:85:bb:a1:81:f5:9e: - 5d:f8:e7:d6:9d:6a:5b:9d:2b:f8:3d:02:16:ff:b9:6a:60:c9: - 64:40:5d:9c:37:a4:b8:ee:82:52:5c:db:07:5f:04:98:4a:f2: - ec:6c:86:50:9c:a0:99:5b:24:9a:d9:7d:1f:5d:f3:7e:47:59: - 10:48:f5:2a + 19:04:0b:64:d4:fa:c8:d2:aa:93:57:28:ad:c4:e4:70:f9:25: + 6c:06:f3:21:34:a9:af:03:aa:1d:02:b2:e4:34:df:a1:74:88: + 7f:8b:88:64:8c:6d:19:a6:4a:ee:62:80:8a:4c:17:1b:85:57: + e4:f0:b7:8d:66:9c:de:b7:bd:ed:2a:82:5c:d1:1e:ba:29:9d: + 92:b5:df:cf:8e:48:12:0a:d3:16:5f:f3:e2:db:c0:d1:42:e4: + 6b:3c:99:d3:fb:fc:87:9d:b0:44:5c:b5:8d:d8:e1:6c:58:df: + 37:b4:62:53:f8:85:7a:89:a0:40:f7:9f:f6:57:7c:9b:12:8e: + b4:46:2e:04:10:fd:8b:4b:ae:e6:1d:b7:63:3f:49:a9:ff:8a: + f4:77:d6:90:c9:07:9b:d0:1e:b8:8b:ea:5a:49:a4:ae:50:3a: + 7f:9e:01:46:22:7f:23:46:d2:8e:75:46:99:6b:3b:8c:f8:25: + 3a:17:a2:6d:b6:a1:b8:ba:c4:a7:75:a3:6a:3c:5f:fa:0a:e0: + ab:08:ab:26:d0:78:55:57:67:d2:e8:6f:c9:89:c1:9c:6f:54: + 47:af:13:9c:3e:e1:ac:00:c9:63:95:22:b9:ec:54:31:ac:26: + 1e:ab:e3:a4:04:5c:6e:9d:7a:6b:c1:e7:22:a0:b5:aa:42:35: + 81:94:d0:45 -----BEGIN CERTIFICATE----- MIIEoDCCA4igAwIBAgIBazANBgkqhkiG9w0BAQUFADCBmjELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxFjAUBgNVBAMMDVNl cnZlciAxMjcgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcN -MTYwOTIwMDAwOTExWhcNMTkwNjE3MDAwOTExWjCBlzELMAkGA1UEBhMCVVMxEzAR +MTgwNDEzMTUyMzEwWhcNMjEwMTA3MTUyMzEwWjCBlzELMAkGA1UEBhMCVVMxEzAR BgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdv bGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxEzARBgNVBAMMClNlcnZl ciAxMjcxHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqG @@ -77,10 +77,10 @@ FLMRMsmSmITiyfjQO24DQsofDo48oYGapIGXMIGUMQswCQYDVQQGEwJVUzEQMA4G A1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3dG9v dGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNv bTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIBajAJBgNVHRMEAjAA -MA0GCSqGSIb3DQEBBQUAA4IBAQBlBWNDX5GkVDE+6FWse7JXwvIuPfJTzxO1NXy2 -+aeG4kGqFGplaRf7Ajl8MXiAmg0nEJp8LBcwAzJqPwb6GQKDkXFNUOBVF+3sYjsp -US7JmnU7kfm80C1P/zDYHbZ+jjlwocnR96OBpXxd5ODPQ2ChwLjnFu1DbbIJzbxR -V/BzossDtsdWl5bGjJOqRD1iDLXKuGUbmI+tmJ6bLoMN5tB22MVcSp5AiGXADrxc -h93B4FG3i9Vz2o2DDRZgo//0fEqFu6GB9Z5d+OfWnWpbnSv4PQIW/7lqYMlkQF2c -N6S47oJSXNsHXwSYSvLsbIZQnKCZWySa2X0fXfN+R1kQSPUq +MA0GCSqGSIb3DQEBBQUAA4IBAQAZBAtk1PrI0qqTVyitxORw+SVsBvMhNKmvA6od +ArLkNN+hdIh/i4hkjG0ZpkruYoCKTBcbhVfk8LeNZpzet73tKoJc0R66KZ2Std/P +jkgSCtMWX/Pi28DRQuRrPJnT+/yHnbBEXLWN2OFsWN83tGJT+IV6iaBA95/2V3yb +Eo60Ri4EEP2LS67mHbdjP0mp/4r0d9aQyQeb0B64i+paSaSuUDp/ngFGIn8jRtKO +dUaZazuM+CU6F6JttqG4usSndaNqPF/6CuCrCKsm0HhVV2fS6G/JicGcb1RHrxOc +PuGsAMljlSK57FQxrCYeq+OkBFxunXprwecioLWqQjWBlNBF -----END CERTIFICATE----- diff --git a/certs/test-pathlen/server-127-chain.pem b/certs/test-pathlen/server-127-chain.pem index 33c643d15..922b92d27 100644 --- a/certs/test-pathlen/server-127-chain.pem +++ b/certs/test-pathlen/server-127-chain.pem @@ -5,8 +5,8 @@ Certificate: Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 127 CA/emailAddress=info@wolfssl.com Validity - Not Before: Sep 20 00:09:11 2016 GMT - Not After : Jun 17 00:09:11 2019 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 127/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -42,27 +42,27 @@ Certificate: X509v3 Basic Constraints: CA:FALSE Signature Algorithm: sha1WithRSAEncryption - 65:05:63:43:5f:91:a4:54:31:3e:e8:55:ac:7b:b2:57:c2:f2: - 2e:3d:f2:53:cf:13:b5:35:7c:b6:f9:a7:86:e2:41:aa:14:6a: - 65:69:17:fb:02:39:7c:31:78:80:9a:0d:27:10:9a:7c:2c:17: - 30:03:32:6a:3f:06:fa:19:02:83:91:71:4d:50:e0:55:17:ed: - ec:62:3b:29:51:2e:c9:9a:75:3b:91:f9:bc:d0:2d:4f:ff:30: - d8:1d:b6:7e:8e:39:70:a1:c9:d1:f7:a3:81:a5:7c:5d:e4:e0: - cf:43:60:a1:c0:b8:e7:16:ed:43:6d:b2:09:cd:bc:51:57:f0: - 73:a2:cb:03:b6:c7:56:97:96:c6:8c:93:aa:44:3d:62:0c:b5: - ca:b8:65:1b:98:8f:ad:98:9e:9b:2e:83:0d:e6:d0:76:d8:c5: - 5c:4a:9e:40:88:65:c0:0e:bc:5c:87:dd:c1:e0:51:b7:8b:d5: - 73:da:8d:83:0d:16:60:a3:ff:f4:7c:4a:85:bb:a1:81:f5:9e: - 5d:f8:e7:d6:9d:6a:5b:9d:2b:f8:3d:02:16:ff:b9:6a:60:c9: - 64:40:5d:9c:37:a4:b8:ee:82:52:5c:db:07:5f:04:98:4a:f2: - ec:6c:86:50:9c:a0:99:5b:24:9a:d9:7d:1f:5d:f3:7e:47:59: - 10:48:f5:2a + 19:04:0b:64:d4:fa:c8:d2:aa:93:57:28:ad:c4:e4:70:f9:25: + 6c:06:f3:21:34:a9:af:03:aa:1d:02:b2:e4:34:df:a1:74:88: + 7f:8b:88:64:8c:6d:19:a6:4a:ee:62:80:8a:4c:17:1b:85:57: + e4:f0:b7:8d:66:9c:de:b7:bd:ed:2a:82:5c:d1:1e:ba:29:9d: + 92:b5:df:cf:8e:48:12:0a:d3:16:5f:f3:e2:db:c0:d1:42:e4: + 6b:3c:99:d3:fb:fc:87:9d:b0:44:5c:b5:8d:d8:e1:6c:58:df: + 37:b4:62:53:f8:85:7a:89:a0:40:f7:9f:f6:57:7c:9b:12:8e: + b4:46:2e:04:10:fd:8b:4b:ae:e6:1d:b7:63:3f:49:a9:ff:8a: + f4:77:d6:90:c9:07:9b:d0:1e:b8:8b:ea:5a:49:a4:ae:50:3a: + 7f:9e:01:46:22:7f:23:46:d2:8e:75:46:99:6b:3b:8c:f8:25: + 3a:17:a2:6d:b6:a1:b8:ba:c4:a7:75:a3:6a:3c:5f:fa:0a:e0: + ab:08:ab:26:d0:78:55:57:67:d2:e8:6f:c9:89:c1:9c:6f:54: + 47:af:13:9c:3e:e1:ac:00:c9:63:95:22:b9:ec:54:31:ac:26: + 1e:ab:e3:a4:04:5c:6e:9d:7a:6b:c1:e7:22:a0:b5:aa:42:35: + 81:94:d0:45 -----BEGIN CERTIFICATE----- MIIEoDCCA4igAwIBAgIBazANBgkqhkiG9w0BAQUFADCBmjELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxFjAUBgNVBAMMDVNl cnZlciAxMjcgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcN -MTYwOTIwMDAwOTExWhcNMTkwNjE3MDAwOTExWjCBlzELMAkGA1UEBhMCVVMxEzAR +MTgwNDEzMTUyMzEwWhcNMjEwMTA3MTUyMzEwWjCBlzELMAkGA1UEBhMCVVMxEzAR BgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdv bGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxEzARBgNVBAMMClNlcnZl ciAxMjcxHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqG @@ -77,12 +77,12 @@ FLMRMsmSmITiyfjQO24DQsofDo48oYGapIGXMIGUMQswCQYDVQQGEwJVUzEQMA4G A1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3dG9v dGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNv bTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIBajAJBgNVHRMEAjAA -MA0GCSqGSIb3DQEBBQUAA4IBAQBlBWNDX5GkVDE+6FWse7JXwvIuPfJTzxO1NXy2 -+aeG4kGqFGplaRf7Ajl8MXiAmg0nEJp8LBcwAzJqPwb6GQKDkXFNUOBVF+3sYjsp -US7JmnU7kfm80C1P/zDYHbZ+jjlwocnR96OBpXxd5ODPQ2ChwLjnFu1DbbIJzbxR -V/BzossDtsdWl5bGjJOqRD1iDLXKuGUbmI+tmJ6bLoMN5tB22MVcSp5AiGXADrxc -h93B4FG3i9Vz2o2DDRZgo//0fEqFu6GB9Z5d+OfWnWpbnSv4PQIW/7lqYMlkQF2c -N6S47oJSXNsHXwSYSvLsbIZQnKCZWySa2X0fXfN+R1kQSPUq +MA0GCSqGSIb3DQEBBQUAA4IBAQAZBAtk1PrI0qqTVyitxORw+SVsBvMhNKmvA6od +ArLkNN+hdIh/i4hkjG0ZpkruYoCKTBcbhVfk8LeNZpzet73tKoJc0R66KZ2Std/P +jkgSCtMWX/Pi28DRQuRrPJnT+/yHnbBEXLWN2OFsWN83tGJT+IV6iaBA95/2V3yb +Eo60Ri4EEP2LS67mHbdjP0mp/4r0d9aQyQeb0B64i+paSaSuUDp/ngFGIn8jRtKO +dUaZazuM+CU6F6JttqG4usSndaNqPF/6CuCrCKsm0HhVV2fS6G/JicGcb1RHrxOc +PuGsAMljlSK57FQxrCYeq+OkBFxunXprwecioLWqQjWBlNBF -----END CERTIFICATE----- Certificate: Data: @@ -91,8 +91,8 @@ Certificate: Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Sep 19 23:24:16 2016 GMT - Not After : Jun 16 23:24:16 2019 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 127 CA/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -123,34 +123,34 @@ Certificate: X509v3 Authority Key Identifier: keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:B7:B6:90:33:66:1B:6B:23 + serial:86:FF:F5:8E:10:DE:B8:FB X509v3 Basic Constraints: CA:TRUE, pathlen:127 X509v3 Key Usage: Certificate Sign, CRL Sign Signature Algorithm: sha1WithRSAEncryption - 34:c3:f2:9a:80:df:5c:8a:b4:c1:08:f5:c6:72:a2:74:90:1d: - e9:f9:7a:e7:6e:3b:df:be:01:28:6b:10:ee:5f:9d:8d:5b:7a: - fc:40:12:7f:b6:bb:ac:d9:07:73:78:d0:4f:53:5d:f8:c3:50: - ba:f7:76:a2:e5:12:fa:8f:01:24:a2:b7:8a:e4:6c:0b:62:51: - 37:39:4a:90:eb:11:16:26:58:44:ed:3f:41:57:8e:32:7a:e4: - 85:a7:ce:44:d2:46:28:9e:29:34:9b:16:a5:17:ef:56:11:0a: - 60:b8:88:7c:3e:ed:ec:5e:57:5f:b1:b9:b7:55:38:a0:ea:04: - 58:22:04:7e:30:f3:40:33:a1:cd:3f:24:72:7b:a4:b4:2d:b5: - 96:b3:80:7a:48:85:83:3c:6e:55:43:7c:13:d3:5e:f8:70:32: - da:5a:78:db:d0:54:54:9c:e9:38:05:da:7c:ac:bb:ec:79:cf: - 3e:56:32:ce:29:31:70:07:9a:c7:b4:00:02:33:af:1b:ce:7c: - 16:ff:8b:c0:8b:80:1e:0d:c7:d4:07:95:49:d4:9a:ed:55:b6: - 1f:bd:e7:77:b9:fa:af:29:6a:49:79:02:3c:b9:ea:6c:68:c3: - ef:ca:40:27:d0:15:d0:da:31:9c:2f:3d:a5:66:e3:f8:a4:98: - d5:00:5f:b2 + 44:50:b4:96:71:e5:9a:61:36:7b:c7:fa:05:88:39:e9:46:5b: + b0:b3:63:0d:5a:1b:c1:70:fd:d7:6a:9c:9d:0c:95:b7:ad:4f: + 9b:c2:34:24:90:d9:4b:bf:07:f7:18:d7:b8:13:3a:d5:01:8d: + e6:b6:15:ff:a4:94:36:4d:7b:b6:03:2f:12:ae:40:e1:ed:be: + 95:2d:2c:6c:22:9e:3e:87:12:7c:5c:bc:95:90:2a:cb:e3:e1: + 85:3e:60:4f:09:d6:44:83:15:7e:4f:c8:bb:b7:83:c9:13:17: + 9b:60:56:47:7c:cf:6d:83:5b:9e:9a:84:f5:fd:2b:aa:55:7c: + b7:fc:66:b5:49:66:77:e4:48:b6:3a:b2:d5:6f:a8:d8:25:a3: + a2:fa:4d:6f:ac:7a:b3:17:a9:5d:60:52:57:80:f3:5e:3b:2b: + c2:b5:85:af:f0:a2:c8:0b:ff:66:11:90:d9:25:12:e1:43:04: + c5:21:1f:b7:24:8a:c3:6d:a9:1d:32:de:72:5b:7e:fe:a2:aa: + 6f:54:e3:ca:25:fd:f2:86:41:4b:3c:eb:b6:0b:36:fe:93:14: + 5e:36:4e:79:22:15:45:64:a1:aa:78:d9:51:79:78:2f:72:f6: + 91:bd:f7:4b:d2:4a:24:ff:db:2d:4c:8f:ea:5d:b0:db:7a:cf: + b9:ad:43:f5 -----BEGIN CERTIFICATE----- MIIEujCCA6KgAwIBAgIBajANBgkqhkiG9w0BAQUFADCBlDELMAkGA1UEBhMCVVMx EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz -bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTYwOTE5 -MjMyNDE2WhcNMTkwNjE2MjMyNDE2WjCBmjELMAkGA1UEBhMCVVMxEzARBgNVBAgM +bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTgwNDEz +MTUyMzEwWhcNMjEwMTA3MTUyMzEwWjCBmjELMAkGA1UEBhMCVVMxEzARBgNVBAgM Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdvbGZTU0wg SW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxFjAUBgNVBAMMDVNlcnZlciAxMjcg Q0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3 @@ -164,12 +164,12 @@ CTAdBgNVHQ4EFgQUsxEyyZKYhOLJ+NA7bgNCyh8OjjwwgckGA1UdIwSBwTCBvoAU J45nEXTDJh0/7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYD VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290 aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t -MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkAt7aQM2YbayMwDwYD -VR0TBAgwBgEB/wIBfzALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQEFBQADggEBADTD -8pqA31yKtMEI9cZyonSQHen5euduO9++AShrEO5fnY1bevxAEn+2u6zZB3N40E9T -XfjDULr3dqLlEvqPASSit4rkbAtiUTc5SpDrERYmWETtP0FXjjJ65IWnzkTSRiie -KTSbFqUX71YRCmC4iHw+7exeV1+xubdVOKDqBFgiBH4w80Azoc0/JHJ7pLQttZaz -gHpIhYM8blVDfBPTXvhwMtpaeNvQVFSc6TgF2nysu+x5zz5WMs4pMXAHmse0AAIz -rxvOfBb/i8CLgB4Nx9QHlUnUmu1Vth+953e5+q8pakl5Ajy56mxow+/KQCfQFdDa -MZwvPaVm4/ikmNUAX7I= +MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkAhv/1jhDeuPswDwYD +VR0TBAgwBgEB/wIBfzALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQEFBQADggEBAERQ +tJZx5ZphNnvH+gWIOelGW7CzYw1aG8Fw/ddqnJ0MlbetT5vCNCSQ2Uu/B/cY17gT +OtUBjea2Ff+klDZNe7YDLxKuQOHtvpUtLGwinj6HEnxcvJWQKsvj4YU+YE8J1kSD +FX5PyLu3g8kTF5tgVkd8z22DW56ahPX9K6pVfLf8ZrVJZnfkSLY6stVvqNglo6L6 +TW+serMXqV1gUleA8147K8K1ha/wosgL/2YRkNklEuFDBMUhH7ckisNtqR0y3nJb +fv6iqm9U48ol/fKGQUs867YLNv6TFF42TnkiFUVkoap42VF5eC9y9pG990vSSiT/ +2y1Mj+pdsNt6z7mtQ/U= -----END CERTIFICATE----- diff --git a/certs/test-pathlen/server-128-ca.pem b/certs/test-pathlen/server-128-ca.pem index 0a328543d..c46b3cbf2 100644 --- a/certs/test-pathlen/server-128-ca.pem +++ b/certs/test-pathlen/server-128-ca.pem @@ -1,12 +1,12 @@ Certificate: Data: Version: 3 (0x2) - Serial Number: 108 (0x6c) + Serial Number: 106 (0x6a) Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Sep 19 23:25:55 2016 GMT - Not After : Jun 16 23:25:55 2019 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 128 CA/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -37,34 +37,34 @@ Certificate: X509v3 Authority Key Identifier: keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:B7:B6:90:33:66:1B:6B:23 + serial:86:FF:F5:8E:10:DE:B8:FB X509v3 Basic Constraints: CA:TRUE, pathlen:128 X509v3 Key Usage: Certificate Sign, CRL Sign Signature Algorithm: sha1WithRSAEncryption - 2c:4e:94:b0:f6:75:cc:c4:9e:b5:68:56:f6:af:57:00:aa:74: - 99:59:6e:a8:de:d1:31:79:8a:b2:0c:42:d1:84:42:e4:89:7a: - 65:d1:cb:3f:fe:10:0c:ab:3a:89:a2:34:67:2d:43:cd:c1:09: - 80:b5:79:8c:0c:d8:2e:aa:c9:4c:89:59:0b:4a:1f:cd:f3:7c: - c1:7b:9e:26:7e:ea:c6:cd:de:b5:74:10:54:ee:0f:8f:85:5e: - 1a:9d:61:59:80:ac:f1:b8:be:a3:7e:57:41:62:6f:c4:30:18: - 92:cb:75:a2:fa:97:b7:90:db:ab:4f:b3:0d:05:cc:a9:e6:b8: - b2:57:2d:b8:b6:85:bf:98:7d:43:d1:82:11:3e:ca:8d:2f:b0: - 5f:0d:d2:29:70:30:02:08:3a:38:bc:c9:e9:6c:59:7f:17:7b: - 97:9a:96:9a:f4:bf:6e:e3:44:70:ac:95:f8:5a:08:74:b4:5f: - 35:17:5e:da:77:3b:49:22:1f:9e:1d:1f:da:30:3f:69:6a:61: - 57:8b:59:b0:4b:50:c2:22:bd:6b:79:b3:a4:7b:11:00:34:cf: - a9:fc:ad:99:a0:33:5c:1e:45:ab:d8:a7:71:11:c6:3a:f4:cb: - b5:67:85:0d:34:46:fa:f0:76:4b:51:12:6b:3a:fd:25:30:f6: - 65:5a:61:ef + 23:cf:7d:44:56:10:44:29:12:31:cc:c4:9b:b8:a8:dd:4e:c3: + 9f:2c:f5:7f:1b:d7:05:43:82:dd:c8:19:be:b9:54:d8:32:4d: + 88:2e:38:fb:be:ff:9d:fc:0a:99:8d:d3:67:08:22:a4:bb:62: + 5a:ec:49:3f:3a:38:cb:8e:f0:bd:42:d7:f7:16:43:31:00:df: + 10:53:c9:35:3f:bf:b9:4b:14:d0:f6:7f:d2:04:ef:69:c4:e6: + 53:d5:74:17:e1:f6:63:90:30:a2:90:9f:f1:13:1a:0e:bf:ec: + c0:e2:ae:41:40:20:41:55:84:69:e9:39:04:84:ab:f8:88:29: + 31:4c:15:19:12:ab:6f:f0:62:fe:83:a9:dc:52:52:7b:3a:14: + 86:8f:45:da:25:7d:c1:f3:21:84:84:bb:82:d6:ef:f9:4b:ec: + f4:21:87:ed:c1:53:77:8e:98:05:50:2c:d9:1f:42:30:dd:8b: + 85:57:3c:5a:fa:bd:06:55:11:95:3f:7f:fb:02:50:7d:88:57: + 0b:c8:a2:b3:fc:d0:fd:40:19:03:9a:8e:bb:d5:38:b0:d0:d6: + e3:e2:fa:45:91:2c:18:c7:9a:24:f0:78:ee:c2:0d:a0:53:4e: + c7:68:ad:80:6e:82:35:4b:1d:c7:15:b9:db:40:63:08:56:72: + 56:a2:55:7e -----BEGIN CERTIFICATE----- -MIIEuzCCA6OgAwIBAgIBbDANBgkqhkiG9w0BAQUFADCBlDELMAkGA1UEBhMCVVMx +MIIEuzCCA6OgAwIBAgIBajANBgkqhkiG9w0BAQUFADCBlDELMAkGA1UEBhMCVVMx EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz -bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTYwOTE5 -MjMyNTU1WhcNMTkwNjE2MjMyNTU1WjCBmjELMAkGA1UEBhMCVVMxEzARBgNVBAgM +bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTgwNDEz +MTUyMzEwWhcNMjEwMTA3MTUyMzEwWjCBmjELMAkGA1UEBhMCVVMxEzARBgNVBAgM Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdvbGZTU0wg SW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxFjAUBgNVBAMMDVNlcnZlciAxMjgg Q0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3 @@ -78,12 +78,12 @@ CjAdBgNVHQ4EFgQUsxEyyZKYhOLJ+NA7bgNCyh8OjjwwgckGA1UdIwSBwTCBvoAU J45nEXTDJh0/7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYD VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290 aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t -MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkAt7aQM2YbayMwEAYD -VR0TBAkwBwEB/wICAIAwCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQAs -TpSw9nXMxJ61aFb2r1cAqnSZWW6o3tExeYqyDELRhELkiXpl0cs//hAMqzqJojRn -LUPNwQmAtXmMDNguqslMiVkLSh/N83zBe54mfurGzd61dBBU7g+PhV4anWFZgKzx -uL6jfldBYm/EMBiSy3Wi+pe3kNurT7MNBcyp5riyVy24toW/mH1D0YIRPsqNL7Bf -DdIpcDACCDo4vMnpbFl/F3uXmpaa9L9u40RwrJX4Wgh0tF81F17adztJIh+eHR/a -MD9pamFXi1mwS1DCIr1rebOkexEANM+p/K2ZoDNcHkWr2KdxEcY69Mu1Z4UNNEb6 -8HZLURJrOv0lMPZlWmHv +MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkAhv/1jhDeuPswEAYD +VR0TBAkwBwEB/wICAIAwCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQAj +z31EVhBEKRIxzMSbuKjdTsOfLPV/G9cFQ4LdyBm+uVTYMk2ILjj7vv+d/AqZjdNn +CCKku2Ja7Ek/OjjLjvC9Qtf3FkMxAN8QU8k1P7+5SxTQ9n/SBO9pxOZT1XQX4fZj +kDCikJ/xExoOv+zA4q5BQCBBVYRp6TkEhKv4iCkxTBUZEqtv8GL+g6ncUlJ7OhSG +j0XaJX3B8yGEhLuC1u/5S+z0IYftwVN3jpgFUCzZH0Iw3YuFVzxa+r0GVRGVP3/7 +AlB9iFcLyKKz/ND9QBkDmo671Tiw0Nbj4vpFkSwYx5ok8Hjuwg2gU07HaK2AboI1 +Sx3HFbnbQGMIVnJWolV+ -----END CERTIFICATE----- diff --git a/certs/test-pathlen/server-128-cert.pem b/certs/test-pathlen/server-128-cert.pem index a873da4a3..6a4d6b140 100644 --- a/certs/test-pathlen/server-128-cert.pem +++ b/certs/test-pathlen/server-128-cert.pem @@ -1,12 +1,12 @@ Certificate: Data: Version: 3 (0x2) - Serial Number: 109 (0x6d) + Serial Number: 107 (0x6b) Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 128 CA/emailAddress=info@wolfssl.com Validity - Not Before: Sep 20 00:10:39 2016 GMT - Not After : Jun 17 00:10:39 2019 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 128/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -37,32 +37,32 @@ Certificate: X509v3 Authority Key Identifier: keyid:B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:6C + serial:6A X509v3 Basic Constraints: CA:FALSE Signature Algorithm: sha1WithRSAEncryption - b5:8d:6e:c1:2f:26:fb:25:f5:48:99:97:42:b0:20:22:73:3a: - 37:96:f4:f5:33:ae:10:10:51:2c:8b:30:2e:de:27:0d:f5:68: - b8:fd:4c:28:59:5a:ec:e5:31:7e:83:97:37:96:26:09:88:d1: - 19:46:48:74:59:d1:4e:4a:f6:bf:f5:ea:1b:3b:99:d4:aa:7c: - 46:60:f5:38:43:a2:2b:a7:d9:b5:30:cb:a5:2b:5a:de:68:a5: - 9f:8c:3b:d6:6e:b2:0a:6f:3f:df:88:fe:70:83:d2:21:58:c0: - 53:89:da:a0:33:9d:1d:f7:a1:88:d3:18:ac:9c:2a:18:45:68: - 37:af:46:85:1a:1c:4c:bf:8c:b0:1a:c6:3e:3e:98:2e:9e:26: - 6d:1c:8a:db:15:d2:5e:28:48:cc:07:9d:1d:e1:7d:89:b5:7a: - 13:b1:5a:b3:03:3f:77:c4:21:7b:d2:2a:96:24:3c:d9:65:76: - 42:e5:cb:20:30:d3:17:bc:f9:8d:dd:e4:63:ae:2a:13:0f:3c: - df:c5:86:dd:d4:db:79:50:6f:88:b8:58:bd:6f:09:2b:c5:21: - bd:1e:a0:9c:e8:97:6b:cb:c8:9a:8e:09:ac:8e:5a:72:ed:d7: - b0:d0:7f:85:b0:91:73:e4:2b:28:e1:a1:6d:3f:2a:8f:ea:d1: - df:57:64:25 + a5:a7:5d:17:a3:a7:15:08:10:89:5a:47:84:ee:63:dc:c7:f5: + b0:ae:a4:99:c2:b1:02:bf:97:8a:cd:d1:ab:f5:87:b6:0b:98: + 30:e0:33:f1:40:db:2c:33:79:98:ab:87:43:b4:10:8a:4f:92: + cf:97:49:fc:e8:a6:7a:52:4b:6a:dc:b4:ed:e4:55:2f:3c:dc: + 56:b3:2c:a8:4c:fa:6a:55:ae:7e:f1:e5:d6:64:96:e6:67:3e: + 46:d0:b8:b2:eb:cb:98:a5:d1:7c:d8:cc:de:ba:39:4d:a5:b3: + 45:45:62:0e:05:be:60:54:6d:4d:e8:90:e3:ad:5e:86:52:43: + 12:60:5b:fa:07:33:10:fb:6d:a6:c0:8c:3d:8a:9a:8a:1c:3e: + 7a:34:bf:41:f0:d2:d5:5d:16:00:ce:52:51:2b:13:a2:ef:be: + 07:dd:09:91:54:a1:74:2d:53:d2:db:94:f9:a1:98:62:1f:06: + 0c:69:3b:34:2a:9a:00:3c:9b:2f:c1:46:80:c2:dd:c7:7e:95: + ea:f7:05:19:29:b0:82:02:b8:b6:f3:a1:bf:00:5e:23:77:6f: + d2:63:c2:29:df:67:47:5a:2c:69:ce:6c:88:28:43:34:da:6c: + d4:2d:ee:cd:ef:fb:1a:69:e5:d7:8e:f4:2b:de:b2:b0:7d:8c: + 5c:50:91:d9 -----BEGIN CERTIFICATE----- -MIIEoDCCA4igAwIBAgIBbTANBgkqhkiG9w0BAQUFADCBmjELMAkGA1UEBhMCVVMx +MIIEoDCCA4igAwIBAgIBazANBgkqhkiG9w0BAQUFADCBmjELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxFjAUBgNVBAMMDVNl cnZlciAxMjggQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcN -MTYwOTIwMDAxMDM5WhcNMTkwNjE3MDAxMDM5WjCBlzELMAkGA1UEBhMCVVMxEzAR +MTgwNDEzMTUyMzEwWhcNMjEwMTA3MTUyMzEwWjCBlzELMAkGA1UEBhMCVVMxEzAR BgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdv bGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxEzARBgNVBAMMClNlcnZl ciAxMjgxHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqG @@ -76,11 +76,11 @@ ge4wHQYDVR0OBBYEFLMRMsmSmITiyfjQO24DQsofDo48MIHBBgNVHSMEgbkwgbaA FLMRMsmSmITiyfjQO24DQsofDo48oYGapIGXMIGUMQswCQYDVQQGEwJVUzEQMA4G A1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3dG9v dGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNv -bTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIBbDAJBgNVHRMEAjAA -MA0GCSqGSIb3DQEBBQUAA4IBAQC1jW7BLyb7JfVImZdCsCAiczo3lvT1M64QEFEs -izAu3icN9Wi4/UwoWVrs5TF+g5c3liYJiNEZRkh0WdFOSva/9eobO5nUqnxGYPU4 -Q6Irp9m1MMulK1reaKWfjDvWbrIKbz/fiP5wg9IhWMBTidqgM50d96GI0xisnCoY -RWg3r0aFGhxMv4ywGsY+PpguniZtHIrbFdJeKEjMB50d4X2JtXoTsVqzAz93xCF7 -0iqWJDzZZXZC5csgMNMXvPmN3eRjrioTDzzfxYbd1Nt5UG+IuFi9bwkrxSG9HqCc -6Jdry8iajgmsjlpy7dew0H+FsJFz5Cso4aFtPyqP6tHfV2Ql +bTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIBajAJBgNVHRMEAjAA +MA0GCSqGSIb3DQEBBQUAA4IBAQClp10Xo6cVCBCJWkeE7mPcx/WwrqSZwrECv5eK +zdGr9Ye2C5gw4DPxQNssM3mYq4dDtBCKT5LPl0n86KZ6Uktq3LTt5FUvPNxWsyyo +TPpqVa5+8eXWZJbmZz5G0Liy68uYpdF82MzeujlNpbNFRWIOBb5gVG1N6JDjrV6G +UkMSYFv6BzMQ+22mwIw9ipqKHD56NL9B8NLVXRYAzlJRKxOi774H3QmRVKF0LVPS +25T5oZhiHwYMaTs0KpoAPJsvwUaAwt3HfpXq9wUZKbCCAri286G/AF4jd2/SY8Ip +32dHWixpzmyIKEM02mzULe7N7/saaeXXjvQr3rKwfYxcUJHZ -----END CERTIFICATE----- diff --git a/certs/test-pathlen/server-128-chain.pem b/certs/test-pathlen/server-128-chain.pem index 0b43488c7..341138e7a 100644 --- a/certs/test-pathlen/server-128-chain.pem +++ b/certs/test-pathlen/server-128-chain.pem @@ -1,12 +1,12 @@ Certificate: Data: Version: 3 (0x2) - Serial Number: 109 (0x6d) + Serial Number: 107 (0x6b) Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 128 CA/emailAddress=info@wolfssl.com Validity - Not Before: Sep 20 00:10:39 2016 GMT - Not After : Jun 17 00:10:39 2019 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 128/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -37,32 +37,32 @@ Certificate: X509v3 Authority Key Identifier: keyid:B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:6C + serial:6A X509v3 Basic Constraints: CA:FALSE Signature Algorithm: sha1WithRSAEncryption - b5:8d:6e:c1:2f:26:fb:25:f5:48:99:97:42:b0:20:22:73:3a: - 37:96:f4:f5:33:ae:10:10:51:2c:8b:30:2e:de:27:0d:f5:68: - b8:fd:4c:28:59:5a:ec:e5:31:7e:83:97:37:96:26:09:88:d1: - 19:46:48:74:59:d1:4e:4a:f6:bf:f5:ea:1b:3b:99:d4:aa:7c: - 46:60:f5:38:43:a2:2b:a7:d9:b5:30:cb:a5:2b:5a:de:68:a5: - 9f:8c:3b:d6:6e:b2:0a:6f:3f:df:88:fe:70:83:d2:21:58:c0: - 53:89:da:a0:33:9d:1d:f7:a1:88:d3:18:ac:9c:2a:18:45:68: - 37:af:46:85:1a:1c:4c:bf:8c:b0:1a:c6:3e:3e:98:2e:9e:26: - 6d:1c:8a:db:15:d2:5e:28:48:cc:07:9d:1d:e1:7d:89:b5:7a: - 13:b1:5a:b3:03:3f:77:c4:21:7b:d2:2a:96:24:3c:d9:65:76: - 42:e5:cb:20:30:d3:17:bc:f9:8d:dd:e4:63:ae:2a:13:0f:3c: - df:c5:86:dd:d4:db:79:50:6f:88:b8:58:bd:6f:09:2b:c5:21: - bd:1e:a0:9c:e8:97:6b:cb:c8:9a:8e:09:ac:8e:5a:72:ed:d7: - b0:d0:7f:85:b0:91:73:e4:2b:28:e1:a1:6d:3f:2a:8f:ea:d1: - df:57:64:25 + a5:a7:5d:17:a3:a7:15:08:10:89:5a:47:84:ee:63:dc:c7:f5: + b0:ae:a4:99:c2:b1:02:bf:97:8a:cd:d1:ab:f5:87:b6:0b:98: + 30:e0:33:f1:40:db:2c:33:79:98:ab:87:43:b4:10:8a:4f:92: + cf:97:49:fc:e8:a6:7a:52:4b:6a:dc:b4:ed:e4:55:2f:3c:dc: + 56:b3:2c:a8:4c:fa:6a:55:ae:7e:f1:e5:d6:64:96:e6:67:3e: + 46:d0:b8:b2:eb:cb:98:a5:d1:7c:d8:cc:de:ba:39:4d:a5:b3: + 45:45:62:0e:05:be:60:54:6d:4d:e8:90:e3:ad:5e:86:52:43: + 12:60:5b:fa:07:33:10:fb:6d:a6:c0:8c:3d:8a:9a:8a:1c:3e: + 7a:34:bf:41:f0:d2:d5:5d:16:00:ce:52:51:2b:13:a2:ef:be: + 07:dd:09:91:54:a1:74:2d:53:d2:db:94:f9:a1:98:62:1f:06: + 0c:69:3b:34:2a:9a:00:3c:9b:2f:c1:46:80:c2:dd:c7:7e:95: + ea:f7:05:19:29:b0:82:02:b8:b6:f3:a1:bf:00:5e:23:77:6f: + d2:63:c2:29:df:67:47:5a:2c:69:ce:6c:88:28:43:34:da:6c: + d4:2d:ee:cd:ef:fb:1a:69:e5:d7:8e:f4:2b:de:b2:b0:7d:8c: + 5c:50:91:d9 -----BEGIN CERTIFICATE----- -MIIEoDCCA4igAwIBAgIBbTANBgkqhkiG9w0BAQUFADCBmjELMAkGA1UEBhMCVVMx +MIIEoDCCA4igAwIBAgIBazANBgkqhkiG9w0BAQUFADCBmjELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxFjAUBgNVBAMMDVNl cnZlciAxMjggQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcN -MTYwOTIwMDAxMDM5WhcNMTkwNjE3MDAxMDM5WjCBlzELMAkGA1UEBhMCVVMxEzAR +MTgwNDEzMTUyMzEwWhcNMjEwMTA3MTUyMzEwWjCBlzELMAkGA1UEBhMCVVMxEzAR BgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdv bGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxEzARBgNVBAMMClNlcnZl ciAxMjgxHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqG @@ -76,23 +76,23 @@ ge4wHQYDVR0OBBYEFLMRMsmSmITiyfjQO24DQsofDo48MIHBBgNVHSMEgbkwgbaA FLMRMsmSmITiyfjQO24DQsofDo48oYGapIGXMIGUMQswCQYDVQQGEwJVUzEQMA4G A1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3dG9v dGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNv -bTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIBbDAJBgNVHRMEAjAA -MA0GCSqGSIb3DQEBBQUAA4IBAQC1jW7BLyb7JfVImZdCsCAiczo3lvT1M64QEFEs -izAu3icN9Wi4/UwoWVrs5TF+g5c3liYJiNEZRkh0WdFOSva/9eobO5nUqnxGYPU4 -Q6Irp9m1MMulK1reaKWfjDvWbrIKbz/fiP5wg9IhWMBTidqgM50d96GI0xisnCoY -RWg3r0aFGhxMv4ywGsY+PpguniZtHIrbFdJeKEjMB50d4X2JtXoTsVqzAz93xCF7 -0iqWJDzZZXZC5csgMNMXvPmN3eRjrioTDzzfxYbd1Nt5UG+IuFi9bwkrxSG9HqCc -6Jdry8iajgmsjlpy7dew0H+FsJFz5Cso4aFtPyqP6tHfV2Ql +bTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIBajAJBgNVHRMEAjAA +MA0GCSqGSIb3DQEBBQUAA4IBAQClp10Xo6cVCBCJWkeE7mPcx/WwrqSZwrECv5eK +zdGr9Ye2C5gw4DPxQNssM3mYq4dDtBCKT5LPl0n86KZ6Uktq3LTt5FUvPNxWsyyo +TPpqVa5+8eXWZJbmZz5G0Liy68uYpdF82MzeujlNpbNFRWIOBb5gVG1N6JDjrV6G +UkMSYFv6BzMQ+22mwIw9ipqKHD56NL9B8NLVXRYAzlJRKxOi774H3QmRVKF0LVPS +25T5oZhiHwYMaTs0KpoAPJsvwUaAwt3HfpXq9wUZKbCCAri286G/AF4jd2/SY8Ip +32dHWixpzmyIKEM02mzULe7N7/saaeXXjvQr3rKwfYxcUJHZ -----END CERTIFICATE----- Certificate: Data: Version: 3 (0x2) - Serial Number: 108 (0x6c) + Serial Number: 106 (0x6a) Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Sep 19 23:25:55 2016 GMT - Not After : Jun 16 23:25:55 2019 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 128 CA/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -123,34 +123,34 @@ Certificate: X509v3 Authority Key Identifier: keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:B7:B6:90:33:66:1B:6B:23 + serial:86:FF:F5:8E:10:DE:B8:FB X509v3 Basic Constraints: CA:TRUE, pathlen:128 X509v3 Key Usage: Certificate Sign, CRL Sign Signature Algorithm: sha1WithRSAEncryption - 2c:4e:94:b0:f6:75:cc:c4:9e:b5:68:56:f6:af:57:00:aa:74: - 99:59:6e:a8:de:d1:31:79:8a:b2:0c:42:d1:84:42:e4:89:7a: - 65:d1:cb:3f:fe:10:0c:ab:3a:89:a2:34:67:2d:43:cd:c1:09: - 80:b5:79:8c:0c:d8:2e:aa:c9:4c:89:59:0b:4a:1f:cd:f3:7c: - c1:7b:9e:26:7e:ea:c6:cd:de:b5:74:10:54:ee:0f:8f:85:5e: - 1a:9d:61:59:80:ac:f1:b8:be:a3:7e:57:41:62:6f:c4:30:18: - 92:cb:75:a2:fa:97:b7:90:db:ab:4f:b3:0d:05:cc:a9:e6:b8: - b2:57:2d:b8:b6:85:bf:98:7d:43:d1:82:11:3e:ca:8d:2f:b0: - 5f:0d:d2:29:70:30:02:08:3a:38:bc:c9:e9:6c:59:7f:17:7b: - 97:9a:96:9a:f4:bf:6e:e3:44:70:ac:95:f8:5a:08:74:b4:5f: - 35:17:5e:da:77:3b:49:22:1f:9e:1d:1f:da:30:3f:69:6a:61: - 57:8b:59:b0:4b:50:c2:22:bd:6b:79:b3:a4:7b:11:00:34:cf: - a9:fc:ad:99:a0:33:5c:1e:45:ab:d8:a7:71:11:c6:3a:f4:cb: - b5:67:85:0d:34:46:fa:f0:76:4b:51:12:6b:3a:fd:25:30:f6: - 65:5a:61:ef + 23:cf:7d:44:56:10:44:29:12:31:cc:c4:9b:b8:a8:dd:4e:c3: + 9f:2c:f5:7f:1b:d7:05:43:82:dd:c8:19:be:b9:54:d8:32:4d: + 88:2e:38:fb:be:ff:9d:fc:0a:99:8d:d3:67:08:22:a4:bb:62: + 5a:ec:49:3f:3a:38:cb:8e:f0:bd:42:d7:f7:16:43:31:00:df: + 10:53:c9:35:3f:bf:b9:4b:14:d0:f6:7f:d2:04:ef:69:c4:e6: + 53:d5:74:17:e1:f6:63:90:30:a2:90:9f:f1:13:1a:0e:bf:ec: + c0:e2:ae:41:40:20:41:55:84:69:e9:39:04:84:ab:f8:88:29: + 31:4c:15:19:12:ab:6f:f0:62:fe:83:a9:dc:52:52:7b:3a:14: + 86:8f:45:da:25:7d:c1:f3:21:84:84:bb:82:d6:ef:f9:4b:ec: + f4:21:87:ed:c1:53:77:8e:98:05:50:2c:d9:1f:42:30:dd:8b: + 85:57:3c:5a:fa:bd:06:55:11:95:3f:7f:fb:02:50:7d:88:57: + 0b:c8:a2:b3:fc:d0:fd:40:19:03:9a:8e:bb:d5:38:b0:d0:d6: + e3:e2:fa:45:91:2c:18:c7:9a:24:f0:78:ee:c2:0d:a0:53:4e: + c7:68:ad:80:6e:82:35:4b:1d:c7:15:b9:db:40:63:08:56:72: + 56:a2:55:7e -----BEGIN CERTIFICATE----- -MIIEuzCCA6OgAwIBAgIBbDANBgkqhkiG9w0BAQUFADCBlDELMAkGA1UEBhMCVVMx +MIIEuzCCA6OgAwIBAgIBajANBgkqhkiG9w0BAQUFADCBlDELMAkGA1UEBhMCVVMx EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz -bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTYwOTE5 -MjMyNTU1WhcNMTkwNjE2MjMyNTU1WjCBmjELMAkGA1UEBhMCVVMxEzARBgNVBAgM +bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTgwNDEz +MTUyMzEwWhcNMjEwMTA3MTUyMzEwWjCBmjELMAkGA1UEBhMCVVMxEzARBgNVBAgM Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdvbGZTU0wg SW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxFjAUBgNVBAMMDVNlcnZlciAxMjgg Q0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3 @@ -164,12 +164,12 @@ CjAdBgNVHQ4EFgQUsxEyyZKYhOLJ+NA7bgNCyh8OjjwwgckGA1UdIwSBwTCBvoAU J45nEXTDJh0/7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYD VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290 aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t -MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkAt7aQM2YbayMwEAYD -VR0TBAkwBwEB/wICAIAwCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQAs -TpSw9nXMxJ61aFb2r1cAqnSZWW6o3tExeYqyDELRhELkiXpl0cs//hAMqzqJojRn -LUPNwQmAtXmMDNguqslMiVkLSh/N83zBe54mfurGzd61dBBU7g+PhV4anWFZgKzx -uL6jfldBYm/EMBiSy3Wi+pe3kNurT7MNBcyp5riyVy24toW/mH1D0YIRPsqNL7Bf -DdIpcDACCDo4vMnpbFl/F3uXmpaa9L9u40RwrJX4Wgh0tF81F17adztJIh+eHR/a -MD9pamFXi1mwS1DCIr1rebOkexEANM+p/K2ZoDNcHkWr2KdxEcY69Mu1Z4UNNEb6 -8HZLURJrOv0lMPZlWmHv +MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkAhv/1jhDeuPswEAYD +VR0TBAkwBwEB/wICAIAwCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQAj +z31EVhBEKRIxzMSbuKjdTsOfLPV/G9cFQ4LdyBm+uVTYMk2ILjj7vv+d/AqZjdNn +CCKku2Ja7Ek/OjjLjvC9Qtf3FkMxAN8QU8k1P7+5SxTQ9n/SBO9pxOZT1XQX4fZj +kDCikJ/xExoOv+zA4q5BQCBBVYRp6TkEhKv4iCkxTBUZEqtv8GL+g6ncUlJ7OhSG +j0XaJX3B8yGEhLuC1u/5S+z0IYftwVN3jpgFUCzZH0Iw3YuFVzxa+r0GVRGVP3/7 +AlB9iFcLyKKz/ND9QBkDmo671Tiw0Nbj4vpFkSwYx5ok8Hjuwg2gU07HaK2AboI1 +Sx3HFbnbQGMIVnJWolV+ -----END CERTIFICATE----- diff --git a/certs/test-servercert.p12 b/certs/test-servercert.p12 index 9a1ffd7d5..c85fdd279 100644 Binary files a/certs/test-servercert.p12 and b/certs/test-servercert.p12 differ diff --git a/certs/test/cert-ext-ia.der b/certs/test/cert-ext-ia.der index de005a63c..a6fb6508c 100644 Binary files a/certs/test/cert-ext-ia.der and b/certs/test/cert-ext-ia.der differ diff --git a/certs/test/cert-ext-nc.der b/certs/test/cert-ext-nc.der index ea0559e17..10438666b 100644 Binary files a/certs/test/cert-ext-nc.der and b/certs/test/cert-ext-nc.der differ diff --git a/certs/test/digsigku.pem b/certs/test/digsigku.pem index 08eb8b2f5..5086b7d7c 100644 --- a/certs/test/digsigku.pem +++ b/certs/test/digsigku.pem @@ -5,8 +5,8 @@ Certificate: Signature Algorithm: ecdsa-with-SHA1 Issuer: C=US, ST=Washington, L=Seattle, O=Foofarah, OU=Arglebargle, CN=foobarbaz/emailAddress=info@worlss.com Validity - Not Before: May 3 00:07:20 2017 GMT - Not After : Jan 28 00:07:20 2020 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=Foofarah, OU=Arglebargle, CN=foobarbaz/emailAddress=info@worlss.com Subject Public Key Info: Public Key Algorithm: id-ecPublicKey @@ -32,16 +32,16 @@ Certificate: X509v3 Key Usage: critical Non Repudiation, Key Encipherment Signature Algorithm: ecdsa-with-SHA1 - 30:46:02:21:00:fe:d6:30:36:fb:43:39:51:d7:4a:02:24:5e: - b4:b1:11:e3:83:66:00:fc:24:12:1a:7e:a8:05:77:ca:f7:24: - 2d:02:21:00:fb:59:c3:e9:6e:9b:f6:a2:46:0b:d8:ad:33:fb: - 89:2d:80:d6:1d:68:1f:f7:d7:93:f1:0b:7a:6b:81:f5:af:62 + 30:45:02:21:00:fb:11:b6:9b:9a:26:b0:36:ad:ad:5a:5e:34: + 75:58:3a:93:01:af:f7:b7:00:25:85:8b:0d:4b:35:6e:43:13: + ec:02:20:14:8b:f5:04:a0:99:75:91:cd:76:1b:6a:3e:14:fc: + 96:13:fe:dd:d1:82:4a:3a:83:2b:2f:f0:a6:a6:c5:a5:bb -----BEGIN CERTIFICATE----- -MIIDKTCCAs+gAwIBAgIJAOOBS0ilcGFwMAkGByqGSM49BAEwgZExCzAJBgNVBAYT +MIIDKDCCAs+gAwIBAgIJAOOBS0ilcGFwMAkGByqGSM49BAEwgZExCzAJBgNVBAYT AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMREwDwYD VQQKDAhGb29mYXJhaDEUMBIGA1UECwwLQXJnbGViYXJnbGUxEjAQBgNVBAMMCWZv -b2JhcmJhejEeMBwGCSqGSIb3DQEJARYPaW5mb0B3b3Jsc3MuY29tMB4XDTE3MDUw -MzAwMDcyMFoXDTIwMDEyODAwMDcyMFowgZExCzAJBgNVBAYTAlVTMRMwEQYDVQQI +b2JhcmJhejEeMBwGCSqGSIb3DQEJARYPaW5mb0B3b3Jsc3MuY29tMB4XDTE4MDQx +MzE1MjMxMFoXDTIxMDEwNzE1MjMxMFowgZExCzAJBgNVBAYTAlVTMRMwEQYDVQQI DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMREwDwYDVQQKDAhGb29mYXJh aDEUMBIGA1UECwwLQXJnbGViYXJnbGUxEjAQBgNVBAMMCWZvb2JhcmJhejEeMBwG CSqGSIb3DQEJARYPaW5mb0B3b3Jsc3MuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0D @@ -52,6 +52,6 @@ MKGBl6SBlDCBkTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAO BgNVBAcMB1NlYXR0bGUxETAPBgNVBAoMCEZvb2ZhcmFoMRQwEgYDVQQLDAtBcmds ZWJhcmdsZTESMBAGA1UEAwwJZm9vYmFyYmF6MR4wHAYJKoZIhvcNAQkBFg9pbmZv QHdvcmxzcy5jb22CCQDjgUtIpXBhcDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB -/wQEAwIFYDAJBgcqhkjOPQQBA0kAMEYCIQD+1jA2+0M5UddKAiRetLER44NmAPwk -Ehp+qAV3yvckLQIhAPtZw+lum/aiRgvYrTP7iS2A1h1oH/fXk/ELemuB9a9i +/wQEAwIFYDAJBgcqhkjOPQQBA0gAMEUCIQD7EbabmiawNq2tWl40dVg6kwGv97cA +JYWLDUs1bkMT7AIgFIv1BKCZdZHNdhtqPhT8lhP+3dGCSjqDKy/wpqbFpbs= -----END CERTIFICATE----- diff --git a/certs/test/gen-badaltnamenull.sh b/certs/test/gen-testcerts.sh similarity index 50% rename from certs/test/gen-badaltnamenull.sh rename to certs/test/gen-testcerts.sh index 8ca9d8c7a..f51942597 100755 --- a/certs/test/gen-badaltnamenull.sh +++ b/certs/test/gen-testcerts.sh @@ -1,5 +1,6 @@ #!/bin/sh +# Generate CN=localhost, AltName=localhost\0h echo "step 1 create key" openssl genrsa -out server-badaltnamenull.key 2048 @@ -18,3 +19,25 @@ openssl x509 -inform pem -in server-badaltnamenull.pem -text > tmp.pem mv tmp.pem server-badaltnamenull.pem openssl x509 -inform pem -in server-badaltnamenull.pem -outform der -out server-badaltnamenull.der + + +# Generate CN=www.nomatch.com, no AltName +echo "step 1 create key" +openssl genrsa -out server-nomatch.key 2048 + +echo "step 2 create csr" +echo "US\nMontana\nBozeman\nEngineering\nwww.nomatch.com\n.\n" | openssl req -new -sha256 -out server-nomatch.csr -key server-nomatch.key -config server-nomatch.conf + +echo "step 3 check csr" +openssl req -text -noout -in server-nomatch.csr + +echo "step 4 create cert" +openssl x509 -req -days 1000 -in server-nomatch.csr -signkey server-nomatch.key \ + -out server-nomatch.pem -extensions req_ext -extfile server-nomatch.conf + +echo "step 5 make human reviewable" +openssl x509 -inform pem -in server-nomatch.pem -text > tmp.pem +mv tmp.pem server-nomatch.pem + +openssl x509 -inform pem -in server-nomatch.pem -outform der -out server-nomatch.der + diff --git a/certs/test/include.am b/certs/test/include.am index 6b9d07d72..0e8eec225 100644 --- a/certs/test/include.am +++ b/certs/test/include.am @@ -3,26 +3,42 @@ # EXTRA_DIST += \ - certs/test/cert-ext-ia.cfg \ - certs/test/cert-ext-ia.der \ - certs/test/cert-ext-nc.cfg \ - certs/test/cert-ext-nc.der \ - certs/test/cert-ext-ns.der \ - certs/test/gen-ext-certs.sh \ + certs/test/cert-ext-ia.cfg \ + certs/test/cert-ext-ia.der \ + certs/test/cert-ext-nc.cfg \ + certs/test/cert-ext-nc.der \ + certs/test/cert-ext-ns.der \ + certs/test/gen-ext-certs.sh \ certs/test/server-duplicate-policy.pem # The certs/server-cert with the last byte (signature byte) changed EXTRA_DIST += \ certs/test/server-cert-rsa-badsig.der \ certs/test/server-cert-rsa-badsig.pem \ - certs/test/server-cert-ecc-badsig.der \ + certs/test/server-cert-ecc-badsig.der \ certs/test/server-cert-ecc-badsig.pem - EXTRA_DIST += \ - certs/test/gen-badaltnamenull.sh \ + certs/test/gen-testcerts.sh \ certs/test/server-badaltnamenull.conf \ certs/test/server-badaltnamenull.csr \ certs/test/server-badaltnamenull.key \ certs/test/server-badaltnamenull.pem \ - certs/test/server-badaltnamenull.der + certs/test/server-badaltnamenull.der \ + certs/test/server-nomatch.conf \ + certs/test/server-nomatch.csr \ + certs/test/server-nomatch.key \ + certs/test/server-nomatch.pem \ + certs/test/server-nomatch.der + +EXTRA_DIST += \ + certs/test/crit-cert.pem \ + certs/test/crit-key.pem \ + certs/test/dh1024.der \ + certs/test/dh1024.pem \ + certs/test/dh512.der \ + certs/test/dh512.pem \ + certs/test/digsigku.pem \ + certs/test/expired-ca.pem \ + certs/test/expired-cert.pem \ + certs/test/expired-key.pem diff --git a/certs/test/server-cert-ecc-badsig.der b/certs/test/server-cert-ecc-badsig.der old mode 100755 new mode 100644 index 67342185b..8defd0079 Binary files a/certs/test/server-cert-ecc-badsig.der and b/certs/test/server-cert-ecc-badsig.der differ diff --git a/certs/test/server-cert-ecc-badsig.pem b/certs/test/server-cert-ecc-badsig.pem old mode 100755 new mode 100644 index 940f911c5..c4991c994 --- a/certs/test/server-cert-ecc-badsig.pem +++ b/certs/test/server-cert-ecc-badsig.pem @@ -1,3 +1,45 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4096 (0x1000) + Signature Algorithm: ecdsa-with-SHA256 + Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=www.wolfssl.com/emailAddress=info@wolfssl.com + Validity + Not Before: Oct 20 18:19:06 2017 GMT + Not After : Oct 18 18:19:06 2027 GMT + Subject: C=US, ST=Washington, L=Seattle, O=Eliptic, OU=ECC, CN=www.wolfssl.com/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:bb:33:ac:4c:27:50:4a:c6:4a:a5:04:c3:3c:de: + 9f:36:db:72:2d:ce:94:ea:2b:fa:cb:20:09:39:2c: + 16:e8:61:02:e9:af:4d:d3:02:93:9a:31:5b:97:92: + 21:7f:f0:cf:18:da:91:11:02:34:86:e8:20:58:33: + 0b:80:34:89:d8 + ASN1 OID: prime256v1 + NIST CURVE: P-256 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + Netscape Cert Type: + SSL Server + X509v3 Subject Key Identifier: + 5D:5D:26:EF:AC:7E:36:F9:9B:76:15:2B:4A:25:02:23:EF:B2:89:30 + X509v3 Authority Key Identifier: + keyid:56:8E:9A:C3:F0:42:DE:18:B9:45:55:6E:F9:93:CF:EA:C3:F3:A5:21 + DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Development/CN=www.wolfssl.com/emailAddress=info@wolfssl.com + serial:97:B4:BD:16:78:F8:47:F2 + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment, Key Agreement + X509v3 Extended Key Usage: + TLS Web Server Authentication + Signature Algorithm: ecdsa-with-SHA256 + 30:46:02:21:00:be:b8:58:f0:e4:15:01:1f:df:70:54:73:4a: + 6c:40:1f:77:a8:b4:eb:52:1e:bf:f5:0d:b1:33:ca:6a:c4:76: + b9:02:21:00:97:08:de:2c:28:c1:45:71:b6:2c:54:87:98:63: + 76:a8:21:34:90:a8:f7:9e:3f:fc:02:b0:e7:d3:09:31:27:e4 -----BEGIN CERTIFICATE----- MIIDUDCCAvWgAwIBAgICEAAwCgYIKoZIzj0EAwIwgZcxCzAJBgNVBAYTAlVTMRMw EQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3 @@ -16,5 +58,5 @@ VQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEYMBYGA1UEAwwPd3d3 LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkA l7S9Fnj4R/IwDgYDVR0PAQH/BAQDAgOoMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAoG CCqGSM49BAMCA0kAMEYCIQC+uFjw5BUBH99wVHNKbEAfd6i061Iev/UNsTPKasR2 -uQIhAJcI3iwowUVxtixUh5hjdqghNJCo954//AKw59MJMSfl +uQIhAJcI3iwowUVxtixUh5hjdqghNJCo954//AKw59MJxSfk -----END CERTIFICATE----- diff --git a/certs/test/server-cert-rsa-badsig.der b/certs/test/server-cert-rsa-badsig.der index cbede895b..0dc446b09 100644 Binary files a/certs/test/server-cert-rsa-badsig.der and b/certs/test/server-cert-rsa-badsig.der differ diff --git a/certs/test/server-cert-rsa-badsig.pem b/certs/test/server-cert-rsa-badsig.pem index 00dd52c0b..addafbad3 100644 --- a/certs/test/server-cert-rsa-badsig.pem +++ b/certs/test/server-cert-rsa-badsig.pem @@ -1,9 +1,68 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com + Validity + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT + Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL, OU=Support, CN=www.wolfssl.com/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27: + 01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6: + f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75: + f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab: + 64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e: + 86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25: + 4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c: + 34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6: + 8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc: + 40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8: + dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3: + e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9: + 64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0: + c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77: + ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4: + b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22: + a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f: + ad:d7 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C + X509v3 Authority Key Identifier: + keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 + DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com + serial:86:FF:F5:8E:10:DE:B8:FB + + X509v3 Basic Constraints: + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + b4:54:60:ad:a0:03:32:de:02:7f:21:4a:81:c6:ed:cd:cd:d8: + 12:8a:c0:ba:82:5b:75:ad:54:e3:7c:80:6a:ac:2e:6c:20:4e: + be:4d:82:a7:47:13:5c:f4:c6:6a:2b:10:99:58:de:ab:6b:7c: + 22:05:c1:83:9d:cb:ff:3c:e4:2d:57:6a:a6:96:df:d3:c1:68: + e3:d2:c6:83:4b:97:e2:c6:32:0e:be:c4:03:b9:07:8a:5b:b8: + 84:ba:c5:39:3f:1c:58:a7:55:d7:f0:9b:e8:d2:45:b9:e3:83: + 2e:ee:b6:71:56:b9:3a:ee:3f:27:d8:77:e8:fb:44:48:65:27: + 47:4c:fb:fe:72:c3:ac:05:7b:1d:cb:eb:5e:65:9a:ab:02:e4: + 88:5b:3b:8b:0b:c7:cc:a9:a6:8b:e1:87:b0:19:1a:0c:28:58: + 6f:99:52:7e:ed:b0:3a:68:3b:8c:0a:08:74:72:ab:b9:09:c5: + ed:04:7e:6f:0b:1c:09:21:d0:cd:7f:f9:c4:5e:27:20:e4:85: + 73:52:05:d2:ba:f8:d5:8f:41:cc:23:2e:12:6d:bc:31:98:e7: + 63:a3:8e:26:cd:e8:2b:88:ee:e2:fe:3a:74:52:34:0e:fd:12: + e5:5e:69:50:20:31:34:e4:31:f1:e7:e4:5b:03:13:da:ac:41: + 6c:e7:cf:2b -----BEGIN CERTIFICATE----- MIIEnjCCA4agAwIBAgIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz -bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTYwODEx -MjAwNzM3WhcNMTkwNTA4MjAwNzM3WjCBkDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM +bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTgwNDEz +MTUyMzEwWhcNMjEwMTA3MTUyMzEwWjCBkDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xEDAOBgNVBAoMB3dvbGZTU0wxEDAO BgNVBAsMB1N1cHBvcnQxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP @@ -17,11 +76,97 @@ sxEyyZKYhOLJ+NA7bgNCyh8OjjwwgckGA1UdIwSBwTCBvoAUJ45nEXTDJh0/7TNj s6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5h MRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwK Q29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcN -AQkBFhBpbmZvQHdvbGZzc2wuY29tggkAt7aQM2YbayMwDAYDVR0TBAUwAwEB/zAN -BgkqhkiG9w0BAQsFAAOCAQEAUf4q3wd+Q8pmjRXEK9tXsgZtDZBm/6UknBTvgfKk -q5mpakkgpdJx5xw8mQfHR/zolrT1QjDOOQFL0cLovJWEh85VXZefz3jzVpulCG2s -9qVcxO8+KjmmSCYpey3gzaaMV0gLuzEywr/ZQ0xHJRiBqMkzgkGbumGG14STFyQl -NspNY2tPlXnYYOAe9azBiqGxfoWOhyAvCDGtXsZKyGH0ngceoiLtc3yF7vpi3FA2 -qv3HnaoYBPvqzCxom7OpwpbYwcxafvcNngjgnSmLhEaP05Fqtbh6XMxPVQG4mkig -lEPKJUdSCvf0vrDRcW2lUkplULKtTh3gbAHY+0OA5uQMOA== +AQkBFhBpbmZvQHdvbGZzc2wuY29tggkAhv/1jhDeuPswDAYDVR0TBAUwAwEB/zAN +BgkqhkiG9w0BAQsFAAOCAQEAtFRgraADMt4CfyFKgcbtzc3YEorAuoJbda1U43yA +aqwubCBOvk2Cp0cTXPTGaisQmVjeq2t8IgXBg53L/zzkLVdqppbf08Fo49LGg0uX +4sYyDr7EA7kHilu4hLrFOT8cWKdV1/Cb6NJFueODLu62cVa5Ou4/J9h36PtESGUn +R0z7/nLDrAV7HcvrXmWaqwLkiFs7iwvHzKmmi+GHsBkaDChYb5lSfu2wOmg7jAoI +dHKruQnF7QR+bwscCSHQzX/5xF4nIOSFc1IF0rr41Y9BzCMuEm28MZjnY6OOJs3o +K4ju4v46dFI0Dv0S5V5pUCAxNOQx8efkWwMT2qxBbOfPKw== +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 9727763710660753659 (0x86fff58e10deb8fb) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com + Validity + Not Before: Apr 13 15:23:09 2018 GMT + Not After : Jan 7 15:23:09 2021 GMT + Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:bf:0c:ca:2d:14:b2:1e:84:42:5b:cd:38:1f:4a: + f2:4d:75:10:f1:b6:35:9f:df:ca:7d:03:98:d3:ac: + de:03:66:ee:2a:f1:d8:b0:7d:6e:07:54:0b:10:98: + 21:4d:80:cb:12:20:e7:cc:4f:de:45:7d:c9:72:77: + 32:ea:ca:90:bb:69:52:10:03:2f:a8:f3:95:c5:f1: + 8b:62:56:1b:ef:67:6f:a4:10:41:95:ad:0a:9b:e3: + a5:c0:b0:d2:70:76:50:30:5b:a8:e8:08:2c:7c:ed: + a7:a2:7a:8d:38:29:1c:ac:c7:ed:f2:7c:95:b0:95: + 82:7d:49:5c:38:cd:77:25:ef:bd:80:75:53:94:3c: + 3d:ca:63:5b:9f:15:b5:d3:1d:13:2f:19:d1:3c:db: + 76:3a:cc:b8:7d:c9:e5:c2:d7:da:40:6f:d8:21:dc: + 73:1b:42:2d:53:9c:fe:1a:fc:7d:ab:7a:36:3f:98: + de:84:7c:05:67:ce:6a:14:38:87:a9:f1:8c:b5:68: + cb:68:7f:71:20:2b:f5:a0:63:f5:56:2f:a3:26:d2: + b7:6f:b1:5a:17:d7:38:99:08:fe:93:58:6f:fe:c3: + 13:49:08:16:0b:a7:4d:67:00:52:31:67:23:4e:98: + ed:51:45:1d:b9:04:d9:0b:ec:d8:28:b3:4b:bd:ed: + 36:79 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 + X509v3 Authority Key Identifier: + keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 + DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com + serial:86:FF:F5:8E:10:DE:B8:FB + + X509v3 Basic Constraints: + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 9e:28:88:72:00:ca:e6:e7:97:ca:c1:f1:1f:9e:12:b2:b8:c7: + 51:ea:28:e1:36:b5:2d:e6:2f:08:23:cb:a9:4a:87:25:c6:5d: + 89:45:ea:f5:00:98:ac:76:fb:1b:af:f0:ce:64:9e:da:08:bf: + b6:eb:b4:b5:0c:a0:e7:f6:47:59:1c:61:cf:2e:0e:58:a4:82: + ac:0f:3f:ec:c4:ae:80:f7:b0:8a:1e:85:41:e8:ff:fe:fe:4f: + 1a:24:d5:49:fa:fb:fe:5e:e5:d3:91:0e:4f:4e:0c:21:51:71: + 83:04:6b:62:7b:4f:59:76:48:81:1e:b4:f7:04:47:8a:91:57: + a3:11:a9:f2:20:b4:78:33:62:3d:b0:5e:0d:f9:86:38:82:da: + a1:98:8d:19:06:87:21:39:b7:02:f7:da:7d:58:ba:52:15:d8: + 3b:c9:7b:58:34:a0:c7:e2:7c:a9:83:13:e1:b6:ec:01:bf:52: + 33:0b:c4:fe:43:d3:c6:a4:8e:2f:87:7f:7a:44:ea:ca:53:6c: + 85:ed:65:76:73:31:03:4e:ea:bd:35:54:13:f3:64:87:6b:df: + 34:dd:34:a1:88:3b:db:4d:af:1b:64:90:92:71:30:8e:c8:cc: + e5:60:24:af:31:16:39:33:91:50:f9:ab:68:42:74:7a:35:d9: + dd:c8:c4:52 +-----BEGIN CERTIFICATE----- +MIIEqjCCA5KgAwIBAgIJAIb/9Y4Q3rj7MA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD +VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G +A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3 +dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAe +Fw0xODA0MTMxNTIzMDlaFw0yMTAxMDcxNTIzMDlaMIGUMQswCQYDVQQGEwJVUzEQ +MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3 +dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns +LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAL8Myi0Ush6EQlvNOB9K8k11EPG2NZ/fyn0D +mNOs3gNm7irx2LB9bgdUCxCYIU2AyxIg58xP3kV9yXJ3MurKkLtpUhADL6jzlcXx +i2JWG+9nb6QQQZWtCpvjpcCw0nB2UDBbqOgILHztp6J6jTgpHKzH7fJ8lbCVgn1J +XDjNdyXvvYB1U5Q8PcpjW58VtdMdEy8Z0TzbdjrMuH3J5cLX2kBv2CHccxtCLVOc +/hr8fat6Nj+Y3oR8BWfOahQ4h6nxjLVoy2h/cSAr9aBj9VYvoybSt2+xWhfXOJkI +/pNYb/7DE0kIFgunTWcAUjFnI06Y7VFFHbkE2Qvs2CizS73tNnkCAwEAAaOB/DCB ++TAdBgNVHQ4EFgQUJ45nEXTDJh0/7TNjs6TYHTDl6NUwgckGA1UdIwSBwTCBvoAU +J45nEXTDJh0/7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYD +VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290 +aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t +MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkAhv/1jhDeuPswDAYD +VR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAniiIcgDK5ueXysHxH54SsrjH +Ueoo4Ta1LeYvCCPLqUqHJcZdiUXq9QCYrHb7G6/wzmSe2gi/tuu0tQyg5/ZHWRxh +zy4OWKSCrA8/7MSugPewih6FQej//v5PGiTVSfr7/l7l05EOT04MIVFxgwRrYntP +WXZIgR609wRHipFXoxGp8iC0eDNiPbBeDfmGOILaoZiNGQaHITm3AvfafVi6UhXY +O8l7WDSgx+J8qYMT4bbsAb9SMwvE/kPTxqSOL4d/ekTqylNshe1ldnMxA07qvTVU +E/Nkh2vfNN00oYg7202vG2SQknEwjsjM5WAkrzEWOTORUPmraEJ0ejXZ3cjExg== -----END CERTIFICATE----- diff --git a/certs/test/server-duplicate-policy.pem b/certs/test/server-duplicate-policy.pem index ce80d5b09..bdc9af911 100644 --- a/certs/test/server-duplicate-policy.pem +++ b/certs/test/server-duplicate-policy.pem @@ -5,8 +5,8 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Mar 10 20:37:22 2017 GMT - Not After : Dec 5 20:37:22 2019 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL, OU=testing duplicate policy, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -37,7 +37,7 @@ Certificate: X509v3 Authority Key Identifier: keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:9C:86:DC:5C:A7:73:35:83 + serial:86:FF:F5:8E:10:DE:B8:FB X509v3 Basic Constraints: CA:FALSE @@ -49,27 +49,27 @@ Certificate: Explicit Text: Test of duplicate OIDs with different qualifiers Signature Algorithm: sha256WithRSAEncryption - 82:59:1f:4c:a7:19:9f:e7:ab:cc:51:21:da:ef:4f:73:75:22: - 6c:db:55:83:c4:35:c7:40:69:49:46:45:56:78:06:03:76:d8: - 3b:6c:75:aa:2c:a5:c0:61:e8:5c:c0:2b:ed:66:a9:66:c0:b3: - 37:83:23:c5:2c:b2:45:59:61:84:be:dd:44:72:00:7a:6b:f9: - 50:89:31:66:a7:84:46:74:0f:bb:5b:05:0d:1f:2d:4d:b4:dc: - 69:2c:e2:a0:fd:5e:93:14:c7:ce:a2:6e:50:61:8f:73:94:a0: - 7a:65:e5:9d:76:f0:1b:1c:da:da:72:3e:f9:8c:4d:c0:4a:cb: - 24:e8:40:51:a1:37:9c:e7:87:1a:0e:cd:a6:7f:54:39:65:5f: - 63:64:04:60:5e:cc:1d:a6:71:78:1f:44:32:32:f9:27:0d:23: - 75:95:01:0b:0d:f3:90:ec:e2:7e:df:0f:43:96:e4:32:c3:b4: - e2:df:87:12:97:a1:1e:f1:c8:73:fe:5e:ea:55:5c:f7:4b:88: - 2e:31:6c:52:ff:b3:05:85:f7:fe:e7:ac:f6:74:a8:4f:8e:96: - 88:5f:73:5a:f1:77:9d:b9:16:a3:53:e2:4a:5b:e2:5e:2b:88: - 1c:a8:b8:ee:e2:ee:72:cb:b2:51:ab:c2:90:5f:15:df:1c:ff: - fd:0d:95:20 + a0:b0:d4:b9:0b:bb:1e:3a:50:21:43:6a:e0:99:61:7e:46:cb: + d6:d3:5a:84:47:4c:9b:e9:13:c8:d4:44:b5:17:1f:52:29:a8: + 3d:e1:33:50:4a:4a:9c:a4:8d:86:99:83:72:7e:87:ba:04:b0: + bc:9b:39:ce:73:15:49:99:03:f1:e1:b5:ef:cb:85:bc:45:5e: + a8:fd:f6:82:f2:45:80:31:e9:cd:56:9b:cc:84:ff:6c:36:ee: + a6:e0:7f:a7:f1:49:0d:b6:ed:12:5b:34:05:b8:c5:4d:e2:ec: + 5b:25:dd:9c:3a:1a:4b:dc:cf:8e:41:a4:dd:ca:83:6a:cc:bc: + cd:4d:75:92:1f:45:8a:b0:6d:e4:72:8d:2c:18:12:26:b2:dc: + 3f:47:bd:76:c1:cb:da:9e:bd:58:10:6c:3e:57:22:9b:34:3e: + 6f:88:d7:e3:fd:4f:f5:97:a2:d2:9f:1d:58:fc:36:fa:94:dd: + 4e:13:e6:57:35:1c:5c:a5:69:6a:ce:3d:d3:21:51:1a:1a:3e: + cf:89:a4:c1:a0:9e:c4:0f:a1:d1:39:ac:31:1e:5e:e7:2f:d0: + 22:c3:9f:4d:57:90:ab:d6:f8:3d:dc:7f:9d:71:94:5d:95:48: + 9d:01:66:13:3a:26:0f:76:cc:c2:63:7d:0c:c8:0c:88:6b:84: + 01:c7:0a:a4 -----BEGIN CERTIFICATE----- MIIFJjCCBA6gAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz -bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTcwMzEw -MjAzNzIyWhcNMTkxMjA1MjAzNzIyWjCBoTELMAkGA1UEBhMCVVMxEDAOBgNVBAgM +bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTgwNDEz +MTUyMzEwWhcNMjEwMTA3MTUyMzEwWjCBoTELMAkGA1UEBhMCVVMxEDAOBgNVBAgM B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xEDAOBgNVBAoMB3dvbGZTU0wxITAf BgNVBAsMGHRlc3RpbmcgZHVwbGljYXRlIHBvbGljeTEYMBYGA1UEAwwPd3d3Lndv bGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIBIjAN @@ -83,26 +83,26 @@ o4IBcjCCAW4wHQYDVR0OBBYEFLMRMsmSmITiyfjQO24DQsofDo48MIHJBgNVHSME gcEwgb6AFCeOZxF0wyYdP+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYDVQQGEwJV UzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwI U2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xm -c3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIJAJyG3Fyn -czWDMAkGA1UdEwQCMAAwdgYDVR0gBG8wbTAFBgMqAwQwZAYDKgMEMF0wGwYIKwYB +c3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIJAIb/9Y4Q +3rj7MAkGA1UdEwQCMAAwdgYDVR0gBG8wbTAFBgMqAwQwZAYDKgMEMF0wGwYIKwYB BQUHAgEWD3d3dy53b2xmc3NsLmNvbTA+BggrBgEFBQcCAjAyGjBUZXN0IG9mIGR1 cGxpY2F0ZSBPSURzIHdpdGggZGlmZmVyZW50IHF1YWxpZmllcnMwDQYJKoZIhvcN -AQELBQADggEBAIJZH0ynGZ/nq8xRIdrvT3N1ImzbVYPENcdAaUlGRVZ4BgN22Dts -daospcBh6FzAK+1mqWbAszeDI8UsskVZYYS+3URyAHpr+VCJMWanhEZ0D7tbBQ0f -LU203Gks4qD9XpMUx86iblBhj3OUoHpl5Z128Bsc2tpyPvmMTcBKyyToQFGhN5zn -hxoOzaZ/VDllX2NkBGBezB2mcXgfRDIy+ScNI3WVAQsN85Ds4n7fD0OW5DLDtOLf -hxKXoR7xyHP+XupVXPdLiC4xbFL/swWF9/7nrPZ0qE+Olohfc1rxd525FqNT4kpb -4l4riByouO7i7nLLslGrwpBfFd8c//0NlSA= +AQELBQADggEBAKCw1LkLux46UCFDauCZYX5Gy9bTWoRHTJvpE8jURLUXH1IpqD3h +M1BKSpykjYaZg3J+h7oEsLybOc5zFUmZA/Hhte/LhbxFXqj99oLyRYAx6c1Wm8yE +/2w27qbgf6fxSQ227RJbNAW4xU3i7Fsl3Zw6Gkvcz45BpN3Kg2rMvM1NdZIfRYqw +beRyjSwYEiay3D9HvXbBy9qevVgQbD5XIps0Pm+I1+P9T/WXotKfHVj8NvqU3U4T +5lc1HFylaWrOPdMhURoaPs+JpMGgnsQPodE5rDEeXucv0CLDn01XkKvW+D3cf51x +lF2VSJ0BZhM6Jg92zMJjfQzIDIhrhAHHCqQ= -----END CERTIFICATE----- Certificate: Data: Version: 3 (0x2) - Serial Number: 11278944607300433283 (0x9c86dc5ca7733583) + Serial Number: 9727763710660753659 (0x86fff58e10deb8fb) Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Mar 10 20:37:22 2017 GMT - Not After : Dec 5 20:37:22 2019 GMT + Not Before: Apr 13 15:23:09 2018 GMT + Not After : Jan 7 15:23:09 2021 GMT Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -133,32 +133,32 @@ Certificate: X509v3 Authority Key Identifier: keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:9C:86:DC:5C:A7:73:35:83 + serial:86:FF:F5:8E:10:DE:B8:FB X509v3 Basic Constraints: CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 10:6b:75:29:65:17:7e:78:ae:85:2e:b7:a4:50:98:69:74:f9: - 50:a1:8e:2c:9f:b0:43:66:a1:e0:42:32:38:15:5f:2e:cc:cc: - c4:b9:7c:b5:c2:bc:59:24:49:17:ad:1c:e4:6e:dc:70:e3:93: - fc:69:dd:04:7b:41:dd:08:f0:13:ee:2a:cb:6f:cf:af:d4:96: - 3c:44:50:29:45:60:89:cd:ec:5f:c1:bb:b0:03:61:74:b3:29: - ad:df:e9:7c:d9:f2:18:22:45:e7:3d:d4:72:37:2c:b4:18:7d: - 34:ca:55:00:0d:89:d0:f7:3e:81:4d:da:02:4c:2b:a6:61:4b: - bf:b1:ec:73:11:6a:53:a3:0a:0f:20:04:5d:17:67:b1:a6:a2: - 37:a8:f5:ea:78:6d:00:8b:64:16:62:0a:6f:44:94:15:9e:4d: - 15:0c:33:f0:ba:9d:e2:be:69:6f:12:9f:69:95:39:ba:97:9e: - c3:af:22:ad:f2:f2:3b:67:81:1a:99:d2:02:89:86:6d:8f:92: - 98:32:dd:c1:fa:2e:38:03:2e:fc:02:a5:e7:b8:dc:94:3b:88: - 15:4a:09:80:98:61:b4:5e:07:b5:87:57:f4:a0:91:5c:7e:89: - f5:89:16:f2:7a:15:52:1b:55:26:7c:59:d2:d0:23:e3:0e:12: - b1:99:f9:6b + 9e:28:88:72:00:ca:e6:e7:97:ca:c1:f1:1f:9e:12:b2:b8:c7: + 51:ea:28:e1:36:b5:2d:e6:2f:08:23:cb:a9:4a:87:25:c6:5d: + 89:45:ea:f5:00:98:ac:76:fb:1b:af:f0:ce:64:9e:da:08:bf: + b6:eb:b4:b5:0c:a0:e7:f6:47:59:1c:61:cf:2e:0e:58:a4:82: + ac:0f:3f:ec:c4:ae:80:f7:b0:8a:1e:85:41:e8:ff:fe:fe:4f: + 1a:24:d5:49:fa:fb:fe:5e:e5:d3:91:0e:4f:4e:0c:21:51:71: + 83:04:6b:62:7b:4f:59:76:48:81:1e:b4:f7:04:47:8a:91:57: + a3:11:a9:f2:20:b4:78:33:62:3d:b0:5e:0d:f9:86:38:82:da: + a1:98:8d:19:06:87:21:39:b7:02:f7:da:7d:58:ba:52:15:d8: + 3b:c9:7b:58:34:a0:c7:e2:7c:a9:83:13:e1:b6:ec:01:bf:52: + 33:0b:c4:fe:43:d3:c6:a4:8e:2f:87:7f:7a:44:ea:ca:53:6c: + 85:ed:65:76:73:31:03:4e:ea:bd:35:54:13:f3:64:87:6b:df: + 34:dd:34:a1:88:3b:db:4d:af:1b:64:90:92:71:30:8e:c8:cc: + e5:60:24:af:31:16:39:33:91:50:f9:ab:68:42:74:7a:35:d9: + dd:c8:c4:52 -----BEGIN CERTIFICATE----- -MIIEqjCCA5KgAwIBAgIJAJyG3FynczWDMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD +MIIEqjCCA5KgAwIBAgIJAIb/9Y4Q3rj7MA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3 dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAe -Fw0xNzAzMTAyMDM3MjJaFw0xOTEyMDUyMDM3MjJaMIGUMQswCQYDVQQGEwJVUzEQ +Fw0xODA0MTMxNTIzMDlaFw0yMTAxMDcxNTIzMDlaMIGUMQswCQYDVQQGEwJVUzEQ MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3 dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZI @@ -172,11 +172,11 @@ XDjNdyXvvYB1U5Q8PcpjW58VtdMdEy8Z0TzbdjrMuH3J5cLX2kBv2CHccxtCLVOc J45nEXTDJh0/7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYD VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290 aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t -MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkAnIbcXKdzNYMwDAYD -VR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAEGt1KWUXfniuhS63pFCYaXT5 -UKGOLJ+wQ2ah4EIyOBVfLszMxLl8tcK8WSRJF60c5G7ccOOT/GndBHtB3QjwE+4q -y2/Pr9SWPERQKUVgic3sX8G7sANhdLMprd/pfNnyGCJF5z3UcjcstBh9NMpVAA2J -0Pc+gU3aAkwrpmFLv7HscxFqU6MKDyAEXRdnsaaiN6j16nhtAItkFmIKb0SUFZ5N -FQwz8Lqd4r5pbxKfaZU5upeew68irfLyO2eBGpnSAomGbY+SmDLdwfouOAMu/AKl -57jclDuIFUoJgJhhtF4HtYdX9KCRXH6J9YkW8noVUhtVJnxZ0tAj4w4SsZn5aw== +MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkAhv/1jhDeuPswDAYD +VR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAniiIcgDK5ueXysHxH54SsrjH +Ueoo4Ta1LeYvCCPLqUqHJcZdiUXq9QCYrHb7G6/wzmSe2gi/tuu0tQyg5/ZHWRxh +zy4OWKSCrA8/7MSugPewih6FQej//v5PGiTVSfr7/l7l05EOT04MIVFxgwRrYntP +WXZIgR609wRHipFXoxGp8iC0eDNiPbBeDfmGOILaoZiNGQaHITm3AvfafVi6UhXY +O8l7WDSgx+J8qYMT4bbsAb9SMwvE/kPTxqSOL4d/ekTqylNshe1ldnMxA07qvTVU +E/Nkh2vfNN00oYg7202vG2SQknEwjsjM5WAkrzEWOTORUPmraEJ0ejXZ3cjEUg== -----END CERTIFICATE----- diff --git a/certs/test/server-nomatch.conf b/certs/test/server-nomatch.conf new file mode 100644 index 000000000..b53010c37 --- /dev/null +++ b/certs/test/server-nomatch.conf @@ -0,0 +1,16 @@ +[ req ] +default_bits = 2048 +distinguished_name = req_distinguished_name +req_extensions = req_ext + +[ req_distinguished_name ] +countryName = US +stateOrProvinceName = Montana +localityName = Bozeman +organizationName = Engineering +commonName = www.nomatch.com +commonName_max = 64 + +[ req_ext ] +#subjectAltName = localhost\0h +#subjectAltName = DER:30:0d:82:0b:6c:6f:63:61:6c:68:6f:73:74:00:68 diff --git a/certs/test/server-nomatch.csr b/certs/test/server-nomatch.csr new file mode 100644 index 000000000..5fdc8f777 --- /dev/null +++ b/certs/test/server-nomatch.csr @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICtDCCAZwCAQAwYDELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAO +BgNVBAcMB0JvemVtYW4xFDASBgNVBAoMC0VuZ2luZWVyaW5nMRcwFQYDVQQDDA53 +d3cubm9uYW1lLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ1B +JYwNWaXJdfnKJAz61T0m1w6xMGxELhZWjDks49zn98lW8E8wMZtCoguE1feuu9pF +6yGnfRmK2J+4QjeWVejmMqt8SQyJpW8nWCvRpFVha0RFbmT60nuvKMRX68Lku6iU +Vav2KHU+cz4yBj1m9QO6AqzJWQWiLY5t25OBq+EkhWUd9I39rGmF8ba1Bnpus27U +tqRVJ8cmEwnNPc8ihvcN8RsrYdnQNyYIiIUdJIA2iduDE7PeOSY3jT9mtmeWQOHp +l91xh/RGbJWNpLBd66TkreLTnz4zmQMMTzZGj1pdv9B3UFc6mIMNWmLsERRhiOMO +hiaFfEJwFJZBN9PaXYsCAwEAAaAPMA0GCSqGSIb3DQEJDjEAMA0GCSqGSIb3DQEB +CwUAA4IBAQCA0S++HN0qb94u8setTM5akJjpM1b2o4rcrQluFKMel8mMip9hinvG +sPkJL1KB28/O9TcdmMX57zfXBsumxLSpjzmjIqri7fVabcu/kybE2wdNNvM+9ZzT +pNbYhWEhsCS8XAegiApx/JVszmH77GLExuVAY2XqxA7Cy2Ia/qyiR6v0agMd6I4z +T7nlJHBckOOEdJ6cjqy67vqWy+BKwCK/kRnOJuirIeJ+SechS4tXuRrVni0pkDuK +xQ2uHQjpzFR40U6pFGgwZcdR1bvLCWOlC7efS4ayIETZzhOuXTZa4qQ5/IcCyM+N +scJS5z+YQpQMgOs5jj5DWYLUtMs63UmQ +-----END CERTIFICATE REQUEST----- diff --git a/certs/test/server-nomatch.der b/certs/test/server-nomatch.der new file mode 100644 index 000000000..0dcf502a0 Binary files /dev/null and b/certs/test/server-nomatch.der differ diff --git a/certs/test/server-nomatch.key b/certs/test/server-nomatch.key new file mode 100644 index 000000000..182b27380 --- /dev/null +++ b/certs/test/server-nomatch.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAnUEljA1Zpcl1+cokDPrVPSbXDrEwbEQuFlaMOSzj3Of3yVbw +TzAxm0KiC4TV96672kXrIad9GYrYn7hCN5ZV6OYyq3xJDImlbydYK9GkVWFrREVu +ZPrSe68oxFfrwuS7qJRVq/YodT5zPjIGPWb1A7oCrMlZBaItjm3bk4Gr4SSFZR30 +jf2saYXxtrUGem6zbtS2pFUnxyYTCc09zyKG9w3xGyth2dA3JgiIhR0kgDaJ24MT +s945JjeNP2a2Z5ZA4emX3XGH9EZslY2ksF3rpOSt4tOfPjOZAwxPNkaPWl2/0HdQ +VzqYgw1aYuwRFGGI4w6GJoV8QnAUlkE309pdiwIDAQABAoIBAQCKxhIHfUSOvLHj +JRMZbUY/OAZzTcTo1mZBilEmp8nSidculA1wJJyyYmQ0fB6C/G2E20z8Hx2UK+at +VOMCwSXBaVxv3zdr3BDlfbgeu1wliNornoYkkQCs68+zLc+95zMAOx87qPjdNqZm +zaiaCUDR8BYqO2nXQd6oIaSzkKyI+tqTO9zW4NG8Y5zv0waKCjPK9Ep/kze9uC4S +WIp2eYhUb+x60dECDBGI9xvlgeZyP5PMCfCyaZk3CxnLsR4tI9R5WwDgMcjCShJk +3+kHyrtNU8ak2TrfUoh96arHu0HMLFJaJSdxYT9FUSKhKu+fWMn1J36AkxdqntAw +6HATVD4ZAoGBAM0DCqI5BKvmPWdO587+fpPAa76iqQDqqkaAQ94xcGtTYA0yEfbA +V4JFfsCEFm7evteMmJgmDyNNVvnSi/LQhL+ih40Q0LKREYzBiMy3aothQZAYb+Ex +fVllfZhIaWI8q/DoeZ7qohRHFGBA/znav6vls3kE3jRWx0O30eq9cX1tAoGBAMRd +bQNcp2mCm+fe//s5GKXm4ak4zeo077fUCxJly4DE5e2+IGrP+JYwVrJsMuFu/3C1 +/6+qCgLS+/08BMQ+e6xmTDJrRXtk9KmDI38tEoqzH8tkAgSTxby771/5uNr7hbgX +LtCCIsxhwSAML0b7M2I8xmEfL3Dmu1q7/GEDAMPXAoGABd/ucBOeNKbWX519OwtD +6Uv8Smwy15nh4z9NspJMHGc5O2eR6DY+y7beGPowAmFTqq2WudVtXZ+bvHDyHbUn ++K3ZoIs4z8UkcZoiJ2uiG/hffpeUrSlT5DnqTXDVxEDk1HR0977Vgis/RDrYlXnV +QEHG0NL44xsRfrlHxKhFFkkCgYB1HsgzliLgQp+c2BxUCkUSRrhXx2LCC5rjSRzl +d0O+5THC8IDDVJIPentrZi+e2CaRYmxDqSbZcmAMNa0eI6p+NHHELMk/hQKMzIPy +ib6ibZ5MILU3Z7AsFuf6labVLeoe1+z7PnNk9fVLmRjlvFR0ho1IRmJ0c5pRzwgE +ENd29wKBgA5WnuCBKF9Kv8H9E1hAuAGXwBxmw9PVeWB63/TAernlOQhF47ra9ExH +GtkZv9D/2tNJaoft1YQ1yhBn7l7rW+vfQYXAOW4yRg0FSOOgefBwN/eTOXVRU9Zg +9LBwnQlvimQUm0GrxLLAseDqFMn/a3x/KxftvF95JGx/1Lscukdz +-----END RSA PRIVATE KEY----- diff --git a/certs/test/server-nomatch.pem b/certs/test/server-nomatch.pem new file mode 100644 index 000000000..a1753cbf3 --- /dev/null +++ b/certs/test/server-nomatch.pem @@ -0,0 +1,69 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 13225619248861184800 (0xb78ad6a26ef08320) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, ST=Montana, L=Bozeman, O=Engineering, CN=www.noname.com + Validity + Not Before: May 24 21:25:38 2018 GMT + Not After : Feb 17 21:25:38 2021 GMT + Subject: C=US, ST=Montana, L=Bozeman, O=Engineering, CN=www.noname.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:9d:41:25:8c:0d:59:a5:c9:75:f9:ca:24:0c:fa: + d5:3d:26:d7:0e:b1:30:6c:44:2e:16:56:8c:39:2c: + e3:dc:e7:f7:c9:56:f0:4f:30:31:9b:42:a2:0b:84: + d5:f7:ae:bb:da:45:eb:21:a7:7d:19:8a:d8:9f:b8: + 42:37:96:55:e8:e6:32:ab:7c:49:0c:89:a5:6f:27: + 58:2b:d1:a4:55:61:6b:44:45:6e:64:fa:d2:7b:af: + 28:c4:57:eb:c2:e4:bb:a8:94:55:ab:f6:28:75:3e: + 73:3e:32:06:3d:66:f5:03:ba:02:ac:c9:59:05:a2: + 2d:8e:6d:db:93:81:ab:e1:24:85:65:1d:f4:8d:fd: + ac:69:85:f1:b6:b5:06:7a:6e:b3:6e:d4:b6:a4:55: + 27:c7:26:13:09:cd:3d:cf:22:86:f7:0d:f1:1b:2b: + 61:d9:d0:37:26:08:88:85:1d:24:80:36:89:db:83: + 13:b3:de:39:26:37:8d:3f:66:b6:67:96:40:e1:e9: + 97:dd:71:87:f4:46:6c:95:8d:a4:b0:5d:eb:a4:e4: + ad:e2:d3:9f:3e:33:99:03:0c:4f:36:46:8f:5a:5d: + bf:d0:77:50:57:3a:98:83:0d:5a:62:ec:11:14:61: + 88:e3:0e:86:26:85:7c:42:70:14:96:41:37:d3:da: + 5d:8b + Exponent: 65537 (0x10001) + Signature Algorithm: sha1WithRSAEncryption + 6d:df:c3:7a:74:32:b6:ba:f5:2c:87:93:6c:64:7c:b9:5f:6e: + 79:f3:e7:b2:6a:58:c6:8d:20:9a:f6:46:b1:60:f9:59:59:6f: + 22:32:e3:f8:5c:a2:2d:53:84:48:b9:68:6d:2e:59:03:c1:e4: + ad:5b:ce:91:6e:13:bd:5c:71:2a:69:d8:7d:a8:07:cf:6f:83: + 0c:05:cf:d4:39:7f:10:3d:35:98:1c:f9:77:26:53:d5:81:f1: + 6a:0b:ca:fb:86:f9:6d:bb:92:b9:e0:57:a2:3b:43:14:cc:e0: + 75:27:10:c2:50:1d:91:ca:af:f8:36:88:cc:5d:1d:37:77:fe: + 1d:ea:b3:d9:94:b6:e4:b1:a7:29:2b:e4:1e:c7:f6:65:1d:59: + d7:e2:2d:01:d2:08:a1:72:a0:b2:f1:3f:9c:fd:27:f9:46:85: + e3:05:a5:34:b0:a6:6c:44:f0:42:16:32:71:2f:cd:82:c2:33: + 05:0a:3c:3c:e7:87:17:d7:1f:a9:4e:83:c2:1e:46:a5:0f:7a: + c2:98:f7:98:a1:75:b8:72:26:d9:1b:65:24:f0:f3:d7:2c:9c: + cf:a6:88:c4:8c:56:00:87:16:be:49:28:91:a0:bc:c7:9f:e3: + 02:35:fb:0b:39:e3:c0:f9:f3:ed:bb:7d:2e:4c:09:7a:88:53: + b1:16:5c:b4 +-----BEGIN CERTIFICATE----- +MIIDQTCCAimgAwIBAgIJALeK1qJu8IMgMA0GCSqGSIb3DQEBBQUAMGAxCzAJBgNV +BAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRQwEgYD +VQQKDAtFbmdpbmVlcmluZzEXMBUGA1UEAwwOd3d3Lm5vbmFtZS5jb20wHhcNMTgw +NTI0MjEyNTM4WhcNMjEwMjE3MjEyNTM4WjBgMQswCQYDVQQGEwJVUzEQMA4GA1UE +CAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEUMBIGA1UECgwLRW5naW5lZXJp +bmcxFzAVBgNVBAMMDnd3dy5ub25hbWUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEAnUEljA1Zpcl1+cokDPrVPSbXDrEwbEQuFlaMOSzj3Of3yVbw +TzAxm0KiC4TV96672kXrIad9GYrYn7hCN5ZV6OYyq3xJDImlbydYK9GkVWFrREVu +ZPrSe68oxFfrwuS7qJRVq/YodT5zPjIGPWb1A7oCrMlZBaItjm3bk4Gr4SSFZR30 +jf2saYXxtrUGem6zbtS2pFUnxyYTCc09zyKG9w3xGyth2dA3JgiIhR0kgDaJ24MT +s945JjeNP2a2Z5ZA4emX3XGH9EZslY2ksF3rpOSt4tOfPjOZAwxPNkaPWl2/0HdQ +VzqYgw1aYuwRFGGI4w6GJoV8QnAUlkE309pdiwIDAQABMA0GCSqGSIb3DQEBBQUA +A4IBAQBt38N6dDK2uvUsh5NsZHy5X2558+eyaljGjSCa9kaxYPlZWW8iMuP4XKIt +U4RIuWhtLlkDweStW86RbhO9XHEqadh9qAfPb4MMBc/UOX8QPTWYHPl3JlPVgfFq +C8r7hvltu5K54FeiO0MUzOB1JxDCUB2Ryq/4NojMXR03d/4d6rPZlLbksacpK+Qe +x/ZlHVnX4i0B0gihcqCy8T+c/Sf5RoXjBaU0sKZsRPBCFjJxL82CwjMFCjw854cX +1x+pToPCHkalD3rCmPeYoXW4cibZG2Uk8PPXLJzPpojEjFYAhxa+SSiRoLzHn+MC +NfsLOePA+fPtu30uTAl6iFOxFly0 +-----END CERTIFICATE----- diff --git a/configure.ac b/configure.ac index c96e5ce2a..037fb89a2 100644 --- a/configure.ac +++ b/configure.ac @@ -6,49 +6,46 @@ # # AC_COPYRIGHT([Copyright (C) 2006-2018 wolfSSL Inc.]) -AC_INIT([wolfssl],[3.14.0],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com]) - +AC_PREREQ([2.63]) +AC_INIT([wolfssl],[3.15.0],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[https://www.wolfssl.com]) AC_CONFIG_AUX_DIR([build-aux]) # The following sets CFLAGS and CXXFLAGS to empty if unset on command line. -# We do not want the default "-g -O2" that AC_PROG_CC AC_PROG_CXX sets -# automatically. +# We do not want the default "-g -O2" that AC_PROG_CC sets automatically. : ${CFLAGS=""} -: ${CXXFLAGS=""} +# Test ar for the "U" option. Should be checked before the libtool macros. +xxx_ar_flags=$((ar --help) 2>&1) +AS_CASE([$xxx_ar_flags],[*'use actual timestamps and uids/gids'*],[: ${AR_FLAGS="Ucru"}]) + +AC_PROG_CC +AM_PROG_CC_C_O AC_CANONICAL_HOST -AC_CANONICAL_BUILD - -AM_INIT_AUTOMAKE([1.11 -Wall -Werror -Wno-portability foreign tar-ustar subdir-objects no-define color-tests]) -AC_PREREQ([2.63]) - -AC_ARG_PROGRAM -AC_DEFUN([PROTECT_AC_USE_SYSTEM_EXTENSIONS], - [AX_SAVE_FLAGS - AC_LANG_PUSH([C]) - AC_USE_SYSTEM_EXTENSIONS - AC_LANG_POP([C]) - AX_RESTORE_FLAGS - ]) -#PROTECT_AC_USE_SYSTEM_EXTENSIONS - AC_CONFIG_MACRO_DIR([m4]) -AC_CONFIG_HEADERS([config.h:config.in])dnl Keep filename to 8.3 for MS-DOS. +AM_INIT_AUTOMAKE([1.11 -Wall -Werror -Wno-portability foreign tar-ustar subdir-objects no-define color-tests]) +m4_ifdef([AM_SILENT_RULES],[AM_SILENT_RULES([yes])]) + +AC_ARG_PROGRAM + +AC_CONFIG_HEADERS([config.h:config.in]) + +LT_PREREQ([2.2]) +LT_INIT([disable-static win32-dll]) #shared library versioning -WOLFSSL_LIBRARY_VERSION=16:0:0 -# | | | -# +------+ | +---+ -# | | | -# current:revision:age -# | | | -# | | +- increment if interfaces have been added -# | | set to zero if interfaces have been removed -# | | or changed -# | +- increment if source code has changed -# | set to zero if current is incremented -# +- increment if interfaces have been added, removed or changed +WOLFSSL_LIBRARY_VERSION=17:0:0 +# | | | +# +------+ | +---+ +# | | | +# current:revision:age +# | | | +# | | +- increment if interfaces have been added +# | | set to zero if interfaces have been removed +# | | or changed +# | +- increment if source code has changed +# | set to zero if current is incremented +# +- increment if interfaces have been added, removed or changed AC_SUBST([WOLFSSL_LIBRARY_VERSION]) # capture user C_EXTRA_FLAGS from ./configure line, CFLAGS may hold -g -O2 even @@ -56,57 +53,29 @@ AC_SUBST([WOLFSSL_LIBRARY_VERSION]) USER_C_EXTRA_FLAGS="$C_EXTRA_FLAGS" USER_CFLAGS="$CFLAGS" -LT_PREREQ([2.2]) -LT_INIT([disable-static],[win32-dll]) -LT_LANG([C++]) -LT_LANG([C]) - gl_VISIBILITY AS_IF([ test -n "$CFLAG_VISIBILITY" ], [ AM_CPPFLAGS="$AM_CPPFLAGS $CFLAG_VISIBILITY" CPPFLAGS="$CPPFLAGS $CFLAG_VISIBILITY" ]) -m4_ifdef([AM_SILENT_RULES],[AM_SILENT_RULES([yes])]) # Moved these size of and type checks before the library checks. # The library checks add the library to subsequent test compiles # and in some rare cases, the networking check causes these sizeof # checks to fail. -AC_CHECK_SIZEOF(long long, 8) -AC_CHECK_SIZEOF(long, 4) -AC_CHECK_TYPES(__uint128_t) -AC_CHECK_FUNCS([gethostbyname]) -AC_CHECK_FUNCS([getaddrinfo]) -AC_CHECK_FUNCS([gettimeofday]) -AC_CHECK_FUNCS([gmtime_r]) -AC_CHECK_FUNCS([inet_ntoa]) -AC_CHECK_FUNCS([memset]) -AC_CHECK_FUNCS([socket]) -AC_CHECK_HEADERS([arpa/inet.h]) -AC_CHECK_HEADERS([fcntl.h]) -AC_CHECK_HEADERS([limits.h]) -AC_CHECK_HEADERS([netdb.h]) -AC_CHECK_HEADERS([netinet/in.h]) -AC_CHECK_HEADERS([stddef.h]) -AC_CHECK_HEADERS([sys/ioctl.h]) -AC_CHECK_HEADERS([sys/socket.h]) -AC_CHECK_HEADERS([sys/time.h]) -AC_CHECK_HEADERS([errno.h]) -AC_CHECK_LIB(network,socket) +AC_CHECK_SIZEOF([long long]) +AC_CHECK_SIZEOF([long]) +AC_CHECK_TYPES([__uint128_t]) +AC_CHECK_FUNCS([gethostbyname getaddrinfo gettimeofday gmtime_r inet_ntoa memset socket]) +AC_CHECK_HEADERS([arpa/inet.h fcntl.h limits.h netdb.h netinet/in.h stddef.h sys/ioctl.h sys/socket.h sys/time.h errno.h]) +AC_CHECK_LIB([network],[socket]) AC_C_BIGENDIAN -# mktime check takes forever on some systems, if time supported it would be -# highly unusual for mktime to be missing -#AC_FUNC_MKTIME -AC_PROG_CC -AC_PROG_CC_C_O -AC_PROG_CXX AC_PROG_INSTALL AC_TYPE_SIZE_T AC_TYPE_UINT8_T AM_PROG_AS -AM_PROG_CC_C_O LT_LIB_M OPTIMIZE_CFLAGS="-Os -fomit-frame-pointer" @@ -116,13 +85,9 @@ DEBUG_CFLAGS="-g -DDEBUG -DDEBUG_WOLFSSL" LIB_ADD= LIB_STATIC_ADD= -thread_ls_on=no # Thread local storage -AX_TLS([ - [AM_CFLAGS="$AM_CFLAGS -DHAVE_THREAD_LS"] - [thread_ls_on=yes] - ] , [:]) - +AX_TLS([thread_ls_on=yes],[thread_ls_on=no]) +AS_IF([test "x$thread_ls_on" = "xyes"],[AM_CFLAGS="$AM_CFLAGS -DHAVE_THREAD_LS"]) # DEBUG AX_DEBUG @@ -131,7 +96,6 @@ AS_IF([test "$ax_enable_debug" = "yes"], [AM_CFLAGS="$AM_CFLAGS -DNDEBUG"]) - # Distro build feature subset (Debian, Ubuntu, etc.) AC_ARG_ENABLE([distro], [AS_HELP_STRING([--enable-distro],[Enable wolfSSL distro build (default: disabled)])], @@ -268,12 +232,15 @@ AC_ARG_ENABLE([singlethreaded], AS_IF([ test "x$ENABLED_SINGLETHREADED" = "xno" ],[ AX_PTHREAD([ AC_DEFINE([HAVE_PTHREAD], [1], [Define if you have POSIX threads libraries and header files.]) + # If AX_PTHREAD is adding -Qunused-arguments, need to prepend with -Xcompiler libtool will use it. Newer + # versions of clang don't need the -Q flag when using pthreads. + AS_CASE([$PTHREAD_CFLAGS],[-Qunused-arguments*],[PTHREAD_CFLAGS="-Xcompiler $PTHREAD_CFLAGS"]) AM_CFLAGS="-D_POSIX_THREADS $AM_CFLAGS $PTHREAD_CFLAGS" LIBS="$LIBS $PTHREAD_LIBS" ],[ ENABLED_SINGLETHREADED=yes ]) - ]) + ]) AS_IF([ test "x$ENABLED_SINGLETHREADED" = "xyes" ],[ AM_CFLAGS="-DSINGLE_THREADED $AM_CFLAGS" ]) @@ -1501,6 +1468,19 @@ else fi +# TLSv1.2 +AC_ARG_ENABLE([tlsv12], + [AS_HELP_STRING([--enable-tlsv12],[Enable TLS versions 1.2 (default: enabled)])], + [ ENABLED_TLSV12=$enableval ], + [ ENABLED_TLSV12=yes ] + ) + +if test "$ENABLED_TLSV12" = "no" +then + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_TLS12 -DNO_OLD_TLS" +fi + + # TLSv1.0 AC_ARG_ENABLE([tlsv10], [AS_HELP_STRING([--enable-tlsv10],[Enable old TLS versions 1.0 (default: disabled)])], @@ -3865,6 +3845,20 @@ else fi +# Support for crypto device hardware +AC_ARG_ENABLE([cryptodev], + [AS_HELP_STRING([--enable-cryptodev],[Enable crypto hardware support (default: disabled)])], + [ ENABLED_CRYPTODEV=$enableval ], + [ ENABLED_CRYPTODEV=no ] + ) + +if test "$ENABLED_CRYPTODEV" = "yes" +then + AM_CFLAGS="$AM_CFLAGS -DWOLF_CRYPTO_DEV" +fi +AM_CONDITIONAL([BUILD_CRYPTODEV], [test "x$ENABLED_CRYPTODEV" = "xyes"]) + + # Session Export AC_ARG_ENABLE([sessionexport], [AS_HELP_STRING([--enable-sessionexport],[Enable export and import of sessions (default: disabled)])], @@ -3910,7 +3904,7 @@ AC_ARG_ENABLE([oldnames], if test "x$ENABLED_OLDNAMES" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno" then AM_CFLAGS="$AM_CFLAGS -DNO_OLD_RNGNAME -DNO_OLD_WC_NAMES -DNO_OLD_SSL_NAMES" - AM_CFLAGS="$AM_CFLAGS -DNO_OLD_SHA256_NAMES" + AM_CFLAGS="$AM_CFLAGS -DNO_OLD_SHA_NAMES" fi @@ -4191,7 +4185,6 @@ fi OPTION_FLAGS="$USER_CFLAGS $USER_C_EXTRA_FLAGS $CPPFLAGS $AM_CFLAGS" - CREATE_HEX_VERSION AC_SUBST([AM_CPPFLAGS]) AC_SUBST([AM_CFLAGS]) @@ -4202,17 +4195,7 @@ AC_SUBST([LIB_STATIC_ADD]) # FINAL AC_CONFIG_FILES([stamp-h], [echo timestamp > stamp-h]) -AC_CONFIG_FILES([Makefile]) -AC_CONFIG_FILES([wolfssl/version.h]) -AC_CONFIG_FILES([wolfssl/options.h]) -#have options.h and version.h for autoconf fips tag and build -#if test "x$ENABLED_FIPS" = "xyes" -#then -# AC_CONFIG_FILES([cyassl/version.h]) -# AC_CONFIG_FILES([cyassl/options.h]) -#fi -AC_CONFIG_FILES([support/wolfssl.pc]) -AC_CONFIG_FILES([rpm/spec]) +AC_CONFIG_FILES([Makefile wolfssl/version.h wolfssl/options.h cyassl/options.h support/wolfssl.pc rpm/spec]) AX_CREATE_GENERIC_CONFIG AX_AM_JOBSERVER([yes]) diff --git a/cyassl/ssl.h b/cyassl/ssl.h index 37b9a275d..d7a1a5bad 100644 --- a/cyassl/ssl.h +++ b/cyassl/ssl.h @@ -485,7 +485,6 @@ #define CyaDTLSv1_2_client_method wolfDTLSv1_2_client_method #define CyaDTLSv1_2_server_method wolfDTLSv1_2_server_method #define CyaSSL_set_group_messages wolfSSL_set_group_messages -#define CyaSSL_set_using_nonblock wolfSSL_set_using_nonblock #define CyaSSL_CTX_set_cipher_list wolfSSL_CTX_set_cipher_list #define CyaSSL_CTX_set_group_messages wolfSSL_CTX_set_group_messages #define CyaSSL_CTX_set_session_cache_mode wolfSSL_CTX_set_session_cache_mode @@ -623,6 +622,7 @@ #define CyaSSL_dtls_get_peer wolfSSL_dtls_get_peer #define CyaSSL_dtls_got_timeout wolfSSL_dtls_got_timeout #define CyaSSL_dtls_get_current_timeout wolfSSL_dtls_get_current_timeout +#define CyaSSL_set_using_nonblock wolfSSL_dtls_set_using_nonblock /* Certificate Manager */ #define CyaSSL_CertManagerNew wolfSSL_CertManagerNew diff --git a/doc/dox_comments/header_files/ssl.h b/doc/dox_comments/header_files/ssl.h index 3eba5f2ec..ed2d0b498 100644 --- a/doc/dox_comments/header_files/ssl.h +++ b/doc/dox_comments/header_files/ssl.h @@ -1570,65 +1570,6 @@ WOLFSSL_API const char* wolfSSL_get_cipher_name(WOLFSSL* ssl); \sa wolfSSL_set_fd */ WOLFSSL_API int wolfSSL_get_fd(const WOLFSSL*); -/*! - \ingroup Setup - - \brief This function informs the WOLFSSL object that the underlying - I/O is non-blocking. After an application creates a WOLFSSL object, - if it will be used with a non-blocking socket, call - wolfSSL_set_using_nonblock() on it. This lets the WOLFSSL object know - that receiving EWOULDBLOCK means that the recvfrom call would - block rather than that it timed out. - - \return none No return. - - \param ssl pointer to the SSL session, created with wolfSSL_new(). - \param nonblock value used to set non-blocking flag on WOLFSSL object. - Use 1 to specify non-blocking, otherwise 0. - - _Example_ - \code - WOLFSSL* ssl = 0; - ... - wolfSSL_set_using_nonblock(ssl, 1); - \endcode - - \sa wolfSSL_get_using_nonblock - \sa wolfSSL_dtls_got_timeout - \sa wolfSSL_dtls_get_current_timeout -*/ -WOLFSSL_API void wolfSSL_set_using_nonblock(WOLFSSL*, int); -/*! - \ingroup IO - - \brief This function allows the application to determine if wolfSSL is - using non-blocking I/O. If wolfSSL is using non-blocking I/O, this - function will return 1, otherwise 0. After an application creates a - WOLFSSL object, if it will be used with a non-blocking socket, call - wolfSSL_set_using_nonblock() on it. This lets the WOLFSSL object know - that receiving EWOULDBLOCK means that the recvfrom call would block - rather than that it timed out. - - \return 0 underlying I/O is blocking. - \return 1 underlying I/O is non-blocking. - - \param ssl pointer to the SSL session, created with wolfSSL_new(). - - _Example_ - \code - int ret = 0; - WOLFSSL* ssl = 0; - ... - ret = wolfSSL_get_using_nonblock(ssl); - if (ret == 1) { - // underlying I/O is non-blocking - } - ... - \endcode - - \sa wolfSSL_set_session -*/ -WOLFSSL_API int wolfSSL_get_using_nonblock(WOLFSSL*); /*! \ingroup IO @@ -2996,6 +2937,64 @@ WOLFSSL_API int wolfSSL_CTX_set_cipher_list(WOLFSSL_CTX*, const char*); \sa wolfSSL_new */ WOLFSSL_API int wolfSSL_set_cipher_list(WOLFSSL*, const char*); +/*! + \brief This function informs the WOLFSSL DTLS object that the underlying + UDP I/O is non-blocking. After an application creates a WOLFSSL object, + if it will be used with a non-blocking UDP socket, call + wolfSSL_dtls_set_using_nonblock() on it. This lets the WOLFSSL object know + that receiving EWOULDBLOCK means that the recvfrom call would + block rather than that it timed out. + + \return none No return. + + \param ssl pointer to the DTLS session, created with wolfSSL_new(). + \param nonblock value used to set non-blocking flag on WOLFSSL object. + Use 1 to specify non-blocking, otherwise 0. + + _Example_ + \code + WOLFSSL* ssl = 0; + ... + wolfSSL_dtls_set_using_nonblock(ssl, 1); + \endcode + + \sa wolfSSL_dtls_get_using_nonblock + \sa wolfSSL_dtls_got_timeout + \sa wolfSSL_dtls_get_current_timeout +*/ +WOLFSSL_API void wolfSSL_dtls_set_using_nonblock(WOLFSSL*, int); +/*! + \brief This function allows the application to determine if wolfSSL is + using non-blocking I/O with UDP. If wolfSSL is using non-blocking I/O, this + function will return 1, otherwise 0. After an application creates a + WOLFSSL object, if it will be used with a non-blocking UDP socket, call + wolfSSL_dtls_set_using_nonblock() on it. This lets the WOLFSSL object know + that receiving EWOULDBLOCK means that the recvfrom call would block + rather than that it timed out. This function is only meaningful to DTLS + sessions. + + \return 0 underlying I/O is blocking. + \return 1 underlying I/O is non-blocking. + + \param ssl pointer to the DTLS session, created with wolfSSL_new(). + + _Example_ + \code + int ret = 0; + WOLFSSL* ssl = 0; + ... + ret = wolfSSL_dtls_get_using_nonblock(ssl); + if (ret == 1) { + // underlying I/O is non-blocking + } + ... + \endcode + + \sa wolfSSL_dtls_set_using_nonblock + \sa wolfSSL_dtls_got_timeout + \sa wolfSSL_dtls_set_using_nonblock +*/ +WOLFSSL_API int wolfSSL_dtls_get_using_nonblock(WOLFSSL*); /*! \brief This function returns the current timeout value in seconds for the WOLFSSL object. When using non-blocking sockets, something in the user @@ -5600,7 +5599,7 @@ WOLFSSL_API int wolfSSL_X509_version(WOLFSSL_X509*); \sa XFSEEK */ WOLFSSL_API WOLFSSL_X509* - wolfSSL_X509_d2i_fp(WOLFSSL_X509** x509, FILE* file); + wolfSSL_X509_d2i_fp(WOLFSSL_X509** x509, XFILE file); /*! \ingroup CertsKeys diff --git a/examples/benchmark/tls_bench.c b/examples/benchmark/tls_bench.c index 1234914bd..199ab3755 100644 --- a/examples/benchmark/tls_bench.c +++ b/examples/benchmark/tls_bench.c @@ -354,7 +354,7 @@ static void* client_thread(void* args) int haveShownPeerInfo = 0; /* set up client */ - cli_ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()); + cli_ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); if (cli_ctx == NULL) err_sys("error creating ctx"); #ifndef NO_CERTS @@ -480,7 +480,7 @@ static void* server_thread(void* args) WOLFSSL* srv_ssl; /* set up server */ - srv_ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method()); + srv_ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()); if (srv_ctx == NULL) err_sys("error creating server ctx"); #ifndef NO_CERTS diff --git a/examples/client/client.c b/examples/client/client.c index 018b91e7c..f90356c83 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -182,7 +182,9 @@ static void ShowVersions(void) #endif printf("2:"); #endif /* NO_OLD_TLS */ +#ifndef WOLFSSL_NO_TLS12 printf("3:"); +#endif #ifdef WOLFSSL_TLS13 printf("4:"); #endif @@ -658,7 +660,11 @@ static void ClientWrite(WOLFSSL* ssl, char* msg, int msgSz) } #endif } - } while (err == WC_PENDING_E); + } while (err == WOLFSSL_ERROR_WANT_WRITE + #ifdef WOLFSSL_ASYNC_CRYPT + || err == WC_PENDING_E + #endif + ); if (ret != msgSz) { printf("SSL_write msg error %d, %s\n", err, wolfSSL_ERR_error_string(err, buffer)); @@ -874,7 +880,11 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) int err = 0; int scr = 0; /* allow secure renegotiation */ int forceScr = 0; /* force client initiaed scr */ +#ifndef WOLFSSL_NO_CLIENT_AUTH int useClientCert = 1; +#else + int useClientCert = 0; +#endif int fewerPackets = 0; int atomicUser = 0; #ifdef HAVE_PK_CALLBACKS @@ -919,9 +929,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) int onlyKeyShare = 0; #ifdef WOLFSSL_TLS13 int noPskDheKe = 0; -#ifdef WOLFSSL_POST_HANDSHAKE_AUTH int postHandAuth = 0; -#endif #endif int updateKeysIVs = 0; #ifdef WOLFSSL_EARLY_DATA @@ -1485,9 +1493,11 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) #endif /* !NO_OLD_TLS */ #ifndef NO_TLS + #ifndef WOLFSSL_NO_TLS12 case 3: method = wolfTLSv1_2_client_method_ex; break; + #endif #ifdef WOLFSSL_TLS13 case 4: @@ -1507,9 +1517,11 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) break; #endif + #ifndef WOLFSSL_NO_TLS12 case -2: method = wolfDTLSv1_2_client_method_ex; break; + #endif #endif default: @@ -2075,7 +2087,11 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) wolfSSL_check_domain_name(ssl, domain); #ifndef WOLFSSL_CALLBACKS if (nonBlocking) { - wolfSSL_set_using_nonblock(ssl, 1); +#ifdef WOLFSSL_DTLS + if (doDTLS) { + wolfSSL_dtls_set_using_nonblock(ssl, 1); + } +#endif tcp_set_nonblocking(&sockfd); ret = NonBlockingSSL_Connect(ssl); } @@ -2239,8 +2255,8 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) ClientRead(ssl, reply, sizeof(reply)-1, 1); -#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) - if (postHandAuth) +#if defined(WOLFSSL_TLS13) + if (updateKeysIVs || postHandAuth) ClientWrite(ssl, msg, msgSz); #endif if (sendGET) { /* get html */ @@ -2328,7 +2344,11 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) #ifndef WOLFSSL_CALLBACKS if (nonBlocking) { - wolfSSL_set_using_nonblock(sslResume, 1); +#ifdef WOLFSSL_DTLS + if (doDTLS) { + wolfSSL_dtls_set_using_nonblock(ssl, 1); + } +#endif tcp_set_nonblocking(&sockfd); ret = NonBlockingSSL_Connect(sslResume); } diff --git a/examples/server/server.c b/examples/server/server.c index 0a44095ed..f744a96c6 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -312,7 +312,7 @@ static void ServerRead(WOLFSSL* ssl, char* input, int inputLen) err_sys_ex(runWithErrors, "SSL_read failed"); } } - } while (err == WC_PENDING_E); + } while (err == WC_PENDING_E || err == WOLFSSL_ERROR_WANT_READ); if (ret > 0) { input[ret] = 0; /* null terminate message */ printf("Client message: %s\n", input); @@ -405,6 +405,9 @@ static void Usage(void) printf("-n Use NTRU key (needed for NTRU suites)\n"); #endif printf("-B Benchmark throughput using bytes and print stats\n"); +#ifdef HAVE_CRL + printf("-V Disable CRL\n"); +#endif #ifdef WOLFSSL_TRUST_PEER_CERT printf("-E Path to load trusted peer cert\n"); #endif @@ -462,7 +465,14 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) char input[80]; int ch; int version = SERVER_DEFAULT_VERSION; +#ifndef WOLFSSL_NO_CLIENT_AUTH int doCliCertCheck = 1; +#else + int doCliCertCheck = 0; +#endif +#ifdef HAVE_CRL + int disableCRL = 0; +#endif int useAnyAddr = 0; word16 port = wolfSSLPort; int usePsk = 0; @@ -533,9 +543,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) int noPskDheKe = 0; #endif int updateKeysIVs = 0; -#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) int postHandAuth = 0; -#endif #ifdef WOLFSSL_EARLY_DATA int earlyData = 0; #endif @@ -588,6 +596,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) (void)crlFlags; (void)readySignal; (void)updateKeysIVs; + (void)postHandAuth; (void)mcastID; (void)useX25519; @@ -601,7 +610,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) /* Not Used: h, m, z, F, M, T, V, W, X */ while ((ch = mygetopt(argc, argv, "?" "abc:defgijk:l:nop:q:rstuv:wxy" - "A:B:C:D:E:GH:IJKL:NO:PQR:S:TUYZ:" + "A:B:C:D:E:GH:IJKL:NO:PQR:S:TUVYZ:" "03:")) != -1) { switch (ch) { case '?' : @@ -616,6 +625,12 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) doCliCertCheck = 0; break; + case 'V' : + #ifdef HAVE_CRL + disableCRL = 1; + #endif + break; + case 'b' : useAnyAddr = 1; break; @@ -951,9 +966,11 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) #endif /* !NO_OLD_TLS */ #ifndef NO_TLS + #ifndef WOLFSSL_NO_TLS12 case 3: method = wolfTLSv1_2_server_method_ex; break; + #endif #ifdef WOLFSSL_TLS13 case 4: @@ -973,9 +990,11 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) break; #endif + #ifndef WOLFSSL_NO_TLS12 case -2: method = wolfDTLSv1_2_server_method_ex; break; + #endif #endif default: @@ -1286,6 +1305,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) wolfSSL_SetHsDoneCb(ssl, myHsDoneCb, NULL); #endif #ifdef HAVE_CRL + if (!disableCRL) { #ifdef HAVE_CRL_MONITOR crlFlags = CYASSL_CRL_MONITOR | CYASSL_CRL_START_MON; #endif @@ -1296,6 +1316,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) err_sys_ex(runWithErrors, "unable to load CRL"); if (CyaSSL_SetCRL_Cb(ssl, CRL_CallBack) != WOLFSSL_SUCCESS) err_sys_ex(runWithErrors, "unable to set CRL callback url"); + } #endif #ifdef HAVE_OCSP if (useOcsp) { @@ -1426,7 +1447,11 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) #ifndef CYASSL_CALLBACKS if (nonBlocking) { - CyaSSL_set_using_nonblock(ssl, 1); +#ifdef WOLFSSL_DTLS + if (doDTLS) { + wolfSSL_dtls_set_using_nonblock(ssl, 1); + } +#endif tcp_set_nonblocking(&clientfd); } #endif @@ -1562,18 +1587,20 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) if (postHandAuth) { - SSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER | - ((usePskPlus)? WOLFSSL_VERIFY_FAIL_EXCEPT_PSK : - WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT),0); + SSL_set_verify(ssl, WOLFSSL_VERIFY_PEER | + ((usePskPlus) ? WOLFSSL_VERIFY_FAIL_EXCEPT_PSK : + WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT), 0); if (SSL_CTX_load_verify_locations(ctx, verifyCert, 0) - != WOLFSSL_SUCCESS) { - err_sys_ex(runWithErrors, "can't load ca file, Please run from wolfSSL home dir"); + != WOLFSSL_SUCCESS) { + err_sys_ex(runWithErrors, "can't load ca file, Please run from " + "wolfSSL home dir"); } #ifdef WOLFSSL_TRUST_PEER_CERT if (trustCert) { - if ((ret = wolfSSL_CTX_trust_peer_cert(ctx, trustCert, - WOLFSSL_FILETYPE_PEM)) != WOLFSSL_SUCCESS) { - err_sys_ex(runWithErrors, "can't load trusted peer cert file"); + if ((ret = wolfSSL_trust_peer_cert(ssl, trustCert, + WOLFSSL_FILETYPE_PEM)) != WOLFSSL_SUCCESS) { + err_sys_ex(runWithErrors, "can't load trusted peer cert " + "file"); } } #endif /* WOLFSSL_TRUST_PEER_CERT */ @@ -1611,11 +1638,9 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) } ServerWrite(ssl, write_msg, write_msg_sz); -#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) - if (postHandAuth) { - ServerWrite(ssl, write_msg, write_msg_sz); +#ifdef WOLFSSL_TLS13 + if (updateKeysIVs || postHandAuth) ServerRead(ssl, input, sizeof(input)-1); - } #endif } else { diff --git a/m4/ax_add_am_macro.m4 b/m4/ax_add_am_macro.m4 index 51ce0d0c2..3962002bf 100644 --- a/m4/ax_add_am_macro.m4 +++ b/m4/ax_add_am_macro.m4 @@ -1,5 +1,5 @@ # =========================================================================== -# http://www.gnu.org/software/autoconf-archive/ax_add_am_macro.html +# https://www.gnu.org/software/autoconf-archive/ax_add_am_macro.html # =========================================================================== # # SYNOPSIS @@ -21,7 +21,7 @@ # and this notice are preserved. This file is offered as-is, without any # warranty. -#serial 9 +#serial 10 AC_DEFUN([AX_ADD_AM_MACRO],[ AC_REQUIRE([AX_AM_MACROS]) diff --git a/m4/ax_am_jobserver.m4 b/m4/ax_am_jobserver.m4 index 5a398f8bb..dfbcdbb2f 100644 --- a/m4/ax_am_jobserver.m4 +++ b/m4/ax_am_jobserver.m4 @@ -1,5 +1,5 @@ # =========================================================================== -# http://www.gnu.org/software/autoconf-archive/ax_am_jobserver.html +# https://www.gnu.org/software/autoconf-archive/ax_am_jobserver.html # =========================================================================== # # SYNOPSIS @@ -33,7 +33,7 @@ # and this notice are preserved. This file is offered as-is, without any # warranty. -#serial 7.1 +#serial 8 AC_DEFUN([AX_AM_JOBSERVER], [ AC_REQUIRE([AX_COUNT_CPUS]) @@ -44,7 +44,8 @@ AC_DEFUN([AX_AM_JOBSERVER], [ yes: enable one more than CPU count ],, [enable_jobserver=m4_ifval([$1],[$1],[yes])]) if test "x$enable_jobserver" = "xyes"; then - let enable_jobserver=$CPU_COUNT+1 + enable_jobserver=$CPU_COUNT + ((enable_jobserver++)) fi m4_pattern_allow(AM_MAKEFLAGS) if test "x$enable_jobserver" != "xno"; then diff --git a/m4/ax_am_macros.m4 b/m4/ax_am_macros.m4 index 6b4bd2239..36c3ab6a2 100644 --- a/m4/ax_am_macros.m4 +++ b/m4/ax_am_macros.m4 @@ -1,5 +1,5 @@ # =========================================================================== -# http://www.gnu.org/software/autoconf-archive/ax_am_macros.html +# https://www.gnu.org/software/autoconf-archive/ax_am_macros.html # =========================================================================== # # SYNOPSIS @@ -24,7 +24,7 @@ # and this notice are preserved. This file is offered as-is, without any # warranty. -#serial 9 +#serial 11 AC_DEFUN([AX_AM_MACROS], [ @@ -32,7 +32,7 @@ AC_MSG_NOTICE([adding automake macro support]) AMINCLUDE="aminclude.am" AC_SUBST(AMINCLUDE) AC_MSG_NOTICE([creating $AMINCLUDE]) -AMINCLUDE_TIME=`date` +AMINCLUDE_TIME=`LC_ALL=C date` AX_PRINT_TO_FILE([$AMINCLUDE],[[ # generated automatically by configure from AX_AUTOMAKE_MACROS # on $AMINCLUDE_TIME diff --git a/m4/ax_append_compile_flags.m4 b/m4/ax_append_compile_flags.m4 index 1f8e70845..5b6f1af51 100644 --- a/m4/ax_append_compile_flags.m4 +++ b/m4/ax_append_compile_flags.m4 @@ -1,10 +1,10 @@ -# =========================================================================== -# http://www.gnu.org/software/autoconf-archive/ax_append_compile_flags.html -# =========================================================================== +# ============================================================================ +# https://www.gnu.org/software/autoconf-archive/ax_append_compile_flags.html +# ============================================================================ # # SYNOPSIS # -# AX_APPEND_COMPILE_FLAGS([FLAG1 FLAG2 ...], [FLAGS-VARIABLE], [EXTRA-FLAGS]) +# AX_APPEND_COMPILE_FLAGS([FLAG1 FLAG2 ...], [FLAGS-VARIABLE], [EXTRA-FLAGS], [INPUT]) # # DESCRIPTION # @@ -20,6 +20,8 @@ # the flags: "CFLAGS EXTRA-FLAGS FLAG". This can for example be used to # force the compiler to issue an error when a bad flag is given. # +# INPUT gives an alternative input source to AC_COMPILE_IFELSE. +# # NOTE: This macro depends on the AX_APPEND_FLAG and # AX_CHECK_COMPILE_FLAG. Please keep this macro in sync with # AX_APPEND_LINK_FLAGS. @@ -39,7 +41,7 @@ # Public License for more details. # # You should have received a copy of the GNU General Public License along -# with this program. If not, see . +# with this program. If not, see . # # As a special exception, the respective Autoconf Macro's copyright owner # gives unlimited permission to copy, distribute and modify the configure @@ -54,12 +56,12 @@ # modified version of the Autoconf Macro, you may extend this special # exception to the GPL to apply to your modified version as well. -#serial 3 +#serial 6 AC_DEFUN([AX_APPEND_COMPILE_FLAGS], -[AC_REQUIRE([AX_CHECK_COMPILE_FLAG]) -AC_REQUIRE([AX_APPEND_FLAG]) +[AX_REQUIRE_DEFINED([AX_CHECK_COMPILE_FLAG]) +AX_REQUIRE_DEFINED([AX_APPEND_FLAG]) for flag in $1; do - AX_CHECK_COMPILE_FLAG([$flag], [AX_APPEND_FLAG([$flag], [$2])], [], [$3]) + AX_CHECK_COMPILE_FLAG([$flag], [AX_APPEND_FLAG([$flag], [$2])], [], [$3], [$4]) done ])dnl AX_APPEND_COMPILE_FLAGS diff --git a/m4/ax_append_flag.m4 b/m4/ax_append_flag.m4 index 1d38b76fb..e8c5312af 100644 --- a/m4/ax_append_flag.m4 +++ b/m4/ax_append_flag.m4 @@ -1,5 +1,5 @@ # =========================================================================== -# http://www.gnu.org/software/autoconf-archive/ax_append_flag.html +# https://www.gnu.org/software/autoconf-archive/ax_append_flag.html # =========================================================================== # # SYNOPSIS @@ -34,7 +34,7 @@ # Public License for more details. # # You should have received a copy of the GNU General Public License along -# with this program. If not, see . +# with this program. If not, see . # # As a special exception, the respective Autoconf Macro's copyright owner # gives unlimited permission to copy, distribute and modify the configure @@ -49,21 +49,23 @@ # modified version of the Autoconf Macro, you may extend this special # exception to the GPL to apply to your modified version as well. -#serial 2 +#serial 7 AC_DEFUN([AX_APPEND_FLAG], -[AC_PREREQ(2.59)dnl for _AC_LANG_PREFIX -AS_VAR_PUSHDEF([FLAGS], [m4_default($2,_AC_LANG_PREFIX[FLAGS])])dnl -AS_VAR_SET_IF(FLAGS, - [case " AS_VAR_GET(FLAGS) " in - *" $1 "*) - AC_RUN_LOG([: FLAGS already contains $1]) - ;; - *) - AC_RUN_LOG([: FLAGS="$FLAGS $1"]) - AS_VAR_SET(FLAGS, ["AS_VAR_GET(FLAGS) $1"]) - ;; - esac], - [AS_VAR_SET(FLAGS,["$1"])]) +[dnl +AC_PREREQ(2.64)dnl for _AC_LANG_PREFIX and AS_VAR_SET_IF +AS_VAR_PUSHDEF([FLAGS], [m4_default($2,_AC_LANG_PREFIX[FLAGS])]) +AS_VAR_SET_IF(FLAGS,[ + AS_CASE([" AS_VAR_GET(FLAGS) "], + [*" $1 "*], [AC_RUN_LOG([: FLAGS already contains $1])], + [ + AS_VAR_APPEND(FLAGS,[" $1"]) + AC_RUN_LOG([: FLAGS="$FLAGS"]) + ]) + ], + [ + AS_VAR_SET(FLAGS,[$1]) + AC_RUN_LOG([: FLAGS="$FLAGS"]) + ]) AS_VAR_POPDEF([FLAGS])dnl ])dnl AX_APPEND_FLAG diff --git a/m4/ax_append_link_flags.m4 b/m4/ax_append_link_flags.m4 index 48cbd4bb1..6f7f17456 100644 --- a/m4/ax_append_link_flags.m4 +++ b/m4/ax_append_link_flags.m4 @@ -1,10 +1,10 @@ # =========================================================================== -# http://www.gnu.org/software/autoconf-archive/ax_append_link_flags.html +# https://www.gnu.org/software/autoconf-archive/ax_append_link_flags.html # =========================================================================== # # SYNOPSIS # -# AX_APPEND_LINK_FLAGS([FLAG1 FLAG2 ...], [FLAGS-VARIABLE], [EXTRA-FLAGS]) +# AX_APPEND_LINK_FLAGS([FLAG1 FLAG2 ...], [FLAGS-VARIABLE], [EXTRA-FLAGS], [INPUT]) # # DESCRIPTION # @@ -19,6 +19,8 @@ # EXTRA-FLAGS FLAG". This can for example be used to force the linker to # issue an error when a bad flag is given. # +# INPUT gives an alternative input source to AC_COMPILE_IFELSE. +# # NOTE: This macro depends on the AX_APPEND_FLAG and AX_CHECK_LINK_FLAG. # Please keep this macro in sync with AX_APPEND_COMPILE_FLAGS. # @@ -37,7 +39,7 @@ # Public License for more details. # # You should have received a copy of the GNU General Public License along -# with this program. If not, see . +# with this program. If not, see . # # As a special exception, the respective Autoconf Macro's copyright owner # gives unlimited permission to copy, distribute and modify the configure @@ -52,12 +54,12 @@ # modified version of the Autoconf Macro, you may extend this special # exception to the GPL to apply to your modified version as well. -#serial 3 +#serial 6 AC_DEFUN([AX_APPEND_LINK_FLAGS], -[AC_REQUIRE([AX_CHECK_LINK_FLAG]) -AC_REQUIRE([AX_APPEND_FLAG]) +[AX_REQUIRE_DEFINED([AX_CHECK_LINK_FLAG]) +AX_REQUIRE_DEFINED([AX_APPEND_FLAG]) for flag in $1; do - AX_CHECK_LINK_FLAG([$flag], [AX_APPEND_FLAG([$flag], [m4_default([$2], [LDFLAGS])])], [], [$3]) + AX_CHECK_LINK_FLAG([$flag], [AX_APPEND_FLAG([$flag], [m4_default([$2], [LDFLAGS])])], [], [$3], [$4]) done ])dnl AX_APPEND_LINK_FLAGS diff --git a/m4/ax_append_to_file.m4 b/m4/ax_append_to_file.m4 index f9f54e088..fca570837 100644 --- a/m4/ax_append_to_file.m4 +++ b/m4/ax_append_to_file.m4 @@ -1,5 +1,5 @@ # =========================================================================== -# http://www.gnu.org/software/autoconf-archive/ax_append_to_file.html +# https://www.gnu.org/software/autoconf-archive/ax_append_to_file.html # =========================================================================== # # SYNOPSIS @@ -19,9 +19,9 @@ # and this notice are preserved. This file is offered as-is, without any # warranty. -#serial 8 +#serial 9 AC_DEFUN([AX_APPEND_TO_FILE],[ AC_REQUIRE([AX_FILE_ESCAPES]) -printf "$2\n" >> "$1" +printf "%s" "$2" >> "$1" ]) diff --git a/m4/ax_check_compile_flag.m4 b/m4/ax_check_compile_flag.m4 index c3a8d695a..dcabb92a1 100644 --- a/m4/ax_check_compile_flag.m4 +++ b/m4/ax_check_compile_flag.m4 @@ -1,10 +1,10 @@ # =========================================================================== -# http://www.gnu.org/software/autoconf-archive/ax_check_compile_flag.html +# https://www.gnu.org/software/autoconf-archive/ax_check_compile_flag.html # =========================================================================== # # SYNOPSIS # -# AX_CHECK_COMPILE_FLAG(FLAG, [ACTION-SUCCESS], [ACTION-FAILURE], [EXTRA-FLAGS]) +# AX_CHECK_COMPILE_FLAG(FLAG, [ACTION-SUCCESS], [ACTION-FAILURE], [EXTRA-FLAGS], [INPUT]) # # DESCRIPTION # @@ -19,6 +19,8 @@ # the flags: "CFLAGS EXTRA-FLAGS FLAG". This can for example be used to # force the compiler to issue an error when a bad flag is given. # +# INPUT gives an alternative input source to AC_COMPILE_IFELSE. +# # NOTE: Implementation based on AX_CFLAGS_GCC_OPTION. Please keep this # macro in sync with AX_CHECK_{PREPROC,LINK}_FLAG. # @@ -38,7 +40,7 @@ # Public License for more details. # # You should have received a copy of the GNU General Public License along -# with this program. If not, see . +# with this program. If not, see . # # As a special exception, the respective Autoconf Macro's copyright owner # gives unlimited permission to copy, distribute and modify the configure @@ -53,19 +55,19 @@ # modified version of the Autoconf Macro, you may extend this special # exception to the GPL to apply to your modified version as well. -#serial 2 +#serial 5 AC_DEFUN([AX_CHECK_COMPILE_FLAG], -[AC_PREREQ(2.59)dnl for _AC_LANG_PREFIX +[AC_PREREQ(2.64)dnl for _AC_LANG_PREFIX and AS_VAR_IF AS_VAR_PUSHDEF([CACHEVAR],[ax_cv_check_[]_AC_LANG_ABBREV[]flags_$4_$1])dnl AC_CACHE_CHECK([whether _AC_LANG compiler accepts $1], CACHEVAR, [ ax_check_save_flags=$[]_AC_LANG_PREFIX[]FLAGS _AC_LANG_PREFIX[]FLAGS="$[]_AC_LANG_PREFIX[]FLAGS $4 $1" - AC_COMPILE_IFELSE([AC_LANG_PROGRAM()], + AC_COMPILE_IFELSE([m4_default([$5],[AC_LANG_PROGRAM()])], [AS_VAR_SET(CACHEVAR,[yes])], [AS_VAR_SET(CACHEVAR,[no])]) _AC_LANG_PREFIX[]FLAGS=$ax_check_save_flags]) -AS_IF([test x"AS_VAR_GET(CACHEVAR)" = xyes], +AS_VAR_IF(CACHEVAR,yes, [m4_default([$2], :)], [m4_default([$3], :)]) AS_VAR_POPDEF([CACHEVAR])dnl diff --git a/m4/ax_check_library.m4 b/m4/ax_check_library.m4 index dd27ff41f..4def2f4d2 100644 --- a/m4/ax_check_library.m4 +++ b/m4/ax_check_library.m4 @@ -1,5 +1,5 @@ # =========================================================================== -# http://www.gnu.org/software/autoconf-archive/ax_check_library.html +# https://www.gnu.org/software/autoconf-archive/ax_check_library.html # =========================================================================== # # SYNOPSIS @@ -32,7 +32,6 @@ # # LICENSE # -# Copyright (c) 2012 Brian Aker # Copyright (c) 2010 Diego Elio Petteno` # # This program is free software: you can redistribute it and/or modify it @@ -46,7 +45,7 @@ # Public License for more details. # # You should have received a copy of the GNU General Public License along -# with this program. If not, see . +# with this program. If not, see . # # As a special exception, the respective Autoconf Macro's copyright owner # gives unlimited permission to copy, distribute and modify the configure @@ -61,35 +60,36 @@ # modified version of the Autoconf Macro, you may extend this special # exception to the GPL to apply to your modified version as well. -#serial 7 +#serial 5 -AC_DEFUN([AX_CHECK_LIBRARY], - [AC_ARG_VAR($1[_CPPFLAGS],[C preprocessor flags for ]$1[ headers]) - AC_ARG_VAR($1[_LDFLAGS],[linker flags for ]$1[ libraries]) +AC_DEFUN([AX_CHECK_LIBRARY], [ + AC_ARG_VAR($1[_CPPFLAGS], [C preprocessor flags for ]$1[ headers]) + AC_ARG_VAR($1[_LDFLAGS], [linker flags for ]$1[ libraries]) - AC_CACHE_VAL(AS_TR_SH([ax_cv_have_]$1), - [AX_SAVE_FLAGS + AC_CACHE_VAL(AS_TR_SH([ax_cv_have_]$1), + [save_CPPFLAGS="$CPPFLAGS" + save_LDFLAGS="$LDFLAGS" + save_LIBS="$LIBS" - AS_IF([test "x$]$1[_CPPFLAGS" != "x"], - [CPPFLAGS="$CPPFLAGS $]$1[_CPPFLAGS"]) + AS_IF([test "x$]$1[_CPPFLAGS" != "x"], + [CPPFLAGS="$CPPFLAGS $]$1[_CPPFLAGS"]) - AS_IF([test "x$]$1[_LDFLAGS" != "x"], - [LDFLAGS="$LDFLAGS $]$1[_LDFLAGS"]) + AS_IF([test "x$]$1[_LDFLAGS" != "x"], + [LDFLAGS="$LDFLAGS $]$1[_LDFLAGS"]) - AC_CHECK_HEADER($2, [ - AC_CHECK_LIB($3, [main], - [AS_TR_SH([ax_cv_have_]$1)=yes], - [AS_TR_SH([ax_cv_have_]$1)=no]) - ], [AS_TR_SH([ax_cv_have_]$1)=no]) + AC_CHECK_HEADER($2, [ + AC_CHECK_LIB($3, [main], + [AS_TR_SH([ax_cv_have_]$1)=yes], + [AS_TR_SH([ax_cv_have_]$1)=no]) + ], [AS_TR_SH([ax_cv_have_]$1)=no]) - AX_RESTORE_FLAGS - ]) - - AS_IF([test "$]AS_TR_SH([ax_cv_have_]$1)[" = "yes"], - [AC_DEFINE([HAVE_]$1, [1], [Define to 1 if ]$1[ is found]) - AC_SUBST($1[_CPPFLAGS]) - AC_SUBST($1[_LDFLAGS]) - AC_SUBST($1[_LIB],[-l]$3) - ifelse([$4], , :, [$4])], - [ifelse([$5], , :, [$5])]) + CPPFLAGS="$save_CPPFLAGS" + LDFLAGS="$save_LDFLAGS" + LIBS="$save_LIBS" ]) + + AS_IF([test "$]AS_TR_SH([ax_cv_have_]$1)[" = "yes"], + AC_DEFINE([HAVE_]$1, [1], [Define to 1 if ]$1[ is found]) + [$4], + [$5]) +]) diff --git a/m4/ax_check_link_flag.m4 b/m4/ax_check_link_flag.m4 index e2d0d363e..819409a20 100644 --- a/m4/ax_check_link_flag.m4 +++ b/m4/ax_check_link_flag.m4 @@ -1,10 +1,10 @@ # =========================================================================== -# http://www.gnu.org/software/autoconf-archive/ax_check_link_flag.html +# https://www.gnu.org/software/autoconf-archive/ax_check_link_flag.html # =========================================================================== # # SYNOPSIS # -# AX_CHECK_LINK_FLAG(FLAG, [ACTION-SUCCESS], [ACTION-FAILURE], [EXTRA-FLAGS]) +# AX_CHECK_LINK_FLAG(FLAG, [ACTION-SUCCESS], [ACTION-FAILURE], [EXTRA-FLAGS], [INPUT]) # # DESCRIPTION # @@ -19,6 +19,8 @@ # EXTRA-FLAGS FLAG". This can for example be used to force the linker to # issue an error when a bad flag is given. # +# INPUT gives an alternative input source to AC_LINK_IFELSE. +# # NOTE: Implementation based on AX_CFLAGS_GCC_OPTION. Please keep this # macro in sync with AX_CHECK_{PREPROC,COMPILE}_FLAG. # @@ -38,7 +40,7 @@ # Public License for more details. # # You should have received a copy of the GNU General Public License along -# with this program. If not, see . +# with this program. If not, see . # # As a special exception, the respective Autoconf Macro's copyright owner # gives unlimited permission to copy, distribute and modify the configure @@ -53,18 +55,19 @@ # modified version of the Autoconf Macro, you may extend this special # exception to the GPL to apply to your modified version as well. -#serial 2 +#serial 5 AC_DEFUN([AX_CHECK_LINK_FLAG], -[AS_VAR_PUSHDEF([CACHEVAR],[ax_cv_check_ldflags_$4_$1])dnl +[AC_PREREQ(2.64)dnl for _AC_LANG_PREFIX and AS_VAR_IF +AS_VAR_PUSHDEF([CACHEVAR],[ax_cv_check_ldflags_$4_$1])dnl AC_CACHE_CHECK([whether the linker accepts $1], CACHEVAR, [ ax_check_save_flags=$LDFLAGS LDFLAGS="$LDFLAGS $4 $1" - AC_LINK_IFELSE([AC_LANG_PROGRAM()], + AC_LINK_IFELSE([m4_default([$5],[AC_LANG_PROGRAM()])], [AS_VAR_SET(CACHEVAR,[yes])], [AS_VAR_SET(CACHEVAR,[no])]) LDFLAGS=$ax_check_save_flags]) -AS_IF([test x"AS_VAR_GET(CACHEVAR)" = xyes], +AS_VAR_IF(CACHEVAR,yes, [m4_default([$2], :)], [m4_default([$3], :)]) AS_VAR_POPDEF([CACHEVAR])dnl diff --git a/m4/ax_compiler_version.m4 b/m4/ax_compiler_version.m4 index e074cf743..0581d1bc0 100644 --- a/m4/ax_compiler_version.m4 +++ b/m4/ax_compiler_version.m4 @@ -1,100 +1,529 @@ # =========================================================================== -# https://github.com/BrianAker/ddm4/ +# https://www.gnu.org/software/autoconf-archive/ax_compiler_version.html # =========================================================================== # # SYNOPSIS # -# AX_COMPILER_VERSION() +# AX_COMPILER_VERSION # # DESCRIPTION # -# Capture version of C/C++ compiler +# This macro retrieves the compiler version and returns it in the cache +# variable $ax_cv_c_compiler_version for C and $ax_cv_cxx_compiler_version +# for C++. +# +# Version is returned as epoch:major.minor.patchversion +# +# Epoch is used in order to have an increasing version number in case of +# marketing change. +# +# Epoch use: * borland compiler use chronologically 0turboc for turboc +# era, +# +# 1borlanc BORLANDC++ before 5, 2cppbuilder for cppbuilder era, +# 3borlancpp for return of BORLANDC++ (after version 5.5), +# 4cppbuilder for cppbuilder with year version, +# and 5xe for XE era. +# +# An empty string is returned otherwise. # # LICENSE # -# Copyright (C) 2012 Brian Aker -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions are -# met: -# -# * Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# -# * Redistributions in binary form must reproduce the above -# copyright notice, this list of conditions and the following disclaimer -# in the documentation and/or other materials provided with the -# distribution. -# -# * The names of its contributors may not be used to endorse or -# promote products derived from this software without specific prior -# written permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR -# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT -# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT -# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# Copyright (c) 2014 Bastien ROUCARIES +# +# Copying and distribution of this file, with or without modification, are +# permitted in any medium without royalty provided the copyright notice +# and this notice are preserved. This file is offered as-is, without any +# warranty. -#serial 5 -AC_DEFUN([_C_COMPILER_VERSION], - [AC_MSG_CHECKING([C Compiler version]) +#serial 12 - AS_CASE(["$ax_cv_c_compiler_vendor"], - [sun],[ax_c_compiler_version=`$CC -V 2>&1 | sed 1q`], - [intel],[ax_c_compiler_version=`$CC --version 2>&1 | sed 1q`], - [clang],[ax_c_compiler_version=`$CC --version 2>&1 | sed 1q`], - [gnu],[ax_c_compiler_version=`$CC --version | sed 1q`], - [mingw],[ax_c_compiler_version=`$CC --version | sed 1q`], - [ax_c_compiler_version="unknown: $ax_cv_c_compiler_vendor"]) - - AC_MSG_RESULT(["$ax_c_compiler_version"]) - AC_SUBST([CC_VERSION_VENDOR],["$ax_cv_c_compiler_vendor"]) - AC_SUBST([CC_VERSION],["$ax_c_compiler_version"]) +# for intel +AC_DEFUN([_AX_COMPILER_VERSION_INTEL], + [ dnl + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_major, + [__INTEL_COMPILER/100],, + AC_MSG_FAILURE([[[$0]] unknown intel compiler version])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor, + [(__INTEL_COMPILER%100)/10],, + AC_MSG_FAILURE([[[$0]] unknown intel compiler version])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch, + [(__INTEL_COMPILER%10)],, + AC_MSG_FAILURE([[[$0]] unknown intel compiler version])) + ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="$_ax_[]_AC_LANG_ABBREV[]_compiler_version_major.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch" ]) -AC_DEFUN([_CXX_COMPILER_VERSION], - [AC_MSG_CHECKING([C++ Compiler version]) - - AS_CASE(["$ax_cv_c_compiler_vendor"], - [sun],[ax_cxx_compiler_version=`$CXX -V 2>&1 | sed 1q`], - [intel],[ax_cxx_compiler_version=`$CXX --version 2>&1 | sed 1q`], - [clang],[ax_cxx_compiler_version=`$CXX --version 2>&1 | sed 1q`], - [gnu],[ax_cxx_compiler_version=`$CXX --version | sed 1q`], - [mingw],[ax_cxx_compiler_version=`$CXX --version | sed 1q`], - [ax_cxx_compiler_version="unknown: $ax_cv_c_compiler_vendor"]) - - AC_MSG_RESULT(["$ax_cxx_compiler_version"]) - AC_SUBST([CXX_VERSION_VENDOR],["$ax_cv_c_compiler_vendor"]) - AC_SUBST([CXX_VERSION],["$ax_cxx_compiler_version"]) +# for IBM +AC_DEFUN([_AX_COMPILER_VERSION_IBM], + [ dnl + dnl check between z/OS C/C++ and XL C/C++ + AC_COMPILE_IFELSE([ + AC_LANG_PROGRAM([], + [ + #if defined(__COMPILER_VER__) + choke me; + #endif + ])], + [ + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_major, + [__xlC__/100],, + AC_MSG_FAILURE([[[$0]] unknown IBM compiler major version])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor, + [__xlC__%100],, + AC_MSG_FAILURE([[[$0]] unknown IBM compiler minor version])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch, + [__xlC_ver__/0x100],, + AC_MSG_FAILURE([[[$0]] unknown IBM compiler patch version])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_build, + [__xlC_ver__%0x100],, + AC_MSG_FAILURE([[[$0]] unknown IBM compiler build version])) + ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="$_ax_[]_AC_LANG_ABBREV[]_compiler_version_major.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_build" + ], + [ + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch, + [__xlC__%1000],, + AC_MSG_FAILURE([[[$0]] unknown IBM compiler patch version])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor, + [(__xlC__/10000)%10],, + AC_MSG_FAILURE([[[$0]] unknown IBM compiler minor version])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_major, + [(__xlC__/100000)%10],, + AC_MSG_FAILURE([[[$0]] unknown IBM compiler major version])) + ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="$_ax_[]_AC_LANG_ABBREV[]_compiler_version_major.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch" ]) +]) -AC_DEFUN([AX_COMPILER_VERSION], - [AC_REQUIRE([AX_COMPILER_VENDOR]) +# for pathscale +AC_DEFUN([_AX_COMPILER_VERSION_PATHSCALE],[ + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_major, + __PATHCC__,, + AC_MSG_FAILURE([[[$0]] unknown pathscale major])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor, + __PATHCC_MINOR__,, + AC_MSG_FAILURE([[[$0]] unknown pathscale minor])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch, + [__PATHCC_PATCHLEVEL__],, + AC_MSG_FAILURE([[[$0]] unknown pathscale patch level])) + ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="$_ax_[]_AC_LANG_ABBREV[]_compiler_version_major.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch" + ]) - AC_MSG_CHECKING([MINGW]) - AC_CHECK_DECL([__MINGW32__], - [MINGW=yes - ax_c_compiler_version_vendor=mingw], - [MINGW=no]) - AC_MSG_RESULT([$MINGW]) +# for clang +AC_DEFUN([_AX_COMPILER_VERSION_CLANG],[ + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_major, + __clang_major__,, + AC_MSG_FAILURE([[[$0]] unknown clang major])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor, + __clang_minor__,, + AC_MSG_FAILURE([[[$0]] unknown clang minor])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch, + [__clang_patchlevel__],,0) + ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="$_ax_[]_AC_LANG_ABBREV[]_compiler_version_major.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch" + ]) - AC_REQUIRE([_C_COMPILER_VERSION]) - AC_REQUIRE([_CXX_COMPILER_VERSION]) - AS_IF([test "x$GCC" = xyes], - [AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ -#if !defined(__GNUC__) || (__GNUC__ < 4) || ((__GNUC__ >= 4) && (__GNUC_MINOR__ < 7)) -# error GCC is Too Old! -#endif - ]])], - [ac_c_gcc_recent=yes], - [ac_c_gcc_recent=no]) +# for crayc +AC_DEFUN([_AX_COMPILER_VERSION_CRAY],[ + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_major, + _RELEASE,, + AC_MSG_FAILURE([[[$0]] unknown crayc release])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor, + _RELEASE_MINOR,, + AC_MSG_FAILURE([[[$0]] unknown crayc minor])) + ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="$_ax_[]_AC_LANG_ABBREV[]_compiler_version_major.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor" + ]) + +# for fujitsu +AC_DEFUN([_AX_COMPILER_VERSION_FUJITSU],[ + AC_COMPUTE_INT(ax_cv_[]_AC_LANG_ABBREV[]_compiler_version, + __FCC_VERSION,, + AC_MSG_FAILURE([[[$0]]unknown fujitsu release])) + ]) + +# for GNU +AC_DEFUN([_AX_COMPILER_VERSION_GNU],[ + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_major, + __GNUC__,, + AC_MSG_FAILURE([[[$0]] unknown gcc major])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor, + __GNUC_MINOR__,, + AC_MSG_FAILURE([[[$0]] unknown gcc minor])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch, + [__GNUC_PATCHLEVEL__],, + AC_MSG_FAILURE([[[$0]] unknown gcc patch level])) + ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="$_ax_[]_AC_LANG_ABBREV[]_compiler_version_major.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch" + ]) + +# For sun +AC_DEFUN([_AX_COMPILER_VERSION_SUN],[ + m4_define([_AX_COMPILER_VERSION_SUN_NUMBER], + [ + #if defined(__SUNPRO_CC) + __SUNPRO_CC + #else + __SUNPRO_C + #endif + ]) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_until59, + !!(_AX_COMPILER_VERSION_SUN_NUMBER < 0x1000),, + AC_MSG_FAILURE([[[$0]] unknown sun release version])) + AS_IF([test "X$_ax_[]_AC_LANG_ABBREV[]_compiler_version_until59" = X1], + [dnl + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch, + _AX_COMPILER_VERSION_SUN_NUMBER % 0x10,, + AC_MSG_FAILURE([[[$0]] unknown sun patch version])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor, + (_AX_COMPILER_VERSION_SUN_NUMBER / 0x10) % 0x10,, + AC_MSG_FAILURE([[[$0]] unknown sun minor version])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_major, + (_AX_COMPILER_VERSION_SUN_NUMBER / 0x100),, + AC_MSG_FAILURE([[[$0]] unknown sun major version])) + ], + [dnl + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch, + _AX_COMPILER_VERSION_SUN_NUMBER % 0x10,, + AC_MSG_FAILURE([[[$0]] unknown sun patch version])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor, + (_AX_COMPILER_VERSION_SUN_NUMBER / 0x100) % 0x100,, + AC_MSG_FAILURE([[[$0]] unknown sun minor version])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_major, + (_AX_COMPILER_VERSION_SUN_NUMBER / 0x1000),, + AC_MSG_FAILURE([[[$0]] unknown sun major version])) + ]) + ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="$_ax_[]_AC_LANG_ABBREV[]_compiler_version_major.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch" +]) + +AC_DEFUN([_AX_COMPILER_VERSION_HP],[ + m4_define([_AX_COMPILER_VERSION_HP_NUMBER], + [ + #if defined(__HP_cc) + __HP_cc + #else + __HP_aCC + #endif + ]) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_untilA0121, + !!(_AX_COMPILER_VERSION_HP_NUMBER <= 1),, + AC_MSG_FAILURE([[[$0]] unknown hp release version])) + AS_IF([test "X$_ax_[]_AC_LANG_ABBREV[]_compiler_version_untilA0121" = X1], + [dnl By default output last version with this behavior. + dnl it is so old + ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="01.21.00" + ], + [dnl + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch, + (_AX_COMPILER_VERSION_HP_NUMBER % 100),, + AC_MSG_FAILURE([[[$0]] unknown hp release version])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor, + ((_AX_COMPILER_VERSION_HP_NUMBER / 100)%100),, + AC_MSG_FAILURE([[[$0]] unknown hp minor version])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_major, + ((_AX_COMPILER_VERSION_HP_NUMBER / 10000)%100),, + AC_MSG_FAILURE([[[$0]] unknown hp major version])) + ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="$_ax_[]_AC_LANG_ABBREV[]_compiler_version_major.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch" + ]) +]) + +AC_DEFUN([_AX_COMPILER_VERSION_DEC],[dnl + m4_define([_AX_COMPILER_VERSION_DEC_NUMBER], + [ + #if defined(__DECC_VER) + __DECC_VER + #else + __DECCXX_VER + #endif + ]) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch, + (_AX_COMPILER_VERSION_DEC_NUMBER % 10000),, + AC_MSG_FAILURE([[[$0]] unknown dec release version])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor, + ((_AX_COMPILER_VERSION_DEC_NUMBER / 100000UL)%100),, + AC_MSG_FAILURE([[[$0]] unknown dec minor version])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_major, + ((_AX_COMPILER_VERSION_DEC_NUMBER / 10000000UL)%100),, + AC_MSG_FAILURE([[[$0]] unknown dec major version])) + ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="$_ax_[]_AC_LANG_ABBREV[]_compiler_version_major.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch" + ]) + +# borland +AC_DEFUN([_AX_COMPILER_VERSION_BORLAND],[dnl + m4_define([_AX_COMPILER_VERSION_TURBOC_NUMBER], + [ + #if defined(__TURBOC__) + __TURBOC__ + #else + choke me + #endif + ]) + m4_define([_AX_COMPILER_VERSION_BORLANDC_NUMBER], + [ + #if defined(__BORLANDC__) + __BORLANDC__ + #else + __CODEGEARC__ + #endif + ]) + AC_COMPILE_IFELSE( + [AC_LANG_PROGRAM(, + _AX_COMPILER_VERSION_TURBOC_NUMBER)], + [dnl TURBOC + AC_COMPUTE_INT( + _ax_[]_AC_LANG_ABBREV[]_compiler_version_turboc_raw, + _AX_COMPILER_VERSION_TURBOC_NUMBER,, + AC_MSG_FAILURE([[[$0]] unknown turboc version])) + AS_IF( + [test $_ax_[]_AC_LANG_ABBREV[]_compiler_version_turboc_raw -lt 661 || test $_ax_[]_AC_LANG_ABBREV[]_compiler_version_turboc_raw -gt 1023], + [dnl compute normal version + AC_COMPUTE_INT( + _ax_[]_AC_LANG_ABBREV[]_compiler_version_minor, + _AX_COMPILER_VERSION_TURBOC_NUMBER % 0x100,, + AC_MSG_FAILURE([[[$0]] unknown turboc minor version])) + AC_COMPUTE_INT( + _ax_[]_AC_LANG_ABBREV[]_compiler_version_major, + (_AX_COMPILER_VERSION_TURBOC_NUMBER/0x100)%0x100,, + AC_MSG_FAILURE([[[$0]] unknown turboc major version])) + ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="0turboc:$_ax_[]_AC_LANG_ABBREV[]_compiler_version_major.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor"], + [dnl special version + AS_CASE([$_ax_[]_AC_LANG_ABBREV[]_compiler_version_turboc_raw], + [661],[ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="0turboc:1.00"], + [662],[ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="0turboc:1.01"], + [663],[ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="0turboc:2.00"], + [ + AC_MSG_WARN([[[$0]] unknown turboc version between 0x295 and 0x400 please report bug]) + ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="" + ]) + ]) + ], + # borlandc + [ + AC_COMPUTE_INT( + _ax_[]_AC_LANG_ABBREV[]_compiler_version_borlandc_raw, + _AX_COMPILER_VERSION_BORLANDC_NUMBER,, + AC_MSG_FAILURE([[[$0]] unknown borlandc version])) + AS_CASE([$_ax_[]_AC_LANG_ABBREV[]_compiler_version_borlandc_raw], + dnl BORLANDC++ before 5.5 + [512] ,[ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="1borlanc:2.00"], + [1024],[ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="1borlanc:3.00"], + [1024],[ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="1borlanc:3.00"], + [1040],[ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="1borlanc:3.1"], + [1106],[ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="1borlanc:4.0"], + [1280],[ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="1borlanc:5.0"], + [1312],[ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="1borlanc:5.02"], + dnl C++ Builder era + [1328],[ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="2cppbuilder:3.0"], + [1344],[ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="2cppbuilder:4.0"], + dnl BORLANDC++ after 5.5 + [1360],[ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="3borlancpp:5.5"], + [1361],[ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="3borlancpp:5.51"], + [1378],[ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="3borlancpp:5.6.4"], + dnl C++ Builder with year number + [1392],[ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="4cppbuilder:2006"], + [1424],[ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="4cppbuilder:2007"], + [1555],[ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="4cppbuilder:2009"], + [1569],[ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="4cppbuilder:2010"], + dnl XE version + [1584],[ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="5xe"], + [1600],[ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="5xe:2"], + [1616],[ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="5xe:3"], + [1632],[ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="5xe:4"], + [ + AC_MSG_WARN([[[$0]] Unknown borlandc compiler version $_ax_[]_AC_LANG_ABBREV[]_compiler_version_borlandc_raw please report bug]) ]) ]) + ]) + +# COMO +AC_DEFUN([_AX_COMPILER_VERSION_COMEAU], + [ dnl + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor, + [__COMO_VERSION__%100],, + AC_MSG_FAILURE([[[$0]] unknown comeau compiler minor version])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_major, + [(__COMO_VERSION__/100)%10],, + AC_MSG_FAILURE([[[$0]] unknown comeau compiler major version])) + ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="$_ax_[]_AC_LANG_ABBREV[]_compiler_version_major.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor" + ]) + +# KAI +AC_DEFUN([_AX_COMPILER_VERSION_KAI],[ + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch, + [__KCC_VERSION%100],, + AC_MSG_FAILURE([[[$0]] unknown kay compiler patch version])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor, + [(__KCC_VERSION/100)%10],, + AC_MSG_FAILURE([[[$0]] unknown kay compiler minor version])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_major, + [(__KCC_VERSION/1000)%10],, + AC_MSG_FAILURE([[[$0]] unknown kay compiler major version])) + ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="$_ax_[]_AC_LANG_ABBREV[]_compiler_version_major.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch" + ]) + +dnl LCC +dnl LCC does not output version... + +# SGI +AC_DEFUN([_AX_COMPILER_VERSION_SGI],[ + m4_define([_AX_COMPILER_VERSION_SGI_NUMBER], + [ + #if defined(_COMPILER_VERSION) + _COMPILER_VERSION + #else + _SGI_COMPILER_VERSION + #endif + ]) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch, + [_AX_COMPILER_VERSION_SGI_NUMBER%10],, + AC_MSG_FAILURE([[[$0]] unknown SGI compiler patch version])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor, + [(_AX_COMPILER_VERSION_SGI_NUMBER/10)%10],, + AC_MSG_FAILURE([[[$0]] unknown SGI compiler minor version])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_major, + [(_AX_COMPILER_VERSION_SGI_NUMBER/100)%10],, + AC_MSG_FAILURE([[[$0]] unknown SGI compiler major version])) + ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="$_ax_[]_AC_LANG_ABBREV[]_compiler_version_major.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch" + ]) + +# microsoft +AC_DEFUN([_AX_COMPILER_VERSION_MICROSOFT],[ + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor, + _MSC_VER%100,, + AC_MSG_FAILURE([[[$0]] unknown microsoft compiler minor version])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_major, + (_MSC_VER/100)%100,, + AC_MSG_FAILURE([[[$0]] unknown microsoft compiler major version])) + dnl could be overridden + _ax_[]_AC_LANG_ABBREV[]_compiler_version_patch=0 + _ax_[]_AC_LANG_ABBREV[]_compiler_version_build=0 + # special case for version 6 + AS_IF([test "X$_ax_[]_AC_LANG_ABBREV[]_compiler_version_major" = "X12"], + [AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch, + _MSC_FULL_VER%1000,, + _ax_[]_AC_LANG_ABBREV[]_compiler_version_patch=0)]) + # for version 7 + AS_IF([test "X$_ax_[]_AC_LANG_ABBREV[]_compiler_version_major" = "X13"], + [AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch, + _MSC_FULL_VER%1000,, + AC_MSG_FAILURE([[[$0]] unknown microsoft compiler patch version])) + ]) + # for version > 8 + AS_IF([test $_ax_[]_AC_LANG_ABBREV[]_compiler_version_major -ge 14], + [AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch, + _MSC_FULL_VER%10000,, + AC_MSG_FAILURE([[[$0]] unknown microsoft compiler patch version])) + ]) + AS_IF([test $_ax_[]_AC_LANG_ABBREV[]_compiler_version_major -ge 15], + [AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_build, + _MSC_BUILD,, + AC_MSG_FAILURE([[[$0]] unknown microsoft compiler build version])) + ]) + ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="$_ax_[]_AC_LANG_ABBREV[]_compiler_version_major.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_build" + ]) + +# for metrowerks +AC_DEFUN([_AX_COMPILER_VERSION_METROWERKS],[dnl + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch, + __MWERKS__%0x100,, + AC_MSG_FAILURE([[[$0]] unknown metrowerks compiler patch version])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor, + (__MWERKS__/0x100)%0x10,, + AC_MSG_FAILURE([[[$0]] unknown metrowerks compiler minor version])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_major, + (__MWERKS__/0x1000)%0x10,, + AC_MSG_FAILURE([[[$0]] unknown metrowerks compiler major version])) + ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="$_ax_[]_AC_LANG_ABBREV[]_compiler_version_major.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch" + ]) + +# for watcom +AC_DEFUN([_AX_COMPILER_VERSION_WATCOM],[dnl + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor, + __WATCOMC__%100,, + AC_MSG_FAILURE([[[$0]] unknown watcom compiler minor version])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_major, + (__WATCOMC__/100)%100,, + AC_MSG_FAILURE([[[$0]] unknown watcom compiler major version])) + ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="$_ax_[]_AC_LANG_ABBREV[]_compiler_version_major.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor" + ]) + +# for PGI +AC_DEFUN([_AX_COMPILER_VERSION_PORTLAND],[ + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_major, + __PGIC__,, + AC_MSG_FAILURE([[[$0]] unknown pgi major])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor, + __PGIC_MINOR__,, + AC_MSG_FAILURE([[[$0]] unknown pgi minor])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch, + [__PGIC_PATCHLEVEL__],, + AC_MSG_FAILURE([[[$0]] unknown pgi patch level])) + ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="$_ax_[]_AC_LANG_ABBREV[]_compiler_version_major.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch" + ]) + +# tcc +AC_DEFUN([_AX_COMPILER_VERSION_TCC],[ + ax_cv_[]_AC_LANG_ABBREV[]_compiler_version=[`tcc -v | $SED 's/^[ ]*tcc[ ]\+version[ ]\+\([0-9.]\+\).*/\1/g'`] + ]) + +# for GNU +AC_DEFUN([_AX_COMPILER_VERSION_SDCC],[ + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_major, + /* avoid parse error with comments */ + #if(defined(__SDCC_VERSION_MAJOR)) + __SDCC_VERSION_MAJOR + #else + SDCC/100 + #endif + ,, + AC_MSG_FAILURE([[[$0]] unknown sdcc major])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor, + /* avoid parse error with comments */ + #if(defined(__SDCC_VERSION_MINOR)) + __SDCC_VERSION_MINOR + #else + (SDCC%100)/10 + #endif + ,, + AC_MSG_FAILURE([[[$0]] unknown sdcc minor])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch, + [ + /* avoid parse error with comments */ + #if(defined(__SDCC_VERSION_PATCH)) + __SDCC_VERSION_PATCH + #elsif(defined(_SDCC_VERSION_PATCHLEVEL)) + __SDCC_VERSION_PATCHLEVEL + #else + SDCC%10 + #endif + ],, + AC_MSG_FAILURE([[[$0]] unknown sdcc patch level])) + ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="$_ax_[]_AC_LANG_ABBREV[]_compiler_version_major.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch" + ]) + +# main entry point +AC_DEFUN([AX_COMPILER_VERSION],[dnl + AC_REQUIRE([AX_COMPILER_VENDOR]) + AC_REQUIRE([AC_PROG_SED]) + AC_CACHE_CHECK([for _AC_LANG compiler version], + ax_cv_[]_AC_LANG_ABBREV[]_compiler_version, + [ dnl + AS_CASE([$ax_cv_[]_AC_LANG_ABBREV[]_compiler_vendor], + [intel],[_AX_COMPILER_VERSION_INTEL], + [ibm],[_AX_COMPILER_VERSION_IBM], + [pathscale],[_AX_COMPILER_VERSION_PATHSCALE], + [clang],[_AX_COMPILER_VERSION_CLANG], + [cray],[_AX_COMPILER_VERSION_CRAY], + [fujitsu],[_AX_COMPILER_VERSION_FUJITSU], + [gnu],[_AX_COMPILER_VERSION_GNU], + [sun],[_AX_COMPILER_VERSION_SUN], + [hp],[_AX_COMPILER_VERSION_HP], + [dec],[_AX_COMPILER_VERSION_DEC], + [borland],[_AX_COMPILER_VERSION_BORLAND], + [comeau],[_AX_COMPILER_VERSION_COMEAU], + [kai],[_AX_COMPILER_VERSION_KAI], + [sgi],[_AX_COMPILER_VERSION_SGI], + [microsoft],[_AX_COMPILER_VERSION_MICROSOFT], + [metrowerks],[_AX_COMPILER_VERSION_METROWERKS], + [watcom],[_AX_COMPILER_VERSION_WATCOM], + [portland],[_AX_COMPILER_VERSION_PORTLAND], + [tcc],[_AX_COMPILER_VERSION_TCC], + [sdcc],[_AX_COMPILER_VERSION_SDCC], + [ax_cv_[]_AC_LANG_ABBREV[]_compiler_version=""]) + ]) +]) diff --git a/m4/ax_count_cpus.m4 b/m4/ax_count_cpus.m4 index d4f3d290f..5db892553 100644 --- a/m4/ax_count_cpus.m4 +++ b/m4/ax_count_cpus.m4 @@ -1,20 +1,24 @@ # =========================================================================== -# http://www.gnu.org/software/autoconf-archive/ax_count_cpus.html +# https://www.gnu.org/software/autoconf-archive/ax_count_cpus.html # =========================================================================== # # SYNOPSIS # -# AX_COUNT_CPUS +# AX_COUNT_CPUS([ACTION-IF-DETECTED],[ACTION-IF-NOT-DETECTED]) # # DESCRIPTION # -# Attempt to count the number of processors present on the machine. If the -# detection fails, then a value of 1 is assumed. +# Attempt to count the number of logical processor cores (including +# virtual and HT cores) currently available to use on the machine and +# place detected value in CPU_COUNT variable. # -# The value is placed in the CPU_COUNT variable. +# On successful detection, ACTION-IF-DETECTED is executed if present. If +# the detection fails, then ACTION-IF-NOT-DETECTED is triggered. The +# default ACTION-IF-NOT-DETECTED is to set CPU_COUNT to 1. # # LICENSE # +# Copyright (c) 2014,2016 Karlson2k (Evgeny Grin) # Copyright (c) 2012 Brian Aker # Copyright (c) 2008 Michael Paul Bailey # Copyright (c) 2008 Christophe Tournayre @@ -24,34 +28,74 @@ # and this notice are preserved. This file is offered as-is, without any # warranty. -#serial 10 +#serial 22 - AC_DEFUN([AX_COUNT_CPUS],[ - AC_REQUIRE([AC_CANONICAL_HOST]) - AC_REQUIRE([AC_PROG_EGREP]) + AC_DEFUN([AX_COUNT_CPUS],[dnl + AC_REQUIRE([AC_CANONICAL_HOST])dnl + AC_REQUIRE([AC_PROG_EGREP])dnl AC_MSG_CHECKING([the number of available CPUs]) CPU_COUNT="0" - AS_CASE([$host_os],[ - *darwin*],[ - AS_IF([test -x /usr/sbin/sysctl],[ - sysctl_a=`/usr/sbin/sysctl -a 2>/dev/null| grep -c hw.cpu` - AS_IF([test sysctl_a],[ - CPU_COUNT=`/usr/sbin/sysctl -n hw.ncpu` - ]) - ])],[ - *linux*],[ - AS_IF([test "x$CPU_COUNT" = "x0" -a -e /proc/cpuinfo],[ - AS_IF([test "x$CPU_COUNT" = "x0" -a -e /proc/cpuinfo],[ - CPU_COUNT=`$EGREP -c '^processor' /proc/cpuinfo` - ]) - ]) - ]) + # Try generic methods - AS_IF([test "x$CPU_COUNT" = "x0"],[ - CPU_COUNT="1" - AC_MSG_RESULT( [unable to detect (assuming 1)] ) - ],[ - AC_MSG_RESULT( $CPU_COUNT ) - ]) - ]) + # 'getconf' is POSIX utility, but '_NPROCESSORS_ONLN' and + # 'NPROCESSORS_ONLN' are platform-specific + command -v getconf >/dev/null 2>&1 && \ + CPU_COUNT=`getconf _NPROCESSORS_ONLN 2>/dev/null || getconf NPROCESSORS_ONLN 2>/dev/null` || CPU_COUNT="0" + AS_IF([[test "$CPU_COUNT" -gt "0" 2>/dev/null || ! command -v nproc >/dev/null 2>&1]],[[: # empty]],[dnl + # 'nproc' is part of GNU Coreutils and is widely available + CPU_COUNT=`OMP_NUM_THREADS='' nproc 2>/dev/null` || CPU_COUNT=`nproc 2>/dev/null` || CPU_COUNT="0" + ])dnl + + AS_IF([[test "$CPU_COUNT" -gt "0" 2>/dev/null]],[[: # empty]],[dnl + # Try platform-specific preferred methods + AS_CASE([[$host_os]],dnl + [[*linux*]],[[CPU_COUNT=`lscpu -p 2>/dev/null | $EGREP -e '^@<:@0-9@:>@+,' -c` || CPU_COUNT="0"]],dnl + [[*darwin*]],[[CPU_COUNT=`sysctl -n hw.logicalcpu 2>/dev/null` || CPU_COUNT="0"]],dnl + [[freebsd*]],[[command -v sysctl >/dev/null 2>&1 && CPU_COUNT=`sysctl -n kern.smp.cpus 2>/dev/null` || CPU_COUNT="0"]],dnl + [[netbsd*]], [[command -v sysctl >/dev/null 2>&1 && CPU_COUNT=`sysctl -n hw.ncpuonline 2>/dev/null` || CPU_COUNT="0"]],dnl + [[solaris*]],[[command -v psrinfo >/dev/null 2>&1 && CPU_COUNT=`psrinfo 2>/dev/null | $EGREP -e '^@<:@0-9@:>@.*on-line' -c 2>/dev/null` || CPU_COUNT="0"]],dnl + [[mingw*]],[[CPU_COUNT=`ls -qpU1 /proc/registry/HKEY_LOCAL_MACHINE/HARDWARE/DESCRIPTION/System/CentralProcessor/ 2>/dev/null | $EGREP -e '^@<:@0-9@:>@+/' -c` || CPU_COUNT="0"]],dnl + [[msys*]],[[CPU_COUNT=`ls -qpU1 /proc/registry/HKEY_LOCAL_MACHINE/HARDWARE/DESCRIPTION/System/CentralProcessor/ 2>/dev/null | $EGREP -e '^@<:@0-9@:>@+/' -c` || CPU_COUNT="0"]],dnl + [[cygwin*]],[[CPU_COUNT=`ls -qpU1 /proc/registry/HKEY_LOCAL_MACHINE/HARDWARE/DESCRIPTION/System/CentralProcessor/ 2>/dev/null | $EGREP -e '^@<:@0-9@:>@+/' -c` || CPU_COUNT="0"]]dnl + )dnl + ])dnl + + AS_IF([[test "$CPU_COUNT" -gt "0" 2>/dev/null || ! command -v sysctl >/dev/null 2>&1]],[[: # empty]],[dnl + # Try less preferred generic method + # 'hw.ncpu' exist on many platforms, but not on GNU/Linux + CPU_COUNT=`sysctl -n hw.ncpu 2>/dev/null` || CPU_COUNT="0" + ])dnl + + AS_IF([[test "$CPU_COUNT" -gt "0" 2>/dev/null]],[[: # empty]],[dnl + # Try platform-specific fallback methods + # They can be less accurate and slower then preferred methods + AS_CASE([[$host_os]],dnl + [[*linux*]],[[CPU_COUNT=`$EGREP -e '^processor' -c /proc/cpuinfo 2>/dev/null` || CPU_COUNT="0"]],dnl + [[*darwin*]],[[CPU_COUNT=`system_profiler SPHardwareDataType 2>/dev/null | $EGREP -i -e 'number of cores:'|cut -d : -f 2 -s|tr -d ' '` || CPU_COUNT="0"]],dnl + [[freebsd*]],[[CPU_COUNT=`dmesg 2>/dev/null| $EGREP -e '^cpu@<:@0-9@:>@+: '|sort -u|$EGREP -e '^' -c` || CPU_COUNT="0"]],dnl + [[netbsd*]], [[CPU_COUNT=`command -v cpuctl >/dev/null 2>&1 && cpuctl list 2>/dev/null| $EGREP -e '^@<:@0-9@:>@+ .