From e895bacbba854ab0e9a127991c2c7002401f00d9 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Fri, 13 Apr 2018 09:31:32 -0600 Subject: [PATCH 001/146] update before/after dates with certificates --- certs/1024/ca-cert.der | Bin 953 -> 953 bytes certs/1024/ca-cert.pem | 37 +- certs/1024/client-cert.der | Bin 969 -> 969 bytes certs/1024/client-cert.pem | 39 +- certs/1024/server-cert.der | Bin 941 -> 941 bytes certs/1024/server-cert.pem | 69 ++- certs/ca-cert.der | Bin 1198 -> 1198 bytes certs/ca-cert.pem | 57 +- certs/ca-ecc-cert.der | Bin 654 -> 655 bytes certs/ca-ecc-cert.pem | 23 +- certs/ca-ecc384-cert.der | Bin 715 -> 715 bytes certs/ca-ecc384-cert.pem | 29 +- certs/client-ca.pem | 86 ++- certs/client-cert-3072.pem | 157 +++-- certs/client-cert.der | Bin 1230 -> 1230 bytes certs/client-cert.pem | 57 +- certs/client-ecc-cert.der | Bin 781 -> 780 bytes certs/client-ecc-cert.pem | 29 +- certs/client-key-3072.pem | 76 +-- certs/crl/caEcc384Crl.pem | 37 +- certs/crl/caEccCrl.pem | 32 +- certs/crl/cliCrl.pem | 59 +- certs/crl/crl.pem | 52 +- certs/crl/crl.revoked | 56 +- certs/crl/eccCliCRL.pem | 28 +- certs/crl/eccSrvCRL.pem | 28 +- certs/ecc-privOnlyCert.pem | 49 +- certs/ecc-rsa-server.p12 | Bin 2406 -> 2406 bytes certs/ed25519/ca-ed25519-key.der | Bin 84 -> 84 bytes certs/ed25519/ca-ed25519-key.pem | 4 +- certs/ed25519/ca-ed25519.der | Bin 605 -> 612 bytes certs/ed25519/ca-ed25519.pem | 26 +- certs/ed25519/client-ed25519-key.der | Bin 84 -> 84 bytes certs/ed25519/client-ed25519-key.pem | 4 +- certs/ed25519/client-ed25519.der | Bin 597 -> 604 bytes certs/ed25519/client-ed25519.pem | 20 +- certs/ed25519/root-ed25519-key.der | Bin 84 -> 84 bytes certs/ed25519/root-ed25519-key.pem | 4 +- certs/ed25519/root-ed25519.der | Bin 607 -> 614 bytes certs/ed25519/root-ed25519.pem | 26 +- certs/ed25519/server-ed25519-key.der | Bin 84 -> 84 bytes certs/ed25519/server-ed25519-key.pem | 4 +- certs/ed25519/server-ed25519.der | Bin 591 -> 598 bytes certs/ed25519/server-ed25519.pem | 52 +- certs/ntru-cert.pem | 53 +- certs/ntru-key.raw | Bin 607 -> 607 bytes certs/ocsp/intermediate1-ca-cert.pem | 102 ++-- certs/ocsp/intermediate2-ca-cert.pem | 102 ++-- certs/ocsp/intermediate3-ca-cert.pem | 102 ++-- certs/ocsp/ocsp-responder-cert.pem | 102 ++-- certs/ocsp/root-ca-cert.pem | 52 +- certs/ocsp/server1-cert.pem | 150 ++--- certs/ocsp/server2-cert.pem | 150 ++--- certs/ocsp/server3-cert.pem | 150 ++--- certs/ocsp/server4-cert.pem | 150 ++--- certs/ocsp/server5-cert.pem | 150 ++--- certs/server-cert.der | Bin 1186 -> 1186 bytes certs/server-cert.pem | 111 ++-- certs/server-ecc-comp.der | Bin 808 -> 807 bytes certs/server-ecc-comp.pem | 27 +- certs/server-ecc-rsa.der | Bin 996 -> 996 bytes certs/server-ecc-rsa.pem | 54 +- certs/server-ecc.pem | 0 certs/server-revoked-cert.pem | 113 ++-- certs/test-pathlen/server-0-1-ca.pem | 52 +- certs/test-pathlen/server-0-1-cert.pem | 48 +- certs/test-pathlen/server-0-1-chain.pem | 156 ++--- certs/test-pathlen/server-0-ca.pem | 56 +- certs/test-pathlen/server-0-cert.pem | 50 +- certs/test-pathlen/server-0-chain.pem | 106 ++-- certs/test-pathlen/server-1-0-ca.pem | 52 +- certs/test-pathlen/server-1-0-cert.pem | 48 +- certs/test-pathlen/server-1-0-chain.pem | 156 ++--- certs/test-pathlen/server-1-ca.pem | 56 +- certs/test-pathlen/server-1-cert.pem | 50 +- certs/test-pathlen/server-1-chain.pem | 106 ++-- certs/test-pathlen/server-127-ca.pem | 56 +- certs/test-pathlen/server-127-cert.pem | 48 +- certs/test-pathlen/server-127-chain.pem | 104 ++-- certs/test-pathlen/server-128-ca.pem | 60 +- certs/test-pathlen/server-128-cert.pem | 56 +- certs/test-pathlen/server-128-chain.pem | 116 ++-- certs/test-servercert.p12 | Bin 5277 -> 5277 bytes certs/test/cert-ext-ia.der | Bin 1022 -> 1022 bytes certs/test/cert-ext-nc.der | Bin 1146 -> 1146 bytes certs/test/digsigku.pem | 22 +- certs/test/server-cert-ecc-badsig.der | Bin 852 -> 852 bytes certs/test/server-cert-ecc-badsig.pem | 44 +- certs/test/server-cert-rsa-badsig.der | Bin 1186 -> 1186 bytes certs/test/server-cert-rsa-badsig.pem | 163 +++++- certs/test/server-duplicate-policy.pem | 112 ++-- tests/api.c | 2 +- wolfssl/certs_test.h | 733 ++++++++++++------------ 93 files changed, 2652 insertions(+), 2508 deletions(-) mode change 100755 => 100644 certs/ca-ecc-cert.pem mode change 100755 => 100644 certs/ca-ecc384-cert.pem mode change 100755 => 100644 certs/crl/caEcc384Crl.pem mode change 100755 => 100644 certs/crl/caEccCrl.pem mode change 100755 => 100644 certs/server-ecc.pem mode change 100755 => 100644 certs/test/server-cert-ecc-badsig.pem diff --git a/certs/1024/ca-cert.der b/certs/1024/ca-cert.der index 89921fd185c9a6c62a296deb18f8f526d79d2070..6a2b06e40268f9a4a902399dc3fadcdde7aa9ce0 100644 GIT binary patch delta 212 zcmdnVzLQi@y?Y|-6Z8p;~%$F2+O z>|5bBSDLUOXh~Hc8|HY z>$Up*+!J+Hd-Y~(tyQv~y7H3-^PZ<~&V1syazg+1tKWJ-Vm(ewOCoc9jJM3XRO}@; J|Kx`14w#0?63mMAQJjbCuAVK59S?&wZ_|XHH70=mRjgG9837_<)M6F`n&I`rjor1ix^a5Zkj61 zl)oF#)BIz#Z%1a(=IB_LgZBtdo^QNHo=RDCI?p2{nd4Cn1%U-x?UDU$l{~5QRdcOb2 zH)9&-R+jiHT(i5@Uow=R`jmgg+1(3uQ#NdW=e|7R=JDGbChcBzen%HeH2-|N2bY|J K_Qoz}^Z)=>He8ng delta 212 zcmX@fev)0npo#gYK@+py0%j&gCMHgX&&fMXWw~zLoG7tX+RVVh(9p=hz}(n8N}Siw z(!kWf0?M6S!?bX7C*yQR4w#0?8qA9IhH*!G^0yy#mkx}dIdP$~tBqNt!oLY_Q!8KW zxOv;9KG~@-@@nK#o6FA43u@)U%$O!U;*$I}{Zo_BvQ7J~w{2kmQx#pIw7~F-?Q5>1 zPo8c$zT1E04s*%<$5ZB(%&WN1`Sse}L%+{Wxw?P)hO(_M1yXZ7T8~Kok4`x*Xu$Tw J;p+rOZ2-XGTN(fW diff --git a/certs/1024/client-cert.pem b/certs/1024/client-cert.pem index ffa017747..d36383d25 100644 --- a/certs/1024/client-cert.pem +++ b/certs/1024/client-cert.pem @@ -1,13 +1,12 @@ Certificate: Data: Version: 3 (0x2) - Serial Number: - f3:63:b8:35:1d:0a:d8:d9 + Serial Number: 13534178914118477827 (0xbbd31003e69d2803) Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Montana, L=Bozeman, O=wolfSSL_1024, OU=Programming-1024, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Aug 11 20:07:37 2016 GMT - Not After : May 8 20:07:37 2019 GMT + Not Before: Apr 13 15:23:09 2018 GMT + Not After : Jan 7 15:23:09 2021 GMT Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL_1024, OU=Programming-1024, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -29,25 +28,25 @@ Certificate: X509v3 Authority Key Identifier: keyid:81:69:0F:F8:DF:DD:CF:34:29:D5:67:75:71:85:C7:75:10:69:59:EC DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL_1024/OU=Programming-1024/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:F3:63:B8:35:1D:0A:D8:D9 + serial:BB:D3:10:03:E6:9D:28:03 X509v3 Basic Constraints: CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 31:5e:c5:8c:6f:b7:c5:47:1b:51:5f:99:91:a1:23:45:3c:36: - 59:20:fe:90:46:95:79:e8:b8:d9:db:44:7f:63:42:71:59:d5: - 59:a5:3c:d3:43:83:a0:7d:1e:56:36:02:92:e2:0a:19:f6:97: - f2:82:12:a6:b2:bf:3b:b6:b0:07:fc:7a:5b:78:22:a0:31:f4: - 3d:eb:0a:c5:e4:e5:b4:c7:bb:4f:a9:b8:37:19:bf:c7:64:9d: - 74:9e:78:df:09:f5:d6:dd:c2:fb:ce:94:d5:bf:97:b0:76:b5: - e9:10:65:6c:48:85:c4:1b:ff:5b:64:c7:11:30:06:e4:40:f5: - 90:2b + 84:99:d9:e5:37:c4:44:7d:ce:29:b8:b6:80:0e:ea:a3:e2:fa: + a2:2f:5c:d2:4a:85:67:b9:8b:fa:9f:7d:da:6d:85:2a:c2:20: + f3:18:c8:d4:6b:26:b2:7a:68:e7:82:52:87:e7:0c:5b:08:47: + 7a:55:a5:0d:fa:72:ce:6b:a1:b2:ae:5a:a1:63:ff:68:db:e5: + 49:ef:f1:0e:98:96:09:b5:04:5f:d4:0a:9b:8a:af:d2:31:1f: + 95:e5:0f:a8:cd:bb:a1:2d:64:b0:b7:ee:47:a7:58:d9:c7:db: + b0:92:bb:aa:cf:b8:8a:04:5b:0f:9f:3e:e0:d2:42:52:bd:5d: + a7:48 -----BEGIN CERTIFICATE----- -MIIDxTCCAy6gAwIBAgIJAPNjuDUdCtjZMA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD +MIIDxTCCAy6gAwIBAgIJALvTEAPmnSgDMA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEVMBMG A1UECgwMd29sZlNTTF8xMDI0MRkwFwYDVQQLDBBQcm9ncmFtbWluZy0xMDI0MRgw FgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29s -ZnNzbC5jb20wHhcNMTYwODExMjAwNzM3WhcNMTkwNTA4MjAwNzM3WjCBnjELMAkG +ZnNzbC5jb20wHhcNMTgwNDEzMTUyMzA5WhcNMjEwMTA3MTUyMzA5WjCBnjELMAkG A1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFTAT BgNVBAoMDHdvbGZTU0xfMTAyNDEZMBcGA1UECwwQUHJvZ3JhbW1pbmctMTAyNDEY MBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv @@ -59,9 +58,9 @@ D/jf3c80KdVndXGFx3UQaVnsMIHTBgNVHSMEgcswgciAFIFpD/jf3c80KdVndXGF x3UQaVnsoYGkpIGhMIGeMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQ MA4GA1UEBwwHQm96ZW1hbjEVMBMGA1UECgwMd29sZlNTTF8xMDI0MRkwFwYDVQQL DBBQcm9ncmFtbWluZy0xMDI0MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAd -BgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CCQDzY7g1HQrY2TAMBgNVHRME -BTADAQH/MA0GCSqGSIb3DQEBCwUAA4GBADFexYxvt8VHG1FfmZGhI0U8Nlkg/pBG -lXnouNnbRH9jQnFZ1VmlPNNDg6B9HlY2ApLiChn2l/KCEqayvzu2sAf8elt4IqAx -9D3rCsXk5bTHu0+puDcZv8dknXSeeN8J9dbdwvvOlNW/l7B2tekQZWxIhcQb/1tk -xxEwBuRA9ZAr +BgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CCQC70xAD5p0oAzAMBgNVHRME +BTADAQH/MA0GCSqGSIb3DQEBCwUAA4GBAISZ2eU3xER9zim4toAO6qPi+qIvXNJK +hWe5i/qffdpthSrCIPMYyNRrJrJ6aOeCUofnDFsIR3pVpQ36cs5robKuWqFj/2jb +5Unv8Q6Ylgm1BF/UCpuKr9IxH5XlD6jNu6EtZLC37kenWNnH27CSu6rPuIoEWw+f +PuDSQlK9XadI -----END CERTIFICATE----- diff --git a/certs/1024/server-cert.der b/certs/1024/server-cert.der index 9ef470288bd7270cc4d8c0e90978b98e56f54df4..3e9b678a687c274a8f89e4c0bcf71c705588b67c 100644 GIT binary patch delta 180 zcmZ3>zLtH$0VxXu6GLM|QzK(TgD7!cBSQm219J#><1H;Fj$6O8c>kTB?LL`@S+Sn` z@OtOgl*H$&qqL+qXiS#6sC2=P+&pMn4tK0v2PoliBNyNVJ zzt3je4OFk$uCwQ)<D0vRCR~T6l#qCFfJ?_oA6P j4g5zLtH$0Vy*B3qwOA0|RqoizsnkLrViw0}BXu<1H;Fj;($b&3E5F@1M-WtXQwJ zYLVOb%H#Ft-upgdSydBLUKE<fE>%}cy6RSY z%3hx;B-pngB(|3O)}h0UQqL9QqP~kYc5XlW{EpkRxSvvo9F|6Y{Q4{Ow&*LHW0rrP jRYx<%FF$FvK(1JD>*XExy&Xnb&(Cg`HT3g*!MGCuxe!v= diff --git a/certs/1024/server-cert.pem b/certs/1024/server-cert.pem index 92f631e1e..4b432fbbf 100644 --- a/certs/1024/server-cert.pem +++ b/certs/1024/server-cert.pem @@ -5,8 +5,8 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting_1024, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Aug 11 20:07:38 2016 GMT - Not After : May 8 20:07:38 2019 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL, OU=Support_1024, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -28,25 +28,25 @@ Certificate: X509v3 Authority Key Identifier: keyid:D3:22:8F:28:2C:E0:05:EE:D3:ED:C3:71:3D:C9:B2:36:3A:1D:BF:A8 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting_1024/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:B5:4E:78:83:DD:EF:E7:8F + serial:DA:FB:6A:0D:FE:CF:9B:47 X509v3 Basic Constraints: CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 2c:aa:a2:46:f7:79:c7:7f:ce:ef:4d:e6:04:aa:7c:5c:77:72: - 55:66:41:97:7f:c5:6e:98:a0:c4:10:c6:d6:9c:70:0a:ee:ba: - ea:98:47:78:6f:33:8f:44:7a:d5:74:8a:7e:ab:49:1d:d7:95: - 12:11:8e:a0:54:5d:7d:0b:da:c2:c3:01:1a:e7:20:5e:5a:f7: - 16:81:89:b7:cd:e7:dc:46:e6:5e:f9:1a:c2:40:a5:59:f1:f5: - fa:55:db:15:ea:3c:c6:39:fd:e6:7b:5b:01:5f:a7:c9:36:a0: - 1e:73:11:b5:d3:b8:3f:8d:88:32:6a:e7:cd:b7:1d:31:4e:49: - e8:b9 + 0b:c3:af:43:85:64:61:e7:ab:5a:2a:1b:b2:29:d5:66:68:44: + 1a:6d:66:fc:3d:b1:88:ec:a5:41:18:67:62:34:a4:5e:c9:69: + cd:40:c8:56:7e:bf:eb:bc:61:1f:33:34:58:be:57:fd:e6:98: + dd:51:27:7c:b7:2c:bc:c9:39:e5:e5:95:82:e1:3f:d9:b9:97: + 30:4e:33:2c:ef:f8:db:b4:ee:35:75:9e:7a:3f:22:8f:a5:71: + d4:01:64:6c:f2:85:f7:72:99:2c:80:0f:a4:31:1d:d4:0b:1e: + a5:0f:e7:53:0a:de:15:0d:b2:d0:6b:f4:d6:2f:e2:0b:a3:8a: + 5a:6e -----BEGIN CERTIFICATE----- MIIDqTCCAxKgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBmTELMAkGA1UEBhMCVVMx EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh d3Rvb3RoMRgwFgYDVQQLDA9Db25zdWx0aW5nXzEwMjQxGDAWBgNVBAMMD3d3dy53 b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0x -NjA4MTEyMDA3MzhaFw0xOTA1MDgyMDA3MzhaMIGVMQswCQYDVQQGEwJVUzEQMA4G +ODA0MTMxNTIzMTBaFw0yMTAxMDcxNTIzMTBaMIGVMQswCQYDVQQGEwJVUzEQMA4G A1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEQMA4GA1UECgwHd29sZlNT TDEVMBMGA1UECwwMU3VwcG9ydF8xMDI0MRgwFgYDVQQDDA93d3cud29sZnNzbC5j b20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wgZ8wDQYJKoZIhvcN @@ -58,21 +58,20 @@ VR0jBIHGMIHDgBTTIo8oLOAF7tPtw3E9ybI2Oh2/qKGBn6SBnDCBmTELMAkGA1UE BhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNV BAoMCFNhd3Rvb3RoMRgwFgYDVQQLDA9Db25zdWx0aW5nXzEwMjQxGDAWBgNVBAMM D3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNv -bYIJALVOeIPd7+ePMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADgYEALKqi -Rvd5x3/O703mBKp8XHdyVWZBl3/FbpigxBDG1pxwCu666phHeG8zj0R61XSKfqtJ -HdeVEhGOoFRdfQvawsMBGucgXlr3FoGJt83n3EbmXvkawkClWfH1+lXbFeo8xjn9 -5ntbAV+nyTagHnMRtdO4P42IMmrnzbcdMU5J6Lk= +bYIJANr7ag3+z5tHMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADgYEAC8Ov +Q4VkYeerWiobsinVZmhEGm1m/D2xiOylQRhnYjSkXslpzUDIVn6/67xhHzM0WL5X +/eaY3VEnfLcsvMk55eWVguE/2bmXME4zLO/427TuNXWeej8ij6Vx1AFkbPKF93KZ +LIAPpDEd1AsepQ/nUwreFQ2y0Gv01i/iC6OKWm4= -----END CERTIFICATE----- Certificate: Data: Version: 3 (0x2) - Serial Number: - b5:4e:78:83:dd:ef:e7:8f + Serial Number: 15779322327764802375 (0xdafb6a0dfecf9b47) Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting_1024, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Aug 11 20:07:37 2016 GMT - Not After : May 8 20:07:37 2019 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting_1024, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -94,25 +93,25 @@ Certificate: X509v3 Authority Key Identifier: keyid:D3:22:8F:28:2C:E0:05:EE:D3:ED:C3:71:3D:C9:B2:36:3A:1D:BF:A8 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting_1024/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:B5:4E:78:83:DD:EF:E7:8F + serial:DA:FB:6A:0D:FE:CF:9B:47 X509v3 Basic Constraints: CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 5a:09:c3:7e:d5:cd:73:6f:d6:5d:1d:6c:a8:4a:12:82:3d:be: - fe:09:d6:02:24:23:9a:07:67:4b:6e:60:a6:6d:42:aa:86:36: - 07:20:a9:44:b4:95:d6:81:db:9d:28:13:5f:a9:75:38:2d:80: - c6:60:f7:4a:48:23:c0:97:ee:f7:65:35:19:8d:20:a2:00:24: - 5c:d9:35:22:99:1f:dd:5f:0c:83:f8:ab:4d:88:69:6a:b0:f4: - 82:5c:77:a5:50:b1:09:d1:5d:94:d8:b0:26:bf:c1:55:14:9f: - e2:f0:2e:48:d1:7b:fc:52:bf:ac:6d:1a:3a:dd:36:ee:ca:51: - 4c:1d + 1d:48:f6:40:41:04:06:f2:e4:72:2f:ea:ff:c1:67:6b:15:bb: + 0a:28:23:28:07:c6:d7:13:2c:be:00:00:ac:1d:f7:f4:92:d3: + 2b:af:23:eb:9f:1a:e2:11:3c:2d:97:f2:0f:ac:ae:97:86:0a: + fb:a8:4f:74:1b:de:19:51:db:cd:e2:11:38:c1:a4:9d:56:ab: + 47:5c:de:ba:eb:27:df:6d:c8:7e:3a:bd:2e:9b:2a:ad:22:3b: + 95:a9:f2:28:03:bc:e5:ec:cc:f2:08:d4:c8:2f:db:ea:fb:2e: + 52:16:8c:42:02:a4:59:6d:4c:33:b4:9a:d2:73:4a:1e:9f:d9: + c8:83 -----BEGIN CERTIFICATE----- -MIIDtTCCAx6gAwIBAgIJALVOeIPd7+ePMA0GCSqGSIb3DQEBCwUAMIGZMQswCQYD +MIIDtTCCAx6gAwIBAgIJANr7ag3+z5tHMA0GCSqGSIb3DQEBCwUAMIGZMQswCQYD VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G A1UECgwIU2F3dG9vdGgxGDAWBgNVBAsMD0NvbnN1bHRpbmdfMTAyNDEYMBYGA1UE AwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu -Y29tMB4XDTE2MDgxMTIwMDczN1oXDTE5MDUwODIwMDczN1owgZkxCzAJBgNVBAYT +Y29tMB4XDTE4MDQxMzE1MjMxMFoXDTIxMDEwNzE1MjMxMFowgZkxCzAJBgNVBAYT AlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQK DAhTYXd0b290aDEYMBYGA1UECwwPQ29uc3VsdGluZ18xMDI0MRgwFgYDVQQDDA93 d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20w @@ -124,8 +123,8 @@ ybI2Oh2/qDCBzgYDVR0jBIHGMIHDgBTTIo8oLOAF7tPtw3E9ybI2Oh2/qKGBn6SB nDCBmTELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0Jv emVtYW4xETAPBgNVBAoMCFNhd3Rvb3RoMRgwFgYDVQQLDA9Db25zdWx0aW5nXzEw MjQxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5m -b0B3b2xmc3NsLmNvbYIJALVOeIPd7+ePMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcN -AQELBQADgYEAWgnDftXNc2/WXR1sqEoSgj2+/gnWAiQjmgdnS25gpm1CqoY2ByCp -RLSV1oHbnSgTX6l1OC2AxmD3SkgjwJfu92U1GY0gogAkXNk1Ipkf3V8Mg/irTYhp -arD0glx3pVCxCdFdlNiwJr/BVRSf4vAuSNF7/FK/rG0aOt027spRTB0= +b0B3b2xmc3NsLmNvbYIJANr7ag3+z5tHMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcN +AQELBQADgYEAHUj2QEEEBvLkci/q/8FnaxW7CigjKAfG1xMsvgAArB339JLTK68j +658a4hE8LZfyD6yul4YK+6hPdBveGVHbzeIROMGknVarR1zeuusn323Ifjq9Lpsq +rSI7lanyKAO85ezM8gjUyC/b6vsuUhaMQgKkWW1MM7Sa0nNKHp/ZyIM= -----END CERTIFICATE----- diff --git a/certs/ca-cert.der b/certs/ca-cert.der index 6a823ef9337192d6055caa0ba8692b2f0d213867..8c0c64445846c7bfcdd5509b956f5df03536e0cb 100644 GIT binary patch delta 335 zcmZ3-xsFr9powLbK@;<&1=4ZoOv`)+HpMamBvG}t-8MO&HHD$l0*MB&dGVd10{%xwpldYS~#OulC53Qay!%aTeT6pf<$jvpRA5BS#bPO&B|ushuhvT z?hi8NKJw4`^06g-`t9{qF0W1n=d`{}Eh{!;_ItJ0G(`AwN_+Nwle;DhJFIW}u9r@k jFsaa>@5Gs>2`cLi#Vm~{2K-!|;Z#y(dh_lHrXxWB+|Zni delta 335 zcmZ3-xsFr9powLbK@;<&1a&RcR3RWOzGqvW~F+*$sR6VMbi=rRhw4ooJxrP)M0mCup~;*>(0#^-y(Ea zFNfWH*>C>7&(8Y4k{QFP8;_>hFTeO!{$ACF>-}bX9Yf`=>}<1cSIsm{@VNFQYRb7q zzX~kOj1`Ih=NN6!Xqotmjp>SF>Iw*qm+c%jm3Y+x@02 is(G=-Z&`qyw$Z!{C+R1V>4~q7&kCF)6S|nGybJ()=aOsy diff --git a/certs/ca-cert.pem b/certs/ca-cert.pem index 8b34ea43d..7a8a56385 100644 --- a/certs/ca-cert.pem +++ b/certs/ca-cert.pem @@ -1,13 +1,12 @@ Certificate: Data: Version: 3 (0x2) - Serial Number: - b7:b6:90:33:66:1b:6b:23 + Serial Number: 9727763710660753659 (0x86fff58e10deb8fb) Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Aug 11 20:07:37 2016 GMT - Not After : May 8 20:07:37 2019 GMT + Not Before: Apr 13 15:23:09 2018 GMT + Not After : Jan 7 15:23:09 2021 GMT Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -38,32 +37,32 @@ Certificate: X509v3 Authority Key Identifier: keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:B7:B6:90:33:66:1B:6B:23 + serial:86:FF:F5:8E:10:DE:B8:FB X509v3 Basic Constraints: CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 0e:93:48:44:4a:72:96:60:71:25:82:a9:2c:ca:60:5b:f2:88: - 3e:cf:11:74:5a:11:4a:dc:d9:d8:f6:58:2c:05:d3:56:d9:e9: - 8f:37:ef:8e:3e:3b:ff:22:36:00:ca:d8:e2:96:3f:a7:d1:ed: - 1f:de:7a:b0:d7:8f:36:bd:41:55:1e:d4:b9:86:3b:87:25:69: - 35:60:48:d6:e4:5a:94:ce:a2:fa:70:38:36:c4:85:b4:4b:23: - fe:71:9e:2f:db:06:c7:b5:9c:21:f0:3e:7c:eb:91:f8:5c:09: - fd:84:43:a4:b3:4e:04:0c:22:31:71:6a:48:c8:ab:bb:e8:ce: - fa:67:15:1a:3a:82:98:43:33:b5:0e:1f:1e:89:f8:37:de:1b: - e6:b5:a0:f4:a2:8b:b7:1c:90:ba:98:6d:94:21:08:80:5d:f3: - bf:66:ad:c9:72:28:7a:6a:48:ee:cf:63:69:31:8c:c5:8e:66: - da:4b:78:65:e8:03:3a:4b:f8:cc:42:54:d3:52:5c:2d:04:ae: - 26:87:e1:7e:40:cb:45:41:16:4b:6e:a3:2e:4a:76:bd:29:7f: - 1c:53:37:06:ad:e9:5b:6a:d6:b7:4e:94:a2:7c:e8:ac:4e:a6: - 50:3e:2b:32:9e:68:42:1b:e4:59:67:61:ea:c7:9a:51:9c:1c: - 55:a3:77:76 + 9e:28:88:72:00:ca:e6:e7:97:ca:c1:f1:1f:9e:12:b2:b8:c7: + 51:ea:28:e1:36:b5:2d:e6:2f:08:23:cb:a9:4a:87:25:c6:5d: + 89:45:ea:f5:00:98:ac:76:fb:1b:af:f0:ce:64:9e:da:08:bf: + b6:eb:b4:b5:0c:a0:e7:f6:47:59:1c:61:cf:2e:0e:58:a4:82: + ac:0f:3f:ec:c4:ae:80:f7:b0:8a:1e:85:41:e8:ff:fe:fe:4f: + 1a:24:d5:49:fa:fb:fe:5e:e5:d3:91:0e:4f:4e:0c:21:51:71: + 83:04:6b:62:7b:4f:59:76:48:81:1e:b4:f7:04:47:8a:91:57: + a3:11:a9:f2:20:b4:78:33:62:3d:b0:5e:0d:f9:86:38:82:da: + a1:98:8d:19:06:87:21:39:b7:02:f7:da:7d:58:ba:52:15:d8: + 3b:c9:7b:58:34:a0:c7:e2:7c:a9:83:13:e1:b6:ec:01:bf:52: + 33:0b:c4:fe:43:d3:c6:a4:8e:2f:87:7f:7a:44:ea:ca:53:6c: + 85:ed:65:76:73:31:03:4e:ea:bd:35:54:13:f3:64:87:6b:df: + 34:dd:34:a1:88:3b:db:4d:af:1b:64:90:92:71:30:8e:c8:cc: + e5:60:24:af:31:16:39:33:91:50:f9:ab:68:42:74:7a:35:d9: + dd:c8:c4:52 -----BEGIN CERTIFICATE----- -MIIEqjCCA5KgAwIBAgIJALe2kDNmG2sjMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD +MIIEqjCCA5KgAwIBAgIJAIb/9Y4Q3rj7MA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3 dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAe -Fw0xNjA4MTEyMDA3MzdaFw0xOTA1MDgyMDA3MzdaMIGUMQswCQYDVQQGEwJVUzEQ +Fw0xODA0MTMxNTIzMDlaFw0yMTAxMDcxNTIzMDlaMIGUMQswCQYDVQQGEwJVUzEQ MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3 dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZI @@ -77,11 +76,11 @@ XDjNdyXvvYB1U5Q8PcpjW58VtdMdEy8Z0TzbdjrMuH3J5cLX2kBv2CHccxtCLVOc J45nEXTDJh0/7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYD VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290 aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t -MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkAt7aQM2YbayMwDAYD -VR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEADpNIREpylmBxJYKpLMpgW/KI -Ps8RdFoRStzZ2PZYLAXTVtnpjzfvjj47/yI2AMrY4pY/p9HtH956sNePNr1BVR7U -uYY7hyVpNWBI1uRalM6i+nA4NsSFtEsj/nGeL9sGx7WcIfA+fOuR+FwJ/YRDpLNO -BAwiMXFqSMiru+jO+mcVGjqCmEMztQ4fHon4N94b5rWg9KKLtxyQuphtlCEIgF3z -v2atyXIoempI7s9jaTGMxY5m2kt4ZegDOkv4zEJU01JcLQSuJofhfkDLRUEWS26j -Lkp2vSl/HFM3Bq3pW2rWt06UonzorE6mUD4rMp5oQhvkWWdh6seaUZwcVaN3dg== +MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkAhv/1jhDeuPswDAYD +VR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAniiIcgDK5ueXysHxH54SsrjH +Ueoo4Ta1LeYvCCPLqUqHJcZdiUXq9QCYrHb7G6/wzmSe2gi/tuu0tQyg5/ZHWRxh +zy4OWKSCrA8/7MSugPewih6FQej//v5PGiTVSfr7/l7l05EOT04MIVFxgwRrYntP +WXZIgR609wRHipFXoxGp8iC0eDNiPbBeDfmGOILaoZiNGQaHITm3AvfafVi6UhXY +O8l7WDSgx+J8qYMT4bbsAb9SMwvE/kPTxqSOL4d/ekTqylNshe1ldnMxA07qvTVU +E/Nkh2vfNN00oYg7202vG2SQknEwjsjM5WAkrzEWOTORUPmraEJ0ejXZ3cjEUg== -----END CERTIFICATE----- diff --git a/certs/ca-ecc-cert.der b/certs/ca-ecc-cert.der index 1c34f6bf95828cf5a242bed0e234063b2421baeb..b3f2f1ef5a54437d12c680b23759c50af22c31a2 100755 GIT binary patch delta 138 zcmeBU?PrxRXkzL%Xks#0z|6$R#Kg()mrqkM?X<_@i4v=&EDTHxjSWqWj13K<#CeSj z4Gay;A>563GZ?)*84TQ*6d68LpHV56v`@@X0C&0zHOU@&lHQZQ0$d?Nbh@v6&DcW9kj%(k3m`VHs$D^uKmNbpV$Qtswp oQe=2I&*Z|ScVWEB7G4T_&I=wkE}zyIrhV$j)nlo#X2tru0KbJXivR!s diff --git a/certs/ca-ecc-cert.pem b/certs/ca-ecc-cert.pem old mode 100755 new mode 100644 index c292b14fd..c613f7694 --- a/certs/ca-ecc-cert.pem +++ b/certs/ca-ecc-cert.pem @@ -1,13 +1,12 @@ Certificate: Data: Version: 3 (0x2) - Serial Number: - 97:b4:bd:16:78:f8:47:f2 + Serial Number: 18234557164704975011 (0xfd0e292166cb48a3) Signature Algorithm: ecdsa-with-SHA256 Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Oct 20 18:19:06 2017 GMT - Not After : Oct 15 18:19:06 2037 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: id-ecPublicKey @@ -31,16 +30,16 @@ Certificate: X509v3 Key Usage: critical Digital Signature, Certificate Sign, CRL Sign Signature Algorithm: ecdsa-with-SHA256 - 30:45:02:20:32:26:81:e4:15:ec:e3:aa:d3:e5:b8:2a:ca:a3: - 06:a7:04:97:d8:43:7f:d4:94:47:f8:18:0d:93:52:23:8b:08: - 02:21:00:e1:9e:34:d0:92:ee:56:0d:23:38:4a:20:bc:cf:11: - c3:33:77:96:81:56:2b:ca:c4:d5:c6:65:5d:36:73:2f:ba + 30:46:02:21:00:f0:7b:cc:24:73:19:3f:61:68:ed:c8:0a:54: + 4a:b8:ac:79:ef:10:32:91:52:2c:3e:bf:50:aa:5f:18:c1:97: + f5:02:21:00:d9:4b:63:67:6f:9b:29:a9:d7:6b:63:9b:98:9f: + 32:82:36:da:f0:a9:f7:51:b4:97:aa:fa:fa:dd:ef:ef:4a:ae -----BEGIN CERTIFICATE----- -MIICijCCAjCgAwIBAgIJAJe0vRZ4+EfyMAoGCCqGSM49BAMCMIGXMQswCQYDVQQG +MIICizCCAjCgAwIBAgIJAP0OKSFmy0ijMAoGCCqGSM49BAMCMIGXMQswCQYDVQQG EwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEQMA4G A1UECgwHd29sZlNTTDEUMBIGA1UECwwLRGV2ZWxvcG1lbnQxGDAWBgNVBAMMD3d3 dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAe -Fw0xNzEwMjAxODE5MDZaFw0zNzEwMTUxODE5MDZaMIGXMQswCQYDVQQGEwJVUzET +Fw0xODA0MTMxNTIzMTBaFw0yMTAxMDcxNTIzMTBaMIGXMQswCQYDVQQGEwJVUzET MBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEQMA4GA1UECgwH d29sZlNTTDEUMBIGA1UECwwLRGV2ZWxvcG1lbnQxGDAWBgNVBAMMD3d3dy53b2xm c3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTBZMBMGByqG @@ -48,6 +47,6 @@ SM49AgEGCCqGSM49AwEHA0IABALT2W7WAY5FyLmQMeXATOOerSk4mLoQ1ukJKoCp LhcquYq/M4NG45UL5HdAtTtDRTMPYVN8N0TBy/yAyuhD6qejYzBhMB0GA1UdDgQW BBRWjprD8ELeGLlFVW75k8/qw/OlITAfBgNVHSMEGDAWgBRWjprD8ELeGLlFVW75 k8/qw/OlITAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAKBggqhkjO -PQQDAgNIADBFAiAyJoHkFezjqtPluCrKowanBJfYQ3/UlEf4GA2TUiOLCAIhAOGe -NNCS7lYNIzhKILzPEcMzd5aBVivKxNXGZV02cy+6 +PQQDAgNJADBGAiEA8HvMJHMZP2Fo7cgKVEq4rHnvEDKRUiw+v1CqXxjBl/UCIQDZ +S2Nnb5spqddrY5uYnzKCNtrwqfdRtJeq+vrd7+9Krg== -----END CERTIFICATE----- diff --git a/certs/ca-ecc384-cert.der b/certs/ca-ecc384-cert.der index 8aafaf51a011563b941ad13e6584fd1fc7f23f00..756876f9e5c1b1aacca05f8254ccb49e759cfe55 100755 GIT binary patch delta 163 zcmX@jdYV^Ur<<^>?BSZ(v0$(KhWk?@)pu(j)7rNrQ~Lb$ z3N4Lk?{-~jcm2y`$Z()oGOa9b{^HbD$M@T-ZIg3n6wb__b9+TxaNdFp!PGq!B^sH> QQ|5Mjx^c)>let+L085@g-~a#s delta 163 zcmX@jdYV zdEK9~B57uaLL`$R!xV=U&9(~+Wim6A=WL(7ucFwhV_y)1{o_Wnn<7fK^A>e^h0Qr) PAK#(3ae0m}-b3b z;nmxQMb>G_eMa{Fm9k&i#oL5!6w|Uj{zsXy^WXp&&&U!DRa`|ER7Z#S5 m5dOqPD?SC7^N928d2pzu^$YhphEwy^AG!F8a(6SyZUF$O7?%_P delta 340 zcmX@dd5%-Upo!&_K@;<)1(q;x0hK5E42Ij`*QR2LY zmIkH<7Etaa=7pO(8Ks#xVCpBYVOFX)Zsph#!MBKkx#V8??~B@HbEZ#FP+asvPbol+ zrEFKUd*#!h??-qm|0mhA)*R-@d9c0l!ntE7-FEhQ$A?vV3vauao#uUxf%kD)-0#y{ zV}%S^Kkl~t);8hPq_8CmN)@-s`b<0Q`Z{Xj6r;*c|R zUF!dD{_WnfV%uDXtJ&+?f9y8hl#|9S_%8pS(A&t$k9MCfC#rW(t(#feyJWse>qk{z z54qXd1>e%ngl$~R6x3C-YCZd{>Bo4M_P;&-^#)7qbgtMaZO^ZJCqGr5J##D1f1Wyv orcHUPyG|~5U48BPWYYrnx)Zib{~7n+Y&~#1is?zsH73(}0QCf%l>h($ diff --git a/certs/client-cert.pem b/certs/client-cert.pem index 9262ad609..9b6a8190d 100644 --- a/certs/client-cert.pem +++ b/certs/client-cert.pem @@ -1,13 +1,12 @@ Certificate: Data: Version: 3 (0x2) - Serial Number: - b9:bc:90:ed:ad:aa:0a:8c + Serial Number: 12305170416376042871 (0xaac4bf4c50bd5577) Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Montana, L=Bozeman, O=wolfSSL_2048, OU=Programming-2048, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Aug 11 20:07:37 2016 GMT - Not After : May 8 20:07:37 2019 GMT + Not Before: Apr 13 15:23:09 2018 GMT + Not After : Jan 7 15:23:09 2021 GMT Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL_2048, OU=Programming-2048, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -38,32 +37,32 @@ Certificate: X509v3 Authority Key Identifier: keyid:33:D8:45:66:D7:68:87:18:7E:54:0D:70:27:91:C7:26:D7:85:65:C0 DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL_2048/OU=Programming-2048/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:B9:BC:90:ED:AD:AA:0A:8C + serial:AA:C4:BF:4C:50:BD:55:77 X509v3 Basic Constraints: CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 33:85:08:b4:58:0e:a2:00:03:74:de:77:fb:d1:2b:76:9c:97: - 90:20:21:a2:e8:2e:22:50:26:04:76:ba:5b:47:79:e5:52:f7: - c4:0d:79:ff:62:3f:05:7c:c3:08:6c:e0:b7:81:d0:ce:c6:c9: - 46:b9:8e:4b:5f:56:79:4b:13:b6:d1:6b:66:4b:ce:00:0d:e3: - 76:5e:fb:cb:b5:5d:12:31:05:f1:bb:39:f6:86:90:ca:92:56: - a4:a0:75:21:b6:1d:4c:96:c3:45:eb:5a:91:94:32:d3:59:b8: - c9:73:1f:03:a9:81:63:e0:43:c0:1e:c8:65:be:3b:a7:53:c3: - 44:ff:b3:fb:47:84:a8:b6:9d:00:d5:6b:ae:87:f8:bb:35:b2: - 6c:66:0b:11:ee:6f:fe:12:ed:59:79:f1:3e:f2:d3:61:27:8b: - 95:7e:99:75:8d:a4:9f:34:85:f1:25:4d:48:1e:9b:6b:70:f6: - 66:cc:56:b1:a3:02:52:8a:7c:aa:af:07:da:97:c6:0c:a5:8f: - ed:cb:f5:d8:04:5d:97:0a:5d:5a:2b:49:f5:bd:93:e5:23:9b: - 99:b5:0c:ff:0c:7e:38:82:b2:6e:ab:8a:c9:a7:45:ab:d6:d7: - 93:35:70:07:7e:c8:3d:a5:fe:33:8f:d9:85:c0:c7:5a:02:e4: - 7c:d6:35:9e + 80:52:54:61:2a:77:80:53:44:a9:80:6d:45:ff:0d:25:7d:1a: + 8f:23:93:53:74:35:12:6f:f0:2e:20:ea:ed:80:63:69:88:e6: + 0c:a1:49:30:e0:82:db:68:0f:7e:84:ac:ff:ff:7b:42:fa:7e: + 2f:b2:52:9f:d2:79:5e:35:12:27:36:bc:df:96:58:44:96:55: + c8:4a:94:02:5f:4a:9d:dc:d3:3a:f7:6d:ac:8b:79:6e:fc:be: + 8f:23:58:6a:8a:f5:38:0a:42:f6:98:74:88:53:2e:02:af:e1: + 0e:be:6f:cc:74:33:7c:ec:b4:cb:a7:49:6d:82:42:4f:eb:73: + 29:c3:32:00:2b:15:f8:88:7a:8f:6d:20:1b:ae:65:5f:c5:d0: + 8a:d1:e2:64:6d:a3:a8:fe:64:e1:a9:5b:e6:d0:23:d6:02:72: + 5a:ec:03:8e:87:67:19:8d:e4:a8:99:15:c1:3d:91:48:99:8d: + fe:ae:1c:bf:f6:28:1b:45:be:ad:ef:72:83:9a:f6:c7:3b:51: + a3:6e:7a:73:bd:83:aa:97:fd:63:b4:f4:6b:1c:14:81:9a:ef: + 14:24:d3:e1:8b:f4:04:04:84:54:0f:61:a2:a8:f2:50:37:0c: + 17:0c:bc:e0:c2:84:85:f4:0b:ae:00:ca:9f:27:e2:44:4f:15: + 0b:8b:1d:b4 -----BEGIN CERTIFICATE----- -MIIEyjCCA7KgAwIBAgIJALm8kO2tqgqMMA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD +MIIEyjCCA7KgAwIBAgIJAKrEv0xQvVV3MA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEVMBMG A1UECgwMd29sZlNTTF8yMDQ4MRkwFwYDVQQLDBBQcm9ncmFtbWluZy0yMDQ4MRgw FgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29s -ZnNzbC5jb20wHhcNMTYwODExMjAwNzM3WhcNMTkwNTA4MjAwNzM3WjCBnjELMAkG +ZnNzbC5jb20wHhcNMTgwNDEzMTUyMzA5WhcNMjEwMTA3MTUyMzA5WjCBnjELMAkG A1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFTAT BgNVBAoMDHdvbGZTU0xfMjA0ODEZMBcGA1UECwwQUHJvZ3JhbW1pbmctMjA0ODEY MBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv @@ -78,11 +77,11 @@ xybXhWXAMIHTBgNVHSMEgcswgciAFDPYRWbXaIcYflQNcCeRxybXhWXAoYGkpIGh MIGeMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96 ZW1hbjEVMBMGA1UECgwMd29sZlNTTF8yMDQ4MRkwFwYDVQQLDBBQcm9ncmFtbWlu Zy0yMDQ4MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEW -EGluZm9Ad29sZnNzbC5jb22CCQC5vJDtraoKjDAMBgNVHRMEBTADAQH/MA0GCSqG -SIb3DQEBCwUAA4IBAQAzhQi0WA6iAAN03nf70St2nJeQICGi6C4iUCYEdrpbR3nl -UvfEDXn/Yj8FfMMIbOC3gdDOxslGuY5LX1Z5SxO20WtmS84ADeN2XvvLtV0SMQXx -uzn2hpDKklakoHUhth1MlsNF61qRlDLTWbjJcx8DqYFj4EPAHshlvjunU8NE/7P7 -R4Sotp0A1Wuuh/i7NbJsZgsR7m/+Eu1ZefE+8tNhJ4uVfpl1jaSfNIXxJU1IHptr -cPZmzFaxowJSinyqrwfal8YMpY/ty/XYBF2XCl1aK0n1vZPlI5uZtQz/DH44grJu -q4rJp0Wr1teTNXAHfsg9pf4zj9mFwMdaAuR81jWe +EGluZm9Ad29sZnNzbC5jb22CCQCqxL9MUL1VdzAMBgNVHRMEBTADAQH/MA0GCSqG +SIb3DQEBCwUAA4IBAQCAUlRhKneAU0SpgG1F/w0lfRqPI5NTdDUSb/AuIOrtgGNp +iOYMoUkw4ILbaA9+hKz//3tC+n4vslKf0nleNRInNrzfllhEllXISpQCX0qd3NM6 +922si3lu/L6PI1hqivU4CkL2mHSIUy4Cr+EOvm/MdDN87LTLp0ltgkJP63MpwzIA +KxX4iHqPbSAbrmVfxdCK0eJkbaOo/mThqVvm0CPWAnJa7AOOh2cZjeSomRXBPZFI +mY3+rhy/9igbRb6t73KDmvbHO1GjbnpzvYOql/1jtPRrHBSBmu8UJNPhi/QEBIRU +D2GiqPJQNwwXDLzgwoSF9AuuAMqfJ+JETxULix20 -----END CERTIFICATE----- diff --git a/certs/client-ecc-cert.der b/certs/client-ecc-cert.der index 346a6e4b01574f1dc900e6b6bae672d47975751d..d6c5dbba9d7431740b1d2d880662fedba5fa2028 100644 GIT binary patch delta 155 zcmeBW>tT~HXkz9tXkuEwfSHMriHVb8^8T!QvmNKIohY$T+QPuZ(Adz_$k@;zN}Sio z(7@2Z9Lk-{$24Jc3ZpF}2Ta4{l}yqe?hFPlObUs6=K6M|wCyNdWg3~WEICePVb;RBTCWXXRueTQSGTzSY5Bge^Ywoo5@04wM8;_{!O`G=Fa#QRp07bYv Ai2wiq delta 156 zcmeBS>t&NLXkz9xXkuEwfSHMriHVcpdC{_Y!m{Eq6D1Z(n;BRb8X6fGm>XL}iSrs- z8kibbK)I9om?msaVYFrBfN7Y#l1bXrgTcU+Nx^y6wz~Gdp6g;Cc`pSBE?Ki}4g33- z2@fYMia%NQEJUi2Ns-}Ncg?O~Ay&3u{YQ^S9G*3QVN1`Jj%MGiE!