* online ' -c` || \ + CPU_COUNT=`dmesg 2>/dev/null| $EGREP -e '^cpu@<:@0-9@:>@+ at'|sort -u|$EGREP -e '^' -c` || CPU_COUNT="0"]],dnl + [[solaris*]],[[command -v kstat >/dev/null 2>&1 && CPU_COUNT=`kstat -m cpu_info -s state -p 2>/dev/null | $EGREP -c -e 'on-line'` || \ + CPU_COUNT=`kstat -m cpu_info 2>/dev/null | $EGREP -c -e 'module: cpu_info'` || CPU_COUNT="0"]],dnl + [[mingw*]],[AS_IF([[CPU_COUNT=`reg query 'HKLM\\Hardware\\Description\\System\\CentralProcessor' 2>/dev/null | $EGREP -e '\\\\@<:@0-9@:>@+$' -c`]],dnl + [[: # empty]],[[test "$NUMBER_OF_PROCESSORS" -gt "0" 2>/dev/null && CPU_COUNT="$NUMBER_OF_PROCESSORS"]])],dnl + [[msys*]],[[test "$NUMBER_OF_PROCESSORS" -gt "0" 2>/dev/null && CPU_COUNT="$NUMBER_OF_PROCESSORS"]],dnl + [[cygwin*]],[[test "$NUMBER_OF_PROCESSORS" -gt "0" 2>/dev/null && CPU_COUNT="$NUMBER_OF_PROCESSORS"]]dnl + )dnl + ])dnl + + AS_IF([[test "x$CPU_COUNT" != "x0" && test "$CPU_COUNT" -gt 0 2>/dev/null]],[dnl + AC_MSG_RESULT([[$CPU_COUNT]]) + m4_ifvaln([$1],[$1],)dnl + ],[dnl + m4_ifval([$2],[dnl + AS_UNSET([[CPU_COUNT]]) + AC_MSG_RESULT([[unable to detect]]) + $2 + ], [dnl + CPU_COUNT="1" + AC_MSG_RESULT([[unable to detect (assuming 1)]]) + ])dnl + ])dnl + ])dnl diff --git a/m4/ax_file_escapes.m4 b/m4/ax_file_escapes.m4 index f4c6a06ae..a86fdc326 100644 --- a/m4/ax_file_escapes.m4 +++ b/m4/ax_file_escapes.m4 @@ -1,5 +1,5 @@ # =========================================================================== -# http://www.gnu.org/software/autoconf-archive/ax_file_escapes.html +# https://www.gnu.org/software/autoconf-archive/ax_file_escapes.html # =========================================================================== # # SYNOPSIS @@ -19,7 +19,7 @@ # and this notice are preserved. This file is offered as-is, without any # warranty. -#serial 7 +#serial 8 AC_DEFUN([AX_FILE_ESCAPES],[ AX_DOLLAR="\$" diff --git a/m4/ax_harden_compiler_flags.m4 b/m4/ax_harden_compiler_flags.m4 index c0ee1b17e..908855626 100644 --- a/m4/ax_harden_compiler_flags.m4 +++ b/m4/ax_harden_compiler_flags.m4 @@ -67,6 +67,7 @@ # changes: deleted the clearing of CFLAGS AC_DEFUN([AX_HARDEN_LINKER_FLAGS], [ + AX_REQUIRE_DEFINED([AX_CHECK_LINK_FLAG]) AC_REQUIRE([AX_VCS_CHECKOUT]) AC_REQUIRE([AX_DEBUG]) @@ -95,6 +96,7 @@ ]) AC_DEFUN([AX_HARDEN_CC_COMPILER_FLAGS], [ + AX_REQUIRE_DEFINED([AX_APPEND_COMPILE_FLAGS]) AC_REQUIRE([AX_HARDEN_LINKER_FLAGS]) AC_LANG_PUSH([C]) @@ -160,6 +162,7 @@ ]) AC_DEFUN([AX_HARDEN_CXX_COMPILER_FLAGS], [ + AC_REQUIRE_DEFINED([AX_APPEND_COMPILE_FLAGS]) AC_REQUIRE([AX_HARDEN_CC_COMPILER_FLAGS]) AC_LANG_PUSH([C++]) @@ -227,6 +230,7 @@ ]) AC_DEFUN([AX_CC_OTHER_FLAGS], [ + AX_REQUIRE_DEFINED([AX_APPEND_COMPILE_FLAGS]) AC_REQUIRE([AX_HARDEN_CC_COMPILER_FLAGS]) AC_LANG_PUSH([C]) diff --git a/m4/ax_print_to_file.m4 b/m4/ax_print_to_file.m4 index 5b9d1c391..8aa71120d 100644 --- a/m4/ax_print_to_file.m4 +++ b/m4/ax_print_to_file.m4 @@ -1,5 +1,5 @@ # =========================================================================== -# http://www.gnu.org/software/autoconf-archive/ax_print_to_file.html +# https://www.gnu.org/software/autoconf-archive/ax_print_to_file.html # =========================================================================== # # SYNOPSIS @@ -19,7 +19,7 @@ # and this notice are preserved. This file is offered as-is, without any # warranty. -#serial 7 +#serial 8 AC_DEFUN([AX_PRINT_TO_FILE],[ AC_REQUIRE([AX_FILE_ESCAPES]) diff --git a/m4/ax_pthread.m4 b/m4/ax_pthread.m4 index bdb34b0ae..ada7071f2 100644 --- a/m4/ax_pthread.m4 +++ b/m4/ax_pthread.m4 @@ -1,5 +1,5 @@ # =========================================================================== -# http://www.gnu.org/software/autoconf-archive/ax_pthread.html +# https://www.gnu.org/software/autoconf-archive/ax_pthread.html # =========================================================================== # # SYNOPSIS @@ -19,10 +19,10 @@ # is necessary on AIX to use the special cc_r compiler alias.) # # NOTE: You are assumed to not only compile your program with these flags, -# but also link it with them as well. e.g. you should link with +# but also to link with them as well. For example, you might link with # $PTHREAD_CC $CFLAGS $PTHREAD_CFLAGS $LDFLAGS ... $PTHREAD_LIBS $LIBS # -# If you are only building threads programs, you may wish to use these +# If you are only building threaded programs, you may wish to use these # variables in your default LIBS, CFLAGS, and CC: # # LIBS="$PTHREAD_LIBS $LIBS" @@ -30,8 +30,8 @@ # CC="$PTHREAD_CC" # # In addition, if the PTHREAD_CREATE_JOINABLE thread-attribute constant -# has a nonstandard name, defines PTHREAD_CREATE_JOINABLE to that name -# (e.g. PTHREAD_CREATE_UNDETACHED on AIX). +# has a nonstandard name, this macro defines PTHREAD_CREATE_JOINABLE to +# that name (e.g. PTHREAD_CREATE_UNDETACHED on AIX). # # Also HAVE_PTHREAD_PRIO_INHERIT is defined if pthread is found and the # PTHREAD_PRIO_INHERIT symbol is defined when compiling with @@ -67,7 +67,7 @@ # Public License for more details. # # You should have received a copy of the GNU General Public License along -# with this program. If not, see . +# with this program. If not, see . # # As a special exception, the respective Autoconf Macro's copyright owner # gives unlimited permission to copy, distribute and modify the configure @@ -82,35 +82,40 @@ # modified version of the Autoconf Macro, you may extend this special # exception to the GPL to apply to your modified version as well. -#serial 20 +#serial 24 AU_ALIAS([ACX_PTHREAD], [AX_PTHREAD]) AC_DEFUN([AX_PTHREAD], [ AC_REQUIRE([AC_CANONICAL_HOST]) +AC_REQUIRE([AC_PROG_CC]) +AC_REQUIRE([AC_PROG_SED]) AC_LANG_PUSH([C]) ax_pthread_ok=no # We used to check for pthread.h first, but this fails if pthread.h -# requires special compiler flags (e.g. on True64 or Sequent). +# requires special compiler flags (e.g. on Tru64 or Sequent). # It gets checked for in the link test anyway. # First of all, check if the user has set any of the PTHREAD_LIBS, # etcetera environment variables, and if threads linking works using # them: -if test x"$PTHREAD_LIBS$PTHREAD_CFLAGS" != x; then - save_CFLAGS="$CFLAGS" +if test "x$PTHREAD_CFLAGS$PTHREAD_LIBS" != "x"; then + ax_pthread_save_CC="$CC" + ax_pthread_save_CFLAGS="$CFLAGS" + ax_pthread_save_LIBS="$LIBS" + AS_IF([test "x$PTHREAD_CC" != "x"], [CC="$PTHREAD_CC"]) CFLAGS="$CFLAGS $PTHREAD_CFLAGS" - save_LIBS="$LIBS" LIBS="$PTHREAD_LIBS $LIBS" - AC_MSG_CHECKING([for pthread_join in LIBS=$PTHREAD_LIBS with CFLAGS=$PTHREAD_CFLAGS]) - AC_TRY_LINK_FUNC(pthread_join, ax_pthread_ok=yes) - AC_MSG_RESULT($ax_pthread_ok) - if test x"$ax_pthread_ok" = xno; then + AC_MSG_CHECKING([for pthread_join using $CC $PTHREAD_CFLAGS $PTHREAD_LIBS]) + AC_LINK_IFELSE([AC_LANG_CALL([], [pthread_join])], [ax_pthread_ok=yes]) + AC_MSG_RESULT([$ax_pthread_ok]) + if test "x$ax_pthread_ok" = "xno"; then PTHREAD_LIBS="" PTHREAD_CFLAGS="" fi - LIBS="$save_LIBS" - CFLAGS="$save_CFLAGS" + CC="$ax_pthread_save_CC" + CFLAGS="$ax_pthread_save_CFLAGS" + LIBS="$ax_pthread_save_LIBS" fi # We must check for the threads library under a number of different @@ -123,7 +128,7 @@ fi # which indicates that we try without any flags at all, and "pthread-config" # which is a program returning the flags for the Pth emulation library. -ax_pthread_flags="pthreads none -Kthread -kthread lthread -pthread -pthreads -mthreads pthread --thread-safe -mt pthread-config" +ax_pthread_flags="pthreads none -Kthread -pthread -pthreads -mthreads pthread --thread-safe -mt pthread-config" # The ordering *is* (sometimes) important. Some notes on the # individual items follow: @@ -132,71 +137,225 @@ ax_pthread_flags="pthreads none -Kthread -kthread lthread -pthread -pthreads -mt # none: in case threads are in libc; should be tried before -Kthread and # other compiler flags to prevent continual compiler warnings # -Kthread: Sequent (threads in libc, but -Kthread needed for pthread.h) -# -kthread: FreeBSD kernel threads (preferred to -pthread since SMP-able) -# lthread: LinuxThreads port on FreeBSD (also preferred to -pthread) -# -pthread: Linux/gcc (kernel threads), BSD/gcc (userland threads) -# -pthreads: Solaris/gcc -# -mthreads: Mingw32/gcc, Lynx/gcc +# -pthread: Linux/gcc (kernel threads), BSD/gcc (userland threads), Tru64 +# (Note: HP C rejects this with "bad form for `-t' option") +# -pthreads: Solaris/gcc (Note: HP C also rejects) # -mt: Sun Workshop C (may only link SunOS threads [-lthread], but it -# doesn't hurt to check since this sometimes defines pthreads too; -# also defines -D_REENTRANT) -# ... -mt is also the pthreads flag for HP/aCC +# doesn't hurt to check since this sometimes defines pthreads and +# -D_REENTRANT too), HP C (must be checked before -lpthread, which +# is present but should not be used directly; and before -mthreads, +# because the compiler interprets this as "-mt" + "-hreads") +# -mthreads: Mingw32/gcc, Lynx/gcc # pthread: Linux, etcetera # --thread-safe: KAI C++ # pthread-config: use pthread-config program (for GNU Pth library) -case ${host_os} in +case $host_os in + + freebsd*) + + # -kthread: FreeBSD kernel threads (preferred to -pthread since SMP-able) + # lthread: LinuxThreads port on FreeBSD (also preferred to -pthread) + + ax_pthread_flags="-kthread lthread $ax_pthread_flags" + ;; + + hpux*) + + # From the cc(1) man page: "[-mt] Sets various -D flags to enable + # multi-threading and also sets -lpthread." + + ax_pthread_flags="-mt -pthread pthread $ax_pthread_flags" + ;; + + openedition*) + + # IBM z/OS requires a feature-test macro to be defined in order to + # enable POSIX threads at all, so give the user a hint if this is + # not set. (We don't define these ourselves, as they can affect + # other portions of the system API in unpredictable ways.) + + AC_EGREP_CPP([AX_PTHREAD_ZOS_MISSING], + [ +# if !defined(_OPEN_THREADS) && !defined(_UNIX03_THREADS) + AX_PTHREAD_ZOS_MISSING +# endif + ], + [AC_MSG_WARN([IBM z/OS requires -D_OPEN_THREADS or -D_UNIX03_THREADS to enable pthreads support.])]) + ;; + solaris*) # On Solaris (at least, for some versions), libc contains stubbed # (non-functional) versions of the pthreads routines, so link-based - # tests will erroneously succeed. (We need to link with -pthreads/-mt/ - # -lpthread.) (The stubs are missing pthread_cleanup_push, or rather - # a function called by this macro, so we could check for that, but - # who knows whether they'll stub that too in a future libc.) So, - # we'll just look for -pthreads and -lpthread first: + # tests will erroneously succeed. (N.B.: The stubs are missing + # pthread_cleanup_push, or rather a function called by this macro, + # so we could check for that, but who knows whether they'll stub + # that too in a future libc.) So we'll check first for the + # standard Solaris way of linking pthreads (-mt -lpthread). - ax_pthread_flags="-pthreads pthread -mt -pthread $ax_pthread_flags" - ;; - - darwin*) - AC_REQUIRE([WOLFSSL_DARWIN_USING_CLANG]) - AS_IF([test x"$wolfssl_darwin_clang" = x"yes"], - [ax_pthread_flags="$ax_pthread_flags"], - [ax_pthread_flags="-pthread $ax_pthread_flags"]) + ax_pthread_flags="-mt,pthread pthread $ax_pthread_flags" ;; esac -if test x"$ax_pthread_ok" = xno; then -for flag in $ax_pthread_flags; do +# GCC generally uses -pthread, or -pthreads on some platforms (e.g. SPARC) - case $flag in +AS_IF([test "x$GCC" = "xyes"], + [ax_pthread_flags="-pthread -pthreads $ax_pthread_flags"]) + +# The presence of a feature test macro requesting re-entrant function +# definitions is, on some systems, a strong hint that pthreads support is +# correctly enabled + +case $host_os in + darwin* | hpux* | linux* | osf* | solaris*) + ax_pthread_check_macro="_REENTRANT" + ;; + + aix*) + ax_pthread_check_macro="_THREAD_SAFE" + ;; + + *) + ax_pthread_check_macro="--" + ;; +esac +AS_IF([test "x$ax_pthread_check_macro" = "x--"], + [ax_pthread_check_cond=0], + [ax_pthread_check_cond="!defined($ax_pthread_check_macro)"]) + +# Are we compiling with Clang? + +AC_CACHE_CHECK([whether $CC is Clang], + [ax_cv_PTHREAD_CLANG], + [ax_cv_PTHREAD_CLANG=no + # Note that Autoconf sets GCC=yes for Clang as well as GCC + if test "x$GCC" = "xyes"; then + AC_EGREP_CPP([AX_PTHREAD_CC_IS_CLANG], + [/* Note: Clang 2.7 lacks __clang_[a-z]+__ */ +# if defined(__clang__) && defined(__llvm__) + AX_PTHREAD_CC_IS_CLANG +# endif + ], + [ax_cv_PTHREAD_CLANG=yes]) + fi + ]) +ax_pthread_clang="$ax_cv_PTHREAD_CLANG" + +ax_pthread_clang_warning=no + +# Clang needs special handling, because older versions handle the -pthread +# option in a rather... idiosyncratic way + +if test "x$ax_pthread_clang" = "xyes"; then + + # Clang takes -pthread; it has never supported any other flag + + # (Note 1: This will need to be revisited if a system that Clang + # supports has POSIX threads in a separate library. This tends not + # to be the way of modern systems, but it's conceivable.) + + # (Note 2: On some systems, notably Darwin, -pthread is not needed + # to get POSIX threads support; the API is always present and + # active. We could reasonably leave PTHREAD_CFLAGS empty. But + # -pthread does define _REENTRANT, and while the Darwin headers + # ignore this macro, third-party headers might not.) + + PTHREAD_CFLAGS="-pthread" + PTHREAD_LIBS= + + ax_pthread_ok=yes + + # However, older versions of Clang make a point of warning the user + # that, in an invocation where only linking and no compilation is + # taking place, the -pthread option has no effect ("argument unused + # during compilation"). They expect -pthread to be passed in only + # when source code is being compiled. + # + # Problem is, this is at odds with the way Automake and most other + # C build frameworks function, which is that the same flags used in + # compilation (CFLAGS) are also used in linking. Many systems + # supported by AX_PTHREAD require exactly this for POSIX threads + # support, and in fact it is often not straightforward to specify a + # flag that is used only in the compilation phase and not in + # linking. Such a scenario is extremely rare in practice. + # + # Even though use of the -pthread flag in linking would only print + # a warning, this can be a nuisance for well-run software projects + # that build with -Werror. So if the active version of Clang has + # this misfeature, we search for an option to squash it. + + AC_CACHE_CHECK([whether Clang needs flag to prevent "argument unused" warning when linking with -pthread], + [ax_cv_PTHREAD_CLANG_NO_WARN_FLAG], + [ax_cv_PTHREAD_CLANG_NO_WARN_FLAG=unknown + # Create an alternate version of $ac_link that compiles and + # links in two steps (.c -> .o, .o -> exe) instead of one + # (.c -> exe), because the warning occurs only in the second + # step + ax_pthread_save_ac_link="$ac_link" + ax_pthread_sed='s/conftest\.\$ac_ext/conftest.$ac_objext/g' + ax_pthread_link_step=`$as_echo "$ac_link" | sed "$ax_pthread_sed"` + ax_pthread_2step_ac_link="($ac_compile) && (echo ==== >&5) && ($ax_pthread_link_step)" + ax_pthread_save_CFLAGS="$CFLAGS" + for ax_pthread_try in '' -Qunused-arguments -Wno-unused-command-line-argument unknown; do + AS_IF([test "x$ax_pthread_try" = "xunknown"], [break]) + CFLAGS="-Werror -Wunknown-warning-option $ax_pthread_try -pthread $ax_pthread_save_CFLAGS" + ac_link="$ax_pthread_save_ac_link" + AC_LINK_IFELSE([AC_LANG_SOURCE([[int main(void){return 0;}]])], + [ac_link="$ax_pthread_2step_ac_link" + AC_LINK_IFELSE([AC_LANG_SOURCE([[int main(void){return 0;}]])], + [break]) + ]) + done + ac_link="$ax_pthread_save_ac_link" + CFLAGS="$ax_pthread_save_CFLAGS" + AS_IF([test "x$ax_pthread_try" = "x"], [ax_pthread_try=no]) + ax_cv_PTHREAD_CLANG_NO_WARN_FLAG="$ax_pthread_try" + ]) + + case "$ax_cv_PTHREAD_CLANG_NO_WARN_FLAG" in + no | unknown) ;; + *) PTHREAD_CFLAGS="$ax_cv_PTHREAD_CLANG_NO_WARN_FLAG $PTHREAD_CFLAGS" ;; + esac + +fi # $ax_pthread_clang = yes + +if test "x$ax_pthread_ok" = "xno"; then +for ax_pthread_try_flag in $ax_pthread_flags; do + + case $ax_pthread_try_flag in none) AC_MSG_CHECKING([whether pthreads work without any flags]) ;; + -mt,pthread) + AC_MSG_CHECKING([whether pthreads work with -mt -lpthread]) + PTHREAD_CFLAGS="-mt" + PTHREAD_LIBS="-lpthread" + ;; + -*) - AC_MSG_CHECKING([whether pthreads work with $flag]) - PTHREAD_CFLAGS="$flag" + AC_MSG_CHECKING([whether pthreads work with $ax_pthread_try_flag]) + PTHREAD_CFLAGS="$ax_pthread_try_flag" ;; pthread-config) - AC_CHECK_PROG(ax_pthread_config, pthread-config, yes, no) - if test x"$ax_pthread_config" = xno; then continue; fi + AC_CHECK_PROG([ax_pthread_config], [pthread-config], [yes], [no]) + AS_IF([test "x$ax_pthread_config" = "xno"], [continue]) PTHREAD_CFLAGS="`pthread-config --cflags`" PTHREAD_LIBS="`pthread-config --ldflags` `pthread-config --libs`" ;; *) - AC_MSG_CHECKING([for the pthreads library -l$flag]) - PTHREAD_LIBS="-l$flag" + AC_MSG_CHECKING([for the pthreads library -l$ax_pthread_try_flag]) + PTHREAD_LIBS="-l$ax_pthread_try_flag" ;; esac - save_LIBS="$LIBS" - save_CFLAGS="$CFLAGS" - LIBS="$PTHREAD_LIBS $LIBS" + ax_pthread_save_CFLAGS="$CFLAGS" + ax_pthread_save_LIBS="$LIBS" CFLAGS="$CFLAGS $PTHREAD_CFLAGS" + LIBS="$PTHREAD_LIBS $LIBS" # Check for various functions. We must include pthread.h, # since some functions may be macros. (On the Sequent, we @@ -207,7 +366,11 @@ for flag in $ax_pthread_flags; do # pthread_cleanup_push because it is one of the few pthread # functions on Solaris that doesn't have a non-functional libc stub. # We try pthread_create on general principles. + AC_LINK_IFELSE([AC_LANG_PROGRAM([#include +dnl# if $ax_pthread_check_cond +dnl# error "$ax_pthread_check_macro must be defined" +dnl# endif static void routine(void *a) { a = 0; } static void *start_routine(void *a) { return a; }], [pthread_t th; pthread_attr_t attr; @@ -216,16 +379,14 @@ for flag in $ax_pthread_flags; do pthread_attr_init(&attr); pthread_cleanup_push(routine, 0); pthread_cleanup_pop(0) /* ; */])], - [ax_pthread_ok=yes], - []) + [ax_pthread_ok=yes], + []) - LIBS="$save_LIBS" - CFLAGS="$save_CFLAGS" + CFLAGS="$ax_pthread_save_CFLAGS" + LIBS="$ax_pthread_save_LIBS" - AC_MSG_RESULT($ax_pthread_ok) - if test "x$ax_pthread_ok" = xyes; then - break; - fi + AC_MSG_RESULT([$ax_pthread_ok]) + AS_IF([test "x$ax_pthread_ok" = "xyes"], [break]) PTHREAD_LIBS="" PTHREAD_CFLAGS="" @@ -233,70 +394,74 @@ done fi # Various other checks: -if test "x$ax_pthread_ok" = xyes; then - save_LIBS="$LIBS" - LIBS="$PTHREAD_LIBS $LIBS" - save_CFLAGS="$CFLAGS" +if test "x$ax_pthread_ok" = "xyes"; then + ax_pthread_save_CFLAGS="$CFLAGS" + ax_pthread_save_LIBS="$LIBS" CFLAGS="$CFLAGS $PTHREAD_CFLAGS" + LIBS="$PTHREAD_LIBS $LIBS" # Detect AIX lossage: JOINABLE attribute is called UNDETACHED. - AC_MSG_CHECKING([for joinable pthread attribute]) - attr_name=unknown - for attr in PTHREAD_CREATE_JOINABLE PTHREAD_CREATE_UNDETACHED; do - AC_LINK_IFELSE([AC_LANG_PROGRAM([#include ], - [int attr = $attr; return attr /* ; */])], - [attr_name=$attr; break], - []) - done - AC_MSG_RESULT($attr_name) - if test "$attr_name" != PTHREAD_CREATE_JOINABLE; then - AC_DEFINE_UNQUOTED(PTHREAD_CREATE_JOINABLE, $attr_name, - [Define to necessary symbol if this constant - uses a non-standard name on your system.]) - fi + AC_CACHE_CHECK([for joinable pthread attribute], + [ax_cv_PTHREAD_JOINABLE_ATTR], + [ax_cv_PTHREAD_JOINABLE_ATTR=unknown + for ax_pthread_attr in PTHREAD_CREATE_JOINABLE PTHREAD_CREATE_UNDETACHED; do + AC_LINK_IFELSE([AC_LANG_PROGRAM([#include ], + [int attr = $ax_pthread_attr; return attr /* ; */])], + [ax_cv_PTHREAD_JOINABLE_ATTR=$ax_pthread_attr; break], + []) + done + ]) + AS_IF([test "x$ax_cv_PTHREAD_JOINABLE_ATTR" != "xunknown" && \ + test "x$ax_cv_PTHREAD_JOINABLE_ATTR" != "xPTHREAD_CREATE_JOINABLE" && \ + test "x$ax_pthread_joinable_attr_defined" != "xyes"], + [AC_DEFINE_UNQUOTED([PTHREAD_CREATE_JOINABLE], + [$ax_cv_PTHREAD_JOINABLE_ATTR], + [Define to necessary symbol if this constant + uses a non-standard name on your system.]) + ax_pthread_joinable_attr_defined=yes + ]) - AC_MSG_CHECKING([if more special flags are required for pthreads]) - flag=no - case ${host_os} in - aix* | freebsd* | darwin*) flag="-D_THREAD_SAFE";; - osf* | hpux*) flag="-D_REENTRANT";; - solaris*) - if test "$GCC" = "yes"; then - flag="-D_REENTRANT" - else - flag="-mt -D_REENTRANT" - fi - ;; - esac - AC_MSG_RESULT(${flag}) - if test "x$flag" != xno; then - PTHREAD_CFLAGS="$flag $PTHREAD_CFLAGS" - fi + AC_CACHE_CHECK([whether more special flags are required for pthreads], + [ax_cv_PTHREAD_SPECIAL_FLAGS], + [ax_cv_PTHREAD_SPECIAL_FLAGS=no + case $host_os in + solaris*) + ax_cv_PTHREAD_SPECIAL_FLAGS="-D_POSIX_PTHREAD_SEMANTICS" + ;; + esac + ]) + AS_IF([test "x$ax_cv_PTHREAD_SPECIAL_FLAGS" != "xno" && \ + test "x$ax_pthread_special_flags_added" != "xyes"], + [PTHREAD_CFLAGS="$ax_cv_PTHREAD_SPECIAL_FLAGS $PTHREAD_CFLAGS" + ax_pthread_special_flags_added=yes]) AC_CACHE_CHECK([for PTHREAD_PRIO_INHERIT], - ax_cv_PTHREAD_PRIO_INHERIT, [ - AC_LINK_IFELSE([ - AC_LANG_PROGRAM([[#include ]], [[int i = PTHREAD_PRIO_INHERIT;]])], - [ax_cv_PTHREAD_PRIO_INHERIT=yes], - [ax_cv_PTHREAD_PRIO_INHERIT=no]) + [ax_cv_PTHREAD_PRIO_INHERIT], + [AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include ]], + [[int i = PTHREAD_PRIO_INHERIT;]])], + [ax_cv_PTHREAD_PRIO_INHERIT=yes], + [ax_cv_PTHREAD_PRIO_INHERIT=no]) ]) - AS_IF([test "x$ax_cv_PTHREAD_PRIO_INHERIT" = "xyes"], - AC_DEFINE([HAVE_PTHREAD_PRIO_INHERIT], 1, [Have PTHREAD_PRIO_INHERIT.])) + AS_IF([test "x$ax_cv_PTHREAD_PRIO_INHERIT" = "xyes" && \ + test "x$ax_pthread_prio_inherit_defined" != "xyes"], + [AC_DEFINE([HAVE_PTHREAD_PRIO_INHERIT], [1], [Have PTHREAD_PRIO_INHERIT.]) + ax_pthread_prio_inherit_defined=yes + ]) - LIBS="$save_LIBS" - CFLAGS="$save_CFLAGS" + CFLAGS="$ax_pthread_save_CFLAGS" + LIBS="$ax_pthread_save_LIBS" # More AIX lossage: compile with *_r variant - if test "x$GCC" != xyes; then + if test "x$GCC" != "xyes"; then case $host_os in aix*) AS_CASE(["x/$CC"], - [x*/c89|x*/c89_128|x*/c99|x*/c99_128|x*/cc|x*/cc128|x*/xlc|x*/xlc_v6|x*/xlc128|x*/xlc128_v6], - [#handle absolute path differently from PATH based program lookup - AS_CASE(["x$CC"], - [x/*], - [AS_IF([AS_EXECUTABLE_P([${CC}_r])],[PTHREAD_CC="${CC}_r"])], - [AC_CHECK_PROGS([PTHREAD_CC],[${CC}_r],[$CC])])]) + [x*/c89|x*/c89_128|x*/c99|x*/c99_128|x*/cc|x*/cc128|x*/xlc|x*/xlc_v6|x*/xlc128|x*/xlc128_v6], + [#handle absolute path differently from PATH based program lookup + AS_CASE(["x$CC"], + [x/*], + [AS_IF([AS_EXECUTABLE_P([${CC}_r])],[PTHREAD_CC="${CC}_r"])], + [AC_CHECK_PROGS([PTHREAD_CC],[${CC}_r],[$CC])])]) ;; esac fi @@ -304,13 +469,13 @@ fi test -n "$PTHREAD_CC" || PTHREAD_CC="$CC" -AC_SUBST(PTHREAD_LIBS) -AC_SUBST(PTHREAD_CFLAGS) -AC_SUBST(PTHREAD_CC) +AC_SUBST([PTHREAD_LIBS]) +AC_SUBST([PTHREAD_CFLAGS]) +AC_SUBST([PTHREAD_CC]) # Finally, execute ACTION-IF-FOUND/ACTION-IF-NOT-FOUND: -if test x"$ax_pthread_ok" = xyes; then - ifelse([$1],,AC_DEFINE(HAVE_PTHREAD,1,[Define if you have POSIX threads libraries and header files.]),[$1]) +if test "x$ax_pthread_ok" = "xyes"; then + ifelse([$1],,[AC_DEFINE([HAVE_PTHREAD],[1],[Define if you have POSIX threads libraries and header files.])],[$1]) : else ax_pthread_ok=no diff --git a/m4/ax_require_defined.m4 b/m4/ax_require_defined.m4 new file mode 100644 index 000000000..17c3eab7d --- /dev/null +++ b/m4/ax_require_defined.m4 @@ -0,0 +1,37 @@ +# =========================================================================== +# https://www.gnu.org/software/autoconf-archive/ax_require_defined.html +# =========================================================================== +# +# SYNOPSIS +# +# AX_REQUIRE_DEFINED(MACRO) +# +# DESCRIPTION +# +# AX_REQUIRE_DEFINED is a simple helper for making sure other macros have +# been defined and thus are available for use. This avoids random issues +# where a macro isn't expanded. Instead the configure script emits a +# non-fatal: +# +# ./configure: line 1673: AX_CFLAGS_WARN_ALL: command not found +# +# It's like AC_REQUIRE except it doesn't expand the required macro. +# +# Here's an example: +# +# AX_REQUIRE_DEFINED([AX_CHECK_LINK_FLAG]) +# +# LICENSE +# +# Copyright (c) 2014 Mike Frysinger +# +# Copying and distribution of this file, with or without modification, are +# permitted in any medium without royalty provided the copyright notice +# and this notice are preserved. This file is offered as-is, without any +# warranty. + +#serial 2 + +AC_DEFUN([AX_REQUIRE_DEFINED], [dnl + m4_ifndef([$1], [m4_fatal([macro ]$1[ is not defined; is a m4 file missing?])]) +])dnl AX_REQUIRE_DEFINED diff --git a/m4/visibility.m4 b/m4/visibility.m4 index 757154f33..7e9976475 100644 --- a/m4/visibility.m4 +++ b/m4/visibility.m4 @@ -1,5 +1,5 @@ # visibility.m4 serial 5 (gettext-0.18.2) -dnl Copyright (C) 2005, 2008, 2010-2014 Free Software Foundation, Inc. +dnl Copyright (C) 2005, 2008, 2010-2018 Free Software Foundation, Inc. dnl This file is free software; the Free Software Foundation dnl gives unlimited permission to copy and/or distribute it, dnl with or without modifications, as long as this notice is preserved. @@ -58,7 +58,7 @@ AC_DEFUN([gl_VISIBILITY], extern __attribute__((__visibility__("default"))) int exportedvar; extern __attribute__((__visibility__("hidden"))) int hiddenfunc (void); extern __attribute__((__visibility__("default"))) int exportedfunc (void); - int hiddenfunc (void) { return 0; } + void dummyfunc (void) {} ]], [[]])], [gl_cv_cc_visibility=yes], diff --git a/m4/wolfssl_darwin_clang.m4 b/m4/wolfssl_darwin_clang.m4 deleted file mode 100644 index fee9b6ae0..000000000 --- a/m4/wolfssl_darwin_clang.m4 +++ /dev/null @@ -1,37 +0,0 @@ -# =========================================================================== -# -# SYNOPSIS -# -# WOLFSSL_DARWIN_USING_CLANG -# -# DESCRIPTION -# -# With the advent of Apple Xcode v5.0, the old tool sets are missing from -# the distribution. The provided "gcc" executable wrapper accepts the -# "-pthread" flag, and passes it to the underlying "clang" which chokes -# on it. This script checks the version of the gcc executable to see if -# it reports it is really "clang". -# -# The value is placed in the wolfssl_darwin_clang variable. -# -# LICENSE -# -# Copyright (c) 2013 John Safranek -# -# Copying and distribution of this file, with or without modification, are -# permitted in any medium without royalty provided the copyright notice -# and this notice are preserved. This file is offered as-is, without any -# warranty. - -#serial 1 - -AC_DEFUN([WOLFSSL_DARWIN_USING_CLANG], - [ - if test x"$CC" = xclang; then - wolfssl_darwin_clang=yes - elif test x"$CC" = x || test x"$CC" = xgcc; then - if /usr/bin/gcc -v 2>&1 | grep 'clang' >/dev/null 2>&1; then - wolfssl_darwin_clang=yes - fi - fi - ]) diff --git a/rpm/spec.in b/rpm/spec.in index 05fc27b84..e54f279cd 100644 --- a/rpm/spec.in +++ b/rpm/spec.in @@ -73,8 +73,8 @@ mkdir -p $RPM_BUILD_ROOT/ %{_docdir}/wolfssl/README.txt %{_libdir}/libwolfssl.la %{_libdir}/libwolfssl.so -%{_libdir}/libwolfssl.so.16 -%{_libdir}/libwolfssl.so.16.0.0 +%{_libdir}/libwolfssl.so.17 +%{_libdir}/libwolfssl.so.17.0.0 %files devel %defattr(-,root,root,-) @@ -287,6 +287,8 @@ mkdir -p $RPM_BUILD_ROOT/ %{_libdir}/pkgconfig/wolfssl.pc %changelog +* Thu May 31 2018 John Safranek +- Update the version number on the library SO file. * Fri Mar 02 2018 Jacob Barthelmeh - Added headder files fips.h, buffer.h, objects.h, rc4.h and example tls_bench.c * Fri Sep 08 2017 Jacob Barthelmeh diff --git a/scripts/google.test b/scripts/google.test index ecc126836..7b58a8a29 100755 --- a/scripts/google.test +++ b/scripts/google.test @@ -6,6 +6,13 @@ server=www.google.com [ ! -x ./examples/client/client ] && echo -e "\n\nClient doesn't exist" && exit 1 +# TODO: [TLS13] Remove this when google supports final version of TLS 1.3 +./examples/client/client -v 3 2>&1 | grep -- 'Bad SSL version' +if [ $? -eq 0 ]; then + echo -e "\n\nClient doesn't support TLS v1.2" + exit 0 +fi + # is our desired server there? ./scripts/ping.test $server 2 RESULT=$? diff --git a/scripts/openssl.test b/scripts/openssl.test index d8ed4fdf5..3fa04e058 100755 --- a/scripts/openssl.test +++ b/scripts/openssl.test @@ -21,6 +21,9 @@ wolf_suites_total=0 counter=0 testing_summary="OpenSSL Interop Testing Summary:\nVersion\tTested\t#Found\t#Tested\n" versionName="Invalid" +if [ "$OPENSSL" = "" ]; then + OPENSSL=openssl +fi version_name() { case $version in "0") @@ -73,7 +76,7 @@ else fi echo -e "\nTesting existence of openssl command...\n" -command -v openssl >/dev/null 2>&1 || { echo >&2 "Requires openssl command, but it's not installed. Ending."; exit 0; } +command -v $OPENSSL >/dev/null 2>&1 || { echo >&2 "Requires openssl command, but it's not installed. Ending."; exit 0; } echo -e "\nTesting for _build directory as part of distcheck, different paths" @@ -92,7 +95,7 @@ found_free_port=0 while [ "$counter" -lt 20 ]; do echo -e "\nTrying to start openssl server on port $openssl_port...\n" - openssl s_server -accept $openssl_port -cert ./certs/server-cert.pem -key ./certs/server-key.pem -quiet -CAfile ./certs/client-ca.pem -www -dhparam ./certs/dh2048.pem -dcert ./certs/server-ecc.pem -dkey ./certs/ecc-key.pem -verify 10 -verify_return_error -psk 1a2b3c4d -cipher "ALL:eNULL" & + $OPENSSL s_server -accept $openssl_port -cert ./certs/server-cert.pem -key ./certs/server-key.pem -quiet -CAfile ./certs/client-ca.pem -www -dhparam ./certs/dh2048.pem -dcert ./certs/server-ecc.pem -dkey ./certs/ecc-key.pem -verify 10 -verify_return_error -psk 1a2b3c4d -cipher "ALL:eNULL" & server_pid=$! # wait to see if s_server successfully starts before continuing sleep 0.1 @@ -127,7 +130,7 @@ case $wolf_ciphers in while [ "$counter" -lt 20 ]; do echo -e "\nTrying to start ECDH-RSA openssl server on port $ecdh_port...\n" - openssl s_server -accept $ecdh_port -cert ./certs/server-ecc-rsa.pem -key ./certs/ecc-key.pem -quiet -CAfile ./certs/client-ca.pem -www -dhparam ./certs/dh2048.pem -verify 10 -verify_return_error -cipher "ALL:eNULL" & + $OPENSSL s_server -accept $ecdh_port -cert ./certs/server-ecc-rsa.pem -key ./certs/ecc-key.pem -quiet -CAfile ./certs/client-ca.pem -www -dhparam ./certs/dh2048.pem -verify 10 -verify_return_error -cipher "ALL:eNULL" & ecdh_server_pid=$! # wait to see if s_server successfully starts before continuing sleep 0.1 @@ -193,11 +196,11 @@ do echo -e "version = $version" # get openssl ciphers depending on version case $version in "0") - openssl_ciphers=`openssl ciphers "SSLv3"` + openssl_ciphers=`$OPENSSL ciphers "SSLv3"` # double check that can actually do a sslv3 connection using # client-cert.pem to send but any file with EOF works - openssl s_client -ssl3 -no_ign_eof -host localhost -port $openssl_port < ./certs/client-cert.pem + $OPENSSL s_client -ssl3 -no_ign_eof -host localhost -port $openssl_port < ./certs/client-cert.pem sslv3_sup=$? if [ $sslv3_sup != 0 ] @@ -208,7 +211,7 @@ do fi ;; "1") - openssl_ciphers=`openssl ciphers "TLSv1"` + openssl_ciphers=`$OPENSSL ciphers "TLSv1"` tlsv1_sup=$? if [ $tlsv1_sup != 0 ] then @@ -218,7 +221,7 @@ do fi ;; "2") - openssl_ciphers=`openssl ciphers "TLSv1.1"` + openssl_ciphers=`$OPENSSL ciphers "TLSv1.1"` tlsv1_1_sup=$? if [ $tlsv1_1_sup != 0 ] then @@ -228,7 +231,7 @@ do fi ;; "3") - openssl_ciphers=`openssl ciphers "TLSv1.2"` + openssl_ciphers=`$OPENSSL ciphers "TLSv1.2"` tlsv1_2_sup=$? if [ $tlsv1_2_sup != 0 ] then @@ -238,7 +241,7 @@ do fi ;; "4") #test all suites - openssl_ciphers=`openssl ciphers "ALL"` + openssl_ciphers=`$OPENSSL ciphers "ALL"` all_sup=$? if [ $all_sup != 0 ] then diff --git a/scripts/psk.test b/scripts/psk.test index 01313b91b..0d21443f2 100755 --- a/scripts/psk.test +++ b/scripts/psk.test @@ -83,67 +83,55 @@ echo "" # client test against the server ############################### -# usual psk server / psk client -port=0 -./examples/server/server -j -R $ready_file -p $port & -server_pid=$! -create_port -./examples/client/client -s -p $port -RESULT=$? -remove_ready_file -if [ $RESULT -ne 0 ]; then - echo -e "\n\nClient connection failed" - do_cleanup - exit 1 -fi -echo "" +./examples/client/client -v 3 2>&1 | grep -- 'Bad SSL version' +if [ $? -ne 0 ]; then + # Usual server / client. This use case is tested in + # tests/unit.test and is used here for just checking if cipher suite + # is available (one case for example is with disable-asn) + port=0 + ./examples/server/server -R $ready_file -p $port -l DHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-DES-CBC3-SHA & + server_pid=$! + create_port + ./examples/client/client -p $port + RESULT=$? + remove_ready_file + # if fail here then is a settings issue so return 0 + if [ $RESULT -ne 0 ]; then + echo -e "\n\nIssue with choosen non PSK suites" + do_cleanup + exit 0 + fi + echo "" -# Usual server / client. This use case is tested in -# tests/unit.test and is used here for just checking if cipher suite -# is available (one case for example is with disable-asn) -port=0 -./examples/server/server -R $ready_file -p $port -l DHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-DES-CBC3-SHA & -server_pid=$! -create_port -./examples/client/client -p $port -RESULT=$? -remove_ready_file -# if fail here then is a settings issue so return 0 -if [ $RESULT -ne 0 ]; then - echo -e "\n\nIssue with choosen non PSK suites" - do_cleanup - exit 0 -fi -echo "" + # psk server with non psk client + port=0 + ./examples/server/server -j -R $ready_file -p $port & + server_pid=$! + create_port + ./examples/client/client -p $port + RESULT=$? + remove_ready_file + if [ $RESULT -ne 0 ]; then + echo -e "\n\nClient connection failed" + do_cleanup + exit 1 + fi + echo "" -# psk server with non psk client -port=0 -./examples/server/server -j -R $ready_file -p $port & -server_pid=$! -create_port -./examples/client/client -p $port -RESULT=$? -remove_ready_file -if [ $RESULT -ne 0 ]; then - echo -e "\n\nClient connection failed" - do_cleanup - exit 1 -fi -echo "" - -# check fail if no auth, psk server with non psk client -echo "Checking fail when not sending peer cert" -port=0 -./examples/server/server -j -R $ready_file -p $port & -server_pid=$! -create_port -./examples/client/client -x -p $port -RESULT=$? -remove_ready_file -if [ $RESULT -eq 0 ]; then - echo -e "\n\nClient connected when supposed to fail" - do_cleanup - exit 1 + # check fail if no auth, psk server with non psk client + echo "Checking fail when not sending peer cert" + port=0 + ./examples/server/server -j -R $ready_file -p $port & + server_pid=$! + create_port + ./examples/client/client -x -p $port + RESULT=$? + remove_ready_file + if [ $RESULT -eq 0 ]; then + echo -e "\n\nClient connected when supposed to fail" + do_cleanup + exit 1 + fi fi echo -e "\nALL Tests Passed" diff --git a/scripts/tls13.test b/scripts/tls13.test index 368256963..4fc0dd56c 100755 --- a/scripts/tls13.test +++ b/scripts/tls13.test @@ -14,12 +14,13 @@ counter=0 # also let's add some randomness by adding pid in case multiple 'make check's # per source tree ready_file=`pwd`/wolfssl_tls13_ready$$ +client_file=`pwd`/wolfssl_tls13_client$$ echo "ready file $ready_file" create_port() { while [ ! -s $ready_file ]; do - if [ -a "$counter" -gt 50 ]; then + if [ "$counter" -gt 50 ]; then break fi echo -e "waiting for ready file..." @@ -54,6 +55,10 @@ do_cleanup() { kill -9 $server_pid fi remove_ready_file + if [ -e $client_file ]; then + echo -e "removing existing client file" + rm $client_file + fi } do_trap() { @@ -72,7 +77,7 @@ port=0 ./examples/server/server -v 4 -R $ready_file -p $port & server_pid=$! create_port -./examples/client/client -v 4 -p $port +./examples/client/client -v 4 -p $port | tee $client_file RESULT=$? remove_ready_file if [ $RESULT -ne 0 ]; then @@ -82,268 +87,6 @@ if [ $RESULT -ne 0 ]; then fi echo "" -# Usual TLS v1.3 server / TLS v1.3 client - fragment. -echo -e "\n\nTLS v1.3 server with TLS v1.3 client - fragment" -port=0 -./examples/server/server -v 4 -R $ready_file -p $port & -server_pid=$! -create_port -./examples/client/client -v 4 -F 1 -p $port -RESULT=$? -remove_ready_file -if [ $RESULT -ne 0 ]; then - echo -e "\n\nTLS v1.3 and fragments not working" - do_cleanup - exit 1 -fi -echo "" - -# Use HelloRetryRequest with TLS v1.3 server / TLS v1.3 client. -echo -e "\n\nTLS v1.3 HelloRetryRequest" -port=0 -./examples/server/server -v 4 -R $ready_file -p $port & -server_pid=$! -create_port -./examples/client/client -v 4 -J -p $port -RESULT=$? -remove_ready_file -if [ $RESULT -ne 0 ]; then - echo -e "\n\nTLS v1.3 HelloRetryRequest not working" - do_cleanup - exit 1 -fi -echo "" - -# Use HelloRetryRequest with TLS v1.3 server / TLS v1.3 client using cookie -echo -e "\n\nTLS v1.3 HelloRetryRequest with cookie" -port=0 -./examples/server/server -v 4 -J -R $ready_file -p $port & -server_pid=$! -create_port -./examples/client/client -v 4 -J -p $port -RESULT=$? -remove_ready_file -if [ $RESULT -ne 0 ]; then - echo -e "\n\nTLS v1.3 HelloRetryRequest with cookie not working" - do_cleanup - exit 1 -fi -echo "" - -# Use HelloRetryRequest with TLS v1.3 server / TLS v1.3 client - SHA384. -echo -e "\n\nTLS v1.3 HelloRetryRequest - SHA384" -port=0 -./examples/server/server -v 4 -l TLS13-AES256-GCM-SHA384 -R $ready_file -p $port & -server_pid=$! -create_port -./examples/client/client -v 4 -J -p $port -RESULT=$? -remove_ready_file -if [ $RESULT -ne 0 ]; then - echo -e "\n\nTLS v1.3 HelloRetryRequest with SHA384 not working" - do_cleanup - exit 1 -fi -echo "" - -# Resumption TLS v1.3 server / TLS v1.3 client. -echo -e "\n\nTLS v1.3 resumption" -port=0 -./examples/server/server -v 4 -r -R $ready_file -p $port & -server_pid=$! -create_port -./examples/client/client -v 4 -r -p $port -RESULT=$? -remove_ready_file -if [ $RESULT -ne 0 ]; then - echo -e "\n\nTLS v1.3 resumption not working" - do_cleanup - exit 1 -fi -echo "" - -# Resumption TLS v1.3 server / TLS v1.3 client - SHA384 -echo -e "\n\nTLS v1.3 resumption - SHA384" -port=0 -./examples/server/server -v 4 -l TLS13-AES256-GCM-SHA384 -r -R $ready_file -p $port & -server_pid=$! -create_port -./examples/client/client -v 4 -l TLS13-AES256-GCM-SHA384 -r -p $port -RESULT=$? -remove_ready_file -if [ $RESULT -ne 0 ]; then - echo -e "\n\nTLS v1.3 resumption with SHA384 not working" - do_cleanup - exit 1 -fi -echo "" - -./examples/client/client -v 4 -e 2>&1 | grep -- '-ECC' -if [ $? -eq 0 ]; then - # Usual TLS v1.3 server / TLS v1.3 client and ECC certificates. - echo -e "\n\nTLS v1.3 server with TLS v1.3 client - ECC certificates" - port=0 - ./examples/server/server -v 4 -A certs/client-ecc-cert.pem -c certs/server-ecc.pem -k certs/ecc-key.pem -R $ready_file -p $port & - server_pid=$! - create_port - ./examples/client/client -v 4 -A certs/ca-ecc-cert.pem -c certs/client-ecc-cert.pem -k certs/ecc-client-key.pem -p $port - RESULT=$? - remove_ready_file - if [ $RESULT -ne 0 ]; then - echo -e "\n\nTLS v1.3 ECC certificates not working" - do_cleanup - exit 1 - fi - echo "" -fi - -# Usual TLS v1.3 server / TLS v1.3 client and no client certificate. -echo -e "\n\nTLS v1.3 server with TLS v1.3 client - no client cretificate" -port=0 -./examples/server/server -v 4 -R $ready_file -p $port & -server_pid=$! -create_port -./examples/client/client -v 4 -x -p $port -RESULT=$? -remove_ready_file -if [ $RESULT -ne 0 ]; then - echo -e "\n\nTLS v1.3 and no client certificate not working" - do_cleanup - exit 1 -fi -echo "" - -# Usual TLS v1.3 server / TLS v1.3 client and DH Key. -echo -e "\n\nTLS v1.3 server with TLS v1.3 client - DH Key Exchange" -port=0 -./examples/server/server -v 4 -R $ready_file -p $port & -server_pid=$! -create_port -./examples/client/client -v 4 -y -p $port -RESULT=$? -remove_ready_file -if [ $RESULT -ne 0 ]; then - echo -e "\n\nTLS v1.3 DH Key Exchange not working" - do_cleanup - exit 1 -fi -echo "" - -# Usual TLS v1.3 server / TLS v1.3 client and ECC Key. -echo -e "\n\nTLS v1.3 server with TLS v1.3 client - ECC Key Exchange" -port=0 -./examples/server/server -v 4 -R $ready_file -p $port & -server_pid=$! -create_port -./examples/client/client -v 4 -Y -p $port -RESULT=$? -remove_ready_file -if [ $RESULT -ne 0 ]; then - echo -e "\n\nTLS v1.3 ECDH Key Exchange not working" - do_cleanup - exit 1 -fi -echo "" - -# TLS 1.3 cipher suites server / client. -echo -e "\n\nOnly TLS v1.3 cipher suites" -port=0 -./examples/server/server -v 4 -R $ready_file -p $port -l TLS13-AES128-GCM-SHA256:TLS13-AES256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES128-CCM-SHA256:TLS13-AES128-CCM-8-SHA256 & -server_pid=$! -create_port -./examples/client/client -v 4 -p $port -RESULT=$? -remove_ready_file -if [ $RESULT -ne 0 ]; then - echo -e "\n\nIssue with TLS v1.3 cipher suites - only TLS v1.3" - do_cleanup - exit 1 -fi -echo "" - -# TLS 1.3 cipher suites server / client. -echo -e "\n\nOnly TLS v1.3 cipher suite - AES128-GCM SHA-256" -port=0 -./examples/server/server -v 4 -R $ready_file -p $port -l TLS13-AES128-GCM-SHA256 & -server_pid=$! -create_port -./examples/client/client -v 4 -p $port -RESULT=$? -remove_ready_file -if [ $RESULT -ne 0 ]; then - echo -e "\n\nIssue with TLS v1.3 cipher suites - AES128-GCM SHA-256" - do_cleanup - exit 1 -fi -echo "" - -# TLS 1.3 cipher suites server / client. -echo -e "\n\nOnly TLS v1.3 cipher suite - AES256-GCM SHA-384" -port=0 -./examples/server/server -v 4 -R $ready_file -p $port -l TLS13-AES256-GCM-SHA384 & -server_pid=$! -create_port -./examples/client/client -v 4 -p $port -RESULT=$? -remove_ready_file -if [ $RESULT -ne 0 ]; then - echo -e "\n\nIssue with TLS v1.3 cipher suites - AES256-GCM SHA-384" - do_cleanup - exit 1 -fi -echo "" - -# TLS 1.3 cipher suites server / client. -echo -e "\n\nOnly TLS v1.3 cipher suite - CHACHA20-POLY1305 SHA-256" -port=0 -./examples/server/server -v 4 -R $ready_file -p $port -l TLS13-CHACHA20-POLY1305-SHA256 & -server_pid=$! -create_port -./examples/client/client -v 4 -p $port -RESULT=$? -remove_ready_file -if [ $RESULT -ne 0 ]; then - echo -e "\n\nIssue with TLS v1.3 cipher suites - CHACHA20-POLY1305 SHA-256" - do_cleanup - exit 1 -fi -echo "" - -./examples/client/client -v 4 -e 2>&1 | grep -- '-CCM' -if [ $? -eq 0 ]; then - # TLS 1.3 cipher suites server / client. - echo -e "\n\nOnly TLS v1.3 cipher suite - AES128-CCM SHA-256" - port=0 - ./examples/server/server -v 4 -R $ready_file -p $port -l TLS13-AES128-CCM-SHA256 & - server_pid=$! - create_port - ./examples/client/client -v 4 -p $port - RESULT=$? - remove_ready_file - if [ $RESULT -ne 0 ]; then - echo -e "\n\nIssue with TLS v1.3 cipher suites - AES128-CCM SHA-256" - do_cleanup - exit 1 - fi - echo "" - - # TLS 1.3 cipher suites server / client. - echo -e "\n\nOnly TLS v1.3 cipher suite - AES128-CCM-8 SHA-256" - port=0 - ./examples/server/server -v 4 -R $ready_file -p $port -l TLS13-AES128-CCM-8-SHA256 & - server_pid=$! - create_port - ./examples/client/client -v 4 -p $port - RESULT=$? - remove_ready_file - if [ $RESULT -ne 0 ]; then - echo -e "\n\nIssue with TLS v1.3 cipher suites - AES128-CCM-8 SHA-256" - do_cleanup - exit 1 - fi - echo "" -fi - # TLS 1.3 cipher suites server / client. echo -e "\n\nTLS v1.3 cipher suite mismatch" port=0 @@ -353,189 +96,82 @@ create_port ./examples/client/client -v 4 -p $port -l TLS13-AES256-GCM-SHA384 RESULT=$? remove_ready_file -if [ $RESULT -ne 1 ]; then +if [ $RESULT -eq 0 ]; then echo -e "\n\nIssue with mismatched TLS v1.3 cipher suites" do_cleanup exit 1 fi echo "" -# TLS 1.3 server / TLS 1.2 client. -echo -e "\n\nTLS v1.3 server downgrading to TLS v1.2" -port=0 -./examples/server/server -v 4 -R $ready_file -p $port & -server_pid=$! -create_port -./examples/client/client -v 3 -p $port -RESULT=$? -remove_ready_file -if [ $RESULT -eq 0 ]; then - echo -e "\n\nIssue with TLS v1.3 server downgrading to TLS v1.2" - do_cleanup - exit 1 -fi -echo "" -# TLS Downgrade server / TLS 1.2 client. -echo -e "\n\nTLS server downgrading to TLS v1.2" -port=0 -./examples/server/server -v d -R $ready_file -p $port & -server_pid=$! -create_port -./examples/client/client -v 3 -p $port -RESULT=$? -remove_ready_file -if [ $RESULT -ne 0 ]; then - echo -e "\n\nIssue with TLS server downgrading to TLS v1.2" - do_cleanup - exit 1 -fi -echo "" +./examples/client/client -v 3 2>&1 | grep -- 'Bad SSL version' +if [ $? -ne 0 ]; then + # TLS 1.3 server / TLS 1.2 client. + echo -e "\n\nTLS v1.3 server downgrading to TLS v1.2" + port=0 + ./examples/server/server -v 4 -R $ready_file -p $port & + server_pid=$! + create_port + ./examples/client/client -v 3 -p $port + RESULT=$? + remove_ready_file + if [ $RESULT -eq 0 ]; then + echo -e "\n\nIssue with TLS v1.3 server downgrading to TLS v1.2" + do_cleanup + exit 1 + fi + echo "" -# TLS 1.2 server / TLS 1.3 client. -echo -e "\n\nTLS v1.3 client upgrading server to TLS v1.3" -port=0 -./examples/server/server -v 3 -R $ready_file -p $port & -server_pid=$! -create_port -./examples/client/client -v 4 -p $port -RESULT=$? -remove_ready_file -if [ $RESULT -eq 0 ]; then - echo -e "\n\nIssue with TLS v1.3 client upgrading server to TLS v1.3" - do_cleanup - exit 1 -fi -echo "" + # TLS 1.2 server / TLS 1.3 client. + echo -e "\n\nTLS v1.3 client upgrading server to TLS v1.3" + port=0 + ./examples/server/server -v 3 -R $ready_file -p $port & + server_pid=$! + create_port + ./examples/client/client -v 4 -p $port + RESULT=$? + remove_ready_file + if [ $RESULT -eq 0 ]; then + echo -e "\n\nIssue with TLS v1.3 client upgrading server to TLS v1.3" + do_cleanup + exit 1 + fi + echo "" -# TLS 1.2 server / TLS downgrade client. -echo -e "\n\nTLS client downgrading to TLS v1.2" -port=0 -./examples/server/server -v 3 -R $ready_file -p $port & -server_pid=$! -create_port -./examples/client/client -v d -p $port -RESULT=$? -remove_ready_file -if [ $RESULT -ne 0 ]; then - echo -e "\n\nIssue with TLS client downgrading to TLS v1.2" - do_cleanup - exit 1 + echo "Find usable TLS 1.2 cipher suite" + for CS in ECDHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES128-GCM-SHA256 + do + echo $CS + ./examples/client/client -e | grep $CS >/dev/null + if [ "$?" = "0" ]; then + TLS12_CS=$CS + break + fi + done + if [ "$TLS12_CS" != "" ]; then + # TLS 1.3 downgrade server and client - no common TLS 1.3 ciphers + echo -e "\n\nTLS v1.3 downgrade server and client - no common TLS 1.3 ciphers" + port=0 + SERVER_CS="TLS13-AES256-GCM-SHA384:$TLS12_CS" + CLIENT_CS="TLS13-AES128-GCM-SHA256:$TLS12_CS" + ./examples/server/server -v d -l $SERVER_CS -R $ready_file -p $port & + server_pid=$! + create_port + ./examples/client/client -v d -l $CLIENT_CS -p $port + RESULT=$? + remove_ready_file + if [ $RESULT -eq 0 ]; then + echo -e "\n\nTLS v1.3 downgrading to TLS v1.2 due to ciphers" + do_cleanup + exit 1 + fi + echo "" + else + echo "No usable TLS 1.2 cipher suite found" + fi fi -echo "" -# TLS Downgrade server / TLS Downgrade client. -echo -e "\n\nTLS server and client able to downgrade but don't" -port=0 -./examples/server/server -v d -R $ready_file -p $port & -server_pid=$! -create_port -./examples/client/client -v d -p $port -RESULT=$? -remove_ready_file -if [ $RESULT -ne 0 ]; then - echo -e "\n\nIssue with TLS not downgrading" - do_cleanup - exit 1 -fi -echo "" - -# TLS Downgrade server / TLS Downgrade client resumption. -echo -e "\n\nTLS server and client able to downgrade but don't and resume" -port=0 -./examples/server/server -v d -r -R $ready_file -p $port & -server_pid=$! -create_port -./examples/client/client -v d -r -p $port -RESULT=$? -remove_ready_file -if [ $RESULT -ne 0 ]; then - echo -e "\n\nIssue with TLS not downgrading and resumption" - do_cleanup - exit 1 -fi -echo "" - -# TLS Downgrade server / TLS 1.2 client and resume. -echo -e "\n\nTLS server downgrade and resume" -port=0 -./examples/server/server -v d -r -R $ready_file -p $port & -server_pid=$! -create_port -./examples/client/client -v 3 -r -p $port -RESULT=$? -remove_ready_file -if [ $RESULT -ne 0 ]; then - echo -e "\n\nIssue with TLS server downgrading and resumption" - do_cleanup - exit 1 -fi -echo "" - -# TLS 1.2 server / TLS downgrade client and resume. -echo -e "\n\nTLS client downgrade and resume" -port=0 -./examples/server/server -v 3 -r -R $ready_file -p $port & -server_pid=$! -create_port -./examples/client/client -v d -r -p $port -RESULT=$? -remove_ready_file -if [ $RESULT -ne 0 ]; then - echo -e "\n\nIssue with TLS client downgrading and resumption" - do_cleanup - exit 1 -fi -echo "" - -# TLS Downgrade server / TLS Downgrade client. -# TLS 1.3 server / TLS 1.3 client send KeyUpdate before sending app data. -echo -e "\n\nTLS v1.3 KeyUpdate" -port=0 -./examples/server/server -v 4 -U -R $ready_file -p $port & -server_pid=$! -create_port -./examples/client/client -v 4 -I -p $port -RESULT=$? -remove_ready_file -if [ $RESULT -ne 0 ]; then - echo -e "\n\nIssue with TLS v1.3 KeyUpdate" - do_cleanup - exit 1 -fi -echo "" - -# TLS 1.3 server / TLS 1.3 client - don't use (EC)DHE with PSK. -echo -e "\n\nTLS v1.3 PSK without (EC)DHE" -port=0 -./examples/server/server -v 4 -r -R $ready_file -p $port & -server_pid=$! -create_port -./examples/client/client -v 4 -r -K -p $port -RESULT=$? -remove_ready_file -if [ $RESULT -ne 0 ]; then - echo -e "\n\nIssue with TLS v1.3 PSK without (EC)DHE" - do_cleanup - exit 1 -fi -echo "" - -# TLS 1.3 server / TLS 1.3 client and Post-Handshake Authentication. -echo -e "\n\nTLS v1.3 Post-Handshake Authentication" -port=0 -./examples/server/server -v 4 -Q -R $ready_file -p $port & -server_pid=$! -create_port -./examples/client/client -v 4 -Q -p $port -RESULT=$? -remove_ready_file -if [ $RESULT -ne 0 ]; then - echo -e "\n\nIssue with TLS v1.3 Post-Handshake Auth" - do_cleanup - exit 1 -fi -echo "" +do_cleanup echo -e "\nALL Tests Passed" diff --git a/src/crl.c b/src/crl.c index 790c2f962..fd0ce6f65 100644 --- a/src/crl.c +++ b/src/crl.c @@ -49,8 +49,10 @@ int InitCRL(WOLFSSL_CRL* crl, WOLFSSL_CERT_MANAGER* cm) { WOLFSSL_ENTER("InitCRL"); - - crl->heap = cm->heap; + if(cm != NULL) + crl->heap = cm->heap; + else + crl->heap = NULL; crl->cm = cm; crl->crlList = NULL; crl->monitors[0].path = NULL; @@ -153,7 +155,6 @@ void FreeCRL(WOLFSSL_CRL* crl, int dynamic) CRL_Entry* tmp = crl->crlList; WOLFSSL_ENTER("FreeCRL"); - if (crl->monitors[0].path) XFREE(crl->monitors[0].path, crl->heap, DYNAMIC_TYPE_CRL_MONITOR); @@ -373,12 +374,14 @@ int CheckCertCRL(WOLFSSL_CRL* crl, DecodedCert* cert) WOLFSSL_MSG("Issuing missing CRL callback"); url[0] = '\0'; - if (cert->extCrlInfoSz < (int)sizeof(url) -1 ) { - XMEMCPY(url, cert->extCrlInfo, cert->extCrlInfoSz); - url[cert->extCrlInfoSz] = '\0'; - } - else { - WOLFSSL_MSG("CRL url too long"); + if (cert->extCrlInfo) { + if (cert->extCrlInfoSz < (int)sizeof(url) -1 ) { + XMEMCPY(url, cert->extCrlInfo, cert->extCrlInfoSz); + url[cert->extCrlInfoSz] = '\0'; + } + else { + WOLFSSL_MSG("CRL url too long"); + } } crl->cm->cbMissingCRL(url); @@ -489,6 +492,34 @@ int BufferLoadCRL(WOLFSSL_CRL* crl, const byte* buff, long sz, int type, return ret ? ret : WOLFSSL_SUCCESS; /* convert 0 to WOLFSSL_SUCCESS */ } +#if defined(OPENSSL_EXTRA) && defined(HAVE_CRL) +int wolfSSL_X509_STORE_add_crl(WOLFSSL_X509_STORE *store, WOLFSSL_X509_CRL *newcrl) +{ + CRL_Entry *crle; + WOLFSSL_CRL *crl; + + WOLFSSL_ENTER("wolfSSL_X509_STORE_add_crl"); + if (store == NULL || newcrl == NULL) + return BAD_FUNC_ARG; + + crl = store->crl; + crle = newcrl->crlList; + + if (wc_LockMutex(&crl->crlLock) != 0) + { + WOLFSSL_MSG("wc_LockMutex failed"); + return BAD_MUTEX_E; + } + crle->next = crl->crlList; + crl->crlList = crle; + newcrl->crlList = NULL; + wc_UnLockMutex(&crl->crlLock); + + WOLFSSL_LEAVE("wolfSSL_X509_STORE_add_crl", WOLFSSL_SUCCESS); + + return WOLFSSL_SUCCESS; +} +#endif #ifdef HAVE_CRL_MONITOR diff --git a/src/internal.c b/src/internal.c index 42508d492..f30838a10 100644 --- a/src/internal.c +++ b/src/internal.c @@ -85,6 +85,8 @@ WOLFSSL_CALLBACKS needs LARGE_STATIC_BUFFERS, please add LARGE_STATIC_BUFFERS #error Cannot use both secure-renegotiation and renegotiation-indication #endif +#ifndef WOLFSSL_NO_TLS12 + #ifndef NO_WOLFSSL_CLIENT static int DoHelloVerifyRequest(WOLFSSL* ssl, const byte* input, word32*, word32); @@ -103,7 +105,8 @@ WOLFSSL_CALLBACKS needs LARGE_STATIC_BUFFERS, please add LARGE_STATIC_BUFFERS #ifndef NO_WOLFSSL_SERVER static int DoClientKeyExchange(WOLFSSL* ssl, byte* input, word32*, word32); - #if !defined(NO_RSA) || defined(HAVE_ECC) + #if (!defined(NO_RSA) || defined(HAVE_ECC) || defined(HAVE_ED25519)) && \ + !defined(WOLFSSL_NO_CLIENT_AUTH) static int DoCertificateVerify(WOLFSSL* ssl, byte*, word32*, word32); #endif #ifdef WOLFSSL_DTLS @@ -111,6 +114,7 @@ WOLFSSL_CALLBACKS needs LARGE_STATIC_BUFFERS, please add LARGE_STATIC_BUFFERS #endif /* WOLFSSL_DTLS */ #endif +#endif /* !WOLFSSL_NO_TLS12 */ #ifdef WOLFSSL_DTLS static INLINE int DtlsCheckWindow(WOLFSSL* ssl); @@ -131,6 +135,8 @@ enum processReply { }; +#ifndef WOLFSSL_NO_TLS12 + /* Server random bytes for TLS v1.3 described downgrade protection mechanism. */ static const byte tls13Downgrade[7] = { 0x44, 0x4f, 0x47, 0x4e, 0x47, 0x52, 0x44 @@ -140,10 +146,12 @@ static const byte tls13Downgrade[7] = { #ifndef NO_OLD_TLS static int SSL_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, - int content, int verify); + int padSz, int content, int verify); #endif +#endif /* !WOLFSSL_NO_TLS12 */ + #ifdef HAVE_QSH int QSH_Init(WOLFSSL* ssl); #endif @@ -175,7 +183,6 @@ int IsAtLeastTLSv1_3(const ProtocolVersion pv) return (pv.major == SSLv3_MAJOR && pv.minor >= TLSv1_3_MINOR); } - static INLINE int IsEncryptionOn(WOLFSSL* ssl, int isSend) { (void)isSend; @@ -1831,69 +1838,6 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, if (suites->setSuites) return; /* trust user settings, don't override */ -#ifndef NO_WOLFSSL_SERVER - if (side == WOLFSSL_SERVER_END && haveStaticECC) { - haveRSA = 0; /* can't do RSA with ECDSA key */ - } - - if (side == WOLFSSL_SERVER_END && haveECDSAsig) { - haveRSAsig = 0; /* can't have RSA sig if signed by ECDSA */ - } -#endif /* !NO_WOLFSSL_SERVER */ - -#ifdef WOLFSSL_DTLS - if (pv.major == DTLS_MAJOR) { - dtls = 1; - tls = 1; - /* May be dead assignments dependant upon configuration */ - (void) dtls; - (void) tls; - tls1_2 = pv.minor <= DTLSv1_2_MINOR; - } -#endif - -#ifdef HAVE_RENEGOTIATION_INDICATION - if (side == WOLFSSL_CLIENT_END) { - suites->suites[idx++] = 0; - suites->suites[idx++] = TLS_EMPTY_RENEGOTIATION_INFO_SCSV; - } -#endif - -#ifdef BUILD_TLS_QSH - if (tls) { - suites->suites[idx++] = QSH_BYTE; - suites->suites[idx++] = TLS_QSH; - } -#endif - -#ifdef BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA - if (tls && haveNTRU && haveRSA) { - suites->suites[idx++] = 0; - suites->suites[idx++] = TLS_NTRU_RSA_WITH_AES_256_CBC_SHA; - } -#endif - -#ifdef BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA - if (tls && haveNTRU && haveRSA) { - suites->suites[idx++] = 0; - suites->suites[idx++] = TLS_NTRU_RSA_WITH_AES_128_CBC_SHA; - } -#endif - -#ifdef BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA - if (!dtls && tls && haveNTRU && haveRSA) { - suites->suites[idx++] = 0; - suites->suites[idx++] = TLS_NTRU_RSA_WITH_RC4_128_SHA; - } -#endif - -#ifdef BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA - if (tls && haveNTRU && haveRSA) { - suites->suites[idx++] = 0; - suites->suites[idx++] = TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA; - } -#endif - #ifdef WOLFSSL_TLS13 #ifdef BUILD_TLS_AES_128_GCM_SHA256 if (tls1_3) { @@ -1931,6 +1875,71 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, #endif #endif /* WOLFSSL_TLS13 */ +#ifndef WOLFSSL_NO_TLS12 + +#ifndef NO_WOLFSSL_SERVER + if (side == WOLFSSL_SERVER_END && haveStaticECC) { + haveRSA = 0; /* can't do RSA with ECDSA key */ + } + + if (side == WOLFSSL_SERVER_END && haveECDSAsig) { + haveRSAsig = 0; /* can't have RSA sig if signed by ECDSA */ + } +#endif /* !NO_WOLFSSL_SERVER */ + +#ifdef WOLFSSL_DTLS + if (pv.major == DTLS_MAJOR) { + dtls = 1; + tls = 1; + /* May be dead assignments dependant upon configuration */ + (void) dtls; + (void) tls; + tls1_2 = pv.minor <= DTLSv1_2_MINOR; + } +#endif + +#ifdef HAVE_RENEGOTIATION_INDICATION + if (side == WOLFSSL_CLIENT_END) { + suites->suites[idx++] = CIPHER_BYTE; + suites->suites[idx++] = TLS_EMPTY_RENEGOTIATION_INFO_SCSV; + } +#endif + +#ifdef BUILD_TLS_QSH + if (tls) { + suites->suites[idx++] = QSH_BYTE; + suites->suites[idx++] = TLS_QSH; + } +#endif + +#ifdef BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA + if (tls && haveNTRU && haveRSA) { + suites->suites[idx++] = CIPHER_BYTE; + suites->suites[idx++] = TLS_NTRU_RSA_WITH_AES_256_CBC_SHA; + } +#endif + +#ifdef BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA + if (tls && haveNTRU && haveRSA) { + suites->suites[idx++] = CIPHER_BYTE; + suites->suites[idx++] = TLS_NTRU_RSA_WITH_AES_128_CBC_SHA; + } +#endif + +#ifdef BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA + if (!dtls && tls && haveNTRU && haveRSA) { + suites->suites[idx++] = CIPHER_BYTE; + suites->suites[idx++] = TLS_NTRU_RSA_WITH_RC4_128_SHA; + } +#endif + +#ifdef BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA + if (tls && haveNTRU && haveRSA) { + suites->suites[idx++] = CIPHER_BYTE; + suites->suites[idx++] = TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA; + } +#endif + #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 if (tls1_2 && haveECC) { suites->suites[idx++] = ECC_BYTE; @@ -1961,28 +1970,28 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 if (tls1_2 && haveDH && haveRSA) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_256_GCM_SHA384; } #endif #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 if (tls1_2 && haveDH && haveRSA) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_128_GCM_SHA256; } #endif #ifdef BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384 if (tls1_2 && haveRSA) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_RSA_WITH_AES_256_GCM_SHA384; } #endif #ifdef BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256 if (tls1_2 && haveRSA) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_RSA_WITH_AES_128_GCM_SHA256; } #endif @@ -2017,35 +2026,42 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, #ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 if (tls1_2 && haveDH && havePSK) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_DHE_PSK_WITH_AES_256_GCM_SHA384; } #endif +#ifdef BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA + if (tls1_2 && haveDH) { + suites->suites[idx++] = CIPHER_BYTE; + suites->suites[idx++] = TLS_DH_anon_WITH_AES_128_CBC_SHA; + } +#endif + #ifdef BUILD_TLS_DH_anon_WITH_AES_256_GCM_SHA384 if (tls1_2 && haveDH) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_DH_anon_WITH_AES_256_GCM_SHA384; } #endif #ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 if (tls1_2 && haveDH && havePSK) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_DHE_PSK_WITH_AES_128_GCM_SHA256; } #endif #ifdef BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384 if (tls1_2 && havePSK) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_PSK_WITH_AES_256_GCM_SHA384; } #endif #ifdef BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256 if (tls1_2 && havePSK) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_PSK_WITH_AES_128_GCM_SHA256; } #endif @@ -2075,7 +2091,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, #if defined(WOLFSSL_MYSQL_COMPATIBLE) #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA if (tls && haveDH && haveRSA) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_256_CBC_SHA; } #endif @@ -2286,14 +2302,14 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 if (tls && haveDH && haveRSA) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_256_CBC_SHA256; } #endif #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 if (tls && haveDH && haveRSA) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_128_CBC_SHA256; } #endif @@ -2302,7 +2318,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, #if !defined(WOLFSSL_MYSQL_COMPATIBLE) #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA if (tls && haveDH && haveRSA) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_256_CBC_SHA; } #endif @@ -2310,42 +2326,42 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA if (tls && haveDH && haveRSA) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_128_CBC_SHA; } #endif #ifdef BUILD_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA if (tls && haveDH && haveRSA) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA; } #endif #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256 if (tls && haveRSA) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_RSA_WITH_AES_256_CBC_SHA256; } #endif #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256 if (tls && haveRSA) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_RSA_WITH_AES_128_CBC_SHA256; } #endif #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA if (tls && haveRSA) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_RSA_WITH_AES_256_CBC_SHA; } #endif #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA if (tls && haveRSA) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_RSA_WITH_AES_128_CBC_SHA; } #endif @@ -2381,56 +2397,56 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, #ifdef BUILD_TLS_RSA_WITH_NULL_SHA if (tls && haveRSA) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_RSA_WITH_NULL_SHA; } #endif #ifdef BUILD_TLS_RSA_WITH_NULL_SHA256 if (tls && haveRSA) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_RSA_WITH_NULL_SHA256; } #endif #ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA if (tls && havePSK) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_PSK_WITH_AES_256_CBC_SHA; } #endif #ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 if (tls && haveDH && havePSK) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_DHE_PSK_WITH_AES_256_CBC_SHA384; } #endif #ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384 if (tls && havePSK) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_PSK_WITH_AES_256_CBC_SHA384; } #endif #ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 if (tls && haveDH && havePSK) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_DHE_PSK_WITH_AES_128_CBC_SHA256; } #endif #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256 if (tls && havePSK) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_PSK_WITH_AES_128_CBC_SHA256; } #endif #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA if (tls && havePSK) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_PSK_WITH_AES_128_CBC_SHA; } #endif @@ -2507,14 +2523,14 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, #ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA384 if (tls && haveDH && havePSK) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_DHE_PSK_WITH_NULL_SHA384; } #endif #ifdef BUILD_TLS_PSK_WITH_NULL_SHA384 if (tls && havePSK) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_PSK_WITH_NULL_SHA384; } #endif @@ -2528,151 +2544,153 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, #ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA256 if (tls && haveDH && havePSK) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_DHE_PSK_WITH_NULL_SHA256; } #endif #ifdef BUILD_TLS_PSK_WITH_NULL_SHA256 if (tls && havePSK) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_PSK_WITH_NULL_SHA256; } #endif #ifdef BUILD_TLS_PSK_WITH_NULL_SHA if (tls && havePSK) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_PSK_WITH_NULL_SHA; } #endif #ifdef BUILD_SSL_RSA_WITH_RC4_128_SHA if (!dtls && haveRSA) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = SSL_RSA_WITH_RC4_128_SHA; } #endif #ifdef BUILD_SSL_RSA_WITH_RC4_128_MD5 if (!dtls && haveRSA) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = SSL_RSA_WITH_RC4_128_MD5; } #endif #ifdef BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA if (haveRSA ) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = SSL_RSA_WITH_3DES_EDE_CBC_SHA; } #endif #ifdef BUILD_TLS_RSA_WITH_HC_128_MD5 if (!dtls && tls && haveRSA) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_RSA_WITH_HC_128_MD5; } #endif #ifdef BUILD_TLS_RSA_WITH_HC_128_SHA if (!dtls && tls && haveRSA) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_RSA_WITH_HC_128_SHA; } #endif #ifdef BUILD_TLS_RSA_WITH_HC_128_B2B256 if (!dtls && tls && haveRSA) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_RSA_WITH_HC_128_B2B256; } #endif #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256 if (tls && haveRSA) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_RSA_WITH_AES_128_CBC_B2B256; } #endif #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256 if (tls && haveRSA) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_RSA_WITH_AES_256_CBC_B2B256; } #endif #ifdef BUILD_TLS_RSA_WITH_RABBIT_SHA if (!dtls && tls && haveRSA) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_RSA_WITH_RABBIT_SHA; } #endif #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA if (tls && haveRSA) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_RSA_WITH_CAMELLIA_128_CBC_SHA; } #endif #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA if (tls && haveDH && haveRSA) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA; } #endif #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA if (tls && haveRSA) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_RSA_WITH_CAMELLIA_256_CBC_SHA; } #endif #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA if (tls && haveDH && haveRSA) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA; } #endif #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 if (tls && haveRSA) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256; } #endif #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 if (tls && haveDH && haveRSA) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256; } #endif #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 if (tls && haveRSA) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256; } #endif #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 if (tls && haveDH && haveRSA) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256; } #endif #ifdef BUILD_SSL_RSA_WITH_IDEA_CBC_SHA if (haveRSA) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = SSL_RSA_WITH_IDEA_CBC_SHA; } #endif +#endif /* !WOLFSSL_NO_TLS12 */ + suites->suiteSz = idx; InitSuitesHashSigAlgo(suites, haveECDSAsig, haveRSAsig, 0, tls1_2, keySz); @@ -2685,7 +2703,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, * * input The encoded signature algorithm. * hashalgo The hash algorithm. - * hsType The signature type. + * hsType The signature type. */ static INLINE void DecodeSigAlg(const byte* input, byte* hashAlgo, byte* hsType) { @@ -2716,8 +2734,10 @@ static INLINE void DecodeSigAlg(const byte* input, byte* hashAlgo, byte* hsType) } #endif /* !NO_WOLFSSL_SERVER || !NO_CERTS */ +#ifndef WOLFSSL_NO_TLS12 + #if !defined(NO_DH) || defined(HAVE_ECC) || \ - (!defined(NO_RSA) && defined(WC_RSA_PSS)) + (!defined(NO_RSA) && defined(WC_RSA_PSS)) static enum wc_HashType HashAlgoToType(int hashAlgo) { @@ -2749,6 +2769,8 @@ static enum wc_HashType HashAlgoToType(int hashAlgo) #endif /* !NO_DH || HAVE_ECC || (!NO_RSA && WC_RSA_PSS) */ +#endif + #ifndef NO_CERTS @@ -2881,38 +2903,41 @@ static INLINE void EncodeSigAlg(byte hashAlgo, byte hsType, byte* output) (void)output; } +#if !defined(WOLFSSL_NO_TLS12) && !defined(WOLFSSL_NO_CLIENT_AUTH) static void SetDigest(WOLFSSL* ssl, int hashAlgo) { switch (hashAlgo) { - #ifndef NO_SHA + #ifndef NO_SHA case sha_mac: ssl->buffers.digest.buffer = ssl->hsHashes->certHashes.sha; ssl->buffers.digest.length = WC_SHA_DIGEST_SIZE; break; - #endif /* !NO_SHA */ - #ifndef NO_SHA256 + #endif /* !NO_SHA */ + #ifndef NO_SHA256 case sha256_mac: ssl->buffers.digest.buffer = ssl->hsHashes->certHashes.sha256; ssl->buffers.digest.length = WC_SHA256_DIGEST_SIZE; break; - #endif /* !NO_SHA256 */ - #ifdef WOLFSSL_SHA384 + #endif /* !NO_SHA256 */ + #ifdef WOLFSSL_SHA384 case sha384_mac: ssl->buffers.digest.buffer = ssl->hsHashes->certHashes.sha384; ssl->buffers.digest.length = WC_SHA384_DIGEST_SIZE; break; - #endif /* WOLFSSL_SHA384 */ - #ifdef WOLFSSL_SHA512 + #endif /* WOLFSSL_SHA384 */ + #ifdef WOLFSSL_SHA512 case sha512_mac: ssl->buffers.digest.buffer = ssl->hsHashes->certHashes.sha512; ssl->buffers.digest.length = WC_SHA512_DIGEST_SIZE; break; - #endif /* WOLFSSL_SHA512 */ + #endif /* WOLFSSL_SHA512 */ } /* switch */ } +#endif /* !WOLFSSL_NO_TLS12 && !WOLFSSL_NO_CLIENT_AUTH */ #endif /* !NO_CERTS */ #ifndef NO_RSA +#ifndef WOLFSSL_NO_TLS12 static int TypeHash(int hashAlgo) { switch (hashAlgo) { @@ -2936,6 +2961,7 @@ static int TypeHash(int hashAlgo) return 0; } +#endif /* !WOLFSSL_NO_TLS12 */ #if defined(WC_RSA_PSS) int ConvertHashPss(int hashAlgo, enum wc_HashType* hashType, int* mgf) @@ -3240,6 +3266,8 @@ int VerifyRsaSign(WOLFSSL* ssl, byte* verifySig, word32 sigSz, return ret; } +#ifndef WOLFSSL_NO_TLS12 + int RsaDec(WOLFSSL* ssl, byte* in, word32 inSz, byte** out, word32* outSz, RsaKey* key, DerBuffer* keyBufInfo, void* ctx) { @@ -3357,6 +3385,8 @@ int RsaEnc(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out, word32* outSz, return ret; } +#endif /* !WOLFSSL_NO_TLS12 */ + #endif /* NO_RSA */ #ifdef HAVE_ECC @@ -3625,6 +3655,43 @@ int EccMakeKey(WOLFSSL* ssl, ecc_key* key, ecc_key* peer) #endif /* HAVE_ECC */ #ifdef HAVE_ED25519 +/* Check whether the key contains a public key. + * If not then pull it out of the leaf certificate. + * + * ssl SSL/TLS object. + * returns MEMORY_E when unable to allocate memory, a parsing error, otherwise + * 0 on success. + */ +int Ed25519CheckPubKey(WOLFSSL* ssl) +{ + ed25519_key* key = (ed25519_key*)ssl->hsKey; + int ret = 0; + + /* Public key required for signing. */ + if (!key->pubKeySet) { + DerBuffer* leaf = ssl->buffers.certificate; + DecodedCert* cert = (DecodedCert*)XMALLOC(sizeof(*cert), + ssl->heap, DYNAMIC_TYPE_DCERT); + if (cert == NULL) + ret = MEMORY_E; + + if (ret == 0) { + InitDecodedCert(cert, leaf->buffer, leaf->length, ssl->heap); + ret = DecodeToKey(cert, 0); + } + if (ret == 0) { + ret = wc_ed25519_import_public(cert->publicKey, cert->pubKeySize, + key); + } + if (cert != NULL) { + FreeDecodedCert(cert); + XFREE(cert, ssl->heap, DYNAMIC_TYPE_DCERT); + } + } + + return ret; +} + /* Sign the data using EdDSA and key using X25519. * * ssl SSL object. @@ -3756,6 +3823,8 @@ int Ed25519Verify(WOLFSSL* ssl, const byte* in, word32 inSz, const byte* msg, } #endif /* HAVE_ED25519 */ +#ifndef WOLFSSL_NO_TLS12 + #ifdef HAVE_CURVE25519 #ifdef HAVE_PK_CALLBACKS /* Gets X25519 key for shared secret callback testing @@ -3956,6 +4025,8 @@ int DhAgree(WOLFSSL* ssl, DhKey* dhKey, #endif /* !NO_DH */ #endif /* !NO_CERTS || !NO_PSK */ +#endif /* !WOLFSSL_NO_TLS12 */ + #ifdef HAVE_PK_CALLBACKS int wolfSSL_CTX_IsPrivatePkSet(WOLFSSL_CTX* ctx) @@ -4131,6 +4202,12 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) ssl->buffers.keyType = ctx->privateKeyType; ssl->buffers.keySz = ctx->privateKeySz; #endif +#if !defined(WOLFSSL_NO_CLIENT_AUTH) && defined(HAVE_ED25519) && \ + !defined(NO_ED25519_CLIENT_AUTH) + ssl->options.cacheMessages = ssl->options.side == WOLFSSL_SERVER_END || + ssl->buffers.keyType == ed25519_sa_algo; +#endif + #ifdef WOLFSSL_ASYNC_CRYPT ssl->devId = ctx->devId; @@ -4280,6 +4357,12 @@ void FreeHandshakeHashes(WOLFSSL* ssl) #ifdef WOLFSSL_SHA512 wc_Sha512Free(&ssl->hsHashes->hashSha512); #endif + #if defined(HAVE_ED25519) && !defined(WOLFSSL_NO_CLIENT_AUTH) + if (ssl->hsHashes->messages != NULL) { + XFREE(ssl->hsHashes->messages, ssl->heap, DYNAMIC_TYPE_HASHES); + ssl->hsHashes->messages = NULL; + } + #endif XFREE(ssl->hsHashes, ssl->heap, DYNAMIC_TYPE_HASHES); ssl->hsHashes = NULL; @@ -4445,7 +4528,7 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) #ifndef NO_OLD_TLS ssl->hmac = SSL_hmac; /* default to SSLv3 */ - #else + #elif !defined(WOLFSSL_NO_TLS12) ssl->hmac = TLS_hmac; #endif @@ -5220,8 +5303,9 @@ void FreeSSL(WOLFSSL* ssl, void* heap) (void)heap; } -#if !defined(NO_OLD_TLS) || defined(HAVE_CHACHA) || defined(HAVE_AESCCM) \ - || defined(HAVE_AESGCM) || defined(WOLFSSL_DTLS) +#if !defined(NO_OLD_TLS) || defined(WOLFSSL_DTLS) || \ + ((defined(HAVE_CHACHA) || defined(HAVE_AESCCM) || defined(HAVE_AESGCM)) \ + && defined(HAVE_AEAD)) static INLINE void GetSEQIncrement(WOLFSSL* ssl, int verify, word32 seq[2]) { if (verify) { @@ -5335,7 +5419,6 @@ static INLINE void WriteSEQ(WOLFSSL* ssl, int verifyOrder, byte* out) } #endif - #ifdef WOLFSSL_DTLS /* functions for managing DTLS datagram reordering */ @@ -5805,6 +5888,8 @@ ProtocolVersion MakeDTLSv1(void) return pv; } +#ifndef WOLFSSL_NO_TLS12 + ProtocolVersion MakeDTLSv1_2(void) { ProtocolVersion pv; @@ -5814,6 +5899,8 @@ ProtocolVersion MakeDTLSv1_2(void) return pv; } +#endif /* !WOLFSSL_NO_TLS12 */ + #endif /* WOLFSSL_DTLS */ @@ -5987,7 +6074,37 @@ ProtocolVersion MakeDTLSv1_2(void) return (word32)XTIME(0); } #endif +#if !defined(WOLFSSL_NO_CLIENT_AUTH) && defined(HAVE_ED25519) && \ + !defined(NO_ED25519_CLIENT_AUTH) +/* Store the message for use with CertificateVerify using Ed25519. + * + * ssl SSL/TLS object. + * data Message to store. + * sz Size of message to store. + * returns MEMORY_E if not able to reallocate, otherwise 0. + */ +static int Ed25519Update(WOLFSSL* ssl, const byte* data, int sz) +{ + int ret = 0; + byte* msgs; + if (ssl->options.cacheMessages) { + msgs = (byte*)XREALLOC(ssl->hsHashes->messages, + ssl->hsHashes->length + sz, + ssl->heap, DYNAMIC_TYPE_HASHES); + if (msgs == NULL) + ret = MEMORY_E; + if (ret == 0) { + ssl->hsHashes->messages = msgs; + XMEMCPY(msgs + ssl->hsHashes->length, data, sz); + ssl->hsHashes->prevLen = ssl->hsHashes->length; + ssl->hsHashes->length += sz; + } + } + + return ret; +} +#endif /* HAVE_ED25519 && !WOLFSSL_NO_CLIENT_AUTH */ #ifndef NO_CERTS int HashOutputRaw(WOLFSSL* ssl, const byte* output, int sz) @@ -6005,30 +6122,36 @@ int HashOutputRaw(WOLFSSL* ssl, const byte* output, int sz) ssl->fuzzerCb(ssl, output, sz, FUZZ_HASH, ssl->fuzzerCtx); #endif #ifndef NO_OLD_TLS -#ifndef NO_SHA - wc_ShaUpdate(&ssl->hsHashes->hashSha, output, sz); -#endif -#ifndef NO_MD5 - wc_Md5Update(&ssl->hsHashes->hashMd5, output, sz); -#endif + #ifndef NO_SHA + wc_ShaUpdate(&ssl->hsHashes->hashSha, output, sz); + #endif + #ifndef NO_MD5 + wc_Md5Update(&ssl->hsHashes->hashMd5, output, sz); + #endif #endif /* NO_OLD_TLS */ if (IsAtLeastTLSv1_2(ssl)) { -#ifndef NO_SHA256 + #ifndef NO_SHA256 ret = wc_Sha256Update(&ssl->hsHashes->hashSha256, output, sz); if (ret != 0) return ret; -#endif -#ifdef WOLFSSL_SHA384 + #endif + #ifdef WOLFSSL_SHA384 ret = wc_Sha384Update(&ssl->hsHashes->hashSha384, output, sz); if (ret != 0) return ret; -#endif -#ifdef WOLFSSL_SHA512 + #endif + #ifdef WOLFSSL_SHA512 ret = wc_Sha512Update(&ssl->hsHashes->hashSha512, output, sz); if (ret != 0) return ret; -#endif + #endif + #if !defined(WOLFSSL_NO_CLIENT_AUTH) && defined(HAVE_ED25519) && \ + !defined(NO_ED25519_CLIENT_AUTH) + ret = Ed25519Update(ssl, output, sz); + if (ret != 0) + return ret; + #endif } return ret; @@ -6056,30 +6179,36 @@ int HashOutput(WOLFSSL* ssl, const byte* output, int sz, int ivSz) } #endif #ifndef NO_OLD_TLS -#ifndef NO_SHA - wc_ShaUpdate(&ssl->hsHashes->hashSha, adj, sz); -#endif -#ifndef NO_MD5 - wc_Md5Update(&ssl->hsHashes->hashMd5, adj, sz); -#endif + #ifndef NO_SHA + wc_ShaUpdate(&ssl->hsHashes->hashSha, adj, sz); + #endif + #ifndef NO_MD5 + wc_Md5Update(&ssl->hsHashes->hashMd5, adj, sz); + #endif #endif if (IsAtLeastTLSv1_2(ssl)) { -#ifndef NO_SHA256 + #ifndef NO_SHA256 ret = wc_Sha256Update(&ssl->hsHashes->hashSha256, adj, sz); if (ret != 0) return ret; -#endif -#ifdef WOLFSSL_SHA384 + #endif + #ifdef WOLFSSL_SHA384 ret = wc_Sha384Update(&ssl->hsHashes->hashSha384, adj, sz); if (ret != 0) return ret; -#endif -#ifdef WOLFSSL_SHA512 + #endif + #ifdef WOLFSSL_SHA512 ret = wc_Sha512Update(&ssl->hsHashes->hashSha512, adj, sz); if (ret != 0) return ret; -#endif + #endif + #if !defined(WOLFSSL_NO_CLIENT_AUTH) && defined(HAVE_ED25519) && \ + !defined(NO_ED25519_CLIENT_AUTH) + ret = Ed25519Update(ssl, adj, sz); + if (ret != 0) + return ret; + #endif } return ret; @@ -6109,30 +6238,36 @@ int HashInput(WOLFSSL* ssl, const byte* input, int sz) } #ifndef NO_OLD_TLS -#ifndef NO_SHA - wc_ShaUpdate(&ssl->hsHashes->hashSha, adj, sz); -#endif -#ifndef NO_MD5 - wc_Md5Update(&ssl->hsHashes->hashMd5, adj, sz); -#endif + #ifndef NO_SHA + wc_ShaUpdate(&ssl->hsHashes->hashSha, adj, sz); + #endif + #ifndef NO_MD5 + wc_Md5Update(&ssl->hsHashes->hashMd5, adj, sz); + #endif #endif if (IsAtLeastTLSv1_2(ssl)) { -#ifndef NO_SHA256 + #ifndef NO_SHA256 ret = wc_Sha256Update(&ssl->hsHashes->hashSha256, adj, sz); if (ret != 0) return ret; -#endif -#ifdef WOLFSSL_SHA384 + #endif + #ifdef WOLFSSL_SHA384 ret = wc_Sha384Update(&ssl->hsHashes->hashSha384, adj, sz); if (ret != 0) return ret; -#endif -#ifdef WOLFSSL_SHA512 + #endif + #ifdef WOLFSSL_SHA512 ret = wc_Sha512Update(&ssl->hsHashes->hashSha512, adj, sz); if (ret != 0) return ret; -#endif + #endif + #if !defined(WOLFSSL_NO_CLIENT_AUTH) && defined(HAVE_ED25519) && \ + !defined(NO_ED25519_CLIENT_AUTH) + ret = Ed25519Update(ssl, adj, sz); + if (ret != 0) + return ret; + #endif } return ret; @@ -6188,6 +6323,7 @@ static void AddRecordHeader(byte* output, word32 length, byte type, WOLFSSL* ssl } +#if !defined(WOLFSSL_NO_TLS12) || defined(HAVE_SESSION_TICKET) /* add handshake header for message */ static void AddHandShakeHeader(byte* output, word32 length, word32 fragOffset, word32 fragLength, @@ -6218,7 +6354,6 @@ static void AddHandShakeHeader(byte* output, word32 length, #endif } - /* add both headers for handshake message */ static void AddHeaders(byte* output, word32 length, byte type, WOLFSSL* ssl) { @@ -6235,8 +6370,10 @@ static void AddHeaders(byte* output, word32 length, byte type, WOLFSSL* ssl) AddRecordHeader(output, length + lengthAdj, handshake, ssl); AddHandShakeHeader(output + outputAdj, length, 0, length, type, ssl); } +#endif /* !WOLFSSL_NO_TLS12 || HAVE_SESSION_TICKET */ +#ifndef WOLFSSL_NO_TLS12 #ifndef NO_CERTS static void AddFragHeaders(byte* output, word32 fragSz, word32 fragOffset, word32 length, byte type, WOLFSSL* ssl) @@ -6256,6 +6393,7 @@ static void AddFragHeaders(byte* output, word32 fragSz, word32 fragOffset, AddHandShakeHeader(output + outputAdj, length, fragOffset, fragSz, type, ssl); } #endif /* NO_CERTS */ +#endif /* !WOLFSSL_NO_TLS12 */ /* return bytes received, -1 on error */ @@ -6311,8 +6449,8 @@ retry: ssl->options.isClosed = 1; return -1; + #ifdef WOLFSSL_DTLS case WOLFSSL_CBIO_ERR_TIMEOUT: - #ifdef WOLFSSL_DTLS if (IsDtlsNotSctpMode(ssl) && !ssl->options.handShakeDone && DtlsMsgPoolTimeout(ssl) == 0 && @@ -6320,8 +6458,8 @@ retry: goto retry; } - #endif return -1; + #endif default: return recvd; @@ -6703,7 +6841,7 @@ static int GetRecordHeader(WOLFSSL* ssl, const byte* input, word32* inOutIdx, return 0; } - +#ifndef WOLFSSL_NO_TLS12 static int GetHandShakeHeader(WOLFSSL* ssl, const byte* input, word32* inOutIdx, byte *type, word32 *size, word32 totalSz) { @@ -6719,7 +6857,7 @@ static int GetHandShakeHeader(WOLFSSL* ssl, const byte* input, word32* inOutIdx, return 0; } - +#endif #ifdef WOLFSSL_DTLS static int GetDtlsHandShakeHeader(WOLFSSL* ssl, const byte* input, @@ -6878,6 +7016,8 @@ static int BuildSHA(WOLFSSL* ssl, Hashes* hashes, const byte* sender) } #endif +#ifndef WOLFSSL_NO_TLS12 + /* Finished doesn't support SHA512, not SHA512 cipher suites yet */ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) { @@ -6936,6 +7076,7 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) return ret; } +#endif /* WOLFSSL_NO_TLS12 */ /* cipher requirements */ enum { @@ -6956,6 +7097,10 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) static int CipherRequires(byte first, byte second, int requirement) { + (void)requirement; + +#ifndef WOLFSSL_NO_TLS12 + if (first == CHACHA_BYTE) { switch (second) { @@ -7243,6 +7388,8 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) } /* switch */ } /* if */ +#endif /* !WOLFSSL_NO_TLS12 */ + /* Distinct TLS v1.3 cipher suites with cipher and digest only. */ if (first == TLS13_BYTE) { @@ -7263,6 +7410,8 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) } } +#ifndef WOLFSSL_NO_TLS12 + if (first != ECC_BYTE && first != CHACHA_BYTE && first != TLS13_BYTE) { /* normal suites */ switch (second) { @@ -7479,6 +7628,8 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) } /* switch */ } /* if ECC / Normal suites else */ +#endif /* !WOLFSSL_NO_TLS12 */ + return 0; } @@ -7699,7 +7850,7 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert) XMEMCPY(x509->serial, dCert->serial, EXTERNAL_SERIAL_SIZE); x509->serialSz = dCert->serialSz; - if (dCert->subjectCNLen < ASN_NAME_MAX) { + if (dCert->subjectCN && dCert->subjectCNLen < ASN_NAME_MAX) { XMEMCPY(x509->subjectCN, dCert->subjectCN, dCert->subjectCNLen); x509->subjectCN[dCert->subjectCNLen] = '\0'; } @@ -8125,7 +8276,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, } c24to32(input + args->idx, &listSz); args->idx += OPAQUE24_LEN; - if (listSz > MAX_RECORD_SIZE) { + if (listSz > MAX_CERTIFICATE_SZ) { ERROR_OUT(BUFFER_ERROR, exit_ppc); } if ((args->idx - args->begin) + listSz != totalSz) { @@ -8982,8 +9133,10 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, } /* store for callback use */ - if (args->dCert->subjectCNLen < ASN_NAME_MAX) { - XMEMCPY(args->domain, args->dCert->subjectCN, args->dCert->subjectCNLen); + if (args->dCert->subjectCN && + args->dCert->subjectCNLen < ASN_NAME_MAX) { + XMEMCPY(args->domain, args->dCert->subjectCN, + args->dCert->subjectCNLen); args->domain[args->dCert->subjectCNLen] = '\0'; } else { @@ -9176,7 +9329,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, } break; } - #endif /* HAVE_ECC */ + #endif /* HAVE_ED25519 */ default: break; } @@ -9392,6 +9545,8 @@ exit_ppc: return ret; } +#ifndef WOLFSSL_NO_TLS12 + /* handle processing of certificate (11) */ static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx, word32 size) @@ -9399,7 +9554,7 @@ static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx, int ret; WOLFSSL_START(WC_FUNC_CERTIFICATE_DO); - WOLFSSL_ENTER("DoCertificateVerify"); + WOLFSSL_ENTER("DoCertificate"); ret = ProcessPeerCerts(ssl, input, inOutIdx, size); @@ -9407,7 +9562,7 @@ static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx, ssl->options.serverState = SERVER_CERT_COMPLETE; #endif - WOLFSSL_LEAVE("DoCertificateVerify", ret); + WOLFSSL_LEAVE("DoCertificate", ret); WOLFSSL_END(WC_FUNC_CERTIFICATE_DO); return ret; @@ -9627,8 +9782,11 @@ static int DoCertificateStatus(WOLFSSL* ssl, byte* input, word32* inOutIdx, return ret; } +#endif /* !WOLFSSL_NO_TLS12 */ + #endif /* !NO_CERTS */ +#ifndef WOLFSSL_NO_TLS12 static int DoHelloRequest(WOLFSSL* ssl, const byte* input, word32* inOutIdx, word32 size, word32 totalSz) @@ -10154,6 +10312,13 @@ static int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx, case server_hello: WOLFSSL_MSG("processing server hello"); ret = DoServerHello(ssl, input, inOutIdx, size); + #if !defined(WOLFSSL_NO_CLIENT_AUTH) && defined(HAVE_ED25519) && \ + !defined(NO_ED25519_CLIENT_AUTH) + if (ssl->options.resuming || !IsAtLeastTLSv1_2(ssl) || + IsAtLeastTLSv1_3(ssl->version)) { + ssl->options.cacheMessages = 0; + } + #endif break; #ifndef NO_CERTS @@ -10215,6 +10380,13 @@ static int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx, case client_hello: WOLFSSL_MSG("processing client hello"); ret = DoClientHello(ssl, input, inOutIdx, size); + #if !defined(WOLFSSL_NO_CLIENT_AUTH) && defined(HAVE_ED25519) && \ + !defined(NO_ED25519_CLIENT_AUTH) + if (ssl->options.resuming || !ssl->options.verifyPeer || \ + !IsAtLeastTLSv1_2(ssl) || IsAtLeastTLSv1_3(ssl->version)) { + ssl->options.cacheMessages = 0; + } + #endif break; case client_key_exchange: @@ -10222,12 +10394,13 @@ static int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx, ret = DoClientKeyExchange(ssl, input, inOutIdx, size); break; -#if !defined(NO_RSA) || defined(HAVE_ECC) +#if (!defined(NO_RSA) || defined(HAVE_ECC) || defined(HAVE_ED25519)) && \ + !defined(WOLFSSL_NO_CLIENT_AUTH) case certificate_verify: WOLFSSL_MSG("processing certificate verify"); ret = DoCertificateVerify(ssl, input, inOutIdx, size); break; -#endif /* !NO_RSA || HAVE_ECC */ +#endif /* (!NO_RSA || HAVE_ECC || HAVE_ED25519) && !WOLFSSL_NO_CLIENT_AUTH */ #endif /* !NO_WOLFSSL_SERVER */ @@ -10360,6 +10533,8 @@ static int DoHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx, return ret; } +#endif /* !WOLFSSL_NO_TLS12 */ + #ifdef WOLFSSL_DTLS static INLINE int DtlsCheckWindow(WOLFSSL* ssl) @@ -10742,6 +10917,7 @@ static int DoDtlsHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx, } #endif +#ifndef WOLFSSL_NO_TLS12 #ifdef HAVE_AEAD static INLINE void AeadIncrementExpIV(WOLFSSL* ssl) @@ -11629,6 +11805,8 @@ static INLINE int Decrypt(WOLFSSL* ssl, byte* plain, const byte* input, return ret; } +#endif /* !WOLFSSL_NO_TLS12 */ + /* Check conditions for a cipher to have an explicit IV. * * ssl The SSL/TLS object. @@ -11683,174 +11861,6 @@ static int SanityCheckCipherText(WOLFSSL* ssl, word32 encryptSz) } -#ifndef NO_OLD_TLS - -static INLINE void Md5Rounds(int rounds, const byte* data, int sz) -{ - wc_Md5 md5; - int i; - - wc_InitMd5(&md5); /* no error check on purpose, dummy round */ - - for (i = 0; i < rounds; i++) - wc_Md5Update(&md5, data, sz); - wc_Md5Free(&md5); /* in case needed to release resources */ -} - - - -/* do a dummy sha round */ -static INLINE void ShaRounds(int rounds, const byte* data, int sz) -{ - wc_Sha sha; - int i; - - wc_InitSha(&sha); /* no error check on purpose, dummy round */ - - for (i = 0; i < rounds; i++) - wc_ShaUpdate(&sha, data, sz); - wc_ShaFree(&sha); /* in case needed to release resources */ -} -#endif - - -#ifndef NO_SHA256 - -static INLINE void Sha256Rounds(int rounds, const byte* data, int sz) -{ - wc_Sha256 sha256; - int i; - - wc_InitSha256(&sha256); /* no error check on purpose, dummy round */ - - for (i = 0; i < rounds; i++) { - wc_Sha256Update(&sha256, data, sz); - /* no error check on purpose, dummy round */ - } - wc_Sha256Free(&sha256); /* in case needed to release resources */ -} - -#endif - - -#ifdef WOLFSSL_SHA384 - -static INLINE void Sha384Rounds(int rounds, const byte* data, int sz) -{ - wc_Sha384 sha384; - int i; - - wc_InitSha384(&sha384); /* no error check on purpose, dummy round */ - - for (i = 0; i < rounds; i++) { - wc_Sha384Update(&sha384, data, sz); - /* no error check on purpose, dummy round */ - } - wc_Sha384Free(&sha384); /* in case needed to release resources */ -} - -#endif - - -#ifdef WOLFSSL_SHA512 - -static INLINE void Sha512Rounds(int rounds, const byte* data, int sz) -{ - wc_Sha512 sha512; - int i; - - wc_InitSha512(&sha512); /* no error check on purpose, dummy round */ - - for (i = 0; i < rounds; i++) { - wc_Sha512Update(&sha512, data, sz); - /* no error check on purpose, dummy round */ - } - wc_Sha512Free(&sha512); /* in case needed to release resources */ -} - -#endif - - -#ifdef WOLFSSL_RIPEMD - -static INLINE void RmdRounds(int rounds, const byte* data, int sz) -{ - RipeMd ripemd; - int i; - - (void)wc_InitRipeMd(&ripemd); - - for (i = 0; i < rounds; i++) - (void)wc_RipeMdUpdate(&ripemd, data, sz); -} - -#endif - - -/* Do dummy rounds */ -static INLINE void DoRounds(int type, int rounds, const byte* data, int sz) -{ - (void)rounds; - (void)data; - (void)sz; - - switch (type) { - case no_mac : - break; - -#ifndef NO_OLD_TLS -#ifndef NO_MD5 - case md5_mac : - Md5Rounds(rounds, data, sz); - break; -#endif - -#ifndef NO_SHA - case sha_mac : - ShaRounds(rounds, data, sz); - break; -#endif -#endif - -#ifndef NO_SHA256 - case sha256_mac : - Sha256Rounds(rounds, data, sz); - break; -#endif - -#ifdef WOLFSSL_SHA384 - case sha384_mac : - Sha384Rounds(rounds, data, sz); - break; -#endif - -#ifdef WOLFSSL_SHA512 - case sha512_mac : - Sha512Rounds(rounds, data, sz); - break; -#endif - -#ifdef WOLFSSL_RIPEMD - case rmd_mac : - RmdRounds(rounds, data, sz); - break; -#endif - - default: - WOLFSSL_MSG("Bad round type"); - break; - } -} - - -/* do number of compression rounds on dummy data */ -static INLINE void CompressRounds(WOLFSSL* ssl, int rounds, const byte* dummy) -{ - if (rounds) - DoRounds(ssl->specs.mac_algorithm, rounds, dummy, COMPRESS_LOWER); -} - - /* check all length bytes for the pad value, return 0 on success */ static int PadCheck(const byte* a, byte pad, int length) { @@ -11865,73 +11875,121 @@ static int PadCheck(const byte* a, byte pad, int length) } -/* get compression extra rounds */ -static INLINE int GetRounds(int pLen, int padLen, int t) +/* Mask the padding bytes with the expected values. + * Constant time implementation - does maximum pad size possible. + * + * data Message data. + * sz Size of the message including MAC and padding and padding length. + * macSz Size of the MAC. + * returns 0 on success, otherwise failure. + */ +static byte MaskPadding(const byte* data, int sz, int macSz) { - int roundL1 = 1; /* round up flags */ - int roundL2 = 1; + int i; + int checkSz = sz - 1; + byte paddingSz = data[sz - 1]; + byte mask; + byte good = ctMaskGT(paddingSz, sz - 1 - macSz); - int L1 = COMPRESS_CONSTANT + pLen - t; - int L2 = COMPRESS_CONSTANT + pLen - padLen - 1 - t; + if (checkSz > TLS_MAX_PAD_SZ) + checkSz = TLS_MAX_PAD_SZ; - L1 -= COMPRESS_UPPER; - L2 -= COMPRESS_UPPER; + for (i = 0; i < checkSz; i++) { + mask = ctMaskLTE(i, paddingSz); + good |= mask & (data[sz - 1 - i] ^ paddingSz); + } - if ( (L1 % COMPRESS_LOWER) == 0) - roundL1 = 0; - if ( (L2 % COMPRESS_LOWER) == 0) - roundL2 = 0; - - L1 /= COMPRESS_LOWER; - L2 /= COMPRESS_LOWER; - - L1 += roundL1; - L2 += roundL2; - - return L1 - L2; + return good; } +/* Mask the MAC in the message with the MAC calculated. + * Constant time implementation - starts looking for MAC where maximum padding + * size has it. + * + * data Message data. + * sz Size of the message including MAC and padding and padding length. + * macSz Size of the MAC data. + * expMac Expected MAC value. + * returns 0 on success, otherwise failure. + */ +static byte MaskMac(const byte* data, int sz, int macSz, byte* expMac) +{ + int i, j; + unsigned char mac[WC_MAX_DIGEST_SIZE]; + int scanStart = sz - 1 - TLS_MAX_PAD_SZ - macSz; + int macEnd = sz - 1 - data[sz - 1]; + int macStart = macEnd - macSz; + int r = 0; + unsigned char started, notEnded; + unsigned char good = 0; + + if (scanStart < 0) + scanStart = 0; + + /* Div on Intel has different speeds depending on value. + * Use a bitwise AND or mod a specific value (converted to mul). */ + if ((macSz & (macSz - 1)) == 0) + r = (macSz - (scanStart - macStart)) & (macSz - 1); +#ifndef NO_SHA + else if (macSz == WC_SHA_DIGEST_SIZE) + r = (macSz - (scanStart - macStart)) % WC_SHA_DIGEST_SIZE; +#endif +#ifdef WOLFSSL_SHA384 + else if (macSz == WC_SHA384_DIGEST_SIZE) + r = (macSz - (scanStart - macStart)) % WC_SHA384_DIGEST_SIZE; +#endif + + XMEMSET(mac, 0, macSz); + for (i = scanStart; i < sz; i += macSz) { + for (j = 0; j < macSz && j + i < sz; j++) { + started = ctMaskGTE(i + j, macStart); + notEnded = ctMaskLT(i + j, macEnd); + mac[j] |= started & notEnded & data[i + j]; + } + } + + if ((macSz & (macSz - 1)) == 0) { + for (i = 0; i < macSz; i++) + good |= expMac[i] ^ mac[(i + r) & (macSz - 1)]; + } +#ifndef NO_SHA + else if (macSz == WC_SHA_DIGEST_SIZE) { + for (i = 0; i < macSz; i++) + good |= expMac[i] ^ mac[(i + r) % WC_SHA_DIGEST_SIZE]; + } +#endif +#ifdef WOLFSSL_SHA384 + else if (macSz == WC_SHA384_DIGEST_SIZE) { + for (i = 0; i < macSz; i++) + good |= expMac[i] ^ mac[(i + r) % WC_SHA384_DIGEST_SIZE]; + } +#endif + + return good; +} /* timing resistant pad/verify check, return 0 on success */ -static int TimingPadVerify(WOLFSSL* ssl, const byte* input, int padLen, int t, - int pLen, int content) +int TimingPadVerify(WOLFSSL* ssl, const byte* input, int padLen, int macSz, + int pLen, int content) { byte verify[WC_MAX_DIGEST_SIZE]; - byte dmy[sizeof(WOLFSSL) >= MAX_PAD_SIZE ? 1 : MAX_PAD_SIZE] = {0}; - byte* dummy = sizeof(dmy) < MAX_PAD_SIZE ? (byte*) ssl : dmy; + byte good; int ret = 0; - (void)dmy; + good = MaskPadding(input, pLen, macSz); + ret = ssl->hmac(ssl, verify, input, pLen - macSz - padLen - 1, padLen, + content, 1); + good |= MaskMac(input, pLen, ssl->specs.hash_size, verify); - if ( (t + padLen + 1) > pLen) { - WOLFSSL_MSG("Plain Len not long enough for pad/mac"); - PadCheck(dummy, (byte)padLen, MAX_PAD_SIZE); - ssl->hmac(ssl, verify, input, pLen - t, content, 1); /* still compare */ - ConstantCompare(verify, input + pLen - t, t); + /* Non-zero on failure. */ + good = ~good; + good &= good >> 4; + good &= good >> 2; + good &= good >> 1; + /* Make ret negative on masking failure. */ + ret -= 1 - good; - return VERIFY_MAC_ERROR; - } - - if (PadCheck(input + pLen - (padLen + 1), (byte)padLen, padLen + 1) != 0) { - WOLFSSL_MSG("PadCheck failed"); - PadCheck(dummy, (byte)padLen, MAX_PAD_SIZE - padLen - 1); - ssl->hmac(ssl, verify, input, pLen - t, content, 1); /* still compare */ - ConstantCompare(verify, input + pLen - t, t); - - return VERIFY_MAC_ERROR; - } - - PadCheck(dummy, (byte)padLen, MAX_PAD_SIZE - padLen - 1); - ret = ssl->hmac(ssl, verify, input, pLen - padLen - 1 - t, content, 1); - - CompressRounds(ssl, GetRounds(pLen, padLen, t), dummy); - - if (ConstantCompare(verify, input + (pLen - padLen - 1 - t), t) != 0) { - WOLFSSL_MSG("Verify MAC compare failed"); - return VERIFY_MAC_ERROR; - } - - /* treat any faulure as verify MAC error */ + /* Treat any faulure as verify MAC error. */ if (ret != 0) ret = VERIFY_MAC_ERROR; @@ -12149,6 +12207,7 @@ static int GetInputData(WOLFSSL *ssl, word32 size) static INLINE int VerifyMac(WOLFSSL* ssl, const byte* input, word32 msgSz, int content, word32* padSz) { +#ifndef WOLFSSL_NO_TLS12 int ivExtra = 0; int ret; word32 pad = 0; @@ -12161,6 +12220,7 @@ static INLINE int VerifyMac(WOLFSSL* ssl, const byte* input, word32 msgSz, #endif byte verify[WC_MAX_DIGEST_SIZE]; + if (ssl->specs.cipher_type == block) { if (ssl->options.tls1_1) ivExtra = ssl->specs.block_size; @@ -12187,8 +12247,8 @@ static INLINE int VerifyMac(WOLFSSL* ssl, const byte* input, word32 msgSz, badPadLen = 1; } PadCheck(dummy, (byte)pad, MAX_PAD_SIZE); /* timing only */ - ret = ssl->hmac(ssl, verify, input, msgSz - digestSz - pad - 1, - content, 1); + ret = ssl->hmac(ssl, verify, input, msgSz - digestSz - pad - 1, pad, + content, 1); if (ConstantCompare(verify, input + msgSz - digestSz - pad - 1, digestSz) != 0) return VERIFY_MAC_ERROR; @@ -12197,7 +12257,7 @@ static INLINE int VerifyMac(WOLFSSL* ssl, const byte* input, word32 msgSz, } } else if (ssl->specs.cipher_type == stream) { - ret = ssl->hmac(ssl, verify, input, msgSz - digestSz, content, 1); + ret = ssl->hmac(ssl, verify, input, msgSz - digestSz, -1, content, 1); if (ConstantCompare(verify, input + msgSz - digestSz, digestSz) != 0){ return VERIFY_MAC_ERROR; } @@ -12205,12 +12265,20 @@ static INLINE int VerifyMac(WOLFSSL* ssl, const byte* input, word32 msgSz, return VERIFY_MAC_ERROR; } +#endif /* WOLFSSL_NO_TLS12 */ + if (ssl->specs.cipher_type == aead) { *padSz = ssl->specs.aead_mac_size; } +#ifndef WOLFSSL_NO_TLS12 else { *padSz = digestSz + pad + padByte; } +#endif /* WOLFSSL_NO_TLS12 */ + + (void)input; + (void)msgSz; + (void)content; return 0; } @@ -12429,13 +12497,18 @@ int ProcessReply(WOLFSSL* ssl) } else { if (!ssl->options.tls1_3) { + #ifndef WOLFSSL_NO_TLS12 ret = Decrypt(ssl, in->buffer + in->idx, in->buffer + in->idx, ssl->curSize); + #else + ret = DECRYPT_ERROR; + #endif } - else { - #ifdef WOLFSSL_TLS13 + else + { + #ifdef WOLFSSL_TLS13 #if defined(WOLFSSL_TLS13_DRAFT_18) || \ defined(WOLFSSL_TLS13_DRAFT_22) || \ defined(WOLFSSL_TLS13_DRAFT_23) @@ -12450,9 +12523,9 @@ int ProcessReply(WOLFSSL* ssl) ssl->curSize, (byte*)&ssl->curRL, RECORD_HEADER_SZ); #endif - #else + #else ret = DECRYPT_ERROR; - #endif /* WOLFSSL_TLS13 */ + #endif /* WOLFSSL_TLS13 */ } } @@ -12462,12 +12535,14 @@ int ProcessReply(WOLFSSL* ssl) #endif if (ret >= 0) { + #ifndef WOLFSSL_NO_TLS12 /* handle success */ if (ssl->options.tls1_1 && ssl->specs.cipher_type == block) ssl->buffers.inputBuffer.idx += ssl->specs.block_size; /* go past TLSv1.1 IV */ if (CipherHasExpIV(ssl)) ssl->buffers.inputBuffer.idx += AESGCM_EXP_IV_SZ; + #endif } else { WOLFSSL_MSG("Decrypt failed"); @@ -12588,10 +12663,14 @@ int ProcessReply(WOLFSSL* ssl) #endif } else if (!IsAtLeastTLSv1_3(ssl->version)) { +#ifndef WOLFSSL_NO_TLS12 ret = DoHandShakeMsg(ssl, ssl->buffers.inputBuffer.buffer, &ssl->buffers.inputBuffer.idx, ssl->buffers.inputBuffer.length); +#else + ret = BUFFER_ERROR; +#endif } else { #ifdef WOLFSSL_TLS13 @@ -12656,6 +12735,7 @@ int ProcessReply(WOLFSSL* ssl) #endif #endif +#ifndef WOLFSSL_NO_TLS12 ret = SanityCheckMsgReceived(ssl, change_cipher_hs); if (ret != 0) { if (!ssl->options.dtls) { @@ -12740,6 +12820,7 @@ int ProcessReply(WOLFSSL* ssl) server : client); if (ret != 0) return ret; +#endif /* !WOLFSSL_NO_TLS12 */ break; case application_data: @@ -12916,7 +12997,7 @@ int SendChangeCipher(WOLFSSL* ssl) #ifndef NO_OLD_TLS static int SSL_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, - int content, int verify) + int padLen, int content, int verify) { byte result[WC_MAX_DIGEST_SIZE]; word32 digestSz = ssl->specs.hash_size; /* actual sizes */ @@ -12931,6 +13012,8 @@ static int SSL_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, byte conLen[ENUM_LEN + LENGTH_SZ]; /* content & length */ const byte* macSecret = wolfSSL_GetMacSecret(ssl, verify); + (void)padLen; + #ifdef HAVE_FUZZER if (ssl->fuzzerCb) ssl->fuzzerCb(ssl, in, sz, FUZZ_HMAC, ssl->fuzzerCtx); @@ -13174,8 +13257,9 @@ int BuildCertHashes(WOLFSSL* ssl, Hashes* hashes) return ret; } -#endif /* WOLFSSL_LEANPSK */ +#endif /* !NO_CERTS */ +#ifndef WOLFSSL_NO_TLS12 /* Persistable BuildMessage arguments */ typedef struct BuildMsgArgs { word32 digestSz; @@ -13197,11 +13281,13 @@ static void FreeBuildMsgArgs(WOLFSSL* ssl, void* pArgs) /* no allocations in BuildMessage */ } +#endif /* Build SSL Message, encrypted */ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input, int inSz, int type, int hashOutput, int sizeOnly, int asyncOkay) { +#ifndef WOLFSSL_NO_TLS12 int ret = 0; BuildMsgArgs* args; BuildMsgArgs lcl_args; @@ -13209,6 +13295,7 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input, args = (BuildMsgArgs*)ssl->async.args; typedef char args_test[sizeof(ssl->async.args) >= sizeof(*args) ? 1 : -1]; (void)sizeof(args_test); +#endif #endif WOLFSSL_ENTER("BuildMessage"); @@ -13217,6 +13304,10 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input, return BAD_FUNC_ARG; } +#ifdef WOLFSSL_NO_TLS12 + return BuildTls13Message(ssl, output, outSz, input, inSz, type, + hashOutput, sizeOnly, asyncOkay); +#else #ifdef WOLFSSL_TLS13 if (ssl->options.tls1_3) { return BuildTls13Message(ssl, output, outSz, input, inSz, type, @@ -13399,8 +13490,8 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input, ERROR_OUT(MEMORY_E, exit_buildmsg); #endif - ret = ssl->hmac(ssl, hmac, output + args->headerSz + args->ivSz, inSz, - type, 0); + ret = ssl->hmac(ssl, hmac, output + args->headerSz + args->ivSz, + inSz, -1, type, 0); XMEMCPY(output + args->idx, hmac, args->digestSz); #ifdef WOLFSSL_SMALL_STACK @@ -13409,8 +13500,8 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input, } else #endif - ret = ssl->hmac(ssl, output + args->idx, output + args->headerSz + args->ivSz, - inSz, type, 0); + ret = ssl->hmac(ssl, output + args->idx, output + + args->headerSz + args->ivSz, inSz, -1, type, 0); #ifdef WOLFSSL_DTLS if (ssl->options.dtls) DtlsSEQIncrement(ssl, CUR_ORDER); @@ -13451,8 +13542,10 @@ exit_buildmsg: FreeBuildMsgArgs(ssl, args); return ret; +#endif /* !WOLFSSL_NO_TLS12 */ } +#ifndef WOLFSSL_NO_TLS12 int SendFinished(WOLFSSL* ssl) { @@ -13573,6 +13666,7 @@ int SendFinished(WOLFSSL* ssl) #ifndef NO_CERTS +#if !defined(NO_WOLFSSL_SERVER) || !defined(WOLFSSL_NO_CLIENT_AUTH) /* handle generation of certificate (11) */ int SendCertificate(WOLFSSL* ssl) { @@ -13836,6 +13930,7 @@ int SendCertificate(WOLFSSL* ssl) return ret; } +#endif /* !NO_WOLFSSL_SERVER || !WOLFSSL_NO_CLIENT_AUTH */ /* handle generation of certificate_request (13) */ int SendCertificateRequest(WOLFSSL* ssl) @@ -14422,6 +14517,7 @@ int SendCertificateStatus(WOLFSSL* ssl) #endif /* !NO_CERTS */ +#endif /* WOLFSSL_NO_TLS12 */ int SendData(WOLFSSL* ssl, const void* data, int sz) { @@ -15222,1466 +15318,554 @@ void SetErrorString(int error, char* str) XSTRNCPY(str, wolfSSL_ERR_reason_error_string(error), WOLFSSL_MAX_ERROR_SZ); } +#ifndef NO_ERROR_STRINGS + #define SUITE_INFO(x,y,z,w) {(x),(y),(z),(w)} +#else + #define SUITE_INFO(x,y,z,w) {(x),(z),(w)} +#endif -/* be sure to add to cipher_name_idx too !!!! */ -static const char* const cipher_names[] = +static const CipherSuiteInfo cipher_names[] = { +#ifndef WOLFSSL_NO_TLS12 + #ifdef BUILD_SSL_RSA_WITH_RC4_128_SHA - "RC4-SHA", + SUITE_INFO("RC4-SHA","SSL_RSA_WITH_RC4_128_SHA",CIPHER_BYTE,SSL_RSA_WITH_RC4_128_SHA), #endif #ifdef BUILD_SSL_RSA_WITH_RC4_128_MD5 - "RC4-MD5", + SUITE_INFO("RC4-MD5","SSL_RSA_WITH_RC4_128_MD5",CIPHER_BYTE,SSL_RSA_WITH_RC4_128_MD5), #endif #ifdef BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA - "DES-CBC3-SHA", + SUITE_INFO("DES-CBC3-SHA","SSL_RSA_WITH_3DES_EDE_CBC_SHA",CIPHER_BYTE,SSL_RSA_WITH_3DES_EDE_CBC_SHA), #endif #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA - "AES128-SHA", + SUITE_INFO("AES128-SHA","TLS_RSA_WITH_AES_128_CBC_SHA",CIPHER_BYTE,TLS_RSA_WITH_AES_128_CBC_SHA), #endif #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA - "AES256-SHA", + SUITE_INFO("AES256-SHA","TLS_RSA_WITH_AES_256_CBC_SHA",CIPHER_BYTE,TLS_RSA_WITH_AES_256_CBC_SHA), #endif #ifdef BUILD_TLS_RSA_WITH_NULL_SHA - "NULL-SHA", + SUITE_INFO("NULL-SHA","TLS_RSA_WITH_NULL_SHA",CIPHER_BYTE,TLS_RSA_WITH_NULL_SHA), #endif #ifdef BUILD_TLS_RSA_WITH_NULL_SHA256 - "NULL-SHA256", + SUITE_INFO("NULL-SHA256","TLS_RSA_WITH_NULL_SHA256",CIPHER_BYTE,TLS_RSA_WITH_NULL_SHA256), #endif #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA - "DHE-RSA-AES128-SHA", + SUITE_INFO("DHE-RSA-AES128-SHA","TLS_DHE_RSA_WITH_AES_128_CBC_SHA",CIPHER_BYTE,TLS_DHE_RSA_WITH_AES_128_CBC_SHA), #endif #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA - "DHE-RSA-AES256-SHA", + SUITE_INFO("DHE-RSA-AES256-SHA","TLS_DHE_RSA_WITH_AES_256_CBC_SHA",CIPHER_BYTE,TLS_DHE_RSA_WITH_AES_256_CBC_SHA), #endif #ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 - "DHE-PSK-AES256-GCM-SHA384", + SUITE_INFO("DHE-PSK-AES256-GCM-SHA384","TLS_DHE_PSK_WITH_AES_256_GCM_SHA384",CIPHER_BYTE,TLS_DHE_PSK_WITH_AES_256_GCM_SHA384), #endif #ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 - "DHE-PSK-AES128-GCM-SHA256", + SUITE_INFO("DHE-PSK-AES128-GCM-SHA256","TLS_DHE_PSK_WITH_AES_128_GCM_SHA256",CIPHER_BYTE,TLS_DHE_PSK_WITH_AES_128_GCM_SHA256), #endif #ifdef BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384 - "PSK-AES256-GCM-SHA384", + SUITE_INFO("PSK-AES256-GCM-SHA384","TLS_PSK_WITH_AES_256_GCM_SHA384",CIPHER_BYTE,TLS_PSK_WITH_AES_256_GCM_SHA384), #endif #ifdef BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256 - "PSK-AES128-GCM-SHA256", + SUITE_INFO("PSK-AES128-GCM-SHA256","TLS_PSK_WITH_AES_128_GCM_SHA256",CIPHER_BYTE,TLS_PSK_WITH_AES_128_GCM_SHA256), #endif #ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 - "DHE-PSK-AES256-CBC-SHA384", + SUITE_INFO("DHE-PSK-AES256-CBC-SHA384","TLS_DHE_PSK_WITH_AES_256_CBC_SHA384",CIPHER_BYTE,TLS_DHE_PSK_WITH_AES_256_CBC_SHA384), #endif #ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 - "DHE-PSK-AES128-CBC-SHA256", + SUITE_INFO("DHE-PSK-AES128-CBC-SHA256","TLS_DHE_PSK_WITH_AES_128_CBC_SHA256",CIPHER_BYTE,TLS_DHE_PSK_WITH_AES_128_CBC_SHA256), #endif #ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384 - "PSK-AES256-CBC-SHA384", + SUITE_INFO("PSK-AES256-CBC-SHA384","TLS_PSK_WITH_AES_256_CBC_SHA384",CIPHER_BYTE,TLS_PSK_WITH_AES_256_CBC_SHA384), #endif #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256 - "PSK-AES128-CBC-SHA256", + SUITE_INFO("PSK-AES128-CBC-SHA256","TLS_PSK_WITH_AES_128_CBC_SHA256",CIPHER_BYTE,TLS_PSK_WITH_AES_128_CBC_SHA256), #endif #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA - "PSK-AES128-CBC-SHA", + SUITE_INFO("PSK-AES128-CBC-SHA","TLS_PSK_WITH_AES_128_CBC_SHA",CIPHER_BYTE,TLS_PSK_WITH_AES_128_CBC_SHA), #endif #ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA - "PSK-AES256-CBC-SHA", + SUITE_INFO("PSK-AES256-CBC-SHA","TLS_PSK_WITH_AES_256_CBC_SHA",CIPHER_BYTE,TLS_PSK_WITH_AES_256_CBC_SHA), #endif #ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CCM - "DHE-PSK-AES128-CCM", + SUITE_INFO("DHE-PSK-AES128-CCM","TLS_DHE_PSK_WITH_AES_128_CCM",ECC_BYTE,TLS_DHE_PSK_WITH_AES_128_CCM), #endif #ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CCM - "DHE-PSK-AES256-CCM", + SUITE_INFO("DHE-PSK-AES256-CCM","TLS_DHE_PSK_WITH_AES_256_CCM",ECC_BYTE,TLS_DHE_PSK_WITH_AES_256_CCM), #endif #ifdef BUILD_TLS_PSK_WITH_AES_128_CCM - "PSK-AES128-CCM", + SUITE_INFO("PSK-AES128-CCM","TLS_PSK_WITH_AES_128_CCM",ECC_BYTE,TLS_PSK_WITH_AES_128_CCM), #endif #ifdef BUILD_TLS_PSK_WITH_AES_256_CCM - "PSK-AES256-CCM", + SUITE_INFO("PSK-AES256-CCM","TLS_PSK_WITH_AES_256_CCM",ECC_BYTE,TLS_PSK_WITH_AES_256_CCM), #endif #ifdef BUILD_TLS_PSK_WITH_AES_128_CCM_8 - "PSK-AES128-CCM-8", + SUITE_INFO("PSK-AES128-CCM-8","TLS_PSK_WITH_AES_128_CCM_8",ECC_BYTE,TLS_PSK_WITH_AES_128_CCM_8), #endif #ifdef BUILD_TLS_PSK_WITH_AES_256_CCM_8 - "PSK-AES256-CCM-8", + SUITE_INFO("PSK-AES256-CCM-8","TLS_PSK_WITH_AES_256_CCM_8",ECC_BYTE,TLS_PSK_WITH_AES_256_CCM_8), #endif #ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA384 - "DHE-PSK-NULL-SHA384", + SUITE_INFO("DHE-PSK-NULL-SHA384","TLS_DHE_PSK_WITH_NULL_SHA384",CIPHER_BYTE,TLS_DHE_PSK_WITH_NULL_SHA384), #endif #ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA256 - "DHE-PSK-NULL-SHA256", + SUITE_INFO("DHE-PSK-NULL-SHA256","TLS_DHE_PSK_WITH_NULL_SHA256",CIPHER_BYTE,TLS_DHE_PSK_WITH_NULL_SHA256), #endif #ifdef BUILD_TLS_PSK_WITH_NULL_SHA384 - "PSK-NULL-SHA384", + SUITE_INFO("PSK-NULL-SHA384","TLS_PSK_WITH_NULL_SHA384",CIPHER_BYTE,TLS_PSK_WITH_NULL_SHA384), #endif #ifdef BUILD_TLS_PSK_WITH_NULL_SHA256 - "PSK-NULL-SHA256", + SUITE_INFO("PSK-NULL-SHA256","TLS_PSK_WITH_NULL_SHA256",CIPHER_BYTE,TLS_PSK_WITH_NULL_SHA256), #endif #ifdef BUILD_TLS_PSK_WITH_NULL_SHA - "PSK-NULL-SHA", + SUITE_INFO("PSK-NULL-SHA","TLS_PSK_WITH_NULL_SHA",CIPHER_BYTE,TLS_PSK_WITH_NULL_SHA), #endif #ifdef BUILD_TLS_RSA_WITH_HC_128_MD5 - "HC128-MD5", + SUITE_INFO("HC128-MD5","TLS_RSA_WITH_HC_128_MD5",CIPHER_BYTE,TLS_RSA_WITH_HC_128_MD5), #endif #ifdef BUILD_TLS_RSA_WITH_HC_128_SHA - "HC128-SHA", + SUITE_INFO("HC128-SHA","TLS_RSA_WITH_HC_128_SHA",CIPHER_BYTE,TLS_RSA_WITH_HC_128_SHA), #endif #ifdef BUILD_TLS_RSA_WITH_HC_128_B2B256 - "HC128-B2B256", + SUITE_INFO("HC128-B2B256","TLS_RSA_WITH_HC_128_B2B256",CIPHER_BYTE,TLS_RSA_WITH_HC_128_B2B256), #endif #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256 - "AES128-B2B256", + SUITE_INFO("AES128-B2B256","TLS_RSA_WITH_AES_128_CBC_B2B256",CIPHER_BYTE,TLS_RSA_WITH_AES_128_CBC_B2B256), #endif #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256 - "AES256-B2B256", + SUITE_INFO("AES256-B2B256","TLS_RSA_WITH_AES_256_CBC_B2B256",CIPHER_BYTE,TLS_RSA_WITH_AES_256_CBC_B2B256), #endif #ifdef BUILD_TLS_RSA_WITH_RABBIT_SHA - "RABBIT-SHA", + SUITE_INFO("RABBIT-SHA","TLS_RSA_WITH_RABBIT_SHA",CIPHER_BYTE,TLS_RSA_WITH_RABBIT_SHA), #endif #ifdef BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA - "NTRU-RC4-SHA", + SUITE_INFO("NTRU-RC4-SHA","TLS_NTRU_RSA_WITH_RC4_128_SHA",CIPHER_BYTE,TLS_NTRU_RSA_WITH_RC4_128_SHA), #endif #ifdef BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA - "NTRU-DES-CBC3-SHA", + SUITE_INFO("NTRU-DES-CBC3-SHA","TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA",CIPHER_BYTE,TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA), #endif #ifdef BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA - "NTRU-AES128-SHA", + SUITE_INFO("NTRU-AES128-SHA","TLS_NTRU_RSA_WITH_AES_128_CBC_SHA",CIPHER_BYTE,TLS_NTRU_RSA_WITH_AES_128_CBC_SHA), #endif #ifdef BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA - "NTRU-AES256-SHA", + SUITE_INFO("NTRU-AES256-SHA","TLS_NTRU_RSA_WITH_AES_256_CBC_SHA",CIPHER_BYTE,TLS_NTRU_RSA_WITH_AES_256_CBC_SHA), #endif #ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8 - "AES128-CCM-8", + SUITE_INFO("AES128-CCM-8","TLS_RSA_WITH_AES_128_CCM_8",ECC_BYTE,TLS_RSA_WITH_AES_128_CCM_8), #endif #ifdef BUILD_TLS_RSA_WITH_AES_256_CCM_8 - "AES256-CCM-8", + SUITE_INFO("AES256-CCM-8","TLS_RSA_WITH_AES_256_CCM_8",ECC_BYTE,TLS_RSA_WITH_AES_256_CCM_8), #endif #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM - "ECDHE-ECDSA-AES128-CCM", + SUITE_INFO("ECDHE-ECDSA-AES128-CCM","TLS_ECDHE_ECDSA_WITH_AES_128_CCM",ECC_BYTE,TLS_ECDHE_ECDSA_WITH_AES_128_CCM), #endif #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 - "ECDHE-ECDSA-AES128-CCM-8", + SUITE_INFO("ECDHE-ECDSA-AES128-CCM-8","TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8",ECC_BYTE,TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8), #endif #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 - "ECDHE-ECDSA-AES256-CCM-8", + SUITE_INFO("ECDHE-ECDSA-AES256-CCM-8","TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8",ECC_BYTE,TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8), #endif #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - "ECDHE-RSA-AES128-SHA", + SUITE_INFO("ECDHE-RSA-AES128-SHA","TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",ECC_BYTE,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA), #endif #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - "ECDHE-RSA-AES256-SHA", + SUITE_INFO("ECDHE-RSA-AES256-SHA","TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",ECC_BYTE,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA), #endif #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA - "ECDHE-ECDSA-AES128-SHA", + SUITE_INFO("ECDHE-ECDSA-AES128-SHA","TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",ECC_BYTE,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA), #endif #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA - "ECDHE-ECDSA-AES256-SHA", + SUITE_INFO("ECDHE-ECDSA-AES256-SHA","TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",ECC_BYTE,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA), #endif #ifdef BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA - "ECDHE-RSA-RC4-SHA", + SUITE_INFO("ECDHE-RSA-RC4-SHA","TLS_ECDHE_RSA_WITH_RC4_128_SHA",ECC_BYTE,TLS_ECDHE_RSA_WITH_RC4_128_SHA), #endif #ifdef BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA - "ECDHE-RSA-DES-CBC3-SHA", + SUITE_INFO("ECDHE-RSA-DES-CBC3-SHA","TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",ECC_BYTE,TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA), #endif #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA - "ECDHE-ECDSA-RC4-SHA", + SUITE_INFO("ECDHE-ECDSA-RC4-SHA","TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",ECC_BYTE,TLS_ECDHE_ECDSA_WITH_RC4_128_SHA), #endif #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA - "ECDHE-ECDSA-DES-CBC3-SHA", + SUITE_INFO("ECDHE-ECDSA-DES-CBC3-SHA","TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA",ECC_BYTE,TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA), #endif #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256 - "AES128-SHA256", + SUITE_INFO("AES128-SHA256","TLS_RSA_WITH_AES_128_CBC_SHA256",CIPHER_BYTE,TLS_RSA_WITH_AES_128_CBC_SHA256), #endif #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256 - "AES256-SHA256", + SUITE_INFO("AES256-SHA256","TLS_RSA_WITH_AES_256_CBC_SHA256",CIPHER_BYTE,TLS_RSA_WITH_AES_256_CBC_SHA256), #endif #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 - "DHE-RSA-AES128-SHA256", + SUITE_INFO("DHE-RSA-AES128-SHA256","TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",CIPHER_BYTE,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256), #endif #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 - "DHE-RSA-AES256-SHA256", + SUITE_INFO("DHE-RSA-AES256-SHA256","TLS_DHE_RSA_WITH_AES_256_CBC_SHA256",CIPHER_BYTE,TLS_DHE_RSA_WITH_AES_256_CBC_SHA256), #endif #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA - "ECDH-RSA-AES128-SHA", + SUITE_INFO("ECDH-RSA-AES128-SHA","TLS_ECDH_RSA_WITH_AES_128_CBC_SHA",ECC_BYTE,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA), #endif #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA - "ECDH-RSA-AES256-SHA", + SUITE_INFO("ECDH-RSA-AES256-SHA","TLS_ECDH_RSA_WITH_AES_256_CBC_SHA",ECC_BYTE,TLS_ECDH_RSA_WITH_AES_256_CBC_SHA), #endif #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA - "ECDH-ECDSA-AES128-SHA", + SUITE_INFO("ECDH-ECDSA-AES128-SHA","TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA",ECC_BYTE,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA), #endif #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA - "ECDH-ECDSA-AES256-SHA", + SUITE_INFO("ECDH-ECDSA-AES256-SHA","TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA",ECC_BYTE,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA), #endif #ifdef BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA - "ECDH-RSA-RC4-SHA", + SUITE_INFO("ECDH-RSA-RC4-SHA","TLS_ECDH_RSA_WITH_RC4_128_SHA",ECC_BYTE,TLS_ECDH_RSA_WITH_RC4_128_SHA), #endif #ifdef BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA - "ECDH-RSA-DES-CBC3-SHA", + SUITE_INFO("ECDH-RSA-DES-CBC3-SHA","TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA",ECC_BYTE,TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA), #endif #ifdef BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA - "ECDH-ECDSA-RC4-SHA", + SUITE_INFO("ECDH-ECDSA-RC4-SHA","TLS_ECDH_ECDSA_WITH_RC4_128_SHA",ECC_BYTE,TLS_ECDH_ECDSA_WITH_RC4_128_SHA), #endif #ifdef BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA - "ECDH-ECDSA-DES-CBC3-SHA", + SUITE_INFO("ECDH-ECDSA-DES-CBC3-SHA","TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA",ECC_BYTE,TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA), #endif #ifdef BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256 - "AES128-GCM-SHA256", + SUITE_INFO("AES128-GCM-SHA256","TLS_RSA_WITH_AES_128_GCM_SHA256",CIPHER_BYTE,TLS_RSA_WITH_AES_128_GCM_SHA256), #endif #ifdef BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384 - "AES256-GCM-SHA384", + SUITE_INFO("AES256-GCM-SHA384","TLS_RSA_WITH_AES_256_GCM_SHA384",CIPHER_BYTE,TLS_RSA_WITH_AES_256_GCM_SHA384), #endif #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 - "DHE-RSA-AES128-GCM-SHA256", + SUITE_INFO("DHE-RSA-AES128-GCM-SHA256","TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",CIPHER_BYTE,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256), #endif #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 - "DHE-RSA-AES256-GCM-SHA384", + SUITE_INFO("DHE-RSA-AES256-GCM-SHA384","TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",CIPHER_BYTE,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384), #endif #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - "ECDHE-RSA-AES128-GCM-SHA256", + SUITE_INFO("ECDHE-RSA-AES128-GCM-SHA256","TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",ECC_BYTE,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256), #endif #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - "ECDHE-RSA-AES256-GCM-SHA384", + SUITE_INFO("ECDHE-RSA-AES256-GCM-SHA384","TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",ECC_BYTE,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384), #endif #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - "ECDHE-ECDSA-AES128-GCM-SHA256", + SUITE_INFO("ECDHE-ECDSA-AES128-GCM-SHA256","TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",ECC_BYTE,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256), #endif #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 - "ECDHE-ECDSA-AES256-GCM-SHA384", + SUITE_INFO("ECDHE-ECDSA-AES256-GCM-SHA384","TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",ECC_BYTE,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384), #endif #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 - "ECDH-RSA-AES128-GCM-SHA256", + SUITE_INFO("ECDH-RSA-AES128-GCM-SHA256","TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256",ECC_BYTE,TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256), #endif #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 - "ECDH-RSA-AES256-GCM-SHA384", + SUITE_INFO("ECDH-RSA-AES256-GCM-SHA384","TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384",ECC_BYTE,TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384), #endif #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 - "ECDH-ECDSA-AES128-GCM-SHA256", + SUITE_INFO("ECDH-ECDSA-AES128-GCM-SHA256","TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256",ECC_BYTE,TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256), #endif #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 - "ECDH-ECDSA-AES256-GCM-SHA384", + SUITE_INFO("ECDH-ECDSA-AES256-GCM-SHA384","TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384",ECC_BYTE,TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384), #endif #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA - "CAMELLIA128-SHA", + SUITE_INFO("CAMELLIA128-SHA","TLS_RSA_WITH_CAMELLIA_128_CBC_SHA",CIPHER_BYTE,TLS_RSA_WITH_CAMELLIA_128_CBC_SHA), #endif #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA - "DHE-RSA-CAMELLIA128-SHA", + SUITE_INFO("DHE-RSA-CAMELLIA128-SHA","TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA",CIPHER_BYTE,TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA), #endif #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA - "CAMELLIA256-SHA", + SUITE_INFO("CAMELLIA256-SHA","TLS_RSA_WITH_CAMELLIA_256_CBC_SHA",CIPHER_BYTE,TLS_RSA_WITH_CAMELLIA_256_CBC_SHA), #endif #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA - "DHE-RSA-CAMELLIA256-SHA", + SUITE_INFO("DHE-RSA-CAMELLIA256-SHA","TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA",CIPHER_BYTE,TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA), #endif #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 - "CAMELLIA128-SHA256", + SUITE_INFO("CAMELLIA128-SHA256","TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256",CIPHER_BYTE,TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256), #endif #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 - "DHE-RSA-CAMELLIA128-SHA256", + SUITE_INFO("DHE-RSA-CAMELLIA128-SHA256","TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256",CIPHER_BYTE,TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256), #endif #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 - "CAMELLIA256-SHA256", + SUITE_INFO("CAMELLIA256-SHA256","TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256",CIPHER_BYTE,TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256), #endif #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 - "DHE-RSA-CAMELLIA256-SHA256", + SUITE_INFO("DHE-RSA-CAMELLIA256-SHA256","TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256",CIPHER_BYTE,TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256), #endif #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - "ECDHE-RSA-AES128-SHA256", + SUITE_INFO("ECDHE-RSA-AES128-SHA256","TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",ECC_BYTE,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256), #endif #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 - "ECDHE-ECDSA-AES128-SHA256", + SUITE_INFO("ECDHE-ECDSA-AES128-SHA256","TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",ECC_BYTE,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256), #endif #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 - "ECDH-RSA-AES128-SHA256", + SUITE_INFO("ECDH-RSA-AES128-SHA256","TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256",ECC_BYTE,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256), #endif #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 - "ECDH-ECDSA-AES128-SHA256", + SUITE_INFO("ECDH-ECDSA-AES128-SHA256","TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256",ECC_BYTE,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256), #endif #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 - "ECDHE-RSA-AES256-SHA384", + SUITE_INFO("ECDHE-RSA-AES256-SHA384","TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",ECC_BYTE,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384), #endif #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 - "ECDHE-ECDSA-AES256-SHA384", + SUITE_INFO("ECDHE-ECDSA-AES256-SHA384","TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",ECC_BYTE,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384), #endif #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 - "ECDH-RSA-AES256-SHA384", + SUITE_INFO("ECDH-RSA-AES256-SHA384","TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384",ECC_BYTE,TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384), #endif #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 - "ECDH-ECDSA-AES256-SHA384", + SUITE_INFO("ECDH-ECDSA-AES256-SHA384","TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384",ECC_BYTE,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384), #endif #ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - "ECDHE-RSA-CHACHA20-POLY1305", + SUITE_INFO("ECDHE-RSA-CHACHA20-POLY1305","TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",CHACHA_BYTE,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256), #endif #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 - "ECDHE-ECDSA-CHACHA20-POLY1305", + SUITE_INFO("ECDHE-ECDSA-CHACHA20-POLY1305","TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",CHACHA_BYTE,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256), #endif #ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - "DHE-RSA-CHACHA20-POLY1305", + SUITE_INFO("DHE-RSA-CHACHA20-POLY1305","TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256",CHACHA_BYTE,TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256), #endif #ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 - "ECDHE-RSA-CHACHA20-POLY1305-OLD", + SUITE_INFO("ECDHE-RSA-CHACHA20-POLY1305-OLD","TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256",CHACHA_BYTE,TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256), #endif #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256 - "ECDHE-ECDSA-CHACHA20-POLY1305-OLD", + SUITE_INFO("ECDHE-ECDSA-CHACHA20-POLY1305-OLD","TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256",CHACHA_BYTE,TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256), #endif #ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 - "DHE-RSA-CHACHA20-POLY1305-OLD", + SUITE_INFO("DHE-RSA-CHACHA20-POLY1305-OLD","TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256",CHACHA_BYTE,TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256), #endif #ifdef BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA - "ADH-AES128-SHA", + SUITE_INFO("ADH-AES128-SHA","TLS_DH_anon_WITH_AES_128_CBC_SHA",CIPHER_BYTE,TLS_DH_anon_WITH_AES_128_CBC_SHA), #endif #ifdef BUILD_TLS_DH_anon_WITH_AES_256_GCM_SHA384 - "ADH-AES256-GCM-SHA384", + SUITE_INFO("ADH-AES256-GCM-SHA384","TLS_DH_anon_WITH_AES_256_GCM_SHA384",CIPHER_BYTE,TLS_DH_anon_WITH_AES_256_GCM_SHA384), #endif #ifdef BUILD_TLS_QSH - "QSH", + SUITE_INFO("QSH","TLS_QSH",QSH_BYTE,TLS_QSH), #endif #ifdef HAVE_RENEGOTIATION_INDICATION - "RENEGOTIATION-INFO", + SUITE_INFO("RENEGOTIATION-INFO","TLS_EMPTY_RENEGOTIATION_INFO_SCSV",CIPHER_BYTE,TLS_EMPTY_RENEGOTIATION_INFO_SCSV), #endif #ifdef BUILD_SSL_RSA_WITH_IDEA_CBC_SHA - "IDEA-CBC-SHA", + SUITE_INFO("IDEA-CBC-SHA","SSL_RSA_WITH_IDEA_CBC_SHA",CIPHER_BYTE,SSL_RSA_WITH_IDEA_CBC_SHA), #endif #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_NULL_SHA - "ECDHE-ECDSA-NULL-SHA", + SUITE_INFO("ECDHE-ECDSA-NULL-SHA","TLS_ECDHE_ECDSA_WITH_NULL_SHA",ECC_BYTE,TLS_ECDHE_ECDSA_WITH_NULL_SHA), #endif #ifdef BUILD_TLS_ECDHE_PSK_WITH_NULL_SHA256 - "ECDHE-PSK-NULL-SHA256", + SUITE_INFO("ECDHE-PSK-NULL-SHA256","TLS_ECDHE_PSK_WITH_NULL_SHA256",ECC_BYTE,TLS_ECDHE_PSK_WITH_NULL_SHA256), #endif #ifdef BUILD_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 - "ECDHE-PSK-AES128-CBC-SHA256", + SUITE_INFO("ECDHE-PSK-AES128-CBC-SHA256","TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256",ECC_BYTE,TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256), #endif #ifdef BUILD_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 - "PSK-CHACHA20-POLY1305", + SUITE_INFO("PSK-CHACHA20-POLY1305","TLS_PSK_WITH_CHACHA20_POLY1305_SHA256",CHACHA_BYTE,TLS_PSK_WITH_CHACHA20_POLY1305_SHA256), #endif #ifdef BUILD_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 - "ECDHE-PSK-CHACHA20-POLY1305", + SUITE_INFO("ECDHE-PSK-CHACHA20-POLY1305","TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256",CHACHA_BYTE,TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256), #endif #ifdef BUILD_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 - "DHE-PSK-CHACHA20-POLY1305", + SUITE_INFO("DHE-PSK-CHACHA20-POLY1305","TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256",CHACHA_BYTE,TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256), #endif #ifdef BUILD_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA - "EDH-RSA-DES-CBC3-SHA", -#endif - -#ifdef BUILD_TLS_AES_128_GCM_SHA256 - "TLS13-AES128-GCM-SHA256", -#endif - -#ifdef BUILD_TLS_AES_256_GCM_SHA384 - "TLS13-AES256-GCM-SHA384", -#endif - -#ifdef BUILD_TLS_CHACHA20_POLY1305_SHA256 - "TLS13-CHACHA20-POLY1305-SHA256", -#endif - -#ifdef BUILD_TLS_AES_128_CCM_SHA256 - "TLS13-AES128-CCM-SHA256", -#endif - -#ifdef BUILD_TLS_AES_128_CCM_8_SHA256 - "TLS13-AES128-CCM-8-SHA256", + SUITE_INFO("EDH-RSA-DES-CBC3-SHA","TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA",CIPHER_BYTE,TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA), #endif #ifdef BUILD_WDM_WITH_NULL_SHA256 - "WDM-NULL-SHA256", + SUITE_INFO("WDM-NULL-SHA256","WDM_WITH_NULL_SHA256",CIPHER_BYTE,WDM_WITH_NULL_SHA256), #endif -}; - -/* cipher suite number that matches above name table */ -static const int cipher_name_idx[] = -{ -#ifdef BUILD_SSL_RSA_WITH_RC4_128_SHA - SSL_RSA_WITH_RC4_128_SHA, -#endif - -#ifdef BUILD_SSL_RSA_WITH_RC4_128_MD5 - SSL_RSA_WITH_RC4_128_MD5, -#endif - -#ifdef BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA - SSL_RSA_WITH_3DES_EDE_CBC_SHA, -#endif - -#ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA - TLS_RSA_WITH_AES_128_CBC_SHA, -#endif - -#ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA - TLS_RSA_WITH_AES_256_CBC_SHA, -#endif - -#ifdef BUILD_TLS_RSA_WITH_NULL_SHA - TLS_RSA_WITH_NULL_SHA, -#endif - -#ifdef BUILD_TLS_RSA_WITH_NULL_SHA256 - TLS_RSA_WITH_NULL_SHA256, -#endif - -#ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA - TLS_DHE_RSA_WITH_AES_128_CBC_SHA, -#endif - -#ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA - TLS_DHE_RSA_WITH_AES_256_CBC_SHA, -#endif - -#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 - TLS_DHE_PSK_WITH_AES_256_GCM_SHA384, -#endif - -#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 - TLS_DHE_PSK_WITH_AES_128_GCM_SHA256, -#endif - -#ifdef BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384 - TLS_PSK_WITH_AES_256_GCM_SHA384, -#endif - -#ifdef BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256 - TLS_PSK_WITH_AES_128_GCM_SHA256, -#endif - -#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 - TLS_DHE_PSK_WITH_AES_256_CBC_SHA384, -#endif - -#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 - TLS_DHE_PSK_WITH_AES_128_CBC_SHA256, -#endif - -#ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384 - TLS_PSK_WITH_AES_256_CBC_SHA384, -#endif - -#ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256 - TLS_PSK_WITH_AES_128_CBC_SHA256, -#endif - -#ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA - TLS_PSK_WITH_AES_128_CBC_SHA, -#endif - -#ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA - TLS_PSK_WITH_AES_256_CBC_SHA, -#endif - -#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CCM - TLS_DHE_PSK_WITH_AES_128_CCM, -#endif - -#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CCM - TLS_DHE_PSK_WITH_AES_256_CCM, -#endif - -#ifdef BUILD_TLS_PSK_WITH_AES_128_CCM - TLS_PSK_WITH_AES_128_CCM, -#endif - -#ifdef BUILD_TLS_PSK_WITH_AES_256_CCM - TLS_PSK_WITH_AES_256_CCM, -#endif - -#ifdef BUILD_TLS_PSK_WITH_AES_128_CCM_8 - TLS_PSK_WITH_AES_128_CCM_8, -#endif - -#ifdef BUILD_TLS_PSK_WITH_AES_256_CCM_8 - TLS_PSK_WITH_AES_256_CCM_8, -#endif - -#ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA384 - TLS_DHE_PSK_WITH_NULL_SHA384, -#endif - -#ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA256 - TLS_DHE_PSK_WITH_NULL_SHA256, -#endif - -#ifdef BUILD_TLS_PSK_WITH_NULL_SHA384 - TLS_PSK_WITH_NULL_SHA384, -#endif - -#ifdef BUILD_TLS_PSK_WITH_NULL_SHA256 - TLS_PSK_WITH_NULL_SHA256, -#endif - -#ifdef BUILD_TLS_PSK_WITH_NULL_SHA - TLS_PSK_WITH_NULL_SHA, -#endif - -#ifdef BUILD_TLS_RSA_WITH_HC_128_MD5 - TLS_RSA_WITH_HC_128_MD5, -#endif - -#ifdef BUILD_TLS_RSA_WITH_HC_128_SHA - TLS_RSA_WITH_HC_128_SHA, -#endif - -#ifdef BUILD_TLS_RSA_WITH_HC_128_B2B256 - TLS_RSA_WITH_HC_128_B2B256, -#endif - -#ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256 - TLS_RSA_WITH_AES_128_CBC_B2B256, -#endif - -#ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256 - TLS_RSA_WITH_AES_256_CBC_B2B256, -#endif - -#ifdef BUILD_TLS_RSA_WITH_RABBIT_SHA - TLS_RSA_WITH_RABBIT_SHA, -#endif - -#ifdef BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA - TLS_NTRU_RSA_WITH_RC4_128_SHA, -#endif - -#ifdef BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA - TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA, -#endif - -#ifdef BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA - TLS_NTRU_RSA_WITH_AES_128_CBC_SHA, -#endif - -#ifdef BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA - TLS_NTRU_RSA_WITH_AES_256_CBC_SHA, -#endif - -#ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8 - TLS_RSA_WITH_AES_128_CCM_8, -#endif - -#ifdef BUILD_TLS_RSA_WITH_AES_256_CCM_8 - TLS_RSA_WITH_AES_256_CCM_8, -#endif - -#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM - TLS_ECDHE_ECDSA_WITH_AES_128_CCM, -#endif - -#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 - TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, -#endif - -#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 - TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8, -#endif - -#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, -#endif - -#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, -#endif - -#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, -#endif - -#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, -#endif - -#ifdef BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA - TLS_ECDHE_RSA_WITH_RC4_128_SHA, -#endif - -#ifdef BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA - TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, -#endif - -#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA - TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, -#endif - -#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA - TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, -#endif - -#ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256 - TLS_RSA_WITH_AES_128_CBC_SHA256, -#endif - -#ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256 - TLS_RSA_WITH_AES_256_CBC_SHA256, -#endif - -#ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 - TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, -#endif - -#ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 - TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, -#endif - -#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA - TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, -#endif - -#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA - TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, -#endif - -#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA - TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, -#endif - -#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA - TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, -#endif - -#ifdef BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA - TLS_ECDH_RSA_WITH_RC4_128_SHA, -#endif - -#ifdef BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA - TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, -#endif - -#ifdef BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA - TLS_ECDH_ECDSA_WITH_RC4_128_SHA, -#endif - -#ifdef BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA - TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, -#endif - -#ifdef BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256 - TLS_RSA_WITH_AES_128_GCM_SHA256, -#endif - -#ifdef BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384 - TLS_RSA_WITH_AES_256_GCM_SHA384, -#endif - -#ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 - TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, -#endif - -#ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 - TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, -#endif - -#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, -#endif - -#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, -#endif - -#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, -#endif - -#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, -#endif - -#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 - TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, -#endif - -#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 - TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, -#endif - -#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 - TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, -#endif - -#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 - TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, -#endif - -#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA - TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, -#endif - -#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA - TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, -#endif - -#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA - TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, -#endif - -#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA - TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, -#endif - -#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 - TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256, -#endif - -#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 - TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, -#endif - -#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 - TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256, -#endif - -#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 - TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, -#endif - -#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, -#endif - -#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, -#endif - -#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 - TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, -#endif - -#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 - TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, -#endif - -#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, -#endif - -#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, -#endif - -#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 - TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, -#endif - -#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 - TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, -#endif - -#ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, -#endif - -#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, -#endif - -#ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, -#endif - -#ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 - TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256, -#endif - -#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256 - TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256, -#endif - -#ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 - TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256, -#endif - -#ifdef BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA - TLS_DH_anon_WITH_AES_128_CBC_SHA, -#endif - -#ifdef BUILD_TLS_DH_anon_WITH_AES_256_GCM_SHA384 - TLS_DH_anon_WITH_AES_256_GCM_SHA384, -#endif - -#ifdef BUILD_TLS_QSH - TLS_QSH, -#endif - -#ifdef HAVE_RENEGOTIATION_INDICATION - TLS_EMPTY_RENEGOTIATION_INFO_SCSV, -#endif - -#ifdef BUILD_SSL_RSA_WITH_IDEA_CBC_SHA - SSL_RSA_WITH_IDEA_CBC_SHA, -#endif - -#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_NULL_SHA - TLS_ECDHE_ECDSA_WITH_NULL_SHA, -#endif - -#ifdef BUILD_TLS_ECDHE_PSK_WITH_NULL_SHA256 - TLS_ECDHE_PSK_WITH_NULL_SHA256, -#endif - -#ifdef BUILD_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 - TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256, -#endif - -#ifdef BUILD_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 - TLS_PSK_WITH_CHACHA20_POLY1305_SHA256, -#endif - -#ifdef BUILD_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 - TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256, -#endif - -#ifdef BUILD_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 - TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256, -#endif - -#ifdef BUILD_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA - TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, -#endif +#endif /* WOLFSSL_NO_TLS12 */ #ifdef BUILD_TLS_AES_128_GCM_SHA256 - TLS_AES_128_GCM_SHA256, + SUITE_INFO("TLS13-AES128-GCM-SHA256","TLS_AES_128_GCM_SHA256",TLS13_BYTE,TLS_AES_128_GCM_SHA256), #endif #ifdef BUILD_TLS_AES_256_GCM_SHA384 - TLS_AES_256_GCM_SHA384, + SUITE_INFO("TLS13-AES256-GCM-SHA384","TLS_AES_256_GCM_SHA384",TLS13_BYTE,TLS_AES_256_GCM_SHA384), #endif #ifdef BUILD_TLS_CHACHA20_POLY1305_SHA256 - TLS_CHACHA20_POLY1305_SHA256, + SUITE_INFO("TLS13-CHACHA20-POLY1305-SHA256","TLS_CHACHA20_POLY1305_SHA256",TLS13_BYTE,TLS_CHACHA20_POLY1305_SHA256), #endif #ifdef BUILD_TLS_AES_128_CCM_SHA256 - TLS_AES_128_CCM_SHA256, + SUITE_INFO("TLS13-AES128-CCM-SHA256","TLS_AES_128_CCM_SHA256",TLS13_BYTE,TLS_AES_128_CCM_SHA256), #endif #ifdef BUILD_TLS_AES_128_CCM_8_SHA256 - TLS_AES_128_CCM_8_SHA256, -#endif - -#ifdef BUILD_WDM_WITH_NULL_SHA256 - WDM_WITH_NULL_SHA256, + SUITE_INFO("TLS13-AES128-CCM-8-SHA256","TLS_AES_128_CCM_8_SHA256",TLS13_BYTE,TLS_AES_128_CCM_8_SHA256), #endif }; /* returns the cipher_names array */ -const char* const* GetCipherNames(void) +const CipherSuiteInfo* GetCipherNames(void) { return cipher_names; } -/* returns the size of the cipher_names array */ +/* returns the number of elements in the cipher_names array */ int GetCipherNamesSize(void) { - return (int)(sizeof(cipher_names) / sizeof(char*)); + return (int)(sizeof(cipher_names) / sizeof(CipherSuiteInfo)); } -/* gets cipher name in the format DHE-RSA-... rather then TLS_DHE... */ -const char* GetCipherNameInternal(const char* cipherName, int cipherSuite) + +const char* GetCipherNameInternal(const byte cipherSuite0, const byte cipherSuite) { - const char* result = NULL; - const char* first; int i; + const char* nameInternal = NULL; - if (cipherName == NULL) { - WOLFSSL_MSG("Bad argument"); - return NULL; - } - - first = - #ifdef HAVE_CHACHA - (XSTRSTR(cipherName, "CHACHA")) ? "CHACHA" : - #endif - #ifdef HAVE_ECC - (XSTRSTR(cipherName, "EC")) ? "EC" : - #endif - #ifdef HAVE_AESCCM - (XSTRSTR(cipherName, "CCM")) ? "CCM" : - #endif - NULL; /* normal */ - - for (i = 0; i < (int)(sizeof(cipher_name_idx)/sizeof(int)); i++) { - if (cipher_name_idx[i] == cipherSuite) { - const char* nameFound = cipher_names[i]; - - /* extra sanity check on returned cipher name */ - if (nameFound == NULL) { - continue; - } - - /* if first is null then not any */ - if (first == NULL) { - #if defined(HAVE_AESCCM) || defined(HAVE_CHACHA) || \ - defined(HAVE_ECC) - if ( !XSTRSTR(nameFound, "CHACHA") && - !XSTRSTR(nameFound, "EC") && - !XSTRSTR(nameFound, "CCM")) { - result = nameFound; - break; - } - #endif - } - else if (XSTRSTR(nameFound, first)) { - result = nameFound; - break; - } + for (i = 0; i < GetCipherNamesSize(); i++) { + if ((cipher_names[i].cipherSuite0 == cipherSuite0) && + (cipher_names[i].cipherSuite == cipherSuite)) { + nameInternal = cipher_names[i].name; + break; } } + return nameInternal; +} - return result; +const char* GetCipherNameIana(const byte cipherSuite0, const byte cipherSuite) +{ +#ifndef NO_ERROR_STRINGS + int i; + const char* nameIana = "NONE"; + + for (i = 0; i < GetCipherNamesSize(); i++) { + if ((cipher_names[i].cipherSuite0 == cipherSuite0) && + (cipher_names[i].cipherSuite == cipherSuite)) { + nameIana = cipher_names[i].name_iana; + break; + } + } + return nameIana; +#else + (void)cipherSuite0; + (void)cipherSuite; + return NULL; +#endif } const char* wolfSSL_get_cipher_name_internal(WOLFSSL* ssl) { if (ssl == NULL) { - WOLFSSL_MSG("Bad argument"); return NULL; } - return GetCipherNameInternal( - wolfSSL_CIPHER_get_name(&ssl->cipher), - ssl->options.cipherSuite); + return GetCipherNameInternal(ssl->options.cipherSuite0, ssl->options.cipherSuite); } - -const char* wolfSSL_get_cipher_name_from_suite(const unsigned char cipherSuite, - const unsigned char cipherSuite0) +const char* wolfSSL_get_cipher_name_iana(WOLFSSL* ssl) { - - WOLFSSL_ENTER("wolfSSL_get_cipher_name_from_suite"); - - (void)cipherSuite; - (void)cipherSuite0; - -#ifndef NO_ERROR_STRINGS - -#if defined(HAVE_CHACHA) - if (cipherSuite0 == CHACHA_BYTE) { - /* ChaCha suites */ - switch (cipherSuite) { -#ifdef HAVE_POLY1305 -#ifndef NO_RSA - case TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 : - return "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"; - - case TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 : - return "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256"; - - case TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 : - return "TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256"; - - case TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 : - return "TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256"; -#endif - case TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 : - return "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"; - - case TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256 : - return "TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256"; -#ifndef NO_PSK - case TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 : - return "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256"; - case TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 : - return "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256"; - case TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 : - return "TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256"; -#endif /* NO_PSK */ -#endif /* HAVE_POLY1305 */ - } /* switch */ - } /* chacha */ -#endif /* HAVE_CHACHA */ - -#if defined(HAVE_ECC) || defined(HAVE_AESCCM) - /* Awkwardly, the ECC cipher suites use the ECC_BYTE as expected, - * but the AES-CCM cipher suites also use it, even the ones that - * aren't ECC. */ - if (cipherSuite0 == ECC_BYTE) { - /* ECC suites */ - switch (cipherSuite) { -#ifdef HAVE_ECC - #ifndef NO_RSA - case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 : - return "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"; - #endif /* !NO_RSA */ - case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 : - return "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"; - #ifndef NO_RSA - case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 : - return "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256"; - #endif /* !NO_RSA */ - case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 : - return "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256"; - #ifndef NO_RSA - case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 : - return "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"; - #endif /* !NO_RSA */ - case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 : - return "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384"; - #ifndef NO_RSA - case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 : - return "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384"; - #endif /* !NO_RSA */ - case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 : - return "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384"; -#ifndef NO_SHA - #ifndef NO_RSA - case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA : - return "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"; - case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA : - return "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"; - #endif /* !NO_RSA */ - case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA : - return "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA"; - case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA : - return "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"; - #ifndef NO_RC4 - #ifndef NO_RSA - case TLS_ECDHE_RSA_WITH_RC4_128_SHA : - return "TLS_ECDHE_RSA_WITH_RC4_128_SHA"; - #endif /* !NO_RSA */ - case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA : - return "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"; - #endif /* !NO_RC4 */ - #ifndef NO_DES3 - #ifndef NO_RSA - case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA : - return "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA"; - #endif /* !NO_RSA */ - case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA : - return "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA"; - #endif /* !NO_DES3 */ - - #ifndef NO_RSA - case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA : - return "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA"; - case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA : - return "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA"; - #endif /* !NO_RSA */ - case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA : - return "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA"; - case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA : - return "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA"; - #ifndef NO_RC4 - #ifndef NO_RSA - case TLS_ECDH_RSA_WITH_RC4_128_SHA : - return "TLS_ECDH_RSA_WITH_RC4_128_SHA"; - #endif /* !NO_RSA */ - case TLS_ECDH_ECDSA_WITH_RC4_128_SHA : - return "TLS_ECDH_ECDSA_WITH_RC4_128_SHA"; - #endif /* !NO_RC4 */ - #ifndef NO_DES3 - #ifndef NO_RSA - case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA : - return "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA"; - #endif /* !NO_RSA */ - case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA : - return "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA"; - #endif /* !NO_DES3 */ -#endif /* HAVE_ECC */ - -#ifdef HAVE_AESGCM - #ifndef NO_RSA - case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 : - return "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"; - case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 : - return "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"; - #endif /* !NO_RSA */ - case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 : - return "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"; - case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 : - return "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"; - #ifndef NO_RSA - case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 : - return "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256"; - case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 : - return "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384"; - #endif /* !NO_RSA */ - case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 : - return "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256"; - case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 : - return "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384"; -#endif /* HAVE_AESGCM */ - - case TLS_ECDHE_ECDSA_WITH_NULL_SHA : - return "TLS_ECDHE_ECDSA_WITH_NULL_SHA"; - #ifndef NO_PSK - case TLS_ECDHE_PSK_WITH_NULL_SHA256 : - return "TLS_ECDHE_PSK_WITH_NULL_SHA256"; - case TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 : - return "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256"; - #endif /* !NO_PSK */ - #ifndef NO_RSA - case TLS_RSA_WITH_AES_128_CCM_8 : - return "TLS_RSA_WITH_AES_128_CCM_8"; - case TLS_RSA_WITH_AES_256_CCM_8 : - return "TLS_RSA_WITH_AES_256_CCM_8"; - #endif /* !NO_RSA */ - #ifndef NO_PSK - case TLS_PSK_WITH_AES_128_CCM_8 : - return "TLS_PSK_WITH_AES_128_CCM_8"; - case TLS_PSK_WITH_AES_256_CCM_8 : - return "TLS_PSK_WITH_AES_256_CCM_8"; - case TLS_PSK_WITH_AES_128_CCM : - return "TLS_PSK_WITH_AES_128_CCM"; - case TLS_PSK_WITH_AES_256_CCM : - return "TLS_PSK_WITH_AES_256_CCM"; - case TLS_DHE_PSK_WITH_AES_128_CCM : - return "TLS_DHE_PSK_WITH_AES_128_CCM"; - case TLS_DHE_PSK_WITH_AES_256_CCM : - return "TLS_DHE_PSK_WITH_AES_256_CCM"; - #endif /* !NO_PSK */ - #ifdef HAVE_ECC - case TLS_ECDHE_ECDSA_WITH_AES_128_CCM: - return "TLS_ECDHE_ECDSA_WITH_AES_128_CCM"; - case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8: - return "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8"; - case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 : - return "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8"; - #endif /* HAVE_ECC */ -#endif /* HAVE_AESGCM */ - - default: - return "NONE"; - } /* switch */ - } /* ECC and AES CCM/GCM */ -#endif /* HAVE_ECC || HAVE_AESCCM*/ - - if (cipherSuite0 == TLS13_BYTE) { - /* TLS v1.3 suites */ - switch (cipherSuite) { -#ifdef WOLFSSL_TLS13 - #ifdef HAVE_AESGCM - case TLS_AES_128_GCM_SHA256 : - return "TLS_AES_128_GCM_SHA256"; - case TLS_AES_256_GCM_SHA384 : - return "TLS_AES_256_GCM_SHA384"; - #endif - - #ifdef HAVE_CHACHA - case TLS_CHACHA20_POLY1305_SHA256 : - return "TLS_CHACHA20_POLY1305_SHA256"; - #endif - - #ifdef HAVE_AESCCM - case TLS_AES_128_CCM_SHA256 : - return "TLS_AES_128_CCM_SHA256"; - case TLS_AES_128_CCM_8_SHA256 : - return "TLS_AES_256_CCM_8_SHA256"; - #endif -#endif - - default: - return "NONE"; - } + if (ssl == NULL) { + return NULL; } - if (cipherSuite0 != ECC_BYTE && - cipherSuite0 != CHACHA_BYTE && - cipherSuite0 != TLS13_BYTE) { - - /* normal suites */ - switch (cipherSuite) { -#ifndef NO_RSA - #ifndef NO_RC4 - #ifndef NO_SHA - case SSL_RSA_WITH_RC4_128_SHA : - return "SSL_RSA_WITH_RC4_128_SHA"; - #endif /* !NO_SHA */ - #ifndef NO_MD5 - case SSL_RSA_WITH_RC4_128_MD5 : - return "SSL_RSA_WITH_RC4_128_MD5"; - #endif /* !NO_MD5 */ - #endif /* !NO_RC4 */ - #ifndef NO_SHA - #ifndef NO_DES3 - case SSL_RSA_WITH_3DES_EDE_CBC_SHA : - return "SSL_RSA_WITH_3DES_EDE_CBC_SHA"; - #endif /* !NO_DES3 */ - #ifdef HAVE_IDEA - case SSL_RSA_WITH_IDEA_CBC_SHA : - return "SSL_RSA_WITH_IDEA_CBC_SHA"; - #endif /* HAVE_IDEA */ - - case TLS_RSA_WITH_AES_128_CBC_SHA : - return "TLS_RSA_WITH_AES_128_CBC_SHA"; - case TLS_RSA_WITH_AES_256_CBC_SHA : - return "TLS_RSA_WITH_AES_256_CBC_SHA"; - #endif /* !NO_SHA */ - case TLS_RSA_WITH_AES_128_CBC_SHA256 : - return "TLS_RSA_WITH_AES_128_CBC_SHA256"; - case TLS_RSA_WITH_AES_256_CBC_SHA256 : - return "TLS_RSA_WITH_AES_256_CBC_SHA256"; - #ifdef HAVE_BLAKE2 - case TLS_RSA_WITH_AES_128_CBC_B2B256: - return "TLS_RSA_WITH_AES_128_CBC_B2B256"; - case TLS_RSA_WITH_AES_256_CBC_B2B256: - return "TLS_RSA_WITH_AES_256_CBC_B2B256"; - #endif /* HAVE_BLAKE2 */ - #ifndef NO_SHA - case TLS_RSA_WITH_NULL_SHA : - return "TLS_RSA_WITH_NULL_SHA"; - #endif /* !NO_SHA */ - case TLS_RSA_WITH_NULL_SHA256 : - return "TLS_RSA_WITH_NULL_SHA256"; -#endif /* NO_RSA */ - -#ifndef NO_PSK - #ifndef NO_SHA - case TLS_PSK_WITH_AES_128_CBC_SHA : - return "TLS_PSK_WITH_AES_128_CBC_SHA"; - case TLS_PSK_WITH_AES_256_CBC_SHA : - return "TLS_PSK_WITH_AES_256_CBC_SHA"; - #endif /* !NO_SHA */ - #ifndef NO_SHA256 - case TLS_PSK_WITH_AES_128_CBC_SHA256 : - return "TLS_PSK_WITH_AES_128_CBC_SHA256"; - case TLS_PSK_WITH_NULL_SHA256 : - return "TLS_PSK_WITH_NULL_SHA256"; - case TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 : - return "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256"; - case TLS_DHE_PSK_WITH_NULL_SHA256 : - return "TLS_DHE_PSK_WITH_NULL_SHA256"; - #ifdef HAVE_AESGCM - case TLS_PSK_WITH_AES_128_GCM_SHA256 : - return "TLS_PSK_WITH_AES_128_GCM_SHA256"; - case TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 : - return "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256"; - #endif /* HAVE_AESGCM */ - #endif /* !NO_SHA256 */ - #ifdef WOLFSSL_SHA384 - case TLS_PSK_WITH_AES_256_CBC_SHA384 : - return "TLS_PSK_WITH_AES_256_CBC_SHA384"; - case TLS_PSK_WITH_NULL_SHA384 : - return "TLS_PSK_WITH_NULL_SHA384"; - case TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 : - return "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384"; - case TLS_DHE_PSK_WITH_NULL_SHA384 : - return "TLS_DHE_PSK_WITH_NULL_SHA384"; - #ifdef HAVE_AESGCM - case TLS_PSK_WITH_AES_256_GCM_SHA384 : - return "TLS_PSK_WITH_AES_256_GCM_SHA384"; - case TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 : - return "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384"; - #endif /* HAVE_AESGCM */ - #endif /* WOLFSSL_SHA384 */ - #ifndef NO_SHA - case TLS_PSK_WITH_NULL_SHA : - return "TLS_PSK_WITH_NULL_SHA"; - #endif /* !NO_SHA */ - #endif /* NO_PSK */ - - #ifndef NO_RSA - case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 : - return "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256"; - case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 : - return "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"; - #ifndef NO_SHA - case TLS_DHE_RSA_WITH_AES_128_CBC_SHA : - return "TLS_DHE_RSA_WITH_AES_128_CBC_SHA"; - case TLS_DHE_RSA_WITH_AES_256_CBC_SHA : - return "TLS_DHE_RSA_WITH_AES_256_CBC_SHA"; - #ifndef NO_DES3 - case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA: - return "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA"; - #endif - #endif /* !NO_RSA */ - #ifndef NO_HC128 - #ifndef NO_MD5 - case TLS_RSA_WITH_HC_128_MD5 : - return "TLS_RSA_WITH_HC_128_MD5"; - #endif /* !NO_MD5 */ - #ifndef NO_SHA - case TLS_RSA_WITH_HC_128_SHA : - return "TLS_RSA_WITH_HC_128_SHA"; - #endif /* !NO_SHA */ - #ifdef HAVE_BLAKE2 - case TLS_RSA_WITH_HC_128_B2B256: - return "TLS_RSA_WITH_HC_128_B2B256"; - #endif /* HAVE_BLAKE2 */ - #endif /* !NO_HC128 */ - #ifndef NO_SHA - #ifndef NO_RABBIT - case TLS_RSA_WITH_RABBIT_SHA : - return "TLS_RSA_WITH_RABBIT_SHA"; - #endif /* !NO_RABBIT */ - #ifdef HAVE_NTRU - #ifndef NO_RC4 - case TLS_NTRU_RSA_WITH_RC4_128_SHA : - return "TLS_NTRU_RSA_WITH_RC4_128_SHA"; - #endif /* !NO_RC4 */ - #ifndef NO_DES3 - case TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA : - return "TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA"; - #endif /* !NO_DES3 */ - case TLS_NTRU_RSA_WITH_AES_128_CBC_SHA : - return "TLS_NTRU_RSA_WITH_AES_128_CBC_SHA"; - case TLS_NTRU_RSA_WITH_AES_256_CBC_SHA : - return "TLS_NTRU_RSA_WITH_AES_256_CBC_SHA"; - #endif /* HAVE_NTRU */ - - #ifdef HAVE_QSH - case TLS_QSH : - return "TLS_QSH"; - #endif /* HAVE_QSH */ - #endif /* !NO_SHA */ - - case TLS_RSA_WITH_AES_128_GCM_SHA256 : - return "TLS_RSA_WITH_AES_128_GCM_SHA256"; - case TLS_RSA_WITH_AES_256_GCM_SHA384 : - return "TLS_RSA_WITH_AES_256_GCM_SHA384"; - case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 : - return "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256"; - case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 : - return "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"; - #ifndef NO_SHA - case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA : - return "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA"; - case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA : - return "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA"; - #endif /* !NO_SHA */ - case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 : - return "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256"; - case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 : - return "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256"; - #ifndef NO_SHA - case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA : - return "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA"; - case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA : - return "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA"; - #endif /* !NO_SHA */ - case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 : - return "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256"; - case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 : - return "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256"; -#endif /* !NO_PSK */ - -#ifdef BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA - case TLS_DH_anon_WITH_AES_128_CBC_SHA : - return "TLS_DH_anon_WITH_AES_128_CBC_SHA"; -#endif - -#ifdef BUILD_TLS_DH_anon_WITH_AES_256_GCM_SHA384 - case TLS_DH_anon_WITH_AES_256_GCM_SHA384: - return "TLS_DH_anon_WITH_AES_256_GCM_SHA384"; -#endif - -#ifdef BUILD_WDM_WITH_NULL_SHA256 - case WDM_WITH_NULL_SHA256 : - return "WDM_WITH_NULL_SHA256"; -#endif - default: - return "NONE"; - } /* switch */ - } /* normal / PSK */ -#endif /* NO_ERROR_STRINGS */ - - return "NONE"; + return GetCipherNameIana(ssl->options.cipherSuite0, ssl->options.cipherSuite); } @@ -16727,7 +15911,7 @@ int SetCipherList(WOLFSSL_CTX* ctx, Suites* suites, const char* list) name[(length == sizeof(name)) ? length - 1 : length] = 0; for (i = 0; i < suiteSz; i++) { - if (XSTRNCMP(name, cipher_names[i], sizeof(name)) == 0) { + if (XSTRNCMP(name, cipher_names[i].name, sizeof(name)) == 0) { #ifdef WOLFSSL_DTLS /* don't allow stream ciphers with DTLS */ if (ctx->method->version.major == DTLS_MAJOR) { @@ -16763,9 +15947,9 @@ int SetCipherList(WOLFSSL_CTX* ctx, Suites* suites, const char* list) #ifdef HAVE_AESCCM (XSTRSTR(name, "CCM")) ? ECC_BYTE : #endif - 0x00; /* normal */ + CIPHER_BYTE; /* normal */ - suites->suites[idx++] = (byte)cipher_name_idx[i]; + suites->suites[idx++] = cipher_names[i].cipherSuite; /* The suites are either ECDSA, RSA, PSK, or Anon. The RSA * suites don't necessarily have RSA in the name. */ #ifdef WOLFSSL_TLS13 @@ -16816,6 +16000,7 @@ int SetCipherList(WOLFSSL_CTX* ctx, Suites* suites, const char* list) return ret; } + #if !defined(NO_WOLFSSL_SERVER) || !defined(NO_CERTS) void PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, word32 hashSigAlgoSz) @@ -16831,6 +16016,7 @@ void PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, ssl->suites->sigAlgo = ssl->buffers.keyType; #endif } +#ifndef WOLFSSL_NO_TLS12 else if (IsAtLeastTLSv1_2(ssl)) { #ifdef WOLFSSL_ALLOW_TLS_SHA1 ssl->suites->hashAlgo = sha_mac; @@ -16841,6 +16027,7 @@ void PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, else { ssl->suites->hashAlgo = sha_mac; } +#endif /* i+1 since peek a byte ahead for type */ for (i = 0; (i+1) < hashSigAlgoSz; i += HELLO_EXT_SIGALGO_SZ) { @@ -16908,13 +16095,14 @@ void PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, void FinishHandShakeInfo(HandShakeInfo* info) { int i; - int sz = sizeof(cipher_name_idx)/sizeof(int); + int sz = GetCipherNamesSize(); for (i = 0; i < sz; i++) - if (info->ssl->options.cipherSuite == (byte)cipher_name_idx[i]) { + if (info->ssl->options.cipherSuite == + (byte)cipher_names[i].cipherSuite) { if (info->ssl->options.cipherSuite0 == ECC_BYTE) continue; /* ECC suites at end */ - XSTRNCPY(info->cipherName, cipher_names[i], MAX_CIPHERNAME_SZ); + XSTRNCPY(info->cipherName, cipher_names[i].name, MAX_CIPHERNAME_SZ); info->cipherName[MAX_CIPHERNAME_SZ] = '\0'; break; } @@ -17080,10 +16268,11 @@ void PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, #endif /* WOLFSSL_CALLBACKS */ - /* client only parts */ #ifndef NO_WOLFSSL_CLIENT +#ifndef WOLFSSL_NO_TLS12 + /* handle generation of client_hello (1) */ int SendClientHello(WOLFSSL* ssl) { @@ -17560,36 +16749,6 @@ void PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, XMEMCPY(ssl->arrays->serverRandom, input + i, RAN_LEN); i += RAN_LEN; - if (!ssl->options.resuming) { -#ifdef WOLFSSL_TLS13 - if (IsAtLeastTLSv1_3(ssl->ctx->method->version)) { - /* TLS v1.3 capable client not allowed to downgrade when - * connecting to TLS v1.3 capable server unless cipher suite - * demands it. - */ - if (XMEMCMP(input + i - (TLS13_DOWNGRADE_SZ + 1), - tls13Downgrade, TLS13_DOWNGRADE_SZ) == 0 && - (*(input + i - 1) == 0 || *(input + i - 1) == 1)) { - SendAlert(ssl, alert_fatal, illegal_parameter); - return VERSION_ERROR; - } - } - else -#endif - if (ssl->ctx->method->version.major == SSLv3_MAJOR && - ssl->ctx->method->version.minor == TLSv1_2_MINOR) { - /* TLS v1.2 capable client not allowed to downgrade when - * connecting to TLS v1.2 capable server. - */ - if (XMEMCMP(input + i - (TLS13_DOWNGRADE_SZ + 1), - tls13Downgrade, TLS13_DOWNGRADE_SZ) == 0 && - *(input + i - 1) == 0) { - SendAlert(ssl, alert_fatal, illegal_parameter); - return VERSION_ERROR; - } - } - } - /* session id */ ssl->arrays->sessionIDSz = input[i++]; @@ -17758,7 +16917,37 @@ void PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, { int ret; - if (ssl->options.resuming) { + if (!ssl->options.resuming) { + byte* down = ssl->arrays->serverRandom + RAN_LEN - + TLS13_DOWNGRADE_SZ - 1; + byte vers = ssl->arrays->serverRandom[RAN_LEN - 1]; + #ifdef WOLFSSL_TLS13 + if (IsAtLeastTLSv1_3(ssl->ctx->method->version)) { + /* TLS v1.3 capable client not allowed to downgrade when + * connecting to TLS v1.3 capable server unless cipher suite + * demands it. + */ + if (XMEMCMP(down, tls13Downgrade, TLS13_DOWNGRADE_SZ) == 0 && + (vers == 0 || vers == 1)) { + SendAlert(ssl, alert_fatal, illegal_parameter); + return VERSION_ERROR; + } + } + else + #endif + if (ssl->ctx->method->version.major == SSLv3_MAJOR && + ssl->ctx->method->version.minor == TLSv1_2_MINOR) { + /* TLS v1.2 capable client not allowed to downgrade when + * connecting to TLS v1.2 capable server. + */ + if (XMEMCMP(down, tls13Downgrade, TLS13_DOWNGRADE_SZ) == 0 && + vers == 0) { + SendAlert(ssl, alert_fatal, illegal_parameter); + return VERSION_ERROR; + } + } + } + else { if (DSH_CheckSessionId(ssl)) { if (SetCipherSpecs(ssl) == 0) { @@ -17789,15 +16978,17 @@ void PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, ssl->options.resuming = 0; /* server denied resumption try */ } } - #ifdef WOLFSSL_DTLS - if (ssl->options.dtls) { - DtlsMsgPoolReset(ssl); - } - #endif + #ifdef WOLFSSL_DTLS + if (ssl->options.dtls) { + DtlsMsgPoolReset(ssl); + } + #endif return SetCipherSpecs(ssl); } +#endif /* WOLFSSL_NO_TLS12 */ + /* Make sure client setup is valid for this suite, true on success */ int VerifyClientSuite(WOLFSSL* ssl) @@ -17823,6 +17014,7 @@ void PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, return 1; /* success */ } +#ifndef WOLFSSL_NO_TLS12 #ifndef NO_CERTS /* handle processing of certificate_request (13) */ @@ -18652,7 +17844,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, break; } #endif /* HAVE_ECC */ - #ifdef HAVE_ED25519 + #if defined(HAVE_ED25519) case ed25519_sa_algo: { if (!ssl->peerEd25519KeyPresent) { @@ -18660,7 +17852,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, } break; } - #endif /* HAVE_ECC */ + #endif /* HAVE_ED25519 */ default: ret = ALGO_ID_E; @@ -18762,7 +17954,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, break; } #endif /* HAVE_ECC */ - #ifdef HAVE_ED25519 + #if defined(HAVE_ED25519) case ed25519_sa_algo: { ret = Ed25519Verify(ssl, @@ -18780,7 +17972,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, break; } - #endif /* HAVE_ECC */ + #endif /* HAVE_ED25519 */ default: ret = ALGO_ID_E; @@ -18890,11 +18082,11 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, /* Nothing to do in this algo */ break; #endif /* HAVE_ECC */ - #ifdef HAVE_ED25519 + #if defined(HAVE_ED25519) case ed25519_sa_algo: /* Nothing to do in this algo */ break; - #endif /* HAVE_ECC */ + #endif /* HAVE_ED25519 */ default: ret = ALGO_ID_E; } /* switch (sigAlgo) */ @@ -20401,6 +19593,7 @@ exit_scke: return ret; } +#endif /* !WOLFSSL_NO_TLS12 */ #ifndef NO_CERTS @@ -20536,9 +19729,9 @@ int DecodePrivateKey(WOLFSSL *ssl, word16* length) } #endif #ifdef HAVE_ED25519 -#if !defined(NO_RSA) || defined(HAVE_ECC) - FreeKey(ssl, ssl->hsType, (void**)&ssl->hsKey); -#endif + #if !defined(NO_RSA) || defined(HAVE_ECC) + FreeKey(ssl, ssl->hsType, (void**)&ssl->hsKey); + #endif ssl->hsType = DYNAMIC_TYPE_ED25519; ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey); @@ -20546,13 +19739,13 @@ int DecodePrivateKey(WOLFSSL *ssl, word16* length) goto exit_dpk; } -#ifdef HAVE_ECC - WOLFSSL_MSG("Trying ED25519 private key, ECC didn't work"); -#elif !defined(NO_RSA) - WOLFSSL_MSG("Trying ED25519 private key, RSA didn't work"); -#else - WOLFSSL_MSG("Trying ED25519 private key"); -#endif + #ifdef HAVE_ECC + WOLFSSL_MSG("Trying ED25519 private key, ECC didn't work"); + #elif !defined(NO_RSA) + WOLFSSL_MSG("Trying ED25519 private key, RSA didn't work"); + #else + WOLFSSL_MSG("Trying ED25519 private key"); + #endif /* Set start of data to beginning of buffer. */ idx = 0; @@ -20574,7 +19767,7 @@ int DecodePrivateKey(WOLFSSL *ssl, word16* length) goto exit_dpk; } -#endif +#endif /* HAVE_ED25519 */ (void)idx; (void)keySz; @@ -20583,7 +19776,9 @@ exit_dpk: return ret; } +#ifndef WOLFSSL_NO_TLS12 +#ifndef WOLFSSL_NO_CLIENT_AUTH typedef struct ScvArgs { byte* output; /* not allocated */ #ifndef NO_RSA @@ -20792,6 +19987,13 @@ int SendCertificateVerify(WOLFSSL* ssl) c16toa(args->length, args->verify + args->extraSz); } #endif /* !NO_RSA */ + #if defined(HAVE_ED25519) && !defined(NO_ED25519_CLIENT_AUTH) + if (args->sigAlgo == ed25519_sa_algo) { + ret = Ed25519CheckPubKey(ssl); + if (ret != 0) + goto exit_scv; + } + #endif /* HAVE_ED25519 && !NO_ED25519_CLIENT_AUTH */ /* Advance state and proceed */ ssl->options.asyncState = TLS_ASYNC_DO; @@ -20817,12 +20019,12 @@ int SendCertificateVerify(WOLFSSL* ssl) ); } #endif /* HAVE_ECC */ - #ifdef HAVE_ED25519 + #if defined(HAVE_ED25519) && !defined(NO_ED25519_CLIENT_AUTH) if (ssl->hsType == DYNAMIC_TYPE_ED25519) { ed25519_key* key = (ed25519_key*)ssl->hsKey; ret = Ed25519Sign(ssl, - ssl->buffers.digest.buffer, ssl->buffers.digest.length, + ssl->hsHashes->messages, ssl->hsHashes->length, ssl->buffers.sig.buffer, &ssl->buffers.sig.length, key, #ifdef HAVE_PK_CALLBACKS @@ -20833,7 +20035,7 @@ int SendCertificateVerify(WOLFSSL* ssl) #endif ); } - #endif /* HAVE_ECC */ + #endif /* HAVE_ED25519 && !NO_ED25519_CLIENT_AUTH */ #ifndef NO_RSA if (ssl->hsType == DYNAMIC_TYPE_RSA) { RsaKey* key = (RsaKey*)ssl->hsKey; @@ -21042,6 +20244,9 @@ exit_scv: return ret; } +#endif /* WOLFSSL_NO_CLIENT_AUTH */ + +#endif /* WOLFSSL_NO_TLS12 */ #endif /* NO_CERTS */ @@ -21083,6 +20288,8 @@ int SetTicket(WOLFSSL* ssl, const byte* ticket, word32 length) return 0; } +#ifndef WOLFSSL_NO_TLS12 + /* handle processing of session_ticket (4) */ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, word32 size) @@ -21130,12 +20337,17 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, return 0; } + +#endif /* !WOLFSSL_NO_TLS12 */ + #endif /* HAVE_SESSION_TICKET */ #endif /* NO_WOLFSSL_CLIENT */ #ifndef NO_WOLFSSL_SERVER +#ifndef WOLFSSL_NO_TLS12 + /* handle generation of server_hello (2) */ int SendServerHello(WOLFSSL* ssl) { @@ -22239,13 +21451,17 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, break; #endif #endif /* !NO_RSA */ - #ifdef HAVE_ED25519 - case ed25519_sa_algo: - #endif case ecc_dsa_sa_algo: { break; } + #ifdef HAVE_ED25519 + case ed25519_sa_algo: + ret = Ed25519CheckPubKey(ssl); + if (ret != 0) + goto exit_sske; + break; + #endif /* HAVE_ED25519 */ } /* switch(ssl->specs.sig_algo) */ break; } @@ -22705,18 +21921,9 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, } #endif case ecc_dsa_sa_algo: - { - /* Now that we know the real sig size, write it. */ - c16toa((word16)args->sigSz, - args->output + args->idx); - - /* And adjust length and sendSz from estimates */ - args->length += args->sigSz - args->tmpSigSz; - args->sendSz += args->sigSz - args->tmpSigSz; - break; - } #ifdef HAVE_ED25519 case ed25519_sa_algo: + #endif { /* Now that we know the real sig size, write it. */ c16toa((word16)args->sigSz, @@ -22727,7 +21934,6 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, args->sendSz += args->sigSz - args->tmpSigSz; break; } - #endif default: ERROR_OUT(ALGO_ID_E, exit_sske); /* unsupported type */ } /* switch(ssl->specs.sig_algo) */ @@ -22922,6 +22128,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, #endif +#endif /* !WOLFSSL_NO_TLS12 */ + /* Make sure server cert/key are valid for this suite, true on success */ static int VerifyServerSuite(WOLFSSL* ssl, word16 idx) { @@ -23317,6 +22525,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, #endif /* OLD_HELLO_ALLOWED */ +#ifndef WOLFSSL_NO_TLS12 + int HandleTlsResumption(WOLFSSL* ssl, int bogusID, Suites* clSuites) { int ret = 0; @@ -23886,7 +23096,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, } -#if !defined(NO_RSA) || defined(HAVE_ECC) +#if (!defined(NO_RSA) || defined(HAVE_ECC) || defined(HAVE_ED25519)) && \ + !defined(WOLFSSL_NO_CLIENT_AUTH) typedef struct DcvArgs { byte* output; /* not allocated */ @@ -23981,10 +23192,10 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, else if (ssl->peerEccDsaKeyPresent) args->sigAlgo = ecc_dsa_sa_algo; #endif - #ifdef HAVE_ED25519 + #if defined(HAVE_ED25519) && !defined(NO_ED25519_CLIENT_AUTH) else if (ssl->peerEd25519KeyPresent) args->sigAlgo = ed25519_sa_algo; - #endif + #endif /* HAVE_ED25519 && !NO_ED25519_CLIENT_AUTH */ if ((args->idx - args->begin) + OPAQUE16_LEN > size) { ERROR_OUT(BUFFER_ERROR, exit_dcv); @@ -24025,7 +23236,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, } } #endif /* HAVE_ECC */ - #ifdef HAVE_ED25519 + #if defined(HAVE_ED25519) && !defined(NO_ED25519_CLIENT_AUTH) if (ssl->peerEd25519KeyPresent) { WOLFSSL_MSG("Doing ED25519 peer cert verify"); if (IsAtLeastTLSv1_2(ssl) && @@ -24034,7 +23245,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, "Oops, peer sent ED25519 key but not in verify"); } } - #endif /* HAVE_ED25519 */ + #endif /* HAVE_ED25519 && !NO_ED25519_CLIENT_AUTH */ /* Advance state and proceed */ ssl->options.asyncState = TLS_ASYNC_DO; @@ -24088,6 +23299,23 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, ); } #endif /* HAVE_ECC */ + #if defined(HAVE_ED25519) && !defined(NO_ED25519_CLIENT_AUTH) + if (ssl->peerEd25519KeyPresent) { + WOLFSSL_MSG("Doing Ed25519 peer cert verify"); + + ret = Ed25519Verify(ssl, + input + args->idx, args->sz, + ssl->hsHashes->messages, ssl->hsHashes->prevLen, + ssl->peerEd25519Key, + #ifdef HAVE_PK_CALLBACKS + &ssl->buffers.peerEd25519Key, + ssl->Ed25519VerifyCtx + #else + NULL, NULL + #endif + ); + } + #endif /* HAVE_ED25519 && !NO_ED25519_CLIENT_AUTH */ /* Check for error */ if (ret != 0) { @@ -24114,7 +23342,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, args->output, args->sigSz, HashAlgoToType(args->hashAlgo)); if (ret != 0) - return ret; + goto exit_dcv; } else #endif @@ -24220,7 +23448,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, return ret; } -#endif /* !NO_RSA || HAVE_ECC */ +#endif /* (!NO_RSA || HAVE_ECC || HAVE_ED25519) && !WOLFSSL_NO_CLIENT_AUTH */ /* handle generation of server_hello_done (14) */ int SendServerHelloDone(WOLFSSL* ssl) @@ -24280,6 +23508,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, return ret; } +#endif /* !WOLFSSL_NO_TLS12 */ #ifdef HAVE_SESSION_TICKET @@ -24578,6 +23807,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, #endif /* HAVE_SESSION_TICKET */ +#ifndef WOLFSSL_NO_TLS12 #ifdef WOLFSSL_DTLS /* handle generation of DTLS hello_verify_request (3) */ @@ -25727,6 +24957,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, return ret; } +#endif /* !WOLFSSL_NO_TLS12 */ #if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \ defined(WOLFSSL_HAPROXY) diff --git a/src/keys.c b/src/keys.c index 3418da2a1..d4211a382 100644 --- a/src/keys.c +++ b/src/keys.c @@ -2125,7 +2125,9 @@ int SetCipherSpecs(WOLFSSL* ssl) if (ssl->version.major == 3 && ssl->version.minor >= 1) { #ifndef NO_TLS ssl->options.tls = 1; + #ifndef WOLFSSL_NO_TLS12 ssl->hmac = TLS_hmac; + #endif if (ssl->version.minor >= 2) { ssl->options.tls1_1 = 1; if (ssl->version.minor >= 4) @@ -3440,14 +3442,14 @@ int MakeMasterSecret(WOLFSSL* ssl) } #endif -#ifdef NO_OLD_TLS - return MakeTlsMasterSecret(ssl); -#elif !defined(NO_TLS) - if (ssl->options.tls) return MakeTlsMasterSecret(ssl); -#endif - #ifndef NO_OLD_TLS + if (ssl->options.tls) return MakeTlsMasterSecret(ssl); return MakeSslMasterSecret(ssl); +#elif !defined(WOLFSSL_NO_TLS12) + return MakeTlsMasterSecret(ssl); +#else + (void)ssl; + return 0; #endif } diff --git a/src/ssl.c b/src/ssl.c index 2d33b4d7a..7c7bd3924 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -564,11 +564,16 @@ int NotifyWriteSide(WOLFSSL* ssl, int err) /* set if to use old poly 1 for yes 0 to use new poly */ int wolfSSL_use_old_poly(WOLFSSL* ssl, int value) { + (void)ssl; + (void)value; + +#ifndef WOLFSSL_NO_TLS12 WOLFSSL_ENTER("SSL_use_old_poly"); WOLFSSL_MSG("Warning SSL connection auto detects old/new and this function" "is depriciated"); ssl->options.oldPoly = (word16)value; WOLFSSL_LEAVE("SSL_use_old_poly", 0); +#endif return 0; } #endif @@ -644,13 +649,13 @@ int wolfSSL_set_write_fd(WOLFSSL* ssl, int fd) */ char* wolfSSL_get_cipher_list(int priority) { - const char* const* ciphers = GetCipherNames(); + const CipherSuiteInfo* ciphers = GetCipherNames(); if (priority >= GetCipherNamesSize() || priority < 0) { return 0; } - return (char*)ciphers[priority]; + return (char*)ciphers[priority].name; } @@ -683,7 +688,7 @@ char* wolfSSL_get_cipher_list_ex(WOLFSSL* ssl, int priority) int wolfSSL_get_ciphers(char* buf, int len) { - const char* const* ciphers = GetCipherNames(); + const CipherSuiteInfo* ciphers = GetCipherNames(); int totalInc = 0; int step = 0; char delim = ':'; @@ -695,13 +700,13 @@ int wolfSSL_get_ciphers(char* buf, int len) /* Add each member to the buffer delimited by a : */ for (i = 0; i < size; i++) { - step = (int)(XSTRLEN(ciphers[i]) + 1); /* delimiter */ + step = (int)(XSTRLEN(ciphers[i].name) + 1); /* delimiter */ totalInc += step; /* Check to make sure buf is large enough and will not overflow */ if (totalInc < len) { - size_t cipherLen = XSTRLEN(ciphers[i]); - XSTRNCPY(buf, ciphers[i], cipherLen); + size_t cipherLen = XSTRLEN(ciphers[i].name); + XSTRNCPY(buf, ciphers[i].name, cipherLen); buf += cipherLen; if (i < size - 1) @@ -722,8 +727,7 @@ const char* wolfSSL_get_shared_ciphers(WOLFSSL* ssl, char* buf, int len) if (ssl == NULL) return NULL; - cipher = wolfSSL_get_cipher_name_from_suite(ssl->options.cipherSuite, - ssl->options.cipherSuite0); + cipher = wolfSSL_get_cipher_name_iana(ssl); len = min(len, (int)(XSTRLEN(cipher) + 1)); XMEMCPY(buf, cipher, len); return buf; @@ -737,14 +741,6 @@ int wolfSSL_get_fd(const WOLFSSL* ssl) } -int wolfSSL_get_using_nonblock(WOLFSSL* ssl) -{ - WOLFSSL_ENTER("wolfSSL_get_using_nonblock"); - WOLFSSL_LEAVE("wolfSSL_get_using_nonblock", ssl->options.usingNonblock); - return ssl->options.usingNonblock; -} - - int wolfSSL_dtls(WOLFSSL* ssl) { return ssl->options.dtls; @@ -752,13 +748,6 @@ int wolfSSL_dtls(WOLFSSL* ssl) #ifndef WOLFSSL_LEANPSK -void wolfSSL_set_using_nonblock(WOLFSSL* ssl, int nonblock) -{ - WOLFSSL_ENTER("wolfSSL_set_using_nonblock"); - ssl->options.usingNonblock = (nonblock != 0); -} - - int wolfSSL_dtls_set_peer(WOLFSSL* ssl, void* peer, unsigned int peerSz) { #ifdef WOLFSSL_DTLS @@ -1487,7 +1476,7 @@ int wolfSSL_SetTmpDH(WOLFSSL* ssl, const unsigned char* p, int pSz, ssl->buffers.serverDH_P.buffer = (byte*)XMALLOC(pSz, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); if (ssl->buffers.serverDH_P.buffer == NULL) - return MEMORY_E; + return MEMORY_E; ssl->buffers.serverDH_G.buffer = (byte*)XMALLOC(gSz, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); @@ -3377,7 +3366,7 @@ void wolfSSL_EVP_init(void) #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) -void wolfSSL_ERR_print_errors_fp(FILE* fp, int err) +void wolfSSL_ERR_print_errors_fp(XFILE fp, int err) { char data[WOLFSSL_MAX_ERROR_SZ + 1]; @@ -3387,7 +3376,7 @@ void wolfSSL_ERR_print_errors_fp(FILE* fp, int err) } #if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE) -void wolfSSL_ERR_dump_errors_fp(FILE* fp) +void wolfSSL_ERR_dump_errors_fp(XFILE fp) { wc_ERR_print_errors_fp(fp); } @@ -3471,10 +3460,17 @@ static int SetMinVersionHelper(byte* minVersion, int version) *minVersion = TLSv1_1_MINOR; break; #endif + #ifndef WOLFSSL_NO_TLS12 case WOLFSSL_TLSV1_2: *minVersion = TLSv1_2_MINOR; break; + #endif #endif + #ifdef WOLFSSL_TLS13 + case WOLFSSL_TLSV1_3: + *minVersion = TLSv1_3_MINOR; + break; + #endif default: WOLFSSL_MSG("Bad function argument"); @@ -3571,9 +3567,11 @@ int wolfSSL_SetVersion(WOLFSSL* ssl, int version) ssl->version = MakeTLSv1_1(); break; #endif + #ifndef WOLFSSL_NO_TLS12 case WOLFSSL_TLSV1_2: ssl->version = MakeTLSv1_2(); break; + #endif #endif #ifdef WOLFSSL_TLS13 case WOLFSSL_TLSV1_3: @@ -3612,8 +3610,8 @@ int wolfSSL_SetVersion(WOLFSSL* ssl, int version) /* Make a work from the front of random hash */ static INLINE word32 MakeWordFromHash(const byte* hashID) { - return (hashID[0] << 24) | (hashID[1] << 16) | (hashID[2] << 8) | - hashID[3]; + return ((word32)hashID[0] << 24) | (hashID[1] << 16) | + (hashID[2] << 8) | hashID[3]; } #endif /* !NO_CERTS || !NO_SESSION_CACHE */ @@ -5037,14 +5035,18 @@ static INLINE WOLFSSL_METHOD* cm_pick_method(void) #ifndef NO_WOLFSSL_CLIENT #if defined(WOLFSSL_ALLOW_SSLV3) && !defined(NO_OLD_TLS) return wolfSSLv3_client_method(); - #else + #elif !defined(WOLFSSL_NO_TLS12) return wolfTLSv1_2_client_method(); + #elif defined(WOLFSSL_TLS13) + return wolfTLSv1_3_client_method(); #endif #elif !defined(NO_WOLFSSL_SERVER) #if defined(WOLFSSL_ALLOW_SSLV3) && !defined(NO_OLD_TLS) return wolfSSLv3_server_method(); - #else + #elif !defined(WOLFSSL_NO_TLS12) return wolfTLSv1_2_server_method(); + #elif defined(WOLFSSL_TLS13) + return wolfTLSv1_3_server_method(); #endif #else return NULL; @@ -8273,13 +8275,47 @@ int wolfSSL_set_cipher_list(WOLFSSL* ssl, const char* list) } +int wolfSSL_dtls_get_using_nonblock(WOLFSSL* ssl) +{ + int useNb = 0; + + WOLFSSL_ENTER("wolfSSL_dtls_get_using_nonblock"); + if (ssl->options.dtls) { +#ifdef WOLFSSL_DTLS + useNb = ssl->options.dtlsUseNonblock; +#endif + } + else { + WOLFSSL_MSG("wolfSSL_dtls_get_using_nonblock() is " + "DEPRECATED for non-DTLS use."); + } + return useNb; +} + + #ifndef WOLFSSL_LEANPSK + +void wolfSSL_dtls_set_using_nonblock(WOLFSSL* ssl, int nonblock) +{ + (void)nonblock; + + WOLFSSL_ENTER("wolfSSL_dtls_set_using_nonblock"); + if (ssl->options.dtls) { +#ifdef WOLFSSL_DTLS + ssl->options.dtlsUseNonblock = (nonblock != 0); +#endif + } + else { + WOLFSSL_MSG("wolfSSL_dtls_set_using_nonblock() is " + "DEPRECATED for non-DTLS use."); + } +} + + #ifdef WOLFSSL_DTLS int wolfSSL_dtls_get_current_timeout(WOLFSSL* ssl) { - (void)ssl; - return ssl->dtls_timeout; } @@ -8500,7 +8536,9 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, /* please see note at top of README if you get an error from connect */ int wolfSSL_connect(WOLFSSL* ssl) { + #ifndef WOLFSSL_NO_TLS12 int neededState; + #endif WOLFSSL_ENTER("SSL_connect()"); @@ -8522,6 +8560,9 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, return WOLFSSL_FATAL_ERROR; } + #ifdef WOLFSSL_NO_TLS12 + return wolfSSL_connect_TLSv13(ssl); + #else #ifdef WOLFSSL_TLS13 if (ssl->options.tls1_3) return wolfSSL_connect_TLSv13(ssl); @@ -8660,11 +8701,11 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, FALL_THROUGH; case FIRST_REPLY_DONE : - #ifdef WOLFSSL_TLS13 - if (ssl->options.tls1_3) - return wolfSSL_connect_TLSv13(ssl); - #endif - #ifndef NO_CERTS + #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_CLIENT_AUTH) + #ifdef WOLFSSL_TLS13 + if (ssl->options.tls1_3) + return wolfSSL_connect_TLSv13(ssl); + #endif if (ssl->options.sendVerify) { if ( (ssl->error = SendCertificate(ssl)) != 0) { WOLFSSL_ERROR(ssl->error); @@ -8696,7 +8737,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, FALL_THROUGH; case FIRST_REPLY_SECOND : - #ifndef NO_CERTS + #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_CLIENT_AUTH) if (ssl->options.sendVerify) { if ( (ssl->error = SendCertificateVerify(ssl)) != 0) { WOLFSSL_ERROR(ssl->error); @@ -8704,7 +8745,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, } WOLFSSL_MSG("sent: certificate verify"); } - #endif + #endif /* !NO_CERTS && !WOLFSSL_NO_CLIENT_AUTH */ ssl->options.connectState = FIRST_REPLY_THIRD; WOLFSSL_MSG("connect state: FIRST_REPLY_THIRD"); FALL_THROUGH; @@ -8771,6 +8812,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, WOLFSSL_MSG("Unknown connect state ERROR"); return WOLFSSL_FATAL_ERROR; /* unknown connect state */ } + #endif /* !WOLFSSL_NO_TLS12 */ } #endif /* NO_WOLFSSL_CLIENT */ @@ -8856,14 +8898,19 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, int wolfSSL_accept(WOLFSSL* ssl) { +#ifndef WOLFSSL_NO_TLS12 word16 havePSK = 0; word16 haveAnon = 0; word16 haveMcast = 0; +#endif -#ifdef WOLFSSL_TLS13 +#ifdef WOLFSSL_NO_TLS12 + return wolfSSL_accept_TLSv13(ssl); +#else + #ifdef WOLFSSL_TLS13 if (ssl->options.tls1_3) return wolfSSL_accept_TLSv13(ssl); -#endif + #endif WOLFSSL_ENTER("SSL_accept()"); #ifdef HAVE_ERRNO_H @@ -9142,6 +9189,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, WOLFSSL_MSG("Unknown accept state ERROR"); return WOLFSSL_FATAL_ERROR; } +#endif /* !WOLFSSL_NO_TLS12 */ } #endif /* NO_WOLFSSL_SERVER */ @@ -10784,6 +10832,15 @@ int wolfSSL_set_compression(WOLFSSL* ssl) return WOLFSSL_FATAL_ERROR; } + int wolfSSL_OPENSSL_add_all_algorithms_noconf(void) + { + WOLFSSL_ENTER("wolfSSL_OPENSSL_add_all_algorithms_noconf"); + + if (wolfSSL_add_all_algorithms() == WOLFSSL_FATAL_ERROR) + return WOLFSSL_FATAL_ERROR; + + return WOLFSSL_SUCCESS; + } /* returns previous set cache size which stays constant */ long wolfSSL_CTX_sess_set_cache_size(WOLFSSL_CTX* ctx, long sz) @@ -13343,7 +13400,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) } - /* WOLFSSL_SUCCESS on ok */ + /* WOLFSSL_SUCCESS on ok, WOLFSSL_FAILURE on failure */ int wolfSSL_EVP_DigestUpdate(WOLFSSL_EVP_MD_CTX* ctx, const void* data, size_t sz) { @@ -13393,7 +13450,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) break; #endif /* WOLFSSL_SHA512 */ default: - return BAD_FUNC_ARG; + return WOLFSSL_FAILURE; } return WOLFSSL_SUCCESS; @@ -13449,7 +13506,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) break; #endif /* WOLFSSL_SHA512 */ default: - return BAD_FUNC_ARG; + return WOLFSSL_FAILURE; } return WOLFSSL_SUCCESS; @@ -14307,7 +14364,6 @@ WOLFSSL_X509* wolfSSL_X509_d2i(WOLFSSL_X509** x509, const byte* in, int len) return newX509; } - #endif /* KEEP_PEER_CERT || SESSION_CERTS || OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ @@ -15229,7 +15285,22 @@ const char* wolfSSL_get_version(WOLFSSL* ssl) return "TLSv1.2"; #ifdef WOLFSSL_TLS13 case TLSv1_3_MINOR : + /* TODO: [TLS13] Remove draft versions. */ + #ifndef WOLFSSL_TLS13_FINAL + #ifdef WOLFSSL_TLS13_DRAFT_18 + return "TLSv1.3 (Draft 18)"; + #elif defined(WOLFSSL_TLS13_DRAFT_22) + return "TLSv1.3 (Draft 22)"; + #elif defined(WOLFSSL_TLS13_DRAFT_23) + return "TLSv1.3 (Draft 23)"; + #elif defined(WOLFSSL_TLS13_DRAFT_26) + return "TLSv1.3 (Draft 26)"; + #else + return "TLSv1.3 (Draft 28)"; + #endif + #else return "TLSv1.3"; + #endif #endif default: return "unknown"; @@ -15291,8 +15362,7 @@ const char* wolfSSL_CIPHER_get_name(const WOLFSSL_CIPHER* cipher) return NULL; } - return wolfSSL_get_cipher_name_from_suite(cipher->ssl->options.cipherSuite, - cipher->ssl->options.cipherSuite0); + return wolfSSL_get_cipher_name_iana(cipher->ssl); } const char* wolfSSL_SESSION_CIPHER_get_name(WOLFSSL_SESSION* session) @@ -15302,8 +15372,7 @@ const char* wolfSSL_SESSION_CIPHER_get_name(WOLFSSL_SESSION* session) } #ifdef SESSION_CERTS - return wolfSSL_get_cipher_name_from_suite(session->cipherSuite, - session->cipherSuite0); + return GetCipherNameIana(session->cipherSuite0, session->cipherSuite); #else return NULL; #endif @@ -15322,6 +15391,13 @@ const char* wolfSSL_get_cipher_name(WOLFSSL* ssl) return wolfSSL_get_cipher_name_internal(ssl); } +const char* wolfSSL_get_cipher_name_from_suite(const byte cipherSuite0, + const byte cipherSuite) +{ + return GetCipherNameInternal(cipherSuite0, cipherSuite); +} + + #ifdef HAVE_ECC /* Return the name of the curve used for key exchange as a printable string. * @@ -16300,8 +16376,10 @@ WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509* x509) != 0) { return WOLFSSL_FAILURE; } - if (wc_ecc_import_x963(x509->pubKey.buffer, - x509->pubKey.length, &ecc) != 0) { + + i = 0; + if (wc_EccPublicKeyDecode(x509->pubKey.buffer, &i, + &ecc, x509->pubKey.length) != 0) { wc_ecc_free(&ecc); return WOLFSSL_FAILURE; } @@ -16315,41 +16393,62 @@ WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509* x509) return WOLFSSL_FAILURE; } XSNPRINTF(tmp, sizeof(tmp) - 1," "); - for (i = 0; i < x509->pubKey.length; i++) { - char val[5]; - int valSz = 5; + { + word32 derSz; + byte* der; - if (i == 0) { - XSNPRINTF(val, valSz - 1, "%02x", - x509->pubKey.buffer[i]); + derSz = wc_ecc_size(&ecc) * WOLFSSL_BIT_SIZE; + der = (byte*)XMALLOC(derSz, x509->heap, + DYNAMIC_TYPE_TMP_BUFFER); + if (der == NULL) { + wc_ecc_free(&ecc); + return WOLFSSL_FAILURE; } - else if ((i % 15) == 0) { - tmp[sizeof(tmp) - 1] = '\0'; - if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) - <= 0) { - wc_ecc_free(&ecc); - return WOLFSSL_FAILURE; + + if (wc_ecc_export_x963(&ecc, der, &derSz) != 0) { + wc_ecc_free(&ecc); + XFREE(der, x509->heap, DYNAMIC_TYPE_TMP_BUFFER); + return WOLFSSL_FAILURE; + } + for (i = 0; i < derSz; i++) { + char val[5]; + int valSz = 5; + + if (i == 0) { + XSNPRINTF(val, valSz - 1, "%02x", der[i]); } - XSNPRINTF(tmp, sizeof(tmp) - 1, + else if ((i % 15) == 0) { + tmp[sizeof(tmp) - 1] = '\0'; + if (wolfSSL_BIO_write(bio, tmp, + (int)XSTRLEN(tmp)) <= 0) { + wc_ecc_free(&ecc); + XFREE(der, x509->heap, + DYNAMIC_TYPE_TMP_BUFFER); + return WOLFSSL_FAILURE; + } + XSNPRINTF(tmp, sizeof(tmp) - 1, ":\n "); - XSNPRINTF(val, valSz - 1, "%02x", - x509->pubKey.buffer[i]); + XSNPRINTF(val, valSz - 1, "%02x", der[i]); + } + else { + XSNPRINTF(val, valSz - 1, ":%02x", der[i]); + } + XSTRNCAT(tmp, val, valSz); } - else { - XSNPRINTF(val, valSz - 1, ":%02x", - x509->pubKey.buffer[i]); - } - XSTRNCAT(tmp, val, valSz); - } - /* print out remaning modulus values */ - if ((i > 0) && (((i - 1) % 15) != 0)) { + /* print out remaning modulus values */ + if ((i > 0) && (((i - 1) % 15) != 0)) { tmp[sizeof(tmp) - 1] = '\0'; if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) { wc_ecc_free(&ecc); + XFREE(der, x509->heap, + DYNAMIC_TYPE_TMP_BUFFER); return WOLFSSL_FAILURE; } + } + + XFREE(der, x509->heap, DYNAMIC_TYPE_TMP_BUFFER); } XSNPRINTF(tmp, sizeof(tmp) - 1, "\n%s%s: %s\n", " ", "ASN1 OID", @@ -17794,24 +17893,42 @@ int wolfSSL_X509_STORE_add_cert(WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509) return result; } - WOLFSSL_X509_STORE* wolfSSL_X509_STORE_new(void) { WOLFSSL_X509_STORE* store = NULL; - store = (WOLFSSL_X509_STORE*)XMALLOC(sizeof(WOLFSSL_X509_STORE), NULL, - DYNAMIC_TYPE_X509_STORE); - if (store != NULL) { - store->cm = wolfSSL_CertManagerNew(); - if (store->cm == NULL) { - XFREE(store, NULL, DYNAMIC_TYPE_X509_STORE); - store = NULL; - } - else - store->isDynamic = 1; - } + if((store = (WOLFSSL_X509_STORE*)XMALLOC(sizeof(WOLFSSL_X509_STORE), NULL, + DYNAMIC_TYPE_X509_STORE)) == NULL) + goto err_exit; + + if((store->cm = wolfSSL_CertManagerNew()) == NULL) + goto err_exit; + + store->isDynamic = 1; + +#ifdef HAVE_CRL + store->crl = NULL; + if((store->crl = (WOLFSSL_X509_CRL *)XMALLOC(sizeof(WOLFSSL_X509_CRL), + NULL, DYNAMIC_TYPE_TMP_BUFFER)) == NULL) + goto err_exit; + if(InitCRL(store->crl, NULL) < 0) + goto err_exit; +#endif return store; + +err_exit: + if(store == NULL) + return NULL; + if(store->cm != NULL) + wolfSSL_CertManagerFree(store->cm); +#ifdef HAVE_CRL + if(store->crl != NULL) + wolfSSL_X509_CRL_free(store->crl); +#endif + wolfSSL_X509_STORE_free(store); + + return NULL; } @@ -17819,7 +17936,11 @@ void wolfSSL_X509_STORE_free(WOLFSSL_X509_STORE* store) { if (store != NULL && store->isDynamic) { if (store->cm != NULL) - wolfSSL_CertManagerFree(store->cm); + wolfSSL_CertManagerFree(store->cm); +#ifdef HAVE_CRL + if (store->crl != NULL) + wolfSSL_X509_CRL_free(store->crl); +#endif XFREE(store, NULL, DYNAMIC_TYPE_X509_STORE); } } @@ -17948,6 +18069,153 @@ int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx) } #endif /* NO_CERTS */ +#if !defined(NO_FILESYSTEM) +static void *wolfSSL_d2i_X509_fp_ex(XFILE file, void **x509, int type) +{ + void *newx509 = NULL; + DerBuffer* der = NULL; + byte *fileBuffer = NULL; + + if (file != XBADFILE) + { + long sz = 0; + + XFSEEK(file, 0, XSEEK_END); + sz = XFTELL(file); + XREWIND(file); + + if (sz < 0) + { + WOLFSSL_MSG("Bad tell on FILE"); + return NULL; + } + + fileBuffer = (byte *)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE); + if (fileBuffer != NULL) + { + if((long)XFREAD(fileBuffer, 1, sz, file) != sz) + { + WOLFSSL_MSG("File read failed"); + goto err_exit; + } + if(type == CERT_TYPE) + newx509 = (void *)wolfSSL_X509_d2i(NULL, fileBuffer, (int)sz); + #ifdef HAVE_CRL + else if(type == CRL_TYPE) + newx509 = (void *)wolfSSL_d2i_X509_CRL(NULL, fileBuffer, (int)sz); + #endif + #if !defined(NO_ASN) && !defined(NO_PWDBASED) + else if(type == PKCS12_TYPE){ + if((newx509 = wc_PKCS12_new()) == NULL) + goto err_exit; + if(wc_d2i_PKCS12(fileBuffer, (int)sz, (WC_PKCS12*)newx509) < 0) + goto err_exit; + } + #endif + else goto err_exit; + if(newx509 == NULL) + { + WOLFSSL_MSG("X509 failed"); + goto err_exit; + } + } + } + if (x509 != NULL) + *x509 = newx509; + + goto _exit; + +err_exit: + if(newx509 != NULL){ + if(type == CERT_TYPE) + wolfSSL_X509_free((WOLFSSL_X509*)newx509); + #ifdef HAVE_CRL + else { + if(type == CRL_TYPE) + wolfSSL_X509_CRL_free((WOLFSSL_X509_CRL*)newx509); + } + #endif + } +_exit: + if(der != NULL) + FreeDer(&der); + if(fileBuffer != NULL) + XFREE(fileBuffer, NULL, DYNAMIC_TYPE_FILE); + return newx509; +} + +WOLFSSL_X509_PKCS12 *wolfSSL_d2i_PKCS12_fp(XFILE fp, WOLFSSL_X509_PKCS12 **pkcs12) +{ + WOLFSSL_ENTER("wolfSSL_d2i_PKCS12_fp"); + return (WOLFSSL_X509_PKCS12 *)wolfSSL_d2i_X509_fp_ex(fp, (void **)pkcs12, PKCS12_TYPE); +} + +WOLFSSL_X509 *wolfSSL_d2i_X509_fp(XFILE fp, WOLFSSL_X509 **x509) +{ + WOLFSSL_ENTER("wolfSSL_d2i_X509_fp"); + return (WOLFSSL_X509 *)wolfSSL_d2i_X509_fp_ex(fp, (void **)x509, CERT_TYPE); +} +#endif /* !NO_FILESYSTEM */ + + +#ifdef HAVE_CRL +#ifndef NO_FILESYSTEM +WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL_fp(XFILE fp, WOLFSSL_X509_CRL **crl) +{ + WOLFSSL_ENTER("wolfSSL_d2i_X509_CRL_fp"); + return (WOLFSSL_X509_CRL *)wolfSSL_d2i_X509_fp_ex(fp, (void **)crl, CRL_TYPE); +} +#endif /* !NO_FILESYSTEM */ + + +WOLFSSL_X509_CRL* wolfSSL_d2i_X509_CRL(WOLFSSL_X509_CRL** crl, const unsigned char* in, int len) +{ + WOLFSSL_X509_CRL *newcrl = NULL; + int ret ; + + WOLFSSL_ENTER("wolfSSL_d2i_X509_CRL"); + + if(in == NULL){ + WOLFSSL_MSG("Bad argument value"); + return NULL; + } + + newcrl = (WOLFSSL_X509_CRL*)XMALLOC(sizeof(WOLFSSL_X509_CRL), NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (newcrl == NULL){ + WOLFSSL_MSG("New CRL allocation failed"); + return NULL; + } + if (InitCRL(newcrl, NULL) < 0) { + WOLFSSL_MSG("Init tmp CRL failed"); + goto err_exit; + } + ret = BufferLoadCRL(newcrl, in, len, WOLFSSL_FILETYPE_ASN1, 1); + if (ret != WOLFSSL_SUCCESS){ + WOLFSSL_MSG("Buffer Load CRL failed"); + goto err_exit; + } + if(crl){ + *crl = newcrl; + } + goto _exit; + +err_exit: + if(newcrl != NULL) + wolfSSL_X509_CRL_free(newcrl); + newcrl = NULL; +_exit: + return newcrl; +} + +void wolfSSL_X509_CRL_free(WOLFSSL_X509_CRL *crl) +{ + WOLFSSL_ENTER("wolfSSL_X509_CRL_free"); + + FreeCRL(crl, 1); + return; +} +#endif /* HAVE_CRL */ + #ifndef NO_WOLFSSL_STUB WOLFSSL_ASN1_TIME* wolfSSL_X509_CRL_get_lastUpdate(WOLFSSL_X509_CRL* crl) { @@ -20487,6 +20755,14 @@ int wolfSSL_ASN1_GENERALIZEDTIME_print(WOLFSSL_BIO* bio, return 0; } +void wolfSSL_ASN1_GENERALIZEDTIME_free(WOLFSSL_ASN1_TIME* asn1Time) +{ + WOLFSSL_ENTER("wolfSSL_ASN1_GENERALIZEDTIME_free"); + if (asn1Time == NULL) + return; + XMEMSET(asn1Time->data, 0, sizeof(asn1Time->data)); +} + int wolfSSL_sk_num(WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)* sk) { if (sk == NULL) @@ -21079,6 +21355,7 @@ int wolfSSL_RAND_write_file(const char* fname) return bytes; } +#ifndef FREERTOS_TCP /* These constant values are protocol values made by egd */ #if defined(USE_WOLFSSL_IO) && !defined(USE_WINDOWS_API) @@ -21243,6 +21520,7 @@ int wolfSSL_RAND_egd(const char* nm) #endif /* defined(USE_WOLFSSL_IO) && !defined(USE_WINDOWS_API) */ } +#endif /* !FREERTOS_TCP */ void wolfSSL_RAND_Cleanup(void) { @@ -21305,6 +21583,28 @@ int wolfSSL_RAND_bytes(unsigned char* buf, int num) return ret; } + +int wolfSSL_RAND_poll() +{ + byte entropy[16]; + int ret = 0; + word32 entropy_sz = 16; + + WOLFSSL_ENTER("wolfSSL_RAND_poll"); + if (initGlobalRNG == 0){ + WOLFSSL_MSG("Global RNG no Init"); + return WOLFSSL_FAILURE; + } + ret = wc_GenerateSeed(&globalRNG.seed, entropy, entropy_sz); + if (ret != 0){ + WOLFSSL_MSG("Bad wc_RNG_GenerateBlock"); + ret = WOLFSSL_FAILURE; + }else + ret = WOLFSSL_SUCCESS; + + return ret; +} + WOLFSSL_BN_CTX* wolfSSL_BN_CTX_new(void) { static int ctx; /* wolfcrypt doesn't now need ctx */ @@ -22226,7 +22526,7 @@ char *wolfSSL_BN_bn2hex(const WOLFSSL_BIGNUM *bn) /* return code compliant with OpenSSL : * 1 if success, 0 if error */ -int wolfSSL_BN_print_fp(FILE *fp, const WOLFSSL_BIGNUM *bn) +int wolfSSL_BN_print_fp(XFILE fp, const WOLFSSL_BIGNUM *bn) { #if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) || defined(DEBUG_WOLFSSL) char *buf; @@ -24090,25 +24390,25 @@ int wolfSSL_RSA_verify(int type, const unsigned char* m, unsigned int len; WOLFSSL_ENTER("wolfSSL_RSA_verify"); - if((m == NULL) || (sig == NULL)) { + if ((m == NULL) || (sig == NULL)) { WOLFSSL_MSG("Bad function arguments"); return WOLFSSL_FAILURE; } sigRet = (unsigned char *)XMALLOC(sigLen, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if(sigRet == NULL){ + if (sigRet == NULL) { WOLFSSL_MSG("Memory failure"); return WOLFSSL_FAILURE; } sigDec = (unsigned char *)XMALLOC(sigLen, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if(sigDec == NULL){ + if (sigDec == NULL) { WOLFSSL_MSG("Memory failure"); XFREE(sigRet, NULL, DYNAMIC_TYPE_TMP_BUFFER); return WOLFSSL_FAILURE; } /* get non-encrypted signature to be compared with decrypted sugnature*/ ret = wolfSSL_RSA_sign_ex(type, m, mLen, sigRet, &len, rsa, 0); - if(ret <= 0){ + if (ret <= 0) { WOLFSSL_MSG("Message Digest Error"); XFREE(sigRet, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(sigDec, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -24116,8 +24416,9 @@ int wolfSSL_RSA_verify(int type, const unsigned char* m, } show("Encoded Message", sigRet, len); /* decrypt signature */ - ret = wc_RsaSSL_Verify(sig, sigLen, (unsigned char *)sigDec, sigLen, (RsaKey*)rsa->internal); - if(ret <= 0){ + ret = wc_RsaSSL_Verify(sig, sigLen, (unsigned char *)sigDec, sigLen, + (RsaKey*)rsa->internal); + if (ret <= 0) { WOLFSSL_MSG("RSA Decrypt error"); XFREE(sigRet, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(sigDec, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -24125,12 +24426,13 @@ int wolfSSL_RSA_verify(int type, const unsigned char* m, } show("Decrypted Signature", sigDec, ret); - if(XMEMCMP(sigRet, sigDec, ret) == 0){ + if ((int)len == ret && XMEMCMP(sigRet, sigDec, ret) == 0) { WOLFSSL_MSG("wolfSSL_RSA_verify success"); XFREE(sigRet, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(sigDec, NULL, DYNAMIC_TYPE_TMP_BUFFER); return WOLFSSL_SUCCESS; - } else { + } + else { WOLFSSL_MSG("wolfSSL_RSA_verify failed"); XFREE(sigRet, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(sigDec, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -24552,7 +24854,8 @@ int wolfSSL_HMAC_Final(WOLFSSL_HMAC_CTX* ctx, unsigned char* hash, WOLFSSL_MSG("wolfSSL_HMAC_Final"); - if (ctx == NULL || hash == NULL || len == NULL) { + /* "len" parameter is optional. */ + if (ctx == NULL || hash == NULL) { WOLFSSL_MSG("invalid parameter"); return WOLFSSL_FAILURE; } @@ -27341,12 +27644,68 @@ int wolfSSL_PEM_write_RSA_PUBKEY(FILE *fp, WOLFSSL_RSA *x) #endif /* OPENSSL_EXTRA */ #if !defined(NO_RSA) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) +WOLFSSL_RSA *wolfSSL_d2i_RSAPublicKey(WOLFSSL_RSA **r, const unsigned char **pp, long len) +{ + WOLFSSL_RSA *rsa = NULL; + + WOLFSSL_ENTER("d2i_RSAPublicKey"); + if(pp == NULL){ + WOLFSSL_MSG("Bad argument"); + return NULL; + } + if((rsa = wolfSSL_RSA_new()) == NULL){ + WOLFSSL_MSG("RSA_new failed"); + return NULL; + } + + if(wolfSSL_RSA_LoadDer_ex(rsa, *pp, (int)len, WOLFSSL_RSA_LOAD_PUBLIC) + != WOLFSSL_SUCCESS){ + WOLFSSL_MSG("RSA_LoadDer failed"); + return NULL; + } + if(r != NULL) + *r = rsa; + return rsa; +} + +#if !defined(HAVE_FAST_RSA) +int wolfSSL_i2d_RSAPublicKey(WOLFSSL_RSA *rsa, const unsigned char **pp) +{ + byte *der; + int derLen; + int ret; + + WOLFSSL_ENTER("i2d_RSAPublicKey"); + if((rsa == NULL) || (pp == NULL)) + return WOLFSSL_FATAL_ERROR; + if((ret = SetRsaInternal(rsa)) != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("SetRsaInternal Failed"); + return ret; + } + if((derLen = RsaPublicKeyDerSize((RsaKey *)rsa->internal, 1)) < 0) + return WOLFSSL_FATAL_ERROR; + der = (byte*)XMALLOC(derLen, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (der == NULL) { + return WOLFSSL_FATAL_ERROR; + } + if((ret = wc_RsaKeyToPublicDer((RsaKey *)rsa->internal, der, derLen)) < 0){ + WOLFSSL_MSG("RsaKeyToPublicDer failed"); + XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return ret; + } + + *pp = der; + return ret; +} +#endif /* #if !defined(HAVE_FAST_RSA) */ + /* return WOLFSSL_SUCCESS if success, WOLFSSL_FATAL_ERROR if error */ int wolfSSL_RSA_LoadDer(WOLFSSL_RSA* rsa, const unsigned char* derBuf, int derSz) { return wolfSSL_RSA_LoadDer_ex(rsa, derBuf, derSz, WOLFSSL_RSA_LOAD_PRIVATE); } + int wolfSSL_RSA_LoadDer_ex(WOLFSSL_RSA* rsa, const unsigned char* derBuf, int derSz, int opt) { @@ -28324,6 +28683,71 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) return x509; } +#if defined(HAVE_CRL) && !defined(NO_FILESYSTEM) + WOLFSSL_API WOLFSSL_X509_CRL* wolfSSL_PEM_read_X509_CRL(XFILE fp, WOLFSSL_X509_CRL **crl, + pem_password_cb *cb, void *u) + { +#if defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM) + unsigned char* pem = NULL; + DerBuffer* der = NULL; + int pemSz; + int derSz; + long i = 0, l; + WOLFSSL_X509_CRL* newcrl; + + WOLFSSL_ENTER("wolfSSL_PEM_read_X509_CRL"); + + if (fp == NULL) { + WOLFSSL_LEAVE("wolfSSL_PEM_read_X509_CRL", BAD_FUNC_ARG); + return NULL; + } + /* Read in CRL from file */ + i = XFTELL(fp); + if (i < 0) { + WOLFSSL_LEAVE("wolfSSL_PEM_read_X509_CRL", BAD_FUNC_ARG); + return NULL; + } + + if (XFSEEK(fp, 0, SEEK_END) != 0) + return NULL; + l = XFTELL(fp); + if (l < 0) + return NULL; + if (XFSEEK(fp, i, SEEK_SET) != 0) + return NULL; + pemSz = (int)(l - i); + /* check calculated length */ + if (pemSz < 0) + return NULL; + if((pem = (unsigned char*)XMALLOC(pemSz, 0, DYNAMIC_TYPE_PEM)) == NULL) + return NULL; + + if((int)XFREAD((char *)pem, 1, pemSz, fp) != pemSz) + goto err_exit; + if((PemToDer(pem, pemSz, CRL_TYPE, &der, NULL, NULL, NULL)) < 0) + goto err_exit; + XFREE(pem, 0, DYNAMIC_TYPE_PEM); + + derSz = der->length; + if((newcrl = wolfSSL_d2i_X509_CRL(crl, (const unsigned char *)der->buffer, derSz)) == NULL) + goto err_exit; + FreeDer(&der); + + return newcrl; + + err_exit: + if(pem != NULL) + XFREE(pem, 0, DYNAMIC_TYPE_PEM); + if(der != NULL) + FreeDer(&der); + return NULL; + + (void)cb; + (void)u; + #endif + + } +#endif /* * bp : bio to read X509 from @@ -29054,6 +29478,102 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) } } #endif /* ! NO_SHA256 */ + +#if defined(WOLFSSL_SHA384) && defined(WOLFSSL_SHA512) + /* One shot SHA384 hash of message. + * + * d message to hash + * n size of d buffer + * md buffer to hold digest. Should be WC_SHA256_DIGEST_SIZE. + * + * Note: if md is null then a static buffer of WC_SHA256_DIGEST_SIZE is used. + * When the static buffer is used this function is not thread safe. + * + * Returns a pointer to the message digest on success and NULL on failure. + */ + unsigned char *wolfSSL_SHA384(const unsigned char *d, size_t n, + unsigned char *md) + { + static byte dig[WC_SHA384_DIGEST_SIZE]; + wc_Sha384 sha; + + WOLFSSL_ENTER("wolfSSL_SHA384"); + + if (wc_InitSha384_ex(&sha, NULL, 0) != 0) { + WOLFSSL_MSG("SHA384 Init failed"); + return NULL; + } + + if (wc_Sha384Update(&sha, (const byte*)d, (word32)n) != 0) { + WOLFSSL_MSG("SHA384 Update failed"); + return NULL; + } + + if (wc_Sha384Final(&sha, dig) != 0) { + WOLFSSL_MSG("SHA384 Final failed"); + return NULL; + } + + wc_Sha384Free(&sha); + + if (md != NULL) { + XMEMCPY(md, dig, WC_SHA384_DIGEST_SIZE); + return md; + } + else { + return (unsigned char*)dig; + } + } +#endif /* defined(WOLFSSL_SHA384) && defined(WOLFSSL_SHA512) */ + + +#if defined(WOLFSSL_SHA512) + /* One shot SHA512 hash of message. + * + * d message to hash + * n size of d buffer + * md buffer to hold digest. Should be WC_SHA256_DIGEST_SIZE. + * + * Note: if md is null then a static buffer of WC_SHA256_DIGEST_SIZE is used. + * When the static buffer is used this function is not thread safe. + * + * Returns a pointer to the message digest on success and NULL on failure. + */ + unsigned char *wolfSSL_SHA512(const unsigned char *d, size_t n, + unsigned char *md) + { + static byte dig[WC_SHA512_DIGEST_SIZE]; + wc_Sha512 sha; + + WOLFSSL_ENTER("wolfSSL_SHA512"); + + if (wc_InitSha512_ex(&sha, NULL, 0) != 0) { + WOLFSSL_MSG("SHA512 Init failed"); + return NULL; + } + + if (wc_Sha512Update(&sha, (const byte*)d, (word32)n) != 0) { + WOLFSSL_MSG("SHA512 Update failed"); + return NULL; + } + + if (wc_Sha512Final(&sha, dig) != 0) { + WOLFSSL_MSG("SHA512 Final failed"); + return NULL; + } + + wc_Sha512Free(&sha); + + if (md != NULL) { + XMEMCPY(md, dig, WC_SHA512_DIGEST_SIZE); + return md; + } + else { + return (unsigned char*)dig; + } + } +#endif /* defined(WOLFSSL_SHA512) */ + char wolfSSL_CTX_use_certificate(WOLFSSL_CTX *ctx, WOLFSSL_X509 *x) { int ret; @@ -32102,3 +32622,304 @@ int wolfSSL_CTX_set_alpn_protos(WOLFSSL_CTX *ctx, const unsigned char *p, #endif #endif /* WOLFCRYPT_ONLY */ + +#if defined(OPENSSL_EXTRA) +int wolfSSL_X509_check_ca(WOLFSSL_X509 *x509) +{ + WOLFSSL_ENTER("X509_check_ca"); + + if (x509 == NULL) + return WOLFSSL_FAILURE; + if (x509->isCa) + return 1; + if (x509->extKeyUsageCrit) + return 4; + + return 0; +} + + +const char *wolfSSL_ASN1_tag2str(int tag) +{ + static const char *const tag_label[31] = { + "EOC", "BOOLEAN", "INTEGER", "BIT STRING", "OCTET STRING", "NULL", + "OBJECT", "OBJECT DESCRIPTOR", "EXTERNAL", "REAL", "ENUMERATED", + "", "UTF8STRING", "", "", "", + "SEQUENCE", "SET", "NUMERICSTRING", "PRINTABLESTRING", "T61STRING", + "VIDEOTEXTSTRING", "IA5STRING", "UTCTIME", "GENERALIZEDTIME", + "GRAPHICSTRING", "VISIBLESTRING", "GENERALSTRING", "UNIVERSALSTRING", + "", "BMPSTRING" + }; + + if ((tag == V_ASN1_NEG_INTEGER) || (tag == V_ASN1_NEG_ENUMERATED)) + tag &= ~0x100; + if (tag < 0 || tag > 30) + return "(unknown)"; + return tag_label[tag]; +} + +static int check_esc_char(char c, char *esc) +{ + char *ptr = NULL; + + ptr = esc; + while(*ptr != 0){ + if (c == *ptr) + return 1; + ptr++; + } + return 0; +} + +int wolfSSL_ASN1_STRING_print_ex(WOLFSSL_BIO *out, WOLFSSL_ASN1_STRING *str, + unsigned long flags) +{ + size_t str_len = 0, type_len = 0; + unsigned char *typebuf = NULL; + const char *hash="#"; + + WOLFSSL_ENTER("wolfSSL_ASN1_STRING_PRINT_ex"); + if (out == NULL || str == NULL) + return WOLFSSL_FAILURE; + + /* add ASN1 type tag */ + if (flags & ASN1_STRFLGS_SHOW_TYPE){ + const char *tag = wolfSSL_ASN1_tag2str(str->type); + /* colon len + tag len + null*/ + type_len = XSTRLEN(tag) + 2; + typebuf = (unsigned char *)XMALLOC(type_len , NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (typebuf == NULL){ + WOLFSSL_MSG("memory alloc failed."); + return WOLFSSL_FAILURE; + } + XMEMSET(typebuf, 0, type_len); + XSNPRINTF((char*)typebuf, (size_t)type_len , "%s:", tag); + type_len--; + } + + /* dump hex */ + if (flags & ASN1_STRFLGS_DUMP_ALL){ + static const char hex_char[] = { '0', '1', '2', '3', '4', '5', '6', + '7','8', '9', 'A', 'B', 'C', 'D', + 'E', 'F' }; + char hex_tmp[4]; + char *str_ptr, *str_end; + + if (type_len > 0){ + if (wolfSSL_BIO_write(out, typebuf, (int)type_len) != (int)type_len){ + XFREE(typebuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return WOLFSSL_FAILURE; + } + str_len += type_len; + } + if (wolfSSL_BIO_write(out, hash, 1) != 1){ + goto err_exit; + } + str_len++; + if (flags & ASN1_STRFLGS_DUMP_DER){ + hex_tmp[0] = hex_char[str->type >> 4]; + hex_tmp[1] = hex_char[str->type & 0xf]; + hex_tmp[2] = hex_char[str->length >> 4]; + hex_tmp[3] = hex_char[str->length & 0xf]; + if (wolfSSL_BIO_write(out, hex_tmp, 4) != 4){ + goto err_exit; + } + str_len += 4; + XMEMSET(hex_tmp, 0, 4); + } + + str_ptr = str->data; + str_end = str->data + str->length; + while (str_ptr < str_end){ + hex_tmp[0] = hex_char[*str_ptr >> 4]; + hex_tmp[1] = hex_char[*str_ptr & 0xf]; + if (wolfSSL_BIO_write(out, hex_tmp, 2) != 2){ + goto err_exit; + } + str_ptr++; + str_len += 2; + } + if (type_len > 0) + XFREE(typebuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + + return (int)str_len; + } + + if (type_len > 0){ + if (wolfSSL_BIO_write(out, typebuf, (int)type_len) != (int)type_len){ + XFREE(typebuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return WOLFSSL_FAILURE; + } + str_len += type_len; + } + + if (flags & ASN1_STRFLGS_ESC_2253){ + char esc_ch[] = "+;<>\\"; + char* esc_ptr = NULL; + + esc_ptr = str->data; + while (*esc_ptr != 0){ + if (check_esc_char(*esc_ptr, esc_ch)){ + if (wolfSSL_BIO_write(out,"\\", 1) != 1) + goto err_exit; + str_len++; + } + if (wolfSSL_BIO_write(out, esc_ptr, 1) != 1) + goto err_exit; + str_len++; + esc_ptr++; + } + if (type_len > 0) + XFREE(typebuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return (int)str_len; + } + + if (wolfSSL_BIO_write(out, str->data, str->length) != str->length){ + goto err_exit; + } + str_len += str->length; + if (type_len > 0) + XFREE(typebuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + + return (int)str_len; + +err_exit: + if (type_len > 0) + XFREE(typebuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return WOLFSSL_FAILURE; +} + +#ifndef NO_ASN_TIME +WOLFSSL_ASN1_TIME *wolfSSL_ASN1_TIME_to_generalizedtime(WOLFSSL_ASN1_TIME *t, + WOLFSSL_ASN1_TIME **out) +{ + unsigned char time_type; + WOLFSSL_ASN1_TIME *ret = NULL; + unsigned char *data_ptr = NULL; + + WOLFSSL_ENTER("wolfSSL_ASN1_TIME_to_generalizedtime"); + if (t == NULL) + return NULL; + + time_type = t->data[0]; + if (time_type != ASN_UTC_TIME && time_type != ASN_GENERALIZED_TIME){ + WOLFSSL_MSG("Invalid ASN_TIME type."); + return NULL; + } + if (out == NULL || *out == NULL){ + ret = (WOLFSSL_ASN1_TIME*)XMALLOC(sizeof(WOLFSSL_ASN1_TIME), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (ret == NULL){ + WOLFSSL_MSG("memory alloc failed."); + return NULL; + } + XMEMSET(ret, 0, sizeof(WOLFSSL_ASN1_TIME)); + } else + ret = *out; + + if (time_type == ASN_GENERALIZED_TIME){ + XMEMCPY(ret->data, t->data, ASN_GENERALIZED_TIME_SIZE); + return ret; + } else if (time_type == ASN_UTC_TIME){ + ret->data[0] = ASN_GENERALIZED_TIME; + ret->data[1] = ASN_GENERALIZED_TIME_SIZE; + data_ptr = ret->data + 2; + if (t->data[2] >= '5') + XSNPRINTF((char*)data_ptr, ASN_UTC_TIME_SIZE + 2, "19%s", t->data + 2); + else + XSNPRINTF((char*)data_ptr, ASN_UTC_TIME_SIZE + 2, "20%s", t->data + 2); + + return ret; + } + + WOLFSSL_MSG("Invalid ASN_TIME value"); + return NULL; +} +#endif /* !NO_ASN_TIME */ + + +#ifndef NO_ASN +int wolfSSL_i2c_ASN1_INTEGER(WOLFSSL_ASN1_INTEGER *a, unsigned char **pp) +{ + unsigned char *pptr = NULL; + char pad = 0 ; + unsigned char pad_val = 0; + int ret_size = 0; + unsigned char data1 = 0; + unsigned char neg = 0; + int i = 0; + + WOLFSSL_ENTER("wolfSSL_i2c_ASN1_INTEGER"); + if (a == NULL) + return WOLFSSL_FAILURE; + + ret_size = a->intData[1]; + if (ret_size == 0) + ret_size = 1; + else{ + ret_size = (int)a->intData[1]; + neg = a->negative; + data1 = a->intData[2]; + if (ret_size == 1 && data1 == 0) + neg = 0; + /* 0x80 or greater positive number in first byte */ + if (!neg && (data1 > 127)){ + pad = 1; + pad_val = 0; + } else if (neg){ + /* negative number */ + if (data1 > 128){ + pad = 1; + pad_val = 0xff; + } else if (data1 == 128){ + for (i = 3; i < a->intData[1] + 2; i++){ + if (a->intData[i]){ + pad = 1; + pad_val = 0xff; + break; + } + } + } + } + ret_size += (int)pad; + } + if (pp == NULL) + return ret_size; + + pptr = *pp; + if (pad) + *(pptr++) = pad_val; + if (a->intData[1] == 0) + *(pptr++) = 0; + else if (!neg){ + /* positive number */ + for (i=0; i < a->intData[1]; i++){ + *pptr = a->intData[i+2]; + pptr++; + } + } else { + /* negative number */ + int str_len = 0; + + /* 0 padding from end of buffer */ + str_len = (int)a->intData[1]; + pptr += a->intData[1] - 1; + while (!a->intData[str_len + 2] && str_len > 1){ + *(pptr--) = 0; + str_len--; + } + /* 2's complement next octet */ + *(pptr--) = ((a->intData[str_len + 1]) ^ 0xff) + 1; + str_len--; + /* Complement any octets left */ + while (str_len > 0){ + *(pptr--) = a->intData[str_len + 1] ^ 0xff; + str_len--; + } + } + *pp += ret_size; + return ret_size; +} +#endif /* !NO_ASN */ + +#endif /* OPENSSLEXTRA */ diff --git a/src/tls.c b/src/tls.c old mode 100755 new mode 100644 index b09a6f256..d6e947c19 --- a/src/tls.c +++ b/src/tls.c @@ -99,13 +99,14 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions); #endif +#ifndef WOLFSSL_NO_TLS12 + #ifdef WOLFSSL_SHA384 #define P_HASH_MAX_SIZE WC_SHA384_DIGEST_SIZE #else #define P_HASH_MAX_SIZE WC_SHA256_DIGEST_SIZE #endif - /* compute p_hash for MD5, SHA-1, SHA-256, or SHA-384 for TLSv1 PRF */ static int p_hash(byte* result, word32 resLen, const byte* secret, word32 secLen, const byte* seed, word32 seedLen, int hash, @@ -233,6 +234,8 @@ static int p_hash(byte* result, word32 resLen, const byte* secret, #undef P_HASH_MAX_SIZE +#endif /* !WOLFSSL_NO_TLS12 */ + #ifndef NO_OLD_TLS @@ -325,6 +328,8 @@ static int doPRF(byte* digest, word32 digLen, const byte* secret,word32 secLen, #endif +#ifndef WOLFSSL_NO_TLS12 + /* Wrapper to call straight thru to p_hash in TSL 1.2 cases to remove stack use */ static int PRF(byte* digest, word32 digLen, const byte* secret, word32 secLen, @@ -452,6 +457,7 @@ int BuildTlsFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) return ret; } +#endif /* !WOLFSSL_NO_TLS12 */ #ifndef NO_OLD_TLS @@ -479,6 +485,8 @@ ProtocolVersion MakeTLSv1_1(void) #endif /* !NO_OLD_TLS */ +#ifndef WOLFSSL_NO_TLS12 + ProtocolVersion MakeTLSv1_2(void) { ProtocolVersion pv; @@ -488,6 +496,8 @@ ProtocolVersion MakeTLSv1_2(void) return pv; } +#endif /* !WOLFSSL_NO_TLS12 */ + #ifdef WOLFSSL_TLS13 /* The TLS v1.3 protocol version. * @@ -503,6 +513,7 @@ ProtocolVersion MakeTLSv1_3(void) } #endif +#ifndef WOLFSSL_NO_TLS12 #ifdef HAVE_EXTENDED_MASTER static const byte ext_master_label[EXT_MASTER_LABEL_SZ + 1] = @@ -841,13 +852,447 @@ int wolfSSL_SetTlsHmacInner(WOLFSSL* ssl, byte* inner, word32 sz, int content, } -/* TLS type HMAC */ -int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, - int content, int verify) +#if !defined(WOLFSSL_NO_HASH_RAW) && !defined(HAVE_FIPS) + +/* Update the hash in the HMAC. + * + * hmac HMAC object. + * data Data to be hashed. + * sz Size of data to hash. + * returns 0 on success, otherwise failure. + */ +static int Hmac_HashUpdate(Hmac* hmac, const byte* data, word32 sz) { - Hmac hmac; - int ret = 0; - byte myInner[WOLFSSL_TLS_HMAC_INNER_SZ]; + int ret = BAD_FUNC_ARG; + + switch (hmac->macType) { + #ifndef NO_SHA + case WC_SHA: + ret = wc_ShaUpdate(&hmac->hash.sha, data, sz); + break; + #endif /* !NO_SHA */ + + #ifndef NO_SHA256 + case WC_SHA256: + ret = wc_Sha256Update(&hmac->hash.sha256, data, sz); + break; + #endif /* !NO_SHA256 */ + + #ifdef WOLFSSL_SHA384 + case WC_SHA384: + ret = wc_Sha384Update(&hmac->hash.sha384, data, sz); + break; + #endif /* WOLFSSL_SHA384 */ + + #ifdef WOLFSSL_SHA512 + case WC_SHA512: + ret = wc_Sha512Update(&hmac->hash.sha512, data, sz); + break; + #endif /* WOLFSSL_SHA512 */ + } + + return ret; +} + +/* Finalize the hash but don't put the EOC, padding or length in. + * + * hmac HMAC object. + * hash Hash result. + * returns 0 on success, otherwise failure. + */ +static int Hmac_HashFinalRaw(Hmac* hmac, unsigned char* hash) +{ + int ret = BAD_FUNC_ARG; + + switch (hmac->macType) { + #ifndef NO_SHA + case WC_SHA: + ret = wc_ShaFinalRaw(&hmac->hash.sha, hash); + break; + #endif /* !NO_SHA */ + + #ifndef NO_SHA256 + case WC_SHA256: + ret = wc_Sha256FinalRaw(&hmac->hash.sha256, hash); + break; + #endif /* !NO_SHA256 */ + + #ifdef WOLFSSL_SHA384 + case WC_SHA384: + ret = wc_Sha384FinalRaw(&hmac->hash.sha384, hash); + break; + #endif /* WOLFSSL_SHA384 */ + + #ifdef WOLFSSL_SHA512 + case WC_SHA512: + ret = wc_Sha512FinalRaw(&hmac->hash.sha512, hash); + break; + #endif /* WOLFSSL_SHA512 */ + } + + return ret; +} + +/* Finalize the HMAC by performing outer hash. + * + * hmac HMAC object. + * mac MAC result. + * returns 0 on success, otherwise failure. + */ +static int Hmac_OuterHash(Hmac* hmac, unsigned char* mac) +{ + int ret = BAD_FUNC_ARG; + + switch (hmac->macType) { + #ifndef NO_SHA + case WC_SHA: + ret = wc_InitSha(&hmac->hash.sha); + if (ret == 0) + ret = wc_ShaUpdate(&hmac->hash.sha, (byte*)hmac->opad, + WC_SHA_BLOCK_SIZE); + if (ret == 0) + ret = wc_ShaUpdate(&hmac->hash.sha, (byte*)hmac->innerHash, + WC_SHA_DIGEST_SIZE); + if (ret == 0) + ret = wc_ShaFinal(&hmac->hash.sha, mac); + break; + #endif /* !NO_SHA */ + + #ifndef NO_SHA256 + case WC_SHA256: + ret = wc_InitSha256(&hmac->hash.sha256); + if (ret == 0) + ret = wc_Sha256Update(&hmac->hash.sha256, (byte*)hmac->opad, + WC_SHA256_BLOCK_SIZE); + if (ret == 0) + ret = wc_Sha256Update(&hmac->hash.sha256, + (byte*)hmac->innerHash, + WC_SHA256_DIGEST_SIZE); + if (ret == 0) + ret = wc_Sha256Final(&hmac->hash.sha256, mac); + break; + #endif /* !NO_SHA256 */ + + #ifdef WOLFSSL_SHA384 + case WC_SHA384: + ret = wc_InitSha384(&hmac->hash.sha384); + if (ret == 0) + ret = wc_Sha384Update(&hmac->hash.sha384, (byte*)hmac->opad, + WC_SHA384_BLOCK_SIZE); + if (ret == 0) + ret = wc_Sha384Update(&hmac->hash.sha384, + (byte*)hmac->innerHash, + WC_SHA384_DIGEST_SIZE); + if (ret == 0) + ret = wc_Sha384Final(&hmac->hash.sha384, mac); + break; + #endif /* WOLFSSL_SHA384 */ + + #ifdef WOLFSSL_SHA512 + case WC_SHA512: + ret = wc_InitSha512(&hmac->hash.sha512); + if (ret == 0) + ret = wc_Sha512Update(&hmac->hash.sha512,(byte*)hmac->opad, + WC_SHA512_BLOCK_SIZE); + if (ret == 0) + ret = wc_Sha512Update(&hmac->hash.sha512, + (byte*)hmac->innerHash, + WC_SHA512_DIGEST_SIZE); + if (ret == 0) + ret = wc_Sha512Final(&hmac->hash.sha512, mac); + break; + #endif /* WOLFSSL_SHA512 */ + } + + return ret; +} + +/* Calculate the HMAC of the header + message data. + * Constant time implementation using wc_Sha*FinalRaw(). + * + * hmac HMAC object. + * digest MAC result. + * in Message data. + * sz Size of the message data. + * header Constructed record header with length of handshake data. + * returns 0 on success, otherwise failure. + */ +static int Hmac_UpdateFinal_CT(Hmac* hmac, byte* digest, const byte* in, + word32 sz, byte* header) +{ + byte lenBytes[8]; + int i, j, k; + int blockBits, blockMask; + int realLen, lastBlockLen, macLen, extraLen, eocIndex; + int blocks, safeBlocks, lenBlock, eocBlock; + int maxLen; + int blockSz, padSz; + int ret; + byte extraBlock; + + switch (hmac->macType) { + #ifndef NO_SHA + case WC_SHA: + blockSz = WC_SHA_BLOCK_SIZE; + blockBits = 6; + macLen = WC_SHA_DIGEST_SIZE; + padSz = WC_SHA_BLOCK_SIZE - WC_SHA_PAD_SIZE + 1; + break; + #endif /* !NO_SHA */ + + #ifndef NO_SHA256 + case WC_SHA256: + blockSz = WC_SHA256_BLOCK_SIZE; + blockBits = 6; + macLen = WC_SHA256_DIGEST_SIZE; + padSz = WC_SHA256_BLOCK_SIZE - WC_SHA256_PAD_SIZE + 1; + break; + #endif /* !NO_SHA256 */ + + #ifdef WOLFSSL_SHA384 + case WC_SHA384: + blockSz = WC_SHA384_BLOCK_SIZE; + blockBits = 7; + macLen = WC_SHA384_DIGEST_SIZE; + padSz = WC_SHA384_BLOCK_SIZE - WC_SHA384_PAD_SIZE + 1; + break; + #endif /* WOLFSSL_SHA384 */ + + #ifdef WOLFSSL_SHA512 + case WC_SHA512: + blockSz = WC_SHA512_BLOCK_SIZE; + blockBits = 7; + macLen = WC_SHA512_DIGEST_SIZE; + padSz = WC_SHA512_BLOCK_SIZE - WC_SHA512_PAD_SIZE + 1; + break; + #endif /* WOLFSSL_SHA512 */ + + default: + return BAD_FUNC_ARG; + } + blockMask = blockSz - 1; + + /* Size of data to HMAC if padding length byte is zero. */ + maxLen = WOLFSSL_TLS_HMAC_INNER_SZ + sz - 1 - macLen; + /* Complete data (including padding) has block for EOC and/or length. */ + extraBlock = ctSetLTE((maxLen + padSz) & blockMask, padSz); + /* Total number of blocks for data including padding. */ + blocks = ((maxLen + blockSz - 1) >> blockBits) + extraBlock; + /* Up to last 6 blocks can be hashed safely. */ + safeBlocks = blocks - 6; + + /* Length of message data. */ + realLen = maxLen - in[sz - 1]; + /* Number of message bytes in last block. */ + lastBlockLen = realLen & blockMask; + /* Number of padding bytes in last block. */ + extraLen = ((blockSz * 2 - padSz - lastBlockLen) & blockMask) + 1; + /* Number of blocks to create for hash. */ + lenBlock = (realLen + extraLen) >> blockBits; + /* Block containing EOC byte. */ + eocBlock = realLen >> blockBits; + /* Index of EOC byte in block. */ + eocIndex = realLen & blockMask; + + /* Add length of hmac's ipad to total length. */ + realLen += blockSz; + /* Length as bits - 8 bytes bigendian. */ + c32toa(realLen >> ((sizeof(word32) * 8) - 3), lenBytes); + c32toa(realLen << 3, lenBytes + sizeof(word32)); + + ret = Hmac_HashUpdate(hmac, (unsigned char*)hmac->ipad, blockSz); + if (ret != 0) + return ret; + + XMEMSET(hmac->innerHash, 0, macLen); + + if (safeBlocks > 0) { + ret = Hmac_HashUpdate(hmac, header, WOLFSSL_TLS_HMAC_INNER_SZ); + if (ret != 0) + return ret; + ret = Hmac_HashUpdate(hmac, in, safeBlocks * blockSz - + WOLFSSL_TLS_HMAC_INNER_SZ); + if (ret != 0) + return ret; + } + else + safeBlocks = 0; + + XMEMSET(digest, 0, macLen); + k = safeBlocks * blockSz; + for (i = safeBlocks; i < blocks; i++) { + unsigned char hashBlock[WC_MAX_BLOCK_SIZE]; + unsigned char isEocBlock = ctMaskEq(i, eocBlock); + unsigned char isOutBlock = ctMaskEq(i, lenBlock); + + for (j = 0; j < blockSz; j++, k++) { + unsigned char atEoc = ctMaskEq(j, eocIndex) & isEocBlock; + unsigned char pastEoc = ctMaskGT(j, eocIndex) & isEocBlock; + unsigned char b = 0; + + if (k < WOLFSSL_TLS_HMAC_INNER_SZ) + b = header[k]; + else if (k < maxLen) + b = in[k - WOLFSSL_TLS_HMAC_INNER_SZ]; + + b = ctMaskSel(atEoc, b, 0x80); + b &= ~pastEoc; + b &= ~isOutBlock | isEocBlock; + + if (j >= blockSz - 8) { + b = ctMaskSel(isOutBlock, b, lenBytes[j - (blockSz - 8)]); + } + + hashBlock[j] = b; + } + + ret = Hmac_HashUpdate(hmac, hashBlock, blockSz); + if (ret != 0) + return ret; + ret = Hmac_HashFinalRaw(hmac, hashBlock); + if (ret != 0) + return ret; + for (j = 0; j < macLen; j++) + ((unsigned char*)hmac->innerHash)[j] |= hashBlock[j] & isOutBlock; + } + + ret = Hmac_OuterHash(hmac, digest); + + return ret; +} + +#endif + +#if defined(WOLFSSL_NO_HASH_RAW) || defined(HAVE_FIPS) || defined(HAVE_BLAKE2) + +/* Calculate the HMAC of the header + message data. + * Constant time implementation using normal hashing operations. + * Update-Final need to be constant time. + * + * hmac HMAC object. + * digest MAC result. + * in Message data. + * sz Size of the message data. + * header Constructed record header with length of handshake data. + * returns 0 on success, otherwise failure. + */ +static int Hmac_UpdateFinal(Hmac* hmac, byte* digest, const byte* in, + word32 sz, byte* header) +{ + byte dummy[WC_MAX_BLOCK_SIZE] = {0}; + int ret; + word32 msgSz, blockSz, macSz, padSz, maxSz, realSz; + word32 currSz, offset; + int msgBlocks, blocks, blockBits; + int i; + + switch (hmac->macType) { + #ifndef NO_SHA + case WC_SHA: + blockSz = WC_SHA_BLOCK_SIZE; + blockBits = 6; + macSz = WC_SHA_DIGEST_SIZE; + padSz = WC_SHA_BLOCK_SIZE - WC_SHA_PAD_SIZE + 1; + break; + #endif /* !NO_SHA */ + + #ifndef NO_SHA256 + case WC_SHA256: + blockSz = WC_SHA256_BLOCK_SIZE; + blockBits = 6; + macSz = WC_SHA256_DIGEST_SIZE; + padSz = WC_SHA256_BLOCK_SIZE - WC_SHA256_PAD_SIZE + 1; + break; + #endif /* !NO_SHA256 */ + + #ifdef WOLFSSL_SHA384 + case WC_SHA384: + blockSz = WC_SHA384_BLOCK_SIZE; + blockBits = 7; + macSz = WC_SHA384_DIGEST_SIZE; + padSz = WC_SHA384_BLOCK_SIZE - WC_SHA384_PAD_SIZE + 1; + break; + #endif /* WOLFSSL_SHA384 */ + + #ifdef WOLFSSL_SHA512 + case WC_SHA512: + blockSz = WC_SHA512_BLOCK_SIZE; + blockBits = 7; + macSz = WC_SHA512_DIGEST_SIZE; + padSz = WC_SHA512_BLOCK_SIZE - WC_SHA512_PAD_SIZE + 1; + break; + #endif /* WOLFSSL_SHA512 */ + + #ifdef HAVE_BLAKE2 + case WC_HASH_TYPE_BLAKE2B: + blockSz = BLAKE2B_BLOCKBYTES; + blockBits = 7; + macSz = BLAKE2B_256; + padSz = 0; + break; + #endif /* HAVE_BLAK2 */ + + default: + return BAD_FUNC_ARG; + } + + msgSz = sz - (1 + in[sz - 1] + macSz); + /* Make negative result 0 */ + msgSz &= ~(0 - (msgSz >> 31)); + realSz = WOLFSSL_TLS_HMAC_INNER_SZ + msgSz; + maxSz = WOLFSSL_TLS_HMAC_INNER_SZ + (sz - 1) - macSz; + + /* Calculate #blocks processed in HMAC for max and real data. */ + blocks = maxSz >> blockBits; + blocks += ((maxSz + padSz) % blockSz) < padSz; + msgBlocks = realSz >> blockBits; + /* #Extra blocks to process. */ + blocks -= msgBlocks + (((realSz + padSz) % blockSz) < padSz); + /* Calculate whole blocks. */ + msgBlocks--; + + ret = wc_HmacUpdate(hmac, header, WOLFSSL_TLS_HMAC_INNER_SZ); + if (ret == 0) { + /* Fill the rest of the block with any available data. */ + currSz = ctMaskLT(msgSz, blockSz) & msgSz; + currSz |= ctMaskGTE(msgSz, blockSz) & blockSz; + currSz -= WOLFSSL_TLS_HMAC_INNER_SZ; + currSz &= ~(0 - (currSz >> 31)); + ret = wc_HmacUpdate(hmac, in, currSz); + offset = currSz; + } + if (ret == 0) { + /* Do the hash operations on a block basis. */ + for (i = 0; i < msgBlocks; i++, offset += blockSz) { + ret = wc_HmacUpdate(hmac, in + offset, blockSz); + if (ret != 0) + break; + } + } + if (ret == 0) + ret = wc_HmacUpdate(hmac, in + offset, msgSz - offset); + if (ret == 0) + ret = wc_HmacFinal(hmac, digest); + if (ret == 0) { + /* Do the dummy hash operations. Do at least one. */ + for (i = 0; i < blocks + 1; i++) { + ret = wc_HmacUpdate(hmac, dummy, blockSz); + if (ret != 0) + break; + } + } + + return ret; +} + +#endif + +int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, int padSz, + int content, int verify) +{ + Hmac hmac; + byte myInner[WOLFSSL_TLS_HMAC_INNER_SZ]; + int ret = 0; if (ssl == NULL) return BAD_FUNC_ARG; @@ -864,19 +1309,47 @@ int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, return ret; ret = wc_HmacSetKey(&hmac, wolfSSL_GetHmacType(ssl), - wolfSSL_GetMacSecret(ssl, verify), ssl->specs.hash_size); + wolfSSL_GetMacSecret(ssl, verify), + ssl->specs.hash_size); if (ret == 0) { - ret = wc_HmacUpdate(&hmac, myInner, sizeof(myInner)); - if (ret == 0) - ret = wc_HmacUpdate(&hmac, in, sz); /* content */ - if (ret == 0) - ret = wc_HmacFinal(&hmac, digest); + /* Constant time verification required. */ + if (verify && padSz >= 0) { +#if !defined(WOLFSSL_NO_HASH_RAW) && !defined(HAVE_FIPS) + #ifdef HAVE_BLAKE2 + if (wolfSSL_GetHmacType(ssl) == WC_HASH_TYPE_BLAKE2B) { + ret = Hmac_UpdateFinal(&hmac, digest, in, sz + + ssl->specs.hash_size + padSz + 1, + myInner); + } + else + #endif + { + ret = Hmac_UpdateFinal_CT(&hmac, digest, in, sz + + ssl->specs.hash_size + padSz + 1, + myInner); + } +#else + ret = Hmac_UpdateFinal(&hmac, digest, in, sz + + ssl->specs.hash_size + padSz + 1, + myInner); +#endif + } + else { + ret = wc_HmacUpdate(&hmac, myInner, sizeof(myInner)); + if (ret == 0) + ret = wc_HmacUpdate(&hmac, in, sz); /* content */ + if (ret == 0) + ret = wc_HmacFinal(&hmac, digest); + } } + wc_HmacFree(&hmac); return ret; } +#endif /* !WOLFSSL_NO_TLS12 */ + #ifdef HAVE_TLS_EXTENSIONS /** @@ -4738,8 +5211,18 @@ static int TLSX_SupportedVersions_Write(void* data, byte* output, } #ifndef WOLFSSL_TLS13_DRAFT_18 else if (msgType == server_hello || msgType == hello_retry_request) { - output[0] = ssl->version.major; - output[1] = ssl->version.minor; + #ifndef WOLFSSL_TLS13_FINAL + if (ssl->version.major == SSLv3_MAJOR && + ssl->version.minor == TLSv1_3_MINOR) { + output[0] = TLS_DRAFT_MAJOR; + output[1] = TLS_DRAFT_MINOR; + } + else + #endif + { + output[0] = ssl->version.major; + output[1] = ssl->version.minor; + } *pSz += OPAQUE16_LEN; } @@ -4797,34 +5280,38 @@ static int TLSX_SupportedVersions_Parse(WOLFSSL* ssl, byte* input, continue; /* No upgrade allowed. */ - if (ssl->version.minor > minor) + if (minor > ssl->version.minor) continue; /* Check downgrade. */ - if (ssl->version.minor < minor) { + if (minor < ssl->version.minor) { if (!ssl->options.downgrade) continue; if (minor < ssl->options.minDowngrade) continue; - /* Downgrade the version. */ - ssl->version.minor = minor; + if (newMinor == 0 && minor > ssl->options.oldMinor) { + /* Downgrade the version. */ + ssl->version.minor = minor; + } } if (minor >= TLSv1_3_MINOR) { - ssl->options.tls1_3 = 1; - TLSX_Push(&ssl->extensions, TLSX_SUPPORTED_VERSIONS, ssl, - ssl->heap); + if (!ssl->options.tls1_3) { + ssl->options.tls1_3 = 1; + TLSX_Push(&ssl->extensions, TLSX_SUPPORTED_VERSIONS, ssl, + ssl->heap); #ifndef WOLFSSL_TLS13_DRAFT_18 - TLSX_SetResponse(ssl, TLSX_SUPPORTED_VERSIONS); + TLSX_SetResponse(ssl, TLSX_SUPPORTED_VERSIONS); #endif - newMinor = minor; + } + if (minor > newMinor) { + ssl->version.minor = minor; + newMinor = minor; + } } - else if (ssl->options.oldMinor < minor) + else if (minor > ssl->options.oldMinor) ssl->options.oldMinor = minor; - - if (newMinor != 0 && ssl->options.oldMinor != 0) - break; } } #ifndef WOLFSSL_TLS13_DRAFT_18 @@ -6280,6 +6767,8 @@ static int TLSX_KeyShare_New(KeyShareEntry** list, int group, void *heap, *list = kse; *keyShareEntry = kse; + (void)heap; + return 0; } @@ -7313,7 +7802,7 @@ int TLSX_PskKeModes_Use(WOLFSSL* ssl, byte modes) static word16 TLSX_PostHandAuth_GetSize(byte msgType) { if (msgType == client_hello) - return OPAQUE8_LEN; + return 0; return SANITY_MSG_E; } @@ -7328,10 +7817,10 @@ static word16 TLSX_PostHandAuth_GetSize(byte msgType) */ static word16 TLSX_PostHandAuth_Write(byte* output, byte msgType) { - if (msgType == client_hello) { - *output = 0; - return OPAQUE8_LEN; - } + (void)output; + + if (msgType == client_hello) + return 0; return SANITY_MSG_E; } @@ -7348,15 +7837,11 @@ static word16 TLSX_PostHandAuth_Write(byte* output, byte msgType) static int TLSX_PostHandAuth_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType) { - byte len; + (void)input; if (msgType == client_hello) { - /* Ensure length byte exists. */ - if (length < OPAQUE8_LEN) - return BUFFER_E; - - len = input[0]; - if (length - OPAQUE8_LEN != len || len != 0) + /* Ensure extension is empty. */ + if (length != 0) return BUFFER_E; ssl->options.postHandshakeAuth = 1; @@ -9332,7 +9817,7 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType, #ifdef WOLFSSL_POST_HANDSHAKE_AUTH case TLSX_POST_HANDSHAKE_AUTH: - WOLFSSL_MSG("PSK Key Exchange Modes extension received"); + WOLFSSL_MSG("Post Handshake Authentication extension received"); if (!IsAtLeastTLSv1_3(ssl->version)) break; @@ -9462,6 +9947,7 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType, #endif /* !NO_OLD_TLS */ +#ifndef WOLFSSL_NO_TLS12 WOLFSSL_METHOD* wolfTLSv1_2_client_method(void) { @@ -9479,6 +9965,8 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType, return method; } +#endif /* WOLFSSL_NO_TLS12 */ + #ifdef WOLFSSL_TLS13 /* The TLS v1.3 client method data. * @@ -9584,6 +10072,7 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType, } #endif /* !NO_OLD_TLS */ +#ifndef WOLFSSL_NO_TLS12 WOLFSSL_METHOD* wolfTLSv1_2_server_method(void) { @@ -9603,6 +10092,8 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType, return method; } +#endif /* !WOLFSSL_NO_TLS12 */ + #ifdef WOLFSSL_TLS13 /* The TLS v1.3 server method data. * diff --git a/src/tls13.c b/src/tls13.c index 337cd343e..34b862bcf 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -80,7 +80,7 @@ #ifdef WOLFSSL_TLS13 #ifdef HAVE_SESSION_TICKET - #include + #include #endif #ifndef WOLFCRYPT_ONLY @@ -302,7 +302,7 @@ static int DeriveKeyMsg(WOLFSSL* ssl, byte* output, int outputLen, word32 hashSz = 0; const byte* protocol; word32 protocolLen; - int digestAlg; + int digestAlg = -1; int ret = BAD_FUNC_ARG; switch (hashAlgo) { @@ -345,8 +345,14 @@ static int DeriveKeyMsg(WOLFSSL* ssl, byte* output, int outputLen, digestAlg = WC_SHA512; break; #endif + default: + digestAlg = -1; + break; } + if (digestAlg < 0) + return HASH_TYPE_E; + if (ret != 0) return ret; @@ -2370,11 +2376,18 @@ int SendTls13ClientHello(WOLFSSL* ssl) if (ssl->options.resuming && (ssl->session.version.major != ssl->version.major || ssl->session.version.minor != ssl->version.minor)) { - /* Cannot resume with a different protocol version - new handshake. */ - ssl->options.resuming = 0; - ssl->version.major = ssl->session.version.major; - ssl->version.minor = ssl->session.version.minor; - return SendClientHello(ssl); + #ifndef WOLFSSL_NO_TLS12 + if (ssl->session.version.major == ssl->version.major && + ssl->session.version.minor < ssl->version.minor) { + /* Cannot resume with a different protocol version. */ + ssl->options.resuming = 0; + ssl->version.major = ssl->session.version.major; + ssl->version.minor = ssl->session.version.minor; + return SendClientHello(ssl); + } + else + #endif + return VERSION_ERROR; } #endif @@ -2768,15 +2781,18 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, if (ret != 0) return ret; if (!IsAtLeastTLSv1_3(pv) && pv.major != TLS_DRAFT_MAJOR) { +#ifndef WOLFSSL_NO_TLS12 if (ssl->options.downgrade) { ssl->version = pv; return DoServerHello(ssl, input, inOutIdx, helloSz); } +#endif - WOLFSSL_MSG("CLient using higher version, fatal error"); + WOLFSSL_MSG("Client using higher version, fatal error"); return VERSION_ERROR; } #else +#ifndef WOLFSSL_NO_TLS12 if (pv.major == ssl->version.major && pv.minor < TLSv1_2_MINOR && ssl->options.downgrade) { /* Force client hello version 1.2 to work for static RSA. */ @@ -2784,6 +2800,7 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, ssl->version.minor = TLSv1_2_MINOR; return DoServerHello(ssl, input, inOutIdx, helloSz); } +#endif if (pv.major != ssl->version.major || pv.minor != TLSv1_2_MINOR) return VERSION_ERROR; #endif @@ -2842,7 +2859,9 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, if ((i - begin) + OPAQUE16_LEN > helloSz) { if (!ssl->options.downgrade) return BUFFER_ERROR; +#ifndef WOLFSSL_NO_TLS12 ssl->version.minor = TLSv1_2_MINOR; +#endif ssl->options.haveEMS = 0; } if ((i - begin) < helloSz) @@ -2885,6 +2904,7 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, * Only now do we know how to deal with session id. */ if (!IsAtLeastTLSv1_3(ssl->version)) { +#ifndef WOLFSSL_NO_TLS12 ssl->arrays->sessionIDSz = sessIdSz; if (ssl->arrays->sessionIDSz > ID_LEN) { @@ -2901,6 +2921,10 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, ssl->chVersion.minor = TLSv1_2_MINOR; /* Complete TLS v1.2 processing of ServerHello. */ ret = CompleteServerHello(ssl); +#else + WOLFSSL_MSG("Client using higher version, fatal error"); + ret = VERSION_ERROR; +#endif WOLFSSL_LEAVE("DoTls13ServerHello", ret); @@ -3178,16 +3202,6 @@ static int DoTls13CertificateRequest(WOLFSSL* ssl, const byte* input, /* This message is always encrypted so add encryption padding. */ *inOutIdx += ssl->keys.padSz; -#if !defined(NO_WOLFSSL_CLIENT) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) - if (ssl->options.side == WOLFSSL_CLIENT_END && - ssl->options.handShakeState == HANDSHAKE_DONE) { - /* reset handshake states */ - ssl->options.clientState = CLIENT_HELLO_COMPLETE; - ssl->options.connectState = FIRST_REPLY_DONE; - ssl->options.handShakeState = CLIENT_HELLO_COMPLETE; - } -#endif - WOLFSSL_LEAVE("DoTls13CertificateRequest", ret); WOLFSSL_END(WC_FUNC_CERTIFICATE_REQUEST_DO); @@ -3689,8 +3703,14 @@ static int RestartHandshakeHashWithCookie(WOLFSSL* ssl, Cookie* cookie) hrrIdx += 2; c16toa(OPAQUE16_LEN, hrr + hrrIdx); hrrIdx += 2; - hrr[hrrIdx++] = ssl->version.major; - hrr[hrrIdx++] = ssl->version.minor; + /* TODO: [TLS13] Change to ssl->version.major and minor once final. */ + #ifdef WOLFSSL_TLS13_FINAL + hrr[hrrIdx++] = ssl->version.major; + hrr[hrrIdx++] = ssl->version.minor; + #else + hrr[hrrIdx++] = TLS_DRAFT_MAJOR; + hrr[hrrIdx++] = TLS_DRAFT_MINOR; + #endif #endif /* Mandatory Cookie Extension */ c16toa(TLSX_COOKIE, hrr + hrrIdx); @@ -3729,7 +3749,7 @@ static int RestartHandshakeHashWithCookie(WOLFSSL* ssl, Cookie* cookie) int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, word32 helloSz) { - int ret; + int ret = VERSION_ERROR; byte b; ProtocolVersion pv; Suites clSuites; @@ -3738,7 +3758,9 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, word16 totalExtSz = 0; int usingPSK = 0; byte sessIdSz; +#ifndef WOLFSSL_NO_TLS12 int bogusID = 0; +#endif WOLFSSL_START(WC_FUNC_CLIENT_HELLO_DO); WOLFSSL_ENTER("DoTls13ClientHello"); @@ -3760,8 +3782,10 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, if (pv.major == SSLv3_MAJOR && pv.minor >= TLSv1_3_MINOR) pv.minor = TLSv1_2_MINOR; +#ifndef WOLFSSL_NO_TLS12 if (ssl->version.major == SSLv3_MAJOR && ssl->version.minor < TLSv1_3_MINOR) return DoClientHello(ssl, input, inOutIdx, helloSz); +#endif #ifdef HAVE_SESSION_TICKET if (ssl->options.downgrade) { @@ -3796,9 +3820,11 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, XMEMCPY(ssl->session.sessionID, input + i, sessIdSz); i += ID_LEN; } -#ifdef HAVE_SESSION_TICKET - if (sessIdSz > 0 && sessIdSz < ID_LEN) - bogusID = 1; +#ifndef WOLFSSL_NO_TLS12 + #ifdef HAVE_SESSION_TICKET + if (sessIdSz > 0 && sessIdSz < ID_LEN) + bogusID = 1; + #endif #endif /* Cipher suites */ @@ -3913,6 +3939,7 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, return ret; #endif } +#ifndef WOLFSSL_NO_TLS12 else if (ssl->options.resuming) { ret = HandleTlsResumption(ssl, bogusID, &clSuites); if (ret != 0) @@ -3925,6 +3952,12 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, return ret; } } +#else + else { + WOLFSSL_MSG("Negotiated lesser version than TLS v1.3"); + return VERSION_ERROR; + } +#endif if (!usingPSK) { if ((ret = MatchSuite(ssl, &clSuites)) < 0) { @@ -3935,25 +3968,9 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, /* Check that the negotiated ciphersuite matches protocol version. */ if (IsAtLeastTLSv1_3(ssl->version)) { if (ssl->options.cipherSuite0 != TLS13_BYTE) { - TLSX* ext; - - if (!ssl->options.downgrade) { - WOLFSSL_MSG("Negotiated ciphersuite from lesser version " - "than TLS v1.3"); - return VERSION_ERROR; - } - - WOLFSSL_MSG("Downgrading protocol due to cipher suite"); - - if (pv.minor < ssl->options.minDowngrade) - return VERSION_ERROR; - ssl->version.minor = ssl->options.oldMinor; - - /* Downgrade from TLS v1.3 */ - ssl->options.tls1_3 = 0; - ext = TLSX_Find(ssl->extensions, TLSX_SUPPORTED_VERSIONS); - if (ext != NULL) - ext->resp = 0; + WOLFSSL_MSG("Negotiated ciphersuite from lesser version than " + "TLS v1.3"); + return VERSION_ERROR; } } /* VerifyServerSuite handles when version is less than 1.3 */ @@ -5246,7 +5263,10 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl) #endif /* HAVE_ECC */ #ifdef HAVE_ED25519 if (ssl->hsType == DYNAMIC_TYPE_ED25519) { - /* Nothing to do */ + ret = Ed25519CheckPubKey(ssl); + if (ret < 0) { + ERROR_OUT(ret, exit_scv); + } sig->length = ED25519_SIG_SIZE; } #endif /* HAVE_ECC */ @@ -5809,7 +5829,15 @@ static int DoTls13Finished(WOLFSSL* ssl, const byte* input, word32* inOutIdx, if (*inOutIdx + size + ssl->keys.padSz > totalSz) return BUFFER_E; - if (ssl->options.side == WOLFSSL_CLIENT_END) { + if (ssl->options.handShakeDone) { + ret = DeriveFinishedSecret(ssl, ssl->arrays->clientSecret, + ssl->keys.client_write_MAC_secret); + if (ret != 0) + return ret; + + secret = ssl->keys.client_write_MAC_secret; + } + else if (ssl->options.side == WOLFSSL_CLIENT_END) { /* All the handshake messages have been received to calculate * client and server finished keys. */ @@ -5915,7 +5943,15 @@ static int SendTls13Finished(WOLFSSL* ssl) AddTls13HandShakeHeader(input, finishedSz, 0, finishedSz, finished, ssl); /* make finished hashes */ - if (ssl->options.side == WOLFSSL_CLIENT_END) + if (ssl->options.handShakeDone) { + ret = DeriveFinishedSecret(ssl, ssl->arrays->clientSecret, + ssl->keys.client_write_MAC_secret); + if (ret != 0) + return ret; + + secret = ssl->keys.client_write_MAC_secret; + } + else if (ssl->options.side == WOLFSSL_CLIENT_END) secret = ssl->keys.client_write_MAC_secret; else { /* All the handshake messages have been done to calculate client and @@ -6679,10 +6715,6 @@ static int SanityCheckTls13MsgReceived(WOLFSSL* ssl, byte type) WOLFSSL_MSG("NewSessionTicket received out of order"); return OUT_OF_ORDER_E; } - if (ssl->msgsReceived.got_session_ticket) { - WOLFSSL_MSG("Duplicate NewSessionTicket received"); - return DUPLICATE_MSG_E; - } ssl->msgsReceived.got_session_ticket = 1; break; @@ -6822,13 +6854,14 @@ static int SanityCheckTls13MsgReceived(WOLFSSL* ssl, byte type) ssl->arrays->psk_keySz != 0) { WOLFSSL_MSG("CertificateRequset received while using PSK"); return SANITY_MSG_E; - return SANITY_MSG_E; } #endif + #ifndef WOLFSSL_POST_HANDSHAKE_AUTH if (ssl->msgsReceived.got_certificate_request) { WOLFSSL_MSG("Duplicate CertificateRequest received"); return DUPLICATE_MSG_E; } + #endif ssl->msgsReceived.got_certificate_request = 1; break; @@ -6836,20 +6869,20 @@ static int SanityCheckTls13MsgReceived(WOLFSSL* ssl, byte type) case certificate_verify: #ifndef NO_WOLFSSL_CLIENT - if (ssl->options.side == WOLFSSL_CLIENT_END && - ssl->options.serverState != SERVER_CERT_COMPLETE) { - WOLFSSL_MSG("No Cert before CertVerify"); - return OUT_OF_ORDER_E; + if (ssl->options.side == WOLFSSL_CLIENT_END) { + if (ssl->options.serverState != SERVER_CERT_COMPLETE) { + WOLFSSL_MSG("No Cert before CertVerify"); + return OUT_OF_ORDER_E; + } + #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) + /* Server's authenticating with PSK must not send this. */ + if (ssl->options.serverState == SERVER_CERT_COMPLETE && + ssl->arrays->psk_keySz != 0) { + WOLFSSL_MSG("CertificateVerify received while using PSK"); + return SANITY_MSG_E; + } + #endif } - #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) - /* Server's authenticating with PSK must not send this. */ - if (ssl->options.side == WOLFSSL_CLIENT_END && - ssl->options.serverState == SERVER_CERT_COMPLETE && - ssl->arrays->psk_keySz != 0) { - WOLFSSL_MSG("CertificateVerify received while using PSK"); - return SANITY_MSG_E; - } - #endif #endif #ifndef NO_WOLFSSL_SERVER if (ssl->options.side == WOLFSSL_SERVER_END) { @@ -7092,47 +7125,61 @@ int DoTls13HandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx, if (ssl->options.tls1_3) { /* Need to hash input message before deriving secrets. */ -#ifndef NO_WOLFSSL_CLIENT - if (type == server_hello && ssl->options.side == WOLFSSL_CLIENT_END) { - if ((ret = DeriveEarlySecret(ssl)) != 0) - return ret; - if ((ret = DeriveHandshakeSecret(ssl)) != 0) - return ret; + #ifndef NO_WOLFSSL_CLIENT + if (ssl->options.side == WOLFSSL_CLIENT_END) { + if (type == server_hello) { + if ((ret = DeriveEarlySecret(ssl)) != 0) + return ret; + if ((ret = DeriveHandshakeSecret(ssl)) != 0) + return ret; - if ((ret = DeriveTls13Keys(ssl, handshake_key, + if ((ret = DeriveTls13Keys(ssl, handshake_key, ENCRYPT_AND_DECRYPT_SIDE, 1)) != 0) { - return ret; + return ret; + } + #ifdef WOLFSSL_EARLY_DATA + if ((ret = SetKeysSide(ssl, DECRYPT_SIDE_ONLY)) != 0) + return ret; + #else + if ((ret = SetKeysSide(ssl, ENCRYPT_AND_DECRYPT_SIDE)) != 0) + return ret; + #endif } - #ifdef WOLFSSL_EARLY_DATA - if ((ret = SetKeysSide(ssl, DECRYPT_SIDE_ONLY)) != 0) - return ret; - #else - if ((ret = SetKeysSide(ssl, ENCRYPT_AND_DECRYPT_SIDE)) != 0) - return ret; - #endif - } - if (type == finished && ssl->options.side == WOLFSSL_CLIENT_END) { - if ((ret = DeriveMasterSecret(ssl)) != 0) - return ret; - #ifdef WOLFSSL_EARLY_DATA - if ((ret = DeriveTls13Keys(ssl, traffic_key, + if (type == finished) { + if ((ret = DeriveMasterSecret(ssl)) != 0) + return ret; + #ifdef WOLFSSL_EARLY_DATA + if ((ret = DeriveTls13Keys(ssl, traffic_key, ENCRYPT_AND_DECRYPT_SIDE, ssl->earlyData == no_early_data)) != 0) { - return ret; - } - #else - if ((ret = DeriveTls13Keys(ssl, traffic_key, + return ret; + } + #else + if ((ret = DeriveTls13Keys(ssl, traffic_key, ENCRYPT_AND_DECRYPT_SIDE, 1)) != 0) { - return ret; + return ret; + } + #endif } - #endif + #ifdef WOLFSSL_POST_HANDSHAKE_AUTH + if (type == certificate_request && + ssl->options.handShakeState == HANDSHAKE_DONE) { + /* reset handshake states */ + ssl->options.clientState = CLIENT_HELLO_COMPLETE; + ssl->options.connectState = FIRST_REPLY_DONE; + ssl->options.handShakeState = CLIENT_HELLO_COMPLETE; + + if (wolfSSL_connect_TLSv13(ssl) != SSL_SUCCESS) + ret = POST_HAND_AUTH_ERROR; + } + #endif } -#endif /* NO_WOLFSSL_CLIENT */ + #endif /* NO_WOLFSSL_CLIENT */ #ifndef NO_WOLFSSL_SERVER #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) - if (type == finished && ssl->options.side == WOLFSSL_SERVER_END) { + if (ssl->options.side == WOLFSSL_SERVER_END && type == finished) { ret = DeriveResumptionSecret(ssl, ssl->session.masterSecret); if (ret != 0) return ret; @@ -7351,8 +7398,10 @@ int wolfSSL_connect_TLSv13(WOLFSSL* ssl) return WOLFSSL_SUCCESS; if (!ssl->options.tls1_3) { + #ifndef WOLFSSL_NO_TLS12 if (ssl->options.downgrade) return wolfSSL_connect(ssl); + #endif WOLFSSL_MSG("Client using higher version, fatal error"); return VERSION_ERROR; @@ -7756,11 +7805,16 @@ int wolfSSL_request_certificate(WOLFSSL* ssl) certReqCtx->ctx = certReqCtx->next->ctx + 1; ssl->certReqCtx = certReqCtx; + ssl->msgsReceived.got_certificate = 0; + ssl->msgsReceived.got_certificate_verify = 0; + ssl->msgsReceived.got_finished = 0; + ret = SendTls13CertificateRequest(ssl, &certReqCtx->ctx, certReqCtx->len); if (ret == WANT_WRITE) ret = WOLFSSL_ERROR_WANT_WRITE; else if (ret == 0) ret = WOLFSSL_SUCCESS; + return ret; } #endif /* !NO_CERTS && WOLFSSL_POST_HANDSHAKE_AUTH */ diff --git a/src/wolfio.c b/src/wolfio.c index 053d7f453..d99280236 100644 --- a/src/wolfio.c +++ b/src/wolfio.c @@ -194,41 +194,14 @@ int EmbedReceive(WOLFSSL *ssl, char *buf, int sz, void *ctx) int sd = *(int*)ctx; int recvd; -#ifdef WOLFSSL_DTLS - { - int dtls_timeout = wolfSSL_dtls_get_current_timeout(ssl); - if (wolfSSL_dtls(ssl) - && !wolfSSL_get_using_nonblock(ssl) - && dtls_timeout != 0) { - #ifdef USE_WINDOWS_API - DWORD timeout = dtls_timeout * 1000; - #else - struct timeval timeout; - XMEMSET(&timeout, 0, sizeof(timeout)); - timeout.tv_sec = dtls_timeout; - #endif - if (setsockopt(sd, SOL_SOCKET, SO_RCVTIMEO, (char*)&timeout, - sizeof(timeout)) != 0) { - WOLFSSL_MSG("setsockopt rcvtimeo failed"); - } - } - } -#endif - recvd = wolfIO_Recv(sd, buf, sz, ssl->rflags); if (recvd < 0) { int err = wolfSSL_LastError(); WOLFSSL_MSG("Embed Receive error"); if (err == SOCKET_EWOULDBLOCK || err == SOCKET_EAGAIN) { - if (!wolfSSL_dtls(ssl) || wolfSSL_get_using_nonblock(ssl)) { - WOLFSSL_MSG("\tWould block"); - return WOLFSSL_CBIO_ERR_WANT_READ; - } - else { - WOLFSSL_MSG("\tSocket timeout"); - return WOLFSSL_CBIO_ERR_TIMEOUT; - } + WOLFSSL_MSG("\tWould block"); + return WOLFSSL_CBIO_ERR_WANT_READ; } else if (err == SOCKET_ECONNRESET) { WOLFSSL_MSG("\tConnection reset"); @@ -238,10 +211,6 @@ int EmbedReceive(WOLFSSL *ssl, char *buf, int sz, void *ctx) WOLFSSL_MSG("\tSocket interrupted"); return WOLFSSL_CBIO_ERR_ISR; } - else if (err == SOCKET_ECONNREFUSED) { - WOLFSSL_MSG("\tConnection refused"); - return WOLFSSL_CBIO_ERR_WANT_READ; - } else if (err == SOCKET_ECONNABORTED) { WOLFSSL_MSG("\tConnection aborted"); return WOLFSSL_CBIO_ERR_CONN_CLOSE; @@ -348,7 +317,7 @@ int EmbedReceiveFrom(WOLFSSL *ssl, char *buf, int sz, void *ctx) WOLFSSL_MSG("Embed Receive From error"); if (err == SOCKET_EWOULDBLOCK || err == SOCKET_EAGAIN) { - if (wolfSSL_get_using_nonblock(ssl)) { + if (wolfSSL_dtls_get_using_nonblock(ssl)) { WOLFSSL_MSG("\tWould block"); return WOLFSSL_CBIO_ERR_WANT_READ; } @@ -459,7 +428,7 @@ int EmbedReceiveFromMcast(WOLFSSL *ssl, char *buf, int sz, void *ctx) WOLFSSL_MSG("Embed Receive From error"); if (err == SOCKET_EWOULDBLOCK || err == SOCKET_EAGAIN) { - if (wolfSSL_get_using_nonblock(ssl)) { + if (wolfSSL_dtls_get_using_nonblock(ssl)) { WOLFSSL_MSG("\tWould block"); return WOLFSSL_CBIO_ERR_WANT_READ; } @@ -1715,7 +1684,7 @@ int MicriumReceive(WOLFSSL *ssl, char *buf, int sz, void *ctx) { int dtls_timeout = wolfSSL_dtls_get_current_timeout(ssl); if (wolfSSL_dtls(ssl) - && !wolfSSL_get_using_nonblock(ssl) + && !wolfSSL_dtls_get_using_nonblock(ssl) && dtls_timeout != 0) { /* needs timeout in milliseconds */ NetSock_CfgTimeoutRxQ_Set(sd, dtls_timeout * 1000, &err); @@ -1732,7 +1701,7 @@ int MicriumReceive(WOLFSSL *ssl, char *buf, int sz, void *ctx) if (err == NET_ERR_RX || err == NET_SOCK_ERR_RX_Q_EMPTY || err == NET_ERR_FAULT_LOCK_ACQUIRE) { - if (!wolfSSL_dtls(ssl) || wolfSSL_get_using_nonblock(ssl)) { + if (!wolfSSL_dtls(ssl) || wolfSSL_dtls_get_using_nonblock(ssl)) { WOLFSSL_MSG("\tWould block"); return WOLFSSL_CBIO_ERR_WANT_READ; } @@ -1772,7 +1741,7 @@ int MicriumReceiveFrom(WOLFSSL *ssl, char *buf, int sz, void *ctx) if (ssl->options.handShakeDone) dtls_timeout = 0; - if (!wolfSSL_get_using_nonblock(ssl)) { + if (!wolfSSL_dtls_get_using_nonblock(ssl)) { /* needs timeout in milliseconds */ NetSock_CfgTimeoutRxQ_Set(sd, dtls_timeout * 1000, &err); if (err != NET_SOCK_ERR_NONE) { @@ -1787,7 +1756,7 @@ int MicriumReceiveFrom(WOLFSSL *ssl, char *buf, int sz, void *ctx) if (err == NET_ERR_RX || err == NET_SOCK_ERR_RX_Q_EMPTY || err == NET_ERR_FAULT_LOCK_ACQUIRE) { - if (wolfSSL_get_using_nonblock(ssl)) { + if (wolfSSL_dtls_get_using_nonblock(ssl)) { WOLFSSL_MSG("\tWould block"); return WOLFSSL_CBIO_ERR_WANT_READ; } diff --git a/tests/api.c b/tests/api.c index 11bcbded3..abfaf936b 100644 --- a/tests/api.c +++ b/tests/api.c @@ -193,6 +193,11 @@ #ifdef HAVE_CHACHA #include #endif + +#ifdef HAVE_POLY1305 + #include +#endif + #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) #include #endif @@ -209,6 +214,10 @@ #include #endif +#ifdef HAVE_BLAKE2 + #include +#endif + #ifndef NO_RSA #include @@ -222,6 +231,11 @@ #endif #endif +#ifndef NO_SIG_WRAPPER + #include +#endif + + #ifdef HAVE_AESCCM #include #endif @@ -235,7 +249,7 @@ #include #endif -#if defined(WOLFSSL_SHA3) || defined(HAVE_PKCS7) +#if defined(WOLFSSL_SHA3) || defined(HAVE_PKCS7) || !defined(NO_RSA) static int devId = INVALID_DEVID; #endif #ifndef NO_DSA @@ -265,6 +279,10 @@ #include #endif +#ifdef HAVE_CURVE25519 + #include +#endif + #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) #include #ifndef NO_ASN @@ -449,11 +467,26 @@ static void test_wolfSSL_Method_Allocators(void) TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_1_server_method); TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_1_client_method); #endif +#ifndef WOLFSSL_NO_TLS12 + #ifndef NO_WOLFSSL_SERVER + TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_2_server_method); + #endif + #ifndef NO_WOLFSSL_CLIENT + TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_2_client_method); + #endif +#endif +#ifdef WOLFSSL_TLS13 + #ifndef NO_WOLFSSL_SERVER + TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_3_server_method); + #endif + #ifndef NO_WOLFSSL_CLIENT + TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_3_client_method); + #endif +#endif #ifndef NO_WOLFSSL_SERVER - TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_2_server_method); + TEST_VALID_METHOD_ALLOCATOR(wolfSSLv23_server_method); #endif #ifndef NO_WOLFSSL_CLIENT - TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_2_client_method); TEST_VALID_METHOD_ALLOCATOR(wolfSSLv23_client_method); #endif #ifdef WOLFSSL_DTLS @@ -885,12 +918,18 @@ static int test_wolfSSL_SetMinVersion(void) #ifndef NO_OLD_TLS const int versions[] = { WOLFSSL_TLSV1, WOLFSSL_TLSV1_1, WOLFSSL_TLSV1_2}; - #else + #elif !defined(WOLFSSL_NO_TLS12) const int versions[] = { WOLFSSL_TLSV1_2 }; + #else + const int versions[] = { WOLFSSL_TLSV1_3 }; #endif AssertTrue(wolfSSL_Init()); - ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()); + #ifndef WOLFSSL_NO_TLS12 + ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()); + #else + ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()); + #endif ssl = wolfSSL_new(ctx); printf(testingFmt, "wolfSSL_SetMinVersion()"); @@ -1311,12 +1350,15 @@ static void test_client_nofail(void* args, void *cb) WOLFSSL_METHOD* method = 0; WOLFSSL_CTX* ctx = 0; WOLFSSL* ssl = 0; + WOLFSSL_CIPHER* cipher; char msg[64] = "hello wolfssl!"; char reply[1024]; int input; int msgSz = (int)XSTRLEN(msg); int ret, err = 0; + int cipherSuite; + const char* cipherName1, *cipherName2; #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); @@ -1398,6 +1440,24 @@ static void test_client_nofail(void* args, void *cb) goto done2; } + /* test the various get cipher methods */ + cipherSuite = wolfSSL_get_current_cipher_suite(ssl); + cipherName1 = wolfSSL_get_cipher_name(ssl); + cipherName2 = wolfSSL_get_cipher_name_from_suite( + (cipherSuite >> 8), cipherSuite & 0xFF); + AssertStrEQ(cipherName1, cipherName2); + + cipher = wolfSSL_get_current_cipher(ssl); + cipherName1 = wolfSSL_CIPHER_get_name(cipher); + cipherName2 = wolfSSL_get_cipher(ssl); +#ifdef NO_ERROR_STRINGS + AssertNull(cipherName1); + AssertNull(cipherName2); +#else + AssertStrEQ(cipherName1, cipherName2); +#endif + + if(cb != NULL)((cbType)cb)(ctx, ssl); if (wolfSSL_write(ssl, msg, msgSz) != msgSz) @@ -2911,7 +2971,11 @@ static void test_wolfSSL_PKCS8(void) /* Note that wolfSSL_Init() or wolfCrypt_Init() has been called before these * function calls */ +#ifndef WOLFSSL_NO_TLS12 AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())); +#else + AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method())); +#endif wolfSSL_CTX_set_default_passwd_cb(ctx, &PKCS8TestCallBack); wolfSSL_CTX_set_default_passwd_cb_userdata(ctx, (void*)&flag); AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buffer, bytes, @@ -2956,6 +3020,34 @@ static void test_wolfSSL_PKCS5(void) #endif /* defined(OPENSSL_EXTRA) && !defined(NO_SHA) */ } +/* test parsing URI from certificate */ +static void test_wolfSSL_URI(void) +{ +#if !defined(NO_CERTS) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) \ + && (defined(KEEP_PEER_CERT) || defined(SESSION_CERTS) || \ + defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) + WOLFSSL_X509* x509; + const char uri[] = "./certs/client-uri-cert.pem"; + const char badUri[] = "./certs/client-relative-uri.pem"; + + printf(testingFmt, "wolfSSL URI parse"); + + x509 = wolfSSL_X509_load_certificate_file(uri, WOLFSSL_FILETYPE_PEM); + AssertNotNull(x509); + + wolfSSL_FreeX509(x509); + + x509 = wolfSSL_X509_load_certificate_file(badUri, WOLFSSL_FILETYPE_PEM); +#ifndef IGNORE_NAME_CONSTRAINTS + AssertNull(x509); +#else + AssertNotNull(x509); +#endif + + printf(resultFmt, passed); +#endif +} + /* Testing function wolfSSL_CTX_SetMinVersion; sets the minimum downgrade * version allowed. * POST: 1 on success. @@ -2970,14 +3062,20 @@ static int test_wolfSSL_CTX_SetMinVersion(void) #ifndef NO_OLD_TLS const int versions[] = { WOLFSSL_TLSV1, WOLFSSL_TLSV1_1, WOLFSSL_TLSV1_2 }; - #else + #elif !defined(WOLFSSL_NO_TLS12) const int versions[] = { WOLFSSL_TLSV1_2 }; + #elif defined(WOLFSSL_TLS13) + const int versions[] = { WOLFSSL_TLSV1_3 }; #endif failFlag = WOLFSSL_SUCCESS; AssertTrue(wolfSSL_Init()); +#ifndef WOLFSSL_NO_TLS12 ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()); +#else + ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()); +#endif printf(testingFmt, "wolfSSL_CTX_SetMinVersion()"); @@ -3016,7 +3114,11 @@ static int test_wolfSSL_UseOCSPStapling(void) WOLFSSL* ssl; wolfSSL_Init(); + #ifndef WOLFSSL_NO_TLS12 ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()); + #else + ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()); + #endif ssl = wolfSSL_new(ctx); printf(testingFmt, "wolfSSL_UseOCSPStapling()"); @@ -3056,7 +3158,11 @@ static int test_wolfSSL_UseOCSPStaplingV2 (void) WOLFSSL* ssl; wolfSSL_Init(); + #ifndef WOLFSSL_NO_TLS12 ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()); + #else + ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()); + #endif ssl = wolfSSL_new(ctx); printf(testingFmt, "wolfSSL_UseOCSPStaplingV2()"); @@ -3127,6 +3233,77 @@ static void test_wolfSSL_mcast(void) | Wolfcrypt *----------------------------------------------------------------------------*/ +/* + * Unit test for the wc_InitBlake2b() + */ +static int test_wc_InitBlake2b (void) +{ + int ret = 0; +#ifdef HAVE_BLAKE2 + + Blake2b blake2; + + printf(testingFmt, "wc_InitBlake2B()"); + + /* Test good arg. */ + ret = wc_InitBlake2b(&blake2, 64); + if (ret != 0) { + ret = WOLFSSL_FATAL_ERROR; + } + + /* Test bad arg. */ + if (!ret) { + ret = wc_InitBlake2b(NULL, 64); + if (ret == 0) { + ret = WOLFSSL_FATAL_ERROR; + } else { + ret = 0; + } + } + + if (!ret) { + ret = wc_InitBlake2b(NULL, 128); + if (ret == 0) { + ret = WOLFSSL_FATAL_ERROR; + } else { + ret = 0; + } + } + + if (!ret) { + ret = wc_InitBlake2b(&blake2, 128); + if (ret == 0) { + ret = WOLFSSL_FATAL_ERROR; + } else { + ret = 0; + } + } + + if (!ret) { + ret = wc_InitBlake2b(NULL, 0); + if (ret == 0) { + ret = WOLFSSL_FATAL_ERROR; + } else { + ret = 0; + } + } + + if (!ret) { + ret = wc_InitBlake2b(&blake2, 0); + if (ret == 0) { + ret = WOLFSSL_FATAL_ERROR; + } else { + ret = 0; + } + } + + printf(resultFmt, ret == 0 ? passed : failed); + +#endif + return ret; +} /*END test_wc_InitBlake2b*/ + + /* * Unit test for the wc_InitMd5() */ @@ -7402,6 +7579,7 @@ static int test_wc_Des3_SetKey (void) return ret; } /* END test_wc_Des3_SetKey */ + /* * Test function for wc_Des3_CbcEncrypt and wc_Des3_CbcDecrypt @@ -7642,6 +7820,48 @@ static int test_wc_Chacha_SetKey (void) return ret; } /* END test_wc_Chacha_SetKey */ +/* + * unit test for wc_Poly1305SetKey() + */ +static int test_wc_Poly1305SetKey(void) +{ + int ret = 0; + +#ifdef HAVE_POLY1305 + Poly1305 ctx; + const byte key[] = + { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01 + }; + + printf(testingFmt, "wc_Poly1305_SetKey()"); + + ret = wc_Poly1305SetKey(&ctx, key, (word32)(sizeof(key)/sizeof(byte))); + /* Test bad args. */ + if (ret == 0) { + ret = wc_Poly1305SetKey(NULL, key, (word32)(sizeof(key)/sizeof(byte))); + if(ret == BAD_FUNC_ARG) { + ret = wc_Poly1305SetKey(&ctx, NULL, (word32)(sizeof(key)/sizeof(byte))); + } + if (ret == BAD_FUNC_ARG) { + ret = wc_Poly1305SetKey(&ctx, key, 18); + } + if (ret == BAD_FUNC_ARG) { + ret = 0; + } else { + ret = WOLFSSL_FATAL_ERROR; + } + } + + printf(resultFmt, ret == 0 ? passed : failed); + +#endif + return ret; +} /* END test_wc_Poly1305_SetKey() */ + /* * Testing wc_Chacha_Process() */ @@ -9516,7 +9736,8 @@ static int test_wc_RsaPublicKeyDecodeRaw (void) } /* END test_wc_RsaPublicKeyDecodeRaw */ -#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) +#if (!defined(NO_RSA) || !defined(HAVE_FAST_RSA)) && (defined(WOLFSSL_KEY_GEN) || \ + defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) /* In FIPS builds, wc_MakeRsaKey() will return an error if it cannot find * a probable prime in 5*(modLen/2) attempts. In non-FIPS builds, it keeps * trying until it gets a probable prime. */ @@ -9852,9 +10073,10 @@ static int test_wc_RsaKeyToDer (void) * Testing wc_RsaKeyToPublicDer() */ static int test_wc_RsaKeyToPublicDer (void) -{ +{ int ret = 0; -#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) +#if !defined(NO_RSA) && !defined(HAVE_FAST_RSA) && defined(WOLFSSL_KEY_GEN) &&\ + (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) RsaKey key; WC_RNG rng; byte* der; @@ -12115,6 +12337,43 @@ static int test_wc_ed25519_exportKey (void) } /* END test_wc_ed25519_exportKey */ +/* + * Testing wc_curve25519_init and wc_curve25519_free. + */ +static int test_wc_curve25519_init (void) +{ + int ret = 0; + +#if defined(HAVE_CURVE25519) + + curve25519_key key; + + printf(testingFmt, "wc_curve25519_init()"); + + ret = wc_curve25519_init(&key); + + /* Test bad args for wc_curve25519_init */ + if (ret == 0) { + ret = wc_curve25519_init(NULL); + if (ret == BAD_FUNC_ARG) { + ret = 0; + } else if (ret == 0) { + ret = SSL_FATAL_ERROR; + } + } + + printf(resultFmt, ret == 0 ? passed : failed); + + /* Test good args for wc_curve_25519_free */ + wc_curve25519_free(&key); + + wc_curve25519_free(NULL); + +#endif + return ret; + +} /* END test_wc_curve25519_init and wc_curve_25519_free*/ + /* * Testing wc_ecc_make_key. */ @@ -14473,6 +14732,9 @@ static void test_wc_PKCS7_EncodeDecodeEnvelopedData (void) }; /* END pkcs7EnvelopedVector */ printf(testingFmt, "wc_PKCS7_EncodeEnvelopedData()"); + + AssertIntEQ(wc_PKCS7_Init(&pkcs7, HEAP_HINT, devId), 0); + testSz = (int)sizeof(testVectors)/(int)sizeof(pkcs7EnvelopedVector); for (i = 0; i < testSz; i++) { AssertIntEQ(wc_PKCS7_InitWithCert(&pkcs7, (testVectors + i)->cert, @@ -14730,13 +14992,235 @@ static void test_wc_PKCS7_EncodeEncryptedData (void) #endif } /* END test_wc_PKCS7_EncodeEncryptedData() */ +/* Testing wc_SignatureGetSize() for signature type ECC */ +static int test_wc_SignatureGetSize_ecc(void) +{ + int ret = 0; + #if defined(HAVE_ECC) && !defined(NO_ECC256) + enum wc_SignatureType sig_type; + word32 key_len; + /* Initialize ECC Key */ + ecc_key ecc; + const char* qx = + "fa2737fb93488d19caef11ae7faf6b7f4bcd67b286e3fc54e8a65c2b74aeccb0"; + const char* qy = + "d4ccd6dae698208aa8c3a6f39e45510d03be09b2f124bfc067856c324f9b4d09"; + const char* d = + "be34baa8d040a3b991f9075b56ba292f755b90e4b6dc10dad36715c33cfdac25"; + + ret = wc_ecc_init(&ecc); + if (ret == 0) { + ret = wc_ecc_import_raw(&ecc, qx, qy, d, "SECP256R1"); + } + printf(testingFmt, "wc_SigntureGetSize_ecc()"); + if (ret == 0) { + /* Input for signature type ECC */ + sig_type = WC_SIGNATURE_TYPE_ECC; + key_len = sizeof(ecc_key); + ret = wc_SignatureGetSize(sig_type, &ecc, key_len); + + /* Test bad args */ + if (ret > 0) { + sig_type = (enum wc_SignatureType) 100; + ret = wc_SignatureGetSize(sig_type, &ecc, key_len); + if (ret == BAD_FUNC_ARG) { + sig_type = WC_SIGNATURE_TYPE_ECC; + ret = wc_SignatureGetSize(sig_type, NULL, key_len); + } + if (ret >= 0) { + key_len = (word32) 0; + ret = wc_SignatureGetSize(sig_type, &ecc, key_len); + } + if (ret == BAD_FUNC_ARG) { + ret = SIG_TYPE_E; + } + } + } else { + ret = WOLFSSL_FATAL_ERROR; + } + wc_ecc_free(&ecc); + #else + ret = SIG_TYPE_E; + #endif + + if (ret == SIG_TYPE_E) { + ret = 0; + } + else { + ret = WOLFSSL_FATAL_ERROR; + } + + printf(resultFmt, ret == 0 ? passed : failed); + return ret; +}/* END test_wc_SignatureGetSize_ecc() */ + +/* Testing wc_SignatureGetSize() for signature type rsa */ +static int test_wc_SignatureGetSize_rsa(void) +{ + int ret = 0; + #ifndef NO_RSA + enum wc_SignatureType sig_type; + word32 key_len; + word32 idx = 0; + + /* Initialize RSA Key */ + RsaKey rsa_key; + byte* tmp = NULL; + size_t bytes; + + #ifdef USE_CERT_BUFFERS_1024 + bytes = (size_t)sizeof_client_key_der_1024; + if (bytes < (size_t)sizeof_client_key_der_1024) + bytes = (size_t)sizeof_client_cert_der_1024; + #elif defined(USE_CERT_BUFFERS_2048) + bytes = (size_t)sizeof_client_key_der_2048; + if (bytes < (size_t)sizeof_client_cert_der_2048) + bytes = (size_t)sizeof_client_cert_der_2048; + #else + bytes = FOURK_BUF; + #endif + + tmp = (byte*)XMALLOC(bytes, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (tmp != NULL) { + #ifdef USE_CERT_BUFFERS_1024 + XMEMCPY(tmp, client_key_der_1024, + (size_t)sizeof_client_key_der_1024); + #elif defined(USE_CERT_BUFFERS_2048) + XMEMCPY(tmp, client_key_der_2048, + (size_t)sizeof_client_key_der_2048); + #elif !defined(NO_FILESYSTEM) + file = fopen(clientKey, "rb"); + if (file != NULL) { + bytes = fread(tmp, 1, FOURK_BUF, file); + fclose(file); + } + else { + ret = WOLFSSL_FATAL_ERROR; + } + #else + ret = WOLFSSL_FATAL_ERROR; + #endif + if (ret == 0) { + ret = wc_InitRsaKey_ex(&rsa_key, HEAP_HINT, devId); + if (ret == 0) { + ret = wc_RsaPrivateKeyDecode(tmp, &idx, &rsa_key, + (word32)bytes); + } + } + } else { + ret = WOLFSSL_FATAL_ERROR; + } + + printf(testingFmt, "wc_SigntureGetSize_rsa()"); + if (ret == 0) { + /* Input for signature type RSA */ + sig_type = WC_SIGNATURE_TYPE_RSA; + key_len = sizeof(RsaKey); + ret = wc_SignatureGetSize(sig_type, &rsa_key, key_len); + + /* Test bad args */ + if (ret > 0) { + sig_type = (enum wc_SignatureType) 100; + ret = wc_SignatureGetSize(sig_type, &rsa_key, key_len); + if (ret == BAD_FUNC_ARG) { + sig_type = WC_SIGNATURE_TYPE_RSA; + ret = wc_SignatureGetSize(sig_type, NULL, key_len); + } + #ifndef HAVE_USER_RSA + if (ret == BAD_FUNC_ARG) { + #else + if (ret == 0) { + #endif + key_len = (word32)0; + ret = wc_SignatureGetSize(sig_type, &rsa_key, key_len); + } + if (ret == BAD_FUNC_ARG) { + ret = SIG_TYPE_E; + } + } + } else { + ret = WOLFSSL_FATAL_ERROR; + } + wc_FreeRsaKey(&rsa_key); + XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + #else + ret = SIG_TYPE_E; + #endif + + if (ret == SIG_TYPE_E) { + ret = 0; + }else { + ret = WOLFSSL_FATAL_ERROR; + } + + printf(resultFmt, ret == 0 ? passed : failed); + return ret; +}/* END test_wc_SignatureGetSize_rsa(void) */ + +/*----------------------------------------------------------------------------* + | hash.h Tests + *----------------------------------------------------------------------------*/ + +static int test_wc_HashInit(void) +{ + int ret = 0, i; /* 0 indicates tests passed, 1 indicates failure */ + + wc_HashAlg hash; + + /* enum for holding supported algorithms, #ifndef's restrict if disabled */ + enum wc_HashType enumArray[] = { + #ifndef NO_MD5 + WC_HASH_TYPE_MD5, + #endif + #ifndef NO_SHA + WC_HASH_TYPE_SHA, + #endif + #ifndef WOLFSSL_SHA224 + WC_HASH_TYPE_SHA224, + #endif + #ifndef NO_SHA256 + WC_HASH_TYPE_SHA256, + #endif + #ifndef WOLFSSL_SHA384 + WC_HASH_TYPE_SHA384, + #endif + #ifndef WOLFSSL_SHA512 + WC_HASH_TYPE_SHA512, + #endif + }; + /* dynamically finds the length */ + int enumlen = (sizeof(enumArray)/sizeof(enum wc_HashType)); + + /* For loop to test various arguments... */ + for (i = 0; i < enumlen; i++) { + /* check for bad args */ + if (wc_HashInit(&hash, enumArray[i]) == BAD_FUNC_ARG) { + ret = 1; + break; + } + /* check for null ptr */ + if (wc_HashInit(NULL, enumArray[i]) != BAD_FUNC_ARG) { + ret = 1; + break; + } + + } /* end of for loop */ + + printf(testingFmt, "wc_HashInit()"); + if (ret==0) { /* all tests have passed */ + printf(resultFmt, passed); + } + else { /* a test has failed */ + printf(resultFmt, failed); + } + return ret; +} /* end of test_wc_HashInit */ /*----------------------------------------------------------------------------* | Compatibility Tests *----------------------------------------------------------------------------*/ - static void test_wolfSSL_X509_NAME(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) \ @@ -15051,7 +15535,7 @@ static void test_wolfSSL_ASN1_TIME_print() sizeof_client_cert_der_2048, WOLFSSL_FILETYPE_ASN1)); AssertIntEQ(ASN1_TIME_print(bio, X509_get_notBefore(x509)), 1); AssertIntEQ(BIO_read(bio, buf, sizeof(buf)), 24); - AssertIntEQ(XMEMCMP(buf, "Aug 11 20:07:37 2016 GMT", sizeof(buf) - 1), 0); + AssertIntEQ(XMEMCMP(buf, "Apr 13 15:23:09 2018 GMT", sizeof(buf) - 1), 0); /* create a bad time and test results */ AssertNotNull(t = X509_get_notAfter(x509)); @@ -15069,6 +15553,24 @@ static void test_wolfSSL_ASN1_TIME_print() } +static void test_wolfSSL_ASN1_GENERALIZEDTIME_free(){ + #if defined(OPENSSL_EXTRA) + WOLFSSL_ASN1_GENERALIZEDTIME* asn1_gtime; + unsigned char nullstr[32]; + + XMEMSET(nullstr, 0, 32); + asn1_gtime = (WOLFSSL_ASN1_GENERALIZEDTIME*)XMALLOC( + sizeof(WOLFSSL_ASN1_GENERALIZEDTIME), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + XMEMCPY(asn1_gtime->data,"20180504123500Z",ASN_GENERALIZED_TIME_SIZE); + wolfSSL_ASN1_GENERALIZEDTIME_free(asn1_gtime); + AssertIntEQ(0, XMEMCMP(asn1_gtime->data, nullstr, 32)); + + XFREE(asn1_gtime, NULL, DYNAMIC_TYPE_TMP_BUFFER); + #endif /* OPENSSL_EXTRA */ +} + + static void test_wolfSSL_private_keys(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ @@ -15240,7 +15742,11 @@ static void test_wolfSSL_PEM_PrivateKey(void) SSL_CTX* ctx; char passwd[] = "bad password"; + #ifndef WOLFSSL_NO_TLS12 AssertNotNull(ctx = SSL_CTX_new(TLSv1_2_server_method())); + #else + AssertNotNull(ctx = SSL_CTX_new(TLSv1_3_server_method())); + #endif AssertNotNull(bio = BIO_new_file("./certs/server-keyEnc.pem", "rb")); SSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); @@ -15277,7 +15783,11 @@ static void test_wolfSSL_PEM_PrivateKey(void) XFILE f; SSL_CTX* ctx; + #ifndef WOLFSSL_NO_TLS12 AssertNotNull(ctx = SSL_CTX_new(TLSv1_2_server_method())); + #else + AssertNotNull(ctx = SSL_CTX_new(TLSv1_3_server_method())); + #endif AssertNotNull(f = XFOPEN("./certs/ecc-key.der", "rb")); bytes = XFREAD(buf, 1, sizeof(buf), f); @@ -15579,7 +16089,8 @@ static void test_wolfSSL_ERR_peek_last_error_line(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ !defined(NO_FILESYSTEM) && defined(DEBUG_WOLFSSL) && \ - !defined(NO_OLD_TLS) && defined(HAVE_IO_TESTS_DEPENDENCIES) + !defined(NO_OLD_TLS) && !defined(WOLFSSL_NO_TLS12) && \ + defined(HAVE_IO_TESTS_DEPENDENCIES) tcp_ready ready; func_args client_args; func_args server_args; @@ -15984,6 +16495,33 @@ static void test_wolfSSL_CTX_set_srp_password(void) /* && !NO_SHA256 && !WC_NO_RNG */ } +static void test_wolfSSL_X509_STORE(void) +{ +#if defined(OPENSSL_EXTRA) && defined(HAVE_CRL) + X509_STORE *store; + X509_CRL *crl; + X509 *x509; + const char crl_pem[] = "./certs/crl/crl.pem"; + const char svrCert[] = "./certs/server-cert.pem"; + XFILE fp; + + printf(testingFmt, "test_wolfSSL_X509_STORE"); + AssertNotNull(store = (X509_STORE *)X509_STORE_new()); + AssertNotNull((x509 = + wolfSSL_X509_load_certificate_file(svrCert, SSL_FILETYPE_PEM))); + AssertIntEQ(X509_STORE_add_cert(store, x509), SSL_SUCCESS); + X509_free(x509); + AssertNotNull(fp = XFOPEN(crl_pem, "rb")); + AssertNotNull(crl = (X509_CRL *)PEM_read_X509_CRL(fp, (X509_CRL **)NULL, NULL, NULL)); + XFCLOSE(fp); + AssertIntEQ(X509_STORE_add_crl(store, crl), SSL_SUCCESS); + X509_CRL_free(crl); + X509_STORE_free(store); + printf(resultFmt, passed); +#endif + return; +} + static void test_wolfSSL_BN(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_ASN) @@ -16108,7 +16646,7 @@ static void msg_cb(int write_p, int version, int content_type, #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ !defined(NO_FILESYSTEM) && defined(DEBUG_WOLFSSL) && \ - !defined(NO_OLD_TLS) && defined(HAVE_IO_TESTS_DEPENDENCIES) + defined(HAVE_IO_TESTS_DEPENDENCIES) #ifndef SINGLE_THREADED static int msgCb(SSL_CTX *ctx, SSL *ssl) { @@ -16128,7 +16666,7 @@ static void test_wolfSSL_msgCb(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ !defined(NO_FILESYSTEM) && defined(DEBUG_WOLFSSL) && \ - !defined(NO_OLD_TLS) && defined(HAVE_IO_TESTS_DEPENDENCIES) + defined(HAVE_IO_TESTS_DEPENDENCIES) tcp_ready ready; func_args client_args; @@ -16153,8 +16691,13 @@ static void test_wolfSSL_msgCb(void) XMEMSET(&client_cb, 0, sizeof(callback_functions)); XMEMSET(&server_cb, 0, sizeof(callback_functions)); +#ifndef WOLFSSL_NO_TLS12 client_cb.method = wolfTLSv1_2_client_method; server_cb.method = wolfTLSv1_2_server_method; +#else + client_cb.method = wolfTLSv1_3_client_method; + server_cb.method = wolfTLSv1_3_server_method; +#endif server_args.signal = &ready; server_args.callbacks = &server_cb; @@ -16599,8 +17142,8 @@ static void test_wolfSSL_ASN1_TIME_adj(void) /* GeneralizedTime notation test */ /* 2055/03/01 09:00:00 */ t = (time_t)85 * year + 59 * day + 9 * hour + 21 * day; - offset_day = 12; - offset_sec = 10 * mini; + offset_day = 12; + offset_sec = 10 * mini; asn_time = wolfSSL_ASN1_TIME_adj(s, t, offset_day, offset_sec); AssertTrue(asn_time->data[0] == asn_gen_time); XSTRNCPY(date_str,(const char*) &asn_time->data+2, 15); @@ -16642,6 +17185,9 @@ static void test_wolfSSL_X509(void) X509_STORE_CTX* ctx; X509_STORE* store; + char der[] = "certs/ca-cert.der"; + XFILE fp; + printf(testingFmt, "wolfSSL_X509()"); AssertNotNull(x509 = X509_new()); @@ -16666,6 +17212,18 @@ static void test_wolfSSL_X509(void) X509_STORE_CTX_free(ctx); BIO_free(bio); + /** d2i_X509_fp test **/ + AssertNotNull(fp = XFOPEN(der, "rb")); + AssertNotNull(x509 = (X509 *)d2i_X509_fp(fp, (X509 **)NULL)); + AssertNotNull(x509); + X509_free(x509); + XFCLOSE(fp); + AssertNotNull(fp = XFOPEN(der, "rb")); + AssertNotNull((X509 *)d2i_X509_fp(fp, (X509 **)&x509)); + AssertNotNull(x509); + X509_free(x509); + XFCLOSE(fp); + printf(resultFmt, passed); #endif } @@ -16679,6 +17237,7 @@ static void test_wolfSSL_RAND(void) printf(testingFmt, "wolfSSL_RAND()"); RAND_seed(seed, sizeof(seed)); + AssertIntEQ(RAND_poll(), 1); RAND_cleanup(); AssertIntEQ(RAND_egd(NULL), -1); @@ -17376,6 +17935,42 @@ static void test_wolfSSL_RSA(void) #endif } +static void test_wolfSSL_RSA_DER(void) +{ +#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_FAST_RSA) + + RSA *rsa; + int i; + + struct + { + const unsigned char *der; + int sz; + } tbl[] = { +#ifdef USE_CERT_BUFFERS_1024 + {client_key_der_1024, sizeof_client_key_der_1024}, + {server_key_der_1024, sizeof_server_key_der_1024}, +#endif +#ifdef USE_CERT_BUFFERS_2048 + {client_key_der_2048, sizeof_client_key_der_2048}, + {server_key_der_2048, sizeof_server_key_der_2048}, +#endif + {NULL, 0} + }; + + printf(testingFmt, "test_wolfSSL_RSA_DER()"); + + for (i = 0; tbl[i].der != NULL; i++) + { + AssertNotNull(d2i_RSAPublicKey(&rsa, &tbl[i].der, tbl[i].sz)); + AssertNotNull(rsa); + RSA_free(rsa); + } + printf(resultFmt, passed); + +#endif +} + static void test_wolfSSL_verify_depth(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) @@ -17383,6 +17978,7 @@ static void test_wolfSSL_verify_depth(void) WOLFSSL_CTX* ctx; long depth; + printf(testingFmt, "test_wolfSSL_verify_depth()"); AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, SSL_FILETYPE_PEM)); @@ -17643,6 +18239,52 @@ static void test_wolfSSL_SHA(void) AssertIntEQ(XMEMCMP(out, expected, WC_SHA_DIGEST_SIZE), 0); } #endif + + #if !defined(NO_SHA256) + { + const unsigned char in[] = "abc"; + unsigned char expected[] = "\xBA\x78\x16\xBF\x8F\x01\xCF\xEA\x41\x41\x40\xDE\x5D\xAE\x22" + "\x23\xB0\x03\x61\xA3\x96\x17\x7A\x9C\xB4\x10\xFF\x61\xF2\x00" + "\x15\xAD"; + unsigned char out[WC_SHA256_DIGEST_SIZE]; + + XMEMSET(out, 0, WC_SHA256_DIGEST_SIZE); + AssertNotNull(SHA256(in, XSTRLEN((char*)in), out)); + AssertIntEQ(XMEMCMP(out, expected, WC_SHA256_DIGEST_SIZE), 0); + } + #endif + + #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_SHA512) + { + const unsigned char in[] = "abc"; + unsigned char expected[] = "\xcb\x00\x75\x3f\x45\xa3\x5e\x8b\xb5\xa0\x3d\x69\x9a\xc6\x50" + "\x07\x27\x2c\x32\xab\x0e\xde\xd1\x63\x1a\x8b\x60\x5a\x43\xff" + "\x5b\xed\x80\x86\x07\x2b\xa1\xe7\xcc\x23\x58\xba\xec\xa1\x34" + "\xc8\x25\xa7"; + unsigned char out[WC_SHA384_DIGEST_SIZE]; + + XMEMSET(out, 0, WC_SHA384_DIGEST_SIZE); + AssertNotNull(SHA384(in, XSTRLEN((char*)in), out)); + AssertIntEQ(XMEMCMP(out, expected, WC_SHA384_DIGEST_SIZE), 0); + } + #endif + + #if defined(WOLFSSL_SHA512) + { + const unsigned char in[] = "abc"; + unsigned char expected[] = "\xdd\xaf\x35\xa1\x93\x61\x7a\xba\xcc\x41\x73\x49\xae\x20\x41" + "\x31\x12\xe6\xfa\x4e\x89\xa9\x7e\xa2\x0a\x9e\xee\xe6\x4b\x55" + "\xd3\x9a\x21\x92\x99\x2a\x27\x4f\xc1\xa8\x36\xba\x3c\x23\xa3" + "\xfe\xeb\xbd\x45\x4d\x44\x23\x64\x3c\xe8\x0e\x2a\x9a\xc9\x4f" + "\xa5\x4c\xa4\x9f"; + unsigned char out[WC_SHA512_DIGEST_SIZE]; + + XMEMSET(out, 0, WC_SHA512_DIGEST_SIZE); + AssertNotNull(SHA512(in, XSTRLEN((char*)in), out)); + AssertIntEQ(XMEMCMP(out, expected, WC_SHA512_DIGEST_SIZE), 0); + } + #endif + printf(resultFmt, passed); #endif } @@ -17744,7 +18386,7 @@ static void test_wolfSSL_AES_ecb_encrypt(void) static void test_wolfSSL_SHA256(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_SHA256) && \ - defined(NO_OLD_SHA256_NAMES) && !defined(HAVE_FIPS) + defined(NO_OLD_SHA_NAMES) && !defined(HAVE_FIPS) unsigned char input[] = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"; unsigned char output[] = @@ -17799,6 +18441,163 @@ static void test_wolfSSL_X509_get_serialNumber(void) #endif } + +static void test_wolfSSL_OPENSSL_add_all_algorithms(void){ +#if defined(OPENSSL_EXTRA) + printf(testingFmt, "wolfSSL_OPENSSL_add_all_algorithms()"); + + AssertIntEQ(wolfSSL_OPENSSL_add_all_algorithms_noconf(),WOLFSSL_SUCCESS); + wolfSSL_Cleanup(); + + printf(resultFmt, passed); +#endif +} + +static void test_wolfSSL_ASN1_STRING_print_ex(void){ +#if defined(OPENSSL_EXTRA) && !defined(NO_ASN) + ASN1_STRING* asn_str = NULL; + const char data[] = "Hello wolfSSL!"; + ASN1_STRING* esc_str = NULL; + const char esc_data[] = "a+;<>"; + BIO *bio; + unsigned long flags; + int p_len; + unsigned char rbuf[255]; + + printf(testingFmt, "wolfSSL_ASN1_STRING_print_ex()"); + + /* setup */ + XMEMSET(rbuf, 0, 255); + bio = BIO_new(BIO_s_mem()); + BIO_set_write_buf_size(bio,255); + + asn_str = ASN1_STRING_type_new(V_ASN1_OCTET_STRING); + ASN1_STRING_set(asn_str, (const void*)data, sizeof(data)); + esc_str = ASN1_STRING_type_new(V_ASN1_OCTET_STRING); + ASN1_STRING_set(esc_str, (const void*)esc_data, sizeof(esc_data)); + + /* no flags */ + XMEMSET(rbuf, 0, 255); + flags = 0; + p_len = wolfSSL_ASN1_STRING_print_ex(bio, asn_str, flags); + AssertIntEQ(p_len, 15); + BIO_read(bio, (void*)rbuf, 15); + AssertStrEQ((char*)rbuf, "Hello wolfSSL!"); + + /* RFC2253 Escape */ + XMEMSET(rbuf, 0, 255); + flags = ASN1_STRFLGS_ESC_2253; + p_len = wolfSSL_ASN1_STRING_print_ex(bio, esc_str, flags); + AssertIntEQ(p_len, 9); + BIO_read(bio, (void*)rbuf, 9); + AssertStrEQ((char*)rbuf, "a\\+\\;\\<\\>"); + + /* Show type */ + XMEMSET(rbuf, 0, 255); + flags = ASN1_STRFLGS_SHOW_TYPE; + p_len = wolfSSL_ASN1_STRING_print_ex(bio, asn_str, flags); + AssertIntEQ(p_len, 28); + BIO_read(bio, (void*)rbuf, 28); + AssertStrEQ((char*)rbuf, "OCTET STRING:Hello wolfSSL!"); + + /* Dump All */ + XMEMSET(rbuf, 0, 255); + flags = ASN1_STRFLGS_DUMP_ALL; + p_len = wolfSSL_ASN1_STRING_print_ex(bio, asn_str, flags); + AssertIntEQ(p_len, 31); + BIO_read(bio, (void*)rbuf, 31); + AssertStrEQ((char*)rbuf, "#48656C6C6F20776F6C6653534C2100"); + + /* Dump Der */ + XMEMSET(rbuf, 0, 255); + flags = ASN1_STRFLGS_DUMP_ALL | ASN1_STRFLGS_DUMP_DER; + p_len = wolfSSL_ASN1_STRING_print_ex(bio, asn_str, flags); + AssertIntEQ(p_len, 35); + BIO_read(bio, (void*)rbuf, 35); + AssertStrEQ((char*)rbuf, "#040F48656C6C6F20776F6C6653534C2100"); + + /* Dump All + Show type */ + XMEMSET(rbuf, 0, 255); + flags = ASN1_STRFLGS_DUMP_ALL | ASN1_STRFLGS_SHOW_TYPE; + p_len = wolfSSL_ASN1_STRING_print_ex(bio, asn_str, flags); + AssertIntEQ(p_len, 44); + BIO_read(bio, (void*)rbuf, 44); + AssertStrEQ((char*)rbuf, "OCTET STRING:#48656C6C6F20776F6C6653534C2100"); + + BIO_free(bio); + ASN1_STRING_free(asn_str); + ASN1_STRING_free(esc_str); + + printf(resultFmt, passed); +#endif +} + +static void test_wolfSSL_ASN1_TIME_to_generalizedtime(void){ +#if defined(OPENSSL_EXTRA) && !defined(NO_ASN1_TIME) + WOLFSSL_ASN1_TIME *t; + WOLFSSL_ASN1_TIME *out; + WOLFSSL_ASN1_TIME *gtime; + + printf(testingFmt, "wolfSSL_ASN1_TIME_to_generalizedtime()"); + + /* UTC Time test */ + t = (WOLFSSL_ASN1_TIME*)XMALLOC(sizeof(WOLFSSL_ASN1_TIME), NULL, DYNAMIC_TYPE_TMP_BUFFER); + XMEMSET(t->data, 0, ASN_GENERALIZED_TIME_SIZE); + out = (WOLFSSL_ASN1_TIME*)XMALLOC(sizeof(WOLFSSL_ASN1_TIME), NULL, DYNAMIC_TYPE_TMP_BUFFER); + t->data[0] = ASN_UTC_TIME; + t->data[1] = ASN_UTC_TIME_SIZE; + XMEMCPY(t->data + 2,"050727123456Z",ASN_UTC_TIME_SIZE); + + gtime = wolfSSL_ASN1_TIME_to_generalizedtime(t, &out); + AssertIntEQ(gtime->data[0], ASN_GENERALIZED_TIME); + AssertIntEQ(gtime->data[1], ASN_GENERALIZED_TIME_SIZE); + AssertStrEQ((char*)gtime->data + 2, "20050727123456Z"); + + /* Generalized Time test */ + XMEMSET(t, 0, ASN_GENERALIZED_TIME_SIZE); + XMEMSET(out, 0, ASN_GENERALIZED_TIME_SIZE); + gtime = NULL; + t->data[0] = ASN_GENERALIZED_TIME; + t->data[1] = ASN_GENERALIZED_TIME_SIZE; + XMEMCPY(t->data + 2,"20050727123456Z",ASN_GENERALIZED_TIME_SIZE); + gtime = wolfSSL_ASN1_TIME_to_generalizedtime(t, &out); + AssertIntEQ(gtime->data[0], ASN_GENERALIZED_TIME); + AssertIntEQ(gtime->data[1], ASN_GENERALIZED_TIME_SIZE); + AssertStrEQ((char*)gtime->data + 2, "20050727123456Z"); + XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER); + + /* Null parameter test */ + XMEMSET(t, 0, ASN_GENERALIZED_TIME_SIZE); + gtime = NULL; + out = NULL; + t->data[0] = ASN_UTC_TIME; + t->data[1] = ASN_UTC_TIME_SIZE; + XMEMCPY(t->data + 2,"050727123456Z",ASN_UTC_TIME_SIZE); + AssertNotNull(gtime = wolfSSL_ASN1_TIME_to_generalizedtime(t, NULL)); + AssertIntEQ(gtime->data[0], ASN_GENERALIZED_TIME); + AssertIntEQ(gtime->data[1], ASN_GENERALIZED_TIME_SIZE); + AssertStrEQ((char*)gtime->data + 2, "20050727123456Z"); + + XFREE(gtime, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(t, NULL, DYNAMIC_TYPE_TMP_BUFFER); + printf(resultFmt, passed); +#endif +} + +static void test_wolfSSL_X509_check_ca(void){ +#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) + WOLFSSL_X509 *x509; + + x509 = wolfSSL_X509_load_certificate_file(svrCertFile, WOLFSSL_FILETYPE_PEM); + AssertIntEQ(wolfSSL_X509_check_ca(x509), 1); + wolfSSL_X509_free(x509); + + x509 = wolfSSL_X509_load_certificate_file(ntruCertFile, WOLFSSL_FILETYPE_PEM); + AssertIntEQ(wolfSSL_X509_check_ca(x509), 0); + wolfSSL_X509_free(x509); +#endif +} + static void test_no_op_functions(void) { #if defined(OPENSSL_EXTRA) @@ -18130,10 +18929,12 @@ static char earlyDataBuffer[1]; static int test_tls13_apis(void) { int ret = 0; +#ifndef WOLFSSL_NO_TLS12 WOLFSSL_CTX* clientTls12Ctx; WOLFSSL* clientTls12Ssl; WOLFSSL_CTX* serverTls12Ctx; WOLFSSL* serverTls12Ssl; +#endif WOLFSSL_CTX* clientCtx; WOLFSSL* clientSsl; WOLFSSL_CTX* serverCtx; @@ -18148,6 +18949,7 @@ static int test_tls13_apis(void) int groups[1] = { WOLFSSL_ECC_X25519 }; int numGroups = 1; +#ifndef WOLFSSL_NO_TLS12 clientTls12Ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()); clientTls12Ssl = wolfSSL_new(clientTls12Ctx); serverTls12Ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method()); @@ -18156,6 +18958,7 @@ static int test_tls13_apis(void) wolfSSL_CTX_use_PrivateKey_file(serverTls12Ctx, ourKey, WOLFSSL_FILETYPE_PEM); #endif serverTls12Ssl = wolfSSL_new(serverTls12Ctx); +#endif clientCtx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()); clientSsl = wolfSSL_new(clientCtx); @@ -18169,7 +18972,9 @@ static int test_tls13_apis(void) #ifdef WOLFSSL_SEND_HRR_COOKIE AssertIntEQ(wolfSSL_send_hrr_cookie(NULL, NULL, 0), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_send_hrr_cookie(clientSsl, NULL, 0), SIDE_ERROR); +#ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_send_hrr_cookie(serverTls12Ssl, NULL, 0), BAD_FUNC_ARG); +#endif AssertIntEQ(wolfSSL_send_hrr_cookie(serverSsl, NULL, 0), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_send_hrr_cookie(serverSsl, fixedKey, sizeof(fixedKey)), @@ -18180,88 +18985,116 @@ static int test_tls13_apis(void) AssertIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_SECP256R1), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_UseKeyShare(serverSsl, WOLFSSL_ECC_SECP256R1), WOLFSSL_SUCCESS); +#ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_UseKeyShare(clientTls12Ssl, WOLFSSL_ECC_SECP256R1), WOLFSSL_SUCCESS); +#endif AssertIntEQ(wolfSSL_UseKeyShare(clientSsl, WOLFSSL_ECC_SECP256R1), WOLFSSL_SUCCESS); #elif defined(HAVE_CURVE25519) AssertIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_X25519), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_UseKeyShare(serverSsl, WOLFSSL_ECC_X25519), WOLFSSL_SUCCESS); +#ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_UseKeyShare(clientTls12Ssl, WOLFSSL_ECC_X25519), WOLFSSL_SUCCESS); +#endif AssertIntEQ(wolfSSL_UseKeyShare(clientSsl, WOLFSSL_ECC_X25519), WOLFSSL_SUCCESS); #else AssertIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_SECP256R1), BAD_FUNC_ARG); +#ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_UseKeyShare(clientTls12Ssl, WOLFSSL_ECC_SECP256R1), NOT_COMPILED_IN); +#endif AssertIntEQ(wolfSSL_UseKeyShare(clientSsl, WOLFSSL_ECC_SECP256R1), NOT_COMPILED_IN); #endif AssertIntEQ(wolfSSL_NoKeyShares(NULL), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_NoKeyShares(serverSsl), SIDE_ERROR); +#ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_NoKeyShares(clientTls12Ssl), WOLFSSL_SUCCESS); +#endif AssertIntEQ(wolfSSL_NoKeyShares(clientSsl), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_CTX_no_ticket_TLSv13(NULL), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_CTX_no_ticket_TLSv13(clientCtx), SIDE_ERROR); +#ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_CTX_no_ticket_TLSv13(serverTls12Ctx), BAD_FUNC_ARG); +#endif AssertIntEQ(wolfSSL_CTX_no_ticket_TLSv13(serverCtx), 0); AssertIntEQ(wolfSSL_no_ticket_TLSv13(NULL), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_no_ticket_TLSv13(clientSsl), SIDE_ERROR); +#ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_no_ticket_TLSv13(serverTls12Ssl), BAD_FUNC_ARG); +#endif AssertIntEQ(wolfSSL_no_ticket_TLSv13(serverSsl), 0); AssertIntEQ(wolfSSL_CTX_no_dhe_psk(NULL), BAD_FUNC_ARG); +#ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_CTX_no_dhe_psk(clientTls12Ctx), BAD_FUNC_ARG); +#endif AssertIntEQ(wolfSSL_CTX_no_dhe_psk(serverCtx), 0); AssertIntEQ(wolfSSL_CTX_no_dhe_psk(clientCtx), 0); AssertIntEQ(wolfSSL_no_dhe_psk(NULL), BAD_FUNC_ARG); +#ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_no_dhe_psk(clientTls12Ssl), BAD_FUNC_ARG); +#endif AssertIntEQ(wolfSSL_no_dhe_psk(serverSsl), 0); AssertIntEQ(wolfSSL_no_dhe_psk(clientSsl), 0); AssertIntEQ(wolfSSL_update_keys(NULL), BAD_FUNC_ARG); +#ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_update_keys(clientTls12Ssl), BAD_FUNC_ARG); +#endif AssertIntEQ(wolfSSL_update_keys(serverSsl), BUILD_MSG_ERROR); AssertIntEQ(wolfSSL_update_keys(clientSsl), BUILD_MSG_ERROR); #if !defined(NO_CERTS) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) AssertIntEQ(wolfSSL_CTX_allow_post_handshake_auth(NULL), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_CTX_allow_post_handshake_auth(serverCtx), SIDE_ERROR); +#ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_CTX_allow_post_handshake_auth(clientTls12Ctx), BAD_FUNC_ARG); +#endif AssertIntEQ(wolfSSL_CTX_allow_post_handshake_auth(clientCtx), 0); AssertIntEQ(wolfSSL_allow_post_handshake_auth(NULL), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_allow_post_handshake_auth(serverSsl), SIDE_ERROR); +#ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_allow_post_handshake_auth(clientTls12Ssl), BAD_FUNC_ARG); +#endif AssertIntEQ(wolfSSL_allow_post_handshake_auth(clientSsl), 0); AssertIntEQ(wolfSSL_request_certificate(NULL), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_request_certificate(clientSsl), SIDE_ERROR); +#ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_request_certificate(serverTls12Ssl), BAD_FUNC_ARG); +#endif AssertIntEQ(wolfSSL_request_certificate(serverSsl), NOT_READY_ERROR); #endif #ifndef WOLFSSL_NO_SERVER_GROUPS_EXT AssertIntEQ(wolfSSL_preferred_group(NULL), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_preferred_group(serverSsl), SIDE_ERROR); +#ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_preferred_group(clientTls12Ssl), BAD_FUNC_ARG); +#endif AssertIntEQ(wolfSSL_preferred_group(clientSsl), NOT_READY_ERROR); #endif AssertIntEQ(wolfSSL_CTX_set_groups(NULL, NULL, 0), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_CTX_set_groups(clientCtx, NULL, 0), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_CTX_set_groups(NULL, groups, numGroups), BAD_FUNC_ARG); +#ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_CTX_set_groups(clientTls12Ctx, groups, numGroups), BAD_FUNC_ARG); +#endif AssertIntEQ(wolfSSL_CTX_set_groups(clientCtx, groups, WOLFSSL_MAX_GROUP_COUNT + 1), BAD_FUNC_ARG); @@ -18273,8 +19106,10 @@ static int test_tls13_apis(void) AssertIntEQ(wolfSSL_set_groups(NULL, NULL, 0), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_set_groups(clientSsl, NULL, 0), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_set_groups(NULL, groups, numGroups), BAD_FUNC_ARG); +#ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_set_groups(clientTls12Ssl, groups, numGroups), BAD_FUNC_ARG); +#endif AssertIntEQ(wolfSSL_set_groups(clientSsl, groups, WOLFSSL_MAX_GROUP_COUNT + 1), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_set_groups(clientSsl, groups, numGroups), @@ -18285,13 +19120,17 @@ static int test_tls13_apis(void) #ifdef WOLFSSL_EARLY_DATA AssertIntEQ(wolfSSL_CTX_set_max_early_data(NULL, 0), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_CTX_set_max_early_data(clientCtx, 0), SIDE_ERROR); +#ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_CTX_set_max_early_data(serverTls12Ctx, 0), BAD_FUNC_ARG); +#endif AssertIntEQ(wolfSSL_CTX_set_max_early_data(serverCtx, 0), 0); AssertIntEQ(wolfSSL_set_max_early_data(NULL, 0), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_set_max_early_data(clientSsl, 0), SIDE_ERROR); +#ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_set_max_early_data(serverTls12Ssl, 0), BAD_FUNC_ARG); +#endif AssertIntEQ(wolfSSL_set_max_early_data(serverSsl, 0), 0); AssertIntEQ(wolfSSL_write_early_data(NULL, earlyData, sizeof(earlyData), @@ -18306,9 +19145,11 @@ static int test_tls13_apis(void) AssertIntEQ(wolfSSL_write_early_data(serverSsl, earlyData, sizeof(earlyData), &outSz), SIDE_ERROR); +#ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_write_early_data(clientTls12Ssl, earlyData, sizeof(earlyData), &outSz), BAD_FUNC_ARG); +#endif AssertIntEQ(wolfSSL_write_early_data(clientSsl, earlyData, sizeof(earlyData), &outSz), WOLFSSL_FATAL_ERROR); @@ -18327,9 +19168,11 @@ static int test_tls13_apis(void) AssertIntEQ(wolfSSL_read_early_data(clientSsl, earlyDataBuffer, sizeof(earlyDataBuffer), &outSz), SIDE_ERROR); +#ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_read_early_data(serverTls12Ssl, earlyDataBuffer, sizeof(earlyDataBuffer), &outSz), BAD_FUNC_ARG); +#endif AssertIntEQ(wolfSSL_read_early_data(serverSsl, earlyDataBuffer, sizeof(earlyDataBuffer), &outSz), WOLFSSL_FATAL_ERROR); @@ -18340,10 +19183,12 @@ static int test_tls13_apis(void) wolfSSL_free(clientSsl); wolfSSL_CTX_free(clientCtx); +#ifndef WOLFSSL_NO_TLS12 wolfSSL_free(serverTls12Ssl); wolfSSL_CTX_free(serverTls12Ctx); wolfSSL_free(clientTls12Ssl); wolfSSL_CTX_free(clientTls12Ctx); +#endif return ret; } @@ -18471,12 +19316,20 @@ static void test_DhCallbacks(void) /* set callbacks to use DH functions */ func_cb_client.ctx_ready = &test_dh_ctx_setup; func_cb_client.ssl_ready = &test_dh_ssl_setup; +#ifndef WOLFSSL_NO_TLS12 func_cb_client.method = wolfTLSv1_2_client_method; +#else + func_cb_client.method = wolfTLSv1_3_client_method; +#endif client_args.callbacks = &func_cb_client; func_cb_server.ctx_ready = &test_dh_ctx_setup; func_cb_server.ssl_ready = &test_dh_ssl_setup; +#ifndef WOLFSSL_NO_TLS12 func_cb_server.method = wolfTLSv1_2_server_method; +#else + func_cb_server.method = wolfTLSv1_3_server_method; +#endif server_args.callbacks = &func_cb_server; start_thread(test_server_nofail, &server_args, &serverThread); @@ -18518,12 +19371,20 @@ static void test_DhCallbacks(void) /* set callbacks to use DH functions */ func_cb_client.ctx_ready = &test_dh_ctx_setup; func_cb_client.ssl_ready = &test_dh_ssl_setup_fail; +#ifndef WOLFSSL_NO_TLS12 func_cb_client.method = wolfTLSv1_2_client_method; +#else + func_cb_client.method = wolfTLSv1_3_client_method; +#endif client_args.callbacks = &func_cb_client; func_cb_server.ctx_ready = &test_dh_ctx_setup; func_cb_server.ssl_ready = &test_dh_ssl_setup_fail; +#ifndef WOLFSSL_NO_TLS12 func_cb_server.method = wolfTLSv1_2_server_method; +#else + func_cb_server.method = wolfTLSv1_3_server_method; +#endif server_args.callbacks = &func_cb_server; start_thread(test_server_nofail, &server_args, &serverThread); @@ -18570,6 +19431,155 @@ static int test_wc_RNG_GenerateBlock() } #endif +static void test_wolfSSL_X509_CRL(void) +{ +#if defined(OPENSSL_EXTRA) && defined(HAVE_CRL) + + X509_CRL *crl; + char pem[][100] = { + "./certs/crl/crl.pem", + "./certs/crl/crl2.pem", + "./certs/crl/caEccCrl.pem", + "./certs/crl/eccCliCRL.pem", + "./certs/crl/eccSrvCRL.pem", + "" + }; + +#ifdef HAVE_TEST_d2i_X509_CRL_fp + char der[][100] = { + "./certs/crl/crl.der", + "./certs/crl/crl2.der", + ""}; +#endif + + XFILE fp; + int i; + + printf(testingFmt, "test_wolfSSL_X509_CRL"); + + for (i = 0; pem[i][0] != '\0'; i++) + { + AssertNotNull(fp = XFOPEN(pem[i], "rb")); + AssertNotNull(crl = (X509_CRL *)PEM_read_X509_CRL(fp, (X509_CRL **)NULL, NULL, NULL)); + AssertNotNull(crl); + X509_CRL_free(crl); + XFCLOSE(fp); + AssertNotNull(fp = XFOPEN(pem[i], "rb")); + AssertNotNull((X509_CRL *)PEM_read_X509_CRL(fp, (X509_CRL **)&crl, NULL, NULL)); + AssertNotNull(crl); + X509_CRL_free(crl); + XFCLOSE(fp); + } + +#ifdef HAVE_TEST_d2i_X509_CRL_fp + for(i = 0; der[i][0] != '\0'; i++){ + AssertNotNull(fp = XFOPEN(der[i], "rb")); + AssertNotNull(crl = (X509_CRL *)d2i_X509_CRL_fp((fp, X509_CRL **)NULL)); + AssertNotNull(crl); + X509_CRL_free(crl); + XFCLOSE(fp); + AssertNotNull(fp = XFOPEN(der[i], "rb")); + AssertNotNull((X509_CRL *)d2i_X509_CRL_fp(fp, (X509_CRL **)&crl)); + AssertNotNull(crl); + X509_CRL_free(crl); + XFCLOSE(fp); + } +#endif + + printf(resultFmt, passed); +#endif + return; +} + +static void test_wolfSSL_i2c_ASN1_INTEGER() +{ +#ifdef OPENSSL_EXTRA + ASN1_INTEGER *a; + unsigned char *pp,*tpp; + int ret; + + a = wolfSSL_ASN1_INTEGER_new(); + + /* 40 */ + a->intData[0] = ASN_INTEGER; + a->intData[1] = 1; + a->intData[2] = 40; + ret = wolfSSL_i2c_ASN1_INTEGER(a, NULL); + AssertIntEQ(ret, 1); + pp = (unsigned char*)XMALLOC(ret + 1, NULL, DYNAMIC_TYPE_TMP_BUFFER); + tpp = pp; + XMEMSET(pp, 0, ret + 1); + wolfSSL_i2c_ASN1_INTEGER(a, &pp); + pp--; + AssertIntEQ(*pp, 40); + XFREE(tpp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + + /* 128 */ + a->intData[0] = ASN_INTEGER; + a->intData[1] = 1; + a->intData[2] = 128; + ret = wolfSSL_i2c_ASN1_INTEGER(a, NULL); + AssertIntEQ(ret, 2); + pp = (unsigned char*)XMALLOC(ret + 1, NULL, DYNAMIC_TYPE_TMP_BUFFER); + tpp = pp; + XMEMSET(pp, 0, ret + 1); + wolfSSL_i2c_ASN1_INTEGER(a, &pp); + pp--; + AssertIntEQ(*(pp--), 128); + AssertIntEQ(*pp, 0); + XFREE(tpp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + + /* -40 */ + a->intData[0] = ASN_INTEGER; + a->intData[1] = 1; + a->intData[2] = 40; + a->negative = 1; + ret = wolfSSL_i2c_ASN1_INTEGER(a, NULL); + AssertIntEQ(ret, 1); + pp = (unsigned char*)XMALLOC(ret + 1, NULL, DYNAMIC_TYPE_TMP_BUFFER); + tpp = pp; + XMEMSET(pp, 0, ret + 1); + wolfSSL_i2c_ASN1_INTEGER(a, &pp); + pp--; + AssertIntEQ(*pp, 216); + XFREE(tpp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + + /* -128 */ + a->intData[0] = ASN_INTEGER; + a->intData[1] = 1; + a->intData[2] = 128; + a->negative = 1; + ret = wolfSSL_i2c_ASN1_INTEGER(a, NULL); + AssertIntEQ(ret, 1); + pp = (unsigned char*)XMALLOC(ret + 1, NULL, DYNAMIC_TYPE_TMP_BUFFER); + tpp = pp; + XMEMSET(pp, 0, ret + 1); + wolfSSL_i2c_ASN1_INTEGER(a, &pp); + pp--; + AssertIntEQ(*pp, 128); + XFREE(tpp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + + /* -200 */ + a->intData[0] = ASN_INTEGER; + a->intData[1] = 1; + a->intData[2] = 200; + a->negative = 1; + ret = wolfSSL_i2c_ASN1_INTEGER(a, NULL); + AssertIntEQ(ret, 2); + pp = (unsigned char*)XMALLOC(ret + 1, NULL, DYNAMIC_TYPE_TMP_BUFFER); + tpp = pp; + XMEMSET(pp, 0, ret + 1); + wolfSSL_i2c_ASN1_INTEGER(a, &pp); + pp--; + AssertIntEQ(*(pp--), 56); + AssertIntEQ(*pp, 255); + + XFREE(tpp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + wolfSSL_ASN1_INTEGER_free(a); + + printf(resultFmt, passed); +#endif /* OPENSSL_EXTRA */ +} /*----------------------------------------------------------------------------* | Main *----------------------------------------------------------------------------*/ @@ -18612,6 +19622,7 @@ void ApiTest(void) test_wolfSSL_PKCS12(); test_wolfSSL_PKCS8(); test_wolfSSL_PKCS5(); + test_wolfSSL_URI(); /*OCSP Stapling. */ AssertIntEQ(test_wolfSSL_UseOCSPStapling(), WOLFSSL_SUCCESS); @@ -18625,6 +19636,7 @@ void ApiTest(void) test_wolfSSL_DES(); test_wolfSSL_certs(); test_wolfSSL_ASN1_TIME_print(); + test_wolfSSL_ASN1_GENERALIZEDTIME_free(); test_wolfSSL_private_keys(); test_wolfSSL_PEM_PrivateKey(); test_wolfSSL_PEM_RSAPrivateKey(); @@ -18641,6 +19653,7 @@ void ApiTest(void) test_wolfSSL_X509_LOOKUP_load_file(); test_wolfSSL_X509_NID(); test_wolfSSL_X509_STORE_CTX_set_time(); + test_wolfSSL_X509_STORE(); test_wolfSSL_BN(); test_wolfSSL_PEM_read_bio(); test_wolfSSL_BIO(); @@ -18668,6 +19681,7 @@ void ApiTest(void) test_wolfSSL_sk_GENERAL_NAME(); test_wolfSSL_MD4(); test_wolfSSL_RSA(); + test_wolfSSL_RSA_DER(); test_wolfSSL_verify_depth(); test_wolfSSL_HMAC_CTX(); test_wolfSSL_msg_callback(); @@ -18676,6 +19690,12 @@ void ApiTest(void) test_wolfSSL_AES_ecb_encrypt(); test_wolfSSL_SHA256(); test_wolfSSL_X509_get_serialNumber(); + test_wolfSSL_X509_CRL(); + test_wolfSSL_OPENSSL_add_all_algorithms(); + test_wolfSSL_ASN1_STRING_print_ex(); + test_wolfSSL_ASN1_TIME_to_generalizedtime(); + test_wolfSSL_i2c_ASN1_INTEGER(); + test_wolfSSL_X509_check_ca(); /* test the no op functions for compatibility */ test_no_op_functions(); @@ -18727,6 +19747,7 @@ void ApiTest(void) AssertFalse(test_wc_InitSha224()); AssertFalse(test_wc_Sha224Update()); AssertFalse(test_wc_Sha224Final()); + AssertFalse(test_wc_InitBlake2b()); AssertFalse(test_wc_InitRipeMd()); AssertFalse(test_wc_RipeMdUpdate()); AssertFalse(test_wc_RipeMdFinal()); @@ -18758,6 +19779,8 @@ void ApiTest(void) AssertFalse(test_wc_Sha384HmacUpdate()); AssertFalse(test_wc_Sha384HmacFinal()); + AssertIntEQ(test_wc_HashInit(), 0); + AssertIntEQ(test_wc_InitCmac(), 0); AssertIntEQ(test_wc_CmacUpdate(), 0); AssertIntEQ(test_wc_CmacFinal(), 0); @@ -18774,6 +19797,7 @@ void ApiTest(void) AssertIntEQ(test_wc_Chacha_SetKey(), 0); AssertIntEQ(test_wc_Chacha_Process(), 0); AssertIntEQ(test_wc_ChaCha20Poly1305_aead(), 0); + AssertIntEQ(test_wc_Poly1305SetKey(), 0); AssertIntEQ(test_wc_CamelliaSetKey(), 0); AssertIntEQ(test_wc_CamelliaSetIV(), 0); @@ -18802,6 +19826,7 @@ void ApiTest(void) AssertIntEQ(test_wc_MakeRsaKey(), 0); AssertIntEQ(test_wc_SetKeyUsage (), 0); + AssertIntEQ(test_wc_RsaKeyToDer(), 0); AssertIntEQ(test_wc_RsaKeyToPublicDer(), 0); AssertIntEQ(test_wc_RsaPublicEncryptDecrypt(), 0); @@ -18822,6 +19847,8 @@ void ApiTest(void) AssertIntEQ(test_wc_DsaImportParamsRaw(), 0); AssertIntEQ(test_wc_DsaExportParamsRaw(), 0); AssertIntEQ(test_wc_DsaExportKeyRaw(), 0); + AssertIntEQ(test_wc_SignatureGetSize_ecc(), 0); + AssertIntEQ(test_wc_SignatureGetSize_rsa(), 0); #ifdef OPENSSL_EXTRA /*wolfSSS_EVP_get_cipherbynid test*/ @@ -18842,6 +19869,8 @@ void ApiTest(void) AssertIntEQ(test_wc_ed25519_size(), 0); AssertIntEQ(test_wc_ed25519_exportKey(), 0); + AssertIntEQ(test_wc_curve25519_init(), 0); + AssertIntEQ(test_wc_ecc_make_key(), 0); AssertIntEQ(test_wc_ecc_init(), 0); AssertIntEQ(test_wc_ecc_check_key(), 0); @@ -18875,7 +19904,7 @@ void ApiTest(void) test_wc_PKCS7_VerifySignedData(); test_wc_PKCS7_EncodeDecodeEnvelopedData(); test_wc_PKCS7_EncodeEncryptedData(); - + printf(" End API Tests\n"); } diff --git a/tests/include.am b/tests/include.am index 91100e49a..9c7aa09ca 100644 --- a/tests/include.am +++ b/tests/include.am @@ -21,8 +21,11 @@ endif EXTRA_DIST += tests/unit.h EXTRA_DIST += tests/test.conf \ tests/test-tls13.conf \ + tests/test-tls13-down.conf \ tests/test-tls13-ecc.conf \ + tests/test-tls13-psk.conf \ tests/test-qsh.conf \ + tests/test-psk.conf \ tests/test-psk-no-id.conf \ tests/test-dtls.conf \ tests/test-sctp.conf \ diff --git a/tests/suites.c b/tests/suites.c index f6ef5b06b..16bf850ce 100644 --- a/tests/suites.c +++ b/tests/suites.c @@ -576,7 +576,7 @@ int SuiteTest(void) (void)test_harness; - cipherSuiteCtx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()); + cipherSuiteCtx = wolfSSL_CTX_new(wolfSSLv23_client_method()); if (cipherSuiteCtx == NULL) { printf("can't get cipher suite ctx\n"); exit(EXIT_FAILURE); @@ -634,6 +634,16 @@ int SuiteTest(void) exit(EXIT_FAILURE); } #endif + #ifndef WOLFSSL_NO_TLS12 + /* add TLSv13 downgrade tets */ + strcpy(argv0[1], "tests/test-tls13-down.conf"); + printf("starting TLSv13 Downgrade extra tests\n"); + test_harness(&args); + if (args.return_code != 0) { + printf("error from script %d\n", args.return_code); + exit(EXIT_FAILURE); + } + #endif #endif #if defined(HAVE_CURVE25519) && defined(HAVE_ED25519) /* add ED25519 certificate cipher suite tests */ @@ -692,15 +702,30 @@ int SuiteTest(void) } #endif #ifndef NO_PSK + #ifndef WOLFSSL_NO_TLS12 + #if !defined(NO_RSA) || defined(HAVE_ECC) + /* add psk cipher suites */ + strcpy(argv0[1], "tests/test-psk.conf"); + printf("starting psk cipher suite tests\n"); + test_harness(&args); + if (args.return_code != 0) { + printf("error from script %d\n", args.return_code); + args.return_code = EXIT_FAILURE; + goto exit; + } + #endif + #endif + #ifdef WOLFSSL_TLS13 /* add psk extra suites */ - strcpy(argv0[1], "tests/test-psk-no-id.conf"); - printf("starting psk no identity extra cipher suite tests\n"); + strcpy(argv0[1], "tests/test-tls13-psk.conf"); + printf("starting TLS 1.3 psk no identity extra cipher suite tests\n"); test_harness(&args); if (args.return_code != 0) { printf("error from script %d\n", args.return_code); args.return_code = EXIT_FAILURE; goto exit; } + #endif #endif #if defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_DES3) /* test encrypted keys */ diff --git a/tests/test-ed25519.conf b/tests/test-ed25519.conf index cc68ba2d7..e13c67b18 100644 --- a/tests/test-ed25519.conf +++ b/tests/test-ed25519.conf @@ -10,21 +10,22 @@ -A ./certs/ed25519/root-ed25519.pem -C -# Enable when CRL for ED25519 certificates available. # server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 -#-v 3 -#-l ECDHE-ECDSA-AES128-GCM-SHA256 -#-c ./certs/ed25519/server-ed25519.pem -#-k ./certs/ed25519/server-ed25519-key.pem -#-A ./certs/ed25519/client-ed25519.pem +-v 3 +-l ECDHE-ECDSA-AES128-GCM-SHA256 +-c ./certs/ed25519/server-ed25519.pem +-k ./certs/ed25519/server-ed25519-key.pem +-A ./certs/ed25519/client-ed25519.pem +-V +# Remove -V when CRL for ED25519 certificates available. # client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 -#-v 3 -#-l ECDHE-ECDSA-AES128-GCM-SHA256 -#-c ./certs/ed25519/client-ed25519.pem -#-k ./certs/ed25519/client-ed25519-key.pem -#-A ./certs/ed25519/root-ed25519.pem -#-C +-v 3 +-l ECDHE-ECDSA-AES128-GCM-SHA256 +-c ./certs/ed25519/client-ed25519.pem +-k ./certs/ed25519/client-ed25519-key.pem +-A ./certs/ed25519/root-ed25519.pem +-C # server TLSv1.3 TLS13-AES128-GCM-SHA256 -v 4 @@ -40,16 +41,19 @@ # Enable when CRL for ED25519 certificates available. # server TLSv1.3 TLS13-AES128-GCM-SHA256 -#-v 4 -#-l TLS13-AES128-GCM-SHA256 -#-c ./certs/ed25519/server-ed25519.pem -#-k ./certs/ed25519/server-ed25519-key.pem -#-A ./certs/ed25519/client-ed25519.pem +-v 4 +-l TLS13-AES128-GCM-SHA256 +-c ./certs/ed25519/server-ed25519.pem +-k ./certs/ed25519/server-ed25519-key.pem +-A ./certs/ed25519/client-ed25519.pem +-V +# Remove -V when CRL for ED25519 certificates available. # client TLSv1.3 TLS13-AES128-GCM-SHA256 -#-v 4 -#-l TLS13-AES128-GCM-SHA256 -#-c ./certs/ed25519/client-ed25519.pem -#-k ./certs/ed25519/client-ed25519-key.pem -#-A ./certs/ed25519/root-ed25519.pem -#-C +-v 4 +-l TLS13-AES128-GCM-SHA256 +-c ./certs/ed25519/client-ed25519.pem +-k ./certs/ed25519/client-ed25519-key.pem +-A ./certs/ed25519/root-ed25519.pem +-C + diff --git a/tests/test-fails.conf b/tests/test-fails.conf index 3c78cc038..32fd0c0e1 100644 --- a/tests/test-fails.conf +++ b/tests/test-fails.conf @@ -13,6 +13,21 @@ -m -x +# server nomatch common name +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-k ./certs/test/server-nomatch.key +-c ./certs/test/server-nomatch.pem +-d + +# client nomatch common name +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-h localhost +-A ./certs/test/server-nomatch.pem +-m +-x + # server RSA no signer error -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 diff --git a/tests/test-psk.conf b/tests/test-psk.conf new file mode 100644 index 000000000..f4f11b298 --- /dev/null +++ b/tests/test-psk.conf @@ -0,0 +1,7 @@ +# server - PSK plus certificates +-j +-l PSK-CHACHA20-POLY1305 + +# client- standard PSK +-s +-l PSK-CHACHA20-POLY1305 diff --git a/tests/test-tls13-down.conf b/tests/test-tls13-down.conf new file mode 100644 index 000000000..b52910e67 --- /dev/null +++ b/tests/test-tls13-down.conf @@ -0,0 +1,43 @@ +# server TLSv1.3 downgrade +-v d +-l TLS13-CHACHA20-POLY1305-SHA256 + +# client TLSv1.2 +-v 3 + +# server TLSv1.2 +-v 3 + +# client TLSv1.3 downgrade +-v d + +# server TLSv1.3 downgrade +-v d + +# client TLSv1.3 downgrade +-v d + +# server TLSv1.3 downgrade but don't and resume +-v d +-r + +# client TLSv1.3 downgrade but don't and resume +-v d +-r + +# server TLSv1.3 downgrade and resume +-v d +-r + +# client TLSv1.2 and resume +-v 3 +-r + +# server TLSv1.2 and resume +-v d +-r + +# lcient TLSv1.3 downgrade and resume +-v 3 +-r + diff --git a/tests/test-tls13-psk.conf b/tests/test-tls13-psk.conf new file mode 100644 index 000000000..b8b7e2607 --- /dev/null +++ b/tests/test-tls13-psk.conf @@ -0,0 +1,31 @@ +# server TLSv1.3 PSK +-v 4 +-s +-l TLS13-AES128-GCM-SHA256 +-d + +# client TLSv1.3 PSK +-v 4 +-s +-l TLS13-AES128-GCM-SHA256 + +# server TLSv1.3 PSK +-v 4 +-j +-l TLS13-AES128-GCM-SHA256 +-d + +# client TLSv1.3 PSK +-v 4 +-s +-l TLS13-AES128-GCM-SHA256 + +# server TLSv1.3 PSK +-v 4 +-j +-l TLS13-AES128-GCM-SHA256 +-d + +# client TLSv1.3 not-PSK +-v 4 +-l TLS13-AES128-GCM-SHA256 diff --git a/tests/test-tls13.conf b/tests/test-tls13.conf index 8233626d9..5e07ad3fe 100644 --- a/tests/test-tls13.conf +++ b/tests/test-tls13.conf @@ -38,6 +38,37 @@ -v 4 -l TLS13-AES128-CCM-8-SHA256 +# server TLSv1.3 resumption +-v 4 +-l TLS13-AES128-GCM-SHA256 +-r + +# client TLSv1.3 resumption +-v 4 +-l TLS13-AES128-GCM-SHA256 +-r + +# server TLSv1.3 resumption - SHA384 +-v 4 +-l TLS13-AES256-GCM-SHA384 +-r + +# client TLSv1.3 resumption - SHA384 +-v 4 +-l TLS13-AES256-GCM-SHA384 +-r + +# server TLSv1.3 PSK without (EC)DHE +-v 4 +-l TLS13-AES128-GCM-SHA256 +-r + +# client TLSv1.3 PSK without (EC)DHE +-v 4 +-l TLS13-AES128-GCM-SHA256 +-r +-K + # server TLSv1.3 accepting EarlyData -v 4 -l TLS13-AES128-GCM-SHA256 @@ -71,3 +102,94 @@ -v 4 -l TLS13-AES128-GCM-SHA256 -r + +# server TLSv1.3 +-v 4 +-l TLS13-AES128-GCM-SHA256 + +# client TLSv1.3 Fragments +-v 4 +-l TLS13-AES128-GCM-SHA256 +-F 1 + +# server TLSv1.3 +-v 4 +-l TLS13-AES128-GCM-SHA256 + +# client TLSv1.3 HelloRetryRequest to negotiate Key Exchange algorithm +-v 4 +-l TLS13-AES128-GCM-SHA256 +-J + +# server TLSv1.3 +-v 4 +-l TLS13-AES128-GCM-SHA256 +-J + +# client TLSv1.3 HelloRetryRequest with cookie +-v 4 +-l TLS13-AES128-GCM-SHA256 +-J + +# server TLSv1.3 +-v 4 +-l TLS13-AES128-GCM-SHA256 + +# client TLSv1.3 no client certificate +-v 4 +-l TLS13-AES128-GCM-SHA256 +-x + +# server TLSv1.3 +-v 4 +-l TLS13-AES128-GCM-SHA256 + +# client TLSv1.3 DH key exchange +-v 4 +-l TLS13-AES128-GCM-SHA256 +-y + +# server TLSv1.3 +-v 4 +-l TLS13-AES128-GCM-SHA256 + +# client TLSv1.3 ECC key exchange +-v 4 +-l TLS13-AES128-GCM-SHA256 +-Y + +# server TLSv1.3 +-v 4 +-l TLS13-AES128-GCM-SHA256 + +# client TLSv1.3 ECC key exchange +-v 4 +-l TLS13-AES128-GCM-SHA256 +-Y + +# server TLSv1.3 multiple cipher suites +-v 4 +-l TLS13-AES128-GCM-SHA256:TLS13-AES256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES128-CCM-SHA256:TLS13-AES128-CCM-8-SHA256 + +# client TLSv1.3 +-v 4 + +# server TLSv1.3 KeyUpdate +-v 4 +-l TLS13-AES128-GCM-SHA256 +-U + +# client TLSv1.3 KeyUpdate +-v 4 +-l TLS13-AES128-GCM-SHA256 +-I + +# server TLSv1.3 Post-Handshake Authentication +-v 4 +-l TLS13-AES128-GCM-SHA256 +-Q + +# client TLSv1.3 Post-Handshake Authentication +-v 4 +-l TLS13-AES128-GCM-SHA256 +-Q diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index 827293b83..2e63ea841 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -3711,7 +3711,7 @@ while (0) -#define _VAR(a) ""#a"" +#define _VAR(a) "" #a "" #define VAR(a) _VAR(a) #define HR %%xmm14 @@ -3739,12 +3739,12 @@ while (0) "aesenc %%xmm12, %%xmm10\n\t" \ "aesenc %%xmm12, %%xmm11\n\t" -#define AESENC_SET(o) \ - "movdqa "#o"(%[KEY]), %%xmm12\n\t" \ +#define AESENC_SET(o) \ + "movdqa " #o "(%[KEY]), %%xmm12\n\t" \ AESENC() #define AESENC_CTR() \ - "movdqu "VAR(CTR1)", %%xmm4\n\t" \ + "movdqu " VAR(CTR1) ", %%xmm4\n\t" \ "movdqa %[BSWAP_EPI64], %%xmm1\n\t" \ "movdqu %%xmm4, %%xmm0\n\t" \ "pshufb %%xmm1, %%xmm4\n\t" \ @@ -3771,241 +3771,241 @@ while (0) "pshufb %%xmm1, %%xmm11\n\t" \ "paddd %[EIGHT], %%xmm0\n\t" -#define AESENC_XOR() \ - "movdqa (%[KEY]), %%xmm12\n\t" \ - "movdqu %%xmm0, "VAR(CTR1)"\n\t" \ - "pxor %%xmm12, %%xmm4\n\t" \ - "pxor %%xmm12, %%xmm5\n\t" \ - "pxor %%xmm12, %%xmm6\n\t" \ - "pxor %%xmm12, %%xmm7\n\t" \ - "pxor %%xmm12, %%xmm8\n\t" \ - "pxor %%xmm12, %%xmm9\n\t" \ - "pxor %%xmm12, %%xmm10\n\t" \ +#define AESENC_XOR() \ + "movdqa (%[KEY]), %%xmm12\n\t" \ + "movdqu %%xmm0, " VAR(CTR1) "\n\t" \ + "pxor %%xmm12, %%xmm4\n\t" \ + "pxor %%xmm12, %%xmm5\n\t" \ + "pxor %%xmm12, %%xmm6\n\t" \ + "pxor %%xmm12, %%xmm7\n\t" \ + "pxor %%xmm12, %%xmm8\n\t" \ + "pxor %%xmm12, %%xmm9\n\t" \ + "pxor %%xmm12, %%xmm10\n\t" \ "pxor %%xmm12, %%xmm11\n\t" /* Encrypt and carry-less multiply for AVX1. */ -#define AESENC_PCLMUL_1(src, o1, o2, o3) \ - "movdqu "#o3"("VAR(HTR)"), %%xmm12\n\t" \ - "movdqu "#o2"("#src"), %%xmm0\n\t" \ - "aesenc "#o1"(%[KEY]), %%xmm4\n\t" \ - "pshufb %[BSWAP_MASK], %%xmm0\n\t" \ - "pxor %%xmm2, %%xmm0\n\t" \ - "pshufd $0x4e, %%xmm12, %%xmm1\n\t" \ - "pshufd $0x4e, %%xmm0, %%xmm14\n\t" \ - "pxor %%xmm12, %%xmm1\n\t" \ - "pxor %%xmm0, %%xmm14\n\t" \ - "movdqa %%xmm0, %%xmm3\n\t" \ - "pclmulqdq $0x11, %%xmm12, %%xmm3\n\t" \ - "aesenc "#o1"(%[KEY]), %%xmm5\n\t" \ - "aesenc "#o1"(%[KEY]), %%xmm6\n\t" \ - "movdqa %%xmm0, %%xmm2\n\t" \ - "pclmulqdq $0x00, %%xmm12, %%xmm2\n\t" \ - "aesenc "#o1"(%[KEY]), %%xmm7\n\t" \ - "aesenc "#o1"(%[KEY]), %%xmm8\n\t" \ - "pclmulqdq $0x00, %%xmm14, %%xmm1\n\t" \ - "aesenc "#o1"(%[KEY]), %%xmm9\n\t" \ - "aesenc "#o1"(%[KEY]), %%xmm10\n\t" \ - "aesenc "#o1"(%[KEY]), %%xmm11\n\t" \ - "pxor %%xmm2, %%xmm1\n\t" \ - "pxor %%xmm3, %%xmm1\n\t" \ +#define AESENC_PCLMUL_1(src, o1, o2, o3) \ + "movdqu " #o3 "(" VAR(HTR) "), %%xmm12\n\t" \ + "movdqu " #o2 "(" #src "), %%xmm0\n\t" \ + "aesenc " #o1 "(%[KEY]), %%xmm4\n\t" \ + "pshufb %[BSWAP_MASK], %%xmm0\n\t" \ + "pxor %%xmm2, %%xmm0\n\t" \ + "pshufd $0x4e, %%xmm12, %%xmm1\n\t" \ + "pshufd $0x4e, %%xmm0, %%xmm14\n\t" \ + "pxor %%xmm12, %%xmm1\n\t" \ + "pxor %%xmm0, %%xmm14\n\t" \ + "movdqa %%xmm0, %%xmm3\n\t" \ + "pclmulqdq $0x11, %%xmm12, %%xmm3\n\t" \ + "aesenc " #o1 "(%[KEY]), %%xmm5\n\t" \ + "aesenc " #o1 "(%[KEY]), %%xmm6\n\t" \ + "movdqa %%xmm0, %%xmm2\n\t" \ + "pclmulqdq $0x00, %%xmm12, %%xmm2\n\t" \ + "aesenc " #o1 "(%[KEY]), %%xmm7\n\t" \ + "aesenc " #o1 "(%[KEY]), %%xmm8\n\t" \ + "pclmulqdq $0x00, %%xmm14, %%xmm1\n\t" \ + "aesenc " #o1 "(%[KEY]), %%xmm9\n\t" \ + "aesenc " #o1 "(%[KEY]), %%xmm10\n\t" \ + "aesenc " #o1 "(%[KEY]), %%xmm11\n\t" \ + "pxor %%xmm2, %%xmm1\n\t" \ + "pxor %%xmm3, %%xmm1\n\t" \ -#define AESENC_PCLMUL_N(src, o1, o2, o3) \ - "movdqu "#o3"("VAR(HTR)"), %%xmm12\n\t" \ - "movdqu "#o2"("#src"), %%xmm0\n\t" \ - "pshufd $0x4e, %%xmm12, %%xmm13\n\t" \ - "pshufb %[BSWAP_MASK], %%xmm0\n\t" \ - "aesenc "#o1"(%[KEY]), %%xmm4\n\t" \ - "pxor %%xmm12, %%xmm13\n\t" \ - "pshufd $0x4e, %%xmm0, %%xmm14\n\t" \ - "pxor %%xmm0, %%xmm14\n\t" \ - "movdqa %%xmm0, %%xmm15\n\t" \ - "pclmulqdq $0x11, %%xmm12, %%xmm15\n\t" \ - "aesenc "#o1"(%[KEY]), %%xmm5\n\t" \ - "aesenc "#o1"(%[KEY]), %%xmm6\n\t" \ - "pclmulqdq $0x00, %%xmm0, %%xmm12\n\t" \ - "aesenc "#o1"(%[KEY]), %%xmm7\n\t" \ - "aesenc "#o1"(%[KEY]), %%xmm8\n\t" \ - "pclmulqdq $0x00, %%xmm14, %%xmm13\n\t" \ - "aesenc "#o1"(%[KEY]), %%xmm9\n\t" \ - "aesenc "#o1"(%[KEY]), %%xmm10\n\t" \ - "aesenc "#o1"(%[KEY]), %%xmm11\n\t" \ - "pxor %%xmm12, %%xmm1\n\t" \ - "pxor %%xmm12, %%xmm2\n\t" \ - "pxor %%xmm15, %%xmm1\n\t" \ - "pxor %%xmm15, %%xmm3\n\t" \ - "pxor %%xmm13, %%xmm1\n\t" \ +#define AESENC_PCLMUL_N(src, o1, o2, o3) \ + "movdqu " #o3 "(" VAR(HTR) "), %%xmm12\n\t" \ + "movdqu " #o2 "(" #src" ), %%xmm0\n\t" \ + "pshufd $0x4e, %%xmm12, %%xmm13\n\t" \ + "pshufb %[BSWAP_MASK], %%xmm0\n\t" \ + "aesenc " #o1 "(%[KEY]), %%xmm4\n\t" \ + "pxor %%xmm12, %%xmm13\n\t" \ + "pshufd $0x4e, %%xmm0, %%xmm14\n\t" \ + "pxor %%xmm0, %%xmm14\n\t" \ + "movdqa %%xmm0, %%xmm15\n\t" \ + "pclmulqdq $0x11, %%xmm12, %%xmm15\n\t" \ + "aesenc " #o1 "(%[KEY]), %%xmm5\n\t" \ + "aesenc " #o1 "(%[KEY]), %%xmm6\n\t" \ + "pclmulqdq $0x00, %%xmm0, %%xmm12\n\t" \ + "aesenc " #o1 "(%[KEY]), %%xmm7\n\t" \ + "aesenc " #o1 "(%[KEY]), %%xmm8\n\t" \ + "pclmulqdq $0x00, %%xmm14, %%xmm13\n\t" \ + "aesenc " #o1 "(%[KEY]), %%xmm9\n\t" \ + "aesenc " #o1 "(%[KEY]), %%xmm10\n\t" \ + "aesenc " #o1 "(%[KEY]), %%xmm11\n\t" \ + "pxor %%xmm12, %%xmm1\n\t" \ + "pxor %%xmm12, %%xmm2\n\t" \ + "pxor %%xmm15, %%xmm1\n\t" \ + "pxor %%xmm15, %%xmm3\n\t" \ + "pxor %%xmm13, %%xmm1\n\t" \ -#define AESENC_PCLMUL_L(o) \ - "movdqa %%xmm1, %%xmm14\n\t" \ - "psrldq $8, %%xmm1\n\t" \ - "pslldq $8, %%xmm14\n\t" \ - "aesenc "#o"(%[KEY]), %%xmm4\n\t" \ - "pxor %%xmm14, %%xmm2\n\t" \ - "pxor %%xmm1, %%xmm3\n\t" \ - "movdqa %%xmm2, %%xmm12\n\t" \ - "movdqa %%xmm2, %%xmm13\n\t" \ - "movdqa %%xmm2, %%xmm14\n\t" \ - "aesenc "#o"(%[KEY]), %%xmm5\n\t" \ - "pslld $31, %%xmm12\n\t" \ - "pslld $30, %%xmm13\n\t" \ - "pslld $25, %%xmm14\n\t" \ - "aesenc "#o"(%[KEY]), %%xmm6\n\t" \ - "pxor %%xmm13, %%xmm12\n\t" \ - "pxor %%xmm14, %%xmm12\n\t" \ - "aesenc "#o"(%[KEY]), %%xmm7\n\t" \ - "movdqa %%xmm12, %%xmm13\n\t" \ - "pslldq $12, %%xmm12\n\t" \ - "psrldq $4, %%xmm13\n\t" \ - "aesenc "#o"(%[KEY]), %%xmm8\n\t" \ - "pxor %%xmm12, %%xmm2\n\t" \ - "movdqa %%xmm2, %%xmm14\n\t" \ - "movdqa %%xmm2, %%xmm1\n\t" \ - "movdqa %%xmm2, %%xmm0\n\t" \ - "aesenc "#o"(%[KEY]), %%xmm9\n\t" \ - "psrld $1, %%xmm14\n\t" \ - "psrld $2, %%xmm1\n\t" \ - "psrld $7, %%xmm0\n\t" \ - "aesenc "#o"(%[KEY]), %%xmm10\n\t" \ - "pxor %%xmm1, %%xmm14\n\t" \ - "pxor %%xmm0, %%xmm14\n\t" \ - "aesenc "#o"(%[KEY]), %%xmm11\n\t" \ - "pxor %%xmm13, %%xmm14\n\t" \ - "pxor %%xmm14, %%xmm2\n\t" \ - "pxor %%xmm3, %%xmm2\n\t" \ +#define AESENC_PCLMUL_L(o) \ + "movdqa %%xmm1, %%xmm14\n\t" \ + "psrldq $8, %%xmm1\n\t" \ + "pslldq $8, %%xmm14\n\t" \ + "aesenc " #o "(%[KEY]), %%xmm4\n\t" \ + "pxor %%xmm14, %%xmm2\n\t" \ + "pxor %%xmm1, %%xmm3\n\t" \ + "movdqa %%xmm2, %%xmm12\n\t" \ + "movdqa %%xmm2, %%xmm13\n\t" \ + "movdqa %%xmm2, %%xmm14\n\t" \ + "aesenc " #o "(%[KEY]), %%xmm5\n\t" \ + "pslld $31, %%xmm12\n\t" \ + "pslld $30, %%xmm13\n\t" \ + "pslld $25, %%xmm14\n\t" \ + "aesenc " #o "(%[KEY]), %%xmm6\n\t" \ + "pxor %%xmm13, %%xmm12\n\t" \ + "pxor %%xmm14, %%xmm12\n\t" \ + "aesenc " #o "(%[KEY]), %%xmm7\n\t" \ + "movdqa %%xmm12, %%xmm13\n\t" \ + "pslldq $12, %%xmm12\n\t" \ + "psrldq $4, %%xmm13\n\t" \ + "aesenc " #o "(%[KEY]), %%xmm8\n\t" \ + "pxor %%xmm12, %%xmm2\n\t" \ + "movdqa %%xmm2, %%xmm14\n\t" \ + "movdqa %%xmm2, %%xmm1\n\t" \ + "movdqa %%xmm2, %%xmm0\n\t" \ + "aesenc " #o "(%[KEY]), %%xmm9\n\t" \ + "psrld $1, %%xmm14\n\t" \ + "psrld $2, %%xmm1\n\t" \ + "psrld $7, %%xmm0\n\t" \ + "aesenc " #o "(%[KEY]), %%xmm10\n\t" \ + "pxor %%xmm1, %%xmm14\n\t" \ + "pxor %%xmm0, %%xmm14\n\t" \ + "aesenc " #o "(%[KEY]), %%xmm11\n\t" \ + "pxor %%xmm13, %%xmm14\n\t" \ + "pxor %%xmm14, %%xmm2\n\t" \ + "pxor %%xmm3, %%xmm2\n\t" \ /* Encrypt and carry-less multiply with last key. */ -#define AESENC_LAST(in, out) \ - "aesenclast %%xmm12, %%xmm4\n\t" \ - "aesenclast %%xmm12, %%xmm5\n\t" \ - "movdqu ("#in"),%%xmm0\n\t" \ - "movdqu 16("#in"),%%xmm1\n\t" \ - "pxor %%xmm0, %%xmm4\n\t" \ - "pxor %%xmm1, %%xmm5\n\t" \ - "movdqu %%xmm4, ("#out")\n\t" \ - "movdqu %%xmm5, 16("#out")\n\t" \ - "aesenclast %%xmm12, %%xmm6\n\t" \ - "aesenclast %%xmm12, %%xmm7\n\t" \ - "movdqu 32("#in"),%%xmm0\n\t" \ - "movdqu 48("#in"),%%xmm1\n\t" \ - "pxor %%xmm0, %%xmm6\n\t" \ - "pxor %%xmm1, %%xmm7\n\t" \ - "movdqu %%xmm6, 32("#out")\n\t" \ - "movdqu %%xmm7, 48("#out")\n\t" \ - "aesenclast %%xmm12, %%xmm8\n\t" \ - "aesenclast %%xmm12, %%xmm9\n\t" \ - "movdqu 64("#in"),%%xmm0\n\t" \ - "movdqu 80("#in"),%%xmm1\n\t" \ - "pxor %%xmm0, %%xmm8\n\t" \ - "pxor %%xmm1, %%xmm9\n\t" \ - "movdqu %%xmm8, 64("#out")\n\t" \ - "movdqu %%xmm9, 80("#out")\n\t" \ - "aesenclast %%xmm12, %%xmm10\n\t" \ - "aesenclast %%xmm12, %%xmm11\n\t" \ - "movdqu 96("#in"),%%xmm0\n\t" \ - "movdqu 112("#in"),%%xmm1\n\t" \ - "pxor %%xmm0, %%xmm10\n\t" \ - "pxor %%xmm1, %%xmm11\n\t" \ - "movdqu %%xmm10, 96("#out")\n\t" \ - "movdqu %%xmm11, 112("#out")\n\t" +#define AESENC_LAST(in, out) \ + "aesenclast %%xmm12, %%xmm4\n\t" \ + "aesenclast %%xmm12, %%xmm5\n\t" \ + "movdqu (" #in "),%%xmm0\n\t" \ + "movdqu 16(" #in "),%%xmm1\n\t" \ + "pxor %%xmm0, %%xmm4\n\t" \ + "pxor %%xmm1, %%xmm5\n\t" \ + "movdqu %%xmm4, (" #out ")\n\t" \ + "movdqu %%xmm5, 16(" #out ")\n\t" \ + "aesenclast %%xmm12, %%xmm6\n\t" \ + "aesenclast %%xmm12, %%xmm7\n\t" \ + "movdqu 32(" #in "),%%xmm0\n\t" \ + "movdqu 48(" #in "),%%xmm1\n\t" \ + "pxor %%xmm0, %%xmm6\n\t" \ + "pxor %%xmm1, %%xmm7\n\t" \ + "movdqu %%xmm6, 32(" #out ")\n\t" \ + "movdqu %%xmm7, 48(" #out ")\n\t" \ + "aesenclast %%xmm12, %%xmm8\n\t" \ + "aesenclast %%xmm12, %%xmm9\n\t" \ + "movdqu 64(" #in "),%%xmm0\n\t" \ + "movdqu 80(" #in "),%%xmm1\n\t" \ + "pxor %%xmm0, %%xmm8\n\t" \ + "pxor %%xmm1, %%xmm9\n\t" \ + "movdqu %%xmm8, 64(" #out ")\n\t" \ + "movdqu %%xmm9, 80(" #out ")\n\t" \ + "aesenclast %%xmm12, %%xmm10\n\t" \ + "aesenclast %%xmm12, %%xmm11\n\t" \ + "movdqu 96(" #in "),%%xmm0\n\t" \ + "movdqu 112(" #in "),%%xmm1\n\t" \ + "pxor %%xmm0, %%xmm10\n\t" \ + "pxor %%xmm1, %%xmm11\n\t" \ + "movdqu %%xmm10, 96(" #out ")\n\t" \ + "movdqu %%xmm11, 112(" #out ")\n\t" #define _AESENC_AVX(r) \ - "aesenc 16(%[KEY]), "#r"\n\t" \ - "aesenc 32(%[KEY]), "#r"\n\t" \ - "aesenc 48(%[KEY]), "#r"\n\t" \ - "aesenc 64(%[KEY]), "#r"\n\t" \ - "aesenc 80(%[KEY]), "#r"\n\t" \ - "aesenc 96(%[KEY]), "#r"\n\t" \ - "aesenc 112(%[KEY]), "#r"\n\t" \ - "aesenc 128(%[KEY]), "#r"\n\t" \ - "aesenc 144(%[KEY]), "#r"\n\t" \ + "aesenc 16(%[KEY]), " #r "\n\t" \ + "aesenc 32(%[KEY]), " #r "\n\t" \ + "aesenc 48(%[KEY]), " #r "\n\t" \ + "aesenc 64(%[KEY]), " #r "\n\t" \ + "aesenc 80(%[KEY]), " #r "\n\t" \ + "aesenc 96(%[KEY]), " #r "\n\t" \ + "aesenc 112(%[KEY]), " #r "\n\t" \ + "aesenc 128(%[KEY]), " #r "\n\t" \ + "aesenc 144(%[KEY]), " #r "\n\t" \ "cmpl $11, %[nr]\n\t" \ "movdqa 160(%[KEY]), %%xmm5\n\t" \ "jl %=f\n\t" \ - "aesenc %%xmm5, "#r"\n\t" \ - "aesenc 176(%[KEY]), "#r"\n\t" \ + "aesenc %%xmm5, " #r "\n\t" \ + "aesenc 176(%[KEY]), " #r "\n\t" \ "cmpl $13, %[nr]\n\t" \ "movdqa 192(%[KEY]), %%xmm5\n\t" \ "jl %=f\n\t" \ - "aesenc %%xmm5, "#r"\n\t" \ - "aesenc 208(%[KEY]), "#r"\n\t" \ + "aesenc %%xmm5, " #r "\n\t" \ + "aesenc 208(%[KEY]), " #r "\n\t" \ "movdqa 224(%[KEY]), %%xmm5\n\t" \ "%=:\n\t" \ - "aesenclast %%xmm5, "#r"\n\t" + "aesenclast %%xmm5, " #r "\n\t" #define AESENC_AVX(r) \ _AESENC_AVX(r) #define AESENC_BLOCK(in, out) \ - "movdqu "VAR(CTR1)", %%xmm4\n\t" \ + "movdqu " VAR(CTR1) ", %%xmm4\n\t" \ "movdqu %%xmm4, %%xmm5\n\t" \ "pshufb %[BSWAP_EPI64], %%xmm4\n\t" \ "paddd %[ONE], %%xmm5\n\t" \ "pxor (%[KEY]), %%xmm4\n\t" \ - "movdqu %%xmm5, "VAR(CTR1)"\n\t" \ + "movdqu %%xmm5, " VAR(CTR1) "\n\t" \ AESENC_AVX(%%xmm4) \ - "movdqu ("#in"), %%xmm5\n\t" \ + "movdqu (" #in "), %%xmm5\n\t" \ "pxor %%xmm5, %%xmm4\n\t" \ - "movdqu %%xmm4, ("#out")\n\t" \ + "movdqu %%xmm4, (" #out ")\n\t" \ "pshufb %[BSWAP_MASK], %%xmm4\n\t" \ - "pxor %%xmm4, "VAR(XR)"\n\t" + "pxor %%xmm4, " VAR(XR) "\n\t" -#define _AESENC_GFMUL(in, out, H, X) \ - "movdqu "VAR(CTR1)", %%xmm4\n\t" \ - "movdqu %%xmm4, %%xmm5\n\t" \ - "pshufb %[BSWAP_EPI64], %%xmm4\n\t" \ - "paddd %[ONE], %%xmm5\n\t" \ - "pxor (%[KEY]), %%xmm4\n\t" \ - "movdqu %%xmm5, "VAR(CTR1)"\n\t" \ - "movdqa "#X", %%xmm6\n\t" \ - "pclmulqdq $0x10, "#H", %%xmm6\n\t" \ - "aesenc 16(%[KEY]), %%xmm4\n\t" \ - "aesenc 32(%[KEY]), %%xmm4\n\t" \ - "movdqa "#X", %%xmm7\n\t" \ - "pclmulqdq $0x01, "#H", %%xmm7\n\t" \ - "aesenc 48(%[KEY]), %%xmm4\n\t" \ - "aesenc 64(%[KEY]), %%xmm4\n\t" \ - "movdqa "#X", %%xmm8\n\t" \ - "pclmulqdq $0x00, "#H", %%xmm8\n\t" \ - "aesenc 80(%[KEY]), %%xmm4\n\t" \ - "movdqa "#X", %%xmm1\n\t" \ - "pclmulqdq $0x11, "#H", %%xmm1\n\t" \ - "aesenc 96(%[KEY]), %%xmm4\n\t" \ - "pxor %%xmm7, %%xmm6\n\t" \ - "movdqa %%xmm6, %%xmm2\n\t" \ - "psrldq $8, %%xmm6\n\t" \ - "pslldq $8, %%xmm2\n\t" \ - "aesenc 112(%[KEY]), %%xmm4\n\t" \ - "movdqa %%xmm1, %%xmm3\n\t" \ - "pxor %%xmm8, %%xmm2\n\t" \ - "pxor %%xmm6, %%xmm3\n\t" \ - "movdqa %[MOD2_128], %%xmm0\n\t" \ - "movdqa %%xmm2, %%xmm7\n\t" \ - "pclmulqdq $0x10, %%xmm0, %%xmm7\n\t" \ - "aesenc 128(%[KEY]), %%xmm4\n\t" \ - "pshufd $0x4e, %%xmm2, %%xmm6\n\t" \ - "pxor %%xmm7, %%xmm6\n\t" \ - "movdqa %%xmm6, %%xmm7\n\t" \ - "pclmulqdq $0x10, %%xmm0, %%xmm7\n\t" \ - "aesenc 144(%[KEY]), %%xmm4\n\t" \ - "pshufd $0x4e, %%xmm6, "VAR(XR)"\n\t" \ - "pxor %%xmm7, "VAR(XR)"\n\t" \ - "pxor %%xmm3, "VAR(XR)"\n\t" \ - "cmpl $11, %[nr]\n\t" \ - "movdqu 160(%[KEY]), %%xmm5\n\t" \ - "jl %=f\n\t" \ - "aesenc %%xmm5, %%xmm4\n\t" \ - "aesenc 176(%[KEY]), %%xmm4\n\t" \ - "cmpl $13, %[nr]\n\t" \ - "movdqu 192(%[KEY]), %%xmm5\n\t" \ - "jl %=f\n\t" \ - "aesenc %%xmm5, %%xmm4\n\t" \ - "aesenc 208(%[KEY]), %%xmm4\n\t" \ - "movdqa 224(%[KEY]), %%xmm5\n\t" \ - "%=:\n\t" \ - "aesenclast %%xmm5, %%xmm4\n\t" \ - "movdqu ("#in"), %%xmm5\n\t" \ - "pxor %%xmm5, %%xmm4\n\t" \ - "movdqu %%xmm4, ("#out")\n\t" -#define AESENC_GFMUL(in, out, H, X) \ +#define _AESENC_GFMUL(in, out, H, X) \ + "movdqu " VAR(CTR1) ", %%xmm4\n\t" \ + "movdqu %%xmm4, %%xmm5\n\t" \ + "pshufb %[BSWAP_EPI64], %%xmm4\n\t" \ + "paddd %[ONE], %%xmm5\n\t" \ + "pxor (%[KEY]), %%xmm4\n\t" \ + "movdqu %%xmm5, " VAR(CTR1) "\n\t" \ + "movdqa " #X ", %%xmm6\n\t" \ + "pclmulqdq $0x10, " #H ", %%xmm6\n\t" \ + "aesenc 16(%[KEY]), %%xmm4\n\t" \ + "aesenc 32(%[KEY]), %%xmm4\n\t" \ + "movdqa " #X ", %%xmm7\n\t" \ + "pclmulqdq $0x01, " #H ", %%xmm7\n\t" \ + "aesenc 48(%[KEY]), %%xmm4\n\t" \ + "aesenc 64(%[KEY]), %%xmm4\n\t" \ + "movdqa " #X ", %%xmm8\n\t" \ + "pclmulqdq $0x00, " #H ", %%xmm8\n\t" \ + "aesenc 80(%[KEY]), %%xmm4\n\t" \ + "movdqa " #X ", %%xmm1\n\t" \ + "pclmulqdq $0x11, " #H ", %%xmm1\n\t" \ + "aesenc 96(%[KEY]), %%xmm4\n\t" \ + "pxor %%xmm7, %%xmm6\n\t" \ + "movdqa %%xmm6, %%xmm2\n\t" \ + "psrldq $8, %%xmm6\n\t" \ + "pslldq $8, %%xmm2\n\t" \ + "aesenc 112(%[KEY]), %%xmm4\n\t" \ + "movdqa %%xmm1, %%xmm3\n\t" \ + "pxor %%xmm8, %%xmm2\n\t" \ + "pxor %%xmm6, %%xmm3\n\t" \ + "movdqa %[MOD2_128], %%xmm0\n\t" \ + "movdqa %%xmm2, %%xmm7\n\t" \ + "pclmulqdq $0x10, %%xmm0, %%xmm7\n\t" \ + "aesenc 128(%[KEY]), %%xmm4\n\t" \ + "pshufd $0x4e, %%xmm2, %%xmm6\n\t" \ + "pxor %%xmm7, %%xmm6\n\t" \ + "movdqa %%xmm6, %%xmm7\n\t" \ + "pclmulqdq $0x10, %%xmm0, %%xmm7\n\t" \ + "aesenc 144(%[KEY]), %%xmm4\n\t" \ + "pshufd $0x4e, %%xmm6, " VAR(XR) "\n\t" \ + "pxor %%xmm7, " VAR(XR) "\n\t" \ + "pxor %%xmm3, " VAR(XR) "\n\t" \ + "cmpl $11, %[nr]\n\t" \ + "movdqu 160(%[KEY]), %%xmm5\n\t" \ + "jl %=f\n\t" \ + "aesenc %%xmm5, %%xmm4\n\t" \ + "aesenc 176(%[KEY]), %%xmm4\n\t" \ + "cmpl $13, %[nr]\n\t" \ + "movdqu 192(%[KEY]), %%xmm5\n\t" \ + "jl %=f\n\t" \ + "aesenc %%xmm5, %%xmm4\n\t" \ + "aesenc 208(%[KEY]), %%xmm4\n\t" \ + "movdqa 224(%[KEY]), %%xmm5\n\t" \ + "%=:\n\t" \ + "aesenclast %%xmm5, %%xmm4\n\t" \ + "movdqu (" #in "), %%xmm5\n\t" \ + "pxor %%xmm5, %%xmm4\n\t" \ + "movdqu %%xmm4, (" #out ")\n\t" +#define AESENC_GFMUL(in, out, H, X) \ _AESENC_GFMUL(in, out, H, X) #define _GHASH_GFMUL_AVX(r, r2, a, b) \ @@ -4022,11 +4022,11 @@ while (0) "pxor %%xmm3, %%xmm1\n\t" \ "movdqa %%xmm1, %%xmm2\n\t" \ "movdqa %%xmm0, "#r2"\n\t" \ - "movdqa %%xmm3, "#r"\n\t" \ + "movdqa %%xmm3, " #r "\n\t" \ "pslldq $8, %%xmm2\n\t" \ "psrldq $8, %%xmm1\n\t" \ "pxor %%xmm2, "#r2"\n\t" \ - "pxor %%xmm1, "#r"\n\t" + "pxor %%xmm1, " #r "\n\t" #define GHASH_GFMUL_AVX(r, r2, a, b) \ _GHASH_GFMUL_AVX(r, r2, a, b) @@ -4044,28 +4044,28 @@ while (0) "pxor %%xmm3, %%xmm1\n\t" \ "movdqa %%xmm1, %%xmm2\n\t" \ "pxor %%xmm0, "#r2"\n\t" \ - "pxor %%xmm3, "#r"\n\t" \ + "pxor %%xmm3, " #r "\n\t" \ "pslldq $8, %%xmm2\n\t" \ "psrldq $8, %%xmm1\n\t" \ "pxor %%xmm2, "#r2"\n\t" \ - "pxor %%xmm1, "#r"\n\t" + "pxor %%xmm1, " #r "\n\t" #define GHASH_GFMUL_XOR_AVX(r, r2, a, b) \ _GHASH_GFMUL_XOR_AVX(r, r2, a, b) #define GHASH_MID_AVX(r, r2) \ "movdqa "#r2", %%xmm0\n\t" \ - "movdqa "#r", %%xmm1\n\t" \ + "movdqa " #r ", %%xmm1\n\t" \ "psrld $31, %%xmm0\n\t" \ "psrld $31, %%xmm1\n\t" \ "pslld $1, "#r2"\n\t" \ - "pslld $1, "#r"\n\t" \ + "pslld $1, " #r "\n\t" \ "movdqa %%xmm0, %%xmm2\n\t" \ "pslldq $4, %%xmm0\n\t" \ "psrldq $12, %%xmm2\n\t" \ "pslldq $4, %%xmm1\n\t" \ - "por %%xmm2, "#r"\n\t" \ + "por %%xmm2, " #r "\n\t" \ "por %%xmm0, "#r2"\n\t" \ - "por %%xmm1, "#r"\n\t" + "por %%xmm1, " #r "\n\t" #define _GHASH_GFMUL_RED_AVX(r, a, b) \ "pshufd $0x4e, "#a", %%xmm5\n\t" \ @@ -4080,11 +4080,11 @@ while (0) "pxor %%xmm4, %%xmm5\n\t" \ "pxor %%xmm7, %%xmm5\n\t" \ "movdqa %%xmm5, %%xmm6\n\t" \ - "movdqa %%xmm7, "#r"\n\t" \ + "movdqa %%xmm7, " #r "\n\t" \ "pslldq $8, %%xmm6\n\t" \ "psrldq $8, %%xmm5\n\t" \ "pxor %%xmm6, %%xmm4\n\t" \ - "pxor %%xmm5, "#r"\n\t" \ + "pxor %%xmm5, " #r "\n\t" \ "movdqa %%xmm4, %%xmm8\n\t" \ "movdqa %%xmm4, %%xmm9\n\t" \ "movdqa %%xmm4, %%xmm10\n\t" \ @@ -4107,7 +4107,7 @@ while (0) "pxor %%xmm5, %%xmm10\n\t" \ "pxor %%xmm9, %%xmm10\n\t" \ "pxor %%xmm4, %%xmm10\n\t" \ - "pxor %%xmm10, "#r"\n\t" + "pxor %%xmm10, " #r "\n\t" #define GHASH_GFMUL_RED_AVX(r, a, b) \ _GHASH_GFMUL_RED_AVX(r, a, b) @@ -4134,7 +4134,7 @@ while (0) "pxor %%xmm0, %%xmm2\n\t" \ "pxor %%xmm1, %%xmm2\n\t" \ "pxor "#r2", %%xmm2\n\t" \ - "pxor %%xmm2, "#r"\n\t" + "pxor %%xmm2, " #r "\n\t" #define GHASH_GFMUL_RED_XOR_AVX(r, r2, a, b) \ GHASH_GFMUL_XOR_AVX(r, r2, a, b) \ @@ -4154,65 +4154,65 @@ while (0) "pinsrd $3, %%ecx, %%xmm13\n\t" \ "# H = Encrypt X(=0) and T = Encrypt counter\n\t" \ "movdqu %%xmm13, %%xmm1\n\t" \ - "movdqa 0(%[KEY]), "VAR(HR)"\n\t" \ - "pxor "VAR(HR)", %%xmm1\n\t" \ + "movdqa 0(%[KEY]), " VAR(HR) "\n\t" \ + "pxor " VAR(HR) ", %%xmm1\n\t" \ "movdqa 16(%[KEY]), %%xmm12\n\t" \ - "aesenc %%xmm12, "VAR(HR)"\n\t" \ + "aesenc %%xmm12, " VAR(HR) "\n\t" \ "aesenc %%xmm12, %%xmm1\n\t" \ "movdqa 32(%[KEY]), %%xmm12\n\t" \ - "aesenc %%xmm12, "VAR(HR)"\n\t" \ + "aesenc %%xmm12, " VAR(HR) "\n\t" \ "aesenc %%xmm12, %%xmm1\n\t" \ "movdqa 48(%[KEY]), %%xmm12\n\t" \ - "aesenc %%xmm12, "VAR(HR)"\n\t" \ + "aesenc %%xmm12, " VAR(HR) "\n\t" \ "aesenc %%xmm12, %%xmm1\n\t" \ "movdqa 64(%[KEY]), %%xmm12\n\t" \ - "aesenc %%xmm12, "VAR(HR)"\n\t" \ + "aesenc %%xmm12, " VAR(HR) "\n\t" \ "aesenc %%xmm12, %%xmm1\n\t" \ "movdqa 80(%[KEY]), %%xmm12\n\t" \ - "aesenc %%xmm12, "VAR(HR)"\n\t" \ + "aesenc %%xmm12, " VAR(HR) "\n\t" \ "aesenc %%xmm12, %%xmm1\n\t" \ "movdqa 96(%[KEY]), %%xmm12\n\t" \ - "aesenc %%xmm12, "VAR(HR)"\n\t" \ + "aesenc %%xmm12, " VAR(HR) "\n\t" \ "aesenc %%xmm12, %%xmm1\n\t" \ "movdqa 112(%[KEY]), %%xmm12\n\t" \ - "aesenc %%xmm12, "VAR(HR)"\n\t" \ + "aesenc %%xmm12, " VAR(HR) "\n\t" \ "aesenc %%xmm12, %%xmm1\n\t" \ "movdqa 128(%[KEY]), %%xmm12\n\t" \ - "aesenc %%xmm12, "VAR(HR)"\n\t" \ + "aesenc %%xmm12, " VAR(HR) "\n\t" \ "aesenc %%xmm12, %%xmm1\n\t" \ "movdqa 144(%[KEY]), %%xmm12\n\t" \ - "aesenc %%xmm12, "VAR(HR)"\n\t" \ + "aesenc %%xmm12, " VAR(HR) "\n\t" \ "aesenc %%xmm12, %%xmm1\n\t" \ "cmpl $11, %[nr]\n\t" \ "movdqa 160(%[KEY]), %%xmm12\n\t" \ "jl 31f\n\t" \ - "aesenc %%xmm12, "VAR(HR)"\n\t" \ + "aesenc %%xmm12, " VAR(HR) "\n\t" \ "aesenc %%xmm12, %%xmm1\n\t" \ "movdqa 176(%[KEY]), %%xmm12\n\t" \ - "aesenc %%xmm12, "VAR(HR)"\n\t" \ + "aesenc %%xmm12, " VAR(HR) "\n\t" \ "aesenc %%xmm12, %%xmm1\n\t" \ "cmpl $13, %[nr]\n\t" \ "movdqa 192(%[KEY]), %%xmm12\n\t" \ "jl 31f\n\t" \ - "aesenc %%xmm12, "VAR(HR)"\n\t" \ + "aesenc %%xmm12, " VAR(HR) "\n\t" \ "aesenc %%xmm12, %%xmm1\n\t" \ "movdqu 208(%[KEY]), %%xmm12\n\t" \ - "aesenc %%xmm12, "VAR(HR)"\n\t" \ + "aesenc %%xmm12, " VAR(HR) "\n\t" \ "aesenc %%xmm12, %%xmm1\n\t" \ "movdqu 224(%[KEY]), %%xmm12\n\t" \ "31:\n\t" \ - "aesenclast %%xmm12, "VAR(HR)"\n\t" \ + "aesenclast %%xmm12, " VAR(HR) "\n\t" \ "aesenclast %%xmm12, %%xmm1\n\t" \ - "pshufb %[BSWAP_MASK], "VAR(HR)"\n\t" \ - "movdqu %%xmm1, "VAR(TR)"\n\t" \ + "pshufb %[BSWAP_MASK], " VAR(HR) "\n\t" \ + "movdqu %%xmm1, " VAR(TR) "\n\t" \ "jmp 39f\n\t" #define CALC_IV() \ "# Calculate values when IV is not 12 bytes\n\t" \ "# H = Encrypt X(=0)\n\t" \ - "movdqa 0(%[KEY]), "VAR(HR)"\n\t" \ + "movdqa 0(%[KEY]), " VAR(HR) "\n\t" \ AESENC_AVX(HR) \ - "pshufb %[BSWAP_MASK], "VAR(HR)"\n\t" \ + "pshufb %[BSWAP_MASK], " VAR(HR) "\n\t" \ "# Calc counter\n\t" \ "# Initialization vector\n\t" \ "cmpl $0, %%edx\n\t" \ @@ -4264,7 +4264,7 @@ while (0) "movdqa 0(%[KEY]), %%xmm4\n\t" \ "pxor %%xmm13, %%xmm4\n\t" \ AESENC_AVX(%%xmm4) \ - "movdqu %%xmm4, "VAR(TR)"\n\t" + "movdqu %%xmm4, " VAR(TR) "\n\t" #define CALC_AAD() \ "# Additional authentication data\n\t" \ @@ -4280,7 +4280,7 @@ while (0) "23:\n\t" \ "movdqu (%%rax,%%rcx,1), %%xmm4\n\t" \ "pshufb %[BSWAP_MASK], %%xmm4\n\t" \ - "pxor %%xmm4, "VAR(XR)"\n\t" \ + "pxor %%xmm4, " VAR(XR) "\n\t" \ GHASH_FULL_AVX(XR, %%xmm12, XR, HR) \ "addl $16, %%ecx\n\t" \ "cmpl %%edx, %%ecx\n\t" \ @@ -4304,148 +4304,148 @@ while (0) "movdqu (%%rsp), %%xmm4\n\t" \ "addq $16, %%rsp\n\t" \ "pshufb %[BSWAP_MASK], %%xmm4\n\t" \ - "pxor %%xmm4, "VAR(XR)"\n\t" \ + "pxor %%xmm4, " VAR(XR) "\n\t" \ GHASH_FULL_AVX(XR, %%xmm12, XR, HR) \ "\n" \ "25:\n\t" -#define CALC_HT_8_AVX() \ - "movdqa "VAR(XR)", %%xmm2\n\t" \ - "# H ^ 1\n\t" \ - "movdqu "VAR(HR)", 0("VAR(HTR)")\n\t" \ - "# H ^ 2\n\t" \ - GHASH_GFMUL_RED_AVX(%%xmm0, HR, HR) \ - "movdqu %%xmm0 , 16("VAR(HTR)")\n\t" \ - "# H ^ 3\n\t" \ - GHASH_GFMUL_RED_AVX(%%xmm1, HR, %%xmm0) \ - "movdqu %%xmm1 , 32("VAR(HTR)")\n\t" \ - "# H ^ 4\n\t" \ - GHASH_GFMUL_RED_AVX(%%xmm3, %%xmm0, %%xmm0) \ - "movdqu %%xmm3 , 48("VAR(HTR)")\n\t" \ - "# H ^ 5\n\t" \ - GHASH_GFMUL_RED_AVX(%%xmm12, %%xmm0, %%xmm1) \ - "movdqu %%xmm12, 64("VAR(HTR)")\n\t" \ - "# H ^ 6\n\t" \ - GHASH_GFMUL_RED_AVX(%%xmm12, %%xmm1, %%xmm1) \ - "movdqu %%xmm12, 80("VAR(HTR)")\n\t" \ - "# H ^ 7\n\t" \ - GHASH_GFMUL_RED_AVX(%%xmm12, %%xmm1, %%xmm3) \ - "movdqu %%xmm12, 96("VAR(HTR)")\n\t" \ - "# H ^ 8\n\t" \ - GHASH_GFMUL_RED_AVX(%%xmm12, %%xmm3, %%xmm3) \ - "movdqu %%xmm12, 112("VAR(HTR)")\n\t" +#define CALC_HT_8_AVX() \ + "movdqa " VAR(XR) ", %%xmm2\n\t" \ + "# H ^ 1\n\t" \ + "movdqu " VAR(HR) ", 0(" VAR(HTR) ")\n\t" \ + "# H ^ 2\n\t" \ + GHASH_GFMUL_RED_AVX(%%xmm0, HR, HR) \ + "movdqu %%xmm0 , 16(" VAR(HTR) ")\n\t" \ + "# H ^ 3\n\t" \ + GHASH_GFMUL_RED_AVX(%%xmm1, HR, %%xmm0) \ + "movdqu %%xmm1 , 32(" VAR(HTR) ")\n\t" \ + "# H ^ 4\n\t" \ + GHASH_GFMUL_RED_AVX(%%xmm3, %%xmm0, %%xmm0) \ + "movdqu %%xmm3 , 48(" VAR(HTR) ")\n\t" \ + "# H ^ 5\n\t" \ + GHASH_GFMUL_RED_AVX(%%xmm12, %%xmm0, %%xmm1) \ + "movdqu %%xmm12, 64(" VAR(HTR) ")\n\t" \ + "# H ^ 6\n\t" \ + GHASH_GFMUL_RED_AVX(%%xmm12, %%xmm1, %%xmm1) \ + "movdqu %%xmm12, 80(" VAR(HTR) ")\n\t" \ + "# H ^ 7\n\t" \ + GHASH_GFMUL_RED_AVX(%%xmm12, %%xmm1, %%xmm3) \ + "movdqu %%xmm12, 96(" VAR(HTR) ")\n\t" \ + "# H ^ 8\n\t" \ + GHASH_GFMUL_RED_AVX(%%xmm12, %%xmm3, %%xmm3) \ + "movdqu %%xmm12, 112(" VAR(HTR) ")\n\t" -#define AESENC_128_GHASH_AVX(src, o) \ - "leaq (%[in],"VAR(KR64)",1), %%rcx\n\t" \ - "leaq (%[out],"VAR(KR64)",1), %%rdx\n\t" \ - /* src is either %%rcx or %%rdx */ \ - AESENC_CTR() \ - AESENC_XOR() \ - AESENC_PCLMUL_1(src, 16, o-128, 112) \ - AESENC_PCLMUL_N(src, 32, o-112, 96) \ - AESENC_PCLMUL_N(src, 48, o -96, 80) \ - AESENC_PCLMUL_N(src, 64, o -80, 64) \ - AESENC_PCLMUL_N(src, 80, o -64, 48) \ - AESENC_PCLMUL_N(src, 96, o -48, 32) \ - AESENC_PCLMUL_N(src, 112, o -32, 16) \ - AESENC_PCLMUL_N(src, 128, o -16, 0) \ - AESENC_PCLMUL_L(144) \ - "cmpl $11, %[nr]\n\t" \ - "movdqa 160(%[KEY]), %%xmm12\n\t" \ - "jl 4f\n\t" \ - AESENC() \ - AESENC_SET(176) \ - "cmpl $13, %[nr]\n\t" \ - "movdqa 192(%[KEY]), %%xmm12\n\t" \ - "jl 4f\n\t" \ - AESENC() \ - AESENC_SET(208) \ - "movdqa 224(%[KEY]), %%xmm12\n\t" \ - "\n" \ -"4:\n\t" \ +#define AESENC_128_GHASH_AVX(src, o) \ + "leaq (%[in]," VAR(KR64) ",1), %%rcx\n\t" \ + "leaq (%[out]," VAR(KR64) ",1), %%rdx\n\t" \ + /* src is either %%rcx or %%rdx */ \ + AESENC_CTR() \ + AESENC_XOR() \ + AESENC_PCLMUL_1(src, 16, o-128, 112) \ + AESENC_PCLMUL_N(src, 32, o-112, 96) \ + AESENC_PCLMUL_N(src, 48, o -96, 80) \ + AESENC_PCLMUL_N(src, 64, o -80, 64) \ + AESENC_PCLMUL_N(src, 80, o -64, 48) \ + AESENC_PCLMUL_N(src, 96, o -48, 32) \ + AESENC_PCLMUL_N(src, 112, o -32, 16) \ + AESENC_PCLMUL_N(src, 128, o -16, 0) \ + AESENC_PCLMUL_L(144) \ + "cmpl $11, %[nr]\n\t" \ + "movdqa 160(%[KEY]), %%xmm12\n\t" \ + "jl 4f\n\t" \ + AESENC() \ + AESENC_SET(176) \ + "cmpl $13, %[nr]\n\t" \ + "movdqa 192(%[KEY]), %%xmm12\n\t" \ + "jl 4f\n\t" \ + AESENC() \ + AESENC_SET(208) \ + "movdqa 224(%[KEY]), %%xmm12\n\t" \ + "\n" \ +"4:\n\t" \ AESENC_LAST(%%rcx, %%rdx) -#define AESENC_LAST15_ENC_AVX() \ - "movl %[nbytes], %%ecx\n\t" \ - "movl %%ecx, %%edx\n\t" \ - "andl $0x0f, %%ecx\n\t" \ - "jz 55f\n\t" \ - "movdqu "VAR(CTR1)", %%xmm13\n\t" \ - "pshufb %[BSWAP_EPI64], %%xmm13\n\t" \ - "pxor 0(%[KEY]), %%xmm13\n\t" \ - AESENC_AVX(%%xmm13) \ - "subq $16, %%rsp\n\t" \ - "xorl %%ecx, %%ecx\n\t" \ - "movdqu %%xmm13, (%%rsp)\n\t" \ - "\n" \ - "51:\n\t" \ - "movzbl (%[in],"VAR(KR64)",1), %%r13d\n\t" \ - "xorb (%%rsp,%%rcx,1), %%r13b\n\t" \ - "movb %%r13b, (%[out],"VAR(KR64)",1)\n\t" \ - "movb %%r13b, (%%rsp,%%rcx,1)\n\t" \ - "incl "VAR(KR)"\n\t" \ - "incl %%ecx\n\t" \ - "cmpl %%edx, "VAR(KR)"\n\t" \ - "jl 51b\n\t" \ - "xorq %%r13, %%r13\n\t" \ - "cmpl $16, %%ecx\n\t" \ - "je 53f\n\t" \ - "\n" \ - "52:\n\t" \ - "movb %%r13b, (%%rsp,%%rcx,1)\n\t" \ - "incl %%ecx\n\t" \ - "cmpl $16, %%ecx\n\t" \ - "jl 52b\n\t" \ - "53:\n\t" \ - "movdqu (%%rsp), %%xmm13\n\t" \ - "addq $16, %%rsp\n\t" \ - "pshufb %[BSWAP_MASK], %%xmm13\n\t" \ - "pxor %%xmm13, "VAR(XR)"\n\t" \ - GHASH_GFMUL_RED_AVX(XR, HR, XR) \ +#define AESENC_LAST15_ENC_AVX() \ + "movl %[nbytes], %%ecx\n\t" \ + "movl %%ecx, %%edx\n\t" \ + "andl $0x0f, %%ecx\n\t" \ + "jz 55f\n\t" \ + "movdqu " VAR(CTR1) ", %%xmm13\n\t" \ + "pshufb %[BSWAP_EPI64], %%xmm13\n\t" \ + "pxor 0(%[KEY]), %%xmm13\n\t" \ + AESENC_AVX(%%xmm13) \ + "subq $16, %%rsp\n\t" \ + "xorl %%ecx, %%ecx\n\t" \ + "movdqu %%xmm13, (%%rsp)\n\t" \ + "\n" \ + "51:\n\t" \ + "movzbl (%[in]," VAR(KR64) ",1), %%r13d\n\t" \ + "xorb (%%rsp,%%rcx,1), %%r13b\n\t" \ + "movb %%r13b, (%[out]," VAR(KR64) ",1)\n\t" \ + "movb %%r13b, (%%rsp,%%rcx,1)\n\t" \ + "incl " VAR(KR) "\n\t" \ + "incl %%ecx\n\t" \ + "cmpl %%edx, " VAR(KR) "\n\t" \ + "jl 51b\n\t" \ + "xorq %%r13, %%r13\n\t" \ + "cmpl $16, %%ecx\n\t" \ + "je 53f\n\t" \ + "\n" \ + "52:\n\t" \ + "movb %%r13b, (%%rsp,%%rcx,1)\n\t" \ + "incl %%ecx\n\t" \ + "cmpl $16, %%ecx\n\t" \ + "jl 52b\n\t" \ + "53:\n\t" \ + "movdqu (%%rsp), %%xmm13\n\t" \ + "addq $16, %%rsp\n\t" \ + "pshufb %[BSWAP_MASK], %%xmm13\n\t" \ + "pxor %%xmm13, " VAR(XR) "\n\t" \ + GHASH_GFMUL_RED_AVX(XR, HR, XR) \ -#define AESENC_LAST15_DEC_AVX() \ - "movl %[nbytes], %%ecx\n\t" \ - "movl %%ecx, %%edx\n\t" \ - "andl $0x0f, %%ecx\n\t" \ - "jz 55f\n\t" \ - "movdqu "VAR(CTR1)", %%xmm13\n\t" \ - "pshufb %[BSWAP_EPI64], %%xmm13\n\t" \ - "pxor 0(%[KEY]), %%xmm13\n\t" \ - AESENC_AVX(%%xmm13) \ - "subq $32, %%rsp\n\t" \ - "xorl %%ecx, %%ecx\n\t" \ - "movdqu %%xmm13, (%%rsp)\n\t" \ - "pxor %%xmm0, %%xmm0\n\t" \ - "movdqu %%xmm0, 16(%%rsp)\n\t" \ - "\n" \ - "51:\n\t" \ - "movzbl (%[in],"VAR(KR64)",1), %%r13d\n\t" \ - "movb %%r13b, 16(%%rsp,%%rcx,1)\n\t" \ - "xorb (%%rsp,%%rcx,1), %%r13b\n\t" \ - "movb %%r13b, (%[out],"VAR(KR64)",1)\n\t" \ - "incl "VAR(KR)"\n\t" \ - "incl %%ecx\n\t" \ - "cmpl %%edx, "VAR(KR)"\n\t" \ - "jl 51b\n\t" \ - "53:\n\t" \ - "movdqu 16(%%rsp), %%xmm13\n\t" \ - "addq $32, %%rsp\n\t" \ - "pshufb %[BSWAP_MASK], %%xmm13\n\t" \ - "pxor %%xmm13, "VAR(XR)"\n\t" \ - GHASH_GFMUL_RED_AVX(XR, HR, XR) \ +#define AESENC_LAST15_DEC_AVX() \ + "movl %[nbytes], %%ecx\n\t" \ + "movl %%ecx, %%edx\n\t" \ + "andl $0x0f, %%ecx\n\t" \ + "jz 55f\n\t" \ + "movdqu " VAR(CTR1) ", %%xmm13\n\t" \ + "pshufb %[BSWAP_EPI64], %%xmm13\n\t" \ + "pxor 0(%[KEY]), %%xmm13\n\t" \ + AESENC_AVX(%%xmm13) \ + "subq $32, %%rsp\n\t" \ + "xorl %%ecx, %%ecx\n\t" \ + "movdqu %%xmm13, (%%rsp)\n\t" \ + "pxor %%xmm0, %%xmm0\n\t" \ + "movdqu %%xmm0, 16(%%rsp)\n\t" \ + "\n" \ + "51:\n\t" \ + "movzbl (%[in]," VAR(KR64) ",1), %%r13d\n\t" \ + "movb %%r13b, 16(%%rsp,%%rcx,1)\n\t" \ + "xorb (%%rsp,%%rcx,1), %%r13b\n\t" \ + "movb %%r13b, (%[out]," VAR(KR64) ",1)\n\t" \ + "incl " VAR(KR) "\n\t" \ + "incl %%ecx\n\t" \ + "cmpl %%edx, " VAR(KR) "\n\t" \ + "jl 51b\n\t" \ + "53:\n\t" \ + "movdqu 16(%%rsp), %%xmm13\n\t" \ + "addq $32, %%rsp\n\t" \ + "pshufb %[BSWAP_MASK], %%xmm13\n\t" \ + "pxor %%xmm13, " VAR(XR) "\n\t" \ + GHASH_GFMUL_RED_AVX(XR, HR, XR) \ -#define CALC_TAG() \ - "movl %[nbytes], %%edx\n\t" \ - "movl %[abytes], %%ecx\n\t" \ - "shlq $3, %%rdx\n\t" \ - "shlq $3, %%rcx\n\t" \ - "pinsrq $0, %%rdx, %%xmm0\n\t" \ - "pinsrq $1, %%rcx, %%xmm0\n\t" \ - "pxor %%xmm0, "VAR(XR)"\n\t" \ - GHASH_GFMUL_RED_AVX(XR, HR, XR) \ - "pshufb %[BSWAP_MASK], "VAR(XR)"\n\t" \ - "movdqu "VAR(TR)", %%xmm0\n\t" \ - "pxor "VAR(XR)", %%xmm0\n\t" \ +#define CALC_TAG() \ + "movl %[nbytes], %%edx\n\t" \ + "movl %[abytes], %%ecx\n\t" \ + "shlq $3, %%rdx\n\t" \ + "shlq $3, %%rcx\n\t" \ + "pinsrq $0, %%rdx, %%xmm0\n\t" \ + "pinsrq $1, %%rcx, %%xmm0\n\t" \ + "pxor %%xmm0, " VAR(XR) "\n\t" \ + GHASH_GFMUL_RED_AVX(XR, HR, XR) \ + "pshufb %[BSWAP_MASK], " VAR(XR) "\n\t" \ + "movdqu " VAR(TR) ", %%xmm0\n\t" \ + "pxor " VAR(XR) ", %%xmm0\n\t" \ #define STORE_TAG() \ "cmpl $16, %[tbytes]\n\t" \ @@ -4509,10 +4509,10 @@ static void AES_GCM_encrypt(const unsigned char *in, unsigned char *out, register unsigned int ivLen asm("ebx") = ibytes; __asm__ __volatile__ ( - "subq $"VAR(STACK_OFFSET)", %%rsp\n\t" + "subq $" VAR(STACK_OFFSET) ", %%rsp\n\t" /* Counter is xmm13 */ "pxor %%xmm13, %%xmm13\n\t" - "pxor "VAR(XR)", "VAR(XR)"\n\t" + "pxor " VAR(XR) ", " VAR(XR) "\n\t" "movl %[ibytes], %%edx\n\t" "cmpl $12, %%edx\n\t" "jne 35f\n\t" @@ -4527,20 +4527,20 @@ static void AES_GCM_encrypt(const unsigned char *in, unsigned char *out, "# Calculate counter and H\n\t" "pshufb %[BSWAP_EPI64], %%xmm13\n\t" - "movdqa "VAR(HR)", %%xmm5\n\t" + "movdqa " VAR(HR) ", %%xmm5\n\t" "paddd %[ONE], %%xmm13\n\t" - "movdqa "VAR(HR)", %%xmm4\n\t" - "movdqu %%xmm13, "VAR(CTR1)"\n\t" + "movdqa " VAR(HR) ", %%xmm4\n\t" + "movdqu %%xmm13, " VAR(CTR1) "\n\t" "psrlq $63, %%xmm5\n\t" "psllq $1, %%xmm4\n\t" "pslldq $8, %%xmm5\n\t" "por %%xmm5, %%xmm4\n\t" - "pshufd $0xff, "VAR(HR)", "VAR(HR)"\n\t" - "psrad $31, "VAR(HR)"\n\t" - "pand %[MOD2_128], "VAR(HR)"\n\t" - "pxor %%xmm4, "VAR(HR)"\n\t" + "pshufd $0xff, " VAR(HR) ", " VAR(HR) "\n\t" + "psrad $31, " VAR(HR) "\n\t" + "pand %[MOD2_128], " VAR(HR) "\n\t" + "pxor %%xmm4, " VAR(HR) "\n\t" - "xorl "VAR(KR)", "VAR(KR)"\n\t" + "xorl " VAR(KR) ", " VAR(KR) "\n\t" #if !defined(AES_GCM_AESNI_NO_UNROLL) && !defined(AES_GCM_AVX1_NO_UNROLL) "cmpl $128, %[nbytes]\n\t" @@ -4578,15 +4578,15 @@ static void AES_GCM_encrypt(const unsigned char *in, unsigned char *out, AESENC_LAST(%[in], %[out]) "cmpl $128, %%r13d\n\t" - "movl $128, "VAR(KR)"\n\t" + "movl $128, " VAR(KR) "\n\t" "jle 2f\n\t" "# More 128 bytes of input\n\t" "\n" "3:\n\t" AESENC_128_GHASH_AVX(%%rdx, 0) - "addl $128, "VAR(KR)"\n\t" - "cmpl %%r13d, "VAR(KR)"\n\t" + "addl $128, " VAR(KR) "\n\t" + "cmpl %%r13d, " VAR(KR) "\n\t" "jl 3b\n\t" "\n" "2:\n\t" @@ -4601,51 +4601,51 @@ static void AES_GCM_encrypt(const unsigned char *in, unsigned char *out, "pshufb %%xmm13, %%xmm10\n\t" "pshufb %%xmm13, %%xmm11\n\t" - "movdqu 112("VAR(HTR)"), %%xmm12\n\t" + "movdqu 112(" VAR(HTR) "), %%xmm12\n\t" GHASH_GFMUL_AVX(XR, %%xmm13, %%xmm4, %%xmm12) - "movdqu 96("VAR(HTR)"), %%xmm12\n\t" + "movdqu 96(" VAR(HTR) "), %%xmm12\n\t" GHASH_GFMUL_XOR_AVX(XR, %%xmm13, %%xmm5, %%xmm12) - "movdqu 80("VAR(HTR)"), %%xmm12\n\t" + "movdqu 80(" VAR(HTR) "), %%xmm12\n\t" GHASH_GFMUL_XOR_AVX(XR, %%xmm13, %%xmm6, %%xmm12) - "movdqu 64("VAR(HTR)"), %%xmm12\n\t" + "movdqu 64(" VAR(HTR) "), %%xmm12\n\t" GHASH_GFMUL_XOR_AVX(XR, %%xmm13, %%xmm7, %%xmm12) - "movdqu 48("VAR(HTR)"), %%xmm12\n\t" + "movdqu 48(" VAR(HTR) "), %%xmm12\n\t" GHASH_GFMUL_XOR_AVX(XR, %%xmm13, %%xmm8, %%xmm12) - "movdqu 32("VAR(HTR)"), %%xmm12\n\t" + "movdqu 32(" VAR(HTR) "), %%xmm12\n\t" GHASH_GFMUL_XOR_AVX(XR, %%xmm13, %%xmm9, %%xmm12) - "movdqu 16("VAR(HTR)"), %%xmm12\n\t" + "movdqu 16(" VAR(HTR) "), %%xmm12\n\t" GHASH_GFMUL_XOR_AVX(XR, %%xmm13, %%xmm10, %%xmm12) - "movdqu ("VAR(HTR)"), %%xmm12\n\t" + "movdqu (" VAR(HTR) "), %%xmm12\n\t" GHASH_GFMUL_RED_XOR_AVX(XR, %%xmm13, %%xmm11, %%xmm12) - "movdqu 0("VAR(HTR)"), "VAR(HR)"\n\t" + "movdqu 0(" VAR(HTR) "), " VAR(HR) "\n\t" "\n" "5:\n\t" "movl %[nbytes], %%edx\n\t" - "cmpl %%edx, "VAR(KR)"\n\t" + "cmpl %%edx, " VAR(KR) "\n\t" "jge 55f\n\t" #endif "movl %[nbytes], %%r13d\n\t" "andl $0xfffffff0, %%r13d\n\t" - "cmpl %%r13d, "VAR(KR)"\n\t" + "cmpl %%r13d, " VAR(KR) "\n\t" "jge 14f\n\t" - "leaq (%[in],"VAR(KR64)",1), %%rcx\n\t" - "leaq (%[out],"VAR(KR64)",1), %%rdx\n\t" + "leaq (%[in]," VAR(KR64) ",1), %%rcx\n\t" + "leaq (%[out]," VAR(KR64) ",1), %%rdx\n\t" AESENC_BLOCK(%%rcx, %%rdx) - "addl $16, "VAR(KR)"\n\t" - "cmpl %%r13d, "VAR(KR)"\n\t" + "addl $16, " VAR(KR) "\n\t" + "cmpl %%r13d, " VAR(KR) "\n\t" "jge 13f\n\t" "\n" "12:\n\t" - "leaq (%[in],"VAR(KR64)",1), %%rcx\n\t" - "leaq (%[out],"VAR(KR64)",1), %%rdx\n\t" + "leaq (%[in]," VAR(KR64) ",1), %%rcx\n\t" + "leaq (%[out]," VAR(KR64) ",1), %%rdx\n\t" AESENC_GFMUL(%%rcx, %%rdx, HR, XR) "pshufb %[BSWAP_MASK], %%xmm4\n\t" - "pxor %%xmm4, "VAR(XR)"\n\t" - "addl $16, "VAR(KR)"\n\t" - "cmpl %%r13d, "VAR(KR)"\n\t" + "pxor %%xmm4, " VAR(XR) "\n\t" + "addl $16, " VAR(KR) "\n\t" + "cmpl %%r13d, " VAR(KR) "\n\t" "jl 12b\n\t" "\n" "13:\n\t" @@ -4659,7 +4659,7 @@ static void AES_GCM_encrypt(const unsigned char *in, unsigned char *out, CALC_TAG() STORE_TAG() - "addq $"VAR(STACK_OFFSET)", %%rsp\n\t" + "addq $" VAR(STACK_OFFSET) ", %%rsp\n\t" : : [KEY] "r" (key), @@ -4700,7 +4700,7 @@ static void AES_GCM_encrypt(const unsigned char *in, unsigned char *out, VAESENC() #define VAESENC_CTR() \ - "vmovdqu "VAR(CTR1)", %%xmm0\n\t" \ + "vmovdqu " VAR(CTR1) ", %%xmm0\n\t" \ "vmovdqa %[BSWAP_EPI64], %%xmm1\n\t" \ "vpshufb %%xmm1, %%xmm0, %%xmm4\n\t" \ "vpaddd %[ONE], %%xmm0, %%xmm5\n\t" \ @@ -4721,7 +4721,7 @@ static void AES_GCM_encrypt(const unsigned char *in, unsigned char *out, #define VAESENC_XOR() \ "vmovdqa (%[KEY]), %%xmm12\n\t" \ - "vmovdqu %%xmm0, "VAR(CTR1)"\n\t" \ + "vmovdqu %%xmm0, " VAR(CTR1) "\n\t" \ "vpxor %%xmm12, %%xmm4, %%xmm4\n\t" \ "vpxor %%xmm12, %%xmm5, %%xmm5\n\t" \ "vpxor %%xmm12, %%xmm6, %%xmm6\n\t" \ @@ -4759,53 +4759,53 @@ static void AES_GCM_encrypt(const unsigned char *in, unsigned char *out, VAESENC_LAST(%[in], %[out]) /* Encrypt and carry-less multiply for AVX1. */ -#define VAESENC_PCLMUL_1(src, o1, o2, o3) \ - "vmovdqu "#o3"("VAR(HTR)"), %%xmm12\n\t" \ - "vmovdqu "#o2"("#src"), %%xmm0\n\t" \ - "vaesenc "#o1"(%[KEY]), %%xmm4, %%xmm4\n\t" \ - "vpshufb %[BSWAP_MASK], %%xmm0, %%xmm0\n\t" \ - "vpxor %%xmm2, %%xmm0, %%xmm0\n\t" \ - "vpshufd $0x4e, %%xmm12, %%xmm1\n\t" \ - "vpshufd $0x4e, %%xmm0, %%xmm14\n\t" \ - "vpxor %%xmm12, %%xmm1, %%xmm1\n\t" \ - "vpxor %%xmm0, %%xmm14, %%xmm14\n\t" \ - "vpclmulqdq $0x11, %%xmm12, %%xmm0, %%xmm3\n\t" \ - "vaesenc "#o1"(%[KEY]), %%xmm5, %%xmm5\n\t" \ - "vaesenc "#o1"(%[KEY]), %%xmm6, %%xmm6\n\t" \ - "vpclmulqdq $0x00, %%xmm12, %%xmm0, %%xmm2\n\t" \ - "vaesenc "#o1"(%[KEY]), %%xmm7, %%xmm7\n\t" \ - "vaesenc "#o1"(%[KEY]), %%xmm8, %%xmm8\n\t" \ - "vpclmulqdq $0x00, %%xmm14, %%xmm1, %%xmm1\n\t" \ - "vaesenc "#o1"(%[KEY]), %%xmm9, %%xmm9\n\t" \ - "vaesenc "#o1"(%[KEY]), %%xmm10, %%xmm10\n\t" \ - "vaesenc "#o1"(%[KEY]), %%xmm11, %%xmm11\n\t" \ - "vpxor %%xmm2, %%xmm1, %%xmm1\n\t" \ - "vpxor %%xmm3, %%xmm1, %%xmm1\n\t" \ +#define VAESENC_PCLMUL_1(src, o1, o2, o3) \ + "vmovdqu " #o3 "(" VAR(HTR) "), %%xmm12\n\t" \ + "vmovdqu " #o2 "(" #src "), %%xmm0\n\t" \ + "vaesenc " #o1 "(%[KEY]), %%xmm4, %%xmm4\n\t" \ + "vpshufb %[BSWAP_MASK], %%xmm0, %%xmm0\n\t" \ + "vpxor %%xmm2, %%xmm0, %%xmm0\n\t" \ + "vpshufd $0x4e, %%xmm12, %%xmm1\n\t" \ + "vpshufd $0x4e, %%xmm0, %%xmm14\n\t" \ + "vpxor %%xmm12, %%xmm1, %%xmm1\n\t" \ + "vpxor %%xmm0, %%xmm14, %%xmm14\n\t" \ + "vpclmulqdq $0x11, %%xmm12, %%xmm0, %%xmm3\n\t" \ + "vaesenc " #o1 "(%[KEY]), %%xmm5, %%xmm5\n\t" \ + "vaesenc " #o1 "(%[KEY]), %%xmm6, %%xmm6\n\t" \ + "vpclmulqdq $0x00, %%xmm12, %%xmm0, %%xmm2\n\t" \ + "vaesenc " #o1 "(%[KEY]), %%xmm7, %%xmm7\n\t" \ + "vaesenc " #o1 "(%[KEY]), %%xmm8, %%xmm8\n\t" \ + "vpclmulqdq $0x00, %%xmm14, %%xmm1, %%xmm1\n\t" \ + "vaesenc " #o1 "(%[KEY]), %%xmm9, %%xmm9\n\t" \ + "vaesenc " #o1 "(%[KEY]), %%xmm10, %%xmm10\n\t" \ + "vaesenc " #o1 "(%[KEY]), %%xmm11, %%xmm11\n\t" \ + "vpxor %%xmm2, %%xmm1, %%xmm1\n\t" \ + "vpxor %%xmm3, %%xmm1, %%xmm1\n\t" \ -#define VAESENC_PCLMUL_N(src, o1, o2, o3) \ - "vmovdqu "#o3"("VAR(HTR)"), %%xmm12\n\t" \ - "vmovdqu "#o2"("#src"), %%xmm0\n\t" \ - "vpshufd $0x4e, %%xmm12, %%xmm13\n\t" \ - "vpshufb %[BSWAP_MASK], %%xmm0, %%xmm0\n\t" \ - "vaesenc "#o1"(%[KEY]), %%xmm4, %%xmm4\n\t" \ - "vpxor %%xmm12, %%xmm13, %%xmm13\n\t" \ - "vpshufd $0x4e, %%xmm0, %%xmm14\n\t" \ - "vpxor %%xmm0, %%xmm14, %%xmm14\n\t" \ - "vpclmulqdq $0x11, %%xmm12, %%xmm0, %%xmm15\n\t" \ - "vaesenc "#o1"(%[KEY]), %%xmm5, %%xmm5\n\t" \ - "vaesenc "#o1"(%[KEY]), %%xmm6, %%xmm6\n\t" \ - "vpclmulqdq $0x00, %%xmm12, %%xmm0, %%xmm12\n\t" \ - "vaesenc "#o1"(%[KEY]), %%xmm7, %%xmm7\n\t" \ - "vaesenc "#o1"(%[KEY]), %%xmm8, %%xmm8\n\t" \ - "vpclmulqdq $0x00, %%xmm14, %%xmm13, %%xmm13\n\t" \ - "vaesenc "#o1"(%[KEY]), %%xmm9, %%xmm9\n\t" \ - "vaesenc "#o1"(%[KEY]), %%xmm10, %%xmm10\n\t" \ - "vaesenc "#o1"(%[KEY]), %%xmm11, %%xmm11\n\t" \ - "vpxor %%xmm12, %%xmm1, %%xmm1\n\t" \ - "vpxor %%xmm12, %%xmm2, %%xmm2\n\t" \ - "vpxor %%xmm15, %%xmm1, %%xmm1\n\t" \ - "vpxor %%xmm15, %%xmm3, %%xmm3\n\t" \ - "vpxor %%xmm13, %%xmm1, %%xmm1\n\t" \ +#define VAESENC_PCLMUL_N(src, o1, o2, o3) \ + "vmovdqu " #o3 "(" VAR(HTR) "), %%xmm12\n\t" \ + "vmovdqu " #o2 "(" #src "), %%xmm0\n\t" \ + "vpshufd $0x4e, %%xmm12, %%xmm13\n\t" \ + "vpshufb %[BSWAP_MASK], %%xmm0, %%xmm0\n\t" \ + "vaesenc " #o1 "(%[KEY]), %%xmm4, %%xmm4\n\t" \ + "vpxor %%xmm12, %%xmm13, %%xmm13\n\t" \ + "vpshufd $0x4e, %%xmm0, %%xmm14\n\t" \ + "vpxor %%xmm0, %%xmm14, %%xmm14\n\t" \ + "vpclmulqdq $0x11, %%xmm12, %%xmm0, %%xmm15\n\t" \ + "vaesenc " #o1 "(%[KEY]), %%xmm5, %%xmm5\n\t" \ + "vaesenc " #o1 "(%[KEY]), %%xmm6, %%xmm6\n\t" \ + "vpclmulqdq $0x00, %%xmm12, %%xmm0, %%xmm12\n\t" \ + "vaesenc " #o1 "(%[KEY]), %%xmm7, %%xmm7\n\t" \ + "vaesenc " #o1 "(%[KEY]), %%xmm8, %%xmm8\n\t" \ + "vpclmulqdq $0x00, %%xmm14, %%xmm13, %%xmm13\n\t" \ + "vaesenc " #o1 "(%[KEY]), %%xmm9, %%xmm9\n\t" \ + "vaesenc " #o1 "(%[KEY]), %%xmm10, %%xmm10\n\t" \ + "vaesenc " #o1 "(%[KEY]), %%xmm11, %%xmm11\n\t" \ + "vpxor %%xmm12, %%xmm1, %%xmm1\n\t" \ + "vpxor %%xmm12, %%xmm2, %%xmm2\n\t" \ + "vpxor %%xmm15, %%xmm1, %%xmm1\n\t" \ + "vpxor %%xmm15, %%xmm3, %%xmm3\n\t" \ + "vpxor %%xmm13, %%xmm1, %%xmm1\n\t" \ #define VAESENC_PCLMUL_L(o) \ "vpslldq $8, %%xmm1, %%xmm14\n\t" \ @@ -4842,120 +4842,120 @@ static void AES_GCM_encrypt(const unsigned char *in, unsigned char *out, #define VAESENC_LAST(in, out) \ "vaesenclast %%xmm12, %%xmm4, %%xmm4\n\t" \ "vaesenclast %%xmm12, %%xmm5, %%xmm5\n\t" \ - "vmovdqu ("#in"), %%xmm0\n\t" \ - "vmovdqu 16("#in"), %%xmm1\n\t" \ + "vmovdqu (" #in "), %%xmm0\n\t" \ + "vmovdqu 16(" #in "), %%xmm1\n\t" \ "vpxor %%xmm0, %%xmm4, %%xmm4\n\t" \ "vpxor %%xmm1, %%xmm5, %%xmm5\n\t" \ - "vmovdqu %%xmm4, ("#out")\n\t" \ - "vmovdqu %%xmm5, 16("#out")\n\t" \ + "vmovdqu %%xmm4, (" #out ")\n\t" \ + "vmovdqu %%xmm5, 16(" #out ")\n\t" \ "vaesenclast %%xmm12, %%xmm6, %%xmm6\n\t" \ "vaesenclast %%xmm12, %%xmm7, %%xmm7\n\t" \ - "vmovdqu 32("#in"), %%xmm0\n\t" \ - "vmovdqu 48("#in"), %%xmm1\n\t" \ + "vmovdqu 32(" #in "), %%xmm0\n\t" \ + "vmovdqu 48(" #in "), %%xmm1\n\t" \ "vpxor %%xmm0, %%xmm6, %%xmm6\n\t" \ "vpxor %%xmm1, %%xmm7, %%xmm7\n\t" \ - "vmovdqu %%xmm6, 32("#out")\n\t" \ - "vmovdqu %%xmm7, 48("#out")\n\t" \ + "vmovdqu %%xmm6, 32(" #out ")\n\t" \ + "vmovdqu %%xmm7, 48(" #out ")\n\t" \ "vaesenclast %%xmm12, %%xmm8, %%xmm8\n\t" \ "vaesenclast %%xmm12, %%xmm9, %%xmm9\n\t" \ - "vmovdqu 64("#in"), %%xmm0\n\t" \ - "vmovdqu 80("#in"), %%xmm1\n\t" \ + "vmovdqu 64(" #in "), %%xmm0\n\t" \ + "vmovdqu 80(" #in "), %%xmm1\n\t" \ "vpxor %%xmm0, %%xmm8, %%xmm8\n\t" \ "vpxor %%xmm1, %%xmm9, %%xmm9\n\t" \ - "vmovdqu %%xmm8, 64("#out")\n\t" \ - "vmovdqu %%xmm9, 80("#out")\n\t" \ + "vmovdqu %%xmm8, 64(" #out ")\n\t" \ + "vmovdqu %%xmm9, 80(" #out ")\n\t" \ "vaesenclast %%xmm12, %%xmm10, %%xmm10\n\t" \ "vaesenclast %%xmm12, %%xmm11, %%xmm11\n\t" \ - "vmovdqu 96("#in"), %%xmm0\n\t" \ - "vmovdqu 112("#in"), %%xmm1\n\t" \ + "vmovdqu 96(" #in "), %%xmm0\n\t" \ + "vmovdqu 112(" #in "), %%xmm1\n\t" \ "vpxor %%xmm0, %%xmm10, %%xmm10\n\t" \ "vpxor %%xmm1, %%xmm11, %%xmm11\n\t" \ - "vmovdqu %%xmm10, 96("#out")\n\t" \ - "vmovdqu %%xmm11, 112("#out")\n\t" + "vmovdqu %%xmm10, 96(" #out ")\n\t" \ + "vmovdqu %%xmm11, 112(" #out ")\n\t" -#define VAESENC_BLOCK() \ - "vmovdqu "VAR(CTR1)", %%xmm5\n\t" \ - "vpshufb %[BSWAP_EPI64], %%xmm5, %%xmm4\n\t" \ - "vpaddd %[ONE], %%xmm5, %%xmm5\n\t" \ - "vmovdqu %%xmm5, "VAR(CTR1)"\n\t" \ - "vpxor (%[KEY]), %%xmm4, %%xmm4\n\t" \ - "vaesenc 16(%[KEY]), %%xmm4, %%xmm4\n\t" \ - "vaesenc 32(%[KEY]), %%xmm4, %%xmm4\n\t" \ - "vaesenc 48(%[KEY]), %%xmm4, %%xmm4\n\t" \ - "vaesenc 64(%[KEY]), %%xmm4, %%xmm4\n\t" \ - "vaesenc 80(%[KEY]), %%xmm4, %%xmm4\n\t" \ - "vaesenc 96(%[KEY]), %%xmm4, %%xmm4\n\t" \ - "vaesenc 112(%[KEY]), %%xmm4, %%xmm4\n\t" \ - "vaesenc 128(%[KEY]), %%xmm4, %%xmm4\n\t" \ - "vaesenc 144(%[KEY]), %%xmm4, %%xmm4\n\t" \ - "cmpl $11, %[nr]\n\t" \ - "vmovdqa 160(%[KEY]), %%xmm5\n\t" \ - "jl %=f\n\t" \ - "vaesenc %%xmm5, %%xmm4, %%xmm4\n\t" \ - "vaesenc 176(%[KEY]), %%xmm4, %%xmm4\n\t" \ - "cmpl $13, %[nr]\n\t" \ - "vmovdqa 192(%[KEY]), %%xmm5\n\t" \ - "jl %=f\n\t" \ - "vaesenc %%xmm5, %%xmm4, %%xmm4\n\t" \ - "vaesenc 208(%[KEY]), %%xmm4, %%xmm4\n\t" \ - "vmovdqa 224(%[KEY]), %%xmm5\n\t" \ - "%=:\n\t" \ - "vaesenclast %%xmm5, %%xmm4, %%xmm4\n\t" \ - "vmovdqu (%[in],"VAR(KR64)",1), %%xmm5\n\t" \ - "vpxor %%xmm5, %%xmm4, %%xmm4\n\t" \ - "vmovdqu %%xmm4, (%[out],"VAR(KR64)",1)\n\t" \ - "vpshufb %[BSWAP_MASK], %%xmm4, %%xmm4\n\t" \ - "vpxor %%xmm4, "VAR(XR)", "VAR(XR)"\n\t" +#define VAESENC_BLOCK() \ + "vmovdqu " VAR(CTR1) ", %%xmm5\n\t" \ + "vpshufb %[BSWAP_EPI64], %%xmm5, %%xmm4\n\t" \ + "vpaddd %[ONE], %%xmm5, %%xmm5\n\t" \ + "vmovdqu %%xmm5, " VAR(CTR1) "\n\t" \ + "vpxor (%[KEY]), %%xmm4, %%xmm4\n\t" \ + "vaesenc 16(%[KEY]), %%xmm4, %%xmm4\n\t" \ + "vaesenc 32(%[KEY]), %%xmm4, %%xmm4\n\t" \ + "vaesenc 48(%[KEY]), %%xmm4, %%xmm4\n\t" \ + "vaesenc 64(%[KEY]), %%xmm4, %%xmm4\n\t" \ + "vaesenc 80(%[KEY]), %%xmm4, %%xmm4\n\t" \ + "vaesenc 96(%[KEY]), %%xmm4, %%xmm4\n\t" \ + "vaesenc 112(%[KEY]), %%xmm4, %%xmm4\n\t" \ + "vaesenc 128(%[KEY]), %%xmm4, %%xmm4\n\t" \ + "vaesenc 144(%[KEY]), %%xmm4, %%xmm4\n\t" \ + "cmpl $11, %[nr]\n\t" \ + "vmovdqa 160(%[KEY]), %%xmm5\n\t" \ + "jl %=f\n\t" \ + "vaesenc %%xmm5, %%xmm4, %%xmm4\n\t" \ + "vaesenc 176(%[KEY]), %%xmm4, %%xmm4\n\t" \ + "cmpl $13, %[nr]\n\t" \ + "vmovdqa 192(%[KEY]), %%xmm5\n\t" \ + "jl %=f\n\t" \ + "vaesenc %%xmm5, %%xmm4, %%xmm4\n\t" \ + "vaesenc 208(%[KEY]), %%xmm4, %%xmm4\n\t" \ + "vmovdqa 224(%[KEY]), %%xmm5\n\t" \ + "%=:\n\t" \ + "vaesenclast %%xmm5, %%xmm4, %%xmm4\n\t" \ + "vmovdqu (%[in]," VAR(KR64) ",1), %%xmm5\n\t" \ + "vpxor %%xmm5, %%xmm4, %%xmm4\n\t" \ + "vmovdqu %%xmm4, (%[out]," VAR(KR64) ",1)\n\t" \ + "vpshufb %[BSWAP_MASK], %%xmm4, %%xmm4\n\t" \ + "vpxor %%xmm4, " VAR(XR) ", " VAR(XR) "\n\t" -#define _VAESENC_GFMUL(in, H, X) \ - "vmovdqu "VAR(CTR1)", %%xmm5\n\t" \ - "vpshufb %[BSWAP_EPI64], %%xmm5, %%xmm4\n\t" \ - "vpaddd %[ONE], %%xmm5, %%xmm5\n\t" \ - "vmovdqu %%xmm5, "VAR(CTR1)"\n\t" \ - "vpxor (%[KEY]), %%xmm4, %%xmm4\n\t" \ - "vpclmulqdq $0x10, "#H", "#X", %%xmm6\n\t" \ - "vaesenc 16(%[KEY]), %%xmm4, %%xmm4\n\t" \ - "vaesenc 32(%[KEY]), %%xmm4, %%xmm4\n\t" \ - "vpclmulqdq $0x01, "#H", "#X", %%xmm7\n\t" \ - "vaesenc 48(%[KEY]), %%xmm4, %%xmm4\n\t" \ - "vaesenc 64(%[KEY]), %%xmm4, %%xmm4\n\t" \ - "vpclmulqdq $0x00, "#H", "#X", %%xmm8\n\t" \ - "vaesenc 80(%[KEY]), %%xmm4, %%xmm4\n\t" \ - "vpclmulqdq $0x11, "#H", "#X", %%xmm1\n\t" \ - "vaesenc 96(%[KEY]), %%xmm4, %%xmm4\n\t" \ - "vpxor %%xmm7, %%xmm6, %%xmm6\n\t" \ - "vpslldq $8, %%xmm6, %%xmm2\n\t" \ - "vpsrldq $8, %%xmm6, %%xmm6\n\t" \ - "vaesenc 112(%[KEY]), %%xmm4, %%xmm4\n\t" \ - "vpxor %%xmm8, %%xmm2, %%xmm2\n\t" \ - "vpxor %%xmm6, %%xmm1, %%xmm3\n\t" \ - "vmovdqa %[MOD2_128], %%xmm0\n\t" \ - "vpclmulqdq $0x10, %%xmm0, %%xmm2, %%xmm7\n\t" \ - "vaesenc 128(%[KEY]), %%xmm4, %%xmm4\n\t" \ - "vpshufd $0x4e, %%xmm2, %%xmm6\n\t" \ - "vpxor %%xmm7, %%xmm6, %%xmm6\n\t" \ - "vpclmulqdq $0x10, %%xmm0, %%xmm6, %%xmm7\n\t" \ - "vaesenc 144(%[KEY]), %%xmm4, %%xmm4\n\t" \ - "vpshufd $0x4e, %%xmm6, %%xmm6\n\t" \ - "vpxor %%xmm7, %%xmm6, %%xmm6\n\t" \ - "vpxor %%xmm3, %%xmm6, "VAR(XR)"\n\t" \ - "cmpl $11, %[nr]\n\t" \ - "vmovdqa 160(%[KEY]), %%xmm5\n\t" \ - "jl 1f\n\t" \ - "vaesenc %%xmm5, %%xmm4, %%xmm4\n\t" \ - "vaesenc 176(%[KEY]), %%xmm4, %%xmm4\n\t" \ - "cmpl $13, %[nr]\n\t" \ - "vmovdqa 192(%[KEY]), %%xmm5\n\t" \ - "jl 1f\n\t" \ - "vaesenc %%xmm5, %%xmm4, %%xmm4\n\t" \ - "vaesenc 208(%[KEY]), %%xmm4, %%xmm4\n\t" \ - "vmovdqa 224(%[KEY]), %%xmm5\n\t" \ - "1:\n\t" \ - "vaesenclast %%xmm5, %%xmm4, %%xmm4\n\t" \ - "vmovdqu "#in", %%xmm0\n\t" \ - "vpxor %%xmm0, %%xmm4, %%xmm4\n\t" \ - "vmovdqu %%xmm4, (%[out],"VAR(KR64)",1)\n\t" -#define VAESENC_GFMUL(in, H, X) \ +#define _VAESENC_GFMUL(in, H, X) \ + "vmovdqu " VAR(CTR1) ", %%xmm5\n\t" \ + "vpshufb %[BSWAP_EPI64], %%xmm5, %%xmm4\n\t" \ + "vpaddd %[ONE], %%xmm5, %%xmm5\n\t" \ + "vmovdqu %%xmm5, " VAR(CTR1) "\n\t" \ + "vpxor (%[KEY]), %%xmm4, %%xmm4\n\t" \ + "vpclmulqdq $0x10, " #H ", " #X ", %%xmm6\n\t" \ + "vaesenc 16(%[KEY]), %%xmm4, %%xmm4\n\t" \ + "vaesenc 32(%[KEY]), %%xmm4, %%xmm4\n\t" \ + "vpclmulqdq $0x01, " #H ", " #X ", %%xmm7\n\t" \ + "vaesenc 48(%[KEY]), %%xmm4, %%xmm4\n\t" \ + "vaesenc 64(%[KEY]), %%xmm4, %%xmm4\n\t" \ + "vpclmulqdq $0x00, " #H ", " #X ", %%xmm8\n\t" \ + "vaesenc 80(%[KEY]), %%xmm4, %%xmm4\n\t" \ + "vpclmulqdq $0x11, " #H ", " #X ", %%xmm1\n\t" \ + "vaesenc 96(%[KEY]), %%xmm4, %%xmm4\n\t" \ + "vpxor %%xmm7, %%xmm6, %%xmm6\n\t" \ + "vpslldq $8, %%xmm6, %%xmm2\n\t" \ + "vpsrldq $8, %%xmm6, %%xmm6\n\t" \ + "vaesenc 112(%[KEY]), %%xmm4, %%xmm4\n\t" \ + "vpxor %%xmm8, %%xmm2, %%xmm2\n\t" \ + "vpxor %%xmm6, %%xmm1, %%xmm3\n\t" \ + "vmovdqa %[MOD2_128], %%xmm0\n\t" \ + "vpclmulqdq $0x10, %%xmm0, %%xmm2, %%xmm7\n\t" \ + "vaesenc 128(%[KEY]), %%xmm4, %%xmm4\n\t" \ + "vpshufd $0x4e, %%xmm2, %%xmm6\n\t" \ + "vpxor %%xmm7, %%xmm6, %%xmm6\n\t" \ + "vpclmulqdq $0x10, %%xmm0, %%xmm6, %%xmm7\n\t" \ + "vaesenc 144(%[KEY]), %%xmm4, %%xmm4\n\t" \ + "vpshufd $0x4e, %%xmm6, %%xmm6\n\t" \ + "vpxor %%xmm7, %%xmm6, %%xmm6\n\t" \ + "vpxor %%xmm3, %%xmm6, " VAR(XR) "\n\t" \ + "cmpl $11, %[nr]\n\t" \ + "vmovdqa 160(%[KEY]), %%xmm5\n\t" \ + "jl 1f\n\t" \ + "vaesenc %%xmm5, %%xmm4, %%xmm4\n\t" \ + "vaesenc 176(%[KEY]), %%xmm4, %%xmm4\n\t" \ + "cmpl $13, %[nr]\n\t" \ + "vmovdqa 192(%[KEY]), %%xmm5\n\t" \ + "jl 1f\n\t" \ + "vaesenc %%xmm5, %%xmm4, %%xmm4\n\t" \ + "vaesenc 208(%[KEY]), %%xmm4, %%xmm4\n\t" \ + "vmovdqa 224(%[KEY]), %%xmm5\n\t" \ + "1:\n\t" \ + "vaesenclast %%xmm5, %%xmm4, %%xmm4\n\t" \ + "vmovdqu " #in ", %%xmm0\n\t" \ + "vpxor %%xmm0, %%xmm4, %%xmm4\n\t" \ + "vmovdqu %%xmm4, (%[out]," VAR(KR64) ",1)\n\t" +#define VAESENC_GFMUL(in, H, X) \ _VAESENC_GFMUL(in, H, X) @@ -4970,11 +4970,11 @@ static void AES_GCM_encrypt(const unsigned char *in, unsigned char *out, "vpxor %%xmm0, %%xmm1, %%xmm1\n\t" \ "vpxor %%xmm3, %%xmm1, %%xmm1\n\t" \ "vmovdqa %%xmm0, "#r2"\n\t" \ - "vmovdqa %%xmm3, "#r"\n\t" \ + "vmovdqa %%xmm3, " #r "\n\t" \ "vpslldq $8, %%xmm1, %%xmm2\n\t" \ "vpsrldq $8, %%xmm1, %%xmm1\n\t" \ "vpxor %%xmm2, "#r2", "#r2"\n\t" \ - "vpxor %%xmm1, "#r", "#r"\n\t" + "vpxor %%xmm1, " #r ", " #r "\n\t" #define GHASH_GFMUL_AVX1(r, r2, a, b) \ _GHASH_GFMUL_AVX1(r, r2, a, b) @@ -4989,25 +4989,25 @@ static void AES_GCM_encrypt(const unsigned char *in, unsigned char *out, "vpxor %%xmm0, %%xmm1, %%xmm1\n\t" \ "vpxor %%xmm3, %%xmm1, %%xmm1\n\t" \ "vpxor %%xmm0, "#r2", "#r2"\n\t" \ - "vpxor %%xmm3, "#r", "#r"\n\t" \ + "vpxor %%xmm3, " #r ", " #r "\n\t" \ "vpslldq $8, %%xmm1, %%xmm2\n\t" \ "vpsrldq $8, %%xmm1, %%xmm1\n\t" \ "vpxor %%xmm2, "#r2", "#r2"\n\t" \ - "vpxor %%xmm1, "#r", "#r"\n\t" + "vpxor %%xmm1, " #r ", " #r "\n\t" #define GHASH_GFMUL_XOR_AVX1(r, r2, a, b) \ _GHASH_GFMUL_XOR_AVX1(r, r2, a, b) -#define GHASH_MID_AVX1(r, r2) \ - "vpsrld $31, "#r2", %%xmm0\n\t" \ - "vpsrld $31, "#r", %%xmm1\n\t" \ - "vpslld $1, "#r2", "#r2"\n\t" \ - "vpslld $1, "#r", "#r"\n\t" \ - "vpsrldq $12, %%xmm0, %%xmm2\n\t" \ - "vpslldq $4, %%xmm0, %%xmm0\n\t" \ - "vpslldq $4, %%xmm1, %%xmm1\n\t" \ - "vpor %%xmm2, "#r", "#r"\n\t" \ - "vpor %%xmm0, "#r2", "#r2"\n\t" \ - "vpor %%xmm1, "#r", "#r"\n\t" +#define GHASH_MID_AVX1(r, r2) \ + "vpsrld $31, "#r2", %%xmm0\n\t" \ + "vpsrld $31, " #r ", %%xmm1\n\t" \ + "vpslld $1, "#r2", "#r2"\n\t" \ + "vpslld $1, " #r ", " #r "\n\t" \ + "vpsrldq $12, %%xmm0, %%xmm2\n\t" \ + "vpslldq $4, %%xmm0, %%xmm0\n\t" \ + "vpslldq $4, %%xmm1, %%xmm1\n\t" \ + "vpor %%xmm2, " #r ", " #r "\n\t" \ + "vpor %%xmm0, "#r2", "#r2"\n\t" \ + "vpor %%xmm1, " #r ", " #r "\n\t" #define _GHASH_GFMUL_RED_AVX1(r, a, b) \ "vpshufd $0x4e, "#a", %%xmm5\n\t" \ @@ -5022,7 +5022,7 @@ static void AES_GCM_encrypt(const unsigned char *in, unsigned char *out, "vpslldq $8, %%xmm5, %%xmm6\n\t" \ "vpsrldq $8, %%xmm5, %%xmm5\n\t" \ "vpxor %%xmm6, %%xmm4, %%xmm4\n\t" \ - "vpxor %%xmm5, %%xmm7, "#r"\n\t" \ + "vpxor %%xmm5, %%xmm7, " #r "\n\t" \ "vpslld $31, %%xmm4, %%xmm8\n\t" \ "vpslld $30, %%xmm4, %%xmm9\n\t" \ "vpslld $25, %%xmm4, %%xmm10\n\t" \ @@ -5038,13 +5038,13 @@ static void AES_GCM_encrypt(const unsigned char *in, unsigned char *out, "vpxor %%xmm5, %%xmm10, %%xmm10\n\t" \ "vpxor %%xmm9, %%xmm10, %%xmm10\n\t" \ "vpxor %%xmm4, %%xmm10, %%xmm10\n\t" \ - "vpxor %%xmm10, "#r", "#r"\n\t" + "vpxor %%xmm10, " #r ", " #r "\n\t" #define GHASH_GFMUL_RED_AVX1(r, a, b) \ _GHASH_GFMUL_RED_AVX1(r, a, b) #define _GHASH_GFSQR_RED_AVX1(r, a) \ "vpclmulqdq $0x00, "#a", "#a", %%xmm4\n\t" \ - "vpclmulqdq $0x11, "#a", "#a", "#r"\n\t" \ + "vpclmulqdq $0x11, "#a", "#a", " #r "\n\t" \ "vpslld $31, %%xmm4, %%xmm8\n\t" \ "vpslld $30, %%xmm4, %%xmm9\n\t" \ "vpslld $25, %%xmm4, %%xmm10\n\t" \ @@ -5060,7 +5060,7 @@ static void AES_GCM_encrypt(const unsigned char *in, unsigned char *out, "vpxor %%xmm5, %%xmm10, %%xmm10\n\t" \ "vpxor %%xmm9, %%xmm10, %%xmm10\n\t" \ "vpxor %%xmm4, %%xmm10, %%xmm10\n\t" \ - "vpxor %%xmm10, "#r", "#r"\n\t" + "vpxor %%xmm10, " #r ", " #r "\n\t" #define GHASH_GFSQR_RED_AVX1(r, a) \ _GHASH_GFSQR_RED_AVX1(r, a) @@ -5081,7 +5081,7 @@ static void AES_GCM_encrypt(const unsigned char *in, unsigned char *out, "vpxor %%xmm0, %%xmm2, %%xmm2\n\t" \ "vpxor %%xmm1, %%xmm2, %%xmm2\n\t" \ "vpxor "#r2", %%xmm2, %%xmm2\n\t" \ - "vpxor %%xmm2, "#r", "#r"\n\t" + "vpxor %%xmm2, " #r ", " #r "\n\t" #define GHASH_GFMUL_RED_XOR_AVX1(r, r2, a, b) \ GHASH_GFMUL_XOR_AVX1(r, r2, a, b) \ @@ -5092,198 +5092,198 @@ static void AES_GCM_encrypt(const unsigned char *in, unsigned char *out, GHASH_MID_AVX1(r, r2) \ GHASH_RED_AVX1(r, r2) -#define CALC_IV_12_AVX1() \ - "# Calculate values when IV is 12 bytes\n\t" \ - "# Set counter based on IV\n\t" \ - "movl $0x01000000, %%ecx\n\t" \ - "vpinsrq $0, 0(%%rax), %%xmm13, %%xmm13\n\t" \ - "vpinsrd $2, 8(%%rax), %%xmm13, %%xmm13\n\t" \ - "vpinsrd $3, %%ecx, %%xmm13, %%xmm13\n\t" \ - "# H = Encrypt X(=0) and T = Encrypt counter\n\t" \ - "vmovdqa 0(%[KEY]), "VAR(HR)"\n\t" \ - "vpxor "VAR(HR)", %%xmm13, %%xmm1\n\t" \ - "vmovdqa 16(%[KEY]), %%xmm12\n\t" \ - "vaesenc %%xmm12, "VAR(HR)", "VAR(HR)"\n\t" \ - "vaesenc %%xmm12, %%xmm1, %%xmm1\n\t" \ - "vmovdqa 32(%[KEY]), %%xmm12\n\t" \ - "vaesenc %%xmm12, "VAR(HR)", "VAR(HR)"\n\t" \ - "vaesenc %%xmm12, %%xmm1, %%xmm1\n\t" \ - "vmovdqa 48(%[KEY]), %%xmm12\n\t" \ - "vaesenc %%xmm12, "VAR(HR)", "VAR(HR)"\n\t" \ - "vaesenc %%xmm12, %%xmm1, %%xmm1\n\t" \ - "vmovdqa 64(%[KEY]), %%xmm12\n\t" \ - "vaesenc %%xmm12, "VAR(HR)", "VAR(HR)"\n\t" \ - "vaesenc %%xmm12, %%xmm1, %%xmm1\n\t" \ - "vmovdqa 80(%[KEY]), %%xmm12\n\t" \ - "vaesenc %%xmm12, "VAR(HR)", "VAR(HR)"\n\t" \ - "vaesenc %%xmm12, %%xmm1, %%xmm1\n\t" \ - "vmovdqa 96(%[KEY]), %%xmm12\n\t" \ - "vaesenc %%xmm12, "VAR(HR)", "VAR(HR)"\n\t" \ - "vaesenc %%xmm12, %%xmm1, %%xmm1\n\t" \ - "vmovdqa 112(%[KEY]), %%xmm12\n\t" \ - "vaesenc %%xmm12, "VAR(HR)", "VAR(HR)"\n\t" \ - "vaesenc %%xmm12, %%xmm1, %%xmm1\n\t" \ - "vmovdqa 128(%[KEY]), %%xmm12\n\t" \ - "vaesenc %%xmm12, "VAR(HR)", "VAR(HR)"\n\t" \ - "vaesenc %%xmm12, %%xmm1, %%xmm1\n\t" \ - "vmovdqa 144(%[KEY]), %%xmm12\n\t" \ - "vaesenc %%xmm12, "VAR(HR)", "VAR(HR)"\n\t" \ - "vaesenc %%xmm12, %%xmm1, %%xmm1\n\t" \ - "cmpl $11, %[nr]\n\t" \ - "vmovdqa 160(%[KEY]), %%xmm12\n\t" \ - "jl 31f\n\t" \ - "vaesenc %%xmm12, "VAR(HR)", "VAR(HR)"\n\t" \ - "vaesenc %%xmm12, %%xmm1, %%xmm1\n\t" \ - "vmovdqa 176(%[KEY]), %%xmm12\n\t" \ - "vaesenc %%xmm12, "VAR(HR)", "VAR(HR)"\n\t" \ - "vaesenc %%xmm12, %%xmm1, %%xmm1\n\t" \ - "cmpl $13, %[nr]\n\t" \ - "vmovdqa 192(%[KEY]), %%xmm12\n\t" \ - "jl 31f\n\t" \ - "vaesenc %%xmm12, "VAR(HR)", "VAR(HR)"\n\t" \ - "vaesenc %%xmm12, %%xmm1, %%xmm1\n\t" \ - "vmovdqa 208(%[KEY]), %%xmm12\n\t" \ - "vaesenc %%xmm12, "VAR(HR)", "VAR(HR)"\n\t" \ - "vaesenc %%xmm12, %%xmm1, %%xmm1\n\t" \ - "vmovdqu 224(%[KEY]), %%xmm12\n\t" \ - "31:\n\t" \ - "vaesenclast %%xmm12, "VAR(HR)", "VAR(HR)"\n\t" \ - "vaesenclast %%xmm12, %%xmm1, %%xmm1\n\t" \ - "vpshufb %[BSWAP_MASK], "VAR(HR)", "VAR(HR)"\n\t" \ - "vmovdqu %%xmm1, "VAR(TR)"\n\t" \ +#define CALC_IV_12_AVX1() \ + "# Calculate values when IV is 12 bytes\n\t" \ + "# Set counter based on IV\n\t" \ + "movl $0x01000000, %%ecx\n\t" \ + "vpinsrq $0, 0(%%rax), %%xmm13, %%xmm13\n\t" \ + "vpinsrd $2, 8(%%rax), %%xmm13, %%xmm13\n\t" \ + "vpinsrd $3, %%ecx, %%xmm13, %%xmm13\n\t" \ + "# H = Encrypt X(=0) and T = Encrypt counter\n\t" \ + "vmovdqa 0(%[KEY]), " VAR(HR) "\n\t" \ + "vpxor " VAR(HR) ", %%xmm13, %%xmm1\n\t" \ + "vmovdqa 16(%[KEY]), %%xmm12\n\t" \ + "vaesenc %%xmm12, " VAR(HR) ", " VAR(HR) "\n\t" \ + "vaesenc %%xmm12, %%xmm1, %%xmm1\n\t" \ + "vmovdqa 32(%[KEY]), %%xmm12\n\t" \ + "vaesenc %%xmm12, " VAR(HR) ", " VAR(HR) "\n\t" \ + "vaesenc %%xmm12, %%xmm1, %%xmm1\n\t" \ + "vmovdqa 48(%[KEY]), %%xmm12\n\t" \ + "vaesenc %%xmm12, " VAR(HR) ", " VAR(HR) "\n\t" \ + "vaesenc %%xmm12, %%xmm1, %%xmm1\n\t" \ + "vmovdqa 64(%[KEY]), %%xmm12\n\t" \ + "vaesenc %%xmm12, " VAR(HR) ", " VAR(HR) "\n\t" \ + "vaesenc %%xmm12, %%xmm1, %%xmm1\n\t" \ + "vmovdqa 80(%[KEY]), %%xmm12\n\t" \ + "vaesenc %%xmm12, " VAR(HR) ", " VAR(HR) "\n\t" \ + "vaesenc %%xmm12, %%xmm1, %%xmm1\n\t" \ + "vmovdqa 96(%[KEY]), %%xmm12\n\t" \ + "vaesenc %%xmm12, " VAR(HR) ", " VAR(HR) "\n\t" \ + "vaesenc %%xmm12, %%xmm1, %%xmm1\n\t" \ + "vmovdqa 112(%[KEY]), %%xmm12\n\t" \ + "vaesenc %%xmm12, " VAR(HR) ", " VAR(HR) "\n\t" \ + "vaesenc %%xmm12, %%xmm1, %%xmm1\n\t" \ + "vmovdqa 128(%[KEY]), %%xmm12\n\t" \ + "vaesenc %%xmm12, " VAR(HR) ", " VAR(HR) "\n\t" \ + "vaesenc %%xmm12, %%xmm1, %%xmm1\n\t" \ + "vmovdqa 144(%[KEY]), %%xmm12\n\t" \ + "vaesenc %%xmm12, " VAR(HR) ", " VAR(HR) "\n\t" \ + "vaesenc %%xmm12, %%xmm1, %%xmm1\n\t" \ + "cmpl $11, %[nr]\n\t" \ + "vmovdqa 160(%[KEY]), %%xmm12\n\t" \ + "jl 31f\n\t" \ + "vaesenc %%xmm12, " VAR(HR) ", " VAR(HR) "\n\t" \ + "vaesenc %%xmm12, %%xmm1, %%xmm1\n\t" \ + "vmovdqa 176(%[KEY]), %%xmm12\n\t" \ + "vaesenc %%xmm12, " VAR(HR) ", " VAR(HR) "\n\t" \ + "vaesenc %%xmm12, %%xmm1, %%xmm1\n\t" \ + "cmpl $13, %[nr]\n\t" \ + "vmovdqa 192(%[KEY]), %%xmm12\n\t" \ + "jl 31f\n\t" \ + "vaesenc %%xmm12, " VAR(HR) ", " VAR(HR) "\n\t" \ + "vaesenc %%xmm12, %%xmm1, %%xmm1\n\t" \ + "vmovdqa 208(%[KEY]), %%xmm12\n\t" \ + "vaesenc %%xmm12, " VAR(HR) ", " VAR(HR) "\n\t" \ + "vaesenc %%xmm12, %%xmm1, %%xmm1\n\t" \ + "vmovdqu 224(%[KEY]), %%xmm12\n\t" \ + "31:\n\t" \ + "vaesenclast %%xmm12, " VAR(HR) ", " VAR(HR) "\n\t" \ + "vaesenclast %%xmm12, %%xmm1, %%xmm1\n\t" \ + "vpshufb %[BSWAP_MASK], " VAR(HR) ", " VAR(HR) "\n\t" \ + "vmovdqu %%xmm1, " VAR(TR) "\n\t" \ "jmp 39f\n\t" -#define CALC_IV_AVX1() \ - "# Calculate values when IV is not 12 bytes\n\t" \ - "# H = Encrypt X(=0)\n\t" \ - "vmovdqa 0(%[KEY]), "VAR(HR)"\n\t" \ - VAESENC_AVX(HR) \ - "vpshufb %[BSWAP_MASK], "VAR(HR)", "VAR(HR)"\n\t" \ - "# Calc counter\n\t" \ - "# Initialization vector\n\t" \ - "cmpl $0, %%edx\n\t" \ - "movq $0, %%rcx\n\t" \ - "je 45f\n\t" \ - "cmpl $16, %%edx\n\t" \ - "jl 44f\n\t" \ - "andl $0xfffffff0, %%edx\n\t" \ - "\n" \ - "43:\n\t" \ - "vmovdqu (%%rax,%%rcx,1), %%xmm4\n\t" \ - "vpshufb %[BSWAP_MASK], %%xmm4, %%xmm4\n\t" \ - "vpxor %%xmm4, %%xmm13, %%xmm13\n\t" \ - GHASH_FULL_AVX1(%%xmm13, %%xmm12, %%xmm13, HR) \ - "addl $16, %%ecx\n\t" \ - "cmpl %%edx, %%ecx\n\t" \ - "jl 43b\n\t" \ - "movl %[ibytes], %%edx\n\t" \ - "cmpl %%edx, %%ecx\n\t" \ - "je 45f\n\t" \ - "\n" \ - "44:\n\t" \ - "subq $16, %%rsp\n\t" \ - "vpxor %%xmm4, %%xmm4, %%xmm4\n\t" \ - "xorl %%ebx, %%ebx\n\t" \ - "vmovdqu %%xmm4, (%%rsp)\n\t" \ - "42:\n\t" \ - "movzbl (%%rax,%%rcx,1), %%r13d\n\t" \ - "movb %%r13b, (%%rsp,%%rbx,1)\n\t" \ - "incl %%ecx\n\t" \ - "incl %%ebx\n\t" \ - "cmpl %%edx, %%ecx\n\t" \ - "jl 42b\n\t" \ - "vmovdqu (%%rsp), %%xmm4\n\t" \ - "addq $16, %%rsp\n\t" \ - "vpshufb %[BSWAP_MASK], %%xmm4, %%xmm4\n\t" \ - "vpxor %%xmm4, %%xmm13, %%xmm13\n\t" \ - GHASH_FULL_AVX1(%%xmm13, %%xmm12, %%xmm13, HR) \ - "\n" \ - "45:\n\t" \ - "# T = Encrypt counter\n\t" \ - "vpxor %%xmm0, %%xmm0, %%xmm0\n\t" \ - "shll $3, %%edx\n\t" \ - "vpinsrq $0, %%rdx, %%xmm0, %%xmm0\n\t" \ - "vpxor %%xmm0, %%xmm13, %%xmm13\n\t" \ - GHASH_FULL_AVX1(%%xmm13, %%xmm12, %%xmm13, HR) \ - "vpshufb %[BSWAP_MASK], %%xmm13, %%xmm13\n\t" \ - "# Encrypt counter\n\t" \ - "vmovdqa 0(%[KEY]), %%xmm4\n\t" \ - "vpxor %%xmm13, %%xmm4, %%xmm4\n\t" \ - VAESENC_AVX(%%xmm4) \ - "vmovdqu %%xmm4, "VAR(TR)"\n\t" +#define CALC_IV_AVX1() \ + "# Calculate values when IV is not 12 bytes\n\t" \ + "# H = Encrypt X(=0)\n\t" \ + "vmovdqa 0(%[KEY]), " VAR(HR) "\n\t" \ + VAESENC_AVX(HR) \ + "vpshufb %[BSWAP_MASK], " VAR(HR) ", " VAR(HR) "\n\t" \ + "# Calc counter\n\t" \ + "# Initialization vector\n\t" \ + "cmpl $0, %%edx\n\t" \ + "movq $0, %%rcx\n\t" \ + "je 45f\n\t" \ + "cmpl $16, %%edx\n\t" \ + "jl 44f\n\t" \ + "andl $0xfffffff0, %%edx\n\t" \ + "\n" \ + "43:\n\t" \ + "vmovdqu (%%rax,%%rcx,1), %%xmm4\n\t" \ + "vpshufb %[BSWAP_MASK], %%xmm4, %%xmm4\n\t" \ + "vpxor %%xmm4, %%xmm13, %%xmm13\n\t" \ + GHASH_FULL_AVX1(%%xmm13, %%xmm12, %%xmm13, HR) \ + "addl $16, %%ecx\n\t" \ + "cmpl %%edx, %%ecx\n\t" \ + "jl 43b\n\t" \ + "movl %[ibytes], %%edx\n\t" \ + "cmpl %%edx, %%ecx\n\t" \ + "je 45f\n\t" \ + "\n" \ + "44:\n\t" \ + "subq $16, %%rsp\n\t" \ + "vpxor %%xmm4, %%xmm4, %%xmm4\n\t" \ + "xorl %%ebx, %%ebx\n\t" \ + "vmovdqu %%xmm4, (%%rsp)\n\t" \ + "42:\n\t" \ + "movzbl (%%rax,%%rcx,1), %%r13d\n\t" \ + "movb %%r13b, (%%rsp,%%rbx,1)\n\t" \ + "incl %%ecx\n\t" \ + "incl %%ebx\n\t" \ + "cmpl %%edx, %%ecx\n\t" \ + "jl 42b\n\t" \ + "vmovdqu (%%rsp), %%xmm4\n\t" \ + "addq $16, %%rsp\n\t" \ + "vpshufb %[BSWAP_MASK], %%xmm4, %%xmm4\n\t" \ + "vpxor %%xmm4, %%xmm13, %%xmm13\n\t" \ + GHASH_FULL_AVX1(%%xmm13, %%xmm12, %%xmm13, HR) \ + "\n" \ + "45:\n\t" \ + "# T = Encrypt counter\n\t" \ + "vpxor %%xmm0, %%xmm0, %%xmm0\n\t" \ + "shll $3, %%edx\n\t" \ + "vpinsrq $0, %%rdx, %%xmm0, %%xmm0\n\t" \ + "vpxor %%xmm0, %%xmm13, %%xmm13\n\t" \ + GHASH_FULL_AVX1(%%xmm13, %%xmm12, %%xmm13, HR) \ + "vpshufb %[BSWAP_MASK], %%xmm13, %%xmm13\n\t" \ + "# Encrypt counter\n\t" \ + "vmovdqa 0(%[KEY]), %%xmm4\n\t" \ + "vpxor %%xmm13, %%xmm4, %%xmm4\n\t" \ + VAESENC_AVX(%%xmm4) \ + "vmovdqu %%xmm4, " VAR(TR) "\n\t" -#define CALC_AAD_AVX1() \ - "# Additional authentication data\n\t" \ - "movl %[abytes], %%edx\n\t" \ - "cmpl $0, %%edx\n\t" \ - "je 25f\n\t" \ - "movq %[addt], %%rax\n\t" \ - "xorl %%ecx, %%ecx\n\t" \ - "cmpl $16, %%edx\n\t" \ - "jl 24f\n\t" \ - "andl $0xfffffff0, %%edx\n\t" \ - "\n" \ - "23:\n\t" \ - "vmovdqu (%%rax,%%rcx,1), %%xmm4\n\t" \ - "vpshufb %[BSWAP_MASK], %%xmm4, %%xmm4\n\t" \ - "vpxor %%xmm4, "VAR(XR)", "VAR(XR)"\n\t" \ - GHASH_FULL_AVX1(XR, %%xmm12, XR, HR) \ - "addl $16, %%ecx\n\t" \ - "cmpl %%edx, %%ecx\n\t" \ - "jl 23b\n\t" \ - "movl %[abytes], %%edx\n\t" \ - "cmpl %%edx, %%ecx\n\t" \ - "je 25f\n\t" \ - "\n" \ - "24:\n\t" \ - "subq $16, %%rsp\n\t" \ - "vpxor %%xmm4, %%xmm4, %%xmm4\n\t" \ - "xorl %%ebx, %%ebx\n\t" \ - "vmovdqu %%xmm4, (%%rsp)\n\t" \ - "22:\n\t" \ - "movzbl (%%rax,%%rcx,1), %%r13d\n\t" \ - "movb %%r13b, (%%rsp,%%rbx,1)\n\t" \ - "incl %%ecx\n\t" \ - "incl %%ebx\n\t" \ - "cmpl %%edx, %%ecx\n\t" \ - "jl 22b\n\t" \ - "vmovdqu (%%rsp), %%xmm4\n\t" \ - "addq $16, %%rsp\n\t" \ - "vpshufb %[BSWAP_MASK], %%xmm4, %%xmm4\n\t" \ - "vpxor %%xmm4, "VAR(XR)", "VAR(XR)"\n\t" \ - GHASH_FULL_AVX1(XR, %%xmm12, XR, HR) \ - "\n" \ +#define CALC_AAD_AVX1() \ + "# Additional authentication data\n\t" \ + "movl %[abytes], %%edx\n\t" \ + "cmpl $0, %%edx\n\t" \ + "je 25f\n\t" \ + "movq %[addt], %%rax\n\t" \ + "xorl %%ecx, %%ecx\n\t" \ + "cmpl $16, %%edx\n\t" \ + "jl 24f\n\t" \ + "andl $0xfffffff0, %%edx\n\t" \ + "\n" \ + "23:\n\t" \ + "vmovdqu (%%rax,%%rcx,1), %%xmm4\n\t" \ + "vpshufb %[BSWAP_MASK], %%xmm4, %%xmm4\n\t" \ + "vpxor %%xmm4, " VAR(XR) ", " VAR(XR) "\n\t" \ + GHASH_FULL_AVX1(XR, %%xmm12, XR, HR) \ + "addl $16, %%ecx\n\t" \ + "cmpl %%edx, %%ecx\n\t" \ + "jl 23b\n\t" \ + "movl %[abytes], %%edx\n\t" \ + "cmpl %%edx, %%ecx\n\t" \ + "je 25f\n\t" \ + "\n" \ + "24:\n\t" \ + "subq $16, %%rsp\n\t" \ + "vpxor %%xmm4, %%xmm4, %%xmm4\n\t" \ + "xorl %%ebx, %%ebx\n\t" \ + "vmovdqu %%xmm4, (%%rsp)\n\t" \ + "22:\n\t" \ + "movzbl (%%rax,%%rcx,1), %%r13d\n\t" \ + "movb %%r13b, (%%rsp,%%rbx,1)\n\t" \ + "incl %%ecx\n\t" \ + "incl %%ebx\n\t" \ + "cmpl %%edx, %%ecx\n\t" \ + "jl 22b\n\t" \ + "vmovdqu (%%rsp), %%xmm4\n\t" \ + "addq $16, %%rsp\n\t" \ + "vpshufb %[BSWAP_MASK], %%xmm4, %%xmm4\n\t" \ + "vpxor %%xmm4, " VAR(XR) ", " VAR(XR) "\n\t" \ + GHASH_FULL_AVX1(XR, %%xmm12, XR, HR) \ + "\n" \ "25:\n\t" #define CALC_HT_8_AVX1() \ - "vmovdqa "VAR(XR)", %%xmm2\n\t" \ + "vmovdqa " VAR(XR) ", %%xmm2\n\t" \ "# H ^ 1\n\t" \ - "vmovdqu "VAR(HR)", 0("VAR(HTR)")\n\t" \ + "vmovdqu " VAR(HR) ", 0(" VAR(HTR) ")\n\t" \ "# H ^ 2\n\t" \ GHASH_GFSQR_RED_AVX1(%%xmm0, HR) \ - "vmovdqu %%xmm0 , 16("VAR(HTR)")\n\t" \ + "vmovdqu %%xmm0 , 16(" VAR(HTR) ")\n\t" \ "# H ^ 3\n\t" \ GHASH_GFMUL_RED_AVX1(%%xmm1, HR, %%xmm0) \ - "vmovdqu %%xmm1 , 32("VAR(HTR)")\n\t" \ + "vmovdqu %%xmm1 , 32(" VAR(HTR) ")\n\t" \ "# H ^ 4\n\t" \ GHASH_GFSQR_RED_AVX1(%%xmm3, %%xmm0) \ - "vmovdqu %%xmm3 , 48("VAR(HTR)")\n\t" \ + "vmovdqu %%xmm3 , 48(" VAR(HTR) ")\n\t" \ "# H ^ 5\n\t" \ GHASH_GFMUL_RED_AVX1(%%xmm12, %%xmm0, %%xmm1) \ - "vmovdqu %%xmm12, 64("VAR(HTR)")\n\t" \ + "vmovdqu %%xmm12, 64(" VAR(HTR) ")\n\t" \ "# H ^ 6\n\t" \ GHASH_GFSQR_RED_AVX1(%%xmm12, %%xmm1) \ - "vmovdqu %%xmm12, 80("VAR(HTR)")\n\t" \ + "vmovdqu %%xmm12, 80(" VAR(HTR) ")\n\t" \ "# H ^ 7\n\t" \ GHASH_GFMUL_RED_AVX1(%%xmm12, %%xmm1, %%xmm3) \ - "vmovdqu %%xmm12, 96("VAR(HTR)")\n\t" \ + "vmovdqu %%xmm12, 96(" VAR(HTR) ")\n\t" \ "# H ^ 8\n\t" \ GHASH_GFSQR_RED_AVX1(%%xmm12, %%xmm3) \ - "vmovdqu %%xmm12, 112("VAR(HTR)")\n\t" + "vmovdqu %%xmm12, 112(" VAR(HTR) ")\n\t" -#define VAESENC_128_GHASH_AVX1(src, o) \ - "leaq (%[in],"VAR(KR64)",1), %%rcx\n\t" \ - "leaq (%[out],"VAR(KR64)",1), %%rdx\n\t" \ +#define VAESENC_128_GHASH_AVX1(src, o) \ + "leaq (%[in]," VAR(KR64) ",1), %%rcx\n\t" \ + "leaq (%[out]," VAR(KR64) ",1), %%rdx\n\t" \ /* src is either %%rcx or %%rdx */ \ VAESENC_CTR() \ VAESENC_XOR() \ @@ -5311,112 +5311,112 @@ static void AES_GCM_encrypt(const unsigned char *in, unsigned char *out, "4:\n\t" \ VAESENC_LAST(%%rcx, %%rdx) -#define _VAESENC_AVX(r) \ - "vaesenc 16(%[KEY]), "#r", "#r"\n\t" \ - "vaesenc 32(%[KEY]), "#r", "#r"\n\t" \ - "vaesenc 48(%[KEY]), "#r", "#r"\n\t" \ - "vaesenc 64(%[KEY]), "#r", "#r"\n\t" \ - "vaesenc 80(%[KEY]), "#r", "#r"\n\t" \ - "vaesenc 96(%[KEY]), "#r", "#r"\n\t" \ - "vaesenc 112(%[KEY]), "#r", "#r"\n\t" \ - "vaesenc 128(%[KEY]), "#r", "#r"\n\t" \ - "vaesenc 144(%[KEY]), "#r", "#r"\n\t" \ - "cmpl $11, %[nr]\n\t" \ - "vmovdqa 160(%[KEY]), %%xmm5\n\t" \ - "jl %=f\n\t" \ - "vaesenc %%xmm5, "#r", "#r"\n\t" \ - "vaesenc 176(%[KEY]), "#r", "#r"\n\t" \ - "cmpl $13, %[nr]\n\t" \ - "vmovdqa 192(%[KEY]), %%xmm5\n\t" \ - "jl %=f\n\t" \ - "vaesenc %%xmm5, "#r", "#r"\n\t" \ - "vaesenc 208(%[KEY]), "#r", "#r"\n\t" \ - "vmovdqa 224(%[KEY]), %%xmm5\n\t" \ - "%=:\n\t" \ - "vaesenclast %%xmm5, "#r", "#r"\n\t" -#define VAESENC_AVX(r) \ +#define _VAESENC_AVX(r) \ + "vaesenc 16(%[KEY]), " #r ", " #r "\n\t" \ + "vaesenc 32(%[KEY]), " #r ", " #r "\n\t" \ + "vaesenc 48(%[KEY]), " #r ", " #r "\n\t" \ + "vaesenc 64(%[KEY]), " #r ", " #r "\n\t" \ + "vaesenc 80(%[KEY]), " #r ", " #r "\n\t" \ + "vaesenc 96(%[KEY]), " #r ", " #r "\n\t" \ + "vaesenc 112(%[KEY]), " #r ", " #r "\n\t" \ + "vaesenc 128(%[KEY]), " #r ", " #r "\n\t" \ + "vaesenc 144(%[KEY]), " #r ", " #r "\n\t" \ + "cmpl $11, %[nr]\n\t" \ + "vmovdqa 160(%[KEY]), %%xmm5\n\t" \ + "jl %=f\n\t" \ + "vaesenc %%xmm5, " #r ", " #r "\n\t" \ + "vaesenc 176(%[KEY]), " #r ", " #r "\n\t" \ + "cmpl $13, %[nr]\n\t" \ + "vmovdqa 192(%[KEY]), %%xmm5\n\t" \ + "jl %=f\n\t" \ + "vaesenc %%xmm5, " #r ", " #r "\n\t" \ + "vaesenc 208(%[KEY]), " #r ", " #r "\n\t" \ + "vmovdqa 224(%[KEY]), %%xmm5\n\t" \ + "%=:\n\t" \ + "vaesenclast %%xmm5, " #r ", " #r "\n\t" +#define VAESENC_AVX(r) \ _VAESENC_AVX(r) -#define AESENC_LAST15_ENC_AVX1() \ - "movl %[nbytes], %%ecx\n\t" \ - "movl %%ecx, %%edx\n\t" \ - "andl $0x0f, %%ecx\n\t" \ - "jz 55f\n\t" \ - "vmovdqu "VAR(CTR1)", %%xmm13\n\t" \ - "vpshufb %[BSWAP_EPI64], %%xmm13, %%xmm13\n\t" \ - "vpxor 0(%[KEY]), %%xmm13, %%xmm13\n\t" \ - VAESENC_AVX(%%xmm13) \ - "subq $16, %%rsp\n\t" \ - "xorl %%ecx, %%ecx\n\t" \ - "vmovdqu %%xmm13, (%%rsp)\n\t" \ - "\n" \ - "51:\n\t" \ - "movzbl (%[in],"VAR(KR64)",1), %%r13d\n\t" \ - "xorb (%%rsp,%%rcx,1), %%r13b\n\t" \ - "movb %%r13b, (%[out],"VAR(KR64)",1)\n\t" \ - "movb %%r13b, (%%rsp,%%rcx,1)\n\t" \ - "incl "VAR(KR)"\n\t" \ - "incl %%ecx\n\t" \ - "cmpl %%edx, "VAR(KR)"\n\t" \ - "jl 51b\n\t" \ - "xorq %%r13, %%r13\n\t" \ - "cmpl $16, %%ecx\n\t" \ - "je 53f\n\t" \ - "\n" \ - "52:\n\t" \ - "movb %%r13b, (%%rsp,%%rcx,1)\n\t" \ - "incl %%ecx\n\t" \ - "cmpl $16, %%ecx\n\t" \ - "jl 52b\n\t" \ - "53:\n\t" \ - "vmovdqu (%%rsp), %%xmm13\n\t" \ - "addq $16, %%rsp\n\t" \ - "vpshufb %[BSWAP_MASK], %%xmm13, %%xmm13\n\t" \ - "vpxor %%xmm13, "VAR(XR)", "VAR(XR)"\n\t" \ - GHASH_GFMUL_RED_AVX1(XR, HR, XR) \ +#define AESENC_LAST15_ENC_AVX1() \ + "movl %[nbytes], %%ecx\n\t" \ + "movl %%ecx, %%edx\n\t" \ + "andl $0x0f, %%ecx\n\t" \ + "jz 55f\n\t" \ + "vmovdqu " VAR(CTR1) ", %%xmm13\n\t" \ + "vpshufb %[BSWAP_EPI64], %%xmm13, %%xmm13\n\t" \ + "vpxor 0(%[KEY]), %%xmm13, %%xmm13\n\t" \ + VAESENC_AVX(%%xmm13) \ + "subq $16, %%rsp\n\t" \ + "xorl %%ecx, %%ecx\n\t" \ + "vmovdqu %%xmm13, (%%rsp)\n\t" \ + "\n" \ + "51:\n\t" \ + "movzbl (%[in]," VAR(KR64) ",1), %%r13d\n\t" \ + "xorb (%%rsp,%%rcx,1), %%r13b\n\t" \ + "movb %%r13b, (%[out]," VAR(KR64) ",1)\n\t" \ + "movb %%r13b, (%%rsp,%%rcx,1)\n\t" \ + "incl " VAR(KR) "\n\t" \ + "incl %%ecx\n\t" \ + "cmpl %%edx, " VAR(KR) "\n\t" \ + "jl 51b\n\t" \ + "xorq %%r13, %%r13\n\t" \ + "cmpl $16, %%ecx\n\t" \ + "je 53f\n\t" \ + "\n" \ + "52:\n\t" \ + "movb %%r13b, (%%rsp,%%rcx,1)\n\t" \ + "incl %%ecx\n\t" \ + "cmpl $16, %%ecx\n\t" \ + "jl 52b\n\t" \ + "53:\n\t" \ + "vmovdqu (%%rsp), %%xmm13\n\t" \ + "addq $16, %%rsp\n\t" \ + "vpshufb %[BSWAP_MASK], %%xmm13, %%xmm13\n\t" \ + "vpxor %%xmm13, " VAR(XR) ", " VAR(XR) "\n\t" \ + GHASH_GFMUL_RED_AVX1(XR, HR, XR) \ -#define AESENC_LAST15_DEC_AVX1() \ - "movl %[nbytes], %%ecx\n\t" \ - "movl %%ecx, %%edx\n\t" \ - "andl $0x0f, %%ecx\n\t" \ - "jz 55f\n\t" \ - "vmovdqu "VAR(CTR1)", %%xmm13\n\t" \ - "vpshufb %[BSWAP_EPI64], %%xmm13, %%xmm13\n\t" \ - "vpxor 0(%[KEY]), %%xmm13, %%xmm13\n\t" \ - VAESENC_AVX(%%xmm13) \ - "subq $32, %%rsp\n\t" \ - "xorl %%ecx, %%ecx\n\t" \ - "vmovdqu %%xmm13, (%%rsp)\n\t" \ - "vpxor %%xmm0, %%xmm0, %%xmm0\n\t" \ - "vmovdqu %%xmm0, 16(%%rsp)\n\t" \ - "\n" \ - "51:\n\t" \ - "movzbl (%[in],"VAR(KR64)",1), %%r13d\n\t" \ - "movb %%r13b, 16(%%rsp,%%rcx,1)\n\t" \ - "xorb (%%rsp,%%rcx,1), %%r13b\n\t" \ - "movb %%r13b, (%[out],"VAR(KR64)",1)\n\t" \ - "incl "VAR(KR)"\n\t" \ - "incl %%ecx\n\t" \ - "cmpl %%edx, "VAR(KR)"\n\t" \ - "jl 51b\n\t" \ - "53:\n\t" \ - "vmovdqu 16(%%rsp), %%xmm13\n\t" \ - "addq $32, %%rsp\n\t" \ - "vpshufb %[BSWAP_MASK], %%xmm13, %%xmm13\n\t" \ - "vpxor %%xmm13, "VAR(XR)", "VAR(XR)"\n\t" \ - GHASH_GFMUL_RED_AVX1(XR, HR, XR) \ +#define AESENC_LAST15_DEC_AVX1() \ + "movl %[nbytes], %%ecx\n\t" \ + "movl %%ecx, %%edx\n\t" \ + "andl $0x0f, %%ecx\n\t" \ + "jz 55f\n\t" \ + "vmovdqu " VAR(CTR1) ", %%xmm13\n\t" \ + "vpshufb %[BSWAP_EPI64], %%xmm13, %%xmm13\n\t" \ + "vpxor 0(%[KEY]), %%xmm13, %%xmm13\n\t" \ + VAESENC_AVX(%%xmm13) \ + "subq $32, %%rsp\n\t" \ + "xorl %%ecx, %%ecx\n\t" \ + "vmovdqu %%xmm13, (%%rsp)\n\t" \ + "vpxor %%xmm0, %%xmm0, %%xmm0\n\t" \ + "vmovdqu %%xmm0, 16(%%rsp)\n\t" \ + "\n" \ + "51:\n\t" \ + "movzbl (%[in]," VAR(KR64) ",1), %%r13d\n\t" \ + "movb %%r13b, 16(%%rsp,%%rcx,1)\n\t" \ + "xorb (%%rsp,%%rcx,1), %%r13b\n\t" \ + "movb %%r13b, (%[out]," VAR(KR64) ",1)\n\t" \ + "incl " VAR(KR) "\n\t" \ + "incl %%ecx\n\t" \ + "cmpl %%edx, " VAR(KR) "\n\t" \ + "jl 51b\n\t" \ + "53:\n\t" \ + "vmovdqu 16(%%rsp), %%xmm13\n\t" \ + "addq $32, %%rsp\n\t" \ + "vpshufb %[BSWAP_MASK], %%xmm13, %%xmm13\n\t" \ + "vpxor %%xmm13, " VAR(XR) ", " VAR(XR) "\n\t" \ + GHASH_GFMUL_RED_AVX1(XR, HR, XR) \ -#define CALC_TAG_AVX1() \ - "movl %[nbytes], %%edx\n\t" \ - "movl %[abytes], %%ecx\n\t" \ - "shlq $3, %%rdx\n\t" \ - "shlq $3, %%rcx\n\t" \ - "vpinsrq $0, %%rdx, %%xmm0, %%xmm0\n\t" \ - "vpinsrq $1, %%rcx, %%xmm0, %%xmm0\n\t" \ - "vpxor %%xmm0, "VAR(XR)", "VAR(XR)"\n\t" \ - GHASH_GFMUL_RED_AVX1(XR, HR, XR) \ - "vpshufb %[BSWAP_MASK], "VAR(XR)", "VAR(XR)"\n\t" \ - "vpxor "VAR(TR)", "VAR(XR)", %%xmm0\n\t" \ +#define CALC_TAG_AVX1() \ + "movl %[nbytes], %%edx\n\t" \ + "movl %[abytes], %%ecx\n\t" \ + "shlq $3, %%rdx\n\t" \ + "shlq $3, %%rcx\n\t" \ + "vpinsrq $0, %%rdx, %%xmm0, %%xmm0\n\t" \ + "vpinsrq $1, %%rcx, %%xmm0, %%xmm0\n\t" \ + "vpxor %%xmm0, " VAR(XR) ", " VAR(XR) "\n\t" \ + GHASH_GFMUL_RED_AVX1(XR, HR, XR) \ + "vpshufb %[BSWAP_MASK], " VAR(XR) ", " VAR(XR) "\n\t" \ + "vpxor " VAR(TR) ", " VAR(XR) ", %%xmm0\n\t" \ #define STORE_TAG_AVX() \ "cmpl $16, %[tbytes]\n\t" \ @@ -5479,10 +5479,10 @@ static void AES_GCM_encrypt_avx1(const unsigned char *in, unsigned char *out, register unsigned int ivLen asm("ebx") = ibytes; __asm__ __volatile__ ( - "subq $"VAR(STACK_OFFSET)", %%rsp\n\t" + "subq $" VAR(STACK_OFFSET) ", %%rsp\n\t" /* Counter is xmm13 */ "vpxor %%xmm13, %%xmm13, %%xmm13\n\t" - "vpxor "VAR(XR)", "VAR(XR)", "VAR(XR)"\n\t" + "vpxor " VAR(XR) ", " VAR(XR) ", " VAR(XR) "\n\t" "movl %[ibytes], %%edx\n\t" "cmpl $12, %%edx\n\t" "jne 35f\n\t" @@ -5496,19 +5496,19 @@ static void AES_GCM_encrypt_avx1(const unsigned char *in, unsigned char *out, CALC_AAD_AVX1() "# Calculate counter and H\n\t" - "vpsrlq $63, "VAR(HR)", %%xmm5\n\t" - "vpsllq $1, "VAR(HR)", %%xmm4\n\t" + "vpsrlq $63, " VAR(HR) ", %%xmm5\n\t" + "vpsllq $1, " VAR(HR) ", %%xmm4\n\t" "vpslldq $8, %%xmm5, %%xmm5\n\t" "vpor %%xmm5, %%xmm4, %%xmm4\n\t" - "vpshufd $0xff, "VAR(HR)", "VAR(HR)"\n\t" - "vpsrad $31, "VAR(HR)", "VAR(HR)"\n\t" + "vpshufd $0xff, " VAR(HR) ", " VAR(HR) "\n\t" + "vpsrad $31, " VAR(HR) ", " VAR(HR) "\n\t" "vpshufb %[BSWAP_EPI64], %%xmm13, %%xmm13\n\t" - "vpand %[MOD2_128], "VAR(HR)", "VAR(HR)"\n\t" + "vpand %[MOD2_128], " VAR(HR) ", " VAR(HR) "\n\t" "vpaddd %[ONE], %%xmm13, %%xmm13\n\t" - "vpxor %%xmm4, "VAR(HR)", "VAR(HR)"\n\t" - "vmovdqu %%xmm13, "VAR(CTR1)"\n\t" + "vpxor %%xmm4, " VAR(HR) ", " VAR(HR) "\n\t" + "vmovdqu %%xmm13, " VAR(CTR1) "\n\t" - "xorl "VAR(KR)", "VAR(KR)"\n\t" + "xorl " VAR(KR) ", " VAR(KR) "\n\t" #if !defined(AES_GCM_AESNI_NO_UNROLL) && !defined(AES_GCM_AVX1_NO_UNROLL) "cmpl $128, %[nbytes]\n\t" @@ -5522,15 +5522,15 @@ static void AES_GCM_encrypt_avx1(const unsigned char *in, unsigned char *out, VAESENC_128() "cmpl $128, %%r13d\n\t" - "movl $128, "VAR(KR)"\n\t" + "movl $128, " VAR(KR) "\n\t" "jle 2f\n\t" "# More 128 bytes of input\n\t" "\n" "3:\n\t" VAESENC_128_GHASH_AVX1(%%rdx, 0) - "addl $128, "VAR(KR)"\n\t" - "cmpl %%r13d, "VAR(KR)"\n\t" + "addl $128, " VAR(KR) "\n\t" + "cmpl %%r13d, " VAR(KR) "\n\t" "jl 3b\n\t" "\n" "2:\n\t" @@ -5545,48 +5545,48 @@ static void AES_GCM_encrypt_avx1(const unsigned char *in, unsigned char *out, "vpshufb %%xmm13, %%xmm10, %%xmm10\n\t" "vpshufb %%xmm13, %%xmm11, %%xmm11\n\t" - "vmovdqu ("VAR(HTR)"), %%xmm12\n\t" - "vmovdqu 16("VAR(HTR)"), %%xmm14\n\t" + "vmovdqu (" VAR(HTR) "), %%xmm12\n\t" + "vmovdqu 16(" VAR(HTR) "), %%xmm14\n\t" GHASH_GFMUL_AVX1(XR, %%xmm13, %%xmm11, %%xmm12) GHASH_GFMUL_XOR_AVX1(XR, %%xmm13, %%xmm10, %%xmm14) - "vmovdqu 32("VAR(HTR)"), %%xmm12\n\t" - "vmovdqu 48("VAR(HTR)"), %%xmm14\n\t" + "vmovdqu 32(" VAR(HTR) "), %%xmm12\n\t" + "vmovdqu 48(" VAR(HTR) "), %%xmm14\n\t" GHASH_GFMUL_XOR_AVX1(XR, %%xmm13, %%xmm9, %%xmm12) GHASH_GFMUL_XOR_AVX1(XR, %%xmm13, %%xmm8, %%xmm14) - "vmovdqu 64("VAR(HTR)"), %%xmm12\n\t" - "vmovdqu 80("VAR(HTR)"), %%xmm14\n\t" + "vmovdqu 64(" VAR(HTR) "), %%xmm12\n\t" + "vmovdqu 80(" VAR(HTR) "), %%xmm14\n\t" GHASH_GFMUL_XOR_AVX1(XR, %%xmm13, %%xmm7, %%xmm12) GHASH_GFMUL_XOR_AVX1(XR, %%xmm13, %%xmm6, %%xmm14) - "vmovdqu 96("VAR(HTR)"), %%xmm12\n\t" - "vmovdqu 112("VAR(HTR)"), %%xmm14\n\t" + "vmovdqu 96(" VAR(HTR) "), %%xmm12\n\t" + "vmovdqu 112(" VAR(HTR) "), %%xmm14\n\t" GHASH_GFMUL_XOR_AVX1(XR, %%xmm13, %%xmm5, %%xmm12) GHASH_GFMUL_RED_XOR_AVX1(XR, %%xmm13, %%xmm4, %%xmm14) - "vmovdqu 0("VAR(HTR)"), "VAR(HR)"\n\t" + "vmovdqu 0(" VAR(HTR) "), " VAR(HR) "\n\t" "\n" "5:\n\t" "movl %[nbytes], %%edx\n\t" - "cmpl %%edx, "VAR(KR)"\n\t" + "cmpl %%edx, " VAR(KR) "\n\t" "jge 55f\n\t" #endif "movl %[nbytes], %%r13d\n\t" "andl $0xfffffff0, %%r13d\n\t" - "cmpl %%r13d, "VAR(KR)"\n\t" + "cmpl %%r13d, " VAR(KR) "\n\t" "jge 14f\n\t" VAESENC_BLOCK() - "addl $16, "VAR(KR)"\n\t" - "cmpl %%r13d, "VAR(KR)"\n\t" + "addl $16, " VAR(KR) "\n\t" + "cmpl %%r13d, " VAR(KR) "\n\t" "jge 13f\n\t" "\n" "12:\n\t" - "vmovdqu (%[in],"VAR(KR64)",1), %%xmm9\n\t" + "vmovdqu (%[in]," VAR(KR64) ",1), %%xmm9\n\t" VAESENC_GFMUL(%%xmm9, HR, XR) "vpshufb %[BSWAP_MASK], %%xmm4, %%xmm4\n\t" - "addl $16, "VAR(KR)"\n\t" - "vpxor %%xmm4, "VAR(XR)", "VAR(XR)"\n\t" - "cmpl %%r13d, "VAR(KR)"\n\t" + "addl $16, " VAR(KR) "\n\t" + "vpxor %%xmm4, " VAR(XR) ", " VAR(XR) "\n\t" + "cmpl %%r13d, " VAR(KR) "\n\t" "jl 12b\n\t" "\n" "13:\n\t" @@ -5600,7 +5600,7 @@ static void AES_GCM_encrypt_avx1(const unsigned char *in, unsigned char *out, CALC_TAG_AVX1() STORE_TAG_AVX() - "addq $"VAR(STACK_OFFSET)", %%rsp\n\t" + "addq $" VAR(STACK_OFFSET) ", %%rsp\n\t" "vzeroupper\n\t" : @@ -5628,10 +5628,10 @@ static void AES_GCM_encrypt_avx1(const unsigned char *in, unsigned char *out, #ifdef HAVE_INTEL_AVX2 /* Encrypt and carry-less multiply for AVX2. */ #define VAESENC_PCLMUL_AVX2_1(src, o1, o2, o3) \ - "vmovdqu "#o2"("#src"), %%xmm12\n\t" \ - "vmovdqa "#o1"(%[KEY]), %%xmm0\n\t" \ + "vmovdqu " #o2 "(" #src "), %%xmm12\n\t" \ + "vmovdqa " #o1 "(%[KEY]), %%xmm0\n\t" \ "vpshufb %[BSWAP_MASK], %%xmm12, %%xmm12\n\t" \ - "vmovdqu "#o3"("VAR(HTR)"), %%xmm13\n\t" \ + "vmovdqu " #o3 "(" VAR(HTR) "), %%xmm13\n\t" \ "vpxor %%xmm2, %%xmm12, %%xmm12\n\t" \ "vpclmulqdq $0x10, %%xmm13, %%xmm12, %%xmm1\n\t" \ "vpclmulqdq $0x01, %%xmm13, %%xmm12, %%xmm14\n\t" \ @@ -5647,15 +5647,15 @@ static void AES_GCM_encrypt_avx1(const unsigned char *in, unsigned char *out, "vaesenc %%xmm0, %%xmm11, %%xmm11\n\t" \ #define VAESENC_PCLMUL_AVX2_2(src, o1, o2, o3) \ - "vmovdqu "#o2"("#src"), %%xmm12\n\t" \ - "vmovdqu "#o3"("VAR(HTR)"), %%xmm0\n\t" \ + "vmovdqu " #o2 "(" #src "), %%xmm12\n\t" \ + "vmovdqu " #o3 "(" VAR(HTR) "), %%xmm0\n\t" \ "vpshufb %[BSWAP_MASK], %%xmm12, %%xmm12\n\t" \ "vpxor %%xmm14, %%xmm1, %%xmm1\n\t" \ "vpclmulqdq $0x10, %%xmm0, %%xmm12, %%xmm13\n\t" \ "vpclmulqdq $0x01, %%xmm0, %%xmm12, %%xmm14\n\t" \ "vpclmulqdq $0x00, %%xmm0, %%xmm12, %%xmm15\n\t" \ "vpclmulqdq $0x11, %%xmm0, %%xmm12, %%xmm12\n\t" \ - "vmovdqa "#o1"(%[KEY]), %%xmm0\n\t" \ + "vmovdqa " #o1 "(%[KEY]), %%xmm0\n\t" \ "vpxor %%xmm13, %%xmm1, %%xmm1\n\t" \ "vpxor %%xmm12, %%xmm3, %%xmm3\n\t" \ "vaesenc %%xmm0, %%xmm4, %%xmm4\n\t" \ @@ -5668,8 +5668,8 @@ static void AES_GCM_encrypt_avx1(const unsigned char *in, unsigned char *out, "vaesenc %%xmm0, %%xmm11, %%xmm11\n\t" \ #define VAESENC_PCLMUL_AVX2_N(src, o1, o2, o3) \ - "vmovdqu "#o2"("#src"), %%xmm12\n\t" \ - "vmovdqu "#o3"("VAR(HTR)"), %%xmm0\n\t" \ + "vmovdqu " #o2 "(" #src "), %%xmm12\n\t" \ + "vmovdqu " #o3 "(" VAR(HTR) "), %%xmm0\n\t" \ "vpshufb %[BSWAP_MASK], %%xmm12, %%xmm12\n\t" \ "vpxor %%xmm14, %%xmm1, %%xmm1\n\t" \ "vpxor %%xmm15, %%xmm2, %%xmm2\n\t" \ @@ -5677,7 +5677,7 @@ static void AES_GCM_encrypt_avx1(const unsigned char *in, unsigned char *out, "vpclmulqdq $0x01, %%xmm0, %%xmm12, %%xmm14\n\t" \ "vpclmulqdq $0x00, %%xmm0, %%xmm12, %%xmm15\n\t" \ "vpclmulqdq $0x11, %%xmm0, %%xmm12, %%xmm12\n\t" \ - "vmovdqa "#o1"(%[KEY]), %%xmm0\n\t" \ + "vmovdqa " #o1 "(%[KEY]), %%xmm0\n\t" \ "vpxor %%xmm13, %%xmm1, %%xmm1\n\t" \ "vpxor %%xmm12, %%xmm3, %%xmm3\n\t" \ "vaesenc %%xmm0, %%xmm4, %%xmm4\n\t" \ @@ -5714,39 +5714,39 @@ static void AES_GCM_encrypt_avx1(const unsigned char *in, unsigned char *out, "vpxor %%xmm3, %%xmm2, %%xmm2\n\t" \ "vaesenc %%xmm15, %%xmm11, %%xmm11\n\t" -#define VAESENC_BLOCK_AVX2() \ - "vmovdqu "VAR(CTR1)", %%xmm5\n\t" \ - "vpshufb %[BSWAP_EPI64], %%xmm5, %%xmm4\n\t" \ - "vpaddd %[ONE], %%xmm5, %%xmm5\n\t" \ - "vmovdqu %%xmm5, "VAR(CTR1)"\n\t" \ - "vpxor (%[KEY]), %%xmm4, %%xmm4\n\t" \ - "vaesenc 16(%[KEY]), %%xmm4, %%xmm4\n\t" \ - "vaesenc 32(%[KEY]), %%xmm4, %%xmm4\n\t" \ - "vaesenc 48(%[KEY]), %%xmm4, %%xmm4\n\t" \ - "vaesenc 64(%[KEY]), %%xmm4, %%xmm4\n\t" \ - "vaesenc 80(%[KEY]), %%xmm4, %%xmm4\n\t" \ - "vaesenc 96(%[KEY]), %%xmm4, %%xmm4\n\t" \ - "vaesenc 112(%[KEY]), %%xmm4, %%xmm4\n\t" \ - "vaesenc 128(%[KEY]), %%xmm4, %%xmm4\n\t" \ - "vaesenc 144(%[KEY]), %%xmm4, %%xmm4\n\t" \ - "cmpl $11, %[nr]\n\t" \ - "vmovdqa 160(%[KEY]), %%xmm5\n\t" \ - "jl %=f\n\t" \ - "vaesenc %%xmm5, %%xmm4, %%xmm4\n\t" \ - "vaesenc 176(%[KEY]), %%xmm4, %%xmm4\n\t" \ - "cmpl $13, %[nr]\n\t" \ - "vmovdqa 192(%[KEY]), %%xmm5\n\t" \ - "jl %=f\n\t" \ - "vaesenc %%xmm5, %%xmm4, %%xmm4\n\t" \ - "vaesenc 208(%[KEY]), %%xmm4, %%xmm4\n\t" \ - "vmovdqa 224(%[KEY]), %%xmm5\n\t" \ - "%=:\n\t" \ - "vaesenclast %%xmm5, %%xmm4, %%xmm4\n\t" \ - "vmovdqu (%[in],"VAR(KR64)",1), %%xmm5\n\t" \ - "vpxor %%xmm5, %%xmm4, %%xmm4\n\t" \ - "vmovdqu %%xmm4, (%[out],"VAR(KR64)",1)\n\t" \ - "vpshufb %[BSWAP_MASK], %%xmm4, %%xmm4\n\t" \ - "vpxor %%xmm4, "VAR(XR)", "VAR(XR)"\n\t" +#define VAESENC_BLOCK_AVX2() \ + "vmovdqu " VAR(CTR1) ", %%xmm5\n\t" \ + "vpshufb %[BSWAP_EPI64], %%xmm5, %%xmm4\n\t" \ + "vpaddd %[ONE], %%xmm5, %%xmm5\n\t" \ + "vmovdqu %%xmm5, " VAR(CTR1) "\n\t" \ + "vpxor (%[KEY]), %%xmm4, %%xmm4\n\t" \ + "vaesenc 16(%[KEY]), %%xmm4, %%xmm4\n\t" \ + "vaesenc 32(%[KEY]), %%xmm4, %%xmm4\n\t" \ + "vaesenc 48(%[KEY]), %%xmm4, %%xmm4\n\t" \ + "vaesenc 64(%[KEY]), %%xmm4, %%xmm4\n\t" \ + "vaesenc 80(%[KEY]), %%xmm4, %%xmm4\n\t" \ + "vaesenc 96(%[KEY]), %%xmm4, %%xmm4\n\t" \ + "vaesenc 112(%[KEY]), %%xmm4, %%xmm4\n\t" \ + "vaesenc 128(%[KEY]), %%xmm4, %%xmm4\n\t" \ + "vaesenc 144(%[KEY]), %%xmm4, %%xmm4\n\t" \ + "cmpl $11, %[nr]\n\t" \ + "vmovdqa 160(%[KEY]), %%xmm5\n\t" \ + "jl %=f\n\t" \ + "vaesenc %%xmm5, %%xmm4, %%xmm4\n\t" \ + "vaesenc 176(%[KEY]), %%xmm4, %%xmm4\n\t" \ + "cmpl $13, %[nr]\n\t" \ + "vmovdqa 192(%[KEY]), %%xmm5\n\t" \ + "jl %=f\n\t" \ + "vaesenc %%xmm5, %%xmm4, %%xmm4\n\t" \ + "vaesenc 208(%[KEY]), %%xmm4, %%xmm4\n\t" \ + "vmovdqa 224(%[KEY]), %%xmm5\n\t" \ + "%=:\n\t" \ + "vaesenclast %%xmm5, %%xmm4, %%xmm4\n\t" \ + "vmovdqu (%[in]," VAR(KR64) ",1), %%xmm5\n\t" \ + "vpxor %%xmm5, %%xmm4, %%xmm4\n\t" \ + "vmovdqu %%xmm4, (%[out]," VAR(KR64) ",1)\n\t" \ + "vpshufb %[BSWAP_MASK], %%xmm4, %%xmm4\n\t" \ + "vpxor %%xmm4, " VAR(XR) ", " VAR(XR) "\n\t" /* Karatsuba multiplication - slower * H01 = H[1] ^ H[0] (top and bottom 64-bits XORed) @@ -5775,36 +5775,36 @@ static void AES_GCM_encrypt_avx1(const unsigned char *in, unsigned char *out, "vmovdqa 224(%[KEY]), %%xmm5\n\t" \ "%=:\n\t" \ "vaesenclast %%xmm5, %%xmm4, %%xmm4\n\t" \ - "vmovdqu "#in", %%xmm0\n\t" \ + "vmovdqu " #in ", %%xmm0\n\t" \ "vpxor %%xmm0, %%xmm4, %%xmm4\n\t" \ -\ - "vpsrldq $8, "#X", %%xmm2\n\t" \ - "vpxor "#X", %%xmm2, %%xmm2\n\t" \ - "vpclmulqdq $0x00, "#H", "#X", %%xmm5\n\t" \ - "vpclmulqdq $0x11, "#H", "#X", %%xmm8\n\t" \ - "vpclmulqdq $0x00, "#H01", %%xmm2, %%xmm7\n\t" \ - "vpxor %%xmm5, %%xmm7, %%xmm7\n\t" \ - "vpxor %%xmm8, %%xmm7, %%xmm7\n\t" \ - "vpslldq $8, %%xmm7, %%xmm6\n\t" \ - "vpsrldq $8, %%xmm7, %%xmm7\n\t" \ - "vpxor %%xmm7, %%xmm8, %%xmm8\n\t" \ - "vpxor %%xmm5, %%xmm6, %%xmm6\n\t" \ -\ - "vpclmulqdq $0x10, %[MOD2_128], %%xmm6, %%xmm5\n\t" \ - "vpshufd $0x4e, %%xmm6, %%xmm6\n\t" \ - "vpxor %%xmm5, %%xmm6, %%xmm6\n\t" \ - "vpclmulqdq $0x10, %[MOD2_128], %%xmm6, %%xmm5\n\t" \ - "vpshufd $0x4e, %%xmm6, %%xmm6\n\t" \ - "vpxor %%xmm8, %%xmm6, %%xmm6\n\t" \ - "vpxor %%xmm5, %%xmm6, "VAR(XR)"\n\t" + \ + "vpsrldq $8, " #X ", %%xmm2\n\t" \ + "vpxor " #X ", %%xmm2, %%xmm2\n\t" \ + "vpclmulqdq $0x00, " #H ", " #X ", %%xmm5\n\t" \ + "vpclmulqdq $0x11, " #H ", " #X ", %%xmm8\n\t" \ + "vpclmulqdq $0x00, "#H01", %%xmm2, %%xmm7\n\t" \ + "vpxor %%xmm5, %%xmm7, %%xmm7\n\t" \ + "vpxor %%xmm8, %%xmm7, %%xmm7\n\t" \ + "vpslldq $8, %%xmm7, %%xmm6\n\t" \ + "vpsrldq $8, %%xmm7, %%xmm7\n\t" \ + "vpxor %%xmm7, %%xmm8, %%xmm8\n\t" \ + "vpxor %%xmm5, %%xmm6, %%xmm6\n\t" \ + \ + "vpclmulqdq $0x10, %[MOD2_128], %%xmm6, %%xmm5\n\t" \ + "vpshufd $0x4e, %%xmm6, %%xmm6\n\t" \ + "vpxor %%xmm5, %%xmm6, %%xmm6\n\t" \ + "vpclmulqdq $0x10, %[MOD2_128], %%xmm6, %%xmm5\n\t" \ + "vpshufd $0x4e, %%xmm6, %%xmm6\n\t" \ + "vpxor %%xmm8, %%xmm6, %%xmm6\n\t" \ + "vpxor %%xmm5, %%xmm6, " VAR(XR) "\n\t" #define VAESENC_GFMUL_AVX2(in, H, X, ctr1) \ _VAESENC_GFMUL_AVX2(in, H, X, ctr1) #define _VAESENC_GFMUL_SB_AVX2(in, H, X, ctr1) \ - "vpclmulqdq $0x10, "#H", "#X", %%xmm7\n\t" \ - "vpclmulqdq $0x01, "#H", "#X", %%xmm6\n\t" \ - "vpclmulqdq $0x00, "#H", "#X", %%xmm5\n\t" \ - "vpclmulqdq $0x11, "#H", "#X", %%xmm8\n\t" \ + "vpclmulqdq $0x10, " #H ", " #X ", %%xmm7\n\t" \ + "vpclmulqdq $0x01, " #H ", " #X ", %%xmm6\n\t" \ + "vpclmulqdq $0x00, " #H ", " #X ", %%xmm5\n\t" \ + "vpclmulqdq $0x11, " #H ", " #X ", %%xmm8\n\t" \ "vpxor (%[KEY]), %%xmm4, %%xmm4\n\t" \ "vaesenc 16(%[KEY]), %%xmm4, %%xmm4\n\t" \ "vpxor %%xmm6, %%xmm7, %%xmm7\n\t" \ @@ -5839,8 +5839,8 @@ static void AES_GCM_encrypt_avx1(const unsigned char *in, unsigned char *out, "vmovdqa 224(%[KEY]), %%xmm3\n\t" \ "%=:\n\t" \ "vaesenclast %%xmm3, %%xmm4, %%xmm4\n\t" \ - "vpxor %%xmm5, %%xmm6, "VAR(XR)"\n\t" \ - "vmovdqu "#in", %%xmm5\n\t" \ + "vpxor %%xmm5, %%xmm6, " VAR(XR) "\n\t" \ + "vmovdqu " #in ", %%xmm5\n\t" \ "vpxor %%xmm5, %%xmm4, %%xmm4\n\t" #define VAESENC_GFMUL_SB_AVX2(in, H, X, ctr1) \ _VAESENC_GFMUL_SB_AVX2(in, H, X, ctr1) @@ -5855,21 +5855,21 @@ static void AES_GCM_encrypt_avx1(const unsigned char *in, unsigned char *out, "vpslldq $8, %%xmm2, %%xmm1\n\t" \ "vpsrldq $8, %%xmm2, %%xmm2\n\t" \ "vpxor %%xmm1, %%xmm0, "#r2"\n\t" \ - "vpxor %%xmm2, %%xmm3, "#r"\n\t" + "vpxor %%xmm2, %%xmm3, " #r "\n\t" #define GHASH_GFMUL_AVX2(r, r2, a, b) \ _GHASH_GFMUL_AVX2(r, r2, a, b) -#define GHASH_MID_AVX2(r, r2) \ - "vpsrld $31, "#r2", %%xmm0\n\t" \ - "vpsrld $31, "#r", %%xmm1\n\t" \ - "vpslld $1, "#r2", "#r2"\n\t" \ - "vpslld $1, "#r", "#r"\n\t" \ - "vpsrldq $12, %%xmm0, %%xmm2\n\t" \ - "vpslldq $4, %%xmm0, %%xmm0\n\t" \ - "vpslldq $4, %%xmm1, %%xmm1\n\t" \ - "vpor %%xmm2, "#r", "#r"\n\t" \ - "vpor %%xmm0, "#r2", "#r2"\n\t" \ - "vpor %%xmm1, "#r", "#r"\n\t" +#define GHASH_MID_AVX2(r, r2) \ + "vpsrld $31, "#r2", %%xmm0\n\t" \ + "vpsrld $31, " #r ", %%xmm1\n\t" \ + "vpslld $1, "#r2", "#r2"\n\t" \ + "vpslld $1, " #r ", " #r "\n\t" \ + "vpsrldq $12, %%xmm0, %%xmm2\n\t" \ + "vpslldq $4, %%xmm0, %%xmm0\n\t" \ + "vpslldq $4, %%xmm1, %%xmm1\n\t" \ + "vpor %%xmm2, " #r ", " #r "\n\t" \ + "vpor %%xmm0, "#r2", "#r2"\n\t" \ + "vpor %%xmm1, " #r ", " #r "\n\t" #define _GHASH_GFMUL_RED_AVX2(r, a, b) \ "vpclmulqdq $0x10, "#a", "#b", %%xmm7\n\t" \ @@ -5887,7 +5887,7 @@ static void AES_GCM_encrypt_avx1(const unsigned char *in, unsigned char *out, "vpshufd $0x4e, %%xmm6, %%xmm6\n\t" \ "vpxor %%xmm7, %%xmm8, %%xmm8\n\t" \ "vpxor %%xmm8, %%xmm6, %%xmm6\n\t" \ - "vpxor %%xmm5, %%xmm6, "#r"\n\t" + "vpxor %%xmm5, %%xmm6, " #r "\n\t" #define GHASH_GFMUL_RED_AVX2(r, a, b) \ _GHASH_GFMUL_RED_AVX2(r, a, b) @@ -5900,7 +5900,7 @@ static void AES_GCM_encrypt_avx1(const unsigned char *in, unsigned char *out, "vpclmulqdq $0x10, "#mod128", %%xmm6, %%xmm5\n\t" \ "vpshufd $0x4e, %%xmm6, %%xmm6\n\t" \ "vpxor %%xmm5, %%xmm6, %%xmm6\n\t" \ - "vpxor %%xmm6, %%xmm8, "#r"\n\t" + "vpxor %%xmm6, %%xmm8, " #r "\n\t" #define GHASH_GFSQR_RED2_AVX2(r, a, mod128) \ _GHASH_GFSQR_RED2_AVX2(r, a, mod128) @@ -5935,23 +5935,23 @@ static void AES_GCM_encrypt_avx1(const unsigned char *in, unsigned char *out, #define CALC_HT_8_AVX2() \ "vmovdqa %[MOD2_128], %%xmm11\n\t" \ - "vmovdqa "VAR(XR)", %%xmm2\n\t" \ + "vmovdqa " VAR(XR) ", %%xmm2\n\t" \ "# H ^ 1 and H ^ 2\n\t" \ GHASH_GFSQR_RED2_AVX2(%%xmm0, HR, %%xmm11) \ - "vmovdqu "VAR(HR)", 0("VAR(HTR)")\n\t" \ - "vmovdqu %%xmm0 , 16("VAR(HTR)")\n\t" \ + "vmovdqu " VAR(HR) ", 0(" VAR(HTR) ")\n\t" \ + "vmovdqu %%xmm0 , 16(" VAR(HTR) ")\n\t" \ "# H ^ 3 and H ^ 4\n\t" \ GHASH_GFMUL_SQR_RED2_AVX2(%%xmm1, %%xmm3, HR, %%xmm0, %%xmm11) \ - "vmovdqu %%xmm1 , 32("VAR(HTR)")\n\t" \ - "vmovdqu %%xmm3 , 48("VAR(HTR)")\n\t" \ + "vmovdqu %%xmm1 , 32(" VAR(HTR) ")\n\t" \ + "vmovdqu %%xmm3 , 48(" VAR(HTR) ")\n\t" \ "# H ^ 5 and H ^ 6\n\t" \ GHASH_GFMUL_SQR_RED2_AVX2(%%xmm12, %%xmm0, %%xmm0, %%xmm1, %%xmm11) \ - "vmovdqu %%xmm12, 64("VAR(HTR)")\n\t" \ - "vmovdqu %%xmm0 , 80("VAR(HTR)")\n\t" \ + "vmovdqu %%xmm12, 64(" VAR(HTR) ")\n\t" \ + "vmovdqu %%xmm0 , 80(" VAR(HTR) ")\n\t" \ "# H ^ 7 and H ^ 8\n\t" \ GHASH_GFMUL_SQR_RED2_AVX2(%%xmm12, %%xmm0, %%xmm1, %%xmm3, %%xmm11) \ - "vmovdqu %%xmm12, 96("VAR(HTR)")\n\t" \ - "vmovdqu %%xmm0 , 112("VAR(HTR)")\n\t" + "vmovdqu %%xmm12, 96(" VAR(HTR) ")\n\t" \ + "vmovdqu %%xmm0 , 112(" VAR(HTR) ")\n\t" #define _GHASH_RED_AVX2(r, r2) \ "vmovdqa %[MOD2_128], %%xmm2\n\t" \ @@ -5961,7 +5961,7 @@ static void AES_GCM_encrypt_avx1(const unsigned char *in, unsigned char *out, "vpclmulqdq $0x10, %%xmm2, %%xmm1, %%xmm0\n\t" \ "vpshufd $0x4e, %%xmm1, %%xmm1\n\t" \ "vpxor %%xmm0, %%xmm1, %%xmm1\n\t" \ - "vpxor %%xmm1, "#r", "#r"\n\t" + "vpxor %%xmm1, " #r ", " #r "\n\t" #define GHASH_RED_AVX2(r, r2) \ _GHASH_RED_AVX2(r, r2) @@ -5974,7 +5974,7 @@ static void AES_GCM_encrypt_avx1(const unsigned char *in, unsigned char *out, "vpclmulqdq $0x10, "#a", "#b", "#r3"\n\t" \ "vpclmulqdq $0x01, "#a", "#b", %%xmm1\n\t" \ "vpclmulqdq $0x00, "#a", "#b", "#r2"\n\t" \ - "vpclmulqdq $0x11, "#a", "#b", "#r"\n\t" \ + "vpclmulqdq $0x11, "#a", "#b", " #r "\n\t" \ "vpxor %%xmm1, "#r3", "#r3"\n\t" #define GFMUL_3V_AVX2(r, r2, r3, a, b) \ _GFMUL_3V_AVX2(r, r2, r3, a, b) @@ -5985,200 +5985,200 @@ static void AES_GCM_encrypt_avx1(const unsigned char *in, unsigned char *out, "vpclmulqdq $0x00, "#a", "#b", %%xmm0\n\t" \ "vpclmulqdq $0x11, "#a", "#b", %%xmm3\n\t" \ "vpxor %%xmm1, %%xmm2, %%xmm2\n\t" \ - "vpxor %%xmm3, "#r", "#r"\n\t" \ + "vpxor %%xmm3, " #r ", " #r "\n\t" \ "vpxor %%xmm2, "#r3", "#r3"\n\t" \ "vpxor %%xmm0, "#r2", "#r2"\n\t" #define GFMUL_XOR_3V_AVX2(r, r2, r3, a, b) \ _GFMUL_XOR_3V_AVX2(r, r2, r3, a, b) #define GHASH_GFMUL_RED_8_AVX2() \ - "vmovdqu ("VAR(HTR)"), %%xmm12\n\t" \ + "vmovdqu (" VAR(HTR) "), %%xmm12\n\t" \ GFMUL_3V_AVX2(XR, %%xmm13, %%xmm14, %%xmm11, %%xmm12) \ - "vmovdqu 16("VAR(HTR)"), %%xmm12\n\t" \ + "vmovdqu 16(" VAR(HTR) "), %%xmm12\n\t" \ GFMUL_XOR_3V_AVX2(XR, %%xmm13, %%xmm14, %%xmm10, %%xmm12) \ - "vmovdqu 32("VAR(HTR)"), %%xmm11\n\t" \ - "vmovdqu 48("VAR(HTR)"), %%xmm12\n\t" \ + "vmovdqu 32(" VAR(HTR) "), %%xmm11\n\t" \ + "vmovdqu 48(" VAR(HTR) "), %%xmm12\n\t" \ GFMUL_XOR_3V_AVX2(XR, %%xmm13, %%xmm14, %%xmm9, %%xmm11) \ GFMUL_XOR_3V_AVX2(XR, %%xmm13, %%xmm14, %%xmm8, %%xmm12) \ - "vmovdqu 64("VAR(HTR)"), %%xmm11\n\t" \ - "vmovdqu 80("VAR(HTR)"), %%xmm12\n\t" \ + "vmovdqu 64(" VAR(HTR) "), %%xmm11\n\t" \ + "vmovdqu 80(" VAR(HTR) "), %%xmm12\n\t" \ GFMUL_XOR_3V_AVX2(XR, %%xmm13, %%xmm14, %%xmm7, %%xmm11) \ GFMUL_XOR_3V_AVX2(XR, %%xmm13, %%xmm14, %%xmm6, %%xmm12) \ - "vmovdqu 96("VAR(HTR)"), %%xmm11\n\t" \ - "vmovdqu 112("VAR(HTR)"), %%xmm12\n\t" \ + "vmovdqu 96(" VAR(HTR) "), %%xmm11\n\t" \ + "vmovdqu 112(" VAR(HTR) "), %%xmm12\n\t" \ GFMUL_XOR_3V_AVX2(XR, %%xmm13, %%xmm14, %%xmm5, %%xmm11) \ GFMUL_XOR_3V_AVX2(XR, %%xmm13, %%xmm14, %%xmm4, %%xmm12) \ "vpslldq $8, %%xmm14, %%xmm12\n\t" \ "vpsrldq $8, %%xmm14, %%xmm14\n\t" \ "vpxor %%xmm12, %%xmm13, %%xmm13\n\t" \ - "vpxor %%xmm14, "VAR(XR)", "VAR(XR)"\n\t" \ + "vpxor %%xmm14, " VAR(XR) ", " VAR(XR) "\n\t" \ GHASH_RED_AVX2(XR, %%xmm13) -#define CALC_IV_12_AVX2() \ - "# Calculate values when IV is 12 bytes\n\t" \ - "# Set counter based on IV\n\t" \ - "movl $0x01000000, %%ecx\n\t" \ - "vpinsrq $0, 0(%%rax), %%xmm13, %%xmm13\n\t" \ - "vpinsrd $2, 8(%%rax), %%xmm13, %%xmm13\n\t" \ - "vpinsrd $3, %%ecx, %%xmm13, %%xmm13\n\t" \ - "# H = Encrypt X(=0) and T = Encrypt counter\n\t" \ - "vmovdqa 0(%[KEY]), "VAR(HR)"\n\t" \ - "vmovdqa 16(%[KEY]), %%xmm12\n\t" \ - "vpxor "VAR(HR)", %%xmm13, %%xmm1\n\t" \ - "vaesenc %%xmm12, "VAR(HR)", "VAR(HR)"\n\t" \ - "vaesenc %%xmm12, %%xmm1, %%xmm1\n\t" \ - "vmovdqa 32(%[KEY]), %%xmm0\n\t" \ - "vmovdqa 48(%[KEY]), %%xmm12\n\t" \ - "vaesenc %%xmm0, "VAR(HR)", "VAR(HR)"\n\t" \ - "vaesenc %%xmm0, %%xmm1, %%xmm1\n\t" \ - "vaesenc %%xmm12, "VAR(HR)", "VAR(HR)"\n\t" \ - "vaesenc %%xmm12, %%xmm1, %%xmm1\n\t" \ - "vmovdqa 64(%[KEY]), %%xmm0\n\t" \ - "vmovdqa 80(%[KEY]), %%xmm12\n\t" \ - "vaesenc %%xmm0, "VAR(HR)", "VAR(HR)"\n\t" \ - "vaesenc %%xmm0, %%xmm1, %%xmm1\n\t" \ - "vaesenc %%xmm12, "VAR(HR)", "VAR(HR)"\n\t" \ - "vaesenc %%xmm12, %%xmm1, %%xmm1\n\t" \ - "vmovdqa 96(%[KEY]), %%xmm0\n\t" \ - "vmovdqa 112(%[KEY]), %%xmm12\n\t" \ - "vaesenc %%xmm0, "VAR(HR)", "VAR(HR)"\n\t" \ - "vaesenc %%xmm0, %%xmm1, %%xmm1\n\t" \ - "vaesenc %%xmm12, "VAR(HR)", "VAR(HR)"\n\t" \ - "vaesenc %%xmm12, %%xmm1, %%xmm1\n\t" \ - "vmovdqa 128(%[KEY]), %%xmm0\n\t" \ - "vmovdqa 144(%[KEY]), %%xmm12\n\t" \ - "vaesenc %%xmm0, "VAR(HR)", "VAR(HR)"\n\t" \ - "vaesenc %%xmm0, %%xmm1, %%xmm1\n\t" \ - "vaesenc %%xmm12, "VAR(HR)", "VAR(HR)"\n\t" \ - "vaesenc %%xmm12, %%xmm1, %%xmm1\n\t" \ - "cmpl $11, %[nr]\n\t" \ - "vmovdqa 160(%[KEY]), %%xmm0\n\t" \ - "jl 31f\n\t" \ - "vmovdqa 176(%[KEY]), %%xmm12\n\t" \ - "vaesenc %%xmm0, "VAR(HR)", "VAR(HR)"\n\t" \ - "vaesenc %%xmm0, %%xmm1, %%xmm1\n\t" \ - "vaesenc %%xmm12, "VAR(HR)", "VAR(HR)"\n\t" \ - "vaesenc %%xmm12, %%xmm1, %%xmm1\n\t" \ - "cmpl $13, %[nr]\n\t" \ - "vmovdqa 192(%[KEY]), %%xmm0\n\t" \ - "jl 31f\n\t" \ - "vmovdqa 208(%[KEY]), %%xmm12\n\t" \ - "vaesenc %%xmm0, "VAR(HR)", "VAR(HR)"\n\t" \ - "vaesenc %%xmm0, %%xmm1, %%xmm1\n\t" \ - "vaesenc %%xmm12, "VAR(HR)", "VAR(HR)"\n\t" \ - "vaesenc %%xmm12, %%xmm1, %%xmm1\n\t" \ - "vmovdqu 224(%[KEY]), %%xmm0\n\t" \ - "31:\n\t" \ - "vaesenclast %%xmm0, "VAR(HR)", "VAR(HR)"\n\t" \ - "vaesenclast %%xmm0, %%xmm1, %%xmm1\n\t" \ - "vpshufb %[BSWAP_MASK], "VAR(HR)", "VAR(HR)"\n\t" \ - "vmovdqu %%xmm1, "VAR(TR)"\n\t" \ +#define CALC_IV_12_AVX2() \ + "# Calculate values when IV is 12 bytes\n\t" \ + "# Set counter based on IV\n\t" \ + "movl $0x01000000, %%ecx\n\t" \ + "vpinsrq $0, 0(%%rax), %%xmm13, %%xmm13\n\t" \ + "vpinsrd $2, 8(%%rax), %%xmm13, %%xmm13\n\t" \ + "vpinsrd $3, %%ecx, %%xmm13, %%xmm13\n\t" \ + "# H = Encrypt X(=0) and T = Encrypt counter\n\t" \ + "vmovdqa 0(%[KEY]), " VAR(HR) "\n\t" \ + "vmovdqa 16(%[KEY]), %%xmm12\n\t" \ + "vpxor " VAR(HR) ", %%xmm13, %%xmm1\n\t" \ + "vaesenc %%xmm12, " VAR(HR) ", " VAR(HR) "\n\t" \ + "vaesenc %%xmm12, %%xmm1, %%xmm1\n\t" \ + "vmovdqa 32(%[KEY]), %%xmm0\n\t" \ + "vmovdqa 48(%[KEY]), %%xmm12\n\t" \ + "vaesenc %%xmm0, " VAR(HR) ", " VAR(HR) "\n\t" \ + "vaesenc %%xmm0, %%xmm1, %%xmm1\n\t" \ + "vaesenc %%xmm12, " VAR(HR) ", " VAR(HR) "\n\t" \ + "vaesenc %%xmm12, %%xmm1, %%xmm1\n\t" \ + "vmovdqa 64(%[KEY]), %%xmm0\n\t" \ + "vmovdqa 80(%[KEY]), %%xmm12\n\t" \ + "vaesenc %%xmm0, " VAR(HR) ", " VAR(HR) "\n\t" \ + "vaesenc %%xmm0, %%xmm1, %%xmm1\n\t" \ + "vaesenc %%xmm12, " VAR(HR) ", " VAR(HR) "\n\t" \ + "vaesenc %%xmm12, %%xmm1, %%xmm1\n\t" \ + "vmovdqa 96(%[KEY]), %%xmm0\n\t" \ + "vmovdqa 112(%[KEY]), %%xmm12\n\t" \ + "vaesenc %%xmm0, " VAR(HR) ", " VAR(HR) "\n\t" \ + "vaesenc %%xmm0, %%xmm1, %%xmm1\n\t" \ + "vaesenc %%xmm12, " VAR(HR) ", " VAR(HR) "\n\t" \ + "vaesenc %%xmm12, %%xmm1, %%xmm1\n\t" \ + "vmovdqa 128(%[KEY]), %%xmm0\n\t" \ + "vmovdqa 144(%[KEY]), %%xmm12\n\t" \ + "vaesenc %%xmm0, " VAR(HR) ", " VAR(HR) "\n\t" \ + "vaesenc %%xmm0, %%xmm1, %%xmm1\n\t" \ + "vaesenc %%xmm12, " VAR(HR) ", " VAR(HR) "\n\t" \ + "vaesenc %%xmm12, %%xmm1, %%xmm1\n\t" \ + "cmpl $11, %[nr]\n\t" \ + "vmovdqa 160(%[KEY]), %%xmm0\n\t" \ + "jl 31f\n\t" \ + "vmovdqa 176(%[KEY]), %%xmm12\n\t" \ + "vaesenc %%xmm0, " VAR(HR) ", " VAR(HR) "\n\t" \ + "vaesenc %%xmm0, %%xmm1, %%xmm1\n\t" \ + "vaesenc %%xmm12, " VAR(HR) ", " VAR(HR) "\n\t" \ + "vaesenc %%xmm12, %%xmm1, %%xmm1\n\t" \ + "cmpl $13, %[nr]\n\t" \ + "vmovdqa 192(%[KEY]), %%xmm0\n\t" \ + "jl 31f\n\t" \ + "vmovdqa 208(%[KEY]), %%xmm12\n\t" \ + "vaesenc %%xmm0, " VAR(HR) ", " VAR(HR) "\n\t" \ + "vaesenc %%xmm0, %%xmm1, %%xmm1\n\t" \ + "vaesenc %%xmm12, " VAR(HR) ", " VAR(HR) "\n\t" \ + "vaesenc %%xmm12, %%xmm1, %%xmm1\n\t" \ + "vmovdqu 224(%[KEY]), %%xmm0\n\t" \ + "31:\n\t" \ + "vaesenclast %%xmm0, " VAR(HR) ", " VAR(HR) "\n\t" \ + "vaesenclast %%xmm0, %%xmm1, %%xmm1\n\t" \ + "vpshufb %[BSWAP_MASK], " VAR(HR) ", " VAR(HR) "\n\t" \ + "vmovdqu %%xmm1, " VAR(TR) "\n\t" \ -#define CALC_IV_AVX2() \ - "# Calculate values when IV is not 12 bytes\n\t" \ - "# H = Encrypt X(=0)\n\t" \ - "vmovdqa 0(%[KEY]), "VAR(HR)"\n\t" \ - VAESENC_AVX(HR) \ - "vpshufb %[BSWAP_MASK], "VAR(HR)", "VAR(HR)"\n\t" \ - "# Calc counter\n\t" \ - "# Initialization vector\n\t" \ - "cmpl $0, %%edx\n\t" \ - "movq $0, %%rcx\n\t" \ - "je 45f\n\t" \ - "cmpl $16, %%edx\n\t" \ - "jl 44f\n\t" \ - "andl $0xfffffff0, %%edx\n\t" \ - "\n" \ - "43:\n\t" \ - "vmovdqu (%%rax,%%rcx,1), %%xmm4\n\t" \ - "vpshufb %[BSWAP_MASK], %%xmm4, %%xmm4\n\t" \ - "vpxor %%xmm4, %%xmm13, %%xmm13\n\t" \ - GHASH_FULL_AVX2(%%xmm13, %%xmm12, %%xmm13, HR) \ - "addl $16, %%ecx\n\t" \ - "cmpl %%edx, %%ecx\n\t" \ - "jl 43b\n\t" \ - "movl %[ibytes], %%edx\n\t" \ - "cmpl %%edx, %%ecx\n\t" \ - "je 45f\n\t" \ - "\n" \ - "44:\n\t" \ - "subq $16, %%rsp\n\t" \ - "vpxor %%xmm4, %%xmm4, %%xmm4\n\t" \ - "xorl %%ebx, %%ebx\n\t" \ - "vmovdqu %%xmm4, (%%rsp)\n\t" \ - "42:\n\t" \ - "movzbl (%%rax,%%rcx,1), %%r13d\n\t" \ - "movb %%r13b, (%%rsp,%%rbx,1)\n\t" \ - "incl %%ecx\n\t" \ - "incl %%ebx\n\t" \ - "cmpl %%edx, %%ecx\n\t" \ - "jl 42b\n\t" \ - "vmovdqu (%%rsp), %%xmm4\n\t" \ - "addq $16, %%rsp\n\t" \ - "vpshufb %[BSWAP_MASK], %%xmm4, %%xmm4\n\t" \ - "vpxor %%xmm4, %%xmm13, %%xmm13\n\t" \ - GHASH_FULL_AVX2(%%xmm13, %%xmm12, %%xmm13, HR) \ - "\n" \ - "45:\n\t" \ - "# T = Encrypt counter\n\t" \ - "vpxor %%xmm0, %%xmm0, %%xmm0\n\t" \ - "shll $3, %%edx\n\t" \ - "vpinsrq $0, %%rdx, %%xmm0, %%xmm0\n\t" \ - "vpxor %%xmm0, %%xmm13, %%xmm13\n\t" \ - GHASH_FULL_AVX2(%%xmm13, %%xmm12, %%xmm13, HR) \ - "vpshufb %[BSWAP_MASK], %%xmm13, %%xmm13\n\t" \ - "# Encrypt counter\n\t" \ - "vmovdqa 0(%[KEY]), %%xmm4\n\t" \ - "vpxor %%xmm13, %%xmm4, %%xmm4\n\t" \ - VAESENC_AVX(%%xmm4) \ - "vmovdqu %%xmm4, "VAR(TR)"\n\t" +#define CALC_IV_AVX2() \ + "# Calculate values when IV is not 12 bytes\n\t" \ + "# H = Encrypt X(=0)\n\t" \ + "vmovdqa 0(%[KEY]), " VAR(HR) "\n\t" \ + VAESENC_AVX(HR) \ + "vpshufb %[BSWAP_MASK], " VAR(HR) ", " VAR(HR) "\n\t" \ + "# Calc counter\n\t" \ + "# Initialization vector\n\t" \ + "cmpl $0, %%edx\n\t" \ + "movq $0, %%rcx\n\t" \ + "je 45f\n\t" \ + "cmpl $16, %%edx\n\t" \ + "jl 44f\n\t" \ + "andl $0xfffffff0, %%edx\n\t" \ + "\n" \ + "43:\n\t" \ + "vmovdqu (%%rax,%%rcx,1), %%xmm4\n\t" \ + "vpshufb %[BSWAP_MASK], %%xmm4, %%xmm4\n\t" \ + "vpxor %%xmm4, %%xmm13, %%xmm13\n\t" \ + GHASH_FULL_AVX2(%%xmm13, %%xmm12, %%xmm13, HR) \ + "addl $16, %%ecx\n\t" \ + "cmpl %%edx, %%ecx\n\t" \ + "jl 43b\n\t" \ + "movl %[ibytes], %%edx\n\t" \ + "cmpl %%edx, %%ecx\n\t" \ + "je 45f\n\t" \ + "\n" \ + "44:\n\t" \ + "subq $16, %%rsp\n\t" \ + "vpxor %%xmm4, %%xmm4, %%xmm4\n\t" \ + "xorl %%ebx, %%ebx\n\t" \ + "vmovdqu %%xmm4, (%%rsp)\n\t" \ + "42:\n\t" \ + "movzbl (%%rax,%%rcx,1), %%r13d\n\t" \ + "movb %%r13b, (%%rsp,%%rbx,1)\n\t" \ + "incl %%ecx\n\t" \ + "incl %%ebx\n\t" \ + "cmpl %%edx, %%ecx\n\t" \ + "jl 42b\n\t" \ + "vmovdqu (%%rsp), %%xmm4\n\t" \ + "addq $16, %%rsp\n\t" \ + "vpshufb %[BSWAP_MASK], %%xmm4, %%xmm4\n\t" \ + "vpxor %%xmm4, %%xmm13, %%xmm13\n\t" \ + GHASH_FULL_AVX2(%%xmm13, %%xmm12, %%xmm13, HR) \ + "\n" \ + "45:\n\t" \ + "# T = Encrypt counter\n\t" \ + "vpxor %%xmm0, %%xmm0, %%xmm0\n\t" \ + "shll $3, %%edx\n\t" \ + "vpinsrq $0, %%rdx, %%xmm0, %%xmm0\n\t" \ + "vpxor %%xmm0, %%xmm13, %%xmm13\n\t" \ + GHASH_FULL_AVX2(%%xmm13, %%xmm12, %%xmm13, HR) \ + "vpshufb %[BSWAP_MASK], %%xmm13, %%xmm13\n\t" \ + "# Encrypt counter\n\t" \ + "vmovdqa 0(%[KEY]), %%xmm4\n\t" \ + "vpxor %%xmm13, %%xmm4, %%xmm4\n\t" \ + VAESENC_AVX(%%xmm4) \ + "vmovdqu %%xmm4, " VAR(TR) "\n\t" -#define CALC_AAD_AVX2() \ - "# Additional authentication data\n\t" \ - "movl %[abytes], %%edx\n\t" \ - "cmpl $0, %%edx\n\t" \ - "je 25f\n\t" \ - "movq %[addt], %%rax\n\t" \ - "xorl %%ecx, %%ecx\n\t" \ - "cmpl $16, %%edx\n\t" \ - "jl 24f\n\t" \ - "andl $0xfffffff0, %%edx\n\t" \ - "\n" \ - "23:\n\t" \ - "vmovdqu (%%rax,%%rcx,1), %%xmm4\n\t" \ - "vpshufb %[BSWAP_MASK], %%xmm4, %%xmm4\n\t" \ - "vpxor %%xmm4, "VAR(XR)", "VAR(XR)"\n\t" \ - GHASH_FULL_AVX2(XR, %%xmm12, XR, HR) \ - "addl $16, %%ecx\n\t" \ - "cmpl %%edx, %%ecx\n\t" \ - "jl 23b\n\t" \ - "movl %[abytes], %%edx\n\t" \ - "cmpl %%edx, %%ecx\n\t" \ - "je 25f\n\t" \ - "\n" \ - "24:\n\t" \ - "subq $16, %%rsp\n\t" \ - "vpxor %%xmm4, %%xmm4, %%xmm4\n\t" \ - "xorl %%ebx, %%ebx\n\t" \ - "vmovdqu %%xmm4, (%%rsp)\n\t" \ - "22:\n\t" \ - "movzbl (%%rax,%%rcx,1), %%r13d\n\t" \ - "movb %%r13b, (%%rsp,%%rbx,1)\n\t" \ - "incl %%ecx\n\t" \ - "incl %%ebx\n\t" \ - "cmpl %%edx, %%ecx\n\t" \ - "jl 22b\n\t" \ - "vmovdqu (%%rsp), %%xmm4\n\t" \ - "addq $16, %%rsp\n\t" \ - "vpshufb %[BSWAP_MASK], %%xmm4, %%xmm4\n\t" \ - "vpxor %%xmm4, "VAR(XR)", "VAR(XR)"\n\t" \ - GHASH_FULL_AVX2(XR, %%xmm12, XR, HR) \ - "\n" \ +#define CALC_AAD_AVX2() \ + "# Additional authentication data\n\t" \ + "movl %[abytes], %%edx\n\t" \ + "cmpl $0, %%edx\n\t" \ + "je 25f\n\t" \ + "movq %[addt], %%rax\n\t" \ + "xorl %%ecx, %%ecx\n\t" \ + "cmpl $16, %%edx\n\t" \ + "jl 24f\n\t" \ + "andl $0xfffffff0, %%edx\n\t" \ + "\n" \ + "23:\n\t" \ + "vmovdqu (%%rax,%%rcx,1), %%xmm4\n\t" \ + "vpshufb %[BSWAP_MASK], %%xmm4, %%xmm4\n\t" \ + "vpxor %%xmm4, " VAR(XR) ", " VAR(XR) "\n\t" \ + GHASH_FULL_AVX2(XR, %%xmm12, XR, HR) \ + "addl $16, %%ecx\n\t" \ + "cmpl %%edx, %%ecx\n\t" \ + "jl 23b\n\t" \ + "movl %[abytes], %%edx\n\t" \ + "cmpl %%edx, %%ecx\n\t" \ + "je 25f\n\t" \ + "\n" \ + "24:\n\t" \ + "subq $16, %%rsp\n\t" \ + "vpxor %%xmm4, %%xmm4, %%xmm4\n\t" \ + "xorl %%ebx, %%ebx\n\t" \ + "vmovdqu %%xmm4, (%%rsp)\n\t" \ + "22:\n\t" \ + "movzbl (%%rax,%%rcx,1), %%r13d\n\t" \ + "movb %%r13b, (%%rsp,%%rbx,1)\n\t" \ + "incl %%ecx\n\t" \ + "incl %%ebx\n\t" \ + "cmpl %%edx, %%ecx\n\t" \ + "jl 22b\n\t" \ + "vmovdqu (%%rsp), %%xmm4\n\t" \ + "addq $16, %%rsp\n\t" \ + "vpshufb %[BSWAP_MASK], %%xmm4, %%xmm4\n\t" \ + "vpxor %%xmm4, " VAR(XR) ", " VAR(XR) "\n\t" \ + GHASH_FULL_AVX2(XR, %%xmm12, XR, HR) \ + "\n" \ "25:\n\t" -#define VAESENC_128_GHASH_AVX2(src, o) \ - "leaq (%[in],"VAR(KR64)",1), %%rcx\n\t" \ - "leaq (%[out],"VAR(KR64)",1), %%rdx\n\t" \ +#define VAESENC_128_GHASH_AVX2(src, o) \ + "leaq (%[in]," VAR(KR64) ",1), %%rcx\n\t" \ + "leaq (%[out]," VAR(KR64) ",1), %%rdx\n\t" \ /* src is either %%rcx or %%rdx */ \ VAESENC_CTR() \ VAESENC_XOR() \ @@ -6206,86 +6206,86 @@ static void AES_GCM_encrypt_avx1(const unsigned char *in, unsigned char *out, "4:\n\t" \ VAESENC_LAST(%%rcx, %%rdx) -#define AESENC_LAST15_ENC_AVX2() \ - "movl %[nbytes], %%ecx\n\t" \ - "movl %%ecx, %%edx\n\t" \ - "andl $0x0f, %%ecx\n\t" \ - "jz 55f\n\t" \ - "vmovdqu "VAR(CTR1)", %%xmm13\n\t" \ - "vpshufb %[BSWAP_EPI64], %%xmm13, %%xmm13\n\t" \ - "vpxor 0(%[KEY]), %%xmm13, %%xmm13\n\t" \ - VAESENC_AVX(%%xmm13) \ - "subq $16, %%rsp\n\t" \ - "xorl %%ecx, %%ecx\n\t" \ - "vmovdqu %%xmm13, (%%rsp)\n\t" \ - "\n" \ - "51:\n\t" \ - "movzbl (%[in],"VAR(KR64)",1), %%r13d\n\t" \ - "xorb (%%rsp,%%rcx,1), %%r13b\n\t" \ - "movb %%r13b, (%[out],"VAR(KR64)",1)\n\t" \ - "movb %%r13b, (%%rsp,%%rcx,1)\n\t" \ - "incl "VAR(KR)"\n\t" \ - "incl %%ecx\n\t" \ - "cmpl %%edx, "VAR(KR)"\n\t" \ - "jl 51b\n\t" \ - "xorq %%r13, %%r13\n\t" \ - "cmpl $16, %%ecx\n\t" \ - "je 53f\n\t" \ - "\n" \ - "52:\n\t" \ - "movb %%r13b, (%%rsp,%%rcx,1)\n\t" \ - "incl %%ecx\n\t" \ - "cmpl $16, %%ecx\n\t" \ - "jl 52b\n\t" \ - "53:\n\t" \ - "vmovdqu (%%rsp), %%xmm13\n\t" \ - "addq $16, %%rsp\n\t" \ - "vpshufb %[BSWAP_MASK], %%xmm13, %%xmm13\n\t" \ - "vpxor %%xmm13, "VAR(XR)", "VAR(XR)"\n\t" \ - GHASH_GFMUL_RED_AVX2(XR, HR, XR) \ +#define AESENC_LAST15_ENC_AVX2() \ + "movl %[nbytes], %%ecx\n\t" \ + "movl %%ecx, %%edx\n\t" \ + "andl $0x0f, %%ecx\n\t" \ + "jz 55f\n\t" \ + "vmovdqu " VAR(CTR1) ", %%xmm13\n\t" \ + "vpshufb %[BSWAP_EPI64], %%xmm13, %%xmm13\n\t" \ + "vpxor 0(%[KEY]), %%xmm13, %%xmm13\n\t" \ + VAESENC_AVX(%%xmm13) \ + "subq $16, %%rsp\n\t" \ + "xorl %%ecx, %%ecx\n\t" \ + "vmovdqu %%xmm13, (%%rsp)\n\t" \ + "\n" \ + "51:\n\t" \ + "movzbl (%[in]," VAR(KR64) ",1), %%r13d\n\t" \ + "xorb (%%rsp,%%rcx,1), %%r13b\n\t" \ + "movb %%r13b, (%[out]," VAR(KR64) ",1)\n\t" \ + "movb %%r13b, (%%rsp,%%rcx,1)\n\t" \ + "incl " VAR(KR) "\n\t" \ + "incl %%ecx\n\t" \ + "cmpl %%edx, " VAR(KR) "\n\t" \ + "jl 51b\n\t" \ + "xorq %%r13, %%r13\n\t" \ + "cmpl $16, %%ecx\n\t" \ + "je 53f\n\t" \ + "\n" \ + "52:\n\t" \ + "movb %%r13b, (%%rsp,%%rcx,1)\n\t" \ + "incl %%ecx\n\t" \ + "cmpl $16, %%ecx\n\t" \ + "jl 52b\n\t" \ + "53:\n\t" \ + "vmovdqu (%%rsp), %%xmm13\n\t" \ + "addq $16, %%rsp\n\t" \ + "vpshufb %[BSWAP_MASK], %%xmm13, %%xmm13\n\t" \ + "vpxor %%xmm13, " VAR(XR) ", " VAR(XR) "\n\t" \ + GHASH_GFMUL_RED_AVX2(XR, HR, XR) \ -#define AESENC_LAST15_DEC_AVX2() \ - "movl %[nbytes], %%ecx\n\t" \ - "movl %%ecx, %%edx\n\t" \ - "andl $0x0f, %%ecx\n\t" \ - "jz 55f\n\t" \ - "vmovdqu "VAR(CTR1)", %%xmm13\n\t" \ - "vpshufb %[BSWAP_EPI64], %%xmm13, %%xmm13\n\t" \ - "vpxor 0(%[KEY]), %%xmm13, %%xmm13\n\t" \ - VAESENC_AVX(%%xmm13) \ - "subq $32, %%rsp\n\t" \ - "xorl %%ecx, %%ecx\n\t" \ - "vmovdqu %%xmm13, (%%rsp)\n\t" \ - "vpxor %%xmm0, %%xmm0, %%xmm0\n\t" \ - "vmovdqu %%xmm0, 16(%%rsp)\n\t" \ - "\n" \ - "51:\n\t" \ - "movzbl (%[in],"VAR(KR64)",1), %%r13d\n\t" \ - "movb %%r13b, 16(%%rsp,%%rcx,1)\n\t" \ - "xorb (%%rsp,%%rcx,1), %%r13b\n\t" \ - "movb %%r13b, (%[out],"VAR(KR64)",1)\n\t" \ - "incl "VAR(KR)"\n\t" \ - "incl %%ecx\n\t" \ - "cmpl %%edx, "VAR(KR)"\n\t" \ - "jl 51b\n\t" \ - "53:\n\t" \ - "vmovdqu 16(%%rsp), %%xmm13\n\t" \ - "addq $32, %%rsp\n\t" \ - "vpshufb %[BSWAP_MASK], %%xmm13, %%xmm13\n\t" \ - "vpxor %%xmm13, "VAR(XR)", "VAR(XR)"\n\t" \ - GHASH_GFMUL_RED_AVX2(XR, HR, XR) \ +#define AESENC_LAST15_DEC_AVX2() \ + "movl %[nbytes], %%ecx\n\t" \ + "movl %%ecx, %%edx\n\t" \ + "andl $0x0f, %%ecx\n\t" \ + "jz 55f\n\t" \ + "vmovdqu " VAR(CTR1) ", %%xmm13\n\t" \ + "vpshufb %[BSWAP_EPI64], %%xmm13, %%xmm13\n\t" \ + "vpxor 0(%[KEY]), %%xmm13, %%xmm13\n\t" \ + VAESENC_AVX(%%xmm13) \ + "subq $32, %%rsp\n\t" \ + "xorl %%ecx, %%ecx\n\t" \ + "vmovdqu %%xmm13, (%%rsp)\n\t" \ + "vpxor %%xmm0, %%xmm0, %%xmm0\n\t" \ + "vmovdqu %%xmm0, 16(%%rsp)\n\t" \ + "\n" \ + "51:\n\t" \ + "movzbl (%[in]," VAR(KR64) ",1), %%r13d\n\t" \ + "movb %%r13b, 16(%%rsp,%%rcx,1)\n\t" \ + "xorb (%%rsp,%%rcx,1), %%r13b\n\t" \ + "movb %%r13b, (%[out]," VAR(KR64) ",1)\n\t" \ + "incl " VAR(KR) "\n\t" \ + "incl %%ecx\n\t" \ + "cmpl %%edx, " VAR(KR) "\n\t" \ + "jl 51b\n\t" \ + "53:\n\t" \ + "vmovdqu 16(%%rsp), %%xmm13\n\t" \ + "addq $32, %%rsp\n\t" \ + "vpshufb %[BSWAP_MASK], %%xmm13, %%xmm13\n\t" \ + "vpxor %%xmm13, " VAR(XR) ", " VAR(XR) "\n\t" \ + GHASH_GFMUL_RED_AVX2(XR, HR, XR) \ -#define CALC_TAG_AVX2() \ - "movl %[nbytes], %%edx\n\t" \ - "movl %[abytes], %%ecx\n\t" \ - "shlq $3, %%rdx\n\t" \ - "shlq $3, %%rcx\n\t" \ - "vpinsrq $0, %%rdx, %%xmm0, %%xmm0\n\t" \ - "vpinsrq $1, %%rcx, %%xmm0, %%xmm0\n\t" \ - "vpxor %%xmm0, "VAR(XR)", "VAR(XR)"\n\t" \ - GHASH_GFMUL_RED_AVX2(XR, HR, XR) \ - "vpshufb %[BSWAP_MASK], "VAR(XR)", "VAR(XR)"\n\t" \ - "vpxor "VAR(TR)", "VAR(XR)", %%xmm0\n\t" \ +#define CALC_TAG_AVX2() \ + "movl %[nbytes], %%edx\n\t" \ + "movl %[abytes], %%ecx\n\t" \ + "shlq $3, %%rdx\n\t" \ + "shlq $3, %%rcx\n\t" \ + "vpinsrq $0, %%rdx, %%xmm0, %%xmm0\n\t" \ + "vpinsrq $1, %%rcx, %%xmm0, %%xmm0\n\t" \ + "vpxor %%xmm0, " VAR(XR) ", " VAR(XR) "\n\t" \ + GHASH_GFMUL_RED_AVX2(XR, HR, XR) \ + "vpshufb %[BSWAP_MASK], " VAR(XR) ", " VAR(XR) "\n\t" \ + "vpxor " VAR(TR) ", " VAR(XR) ", %%xmm0\n\t" \ static void AES_GCM_encrypt_avx2(const unsigned char *in, unsigned char *out, @@ -6299,10 +6299,10 @@ static void AES_GCM_encrypt_avx2(const unsigned char *in, unsigned char *out, register unsigned int ivLen asm("ebx") = ibytes; __asm__ __volatile__ ( - "subq $"VAR(STACK_OFFSET)", %%rsp\n\t" + "subq $" VAR(STACK_OFFSET) ", %%rsp\n\t" /* Counter is xmm13 */ "vpxor %%xmm13, %%xmm13, %%xmm13\n\t" - "vpxor "VAR(XR)", "VAR(XR)", "VAR(XR)"\n\t" + "vpxor " VAR(XR) ", " VAR(XR) ", " VAR(XR) "\n\t" "movl %[ibytes], %%edx\n\t" "cmpl $12, %%edx\n\t" "jne 35f\n\t" @@ -6317,19 +6317,19 @@ static void AES_GCM_encrypt_avx2(const unsigned char *in, unsigned char *out, CALC_AAD_AVX2() "# Calculate counter and H\n\t" - "vpsrlq $63, "VAR(HR)", %%xmm5\n\t" - "vpsllq $1, "VAR(HR)", %%xmm4\n\t" + "vpsrlq $63, " VAR(HR) ", %%xmm5\n\t" + "vpsllq $1, " VAR(HR) ", %%xmm4\n\t" "vpslldq $8, %%xmm5, %%xmm5\n\t" "vpor %%xmm5, %%xmm4, %%xmm4\n\t" - "vpshufd $0xff, "VAR(HR)", "VAR(HR)"\n\t" - "vpsrad $31, "VAR(HR)", "VAR(HR)"\n\t" + "vpshufd $0xff, " VAR(HR) ", " VAR(HR) "\n\t" + "vpsrad $31, " VAR(HR) ", " VAR(HR) "\n\t" "vpshufb %[BSWAP_EPI64], %%xmm13, %%xmm13\n\t" - "vpand %[MOD2_128], "VAR(HR)", "VAR(HR)"\n\t" + "vpand %[MOD2_128], " VAR(HR) ", " VAR(HR) "\n\t" "vpaddd %[ONE], %%xmm13, %%xmm13\n\t" - "vpxor %%xmm4, "VAR(HR)", "VAR(HR)"\n\t" - "vmovdqu %%xmm13, "VAR(CTR1)"\n\t" + "vpxor %%xmm4, " VAR(HR) ", " VAR(HR) "\n\t" + "vmovdqu %%xmm13, " VAR(CTR1) "\n\t" - "xorl "VAR(KR)", "VAR(KR)"\n\t" + "xorl " VAR(KR) ", " VAR(KR) "\n\t" #if !defined(AES_GCM_AESNI_NO_UNROLL) && !defined(AES_GCM_AVX2_NO_UNROLL) "cmpl $128, %[nbytes]\n\t" @@ -6343,15 +6343,15 @@ static void AES_GCM_encrypt_avx2(const unsigned char *in, unsigned char *out, VAESENC_128() "cmpl $128, %%r13d\n\t" - "movl $128, "VAR(KR)"\n\t" + "movl $128, " VAR(KR) "\n\t" "jle 2f\n\t" "# More 128 bytes of input\n\t" "\n" "3:\n\t" VAESENC_128_GHASH_AVX2(%%rdx, 0) - "addl $128, "VAR(KR)"\n\t" - "cmpl %%r13d, "VAR(KR)"\n\t" + "addl $128, " VAR(KR) "\n\t" + "cmpl %%r13d, " VAR(KR) "\n\t" "jl 3b\n\t" "\n" "2:\n\t" @@ -6368,37 +6368,37 @@ static void AES_GCM_encrypt_avx2(const unsigned char *in, unsigned char *out, GHASH_GFMUL_RED_8_AVX2() - "vmovdqu 0("VAR(HTR)"), "VAR(HR)"\n\t" + "vmovdqu 0(" VAR(HTR) "), " VAR(HR) "\n\t" "\n" "5:\n\t" "movl %[nbytes], %%edx\n\t" - "cmpl %%edx, "VAR(KR)"\n\t" + "cmpl %%edx, " VAR(KR) "\n\t" "jge 55f\n\t" #endif "movl %[nbytes], %%r13d\n\t" "andl $0xfffffff0, %%r13d\n\t" - "cmpl %%r13d, "VAR(KR)"\n\t" + "cmpl %%r13d, " VAR(KR) "\n\t" "jge 14f\n\t" VAESENC_BLOCK_AVX2() - "addl $16, "VAR(KR)"\n\t" - "cmpl %%r13d, "VAR(KR)"\n\t" + "addl $16, " VAR(KR) "\n\t" + "cmpl %%r13d, " VAR(KR) "\n\t" "jge 13f\n\t" "vmovdqa %[MOD2_128], %%xmm0\n\t" "\n" "12:\n\t" - "vmovdqu (%[in],"VAR(KR64)",1), %%xmm9\n\t" - "vmovdqu "VAR(CTR1)", %%xmm5\n\t" + "vmovdqu (%[in]," VAR(KR64) ",1), %%xmm9\n\t" + "vmovdqu " VAR(CTR1) ", %%xmm5\n\t" "vpshufb %[BSWAP_EPI64], %%xmm5, %%xmm4\n\t" "vpaddd %[ONE], %%xmm5, %%xmm5\n\t" - "vmovdqu %%xmm5, "VAR(CTR1)"\n\t" + "vmovdqu %%xmm5, " VAR(CTR1) "\n\t" VAESENC_GFMUL_SB_AVX2(%%xmm9, HR, XR, CTR1) - "vmovdqu %%xmm4, (%[out],"VAR(KR64)",1)\n\t" + "vmovdqu %%xmm4, (%[out]," VAR(KR64) ",1)\n\t" "vpshufb %[BSWAP_MASK], %%xmm4, %%xmm4\n\t" - "addl $16, "VAR(KR)"\n\t" - "vpxor %%xmm4, "VAR(XR)", "VAR(XR)"\n\t" - "cmpl %%r13d, "VAR(KR)"\n\t" + "addl $16, " VAR(KR) "\n\t" + "vpxor %%xmm4, " VAR(XR) ", " VAR(XR) "\n\t" + "cmpl %%r13d, " VAR(KR) "\n\t" "jl 12b\n\t" "\n" "13:\n\t" @@ -6412,7 +6412,7 @@ static void AES_GCM_encrypt_avx2(const unsigned char *in, unsigned char *out, CALC_TAG_AVX2() STORE_TAG_AVX() - "addq $"VAR(STACK_OFFSET)", %%rsp\n\t" + "addq $" VAR(STACK_OFFSET) ", %%rsp\n\t" "vzeroupper\n\t" : @@ -6454,7 +6454,7 @@ static void AES_GCM_decrypt(const unsigned char *in, unsigned char *out, __asm__ __volatile__ ( "pushq %%rdx\n\t" - "subq $"VAR(STACK_OFFSET)", %%rsp\n\t" + "subq $" VAR(STACK_OFFSET) ", %%rsp\n\t" /* Counter is xmm13 */ "pxor %%xmm13, %%xmm13\n\t" "pxor %%xmm15, %%xmm15\n\t" @@ -6472,20 +6472,20 @@ static void AES_GCM_decrypt(const unsigned char *in, unsigned char *out, "# Calculate counter and H\n\t" "pshufb %[BSWAP_EPI64], %%xmm13\n\t" - "movdqa "VAR(HR)", %%xmm5\n\t" + "movdqa " VAR(HR) ", %%xmm5\n\t" "paddd %[ONE], %%xmm13\n\t" - "movdqa "VAR(HR)", %%xmm4\n\t" - "movdqu %%xmm13, "VAR(CTR1)"\n\t" + "movdqa " VAR(HR) ", %%xmm4\n\t" + "movdqu %%xmm13, " VAR(CTR1) "\n\t" "psrlq $63, %%xmm5\n\t" "psllq $1, %%xmm4\n\t" "pslldq $8, %%xmm5\n\t" "por %%xmm5, %%xmm4\n\t" - "pshufd $0xff, "VAR(HR)", "VAR(HR)"\n\t" - "psrad $31, "VAR(HR)"\n\t" - "pand %[MOD2_128], "VAR(HR)"\n\t" - "pxor %%xmm4, "VAR(HR)"\n\t" + "pshufd $0xff, " VAR(HR) ", " VAR(HR) "\n\t" + "psrad $31, " VAR(HR) "\n\t" + "pand %[MOD2_128], " VAR(HR) "\n\t" + "pxor %%xmm4, " VAR(HR) "\n\t" - "xorl "VAR(KR)", "VAR(KR)"\n\t" + "xorl " VAR(KR) ", " VAR(KR) "\n\t" #if !defined(AES_GCM_AESNI_NO_UNROLL) && !defined(AES_GCM_AVX1_NO_UNROLL) "cmpl $128, %[nbytes]\n\t" @@ -6498,33 +6498,33 @@ static void AES_GCM_decrypt(const unsigned char *in, unsigned char *out, "\n" "2:\n\t" AESENC_128_GHASH_AVX(%%rcx, 128) - "addl $128, "VAR(KR)"\n\t" - "cmpl %%r13d, "VAR(KR)"\n\t" + "addl $128, " VAR(KR) "\n\t" + "cmpl %%r13d, " VAR(KR) "\n\t" "jl 2b\n\t" - "movdqa %%xmm2, "VAR(XR)"\n\t" - "movdqu (%%rsp), "VAR(HR)"\n\t" + "movdqa %%xmm2, " VAR(XR) "\n\t" + "movdqu (%%rsp), " VAR(HR) "\n\t" "5:\n\t" "movl %[nbytes], %%edx\n\t" - "cmpl %%edx, "VAR(KR)"\n\t" + "cmpl %%edx, " VAR(KR) "\n\t" "jge 55f\n\t" #endif "movl %[nbytes], %%r13d\n\t" "andl $0xfffffff0, %%r13d\n\t" - "cmpl %%r13d, "VAR(KR)"\n\t" + "cmpl %%r13d, " VAR(KR) "\n\t" "jge 13f\n\t" "\n" "12:\n\t" - "leaq (%[in],"VAR(KR64)",1), %%rcx\n\t" - "leaq (%[out],"VAR(KR64)",1), %%rdx\n\t" + "leaq (%[in]," VAR(KR64) ",1), %%rcx\n\t" + "leaq (%[out]," VAR(KR64) ",1), %%rdx\n\t" "movdqu (%%rcx), %%xmm1\n\t" - "movdqa "VAR(HR)", %%xmm0\n\t" + "movdqa " VAR(HR) ", %%xmm0\n\t" "pshufb %[BSWAP_MASK], %%xmm1\n\t" - "pxor "VAR(XR)", %%xmm1\n\t" + "pxor " VAR(XR) ", %%xmm1\n\t" AESENC_GFMUL(%%rcx, %%rdx, %%xmm0, %%xmm1) - "addl $16, "VAR(KR)"\n\t" - "cmpl %%r13d, "VAR(KR)"\n\t" + "addl $16, " VAR(KR) "\n\t" + "cmpl %%r13d, " VAR(KR) "\n\t" "jl 12b\n\t" "\n" "13:\n\t" @@ -6534,7 +6534,7 @@ static void AES_GCM_decrypt(const unsigned char *in, unsigned char *out, "55:\n\t" CALC_TAG() - "addq $"VAR(STACK_OFFSET)", %%rsp\n\t" + "addq $" VAR(STACK_OFFSET) ", %%rsp\n\t" "popq %%rdx\n\t" CMP_TAG() @@ -6574,7 +6574,7 @@ static void AES_GCM_decrypt_avx1(const unsigned char *in, unsigned char *out, __asm__ __volatile__ ( "pushq %%rdx\n\t" - "subq $"VAR(STACK_OFFSET)", %%rsp\n\t" + "subq $" VAR(STACK_OFFSET) ", %%rsp\n\t" /* Counter is xmm13 */ "vpxor %%xmm13, %%xmm13, %%xmm13\n\t" "vpxor %%xmm15, %%xmm15, %%xmm15\n\t" @@ -6591,19 +6591,19 @@ static void AES_GCM_decrypt_avx1(const unsigned char *in, unsigned char *out, CALC_AAD_AVX1() "# Calculate counter and H\n\t" - "vpsrlq $63, "VAR(HR)", %%xmm5\n\t" - "vpsllq $1, "VAR(HR)", %%xmm4\n\t" + "vpsrlq $63, " VAR(HR) ", %%xmm5\n\t" + "vpsllq $1, " VAR(HR) ", %%xmm4\n\t" "vpslldq $8, %%xmm5, %%xmm5\n\t" "vpor %%xmm5, %%xmm4, %%xmm4\n\t" - "vpshufd $0xff, "VAR(HR)", "VAR(HR)"\n\t" - "vpsrad $31, "VAR(HR)", "VAR(HR)"\n\t" + "vpshufd $0xff, " VAR(HR) ", " VAR(HR) "\n\t" + "vpsrad $31, " VAR(HR) ", " VAR(HR) "\n\t" "vpshufb %[BSWAP_EPI64], %%xmm13, %%xmm13\n\t" - "vpand %[MOD2_128], "VAR(HR)", "VAR(HR)"\n\t" + "vpand %[MOD2_128], " VAR(HR) ", " VAR(HR) "\n\t" "vpaddd %[ONE], %%xmm13, %%xmm13\n\t" - "vpxor %%xmm4, "VAR(HR)", "VAR(HR)"\n\t" - "vmovdqu %%xmm13, "VAR(CTR1)"\n\t" + "vpxor %%xmm4, " VAR(HR) ", " VAR(HR) "\n\t" + "vmovdqu %%xmm13, " VAR(CTR1) "\n\t" - "xorl "VAR(KR)", "VAR(KR)"\n\t" + "xorl " VAR(KR) ", " VAR(KR) "\n\t" #if !defined(AES_GCM_AESNI_NO_UNROLL) && !defined(AES_GCM_AVX1_NO_UNROLL) "cmpl $128, %[nbytes]\n\t" @@ -6616,31 +6616,31 @@ static void AES_GCM_decrypt_avx1(const unsigned char *in, unsigned char *out, "\n" "2:\n\t" VAESENC_128_GHASH_AVX1(%%rcx, 128) - "addl $128, "VAR(KR)"\n\t" - "cmpl %%r13d, "VAR(KR)"\n\t" + "addl $128, " VAR(KR) "\n\t" + "cmpl %%r13d, " VAR(KR) "\n\t" "jl 2b\n\t" - "vmovdqa %%xmm2, "VAR(XR)"\n\t" - "vmovdqu (%%rsp), "VAR(HR)"\n\t" + "vmovdqa %%xmm2, " VAR(XR) "\n\t" + "vmovdqu (%%rsp), " VAR(HR) "\n\t" "5:\n\t" "movl %[nbytes], %%edx\n\t" - "cmpl %%edx, "VAR(KR)"\n\t" + "cmpl %%edx, " VAR(KR) "\n\t" "jge 55f\n\t" #endif "movl %[nbytes], %%r13d\n\t" "andl $0xfffffff0, %%r13d\n\t" - "cmpl %%r13d, "VAR(KR)"\n\t" + "cmpl %%r13d, " VAR(KR) "\n\t" "jge 13f\n\t" "\n" "12:\n\t" - "vmovdqu (%[in],"VAR(KR64)",1), %%xmm9\n\t" - "vmovdqa "VAR(HR)", %%xmm0\n\t" + "vmovdqu (%[in]," VAR(KR64) ",1), %%xmm9\n\t" + "vmovdqa " VAR(HR) ", %%xmm0\n\t" "vpshufb %[BSWAP_MASK], %%xmm9, %%xmm1\n\t" - "vpxor "VAR(XR)", %%xmm1, %%xmm1\n\t" + "vpxor " VAR(XR) ", %%xmm1, %%xmm1\n\t" VAESENC_GFMUL(%%xmm9, %%xmm0, %%xmm1) - "addl $16, "VAR(KR)"\n\t" - "cmpl %%r13d, "VAR(KR)"\n\t" + "addl $16, " VAR(KR) "\n\t" + "cmpl %%r13d, " VAR(KR) "\n\t" "jl 12b\n\t" "\n" "13:\n\t" @@ -6650,7 +6650,7 @@ static void AES_GCM_decrypt_avx1(const unsigned char *in, unsigned char *out, "55:\n\t" CALC_TAG_AVX1() - "addq $"VAR(STACK_OFFSET)", %%rsp\n\t" + "addq $" VAR(STACK_OFFSET) ", %%rsp\n\t" "popq %%rdx\n\t" CMP_TAG_AVX() "vzeroupper\n\t" @@ -6691,7 +6691,7 @@ static void AES_GCM_decrypt_avx2(const unsigned char *in, unsigned char *out, __asm__ __volatile__ ( "pushq %%rdx\n\t" - "subq $"VAR(STACK_OFFSET)", %%rsp\n\t" + "subq $" VAR(STACK_OFFSET) ", %%rsp\n\t" /* Counter is xmm13 */ "vpxor %%xmm13, %%xmm13, %%xmm13\n\t" "vpxor %%xmm15, %%xmm15, %%xmm15\n\t" @@ -6709,19 +6709,19 @@ static void AES_GCM_decrypt_avx2(const unsigned char *in, unsigned char *out, CALC_AAD_AVX2() "# Calculate counter and H\n\t" - "vpsrlq $63, "VAR(HR)", %%xmm5\n\t" - "vpsllq $1, "VAR(HR)", %%xmm4\n\t" + "vpsrlq $63, " VAR(HR) ", %%xmm5\n\t" + "vpsllq $1, " VAR(HR) ", %%xmm4\n\t" "vpslldq $8, %%xmm5, %%xmm5\n\t" "vpor %%xmm5, %%xmm4, %%xmm4\n\t" - "vpshufd $0xff, "VAR(HR)", "VAR(HR)"\n\t" - "vpsrad $31, "VAR(HR)", "VAR(HR)"\n\t" + "vpshufd $0xff, " VAR(HR) ", " VAR(HR) "\n\t" + "vpsrad $31, " VAR(HR) ", " VAR(HR) "\n\t" "vpshufb %[BSWAP_EPI64], %%xmm13, %%xmm13\n\t" - "vpand %[MOD2_128], "VAR(HR)", "VAR(HR)"\n\t" + "vpand %[MOD2_128], " VAR(HR) ", " VAR(HR) "\n\t" "vpaddd %[ONE], %%xmm13, %%xmm13\n\t" - "vpxor %%xmm4, "VAR(HR)", "VAR(HR)"\n\t" - "vmovdqu %%xmm13, "VAR(CTR1)"\n\t" + "vpxor %%xmm4, " VAR(HR) ", " VAR(HR) "\n\t" + "vmovdqu %%xmm13, " VAR(CTR1) "\n\t" - "xorl "VAR(KR)", "VAR(KR)"\n\t" + "xorl " VAR(KR) ", " VAR(KR) "\n\t" #if !defined(AES_GCM_AESNI_NO_UNROLL) && !defined(AES_GCM_AVX2_NO_UNROLL) "cmpl $128, %[nbytes]\n\t" @@ -6734,36 +6734,36 @@ static void AES_GCM_decrypt_avx2(const unsigned char *in, unsigned char *out, "\n" "2:\n\t" VAESENC_128_GHASH_AVX2(%%rcx, 128) - "addl $128, "VAR(KR)"\n\t" - "cmpl %%r13d, "VAR(KR)"\n\t" + "addl $128, " VAR(KR) "\n\t" + "cmpl %%r13d, " VAR(KR) "\n\t" "jl 2b\n\t" - "vmovdqa %%xmm2, "VAR(XR)"\n\t" - "vmovdqu (%%rsp), "VAR(HR)"\n\t" + "vmovdqa %%xmm2, " VAR(XR) "\n\t" + "vmovdqu (%%rsp), " VAR(HR) "\n\t" "5:\n\t" "movl %[nbytes], %%edx\n\t" - "cmpl %%edx, "VAR(KR)"\n\t" + "cmpl %%edx, " VAR(KR) "\n\t" "jge 55f\n\t" #endif "movl %[nbytes], %%r13d\n\t" "andl $0xfffffff0, %%r13d\n\t" - "cmpl %%r13d, "VAR(KR)"\n\t" + "cmpl %%r13d, " VAR(KR) "\n\t" "jge 13f\n\t" "vmovdqa %[MOD2_128], %%xmm0\n\t" "\n" "12:\n\t" - "vmovdqu (%[in],"VAR(KR64)",1), %%xmm9\n\t" - "vmovdqu "VAR(CTR1)", %%xmm5\n\t" + "vmovdqu (%[in]," VAR(KR64) ",1), %%xmm9\n\t" + "vmovdqu " VAR(CTR1) ", %%xmm5\n\t" "vpshufb %[BSWAP_MASK], %%xmm9, %%xmm1\n\t" "vpshufb %[BSWAP_EPI64], %%xmm5, %%xmm4\n\t" "vpaddd %[ONE], %%xmm5, %%xmm5\n\t" - "vpxor "VAR(XR)", %%xmm1, %%xmm1\n\t" - "vmovdqu %%xmm5, "VAR(CTR1)"\n\t" + "vpxor " VAR(XR) ", %%xmm1, %%xmm1\n\t" + "vmovdqu %%xmm5, " VAR(CTR1) "\n\t" VAESENC_GFMUL_SB_AVX2(%%xmm9, HR, %%xmm1, CTR1) - "vmovdqu %%xmm4, (%[out],"VAR(KR64)",1)\n\t" - "addl $16, "VAR(KR)"\n\t" - "cmpl %%r13d, "VAR(KR)"\n\t" + "vmovdqu %%xmm4, (%[out]," VAR(KR64) ",1)\n\t" + "addl $16, " VAR(KR) "\n\t" + "cmpl %%r13d, " VAR(KR) "\n\t" "jl 12b\n\t" "\n" "13:\n\t" @@ -6773,7 +6773,7 @@ static void AES_GCM_decrypt_avx2(const unsigned char *in, unsigned char *out, "55:\n\t" CALC_TAG_AVX2() - "addq $"VAR(STACK_OFFSET)", %%rsp\n\t" + "addq $" VAR(STACK_OFFSET) ", %%rsp\n\t" "popq %%rdx\n\t" CMP_TAG_AVX() "vzeroupper\n\t" diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c old mode 100755 new mode 100644 index fafaf3f21..b8eb7b864 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -502,7 +502,7 @@ char* GetSigName(int oid) { #if !defined(NO_DSA) || defined(HAVE_ECC) || \ (!defined(NO_RSA) && \ (defined(WOLFSSL_CERT_GEN) || \ - (defined(WOLFSSL_KEY_GEN) && !defined(HAVE_USER_RSA)))) + ((defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA)) && !defined(HAVE_USER_RSA)))) /* Set the DER/BER encoding of the ASN.1 INTEGER header. * * len Length of data to encode. @@ -526,7 +526,7 @@ static int SetASNInt(int len, byte firstByte, byte* output) #endif #if !defined(NO_DSA) || defined(HAVE_ECC) || defined(WOLFSSL_CERT_GEN) || \ - (defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) && !defined(HAVE_USER_RSA)) + ((defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA)) && !defined(NO_RSA) && !defined(HAVE_USER_RSA)) /* Set the DER/BER encoding of the ASN.1 INTEGER element with an mp_int. * The number is assumed to be positive. * @@ -646,6 +646,52 @@ int GetShortInt(const byte* input, word32* inOutIdx, int* number, word32 maxIdx) return *number; } + + +/* Set small integer, 32 bits or less. DER encoding with no leading 0s + * returns total amount written including ASN tag and length byte on success */ +static int SetShortInt(byte* input, word32* inOutIdx, word32 number, + word32 maxIdx) +{ + word32 idx = *inOutIdx; + word32 len = 0; + int i; + byte ar[MAX_LENGTH_SZ]; + + /* check for room for type and length bytes */ + if ((idx + 2) > maxIdx) + return BUFFER_E; + + input[idx++] = ASN_INTEGER; + idx++; /* place holder for length byte */ + if (MAX_LENGTH_SZ + idx > maxIdx) + return ASN_PARSE_E; + + /* find first non zero byte */ + XMEMSET(ar, 0, MAX_LENGTH_SZ); + c32toa(number, ar); + for (i = 0; i < MAX_LENGTH_SZ; i++) { + if (ar[i] != 0) { + break; + } + } + + /* handle case of 0 */ + if (i == MAX_LENGTH_SZ) { + input[idx++] = 0; len++; + } + + for (; i < MAX_LENGTH_SZ && idx < maxIdx; i++) { + input[idx++] = ar[i]; len++; + } + + /* jump back to beginning of input buffer using unaltered inOutIdx value + * and set number of bytes for integer, then update the index value */ + input[*inOutIdx + 1] = (byte)len; + *inOutIdx = idx; + + return len + 2; /* size of integer bytes plus ASN TAG and length byte */ +} #endif /* !NO_PWDBASED */ /* May not have one, not an error */ @@ -750,10 +796,10 @@ static int CheckBitString(const byte* input, word32* inOutIdx, int* len, /* RSA (with CertGen or KeyGen) OR ECC OR ED25519 (with CertGen or KeyGen) */ #if (!defined(NO_RSA) && !defined(HAVE_USER_RSA) && \ - (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN))) || \ + (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA))) || \ defined(HAVE_ECC) || \ (defined(HAVE_ED25519) && \ - (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN))) + (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA))) /* Set the DER/BER encoding of the ASN.1 BIT_STRING header. * @@ -2394,10 +2440,6 @@ static int CheckAlgo(int first, int second, int* id, int* version) return 0; #endif #ifndef NO_DES3 - case PBE_SHA1_DES: - *id = PBE_SHA1_DES; - *version = PKCS12v1; - return 0; case PBE_SHA1_DES3: *id = PBE_SHA1_DES3; *version = PKCS12v1; @@ -2595,11 +2637,9 @@ int UnTraditionalEnc(byte* key, word32 keySz, byte* out, word32* outSz, MAX_LENGTH_SZ + MAX_SHORT_SZ + 1) return BUFFER_E; - sz = SetAlgoID(id, out + inOutIdx, oidPBEType, 0); - totalSz += sz; inOutIdx += sz; - if (version == PKCS5v2) { WOLFSSL_MSG("PKCS5v2 Not supported yet\n"); + return ASN_VERSION_E; } if (salt == NULL || saltSz <= 0) { @@ -2624,6 +2664,7 @@ int UnTraditionalEnc(byte* key, word32 keySz, byte* out, word32* outSz, /* leave room for a sequence (contains salt and iterations int) */ inOutIdx += MAX_SEQ_SZ; sz = 0; + inOutIdx += MAX_ALGO_SZ; /* place salt in buffer */ out[inOutIdx++] = ASN_OCTET_STRING; sz++; @@ -2633,19 +2674,23 @@ int UnTraditionalEnc(byte* key, word32 keySz, byte* out, word32* outSz, inOutIdx += saltSz; sz += saltSz; /* place iteration count in buffer */ - out[inOutIdx++] = ASN_INTEGER; sz++; - out[inOutIdx++] = sizeof(word32); sz++; - out[inOutIdx++] = (itt >> 24) & 0xFF; - out[inOutIdx++] = (itt >> 16) & 0xFF; - out[inOutIdx++] = (itt >> 8 ) & 0xFF; - out[inOutIdx++] = itt & 0xFF; - sz += 4; + ret = SetShortInt(out, &inOutIdx, itt, *outSz); + if (ret < 0) { + return ret; + } + sz += (word32)ret; /* wind back index and set sequence then clean up buffer */ inOutIdx -= (sz + MAX_SEQ_SZ); tmpSz = SetSequence(sz, out + inOutIdx); XMEMMOVE(out + inOutIdx + tmpSz, out + inOutIdx + MAX_SEQ_SZ, sz); - inOutIdx += tmpSz + sz; totalSz += tmpSz + sz; + totalSz += tmpSz + sz; sz += tmpSz; + + /* add in algo ID */ + inOutIdx -= MAX_ALGO_SZ; + tmpSz = SetAlgoID(id, out + inOutIdx, oidPBEType, sz); + XMEMMOVE(out + inOutIdx + tmpSz, out + inOutIdx + MAX_ALGO_SZ, sz); + totalSz += tmpSz; inOutIdx += tmpSz + sz; /* octet string containing encrypted key */ out[inOutIdx++] = ASN_OCTET_STRING; totalSz++; @@ -3036,12 +3081,13 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz, tmpIdx += saltSz; /* place itteration setting in buffer */ - out[tmpIdx++] = ASN_INTEGER; - out[tmpIdx++] = sizeof(word32); - out[tmpIdx++] = (itt >> 24) & 0xFF; - out[tmpIdx++] = (itt >> 16) & 0xFF; - out[tmpIdx++] = (itt >> 8) & 0xFF; - out[tmpIdx++] = itt & 0xFF; + ret = SetShortInt(out, &tmpIdx, itt, *outSz); + if (ret < 0) { + #ifdef WOLFSSL_SMALL_STACK + XFREE(saltTmp, heap, DYNAMIC_TYPE_TMP_BUFFER); + #endif + return ret; + } /* rewind and place sequence */ sz = tmpIdx - inOutIdx - MAX_SEQ_SZ; @@ -5713,13 +5759,37 @@ static int DecodeAltNames(byte* input, int sz, DecodedCert* cert) } length -= (idx - lenStartIdx); + /* check that strLen at index is not past input buffer */ + if (strLen + (int)idx > sz) { + return BUFFER_E; + } + #ifndef WOLFSSL_NO_ASN_STRICT /* Verify RFC 5280 Sec 4.2.1.6 rule: "The name MUST NOT be a relative URI" */ - if (XSTRNCMP((const char*)&input[idx], "://", strLen + 1) != 0) { - WOLFSSL_MSG("\tAlt Name must be absolute URI"); - return ASN_ALT_NAME_E; + { + int i; + + /* skip past scheme (i.e http,ftp,...) finding first ':' char */ + for (i = 0; i < strLen; i++) { + if (input[idx + i] == ':') { + break; + } + if (input[idx + i] == '/') { + i = strLen; /* error, found relative path since '/' was + * encountered before ':'. Returning error + * value in next if statement. */ + } + } + + /* test if no ':' char was found and test that the next two + * chars are // to match the pattern "://" */ + if (i >= strLen - 2 || (input[idx + i + 1] != '/' || + input[idx + i + 2] != '/')) { + WOLFSSL_MSG("\tAlt Name must be absolute URI"); + return ASN_ALT_NAME_E; + } } #endif @@ -7244,6 +7314,11 @@ const char* const END_PUB_KEY = "-----END PUBLIC KEY-----"; const char* const BEGIN_EDDSA_PRIV = "-----BEGIN EDDSA PRIVATE KEY-----"; const char* const END_EDDSA_PRIV = "-----END EDDSA PRIVATE KEY-----"; #endif +#ifdef HAVE_CRL + const char *const BEGIN_CRL = "-----BEGIN X509 CRL-----"; + const char* const END_CRL = "-----END X509 CRL-----"; +#endif + int wc_PemGetHeaderFooter(int type, const char** header, const char** footer) @@ -7716,6 +7791,11 @@ int PemToDer(const unsigned char* buff, long longSz, int type, { header = BEGIN_EDDSA_PRIV; footer = END_EDDSA_PRIV; } else +#endif +#ifdef HAVE_CRL + if (type == CRL_TYPE) { + header = BEGIN_CRL; footer = END_CRL; + } else #endif { break; @@ -8176,7 +8256,7 @@ int wc_PemPubKeyToDer(const char* fileName, #if !defined(NO_RSA) && (defined(WOLFSSL_CERT_GEN) || \ - (defined(WOLFSSL_KEY_GEN) && !defined(HAVE_USER_RSA))) + ((defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA)) && !defined(HAVE_USER_RSA))) /* USER RSA ifdef portions used instead of refactor in consideration for possible fips build */ /* Write a public RSA key to output */ @@ -8316,6 +8396,85 @@ static int SetRsaPublicKey(byte* output, RsaKey* key, return idx; } + +int RsaPublicKeyDerSize(RsaKey* key, int with_header) +{ + byte* dummy = NULL; + byte seq[MAX_SEQ_SZ]; + byte bitString[1 + MAX_LENGTH_SZ + 1]; + int nSz; + int eSz; + int seqSz; + int bitStringSz; + int idx; + + if (key == NULL) + return BAD_FUNC_ARG; + + /* n */ + dummy = (byte*)XMALLOC(MAX_RSA_INT_SZ, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (dummy == NULL) + return MEMORY_E; + +#ifdef HAVE_USER_RSA + nSz = SetASNIntRSA(key->n, dummy); +#else + nSz = SetASNIntMP(&key->n, MAX_RSA_INT_SZ, dummy); +#endif + XFREE(dummy, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (nSz < 0) { + return nSz; + } + + /* e */ + dummy = (byte*)XMALLOC(MAX_RSA_E_SZ, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (dummy == NULL) { + XFREE(dummy, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + return MEMORY_E; + } + +#ifdef HAVE_USER_RSA + eSz = SetASNIntRSA(key->e, dummy); +#else + eSz = SetASNIntMP(&key->e, MAX_RSA_INT_SZ, dummy); +#endif + XFREE(dummy, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (eSz < 0) { + return eSz; + } + + seqSz = SetSequence(nSz + eSz, seq); + + /* headers */ + if (with_header) { + int algoSz; + dummy = (byte*)XMALLOC(MAX_RSA_INT_SZ, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (dummy == NULL) + return MEMORY_E; + + algoSz = SetAlgoID(RSAk, dummy, oidKeyType, 0); + bitStringSz = SetBitString(seqSz + nSz + eSz, 0, bitString); + + idx = SetSequence(nSz + eSz + seqSz + bitStringSz + algoSz, dummy); + XFREE(dummy, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + + /* algo */ + idx += algoSz; + /* bit string */ + idx += bitStringSz; + } + else + idx = 0; + + /* seq */ + idx += seqSz; + /* n */ + idx += nSz; + /* e */ + idx += eSz; + + return idx; +} #endif /* !NO_RSA && (WOLFSSL_CERT_GEN || (WOLFSSL_KEY_GEN && !HAVE_USER_RSA))) */ @@ -8428,8 +8587,9 @@ int wc_RsaKeyToDer(RsaKey* key, byte* output, word32 inLen) return outLen; } +#endif - +#if (defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA)) && !defined(NO_RSA) && !defined(HAVE_USER_RSA) /* Convert Rsa Public key to DER format, write to output (inLen), return bytes written */ int wc_RsaKeyToPublicDer(RsaKey* key, byte* output, word32 inLen) @@ -12226,29 +12386,38 @@ int wc_Ed25519PrivateKeyDecode(const byte* input, word32* inOutIdx, if (input == NULL || inOutIdx == NULL || key == NULL || inSz == 0) return BAD_FUNC_ARG; - if (GetSequence(input, inOutIdx, &length, inSz) < 0) - return ASN_PARSE_E; - endKeyIdx = *inOutIdx + length; + if (GetSequence(input, inOutIdx, &length, inSz) >= 0) { + endKeyIdx = *inOutIdx + length; - if (GetMyVersion(input, inOutIdx, &version, inSz) < 0) - return ASN_PARSE_E; - if (version != 0) { - WOLFSSL_MSG("Unrecognized version of ED25519 private key"); - return ASN_PARSE_E; + if (GetMyVersion(input, inOutIdx, &version, inSz) < 0) + return ASN_PARSE_E; + if (version != 0) { + WOLFSSL_MSG("Unrecognized version of ED25519 private key"); + return ASN_PARSE_E; + } + + if (GetAlgoId(input, inOutIdx, &oid, oidKeyType, inSz) < 0) + return ASN_PARSE_E; + if (oid != ED25519k) + return ASN_PARSE_E; + + if (GetOctetString(input, inOutIdx, &length, inSz) < 0) + return ASN_PARSE_E; + + if (GetOctetString(input, inOutIdx, &privSz, inSz) < 0) + return ASN_PARSE_E; + + priv = input + *inOutIdx; + *inOutIdx += privSz; } + else { + if (GetOctetString(input, inOutIdx, &privSz, inSz) < 0) + return ASN_PARSE_E; - if (GetAlgoId(input, inOutIdx, &oid, oidKeyType, inSz) < 0) - return ASN_PARSE_E; - if (oid != ED25519k) - return ASN_PARSE_E; - - if (GetOctetString(input, inOutIdx, &length, inSz) < 0) - return ASN_PARSE_E; - - if (GetOctetString(input, inOutIdx, &privSz, inSz) < 0) - return ASN_PARSE_E; - priv = input + *inOutIdx; - *inOutIdx += privSz; + priv = input + *inOutIdx; + *inOutIdx += privSz; + endKeyIdx = *inOutIdx; + } if (endKeyIdx == (int)*inOutIdx) { ret = wc_ed25519_import_private_only(priv, privSz, key); diff --git a/wolfcrypt/src/blake2b.c b/wolfcrypt/src/blake2b.c index 2c99c2a75..d043da8a2 100644 --- a/wolfcrypt/src/blake2b.c +++ b/wolfcrypt/src/blake2b.c @@ -422,6 +422,9 @@ int main( int argc, char **argv ) /* Init Blake2b digest, track size in case final doesn't want to "remember" */ int wc_InitBlake2b(Blake2b* b2b, word32 digestSz) { + if (b2b == NULL){ + return -1; + } b2b->digestSz = digestSz; return blake2b_init(b2b->S, (byte)digestSz); diff --git a/wolfcrypt/src/cryptodev.c b/wolfcrypt/src/cryptodev.c new file mode 100644 index 000000000..80179e0e1 --- /dev/null +++ b/wolfcrypt/src/cryptodev.c @@ -0,0 +1,207 @@ +/* cryptodev.c + * + * Copyright (C) 2006-2018 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +/* This framework provides a central place for crypto hardware integration + using the devId scheme. If not supported return `NOT_COMPILED_IN`. */ + +#ifdef HAVE_CONFIG_H + #include +#endif + +#include + +#ifdef WOLF_CRYPTO_DEV + +#include +#include +#include + + +/* TODO: Consider linked list with mutex */ +#ifndef MAX_CRYPTO_DEVICES +#define MAX_CRYPTO_DEVICES 8 +#endif + +typedef struct CryptoDev { + int devId; + CryptoDevCallbackFunc cb; + void* ctx; +} CryptoDev; +static CryptoDev gCryptoDev[MAX_CRYPTO_DEVICES]; + +static CryptoDev* wc_CryptoDev_FindDevice(int devId) +{ + int i; + for (i=0; idevId = devId; + dev->cb = cb; + dev->ctx = ctx; + + return 0; +} + +void wc_CryptoDev_UnRegisterDevice(int devId) +{ + CryptoDev* dev = wc_CryptoDev_FindDevice(devId); + if (dev) { + XMEMSET(dev, 0, sizeof(*dev)); + dev->devId = INVALID_DEVID; + } +} + +#ifndef NO_RSA +int wc_CryptoDev_Rsa(const byte* in, word32 inLen, byte* out, + word32* outLen, int type, RsaKey* key, WC_RNG* rng) +{ + int ret = NOT_COMPILED_IN; + CryptoDev* dev; + + /* locate registered callback */ + dev = wc_CryptoDev_FindDevice(key->devId); + if (dev) { + if (dev->cb) { + wc_CryptoInfo cryptoInfo; + XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo)); + cryptoInfo.algo_type = WC_ALGO_TYPE_PK; + cryptoInfo.pk.type = WC_PK_TYPE_RSA; + cryptoInfo.pk.rsa.in = in; + cryptoInfo.pk.rsa.inLen = inLen; + cryptoInfo.pk.rsa.out = out; + cryptoInfo.pk.rsa.outLen = outLen; + cryptoInfo.pk.rsa.type = type; + cryptoInfo.pk.rsa.key = key; + cryptoInfo.pk.rsa.rng = rng; + + ret = dev->cb(key->devId, &cryptoInfo, dev->ctx); + } + } + + return ret; +} +#endif /* !NO_RSA */ + +#ifdef HAVE_ECC +int wc_CryptoDev_Ecdh(ecc_key* private_key, ecc_key* public_key, + byte* out, word32* outlen) +{ + int ret = NOT_COMPILED_IN; + CryptoDev* dev; + + /* locate registered callback */ + dev = wc_CryptoDev_FindDevice(private_key->devId); + if (dev) { + if (dev->cb) { + wc_CryptoInfo cryptoInfo; + XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo)); + cryptoInfo.algo_type = WC_ALGO_TYPE_PK; + cryptoInfo.pk.type = WC_PK_TYPE_ECDH; + cryptoInfo.pk.ecdh.private_key = private_key; + cryptoInfo.pk.ecdh.public_key = public_key; + cryptoInfo.pk.ecdh.out = out; + cryptoInfo.pk.ecdh.outlen = outlen; + + ret = dev->cb(private_key->devId, &cryptoInfo, dev->ctx); + } + } + + return ret; +} + +int wc_CryptoDev_EccSign(const byte* in, word32 inlen, byte* out, + word32 *outlen, WC_RNG* rng, ecc_key* key) +{ + int ret = NOT_COMPILED_IN; + CryptoDev* dev; + + /* locate registered callback */ + dev = wc_CryptoDev_FindDevice(key->devId); + if (dev) { + if (dev->cb) { + wc_CryptoInfo cryptoInfo; + XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo)); + cryptoInfo.algo_type = WC_ALGO_TYPE_PK; + cryptoInfo.pk.type = WC_PK_TYPE_ECDSA_SIGN; + cryptoInfo.pk.eccsign.in = in; + cryptoInfo.pk.eccsign.inlen = inlen; + cryptoInfo.pk.eccsign.out = out; + cryptoInfo.pk.eccsign.outlen = outlen; + cryptoInfo.pk.eccsign.rng = rng; + cryptoInfo.pk.eccsign.key = key; + + ret = dev->cb(key->devId, &cryptoInfo, dev->ctx); + } + } + + return ret; +} + +int wc_CryptoDev_EccVerify(const byte* sig, word32 siglen, + const byte* hash, word32 hashlen, int* res, ecc_key* key) +{ + int ret = NOT_COMPILED_IN; + CryptoDev* dev; + + /* locate registered callback */ + dev = wc_CryptoDev_FindDevice(key->devId); + if (dev) { + if (dev->cb) { + wc_CryptoInfo cryptoInfo; + XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo)); + cryptoInfo.algo_type = WC_ALGO_TYPE_PK; + cryptoInfo.pk.type = WC_PK_TYPE_ECDSA_VERIFY; + cryptoInfo.pk.eccverify.sig = sig; + cryptoInfo.pk.eccverify.siglen = siglen; + cryptoInfo.pk.eccverify.hash = hash; + cryptoInfo.pk.eccverify.hashlen = hashlen; + cryptoInfo.pk.eccverify.res = res; + cryptoInfo.pk.eccverify.key = key; + + ret = dev->cb(key->devId, &cryptoInfo, dev->ctx); + } + } + + return ret; +} +#endif /* HAVE_ECC */ + +#endif /* WOLF_CRYPTO_DEV */ diff --git a/wolfcrypt/src/dh.c b/wolfcrypt/src/dh.c index 21508c19d..dd7f9e2ae 100644 --- a/wolfcrypt/src/dh.c +++ b/wolfcrypt/src/dh.c @@ -614,8 +614,7 @@ static int GeneratePrivateDh186(DhKey* key, WC_RNG* rng, byte* priv, int qSz, pSz, cSz, err; mp_int tmpQ, tmpX; - if (key == NULL || rng == NULL || priv == NULL || privSz == NULL) - return BAD_FUNC_ARG; + /* Parameters validated in calling functions. */ if (mp_iszero(&key->q) == MP_YES) { WOLFSSL_MSG("DH q parameter needed for FIPS 186-4 key generation"); @@ -649,14 +648,8 @@ static int GeneratePrivateDh186(DhKey* key, WC_RNG* rng, byte* priv, * Hash_DRBG uses SHA-256 which matches maximum * requested_security_strength of (L,N) */ err = wc_RNG_GenerateBlock(rng, cBuf, cSz); - if (err != MP_OKAY) { - mp_clear(&tmpX); - mp_clear(&tmpQ); - XFREE(cBuf, key->heap, DYNAMIC_TYPE_TMP_BUFFER); - return err; - } - - err = mp_read_unsigned_bin(&tmpX, cBuf, cSz); + if (err == MP_OKAY) + err = mp_read_unsigned_bin(&tmpX, cBuf, cSz); if (err != MP_OKAY) { mp_clear(&tmpX); mp_clear(&tmpQ); @@ -1166,57 +1159,71 @@ int wc_DhAgree(DhKey* key, byte* agree, word32* agreeSz, const byte* priv, int wc_DhSetKey_ex(DhKey* key, const byte* p, word32 pSz, const byte* g, word32 gSz, const byte* q, word32 qSz) { + int ret = 0; + mp_int* keyP = NULL; + mp_int* keyG = NULL; + mp_int* keyQ = NULL; + if (key == NULL || p == NULL || g == NULL || pSz == 0 || gSz == 0) { - return BAD_FUNC_ARG; + ret = BAD_FUNC_ARG; } - /* may have leading 0 */ - if (p[0] == 0) { - pSz--; p++; - } - - if (g[0] == 0) { - gSz--; g++; - } - - if (q != NULL) { - if (q[0] == 0) { - qSz--; q++; + if (ret == 0) { + /* may have leading 0 */ + if (p[0] == 0) { + pSz--; p++; } - } - if (mp_init(&key->p) != MP_OKAY) - return MP_INIT_E; - if (mp_read_unsigned_bin(&key->p, p, pSz) != 0) { - mp_clear(&key->p); - return ASN_DH_KEY_E; - } - - if (mp_init(&key->g) != MP_OKAY) { - mp_clear(&key->p); - return MP_INIT_E; - } - if (mp_read_unsigned_bin(&key->g, g, gSz) != 0) { - mp_clear(&key->g); - mp_clear(&key->p); - return ASN_DH_KEY_E; - } - - if (q != NULL) { - if (mp_init(&key->q) != MP_OKAY) { - mp_clear(&key->g); - mp_clear(&key->p); - return MP_INIT_E; + if (g[0] == 0) { + gSz--; g++; } - if (mp_read_unsigned_bin(&key->q, q, qSz) != 0) { - mp_clear(&key->g); - mp_clear(&key->p); - mp_clear(&key->q); - return MP_INIT_E; + + if (q != NULL) { + if (q[0] == 0) { + qSz--; q++; + } } + + if (mp_init(&key->p) != MP_OKAY) + ret = MP_INIT_E; } - return 0; + if (ret == 0) { + if (mp_read_unsigned_bin(&key->p, p, pSz) != MP_OKAY) + ret = ASN_DH_KEY_E; + else + keyP = &key->p; + } + if (ret == 0 && mp_init(&key->g) != MP_OKAY) + ret = MP_INIT_E; + if (ret == 0) { + if (mp_read_unsigned_bin(&key->g, g, gSz) != MP_OKAY) + ret = ASN_DH_KEY_E; + else + keyG = &key->g; + } + + if (ret == 0 && q != NULL) { + if (mp_init(&key->q) != MP_OKAY) + ret = MP_INIT_E; + } + if (ret == 0 && q != NULL) { + if (mp_read_unsigned_bin(&key->q, q, qSz) != MP_OKAY) + ret = MP_INIT_E; + else + keyQ = &key->q; + } + + if (ret != 0 && key != NULL) { + if (keyQ) + mp_clear(keyQ); + if (keyG) + mp_clear(keyG); + if (keyP) + mp_clear(keyP); + } + + return ret; } diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c old mode 100755 new mode 100644 index 9801a51c5..6bfd21058 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -122,6 +122,10 @@ ECC Curve Sizes: #include #endif +#ifdef WOLF_CRYPTO_DEV + #include +#endif + #ifdef NO_INLINE #include #else @@ -2793,6 +2797,14 @@ int wc_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out, return BAD_FUNC_ARG; } +#ifdef WOLF_CRYPTO_DEV + if (private_key->devId != INVALID_DEVID) { + err = wc_CryptoDev_Ecdh(private_key, public_key, out, outlen); + if (err != NOT_COMPILED_IN) + return err; + } +#endif + /* type valid? */ if (private_key->type != ECC_PRIVATEKEY && private_key->type != ECC_PRIVATEKEY_ONLY) { @@ -3127,12 +3139,6 @@ static int wc_ecc_gen_k(WC_RNG* rng, int size, mp_int* k, mp_int* order) if (err == 0) err = mp_read_unsigned_bin(k, (byte*)buf, size); - /* quick sanity check to make sure we're not dealing with a 0 key */ - if (err == MP_OKAY) { - if (mp_iszero(k) == MP_YES) - err = MP_ZERO_E; - } - /* the key should be smaller than the order of base point */ if (err == MP_OKAY) { if (mp_cmp(k, order) != MP_LT) { @@ -3140,6 +3146,12 @@ static int wc_ecc_gen_k(WC_RNG* rng, int size, mp_int* k, mp_int* order) } } + /* quick sanity check to make sure we're not dealing with a 0 key */ + if (err == MP_OKAY) { + if (mp_iszero(k) == MP_YES) + err = MP_ZERO_E; + } + ForceZero(buf, ECC_MAXSIZE); #ifdef WOLFSSL_SMALL_STACK XFREE(buf, NULL, DYNAMIC_TYPE_ECC_BUFFER); @@ -3495,8 +3507,10 @@ int wc_ecc_init_ex(ecc_key* key, void* heap, int devId) XMEMSET(key, 0, sizeof(ecc_key)); key->state = ECC_STATE_NONE; -#ifdef PLUTON_CRYPTO_ECC +#if defined(PLUTON_CRYPTO_ECC) || defined(WOLF_CRYPTO_DEV) key->devId = devId; +#else + (void)devId; #endif #ifdef WOLFSSL_ATECC508A @@ -3532,8 +3546,6 @@ int wc_ecc_init_ex(ecc_key* key, void* heap, int devId) /* handle as async */ ret = wolfAsync_DevCtxInit(&key->asyncDev, WOLFSSL_ASYNC_MARKER_ECC, key->heap, devId); -#else - (void)devId; #endif return ret; @@ -3641,6 +3653,14 @@ int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen, return ECC_BAD_ARG_E; } +#ifdef WOLF_CRYPTO_DEV + if (key->devId != INVALID_DEVID) { + err = wc_CryptoDev_EccSign(in, inlen, out, outlen, rng, key); + if (err != NOT_COMPILED_IN) + return err; + } +#endif + #ifdef WOLFSSL_ASYNC_CRYPT err = wc_ecc_alloc_async(key); if (err != 0) @@ -3904,20 +3924,40 @@ int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, WC_RNG* rng, /* don't use async for key, since we don't support async return here */ if ((err = wc_ecc_init_ex(&pubkey, key->heap, INVALID_DEVID)) == MP_OKAY) { + mp_int b; + + if (err == MP_OKAY) { + err = mp_init(&b); + } + #ifdef WOLFSSL_CUSTOM_CURVES /* if custom curve, apply params to pubkey */ - if (key->idx == ECC_CUSTOM_IDX) { + if (err == MP_OKAY && key->idx == ECC_CUSTOM_IDX) { err = wc_ecc_set_custom_curve(&pubkey, key->dp); } #endif + if (err == MP_OKAY) { + /* Generate blinding value - non-zero value. */ + do { + if (++loop_check > 64) { + err = RNG_FAILURE_E; + break; + } + + err = wc_ecc_gen_k(rng, key->dp->size, &b, curve->order); + } + while (err == MP_ZERO_E); + loop_check = 0; + } + for (; err == MP_OKAY;) { if (++loop_check > 64) { err = RNG_FAILURE_E; break; } err = wc_ecc_make_key_ex(rng, key->dp->size, &pubkey, - key->dp->id); + key->dp->id); if (err != MP_OKAY) break; /* find r = x1 mod n */ @@ -3933,30 +3973,50 @@ int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, WC_RNG* rng, mp_forcezero(&pubkey.k); } else { - /* find s = (e + xr)/k */ + /* find s = (e + xr)/k + = b.(e/k.b + x.r/k.b) */ + + /* k = k.b */ + err = mp_mulmod(&pubkey.k, &b, curve->order, &pubkey.k); + if (err != MP_OKAY) break; + + /* k = 1/k.b */ err = mp_invmod(&pubkey.k, curve->order, &pubkey.k); if (err != MP_OKAY) break; - /* s = xr */ + /* s = x.r */ err = mp_mulmod(&key->k, r, curve->order, s); if (err != MP_OKAY) break; - /* s = e + xr */ + /* s = x.r/k.b */ + err = mp_mulmod(&pubkey.k, s, curve->order, s); + if (err != MP_OKAY) break; + + /* e = e/k.b */ + err = mp_mulmod(&pubkey.k, e, curve->order, e); + if (err != MP_OKAY) break; + + /* s = e/k.b + x.r/k.b + = (e + x.r)/k.b */ err = mp_add(e, s, s); if (err != MP_OKAY) break; - /* s = e + xr */ - err = mp_mod(s, curve->order, s); + /* s = b.(e + x.r)/k.b + = (e + x.r)/k */ + err = mp_mulmod(s, &b, curve->order, s); if (err != MP_OKAY) break; /* s = (e + xr)/k */ - err = mp_mulmod(s, &pubkey.k, curve->order, s); + err = mp_mod(s, curve->order, s); + if (err != MP_OKAY) break; if (mp_iszero(s) == MP_NO) break; } } wc_ecc_free(&pubkey); + mp_clear(&b); + mp_free(&b); } } @@ -4291,6 +4351,14 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash, return ECC_BAD_ARG_E; } +#ifdef WOLF_CRYPTO_DEV + if (key->devId != INVALID_DEVID) { + err = wc_CryptoDev_EccVerify(sig, siglen, hash, hashlen, res, key); + if (err != NOT_COMPILED_IN) + return err; + } +#endif + #ifdef WOLFSSL_ASYNC_CRYPT err = wc_ecc_alloc_async(key); if (err != 0) @@ -4325,6 +4393,13 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash, key->state = ECC_STATE_VERIFY_DO; err = wc_ecc_verify_hash_ex(r, s, hash, hashlen, res, key); + + #ifndef WOLFSSL_ASYNC_CRYPT + /* done with R/S */ + mp_clear(r); + mp_clear(s); + #endif + if (err < 0) { break; } @@ -4333,10 +4408,6 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash, case ECC_STATE_VERIFY_RES: key->state = ECC_STATE_VERIFY_RES; err = 0; - - /* done with R/S */ - mp_clear(r); - mp_clear(s); break; default: diff --git a/wolfcrypt/src/ed25519.c b/wolfcrypt/src/ed25519.c index 633eb5c07..12d784347 100644 --- a/wolfcrypt/src/ed25519.c +++ b/wolfcrypt/src/ed25519.c @@ -90,6 +90,8 @@ int wc_ed25519_make_key(WC_RNG* rng, int keySz, ed25519_key* key) /* put public key after private key, on the same buffer */ XMEMMOVE(key->k + ED25519_KEY_SIZE, key->p, ED25519_PUB_KEY_SIZE); + key->pubKeySet = 1; + return ret; } @@ -121,6 +123,8 @@ int wc_ed25519_sign_msg(const byte* in, word32 inlen, byte* out, /* sanity check on arguments */ if (in == NULL || out == NULL || outLen == NULL || key == NULL) return BAD_FUNC_ARG; + if (!key->pubKeySet) + return BAD_FUNC_ARG; /* check and set up out length */ if (*outLen < ED25519_SIG_SIZE) { @@ -370,6 +374,7 @@ int wc_ed25519_import_public(const byte* in, word32 inLen, ed25519_key* key) pubKey.Y = key->pointY; LTC_PKHA_Ed25519_PointDecompress(key->p, ED25519_PUB_KEY_SIZE, &pubKey); #endif + key->pubKeySet = 1; return 0; } @@ -389,6 +394,8 @@ int wc_ed25519_import_public(const byte* in, word32 inLen, ed25519_key* key) ret = ge_compress_key(key->p, in+1, in+1+ED25519_PUB_KEY_SIZE, ED25519_PUB_KEY_SIZE); #endif /* FREESCALE_LTC_ECC */ + if (ret == 0) + key->pubKeySet = 1; return ret; } @@ -403,6 +410,7 @@ int wc_ed25519_import_public(const byte* in, word32 inLen, ed25519_key* key) pubKey.Y = key->pointY; LTC_PKHA_Ed25519_PointDecompress(key->p, ED25519_PUB_KEY_SIZE, &pubKey); #endif + key->pubKeySet = 1; return 0; } diff --git a/wolfcrypt/src/fe_low_mem.c b/wolfcrypt/src/fe_low_mem.c index f85181822..de0b4464a 100644 --- a/wolfcrypt/src/fe_low_mem.c +++ b/wolfcrypt/src/fe_low_mem.c @@ -56,9 +56,9 @@ void lm_copy(byte* x, const byte* a) } #if ((defined(HAVE_CURVE25519) && !defined(CURVE25519_SMALL)) || \ - (defined(HAVE_ED25519) && !defined(ED25519_SMALL))) && \ - !defined(FREESCALE_LTC_ECC) - /* to be Complementary to fe_operations.c */ + (defined(HAVE_ED25519) && !defined(ED25519_SMALL))) && \ + !defined(FREESCALE_LTC_ECC) + /* to be Complementary to fe_low_mem.c */ #else void fe_init() { diff --git a/wolfcrypt/src/hash.c b/wolfcrypt/src/hash.c index bd17034bb..f3ee7a2ca 100644 --- a/wolfcrypt/src/hash.c +++ b/wolfcrypt/src/hash.c @@ -48,14 +48,26 @@ enum Hash_Sum { }; #endif /* !NO_ASN */ +#ifdef HAVE_SELFTEST +enum { + /* CAVP selftest includes these in hmac.h instead of sha3.h, + copied here for that build */ + WC_SHA3_224_BLOCK_SIZE = 144, + WC_SHA3_256_BLOCK_SIZE = 136, + WC_SHA3_384_BLOCK_SIZE = 104, + WC_SHA3_512_BLOCK_SIZE = 72, +}; +#endif + /* function converts int hash type to enum */ enum wc_HashType wc_HashTypeConvert(int hashType) { /* Default to hash type none as error */ enum wc_HashType eHashType = WC_HASH_TYPE_NONE; -#ifdef HAVE_FIPS - /* original FIPSv1 requires a mapping for unique hash type to wc_HashType */ +#if defined(HAVE_FIPS) || defined(HAVE_SELFTEST) + /* original FIPSv1 and CAVP selftest require a mapping for unique hash + type to wc_HashType */ switch (hashType) { #ifndef NO_MD5 case WC_MD5: @@ -182,7 +194,7 @@ enum wc_HashType wc_OidGetHash(int oid) #endif break; case SHA224h: - #if defined(WOLFSSL_SHA224) + #ifdef WOLFSSL_SHA224 hash_type = WC_HASH_TYPE_SHA224; #endif break; @@ -247,7 +259,7 @@ int wc_HashGetDigestSize(enum wc_HashType hash_type) #endif break; case WC_HASH_TYPE_SHA384: - #if defined(WOLFSSL_SHA512) && defined(WOLFSSL_SHA384) + #ifdef WOLFSSL_SHA384 dig_size = WC_SHA384_DIGEST_SIZE; #endif break; diff --git a/wolfcrypt/src/include.am b/wolfcrypt/src/include.am index 315388e12..cf181f82f 100644 --- a/wolfcrypt/src/include.am +++ b/wolfcrypt/src/include.am @@ -63,6 +63,10 @@ EXTRA_DIST += wolfcrypt/src/port/ti/ti-aes.c \ wolfcrypt/src/port/caam/caam_doc.pdf \ wolfcrypt/src/port/st/stm32.c +if BUILD_CRYPTODEV +src_libwolfssl_la_SOURCES += wolfcrypt/src/cryptodev.c +endif + if BUILD_CAVIUM src_libwolfssl_la_SOURCES += wolfcrypt/src/port/cavium/cavium_nitrox.c diff --git a/wolfcrypt/src/logging.c b/wolfcrypt/src/logging.c index 0fdab2654..cc7d1545c 100644 --- a/wolfcrypt/src/logging.c +++ b/wolfcrypt/src/logging.c @@ -711,7 +711,7 @@ int wc_ERR_remove_state(void) #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) /* empties out the error queue into the file */ -void wc_ERR_print_errors_fp(FILE* fp) +void wc_ERR_print_errors_fp(XFILE fp) { WOLFSSL_ENTER("wc_ERR_print_errors_fp"); diff --git a/wolfcrypt/src/misc.c b/wolfcrypt/src/misc.c index 484ffd501..f5017e356 100644 --- a/wolfcrypt/src/misc.c +++ b/wolfcrypt/src/misc.c @@ -199,13 +199,22 @@ STATIC INLINE void xorbuf(void* buf, const void* mask, word32 count) STATIC INLINE void ForceZero(const void* mem, word32 len) { volatile byte* z = (volatile byte*)mem; + #if defined(WOLFSSL_X86_64_BUILD) && defined(WORD64_AVAILABLE) volatile word64* w; + #ifndef WOLFSSL_UNALIGNED_64BIT_ACCESS + word32 l = (sizeof(word64) - ((size_t)z & (sizeof(word64)-1))) & + (sizeof(word64)-1); + if (len < l) l = len; + len -= l; + while (l--) *z++ = 0; + #endif for (w = (volatile word64*)z; len >= sizeof(*w); len -= sizeof(*w)) *w++ = 0; z = (volatile byte*)w; #endif + while (len--) *z++ = 0; } @@ -292,7 +301,7 @@ STATIC INLINE void ato16(const byte* c, word16* wc_u16) /* convert opaque to 32 bit integer */ STATIC INLINE void ato32(const byte* c, word32* wc_u32) { - *wc_u32 = (c[0] << 24) | (c[1] << 16) | (c[2] << 8) | c[3]; + *wc_u32 = ((word32)c[0] << 24) | (c[1] << 16) | (c[2] << 8) | c[3]; } @@ -302,6 +311,48 @@ STATIC INLINE word32 btoi(byte b) } +/* Constant time - mask set when a > b. */ +STATIC INLINE byte ctMaskGT(int a, int b) +{ + return (((word32)a - b - 1) >> 31) - 1; +} + +/* Constant time - mask set when a >= b. */ +STATIC INLINE byte ctMaskGTE(int a, int b) +{ + return (((word32)a - b ) >> 31) - 1; +} + +/* Constant time - mask set when a < b. */ +STATIC INLINE byte ctMaskLT(int a, int b) +{ + return (((word32)b - a - 1) >> 31) - 1; +} + +/* Constant time - mask set when a <= b. */ +STATIC INLINE byte ctMaskLTE(int a, int b) +{ + return (((word32)b - a ) >> 31) - 1; +} + +/* Constant time - mask set when a == b. */ +STATIC INLINE byte ctMaskEq(int a, int b) +{ + return 0 - (a == b); +} + +/* Constant time - select b when mask is set and a otherwise. */ +STATIC INLINE byte ctMaskSel(byte m, byte a, byte b) +{ + return (a & ~m) | (b & m); +} + +/* Constant time - bit set when a <= b. */ +STATIC INLINE byte ctSetLTE(int a, int b) +{ + return ((word32)a - b - 1) >> 31; +} + #undef STATIC diff --git a/wolfcrypt/src/pkcs12.c b/wolfcrypt/src/pkcs12.c index 80f80d5c5..aebf2ed58 100644 --- a/wolfcrypt/src/pkcs12.c +++ b/wolfcrypt/src/pkcs12.c @@ -1150,7 +1150,7 @@ static int wc_PKCS12_shroud_key(WC_PKCS12* pkcs12, WC_RNG* rng, { void* heap; word32 tmpIdx = 0; - int vPKCS = 1; /* PKCS#12 is always set to 1 */ + int vPKCS = 1; /* PKCS#12 default set to 1 */ word32 sz; word32 totalSz = 0; int ret; @@ -1190,6 +1190,11 @@ static int wc_PKCS12_shroud_key(WC_PKCS12* pkcs12, WC_RNG* rng, else { WOLFSSL_MSG("creating PKCS12 Shrouded Key Bag"); + if (vAlgo == PBE_SHA1_DES) { + vPKCS = PKCS5; + vAlgo = 10; + } + ret = UnTraditionalEnc(key, keySz, out + tmpIdx, &sz, pass, passSz, vPKCS, vAlgo, NULL, 0, itt, rng, heap); } diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c index 807d90e00..5e7af23da 100644 --- a/wolfcrypt/src/pkcs7.c +++ b/wolfcrypt/src/pkcs7.c @@ -247,8 +247,8 @@ int wc_PKCS7_Init(PKCS7* pkcs7, void* heap, int devId) XMEMSET(pkcs7, 0, sizeof(PKCS7)); pkcs7->heap = heap; + pkcs7->devId = devId; - (void)devId; /* silence unused warning */ return 0; } @@ -259,7 +259,7 @@ int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* cert, word32 certSz) { int ret = 0; void* heap; - + int devId; if (pkcs7 == NULL || (cert == NULL && certSz != 0)) { return BAD_FUNC_ARG; @@ -270,9 +270,11 @@ int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* cert, word32 certSz) #else heap = pkcs7->heap; #endif + devId = pkcs7->devId; XMEMSET(pkcs7, 0, sizeof(PKCS7)); pkcs7->heap = heap; + pkcs7->devId = devId; if (cert != NULL && certSz > 0) { #ifdef WOLFSSL_SMALL_STACK @@ -590,9 +592,9 @@ static int wc_PKCS7_RsaSign(PKCS7* pkcs7, byte* in, word32 inSz, ESD* esd) RsaKey* privKey = &stack_privKey; #endif - if (pkcs7 == NULL || pkcs7->privateKey == NULL || pkcs7->rng == NULL || - in == NULL || esd == NULL) + if (pkcs7 == NULL || pkcs7->rng == NULL || in == NULL || esd == NULL) { return BAD_FUNC_ARG; + } #ifdef WOLFSSL_SMALL_STACK privKey = (RsaKey*)XMALLOC(sizeof(RsaKey), NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -600,14 +602,17 @@ static int wc_PKCS7_RsaSign(PKCS7* pkcs7, byte* in, word32 inSz, ESD* esd) return MEMORY_E; #endif - ret = wc_InitRsaKey(privKey, pkcs7->heap); - + ret = wc_InitRsaKey_ex(privKey, pkcs7->heap, pkcs7->devId); if (ret == 0) { - idx = 0; - ret = wc_RsaPrivateKeyDecode(pkcs7->privateKey, &idx, privKey, - pkcs7->privateKeySz); + if (pkcs7->privateKey != NULL && pkcs7->privateKeySz > 0) { + idx = 0; + ret = wc_RsaPrivateKeyDecode(pkcs7->privateKey, &idx, privKey, + pkcs7->privateKeySz); + } + else if (pkcs7->devId == INVALID_DEVID) { + ret = BAD_FUNC_ARG; + } } - if (ret == 0) { ret = wc_RsaSSL_Sign(in, inSz, esd->encContentDigest, sizeof(esd->encContentDigest), @@ -639,9 +644,9 @@ static int wc_PKCS7_EcdsaSign(PKCS7* pkcs7, byte* in, word32 inSz, ESD* esd) ecc_key* privKey = &stack_privKey; #endif - if (pkcs7 == NULL || pkcs7->privateKey == NULL || pkcs7->rng == NULL || - in == NULL || esd == NULL) + if (pkcs7 == NULL || pkcs7->rng == NULL || in == NULL || esd == NULL) { return BAD_FUNC_ARG; + } #ifdef WOLFSSL_SMALL_STACK privKey = (ecc_key*)XMALLOC(sizeof(ecc_key), NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -649,14 +654,17 @@ static int wc_PKCS7_EcdsaSign(PKCS7* pkcs7, byte* in, word32 inSz, ESD* esd) return MEMORY_E; #endif - ret = wc_ecc_init_ex(privKey, pkcs7->heap, INVALID_DEVID); - + ret = wc_ecc_init_ex(privKey, pkcs7->heap, pkcs7->devId); if (ret == 0) { - idx = 0; - ret = wc_EccPrivateKeyDecode(pkcs7->privateKey, &idx, privKey, - pkcs7->privateKeySz); + if (pkcs7->privateKey != NULL && pkcs7->privateKeySz > 0) { + idx = 0; + ret = wc_EccPrivateKeyDecode(pkcs7->privateKey, &idx, privKey, + pkcs7->privateKeySz); + } + else if (pkcs7->devId == INVALID_DEVID) { + ret = BAD_FUNC_ARG; + } } - if (ret == 0) { outSz = sizeof(esd->encContentDigest); ret = wc_ecc_sign_hash(in, inSz, esd->encContentDigest, @@ -1033,9 +1041,9 @@ int wc_PKCS7_EncodeSignedData(PKCS7* pkcs7, byte* output, word32 outputSz) if (pkcs7 == NULL || pkcs7->content == NULL || pkcs7->contentSz == 0 || pkcs7->encryptOID == 0 || pkcs7->hashOID == 0 || pkcs7->rng == 0 || pkcs7->singleCert == NULL || pkcs7->singleCertSz == 0 || - pkcs7->privateKey == NULL || pkcs7->privateKeySz == 0 || - output == NULL || outputSz == 0) + output == NULL || outputSz == 0) { return BAD_FUNC_ARG; + } #ifdef WOLFSSL_SMALL_STACK esd = (ESD*)XMALLOC(sizeof(ESD), NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -1309,7 +1317,7 @@ static int wc_PKCS7_RsaVerify(PKCS7* pkcs7, byte* sig, int sigSz, XMEMSET(digest, 0, MAX_PKCS7_DIGEST_SZ); - ret = wc_InitRsaKey(key, pkcs7->heap); + ret = wc_InitRsaKey_ex(key, pkcs7->heap, pkcs7->devId); if (ret != 0) { #ifdef WOLFSSL_SMALL_STACK XFREE(digest, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -1321,6 +1329,7 @@ static int wc_PKCS7_RsaVerify(PKCS7* pkcs7, byte* sig, int sigSz, if (wc_RsaPublicKeyDecode(pkcs7->publicKey, &scratch, key, pkcs7->publicKeySz) < 0) { WOLFSSL_MSG("ASN RSA key decode error"); + wc_FreeRsaKey(key); #ifdef WOLFSSL_SMALL_STACK XFREE(digest, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -1384,7 +1393,7 @@ static int wc_PKCS7_EcdsaVerify(PKCS7* pkcs7, byte* sig, int sigSz, XMEMSET(digest, 0, MAX_PKCS7_DIGEST_SZ); - ret = wc_ecc_init_ex(key, pkcs7->heap, INVALID_DEVID); + ret = wc_ecc_init_ex(key, pkcs7->heap, pkcs7->devId); if (ret != 0) { #ifdef WOLFSSL_SMALL_STACK XFREE(digest, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -1396,6 +1405,7 @@ static int wc_PKCS7_EcdsaVerify(PKCS7* pkcs7, byte* sig, int sigSz, if (wc_EccPublicKeyDecode(pkcs7->publicKey, &idx, key, pkcs7->publicKeySz) < 0) { WOLFSSL_MSG("ASN ECDSA key decode error"); + wc_ecc_free(key); #ifdef WOLFSSL_SMALL_STACK XFREE(digest, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -2124,6 +2134,7 @@ int wc_PKCS7_VerifySignedData(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz) typedef struct WC_PKCS7_KARI { DecodedCert* decoded; /* decoded recip cert */ void* heap; /* user heap, points to PKCS7->heap */ + int devId; /* device ID for HW based private key */ ecc_key* recipKey; /* recip key (pub | priv) */ ecc_key* senderKey; /* sender key (pub | priv) */ byte* senderKeyExport; /* sender ephemeral key DER */ @@ -2136,6 +2147,9 @@ typedef struct WC_PKCS7_KARI { word32 sharedInfoSz; /* size of ECC-CMS-SharedInfo encoded */ byte ukmOwner; /* do we own ukm buffer? 1:yes, 0:no */ byte direction; /* WC_PKCS7_ENCODE | WC_PKCS7_DECODE */ + byte decodedInit : 1; /* indicates decoded was initialized */ + byte recipKeyInit : 1; /* indicates recipKey was initialized */ + byte senderKeyInit : 1; /* indicates senderKey was initialized */ } WC_PKCS7_KARI; @@ -2247,8 +2261,12 @@ static WC_PKCS7_KARI* wc_PKCS7_KariNew(PKCS7* pkcs7, byte direction) kari->sharedInfo = NULL; kari->sharedInfoSz = 0; kari->direction = direction; + kari->decodedInit = 0; + kari->recipKeyInit = 0; + kari->senderKeyInit = 0; kari->heap = pkcs7->heap; + kari->devId = pkcs7->devId; return kari; } @@ -2263,15 +2281,18 @@ static int wc_PKCS7_KariFree(WC_PKCS7_KARI* kari) heap = kari->heap; if (kari->decoded) { - FreeDecodedCert(kari->decoded); + if (kari->decodedInit) + FreeDecodedCert(kari->decoded); XFREE(kari->decoded, heap, DYNAMIC_TYPE_PKCS7); } if (kari->senderKey) { - wc_ecc_free(kari->senderKey); + if (kari->senderKeyInit) + wc_ecc_free(kari->senderKey); XFREE(kari->senderKey, heap, DYNAMIC_TYPE_PKCS7); } if (kari->recipKey) { - wc_ecc_free(kari->recipKey); + if (kari->recipKeyInit) + wc_ecc_free(kari->recipKey); XFREE(kari->recipKey, heap, DYNAMIC_TYPE_PKCS7); } if (kari->senderKeyExport) { @@ -2317,12 +2338,9 @@ static int wc_PKCS7_KariParseRecipCert(WC_PKCS7_KARI* kari, const byte* cert, cert == NULL || certSz == 0) return BAD_FUNC_ARG; - if (kari->direction == WC_PKCS7_DECODE && - (key == NULL || keySz == 0)) - return BAD_FUNC_ARG; - /* decode certificate */ InitDecodedCert(kari->decoded, (byte*)cert, certSz, kari->heap); + kari->decodedInit = 1; ret = ParseCert(kari->decoded, CA_TYPE, NO_VERIFY, 0); if (ret < 0) return ret; @@ -2333,10 +2351,12 @@ static int wc_PKCS7_KariParseRecipCert(WC_PKCS7_KARI* kari, const byte* cert, return BAD_FUNC_ARG; } - ret = wc_ecc_init_ex(kari->recipKey, kari->heap, INVALID_DEVID); + ret = wc_ecc_init_ex(kari->recipKey, kari->heap, kari->devId); if (ret != 0) return ret; + kari->recipKeyInit = 1; + /* get recip public key */ if (kari->direction == WC_PKCS7_ENCODE) { @@ -2348,9 +2368,13 @@ static int wc_PKCS7_KariParseRecipCert(WC_PKCS7_KARI* kari, const byte* cert, } /* get recip private key */ else if (kari->direction == WC_PKCS7_DECODE) { - - idx = 0; - ret = wc_EccPrivateKeyDecode(key, &idx, kari->recipKey, keySz); + if (key != NULL && keySz > 0) { + idx = 0; + ret = wc_EccPrivateKeyDecode(key, &idx, kari->recipKey, keySz); + } + else if (kari->devId == INVALID_DEVID) { + ret = BAD_FUNC_ARG; + } if (ret != 0) return ret; @@ -2384,10 +2408,12 @@ static int wc_PKCS7_KariGenerateEphemeralKey(WC_PKCS7_KARI* kari, WC_RNG* rng) kari->senderKeyExportSz = kari->decoded->pubKeySize; - ret = wc_ecc_init_ex(kari->senderKey, kari->heap, INVALID_DEVID); + ret = wc_ecc_init_ex(kari->senderKey, kari->heap, kari->devId); if (ret != 0) return ret; + kari->senderKeyInit = 1; + ret = wc_ecc_make_key_ex(rng, kari->recipKey->dp->size, kari->senderKey, kari->recipKey->dp->id); if (ret != 0) @@ -2986,7 +3012,7 @@ static int wc_CreateRecipientInfo(const byte* cert, word32 certSz, #endif /* EncryptedKey */ - ret = wc_InitRsaKey(pubKey, 0); + ret = wc_InitRsaKey_ex(pubKey, heap, INVALID_DEVID); if (ret != 0) { FreeDecodedCert(decoded); #ifdef WOLFSSL_SMALL_STACK @@ -3250,7 +3276,7 @@ static int wc_PKCS7_GenerateIV(PKCS7* pkcs7, WC_RNG* rng, byte* iv, word32 ivSz) if (rnd == NULL) return MEMORY_E; - ret = wc_InitRng_ex(rnd, pkcs7->heap, INVALID_DEVID); + ret = wc_InitRng_ex(rnd, pkcs7->heap, pkcs7->devId); if (ret != 0) { XFREE(rnd, pkcs7->heap, DYNAMIC_TYPE_RNG); return ret; @@ -3384,7 +3410,7 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz) } /* generate random content encryption key */ - ret = wc_InitRng_ex(&rng, pkcs7->heap, INVALID_DEVID); + ret = wc_InitRng_ex(&rng, pkcs7->heap, pkcs7->devId); if (ret != 0) return ret; @@ -3712,7 +3738,7 @@ static int wc_PKCS7_DecodeKtri(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz, } #endif - ret = wc_InitRsaKey(privKey, 0); + ret = wc_InitRsaKey_ex(privKey, NULL, INVALID_DEVID); if (ret != 0) { #ifdef WOLFSSL_SMALL_STACK XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -3721,11 +3747,17 @@ static int wc_PKCS7_DecodeKtri(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz, return ret; } - keyIdx = 0; - ret = wc_RsaPrivateKeyDecode(pkcs7->privateKey, &keyIdx, privKey, - pkcs7->privateKeySz); + if (pkcs7->privateKey != NULL && pkcs7->privateKeySz > 0) { + keyIdx = 0; + ret = wc_RsaPrivateKeyDecode(pkcs7->privateKey, &keyIdx, privKey, + pkcs7->privateKeySz); + } + else if (pkcs7->devId == INVALID_DEVID) { + ret = BAD_FUNC_ARG; + } if (ret != 0) { WOLFSSL_MSG("Failed to decode RSA private key"); + wc_FreeRsaKey(privKey); #ifdef WOLFSSL_SMALL_STACK XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(privKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -3735,7 +3767,7 @@ static int wc_PKCS7_DecodeKtri(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz, /* decrypt encryptedKey */ #ifdef WC_RSA_BLINDING - ret = wc_InitRng_ex(&rng, pkcs7->heap, INVALID_DEVID); + ret = wc_InitRng_ex(&rng, pkcs7->heap, pkcs7->devId); if (ret == 0) { ret = wc_RsaSetRNG(privKey, &rng); } @@ -3823,10 +3855,12 @@ static int wc_PKCS7_KariGetOriginatorIdentifierOrKey(WC_PKCS7_KARI* kari, return ASN_EXPECT_0_E; /* get sender ephemeral public ECDSA key */ - ret = wc_ecc_init_ex(kari->senderKey, kari->heap, INVALID_DEVID); + ret = wc_ecc_init_ex(kari->senderKey, kari->heap, kari->devId); if (ret != 0) return ret; + kari->senderKeyInit = 1; + /* length-1 for unused bits counter */ ret = wc_ecc_import_x963(pkiMsg + (*idx), length - 1, kari->senderKey); if (ret != 0) @@ -4155,6 +4189,9 @@ static int wc_PKCS7_DecodeKari(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz, pkcs7->privateKeySz); if (ret != 0) { wc_PKCS7_KariFree(kari); + #ifdef WOLFSSL_SMALL_STACK + XFREE(encryptedKey, NULL, DYNAMIC_TYPE_PKCS7); + #endif return ret; } @@ -4380,8 +4417,7 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg, int explicitOctet; if (pkcs7 == NULL || pkcs7->singleCert == NULL || - pkcs7->singleCertSz == 0 || pkcs7->privateKey == NULL || - pkcs7->privateKeySz == 0) + pkcs7->singleCertSz == 0) return BAD_FUNC_ARG; if (pkiMsg == NULL || pkiMsgSz == 0 || diff --git a/wolfcrypt/src/poly1305.c b/wolfcrypt/src/poly1305.c index 4fcc712f0..adf3dbf80 100644 --- a/wolfcrypt/src/poly1305.c +++ b/wolfcrypt/src/poly1305.c @@ -1211,6 +1211,9 @@ int wc_Poly1305SetKey(Poly1305* ctx, const byte* key, word32 keySz) word64 t0,t1; #endif + if (key == NULL) + return BAD_FUNC_ARG; + #ifdef CHACHA_AEAD_TEST word32 k; printf("Poly key used:\n"); diff --git a/wolfcrypt/src/pwdbased.c b/wolfcrypt/src/pwdbased.c old mode 100755 new mode 100644 index f29665a7f..cadd1c892 --- a/wolfcrypt/src/pwdbased.c +++ b/wolfcrypt/src/pwdbased.c @@ -645,7 +645,7 @@ static void scryptROMix(byte* x, byte* v, byte* y, int r, word32 n) #endif #else byte* t = x + (2*r - 1) * 64; - j = (t[0] | (t[1] << 8) | (t[2] << 16) | (t[3] << 24)) & (n-1); + j = (t[0] | (t[1] << 8) | (t[2] << 16) | ((word32)t[3] << 24)) & (n-1); #endif #ifdef WORD64_AVAILABLE for (k = 0; k < bSz / 8; k++) diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c index 658b5a29c..a4a7adcb0 100644 --- a/wolfcrypt/src/rsa.c +++ b/wolfcrypt/src/rsa.c @@ -190,6 +190,9 @@ int wc_RsaFlattenPublicKey(RsaKey* key, byte* a, word32* aSz, byte* b, #include #include +#ifdef WOLF_CRYPTO_DEV + #include +#endif #ifdef NO_INLINE #include #else @@ -237,8 +240,6 @@ int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId) return BAD_FUNC_ARG; } - (void)devId; - XMEMSET(key, 0, sizeof(RsaKey)); key->type = RSA_TYPE_UNKNOWN; @@ -251,6 +252,12 @@ int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId) key->rng = NULL; #endif +#ifdef WOLF_CRYPTO_DEV + key->devId = devId; +#else + (void)devId; +#endif + #ifdef WOLFSSL_ASYNC_CRYPT #ifdef WOLFSSL_CERT_GEN XMEMSET(&key->certSignCtx, 0, sizeof(CertSignCtx)); @@ -263,8 +270,6 @@ int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId) if (ret != 0) return ret; #endif /* WC_ASYNC_ENABLE_RSA */ -#else - (void)devId; #endif /* WOLFSSL_ASYNC_CRYPT */ ret = mp_init_multi(&key->n, &key->e, NULL, NULL, NULL, NULL); @@ -1512,7 +1517,7 @@ static int wc_RsaFunctionAsync(const byte* in, word32 inLen, byte* out, } #endif /* WOLFSSL_ASYNC_CRYPT && WC_ASYNC_ENABLE_RSA */ -#ifdef WC_RSA_NO_PADDING +#if defined(WC_RSA_DIRECT) || defined(WC_RSA_NO_PADDING) /* Function that does the RSA operation directly with no padding. * * in buffer to do operation on @@ -1606,7 +1611,7 @@ int wc_RsaDirect(byte* in, word32 inLen, byte* out, word32* outSz, return ret; } -#endif /* WC_RSA_NO_PADDING */ +#endif /* WC_RSA_DIRECT || WC_RSA_NO_PADDING */ int wc_RsaFunction(const byte* in, word32 inLen, byte* out, @@ -1619,6 +1624,15 @@ int wc_RsaFunction(const byte* in, word32 inLen, byte* out, return BAD_FUNC_ARG; } +#ifdef WOLF_CRYPTO_DEV + if (key->devId != INVALID_DEVID) { + ret = wc_CryptoDev_Rsa(in, inLen, out, outLen, type, key, rng); + if (ret != NOT_COMPILED_IN) + return ret; + ret = 0; /* reset error code and try using software */ + } +#endif + #ifndef NO_RSA_BOUNDS_CHECK if (type == RSA_PRIVATE_DECRYPT && key->state == RSA_STATE_DECRYPT_EXPTMOD) { @@ -2268,10 +2282,21 @@ int wc_RsaPSS_Sign_ex(const byte* in, word32 inLen, byte* out, word32 outLen, int wc_RsaEncryptSize(RsaKey* key) { + int ret; + if (key == NULL) { return BAD_FUNC_ARG; } - return mp_unsigned_bin_size(&key->n); + + ret = mp_unsigned_bin_size(&key->n); + +#ifdef WOLF_CRYPTO_DEV + if (ret == 0 && key->devId != INVALID_DEVID) { + ret = 2048/8; /* hardware handles, use 2048-bit as default */ + } +#endif + + return ret; } @@ -2310,8 +2335,7 @@ static int RsaGetValue(mp_int* in, byte* out, word32* outSz) word32 sz; int ret = 0; - if (in == NULL || out == NULL || outSz == NULL) - return BAD_FUNC_ARG; + /* Parameters ensured by calling function. */ sz = (word32)mp_unsigned_bin_size(in); if (sz > *outSz) diff --git a/wolfcrypt/src/sha.c b/wolfcrypt/src/sha.c index 3a4a97376..d800e2d9b 100644 --- a/wolfcrypt/src/sha.c +++ b/wolfcrypt/src/sha.c @@ -431,6 +431,26 @@ int wc_ShaUpdate(wc_Sha* sha, const byte* data, word32 len) return 0; } +int wc_ShaFinalRaw(wc_Sha* sha, byte* hash) +{ +#ifdef LITTLE_ENDIAN_ORDER + word32 digest[WC_SHA_DIGEST_SIZE / sizeof(word32)]; +#endif + + if (sha == NULL || hash == NULL) { + return BAD_FUNC_ARG; + } + +#ifdef LITTLE_ENDIAN_ORDER + ByteReverseWords((word32*)digest, (word32*)sha->digest, WC_SHA_DIGEST_SIZE); + XMEMCPY(hash, digest, WC_SHA_DIGEST_SIZE); +#else + XMEMCPY(hash, sha->digest, WC_SHA_DIGEST_SIZE); +#endif + + return 0; +} + int wc_ShaFinal(wc_Sha* sha, byte* hash) { byte* local; diff --git a/wolfcrypt/src/sha256.c b/wolfcrypt/src/sha256.c index 1efe335eb..bd234c4f0 100644 --- a/wolfcrypt/src/sha256.c +++ b/wolfcrypt/src/sha256.c @@ -765,6 +765,27 @@ static int InitSha256(wc_Sha256* sha256) return XTRANSFORM(sha256); } + int wc_Sha256FinalRaw(wc_Sha256* sha256, byte* hash) + { + #ifdef LITTLE_ENDIAN_ORDER + word32 digest[WC_SHA256_DIGEST_SIZE / sizeof(word32)]; + #endif + + if (sha256 == NULL || hash == NULL) { + return BAD_FUNC_ARG; + } + + #ifdef LITTLE_ENDIAN_ORDER + ByteReverseWords((word32*)digest, (word32*)sha256->digest, + WC_SHA256_DIGEST_SIZE); + XMEMCPY(hash, digest, WC_SHA256_DIGEST_SIZE); + #else + XMEMCPY(hash, sha256->digest, WC_SHA256_DIGEST_SIZE); + #endif + + return 0; + } + int wc_Sha256Final(wc_Sha256* sha256, byte* hash) { int ret; @@ -875,231 +896,231 @@ static int InitSha256(wc_Sha256* sha256) #if defined(HAVE_INTEL_RORX) #define RND_STEP_RORX_0_1(a, b, c, d, e, f, g, h, i) \ /* L3 = f */ \ - "movl %"#f", "L3"\n\t" \ + "movl %" #f ", " L3 "\n\t" \ /* L2 = e>>>11 */ \ - "rorx $11, %"#e", "L2"\n\t" \ + "rorx $11, %" #e ", " L2 "\n\t" \ /* h += w_k */ \ - "addl ("#i")*4("WK"), %"#h"\n\t" \ + "addl (" #i ")*4(" WK "), %" #h "\n\t" \ #define RND_STEP_RORX_0_2(a, b, c, d, e, f, g, h, i) \ /* L2 = (e>>>6) ^ (e>>>11) */ \ - "xorl "L1", "L2"\n\t" \ + "xorl " L1 ", " L2 "\n\t" \ /* L3 = f ^ g */ \ - "xorl %"#g", "L3"\n\t" \ + "xorl %" #g ", " L3 "\n\t" \ /* L1 = e>>>25 */ \ - "rorx $25, %"#e", "L1"\n\t" \ + "rorx $25, %" #e ", " L1 "\n\t" \ #define RND_STEP_RORX_0_3(a, b, c, d, e, f, g, h, i) \ /* L3 = (f ^ g) & e */ \ - "andl %"#e", "L3"\n\t" \ + "andl %" #e ", " L3 "\n\t" \ /* L1 = Sigma1(e) */ \ - "xorl "L2", "L1"\n\t" \ + "xorl " L2 ", " L1 "\n\t" \ /* L2 = a>>>13 */ \ - "rorx $13, %"#a", "L2"\n\t" \ + "rorx $13, %" #a ", " L2 "\n\t" \ #define RND_STEP_RORX_0_4(a, b, c, d, e, f, g, h, i) \ /* h += Sigma1(e) */ \ - "addl "L1", %"#h"\n\t" \ + "addl " L1 ", %" #h "\n\t" \ /* L1 = a>>>2 */ \ - "rorx $2, %"#a", "L1"\n\t" \ + "rorx $2, %" #a ", " L1 "\n\t" \ /* L3 = Ch(e,f,g) */ \ - "xorl %"#g", "L3"\n\t" \ + "xorl %" #g ", " L3 "\n\t" \ #define RND_STEP_RORX_0_5(a, b, c, d, e, f, g, h, i) \ /* L2 = (a>>>2) ^ (a>>>13) */ \ - "xorl "L1", "L2"\n\t" \ + "xorl " L1 ", " L2 "\n\t" \ /* L1 = a>>>22 */ \ - "rorx $22, %"#a", "L1"\n\t" \ + "rorx $22, %" #a ", " L1 "\n\t" \ /* h += Ch(e,f,g) */ \ - "addl "L3", %"#h"\n\t" \ + "addl " L3 ", %" #h "\n\t" \ #define RND_STEP_RORX_0_6(a, b, c, d, e, f, g, h, i) \ /* L1 = Sigma0(a) */ \ - "xorl "L2", "L1"\n\t" \ + "xorl " L2 ", " L1 "\n\t" \ /* L3 = b */ \ - "movl %"#b", "L3"\n\t" \ + "movl %" #b ", " L3 "\n\t" \ /* d += h + w_k + Sigma1(e) + Ch(e,f,g) */ \ - "addl %"#h", %"#d"\n\t" \ + "addl %" #h ", %" #d "\n\t" \ #define RND_STEP_RORX_0_7(a, b, c, d, e, f, g, h, i) \ /* L3 = a ^ b */ \ - "xorl %"#a", "L3"\n\t" \ + "xorl %" #a ", " L3 "\n\t" \ /* h += Sigma0(a) */ \ - "addl "L1", %"#h"\n\t" \ + "addl " L1 ", %" #h "\n\t" \ /* L4 = (a ^ b) & (b ^ c) */ \ - "andl "L3", "L4"\n\t" \ + "andl " L3 ", " L4 "\n\t" \ #define RND_STEP_RORX_0_8(a, b, c, d, e, f, g, h, i) \ /* L4 = Maj(a,b,c) */ \ - "xorl %"#b", "L4"\n\t" \ + "xorl %" #b ", " L4 "\n\t" \ /* L1 = d>>>6 (= e>>>6 next RND) */ \ - "rorx $6, %"#d", "L1"\n\t" \ + "rorx $6, %" #d ", " L1 "\n\t" \ /* h += Maj(a,b,c) */ \ - "addl "L4", %"#h"\n\t" \ + "addl " L4 ", %" #h "\n\t" \ #define RND_STEP_RORX_1_1(a, b, c, d, e, f, g, h, i) \ /* L4 = f */ \ - "movl %"#f", "L4"\n\t" \ + "movl %" #f ", " L4 "\n\t" \ /* L2 = e>>>11 */ \ - "rorx $11, %"#e", "L2"\n\t" \ + "rorx $11, %" #e ", " L2 "\n\t" \ /* h += w_k */ \ - "addl ("#i")*4("WK"), %"#h"\n\t" \ + "addl (" #i ")*4(" WK "), %" #h "\n\t" \ #define RND_STEP_RORX_1_2(a, b, c, d, e, f, g, h, i) \ /* L2 = (e>>>6) ^ (e>>>11) */ \ - "xorl "L1", "L2"\n\t" \ + "xorl " L1 ", " L2 "\n\t" \ /* L4 = f ^ g */ \ - "xorl %"#g", "L4"\n\t" \ + "xorl %" #g ", " L4 "\n\t" \ /* L1 = e>>>25 */ \ - "rorx $25, %"#e", "L1"\n\t" \ + "rorx $25, %" #e ", " L1 "\n\t" \ #define RND_STEP_RORX_1_3(a, b, c, d, e, f, g, h, i) \ /* L4 = (f ^ g) & e */ \ - "andl %"#e", "L4"\n\t" \ + "andl %" #e ", " L4 "\n\t" \ /* L1 = Sigma1(e) */ \ - "xorl "L2", "L1"\n\t" \ + "xorl " L2 ", " L1 "\n\t" \ /* L2 = a>>>13 */ \ - "rorx $13, %"#a", "L2"\n\t" \ + "rorx $13, %" #a ", " L2 "\n\t" \ #define RND_STEP_RORX_1_4(a, b, c, d, e, f, g, h, i) \ /* h += Sigma1(e) */ \ - "addl "L1", %"#h"\n\t" \ + "addl " L1 ", %" #h "\n\t" \ /* L1 = a>>>2 */ \ - "rorx $2, %"#a", "L1"\n\t" \ + "rorx $2, %" #a ", " L1 "\n\t" \ /* L4 = Ch(e,f,g) */ \ - "xorl %"#g", "L4"\n\t" \ + "xorl %" #g ", " L4 "\n\t" \ #define RND_STEP_RORX_1_5(a, b, c, d, e, f, g, h, i) \ /* L2 = (a>>>2) ^ (a>>>13) */ \ - "xorl "L1", "L2"\n\t" \ + "xorl " L1 ", " L2 "\n\t" \ /* L1 = a>>>22 */ \ - "rorx $22, %"#a", "L1"\n\t" \ + "rorx $22, %" #a ", " L1 "\n\t" \ /* h += Ch(e,f,g) */ \ - "addl "L4", %"#h"\n\t" \ + "addl " L4 ", %" #h "\n\t" \ #define RND_STEP_RORX_1_6(a, b, c, d, e, f, g, h, i) \ /* L1 = Sigma0(a) */ \ - "xorl "L2", "L1"\n\t" \ + "xorl " L2 ", " L1 "\n\t" \ /* L4 = b */ \ - "movl %"#b", "L4"\n\t" \ + "movl %" #b ", " L4 "\n\t" \ /* d += h + w_k + Sigma1(e) + Ch(e,f,g) */ \ - "addl %"#h", %"#d"\n\t" \ + "addl %" #h ", %" #d "\n\t" \ #define RND_STEP_RORX_1_7(a, b, c, d, e, f, g, h, i) \ /* L4 = a ^ b */ \ - "xorl %"#a", "L4"\n\t" \ + "xorl %" #a ", " L4 "\n\t" \ /* h += Sigma0(a) */ \ - "addl "L1", %"#h"\n\t" \ + "addl " L1 ", %" #h "\n\t" \ /* L3 = (a ^ b) & (b ^ c) */ \ - "andl "L4", "L3"\n\t" \ + "andl " L4 ", " L3 "\n\t" \ #define RND_STEP_RORX_1_8(a, b, c, d, e, f, g, h, i) \ /* L3 = Maj(a,b,c) */ \ - "xorl %"#b", "L3"\n\t" \ + "xorl %" #b ", " L3 "\n\t" \ /* L1 = d>>>6 (= e>>>6 next RND) */ \ - "rorx $6, %"#d", "L1"\n\t" \ + "rorx $6, %" #d ", " L1 "\n\t" \ /* h += Maj(a,b,c) */ \ - "addl "L3", %"#h"\n\t" \ + "addl " L3 ", %" #h "\n\t" \ #define _RND_RORX_X_0(a, b, c, d, e, f, g, h, i) \ /* L1 = e>>>6 */ \ - "rorx $6, %"#e", "L1"\n\t" \ + "rorx $6, %" #e ", " L1 "\n\t" \ /* L2 = e>>>11 */ \ - "rorx $11, %"#e", "L2"\n\t" \ + "rorx $11, %" #e ", " L2 "\n\t" \ /* Prev RND: h += Maj(a,b,c) */ \ - "addl "L3", %"#a"\n\t" \ + "addl " L3 ", %" #a "\n\t" \ /* h += w_k */ \ - "addl ("#i")*4("WK"), %"#h"\n\t" \ + "addl (" #i ")*4(" WK "), %" #h "\n\t" \ /* L3 = f */ \ - "movl %"#f", "L3"\n\t" \ + "movl %" #f ", " L3 "\n\t" \ /* L2 = (e>>>6) ^ (e>>>11) */ \ - "xorl "L1", "L2"\n\t" \ + "xorl " L1 ", " L2 "\n\t" \ /* L3 = f ^ g */ \ - "xorl %"#g", "L3"\n\t" \ + "xorl %" #g ", " L3 "\n\t" \ /* L1 = e>>>25 */ \ - "rorx $25, %"#e", "L1"\n\t" \ + "rorx $25, %" #e ", " L1 "\n\t" \ /* L1 = Sigma1(e) */ \ - "xorl "L2", "L1"\n\t" \ + "xorl " L2 ", " L1 "\n\t" \ /* L3 = (f ^ g) & e */ \ - "andl %"#e", "L3"\n\t" \ + "andl %" #e ", " L3 "\n\t" \ /* h += Sigma1(e) */ \ - "addl "L1", %"#h"\n\t" \ + "addl " L1 ", %" #h "\n\t" \ /* L1 = a>>>2 */ \ - "rorx $2, %"#a", "L1"\n\t" \ + "rorx $2, %" #a ", " L1 "\n\t" \ /* L2 = a>>>13 */ \ - "rorx $13, %"#a", "L2"\n\t" \ + "rorx $13, %" #a ", " L2 "\n\t" \ /* L3 = Ch(e,f,g) */ \ - "xorl %"#g", "L3"\n\t" \ + "xorl %" #g ", " L3 "\n\t" \ /* L2 = (a>>>2) ^ (a>>>13) */ \ - "xorl "L1", "L2"\n\t" \ + "xorl " L1 ", " L2 "\n\t" \ /* L1 = a>>>22 */ \ - "rorx $22, %"#a", "L1"\n\t" \ + "rorx $22, %" #a ", " L1 "\n\t" \ /* h += Ch(e,f,g) */ \ - "addl "L3", %"#h"\n\t" \ + "addl " L3 ", %" #h "\n\t" \ /* L1 = Sigma0(a) */ \ - "xorl "L2", "L1"\n\t" \ + "xorl " L2 ", " L1 "\n\t" \ /* L3 = b */ \ - "movl %"#b", "L3"\n\t" \ + "movl %" #b ", " L3 "\n\t" \ /* d += h + w_k + Sigma1(e) + Ch(e,f,g) */ \ - "addl %"#h", %"#d"\n\t" \ + "addl %" #h ", %" #d "\n\t" \ /* L3 = a ^ b */ \ - "xorl %"#a", "L3"\n\t" \ + "xorl %" #a ", " L3 "\n\t" \ /* L4 = (a ^ b) & (b ^ c) */ \ - "andl "L3", "L4"\n\t" \ + "andl " L3 ", " L4 "\n\t" \ /* h += Sigma0(a) */ \ - "addl "L1", %"#h"\n\t" \ + "addl " L1 ", %" #h "\n\t" \ /* L4 = Maj(a,b,c) */ \ - "xorl %"#b", "L4"\n\t" \ + "xorl %" #b ", " L4 "\n\t" \ #define _RND_RORX_X_1(a, b, c, d, e, f, g, h, i) \ /* L1 = e>>>6 */ \ - "rorx $6, %"#e", "L1"\n\t" \ + "rorx $6, %" #e ", " L1 "\n\t" \ /* L2 = e>>>11 */ \ - "rorx $11, %"#e", "L2"\n\t" \ + "rorx $11, %" #e ", " L2 "\n\t" \ /* Prev RND: h += Maj(a,b,c) */ \ - "addl "L4", %"#a"\n\t" \ + "addl " L4 ", %" #a "\n\t" \ /* h += w_k */ \ - "addl ("#i")*4("WK"), %"#h"\n\t" \ + "addl (" #i ")*4(" WK "), %" #h "\n\t" \ /* L4 = f */ \ - "movl %"#f", "L4"\n\t" \ + "movl %" #f ", " L4 "\n\t" \ /* L2 = (e>>>6) ^ (e>>>11) */ \ - "xorl "L1", "L2"\n\t" \ + "xorl " L1 ", " L2 "\n\t" \ /* L4 = f ^ g */ \ - "xorl %"#g", "L4"\n\t" \ + "xorl %" #g ", " L4 "\n\t" \ /* L1 = e>>>25 */ \ - "rorx $25, %"#e", "L1"\n\t" \ + "rorx $25, %" #e ", " L1 "\n\t" \ /* L1 = Sigma1(e) */ \ - "xorl "L2", "L1"\n\t" \ + "xorl " L2 ", " L1 "\n\t" \ /* L4 = (f ^ g) & e */ \ - "andl %"#e", "L4"\n\t" \ + "andl %" #e ", " L4 "\n\t" \ /* h += Sigma1(e) */ \ - "addl "L1", %"#h"\n\t" \ + "addl " L1 ", %" #h "\n\t" \ /* L1 = a>>>2 */ \ - "rorx $2, %"#a", "L1"\n\t" \ + "rorx $2, %" #a ", " L1 "\n\t" \ /* L2 = a>>>13 */ \ - "rorx $13, %"#a", "L2"\n\t" \ + "rorx $13, %" #a ", " L2 "\n\t" \ /* L4 = Ch(e,f,g) */ \ - "xorl %"#g", "L4"\n\t" \ + "xorl %" #g ", " L4 "\n\t" \ /* L2 = (a>>>2) ^ (a>>>13) */ \ - "xorl "L1", "L2"\n\t" \ + "xorl " L1 ", " L2 "\n\t" \ /* L1 = a>>>22 */ \ - "rorx $22, %"#a", "L1"\n\t" \ + "rorx $22, %" #a ", " L1 "\n\t" \ /* h += Ch(e,f,g) */ \ - "addl "L4", %"#h"\n\t" \ + "addl " L4 ", %" #h "\n\t" \ /* L1 = Sigma0(a) */ \ - "xorl "L2", "L1"\n\t" \ + "xorl " L2 ", " L1 "\n\t" \ /* L4 = b */ \ - "movl %"#b", "L4"\n\t" \ + "movl %" #b ", " L4 "\n\t" \ /* d += h + w_k + Sigma1(e) + Ch(e,f,g) */ \ - "addl %"#h", %"#d"\n\t" \ + "addl %" #h ", %" #d "\n\t" \ /* L4 = a ^ b */ \ - "xorl %"#a", "L4"\n\t" \ + "xorl %" #a ", " L4 "\n\t" \ /* L2 = (a ^ b) & (b ^ c) */ \ - "andl "L4", "L3"\n\t" \ + "andl " L4 ", " L3 "\n\t" \ /* h += Sigma0(a) */ \ - "addl "L1", %"#h"\n\t" \ + "addl " L1 ", %" #h "\n\t" \ /* L3 = Maj(a,b,c) */ \ - "xorl %"#b", "L3"\n\t" \ + "xorl %" #b ", " L3 "\n\t" \ #define RND_RORX_X_0(a,b,c,d,e,f,g,h,i) \ @@ -1117,247 +1138,247 @@ static int InitSha256(wc_Sha256* sha256) #define RND_STEP_0_1(a,b,c,d,e,f,g,h,i) \ /* L1 = e>>>14 */ \ - "rorl $14, "L1"\n\t" \ + "rorl $14, " L1 "\n\t" \ #define RND_STEP_0_2(a,b,c,d,e,f,g,h,i) \ /* L3 = b */ \ - "movl %"#b", "L3"\n\t" \ + "movl %" #b ", " L3 "\n\t" \ /* L2 = f */ \ - "movl %"#f", "L2"\n\t" \ + "movl %" #f ", " L2 "\n\t" \ /* h += w_k */ \ - "addl ("#i")*4("WK"), %"#h"\n\t" \ + "addl (" #i ")*4(" WK "), %" #h "\n\t" \ /* L2 = f ^ g */ \ - "xorl %"#g", "L2"\n\t" \ + "xorl %" #g ", " L2 "\n\t" \ #define RND_STEP_0_3(a,b,c,d,e,f,g,h,i) \ /* L1 = (e>>>14) ^ e */ \ - "xorl %"#e", "L1"\n\t" \ + "xorl %" #e ", " L1 "\n\t" \ /* L2 = (f ^ g) & e */ \ - "andl %"#e", "L2"\n\t" \ - + "andl %" #e ", " L2 "\n\t" \ + #define RND_STEP_0_4(a,b,c,d,e,f,g,h,i) \ /* L1 = ((e>>>14) ^ e) >>> 5 */ \ - "rorl $5, "L1"\n\t" \ + "rorl $5, " L1 "\n\t" \ /* L2 = Ch(e,f,g) */ \ - "xorl %"#g", "L2"\n\t" \ + "xorl %" #g ", " L2 "\n\t" \ /* L1 = (((e>>>14) ^ e) >>> 5) ^ e */ \ - "xorl %"#e", "L1"\n\t" \ + "xorl %" #e ", " L1 "\n\t" \ /* h += Ch(e,f,g) */ \ - "addl "L2", %"#h"\n\t" \ + "addl " L2 ", %" #h "\n\t" \ #define RND_STEP_0_5(a,b,c,d,e,f,g,h,i) \ /* L1 = ((((e>>>14) ^ e) >>> 5) ^ e) >>> 6 */ \ - "rorl $6, "L1"\n\t" \ + "rorl $6, " L1 "\n\t" \ /* L3 = a ^ b (= b ^ c of next RND) */ \ - "xorl %"#a", "L3"\n\t" \ + "xorl %" #a ", " L3 "\n\t" \ /* h = h + w_k + Sigma1(e) */ \ - "addl "L1", %"#h"\n\t" \ + "addl " L1 ", %" #h "\n\t" \ /* L2 = a */ \ - "movl %"#a", "L2"\n\t" \ + "movl %" #a ", " L2 "\n\t" \ #define RND_STEP_0_6(a,b,c,d,e,f,g,h,i) \ /* L3 = (a ^ b) & (b ^ c) */ \ - "andl "L3", "L4"\n\t" \ + "andl " L3 ", " L4 "\n\t" \ /* L2 = a>>>9 */ \ - "rorl $9, "L2"\n\t" \ + "rorl $9, " L2 "\n\t" \ /* L2 = (a>>>9) ^ a */ \ - "xorl %"#a", "L2"\n\t" \ + "xorl %" #a ", " L2 "\n\t" \ /* L1 = Maj(a,b,c) */ \ - "xorl %"#b", "L4"\n\t" \ + "xorl %" #b ", " L4 "\n\t" \ #define RND_STEP_0_7(a,b,c,d,e,f,g,h,i) \ /* L2 = ((a>>>9) ^ a) >>> 11 */ \ - "rorl $11, "L2"\n\t" \ + "rorl $11, " L2 "\n\t" \ /* d += h + w_k + Sigma1(e) + Ch(e,f,g) */ \ - "addl %"#h", %"#d"\n\t" \ + "addl %" #h ", %" #d "\n\t" \ /* L2 = (((a>>>9) ^ a) >>> 11) ^ a */ \ - "xorl %"#a", "L2"\n\t" \ + "xorl %" #a ", " L2 "\n\t" \ /* h = h + w_k + Sigma1(e) + Ch(e,f,g) + Maj(a,b,c) */ \ - "addl "L4", %"#h"\n\t" \ + "addl " L4 ", %" #h "\n\t" \ #define RND_STEP_0_8(a,b,c,d,e,f,g,h,i) \ /* L2 = ((((a>>>9) ^ a) >>> 11) ^ a) >>> 2 */ \ - "rorl $2, "L2"\n\t" \ + "rorl $2, " L2 "\n\t" \ /* L1 = d (e of next RND) */ \ - "movl %"#d", "L1"\n\t" \ + "movl %" #d ", " L1 "\n\t" \ /* h = h + w_k + Sigma1(e) Sigma0(a) + Ch(e,f,g) + Maj(a,b,c) */ \ - "addl "L2", %"#h"\n\t" \ + "addl " L2 ", %" #h "\n\t" \ #define RND_STEP_1_1(a,b,c,d,e,f,g,h,i) \ /* L1 = e>>>14 */ \ - "rorl $14, "L1"\n\t" \ - + "rorl $14, " L1 "\n\t" \ + #define RND_STEP_1_2(a,b,c,d,e,f,g,h,i) \ /* L3 = b */ \ - "movl %"#b", "L4"\n\t" \ + "movl %" #b ", " L4 "\n\t" \ /* L2 = f */ \ - "movl %"#f", "L2"\n\t" \ + "movl %" #f ", " L2 "\n\t" \ /* h += w_k */ \ - "addl ("#i")*4("WK"), %"#h"\n\t" \ + "addl (" #i ")*4(" WK "), %" #h "\n\t" \ /* L2 = f ^ g */ \ - "xorl %"#g", "L2"\n\t" \ - + "xorl %" #g ", " L2 "\n\t" \ + #define RND_STEP_1_3(a,b,c,d,e,f,g,h,i) \ /* L1 = (e>>>14) ^ e */ \ - "xorl %"#e", "L1"\n\t" \ + "xorl %" #e ", " L1 "\n\t" \ /* L2 = (f ^ g) & e */ \ - "andl %"#e", "L2"\n\t" \ - + "andl %" #e ", " L2 "\n\t" \ + #define RND_STEP_1_4(a,b,c,d,e,f,g,h,i) \ /* L1 = ((e>>>14) ^ e) >>> 5 */ \ - "rorl $5, "L1"\n\t" \ + "rorl $5, " L1 "\n\t" \ /* L2 = Ch(e,f,g) */ \ - "xorl %"#g", "L2"\n\t" \ + "xorl %" #g ", " L2 "\n\t" \ /* L1 = (((e>>>14) ^ e) >>> 5) ^ e */ \ - "xorl %"#e", "L1"\n\t" \ + "xorl %" #e ", " L1 "\n\t" \ /* h += Ch(e,f,g) */ \ - "addl "L2", %"#h"\n\t" \ + "addl " L2 ", %" #h "\n\t" \ #define RND_STEP_1_5(a,b,c,d,e,f,g,h,i) \ /* L1 = ((((e>>>14) ^ e) >>> 5) ^ e) >>> 6 */ \ - "rorl $6, "L1"\n\t" \ + "rorl $6, " L1 "\n\t" \ /* L4 = a ^ b (= b ^ c of next RND) */ \ - "xorl %"#a", "L4"\n\t" \ + "xorl %" #a ", " L4 "\n\t" \ /* h = h + w_k + Sigma1(e) */ \ - "addl "L1", %"#h"\n\t" \ + "addl " L1 ", %" #h "\n\t" \ /* L2 = a */ \ - "movl %"#a", "L2"\n\t" \ + "movl %" #a ", " L2 "\n\t" \ #define RND_STEP_1_6(a,b,c,d,e,f,g,h,i) \ /* L3 = (a ^ b) & (b ^ c) */ \ - "andl "L4", "L3"\n\t" \ + "andl " L4 ", " L3 "\n\t" \ /* L2 = a>>>9 */ \ - "rorl $9, "L2"\n\t" \ + "rorl $9, " L2 "\n\t" \ /* L2 = (a>>>9) ^ a */ \ - "xorl %"#a", "L2"\n\t" \ + "xorl %" #a ", " L2 "\n\t" \ /* L1 = Maj(a,b,c) */ \ - "xorl %"#b", "L3"\n\t" \ + "xorl %" #b ", " L3 "\n\t" \ #define RND_STEP_1_7(a,b,c,d,e,f,g,h,i) \ /* L2 = ((a>>>9) ^ a) >>> 11 */ \ - "rorl $11, "L2"\n\t" \ + "rorl $11, " L2 "\n\t" \ /* d += h + w_k + Sigma1(e) + Ch(e,f,g) */ \ - "addl %"#h", %"#d"\n\t" \ + "addl %" #h ", %" #d "\n\t" \ /* L2 = (((a>>>9) ^ a) >>> 11) ^ a */ \ - "xorl %"#a", "L2"\n\t" \ + "xorl %" #a ", " L2 "\n\t" \ /* h = h + w_k + Sigma1(e) + Ch(e,f,g) + Maj(a,b,c) */ \ - "addl "L3", %"#h"\n\t" \ + "addl " L3 ", %" #h "\n\t" \ #define RND_STEP_1_8(a,b,c,d,e,f,g,h,i) \ /* L2 = ((((a>>>9) ^ a) >>> 11) ^ a) >>> 2 */ \ - "rorl $2, "L2"\n\t" \ + "rorl $2, " L2 "\n\t" \ /* L1 = d (e of next RND) */ \ - "movl %"#d", "L1"\n\t" \ + "movl %" #d ", " L1 "\n\t" \ /* h = h + w_k + Sigma1(e) Sigma0(a) + Ch(e,f,g) + Maj(a,b,c) */ \ - "addl "L2", %"#h"\n\t" \ + "addl " L2 ", %" #h "\n\t" \ #define _RND_ALL_0(a,b,c,d,e,f,g,h,i) \ /* h += w_k */ \ - "addl ("#i")*4("WK"), %"#h"\n\t" \ + "addl (" #i ")*4(" WK "), %" #h "\n\t" \ /* L2 = f */ \ - "movl %"#f", "L2"\n\t" \ + "movl %" #f ", " L2 "\n\t" \ /* L3 = b */ \ - "movl %"#b", "L3"\n\t" \ + "movl %" #b ", " L3 "\n\t" \ /* L2 = f ^ g */ \ - "xorl %"#g", "L2"\n\t" \ + "xorl %" #g ", " L2 "\n\t" \ /* L1 = e>>>14 */ \ - "rorl $14, "L1"\n\t" \ + "rorl $14, " L1 "\n\t" \ /* L2 = (f ^ g) & e */ \ - "andl %"#e", "L2"\n\t" \ + "andl %" #e ", " L2 "\n\t" \ /* L1 = (e>>>14) ^ e */ \ - "xorl %"#e", "L1"\n\t" \ + "xorl %" #e ", " L1 "\n\t" \ /* L2 = Ch(e,f,g) */ \ - "xorl %"#g", "L2"\n\t" \ + "xorl %" #g ", " L2 "\n\t" \ /* L1 = ((e>>>14) ^ e) >>> 5 */ \ - "rorl $5, "L1"\n\t" \ + "rorl $5, " L1 "\n\t" \ /* h += Ch(e,f,g) */ \ - "addl "L2", %"#h"\n\t" \ + "addl " L2 ", %" #h "\n\t" \ /* L1 = (((e>>>14) ^ e) >>> 5) ^ e */ \ - "xorl %"#e", "L1"\n\t" \ + "xorl %" #e ", " L1 "\n\t" \ /* L3 = a ^ b */ \ - "xorl %"#a", "L3"\n\t" \ + "xorl %" #a ", " L3 "\n\t" \ /* L1 = ((((e>>>14) ^ e) >>> 5) ^ e) >>> 6 */ \ - "rorl $6, "L1"\n\t" \ + "rorl $6, " L1 "\n\t" \ /* L2 = a */ \ - "movl %"#a", "L2"\n\t" \ + "movl %" #a ", " L2 "\n\t" \ /* h = h + w_k + Sigma1(e) */ \ - "addl "L1", %"#h"\n\t" \ + "addl " L1 ", %" #h "\n\t" \ /* L2 = a>>>9 */ \ - "rorl $9, "L2"\n\t" \ + "rorl $9, " L2 "\n\t" \ /* L3 = (a ^ b) & (b ^ c) */ \ - "andl "L3", "L4"\n\t" \ + "andl " L3 ", " L4 "\n\t" \ /* L2 = (a>>>9) ^ a */ \ - "xorl %"#a", "L2"\n\t" \ + "xorl %" #a ", " L2 "\n\t" \ /* L1 = Maj(a,b,c) */ \ - "xorl %"#b", "L4"\n\t" \ + "xorl %" #b ", " L4 "\n\t" \ /* L2 = ((a>>>9) ^ a) >>> 11 */ \ - "rorl $11, "L2"\n\t" \ + "rorl $11, " L2 "\n\t" \ /* d += h + w_k + Sigma1(e) + Ch(e,f,g) */ \ - "addl %"#h", %"#d"\n\t" \ + "addl %" #h ", %" #d "\n\t" \ /* L2 = (((a>>>9) ^ a) >>> 11) ^ a */ \ - "xorl %"#a", "L2"\n\t" \ + "xorl %" #a ", " L2 "\n\t" \ /* h = h + w_k + Sigma1(e) + Ch(e,f,g) + Maj(a,b,c) */ \ - "addl "L4", %"#h"\n\t" \ + "addl " L4 ", %" #h "\n\t" \ /* L2 = ((((a>>>9) ^ a) >>> 11) ^ a) >>> 2 */ \ - "rorl $2, "L2"\n\t" \ + "rorl $2, " L2 "\n\t" \ /* L1 = d (e of next RND) */ \ - "movl %"#d", "L1"\n\t" \ + "movl %" #d ", " L1 "\n\t" \ /* h = h + w_k + Sigma1(e) Sigma0(a) + Ch(e,f,g) + Maj(a,b,c) */ \ - "addl "L2", %"#h"\n\t" \ + "addl " L2 ", %" #h "\n\t" \ #define _RND_ALL_1(a,b,c,d,e,f,g,h,i) \ /* h += w_k */ \ - "addl ("#i")*4("WK"), %"#h"\n\t" \ + "addl (" #i ")*4(" WK "), %" #h "\n\t" \ /* L2 = f */ \ - "movl %"#f", "L2"\n\t" \ + "movl %" #f ", " L2 "\n\t" \ /* L3 = b */ \ - "movl %"#b", "L4"\n\t" \ + "movl %" #b ", " L4 "\n\t" \ /* L2 = f ^ g */ \ - "xorl %"#g", "L2"\n\t" \ + "xorl %" #g ", " L2 "\n\t" \ /* L1 = e>>>14 */ \ - "rorl $14, "L1"\n\t" \ + "rorl $14, " L1 "\n\t" \ /* L2 = (f ^ g) & e */ \ - "andl %"#e", "L2"\n\t" \ + "andl %" #e ", " L2 "\n\t" \ /* L1 = (e>>>14) ^ e */ \ - "xorl %"#e", "L1"\n\t" \ + "xorl %" #e ", " L1 "\n\t" \ /* L2 = Ch(e,f,g) */ \ - "xorl %"#g", "L2"\n\t" \ + "xorl %" #g ", " L2 "\n\t" \ /* L1 = ((e>>>14) ^ e) >>> 5 */ \ - "rorl $5, "L1"\n\t" \ + "rorl $5, " L1 "\n\t" \ /* h += Ch(e,f,g) */ \ - "addl "L2", %"#h"\n\t" \ + "addl " L2 ", %" #h "\n\t" \ /* L1 = (((e>>>14) ^ e) >>> 5) ^ e */ \ - "xorl %"#e", "L1"\n\t" \ + "xorl %" #e ", " L1 "\n\t" \ /* L3 = a ^ b */ \ - "xorl %"#a", "L4"\n\t" \ + "xorl %" #a ", " L4 "\n\t" \ /* L1 = ((((e>>>14) ^ e) >>> 5) ^ e) >>> 6 */ \ - "rorl $6, "L1"\n\t" \ + "rorl $6, " L1 "\n\t" \ /* L2 = a */ \ - "movl %"#a", "L2"\n\t" \ + "movl %" #a ", " L2 "\n\t" \ /* h = h + w_k + Sigma1(e) */ \ - "addl "L1", %"#h"\n\t" \ + "addl " L1 ", %" #h "\n\t" \ /* L2 = a>>>9 */ \ - "rorl $9, "L2"\n\t" \ + "rorl $9, " L2 "\n\t" \ /* L3 = (a ^ b) & (b ^ c) */ \ - "andl "L4", "L3"\n\t" \ + "andl " L4 ", " L3 "\n\t" \ /* L2 = (a>>>9) ^ a */ \ - "xorl %"#a", "L2"\n\t" \ + "xorl %" #a", " L2 "\n\t" \ /* L1 = Maj(a,b,c) */ \ - "xorl %"#b", "L3"\n\t" \ + "xorl %" #b ", " L3 "\n\t" \ /* L2 = ((a>>>9) ^ a) >>> 11 */ \ - "rorl $11, "L2"\n\t" \ + "rorl $11, " L2 "\n\t" \ /* d += h + w_k + Sigma1(e) + Ch(e,f,g) */ \ - "addl %"#h", %"#d"\n\t" \ + "addl %" #h ", %" #d "\n\t" \ /* L2 = (((a>>>9) ^ a) >>> 11) ^ a */ \ - "xorl %"#a", "L2"\n\t" \ + "xorl %" #a ", " L2 "\n\t" \ /* h = h + w_k + Sigma1(e) + Ch(e,f,g) + Maj(a,b,c) */ \ - "addl "L3", %"#h"\n\t" \ + "addl " L3 ", %" #h "\n\t" \ /* L2 = ((((a>>>9) ^ a) >>> 11) ^ a) >>> 2 */ \ - "rorl $2, "L2"\n\t" \ + "rorl $2, " L2 "\n\t" \ /* L1 = d (e of next RND) */ \ - "movl %"#d", "L1"\n\t" \ + "movl %" #d ", " L1 "\n\t" \ /* h = h + w_k + Sigma1(e) Sigma0(a) + Ch(e,f,g) + Maj(a,b,c) */ \ - "addl "L2", %"#h"\n\t" \ + "addl " L2 ", %" #h "\n\t" \ #define RND_ALL_0(a, b, c, d, e, f, g, h, i) \ @@ -1376,43 +1397,43 @@ static int InitSha256(wc_Sha256* sha256) #if defined(HAVE_INTEL_AVX1) /* inline Assember for Intel AVX1 instructions */ #define _VPALIGNR(op1, op2, op3, op4) \ - "vpalignr $"#op4", %"#op3", %"#op2", %"#op1"\n\t" + "vpalignr $" #op4", %" #op3", %" #op2", %" #op1"\n\t" #define VPALIGNR(op1, op2, op3, op4) \ _VPALIGNR(op1, op2, op3, op4) #define _VPADDD(op1, op2, op3) \ - "vpaddd %"#op3", %"#op2", %"#op1"\n\t" + "vpaddd %" #op3", %" #op2", %" #op1"\n\t" #define VPADDD(op1, op2, op3) \ _VPADDD(op1, op2, op3) #define _VPSRLD(op1, op2, op3) \ - "vpsrld $"#op3", %"#op2", %"#op1"\n\t" + "vpsrld $" #op3", %" #op2", %" #op1"\n\t" #define VPSRLD(op1, op2, op3) \ _VPSRLD(op1, op2, op3) #define _VPSRLQ(op1, op2, op3) \ - "vpsrlq $"#op3", %"#op2", %"#op1"\n\t" + "vpsrlq $" #op3", %" #op2", %" #op1"\n\t" #define VPSRLQ(op1,op2,op3) \ _VPSRLQ(op1,op2,op3) #define _VPSLLD(op1,op2,op3) \ - "vpslld $"#op3", %"#op2", %"#op1"\n\t" + "vpslld $" #op3", %" #op2", %" #op1"\n\t" #define VPSLLD(op1,op2,op3) \ _VPSLLD(op1,op2,op3) #define _VPOR(op1,op2,op3) \ - "vpor %"#op3", %"#op2", %"#op1"\n\t" + "vpor %" #op3", %" #op2", %" #op1"\n\t" #define VPOR(op1,op2,op3) \ _VPOR(op1,op2,op3) #define _VPXOR(op1,op2,op3) \ - "vpxor %"#op3", %"#op2", %"#op1"\n\t" + "vpxor %" #op3", %" #op2", %" #op1"\n\t" #define VPXOR(op1,op2,op3) \ _VPXOR(op1,op2,op3) #define _VPSHUFD(op1,op2,op3) \ - "vpshufd $"#op3", %"#op2", %"#op1"\n\t" + "vpshufd $" #op3", %" #op2", %" #op1"\n\t" #define VPSHUFD(op1,op2,op3) \ _VPSHUFD(op1,op2,op3) #define _VPSHUFB(op1,op2,op3) \ - "vpshufb %"#op3", %"#op2", %"#op1"\n\t" + "vpshufb %" #op3", %" #op2", %" #op1"\n\t" #define VPSHUFB(op1,op2,op3) \ _VPSHUFB(op1,op2,op3) #define _VPSLLDQ(op1,op2,op3) \ - "vpslldq $"#op3", %"#op2", %"#op1"\n\t" + "vpslldq $" #op3", %" #op2", %" #op1"\n\t" #define VPSLLDQ(op1,op2,op3) \ _VPSLLDQ(op1,op2,op3) @@ -1554,12 +1575,12 @@ static int InitSha256(wc_Sha256* sha256) #define _W_K_from_buff(X0, X1, X2, X3, BYTE_FLIP_MASK) \ "# X0, X1, X2, X3 = W[0..15]\n\t" \ - "vmovdqu (%%rax), %"#X0"\n\t" \ - "vmovdqu 16(%%rax), %"#X1"\n\t" \ + "vmovdqu (%%rax), %" #X0 "\n\t" \ + "vmovdqu 16(%%rax), %" #X1 "\n\t" \ VPSHUFB(X0, X0, BYTE_FLIP_MASK) \ VPSHUFB(X1, X1, BYTE_FLIP_MASK) \ - "vmovdqu 32(%%rax), %"#X2"\n\t" \ - "vmovdqu 48(%%rax), %"#X3"\n\t" \ + "vmovdqu 32(%%rax), %" #X2 "\n\t" \ + "vmovdqu 48(%%rax), %" #X3 "\n\t" \ VPSHUFB(X2, X2, BYTE_FLIP_MASK) \ VPSHUFB(X3, X3, BYTE_FLIP_MASK) @@ -1568,14 +1589,14 @@ static int InitSha256(wc_Sha256* sha256) #define _SET_W_K_XFER_4(i) \ - "vpaddd ("#i"*4)+ 0+%[K], %%xmm0, %%xmm4\n\t" \ - "vpaddd ("#i"*4)+16+%[K], %%xmm1, %%xmm5\n\t" \ - "vmovdqu %%xmm4, ("WK")\n\t" \ - "vmovdqu %%xmm5, 16("WK")\n\t" \ - "vpaddd ("#i"*4)+32+%[K], %%xmm2, %%xmm6\n\t" \ - "vpaddd ("#i"*4)+48+%[K], %%xmm3, %%xmm7\n\t" \ - "vmovdqu %%xmm6, 32("WK")\n\t" \ - "vmovdqu %%xmm7, 48("WK")\n\t" + "vpaddd (" #i "*4)+ 0+%[K], %%xmm0, %%xmm4\n\t" \ + "vpaddd (" #i "*4)+16+%[K], %%xmm1, %%xmm5\n\t" \ + "vmovdqu %%xmm4, (" WK ")\n\t" \ + "vmovdqu %%xmm5, 16(" WK ")\n\t" \ + "vpaddd (" #i "*4)+32+%[K], %%xmm2, %%xmm6\n\t" \ + "vpaddd (" #i "*4)+48+%[K], %%xmm3, %%xmm7\n\t" \ + "vmovdqu %%xmm6, 32(" WK ")\n\t" \ + "vmovdqu %%xmm7, 48(" WK ")\n\t" #define SET_W_K_XFER_4(i) \ _SET_W_K_XFER_4(i) @@ -1588,10 +1609,10 @@ static const ALIGN32 word64 mSHUF_DC00[] = static const ALIGN32 word64 mBYTE_FLIP_MASK[] = { 0x0405060700010203, 0x0c0d0e0f08090a0b }; -#define _Init_Masks(mask1, mask2, mask3) \ - "vmovdqa %[FLIP], %"#mask1"\n\t" \ - "vmovdqa %[SHUF00BA], %"#mask2"\n\t" \ - "vmovdqa %[SHUFDC00], %"#mask3"\n\t" +#define _Init_Masks(mask1, mask2, mask3) \ + "vmovdqa %[FLIP], %" #mask1 "\n\t" \ + "vmovdqa %[SHUF00BA], %" #mask2 "\n\t" \ + "vmovdqa %[SHUFDC00], %" #mask3 "\n\t" #define Init_Masks(BYTE_FLIP_MASK, SHUF_00BA, SHUF_DC00) \ _Init_Masks(BYTE_FLIP_MASK, SHUF_00BA, SHUF_DC00) @@ -1626,9 +1647,9 @@ SHA256_NOINLINE static int Transform_Sha256_AVX1(wc_Sha256* sha256) W_K_from_buff(X0, X1, X2, X3, BYTE_FLIP_MASK) - "movl %%r9d, "L4"\n\t" - "movl %%r12d, "L1"\n\t" - "xorl %%r10d, "L4"\n\t" + "movl %%r9d, " L4 "\n\t" + "movl %%r12d, " L1 "\n\t" + "xorl %%r10d, " L4 "\n\t" SET_W_K_XFER_4(0) MsgSched(X0, X1, X2, X3, S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7, 0) @@ -1686,9 +1707,9 @@ SHA256_NOINLINE static int Transform_Sha256_AVX1_Len(wc_Sha256* sha256, W_K_from_buff(X0, X1, X2, X3, BYTE_FLIP_MASK) - "movl %%r9d, "L4"\n\t" - "movl %%r12d, "L1"\n\t" - "xorl %%r10d, "L4"\n\t" + "movl %%r9d, " L4 "\n\t" + "movl %%r12d, " L1 "\n\t" + "xorl %%r10d, " L4 "\n\t" SET_W_K_XFER_4(0) MsgSched(X0, X1, X2, X3, S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7, 0) @@ -1755,9 +1776,9 @@ SHA256_NOINLINE static int Transform_Sha256_AVX1_RORX(wc_Sha256* sha256) LOAD_DIGEST() SET_W_K_XFER_4(0) - "movl %%r9d, "L4"\n\t" - "rorx $6, %%r12d, "L1"\n\t" - "xorl %%r10d, "L4"\n\t" + "movl %%r9d, " L4 "\n\t" + "rorx $6, %%r12d, " L1 "\n\t" + "xorl %%r10d, " L4 "\n\t" MsgSched_RORX(X0, X1, X2, X3, S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7, 0) MsgSched_RORX(X1, X2, X3, X0, S_4, S_5, S_6, S_7, S_0, S_1, S_2, S_3, 4) MsgSched_RORX(X2, X3, X0, X1, S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7, 8) @@ -1776,13 +1797,13 @@ SHA256_NOINLINE static int Transform_Sha256_AVX1_RORX(wc_Sha256* sha256) MsgSched_RORX(X3, X0, X1, X2, S_4, S_5, S_6, S_7, S_0, S_1, S_2, S_3, 12) SET_W_K_XFER_4(48) - "xorl "L3", "L3"\n\t" + "xorl " L3 ", " L3 "\n\t" RND_RORX_X4(S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7, 0) RND_RORX_X4(S_4, S_5, S_6, S_7, S_0, S_1, S_2, S_3, 4) RND_RORX_X4(S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7, 8) RND_RORX_X4(S_4, S_5, S_6, S_7, S_0, S_1, S_2, S_3, 12) /* Prev RND: h += Maj(a,b,c) */ - "addl "L3", %%r8d\n\t" + "addl " L3 ", %%r8d\n\t" STORE_ADD_DIGEST() @@ -1817,9 +1838,9 @@ SHA256_NOINLINE static int Transform_Sha256_AVX1_RORX_Len(wc_Sha256* sha256, W_K_from_buff(X0, X1, X2, X3, BYTE_FLIP_MASK) SET_W_K_XFER_4(0) - "movl %%r9d, "L4"\n\t" - "rorx $6, %%r12d, "L1"\n\t" - "xorl %%r10d, "L4"\n\t" + "movl %%r9d, " L4 "\n\t" + "rorx $6, %%r12d, " L1 "\n\t" + "xorl %%r10d, " L4 "\n\t" MsgSched_RORX(X0, X1, X2, X3, S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7, 0) MsgSched_RORX(X1, X2, X3, X0, S_4, S_5, S_6, S_7, S_0, S_1, S_2, S_3, 4) MsgSched_RORX(X2, X3, X0, X1, S_4, S_5, S_6, S_7, S_0, S_1, S_2, S_3, 8) @@ -1838,14 +1859,14 @@ SHA256_NOINLINE static int Transform_Sha256_AVX1_RORX_Len(wc_Sha256* sha256, MsgSched_RORX(X3, X0, X1, X2, S_4, S_5, S_6, S_7, S_0, S_1, S_2, S_3, 12) SET_W_K_XFER_4(48) - "xorl "L3", "L3"\n\t" - "xorl "L2", "L2"\n\t" + "xorl " L3 ", " L3 "\n\t" + "xorl " L2 ", " L2 "\n\t" RND_RORX_X4(S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7, 0) RND_RORX_X4(S_4, S_5, S_6, S_7, S_0, S_1, S_2, S_3, 4) RND_RORX_X4(S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7, 8) RND_RORX_X4(S_4, S_5, S_6, S_7, S_0, S_1, S_2, S_3, 12) /* Prev RND: h += Maj(a,b,c) */ - "addl "L3", %%r8d\n\t" + "addl " L3 ", %%r8d\n\t" "movq 120(%[sha256]), %%rax\n\t" ADD_DIGEST() @@ -2027,43 +2048,43 @@ SHA256_NOINLINE static int Transform_Sha256_AVX1_RORX_Len(wc_Sha256* sha256, #endif /* HAVE_INTEL_RORX */ #define _VINSERTI128(op1,op2,op3,op4) \ - "vinserti128 $"#op4", %"#op3", %"#op2", %"#op1"\n\t" + "vinserti128 $" #op4 ", %" #op3 ", %" #op2 ", %" #op1 "\n\t" #define VINSERTI128(op1,op2,op3,op4) \ _VINSERTI128(op1,op2,op3,op4) -#define _LOAD_W_K_LOW(BYTE_FLIP_MASK, reg) \ - "# X0, X1, X2, X3 = W[0..15]\n\t" \ - "vmovdqu (%%"#reg"), %%xmm0\n\t" \ - "vmovdqu 16(%%"#reg"), %%xmm1\n\t" \ - VPSHUFB(X0, X0, BYTE_FLIP_MASK) \ - VPSHUFB(X1, X1, BYTE_FLIP_MASK) \ - "vmovdqu 32(%%"#reg"), %%xmm2\n\t" \ - "vmovdqu 48(%%"#reg"), %%xmm3\n\t" \ - VPSHUFB(X2, X2, BYTE_FLIP_MASK) \ +#define _LOAD_W_K_LOW(BYTE_FLIP_MASK, reg) \ + "# X0, X1, X2, X3 = W[0..15]\n\t" \ + "vmovdqu (%%" #reg "), %%xmm0\n\t" \ + "vmovdqu 16(%%" #reg "), %%xmm1\n\t" \ + VPSHUFB(X0, X0, BYTE_FLIP_MASK) \ + VPSHUFB(X1, X1, BYTE_FLIP_MASK) \ + "vmovdqu 32(%%" #reg "), %%xmm2\n\t" \ + "vmovdqu 48(%%" #reg "), %%xmm3\n\t" \ + VPSHUFB(X2, X2, BYTE_FLIP_MASK) \ VPSHUFB(X3, X3, BYTE_FLIP_MASK) #define LOAD_W_K_LOW(BYTE_FLIP_MASK, reg) \ _LOAD_W_K_LOW(BYTE_FLIP_MASK, reg) -#define _LOAD_W_K(BYTE_FLIP_Y_MASK, reg) \ - "# X0, X1, X2, X3 = W[0..15]\n\t" \ - "vmovdqu (%%"#reg"), %%xmm0\n\t" \ - "vmovdqu 16(%%"#reg"), %%xmm1\n\t" \ - "vmovdqu 64(%%"#reg"), %%xmm4\n\t" \ - "vmovdqu 80(%%"#reg"), %%xmm5\n\t" \ - VINSERTI128(Y0, Y0, XTMP0, 1) \ - VINSERTI128(Y1, Y1, XTMP1, 1) \ - VPSHUFB(Y0, Y0, BYTE_FLIP_Y_MASK) \ - VPSHUFB(Y1, Y1, BYTE_FLIP_Y_MASK) \ - "vmovdqu 32(%%"#reg"), %%xmm2\n\t" \ - "vmovdqu 48(%%"#reg"), %%xmm3\n\t" \ - "vmovdqu 96(%%"#reg"), %%xmm6\n\t" \ - "vmovdqu 112(%%"#reg"), %%xmm7\n\t" \ - VINSERTI128(Y2, Y2, XTMP2, 1) \ - VINSERTI128(Y3, Y3, XTMP3, 1) \ - VPSHUFB(Y2, Y2, BYTE_FLIP_Y_MASK) \ +#define _LOAD_W_K(BYTE_FLIP_Y_MASK, reg) \ + "# X0, X1, X2, X3 = W[0..15]\n\t" \ + "vmovdqu (%%" #reg "), %%xmm0\n\t" \ + "vmovdqu 16(%%" #reg "), %%xmm1\n\t" \ + "vmovdqu 64(%%" #reg "), %%xmm4\n\t" \ + "vmovdqu 80(%%" #reg "), %%xmm5\n\t" \ + VINSERTI128(Y0, Y0, XTMP0, 1) \ + VINSERTI128(Y1, Y1, XTMP1, 1) \ + VPSHUFB(Y0, Y0, BYTE_FLIP_Y_MASK) \ + VPSHUFB(Y1, Y1, BYTE_FLIP_Y_MASK) \ + "vmovdqu 32(%%" #reg "), %%xmm2\n\t" \ + "vmovdqu 48(%%" #reg "), %%xmm3\n\t" \ + "vmovdqu 96(%%" #reg "), %%xmm6\n\t" \ + "vmovdqu 112(%%" #reg "), %%xmm7\n\t" \ + VINSERTI128(Y2, Y2, XTMP2, 1) \ + VINSERTI128(Y3, Y3, XTMP3, 1) \ + VPSHUFB(Y2, Y2, BYTE_FLIP_Y_MASK) \ VPSHUFB(Y3, Y3, BYTE_FLIP_Y_MASK) #define LOAD_W_K(BYTE_FLIP_Y_MASK, reg) \ @@ -2071,14 +2092,14 @@ SHA256_NOINLINE static int Transform_Sha256_AVX1_RORX_Len(wc_Sha256* sha256, #define _SET_W_Y_4(i) \ - "vpaddd ("#i"*8)+ 0+%[K], %%ymm0, %%ymm4\n\t" \ - "vpaddd ("#i"*8)+32+%[K], %%ymm1, %%ymm5\n\t" \ - "vmovdqu %%ymm4, ("#i"*8)+ 0("WK")\n\t" \ - "vmovdqu %%ymm5, ("#i"*8)+32("WK")\n\t" \ - "vpaddd ("#i"*8)+64+%[K], %%ymm2, %%ymm4\n\t" \ - "vpaddd ("#i"*8)+96+%[K], %%ymm3, %%ymm5\n\t" \ - "vmovdqu %%ymm4, ("#i"*8)+64("WK")\n\t" \ - "vmovdqu %%ymm5, ("#i"*8)+96("WK")\n\t" + "vpaddd (" #i "*8)+ 0+%[K], %%ymm0, %%ymm4\n\t" \ + "vpaddd (" #i "*8)+32+%[K], %%ymm1, %%ymm5\n\t" \ + "vmovdqu %%ymm4, (" #i "*8)+ 0(" WK ")\n\t" \ + "vmovdqu %%ymm5, (" #i "*8)+32(" WK ")\n\t" \ + "vpaddd (" #i "*8)+64+%[K], %%ymm2, %%ymm4\n\t" \ + "vpaddd (" #i "*8)+96+%[K], %%ymm3, %%ymm5\n\t" \ + "vmovdqu %%ymm4, (" #i "*8)+64(" WK ")\n\t" \ + "vmovdqu %%ymm5, (" #i "*8)+96(" WK ")\n\t" #define SET_W_Y_4(i) \ _SET_W_Y_4(i) @@ -2095,9 +2116,9 @@ static const ALIGN32 word64 mBYTE_FLIP_Y_MASK[] = 0x0405060700010203, 0x0c0d0e0f08090a0b }; #define _INIT_MASKS_Y(BYTE_FLIP_MASK, SHUF_00BA, SHUF_DC00) \ - "vmovdqa %[FLIP], %"#BYTE_FLIP_MASK"\n\t" \ - "vmovdqa %[SHUF00BA], %"#SHUF_00BA"\n\t" \ - "vmovdqa %[SHUFDC00], %"#SHUF_DC00"\n\t" + "vmovdqa %[FLIP], %" #BYTE_FLIP_MASK "\n\t" \ + "vmovdqa %[SHUF00BA], %" #SHUF_00BA "\n\t" \ + "vmovdqa %[SHUFDC00], %" #SHUF_DC00 "\n\t" #define INIT_MASKS_Y(BYTE_FLIP_MASK, SHUF_00BA, SHUF_DC00) \ _INIT_MASKS_Y(BYTE_FLIP_MASK, SHUF_00BA, SHUF_DC00) @@ -2149,9 +2170,9 @@ SHA256_NOINLINE static int Transform_Sha256_AVX2(wc_Sha256* sha256) LOAD_W_K_LOW(BYTE_FLIP_MASK, rax) - "movl %%r9d, "L4"\n\t" - "movl %%r12d, "L1"\n\t" - "xorl %%r10d, "L4"\n\t" + "movl %%r9d, " L4 "\n\t" + "movl %%r12d, " L1 "\n\t" + "xorl %%r10d, " L4 "\n\t" SET_W_Y_4(0) MsgSched_Y(Y0, Y1, Y2, Y3, S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7, 0) @@ -2218,9 +2239,9 @@ SHA256_NOINLINE static int Transform_Sha256_AVX2_Len(wc_Sha256* sha256, LOAD_W_K(BYTE_FLIP_Y_MASK, rax) - "movl %%r9d, "L4"\n\t" - "movl %%r12d, "L1"\n\t" - "xorl %%r10d, "L4"\n\t" + "movl %%r9d, " L4 "\n\t" + "movl %%r12d, " L1 "\n\t" + "xorl %%r10d, " L4 "\n\t" SET_W_Y_4(0) MsgSched_Y(Y0, Y1, Y2, Y3, S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7, 0) @@ -2249,9 +2270,9 @@ SHA256_NOINLINE static int Transform_Sha256_AVX2_Len(wc_Sha256* sha256, ADD_DIGEST() STORE_DIGEST() - "movl %%r9d, "L4"\n\t" - "movl %%r12d, "L1"\n\t" - "xorl %%r10d, "L4"\n\t" + "movl %%r9d, " L4 "\n\t" + "movl %%r12d, " L1 "\n\t" + "xorl %%r10d, " L4 "\n\t" RND_ALL_4(S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7, 4) RND_ALL_4(S_4, S_5, S_6, S_7, S_0, S_1, S_2, S_3, 12) @@ -2309,9 +2330,9 @@ SHA256_NOINLINE static int Transform_Sha256_AVX2_RORX(wc_Sha256* sha256) LOAD_DIGEST() - "movl %%r9d, "L4"\n\t" - "rorx $6, %%r12d, "L1"\n\t" - "xorl %%r10d, "L4"\n\t" + "movl %%r9d, " L4 "\n\t" + "rorx $6, %%r12d, " L1 "\n\t" + "xorl %%r10d, " L4 "\n\t" SET_W_Y_4(0) MsgSched_Y_RORX(Y0, Y1, Y2, Y3, S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7, 0) @@ -2332,14 +2353,14 @@ SHA256_NOINLINE static int Transform_Sha256_AVX2_RORX(wc_Sha256* sha256) MsgSched_Y_RORX(Y3, Y0, Y1, Y2, S_4, S_5, S_6, S_7, S_0, S_1, S_2, S_3, 88) SET_W_Y_4(48) - "xorl "L3", "L3"\n\t" - "xorl "L2", "L2"\n\t" + "xorl " L3 ", " L3 "\n\t" + "xorl " L2 ", " L2 "\n\t" RND_RORX_X4(S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7, 96) RND_RORX_X4(S_4, S_5, S_6, S_7, S_0, S_1, S_2, S_3, 104) RND_RORX_X4(S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7, 112) RND_RORX_X4(S_4, S_5, S_6, S_7, S_0, S_1, S_2, S_3, 120) /* Prev RND: h += Maj(a,b,c) */ - "addl "L3", %%r8d\n\t" + "addl " L3 ", %%r8d\n\t" STORE_ADD_DIGEST() @@ -2382,9 +2403,9 @@ SHA256_NOINLINE static int Transform_Sha256_AVX2_RORX_Len(wc_Sha256* sha256, LOAD_W_K(BYTE_FLIP_Y_MASK, rax) - "movl %%r9d, "L4"\n\t" - "rorx $6, %%r12d, "L1"\n\t" - "xorl %%r10d, "L4"\n\t" + "movl %%r9d, " L4 "\n\t" + "rorx $6, %%r12d, " L1 "\n\t" + "xorl %%r10d, " L4 "\n\t" SET_W_Y_4(0) MsgSched_Y_RORX(Y0, Y1, Y2, Y3, S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7, 0) @@ -2405,22 +2426,22 @@ SHA256_NOINLINE static int Transform_Sha256_AVX2_RORX_Len(wc_Sha256* sha256, MsgSched_Y_RORX(Y3, Y0, Y1, Y2, S_4, S_5, S_6, S_7, S_0, S_1, S_2, S_3, 88) SET_W_Y_4(48) - "xorl "L3", "L3"\n\t" - "xorl "L2", "L2"\n\t" + "xorl " L3 ", " L3 "\n\t" + "xorl " L2 ", " L2 "\n\t" RND_RORX_X4(S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7, 96) RND_RORX_X4(S_4, S_5, S_6, S_7, S_0, S_1, S_2, S_3, 104) RND_RORX_X4(S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7, 112) RND_RORX_X4(S_4, S_5, S_6, S_7, S_0, S_1, S_2, S_3, 120) /* Prev RND: h += Maj(a,b,c) */ - "addl "L3", %%r8d\n\t" - "xorl "L2", "L2"\n\t" + "addl " L3 ", %%r8d\n\t" + "xorl " L2 ", " L2 "\n\t" ADD_DIGEST() STORE_DIGEST() - "movl %%r9d, "L4"\n\t" - "xorl "L3", "L3"\n\t" - "xorl %%r10d, "L4"\n\t" + "movl %%r9d, " L4 "\n\t" + "xorl " L3 ", " L3 "\n\t" + "xorl %%r10d, " L4 "\n\t" RND_RORX_X4(S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7, 4) RND_RORX_X4(S_4, S_5, S_6, S_7, S_0, S_1, S_2, S_3, 12) @@ -2439,7 +2460,7 @@ SHA256_NOINLINE static int Transform_Sha256_AVX2_RORX_Len(wc_Sha256* sha256, RND_RORX_X4(S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7, 116) RND_RORX_X4(S_4, S_5, S_6, S_7, S_0, S_1, S_2, S_3, 124) /* Prev RND: h += Maj(a,b,c) */ - "addl "L3", %%r8d\n\t" + "addl " L3 ", %%r8d\n\t" "movq 120(%[sha256]), %%rax\n\t" ADD_DIGEST() diff --git a/wolfcrypt/src/sha512.c b/wolfcrypt/src/sha512.c index b96b29ad6..a39bd8379 100644 --- a/wolfcrypt/src/sha512.c +++ b/wolfcrypt/src/sha512.c @@ -695,6 +695,27 @@ static INLINE int Sha512Final(wc_Sha512* sha512) return 0; } +int wc_Sha512FinalRaw(wc_Sha512* sha512, byte* hash) +{ +#ifdef LITTLE_ENDIAN_ORDER + word64 digest[WC_SHA512_DIGEST_SIZE / sizeof(word64)]; +#endif + + if (sha512 == NULL || hash == NULL) { + return BAD_FUNC_ARG; + } + +#ifdef LITTLE_ENDIAN_ORDER + ByteReverseWords64((word64*)digest, (word64*)sha512->digest, + WC_SHA512_DIGEST_SIZE); + XMEMCPY(hash, digest, WC_SHA512_DIGEST_SIZE); +#else + XMEMCPY(hash, sha512->digest, WC_SHA512_DIGEST_SIZE); +#endif + + return 0; +} + int wc_Sha512Final(wc_Sha512* sha512, byte* hash) { int ret; @@ -764,33 +785,33 @@ static word64 mBYTE_FLIP_MASK[] = { 0x0001020304050607, 0x08090a0b0c0d0e0f }; "xmm0", "xmm1", "xmm2", "xmm3", "xmm4", "xmm5", "xmm6", "xmm7", \ "xmm8", "xmm9", "xmm10", "xmm11", "xmm12", "xmm13", "xmm14", "xmm15" -#define _VPALIGNR(dest, src1, src2, bits) \ - "vpalignr $"#bits", %%"#src2", %%"#src1", %%"#dest"\n\t" +#define _VPALIGNR(dest, src1, src2, bits) \ + "vpalignr $" #bits ", %%" #src2 ", %%" #src1 ", %%" #dest "\n\t" #define VPALIGNR(dest, src1, src2, bits) \ _VPALIGNR(dest, src1, src2, bits) #define _V_SHIFT_R(dest, src, bits) \ - "vpsrlq $"#bits", %%"#src", %%"#dest"\n\t" + "vpsrlq $" #bits ", %%" #src ", %%" #dest "\n\t" #define V_SHIFT_R(dest, src, bits) \ _V_SHIFT_R(dest, src, bits) #define _V_SHIFT_L(dest, src, bits) \ - "vpsllq $"#bits", %%"#src", %%"#dest"\n\t" + "vpsllq $" #bits ", %%" #src ", %%" #dest "\n\t" #define V_SHIFT_L(dest, src, bits) \ _V_SHIFT_L(dest, src, bits) #define _V_ADD(dest, src1, src2) \ - "vpaddq %%"#src1", %%"#src2", %%"#dest"\n\t" + "vpaddq %%" #src1 ", %%" #src2 ", %%" #dest "\n\t" #define V_ADD(dest, src1, src2) \ _V_ADD(dest, src1, src2) #define _V_XOR(dest, src1, src2) \ - "vpxor %%"#src1", %%"#src2", %%"#dest"\n\t" + "vpxor %%" #src1 ", %%" #src2 ", %%" #dest "\n\t" #define V_XOR(dest, src1, src2) \ _V_XOR(dest, src1, src2) #define _V_OR(dest, src1, src2) \ - "vpor %%"#src1", %%"#src2", %%"#dest"\n\t" + "vpor %%" #src1 ", %%" #src2 ", %%" #dest "\n\t" #define V_OR(dest, src1, src2) \ _V_OR(dest, src1, src2) @@ -815,179 +836,179 @@ static word64 mBYTE_FLIP_MASK[] = { 0x0001020304050607, 0x08090a0b0c0d0e0f }; #define RND_0_1(a,b,c,d,e,f,g,h,i) \ /* L1 = e >>> 23 */ \ - "rorq $23, "L1"\n\t" \ + "rorq $23, " L1 "\n\t" \ #define RND_0_2(a,b,c,d,e,f,g,h,i) \ /* L3 = a */ \ - "movq "#a", "L3"\n\t" \ + "movq "#a", " L3 "\n\t" \ /* L2 = f */ \ - "movq "#f", "L2"\n\t" \ + "movq "#f", " L2 "\n\t" \ /* h += W_X[i] */ \ - "addq ("#i")*8("WX"), "#h"\n\t" \ + "addq ("#i")*8(" WX "), "#h"\n\t" \ /* L2 = f ^ g */ \ - "xorq "#g", "L2"\n\t" \ + "xorq "#g", " L2 "\n\t" \ #define RND_0_2_A(a,b,c,d,e,f,g,h,i) \ /* L3 = a */ \ - "movq "#a", "L3"\n\t" \ + "movq "#a", " L3 "\n\t" \ /* L2 = f */ \ - "movq "#f", "L2"\n\t" \ + "movq "#f", " L2 "\n\t" \ #define RND_0_2_B(a,b,c,d,e,f,g,h,i) \ /* h += W_X[i] */ \ - "addq ("#i")*8("WX"), "#h"\n\t" \ + "addq ("#i")*8(" WX "), "#h"\n\t" \ /* L2 = f ^ g */ \ - "xorq "#g", "L2"\n\t" \ + "xorq "#g", " L2 "\n\t" \ #define RND_0_3(a,b,c,d,e,f,g,h,i) \ /* L1 = (e >>> 23) ^ e */ \ - "xorq "#e", "L1"\n\t" \ + "xorq "#e", " L1 "\n\t" \ /* L2 = (f ^ g) & e */ \ - "andq "#e", "L2"\n\t" \ + "andq "#e", " L2 "\n\t" \ #define RND_0_4(a,b,c,d,e,f,g,h,i) \ /* L1 = ((e >>> 23) ^ e) >>> 4 */ \ - "rorq $4, "L1"\n\t" \ + "rorq $4, " L1 "\n\t" \ /* L2 = ((f ^ g) & e) ^ g */ \ - "xorq "#g", "L2"\n\t" \ + "xorq "#g", " L2 "\n\t" \ #define RND_0_5(a,b,c,d,e,f,g,h,i) \ /* L1 = (((e >>> 23) ^ e) >>> 4) ^ e */ \ - "xorq "#e", "L1"\n\t" \ + "xorq "#e", " L1 "\n\t" \ /* h += Ch(e,f,g) */ \ - "addq "L2", "#h"\n\t" \ + "addq " L2 ", "#h"\n\t" \ #define RND_0_6(a,b,c,d,e,f,g,h,i) \ /* L1 = ((((e >>> 23) ^ e) >>> 4) ^ e) >>> 14 */ \ - "rorq $14, "L1"\n\t" \ + "rorq $14, " L1 "\n\t" \ /* L3 = a ^ b */ \ - "xorq "#b", "L3"\n\t" \ + "xorq "#b", " L3 "\n\t" \ #define RND_0_7(a,b,c,d,e,f,g,h,i) \ /* h += Sigma1(e) */ \ - "addq "L1", "#h"\n\t" \ + "addq " L1 ", "#h"\n\t" \ /* L2 = a */ \ - "movq "#a", "L2"\n\t" \ + "movq "#a", " L2 "\n\t" \ #define RND_0_8(a,b,c,d,e,f,g,h,i) \ /* L4 = (a ^ b) & (b ^ c) */ \ - "andq "L3", "L4"\n\t" \ + "andq " L3 ", " L4 "\n\t" \ /* L2 = a >>> 5 */ \ - "rorq $5, "L2"\n\t" \ + "rorq $5, " L2 "\n\t" \ #define RND_0_9(a,b,c,d,e,f,g,h,i) \ /* L2 = (a >>> 5) ^ a */ \ - "xorq "#a", "L2"\n\t" \ + "xorq "#a", " L2 "\n\t" \ /* L4 = ((a ^ b) & (b ^ c) ^ b */ \ - "xorq "#b", "L4"\n\t" \ + "xorq "#b", " L4 "\n\t" \ #define RND_0_10(a,b,c,d,e,f,g,h,i) \ /* L2 = ((a >>> 5) ^ a) >>> 6 */ \ - "rorq $6, "L2"\n\t" \ + "rorq $6, " L2 "\n\t" \ /* d += h */ \ "addq "#h", "#d"\n\t" \ #define RND_0_11(a,b,c,d,e,f,g,h,i) \ /* L2 = (((a >>> 5) ^ a) >>> 6) ^ a */ \ - "xorq "#a", "L2"\n\t" \ + "xorq "#a", " L2 "\n\t" \ /* h += Sigma0(a) */ \ - "addq "L4", "#h"\n\t" \ + "addq " L4 ", "#h"\n\t" \ #define RND_0_12(a,b,c,d,e,f,g,h,i) \ /* L2 = ((((a >>> 5) ^ a) >>> 6) ^ a) >>> 28 */ \ - "rorq $28, "L2"\n\t" \ + "rorq $28, " L2 "\n\t" \ /* d (= e next RND) */ \ - "movq "#d", "L1"\n\t" \ + "movq "#d", " L1 "\n\t" \ /* h += Maj(a,b,c) */ \ - "addq "L2", "#h"\n\t" \ + "addq " L2 ", "#h"\n\t" \ #define RND_1_1(a,b,c,d,e,f,g,h,i) \ /* L1 = e >>> 23 */ \ - "rorq $23, "L1"\n\t" \ + "rorq $23, " L1 "\n\t" \ #define RND_1_2(a,b,c,d,e,f,g,h,i) \ /* L4 = a */ \ - "movq "#a", "L4"\n\t" \ + "movq "#a", " L4 "\n\t" \ /* L2 = f */ \ - "movq "#f", "L2"\n\t" \ + "movq "#f", " L2 "\n\t" \ /* h += W_X[i] */ \ - "addq ("#i")*8("WX"), "#h"\n\t" \ + "addq ("#i")*8(" WX "), "#h"\n\t" \ /* L2 = f ^ g */ \ - "xorq "#g", "L2"\n\t" \ + "xorq "#g", " L2 "\n\t" \ #define RND_1_2_A(a,b,c,d,e,f,g,h,i) \ /* L4 = a */ \ - "movq "#a", "L4"\n\t" \ + "movq "#a", " L4 "\n\t" \ /* L2 = f */ \ - "movq "#f", "L2"\n\t" \ + "movq "#f", " L2 "\n\t" \ #define RND_1_2_B(a,b,c,d,e,f,g,h,i) \ /* h += W_X[i] */ \ - "addq ("#i")*8("WX"), "#h"\n\t" \ + "addq ("#i")*8(" WX "), "#h"\n\t" \ /* L2 = f ^ g */ \ - "xorq "#g", "L2"\n\t" \ + "xorq "#g", " L2 "\n\t" \ #define RND_1_3(a,b,c,d,e,f,g,h,i) \ /* L1 = (e >>> 23) ^ e */ \ - "xorq "#e", "L1"\n\t" \ + "xorq "#e", " L1 "\n\t" \ /* L2 = (f ^ g) & e */ \ - "andq "#e", "L2"\n\t" \ + "andq "#e", " L2 "\n\t" \ #define RND_1_4(a,b,c,d,e,f,g,h,i) \ /* ((e >>> 23) ^ e) >>> 4 */ \ - "rorq $4, "L1"\n\t" \ + "rorq $4, " L1 "\n\t" \ /* ((f ^ g) & e) ^ g */ \ - "xorq "#g", "L2"\n\t" \ + "xorq "#g", " L2 "\n\t" \ #define RND_1_5(a,b,c,d,e,f,g,h,i) \ /* (((e >>> 23) ^ e) >>> 4) ^ e */ \ - "xorq "#e", "L1"\n\t" \ + "xorq "#e", " L1 "\n\t" \ /* h += Ch(e,f,g) */ \ - "addq "L2", "#h"\n\t" \ + "addq " L2 ", "#h"\n\t" \ #define RND_1_6(a,b,c,d,e,f,g,h,i) \ /* L1 = ((((e >>> 23) ^ e) >>> 4) ^ e) >>> 14 */ \ - "rorq $14, "L1"\n\t" \ + "rorq $14, " L1 "\n\t" \ /* L4 = a ^ b */ \ - "xorq "#b", "L4"\n\t" \ + "xorq "#b", " L4 "\n\t" \ #define RND_1_7(a,b,c,d,e,f,g,h,i) \ /* h += Sigma1(e) */ \ - "addq "L1", "#h"\n\t" \ + "addq " L1 ", "#h"\n\t" \ /* L2 = a */ \ - "movq "#a", "L2"\n\t" \ - + "movq "#a", " L2 "\n\t" \ + #define RND_1_8(a,b,c,d,e,f,g,h,i) \ /* L3 = (a ^ b) & (b ^ c) */ \ - "andq "L4", "L3"\n\t" \ + "andq " L4 ", " L3 "\n\t" \ /* L2 = a >>> 5 */ \ - "rorq $5, "L2"\n\t" \ + "rorq $5, " L2 "\n\t" \ #define RND_1_9(a,b,c,d,e,f,g,h,i) \ /* L2 = (a >>> 5) ^ a */ \ - "xorq "#a", "L2"\n\t" \ + "xorq "#a", " L2 "\n\t" \ /* L3 = ((a ^ b) & (b ^ c) ^ b */ \ - "xorq "#b", "L3"\n\t" \ + "xorq "#b", " L3 "\n\t" \ #define RND_1_10(a,b,c,d,e,f,g,h,i) \ /* L2 = ((a >>> 5) ^ a) >>> 6 */ \ - "rorq $6, "L2"\n\t" \ + "rorq $6, " L2 "\n\t" \ /* d += h */ \ "addq "#h", "#d"\n\t" \ #define RND_1_11(a,b,c,d,e,f,g,h,i) \ /* L2 = (((a >>> 5) ^ a) >>> 6) ^ a */ \ - "xorq "#a", "L2"\n\t" \ + "xorq "#a", " L2 "\n\t" \ /* h += Sigma0(a) */ \ - "addq "L3", "#h"\n\t" \ + "addq " L3 ", "#h"\n\t" \ #define RND_1_12(a,b,c,d,e,f,g,h,i) \ /* L2 = ((((a >>> 5) ^ a) >>> 6) ^ a) >>> 28 */ \ - "rorq $28, "L2"\n\t" \ + "rorq $28, " L2 "\n\t" \ /* d (= e next RND) */ \ - "movq "#d", "L1"\n\t" \ + "movq "#d", " L1 "\n\t" \ /* h += Maj(a,b,c) */ \ - "addq "L2", "#h"\n\t" \ + "addq " L2 ", "#h"\n\t" \ #define MsgSched2(W_0,W_2,W_4,W_6,W_8,W_10,W_12,W_14,a,b,c,d,e,f,g,h,i) \ @@ -1070,131 +1091,131 @@ static word64 mBYTE_FLIP_MASK[] = { 0x0001020304050607, 0x08090a0b0c0d0e0f }; #define RND_RORX_0_1(a, b, c, d, e, f, g, h, i) \ /* L1 = e>>>14 */ \ - "rorxq $14, "#e", "L1"\n\t" \ + "rorxq $14, "#e", " L1 "\n\t" \ /* L2 = e>>>18 */ \ - "rorxq $18, "#e", "L2"\n\t" \ + "rorxq $18, "#e", " L2 "\n\t" \ /* Prev RND: h += Maj(a,b,c) */ \ - "addq "L3", "#a"\n\t" \ + "addq " L3 ", "#a"\n\t" \ #define RND_RORX_0_2(a, b, c, d, e, f, g, h, i) \ /* h += w_k */ \ - "addq ("#i")*8("WX"), "#h"\n\t" \ + "addq ("#i")*8(" WX "), "#h"\n\t" \ /* L3 = f */ \ - "movq "#f", "L3"\n\t" \ + "movq "#f", " L3 "\n\t" \ /* L2 = (e>>>14) ^ (e>>>18) */ \ - "xorq "L1", "L2"\n\t" \ + "xorq " L1 ", " L2 "\n\t" \ #define RND_RORX_0_3(a, b, c, d, e, f, g, h, i) \ /* L3 = f ^ g */ \ - "xorq "#g", "L3"\n\t" \ + "xorq "#g", " L3 "\n\t" \ /* L1 = e>>>41 */ \ - "rorxq $41, "#e", "L1"\n\t" \ + "rorxq $41, "#e", " L1 "\n\t" \ /* L1 = Sigma1(e) */ \ - "xorq "L2", "L1"\n\t" \ + "xorq " L2 ", " L1 "\n\t" \ #define RND_RORX_0_4(a, b, c, d, e, f, g, h, i) \ /* L3 = (f ^ g) & e */ \ - "andq "#e", "L3"\n\t" \ + "andq "#e", " L3 "\n\t" \ /* h += Sigma1(e) */ \ - "addq "L1", "#h"\n\t" \ + "addq " L1 ", "#h"\n\t" \ /* L1 = a>>>28 */ \ - "rorxq $28, "#a", "L1"\n\t" \ + "rorxq $28, "#a", " L1 "\n\t" \ #define RND_RORX_0_5(a, b, c, d, e, f, g, h, i) \ /* L2 = a>>>34 */ \ - "rorxq $34, "#a", "L2"\n\t" \ + "rorxq $34, "#a", " L2 "\n\t" \ /* L3 = Ch(e,f,g) */ \ - "xorq "#g", "L3"\n\t" \ + "xorq "#g", " L3 "\n\t" \ /* L2 = (a>>>28) ^ (a>>>34) */ \ - "xorq "L1", "L2"\n\t" \ + "xorq " L1 ", " L2 "\n\t" \ #define RND_RORX_0_6(a, b, c, d, e, f, g, h, i) \ /* L1 = a>>>39 */ \ - "rorxq $39, "#a", "L1"\n\t" \ + "rorxq $39, "#a", " L1 "\n\t" \ /* h += Ch(e,f,g) */ \ - "addq "L3", "#h"\n\t" \ + "addq " L3 ", "#h"\n\t" \ /* L1 = Sigma0(a) */ \ - "xorq "L2", "L1"\n\t" \ + "xorq " L2 ", " L1 "\n\t" \ #define RND_RORX_0_7(a, b, c, d, e, f, g, h, i) \ /* L3 = b */ \ - "movq "#b", "L3"\n\t" \ + "movq "#b", " L3 "\n\t" \ /* d += h + w_k + Sigma1(e) + Ch(e,f,g) */ \ "addq "#h", "#d"\n\t" \ /* L3 = a ^ b */ \ - "xorq "#a", "L3"\n\t" \ + "xorq "#a", " L3 "\n\t" \ #define RND_RORX_0_8(a, b, c, d, e, f, g, h, i) \ /* L4 = (a ^ b) & (b ^ c) */ \ - "andq "L3", "L4"\n\t" \ + "andq " L3 ", " L4 "\n\t" \ /* h += Sigma0(a) */ \ - "addq "L1", "#h"\n\t" \ + "addq " L1 ", "#h"\n\t" \ /* L4 = Maj(a,b,c) */ \ - "xorq "#b", "L4"\n\t" \ + "xorq "#b", " L4 "\n\t" \ #define RND_RORX_1_1(a, b, c, d, e, f, g, h, i) \ /* L1 = e>>>14 */ \ - "rorxq $14, "#e", "L1"\n\t" \ + "rorxq $14, "#e", " L1 "\n\t" \ /* L2 = e>>>18 */ \ - "rorxq $18, "#e", "L2"\n\t" \ + "rorxq $18, "#e", " L2 "\n\t" \ /* Prev RND: h += Maj(a,b,c) */ \ - "addq "L4", "#a"\n\t" \ + "addq " L4 ", "#a"\n\t" \ #define RND_RORX_1_2(a, b, c, d, e, f, g, h, i) \ /* h += w_k */ \ - "addq ("#i")*8("WX"), "#h"\n\t" \ + "addq ("#i")*8(" WX "), "#h"\n\t" \ /* L4 = f */ \ - "movq "#f", "L4"\n\t" \ + "movq "#f", " L4 "\n\t" \ /* L2 = (e>>>14) ^ (e>>>18) */ \ - "xorq "L1", "L2"\n\t" \ + "xorq " L1 ", " L2 "\n\t" \ #define RND_RORX_1_3(a, b, c, d, e, f, g, h, i) \ /* L4 = f ^ g */ \ - "xorq "#g", "L4"\n\t" \ + "xorq "#g", " L4 "\n\t" \ /* L1 = e>>>41 */ \ - "rorxq $41, "#e", "L1"\n\t" \ + "rorxq $41, "#e", " L1 "\n\t" \ /* L1 = Sigma1(e) */ \ - "xorq "L2", "L1"\n\t" \ + "xorq " L2 ", " L1 "\n\t" \ #define RND_RORX_1_4(a, b, c, d, e, f, g, h, i) \ /* L4 = (f ^ g) & e */ \ - "andq "#e", "L4"\n\t" \ + "andq "#e", " L4 "\n\t" \ /* h += Sigma1(e) */ \ - "addq "L1", "#h"\n\t" \ + "addq " L1 ", "#h"\n\t" \ /* L1 = a>>>28 */ \ - "rorxq $28, "#a", "L1"\n\t" \ + "rorxq $28, "#a", " L1 "\n\t" \ #define RND_RORX_1_5(a, b, c, d, e, f, g, h, i) \ /* L2 = a>>>34 */ \ - "rorxq $34, "#a", "L2"\n\t" \ + "rorxq $34, "#a", " L2 "\n\t" \ /* L4 = Ch(e,f,g) */ \ - "xorq "#g", "L4"\n\t" \ + "xorq "#g", " L4 "\n\t" \ /* L2 = (a>>>28) ^ (a>>>34) */ \ - "xorq "L1", "L2"\n\t" \ + "xorq " L1 ", " L2 "\n\t" \ #define RND_RORX_1_6(a, b, c, d, e, f, g, h, i) \ /* L1 = a>>>39 */ \ - "rorxq $39, "#a", "L1"\n\t" \ + "rorxq $39, "#a", " L1 "\n\t" \ /* h += Ch(e,f,g) */ \ - "addq "L4", "#h"\n\t" \ + "addq " L4 ", "#h"\n\t" \ /* L1 = Sigma0(a) */ \ - "xorq "L2", "L1"\n\t" \ + "xorq " L2 ", " L1 "\n\t" \ #define RND_RORX_1_7(a, b, c, d, e, f, g, h, i) \ /* L4 = b */ \ - "movq "#b", "L4"\n\t" \ + "movq "#b", " L4 "\n\t" \ /* d += h + w_k + Sigma1(e) + Ch(e,f,g) */ \ "addq "#h", "#d"\n\t" \ /* L4 = a ^ b */ \ - "xorq "#a", "L4"\n\t" \ + "xorq "#a", " L4 "\n\t" \ #define