$hGHrsr@4**}6 BIjjHx diff --git a/certs/client-ecc-cert.pem b/certs/client-ecc-cert.pem index 459871429..217035bdd 100644 --- a/certs/client-ecc-cert.pem +++ b/certs/client-ecc-cert.pem @@ -1,13 +1,12 @@ Certificate: Data: Version: 3 (0x2) - Serial Number: - e7:72:a6:9e:13:1d:17:5c + Serial Number: 10646345548447194541 (0x93bf6ade9b419dad) Signature Algorithm: ecdsa-with-SHA256 Issuer: C=US, ST=Oregon, L=Salem, O=Client ECC, OU=Fast, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Aug 11 20:07:38 2016 GMT - Not After : May 8 20:07:38 2019 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Oregon, L=Salem, O=Client ECC, OU=Fast, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: id-ecPublicKey @@ -26,21 +25,21 @@ Certificate: X509v3 Authority Key Identifier: keyid:EB:D4:4B:59:6B:95:61:3F:51:57:B6:04:4D:89:41:88:44:5C:AB:F2 DirName:/C=US/ST=Oregon/L=Salem/O=Client ECC/OU=Fast/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:E7:72:A6:9E:13:1D:17:5C + serial:93:BF:6A:DE:9B:41:9D:AD X509v3 Basic Constraints: CA:TRUE Signature Algorithm: ecdsa-with-SHA256 - 30:45:02:20:43:9a:b6:7e:87:8e:8c:d7:16:f1:0d:d2:50:11: - a4:ac:b6:ac:07:ef:e9:60:e1:90:a2:5f:c9:76:e6:54:1a:81: - 02:21:00:d6:8b:7c:ba:53:12:05:06:fa:8f:c5:c7:58:c3:9a: - 9f:a1:84:8c:b4:88:83:4d:6a:b4:b7:85:7a:b3:3c:f3:df + 30:44:02:20:61:bc:9d:4d:88:64:86:b8:71:aa:35:59:68:b8: + ee:2c:f3:23:b5:1a:b9:ba:41:50:a8:c6:c3:58:eb:58:bd:60: + 02:20:61:aa:eb:b5:73:0d:01:db:69:8f:52:f5:72:6d:37:42: + b5:fd:94:b6:6e:b1:c4:25:2e:96:96:f3:39:b2:5d:ea -----BEGIN CERTIFICATE----- -MIIDCTCCAq+gAwIBAgIJAOdypp4THRdcMAoGCCqGSM49BAMCMIGNMQswCQYDVQQG +MIIDCDCCAq+gAwIBAgIJAJO/at6bQZ2tMAoGCCqGSM49BAMCMIGNMQswCQYDVQQG EwJVUzEPMA0GA1UECAwGT3JlZ29uMQ4wDAYDVQQHDAVTYWxlbTETMBEGA1UECgwK Q2xpZW50IEVDQzENMAsGA1UECwwERmFzdDEYMBYGA1UEAwwPd3d3LndvbGZzc2wu -Y29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE2MDgxMTIw -MDczOFoXDTE5MDUwODIwMDczOFowgY0xCzAJBgNVBAYTAlVTMQ8wDQYDVQQIDAZP +Y29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE4MDQxMzE1 +MjMxMFoXDTIxMDEwNzE1MjMxMFowgY0xCzAJBgNVBAYTAlVTMQ8wDQYDVQQIDAZP cmVnb24xDjAMBgNVBAcMBVNhbGVtMRMwEQYDVQQKDApDbGllbnQgRUNDMQ0wCwYD VQQLDARGYXN0MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0B CQEWEGluZm9Ad29sZnNzbC5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARV @@ -50,7 +49,7 @@ RFyr8jCBwgYDVR0jBIG6MIG3gBTr1EtZa5VhP1FXtgRNiUGIRFyr8qGBk6SBkDCB jTELMAkGA1UEBhMCVVMxDzANBgNVBAgMBk9yZWdvbjEOMAwGA1UEBwwFU2FsZW0x EzARBgNVBAoMCkNsaWVudCBFQ0MxDTALBgNVBAsMBEZhc3QxGDAWBgNVBAMMD3d3 dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIJ -AOdypp4THRdcMAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIgQ5q2foeO -jNcW8Q3SUBGkrLasB+/pYOGQol/JduZUGoECIQDWi3y6UxIFBvqPxcdYw5qfoYSM -tIiDTWq0t4V6szzz3w== +AJO/at6bQZ2tMAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgYbydTYhk +hrhxqjVZaLjuLPMjtRq5ukFQqMbDWOtYvWACIGGq67VzDQHbaY9S9XJtN0K1/ZS2 +brHEJS6WlvM5sl3q -----END CERTIFICATE----- diff --git a/certs/client-key-3072.pem b/certs/client-key-3072.pem index 431a4a66c..1d0d05b8a 100644 --- a/certs/client-key-3072.pem +++ b/certs/client-key-3072.pem @@ -1,40 +1,40 @@ -----BEGIN PRIVATE KEY----- -MIIG/wIBADANBgkqhkiG9w0BAQEFAASCBukwggblAgEAAoIBgQDBALAaCrqIA8yS -1vcuDa2+YPSkU6Pc+bZIbCEzz3ygxTU3Gl9+ZTMHtJrRLrLtNaHIZ7PbOQWNqoF0 -AIUicvh9OUdTAFZxz4LX/KJ9oG4QopbbzI7kLZ2dW0pDXss9SHKv9GraNC/tmcEb -+0xWiqBmjPtdENVbD5YE2cWxVfWIdtvT2qHc6e7RZ92/VFAH7y95+05ZKr+SDYBv -e+x5ZZrDCMBPxmszv51Nr/mDryVCTJPxn9YzfdSFKndEHR/K0yKraVA12Ec+95yo -4/mEYJ42EAJcnB8zHOa70F8oYydMtRxxs/R6M6pFcKlUiHAHDkVPsX8q/b8x2peW -yFVJ8sO25gh4ykCLLl2OTmxla1f0He5Btu0kDTjyQL19WWvF1mfiEpsQBf7rQB3F -c3Ws6ZwHY3LkxQT+yRcTvwQCDkTpnVlufmM45tsxIShegiA2rSb+um2vVy4yqqYs -VLQlUBGsJYuEG3tdrt/hxDI6tGBsFu+cLKhn0FP1yJeanoEl5scCAwEAAQKCAYA4 -2WMFyLM47SWM+xTD0/OhaB2naZuSs1sl6fO9txgWowARwwrtyBFH68LOatr5VBrb -VPB9WkZwfBC1gpG0m/jlqcGAiVDtJRp9VETojCDfdYTKKW7Nd0I93234eiuTWYuu -mGgA7e5QJkHjZBoQQ7ULf+tqdlLiB61AsISyv4cbMyd9N6EF2UInHFkMymDodWOe -oo9pZFYZRzDVpcL53xu+5wz+couRKpfDElqEl0p6ROQu/82wTRgUQXXv8kQzEg1Z -Ccm9D66IPLHviG19utUSNll2Fq3i7V88It+NFzBp4yzNvoXOiUFWwDoqHUve2ifV -UDKITEE8Zh3Cm/UGdbNk+lkMOu5tmE0l1tOe2F+9RAjB1SnN8qxMqgMnmftEKYja -3Do9feU0H2ZmKfK6dfECB7NsuVg9mI66Dew0rjQJ0oRG1+qqvPgHROcVnMBMmeU1 -bsF2yV2RWCc/4RFuAEi0VM2SgYOst5Voa+Os15rFxZ3APC+FqDmzYyyKVfXpgMEC -gcEA7NuwxVGiseKGVZXG1/JJm86hCNkyAFMx1soGQDXyCZfTKFTwuJr+rImkOLnj -J8i5cGa8v8E8obH/bMeM6hI8qsJ5jr1yHluZBGOy+VNmeV1pCLpCeXF/enn9gTq4 -m+X6SCxCn/SQdnr1Z5HT9yTcsWSzKk+T7uVKCZomfmBJyK3hhYsUsCaE0eQjgGfm -yY/HKFVni/wmYLxnDwrMNtIK6aBA3cRrUr8MG8DZDVdourXMUo+G61kEaAV2Wu2R -QrEzAoHBANCZrjOcPOZ5ojRmvqIiwX39U5Ucu9gkYvi63fJgzUcZKoH67D4pK1T7 -lvQ93hVnno0tKW16+lUS7EkQs4xmSPK07jQn0xYOkTcBnu4b/lkSIaFouecFd+ls -XKlMz9VR91s89Hnuz0qXL7gpO2D9/bfonAXTsQyyTgNK3opwA4J0AKT+9PUTehGe -pT7OtupGMh7osuNzX7v/9L5VBz24ZOiI35yypOnK/DHJDKzXnXGBxHhEwmdAQe0T -BKMQ8nDcHQKBwQDCdCpQFJFpUPvQT8KLj1J3I9B5Hzc5pROJrxoqpR8sWQT2W6W1 -KSpkJCw6lgGzq8rySKY1F0Pby/JTMBC0Kny8BCUf1tBVtAWP4PoSTzIV+WY90Ay6 -/z8VIgnJipf9BXXQwuV/xJzFaHUIrmRCxnSY/n9JAUQGISADehaYMhzhMD+yD1jQ -tQ7d8lpjFOoYGH380wDLoBsx1/sUEl1NtGtZGkOmzZb+u/II5u5LUbOddZtlPIgb -t10yuSlNxTQ4eJkCgcEAgxbg23wm5Wuw3J9o03lmAWgOe5mIDqenLso4KlZdCn4t -MWvfxJyYp5pH3gt3IhpxECU+cJek84ulw7DkNKoe06+SNmKEi8rxxRCWsOoUqCL1 -0Xp/wUe1eJJplNc5kMQm30ZqGKpTyHtEOMZok2ZqaIWcbyj+jY0L65PEUFleSz/d -G9NBWzY3MxVwoQzE9GrSmov/x2I82mdahbXnjAjyGRPS+qVlb6rpW9wNxBzny2oS -bsY/KSW/iF24P0WqJfSdAoHBAMrAqYYkbFVboqKXci8ngzrBIPTweUaQetseywd3 -EsBoCuIub/zOHrXPyEHpQpsWBoyCs7/wFy+e2E8qWJ9GBqVaUdpO1PQbgDBTg3C4 -lx91pXJ9wHFFMX7evHYLFLLce6ofhrRDch97aFvdDP0dB7fh32FRUyJzPQwVXOcL -OEyaN2q+5mTLVIohiiryb6SmsD2qbAzym32/826Fku2zwX8j2xdCP/AkdnIPz/L0 -H3pgMZYSzYmd0dbSva225DqVew== +MIIG/AIBADANBgkqhkiG9w0BAQEFAASCBuYwggbiAgEAAoIBgQCvSO2SJbvjKuoF +aESNwJR/BtASPv9WXX3JdalDagtza/8gotin+rUoBHJ+6BamqQNh5+yFZzhvFYyB +kcqS1V9BEXHogXYgtqFgNYQznealXXXIj98DnX7DfIkIvpWPOZw3Bo9TawziY93a +STXkUovBaQASxeJ0ub4QoyOWr/o0VOMx26zsWC6YnhEe35+hzEQdPrC0N3mMw/kZ +nP8IebpLCxx7p9bSULbWuq+VUJcQnvluSdGdaPWVKwkno2h2LMGoqsqYy8k3dwz8 +fDpdgVZeZe7w4B8ctsb33RkYa6VbqHF/3jXJGSaxkNZt0LSCzV8aDGa13pTTvQn/ ++5bwtTL+DsEGCXkHDszZ9vTW9nuju4I3s1QCZk+5iiD0UzUjrchAweBQmFEgUq7v +oxocKxiMw4gukaTB3Xsgt5tqalcKWfbNt+pC1UUhZzcPV7C/9b0BMCytCD93ECy0 +VynAirO2QerHs5YZmkwx9rzOHkjdzoilhrHQ3aPUffjX3NIn0EUCAwEAAQKCAYBz +146qd6WkjEf9KtujkxKQoMACTwAQ49itu8UReJP4w/boarckzNvMhqPkmx3dJvXF +TrFRuNXjFCq3ttJaGAnLxuuw7V5UYF5mZvfn5QL5ZrrgwbRxfzS3nSYzUUEmVryW +4Q734lexhq6oBJpJOwSB3hLeVUlEOz0RYb+zZrnEvBUqbjPqPp0M3+oQrVmiZIzf +hv7hG4iJLzsBYnBp+YjU75LzZgjjFdTANMC1vX0Yzvepm7+ceDFVVAvI1oXDE/AQ +ABIzyDGk4qmypwLJ7jqAQcZVpIltJRVYBqq7UE7ZlsJ3Z08Vy0XkTyYliogWlPYW +c612Jcabp8z6P1KTcWGo2EfKmj8kRqs9Z3y1AFr3Zsd3KwscjgoKl/C8JnKlPYQo +tsnRhJneqXz61fa11kgRo7KWrS3gzEc9R5FpeYR8zU80ycXNC3LT/r9kIbpEHe6u +ju5S7sINTMd6GMz5uXOzoSiojZeHLgYatvMpoEMpSTJrYZEd8iHg+lbQr8rafgEC +gcEA46EqlOF9sTa3JP25P51+Dpd4LAwR81b2LKLNEYYH8uRnlkM126DqA6/WFy7O +xwIV3xr2irYZXEF/pZDGegxxcNTVmtHTjtXuxKiXBGzxyIgDsAHa8ZNLmA37W1cn +t2TaPqeh89eh8FZDHjKsRN6OWBreNk9iSouZOEkK/7KwDObgYI1vdOMKgKvjdIri +XTSmltfmRmfbcp6z56ViboSLkh29mRzijokLGo9xM69uTzDKMh8UFoyzUfv6gTfw +rRUtAoHBAMUhofp9yqStYepPL/hvNuPsr/CMwFxzYHZT6LeVE3fdH3w5pjK6XeAp +AGe+2YcKqtpso6alnfnnTH4XhGnGO0wCTxQDGkWX0Xs8bt2eiHyG0Rn6Ry6/r1hr +DrAEYbXDuFm0MCC11glJhWvCaWvKhNzsWc7WtQB6+QVgk1ek8Ich4DnC9TtbG4SK +agAsDBrtbJbOgWa9BA1vLIkriuAfzOYTLQevAViIzmvfIKpM7BcyPmBfaMWM/gPO +jIGKJNjGeQKBwGVWQpa1LDfQnAgjzGy9uHjWhfFWDke+1ylX8ON0P+WqOVNz6G42 +XPf3N+BqPjPqgcIpRsjJ+NBReHpE0ZdUIsyQc+fQsdZM91clltWpipozszCQIuCZ +KnYvA0/OpSfIBkEOb9MWlElinc670GV4jvY6P+L9xExbiYK9QeBDtIyJ3CofzRbE +XNCbtU8U5WGJJwDQbPu7EL8eWAkwX3nEGD6cbuPTMCk0aXURltvjpcArgFh/7Xl8 +efhtrUAJn2PuoQKBwAvHcrJRCebFJXCmwqsJmjIMVob9IhFkI4NuiB1QHxWudM8r +cq7dS/a0/H02fjD/hi3/B9hRVRs1ovB130eivLBSAv+jH9LAu5etiMJdUrJ+K8ht +mAtHEOcrnnkOCfiedUmG5slNlDiB2CMUPtBeDYpV5Rfi5HXe4zpbBvLZvDWW5JsO +9zBQxVgqHSNdfmutfCuWs0y8Rp224uZfX7D8tXWZ97rZzi7IHe18K6uBZSoNqoR/ +rvb+8b6wfNzQsFrzoQKBwF69oVncsP7Nv8awy6D/MppuhwCi24vFTa7h4BfCQxS5 +vlWYdjsQZNyRH2mpEWiHMQuTXXFX2c5JYJx4cKe0MkqtTESfC4APkjShTCxxGrA3 +TfyWsZ0dO6XdWKIJuRBD9dcrOTt/PYYBdJveFEja4ts6taOH78whvX7bVA5SmpSY +l2i77spfstkfUGgtEJipZbUs0ZSHSRVbSpgxOIFwIhRe+wSfN8t8e+g8PvhX1kM9 +YHkIqaBL1AXGLFCRYm4FIA== -----END PRIVATE KEY----- diff --git a/certs/crl/caEcc384Crl.pem b/certs/crl/caEcc384Crl.pem old mode 100755 new mode 100644 index 705551493..89a6da907 --- a/certs/crl/caEcc384Crl.pem +++ b/certs/crl/caEcc384Crl.pem @@ -2,29 +2,28 @@ Certificate Revocation List (CRL): Version 2 (0x1) Signature Algorithm: ecdsa-with-SHA256 Issuer: /C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Development/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - Last Update: Oct 20 18:19:08 2017 GMT - Next Update: Jul 16 18:19:08 2020 GMT + Last Update: Apr 13 15:23:11 2018 GMT + Next Update: Jan 7 15:23:11 2021 GMT CRL extensions: - X509v3 Authority Key Identifier: - keyid:AB:E0:C3:26:4C:18:D4:72:BB:D2:84:8C:9C:0A:05:92:80:12:53:52 - X509v3 CRL Number: - 8193 -No Revoked Certificates. + 4 +Revoked Certificates: + Serial Number: 02 + Revocation Date: Apr 13 15:23:11 2018 GMT Signature Algorithm: ecdsa-with-SHA256 - 30:65:02:31:00:ad:70:4b:08:03:b6:ab:d4:9e:8d:dd:2a:05: - ec:07:6b:86:61:08:69:08:1e:01:02:42:22:5f:a9:6d:4f:de: - 20:6b:aa:a0:8f:e4:0a:8e:40:7c:cf:84:fb:10:50:01:90:02: - 30:50:35:d3:6c:44:bd:ad:56:9d:3e:47:09:ac:b8:0d:db:5c: - 54:f2:1c:25:fb:d2:cb:63:2b:9e:17:a3:1e:0b:ba:15:a8:65: - 7e:5b:94:c0:11:f4:e2:c9:f1:25:ba:08:26 + 30:64:02:30:10:47:d3:ee:02:8f:67:b4:f5:8a:c6:36:67:dd: + c2:ea:f4:69:1f:e2:a1:24:80:6c:d7:77:93:af:80:ed:b2:d1: + 89:cc:c4:39:a7:69:85:7a:4f:13:7c:83:c6:62:f4:ae:02:30: + 68:2e:c7:67:a0:65:7e:bc:1d:01:f0:af:96:0f:7f:de:b1:4b: + a8:3d:10:8f:39:bc:82:9a:55:a8:45:d0:16:d4:08:f2:c9:d6: + dc:11:f1:0c:50:5a:72:6a:00:62:06:97 -----BEGIN X509 CRL----- -MIIBcjCB+QIBATAKBggqhkjOPQQDAjCBlzELMAkGA1UEBhMCVVMxEzARBgNVBAgM +MIIBZTCB7QIBATAKBggqhkjOPQQDAjCBlzELMAkGA1UEBhMCVVMxEzARBgNVBAgM Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZTU0wx FDASBgNVBAsMC0RldmVsb3BtZW50MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20x -HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTE3MTAyMDE4MTkwOFoX -DTIwMDcxNjE4MTkwOFqgMDAuMB8GA1UdIwQYMBaAFKvgwyZMGNRyu9KEjJwKBZKA -ElNSMAsGA1UdFAQEAgIgATAKBggqhkjOPQQDAgNoADBlAjEArXBLCAO2q9Sejd0q -BewHa4ZhCGkIHgECQiJfqW1P3iBrqqCP5AqOQHzPhPsQUAGQAjBQNdNsRL2tVp0+ -RwmsuA3bXFTyHCX70stjK54Xox4LuhWoZX5blMAR9OLJ8SW6CCY= +HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTE4MDQxMzE1MjMxMVoX +DTIxMDEwNzE1MjMxMVowFDASAgECFw0xODA0MTMxNTIzMTFaoA4wDDAKBgNVHRQE +AwIBBDAKBggqhkjOPQQDAgNnADBkAjAQR9PuAo9ntPWKxjZn3cLq9Gkf4qEkgGzX +d5OvgO2y0YnMxDmnaYV6TxN8g8Zi9K4CMGgux2egZX68HQHwr5YPf96xS6g9EI85 +vIKaVahF0BbUCPLJ1twR8QxQWnJqAGIGlw== -----END X509 CRL----- diff --git a/certs/crl/caEccCrl.pem b/certs/crl/caEccCrl.pem old mode 100755 new mode 100644 index 5d8341bac..4aefaf9d0 --- a/certs/crl/caEccCrl.pem +++ b/certs/crl/caEccCrl.pem @@ -2,27 +2,25 @@ Certificate Revocation List (CRL): Version 2 (0x1) Signature Algorithm: ecdsa-with-SHA256 Issuer: /C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Development/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - Last Update: Oct 20 18:19:08 2017 GMT - Next Update: Jul 16 18:19:08 2020 GMT + Last Update: Apr 13 15:23:11 2018 GMT + Next Update: Jan 7 15:23:11 2021 GMT CRL extensions: - X509v3 Authority Key Identifier: - keyid:56:8E:9A:C3:F0:42:DE:18:B9:45:55:6E:F9:93:CF:EA:C3:F3:A5:21 - X509v3 CRL Number: - 8192 -No Revoked Certificates. + 3 +Revoked Certificates: + Serial Number: 02 + Revocation Date: Apr 13 15:23:11 2018 GMT Signature Algorithm: ecdsa-with-SHA256 - 30:45:02:20:51:84:45:49:4b:69:3a:e0:84:d2:9c:e4:62:c9: - 4c:30:83:ba:3e:5a:f6:ea:2c:54:50:17:26:4d:fc:82:5f:d2: - 02:21:00:e5:6b:a6:1c:e3:83:07:cd:59:04:66:00:a0:76:77: - 11:d8:82:76:fd:a9:2d:cc:3a:db:3a:0f:b5:1a:a6:f3:a8 + 30:45:02:21:00:90:9f:1f:35:29:5a:07:13:62:12:93:6f:8a: + e4:3a:73:fe:ca:20:36:17:7a:26:b4:88:c8:0a:6d:a2:b4:02: + 4b:02:20:53:77:d5:8f:fc:ac:d7:1e:e5:71:46:9b:19:65:d0: + 75:4d:3c:88:c9:e1:d1:c5:3f:a5:99:08:b9:f6:37:34:33 -----BEGIN X509 CRL----- -MIIBUjCB+QIBATAKBggqhkjOPQQDAjCBlzELMAkGA1UEBhMCVVMxEzARBgNVBAgM +MIIBRjCB7QIBATAKBggqhkjOPQQDAjCBlzELMAkGA1UEBhMCVVMxEzARBgNVBAgM Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZTU0wx FDASBgNVBAsMC0RldmVsb3BtZW50MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20x -HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTE3MTAyMDE4MTkwOFoX -DTIwMDcxNjE4MTkwOFqgMDAuMB8GA1UdIwQYMBaAFFaOmsPwQt4YuUVVbvmTz+rD -86UhMAsGA1UdFAQEAgIgADAKBggqhkjOPQQDAgNIADBFAiBRhEVJS2k64ITSnORi -yUwwg7o+WvbqLFRQFyZN/IJf0gIhAOVrphzjgwfNWQRmAKB2dxHYgnb9qS3MOts6 -D7UapvOo +HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTE4MDQxMzE1MjMxMVoX +DTIxMDEwNzE1MjMxMVowFDASAgECFw0xODA0MTMxNTIzMTFaoA4wDDAKBgNVHRQE +AwIBAzAKBggqhkjOPQQDAgNIADBFAiEAkJ8fNSlaBxNiEpNviuQ6c/7KIDYXeia0 +iMgKbaK0AksCIFN31Y/8rNce5XFGmxll0HVNPIjJ4dHFP6WZCLn2NzQz -----END X509 CRL----- diff --git a/certs/crl/cliCrl.pem b/certs/crl/cliCrl.pem index 99f639640..b0fce0a2a 100644 --- a/certs/crl/cliCrl.pem +++ b/certs/crl/cliCrl.pem @@ -2,38 +2,41 @@ Certificate Revocation List (CRL): Version 2 (0x1) Signature Algorithm: sha256WithRSAEncryption Issuer: /C=US/ST=Montana/L=Bozeman/O=wolfSSL_2048/OU=Programming-2048/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - Last Update: Aug 11 20:07:38 2016 GMT - Next Update: May 8 20:07:38 2019 GMT + Last Update: Apr 13 15:23:11 2018 GMT + Next Update: Jan 7 15:23:11 2021 GMT CRL extensions: X509v3 CRL Number: - 3 -No Revoked Certificates. + 5 +Revoked Certificates: + Serial Number: 02 + Revocation Date: Apr 13 15:23:11 2018 GMT Signature Algorithm: sha256WithRSAEncryption - 14:85:d5:c8:db:62:74:48:94:5e:dc:52:0f:5e:43:8b:29:83: - 32:e0:7a:4c:5c:76:e3:7e:c1:87:74:40:b2:6f:f8:33:4c:2c: - 32:08:f0:5f:d9:85:b3:20:05:34:5d:15:4d:ba:45:bc:2d:9c: - ae:40:d0:d8:9a:b3:a1:4f:0b:94:ce:c4:23:c6:bf:a2:f8:a6: - 02:4c:6d:ad:5a:59:b3:83:55:dd:37:91:f6:75:d4:6f:83:5f: - 1c:29:94:cd:01:09:dc:38:d8:6c:c0:9f:1e:76:9d:f9:8f:70: - 0d:48:e5:99:82:90:3a:36:f1:33:17:69:73:8a:ee:a7:22:4c: - 58:93:a1:dc:59:b9:44:8f:88:99:0b:c4:d3:74:aa:02:9a:84: - 36:48:d8:a0:05:73:bc:14:32:1e:76:23:85:c5:94:56:b2:2c: - 61:3b:07:d7:bd:0c:27:f7:d7:23:40:bd:0c:6c:c7:e0:f7:28: - 74:67:98:20:93:72:16:b6:6e:67:3f:9e:c9:34:c5:64:09:bf: - b1:ab:87:0c:80:b6:1f:89:d8:0e:67:c2:c7:19:df:ee:9f:b2: - e6:fb:64:3d:82:7a:47:e2:8d:a3:93:1d:29:f6:94:db:83:2f: - b6:0a:a0:da:77:e3:56:ec:d7:d2:22:3c:88:4d:4a:87:de:b5: - 1c:eb:7b:08 + 2b:9e:c4:ff:03:1d:6c:76:08:5d:72:17:85:f6:26:0c:9a:b9: + 89:88:00:99:1e:2a:98:b0:0e:41:11:c0:c5:ed:c1:29:75:db: + f2:41:4b:83:a6:17:95:cf:de:d5:03:85:f0:a9:be:25:68:a6: + 43:a3:35:79:e9:49:e4:27:d0:57:fb:cf:2e:01:67:9e:68:ba: + ae:40:2c:87:ba:6f:3f:3c:5f:25:fa:71:f5:5d:79:71:44:8d: + 34:8f:56:de:dc:74:76:cd:67:14:8a:ab:0f:8d:8c:37:aa:4b: + e6:bb:5f:c6:a1:23:46:f5:73:ab:42:c4:10:6f:66:57:4d:db: + 7a:0d:0d:4a:a1:bd:f6:8a:bf:9d:82:00:99:8f:51:87:b3:42: + c3:3b:44:e2:e5:2c:a3:84:65:b7:5e:17:2d:7e:d2:81:6d:41: + d6:36:62:24:f1:e0:a8:12:eb:2d:84:36:bd:c7:36:8a:10:e8: + dd:09:de:b6:0f:3a:8a:d7:74:37:71:69:52:fb:b6:74:39:43: + 53:0e:18:c6:7c:09:5b:26:bb:59:f6:c1:db:dc:a2:1c:ee:64: + 36:dd:7a:49:f3:f5:53:7b:a0:f0:e7:91:af:03:cd:89:20:f4: + 1c:76:9b:3a:f0:15:4c:88:ab:86:82:c3:d2:90:5b:9f:f2:a6: + 4d:18:06:55 -----BEGIN X509 CRL----- -MIIB+DCB4QIBATANBgkqhkiG9w0BAQsFADCBnjELMAkGA1UEBhMCVVMxEDAOBgNV +MIICDjCB9wIBATANBgkqhkiG9w0BAQsFADCBnjELMAkGA1UEBhMCVVMxEDAOBgNV BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFTATBgNVBAoMDHdvbGZTU0xf MjA0ODEZMBcGA1UECwwQUHJvZ3JhbW1pbmctMjA0ODEYMBYGA1UEAwwPd3d3Lndv -bGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0xNjA4 -MTEyMDA3MzhaFw0xOTA1MDgyMDA3MzhaoA4wDDAKBgNVHRQEAwIBAzANBgkqhkiG -9w0BAQsFAAOCAQEAFIXVyNtidEiUXtxSD15DiymDMuB6TFx2437Bh3RAsm/4M0ws -MgjwX9mFsyAFNF0VTbpFvC2crkDQ2JqzoU8LlM7EI8a/ovimAkxtrVpZs4NV3TeR -9nXUb4NfHCmUzQEJ3DjYbMCfHnad+Y9wDUjlmYKQOjbxMxdpc4rupyJMWJOh3Fm5 -RI+ImQvE03SqApqENkjYoAVzvBQyHnYjhcWUVrIsYTsH170MJ/fXI0C9DGzH4Pco -dGeYIJNyFrZuZz+eyTTFZAm/sauHDIC2H4nYDmfCxxnf7p+y5vtkPYJ6R+KNo5Md -KfaU24Mvtgqg2nfjVuzX0iI8iE1Kh961HOt7CA== +bGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0xODA0 +MTMxNTIzMTFaFw0yMTAxMDcxNTIzMTFaMBQwEgIBAhcNMTgwNDEzMTUyMzExWqAO +MAwwCgYDVR0UBAMCAQUwDQYJKoZIhvcNAQELBQADggEBACuexP8DHWx2CF1yF4X2 +JgyauYmIAJkeKpiwDkERwMXtwSl12/JBS4OmF5XP3tUDhfCpviVopkOjNXnpSeQn +0Ff7zy4BZ55ouq5ALIe6bz88XyX6cfVdeXFEjTSPVt7cdHbNZxSKqw+NjDeqS+a7 +X8ahI0b1c6tCxBBvZldN23oNDUqhvfaKv52CAJmPUYezQsM7ROLlLKOEZbdeFy1+ +0oFtQdY2YiTx4KgS6y2ENr3HNooQ6N0J3rYPOorXdDdxaVL7tnQ5Q1MOGMZ8CVsm +u1n2wdvcohzuZDbdeknz9VN7oPDnka8DzYkg9Bx2mzrwFUyIq4aCw9KQW5/ypk0Y +BlU= -----END X509 CRL----- diff --git a/certs/crl/crl.pem b/certs/crl/crl.pem index f9e8562b5..a566ff103 100644 --- a/certs/crl/crl.pem +++ b/certs/crl/crl.pem @@ -2,40 +2,40 @@ Certificate Revocation List (CRL): Version 2 (0x1) Signature Algorithm: sha256WithRSAEncryption Issuer: /C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - Last Update: Aug 11 20:07:38 2016 GMT - Next Update: May 8 20:07:38 2019 GMT + Last Update: Apr 13 15:23:11 2018 GMT + Next Update: Jan 7 15:23:11 2021 GMT CRL extensions: X509v3 CRL Number: 1 Revoked Certificates: Serial Number: 02 - Revocation Date: Aug 11 20:07:38 2016 GMT + Revocation Date: Apr 13 15:23:11 2018 GMT Signature Algorithm: sha256WithRSAEncryption - 35:c6:7f:57:9a:e5:86:5a:15:1a:e2:e5:2b:9f:54:79:2a:58: - 51:a2:12:0c:4e:53:58:eb:99:e3:c2:ee:2b:d7:23:e4:3c:4d: - 0a:ab:ae:71:9b:ce:b1:c1:75:a1:b6:e5:32:5f:10:b0:72:28: - 2e:74:b1:99:dd:47:53:20:f6:9a:83:5c:bd:20:b0:aa:df:32: - f6:95:54:98:9e:59:96:55:7b:0a:74:be:94:66:44:b7:32:82: - f0:eb:16:f8:30:86:16:9f:73:43:98:82:b5:5e:ad:58:c0:c8: - 79:da:ad:b1:b4:d7:fb:34:c1:cc:3a:67:af:a4:56:5a:70:5c: - 2d:1f:73:16:78:92:01:06:e3:2c:fb:f1:ba:d5:8f:f9:be:dd: - e1:4a:ce:de:ca:e6:2d:96:09:24:06:40:9e:10:15:2e:f2:cd: - 85:d6:84:88:db:9c:4a:7b:75:7a:06:0e:40:02:20:60:7e:91: - f7:92:53:1e:34:7a:ea:ee:df:e7:cd:a8:9e:a6:61:b4:56:50: - 4d:dc:b1:78:0d:86:cf:45:c3:a6:0a:b9:88:2c:56:a7:b1:d3: - d3:0d:44:aa:93:a4:05:4d:ce:9f:01:b0:c6:1e:e4:ea:6b:92: - 6f:93:dd:98:cf:fb:1d:06:72:ac:d4:99:e7:f2:b4:11:57:bd: - 9d:63:e5:dc + 23:8e:10:e0:29:d3:dc:ab:f4:82:ad:d9:66:a4:96:ff:5b:c0: + 5f:f2:44:cf:6e:cc:df:b4:52:2f:06:8a:d3:80:a3:0e:63:3c: + 49:da:76:51:4a:70:c8:05:d9:e8:14:7b:87:df:62:39:46:e1: + d4:a1:45:2b:33:37:c7:94:e9:92:2c:ca:b0:d5:34:1c:ea:b4: + d8:a2:10:5b:36:ff:04:b2:a9:f4:9b:94:18:c0:a2:03:2f:1a: + d3:f5:d3:c4:fd:b6:6b:b2:c6:f6:3c:e5:45:a2:d6:97:2c:b9: + 63:ad:0a:cd:01:33:a0:ff:0c:ac:86:b5:22:b8:a7:aa:8b:9d: + c0:ea:79:01:12:6b:b1:be:13:fe:85:d0:40:24:75:7e:8d:4e: + 30:5d:62:4f:9b:5b:01:5e:4a:b2:50:c8:c1:39:50:b7:3f:8d: + 9c:d0:30:6f:0c:e6:66:69:f6:f9:51:6d:c9:6c:b1:df:6e:d5: + 73:53:61:4c:99:2a:58:88:db:5c:b6:60:ed:18:2a:81:be:83: + 09:c4:f5:0c:0c:a2:44:c7:ab:c8:ff:68:c5:48:24:c9:a4:fa: + bf:b4:f5:42:12:fd:b6:6e:db:8b:8d:e7:86:a5:4c:02:8f:fe: + 01:c7:0f:bd:fb:48:ce:c6:29:a6:ed:48:51:d3:3f:c8:ce:ca: + 4b:e7:b4:f6 -----BEGIN X509 CRL----- MIICBDCB7QIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMxEDAOBgNV BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3Ro MRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20x -HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTE2MDgxMTIwMDczOFoX -DTE5MDUwODIwMDczOFowFDASAgECFw0xNjA4MTEyMDA3MzhaoA4wDDAKBgNVHRQE -AwIBATANBgkqhkiG9w0BAQsFAAOCAQEANcZ/V5rlhloVGuLlK59UeSpYUaISDE5T -WOuZ48LuK9cj5DxNCquucZvOscF1obblMl8QsHIoLnSxmd1HUyD2moNcvSCwqt8y -9pVUmJ5ZllV7CnS+lGZEtzKC8OsW+DCGFp9zQ5iCtV6tWMDIedqtsbTX+zTBzDpn -r6RWWnBcLR9zFniSAQbjLPvxutWP+b7d4UrO3srmLZYJJAZAnhAVLvLNhdaEiNuc -Snt1egYOQAIgYH6R95JTHjR66u7f582onqZhtFZQTdyxeA2Gz0XDpgq5iCxWp7HT -0w1EqpOkBU3OnwGwxh7k6muSb5PdmM/7HQZyrNSZ5/K0EVe9nWPl3A== +HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTE4MDQxMzE1MjMxMVoX +DTIxMDEwNzE1MjMxMVowFDASAgECFw0xODA0MTMxNTIzMTFaoA4wDDAKBgNVHRQE +AwIBATANBgkqhkiG9w0BAQsFAAOCAQEAI44Q4CnT3Kv0gq3ZZqSW/1vAX/JEz27M +37RSLwaK04CjDmM8Sdp2UUpwyAXZ6BR7h99iOUbh1KFFKzM3x5TpkizKsNU0HOq0 +2KIQWzb/BLKp9JuUGMCiAy8a0/XTxP22a7LG9jzlRaLWlyy5Y60KzQEzoP8MrIa1 +IrinqoudwOp5ARJrsb4T/oXQQCR1fo1OMF1iT5tbAV5KslDIwTlQtz+NnNAwbwzm +Zmn2+VFtyWyx327Vc1NhTJkqWIjbXLZg7Rgqgb6DCcT1DAyiRMeryP9oxUgkyaT6 +v7T1QhL9tm7bi43nhqVMAo/+AccPvftIzsYppu1IUdM/yM7KS+e09g== -----END X509 CRL----- diff --git a/certs/crl/crl.revoked b/certs/crl/crl.revoked index 7cbbce547..9fa2b6b0f 100644 --- a/certs/crl/crl.revoked +++ b/certs/crl/crl.revoked @@ -2,43 +2,43 @@ Certificate Revocation List (CRL): Version 2 (0x1) Signature Algorithm: sha256WithRSAEncryption Issuer: /C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - Last Update: Aug 11 20:07:38 2016 GMT - Next Update: May 8 20:07:38 2019 GMT + Last Update: Apr 13 15:23:11 2018 GMT + Next Update: Jan 7 15:23:11 2021 GMT CRL extensions: X509v3 CRL Number: 2 Revoked Certificates: Serial Number: 01 - Revocation Date: Aug 11 20:07:38 2016 GMT + Revocation Date: Apr 13 15:23:11 2018 GMT Serial Number: 02 - Revocation Date: Aug 11 20:07:38 2016 GMT + Revocation Date: Apr 13 15:23:11 2018 GMT Signature Algorithm: sha256WithRSAEncryption - 91:67:3d:34:8f:85:87:cd:11:0f:e2:af:cd:77:3f:d8:f2:15: - cb:c3:0d:49:02:87:13:f5:82:9e:a9:6f:ed:6a:aa:28:b7:6c: - 61:7b:ac:90:d0:e5:a1:3d:80:2c:31:6f:4e:0b:e9:9a:44:db: - 6b:24:71:34:9f:d1:51:53:8a:bd:bd:1c:20:e0:96:73:7b:29: - 1c:e3:56:97:46:a2:5e:db:ae:fe:1f:4a:c1:5c:5b:30:74:a4: - 70:dc:7e:70:7f:42:9f:48:d3:99:16:ff:34:f9:a7:db:ad:3d: - bc:a6:9d:ee:6a:ed:e7:e0:2f:ef:24:ab:4c:9b:44:d8:fc:1c: - 48:9f:f4:3c:14:f3:6c:a2:0f:a7:93:00:32:29:96:7e:98:5d: - c9:85:fa:94:4c:e2:03:7e:fb:bf:f0:0e:93:52:3b:8a:e1:43: - fe:3f:f2:57:02:21:e8:ff:43:da:3e:f0:3d:1a:eb:96:7a:0a: - d8:27:56:e2:30:2a:3c:a3:93:ff:1e:3f:98:6b:4e:ea:78:90: - 8b:d7:24:0a:98:b8:c1:e8:f5:02:d2:18:07:17:c3:6c:b5:db: - a7:61:c5:5d:8e:36:80:f5:aa:c1:a7:5b:66:4a:dd:17:62:da: - 80:70:83:4d:69:fa:c4:f4:2d:27:90:8d:7f:28:34:19:e0:a3: - 8a:6b:73:55 + 35:8c:0d:51:3a:59:d5:2a:f3:da:b6:bc:1e:f6:3f:b3:6b:2d: + d2:c0:e3:6a:1d:7f:c5:33:39:2a:be:1b:14:58:55:bd:3d:42: + 2a:62:7a:46:96:b6:0b:cc:b7:3d:5b:22:2d:fc:25:95:4b:9a: + de:0d:df:fc:c1:95:72:dd:90:a0:86:ec:3b:6a:7a:30:96:4a: + 7d:e9:56:e3:0b:b2:7c:fd:01:c1:79:41:5d:53:3a:e2:a2:b5: + 29:7b:a2:d2:8e:10:c3:4c:3c:18:54:68:7e:25:1b:c2:2d:7e: + 7c:01:51:6b:57:cb:31:57:80:84:51:1c:da:45:43:4b:65:6c: + 26:e7:a1:b7:49:16:8c:e2:47:9f:3b:64:bd:b9:94:4a:ae:19: + 8b:1d:a8:a8:08:01:3b:c9:14:91:55:71:d6:68:87:0a:dd:bb: + 81:d6:0f:96:bc:91:64:98:28:a1:45:7c:50:d8:78:dd:7f:b7: + 81:6b:db:d6:cc:28:c5:d4:77:78:b9:d0:51:08:98:61:ff:fb: + fe:aa:0a:ac:1e:4e:27:7b:c7:aa:0f:86:bd:1e:34:21:ba:e0: + 4b:ce:bc:65:1b:ec:e7:d0:4e:0f:cd:c1:ac:13:da:51:08:e3: + 11:d8:87:15:5d:f1:5f:f1:8b:7f:5d:5b:bd:24:5c:a8:13:24: + 6f:19:6d:8a -----BEGIN X509 CRL----- MIICGTCCAQECAQEwDQYJKoZIhvcNAQELBQAwgZQxCzAJBgNVBAYTAlVTMRAwDgYD VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290 aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t -MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0xNjA4MTEyMDA3Mzha -Fw0xOTA1MDgyMDA3MzhaMCgwEgIBARcNMTYwODExMjAwNzM4WjASAgECFw0xNjA4 -MTEyMDA3MzhaoA4wDDAKBgNVHRQEAwIBAjANBgkqhkiG9w0BAQsFAAOCAQEAkWc9 -NI+Fh80RD+KvzXc/2PIVy8MNSQKHE/WCnqlv7WqqKLdsYXuskNDloT2ALDFvTgvp -mkTbayRxNJ/RUVOKvb0cIOCWc3spHONWl0aiXtuu/h9KwVxbMHSkcNx+cH9Cn0jT -mRb/NPmn2609vKad7mrt5+Av7ySrTJtE2PwcSJ/0PBTzbKIPp5MAMimWfphdyYX6 -lEziA377v/AOk1I7iuFD/j/yVwIh6P9D2j7wPRrrlnoK2CdW4jAqPKOT/x4/mGtO -6niQi9ckCpi4wej1AtIYBxfDbLXbp2HFXY42gPWqwadbZkrdF2LagHCDTWn6xPQt -J5CNfyg0GeCjimtzVQ== +MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0xODA0MTMxNTIzMTFa +Fw0yMTAxMDcxNTIzMTFaMCgwEgIBARcNMTgwNDEzMTUyMzExWjASAgECFw0xODA0 +MTMxNTIzMTFaoA4wDDAKBgNVHRQEAwIBAjANBgkqhkiG9w0BAQsFAAOCAQEANYwN +UTpZ1Srz2ra8HvY/s2st0sDjah1/xTM5Kr4bFFhVvT1CKmJ6Rpa2C8y3PVsiLfwl +lUua3g3f/MGVct2QoIbsO2p6MJZKfelW4wuyfP0BwXlBXVM64qK1KXui0o4Qw0w8 +GFRofiUbwi1+fAFRa1fLMVeAhFEc2kVDS2VsJueht0kWjOJHnztkvbmUSq4Zix2o +qAgBO8kUkVVx1miHCt27gdYPlryRZJgooUV8UNh43X+3gWvb1swoxdR3eLnQUQiY +Yf/7/qoKrB5OJ3vHqg+GvR40IbrgS868ZRvs59BOD83BrBPaUQjjEdiHFV3xX/GL +f11bvSRcqBMkbxltig== -----END X509 CRL----- diff --git a/certs/crl/eccCliCRL.pem b/certs/crl/eccCliCRL.pem index 01c6404d0..8eea77976 100644 --- a/certs/crl/eccCliCRL.pem +++ b/certs/crl/eccCliCRL.pem @@ -2,23 +2,25 @@ Certificate Revocation List (CRL): Version 2 (0x1) Signature Algorithm: ecdsa-with-SHA256 Issuer: /C=US/ST=Oregon/L=Salem/O=Client ECC/OU=Fast/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - Last Update: Aug 11 20:07:38 2016 GMT - Next Update: May 8 20:07:38 2019 GMT + Last Update: Apr 13 15:23:11 2018 GMT + Next Update: Jan 7 15:23:11 2021 GMT CRL extensions: X509v3 CRL Number: - 4 -No Revoked Certificates. + 6 +Revoked Certificates: + Serial Number: 02 + Revocation Date: Apr 13 15:23:11 2018 GMT Signature Algorithm: ecdsa-with-SHA256 - 30:45:02:20:05:17:4f:0c:42:51:f6:f5:a3:2e:52:3e:e3:f4: - ed:99:ca:4d:16:75:f7:80:9d:7a:cf:64:5e:ec:cd:9d:f0:86: - 02:21:00:e0:38:31:16:e2:ab:e4:d5:4b:cd:67:2f:e1:f0:e5: - ac:f2:8a:4b:03:9b:f1:69:60:2c:bf:dc:02:11:e8:71:f7 + 30:45:02:20:70:84:36:14:46:a2:c6:eb:58:da:a8:0d:2d:9c: + c0:35:3f:c7:6e:18:c2:73:f5:65:2c:c9:35:67:b0:92:3a:56: + 02:21:00:bf:ef:69:a2:81:d2:7b:ca:19:ba:5f:39:f1:07:d2: + 5f:40:51:fe:87:41:e2:2d:45:65:4f:ea:7b:56:ee:2f:5c -----BEGIN X509 CRL----- -MIIBJjCBzQIBATAKBggqhkjOPQQDAjCBjTELMAkGA1UEBhMCVVMxDzANBgNVBAgM +MIIBPDCB4wIBATAKBggqhkjOPQQDAjCBjTELMAkGA1UEBhMCVVMxDzANBgNVBAgM Bk9yZWdvbjEOMAwGA1UEBwwFU2FsZW0xEzARBgNVBAoMCkNsaWVudCBFQ0MxDTAL BgNVBAsMBEZhc3QxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3 -DQEJARYQaW5mb0B3b2xmc3NsLmNvbRcNMTYwODExMjAwNzM4WhcNMTkwNTA4MjAw -NzM4WqAOMAwwCgYDVR0UBAMCAQQwCgYIKoZIzj0EAwIDSAAwRQIgBRdPDEJR9vWj -LlI+4/TtmcpNFnX3gJ16z2Re7M2d8IYCIQDgODEW4qvk1UvNZy/h8OWs8opLA5vx -aWAsv9wCEehx9w== +DQEJARYQaW5mb0B3b2xmc3NsLmNvbRcNMTgwNDEzMTUyMzExWhcNMjEwMTA3MTUy +MzExWjAUMBICAQIXDTE4MDQxMzE1MjMxMVqgDjAMMAoGA1UdFAQDAgEGMAoGCCqG +SM49BAMCA0gAMEUCIHCENhRGosbrWNqoDS2cwDU/x24YwnP1ZSzJNWewkjpWAiEA +v+9pooHSe8oZul858QfSX0BR/odB4i1FZU/qe1buL1w= -----END X509 CRL----- diff --git a/certs/crl/eccSrvCRL.pem b/certs/crl/eccSrvCRL.pem index 2293f2c51..92e07f2c6 100644 --- a/certs/crl/eccSrvCRL.pem +++ b/certs/crl/eccSrvCRL.pem @@ -2,23 +2,25 @@ Certificate Revocation List (CRL): Version 2 (0x1) Signature Algorithm: ecdsa-with-SHA256 Issuer: /C=US/ST=Washington/L=Seattle/O=Eliptic/OU=ECC/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - Last Update: Aug 11 20:07:38 2016 GMT - Next Update: May 8 20:07:38 2019 GMT + Last Update: Apr 13 15:23:11 2018 GMT + Next Update: Jan 7 15:23:11 2021 GMT CRL extensions: X509v3 CRL Number: - 5 -No Revoked Certificates. + 7 +Revoked Certificates: + Serial Number: 02 + Revocation Date: Apr 13 15:23:11 2018 GMT Signature Algorithm: ecdsa-with-SHA256 - 30:46:02:21:00:dd:0a:1e:ff:5b:19:4e:40:a1:a8:65:b3:48: - fb:2b:a0:e5:6b:c4:27:31:2b:0b:1e:8c:c2:12:f5:74:74:c2: - 5b:02:21:00:f9:67:2e:5c:26:7b:14:a1:16:db:d4:7d:b1:a9: - 75:c7:5f:db:6f:c9:57:12:9b:44:99:40:71:70:7d:f9:b6:c8 + 30:44:02:20:20:27:85:f0:9e:8a:1c:08:4f:47:b0:19:77:8f: + ee:e5:7f:8a:e0:71:a7:45:fb:48:6b:58:29:c9:39:96:27:04: + 02:20:5e:08:5e:8f:b6:e0:62:14:34:19:ea:b7:71:ac:3d:11: + ab:43:52:06:9d:23:41:e3:b7:4c:63:78:fe:27:86:c1 -----BEGIN X509 CRL----- -MIIBKTCBzwIBATAKBggqhkjOPQQDAjCBjzELMAkGA1UEBhMCVVMxEzARBgNVBAgM +MIIBPTCB5QIBATAKBggqhkjOPQQDAjCBjzELMAkGA1UEBhMCVVMxEzARBgNVBAgM Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB0VsaXB0aWMx DDAKBgNVBAsMA0VDQzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZI -hvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0xNjA4MTEyMDA3MzhaFw0xOTA1MDgy -MDA3MzhaoA4wDDAKBgNVHRQEAwIBBTAKBggqhkjOPQQDAgNJADBGAiEA3Qoe/1sZ -TkChqGWzSPsroOVrxCcxKwsejMIS9XR0wlsCIQD5Zy5cJnsUoRbb1H2xqXXHX9tv -yVcSm0SZQHFwffm2yA== +hvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0xODA0MTMxNTIzMTFaFw0yMTAxMDcx +NTIzMTFaMBQwEgIBAhcNMTgwNDEzMTUyMzExWqAOMAwwCgYDVR0UBAMCAQcwCgYI +KoZIzj0EAwIDRwAwRAIgICeF8J6KHAhPR7AZd4/u5X+K4HGnRftIa1gpyTmWJwQC +IF4IXo+24GIUNBnqt3GsPRGrQ1IGnSNB47dMY3j+J4bB -----END X509 CRL----- diff --git a/certs/ecc-privOnlyCert.pem b/certs/ecc-privOnlyCert.pem index adbf9c482..e6034bed8 100644 --- a/certs/ecc-privOnlyCert.pem +++ b/certs/ecc-privOnlyCert.pem @@ -1,44 +1,9 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 11535733361370405423 (0xa017285f8c1b1a2f) - Signature Algorithm: ecdsa-with-SHA256 - Issuer: O=WR, C=DE - Validity - Not Before: Mar 2 21:02:20 2018 GMT - Not After : Mar 2 21:02:20 2019 GMT - Subject: O=WR, C=DE - Subject Public Key Info: - Public Key Algorithm: id-ecPublicKey - Public-Key: (256 bit) - pub: - 04:25:c0:fd:16:b8:2b:f2:b8:0a:1e:dd:ac:ce:62: - 52:7c:58:0a:60:7d:57:75:da:bd:11:c1:d5:2a:ea: - 54:6b:76:e6:3d:36:f7:dd:51:97:6b:a8:26:fe:7b: - a6:bd:96:55:85:50:9d:9a:7e:69:01:d8:43:45:89: - d9:fe:4a:2b:26 - ASN1 OID: prime256v1 - NIST CURVE: P-256 - X509v3 extensions: - X509v3 Subject Key Identifier: - B2:B1:0D:05:AC:6A:0C:A1:AD:92:0A:7E:C7:E1:68:56:35:40:19:EA - X509v3 Authority Key Identifier: - keyid:B2:B1:0D:05:AC:6A:0C:A1:AD:92:0A:7E:C7:E1:68:56:35:40:19:EA - - X509v3 Basic Constraints: - CA:TRUE - Signature Algorithm: ecdsa-with-SHA256 - 30:44:02:20:2f:5e:f3:52:0b:39:4c:1a:69:6d:52:cf:a5:7a: - 63:03:0b:ff:48:9a:32:fb:57:66:10:60:7d:6e:e2:e4:87:e2: - 02:20:24:21:fd:a9:88:74:07:79:5f:e5:15:89:41:39:51:32: - a9:62:8d:ef:4b:8a:3c:81:ca:7f:2e:32:f1:fe:c2:f3 -----BEGIN CERTIFICATE----- -MIIBejCCASGgAwIBAgIJAKAXKF+MGxovMAoGCCqGSM49BAMCMBoxCzAJBgNVBAoT -AldSMQswCQYDVQQGEwJERTAeFw0xODAzMDIyMTAyMjBaFw0xOTAzMDIyMTAyMjBa -MBoxCzAJBgNVBAoTAldSMQswCQYDVQQGEwJERTBZMBMGByqGSM49AgEGCCqGSM49 -AwEHA0IABCXA/Ra4K/K4Ch7drM5iUnxYCmB9V3XavRHB1SrqVGt25j02991Rl2uo -Jv57pr2WVYVQnZp+aQHYQ0WJ2f5KKyajUDBOMB0GA1UdDgQWBBSysQ0FrGoMoa2S -Cn7H4WhWNUAZ6jAfBgNVHSMEGDAWgBSysQ0FrGoMoa2SCn7H4WhWNUAZ6jAMBgNV -HRMEBTADAQH/MAoGCCqGSM49BAMCA0cAMEQCIC9e81ILOUwaaW1Sz6V6YwML/0ia -MvtXZhBgfW7i5IfiAiAkIf2piHQHeV/lFYlBOVEyqWKN70uKPIHKfy4y8f7C8w== +MIIBIzCBygIJAIQV31BIhAeYMAoGCCqGSM49BAMCMBoxCzAJBgNVBAoMAldSMQsw +CQYDVQQDDAJERTAeFw0xODA0MTMxNTIzMTBaFw0yMTAxMDcxNTIzMTBaMBoxCzAJ +BgNVBAoMAldSMQswCQYDVQQDDAJERTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA +BCXA/Ra4K/K4Ch7drM5iUnxYCmB9V3XavRHB1SrqVGt25j02991Rl2uoJv57pr2W +VYVQnZp+aQHYQ0WJ2f5KKyYwCgYIKoZIzj0EAwIDSAAwRQIhAJvs7Y00EWq/Yv9A +ymP/fVWsxz8/fhbZKi09eq2eqV/gAiBW9u61nV2snwijm5r6EWrnlGKoNb9niPCD +qg/y+r8d1A== -----END CERTIFICATE----- diff --git a/certs/ecc-rsa-server.p12 b/certs/ecc-rsa-server.p12 index e1682b5cd801ed499275531e59b6e0e84532644a..84cb0a4b6564e297fd454c2c9ed91ead7d236fd9 100644 GIT binary patch delta 2277 zcmaDR^h{_%Y<;}V`X1>+3Y|<$91IOj><7Mm5iWG!djIpoxjDLL+!metA9(Vj%9mbZP%2!47YZXWX-r+`e}0J=aB>m}}N*ORt{5_D1*^$LoN{_1lC)6835?exJ*+ zlKs12z_UkZ<8%(F>{GcL^-}(nZs9jc)~dG0K|DpN*ER*Luzme?pZZ*>HxoJXvd`ZT zi_vuSeO}@tAy6VPYjODM#m5#bE$Z8`tHI}hNYk9d{f6$M$_0`lYsu99Z5lz5dAlX4$iUPI^iT zTwoO~m#X@4b>?by?>|Z|+^2Z1nBSRcc;Nlv_2(Ur-cz19RU+~3T$7M5b{s}uo9Bxe z{;}j2IyaCAt5aGl#n0C7 z7i72I_P0;@!>O&zpQ4tj?~mAVtX=Z9lHaYhyr)zgUY_h;=Pfbkufd`>rGAsAbbWtO zDA%!dZAj`|uEu}s-fYxcFX?pf%id+*rM9hO|5J5ll7~7&Ny!Q;-bZKeiJd;(>_5$o z;nyMiJ#V*{2=YGJ^hZ$SYR2}MiMC(=v8uejyw0*du;=Zi)=Sf?e|9>_H*SvIXA}Nk zd&hyrH;P+x&(FR0`q{M7=PBo2&Qy35r?70D1$(W0zK>p~uTl=vsxUsMZPULkYF4;0 zMXmS!k>ve%6w(?in2aC3PTl{DvCZAKjr-98wup|yK8G)@-5B1>nP>DM$!W!jnNr=H z?;ZsIf68z}oVlL6lleN^nT-c6_Du@S^n1L*mi58mC!c-Jpe*A(m2XSuqv}T%=9P02o1H&IY;oOp&_r01;mRUzi~5x3kDm*FUaV9d zADt%28@FYe_TMY_G^;ssPu{%4CnDL`8JYO%*`LUt7r#7Tp&)QpDzW2cF0%noe91-j zyn`Ex`8pVv^)mdq>b&7xl}w}U5)b{FN!-6q=^gyH&q-#})1n~0tcwR;ajA-j2R*sP zKmEj3-_N}*WvPWl9`(Cs>gA`_-}%UvBpeU7J6SS!8 z)57{2=8J!vP1HB})vuZ&Hanz6$W-ZYgm=Z45`)LtYxz{!CLMjtI8VIqy2QWD)7Qp+ ztMs~4lHkDeQm*9e%9!P%aTCtWKP_Bq^Z)A2t7_hgX6`f6Ua-%XKO?jG`G+0ifob&> z58gyhWIoRKm~pH5|FZqX>Q(<(7|P}O4Z_qOu&>Lwc_UawbJ}d4OYc4YoJiJOy7ruW z+v|^;qLMc)9U5)%$wd`JX<&I*=5cmV_zP_zGxZd*w2}l8U6J>GVg7-58Lqn_c5cK z*P6a5rn?TzoP6#gd++D!MybQ0H{Pgxy0P5)U)o%LG4a(;SN<1R`;lSpy+=3Pj5*_H zmR;Jfd0uosTg*8rjqI1z|JM}VJF;7IC1cUiC9{1_M1I_`;X!)yrTQS%*9Wd`$6P0KHG?Owj@Ys+#qIgQU@7yr*(nh|;9oN#%mnxzyrS^l54;mc1C zYK$d*J^mHELU@OTiuadOm)sh5*4O{u9Jca$xAa@BcW);BkuqsKufOE^!fW~^vw}LR zrRMGU@JTmA%XK^FRQ2m>6|cLm-pHyrTNgTY(^dbg@*h|JU=%G+;D5by_aDFZMzC;-Sk18NZ`f{7#bHbT0kXP2r`6efOI7O?Dhi*RXLd1Zr>(J7lKJFety2Z}3Rd=eBZo7ynfR*xg&zq&MEop<2$ ztdA@2R<}N~npeY@R-;9+cIFbjOsV;7w38>AK+cNDer0V_loMj zGxw|(6IW51Z~L=%{RS0j*KV=sIqPpJSYEqVz*Sb?z4{{G&aF$_gg%D^e^tIy@gvIl zOl^0W0;laYeVf_xnbjSeZ>*kGWx&{KvqACpamm1LA?$cqH_q+)Ez)hpsj@fe z(wSezHw~iZE5%D(%{g@L!@BREY-2jMpY*)3??$rMEZZ3#UGHW`S>I)=)zCI`Kd~xe zzhwGSix#)L0{eIGmy!7+xA9Y#rqC@@mp#3)XKHxZs&sx@&Ds#~;a(i?pWNVu2i%^= z1V*k(xT`u@m&2ict#;T)LynCWpgNwVaRT%8XS<(Ho@488Q8>~2q}ZyM_hvFbzSPMw zJ?&#sN*Ce$&Z}F({ch2-J&#vSxo2-Wm-p7$f{z?mkGHJ4U%f<8@@V1oP1iQv+41H4 z@5qwPB{Bd4gL7>mfM6=4xATPC{x zpK)7>@9#EV={2Y48yFfW8gR0)YV$EONwG4ph-{J(-0tvvYeepE2g{c_3rf!1S-zZw P!!^jZ{Ip={c93rYXtHKp delta 2277 zcmaDR^h{_%Y(3WpM>pwz?YEhjI2an5*bmrc{QZ7JH6xpQ^Mv9}FJE#QYe!9HbG$eA z&T%J6@1rG$kNYvRH$0r$bFX26Z298TOMf*!ICgAHtT_u|)S2PH!4?Q|`6 z=X`FSBrFki%09);(M8Jl#DdL@2Tx4jkT#pWNLqQv&mc>V6^!Nq&uo}WBW^JMKHSZ! zYM-<=V8I>cqjuI-5C1)^UmGib)}29#p(=L$@_JsSBu{pyHA|g1tAFj+`hQYqxzlU0 z!VI4Jh`ovq+F?uXWyvdD%v{gGv84Hw-ZRNv4_p6#zxHa|kAF4{-m`OG&;P@{_=>@@ zV6{#k?zR~P=Fi!;Rm55D`N*%BH97m4;r$eS#dfYm(yjA$@t=v`{OGC2qPIKwW;njl zI-_IA$-3CHzAsqBL?W>(>c_JsK7Z%!^!?14>C?0^)LbUCG3eK%3w@CfCv*x1zn>az zA+x69y>`r5)3{j4gd3sLe?D02mYx%OU`j?$Dfh;=pBBHinq2>nDPxukyS?7gNWt%+ zCBG*9`*r`!0iUIP%>Q^7F7kc zN8Fd>sjo`;X24~_@^9nPqD_3df2KD)^Q&tXs+wcq#QM=8KsY^|W9sW;T)%Gal4zaM zDzIeP!p(kFyEitAz1nj^@%|o#7N*zMUwC@Mp2&7;>Otz}7? z^Ul?KU&AWrf+GuEqwo2?v#8(5@+0VGNk;#zCw`W1%$NOGx3a7I;kjMbDrU{Q(w=OZ ztd#nEb7Mh+PMx2apU14SYhOP5CQlaQ`g>&maTS*HEV}L+>f0_B=D+beu;tAM*-H`K zCHB)kRry4lSH=rjGkED${^ppvH>ND>U&i+Q!%KB$YNsBrUcDss^WURpViOp5?#f^;sm+dS6ufeH_R0>?egmcN&zR1f2EFXF6_k#7L$~pr2#@ zjHRoRWUU!D-7U>oAy>BZ&`ORT^#@y(Pkt?_w-Xj<6DxU;dco|;ap{B8bhDGMt`gT_ z*mk+@*3S1wR~{C9p(9kC`RkrY#AsYP z`$y`@#n`@;?S4F;16QAmS}lAtYx05}4_Xczn59GBVEohvFNt#KCUEw_y6?(2W7&bm41qq}Vehr*J-r>hM@wp%1c7=Mq}PKf5S zGUzG(FYlMWN9pLY+7vr4bJ4?}w@!I37qa7#tE=U`sW)VEE;a1Tmum6u@sbVcz5l0% z>5^5wkp2e=-migEQfILl-8dldi*<28i^#)?XU=;|CL~|io!U9`W0tCE<=*;!mEdLb zzAu$;R4}rg0^Hg$faM6{no+|QN#I#0Ej z8*hBH&KG)Z^!x0EkNYat&;FcSDE#e}?z+c&ds;5-JFxM8oJ7>k{Sg|sCeHePxVALT z>DV8RS-)p&axS=;*IQ%!Ql(?-u`l1WE9x6u_jwk@Uq0yIeBy0$tvJuBL>C{Q z`NNLSuy%*^p%=^#D#d@k{qw`DQb$aS$6fSWl-t$y`qisC7E46W5u10Ib^5FL!~6o0 z{nZN;AIADkV&hFbLvZ$sH0S9zQ1YK~9$O_-x? zyL!c=U97sYmju|CzFQWwO5RY_K$(qGtIebBJ1--rsG%5($oxltVs#b6@8)lQw{F>q z;Gm@Z3}*vF14RQ)HdbvuW+o|C1{M+bqXiRM)<<>qOxkB5RP)Z#J)rs-3&(nq6%S>c J=kEmh76244QRM&t diff --git a/certs/ed25519/ca-ed25519-key.der b/certs/ed25519/ca-ed25519-key.der index 01156fec2949fb7c50ca359e52a69a5386fd10bf..fd4449c86dcd70c749cb4c84f0dae1052112a32f 100644 GIT binary patch literal 84 zcmXpAVq#=4U}a<0PAyx~iUa35&^sS8L^0wtcu!Uvz&ZpYQ^UG_| qU8uyO;K=@_lqaJ|$cCkfJx?s(!7+D9KgXv>bC)|GQqh=Ew*~;`5+F7J diff --git a/certs/ed25519/ca-ed25519-key.pem b/certs/ed25519/ca-ed25519-key.pem index e21c1100c..a4b1eb08b 100644 --- a/certs/ed25519/ca-ed25519-key.pem +++ b/certs/ed25519/ca-ed25519-key.pem @@ -1,4 +1,4 @@ -----BEGIN EDDSA PRIVATE KEY----- -MFICAQAwBQYDK2VwBCIEIE3EyZVR/gbofvUgIsCeuA3yZ9E7DbTQxW7HMDYQhbxl -oSIEIEEH7HUMaHISPASCB24Wb0BBbaSPCPLinadDwiQomH6s +MFICAQAwBQYDK2VwBCIEIALLg+oVSN6eOx+rCjIui2cYL3VyBkk2pWBdv1+JXJBy +oSIEIGWqfwWkBDSg6q0fqYbw2H9y36kOE6A4ZiZe60gwgEhJ -----END EDDSA PRIVATE KEY----- diff --git a/certs/ed25519/ca-ed25519.der b/certs/ed25519/ca-ed25519.der index fd6f31d1d8517b5f991fd05ce1de26065becfb5a..b6c11045ee73af3cab31f25d484e99c7bfea6c36 100644 GIT binary patch delta 285 zcmcc1@`Od+pouBLpovLn0W%XL6O#Z#!>)|-_e-BT)gCL>32EIiQGA1fg@K8ok)fH9 zk)e5%1iz7ik)eU1fw`e6Siqoh?nFhS$&!ra^{K1sS(mVwEO@n6er4N-8}&u^SMmuj zut-yjd+lM+;NiJA!643nhmAQ@R+xp=fSHl;zkw`>$HyYZA~MN-S`pK)L>a~0j=Qh# z+RPR|GJm^)JV;uZMZ!R=LF6B!TYbK^oy>;(hi815RKNRjP2FL@2U5V#$oQXyh1r*h z@t6TC8?$z50kb26kHdxfJ-@#!l8X3N^!UXs3EnAp`2HSz&a|}Z-RVPhzZU)xo%K)d gf%*OV)nx%}S8SzHi|r>}aY;M1& delta 249 zcmaFDa+gKipouBcpoxil0W%XL6B7sHw}*CnDi^j+l;0p@ZeVI;VPtG%W@H&9!Ea<> zXlY<-WC;u(#hS7-1Un-syWPF6nX3RGtv54f?GY}LwCi!b^AUe zeIL){$4mMo76%yw7|60QhsyG?h_Q(LV|1&}*S3?{kpJ+EFO%wbU#_V;4CF!5$}AEF zVhz|8@PQQYGcx{XVPR%sJ7B=d#;l!M!0gDNY5y(r(avI_iz%=BUuGxXj(@p4DMz5w xvElKHzw#G^*G*+u|GoU7lF?c>|2uX6*6rz%pT>1-{>jNf>Jl5eZ|!U31OOwbV$J{n delta 256 zcmcb^a+O8gpouBapoxij0W%XL6B7sHNr7eOZ+Q4ml;0#{ZeVI;VPtG%W@H&9!Ea<> zXlY<-WC;_Er%y2Y_Q_o(H^ywl|MT8X^OaA!A{;Zp(Rg01}+XZ2sDso zV-A(&V-aH!SvI|3a!lrA?P*4G?bT+xCeP9g|7ai&l2&GsFc53Nu7Dq;fS-}^KMN}} z6Waj>16DR>?bHHhM+S!}i_305oc(Q|waK@ikF2^B7#a^wv(vS_C9D4XYOP|RmFdR`2M;#+keMb0T<;rR&FPUy-|z%OB2gLrXp&%V|&S(;bqjo9?Tu4*&p@dmqLC diff --git a/certs/ed25519/root-ed25519-key.pem b/certs/ed25519/root-ed25519-key.pem index 2db2a669e..fa3c91922 100644 --- a/certs/ed25519/root-ed25519-key.pem +++ b/certs/ed25519/root-ed25519-key.pem @@ -1,4 +1,4 @@ -----BEGIN EDDSA PRIVATE KEY----- -MFICAQAwBQYDK2VwBCIEIFwOftlJ9QL4yEBIBh9UmTRwCu+A6puPK9OFmVk0A19P -oSIEIKZgKbt92EfL1B7QbQ9XANgqH1BqQrxd5bgZZbLfJK9Q +MFICAQAwBQYDK2VwBCIEICejNCo11Lu44dzY7A/BoNGiXPkG8ERdO5dNvd9KO6NO +oSIEIKLxJkCbolna2+YVf5oRtUhfVbpe7Ub3mGe+DJPjpI4Y -----END EDDSA PRIVATE KEY----- diff --git a/certs/ed25519/root-ed25519.der b/certs/ed25519/root-ed25519.der index f4da216c4f44dcba10db9f1767a80bb3ffce814a..c1675faf0bcdc7d4e39e9b291935f5a14cb7d1c5 100644 GIT binary patch delta 289 zcmcc5@{C2^pouBTpovLj0W%XL6O#Z#zrN|F;JyBnF8-JGc3A2;QGA1}g@K8ok)fH9 zk)e5%1iz7ik)eU1fw`e6SYV>u;(9FuRyJns)BuOk7x4ZC4CZ$6Aa=Ec-WXjWrbN-4VW1j{~O4Hczi5kEF%9H-RkqT?PNCO zKRn~hr25^LYw8XId62X+i-dt#19k;`5g--(jEw(TSeTg@kHH+{$l$h7PocE9wkjz4 zPPkfm&fMCv4-2H-YV$#4r@-n@y}uU^c>k&D+Scod#D}a JzjSN~0{|CgVc-A& delta 250 zcmaFHa-T)qpouBkpoxih0W%XL6B7sHQNwpHd@bZA%5RV{H!wA_FfukWGqQ}5;5RZb zv@|d^vV;gse7#;}S%T*7+8getugG1<5(Z)oB3KphgB0*HGX7^_WoBYL z#$dq8#;l!M!0gB%Wn1>ey<%qhX2QEx{-Ee+N!