RND_RORX_1_8(a, b, c, d, e, f, g, h, i) \ /* L2 = (a ^ b) & (b ^ c) */ \ - "andq "L4", "L3"\n\t" \ + "andq " L4 ", " L3 "\n\t" \ /* h += Sigma0(a) */ \ - "addq "L1", "#h"\n\t" \ + "addq " L1 ", "#h"\n\t" \ /* L3 = Maj(a,b,c) */ \ - "xorq "#b", "L3"\n\t" \ + "xorq "#b", " L3 "\n\t" \ #define RND_RORX_ALL_2(a, b, c, d, e, f, g, h, i) \ RND_RORX_0_1(a, b, c, d, e, f, g, h, i+0) \ @@ -1262,15 +1283,15 @@ static word64 mBYTE_FLIP_MASK[] = { 0x0001020304050607, 0x08090a0b0c0d0e0f }; #endif #define _INIT_MASK(mask) \ - "vmovdqu %[mask], %%"#mask"\n\t" + "vmovdqu %[mask], %%" #mask "\n\t" #define INIT_MASK(mask) \ _INIT_MASK(mask) -#define _LOAD_W_2(i1, i2, xmm1, xmm2, mask, reg) \ - "vmovdqu "#i1"*16(%%"#reg"), %%"#xmm1"\n\t" \ - "vmovdqu "#i2"*16(%%"#reg"), %%"#xmm2"\n\t" \ - "vpshufb %%"#mask", %%"#xmm1", %%"#xmm1"\n\t" \ - "vpshufb %%"#mask", %%"#xmm2", %%"#xmm2"\n\t" +#define _LOAD_W_2(i1, i2, xmm1, xmm2, mask, reg) \ + "vmovdqu " #i1 "*16(%%" #reg "), %%" #xmm1 "\n\t" \ + "vmovdqu " #i2 "*16(%%" #reg "), %%" #xmm2 "\n\t" \ + "vpshufb %%" #mask ", %%" #xmm1 ", %%" #xmm1 "\n\t" \ + "vpshufb %%" #mask ", %%" #xmm2 ", %%" #xmm2 "\n\t" #define LOAD_W_2(i1, i2, xmm1, xmm2, mask, reg) \ _LOAD_W_2(i1, i2, xmm1, xmm2, mask, reg) @@ -1281,11 +1302,11 @@ static word64 mBYTE_FLIP_MASK[] = { 0x0001020304050607, 0x08090a0b0c0d0e0f }; LOAD_W_2(4, 5, W_8 , W_10, mask, reg) \ LOAD_W_2(6, 7, W_12, W_14, mask, reg) -#define _SET_W_X_2(xmm0, xmm1, reg, i) \ - "vpaddq "#i"+ 0(%%"#reg"), %%"#xmm0", %%xmm8\n\t" \ - "vpaddq "#i"+16(%%"#reg"), %%"#xmm1", %%xmm9\n\t" \ - "vmovdqu %%xmm8, "#i"+ 0("WX")\n\t" \ - "vmovdqu %%xmm9, "#i"+16("WX")\n\t" \ +#define _SET_W_X_2(xmm0, xmm1, reg, i) \ + "vpaddq " #i "+ 0(%%" #reg "), %%" #xmm0 ", %%xmm8\n\t" \ + "vpaddq " #i "+16(%%" #reg "), %%" #xmm1 ", %%xmm9\n\t" \ + "vmovdqu %%xmm8, " #i "+ 0(" WX ")\n\t" \ + "vmovdqu %%xmm9, " #i "+16(" WX ")\n\t" \ #define SET_W_X_2(xmm0, xmm1, reg, i) \ _SET_W_X_2(xmm0, xmm1, reg, i) @@ -1354,14 +1375,14 @@ static int Transform_Sha512_AVX1(wc_Sha512* sha512) LOAD_W(MASK, rax) - "movl $4, 16*8("WX")\n\t" + "movl $4, 16*8(" WX ")\n\t" "leaq %[K512], %%rsi\n\t" /* b */ - "movq %%r9, "L4"\n\t" + "movq %%r9, " L4 "\n\t" /* e */ - "movq %%r12, "L1"\n\t" + "movq %%r12, " L1 "\n\t" /* b ^ c */ - "xorq %%r10, "L4"\n\t" + "xorq %%r10, " L4 "\n\t" "# Start of 16 rounds\n" "1:\n\t" @@ -1379,7 +1400,7 @@ static int Transform_Sha512_AVX1(wc_Sha512* sha512) MsgSched2(W_12,W_14,W_0,W_2,W_4,W_6,W_8,W_10,RE,RF,RG,RH,RA,RB,RC,RD,12) MsgSched2(W_14,W_0,W_2,W_4,W_6,W_8,W_10,W_12,RC,RD,RE,RF,RG,RH,RA,RB,14) - "subl $1, 16*8("WX")\n\t" + "subl $1, 16*8(" WX ")\n\t" "jne 1b\n\t" SET_W_X(rsi) @@ -1427,13 +1448,13 @@ static int Transform_Sha512_AVX1_Len(wc_Sha512* sha512, word32 len) LOAD_W(MASK, rsi) - "movl $4, 16*8("WX")\n\t" + "movl $4, 16*8(" WX ")\n\t" /* b */ - "movq %%r9, "L4"\n\t" + "movq %%r9, " L4 "\n\t" /* e */ - "movq %%r12, "L1"\n\t" + "movq %%r12, " L1 "\n\t" /* b ^ c */ - "xorq %%r10, "L4"\n\t" + "xorq %%r10, " L4 "\n\t" SET_W_X(rdx) @@ -1456,7 +1477,7 @@ static int Transform_Sha512_AVX1_Len(wc_Sha512* sha512, word32 len) SET_W_X(rdx) - "subl $1, 16*8("WX")\n\t" + "subl $1, 16*8(" WX ")\n\t" "jne 1b\n\t" RND_ALL_2(RA,RB,RC,RD,RE,RF,RG,RH, 0) @@ -1506,14 +1527,14 @@ static int Transform_Sha512_AVX1_RORX(wc_Sha512* sha512) LOAD_W(MASK, rax) - "movl $4, 16*8("WX")\n\t" + "movl $4, 16*8(" WX ")\n\t" "leaq %[K512], %%rsi\n\t" /* L4 = b */ - "movq %%r9, "L4"\n\t" + "movq %%r9, " L4 "\n\t" /* L3 = 0 (add to prev h) */ - "xorq "L3", "L3"\n\t" + "xorq " L3 ", " L3 "\n\t" /* L4 = b ^ c */ - "xorq %%r10, "L4"\n\t" + "xorq %%r10, " L4 "\n\t" SET_W_X(rsi) @@ -1533,7 +1554,7 @@ static int Transform_Sha512_AVX1_RORX(wc_Sha512* sha512) SET_W_X(rsi) - "subl $1, 16*8("WX")\n\t" + "subl $1, 16*8(" WX ")\n\t" "jne 1b\n\t" RND_RORX_ALL_2(RA,RB,RC,RD,RE,RF,RG,RH, 0) @@ -1547,7 +1568,7 @@ static int Transform_Sha512_AVX1_RORX(wc_Sha512* sha512) RND_RORX_ALL_2(RC,RD,RE,RF,RG,RH,RA,RB,14) /* Prev RND: h += Maj(a,b,c) */ - "addq "L3", %%r8\n\t" + "addq " L3 ", %%r8\n\t" "addq $144, %%rsp\n\t" STORE_ADD_DIGEST() @@ -1581,13 +1602,13 @@ static int Transform_Sha512_AVX1_RORX_Len(wc_Sha512* sha512, word32 len) LOAD_W(MASK, rsi) - "movl $4, 16*8("WX")\n\t" + "movl $4, 16*8(" WX ")\n\t" /* L4 = b */ - "movq %%r9, "L4"\n\t" + "movq %%r9, " L4 "\n\t" /* L3 = 0 (add to prev h) */ - "xorq "L3", "L3"\n\t" + "xorq " L3 ", " L3 "\n\t" /* L4 = b ^ c */ - "xorq %%r10, "L4"\n\t" + "xorq %%r10, " L4 "\n\t" SET_W_X(rcx) @@ -1610,7 +1631,7 @@ static int Transform_Sha512_AVX1_RORX_Len(wc_Sha512* sha512, word32 len) SET_W_X(rcx) - "subl $1, 16*8("WX")\n\t" + "subl $1, 16*8(" WX ")\n\t" "jne 1b\n\t" SET_W_X(rcx) @@ -1626,7 +1647,7 @@ static int Transform_Sha512_AVX1_RORX_Len(wc_Sha512* sha512, word32 len) RND_RORX_ALL_2(RC,RD,RE,RF,RG,RH,RA,RB,14) /* Prev RND: h += Maj(a,b,c) */ - "addq "L3", %%r8\n\t" + "addq " L3 ", %%r8\n\t" "addq $256, %%rsp\n\t" ADD_DIGEST() @@ -1694,28 +1715,28 @@ static const unsigned long mBYTE_FLIP_MASK_Y[] = "ymm0", "ymm1", "ymm2", "ymm3", "ymm4", "ymm5", "ymm6", "ymm7", \ "xmm8", "ymm9", "ymm10", "ymm11", "ymm12", "ymm13", "ymm14", "ymm15" -#define _VPERM2I128(dest, src1, src2, sel) \ - "vperm2I128 $"#sel", %%"#src2", %%"#src1", %%"#dest"\n\t" +#define _VPERM2I128(dest, src1, src2, sel) \ + "vperm2I128 $" #sel ", %%" #src2 ", %%" #src1 ", %%" #dest "\n\t" #define VPERM2I128(dest, src1, src2, sel) \ _VPERM2I128(dest, src1, src2, sel) -#define _VPERMQ(dest, src, sel) \ - "vpermq $"#sel", %%"#src", %%"#dest"\n\t" +#define _VPERMQ(dest, src, sel) \ + "vpermq $" #sel ", %%" #src ", %%" #dest "\n\t" #define VPERMQ(dest, src, sel) \ _VPERMQ(dest, src, sel) -#define _VPBLENDD(dest, src1, src2, sel) \ - "vpblendd $"#sel", %%"#src2", %%"#src1", %%"#dest"\n\t" +#define _VPBLENDD(dest, src1, src2, sel) \ + "vpblendd $" #sel ", %%" #src2 ", %%" #src1 ", %%" #dest "\n\t" #define VPBLENDD(dest, src1, src2, sel) \ _VPBLENDD(dest, src1, src2, sel) -#define _V_ADD_I(dest, src1, addr, i) \ - "vpaddq "#i"*8(%%"#addr"), %%"#src1", %%"#dest"\n\t" +#define _V_ADD_I(dest, src1, addr, i) \ + "vpaddq "#i"*8(%%" #addr "), %%" #src1 ", %%" #dest "\n\t" #define V_ADD_I(dest, src1, addr, i) \ _V_ADD_I(dest, src1, addr, i) -#define _VMOVDQU_I(addr, i, src) \ - "vmovdqu %%"#src", "#i"*8(%%"#addr")\n\t" +#define _VMOVDQU_I(addr, i, src) \ + "vmovdqu %%" #src ", " #i "*8(%%" #addr ")\n\t" #define VMOVDQU_I(addr, i, src) \ _VMOVDQU_I(addr, i, src) @@ -2052,12 +2073,12 @@ static const unsigned long mBYTE_FLIP_MASK_Y[] = _INIT_MASK_Y(mask) /* Load into YMM registers and swap endian. */ -#define _LOAD_BLOCK_W_Y_2(mask, ymm0, ymm1, reg, i) \ - /* buffer[0..15] => ymm0..ymm3; */ \ - "vmovdqu "#i"+ 0(%%"#reg"), %%"#ymm0"\n\t" \ - "vmovdqu "#i"+32(%%"#reg"), %%"#ymm1"\n\t" \ - "vpshufb %%"#mask", %%"#ymm0", %%"#ymm0"\n\t" \ - "vpshufb %%"#mask", %%"#ymm1", %%"#ymm1"\n\t" +#define _LOAD_BLOCK_W_Y_2(mask, ymm0, ymm1, reg, i) \ + /* buffer[0..15] => ymm0..ymm3; */ \ + "vmovdqu " #i "+ 0(%%" #reg "), %%" #ymm0 "\n\t" \ + "vmovdqu " #i "+32(%%" #reg "), %%" #ymm1 "\n\t" \ + "vpshufb %%" #mask ", %%" #ymm0 ", %%" #ymm0 "\n\t" \ + "vpshufb %%" #mask ", %%" #ymm1 ", %%" #ymm1 "\n\t" #define LOAD_BLOCK_W_Y_2(mask, ymm1, ymm2, reg, i) \ _LOAD_BLOCK_W_Y_2(mask, ymm1, ymm2, reg, i) @@ -2066,11 +2087,11 @@ static const unsigned long mBYTE_FLIP_MASK_Y[] = LOAD_BLOCK_W_Y_2(mask, W_Y_0, W_Y_4 , reg, 0) \ LOAD_BLOCK_W_Y_2(mask, W_Y_8, W_Y_12, reg, 64) -#define _SET_W_Y_2(ymm0, ymm1, ymm2, ymm3, reg, i) \ - "vpaddq "#i"+ 0(%%"#reg"), %%"#ymm0", %%"#ymm2"\n\t" \ - "vpaddq "#i"+32(%%"#reg"), %%"#ymm1", %%"#ymm3"\n\t" \ - "vmovdqu %%"#ymm2", "#i"+ 0("WX")\n\t" \ - "vmovdqu %%"#ymm3", "#i"+32("WX")\n\t" +#define _SET_W_Y_2(ymm0, ymm1, ymm2, ymm3, reg, i) \ + "vpaddq " #i "+ 0(%%" #reg "), %%" #ymm0 ", %%" #ymm2 "\n\t" \ + "vpaddq " #i "+32(%%" #reg "), %%" #ymm1 ", %%" #ymm3 "\n\t" \ + "vmovdqu %%" #ymm2 ", " #i "+ 0(" WX ")\n\t" \ + "vmovdqu %%" #ymm3 ", " #i "+32(" WX ")\n\t" #define SET_W_Y_2(ymm0, ymm1, ymm2, ymm3, reg, i) \ _SET_W_Y_2(ymm0, ymm1, ymm2, ymm3, reg, i) @@ -2081,14 +2102,14 @@ static const unsigned long mBYTE_FLIP_MASK_Y[] = /* Load into YMM registers and swap endian. */ #define _LOAD_BLOCK2_W_Y_2(mask, Y0, Y1, X0, X1, X8, X9, reg, i) \ - "vmovdqu "#i"+ 0(%%"#reg"), %%"#X0"\n\t" \ - "vmovdqu "#i"+ 16(%%"#reg"), %%"#X1"\n\t" \ - "vmovdqu "#i"+128(%%"#reg"), %%"#X8"\n\t" \ - "vmovdqu "#i"+144(%%"#reg"), %%"#X9"\n\t" \ - "vinserti128 $1, %%"#X8", %%"#Y0", %%"#Y0"\n\t" \ - "vinserti128 $1, %%"#X9", %%"#Y1", %%"#Y1"\n\t" \ - "vpshufb %%"#mask", %%"#Y0", %%"#Y0"\n\t" \ - "vpshufb %%"#mask", %%"#Y1", %%"#Y1"\n\t" + "vmovdqu " #i "+ 0(%%" #reg "), %%" #X0 "\n\t" \ + "vmovdqu " #i "+ 16(%%" #reg "), %%" #X1 "\n\t" \ + "vmovdqu " #i "+128(%%" #reg "), %%" #X8 "\n\t" \ + "vmovdqu " #i "+144(%%" #reg "), %%" #X9 "\n\t" \ + "vinserti128 $1, %%" #X8 ", %%" #Y0 ", %%" #Y0 "\n\t" \ + "vinserti128 $1, %%" #X9 ", %%" #Y1 ", %%" #Y1 "\n\t" \ + "vpshufb %%" #mask ", %%" #Y0 ", %%" #Y0 "\n\t" \ + "vpshufb %%" #mask ", %%" #Y1 ", %%" #Y1 "\n\t" #define LOAD_BLOCK2_W_Y_2(mask, Y0, Y1, X0, X1, X8, X9, reg, i) \ _LOAD_BLOCK2_W_Y_2(mask, Y0, Y1, X0, X1, X8, X9, reg, i) @@ -2202,14 +2223,14 @@ static int Transform_Sha512_AVX2(wc_Sha512* sha512) LOAD_BLOCK_W_Y(MASK_Y, rax) - "movl $4, 16*8("WX")\n\t" + "movl $4, 16*8(" WX ")\n\t" "leaq %[K512], %%rsi\n\t" /* b */ - "movq %%r9, "L4"\n\t" + "movq %%r9, " L4 "\n\t" /* e */ - "movq %%r12, "L1"\n\t" + "movq %%r12, " L1 "\n\t" /* b ^ c */ - "xorq %%r10, "L4"\n\t" + "xorq %%r10, " L4 "\n\t" SET_BLOCK_W_Y(rsi) @@ -2225,7 +2246,7 @@ static int Transform_Sha512_AVX2(wc_Sha512* sha512) SET_BLOCK_W_Y(rsi) - "subl $1, 16*8("WX")\n\t" + "subl $1, 16*8(" WX ")\n\t" "jne 1b\n\t" RND_ALL_2(RA,RB,RC,RD,RE,RF,RG,RH, 0) @@ -2277,14 +2298,14 @@ static int Transform_Sha512_AVX2_Len(wc_Sha512* sha512, word32 len) "leaq %[K512], %%rsi\n\t" /* L4 = b */ - "movq %%r9, "L4"\n\t" + "movq %%r9, " L4 "\n\t" /* e */ - "movq %%r12, "L1"\n\t" + "movq %%r12, " L1 "\n\t" LOAD_BLOCK2_W_Y(MASK_Y, rcx) /* L4 = b ^ c */ - "xorq %%r10, "L4"\n\t" + "xorq %%r10, " L4 "\n\t" "\n" "1:\n\t" SET_BLOCK2_W_Y(rsi) @@ -2317,11 +2338,11 @@ static int Transform_Sha512_AVX2_Len(wc_Sha512* sha512, word32 len) STORE_DIGEST() /* L4 = b */ - "movq %%r9, "L4"\n\t" + "movq %%r9, " L4 "\n\t" /* e */ - "movq %%r12, "L1"\n\t" + "movq %%r12, " L1 "\n\t" /* L4 = b ^ c */ - "xorq %%r10, "L4"\n\t" + "xorq %%r10, " L4 "\n\t" "movq $5, %%rsi\n\t" "\n" @@ -2370,21 +2391,21 @@ static int Transform_Sha512_AVX2_RORX(wc_Sha512* sha512) /* 16 Ws plus loop counter. */ "subq $136, %%rsp\n\t" - "leaq 64(%[sha512]), "L2"\n\t" + "leaq 64(%[sha512]), " L2 "\n\t" INIT_MASK(MASK_Y) LOAD_DIGEST() LOAD_BLOCK_W_Y(MASK_Y, rcx) - "movl $4, 16*8("WX")\n\t" + "movl $4, 16*8(" WX ")\n\t" "leaq %[K512], %%rsi\n\t" /* b */ - "movq %%r9, "L4"\n\t" + "movq %%r9, " L4 "\n\t" /* L3 = 0 (add to prev h) */ - "xorq "L3", "L3"\n\t" + "xorq " L3 ", " L3 "\n\t" /* b ^ c */ - "xorq %%r10, "L4"\n\t" + "xorq %%r10, " L4 "\n\t" SET_BLOCK_W_Y(rsi) @@ -2406,7 +2427,7 @@ static int Transform_Sha512_AVX2_RORX(wc_Sha512* sha512) RND_RORX_ALL_4(RA,RB,RC,RD,RE,RF,RG,RH, 8) RND_RORX_ALL_4(RE,RF,RG,RH,RA,RB,RC,RD,12) /* Prev RND: h += Maj(a,b,c) */ - "addq "L3", %%r8\n\t" + "addq " L3 ", %%r8\n\t" "addq $136, %%rsp\n\t" STORE_ADD_DIGEST() @@ -2446,14 +2467,14 @@ static int Transform_Sha512_AVX2_RORX_Len(wc_Sha512* sha512, word32 len) "leaq %[K512], %%rsi\n\t" /* L4 = b */ - "movq %%r9, "L4"\n\t" + "movq %%r9, " L4 "\n\t" /* L3 = 0 (add to prev h) */ - "xorq "L3", "L3"\n\t" + "xorq " L3 ", " L3 "\n\t" LOAD_BLOCK2_W_Y(MASK_Y, rax) /* L4 = b ^ c */ - "xorq %%r10, "L4"\n\t" + "xorq %%r10, " L4 "\n\t" "\n" "1:\n\t" SET_BLOCK2_W_Y(rsi) @@ -2480,18 +2501,18 @@ static int Transform_Sha512_AVX2_RORX_Len(wc_Sha512* sha512, word32 len) RND_RORX_ALL_2(RG,RH,RA,RB,RC,RD,RE,RF,20) RND_RORX_ALL_2(RE,RF,RG,RH,RA,RB,RC,RD,24) RND_RORX_ALL_2(RC,RD,RE,RF,RG,RH,RA,RB,28) - "addq "L3", %%r8\n\t" + "addq " L3 ", %%r8\n\t" "subq $1024, %%rsp\n\t" ADD_DIGEST() STORE_DIGEST() /* L4 = b */ - "movq %%r9, "L4"\n\t" + "movq %%r9, " L4 "\n\t" /* L3 = 0 (add to prev h) */ - "xorq "L3", "L3"\n\t" + "xorq " L3 ", " L3 "\n\t" /* L4 = b ^ c */ - "xorq %%r10, "L4"\n\t" + "xorq %%r10, " L4 "\n\t" "movq $5, %%rsi\n\t" "\n" @@ -2509,7 +2530,7 @@ static int Transform_Sha512_AVX2_RORX_Len(wc_Sha512* sha512, word32 len) "subq $1, %%rsi\n\t" "jnz 3b\n\t" - "addq "L3", %%r8\n\t" + "addq " L3 ", %%r8\n\t" ADD_DIGEST() @@ -2588,6 +2609,27 @@ int wc_Sha384Update(wc_Sha384* sha384, const byte* data, word32 len) } +int wc_Sha384FinalRaw(wc_Sha384* sha384, byte* hash) +{ +#ifdef LITTLE_ENDIAN_ORDER + word64 digest[WC_SHA384_DIGEST_SIZE / sizeof(word64)]; +#endif + + if (sha384 == NULL || hash == NULL) { + return BAD_FUNC_ARG; + } + +#ifdef LITTLE_ENDIAN_ORDER + ByteReverseWords64((word64*)digest, (word64*)sha384->digest, + WC_SHA384_DIGEST_SIZE); + XMEMCPY(hash, digest, WC_SHA384_DIGEST_SIZE); +#else + XMEMCPY(hash, sha384->digest, WC_SHA384_DIGEST_SIZE); +#endif + + return 0; +} + int wc_Sha384Final(wc_Sha384* sha384, byte* hash) { int ret; diff --git a/wolfcrypt/src/sp_c32.c b/wolfcrypt/src/sp_c32.c index 99d71a56b..2a195ff91 100644 --- a/wolfcrypt/src/sp_c32.c +++ b/wolfcrypt/src/sp_c32.c @@ -3107,7 +3107,7 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, mp_int* em, mp_int* mm, byte* out, word32* outLen) { #ifdef WOLFSSL_SP_SMALL - sp_digit* d; + sp_digit* d = NULL; sp_digit* a; sp_digit* m; sp_digit* r; @@ -6476,7 +6476,7 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, mp_int* em, mp_int* mm, byte* out, word32* outLen) { #ifdef WOLFSSL_SP_SMALL - sp_digit* d; + sp_digit* d = NULL; sp_digit* a; sp_digit* m; sp_digit* r; diff --git a/wolfcrypt/src/sp_c64.c b/wolfcrypt/src/sp_c64.c index b85dd62aa..079c12163 100644 --- a/wolfcrypt/src/sp_c64.c +++ b/wolfcrypt/src/sp_c64.c @@ -2530,7 +2530,7 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, mp_int* em, mp_int* mm, byte* out, word32* outLen) { #ifdef WOLFSSL_SP_SMALL - sp_digit* d; + sp_digit* d = NULL; sp_digit* a; sp_digit* m; sp_digit* r; @@ -5912,7 +5912,7 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, mp_int* em, mp_int* mm, byte* out, word32* outLen) { #ifdef WOLFSSL_SP_SMALL - sp_digit* d; + sp_digit* d = NULL; sp_digit* a; sp_digit* m; sp_digit* r; diff --git a/wolfcrypt/src/sp_x86_64.c b/wolfcrypt/src/sp_x86_64.c index 5f270dffd..692faba19 100644 --- a/wolfcrypt/src/sp_x86_64.c +++ b/wolfcrypt/src/sp_x86_64.c @@ -7084,11 +7084,9 @@ static int sp_2048_mod_exp_16(sp_digit* r, sp_digit* a, sp_digit* e, sp_2048_mont_mul_16(r, r, t[y], m, mp); } - y = e[0] & 0xf; - sp_2048_mont_sqr_16(r, r, m, mp); - sp_2048_mont_sqr_16(r, r, m, mp); - sp_2048_mont_sqr_16(r, r, m, mp); - sp_2048_mont_sqr_16(r, r, m, mp); + y = e[0] & ((1 << c) - 1); + for (; c > 0; c--) + sp_2048_mont_sqr_16(r, r, m, mp); sp_2048_mont_mul_16(r, r, t[y], m, mp); XMEMSET(&r[16], 0, sizeof(sp_digit) * 16); @@ -7401,11 +7399,9 @@ static int sp_2048_mod_exp_avx2_16(sp_digit* r, sp_digit* a, sp_digit* e, sp_2048_mont_mul_avx2_16(r, r, t[y], m, mp); } - y = e[0] & 0xf; - sp_2048_mont_sqr_avx2_16(r, r, m, mp); - sp_2048_mont_sqr_avx2_16(r, r, m, mp); - sp_2048_mont_sqr_avx2_16(r, r, m, mp); - sp_2048_mont_sqr_avx2_16(r, r, m, mp); + y = e[0] & ((1 << c) - 1); + for (; c > 0; c--) + sp_2048_mont_sqr_avx2_16(r, r, m, mp); sp_2048_mont_mul_avx2_16(r, r, t[y], m, mp); XMEMSET(&r[16], 0, sizeof(sp_digit) * 16); @@ -9126,10 +9122,9 @@ static int sp_2048_mod_exp_32(sp_digit* r, sp_digit* a, sp_digit* e, sp_2048_mont_mul_32(r, r, t[y], m, mp); } - y = e[0] & 0x7; - sp_2048_mont_sqr_32(r, r, m, mp); - sp_2048_mont_sqr_32(r, r, m, mp); - sp_2048_mont_sqr_32(r, r, m, mp); + y = e[0] & ((1 << c) - 1); + for (; c > 0; c--) + sp_2048_mont_sqr_32(r, r, m, mp); sp_2048_mont_mul_32(r, r, t[y], m, mp); XMEMSET(&r[32], 0, sizeof(sp_digit) * 32); @@ -9540,10 +9535,9 @@ static int sp_2048_mod_exp_avx2_32(sp_digit* r, sp_digit* a, sp_digit* e, sp_2048_mont_mul_avx2_32(r, r, t[y], m, mp); } - y = e[0] & 0x7; - sp_2048_mont_sqr_avx2_32(r, r, m, mp); - sp_2048_mont_sqr_avx2_32(r, r, m, mp); - sp_2048_mont_sqr_avx2_32(r, r, m, mp); + y = e[0] & ((1 << c) - 1); + for (; c > 0; c--) + sp_2048_mont_sqr_avx2_32(r, r, m, mp); sp_2048_mont_mul_avx2_32(r, r, t[y], m, mp); XMEMSET(&r[32], 0, sizeof(sp_digit) * 32); @@ -23649,8 +23643,9 @@ static int sp_3072_mod_exp_24(sp_digit* r, sp_digit* a, sp_digit* e, sp_3072_mont_mul_24(r, r, t[y], m, mp); } - y = e[0] & 0x1; - sp_3072_mont_sqr_24(r, r, m, mp); + y = e[0] & ((1 << c) - 1); + for (; c > 0; c--) + sp_3072_mont_sqr_24(r, r, m, mp); sp_3072_mont_mul_24(r, r, t[y], m, mp); XMEMSET(&r[24], 0, sizeof(sp_digit) * 24); @@ -24011,8 +24006,9 @@ static int sp_3072_mod_exp_avx2_24(sp_digit* r, sp_digit* a, sp_digit* e, sp_3072_mont_mul_avx2_24(r, r, t[y], m, mp); } - y = e[0] & 0x1; - sp_3072_mont_sqr_avx2_24(r, r, m, mp); + y = e[0] & ((1 << c) - 1); + for (; c > 0; c--) + sp_3072_mont_sqr_avx2_24(r, r, m, mp); sp_3072_mont_mul_avx2_24(r, r, t[y], m, mp); XMEMSET(&r[24], 0, sizeof(sp_digit) * 24); @@ -26357,9 +26353,9 @@ static int sp_3072_mod_exp_48(sp_digit* r, sp_digit* a, sp_digit* e, sp_3072_mont_mul_48(r, r, t[y], m, mp); } - y = e[0] & 0x3; - sp_3072_mont_sqr_48(r, r, m, mp); - sp_3072_mont_sqr_48(r, r, m, mp); + y = e[0] & ((1 << c) - 1); + for (; c > 0; c--) + sp_3072_mont_sqr_48(r, r, m, mp); sp_3072_mont_mul_48(r, r, t[y], m, mp); XMEMSET(&r[48], 0, sizeof(sp_digit) * 48); @@ -26866,9 +26862,9 @@ static int sp_3072_mod_exp_avx2_48(sp_digit* r, sp_digit* a, sp_digit* e, sp_3072_mont_mul_avx2_48(r, r, t[y], m, mp); } - y = e[0] & 0x3; - sp_3072_mont_sqr_avx2_48(r, r, m, mp); - sp_3072_mont_sqr_avx2_48(r, r, m, mp); + y = e[0] & ((1 << c) - 1); + for (; c > 0; c--) + sp_3072_mont_sqr_avx2_48(r, r, m, mp); sp_3072_mont_mul_avx2_48(r, r, t[y], m, mp); XMEMSET(&r[48], 0, sizeof(sp_digit) * 48); diff --git a/wolfcrypt/src/tfm.c b/wolfcrypt/src/tfm.c index 8690ecf06..664a74b54 100644 --- a/wolfcrypt/src/tfm.c +++ b/wolfcrypt/src/tfm.c @@ -485,7 +485,7 @@ void fp_mul_comba(fp_int *A, fp_int *B, fp_int *C) for (ix = 0; ix < pa; ix++) { /* get offsets into the two bignums */ - ty = MIN(ix, B->used-1); + ty = MIN(ix, (B->used > 0 ? B->used - 1 : 0)); tx = ix - ty; /* setup temp aliases */ diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c index b0d2c1998..9b2868be0 100644 --- a/wolfcrypt/src/wc_port.c +++ b/wolfcrypt/src/wc_port.c @@ -64,6 +64,10 @@ #include #endif +#ifdef WOLF_CRYPTO_DEV + #include +#endif + #ifdef _MSC_VER /* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */ #pragma warning(disable: 4996) @@ -82,6 +86,10 @@ int wolfCrypt_Init(void) if (initRefCount == 0) { WOLFSSL_ENTER("wolfCrypt_Init"); + #ifdef WOLF_CRYPTO_DEV + wc_CryptoDev_Init(); + #endif + #ifdef WOLFSSL_ASYNC_CRYPT ret = wolfAsync_HardwareStart(); if (ret != 0) { diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index bd1b90ffd..b534468dc 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -119,6 +119,13 @@ #ifdef WOLFSSL_IMX6_CAAM_BLOB #include #endif +#ifdef WOLF_CRYPTO_DEV + #include +#endif + +#define WOLFSSL_MISC_INCLUDED +#include + /* only for stack size check */ #ifdef HAVE_STACK_SIZE @@ -335,7 +342,11 @@ int memcb_test(void); #ifdef WOLFSSL_IMX6_CAAM_BLOB int blob_test(void); #endif +int misc_test(void); +#ifdef WOLF_CRYPTO_DEV +int cryptodev_test(void); +#endif /* General big buffer size for many tests. */ #define FOURK_BUF 4096 @@ -950,6 +961,18 @@ initDefaultName(); printf( "blob test passed!\n"); #endif + if ( (ret = misc_test()) != 0) + return err_sys("misc test failed!\n", ret); + else + printf( "misc test passed!\n"); + +#ifdef WOLF_CRYPTO_DEV + if ( (ret = cryptodev_test()) != 0) + return err_sys("crypto dev test failed!\n", ret); + else + printf( "crypto dev test passed!\n"); +#endif + #ifdef WOLFSSL_ASYNC_CRYPT wolfAsync_DevClose(&devId); #endif @@ -976,7 +999,7 @@ initDefaultName(); #ifdef HAVE_WNR if (wc_InitNetRandom(wnrConfigFile, NULL, 5000) != 0) { err_sys("Whitewood netRandom global config failed", -1002); - return -1002; + return -1001; } #endif @@ -1247,23 +1270,23 @@ int base16_test(void) encodedLen = sizeof(encoded); ret = Base16_Encode(testData, sizeof(testData), encoded, &encodedLen); if (ret != 0) - return -1234; + return -1300; len = (word32)XSTRLEN((char*)encoded); if (len != encodedLen - 1) - return -1235; + return -1301; len = sizeof(plain); ret = Base16_Decode(encoded, encodedLen - 1, plain, &len); if (ret != 0) - return -1236; + return -1302; if (len != sizeof(testData) || XMEMCMP(testData, plain, len) != 0) - return -1237; + return -1303; if (encodedLen != sizeof(encodedTestData) || XMEMCMP(encoded, encodedTestData, encodedLen) != 0) { - return -1238; + return -1304; } return 0; @@ -1293,27 +1316,27 @@ int asn_test(void) ret = wc_GetDateInfo(dateBuf, (int)sizeof(dateBuf), &datePart, &format, &length); if (ret != 0) - return -1300; + return -1400; #ifndef NO_ASN_TIME /* Parameter Validation tests. */ if (wc_GetTime(NULL, sizeof(now)) != BAD_FUNC_ARG) - return -1301; + return -1401; if (wc_GetTime(&now, 0) != BUFFER_E) - return -1302; + return -1402; now = 0; if (wc_GetTime(&now, sizeof(now)) != 0) { - return -1303; + return -1403; } if (now == 0) { printf("RTC/Time not set!\n"); - return -1304; + return -1404; } ret = wc_GetDateAsCalendarTime(datePart, length, format, &time); if (ret != 0) - return -1305; + return -1405; #endif /* !NO_ASN_TIME */ return 0; @@ -1389,7 +1412,7 @@ int md2_test(void) wc_Md2Final(&md2, hash); if (XMEMCMP(hash, test_md2[i].output, MD2_DIGEST_SIZE) != 0) - return -1400 - i; + return -1500 - i; } return 0; @@ -1400,7 +1423,7 @@ int md2_test(void) int md5_test(void) { int ret = 0; - wc_Md5 md5; + wc_Md5 md5, md5Copy; byte hash[WC_MD5_DIGEST_SIZE]; byte hashcopy[WC_MD5_DIGEST_SIZE]; testVector a, b, c, d, e, f; @@ -1454,27 +1477,36 @@ int md5_test(void) ret = wc_InitMd5_ex(&md5, HEAP_HINT, devId); if (ret != 0) - return -1500; + return -1600; + ret = wc_InitMd5_ex(&md5Copy, HEAP_HINT, devId); + if (ret != 0) { + wc_Md5Free(&md5); + return -1601; + } for (i = 0; i < times; ++i) { ret = wc_Md5Update(&md5, (byte*)test_md5[i].input, (word32)test_md5[i].inLen); if (ret != 0) - ERROR_OUT(-1510 - i, exit); + ERROR_OUT(-1602 - i, exit); ret = wc_Md5GetHash(&md5, hashcopy); if (ret != 0) - ERROR_OUT(-1520 - i, exit); + ERROR_OUT(-1603 - i, exit); + + ret = wc_Md5Copy(&md5, &md5Copy); + if (ret != 0) + ERROR_OUT(-1604 - i, exit); ret = wc_Md5Final(&md5, hash); if (ret != 0) - ERROR_OUT(-1530 - i, exit); + ERROR_OUT(-1605 - i, exit); if (XMEMCMP(hash, test_md5[i].output, WC_MD5_DIGEST_SIZE) != 0) - ERROR_OUT(-1540 - i, exit); + ERROR_OUT(-1606 - i, exit); if (XMEMCMP(hash, hashcopy, WC_MD5_DIGEST_SIZE) != 0) - ERROR_OUT(-1550 - i, exit); + ERROR_OUT(-1607 - i, exit); } /* BEGIN LARGE HASH TEST */ { @@ -1493,18 +1525,19 @@ int md5_test(void) ret = wc_Md5Update(&md5, (byte*)large_input, (word32)sizeof(large_input)); if (ret != 0) - ERROR_OUT(-1560, exit); + ERROR_OUT(-1608, exit); } ret = wc_Md5Final(&md5, hash); if (ret != 0) - ERROR_OUT(-1561, exit); + ERROR_OUT(-1609, exit); if (XMEMCMP(hash, large_digest, WC_MD5_DIGEST_SIZE) != 0) - ERROR_OUT(-1562, exit); + ERROR_OUT(-1610, exit); } /* END LARGE HASH TEST */ exit: wc_Md5Free(&md5); + wc_Md5Free(&md5Copy); return ret; } @@ -1581,7 +1614,7 @@ int md4_test(void) wc_Md4Final(&md4, hash); if (XMEMCMP(hash, test_md4[i].output, MD4_DIGEST_SIZE) != 0) - return -1600 - i; + return -1700 - i; } return 0; @@ -1594,7 +1627,7 @@ int md4_test(void) int sha_test(void) { int ret = 0; - wc_Sha sha; + wc_Sha sha, shaCopy; byte hash[WC_SHA_DIGEST_SIZE]; byte hashcopy[WC_SHA_DIGEST_SIZE]; testVector a, b, c, d, e; @@ -1642,24 +1675,32 @@ int sha_test(void) ret = wc_InitSha_ex(&sha, HEAP_HINT, devId); if (ret != 0) - return -1700; + return -1800; + ret = wc_InitSha_ex(&shaCopy, HEAP_HINT, devId); + if (ret != 0) { + wc_ShaFree(&sha); + return -1801; + } for (i = 0; i < times; ++i) { ret = wc_ShaUpdate(&sha, (byte*)test_sha[i].input, (word32)test_sha[i].inLen); if (ret != 0) - ERROR_OUT(-1710 - i, exit); + ERROR_OUT(-1802 - i, exit); ret = wc_ShaGetHash(&sha, hashcopy); if (ret != 0) - ERROR_OUT(-1720 - i, exit); + ERROR_OUT(-1803 - i, exit); + ret = wc_ShaCopy(&sha, &shaCopy); + if (ret != 0) + ERROR_OUT(-1804 - i, exit); ret = wc_ShaFinal(&sha, hash); if (ret != 0) - ERROR_OUT(-1730 - i, exit); + ERROR_OUT(-1805 - i, exit); if (XMEMCMP(hash, test_sha[i].output, WC_SHA_DIGEST_SIZE) != 0) - ERROR_OUT(-1740 - i, exit); + ERROR_OUT(-1806 - i, exit); if (XMEMCMP(hash, hashcopy, WC_SHA_DIGEST_SIZE) != 0) - ERROR_OUT(-1750 - i, exit); + ERROR_OUT(-1807 - i, exit); } /* BEGIN LARGE HASH TEST */ { @@ -1679,18 +1720,19 @@ int sha_test(void) ret = wc_ShaUpdate(&sha, (byte*)large_input, (word32)sizeof(large_input)); if (ret != 0) - ERROR_OUT(-1760, exit); + ERROR_OUT(-1808, exit); } ret = wc_ShaFinal(&sha, hash); if (ret != 0) - ERROR_OUT(-1761, exit); + ERROR_OUT(-1809, exit); if (XMEMCMP(hash, large_digest, WC_SHA_DIGEST_SIZE) != 0) - ERROR_OUT(-1762, exit); + ERROR_OUT(-1810, exit); } /* END LARGE HASH TEST */ exit: wc_ShaFree(&sha); + wc_ShaFree(&shaCopy); return ret; } @@ -1740,23 +1782,23 @@ int ripemd_test(void) ret = wc_InitRipeMd(&ripemd); if (ret != 0) { - return -1800; + return -1900; } for (i = 0; i < times; ++i) { ret = wc_RipeMdUpdate(&ripemd, (byte*)test_ripemd[i].input, (word32)test_ripemd[i].inLen); if (ret != 0) { - return -1810 - i; + return -1901 - i; } ret = wc_RipeMdFinal(&ripemd, hash); if (ret != 0) { - return -1820 - i; + return -1911 - i; } if (XMEMCMP(hash, test_ripemd[i].output, RIPEMD_DIGEST_SIZE) != 0) - return -1830 - i; + return -1921 - i; } return 0; @@ -1818,18 +1860,18 @@ int blake2b_test(void) for (i = 0; i < BLAKE2_TESTS; i++) { ret = wc_InitBlake2b(&b2b, 64); if (ret != 0) - return -1900 - i; + return -2000 - i; ret = wc_Blake2bUpdate(&b2b, input, i); if (ret != 0) - return -1910 - 1; + return -2010 - 1; ret = wc_Blake2bFinal(&b2b, digest, 64); if (ret != 0) - return -1920 - i; + return -2020 - i; if (XMEMCMP(digest, blake2b_vec[i], 64) != 0) { - return -1930 - i; + return -2030 - i; } } @@ -1841,7 +1883,7 @@ int blake2b_test(void) #ifdef WOLFSSL_SHA224 int sha224_test(void) { - wc_Sha224 sha; + wc_Sha224 sha, shaCopy; byte hash[WC_SHA224_DIGEST_SIZE]; byte hashcopy[WC_SHA224_DIGEST_SIZE]; int ret = 0; @@ -1874,28 +1916,37 @@ int sha224_test(void) ret = wc_InitSha224_ex(&sha, HEAP_HINT, devId); if (ret != 0) - return -2000; + return -2100; + ret = wc_InitSha224_ex(&shaCopy, HEAP_HINT, devId); + if (ret != 0) { + wc_Sha224Free(&sha); + return -2101; + } for (i = 0; i < times; ++i) { ret = wc_Sha224Update(&sha, (byte*)test_sha[i].input, (word32)test_sha[i].inLen); if (ret != 0) - ERROR_OUT(-2010 - i, exit); + ERROR_OUT(-2102 - i, exit); ret = wc_Sha224GetHash(&sha, hashcopy); if (ret != 0) - ERROR_OUT(-2020 - i, exit); + ERROR_OUT(-2103 - i, exit); + ret = wc_Sha224Copy(&sha, &shaCopy); + if (ret != 0) + ERROR_OUT(-2104 - i, exit); ret = wc_Sha224Final(&sha, hash); if (ret != 0) - ERROR_OUT(-2030 - i, exit); + ERROR_OUT(-2105 - i, exit); if (XMEMCMP(hash, test_sha[i].output, WC_SHA224_DIGEST_SIZE) != 0) - ERROR_OUT(-2040 - i, exit); + ERROR_OUT(-2106 - i, exit); if (XMEMCMP(hash, hashcopy, WC_SHA224_DIGEST_SIZE) != 0) - ERROR_OUT(-2050 - i, exit); + ERROR_OUT(-2107 - i, exit); } exit: wc_Sha224Free(&sha); + wc_Sha224Free(&shaCopy); return ret; } @@ -1905,7 +1956,7 @@ exit: #ifndef NO_SHA256 int sha256_test(void) { - wc_Sha256 sha; + wc_Sha256 sha, shaCopy; byte hash[WC_SHA256_DIGEST_SIZE]; byte hashcopy[WC_SHA256_DIGEST_SIZE]; int ret = 0; @@ -1941,24 +1992,32 @@ int sha256_test(void) ret = wc_InitSha256_ex(&sha, HEAP_HINT, devId); if (ret != 0) - return -2100; + return -2200; + ret = wc_InitSha256_ex(&shaCopy, HEAP_HINT, devId); + if (ret != 0) { + wc_Sha256Free(&sha); + return -2201; + } for (i = 0; i < times; ++i) { ret = wc_Sha256Update(&sha, (byte*)test_sha[i].input, (word32)test_sha[i].inLen); if (ret != 0) - ERROR_OUT(-2110 - i, exit); + ERROR_OUT(-2202 - i, exit); ret = wc_Sha256GetHash(&sha, hashcopy); if (ret != 0) - ERROR_OUT(-2120 - i, exit); + ERROR_OUT(-2203 - i, exit); + ret = wc_Sha256Copy(&sha, &shaCopy); + if (ret != 0) + ERROR_OUT(-2204 - i, exit); ret = wc_Sha256Final(&sha, hash); if (ret != 0) - ERROR_OUT(-2130 - i, exit); + ERROR_OUT(-2205 - i, exit); if (XMEMCMP(hash, test_sha[i].output, WC_SHA256_DIGEST_SIZE) != 0) - ERROR_OUT(-2140 - i, exit); + ERROR_OUT(-2206 - i, exit); if (XMEMCMP(hash, hashcopy, WC_SHA256_DIGEST_SIZE) != 0) - ERROR_OUT(-2150 - i, exit); + ERROR_OUT(-2207 - i, exit); } /* BEGIN LARGE HASH TEST */ { @@ -1978,18 +2037,19 @@ int sha256_test(void) ret = wc_Sha256Update(&sha, (byte*)large_input, (word32)sizeof(large_input)); if (ret != 0) - ERROR_OUT(-2160, exit); + ERROR_OUT(-2208, exit); } ret = wc_Sha256Final(&sha, hash); if (ret != 0) - ERROR_OUT(-2161, exit); + ERROR_OUT(-2209, exit); if (XMEMCMP(hash, large_digest, WC_SHA256_DIGEST_SIZE) != 0) - ERROR_OUT(-2162, exit); + ERROR_OUT(-2210, exit); } /* END LARGE HASH TEST */ exit: wc_Sha256Free(&sha); + wc_Sha256Free(&shaCopy); return ret; } @@ -1999,7 +2059,7 @@ exit: #ifdef WOLFSSL_SHA512 int sha512_test(void) { - wc_Sha512 sha; + wc_Sha512 sha, shaCopy; byte hash[WC_SHA512_DIGEST_SIZE]; byte hashcopy[WC_SHA512_DIGEST_SIZE]; int ret = 0; @@ -2042,24 +2102,32 @@ int sha512_test(void) ret = wc_InitSha512_ex(&sha, HEAP_HINT, devId); if (ret != 0) - return -2200; + return -2300; + ret = wc_InitSha512_ex(&shaCopy, HEAP_HINT, devId); + if (ret != 0) { + wc_Sha512Free(&sha); + return -2301; + } for (i = 0; i < times; ++i) { ret = wc_Sha512Update(&sha, (byte*)test_sha[i].input, (word32)test_sha[i].inLen); if (ret != 0) - ERROR_OUT(-2210 - i, exit); + ERROR_OUT(-2302 - i, exit); ret = wc_Sha512GetHash(&sha, hashcopy); if (ret != 0) - ERROR_OUT(-2220 - i, exit); + ERROR_OUT(-2303 - i, exit); + ret = wc_Sha512Copy(&sha, &shaCopy); + if (ret != 0) + ERROR_OUT(-2304 - i, exit); ret = wc_Sha512Final(&sha, hash); if (ret != 0) - ERROR_OUT(-2230 - i, exit); + ERROR_OUT(-2305 - i, exit); if (XMEMCMP(hash, test_sha[i].output, WC_SHA512_DIGEST_SIZE) != 0) - ERROR_OUT(-2240 - i, exit); + ERROR_OUT(-2306 - i, exit); if (XMEMCMP(hash, hashcopy, WC_SHA512_DIGEST_SIZE) != 0) - ERROR_OUT(-2250 - i, exit); + ERROR_OUT(-2307 - i, exit); } /* BEGIN LARGE HASH TEST */ { @@ -2078,17 +2146,18 @@ int sha512_test(void) ret = wc_Sha512Update(&sha, (byte*)large_input, (word32)sizeof(large_input)); if (ret != 0) - ERROR_OUT(-2260, exit); + ERROR_OUT(-2308, exit); } ret = wc_Sha512Final(&sha, hash); if (ret != 0) - ERROR_OUT(-2261, exit); + ERROR_OUT(-2309, exit); if (XMEMCMP(hash, large_digest, WC_SHA512_DIGEST_SIZE) != 0) - ERROR_OUT(-2262, exit); + ERROR_OUT(-2310, exit); } /* END LARGE HASH TEST */ exit: wc_Sha512Free(&sha); + wc_Sha512Free(&shaCopy); return ret; } @@ -2098,7 +2167,7 @@ exit: #ifdef WOLFSSL_SHA384 int sha384_test(void) { - wc_Sha384 sha; + wc_Sha384 sha, shaCopy; byte hash[WC_SHA384_DIGEST_SIZE]; byte hashcopy[WC_SHA384_DIGEST_SIZE]; int ret = 0; @@ -2139,24 +2208,32 @@ int sha384_test(void) ret = wc_InitSha384_ex(&sha, HEAP_HINT, devId); if (ret != 0) - return -2300; + return -2400; + ret = wc_InitSha384_ex(&shaCopy, HEAP_HINT, devId); + if (ret != 0) { + wc_Sha384Free(&sha); + return -2401; + } for (i = 0; i < times; ++i) { ret = wc_Sha384Update(&sha, (byte*)test_sha[i].input, (word32)test_sha[i].inLen); if (ret != 0) - ERROR_OUT(-2310 - i, exit); + ERROR_OUT(-2402 - i, exit); ret = wc_Sha384GetHash(&sha, hashcopy); if (ret != 0) - ERROR_OUT(-2320 - i, exit); + ERROR_OUT(-2403 - i, exit); + ret = wc_Sha384Copy(&sha, &shaCopy); + if (ret != 0) + ERROR_OUT(-2404 - i, exit); ret = wc_Sha384Final(&sha, hash); if (ret != 0) - ERROR_OUT(-2330 - i, exit); + ERROR_OUT(-2405 - i, exit); if (XMEMCMP(hash, test_sha[i].output, WC_SHA384_DIGEST_SIZE) != 0) - ERROR_OUT(-2340 - i, exit); + ERROR_OUT(-2406 - i, exit); if (XMEMCMP(hash, hashcopy, WC_SHA384_DIGEST_SIZE) != 0) - ERROR_OUT(-2350 - i, exit); + ERROR_OUT(-2407 - i, exit); } /* BEGIN LARGE HASH TEST */ { @@ -2174,18 +2251,19 @@ int sha384_test(void) ret = wc_Sha384Update(&sha, (byte*)large_input, (word32)sizeof(large_input)); if (ret != 0) - ERROR_OUT(-2360, exit); + ERROR_OUT(-2408, exit); } ret = wc_Sha384Final(&sha, hash); if (ret != 0) - ERROR_OUT(-2361, exit); + ERROR_OUT(-2409, exit); if (XMEMCMP(hash, large_digest, WC_SHA384_DIGEST_SIZE) != 0) - ERROR_OUT(-2362, exit); + ERROR_OUT(-2410, exit); } /* END LARGE HASH TEST */ exit: wc_Sha384Free(&sha); + wc_Sha384Free(&shaCopy); return ret; } @@ -2228,24 +2306,24 @@ static int sha3_224_test(void) ret = wc_InitSha3_224(&sha, HEAP_HINT, devId); if (ret != 0) - return -2000; + return -2500; for (i = 0; i < times; ++i) { ret = wc_Sha3_224_Update(&sha, (byte*)test_sha[i].input, (word32)test_sha[i].inLen); if (ret != 0) - ERROR_OUT(-2010 - i, exit); + ERROR_OUT(-2501 - i, exit); ret = wc_Sha3_224_GetHash(&sha, hashcopy); if (ret != 0) - ERROR_OUT(-2020 - i, exit); + ERROR_OUT(-2502 - i, exit); ret = wc_Sha3_224_Final(&sha, hash); if (ret != 0) - ERROR_OUT(-2030 - i, exit); + ERROR_OUT(-2503 - i, exit); if (XMEMCMP(hash, test_sha[i].output, WC_SHA3_224_DIGEST_SIZE) != 0) - ERROR_OUT(-2040 - i, exit); + ERROR_OUT(-2504 - i, exit); if (XMEMCMP(hash, hashcopy, WC_SHA3_224_DIGEST_SIZE) != 0) - ERROR_OUT(-2050 - i, exit); + ERROR_OUT(-2505 - i, exit); } /* BEGIN LARGE HASH TEST */ { @@ -2262,13 +2340,13 @@ static int sha3_224_test(void) ret = wc_Sha3_224_Update(&sha, (byte*)large_input, (word32)sizeof(large_input)); if (ret != 0) - ERROR_OUT(-2060, exit); + ERROR_OUT(-2506, exit); } ret = wc_Sha3_224_Final(&sha, hash); if (ret != 0) - ERROR_OUT(-2061, exit); + ERROR_OUT(-2507, exit); if (XMEMCMP(hash, large_digest, WC_SHA3_224_DIGEST_SIZE) != 0) - ERROR_OUT(-2062, exit); + ERROR_OUT(-2508, exit); } /* END LARGE HASH TEST */ exit: @@ -2317,24 +2395,24 @@ static int sha3_256_test(void) ret = wc_InitSha3_256(&sha, HEAP_HINT, devId); if (ret != 0) - return -2100; + return -2600; for (i = 0; i < times; ++i) { ret = wc_Sha3_256_Update(&sha, (byte*)test_sha[i].input, (word32)test_sha[i].inLen); if (ret != 0) - ERROR_OUT(-2110 - i, exit); + ERROR_OUT(-2601 - i, exit); ret = wc_Sha3_256_GetHash(&sha, hashcopy); if (ret != 0) - ERROR_OUT(-2120 - i, exit); + ERROR_OUT(-2602 - i, exit); ret = wc_Sha3_256_Final(&sha, hash); if (ret != 0) - ERROR_OUT(-2130 - i, exit); + ERROR_OUT(-2603 - i, exit); if (XMEMCMP(hash, test_sha[i].output, WC_SHA3_256_DIGEST_SIZE) != 0) - ERROR_OUT(-2140 - i, exit); + ERROR_OUT(-2604 - i, exit); if (XMEMCMP(hash, hashcopy, WC_SHA3_256_DIGEST_SIZE) != 0) - ERROR_OUT(-2150 - i, exit); + ERROR_OUT(-2605 - i, exit); } /* BEGIN LARGE HASH TEST */ { @@ -2351,13 +2429,13 @@ static int sha3_256_test(void) ret = wc_Sha3_256_Update(&sha, (byte*)large_input, (word32)sizeof(large_input)); if (ret != 0) - ERROR_OUT(-2160, exit); + ERROR_OUT(-2606, exit); } ret = wc_Sha3_256_Final(&sha, hash); if (ret != 0) - ERROR_OUT(-2161, exit); + ERROR_OUT(-2607, exit); if (XMEMCMP(hash, large_digest, WC_SHA3_256_DIGEST_SIZE) != 0) - ERROR_OUT(-2162, exit); + ERROR_OUT(-2608, exit); } /* END LARGE HASH TEST */ exit: @@ -2409,24 +2487,24 @@ static int sha3_384_test(void) ret = wc_InitSha3_384(&sha, HEAP_HINT, devId); if (ret != 0) - return -2200; + return -2700; for (i = 0; i < times; ++i) { ret = wc_Sha3_384_Update(&sha, (byte*)test_sha[i].input, (word32)test_sha[i].inLen); if (ret != 0) - ERROR_OUT(-2210 - i, exit); + ERROR_OUT(-2701 - i, exit); ret = wc_Sha3_384_GetHash(&sha, hashcopy); if (ret != 0) - ERROR_OUT(-2220 - i, exit); + ERROR_OUT(-2702 - i, exit); ret = wc_Sha3_384_Final(&sha, hash); if (ret != 0) - ERROR_OUT(-2230 - i, exit); + ERROR_OUT(-2703 - i, exit); if (XMEMCMP(hash, test_sha[i].output, WC_SHA3_384_DIGEST_SIZE) != 0) - ERROR_OUT(-2240 - i, exit); + ERROR_OUT(-2704 - i, exit); if (XMEMCMP(hash, hashcopy, WC_SHA3_384_DIGEST_SIZE) != 0) - ERROR_OUT(-2250 - i, exit); + ERROR_OUT(-2705 - i, exit); } /* BEGIN LARGE HASH TEST */ { @@ -2444,13 +2522,13 @@ static int sha3_384_test(void) ret = wc_Sha3_384_Update(&sha, (byte*)large_input, (word32)sizeof(large_input)); if (ret != 0) - ERROR_OUT(-2260, exit); + ERROR_OUT(-2706, exit); } ret = wc_Sha3_384_Final(&sha, hash); if (ret != 0) - ERROR_OUT(-2261, exit); + ERROR_OUT(-2707, exit); if (XMEMCMP(hash, large_digest, WC_SHA3_384_DIGEST_SIZE) != 0) - ERROR_OUT(-2262, exit); + ERROR_OUT(-2708, exit); } /* END LARGE HASH TEST */ exit: @@ -2505,24 +2583,24 @@ static int sha3_512_test(void) ret = wc_InitSha3_512(&sha, HEAP_HINT, devId); if (ret != 0) - return -2300; + return -2800; for (i = 0; i < times; ++i) { ret = wc_Sha3_512_Update(&sha, (byte*)test_sha[i].input, (word32)test_sha[i].inLen); if (ret != 0) - ERROR_OUT(-2310 - i, exit); + ERROR_OUT(-2801 - i, exit); ret = wc_Sha3_512_GetHash(&sha, hashcopy); if (ret != 0) - ERROR_OUT(-2320 - i, exit); + ERROR_OUT(-2802 - i, exit); ret = wc_Sha3_512_Final(&sha, hash); if (ret != 0) - ERROR_OUT(-2330 - i, exit); + ERROR_OUT(-2803 - i, exit); if (XMEMCMP(hash, test_sha[i].output, WC_SHA3_512_DIGEST_SIZE) != 0) - ERROR_OUT(-2340 - i, exit); + ERROR_OUT(-2804 - i, exit); if (XMEMCMP(hash, hashcopy, WC_SHA3_512_DIGEST_SIZE) != 0) - ERROR_OUT(-2350 - i, exit); + ERROR_OUT(-2805 - i, exit); } /* BEGIN LARGE HASH TEST */ { @@ -2541,13 +2619,13 @@ static int sha3_512_test(void) ret = wc_Sha3_512_Update(&sha, (byte*)large_input, (word32)sizeof(large_input)); if (ret != 0) - ERROR_OUT(-2360, exit); + ERROR_OUT(-2806, exit); } ret = wc_Sha3_512_Final(&sha, hash); if (ret != 0) - ERROR_OUT(-2361, exit); + ERROR_OUT(-2807, exit); if (XMEMCMP(hash, large_digest, WC_SHA3_512_DIGEST_SIZE) != 0) - ERROR_OUT(-2362, exit); + ERROR_OUT(-2808, exit); } /* END LARGE HASH TEST */ exit: @@ -2588,8 +2666,13 @@ int hash_test(void) wc_HashAlg hash; int ret, exp_ret; int i, j; + int digestSz; byte data[] = "0123456789abcdef0123456789abcdef012345"; byte out[WC_MAX_DIGEST_SIZE]; + byte hashOut[WC_MAX_DIGEST_SIZE]; +#if !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC) + enum wc_HashType hashType; +#endif enum wc_HashType typesGood[] = { WC_HASH_TYPE_MD5, WC_HASH_TYPE_SHA, WC_HASH_TYPE_SHA224, WC_HASH_TYPE_SHA256, WC_HASH_TYPE_SHA384, WC_HASH_TYPE_SHA512 }; @@ -2616,41 +2699,52 @@ int hash_test(void) }; enum wc_HashType typesBad[] = { WC_HASH_TYPE_NONE, WC_HASH_TYPE_MD5_SHA, WC_HASH_TYPE_MD2, WC_HASH_TYPE_MD4 }; + enum wc_HashType typesSha3[] = { WC_HASH_TYPE_SHA3_224, + WC_HASH_TYPE_SHA3_256, + WC_HASH_TYPE_SHA3_384, + WC_HASH_TYPE_SHA3_512 }; + enum wc_HashType typesHashBad[] = { WC_HASH_TYPE_MD2, WC_HASH_TYPE_MD4, + WC_HASH_TYPE_SHA3_224, + WC_HASH_TYPE_SHA3_256, + WC_HASH_TYPE_SHA3_384, + WC_HASH_TYPE_SHA3_512, + WC_HASH_TYPE_BLAKE2B, + WC_HASH_TYPE_NONE }; /* Parameter Validation testing. */ ret = wc_HashInit(NULL, WC_HASH_TYPE_SHA256); if (ret != BAD_FUNC_ARG) - return -2400; + return -2900; ret = wc_HashUpdate(NULL, WC_HASH_TYPE_SHA256, NULL, sizeof(data)); if (ret != BAD_FUNC_ARG) - return -2401; + return -2901; ret = wc_HashUpdate(&hash, WC_HASH_TYPE_SHA256, NULL, sizeof(data)); if (ret != BAD_FUNC_ARG) - return -2402; + return -2902; ret = wc_HashUpdate(NULL, WC_HASH_TYPE_SHA256, data, sizeof(data)); if (ret != BAD_FUNC_ARG) - return -2403; + return -2903; ret = wc_HashFinal(NULL, WC_HASH_TYPE_SHA256, NULL); if (ret != BAD_FUNC_ARG) - return -2404; + return -2904; ret = wc_HashFinal(&hash, WC_HASH_TYPE_SHA256, NULL); if (ret != BAD_FUNC_ARG) - return -2405; + return -2905; ret = wc_HashFinal(NULL, WC_HASH_TYPE_SHA256, out); if (ret != BAD_FUNC_ARG) - return -2406; + return -2906; /* Try invalid hash algorithms. */ for (i = 0; i < (int)(sizeof(typesBad)/sizeof(*typesBad)); i++) { ret = wc_HashInit(&hash, typesBad[i]); if (ret != BAD_FUNC_ARG) - return -2407 - i; + return -2907 - i; ret = wc_HashUpdate(&hash, typesBad[i], data, sizeof(data)); if (ret != BAD_FUNC_ARG) - return -2417 - i; + return -2917 - i; ret = wc_HashFinal(&hash, typesBad[i], out); if (ret != BAD_FUNC_ARG) - return -2427 - i; + return -2927 - i; } /* Try valid hash algorithms. */ @@ -2663,87 +2757,211 @@ int hash_test(void) } ret = wc_HashInit(&hash, typesGood[i]); if (ret != exp_ret) - return -2437 - i; + return -2937 - i; ret = wc_HashUpdate(&hash, typesGood[i], data, sizeof(data)); if (ret != exp_ret) - return -2447 - i; + return -2947 - i; ret = wc_HashFinal(&hash, typesGood[i], out); if (ret != exp_ret) - return -2457 - i; + return -2957 - i; + + digestSz = wc_HashGetDigestSize(typesGood[i]); + if (exp_ret < 0 && digestSz != exp_ret) + return -2967 - i; + if (exp_ret == 0 && digestSz < 0) + return -2977 - i; + if (exp_ret == 0) { + ret = wc_Hash(typesGood[i], data, sizeof(data), hashOut, + digestSz - 1); + if (ret != BUFFER_E) + return -2987 - i; + } + ret = wc_Hash(typesGood[i], data, sizeof(data), hashOut, digestSz); + if (ret != exp_ret) + return -2997 - i; + if (exp_ret == 0 && XMEMCMP(out, hashOut, digestSz) != 0) + return -3007 -i; + + ret = wc_HashGetBlockSize(typesGood[i]); + if (exp_ret < 0 && ret != exp_ret) + return -3008 - i; + if (exp_ret == 0 && ret < 0) + return -3018 - i; + #if !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC) ret = wc_HashGetOID(typesGood[i]); if (ret == BAD_FUNC_ARG || (exp_ret == 0 && ret == HASH_TYPE_E) || (exp_ret != 0 && ret != HASH_TYPE_E)) { - return -2467 - i; + return -3028 - i; } + + hashType = wc_OidGetHash(ret); + if (exp_ret < 0 && ret != exp_ret) + return -3038 - i; + if (exp_ret == 0 && hashType != typesGood[i]) + return -3048 - i; #endif /* !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC) */ } + for (i = 0; i < (int)(sizeof(typesHashBad)/sizeof(*typesHashBad)); i++) { + ret = wc_Hash(typesHashBad[i], data, sizeof(data), out, sizeof(out)); + if (ret != BAD_FUNC_ARG && ret != BUFFER_E) + return -3058 - i; + } + #if !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC) ret = wc_HashGetOID(WC_HASH_TYPE_MD2); #ifdef WOLFSSL_MD2 if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG) - return -2477; + return -3068; #else if (ret != HASH_TYPE_E) - return -2478; + return -3069; #endif + hashType = wc_OidGetHash(646); /* Md2h */ +#ifdef WOLFSSL_MD2 + if (hashType != WC_HASH_TYPE_MD2) + return -3070; +#else + if (hashType != WC_HASH_TYPE_NONE) + return -3071; +#endif + ret = wc_HashGetOID(WC_HASH_TYPE_MD5_SHA); #ifndef NO_MD5 if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG) - return -2479; + return -3072; #else if (ret != HASH_TYPE_E) - return -2480; + return -3073; #endif ret = wc_HashGetOID(WC_HASH_TYPE_MD4); if (ret != BAD_FUNC_ARG) - return -2481; + return -3074; ret = wc_HashGetOID(WC_HASH_TYPE_NONE); if (ret != BAD_FUNC_ARG) - return -2482; + return -3075; + + hashType = wc_OidGetHash(0); + if (hashType != WC_HASH_TYPE_NONE) + return -3076; #endif /* !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC) */ + ret = wc_HashGetBlockSize(WC_HASH_TYPE_MD2); +#ifdef WOLFSSL_MD2 + if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG) + return -3077; +#else + if (ret != HASH_TYPE_E) + return -3078; +#endif + ret = wc_HashGetDigestSize(WC_HASH_TYPE_MD2); +#ifdef WOLFSSL_MD2 + if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG) + return -3079; +#else + if (ret != HASH_TYPE_E) + return -3080; +#endif + + ret = wc_HashGetBlockSize(WC_HASH_TYPE_MD4); +#ifndef NO_MD4 + if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG) + return -3081; +#else + if (ret != HASH_TYPE_E) + return -3082; +#endif + ret = wc_HashGetDigestSize(WC_HASH_TYPE_MD4); +#ifndef NO_MD4 + if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG) + return -3083; +#else + if (ret != HASH_TYPE_E) + return -3084; +#endif + ret = wc_HashGetBlockSize(WC_HASH_TYPE_MD5_SHA); +#if !defined(NO_MD5) && !defined(NO_SHA) + if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG) + return -3085; +#else + if (ret != HASH_TYPE_E) + return -3086; +#endif + + for (i = 0; i < (int)(sizeof(typesSha3)/sizeof(*typesSha3)); i++) { + ret = wc_HashGetBlockSize(typesSha3[i]); + #ifdef WOLFSSL_SHA3 + if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG) + return -3087; + #else + if (ret != HASH_TYPE_E) + return -3088; + #endif + ret = wc_HashGetDigestSize(typesSha3[i]); + #ifdef WOLFSSL_SHA3 + if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG) + return -3089; + #else + if (ret != HASH_TYPE_E) + return -3090; + #endif + } + + ret = wc_HashGetBlockSize(WC_HASH_TYPE_BLAKE2B); + if (ret != BAD_FUNC_ARG) + return -3091; + ret = wc_HashGetDigestSize(WC_HASH_TYPE_BLAKE2B); + if (ret != BAD_FUNC_ARG) + return -3092; + + ret = wc_HashGetBlockSize(WC_HASH_TYPE_NONE); + if (ret != BAD_FUNC_ARG) + return -3093; + ret = wc_HashGetDigestSize(WC_HASH_TYPE_NONE); + if (ret != BAD_FUNC_ARG) + return -3094; + #ifndef NO_ASN #ifdef WOLFSSL_MD2 ret = wc_GetCTC_HashOID(MD2); if (ret == 0) - return -2483; + return -3095; #endif #ifndef NO_MD5 ret = wc_GetCTC_HashOID(WC_MD5); if (ret == 0) - return -2484; + return -3096; #endif #ifndef NO_SHA ret = wc_GetCTC_HashOID(WC_SHA); if (ret == 0) - return -2485; + return -3097; #endif #ifdef WOLFSSL_SHA224 ret = wc_GetCTC_HashOID(WC_SHA224); if (ret == 0) - return -2486; + return -3098; #endif #ifndef NO_SHA256 ret = wc_GetCTC_HashOID(WC_SHA256); if (ret == 0) - return -2487; + return -3099; #endif #ifdef WOLFSSL_SHA384 ret = wc_GetCTC_HashOID(WC_SHA384); if (ret == 0) - return -2488; + return -3100; #endif #ifdef WOLFSSL_SHA512 ret = wc_GetCTC_HashOID(WC_SHA512); if (ret == 0) - return -2489; + return -3101; #endif ret = wc_GetCTC_HashOID(-1); if (ret != 0) - return -2490; + return -3102; #endif return 0; @@ -2801,30 +3019,30 @@ int hmac_md5_test(void) #endif if (wc_HmacInit(&hmac, HEAP_HINT, devId) != 0) { - return -2500; + return -3200; } ret = wc_HmacSetKey(&hmac, WC_MD5, (byte*)keys[i], (word32)XSTRLEN(keys[i])); if (ret != 0) - return -2501; + return -3201; ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input, (word32)test_hmac[i].inLen); if (ret != 0) - return -2502; + return -3202; ret = wc_HmacFinal(&hmac, hash); if (ret != 0) - return -2503; + return -3203; if (XMEMCMP(hash, test_hmac[i].output, WC_MD5_DIGEST_SIZE) != 0) - return -2504 - i; + return -3204 - i; wc_HmacFree(&hmac); } #ifndef HAVE_FIPS if (wc_HmacSizeByType(WC_MD5) != WC_MD5_DIGEST_SIZE) - return -2514; + return -3214; #endif return 0; @@ -2884,29 +3102,29 @@ int hmac_sha_test(void) #endif if (wc_HmacInit(&hmac, HEAP_HINT, devId) != 0) - return -20010; + return -3300; ret = wc_HmacSetKey(&hmac, WC_SHA, (byte*)keys[i], (word32)XSTRLEN(keys[i])); if (ret != 0) - return -2601; + return -3301; ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input, (word32)test_hmac[i].inLen); if (ret != 0) - return -2602; + return -3302; ret = wc_HmacFinal(&hmac, hash); if (ret != 0) - return -2603; + return -3303; if (XMEMCMP(hash, test_hmac[i].output, WC_SHA_DIGEST_SIZE) != 0) - return -2604 - i; + return -3304 - i; wc_HmacFree(&hmac); } #ifndef HAVE_FIPS if (wc_HmacSizeByType(WC_SHA) != WC_SHA_DIGEST_SIZE) - return -2614; + return -3314; #endif return 0; @@ -2926,11 +3144,16 @@ int hmac_sha224_test(void) "\x0b\x0b\x0b", "Jefe", "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" - "\xAA\xAA\xAA" + "\xAA\xAA\xAA", + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" }; - testVector a, b, c; - testVector test_hmac[3]; + testVector a, b, c, d; + testVector test_hmac[4]; int ret; int times = sizeof(test_hmac) / sizeof(testVector), i; @@ -2956,9 +3179,16 @@ int hmac_sha224_test(void) c.inLen = XSTRLEN(c.input); c.outLen = WC_SHA224_DIGEST_SIZE; + d.input = "Big Key Input"; + d.output = "\xe7\x4e\x2b\x8a\xa9\xf0\x37\x2f\xed\xae\x70\x0c\x49\x47\xf1" + "\x46\x54\xa7\x32\x6b\x55\x01\x87\xd2\xc8\x02\x0e\x3a"; + d.inLen = XSTRLEN(d.input); + d.outLen = WC_SHA224_DIGEST_SIZE; + test_hmac[0] = a; test_hmac[1] = b; test_hmac[2] = c; + test_hmac[3] = d; for (i = 0; i < times; ++i) { #if defined(HAVE_FIPS) || defined(HAVE_CAVIUM) @@ -2967,29 +3197,29 @@ int hmac_sha224_test(void) #endif if (wc_HmacInit(&hmac, HEAP_HINT, devId) != 0) - return -2700; + return -3400; ret = wc_HmacSetKey(&hmac, WC_SHA224, (byte*)keys[i], (word32)XSTRLEN(keys[i])); if (ret != 0) - return -2701; + return -3401; ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input, (word32)test_hmac[i].inLen); if (ret != 0) - return -2702; + return -3402; ret = wc_HmacFinal(&hmac, hash); if (ret != 0) - return -2703; + return -3403; if (XMEMCMP(hash, test_hmac[i].output, WC_SHA224_DIGEST_SIZE) != 0) - return -2704 - i; + return -3404 - i; wc_HmacFree(&hmac); } #ifndef HAVE_FIPS if (wc_HmacSizeByType(WC_SHA224) != WC_SHA224_DIGEST_SIZE) - return -2714; + return -3414; #endif return 0; @@ -3009,11 +3239,13 @@ int hmac_sha256_test(void) "\x0b\x0b\x0b", "Jefe", "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" - "\xAA\xAA\xAA" + "\xAA\xAA\xAA", + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA", }; - testVector a, b, c; - testVector test_hmac[3]; + testVector a, b, c, d; + testVector test_hmac[4]; int ret; int times = sizeof(test_hmac) / sizeof(testVector), i; @@ -3042,9 +3274,17 @@ int hmac_sha256_test(void) c.inLen = XSTRLEN(c.input); c.outLen = WC_SHA256_DIGEST_SIZE; + d.input = 0; + d.output = "\x86\xe5\x4f\xd4\x48\x72\x5d\x7e\x5d\xcf\xe2\x23\x53\xc8\x28" + "\xaf\x48\x78\x1e\xb4\x8c\xae\x81\x06\xa7\xe1\xd4\x98\x94\x9f" + "\x3e\x46"; + d.inLen = 0; + d.outLen = WC_SHA256_DIGEST_SIZE; + test_hmac[0] = a; test_hmac[1] = b; test_hmac[2] = c; + test_hmac[3] = d; for (i = 0; i < times; ++i) { #if defined(HAVE_FIPS) || defined(HAVE_CAVIUM) @@ -3053,34 +3293,36 @@ int hmac_sha256_test(void) #endif if (wc_HmacInit(&hmac, HEAP_HINT, devId) != 0) - return -2800; + return -3500 - i; ret = wc_HmacSetKey(&hmac, WC_SHA256, (byte*)keys[i], (word32)XSTRLEN(keys[i])); if (ret != 0) - return -2801; - ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input, - (word32)test_hmac[i].inLen); - if (ret != 0) - return -2802; + return -3510 - i; + if (test_hmac[i].input != NULL) { + ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input, + (word32)test_hmac[i].inLen); + if (ret != 0) + return -3520 - i; + } ret = wc_HmacFinal(&hmac, hash); if (ret != 0) - return -2803; + return -3530 - i; if (XMEMCMP(hash, test_hmac[i].output, WC_SHA256_DIGEST_SIZE) != 0) - return -2804 - i; + return -3540 - i; wc_HmacFree(&hmac); } #ifndef HAVE_FIPS if (wc_HmacSizeByType(WC_SHA256) != WC_SHA256_DIGEST_SIZE) - return -2814; + return -3550; if (wc_HmacSizeByType(20) != BAD_FUNC_ARG) - return -2815; + return -3551; #endif if (wolfSSL_GetHmacMaxSize() != WC_MAX_DIGEST_SIZE) - return -2816; + return -3552; return 0; } @@ -3145,30 +3387,30 @@ int hmac_blake2b_test(void) #if defined(HAVE_CAVIUM) && !defined(HAVE_CAVIUM_V) /* Blake2 only supported on Cavium Nitrox III */ if (wc_HmacInit(&hmac, HEAP_HINT, devId) != 0) - return -2900; + return -3600; #endif ret = wc_HmacSetKey(&hmac, BLAKE2B_ID, (byte*)keys[i], (word32)XSTRLEN(keys[i])); if (ret != 0) - return -2901; + return -3601; ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input, (word32)test_hmac[i].inLen); if (ret != 0) - return -2902; + return -3602; ret = wc_HmacFinal(&hmac, hash); if (ret != 0) - return -2903; + return -3603; if (XMEMCMP(hash, test_hmac[i].output, BLAKE2B_256) != 0) - return -2904 - i; + return -3604 - i; wc_HmacFree(&hmac); } #ifndef HAVE_FIPS if (wc_HmacSizeByType(BLAKE2B_ID) != BLAKE2B_OUTBYTES) - return -2914; + return -3614; #endif return 0; @@ -3188,11 +3430,20 @@ int hmac_sha384_test(void) "\x0b\x0b\x0b", "Jefe", "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" - "\xAA\xAA\xAA" + "\xAA\xAA\xAA", + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" }; - testVector a, b, c; - testVector test_hmac[3]; + testVector a, b, c, d; + testVector test_hmac[4]; int ret; int times = sizeof(test_hmac) / sizeof(testVector), i; @@ -3224,9 +3475,18 @@ int hmac_sha384_test(void) c.inLen = XSTRLEN(c.input); c.outLen = WC_SHA384_DIGEST_SIZE; + d.input = "Big Key Input"; + d.output = "\xd2\x3d\x29\x6e\xf5\x1e\x23\x23\x49\x18\xb3\xbf\x4c\x38\x7b" + "\x31\x21\x17\xbb\x09\x73\x27\xf8\x12\x9d\xe9\xc6\x5d\xf9\x54" + "\xd6\x38\x5a\x68\x53\x14\xee\xe0\xa6\x4f\x36\x7e\xb2\xf3\x1a" + "\x57\x41\x69"; + d.inLen = XSTRLEN(d.input); + d.outLen = WC_SHA384_DIGEST_SIZE; + test_hmac[0] = a; test_hmac[1] = b; test_hmac[2] = c; + test_hmac[3] = d; for (i = 0; i < times; ++i) { #if defined(HAVE_FIPS) @@ -3235,29 +3495,29 @@ int hmac_sha384_test(void) #endif if (wc_HmacInit(&hmac, HEAP_HINT, devId) != 0) - return -3000; + return -3700; ret = wc_HmacSetKey(&hmac, WC_SHA384, (byte*)keys[i], (word32)XSTRLEN(keys[i])); if (ret != 0) - return -3001; + return -3701; ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input, (word32)test_hmac[i].inLen); if (ret != 0) - return -3002; + return -3702; ret = wc_HmacFinal(&hmac, hash); if (ret != 0) - return -3003; + return -3703; if (XMEMCMP(hash, test_hmac[i].output, WC_SHA384_DIGEST_SIZE) != 0) - return -3004 - i; + return -3704 - i; wc_HmacFree(&hmac); } #ifndef HAVE_FIPS if (wc_HmacSizeByType(WC_SHA384) != WC_SHA384_DIGEST_SIZE) - return -3013; + return -3714; #endif return 0; @@ -3277,11 +3537,20 @@ int hmac_sha512_test(void) "\x0b\x0b\x0b", "Jefe", "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" - "\xAA\xAA\xAA" + "\xAA\xAA\xAA", + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" }; - testVector a, b, c; - testVector test_hmac[3]; + testVector a, b, c, d; + testVector test_hmac[4]; int ret; int times = sizeof(test_hmac) / sizeof(testVector), i; @@ -3316,9 +3585,19 @@ int hmac_sha512_test(void) c.inLen = XSTRLEN(c.input); c.outLen = WC_SHA512_DIGEST_SIZE; + d.input = "Big Key Input"; + d.output = "\x3f\xa9\xc9\xe1\xbd\xbb\x04\x55\x1f\xef\xcc\x92\x33\x08\xeb" + "\xcf\xc1\x9a\x5b\x5b\xc0\x7c\x86\x84\xae\x8c\x40\xaf\xb1\x27" + "\x87\x38\x92\x04\xa8\xed\xd7\xd7\x07\xa9\x85\xa0\xc2\xcd\x30" + "\xc0\x56\x14\x49\xbc\x2f\x69\x15\x6a\x97\xd8\x79\x2f\xb3\x3b" + "\x1e\x18\xfe\xfa"; + d.inLen = XSTRLEN(d.input); + d.outLen = WC_SHA512_DIGEST_SIZE; + test_hmac[0] = a; test_hmac[1] = b; test_hmac[2] = c; + test_hmac[3] = d; for (i = 0; i < times; ++i) { #if defined(HAVE_FIPS) @@ -3327,29 +3606,29 @@ int hmac_sha512_test(void) #endif if (wc_HmacInit(&hmac, HEAP_HINT, devId) != 0) - return -3100; + return -3800; ret = wc_HmacSetKey(&hmac, WC_SHA512, (byte*)keys[i], (word32)XSTRLEN(keys[i])); if (ret != 0) - return -3101; + return -3801; ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input, (word32)test_hmac[i].inLen); if (ret != 0) - return -3102; + return -3802; ret = wc_HmacFinal(&hmac, hash); if (ret != 0) - return -3103; + return -3803; if (XMEMCMP(hash, test_hmac[i].output, WC_SHA512_DIGEST_SIZE) != 0) - return -3104 - i; + return -3804 - i; wc_HmacFree(&hmac); } #ifndef HAVE_FIPS if (wc_HmacSizeByType(WC_SHA512) != WC_SHA512_DIGEST_SIZE) - return -3113; + return -3814; #endif return 0; @@ -3363,7 +3642,7 @@ int hmac_sha3_test(void) Hmac hmac; byte hash[WC_SHA3_512_DIGEST_SIZE]; - const char* key[3] = + const char* key[4] = { "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b" "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b", @@ -3371,10 +3650,21 @@ int hmac_sha3_test(void) "Jefe", "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" - "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa", + + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" }; - const char* input[3] = + const char* input[4] = { "Hi There", @@ -3384,7 +3674,9 @@ int hmac_sha3_test(void) "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd" "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd" "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd" - "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd" + "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd", + + "Big Key Input" }; const int hashType[4] = @@ -3398,7 +3690,7 @@ int hmac_sha3_test(void) WC_SHA3_384_DIGEST_SIZE, WC_SHA3_512_DIGEST_SIZE }; - const char* output[12] = + const char* output[16] = { /* key = 0b..., input = Hi There */ /* HMAC-SHA3-224 */ @@ -3449,7 +3741,25 @@ int hmac_sha3_test(void) "\x30\x9e\x99\xf9\xec\x07\x5e\xc6\xc6\xd4\x75\xed\xa1\x18\x06\x87" "\xfc\xf1\x53\x11\x95\x80\x2a\x99\xb5\x67\x74\x49\xa8\x62\x51\x82" "\x85\x1c\xb3\x32\xaf\xb6\xa8\x9c\x41\x13\x25\xfb\xcb\xcd\x42\xaf" - "\xcb\x7b\x6e\x5a\xab\x7e\xa4\x2c\x66\x0f\x97\xfd\x85\x84\xbf\x03" + "\xcb\x7b\x6e\x5a\xab\x7e\xa4\x2c\x66\x0f\x97\xfd\x85\x84\xbf\x03", + + /* key = big key, input = Big Key Input */ + /* HMAC-SHA3-224 */ + "\x29\xe0\x5e\x46\xc4\xa4\x5e\x46\x74\xbf\xd7\x2d\x1a\xd8\x66\xdb" + "\x2d\x0d\x10\x4e\x2b\xfa\xad\x53\x7d\x15\x69\x8b", + /* HMAC-SHA3-256 */ + "\xb5\x5b\x8d\x64\xb6\x9c\x21\xd0\xbf\x20\x5c\xa2\xf7\xb9\xb1\x4e" + "\x88\x21\x61\x2c\x66\xc3\x91\xae\x6c\x95\x16\x85\x83\xe6\xf4\x9b", + /* HMAC-SHA3-384 */ + "\xaa\x91\xb3\xa6\x2f\x56\xa1\xbe\x8c\x3e\x74\x38\xdb\x58\xd9\xd3" + "\x34\xde\xa0\x60\x6d\x8d\x46\xe0\xec\xa9\xf6\x06\x35\x14\xe6\xed" + "\x83\xe6\x7c\x77\x24\x6c\x11\xb5\x90\x82\xb5\x75\xda\x7b\x83\x2d", + /* HMAC-SHA3-512 */ + "\x1c\xc3\xa9\x24\x4a\x4a\x3f\xbd\xc7\x20\x00\x16\x9b\x79\x47\x03" + "\x78\x75\x2c\xb5\xf1\x2e\x62\x7c\xbe\xef\x4e\x8f\x0b\x11\x2b\x32" + "\xa0\xee\xc9\xd0\x4d\x64\x64\x0b\x37\xf4\xdd\x66\xf7\x8b\xb3\xad" + "\x52\x52\x6b\x65\x12\xde\x0d\x7c\xc0\x8b\x60\x01\x6c\x37\xd7\xa8" + }; int i, iMax = sizeof(input) / sizeof(input[0]), @@ -3459,24 +3769,32 @@ int hmac_sha3_test(void) for (i = 0; i < iMax; i++) { for (j = 0; j < jMax; j++) { if (wc_HmacInit(&hmac, HEAP_HINT, devId) != 0) - return -3114; + return -3900; ret = wc_HmacSetKey(&hmac, hashType[j], (byte*)key[i], - (word32)XSTRLEN(key[i])); + (word32)XSTRLEN(key[i])); if (ret != 0) - return -3115; + return -3901; ret = wc_HmacUpdate(&hmac, (byte*)input[i], - (word32)XSTRLEN(input[i])); + (word32)XSTRLEN(input[i])); if (ret != 0) - return -3116; + return -3902; ret = wc_HmacFinal(&hmac, hash); if (ret != 0) - return -3117; - + return -3903; if (XMEMCMP(hash, output[(i*jMax) + j], hashSz[j]) != 0) - return -3118; + return -3904; wc_HmacFree(&hmac); + + if (i > 0) + continue; + + #ifndef HAVE_FIPS + ret = wc_HmacSizeByType(hashType[j]); + if (ret != hashSz[j]) + return -3905; + #endif } } @@ -3537,9 +3855,9 @@ int arc4_test(void) keylen = 4; if (wc_Arc4Init(&enc, HEAP_HINT, devId) != 0) - return -3200; + return -4000; if (wc_Arc4Init(&dec, HEAP_HINT, devId) != 0) - return -3201; + return -4001; wc_Arc4SetKey(&enc, (byte*)keys[i], keylen); wc_Arc4SetKey(&dec, (byte*)keys[i], keylen); @@ -3549,10 +3867,10 @@ int arc4_test(void) wc_Arc4Process(&dec, plain, cipher, (word32)test_arc4[i].outLen); if (XMEMCMP(plain, test_arc4[i].input, test_arc4[i].outLen)) - return -3202 - i; + return -4002 - i; if (XMEMCMP(cipher, test_arc4[i].output, test_arc4[i].outLen)) - return -3212 - i; + return -4012 - i; wc_Arc4Free(&enc); wc_Arc4Free(&dec); @@ -3631,18 +3949,18 @@ int hc128_test(void) XMEMCPY(plain, test_hc128[i].input, test_hc128[i].outLen); if (wc_Hc128_Process(&enc, cipher, plain, (word32)test_hc128[i].outLen) != 0) { - return -3300; + return -4100; } if (wc_Hc128_Process(&dec, plain, cipher, (word32)test_hc128[i].outLen) != 0) { - return -3301; + return -4101; } if (XMEMCMP(plain, test_hc128[i].input, test_hc128[i].outLen)) - return -3302 - i; + return -4102 - i; if (XMEMCMP(cipher, test_hc128[i].output, test_hc128[i].outLen)) - return -3312 - i; + return -4112 - i; } #endif /* HAVE_HC128 */ @@ -3715,10 +4033,10 @@ int rabbit_test(void) wc_RabbitProcess(&dec, plain, cipher, (word32)test_rabbit[i].outLen); if (XMEMCMP(plain, test_rabbit[i].input, test_rabbit[i].outLen)) - return -3400 - i; + return -4200 - i; if (XMEMCMP(cipher, test_rabbit[i].output, test_rabbit[i].outLen)) - return -3410 - i; + return -4210 - i; } return 0; @@ -3824,10 +4142,10 @@ int chacha_test(void) return ret; if (XMEMCMP(test_chacha[i], cipher, 8)) - return -3500 - i; + return -4300 - i; if (XMEMCMP(plain, input, 8)) - return -3510 - i; + return -4310 - i; } /* test of starting at a different counter @@ -3853,7 +4171,7 @@ int chacha_test(void) return ret; if (XMEMCMP(plain + 64, sliver, 64)) - return -3520; + return -4320; return 0; } @@ -4026,33 +4344,33 @@ int poly1305_test(void) for (i = 0; i < 6; i++) { ret = wc_Poly1305SetKey(&enc, keys[i], 32); if (ret != 0) - return -3600 - i; + return -4400 - i; ret = wc_Poly1305Update(&enc, msgs[i], szm[i]); if (ret != 0) - return -3610 - i; + return -4410 - i; ret = wc_Poly1305Final(&enc, tag); if (ret != 0) - return -3620 - i; + return -4420 - i; if (XMEMCMP(tag, tests[i], sizeof(tag))) - return -3630 - i; + return -4430 - i; } /* Check TLS MAC function from 2.8.2 https://tools.ietf.org/html/rfc7539 */ XMEMSET(tag, 0, sizeof(tag)); ret = wc_Poly1305SetKey(&enc, key4, sizeof(key4)); if (ret != 0) - return -3650; + return -4440; ret = wc_Poly1305_MAC(&enc, additional, sizeof(additional), (byte*)msg4, sizeof(msg4), tag, sizeof(tag)); if (ret != 0) - return -3651; + return -4441; if (XMEMCMP(tag, correct4, sizeof(tag))) - return -3652; + return -4442; /* Check fail of TLS MAC function if altering additional data */ XMEMSET(tag, 0, sizeof(tag)); @@ -4060,10 +4378,10 @@ int poly1305_test(void) ret = wc_Poly1305_MAC(&enc, additional, sizeof(additional), (byte*)msg4, sizeof(msg4), tag, sizeof(tag)); if (ret != 0) - return -3653; + return -4443; if (XMEMCMP(tag, correct4, sizeof(tag)) == 0) - return -3654; + return -4444; return 0; @@ -4248,53 +4566,53 @@ int chacha20_poly1305_aead_test(void) err = wc_ChaCha20Poly1305_Encrypt(NULL, iv1, aad1, sizeof(aad1), plaintext1, sizeof(plaintext1), generatedCiphertext, generatedAuthTag); if (err != BAD_FUNC_ARG) - return -3700; + return -4500; err = wc_ChaCha20Poly1305_Encrypt(key1, NULL, aad1, sizeof(aad1), plaintext1, sizeof(plaintext1), generatedCiphertext, generatedAuthTag); if (err != BAD_FUNC_ARG) - return -3701; + return -4501; err = wc_ChaCha20Poly1305_Encrypt(key1, iv1, aad1, sizeof(aad1), NULL, sizeof(plaintext1), generatedCiphertext, generatedAuthTag); if (err != BAD_FUNC_ARG) - return -3702; + return -4502; err = wc_ChaCha20Poly1305_Encrypt(key1, iv1, aad1, sizeof(aad1), plaintext1, sizeof(plaintext1), NULL, generatedAuthTag); if (err != BAD_FUNC_ARG) - return -3703; + return -4503; err = wc_ChaCha20Poly1305_Encrypt(key1, iv1, aad1, sizeof(aad1), plaintext1, sizeof(plaintext1), generatedCiphertext, NULL); if (err != BAD_FUNC_ARG) - return -3704; + return -4504; err = wc_ChaCha20Poly1305_Encrypt(key1, iv1, aad1, sizeof(aad1), plaintext1, 0, generatedCiphertext, generatedAuthTag); if (err != BAD_FUNC_ARG) - return -3705; + return -4505; /* Decrypt */ err = wc_ChaCha20Poly1305_Decrypt(NULL, iv2, aad2, sizeof(aad2), cipher2, sizeof(cipher2), authTag2, generatedPlaintext); if (err != BAD_FUNC_ARG) - return -3706; + return -4506; err = wc_ChaCha20Poly1305_Decrypt(key2, NULL, aad2, sizeof(aad2), cipher2, sizeof(cipher2), authTag2, generatedPlaintext); if (err != BAD_FUNC_ARG) - return -3707; + return -4507; err = wc_ChaCha20Poly1305_Decrypt(key2, iv2, aad2, sizeof(aad2), NULL, sizeof(cipher2), authTag2, generatedPlaintext); if (err != BAD_FUNC_ARG) - return -3708; + return -4508; err = wc_ChaCha20Poly1305_Decrypt(key2, iv2, aad2, sizeof(aad2), cipher2, sizeof(cipher2), NULL, generatedPlaintext); if (err != BAD_FUNC_ARG) - return -3709; + return -4509; err = wc_ChaCha20Poly1305_Decrypt(key2, iv2, aad2, sizeof(aad2), cipher2, sizeof(cipher2), authTag2, NULL); if (err != BAD_FUNC_ARG) - return -3710; + return -4510; err = wc_ChaCha20Poly1305_Decrypt(key2, iv2, aad2, sizeof(aad2), cipher2, 0, authTag2, generatedPlaintext); if (err != BAD_FUNC_ARG) - return -3711; + return -4511; /* Test #1 */ @@ -4309,11 +4627,11 @@ int chacha20_poly1305_aead_test(void) /* -- Check the ciphertext and authtag */ if (XMEMCMP(generatedCiphertext, cipher1, sizeof(cipher1))) { - return -3712; + return -4512; } if (XMEMCMP(generatedAuthTag, authTag1, sizeof(authTag1))) { - return -3713; + return -4513; } /* -- Verify decryption works */ @@ -4327,7 +4645,7 @@ int chacha20_poly1305_aead_test(void) } if (XMEMCMP(generatedPlaintext, plaintext1, sizeof( plaintext1))) { - return -3714; + return -4514; } XMEMSET(generatedCiphertext, 0, sizeof(generatedCiphertext)); @@ -4347,11 +4665,11 @@ int chacha20_poly1305_aead_test(void) /* -- Check the ciphertext and authtag */ if (XMEMCMP(generatedCiphertext, cipher2, sizeof(cipher2))) { - return -3715; + return -4515; } if (XMEMCMP(generatedAuthTag, authTag2, sizeof(authTag2))) { - return -3716; + return -4516; } /* -- Verify decryption works */ @@ -4365,7 +4683,7 @@ int chacha20_poly1305_aead_test(void) } if (XMEMCMP(generatedPlaintext, plaintext2, sizeof(plaintext2))) { - return -3717; + return -4517; } return err; @@ -4409,25 +4727,25 @@ int des_test(void) ret = wc_Des_SetKey(&enc, key, iv, DES_ENCRYPTION); if (ret != 0) - return -3800; + return -4600; ret = wc_Des_CbcEncrypt(&enc, cipher, vector, sizeof(vector)); if (ret != 0) - return -3801; + return -4601; ret = wc_Des_SetKey(&dec, key, iv, DES_DECRYPTION); if (ret != 0) - return -3802; + return -4602; ret = wc_Des_CbcDecrypt(&dec, plain, cipher, sizeof(cipher)); if (ret != 0) - return -3803; + return -4603; if (XMEMCMP(plain, vector, sizeof(plain))) - return -3804; + return -4604; if (XMEMCMP(cipher, verify, sizeof(cipher))) - return -3805; + return -4605; return 0; } @@ -4474,34 +4792,34 @@ int des3_test(void) if (wc_Des3Init(&enc, HEAP_HINT, devId) != 0) - return -3900; + return -4700; if (wc_Des3Init(&dec, HEAP_HINT, devId) != 0) - return -3901; + return -4701; ret = wc_Des3_SetKey(&enc, key3, iv3, DES_ENCRYPTION); if (ret != 0) - return -3902; + return -4702; ret = wc_Des3_SetKey(&dec, key3, iv3, DES_DECRYPTION); if (ret != 0) - return -3903; + return -4703; ret = wc_Des3_CbcEncrypt(&enc, cipher, vector, sizeof(vector)); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &enc.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (ret != 0) - return -3904; + return -4704; ret = wc_Des3_CbcDecrypt(&dec, plain, cipher, sizeof(cipher)); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &dec.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (ret != 0) - return -3905; + return -4705; if (XMEMCMP(plain, vector, sizeof(plain))) - return -3906; + return -4706; if (XMEMCMP(cipher, verify3, sizeof(cipher))) - return -3907; + return -4707; #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) /* test the same vectors with using compatibility layer */ @@ -4525,10 +4843,10 @@ int des3_test(void) &iv4, DES_DECRYPT); if (XMEMCMP(plain, vector, sizeof(plain))) - return -37; + return -4708; if (XMEMCMP(cipher, verify3, sizeof(cipher))) - return -38; + return -4709; } #endif /* OPENSSL_EXTRA */ @@ -4659,39 +4977,39 @@ int des3_test(void) /* 128 key tests */ ret = wc_AesSetKey(&enc, key1, AES_BLOCK_SIZE, iv, AES_ENCRYPTION); if (ret != 0) - return -1101; + return -4710; #ifdef HAVE_AES_DECRYPT /* decrypt uses AES_ENCRYPTION */ ret = wc_AesSetKey(&dec, key1, AES_BLOCK_SIZE, iv, AES_ENCRYPTION); if (ret != 0) - return -1102; + return -4711; #endif XMEMSET(cipher, 0, sizeof(cipher)); ret = wc_AesCfbEncrypt(&enc, cipher, msg1, AES_BLOCK_SIZE * 2); if (ret != 0) - return -1105; + return -4712; if (XMEMCMP(cipher, cipher1, AES_BLOCK_SIZE * 2)) - return -1106; + return -4713; /* test restarting encryption process */ ret = wc_AesCfbEncrypt(&enc, cipher + (AES_BLOCK_SIZE * 2), msg1 + (AES_BLOCK_SIZE * 2), AES_BLOCK_SIZE); if (ret != 0) - return -1107; + return -4714; if (XMEMCMP(cipher + (AES_BLOCK_SIZE * 2), cipher1 + (AES_BLOCK_SIZE * 2), AES_BLOCK_SIZE)) - return -1108; + return -4715; #ifdef HAVE_AES_DECRYPT ret = wc_AesCfbDecrypt(&dec, plain, cipher, AES_BLOCK_SIZE * 3); if (ret != 0) - return -1109; + return -4716; if (XMEMCMP(plain, msg1, AES_BLOCK_SIZE * 3)) - return -1110; + return -4717; #endif /* HAVE_AES_DECRYPT */ #endif /* WOLFSSL_AES_128 */ @@ -4699,29 +5017,29 @@ int des3_test(void) /* 192 key size test */ ret = wc_AesSetKey(&enc, key2, sizeof(key2), iv, AES_ENCRYPTION); if (ret != 0) - return -1111; + return -4718; #ifdef HAVE_AES_DECRYPT /* decrypt uses AES_ENCRYPTION */ ret = wc_AesSetKey(&dec, key2, sizeof(key2), iv, AES_ENCRYPTION); if (ret != 0) - return -1112; + return -4719; #endif XMEMSET(cipher, 0, sizeof(cipher)); ret = wc_AesCfbEncrypt(&enc, cipher, msg2, AES_BLOCK_SIZE * 4); if (ret != 0) - return -1113; + return -4720; if (XMEMCMP(cipher, cipher2, AES_BLOCK_SIZE * 4)) - return -1114; + return -4721; #ifdef HAVE_AES_DECRYPT ret = wc_AesCfbDecrypt(&dec, plain, cipher, AES_BLOCK_SIZE * 4); if (ret != 0) - return -1115; + return -4722; if (XMEMCMP(plain, msg2, AES_BLOCK_SIZE * 4)) - return -1116; + return -4723; #endif /* HAVE_AES_DECRYPT */ #endif /* WOLFSSL_AES_192 */ @@ -4729,64 +5047,64 @@ int des3_test(void) /* 256 key size test */ ret = wc_AesSetKey(&enc, key3, sizeof(key3), iv, AES_ENCRYPTION); if (ret != 0) - return -1117; + return -4724; #ifdef HAVE_AES_DECRYPT /* decrypt uses AES_ENCRYPTION */ ret = wc_AesSetKey(&dec, key3, sizeof(key3), iv, AES_ENCRYPTION); if (ret != 0) - return -1118; + return -4725; #endif /* test with data left overs, magic lengths are checking near edges */ XMEMSET(cipher, 0, sizeof(cipher)); ret = wc_AesCfbEncrypt(&enc, cipher, msg3, 4); if (ret != 0) - return -1119; + return -4726; if (XMEMCMP(cipher, cipher3, 4)) - return -1120; + return -4727; ret = wc_AesCfbEncrypt(&enc, cipher + 4, msg3 + 4, 27); if (ret != 0) - return -1121; + return -4728; if (XMEMCMP(cipher + 4, cipher3 + 4, 27)) - return -1122; + return -4729; ret = wc_AesCfbEncrypt(&enc, cipher + 31, msg3 + 31, (AES_BLOCK_SIZE * 4) - 31); if (ret != 0) - return -1123; + return -4730; if (XMEMCMP(cipher, cipher3, AES_BLOCK_SIZE * 4)) - return -1124; + return -4731; #ifdef HAVE_AES_DECRYPT ret = wc_AesCfbDecrypt(&dec, plain, cipher, 4); if (ret != 0) - return -1125; + return -4732; if (XMEMCMP(plain, msg3, 4)) - return -1126; + return -4733; ret = wc_AesCfbDecrypt(&dec, plain + 4, cipher + 4, 4); if (ret != 0) - return -1127; + return -4734; ret = wc_AesCfbDecrypt(&dec, plain + 8, cipher + 8, 23); if (ret != 0) - return -1128; + return -4735; if (XMEMCMP(plain + 4, msg3 + 4, 27)) - return -1129; + return -4736; ret = wc_AesCfbDecrypt(&dec, plain + 31, cipher + 31, (AES_BLOCK_SIZE * 4) - 31); if (ret != 0) - return -1130; + return -4737; if (XMEMCMP(plain, msg3, AES_BLOCK_SIZE * 4)) - return -1131; + return -4738; #endif /* HAVE_AES_DECRYPT */ #endif /* WOLFSSL_AES_256 */ @@ -4815,27 +5133,27 @@ static int aes_key_size_test(void) #ifdef WC_INITAES_H ret = wc_InitAes_h(NULL, NULL); if (ret != BAD_FUNC_ARG) - return -4000; + return -4800; ret = wc_InitAes_h(&aes, NULL); if (ret != 0) - return -4001; + return -4801; #endif #ifndef HAVE_FIPS /* Parameter Validation testing. */ ret = wc_AesGetKeySize(NULL, NULL); if (ret != BAD_FUNC_ARG) - return -4002; + return -4802; ret = wc_AesGetKeySize(&aes, NULL); if (ret != BAD_FUNC_ARG) - return -4003; + return -4803; ret = wc_AesGetKeySize(NULL, &keySize); if (ret != BAD_FUNC_ARG) - return -4004; + return -4804; /* Crashes in FIPS */ ret = wc_AesSetKey(NULL, key16, sizeof(key16), iv, AES_ENCRYPTION); if (ret != BAD_FUNC_ARG) - return -4005; + return -4805; #endif /* NULL IV indicates to use all zeros IV. */ ret = wc_AesSetKey(&aes, key16, sizeof(key16), NULL, AES_ENCRYPTION); @@ -4844,16 +5162,16 @@ static int aes_key_size_test(void) #else if (ret != BAD_FUNC_ARG) #endif - return -4006; + return -4806; ret = wc_AesSetKey(&aes, key32, sizeof(key32) - 1, iv, AES_ENCRYPTION); if (ret != BAD_FUNC_ARG) - return -4007; + return -4807; #ifndef HAVE_FIPS /* Force invalid rounds */ aes.rounds = 16; ret = wc_AesGetKeySize(&aes, &keySize); if (ret != BAD_FUNC_ARG) - return -4008; + return -4808; #endif ret = wc_AesSetKey(&aes, key16, sizeof(key16), iv, AES_ENCRYPTION); @@ -4862,11 +5180,11 @@ static int aes_key_size_test(void) #else if (ret != BAD_FUNC_ARG) #endif - return -4009; + return -4809; #if !defined(HAVE_FIPS) && defined(WOLFSSL_AES_128) ret = wc_AesGetKeySize(&aes, &keySize); if (ret != 0 || keySize != sizeof(key16)) - return -4010; + return -4810; #endif ret = wc_AesSetKey(&aes, key24, sizeof(key24), iv, AES_ENCRYPTION); @@ -4875,11 +5193,11 @@ static int aes_key_size_test(void) #else if (ret != BAD_FUNC_ARG) #endif - return -4011; + return -4811; #if !defined(HAVE_FIPS) && defined(WOLFSSL_AES_192) ret = wc_AesGetKeySize(&aes, &keySize); if (ret != 0 || keySize != sizeof(key24)) - return -4012; + return -4812; #endif ret = wc_AesSetKey(&aes, key32, sizeof(key32), iv, AES_ENCRYPTION); @@ -4888,11 +5206,11 @@ static int aes_key_size_test(void) #else if (ret != BAD_FUNC_ARG) #endif - return -4013; + return -4813; #if !defined(HAVE_FIPS) && defined(WOLFSSL_AES_256) ret = wc_AesGetKeySize(&aes, &keySize); if (ret != 0 || keySize != sizeof(key32)) - return -4014; + return -4814; #endif return 0; @@ -4967,28 +5285,28 @@ static int aes_xts_128_test(void) XMEMSET(buf, 0, sizeof(buf)); if (wc_AesXtsSetKey(&aes, k2, sizeof(k2), AES_ENCRYPTION, HEAP_HINT, devId) != 0) - return -4000; + return -4900; ret = wc_AesXtsEncrypt(&aes, buf, p2, sizeof(p2), i2, sizeof(i2)); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (ret != 0) - return -4001; + return -4901; if (XMEMCMP(c2, buf, sizeof(c2))) - return -4002; + return -4902; XMEMSET(buf, 0, sizeof(buf)); if (wc_AesXtsSetKey(&aes, k1, sizeof(k1), AES_ENCRYPTION, HEAP_HINT, devId) != 0) - return -4003; + return -4903; ret = wc_AesXtsEncrypt(&aes, buf, p1, sizeof(p1), i1, sizeof(i1)); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (ret != 0) - return -4004; + return -4904; if (XMEMCMP(c1, buf, AES_BLOCK_SIZE)) - return -4005; + return -4905; /* partial block encryption test */ XMEMSET(cipher, 0, sizeof(cipher)); @@ -4997,22 +5315,22 @@ static int aes_xts_128_test(void) ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (ret != 0) - return -4006; + return -4906; wc_AesXtsFree(&aes); /* partial block decrypt test */ XMEMSET(buf, 0, sizeof(buf)); if (wc_AesXtsSetKey(&aes, k1, sizeof(k1), AES_DECRYPTION, HEAP_HINT, devId) != 0) - return -4007; + return -4907; ret = wc_AesXtsDecrypt(&aes, buf, cipher, sizeof(pp), i1, sizeof(i1)); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (ret != 0) - return -4008; + return -4908; if (XMEMCMP(pp, buf, sizeof(pp))) - return -4009; + return -4909; /* NIST decrypt test vector */ XMEMSET(buf, 0, sizeof(buf)); @@ -5021,9 +5339,9 @@ static int aes_xts_128_test(void) ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (ret != 0) - return -4010; + return -4910; if (XMEMCMP(p1, buf, AES_BLOCK_SIZE)) - return -4011; + return -4911; /* fail case with decrypting using wrong key */ XMEMSET(buf, 0, sizeof(buf)); @@ -5032,23 +5350,23 @@ static int aes_xts_128_test(void) ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (ret != 0) - return -4012; + return -4912; if (XMEMCMP(p2, buf, sizeof(p2)) == 0) /* fail case with wrong key */ - return -4013; + return -4913; /* set correct key and retest */ XMEMSET(buf, 0, sizeof(buf)); if (wc_AesXtsSetKey(&aes, k2, sizeof(k2), AES_DECRYPTION, HEAP_HINT, devId) != 0) - return -4014; + return -4914; ret = wc_AesXtsDecrypt(&aes, buf, c2, sizeof(c2), i2, sizeof(i2)); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (ret != 0) - return -4015; + return -4915; if (XMEMCMP(p2, buf, sizeof(p2))) - return -4016; + return -4916; wc_AesXtsFree(&aes); return ret; @@ -5139,28 +5457,28 @@ static int aes_xts_256_test(void) XMEMSET(buf, 0, sizeof(buf)); if (wc_AesXtsSetKey(&aes, k2, sizeof(k2), AES_ENCRYPTION, HEAP_HINT, devId) != 0) - return -4017; + return -5000; ret = wc_AesXtsEncrypt(&aes, buf, p2, sizeof(p2), i2, sizeof(i2)); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (ret != 0) - return -4018; + return -5001; if (XMEMCMP(c2, buf, sizeof(c2))) - return -4019; + return -5002; XMEMSET(buf, 0, sizeof(buf)); if (wc_AesXtsSetKey(&aes, k1, sizeof(k1), AES_ENCRYPTION, HEAP_HINT, devId) != 0) - return -4020; + return -5003; ret = wc_AesXtsEncrypt(&aes, buf, p1, sizeof(p1), i1, sizeof(i1)); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (ret != 0) - return -4021; + return -5004; if (XMEMCMP(c1, buf, AES_BLOCK_SIZE)) - return -4022; + return -5005; /* partial block encryption test */ XMEMSET(cipher, 0, sizeof(cipher)); @@ -5169,22 +5487,22 @@ static int aes_xts_256_test(void) ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (ret != 0) - return -4023; + return -5006; wc_AesXtsFree(&aes); /* partial block decrypt test */ XMEMSET(buf, 0, sizeof(buf)); if (wc_AesXtsSetKey(&aes, k1, sizeof(k1), AES_DECRYPTION, HEAP_HINT, devId) != 0) - return -4024; + return -5007; ret = wc_AesXtsDecrypt(&aes, buf, cipher, sizeof(pp), i1, sizeof(i1)); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (ret != 0) - return -4025; + return -5008; if (XMEMCMP(pp, buf, sizeof(pp))) - return -4026; + return -5009; /* NIST decrypt test vector */ XMEMSET(buf, 0, sizeof(buf)); @@ -5193,22 +5511,22 @@ static int aes_xts_256_test(void) ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (ret != 0) - return -4027; + return -5010; if (XMEMCMP(p1, buf, AES_BLOCK_SIZE)) - return -4028; + return -5011; XMEMSET(buf, 0, sizeof(buf)); if (wc_AesXtsSetKey(&aes, k2, sizeof(k2), AES_DECRYPTION, HEAP_HINT, devId) != 0) - return -4029; + return -5012; ret = wc_AesXtsDecrypt(&aes, buf, c2, sizeof(c2), i2, sizeof(i2)); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (ret != 0) - return -4030; + return -5013; if (XMEMCMP(p2, buf, sizeof(p2))) - return -4031; + return -5014; wc_AesXtsFree(&aes); return ret; @@ -5273,58 +5591,58 @@ static int aes_xts_sector_test(void) XMEMSET(buf, 0, sizeof(buf)); if (wc_AesXtsSetKey(&aes, k1, sizeof(k1), AES_ENCRYPTION, HEAP_HINT, devId) != 0) - return -4032; + return -5100; ret = wc_AesXtsEncryptSector(&aes, buf, p1, sizeof(p1), s1); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (ret != 0) - return -4033; + return -5101; if (XMEMCMP(c1, buf, AES_BLOCK_SIZE)) - return -4034; + return -5102; /* decrypt test */ XMEMSET(buf, 0, sizeof(buf)); if (wc_AesXtsSetKey(&aes, k1, sizeof(k1), AES_DECRYPTION, HEAP_HINT, devId) != 0) - return -4035; + return -5103; ret = wc_AesXtsDecryptSector(&aes, buf, c1, sizeof(c1), s1); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (ret != 0) - return -4036; + return -5104; if (XMEMCMP(p1, buf, AES_BLOCK_SIZE)) - return -4037; + return -5105; wc_AesXtsFree(&aes); /* 256 bit key tests */ XMEMSET(buf, 0, sizeof(buf)); if (wc_AesXtsSetKey(&aes, k2, sizeof(k2), AES_ENCRYPTION, HEAP_HINT, devId) != 0) - return -4038; + return -5106; ret = wc_AesXtsEncryptSector(&aes, buf, p2, sizeof(p2), s2); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (ret != 0) - return -4039; + return -5107; if (XMEMCMP(c2, buf, sizeof(c2))) - return -4040; + return -5108; /* decrypt test */ XMEMSET(buf, 0, sizeof(buf)); if (wc_AesXtsSetKey(&aes, k2, sizeof(k2), AES_DECRYPTION, HEAP_HINT, devId) != 0) - return -4041; + return -5109; ret = wc_AesXtsDecryptSector(&aes, buf, c2, sizeof(c2), s2); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (ret != 0) - return -4042; + return -5110; if (XMEMCMP(p2, buf, sizeof(p2))) - return -4043; + return -5111; wc_AesXtsFree(&aes); return ret; @@ -5361,47 +5679,47 @@ static int aes_xts_args_test(void) if (wc_AesXtsSetKey(NULL, k1, sizeof(k1), AES_ENCRYPTION, HEAP_HINT, devId) == 0) - return -4044; + return -5200; if (wc_AesXtsSetKey(&aes, NULL, sizeof(k1), AES_ENCRYPTION, HEAP_HINT, devId) == 0) - return -4045; + return -5201; /* encryption operations */ if (wc_AesXtsSetKey(&aes, k1, sizeof(k1), AES_ENCRYPTION, HEAP_HINT, devId) != 0) - return -4046; + return -5202; ret = wc_AesXtsEncryptSector(NULL, buf, p1, sizeof(p1), s1); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (ret == 0) - return -4047; + return -5203; ret = wc_AesXtsEncryptSector(&aes, NULL, p1, sizeof(p1), s1); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (ret == 0) - return -4048; + return -5204; wc_AesXtsFree(&aes); /* decryption operations */ if (wc_AesXtsSetKey(&aes, k1, sizeof(k1), AES_DECRYPTION, HEAP_HINT, devId) != 0) - return -4046; + return -5205; ret = wc_AesXtsDecryptSector(NULL, buf, c1, sizeof(c1), s1); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (ret == 0) - return -4049; + return -5206; ret = wc_AesXtsDecryptSector(&aes, NULL, c1, sizeof(c1), s1); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (ret == 0) - return -4050; + return -5207; wc_AesXtsFree(&aes); return 0; @@ -5426,24 +5744,24 @@ static int aes_cbc_test(void) /* Parameter Validation testing. */ ret = wc_AesCbcEncryptWithKey(cipher, msg, AES_BLOCK_SIZE, key, 17, NULL); if (ret != BAD_FUNC_ARG) - return -4100; + return -5300; #ifdef HAVE_AES_DECRYPT ret = wc_AesCbcDecryptWithKey(plain, cipher, AES_BLOCK_SIZE, key, 17, NULL); if (ret != BAD_FUNC_ARG) - return -4101; + return -5301; #endif ret = wc_AesCbcEncryptWithKey(cipher, msg, AES_BLOCK_SIZE, key, AES_BLOCK_SIZE, iv); if (ret != 0) - return -4102; + return -5302; #ifdef HAVE_AES_DECRYPT ret = wc_AesCbcDecryptWithKey(plain, cipher, AES_BLOCK_SIZE, key, AES_BLOCK_SIZE, iv); if (ret != 0) - return -4103; + return -5303; if (XMEMCMP(plain, msg, AES_BLOCK_SIZE) != 0) - return -4104; + return -5304; #endif /* HAVE_AES_DECRYPT */ (void)plain; @@ -5482,18 +5800,18 @@ int aes_test(void) #ifdef WOLFSSL_ASYNC_CRYPT if (wc_AesInit(&enc, HEAP_HINT, devId) != 0) - return -4200; + return -5400; if (wc_AesInit(&dec, HEAP_HINT, devId) != 0) - return -4201; + return -5401; #endif ret = wc_AesSetKey(&enc, key, AES_BLOCK_SIZE, iv, AES_ENCRYPTION); if (ret != 0) - return -4202; + return -5402; #ifdef HAVE_AES_DECRYPT ret = wc_AesSetKey(&dec, key, AES_BLOCK_SIZE, iv, AES_DECRYPTION); if (ret != 0) - return -4203; + return -5403; #endif ret = wc_AesCbcEncrypt(&enc, cipher, msg, AES_BLOCK_SIZE); @@ -5501,20 +5819,20 @@ int aes_test(void) ret = wc_AsyncWait(ret, &enc.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (ret != 0) - return -4204; + return -5404; #ifdef HAVE_AES_DECRYPT ret = wc_AesCbcDecrypt(&dec, plain, cipher, AES_BLOCK_SIZE); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &dec.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (ret != 0) - return -4205; + return -5405; if (XMEMCMP(plain, msg, AES_BLOCK_SIZE)) - return -4206; + return -5406; #endif /* HAVE_AES_DECRYPT */ if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE)) - return -4207; + return -5407; #endif /* WOLFSSL_AES_128 */ #if defined(WOLFSSL_AESNI) && defined(HAVE_AES_DECRYPT) @@ -5586,27 +5904,27 @@ int aes_test(void) XMEMSET(bigPlain, 0, sizeof(bigPlain)); ret = wc_AesSetKey(&enc, bigKey, keySz, iv, AES_ENCRYPTION); if (ret != 0) - return -4208; + return -5408; ret = wc_AesSetKey(&dec, bigKey, keySz, iv, AES_DECRYPTION); if (ret != 0) - return -4209; + return -5409; ret = wc_AesCbcEncrypt(&enc, bigCipher, bigMsg, msgSz); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &enc.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (ret != 0) - return -4210; + return -5410; ret = wc_AesCbcDecrypt(&dec, bigPlain, bigCipher, msgSz); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &dec.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (ret != 0) - return -4211; + return -5411; if (XMEMCMP(bigPlain, bigMsg, msgSz)) - return -4212; + return -5412; } } } @@ -5645,16 +5963,16 @@ int aes_test(void) ret = wc_AesSetKey(&enc, key2, sizeof(key2), iv2, AES_ENCRYPTION); if (ret != 0) - return -5366; + return -5413; XMEMSET(cipher, 0, AES_BLOCK_SIZE * 2); ret = wc_AesCbcEncrypt(&enc, cipher, msg2, AES_BLOCK_SIZE); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &enc.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (ret != 0) - return -5367; + return -5414; if (XMEMCMP(cipher, verify2, AES_BLOCK_SIZE)) - return -5368; + return -5415; ret = wc_AesCbcEncrypt(&enc, cipher + AES_BLOCK_SIZE, msg2 + AES_BLOCK_SIZE, AES_BLOCK_SIZE); @@ -5662,24 +5980,24 @@ int aes_test(void) ret = wc_AsyncWait(ret, &enc.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (ret != 0) - return -5369; + return -5416; if (XMEMCMP(cipher + AES_BLOCK_SIZE, verify2 + AES_BLOCK_SIZE, AES_BLOCK_SIZE)) - return -5370; + return -5417; #if defined(HAVE_AES_DECRYPT) ret = wc_AesSetKey(&dec, key2, sizeof(key2), iv2, AES_DECRYPTION); if (ret != 0) - return -5371; + return -5418; XMEMSET(plain, 0, AES_BLOCK_SIZE * 2); ret = wc_AesCbcDecrypt(&dec, plain, verify2, AES_BLOCK_SIZE); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &dec.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (ret != 0) - return -5372; + return -5419; if (XMEMCMP(plain, msg2, AES_BLOCK_SIZE)) - return -5373; + return -5420; ret = wc_AesCbcDecrypt(&dec, plain + AES_BLOCK_SIZE, verify2 + AES_BLOCK_SIZE, AES_BLOCK_SIZE); @@ -5687,10 +6005,10 @@ int aes_test(void) ret = wc_AsyncWait(ret, &dec.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (ret != 0) - return -5374; + return -5421; if (XMEMCMP(plain + AES_BLOCK_SIZE, msg2 + AES_BLOCK_SIZE, AES_BLOCK_SIZE)) - return -5375; + return -5422; #endif /* HAVE_AES_DECRYPT */ } @@ -5797,17 +6115,17 @@ int aes_test(void) ret = wc_AesCtrEncrypt(&enc, cipher, ctrPlain, sizeof(ctrPlain)); if (ret != 0) { - return -4227; + return -5423; } ret = wc_AesCtrEncrypt(&dec, plain, cipher, sizeof(ctrPlain)); if (ret != 0) { - return -4228; + return -5424; } if (XMEMCMP(plain, ctrPlain, sizeof(ctrPlain))) - return -4213; + return -5425; if (XMEMCMP(cipher, ctr128Cipher, sizeof(ctr128Cipher))) - return -4214; + return -5426; /* let's try with just 9 bytes, non block size test */ wc_AesSetKeyDirect(&enc, ctr128Key, AES_BLOCK_SIZE, @@ -5818,34 +6136,34 @@ int aes_test(void) ret = wc_AesCtrEncrypt(&enc, cipher, ctrPlain, sizeof(oddCipher)); if (ret != 0) { - return -4229; + return -5427; } ret = wc_AesCtrEncrypt(&dec, plain, cipher, sizeof(oddCipher)); if (ret != 0) { - return -4230; + return -5428; } if (XMEMCMP(plain, ctrPlain, sizeof(oddCipher))) - return -4215; + return -5429; if (XMEMCMP(cipher, ctr128Cipher, sizeof(oddCipher))) - return -4216; + return -5430; /* and an additional 9 bytes to reuse tmp left buffer */ ret = wc_AesCtrEncrypt(&enc, cipher, ctrPlain, sizeof(oddCipher)); if (ret != 0) { - return -4231; + return -5431; } ret = wc_AesCtrEncrypt(&dec, plain, cipher, sizeof(oddCipher)); if (ret != 0) { - return -4232; + return -5432; } if (XMEMCMP(plain, ctrPlain, sizeof(oddCipher))) - return -4217; + return -5433; if (XMEMCMP(cipher, oddCipher, sizeof(oddCipher))) - return -4218; + return -5434; #endif /* WOLFSSL_AES_128 */ #ifdef WOLFSSL_AES_192 @@ -5859,18 +6177,18 @@ int aes_test(void) XMEMSET(plain, 0, sizeof(plain)); ret = wc_AesCtrEncrypt(&enc, plain, ctr192Cipher, sizeof(ctr192Cipher)); if (ret != 0) { - return -4233; + return -5435; } if (XMEMCMP(plain, ctrPlain, sizeof(ctr192Cipher))) - return -4219; + return -5436; ret = wc_AesCtrEncrypt(&dec, cipher, ctrPlain, sizeof(ctrPlain)); if (ret != 0) { - return -4234; + return -5437; } if (XMEMCMP(ctr192Cipher, cipher, sizeof(ctr192Cipher))) - return -4220; + return -5438; #endif /* WOLFSSL_AES_192 */ #ifdef WOLFSSL_AES_256 @@ -5884,18 +6202,18 @@ int aes_test(void) XMEMSET(plain, 0, sizeof(plain)); ret = wc_AesCtrEncrypt(&enc, plain, ctr256Cipher, sizeof(ctr256Cipher)); if (ret != 0) { - return -4235; + return -5439; } if (XMEMCMP(plain, ctrPlain, sizeof(ctrPlain))) - return -4221; + return -5440; ret = wc_AesCtrEncrypt(&dec, cipher, ctrPlain, sizeof(ctrPlain)); if (ret != 0) { - return -4236; + return -5441; } if (XMEMCMP(ctr256Cipher, cipher, sizeof(ctr256Cipher))) - return -4222; + return -5442; #endif /* WOLFSSL_AES_256 */ } #endif /* WOLFSSL_AES_COUNTER */ @@ -5925,18 +6243,18 @@ int aes_test(void) XMEMSET(cipher, 0, AES_BLOCK_SIZE); ret = wc_AesSetKey(&enc, niKey, sizeof(niKey), cipher, AES_ENCRYPTION); if (ret != 0) - return -4223; + return -5443; wc_AesEncryptDirect(&enc, cipher, niPlain); if (XMEMCMP(cipher, niCipher, AES_BLOCK_SIZE) != 0) - return -4224; + return -5444; XMEMSET(plain, 0, AES_BLOCK_SIZE); ret = wc_AesSetKey(&dec, niKey, sizeof(niKey), plain, AES_DECRYPTION); if (ret != 0) - return -4225; + return -5445; wc_AesDecryptDirect(&dec, plain, niCipher); if (XMEMCMP(plain, niPlain, AES_BLOCK_SIZE) != 0) - return -4226; + return -5446; } #endif /* WOLFSSL_AES_DIRECT && WOLFSSL_AES_256 */ @@ -6031,19 +6349,19 @@ int aes192_test(void) if (wc_AesInit(&enc, HEAP_HINT, devId) != 0) - return -4230; + return -5500; #ifdef HAVE_AES_DECRYPT if (wc_AesInit(&dec, HEAP_HINT, devId) != 0) - return -4231; + return -5501; #endif ret = wc_AesSetKey(&enc, key, (int) sizeof(key), iv, AES_ENCRYPTION); if (ret != 0) - return -4232; + return -5502; #ifdef HAVE_AES_DECRYPT ret = wc_AesSetKey(&dec, key, (int) sizeof(key), iv, AES_DECRYPTION); if (ret != 0) - return -4233; + return -5503; #endif ret = wc_AesCbcEncrypt(&enc, cipher, msg, (int) sizeof(msg)); @@ -6051,21 +6369,21 @@ int aes192_test(void) ret = wc_AsyncWait(ret, &enc.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (ret != 0) - return -4234; + return -5504; #ifdef HAVE_AES_DECRYPT ret = wc_AesCbcDecrypt(&dec, plain, cipher, (int) sizeof(cipher)); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &dec.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (ret != 0) - return -4235; + return -5505; if (XMEMCMP(plain, msg, (int) sizeof(plain))) { - return -4236; + return -5506; } #endif if (XMEMCMP(cipher, verify, (int) sizeof(cipher))) - return -4237; + return -5507; wc_AesFree(&enc); #ifdef HAVE_AES_DECRYPT @@ -6118,19 +6436,19 @@ int aes256_test(void) if (wc_AesInit(&enc, HEAP_HINT, devId) != 0) - return -4240; + return -5600; #ifdef HAVE_AES_DECRYPT if (wc_AesInit(&dec, HEAP_HINT, devId) != 0) - return -4241; + return -5601; #endif ret = wc_AesSetKey(&enc, key, (int) sizeof(key), iv, AES_ENCRYPTION); if (ret != 0) - return -4242; + return -5602; #ifdef HAVE_AES_DECRYPT ret = wc_AesSetKey(&dec, key, (int) sizeof(key), iv, AES_DECRYPTION); if (ret != 0) - return -4243; + return -5603; #endif ret = wc_AesCbcEncrypt(&enc, cipher, msg, (int) sizeof(msg)); @@ -6138,21 +6456,21 @@ int aes256_test(void) ret = wc_AsyncWait(ret, &enc.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (ret != 0) - return -4244; + return -5604; #ifdef HAVE_AES_DECRYPT ret = wc_AesCbcDecrypt(&dec, plain, cipher, (int) sizeof(cipher)); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &dec.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (ret != 0) - return -4245; + return -5605; if (XMEMCMP(plain, msg, (int) sizeof(plain))) { - return -4246; + return -5606; } #endif if (XMEMCMP(cipher, verify, (int) sizeof(cipher))) - return -4247; + return -5607; wc_AesFree(&enc); #ifdef HAVE_AES_DECRYPT @@ -6343,13 +6661,13 @@ int aesgcm_test(void) XMEMSET(resultP, 0, sizeof(resultP)); if (wc_AesInit(&enc, HEAP_HINT, devId) != 0) { - return -4300; + return -5700; } #ifdef WOLFSSL_AES_256 result = wc_AesGcmSetKey(&enc, k1, sizeof(k1)); if (result != 0) - return -4301; + return -5701; /* AES-GCM encrypt and decrypt both use AES encrypt internally */ result = wc_AesGcmEncrypt(&enc, resultC, p, sizeof(p), iv1, sizeof(iv1), @@ -6358,11 +6676,11 @@ int aesgcm_test(void) result = wc_AsyncWait(result, &enc.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (result != 0) - return -4302; + return -5702; if (XMEMCMP(c1, resultC, sizeof(resultC))) - return -4303; + return -5703; if (XMEMCMP(t1, resultT, sizeof(resultT))) - return -4304; + return -5704; #ifdef HAVE_AES_DECRYPT result = wc_AesGcmDecrypt(&enc, resultP, resultC, sizeof(resultC), @@ -6371,9 +6689,9 @@ int aesgcm_test(void) result = wc_AsyncWait(result, &enc.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (result != 0) - return -4305; + return -5705; if (XMEMCMP(p, resultP, sizeof(resultP))) - return -4306; + return -5706; #endif /* HAVE_AES_DECRYPT */ /* Large buffer test */ @@ -6390,7 +6708,7 @@ int aesgcm_test(void) result = wc_AsyncWait(result, &enc.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (result != 0) - return -4307; + return -5707; #ifdef HAVE_AES_DECRYPT result = wc_AesGcmDecrypt(&enc, large_outdec, large_output, @@ -6400,9 +6718,9 @@ int aesgcm_test(void) result = wc_AsyncWait(result, &enc.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (result != 0) - return -4308; + return -5708; if (XMEMCMP(large_input, large_outdec, BENCH_AESGCM_LARGE)) - return -4309; + return -5709; #endif /* HAVE_AES_DECRYPT */ #endif /* BENCH_AESGCM_LARGE */ #ifdef ENABLE_NON_12BYTE_IV_TEST @@ -6415,7 +6733,7 @@ int aesgcm_test(void) result = wc_AsyncWait(result, &enc.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (result != 0) - return -4310; + return -5710; #ifdef HAVE_AES_DECRYPT result = wc_AesGcmDecrypt(&enc, resultP, resultC, sizeof(resultC), k1, (word32)ivlen, resultT, sizeof(resultT), a, sizeof(a)); @@ -6423,7 +6741,7 @@ int aesgcm_test(void) result = wc_AsyncWait(result, &enc.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (result != 0) - return -4311; + return -5711; #endif /* HAVE_AES_DECRYPT */ } #endif @@ -6437,7 +6755,7 @@ int aesgcm_test(void) result = wc_AsyncWait(result, &enc.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (result != 0) - return -4312; + return -5712; #ifdef HAVE_AES_DECRYPT result = wc_AesGcmDecrypt(&enc, resultP, resultC, sizeof(resultC), iv1, sizeof(iv1), resultT, sizeof(resultT), p, (word32)alen); @@ -6445,7 +6763,7 @@ int aesgcm_test(void) result = wc_AsyncWait(result, &enc.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (result != 0) - return -4313; + return -5713; #endif /* HAVE_AES_DECRYPT */ } @@ -6460,7 +6778,7 @@ int aesgcm_test(void) result = wc_AsyncWait(result, &enc.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (result != 0) - return -4314; + return -5714; #ifdef HAVE_AES_DECRYPT result = wc_AesGcmDecrypt(&enc, large_outdec, large_output, @@ -6470,7 +6788,7 @@ int aesgcm_test(void) result = wc_AsyncWait(result, &enc.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (result != 0) - return -4315; + return -5715; #endif /* HAVE_AES_DECRYPT */ } #else @@ -6483,7 +6801,7 @@ int aesgcm_test(void) result = wc_AsyncWait(result, &enc.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (result != 0) - return -4314; + return -5716; #ifdef HAVE_AES_DECRYPT result = wc_AesGcmDecrypt(&enc, resultP, resultC, (word32)plen, iv1, sizeof(iv1), resultT, sizeof(resultT), a, sizeof(a)); @@ -6491,7 +6809,7 @@ int aesgcm_test(void) result = wc_AsyncWait(result, &enc.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (result != 0) - return -4315; + return -5717; #endif /* HAVE_AES_DECRYPT */ } #endif /* BENCH_AESGCM_LARGE */ @@ -6512,11 +6830,11 @@ int aesgcm_test(void) result = wc_AsyncWait(result, &enc.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (result != 0) - return -4316; + return -5718; if (XMEMCMP(c2, resultC, sizeof(resultC))) - return -4317; + return -5719; if (XMEMCMP(t2, resultT, sizeof(resultT))) - return -4318; + return -5720; #ifdef HAVE_AES_DECRYPT result = wc_AesGcmDecrypt(&enc, resultP, resultC, sizeof(resultC), @@ -6525,9 +6843,9 @@ int aesgcm_test(void) result = wc_AsyncWait(result, &enc.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (result != 0) - return -4319; + return -5721; if (XMEMCMP(p, resultP, sizeof(resultP))) - return -4320; + return -5722; #endif /* HAVE_AES_DECRYPT */ XMEMSET(resultT, 0, sizeof(resultT)); @@ -6543,11 +6861,11 @@ int aesgcm_test(void) result = wc_AsyncWait(result, &enc.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (result != 0) - return -8209; + return -5723; if (XMEMCMP(c3, resultC, sizeof(c3))) - return -8210; + return -5724; if (XMEMCMP(t3, resultT, sizeof(t3))) - return -8211; + return -5725; #ifdef HAVE_AES_DECRYPT result = wc_AesGcmDecrypt(&enc, resultP, resultC, sizeof(c3), @@ -6556,9 +6874,9 @@ int aesgcm_test(void) result = wc_AsyncWait(result, &enc.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (result != 0) - return -8212; + return -5726; if (XMEMCMP(p3, resultP, sizeof(p3))) - return -8213; + return -5727; #endif /* HAVE_AES_DECRYPT */ #endif /* WOLFSSL_AES_128 */ #endif /* ENABLE_NON_12BYTE_IV_TEST */ @@ -6576,11 +6894,11 @@ int aesgcm_test(void) result = wc_AsyncWait(result, &enc.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (result != 0) - return -4321; + return -5728; if (XMEMCMP(c1, resultC, sizeof(resultC))) - return -4322; + return -5729; if (XMEMCMP(t1, resultT + 1, sizeof(resultT) - 1)) - return -4323; + return -5730; #ifdef HAVE_AES_DECRYPT result = wc_AesGcmDecrypt(&enc, resultP, resultC, sizeof(resultC), @@ -6589,9 +6907,9 @@ int aesgcm_test(void) result = wc_AsyncWait(result, &enc.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (result != 0) - return -4324; + return -5731; if (XMEMCMP(p, resultP, sizeof(resultP))) - return -4325; + return -5732; #endif /* HAVE_AES_DECRYPT */ #endif /* WOLFSSL_AES_256 */ wc_AesFree(&enc); @@ -6653,13 +6971,13 @@ int gmac_test(void) wc_GmacSetKey(&gmac, k1, sizeof(k1)); wc_GmacUpdate(&gmac, iv1, sizeof(iv1), a1, sizeof(a1), tag, sizeof(t1)); if (XMEMCMP(t1, tag, sizeof(t1)) != 0) - return -4400; + return -5800; XMEMSET(tag, 0, sizeof(tag)); wc_GmacSetKey(&gmac, k2, sizeof(k2)); wc_GmacUpdate(&gmac, iv2, sizeof(iv2), a2, sizeof(a2), tag, sizeof(t2)); if (XMEMCMP(t2, tag, sizeof(t2)) != 0) - return -4401; + return -5801; return 0; } @@ -6723,37 +7041,37 @@ int aesccm_test(void) result = wc_AesCcmSetKey(&enc, k, sizeof(k)); if (result != 0) - return -4500; + return -5900; /* AES-CCM encrypt and decrypt both use AES encrypt internally */ result = wc_AesCcmEncrypt(&enc, c2, p, sizeof(c2), iv, sizeof(iv), t2, sizeof(t2), a, sizeof(a)); if (result != 0) - return -4501; + return -5901; if (XMEMCMP(c, c2, sizeof(c2))) - return -4502; + return -5902; if (XMEMCMP(t, t2, sizeof(t2))) - return -4503; + return -5903; result = wc_AesCcmDecrypt(&enc, p2, c2, sizeof(p2), iv, sizeof(iv), t2, sizeof(t2), a, sizeof(a)); if (result != 0) - return -4504; + return -5904; if (XMEMCMP(p, p2, sizeof(p2))) - return -4505; + return -5905; /* Test the authentication failure */ t2[0]++; /* Corrupt the authentication tag. */ result = wc_AesCcmDecrypt(&enc, p2, c, sizeof(p2), iv, sizeof(iv), t2, sizeof(t2), a, sizeof(a)); if (result == 0) - return -4506; + return -5906; /* Clear c2 to compare against p2. p2 should be set to zero in case of * authentication fail. */ XMEMSET(c2, 0, sizeof(c2)); if (XMEMCMP(p2, c2, sizeof(p2))) - return -4507; + return -5907; return 0; } @@ -6942,20 +7260,20 @@ int aeskeywrap_test(void) output, sizeof(output), NULL); if ( (wrapSz < 0) || (wrapSz != (int)test_wrap[i].verifyLen) ) - return -4600; + return -6000; if (XMEMCMP(output, test_wrap[i].verify, test_wrap[i].verifyLen) != 0) - return -4601; + return -6001; plainSz = wc_AesKeyUnWrap((byte*)test_wrap[i].kek, test_wrap[i].kekLen, output, wrapSz, plain, sizeof(plain), NULL); if ( (plainSz < 0) || (plainSz != (int)test_wrap[i].dataLen) ) - return -4602; + return -6002; if (XMEMCMP(plain, test_wrap[i].data, test_wrap[i].dataLen) != 0) - return -4610 - i; + return -6003 - i; } return 0; @@ -7148,24 +7466,24 @@ int camellia_test(void) /* Setting the IV and checking it was actually set. */ ret = wc_CamelliaSetIV(&cam, ivc); if (ret != 0 || XMEMCMP(cam.reg, ivc, CAMELLIA_BLOCK_SIZE)) - return -4700; + return -6100; /* Setting the IV to NULL should be same as all zeros IV */ if (wc_CamelliaSetIV(&cam, NULL) != 0 || XMEMCMP(cam.reg, ive, CAMELLIA_BLOCK_SIZE)) - return -4701; + return -6101; /* First parameter should never be null */ if (wc_CamelliaSetIV(NULL, NULL) == 0) - return -4702; + return -6102; /* First parameter should never be null, check it fails */ if (wc_CamelliaSetKey(NULL, k1, sizeof(k1), NULL) == 0) - return -4703; + return -6103; /* Key should have a size of 16, 24, or 32 */ if (wc_CamelliaSetKey(&cam, k1, 0, NULL) == 0) - return -4704; + return -6104; return 0; } @@ -7242,14 +7560,14 @@ int idea_test(void) NULL, IDEA_ENCRYPTION); if (ret != 0) { printf("wc_IdeaSetKey (enc) failed\n"); - return -4800; + return -6200; } /* Data encryption */ ret = wc_IdeaCipher(&idea, data, v1_plain[i]); if (ret != 0 || XMEMCMP(&v1_cipher[i], data, IDEA_BLOCK_SIZE)) { printf("Bad encryption\n"); - return -4801; + return -6201; } /* Set decryption key */ @@ -7258,14 +7576,14 @@ int idea_test(void) NULL, IDEA_DECRYPTION); if (ret != 0) { printf("wc_IdeaSetKey (dec) failed\n"); - return -4802; + return -6202; } /* Data decryption */ ret = wc_IdeaCipher(&idea, data, data); if (ret != 0 || XMEMCMP(v1_plain[i], data, IDEA_BLOCK_SIZE)) { printf("Bad decryption\n"); - return -4803; + return -6203; } /* Set encryption key */ @@ -7274,7 +7592,7 @@ int idea_test(void) v_key[i], IDEA_ENCRYPTION); if (ret != 0) { printf("wc_IdeaSetKey (enc) failed\n"); - return -4804; + return -6204; } XMEMSET(msg_enc, 0, sizeof(msg_enc)); @@ -7282,7 +7600,7 @@ int idea_test(void) (word32)XSTRLEN(message)+1); if (ret != 0) { printf("wc_IdeaCbcEncrypt failed\n"); - return -4805; + return -6205; } /* Set decryption key */ @@ -7291,7 +7609,7 @@ int idea_test(void) v_key[i], IDEA_DECRYPTION); if (ret != 0) { printf("wc_IdeaSetKey (dec) failed\n"); - return -4806; + return -6206; } XMEMSET(msg_dec, 0, sizeof(msg_dec)); @@ -7299,12 +7617,12 @@ int idea_test(void) (word32)XSTRLEN(message)+1); if (ret != 0) { printf("wc_IdeaCbcDecrypt failed\n"); - return -4807; + return -6207; } if (XMEMCMP(message, msg_dec, (word32)XSTRLEN(message))) { printf("Bad CBC decryption\n"); - return -4808; + return -6208; } } @@ -7315,7 +7633,7 @@ int idea_test(void) NULL, IDEA_ENCRYPTION); if (ret != 0) { printf("wc_IdeaSetKey (enc) failed\n"); - return -4809; + return -6209; } /* 100 times data encryption */ @@ -7323,13 +7641,13 @@ int idea_test(void) for (j = 0; j < 100; j++) { ret = wc_IdeaCipher(&idea, data, data); if (ret != 0) { - return -4821; + return -6210; } } if (XMEMCMP(v1_cipher_100[i], data, IDEA_BLOCK_SIZE)) { printf("Bad encryption (100 times)\n"); - return -4810; + return -6211; } /* 1000 times data encryption */ @@ -7337,13 +7655,13 @@ int idea_test(void) for (j = 0; j < 1000; j++) { ret = wc_IdeaCipher(&idea, data, data); if (ret != 0) { - return -4822; + return -6212; } } if (XMEMCMP(v1_cipher_1000[i], data, IDEA_BLOCK_SIZE)) { printf("Bad encryption (100 times)\n"); - return -4811; + return -6213; } } @@ -7361,30 +7679,30 @@ int idea_test(void) ret = wc_InitRng(&rng); #endif if (ret != 0) - return -4812; + return -6214; for (i = 0; i < 1000; i++) { /* random key */ ret = wc_RNG_GenerateBlock(&rng, key, sizeof(key)); if (ret != 0) - return -4813; + return -6215; /* random iv */ ret = wc_RNG_GenerateBlock(&rng, iv, sizeof(iv)); if (ret != 0) - return -4814; + return -6216; /* random data */ ret = wc_RNG_GenerateBlock(&rng, rnd, sizeof(rnd)); if (ret != 0) - return -4815; + return -6217; /* Set encryption key */ XMEMSET(&idea, 0, sizeof(Idea)); ret = wc_IdeaSetKey(&idea, key, IDEA_KEY_SIZE, iv, IDEA_ENCRYPTION); if (ret != 0) { printf("wc_IdeaSetKey (enc) failed\n"); - return -4816; + return -6218; } /* Data encryption */ @@ -7392,7 +7710,7 @@ int idea_test(void) ret = wc_IdeaCbcEncrypt(&idea, enc, rnd, sizeof(rnd)); if (ret != 0) { printf("wc_IdeaCbcEncrypt failed\n"); - return -4817; + return -6219; } /* Set decryption key */ @@ -7400,7 +7718,7 @@ int idea_test(void) ret = wc_IdeaSetKey(&idea, key, IDEA_KEY_SIZE, iv, IDEA_DECRYPTION); if (ret != 0) { printf("wc_IdeaSetKey (enc) failed\n"); - return -4818; + return -6220; } /* Data decryption */ @@ -7408,12 +7726,12 @@ int idea_test(void) ret = wc_IdeaCbcDecrypt(&idea, dec, enc, sizeof(enc)); if (ret != 0) { printf("wc_IdeaCbcDecrypt failed\n"); - return -4819; + return -6221; } if (XMEMCMP(rnd, dec, sizeof(rnd))) { printf("Bad CBC decryption\n"); - return -4820; + return -6222; } } @@ -7438,13 +7756,13 @@ static int random_rng_test(void) #else ret = wc_InitRng(&rng); #endif - if (ret != 0) return -4900; + if (ret != 0) return -6300; XMEMSET(block, 0, sizeof(block)); ret = wc_RNG_GenerateBlock(&rng, block, sizeof(block)); if (ret != 0) { - ret = -4901; + ret = -6301; goto exit; } @@ -7456,16 +7774,40 @@ static int random_rng_test(void) } /* All zeros count check */ if (ret >= (int)sizeof(block)) { - ret = -4902; + ret = -6302; goto exit; } ret = wc_RNG_GenerateByte(&rng, block); if (ret != 0) { - ret = -4903; + ret = -6303; goto exit; } + /* Parameter validation testing. */ + ret = wc_RNG_GenerateBlock(NULL, block, sizeof(block)); + if (ret != BAD_FUNC_ARG) { + ret = -6304; + goto exit; + } + ret = wc_RNG_GenerateBlock(&rng, NULL, sizeof(block)); + if (ret != BAD_FUNC_ARG) { + ret = -6305; + goto exit; + } + + ret = wc_RNG_GenerateByte(NULL, block); + if (ret != BAD_FUNC_ARG) { + ret = -6306; + goto exit; + } + ret = wc_RNG_GenerateByte(&rng, NULL); + if (ret != BAD_FUNC_ARG) { + ret = -6307; + goto exit; + } + + ret = 0; exit: /* Make sure and free RNG */ wc_FreeRng(&rng); @@ -7532,23 +7874,23 @@ int random_test(void) ret = wc_RNG_HealthTest(0, test1Entropy, sizeof(test1Entropy), NULL, 0, output, sizeof(output)); if (ret != 0) - return -5000; + return -6400; if (XMEMCMP(test1Output, output, sizeof(output)) != 0) - return -5001; + return -6401; ret = wc_RNG_HealthTest(1, test2EntropyA, sizeof(test2EntropyA), test2EntropyB, sizeof(test2EntropyB), output, sizeof(output)); if (ret != 0) - return -5002; + return -6402; if (XMEMCMP(test2Output, output, sizeof(output)) != 0) - return -5003; + return -6403; /* Basic RNG generate block test */ - if (random_rng_test() != 0) - return -5004; + if ((ret = random_rng_test()) != 0) + return ret; return 0; } @@ -7579,84 +7921,84 @@ int memory_test(void) /* check macro settings */ if (sizeof(size)/sizeof(word32) != WOLFMEM_MAX_BUCKETS) { - return -5100; + return -6500; } if (sizeof(dist)/sizeof(word32) != WOLFMEM_MAX_BUCKETS) { - return -5101; + return -6501; } for (i = 0; i < WOLFMEM_MAX_BUCKETS; i++) { if ((size[i] % WOLFSSL_STATIC_ALIGN) != 0) { /* each element in array should be divisable by alignment size */ - return -5102; + return -6502; } } for (i = 1; i < WOLFMEM_MAX_BUCKETS; i++) { if (size[i - 1] >= size[i]) { - return -5103; /* sizes should be in increasing order */ + return -6503; /* sizes should be in increasing order */ } } /* check that padding size returned is possible */ if (wolfSSL_MemoryPaddingSz() < WOLFSSL_STATIC_ALIGN) { - return -5104; /* no room for wc_Memory struct */ + return -6504; /* no room for wc_Memory struct */ } if (wolfSSL_MemoryPaddingSz() < 0) { - return -5105; + return -6505; } if (wolfSSL_MemoryPaddingSz() % WOLFSSL_STATIC_ALIGN != 0) { - return -5106; /* not aligned! */ + return -6506; /* not aligned! */ } /* check function to return optimum buffer size (rounded down) */ ret = wolfSSL_StaticBufferSz(buffer, sizeof(buffer), WOLFMEM_GENERAL); if ((ret - pad) % WOLFSSL_STATIC_ALIGN != 0) { - return -5107; /* not aligned! */ + return -6507; /* not aligned! */ } if (ret < 0) { - return -5108; + return -6508; } if ((unsigned int)ret > sizeof(buffer)) { - return -5109; /* did not round down as expected */ + return -6509; /* did not round down as expected */ } if (ret != wolfSSL_StaticBufferSz(buffer, ret, WOLFMEM_GENERAL)) { - return -5110; /* retrun value changed when using suggested value */ + return -6510; /* retrun value changed when using suggested value */ } ret = wolfSSL_MemoryPaddingSz(); ret += pad; /* add space that is going to be needed if buffer not aligned */ if (wolfSSL_StaticBufferSz(buffer, size[0] + ret + 1, WOLFMEM_GENERAL) != (ret + (int)size[0])) { - return -5111; /* did not round down to nearest bucket value */ + return -6511; /* did not round down to nearest bucket value */ } ret = wolfSSL_StaticBufferSz(buffer, sizeof(buffer), WOLFMEM_IO_POOL); if ((ret - pad) < 0) { - return -5112; + return -6512; } if (((ret - pad) % (WOLFMEM_IO_SZ + wolfSSL_MemoryPaddingSz())) != 0) { - return -5113; /* not even chunks of memory for IO size */ + return -6513; /* not even chunks of memory for IO size */ } if (((ret - pad) % WOLFSSL_STATIC_ALIGN) != 0) { - return -5114; /* memory not aligned */ + return -6514; /* memory not aligned */ } /* check for passing bad or unknown argments to functions */ if (wolfSSL_StaticBufferSz(NULL, 1, WOLFMEM_GENERAL) > 0) { - return -5115; + return -6515; } if (wolfSSL_StaticBufferSz(buffer, 1, WOLFMEM_GENERAL) != 0) { - return -5116; /* should round to 0 since struct + bucket will not fit */ + return -6516; /* should round to 0 since struct + bucket will not fit */ } (void)dist; /* avoid static analysis warning of variable not used */ @@ -7898,7 +8240,7 @@ int cert_test(void) tmp = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (tmp == NULL) - return -5200; + return -6600; /* Certificate with Name Constraints extension. */ #ifdef FREESCALE_MQX @@ -7907,14 +8249,14 @@ int cert_test(void) file = fopen("./certs/test/cert-ext-nc.der", "rb"); #endif if (!file) { - ERROR_OUT(-5201, done); + ERROR_OUT(-6601, done); } bytes = fread(tmp, 1, FOURK_BUF, file); fclose(file); InitDecodedCert(&cert, tmp, (word32)bytes, 0); ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, NULL); if (ret != 0) { - ERROR_OUT(-5202, done); + ERROR_OUT(-6602, done); } FreeDecodedCert(&cert); @@ -7925,14 +8267,14 @@ int cert_test(void) file = fopen("./certs/test/cert-ext-ia.der", "rb"); #endif if (!file) { - ERROR_OUT(-5203, done); + ERROR_OUT(-6603, done); } bytes = fread(tmp, 1, FOURK_BUF, file); fclose(file); InitDecodedCert(&cert, tmp, (word32)bytes, 0); ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, NULL); if (ret != 0) { - ERROR_OUT(-5204, done); + ERROR_OUT(-6604, done); } done: @@ -7979,13 +8321,13 @@ int certext_test(void) tmp = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (tmp == NULL) - return -5300; + return -6700; /* load othercert.der (Cert signed by an authority) */ file = fopen(otherCertDerFile, "rb"); if (!file) { XFREE(tmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); - return -5301; + return -6701; } bytes = fread(tmp, 1, FOURK_BUF, file); @@ -7995,34 +8337,34 @@ int certext_test(void) ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, 0); if (ret != 0) - return -5302; + return -6702; /* check the SKID from a RSA certificate */ if (XMEMCMP(skid_rsa, cert.extSubjKeyId, sizeof(cert.extSubjKeyId))) - return -5303; + return -6703; /* check the AKID from an RSA certificate */ if (XMEMCMP(akid_rsa, cert.extAuthKeyId, sizeof(cert.extAuthKeyId))) - return -5304; + return -6704; /* check the Key Usage from an RSA certificate */ if (!cert.extKeyUsageSet) - return -5305; + return -6705; if (cert.extKeyUsage != (KEYUSE_KEY_ENCIPHER|KEYUSE_KEY_AGREE)) - return -5306; + return -6706; /* check the CA Basic Constraints from an RSA certificate */ if (cert.isCA) - return -5307; + return -6707; #ifndef WOLFSSL_SEP /* test only if not using SEP policies */ /* check the Certificate Policies Id */ if (cert.extCertPoliciesNb != 1) - return -5308; + return -6708; if (strncmp(cert.extCertPolicies[0], "2.16.840.1.101.3.4.1.42", 23)) - return -5309; + return -6709; #endif FreeDecodedCert(&cert); @@ -8032,7 +8374,7 @@ int certext_test(void) file = fopen(certEccDerFile, "rb"); if (!file) { XFREE(tmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); - return -5310; + return -6710; } bytes = fread(tmp, 1, FOURK_BUF, file); @@ -8042,35 +8384,35 @@ int certext_test(void) ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, 0); if (ret != 0) - return -5311; + return -6711; /* check the SKID from a ECC certificate - generated dynamically */ /* check the AKID from an ECC certificate */ if (XMEMCMP(akid_ecc, cert.extAuthKeyId, sizeof(cert.extAuthKeyId))) - return -5313; + return -6712; /* check the Key Usage from an ECC certificate */ if (!cert.extKeyUsageSet) - return -5314; + return -6713; if (cert.extKeyUsage != (KEYUSE_DIGITAL_SIG|KEYUSE_CONTENT_COMMIT)) - return -5315; + return -6714; /* check the CA Basic Constraints from an ECC certificate */ if (cert.isCA) - return -5316; + return -6715; #ifndef WOLFSSL_SEP /* test only if not using SEP policies */ /* check the Certificate Policies Id */ if (cert.extCertPoliciesNb != 2) - return -5317; + return -6716; if (strncmp(cert.extCertPolicies[0], "2.4.589440.587.101.2.1.9632587.1", 32)) - return -5318; + return -6717; if (strncmp(cert.extCertPolicies[1], "1.2.13025.489.1.113549", 22)) - return -5319; + return -6718; #endif FreeDecodedCert(&cert); @@ -8080,7 +8422,7 @@ int certext_test(void) file = fopen(certDerFile, "rb"); if (!file) { XFREE(tmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); - return -5320; + return -6719; } bytes = fread(tmp, 1, FOURK_BUF, file); @@ -8090,37 +8432,37 @@ int certext_test(void) ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, 0); if (ret != 0) - return -5321; + return -6720; /* check the SKID from a CA certificate */ if (XMEMCMP(kid_ca, cert.extSubjKeyId, sizeof(cert.extSubjKeyId))) - return -5322; + return -6721; /* check the AKID from an CA certificate */ if (XMEMCMP(kid_ca, cert.extAuthKeyId, sizeof(cert.extAuthKeyId))) - return -5323; + return -6722; /* check the Key Usage from CA certificate */ if (!cert.extKeyUsageSet) - return -5324; + return -6723; if (cert.extKeyUsage != (KEYUSE_KEY_CERT_SIGN|KEYUSE_CRL_SIGN)) - return -5325; + return -6724; /* check the CA Basic Constraints CA certificate */ if (!cert.isCA) - return -5326; + return -6725; #ifndef WOLFSSL_SEP /* test only if not using SEP policies */ /* check the Certificate Policies Id */ if (cert.extCertPoliciesNb != 2) - return -5327; + return -6726; if (strncmp(cert.extCertPolicies[0], "2.16.840.1.101.3.4.1.42", 23)) - return -5328; + return -6727; if (strncmp(cert.extCertPolicies[1], "1.2.840.113549.1.9.16.6.5", 25)) - return -5329; + return -6728; #endif FreeDecodedCert(&cert); @@ -8148,7 +8490,7 @@ static int rsa_flatten_test(RsaKey* key) #else if (ret != BAD_FUNC_ARG) #endif - return -5330; + return -6729; ret = wc_RsaFlattenPublicKey(key, NULL, &eSz, n, &nSz); #ifdef HAVE_USER_RSA /* Implementation using IPP Libraries returns: @@ -8158,7 +8500,7 @@ static int rsa_flatten_test(RsaKey* key) #else if (ret != BAD_FUNC_ARG) #endif - return -5331; + return -6730; ret = wc_RsaFlattenPublicKey(key, e, NULL, n, &nSz); #ifdef HAVE_USER_RSA /* Implementation using IPP Libraries returns: @@ -8168,7 +8510,7 @@ static int rsa_flatten_test(RsaKey* key) #else if (ret != BAD_FUNC_ARG) #endif - return -5332; + return -6731; ret = wc_RsaFlattenPublicKey(key, e, &eSz, NULL, &nSz); #ifdef HAVE_USER_RSA /* Implementation using IPP Libraries returns: @@ -8178,7 +8520,7 @@ static int rsa_flatten_test(RsaKey* key) #else if (ret != BAD_FUNC_ARG) #endif - return -5333; + return -6732; ret = wc_RsaFlattenPublicKey(key, e, &eSz, n, NULL); #ifdef HAVE_USER_RSA /* Implementation using IPP Libraries returns: @@ -8188,10 +8530,10 @@ static int rsa_flatten_test(RsaKey* key) #else if (ret != BAD_FUNC_ARG) #endif - return -5334; + return -6733; ret = wc_RsaFlattenPublicKey(key, e, &eSz, n, &nSz); if (ret != 0) - return -5335; + return -6734; eSz = 0; ret = wc_RsaFlattenPublicKey(key, e, &eSz, n, &nSz); #ifdef HAVE_USER_RSA @@ -8205,7 +8547,7 @@ static int rsa_flatten_test(RsaKey* key) #else if (ret != RSA_BUFFER_E) #endif - return -5336; + return -6735; eSz = sizeof(e); nSz = 0; ret = wc_RsaFlattenPublicKey(key, e, &eSz, n, &nSz); @@ -8217,11 +8559,85 @@ static int rsa_flatten_test(RsaKey* key) #else if (ret != RSA_BUFFER_E) #endif - return -5337; + return -6736; return 0; } +#if !defined(HAVE_FIPS) && !defined(HAVE_USER_RSA) +static int rsa_export_key_test(RsaKey* key) +{ + int ret; + byte e[3]; + word32 eSz = sizeof(e); + byte n[256]; + word32 nSz = sizeof(n); + byte d[256]; + word32 dSz = sizeof(d); + byte p[128]; + word32 pSz = sizeof(p); + byte q[128]; + word32 qSz = sizeof(q); + word32 zero = 0; + + ret = wc_RsaExportKey(NULL, e, &eSz, n, &nSz, d, &dSz, p, &pSz, q, &qSz); + if (ret != BAD_FUNC_ARG) + return -6737; + ret = wc_RsaExportKey(key, NULL, &eSz, n, &nSz, d, &dSz, p, &pSz, q, &qSz); + if (ret != BAD_FUNC_ARG) + return -6738; + ret = wc_RsaExportKey(key, e, NULL, n, &nSz, d, &dSz, p, &pSz, q, &qSz); + if (ret != BAD_FUNC_ARG) + return -6739; + ret = wc_RsaExportKey(key, e, &eSz, NULL, &nSz, d, &dSz, p, &pSz, q, &qSz); + if (ret != BAD_FUNC_ARG) + return -6740; + ret = wc_RsaExportKey(key, e, &eSz, n, NULL, d, &dSz, p, &pSz, q, &qSz); + if (ret != BAD_FUNC_ARG) + return -6741; + ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, NULL, &dSz, p, &pSz, q, &qSz); + if (ret != BAD_FUNC_ARG) + return -6742; + ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, NULL, p, &pSz, q, &qSz); + if (ret != BAD_FUNC_ARG) + return -6743; + ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, NULL, &pSz, q, &qSz); + if (ret != BAD_FUNC_ARG) + return -6744; + ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, NULL, q, &qSz); + if (ret != BAD_FUNC_ARG) + return -6745; + ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, &pSz, NULL, &qSz); + if (ret != BAD_FUNC_ARG) + return -6746; + ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, &pSz, q, NULL); + if (ret != BAD_FUNC_ARG) + return -6747; + + ret = wc_RsaExportKey(key, e, &zero, n, &nSz, d, &dSz, p, &pSz, q, &qSz); + if (ret != RSA_BUFFER_E) + return -6748; + ret = wc_RsaExportKey(key, e, &eSz, n, &zero, d, &dSz, p, &pSz, q, &qSz); + if (ret != RSA_BUFFER_E) + return -6749; + ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &zero, p, &pSz, q, &qSz); + if (ret != RSA_BUFFER_E) + return -6750; + ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, &zero, q, &qSz); + if (ret != RSA_BUFFER_E) + return -6751; + ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, &pSz, q, &zero); + if (ret != RSA_BUFFER_E) + return -6752; + + ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, &pSz, q, &qSz); + if (ret != 0) + return -6753; + + return 0; +} +#endif /* !HAVE_FIPS */ + #ifndef NO_SIG_WRAPPER static int rsa_sig_test(RsaKey* key, word32 keyLen, int modLen, WC_RNG* rng) { @@ -8250,36 +8666,36 @@ static int rsa_sig_test(RsaKey* key, word32 keyLen, int modLen, WC_RNG* rng) /* Parameter Validation testing. */ ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_NONE, key, keyLen); if (ret != BAD_FUNC_ARG) - return -5338; + return -6754; ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_RSA, key, 0); if (ret != BAD_FUNC_ARG) - return -5339; + return -6755; sigSz = (word32)modLen; ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, NULL, inLen, out, &sigSz, key, keyLen, rng); if (ret != BAD_FUNC_ARG) - return -5340; + return -6756; ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, 0, out, &sigSz, key, keyLen, rng); if (ret != BAD_FUNC_ARG) - return -5341; + return -6757; ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, inLen, NULL, &sigSz, key, keyLen, rng); if (ret != BAD_FUNC_ARG) - return -5342; + return -6758; ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, inLen, out, NULL, key, keyLen, rng); if (ret != BAD_FUNC_ARG) - return -5343; + return -6759; ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, inLen, out, &sigSz, NULL, keyLen, rng); if (ret != BAD_FUNC_ARG) - return -5344; + return -6760; ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, inLen, out, &sigSz, key, 0, rng); if (ret != BAD_FUNC_ARG) - return -5345; + return -6761; ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, inLen, out, &sigSz, key, keyLen, NULL); #ifdef HAVE_USER_RSA @@ -8287,7 +8703,7 @@ static int rsa_sig_test(RsaKey* key, word32 keyLen, int modLen, WC_RNG* rng) * -101 = USER_CRYPTO_ERROR */ if (ret == 0) -#elif defined(WOLFSSL_ASYNC_CRYPT) +#elif defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_DEV) /* async may not require RNG */ if (ret != 0 && ret != MISSING_RNG_E) #elif defined(HAVE_FIPS) || defined(WOLFSSL_ASYNC_CRYPT) || \ @@ -8297,79 +8713,79 @@ static int rsa_sig_test(RsaKey* key, word32 keyLen, int modLen, WC_RNG* rng) #else if (ret != MISSING_RNG_E) #endif - return -5346; + return -6762; sigSz = 0; ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, inLen, out, &sigSz, key, keyLen, rng); if (ret != BAD_FUNC_ARG) - return -5347; + return -6763; ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, NULL, inLen, out, (word32)modLen, key, keyLen); if (ret != BAD_FUNC_ARG) - return -5348; + return -6764; ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, 0, out, (word32)modLen, key, keyLen); if (ret != BAD_FUNC_ARG) - return -5349; + return -6765; ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, inLen, NULL, (word32)modLen, key, keyLen); if (ret != BAD_FUNC_ARG) - return -5350; + return -6766; ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, inLen, out, 0, key, keyLen); if (ret != BAD_FUNC_ARG) - return -5351; + return -6767; ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, inLen, out, (word32)modLen, NULL, keyLen); if (ret != BAD_FUNC_ARG) - return -5352; + return -6768; ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, inLen, out, (word32)modLen, key, 0); if (ret != BAD_FUNC_ARG) - return -5353; + return -6769; #ifndef HAVE_ECC ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_ECC, key, keyLen); if (ret != SIG_TYPE_E) - return -5354; + return -6770; #endif /* Use APIs. */ ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_RSA, key, keyLen); if (ret != modLen) - return -5355; + return -6771; ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_RSA_W_ENC, key, keyLen); if (ret != modLen) - return -5356; + return -6772; sigSz = (word32)ret; ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, inLen, out, &sigSz, key, keyLen, rng); if (ret != 0) - return -5357; + return -6773; ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, inLen, out, (word32)modLen, key, keyLen); if (ret != 0) - return -5358; + return -6774; sigSz = (word32)sizeof(out); ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA_W_ENC, in, inLen, out, &sigSz, key, keyLen, rng); if (ret != 0) - return -5359; + return -6775; ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA_W_ENC, in, inLen, out, (word32)modLen, key, keyLen); if (ret != 0) - return -5360; + return -6776; /* Wrong signature type. */ ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, inLen, out, (word32)modLen, key, keyLen); if (ret == 0) - return -5361; + return -6777; /* check hash functions */ @@ -8377,269 +8793,278 @@ static int rsa_sig_test(RsaKey* key, word32 keyLen, int modLen, WC_RNG* rng) ret = wc_SignatureGenerateHash(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, hash, (int)sizeof(hash), out, &sigSz, key, keyLen, rng); if (ret != 0) - return -5362; + return -6778; ret = wc_SignatureVerifyHash(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, hash, (int)sizeof(hash), out, (word32)modLen, key, keyLen); if (ret != 0) - return -5363; + return -6779; sigSz = (word32)sizeof(out); ret = wc_SignatureGenerateHash(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA_W_ENC, hashEnc, (int)sizeof(hashEnc), out, &sigSz, key, keyLen, rng); if (ret != 0) - return -5364; + return -6780; ret = wc_SignatureVerifyHash(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA_W_ENC, hashEnc, (int)sizeof(hashEnc), out, (word32)modLen, key, keyLen); if (ret != 0) - return -5365; + return -6781; return 0; } #endif /* !NO_SIG_WRAPPER */ #ifndef HAVE_USER_RSA -static int rsa_decode_test(void) +static int rsa_decode_test(RsaKey* keyPub) { int ret; word32 inSz; word32 inOutIdx; - RsaKey keyPub; - const byte n[2] = { 0x00, 0x23 }; - const byte e[2] = { 0x00, 0x03 }; - const byte good[] = { 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 }; - const byte goodAlgId[] = { 0x30, 0x0f, 0x30, 0x0d, 0x06, 0x00, + static const byte n[2] = { 0x00, 0x23 }; + static const byte e[2] = { 0x00, 0x03 }; + static const byte good[] = { 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1, + 0x03 }; + static const byte goodAlgId[] = { 0x30, 0x0f, 0x30, 0x0d, 0x06, 0x00, 0x03, 0x09, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 }; - const byte goodAlgIdNull[] = { 0x30, 0x11, 0x30, 0x0f, 0x06, 0x00, + static const byte goodAlgIdNull[] = { 0x30, 0x11, 0x30, 0x0f, 0x06, 0x00, 0x05, 0x00, 0x03, 0x09, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 }; - const byte badAlgIdNull[] = { 0x30, 0x12, 0x30, 0x10, 0x06, 0x00, + static const byte badAlgIdNull[] = { 0x30, 0x12, 0x30, 0x10, 0x06, 0x00, 0x05, 0x01, 0x00, 0x03, 0x09, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 }; - const byte badNotBitString[] = { 0x30, 0x0f, 0x30, 0x0d, 0x06, 0x00, + static const byte badNotBitString[] = { 0x30, 0x0f, 0x30, 0x0d, 0x06, 0x00, 0x04, 0x09, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 }; - const byte badBitStringLen[] = { 0x30, 0x0f, 0x30, 0x0d, 0x06, 0x00, + static const byte badBitStringLen[] = { 0x30, 0x0f, 0x30, 0x0d, 0x06, 0x00, 0x03, 0x0a, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 }; - const byte badNoSeq[] = { 0x30, 0x0d, 0x30, 0x0b, 0x06, 0x00, 0x03, 0x07, - 0x00, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 }; - const byte badNoObj[] = { + static const byte badNoSeq[] = { 0x30, 0x0d, 0x30, 0x0b, 0x06, 0x00, 0x03, + 0x07, 0x00, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 }; + static const byte badNoObj[] = { 0x30, 0x0f, 0x30, 0x0d, 0x05, 0x00, 0x03, 0x09, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 }; - const byte badIntN[] = { 0x30, 0x06, 0x02, 0x05, 0x23, 0x02, 0x1, 0x03 }; - const byte badNotIntE[] = { 0x30, 0x06, 0x02, 0x01, 0x23, 0x04, 0x1, 0x03 }; - const byte badLength[] = { 0x30, 0x04, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 }; - const byte badBitStrNoZero[] = { 0x30, 0x0e, 0x30, 0x0c, 0x06, 0x00, + static const byte badIntN[] = { 0x30, 0x06, 0x02, 0x05, 0x23, 0x02, 0x1, + 0x03 }; + static const byte badNotIntE[] = { 0x30, 0x06, 0x02, 0x01, 0x23, 0x04, 0x1, + 0x03 }; + static const byte badLength[] = { 0x30, 0x04, 0x02, 0x01, 0x23, 0x02, 0x1, + 0x03 }; + static const byte badBitStrNoZero[] = { 0x30, 0x0e, 0x30, 0x0c, 0x06, 0x00, 0x03, 0x08, 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 }; - ret = wc_InitRsaKey(&keyPub, NULL); + ret = wc_InitRsaKey(keyPub, NULL); if (ret != 0) - return -5400; + return -6782; /* Parameter Validation testing. */ - ret = wc_RsaPublicKeyDecodeRaw(NULL, sizeof(n), e, sizeof(e), &keyPub); + ret = wc_RsaPublicKeyDecodeRaw(NULL, sizeof(n), e, sizeof(e), keyPub); if (ret != BAD_FUNC_ARG) { - ret = -5401; + ret = -6783; goto done; } - ret = wc_RsaPublicKeyDecodeRaw(n, sizeof(n), NULL, sizeof(e), &keyPub); + ret = wc_RsaPublicKeyDecodeRaw(n, sizeof(n), NULL, sizeof(e), keyPub); if (ret != BAD_FUNC_ARG) { - ret = -5402; + ret = -6784; goto done; } ret = wc_RsaPublicKeyDecodeRaw(n, sizeof(n), e, sizeof(e), NULL); if (ret != BAD_FUNC_ARG) { - ret = -5403; + ret = -6785; goto done; } /* TODO: probably should fail when length is -1! */ - ret = wc_RsaPublicKeyDecodeRaw(n, (word32)-1, e, sizeof(e), &keyPub); + ret = wc_RsaPublicKeyDecodeRaw(n, (word32)-1, e, sizeof(e), keyPub); if (ret != 0) { - ret = -5404; + ret = -6786; goto done; } - wc_FreeRsaKey(&keyPub); - ret = wc_InitRsaKey(&keyPub, NULL); + wc_FreeRsaKey(keyPub); + ret = wc_InitRsaKey(keyPub, NULL); if (ret != 0) - return -5405; - ret = wc_RsaPublicKeyDecodeRaw(n, sizeof(n), e, (word32)-1, &keyPub); + return -6787; + ret = wc_RsaPublicKeyDecodeRaw(n, sizeof(n), e, (word32)-1, keyPub); if (ret != 0) { - ret = -5406; + ret = -6788; goto done; } - wc_FreeRsaKey(&keyPub); - ret = wc_InitRsaKey(&keyPub, NULL); + wc_FreeRsaKey(keyPub); + ret = wc_InitRsaKey(keyPub, NULL); if (ret != 0) - return -5407; + return -6789; /* Use API. */ - ret = wc_RsaPublicKeyDecodeRaw(n, sizeof(n), e, sizeof(e), &keyPub); + ret = wc_RsaPublicKeyDecodeRaw(n, sizeof(n), e, sizeof(e), keyPub); if (ret != 0) { - ret = -5408; + ret = -6790; goto done; } - wc_FreeRsaKey(&keyPub); - ret = wc_InitRsaKey(&keyPub, NULL); + wc_FreeRsaKey(keyPub); + ret = wc_InitRsaKey(keyPub, NULL); if (ret != 0) - return -5409; + return -6791; /* Parameter Validation testing. */ inSz = sizeof(good); - ret = wc_RsaPublicKeyDecode(NULL, &inOutIdx, &keyPub, inSz); + ret = wc_RsaPublicKeyDecode(NULL, &inOutIdx, keyPub, inSz); if (ret != BAD_FUNC_ARG) { - ret = -5410; + ret = -6792; goto done; } - ret = wc_RsaPublicKeyDecode(good, NULL, &keyPub, inSz); + ret = wc_RsaPublicKeyDecode(good, NULL, keyPub, inSz); if (ret != BAD_FUNC_ARG) { - ret = -5411; + ret = -6793; goto done; } ret = wc_RsaPublicKeyDecode(good, &inOutIdx, NULL, inSz); if (ret != BAD_FUNC_ARG) { - ret = -5412; + ret = -6794; goto done; } /* Use good data and offest to bad data. */ inOutIdx = 2; inSz = sizeof(good) - inOutIdx; - ret = wc_RsaPublicKeyDecode(good, &inOutIdx, &keyPub, inSz); + ret = wc_RsaPublicKeyDecode(good, &inOutIdx, keyPub, inSz); if (ret != ASN_PARSE_E) { - ret = -5413; + ret = -6795; goto done; } inOutIdx = 2; inSz = sizeof(goodAlgId) - inOutIdx; - ret = wc_RsaPublicKeyDecode(goodAlgId, &inOutIdx, &keyPub, inSz); + ret = wc_RsaPublicKeyDecode(goodAlgId, &inOutIdx, keyPub, inSz); if (ret != ASN_PARSE_E) { - ret = -5414; + ret = -6796; + goto done; + } + inOutIdx = 2; + inSz = sizeof(goodAlgId); + ret = wc_RsaPublicKeyDecode(goodAlgId, &inOutIdx, keyPub, inSz); + if (ret != ASN_PARSE_E) { + ret = -6797; goto done; } /* Try different bad data. */ inSz = sizeof(badAlgIdNull); inOutIdx = 0; - ret = wc_RsaPublicKeyDecode(badAlgIdNull, &inOutIdx, &keyPub, inSz); + ret = wc_RsaPublicKeyDecode(badAlgIdNull, &inOutIdx, keyPub, inSz); if (ret != ASN_EXPECT_0_E) { - ret = -5415; + ret = -6798; goto done; } inSz = sizeof(badNotBitString); inOutIdx = 0; - ret = wc_RsaPublicKeyDecode(badNotBitString, &inOutIdx, &keyPub, inSz); + ret = wc_RsaPublicKeyDecode(badNotBitString, &inOutIdx, keyPub, inSz); if (ret != ASN_BITSTR_E) { - ret = -5416; + ret = -6799; goto done; } inSz = sizeof(badBitStringLen); inOutIdx = 0; - ret = wc_RsaPublicKeyDecode(badBitStringLen, &inOutIdx, &keyPub, inSz); + ret = wc_RsaPublicKeyDecode(badBitStringLen, &inOutIdx, keyPub, inSz); if (ret != ASN_PARSE_E) { - ret = -5417; + ret = -6800; goto done; } inSz = sizeof(badNoSeq); inOutIdx = 0; - ret = wc_RsaPublicKeyDecode(badNoSeq, &inOutIdx, &keyPub, inSz); + ret = wc_RsaPublicKeyDecode(badNoSeq, &inOutIdx, keyPub, inSz); if (ret != ASN_PARSE_E) { - ret = -5418; + ret = -6801; goto done; } inSz = sizeof(badNoObj); inOutIdx = 0; - ret = wc_RsaPublicKeyDecode(badNoObj, &inOutIdx, &keyPub, inSz); + ret = wc_RsaPublicKeyDecode(badNoObj, &inOutIdx, keyPub, inSz); if (ret != ASN_PARSE_E) { - ret = -5419; + ret = -6802; goto done; } inSz = sizeof(badIntN); inOutIdx = 0; - ret = wc_RsaPublicKeyDecode(badIntN, &inOutIdx, &keyPub, inSz); + ret = wc_RsaPublicKeyDecode(badIntN, &inOutIdx, keyPub, inSz); if (ret != ASN_RSA_KEY_E) { - ret = -5420; + ret = -6803; goto done; } inSz = sizeof(badNotIntE); inOutIdx = 0; - ret = wc_RsaPublicKeyDecode(badNotIntE, &inOutIdx, &keyPub, inSz); + ret = wc_RsaPublicKeyDecode(badNotIntE, &inOutIdx, keyPub, inSz); if (ret != ASN_RSA_KEY_E) { - ret = -5421; + ret = -6804; goto done; } /* TODO: Shouldn't pass as the sequence length is too small. */ inSz = sizeof(badLength); inOutIdx = 0; - ret = wc_RsaPublicKeyDecode(badLength, &inOutIdx, &keyPub, inSz); + ret = wc_RsaPublicKeyDecode(badLength, &inOutIdx, keyPub, inSz); if (ret != 0) { - ret = -5422; + ret = -6805; goto done; } /* TODO: Shouldn't ignore object id's data. */ - wc_FreeRsaKey(&keyPub); - ret = wc_InitRsaKey(&keyPub, NULL); + wc_FreeRsaKey(keyPub); + ret = wc_InitRsaKey(keyPub, NULL); if (ret != 0) - return -5423; + return -6806; + + inSz = sizeof(badBitStrNoZero); + inOutIdx = 0; + ret = wc_RsaPublicKeyDecode(badBitStrNoZero, &inOutIdx, keyPub, inSz); + if (ret != ASN_EXPECT_0_E) { + ret = -6807; + goto done; + } + wc_FreeRsaKey(keyPub); + ret = wc_InitRsaKey(keyPub, NULL); + if (ret != 0) + return -6808; /* Valid data cases. */ inSz = sizeof(good); inOutIdx = 0; - ret = wc_RsaPublicKeyDecode(good, &inOutIdx, &keyPub, inSz); + ret = wc_RsaPublicKeyDecode(good, &inOutIdx, keyPub, inSz); if (ret != 0) { - ret = -5424; + ret = -6809; goto done; } if (inOutIdx != inSz) { - ret = -5425; + ret = -6810; goto done; } - wc_FreeRsaKey(&keyPub); - ret = wc_InitRsaKey(&keyPub, NULL); + wc_FreeRsaKey(keyPub); + ret = wc_InitRsaKey(keyPub, NULL); if (ret != 0) - return -5426; + return -6811; inSz = sizeof(goodAlgId); inOutIdx = 0; - ret = wc_RsaPublicKeyDecode(goodAlgId, &inOutIdx, &keyPub, inSz); + ret = wc_RsaPublicKeyDecode(goodAlgId, &inOutIdx, keyPub, inSz); if (ret != 0) { - ret = -5427; + ret = -6812; goto done; } if (inOutIdx != inSz) { - ret = -5428; + ret = -6813; goto done; } - wc_FreeRsaKey(&keyPub); - ret = wc_InitRsaKey(&keyPub, NULL); + wc_FreeRsaKey(keyPub); + ret = wc_InitRsaKey(keyPub, NULL); if (ret != 0) - return -5429; + return -6814; inSz = sizeof(goodAlgIdNull); inOutIdx = 0; - ret = wc_RsaPublicKeyDecode(goodAlgIdNull, &inOutIdx, &keyPub, inSz); + ret = wc_RsaPublicKeyDecode(goodAlgIdNull, &inOutIdx, keyPub, inSz); if (ret != 0) { - ret = -5430; + ret = -6815; goto done; } if (inOutIdx != inSz) { - ret = -5431; + ret = -6816; goto done; } - wc_FreeRsaKey(&keyPub); - ret = wc_InitRsaKey(&keyPub, NULL); - if (ret != 0) - return -5432; - - inSz = sizeof(badBitStrNoZero); - inOutIdx = 0; - ret = wc_RsaPublicKeyDecode(badBitStrNoZero, &inOutIdx, &keyPub, inSz); - if (ret != ASN_EXPECT_0_E) { - ret = -5433; - goto done; - } - ret = 0; done: - wc_FreeRsaKey(&keyPub); + wc_FreeRsaKey(keyPub); return ret; } #endif @@ -8701,7 +9126,7 @@ static int rsa_pss_test(WC_RNG* rng, RsaKey* key) /* Calculate hash of message. */ ret = wc_Hash(hash[j], in, inLen, digest, sizeof(digest)); if (ret != 0) - ERROR_OUT(-5450, exit_rsa_pss); + ERROR_OUT(-6817, exit_rsa_pss); digestSz = wc_HashGetDigestSize(hash[j]); for (i = 0; i < (int)(sizeof(mgf)/sizeof(*mgf)); i++) { @@ -8717,7 +9142,7 @@ static int rsa_pss_test(WC_RNG* rng, RsaKey* key) } } while (ret == WC_PENDING_E); if (ret <= 0) - ERROR_OUT(-5451, exit_rsa_pss); + ERROR_OUT(-6818, exit_rsa_pss); outSz = ret; XMEMCPY(sig, out, outSz); @@ -8734,13 +9159,13 @@ static int rsa_pss_test(WC_RNG* rng, RsaKey* key) } } while (ret == WC_PENDING_E); if (ret <= 0) - ERROR_OUT(-5452, exit_rsa_pss); + ERROR_OUT(-6819, exit_rsa_pss); plainSz = ret; ret = wc_RsaPSS_CheckPadding(digest, digestSz, plain, plainSz, hash[j]); if (ret != 0) - ERROR_OUT(-5453, exit_rsa_pss); + ERROR_OUT(-6820, exit_rsa_pss); #ifdef RSA_PSS_TEST_WRONG_PARAMS for (k = 0; k < (int)(sizeof(mgf)/sizeof(*mgf)); k++) { @@ -8761,7 +9186,7 @@ static int rsa_pss_test(WC_RNG* rng, RsaKey* key) } } while (ret == WC_PENDING_E); if (ret >= 0) - ERROR_OUT(-5454, exit_rsa_pss); + ERROR_OUT(-6821, exit_rsa_pss); } } #endif @@ -8782,7 +9207,7 @@ static int rsa_pss_test(WC_RNG* rng, RsaKey* key) } } while (ret == WC_PENDING_E); if (ret <= 0) - ERROR_OUT(-5460, exit_rsa_pss); + ERROR_OUT(-6822, exit_rsa_pss); outSz = ret; do { @@ -8796,7 +9221,7 @@ static int rsa_pss_test(WC_RNG* rng, RsaKey* key) } } while (ret == WC_PENDING_E); if (ret <= 0) - ERROR_OUT(-5461, exit_rsa_pss); + ERROR_OUT(-6823, exit_rsa_pss); plainSz = ret; do { @@ -8810,7 +9235,7 @@ static int rsa_pss_test(WC_RNG* rng, RsaKey* key) } } while (ret == WC_PENDING_E); if (ret != 0) - ERROR_OUT(-5462, exit_rsa_pss); + ERROR_OUT(-6824, exit_rsa_pss); XMEMCPY(sig, out, outSz); plain = NULL; @@ -8825,13 +9250,13 @@ static int rsa_pss_test(WC_RNG* rng, RsaKey* key) } } while (ret == WC_PENDING_E); if (ret <= 0) - ERROR_OUT(-5463, exit_rsa_pss); + ERROR_OUT(-6825, exit_rsa_pss); plainSz = ret; ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz, hash[0], 0); if (ret != 0) - ERROR_OUT(-5464, exit_rsa_pss); + ERROR_OUT(-6826, exit_rsa_pss); /* Test bad salt lengths in various APIs. */ digestSz = wc_HashGetDigestSize(hash[0]); @@ -8847,7 +9272,7 @@ static int rsa_pss_test(WC_RNG* rng, RsaKey* key) } } while (ret == WC_PENDING_E); if (ret != PSS_SALTLEN_E) - ERROR_OUT(-5470, exit_rsa_pss); + ERROR_OUT(-6827, exit_rsa_pss); do { #if defined(WOLFSSL_ASYNC_CRYPT) @@ -8860,7 +9285,7 @@ static int rsa_pss_test(WC_RNG* rng, RsaKey* key) } } while (ret == WC_PENDING_E); if (ret != PSS_SALTLEN_E) - ERROR_OUT(-5471, exit_rsa_pss); + ERROR_OUT(-6828, exit_rsa_pss); do { #if defined(WOLFSSL_ASYNC_CRYPT) @@ -8873,7 +9298,7 @@ static int rsa_pss_test(WC_RNG* rng, RsaKey* key) } } while (ret == WC_PENDING_E); if (ret != PSS_SALTLEN_E) - ERROR_OUT(-5472, exit_rsa_pss); + ERROR_OUT(-6829, exit_rsa_pss); do { #if defined(WOLFSSL_ASYNC_CRYPT) @@ -8886,16 +9311,16 @@ static int rsa_pss_test(WC_RNG* rng, RsaKey* key) } } while (ret == WC_PENDING_E); if (ret != PSS_SALTLEN_E) - ERROR_OUT(-5473, exit_rsa_pss); + ERROR_OUT(-6830, exit_rsa_pss); ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz, hash[0], -2); if (ret != PSS_SALTLEN_E) - ERROR_OUT(-5474, exit_rsa_pss); + ERROR_OUT(-6831, exit_rsa_pss); ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz, hash[0], digestSz + 1); if (ret != PSS_SALTLEN_E) - ERROR_OUT(-5475, exit_rsa_pss); + ERROR_OUT(-6832, exit_rsa_pss); ret = 0; exit_rsa_pss: @@ -8946,7 +9371,7 @@ int rsa_no_pad_test(void) || out == NULL || plain == NULL #endif ) { - return -500; + return -6900; } #ifdef USE_CERT_BUFFERS_1024 @@ -8958,23 +9383,23 @@ int rsa_no_pad_test(void) if (!file) { err_sys("can't open ./certs/client-key.der, " "Please run from wolfSSL home dir", -40); - ERROR_OUT(-501, exit_rsa_nopadding); + ERROR_OUT(-6901, exit_rsa_nopadding); } bytes = fread(tmp, 1, FOURK_BUF, file); fclose(file); #else /* No key to use. */ - ERROR_OUT(-502, exit_rsa_nopadding); + ERROR_OUT(-6902, exit_rsa_nopadding); #endif /* USE_CERT_BUFFERS */ ret = wc_InitRsaKey_ex(&key, HEAP_HINT, devId); if (ret != 0) { - ERROR_OUT(-503, exit_rsa_nopadding); + ERROR_OUT(-6903, exit_rsa_nopadding); } ret = wc_RsaPrivateKeyDecode(tmp, &idx, &key, (word32)bytes); if (ret != 0) { - ERROR_OUT(-504, exit_rsa_nopadding); + ERROR_OUT(-6904, exit_rsa_nopadding); } /* after loading in key use tmp as the test buffer */ @@ -8985,7 +9410,7 @@ int rsa_no_pad_test(void) ret = wc_InitRng(&rng); #endif if (ret != 0) { - ERROR_OUT(-505, exit_rsa_nopadding); + ERROR_OUT(-6905, exit_rsa_nopadding); } inLen = wc_RsaEncryptSize(&key); @@ -9000,12 +9425,12 @@ int rsa_no_pad_test(void) } } while (ret == WC_PENDING_E); if (ret <= 0) { - ERROR_OUT(-506, exit_rsa_nopadding); + ERROR_OUT(-6906, exit_rsa_nopadding); } /* encrypted result should not be the same as input */ if (XMEMCMP(out, tmp, inLen) == 0) { - ERROR_OUT(-507, exit_rsa_nopadding); + ERROR_OUT(-6907, exit_rsa_nopadding); } /* decrypt with public key and compare result */ @@ -9019,17 +9444,22 @@ int rsa_no_pad_test(void) } } while (ret == WC_PENDING_E); if (ret <= 0) { - ERROR_OUT(-508, exit_rsa_nopadding); + ERROR_OUT(-6908, exit_rsa_nopadding); } if (XMEMCMP(plain, tmp, inLen) != 0) { - ERROR_OUT(-509, exit_rsa_nopadding); + ERROR_OUT(-6909, exit_rsa_nopadding); } #ifdef WC_RSA_BLINDING + ret = wc_RsaSetRNG(NULL, &rng); + if (ret != BAD_FUNC_ARG) { + ERROR_OUT(-6910, exit_rsa_nopadding); + } + ret = wc_RsaSetRNG(&key, &rng); if (ret < 0) { - ERROR_OUT(-510, exit_rsa_nopadding); + ERROR_OUT(-6911, exit_rsa_nopadding); } #endif @@ -9044,7 +9474,7 @@ int rsa_no_pad_test(void) } } while (ret == WC_PENDING_E); if (ret < 0) { - ERROR_OUT(-511, exit_rsa_nopadding); + ERROR_OUT(-6912, exit_rsa_nopadding); } do { @@ -9057,36 +9487,36 @@ int rsa_no_pad_test(void) } } while (ret == WC_PENDING_E); if (ret < 0) { - ERROR_OUT(-512, exit_rsa_nopadding); + ERROR_OUT(-6913, exit_rsa_nopadding); } if (XMEMCMP(plain, tmp, inLen) != 0) { - ERROR_OUT(-513, exit_rsa_nopadding); + ERROR_OUT(-6914, exit_rsa_nopadding); } /* test some bad arguments */ ret = wc_RsaDirect(out, outSz, plain, &plainSz, &key, -1, &rng); if (ret != BAD_FUNC_ARG) { - ERROR_OUT(-514, exit_rsa_nopadding); + ERROR_OUT(-6915, exit_rsa_nopadding); } ret = wc_RsaDirect(out, outSz, plain, &plainSz, NULL, RSA_PUBLIC_DECRYPT, &rng); if (ret != BAD_FUNC_ARG) { - ERROR_OUT(-515, exit_rsa_nopadding); + ERROR_OUT(-6916, exit_rsa_nopadding); } ret = wc_RsaDirect(out, outSz, NULL, &plainSz, &key, RSA_PUBLIC_DECRYPT, &rng); if (ret != LENGTH_ONLY_E || plainSz != inLen) { - ERROR_OUT(-516, exit_rsa_nopadding); + ERROR_OUT(-6917, exit_rsa_nopadding); } ret = wc_RsaDirect(out, outSz - 10, plain, &plainSz, &key, RSA_PUBLIC_DECRYPT, &rng); if (ret != BAD_FUNC_ARG) { - ERROR_OUT(-517, exit_rsa_nopadding); + ERROR_OUT(-6918, exit_rsa_nopadding); } /* if making it to this point of code without hitting an ERROR_OUT then @@ -9101,6 +9531,574 @@ exit_rsa_nopadding: } #endif /* WC_RSA_NO_PADDING */ +#ifdef WOLFSSL_CERT_GEN +static int rsa_certgen_test(RsaKey* key, RsaKey* keypub, WC_RNG* rng, byte* tmp) +{ + RsaKey caKey; + byte* der = NULL; + byte* pem = NULL; + int ret; + Cert* myCert = NULL; + int certSz; + size_t bytes3; + word32 idx3 = 0; +#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) + FILE* file3; +#endif +#ifdef WOLFSSL_TEST_CERT + DecodedCert decode; +#endif +#if defined(WOLFSSL_ALT_NAMES) && !defined(NO_ASN_TIME) + struct tm beforeTime; + struct tm afterTime; +#endif + const byte mySerial[8] = {1,2,3,4,5,6,7,8}; + + (void)keypub; + + XMEMSET(&caKey, 0, sizeof(caKey)); + + der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (der == NULL) { + ERROR_OUT(-6919, exit_rsa); + } + pem = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,DYNAMIC_TYPE_TMP_BUFFER); + if (pem == NULL) { + ERROR_OUT(-6920, exit_rsa); + } + myCert = (Cert*)XMALLOC(sizeof(Cert), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (myCert == NULL) { + ERROR_OUT(-6921, exit_rsa); + } + + /* self signed */ + if (wc_InitCert(myCert)) { + ERROR_OUT(-6922, exit_rsa); + } + + XMEMCPY(&myCert->subject, &certDefaultName, sizeof(CertName)); + XMEMCPY(myCert->serial, mySerial, sizeof(mySerial)); + myCert->serialSz = (int)sizeof(mySerial); + myCert->isCA = 1; +#ifndef NO_SHA256 + myCert->sigType = CTC_SHA256wRSA; +#else + myCert->sigType = CTC_SHAwRSA; +#endif + + +#ifdef WOLFSSL_CERT_EXT + /* add Policies */ + XSTRNCPY(myCert->certPolicies[0], "2.16.840.1.101.3.4.1.42", + CTC_MAX_CERTPOL_SZ); + XSTRNCPY(myCert->certPolicies[1], "1.2.840.113549.1.9.16.6.5", + CTC_MAX_CERTPOL_SZ); + myCert->certPoliciesNb = 2; + + /* add SKID from the Public Key */ + if (wc_SetSubjectKeyIdFromPublicKey(myCert, keypub, NULL) != 0) { + ERROR_OUT(-6923, exit_rsa); + } + + /* add AKID from the Public Key */ + if (wc_SetAuthKeyIdFromPublicKey(myCert, keypub, NULL) != 0) { + ERROR_OUT(-6924, exit_rsa); + } + + /* add Key Usage */ + if (wc_SetKeyUsage(myCert,"cRLSign,keyCertSign") != 0) { + ERROR_OUT(-6925, exit_rsa); + } +#ifdef WOLFSSL_EKU_OID + { + const char unique[] = "2.16.840.1.111111.100.1.10.1"; + if (wc_SetExtKeyUsageOID(myCert, unique, sizeof(unique), 0, + HEAP_HINT) != 0) { + ERROR_OUT(-6926, exit_rsa); + } + } +#endif /* WOLFSSL_EKU_OID */ +#endif /* WOLFSSL_CERT_EXT */ + + ret = 0; + do { +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); +#endif + if (ret >= 0) { + ret = wc_MakeSelfCert(myCert, der, FOURK_BUF, key, rng); + } + } while (ret == WC_PENDING_E); + if (ret < 0) { + ERROR_OUT(-6927, exit_rsa); + } + certSz = ret; + +#ifdef WOLFSSL_TEST_CERT + InitDecodedCert(&decode, der, certSz, HEAP_HINT); + ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0); + if (ret != 0) { + FreeDecodedCert(&decode); + ERROR_OUT(-6928, exit_rsa); + } + FreeDecodedCert(&decode); +#endif + + ret = SaveDerAndPem(der, certSz, pem, FOURK_BUF, certDerFile, + certPemFile, CERT_TYPE, -5578); + if (ret != 0) { + goto exit_rsa; + } + + /* Setup Certificate */ + if (wc_InitCert(myCert)) { + ERROR_OUT(-6929, exit_rsa); + } + +#ifdef WOLFSSL_ALT_NAMES + /* Get CA Cert for testing */ + #ifdef USE_CERT_BUFFERS_1024 + XMEMCPY(tmp, ca_cert_der_1024, sizeof_ca_cert_der_1024); + bytes3 = sizeof_ca_cert_der_1024; + #elif defined(USE_CERT_BUFFERS_2048) + XMEMCPY(tmp, ca_cert_der_2048, sizeof_ca_cert_der_2048); + bytes3 = sizeof_ca_cert_der_2048; + #else + file3 = fopen(rsaCaCertDerFile, "rb"); + if (!file3) { + ERROR_OUT(-6930, exit_rsa); + } + bytes3 = fread(tmp, 1, FOURK_BUF, file3); + fclose(file3); + #endif /* USE_CERT_BUFFERS */ + + #ifndef NO_FILESYSTEM + ret = wc_SetAltNames(myCert, rsaCaCertFile); + if (ret != 0) { + ERROR_OUT(-6931, exit_rsa); + } + #endif + /* get alt names from der */ + ret = wc_SetAltNamesBuffer(myCert, tmp, (int)bytes3); + if (ret != 0) { + ERROR_OUT(-6932, exit_rsa); + } + + /* get dates from der */ + ret = wc_SetDatesBuffer(myCert, tmp, (int)bytes3); + if (ret != 0) { + ERROR_OUT(-6933, exit_rsa); + } + + #ifndef NO_ASN_TIME + ret = wc_GetCertDates(myCert, &beforeTime, &afterTime); + if (ret < 0) { + ERROR_OUT(-6934, exit_rsa); + } + #endif +#endif /* WOLFSSL_ALT_NAMES */ + + /* Get CA Key */ +#ifdef USE_CERT_BUFFERS_1024 + XMEMCPY(tmp, ca_key_der_1024, sizeof_ca_key_der_1024); + bytes3 = sizeof_ca_key_der_1024; +#elif defined(USE_CERT_BUFFERS_2048) + XMEMCPY(tmp, ca_key_der_2048, sizeof_ca_key_der_2048); + bytes3 = sizeof_ca_key_der_2048; +#else + file3 = fopen(rsaCaKeyFile, "rb"); + if (!file3) { + ERROR_OUT(-6935, exit_rsa); + } + + bytes3 = fread(tmp, 1, FOURK_BUF, file3); + fclose(file3); +#endif /* USE_CERT_BUFFERS */ + + ret = wc_InitRsaKey(&caKey, HEAP_HINT); + if (ret != 0) { + ERROR_OUT(-6936, exit_rsa); + } + ret = wc_RsaPrivateKeyDecode(tmp, &idx3, &caKey, (word32)bytes3); + if (ret != 0) { + ERROR_OUT(-6937, exit_rsa); + } + +#ifndef NO_SHA256 + myCert->sigType = CTC_SHA256wRSA; +#else + myCert->sigType = CTC_SHAwRSA; +#endif + + XMEMCPY(&myCert->subject, &certDefaultName, sizeof(CertName)); + +#ifdef WOLFSSL_CERT_EXT + /* add Policies */ + XSTRNCPY(myCert->certPolicies[0], "2.16.840.1.101.3.4.1.42", + CTC_MAX_CERTPOL_SZ); + myCert->certPoliciesNb =1; + + /* add SKID from the Public Key */ + if (wc_SetSubjectKeyIdFromPublicKey(myCert, key, NULL) != 0) { + ERROR_OUT(-6938, exit_rsa); + } + + /* add AKID from the CA certificate */ +#if defined(USE_CERT_BUFFERS_2048) + ret = wc_SetAuthKeyIdFromCert(myCert, ca_cert_der_2048, + sizeof_ca_cert_der_2048); +#elif defined(USE_CERT_BUFFERS_1024) + ret = wc_SetAuthKeyIdFromCert(myCert, ca_cert_der_1024, + sizeof_ca_cert_der_1024); +#else + ret = wc_SetAuthKeyId(myCert, rsaCaCertFile); +#endif + if (ret != 0) { + ERROR_OUT(-6939, exit_rsa); + } + + /* add Key Usage */ + if (wc_SetKeyUsage(myCert,"keyEncipherment,keyAgreement") != 0) { + ERROR_OUT(-6940, exit_rsa); + } +#endif /* WOLFSSL_CERT_EXT */ + +#if defined(USE_CERT_BUFFERS_2048) + ret = wc_SetIssuerBuffer(myCert, ca_cert_der_2048, + sizeof_ca_cert_der_2048); +#elif defined(USE_CERT_BUFFERS_1024) + ret = wc_SetIssuerBuffer(myCert, ca_cert_der_1024, + sizeof_ca_cert_der_1024); +#else + ret = wc_SetIssuer(myCert, rsaCaCertFile); +#endif + if (ret < 0) { + ERROR_OUT(-6941, exit_rsa); + } + + certSz = wc_MakeCert(myCert, der, FOURK_BUF, key, NULL, rng); + if (certSz < 0) { + ERROR_OUT(-6942, exit_rsa); + } + + ret = 0; + do { + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &caKey.