`QF`Fyy*Vzbb5HK)1OSUWWzYZs diff --git a/certs/ed25519/root-ed25519.pem b/certs/ed25519/root-ed25519.pem index 1356b21cc..75d7a9dbd 100644 --- a/certs/ed25519/root-ed25519.pem +++ b/certs/ed25519/root-ed25519.pem @@ -1,15 +1,15 @@ -----BEGIN CERTIFICATE----- -MIICWzCCAg2gAwIBAgIIAcUx7uhNOB4wBQYDK2VwMIGfMQswCQYDVQQGEwJVUzEQ -MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjENMAsGA1UEBAwEUm9v -dDEQMA4GA1UECgwHd29sZlNTTDEQMA4GA1UECwwHRUQyNTUxOTEYMBYGA1UEAwwP -d3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29t -MCIYDzIwMTcwNTI4MjMyNjI5WhgPMjAxOTA1MjkyMzI2MjlaMIGfMQswCQYDVQQG -EwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjENMAsGA1UE -BAwEUm9vdDEQMA4GA1UECgwHd29sZlNTTDEQMA4GA1UECwwHRUQyNTUxOTEYMBYG -A1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZz -c2wuY29tMCowBQYDK2VwAyEApmApu33YR8vUHtBtD1cA2CofUGpCvF3luBllst8k -r1CjYTBfMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFIbAJ+me+oXB/eNv/FRZcjfH -M5K7MB8GA1UdIwQYMBaAFIbAJ+me+oXB/eNv/FRZcjfHM5K7MA8GA1UdDwEB/wQF -AwIBxgAwBQYDK2VwA0EAGj129Ed4mXezQYuGBMzeglOtvFvz3UqPLBGTRI49gqqw -2/VnVoX532VvhensyCrk3/tRluh1wMnenEQlncm/CQ== +MIICYjCCAhSgAwIBAgIQAI8vNbJTvU+S0f8dS0ClSTAFBgMrZXAwgZ8xCzAJBgNV +BAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMQ0wCwYD +VQQEDARSb290MRAwDgYDVQQKDAd3b2xmU1NMMRAwDgYDVQQLDAdFRDI1NTE5MRgw +FgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29s +ZnNzbC5jb20wIhgPMjAxODA0MTIxNjIyMTdaGA8yMDIxMDEwNzE1MjIxN1owgZ8x +CzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFu +MQ0wCwYDVQQEDARSb290MRAwDgYDVQQKDAd3b2xmU1NMMRAwDgYDVQQLDAdFRDI1 +NTE5MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGlu +Zm9Ad29sZnNzbC5jb20wKjAFBgMrZXADIQCi8SZAm6JZ2tvmFX+aEbVIX1W6Xu1G +95hnvgyT46SOGKNgMF4wDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQU/gFGf28rPhyw +b+HMTQIl900KlbgwHwYDVR0jBBgwFoAU/gFGf28rPhywb+HMTQIl900KlbgwDgYD +VR0PAQH/BAQDAgHGMAUGAytlcANBAEaxLiB1c316UlvcVyZ3bJ19dvCgG0Y8+2De +GGbS7KdC/RauChf9sxLzVoNj2P5Al5dsHeqpECevSCbCD9LGpAA= -----END CERTIFICATE----- diff --git a/certs/ed25519/server-ed25519-key.der b/certs/ed25519/server-ed25519-key.der index 3c966a31b58677514764749a87ddc9a60e39283e..a156406683edc3866eb1299342c1f2b16740a393 100644 GIT binary patch literal 84 zcmXpAVq#=4U}a<0PAywRB*wnk?mGEoOLc~#m+u#r?!9MoVr{o4>FBB+R`NX2_6Yzl?jpMY literal 84 zcmXpAVq#=4U}a<0PAy^|EsK-6UEobSQwZX8X1}y z85x>KN$?vP7#SKE8kifJf&?Z$Twk9U`)0fAEFaQ7$l4RKc delta 256 zcmcb{a-K!ppoz)bpo#JC0%j&gCMFKX3zG!0qTIqK%CD0#H!wA_FfukWGqQ}5;5RZb zv@|d^vV;gse7U|}%AiBSU4Qy5mM=>l@6F*6+v#!eqSN)hNi7RXw4CShX)X>n2sDso zV-A(&V-aH!`L?M=YU-8(qu_rxU(eQT@V>V7;{gMCkhC(3gn?Lt$fT>>w?49T?_Ai; z%rrlO!PJbs>ZAcbNC7`1<9`-bW+t`+3Qn{nya>Xyy>CKKMG8Y!!5 z`+h5jr(x3ZfQ+u+jz!m=PTjFC&27d$vt3$D>-to#*VHG8Hf~CMw>V(?zKTEFCw#j; zEAmBf^HpV;h#r=+tmy@N-Wzo3Z9Z$Uu`ev?<7O33HLw2*8`CUrKUk40Dxw$0@Huj4 zm^YtpJoB-`fqRAcl2ldL7HvFREVHY*@2}0JKc8nTR;%ZGmACitpPGy5Qm$>(Wn|W(?*Ce5}*TWBsUvB8C|8tIWYP|RX-ScaIu^sOT zd@Z@|lB$&2gS5l4&W~c%9$vmKvT3zp{JgzWGoI~?un{}E=-!<#;=L#Q(^pkcZ(M*ADrxyU8rv^Eb@zWiN-^ z%%7*^yM5=qQOdsU5Ptc|U*|O`R;u6D&b!^Er~LY4p`y9YyVNBj)lVBU?Ka+tyrBH- zXPoFvzb9_pGs9Bf`S`1*Jw14GO;?AZNP*ma?%kW_#$7FcDj2);!!1>-QR zd3%BKK30vx$*RtByKkvH|J409tlrF9b@lf}oIAy?O_{a--xl`$kIv*2tr3}({J3%1 z&(lx4zc7oNcu!F)aFcE+H)b$8dw^9S`b)&uNwc!E79FVDaWF1n;`t-85_iLw-k4F& Yc4Fo#uZ)vvxlevCNX}Wyu3I(%0444&CIA2c literal 607 zcmZQ#W?&LH9can2E#3cap}^H|OrOvHu|F8LS~jJlFht6%>vraq?ue~pk`DyC!Kpd$DDDMX*E4 z<#X(P%bpy&>!W>SNwD2>k<#crk_&HN?Pb>9T)*P&<-*s+@81R#onr8QeTvg)*1^;- zT$iMDE3R;_k!bz0&$-h79cQg3D}%=NU^(*&MTaZrUP-#0o4#jhK-{n7#Vl{%zY{Rq zKcT^G_phI~-WDC*9UV&Z$9CBV|U|QQjV&BGuNz&8acDoPFco3{v0md zkZ)Yc@TTEwu~LBInXBiYJlWf}v~J?&r$KpAUv{ay`22h0-D5kae`}wX>8N|a-^A+H zrVUM6yRH2?t*U${-s^ogL$gaEWkJD4eZ@Zu{+|EUd-iSDlnE2t-YRLVWvx<@^1ml| zKmM3U=Koh~EtXE1b6ZN)Vau1rYnZnj%vqy?5hQ)J`jrC43HQdrP#XdPHB@Uf3e zqmJocVG--H9{V53C-YepQe+l9WV}_vUcx%L-*gXq$_>8M+}DfFmMz|!xNvWpS+u#m zr7Qo-{kdsYs`^q%BG+K9eIh WD!J!5C&YQ2l-hP9DmOuU;sgMU6)P$L diff --git a/certs/ocsp/intermediate1-ca-cert.pem b/certs/ocsp/intermediate1-ca-cert.pem index 42f681889..a0593b2f7 100644 --- a/certs/ocsp/intermediate1-ca-cert.pem +++ b/certs/ocsp/intermediate1-ca-cert.pem @@ -5,8 +5,8 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com Validity - Not Before: Dec 30 19:12:46 2015 GMT - Not After : Sep 25 19:12:46 2018 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL intermediate CA 1/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -47,27 +47,27 @@ Certificate: OCSP - URI:http://127.0.0.1:22220 Signature Algorithm: sha256WithRSAEncryption - 0f:a2:19:93:09:2f:c8:c5:91:62:2b:1e:9c:69:93:ea:5f:f1: - 5e:b8:15:8e:0f:c9:82:08:3a:6b:60:3f:ad:1b:fa:47:94:a7: - 31:33:34:6c:cf:09:63:fd:8c:de:62:c4:2e:5f:71:19:2e:a8: - 96:63:37:16:e7:bf:37:67:2d:46:36:72:d0:e4:03:a7:89:a1: - e4:4c:2f:76:31:79:0d:84:ae:c8:61:cf:98:03:2f:12:fc:17: - 60:60:88:b0:96:a0:a8:59:f5:96:1d:3d:1e:e0:c0:26:fd:1b: - 3e:42:73:ad:1d:39:0f:ff:d9:f0:71:52:e3:9a:9b:7a:b4:a2: - af:50:e7:33:7f:66:40:65:bd:31:0c:c9:21:b0:d1:3f:df:b6: - 77:e5:05:ca:24:b9:72:c9:82:c6:9f:be:12:f6:5d:39:34:b7: - 20:df:e1:24:c3:b2:fe:98:b6:d3:6c:3e:43:62:6b:e2:6d:56: - 65:99:3e:aa:2e:a8:cb:82:2d:9b:11:da:8a:b6:63:20:12:c7: - a0:5b:5d:5b:09:29:47:50:ad:4e:1f:68:29:d2:d9:0e:5f:5c: - 83:e8:e6:fd:c7:e5:f9:14:0d:14:8e:6e:34:dd:4f:ec:01:75: - 54:2d:24:c8:c6:98:c3:7f:d8:1d:4f:c5:ae:e0:b2:8e:f5:a8: - bb:4b:1f:aa + 18:a3:09:fe:c3:53:c7:ce:11:f0:36:86:43:9c:46:9b:43:42: + a0:20:6e:b6:32:29:34:22:fa:27:a1:00:0c:e5:51:c3:35:7b: + 2f:ce:2c:48:7f:47:cf:1b:45:f9:30:b2:d0:17:15:a0:c3:a8: + 3a:e4:5f:a4:96:e4:25:ea:4e:80:90:2e:8d:f5:19:98:ae:2a: + 6d:39:f0:06:8f:e6:0b:c4:2b:dd:07:4a:ad:3d:34:11:79:3d: + 15:db:65:c6:33:60:6b:2f:2d:47:26:bb:91:53:28:35:5c:fd: + 57:3b:27:1b:a1:85:03:24:74:84:f4:f2:b2:e3:53:41:83:9c: + 6b:5a:0c:0f:3b:c4:5f:a7:4b:8b:04:f2:0d:f5:81:aa:16:33: + d2:f4:f5:8d:83:c1:10:2d:57:55:f8:d3:16:62:27:50:b2:57: + 20:1d:a3:07:0c:b8:8d:c5:5a:2f:d9:d3:c4:6a:c3:1e:51:10: + de:7e:60:cf:d0:78:2c:00:d4:da:df:de:de:ee:ed:1d:25:da: + 6c:9f:57:69:2a:f1:a2:6c:8a:fe:72:c0:57:9f:f8:6e:b7:47: + f1:4f:f6:4b:9c:a2:2a:d2:10:9c:4e:bc:b4:8a:a2:8e:51:5a: + c1:e7:9c:f1:7c:9c:f9:7d:d7:9c:8f:ed:e9:57:91:0a:6c:4b: + b4:ac:6f:30 -----BEGIN CERTIFICATE----- MIIE8DCCA9igAwIBAgIBATANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM -IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx -MjMwMTkxMjQ2WhcNMTgwOTI1MTkxMjQ2WjCBoTELMAkGA1UEBhMCVVMxEzARBgNV +IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTgw +NDEzMTUyMzEwWhcNMjEwMTA3MTUyMzEwWjCBoTELMAkGA1UEBhMCVVMxEzARBgNV BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSIwIAYDVQQDDBl3b2xmU1NMIGludGVy bWVkaWF0ZSBDQSAxMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIB @@ -84,12 +84,12 @@ DAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdpbmVlcmlu ZzEYMBYGA1UEAwwPd29sZlNTTCByb290IENBMR8wHQYJKoZIhvcNAQkBFhBpbmZv QHdvbGZzc2wuY29tggFjMAsGA1UdDwQEAwIBBjAyBggrBgEFBQcBAQQmMCQwIgYI KwYBBQUHMAGGFmh0dHA6Ly8xMjcuMC4wLjE6MjIyMjAwDQYJKoZIhvcNAQELBQAD -ggEBAA+iGZMJL8jFkWIrHpxpk+pf8V64FY4PyYIIOmtgP60b+keUpzEzNGzPCWP9 -jN5ixC5fcRkuqJZjNxbnvzdnLUY2ctDkA6eJoeRML3YxeQ2Ershhz5gDLxL8F2Bg -iLCWoKhZ9ZYdPR7gwCb9Gz5Cc60dOQ//2fBxUuOam3q0oq9Q5zN/ZkBlvTEMySGw -0T/ftnflBcokuXLJgsafvhL2XTk0tyDf4STDsv6YttNsPkNia+JtVmWZPqouqMuC -LZsR2oq2YyASx6BbXVsJKUdQrU4faCnS2Q5fXIPo5v3H5fkUDRSObjTdT+wBdVQt -JMjGmMN/2B1Pxa7gso71qLtLH6o= +ggEBABijCf7DU8fOEfA2hkOcRptDQqAgbrYyKTQi+iehAAzlUcM1ey/OLEh/R88b +RfkwstAXFaDDqDrkX6SW5CXqToCQLo31GZiuKm058AaP5gvEK90HSq09NBF5PRXb +ZcYzYGsvLUcmu5FTKDVc/Vc7JxuhhQMkdIT08rLjU0GDnGtaDA87xF+nS4sE8g31 +gaoWM9L09Y2DwRAtV1X40xZiJ1CyVyAdowcMuI3FWi/Z08Rqwx5REN5+YM/QeCwA +1Nrf3t7u7R0l2myfV2kq8aJsiv5ywFef+G63R/FP9kucoirSEJxOvLSKoo5RWsHn +nPF8nPl915yP7elXkQpsS7SsbzA= -----END CERTIFICATE----- Certificate: Data: @@ -98,8 +98,8 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com Validity - Not Before: Dec 30 19:12:46 2015 GMT - Not After : Sep 25 19:12:46 2018 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -140,27 +140,27 @@ Certificate: OCSP - URI:http://127.0.0.1:22220 Signature Algorithm: sha256WithRSAEncryption - 99:a3:7d:72:17:b7:c0:cd:98:bb:55:fa:f2:ea:9f:17:81:6e: - 8e:02:25:c6:4d:42:cd:32:64:13:f4:bf:42:0c:a6:4e:39:45: - 52:92:40:ed:16:78:17:a2:45:5e:d9:19:ac:1d:d4:56:68:c8: - 55:de:65:ae:ba:72:b0:c0:57:52:5e:5b:08:d9:dd:72:ca:18: - 6e:16:61:32:9a:8b:c0:7d:3e:5a:27:bc:2d:81:aa:36:d4:44: - 26:52:07:f2:41:3b:d1:0f:2e:64:2e:a7:f8:0f:c3:0e:d3:9d: - 73:b9:24:12:e8:ca:28:db:4f:48:c2:43:bb:b7:a8:14:be:8d: - 3a:2f:d3:3a:1a:eb:5f:15:61:e3:e8:03:65:88:d5:03:7e:25: - 7a:35:8d:45:17:3f:0d:10:fd:8e:27:31:65:ee:de:9d:5c:68: - 7f:68:95:bc:85:5a:fa:2a:10:37:82:ca:11:84:9b:90:1e:23: - d6:2b:a6:c5:af:89:ef:31:37:56:0a:91:9e:0f:5b:3e:6c:c1: - 7d:29:cd:bb:38:3f:0e:cb:fb:05:04:e6:4f:5c:6a:c5:b6:a4: - 0f:0b:6a:25:bf:e9:ed:82:19:bb:6b:9a:2e:7d:40:58:0b:45: - 0e:ff:c2:73:39:9c:c2:ef:f4:7c:d0:9e:ae:c9:05:e1:e3:5e: - bf:dd:65:6d + 6b:10:b1:f8:cb:77:ef:72:f5:f8:fc:70:6d:18:dc:34:fe:d7: + 95:d8:fd:85:8e:ca:4b:f3:be:1f:eb:14:08:dc:23:34:78:98: + 39:d7:9f:c3:52:f6:14:3d:e9:de:5c:c2:d8:b1:4b:a8:4c:5b: + 91:42:66:da:7f:3c:e9:03:20:5e:08:0f:76:79:b9:21:10:89: + b7:73:46:44:7e:6e:28:0c:00:e4:f4:3e:65:aa:f5:c6:27:57: + 2c:bb:1d:ae:e5:94:57:a3:73:9e:6b:44:00:35:4a:f3:c7:34: + 9c:a2:a7:aa:62:9f:1d:ef:a8:6c:be:07:ad:ef:ae:ee:93:0b: + ba:c3:59:4e:90:40:2d:00:5e:f0:0f:0a:de:18:2a:b3:97:31: + 63:84:ff:18:1c:b6:d8:7d:ee:33:ed:99:f0:f5:7f:88:58:b3: + 0d:90:db:eb:44:7e:06:37:61:d4:34:b9:f6:fd:3e:8d:07:e4: + b5:b0:ae:09:ce:98:e4:b0:1b:d5:7b:53:94:dd:8a:b2:20:d6: + b0:72:f8:b1:bc:76:df:16:86:39:7b:e4:a9:15:47:57:ae:ca: + 41:d6:3a:ba:15:d1:c0:b5:38:66:0b:0f:80:8b:a2:07:b4:fc: + 80:1f:a3:4c:1f:d2:65:97:c1:2c:ae:46:31:61:49:0d:d7:5f: + ac:d2:a6:05 -----BEGIN CERTIFICATE----- MIIE5jCCA86gAwIBAgIBYzANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM -IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx -MjMwMTkxMjQ2WhcNMTgwOTI1MTkxMjQ2WjCBlzELMAkGA1UEBhMCVVMxEzARBgNV +IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTgw +NDEzMTUyMzEwWhcNMjEwMTA3MTUyMzEwWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NMIHJvb3Qg Q0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3 @@ -176,11 +176,11 @@ A1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUx EDAOBgNVBAoMB3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQD DA93b2xmU1NMIHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j b22CAWMwCwYDVR0PBAQDAgEGMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYW -aHR0cDovLzEyNy4wLjAuMToyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAmaN9che3 -wM2Yu1X68uqfF4FujgIlxk1CzTJkE/S/QgymTjlFUpJA7RZ4F6JFXtkZrB3UVmjI -Vd5lrrpysMBXUl5bCNndcsoYbhZhMpqLwH0+Wie8LYGqNtREJlIH8kE70Q8uZC6n -+A/DDtOdc7kkEujKKNtPSMJDu7eoFL6NOi/TOhrrXxVh4+gDZYjVA34lejWNRRc/ -DRD9jicxZe7enVxof2iVvIVa+ioQN4LKEYSbkB4j1iumxa+J7zE3VgqRng9bPmzB -fSnNuzg/Dsv7BQTmT1xqxbakDwtqJb/p7YIZu2uaLn1AWAtFDv/Cczmcwu/0fNCe -rskF4eNev91lbQ== +aHR0cDovLzEyNy4wLjAuMToyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAaxCx+Mt3 +73L1+PxwbRjcNP7Xldj9hY7KS/O+H+sUCNwjNHiYOdefw1L2FD3p3lzC2LFLqExb +kUJm2n886QMgXggPdnm5IRCJt3NGRH5uKAwA5PQ+Zar1xidXLLsdruWUV6NznmtE +ADVK88c0nKKnqmKfHe+obL4Hre+u7pMLusNZTpBALQBe8A8K3hgqs5cxY4T/GBy2 +2H3uM+2Z8PV/iFizDZDb60R+Bjdh1DS59v0+jQfktbCuCc6Y5LAb1XtTlN2KsiDW +sHL4sbx23xaGOXvkqRVHV67KQdY6uhXRwLU4ZgsPgIuiB7T8gB+jTB/SZZfBLK5G +MWFJDddfrNKmBQ== -----END CERTIFICATE----- diff --git a/certs/ocsp/intermediate2-ca-cert.pem b/certs/ocsp/intermediate2-ca-cert.pem index cacb413d2..7305fe0e1 100644 --- a/certs/ocsp/intermediate2-ca-cert.pem +++ b/certs/ocsp/intermediate2-ca-cert.pem @@ -5,8 +5,8 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com Validity - Not Before: Dec 30 19:12:46 2015 GMT - Not After : Sep 25 19:12:46 2018 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL intermediate CA 2/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -47,27 +47,27 @@ Certificate: OCSP - URI:http://127.0.0.1:22220 Signature Algorithm: sha256WithRSAEncryption - 1d:d6:14:6c:f5:cc:f9:c9:0d:c4:27:c1:50:49:ab:d7:39:6e: - 86:31:cf:67:99:c0:5d:37:d0:14:ee:d8:e3:da:17:a5:82:c2: - 25:86:33:28:0d:f6:ca:6b:7a:c7:72:f1:d8:b9:20:27:ee:0c: - 7d:77:e5:8b:03:46:9a:f8:99:6a:8e:57:1a:c9:a2:b1:79:d6: - b6:b6:e5:1a:39:80:2e:88:2b:17:c8:b9:36:37:38:58:8a:f0: - 62:68:97:25:b5:7a:62:5c:4d:22:2c:30:62:0c:11:f0:4d:70: - 95:c7:2d:9e:ab:c5:ef:2e:a4:29:25:8b:e2:e4:d2:9d:2c:5e: - 60:79:36:98:13:a8:38:6c:00:0d:6a:f0:11:3c:3f:d8:f9:6b: - 16:d1:61:f9:db:53:56:02:43:56:a8:01:3b:88:77:91:a5:6e: - a0:ab:2c:6c:e6:ec:cf:ff:5a:07:94:ea:49:92:d4:87:98:f8: - 89:f0:f7:4f:77:b0:df:c9:89:03:76:d9:31:30:86:f7:e9:8a: - 74:fa:f2:b2:f3:4d:f7:43:41:48:9c:1f:db:ea:23:e3:1e:4c: - 15:76:92:e0:f8:ce:71:35:fd:25:f0:97:cd:99:5d:2c:af:33: - 64:5e:bd:be:35:e3:53:78:6c:10:c8:0e:cc:83:e5:d9:2e:7a: - d9:6d:52:95 + 92:6e:c1:af:88:af:46:f2:6e:8a:8c:27:06:8e:b4:38:35:9b: + 47:92:24:20:e5:a5:13:d8:35:d3:2e:37:ca:74:47:e5:16:a3: + 03:63:16:b4:28:2b:d9:04:ab:ee:e4:0a:e5:87:da:d4:00:3a: + 53:c6:c9:25:6a:8f:49:d2:2e:34:f2:40:65:6e:02:fc:b9:42: + 3f:ef:cb:8c:79:84:03:84:dc:a0:68:1e:c7:c7:36:8c:60:14: + 55:f2:5f:f9:c1:3f:2b:f6:a2:1e:34:1f:83:ba:73:bc:b7:62: + bc:97:66:84:09:b9:2d:76:71:c8:91:fd:e2:e1:39:cf:dd:ec: + 98:a8:49:69:89:a8:18:2a:42:e7:fc:ab:2c:cf:13:ab:63:fe: + b0:19:ea:1a:38:22:16:11:31:34:43:fc:50:c6:ec:19:97:03: + db:e8:07:28:48:88:3a:e5:35:a2:fd:83:12:df:55:70:72:61: + 0d:f8:66:18:52:58:c9:46:97:86:31:9e:a2:43:0c:b9:0f:d3: + eb:35:c9:e5:19:4e:b4:8b:d2:ac:ea:bf:83:2a:48:9d:20:a0: + 08:45:60:92:8a:27:06:93:77:74:bb:0e:22:8e:54:17:f2:d4: + e7:7f:f3:90:4d:cc:75:e7:16:c5:9c:4a:cf:dc:f2:19:18:12: + f5:72:8e:2e -----BEGIN CERTIFICATE----- MIIE8DCCA9igAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM -IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx -MjMwMTkxMjQ2WhcNMTgwOTI1MTkxMjQ2WjCBoTELMAkGA1UEBhMCVVMxEzARBgNV +IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTgw +NDEzMTUyMzEwWhcNMjEwMTA3MTUyMzEwWjCBoTELMAkGA1UEBhMCVVMxEzARBgNV BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSIwIAYDVQQDDBl3b2xmU1NMIGludGVy bWVkaWF0ZSBDQSAyMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIB @@ -84,12 +84,12 @@ DAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdpbmVlcmlu ZzEYMBYGA1UEAwwPd29sZlNTTCByb290IENBMR8wHQYJKoZIhvcNAQkBFhBpbmZv QHdvbGZzc2wuY29tggFjMAsGA1UdDwQEAwIBBjAyBggrBgEFBQcBAQQmMCQwIgYI KwYBBQUHMAGGFmh0dHA6Ly8xMjcuMC4wLjE6MjIyMjAwDQYJKoZIhvcNAQELBQAD -ggEBAB3WFGz1zPnJDcQnwVBJq9c5boYxz2eZwF030BTu2OPaF6WCwiWGMygN9spr -esdy8di5ICfuDH135YsDRpr4mWqOVxrJorF51ra25Ro5gC6IKxfIuTY3OFiK8GJo -lyW1emJcTSIsMGIMEfBNcJXHLZ6rxe8upCkli+Lk0p0sXmB5NpgTqDhsAA1q8BE8 -P9j5axbRYfnbU1YCQ1aoATuId5GlbqCrLGzm7M//WgeU6kmS1IeY+Inw9093sN/J -iQN22TEwhvfpinT68rLzTfdDQUicH9vqI+MeTBV2kuD4znE1/SXwl82ZXSyvM2Re -vb4141N4bBDIDsyD5dkuetltUpU= +ggEBAJJuwa+Ir0byboqMJwaOtDg1m0eSJCDlpRPYNdMuN8p0R+UWowNjFrQoK9kE +q+7kCuWH2tQAOlPGySVqj0nSLjTyQGVuAvy5Qj/vy4x5hAOE3KBoHsfHNoxgFFXy +X/nBPyv2oh40H4O6c7y3YryXZoQJuS12cciR/eLhOc/d7JioSWmJqBgqQuf8qyzP +E6tj/rAZ6ho4IhYRMTRD/FDG7BmXA9voByhIiDrlNaL9gxLfVXByYQ34ZhhSWMlG +l4YxnqJDDLkP0+s1yeUZTrSL0qzqv4MqSJ0goAhFYJKKJwaTd3S7DiKOVBfy1Od/ +85BNzHXnFsWcSs/c8hkYEvVyji4= -----END CERTIFICATE----- Certificate: Data: @@ -98,8 +98,8 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com Validity - Not Before: Dec 30 19:12:46 2015 GMT - Not After : Sep 25 19:12:46 2018 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -140,27 +140,27 @@ Certificate: OCSP - URI:http://127.0.0.1:22220 Signature Algorithm: sha256WithRSAEncryption - 99:a3:7d:72:17:b7:c0:cd:98:bb:55:fa:f2:ea:9f:17:81:6e: - 8e:02:25:c6:4d:42:cd:32:64:13:f4:bf:42:0c:a6:4e:39:45: - 52:92:40:ed:16:78:17:a2:45:5e:d9:19:ac:1d:d4:56:68:c8: - 55:de:65:ae:ba:72:b0:c0:57:52:5e:5b:08:d9:dd:72:ca:18: - 6e:16:61:32:9a:8b:c0:7d:3e:5a:27:bc:2d:81:aa:36:d4:44: - 26:52:07:f2:41:3b:d1:0f:2e:64:2e:a7:f8:0f:c3:0e:d3:9d: - 73:b9:24:12:e8:ca:28:db:4f:48:c2:43:bb:b7:a8:14:be:8d: - 3a:2f:d3:3a:1a:eb:5f:15:61:e3:e8:03:65:88:d5:03:7e:25: - 7a:35:8d:45:17:3f:0d:10:fd:8e:27:31:65:ee:de:9d:5c:68: - 7f:68:95:bc:85:5a:fa:2a:10:37:82:ca:11:84:9b:90:1e:23: - d6:2b:a6:c5:af:89:ef:31:37:56:0a:91:9e:0f:5b:3e:6c:c1: - 7d:29:cd:bb:38:3f:0e:cb:fb:05:04:e6:4f:5c:6a:c5:b6:a4: - 0f:0b:6a:25:bf:e9:ed:82:19:bb:6b:9a:2e:7d:40:58:0b:45: - 0e:ff:c2:73:39:9c:c2:ef:f4:7c:d0:9e:ae:c9:05:e1:e3:5e: - bf:dd:65:6d + 6b:10:b1:f8:cb:77:ef:72:f5:f8:fc:70:6d:18:dc:34:fe:d7: + 95:d8:fd:85:8e:ca:4b:f3:be:1f:eb:14:08:dc:23:34:78:98: + 39:d7:9f:c3:52:f6:14:3d:e9:de:5c:c2:d8:b1:4b:a8:4c:5b: + 91:42:66:da:7f:3c:e9:03:20:5e:08:0f:76:79:b9:21:10:89: + b7:73:46:44:7e:6e:28:0c:00:e4:f4:3e:65:aa:f5:c6:27:57: + 2c:bb:1d:ae:e5:94:57:a3:73:9e:6b:44:00:35:4a:f3:c7:34: + 9c:a2:a7:aa:62:9f:1d:ef:a8:6c:be:07:ad:ef:ae:ee:93:0b: + ba:c3:59:4e:90:40:2d:00:5e:f0:0f:0a:de:18:2a:b3:97:31: + 63:84:ff:18:1c:b6:d8:7d:ee:33:ed:99:f0:f5:7f:88:58:b3: + 0d:90:db:eb:44:7e:06:37:61:d4:34:b9:f6:fd:3e:8d:07:e4: + b5:b0:ae:09:ce:98:e4:b0:1b:d5:7b:53:94:dd:8a:b2:20:d6: + b0:72:f8:b1:bc:76:df:16:86:39:7b:e4:a9:15:47:57:ae:ca: + 41:d6:3a:ba:15:d1:c0:b5:38:66:0b:0f:80:8b:a2:07:b4:fc: + 80:1f:a3:4c:1f:d2:65:97:c1:2c:ae:46:31:61:49:0d:d7:5f: + ac:d2:a6:05 -----BEGIN CERTIFICATE----- MIIE5jCCA86gAwIBAgIBYzANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM -IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx -MjMwMTkxMjQ2WhcNMTgwOTI1MTkxMjQ2WjCBlzELMAkGA1UEBhMCVVMxEzARBgNV +IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTgw +NDEzMTUyMzEwWhcNMjEwMTA3MTUyMzEwWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NMIHJvb3Qg Q0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3 @@ -176,11 +176,11 @@ A1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUx EDAOBgNVBAoMB3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQD DA93b2xmU1NMIHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j b22CAWMwCwYDVR0PBAQDAgEGMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYW -aHR0cDovLzEyNy4wLjAuMToyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAmaN9che3 -wM2Yu1X68uqfF4FujgIlxk1CzTJkE/S/QgymTjlFUpJA7RZ4F6JFXtkZrB3UVmjI -Vd5lrrpysMBXUl5bCNndcsoYbhZhMpqLwH0+Wie8LYGqNtREJlIH8kE70Q8uZC6n -+A/DDtOdc7kkEujKKNtPSMJDu7eoFL6NOi/TOhrrXxVh4+gDZYjVA34lejWNRRc/ -DRD9jicxZe7enVxof2iVvIVa+ioQN4LKEYSbkB4j1iumxa+J7zE3VgqRng9bPmzB -fSnNuzg/Dsv7BQTmT1xqxbakDwtqJb/p7YIZu2uaLn1AWAtFDv/Cczmcwu/0fNCe -rskF4eNev91lbQ== +aHR0cDovLzEyNy4wLjAuMToyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAaxCx+Mt3 +73L1+PxwbRjcNP7Xldj9hY7KS/O+H+sUCNwjNHiYOdefw1L2FD3p3lzC2LFLqExb +kUJm2n886QMgXggPdnm5IRCJt3NGRH5uKAwA5PQ+Zar1xidXLLsdruWUV6NznmtE +ADVK88c0nKKnqmKfHe+obL4Hre+u7pMLusNZTpBALQBe8A8K3hgqs5cxY4T/GBy2 +2H3uM+2Z8PV/iFizDZDb60R+Bjdh1DS59v0+jQfktbCuCc6Y5LAb1XtTlN2KsiDW +sHL4sbx23xaGOXvkqRVHV67KQdY6uhXRwLU4ZgsPgIuiB7T8gB+jTB/SZZfBLK5G +MWFJDddfrNKmBQ== -----END CERTIFICATE----- diff --git a/certs/ocsp/intermediate3-ca-cert.pem b/certs/ocsp/intermediate3-ca-cert.pem index d3fc21682..365426bb5 100644 --- a/certs/ocsp/intermediate3-ca-cert.pem +++ b/certs/ocsp/intermediate3-ca-cert.pem @@ -5,8 +5,8 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com Validity - Not Before: Dec 30 19:12:46 2015 GMT - Not After : Sep 25 19:12:46 2018 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL REVOKED intermediate CA/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -47,27 +47,27 @@ Certificate: OCSP - URI:http://127.0.0.1:22220 Signature Algorithm: sha256WithRSAEncryption - 9a:47:17:70:ff:92:e7:b5:51:a0:d2:5d:f3:e3:dd:90:ec:c9: - 8f:ad:61:74:30:ba:d9:60:ba:5b:cf:da:03:4f:c8:50:5a:f4: - 5e:e0:e3:a0:ce:de:43:6c:56:e0:bc:35:e9:0d:bb:53:0e:22: - 7f:21:42:6c:2a:0f:67:b2:8a:1a:f5:e8:1f:a9:a1:90:11:d0: - ec:18:90:ba:ee:cf:d4:18:28:1b:9c:96:8e:d6:48:bd:6f:66: - 79:df:04:0d:04:d3:13:69:b8:24:15:7c:3b:bc:b9:fc:1d:dd: - cc:45:a5:c1:04:c9:d3:68:a7:de:cd:1e:aa:cc:bd:3d:f4:12: - eb:3d:01:44:11:fd:1d:bd:a0:7a:4c:24:f2:39:78:17:c1:1f: - 8c:b8:ab:01:f3:98:88:ff:bd:2c:1b:43:bb:fe:37:94:65:b4: - 3c:e6:11:8c:5d:36:de:ab:84:a5:6d:30:23:dc:ad:b1:74:24: - 2a:bb:49:f0:37:ef:db:9a:eb:4e:fc:f9:a2:47:06:3a:09:9d: - 4f:c3:c6:dc:18:90:47:42:f4:bc:8d:75:be:7c:c8:d5:47:a6: - bb:c2:1e:55:16:8f:a4:62:cc:1f:7c:cf:5a:b5:41:6d:98:f4: - 15:b9:fc:5a:3e:47:75:a0:f7:b0:df:33:54:a9:7c:f0:da:3c: - 65:c2:e6:1a + 63:bf:90:58:0c:44:08:57:7d:94:7e:eb:fd:9d:90:f6:1d:a5: + 91:2a:32:38:a7:f7:39:c2:c0:9c:93:26:bc:f4:4b:81:0a:0f: + 07:2d:4f:a9:20:9a:3e:2c:24:0c:30:10:d7:be:96:ab:ee:1f: + 2c:f8:71:7c:1a:c1:ae:b7:64:e1:7e:18:53:c3:ae:d5:04:16: + f7:e5:34:c2:d1:a3:31:d4:9b:f4:b7:c1:96:1f:a7:3c:3a:bf: + fd:06:be:76:f4:da:95:f9:6f:be:4f:24:a7:0f:b0:2c:12:4d: + d6:55:ea:f8:0a:30:91:32:4f:a3:14:6d:ec:cd:85:12:1f:da: + 78:8a:b1:9a:74:fb:fd:00:45:4a:30:83:45:16:a0:8f:b7:7f: + 23:33:91:c6:81:ac:f3:9b:cd:53:6b:9a:fa:36:9b:5d:3c:72: + a8:73:4f:1e:b5:da:ba:08:3d:9b:ca:7a:d6:c2:bf:6e:9f:a5: + 9e:db:61:bc:a5:42:a7:d4:92:4a:7e:a3:3d:1b:aa:d3:c2:93: + ad:ce:3b:0e:2b:61:44:1e:3c:61:54:0d:6a:26:21:54:c6:e0: + ed:3d:da:27:cd:89:5a:f8:1f:0f:46:80:c1:f2:80:cc:52:f1: + 7f:ce:10:68:66:3f:ee:90:25:45:d4:f8:87:f9:5d:5d:74:3d: + aa:3d:43:1c -----BEGIN CERTIFICATE----- MIIE9jCCA96gAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM -IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx -MjMwMTkxMjQ2WhcNMTgwOTI1MTkxMjQ2WjCBpzELMAkGA1UEBhMCVVMxEzARBgNV +IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTgw +NDEzMTUyMzEwWhcNMjEwMTA3MTUyMzEwWjCBpzELMAkGA1UEBhMCVVMxEzARBgNV BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSgwJgYDVQQDDB93b2xmU1NMIFJFVk9L RUQgaW50ZXJtZWRpYXRlIENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu @@ -84,12 +84,12 @@ DgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdp bmVlcmluZzEYMBYGA1UEAwwPd29sZlNTTCByb290IENBMR8wHQYJKoZIhvcNAQkB FhBpbmZvQHdvbGZzc2wuY29tggFjMAsGA1UdDwQEAwIBBjAyBggrBgEFBQcBAQQm MCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly8xMjcuMC4wLjE6MjIyMjAwDQYJKoZIhvcN -AQELBQADggEBAJpHF3D/kue1UaDSXfPj3ZDsyY+tYXQwutlgulvP2gNPyFBa9F7g -46DO3kNsVuC8NekNu1MOIn8hQmwqD2eyihr16B+poZAR0OwYkLruz9QYKBuclo7W -SL1vZnnfBA0E0xNpuCQVfDu8ufwd3cxFpcEEydNop97NHqrMvT30Eus9AUQR/R29 -oHpMJPI5eBfBH4y4qwHzmIj/vSwbQ7v+N5RltDzmEYxdNt6rhKVtMCPcrbF0JCq7 -SfA379ua6078+aJHBjoJnU/DxtwYkEdC9LyNdb58yNVHprvCHlUWj6RizB98z1q1 -QW2Y9BW5/Fo+R3Wg97DfM1SpfPDaPGXC5ho= +AQELBQADggEBAGO/kFgMRAhXfZR+6/2dkPYdpZEqMjin9znCwJyTJrz0S4EKDwct +T6kgmj4sJAwwENe+lqvuHyz4cXwawa63ZOF+GFPDrtUEFvflNMLRozHUm/S3wZYf +pzw6v/0Gvnb02pX5b75PJKcPsCwSTdZV6vgKMJEyT6MUbezNhRIf2niKsZp0+/0A +RUowg0UWoI+3fyMzkcaBrPObzVNrmvo2m108cqhzTx612roIPZvKetbCv26fpZ7b +YbylQqfUkkp+oz0bqtPCk63OOw4rYUQePGFUDWomIVTG4O092ifNiVr4Hw9GgMHy +gMxS8X/OEGhmP+6QJUXU+If5XV10Pao9Qxw= -----END CERTIFICATE----- Certificate: Data: @@ -98,8 +98,8 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com Validity - Not Before: Dec 30 19:12:46 2015 GMT - Not After : Sep 25 19:12:46 2018 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -140,27 +140,27 @@ Certificate: OCSP - URI:http://127.0.0.1:22220 Signature Algorithm: sha256WithRSAEncryption - 99:a3:7d:72:17:b7:c0:cd:98:bb:55:fa:f2:ea:9f:17:81:6e: - 8e:02:25:c6:4d:42:cd:32:64:13:f4:bf:42:0c:a6:4e:39:45: - 52:92:40:ed:16:78:17:a2:45:5e:d9:19:ac:1d:d4:56:68:c8: - 55:de:65:ae:ba:72:b0:c0:57:52:5e:5b:08:d9:dd:72:ca:18: - 6e:16:61:32:9a:8b:c0:7d:3e:5a:27:bc:2d:81:aa:36:d4:44: - 26:52:07:f2:41:3b:d1:0f:2e:64:2e:a7:f8:0f:c3:0e:d3:9d: - 73:b9:24:12:e8:ca:28:db:4f:48:c2:43:bb:b7:a8:14:be:8d: - 3a:2f:d3:3a:1a:eb:5f:15:61:e3:e8:03:65:88:d5:03:7e:25: - 7a:35:8d:45:17:3f:0d:10:fd:8e:27:31:65:ee:de:9d:5c:68: - 7f:68:95:bc:85:5a:fa:2a:10:37:82:ca:11:84:9b:90:1e:23: - d6:2b:a6:c5:af:89:ef:31:37:56:0a:91:9e:0f:5b:3e:6c:c1: - 7d:29:cd:bb:38:3f:0e:cb:fb:05:04:e6:4f:5c:6a:c5:b6:a4: - 0f:0b:6a:25:bf:e9:ed:82:19:bb:6b:9a:2e:7d:40:58:0b:45: - 0e:ff:c2:73:39:9c:c2:ef:f4:7c:d0:9e:ae:c9:05:e1:e3:5e: - bf:dd:65:6d + 6b:10:b1:f8:cb:77:ef:72:f5:f8:fc:70:6d:18:dc:34:fe:d7: + 95:d8:fd:85:8e:ca:4b:f3:be:1f:eb:14:08:dc:23:34:78:98: + 39:d7:9f:c3:52:f6:14:3d:e9:de:5c:c2:d8:b1:4b:a8:4c:5b: + 91:42:66:da:7f:3c:e9:03:20:5e:08:0f:76:79:b9:21:10:89: + b7:73:46:44:7e:6e:28:0c:00:e4:f4:3e:65:aa:f5:c6:27:57: + 2c:bb:1d:ae:e5:94:57:a3:73:9e:6b:44:00:35:4a:f3:c7:34: + 9c:a2:a7:aa:62:9f:1d:ef:a8:6c:be:07:ad:ef:ae:ee:93:0b: + ba:c3:59:4e:90:40:2d:00:5e:f0:0f:0a:de:18:2a:b3:97:31: + 63:84:ff:18:1c:b6:d8:7d:ee:33:ed:99:f0:f5:7f:88:58:b3: + 0d:90:db:eb:44:7e:06:37:61:d4:34:b9:f6:fd:3e:8d:07:e4: + b5:b0:ae:09:ce:98:e4:b0:1b:d5:7b:53:94:dd:8a:b2:20:d6: + b0:72:f8:b1:bc:76:df:16:86:39:7b:e4:a9:15:47:57:ae:ca: + 41:d6:3a:ba:15:d1:c0:b5:38:66:0b:0f:80:8b:a2:07:b4:fc: + 80:1f:a3:4c:1f:d2:65:97:c1:2c:ae:46:31:61:49:0d:d7:5f: + ac:d2:a6:05 -----BEGIN CERTIFICATE----- MIIE5jCCA86gAwIBAgIBYzANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM -IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx -MjMwMTkxMjQ2WhcNMTgwOTI1MTkxMjQ2WjCBlzELMAkGA1UEBhMCVVMxEzARBgNV +IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTgw +NDEzMTUyMzEwWhcNMjEwMTA3MTUyMzEwWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NMIHJvb3Qg Q0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3 @@ -176,11 +176,11 @@ A1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUx EDAOBgNVBAoMB3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQD DA93b2xmU1NMIHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j b22CAWMwCwYDVR0PBAQDAgEGMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYW -aHR0cDovLzEyNy4wLjAuMToyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAmaN9che3 -wM2Yu1X68uqfF4FujgIlxk1CzTJkE/S/QgymTjlFUpJA7RZ4F6JFXtkZrB3UVmjI -Vd5lrrpysMBXUl5bCNndcsoYbhZhMpqLwH0+Wie8LYGqNtREJlIH8kE70Q8uZC6n -+A/DDtOdc7kkEujKKNtPSMJDu7eoFL6NOi/TOhrrXxVh4+gDZYjVA34lejWNRRc/ -DRD9jicxZe7enVxof2iVvIVa+ioQN4LKEYSbkB4j1iumxa+J7zE3VgqRng9bPmzB -fSnNuzg/Dsv7BQTmT1xqxbakDwtqJb/p7YIZu2uaLn1AWAtFDv/Cczmcwu/0fNCe -rskF4eNev91lbQ== +aHR0cDovLzEyNy4wLjAuMToyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAaxCx+Mt3 +73L1+PxwbRjcNP7Xldj9hY7KS/O+H+sUCNwjNHiYOdefw1L2FD3p3lzC2LFLqExb +kUJm2n886QMgXggPdnm5IRCJt3NGRH5uKAwA5PQ+Zar1xidXLLsdruWUV6NznmtE +ADVK88c0nKKnqmKfHe+obL4Hre+u7pMLusNZTpBALQBe8A8K3hgqs5cxY4T/GBy2 +2H3uM+2Z8PV/iFizDZDb60R+Bjdh1DS59v0+jQfktbCuCc6Y5LAb1XtTlN2KsiDW +sHL4sbx23xaGOXvkqRVHV67KQdY6uhXRwLU4ZgsPgIuiB7T8gB+jTB/SZZfBLK5G +MWFJDddfrNKmBQ== -----END CERTIFICATE----- diff --git a/certs/ocsp/ocsp-responder-cert.pem b/certs/ocsp/ocsp-responder-cert.pem index 9e76a90f8..447bc0f77 100644 --- a/certs/ocsp/ocsp-responder-cert.pem +++ b/certs/ocsp/ocsp-responder-cert.pem @@ -5,8 +5,8 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com Validity - Not Before: Dec 30 19:12:46 2015 GMT - Not After : Sep 25 19:12:46 2018 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL OCSP Responder/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -44,27 +44,27 @@ Certificate: X509v3 Extended Key Usage: OCSP Signing Signature Algorithm: sha256WithRSAEncryption - 0a:4e:f7:89:58:26:5f:35:b7:ee:45:2f:2a:a6:ac:37:93:c8: - a8:97:74:6e:64:60:c0:6e:0e:1d:3c:f2:f5:b4:6e:c7:40:c2: - a5:3a:e1:f5:de:7e:73:df:f8:e6:a6:58:2b:bf:4b:8e:0c:fa: - 6f:08:b6:27:da:ad:21:d1:a5:c1:97:1e:fb:5b:06:c7:d5:dc: - 8d:1a:e3:cc:b2:c0:e6:54:f5:dc:b7:58:1a:eb:84:6e:14:c3: - 9a:57:f1:16:c6:ea:f0:e5:5f:e7:cb:f8:d0:86:73:c8:87:83: - d5:91:9d:6d:16:01:f7:8d:84:5e:f4:8d:17:f5:30:a8:94:36: - 4c:2e:33:03:ca:06:17:f0:51:5f:db:ea:65:3f:1f:bb:f6:50: - 26:ac:36:78:3a:8d:03:ab:7d:f9:32:d6:38:7e:6b:3c:93:49: - df:18:d2:5b:25:b6:70:f7:83:a8:b1:18:b8:85:53:c7:b6:be: - fe:30:b8:78:8a:e3:ec:6b:48:ce:41:f5:56:da:52:2a:9f:c9: - 40:62:d3:44:f7:2d:aa:94:94:fa:3e:0f:59:3a:2f:06:92:4f: - d5:3f:2c:3c:0e:79:b7:7c:9f:34:ca:9c:b5:ce:6b:b1:8e:40: - 3a:6f:76:3d:de:18:c9:a5:1a:bb:68:19:2b:7a:58:22:67:8b: - 8d:48:b1:f7 + 9b:56:c5:5f:b9:b2:00:30:ca:05:2a:e8:c6:96:ba:aa:23:40: + 40:89:6d:a2:7a:93:f2:c9:8a:6f:0e:5d:5f:6f:ce:5e:4b:38: + a9:d2:ab:97:78:e3:73:3d:3d:27:e9:00:ce:16:d9:c5:c5:06: + a8:eb:c6:e5:76:4c:f7:60:1a:69:ae:35:d6:f8:0f:da:9c:83: + c6:fb:74:a6:12:e5:c7:64:ae:e7:2c:b6:d3:62:1f:f3:20:11: + 2e:09:9b:14:f0:a3:17:d0:2c:be:4a:39:3a:55:58:2f:90:37: + 04:c5:54:27:9d:0e:51:97:da:21:df:05:ec:ca:79:a8:ca:02: + ca:cf:b7:05:ef:04:fa:f9:81:20:10:c1:7d:4a:a7:93:13:28: + 1e:98:a7:3e:4c:01:13:c3:6b:14:e1:87:37:5f:3a:d3:7d:b6: + d4:d9:0d:56:93:7f:1d:e9:c2:35:c7:11:7f:42:d0:d5:3d:5f: + f6:fc:23:24:e3:45:7f:4f:9e:18:df:7b:41:80:fa:bb:bd:16: + e1:eb:c5:78:52:88:cd:82:c7:92:3a:ce:cb:c6:07:05:ec:70: + 0e:e8:db:44:8f:3b:f3:41:de:b2:19:b0:f6:e0:5a:06:48:d9: + b9:e2:2b:0f:ec:ec:1f:fb:83:4d:80:d4:6e:34:ed:78:a1:be: + a2:cb:07:ab -----BEGIN CERTIFICATE----- MIIEvjCCA6agAwIBAgIBBDANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM -IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx -MjMwMTkxMjQ2WhcNMTgwOTI1MTkxMjQ2WjCBnjELMAkGA1UEBhMCVVMxEzARBgNV +IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTgw +NDEzMTUyMzEwWhcNMjEwMTA3MTUyMzEwWjCBnjELMAkGA1UEBhMCVVMxEzARBgNV BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMR8wHQYDVQQDDBZ3b2xmU1NMIE9DU1Ag UmVzcG9uZGVyMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIBIjAN @@ -80,12 +80,12 @@ CzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0 dGxlMRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEYMBYG A1UEAwwPd29sZlNTTCByb290IENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZz c2wuY29tggFjMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA0GCSqGSIb3DQEBCwUAA4IB -AQAKTveJWCZfNbfuRS8qpqw3k8iol3RuZGDAbg4dPPL1tG7HQMKlOuH13n5z3/jm -plgrv0uODPpvCLYn2q0h0aXBlx77WwbH1dyNGuPMssDmVPXct1ga64RuFMOaV/EW -xurw5V/ny/jQhnPIh4PVkZ1tFgH3jYRe9I0X9TColDZMLjMDygYX8FFf2+plPx+7 -9lAmrDZ4Oo0Dq335MtY4fms8k0nfGNJbJbZw94OosRi4hVPHtr7+MLh4iuPsa0jO -QfVW2lIqn8lAYtNE9y2qlJT6Pg9ZOi8Gkk/VPyw8Dnm3fJ80ypy1zmuxjkA6b3Y9 -3hjJpRq7aBkrelgiZ4uNSLH3 +AQCbVsVfubIAMMoFKujGlrqqI0BAiW2iepPyyYpvDl1fb85eSzip0quXeONzPT0n +6QDOFtnFxQao68bldkz3YBpprjXW+A/anIPG+3SmEuXHZK7nLLbTYh/zIBEuCZsU +8KMX0Cy+Sjk6VVgvkDcExVQnnQ5Rl9oh3wXsynmoygLKz7cF7wT6+YEgEMF9SqeT +EygemKc+TAETw2sU4Yc3XzrTfbbU2Q1Wk38d6cI1xxF/QtDVPV/2/CMk40V/T54Y +33tBgPq7vRbh68V4UojNgseSOs7LxgcF7HAO6NtEjzvzQd6yGbD24FoGSNm54isP +7Owf+4NNgNRuNO14ob6iywer -----END CERTIFICATE----- Certificate: Data: @@ -94,8 +94,8 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com Validity - Not Before: Dec 30 19:12:46 2015 GMT - Not After : Sep 25 19:12:46 2018 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -136,27 +136,27 @@ Certificate: OCSP - URI:http://127.0.0.1:22220 Signature Algorithm: sha256WithRSAEncryption - 99:a3:7d:72:17:b7:c0:cd:98:bb:55:fa:f2:ea:9f:17:81:6e: - 8e:02:25:c6:4d:42:cd:32:64:13:f4:bf:42:0c:a6:4e:39:45: - 52:92:40:ed:16:78:17:a2:45:5e:d9:19:ac:1d:d4:56:68:c8: - 55:de:65:ae:ba:72:b0:c0:57:52:5e:5b:08:d9:dd:72:ca:18: - 6e:16:61:32:9a:8b:c0:7d:3e:5a:27:bc:2d:81:aa:36:d4:44: - 26:52:07:f2:41:3b:d1:0f:2e:64:2e:a7:f8:0f:c3:0e:d3:9d: - 73:b9:24:12:e8:ca:28:db:4f:48:c2:43:bb:b7:a8:14:be:8d: - 3a:2f:d3:3a:1a:eb:5f:15:61:e3:e8:03:65:88:d5:03:7e:25: - 7a:35:8d:45:17:3f:0d:10:fd:8e:27:31:65:ee:de:9d:5c:68: - 7f:68:95:bc:85:5a:fa:2a:10:37:82:ca:11:84:9b:90:1e:23: - d6:2b:a6:c5:af:89:ef:31:37:56:0a:91:9e:0f:5b:3e:6c:c1: - 7d:29:cd:bb:38:3f:0e:cb:fb:05:04:e6:4f:5c:6a:c5:b6:a4: - 0f:0b:6a:25:bf:e9:ed:82:19:bb:6b:9a:2e:7d:40:58:0b:45: - 0e:ff:c2:73:39:9c:c2:ef:f4:7c:d0:9e:ae:c9:05:e1:e3:5e: - bf:dd:65:6d + 6b:10:b1:f8:cb:77:ef:72:f5:f8:fc:70:6d:18:dc:34:fe:d7: + 95:d8:fd:85:8e:ca:4b:f3:be:1f:eb:14:08:dc:23:34:78:98: + 39:d7:9f:c3:52:f6:14:3d:e9:de:5c:c2:d8:b1:4b:a8:4c:5b: + 91:42:66:da:7f:3c:e9:03:20:5e:08:0f:76:79:b9:21:10:89: + b7:73:46:44:7e:6e:28:0c:00:e4:f4:3e:65:aa:f5:c6:27:57: + 2c:bb:1d:ae:e5:94:57:a3:73:9e:6b:44:00:35:4a:f3:c7:34: + 9c:a2:a7:aa:62:9f:1d:ef:a8:6c:be:07:ad:ef:ae:ee:93:0b: + ba:c3:59:4e:90:40:2d:00:5e:f0:0f:0a:de:18:2a:b3:97:31: + 63:84:ff:18:1c:b6:d8:7d:ee:33:ed:99:f0:f5:7f:88:58:b3: + 0d:90:db:eb:44:7e:06:37:61:d4:34:b9:f6:fd:3e:8d:07:e4: + b5:b0:ae:09:ce:98:e4:b0:1b:d5:7b:53:94:dd:8a:b2:20:d6: + b0:72:f8:b1:bc:76:df:16:86:39:7b:e4:a9:15:47:57:ae:ca: + 41:d6:3a:ba:15:d1:c0:b5:38:66:0b:0f:80:8b:a2:07:b4:fc: + 80:1f:a3:4c:1f:d2:65:97:c1:2c:ae:46:31:61:49:0d:d7:5f: + ac:d2:a6:05 -----BEGIN CERTIFICATE----- MIIE5jCCA86gAwIBAgIBYzANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM -IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx -MjMwMTkxMjQ2WhcNMTgwOTI1MTkxMjQ2WjCBlzELMAkGA1UEBhMCVVMxEzARBgNV +IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTgw +NDEzMTUyMzEwWhcNMjEwMTA3MTUyMzEwWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NMIHJvb3Qg Q0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3 @@ -172,11 +172,11 @@ A1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUx EDAOBgNVBAoMB3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQD DA93b2xmU1NMIHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j b22CAWMwCwYDVR0PBAQDAgEGMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYW -aHR0cDovLzEyNy4wLjAuMToyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAmaN9che3 -wM2Yu1X68uqfF4FujgIlxk1CzTJkE/S/QgymTjlFUpJA7RZ4F6JFXtkZrB3UVmjI -Vd5lrrpysMBXUl5bCNndcsoYbhZhMpqLwH0+Wie8LYGqNtREJlIH8kE70Q8uZC6n -+A/DDtOdc7kkEujKKNtPSMJDu7eoFL6NOi/TOhrrXxVh4+gDZYjVA34lejWNRRc/ -DRD9jicxZe7enVxof2iVvIVa+ioQN4LKEYSbkB4j1iumxa+J7zE3VgqRng9bPmzB -fSnNuzg/Dsv7BQTmT1xqxbakDwtqJb/p7YIZu2uaLn1AWAtFDv/Cczmcwu/0fNCe -rskF4eNev91lbQ== +aHR0cDovLzEyNy4wLjAuMToyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAaxCx+Mt3 +73L1+PxwbRjcNP7Xldj9hY7KS/O+H+sUCNwjNHiYOdefw1L2FD3p3lzC2LFLqExb +kUJm2n886QMgXggPdnm5IRCJt3NGRH5uKAwA5PQ+Zar1xidXLLsdruWUV6NznmtE +ADVK88c0nKKnqmKfHe+obL4Hre+u7pMLusNZTpBALQBe8A8K3hgqs5cxY4T/GBy2 +2H3uM+2Z8PV/iFizDZDb60R+Bjdh1DS59v0+jQfktbCuCc6Y5LAb1XtTlN2KsiDW +sHL4sbx23xaGOXvkqRVHV67KQdY6uhXRwLU4ZgsPgIuiB7T8gB+jTB/SZZfBLK5G +MWFJDddfrNKmBQ== -----END CERTIFICATE----- diff --git a/certs/ocsp/root-ca-cert.pem b/certs/ocsp/root-ca-cert.pem index b62a03c7a..a6fb14512 100644 --- a/certs/ocsp/root-ca-cert.pem +++ b/certs/ocsp/root-ca-cert.pem @@ -5,8 +5,8 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com Validity - Not Before: Dec 30 19:12:46 2015 GMT - Not After : Sep 25 19:12:46 2018 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -47,27 +47,27 @@ Certificate: OCSP - URI:http://127.0.0.1:22220 Signature Algorithm: sha256WithRSAEncryption - 99:a3:7d:72:17:b7:c0:cd:98:bb:55:fa:f2:ea:9f:17:81:6e: - 8e:02:25:c6:4d:42:cd:32:64:13:f4:bf:42:0c:a6:4e:39:45: - 52:92:40:ed:16:78:17:a2:45:5e:d9:19:ac:1d:d4:56:68:c8: - 55:de:65:ae:ba:72:b0:c0:57:52:5e:5b:08:d9:dd:72:ca:18: - 6e:16:61:32:9a:8b:c0:7d:3e:5a:27:bc:2d:81:aa:36:d4:44: - 26:52:07:f2:41:3b:d1:0f:2e:64:2e:a7:f8:0f:c3:0e:d3:9d: - 73:b9:24:12:e8:ca:28:db:4f:48:c2:43:bb:b7:a8:14:be:8d: - 3a:2f:d3:3a:1a:eb:5f:15:61:e3:e8:03:65:88:d5:03:7e:25: - 7a:35:8d:45:17:3f:0d:10:fd:8e:27:31:65:ee:de:9d:5c:68: - 7f:68:95:bc:85:5a:fa:2a:10:37:82:ca:11:84:9b:90:1e:23: - d6:2b:a6:c5:af:89:ef:31:37:56:0a:91:9e:0f:5b:3e:6c:c1: - 7d:29:cd:bb:38:3f:0e:cb:fb:05:04:e6:4f:5c:6a:c5:b6:a4: - 0f:0b:6a:25:bf:e9:ed:82:19:bb:6b:9a:2e:7d:40:58:0b:45: - 0e:ff:c2:73:39:9c:c2:ef:f4:7c:d0:9e:ae:c9:05:e1:e3:5e: - bf:dd:65:6d + 6b:10:b1:f8:cb:77:ef:72:f5:f8:fc:70:6d:18:dc:34:fe:d7: + 95:d8:fd:85:8e:ca:4b:f3:be:1f:eb:14:08:dc:23:34:78:98: + 39:d7:9f:c3:52:f6:14:3d:e9:de:5c:c2:d8:b1:4b:a8:4c:5b: + 91:42:66:da:7f:3c:e9:03:20:5e:08:0f:76:79:b9:21:10:89: + b7:73:46:44:7e:6e:28:0c:00:e4:f4:3e:65:aa:f5:c6:27:57: + 2c:bb:1d:ae:e5:94:57:a3:73:9e:6b:44:00:35:4a:f3:c7:34: + 9c:a2:a7:aa:62:9f:1d:ef:a8:6c:be:07:ad:ef:ae:ee:93:0b: + ba:c3:59:4e:90:40:2d:00:5e:f0:0f:0a:de:18:2a:b3:97:31: + 63:84:ff:18:1c:b6:d8:7d:ee:33:ed:99:f0:f5:7f:88:58:b3: + 0d:90:db:eb:44:7e:06:37:61:d4:34:b9:f6:fd:3e:8d:07:e4: + b5:b0:ae:09:ce:98:e4:b0:1b:d5:7b:53:94:dd:8a:b2:20:d6: + b0:72:f8:b1:bc:76:df:16:86:39:7b:e4:a9:15:47:57:ae:ca: + 41:d6:3a:ba:15:d1:c0:b5:38:66:0b:0f:80:8b:a2:07:b4:fc: + 80:1f:a3:4c:1f:d2:65:97:c1:2c:ae:46:31:61:49:0d:d7:5f: + ac:d2:a6:05 -----BEGIN CERTIFICATE----- MIIE5jCCA86gAwIBAgIBYzANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM -IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx -MjMwMTkxMjQ2WhcNMTgwOTI1MTkxMjQ2WjCBlzELMAkGA1UEBhMCVVMxEzARBgNV +IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTgw +NDEzMTUyMzEwWhcNMjEwMTA3MTUyMzEwWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NMIHJvb3Qg Q0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3 @@ -83,11 +83,11 @@ A1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUx EDAOBgNVBAoMB3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQD DA93b2xmU1NMIHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j b22CAWMwCwYDVR0PBAQDAgEGMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYW -aHR0cDovLzEyNy4wLjAuMToyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAmaN9che3 -wM2Yu1X68uqfF4FujgIlxk1CzTJkE/S/QgymTjlFUpJA7RZ4F6JFXtkZrB3UVmjI -Vd5lrrpysMBXUl5bCNndcsoYbhZhMpqLwH0+Wie8LYGqNtREJlIH8kE70Q8uZC6n -+A/DDtOdc7kkEujKKNtPSMJDu7eoFL6NOi/TOhrrXxVh4+gDZYjVA34lejWNRRc/ -DRD9jicxZe7enVxof2iVvIVa+ioQN4LKEYSbkB4j1iumxa+J7zE3VgqRng9bPmzB -fSnNuzg/Dsv7BQTmT1xqxbakDwtqJb/p7YIZu2uaLn1AWAtFDv/Cczmcwu/0fNCe -rskF4eNev91lbQ== +aHR0cDovLzEyNy4wLjAuMToyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAaxCx+Mt3 +73L1+PxwbRjcNP7Xldj9hY7KS/O+H+sUCNwjNHiYOdefw1L2FD3p3lzC2LFLqExb +kUJm2n886QMgXggPdnm5IRCJt3NGRH5uKAwA5PQ+Zar1xidXLLsdruWUV6NznmtE +ADVK88c0nKKnqmKfHe+obL4Hre+u7pMLusNZTpBALQBe8A8K3hgqs5cxY4T/GBy2 +2H3uM+2Z8PV/iFizDZDb60R+Bjdh1DS59v0+jQfktbCuCc6Y5LAb1XtTlN2KsiDW +sHL4sbx23xaGOXvkqRVHV67KQdY6uhXRwLU4ZgsPgIuiB7T8gB+jTB/SZZfBLK5G +MWFJDddfrNKmBQ== -----END CERTIFICATE----- diff --git a/certs/ocsp/server1-cert.pem b/certs/ocsp/server1-cert.pem index 1226f27aa..f41c534f5 100644 --- a/certs/ocsp/server1-cert.pem +++ b/certs/ocsp/server1-cert.pem @@ -5,8 +5,8 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL intermediate CA 1/emailAddress=info@wolfssl.com Validity - Not Before: Dec 30 19:12:46 2015 GMT - Not After : Sep 25 19:12:46 2018 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=www1.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -47,27 +47,27 @@ Certificate: OCSP - URI:http://127.0.0.1:22221 Signature Algorithm: sha256WithRSAEncryption - 05:65:8d:f5:fa:47:b1:4d:b9:9b:86:b0:18:9d:c8:94:64:7d: - 16:5e:69:69:bb:62:06:9d:8c:be:4f:83:22:f1:0a:7d:ae:f5: - ca:68:78:63:b2:bc:43:12:4f:d3:eb:ce:30:82:d6:be:81:c0: - 68:f4:3b:97:5f:3a:2c:88:62:36:0b:83:1d:ba:56:b1:06:65: - cd:4d:ac:1d:92:3f:73:77:10:5b:17:44:1f:66:cf:a8:f2:1f: - 18:29:c0:5f:20:b6:cb:15:d4:35:b1:b0:a6:41:a8:6e:f0:29: - 83:28:3b:4a:68:e5:b7:42:2f:b4:8a:96:ed:65:84:de:0b:72: - 6f:2b:91:10:56:7f:cd:89:5e:22:30:cc:5a:df:39:88:a9:ea: - af:1d:ba:9a:8a:3d:61:a6:c7:45:2d:ce:9f:76:f9:b2:45:9d: - 19:68:5d:e7:d6:3e:32:0e:65:83:79:63:81:0e:b5:44:51:47: - 9c:a7:6a:c1:5a:04:36:f3:b9:be:4d:76:80:55:2a:76:cd:61: - 15:c1:1a:5f:1f:62:b5:0f:ad:7f:48:66:81:eb:7a:04:b4:0a: - 92:a4:40:ff:bf:59:34:86:5c:1b:79:10:b4:d4:09:fa:45:3d: - 4f:bf:4c:30:b3:18:f2:b9:e9:8d:7c:5f:c0:67:ea:94:fb:ac: - 2e:90:ef:0d + 13:fc:55:34:0b:04:b3:16:06:81:b7:11:e8:ec:b4:37:3e:52: + 21:50:8a:48:3f:9b:3d:80:04:8e:d1:8e:b2:0f:84:f8:0a:8c: + 79:6e:65:e3:33:5f:29:9c:39:2b:3c:20:80:96:94:ee:87:2e: + 4a:05:7e:a7:30:8f:d8:ea:56:6d:ce:4b:e5:23:34:80:b1:cb: + 37:11:39:ad:60:3d:ce:87:d1:af:96:3c:53:03:5e:50:c9:70: + ab:d1:38:ba:ea:53:d8:17:03:59:42:f3:cf:8f:68:98:31:4b: + 6b:8f:e6:67:b6:42:d1:9d:24:b5:ab:d3:40:81:bd:6d:d4:d7: + 8a:0d:49:11:eb:b6:be:27:d2:bb:f2:6d:3c:7e:e4:f4:d4:f1: + 03:88:57:8b:25:ce:3e:6e:62:2c:01:9d:1f:c1:11:15:ab:37: + 5a:56:1f:75:aa:5a:70:ac:57:d1:8a:38:c1:e5:a1:b0:1f:33: + e3:84:7d:6b:f9:1a:f2:0a:9c:fa:ed:10:41:ad:56:57:9d:76: + d0:d8:3d:ac:fd:f5:13:3d:01:8e:a3:2c:8f:bd:ab:4d:a9:39: + 52:c9:76:a2:80:49:18:20:8b:4b:85:86:11:1e:19:d1:26:6c: + 92:72:2c:28:eb:38:67:ce:a0:d3:4f:7c:f7:a8:fe:1a:3f:17: + 83:2b:b6:9a -----BEGIN CERTIFICATE----- MIIE7jCCA9agAwIBAgIBBTANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSIwIAYDVQQDDBl3b2xmU1NM IGludGVybWVkaWF0ZSBDQSAxMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu -Y29tMB4XDTE1MTIzMDE5MTI0NloXDTE4MDkyNTE5MTI0NlowgZgxCzAJBgNVBAYT +Y29tMB4XDTE4MDQxMzE1MjMxMFoXDTIxMDEwNzE1MjMxMFowgZgxCzAJBgNVBAYT AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYD VQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEZMBcGA1UEAwwQd3d3 MS53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCC @@ -84,12 +84,12 @@ U2VhdHRsZTEQMA4GA1UECgwHd29sZlNTTDEUMBIGA1UECwwLRW5naW5lZXJpbmcx GDAWBgNVBAMMD3dvbGZTU0wgcm9vdCBDQTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3 b2xmc3NsLmNvbYIBATALBgNVHQ8EBAMCBeAwMgYIKwYBBQUHAQEEJjAkMCIGCCsG AQUFBzABhhZodHRwOi8vMTI3LjAuMC4xOjIyMjIxMA0GCSqGSIb3DQEBCwUAA4IB -AQAFZY31+kexTbmbhrAYnciUZH0WXmlpu2IGnYy+T4Mi8Qp9rvXKaHhjsrxDEk/T -684wgta+gcBo9DuXXzosiGI2C4MdulaxBmXNTawdkj9zdxBbF0QfZs+o8h8YKcBf -ILbLFdQ1sbCmQahu8CmDKDtKaOW3Qi+0ipbtZYTeC3JvK5EQVn/NiV4iMMxa3zmI -qeqvHbqaij1hpsdFLc6fdvmyRZ0ZaF3n1j4yDmWDeWOBDrVEUUecp2rBWgQ287m+ -TXaAVSp2zWEVwRpfH2K1D61/SGaB63oEtAqSpED/v1k0hlwbeRC01An6RT1Pv0ww -sxjyuemNfF/AZ+qU+6wukO8N +AQAT/FU0CwSzFgaBtxHo7LQ3PlIhUIpIP5s9gASO0Y6yD4T4Cox5bmXjM18pnDkr +PCCAlpTuhy5KBX6nMI/Y6lZtzkvlIzSAscs3ETmtYD3Oh9GvljxTA15QyXCr0Ti6 +6lPYFwNZQvPPj2iYMUtrj+ZntkLRnSS1q9NAgb1t1NeKDUkR67a+J9K78m08fuT0 +1PEDiFeLJc4+bmIsAZ0fwREVqzdaVh91qlpwrFfRijjB5aGwHzPjhH1r+RryCpz6 +7RBBrVZXnXbQ2D2s/fUTPQGOoyyPvatNqTlSyXaigEkYIItLhYYRHhnRJmySciwo +6zhnzqDTT3z3qP4aPxeDK7aa -----END CERTIFICATE----- Certificate: Data: @@ -98,8 +98,8 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com Validity - Not Before: Dec 30 19:12:46 2015 GMT - Not After : Sep 25 19:12:46 2018 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL intermediate CA 1/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -140,27 +140,27 @@ Certificate: OCSP - URI:http://127.0.0.1:22220 Signature Algorithm: sha256WithRSAEncryption - 0f:a2:19:93:09:2f:c8:c5:91:62:2b:1e:9c:69:93:ea:5f:f1: - 5e:b8:15:8e:0f:c9:82:08:3a:6b:60:3f:ad:1b:fa:47:94:a7: - 31:33:34:6c:cf:09:63:fd:8c:de:62:c4:2e:5f:71:19:2e:a8: - 96:63:37:16:e7:bf:37:67:2d:46:36:72:d0:e4:03:a7:89:a1: - e4:4c:2f:76:31:79:0d:84:ae:c8:61:cf:98:03:2f:12:fc:17: - 60:60:88:b0:96:a0:a8:59:f5:96:1d:3d:1e:e0:c0:26:fd:1b: - 3e:42:73:ad:1d:39:0f:ff:d9:f0:71:52:e3:9a:9b:7a:b4:a2: - af:50:e7:33:7f:66:40:65:bd:31:0c:c9:21:b0:d1:3f:df:b6: - 77:e5:05:ca:24:b9:72:c9:82:c6:9f:be:12:f6:5d:39:34:b7: - 20:df:e1:24:c3:b2:fe:98:b6:d3:6c:3e:43:62:6b:e2:6d:56: - 65:99:3e:aa:2e:a8:cb:82:2d:9b:11:da:8a:b6:63:20:12:c7: - a0:5b:5d:5b:09:29:47:50:ad:4e:1f:68:29:d2:d9:0e:5f:5c: - 83:e8:e6:fd:c7:e5:f9:14:0d:14:8e:6e:34:dd:4f:ec:01:75: - 54:2d:24:c8:c6:98:c3:7f:d8:1d:4f:c5:ae:e0:b2:8e:f5:a8: - bb:4b:1f:aa + 18:a3:09:fe:c3:53:c7:ce:11:f0:36:86:43:9c:46:9b:43:42: + a0:20:6e:b6:32:29:34:22:fa:27:a1:00:0c:e5:51:c3:35:7b: + 2f:ce:2c:48:7f:47:cf:1b:45:f9:30:b2:d0:17:15:a0:c3:a8: + 3a:e4:5f:a4:96:e4:25:ea:4e:80:90:2e:8d:f5:19:98:ae:2a: + 6d:39:f0:06:8f:e6:0b:c4:2b:dd:07:4a:ad:3d:34:11:79:3d: + 15:db:65:c6:33:60:6b:2f:2d:47:26:bb:91:53:28:35:5c:fd: + 57:3b:27:1b:a1:85:03:24:74:84:f4:f2:b2:e3:53:41:83:9c: + 6b:5a:0c:0f:3b:c4:5f:a7:4b:8b:04:f2:0d:f5:81:aa:16:33: + d2:f4:f5:8d:83:c1:10:2d:57:55:f8:d3:16:62:27:50:b2:57: + 20:1d:a3:07:0c:b8:8d:c5:5a:2f:d9:d3:c4:6a:c3:1e:51:10: + de:7e:60:cf:d0:78:2c:00:d4:da:df:de:de:ee:ed:1d:25:da: + 6c:9f:57:69:2a:f1:a2:6c:8a:fe:72:c0:57:9f:f8:6e:b7:47: + f1:4f:f6:4b:9c:a2:2a:d2:10:9c:4e:bc:b4:8a:a2:8e:51:5a: + c1:e7:9c:f1:7c:9c:f9:7d:d7:9c:8f:ed:e9:57:91:0a:6c:4b: + b4:ac:6f:30 -----BEGIN CERTIFICATE----- MIIE8DCCA9igAwIBAgIBATANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM -IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx -MjMwMTkxMjQ2WhcNMTgwOTI1MTkxMjQ2WjCBoTELMAkGA1UEBhMCVVMxEzARBgNV +IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTgw +NDEzMTUyMzEwWhcNMjEwMTA3MTUyMzEwWjCBoTELMAkGA1UEBhMCVVMxEzARBgNV BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSIwIAYDVQQDDBl3b2xmU1NMIGludGVy bWVkaWF0ZSBDQSAxMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIB @@ -177,12 +177,12 @@ DAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdpbmVlcmlu ZzEYMBYGA1UEAwwPd29sZlNTTCByb290IENBMR8wHQYJKoZIhvcNAQkBFhBpbmZv QHdvbGZzc2wuY29tggFjMAsGA1UdDwQEAwIBBjAyBggrBgEFBQcBAQQmMCQwIgYI KwYBBQUHMAGGFmh0dHA6Ly8xMjcuMC4wLjE6MjIyMjAwDQYJKoZIhvcNAQELBQAD -ggEBAA+iGZMJL8jFkWIrHpxpk+pf8V64FY4PyYIIOmtgP60b+keUpzEzNGzPCWP9 -jN5ixC5fcRkuqJZjNxbnvzdnLUY2ctDkA6eJoeRML3YxeQ2Ershhz5gDLxL8F2Bg -iLCWoKhZ9ZYdPR7gwCb9Gz5Cc60dOQ//2fBxUuOam3q0oq9Q5zN/ZkBlvTEMySGw -0T/ftnflBcokuXLJgsafvhL2XTk0tyDf4STDsv6YttNsPkNia+JtVmWZPqouqMuC -LZsR2oq2YyASx6BbXVsJKUdQrU4faCnS2Q5fXIPo5v3H5fkUDRSObjTdT+wBdVQt -JMjGmMN/2B1Pxa7gso71qLtLH6o= +ggEBABijCf7DU8fOEfA2hkOcRptDQqAgbrYyKTQi+iehAAzlUcM1ey/OLEh/R88b +RfkwstAXFaDDqDrkX6SW5CXqToCQLo31GZiuKm058AaP5gvEK90HSq09NBF5PRXb +ZcYzYGsvLUcmu5FTKDVc/Vc7JxuhhQMkdIT08rLjU0GDnGtaDA87xF+nS4sE8g31 +gaoWM9L09Y2DwRAtV1X40xZiJ1CyVyAdowcMuI3FWi/Z08Rqwx5REN5+YM/QeCwA +1Nrf3t7u7R0l2myfV2kq8aJsiv5ywFef+G63R/FP9kucoirSEJxOvLSKoo5RWsHn +nPF8nPl915yP7elXkQpsS7SsbzA= -----END CERTIFICATE----- Certificate: Data: @@ -191,8 +191,8 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com Validity - Not Before: Dec 30 19:12:46 2015 GMT - Not After : Sep 25 19:12:46 2018 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -233,27 +233,27 @@ Certificate: OCSP - URI:http://127.0.0.1:22220 Signature Algorithm: sha256WithRSAEncryption - 99:a3:7d:72:17:b7:c0:cd:98:bb:55:fa:f2:ea:9f:17:81:6e: - 8e:02:25:c6:4d:42:cd:32:64:13:f4:bf:42:0c:a6:4e:39:45: - 52:92:40:ed:16:78:17:a2:45:5e:d9:19:ac:1d:d4:56:68:c8: - 55:de:65:ae:ba:72:b0:c0:57:52:5e:5b:08:d9:dd:72:ca:18: - 6e:16:61:32:9a:8b:c0:7d:3e:5a:27:bc:2d:81:aa:36:d4:44: - 26:52:07:f2:41:3b:d1:0f:2e:64:2e:a7:f8:0f:c3:0e:d3:9d: - 73:b9:24:12:e8:ca:28:db:4f:48:c2:43:bb:b7:a8:14:be:8d: - 3a:2f:d3:3a:1a:eb:5f:15:61:e3:e8:03:65:88:d5:03:7e:25: - 7a:35:8d:45:17:3f:0d:10:fd:8e:27:31:65:ee:de:9d:5c:68: - 7f:68:95:bc:85:5a:fa:2a:10:37:82:ca:11:84:9b:90:1e:23: - d6:2b:a6:c5:af:89:ef:31:37:56:0a:91:9e:0f:5b:3e:6c:c1: - 7d:29:cd:bb:38:3f:0e:cb:fb:05:04:e6:4f:5c:6a:c5:b6:a4: - 0f:0b:6a:25:bf:e9:ed:82:19:bb:6b:9a:2e:7d:40:58:0b:45: - 0e:ff:c2:73:39:9c:c2:ef:f4:7c:d0:9e:ae:c9:05:e1:e3:5e: - bf:dd:65:6d + 6b:10:b1:f8:cb:77:ef:72:f5:f8:fc:70:6d:18:dc:34:fe:d7: + 95:d8:fd:85:8e:ca:4b:f3:be:1f:eb:14:08:dc:23:34:78:98: + 39:d7:9f:c3:52:f6:14:3d:e9:de:5c:c2:d8:b1:4b:a8:4c:5b: + 91:42:66:da:7f:3c:e9:03:20:5e:08:0f:76:79:b9:21:10:89: + b7:73:46:44:7e:6e:28:0c:00:e4:f4:3e:65:aa:f5:c6:27:57: + 2c:bb:1d:ae:e5:94:57:a3:73:9e:6b:44:00:35:4a:f3:c7:34: + 9c:a2:a7:aa:62:9f:1d:ef:a8:6c:be:07:ad:ef:ae:ee:93:0b: + ba:c3:59:4e:90:40:2d:00:5e:f0:0f:0a:de:18:2a:b3:97:31: + 63:84:ff:18:1c:b6:d8:7d:ee:33:ed:99:f0:f5:7f:88:58:b3: + 0d:90:db:eb:44:7e:06:37:61:d4:34:b9:f6:fd:3e:8d:07:e4: + b5:b0:ae:09:ce:98:e4:b0:1b:d5:7b:53:94:dd:8a:b2:20:d6: + b0:72:f8:b1:bc:76:df:16:86:39:7b:e4:a9:15:47:57:ae:ca: + 41:d6:3a:ba:15:d1:c0:b5:38:66:0b:0f:80:8b:a2:07:b4:fc: + 80:1f:a3:4c:1f:d2:65:97:c1:2c:ae:46:31:61:49:0d:d7:5f: + ac:d2:a6:05 -----BEGIN CERTIFICATE----- MIIE5jCCA86gAwIBAgIBYzANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM -IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx -MjMwMTkxMjQ2WhcNMTgwOTI1MTkxMjQ2WjCBlzELMAkGA1UEBhMCVVMxEzARBgNV +IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTgw +NDEzMTUyMzEwWhcNMjEwMTA3MTUyMzEwWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NMIHJvb3Qg Q0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3 @@ -269,11 +269,11 @@ A1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUx EDAOBgNVBAoMB3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQD DA93b2xmU1NMIHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j b22CAWMwCwYDVR0PBAQDAgEGMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYW -aHR0cDovLzEyNy4wLjAuMToyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAmaN9che3 -wM2Yu1X68uqfF4FujgIlxk1CzTJkE/S/QgymTjlFUpJA7RZ4F6JFXtkZrB3UVmjI -Vd5lrrpysMBXUl5bCNndcsoYbhZhMpqLwH0+Wie8LYGqNtREJlIH8kE70Q8uZC6n -+A/DDtOdc7kkEujKKNtPSMJDu7eoFL6NOi/TOhrrXxVh4+gDZYjVA34lejWNRRc/ -DRD9jicxZe7enVxof2iVvIVa+ioQN4LKEYSbkB4j1iumxa+J7zE3VgqRng9bPmzB -fSnNuzg/Dsv7BQTmT1xqxbakDwtqJb/p7YIZu2uaLn1AWAtFDv/Cczmcwu/0fNCe -rskF4eNev91lbQ== +aHR0cDovLzEyNy4wLjAuMToyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAaxCx+Mt3 +73L1+PxwbRjcNP7Xldj9hY7KS/O+H+sUCNwjNHiYOdefw1L2FD3p3lzC2LFLqExb +kUJm2n886QMgXggPdnm5IRCJt3NGRH5uKAwA5PQ+Zar1xidXLLsdruWUV6NznmtE +ADVK88c0nKKnqmKfHe+obL4Hre+u7pMLusNZTpBALQBe8A8K3hgqs5cxY4T/GBy2 +2H3uM+2Z8PV/iFizDZDb60R+Bjdh1DS59v0+jQfktbCuCc6Y5LAb1XtTlN2KsiDW +sHL4sbx23xaGOXvkqRVHV67KQdY6uhXRwLU4ZgsPgIuiB7T8gB+jTB/SZZfBLK5G +MWFJDddfrNKmBQ== -----END CERTIFICATE----- diff --git a/certs/ocsp/server2-cert.pem b/certs/ocsp/server2-cert.pem index 51c56fd40..455d18de5 100644 --- a/certs/ocsp/server2-cert.pem +++ b/certs/ocsp/server2-cert.pem @@ -5,8 +5,8 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL intermediate CA 1/emailAddress=info@wolfssl.com Validity - Not Before: Dec 30 19:12:46 2015 GMT - Not After : Sep 25 19:12:46 2018 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=www2.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -47,27 +47,27 @@ Certificate: OCSP - URI:http://127.0.0.1:22221 Signature Algorithm: sha256WithRSAEncryption - dd:b6:17:51:62:83:8d:32:7f:2f:21:2f:0a:ea:6b:3f:f0:c9: - 59:9d:1e:4b:82:7d:aa:1d:6d:a8:f5:c0:20:78:a8:fd:a3:ca: - cb:1f:2b:99:28:97:d2:ce:71:48:95:82:ee:e4:a4:d9:32:75: - 7f:1d:b2:97:8d:5c:3c:96:9a:b9:4c:05:fe:d1:af:81:4a:25: - c5:66:a1:f3:c7:0e:f3:76:db:3d:a2:87:7e:5c:c4:0a:d3:d3: - 97:a1:7c:46:fc:94:2c:dc:0a:7e:a1:b2:f2:7f:c7:cb:d9:7a: - c2:fa:8d:5b:4a:75:c0:e4:dc:57:4b:84:2a:5a:84:35:13:7b: - 15:49:a0:e8:9e:d8:1d:90:a4:99:4e:a4:dd:fc:ba:d3:f5:12: - aa:36:f2:87:04:b4:09:04:6f:94:a1:18:3e:46:ce:ae:55:f4: - 0f:d8:26:ee:11:cf:d4:8e:e5:33:da:17:e2:ad:43:05:50:e2: - 38:c7:d2:15:18:23:f0:fa:cd:cc:b3:e9:ea:00:5a:af:29:90: - 6a:69:8c:ba:c8:f7:84:84:57:0d:80:b1:10:2c:bd:9d:33:42: - 6d:f1:58:d5:b4:6a:79:e4:26:8f:41:ef:a2:b5:84:6b:c2:6d: - be:5e:76:8f:29:25:13:e8:ba:dd:aa:64:3e:74:bc:90:2d:aa: - bb:1a:cd:c9 + 1d:d0:b5:1d:a1:ae:ef:5e:36:00:36:b3:ae:22:13:32:37:22: + 00:24:b6:b9:c2:b3:a2:55:e5:de:e1:82:83:e9:78:5c:a1:50: + 62:c3:ca:92:2f:21:aa:85:d9:26:56:b1:b0:a1:3c:1f:41:ca: + e6:1a:a3:b0:c1:b1:4c:d2:c0:ab:55:dc:fa:e9:d6:46:63:83: + 2f:8e:c5:ec:28:0e:a9:e5:1b:d9:de:2b:8a:5d:58:56:3a:f8: + 88:bd:99:c4:3a:33:6a:83:4a:26:aa:e3:74:40:a4:82:5a:b2: + 26:23:3b:6d:aa:09:bc:c0:78:2c:c4:75:74:f1:19:e9:ad:39: + 74:53:11:6d:ad:33:b2:f8:45:51:06:f5:5b:19:fd:a7:26:d1: + 11:77:09:f4:c5:07:97:a1:fe:36:3a:6a:fb:64:f1:ed:9b:c4: + 4c:64:cd:6a:bf:17:b8:5b:3f:b7:36:20:4a:cc:34:3e:ec:f5: + a2:68:ae:8d:87:e5:4e:e3:c0:d8:70:67:6a:3c:41:04:0a:36: + 07:40:52:6c:97:15:52:d3:13:a0:fb:c5:b7:f1:c9:40:03:40: + e6:1e:fb:b0:11:77:80:fa:ec:17:24:88:ca:e6:17:1b:b4:f3: + b2:38:bc:bf:c2:98:ec:69:14:c9:2e:75:99:6c:16:78:cc:c5: + 36:d9:0f:f0 -----BEGIN CERTIFICATE----- MIIE7jCCA9agAwIBAgIBBjANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSIwIAYDVQQDDBl3b2xmU1NM IGludGVybWVkaWF0ZSBDQSAxMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu -Y29tMB4XDTE1MTIzMDE5MTI0NloXDTE4MDkyNTE5MTI0NlowgZgxCzAJBgNVBAYT +Y29tMB4XDTE4MDQxMzE1MjMxMFoXDTIxMDEwNzE1MjMxMFowgZgxCzAJBgNVBAYT AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYD VQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEZMBcGA1UEAwwQd3d3 Mi53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCC @@ -84,12 +84,12 @@ U2VhdHRsZTEQMA4GA1UECgwHd29sZlNTTDEUMBIGA1UECwwLRW5naW5lZXJpbmcx GDAWBgNVBAMMD3dvbGZTU0wgcm9vdCBDQTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3 b2xmc3NsLmNvbYIBATALBgNVHQ8EBAMCBeAwMgYIKwYBBQUHAQEEJjAkMCIGCCsG AQUFBzABhhZodHRwOi8vMTI3LjAuMC4xOjIyMjIxMA0GCSqGSIb3DQEBCwUAA4IB -AQDdthdRYoONMn8vIS8K6ms/8MlZnR5Lgn2qHW2o9cAgeKj9o8rLHyuZKJfSznFI -lYLu5KTZMnV/HbKXjVw8lpq5TAX+0a+BSiXFZqHzxw7zdts9ood+XMQK09OXoXxG -/JQs3Ap+obLyf8fL2XrC+o1bSnXA5NxXS4QqWoQ1E3sVSaDontgdkKSZTqTd/LrT -9RKqNvKHBLQJBG+UoRg+Rs6uVfQP2CbuEc/UjuUz2hfirUMFUOI4x9IVGCPw+s3M -s+nqAFqvKZBqaYy6yPeEhFcNgLEQLL2dM0Jt8VjVtGp55CaPQe+itYRrwm2+XnaP -KSUT6LrdqmQ+dLyQLaq7Gs3J +AQAd0LUdoa7vXjYANrOuIhMyNyIAJLa5wrOiVeXe4YKD6XhcoVBiw8qSLyGqhdkm +VrGwoTwfQcrmGqOwwbFM0sCrVdz66dZGY4MvjsXsKA6p5RvZ3iuKXVhWOviIvZnE +OjNqg0omquN0QKSCWrImIzttqgm8wHgsxHV08RnprTl0UxFtrTOy+EVRBvVbGf2n +JtERdwn0xQeXof42Omr7ZPHtm8RMZM1qvxe4Wz+3NiBKzDQ+7PWiaK6Nh+VO48DY +cGdqPEEECjYHQFJslxVS0xOg+8W38clAA0DmHvuwEXeA+uwXJIjK5hcbtPOyOLy/ +wpjsaRTJLnWZbBZ4zMU22Q/w -----END CERTIFICATE----- Certificate: Data: @@ -98,8 +98,8 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com Validity - Not Before: Dec 30 19:12:46 2015 GMT - Not After : Sep 25 19:12:46 2018 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL intermediate CA 1/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -140,27 +140,27 @@ Certificate: OCSP - URI:http://127.0.0.1:22220 Signature Algorithm: sha256WithRSAEncryption - 0f:a2:19:93:09:2f:c8:c5:91:62:2b:1e:9c:69:93:ea:5f:f1: - 5e:b8:15:8e:0f:c9:82:08:3a:6b:60:3f:ad:1b:fa:47:94:a7: - 31:33:34:6c:cf:09:63:fd:8c:de:62:c4:2e:5f:71:19:2e:a8: - 96:63:37:16:e7:bf:37:67:2d:46:36:72:d0:e4:03:a7:89:a1: - e4:4c:2f:76:31:79:0d:84:ae:c8:61:cf:98:03:2f:12:fc:17: - 60:60:88:b0:96:a0:a8:59:f5:96:1d:3d:1e:e0:c0:26:fd:1b: - 3e:42:73:ad:1d:39:0f:ff:d9:f0:71:52:e3:9a:9b:7a:b4:a2: - af:50:e7:33:7f:66:40:65:bd:31:0c:c9:21:b0:d1:3f:df:b6: - 77:e5:05:ca:24:b9:72:c9:82:c6:9f:be:12:f6:5d:39:34:b7: - 20:df:e1:24:c3:b2:fe:98:b6:d3:6c:3e:43:62:6b:e2:6d:56: - 65:99:3e:aa:2e:a8:cb:82:2d:9b:11:da:8a:b6:63:20:12:c7: - a0:5b:5d:5b:09:29:47:50:ad:4e:1f:68:29:d2:d9:0e:5f:5c: - 83:e8:e6:fd:c7:e5:f9:14:0d:14:8e:6e:34:dd:4f:ec:01:75: - 54:2d:24:c8:c6:98:c3:7f:d8:1d:4f:c5:ae:e0:b2:8e:f5:a8: - bb:4b:1f:aa + 18:a3:09:fe:c3:53:c7:ce:11:f0:36:86:43:9c:46:9b:43:42: + a0:20:6e:b6:32:29:34:22:fa:27:a1:00:0c:e5:51:c3:35:7b: + 2f:ce:2c:48:7f:47:cf:1b:45:f9:30:b2:d0:17:15:a0:c3:a8: + 3a:e4:5f:a4:96:e4:25:ea:4e:80:90:2e:8d:f5:19:98:ae:2a: + 6d:39:f0:06:8f:e6:0b:c4:2b:dd:07:4a:ad:3d:34:11:79:3d: + 15:db:65:c6:33:60:6b:2f:2d:47:26:bb:91:53:28:35:5c:fd: + 57:3b:27:1b:a1:85:03:24:74:84:f4:f2:b2:e3:53:41:83:9c: + 6b:5a:0c:0f:3b:c4:5f:a7:4b:8b:04:f2:0d:f5:81:aa:16:33: + d2:f4:f5:8d:83:c1:10:2d:57:55:f8:d3:16:62:27:50:b2:57: + 20:1d:a3:07:0c:b8:8d:c5:5a:2f:d9:d3:c4:6a:c3:1e:51:10: + de:7e:60:cf:d0:78:2c:00:d4:da:df:de:de:ee:ed:1d:25:da: + 6c:9f:57:69:2a:f1:a2:6c:8a:fe:72:c0:57:9f:f8:6e:b7:47: + f1:4f:f6:4b:9c:a2:2a:d2:10:9c:4e:bc:b4:8a:a2:8e:51:5a: + c1:e7:9c:f1:7c:9c:f9:7d:d7:9c:8f:ed:e9:57:91:0a:6c:4b: + b4:ac:6f:30 -----BEGIN CERTIFICATE----- MIIE8DCCA9igAwIBAgIBATANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM -IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx -MjMwMTkxMjQ2WhcNMTgwOTI1MTkxMjQ2WjCBoTELMAkGA1UEBhMCVVMxEzARBgNV +IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTgw +NDEzMTUyMzEwWhcNMjEwMTA3MTUyMzEwWjCBoTELMAkGA1UEBhMCVVMxEzARBgNV BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSIwIAYDVQQDDBl3b2xmU1NMIGludGVy bWVkaWF0ZSBDQSAxMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIB @@ -177,12 +177,12 @@ DAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdpbmVlcmlu ZzEYMBYGA1UEAwwPd29sZlNTTCByb290IENBMR8wHQYJKoZIhvcNAQkBFhBpbmZv QHdvbGZzc2wuY29tggFjMAsGA1UdDwQEAwIBBjAyBggrBgEFBQcBAQQmMCQwIgYI KwYBBQUHMAGGFmh0dHA6Ly8xMjcuMC4wLjE6MjIyMjAwDQYJKoZIhvcNAQELBQAD -ggEBAA+iGZMJL8jFkWIrHpxpk+pf8V64FY4PyYIIOmtgP60b+keUpzEzNGzPCWP9 -jN5ixC5fcRkuqJZjNxbnvzdnLUY2ctDkA6eJoeRML3YxeQ2Ershhz5gDLxL8F2Bg -iLCWoKhZ9ZYdPR7gwCb9Gz5Cc60dOQ//2fBxUuOam3q0oq9Q5zN/ZkBlvTEMySGw -0T/ftnflBcokuXLJgsafvhL2XTk0tyDf4STDsv6YttNsPkNia+JtVmWZPqouqMuC -LZsR2oq2YyASx6BbXVsJKUdQrU4faCnS2Q5fXIPo5v3H5fkUDRSObjTdT+wBdVQt -JMjGmMN/2B1Pxa7gso71qLtLH6o= +ggEBABijCf7DU8fOEfA2hkOcRptDQqAgbrYyKTQi+iehAAzlUcM1ey/OLEh/R88b +RfkwstAXFaDDqDrkX6SW5CXqToCQLo31GZiuKm058AaP5gvEK90HSq09NBF5PRXb +ZcYzYGsvLUcmu5FTKDVc/Vc7JxuhhQMkdIT08rLjU0GDnGtaDA87xF+nS4sE8g31 +gaoWM9L09Y2DwRAtV1X40xZiJ1CyVyAdowcMuI3FWi/Z08Rqwx5REN5+YM/QeCwA +1Nrf3t7u7R0l2myfV2kq8aJsiv5ywFef+G63R/FP9kucoirSEJxOvLSKoo5RWsHn +nPF8nPl915yP7elXkQpsS7SsbzA= -----END CERTIFICATE----- Certificate: Data: @@ -191,8 +191,8 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com Validity - Not Before: Dec 30 19:12:46 2015 GMT - Not After : Sep 25 19:12:46 2018 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -233,27 +233,27 @@ Certificate: OCSP - URI:http://127.0.0.1:22220 Signature Algorithm: sha256WithRSAEncryption - 99:a3:7d:72:17:b7:c0:cd:98:bb:55:fa:f2:ea:9f:17:81:6e: - 8e:02:25:c6:4d:42:cd:32:64:13:f4:bf:42:0c:a6:4e:39:45: - 52:92:40:ed:16:78:17:a2:45:5e:d9:19:ac:1d:d4:56:68:c8: - 55:de:65:ae:ba:72:b0:c0:57:52:5e:5b:08:d9:dd:72:ca:18: - 6e:16:61:32:9a:8b:c0:7d:3e:5a:27:bc:2d:81:aa:36:d4:44: - 26:52:07:f2:41:3b:d1:0f:2e:64:2e:a7:f8:0f:c3:0e:d3:9d: - 73:b9:24:12:e8:ca:28:db:4f:48:c2:43:bb:b7:a8:14:be:8d: - 3a:2f:d3:3a:1a:eb:5f:15:61:e3:e8:03:65:88:d5:03:7e:25: - 7a:35:8d:45:17:3f:0d:10:fd:8e:27:31:65:ee:de:9d:5c:68: - 7f:68:95:bc:85:5a:fa:2a:10:37:82:ca:11:84:9b:90:1e:23: - d6:2b:a6:c5:af:89:ef:31:37:56:0a:91:9e:0f:5b:3e:6c:c1: - 7d:29:cd:bb:38:3f:0e:cb:fb:05:04:e6:4f:5c:6a:c5:b6:a4: - 0f:0b:6a:25:bf:e9:ed:82:19:bb:6b:9a:2e:7d:40:58:0b:45: - 0e:ff:c2:73:39:9c:c2:ef:f4:7c:d0:9e:ae:c9:05:e1:e3:5e: - bf:dd:65:6d + 6b:10:b1:f8:cb:77:ef:72:f5:f8:fc:70:6d:18:dc:34:fe:d7: + 95:d8:fd:85:8e:ca:4b:f3:be:1f:eb:14:08:dc:23:34:78:98: + 39:d7:9f:c3:52:f6:14:3d:e9:de:5c:c2:d8:b1:4b:a8:4c:5b: + 91:42:66:da:7f:3c:e9:03:20:5e:08:0f:76:79:b9:21:10:89: + b7:73:46:44:7e:6e:28:0c:00:e4:f4:3e:65:aa:f5:c6:27:57: + 2c:bb:1d:ae:e5:94:57:a3:73:9e:6b:44:00:35:4a:f3:c7:34: + 9c:a2:a7:aa:62:9f:1d:ef:a8:6c:be:07:ad:ef:ae:ee:93:0b: + ba:c3:59:4e:90:40:2d:00:5e:f0:0f:0a:de:18:2a:b3:97:31: + 63:84:ff:18:1c:b6:d8:7d:ee:33:ed:99:f0:f5:7f:88:58:b3: + 0d:90:db:eb:44:7e:06:37:61:d4:34:b9:f6:fd:3e:8d:07:e4: + b5:b0:ae:09:ce:98:e4:b0:1b:d5:7b:53:94:dd:8a:b2:20:d6: + b0:72:f8:b1:bc:76:df:16:86:39:7b:e4:a9:15:47:57:ae:ca: + 41:d6:3a:ba:15:d1:c0:b5:38:66:0b:0f:80:8b:a2:07:b4:fc: + 80:1f:a3:4c:1f:d2:65:97:c1:2c:ae:46:31:61:49:0d:d7:5f: + ac:d2:a6:05 -----BEGIN CERTIFICATE----- MIIE5jCCA86gAwIBAgIBYzANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM -IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx -MjMwMTkxMjQ2WhcNMTgwOTI1MTkxMjQ2WjCBlzELMAkGA1UEBhMCVVMxEzARBgNV +IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTgw +NDEzMTUyMzEwWhcNMjEwMTA3MTUyMzEwWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NMIHJvb3Qg Q0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3 @@ -269,11 +269,11 @@ A1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUx EDAOBgNVBAoMB3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQD DA93b2xmU1NMIHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j b22CAWMwCwYDVR0PBAQDAgEGMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYW -aHR0cDovLzEyNy4wLjAuMToyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAmaN9che3 -wM2Yu1X68uqfF4FujgIlxk1CzTJkE/S/QgymTjlFUpJA7RZ4F6JFXtkZrB3UVmjI -Vd5lrrpysMBXUl5bCNndcsoYbhZhMpqLwH0+Wie8LYGqNtREJlIH8kE70Q8uZC6n -+A/DDtOdc7kkEujKKNtPSMJDu7eoFL6NOi/TOhrrXxVh4+gDZYjVA34lejWNRRc/ -DRD9jicxZe7enVxof2iVvIVa+ioQN4LKEYSbkB4j1iumxa+J7zE3VgqRng9bPmzB -fSnNuzg/Dsv7BQTmT1xqxbakDwtqJb/p7YIZu2uaLn1AWAtFDv/Cczmcwu/0fNCe -rskF4eNev91lbQ== +aHR0cDovLzEyNy4wLjAuMToyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAaxCx+Mt3 +73L1+PxwbRjcNP7Xldj9hY7KS/O+H+sUCNwjNHiYOdefw1L2FD3p3lzC2LFLqExb +kUJm2n886QMgXggPdnm5IRCJt3NGRH5uKAwA5PQ+Zar1xidXLLsdruWUV6NznmtE +ADVK88c0nKKnqmKfHe+obL4Hre+u7pMLusNZTpBALQBe8A8K3hgqs5cxY4T/GBy2 +2H3uM+2Z8PV/iFizDZDb60R+Bjdh1DS59v0+jQfktbCuCc6Y5LAb1XtTlN2KsiDW +sHL4sbx23xaGOXvkqRVHV67KQdY6uhXRwLU4ZgsPgIuiB7T8gB+jTB/SZZfBLK5G +MWFJDddfrNKmBQ== -----END CERTIFICATE----- diff --git a/certs/ocsp/server3-cert.pem b/certs/ocsp/server3-cert.pem index 7f1873535..34cc27c12 100644 --- a/certs/ocsp/server3-cert.pem +++ b/certs/ocsp/server3-cert.pem @@ -5,8 +5,8 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL intermediate CA 2/emailAddress=info@wolfssl.com Validity - Not Before: Dec 30 19:12:46 2015 GMT - Not After : Sep 25 19:12:46 2018 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=www3.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -47,27 +47,27 @@ Certificate: OCSP - URI:http://127.0.0.1:22222 Signature Algorithm: sha256WithRSAEncryption - 3a:2f:11:d6:45:96:cc:68:80:ed:dd:25:1f:1c:b2:b2:c8:42: - 71:11:ed:3b:f8:69:73:d3:bc:49:38:0e:5f:f8:bb:a1:69:a0: - fe:bd:a0:6f:c2:68:74:4c:c8:c0:cc:00:83:6b:b2:c3:15:3c: - bb:08:51:3e:2a:36:2e:f7:48:00:a0:74:11:b7:db:00:56:82: - 52:17:94:b1:a6:a8:82:c7:33:ac:20:ef:3d:93:e2:56:01:62: - 99:d4:c4:8e:4b:4d:bf:36:1e:f7:bb:83:85:81:6d:46:fb:8d: - c2:12:99:87:ae:7a:fd:83:3c:df:7b:51:12:79:44:4f:df:17: - 74:d5:d9:ab:19:d3:49:8b:33:4c:82:e4:83:1a:4d:fa:d3:84: - ea:37:86:58:77:93:41:2e:f9:30:3a:09:d6:72:3a:aa:d8:e7: - 13:f6:2f:80:7a:47:fc:c8:c2:98:34:07:ca:ed:21:c5:3f:21: - fb:f2:1a:4c:cb:ff:fb:db:7d:6c:1b:f2:4a:1d:58:43:8f:58: - 3c:c8:de:80:c8:79:fa:0a:97:a1:02:a8:5b:b6:96:ed:b7:24: - 9e:ac:79:b6:e1:e6:3f:f1:66:8e:4d:22:47:a2:df:90:f2:d1: - 0a:3c:be:bb:ce:34:46:e5:c2:13:50:e9:8c:49:e7:31:51:73: - c3:b1:b5:03 + 4e:22:d8:3b:f8:92:f0:1a:0d:6f:94:a6:88:d8:27:b8:28:a4: + 86:4a:2f:4e:6e:ed:38:62:8e:6d:d8:de:33:e9:9d:c8:b1:a8: + f2:0a:66:b8:17:f0:34:79:c0:bf:4a:0b:fe:00:c3:38:db:c0: + 40:1b:84:22:58:b1:e6:60:87:c8:28:f7:52:5c:2b:02:cf:3d: + d4:28:84:3c:cb:74:8a:5a:da:4b:50:ce:95:81:ef:df:c8:dd: + 45:f0:8d:a0:62:3e:4a:b3:d8:0b:3d:d9:75:d5:0d:43:65:01: + fc:f4:70:92:ae:f9:30:6c:21:7c:17:d4:b6:00:1d:97:7b:e6: + 1d:c4:9f:a7:d5:00:87:e7:bd:5a:80:ba:14:9f:56:fc:f1:b5: + f8:ed:14:61:1c:24:7f:ac:39:03:41:dc:c2:da:b2:2e:df:06: + 70:6a:81:1d:6d:a6:e4:cf:f1:5a:c8:80:8d:ea:13:f3:3b:73: + 17:41:87:f2:fa:25:c8:47:73:86:d5:ba:e3:8f:ab:f7:f0:b1: + 1f:b7:33:57:0f:76:01:5c:59:55:fe:13:05:69:2c:e1:02:85: + ac:28:72:48:f7:2d:8c:6b:da:72:fa:95:d5:8f:23:1d:d0:37: + 5d:70:97:af:53:aa:37:11:5d:9e:c3:79:da:bf:c2:01:f3:32: + a2:e4:b0:bd -----BEGIN CERTIFICATE----- MIIE7jCCA9agAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSIwIAYDVQQDDBl3b2xmU1NM IGludGVybWVkaWF0ZSBDQSAyMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu -Y29tMB4XDTE1MTIzMDE5MTI0NloXDTE4MDkyNTE5MTI0NlowgZgxCzAJBgNVBAYT +Y29tMB4XDTE4MDQxMzE1MjMxMFoXDTIxMDEwNzE1MjMxMFowgZgxCzAJBgNVBAYT AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYD VQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEZMBcGA1UEAwwQd3d3 My53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCC @@ -84,12 +84,12 @@ U2VhdHRsZTEQMA4GA1UECgwHd29sZlNTTDEUMBIGA1UECwwLRW5naW5lZXJpbmcx GDAWBgNVBAMMD3dvbGZTU0wgcm9vdCBDQTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3 b2xmc3NsLmNvbYIBAjALBgNVHQ8EBAMCBeAwMgYIKwYBBQUHAQEEJjAkMCIGCCsG AQUFBzABhhZodHRwOi8vMTI3LjAuMC4xOjIyMjIyMA0GCSqGSIb3DQEBCwUAA4IB -AQA6LxHWRZbMaIDt3SUfHLKyyEJxEe07+Glz07xJOA5f+LuhaaD+vaBvwmh0TMjA -zACDa7LDFTy7CFE+KjYu90gAoHQRt9sAVoJSF5SxpqiCxzOsIO89k+JWAWKZ1MSO -S02/Nh73u4OFgW1G+43CEpmHrnr9gzzfe1ESeURP3xd01dmrGdNJizNMguSDGk36 -04TqN4ZYd5NBLvkwOgnWcjqq2OcT9i+Aekf8yMKYNAfK7SHFPyH78hpMy//7231s -G/JKHVhDj1g8yN6AyHn6CpehAqhbtpbttySerHm24eY/8WaOTSJHot+Q8tEKPL67 -zjRG5cITUOmMSecxUXPDsbUD +AQBOItg7+JLwGg1vlKaI2Ce4KKSGSi9Obu04Yo5t2N4z6Z3IsajyCma4F/A0ecC/ +Sgv+AMM428BAG4QiWLHmYIfIKPdSXCsCzz3UKIQ8y3SKWtpLUM6Vge/fyN1F8I2g +Yj5Ks9gLPdl11Q1DZQH89HCSrvkwbCF8F9S2AB2Xe+YdxJ+n1QCH571agLoUn1b8 +8bX47RRhHCR/rDkDQdzC2rIu3wZwaoEdbabkz/FayICN6hPzO3MXQYfy+iXIR3OG +1brjj6v38LEftzNXD3YBXFlV/hMFaSzhAoWsKHJI9y2Ma9py+pXVjyMd0DddcJev +U6o3EV2ew3nav8IB8zKi5LC9 -----END CERTIFICATE----- Certificate: Data: @@ -98,8 +98,8 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com Validity - Not Before: Dec 30 19:12:46 2015 GMT - Not After : Sep 25 19:12:46 2018 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL intermediate CA 2/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -140,27 +140,27 @@ Certificate: OCSP - URI:http://127.0.0.1:22220 Signature Algorithm: sha256WithRSAEncryption - 1d:d6:14:6c:f5:cc:f9:c9:0d:c4:27:c1:50:49:ab:d7:39:6e: - 86:31:cf:67:99:c0:5d:37:d0:14:ee:d8:e3:da:17:a5:82:c2: - 25:86:33:28:0d:f6:ca:6b:7a:c7:72:f1:d8:b9:20:27:ee:0c: - 7d:77:e5:8b:03:46:9a:f8:99:6a:8e:57:1a:c9:a2:b1:79:d6: - b6:b6:e5:1a:39:80:2e:88:2b:17:c8:b9:36:37:38:58:8a:f0: - 62:68:97:25:b5:7a:62:5c:4d:22:2c:30:62:0c:11:f0:4d:70: - 95:c7:2d:9e:ab:c5:ef:2e:a4:29:25:8b:e2:e4:d2:9d:2c:5e: - 60:79:36:98:13:a8:38:6c:00:0d:6a:f0:11:3c:3f:d8:f9:6b: - 16:d1:61:f9:db:53:56:02:43:56:a8:01:3b:88:77:91:a5:6e: - a0:ab:2c:6c:e6:ec:cf:ff:5a:07:94:ea:49:92:d4:87:98:f8: - 89:f0:f7:4f:77:b0:df:c9:89:03:76:d9:31:30:86:f7:e9:8a: - 74:fa:f2:b2:f3:4d:f7:43:41:48:9c:1f:db:ea:23:e3:1e:4c: - 15:76:92:e0:f8:ce:71:35:fd:25:f0:97:cd:99:5d:2c:af:33: - 64:5e:bd:be:35:e3:53:78:6c:10:c8:0e:cc:83:e5:d9:2e:7a: - d9:6d:52:95 + 92:6e:c1:af:88:af:46:f2:6e:8a:8c:27:06:8e:b4:38:35:9b: + 47:92:24:20:e5:a5:13:d8:35:d3:2e:37:ca:74:47:e5:16:a3: + 03:63:16:b4:28:2b:d9:04:ab:ee:e4:0a:e5:87:da:d4:00:3a: + 53:c6:c9:25:6a:8f:49:d2:2e:34:f2:40:65:6e:02:fc:b9:42: + 3f:ef:cb:8c:79:84:03:84:dc:a0:68:1e:c7:c7:36:8c:60:14: + 55:f2:5f:f9:c1:3f:2b:f6:a2:1e:34:1f:83:ba:73:bc:b7:62: + bc:97:66:84:09:b9:2d:76:71:c8:91:fd:e2:e1:39:cf:dd:ec: + 98:a8:49:69:89:a8:18:2a:42:e7:fc:ab:2c:cf:13:ab:63:fe: + b0:19:ea:1a:38:22:16:11:31:34:43:fc:50:c6:ec:19:97:03: + db:e8:07:28:48:88:3a:e5:35:a2:fd:83:12:df:55:70:72:61: + 0d:f8:66:18:52:58:c9:46:97:86:31:9e:a2:43:0c:b9:0f:d3: + eb:35:c9:e5:19:4e:b4:8b:d2:ac:ea:bf:83:2a:48:9d:20:a0: + 08:45:60:92:8a:27:06:93:77:74:bb:0e:22:8e:54:17:f2:d4: + e7:7f:f3:90:4d:cc:75:e7:16:c5:9c:4a:cf:dc:f2:19:18:12: + f5:72:8e:2e -----BEGIN CERTIFICATE----- MIIE8DCCA9igAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM -IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx -MjMwMTkxMjQ2WhcNMTgwOTI1MTkxMjQ2WjCBoTELMAkGA1UEBhMCVVMxEzARBgNV +IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTgw +NDEzMTUyMzEwWhcNMjEwMTA3MTUyMzEwWjCBoTELMAkGA1UEBhMCVVMxEzARBgNV BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSIwIAYDVQQDDBl3b2xmU1NMIGludGVy bWVkaWF0ZSBDQSAyMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIB @@ -177,12 +177,12 @@ DAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdpbmVlcmlu ZzEYMBYGA1UEAwwPd29sZlNTTCByb290IENBMR8wHQYJKoZIhvcNAQkBFhBpbmZv QHdvbGZzc2wuY29tggFjMAsGA1UdDwQEAwIBBjAyBggrBgEFBQcBAQQmMCQwIgYI KwYBBQUHMAGGFmh0dHA6Ly8xMjcuMC4wLjE6MjIyMjAwDQYJKoZIhvcNAQELBQAD -ggEBAB3WFGz1zPnJDcQnwVBJq9c5boYxz2eZwF030BTu2OPaF6WCwiWGMygN9spr -esdy8di5ICfuDH135YsDRpr4mWqOVxrJorF51ra25Ro5gC6IKxfIuTY3OFiK8GJo -lyW1emJcTSIsMGIMEfBNcJXHLZ6rxe8upCkli+Lk0p0sXmB5NpgTqDhsAA1q8BE8 -P9j5axbRYfnbU1YCQ1aoATuId5GlbqCrLGzm7M//WgeU6kmS1IeY+Inw9093sN/J -iQN22TEwhvfpinT68rLzTfdDQUicH9vqI+MeTBV2kuD4znE1/SXwl82ZXSyvM2Re -vb4141N4bBDIDsyD5dkuetltUpU= +ggEBAJJuwa+Ir0byboqMJwaOtDg1m0eSJCDlpRPYNdMuN8p0R+UWowNjFrQoK9kE +q+7kCuWH2tQAOlPGySVqj0nSLjTyQGVuAvy5Qj/vy4x5hAOE3KBoHsfHNoxgFFXy +X/nBPyv2oh40H4O6c7y3YryXZoQJuS12cciR/eLhOc/d7JioSWmJqBgqQuf8qyzP +E6tj/rAZ6ho4IhYRMTRD/FDG7BmXA9voByhIiDrlNaL9gxLfVXByYQ34ZhhSWMlG +l4YxnqJDDLkP0+s1yeUZTrSL0qzqv4MqSJ0goAhFYJKKJwaTd3S7DiKOVBfy1Od/ +85BNzHXnFsWcSs/c8hkYEvVyji4= -----END CERTIFICATE----- Certificate: Data: @@ -191,8 +191,8 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com Validity - Not Before: Dec 30 19:12:46 2015 GMT - Not After : Sep 25 19:12:46 2018 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -233,27 +233,27 @@ Certificate: OCSP - URI:http://127.0.0.1:22220 Signature Algorithm: sha256WithRSAEncryption - 99:a3:7d:72:17:b7:c0:cd:98:bb:55:fa:f2:ea:9f:17:81:6e: - 8e:02:25:c6:4d:42:cd:32:64:13:f4:bf:42:0c:a6:4e:39:45: - 52:92:40:ed:16:78:17:a2:45:5e:d9:19:ac:1d:d4:56:68:c8: - 55:de:65:ae:ba:72:b0:c0:57:52:5e:5b:08:d9:dd:72:ca:18: - 6e:16:61:32:9a:8b:c0:7d:3e:5a:27:bc:2d:81:aa:36:d4:44: - 26:52:07:f2:41:3b:d1:0f:2e:64:2e:a7:f8:0f:c3:0e:d3:9d: - 73:b9:24:12:e8:ca:28:db:4f:48:c2:43:bb:b7:a8:14:be:8d: - 3a:2f:d3:3a:1a:eb:5f:15:61:e3:e8:03:65:88:d5:03:7e:25: - 7a:35:8d:45:17:3f:0d:10:fd:8e:27:31:65:ee:de:9d:5c:68: - 7f:68:95:bc:85:5a:fa:2a:10:37:82:ca:11:84:9b:90:1e:23: - d6:2b:a6:c5:af:89:ef:31:37:56:0a:91:9e:0f:5b:3e:6c:c1: - 7d:29:cd:bb:38:3f:0e:cb:fb:05:04:e6:4f:5c:6a:c5:b6:a4: - 0f:0b:6a:25:bf:e9:ed:82:19:bb:6b:9a:2e:7d:40:58:0b:45: - 0e:ff:c2:73:39:9c:c2:ef:f4:7c:d0:9e:ae:c9:05:e1:e3:5e: - bf:dd:65:6d + 6b:10:b1:f8:cb:77:ef:72:f5:f8:fc:70:6d:18:dc:34:fe:d7: + 95:d8:fd:85:8e:ca:4b:f3:be:1f:eb:14:08:dc:23:34:78:98: + 39:d7:9f:c3:52:f6:14:3d:e9:de:5c:c2:d8:b1:4b:a8:4c:5b: + 91:42:66:da:7f:3c:e9:03:20:5e:08:0f:76:79:b9:21:10:89: + b7:73:46:44:7e:6e:28:0c:00:e4:f4:3e:65:aa:f5:c6:27:57: + 2c:bb:1d:ae:e5:94:57:a3:73:9e:6b:44:00:35:4a:f3:c7:34: + 9c:a2:a7:aa:62:9f:1d:ef:a8:6c:be:07:ad:ef:ae:ee:93:0b: + ba:c3:59:4e:90:40:2d:00:5e:f0:0f:0a:de:18:2a:b3:97:31: + 63:84:ff:18:1c:b6:d8:7d:ee:33:ed:99:f0:f5:7f:88:58:b3: + 0d:90:db:eb:44:7e:06:37:61:d4:34:b9:f6:fd:3e:8d:07:e4: + b5:b0:ae:09:ce:98:e4:b0:1b:d5:7b:53:94:dd:8a:b2:20:d6: + b0:72:f8:b1:bc:76:df:16:86:39:7b:e4:a9:15:47:57:ae:ca: + 41:d6:3a:ba:15:d1:c0:b5:38:66:0b:0f:80:8b:a2:07:b4:fc: + 80:1f:a3:4c:1f:d2:65:97:c1:2c:ae:46:31:61:49:0d:d7:5f: + ac:d2:a6:05 -----BEGIN CERTIFICATE----- MIIE5jCCA86gAwIBAgIBYzANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM -IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx -MjMwMTkxMjQ2WhcNMTgwOTI1MTkxMjQ2WjCBlzELMAkGA1UEBhMCVVMxEzARBgNV +IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTgw +NDEzMTUyMzEwWhcNMjEwMTA3MTUyMzEwWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NMIHJvb3Qg Q0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3 @@ -269,11 +269,11 @@ A1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUx EDAOBgNVBAoMB3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQD DA93b2xmU1NMIHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j b22CAWMwCwYDVR0PBAQDAgEGMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYW -aHR0cDovLzEyNy4wLjAuMToyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAmaN9che3 -wM2Yu1X68uqfF4FujgIlxk1CzTJkE/S/QgymTjlFUpJA7RZ4F6JFXtkZrB3UVmjI -Vd5lrrpysMBXUl5bCNndcsoYbhZhMpqLwH0+Wie8LYGqNtREJlIH8kE70Q8uZC6n -+A/DDtOdc7kkEujKKNtPSMJDu7eoFL6NOi/TOhrrXxVh4+gDZYjVA34lejWNRRc/ -DRD9jicxZe7enVxof2iVvIVa+ioQN4LKEYSbkB4j1iumxa+J7zE3VgqRng9bPmzB -fSnNuzg/Dsv7BQTmT1xqxbakDwtqJb/p7YIZu2uaLn1AWAtFDv/Cczmcwu/0fNCe -rskF4eNev91lbQ== +aHR0cDovLzEyNy4wLjAuMToyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAaxCx+Mt3 +73L1+PxwbRjcNP7Xldj9hY7KS/O+H+sUCNwjNHiYOdefw1L2FD3p3lzC2LFLqExb +kUJm2n886QMgXggPdnm5IRCJt3NGRH5uKAwA5PQ+Zar1xidXLLsdruWUV6NznmtE +ADVK88c0nKKnqmKfHe+obL4Hre+u7pMLusNZTpBALQBe8A8K3hgqs5cxY4T/GBy2 +2H3uM+2Z8PV/iFizDZDb60R+Bjdh1DS59v0+jQfktbCuCc6Y5LAb1XtTlN2KsiDW +sHL4sbx23xaGOXvkqRVHV67KQdY6uhXRwLU4ZgsPgIuiB7T8gB+jTB/SZZfBLK5G +MWFJDddfrNKmBQ== -----END CERTIFICATE----- diff --git a/certs/ocsp/server4-cert.pem b/certs/ocsp/server4-cert.pem index d9909f676..95eb15a0a 100644 --- a/certs/ocsp/server4-cert.pem +++ b/certs/ocsp/server4-cert.pem @@ -5,8 +5,8 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL intermediate CA 2/emailAddress=info@wolfssl.com Validity - Not Before: Dec 30 19:12:46 2015 GMT - Not After : Sep 25 19:12:46 2018 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=www4.