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); + #endif + if (ret >= 0) { + ret = wc_SignCert(myCert->bodySz, myCert->sigType, der, FOURK_BUF, + &caKey, NULL, rng); + } + } while (ret == WC_PENDING_E); + if (ret < 0) { + ERROR_OUT(-6943, exit_rsa); + } + certSz = ret; + +#ifdef WOLFSSL_TEST_CERT + InitDecodedCert(&decode, der, certSz, HEAP_HINT); + ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0); + if (ret != 0) { + FreeDecodedCert(&decode); + ERROR_OUT(-6944, exit_rsa); + } + FreeDecodedCert(&decode); +#endif + + ret = SaveDerAndPem(der, certSz, pem, FOURK_BUF, otherCertDerFile, + otherCertPemFile, CERT_TYPE, -5598); + if (ret != 0) { + goto exit_rsa; + } + +exit_rsa: + wc_FreeRsaKey(&caKey); + + XFREE(myCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + myCert = NULL; + XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + pem = NULL; + XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + der = NULL; + + return ret; +} +#endif + +#if !defined(NO_RSA) && defined(HAVE_ECC) && defined(WOLFSSL_CERT_GEN) +/* Make Cert / Sign example for ECC cert and RSA CA */ +static int rsa_ecc_certgen_test(WC_RNG* rng, byte* tmp) +{ + RsaKey caKey; + ecc_key caEccKey; + ecc_key caEccKeyPub; + byte* der = NULL; + byte* pem = NULL; + Cert* myCert = NULL; + int certSz; + size_t bytes3; + word32 idx3 = 0; +#if (!defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)) \ + || !defined(USE_CERT_BUFFERS_256) + FILE* file3; +#endif +#ifdef WOLFSSL_TEST_CERT + DecodedCert decode; +#endif + int ret; + + XMEMSET(&caKey, 0, sizeof(caKey)); + XMEMSET(&caEccKey, 0, sizeof(caEccKey)); + XMEMSET(&caEccKeyPub, 0, sizeof(caEccKeyPub)); + + der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (der == NULL) { + ERROR_OUT(-6945, exit_rsa); + } + pem = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (pem == NULL) { + ERROR_OUT(-6946, exit_rsa); + } + myCert = (Cert*)XMALLOC(sizeof(Cert), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (myCert == NULL) { + ERROR_OUT(-6947, exit_rsa); + } + + /* Get CA Key */ +#ifdef USE_CERT_BUFFERS_1024 + XMEMCPY(tmp, ca_key_der_1024, sizeof_ca_key_der_1024); + bytes3 = sizeof_ca_key_der_1024; +#elif defined(USE_CERT_BUFFERS_2048) + XMEMCPY(tmp, ca_key_der_2048, sizeof_ca_key_der_2048); + bytes3 = sizeof_ca_key_der_2048; +#else + file3 = fopen(rsaCaKeyFile, "rb"); + if (!file3) { + ERROR_OUT(-6948, exit_rsa); + } + + bytes3 = fread(tmp, 1, FOURK_BUF, file3); + fclose(file3); +#endif /* USE_CERT_BUFFERS */ + + ret = wc_InitRsaKey(&caKey, HEAP_HINT); + if (ret != 0) { + ERROR_OUT(-6949, exit_rsa); + } + ret = wc_RsaPrivateKeyDecode(tmp, &idx3, &caKey, (word32)bytes3); + if (ret != 0) { + ERROR_OUT(-6950, exit_rsa); + } + + /* Get Cert Key */ +#ifdef USE_CERT_BUFFERS_256 + XMEMCPY(tmp, ecc_key_pub_der_256, sizeof_ecc_key_pub_der_256); + bytes3 = sizeof_ecc_key_pub_der_256; +#else + file3 = fopen(eccKeyPubFile, "rb"); + if (!file3) { + ERROR_OUT(-6951, exit_rsa); + } + + bytes3 = fread(tmp, 1, FOURK_BUF, file3); + fclose(file3); +#endif + + ret = wc_ecc_init_ex(&caEccKeyPub, HEAP_HINT, devId); + if (ret != 0) { + ERROR_OUT(-6952, exit_rsa); + } + + idx3 = 0; + ret = wc_EccPublicKeyDecode(tmp, &idx3, &caEccKeyPub, (word32)bytes3); + if (ret != 0) { + ERROR_OUT(-6953, exit_rsa); + } + + /* Setup Certificate */ + if (wc_InitCert(myCert)) { + ERROR_OUT(-6954, exit_rsa); + } + +#ifndef NO_SHA256 + myCert->sigType = CTC_SHA256wRSA; +#else + myCert->sigType = CTC_SHAwRSA; +#endif + + XMEMCPY(&myCert->subject, &certDefaultName, sizeof(CertName)); + +#ifdef WOLFSSL_CERT_EXT + /* add Policies */ + XSTRNCPY(myCert->certPolicies[0], "2.4.589440.587.101.2.1.9632587.1", + CTC_MAX_CERTPOL_SZ); + XSTRNCPY(myCert->certPolicies[1], "1.2.13025.489.1.113549", + CTC_MAX_CERTPOL_SZ); + myCert->certPoliciesNb = 2; + + /* add SKID from the Public Key */ + if (wc_SetSubjectKeyIdFromPublicKey(myCert, NULL, &caEccKeyPub) != 0) { + ERROR_OUT(-6955, exit_rsa); + } + + /* add AKID from the CA certificate */ +#if defined(USE_CERT_BUFFERS_2048) + ret = wc_SetAuthKeyIdFromCert(myCert, ca_cert_der_2048, + sizeof_ca_cert_der_2048); +#elif defined(USE_CERT_BUFFERS_1024) + ret = wc_SetAuthKeyIdFromCert(myCert, ca_cert_der_1024, + sizeof_ca_cert_der_1024); +#else + ret = wc_SetAuthKeyId(myCert, rsaCaCertFile); +#endif + if (ret != 0) { + ERROR_OUT(-6956, exit_rsa); + } + + /* add Key Usage */ + if (wc_SetKeyUsage(myCert, certKeyUsage) != 0) { + ERROR_OUT(-6957, exit_rsa); + } +#endif /* WOLFSSL_CERT_EXT */ + +#if defined(USE_CERT_BUFFERS_2048) + ret = wc_SetIssuerBuffer(myCert, ca_cert_der_2048, + sizeof_ca_cert_der_2048); +#elif defined(USE_CERT_BUFFERS_1024) + ret = wc_SetIssuerBuffer(myCert, ca_cert_der_1024, + sizeof_ca_cert_der_1024); +#else + ret = wc_SetIssuer(myCert, rsaCaCertFile); +#endif + if (ret < 0) { + ERROR_OUT(-6958, exit_rsa); + } + + certSz = wc_MakeCert(myCert, der, FOURK_BUF, NULL, &caEccKeyPub, rng); + if (certSz < 0) { + ERROR_OUT(-6959, exit_rsa); + } + + ret = 0; + do { + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &caEccKey.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); + #endif + if (ret >= 0) { + ret = wc_SignCert(myCert->bodySz, myCert->sigType, der, + FOURK_BUF, &caKey, NULL, rng); + } + } while (ret == WC_PENDING_E); + if (ret < 0) { + ERROR_OUT(-6960, exit_rsa); + } + certSz = ret; + +#ifdef WOLFSSL_TEST_CERT + InitDecodedCert(&decode, der, certSz, 0); + ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0); + if (ret != 0) { + FreeDecodedCert(&decode); + ERROR_OUT(-6961, exit_rsa); + + } + FreeDecodedCert(&decode); +#endif + + ret = SaveDerAndPem(der, certSz, pem, FOURK_BUF, certEccRsaDerFile, + certEccRsaPemFile, CERT_TYPE, -5616); + if (ret != 0) { + goto exit_rsa; + } + +exit_rsa: + wc_FreeRsaKey(&caKey); + wc_ecc_free(&caEccKey); + wc_ecc_free(&caEccKeyPub); + + XFREE(myCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + myCert = NULL; + XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + pem = NULL; + XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + der = NULL; + + if (ret >= 0) + ret = 0; + return ret; +} +#endif /* !NO_RSA && HAVE_ECC && WOLFSSL_CERT_GEN */ + +#ifdef WOLFSSL_KEY_GEN +static int rsa_keygen_test(WC_RNG* rng) +{ + RsaKey genKey; + int ret; + byte* der = NULL; + byte* pem = NULL; + word32 idx = 0; + int derSz = 0; + int keySz = 1024; + + XMEMSET(&genKey, 0, sizeof(genKey)); + + #ifdef HAVE_FIPS + keySz = 2048; + #endif /* HAVE_FIPS */ + + ret = wc_InitRsaKey(&genKey, HEAP_HINT); + if (ret != 0) { + ERROR_OUT(-6962, exit_rsa); + } + ret = wc_MakeRsaKey(&genKey, keySz, WC_RSA_EXPONENT, rng); + if (ret != 0) { + ERROR_OUT(-6963, exit_rsa); + } + + der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (der == NULL) { + ERROR_OUT(-6964, exit_rsa); + } + pem = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (pem == NULL) { + ERROR_OUT(-6965, exit_rsa); + } + + derSz = wc_RsaKeyToDer(&genKey, der, FOURK_BUF); + if (derSz < 0) { + ERROR_OUT(-6966, exit_rsa); + } + + ret = SaveDerAndPem(der, derSz, pem, FOURK_BUF, keyDerFile, keyPemFile, + PRIVATEKEY_TYPE, -5555); + if (ret != 0) { + goto exit_rsa; + } + + wc_FreeRsaKey(&genKey); + ret = wc_InitRsaKey(&genKey, HEAP_HINT); + if (ret != 0) { + ERROR_OUT(-6967, exit_rsa); + } + idx = 0; + ret = wc_RsaPrivateKeyDecode(der, &idx, &genKey, derSz); + if (ret != 0) { + ERROR_OUT(-6968, exit_rsa); + } + + wc_FreeRsaKey(&genKey); + XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + pem = NULL; + XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + der = NULL; + +exit_rsa: + wc_FreeRsaKey(&genKey); + return ret; +} +#endif + int rsa_test(void) { int ret; @@ -9110,21 +10108,12 @@ int rsa_test(void) size_t bytes; WC_RNG rng; RsaKey key; -#ifdef WOLFSSL_CERT_EXT +#if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN) RsaKey keypub; #endif -#ifdef WOLFSSL_KEY_GEN - RsaKey genKey; -#endif -#if defined(WOLFSSL_CERT_GEN) || defined(HAVE_NTRU) +#if defined(HAVE_NTRU) RsaKey caKey; #endif -#ifdef HAVE_ECC - #ifdef WOLFSSL_CERT_GEN - ecc_key caEccKey; - ecc_key caEccKeyPub; - #endif -#endif /* HAVE_ECC */ word32 idx = 0; byte* res; const char* inStr = "Everyone gets Friday off."; @@ -9154,21 +10143,12 @@ int rsa_test(void) #ifdef WOLFSSL_CERT_EXT XMEMSET(&keypub, 0, sizeof(keypub)); #endif -#ifdef WOLFSSL_KEY_GEN - XMEMSET(&genKey, 0, sizeof(genKey)); -#endif -#if defined(WOLFSSL_CERT_GEN) || defined(HAVE_NTRU) +#if defined(HAVE_NTRU) XMEMSET(&caKey, 0, sizeof(caKey)); #endif -#ifdef HAVE_ECC - #ifdef WOLFSSL_CERT_GEN - XMEMSET(&caEccKey, 0, sizeof(caEccKey)); - XMEMSET(&caEccKeyPub, 0, sizeof(caEccKeyPub)); - #endif -#endif /* HAVE_ECC */ #ifndef HAVE_USER_RSA - ret = rsa_decode_test(); + ret = rsa_decode_test(&key); if (ret != 0) return ret; #endif @@ -9191,7 +10171,7 @@ int rsa_test(void) || out == NULL || plain == NULL #endif ) { - return -5500; + return -7000; } #ifdef USE_CERT_BUFFERS_1024 @@ -9203,23 +10183,23 @@ int rsa_test(void) if (!file) { err_sys("can't open ./certs/client-key.der, " "Please run from wolfSSL home dir", -40); - ERROR_OUT(-5501, exit_rsa); + ERROR_OUT(-7001, exit_rsa); } bytes = fread(tmp, 1, FOURK_BUF, file); fclose(file); #else /* No key to use. */ - ERROR_OUT(-5502, exit_rsa); + ERROR_OUT(-7002, exit_rsa); #endif /* USE_CERT_BUFFERS */ ret = wc_InitRsaKey_ex(&key, HEAP_HINT, devId); if (ret != 0) { - ERROR_OUT(-5503, exit_rsa); + ERROR_OUT(-7003, exit_rsa); } ret = wc_RsaPrivateKeyDecode(tmp, &idx, &key, (word32)bytes); if (ret != 0) { - ERROR_OUT(-5504, exit_rsa); + ERROR_OUT(-7004, exit_rsa); } #ifndef HAVE_FIPS @@ -9228,7 +10208,7 @@ int rsa_test(void) ret = wc_InitRng(&rng); #endif if (ret != 0) { - ERROR_OUT(-5505, exit_rsa); + ERROR_OUT(-7005, exit_rsa); } #ifndef NO_SIG_WRAPPER @@ -9246,7 +10226,7 @@ int rsa_test(void) } } while (ret == WC_PENDING_E); if (ret < 0) { - ERROR_OUT(-5506, exit_rsa); + ERROR_OUT(-7006, exit_rsa); } #ifdef WC_RSA_BLINDING @@ -9254,7 +10234,7 @@ int rsa_test(void) int tmpret = ret; ret = wc_RsaSetRNG(&key, &rng); if (ret < 0) { - ERROR_OUT(-5507, exit_rsa); + ERROR_OUT(-7007, exit_rsa); } ret = tmpret; } @@ -9270,11 +10250,11 @@ int rsa_test(void) } } while (ret == WC_PENDING_E); if (ret < 0) { - ERROR_OUT(-5508, exit_rsa); + ERROR_OUT(-7008, exit_rsa); } if (XMEMCMP(plain, in, inLen)) { - ERROR_OUT(-5509, exit_rsa); + ERROR_OUT(-7009, exit_rsa); } do { #if defined(WOLFSSL_ASYNC_CRYPT) @@ -9285,13 +10265,13 @@ int rsa_test(void) } } while (ret == WC_PENDING_E); if (ret < 0) { - ERROR_OUT(-5510, exit_rsa); + ERROR_OUT(-7010, exit_rsa); } if (ret != (int)inLen) { - ERROR_OUT(-5511, exit_rsa); + ERROR_OUT(-7011, exit_rsa); } if (XMEMCMP(res, in, inLen)) { - ERROR_OUT(-5512, exit_rsa); + ERROR_OUT(-7012, exit_rsa); } do { @@ -9303,7 +10283,7 @@ int rsa_test(void) } } while (ret == WC_PENDING_E); if (ret < 0) { - ERROR_OUT(-5513, exit_rsa); + ERROR_OUT(-7013, exit_rsa); } idx = (word32)ret; @@ -9317,11 +10297,11 @@ int rsa_test(void) } } while (ret == WC_PENDING_E); if (ret < 0) { - ERROR_OUT(-5514, exit_rsa); + ERROR_OUT(-7014, exit_rsa); } if (XMEMCMP(plain, in, (size_t)ret)) { - ERROR_OUT(-5515, exit_rsa); + ERROR_OUT(-7015, exit_rsa); } #ifndef WC_NO_RSA_OAEP @@ -9342,7 +10322,7 @@ int rsa_test(void) } } while (ret == WC_PENDING_E); if (ret < 0) { - ERROR_OUT(-5516, exit_rsa); + ERROR_OUT(-7016, exit_rsa); } idx = (word32)ret; @@ -9356,11 +10336,11 @@ int rsa_test(void) } } while (ret == WC_PENDING_E); if (ret < 0) { - ERROR_OUT(-5517, exit_rsa); + ERROR_OUT(-7017, exit_rsa); } if (XMEMCMP(plain, in, inLen)) { - ERROR_OUT(-5518, exit_rsa); + ERROR_OUT(-7018, exit_rsa); } #endif /* NO_SHA */ @@ -9376,7 +10356,7 @@ int rsa_test(void) } } while (ret == WC_PENDING_E); if (ret < 0) { - ERROR_OUT(-5519, exit_rsa); + ERROR_OUT(-7019, exit_rsa); } idx = (word32)ret; @@ -9390,11 +10370,11 @@ int rsa_test(void) } } while (ret == WC_PENDING_E); if (ret < 0) { - ERROR_OUT(-5520, exit_rsa); + ERROR_OUT(-7020, exit_rsa); } if (XMEMCMP(plain, in, inLen)) { - ERROR_OUT(-5521, exit_rsa); + ERROR_OUT(-7021, exit_rsa); } do { @@ -9407,13 +10387,13 @@ int rsa_test(void) } } while (ret == WC_PENDING_E); if (ret < 0) { - ERROR_OUT(-5522, exit_rsa); + ERROR_OUT(-7022, exit_rsa); } if (ret != (int)inLen) { - ERROR_OUT(-5523, exit_rsa); + ERROR_OUT(-7023, exit_rsa); } if (XMEMCMP(res, in, inLen)) { - ERROR_OUT(-5524, exit_rsa); + ERROR_OUT(-7024, exit_rsa); } /* check fails if not using the same optional label */ @@ -9428,7 +10408,7 @@ int rsa_test(void) } } while (ret == WC_PENDING_E); if (ret < 0) { - ERROR_OUT(-5525, exit_rsa); + ERROR_OUT(-7025, exit_rsa); } /* TODO: investigate why Cavium Nitrox doesn't detect decrypt error here */ @@ -9444,7 +10424,7 @@ int rsa_test(void) } } while (ret == WC_PENDING_E); if (ret > 0) { /* in this case decrypt should fail */ - ERROR_OUT(-5526, exit_rsa); + ERROR_OUT(-7026, exit_rsa); } ret = 0; #endif /* !HAVE_CAVIUM */ @@ -9461,7 +10441,7 @@ int rsa_test(void) } } while (ret == WC_PENDING_E); if (ret < 0) { - ERROR_OUT(-5527, exit_rsa); + ERROR_OUT(-7027, exit_rsa); } idx = (word32)ret; @@ -9475,11 +10455,11 @@ int rsa_test(void) } } while (ret == WC_PENDING_E); if (ret < 0) { - ERROR_OUT(-5528, exit_rsa); + ERROR_OUT(-7028, exit_rsa); } if (XMEMCMP(plain, in, inLen)) { - ERROR_OUT(-5529, exit_rsa); + ERROR_OUT(-7029, exit_rsa); } #ifndef NO_SHA @@ -9495,7 +10475,7 @@ int rsa_test(void) } } while (ret == WC_PENDING_E); if (ret < 0) { - ERROR_OUT(-5530, exit_rsa); + ERROR_OUT(-7030, exit_rsa); } /* TODO: investigate why Cavium Nitrox doesn't detect decrypt error here */ @@ -9512,7 +10492,7 @@ int rsa_test(void) } } while (ret == WC_PENDING_E); if (ret > 0) { /* should fail */ - ERROR_OUT(-5531, exit_rsa); + ERROR_OUT(-7031, exit_rsa); } ret = 0; #endif /* !HAVE_CAVIUM */ @@ -9536,7 +10516,7 @@ int rsa_test(void) } } while (ret == WC_PENDING_E); if (ret < 0) { - ERROR_OUT(-5532, exit_rsa); + ERROR_OUT(-7032, exit_rsa); } idx = ret; @@ -9550,11 +10530,11 @@ int rsa_test(void) } } while (ret == WC_PENDING_E); if (ret < 0) { - ERROR_OUT(-5533, exit_rsa); + ERROR_OUT(-7033, exit_rsa); } if (XMEMCMP(plain, in, inLen)) { - ERROR_OUT(-5534, exit_rsa); + ERROR_OUT(-7034, exit_rsa); } } #endif /* WOLFSSL_SHA512 */ @@ -9571,7 +10551,7 @@ int rsa_test(void) } } while (ret == WC_PENDING_E); if (ret < 0) { - ERROR_OUT(-5535, exit_rsa); + ERROR_OUT(-7035, exit_rsa); } idx = (word32)ret; @@ -9585,15 +10565,21 @@ int rsa_test(void) } } while (ret == WC_PENDING_E); if (ret < 0) { - ERROR_OUT(-5536, exit_rsa); + ERROR_OUT(-7036, exit_rsa); } if (XMEMCMP(plain, in, inLen)) { - ERROR_OUT(-5537, exit_rsa); + ERROR_OUT(-7037, exit_rsa); } #endif /* !HAVE_FAST_RSA && !HAVE_FIPS */ #endif /* WC_NO_RSA_OAEP */ +#if !defined(HAVE_FIPS) && !defined(HAVE_USER_RSA) + ret = rsa_export_key_test(&key); + if (ret != 0) + return ret; +#endif + ret = rsa_flatten_test(&key); if (ret != 0) return ret; @@ -9611,14 +10597,14 @@ int rsa_test(void) #elif !defined(NO_FILESYSTEM) file2 = fopen(clientCert, "rb"); if (!file2) { - ERROR_OUT(-5538, exit_rsa); + ERROR_OUT(-7038, exit_rsa); } bytes = fread(tmp, 1, FOURK_BUF, file2); fclose(file2); #else /* No certificate to use. */ - ERROR_OUT(-5539, exit_rsa); + ERROR_OUT(-7039, exit_rsa); #endif #ifdef sizeof @@ -9631,7 +10617,7 @@ int rsa_test(void) ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, 0); if (ret != 0) { FreeDecodedCert(&cert); - ERROR_OUT(-5540, exit_rsa); + ERROR_OUT(-7040, exit_rsa); } FreeDecodedCert(&cert); @@ -9652,7 +10638,7 @@ int rsa_test(void) if (!file) { err_sys("can't open ./certs/client-keyPub.der, " "Please run from wolfSSL home dir", -40); - ERROR_OUT(-5541, exit_rsa); + ERROR_OUT(-7041, exit_rsa); } bytes = fread(tmp, 1, FOURK_BUF, file); @@ -9661,550 +10647,34 @@ int rsa_test(void) ret = wc_InitRsaKey(&keypub, HEAP_HINT); if (ret != 0) { - ERROR_OUT(-5542, exit_rsa); + ERROR_OUT(-7042, exit_rsa); } idx = 0; ret = wc_RsaPublicKeyDecode(tmp, &idx, &keypub, (word32)bytes); if (ret != 0) { - ERROR_OUT(-5543, exit_rsa); + ERROR_OUT(-7043, exit_rsa); } #endif /* WOLFSSL_CERT_EXT */ #ifdef WOLFSSL_KEY_GEN - { - int derSz = 0; - int keySz = 1024; - - #ifdef HAVE_FIPS - keySz = 2048; - #endif /* HAVE_FIPS */ - - ret = wc_InitRsaKey(&genKey, HEAP_HINT); - if (ret != 0) { - ERROR_OUT(-5550, exit_rsa); - } - ret = wc_MakeRsaKey(&genKey, keySz, WC_RSA_EXPONENT, &rng); - if (ret != 0) { - ERROR_OUT(-5551, exit_rsa); - } - - der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (der == NULL) { - ERROR_OUT(-5552, exit_rsa); - } - pem = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (pem == NULL) { - ERROR_OUT(-5553, exit_rsa); - } - - derSz = wc_RsaKeyToDer(&genKey, der, FOURK_BUF); - if (derSz < 0) { - ERROR_OUT(-5554, exit_rsa); - } - - ret = SaveDerAndPem(der, derSz, pem, FOURK_BUF, keyDerFile, keyPemFile, - PRIVATEKEY_TYPE, -5555); - if (ret != 0) { - goto exit_rsa; - } - - wc_FreeRsaKey(&genKey); - ret = wc_InitRsaKey(&genKey, HEAP_HINT); - if (ret != 0) { - ERROR_OUT(-5560, exit_rsa); - } - idx = 0; - ret = wc_RsaPrivateKeyDecode(der, &idx, &genKey, derSz); - if (ret != 0) { - ERROR_OUT(-5561, exit_rsa); - } - - wc_FreeRsaKey(&genKey); - XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - pem = NULL; - XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - der = NULL; - } -#endif /* WOLFSSL_KEY_GEN */ + ret = rsa_keygen_test(&rng); + if (ret != 0) + goto exit_rsa; +#endif #ifdef WOLFSSL_CERT_GEN - /* self signed */ - { - Cert myCert; - const byte mySerial[8] = {1,2,3,4,5,6,7,8}; - int certSz; - #ifdef WOLFSSL_TEST_CERT - DecodedCert decode; - #endif - - der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (der == NULL) { - ERROR_OUT(-5570, exit_rsa); - } - pem = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,DYNAMIC_TYPE_TMP_BUFFER); - if (pem == NULL) { - ERROR_OUT(-5571, exit_rsa); - } - - if (wc_InitCert(&myCert)) { - ERROR_OUT(-5572, exit_rsa); - } - - XMEMCPY(&myCert.subject, &certDefaultName, sizeof(CertName)); - XMEMCPY(myCert.serial, mySerial, sizeof(mySerial)); - myCert.serialSz = (int)sizeof(mySerial); - myCert.isCA = 1; - #ifndef NO_SHA256 - myCert.sigType = CTC_SHA256wRSA; - #else - myCert.sigType = CTC_SHAwRSA; - #endif - - - #ifdef WOLFSSL_CERT_EXT - /* add Policies */ - XSTRNCPY(myCert.certPolicies[0], "2.16.840.1.101.3.4.1.42", - CTC_MAX_CERTPOL_SZ); - XSTRNCPY(myCert.certPolicies[1], "1.2.840.113549.1.9.16.6.5", - CTC_MAX_CERTPOL_SZ); - myCert.certPoliciesNb = 2; - - /* add SKID from the Public Key */ - if (wc_SetSubjectKeyIdFromPublicKey(&myCert, &keypub, NULL) != 0) { - ERROR_OUT(-5573, exit_rsa); - } - - /* add AKID from the Public Key */ - if (wc_SetAuthKeyIdFromPublicKey(&myCert, &keypub, NULL) != 0) { - ERROR_OUT(-5574, exit_rsa); - } - - /* add Key Usage */ - if (wc_SetKeyUsage(&myCert,"cRLSign,keyCertSign") != 0) { - ERROR_OUT(-5575, exit_rsa); - } - #ifdef WOLFSSL_EKU_OID - { - const char unique[] = "2.16.840.1.111111.100.1.10.1"; - if (wc_SetExtKeyUsageOID(&myCert, unique, sizeof(unique), 0, - HEAP_HINT) != 0) { - ERROR_OUT(-5651, exit_rsa); - } - } - #endif /* WOLFSSL_EKU_OID */ - #endif /* WOLFSSL_CERT_EXT */ - - ret = 0; - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret >= 0) { - ret = wc_MakeSelfCert(&myCert, der, FOURK_BUF, &key, &rng); - } - } while (ret == WC_PENDING_E); - if (ret < 0) { - ERROR_OUT(-5576, exit_rsa); - } - certSz = ret; - - #ifdef WOLFSSL_TEST_CERT - InitDecodedCert(&decode, der, certSz, HEAP_HINT); - ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0); - if (ret != 0) { - FreeDecodedCert(&decode); - ERROR_OUT(-5577, exit_rsa); - } - FreeDecodedCert(&decode); - #endif - - ret = SaveDerAndPem(der, certSz, pem, FOURK_BUF, certDerFile, - certPemFile, CERT_TYPE, -5578); - if (ret != 0) { - goto exit_rsa; - } - - XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - pem = NULL; - XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - der = NULL; - } /* Make Cert / Sign example for RSA cert and RSA CA */ - { - Cert myCert; - int certSz; - size_t bytes3; - word32 idx3 = 0; - #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) - FILE* file3; - #endif - #ifdef WOLFSSL_TEST_CERT - DecodedCert decode; - #endif - #if defined(WOLFSSL_ALT_NAMES) && !defined(NO_ASN_TIME) - struct tm beforeTime; - struct tm afterTime; - #endif + ret = rsa_certgen_test(&key, &keypub, &rng, tmp); + if (ret != 0) + goto exit_rsa; - der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (der == NULL) { - ERROR_OUT(-5580, exit_rsa); - } - pem = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,DYNAMIC_TYPE_TMP_BUFFER); - if (pem == NULL) { - ERROR_OUT(-5581, exit_rsa); - } - - /* Setup Certificate */ - if (wc_InitCert(&myCert)) { - ERROR_OUT(-5582, exit_rsa); - } - -#ifdef WOLFSSL_ALT_NAMES - /* Get CA Cert for testing */ - #ifdef USE_CERT_BUFFERS_1024 - XMEMCPY(tmp, ca_cert_der_1024, sizeof_ca_cert_der_1024); - bytes3 = sizeof_ca_cert_der_1024; - #elif defined(USE_CERT_BUFFERS_2048) - XMEMCPY(tmp, ca_cert_der_2048, sizeof_ca_cert_der_2048); - bytes3 = sizeof_ca_cert_der_2048; - #else - file3 = fopen(rsaCaCertDerFile, "rb"); - if (!file3) { - ERROR_OUT(-5583, exit_rsa); - } - bytes3 = fread(tmp, 1, FOURK_BUF, file3); - fclose(file3); - #endif /* USE_CERT_BUFFERS */ - - #ifndef NO_FILESYSTEM - ret = wc_SetAltNames(&myCert, rsaCaCertFile); - if (ret != 0) { - ERROR_OUT(-5584, exit_rsa); - } - #endif - /* get alt names from der */ - ret = wc_SetAltNamesBuffer(&myCert, tmp, (int)bytes3); - if (ret != 0) { - ERROR_OUT(-5585, exit_rsa); - } - - /* get dates from der */ - ret = wc_SetDatesBuffer(&myCert, tmp, (int)bytes3); - if (ret != 0) { - ERROR_OUT(-5586, exit_rsa); - } - - #ifndef NO_ASN_TIME - ret = wc_GetCertDates(&myCert, &beforeTime, &afterTime); - if (ret < 0) { - ERROR_OUT(-5587, exit_rsa); - } - #endif -#endif /* WOLFSSL_ALT_NAMES */ - - /* Get CA Key */ - #ifdef USE_CERT_BUFFERS_1024 - XMEMCPY(tmp, ca_key_der_1024, sizeof_ca_key_der_1024); - bytes3 = sizeof_ca_key_der_1024; - #elif defined(USE_CERT_BUFFERS_2048) - XMEMCPY(tmp, ca_key_der_2048, sizeof_ca_key_der_2048); - bytes3 = sizeof_ca_key_der_2048; - #else - file3 = fopen(rsaCaKeyFile, "rb"); - if (!file3) { - ERROR_OUT(-5588, exit_rsa); - } - - bytes3 = fread(tmp, 1, FOURK_BUF, file3); - fclose(file3); - #endif /* USE_CERT_BUFFERS */ - - ret = wc_InitRsaKey(&caKey, HEAP_HINT); - if (ret != 0) { - ERROR_OUT(-5589, exit_rsa); - } - ret = wc_RsaPrivateKeyDecode(tmp, &idx3, &caKey, (word32)bytes3); - if (ret != 0) { - ERROR_OUT(-5590, exit_rsa); - } - - #ifndef NO_SHA256 - myCert.sigType = CTC_SHA256wRSA; - #else - myCert.sigType = CTC_SHAwRSA; - #endif - - XMEMCPY(&myCert.subject, &certDefaultName, sizeof(CertName)); - - #ifdef WOLFSSL_CERT_EXT - /* add Policies */ - XSTRNCPY(myCert.certPolicies[0], "2.16.840.1.101.3.4.1.42", - CTC_MAX_CERTPOL_SZ); - myCert.certPoliciesNb =1; - - /* add SKID from the Public Key */ - if (wc_SetSubjectKeyIdFromPublicKey(&myCert, &key, NULL) != 0) { - ERROR_OUT(-5591, exit_rsa); - } - - /* add AKID from the CA certificate */ - #if defined(USE_CERT_BUFFERS_2048) - ret = wc_SetAuthKeyIdFromCert(&myCert, ca_cert_der_2048, - sizeof_ca_cert_der_2048); - #elif defined(USE_CERT_BUFFERS_1024) - ret = wc_SetAuthKeyIdFromCert(&myCert, ca_cert_der_1024, - sizeof_ca_cert_der_1024); - #else - ret = wc_SetAuthKeyId(&myCert, rsaCaCertFile); - #endif - if (ret != 0) { - ERROR_OUT(-5592, exit_rsa); - } - - /* add Key Usage */ - if (wc_SetKeyUsage(&myCert,"keyEncipherment,keyAgreement") != 0) { - ERROR_OUT(-5593, exit_rsa); - } - #endif /* WOLFSSL_CERT_EXT */ - - #if defined(USE_CERT_BUFFERS_2048) - ret = wc_SetIssuerBuffer(&myCert, ca_cert_der_2048, - sizeof_ca_cert_der_2048); - #elif defined(USE_CERT_BUFFERS_1024) - ret = wc_SetIssuerBuffer(&myCert, ca_cert_der_1024, - sizeof_ca_cert_der_1024); - #else - ret = wc_SetIssuer(&myCert, rsaCaCertFile); - #endif - if (ret < 0) { - ERROR_OUT(-5594, exit_rsa); - } - - certSz = wc_MakeCert(&myCert, der, FOURK_BUF, &key, NULL, &rng); - if (certSz < 0) { - ERROR_OUT(-5595, exit_rsa); - } - - ret = 0; - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &caKey.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret >= 0) { - ret = wc_SignCert(myCert.bodySz, myCert.sigType, der, FOURK_BUF, - &caKey, NULL, &rng); - } - } while (ret == WC_PENDING_E); - if (ret < 0) { - ERROR_OUT(-5596, exit_rsa); - } - certSz = ret; - - #ifdef WOLFSSL_TEST_CERT - InitDecodedCert(&decode, der, certSz, HEAP_HINT); - ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0); - if (ret != 0) { - FreeDecodedCert(&decode); - ERROR_OUT(-5597, exit_rsa); - } - FreeDecodedCert(&decode); - #endif - - ret = SaveDerAndPem(der, certSz, pem, FOURK_BUF, otherCertDerFile, - otherCertPemFile, CERT_TYPE, -5598); - if (ret != 0) { - goto exit_rsa; - } - - wc_FreeRsaKey(&caKey); - - XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - pem = NULL; - XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - der = NULL; - } #if !defined(NO_RSA) && defined(HAVE_ECC) - /* Make Cert / Sign example for ECC cert and RSA CA */ - { - Cert myCert; - int certSz; - size_t bytes3; - word32 idx3 = 0; - #if (!defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)) \ - || !defined(USE_CERT_BUFFERS_256) - FILE* file3; - #endif - #ifdef WOLFSSL_TEST_CERT - DecodedCert decode; - #endif + ret = rsa_ecc_certgen_test(&rng, tmp); + if (ret != 0) + goto exit_rsa; +#endif - der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (der == NULL) { - ERROR_OUT(-5600, exit_rsa); - } - pem = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,DYNAMIC_TYPE_TMP_BUFFER); - if (pem == NULL) { - ERROR_OUT(-5601, exit_rsa); - } - - /* Get CA Key */ - #ifdef USE_CERT_BUFFERS_1024 - XMEMCPY(tmp, ca_key_der_1024, sizeof_ca_key_der_1024); - bytes3 = sizeof_ca_key_der_1024; - #elif defined(USE_CERT_BUFFERS_2048) - XMEMCPY(tmp, ca_key_der_2048, sizeof_ca_key_der_2048); - bytes3 = sizeof_ca_key_der_2048; - #else - file3 = fopen(rsaCaKeyFile, "rb"); - if (!file3) { - ERROR_OUT(-5602, exit_rsa); - } - - bytes3 = fread(tmp, 1, FOURK_BUF, file3); - fclose(file3); - #endif /* USE_CERT_BUFFERS */ - - ret = wc_InitRsaKey(&caKey, HEAP_HINT); - if (ret != 0) { - ERROR_OUT(-5603, exit_rsa); - } - ret = wc_RsaPrivateKeyDecode(tmp, &idx3, &caKey, (word32)bytes3); - if (ret != 0) { - ERROR_OUT(-5604, exit_rsa); - } - - /* Get Cert Key */ - #ifdef USE_CERT_BUFFERS_256 - XMEMCPY(tmp, ecc_key_pub_der_256, sizeof_ecc_key_pub_der_256); - bytes3 = sizeof_ecc_key_pub_der_256; - #else - file3 = fopen(eccKeyPubFile, "rb"); - if (!file3) { - ERROR_OUT(-5605, exit_rsa); - } - - bytes3 = fread(tmp, 1, FOURK_BUF, file3); - fclose(file3); - #endif - - ret = wc_ecc_init_ex(&caEccKeyPub, HEAP_HINT, devId); - if (ret != 0) { - ERROR_OUT(-5606, exit_rsa); - } - - idx3 = 0; - ret = wc_EccPublicKeyDecode(tmp, &idx3, &caEccKeyPub, (word32)bytes3); - if (ret != 0) { - ERROR_OUT(-5607, exit_rsa); - } - - /* Setup Certificate */ - if (wc_InitCert(&myCert)) { - ERROR_OUT(-5608, exit_rsa); - } - - #ifndef NO_SHA256 - myCert.sigType = CTC_SHA256wRSA; - #else - myCert.sigType = CTC_SHAwRSA; - #endif - - XMEMCPY(&myCert.subject, &certDefaultName, sizeof(CertName)); - -#ifdef WOLFSSL_CERT_EXT - /* add Policies */ - XSTRNCPY(myCert.certPolicies[0], "2.4.589440.587.101.2.1.9632587.1", - CTC_MAX_CERTPOL_SZ); - XSTRNCPY(myCert.certPolicies[1], "1.2.13025.489.1.113549", - CTC_MAX_CERTPOL_SZ); - myCert.certPoliciesNb = 2; - - /* add SKID from the Public Key */ - if (wc_SetSubjectKeyIdFromPublicKey(&myCert, NULL, &caEccKeyPub) != 0) { - ERROR_OUT(-5609, exit_rsa); - } - - /* add AKID from the CA certificate */ - #if defined(USE_CERT_BUFFERS_2048) - ret = wc_SetAuthKeyIdFromCert(&myCert, ca_cert_der_2048, - sizeof_ca_cert_der_2048); - #elif defined(USE_CERT_BUFFERS_1024) - ret = wc_SetAuthKeyIdFromCert(&myCert, ca_cert_der_1024, - sizeof_ca_cert_der_1024); - #else - ret = wc_SetAuthKeyId(&myCert, rsaCaCertFile); - #endif - if (ret != 0) { - ERROR_OUT(-5610, exit_rsa); - } - - /* add Key Usage */ - if (wc_SetKeyUsage(&myCert, certKeyUsage) != 0) { - ERROR_OUT(-5611, exit_rsa); - } -#endif /* WOLFSSL_CERT_EXT */ - - #if defined(USE_CERT_BUFFERS_2048) - ret = wc_SetIssuerBuffer(&myCert, ca_cert_der_2048, - sizeof_ca_cert_der_2048); - #elif defined(USE_CERT_BUFFERS_1024) - ret = wc_SetIssuerBuffer(&myCert, ca_cert_der_1024, - sizeof_ca_cert_der_1024); - #else - ret = wc_SetIssuer(&myCert, rsaCaCertFile); - #endif - if (ret < 0) { - ERROR_OUT(-5612, exit_rsa); - } - - certSz = wc_MakeCert(&myCert, der, FOURK_BUF, NULL, &caEccKeyPub, &rng); - if (certSz < 0) { - ERROR_OUT(-5613, exit_rsa); - } - - ret = 0; - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &caEccKey.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret >= 0) { - ret = wc_SignCert(myCert.bodySz, myCert.sigType, der, - FOURK_BUF, &caKey, NULL, &rng); - } - } while (ret == WC_PENDING_E); - if (ret < 0) { - ERROR_OUT(-5614, exit_rsa); - } - certSz = ret; - - #ifdef WOLFSSL_TEST_CERT - InitDecodedCert(&decode, der, certSz, 0); - ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0); - if (ret != 0) { - FreeDecodedCert(&decode); - ERROR_OUT(-5615, exit_rsa); - - } - FreeDecodedCert(&decode); - #endif - - ret = SaveDerAndPem(der, certSz, pem, FOURK_BUF, certEccRsaDerFile, - certEccRsaPemFile, CERT_TYPE, -5616); - if (ret != 0) { - goto exit_rsa; - } - - wc_ecc_free(&caEccKeyPub); - wc_FreeRsaKey(&caKey); - - XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - pem = NULL; - XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - der = NULL; - } -#endif /* !NO_RSA && HAVE_ECC */ #ifdef HAVE_NTRU { Cert myCert; @@ -10228,26 +10698,26 @@ int rsa_test(void) word32 rc = ntru_crypto_drbg_instantiate(112, pers_str, sizeof(pers_str), GetEntropy, &drbg); if (rc != DRBG_OK) { - ERROR_OUT(-5620, exit_rsa); + ERROR_OUT(-7044, exit_rsa); } rc = ntru_crypto_ntru_encrypt_keygen(drbg, NTRU_EES401EP2, &public_key_len, NULL, &private_key_len, NULL); if (rc != NTRU_OK) { - ERROR_OUT(-5621, exit_rsa); + ERROR_OUT(-7045, exit_rsa); } rc = ntru_crypto_ntru_encrypt_keygen(drbg, NTRU_EES401EP2, &public_key_len, public_key, &private_key_len, private_key); if (rc != NTRU_OK) { - ERROR_OUT(-5622, exit_rsa); + ERROR_OUT(-7046, exit_rsa); } rc = ntru_crypto_drbg_uninstantiate(drbg); if (rc != NTRU_OK) { - ERROR_OUT(-5623, exit_rsa); + ERROR_OUT(-7047, exit_rsa); } #ifdef USE_CERT_BUFFERS_1024 @@ -10259,7 +10729,7 @@ int rsa_test(void) #else caFile = fopen(rsaCaKeyFile, "rb"); if (!caFile) { - ERROR_OUT(-5624, exit_rsa); + ERROR_OUT(-7048, exit_rsa); } bytes = fread(tmp, 1, FOURK_BUF, caFile); @@ -10268,15 +10738,15 @@ int rsa_test(void) ret = wc_InitRsaKey(&caKey, HEAP_HINT); if (ret != 0) { - ERROR_OUT(-5625, exit_rsa); + ERROR_OUT(-7049, exit_rsa); } ret = wc_RsaPrivateKeyDecode(tmp, &idx3, &caKey, (word32)bytes); if (ret != 0) { - ERROR_OUT(-5626, exit_rsa); + ERROR_OUT(-7050, exit_rsa); } if (wc_InitCert(&myCert)) { - ERROR_OUT(-5627, exit_rsa); + ERROR_OUT(-7051, exit_rsa); } XMEMCPY(&myCert.subject, &certDefaultName, sizeof(CertName)); @@ -10286,7 +10756,7 @@ int rsa_test(void) /* add SKID from the Public Key */ if (wc_SetSubjectKeyIdFromNtruPublicKey(&myCert, public_key, public_key_len) != 0) { - ERROR_OUT(-5628, exit_rsa); + ERROR_OUT(-7052, exit_rsa); } /* add AKID from the CA certificate */ @@ -10300,12 +10770,12 @@ int rsa_test(void) ret = wc_SetAuthKeyId(&myCert, rsaCaCertFile); #endif if (ret != 0) { - ERROR_OUT(-5629, exit_rsa); + ERROR_OUT(-7053, exit_rsa); } /* add Key Usage */ if (wc_SetKeyUsage(&myCert, certKeyUsage2) != 0) { - ERROR_OUT(-5630, exit_rsa); + ERROR_OUT(-7054, exit_rsa); } #endif /* WOLFSSL_CERT_EXT */ @@ -10319,22 +10789,22 @@ int rsa_test(void) ret = wc_SetIssuer(&myCert, rsaCaCertFile); #endif if (ret < 0) { - ERROR_OUT(-5631, exit_rsa); + ERROR_OUT(-7055, exit_rsa); } der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (der == NULL) { - ERROR_OUT(-5632, exit_rsa); + ERROR_OUT(-7056, exit_rsa); } pem = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,DYNAMIC_TYPE_TMP_BUFFER); if (pem == NULL) { - ERROR_OUT(-5633, exit_rsa); + ERROR_OUT(-7057, exit_rsa); } certSz = wc_MakeNtruCert(&myCert, der, FOURK_BUF, public_key, public_key_len, &rng); if (certSz < 0) { - ERROR_OUT(-5634, exit_rsa); + ERROR_OUT(-7058, exit_rsa); } ret = 0; @@ -10349,7 +10819,7 @@ int rsa_test(void) } while (ret == WC_PENDING_E); wc_FreeRsaKey(&caKey); if (ret < 0) { - ERROR_OUT(-5635, exit_rsa); + ERROR_OUT(-7059, exit_rsa); } certSz = ret; @@ -10358,7 +10828,7 @@ int rsa_test(void) ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0); if (ret != 0) { FreeDecodedCert(&decode); - ERROR_OUT(-5636, exit_rsa); + ERROR_OUT(-7060, exit_rsa); } FreeDecodedCert(&decode); #endif @@ -10372,12 +10842,12 @@ int rsa_test(void) #if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES) ntruPrivFile = fopen("./ntru-key.raw", "wb"); if (!ntruPrivFile) { - ERROR_OUT(-5638, exit_rsa); + ERROR_OUT(-7061, exit_rsa); } ret = (int)fwrite(private_key, 1, private_key_len, ntruPrivFile); fclose(ntruPrivFile); if (ret != private_key_len) { - ERROR_OUT(-5639, exit_rsa); + ERROR_OUT(-7062, exit_rsa); } #endif @@ -10394,15 +10864,15 @@ int rsa_test(void) der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,DYNAMIC_TYPE_TMP_BUFFER); if (der == NULL) { - ERROR_OUT(-5640, exit_rsa); + ERROR_OUT(-7063, exit_rsa); } pem = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,DYNAMIC_TYPE_TMP_BUFFER); if (pem == NULL) { - ERROR_OUT(-5641, exit_rsa); + ERROR_OUT(-7064, exit_rsa); } if (wc_InitCert(&req)) { - ERROR_OUT(-5642, exit_rsa); + ERROR_OUT(-7065, exit_rsa); } req.version = 0; @@ -10419,25 +10889,25 @@ int rsa_test(void) #ifdef WOLFSSL_CERT_EXT /* add SKID from the Public Key */ if (wc_SetSubjectKeyIdFromPublicKey(&req, &keypub, NULL) != 0) { - ERROR_OUT(-5643, exit_rsa); + ERROR_OUT(-7066, exit_rsa); } /* add Key Usage */ if (wc_SetKeyUsage(&req, certKeyUsage2) != 0) { - ERROR_OUT(-5644, exit_rsa); + ERROR_OUT(-7067, exit_rsa); } /* add Extended Key Usage */ if (wc_SetExtKeyUsage(&req, "serverAuth,clientAuth,codeSigning," "emailProtection,timeStamping,OCSPSigning") != 0) { - ERROR_OUT(-5645, exit_rsa); + ERROR_OUT(-7068, exit_rsa); } #ifdef WOLFSSL_EKU_OID { const char unique[] = "2.16.840.1.111111.100.1.10.1"; if (wc_SetExtKeyUsageOID(&req, unique, sizeof(unique), 0, HEAP_HINT) != 0) { - ERROR_OUT(-5652, exit_rsa); + ERROR_OUT(-7069, exit_rsa); } } #endif /* WOLFSSL_EKU_OID */ @@ -10445,17 +10915,17 @@ int rsa_test(void) derSz = wc_MakeCertReq(&req, der, FOURK_BUF, &key, NULL); if (derSz < 0) { - ERROR_OUT(-5646, exit_rsa); + ERROR_OUT(-7070, exit_rsa); } #ifdef WOLFSSL_CERT_EXT /* Try again with "any" flag set, will override all others */ if (wc_SetExtKeyUsage(&req, "any") != 0) { - ERROR_OUT(-5647, exit_rsa); + ERROR_OUT(-7071, exit_rsa); } derSz = wc_MakeCertReq(&req, der, FOURK_BUF, &key, NULL); if (derSz < 0) { - ERROR_OUT(-5648, exit_rsa); + ERROR_OUT(-7072, exit_rsa); } #endif /* WOLFSSL_CERT_EXT */ @@ -10470,7 +10940,7 @@ int rsa_test(void) } } while (ret == WC_PENDING_E); if (ret < 0) { - ERROR_OUT(-5649, exit_rsa); + ERROR_OUT(-7073, exit_rsa); } derSz = ret; @@ -10497,17 +10967,8 @@ exit_rsa: #ifdef WOLFSSL_CERT_EXT wc_FreeRsaKey(&keypub); #endif -#ifdef WOLFSSL_KEY_GEN - wc_FreeRsaKey(&genKey); -#endif -#ifdef WOLFSSL_CERT_GEN +#if defined(HAVE_NTRU) wc_FreeRsaKey(&caKey); - #ifdef HAVE_ECC - wc_ecc_free(&caEccKey); - #ifdef WOLFSSL_CERT_EXT - wc_ecc_free(&caEccKeyPub); - #endif - #endif #endif XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); @@ -10612,18 +11073,56 @@ static int dh_fips_generate_test(WC_RNG *rng) 0xec, 0x24, 0x5d, 0x78, 0x59, 0xe7, 0x8d, 0xb5, 0x40, 0x52, 0xed, 0x41 }; + static byte q0[] = { + 0x00, + 0xe0, 0x35, 0x37, 0xaf, 0xb2, 0x50, 0x91, 0x8e, + 0xf2, 0x62, 0x2b, 0xd9, 0x9f, 0x6c, 0x11, 0x75, + 0xec, 0x24, 0x5d, 0x78, 0x59, 0xe7, 0x8d, 0xb5, + 0x40, 0x52, 0xed, 0x41 + }; byte priv[256]; byte pub[256]; word32 privSz = sizeof(priv); word32 pubSz = sizeof(pub); + /* Parameter Validation testing. */ + ret = wc_DhGenerateKeyPair(NULL, rng, priv, &privSz, pub, &pubSz); + if (ret != BAD_FUNC_ARG) + return -7074; + ret = wc_DhGenerateKeyPair(&key, NULL, priv, &privSz, pub, &pubSz); + if (ret != BAD_FUNC_ARG) + return -7075; + ret = wc_DhGenerateKeyPair(&key, rng, NULL, &privSz, pub, &pubSz); + if (ret != BAD_FUNC_ARG) + return -7076; + ret = wc_DhGenerateKeyPair(&key, rng, priv, NULL, pub, &pubSz); + if (ret != BAD_FUNC_ARG) + return -7077; + ret = wc_DhGenerateKeyPair(&key, rng, priv, &privSz, NULL, &pubSz); + if (ret != BAD_FUNC_ARG) + return -7078; + ret = wc_DhGenerateKeyPair(&key, rng, priv, &privSz, pub, NULL); + if (ret != BAD_FUNC_ARG) + return -7079; + ret = wc_InitDhKey_ex(&key, HEAP_HINT, devId); if (ret != 0) - return -5725; + return -7080; + + ret = wc_DhSetKey_ex(&key, p, sizeof(p), g, sizeof(g), q0, sizeof(q0)); + if (ret != 0) { + ERROR_OUT(-7081, exit_gen_test); + } + + wc_FreeDhKey(&key); + + ret = wc_InitDhKey_ex(&key, HEAP_HINT, devId); + if (ret != 0) + return -7082; ret = wc_DhSetKey_ex(&key, p, sizeof(p), g, sizeof(g), q, sizeof(q)); if (ret != 0) { - ERROR_OUT(-5726, exit_gen_test); + ERROR_OUT(-7083, exit_gen_test); } /* Use API. */ @@ -10632,9 +11131,28 @@ static int dh_fips_generate_test(WC_RNG *rng) ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (ret != 0) { - ret = -5727; + ERROR_OUT(-7084, exit_gen_test); } + ret = wc_DhCheckPubKey_ex(&key, pub, pubSz, q0, sizeof(q0)); + if (ret != 0) { + ERROR_OUT(-7085, exit_gen_test); + } + + wc_FreeDhKey(&key); + ret = wc_InitDhKey_ex(&key, HEAP_HINT, devId); + if (ret != 0) + return -7086; + + ret = wc_DhSetKey(&key, p, sizeof(p), g, sizeof(g)); + if (ret != 0) { + ERROR_OUT(-7087, exit_gen_test); + } + + ret = wc_DhCheckPubKey_ex(&key, pub, pubSz, q, sizeof(q)); + if (ret != 0) + ret = -7088; + exit_gen_test: wc_FreeDhKey(&key); @@ -10662,32 +11180,37 @@ static int dh_generate_test(WC_RNG *rng) ret = wc_InitDhKey_ex(&smallKey, HEAP_HINT, devId); if (ret != 0) - return -5700; + return -7089; /* Parameter Validation testing. */ + ret = wc_InitDhKey_ex(NULL, HEAP_HINT, devId); + if (ret != BAD_FUNC_ARG) + return -7090; + wc_FreeDhKey(NULL); + ret = wc_DhSetKey(NULL, p, sizeof(p), g, sizeof(g)); if (ret != BAD_FUNC_ARG) { - ERROR_OUT(-5701, exit_gen_test); + ERROR_OUT(-7091, exit_gen_test); } ret = wc_DhSetKey(&smallKey, NULL, sizeof(p), g, sizeof(g)); if (ret != BAD_FUNC_ARG) { - ERROR_OUT(-5702, exit_gen_test); + ERROR_OUT(-7092, exit_gen_test); } ret = wc_DhSetKey(&smallKey, p, 0, g, sizeof(g)); if (ret != BAD_FUNC_ARG) { - ERROR_OUT(-5703, exit_gen_test); + ERROR_OUT(-7093, exit_gen_test); } ret = wc_DhSetKey(&smallKey, p, sizeof(p), NULL, sizeof(g)); if (ret != BAD_FUNC_ARG) { - ERROR_OUT(-5704, exit_gen_test); + ERROR_OUT(-7094, exit_gen_test); } ret = wc_DhSetKey(&smallKey, p, sizeof(p), g, 0); if (ret != BAD_FUNC_ARG) { - ERROR_OUT(-5705, exit_gen_test); + ERROR_OUT(-7095, exit_gen_test); } ret = wc_DhSetKey(&smallKey, p, sizeof(p), g, sizeof(g)); if (ret != 0) { - ERROR_OUT(-5706, exit_gen_test); + ERROR_OUT(-7096, exit_gen_test); } #ifndef WOLFSSL_SP_MATH @@ -10697,7 +11220,7 @@ static int dh_generate_test(WC_RNG *rng) ret = wc_AsyncWait(ret, &smallKey.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (ret != 0) { - ret = -5707; + ret = -7097; } #else (void)rng; @@ -10737,48 +11260,55 @@ int dh_test(void) #elif !defined(NO_FILESYSTEM) FILE* file = fopen(dhKey, "rb"); if (!file) - return -5710; + return -7100; bytes = (word32) fread(tmp, 1, sizeof(tmp), file); fclose(file); #else /* No DH key to use. */ - return -5711; + return -7101; #endif /* USE_CERT_BUFFERS */ (void)idx; (void)tmp; (void)bytes; + /* Use API for coverage. */ + ret = wc_InitDhKey(&key); + if (ret != 0) { + ERROR_OUT(-7102, done); + } + wc_FreeDhKey(&key); + ret = wc_InitDhKey_ex(&key, HEAP_HINT, devId); if (ret != 0) { - ERROR_OUT(-5712, done); + ERROR_OUT(-7103, done); } ret = wc_InitDhKey_ex(&key2, HEAP_HINT, devId); if (ret != 0) { - ERROR_OUT(-5713, done); + ERROR_OUT(-7104, done); } #ifdef NO_ASN ret = wc_DhSetKey(&key, dh_p, sizeof(dh_p), dh_g, sizeof(dh_g)); if (ret != 0) { - ERROR_OUT(-5714, done); + ERROR_OUT(-7105, done); } ret = wc_DhSetKey(&key2, dh_p, sizeof(dh_p), dh_g, sizeof(dh_g)); if (ret != 0) { - ERROR_OUT(-5715, done); + ERROR_OUT(-7106, done); } #else ret = wc_DhKeyDecode(tmp, &idx, &key, bytes); if (ret != 0) { - ERROR_OUT(-5716, done); + ERROR_OUT(-7107, done); } idx = 0; ret = wc_DhKeyDecode(tmp, &idx, &key2, bytes); if (ret != 0) { - ERROR_OUT(-5717, done); + ERROR_OUT(-7108, done); } #endif @@ -10788,7 +11318,7 @@ int dh_test(void) ret = wc_InitRng(&rng); #endif if (ret != 0) { - ERROR_OUT(-5718, done); + ERROR_OUT(-7109, done); } ret = wc_DhGenerateKeyPair(&key, &rng, priv, &privSz, pub, &pubSz); @@ -10796,7 +11326,7 @@ int dh_test(void) ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (ret != 0) { - ERROR_OUT(-5719, done); + ERROR_OUT(-7110, done); } ret = wc_DhGenerateKeyPair(&key2, &rng, priv2, &privSz2, pub2, &pubSz2); @@ -10804,7 +11334,7 @@ int dh_test(void) ret = wc_AsyncWait(ret, &key2.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (ret != 0) { - ERROR_OUT(-5720, done); + ERROR_OUT(-7111, done); } ret = wc_DhAgree(&key, agree, &agreeSz, priv, privSz, pub2, pubSz2); @@ -10812,7 +11342,7 @@ int dh_test(void) ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (ret != 0) { - ERROR_OUT(-5721, done); + ERROR_OUT(-7112, done); } ret = wc_DhAgree(&key2, agree2, &agreeSz2, priv2, privSz2, pub, pubSz); @@ -10820,11 +11350,11 @@ int dh_test(void) ret = wc_AsyncWait(ret, &key2.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (ret != 0) { - ERROR_OUT(-5722, done); + ERROR_OUT(-7113, done); } if (agreeSz != agreeSz2 || XMEMCMP(agree, agree2, agreeSz)) { - ERROR_OUT(-5723, done); + ERROR_OUT(-7114, done); } ret = dh_generate_test(&rng); @@ -10866,7 +11396,7 @@ int dsa_test(void) #else FILE* file = fopen(dsaKey, "rb"); if (!file) - return -5800; + return -7200; bytes = (word32) fread(tmp, 1, sizeof(tmp), file); fclose(file); @@ -10874,30 +11404,30 @@ int dsa_test(void) ret = wc_InitSha_ex(&sha, HEAP_HINT, devId); if (ret != 0) - return -5801; + return -7201; wc_ShaUpdate(&sha, tmp, bytes); wc_ShaFinal(&sha, hash); wc_ShaFree(&sha); ret = wc_InitDsaKey(&key); - if (ret != 0) return -5802; + if (ret != 0) return -7202; ret = wc_DsaPrivateKeyDecode(tmp, &idx, &key, bytes); - if (ret != 0) return -5803; + if (ret != 0) return -7203; #ifndef HAVE_FIPS ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); #else ret = wc_InitRng(&rng); #endif - if (ret != 0) return -5804; + if (ret != 0) return -7204; ret = wc_DsaSign(hash, signature, &key, &rng); - if (ret != 0) return -5805; + if (ret != 0) return -7205; ret = wc_DsaVerify(hash, signature, &key, &answer); - if (ret != 0) return -5806; - if (answer != 1) return -5807; + if (ret != 0) return -7206; + if (answer != 1) return -7207; wc_FreeDsaKey(&key); @@ -10910,37 +11440,37 @@ int dsa_test(void) DsaKey genKey; ret = wc_InitDsaKey(&genKey); - if (ret != 0) return -5808; + if (ret != 0) return -7208; ret = wc_MakeDsaParameters(&rng, 1024, &genKey); if (ret != 0) { wc_FreeDsaKey(&genKey); - return -5809; + return -7209; } ret = wc_MakeDsaKey(&rng, &genKey); if (ret != 0) { wc_FreeDsaKey(&genKey); - return -5810; + return -7210; } der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (der == NULL) { wc_FreeDsaKey(&genKey); - return -5811; + return -7211; } pem = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (pem == NULL) { XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_FreeDsaKey(&genKey); - return -5812; + return -7212; } derSz = wc_DsaKeyToDer(&genKey, der, FOURK_BUF); if (derSz < 0) { XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - return -5813; + return -7213; } ret = SaveDerAndPem(der, derSz, pem, FOURK_BUF, keyDerFile, @@ -10957,7 +11487,7 @@ int dsa_test(void) XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_FreeDsaKey(&genKey); - return -5819; + return -7214; } idx = 0; @@ -10967,7 +11497,7 @@ int dsa_test(void) XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_FreeDsaKey(&derIn); wc_FreeDsaKey(&genKey); - return -5820; + return -7215; } wc_FreeDsaKey(&derIn); @@ -10987,11 +11517,11 @@ int dsa_test(void) static int generate_random_salt(byte *buf, word32 size) { - int ret = -5821; + int ret = -7216; WC_RNG rng; if(NULL == buf || !size) - return -5822; + return -7217; if (buf && size && wc_InitRng_ex(&rng, HEAP_HINT, devId) == 0) { ret = wc_RNG_GenerateBlock(&rng, (byte *)buf, size); @@ -11134,25 +11664,25 @@ static int openssl_aes_test(void) EVP_CIPHER_CTX_init(&en); if (EVP_CipherInit(&en, EVP_aes_128_cbc(), (unsigned char*)key, (unsigned char*)iv, 1) == 0) - return -3401; + return -7300; if (EVP_CipherUpdate(&en, (byte*)cipher, &outlen, (byte*)cbcPlain, 9) == 0) - return -3402; + return -7301; if (outlen != 0) - return -3403; + return -7302; total += outlen; if (EVP_CipherUpdate(&en, (byte*)&cipher[total], &outlen, (byte*)&cbcPlain[9] , 9) == 0) - return -3404; + return -7303; if (outlen != 16) - return -3405; + return -7304; total += outlen; if (EVP_CipherFinal(&en, (byte*)&cipher[total], &outlen) == 0) - return -3406; + return -7305; if (outlen != 16) - return -3407; + return -7306; total += outlen; if (total != 32) return 3408; @@ -11161,38 +11691,38 @@ static int openssl_aes_test(void) EVP_CIPHER_CTX_init(&de); if (EVP_CipherInit(&de, EVP_aes_128_cbc(), (unsigned char*)key, (unsigned char*)iv, 0) == 0) - return -3420; + return -7307; if (EVP_CipherUpdate(&de, (byte*)plain, &outlen, (byte*)cipher, 6) == 0) - return -3421; + return -7308; if (outlen != 0) - return -3422; + return -7309; total += outlen; if (EVP_CipherUpdate(&de, (byte*)&plain[total], &outlen, (byte*)&cipher[6], 12) == 0) - return -3423; + return -7310; if (outlen != 0) total += outlen; if (EVP_CipherUpdate(&de, (byte*)&plain[total], &outlen, (byte*)&cipher[6+12], 14) == 0) - return -3423; + return -7311; if (outlen != 16) - return -3424; + return -7312; total += outlen; if (EVP_CipherFinal(&de, (byte*)&plain[total], &outlen) == 0) - return -3425; + return -7313; if (outlen != 2) - return -3426; + return -7314; total += outlen; if (total != 18) return 3427; if (XMEMCMP(plain, cbcPlain, 18)) - return -3428; + return -7315; } { /* evp_cipher test: EVP_aes_128_cbc */ @@ -11218,23 +11748,23 @@ static int openssl_aes_test(void) EVP_CIPHER_CTX_init(&ctx); if (EVP_CipherInit(&ctx, EVP_aes_128_cbc(), key, iv, 1) == 0) - return -81; + return -7316; if (EVP_Cipher(&ctx, cipher, (byte*)msg, 16) == 0) - return -82; + return -7317; if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE)) - return -83; + return -7318; EVP_CIPHER_CTX_init(&ctx); if (EVP_CipherInit(&ctx, EVP_aes_128_cbc(), key, iv, 0) == 0) - return -84; + return -7319; if (EVP_Cipher(&ctx, plain, cipher, 16) == 0) - return -85; + return -7320; if (XMEMCMP(plain, msg, AES_BLOCK_SIZE)) - return -86; + return -7321; } /* end evp_cipher test: EVP_aes_128_cbc*/ @@ -11270,23 +11800,23 @@ static int openssl_aes_test(void) EVP_CIPHER_CTX_init(&ctx); if (EVP_CipherInit(&ctx, EVP_aes_256_ecb(), (unsigned char*)key, NULL, 1) == 0) - return -181; + return -7322; if (EVP_Cipher(&ctx, cipher, (byte*)msg, 16) == 0) - return -182; + return -7323; if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE)) - return -183; + return -7324; EVP_CIPHER_CTX_init(&ctx); if (EVP_CipherInit(&ctx, EVP_aes_256_ecb(), (unsigned char*)key, NULL, 0) == 0) - return -184; + return -7325; if (EVP_Cipher(&ctx, plain, cipher, 16) == 0) - return -185; + return -7326; if (XMEMCMP(plain, msg, AES_BLOCK_SIZE)) - return -186; + return -7327; } /* end evp_cipher test */ #endif /* HAVE_AES_ECB && WOLFSSL_AES_256 */ @@ -11331,11 +11861,11 @@ static int openssl_aes_test(void) #ifdef HAVE_AES_DECRYPT AES_decrypt(cipher, plain, &dec); if (XMEMCMP(plain, msg, AES_BLOCK_SIZE)) - return -187; + return -7328; #endif /* HAVE_AES_DECRYPT */ if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE)) - return -188; + return -7329; } #endif /* WOLFSSL_AES_DIRECT && WOLFSSL_AES_256 */ @@ -11460,130 +11990,130 @@ static int openssl_aes_test(void) EVP_CIPHER_CTX_init(&en); if (EVP_CipherInit(&en, EVP_aes_128_ctr(), (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0) - return -3300; + return -7330; if (EVP_Cipher(&en, (byte*)cipherBuff, (byte*)ctrPlain, AES_BLOCK_SIZE*4) == 0) - return -3301; + return -7331; EVP_CIPHER_CTX_init(&de); if (EVP_CipherInit(&de, EVP_aes_128_ctr(), (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0) - return -3302; + return -7332; if (EVP_Cipher(&de, (byte*)plainBuff, (byte*)cipherBuff, AES_BLOCK_SIZE*4) == 0) - return -3303; + return -7333; if (XMEMCMP(cipherBuff, ctrCipher, AES_BLOCK_SIZE*4)) - return -3304; + return -7334; if (XMEMCMP(plainBuff, ctrPlain, AES_BLOCK_SIZE*4)) - return -3305; + return -7335; p_en = wolfSSL_EVP_CIPHER_CTX_new(); if (p_en == NULL) - return -3390; + return -7336; p_de = wolfSSL_EVP_CIPHER_CTX_new(); if (p_de == NULL) - return -3391; + return -7337; if (EVP_CipherInit(p_en, EVP_aes_128_ctr(), (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0) - return -3392; + return -7338; if (EVP_Cipher(p_en, (byte*)cipherBuff, (byte*)ctrPlain, AES_BLOCK_SIZE*4) == 0) - return -3393; + return -7339; if (EVP_CipherInit(p_de, EVP_aes_128_ctr(), (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0) - return -3394; + return -7340; if (EVP_Cipher(p_de, (byte*)plainBuff, (byte*)cipherBuff, AES_BLOCK_SIZE*4) == 0) - return -3395; + return -7341; wolfSSL_EVP_CIPHER_CTX_free(p_en); wolfSSL_EVP_CIPHER_CTX_free(p_de); if (XMEMCMP(cipherBuff, ctrCipher, AES_BLOCK_SIZE*4)) - return -3396; + return -7342; if (XMEMCMP(plainBuff, ctrPlain, AES_BLOCK_SIZE*4)) - return -3397; + return -7343; EVP_CIPHER_CTX_init(&en); if (EVP_CipherInit(&en, EVP_aes_128_ctr(), (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0) - return -3306; + return -7344; if (EVP_Cipher(&en, (byte*)cipherBuff, (byte*)ctrPlain, 9) == 0) - return -3307; + return -7345; EVP_CIPHER_CTX_init(&de); if (EVP_CipherInit(&de, EVP_aes_128_ctr(), (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0) - return -3308; + return -7346; if (EVP_Cipher(&de, (byte*)plainBuff, (byte*)cipherBuff, 9) == 0) - return -3309; + return -7347; if (XMEMCMP(plainBuff, ctrPlain, 9)) - return -3310; + return -7348; if (XMEMCMP(cipherBuff, ctrCipher, 9)) - return -3311; + return -7349; if (EVP_Cipher(&en, (byte*)cipherBuff, (byte*)ctrPlain, 9) == 0) - return -3312; + return -7350; if (EVP_Cipher(&de, (byte*)plainBuff, (byte*)cipherBuff, 9) == 0) - return -3313; + return -7351; if (XMEMCMP(plainBuff, ctrPlain, 9)) - return -3314; + return -7352; if (XMEMCMP(cipherBuff, oddCipher, 9)) - return -3315; + return -7353; #endif /* WOLFSSL_AES_128 */ #ifdef WOLFSSL_AES_192 EVP_CIPHER_CTX_init(&en); if (EVP_CipherInit(&en, EVP_aes_192_ctr(), (unsigned char*)ctr192Key, (unsigned char*)ctr192Iv, 0) == 0) - return -3316; + return -7354; if (EVP_Cipher(&en, (byte*)cipherBuff, (byte*)ctr192Plain, AES_BLOCK_SIZE) == 0) - return -3317; + return -7355; EVP_CIPHER_CTX_init(&de); if (EVP_CipherInit(&de, EVP_aes_192_ctr(), (unsigned char*)ctr192Key, (unsigned char*)ctr192Iv, 0) == 0) - return -3318; + return -7356; XMEMSET(plainBuff, 0, sizeof(plainBuff)); if (EVP_Cipher(&de, (byte*)plainBuff, (byte*)cipherBuff, AES_BLOCK_SIZE) == 0) - return -3319; + return -7357; if (XMEMCMP(plainBuff, ctr192Plain, sizeof(ctr192Plain))) - return -3320; + return -7358; if (XMEMCMP(ctr192Cipher, cipherBuff, sizeof(ctr192Cipher))) - return -3321; + return -7359; #endif /* WOLFSSL_AES_192 */ #ifdef WOLFSSL_AES_256 EVP_CIPHER_CTX_init(&en); if (EVP_CipherInit(&en, EVP_aes_256_ctr(), (unsigned char*)ctr256Key, (unsigned char*)ctr256Iv, 0) == 0) - return -3322; + return -7360; if (EVP_Cipher(&en, (byte*)cipherBuff, (byte*)ctr256Plain, AES_BLOCK_SIZE) == 0) - return -3323; + return -7361; EVP_CIPHER_CTX_init(&de); if (EVP_CipherInit(&de, EVP_aes_256_ctr(), (unsigned char*)ctr256Key, (unsigned char*)ctr256Iv, 0) == 0) - return -3324; + return -7362; XMEMSET(plainBuff, 0, sizeof(plainBuff)); if (EVP_Cipher(&de, (byte*)plainBuff, (byte*)cipherBuff, AES_BLOCK_SIZE) == 0) - return -3325; + return -7363; if (XMEMCMP(plainBuff, ctr256Plain, sizeof(ctr256Plain))) - return -3326; + return -7364; if (XMEMCMP(ctr256Cipher, cipherBuff, sizeof(ctr256Cipher))) - return -3327; + return -7365; #endif /* WOLFSSL_AES_256 */ } #endif /* HAVE_AES_COUNTER */ @@ -11632,20 +12162,20 @@ static int openssl_aes_test(void) &num, AES_ENCRYPT); if (XMEMCMP(cipher, cipher1, AES_BLOCK_SIZE - 1)) - return -3328; + return -7366; if (num != 15) /* should have used 15 of the 16 bytes */ - return -3329; + return -7367; wolfSSL_AES_cfb128_encrypt(msg + AES_BLOCK_SIZE - 1, cipher + AES_BLOCK_SIZE - 1, AES_BLOCK_SIZE + 1, &enc, iv, &num, AES_ENCRYPT); if (XMEMCMP(cipher, cipher1, AES_BLOCK_SIZE * 2)) - return -3330; + return -7368; if (num != 0) - return -3331; + return -7369; } #endif /* WOLFSSL_AES_CFB && WOLFSSL_AES_128 */ return 0; @@ -11669,7 +12199,7 @@ int openssl_test(void) byte* p; p = (byte*)CRYPTO_malloc(10, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (p == NULL) { - return -5900; + return -7400; } XMEMSET(p, 0, 10); CRYPTO_free(p, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); @@ -11691,7 +12221,7 @@ int openssl_test(void) EVP_DigestFinal(&md_ctx, hash, 0); if (XMEMCMP(hash, a.output, WC_MD5_DIGEST_SIZE) != 0) - return -5901; + return -7401; #endif /* NO_MD5 */ @@ -11712,7 +12242,7 @@ int openssl_test(void) EVP_DigestFinal(&md_ctx, hash, 0); if (XMEMCMP(hash, b.output, WC_SHA_DIGEST_SIZE) != 0) - return -5902; + return -7402; #endif /* NO_SHA */ @@ -11732,7 +12262,7 @@ int openssl_test(void) EVP_DigestFinal(&md_ctx, hash, 0); if (XMEMCMP(hash, e.output, WC_SHA224_DIGEST_SIZE) != 0) - return -5903; + return -7403; #endif /* WOLFSSL_SHA224 */ @@ -11751,7 +12281,7 @@ int openssl_test(void) EVP_DigestFinal(&md_ctx, hash, 0); if (XMEMCMP(hash, d.output, WC_SHA256_DIGEST_SIZE) != 0) - return -5904; + return -7404; #ifdef WOLFSSL_SHA384 @@ -11771,7 +12301,7 @@ int openssl_test(void) EVP_DigestFinal(&md_ctx, hash, 0); if (XMEMCMP(hash, e.output, WC_SHA384_DIGEST_SIZE) != 0) - return -5905; + return -7405; #endif /* WOLFSSL_SHA384 */ @@ -11795,14 +12325,14 @@ int openssl_test(void) EVP_DigestFinal(&md_ctx, hash, 0); if (XMEMCMP(hash, f.output, WC_SHA512_DIGEST_SIZE) != 0) - return -5906; + return -7406; #endif /* WOLFSSL_SHA512 */ #ifndef NO_MD5 if (RAND_bytes(hash, sizeof(hash)) != 1) - return -5907; + return -7407; c.input = "what do ya want for nothing?"; c.output = "\x55\x78\xe8\x48\x4b\xcc\x93\x80\x93\xec\x53\xaf\x22\xd6\x14" @@ -11814,7 +12344,7 @@ int openssl_test(void) "JefeJefeJefeJefe", 16, (byte*)c.input, (int)c.inLen, hash, 0); if (XMEMCMP(hash, c.output, WC_MD5_DIGEST_SIZE) != 0) - return -5908; + return -7408; #endif /* NO_MD5 */ @@ -11854,17 +12384,17 @@ int openssl_test(void) DES_cbc_encrypt(cipher, plain, sizeof(vector), &sched, &iv, DES_DECRYPT); if (XMEMCMP(plain, vector, sizeof(vector)) != 0) - return -5909; + return -7409; if (XMEMCMP(cipher, verify, sizeof(verify)) != 0) - return -5910; + return -7410; /* test changing iv */ DES_ncbc_encrypt(vector, cipher, 8, &sched, &iv, DES_ENCRYPT); DES_ncbc_encrypt(vector + 8, cipher + 8, 16, &sched, &iv, DES_ENCRYPT); if (XMEMCMP(cipher, verify, sizeof(verify)) != 0) - return -5911; + return -7411; } /* end des test */ @@ -11872,7 +12402,7 @@ int openssl_test(void) #if !defined(NO_AES) && !defined(WOLFCRYPT_ONLY) if (openssl_aes_test() != 0) - return -3429; + return -7412; #ifdef WOLFSSL_AES_128 { /* evp_cipher test: EVP_aes_128_cbc */ @@ -11909,50 +12439,50 @@ int openssl_test(void) EVP_CIPHER_CTX_init(&ctx); if (EVP_CipherInit(&ctx, EVP_aes_128_cbc(), key, iv, 1) == 0) - return -5912; + return -7413; if (EVP_CipherUpdate(&ctx, cipher, &idx, (byte*)msg, sizeof(msg)) == 0) - return -5913; + return -7414; cipherSz = idx; if (EVP_CipherFinal(&ctx, cipher + cipherSz, &idx) == 0) - return -8107; + return -7415; cipherSz += idx; if ((cipherSz != (int)sizeof(verify)) && XMEMCMP(cipher, verify, cipherSz)) - return -5914; + return -7416; EVP_CIPHER_CTX_init(&ctx); if (EVP_CipherInit(&ctx, EVP_aes_128_cbc(), key, iv, 0) == 0) - return -5915; + return -7417; if (EVP_CipherUpdate(&ctx, plain, &idx, cipher, cipherSz) == 0) - return -5916; + return -7418; plainSz = idx; if (EVP_CipherFinal(&ctx, plain + plainSz, &idx) == 0) - return -8108; + return -7419; plainSz += idx; if ((plainSz != sizeof(msg)) || XMEMCMP(plain, msg, sizeof(msg))) - return -5917; + return -7420; EVP_CIPHER_CTX_init(&ctx); if (EVP_CipherInit(&ctx, EVP_aes_128_cbc(), key, iv, 1) == 0) - return -8109; + return -7421; if (EVP_CipherUpdate(&ctx, cipher, &idx, msg, AES_BLOCK_SIZE) == 0) - return -8110; + return -7422; cipherSz = idx; if (EVP_CipherFinal(&ctx, cipher + cipherSz, &idx) == 0) - return -8111; + return -7423; cipherSz += idx; if ((cipherSz != (int)sizeof(verify2)) || XMEMCMP(cipher, verify2, cipherSz)) - return -8112; + return -7424; } /* end evp_cipher test: EVP_aes_128_cbc*/ #endif /* WOLFSSL_AES_128 */ @@ -11987,24 +12517,24 @@ int openssl_test(void) EVP_CIPHER_CTX_init(&ctx); if (EVP_CipherInit(&ctx, EVP_aes_256_ecb(), (unsigned char*)key, NULL, 1) == 0) - return -5918; + return -7425; if (EVP_Cipher(&ctx, cipher, (byte*)msg, 16) == 0) - return -5919; + return -7426; if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE)) - return -5920; + return -7427; EVP_CIPHER_CTX_init(&ctx); if (EVP_CipherInit(&ctx, EVP_aes_256_ecb(), (unsigned char*)key, NULL, 0) == 0) - return -5921; + return -7428; if (EVP_Cipher(&ctx, plain, cipher, 16) == 0) - return -5922; + return -7429; if (XMEMCMP(plain, msg, AES_BLOCK_SIZE)) - return -5923; + return -7430; } /* end evp_cipher test */ #endif /* HAVE_AES_ECB && WOLFSSL_AES_128 */ @@ -12185,128 +12715,128 @@ int openssl_test(void) EVP_CIPHER_CTX_init(&en); if (EVP_CipherInit(&en, EVP_aes_128_ctr(), (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0) - return -5924; + return -7431; if (EVP_Cipher(&en, (byte*)cipherBuff, (byte*)ctrPlain, AES_BLOCK_SIZE*4) == 0) - return -5925; + return -7432; EVP_CIPHER_CTX_init(&de); if (EVP_CipherInit(&de, EVP_aes_128_ctr(), (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0) - return -5926; + return -7433; if (EVP_Cipher(&de, (byte*)plainBuff, (byte*)cipherBuff, AES_BLOCK_SIZE*4) == 0) - return -5927; + return -7434; if (XMEMCMP(cipherBuff, ctrCipher, AES_BLOCK_SIZE*4)) - return -5928; + return -7435; if (XMEMCMP(plainBuff, ctrPlain, AES_BLOCK_SIZE*4)) - return -5929; + return -7436; p_en = wolfSSL_EVP_CIPHER_CTX_new(); - if(p_en == NULL)return -5930; + if(p_en == NULL)return -7437; p_de = wolfSSL_EVP_CIPHER_CTX_new(); - if(p_de == NULL)return -5931; + if(p_de == NULL)return -7438; if (EVP_CipherInit(p_en, EVP_aes_128_ctr(), (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0) - return -5932; + return -7439; if (EVP_Cipher(p_en, (byte*)cipherBuff, (byte*)ctrPlain, AES_BLOCK_SIZE*4) == 0) - return -5933; + return -7440; if (EVP_CipherInit(p_de, EVP_aes_128_ctr(), (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0) - return -5934; + return -7441; if (EVP_Cipher(p_de, (byte*)plainBuff, (byte*)cipherBuff, AES_BLOCK_SIZE*4) == 0) - return -5935; + return -7442; wolfSSL_EVP_CIPHER_CTX_free(p_en); wolfSSL_EVP_CIPHER_CTX_free(p_de); if (XMEMCMP(cipherBuff, ctrCipher, AES_BLOCK_SIZE*4)) - return -5936; + return -7443; if (XMEMCMP(plainBuff, ctrPlain, AES_BLOCK_SIZE*4)) - return -5937; + return -7444; EVP_CIPHER_CTX_init(&en); if (EVP_CipherInit(&en, EVP_aes_128_ctr(), (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0) - return -5938; + return -7445; if (EVP_Cipher(&en, (byte*)cipherBuff, (byte*)ctrPlain, 9) == 0) - return -5939; + return -7446; EVP_CIPHER_CTX_init(&de); if (EVP_CipherInit(&de, EVP_aes_128_ctr(), (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0) - return -5940; + return -7447; if (EVP_Cipher(&de, (byte*)plainBuff, (byte*)cipherBuff, 9) == 0) - return -5941; + return -7448; if (XMEMCMP(plainBuff, ctrPlain, 9)) - return -5942; + return -7449; if (XMEMCMP(cipherBuff, ctrCipher, 9)) - return -5943; + return -7450; if (EVP_Cipher(&en, (byte*)cipherBuff, (byte*)ctrPlain, 9) == 0) - return -5944; + return -7451; if (EVP_Cipher(&de, (byte*)plainBuff, (byte*)cipherBuff, 9) == 0) - return -5945; + return -7452; if (XMEMCMP(plainBuff, ctrPlain, 9)) - return -5946; + return -7453; if (XMEMCMP(cipherBuff, oddCipher, 9)) - return -5947; + return -7454; #endif /* WOLFSSL_AES_128 */ #ifdef WOLFSSL_AES_192 EVP_CIPHER_CTX_init(&en); if (EVP_CipherInit(&en, EVP_aes_192_ctr(), (unsigned char*)ctr192Key, (unsigned char*)ctr192Iv, 0) == 0) - return -5948; + return -7455; if (EVP_Cipher(&en, (byte*)cipherBuff, (byte*)ctr192Plain, AES_BLOCK_SIZE) == 0) - return -5949; + return -7456; EVP_CIPHER_CTX_init(&de); if (EVP_CipherInit(&de, EVP_aes_192_ctr(), (unsigned char*)ctr192Key, (unsigned char*)ctr192Iv, 0) == 0) - return -5950; + return -7457; XMEMSET(plainBuff, 0, sizeof(plainBuff)); if (EVP_Cipher(&de, (byte*)plainBuff, (byte*)cipherBuff, AES_BLOCK_SIZE) == 0) - return -5951; + return -7458; if (XMEMCMP(plainBuff, ctr192Plain, sizeof(ctr192Plain))) - return -5952; + return -7459; if (XMEMCMP(ctr192Cipher, cipherBuff, sizeof(ctr192Cipher))) - return -5953; + return -7460; #endif /* WOLFSSL_AES_192 */ #ifdef WOLFSSL_AES_256 EVP_CIPHER_CTX_init(&en); if (EVP_CipherInit(&en, EVP_aes_256_ctr(), (unsigned char*)ctr256Key, (unsigned char*)ctr256Iv, 0) == 0) - return -5954; + return -7461; if (EVP_Cipher(&en, (byte*)cipherBuff, (byte*)ctr256Plain, AES_BLOCK_SIZE) == 0) - return -5955; + return -7462; EVP_CIPHER_CTX_init(&de); if (EVP_CipherInit(&de, EVP_aes_256_ctr(), (unsigned char*)ctr256Key, (unsigned char*)ctr256Iv, 0) == 0) - return -5956; + return -7463; XMEMSET(plainBuff, 0, sizeof(plainBuff)); if (EVP_Cipher(&de, (byte*)plainBuff, (byte*)cipherBuff, AES_BLOCK_SIZE) == 0) - return -5957; + return -7464; if (XMEMCMP(plainBuff, ctr256Plain, sizeof(ctr256Plain))) - return -5958; + return -7465; if (XMEMCMP(ctr256Cipher, cipherBuff, sizeof(ctr256Cipher))) - return -5959; + return -7466; #endif /* WOLFSSL_AES_256 */ } #endif /* HAVE_AES_COUNTER */ @@ -12341,96 +12871,96 @@ int openssl_test(void) EVP_CIPHER_CTX_init(&en); if (EVP_CipherInit(&en, EVP_aes_128_cbc(), (unsigned char*)key, (unsigned char*)iv, 1) == 0) - return -5960; + return -7467; /* openSSL compatibility, if(inlen == 0)return 1; */ if (EVP_CipherUpdate(&en, (byte*)cipher, &outlen, (byte*)cbcPlain, 0) != 1) - return -5960; + return -7468; EVP_CIPHER_CTX_init(&en); if (EVP_CipherInit(&en, EVP_aes_128_cbc(), (unsigned char*)key, (unsigned char*)iv, 1) == 0) - return -5960; + return -7469; if (EVP_CipherUpdate(&en, (byte*)cipher, &outlen, (byte*)cbcPlain, 9) == 0) - return -5961; + return -7470; if(outlen != 0) - return -5962; + return -7471; total += outlen; if (EVP_CipherUpdate(&en, (byte*)&cipher[total], &outlen, (byte*)&cbcPlain[9] , 9) == 0) - return -5963; + return -7472; if(outlen != 16) - return -5964; + return -7473; total += outlen; if (EVP_CipherFinal(&en, (byte*)&cipher[total], &outlen) == 0) - return -5965; + return -7474; if(outlen != 16) - return -5966; + return -7475; total += outlen; if(total != 32) - return -5967; + return -7476; total = 0; EVP_CIPHER_CTX_init(&de); if (EVP_CipherInit(&de, EVP_aes_128_cbc(), (unsigned char*)key, (unsigned char*)iv, 0) == 0) - return -5968; + return -7477; if (EVP_CipherUpdate(&de, (byte*)plain, &outlen, (byte*)cipher, 6) == 0) - return -5969; + return -7478; if(outlen != 0) - return -5970; + return -7479; total += outlen; if (EVP_CipherUpdate(&de, (byte*)&plain[total], &outlen, (byte*)&cipher[6], 12) == 0) - return -5971; + return -7480; if(outlen != 0) total += outlen; if (EVP_CipherUpdate(&de, (byte*)&plain[total], &outlen, (byte*)&cipher[6+12], 14) == 0) - return -5972; + return -7481; if(outlen != 16) - return -5973; + return -7482; total += outlen; if (EVP_CipherFinal(&de, (byte*)&plain[total], &outlen) == 0) - return -5974; + return -7483; if(outlen != 2) - return -5975; + return -7484; total += outlen; if(total != 18) - return -5976; + return -7485; if (XMEMCMP(plain, cbcPlain, 18)) - return -5977; + return -7486; total = 0; EVP_CIPHER_CTX_init(&en); if (EVP_EncryptInit(&en, EVP_aes_128_cbc(), (unsigned char*)key, (unsigned char*)iv) == 0) - return -3431; + return -7487; if (EVP_CipherUpdate(&en, (byte*)cipher, &outlen, (byte*)cbcPlain, 9) == 0) - return -3432; + return -7488; if(outlen != 0) - return -3433; + return -7489; total += outlen; if (EVP_CipherUpdate(&en, (byte*)&cipher[total], &outlen, (byte*)&cbcPlain[9] , 9) == 0) - return -3434; + return -7490; if(outlen != 16) - return -3435; + return -7491; total += outlen; if (EVP_EncryptFinal(&en, (byte*)&cipher[total], &outlen) == 0) - return -3436; + return -7492; if(outlen != 16) - return -3437; + return -7493; total += outlen; if(total != 32) return 3438; @@ -12439,36 +12969,36 @@ int openssl_test(void) EVP_CIPHER_CTX_init(&de); if (EVP_DecryptInit(&de, EVP_aes_128_cbc(), (unsigned char*)key, (unsigned char*)iv) == 0) - return -3440; + return -7494; if (EVP_CipherUpdate(&de, (byte*)plain, &outlen, (byte*)cipher, 6) == 0) - return -3441; + return -7495; if(outlen != 0) - return -3442; + return -7496; total += outlen; if (EVP_CipherUpdate(&de, (byte*)&plain[total], &outlen, (byte*)&cipher[6], 12) == 0) - return -3443; + return -7497; if(outlen != 0) total += outlen; if (EVP_CipherUpdate(&de, (byte*)&plain[total], &outlen, (byte*)&cipher[6+12], 14) == 0) - return -3443; + return -7498; if(outlen != 16) - return -3444; + return -7499; total += outlen; if (EVP_DecryptFinal(&de, (byte*)&plain[total], &outlen) == 0) - return -3445; + return -7500; if(outlen != 2) - return -3446; + return -7501; total += outlen; if(total != 18) return 3447; if (XMEMCMP(plain, cbcPlain, 18)) - return -3448; + return -7502; } @@ -12489,38 +13019,38 @@ int openSSL_evpMD_test(void) ret = EVP_DigestInit(ctx, EVP_sha256()); if (ret != SSL_SUCCESS) { - return -3449; + return -7600; } ret = EVP_MD_CTX_copy(ctx2, ctx); if (ret != SSL_SUCCESS) { - return -3450; + return -7601; } if (EVP_MD_type(EVP_sha256()) != EVP_MD_CTX_type(ctx2)) { - return -3451; + return -7602; } ret = EVP_DigestInit(ctx, EVP_sha1()); if (ret != SSL_SUCCESS) { - return -3452; + return -7603; } if (EVP_MD_type(EVP_sha256()) != EVP_MD_CTX_type(ctx2)) { - return -3453; + return -7604; } ret = EVP_MD_CTX_copy_ex(ctx2, ctx); if (ret != SSL_SUCCESS) { - return -3454; + return -7605; } if (EVP_MD_type(EVP_sha256()) == EVP_MD_CTX_type(ctx2)) { - return -3455; + return -7606; } if (EVP_MD_type(EVP_sha1()) != EVP_MD_CTX_type(ctx2)) { - return -3456; + return -7607; } EVP_MD_CTX_destroy(ctx); @@ -12661,7 +13191,7 @@ int openssl_pkey0_test(void) printf("error with encrypt init\n"); return ERR_BASE_PKEY-17; } - memset(out, 0, sizeof(out)); + XMEMSET(out, 0, sizeof(out)); ret = EVP_PKEY_encrypt(enc, out, &outlen, in, sizeof(in)); if (ret != 1) { printf("error encrypting msg\n"); @@ -12670,7 +13200,7 @@ int openssl_pkey0_test(void) show("encrypted msg", out, outlen); - memset(plain, 0, sizeof(plain)); + XMEMSET(plain, 0, sizeof(plain)); ret = EVP_PKEY_decrypt(dec, plain, &outlen, out, keySz); if (ret != 1) { printf("error decrypting msg\n"); @@ -12707,7 +13237,7 @@ int openssl_pkey0_test(void) } #endif - memset(out, 0, sizeof(out)); + XMEMSET(out, 0, sizeof(out)); ret = EVP_PKEY_encrypt(enc, out, &outlen, in, sizeof(in)); if (ret != 1) { printf("error encrypting msg\n"); @@ -12716,7 +13246,7 @@ int openssl_pkey0_test(void) show("encrypted msg", out, outlen); - memset(plain, 0, sizeof(plain)); + XMEMSET(plain, 0, sizeof(plain)); ret = EVP_PKEY_decrypt(dec, plain, &outlen, out, keySz); if (ret != 1) { printf("error decrypting msg\n"); @@ -12773,7 +13303,7 @@ int openssl_pkey1_test(void) if (!f) { err_sys("can't open ./certs/client-key.der, " "Please run from wolfSSL home dir", -41); - return -41; + return -7700; } cliKeySz = (long)fread(tmp, 1, FOURK_BUF, f); @@ -12785,82 +13315,82 @@ int openssl_pkey1_test(void) clikey = tmp; if ((prvKey = EVP_PKEY_new()) == NULL) { - return -42; + return -7701; } EVP_PKEY_free(prvKey); prvKey = NULL; if (x509 == NULL) { - ret = -43; + ret = -7702; goto openssl_pkey1_test_done; } pubKey = X509_get_pubkey(x509); if (pubKey == NULL) { - ret = -44; + ret = -7703; goto openssl_pkey1_test_done; } prvKey = d2i_PrivateKey(EVP_PKEY_RSA, NULL, &clikey, cliKeySz); if (prvKey == NULL) { - ret = -45; + ret = -7704; goto openssl_pkey1_test_done; } /* phase 2 API to create EVP_PKEY_CTX and encrypt/decrypt */ if (EVP_PKEY_bits(prvKey) != 2048) { - ret = -46; + ret = -7705; goto openssl_pkey1_test_done; } if (EVP_PKEY_size(prvKey) != 256) { - ret = -47; + ret = -7706; goto openssl_pkey1_test_done; } dec = EVP_PKEY_CTX_new(prvKey, NULL); enc = EVP_PKEY_CTX_new(pubKey, NULL); if (dec == NULL || enc == NULL) { - ret = -48; + ret = -7707; goto openssl_pkey1_test_done; } if (EVP_PKEY_decrypt_init(dec) != 1) { - ret = -49; + ret = -7708; goto openssl_pkey1_test_done; } if (EVP_PKEY_encrypt_init(enc) != 1) { - ret = -50; + ret = -7709; goto openssl_pkey1_test_done; } if (EVP_PKEY_CTX_set_rsa_padding(dec, RSA_PKCS1_PADDING) <= 0) { - ret = -51; + ret = -7710; goto openssl_pkey1_test_done; } #ifndef HAVE_FIPS if (EVP_PKEY_CTX_set_rsa_padding(dec, RSA_PKCS1_OAEP_PADDING) <= 0){ - ret = -52; + ret = -7711; goto openssl_pkey1_test_done; } if (EVP_PKEY_CTX_set_rsa_padding(enc, RSA_PKCS1_OAEP_PADDING) <= 0) { - ret = -53; + ret = -7712; goto openssl_pkey1_test_done; } #endif XMEMSET(cipher, 0, sizeof(cipher)); if (EVP_PKEY_encrypt(enc, cipher, &outlen, msg, sizeof(msg)) < 0) { - ret = -54; + ret = -7713; goto openssl_pkey1_test_done; } XMEMSET(plain, 0, sizeof(plain)); if (EVP_PKEY_decrypt(dec, plain, &outlen, cipher, sizeof(cipher)) != 1) { - ret = -55; + ret = -7714; goto openssl_pkey1_test_done; } @@ -13007,7 +13537,7 @@ int openssl_evpSig_test() show("message = ", (char *)msg, count); /* sign */ - memset(sig, 0, sizeof(sig)); + XMEMSET(sig, 0, sizeof(sig)); pt = (const void*)msg; ret1 = EVP_SignUpdate(sign, pt, count); ret2 = EVP_SignFinal(sign, sig, &sigSz, prvPkey); @@ -13115,33 +13645,33 @@ int scrypt_test(void) ret = wc_scrypt(derived, NULL, 0, NULL, 0, 4, 1, 1, sizeof(verify1)); if (ret != 0) - return -6000; + return -7800; if (XMEMCMP(derived, verify1, sizeof(verify1)) != 0) - return -6001; + return -7801; ret = wc_scrypt(derived, (byte*)"password", 8, (byte*)"NaCl", 4, 10, 8, 16, sizeof(verify2)); if (ret != 0) - return -6002; + return -7802; if (XMEMCMP(derived, verify2, sizeof(verify2)) != 0) - return -6003; + return -7803; /* Don't run these test on embedded, since they use large mallocs */ #if !defined(BENCH_EMBEDDED) && !defined(HAVE_INTEL_QA) ret = wc_scrypt(derived, (byte*)"pleaseletmein", 13, (byte*)"SodiumChloride", 14, 14, 8, 1, sizeof(verify3)); if (ret != 0) - return -6004; + return -7804; if (XMEMCMP(derived, verify3, sizeof(verify3)) != 0) - return -6005; + return -7805; #ifdef SCRYPT_TEST_ALL ret = wc_scrypt(derived, (byte*)"pleaseletmein", 13, (byte*)"SodiumChloride", 14, 20, 8, 1, sizeof(verify4)); if (ret != 0) - return -6006; + return -7806; if (XMEMCMP(derived, verify4, sizeof(verify4)) != 0) - return -6007; + return -7807; #endif #endif /* !BENCH_EMBEDDED && !HAVE_INTEL_QA */ @@ -13179,24 +13709,24 @@ int pkcs12_test(void) iterations, kLen, WC_SHA256, id); if (ret < 0) - return -6100; + return -7900; if ( (ret = XMEMCMP(derived, verify, kLen)) != 0) - return -6101; + return -7901; iterations = 1000; ret = wc_PKCS12_PBKDF(derived, passwd2, sizeof(passwd2), salt2, 8, iterations, kLen, WC_SHA256, id); if (ret < 0) - return -6102; + return -7902; ret = wc_PKCS12_PBKDF_ex(derived, passwd2, sizeof(passwd2), salt2, 8, iterations, kLen, WC_SHA256, id, HEAP_HINT); if (ret < 0) - return -6103; + return -7903; if ( (ret = XMEMCMP(derived, verify2, 24)) != 0) - return -6104; + return -7904; return 0; } @@ -13221,7 +13751,7 @@ int pbkdf2_test(void) return ret; if (XMEMCMP(derived, verify, sizeof(verify)) != 0) - return -6200; + return -8000; return 0; @@ -13246,7 +13776,7 @@ int pbkdf1_test(void) kLen, WC_SHA); if (XMEMCMP(derived, verify, sizeof(verify)) != 0) - return -6300; + return -8100; return 0; } @@ -13327,38 +13857,38 @@ int hkdf_test(void) #ifndef NO_SHA ret = wc_HKDF(WC_SHA, ikm1, 22, NULL, 0, NULL, 0, okm1, L); if (ret != 0) - return -6400; + return -8200; if (XMEMCMP(okm1, res1, L) != 0) - return -6401; + return -8201; #ifndef HAVE_FIPS /* fips can't have key size under 14 bytes, salt is key too */ ret = wc_HKDF(WC_SHA, ikm1, 11, salt1, 13, info1, 10, okm1, L); if (ret != 0) - return -6402; + return -8202; if (XMEMCMP(okm1, res2, L) != 0) - return -6403; + return -8203; #endif /* HAVE_FIPS */ #endif /* NO_SHA */ #ifndef NO_SHA256 ret = wc_HKDF(WC_SHA256, ikm1, 22, NULL, 0, NULL, 0, okm1, L); if (ret != 0) - return -6404; + return -8204; if (XMEMCMP(okm1, res3, L) != 0) - return -6405; + return -8205; #ifndef HAVE_FIPS /* fips can't have key size under 14 bytes, salt is key too */ ret = wc_HKDF(WC_SHA256, ikm1, 22, salt1, 13, info1, 10, okm1, L); if (ret != 0) - return -6406; + return -8206; if (XMEMCMP(okm1, res4, L) != 0) - return -6407; + return -8207; #endif /* HAVE_FIPS */ #endif /* NO_SHA256 */ @@ -13474,38 +14004,38 @@ int x963kdf_test(void) ret = wc_X963_KDF(WC_HASH_TYPE_SHA, Z, sizeof(Z), NULL, 0, kek, sizeof(verify)); if (ret != 0) - return -6500; + return -8300; if (XMEMCMP(verify, kek, sizeof(verify)) != 0) - return -6501; + return -8301; #endif #ifndef NO_SHA256 ret = wc_X963_KDF(WC_HASH_TYPE_SHA256, Z2, sizeof(Z2), NULL, 0, kek, sizeof(verify2)); if (ret != 0) - return -6502; + return -8302; if (XMEMCMP(verify2, kek, sizeof(verify2)) != 0) - return -6503; + return -8303; #endif #ifdef WOLFSSL_SHA512 ret = wc_X963_KDF(WC_HASH_TYPE_SHA512, Z3, sizeof(Z3), NULL, 0, kek, sizeof(verify3)); if (ret != 0) - return -6504; + return -8304; if (XMEMCMP(verify3, kek, sizeof(verify3)) != 0) - return -6505; + return -8305; ret = wc_X963_KDF(WC_HASH_TYPE_SHA512, Z4, sizeof(Z4), info4, sizeof(info4), kek, sizeof(verify4)); if (ret != 0) - return -6506; + return -8306; if (XMEMCMP(verify4, kek, sizeof(verify4)) != 0) - return -6507; + return -8307; #endif return 0; @@ -13519,7 +14049,7 @@ int x963kdf_test(void) #ifdef BENCH_EMBEDDED #define ECC_SHARED_SIZE 128 #else - #define ECC_SHARED_SIZE 1024 + #define ECC_SHARED_SIZE MAX_ECC_BYTES #endif #define ECC_DIGEST_SIZE MAX_ECC_BYTES #define ECC_SIG_SIZE ECC_MAX_SIG_SIZE @@ -13543,14 +14073,24 @@ typedef struct eccVector { const char* curveName; word32 msgLen; word32 keySize; +#ifndef NO_ASN + const byte* r; + word32 rSz; + const byte* s; + word32 sSz; +#endif } eccVector; static int ecc_test_vector_item(const eccVector* vector) { int ret = 0, verify = 0; - word32 x; + word32 sigSz; ecc_key userA; DECLARE_VAR(sig, byte, ECC_SIG_SIZE, HEAP_HINT); +#if !defined(NO_ASN) && !defined(HAVE_SELFTEST) + word32 sigRawSz; + DECLARE_VAR(sigRaw, byte, ECC_SIG_SIZE, HEAP_HINT); +#endif ret = wc_ecc_init_ex(&userA, HEAP_HINT, devId); if (ret != 0) { @@ -13558,25 +14098,38 @@ static int ecc_test_vector_item(const eccVector* vector) return ret; } - XMEMSET(sig, 0, ECC_SIG_SIZE); - x = ECC_SIG_SIZE; - ret = wc_ecc_import_raw(&userA, vector->Qx, vector->Qy, - vector->d, vector->curveName); + vector->d, vector->curveName); if (ret != 0) goto done; - ret = wc_ecc_rs_to_sig(vector->R, vector->S, sig, &x); + XMEMSET(sig, 0, ECC_SIG_SIZE); + sigSz = ECC_SIG_SIZE; + ret = wc_ecc_rs_to_sig(vector->R, vector->S, sig, &sigSz); if (ret != 0) goto done; +#if !defined(NO_ASN) && !defined(HAVE_SELFTEST) + XMEMSET(sigRaw, 0, ECC_SIG_SIZE); + sigRawSz = ECC_SIG_SIZE; + ret = wc_ecc_rs_raw_to_sig(vector->r, vector->rSz, vector->s, vector->sSz, + sigRaw, &sigRawSz); + if (ret != 0) + goto done; + + if (sigSz != sigRawSz || XMEMCMP(sig, sigRaw, sigSz) != 0) { + ret = -8308; + goto done; + } +#endif + do { #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &userA.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); #endif if (ret >= 0) { - ret = wc_ecc_verify_hash(sig, x, (byte*)vector->msg, vector->msgLen, - &verify, &userA); + ret = wc_ecc_verify_hash(sig, sigSz, (byte*)vector->msg, + vector->msgLen, &verify, &userA); } } while (ret == WC_PENDING_E); @@ -13584,7 +14137,7 @@ static int ecc_test_vector_item(const eccVector* vector) goto done; if (verify != 1) - ret = -6508; + ret = -8309; done: wc_ecc_free(&userA); @@ -13636,12 +14189,20 @@ static int ecc_test_vector(int keySize) "\xee\xd0\x78\x53\x87\x50\x88\x77\x11\x43\x59\xce\xe4\xa0\x71\xcf"; vec.msgLen = 128; #endif - vec.Qx = "07008ea40b08dbe76432096e80a2494c94982d2d5bcf98e6"; - vec.Qy = "76fab681d00b414ea636ba215de26d98c41bd7f2e4d65477"; - vec.d = "e14f37b3d1374ff8b03f41b9b3fdd2f0ebccf275d660d7f3"; - vec.R = "6994d962bdd0d793ffddf855ec5bf2f91a9698b46258a63e"; - vec.S = "02ba6465a234903744ab02bc8521405b73cf5fc00e1a9f41"; + vec.Qx = "07008ea40b08dbe76432096e80a2494c94982d2d5bcf98e6"; + vec.Qy = "76fab681d00b414ea636ba215de26d98c41bd7f2e4d65477"; + vec.d = "e14f37b3d1374ff8b03f41b9b3fdd2f0ebccf275d660d7f3"; + vec.R = "6994d962bdd0d793ffddf855ec5bf2f91a9698b46258a63e"; + vec.S = "02ba6465a234903744ab02bc8521405b73cf5fc00e1a9f41"; vec.curveName = "SECP192R1"; + #ifndef NO_ASN + vec.r = (byte*)"\x69\x94\xd9\x62\xbd\xd0\xd7\x93\xff\xdd\xf8\x55" + "\xec\x5b\xf2\xf9\x1a\x96\x98\xb4\x62\x58\xa6\x3e"; + vec.rSz = 24; + vec.s = (byte*)"\x02\xba\x64\x65\xa2\x34\x90\x37\x44\xab\x02\xbc" + "\x85\x21\x40\x5b\x73\xcf\x5f\xc0\x0e\x1a\x9f\x41"; + vec.sSz = 24; + #endif break; #endif /* HAVE_ECC192 */ @@ -13664,12 +14225,22 @@ static int ecc_test_vector(int keySize) "\xb9\x4d\xac\x55\x34\xef\x7b\x59\x94\x24\xd6\x9b\xe1\xf7\x1c\x20"; vec.msgLen = 128; #endif - vec.Qx = "8a4dca35136c4b70e588e23554637ae251077d1365a6ba5db9585de7"; - vec.Qy = "ad3dee06de0be8279d4af435d7245f14f3b4f82eb578e519ee0057b1"; - vec.d = "97c4b796e1639dd1035b708fc00dc7ba1682cec44a1002a1a820619f"; - vec.R = "147b33758321e722a0360a4719738af848449e2c1d08defebc1671a7"; - vec.S = "24fc7ed7f1352ca3872aa0916191289e2e04d454935d50fe6af3ad5b"; + vec.Qx = "8a4dca35136c4b70e588e23554637ae251077d1365a6ba5db9585de7"; + vec.Qy = "ad3dee06de0be8279d4af435d7245f14f3b4f82eb578e519ee0057b1"; + vec.d = "97c4b796e1639dd1035b708fc00dc7ba1682cec44a1002a1a820619f"; + vec.R = "147b33758321e722a0360a4719738af848449e2c1d08defebc1671a7"; + vec.S = "24fc7ed7f1352ca3872aa0916191289e2e04d454935d50fe6af3ad5b"; vec.curveName = "SECP224R1"; + #ifndef NO_ASN + vec.r = (byte*)"\x14\x7b\x33\x75\x83\x21\xe7\x22\xa0\x36\x0a\x47" + "\x19\x73\x8a\xf8\x48\x44\x9e\x2c\x1d\x08\xde\xfe" + "\xbc\x16\x71\xa7"; + vec.rSz = 28; + vec.s = (byte*)"\x24\xfc\x7e\xd7\xf1\x35\x2c\xa3\x87\x2a\xa0\x91" + "\x61\x91\x28\x9e\x2e\x04\xd4\x54\x93\x5d\x50\xfe" + "\x6a\xf3\xad\x5b"; + vec.sSz = 28; + #endif break; #endif /* HAVE_ECC224 */ @@ -13697,11 +14268,21 @@ static int ecc_test_vector(int keySize) "\x8f\xc8\x95\xdf\x35\x7e\x1a\x48\xa6\x53\xbb\x35\x5a\x31\xa1\xb4" vec.msgLen = 128; #endif - vec.Qx = "fa2737fb93488d19caef11ae7faf6b7f4bcd67b286e3fc54e8a65c2b74aeccb0"; - vec.Qy = "d4ccd6dae698208aa8c3a6f39e45510d03be09b2f124bfc067856c324f9b4d09"; - vec.d = "be34baa8d040a3b991f9075b56ba292f755b90e4b6dc10dad36715c33cfdac25"; - vec.R = "2b826f5d44e2d0b6de531ad96b51e8f0c56fdfead3c236892e4d84eacfc3b75c"; - vec.S = "a2248b62c03db35a7cd63e8a120a3521a89d3d2f61ff99035a2148ae32e3a248"; + vec.Qx = "fa2737fb93488d19caef11ae7faf6b7f4bcd67b286e3fc54e8a65c2b74aeccb0"; + vec.Qy = "d4ccd6dae698208aa8c3a6f39e45510d03be09b2f124bfc067856c324f9b4d09"; + vec.d = "be34baa8d040a3b991f9075b56ba292f755b90e4b6dc10dad36715c33cfdac25"; + vec.R = "2b826f5d44e2d0b6de531ad96b51e8f0c56fdfead3c236892e4d84eacfc3b75c"; + vec.S = "a2248b62c03db35a7cd63e8a120a3521a89d3d2f61ff99035a2148ae32e3a248"; + #ifndef NO_ASN + vec.r = (byte*)"\x2b\x82\x6f\x5d\x44\xe2\xd0\xb6\xde\x53\x1a\xd9" + "\x6b\x51\xe8\xf0\xc5\x6f\xdf\xea\xd3\xc2\x36\x89" + "\x2e\x4d\x84\xea\xcf\xc3\xb7\x5c"; + vec.rSz = 32; + vec.s = (byte*)"\xa2\x24\x8b\x62\xc0\x3d\xb3\x5a\x7c\xd6\x3e\x8a" + "\x12\x0a\x35\x21\xa8\x9d\x3d\x2f\x61\xff\x99\x03" + "\x5a\x21\x48\xae\x32\xe3\xa2\x48"; + vec.sSz = 32; + #endif vec.curveName = "SECP256R1"; break; #endif /* !NO_ECC256 */ @@ -13730,12 +14311,24 @@ static int ecc_test_vector(int keySize) "\x21\x1f\x61\x64\x9a\xd6\x27\x43\x14\xbf\x0d\x43\x8a\x81\xe0\x60" vec.msgLen = 128; #endif - vec.Qx = "e55fee6c49d8d523f5ce7bf9c0425ce4ff650708b7de5cfb095901523979a7f042602db30854735369813b5c3f5ef868"; - vec.Qy = "28f59cc5dc509892a988d38a8e2519de3d0c4fd0fbdb0993e38f18506c17606c5e24249246f1ce94983a5361c5be983e"; - vec.d = "a492ce8fa90084c227e1a32f7974d39e9ff67a7e8705ec3419b35fb607582bebd461e0b1520ac76ec2dd4e9b63ebae71"; - vec.R = "6820b8585204648aed63bdff47f6d9acebdea62944774a7d14f0e14aa0b9a5b99545b2daee6b3c74ebf606667a3f39b7"; - vec.S = "491af1d0cccd56ddd520b233775d0bc6b40a6255cc55207d8e9356741f23c96c14714221078dbd5c17f4fdd89b32a907"; + vec.Qx = "e55fee6c49d8d523f5ce7bf9c0425ce4ff650708b7de5cfb095901523979a7f042602db30854735369813b5c3f5ef868"; + vec.Qy = "28f59cc5dc509892a988d38a8e2519de3d0c4fd0fbdb0993e38f18506c17606c5e24249246f1ce94983a5361c5be983e"; + vec.d = "a492ce8fa90084c227e1a32f7974d39e9ff67a7e8705ec3419b35fb607582bebd461e0b1520ac76ec2dd4e9b63ebae71"; + vec.R = "6820b8585204648aed63bdff47f6d9acebdea62944774a7d14f0e14aa0b9a5b99545b2daee6b3c74ebf606667a3f39b7"; + vec.S = "491af1d0cccd56ddd520b233775d0bc6b40a6255cc55207d8e9356741f23c96c14714221078dbd5c17f4fdd89b32a907"; vec.curveName = "SECP384R1"; + #ifndef NO_ASN + vec.r = (byte*)"\x68\x20\xb8\x58\x52\x04\x64\x8a\xed\x63\xbd\xff" + "\x47\xf6\xd9\xac\xeb\xde\xa6\x29\x44\x77\x4a\x7d" + "\x14\xf0\xe1\x4a\xa0\xb9\xa5\xb9\x95\x45\xb2\xda" + "\xee\x6b\x3c\x74\xeb\xf6\x06\x66\x7a\x3f\x39\xb7"; + vec.rSz = 48; + vec.s = (byte*)"\x49\x1a\xf1\xd0\xcc\xcd\x56\xdd\xd5\x20\xb2\x33" + "\x77\x5d\x0b\xc6\xb4\x0a\x62\x55\xcc\x55\x20\x7d" + "\x8e\x93\x56\x74\x1f\x23\xc9\x6c\x14\x71\x42\x21" + "\x07\x8d\xbd\x5c\x17\xf4\xfd\xd8\x9b\x32\xa9\x07"; + vec.sSz = 48; + #endif break; #endif /* HAVE_ECC384 */ @@ -13763,12 +14356,28 @@ static int ecc_test_vector(int keySize) "\xa8\x2b\xb7\xe0\x18\xee\xda\xc4\xea\x7b\x36\x2e\xc8\x9c\x38\x2b" vec.msgLen = 128; #endif - vec.Qx = "12fbcaeffa6a51f3ee4d3d2b51c5dec6d7c726ca353fc014ea2bf7cfbb9b910d32cbfa6a00fe39b6cdb8946f22775398b2e233c0cf144d78c8a7742b5c7a3bb5d23"; - vec.Qy = "09cdef823dd7bf9a79e8cceacd2e4527c231d0ae5967af0958e931d7ddccf2805a3e618dc3039fec9febbd33052fe4c0fee98f033106064982d88f4e03549d4a64d"; - vec.d = "1bd56bd106118eda246155bd43b42b8e13f0a6e25dd3bb376026fab4dc92b6157bc6dfec2d15dd3d0cf2a39aa68494042af48ba9601118da82c6f2108a3a203ad74"; - vec.R = "0bd117b4807710898f9dd7778056485777668f0e78e6ddf5b000356121eb7a220e9493c7f9a57c077947f89ac45d5acb6661bbcd17abb3faea149ba0aa3bb1521be"; - vec.S = "019cd2c5c3f9870ecdeb9b323abdf3a98cd5e231d85c6ddc5b71ab190739f7f226e6b134ba1d5889ddeb2751dabd97911dff90c34684cdbe7bb669b6c3d22f2480c"; + vec.Qx = "12fbcaeffa6a51f3ee4d3d2b51c5dec6d7c726ca353fc014ea2bf7cfbb9b910d32cbfa6a00fe39b6cdb8946f22775398b2e233c0cf144d78c8a7742b5c7a3bb5d23"; + vec.Qy = "09cdef823dd7bf9a79e8cceacd2e4527c231d0ae5967af0958e931d7ddccf2805a3e618dc3039fec9febbd33052fe4c0fee98f033106064982d88f4e03549d4a64d"; + vec.d = "1bd56bd106118eda246155bd43b42b8e13f0a6e25dd3bb376026fab4dc92b6157bc6dfec2d15dd3d0cf2a39aa68494042af48ba9601118da82c6f2108a3a203ad74"; + vec.R = "0bd117b4807710898f9dd7778056485777668f0e78e6ddf5b000356121eb7a220e9493c7f9a57c077947f89ac45d5acb6661bbcd17abb3faea149ba0aa3bb1521be"; + vec.S = "019cd2c5c3f9870ecdeb9b323abdf3a98cd5e231d85c6ddc5b71ab190739f7f226e6b134ba1d5889ddeb2751dabd97911dff90c34684cdbe7bb669b6c3d22f2480c"; vec.curveName = "SECP521R1"; + #ifndef NO_ASN + vec.r = (byte*)"\x00\xbd\x11\x7b\x48\x07\x71\x08\x98\xf9\xdd\x77" + "\x78\x05\x64\x85\x77\x76\x68\xf0\xe7\x8e\x6d\xdf" + "\x5b\x00\x03\x56\x12\x1e\xb7\xa2\x20\xe9\x49\x3c" + "\x7f\x9a\x57\xc0\x77\x94\x7f\x89\xac\x45\xd5\xac" + "\xb6\x66\x1b\xbc\xd1\x7a\xbb\x3f\xae\xa1\x49\xba" + "\x0a\xa3\xbb\x15\x21\xbe"; + vec.rSz = 66; + vec.s = (byte*)"\x00\x19\xcd\x2c\x5c\x3f\x98\x70\xec\xde\xb9\xb3" + "\x23\xab\xdf\x3a\x98\xcd\x5e\x23\x1d\x85\xc6\xdd" + "\xc5\xb7\x1a\xb1\x90\x73\x9f\x7f\x22\x6e\x6b\x13" + "\x4b\xa1\xd5\x88\x9d\xde\xb2\x75\x1d\xab\xd9\x79" + "\x11\xdf\xf9\x0c\x34\x68\x4c\xdb\xe7\xbb\x66\x9b" + "\x6c\x3d\x22\xf2\x48\x0c"; + vec.sSz = 66; + #endif break; #endif /* HAVE_ECC521 */ default: @@ -13831,7 +14440,7 @@ static int ecc_test_cdh_vectors(void) /* compare results */ if (x != z || XMEMCMP(sharedA, sharedB, x)) { - ERROR_OUT(-6509, done); + ERROR_OUT(-8310, done); } done: @@ -13865,12 +14474,12 @@ static int ecc_test_make_pub(WC_RNG* rng) tmp = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (tmp == NULL) { - return -6810; + return -8311; } exportBuf = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (exportBuf == NULL) { XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - return -6811; + return -8312; } #ifdef USE_CERT_BUFFERS_256 @@ -13879,7 +14488,7 @@ static int ecc_test_make_pub(WC_RNG* rng) #else file = fopen(eccKeyDerFile, "rb"); if (!file) { - ERROR_OUT(-6812, done); + ERROR_OUT(-8313, done); } tmpSz = (word32)fread(tmp, 1, FOURK_BUF, file); @@ -13891,25 +14500,25 @@ static int ecc_test_make_pub(WC_RNG* rng) /* import private only then test with */ ret = wc_ecc_import_private_key(tmp, tmpSz, NULL, 0, NULL); if (ret == 0) { - ERROR_OUT(-6813, done); + ERROR_OUT(-8314, done); } ret = wc_ecc_import_private_key(NULL, tmpSz, NULL, 0, &key); if (ret == 0) { - ERROR_OUT(-6814, done); + ERROR_OUT(-8315, done); } x = 0; ret = wc_EccPrivateKeyDecode(tmp, &x, &key, tmpSz); if (ret != 0) { - ERROR_OUT(-6815, done); + ERROR_OUT(-8316, done); } #ifdef HAVE_ECC_KEY_EXPORT x = FOURK_BUF; ret = wc_ecc_export_private_only(&key, exportBuf, &x); if (ret != 0) { - ERROR_OUT(-6816, done); + ERROR_OUT(-8317, done); } /* make private only key */ @@ -13917,30 +14526,30 @@ static int ecc_test_make_pub(WC_RNG* rng) wc_ecc_init(&key); ret = wc_ecc_import_private_key(exportBuf, x, NULL, 0, &key); if (ret != 0) { - ERROR_OUT(-6817, done); + ERROR_OUT(-8318, done); } x = FOURK_BUF; ret = wc_ecc_export_x963_ex(&key, exportBuf, &x, 0); if (ret == 0) { - ERROR_OUT(-6818, done); + ERROR_OUT(-8319, done); } #endif /* HAVE_ECC_KEY_EXPORT */ ret = wc_ecc_make_pub(NULL, NULL); if (ret == 0) { - ERROR_OUT(-6819, done); + ERROR_OUT(-8320, done); } pubPoint = wc_ecc_new_point_h(HEAP_HINT); if (pubPoint == NULL) { - ERROR_OUT(-6820, done); + ERROR_OUT(-8321, done); } ret = wc_ecc_make_pub(&key, pubPoint); if (ret != 0) { - ERROR_OUT(-6821, done); + ERROR_OUT(-8322, done); } #ifdef HAVE_ECC_KEY_EXPORT @@ -13948,7 +14557,7 @@ static int ecc_test_make_pub(WC_RNG* rng) x = FOURK_BUF; ret = wc_ecc_export_x963_ex(&key, exportBuf, &x, 0); if (ret == 0) { - ERROR_OUT(-6822, done); + ERROR_OUT(-8323, done); } #endif /* HAVE_ECC_KEY_EXPORT */ @@ -13956,25 +14565,25 @@ static int ecc_test_make_pub(WC_RNG* rng) tmpSz = FOURK_BUF; ret = wc_ecc_sign_hash(msg, sizeof(msg), tmp, &tmpSz, rng, &key); if (ret != 0) { - ERROR_OUT(-6823, done); + ERROR_OUT(-8324, done); } #ifdef HAVE_ECC_VERIFY /* try verify with private only key */ ret = wc_ecc_verify_hash(tmp, tmpSz, msg, sizeof(msg), &verify, &key); if (ret != 0) { - ERROR_OUT(-6824, done); + ERROR_OUT(-8325, done); } if (verify != 1) { - ERROR_OUT(-6825, done); + ERROR_OUT(-8326, done); } #ifdef HAVE_ECC_KEY_EXPORT /* exporting the public part should now work */ x = FOURK_BUF; ret = wc_ecc_export_x963_ex(&key, exportBuf, &x, 0); if (ret != 0) { - ERROR_OUT(-6826, done); + ERROR_OUT(-8327, done); } #endif /* HAVE_ECC_KEY_EXPORT */ #endif /* HAVE_ECC_VERIFY */ @@ -13986,7 +14595,7 @@ static int ecc_test_make_pub(WC_RNG* rng) x = FOURK_BUF; ret = wc_ecc_export_private_only(&key, exportBuf, &x); if (ret != 0) { - ERROR_OUT(-6827, done); + ERROR_OUT(-8328, done); } /* make private only key */ @@ -13994,14 +14603,14 @@ static int ecc_test_make_pub(WC_RNG* rng) wc_ecc_init(&key); ret = wc_ecc_import_private_key(exportBuf, x, NULL, 0, &key); if (ret != 0) { - ERROR_OUT(-6828, done); + ERROR_OUT(-8329, done); } /* check that public export fails with private only key */ x = FOURK_BUF; ret = wc_ecc_export_x963_ex(&key, exportBuf, &x, 0); if (ret == 0) { - ERROR_OUT(-6829, done); + ERROR_OUT(-8330, done); } /* make public key for shared secret */ @@ -14011,14 +14620,14 @@ static int ecc_test_make_pub(WC_RNG* rng) ret = wc_AsyncWait(ret, &pub.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); #endif if (ret != 0) { - ERROR_OUT(-6830, done); + ERROR_OUT(-8331, done); } x = FOURK_BUF; ret = wc_ecc_shared_secret(&key, &pub, exportBuf, &x); wc_ecc_free(&pub); if (ret != 0) { - ERROR_OUT(-6831, done); + ERROR_OUT(-8332, done); } #endif /* HAVE_ECC_DHE && HAVE_ECC_KEY_EXPORT */ @@ -14049,12 +14658,12 @@ static int ecc_test_key_gen(WC_RNG* rng, int keySize) der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (der == NULL) { - return -6840; + return -8333; } pem = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (pem == NULL) { XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - return -6840; + return -8334; } ret = wc_ecc_init_ex(&userA, HEAP_HINT, devId); @@ -14089,7 +14698,7 @@ static int ecc_test_key_gen(WC_RNG* rng, int keySize) ERROR_OUT(derSz, done); } if (derSz == 0) { - ERROR_OUT(-6514, done); + ERROR_OUT(-8335, done); } ret = SaveDerAndPem(der, derSz, NULL, 0, eccPubKeyDerFile, @@ -14106,7 +14715,7 @@ static int ecc_test_key_gen(WC_RNG* rng, int keySize) } if (derSz == 0) { - ERROR_OUT(-6516, done); + ERROR_OUT(-8336, done); } ret = SaveDerAndPem(der, derSz, NULL, 0, eccPkcs8KeyDerFile, @@ -14131,7 +14740,7 @@ static int ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerifyCount, DECLARE_VAR(sharedA, byte, ECC_SHARED_SIZE, HEAP_HINT); DECLARE_VAR(sharedB, byte, ECC_SHARED_SIZE, HEAP_HINT); #ifdef HAVE_ECC_KEY_EXPORT - byte exportBuf[1024]; + byte exportBuf[MAX_ECC_BYTES * 2 + 32]; #endif word32 x, y; #ifdef HAVE_ECC_SIGN @@ -14144,6 +14753,7 @@ static int ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerifyCount, #endif /* HAVE_ECC_SIGN */ int ret; ecc_key userA, userB, pubKey; + int curveSize; (void)testVerifyCount; (void)dp; @@ -14180,6 +14790,14 @@ static int ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerifyCount, if (ret != 0) goto done; + if (wc_ecc_get_curve_idx(curve_id) != -1) { + curveSize = wc_ecc_get_curve_size_from_id(userA.dp->id); + if (curveSize != userA.dp->size) { + ret = -8337; + goto done; + } + } + ret = wc_ecc_check_key(&userA); if (ret != 0) goto done; @@ -14223,10 +14841,10 @@ static int ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerifyCount, goto done; if (y != x) - ERROR_OUT(-6517, done); + ERROR_OUT(-8338, done); if (XMEMCMP(sharedA, sharedB, x)) - ERROR_OUT(-6518, done); + ERROR_OUT(-8339, done); #endif /* HAVE_ECC_DHE */ #ifdef HAVE_ECC_CDH @@ -14246,10 +14864,10 @@ static int ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerifyCount, goto done; if (y != x) - ERROR_OUT(-6519, done); + ERROR_OUT(-8340, done); if (XMEMCMP(sharedA, sharedB, x)) - ERROR_OUT(-6520, done); + ERROR_OUT(-8341, done); /* remove cofactor flag */ wc_ecc_set_flags(&userA, 0); @@ -14286,7 +14904,7 @@ static int ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerifyCount, goto done; if (XMEMCMP(sharedA, sharedB, y)) - ERROR_OUT(-6521, done); + ERROR_OUT(-8342, done); #endif /* HAVE_ECC_DHE */ #ifdef HAVE_COMP_KEY @@ -14323,7 +14941,7 @@ static int ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerifyCount, goto done; if (XMEMCMP(sharedA, sharedB, y)) - ERROR_OUT(-6522, done); + ERROR_OUT(-8343, done); #endif /* HAVE_ECC_DHE */ #endif /* HAVE_COMP_KEY */ @@ -14365,7 +14983,7 @@ static int ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerifyCount, if (ret != 0) goto done; if (verify != 1) - ERROR_OUT(-6523, done); + ERROR_OUT(-8344, done); } #endif /* HAVE_ECC_VERIFY */ #endif /* ECC_SHAMIR && !WOLFSSL_ASYNC_CRYPT */ @@ -14385,7 +15003,7 @@ static int ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerifyCount, &userA); } while (ret == WC_PENDING_E); if (ret != 0) - ERROR_OUT(-6524, done); + ERROR_OUT(-8345, done); #ifdef HAVE_ECC_VERIFY for (i=0; iidx, &key->pubkey, pub, &pubLen); if (ret != 0) { - ret = -6632; + ret = -8434; goto done; } ret = wc_ecc_import_private_key(priv, privLen, pub, pubLen, &keyImp); if (ret != 0) { - ret = -6633; + ret = -8435; goto done; } @@ -14782,7 +15400,7 @@ static int ecc_exp_imp_test(ecc_key* key) ret = wc_ecc_import_raw_ex(&keyImp, qx, qy, d, ECC_SECP256R1); if (ret != 0) { - ret = -6634; + ret = -8436; goto done; } @@ -14791,7 +15409,7 @@ static int ecc_exp_imp_test(ecc_key* key) curve_id = wc_ecc_get_curve_id(key->idx); if (curve_id < 0) { - ret = -6635; + ret = -8437; goto done; } @@ -14799,7 +15417,7 @@ static int ecc_exp_imp_test(ecc_key* key) ret = wc_ecc_import_private_key_ex(priv, privLen, NULL, 0, &keyImp, curve_id); if (ret != 0) { - ret = -6636; + ret = -8438; goto done; } @@ -14810,7 +15428,7 @@ static int ecc_exp_imp_test(ecc_key* key) pubLenX = pubLenY = 32; ret = wc_ecc_export_public_raw(key, pub, &pubLenX, &pub[32], &pubLenY); if (ret != 0) { - ret = -6637; + ret = -8439; goto done; } @@ -14818,7 +15436,7 @@ static int ecc_exp_imp_test(ecc_key* key) /* test import of public */ ret = wc_ecc_import_unsigned(&keyImp, pub, &pub[32], NULL, ECC_SECP256R1); if (ret != 0) { - ret = -6638; + ret = -8440; goto done; } #endif @@ -14831,7 +15449,7 @@ static int ecc_exp_imp_test(ecc_key* key) ret = wc_ecc_export_private_raw(key, pub, &pubLenX, &pub[32], &pubLenY, priv, &privLen); if (ret != 0) { - ret = -6639; + ret = -8441; goto done; } @@ -14839,7 +15457,7 @@ static int ecc_exp_imp_test(ecc_key* key) /* test import of private and public */ ret = wc_ecc_import_unsigned(&keyImp, pub, &pub[32], priv, ECC_SECP256R1); if (ret != 0) { - ret = -6640; + ret = -8442; goto done; } #endif @@ -14881,7 +15499,7 @@ static int ecc_mulmod_test(ecc_key* key1) ret = wc_ecc_mulmod(&key1->k, &key2.pubkey, &key3.pubkey, &key2.k, &key3.k, 1); if (ret != 0) { - ret = -6641; + ret = -8443; goto done; } @@ -14901,21 +15519,21 @@ static int ecc_ssh_test(ecc_key* key) /* Parameter Validation testing. */ ret = wc_ecc_shared_secret_ssh(NULL, &key->pubkey, out, &outLen); if (ret != BAD_FUNC_ARG) - return -6642; + return -8444; ret = wc_ecc_shared_secret_ssh(key, NULL, out, &outLen); if (ret != BAD_FUNC_ARG) - return -6643; + return -8445; ret = wc_ecc_shared_secret_ssh(key, &key->pubkey, NULL, &outLen); if (ret != BAD_FUNC_ARG) - return -6644; + return -8446; ret = wc_ecc_shared_secret_ssh(key, &key->pubkey, out, NULL); if (ret != BAD_FUNC_ARG) - return -6645; + return -8447; /* Use API. */ ret = wc_ecc_shared_secret_ssh(key, &key->pubkey, out, &outLen); if (ret != 0) - return -6646; + return -8448; return 0; } #endif @@ -14927,12 +15545,24 @@ static int ecc_def_curve_test(WC_RNG *rng) wc_ecc_init(&key); + /* Use API */ + ret = wc_ecc_set_flags(NULL, 0); + if (ret != BAD_FUNC_ARG) { + ret = -8449; + goto done; + } + ret = wc_ecc_set_flags(&key, 0); + if (ret != 0) { + ret = -8450; + goto done; + } + ret = wc_ecc_make_key(rng, 32, &key); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); #endif if (ret != 0) { - ret = -6647; + ret = -8451; goto done; } @@ -14971,27 +15601,27 @@ static int ecc_decode_test(void) /* SECP256R1 OID: 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07 */ - const byte good[] = { 0x30, 0x14, 0x30, 0x0b, 0x06, 0x00, + static const byte good[] = { 0x30, 0x14, 0x30, 0x0b, 0x06, 0x00, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x04, 0x00, 0x04, 0x01, 0x01 }; - const byte badNoObjId[] = { 0x30, 0x08, 0x30, 0x06, 0x03, 0x04, + static const byte badNoObjId[] = { 0x30, 0x08, 0x30, 0x06, 0x03, 0x04, 0x00, 0x04, 0x01, 0x01 }; - const byte badOneObjId[] = { 0x30, 0x0a, 0x30, 0x08, 0x06, 0x00, 0x03, 0x04, - 0x00, 0x04, 0x01, 0x01 }; - const byte badObjId1Len[] = { 0x30, 0x0c, 0x30, 0x0a, 0x06, 0x09, + static const byte badOneObjId[] = { 0x30, 0x0a, 0x30, 0x08, 0x06, 0x00, + 0x03, 0x04, 0x00, 0x04, 0x01, 0x01 }; + static const byte badObjId1Len[] = { 0x30, 0x0c, 0x30, 0x0a, 0x06, 0x09, 0x06, 0x00, 0x03, 0x04, 0x00, 0x04, 0x01, 0x01 }; - const byte badObj2d1Len[] = { 0x30, 0x0c, 0x30, 0x0a, 0x06, 0x00, + static const byte badObj2d1Len[] = { 0x30, 0x0c, 0x30, 0x0a, 0x06, 0x00, 0x06, 0x07, 0x03, 0x04, 0x00, 0x04, 0x01, 0x01 }; - const byte badNotBitStr[] = { 0x30, 0x14, 0x30, 0x0b, 0x06, 0x00, + static const byte badNotBitStr[] = { 0x30, 0x14, 0x30, 0x0b, 0x06, 0x00, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x04, 0x04, 0x00, 0x04, 0x01, 0x01 }; - const byte badBitStrLen[] = { 0x30, 0x14, 0x30, 0x0b, 0x06, 0x00, + static const byte badBitStrLen[] = { 0x30, 0x14, 0x30, 0x0b, 0x06, 0x00, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x05, 0x00, 0x04, 0x01, 0x01 }; - const byte badNoBitStrZero[] = { 0x30, 0x13, 0x30, 0x0a, 0x06, 0x00, + static const byte badNoBitStrZero[] = { 0x30, 0x13, 0x30, 0x0a, 0x06, 0x00, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x03, 0x04, 0x01, 0x01 }; - const byte badPoint[] = { 0x30, 0x12, 0x30, 0x09, 0x06, 0x00, + static const byte badPoint[] = { 0x30, 0x12, 0x30, 0x09, 0x06, 0x00, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x03, 0x00, 0x04, 0x01 }; @@ -15001,22 +15631,22 @@ static int ecc_decode_test(void) inSz = sizeof(good); ret = wc_EccPublicKeyDecode(NULL, &inOutIdx, &key, inSz); if (ret != BAD_FUNC_ARG) { - ret = -6700; + ret = -8500; goto done; } ret = wc_EccPublicKeyDecode(good, NULL, &key, inSz); if (ret != BAD_FUNC_ARG) { - ret = -6701; + ret = -8501; goto done; } ret = wc_EccPublicKeyDecode(good, &inOutIdx, NULL, inSz); if (ret != BAD_FUNC_ARG) { - ret = -6702; + ret = -8502; goto done; } ret = wc_EccPublicKeyDecode(good, &inOutIdx, &key, 0); if (ret != BAD_FUNC_ARG) { - ret = -6703; + ret = -8503; goto done; } @@ -15025,14 +15655,14 @@ static int ecc_decode_test(void) inSz = sizeof(good) - inOutIdx; ret = wc_EccPublicKeyDecode(good, &inOutIdx, &key, inSz); if (ret != ASN_PARSE_E) { - ret = -6704; + ret = -8504; goto done; } inOutIdx = 4; inSz = sizeof(good) - inOutIdx; ret = wc_EccPublicKeyDecode(good, &inOutIdx, &key, inSz); if (ret != ASN_PARSE_E) { - ret = -6705; + ret = -8505; goto done; } /* Bad data. */ @@ -15040,56 +15670,56 @@ static int ecc_decode_test(void) inOutIdx = 0; ret = wc_EccPublicKeyDecode(badNoObjId, &inOutIdx, &key, inSz); if (ret != ASN_OBJECT_ID_E) { - ret = -6706; + ret = -8506; goto done; } inSz = sizeof(badOneObjId); inOutIdx = 0; ret = wc_EccPublicKeyDecode(badOneObjId, &inOutIdx, &key, inSz); if (ret != ASN_OBJECT_ID_E) { - ret = -6707; + ret = -8507; goto done; } inSz = sizeof(badObjId1Len); inOutIdx = 0; ret = wc_EccPublicKeyDecode(badObjId1Len, &inOutIdx, &key, inSz); if (ret != ASN_PARSE_E) { - ret = -6708; + ret = -8508; goto done; } inSz = sizeof(badObj2d1Len); inOutIdx = 0; ret = wc_EccPublicKeyDecode(badObj2d1Len, &inOutIdx, &key, inSz); if (ret != ASN_PARSE_E) { - ret = -6709; + ret = -8509; goto done; } inSz = sizeof(badNotBitStr); inOutIdx = 0; ret = wc_EccPublicKeyDecode(badNotBitStr, &inOutIdx, &key, inSz); if (ret != ASN_BITSTR_E) { - ret = -6710; + ret = -8510; goto done; } inSz = sizeof(badBitStrLen); inOutIdx = 0; ret = wc_EccPublicKeyDecode(badBitStrLen, &inOutIdx, &key, inSz); if (ret != ASN_PARSE_E) { - ret = -6711; + ret = -8511; goto done; } inSz = sizeof(badNoBitStrZero); inOutIdx = 0; ret = wc_EccPublicKeyDecode(badNoBitStrZero, &inOutIdx, &key, inSz); if (ret != ASN_EXPECT_0_E) { - ret = -6712; + ret = -8512; goto done; } inSz = sizeof(badPoint); inOutIdx = 0; ret = wc_EccPublicKeyDecode(badPoint, &inOutIdx, &key, inSz); if (ret != ASN_ECC_KEY_E) { - ret = -6713; + ret = -8513; goto done; } @@ -15097,7 +15727,7 @@ static int ecc_decode_test(void) inOutIdx = 0; ret = wc_EccPublicKeyDecode(good, &inOutIdx, &key, inSz); if (ret != 0) { - ret = -6714; + ret = -8514; goto done; } @@ -15195,14 +15825,14 @@ static int ecc_test_custom_curves(WC_RNG* rng) ret = wc_ecc_init_ex(&key, HEAP_HINT, devId); if (ret != 0) { - return -6715; + return -8515; } inOutIdx = 0; ret = wc_EccPublicKeyDecode(eccKeyExplicitCurve, &inOutIdx, &key, sizeof(eccKeyExplicitCurve)); if (ret != 0) - return -6716; + return -8516; wc_ecc_free(&key); @@ -15236,11 +15866,11 @@ static int ecc_test_cert_gen(WC_RNG* rng) der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (der == NULL) { - ERROR_OUT(-6720, exit); + ERROR_OUT(-8517, exit); } pem = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (pem == NULL) { - ERROR_OUT(-6721, exit); + ERROR_OUT(-8518, exit); } /* Get cert private key */ @@ -15252,7 +15882,7 @@ static int ecc_test_cert_gen(WC_RNG* rng) #else file = fopen(eccCaKey384File, "rb"); if (!file) { - ERROR_OUT(-6722, exit); + ERROR_OUT(-8519, exit); } bytes = fread(der, 1, FOURK_BUF, file); @@ -15266,7 +15896,7 @@ static int ecc_test_cert_gen(WC_RNG* rng) #else file = fopen(eccCaKeyFile, "rb"); if (!file) { - ERROR_OUT(-6722, exit); + ERROR_OUT(-8520, exit); } bytes = fread(der, 1, FOURK_BUF, file); fclose(file); @@ -15279,17 +15909,17 @@ static int ecc_test_cert_gen(WC_RNG* rng) /* Get CA Key */ ret = wc_ecc_init_ex(&caEccKey, HEAP_HINT, devId); if (ret != 0) { - ERROR_OUT(-6723, exit); + ERROR_OUT(-8521, exit); } ret = wc_EccPrivateKeyDecode(der, &idx, &caEccKey, (word32)bytes); if (ret != 0) { - ERROR_OUT(-6724, exit); + ERROR_OUT(-8522, exit); } /* Make a public key */ ret = wc_ecc_init_ex(&certPubKey, HEAP_HINT, devId); if (ret != 0) { - ERROR_OUT(-6725, exit); + ERROR_OUT(-8523, exit); } ret = wc_ecc_make_key(rng, 32, &certPubKey); @@ -15297,12 +15927,12 @@ static int ecc_test_cert_gen(WC_RNG* rng) ret = wc_AsyncWait(ret, &certPubKey.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); #endif if (ret != 0) { - ERROR_OUT(-6726, exit); + ERROR_OUT(-8524, exit); } /* Setup Certificate */ if (wc_InitCert(&myCert)) { - ERROR_OUT(-6727, exit); + ERROR_OUT(-8525, exit); } #ifndef NO_SHA256 @@ -15322,17 +15952,17 @@ static int ecc_test_cert_gen(WC_RNG* rng) /* add SKID from the Public Key */ if (wc_SetSubjectKeyIdFromPublicKey(&myCert, NULL, &certPubKey) != 0) { - ERROR_OUT(-6728, exit); + ERROR_OUT(-8526, exit); } /* add AKID from the Public Key */ if (wc_SetAuthKeyIdFromPublicKey(&myCert, NULL, &caEccKey) != 0) { - ERROR_OUT(-6729, exit); + ERROR_OUT(-8527, exit); } /* add Key Usage */ if (wc_SetKeyUsage(&myCert, certKeyUsage) != 0) { - ERROR_OUT(-6730, exit); + ERROR_OUT(-8528, exit); } #endif /* WOLFSSL_CERT_EXT */ @@ -15356,12 +15986,12 @@ static int ecc_test_cert_gen(WC_RNG* rng) #endif #endif /* ENABLE_ECC384_CERT_GEN_TEST */ if (ret < 0) { - ERROR_OUT(-6731, exit); + ERROR_OUT(-8529, exit); } certSz = wc_MakeCert(&myCert, der, FOURK_BUF, NULL, &certPubKey, rng); if (certSz < 0) { - ERROR_OUT(-6732, exit); + ERROR_OUT(-8530, exit); } ret = 0; @@ -15375,7 +16005,7 @@ static int ecc_test_cert_gen(WC_RNG* rng) } } while (ret == WC_PENDING_E); if (ret < 0) { - ERROR_OUT(-6733, exit); + ERROR_OUT(-8531, exit); } certSz = ret; @@ -15384,7 +16014,7 @@ static int ecc_test_cert_gen(WC_RNG* rng) ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0); if (ret != 0) { FreeDecodedCert(&decode); - ERROR_OUT(-6734, exit); + ERROR_OUT(-8532, exit); } FreeDecodedCert(&decode); @@ -15424,7 +16054,7 @@ int ecc_test(void) ret = wc_InitRng(&rng); #endif if (ret != 0) - return -6800; + return -8600; #if defined(HAVE_ECC112) || defined(HAVE_ALL_CURVES) ret = ecc_test_curve(&rng, 14); @@ -15569,7 +16199,7 @@ int ecc_encrypt_test(void) ret = wc_InitRng(&rng); #endif if (ret != 0) - return -6900; + return -8700; XMEMSET(&userA, 0, sizeof(userA)); XMEMSET(&userB, 0, sizeof(userB)); @@ -15586,7 +16216,7 @@ int ecc_encrypt_test(void) ret = wc_AsyncWait(ret, &userA.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (ret != 0){ - ret = -6901; goto done; + ret = -8701; goto done; } ret = wc_ecc_make_key(&rng, 32, &userB); @@ -15594,7 +16224,7 @@ int ecc_encrypt_test(void) ret = wc_AsyncWait(ret, &userB.