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -47,27 +47,27 @@ Certificate: OCSP - URI:http://127.0.0.1:22222 Signature Algorithm: sha256WithRSAEncryption - 33:15:a7:22:85:5d:69:97:b2:33:1b:39:8f:0b:0f:57:d6:84: - 99:eb:53:e9:35:14:a2:93:9c:11:45:01:6e:45:c7:5b:b7:fc: - 7c:2c:a9:e5:34:0f:f2:79:26:a0:4b:99:f8:16:ec:f1:e1:15: - 2c:09:d5:f9:7f:c5:8a:ef:16:d7:85:e6:d4:87:35:cd:9d:a2: - 6f:c6:f6:39:f6:b7:57:1d:e8:bf:01:71:d5:0b:8d:99:db:84: - ab:39:36:24:80:bd:ef:ca:04:2d:f1:fa:fa:a9:4e:e1:e1:28: - 58:0c:81:8e:ed:2f:f8:41:91:2d:49:2d:05:55:6d:fd:c1:47: - 01:a9:f8:92:13:29:62:7b:a6:7d:f0:04:dd:54:9b:e2:23:95: - 63:91:2c:16:10:b1:af:5a:5e:e4:fc:6d:94:76:bb:2a:1f:c2: - 12:01:8e:7f:1e:22:d7:71:e0:60:5b:af:a2:25:b8:bd:7e:88: - fe:46:17:63:8c:b7:71:db:da:74:17:4e:8e:c6:93:9c:73:77: - 4d:6e:9c:75:75:7b:76:fe:6b:ad:00:7a:58:da:c0:f4:2a:be: - ef:88:74:5a:80:3f:79:9b:b7:1e:e8:5f:0c:da:b3:27:bb:1f: - aa:dd:ad:cb:4f:00:fe:c6:fe:c2:44:06:49:01:4f:a8:ff:24: - 64:6b:ae:9a + 18:72:41:57:9a:c3:fa:b0:30:f4:bc:16:81:bf:3a:38:99:d2: + ac:24:b9:80:24:57:d2:9b:e6:29:ad:5d:7c:7c:f7:50:dd:9d: + 0b:0f:90:b5:cb:96:a1:19:3f:5b:6d:28:52:ee:a4:bb:28:3e: + 38:54:73:bb:9a:13:91:3d:f5:57:cf:bc:a8:21:64:dc:5c:d1: + 19:94:a6:8a:80:f8:92:e4:10:f9:19:c2:2b:b3:78:6b:2c:3d: + 81:9c:e9:3d:61:78:01:34:dd:f1:be:54:db:31:54:ed:ef:67: + a3:9b:c1:a1:5b:9b:ce:be:23:3a:6b:ab:92:34:1b:a1:d6:0b: + 1d:65:8a:cd:e2:f3:d1:ce:a9:c5:bf:19:a9:25:15:e6:98:f5: + 3f:3f:fa:22:72:48:a6:65:64:06:74:0c:49:bd:fe:7d:4e:5b: + 23:20:a8:a7:18:0e:7a:39:7e:d2:1f:a6:03:c2:31:6e:ce:49: + de:81:3c:7d:9f:1c:39:bb:df:8b:5c:58:8f:7a:08:77:f7:f8: + e3:f0:fe:14:73:0f:40:35:6a:1c:5a:46:79:b8:8b:4e:dd:75: + e0:55:89:57:d9:19:43:91:ca:66:39:00:7e:9b:0d:b2:3d:fc: + 35:7e:15:74:ed:36:61:94:7b:37:e2:17:37:4a:43:63:2e:24: + a7:e6:01:cb -----BEGIN CERTIFICATE----- MIIE7jCCA9agAwIBAgIBCDANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSIwIAYDVQQDDBl3b2xmU1NM IGludGVybWVkaWF0ZSBDQSAyMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu -Y29tMB4XDTE1MTIzMDE5MTI0NloXDTE4MDkyNTE5MTI0NlowgZgxCzAJBgNVBAYT +Y29tMB4XDTE4MDQxMzE1MjMxMFoXDTIxMDEwNzE1MjMxMFowgZgxCzAJBgNVBAYT AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYD VQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEZMBcGA1UEAwwQd3d3 NC53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCC @@ -84,12 +84,12 @@ U2VhdHRsZTEQMA4GA1UECgwHd29sZlNTTDEUMBIGA1UECwwLRW5naW5lZXJpbmcx GDAWBgNVBAMMD3dvbGZTU0wgcm9vdCBDQTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3 b2xmc3NsLmNvbYIBAjALBgNVHQ8EBAMCBeAwMgYIKwYBBQUHAQEEJjAkMCIGCCsG AQUFBzABhhZodHRwOi8vMTI3LjAuMC4xOjIyMjIyMA0GCSqGSIb3DQEBCwUAA4IB -AQAzFacihV1pl7IzGzmPCw9X1oSZ61PpNRSik5wRRQFuRcdbt/x8LKnlNA/yeSag -S5n4Fuzx4RUsCdX5f8WK7xbXhebUhzXNnaJvxvY59rdXHei/AXHVC42Z24SrOTYk -gL3vygQt8fr6qU7h4ShYDIGO7S/4QZEtSS0FVW39wUcBqfiSEylie6Z98ATdVJvi -I5VjkSwWELGvWl7k/G2UdrsqH8ISAY5/HiLXceBgW6+iJbi9foj+RhdjjLdx29p0 -F06OxpOcc3dNbpx1dXt2/mutAHpY2sD0Kr7viHRagD95m7ce6F8M2rMnux+q3a3L -TwD+xv7CRAZJAU+o/yRka66a +AQAYckFXmsP6sDD0vBaBvzo4mdKsJLmAJFfSm+YprV18fPdQ3Z0LD5C1y5ahGT9b +bShS7qS7KD44VHO7mhORPfVXz7yoIWTcXNEZlKaKgPiS5BD5GcIrs3hrLD2BnOk9 +YXgBNN3xvlTbMVTt72ejm8GhW5vOviM6a6uSNBuh1gsdZYrN4vPRzqnFvxmpJRXm +mPU/P/oickimZWQGdAxJvf59TlsjIKinGA56OX7SH6YDwjFuzknegTx9nxw5u9+L +XFiPegh39/jj8P4Ucw9ANWocWkZ5uItO3XXgVYlX2RlDkcpmOQB+mw2yPfw1fhV0 +7TZhlHs34hc3SkNjLiSn5gHL -----END CERTIFICATE----- Certificate: Data: @@ -98,8 +98,8 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com Validity - Not Before: Dec 30 19:12:46 2015 GMT - Not After : Sep 25 19:12:46 2018 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL intermediate CA 2/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -140,27 +140,27 @@ Certificate: OCSP - URI:http://127.0.0.1:22220 Signature Algorithm: sha256WithRSAEncryption - 1d:d6:14:6c:f5:cc:f9:c9:0d:c4:27:c1:50:49:ab:d7:39:6e: - 86:31:cf:67:99:c0:5d:37:d0:14:ee:d8:e3:da:17:a5:82:c2: - 25:86:33:28:0d:f6:ca:6b:7a:c7:72:f1:d8:b9:20:27:ee:0c: - 7d:77:e5:8b:03:46:9a:f8:99:6a:8e:57:1a:c9:a2:b1:79:d6: - b6:b6:e5:1a:39:80:2e:88:2b:17:c8:b9:36:37:38:58:8a:f0: - 62:68:97:25:b5:7a:62:5c:4d:22:2c:30:62:0c:11:f0:4d:70: - 95:c7:2d:9e:ab:c5:ef:2e:a4:29:25:8b:e2:e4:d2:9d:2c:5e: - 60:79:36:98:13:a8:38:6c:00:0d:6a:f0:11:3c:3f:d8:f9:6b: - 16:d1:61:f9:db:53:56:02:43:56:a8:01:3b:88:77:91:a5:6e: - a0:ab:2c:6c:e6:ec:cf:ff:5a:07:94:ea:49:92:d4:87:98:f8: - 89:f0:f7:4f:77:b0:df:c9:89:03:76:d9:31:30:86:f7:e9:8a: - 74:fa:f2:b2:f3:4d:f7:43:41:48:9c:1f:db:ea:23:e3:1e:4c: - 15:76:92:e0:f8:ce:71:35:fd:25:f0:97:cd:99:5d:2c:af:33: - 64:5e:bd:be:35:e3:53:78:6c:10:c8:0e:cc:83:e5:d9:2e:7a: - d9:6d:52:95 + 92:6e:c1:af:88:af:46:f2:6e:8a:8c:27:06:8e:b4:38:35:9b: + 47:92:24:20:e5:a5:13:d8:35:d3:2e:37:ca:74:47:e5:16:a3: + 03:63:16:b4:28:2b:d9:04:ab:ee:e4:0a:e5:87:da:d4:00:3a: + 53:c6:c9:25:6a:8f:49:d2:2e:34:f2:40:65:6e:02:fc:b9:42: + 3f:ef:cb:8c:79:84:03:84:dc:a0:68:1e:c7:c7:36:8c:60:14: + 55:f2:5f:f9:c1:3f:2b:f6:a2:1e:34:1f:83:ba:73:bc:b7:62: + bc:97:66:84:09:b9:2d:76:71:c8:91:fd:e2:e1:39:cf:dd:ec: + 98:a8:49:69:89:a8:18:2a:42:e7:fc:ab:2c:cf:13:ab:63:fe: + b0:19:ea:1a:38:22:16:11:31:34:43:fc:50:c6:ec:19:97:03: + db:e8:07:28:48:88:3a:e5:35:a2:fd:83:12:df:55:70:72:61: + 0d:f8:66:18:52:58:c9:46:97:86:31:9e:a2:43:0c:b9:0f:d3: + eb:35:c9:e5:19:4e:b4:8b:d2:ac:ea:bf:83:2a:48:9d:20:a0: + 08:45:60:92:8a:27:06:93:77:74:bb:0e:22:8e:54:17:f2:d4: + e7:7f:f3:90:4d:cc:75:e7:16:c5:9c:4a:cf:dc:f2:19:18:12: + f5:72:8e:2e -----BEGIN CERTIFICATE----- MIIE8DCCA9igAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM -IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx -MjMwMTkxMjQ2WhcNMTgwOTI1MTkxMjQ2WjCBoTELMAkGA1UEBhMCVVMxEzARBgNV +IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTgw +NDEzMTUyMzEwWhcNMjEwMTA3MTUyMzEwWjCBoTELMAkGA1UEBhMCVVMxEzARBgNV BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSIwIAYDVQQDDBl3b2xmU1NMIGludGVy bWVkaWF0ZSBDQSAyMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIB @@ -177,12 +177,12 @@ DAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdpbmVlcmlu ZzEYMBYGA1UEAwwPd29sZlNTTCByb290IENBMR8wHQYJKoZIhvcNAQkBFhBpbmZv QHdvbGZzc2wuY29tggFjMAsGA1UdDwQEAwIBBjAyBggrBgEFBQcBAQQmMCQwIgYI KwYBBQUHMAGGFmh0dHA6Ly8xMjcuMC4wLjE6MjIyMjAwDQYJKoZIhvcNAQELBQAD -ggEBAB3WFGz1zPnJDcQnwVBJq9c5boYxz2eZwF030BTu2OPaF6WCwiWGMygN9spr -esdy8di5ICfuDH135YsDRpr4mWqOVxrJorF51ra25Ro5gC6IKxfIuTY3OFiK8GJo -lyW1emJcTSIsMGIMEfBNcJXHLZ6rxe8upCkli+Lk0p0sXmB5NpgTqDhsAA1q8BE8 -P9j5axbRYfnbU1YCQ1aoATuId5GlbqCrLGzm7M//WgeU6kmS1IeY+Inw9093sN/J -iQN22TEwhvfpinT68rLzTfdDQUicH9vqI+MeTBV2kuD4znE1/SXwl82ZXSyvM2Re -vb4141N4bBDIDsyD5dkuetltUpU= +ggEBAJJuwa+Ir0byboqMJwaOtDg1m0eSJCDlpRPYNdMuN8p0R+UWowNjFrQoK9kE +q+7kCuWH2tQAOlPGySVqj0nSLjTyQGVuAvy5Qj/vy4x5hAOE3KBoHsfHNoxgFFXy +X/nBPyv2oh40H4O6c7y3YryXZoQJuS12cciR/eLhOc/d7JioSWmJqBgqQuf8qyzP +E6tj/rAZ6ho4IhYRMTRD/FDG7BmXA9voByhIiDrlNaL9gxLfVXByYQ34ZhhSWMlG +l4YxnqJDDLkP0+s1yeUZTrSL0qzqv4MqSJ0goAhFYJKKJwaTd3S7DiKOVBfy1Od/ +85BNzHXnFsWcSs/c8hkYEvVyji4= -----END CERTIFICATE----- Certificate: Data: @@ -191,8 +191,8 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com Validity - Not Before: Dec 30 19:12:46 2015 GMT - Not After : Sep 25 19:12:46 2018 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -233,27 +233,27 @@ Certificate: OCSP - URI:http://127.0.0.1:22220 Signature Algorithm: sha256WithRSAEncryption - 99:a3:7d:72:17:b7:c0:cd:98:bb:55:fa:f2:ea:9f:17:81:6e: - 8e:02:25:c6:4d:42:cd:32:64:13:f4:bf:42:0c:a6:4e:39:45: - 52:92:40:ed:16:78:17:a2:45:5e:d9:19:ac:1d:d4:56:68:c8: - 55:de:65:ae:ba:72:b0:c0:57:52:5e:5b:08:d9:dd:72:ca:18: - 6e:16:61:32:9a:8b:c0:7d:3e:5a:27:bc:2d:81:aa:36:d4:44: - 26:52:07:f2:41:3b:d1:0f:2e:64:2e:a7:f8:0f:c3:0e:d3:9d: - 73:b9:24:12:e8:ca:28:db:4f:48:c2:43:bb:b7:a8:14:be:8d: - 3a:2f:d3:3a:1a:eb:5f:15:61:e3:e8:03:65:88:d5:03:7e:25: - 7a:35:8d:45:17:3f:0d:10:fd:8e:27:31:65:ee:de:9d:5c:68: - 7f:68:95:bc:85:5a:fa:2a:10:37:82:ca:11:84:9b:90:1e:23: - d6:2b:a6:c5:af:89:ef:31:37:56:0a:91:9e:0f:5b:3e:6c:c1: - 7d:29:cd:bb:38:3f:0e:cb:fb:05:04:e6:4f:5c:6a:c5:b6:a4: - 0f:0b:6a:25:bf:e9:ed:82:19:bb:6b:9a:2e:7d:40:58:0b:45: - 0e:ff:c2:73:39:9c:c2:ef:f4:7c:d0:9e:ae:c9:05:e1:e3:5e: - bf:dd:65:6d + 6b:10:b1:f8:cb:77:ef:72:f5:f8:fc:70:6d:18:dc:34:fe:d7: + 95:d8:fd:85:8e:ca:4b:f3:be:1f:eb:14:08:dc:23:34:78:98: + 39:d7:9f:c3:52:f6:14:3d:e9:de:5c:c2:d8:b1:4b:a8:4c:5b: + 91:42:66:da:7f:3c:e9:03:20:5e:08:0f:76:79:b9:21:10:89: + b7:73:46:44:7e:6e:28:0c:00:e4:f4:3e:65:aa:f5:c6:27:57: + 2c:bb:1d:ae:e5:94:57:a3:73:9e:6b:44:00:35:4a:f3:c7:34: + 9c:a2:a7:aa:62:9f:1d:ef:a8:6c:be:07:ad:ef:ae:ee:93:0b: + ba:c3:59:4e:90:40:2d:00:5e:f0:0f:0a:de:18:2a:b3:97:31: + 63:84:ff:18:1c:b6:d8:7d:ee:33:ed:99:f0:f5:7f:88:58:b3: + 0d:90:db:eb:44:7e:06:37:61:d4:34:b9:f6:fd:3e:8d:07:e4: + b5:b0:ae:09:ce:98:e4:b0:1b:d5:7b:53:94:dd:8a:b2:20:d6: + b0:72:f8:b1:bc:76:df:16:86:39:7b:e4:a9:15:47:57:ae:ca: + 41:d6:3a:ba:15:d1:c0:b5:38:66:0b:0f:80:8b:a2:07:b4:fc: + 80:1f:a3:4c:1f:d2:65:97:c1:2c:ae:46:31:61:49:0d:d7:5f: + ac:d2:a6:05 -----BEGIN CERTIFICATE----- MIIE5jCCA86gAwIBAgIBYzANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM -IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx -MjMwMTkxMjQ2WhcNMTgwOTI1MTkxMjQ2WjCBlzELMAkGA1UEBhMCVVMxEzARBgNV +IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTgw +NDEzMTUyMzEwWhcNMjEwMTA3MTUyMzEwWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NMIHJvb3Qg Q0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3 @@ -269,11 +269,11 @@ A1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUx EDAOBgNVBAoMB3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQD DA93b2xmU1NMIHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j b22CAWMwCwYDVR0PBAQDAgEGMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYW -aHR0cDovLzEyNy4wLjAuMToyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAmaN9che3 -wM2Yu1X68uqfF4FujgIlxk1CzTJkE/S/QgymTjlFUpJA7RZ4F6JFXtkZrB3UVmjI -Vd5lrrpysMBXUl5bCNndcsoYbhZhMpqLwH0+Wie8LYGqNtREJlIH8kE70Q8uZC6n -+A/DDtOdc7kkEujKKNtPSMJDu7eoFL6NOi/TOhrrXxVh4+gDZYjVA34lejWNRRc/ -DRD9jicxZe7enVxof2iVvIVa+ioQN4LKEYSbkB4j1iumxa+J7zE3VgqRng9bPmzB -fSnNuzg/Dsv7BQTmT1xqxbakDwtqJb/p7YIZu2uaLn1AWAtFDv/Cczmcwu/0fNCe -rskF4eNev91lbQ== +aHR0cDovLzEyNy4wLjAuMToyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAaxCx+Mt3 +73L1+PxwbRjcNP7Xldj9hY7KS/O+H+sUCNwjNHiYOdefw1L2FD3p3lzC2LFLqExb +kUJm2n886QMgXggPdnm5IRCJt3NGRH5uKAwA5PQ+Zar1xidXLLsdruWUV6NznmtE +ADVK88c0nKKnqmKfHe+obL4Hre+u7pMLusNZTpBALQBe8A8K3hgqs5cxY4T/GBy2 +2H3uM+2Z8PV/iFizDZDb60R+Bjdh1DS59v0+jQfktbCuCc6Y5LAb1XtTlN2KsiDW +sHL4sbx23xaGOXvkqRVHV67KQdY6uhXRwLU4ZgsPgIuiB7T8gB+jTB/SZZfBLK5G +MWFJDddfrNKmBQ== -----END CERTIFICATE----- diff --git a/certs/ocsp/server5-cert.pem b/certs/ocsp/server5-cert.pem index 43ecf9c83..1a6b81c67 100644 --- a/certs/ocsp/server5-cert.pem +++ b/certs/ocsp/server5-cert.pem @@ -5,8 +5,8 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL REVOKED intermediate CA/emailAddress=info@wolfssl.com Validity - Not Before: Dec 30 19:12:47 2015 GMT - Not After : Sep 25 19:12:47 2018 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=www5.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -47,27 +47,27 @@ Certificate: OCSP - URI:http://127.0.0.1:22223 Signature Algorithm: sha256WithRSAEncryption - 79:1c:0f:7c:7d:e5:3d:ec:60:00:c9:a4:d6:f1:67:32:66:57: - 0a:8a:97:af:a6:53:92:c4:4d:cb:a7:3d:24:24:74:19:fb:9c: - d0:25:90:00:ba:32:e2:b2:a8:aa:61:eb:f8:7c:ca:52:5f:8c: - ef:e8:9a:d1:9d:73:a7:6e:72:04:0a:6f:d0:b3:88:de:8d:50: - c5:da:fc:e7:81:f8:12:b0:12:4a:a2:54:84:50:87:2d:ee:08: - 33:dc:2f:ae:2a:ce:57:5e:1d:57:8c:ce:90:4d:9a:a7:4e:cd: - 33:4c:f8:47:5d:9f:68:c3:2c:ed:84:b3:b6:ea:dd:1a:f4:ba: - 9d:fa:b9:a1:df:82:4a:ed:fc:3f:8c:bf:c5:5a:ab:81:93:6b: - a1:65:05:be:00:7b:6c:81:f9:2c:a7:92:60:80:70:de:8d:65: - c7:fa:51:e7:b8:02:de:c0:4d:d8:88:6f:41:18:7a:6f:f4:eb: - e1:7a:ab:f2:0d:e8:f9:9c:c4:64:fc:e8:d6:e2:c2:79:95:b1: - 0a:89:73:e6:4e:bf:35:3f:0b:9f:0c:d5:98:01:15:fe:fb:a3: - 0f:1a:75:21:10:0b:32:16:a9:4e:72:d1:de:1e:a6:df:9d:b3: - bd:2a:14:67:e0:8d:4e:a2:9d:ae:f4:08:97:a5:f7:df:fa:e1: - 00:50:1f:f7 + ba:fe:ad:1d:d4:33:69:13:86:4d:1a:ea:fc:a0:61:00:9a:bd: + 83:7d:53:3d:b5:63:a9:c8:c2:b6:10:4d:fb:5f:f2:e5:b1:e4: + 1a:9b:85:36:8f:3c:d3:09:98:4c:c5:3e:10:ed:a3:74:a5:3c: + fc:d9:b2:80:38:6c:be:f4:8b:52:40:0e:45:e8:fd:a2:29:d8: + 5c:f9:1d:14:76:3d:8d:41:74:3c:56:05:d2:a3:2e:14:5b:35: + 95:97:cf:c1:01:cf:a2:26:38:0b:76:12:bd:c4:68:f2:f5:49: + ed:7e:eb:4e:08:73:fe:82:06:8e:ce:c4:22:d5:16:ef:0e:62: + d5:f1:08:b8:2e:02:75:23:52:04:cf:cb:aa:1c:ce:77:b6:3a: + e9:78:53:c4:37:d4:cc:7f:96:5d:97:89:35:da:a6:23:77:87: + 60:4a:a8:f8:b6:e6:1a:00:c5:74:98:88:b2:01:fd:23:81:05: + f5:bb:96:60:55:ae:3b:9f:bf:c9:82:e1:24:d6:1d:1f:5d:9c: + f7:1b:cb:37:3e:4f:c8:ca:65:c1:33:69:75:62:83:bb:87:45: + 47:bd:b2:b6:55:ef:8f:7c:5f:fd:14:75:96:4f:3e:19:d8:88: + 67:5d:75:ae:77:8f:38:3f:a2:7e:f6:f8:b8:c8:57:28:10:9d: + 1e:cd:c3:5c -----BEGIN CERTIFICATE----- MIIE9DCCA9ygAwIBAgIBCTANBgkqhkiG9w0BAQsFADCBpzELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSgwJgYDVQQDDB93b2xmU1NM IFJFVk9LRUQgaW50ZXJtZWRpYXRlIENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv -bGZzc2wuY29tMB4XDTE1MTIzMDE5MTI0N1oXDTE4MDkyNTE5MTI0N1owgZgxCzAJ +bGZzc2wuY29tMB4XDTE4MDQxMzE1MjMxMFoXDTIxMDEwNzE1MjMxMFowgZgxCzAJ BgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxl MRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEZMBcGA1UE AwwQd3d3NS53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3Ns @@ -84,12 +84,12 @@ A1UEBwwHU2VhdHRsZTEQMA4GA1UECgwHd29sZlNTTDEUMBIGA1UECwwLRW5naW5l ZXJpbmcxGDAWBgNVBAMMD3dvbGZTU0wgcm9vdCBDQTEfMB0GCSqGSIb3DQEJARYQ aW5mb0B3b2xmc3NsLmNvbYIBAzALBgNVHQ8EBAMCBeAwMgYIKwYBBQUHAQEEJjAk MCIGCCsGAQUFBzABhhZodHRwOi8vMTI3LjAuMC4xOjIyMjIzMA0GCSqGSIb3DQEB -CwUAA4IBAQB5HA98feU97GAAyaTW8WcyZlcKipevplOSxE3Lpz0kJHQZ+5zQJZAA -ujLisqiqYev4fMpSX4zv6JrRnXOnbnIECm/Qs4jejVDF2vzngfgSsBJKolSEUIct -7ggz3C+uKs5XXh1XjM6QTZqnTs0zTPhHXZ9owyzthLO26t0a9Lqd+rmh34JK7fw/ -jL/FWquBk2uhZQW+AHtsgfksp5JggHDejWXH+lHnuALewE3YiG9BGHpv9Ovheqvy -Dej5nMRk/OjW4sJ5lbEKiXPmTr81PwufDNWYARX++6MPGnUhEAsyFqlOctHeHqbf -nbO9KhRn4I1Oop2u9AiXpfff+uEAUB/3 +CwUAA4IBAQC6/q0d1DNpE4ZNGur8oGEAmr2DfVM9tWOpyMK2EE37X/LlseQam4U2 +jzzTCZhMxT4Q7aN0pTz82bKAOGy+9ItSQA5F6P2iKdhc+R0Udj2NQXQ8VgXSoy4U +WzWVl8/BAc+iJjgLdhK9xGjy9UntfutOCHP+ggaOzsQi1RbvDmLV8Qi4LgJ1I1IE +z8uqHM53tjrpeFPEN9TMf5Zdl4k12qYjd4dgSqj4tuYaAMV0mIiyAf0jgQX1u5Zg +Va47n7/JguEk1h0fXZz3G8s3Pk/IymXBM2l1YoO7h0VHvbK2Ve+PfF/9FHWWTz4Z +2IhnXXWud484P6J+9vi4yFcoEJ0ezcNc -----END CERTIFICATE----- Certificate: Data: @@ -98,8 +98,8 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com Validity - Not Before: Dec 30 19:12:46 2015 GMT - Not After : Sep 25 19:12:46 2018 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL REVOKED intermediate CA/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -140,27 +140,27 @@ Certificate: OCSP - URI:http://127.0.0.1:22220 Signature Algorithm: sha256WithRSAEncryption - 9a:47:17:70:ff:92:e7:b5:51:a0:d2:5d:f3:e3:dd:90:ec:c9: - 8f:ad:61:74:30:ba:d9:60:ba:5b:cf:da:03:4f:c8:50:5a:f4: - 5e:e0:e3:a0:ce:de:43:6c:56:e0:bc:35:e9:0d:bb:53:0e:22: - 7f:21:42:6c:2a:0f:67:b2:8a:1a:f5:e8:1f:a9:a1:90:11:d0: - ec:18:90:ba:ee:cf:d4:18:28:1b:9c:96:8e:d6:48:bd:6f:66: - 79:df:04:0d:04:d3:13:69:b8:24:15:7c:3b:bc:b9:fc:1d:dd: - cc:45:a5:c1:04:c9:d3:68:a7:de:cd:1e:aa:cc:bd:3d:f4:12: - eb:3d:01:44:11:fd:1d:bd:a0:7a:4c:24:f2:39:78:17:c1:1f: - 8c:b8:ab:01:f3:98:88:ff:bd:2c:1b:43:bb:fe:37:94:65:b4: - 3c:e6:11:8c:5d:36:de:ab:84:a5:6d:30:23:dc:ad:b1:74:24: - 2a:bb:49:f0:37:ef:db:9a:eb:4e:fc:f9:a2:47:06:3a:09:9d: - 4f:c3:c6:dc:18:90:47:42:f4:bc:8d:75:be:7c:c8:d5:47:a6: - bb:c2:1e:55:16:8f:a4:62:cc:1f:7c:cf:5a:b5:41:6d:98:f4: - 15:b9:fc:5a:3e:47:75:a0:f7:b0:df:33:54:a9:7c:f0:da:3c: - 65:c2:e6:1a + 63:bf:90:58:0c:44:08:57:7d:94:7e:eb:fd:9d:90:f6:1d:a5: + 91:2a:32:38:a7:f7:39:c2:c0:9c:93:26:bc:f4:4b:81:0a:0f: + 07:2d:4f:a9:20:9a:3e:2c:24:0c:30:10:d7:be:96:ab:ee:1f: + 2c:f8:71:7c:1a:c1:ae:b7:64:e1:7e:18:53:c3:ae:d5:04:16: + f7:e5:34:c2:d1:a3:31:d4:9b:f4:b7:c1:96:1f:a7:3c:3a:bf: + fd:06:be:76:f4:da:95:f9:6f:be:4f:24:a7:0f:b0:2c:12:4d: + d6:55:ea:f8:0a:30:91:32:4f:a3:14:6d:ec:cd:85:12:1f:da: + 78:8a:b1:9a:74:fb:fd:00:45:4a:30:83:45:16:a0:8f:b7:7f: + 23:33:91:c6:81:ac:f3:9b:cd:53:6b:9a:fa:36:9b:5d:3c:72: + a8:73:4f:1e:b5:da:ba:08:3d:9b:ca:7a:d6:c2:bf:6e:9f:a5: + 9e:db:61:bc:a5:42:a7:d4:92:4a:7e:a3:3d:1b:aa:d3:c2:93: + ad:ce:3b:0e:2b:61:44:1e:3c:61:54:0d:6a:26:21:54:c6:e0: + ed:3d:da:27:cd:89:5a:f8:1f:0f:46:80:c1:f2:80:cc:52:f1: + 7f:ce:10:68:66:3f:ee:90:25:45:d4:f8:87:f9:5d:5d:74:3d: + aa:3d:43:1c -----BEGIN CERTIFICATE----- MIIE9jCCA96gAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM -IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx -MjMwMTkxMjQ2WhcNMTgwOTI1MTkxMjQ2WjCBpzELMAkGA1UEBhMCVVMxEzARBgNV +IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTgw +NDEzMTUyMzEwWhcNMjEwMTA3MTUyMzEwWjCBpzELMAkGA1UEBhMCVVMxEzARBgNV BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSgwJgYDVQQDDB93b2xmU1NMIFJFVk9L RUQgaW50ZXJtZWRpYXRlIENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu @@ -177,12 +177,12 @@ DgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdp bmVlcmluZzEYMBYGA1UEAwwPd29sZlNTTCByb290IENBMR8wHQYJKoZIhvcNAQkB FhBpbmZvQHdvbGZzc2wuY29tggFjMAsGA1UdDwQEAwIBBjAyBggrBgEFBQcBAQQm MCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly8xMjcuMC4wLjE6MjIyMjAwDQYJKoZIhvcN -AQELBQADggEBAJpHF3D/kue1UaDSXfPj3ZDsyY+tYXQwutlgulvP2gNPyFBa9F7g -46DO3kNsVuC8NekNu1MOIn8hQmwqD2eyihr16B+poZAR0OwYkLruz9QYKBuclo7W -SL1vZnnfBA0E0xNpuCQVfDu8ufwd3cxFpcEEydNop97NHqrMvT30Eus9AUQR/R29 -oHpMJPI5eBfBH4y4qwHzmIj/vSwbQ7v+N5RltDzmEYxdNt6rhKVtMCPcrbF0JCq7 -SfA379ua6078+aJHBjoJnU/DxtwYkEdC9LyNdb58yNVHprvCHlUWj6RizB98z1q1 -QW2Y9BW5/Fo+R3Wg97DfM1SpfPDaPGXC5ho= +AQELBQADggEBAGO/kFgMRAhXfZR+6/2dkPYdpZEqMjin9znCwJyTJrz0S4EKDwct +T6kgmj4sJAwwENe+lqvuHyz4cXwawa63ZOF+GFPDrtUEFvflNMLRozHUm/S3wZYf +pzw6v/0Gvnb02pX5b75PJKcPsCwSTdZV6vgKMJEyT6MUbezNhRIf2niKsZp0+/0A +RUowg0UWoI+3fyMzkcaBrPObzVNrmvo2m108cqhzTx612roIPZvKetbCv26fpZ7b +YbylQqfUkkp+oz0bqtPCk63OOw4rYUQePGFUDWomIVTG4O092ifNiVr4Hw9GgMHy +gMxS8X/OEGhmP+6QJUXU+If5XV10Pao9Qxw= -----END CERTIFICATE----- Certificate: Data: @@ -191,8 +191,8 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com Validity - Not Before: Dec 30 19:12:46 2015 GMT - Not After : Sep 25 19:12:46 2018 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Engineering, CN=wolfSSL root CA/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -233,27 +233,27 @@ Certificate: OCSP - URI:http://127.0.0.1:22220 Signature Algorithm: sha256WithRSAEncryption - 99:a3:7d:72:17:b7:c0:cd:98:bb:55:fa:f2:ea:9f:17:81:6e: - 8e:02:25:c6:4d:42:cd:32:64:13:f4:bf:42:0c:a6:4e:39:45: - 52:92:40:ed:16:78:17:a2:45:5e:d9:19:ac:1d:d4:56:68:c8: - 55:de:65:ae:ba:72:b0:c0:57:52:5e:5b:08:d9:dd:72:ca:18: - 6e:16:61:32:9a:8b:c0:7d:3e:5a:27:bc:2d:81:aa:36:d4:44: - 26:52:07:f2:41:3b:d1:0f:2e:64:2e:a7:f8:0f:c3:0e:d3:9d: - 73:b9:24:12:e8:ca:28:db:4f:48:c2:43:bb:b7:a8:14:be:8d: - 3a:2f:d3:3a:1a:eb:5f:15:61:e3:e8:03:65:88:d5:03:7e:25: - 7a:35:8d:45:17:3f:0d:10:fd:8e:27:31:65:ee:de:9d:5c:68: - 7f:68:95:bc:85:5a:fa:2a:10:37:82:ca:11:84:9b:90:1e:23: - d6:2b:a6:c5:af:89:ef:31:37:56:0a:91:9e:0f:5b:3e:6c:c1: - 7d:29:cd:bb:38:3f:0e:cb:fb:05:04:e6:4f:5c:6a:c5:b6:a4: - 0f:0b:6a:25:bf:e9:ed:82:19:bb:6b:9a:2e:7d:40:58:0b:45: - 0e:ff:c2:73:39:9c:c2:ef:f4:7c:d0:9e:ae:c9:05:e1:e3:5e: - bf:dd:65:6d + 6b:10:b1:f8:cb:77:ef:72:f5:f8:fc:70:6d:18:dc:34:fe:d7: + 95:d8:fd:85:8e:ca:4b:f3:be:1f:eb:14:08:dc:23:34:78:98: + 39:d7:9f:c3:52:f6:14:3d:e9:de:5c:c2:d8:b1:4b:a8:4c:5b: + 91:42:66:da:7f:3c:e9:03:20:5e:08:0f:76:79:b9:21:10:89: + b7:73:46:44:7e:6e:28:0c:00:e4:f4:3e:65:aa:f5:c6:27:57: + 2c:bb:1d:ae:e5:94:57:a3:73:9e:6b:44:00:35:4a:f3:c7:34: + 9c:a2:a7:aa:62:9f:1d:ef:a8:6c:be:07:ad:ef:ae:ee:93:0b: + ba:c3:59:4e:90:40:2d:00:5e:f0:0f:0a:de:18:2a:b3:97:31: + 63:84:ff:18:1c:b6:d8:7d:ee:33:ed:99:f0:f5:7f:88:58:b3: + 0d:90:db:eb:44:7e:06:37:61:d4:34:b9:f6:fd:3e:8d:07:e4: + b5:b0:ae:09:ce:98:e4:b0:1b:d5:7b:53:94:dd:8a:b2:20:d6: + b0:72:f8:b1:bc:76:df:16:86:39:7b:e4:a9:15:47:57:ae:ca: + 41:d6:3a:ba:15:d1:c0:b5:38:66:0b:0f:80:8b:a2:07:b4:fc: + 80:1f:a3:4c:1f:d2:65:97:c1:2c:ae:46:31:61:49:0d:d7:5f: + ac:d2:a6:05 -----BEGIN CERTIFICATE----- MIIE5jCCA86gAwIBAgIBYzANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM -IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUx -MjMwMTkxMjQ2WhcNMTgwOTI1MTkxMjQ2WjCBlzELMAkGA1UEBhMCVVMxEzARBgNV +IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTgw +NDEzMTUyMzEwWhcNMjEwMTA3MTUyMzEwWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NMIHJvb3Qg Q0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3 @@ -269,11 +269,11 @@ A1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUx EDAOBgNVBAoMB3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQD DA93b2xmU1NMIHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j b22CAWMwCwYDVR0PBAQDAgEGMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYW -aHR0cDovLzEyNy4wLjAuMToyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAmaN9che3 -wM2Yu1X68uqfF4FujgIlxk1CzTJkE/S/QgymTjlFUpJA7RZ4F6JFXtkZrB3UVmjI -Vd5lrrpysMBXUl5bCNndcsoYbhZhMpqLwH0+Wie8LYGqNtREJlIH8kE70Q8uZC6n -+A/DDtOdc7kkEujKKNtPSMJDu7eoFL6NOi/TOhrrXxVh4+gDZYjVA34lejWNRRc/ -DRD9jicxZe7enVxof2iVvIVa+ioQN4LKEYSbkB4j1iumxa+J7zE3VgqRng9bPmzB -fSnNuzg/Dsv7BQTmT1xqxbakDwtqJb/p7YIZu2uaLn1AWAtFDv/Cczmcwu/0fNCe -rskF4eNev91lbQ== +aHR0cDovLzEyNy4wLjAuMToyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAaxCx+Mt3 +73L1+PxwbRjcNP7Xldj9hY7KS/O+H+sUCNwjNHiYOdefw1L2FD3p3lzC2LFLqExb +kUJm2n886QMgXggPdnm5IRCJt3NGRH5uKAwA5PQ+Zar1xidXLLsdruWUV6NznmtE +ADVK88c0nKKnqmKfHe+obL4Hre+u7pMLusNZTpBALQBe8A8K3hgqs5cxY4T/GBy2 +2H3uM+2Z8PV/iFizDZDb60R+Bjdh1DS59v0+jQfktbCuCc6Y5LAb1XtTlN2KsiDW +sHL4sbx23xaGOXvkqRVHV67KQdY6uhXRwLU4ZgsPgIuiB7T8gB+jTB/SZZfBLK5G +MWFJDddfrNKmBQ== -----END CERTIFICATE----- diff --git a/certs/server-cert.der b/certs/server-cert.der index e678c3d6e8b6aa1e976dbac2324a59cde3d760c3..0dc446b099fed7776d49e860e4f2ed81711ed223 100644 GIT binary patch delta 318 zcmZ3)xrlSZZaE7B6GLM|QzK(TgD7!cBSQm219K?XpmDYcs%jq(@2T|83N-RpgR|0_DYhP7Ju^y|3P zS*w|zbVOTsb00sma#{Do_6?F!JQ@-CGlS~hZm`O*?&0DnDO$ag^XOZax_oXKPQ?pn z>wg}JQ&)J>S{%fBY1fad{f=jp^@MWw7|wW}ytq&8>d7 XX!6AHD{mw`ko&sk zVAsNpb*+8v3i=#|YvYc2ok;vLk6mt&(%a&i)_1>>?gW^v`g?rtDhZa~ug>UX%-+26 z(6k!|&qURI=bgv#V6J9&i(CKYiCJ5BRK=X}4`tjj%VWV5=ToZgL0sRz?Avg$Fn4K? YS8BkfwSKY>au{#?c5Zm~go(!-0C%jEKmY&$ diff --git a/certs/server-cert.pem b/certs/server-cert.pem index 5504c822f..c44ba3e64 100644 --- a/certs/server-cert.pem +++ b/certs/server-cert.pem @@ -5,8 +5,8 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Aug 11 20:07:37 2016 GMT - Not After : May 8 20:07:37 2019 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL, OU=Support, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -37,32 +37,32 @@ Certificate: X509v3 Authority Key Identifier: keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:B7:B6:90:33:66:1B:6B:23 + serial:86:FF:F5:8E:10:DE:B8:FB X509v3 Basic Constraints: CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 51:fe:2a:df:07:7e:43:ca:66:8d:15:c4:2b:db:57:b2:06:6d: - 0d:90:66:ff:a5:24:9c:14:ef:81:f2:a4:ab:99:a9:6a:49:20: - a5:d2:71:e7:1c:3c:99:07:c7:47:fc:e8:96:b4:f5:42:30:ce: - 39:01:4b:d1:c2:e8:bc:95:84:87:ce:55:5d:97:9f:cf:78:f3: - 56:9b:a5:08:6d:ac:f6:a5:5c:c4:ef:3e:2a:39:a6:48:26:29: - 7b:2d:e0:cd:a6:8c:57:48:0b:bb:31:32:c2:bf:d9:43:4c:47: - 25:18:81:a8:c9:33:82:41:9b:ba:61:86:d7:84:93:17:24:25: - 36:ca:4d:63:6b:4f:95:79:d8:60:e0:1e:f5:ac:c1:8a:a1:b1: - 7e:85:8e:87:20:2f:08:31:ad:5e:c6:4a:c8:61:f4:9e:07:1e: - a2:22:ed:73:7c:85:ee:fa:62:dc:50:36:aa:fd:c7:9d:aa:18: - 04:fb:ea:cc:2c:68:9b:b3:a9:c2:96:d8:c1:cc:5a:7e:f7:0d: - 9e:08:e0:9d:29:8b:84:46:8f:d3:91:6a:b5:b8:7a:5c:cc:4f: - 55:01:b8:9a:48:a0:94:43:ca:25:47:52:0a:f7:f4:be:b0:d1: - 71:6d:a5:52:4a:65:50:b2:ad:4e:1d:e0:6c:01:d8:fb:43:80: - e6:e4:0c:37 + b4:54:60:ad:a0:03:32:de:02:7f:21:4a:81:c6:ed:cd:cd:d8: + 12:8a:c0:ba:82:5b:75:ad:54:e3:7c:80:6a:ac:2e:6c:20:4e: + be:4d:82:a7:47:13:5c:f4:c6:6a:2b:10:99:58:de:ab:6b:7c: + 22:05:c1:83:9d:cb:ff:3c:e4:2d:57:6a:a6:96:df:d3:c1:68: + e3:d2:c6:83:4b:97:e2:c6:32:0e:be:c4:03:b9:07:8a:5b:b8: + 84:ba:c5:39:3f:1c:58:a7:55:d7:f0:9b:e8:d2:45:b9:e3:83: + 2e:ee:b6:71:56:b9:3a:ee:3f:27:d8:77:e8:fb:44:48:65:27: + 47:4c:fb:fe:72:c3:ac:05:7b:1d:cb:eb:5e:65:9a:ab:02:e4: + 88:5b:3b:8b:0b:c7:cc:a9:a6:8b:e1:87:b0:19:1a:0c:28:58: + 6f:99:52:7e:ed:b0:3a:68:3b:8c:0a:08:74:72:ab:b9:09:c5: + ed:04:7e:6f:0b:1c:09:21:d0:cd:7f:f9:c4:5e:27:20:e4:85: + 73:52:05:d2:ba:f8:d5:8f:41:cc:23:2e:12:6d:bc:31:98:e7: + 63:a3:8e:26:cd:e8:2b:88:ee:e2:fe:3a:74:52:34:0e:fd:12: + e5:5e:69:50:20:31:34:e4:31:f1:e7:e4:5b:03:13:da:ac:41: + 6c:e7:cf:2b -----BEGIN CERTIFICATE----- MIIEnjCCA4agAwIBAgIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz -bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTYwODEx -MjAwNzM3WhcNMTkwNTA4MjAwNzM3WjCBkDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM +bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTgwNDEz +MTUyMzEwWhcNMjEwMTA3MTUyMzEwWjCBkDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xEDAOBgNVBAoMB3dvbGZTU0wxEDAO BgNVBAsMB1N1cHBvcnQxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP @@ -76,24 +76,23 @@ sxEyyZKYhOLJ+NA7bgNCyh8OjjwwgckGA1UdIwSBwTCBvoAUJ45nEXTDJh0/7TNj s6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5h MRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwK Q29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcN -AQkBFhBpbmZvQHdvbGZzc2wuY29tggkAt7aQM2YbayMwDAYDVR0TBAUwAwEB/zAN -BgkqhkiG9w0BAQsFAAOCAQEAUf4q3wd+Q8pmjRXEK9tXsgZtDZBm/6UknBTvgfKk -q5mpakkgpdJx5xw8mQfHR/zolrT1QjDOOQFL0cLovJWEh85VXZefz3jzVpulCG2s -9qVcxO8+KjmmSCYpey3gzaaMV0gLuzEywr/ZQ0xHJRiBqMkzgkGbumGG14STFyQl -NspNY2tPlXnYYOAe9azBiqGxfoWOhyAvCDGtXsZKyGH0ngceoiLtc3yF7vpi3FA2 -qv3HnaoYBPvqzCxom7OpwpbYwcxafvcNngjgnSmLhEaP05Fqtbh6XMxPVQG4mkig -lEPKJUdSCvf0vrDRcW2lUkplULKtTh3gbAHY+0OA5uQMNw== +AQkBFhBpbmZvQHdvbGZzc2wuY29tggkAhv/1jhDeuPswDAYDVR0TBAUwAwEB/zAN +BgkqhkiG9w0BAQsFAAOCAQEAtFRgraADMt4CfyFKgcbtzc3YEorAuoJbda1U43yA +aqwubCBOvk2Cp0cTXPTGaisQmVjeq2t8IgXBg53L/zzkLVdqppbf08Fo49LGg0uX +4sYyDr7EA7kHilu4hLrFOT8cWKdV1/Cb6NJFueODLu62cVa5Ou4/J9h36PtESGUn +R0z7/nLDrAV7HcvrXmWaqwLkiFs7iwvHzKmmi+GHsBkaDChYb5lSfu2wOmg7jAoI +dHKruQnF7QR+bwscCSHQzX/5xF4nIOSFc1IF0rr41Y9BzCMuEm28MZjnY6OOJs3o +K4ju4v46dFI0Dv0S5V5pUCAxNOQx8efkWwMT2qxBbOfPKw== -----END CERTIFICATE----- Certificate: Data: Version: 3 (0x2) - Serial Number: - b7:b6:90:33:66:1b:6b:23 + Serial Number: 9727763710660753659 (0x86fff58e10deb8fb) Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Aug 11 20:07:37 2016 GMT - Not After : May 8 20:07:37 2019 GMT + Not Before: Apr 13 15:23:09 2018 GMT + Not After : Jan 7 15:23:09 2021 GMT Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -124,32 +123,32 @@ Certificate: X509v3 Authority Key Identifier: keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:B7:B6:90:33:66:1B:6B:23 + serial:86:FF:F5:8E:10:DE:B8:FB X509v3 Basic Constraints: CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 0e:93:48:44:4a:72:96:60:71:25:82:a9:2c:ca:60:5b:f2:88: - 3e:cf:11:74:5a:11:4a:dc:d9:d8:f6:58:2c:05:d3:56:d9:e9: - 8f:37:ef:8e:3e:3b:ff:22:36:00:ca:d8:e2:96:3f:a7:d1:ed: - 1f:de:7a:b0:d7:8f:36:bd:41:55:1e:d4:b9:86:3b:87:25:69: - 35:60:48:d6:e4:5a:94:ce:a2:fa:70:38:36:c4:85:b4:4b:23: - fe:71:9e:2f:db:06:c7:b5:9c:21:f0:3e:7c:eb:91:f8:5c:09: - fd:84:43:a4:b3:4e:04:0c:22:31:71:6a:48:c8:ab:bb:e8:ce: - fa:67:15:1a:3a:82:98:43:33:b5:0e:1f:1e:89:f8:37:de:1b: - e6:b5:a0:f4:a2:8b:b7:1c:90:ba:98:6d:94:21:08:80:5d:f3: - bf:66:ad:c9:72:28:7a:6a:48:ee:cf:63:69:31:8c:c5:8e:66: - da:4b:78:65:e8:03:3a:4b:f8:cc:42:54:d3:52:5c:2d:04:ae: - 26:87:e1:7e:40:cb:45:41:16:4b:6e:a3:2e:4a:76:bd:29:7f: - 1c:53:37:06:ad:e9:5b:6a:d6:b7:4e:94:a2:7c:e8:ac:4e:a6: - 50:3e:2b:32:9e:68:42:1b:e4:59:67:61:ea:c7:9a:51:9c:1c: - 55:a3:77:76 + 9e:28:88:72:00:ca:e6:e7:97:ca:c1:f1:1f:9e:12:b2:b8:c7: + 51:ea:28:e1:36:b5:2d:e6:2f:08:23:cb:a9:4a:87:25:c6:5d: + 89:45:ea:f5:00:98:ac:76:fb:1b:af:f0:ce:64:9e:da:08:bf: + b6:eb:b4:b5:0c:a0:e7:f6:47:59:1c:61:cf:2e:0e:58:a4:82: + ac:0f:3f:ec:c4:ae:80:f7:b0:8a:1e:85:41:e8:ff:fe:fe:4f: + 1a:24:d5:49:fa:fb:fe:5e:e5:d3:91:0e:4f:4e:0c:21:51:71: + 83:04:6b:62:7b:4f:59:76:48:81:1e:b4:f7:04:47:8a:91:57: + a3:11:a9:f2:20:b4:78:33:62:3d:b0:5e:0d:f9:86:38:82:da: + a1:98:8d:19:06:87:21:39:b7:02:f7:da:7d:58:ba:52:15:d8: + 3b:c9:7b:58:34:a0:c7:e2:7c:a9:83:13:e1:b6:ec:01:bf:52: + 33:0b:c4:fe:43:d3:c6:a4:8e:2f:87:7f:7a:44:ea:ca:53:6c: + 85:ed:65:76:73:31:03:4e:ea:bd:35:54:13:f3:64:87:6b:df: + 34:dd:34:a1:88:3b:db:4d:af:1b:64:90:92:71:30:8e:c8:cc: + e5:60:24:af:31:16:39:33:91:50:f9:ab:68:42:74:7a:35:d9: + dd:c8:c4:52 -----BEGIN CERTIFICATE----- -MIIEqjCCA5KgAwIBAgIJALe2kDNmG2sjMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD +MIIEqjCCA5KgAwIBAgIJAIb/9Y4Q3rj7MA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3 dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAe -Fw0xNjA4MTEyMDA3MzdaFw0xOTA1MDgyMDA3MzdaMIGUMQswCQYDVQQGEwJVUzEQ +Fw0xODA0MTMxNTIzMDlaFw0yMTAxMDcxNTIzMDlaMIGUMQswCQYDVQQGEwJVUzEQ MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3 dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZI @@ -163,11 +162,11 @@ XDjNdyXvvYB1U5Q8PcpjW58VtdMdEy8Z0TzbdjrMuH3J5cLX2kBv2CHccxtCLVOc J45nEXTDJh0/7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYD VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290 aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t -MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkAt7aQM2YbayMwDAYD -VR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEADpNIREpylmBxJYKpLMpgW/KI -Ps8RdFoRStzZ2PZYLAXTVtnpjzfvjj47/yI2AMrY4pY/p9HtH956sNePNr1BVR7U -uYY7hyVpNWBI1uRalM6i+nA4NsSFtEsj/nGeL9sGx7WcIfA+fOuR+FwJ/YRDpLNO -BAwiMXFqSMiru+jO+mcVGjqCmEMztQ4fHon4N94b5rWg9KKLtxyQuphtlCEIgF3z -v2atyXIoempI7s9jaTGMxY5m2kt4ZegDOkv4zEJU01JcLQSuJofhfkDLRUEWS26j -Lkp2vSl/HFM3Bq3pW2rWt06UonzorE6mUD4rMp5oQhvkWWdh6seaUZwcVaN3dg== +MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkAhv/1jhDeuPswDAYD +VR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAniiIcgDK5ueXysHxH54SsrjH +Ueoo4Ta1LeYvCCPLqUqHJcZdiUXq9QCYrHb7G6/wzmSe2gi/tuu0tQyg5/ZHWRxh +zy4OWKSCrA8/7MSugPewih6FQej//v5PGiTVSfr7/l7l05EOT04MIVFxgwRrYntP +WXZIgR609wRHipFXoxGp8iC0eDNiPbBeDfmGOILaoZiNGQaHITm3AvfafVi6UhXY +O8l7WDSgx+J8qYMT4bbsAb9SMwvE/kPTxqSOL4d/ekTqylNshe1ldnMxA07qvTVU +E/Nkh2vfNN00oYg7202vG2SQknEwjsjM5WAkrzEWOTORUPmraEJ0ejXZ3cjEUg== -----END CERTIFICATE----- diff --git a/certs/server-ecc-comp.der b/certs/server-ecc-comp.der index 4de0dac00e398c3e1f1a3c166d9e52fa12a80147..b53fe8c8123c90a67fe1bb51756f22ca4ca42cd3 100644 GIT binary patch delta 171 zcmZ3%wwz7Epov-8po!_!0%j&gCMHgXhKiHh*`kg%Pn6gqWno}qXl!U|WNc^a*tiXQ3CvUbpMKdY5-gf0uiRjaN_KGKGPmw>D^k?1a RFAqunoNkqHm*aAf9RQEcW=6*U23%|$T5TTZY+0C@m^~N_T$vOZP6@o} z|M+^6WZ8AGkWY#-7JPY1wo{kvJ<)UNhQ{SNin&Y*g_hjBZ!&sPw&`TtV%~V;`IYad SmlfA>FdW;#GFRL#tsVgO;XA_s diff --git a/certs/server-ecc-comp.pem b/certs/server-ecc-comp.pem index cdff9f74d..1f40a07a8 100644 --- a/certs/server-ecc-comp.pem +++ b/certs/server-ecc-comp.pem @@ -1,13 +1,12 @@ Certificate: Data: Version: 3 (0x2) - Serial Number: - c3:cd:c5:e4:24:18:70:ca + Serial Number: 9257370821982864771 (0x8078c9b7065ac583) Signature Algorithm: ecdsa-with-SHA256 Issuer: C=US, ST=Montana, L=Bozeman, O=Elliptic - comp, OU=Server ECC-comp, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Aug 11 20:07:38 2016 GMT - Not After : May 8 20:07:38 2019 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Montana, L=Bozeman, O=Elliptic - comp, OU=Server ECC-comp, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: id-ecPublicKey @@ -24,21 +23,21 @@ Certificate: X509v3 Authority Key Identifier: keyid:8C:38:3A:6B:B8:24:B7:DF:6E:F4:59:AC:56:4E:AA:E2:58:A6:5A:18 DirName:/C=US/ST=Montana/L=Bozeman/O=Elliptic - comp/OU=Server ECC-comp/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:C3:CD:C5:E4:24:18:70:CA + serial:80:78:C9:B7:06:5A:C5:83 X509v3 Basic Constraints: CA:TRUE Signature Algorithm: ecdsa-with-SHA256 - 30:45:02:21:00:ca:10:ec:8f:f1:eb:92:19:76:d7:16:54:f2: - 21:1c:38:0e:6e:22:3d:95:a4:bd:c8:8c:d2:d8:28:d3:9c:21: - 6d:02:20:71:39:0b:0d:ec:68:8c:64:b6:2c:68:da:03:b1:d8: - e7:d4:f7:cb:a6:73:7e:08:00:c6:b8:04:9d:17:3e:66:7f + 30:44:02:20:31:44:d0:4e:d7:c4:b4:96:a3:e6:25:fd:fa:d6: + 28:a8:67:51:72:90:95:31:f9:cd:10:bf:11:e4:ec:b7:42:5b: + 02:20:45:db:45:0a:24:58:8e:2e:e6:ea:0c:6c:bc:72:4f:0a: + 1b:f3:2d:97:e9:c2:19:f9:97:3a:60:dd:08:d3:52:3e -----BEGIN CERTIFICATE----- -MIIDJDCCAsqgAwIBAgIJAMPNxeQkGHDKMAoGCCqGSM49BAMCMIGgMQswCQYDVQQG +MIIDIzCCAsqgAwIBAgIJAIB4ybcGWsWDMAoGCCqGSM49BAMCMIGgMQswCQYDVQQG EwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEYMBYGA1UE CgwPRWxsaXB0aWMgLSBjb21wMRgwFgYDVQQLDA9TZXJ2ZXIgRUNDLWNvbXAxGDAW BgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xm -c3NsLmNvbTAeFw0xNjA4MTEyMDA3MzhaFw0xOTA1MDgyMDA3MzhaMIGgMQswCQYD +c3NsLmNvbTAeFw0xODA0MTMxNTIzMTBaFw0yMTAxMDcxNTIzMTBaMIGgMQswCQYD VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEYMBYG A1UECgwPRWxsaXB0aWMgLSBjb21wMRgwFgYDVQQLDA9TZXJ2ZXIgRUNDLWNvbXAx GDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3 @@ -48,7 +47,7 @@ bvRZrFZOquJYploYMIHVBgNVHSMEgc0wgcqAFIw4Omu4JLffbvRZrFZOquJYploY oYGmpIGjMIGgMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UE BwwHQm96ZW1hbjEYMBYGA1UECgwPRWxsaXB0aWMgLSBjb21wMRgwFgYDVQQLDA9T ZXJ2ZXIgRUNDLWNvbXAxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG -SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIJAMPNxeQkGHDKMAwGA1UdEwQFMAMB -Af8wCgYIKoZIzj0EAwIDSAAwRQIhAMoQ7I/x65IZdtcWVPIhHDgObiI9laS9yIzS -2CjTnCFtAiBxOQsN7GiMZLYsaNoDsdjn1PfLpnN+CADGuASdFz5mfw== +SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIJAIB4ybcGWsWDMAwGA1UdEwQFMAMB +Af8wCgYIKoZIzj0EAwIDRwAwRAIgMUTQTtfEtJaj5iX9+tYoqGdRcpCVMfnNEL8R +5Oy3QlsCIEXbRQokWI4u5uoMbLxyTwob8y2X6cIZ+Zc6YN0I01I+ -----END CERTIFICATE----- diff --git a/certs/server-ecc-rsa.der b/certs/server-ecc-rsa.der index 1c6f8f5f12a2b9348ada963bd4a92fc6b0112b0e..82aba2a5d3bd9dd5cb296d77439c0c477fbfbcb3 100644 GIT binary patch delta 309 zcmaFD{)BzPZYc``6GLM|QzK(TgD7!cBSQm219J#>b2UXgw0hoxLpm!0%T|<+UDVt1T5cuLgD6WgAonNW4g5-M715tbESyD5YsLH%x2Z z?rb>y{NL7~8$l=1V}2+VnNFUR^TsCYSfj$yvjIO9tCm&CJ&#n1?V23e_ggdU_rBTf O9`Q?yp8GNVivs|PfQ%IY delta 309 zcmaFD{)BzPZYeVZ3qwOA0|RqoizsnkLrViw0}BXuUbpqHTfq4{O+URP-|Tle`&C|4C+cOY`lg2+N&I^j+D!eO)K&Q4 zn9?~thEsl3%vwSdW>g2ycU$m3o8^vH@9xRZcXD4y}O(MZ+Sn9vv|>!ZAbT+95~6Tx%BGCCrzFO z`%5cD&mKIn*mw4pM^oa|6JMERcDV0Ne98NHYXAS>=P`nhzg#F-JF7TW)8LP?-hrem RmsgzI^z!mfdjTe{PXK|smo)$Y diff --git a/certs/server-ecc-rsa.pem b/certs/server-ecc-rsa.pem index 41f13fded..ab51f6dd6 100644 --- a/certs/server-ecc-rsa.pem +++ b/certs/server-ecc-rsa.pem @@ -5,8 +5,8 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Aug 11 20:07:38 2016 GMT - Not After : May 8 20:07:38 2019 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Montana, L=Bozeman, O=Elliptic - RSAsig, OU=ECC-RSAsig, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: id-ecPublicKey @@ -25,32 +25,32 @@ Certificate: X509v3 Authority Key Identifier: keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:B7:B6:90:33:66:1B:6B:23 + serial:86:FF:F5:8E:10:DE:B8:FB X509v3 Basic Constraints: CA:TRUE Signature Algorithm: sha256WithRSAEncryption - ab:b7:78:c8:18:6e:6a:27:5d:bb:16:a1:d3:ae:b5:fd:46:50: - cf:dc:82:f9:4a:19:ec:bf:44:cd:f5:1f:15:2c:5a:e9:65:27: - b2:e1:88:62:0f:bc:a1:3c:95:fb:62:8a:71:e0:c6:22:ce:2e: - 00:ca:4e:7a:03:2a:12:90:98:7b:53:9f:46:a0:ff:6b:04:dc: - 2a:8d:bb:93:e7:b9:0b:d0:61:0f:62:97:18:99:bb:e7:1c:e3: - a2:ab:70:8f:32:47:7f:1e:3b:cb:62:55:41:a4:af:1f:01:2c: - 9b:b2:cc:06:8d:28:04:57:5b:f6:32:b8:e8:18:b6:6b:a1:b9: - aa:3f:49:ea:c1:02:c7:92:d9:c7:23:ea:a2:f7:70:a9:da:9e: - 5e:82:ef:30:07:c7:89:da:c9:e0:cf:ed:e9:4c:34:d4:72:0e: - 16:49:82:c5:a9:b4:a7:05:07:cc:5d:eb:b4:ef:9a:09:73:a2: - d4:b6:c5:be:34:c0:c9:09:29:a5:d5:f1:e4:82:49:70:bf:75: - 79:15:cd:c1:c8:a3:4d:9b:b4:e2:94:5e:27:61:ea:34:69:88: - 47:bd:61:e9:0d:f3:95:8f:ff:53:e7:5c:11:e3:f4:d0:70:ad: - 9a:73:5d:29:30:fc:23:2e:c0:62:d4:d3:a8:ce:b2:e9:d3:b9: - 3f:10:0a:f2 + 0c:bb:67:bd:fc:cd:53:6c:fb:4e:58:c8:ea:52:92:eb:e4:c8: + bc:57:0f:08:20:c8:83:b0:d5:ea:57:27:bd:68:91:fb:99:84: + 8d:15:9e:4f:8f:c4:cb:34:61:c0:59:12:9b:c8:82:17:38:4f: + 9e:53:08:a3:69:2e:2f:c0:b4:2f:a2:4e:10:64:b0:07:a1:51: + 08:1d:91:53:a2:79:55:20:41:65:35:3e:0b:38:01:57:02:8c: + 25:e7:ab:4f:8b:59:f0:ed:8e:4a:15:0b:32:fb:7a:8b:02:ea: + 9d:e1:ab:c4:07:cc:da:0f:a3:16:db:8e:5b:bc:96:ab:10:b8: + de:09:8b:f7:cb:a7:78:66:17:e3:25:6e:57:9d:13:61:7b:55: + 1a:df:8f:39:15:4e:42:22:00:85:c4:51:0b:6b:a6:67:c0:fb: + ea:22:77:7d:48:76:ab:39:20:09:d5:52:89:3e:6b:30:7b:50: + 18:e8:62:05:be:bb:7f:16:77:9c:bb:5a:22:96:99:b0:96:83: + b7:43:31:97:cf:fd:85:52:d8:52:c8:67:5c:f8:22:72:35:93: + 92:6c:ec:3c:6a:c6:81:20:a5:cd:50:f9:21:7a:a6:7a:1e:e7: + 59:22:5d:8a:93:51:8e:fb:29:56:fb:be:9b:87:48:5f:a5:72: + e7:4e:fe:5e -----BEGIN CERTIFICATE----- MIID4DCCAsigAwIBAgIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz -bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTYwODEx -MjAwNzM4WhcNMTkwNTA4MjAwNzM4WjCBnTELMAkGA1UEBhMCVVMxEDAOBgNVBAgM +bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTgwNDEz +MTUyMzEwWhcNMjEwMTA3MTUyMzEwWjCBnTELMAkGA1UEBhMCVVMxEDAOBgNVBAgM B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xGjAYBgNVBAoMEUVsbGlwdGljIC0g UlNBc2lnMRMwEQYDVQQLDApFQ0MtUlNBc2lnMRgwFgYDVQQDDA93d3cud29sZnNz bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wWTATBgcqhkjO @@ -60,11 +60,11 @@ BBRdXSbvrH42+Zt2FStKJQIj77KJMDCByQYDVR0jBIHBMIG+gBQnjmcRdMMmHT/t M2OzpNgdMOXo1aGBmqSBlzCBlDELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRh bmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3RoMRMwEQYDVQQL DApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG -9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CCQC3tpAzZhtrIzAMBgNVHRMEBTADAQH/ -MA0GCSqGSIb3DQEBCwUAA4IBAQCrt3jIGG5qJ127FqHTrrX9RlDP3IL5Shnsv0TN -9R8VLFrpZSey4YhiD7yhPJX7Yopx4MYizi4Ayk56AyoSkJh7U59GoP9rBNwqjbuT -57kL0GEPYpcYmbvnHOOiq3CPMkd/HjvLYlVBpK8fASybsswGjSgEV1v2MrjoGLZr -obmqP0nqwQLHktnHI+qi93Cp2p5egu8wB8eJ2sngz+3pTDTUcg4WSYLFqbSnBQfM -Xeu075oJc6LUtsW+NMDJCSml1fHkgklwv3V5Fc3ByKNNm7TilF4nYeo0aYhHvWHp -DfOVj/9T51wR4/TQcK2ac10pMPwjLsBi1NOozrLp07k/EAry +9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CCQCG//WOEN64+zAMBgNVHRMEBTADAQH/ +MA0GCSqGSIb3DQEBCwUAA4IBAQAMu2e9/M1TbPtOWMjqUpLr5Mi8Vw8IIMiDsNXq +Vye9aJH7mYSNFZ5Pj8TLNGHAWRKbyIIXOE+eUwijaS4vwLQvok4QZLAHoVEIHZFT +onlVIEFlNT4LOAFXAowl56tPi1nw7Y5KFQsy+3qLAuqd4avEB8zaD6MW245bvJar +ELjeCYv3y6d4ZhfjJW5XnRNhe1Ua3485FU5CIgCFxFELa6ZnwPvqInd9SHarOSAJ +1VKJPmswe1AY6GIFvrt/Fnecu1oilpmwloO3QzGXz/2FUthSyGdc+CJyNZOSbOw8 +asaBIKXNUPkheqZ6HudZIl2Kk1GO+ylW+76bh0hfpXLnTv5e -----END CERTIFICATE----- diff --git a/certs/server-ecc.pem b/certs/server-ecc.pem old mode 100755 new mode 100644 diff --git a/certs/server-revoked-cert.pem b/certs/server-revoked-cert.pem index 7908e8791..09dbb1dd0 100644 --- a/certs/server-revoked-cert.pem +++ b/certs/server-revoked-cert.pem @@ -5,8 +5,8 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Aug 11 20:07:37 2016 GMT - Not After : May 8 20:07:37 2019 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL_revoked, OU=Support_revoked, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -37,32 +37,32 @@ Certificate: X509v3 Authority Key Identifier: keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:B7:B6:90:33:66:1B:6B:23 + serial:86:FF:F5:8E:10:DE:B8:FB X509v3 Basic Constraints: CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 79:13:f5:c1:05:42:12:3a:61:f2:f1:ac:05:6e:15:05:9b:ab: - 58:74:b2:3f:00:38:82:77:f7:9a:57:32:e2:af:66:3d:81:25: - 09:40:5a:d9:bc:d7:34:18:20:cd:89:b8:7e:c6:94:22:9a:28: - fe:0e:55:73:1d:77:7c:c3:e6:c6:4b:f3:40:0c:8b:cc:93:c1: - 11:d1:0f:0e:50:0c:c2:b2:38:73:35:d1:db:d0:55:0d:6d:d7: - 33:15:13:e8:a0:77:f3:f1:4d:c2:24:4a:f6:45:4c:67:dd:fd: - 7e:46:b9:85:67:06:5a:4e:c1:4f:1f:94:f7:e6:b0:1a:b1:42: - 80:97:d2:7d:ed:8e:02:b2:2f:7e:c4:1b:60:d9:84:6e:dd:78: - ef:41:82:81:05:6f:d7:b1:36:59:74:e6:ba:9c:5a:48:a7:58: - d9:71:bd:16:53:32:21:55:89:75:7d:a0:48:12:a9:3d:77:73: - 51:a7:c3:e3:c9:df:e1:df:37:29:de:49:47:cf:7f:3c:30:86: - d2:26:f9:45:dc:71:c1:b8:5b:9e:ef:05:64:5a:63:7c:c4:60: - e2:67:f7:cd:e3:be:0b:d2:78:7f:66:c4:f5:c0:1c:6c:f1:e1: - 56:c3:01:07:c3:7d:50:73:1f:48:2c:89:88:fb:ec:b2:0b:aa: - bb:0a:1f:f4 + 41:29:ba:25:3f:17:70:85:1e:5c:e2:2c:8c:8d:16:1b:d5:1f: + d6:05:e8:e8:8b:43:a0:5b:62:e8:19:7d:d1:1c:60:26:2f:3a: + 6f:7a:3f:ec:ad:96:c6:9a:cc:53:3f:12:d9:12:14:ee:2a:f0: + a5:2c:31:c7:ae:5c:12:9a:80:3f:ef:de:f3:be:bc:9d:0e:d6: + c6:8b:e2:8c:58:4e:15:78:4f:16:2e:20:ef:f8:c9:57:6e:a3: + d2:d0:03:32:47:72:84:59:af:5a:46:dd:65:54:d4:9b:7c:42: + 5d:9d:86:eb:21:e8:fc:0f:f7:37:ae:95:43:75:6d:f2:12:f3: + a5:e5:10:25:7c:63:ee:03:ce:8f:48:c8:ab:a5:74:2d:1c:dd: + d4:28:9a:eb:c6:94:fa:ed:57:31:aa:7e:d9:44:40:69:9f:44: + f6:b3:9f:0e:d3:d8:58:66:d4:fc:c0:83:67:a7:85:ae:03:f7: + 83:b4:45:3b:0f:a9:3d:4f:f8:07:31:b0:8a:50:6d:80:f4:36: + be:86:df:ae:da:7c:f5:bc:e2:fc:d3:ed:da:18:7a:f4:f0:ac: + 84:1f:6a:73:00:41:42:71:d4:19:3f:d7:d3:29:9e:b1:94:fd: + 49:d8:a5:e6:1d:a9:40:b5:1d:c4:28:42:a9:24:b7:54:c2:94: + 5d:16:05:c0 -----BEGIN CERTIFICATE----- MIIErjCCA5agAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz -bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTYwODEx -MjAwNzM3WhcNMTkwNTA4MjAwNzM3WjCBoDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM +bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTgwNDEz +MTUyMzEwWhcNMjEwMTA3MTUyMzEwWjCBoDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xGDAWBgNVBAoMD3dvbGZTU0xfcmV2 b2tlZDEYMBYGA1UECwwPU3VwcG9ydF9yZXZva2VkMRgwFgYDVQQDDA93d3cud29s ZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0G @@ -76,25 +76,24 @@ gfwwgfkwHQYDVR0OBBYEFNgJK1nhKu7Z7kCqnKvwXSgJTyK7MIHJBgNVHSMEgcEw gb6AFCeOZxF0wyYdP+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYDVQQGEwJVUzEQ MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3 dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns -LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIJALe2kDNmG2sj -MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAHkT9cEFQhI6YfLxrAVu -FQWbq1h0sj8AOIJ395pXMuKvZj2BJQlAWtm81zQYIM2JuH7GlCKaKP4OVXMdd3zD -5sZL80AMi8yTwRHRDw5QDMKyOHM10dvQVQ1t1zMVE+igd/PxTcIkSvZFTGfd/X5G -uYVnBlpOwU8flPfmsBqxQoCX0n3tjgKyL37EG2DZhG7deO9BgoEFb9exNll05rqc -WkinWNlxvRZTMiFViXV9oEgSqT13c1Gnw+PJ3+HfNyneSUfPfzwwhtIm+UXcccG4 -W57vBWRaY3zEYOJn983jvgvSeH9mxPXAHGzx4VbDAQfDfVBzH0gsiYj77LILqrsK -H/Q= +LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIJAIb/9Y4Q3rj7 +MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAEEpuiU/F3CFHlziLIyN +FhvVH9YF6OiLQ6BbYugZfdEcYCYvOm96P+ytlsaazFM/EtkSFO4q8KUsMceuXBKa +gD/v3vO+vJ0O1saL4oxYThV4TxYuIO/4yVduo9LQAzJHcoRZr1pG3WVU1Jt8Ql2d +hush6PwP9zeulUN1bfIS86XlECV8Y+4Dzo9IyKuldC0c3dQomuvGlPrtVzGqftlE +QGmfRPaznw7T2Fhm1PzAg2enha4D94O0RTsPqT1P+AcxsIpQbYD0Nr6G367afPW8 +4vzT7doYevTwrIQfanMAQUJx1Bk/19MpnrGU/UnYpeYdqUC1HcQoQqkkt1TClF0W +BcA= -----END CERTIFICATE----- Certificate: Data: Version: 3 (0x2) - Serial Number: - b7:b6:90:33:66:1b:6b:23 + Serial Number: 9727763710660753659 (0x86fff58e10deb8fb) Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Aug 11 20:07:37 2016 GMT - Not After : May 8 20:07:37 2019 GMT + Not Before: Apr 13 15:23:09 2018 GMT + Not After : Jan 7 15:23:09 2021 GMT Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -125,32 +124,32 @@ Certificate: X509v3 Authority Key Identifier: keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:B7:B6:90:33:66:1B:6B:23 + serial:86:FF:F5:8E:10:DE:B8:FB X509v3 Basic Constraints: CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 0e:93:48:44:4a:72:96:60:71:25:82:a9:2c:ca:60:5b:f2:88: - 3e:cf:11:74:5a:11:4a:dc:d9:d8:f6:58:2c:05:d3:56:d9:e9: - 8f:37:ef:8e:3e:3b:ff:22:36:00:ca:d8:e2:96:3f:a7:d1:ed: - 1f:de:7a:b0:d7:8f:36:bd:41:55:1e:d4:b9:86:3b:87:25:69: - 35:60:48:d6:e4:5a:94:ce:a2:fa:70:38:36:c4:85:b4:4b:23: - fe:71:9e:2f:db:06:c7:b5:9c:21:f0:3e:7c:eb:91:f8:5c:09: - fd:84:43:a4:b3:4e:04:0c:22:31:71:6a:48:c8:ab:bb:e8:ce: - fa:67:15:1a:3a:82:98:43:33:b5:0e:1f:1e:89:f8:37:de:1b: - e6:b5:a0:f4:a2:8b:b7:1c:90:ba:98:6d:94:21:08:80:5d:f3: - bf:66:ad:c9:72:28:7a:6a:48:ee:cf:63:69:31:8c:c5:8e:66: - da:4b:78:65:e8:03:3a:4b:f8:cc:42:54:d3:52:5c:2d:04:ae: - 26:87:e1:7e:40:cb:45:41:16:4b:6e:a3:2e:4a:76:bd:29:7f: - 1c:53:37:06:ad:e9:5b:6a:d6:b7:4e:94:a2:7c:e8:ac:4e:a6: - 50:3e:2b:32:9e:68:42:1b:e4:59:67:61:ea:c7:9a:51:9c:1c: - 55:a3:77:76 + 9e:28:88:72:00:ca:e6:e7:97:ca:c1:f1:1f:9e:12:b2:b8:c7: + 51:ea:28:e1:36:b5:2d:e6:2f:08:23:cb:a9:4a:87:25:c6:5d: + 89:45:ea:f5:00:98:ac:76:fb:1b:af:f0:ce:64:9e:da:08:bf: + b6:eb:b4:b5:0c:a0:e7:f6:47:59:1c:61:cf:2e:0e:58:a4:82: + ac:0f:3f:ec:c4:ae:80:f7:b0:8a:1e:85:41:e8:ff:fe:fe:4f: + 1a:24:d5:49:fa:fb:fe:5e:e5:d3:91:0e:4f:4e:0c:21:51:71: + 83:04:6b:62:7b:4f:59:76:48:81:1e:b4:f7:04:47:8a:91:57: + a3:11:a9:f2:20:b4:78:33:62:3d:b0:5e:0d:f9:86:38:82:da: + a1:98:8d:19:06:87:21:39:b7:02:f7:da:7d:58:ba:52:15:d8: + 3b:c9:7b:58:34:a0:c7:e2:7c:a9:83:13:e1:b6:ec:01:bf:52: + 33:0b:c4:fe:43:d3:c6:a4:8e:2f:87:7f:7a:44:ea:ca:53:6c: + 85:ed:65:76:73:31:03:4e:ea:bd:35:54:13:f3:64:87:6b:df: + 34:dd:34:a1:88:3b:db:4d:af:1b:64:90:92:71:30:8e:c8:cc: + e5:60:24:af:31:16:39:33:91:50:f9:ab:68:42:74:7a:35:d9: + dd:c8:c4:52 -----BEGIN CERTIFICATE----- -MIIEqjCCA5KgAwIBAgIJALe2kDNmG2sjMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD +MIIEqjCCA5KgAwIBAgIJAIb/9Y4Q3rj7MA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3 dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAe -Fw0xNjA4MTEyMDA3MzdaFw0xOTA1MDgyMDA3MzdaMIGUMQswCQYDVQQGEwJVUzEQ +Fw0xODA0MTMxNTIzMDlaFw0yMTAxMDcxNTIzMDlaMIGUMQswCQYDVQQGEwJVUzEQ MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3 dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZI @@ -164,11 +163,11 @@ XDjNdyXvvYB1U5Q8PcpjW58VtdMdEy8Z0TzbdjrMuH3J5cLX2kBv2CHccxtCLVOc J45nEXTDJh0/7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYD VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290 aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t -MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkAt7aQM2YbayMwDAYD -VR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEADpNIREpylmBxJYKpLMpgW/KI -Ps8RdFoRStzZ2PZYLAXTVtnpjzfvjj47/yI2AMrY4pY/p9HtH956sNePNr1BVR7U -uYY7hyVpNWBI1uRalM6i+nA4NsSFtEsj/nGeL9sGx7WcIfA+fOuR+FwJ/YRDpLNO -BAwiMXFqSMiru+jO+mcVGjqCmEMztQ4fHon4N94b5rWg9KKLtxyQuphtlCEIgF3z -v2atyXIoempI7s9jaTGMxY5m2kt4ZegDOkv4zEJU01JcLQSuJofhfkDLRUEWS26j -Lkp2vSl/HFM3Bq3pW2rWt06UonzorE6mUD4rMp5oQhvkWWdh6seaUZwcVaN3dg== +MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkAhv/1jhDeuPswDAYD +VR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAniiIcgDK5ueXysHxH54SsrjH +Ueoo4Ta1LeYvCCPLqUqHJcZdiUXq9QCYrHb7G6/wzmSe2gi/tuu0tQyg5/ZHWRxh +zy4OWKSCrA8/7MSugPewih6FQej//v5PGiTVSfr7/l7l05EOT04MIVFxgwRrYntP +WXZIgR609wRHipFXoxGp8iC0eDNiPbBeDfmGOILaoZiNGQaHITm3AvfafVi6UhXY +O8l7WDSgx+J8qYMT4bbsAb9SMwvE/kPTxqSOL4d/ekTqylNshe1ldnMxA07qvTVU +E/Nkh2vfNN00oYg7202vG2SQknEwjsjM5WAkrzEWOTORUPmraEJ0ejXZ3cjEUg== -----END CERTIFICATE----- diff --git a/certs/test-pathlen/server-0-1-ca.pem b/certs/test-pathlen/server-0-1-ca.pem index 2a7b3dc8d..70d78ea46 100644 --- a/certs/test-pathlen/server-0-1-ca.pem +++ b/certs/test-pathlen/server-0-1-ca.pem @@ -5,8 +5,8 @@ Certificate: Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 0 CA/emailAddress=info@wolfssl.com Validity - Not Before: Sep 20 00:22:35 2016 GMT - Not After : Jun 17 00:22:35 2019 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 0-1 CA/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -44,27 +44,27 @@ Certificate: X509v3 Key Usage: Certificate Sign, CRL Sign Signature Algorithm: sha1WithRSAEncryption - 22:dd:95:9c:dc:e6:7f:ad:df:55:68:c8:21:f8:84:12:fd:13: - 22:80:2b:ba:1f:da:9d:d2:55:00:a1:22:fc:50:44:6d:0f:ac: - 8a:61:2c:32:c5:63:e1:26:37:10:7c:5e:05:f1:90:0f:21:57: - b4:61:e0:40:0b:4f:1b:bf:8b:d8:fd:28:d6:55:73:bd:a9:5c: - 5e:61:89:4f:e1:07:b6:5a:78:c5:0c:65:7a:38:11:e7:86:46: - 2a:0c:a5:70:71:aa:16:9c:79:d6:c2:18:4c:b8:fb:86:1a:78: - 70:e5:0a:27:48:2a:d4:14:d7:3f:31:76:33:a0:4b:f9:f8:34: - 2e:c9:06:e4:e2:a0:0c:02:1e:c4:a0:d3:2b:ce:77:0e:b8:31: - d5:02:66:b1:62:10:5b:63:e2:7f:aa:23:0a:63:d9:33:76:2d: - 88:9b:0f:6a:a2:ab:e8:b7:a4:83:7c:8e:1d:8c:45:d7:90:78: - 5c:3d:41:85:ac:79:ce:6c:fc:36:6b:20:fa:0c:19:a1:2b:91: - d0:5f:fd:72:86:cb:17:22:02:70:76:ed:61:78:1c:ce:d0:e3: - 17:9c:4d:58:9e:30:d5:c7:33:5b:44:0d:16:5c:ca:a4:67:13: - 3a:18:f8:94:ac:5e:17:a5:c2:2c:11:89:7b:7a:fd:f5:9a:e3: - 19:93:c0:60 + 15:ef:23:ef:d6:6d:8a:77:cd:20:47:64:1f:c3:65:0c:93:79: + a9:9e:a0:c7:bc:10:57:e6:ab:58:20:af:b1:fd:25:09:c9:72: + a9:18:16:24:e7:8e:9a:e2:6d:17:2d:66:8a:5f:75:83:ee:ac: + 58:be:81:51:11:0d:4b:ee:f1:08:de:dc:ac:24:44:ab:08:a6: + ad:ee:72:91:45:0e:f9:c9:ea:14:81:21:d2:09:02:20:f3:ea: + ab:75:f1:33:a9:32:2e:a2:f9:06:e9:bf:a4:0e:88:a0:4a:9c: + 25:6f:40:34:9c:62:49:26:6f:bb:68:a9:c5:e5:a3:49:35:0b: + 76:f3:44:1c:53:1d:e2:d6:5b:b7:a4:a3:9a:a9:b2:f9:06:43: + 23:17:e7:3e:f5:01:ac:e8:11:39:d6:5f:23:3c:43:c5:01:6a: + 45:b7:15:4e:82:89:45:f9:8b:ab:ba:4e:f2:ff:f3:5d:5d:fe: + e1:e9:ee:e4:bf:b3:a6:58:2e:79:11:47:ce:5d:5c:52:82:d1: + 45:bd:1f:50:41:57:a7:39:34:ec:e5:50:de:e5:9c:5f:ef:e3: + 9c:39:de:e4:7e:d1:03:ad:96:06:f9:69:bc:80:25:da:75:88: + 61:99:8d:6e:f1:51:ce:a0:ba:56:d4:de:78:65:ed:2a:b2:82: + ce:7a:c4:ef -----BEGIN CERTIFICATE----- MIIEtjCCA56gAwIBAgIBbjANBgkqhkiG9w0BAQUFADCBmDELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxFDASBgNVBAMMC1Nl -cnZlciAwIENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE2 -MDkyMDAwMjIzNVoXDTE5MDYxNzAwMjIzNVowgZoxCzAJBgNVBAYTAlVTMRMwEQYD +cnZlciAwIENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE4 +MDQxMzE1MjMxMFoXDTIxMDEwNzE1MjMxMFowgZoxCzAJBgNVBAYTAlVTMRMwEQYD VQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRUwEwYDVQQKDAx3b2xm U1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMRYwFAYDVQQDDA1TZXJ2ZXIg MC0xIENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIBIjANBgkq @@ -79,11 +79,11 @@ gbaAFLMRMsmSmITiyfjQO24DQsofDo48oYGapIGXMIGUMQswCQYDVQQGEwJVUzEQ MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3 dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIBZDAPBgNVHRME -CDAGAQH/AgEBMAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAIt2VnNzm -f63fVWjIIfiEEv0TIoAruh/andJVAKEi/FBEbQ+simEsMsVj4SY3EHxeBfGQDyFX -tGHgQAtPG7+L2P0o1lVzvalcXmGJT+EHtlp4xQxlejgR54ZGKgylcHGqFpx51sIY -TLj7hhp4cOUKJ0gq1BTXPzF2M6BL+fg0LskG5OKgDAIexKDTK853Drgx1QJmsWIQ -W2Pif6ojCmPZM3YtiJsPaqKr6Lekg3yOHYxF15B4XD1Bhax5zmz8Nmsg+gwZoSuR -0F/9cobLFyICcHbtYXgcztDjF5xNWJ4w1cczW0QNFlzKpGcTOhj4lKxeF6XCLBGJ -e3r99ZrjGZPAYA== +CDAGAQH/AgEBMAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAFe8j79Zt +infNIEdkH8NlDJN5qZ6gx7wQV+arWCCvsf0lCclyqRgWJOeOmuJtFy1mil91g+6s +WL6BURENS+7xCN7crCREqwimre5ykUUO+cnqFIEh0gkCIPPqq3XxM6kyLqL5Bum/ +pA6IoEqcJW9ANJxiSSZvu2ipxeWjSTULdvNEHFMd4tZbt6Sjmqmy+QZDIxfnPvUB +rOgROdZfIzxDxQFqRbcVToKJRfmLq7pO8v/zXV3+4enu5L+zplgueRFHzl1cUoLR +Rb0fUEFXpzk07OVQ3uWcX+/jnDne5H7RA62WBvlpvIAl2nWIYZmNbvFRzqC6VtTe +eGXtKrKCznrE7w== -----END CERTIFICATE----- diff --git a/certs/test-pathlen/server-0-1-cert.pem b/certs/test-pathlen/server-0-1-cert.pem index 9caa7bed3..529db411f 100644 --- a/certs/test-pathlen/server-0-1-cert.pem +++ b/certs/test-pathlen/server-0-1-cert.pem @@ -5,8 +5,8 @@ Certificate: Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 0-1 CA/emailAddress=info@wolfssl.com Validity - Not Before: Sep 20 00:24:02 2016 GMT - Not After : Jun 17 00:24:02 2019 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 0-1/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -42,27 +42,27 @@ Certificate: X509v3 Basic Constraints: CA:FALSE Signature Algorithm: sha1WithRSAEncryption - 80:ab:40:d2:72:bd:c9:24:e2:b7:cf:b0:f0:39:3d:36:88:9e: - 5c:c9:cd:92:64:fe:8a:09:48:fb:42:38:ae:a9:f3:69:61:f0: - 58:38:9c:0b:99:d3:d1:67:7a:cf:21:e1:8e:97:2c:98:14:c1: - a9:62:64:70:d6:bf:5b:ff:85:3d:47:c3:81:84:c4:c5:3d:d3: - 41:35:62:e1:25:fc:78:fd:9e:04:44:bf:62:f5:52:a0:38:57: - a1:45:30:38:35:c2:e5:d2:b6:52:8f:c4:3f:c4:d5:f5:22:25: - 25:70:c3:b2:4d:9e:29:10:a7:13:84:1a:fc:44:a9:df:35:62: - f9:39:e2:9a:13:2d:84:7e:02:11:b6:f3:95:2c:93:c8:45:26: - 2f:d8:c9:23:b5:fa:f1:aa:da:c7:6f:a8:e4:52:4e:f3:94:60: - dc:3e:b3:db:5e:4b:92:a9:55:c1:0e:28:8d:6a:fd:98:65:da: - 05:0f:25:ae:7f:20:50:60:43:59:a2:f5:1a:e2:a4:e1:92:ae: - f6:cb:19:39:60:fe:96:a8:f3:40:e4:93:9c:a6:b4:18:12:3d: - d1:78:e3:b0:07:72:fc:9a:75:9f:25:17:f3:00:2c:bc:04:fe: - 1a:23:ad:e4:2d:55:a4:d3:0d:3d:60:e5:9f:cf:47:f0:c3:02: - 68:b1:07:72 + 84:51:4f:e0:a5:4a:bc:2f:6d:e2:aa:13:6a:30:c0:f9:61:3d: + 59:9a:7a:42:9d:c6:c5:c1:79:3a:f8:83:8a:6e:0d:47:b9:b0: + 9b:49:e8:77:d9:e4:b0:6a:24:93:c8:32:52:e9:a5:8b:6f:17: + d4:5a:d3:b8:aa:1e:0a:50:15:a9:69:3c:3c:63:14:1f:ce:ed: + cd:58:3e:68:2e:1e:6f:f0:a8:ab:6d:68:60:9d:8c:3f:95:be: + ee:65:b9:e7:25:1a:f3:d2:6b:8f:70:d1:9f:5d:a7:2f:0d:b2: + a4:0b:a0:d2:4a:3d:4e:9b:e3:e5:db:5c:d3:ba:08:41:07:aa: + c4:b7:d7:f9:fe:a4:2d:69:94:4a:b7:e9:fa:18:52:90:01:53: + 57:08:a2:25:85:92:f7:f2:35:fd:05:c2:ce:e3:e5:18:b8:34: + b6:80:6e:a5:e6:06:4f:92:a5:ea:56:7e:00:ff:5b:5d:17:90: + 83:bb:10:ac:11:f4:49:d0:81:f5:f3:ce:f8:f3:46:c1:fc:53: + 38:eb:0b:46:4c:1b:ec:df:ee:74:c0:3a:66:f1:a4:02:f6:51: + 5d:72:bf:6b:68:7b:2c:11:7d:08:4c:70:dd:93:cc:b4:b9:6a: + aa:29:de:79:b9:93:6d:c4:52:8a:b7:c5:e9:a3:43:11:59:48: + 51:b0:9c:ce -----BEGIN CERTIFICATE----- MIIEpDCCA4ygAwIBAgIBbzANBgkqhkiG9w0BAQUFADCBmjELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxFjAUBgNVBAMMDVNl cnZlciAwLTEgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcN -MTYwOTIwMDAyNDAyWhcNMTkwNjE3MDAyNDAyWjCBlzELMAkGA1UEBhMCVVMxEzAR +MTgwNDEzMTUyMzEwWhcNMjEwMTA3MTUyMzEwWjCBlzELMAkGA1UEBhMCVVMxEzAR BgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdv bGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxEzARBgNVBAMMClNlcnZl ciAwLTExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqG @@ -77,10 +77,10 @@ FLMRMsmSmITiyfjQO24DQsofDo48oYGepIGbMIGYMQswCQYDVQQGEwJVUzETMBEG A1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEVMBMGA1UECgwMd29s ZlNTTCBJbmMuMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEUMBIGA1UEAwwLU2VydmVy IDAgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CAW4wCQYDVR0T -BAIwADANBgkqhkiG9w0BAQUFAAOCAQEAgKtA0nK9ySTit8+w8Dk9NoieXMnNkmT+ -iglI+0I4rqnzaWHwWDicC5nT0Wd6zyHhjpcsmBTBqWJkcNa/W/+FPUfDgYTExT3T -QTVi4SX8eP2eBES/YvVSoDhXoUUwODXC5dK2Uo/EP8TV9SIlJXDDsk2eKRCnE4Qa -/ESp3zVi+TnimhMthH4CEbbzlSyTyEUmL9jJI7X68arax2+o5FJO85Rg3D6z215L -kqlVwQ4ojWr9mGXaBQ8lrn8gUGBDWaL1GuKk4ZKu9ssZOWD+lqjzQOSTnKa0GBI9 -0XjjsAdy/Jp1nyUX8wAsvAT+GiOt5C1VpNMNPWDln89H8MMCaLEHcg== +BAIwADANBgkqhkiG9w0BAQUFAAOCAQEAhFFP4KVKvC9t4qoTajDA+WE9WZp6Qp3G +xcF5OviDim4NR7mwm0nod9nksGokk8gyUumli28X1FrTuKoeClAVqWk8PGMUH87t +zVg+aC4eb/Coq21oYJ2MP5W+7mW55yUa89Jrj3DRn12nLw2ypAug0ko9Tpvj5dtc +07oIQQeqxLfX+f6kLWmUSrfp+hhSkAFTVwiiJYWS9/I1/QXCzuPlGLg0toBupeYG +T5Kl6lZ+AP9bXReQg7sQrBH0SdCB9fPO+PNGwfxTOOsLRkwb7N/udMA6ZvGkAvZR +XXK/a2h7LBF9CExw3ZPMtLlqqineebmTbcRSirfF6aNDEVlIUbCczg== -----END CERTIFICATE----- diff --git a/certs/test-pathlen/server-0-1-chain.pem b/certs/test-pathlen/server-0-1-chain.pem index 721d0baf8..63fdcae6f 100644 --- a/certs/test-pathlen/server-0-1-chain.pem +++ b/certs/test-pathlen/server-0-1-chain.pem @@ -5,8 +5,8 @@ Certificate: Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 0-1 CA/emailAddress=info@wolfssl.com Validity - Not Before: Sep 20 00:24:02 2016 GMT - Not After : Jun 17 00:24:02 2019 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 0-1/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -42,27 +42,27 @@ Certificate: X509v3 Basic Constraints: CA:FALSE Signature Algorithm: sha1WithRSAEncryption - 80:ab:40:d2:72:bd:c9:24:e2:b7:cf:b0:f0:39:3d:36:88:9e: - 5c:c9:cd:92:64:fe:8a:09:48:fb:42:38:ae:a9:f3:69:61:f0: - 58:38:9c:0b:99:d3:d1:67:7a:cf:21:e1:8e:97:2c:98:14:c1: - a9:62:64:70:d6:bf:5b:ff:85:3d:47:c3:81:84:c4:c5:3d:d3: - 41:35:62:e1:25:fc:78:fd:9e:04:44:bf:62:f5:52:a0:38:57: - a1:45:30:38:35:c2:e5:d2:b6:52:8f:c4:3f:c4:d5:f5:22:25: - 25:70:c3:b2:4d:9e:29:10:a7:13:84:1a:fc:44:a9:df:35:62: - f9:39:e2:9a:13:2d:84:7e:02:11:b6:f3:95:2c:93:c8:45:26: - 2f:d8:c9:23:b5:fa:f1:aa:da:c7:6f:a8:e4:52:4e:f3:94:60: - dc:3e:b3:db:5e:4b:92:a9:55:c1:0e:28:8d:6a:fd:98:65:da: - 05:0f:25:ae:7f:20:50:60:43:59:a2:f5:1a:e2:a4:e1:92:ae: - f6:cb:19:39:60:fe:96:a8:f3:40:e4:93:9c:a6:b4:18:12:3d: - d1:78:e3:b0:07:72:fc:9a:75:9f:25:17:f3:00:2c:bc:04:fe: - 1a:23:ad:e4:2d:55:a4:d3:0d:3d:60:e5:9f:cf:47:f0:c3:02: - 68:b1:07:72 + 84:51:4f:e0:a5:4a:bc:2f:6d:e2:aa:13:6a:30:c0:f9:61:3d: + 59:9a:7a:42:9d:c6:c5:c1:79:3a:f8:83:8a:6e:0d:47:b9:b0: + 9b:49:e8:77:d9:e4:b0:6a:24:93:c8:32:52:e9:a5:8b:6f:17: + d4:5a:d3:b8:aa:1e:0a:50:15:a9:69:3c:3c:63:14:1f:ce:ed: + cd:58:3e:68:2e:1e:6f:f0:a8:ab:6d:68:60:9d:8c:3f:95:be: + ee:65:b9:e7:25:1a:f3:d2:6b:8f:70:d1:9f:5d:a7:2f:0d:b2: + a4:0b:a0:d2:4a:3d:4e:9b:e3:e5:db:5c:d3:ba:08:41:07:aa: + c4:b7:d7:f9:fe:a4:2d:69:94:4a:b7:e9:fa:18:52:90:01:53: + 57:08:a2:25:85:92:f7:f2:35:fd:05:c2:ce:e3:e5:18:b8:34: + b6:80:6e:a5:e6:06:4f:92:a5:ea:56:7e:00:ff:5b:5d:17:90: + 83:bb:10:ac:11:f4:49:d0:81:f5:f3:ce:f8:f3:46:c1:fc:53: + 38:eb:0b:46:4c:1b:ec:df:ee:74:c0:3a:66:f1:a4:02:f6:51: + 5d:72:bf:6b:68:7b:2c:11:7d:08:4c:70:dd:93:cc:b4:b9:6a: + aa:29:de:79:b9:93:6d:c4:52:8a:b7:c5:e9:a3:43:11:59:48: + 51:b0:9c:ce -----BEGIN CERTIFICATE----- MIIEpDCCA4ygAwIBAgIBbzANBgkqhkiG9w0BAQUFADCBmjELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxFjAUBgNVBAMMDVNl cnZlciAwLTEgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcN -MTYwOTIwMDAyNDAyWhcNMTkwNjE3MDAyNDAyWjCBlzELMAkGA1UEBhMCVVMxEzAR +MTgwNDEzMTUyMzEwWhcNMjEwMTA3MTUyMzEwWjCBlzELMAkGA1UEBhMCVVMxEzAR BgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdv bGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxEzARBgNVBAMMClNlcnZl ciAwLTExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqG @@ -77,12 +77,12 @@ FLMRMsmSmITiyfjQO24DQsofDo48oYGepIGbMIGYMQswCQYDVQQGEwJVUzETMBEG A1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEVMBMGA1UECgwMd29s ZlNTTCBJbmMuMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEUMBIGA1UEAwwLU2VydmVy IDAgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CAW4wCQYDVR0T -BAIwADANBgkqhkiG9w0BAQUFAAOCAQEAgKtA0nK9ySTit8+w8Dk9NoieXMnNkmT+ -iglI+0I4rqnzaWHwWDicC5nT0Wd6zyHhjpcsmBTBqWJkcNa/W/+FPUfDgYTExT3T -QTVi4SX8eP2eBES/YvVSoDhXoUUwODXC5dK2Uo/EP8TV9SIlJXDDsk2eKRCnE4Qa -/ESp3zVi+TnimhMthH4CEbbzlSyTyEUmL9jJI7X68arax2+o5FJO85Rg3D6z215L -kqlVwQ4ojWr9mGXaBQ8lrn8gUGBDWaL1GuKk4ZKu9ssZOWD+lqjzQOSTnKa0GBI9 -0XjjsAdy/Jp1nyUX8wAsvAT+GiOt5C1VpNMNPWDln89H8MMCaLEHcg== +BAIwADANBgkqhkiG9w0BAQUFAAOCAQEAhFFP4KVKvC9t4qoTajDA+WE9WZp6Qp3G +xcF5OviDim4NR7mwm0nod9nksGokk8gyUumli28X1FrTuKoeClAVqWk8PGMUH87t +zVg+aC4eb/Coq21oYJ2MP5W+7mW55yUa89Jrj3DRn12nLw2ypAug0ko9Tpvj5dtc +07oIQQeqxLfX+f6kLWmUSrfp+hhSkAFTVwiiJYWS9/I1/QXCzuPlGLg0toBupeYG +T5Kl6lZ+AP9bXReQg7sQrBH0SdCB9fPO+PNGwfxTOOsLRkwb7N/udMA6ZvGkAvZR +XXK/a2h7LBF9CExw3ZPMtLlqqineebmTbcRSirfF6aNDEVlIUbCczg== -----END CERTIFICATE----- Certificate: Data: @@ -91,8 +91,8 @@ Certificate: Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 0 CA/emailAddress=info@wolfssl.com Validity - Not Before: Sep 20 00:22:35 2016 GMT - Not After : Jun 17 00:22:35 2019 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 0-1 CA/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -130,27 +130,27 @@ Certificate: X509v3 Key Usage: Certificate Sign, CRL Sign Signature Algorithm: sha1WithRSAEncryption - 22:dd:95:9c:dc:e6:7f:ad:df:55:68:c8:21:f8:84:12:fd:13: - 22:80:2b:ba:1f:da:9d:d2:55:00:a1:22:fc:50:44:6d:0f:ac: - 8a:61:2c:32:c5:63:e1:26:37:10:7c:5e:05:f1:90:0f:21:57: - b4:61:e0:40:0b:4f:1b:bf:8b:d8:fd:28:d6:55:73:bd:a9:5c: - 5e:61:89:4f:e1:07:b6:5a:78:c5:0c:65:7a:38:11:e7:86:46: - 2a:0c:a5:70:71:aa:16:9c:79:d6:c2:18:4c:b8:fb:86:1a:78: - 70:e5:0a:27:48:2a:d4:14:d7:3f:31:76:33:a0:4b:f9:f8:34: - 2e:c9:06:e4:e2:a0:0c:02:1e:c4:a0:d3:2b:ce:77:0e:b8:31: - d5:02:66:b1:62:10:5b:63:e2:7f:aa:23:0a:63:d9:33:76:2d: - 88:9b:0f:6a:a2:ab:e8:b7:a4:83:7c:8e:1d:8c:45:d7:90:78: - 5c:3d:41:85:ac:79:ce:6c:fc:36:6b:20:fa:0c:19:a1:2b:91: - d0:5f:fd:72:86:cb:17:22:02:70:76:ed:61:78:1c:ce:d0:e3: - 17:9c:4d:58:9e:30:d5:c7:33:5b:44:0d:16:5c:ca:a4:67:13: - 3a:18:f8:94:ac:5e:17:a5:c2:2c:11:89:7b:7a:fd:f5:9a:e3: - 19:93:c0:60 + 15:ef:23:ef:d6:6d:8a:77:cd:20:47:64:1f:c3:65:0c:93:79: + a9:9e:a0:c7:bc:10:57:e6:ab:58:20:af:b1:fd:25:09:c9:72: + a9:18:16:24:e7:8e:9a:e2:6d:17:2d:66:8a:5f:75:83:ee:ac: + 58:be:81:51:11:0d:4b:ee:f1:08:de:dc:ac:24:44:ab:08:a6: + ad:ee:72:91:45:0e:f9:c9:ea:14:81:21:d2:09:02:20:f3:ea: + ab:75:f1:33:a9:32:2e:a2:f9:06:e9:bf:a4:0e:88:a0:4a:9c: + 25:6f:40:34:9c:62:49:26:6f:bb:68:a9:c5:e5:a3:49:35:0b: + 76:f3:44:1c:53:1d:e2:d6:5b:b7:a4:a3:9a:a9:b2:f9:06:43: + 23:17:e7:3e:f5:01:ac:e8:11:39:d6:5f:23:3c:43:c5:01:6a: + 45:b7:15:4e:82:89:45:f9:8b:ab:ba:4e:f2:ff:f3:5d:5d:fe: + e1:e9:ee:e4:bf:b3:a6:58:2e:79:11:47:ce:5d:5c:52:82:d1: + 45:bd:1f:50:41:57:a7:39:34:ec:e5:50:de:e5:9c:5f:ef:e3: + 9c:39:de:e4:7e:d1:03:ad:96:06:f9:69:bc:80:25:da:75:88: + 61:99:8d:6e:f1:51:ce:a0:ba:56:d4:de:78:65:ed:2a:b2:82: + ce:7a:c4:ef -----BEGIN CERTIFICATE----- MIIEtjCCA56gAwIBAgIBbjANBgkqhkiG9w0BAQUFADCBmDELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxFDASBgNVBAMMC1Nl -cnZlciAwIENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE2 -MDkyMDAwMjIzNVoXDTE5MDYxNzAwMjIzNVowgZoxCzAJBgNVBAYTAlVTMRMwEQYD +cnZlciAwIENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE4 +MDQxMzE1MjMxMFoXDTIxMDEwNzE1MjMxMFowgZoxCzAJBgNVBAYTAlVTMRMwEQYD VQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRUwEwYDVQQKDAx3b2xm U1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMRYwFAYDVQQDDA1TZXJ2ZXIg MC0xIENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIBIjANBgkq @@ -165,13 +165,13 @@ gbaAFLMRMsmSmITiyfjQO24DQsofDo48oYGapIGXMIGUMQswCQYDVQQGEwJVUzEQ MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3 dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIBZDAPBgNVHRME -CDAGAQH/AgEBMAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAIt2VnNzm -f63fVWjIIfiEEv0TIoAruh/andJVAKEi/FBEbQ+simEsMsVj4SY3EHxeBfGQDyFX -tGHgQAtPG7+L2P0o1lVzvalcXmGJT+EHtlp4xQxlejgR54ZGKgylcHGqFpx51sIY -TLj7hhp4cOUKJ0gq1BTXPzF2M6BL+fg0LskG5OKgDAIexKDTK853Drgx1QJmsWIQ -W2Pif6ojCmPZM3YtiJsPaqKr6Lekg3yOHYxF15B4XD1Bhax5zmz8Nmsg+gwZoSuR -0F/9cobLFyICcHbtYXgcztDjF5xNWJ4w1cczW0QNFlzKpGcTOhj4lKxeF6XCLBGJ -e3r99ZrjGZPAYA== +CDAGAQH/AgEBMAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAFe8j79Zt +infNIEdkH8NlDJN5qZ6gx7wQV+arWCCvsf0lCclyqRgWJOeOmuJtFy1mil91g+6s +WL6BURENS+7xCN7crCREqwimre5ykUUO+cnqFIEh0gkCIPPqq3XxM6kyLqL5Bum/ +pA6IoEqcJW9ANJxiSSZvu2ipxeWjSTULdvNEHFMd4tZbt6Sjmqmy+QZDIxfnPvUB +rOgROdZfIzxDxQFqRbcVToKJRfmLq7pO8v/zXV3+4enu5L+zplgueRFHzl1cUoLR +Rb0fUEFXpzk07OVQ3uWcX+/jnDne5H7RA62WBvlpvIAl2nWIYZmNbvFRzqC6VtTe +eGXtKrKCznrE7w== -----END CERTIFICATE----- Certificate: Data: @@ -180,8 +180,8 @@ Certificate: Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Sep 19 23:03:51 2016 GMT - Not After : Jun 16 23:03:51 2019 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 0 CA/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -212,34 +212,34 @@ Certificate: X509v3 Authority Key Identifier: keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:B7:B6:90:33:66:1B:6B:23 + serial:86:FF:F5:8E:10:DE:B8:FB X509v3 Basic Constraints: CA:TRUE, pathlen:0 X509v3 Key Usage: Certificate Sign, CRL Sign Signature Algorithm: sha1WithRSAEncryption - a4:3b:22:20:6f:07:33:d0:ae:6d:13:fd:4f:48:dc:03:c6:9c: - e0:34:73:fa:e8:2f:aa:bd:15:1c:87:fe:6f:e4:c6:8e:36:b8: - b6:bb:53:c1:ea:e4:5c:d9:de:44:d5:05:89:88:79:d9:87:c9: - 05:78:57:bf:c0:25:1f:18:b6:f6:02:50:c8:b1:d1:0d:64:b0: - da:7e:68:e0:fa:64:68:51:1a:05:7f:7d:33:c5:27:71:0f:f6: - d7:72:19:7c:9f:57:34:5f:45:7a:b5:48:2e:d1:83:36:85:90: - 0c:c8:c1:be:3f:c3:7a:a3:ad:9b:3a:ce:a7:b4:50:1b:76:2e: - 8a:a4:a4:61:96:75:b4:a7:63:6e:7c:43:2f:98:18:39:92:57: - 87:54:76:37:73:53:37:cb:f1:95:34:11:9d:f4:94:e7:19:4a: - 9d:5f:91:cc:ff:b4:ed:39:53:82:42:86:2e:24:13:41:a4:4a: - 6c:d1:d9:00:ac:76:2c:59:9e:c4:28:33:b5:01:bf:74:63:01: - 23:8a:a8:78:e4:b7:e0:8b:ab:ec:b0:43:d8:0b:b8:ff:9e:62: - 0a:5d:e4:7c:73:f9:b4:d7:dd:6a:13:a5:28:05:90:f1:26:c1: - 4d:2b:db:a2:c6:f5:aa:13:19:a5:28:27:f8:c7:94:e8:ef:21: - 85:5b:32:02 + 8c:bd:c3:71:57:ce:dd:02:36:8c:d3:71:ec:d1:25:65:7b:48: + 4d:e2:77:d7:62:00:bd:0f:c9:50:4b:50:cb:d0:5a:8b:09:3f: + 21:d1:f5:1f:2f:14:44:87:0d:99:fa:0c:5c:1d:12:d8:e6:c5: + a0:2c:c1:12:ee:fa:3c:fd:e9:2e:23:58:be:60:a2:9f:e7:50: + be:d1:d8:2f:27:67:90:8a:1f:34:13:ca:81:07:bb:ca:de:86: + 59:bb:80:65:4f:b7:fa:5d:42:6d:e5:c8:08:25:5d:c9:78:3d: + 70:09:42:27:85:82:7f:5c:22:32:30:94:21:47:3f:09:bf:c4: + d2:1a:98:1b:f0:5d:3d:51:12:da:9f:1c:a7:44:d5:54:bc:5e: + 04:69:72:cc:cf:4f:f3:b1:d7:49:db:4c:0e:d1:42:8f:ad:ba: + 90:92:5b:7b:9d:13:8f:58:46:3d:a4:2d:9d:a2:9d:6d:4b:e5: + e4:d6:4c:61:a9:e1:78:33:5c:3d:78:0e:4f:0b:3d:fc:4a:6d: + 44:71:27:e1:1d:95:95:b6:9e:ba:0e:ca:72:01:fe:8e:f6:12: + ad:71:15:82:54:68:23:ea:49:0c:30:05:ea:1e:68:cc:c0:7c: + 63:04:8e:1b:fa:79:96:95:1b:a0:0d:af:f7:85:7d:09:49:24: + 2e:8f:9e:ff -----BEGIN CERTIFICATE----- MIIEuDCCA6CgAwIBAgIBZDANBgkqhkiG9w0BAQUFADCBlDELMAkGA1UEBhMCVVMx EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz -bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTYwOTE5 -MjMwMzUxWhcNMTkwNjE2MjMwMzUxWjCBmDELMAkGA1UEBhMCVVMxEzARBgNVBAgM +bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTgwNDEz +MTUyMzEwWhcNMjEwMTA3MTUyMzEwWjCBmDELMAkGA1UEBhMCVVMxEzARBgNVBAgM Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdvbGZTU0wg SW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxFDASBgNVBAMMC1NlcnZlciAwIENB MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIBIjANBgkqhkiG9w0B @@ -253,12 +253,12 @@ HQYDVR0OBBYEFLMRMsmSmITiyfjQO24DQsofDo48MIHJBgNVHSMEgcEwgb6AFCeO ZxF0wyYdP+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYDVQQGEwJVUzEQMA4GA1UE CAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3dG9vdGgx EzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEf -MB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIJALe2kDNmG2sjMA8GA1Ud -EwQIMAYBAf8CAQAwCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQCkOyIg -bwcz0K5tE/1PSNwDxpzgNHP66C+qvRUch/5v5MaONri2u1PB6uRc2d5E1QWJiHnZ -h8kFeFe/wCUfGLb2AlDIsdENZLDafmjg+mRoURoFf30zxSdxD/bXchl8n1c0X0V6 -tUgu0YM2hZAMyMG+P8N6o62bOs6ntFAbdi6KpKRhlnW0p2NufEMvmBg5kleHVHY3 -c1M3y/GVNBGd9JTnGUqdX5HM/7TtOVOCQoYuJBNBpEps0dkArHYsWZ7EKDO1Ab90 -YwEjiqh45Lfgi6vssEPYC7j/nmIKXeR8c/m0191qE6UoBZDxJsFNK9uixvWqExml -KCf4x5To7yGFWzIC +MB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIJAIb/9Y4Q3rj7MA8GA1Ud +EwQIMAYBAf8CAQAwCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQCMvcNx +V87dAjaM03Hs0SVle0hN4nfXYgC9D8lQS1DL0FqLCT8h0fUfLxREhw2Z+gxcHRLY +5sWgLMES7vo8/ekuI1i+YKKf51C+0dgvJ2eQih80E8qBB7vK3oZZu4BlT7f6XUJt +5cgIJV3JeD1wCUInhYJ/XCIyMJQhRz8Jv8TSGpgb8F09URLanxynRNVUvF4EaXLM +z0/zsddJ20wO0UKPrbqQklt7nROPWEY9pC2dop1tS+Xk1kxhqeF4M1w9eA5PCz38 +Sm1EcSfhHZWVtp66DspyAf6O9hKtcRWCVGgj6kkMMAXqHmjMwHxjBI4b+nmWlRug +Da/3hX0JSSQuj57/ -----END CERTIFICATE----- diff --git a/certs/test-pathlen/server-0-ca.pem b/certs/test-pathlen/server-0-ca.pem index a0cdea5ba..cbbdca9ea 100644 --- a/certs/test-pathlen/server-0-ca.pem +++ b/certs/test-pathlen/server-0-ca.pem @@ -5,8 +5,8 @@ Certificate: Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Sep 19 23:03:51 2016 GMT - Not After : Jun 16 