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (ret != 0){ - ret = -6902; goto done; + ret = -8702; goto done; } /* set message to incrementing 0,1,2,etc... */ @@ -15604,36 +16234,36 @@ int ecc_encrypt_test(void) /* encrypt msg to B */ ret = wc_ecc_encrypt(&userA, &userB, msg, sizeof(msg), out, &outSz, NULL); if (ret != 0) { - ret = -6903; goto done; + ret = -8703; goto done; } /* decrypt msg from A */ ret = wc_ecc_decrypt(&userB, &userA, out, outSz, plain, &plainSz, NULL); if (ret != 0) { - ret = -6904; goto done; + ret = -8704; goto done; } if (XMEMCMP(plain, msg, sizeof(msg)) != 0) { - ret = -6905; goto done; + ret = -8705; goto done; } /* let's verify message exchange works, A is client, B is server */ cliCtx = wc_ecc_ctx_new(REQ_RESP_CLIENT, &rng); srvCtx = wc_ecc_ctx_new(REQ_RESP_SERVER, &rng); if (cliCtx == NULL || srvCtx == NULL) { - ret = -6906; goto done; + ret = -8706; goto done; } /* get salt to send to peer */ tmpSalt = wc_ecc_ctx_get_own_salt(cliCtx); if (tmpSalt == NULL) { - ret = -6907; goto done; + ret = -8707; goto done; } XMEMCPY(cliSalt, tmpSalt, EXCHANGE_SALT_SZ); tmpSalt = wc_ecc_ctx_get_own_salt(srvCtx); if (tmpSalt == NULL) { - ret = -6908; goto done; + ret = -8708; goto done; } XMEMCPY(srvSalt, tmpSalt, EXCHANGE_SALT_SZ); @@ -15665,7 +16295,7 @@ int ecc_encrypt_test(void) goto done; if (XMEMCMP(plain, msg, sizeof(msg)) != 0) { - ret = -6909; goto done; + ret = -8709; goto done; } /* msg2 (response) from B to A */ @@ -15685,7 +16315,7 @@ int ecc_encrypt_test(void) goto done; if (XMEMCMP(plain2, msg2, sizeof(msg2)) != 0) { - ret = -6910; goto done; + ret = -8710; goto done; } done: @@ -15719,12 +16349,15 @@ int ecc_test_buffers(void) { int verify = 0; word32 x; + XMEMSET(&cliKey, 0, sizeof(ecc_key)); + XMEMSET(&servKey, 0, sizeof(ecc_key)); + bytes = (size_t)sizeof_ecc_clikey_der_256; /* place client key into ecc_key struct cliKey */ ret = wc_EccPrivateKeyDecode(ecc_clikey_der_256, &idx, &cliKey, (word32)bytes); if (ret != 0) - return -6915; + return -8711; idx = 0; bytes = (size_t)sizeof_ecc_key_der_256; @@ -15733,7 +16366,7 @@ int ecc_test_buffers(void) { ret = wc_EccPrivateKeyDecode(ecc_key_der_256, &idx, &servKey, (word32)bytes); if (ret != 0) - return -6916; + return -8712; #ifndef HAVE_FIPS ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); @@ -15741,7 +16374,7 @@ int ecc_test_buffers(void) { ret = wc_InitRng(&rng); #endif if (ret != 0) - return -6917; + return -8713; #if defined(HAVE_ECC_ENCRYPT) && defined(HAVE_HKDF) { @@ -15750,15 +16383,15 @@ int ecc_test_buffers(void) { x = sizeof(out); ret = wc_ecc_encrypt(&cliKey, &servKey, in, sizeof(in), out, &x, NULL); if (ret < 0) - return -6918; + return -8714; y = sizeof(plain); ret = wc_ecc_decrypt(&cliKey, &servKey, out, x, plain, &y, NULL); if (ret < 0) - return -6919; + return -8715; if (XMEMCMP(plain, in, inLen)) - return -6920; + return -8716; } #endif @@ -15766,16 +16399,16 @@ int ecc_test_buffers(void) { x = sizeof(out); ret = wc_ecc_sign_hash(in, inLen, out, &x, &rng, &cliKey); if (ret < 0) - return -6921; + return -8717; XMEMSET(plain, 0, sizeof(plain)); ret = wc_ecc_verify_hash(out, x, plain, sizeof(plain), &verify, &cliKey); if (ret < 0) - return -6922; + return -8718; if (XMEMCMP(plain, in, (word32)ret)) - return -6923; + return -8719; #ifdef WOLFSSL_CERT_EXT idx = 0; @@ -15785,7 +16418,7 @@ int ecc_test_buffers(void) { ret = wc_EccPublicKeyDecode(ecc_clikeypub_der_256, &idx, &cliKey, (word32) bytes); if (ret != 0) - return -6924; + return -8720; #endif wc_ecc_free(&cliKey); @@ -15867,7 +16500,7 @@ int curve25519_test(void) ret = wc_InitRng(&rng); #endif if (ret != 0) - return -7000; + return -8800; wc_curve25519_init(&userA); wc_curve25519_init(&userB); @@ -15875,38 +16508,38 @@ int curve25519_test(void) /* make curve25519 keys */ if (wc_curve25519_make_key(&rng, 32, &userA) != 0) - return -7001; + return -8801; if (wc_curve25519_make_key(&rng, 32, &userB) != 0) - return -7002; + return -8802; #ifdef HAVE_CURVE25519_SHARED_SECRET /* find shared secret key */ x = sizeof(sharedA); if (wc_curve25519_shared_secret(&userA, &userB, sharedA, &x) != 0) - return -7003; + return -8803; y = sizeof(sharedB); if (wc_curve25519_shared_secret(&userB, &userA, sharedB, &y) != 0) - return -7004; + return -8804; /* compare shared secret keys to test they are the same */ if (y != x) - return -7005; + return -8805; if (XMEMCMP(sharedA, sharedB, x)) - return -7006; + return -8806; #endif #ifdef HAVE_CURVE25519_KEY_EXPORT /* export a public key and import it for another user */ x = sizeof(exportBuf); if (wc_curve25519_export_public(&userA, exportBuf, &x) != 0) - return -7007; + return -8807; #ifdef HAVE_CURVE25519_KEY_IMPORT if (wc_curve25519_import_public(exportBuf, x, &pubKey) != 0) - return -7008; + return -8808; #endif #endif @@ -15915,60 +16548,60 @@ int curve25519_test(void) XMEMSET(sharedB, 0, sizeof(sharedB)); y = sizeof(sharedB); if (wc_curve25519_shared_secret(&userB, &pubKey, sharedB, &y) != 0) - return -7009; + return -8809; if (XMEMCMP(sharedA, sharedB, y)) - return -7010; + return -8810; /* import RFC test vectors and compare shared key */ if (wc_curve25519_import_private_raw(sa, sizeof(sa), pa, sizeof(pa), &userA) != 0) - return -7011; + return -8811; if (wc_curve25519_import_private_raw(sb, sizeof(sb), pb, sizeof(pb), &userB) != 0) - return -7012; + return -8812; /* test against known test vector */ XMEMSET(sharedB, 0, sizeof(sharedB)); y = sizeof(sharedB); if (wc_curve25519_shared_secret(&userA, &userB, sharedB, &y) != 0) - return -7013; + return -8813; if (XMEMCMP(ss, sharedB, y)) - return -7014; + return -8814; /* test swaping roles of keys and generating same shared key */ XMEMSET(sharedB, 0, sizeof(sharedB)); y = sizeof(sharedB); if (wc_curve25519_shared_secret(&userB, &userA, sharedB, &y) != 0) - return -7015; + return -8815; if (XMEMCMP(ss, sharedB, y)) - return -7016; + return -8816; /* test with 1 generated key and 1 from known test vector */ if (wc_curve25519_import_private_raw(sa, sizeof(sa), pa, sizeof(pa), &userA) != 0) - return -7017; + return -8817; if (wc_curve25519_make_key(&rng, 32, &userB) != 0) - return -7018; + return -8818; x = sizeof(sharedA); if (wc_curve25519_shared_secret(&userA, &userB, sharedA, &x) != 0) - return -7019; + return -8819; y = sizeof(sharedB); if (wc_curve25519_shared_secret(&userB, &userA, sharedB, &y) != 0) - return -7020; + return -8820; /* compare shared secret keys to test they are the same */ if (y != x) - return -7021; + return -8821; if (XMEMCMP(sharedA, sharedB, x)) - return -7022; + return -8822; #endif /* HAVE_CURVE25519_SHARED_SECRET */ /* clean up keys when done */ @@ -16002,7 +16635,7 @@ static int ed25519_test_cert(void) tmp = XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (tmp == NULL) { - ERROR_OUT(-7200, done); + ERROR_OUT(-8823, done); } #ifdef USE_CERT_BUFFERS_256 @@ -16011,20 +16644,20 @@ static int ed25519_test_cert(void) #elif !defined(NO_FILESYSTEM) file = fopen(caEd25519Cert, "rb"); if (file == NULL) { - ERROR_OUT(-7201, done); + ERROR_OUT(-8824, done); } bytes = fread(tmp, 1, FOURK_BUF, file); fclose(file); #else /* No certificate to use. */ - ERROR_OUT(-7202, done); + ERROR_OUT(-8825, done); #endif InitDecodedCert(&cert[0], tmp, (word32)bytes, 0); caCert = &cert[0]; ret = ParseCert(caCert, CERT_TYPE, NO_VERIFY, NULL); if (ret != 0) { - ERROR_OUT(-7203, done); + ERROR_OUT(-8826, done); } #ifdef USE_CERT_BUFFERS_256 @@ -16033,39 +16666,39 @@ static int ed25519_test_cert(void) #elif !defined(NO_FILESYSTEM) file = fopen(serverEd25519Cert, "rb"); if (file == NULL) { - ERROR_OUT(-7204, done); + ERROR_OUT(-8827, done); } bytes = fread(tmp, 1, FOURK_BUF, file); fclose(file); #else /* No certificate to use. */ - ERROR_OUT(-7205, done); + ERROR_OUT(-8828, done); #endif InitDecodedCert(&cert[1], tmp, (word32)bytes, 0); serverCert = &cert[1]; ret = ParseCert(serverCert, CERT_TYPE, NO_VERIFY, NULL); if (ret != 0) { - ERROR_OUT(-7206, done); + ERROR_OUT(-8829, done); } #ifdef HAVE_ED25519_VERIFY ret = wc_ed25519_init(&key); if (ret < 0) { - ERROR_OUT(-7207, done); + ERROR_OUT(-8830, done); } pubKey = &key; ret = wc_ed25519_import_public(caCert->publicKey, caCert->pubKeySize, pubKey); if (ret < 0) { - ERROR_OUT(-7208, done); + ERROR_OUT(-8831, done); } if (wc_ed25519_verify_msg(serverCert->signature, serverCert->sigLength, serverCert->source + serverCert->certBegin, serverCert->sigIndex - serverCert->certBegin, &verify, pubKey) < 0 || verify != 1) { - ERROR_OUT(-7209, done); + ERROR_OUT(-8832, done); } #endif /* HAVE_ED25519_VERIFY */ @@ -16101,7 +16734,7 @@ static int ed25519_test_make_cert(void) ret = wc_InitRng(&rng); #endif if (ret != 0) - return -7220; + return -8833; wc_ed25519_init(&key); privKey = &key; @@ -16115,38 +16748,38 @@ static int ed25519_test_make_cert(void) #ifdef WOLFSSL_CERT_EXT ret = wc_SetKeyUsage(&cert, certKeyUsage); if (ret < 0) { - ERROR_OUT(-7221, done); + ERROR_OUT(-8834, done); } ret = wc_SetSubjectKeyIdFromPublicKey_ex(&cert, ED25519_TYPE, privKey); if (ret < 0) { - ERROR_OUT(-7222, done); + ERROR_OUT(-8835, done); } ret = wc_SetAuthKeyIdFromPublicKey_ex(&cert, ED25519_TYPE, privKey); if (ret < 0) { - ERROR_OUT(-7223, done); + ERROR_OUT(-8836, done); } #endif tmp = XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (tmp == NULL) { - ERROR_OUT(-7224, done); + ERROR_OUT(-8837, done); } cert.sigType = CTC_ED25519; ret = wc_MakeCert_ex(&cert, tmp, FOURK_BUF, ED25519_TYPE, privKey, &rng); if (ret < 0) { - ERROR_OUT(-7225, done); + ERROR_OUT(-8838, done); } ret = wc_SignCert_ex(cert.bodySz, cert.sigType, tmp, FOURK_BUF, ED25519_TYPE, privKey, &rng); if (ret < 0) { - ERROR_OUT(-7226, done); + ERROR_OUT(-8839, done); } InitDecodedCert(&decode, tmp, ret, HEAP_HINT); ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0); FreeDecodedCert(&decode); if (ret != 0) { - ERROR_OUT(-7227, done); + ERROR_OUT(-8840, done); } done: @@ -16498,6 +17131,38 @@ int ed25519_test(void) 0 /*sizeof(msg1)*/, sizeof(msg4) }; + static byte privateEd25519[] = { + 0x30,0x2e,0x02,0x01,0x00,0x30,0x05,0x06, + 0x03,0x2b,0x65,0x70,0x04,0x22,0x04,0x20, + 0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60, + 0xba,0x84,0x4a,0xf4,0x92,0xec,0x2c,0xc4, + 0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19, + 0x70,0x3b,0xac,0x03,0x1c,0xae,0x7f,0x60 + }; + static byte publicEd25519[] = { + 0x30,0x2a,0x30,0x05,0x06,0x03,0x2b,0x65, + 0x70,0x03,0x21,0x00,0xd7,0x5a,0x98,0x01, + 0x82,0xb1,0x0a,0xb7,0xd5,0x4b,0xfe,0xd3, + 0xc9,0x64,0x07,0x3a,0x0e,0xe1,0x72,0xf3, + 0xda,0xa6,0x23,0x25,0xaf,0x02,0x1a,0x68, + 0xf7,0x07,0x51,0x1a + }; + static byte privPubEd25519[] = { + 0x30,0x52,0x02,0x01,0x00,0x30,0x05,0x06, + 0x03,0x2b,0x65,0x70,0x04,0x22,0x04,0x20, + 0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60, + 0xba,0x84,0x4a,0xf4,0x92,0xec,0x2c,0xc4, + 0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19, + 0x70,0x3b,0xac,0x03,0x1c,0xae,0x7f,0x60, + 0xa1,0x22,0x04,0x20,0xd7,0x5a,0x98,0x01, + 0x82,0xb1,0x0a,0xb7,0xd5,0x4b,0xfe,0xd3, + 0xc9,0x64,0x07,0x3a,0x0e,0xe1,0x72,0xf3, + 0xda,0xa6,0x23,0x25,0xaf,0x02,0x1a,0x68, + 0xf7,0x07,0x51,0x1a + }; + word32 idx; + ed25519_key key3; + #endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_EXPORT && HAVE_ED25519_KEY_IMPORT */ /* create ed25519 keys */ @@ -16507,10 +17172,11 @@ int ed25519_test(void) ret = wc_InitRng(&rng); #endif if (ret != 0) - return -7100; + return -8900; wc_ed25519_init(&key); wc_ed25519_init(&key2); + wc_ed25519_init(&key3); wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key); wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key2); @@ -16526,59 +17192,102 @@ int ed25519_test(void) if (wc_ed25519_import_private_key(sKeys[i], ED25519_KEY_SIZE, pKeys[i], pKeySz[i], &key) != 0) - return -7101 - i; + return -8901 - i; - if (wc_ed25519_sign_msg(msgs[i], msgSz[i], out, &outlen, &key) - != 0) - return -7111 - i; + if (wc_ed25519_sign_msg(msgs[i], msgSz[i], out, &outlen, &key) != 0) + return -8911 - i; if (XMEMCMP(out, sigs[i], 64)) - return -7121 - i; + return -8921 - i; #if defined(HAVE_ED25519_VERIFY) /* test verify on good msg */ if (wc_ed25519_verify_msg(out, outlen, msgs[i], msgSz[i], &verify, &key) != 0 || verify != 1) - return -7131 - i; + return -8931 - i; /* test verify on bad msg */ out[outlen-1] = out[outlen-1] + 1; if (wc_ed25519_verify_msg(out, outlen, msgs[i], msgSz[i], &verify, &key) == 0 || verify == 1) - return -7141 - i; + return -8941 - i; #endif /* HAVE_ED25519_VERIFY */ /* test api for import/exporting keys */ exportPSz = sizeof(exportPKey); exportSSz = sizeof(exportSKey); if (wc_ed25519_export_public(&key, exportPKey, &exportPSz) != 0) - return -7151 - i; + return -8951 - i; if (wc_ed25519_import_public(exportPKey, exportPSz, &key2) != 0) - return -7161 - i; + return -8961 - i; if (wc_ed25519_export_private_only(&key, exportSKey, &exportSSz) != 0) - return -7171 - i; + return -8971 - i; if (wc_ed25519_import_private_key(exportSKey, exportSSz, exportPKey, exportPSz, &key2) != 0) - return -7181 - i; + return -8981 - i; /* clear "out" buffer and test sign with imported keys */ outlen = sizeof(out); XMEMSET(out, 0, sizeof(out)); if (wc_ed25519_sign_msg(msgs[i], msgSz[i], out, &outlen, &key2) != 0) - return -7191 - i; + return -8991 - i; #if defined(HAVE_ED25519_VERIFY) if (wc_ed25519_verify_msg(out, outlen, msgs[i], msgSz[i], &verify, &key2) != 0 || verify != 1) - return -7201 - i; + return -9001 - i; if (XMEMCMP(out, sigs[i], 64)) - return -7211 - i; + return -9011 - i; #endif /* HAVE_ED25519_VERIFY */ } + + /* Try ASN.1 encoded private-only key and public key. */ + idx = 0; + if (wc_Ed25519PrivateKeyDecode(privateEd25519, &idx, &key3, + sizeof(privateEd25519)) != 0) + return -7230 - i; + + if (wc_ed25519_sign_msg(msgs[0], msgSz[0], out, &outlen, &key3) + != BAD_FUNC_ARG) + return -7231 - i; + + idx = 0; + if (wc_Ed25519PublicKeyDecode(publicEd25519, &idx, &key3, + sizeof(publicEd25519)) != 0) + return -7232 - i; + + if (wc_ed25519_sign_msg(msgs[0], msgSz[0], out, &outlen, &key3) != 0) + return -7233 - i; + + if (XMEMCMP(out, sigs[0], 64)) + return -7234 - i; + +#if defined(HAVE_ED25519_VERIFY) + /* test verify on good msg */ + if (wc_ed25519_verify_msg(out, outlen, msgs[0], msgSz[0], &verify, &key3) + != 0 || verify != 1) + return -7233 - i; +#endif /* HAVE_ED25519_VERIFY */ + + wc_ed25519_free(&key3); + wc_ed25519_init(&key3); + + idx = 0; + if (wc_Ed25519PrivateKeyDecode(privPubEd25519, &idx, &key3, + sizeof(privPubEd25519)) != 0) + return -7230 - i; + + if (wc_ed25519_sign_msg(msgs[0], msgSz[0], out, &outlen, &key3) != 0) + return -7233 - i; + + if (XMEMCMP(out, sigs[0], 64)) + return -7234 - i; + + wc_ed25519_free(&key3); #endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_EXPORT && HAVE_ED25519_KEY_IMPORT */ /* clean up keys when done */ @@ -16778,34 +17487,34 @@ int cmac_test(void) XMEMSET(tag, 0, sizeof(tag)); tagSz = AES_BLOCK_SIZE; if (wc_InitCmac(&cmac, tc->k, tc->kSz, tc->type, NULL) != 0) - return -7300; + return -9100; if (tc->partial) { if (wc_CmacUpdate(&cmac, tc->m, tc->mSz/2 - tc->partial) != 0) - return -7301; + return -9101; if (wc_CmacUpdate(&cmac, tc->m + tc->mSz/2 - tc->partial, tc->mSz/2 + tc->partial) != 0) - return -7302; + return -9102; } else { if (wc_CmacUpdate(&cmac, tc->m, tc->mSz) != 0) - return -7303; + return -9103; } if (wc_CmacFinal(&cmac, tag, &tagSz) != 0) - return -7304; + return -9104; if (XMEMCMP(tag, tc->t, AES_BLOCK_SIZE) != 0) - return -7305; + return -9105; XMEMSET(tag, 0, sizeof(tag)); tagSz = sizeof(tag); if (wc_AesCmacGenerate(tag, &tagSz, tc->m, tc->mSz, tc->k, tc->kSz) != 0) - return -7306; + return -9106; if (XMEMCMP(tag, tc->t, AES_BLOCK_SIZE) != 0) - return -7307; + return -9107; if (wc_AesCmacVerify(tc->t, tc->tSz, tc->m, tc->mSz, tc->k, tc->kSz) != 0) - return -7308; + return -9108; } return 0; @@ -16904,7 +17613,7 @@ int compress_test(void) c = XMALLOC(cSz * sizeof(byte), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); d = XMALLOC(dSz * sizeof(byte), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (c == NULL || d == NULL) { - ERROR_OUT(-7400, exit); + ERROR_OUT(-9200, exit); } /* follow calloc and initialize to 0 */ @@ -16912,16 +17621,16 @@ int compress_test(void) XMEMSET(d, 0, dSz); if ((ret = wc_Compress(c, cSz, sample_text, dSz, 0)) < 0) { - ERROR_OUT(-7401, exit); + ERROR_OUT(-9201, exit); } cSz = (word32)ret; if ((ret = wc_DeCompress(d, dSz, c, cSz)) != (int)dSz) { - ERROR_OUT(-7402, exit); + ERROR_OUT(-9202, exit); } if (XMEMCMP(d, sample_text, dSz)) { - ERROR_OUT(-7403, exit); + ERROR_OUT(-9203, exit); } ret = 0; @@ -16987,20 +17696,20 @@ static int pkcs7_load_certs_keys(byte* rsaCert, word32* rsaCertSz, #ifdef USE_CERT_BUFFERS_1024 if (*rsaCertSz < (word32)sizeof_client_cert_der_1024) - return -7410; + return -9204; XMEMCPY(rsaCert, client_cert_der_1024, sizeof_client_cert_der_1024); *rsaCertSz = sizeof_client_cert_der_1024; #elif defined(USE_CERT_BUFFERS_2048) if (*rsaCertSz < (word32)sizeof_client_cert_der_2048) - return -7411; + return -9205; XMEMCPY(rsaCert, client_cert_der_2048, sizeof_client_cert_der_2048); *rsaCertSz = sizeof_client_cert_der_2048; #else certFile = fopen(clientCert, "rb"); if (!certFile) - return -7412; + return -9206; *rsaCertSz = (word32)fread(rsaCert, 1, *rsaCertSz, certFile); fclose(certFile); @@ -17008,20 +17717,20 @@ static int pkcs7_load_certs_keys(byte* rsaCert, word32* rsaCertSz, #ifdef USE_CERT_BUFFERS_1024 if (*rsaPrivKeySz < (word32)sizeof_client_key_der_1024) - return -7413; + return -9207; XMEMCPY(rsaPrivKey, client_key_der_1024, sizeof_client_key_der_1024); *rsaPrivKeySz = sizeof_client_key_der_1024; #elif defined(USE_CERT_BUFFERS_2048) if (*rsaPrivKeySz < (word32)sizeof_client_key_der_2048) - return -7414; + return -9208; XMEMCPY(rsaPrivKey, client_key_der_2048, sizeof_client_key_der_2048); *rsaPrivKeySz = sizeof_client_key_der_2048; #else keyFile = fopen(clientKey, "rb"); if (!keyFile) - return -7415; + return -9209; *rsaPrivKeySz = (word32)fread(rsaPrivKey, 1, *rsaPrivKeySz, keyFile); fclose(keyFile); @@ -17034,14 +17743,14 @@ static int pkcs7_load_certs_keys(byte* rsaCert, word32* rsaCertSz, #ifdef USE_CERT_BUFFERS_256 if (*eccCertSz < (word32)sizeof_cliecc_cert_der_256) - return -7416; + return -9210; XMEMCPY(eccCert, cliecc_cert_der_256, sizeof_cliecc_cert_der_256); *eccCertSz = sizeof_cliecc_cert_der_256; #else certFile = fopen(eccClientCert, "rb"); if (!certFile) - return -7417; + return -9211; *eccCertSz = (word32)fread(eccCert, 1, *eccCertSz, certFile); fclose(certFile); @@ -17049,14 +17758,14 @@ static int pkcs7_load_certs_keys(byte* rsaCert, word32* rsaCertSz, #ifdef USE_CERT_BUFFERS_256 if (*eccPrivKeySz < (word32)sizeof_ecc_clikey_der_256) - return -7418; + return -9212; XMEMCPY(eccPrivKey, ecc_clikey_der_256, sizeof_ecc_clikey_der_256); *eccPrivKeySz = sizeof_ecc_clikey_der_256; #else keyFile = fopen(eccClientKey, "rb"); if (!keyFile) - return -7419; + return -9213; *eccPrivKeySz = (word32)fread(eccPrivKey, 1, *eccPrivKeySz, keyFile); fclose(keyFile); @@ -17191,12 +17900,12 @@ static int pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz, ret = wc_PKCS7_Init(&pkcs7, HEAP_HINT, devId); if (ret != 0) - return -7419; + return -9214; ret = wc_PKCS7_InitWithCert(&pkcs7, testVectors[i].cert, (word32)testVectors[i].certSz); if (ret != 0) - return -7420; + return -9215; pkcs7.content = (byte*)testVectors[i].content; pkcs7.contentSz = testVectors[i].contentSz; @@ -17214,29 +17923,29 @@ static int pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz, sizeof(enveloped)); if (envelopedSz <= 0) { printf("DEBUG: i = %d, envelopedSz = %d\n", i, envelopedSz); - return -7421; + return -9216; } /* decode envelopedData */ decodedSz = wc_PKCS7_DecodeEnvelopedData(&pkcs7, enveloped, envelopedSz, decoded, sizeof(decoded)); if (decodedSz <= 0) - return -7422; + return -9217; /* test decode result */ if (XMEMCMP(decoded, data, sizeof(data)) != 0) - return -7423; + return -9218; #ifdef PKCS7_OUTPUT_TEST_BUNDLES /* output pkcs7 envelopedData for external testing */ pkcs7File = fopen(testVectors[i].outFileName, "wb"); if (!pkcs7File) - return -7424; + return -9219; ret = (int)fwrite(enveloped, 1, envelopedSz, pkcs7File); fclose(pkcs7File); if (ret != envelopedSz) { - return -7425; + return -9220; } #endif /* PKCS7_OUTPUT_TEST_BUNDLES */ @@ -17278,12 +17987,12 @@ int pkcs7enveloped_test(void) /* read client RSA cert and key in DER format */ rsaCert = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (rsaCert == NULL) - return -7500; + return -9300; rsaPrivKey = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (rsaPrivKey == NULL) { XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - return -7501; + return -9301; } rsaCertSz = FOURK_BUF; @@ -17298,7 +18007,7 @@ int pkcs7enveloped_test(void) XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); #endif - return -7504; + return -9302; } eccPrivKey =(byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); @@ -17308,7 +18017,7 @@ int pkcs7enveloped_test(void) XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); #endif XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - return -7505; + return -9303; } eccCertSz = FOURK_BUF; @@ -17494,7 +18203,7 @@ int pkcs7encrypted_test(void) for (i = 0; i < testSz; i++) { ret = wc_PKCS7_Init(&pkcs7, HEAP_HINT, devId); if (ret != 0) - return -7599; + return -9400; pkcs7.content = (byte*)testVectors[i].content; pkcs7.contentSz = testVectors[i].contentSz; @@ -17509,17 +18218,17 @@ int pkcs7encrypted_test(void) encryptedSz = wc_PKCS7_EncodeEncryptedData(&pkcs7, encrypted, sizeof(encrypted)); if (encryptedSz <= 0) - return -7600; + return -9401; /* decode encryptedData */ decodedSz = wc_PKCS7_DecodeEncryptedData(&pkcs7, encrypted, encryptedSz, decoded, sizeof(decoded)); if (decodedSz <= 0) - return -7601; + return -9402; /* test decode result */ if (XMEMCMP(decoded, data, sizeof(data)) != 0) - return -7602; + return -9403; /* verify decoded unprotected attributes */ if (pkcs7.decodedAttrib != NULL) { @@ -17535,12 +18244,12 @@ int pkcs7encrypted_test(void) /* verify oid */ if (XMEMCMP(decodedAttrib->oid, expectedAttrib->oid, decodedAttrib->oidSz) != 0) - return -7603; + return -9404; /* verify value */ if (XMEMCMP(decodedAttrib->value, expectedAttrib->value, decodedAttrib->valueSz) != 0) - return -7604; + return -9405; decodedAttrib = decodedAttrib->next; attribIdx++; @@ -17551,7 +18260,7 @@ int pkcs7encrypted_test(void) /* output pkcs7 envelopedData for external testing */ pkcs7File = fopen(testVectors[i].outFileName, "wb"); if (!pkcs7File) - return -7605; + return -9406; ret = (int)fwrite(encrypted, encryptedSz, 1, pkcs7File); fclose(pkcs7File); @@ -17715,12 +18424,12 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz, outSz = FOURK_BUF; out = (byte*)XMALLOC(outSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (out == NULL) - return -7700; + return -9407; ret = wc_PKCS7_PadData((byte*)data, sizeof(data), out, outSz, 16); if (ret < 0) { XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - return -7710; + return -9408; } #ifndef HAVE_FIPS @@ -17730,7 +18439,7 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz, #endif if (ret != 0) { XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - return -7701; + return -9409; } for (i = 0; i < testSz; i++) { @@ -17741,7 +18450,7 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz, if (ret != 0) { XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - return -7702; + return -9410; } pkcs7.rng = &rng; @@ -17763,7 +18472,7 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz, if (ret != 0) { XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_PKCS7_Free(&pkcs7); - return -7703; + return -9411; } } @@ -17786,7 +18495,7 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz, if (ret != 0) { XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_PKCS7_Free(&pkcs7); - return -7704; + return -9412; } wc_ShaUpdate(&sha, pkcs7.publicKey, pkcs7.publicKeySz); wc_ShaFinal(&sha, digest); @@ -17796,7 +18505,7 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz, if (ret != 0) { XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_PKCS7_Free(&pkcs7); - return -7704; + return -9413; } wc_Sha256Update(&sha, pkcs7.publicKey, pkcs7.publicKeySz); wc_Sha256Final(&sha, digest); @@ -17812,7 +18521,7 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz, if (encodedSz < 0) { XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_PKCS7_Free(&pkcs7); - return -7705; + return -9414; } #ifdef PKCS7_OUTPUT_TEST_BUNDLES @@ -17821,14 +18530,14 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz, if (!file) { XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_PKCS7_Free(&pkcs7); - return -7706; + return -9415; } ret = (int)fwrite(out, 1, encodedSz, file); fclose(file); if (ret != (int)encodedSz) { XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_PKCS7_Free(&pkcs7); - return -7707; + return -9416; } #endif /* PKCS7_OUTPUT_TEST_BUNDLES */ @@ -17839,13 +18548,13 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz, if (ret < 0) { XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_PKCS7_Free(&pkcs7); - return -7708; + return -9417; } if (pkcs7.singleCert == NULL || pkcs7.singleCertSz == 0) { XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_PKCS7_Free(&pkcs7); - return -7709; + return -9418; } @@ -17865,13 +18574,13 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz, NULL, (word32*)&bufSz) != LENGTH_ONLY_E) { XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_PKCS7_Free(&pkcs7); - return -7710; + return -9419; } if (bufSz > (int)sizeof(buf)) { XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_PKCS7_Free(&pkcs7); - return -7711; + return -9420; } bufSz = wc_PKCS7_GetAttributeValue(&pkcs7, oidPt, oidSz, @@ -17880,7 +18589,7 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz, (testVectors[i].signedAttribs == NULL && bufSz > 0)) { XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_PKCS7_Free(&pkcs7); - return -7712; + return -9421; } } @@ -17889,7 +18598,7 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz, if (!file) { XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_PKCS7_Free(&pkcs7); - return -7713; + return -9422; } ret = (int)fwrite(pkcs7.singleCert, 1, pkcs7.singleCertSz, file); fclose(file); @@ -17939,12 +18648,12 @@ int pkcs7signed_test(void) /* read client RSA cert and key in DER format */ rsaCert = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (rsaCert == NULL) - return -7720; + return -9500; rsaPrivKey = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (rsaPrivKey == NULL) { XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - return -7721; + return -9501; } rsaCertSz = FOURK_BUF; @@ -17957,7 +18666,7 @@ int pkcs7signed_test(void) if (eccCert == NULL) { XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - return -7722; + return -9502; } eccPrivKey =(byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); @@ -17965,7 +18674,7 @@ int pkcs7signed_test(void) XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - return -7723; + return -9503; } eccCertSz = FOURK_BUF; @@ -18037,7 +18746,7 @@ int mp_test(void) ret = mp_init_multi(&a, &b, &r1, &r2, NULL, NULL); if (ret != 0) - return -7800; + return -9600; mp_init_copy(&p, &a); @@ -18052,62 +18761,62 @@ int mp_test(void) #if defined(HAVE_ECC) || defined(WOLFSSL_KEY_GEN) mp_set_int(&a, 0); if (a.used != 0 || a.dp[0] != 0) - return -7801; + return -9601; for (j = 1; j <= MP_MAX_TEST_BYTE_LEN; j++) { for (i = 0; i < 4 * j; i++) { /* New values to use. */ ret = randNum(&p, j, &rng, NULL); if (ret != 0) - return -7802; + return -9602; ret = randNum(&a, j, &rng, NULL); if (ret != 0) - return -7803; + return -9603; ret = randNum(&b, j, &rng, NULL); if (ret != 0) - return -7804; + return -9604; ret = wc_RNG_GenerateBlock(&rng, (byte*)&d, sizeof(d)); if (ret != 0) - return -7805; + return -9605; d &= MP_MASK; /* Ensure sqrmod produce same result as mulmod. */ ret = mp_sqrmod(&a, &p, &r1); if (ret != 0) - return -7806; + return -9606; ret = mp_mulmod(&a, &a, &p, &r2); if (ret != 0) - return -7807; + return -9607; if (mp_cmp(&r1, &r2) != 0) - return -7808; + return -9608; /* Ensure add with mod produce same result as sub with mod. */ ret = mp_addmod(&a, &b, &p, &r1); if (ret != 0) - return -7809; + return -9609; b.sign ^= 1; ret = mp_submod(&a, &b, &p, &r2); if (ret != 0) - return -7810; + return -9610; if (mp_cmp(&r1, &r2) != 0) - return -7811; + return -9611; /* Ensure add digit produce same result as sub digit. */ ret = mp_add_d(&a, d, &r1); if (ret != 0) - return -7812; + return -9612; ret = mp_sub_d(&r1, d, &r2); if (ret != 0) - return -7813; + return -9613; if (mp_cmp(&a, &r2) != 0) - return -7814; + return -9614; /* Invert - if p is even it will use the slow impl. * - if p and a are even it will fail. */ ret = mp_invmod(&a, &p, &r1); if (ret != 0 && ret != MP_VAL) - return -7815; + return -9615; ret = 0; /* Shift up and down number all bits in a digit. */ @@ -18115,12 +18824,12 @@ int mp_test(void) mp_mul_2d(&a, k, &r1); mp_div_2d(&r1, k, &r2, &p); if (mp_cmp(&a, &r2) != 0) - return -7816; + return -9616; if (!mp_iszero(&p)) - return -7817; + return -9617; mp_rshb(&r1, k); if (mp_cmp(&a, &r1) != 0) - return -7818; + return -9618; } } } @@ -18129,14 +18838,14 @@ int mp_test(void) d &= 0xffffffff; mp_set_int(&a, d); if (a.used != 1 || a.dp[0] != d) - return -7819; + return -9619; /* Check setting a bit and testing a bit works. */ for (i = 0; i < MP_MAX_TEST_BYTE_LEN * 8; i++) { mp_zero(&a); mp_set_bit(&a, i); if (!mp_is_bit_set(&a, i)) - return -7820; + return -9620; } #endif @@ -18211,51 +18920,51 @@ int berder_test(void) for (i = 0; i < (int)(sizeof(testData) / sizeof(*testData)); i++) { ret = wc_BerToDer(testData[i].in, testData[i].inSz, NULL, &len); if (ret != LENGTH_ONLY_E) - return -7830 - i; + return -9700 - i; if (len != testData[i].outSz) - return -7840 - i; + return -9710 - i; len = testData[i].outSz; ret = wc_BerToDer(testData[i].in, testData[i].inSz, out, &len); if (ret != 0) - return -7850 - i; + return -9720 - i; if (XMEMCMP(out, testData[i].out, len) != 0) - return -7860 - i; + return -9730 - i; for (l = 1; l < testData[i].inSz; l++) { ret = wc_BerToDer(testData[i].in, l, NULL, &len); if (ret != ASN_PARSE_E) - return -7870; + return -9740; len = testData[i].outSz; ret = wc_BerToDer(testData[i].in, l, out, &len); if (ret != ASN_PARSE_E) - return -7871; + return -9741; } } ret = wc_BerToDer(NULL, 4, NULL, NULL); if (ret != BAD_FUNC_ARG) - return -7880; + return -9742; ret = wc_BerToDer(out, 4, NULL, NULL); if (ret != BAD_FUNC_ARG) - return -7881; + return -9743; ret = wc_BerToDer(NULL, 4, NULL, &len); if (ret != BAD_FUNC_ARG) - return -7882; + return -9744; ret = wc_BerToDer(NULL, 4, out, NULL); if (ret != BAD_FUNC_ARG) - return -7883; + return -9745; ret = wc_BerToDer(out, 4, out, NULL); if (ret != BAD_FUNC_ARG) - return -7884; + return -9746; ret = wc_BerToDer(NULL, 4, out, &len); if (ret != BAD_FUNC_ARG) - return -7885; + return -9747; for (l = 1; l < sizeof(good4_out); l++) { len = l; ret = wc_BerToDer(good4_in, sizeof(good4_in), out, &len); if (ret != BUFFER_E) - return -7890; + return -9748; } return 0; @@ -18284,10 +18993,10 @@ int logging_test(void) b[i] = i; if (wolfSSL_Debugging_ON() != 0) - return -7900; + return -9800; if (wolfSSL_SetLoggingCb(my_Logging_cb) != 0) - return -7901; + return -9801; WOLFSSL_MSG(msg); WOLFSSL_BUFFER(a, sizeof(a)); @@ -18312,7 +19021,7 @@ int logging_test(void) /* check the logs were disabled */ if (i != log_cnt) - return -7904; + return -9802; /* restore callback and leave logging enabled */ wolfSSL_SetLoggingCb(NULL); @@ -18324,10 +19033,10 @@ int logging_test(void) #else if (wolfSSL_Debugging_ON() != NOT_COMPILED_IN) - return -7906; + return -9803; wolfSSL_Debugging_OFF(); if (wolfSSL_SetLoggingCb(NULL) != NOT_COMPILED_IN) - return -7907; + return -9804; #endif /* DEBUG_WOLFSSL */ return 0; } @@ -18340,25 +19049,25 @@ int mutex_test(void) #endif wolfSSL_Mutex *mm = wc_InitAndAllocMutex(); if (mm == NULL) - return -8000; + return -9900; wc_FreeMutex(mm); XFREE(mm, NULL, DYNAMIC_TYPE_MUTEX); #ifdef WOLFSSL_PTHREADS if (wc_InitMutex(&m) != 0) - return -8001; + return -9901; if (wc_LockMutex(&m) != 0) - return -8002; + return -9902; if (wc_FreeMutex(&m) != BAD_MUTEX_E) - return -8003; + return -9903; if (wc_UnLockMutex(&m) != 0) - return -8004; + return -9904; if (wc_FreeMutex(&m) != 0) - return -8005; + return -9905; if (wc_LockMutex(&m) != BAD_MUTEX_E) - return -8006; + return -9906; if (wc_UnLockMutex(&m) != BAD_MUTEX_E) - return -8007; + return -9907; #endif return 0; @@ -18395,12 +19104,12 @@ int memcb_test(void) /* Save existing memory callbacks */ if (wolfSSL_GetAllocators(&mc, &fc, &rc) != 0) - return -8100; + return -10000; /* test realloc */ b = (byte*)XREALLOC(b, 1024, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (b == NULL) { - ERROR_OUT(-8101, exit_memcb); + ERROR_OUT(-10001, exit_memcb); } XFREE(b, NULL, DYNAMIC_TYPE_TMP_BUFFER); b = NULL; @@ -18408,21 +19117,21 @@ int memcb_test(void) /* Parameter Validation testing. */ if (wolfSSL_SetAllocators(NULL, (wolfSSL_Free_cb)&my_Free_cb, (wolfSSL_Realloc_cb)&my_Realloc_cb) != BAD_FUNC_ARG) { - ERROR_OUT(-8102, exit_memcb); + ERROR_OUT(-10002, exit_memcb); } if (wolfSSL_SetAllocators((wolfSSL_Malloc_cb)&my_Malloc_cb, NULL, (wolfSSL_Realloc_cb)&my_Realloc_cb) != BAD_FUNC_ARG) { - ERROR_OUT(-8103, exit_memcb); + ERROR_OUT(-10003, exit_memcb); } if (wolfSSL_SetAllocators((wolfSSL_Malloc_cb)&my_Malloc_cb, (wolfSSL_Free_cb)&my_Free_cb, NULL) != BAD_FUNC_ARG) { - ERROR_OUT(-8104, exit_memcb); + ERROR_OUT(-10004, exit_memcb); } /* Use API. */ if (wolfSSL_SetAllocators((wolfSSL_Malloc_cb)&my_Malloc_cb, (wolfSSL_Free_cb)&my_Free_cb, (wolfSSL_Realloc_cb)my_Realloc_cb) != 0) { - ERROR_OUT(-8105, exit_memcb); + ERROR_OUT(-10005, exit_memcb); } b = (byte*)XMALLOC(1024, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -18434,7 +19143,7 @@ int memcb_test(void) #else if (malloc_cnt != 0 || free_cnt != 0 || realloc_cnt != 0) #endif - ret = -8106; + ret = -10006; exit_memcb: @@ -18473,49 +19182,49 @@ int blob_test(void) }; - memset(blob, 0, sizeof(blob)); + XMEMSET(blob, 0, sizeof(blob)); outSz = sizeof(blob); ret = wc_caamCreateBlob((byte*)iv, sizeof(iv), blob, &outSz); if (ret != 0) { - ERROR_OUT(-8200, exit_blob); + ERROR_OUT(-10100, exit_blob); } blob[outSz - 2] += 1; ret = wc_caamOpenBlob(blob, outSz, out, &outSz); if (ret == 0) { /* should fail with altered blob */ - ERROR_OUT(-8201, exit_blob); + ERROR_OUT(-10101, exit_blob); } - memset(blob, 0, sizeof(blob)); + XMEMSET(blob, 0, sizeof(blob)); outSz = sizeof(blob); ret = wc_caamCreateBlob((byte*)iv, sizeof(iv), blob, &outSz); if (ret != 0) { - ERROR_OUT(-8202, exit_blob); + ERROR_OUT(-10102, exit_blob); } ret = wc_caamOpenBlob(blob, outSz, out, &outSz); if (ret != 0) { - ERROR_OUT(-8203, exit_blob); + ERROR_OUT(-10103, exit_blob); } if (XMEMCMP(out, iv, sizeof(iv))) { - ERROR_OUT(-8204, exit_blob); + ERROR_OUT(-10104, exit_blob); } - memset(blob, 0, sizeof(blob)); + XMEMSET(blob, 0, sizeof(blob)); outSz = sizeof(blob); ret = wc_caamCreateBlob((byte*)text, sizeof(text), blob, &outSz); if (ret != 0) { - ERROR_OUT(-8205, exit_blob); + ERROR_OUT(-10105, exit_blob); } ret = wc_caamOpenBlob(blob, outSz, out, &outSz); if (ret != 0) { - ERROR_OUT(-8206, exit_blob); + ERROR_OUT(-10106, exit_blob); } if (XMEMCMP(out, text, sizeof(text))) { - ERROR_OUT(-8207, exit_blob); + ERROR_OUT(-10107, exit_blob); } exit_blob: @@ -18524,6 +19233,156 @@ int blob_test(void) } #endif /* WOLFSSL_IMX6_CAAM_BLOB */ +int misc_test(void) +{ + unsigned char data[32]; + unsigned int i, j, len; + + /* Test ForceZero */ + for (i = 0; i < sizeof(data); i++) { + for (len = 1; len < sizeof(data) - i; len++) { + for (j = 0; j < sizeof(data); j++) + data[j] = j + 1; + + ForceZero(data + i, len); + + for (j = 0; j < sizeof(data); j++) { + if (j < i || j >= i + len) { + if (data[j] == 0x00) + return -10200; + } + else if (data[j] != 0x00) + return -10201; + } + } + } + + return 0; +} + +#ifdef WOLF_CRYPTO_DEV + +/* Example custom context for crypto callback */ +typedef struct { + int exampleVar; /* example, not used */ +} myCryptoDevCtx; + + +/* Example crypto dev callback function that calls software version */ +static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) +{ + int ret = NOT_COMPILED_IN; /* return this to bypass HW and use SW */ + myCryptoDevCtx* myCtx = (myCryptoDevCtx*)ctx; + + if (info == NULL) + return BAD_FUNC_ARG; + + if (info->algo_type == WC_ALGO_TYPE_PK) { + #ifdef DEBUG_WOLFSSL + printf("CryptoDevCb: Pk Type %d\n", info->pk.type); + #endif + + #ifndef NO_RSA + if (info->pk.type == WC_PK_TYPE_RSA) { + /* set devId to invalid, so software is used */ + info->pk.rsa.key->devId = INVALID_DEVID; + + switch (info->pk.rsa.type) { + case RSA_PUBLIC_ENCRYPT: + case RSA_PUBLIC_DECRYPT: + /* perform software based RSA public op */ + ret = wc_RsaFunction( + info->pk.rsa.in, info->pk.rsa.inLen, + info->pk.rsa.out, info->pk.rsa.outLen, + info->pk.rsa.type, info->pk.rsa.key, info->pk.rsa.rng); + break; + case RSA_PRIVATE_ENCRYPT: + case RSA_PRIVATE_DECRYPT: + /* perform software based RSA private op */ + ret = wc_RsaFunction( + info->pk.rsa.in, info->pk.rsa.inLen, + info->pk.rsa.out, info->pk.rsa.outLen, + info->pk.rsa.type, info->pk.rsa.key, info->pk.rsa.rng); + break; + } + + /* reset devId */ + info->pk.rsa.key->devId = devIdArg; + } + #endif /* !NO_RSA */ + #ifdef HAVE_ECC + if (info->pk.type == WC_PK_TYPE_ECDSA_SIGN) { + /* set devId to invalid, so software is used */ + info->pk.eccsign.key->devId = INVALID_DEVID; + + ret = wc_ecc_sign_hash( + info->pk.eccsign.in, info->pk.eccsign.inlen, + info->pk.eccsign.out, info->pk.eccsign.outlen, + info->pk.eccsign.rng, info->pk.eccsign.key); + + /* reset devId */ + info->pk.eccsign.key->devId = devIdArg; + } + else if (info->pk.type == WC_PK_TYPE_ECDSA_VERIFY) { + /* set devId to invalid, so software is used */ + info->pk.eccverify.key->devId = INVALID_DEVID; + + ret = wc_ecc_verify_hash( + info->pk.eccverify.sig, info->pk.eccverify.siglen, + info->pk.eccverify.hash, info->pk.eccverify.hashlen, + info->pk.eccverify.res, info->pk.eccverify.key); + + /* reset devId */ + info->pk.eccverify.key->devId = devIdArg; + } + else if (info->pk.type == WC_PK_TYPE_ECDH) { + /* set devId to invalid, so software is used */ + info->pk.ecdh.private_key->devId = INVALID_DEVID; + + ret = wc_ecc_shared_secret( + info->pk.ecdh.private_key, info->pk.ecdh.public_key, + info->pk.ecdh.out, info->pk.ecdh.outlen); + + /* reset devId */ + info->pk.ecdh.private_key->devId = devIdArg; + } + #endif /* HAVE_ECC */ + } + + (void)myCtx; + + return ret; +} + +int cryptodev_test(void) +{ + int ret = 0; + myCryptoDevCtx myCtx; + + /* example data for callback */ + myCtx.exampleVar = 1; + + /* set devId to something other than INVALID_DEVID */ + devId = 1; + ret = wc_CryptoDev_RegisterDevice(devId, myCryptoDevCb, &myCtx); + +#ifndef NO_RSA + if (ret == 0) + ret = rsa_test(); +#endif +#ifdef HAVE_ECC + if (ret == 0) + ret = ecc_test(); +#endif + + /* reset devId */ + devId = INVALID_DEVID; + + return ret; +} +#endif /* WOLF_CRYPTO_DEV */ + + #undef ERROR_OUT #else diff --git a/wolfssl/certs_test.h b/wolfssl/certs_test.h index 28c91dbcf..7a7eec70a 100644 --- a/wolfssl/certs_test.h +++ b/wolfssl/certs_test.h @@ -99,8 +99,8 @@ static const int sizeof_client_keypub_der_1024 = sizeof(client_keypub_der_1024); static const unsigned char client_cert_der_1024[] = { 0x30, 0x82, 0x03, 0xC5, 0x30, 0x82, 0x03, 0x2E, 0xA0, 0x03, - 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xF3, 0x63, 0xB8, 0x35, - 0x1D, 0x0A, 0xD8, 0xD9, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, + 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xBB, 0xD3, 0x10, 0x03, + 0xE6, 0x9D, 0x28, 0x03, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, @@ -118,10 +118,10 @@ static const unsigned char client_cert_der_1024[] = 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, - 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x36, 0x30, 0x38, 0x31, 0x31, - 0x32, 0x30, 0x30, 0x37, 0x33, 0x37, 0x5A, 0x17, 0x0D, 0x31, - 0x39, 0x30, 0x35, 0x30, 0x38, 0x32, 0x30, 0x30, 0x37, 0x33, - 0x37, 0x5A, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06, + 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x38, 0x30, 0x34, 0x31, 0x33, + 0x31, 0x35, 0x32, 0x33, 0x30, 0x39, 0x5A, 0x17, 0x0D, 0x32, + 0x31, 0x30, 0x31, 0x30, 0x37, 0x31, 0x35, 0x32, 0x33, 0x30, + 0x39, 0x5A, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, @@ -178,23 +178,23 @@ static const unsigned char client_cert_der_1024[] = 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x09, 0x00, - 0xF3, 0x63, 0xB8, 0x35, 0x1D, 0x0A, 0xD8, 0xD9, 0x30, 0x0C, + 0xBB, 0xD3, 0x10, 0x03, 0xE6, 0x9D, 0x28, 0x03, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, 0x81, 0x81, - 0x00, 0x31, 0x5E, 0xC5, 0x8C, 0x6F, 0xB7, 0xC5, 0x47, 0x1B, - 0x51, 0x5F, 0x99, 0x91, 0xA1, 0x23, 0x45, 0x3C, 0x36, 0x59, - 0x20, 0xFE, 0x90, 0x46, 0x95, 0x79, 0xE8, 0xB8, 0xD9, 0xDB, - 0x44, 0x7F, 0x63, 0x42, 0x71, 0x59, 0xD5, 0x59, 0xA5, 0x3C, - 0xD3, 0x43, 0x83, 0xA0, 0x7D, 0x1E, 0x56, 0x36, 0x02, 0x92, - 0xE2, 0x0A, 0x19, 0xF6, 0x97, 0xF2, 0x82, 0x12, 0xA6, 0xB2, - 0xBF, 0x3B, 0xB6, 0xB0, 0x07, 0xFC, 0x7A, 0x5B, 0x78, 0x22, - 0xA0, 0x31, 0xF4, 0x3D, 0xEB, 0x0A, 0xC5, 0xE4, 0xE5, 0xB4, - 0xC7, 0xBB, 0x4F, 0xA9, 0xB8, 0x37, 0x19, 0xBF, 0xC7, 0x64, - 0x9D, 0x74, 0x9E, 0x78, 0xDF, 0x09, 0xF5, 0xD6, 0xDD, 0xC2, - 0xFB, 0xCE, 0x94, 0xD5, 0xBF, 0x97, 0xB0, 0x76, 0xB5, 0xE9, - 0x10, 0x65, 0x6C, 0x48, 0x85, 0xC4, 0x1B, 0xFF, 0x5B, 0x64, - 0xC7, 0x11, 0x30, 0x06, 0xE4, 0x40, 0xF5, 0x90, 0x2B + 0x00, 0x84, 0x99, 0xD9, 0xE5, 0x37, 0xC4, 0x44, 0x7D, 0xCE, + 0x29, 0xB8, 0xB6, 0x80, 0x0E, 0xEA, 0xA3, 0xE2, 0xFA, 0xA2, + 0x2F, 0x5C, 0xD2, 0x4A, 0x85, 0x67, 0xB9, 0x8B, 0xFA, 0x9F, + 0x7D, 0xDA, 0x6D, 0x85, 0x2A, 0xC2, 0x20, 0xF3, 0x18, 0xC8, + 0xD4, 0x6B, 0x26, 0xB2, 0x7A, 0x68, 0xE7, 0x82, 0x52, 0x87, + 0xE7, 0x0C, 0x5B, 0x08, 0x47, 0x7A, 0x55, 0xA5, 0x0D, 0xFA, + 0x72, 0xCE, 0x6B, 0xA1, 0xB2, 0xAE, 0x5A, 0xA1, 0x63, 0xFF, + 0x68, 0xDB, 0xE5, 0x49, 0xEF, 0xF1, 0x0E, 0x98, 0x96, 0x09, + 0xB5, 0x04, 0x5F, 0xD4, 0x0A, 0x9B, 0x8A, 0xAF, 0xD2, 0x31, + 0x1F, 0x95, 0xE5, 0x0F, 0xA8, 0xCD, 0xBB, 0xA1, 0x2D, 0x64, + 0xB0, 0xB7, 0xEE, 0x47, 0xA7, 0x58, 0xD9, 0xC7, 0xDB, 0xB0, + 0x92, 0xBB, 0xAA, 0xCF, 0xB8, 0x8A, 0x04, 0x5B, 0x0F, 0x9F, + 0x3E, 0xE0, 0xD2, 0x42, 0x52, 0xBD, 0x5D, 0xA7, 0x48 }; static const int sizeof_client_cert_der_1024 = sizeof(client_cert_der_1024); @@ -408,8 +408,8 @@ static const int sizeof_ca_key_der_1024 = sizeof(ca_key_der_1024); static const unsigned char ca_cert_der_1024[] = { 0x30, 0x82, 0x03, 0xB5, 0x30, 0x82, 0x03, 0x1E, 0xA0, 0x03, - 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xB5, 0x4E, 0x78, 0x83, - 0xDD, 0xEF, 0xE7, 0x8F, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, + 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xDA, 0xFB, 0x6A, 0x0D, + 0xFE, 0xCF, 0x9B, 0x47, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x30, 0x81, 0x99, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, @@ -427,9 +427,9 @@ static const unsigned char ca_cert_der_1024[] = 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x31, - 0x36, 0x30, 0x38, 0x31, 0x31, 0x32, 0x30, 0x30, 0x37, 0x33, - 0x37, 0x5A, 0x17, 0x0D, 0x31, 0x39, 0x30, 0x35, 0x30, 0x38, - 0x32, 0x30, 0x30, 0x37, 0x33, 0x37, 0x5A, 0x30, 0x81, 0x99, + 0x38, 0x30, 0x34, 0x31, 0x33, 0x31, 0x35, 0x32, 0x33, 0x31, + 0x30, 0x5A, 0x17, 0x0D, 0x32, 0x31, 0x30, 0x31, 0x30, 0x37, + 0x31, 0x35, 0x32, 0x33, 0x31, 0x30, 0x5A, 0x30, 0x81, 0x99, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, @@ -485,24 +485,24 @@ static const unsigned char ca_cert_der_1024[] = 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, - 0x6D, 0x82, 0x09, 0x00, 0xB5, 0x4E, 0x78, 0x83, 0xDD, 0xEF, - 0xE7, 0x8F, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, + 0x6D, 0x82, 0x09, 0x00, 0xDA, 0xFB, 0x6A, 0x0D, 0xFE, 0xCF, + 0x9B, 0x47, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, - 0x00, 0x03, 0x81, 0x81, 0x00, 0x5A, 0x09, 0xC3, 0x7E, 0xD5, - 0xCD, 0x73, 0x6F, 0xD6, 0x5D, 0x1D, 0x6C, 0xA8, 0x4A, 0x12, - 0x82, 0x3D, 0xBE, 0xFE, 0x09, 0xD6, 0x02, 0x24, 0x23, 0x9A, - 0x07, 0x67, 0x4B, 0x6E, 0x60, 0xA6, 0x6D, 0x42, 0xAA, 0x86, - 0x36, 0x07, 0x20, 0xA9, 0x44, 0xB4, 0x95, 0xD6, 0x81, 0xDB, - 0x9D, 0x28, 0x13, 0x5F, 0xA9, 0x75, 0x38, 0x2D, 0x80, 0xC6, - 0x60, 0xF7, 0x4A, 0x48, 0x23, 0xC0, 0x97, 0xEE, 0xF7, 0x65, - 0x35, 0x19, 0x8D, 0x20, 0xA2, 0x00, 0x24, 0x5C, 0xD9, 0x35, - 0x22, 0x99, 0x1F, 0xDD, 0x5F, 0x0C, 0x83, 0xF8, 0xAB, 0x4D, - 0x88, 0x69, 0x6A, 0xB0, 0xF4, 0x82, 0x5C, 0x77, 0xA5, 0x50, - 0xB1, 0x09, 0xD1, 0x5D, 0x94, 0xD8, 0xB0, 0x26, 0xBF, 0xC1, - 0x55, 0x14, 0x9F, 0xE2, 0xF0, 0x2E, 0x48, 0xD1, 0x7B, 0xFC, - 0x52, 0xBF, 0xAC, 0x6D, 0x1A, 0x3A, 0xDD, 0x36, 0xEE, 0xCA, - 0x51, 0x4C, 0x1D + 0x00, 0x03, 0x81, 0x81, 0x00, 0x1D, 0x48, 0xF6, 0x40, 0x41, + 0x04, 0x06, 0xF2, 0xE4, 0x72, 0x2F, 0xEA, 0xFF, 0xC1, 0x67, + 0x6B, 0x15, 0xBB, 0x0A, 0x28, 0x23, 0x28, 0x07, 0xC6, 0xD7, + 0x13, 0x2C, 0xBE, 0x00, 0x00, 0xAC, 0x1D, 0xF7, 0xF4, 0x92, + 0xD3, 0x2B, 0xAF, 0x23, 0xEB, 0x9F, 0x1A, 0xE2, 0x11, 0x3C, + 0x2D, 0x97, 0xF2, 0x0F, 0xAC, 0xAE, 0x97, 0x86, 0x0A, 0xFB, + 0xA8, 0x4F, 0x74, 0x1B, 0xDE, 0x19, 0x51, 0xDB, 0xCD, 0xE2, + 0x11, 0x38, 0xC1, 0xA4, 0x9D, 0x56, 0xAB, 0x47, 0x5C, 0xDE, + 0xBA, 0xEB, 0x27, 0xDF, 0x6D, 0xC8, 0x7E, 0x3A, 0xBD, 0x2E, + 0x9B, 0x2A, 0xAD, 0x22, 0x3B, 0x95, 0xA9, 0xF2, 0x28, 0x03, + 0xBC, 0xE5, 0xEC, 0xCC, 0xF2, 0x08, 0xD4, 0xC8, 0x2F, 0xDB, + 0xEA, 0xFB, 0x2E, 0x52, 0x16, 0x8C, 0x42, 0x02, 0xA4, 0x59, + 0x6D, 0x4C, 0x33, 0xB4, 0x9A, 0xD2, 0x73, 0x4A, 0x1E, 0x9F, + 0xD9, 0xC8, 0x83 }; static const int sizeof_ca_cert_der_1024 = sizeof(ca_cert_der_1024); @@ -595,9 +595,9 @@ static const unsigned char server_cert_der_1024[] = 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x1E, 0x17, - 0x0D, 0x31, 0x36, 0x30, 0x38, 0x31, 0x31, 0x32, 0x30, 0x30, - 0x37, 0x33, 0x38, 0x5A, 0x17, 0x0D, 0x31, 0x39, 0x30, 0x35, - 0x30, 0x38, 0x32, 0x30, 0x30, 0x37, 0x33, 0x38, 0x5A, 0x30, + 0x0D, 0x31, 0x38, 0x30, 0x34, 0x31, 0x33, 0x31, 0x35, 0x32, + 0x33, 0x31, 0x30, 0x5A, 0x17, 0x0D, 0x32, 0x31, 0x30, 0x31, + 0x30, 0x37, 0x31, 0x35, 0x32, 0x33, 0x31, 0x30, 0x5A, 0x30, 0x81, 0x95, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, @@ -653,24 +653,24 @@ static const unsigned char server_cert_der_1024[] = 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, - 0x09, 0x00, 0xB5, 0x4E, 0x78, 0x83, 0xDD, 0xEF, 0xE7, 0x8F, + 0x09, 0x00, 0xDA, 0xFB, 0x6A, 0x0D, 0xFE, 0xCF, 0x9B, 0x47, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, - 0x81, 0x81, 0x00, 0x2C, 0xAA, 0xA2, 0x46, 0xF7, 0x79, 0xC7, - 0x7F, 0xCE, 0xEF, 0x4D, 0xE6, 0x04, 0xAA, 0x7C, 0x5C, 0x77, - 0x72, 0x55, 0x66, 0x41, 0x97, 0x7F, 0xC5, 0x6E, 0x98, 0xA0, - 0xC4, 0x10, 0xC6, 0xD6, 0x9C, 0x70, 0x0A, 0xEE, 0xBA, 0xEA, - 0x98, 0x47, 0x78, 0x6F, 0x33, 0x8F, 0x44, 0x7A, 0xD5, 0x74, - 0x8A, 0x7E, 0xAB, 0x49, 0x1D, 0xD7, 0x95, 0x12, 0x11, 0x8E, - 0xA0, 0x54, 0x5D, 0x7D, 0x0B, 0xDA, 0xC2, 0xC3, 0x01, 0x1A, - 0xE7, 0x20, 0x5E, 0x5A, 0xF7, 0x16, 0x81, 0x89, 0xB7, 0xCD, - 0xE7, 0xDC, 0x46, 0xE6, 0x5E, 0xF9, 0x1A, 0xC2, 0x40, 0xA5, - 0x59, 0xF1, 0xF5, 0xFA, 0x55, 0xDB, 0x15, 0xEA, 0x3C, 0xC6, - 0x39, 0xFD, 0xE6, 0x7B, 0x5B, 0x01, 0x5F, 0xA7, 0xC9, 0x36, - 0xA0, 0x1E, 0x73, 0x11, 0xB5, 0xD3, 0xB8, 0x3F, 0x8D, 0x88, - 0x32, 0x6A, 0xE7, 0xCD, 0xB7, 0x1D, 0x31, 0x4E, 0x49, 0xE8, - 0xB9 + 0x81, 0x81, 0x00, 0x0B, 0xC3, 0xAF, 0x43, 0x85, 0x64, 0x61, + 0xE7, 0xAB, 0x5A, 0x2A, 0x1B, 0xB2, 0x29, 0xD5, 0x66, 0x68, + 0x44, 0x1A, 0x6D, 0x66, 0xFC, 0x3D, 0xB1, 0x88, 0xEC, 0xA5, + 0x41, 0x18, 0x67, 0x62, 0x34, 0xA4, 0x5E, 0xC9, 0x69, 0xCD, + 0x40, 0xC8, 0x56, 0x7E, 0xBF, 0xEB, 0xBC, 0x61, 0x1F, 0x33, + 0x34, 0x58, 0xBE, 0x57, 0xFD, 0xE6, 0x98, 0xDD, 0x51, 0x27, + 0x7C, 0xB7, 0x2C, 0xBC, 0xC9, 0x39, 0xE5, 0xE5, 0x95, 0x82, + 0xE1, 0x3F, 0xD9, 0xB9, 0x97, 0x30, 0x4E, 0x33, 0x2C, 0xEF, + 0xF8, 0xDB, 0xB4, 0xEE, 0x35, 0x75, 0x9E, 0x7A, 0x3F, 0x22, + 0x8F, 0xA5, 0x71, 0xD4, 0x01, 0x64, 0x6C, 0xF2, 0x85, 0xF7, + 0x72, 0x99, 0x2C, 0x80, 0x0F, 0xA4, 0x31, 0x1D, 0xD4, 0x0B, + 0x1E, 0xA5, 0x0F, 0xE7, 0x53, 0x0A, 0xDE, 0x15, 0x0D, 0xB2, + 0xD0, 0x6B, 0xF4, 0xD6, 0x2F, 0xE2, 0x0B, 0xA3, 0x8A, 0x5A, + 0x6E }; static const int sizeof_server_cert_der_1024 = sizeof(server_cert_der_1024); @@ -844,8 +844,8 @@ static const int sizeof_client_keypub_der_2048 = sizeof(client_keypub_der_2048); static const unsigned char client_cert_der_2048[] = { 0x30, 0x82, 0x04, 0xCA, 0x30, 0x82, 0x03, 0xB2, 0xA0, 0x03, - 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xB9, 0xBC, 0x90, 0xED, - 0xAD, 0xAA, 0x0A, 0x8C, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, + 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xAA, 0xC4, 0xBF, 0x4C, + 0x50, 0xBD, 0x55, 0x77, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, @@ -863,10 +863,10 @@ static const unsigned char client_cert_der_2048[] = 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, - 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x36, 0x30, 0x38, 0x31, 0x31, - 0x32, 0x30, 0x30, 0x37, 0x33, 0x37, 0x5A, 0x17, 0x0D, 0x31, - 0x39, 0x30, 0x35, 0x30, 0x38, 0x32, 0x30, 0x30, 0x37, 0x33, - 0x37, 0x5A, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06, + 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x38, 0x30, 0x34, 0x31, 0x33, + 0x31, 0x35, 0x32, 0x33, 0x30, 0x39, 0x5A, 0x17, 0x0D, 0x32, + 0x31, 0x30, 0x31, 0x30, 0x37, 0x31, 0x35, 0x32, 0x33, 0x30, + 0x39, 0x5A, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, @@ -936,36 +936,36 @@ static const unsigned char client_cert_der_2048[] = 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, - 0x09, 0x00, 0xB9, 0xBC, 0x90, 0xED, 0xAD, 0xAA, 0x0A, 0x8C, + 0x09, 0x00, 0xAA, 0xC4, 0xBF, 0x4C, 0x50, 0xBD, 0x55, 0x77, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, - 0x82, 0x01, 0x01, 0x00, 0x33, 0x85, 0x08, 0xB4, 0x58, 0x0E, - 0xA2, 0x00, 0x03, 0x74, 0xDE, 0x77, 0xFB, 0xD1, 0x2B, 0x76, - 0x9C, 0x97, 0x90, 0x20, 0x21, 0xA2, 0xE8, 0x2E, 0x22, 0x50, - 0x26, 0x04, 0x76, 0xBA, 0x5B, 0x47, 0x79, 0xE5, 0x52, 0xF7, - 0xC4, 0x0D, 0x79, 0xFF, 0x62, 0x3F, 0x05, 0x7C, 0xC3, 0x08, - 0x6C, 0xE0, 0xB7, 0x81, 0xD0, 0xCE, 0xC6, 0xC9, 0x46, 0xB9, - 0x8E, 0x4B, 0x5F, 0x56, 0x79, 0x4B, 0x13, 0xB6, 0xD1, 0x6B, - 0x66, 0x4B, 0xCE, 0x00, 0x0D, 0xE3, 0x76, 0x5E, 0xFB, 0xCB, - 0xB5, 0x5D, 0x12, 0x31, 0x05, 0xF1, 0xBB, 0x39, 0xF6, 0x86, - 0x90, 0xCA, 0x92, 0x56, 0xA4, 0xA0, 0x75, 0x21, 0xB6, 0x1D, - 0x4C, 0x96, 0xC3, 0x45, 0xEB, 0x5A, 0x91, 0x94, 0x32, 0xD3, - 0x59, 0xB8, 0xC9, 0x73, 0x1F, 0x03, 0xA9, 0x81, 0x63, 0xE0, - 0x43, 0xC0, 0x1E, 0xC8, 0x65, 0xBE, 0x3B, 0xA7, 0x53, 0xC3, - 0x44, 0xFF, 0xB3, 0xFB, 0x47, 0x84, 0xA8, 0xB6, 0x9D, 0x00, - 0xD5, 0x6B, 0xAE, 0x87, 0xF8, 0xBB, 0x35, 0xB2, 0x6C, 0x66, - 0x0B, 0x11, 0xEE, 0x6F, 0xFE, 0x12, 0xED, 0x59, 0x79, 0xF1, - 0x3E, 0xF2, 0xD3, 0x61, 0x27, 0x8B, 0x95, 0x7E, 0x99, 0x75, - 0x8D, 0xA4, 0x9F, 0x34, 0x85, 0xF1, 0x25, 0x4D, 0x48, 0x1E, - 0x9B, 0x6B, 0x70, 0xF6, 0x66, 0xCC, 0x56, 0xB1, 0xA3, 0x02, - 0x52, 0x8A, 0x7C, 0xAA, 0xAF, 0x07, 0xDA, 0x97, 0xC6, 0x0C, - 0xA5, 0x8F, 0xED, 0xCB, 0xF5, 0xD8, 0x04, 0x5D, 0x97, 0x0A, - 0x5D, 0x5A, 0x2B, 0x49, 0xF5, 0xBD, 0x93, 0xE5, 0x23, 0x9B, - 0x99, 0xB5, 0x0C, 0xFF, 0x0C, 0x7E, 0x38, 0x82, 0xB2, 0x6E, - 0xAB, 0x8A, 0xC9, 0xA7, 0x45, 0xAB, 0xD6, 0xD7, 0x93, 0x35, - 0x70, 0x07, 0x7E, 0xC8, 0x3D, 0xA5, 0xFE, 0x33, 0x8F, 0xD9, - 0x85, 0xC0, 0xC7, 0x5A, 0x02, 0xE4, 0x7C, 0xD6, 0x35, 0x9E + 0x82, 0x01, 0x01, 0x00, 0x80, 0x52, 0x54, 0x61, 0x2A, 0x77, + 0x80, 0x53, 0x44, 0xA9, 0x80, 0x6D, 0x45, 0xFF, 0x0D, 0x25, + 0x7D, 0x1A, 0x8F, 0x23, 0x93, 0x53, 0x74, 0x35, 0x12, 0x6F, + 0xF0, 0x2E, 0x20, 0xEA, 0xED, 0x80, 0x63, 0x69, 0x88, 0xE6, + 0x0C, 0xA1, 0x49, 0x30, 0xE0, 0x82, 0xDB, 0x68, 0x0F, 0x7E, + 0x84, 0xAC, 0xFF, 0xFF, 0x7B, 0x42, 0xFA, 0x7E, 0x2F, 0xB2, + 0x52, 0x9F, 0xD2, 0x79, 0x5E, 0x35, 0x12, 0x27, 0x36, 0xBC, + 0xDF, 0x96, 0x58, 0x44, 0x96, 0x55, 0xC8, 0x4A, 0x94, 0x02, + 0x5F, 0x4A, 0x9D, 0xDC, 0xD3, 0x3A, 0xF7, 0x6D, 0xAC, 0x8B, + 0x79, 0x6E, 0xFC, 0xBE, 0x8F, 0x23, 0x58, 0x6A, 0x8A, 0xF5, + 0x38, 0x0A, 0x42, 0xF6, 0x98, 0x74, 0x88, 0x53, 0x2E, 0x02, + 0xAF, 0xE1, 0x0E, 0xBE, 0x6F, 0xCC, 0x74, 0x33, 0x7C, 0xEC, + 0xB4, 0xCB, 0xA7, 0x49, 0x6D, 0x82, 0x42, 0x4F, 0xEB, 0x73, + 0x29, 0xC3, 0x32, 0x00, 0x2B, 0x15, 0xF8, 0x88, 0x7A, 0x8F, + 0x6D, 0x20, 0x1B, 0xAE, 0x65, 0x5F, 0xC5, 0xD0, 0x8A, 0xD1, + 0xE2, 0x64, 0x6D, 0xA3, 0xA8, 0xFE, 0x64, 0xE1, 0xA9, 0x5B, + 0xE6, 0xD0, 0x23, 0xD6, 0x02, 0x72, 0x5A, 0xEC, 0x03, 0x8E, + 0x87, 0x67, 0x19, 0x8D, 0xE4, 0xA8, 0x99, 0x15, 0xC1, 0x3D, + 0x91, 0x48, 0x99, 0x8D, 0xFE, 0xAE, 0x1C, 0xBF, 0xF6, 0x28, + 0x1B, 0x45, 0xBE, 0xAD, 0xEF, 0x72, 0x83, 0x9A, 0xF6, 0xC7, + 0x3B, 0x51, 0xA3, 0x6E, 0x7A, 0x73, 0xBD, 0x83, 0xAA, 0x97, + 0xFD, 0x63, 0xB4, 0xF4, 0x6B, 0x1C, 0x14, 0x81, 0x9A, 0xEF, + 0x14, 0x24, 0xD3, 0xE1, 0x8B, 0xF4, 0x04, 0x04, 0x84, 0x54, + 0x0F, 0x61, 0xA2, 0xA8, 0xF2, 0x50, 0x37, 0x0C, 0x17, 0x0C, + 0xBC, 0xE0, 0xC2, 0x84, 0x85, 0xF4, 0x0B, 0xAE, 0x00, 0xCA, + 0x9F, 0x27, 0xE2, 0x44, 0x4F, 0x15, 0x0B, 0x8B, 0x1D, 0xB4 }; static const int sizeof_client_cert_der_2048 = sizeof(client_cert_der_2048); @@ -1349,8 +1349,8 @@ static const int sizeof_ca_key_der_2048 = sizeof(ca_key_der_2048); static const unsigned char ca_cert_der_2048[] = { 0x30, 0x82, 0x04, 0xAA, 0x30, 0x82, 0x03, 0x92, 0xA0, 0x03, - 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xB7, 0xB6, 0x90, 0x33, - 0x66, 0x1B, 0x6B, 0x23, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, + 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0x86, 0xFF, 0xF5, 0x8E, + 0x10, 0xDE, 0xB8, 0xFB, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, @@ -1367,10 +1367,10 @@ static const unsigned char ca_cert_der_2048[] = 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, - 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x36, 0x30, 0x38, 0x31, 0x31, - 0x32, 0x30, 0x30, 0x37, 0x33, 0x37, 0x5A, 0x17, 0x0D, 0x31, - 0x39, 0x30, 0x35, 0x30, 0x38, 0x32, 0x30, 0x30, 0x37, 0x33, - 0x37, 0x5A, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06, + 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x38, 0x30, 0x34, 0x31, 0x33, + 0x31, 0x35, 0x32, 0x33, 0x30, 0x39, 0x5A, 0x17, 0x0D, 0x32, + 0x31, 0x30, 0x31, 0x30, 0x37, 0x31, 0x35, 0x32, 0x33, 0x30, + 0x39, 0x5A, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, @@ -1438,36 +1438,36 @@ static const unsigned char ca_cert_der_2048[] = 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x09, 0x00, - 0xB7, 0xB6, 0x90, 0x33, 0x66, 0x1B, 0x6B, 0x23, 0x30, 0x0C, + 0x86, 0xFF, 0xF5, 0x8E, 0x10, 0xDE, 0xB8, 0xFB, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, 0x82, 0x01, - 0x01, 0x00, 0x0E, 0x93, 0x48, 0x44, 0x4A, 0x72, 0x96, 0x60, - 0x71, 0x25, 0x82, 0xA9, 0x2C, 0xCA, 0x60, 0x5B, 0xF2, 0x88, - 0x3E, 0xCF, 0x11, 0x74, 0x5A, 0x11, 0x4A, 0xDC, 0xD9, 0xD8, - 0xF6, 0x58, 0x2C, 0x05, 0xD3, 0x56, 0xD9, 0xE9, 0x8F, 0x37, - 0xEF, 0x8E, 0x3E, 0x3B, 0xFF, 0x22, 0x36, 0x00, 0xCA, 0xD8, - 0xE2, 0x96, 0x3F, 0xA7, 0xD1, 0xED, 0x1F, 0xDE, 0x7A, 0xB0, - 0xD7, 0x8F, 0x36, 0xBD, 0x41, 0x55, 0x1E, 0xD4, 0xB9, 0x86, - 0x3B, 0x87, 0x25, 0x69, 0x35, 0x60, 0x48, 0xD6, 0xE4, 0x5A, - 0x94, 0xCE, 0xA2, 0xFA, 0x70, 0x38, 0x36, 0xC4, 0x85, 0xB4, - 0x4B, 0x23, 0xFE, 0x71, 0x9E, 0x2F, 0xDB, 0x06, 0xC7, 0xB5, - 0x9C, 0x21, 0xF0, 0x3E, 0x7C, 0xEB, 0x91, 0xF8, 0x5C, 0x09, - 0xFD, 0x84, 0x43, 0xA4, 0xB3, 0x4E, 0x04, 0x0C, 0x22, 0x31, - 0x71, 0x6A, 0x48, 0xC8, 0xAB, 0xBB, 0xE8, 0xCE, 0xFA, 0x67, - 0x15, 0x1A, 0x3A, 0x82, 0x98, 0x43, 0x33, 0xB5, 0x0E, 0x1F, - 0x1E, 0x89, 0xF8, 0x37, 0xDE, 0x1B, 0xE6, 0xB5, 0xA0, 0xF4, - 0xA2, 0x8B, 0xB7, 0x1C, 0x90, 0xBA, 0x98, 0x6D, 0x94, 0x21, - 0x08, 0x80, 0x5D, 0xF3, 0xBF, 0x66, 0xAD, 0xC9, 0x72, 0x28, - 0x7A, 0x6A, 0x48, 0xEE, 0xCF, 0x63, 0x69, 0x31, 0x8C, 0xC5, - 0x8E, 0x66, 0xDA, 0x4B, 0x78, 0x65, 0xE8, 0x03, 0x3A, 0x4B, - 0xF8, 0xCC, 0x42, 0x54, 0xD3, 0x52, 0x5C, 0x2D, 0x04, 0xAE, - 0x26, 0x87, 0xE1, 0x7E, 0x40, 0xCB, 0x45, 0x41, 0x16, 0x4B, - 0x6E, 0xA3, 0x2E, 0x4A, 0x76, 0xBD, 0x29, 0x7F, 0x1C, 0x53, - 0x37, 0x06, 0xAD, 0xE9, 0x5B, 0x6A, 0xD6, 0xB7, 0x4E, 0x94, - 0xA2, 0x7C, 0xE8, 0xAC, 0x4E, 0xA6, 0x50, 0x3E, 0x2B, 0x32, - 0x9E, 0x68, 0x42, 0x1B, 0xE4, 0x59, 0x67, 0x61, 0xEA, 0xC7, - 0x9A, 0x51, 0x9C, 0x1C, 0x55, 0xA3, 0x77, 0x76 + 0x01, 0x00, 0x9E, 0x28, 0x88, 0x72, 0x00, 0xCA, 0xE6, 0xE7, + 0x97, 0xCA, 0xC1, 0xF1, 0x1F, 0x9E, 0x12, 0xB2, 0xB8, 0xC7, + 0x51, 0xEA, 0x28, 0xE1, 0x36, 0xB5, 0x2D, 0xE6, 0x2F, 0x08, + 0x23, 0xCB, 0xA9, 0x4A, 0x87, 0x25, 0xC6, 0x5D, 0x89, 0x45, + 0xEA, 0xF5, 0x00, 0x98, 0xAC, 0x76, 0xFB, 0x1B, 0xAF, 0xF0, + 0xCE, 0x64, 0x9E, 0xDA, 0x08, 0xBF, 0xB6, 0xEB, 0xB4, 0xB5, + 0x0C, 0xA0, 0xE7, 0xF6, 0x47, 0x59, 0x1C, 0x61, 0xCF, 0x2E, + 0x0E, 0x58, 0xA4, 0x82, 0xAC, 0x0F, 0x3F, 0xEC, 0xC4, 0xAE, + 0x80, 0xF7, 0xB0, 0x8A, 0x1E, 0x85, 0x41, 0xE8, 0xFF, 0xFE, + 0xFE, 0x4F, 0x1A, 0x24, 0xD5, 0x49, 0xFA, 0xFB, 0xFE, 0x5E, + 0xE5, 0xD3, 0x91, 0x0E, 0x4F, 0x4E, 0x0C, 0x21, 0x51, 0x71, + 0x83, 0x04, 0x6B, 0x62, 0x7B, 0x4F, 0x59, 0x76, 0x48, 0x81, + 0x1E, 0xB4, 0xF7, 0x04, 0x47, 0x8A, 0x91, 0x57, 0xA3, 0x11, + 0xA9, 0xF2, 0x20, 0xB4, 0x78, 0x33, 0x62, 0x3D, 0xB0, 0x5E, + 0x0D, 0xF9, 0x86, 0x38, 0x82, 0xDA, 0xA1, 0x98, 0x8D, 0x19, + 0x06, 0x87, 0x21, 0x39, 0xB7, 0x02, 0xF7, 0xDA, 0x7D, 0x58, + 0xBA, 0x52, 0x15, 0xD8, 0x3B, 0xC9, 0x7B, 0x58, 0x34, 0xA0, + 0xC7, 0xE2, 0x7C, 0xA9, 0x83, 0x13, 0xE1, 0xB6, 0xEC, 0x01, + 0xBF, 0x52, 0x33, 0x0B, 0xC4, 0xFE, 0x43, 0xD3, 0xC6, 0xA4, + 0x8E, 0x2F, 0x87, 0x7F, 0x7A, 0x44, 0xEA, 0xCA, 0x53, 0x6C, + 0x85, 0xED, 0x65, 0x76, 0x73, 0x31, 0x03, 0x4E, 0xEA, 0xBD, + 0x35, 0x54, 0x13, 0xF3, 0x64, 0x87, 0x6B, 0xDF, 0x34, 0xDD, + 0x34, 0xA1, 0x88, 0x3B, 0xDB, 0x4D, 0xAF, 0x1B, 0x64, 0x90, + 0x92, 0x71, 0x30, 0x8E, 0xC8, 0xCC, 0xE5, 0x60, 0x24, 0xAF, + 0x31, 0x16, 0x39, 0x33, 0x91, 0x50, 0xF9, 0xAB, 0x68, 0x42, + 0x74, 0x7A, 0x35, 0xD9, 0xDD, 0xC8, 0xC4, 0x52 }; static const int sizeof_ca_cert_der_2048 = sizeof(ca_cert_der_2048); @@ -1618,10 +1618,10 @@ static const unsigned char server_cert_der_2048[] = 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, - 0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x36, 0x30, 0x38, - 0x31, 0x31, 0x32, 0x30, 0x30, 0x37, 0x33, 0x37, 0x5A, 0x17, - 0x0D, 0x31, 0x39, 0x30, 0x35, 0x30, 0x38, 0x32, 0x30, 0x30, - 0x37, 0x33, 0x37, 0x5A, 0x30, 0x81, 0x90, 0x31, 0x0B, 0x30, + 0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x38, 0x30, 0x34, + 0x31, 0x33, 0x31, 0x35, 0x32, 0x33, 0x31, 0x30, 0x5A, 0x17, + 0x0D, 0x32, 0x31, 0x30, 0x31, 0x30, 0x37, 0x31, 0x35, 0x32, + 0x33, 0x31, 0x30, 0x5A, 0x30, 0x81, 0x90, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, @@ -1688,37 +1688,37 @@ static const unsigned char server_cert_der_2048[] = 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, - 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x09, 0x00, 0xB7, 0xB6, - 0x90, 0x33, 0x66, 0x1B, 0x6B, 0x23, 0x30, 0x0C, 0x06, 0x03, + 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x09, 0x00, 0x86, 0xFF, + 0xF5, 0x8E, 0x10, 0xDE, 0xB8, 0xFB, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, - 0x51, 0xFE, 0x2A, 0xDF, 0x07, 0x7E, 0x43, 0xCA, 0x66, 0x8D, - 0x15, 0xC4, 0x2B, 0xDB, 0x57, 0xB2, 0x06, 0x6D, 0x0D, 0x90, - 0x66, 0xFF, 0xA5, 0x24, 0x9C, 0x14, 0xEF, 0x81, 0xF2, 0xA4, - 0xAB, 0x99, 0xA9, 0x6A, 0x49, 0x20, 0xA5, 0xD2, 0x71, 0xE7, - 0x1C, 0x3C, 0x99, 0x07, 0xC7, 0x47, 0xFC, 0xE8, 0x96, 0xB4, - 0xF5, 0x42, 0x30, 0xCE, 0x39, 0x01, 0x4B, 0xD1, 0xC2, 0xE8, - 0xBC, 0x95, 0x84, 0x87, 0xCE, 0x55, 0x5D, 0x97, 0x9F, 0xCF, - 0x78, 0xF3, 0x56, 0x9B, 0xA5, 0x08, 0x6D, 0xAC, 0xF6, 0xA5, - 0x5C, 0xC4, 0xEF, 0x3E, 0x2A, 0x39, 0xA6, 0x48, 0x26, 0x29, - 0x7B, 0x2D, 0xE0, 0xCD, 0xA6, 0x8C, 0x57, 0x48, 0x0B, 0xBB, - 0x31, 0x32, 0xC2, 0xBF, 0xD9, 0x43, 0x4C, 0x47, 0x25, 0x18, - 0x81, 0xA8, 0xC9, 0x33, 0x82, 0x41, 0x9B, 0xBA, 0x61, 0x86, - 0xD7, 0x84, 0x93, 0x17, 0x24, 0x25, 0x36, 0xCA, 0x4D, 0x63, - 0x6B, 0x4F, 0x95, 0x79, 0xD8, 0x60, 0xE0, 0x1E, 0xF5, 0xAC, - 0xC1, 0x8A, 0xA1, 0xB1, 0x7E, 0x85, 0x8E, 0x87, 0x20, 0x2F, - 0x08, 0x31, 0xAD, 0x5E, 0xC6, 0x4A, 0xC8, 0x61, 0xF4, 0x9E, - 0x07, 0x1E, 0xA2, 0x22, 0xED, 0x73, 0x7C, 0x85, 0xEE, 0xFA, - 0x62, 0xDC, 0x50, 0x36, 0xAA, 0xFD, 0xC7, 0x9D, 0xAA, 0x18, - 0x04, 0xFB, 0xEA, 0xCC, 0x2C, 0x68, 0x9B, 0xB3, 0xA9, 0xC2, - 0x96, 0xD8, 0xC1, 0xCC, 0x5A, 0x7E, 0xF7, 0x0D, 0x9E, 0x08, - 0xE0, 0x9D, 0x29, 0x8B, 0x84, 0x46, 0x8F, 0xD3, 0x91, 0x6A, - 0xB5, 0xB8, 0x7A, 0x5C, 0xCC, 0x4F, 0x55, 0x01, 0xB8, 0x9A, - 0x48, 0xA0, 0x94, 0x43, 0xCA, 0x25, 0x47, 0x52, 0x0A, 0xF7, - 0xF4, 0xBE, 0xB0, 0xD1, 0x71, 0x6D, 0xA5, 0x52, 0x4A, 0x65, - 0x50, 0xB2, 0xAD, 0x4E, 0x1D, 0xE0, 0x6C, 0x01, 0xD8, 0xFB, - 0x43, 0x80, 0xE6, 0xE4, 0x0C, 0x37 + 0xB4, 0x54, 0x60, 0xAD, 0xA0, 0x03, 0x32, 0xDE, 0x02, 0x7F, + 0x21, 0x4A, 0x81, 0xC6, 0xED, 0xCD, 0xCD, 0xD8, 0x12, 0x8A, + 0xC0, 0xBA, 0x82, 0x5B, 0x75, 0xAD, 0x54, 0xE3, 0x7C, 0x80, + 0x6A, 0xAC, 0x2E, 0x6C, 0x20, 0x4E, 0xBE, 0x4D, 0x82, 0xA7, + 0x47, 0x13, 0x5C, 0xF4, 0xC6, 0x6A, 0x2B, 0x10, 0x99, 0x58, + 0xDE, 0xAB, 0x6B, 0x7C, 0x22, 0x05, 0xC1, 0x83, 0x9D, 0xCB, + 0xFF, 0x3C, 0xE4, 0x2D, 0x57, 0x6A, 0xA6, 0x96, 0xDF, 0xD3, + 0xC1, 0x68, 0xE3, 0xD2, 0xC6, 0x83, 0x4B, 0x97, 0xE2, 0xC6, + 0x32, 0x0E, 0xBE, 0xC4, 0x03, 0xB9, 0x07, 0x8A, 0x5B, 0xB8, + 0x84, 0xBA, 0xC5, 0x39, 0x3F, 0x1C, 0x58, 0xA7, 0x55, 0xD7, + 0xF0, 0x9B, 0xE8, 0xD2, 0x45, 0xB9, 0xE3, 0x83, 0x2E, 0xEE, + 0xB6, 0x71, 0x56, 0xB9, 0x3A, 0xEE, 0x3F, 0x27, 0xD8, 0x77, + 0xE8, 0xFB, 0x44, 0x48, 0x65, 0x27, 0x47, 0x4C, 0xFB, 0xFE, + 0x72, 0xC3, 0xAC, 0x05, 0x7B, 0x1D, 0xCB, 0xEB, 0x5E, 0x65, + 0x9A, 0xAB, 0x02, 0xE4, 0x88, 0x5B, 0x3B, 0x8B, 0x0B, 0xC7, + 0xCC, 0xA9, 0xA6, 0x8B, 0xE1, 0x87, 0xB0, 0x19, 0x1A, 0x0C, + 0x28, 0x58, 0x6F, 0x99, 0x52, 0x7E, 0xED, 0xB0, 0x3A, 0x68, + 0x3B, 0x8C, 0x0A, 0x08, 0x74, 0x72, 0xAB, 0xB9, 0x09, 0xC5, + 0xED, 0x04, 0x7E, 0x6F, 0x0B, 0x1C, 0x09, 0x21, 0xD0, 0xCD, + 0x7F, 0xF9, 0xC4, 0x5E, 0x27, 0x20, 0xE4, 0x85, 0x73, 0x52, + 0x05, 0xD2, 0xBA, 0xF8, 0xD5, 0x8F, 0x41, 0xCC, 0x23, 0x2E, + 0x12, 0x6D, 0xBC, 0x31, 0x98, 0xE7, 0x63, 0xA3, 0x8E, 0x26, + 0xCD, 0xE8, 0x2B, 0x88, 0xEE, 0xE2, 0xFE, 0x3A, 0x74, 0x52, + 0x34, 0x0E, 0xFD, 0x12, 0xE5, 0x5E, 0x69, 0x50, 0x20, 0x31, + 0x34, 0xE4, 0x31, 0xF1, 0xE7, 0xE4, 0x5B, 0x03, 0x13, 0xDA, + 0xAC, 0x41, 0x6C, 0xE7, 0xCF, 0x2B }; static const int sizeof_server_cert_der_2048 = sizeof(server_cert_der_2048); @@ -1764,9 +1764,9 @@ static const int sizeof_ecc_clikeypub_der_256 = sizeof(ecc_clikeypub_der_256); /* ./certs/client-ecc-cert.der, ECC */ static const unsigned char cliecc_cert_der_256[] = { - 0x30, 0x82, 0x03, 0x09, 0x30, 0x82, 0x02, 0xAF, 0xA0, 0x03, - 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xE7, 0x72, 0xA6, 0x9E, - 0x13, 0x1D, 0x17, 0x5C, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, + 0x30, 0x82, 0x03, 0x08, 0x30, 0x82, 0x02, 0xAF, 0xA0, 0x03, + 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0x93, 0xBF, 0x6A, 0xDE, + 0x9B, 0x41, 0x9D, 0xAD, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x30, 0x81, 0x8D, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x0F, 0x30, 0x0D, 0x06, 0x03, 0x55, 0x04, @@ -1782,10 +1782,10 @@ static const unsigned char cliecc_cert_der_256[] = 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, - 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x36, 0x30, 0x38, 0x31, 0x31, - 0x32, 0x30, 0x30, 0x37, 0x33, 0x38, 0x5A, 0x17, 0x0D, 0x31, - 0x39, 0x30, 0x35, 0x30, 0x38, 0x32, 0x30, 0x30, 0x37, 0x33, - 0x38, 0x5A, 0x30, 0x81, 0x8D, 0x31, 0x0B, 0x30, 0x09, 0x06, + 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x38, 0x30, 0x34, 0x31, 0x33, + 0x31, 0x35, 0x32, 0x33, 0x31, 0x30, 0x5A, 0x17, 0x0D, 0x32, + 0x31, 0x30, 0x31, 0x30, 0x37, 0x31, 0x35, 0x32, 0x33, 0x31, + 0x30, 0x5A, 0x30, 0x81, 0x8D, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x0F, 0x30, 0x0D, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x06, 0x4F, 0x72, 0x65, 0x67, 0x6F, 0x6E, 0x31, 0x0E, 0x30, 0x0C, 0x06, @@ -1831,18 +1831,18 @@ static const unsigned char cliecc_cert_der_256[] = 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, - 0x82, 0x09, 0x00, 0xE7, 0x72, 0xA6, 0x9E, 0x13, 0x1D, 0x17, - 0x5C, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, + 0x82, 0x09, 0x00, 0x93, 0xBF, 0x6A, 0xDE, 0x9B, 0x41, 0x9D, + 0xAD, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x0A, 0x06, 0x08, 0x2A, - 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x03, 0x48, 0x00, - 0x30, 0x45, 0x02, 0x20, 0x43, 0x9A, 0xB6, 0x7E, 0x87, 0x8E, - 0x8C, 0xD7, 0x16, 0xF1, 0x0D, 0xD2, 0x50, 0x11, 0xA4, 0xAC, - 0xB6, 0xAC, 0x07, 0xEF, 0xE9, 0x60, 0xE1, 0x90, 0xA2, 0x5F, - 0xC9, 0x76, 0xE6, 0x54, 0x1A, 0x81, 0x02, 0x21, 0x00, 0xD6, - 0x8B, 0x7C, 0xBA, 0x53, 0x12, 0x05, 0x06, 0xFA, 0x8F, 0xC5, - 0xC7, 0x58, 0xC3, 0x9A, 0x9F, 0xA1, 0x84, 0x8C, 0xB4, 0x88, - 0x83, 0x4D, 0x6A, 0xB4, 0xB7, 0x85, 0x7A, 0xB3, 0x3C, 0xF3, - 0xDF + 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x03, 0x47, 0x00, + 0x30, 0x44, 0x02, 0x20, 0x61, 0xBC, 0x9D, 0x4D, 0x88, 0x64, + 0x86, 0xB8, 0x71, 0xAA, 0x35, 0x59, 0x68, 0xB8, 0xEE, 0x2C, + 0xF3, 0x23, 0xB5, 0x1A, 0xB9, 0xBA, 0x41, 0x50, 0xA8, 0xC6, + 0xC3, 0x58, 0xEB, 0x58, 0xBD, 0x60, 0x02, 0x20, 0x61, 0xAA, + 0xEB, 0xB5, 0x73, 0x0D, 0x01, 0xDB, 0x69, 0x8F, 0x52, 0xF5, + 0x72, 0x6D, 0x37, 0x42, 0xB5, 0xFD, 0x94, 0xB6, 0x6E, 0xB1, + 0xC4, 0x25, 0x2E, 0x96, 0x96, 0xF3, 0x39, 0xB2, 0x5D, 0xEA + }; static const int sizeof_cliecc_cert_der_256 = sizeof(cliecc_cert_der_256); @@ -1884,9 +1884,9 @@ static const int sizeof_ecc_key_pub_der_256 = sizeof(ecc_key_pub_der_256); /* ./certs/server-ecc-comp.der, ECC */ static const unsigned char serv_ecc_comp_der_256[] = { - 0x30, 0x82, 0x03, 0x24, 0x30, 0x82, 0x02, 0xCA, 0xA0, 0x03, - 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xC3, 0xCD, 0xC5, 0xE4, - 0x24, 0x18, 0x70, 0xCA, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, + 0x30, 0x82, 0x03, 0x23, 0x30, 0x82, 0x02, 0xCA, 0xA0, 0x03, + 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0x80, 0x78, 0xC9, 0xB7, + 0x06, 0x5A, 0xC5, 0x83, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x30, 0x81, 0xA0, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, @@ -1904,9 +1904,9 @@ static const unsigned char serv_ecc_comp_der_256[] = 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, - 0x1E, 0x17, 0x0D, 0x31, 0x36, 0x30, 0x38, 0x31, 0x31, 0x32, - 0x30, 0x30, 0x37, 0x33, 0x38, 0x5A, 0x17, 0x0D, 0x31, 0x39, - 0x30, 0x35, 0x30, 0x38, 0x32, 0x30, 0x30, 0x37, 0x33, 0x38, + 0x1E, 0x17, 0x0D, 0x31, 0x38, 0x30, 0x34, 0x31, 0x33, 0x31, + 0x35, 0x32, 0x33, 0x31, 0x30, 0x5A, 0x17, 0x0D, 0x32, 0x31, + 0x30, 0x31, 0x30, 0x37, 0x31, 0x35, 0x32, 0x33, 0x31, 0x30, 0x5A, 0x30, 0x81, 0xA0, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, @@ -1954,17 +1954,17 @@ static const unsigned char serv_ecc_comp_der_256[] = 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x09, 0x00, - 0xC3, 0xCD, 0xC5, 0xE4, 0x24, 0x18, 0x70, 0xCA, 0x30, 0x0C, + 0x80, 0x78, 0xC9, 0xB7, 0x06, 0x5A, 0xC5, 0x83, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, - 0x3D, 0x04, 0x03, 0x02, 0x03, 0x48, 0x00, 0x30, 0x45, 0x02, - 0x21, 0x00, 0xCA, 0x10, 0xEC, 0x8F, 0xF1, 0xEB, 0x92, 0x19, - 0x76, 0xD7, 0x16, 0x54, 0xF2, 0x21, 0x1C, 0x38, 0x0E, 0x6E, - 0x22, 0x3D, 0x95, 0xA4, 0xBD, 0xC8, 0x8C, 0xD2, 0xD8, 0x28, - 0xD3, 0x9C, 0x21, 0x6D, 0x02, 0x20, 0x71, 0x39, 0x0B, 0x0D, - 0xEC, 0x68, 0x8C, 0x64, 0xB6, 0x2C, 0x68, 0xDA, 0x03, 0xB1, - 0xD8, 0xE7, 0xD4, 0xF7, 0xCB, 0xA6, 0x73, 0x7E, 0x08, 0x00, - 0xC6, 0xB8, 0x04, 0x9D, 0x17, 0x3E, 0x66, 0x7F + 0x3D, 0x04, 0x03, 0x02, 0x03, 0x47, 0x00, 0x30, 0x44, 0x02, + 0x20, 0x31, 0x44, 0xD0, 0x4E, 0xD7, 0xC4, 0xB4, 0x96, 0xA3, + 0xE6, 0x25, 0xFD, 0xFA, 0xD6, 0x28, 0xA8, 0x67, 0x51, 0x72, + 0x90, 0x95, 0x31, 0xF9, 0xCD, 0x10, 0xBF, 0x11, 0xE4, 0xEC, + 0xB7, 0x42, 0x5B, 0x02, 0x20, 0x45, 0xDB, 0x45, 0x0A, 0x24, + 0x58, 0x8E, 0x2E, 0xE6, 0xEA, 0x0C, 0x6C, 0xBC, 0x72, 0x4F, + 0x0A, 0x1B, 0xF3, 0x2D, 0x97, 0xE9, 0xC2, 0x19, 0xF9, 0x97, + 0x3A, 0x60, 0xDD, 0x08, 0xD3, 0x52, 0x3E }; static const int sizeof_serv_ecc_comp_der_256 = sizeof(serv_ecc_comp_der_256); @@ -1989,10 +1989,10 @@ static const unsigned char serv_ecc_rsa_der_256[] = 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, - 0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x36, 0x30, 0x38, - 0x31, 0x31, 0x32, 0x30, 0x30, 0x37, 0x33, 0x38, 0x5A, 0x17, - 0x0D, 0x31, 0x39, 0x30, 0x35, 0x30, 0x38, 0x32, 0x30, 0x30, - 0x37, 0x33, 0x38, 0x5A, 0x30, 0x81, 0x9D, 0x31, 0x0B, 0x30, + 0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x38, 0x30, 0x34, + 0x31, 0x33, 0x31, 0x35, 0x32, 0x33, 0x31, 0x30, 0x5A, 0x17, + 0x0D, 0x32, 0x31, 0x30, 0x31, 0x30, 0x37, 0x31, 0x35, 0x32, + 0x33, 0x31, 0x30, 0x5A, 0x30, 0x81, 0x9D, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, @@ -2040,37 +2040,37 @@ static const unsigned char serv_ecc_rsa_der_256[] = 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, - 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x09, 0x00, 0xB7, 0xB6, - 0x90, 0x33, 0x66, 0x1B, 0x6B, 0x23, 0x30, 0x0C, 0x06, 0x03, + 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x09, 0x00, 0x86, 0xFF, + 0xF5, 0x8E, 0x10, 0xDE, 0xB8, 0xFB, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, - 0xAB, 0xB7, 0x78, 0xC8, 0x18, 0x6E, 0x6A, 0x27, 0x5D, 0xBB, - 0x16, 0xA1, 0xD3, 0xAE, 0xB5, 0xFD, 0x46, 0x50, 0xCF, 0xDC, - 0x82, 0xF9, 0x4A, 0x19, 0xEC, 0xBF, 0x44, 0xCD, 0xF5, 0x1F, - 0x15, 0x2C, 0x5A, 0xE9, 0x65, 0x27, 0xB2, 0xE1, 0x88, 0x62, - 0x0F, 0xBC, 0xA1, 0x3C, 0x95, 0xFB, 0x62, 0x8A, 0x71, 0xE0, - 0xC6, 0x22, 0xCE, 0x2E, 0x00, 0xCA, 0x4E, 0x7A, 0x03, 0x2A, - 0x12, 0x90, 0x98, 0x7B, 0x53, 0x9F, 0x46, 0xA0, 0xFF, 0x6B, - 0x04, 0xDC, 0x2A, 0x8D, 0xBB, 0x93, 0xE7, 0xB9, 0x0B, 0xD0, - 0x61, 0x0F, 0x62, 0x97, 0x18, 0x99, 0xBB, 0xE7, 0x1C, 0xE3, - 0xA2, 0xAB, 0x70, 0x8F, 0x32, 0x47, 0x7F, 0x1E, 0x3B, 0xCB, - 0x62, 0x55, 0x41, 0xA4, 0xAF, 0x1F, 0x01, 0x2C, 0x9B, 0xB2, - 0xCC, 0x06, 0x8D, 0x28, 0x04, 0x57, 0x5B, 0xF6, 0x32, 0xB8, - 0xE8, 0x18, 0xB6, 0x6B, 0xA1, 0xB9, 0xAA, 0x3F, 0x49, 0xEA, - 0xC1, 0x02, 0xC7, 0x92, 0xD9, 0xC7, 0x23, 0xEA, 0xA2, 0xF7, - 0x70, 0xA9, 0xDA, 0x9E, 0x5E, 0x82, 0xEF, 0x30, 0x07, 0xC7, - 0x89, 0xDA, 0xC9, 0xE0, 0xCF, 0xED, 0xE9, 0x4C, 0x34, 0xD4, - 0x72, 0x0E, 0x16, 0x49, 0x82, 0xC5, 0xA9, 0xB4, 0xA7, 0x05, - 0x07, 0xCC, 0x5D, 0xEB, 0xB4, 0xEF, 0x9A, 0x09, 0x73, 0xA2, - 0xD4, 0xB6, 0xC5, 0xBE, 0x34, 0xC0, 0xC9, 0x09, 0x29, 0xA5, - 0xD5, 0xF1, 0xE4, 0x82, 0x49, 0x70, 0xBF, 0x75, 0x79, 0x15, - 0xCD, 0xC1, 0xC8, 0xA3, 0x4D, 0x9B, 0xB4, 0xE2, 0x94, 0x5E, - 0x27, 0x61, 0xEA, 0x34, 0x69, 0x88, 0x47, 0xBD, 0x61, 0xE9, - 0x0D, 0xF3, 0x95, 0x8F, 0xFF, 0x53, 0xE7, 0x5C, 0x11, 0xE3, - 0xF4, 0xD0, 0x70, 0xAD, 0x9A, 0x73, 0x5D, 0x29, 0x30, 0xFC, - 0x23, 0x2E, 0xC0, 0x62, 0xD4, 0xD3, 0xA8, 0xCE, 0xB2, 0xE9, - 0xD3, 0xB9, 0x3F, 0x10, 0x0A, 0xF2 + 0x0C, 0xBB, 0x67, 0xBD, 0xFC, 0xCD, 0x53, 0x6C, 0xFB, 0x4E, + 0x58, 0xC8, 0xEA, 0x52, 0x92, 0xEB, 0xE4, 0xC8, 0xBC, 0x57, + 0x0F, 0x08, 0x20, 0xC8, 0x83, 0xB0, 0xD5, 0xEA, 0x57, 0x27, + 0xBD, 0x68, 0x91, 0xFB, 0x99, 0x84, 0x8D, 0x15, 0x9E, 0x4F, + 0x8F, 0xC4, 0xCB, 0x34, 0x61, 0xC0, 0x59, 0x12, 0x9B, 0xC8, + 0x82, 0x17, 0x38, 0x4F, 0x9E, 0x53, 0x08, 0xA3, 0x69, 0x2E, + 0x2F, 0xC0, 0xB4, 0x2F, 0xA2, 0x4E, 0x10, 0x64, 0xB0, 0x07, + 0xA1, 0x51, 0x08, 0x1D, 0x91, 0x53, 0xA2, 0x79, 0x55, 0x20, + 0x41, 0x65, 0x35, 0x3E, 0x0B, 0x38, 0x01, 0x57, 0x02, 0x8C, + 0x25, 0xE7, 0xAB, 0x4F, 0x8B, 0x59, 0xF0, 0xED, 0x8E, 0x4A, + 0x15, 0x0B, 0x32, 0xFB, 0x7A, 0x8B, 0x02, 0xEA, 0x9D, 0xE1, + 0xAB, 0xC4, 0x07, 0xCC, 0xDA, 0x0F, 0xA3, 0x16, 0xDB, 0x8E, + 0x5B, 0xBC, 0x96, 0xAB, 0x10, 0xB8, 0xDE, 0x09, 0x8B, 0xF7, + 0xCB, 0xA7, 0x78, 0x66, 0x17, 0xE3, 0x25, 0x6E, 0x57, 0x9D, + 0x13, 0x61, 0x7B, 0x55, 0x1A, 0xDF, 0x8F, 0x39, 0x15, 0x4E, + 0x42, 0x22, 0x00, 0x85, 0xC4, 0x51, 0x0B, 0x6B, 0xA6, 0x67, + 0xC0, 0xFB, 0xEA, 0x22, 0x77, 0x7D, 0x48, 0x76, 0xAB, 0x39, + 0x20, 0x09, 0xD5, 0x52, 0x89, 0x3E, 0x6B, 0x30, 0x7B, 0x50, + 0x18, 0xE8, 0x62, 0x05, 0xBE, 0xBB, 0x7F, 0x16, 0x77, 0x9C, + 0xBB, 0x5A, 0x22, 0x96, 0x99, 0xB0, 0x96, 0x83, 0xB7, 0x43, + 0x31, 0x97, 0xCF, 0xFD, 0x85, 0x52, 0xD8, 0x52, 0xC8, 0x67, + 0x5C, 0xF8, 0x22, 0x72, 0x35, 0x93, 0x92, 0x6C, 0xEC, 0x3C, + 0x6A, 0xC6, 0x81, 0x20, 0xA5, 0xCD, 0x50, 0xF9, 0x21, 0x7A, + 0xA6, 0x7A, 0x1E, 0xE7, 0x59, 0x22, 0x5D, 0x8A, 0x93, 0x51, + 0x8E, 0xFB, 0x29, 0x56, 0xFB, 0xBE, 0x9B, 0x87, 0x48, 0x5F, + 0xA5, 0x72, 0xE7, 0x4E, 0xFE, 0x5E }; static const int sizeof_serv_ecc_rsa_der_256 = sizeof(serv_ecc_rsa_der_256); @@ -2188,9 +2188,9 @@ static const int sizeof_ca_ecc_key_der_256 = sizeof(ca_ecc_key_der_256); /* ./certs/ca-ecc-cert.der, ECC */ static const unsigned char ca_ecc_cert_der_256[] = { - 0x30, 0x82, 0x02, 0x8A, 0x30, 0x82, 0x02, 0x30, 0xA0, 0x03, - 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0x97, 0xB4, 0xBD, 0x16, - 0x78, 0xF8, 0x47, 0xF2, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, + 0x30, 0x82, 0x02, 0x8B, 0x30, 0x82, 0x02, 0x30, 0xA0, 0x03, + 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xFD, 0x0E, 0x29, 0x21, + 0x66, 0xCB, 0x48, 0xA3, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x30, 0x81, 0x97, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, @@ -2207,10 +2207,10 @@ static const unsigned char ca_ecc_cert_der_256[] = 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, - 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x37, 0x31, 0x30, 0x32, 0x30, - 0x31, 0x38, 0x31, 0x39, 0x30, 0x36, 0x5A, 0x17, 0x0D, 0x33, - 0x37, 0x31, 0x30, 0x31, 0x35, 0x31, 0x38, 0x31, 0x39, 0x30, - 0x36, 0x5A, 0x30, 0x81, 0x97, 0x31, 0x0B, 0x30, 0x09, 0x06, + 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x38, 0x30, 0x34, 0x31, 0x33, + 0x31, 0x35, 0x32, 0x33, 0x31, 0x30, 0x5A, 0x17, 0x0D, 0x32, + 0x31, 0x30, 0x31, 0x30, 0x37, 0x31, 0x35, 0x32, 0x33, 0x31, + 0x30, 0x5A, 0x30, 0x81, 0x97, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x0A, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6E, 0x67, 0x74, 0x6F, 0x6E, 0x31, @@ -2246,14 +2246,14 @@ static const unsigned char ca_ecc_cert_der_256[] = 0x01, 0xFF, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x1D, 0x0F, 0x01, 0x01, 0xFF, 0x04, 0x04, 0x03, 0x02, 0x01, 0x86, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, - 0x03, 0x48, 0x00, 0x30, 0x45, 0x02, 0x20, 0x32, 0x26, 0x81, - 0xE4, 0x15, 0xEC, 0xE3, 0xAA, 0xD3, 0xE5, 0xB8, 0x2A, 0xCA, - 0xA3, 0x06, 0xA7, 0x04, 0x97, 0xD8, 0x43, 0x7F, 0xD4, 0x94, - 0x47, 0xF8, 0x18, 0x0D, 0x93, 0x52, 0x23, 0x8B, 0x08, 0x02, - 0x21, 0x00, 0xE1, 0x9E, 0x34, 0xD0, 0x92, 0xEE, 0x56, 0x0D, - 0x23, 0x38, 0x4A, 0x20, 0xBC, 0xCF, 0x11, 0xC3, 0x33, 0x77, - 0x96, 0x81, 0x56, 0x2B, 0xCA, 0xC4, 0xD5, 0xC6, 0x65, 0x5D, - 0x36, 0x73, 0x2F, 0xBA + 0x03, 0x49, 0x00, 0x30, 0x46, 0x02, 0x21, 0x00, 0xF0, 0x7B, + 0xCC, 0x24, 0x73, 0x19, 0x3F, 0x61, 0x68, 0xED, 0xC8, 0x0A, + 0x54, 0x4A, 0xB8, 0xAC, 0x79, 0xEF, 0x10, 0x32, 0x91, 0x52, + 0x2C, 0x3E, 0xBF, 0x50, 0xAA, 0x5F, 0x18, 0xC1, 0x97, 0xF5, + 0x02, 0x21, 0x00, 0xD9, 0x4B, 0x63, 0x67, 0x6F, 0x9B, 0x29, + 0xA9, 0xD7, 0x6B, 0x63, 0x9B, 0x98, 0x9F, 0x32, 0x82, 0x36, + 0xDA, 0xF0, 0xA9, 0xF7, 0x51, 0xB4, 0x97, 0xAA, 0xFA, 0xFA, + 0xDD, 0xEF, 0xEF, 0x4A, 0xAE }; static const int sizeof_ca_ecc_cert_der_256 = sizeof(ca_ecc_cert_der_256); @@ -2284,8 +2284,8 @@ static const int sizeof_ca_ecc_key_der_384 = sizeof(ca_ecc_key_der_384); static const unsigned char ca_ecc_cert_der_384[] = { 0x30, 0x82, 0x02, 0xC7, 0x30, 0x82, 0x02, 0x4D, 0xA0, 0x03, - 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xF5, 0xE1, 0x8F, 0xF1, - 0x4B, 0xA6, 0x83, 0x8E, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, + 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xFC, 0x39, 0x04, 0xA4, + 0x0E, 0xA5, 0x6C, 0x87, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x03, 0x30, 0x81, 0x97, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, @@ -2302,10 +2302,10 @@ static const unsigned char ca_ecc_cert_der_384[] = 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, - 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x37, 0x31, 0x30, 0x32, 0x30, - 0x31, 0x38, 0x31, 0x39, 0x30, 0x36, 0x5A, 0x17, 0x0D, 0x33, - 0x37, 0x31, 0x30, 0x31, 0x35, 0x31, 0x38, 0x31, 0x39, 0x30, - 0x36, 0x5A, 0x30, 0x81, 0x97, 0x31, 0x0B, 0x30, 0x09, 0x06, + 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x38, 0x30, 0x34, 0x31, 0x33, + 0x31, 0x35, 0x32, 0x33, 0x31, 0x30, 0x5A, 0x17, 0x0D, 0x32, + 0x31, 0x30, 0x31, 0x30, 0x37, 0x31, 0x35, 0x32, 0x33, 0x31, + 0x30, 0x5A, 0x30, 0x81, 0x97, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x0A, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6E, 0x67, 0x74, 0x6F, 0x6E, 0x31, @@ -2344,17 +2344,17 @@ static const unsigned char ca_ecc_cert_der_384[] = 0xFF, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x1D, 0x0F, 0x01, 0x01, 0xFF, 0x04, 0x04, 0x03, 0x02, 0x01, 0x86, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x03, 0x03, - 0x68, 0x00, 0x30, 0x65, 0x02, 0x30, 0x17, 0xDD, 0xB9, 0xA5, - 0xE0, 0xEC, 0x8A, 0x03, 0x8B, 0x66, 0x45, 0x69, 0xAD, 0x5E, - 0xAD, 0x32, 0xBC, 0x45, 0x4C, 0x89, 0x85, 0x3F, 0xA1, 0xDD, - 0xA4, 0x74, 0x4B, 0x5D, 0x08, 0x65, 0x1B, 0xD8, 0x07, 0x00, - 0x49, 0x5D, 0xEF, 0x10, 0xFC, 0xEB, 0x8F, 0x64, 0xA8, 0x62, - 0x99, 0x88, 0x20, 0x59, 0x02, 0x31, 0x00, 0x94, 0x40, 0x64, - 0x29, 0x86, 0xD0, 0x00, 0x76, 0x1C, 0x98, 0x23, 0x9C, 0xB7, - 0x9B, 0xBE, 0x78, 0x73, 0x3A, 0x88, 0xBE, 0x52, 0x00, 0x3F, - 0xE3, 0x81, 0x36, 0xD9, 0x14, 0x22, 0x3D, 0x9E, 0xA2, 0x8A, - 0x4A, 0x56, 0x9C, 0xC4, 0x3F, 0x5F, 0x88, 0x2E, 0xB1, 0xA7, - 0x6C, 0x4D, 0x0E, 0xCC, 0x92 + 0x68, 0x00, 0x30, 0x65, 0x02, 0x30, 0x0D, 0x0A, 0x62, 0xFB, + 0xE6, 0x3A, 0xFE, 0x71, 0xD8, 0x2B, 0x44, 0xE5, 0x97, 0x34, + 0x04, 0xA9, 0x8C, 0x0A, 0x99, 0x88, 0xA0, 0xBD, 0x1F, 0xB0, + 0xDF, 0x94, 0x59, 0x27, 0xBB, 0x2B, 0xC6, 0x2A, 0xBE, 0xA4, + 0x69, 0x1B, 0xCF, 0x97, 0x78, 0x2A, 0x28, 0x96, 0xEE, 0xBA, + 0xD4, 0x87, 0x45, 0xFD, 0x02, 0x31, 0x00, 0xC0, 0x73, 0x19, + 0x66, 0x76, 0x5E, 0x9F, 0xA3, 0x65, 0x85, 0x41, 0xEF, 0xB7, + 0x7B, 0x3D, 0x63, 0x6D, 0x98, 0x71, 0x99, 0x6F, 0x9C, 0xDB, + 0xA8, 0x5E, 0x53, 0x6E, 0xA0, 0x68, 0x11, 0x65, 0xBC, 0x78, + 0x74, 0x28, 0x69, 0xC7, 0x64, 0x9D, 0x88, 0xF2, 0xD8, 0xC2, + 0x3D, 0x29, 0x03, 0x83, 0x23 }; static const int sizeof_ca_ecc_cert_der_384 = sizeof(ca_ecc_cert_der_384); @@ -2387,95 +2387,10 @@ static const unsigned char dh_g[] = /* ./certs/ed25519/server-ed25519.der, ED25519 */ static const unsigned char server_ed25519_cert[] = { - 0x30, 0x82, 0x02, 0x4B, 0x30, 0x82, 0x01, 0xFD, 0xA0, 0x03, - 0x02, 0x01, 0x02, 0x02, 0x08, 0x01, 0xD0, 0x92, 0x10, 0x6A, - 0x5A, 0x46, 0x57, 0x30, 0x05, 0x06, 0x03, 0x2B, 0x65, 0x70, - 0x30, 0x81, 0x9D, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, - 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, - 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, - 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, - 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, - 0x61, 0x6E, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, - 0x04, 0x0C, 0x02, 0x43, 0x41, 0x31, 0x10, 0x30, 0x0E, 0x06, - 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x07, 0x77, 0x6F, 0x6C, 0x66, - 0x53, 0x53, 0x4C, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, - 0x04, 0x0B, 0x0C, 0x07, 0x45, 0x44, 0x32, 0x35, 0x35, 0x31, - 0x39, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, - 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, - 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, - 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, - 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, - 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, - 0x30, 0x22, 0x18, 0x0F, 0x32, 0x30, 0x31, 0x37, 0x30, 0x35, - 0x32, 0x38, 0x32, 0x33, 0x32, 0x36, 0x32, 0x39, 0x5A, 0x18, - 0x0F, 0x32, 0x30, 0x31, 0x39, 0x30, 0x35, 0x32, 0x39, 0x32, - 0x33, 0x32, 0x36, 0x32, 0x39, 0x5A, 0x30, 0x81, 0x9F, 0x31, - 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, - 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, - 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, - 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, - 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x0D, - 0x30, 0x0B, 0x06, 0x03, 0x55, 0x04, 0x04, 0x0C, 0x04, 0x4C, - 0x65, 0x61, 0x66, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, - 0x04, 0x0A, 0x0C, 0x07, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, - 0x4C, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x0B, - 0x0C, 0x07, 0x45, 0x44, 0x32, 0x35, 0x35, 0x31, 0x39, 0x31, - 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, - 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, - 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, - 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, - 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, - 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x2A, - 0x30, 0x05, 0x06, 0x03, 0x2B, 0x65, 0x70, 0x03, 0x21, 0x00, - 0x1A, 0x30, 0x88, 0x18, 0x47, 0x2F, 0x97, 0xDA, 0x04, 0xF4, - 0xA4, 0xE3, 0xBD, 0x6C, 0x0C, 0x16, 0xB9, 0x48, 0xC1, 0xD1, - 0x42, 0xD7, 0x8E, 0x92, 0x84, 0xA0, 0x74, 0x2A, 0x43, 0x9E, - 0x0E, 0x29, 0xA3, 0x53, 0x30, 0x51, 0x30, 0x1D, 0x06, 0x03, - 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0xF6, 0xB2, 0x84, - 0x1A, 0x95, 0xB4, 0x70, 0x32, 0x53, 0xFE, 0xD9, 0xEB, 0x9B, - 0x29, 0x80, 0x4B, 0xD6, 0xB5, 0xF1, 0xC0, 0x30, 0x1F, 0x06, - 0x03, 0x55, 0x1D, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, - 0x92, 0xD5, 0x0B, 0xDA, 0xF1, 0x04, 0x8B, 0xB9, 0xA1, 0x8B, - 0x03, 0x02, 0x9F, 0x58, 0x00, 0x35, 0x36, 0x07, 0x7A, 0xC9, - 0x30, 0x0F, 0x06, 0x03, 0x55, 0x1D, 0x0F, 0x01, 0x01, 0xFF, - 0x04, 0x05, 0x03, 0x02, 0x06, 0xC0, 0x00, 0x30, 0x05, 0x06, - 0x03, 0x2B, 0x65, 0x70, 0x03, 0x41, 0x00, 0x12, 0x56, 0x77, - 0x0C, 0x96, 0x42, 0x98, 0xDA, 0xC9, 0x15, 0x6C, 0x4E, 0x48, - 0x95, 0x05, 0x1D, 0xD0, 0x78, 0x32, 0xF8, 0x86, 0x46, 0x9A, - 0x46, 0x9B, 0x64, 0x8B, 0x31, 0xB0, 0x19, 0x6B, 0x77, 0x99, - 0x8B, 0xFF, 0xFC, 0x02, 0x36, 0x05, 0x0B, 0x69, 0x37, 0x87, - 0x62, 0x75, 0xDA, 0x50, 0x2C, 0x2D, 0x5D, 0x52, 0x94, 0x3F, - 0x00, 0x9D, 0x18, 0x45, 0x6F, 0x37, 0x12, 0x8E, 0xF4, 0xE4, - 0x00 -}; -static const int sizeof_server_ed25519_cert = sizeof(server_ed25519_cert); - -/* ./certs/ed25519/ca-ed25519.der, ED25519 */ -static const unsigned char ca_ed25519_cert[] = -{ - 0x30, 0x82, 0x02, 0x59, 0x30, 0x82, 0x02, 0x0B, 0xA0, 0x03, - 0x02, 0x01, 0x02, 0x02, 0x08, 0x01, 0xF6, 0xE1, 0x3E, 0xBC, - 0x79, 0xA1, 0x85, 0x30, 0x05, 0x06, 0x03, 0x2B, 0x65, 0x70, - 0x30, 0x81, 0x9F, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, - 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, - 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, - 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, - 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, - 0x61, 0x6E, 0x31, 0x0D, 0x30, 0x0B, 0x06, 0x03, 0x55, 0x04, - 0x04, 0x0C, 0x04, 0x52, 0x6F, 0x6F, 0x74, 0x31, 0x10, 0x30, - 0x0E, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x07, 0x77, 0x6F, - 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x31, 0x10, 0x30, 0x0E, 0x06, - 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x07, 0x45, 0x44, 0x32, 0x35, - 0x35, 0x31, 0x39, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, - 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, - 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, - 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, - 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, - 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, - 0x6F, 0x6D, 0x30, 0x22, 0x18, 0x0F, 0x32, 0x30, 0x31, 0x37, - 0x30, 0x35, 0x32, 0x38, 0x32, 0x33, 0x32, 0x36, 0x32, 0x39, - 0x5A, 0x18, 0x0F, 0x32, 0x30, 0x31, 0x39, 0x30, 0x35, 0x32, - 0x39, 0x32, 0x33, 0x32, 0x36, 0x32, 0x39, 0x5A, 0x30, 0x81, + 0x30, 0x82, 0x02, 0x52, 0x30, 0x82, 0x02, 0x04, 0xA0, 0x03, + 0x02, 0x01, 0x02, 0x02, 0x10, 0x00, 0xCD, 0xF2, 0x2F, 0xBE, + 0xDC, 0x07, 0xFA, 0xBB, 0x65, 0x03, 0xE2, 0xFF, 0xEA, 0x6A, + 0x99, 0x30, 0x05, 0x06, 0x03, 0x2B, 0x65, 0x70, 0x30, 0x81, 0x9D, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, @@ -2491,29 +2406,115 @@ static const unsigned char ca_ed25519_cert[] = 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, - 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x2A, - 0x30, 0x05, 0x06, 0x03, 0x2B, 0x65, 0x70, 0x03, 0x21, 0x00, - 0x41, 0x07, 0xEC, 0x75, 0x0C, 0x68, 0x72, 0x12, 0x3C, 0x04, - 0x82, 0x07, 0x6E, 0x16, 0x6F, 0x40, 0x41, 0x6D, 0xA4, 0x8F, - 0x08, 0xF2, 0xE2, 0x9D, 0xA7, 0x43, 0xC2, 0x24, 0x28, 0x98, - 0x7E, 0xAC, 0xA3, 0x61, 0x30, 0x5F, 0x30, 0x0C, 0x06, 0x03, - 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, - 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, - 0x14, 0x92, 0xD5, 0x0B, 0xDA, 0xF1, 0x04, 0x8B, 0xB9, 0xA1, - 0x8B, 0x03, 0x02, 0x9F, 0x58, 0x00, 0x35, 0x36, 0x07, 0x7A, - 0xC9, 0x30, 0x1F, 0x06, 0x03, 0x55, 0x1D, 0x23, 0x04, 0x18, - 0x30, 0x16, 0x80, 0x14, 0x86, 0xC0, 0x27, 0xE9, 0x9E, 0xFA, - 0x85, 0xC1, 0xFD, 0xE3, 0x6F, 0xFC, 0x54, 0x59, 0x72, 0x37, - 0xC7, 0x33, 0x92, 0xBB, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x1D, - 0x0F, 0x01, 0x01, 0xFF, 0x04, 0x05, 0x03, 0x02, 0x01, 0xC6, - 0x00, 0x30, 0x05, 0x06, 0x03, 0x2B, 0x65, 0x70, 0x03, 0x41, - 0x00, 0x22, 0x1B, 0x06, 0x17, 0xC0, 0x11, 0x74, 0x1F, 0x64, - 0xD1, 0xA3, 0xF6, 0x7B, 0x06, 0x00, 0x1A, 0x0B, 0x50, 0x8E, - 0xEB, 0xB1, 0x63, 0x92, 0x45, 0xBA, 0xDC, 0xE2, 0xC1, 0x68, - 0x14, 0x23, 0x0C, 0x6E, 0x2C, 0x95, 0x3C, 0xB1, 0x1C, 0x19, - 0x27, 0x98, 0x50, 0x3E, 0x55, 0x51, 0xCC, 0xC4, 0x49, 0x58, - 0xAF, 0xB9, 0x46, 0x4F, 0xED, 0x9C, 0x57, 0x38, 0x04, 0x29, - 0xD4, 0xA9, 0x12, 0xFE, 0x08 + 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x22, + 0x18, 0x0F, 0x32, 0x30, 0x31, 0x38, 0x30, 0x34, 0x31, 0x32, + 0x31, 0x36, 0x32, 0x32, 0x31, 0x37, 0x5A, 0x18, 0x0F, 0x32, + 0x30, 0x32, 0x31, 0x30, 0x31, 0x30, 0x37, 0x31, 0x35, 0x32, + 0x32, 0x31, 0x37, 0x5A, 0x30, 0x81, 0x9F, 0x31, 0x0B, 0x30, + 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, + 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, + 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, + 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, + 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x0D, 0x30, 0x0B, + 0x06, 0x03, 0x55, 0x04, 0x04, 0x0C, 0x04, 0x4C, 0x65, 0x61, + 0x66, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x0A, + 0x0C, 0x07, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x31, + 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x07, + 0x45, 0x44, 0x32, 0x35, 0x35, 0x31, 0x39, 0x31, 0x18, 0x30, + 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, + 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, + 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, + 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, + 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, + 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x2A, 0x30, 0x05, + 0x06, 0x03, 0x2B, 0x65, 0x70, 0x03, 0x21, 0x00, 0x61, 0x5D, + 0xEC, 0xB7, 0x45, 0x93, 0xC9, 0x84, 0x7B, 0x68, 0x21, 0x4A, + 0x4D, 0xF4, 0x04, 0x8B, 0xBD, 0xCD, 0x6C, 0x5D, 0x3D, 0xB7, + 0x62, 0x2C, 0x2D, 0x25, 0xC3, 0x22, 0x49, 0xC8, 0x86, 0xF2, + 0xA3, 0x52, 0x30, 0x50, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, + 0x0E, 0x04, 0x16, 0x04, 0x14, 0x33, 0xC8, 0x28, 0x63, 0x8C, + 0xF4, 0x57, 0xEE, 0x1E, 0xB0, 0xC7, 0x12, 0x12, 0x76, 0x8A, + 0x80, 0x30, 0x3A, 0xCB, 0x10, 0x30, 0x1F, 0x06, 0x03, 0x55, + 0x1D, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x92, 0x3F, + 0x96, 0x72, 0x02, 0xFA, 0x61, 0x1C, 0x21, 0x6D, 0x88, 0xDD, + 0xEB, 0xDD, 0x3C, 0x9B, 0x17, 0xC4, 0x9F, 0xB7, 0x30, 0x0E, + 0x06, 0x03, 0x55, 0x1D, 0x0F, 0x01, 0x01, 0xFF, 0x04, 0x04, + 0x03, 0x02, 0x06, 0xC0, 0x30, 0x05, 0x06, 0x03, 0x2B, 0x65, + 0x70, 0x03, 0x41, 0x00, 0x15, 0x88, 0x86, 0xFC, 0x66, 0xD1, + 0xE0, 0xF6, 0xCF, 0xC9, 0x09, 0x46, 0xD0, 0x50, 0xE2, 0x01, + 0x5D, 0xF7, 0xCF, 0x57, 0xB8, 0xBA, 0x90, 0x84, 0xCB, 0xF1, + 0x24, 0x4B, 0xEF, 0xA5, 0x95, 0x7D, 0x69, 0x92, 0x88, 0xA8, + 0x89, 0x63, 0xCC, 0x90, 0x40, 0xC2, 0x41, 0x3A, 0x40, 0x76, + 0xB1, 0x2D, 0xA8, 0xA8, 0x97, 0xC9, 0x73, 0xC7, 0x82, 0x30, + 0x24, 0x61, 0xB0, 0xAA, 0xCA, 0xAA, 0x68, 0x00 +}; +static const int sizeof_server_ed25519_cert = sizeof(server_ed25519_cert); + +/* ./certs/ed25519/ca-ed25519.der, ED25519 */ +static const unsigned char ca_ed25519_cert[] = +{ + 0x30, 0x82, 0x02, 0x60, 0x30, 0x82, 0x02, 0x12, 0xA0, 0x03, + 0x02, 0x01, 0x02, 0x02, 0x10, 0x00, 0x80, 0xBA, 0x68, 0x77, + 0xEF, 0xA5, 0xE5, 0x42, 0x7D, 0xC6, 0x73, 0x2C, 0x54, 0x85, + 0xB8, 0x30, 0x05, 0x06, 0x03, 0x2B, 0x65, 0x70, 0x30, 0x81, + 0x9F, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, + 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, + 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, + 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, + 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, + 0x31, 0x0D, 0x30, 0x0B, 0x06, 0x03, 0x55, 0x04, 0x04, 0x0C, + 0x04, 0x52, 0x6F, 0x6F, 0x74, 0x31, 0x10, 0x30, 0x0E, 0x06, + 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x07, 0x77, 0x6F, 0x6C, 0x66, + 0x53, 0x53, 0x4C, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, + 0x04, 0x0B, 0x0C, 0x07, 0x45, 0x44, 0x32, 0x35, 0x35, 0x31, + 0x39, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, + 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, + 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, + 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, + 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, + 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, + 0x30, 0x22, 0x18, 0x0F, 0x32, 0x30, 0x31, 0x38, 0x30, 0x34, + 0x31, 0x32, 0x31, 0x36, 0x32, 0x32, 0x31, 0x37, 0x5A, 0x18, + 0x0F, 0x32, 0x30, 0x32, 0x31, 0x30, 0x31, 0x30, 0x37, 0x31, + 0x35, 0x32, 0x32, 0x31, 0x37, 0x5A, 0x30, 0x81, 0x9D, 0x31, + 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, + 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, + 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, + 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, + 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x0B, + 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x04, 0x0C, 0x02, 0x43, + 0x41, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x0A, + 0x0C, 0x07, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x31, + 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x07, + 0x45, 0x44, 0x32, 0x35, 0x35, 0x31, 0x39, 0x31, 0x18, 0x30, + 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, + 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, + 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, + 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, + 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, + 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x2A, 0x30, 0x05, + 0x06, 0x03, 0x2B, 0x65, 0x70, 0x03, 0x21, 0x00, 0x65, 0xAA, + 0x7F, 0x05, 0xA4, 0x04, 0x34, 0xA0, 0xEA, 0xAD, 0x1F, 0xA9, + 0x86, 0xF0, 0xD8, 0x7F, 0x72, 0xDF, 0xA9, 0x0E, 0x13, 0xA0, + 0x38, 0x66, 0x26, 0x5E, 0xEB, 0x48, 0x30, 0x80, 0x48, 0x49, + 0xA3, 0x60, 0x30, 0x5E, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, + 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x1D, + 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0x92, + 0x3F, 0x96, 0x72, 0x02, 0xFA, 0x61, 0x1C, 0x21, 0x6D, 0x88, + 0xDD, 0xEB, 0xDD, 0x3C, 0x9B, 0x17, 0xC4, 0x9F, 0xB7, 0x30, + 0x1F, 0x06, 0x03, 0x55, 0x1D, 0x23, 0x04, 0x18, 0x30, 0x16, + 0x80, 0x14, 0xFE, 0x01, 0x46, 0x7F, 0x6F, 0x2B, 0x3E, 0x1C, + 0xB0, 0x6F, 0xE1, 0xCC, 0x4D, 0x02, 0x25, 0xF7, 0x4D, 0x0A, + 0x95, 0xB8, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x1D, 0x0F, 0x01, + 0x01, 0xFF, 0x04, 0x04, 0x03, 0x02, 0x01, 0xC6, 0x30, 0x05, + 0x06, 0x03, 0x2B, 0x65, 0x70, 0x03, 0x41, 0x00, 0x4C, 0x40, + 0xD0, 0x7F, 0xBC, 0xFB, 0xF4, 0xA2, 0x1A, 0x58, 0xF6, 0x72, + 0xE3, 0xE8, 0xDA, 0x18, 0x0D, 0x94, 0xDC, 0x0E, 0xFD, 0xC1, + 0xE7, 0x02, 0xA5, 0x7A, 0xEE, 0xCB, 0xC2, 0x7E, 0xFA, 0xA1, + 0xFC, 0x15, 0x9A, 0xFE, 0x1E, 0xE0, 0x37, 0xDF, 0x7F, 0xAB, + 0x76, 0x50, 0x06, 0xD4, 0x3D, 0x1A, 0x65, 0x73, 0x3F, 0x92, + 0xD4, 0x44, 0x62, 0xA7, 0x4C, 0xB3, 0x2A, 0x01, 0x87, 0xE3, + 0x06, 0x06 }; static const int sizeof_ca_ed25519_cert = sizeof(ca_ed25519_cert); diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 8c41a5893..82d4e2fa6 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -773,6 +773,25 @@ defined(BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384) || \ defined(BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384) #define BUILD_AESGCM +#else + /* No AES-GCM cipher suites available with build */ + #define NO_AESGCM_AEAD +#endif + +#if defined(BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256) || \ + defined(BUILD_TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256) || \ + defined(BUILD_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256) || \ + defined(BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256) || \ + defined(BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256) || \ + defined(BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256) || \ + defined(BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256) || \ + defined(BUILD_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256) || \ + defined(BUILD_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256) || \ + defined(BUILD_TLS_CHACHA20_POLY1305_SHA256) + /* Have an available ChaCha Poly cipher suite */ +#else + /* No ChaCha Poly cipher suites available with build */ + #define NO_CHAPOL_AEAD #endif #if defined(BUILD_TLS_RSA_WITH_HC_128_SHA) || \ @@ -810,8 +829,9 @@ #endif #if defined(WOLFSSL_MAX_STRENGTH) || \ - defined(HAVE_AESGCM) || defined(HAVE_AESCCM) || \ - (defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) + (defined(HAVE_AESGCM) && !defined(NO_AESGCM_AEAD)) || \ + defined(HAVE_AESCCM) || \ + (defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(NO_CHAPOL_AEAD)) #define HAVE_AEAD #endif @@ -1014,6 +1034,7 @@ enum { enum Misc { + CIPHER_BYTE = 0x00, /* Default ciphers */ ECC_BYTE = 0xC0, /* ECC first cipher suite byte */ QSH_BYTE = 0xD0, /* Quantum-safe Handshake cipher suite */ CHACHA_BYTE = 0xCC, /* ChaCha first cipher suite */ @@ -1074,10 +1095,6 @@ enum Misc { PAD_MD5 = 48, /* pad length for finished */ PAD_SHA = 40, /* pad length for finished */ MAX_PAD_SIZE = 256, /* maximum length of padding */ - COMPRESS_DUMMY_SIZE = 64, /* compression dummy round size */ - COMPRESS_CONSTANT = 13, /* compression calc constant */ - COMPRESS_UPPER = 55, /* compression calc numerator */ - COMPRESS_LOWER = 64, /* compression calc denominator */ LENGTH_SZ = 2, /* length field for HMAC, data only */ VERSION_SZ = 2, /* length of proctocol version */ @@ -1160,6 +1177,7 @@ enum Misc { OPAQUE8_LEN + WC_MAX_DIGEST_SIZE, MAX_REQUEST_SZ = 256, /* Maximum cert req len (no auth yet */ SESSION_FLUSH_COUNT = 256, /* Flush session cache unless user turns off */ + TLS_MAX_PAD_SZ = 255, /* Max padding in TLS */ #ifdef HAVE_FIPS MAX_SYM_KEY_SIZE = AES_256_KEY_SIZE, @@ -1167,6 +1185,12 @@ enum Misc { MAX_SYM_KEY_SIZE = WC_MAX_SYM_KEY_SIZE, #endif +#ifdef HAVE_SELFTEST + AES_256_KEY_SIZE = 32, + AES_IV_SIZE = 16, + AES_128_KEY_SIZE = 16, +#endif + AEAD_SEQ_OFFSET = 4, /* Auth Data: Sequence number */ AEAD_TYPE_OFFSET = 8, /* Auth Data: Type */ AEAD_VMAJ_OFFSET = 9, /* Auth Data: Major Version */ @@ -1529,6 +1553,8 @@ WOLFSSL_LOCAL int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, word32 helloSz, byte* extMsgType); #endif +int TimingPadVerify(WOLFSSL* ssl, const byte* input, int padLen, int t, + int pLen, int content); enum { @@ -2832,7 +2858,7 @@ WOLFSSL_SESSION* GetSession(WOLFSSL*, byte*, byte); WOLFSSL_LOCAL int SetSession(WOLFSSL*, WOLFSSL_SESSION*); -typedef int (*hmacfp) (WOLFSSL*, byte*, const byte*, word32, int, int); +typedef int (*hmacfp) (WOLFSSL*, byte*, const byte*, word32, int, int, int); #ifndef NO_CLIENT_CACHE WOLFSSL_SESSION* GetSessionClient(WOLFSSL*, const byte*, int); @@ -3010,7 +3036,6 @@ typedef struct Options { word16 quietShutdown:1; /* don't send close notify */ word16 certOnly:1; /* stop once we get cert */ word16 groupMessages:1; /* group handshake messages */ - word16 usingNonblock:1; /* are we using nonblocking socket */ word16 saveArrays:1; /* save array Memory for user get keys or psk */ word16 weOwnRng:1; /* will be true unless CTX owns */ @@ -3030,6 +3055,7 @@ typedef struct Options { #endif #endif #ifdef WOLFSSL_DTLS + word16 dtlsUseNonblock:1; /* are we using nonblocking socket */ word16 dtlsHsRetain:1; /* DTLS retaining HS data */ word16 haveMcast:1; /* using multicast ? */ #ifdef WOLFSSL_SCTP @@ -3054,6 +3080,10 @@ typedef struct Options { #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TLS13_MIDDLEBOX_COMPAT) word16 sentChangeCipher:1; /* Change Cipher Spec sent */ #endif +#if !defined(WOLFSSL_NO_CLIENT_AUTH) && defined(HAVE_ED25519) && \ + !defined(NO_ED25519_CLIENT_AUTH) + word16 cacheMessages:1; /* Cache messages for sign/verify */ +#endif /* need full byte values for this section */ byte processReply; /* nonblocking resume */ @@ -3348,6 +3378,11 @@ typedef struct HS_Hashes { #ifdef WOLFSSL_SHA512 wc_Sha512 hashSha512; /* sha512 hash of handshake msgs */ #endif +#if defined(HAVE_ED25519) && !defined(WOLFSSL_NO_CLIENT_AUTH) + byte* messages; /* handshake messages */ + int length; /* length of handhsake messages' data */ + int prevLen; /* length of messages but last */ +#endif } HS_Hashes; @@ -3874,6 +3909,7 @@ WOLFSSL_LOCAL int wolfSSL_GetMaxRecordSize(WOLFSSL* ssl, int maxFragment); word32* outlen, int side, void* ctx); #endif /* HAVE_ECC */ #ifdef HAVE_ED25519 + WOLFSSL_LOCAL int Ed25519CheckPubKey(WOLFSSL* ssl); WOLFSSL_LOCAL int Ed25519Sign(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out, word32* outSz, ed25519_key* key, DerBuffer* keyBufInfo, void* ctx); @@ -3911,7 +3947,7 @@ WOLFSSL_LOCAL int GrowInputBuffer(WOLFSSL* ssl, int size, int usedLength); #ifndef NO_TLS WOLFSSL_LOCAL int MakeTlsMasterSecret(WOLFSSL*); WOLFSSL_LOCAL int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, - word32 sz, int content, int verify); + word32 sz, int padSz, int content, int verify); #endif #ifndef NO_WOLFSSL_CLIENT @@ -3964,12 +4000,21 @@ WOLFSSL_LOCAL word32 LowResTimer(void); WOLFSSL_LOCAL int CopyDecodedToX509(WOLFSSL_X509*, DecodedCert*); #endif -WOLFSSL_LOCAL const char* const* GetCipherNames(void); +typedef struct CipherSuiteInfo { + const char* name; +#ifndef NO_ERROR_STRINGS + const char* name_iana; +#endif + byte cipherSuite0; + byte cipherSuite; +} CipherSuiteInfo; + +WOLFSSL_LOCAL const CipherSuiteInfo* GetCipherNames(void); WOLFSSL_LOCAL int GetCipherNamesSize(void); -WOLFSSL_LOCAL const char* GetCipherNameInternal(const char* cipherName, int cipherSuite); +WOLFSSL_LOCAL const char* GetCipherNameInternal(const byte cipherSuite0, const byte cipherSuite); +WOLFSSL_LOCAL const char* GetCipherNameIana(const byte cipherSuite0, const byte cipherSuite); WOLFSSL_LOCAL const char* wolfSSL_get_cipher_name_internal(WOLFSSL* ssl); -WOLFSSL_LOCAL const char* wolfSSL_get_cipher_name_from_suite( - const unsigned char cipherSuite, const unsigned char cipherSuite0); +WOLFSSL_LOCAL const char* wolfSSL_get_cipher_name_iana(WOLFSSL* ssl); enum encrypt_side { ENCRYPT_SIDE_ONLY = 1, diff --git a/wolfssl/openssl/asn1.h b/wolfssl/openssl/asn1.h index 272698fe6..44a66189f 100644 --- a/wolfssl/openssl/asn1.h +++ b/wolfssl/openssl/asn1.h @@ -31,5 +31,26 @@ #define ASN1_STRING_set wolfSSL_ASN1_STRING_set #define ASN1_STRING_free wolfSSL_ASN1_STRING_free -#define V_ASN1_OCTET_STRING 0x04 /* tag for ASN1_OCTET_STRING */ -#endif /* WOLFSSL_ASN1_H_ */ +#define V_ASN1_OCTET_STRING 0x04 /* tag for ASN1_OCTET_STRING */ +#define V_ASN1_NEG 0x100 +#define V_ASN1_NEG_INTEGER (2 | V_ASN1_NEG) +#define V_ASN1_NEG_ENUMERATED (10 | V_ASN1_NEG) + +/* Type for ASN1_print_ex */ +# define ASN1_STRFLGS_ESC_2253 1 +# define ASN1_STRFLGS_ESC_CTRL 2 +# define ASN1_STRFLGS_ESC_MSB 4 +# define ASN1_STRFLGS_ESC_QUOTE 8 +# define ASN1_STRFLGS_UTF8_CONVERT 0x10 +# define ASN1_STRFLGS_IGNORE_TYPE 0x20 +# define ASN1_STRFLGS_SHOW_TYPE 0x40 +# define ASN1_STRFLGS_DUMP_ALL 0x80 +# define ASN1_STRFLGS_DUMP_UNKNOWN 0x100 +# define ASN1_STRFLGS_DUMP_DER 0x200 +# define ASN1_STRFLGS_RFC2253 (ASN1_STRFLGS_ESC_2253 | \ + ASN1_STRFLGS_ESC_CTRL | \ + ASN1_STRFLGS_ESC_MSB | \ + ASN1_STRFLGS_UTF8_CONVERT | \ + ASN1_STRFLGS_DUMP_UNKNOWN | \ + ASN1_STRFLGS_DUMP_DER) +#endif /* WOLFSSL_ASN1_H_ */ \ No newline at end of file diff --git a/wolfssl/openssl/bn.h b/wolfssl/openssl/bn.h index b1097e882..d51450e7b 100644 --- a/wolfssl/openssl/bn.h +++ b/wolfssl/openssl/bn.h @@ -110,7 +110,7 @@ WOLFSSL_API int wolfSSL_BN_is_prime_ex(const WOLFSSL_BIGNUM*, int, WOLFSSL_API WOLFSSL_BN_ULONG wolfSSL_BN_mod_word(const WOLFSSL_BIGNUM*, WOLFSSL_BN_ULONG); #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) - WOLFSSL_API int wolfSSL_BN_print_fp(FILE*, const WOLFSSL_BIGNUM*); + WOLFSSL_API int wolfSSL_BN_print_fp(XFILE, const WOLFSSL_BIGNUM*); #endif WOLFSSL_API int wolfSSL_BN_rshift(WOLFSSL_BIGNUM*, const WOLFSSL_BIGNUM*, int); WOLFSSL_API WOLFSSL_BIGNUM *wolfSSL_BN_CTX_get(WOLFSSL_BN_CTX *ctx); diff --git a/wolfssl/openssl/sha.h b/wolfssl/openssl/sha.h index 86e657bcb..2a930d96d 100644 --- a/wolfssl/openssl/sha.h +++ b/wolfssl/openssl/sha.h @@ -119,7 +119,7 @@ typedef WOLFSSL_SHA256_CTX SHA256_CTX; #define SHA256_Init wolfSSL_SHA256_Init #define SHA256_Update wolfSSL_SHA256_Update #define SHA256_Final wolfSSL_SHA256_Final -#if defined(NO_OLD_SHA256_NAMES) && !defined(HAVE_FIPS) +#if defined(NO_OLD_SHA_NAMES) && !defined(HAVE_FIPS) /* SHA256 is only available in non-fips mode because of SHA256 enum in FIPS * build. */ #define SHA256 wolfSSL_SHA256 @@ -148,7 +148,11 @@ typedef WOLFSSL_SHA384_CTX SHA384_CTX; #define SHA384_Init wolfSSL_SHA384_Init #define SHA384_Update wolfSSL_SHA384_Update #define SHA384_Final wolfSSL_SHA384_Final - +#if defined(NO_OLD_SHA_NAMES) && !defined(HAVE_FIPS) + /* SHA384 is only available in non-fips mode because of SHA384 enum in FIPS + * build. */ + #define SHA384 wolfSSL_SHA384 +#endif #endif /* WOLFSSL_SHA384 */ #ifdef WOLFSSL_SHA512 @@ -173,7 +177,11 @@ typedef WOLFSSL_SHA512_CTX SHA512_CTX; #define SHA512_Init wolfSSL_SHA512_Init #define SHA512_Update wolfSSL_SHA512_Update #define SHA512_Final wolfSSL_SHA512_Final - +#if defined(NO_OLD_SHA_NAMES) && !defined(HAVE_FIPS) + /* SHA512 is only available in non-fips mode because of SHA512 enum in FIPS + * build. */ + #define SHA512 wolfSSL_SHA512 +#endif #endif /* WOLFSSL_SHA512 */ diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index e90a5213a..a50e99bcb 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -128,6 +128,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; #define SSL_use_certificate_ASN1 wolfSSL_use_certificate_ASN1 #define d2i_PKCS8_PRIV_KEY_INFO_bio wolfSSL_d2i_PKCS8_PKEY_bio #define PKCS8_PRIV_KEY_INFO_free wolfSSL_EVP_PKEY_free +#define d2i_PKCS12_fp wolfSSL_d2i_PKCS12_fp #define d2i_PUBKEY_bio wolfSSL_d2i_PUBKEY_bio #define d2i_PrivateKey wolfSSL_d2i_PrivateKey @@ -297,6 +298,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; #define RAND_seed wolfSSL_RAND_seed #define RAND_cleanup wolfSSL_RAND_Cleanup #define RAND_add wolfSSL_RAND_add +#define RAND_poll wolfSSL_RAND_poll #define COMP_zlib wolfSSL_COMP_zlib #define COMP_rle wolfSSL_COMP_rle @@ -322,6 +324,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; #define X509_STORE_CTX_get_current_cert wolfSSL_X509_STORE_CTX_get_current_cert #define X509_STORE_add_cert wolfSSL_X509_STORE_add_cert +#define X509_STORE_add_crl wolfSSL_X509_STORE_add_crl #define X509_STORE_set_flags wolfSSL_X509_STORE_set_flags #define X509_STORE_CTX_set_verify_cb wolfSSL_X509_STORE_CTX_set_verify_cb #define X509_STORE_CTX_free wolfSSL_X509_STORE_CTX_free @@ -348,7 +351,8 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; #define X509_LOOKUP_file wolfSSL_X509_LOOKUP_file #define X509_STORE_add_lookup wolfSSL_X509_STORE_add_lookup -#define X509_STORE_new wolfSSL_X509_STORE_new +#define X509_STORE_new wolfSSL_X509_STORE_new +#define X509_STORE_free wolfSSL_X509_STORE_free #define X509_STORE_get_by_subject wolfSSL_X509_STORE_get_by_subject #define X509_STORE_CTX_init wolfSSL_X509_STORE_CTX_init #define X509_STORE_CTX_cleanup wolfSSL_X509_STORE_CTX_cleanup @@ -378,6 +382,10 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; #define ASN1_TIME_print wolfSSL_ASN1_TIME_print #define ASN1_GENERALIZEDTIME_print wolfSSL_ASN1_GENERALIZEDTIME_print #define ASN1_TIME_adj wolfSSL_ASN1_TIME_adj +#define ASN1_GENERALIZEDTIME_free wolfSSL_ASN1_GENERALIZEDTIME_free +#define ASN1_STRING_print_ex wolfSSL_ASN1_STRING_print_ex +#define ASN1_tag2str wolfSSL_ASN1_tag2str +#define ASN1_TIME_to_generalizedtime wolfSSL_ASN1_TIME_to_generalizedtime #define ASN1_INTEGER_new wolfSSL_ASN1_INTEGER_new #define ASN1_INTEGER_free wolfSSL_ASN1_INTEGER_free @@ -511,8 +519,16 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; #define sk_X509_free wolfSSL_sk_X509_free #define i2d_X509_bio wolfSSL_i2d_X509_bio #define d2i_X509_bio wolfSSL_d2i_X509_bio +#define d2i_X509_fp wolfSSL_d2i_X509_fp #define i2d_X509 wolfSSL_i2d_X509 #define d2i_X509 wolfSSL_d2i_X509 +#define d2i_PKCS12_bio wolfSSL_d2i_PKCS12_bio +#define d2i_PKCS12_fp wolfSSL_d2i_PKCS12_fp +#define d2i_RSAPublicKey wolfSSL_d2i_RSAPublicKey +#define i2d_RSAPublicKey wolfSSL_i2d_RSAPublicKey +#define d2i_X509_CRL wolfSSL_d2i_X509_CRL +#define d2i_X509_CRL_fp wolfSSL_d2i_X509_CRL_fp +#define X509_CRL_free wolfSSL_X509_CRL_free #define SSL_CTX_get_ex_data wolfSSL_CTX_get_ex_data #define SSL_CTX_set_ex_data wolfSSL_CTX_set_ex_data @@ -528,6 +544,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; #define SSL_CTX_get_ex_new_index wolfSSL_CTX_get_ex_new_index #define PEM_read_bio_X509 wolfSSL_PEM_read_bio_X509 #define PEM_read_bio_X509_AUX wolfSSL_PEM_read_bio_X509_AUX +#define PEM_read_X509_CRL wolfSSL_PEM_read_X509_CRL /*#if OPENSSL_API_COMPAT < 0x10100000L*/ #define CONF_modules_free() @@ -549,7 +566,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; #define X509_NAME_free wolfSSL_X509_NAME_free #define X509_NAME_new wolfSSL_X509_NAME_new -typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; + typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; #define SSL_CTX_use_certificate wolfSSL_CTX_use_certificate #define SSL_CTX_use_PrivateKey wolfSSL_CTX_use_PrivateKey @@ -568,10 +585,10 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; #define X509_NAME_ENTRY_get_data wolfSSL_X509_NAME_ENTRY_get_data #define sk_X509_NAME_pop_free wolfSSL_sk_X509_NAME_pop_free #define SHA1 wolfSSL_SHA1 + #define X509_check_private_key wolfSSL_X509_check_private_key #define SSL_dup_CA_list wolfSSL_dup_CA_list - - +#define X509_check_ca wolfSSL_X509_check_ca /* NIDs */ @@ -878,6 +895,7 @@ typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING; #define SSL_get0_session wolfSSL_SSL_get0_session #define X509_check_host wolfSSL_X509_check_host #define i2a_ASN1_INTEGER wolfSSL_i2a_ASN1_INTEGER +#define i2c_ASN1_INTEGER wolfSSL_i2c_ASN1_INTEGER #define ERR_peek_error_line_data wolfSSL_ERR_peek_error_line_data #define ERR_load_BIO_strings wolfSSL_ERR_load_BIO_strings #define SSL_CTX_set_tlsext_ticket_key_cb wolfSSL_CTX_set_tlsext_ticket_key_cb @@ -906,6 +924,7 @@ typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING; #define SSL_CTX_add_client_CA wolfSSL_CTX_add_client_CA #define SSL_CTX_set_srp_password wolfSSL_CTX_set_srp_password #define SSL_CTX_set_srp_username wolfSSL_CTX_set_srp_username +#define OPENSSL_add_all_algorithms_noconf wolfSSL_OPENSSL_add_all_alogrithms_noconf #ifdef __cplusplus } /* extern "C" */ diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index f425729ee..713ca514f 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -121,6 +121,7 @@ typedef struct WOLFSSL_X509 WOLFSSL_X509; typedef struct WOLFSSL_X509_NAME WOLFSSL_X509_NAME; typedef struct WOLFSSL_X509_NAME_ENTRY WOLFSSL_X509_NAME_ENTRY; typedef struct WOLFSSL_X509_CHAIN WOLFSSL_X509_CHAIN; +typedef struct WC_PKCS12 WOLFSSL_X509_PKCS12; typedef struct WOLFSSL_CERT_MANAGER WOLFSSL_CERT_MANAGER; typedef struct WOLFSSL_SOCKADDR WOLFSSL_SOCKADDR; @@ -164,7 +165,7 @@ typedef struct WOLFSSL_ECDSA_SIG WOLFSSL_ECDSA_SIG; typedef struct WOLFSSL_CIPHER WOLFSSL_CIPHER; typedef struct WOLFSSL_X509_LOOKUP WOLFSSL_X509_LOOKUP; typedef struct WOLFSSL_X509_LOOKUP_METHOD WOLFSSL_X509_LOOKUP_METHOD; -typedef struct WOLFSSL_X509_CRL WOLFSSL_X509_CRL; +typedef struct WOLFSSL_CRL WOLFSSL_X509_CRL; typedef struct WOLFSSL_X509_STORE WOLFSSL_X509_STORE; typedef struct WOLFSSL_X509_VERIFY_PARAM WOLFSSL_X509_VERIFY_PARAM; typedef struct WOLFSSL_BIO WOLFSSL_BIO; @@ -188,6 +189,7 @@ struct WOLFSSL_ASN1_INTEGER { * byte type */ unsigned char intData[WOLFSSL_ASN1_INTEGER_MAX]; /* ASN_INTEGER | LENGTH | hex of number */ + unsigned char negative; /* negative number flag */ unsigned char* data; unsigned int dataMax; /* max size of data buffer */ @@ -300,6 +302,9 @@ struct WOLFSSL_X509_STORE { #ifdef OPENSSL_EXTRA int isDynamic; #endif +#if defined(OPENSSL_EXTRA) && defined(HAVE_CRL) + WOLFSSL_X509_CRL *crl; +#endif }; #ifdef OPENSSL_EXTRA @@ -536,12 +541,12 @@ WOLFSSL_API char* wolfSSL_get_cipher_list(int priority); WOLFSSL_API char* wolfSSL_get_cipher_list_ex(WOLFSSL* ssl, int priority); WOLFSSL_API int wolfSSL_get_ciphers(char*, int); WOLFSSL_API const char* wolfSSL_get_cipher_name(WOLFSSL* ssl); +WOLFSSL_API const char* wolfSSL_get_cipher_name_from_suite(const unsigned char, + const unsigned char); WOLFSSL_API const char* wolfSSL_get_shared_ciphers(WOLFSSL* ssl, char* buf, int len); WOLFSSL_API const char* wolfSSL_get_curve_name(WOLFSSL* ssl); WOLFSSL_API int wolfSSL_get_fd(const WOLFSSL*); -WOLFSSL_API void wolfSSL_set_using_nonblock(WOLFSSL*, int); -WOLFSSL_API int wolfSSL_get_using_nonblock(WOLFSSL*); /* please see note at top of README if you get an error from connect */ WOLFSSL_API int wolfSSL_connect(WOLFSSL*); WOLFSSL_API int wolfSSL_write(WOLFSSL*, const void*, int); @@ -660,6 +665,11 @@ WOLFSSL_API int wolfSSL_CTX_set_cipher_list(WOLFSSL_CTX*, const char*); WOLFSSL_API int wolfSSL_set_cipher_list(WOLFSSL*, const char*); /* Nonblocking DTLS helper functions */ +WOLFSSL_API void wolfSSL_dtls_set_using_nonblock(WOLFSSL*, int); +WOLFSSL_API int wolfSSL_dtls_get_using_nonblock(WOLFSSL*); +#define wolfSSL_set_using_nonblock wolfSSL_dtls_set_using_nonblock +#define wolfSSL_get_using_nonblock wolfSSL_dtls_get_using_nonblock + /* The old names are deprecated. */ WOLFSSL_API int wolfSSL_dtls_get_current_timeout(WOLFSSL* ssl); WOLFSSL_API int wolfSSL_dtls_set_timeout_init(WOLFSSL* ssl, int); WOLFSSL_API int wolfSSL_dtls_set_timeout_max(WOLFSSL* ssl, int); @@ -797,6 +807,10 @@ WOLFSSL_API long wolfSSL_BIO_set_fd(WOLFSSL_BIO* b, int fd, int flag); WOLFSSL_API void wolfSSL_set_bio(WOLFSSL*, WOLFSSL_BIO* rd, WOLFSSL_BIO* wr); WOLFSSL_API int wolfSSL_add_all_algorithms(void); +#ifdef OPENSSL_EXTRA +WOLFSSL_API int wolfSSL_OPENSSL_add_all_algorithms_noconf(void); +#endif + #ifndef NO_FILESYSTEM WOLFSSL_API WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_file(void); #endif @@ -828,6 +842,7 @@ WOLFSSL_API int wolfSSL_RAND_egd(const char*); WOLFSSL_API int wolfSSL_RAND_seed(const void*, int); WOLFSSL_API void wolfSSL_RAND_Cleanup(void); WOLFSSL_API void wolfSSL_RAND_add(const void*, int, double); +WOLFSSL_API int wolfSSL_RAND_poll(void); WOLFSSL_API WOLFSSL_COMP_METHOD* wolfSSL_COMP_zlib(void); WOLFSSL_API WOLFSSL_COMP_METHOD* wolfSSL_COMP_rle(void); @@ -987,8 +1002,10 @@ WOLFSSL_API const char* wolfSSL_state_string_long(const WOLFSSL*); WOLFSSL_API WOLFSSL_RSA* wolfSSL_RSA_generate_key(int, unsigned long, void(*)(int, int, void*), void*); -WOLFSSL_API void wolfSSL_CTX_set_tmp_rsa_callback(WOLFSSL_CTX*, - WOLFSSL_RSA*(*)(WOLFSSL*, int, int)); +WOLFSSL_API WOLFSSL_RSA *wolfSSL_d2i_RSAPublicKey(WOLFSSL_RSA **r, const unsigned char **pp, long len); +WOLFSSL_API int wolfSSL_i2d_RSAPublicKey(WOLFSSL_RSA *r, const unsigned char **pp); +WOLFSSL_API void wolfSSL_CTX_set_tmp_rsa_callback(WOLFSSL_CTX *, + WOLFSSL_RSA *(*)(WOLFSSL *, int, int)); WOLFSSL_API int wolfSSL_PEM_def_callback(char*, int num, int w, void* key); @@ -1210,9 +1227,9 @@ enum { /* wolfSSL extension, provide last error from SSL_get_error since not using thread storage error queue */ #include -WOLFSSL_API void wolfSSL_ERR_print_errors_fp(FILE*, int err); +WOLFSSL_API void wolfSSL_ERR_print_errors_fp(XFILE, int err); #if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE) -WOLFSSL_API void wolfSSL_ERR_dump_errors_fp(FILE* fp); +WOLFSSL_API void wolfSSL_ERR_dump_errors_fp(XFILE fp); #endif #endif @@ -1375,7 +1392,6 @@ enum { WOLFSSL_BIO_UNSET = -2, WOLFSSL_BIO_SIZE = 17000 /* default BIO write size if not set */ }; - #endif WOLFSSL_API void wolfSSL_ERR_put_error(int lib, int fun, int err, @@ -1427,6 +1443,7 @@ WOLFSSL_API int wolfSSL_ASN1_UTCTIME_print(WOLFSSL_BIO*, const WOLFSSL_ASN1_UTCTIME*); WOLFSSL_API int wolfSSL_ASN1_GENERALIZEDTIME_print(WOLFSSL_BIO*, const WOLFSSL_ASN1_GENERALIZEDTIME*); +WOLFSSL_API void wolfSSL_ASN1_GENERALIZEDTIME_free(WOLFSSL_ASN1_GENERALIZEDTIME*); WOLFSSL_API int wolfSSL_sk_num(WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)*); WOLFSSL_API void* wolfSSL_sk_value(WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)*, int); @@ -1513,10 +1530,17 @@ WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509(WOLFSSL_X509** x509, WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_d2i(WOLFSSL_X509** x509, const unsigned char* in, int len); WOLFSSL_API int wolfSSL_i2d_X509(WOLFSSL_X509* x509, unsigned char** out); +WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL(WOLFSSL_X509_CRL **crl, + const unsigned char *in, int len); +#ifndef NO_FILESYSTEM +WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL_fp(XFILE file, WOLFSSL_X509_CRL **crl); +#endif +WOLFSSL_API void wolfSSL_X509_CRL_free(WOLFSSL_X509_CRL *crl); + #ifndef NO_FILESYSTEM #ifndef NO_STDIO_FILESYSTEM WOLFSSL_API WOLFSSL_X509* - wolfSSL_X509_d2i_fp(WOLFSSL_X509** x509, FILE* file); + wolfSSL_X509_d2i_fp(WOLFSSL_X509** x509, XFILE file); #endif WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_load_certificate_file(const char* fname, int format); @@ -1542,6 +1566,10 @@ WOLFSSL_API int wolfSSL_connect_cert(WOLFSSL* ssl); typedef struct WC_PKCS12 WC_PKCS12; WOLFSSL_API WC_PKCS12* wolfSSL_d2i_PKCS12_bio(WOLFSSL_BIO* bio, WC_PKCS12** pkcs12); +#ifndef NO_FILESYSTEM +WOLFSSL_API WOLFSSL_X509_PKCS12* wolfSSL_d2i_PKCS12_fp(XFILE fp, + WOLFSSL_X509_PKCS12** pkcs12); +#endif WOLFSSL_API int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw, WOLFSSL_EVP_PKEY** pkey, WOLFSSL_X509** cert, WOLF_STACK_OF(WOLFSSL_X509)** ca); @@ -2525,6 +2553,10 @@ WOLFSSL_API int wolfSSL_SESSION_get_master_key_length(const WOLFSSL_SESSION* ses WOLFSSL_API void wolfSSL_CTX_set_cert_store(WOLFSSL_CTX* ctx, WOLFSSL_X509_STORE* str); WOLFSSL_API int wolfSSL_i2d_X509_bio(WOLFSSL_BIO* bio, WOLFSSL_X509* x509); +#if !defined(NO_FILESYSTEM) +WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509_fp(XFILE fp, + WOLFSSL_X509** x509); +#endif WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509_bio(WOLFSSL_BIO* bio, WOLFSSL_X509** x509); WOLFSSL_API WOLFSSL_X509_STORE* wolfSSL_CTX_get_cert_store(WOLFSSL_CTX* ctx); @@ -2538,6 +2570,10 @@ WOLFSSL_API int wolfSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *p WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u); WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509_AUX (WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u); +#ifndef NO_FILESYSTEM +WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_PEM_read_X509_CRL(XFILE fp, WOLFSSL_X509_CRL **x, + pem_password_cb *cb, void *u); +#endif /*lighttp compatibility */ @@ -2570,8 +2606,11 @@ WOLFSSL_API WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_get_entry(WOLFSSL_X509_NA WOLFSSL_API void wolfSSL_sk_X509_NAME_pop_free(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk, void f (WOLFSSL_X509_NAME*)); WOLFSSL_API unsigned char *wolfSSL_SHA1(const unsigned char *d, size_t n, unsigned char *md); WOLFSSL_API unsigned char *wolfSSL_SHA256(const unsigned char *d, size_t n, unsigned char *md); +WOLFSSL_API unsigned char *wolfSSL_SHA384(const unsigned char *d, size_t n, unsigned char *md); +WOLFSSL_API unsigned char *wolfSSL_SHA512(const unsigned char *d, size_t n, unsigned char *md); WOLFSSL_API int wolfSSL_X509_check_private_key(WOLFSSL_X509*, WOLFSSL_EVP_PKEY*); WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_NAME) *wolfSSL_dup_CA_list( WOLF_STACK_OF(WOLFSSL_X509_NAME) *sk ); +WOLFSSL_API int wolfSSL_X509_check_ca(WOLFSSL_X509 *x509); #ifndef NO_FILESYSTEM WOLFSSL_API long wolfSSL_BIO_set_fp(WOLFSSL_BIO *bio, XFILE fp, int c); @@ -2870,12 +2909,18 @@ WOLFSSL_API int i2t_ASN1_OBJECT(char *buf, int buf_len, WOLFSSL_ASN1_OBJECT *a); WOLFSSL_API void SSL_CTX_set_tmp_dh_callback(WOLFSSL_CTX *ctx, WOLFSSL_DH *(*dh) (WOLFSSL *ssl, int is_export, int keylength)); WOLFSSL_API WOLF_STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void); WOLFSSL_API int X509_STORE_load_locations(WOLFSSL_X509_STORE *ctx, const char *file, const char *dir); +WOLFSSL_API int wolfSSL_X509_STORE_add_crl(WOLFSSL_X509_STORE *ctx, WOLFSSL_X509_CRL *x); WOLFSSL_API int wolfSSL_sk_SSL_CIPHER_num(const void * p); WOLFSSL_API int wolfSSL_sk_SSL_COMP_zero(WOLFSSL_STACK* st); WOLFSSL_API WOLFSSL_CIPHER* wolfSSL_sk_SSL_CIPHER_value(void *ciphers, int idx); WOLFSSL_API void ERR_load_SSL_strings(void); WOLFSSL_API void wolfSSL_EC_POINT_dump(const char *msg, const WOLFSSL_EC_POINT *p); +WOLFSSL_API const char *wolfSSL_ASN1_tag2str(int tag); +WOLFSSL_API int wolfSSL_ASN1_STRING_print_ex(WOLFSSL_BIO *out, WOLFSSL_ASN1_STRING *str, unsigned long flags); +WOLFSSL_API WOLFSSL_ASN1_TIME *wolfSSL_ASN1_TIME_to_generalizedtime(WOLFSSL_ASN1_TIME *t, + WOLFSSL_ASN1_TIME **out); +WOLFSSL_API int wolfSSL_i2c_ASN1_INTEGER(WOLFSSL_ASN1_INTEGER *a, unsigned char **pp); #endif /* OPENSSL_EXTRA */ #ifdef HAVE_PK_CALLBACKS diff --git a/wolfssl/test.h b/wolfssl/test.h index 2c66ee6f5..b55c395b5 100644 --- a/wolfssl/test.h +++ b/wolfssl/test.h @@ -220,11 +220,19 @@ #endif +#ifndef WOLFSSL_NO_TLS12 #define SERVER_DEFAULT_VERSION 3 +#else +#define SERVER_DEFAULT_VERSION 4 +#endif #define SERVER_DTLS_DEFAULT_VERSION (-2) #define SERVER_INVALID_VERSION (-99) #define SERVER_DOWNGRADE_VERSION (-98) +#ifndef WOLFSSL_NO_TLS12 #define CLIENT_DEFAULT_VERSION 3 +#else +#define CLIENT_DEFAULT_VERSION 4 +#endif #define CLIENT_DTLS_DEFAULT_VERSION (-2) #define CLIENT_INVALID_VERSION (-99) #define CLIENT_DOWNGRADE_VERSION (-98) @@ -639,7 +647,7 @@ static INLINE void build_addr(SOCKADDR_IN_T* addr, const char* peer, if (addr == NULL) err_sys("invalid argument to build_addr, addr is NULL"); - memset(addr, 0, sizeof(SOCKADDR_IN_T)); + XMEMSET(addr, 0, sizeof(SOCKADDR_IN_T)); #ifndef TEST_IPV6 /* peer could be in human readable form */ @@ -692,7 +700,7 @@ static INLINE void build_addr(SOCKADDR_IN_T* addr, const char* peer, int ret; char strPort[80]; - memset(&hints, 0, sizeof(hints)); + XMEMSET(&hints, 0, sizeof(hints)); hints.ai_family = AF_INET_V; if (udp) { @@ -1422,7 +1430,7 @@ static INLINE int myDateCb(int preverify, WOLFSSL_X509_STORE_CTX* store) #ifdef HAVE_EXT_CACHE -static INLINE WOLFSSL_SESSION* mySessGetCb(WOLFSSL* ssl, unsigned char* id, +static INLINE WOLFSSL_SESSION* mySessGetCb(WOLFSSL* ssl, unsigned char* id, int id_len, int* copy) { (void)ssl; @@ -1852,14 +1860,14 @@ static INLINE void SetupAtomicUser(WOLFSSL_CTX* ctx, WOLFSSL* ssl) encCtx = (AtomicEncCtx*)malloc(sizeof(AtomicEncCtx)); if (encCtx == NULL) err_sys("AtomicEncCtx malloc failed"); - memset(encCtx, 0, sizeof(AtomicEncCtx)); + XMEMSET(encCtx, 0, sizeof(AtomicEncCtx)); decCtx = (AtomicDecCtx*)malloc(sizeof(AtomicDecCtx)); if (decCtx == NULL) { free(encCtx); err_sys("AtomicDecCtx malloc failed"); } - memset(decCtx, 0, sizeof(AtomicDecCtx)); + XMEMSET(decCtx, 0, sizeof(AtomicDecCtx)); wolfSSL_CTX_SetMacEncryptCb(ctx, myMacEncryptCb); wolfSSL_SetMacEncryptCtx(ssl, encCtx); diff --git a/wolfssl/version.h b/wolfssl/version.h index 0af5fb25f..238277058 100644 --- a/wolfssl/version.h +++ b/wolfssl/version.h @@ -28,8 +28,8 @@ extern "C" { #endif -#define LIBWOLFSSL_VERSION_STRING "3.14.0" -#define LIBWOLFSSL_VERSION_HEX 0x03014000 +#define LIBWOLFSSL_VERSION_STRING "3.15.0" +#define LIBWOLFSSL_VERSION_HEX 0x03015000 #ifdef __cplusplus } diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index da73afe58..35b372355 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -860,6 +860,7 @@ WOLFSSL_LOCAL int GetSerialNumber(const byte* input, word32* inOutIdx, WOLFSSL_LOCAL int GetNameHash(const byte* source, word32* idx, byte* hash, int maxIdx); WOLFSSL_LOCAL int wc_CheckPrivateKey(byte* key, word32 keySz, DecodedCert* der); +WOLFSSL_LOCAL int RsaPublicKeyDerSize(RsaKey* key, int with_header); #ifdef HAVE_ECC /* ASN sig helpers */ diff --git a/wolfssl/wolfcrypt/asn_public.h b/wolfssl/wolfcrypt/asn_public.h index 312332f96..a3c914a58 100644 --- a/wolfssl/wolfcrypt/asn_public.h +++ b/wolfssl/wolfcrypt/asn_public.h @@ -72,7 +72,8 @@ enum CertType { ECC_PUBLICKEY_TYPE, TRUSTED_PEER_TYPE, EDDSA_PRIVATEKEY_TYPE, - ED25519_TYPE + ED25519_TYPE, + PKCS12_TYPE }; @@ -99,11 +100,15 @@ enum Ctc_Encoding { CTC_PRINTABLE = 0x13 /* printable */ }; +#ifndef WC_CTC_MAX_ALT_SIZE + #define WC_CTC_MAX_ALT_SIZE 16384 +#endif + enum Ctc_Misc { CTC_COUNTRY_SIZE = 2, CTC_NAME_SIZE = 64, CTC_DATE_SIZE = 32, - CTC_MAX_ALT_SIZE = 16384, /* may be huge */ + CTC_MAX_ALT_SIZE = WC_CTC_MAX_ALT_SIZE, /* may be huge, default: 16384 */ CTC_SERIAL_SIZE = 16, #ifdef WOLFSSL_CERT_EXT /* AKID could contains: hash + (Option) AuthCertIssuer,AuthCertSerialNum diff --git a/wolfssl/wolfcrypt/cryptodev.h b/wolfssl/wolfcrypt/cryptodev.h new file mode 100644 index 000000000..98be93cb4 --- /dev/null +++ b/wolfssl/wolfcrypt/cryptodev.h @@ -0,0 +1,114 @@ +/* cryptodev.h + * + * Copyright (C) 2006-2018 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +#ifndef _WOLF_CRYPTO_DEV_H_ +#define _WOLF_CRYPTO_DEV_H_ + +#include + +#ifdef __cplusplus + extern "C" { +#endif + +#ifdef WOLF_CRYPTO_DEV + +#ifndef NO_RSA + #include +#endif +#ifdef HAVE_ECC + #include +#endif + +/* Crypto Information Structure for callbacks */ +typedef struct wc_CryptoInfo { + int algo_type; /* enum wc_AlgoType */ + struct { + int type; /* enum wc_PkType */ + union { + #ifndef NO_RSA + struct { + const byte* in; + word32 inLen; + byte* out; + word32* outLen; + int type; + RsaKey* key; + WC_RNG* rng; + } rsa; + #endif + #ifdef HAVE_ECC + struct { + ecc_key* private_key; + ecc_key* public_key; + byte* out; + word32* outlen; + } ecdh; + struct { + const byte* in; + word32 inlen; + byte* out; + word32 *outlen; + WC_RNG* rng; + ecc_key* key; + } eccsign; + struct { + const byte* sig; + word32 siglen; + const byte* hash; + word32 hashlen; + int* res; + ecc_key* key; + } eccverify; + #endif + }; + } pk; +} wc_CryptoInfo; + +typedef int (*CryptoDevCallbackFunc)(int devId, wc_CryptoInfo* info, void* ctx); + +WOLFSSL_LOCAL void wc_CryptoDev_Init(void); + +WOLFSSL_API int wc_CryptoDev_RegisterDevice(int devId, CryptoDevCallbackFunc cb, void* ctx); +WOLFSSL_API void wc_CryptoDev_UnRegisterDevice(int devId); + + +#ifndef NO_RSA +WOLFSSL_LOCAL int wc_CryptoDev_Rsa(const byte* in, word32 inLen, byte* out, + word32* outLen, int type, RsaKey* key, WC_RNG* rng); +#endif /* !NO_RSA */ + +#ifdef HAVE_ECC +WOLFSSL_LOCAL int wc_CryptoDev_Ecdh(ecc_key* private_key, ecc_key* public_key, + byte* out, word32* outlen); + +WOLFSSL_LOCAL int wc_CryptoDev_EccSign(const byte* in, word32 inlen, byte* out, + word32 *outlen, WC_RNG* rng, ecc_key* key); + +WOLFSSL_LOCAL int wc_CryptoDev_EccVerify(const byte* sig, word32 siglen, + const byte* hash, word32 hashlen, int* res, ecc_key* key); +#endif /* HAVE_ECC */ + +#endif /* WOLF_CRYPTO_DEV */ + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* _WOLF_CRYPTO_DEV_H_ */ diff --git a/wolfssl/wolfcrypt/ecc.h b/wolfssl/wolfcrypt/ecc.h index f6fdf219b..7554c2963 100644 --- a/wolfssl/wolfcrypt/ecc.h +++ b/wolfssl/wolfcrypt/ecc.h @@ -319,7 +319,7 @@ struct ecc_key { int slot; /* Key Slot Number (-1 unknown) */ byte pubkey_raw[ECC_MAX_CRYPTO_HW_PUBKEY_SIZE]; #endif -#ifdef PLUTON_CRYPTO_ECC +#if defined(PLUTON_CRYPTO_ECC) || defined(WOLF_CRYPTO_DEV) int devId; #endif #ifdef WOLFSSL_ASYNC_CRYPT diff --git a/wolfssl/wolfcrypt/ed25519.h b/wolfssl/wolfcrypt/ed25519.h index 82aa41062..e3950c3ea 100644 --- a/wolfssl/wolfcrypt/ed25519.h +++ b/wolfssl/wolfcrypt/ed25519.h @@ -77,6 +77,7 @@ struct ed25519_key { byte pointX[ED25519_KEY_SIZE]; /* recovered X coordinate */ byte pointY[ED25519_KEY_SIZE]; /* Y coordinate is the public key with The most significant bit of the final octet always zero. */ #endif + int pubKeySet:1; #ifdef WOLFSSL_ASYNC_CRYPT WC_ASYNC_DEV asyncDev; #endif diff --git a/wolfssl/wolfcrypt/include.am b/wolfssl/wolfcrypt/include.am index 6e84ed9d5..95221ef1d 100644 --- a/wolfssl/wolfcrypt/include.am +++ b/wolfssl/wolfcrypt/include.am @@ -61,7 +61,8 @@ nobase_include_HEADERS+= \ wolfssl/wolfcrypt/pkcs12.h \ wolfssl/wolfcrypt/wolfmath.h \ wolfssl/wolfcrypt/sha3.h \ - wolfssl/wolfcrypt/cpuid.h + wolfssl/wolfcrypt/cpuid.h \ + wolfssl/wolfcrypt/cryptodev.h noinst_HEADERS+= \ wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h \ diff --git a/wolfssl/wolfcrypt/logging.h b/wolfssl/wolfcrypt/logging.h index cbff0fa64..19ea0e5cd 100644 --- a/wolfssl/wolfcrypt/logging.h +++ b/wolfssl/wolfcrypt/logging.h @@ -112,7 +112,7 @@ WOLFSSL_API void wolfSSL_Debugging_OFF(void); WOLFSSL_API int wc_SetLoggingHeap(void* h); WOLFSSL_API int wc_ERR_remove_state(void); #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) - WOLFSSL_API void wc_ERR_print_errors_fp(FILE* fp); + WOLFSSL_API void wc_ERR_print_errors_fp(XFILE fp); #endif #endif /* OPENSSL_EXTRA || DEBUG_WOLFSSL_VERBOSE */ diff --git a/wolfssl/wolfcrypt/misc.h b/wolfssl/wolfcrypt/misc.h index ea86dd707..7cf4cff2a 100644 --- a/wolfssl/wolfcrypt/misc.h +++ b/wolfssl/wolfcrypt/misc.h @@ -91,6 +91,15 @@ void ato24(const byte* c, word32* u24); void ato32(const byte* c, word32* u32); word32 btoi(byte b); + +WOLFSSL_LOCAL byte ctMaskGT(int a, int b); +WOLFSSL_LOCAL byte ctMaskGTE(int a, int b); +WOLFSSL_LOCAL byte ctMaskLT(int a, int b); +WOLFSSL_LOCAL byte ctMaskLTE(int a, int b); +WOLFSSL_LOCAL byte ctMaskEq(int a, int b); +WOLFSSL_LOCAL byte ctMaskSel(byte m, byte a, byte b); +WOLFSSL_LOCAL byte ctSetLTE(int a, int b); + #endif /* NO_INLINE */ diff --git a/wolfssl/wolfcrypt/pkcs7.h b/wolfssl/wolfcrypt/pkcs7.h index 764e2668e..e17bf2eec 100644 --- a/wolfssl/wolfcrypt/pkcs7.h +++ b/wolfssl/wolfcrypt/pkcs7.h @@ -20,7 +20,7 @@ */ /*! - \file wolfssl/wolfcrypt/pksc7.h + \file wolfssl/wolfcrypt/pkcs7.h */ #ifndef WOLF_CRYPT_PKCS7_H @@ -133,6 +133,7 @@ typedef struct PKCS7 { int encryptOID; /* key encryption algorithm OID */ int keyWrapOID; /* key wrap algorithm OID */ int keyAgreeOID; /* key agreement algorithm OID */ + int devId; /* device ID for HW based private key */ byte issuerHash[KEYID_SIZE]; /* hash of all alt Names */ byte issuerSn[MAX_SN_SZ]; /* singleCert's serial number */ byte publicKey[MAX_RSA_INT_SZ + MAX_RSA_E_SZ ];/*MAX RSA key size (m + e)*/ diff --git a/wolfssl/wolfcrypt/port/caam/wolfcaam_sha.h b/wolfssl/wolfcrypt/port/caam/wolfcaam_sha.h index cb4b08781..95ddf55bf 100644 --- a/wolfssl/wolfcrypt/port/caam/wolfcaam_sha.h +++ b/wolfssl/wolfcrypt/port/caam/wolfcaam_sha.h @@ -28,6 +28,8 @@ #include +#define WOLFSSL_NO_HASH_RAW + #ifndef WC_CAAM_CTXLEN /* last 8 bytes of context is for length */ #define WC_CAAM_CTXLEN 8 diff --git a/wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h b/wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h index 1eae5837a..354c832c4 100644 --- a/wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h +++ b/wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h @@ -196,6 +196,8 @@ int wc_Pic32DesCrypt(word32 *key, int keyLen, word32 *iv, int ivLen, #endif #ifdef WOLFSSL_PIC32MZ_HASH +#define WOLFSSL_NO_HASH_RAW + int wc_Pic32Hash(const byte* in, int inLen, word32* out, int outLen, int algo); int wc_Pic32HashCopy(hashUpdCache* src, hashUpdCache* dst); #endif diff --git a/wolfssl/wolfcrypt/port/st/stm32.h b/wolfssl/wolfcrypt/port/st/stm32.h index 2c82b4760..40629aaf6 100644 --- a/wolfssl/wolfcrypt/port/st/stm32.h +++ b/wolfssl/wolfcrypt/port/st/stm32.h @@ -24,6 +24,8 @@ #ifdef STM32_HASH +#define WOLFSSL_NO_HASH_RAW + /* Generic STM32 Hashing Function */ /* Supports CubeMX HAL or Standard Peripheral Library */ diff --git a/wolfssl/wolfcrypt/port/ti/ti-hash.h b/wolfssl/wolfcrypt/port/ti/ti-hash.h index 361993896..d42404e01 100644 --- a/wolfssl/wolfcrypt/port/ti/ti-hash.h +++ b/wolfssl/wolfcrypt/port/ti/ti-hash.h @@ -33,6 +33,8 @@ #define WOLFSSL_MAX_HASH_SIZE 64 #endif +#define WOLFSSL_NO_HASH_RAW + typedef struct { byte *msg; word32 used; diff --git a/wolfssl/wolfcrypt/rsa.h b/wolfssl/wolfcrypt/rsa.h index 5cbc76770..380072d9e 100644 --- a/wolfssl/wolfcrypt/rsa.h +++ b/wolfssl/wolfcrypt/rsa.h @@ -121,6 +121,9 @@ struct RsaKey { #ifdef WC_RSA_BLINDING WC_RNG* rng; /* for PrivateDecrypt blinding */ #endif +#ifdef WOLF_CRYPTO_DEV + int devId; +#endif #ifdef WOLFSSL_ASYNC_CRYPT WC_ASYNC_DEV asyncDev; #ifdef WOLFSSL_CERT_GEN @@ -149,7 +152,7 @@ WOLFSSL_API int wc_FreeRsaKey(RsaKey* key); WOLFSSL_LOCAL int wc_InitRsaHw(RsaKey* key); #endif /* WOLFSSL_XILINX_CRYPT */ -WOLFSSL_LOCAL int wc_RsaFunction(const byte* in, word32 inLen, byte* out, +WOLFSSL_API int wc_RsaFunction(const byte* in, word32 inLen, byte* out, word32* outLen, int type, RsaKey* key, WC_RNG* rng); WOLFSSL_API int wc_RsaPublicEncrypt(const byte* in, word32 inLen, byte* out, @@ -235,9 +238,13 @@ WOLFSSL_API int wc_RsaPrivateDecrypt_ex(const byte* in, word32 inLen, WOLFSSL_API int wc_RsaPrivateDecryptInline_ex(byte* in, word32 inLen, byte** out, RsaKey* key, int type, enum wc_HashType hash, int mgf, byte* label, word32 lableSz); +#if defined(WC_RSA_DIRECT) || defined(WC_RSA_NO_PADDING) WOLFSSL_API int wc_RsaDirect(byte* in, word32 inLen, byte* out, word32* outSz, RsaKey* key, int type, WC_RNG* rng); +#endif + #endif /* HAVE_FIPS*/ + WOLFSSL_API int wc_RsaFlattenPublicKey(RsaKey*, byte*, word32*, byte*, word32*); WOLFSSL_API int wc_RsaExportKey(RsaKey* key, @@ -247,8 +254,9 @@ WOLFSSL_API int wc_RsaExportKey(RsaKey* key, byte* p, word32* pSz, byte* q, word32* qSz); +WOLFSSL_API int wc_RsaKeyToPublicDer(RsaKey*, byte* output, word32 inLen); + #ifdef WOLFSSL_KEY_GEN - WOLFSSL_API int wc_RsaKeyToPublicDer(RsaKey*, byte* output, word32 inLen); WOLFSSL_API int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng); WOLFSSL_API int wc_CheckProbablePrime(const byte* p, word32 pSz, const byte* q, word32 qSz, diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 93cb0a2e2..a966db6f0 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -1639,8 +1639,8 @@ extern void uITRON4_free(void *p) ; #if defined(NO_OLD_WC_NAMES) || defined(OPENSSL_EXTRA) /* added to have compatibility with SHA256() */ - #if !defined(NO_OLD_SHA256_NAMES) && !defined(HAVE_FIPS) - #define NO_OLD_SHA256_NAMES + #if !defined(NO_OLD_SHA_NAMES) && !defined(HAVE_FIPS) + #define NO_OLD_SHA_NAMES #endif #endif diff --git a/wolfssl/wolfcrypt/sha.h b/wolfssl/wolfcrypt/sha.h index 8e3519f50..f782bfe6b 100644 --- a/wolfssl/wolfcrypt/sha.h +++ b/wolfssl/wolfcrypt/sha.h @@ -62,9 +62,12 @@ #include #endif +#if !defined(NO_OLD_SHA_NAMES) + #define SHA WC_SHA +#endif + #ifndef NO_OLD_WC_NAMES #define Sha wc_Sha - #define SHA WC_SHA #define SHA_BLOCK_SIZE WC_SHA_BLOCK_SIZE #define SHA_DIGEST_SIZE WC_SHA_DIGEST_SIZE #define SHA_PAD_SIZE WC_SHA_PAD_SIZE @@ -120,6 +123,7 @@ typedef struct wc_Sha { WOLFSSL_API int wc_InitSha(wc_Sha*); WOLFSSL_API int wc_InitSha_ex(wc_Sha* sha, void* heap, int devId); WOLFSSL_API int wc_ShaUpdate(wc_Sha*, const byte*, word32); +WOLFSSL_API int wc_ShaFinalRaw(wc_Sha*, byte*); WOLFSSL_API int wc_ShaFinal(wc_Sha*, byte*); WOLFSSL_API void wc_ShaFree(wc_Sha*); diff --git a/wolfssl/wolfcrypt/sha256.h b/wolfssl/wolfcrypt/sha256.h index a2d387a13..3beb9457e 100644 --- a/wolfssl/wolfcrypt/sha256.h +++ b/wolfssl/wolfcrypt/sha256.h @@ -81,9 +81,10 @@ #define SHA256_NOINLINE #endif -#ifndef NO_OLD_SHA256_NAMES +#if !defined(NO_OLD_SHA_NAMES) #define SHA256 WC_SHA256 #endif + #ifndef NO_OLD_WC_NAMES #define Sha256 wc_Sha256 #define SHA256_BLOCK_SIZE WC_SHA256_BLOCK_SIZE @@ -138,6 +139,7 @@ typedef struct wc_Sha256 { WOLFSSL_API int wc_InitSha256(wc_Sha256*); WOLFSSL_API int wc_InitSha256_ex(wc_Sha256*, void*, int); WOLFSSL_API int wc_Sha256Update(wc_Sha256*, const byte*, word32); +WOLFSSL_API int wc_Sha256FinalRaw(wc_Sha256*, byte*); WOLFSSL_API int wc_Sha256Final(wc_Sha256*, byte*); WOLFSSL_API void wc_Sha256Free(wc_Sha256*); diff --git a/wolfssl/wolfcrypt/sha3.h b/wolfssl/wolfcrypt/sha3.h index 7f725e670..7c31bd36f 100644 --- a/wolfssl/wolfcrypt/sha3.h +++ b/wolfssl/wolfcrypt/sha3.h @@ -60,12 +60,14 @@ enum { WC_SHA3_512_DIGEST_SIZE = 64, WC_SHA3_512_COUNT = 9, +#ifndef HAVE_SELFTEST /* These values are used for HMAC, not SHA-3 directly. * They come from from FIPS PUB 202. */ WC_SHA3_224_BLOCK_SIZE = 144, WC_SHA3_256_BLOCK_SIZE = 136, WC_SHA3_384_BLOCK_SIZE = 104, WC_SHA3_512_BLOCK_SIZE = 72, +#endif }; #ifndef NO_OLD_WC_NAMES diff --git a/wolfssl/wolfcrypt/sha512.h b/wolfssl/wolfcrypt/sha512.h index ec93e80ef..66fd5676f 100644 --- a/wolfssl/wolfcrypt/sha512.h +++ b/wolfssl/wolfcrypt/sha512.h @@ -71,9 +71,12 @@ #define SHA512_NOINLINE #endif -#ifndef NO_OLD_WC_NAMES - #define Sha512 wc_Sha512 +#if !defined(NO_OLD_SHA_NAMES) #define SHA512 WC_SHA512 +#endif + +#if !defined(NO_OLD_WC_NAMES) + #define Sha512 wc_Sha512 #define SHA512_BLOCK_SIZE WC_SHA512_BLOCK_SIZE #define SHA512_DIGEST_SIZE WC_SHA512_DIGEST_SIZE #define SHA512_PAD_SIZE WC_SHA512_PAD_SIZE @@ -113,6 +116,7 @@ typedef struct wc_Sha512 { WOLFSSL_API int wc_InitSha512(wc_Sha512*); WOLFSSL_API int wc_InitSha512_ex(wc_Sha512*, void*, int); WOLFSSL_API int wc_Sha512Update(wc_Sha512*, const byte*, word32); +WOLFSSL_API int wc_Sha512FinalRaw(wc_Sha512*, byte*); WOLFSSL_API int wc_Sha512Final(wc_Sha512*, byte*); WOLFSSL_API void wc_Sha512Free(wc_Sha512*); @@ -123,9 +127,12 @@ WOLFSSL_API int wc_Sha512Copy(wc_Sha512* src, wc_Sha512* dst); #ifndef HAVE_FIPS /* avoid redefinition of structs */ -#ifndef NO_OLD_WC_NAMES - #define Sha384 wc_Sha384 +#if !defined(NO_OLD_SHA_NAMES) #define SHA384 WC_SHA384 +#endif + +#if !defined(NO_OLD_WC_NAMES) + #define Sha384 wc_Sha384 #define SHA384_BLOCK_SIZE WC_SHA384_BLOCK_SIZE #define SHA384_DIGEST_SIZE WC_SHA384_DIGEST_SIZE #define SHA384_PAD_SIZE WC_SHA384_PAD_SIZE @@ -146,6 +153,7 @@ typedef wc_Sha512 wc_Sha384; WOLFSSL_API int wc_InitSha384(wc_Sha384*); WOLFSSL_API int wc_InitSha384_ex(wc_Sha384*, void*, int); WOLFSSL_API int wc_Sha384Update(wc_Sha384*, const byte*, word32); +WOLFSSL_API int wc_Sha384FinalRaw(wc_Sha384*, byte*); WOLFSSL_API int wc_Sha384Final(wc_Sha384*, byte*); WOLFSSL_API void wc_Sha384Free(wc_Sha384*); diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h old mode 100755 new mode 100644 index 8da6f8038..37a982bf8 --- a/wolfssl/wolfcrypt/types.h +++ b/wolfssl/wolfcrypt/types.h @@ -102,7 +102,7 @@ (defined(LP64) || defined(_LP64)) /* LP64 with GNU GCC compiler is reserved for when long int is 64 bits * and int uses 32 bits. When using Solaris Studio sparc and __sparc are - * avialable for 32 bit detection but __sparc64__ could be missed. This + * available for 32 bit detection but __sparc64__ could be missed. This * uses LP64 for checking 64 bit CPU arch. */ typedef word64 wolfssl_word; #define WC_64BIT_CPU @@ -171,7 +171,7 @@ #if defined(_MSC_VER) #define THREAD_LS_T __declspec(thread) /* Thread local storage only in FreeRTOS v8.2.1 and higher */ - #elif defined(FREERTOS) + #elif defined(FREERTOS) || defined(FREERTOS_TCP) #define THREAD_LS_T #else #define THREAD_LS_T __thread @@ -201,7 +201,7 @@ /* idea to add global alloc override by Moises Guimaraes */ /* default to libc stuff */ /* XREALLOC is used once in normal math lib, not in fast math lib */ - /* XFREE on some embeded systems doesn't like free(0) so test */ + /* XFREE on some embedded systems doesn't like free(0) so test */ #if defined(HAVE_IO_POOL) WOLFSSL_API void* XMALLOC(size_t n, void* heap, int type); WOLFSSL_API void* XREALLOC(void *p, size_t n, void* heap, int type); @@ -329,7 +329,7 @@ #if defined(MICROCHIP_PIC32) || defined(WOLFSSL_TIRTOS) /* XC32 does not support strncasecmp, so use case sensitive one */ #define XSTRNCASECMP(s1,s2,n) strncmp((s1),(s2),(n)) - #elif defined(USE_WINDOWS_API) + #elif defined(USE_WINDOWS_API) || defined(FREERTOS_TCP_WINSIM) #define XSTRNCASECMP(s1,s2,n) _strnicmp((s1),(s2),(n)) #else #if (defined(HAVE_STRINGS_H) || defined(WOLF_C99)) && \ @@ -496,6 +496,17 @@ MIN_STACK_BUFFER = 8 }; + + /* Algorithm Types */ + enum wc_AlgoType { + WC_ALGO_TYPE_NONE = 0, + WC_ALGO_TYPE_HASH = 1, + WC_ALGO_TYPE_CIPHER = 2, + WC_ALGO_TYPE_PK = 3, + + WC_ALGO_TYPE_MAX = WC_ALGO_TYPE_PK + }; + /* hash types */ enum wc_HashType { WC_HASH_TYPE_NONE = 0, @@ -518,7 +529,7 @@ }; /* cipher types */ - enum CipherTypes { + enum wc_CipherType { WC_CIPHER_NONE = 0, WC_CIPHER_AES = 1, WC_CIPHER_AES_CBC = 2, @@ -530,10 +541,25 @@ WC_CIPHER_DES = 8, WC_CIPHER_CHACHA = 9, WC_CIPHER_HC128 = 10, + WC_CIPHER_IDEA = 11, WC_CIPHER_MAX = WC_CIPHER_HC128 }; + /* PK=public key (asymmetric) based algorithms */ + enum wc_PkType { + WC_PK_TYPE_NONE = 0, + WC_PK_TYPE_RSA = 1, + WC_PK_TYPE_DH = 2, + WC_PK_TYPE_ECDH = 3, + WC_PK_TYPE_ECDSA_SIGN = 4, + WC_PK_TYPE_ECDSA_VERIFY = 5, + WC_PK_TYPE_ED25519 = 6, + WC_PK_TYPE_CURVE25519 = 7, + + WC_PK_TYPE_MAX = WC_PK_TYPE_CURVE25519 + }; + /* settings detection for compile vs runtime math incompatibilities */ enum { diff --git a/wolfssl/wolfcrypt/wc_port.h b/wolfssl/wolfcrypt/wc_port.h index de4f8d9e5..cce21ba98 100644 --- a/wolfssl/wolfcrypt/wc_port.h +++ b/wolfssl/wolfcrypt/wc_port.h @@ -34,7 +34,7 @@ #endif /* detect C99 */ -#if !defined(WOLF_C99) && defined(__STDC_VERSION__) +#if !defined(WOLF_C99) && defined(__STDC_VERSION__) && !defined(WOLFSSL_ARDUINO) #if __STDC_VERSION__ >= 199901L #define WOLF_C99 #endif diff --git a/wolfssl/wolfio.h b/wolfssl/wolfio.h index f14f7df1b..d60bdbe7a 100644 --- a/wolfssl/wolfio.h +++ b/wolfssl/wolfio.h @@ -219,6 +219,9 @@ #else #define CloseSocket(s) close(s) #define StartTCP() + #ifdef FREERTOS_TCP_WINSIM + extern int close(int); + #endif #endif