23:03:51 2019 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 0 CA/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -37,34 +37,34 @@ Certificate: X509v3 Authority Key Identifier: keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:B7:B6:90:33:66:1B:6B:23 + serial:86:FF:F5:8E:10:DE:B8:FB X509v3 Basic Constraints: CA:TRUE, pathlen:0 X509v3 Key Usage: Certificate Sign, CRL Sign Signature Algorithm: sha1WithRSAEncryption - a4:3b:22:20:6f:07:33:d0:ae:6d:13:fd:4f:48:dc:03:c6:9c: - e0:34:73:fa:e8:2f:aa:bd:15:1c:87:fe:6f:e4:c6:8e:36:b8: - b6:bb:53:c1:ea:e4:5c:d9:de:44:d5:05:89:88:79:d9:87:c9: - 05:78:57:bf:c0:25:1f:18:b6:f6:02:50:c8:b1:d1:0d:64:b0: - da:7e:68:e0:fa:64:68:51:1a:05:7f:7d:33:c5:27:71:0f:f6: - d7:72:19:7c:9f:57:34:5f:45:7a:b5:48:2e:d1:83:36:85:90: - 0c:c8:c1:be:3f:c3:7a:a3:ad:9b:3a:ce:a7:b4:50:1b:76:2e: - 8a:a4:a4:61:96:75:b4:a7:63:6e:7c:43:2f:98:18:39:92:57: - 87:54:76:37:73:53:37:cb:f1:95:34:11:9d:f4:94:e7:19:4a: - 9d:5f:91:cc:ff:b4:ed:39:53:82:42:86:2e:24:13:41:a4:4a: - 6c:d1:d9:00:ac:76:2c:59:9e:c4:28:33:b5:01:bf:74:63:01: - 23:8a:a8:78:e4:b7:e0:8b:ab:ec:b0:43:d8:0b:b8:ff:9e:62: - 0a:5d:e4:7c:73:f9:b4:d7:dd:6a:13:a5:28:05:90:f1:26:c1: - 4d:2b:db:a2:c6:f5:aa:13:19:a5:28:27:f8:c7:94:e8:ef:21: - 85:5b:32:02 + 8c:bd:c3:71:57:ce:dd:02:36:8c:d3:71:ec:d1:25:65:7b:48: + 4d:e2:77:d7:62:00:bd:0f:c9:50:4b:50:cb:d0:5a:8b:09:3f: + 21:d1:f5:1f:2f:14:44:87:0d:99:fa:0c:5c:1d:12:d8:e6:c5: + a0:2c:c1:12:ee:fa:3c:fd:e9:2e:23:58:be:60:a2:9f:e7:50: + be:d1:d8:2f:27:67:90:8a:1f:34:13:ca:81:07:bb:ca:de:86: + 59:bb:80:65:4f:b7:fa:5d:42:6d:e5:c8:08:25:5d:c9:78:3d: + 70:09:42:27:85:82:7f:5c:22:32:30:94:21:47:3f:09:bf:c4: + d2:1a:98:1b:f0:5d:3d:51:12:da:9f:1c:a7:44:d5:54:bc:5e: + 04:69:72:cc:cf:4f:f3:b1:d7:49:db:4c:0e:d1:42:8f:ad:ba: + 90:92:5b:7b:9d:13:8f:58:46:3d:a4:2d:9d:a2:9d:6d:4b:e5: + e4:d6:4c:61:a9:e1:78:33:5c:3d:78:0e:4f:0b:3d:fc:4a:6d: + 44:71:27:e1:1d:95:95:b6:9e:ba:0e:ca:72:01:fe:8e:f6:12: + ad:71:15:82:54:68:23:ea:49:0c:30:05:ea:1e:68:cc:c0:7c: + 63:04:8e:1b:fa:79:96:95:1b:a0:0d:af:f7:85:7d:09:49:24: + 2e:8f:9e:ff -----BEGIN CERTIFICATE----- MIIEuDCCA6CgAwIBAgIBZDANBgkqhkiG9w0BAQUFADCBlDELMAkGA1UEBhMCVVMx EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz -bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTYwOTE5 -MjMwMzUxWhcNMTkwNjE2MjMwMzUxWjCBmDELMAkGA1UEBhMCVVMxEzARBgNVBAgM +bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTgwNDEz +MTUyMzEwWhcNMjEwMTA3MTUyMzEwWjCBmDELMAkGA1UEBhMCVVMxEzARBgNVBAgM Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdvbGZTU0wg SW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxFDASBgNVBAMMC1NlcnZlciAwIENB MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIBIjANBgkqhkiG9w0B @@ -78,12 +78,12 @@ HQYDVR0OBBYEFLMRMsmSmITiyfjQO24DQsofDo48MIHJBgNVHSMEgcEwgb6AFCeO ZxF0wyYdP+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYDVQQGEwJVUzEQMA4GA1UE CAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3dG9vdGgx EzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEf -MB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIJALe2kDNmG2sjMA8GA1Ud -EwQIMAYBAf8CAQAwCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQCkOyIg -bwcz0K5tE/1PSNwDxpzgNHP66C+qvRUch/5v5MaONri2u1PB6uRc2d5E1QWJiHnZ -h8kFeFe/wCUfGLb2AlDIsdENZLDafmjg+mRoURoFf30zxSdxD/bXchl8n1c0X0V6 -tUgu0YM2hZAMyMG+P8N6o62bOs6ntFAbdi6KpKRhlnW0p2NufEMvmBg5kleHVHY3 -c1M3y/GVNBGd9JTnGUqdX5HM/7TtOVOCQoYuJBNBpEps0dkArHYsWZ7EKDO1Ab90 -YwEjiqh45Lfgi6vssEPYC7j/nmIKXeR8c/m0191qE6UoBZDxJsFNK9uixvWqExml -KCf4x5To7yGFWzIC +MB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIJAIb/9Y4Q3rj7MA8GA1Ud +EwQIMAYBAf8CAQAwCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQCMvcNx +V87dAjaM03Hs0SVle0hN4nfXYgC9D8lQS1DL0FqLCT8h0fUfLxREhw2Z+gxcHRLY +5sWgLMES7vo8/ekuI1i+YKKf51C+0dgvJ2eQih80E8qBB7vK3oZZu4BlT7f6XUJt +5cgIJV3JeD1wCUInhYJ/XCIyMJQhRz8Jv8TSGpgb8F09URLanxynRNVUvF4EaXLM +z0/zsddJ20wO0UKPrbqQklt7nROPWEY9pC2dop1tS+Xk1kxhqeF4M1w9eA5PCz38 +Sm1EcSfhHZWVtp66DspyAf6O9hKtcRWCVGgj6kkMMAXqHmjMwHxjBI4b+nmWlRug +Da/3hX0JSSQuj57/ -----END CERTIFICATE----- diff --git a/certs/test-pathlen/server-0-cert.pem b/certs/test-pathlen/server-0-cert.pem index f9a7015af..c72ae8043 100644 --- a/certs/test-pathlen/server-0-cert.pem +++ b/certs/test-pathlen/server-0-cert.pem @@ -5,8 +5,8 @@ Certificate: Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 0 CA/emailAddress=info@wolfssl.com Validity - Not Before: Sep 20 00:03:21 2016 GMT - Not After : Jun 17 00:03:21 2019 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 0/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -42,27 +42,27 @@ Certificate: X509v3 Basic Constraints: CA:FALSE Signature Algorithm: sha1WithRSAEncryption - 09:2d:8f:57:0a:4c:f7:b1:30:48:1c:eb:00:c3:06:8c:d6:49: - dd:45:92:25:5c:29:1a:86:90:74:28:46:18:65:8f:fb:13:c4: - a7:85:3d:93:42:37:a1:44:aa:17:f6:b3:99:68:05:99:02:e5: - ac:cd:5e:3d:fc:fe:1f:a8:b2:2c:b4:2b:9c:a2:0b:94:f0:7b: - ef:5c:e9:ae:e5:fa:72:b9:a4:d5:b5:09:54:01:02:6a:da:09: - 0c:72:4b:14:bd:1d:64:b7:70:80:be:cd:33:86:5e:1f:a0:49: - 54:9d:af:eb:5c:dc:d5:15:97:7b:5f:8f:b3:6f:54:ce:16:f7: - d4:be:0b:40:f0:5b:31:54:04:49:37:d2:9d:c8:9a:05:1a:6e: - 27:db:37:60:de:32:a7:d9:33:da:4b:a8:9e:08:0a:13:c4:ec: - 75:e9:17:39:da:14:21:f5:c4:2b:9c:b6:31:ad:61:df:ed:52: - d2:d6:1f:d9:e0:f9:bb:29:15:9f:40:f5:e2:41:43:90:46:24: - e2:34:55:57:44:7b:46:c5:87:84:80:46:02:a5:db:7d:bc:0d: - 69:ce:aa:9e:3e:e3:7a:bf:69:61:88:f7:a1:6e:01:0b:f4:59: - c2:42:d4:e0:32:d4:13:16:8a:39:fe:0b:9d:31:26:47:92:8c: - 8f:1e:a4:4e + 3d:b1:b9:4a:c7:79:a6:1c:ea:27:76:16:32:3c:96:56:f3:62: + ce:2e:f5:78:d6:bd:e8:dd:07:2f:fc:38:3d:54:89:bd:ab:dd: + 39:58:4d:78:e3:37:d3:90:98:ea:9f:b9:72:96:eb:5d:28:22: + 2d:6c:8b:3a:c0:67:1d:3e:d5:bd:13:3e:f1:d7:c2:d7:ea:5f: + cc:da:57:58:c7:e6:66:e3:21:85:65:34:38:59:86:93:ae:1e: + 1c:ba:e5:19:80:96:20:5b:e9:9f:ea:c7:99:b1:db:89:17:7f: + f9:b4:e8:20:3f:34:e6:79:54:99:86:ee:8c:aa:c2:a3:ce:20: + c5:00:60:65:73:06:90:8a:88:12:7e:7a:ca:33:99:11:2e:84: + 82:cf:d7:df:83:73:c2:e6:9f:86:f1:f9:ba:ac:cb:95:ad:0f: + 3e:4b:1d:23:57:75:ce:57:bb:cc:78:a2:72:35:b3:c1:a2:e5: + 14:a6:b1:c2:0d:99:2b:83:95:8a:62:69:17:50:1f:9c:a5:0e: + 17:67:47:8a:a9:77:be:c2:03:3a:3b:2b:ab:fb:8a:22:81:e9: + 79:41:76:41:1b:ce:fc:68:24:40:83:88:10:ec:d6:3e:62:63: + de:f2:2d:bd:08:1d:a5:9b:4c:bc:82:56:59:66:2f:1a:c2:c7: + 60:9d:7a:f7 -----BEGIN CERTIFICATE----- MIIEnDCCA4SgAwIBAgIBZTANBgkqhkiG9w0BAQUFADCBmDELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxFDASBgNVBAMMC1Nl -cnZlciAwIENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE2 -MDkyMDAwMDMyMVoXDTE5MDYxNzAwMDMyMVowgZUxCzAJBgNVBAYTAlVTMRMwEQYD +cnZlciAwIENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE4 +MDQxMzE1MjMxMFoXDTIxMDEwNzE1MjMxMFowgZUxCzAJBgNVBAYTAlVTMRMwEQYD VQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRUwEwYDVQQKDAx3b2xm U1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMREwDwYDVQQDDAhTZXJ2ZXIg MDEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZIhvcN @@ -77,10 +77,10 @@ yZKYhOLJ+NA7bgNCyh8OjjyhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYDVQQI DAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290aDET MBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8w HQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggFkMAkGA1UdEwQCMAAwDQYJ -KoZIhvcNAQEFBQADggEBAAktj1cKTPexMEgc6wDDBozWSd1FkiVcKRqGkHQoRhhl -j/sTxKeFPZNCN6FEqhf2s5loBZkC5azNXj38/h+osiy0K5yiC5Twe+9c6a7l+nK5 -pNW1CVQBAmraCQxySxS9HWS3cIC+zTOGXh+gSVSdr+tc3NUVl3tfj7NvVM4W99S+ -C0DwWzFUBEk30p3ImgUabifbN2DeMqfZM9pLqJ4IChPE7HXpFznaFCH1xCuctjGt -Yd/tUtLWH9ng+bspFZ9A9eJBQ5BGJOI0VVdEe0bFh4SARgKl2328DWnOqp4+43q/ -aWGI96FuAQv0WcJC1OAy1BMWijn+C50xJkeSjI8epE4= +KoZIhvcNAQEFBQADggEBAD2xuUrHeaYc6id2FjI8llbzYs4u9XjWvejdBy/8OD1U +ib2r3TlYTXjjN9OQmOqfuXKW610oIi1sizrAZx0+1b0TPvHXwtfqX8zaV1jH5mbj +IYVlNDhZhpOuHhy65RmAliBb6Z/qx5mx24kXf/m06CA/NOZ5VJmG7oyqwqPOIMUA +YGVzBpCKiBJ+esozmREuhILP19+Dc8Lmn4bx+bqsy5WtDz5LHSNXdc5Xu8x4onI1 +s8Gi5RSmscINmSuDlYpiaRdQH5ylDhdnR4qpd77CAzo7K6v7iiKB6XlBdkEbzvxo +JECDiBDs1j5iY97yLb0IHaWbTLyCVllmLxrCx2Cdevc= -----END CERTIFICATE----- diff --git a/certs/test-pathlen/server-0-chain.pem b/certs/test-pathlen/server-0-chain.pem index 73c7d7346..a79c6458b 100644 --- a/certs/test-pathlen/server-0-chain.pem +++ b/certs/test-pathlen/server-0-chain.pem @@ -5,8 +5,8 @@ Certificate: Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 0 CA/emailAddress=info@wolfssl.com Validity - Not Before: Sep 20 00:03:21 2016 GMT - Not After : Jun 17 00:03:21 2019 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 0/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -42,27 +42,27 @@ Certificate: X509v3 Basic Constraints: CA:FALSE Signature Algorithm: sha1WithRSAEncryption - 09:2d:8f:57:0a:4c:f7:b1:30:48:1c:eb:00:c3:06:8c:d6:49: - dd:45:92:25:5c:29:1a:86:90:74:28:46:18:65:8f:fb:13:c4: - a7:85:3d:93:42:37:a1:44:aa:17:f6:b3:99:68:05:99:02:e5: - ac:cd:5e:3d:fc:fe:1f:a8:b2:2c:b4:2b:9c:a2:0b:94:f0:7b: - ef:5c:e9:ae:e5:fa:72:b9:a4:d5:b5:09:54:01:02:6a:da:09: - 0c:72:4b:14:bd:1d:64:b7:70:80:be:cd:33:86:5e:1f:a0:49: - 54:9d:af:eb:5c:dc:d5:15:97:7b:5f:8f:b3:6f:54:ce:16:f7: - d4:be:0b:40:f0:5b:31:54:04:49:37:d2:9d:c8:9a:05:1a:6e: - 27:db:37:60:de:32:a7:d9:33:da:4b:a8:9e:08:0a:13:c4:ec: - 75:e9:17:39:da:14:21:f5:c4:2b:9c:b6:31:ad:61:df:ed:52: - d2:d6:1f:d9:e0:f9:bb:29:15:9f:40:f5:e2:41:43:90:46:24: - e2:34:55:57:44:7b:46:c5:87:84:80:46:02:a5:db:7d:bc:0d: - 69:ce:aa:9e:3e:e3:7a:bf:69:61:88:f7:a1:6e:01:0b:f4:59: - c2:42:d4:e0:32:d4:13:16:8a:39:fe:0b:9d:31:26:47:92:8c: - 8f:1e:a4:4e + 3d:b1:b9:4a:c7:79:a6:1c:ea:27:76:16:32:3c:96:56:f3:62: + ce:2e:f5:78:d6:bd:e8:dd:07:2f:fc:38:3d:54:89:bd:ab:dd: + 39:58:4d:78:e3:37:d3:90:98:ea:9f:b9:72:96:eb:5d:28:22: + 2d:6c:8b:3a:c0:67:1d:3e:d5:bd:13:3e:f1:d7:c2:d7:ea:5f: + cc:da:57:58:c7:e6:66:e3:21:85:65:34:38:59:86:93:ae:1e: + 1c:ba:e5:19:80:96:20:5b:e9:9f:ea:c7:99:b1:db:89:17:7f: + f9:b4:e8:20:3f:34:e6:79:54:99:86:ee:8c:aa:c2:a3:ce:20: + c5:00:60:65:73:06:90:8a:88:12:7e:7a:ca:33:99:11:2e:84: + 82:cf:d7:df:83:73:c2:e6:9f:86:f1:f9:ba:ac:cb:95:ad:0f: + 3e:4b:1d:23:57:75:ce:57:bb:cc:78:a2:72:35:b3:c1:a2:e5: + 14:a6:b1:c2:0d:99:2b:83:95:8a:62:69:17:50:1f:9c:a5:0e: + 17:67:47:8a:a9:77:be:c2:03:3a:3b:2b:ab:fb:8a:22:81:e9: + 79:41:76:41:1b:ce:fc:68:24:40:83:88:10:ec:d6:3e:62:63: + de:f2:2d:bd:08:1d:a5:9b:4c:bc:82:56:59:66:2f:1a:c2:c7: + 60:9d:7a:f7 -----BEGIN CERTIFICATE----- MIIEnDCCA4SgAwIBAgIBZTANBgkqhkiG9w0BAQUFADCBmDELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxFDASBgNVBAMMC1Nl -cnZlciAwIENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE2 -MDkyMDAwMDMyMVoXDTE5MDYxNzAwMDMyMVowgZUxCzAJBgNVBAYTAlVTMRMwEQYD +cnZlciAwIENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE4 +MDQxMzE1MjMxMFoXDTIxMDEwNzE1MjMxMFowgZUxCzAJBgNVBAYTAlVTMRMwEQYD VQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRUwEwYDVQQKDAx3b2xm U1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMREwDwYDVQQDDAhTZXJ2ZXIg MDEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZIhvcN @@ -77,12 +77,12 @@ yZKYhOLJ+NA7bgNCyh8OjjyhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYDVQQI DAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290aDET MBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8w HQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggFkMAkGA1UdEwQCMAAwDQYJ -KoZIhvcNAQEFBQADggEBAAktj1cKTPexMEgc6wDDBozWSd1FkiVcKRqGkHQoRhhl -j/sTxKeFPZNCN6FEqhf2s5loBZkC5azNXj38/h+osiy0K5yiC5Twe+9c6a7l+nK5 -pNW1CVQBAmraCQxySxS9HWS3cIC+zTOGXh+gSVSdr+tc3NUVl3tfj7NvVM4W99S+ -C0DwWzFUBEk30p3ImgUabifbN2DeMqfZM9pLqJ4IChPE7HXpFznaFCH1xCuctjGt -Yd/tUtLWH9ng+bspFZ9A9eJBQ5BGJOI0VVdEe0bFh4SARgKl2328DWnOqp4+43q/ -aWGI96FuAQv0WcJC1OAy1BMWijn+C50xJkeSjI8epE4= +KoZIhvcNAQEFBQADggEBAD2xuUrHeaYc6id2FjI8llbzYs4u9XjWvejdBy/8OD1U +ib2r3TlYTXjjN9OQmOqfuXKW610oIi1sizrAZx0+1b0TPvHXwtfqX8zaV1jH5mbj +IYVlNDhZhpOuHhy65RmAliBb6Z/qx5mx24kXf/m06CA/NOZ5VJmG7oyqwqPOIMUA +YGVzBpCKiBJ+esozmREuhILP19+Dc8Lmn4bx+bqsy5WtDz5LHSNXdc5Xu8x4onI1 +s8Gi5RSmscINmSuDlYpiaRdQH5ylDhdnR4qpd77CAzo7K6v7iiKB6XlBdkEbzvxo +JECDiBDs1j5iY97yLb0IHaWbTLyCVllmLxrCx2Cdevc= -----END CERTIFICATE----- Certificate: Data: @@ -91,8 +91,8 @@ Certificate: Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Sep 19 23:03:51 2016 GMT - Not After : Jun 16 23:03:51 2019 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 0 CA/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -123,34 +123,34 @@ Certificate: X509v3 Authority Key Identifier: keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:B7:B6:90:33:66:1B:6B:23 + serial:86:FF:F5:8E:10:DE:B8:FB X509v3 Basic Constraints: CA:TRUE, pathlen:0 X509v3 Key Usage: Certificate Sign, CRL Sign Signature Algorithm: sha1WithRSAEncryption - a4:3b:22:20:6f:07:33:d0:ae:6d:13:fd:4f:48:dc:03:c6:9c: - e0:34:73:fa:e8:2f:aa:bd:15:1c:87:fe:6f:e4:c6:8e:36:b8: - b6:bb:53:c1:ea:e4:5c:d9:de:44:d5:05:89:88:79:d9:87:c9: - 05:78:57:bf:c0:25:1f:18:b6:f6:02:50:c8:b1:d1:0d:64:b0: - da:7e:68:e0:fa:64:68:51:1a:05:7f:7d:33:c5:27:71:0f:f6: - d7:72:19:7c:9f:57:34:5f:45:7a:b5:48:2e:d1:83:36:85:90: - 0c:c8:c1:be:3f:c3:7a:a3:ad:9b:3a:ce:a7:b4:50:1b:76:2e: - 8a:a4:a4:61:96:75:b4:a7:63:6e:7c:43:2f:98:18:39:92:57: - 87:54:76:37:73:53:37:cb:f1:95:34:11:9d:f4:94:e7:19:4a: - 9d:5f:91:cc:ff:b4:ed:39:53:82:42:86:2e:24:13:41:a4:4a: - 6c:d1:d9:00:ac:76:2c:59:9e:c4:28:33:b5:01:bf:74:63:01: - 23:8a:a8:78:e4:b7:e0:8b:ab:ec:b0:43:d8:0b:b8:ff:9e:62: - 0a:5d:e4:7c:73:f9:b4:d7:dd:6a:13:a5:28:05:90:f1:26:c1: - 4d:2b:db:a2:c6:f5:aa:13:19:a5:28:27:f8:c7:94:e8:ef:21: - 85:5b:32:02 + 8c:bd:c3:71:57:ce:dd:02:36:8c:d3:71:ec:d1:25:65:7b:48: + 4d:e2:77:d7:62:00:bd:0f:c9:50:4b:50:cb:d0:5a:8b:09:3f: + 21:d1:f5:1f:2f:14:44:87:0d:99:fa:0c:5c:1d:12:d8:e6:c5: + a0:2c:c1:12:ee:fa:3c:fd:e9:2e:23:58:be:60:a2:9f:e7:50: + be:d1:d8:2f:27:67:90:8a:1f:34:13:ca:81:07:bb:ca:de:86: + 59:bb:80:65:4f:b7:fa:5d:42:6d:e5:c8:08:25:5d:c9:78:3d: + 70:09:42:27:85:82:7f:5c:22:32:30:94:21:47:3f:09:bf:c4: + d2:1a:98:1b:f0:5d:3d:51:12:da:9f:1c:a7:44:d5:54:bc:5e: + 04:69:72:cc:cf:4f:f3:b1:d7:49:db:4c:0e:d1:42:8f:ad:ba: + 90:92:5b:7b:9d:13:8f:58:46:3d:a4:2d:9d:a2:9d:6d:4b:e5: + e4:d6:4c:61:a9:e1:78:33:5c:3d:78:0e:4f:0b:3d:fc:4a:6d: + 44:71:27:e1:1d:95:95:b6:9e:ba:0e:ca:72:01:fe:8e:f6:12: + ad:71:15:82:54:68:23:ea:49:0c:30:05:ea:1e:68:cc:c0:7c: + 63:04:8e:1b:fa:79:96:95:1b:a0:0d:af:f7:85:7d:09:49:24: + 2e:8f:9e:ff -----BEGIN CERTIFICATE----- MIIEuDCCA6CgAwIBAgIBZDANBgkqhkiG9w0BAQUFADCBlDELMAkGA1UEBhMCVVMx EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz -bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTYwOTE5 -MjMwMzUxWhcNMTkwNjE2MjMwMzUxWjCBmDELMAkGA1UEBhMCVVMxEzARBgNVBAgM +bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTgwNDEz +MTUyMzEwWhcNMjEwMTA3MTUyMzEwWjCBmDELMAkGA1UEBhMCVVMxEzARBgNVBAgM Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdvbGZTU0wg SW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxFDASBgNVBAMMC1NlcnZlciAwIENB MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIBIjANBgkqhkiG9w0B @@ -164,12 +164,12 @@ HQYDVR0OBBYEFLMRMsmSmITiyfjQO24DQsofDo48MIHJBgNVHSMEgcEwgb6AFCeO ZxF0wyYdP+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYDVQQGEwJVUzEQMA4GA1UE CAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3dG9vdGgx EzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEf -MB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIJALe2kDNmG2sjMA8GA1Ud -EwQIMAYBAf8CAQAwCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQCkOyIg -bwcz0K5tE/1PSNwDxpzgNHP66C+qvRUch/5v5MaONri2u1PB6uRc2d5E1QWJiHnZ -h8kFeFe/wCUfGLb2AlDIsdENZLDafmjg+mRoURoFf30zxSdxD/bXchl8n1c0X0V6 -tUgu0YM2hZAMyMG+P8N6o62bOs6ntFAbdi6KpKRhlnW0p2NufEMvmBg5kleHVHY3 -c1M3y/GVNBGd9JTnGUqdX5HM/7TtOVOCQoYuJBNBpEps0dkArHYsWZ7EKDO1Ab90 -YwEjiqh45Lfgi6vssEPYC7j/nmIKXeR8c/m0191qE6UoBZDxJsFNK9uixvWqExml -KCf4x5To7yGFWzIC +MB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIJAIb/9Y4Q3rj7MA8GA1Ud +EwQIMAYBAf8CAQAwCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQCMvcNx +V87dAjaM03Hs0SVle0hN4nfXYgC9D8lQS1DL0FqLCT8h0fUfLxREhw2Z+gxcHRLY +5sWgLMES7vo8/ekuI1i+YKKf51C+0dgvJ2eQih80E8qBB7vK3oZZu4BlT7f6XUJt +5cgIJV3JeD1wCUInhYJ/XCIyMJQhRz8Jv8TSGpgb8F09URLanxynRNVUvF4EaXLM +z0/zsddJ20wO0UKPrbqQklt7nROPWEY9pC2dop1tS+Xk1kxhqeF4M1w9eA5PCz38 +Sm1EcSfhHZWVtp66DspyAf6O9hKtcRWCVGgj6kkMMAXqHmjMwHxjBI4b+nmWlRug +Da/3hX0JSSQuj57/ -----END CERTIFICATE----- diff --git a/certs/test-pathlen/server-1-0-ca.pem b/certs/test-pathlen/server-1-0-ca.pem index 055d0fe2e..bba882ee5 100644 --- a/certs/test-pathlen/server-1-0-ca.pem +++ b/certs/test-pathlen/server-1-0-ca.pem @@ -5,8 +5,8 @@ Certificate: Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 1 CA/emailAddress=info@wolfssl.com Validity - Not Before: Sep 20 21:23:18 2016 GMT - Not After : Jun 16 21:23:18 2019 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 1-0 CA/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -44,27 +44,27 @@ Certificate: X509v3 Key Usage: Certificate Sign, CRL Sign Signature Algorithm: sha1WithRSAEncryption - 37:78:ec:5f:82:05:c6:19:f6:3a:be:82:5f:1e:d3:69:26:20: - 92:f2:24:e8:6d:5f:44:70:ca:bd:53:24:ab:1f:58:6b:24:08: - d0:3a:a6:46:d3:1d:63:7c:22:8b:4a:e2:69:9e:de:03:08:91: - b5:37:bb:55:fe:91:fc:b4:2f:ce:9f:58:f7:80:6c:77:ed:82: - 6d:93:f0:30:9b:42:21:dc:98:64:87:df:f5:2f:f6:90:d9:af: - 7b:e0:98:68:07:3a:bd:70:60:e6:c8:4b:a2:c7:aa:9d:3b:cf: - 79:07:44:57:86:cc:e2:3a:7d:b1:ee:c7:61:48:8c:0e:b0:8d: - 0c:f6:c2:3e:e2:68:2d:50:a7:ac:5b:86:6e:f5:d1:5e:24:dd: - b7:c4:23:c0:90:82:e1:4f:bb:a7:6f:94:d3:9b:a3:28:30:12: - 8b:57:18:79:91:92:44:97:ff:08:75:49:74:3b:a8:91:ca:30: - e0:d0:5b:90:b7:26:14:69:b8:fe:72:fa:cd:8a:da:75:28:6d: - e2:e4:82:83:83:01:e4:60:c8:67:5b:ef:04:a9:29:2a:6d:64: - 1a:fc:fd:52:57:57:56:b3:bb:06:0e:e5:5f:22:d1:88:6b:12: - aa:f1:d5:91:09:c9:5c:1c:55:18:e6:34:fa:cd:d7:aa:bf:04: - fa:58:7d:cf + 2b:e5:fc:8a:56:f9:f4:37:84:c8:9a:b4:9d:46:33:24:9d:03: + 59:a2:c7:dd:31:75:31:ac:bf:f2:78:15:7d:31:82:dd:f4:d1: + e8:f8:01:ac:02:cb:b6:32:5f:18:a5:20:37:1e:5d:3f:29:f6: + 8a:4b:16:c3:64:5e:98:6d:09:3b:6f:24:fe:58:c0:12:1f:86: + 18:0e:4d:e8:d9:bd:4d:44:e6:58:0d:69:fb:52:4d:b5:da:38: + 6d:c0:59:70:f5:5a:6b:51:98:f8:94:bd:d6:14:72:1f:38:fd: + 63:53:c6:f6:eb:f5:f2:c0:ce:b3:fc:35:6e:7a:78:32:28:dd: + 90:65:a1:03:02:69:2c:c9:04:22:70:c4:a8:44:8e:88:99:1c: + 3d:fb:21:a3:b0:d5:f1:29:d0:b8:44:6b:e5:34:bb:74:49:f2: + 29:10:e2:74:98:d5:11:68:a0:c1:b1:15:ae:cc:5f:d9:bb:83: + 78:7f:d2:3f:aa:c0:fc:a3:36:24:bf:b2:ab:94:7f:86:79:94: + 23:dc:8d:4d:83:fa:9d:00:ed:14:15:c7:2c:1d:e2:05:6f:2e: + ba:f9:af:9c:6a:ef:05:0c:64:2d:f8:0a:61:7b:2d:67:3e:f1: + fb:2b:e3:09:47:98:2e:a5:68:64:7a:f8:67:5a:56:b8:68:42: + 90:8d:3b:cb -----BEGIN CERTIFICATE----- MIIEtjCCA56gAwIBAgIBZzANBgkqhkiG9w0BAQUFADCBmDELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxFDASBgNVBAMMC1Nl -cnZlciAxIENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE2 -MDkyMDIxMjMxOFoXDTE5MDYxNjIxMjMxOFowgZoxCzAJBgNVBAYTAlVTMRMwEQYD +cnZlciAxIENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE4 +MDQxMzE1MjMxMFoXDTIxMDEwNzE1MjMxMFowgZoxCzAJBgNVBAYTAlVTMRMwEQYD VQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRUwEwYDVQQKDAx3b2xm U1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMRYwFAYDVQQDDA1TZXJ2ZXIg MS0wIENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIBIjANBgkq @@ -79,11 +79,11 @@ gbaAFLMRMsmSmITiyfjQO24DQsofDo48oYGapIGXMIGUMQswCQYDVQQGEwJVUzEQ MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3 dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIBZjAPBgNVHRME -CDAGAQH/AgEAMAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAN3jsX4IF -xhn2Or6CXx7TaSYgkvIk6G1fRHDKvVMkqx9YayQI0DqmRtMdY3wii0riaZ7eAwiR -tTe7Vf6R/LQvzp9Y94Bsd+2CbZPwMJtCIdyYZIff9S/2kNmve+CYaAc6vXBg5shL -oseqnTvPeQdEV4bM4jp9se7HYUiMDrCNDPbCPuJoLVCnrFuGbvXRXiTdt8QjwJCC -4U+7p2+U05ujKDASi1cYeZGSRJf/CHVJdDuokcow4NBbkLcmFGm4/nL6zYradSht -4uSCg4MB5GDIZ1vvBKkpKm1kGvz9UldXVrO7Bg7lXyLRiGsSqvHVkQnJXBxVGOY0 -+s3Xqr8E+lh9zw== +CDAGAQH/AgEAMAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAK+X8ilb5 +9DeEyJq0nUYzJJ0DWaLH3TF1May/8ngVfTGC3fTR6PgBrALLtjJfGKUgNx5dPyn2 +iksWw2RemG0JO28k/ljAEh+GGA5N6Nm9TUTmWA1p+1JNtdo4bcBZcPVaa1GY+JS9 +1hRyHzj9Y1PG9uv18sDOs/w1bnp4MijdkGWhAwJpLMkEInDEqESOiJkcPfsho7DV +8SnQuERr5TS7dEnyKRDidJjVEWigwbEVrsxf2buDeH/SP6rA/KM2JL+yq5R/hnmU +I9yNTYP6nQDtFBXHLB3iBW8uuvmvnGrvBQxkLfgKYXstZz7x+yvjCUeYLqVoZHr4 +Z1pWuGhCkI07yw== -----END CERTIFICATE----- diff --git a/certs/test-pathlen/server-1-0-cert.pem b/certs/test-pathlen/server-1-0-cert.pem index 78f215e38..fd21f61fb 100644 --- a/certs/test-pathlen/server-1-0-cert.pem +++ b/certs/test-pathlen/server-1-0-cert.pem @@ -5,8 +5,8 @@ Certificate: Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 1-0 CA/emailAddress=info@wolfssl.com Validity - Not Before: Sep 20 00:07:57 2016 GMT - Not After : Jun 17 00:07:57 2019 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 1-0/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -42,27 +42,27 @@ Certificate: X509v3 Basic Constraints: CA:FALSE Signature Algorithm: sha1WithRSAEncryption - 6d:98:b9:e7:03:b3:0e:36:15:f5:6f:6c:60:59:9d:60:95:cb: - 8c:31:f6:b7:7d:27:6a:37:99:79:cb:06:89:4a:87:c8:a6:d7: - 86:46:5c:f3:02:f9:37:98:3a:d2:59:3a:37:59:7e:46:58:ee: - 18:b2:77:a9:85:39:45:e1:05:d4:a7:bc:1e:cc:4a:a3:be:1e: - 7e:58:15:79:c4:25:8f:1d:3f:f4:e2:5d:3c:c1:a5:45:f3:e0: - fd:97:96:49:78:c7:c7:e2:e9:78:97:91:9c:44:a3:f9:b4:cc: - 14:61:b4:03:55:ef:d2:33:3b:8d:8e:01:e1:a1:27:a4:1e:66: - 06:13:0b:e0:5b:6b:69:8a:8a:c8:c5:a9:a3:8f:6e:dd:25:03: - 5f:3f:65:21:8e:d5:b2:dc:0e:e1:b6:d2:fd:9c:d8:99:33:f6: - 4b:8c:71:2b:9e:0a:3a:40:a5:28:ef:d8:65:fb:08:2f:f4:e9: - 2b:d6:7c:9c:09:1c:6e:aa:f0:7f:67:13:dc:a3:e6:fa:5c:49: - 04:ba:55:d4:3e:4d:17:3d:e9:13:bf:b1:95:e8:71:41:47:4a: - 73:52:97:85:71:ac:a1:b7:32:82:64:77:c2:53:5c:f0:35:81: - 34:10:77:09:69:04:73:05:39:b6:62:2e:fd:37:a4:20:3e:40: - 98:a5:e5:dc + 88:e6:c7:a7:fc:33:31:f6:e3:1d:fe:92:c5:69:59:07:cb:70: + 7a:18:8a:cc:4c:10:7a:6b:f4:1a:32:78:1f:55:90:72:8d:e2: + 78:93:86:b6:9d:2f:3b:12:cc:f6:81:87:59:0b:54:61:b4:ea: + da:7a:4c:27:82:49:89:78:41:f4:57:58:b2:17:fc:f1:35:c7: + 20:a9:51:84:21:e9:4a:68:5c:1b:1d:2c:1a:b3:47:93:27:59: + a4:e4:73:e8:b8:30:5b:b7:5f:1f:10:07:59:0c:bd:d4:a6:e1: + 7c:d6:91:23:4e:b9:fd:85:22:4c:06:f3:08:58:18:48:85:db: + 46:40:b1:d7:9f:13:b5:aa:34:a5:b9:38:ff:b7:08:1a:5e:e3: + 76:80:16:6c:b9:8e:57:51:dc:5e:a1:03:e6:e9:ee:ac:a2:d0: + 26:3d:ff:97:96:0b:66:06:9a:c9:26:4a:c1:a3:02:f5:47:d5: + 87:d9:ea:a8:af:21:70:77:f8:9b:15:ec:c0:ee:fd:d4:16:b7: + 8a:4d:c0:8f:25:2d:6b:dd:dd:6f:4c:7f:b5:6c:59:b7:a4:7c: + e9:52:a9:bc:79:8a:62:7c:ab:a1:ec:0b:fa:5b:6e:f8:db:11: + 72:a1:e9:c6:4a:83:82:64:ea:4e:13:44:d4:04:17:c3:ee:8d: + ea:4b:9b:69 -----BEGIN CERTIFICATE----- MIIEpDCCA4ygAwIBAgIBaDANBgkqhkiG9w0BAQUFADCBmjELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxFjAUBgNVBAMMDVNl cnZlciAxLTAgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcN -MTYwOTIwMDAwNzU3WhcNMTkwNjE3MDAwNzU3WjCBlzELMAkGA1UEBhMCVVMxEzAR +MTgwNDEzMTUyMzEwWhcNMjEwMTA3MTUyMzEwWjCBlzELMAkGA1UEBhMCVVMxEzAR BgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdv bGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxEzARBgNVBAMMClNlcnZl ciAxLTAxHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqG @@ -77,10 +77,10 @@ FLMRMsmSmITiyfjQO24DQsofDo48oYGepIGbMIGYMQswCQYDVQQGEwJVUzETMBEG A1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEVMBMGA1UECgwMd29s ZlNTTCBJbmMuMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEUMBIGA1UEAwwLU2VydmVy IDEgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CAWcwCQYDVR0T -BAIwADANBgkqhkiG9w0BAQUFAAOCAQEAbZi55wOzDjYV9W9sYFmdYJXLjDH2t30n -ajeZecsGiUqHyKbXhkZc8wL5N5g60lk6N1l+RljuGLJ3qYU5ReEF1Ke8HsxKo74e -flgVecQljx0/9OJdPMGlRfPg/ZeWSXjHx+LpeJeRnESj+bTMFGG0A1Xv0jM7jY4B -4aEnpB5mBhML4FtraYqKyMWpo49u3SUDXz9lIY7VstwO4bbS/ZzYmTP2S4xxK54K -OkClKO/YZfsIL/TpK9Z8nAkcbqrwf2cT3KPm+lxJBLpV1D5NFz3pE7+xlehxQUdK -c1KXhXGsobcygmR3wlNc8DWBNBB3CWkEcwU5tmIu/TekID5AmKXl3A== +BAIwADANBgkqhkiG9w0BAQUFAAOCAQEAiObHp/wzMfbjHf6SxWlZB8twehiKzEwQ +emv0GjJ4H1WQco3ieJOGtp0vOxLM9oGHWQtUYbTq2npMJ4JJiXhB9FdYshf88TXH +IKlRhCHpSmhcGx0sGrNHkydZpORz6LgwW7dfHxAHWQy91KbhfNaRI065/YUiTAbz +CFgYSIXbRkCx158Ttao0pbk4/7cIGl7jdoAWbLmOV1HcXqED5unurKLQJj3/l5YL +ZgaaySZKwaMC9UfVh9nqqK8hcHf4mxXswO791Ba3ik3AjyUta93db0x/tWxZt6R8 +6VKpvHmKYnyroewL+ltu+NsRcqHpxkqDgmTqThNE1AQXw+6N6kubaQ== -----END CERTIFICATE----- diff --git a/certs/test-pathlen/server-1-0-chain.pem b/certs/test-pathlen/server-1-0-chain.pem index 38aa3733d..15b3b5d5f 100644 --- a/certs/test-pathlen/server-1-0-chain.pem +++ b/certs/test-pathlen/server-1-0-chain.pem @@ -5,8 +5,8 @@ Certificate: Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 1-0 CA/emailAddress=info@wolfssl.com Validity - Not Before: Sep 20 00:07:57 2016 GMT - Not After : Jun 17 00:07:57 2019 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 1-0/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -42,27 +42,27 @@ Certificate: X509v3 Basic Constraints: CA:FALSE Signature Algorithm: sha1WithRSAEncryption - 6d:98:b9:e7:03:b3:0e:36:15:f5:6f:6c:60:59:9d:60:95:cb: - 8c:31:f6:b7:7d:27:6a:37:99:79:cb:06:89:4a:87:c8:a6:d7: - 86:46:5c:f3:02:f9:37:98:3a:d2:59:3a:37:59:7e:46:58:ee: - 18:b2:77:a9:85:39:45:e1:05:d4:a7:bc:1e:cc:4a:a3:be:1e: - 7e:58:15:79:c4:25:8f:1d:3f:f4:e2:5d:3c:c1:a5:45:f3:e0: - fd:97:96:49:78:c7:c7:e2:e9:78:97:91:9c:44:a3:f9:b4:cc: - 14:61:b4:03:55:ef:d2:33:3b:8d:8e:01:e1:a1:27:a4:1e:66: - 06:13:0b:e0:5b:6b:69:8a:8a:c8:c5:a9:a3:8f:6e:dd:25:03: - 5f:3f:65:21:8e:d5:b2:dc:0e:e1:b6:d2:fd:9c:d8:99:33:f6: - 4b:8c:71:2b:9e:0a:3a:40:a5:28:ef:d8:65:fb:08:2f:f4:e9: - 2b:d6:7c:9c:09:1c:6e:aa:f0:7f:67:13:dc:a3:e6:fa:5c:49: - 04:ba:55:d4:3e:4d:17:3d:e9:13:bf:b1:95:e8:71:41:47:4a: - 73:52:97:85:71:ac:a1:b7:32:82:64:77:c2:53:5c:f0:35:81: - 34:10:77:09:69:04:73:05:39:b6:62:2e:fd:37:a4:20:3e:40: - 98:a5:e5:dc + 88:e6:c7:a7:fc:33:31:f6:e3:1d:fe:92:c5:69:59:07:cb:70: + 7a:18:8a:cc:4c:10:7a:6b:f4:1a:32:78:1f:55:90:72:8d:e2: + 78:93:86:b6:9d:2f:3b:12:cc:f6:81:87:59:0b:54:61:b4:ea: + da:7a:4c:27:82:49:89:78:41:f4:57:58:b2:17:fc:f1:35:c7: + 20:a9:51:84:21:e9:4a:68:5c:1b:1d:2c:1a:b3:47:93:27:59: + a4:e4:73:e8:b8:30:5b:b7:5f:1f:10:07:59:0c:bd:d4:a6:e1: + 7c:d6:91:23:4e:b9:fd:85:22:4c:06:f3:08:58:18:48:85:db: + 46:40:b1:d7:9f:13:b5:aa:34:a5:b9:38:ff:b7:08:1a:5e:e3: + 76:80:16:6c:b9:8e:57:51:dc:5e:a1:03:e6:e9:ee:ac:a2:d0: + 26:3d:ff:97:96:0b:66:06:9a:c9:26:4a:c1:a3:02:f5:47:d5: + 87:d9:ea:a8:af:21:70:77:f8:9b:15:ec:c0:ee:fd:d4:16:b7: + 8a:4d:c0:8f:25:2d:6b:dd:dd:6f:4c:7f:b5:6c:59:b7:a4:7c: + e9:52:a9:bc:79:8a:62:7c:ab:a1:ec:0b:fa:5b:6e:f8:db:11: + 72:a1:e9:c6:4a:83:82:64:ea:4e:13:44:d4:04:17:c3:ee:8d: + ea:4b:9b:69 -----BEGIN CERTIFICATE----- MIIEpDCCA4ygAwIBAgIBaDANBgkqhkiG9w0BAQUFADCBmjELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxFjAUBgNVBAMMDVNl cnZlciAxLTAgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcN -MTYwOTIwMDAwNzU3WhcNMTkwNjE3MDAwNzU3WjCBlzELMAkGA1UEBhMCVVMxEzAR +MTgwNDEzMTUyMzEwWhcNMjEwMTA3MTUyMzEwWjCBlzELMAkGA1UEBhMCVVMxEzAR BgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdv bGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxEzARBgNVBAMMClNlcnZl ciAxLTAxHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqG @@ -77,12 +77,12 @@ FLMRMsmSmITiyfjQO24DQsofDo48oYGepIGbMIGYMQswCQYDVQQGEwJVUzETMBEG A1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEVMBMGA1UECgwMd29s ZlNTTCBJbmMuMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEUMBIGA1UEAwwLU2VydmVy IDEgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CAWcwCQYDVR0T -BAIwADANBgkqhkiG9w0BAQUFAAOCAQEAbZi55wOzDjYV9W9sYFmdYJXLjDH2t30n -ajeZecsGiUqHyKbXhkZc8wL5N5g60lk6N1l+RljuGLJ3qYU5ReEF1Ke8HsxKo74e -flgVecQljx0/9OJdPMGlRfPg/ZeWSXjHx+LpeJeRnESj+bTMFGG0A1Xv0jM7jY4B -4aEnpB5mBhML4FtraYqKyMWpo49u3SUDXz9lIY7VstwO4bbS/ZzYmTP2S4xxK54K -OkClKO/YZfsIL/TpK9Z8nAkcbqrwf2cT3KPm+lxJBLpV1D5NFz3pE7+xlehxQUdK -c1KXhXGsobcygmR3wlNc8DWBNBB3CWkEcwU5tmIu/TekID5AmKXl3A== +BAIwADANBgkqhkiG9w0BAQUFAAOCAQEAiObHp/wzMfbjHf6SxWlZB8twehiKzEwQ +emv0GjJ4H1WQco3ieJOGtp0vOxLM9oGHWQtUYbTq2npMJ4JJiXhB9FdYshf88TXH +IKlRhCHpSmhcGx0sGrNHkydZpORz6LgwW7dfHxAHWQy91KbhfNaRI065/YUiTAbz +CFgYSIXbRkCx158Ttao0pbk4/7cIGl7jdoAWbLmOV1HcXqED5unurKLQJj3/l5YL +ZgaaySZKwaMC9UfVh9nqqK8hcHf4mxXswO791Ba3ik3AjyUta93db0x/tWxZt6R8 +6VKpvHmKYnyroewL+ltu+NsRcqHpxkqDgmTqThNE1AQXw+6N6kubaQ== -----END CERTIFICATE----- Certificate: Data: @@ -91,8 +91,8 @@ Certificate: Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 1 CA/emailAddress=info@wolfssl.com Validity - Not Before: Sep 20 21:23:18 2016 GMT - Not After : Jun 16 21:23:18 2019 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 1-0 CA/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -130,27 +130,27 @@ Certificate: X509v3 Key Usage: Certificate Sign, CRL Sign Signature Algorithm: sha1WithRSAEncryption - 37:78:ec:5f:82:05:c6:19:f6:3a:be:82:5f:1e:d3:69:26:20: - 92:f2:24:e8:6d:5f:44:70:ca:bd:53:24:ab:1f:58:6b:24:08: - d0:3a:a6:46:d3:1d:63:7c:22:8b:4a:e2:69:9e:de:03:08:91: - b5:37:bb:55:fe:91:fc:b4:2f:ce:9f:58:f7:80:6c:77:ed:82: - 6d:93:f0:30:9b:42:21:dc:98:64:87:df:f5:2f:f6:90:d9:af: - 7b:e0:98:68:07:3a:bd:70:60:e6:c8:4b:a2:c7:aa:9d:3b:cf: - 79:07:44:57:86:cc:e2:3a:7d:b1:ee:c7:61:48:8c:0e:b0:8d: - 0c:f6:c2:3e:e2:68:2d:50:a7:ac:5b:86:6e:f5:d1:5e:24:dd: - b7:c4:23:c0:90:82:e1:4f:bb:a7:6f:94:d3:9b:a3:28:30:12: - 8b:57:18:79:91:92:44:97:ff:08:75:49:74:3b:a8:91:ca:30: - e0:d0:5b:90:b7:26:14:69:b8:fe:72:fa:cd:8a:da:75:28:6d: - e2:e4:82:83:83:01:e4:60:c8:67:5b:ef:04:a9:29:2a:6d:64: - 1a:fc:fd:52:57:57:56:b3:bb:06:0e:e5:5f:22:d1:88:6b:12: - aa:f1:d5:91:09:c9:5c:1c:55:18:e6:34:fa:cd:d7:aa:bf:04: - fa:58:7d:cf + 2b:e5:fc:8a:56:f9:f4:37:84:c8:9a:b4:9d:46:33:24:9d:03: + 59:a2:c7:dd:31:75:31:ac:bf:f2:78:15:7d:31:82:dd:f4:d1: + e8:f8:01:ac:02:cb:b6:32:5f:18:a5:20:37:1e:5d:3f:29:f6: + 8a:4b:16:c3:64:5e:98:6d:09:3b:6f:24:fe:58:c0:12:1f:86: + 18:0e:4d:e8:d9:bd:4d:44:e6:58:0d:69:fb:52:4d:b5:da:38: + 6d:c0:59:70:f5:5a:6b:51:98:f8:94:bd:d6:14:72:1f:38:fd: + 63:53:c6:f6:eb:f5:f2:c0:ce:b3:fc:35:6e:7a:78:32:28:dd: + 90:65:a1:03:02:69:2c:c9:04:22:70:c4:a8:44:8e:88:99:1c: + 3d:fb:21:a3:b0:d5:f1:29:d0:b8:44:6b:e5:34:bb:74:49:f2: + 29:10:e2:74:98:d5:11:68:a0:c1:b1:15:ae:cc:5f:d9:bb:83: + 78:7f:d2:3f:aa:c0:fc:a3:36:24:bf:b2:ab:94:7f:86:79:94: + 23:dc:8d:4d:83:fa:9d:00:ed:14:15:c7:2c:1d:e2:05:6f:2e: + ba:f9:af:9c:6a:ef:05:0c:64:2d:f8:0a:61:7b:2d:67:3e:f1: + fb:2b:e3:09:47:98:2e:a5:68:64:7a:f8:67:5a:56:b8:68:42: + 90:8d:3b:cb -----BEGIN CERTIFICATE----- MIIEtjCCA56gAwIBAgIBZzANBgkqhkiG9w0BAQUFADCBmDELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxFDASBgNVBAMMC1Nl -cnZlciAxIENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE2 -MDkyMDIxMjMxOFoXDTE5MDYxNjIxMjMxOFowgZoxCzAJBgNVBAYTAlVTMRMwEQYD +cnZlciAxIENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE4 +MDQxMzE1MjMxMFoXDTIxMDEwNzE1MjMxMFowgZoxCzAJBgNVBAYTAlVTMRMwEQYD VQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRUwEwYDVQQKDAx3b2xm U1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMRYwFAYDVQQDDA1TZXJ2ZXIg MS0wIENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIBIjANBgkq @@ -165,13 +165,13 @@ gbaAFLMRMsmSmITiyfjQO24DQsofDo48oYGapIGXMIGUMQswCQYDVQQGEwJVUzEQ MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3 dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIBZjAPBgNVHRME -CDAGAQH/AgEAMAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAN3jsX4IF -xhn2Or6CXx7TaSYgkvIk6G1fRHDKvVMkqx9YayQI0DqmRtMdY3wii0riaZ7eAwiR -tTe7Vf6R/LQvzp9Y94Bsd+2CbZPwMJtCIdyYZIff9S/2kNmve+CYaAc6vXBg5shL -oseqnTvPeQdEV4bM4jp9se7HYUiMDrCNDPbCPuJoLVCnrFuGbvXRXiTdt8QjwJCC -4U+7p2+U05ujKDASi1cYeZGSRJf/CHVJdDuokcow4NBbkLcmFGm4/nL6zYradSht -4uSCg4MB5GDIZ1vvBKkpKm1kGvz9UldXVrO7Bg7lXyLRiGsSqvHVkQnJXBxVGOY0 -+s3Xqr8E+lh9zw== +CDAGAQH/AgEAMAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAK+X8ilb5 +9DeEyJq0nUYzJJ0DWaLH3TF1May/8ngVfTGC3fTR6PgBrALLtjJfGKUgNx5dPyn2 +iksWw2RemG0JO28k/ljAEh+GGA5N6Nm9TUTmWA1p+1JNtdo4bcBZcPVaa1GY+JS9 +1hRyHzj9Y1PG9uv18sDOs/w1bnp4MijdkGWhAwJpLMkEInDEqESOiJkcPfsho7DV +8SnQuERr5TS7dEnyKRDidJjVEWigwbEVrsxf2buDeH/SP6rA/KM2JL+yq5R/hnmU +I9yNTYP6nQDtFBXHLB3iBW8uuvmvnGrvBQxkLfgKYXstZz7x+yvjCUeYLqVoZHr4 +Z1pWuGhCkI07yw== -----END CERTIFICATE----- Certificate: Data: @@ -180,8 +180,8 @@ Certificate: Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Sep 19 23:16:34 2016 GMT - Not After : Jun 16 23:16:34 2019 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 1 CA/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -212,34 +212,34 @@ Certificate: X509v3 Authority Key Identifier: keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:B7:B6:90:33:66:1B:6B:23 + serial:86:FF:F5:8E:10:DE:B8:FB X509v3 Basic Constraints: CA:TRUE, pathlen:1 X509v3 Key Usage: Certificate Sign, CRL Sign Signature Algorithm: sha1WithRSAEncryption - 83:fd:d4:aa:5d:ba:bd:55:4a:76:80:0b:7b:fb:ac:61:46:e5: - e7:0d:2c:2b:85:d3:6a:af:40:4c:f1:51:2b:7d:8b:52:ce:77: - 4e:73:39:b2:77:79:95:a6:49:b9:8c:c3:99:8d:d5:71:f4:33: - ca:dc:5a:81:7a:b3:ec:1e:97:ee:c8:b8:c7:ec:7e:91:74:5c: - 0a:78:e3:db:a4:6f:90:69:4c:4a:a8:4c:cd:96:f3:8e:94:31: - 86:48:b4:77:0a:c6:ee:8d:43:c9:2e:11:86:4c:0d:67:e0:8b: - 4c:d2:84:9d:18:88:ef:93:34:bb:69:93:c0:96:a0:d1:4f:b7: - 7e:a8:05:99:09:8e:39:66:13:8d:91:fe:05:12:c7:99:6a:2f: - 38:5e:58:2f:5d:0c:54:14:6b:c9:8a:dc:c2:21:ce:44:38:09: - f3:13:96:23:12:a6:fc:24:a1:bc:8c:7e:65:9c:1f:e3:f9:58: - a4:42:b7:20:97:29:c6:f2:b7:61:d2:67:25:ba:bb:c0:79:00: - 69:e1:30:6d:46:1d:ee:6e:44:ee:7d:9a:35:ef:bb:41:b4:ac: - e0:78:9e:ef:c5:e4:19:09:05:22:0d:06:b3:16:52:df:90:fc: - d5:fb:6f:52:bd:44:55:13:4b:86:81:0b:a9:75:74:64:33:32: - 8f:98:a8:50 + 38:60:36:73:96:77:51:dc:fe:99:5a:1d:b4:b8:0e:c2:1b:96: + 13:b0:e9:6c:42:24:db:d2:20:6c:0c:1b:2e:d4:de:cb:7b:fd: + 0f:91:7d:18:23:50:87:29:51:fc:97:1c:8a:2f:3a:5c:89:59: + 18:54:24:d3:5b:6c:f9:5d:99:11:2c:2d:4d:1f:6b:e6:59:4e: + e8:ba:37:b5:f8:b0:44:3d:e5:47:4d:ac:b0:a0:55:6b:89:a3: + e4:65:87:91:5f:71:51:55:e6:ea:30:d0:13:a1:11:b2:04:b1: + c7:62:cc:55:2e:ac:d4:87:a1:87:48:7a:45:bc:2b:c5:c5:90: + 1a:a2:98:93:63:6c:97:18:a3:18:58:7a:ba:b3:84:8f:ed:b3: + 9a:bf:5a:31:2f:4e:24:43:74:7a:23:dd:c3:7b:76:8b:6c:aa: + ad:76:d9:39:4b:7f:e5:c2:24:65:75:b5:1c:29:ca:c4:a3:9d: + 6d:d6:9f:cd:05:3b:c5:54:db:76:01:51:dc:2e:60:08:74:81: + 83:1b:d1:e8:77:3e:ac:67:49:f6:1b:4c:5e:56:6a:93:40:15: + 86:dc:c0:c1:70:7d:62:66:ed:ff:32:2d:b6:f8:0f:a4:4f:75: + 92:22:37:04:3a:32:16:e8:bc:b6:15:a4:0f:17:6e:72:6e:43: + 1a:13:d9:87 -----BEGIN CERTIFICATE----- MIIEuDCCA6CgAwIBAgIBZjANBgkqhkiG9w0BAQUFADCBlDELMAkGA1UEBhMCVVMx EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz -bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTYwOTE5 -MjMxNjM0WhcNMTkwNjE2MjMxNjM0WjCBmDELMAkGA1UEBhMCVVMxEzARBgNVBAgM +bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTgwNDEz +MTUyMzEwWhcNMjEwMTA3MTUyMzEwWjCBmDELMAkGA1UEBhMCVVMxEzARBgNVBAgM Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdvbGZTU0wg SW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxFDASBgNVBAMMC1NlcnZlciAxIENB MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIBIjANBgkqhkiG9w0B @@ -253,12 +253,12 @@ HQYDVR0OBBYEFLMRMsmSmITiyfjQO24DQsofDo48MIHJBgNVHSMEgcEwgb6AFCeO ZxF0wyYdP+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYDVQQGEwJVUzEQMA4GA1UE CAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3dG9vdGgx EzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEf -MB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIJALe2kDNmG2sjMA8GA1Ud -EwQIMAYBAf8CAQEwCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQCD/dSq -Xbq9VUp2gAt7+6xhRuXnDSwrhdNqr0BM8VErfYtSzndOczmyd3mVpkm5jMOZjdVx -9DPK3FqBerPsHpfuyLjH7H6RdFwKeOPbpG+QaUxKqEzNlvOOlDGGSLR3CsbujUPJ -LhGGTA1n4ItM0oSdGIjvkzS7aZPAlqDRT7d+qAWZCY45ZhONkf4FEseZai84Xlgv -XQxUFGvJitzCIc5EOAnzE5YjEqb8JKG8jH5lnB/j+VikQrcglynG8rdh0mclurvA -eQBp4TBtRh3ubkTufZo177tBtKzgeJ7vxeQZCQUiDQazFlLfkPzV+29SvURVE0uG -gQupdXRkMzKPmKhQ +MB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIJAIb/9Y4Q3rj7MA8GA1Ud +EwQIMAYBAf8CAQEwCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQA4YDZz +lndR3P6ZWh20uA7CG5YTsOlsQiTb0iBsDBsu1N7Le/0PkX0YI1CHKVH8lxyKLzpc +iVkYVCTTW2z5XZkRLC1NH2vmWU7ouje1+LBEPeVHTaywoFVriaPkZYeRX3FRVebq +MNAToRGyBLHHYsxVLqzUh6GHSHpFvCvFxZAaopiTY2yXGKMYWHq6s4SP7bOav1ox +L04kQ3R6I93De3aLbKqtdtk5S3/lwiRldbUcKcrEo51t1p/NBTvFVNt2AVHcLmAI +dIGDG9Hodz6sZ0n2G0xeVmqTQBWG3MDBcH1iZu3/Mi22+A+kT3WSIjcEOjIW6Ly2 +FaQPF25ybkMaE9mH -----END CERTIFICATE----- diff --git a/certs/test-pathlen/server-1-ca.pem b/certs/test-pathlen/server-1-ca.pem index f13f3e949..d1625ee40 100644 --- a/certs/test-pathlen/server-1-ca.pem +++ b/certs/test-pathlen/server-1-ca.pem @@ -5,8 +5,8 @@ Certificate: Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Sep 19 23:16:34 2016 GMT - Not After : Jun 16 23:16:34 2019 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 1 CA/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -37,34 +37,34 @@ Certificate: X509v3 Authority Key Identifier: keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:B7:B6:90:33:66:1B:6B:23 + serial:86:FF:F5:8E:10:DE:B8:FB X509v3 Basic Constraints: CA:TRUE, pathlen:1 X509v3 Key Usage: Certificate Sign, CRL Sign Signature Algorithm: sha1WithRSAEncryption - 83:fd:d4:aa:5d:ba:bd:55:4a:76:80:0b:7b:fb:ac:61:46:e5: - e7:0d:2c:2b:85:d3:6a:af:40:4c:f1:51:2b:7d:8b:52:ce:77: - 4e:73:39:b2:77:79:95:a6:49:b9:8c:c3:99:8d:d5:71:f4:33: - ca:dc:5a:81:7a:b3:ec:1e:97:ee:c8:b8:c7:ec:7e:91:74:5c: - 0a:78:e3:db:a4:6f:90:69:4c:4a:a8:4c:cd:96:f3:8e:94:31: - 86:48:b4:77:0a:c6:ee:8d:43:c9:2e:11:86:4c:0d:67:e0:8b: - 4c:d2:84:9d:18:88:ef:93:34:bb:69:93:c0:96:a0:d1:4f:b7: - 7e:a8:05:99:09:8e:39:66:13:8d:91:fe:05:12:c7:99:6a:2f: - 38:5e:58:2f:5d:0c:54:14:6b:c9:8a:dc:c2:21:ce:44:38:09: - f3:13:96:23:12:a6:fc:24:a1:bc:8c:7e:65:9c:1f:e3:f9:58: - a4:42:b7:20:97:29:c6:f2:b7:61:d2:67:25:ba:bb:c0:79:00: - 69:e1:30:6d:46:1d:ee:6e:44:ee:7d:9a:35:ef:bb:41:b4:ac: - e0:78:9e:ef:c5:e4:19:09:05:22:0d:06:b3:16:52:df:90:fc: - d5:fb:6f:52:bd:44:55:13:4b:86:81:0b:a9:75:74:64:33:32: - 8f:98:a8:50 + 38:60:36:73:96:77:51:dc:fe:99:5a:1d:b4:b8:0e:c2:1b:96: + 13:b0:e9:6c:42:24:db:d2:20:6c:0c:1b:2e:d4:de:cb:7b:fd: + 0f:91:7d:18:23:50:87:29:51:fc:97:1c:8a:2f:3a:5c:89:59: + 18:54:24:d3:5b:6c:f9:5d:99:11:2c:2d:4d:1f:6b:e6:59:4e: + e8:ba:37:b5:f8:b0:44:3d:e5:47:4d:ac:b0:a0:55:6b:89:a3: + e4:65:87:91:5f:71:51:55:e6:ea:30:d0:13:a1:11:b2:04:b1: + c7:62:cc:55:2e:ac:d4:87:a1:87:48:7a:45:bc:2b:c5:c5:90: + 1a:a2:98:93:63:6c:97:18:a3:18:58:7a:ba:b3:84:8f:ed:b3: + 9a:bf:5a:31:2f:4e:24:43:74:7a:23:dd:c3:7b:76:8b:6c:aa: + ad:76:d9:39:4b:7f:e5:c2:24:65:75:b5:1c:29:ca:c4:a3:9d: + 6d:d6:9f:cd:05:3b:c5:54:db:76:01:51:dc:2e:60:08:74:81: + 83:1b:d1:e8:77:3e:ac:67:49:f6:1b:4c:5e:56:6a:93:40:15: + 86:dc:c0:c1:70:7d:62:66:ed:ff:32:2d:b6:f8:0f:a4:4f:75: + 92:22:37:04:3a:32:16:e8:bc:b6:15:a4:0f:17:6e:72:6e:43: + 1a:13:d9:87 -----BEGIN CERTIFICATE----- MIIEuDCCA6CgAwIBAgIBZjANBgkqhkiG9w0BAQUFADCBlDELMAkGA1UEBhMCVVMx EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz -bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTYwOTE5 -MjMxNjM0WhcNMTkwNjE2MjMxNjM0WjCBmDELMAkGA1UEBhMCVVMxEzARBgNVBAgM +bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTgwNDEz +MTUyMzEwWhcNMjEwMTA3MTUyMzEwWjCBmDELMAkGA1UEBhMCVVMxEzARBgNVBAgM Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdvbGZTU0wg SW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxFDASBgNVBAMMC1NlcnZlciAxIENB MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIBIjANBgkqhkiG9w0B @@ -78,12 +78,12 @@ HQYDVR0OBBYEFLMRMsmSmITiyfjQO24DQsofDo48MIHJBgNVHSMEgcEwgb6AFCeO ZxF0wyYdP+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYDVQQGEwJVUzEQMA4GA1UE CAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3dG9vdGgx EzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEf -MB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIJALe2kDNmG2sjMA8GA1Ud -EwQIMAYBAf8CAQEwCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQCD/dSq -Xbq9VUp2gAt7+6xhRuXnDSwrhdNqr0BM8VErfYtSzndOczmyd3mVpkm5jMOZjdVx -9DPK3FqBerPsHpfuyLjH7H6RdFwKeOPbpG+QaUxKqEzNlvOOlDGGSLR3CsbujUPJ -LhGGTA1n4ItM0oSdGIjvkzS7aZPAlqDRT7d+qAWZCY45ZhONkf4FEseZai84Xlgv -XQxUFGvJitzCIc5EOAnzE5YjEqb8JKG8jH5lnB/j+VikQrcglynG8rdh0mclurvA -eQBp4TBtRh3ubkTufZo177tBtKzgeJ7vxeQZCQUiDQazFlLfkPzV+29SvURVE0uG -gQupdXRkMzKPmKhQ +MB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIJAIb/9Y4Q3rj7MA8GA1Ud +EwQIMAYBAf8CAQEwCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQA4YDZz +lndR3P6ZWh20uA7CG5YTsOlsQiTb0iBsDBsu1N7Le/0PkX0YI1CHKVH8lxyKLzpc +iVkYVCTTW2z5XZkRLC1NH2vmWU7ouje1+LBEPeVHTaywoFVriaPkZYeRX3FRVebq +MNAToRGyBLHHYsxVLqzUh6GHSHpFvCvFxZAaopiTY2yXGKMYWHq6s4SP7bOav1ox +L04kQ3R6I93De3aLbKqtdtk5S3/lwiRldbUcKcrEo51t1p/NBTvFVNt2AVHcLmAI +dIGDG9Hodz6sZ0n2G0xeVmqTQBWG3MDBcH1iZu3/Mi22+A+kT3WSIjcEOjIW6Ly2 +FaQPF25ybkMaE9mH -----END CERTIFICATE----- diff --git a/certs/test-pathlen/server-1-cert.pem b/certs/test-pathlen/server-1-cert.pem index beb05ecce..c091d8e59 100644 --- a/certs/test-pathlen/server-1-cert.pem +++ b/certs/test-pathlen/server-1-cert.pem @@ -5,8 +5,8 @@ Certificate: Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 1 CA/emailAddress=info@wolfssl.com Validity - Not Before: Sep 20 00:06:27 2016 GMT - Not After : Jun 17 00:06:27 2019 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 1/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -42,27 +42,27 @@ Certificate: X509v3 Basic Constraints: CA:FALSE Signature Algorithm: sha1WithRSAEncryption - 13:f9:04:1c:01:40:c5:1c:e9:51:fc:95:da:cb:d1:44:9f:25: - 63:e8:85:f7:85:78:f1:ac:01:2d:25:34:16:96:62:a8:5a:fd: - 41:a2:2a:60:b1:c3:97:92:59:0d:ba:2c:74:ae:a5:ff:ae:3d: - 22:99:1e:ca:f9:89:4e:7c:c1:65:00:0e:84:61:3f:2d:5f:47: - 7f:a9:90:bf:fa:83:64:55:2c:0c:ec:34:92:59:07:b0:86:9d: - 66:a4:d4:16:82:e1:a8:ab:d1:12:00:b2:a4:af:c7:69:c4:54: - 0b:bb:4f:64:9b:77:94:ed:5d:aa:42:70:4e:7c:5f:ae:46:91: - 17:95:0b:27:b3:fd:28:87:34:8c:a8:4e:7d:07:9e:c1:d4:fd: - 6b:e5:c5:a9:ca:c3:24:35:26:b5:7e:aa:11:78:f4:fa:c7:66: - 59:cd:58:8f:13:7a:cf:00:8d:ba:75:8d:0d:ed:ca:ef:70:93: - d7:8c:d9:a4:c0:4b:b1:00:b3:da:5f:71:a6:6a:4d:3b:40:36: - 76:12:75:45:50:a1:32:ca:14:76:9d:d8:3d:92:7e:80:e1:d0: - 24:c3:a1:56:77:06:a6:d8:d3:f3:18:c1:69:d4:e3:4d:95:2b: - 05:00:1b:e5:2a:a8:ca:69:01:7e:c4:c8:e5:e5:09:b5:3b:65: - 73:5f:ba:46 + 0a:13:4d:88:d8:79:0d:79:f7:44:0d:81:c8:5d:c4:ae:86:b5: + a3:ed:58:20:83:f4:6c:15:bc:1f:fc:fb:de:c5:88:1f:41:19: + 0b:a9:5f:21:39:87:33:0f:fe:e2:3c:e4:b3:94:9e:eb:0b:6f: + 40:c0:e2:c3:bd:2d:04:c4:ca:67:32:3d:44:89:60:de:b8:df: + 1d:07:4a:f6:50:94:2d:9e:57:f7:21:89:66:af:1c:fc:67:d0: + 14:59:46:12:bd:6e:cb:ea:cd:30:2d:f4:4c:9f:57:64:33:96: + 71:4b:71:cc:3a:da:40:46:03:88:4c:3e:b1:86:fd:48:af:61: + 42:f0:05:78:2a:f8:10:ec:11:f5:32:95:f6:83:d4:fc:d2:d3: + 0c:33:a6:22:62:2f:f1:4b:b6:ec:85:69:8c:19:16:9e:65:06: + 4d:71:2b:e1:36:25:a6:86:29:52:92:28:f9:5e:d3:b3:e4:fa: + 69:8f:d6:ee:39:6f:66:57:89:fa:9d:e5:05:d6:fe:53:0a:1d: + 18:aa:05:27:da:11:3d:a2:55:cb:31:f9:8d:78:07:56:db:a4: + 46:a2:07:e6:92:7b:8c:b9:65:7b:5c:05:29:aa:18:3e:a3:a2: + ff:4e:84:52:d7:06:72:eb:6c:ee:cc:93:88:77:85:2f:f0:99: + 65:32:58:b4 -----BEGIN CERTIFICATE----- MIIEnDCCA4SgAwIBAgIBaTANBgkqhkiG9w0BAQUFADCBmDELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxFDASBgNVBAMMC1Nl -cnZlciAxIENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE2 -MDkyMDAwMDYyN1oXDTE5MDYxNzAwMDYyN1owgZUxCzAJBgNVBAYTAlVTMRMwEQYD +cnZlciAxIENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE4 +MDQxMzE1MjMxMFoXDTIxMDEwNzE1MjMxMFowgZUxCzAJBgNVBAYTAlVTMRMwEQYD VQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRUwEwYDVQQKDAx3b2xm U1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMREwDwYDVQQDDAhTZXJ2ZXIg MTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZIhvcN @@ -77,10 +77,10 @@ yZKYhOLJ+NA7bgNCyh8OjjyhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYDVQQI DAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290aDET MBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8w HQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggFmMAkGA1UdEwQCMAAwDQYJ -KoZIhvcNAQEFBQADggEBABP5BBwBQMUc6VH8ldrL0USfJWPohfeFePGsAS0lNBaW -Yqha/UGiKmCxw5eSWQ26LHSupf+uPSKZHsr5iU58wWUADoRhPy1fR3+pkL/6g2RV -LAzsNJJZB7CGnWak1BaC4air0RIAsqSvx2nEVAu7T2Sbd5TtXapCcE58X65GkReV -Cyez/SiHNIyoTn0HnsHU/WvlxanKwyQ1JrV+qhF49PrHZlnNWI8Tes8Ajbp1jQ3t -yu9wk9eM2aTAS7EAs9pfcaZqTTtANnYSdUVQoTLKFHad2D2SfoDh0CTDoVZ3BqbY -0/MYwWnU402VKwUAG+UqqMppAX7EyOXlCbU7ZXNfukY= +KoZIhvcNAQEFBQADggEBAAoTTYjYeQ1590QNgchdxK6GtaPtWCCD9GwVvB/8+97F +iB9BGQupXyE5hzMP/uI85LOUnusLb0DA4sO9LQTEymcyPUSJYN643x0HSvZQlC2e +V/chiWavHPxn0BRZRhK9bsvqzTAt9EyfV2QzlnFLccw62kBGA4hMPrGG/UivYULw +BXgq+BDsEfUylfaD1PzS0wwzpiJiL/FLtuyFaYwZFp5lBk1xK+E2JaaGKVKSKPle +07Pk+mmP1u45b2ZXifqd5QXW/lMKHRiqBSfaET2iVcsx+Y14B1bbpEaiB+aSe4y5 +ZXtcBSmqGD6jov9OhFLXBnLrbO7Mk4h3hS/wmWUyWLQ= -----END CERTIFICATE----- diff --git a/certs/test-pathlen/server-1-chain.pem b/certs/test-pathlen/server-1-chain.pem index c4e9c445e..80ab114c9 100644 --- a/certs/test-pathlen/server-1-chain.pem +++ b/certs/test-pathlen/server-1-chain.pem @@ -5,8 +5,8 @@ Certificate: Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 1 CA/emailAddress=info@wolfssl.com Validity - Not Before: Sep 20 00:06:27 2016 GMT - Not After : Jun 17 00:06:27 2019 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 1/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -42,27 +42,27 @@ Certificate: X509v3 Basic Constraints: CA:FALSE Signature Algorithm: sha1WithRSAEncryption - 13:f9:04:1c:01:40:c5:1c:e9:51:fc:95:da:cb:d1:44:9f:25: - 63:e8:85:f7:85:78:f1:ac:01:2d:25:34:16:96:62:a8:5a:fd: - 41:a2:2a:60:b1:c3:97:92:59:0d:ba:2c:74:ae:a5:ff:ae:3d: - 22:99:1e:ca:f9:89:4e:7c:c1:65:00:0e:84:61:3f:2d:5f:47: - 7f:a9:90:bf:fa:83:64:55:2c:0c:ec:34:92:59:07:b0:86:9d: - 66:a4:d4:16:82:e1:a8:ab:d1:12:00:b2:a4:af:c7:69:c4:54: - 0b:bb:4f:64:9b:77:94:ed:5d:aa:42:70:4e:7c:5f:ae:46:91: - 17:95:0b:27:b3:fd:28:87:34:8c:a8:4e:7d:07:9e:c1:d4:fd: - 6b:e5:c5:a9:ca:c3:24:35:26:b5:7e:aa:11:78:f4:fa:c7:66: - 59:cd:58:8f:13:7a:cf:00:8d:ba:75:8d:0d:ed:ca:ef:70:93: - d7:8c:d9:a4:c0:4b:b1:00:b3:da:5f:71:a6:6a:4d:3b:40:36: - 76:12:75:45:50:a1:32:ca:14:76:9d:d8:3d:92:7e:80:e1:d0: - 24:c3:a1:56:77:06:a6:d8:d3:f3:18:c1:69:d4:e3:4d:95:2b: - 05:00:1b:e5:2a:a8:ca:69:01:7e:c4:c8:e5:e5:09:b5:3b:65: - 73:5f:ba:46 + 0a:13:4d:88:d8:79:0d:79:f7:44:0d:81:c8:5d:c4:ae:86:b5: + a3:ed:58:20:83:f4:6c:15:bc:1f:fc:fb:de:c5:88:1f:41:19: + 0b:a9:5f:21:39:87:33:0f:fe:e2:3c:e4:b3:94:9e:eb:0b:6f: + 40:c0:e2:c3:bd:2d:04:c4:ca:67:32:3d:44:89:60:de:b8:df: + 1d:07:4a:f6:50:94:2d:9e:57:f7:21:89:66:af:1c:fc:67:d0: + 14:59:46:12:bd:6e:cb:ea:cd:30:2d:f4:4c:9f:57:64:33:96: + 71:4b:71:cc:3a:da:40:46:03:88:4c:3e:b1:86:fd:48:af:61: + 42:f0:05:78:2a:f8:10:ec:11:f5:32:95:f6:83:d4:fc:d2:d3: + 0c:33:a6:22:62:2f:f1:4b:b6:ec:85:69:8c:19:16:9e:65:06: + 4d:71:2b:e1:36:25:a6:86:29:52:92:28:f9:5e:d3:b3:e4:fa: + 69:8f:d6:ee:39:6f:66:57:89:fa:9d:e5:05:d6:fe:53:0a:1d: + 18:aa:05:27:da:11:3d:a2:55:cb:31:f9:8d:78:07:56:db:a4: + 46:a2:07:e6:92:7b:8c:b9:65:7b:5c:05:29:aa:18:3e:a3:a2: + ff:4e:84:52:d7:06:72:eb:6c:ee:cc:93:88:77:85:2f:f0:99: + 65:32:58:b4 -----BEGIN CERTIFICATE----- MIIEnDCCA4SgAwIBAgIBaTANBgkqhkiG9w0BAQUFADCBmDELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxFDASBgNVBAMMC1Nl -cnZlciAxIENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE2 -MDkyMDAwMDYyN1oXDTE5MDYxNzAwMDYyN1owgZUxCzAJBgNVBAYTAlVTMRMwEQYD +cnZlciAxIENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE4 +MDQxMzE1MjMxMFoXDTIxMDEwNzE1MjMxMFowgZUxCzAJBgNVBAYTAlVTMRMwEQYD VQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRUwEwYDVQQKDAx3b2xm U1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMREwDwYDVQQDDAhTZXJ2ZXIg MTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZIhvcN @@ -77,12 +77,12 @@ yZKYhOLJ+NA7bgNCyh8OjjyhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYDVQQI DAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290aDET MBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8w HQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggFmMAkGA1UdEwQCMAAwDQYJ -KoZIhvcNAQEFBQADggEBABP5BBwBQMUc6VH8ldrL0USfJWPohfeFePGsAS0lNBaW -Yqha/UGiKmCxw5eSWQ26LHSupf+uPSKZHsr5iU58wWUADoRhPy1fR3+pkL/6g2RV -LAzsNJJZB7CGnWak1BaC4air0RIAsqSvx2nEVAu7T2Sbd5TtXapCcE58X65GkReV -Cyez/SiHNIyoTn0HnsHU/WvlxanKwyQ1JrV+qhF49PrHZlnNWI8Tes8Ajbp1jQ3t -yu9wk9eM2aTAS7EAs9pfcaZqTTtANnYSdUVQoTLKFHad2D2SfoDh0CTDoVZ3BqbY -0/MYwWnU402VKwUAG+UqqMppAX7EyOXlCbU7ZXNfukY= +KoZIhvcNAQEFBQADggEBAAoTTYjYeQ1590QNgchdxK6GtaPtWCCD9GwVvB/8+97F +iB9BGQupXyE5hzMP/uI85LOUnusLb0DA4sO9LQTEymcyPUSJYN643x0HSvZQlC2e +V/chiWavHPxn0BRZRhK9bsvqzTAt9EyfV2QzlnFLccw62kBGA4hMPrGG/UivYULw +BXgq+BDsEfUylfaD1PzS0wwzpiJiL/FLtuyFaYwZFp5lBk1xK+E2JaaGKVKSKPle +07Pk+mmP1u45b2ZXifqd5QXW/lMKHRiqBSfaET2iVcsx+Y14B1bbpEaiB+aSe4y5 +ZXtcBSmqGD6jov9OhFLXBnLrbO7Mk4h3hS/wmWUyWLQ= -----END CERTIFICATE----- Certificate: Data: @@ -91,8 +91,8 @@ Certificate: Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Sep 19 23:16:34 2016 GMT - Not After : Jun 16 23:16:34 2019 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 1 CA/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -123,34 +123,34 @@ Certificate: X509v3 Authority Key Identifier: keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:B7:B6:90:33:66:1B:6B:23 + serial:86:FF:F5:8E:10:DE:B8:FB X509v3 Basic Constraints: CA:TRUE, pathlen:1 X509v3 Key Usage: Certificate Sign, CRL Sign Signature Algorithm: sha1WithRSAEncryption - 83:fd:d4:aa:5d:ba:bd:55:4a:76:80:0b:7b:fb:ac:61:46:e5: - e7:0d:2c:2b:85:d3:6a:af:40:4c:f1:51:2b:7d:8b:52:ce:77: - 4e:73:39:b2:77:79:95:a6:49:b9:8c:c3:99:8d:d5:71:f4:33: - ca:dc:5a:81:7a:b3:ec:1e:97:ee:c8:b8:c7:ec:7e:91:74:5c: - 0a:78:e3:db:a4:6f:90:69:4c:4a:a8:4c:cd:96:f3:8e:94:31: - 86:48:b4:77:0a:c6:ee:8d:43:c9:2e:11:86:4c:0d:67:e0:8b: - 4c:d2:84:9d:18:88:ef:93:34:bb:69:93:c0:96:a0:d1:4f:b7: - 7e:a8:05:99:09:8e:39:66:13:8d:91:fe:05:12:c7:99:6a:2f: - 38:5e:58:2f:5d:0c:54:14:6b:c9:8a:dc:c2:21:ce:44:38:09: - f3:13:96:23:12:a6:fc:24:a1:bc:8c:7e:65:9c:1f:e3:f9:58: - a4:42:b7:20:97:29:c6:f2:b7:61:d2:67:25:ba:bb:c0:79:00: - 69:e1:30:6d:46:1d:ee:6e:44:ee:7d:9a:35:ef:bb:41:b4:ac: - e0:78:9e:ef:c5:e4:19:09:05:22:0d:06:b3:16:52:df:90:fc: - d5:fb:6f:52:bd:44:55:13:4b:86:81:0b:a9:75:74:64:33:32: - 8f:98:a8:50 + 38:60:36:73:96:77:51:dc:fe:99:5a:1d:b4:b8:0e:c2:1b:96: + 13:b0:e9:6c:42:24:db:d2:20:6c:0c:1b:2e:d4:de:cb:7b:fd: + 0f:91:7d:18:23:50:87:29:51:fc:97:1c:8a:2f:3a:5c:89:59: + 18:54:24:d3:5b:6c:f9:5d:99:11:2c:2d:4d:1f:6b:e6:59:4e: + e8:ba:37:b5:f8:b0:44:3d:e5:47:4d:ac:b0:a0:55:6b:89:a3: + e4:65:87:91:5f:71:51:55:e6:ea:30:d0:13:a1:11:b2:04:b1: + c7:62:cc:55:2e:ac:d4:87:a1:87:48:7a:45:bc:2b:c5:c5:90: + 1a:a2:98:93:63:6c:97:18:a3:18:58:7a:ba:b3:84:8f:ed:b3: + 9a:bf:5a:31:2f:4e:24:43:74:7a:23:dd:c3:7b:76:8b:6c:aa: + ad:76:d9:39:4b:7f:e5:c2:24:65:75:b5:1c:29:ca:c4:a3:9d: + 6d:d6:9f:cd:05:3b:c5:54:db:76:01:51:dc:2e:60:08:74:81: + 83:1b:d1:e8:77:3e:ac:67:49:f6:1b:4c:5e:56:6a:93:40:15: + 86:dc:c0:c1:70:7d:62:66:ed:ff:32:2d:b6:f8:0f:a4:4f:75: + 92:22:37:04:3a:32:16:e8:bc:b6:15:a4:0f:17:6e:72:6e:43: + 1a:13:d9:87 -----BEGIN CERTIFICATE----- MIIEuDCCA6CgAwIBAgIBZjANBgkqhkiG9w0BAQUFADCBlDELMAkGA1UEBhMCVVMx EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz -bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTYwOTE5 -MjMxNjM0WhcNMTkwNjE2MjMxNjM0WjCBmDELMAkGA1UEBhMCVVMxEzARBgNVBAgM +bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTgwNDEz +MTUyMzEwWhcNMjEwMTA3MTUyMzEwWjCBmDELMAkGA1UEBhMCVVMxEzARBgNVBAgM Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdvbGZTU0wg SW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxFDASBgNVBAMMC1NlcnZlciAxIENB MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIBIjANBgkqhkiG9w0B @@ -164,12 +164,12 @@ HQYDVR0OBBYEFLMRMsmSmITiyfjQO24DQsofDo48MIHJBgNVHSMEgcEwgb6AFCeO ZxF0wyYdP+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYDVQQGEwJVUzEQMA4GA1UE CAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3dG9vdGgx EzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEf -MB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIJALe2kDNmG2sjMA8GA1Ud -EwQIMAYBAf8CAQEwCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQCD/dSq -Xbq9VUp2gAt7+6xhRuXnDSwrhdNqr0BM8VErfYtSzndOczmyd3mVpkm5jMOZjdVx -9DPK3FqBerPsHpfuyLjH7H6RdFwKeOPbpG+QaUxKqEzNlvOOlDGGSLR3CsbujUPJ -LhGGTA1n4ItM0oSdGIjvkzS7aZPAlqDRT7d+qAWZCY45ZhONkf4FEseZai84Xlgv -XQxUFGvJitzCIc5EOAnzE5YjEqb8JKG8jH5lnB/j+VikQrcglynG8rdh0mclurvA -eQBp4TBtRh3ubkTufZo177tBtKzgeJ7vxeQZCQUiDQazFlLfkPzV+29SvURVE0uG -gQupdXRkMzKPmKhQ +MB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIJAIb/9Y4Q3rj7MA8GA1Ud +EwQIMAYBAf8CAQEwCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQA4YDZz +lndR3P6ZWh20uA7CG5YTsOlsQiTb0iBsDBsu1N7Le/0PkX0YI1CHKVH8lxyKLzpc +iVkYVCTTW2z5XZkRLC1NH2vmWU7ouje1+LBEPeVHTaywoFVriaPkZYeRX3FRVebq +MNAToRGyBLHHYsxVLqzUh6GHSHpFvCvFxZAaopiTY2yXGKMYWHq6s4SP7bOav1ox +L04kQ3R6I93De3aLbKqtdtk5S3/lwiRldbUcKcrEo51t1p/NBTvFVNt2AVHcLmAI +dIGDG9Hodz6sZ0n2G0xeVmqTQBWG3MDBcH1iZu3/Mi22+A+kT3WSIjcEOjIW6Ly2 +FaQPF25ybkMaE9mH -----END CERTIFICATE----- diff --git a/certs/test-pathlen/server-127-ca.pem b/certs/test-pathlen/server-127-ca.pem index b89598548..a2189c6f3 100644 --- a/certs/test-pathlen/server-127-ca.pem +++ b/certs/test-pathlen/server-127-ca.pem @@ -5,8 +5,8 @@ Certificate: Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Sep 19 23:24:16 2016 GMT - Not After : Jun 16 23:24:16 2019 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 127 CA/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -37,34 +37,34 @@ Certificate: X509v3 Authority Key Identifier: keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:B7:B6:90:33:66:1B:6B:23 + serial:86:FF:F5:8E:10:DE:B8:FB X509v3 Basic Constraints: CA:TRUE, pathlen:127 X509v3 Key Usage: Certificate Sign, CRL Sign Signature Algorithm: sha1WithRSAEncryption - 34:c3:f2:9a:80:df:5c:8a:b4:c1:08:f5:c6:72:a2:74:90:1d: - e9:f9:7a:e7:6e:3b:df:be:01:28:6b:10:ee:5f:9d:8d:5b:7a: - fc:40:12:7f:b6:bb:ac:d9:07:73:78:d0:4f:53:5d:f8:c3:50: - ba:f7:76:a2:e5:12:fa:8f:01:24:a2:b7:8a:e4:6c:0b:62:51: - 37:39:4a:90:eb:11:16:26:58:44:ed:3f:41:57:8e:32:7a:e4: - 85:a7:ce:44:d2:46:28:9e:29:34:9b:16:a5:17:ef:56:11:0a: - 60:b8:88:7c:3e:ed:ec:5e:57:5f:b1:b9:b7:55:38:a0:ea:04: - 58:22:04:7e:30:f3:40:33:a1:cd:3f:24:72:7b:a4:b4:2d:b5: - 96:b3:80:7a:48:85:83:3c:6e:55:43:7c:13:d3:5e:f8:70:32: - da:5a:78:db:d0:54:54:9c:e9:38:05:da:7c:ac:bb:ec:79:cf: - 3e:56:32:ce:29:31:70:07:9a:c7:b4:00:02:33:af:1b:ce:7c: - 16:ff:8b:c0:8b:80:1e:0d:c7:d4:07:95:49:d4:9a:ed:55:b6: - 1f:bd:e7:77:b9:fa:af:29:6a:49:79:02:3c:b9:ea:6c:68:c3: - ef:ca:40:27:d0:15:d0:da:31:9c:2f:3d:a5:66:e3:f8:a4:98: - d5:00:5f:b2 + 44:50:b4:96:71:e5:9a:61:36:7b:c7:fa:05:88:39:e9:46:5b: + b0:b3:63:0d:5a:1b:c1:70:fd:d7:6a:9c:9d:0c:95:b7:ad:4f: + 9b:c2:34:24:90:d9:4b:bf:07:f7:18:d7:b8:13:3a:d5:01:8d: + e6:b6:15:ff:a4:94:36:4d:7b:b6:03:2f:12:ae:40:e1:ed:be: + 95:2d:2c:6c:22:9e:3e:87:12:7c:5c:bc:95:90:2a:cb:e3:e1: + 85:3e:60:4f:09:d6:44:83:15:7e:4f:c8:bb:b7:83:c9:13:17: + 9b:60:56:47:7c:cf:6d:83:5b:9e:9a:84:f5:fd:2b:aa:55:7c: + b7:fc:66:b5:49:66:77:e4:48:b6:3a:b2:d5:6f:a8:d8:25:a3: + a2:fa:4d:6f:ac:7a:b3:17:a9:5d:60:52:57:80:f3:5e:3b:2b: + c2:b5:85:af:f0:a2:c8:0b:ff:66:11:90:d9:25:12:e1:43:04: + c5:21:1f:b7:24:8a:c3:6d:a9:1d:32:de:72:5b:7e:fe:a2:aa: + 6f:54:e3:ca:25:fd:f2:86:41:4b:3c:eb:b6:0b:36:fe:93:14: + 5e:36:4e:79:22:15:45:64:a1:aa:78:d9:51:79:78:2f:72:f6: + 91:bd:f7:4b:d2:4a:24:ff:db:2d:4c:8f:ea:5d:b0:db:7a:cf: + b9:ad:43:f5 -----BEGIN CERTIFICATE----- MIIEujCCA6KgAwIBAgIBajANBgkqhkiG9w0BAQUFADCBlDELMAkGA1UEBhMCVVMx EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz -bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTYwOTE5 -MjMyNDE2WhcNMTkwNjE2MjMyNDE2WjCBmjELMAkGA1UEBhMCVVMxEzARBgNVBAgM +bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTgwNDEz +MTUyMzEwWhcNMjEwMTA3MTUyMzEwWjCBmjELMAkGA1UEBhMCVVMxEzARBgNVBAgM Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdvbGZTU0wg SW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxFjAUBgNVBAMMDVNlcnZlciAxMjcg Q0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3 @@ -78,12 +78,12 @@ CTAdBgNVHQ4EFgQUsxEyyZKYhOLJ+NA7bgNCyh8OjjwwgckGA1UdIwSBwTCBvoAU J45nEXTDJh0/7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYD VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290 aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t -MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkAt7aQM2YbayMwDwYD -VR0TBAgwBgEB/wIBfzALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQEFBQADggEBADTD -8pqA31yKtMEI9cZyonSQHen5euduO9++AShrEO5fnY1bevxAEn+2u6zZB3N40E9T -XfjDULr3dqLlEvqPASSit4rkbAtiUTc5SpDrERYmWETtP0FXjjJ65IWnzkTSRiie -KTSbFqUX71YRCmC4iHw+7exeV1+xubdVOKDqBFgiBH4w80Azoc0/JHJ7pLQttZaz -gHpIhYM8blVDfBPTXvhwMtpaeNvQVFSc6TgF2nysu+x5zz5WMs4pMXAHmse0AAIz -rxvOfBb/i8CLgB4Nx9QHlUnUmu1Vth+953e5+q8pakl5Ajy56mxow+/KQCfQFdDa -MZwvPaVm4/ikmNUAX7I= +MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkAhv/1jhDeuPswDwYD +VR0TBAgwBgEB/wIBfzALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQEFBQADggEBAERQ +tJZx5ZphNnvH+gWIOelGW7CzYw1aG8Fw/ddqnJ0MlbetT5vCNCSQ2Uu/B/cY17gT +OtUBjea2Ff+klDZNe7YDLxKuQOHtvpUtLGwinj6HEnxcvJWQKsvj4YU+YE8J1kSD +FX5PyLu3g8kTF5tgVkd8z22DW56ahPX9K6pVfLf8ZrVJZnfkSLY6stVvqNglo6L6 +TW+serMXqV1gUleA8147K8K1ha/wosgL/2YRkNklEuFDBMUhH7ckisNtqR0y3nJb +fv6iqm9U48ol/fKGQUs867YLNv6TFF42TnkiFUVkoap42VF5eC9y9pG990vSSiT/ +2y1Mj+pdsNt6z7mtQ/U= -----END CERTIFICATE----- diff --git a/certs/test-pathlen/server-127-cert.pem b/certs/test-pathlen/server-127-cert.pem index fe6697952..1b9d50a26 100644 --- a/certs/test-pathlen/server-127-cert.pem +++ b/certs/test-pathlen/server-127-cert.pem @@ -5,8 +5,8 @@ Certificate: Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 127 CA/emailAddress=info@wolfssl.com Validity - Not Before: Sep 20 00:09:11 2016 GMT - Not After : Jun 17 00:09:11 2019 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 127/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -42,27 +42,27 @@ Certificate: X509v3 Basic Constraints: CA:FALSE Signature Algorithm: sha1WithRSAEncryption - 65:05:63:43:5f:91:a4:54:31:3e:e8:55:ac:7b:b2:57:c2:f2: - 2e:3d:f2:53:cf:13:b5:35:7c:b6:f9:a7:86:e2:41:aa:14:6a: - 65:69:17:fb:02:39:7c:31:78:80:9a:0d:27:10:9a:7c:2c:17: - 30:03:32:6a:3f:06:fa:19:02:83:91:71:4d:50:e0:55:17:ed: - ec:62:3b:29:51:2e:c9:9a:75:3b:91:f9:bc:d0:2d:4f:ff:30: - d8:1d:b6:7e:8e:39:70:a1:c9:d1:f7:a3:81:a5:7c:5d:e4:e0: - cf:43:60:a1:c0:b8:e7:16:ed:43:6d:b2:09:cd:bc:51:57:f0: - 73:a2:cb:03:b6:c7:56:97:96:c6:8c:93:aa:44:3d:62:0c:b5: - ca:b8:65:1b:98:8f:ad:98:9e:9b:2e:83:0d:e6:d0:76:d8:c5: - 5c:4a:9e:40:88:65:c0:0e:bc:5c:87:dd:c1:e0:51:b7:8b:d5: - 73:da:8d:83:0d:16:60:a3:ff:f4:7c:4a:85:bb:a1:81:f5:9e: - 5d:f8:e7:d6:9d:6a:5b:9d:2b:f8:3d:02:16:ff:b9:6a:60:c9: - 64:40:5d:9c:37:a4:b8:ee:82:52:5c:db:07:5f:04:98:4a:f2: - ec:6c:86:50:9c:a0:99:5b:24:9a:d9:7d:1f:5d:f3:7e:47:59: - 10:48:f5:2a + 19:04:0b:64:d4:fa:c8:d2:aa:93:57:28:ad:c4:e4:70:f9:25: + 6c:06:f3:21:34:a9:af:03:aa:1d:02:b2:e4:34:df:a1:74:88: + 7f:8b:88:64:8c:6d:19:a6:4a:ee:62:80:8a:4c:17:1b:85:57: + e4:f0:b7:8d:66:9c:de:b7:bd:ed:2a:82:5c:d1:1e:ba:29:9d: + 92:b5:df:cf:8e:48:12:0a:d3:16:5f:f3:e2:db:c0:d1:42:e4: + 6b:3c:99:d3:fb:fc:87:9d:b0:44:5c:b5:8d:d8:e1:6c:58:df: + 37:b4:62:53:f8:85:7a:89:a0:40:f7:9f:f6:57:7c:9b:12:8e: + b4:46:2e:04:10:fd:8b:4b:ae:e6:1d:b7:63:3f:49:a9:ff:8a: + f4:77:d6:90:c9:07:9b:d0:1e:b8:8b:ea:5a:49:a4:ae:50:3a: + 7f:9e:01:46:22:7f:23:46:d2:8e:75:46:99:6b:3b:8c:f8:25: + 3a:17:a2:6d:b6:a1:b8:ba:c4:a7:75:a3:6a:3c:5f:fa:0a:e0: + ab:08:ab:26:d0:78:55:57:67:d2:e8:6f:c9:89:c1:9c:6f:54: + 47:af:13:9c:3e:e1:ac:00:c9:63:95:22:b9:ec:54:31:ac:26: + 1e:ab:e3:a4:04:5c:6e:9d:7a:6b:c1:e7:22:a0:b5:aa:42:35: + 81:94:d0:45 -----BEGIN CERTIFICATE----- MIIEoDCCA4igAwIBAgIBazANBgkqhkiG9w0BAQUFADCBmjELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxFjAUBgNVBAMMDVNl cnZlciAxMjcgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcN -MTYwOTIwMDAwOTExWhcNMTkwNjE3MDAwOTExWjCBlzELMAkGA1UEBhMCVVMxEzAR +MTgwNDEzMTUyMzEwWhcNMjEwMTA3MTUyMzEwWjCBlzELMAkGA1UEBhMCVVMxEzAR BgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdv bGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxEzARBgNVBAMMClNlcnZl ciAxMjcxHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqG @@ -77,10 +77,10 @@ FLMRMsmSmITiyfjQO24DQsofDo48oYGapIGXMIGUMQswCQYDVQQGEwJVUzEQMA4G A1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3dG9v dGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNv bTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIBajAJBgNVHRMEAjAA -MA0GCSqGSIb3DQEBBQUAA4IBAQBlBWNDX5GkVDE+6FWse7JXwvIuPfJTzxO1NXy2 -+aeG4kGqFGplaRf7Ajl8MXiAmg0nEJp8LBcwAzJqPwb6GQKDkXFNUOBVF+3sYjsp -US7JmnU7kfm80C1P/zDYHbZ+jjlwocnR96OBpXxd5ODPQ2ChwLjnFu1DbbIJzbxR -V/BzossDtsdWl5bGjJOqRD1iDLXKuGUbmI+tmJ6bLoMN5tB22MVcSp5AiGXADrxc -h93B4FG3i9Vz2o2DDRZgo//0fEqFu6GB9Z5d+OfWnWpbnSv4PQIW/7lqYMlkQF2c -N6S47oJSXNsHXwSYSvLsbIZQnKCZWySa2X0fXfN+R1kQSPUq +MA0GCSqGSIb3DQEBBQUAA4IBAQAZBAtk1PrI0qqTVyitxORw+SVsBvMhNKmvA6od +ArLkNN+hdIh/i4hkjG0ZpkruYoCKTBcbhVfk8LeNZpzet73tKoJc0R66KZ2Std/P +jkgSCtMWX/Pi28DRQuRrPJnT+/yHnbBEXLWN2OFsWN83tGJT+IV6iaBA95/2V3yb +Eo60Ri4EEP2LS67mHbdjP0mp/4r0d9aQyQeb0B64i+paSaSuUDp/ngFGIn8jRtKO +dUaZazuM+CU6F6JttqG4usSndaNqPF/6CuCrCKsm0HhVV2fS6G/JicGcb1RHrxOc +PuGsAMljlSK57FQxrCYeq+OkBFxunXprwecioLWqQjWBlNBF -----END CERTIFICATE----- diff --git a/certs/test-pathlen/server-127-chain.pem b/certs/test-pathlen/server-127-chain.pem index 33c643d15..922b92d27 100644 --- a/certs/test-pathlen/server-127-chain.pem +++ b/certs/test-pathlen/server-127-chain.pem @@ -5,8 +5,8 @@ Certificate: Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 127 CA/emailAddress=info@wolfssl.com Validity - Not Before: Sep 20 00:09:11 2016 GMT - Not After : Jun 17 00:09:11 2019 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 127/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -42,27 +42,27 @@ Certificate: X509v3 Basic Constraints: CA:FALSE Signature Algorithm: sha1WithRSAEncryption - 65:05:63:43:5f:91:a4:54:31:3e:e8:55:ac:7b:b2:57:c2:f2: - 2e:3d:f2:53:cf:13:b5:35:7c:b6:f9:a7:86:e2:41:aa:14:6a: - 65:69:17:fb:02:39:7c:31:78:80:9a:0d:27:10:9a:7c:2c:17: - 30:03:32:6a:3f:06:fa:19:02:83:91:71:4d:50:e0:55:17:ed: - ec:62:3b:29:51:2e:c9:9a:75:3b:91:f9:bc:d0:2d:4f:ff:30: - d8:1d:b6:7e:8e:39:70:a1:c9:d1:f7:a3:81:a5:7c:5d:e4:e0: - cf:43:60:a1:c0:b8:e7:16:ed:43:6d:b2:09:cd:bc:51:57:f0: - 73:a2:cb:03:b6:c7:56:97:96:c6:8c:93:aa:44:3d:62:0c:b5: - ca:b8:65:1b:98:8f:ad:98:9e:9b:2e:83:0d:e6:d0:76:d8:c5: - 5c:4a:9e:40:88:65:c0:0e:bc:5c:87:dd:c1:e0:51:b7:8b:d5: - 73:da:8d:83:0d:16:60:a3:ff:f4:7c:4a:85:bb:a1:81:f5:9e: - 5d:f8:e7:d6:9d:6a:5b:9d:2b:f8:3d:02:16:ff:b9:6a:60:c9: - 64:40:5d:9c:37:a4:b8:ee:82:52:5c:db:07:5f:04:98:4a:f2: - ec:6c:86:50:9c:a0:99:5b:24:9a:d9:7d:1f:5d:f3:7e:47:59: - 10:48:f5:2a + 19:04:0b:64:d4:fa:c8:d2:aa:93:57:28:ad:c4:e4:70:f9:25: + 6c:06:f3:21:34:a9:af:03:aa:1d:02:b2:e4:34:df:a1:74:88: + 7f:8b:88:64:8c:6d:19:a6:4a:ee:62:80:8a:4c:17:1b:85:57: + e4:f0:b7:8d:66:9c:de:b7:bd:ed:2a:82:5c:d1:1e:ba:29:9d: + 92:b5:df:cf:8e:48:12:0a:d3:16:5f:f3:e2:db:c0:d1:42:e4: + 6b:3c:99:d3:fb:fc:87:9d:b0:44:5c:b5:8d:d8:e1:6c:58:df: + 37:b4:62:53:f8:85:7a:89:a0:40:f7:9f:f6:57:7c:9b:12:8e: + b4:46:2e:04:10:fd:8b:4b:ae:e6:1d:b7:63:3f:49:a9:ff:8a: + f4:77:d6:90:c9:07:9b:d0:1e:b8:8b:ea:5a:49:a4:ae:50:3a: + 7f:9e:01:46:22:7f:23:46:d2:8e:75:46:99:6b:3b:8c:f8:25: + 3a:17:a2:6d:b6:a1:b8:ba:c4:a7:75:a3:6a:3c:5f:fa:0a:e0: + ab:08:ab:26:d0:78:55:57:67:d2:e8:6f:c9:89:c1:9c:6f:54: + 47:af:13:9c:3e:e1:ac:00:c9:63:95:22:b9:ec:54:31:ac:26: + 1e:ab:e3:a4:04:5c:6e:9d:7a:6b:c1:e7:22:a0:b5:aa:42:35: + 81:94:d0:45 -----BEGIN CERTIFICATE----- MIIEoDCCA4igAwIBAgIBazANBgkqhkiG9w0BAQUFADCBmjELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxFjAUBgNVBAMMDVNl cnZlciAxMjcgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcN -MTYwOTIwMDAwOTExWhcNMTkwNjE3MDAwOTExWjCBlzELMAkGA1UEBhMCVVMxEzAR +MTgwNDEzMTUyMzEwWhcNMjEwMTA3MTUyMzEwWjCBlzELMAkGA1UEBhMCVVMxEzAR BgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdv bGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxEzARBgNVBAMMClNlcnZl ciAxMjcxHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqG @@ -77,12 +77,12 @@ FLMRMsmSmITiyfjQO24DQsofDo48oYGapIGXMIGUMQswCQYDVQQGEwJVUzEQMA4G A1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3dG9v dGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNv bTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIBajAJBgNVHRMEAjAA -MA0GCSqGSIb3DQEBBQUAA4IBAQBlBWNDX5GkVDE+6FWse7JXwvIuPfJTzxO1NXy2 -+aeG4kGqFGplaRf7Ajl8MXiAmg0nEJp8LBcwAzJqPwb6GQKDkXFNUOBVF+3sYjsp -US7JmnU7kfm80C1P/zDYHbZ+jjlwocnR96OBpXxd5ODPQ2ChwLjnFu1DbbIJzbxR -V/BzossDtsdWl5bGjJOqRD1iDLXKuGUbmI+tmJ6bLoMN5tB22MVcSp5AiGXADrxc -h93B4FG3i9Vz2o2DDRZgo//0fEqFu6GB9Z5d+OfWnWpbnSv4PQIW/7lqYMlkQF2c -N6S47oJSXNsHXwSYSvLsbIZQnKCZWySa2X0fXfN+R1kQSPUq +MA0GCSqGSIb3DQEBBQUAA4IBAQAZBAtk1PrI0qqTVyitxORw+SVsBvMhNKmvA6od +ArLkNN+hdIh/i4hkjG0ZpkruYoCKTBcbhVfk8LeNZpzet73tKoJc0R66KZ2Std/P +jkgSCtMWX/Pi28DRQuRrPJnT+/yHnbBEXLWN2OFsWN83tGJT+IV6iaBA95/2V3yb +Eo60Ri4EEP2LS67mHbdjP0mp/4r0d9aQyQeb0B64i+paSaSuUDp/ngFGIn8jRtKO +dUaZazuM+CU6F6JttqG4usSndaNqPF/6CuCrCKsm0HhVV2fS6G/JicGcb1RHrxOc +PuGsAMljlSK57FQxrCYeq+OkBFxunXprwecioLWqQjWBlNBF -----END CERTIFICATE----- Certificate: Data: @@ -91,8 +91,8 @@ Certificate: Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Sep 19 23:24:16 2016 GMT - Not After : Jun 16 23:24:16 2019 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 127 CA/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -123,34 +123,34 @@ Certificate: X509v3 Authority Key Identifier: keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:B7:B6:90:33:66:1B:6B:23 + serial:86:FF:F5:8E:10:DE:B8:FB X509v3 Basic Constraints: CA:TRUE, pathlen:127 X509v3 Key Usage: Certificate Sign, CRL Sign Signature Algorithm: sha1WithRSAEncryption - 34:c3:f2:9a:80:df:5c:8a:b4:c1:08:f5:c6:72:a2:74:90:1d: - e9:f9:7a:e7:6e:3b:df:be:01:28:6b:10:ee:5f:9d:8d:5b:7a: - fc:40:12:7f:b6:bb:ac:d9:07:73:78:d0:4f:53:5d:f8:c3:50: - ba:f7:76:a2:e5:12:fa:8f:01:24:a2:b7:8a:e4:6c:0b:62:51: - 37:39:4a:90:eb:11:16:26:58:44:ed:3f:41:57:8e:32:7a:e4: - 85:a7:ce:44:d2:46:28:9e:29:34:9b:16:a5:17:ef:56:11:0a: - 60:b8:88:7c:3e:ed:ec:5e:57:5f:b1:b9:b7:55:38:a0:ea:04: - 58:22:04:7e:30:f3:40:33:a1:cd:3f:24:72:7b:a4:b4:2d:b5: - 96:b3:80:7a:48:85:83:3c:6e:55:43:7c:13:d3:5e:f8:70:32: - da:5a:78:db:d0:54:54:9c:e9:38:05:da:7c:ac:bb:ec:79:cf: - 3e:56:32:ce:29:31:70:07:9a:c7:b4:00:02:33:af:1b:ce:7c: - 16:ff:8b:c0:8b:80:1e:0d:c7:d4:07:95:49:d4:9a:ed:55:b6: - 1f:bd:e7:77:b9:fa:af:29:6a:49:79:02:3c:b9:ea:6c:68:c3: - ef:ca:40:27:d0:15:d0:da:31:9c:2f:3d:a5:66:e3:f8:a4:98: - d5:00:5f:b2 + 44:50:b4:96:71:e5:9a:61:36:7b:c7:fa:05:88:39:e9:46:5b: + b0:b3:63:0d:5a:1b:c1:70:fd:d7:6a:9c:9d:0c:95:b7:ad:4f: + 9b:c2:34:24:90:d9:4b:bf:07:f7:18:d7:b8:13:3a:d5:01:8d: + e6:b6:15:ff:a4:94:36:4d:7b:b6:03:2f:12:ae:40:e1:ed:be: + 95:2d:2c:6c:22:9e:3e:87:12:7c:5c:bc:95:90:2a:cb:e3:e1: + 85:3e:60:4f:09:d6:44:83:15:7e:4f:c8:bb:b7:83:c9:13:17: + 9b:60:56:47:7c:cf:6d:83:5b:9e:9a:84:f5:fd:2b:aa:55:7c: + b7:fc:66:b5:49:66:77:e4:48:b6:3a:b2:d5:6f:a8:d8:25:a3: + a2:fa:4d:6f:ac:7a:b3:17:a9:5d:60:52:57:80:f3:5e:3b:2b: + c2:b5:85:af:f0:a2:c8:0b:ff:66:11:90:d9:25:12:e1:43:04: + c5:21:1f:b7:24:8a:c3:6d:a9:1d:32:de:72:5b:7e:fe:a2:aa: + 6f:54:e3:ca:25:fd:f2:86:41:4b:3c:eb:b6:0b:36:fe:93:14: + 5e:36:4e:79:22:15:45:64:a1:aa:78:d9:51:79:78:2f:72:f6: + 91:bd:f7:4b:d2:4a:24:ff:db:2d:4c:8f:ea:5d:b0:db:7a:cf: + b9:ad:43:f5 -----BEGIN CERTIFICATE----- MIIEujCCA6KgAwIBAgIBajANBgkqhkiG9w0BAQUFADCBlDELMAkGA1UEBhMCVVMx EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz -bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTYwOTE5 -MjMyNDE2WhcNMTkwNjE2MjMyNDE2WjCBmjELMAkGA1UEBhMCVVMxEzARBgNVBAgM +bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTgwNDEz +MTUyMzEwWhcNMjEwMTA3MTUyMzEwWjCBmjELMAkGA1UEBhMCVVMxEzARBgNVBAgM Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdvbGZTU0wg SW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxFjAUBgNVBAMMDVNlcnZlciAxMjcg Q0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3 @@ -164,12 +164,12 @@ CTAdBgNVHQ4EFgQUsxEyyZKYhOLJ+NA7bgNCyh8OjjwwgckGA1UdIwSBwTCBvoAU J45nEXTDJh0/7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYD VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290 aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t -MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkAt7aQM2YbayMwDwYD -VR0TBAgwBgEB/wIBfzALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQEFBQADggEBADTD -8pqA31yKtMEI9cZyonSQHen5euduO9++AShrEO5fnY1bevxAEn+2u6zZB3N40E9T -XfjDULr3dqLlEvqPASSit4rkbAtiUTc5SpDrERYmWETtP0FXjjJ65IWnzkTSRiie -KTSbFqUX71YRCmC4iHw+7exeV1+xubdVOKDqBFgiBH4w80Azoc0/JHJ7pLQttZaz -gHpIhYM8blVDfBPTXvhwMtpaeNvQVFSc6TgF2nysu+x5zz5WMs4pMXAHmse0AAIz -rxvOfBb/i8CLgB4Nx9QHlUnUmu1Vth+953e5+q8pakl5Ajy56mxow+/KQCfQFdDa -MZwvPaVm4/ikmNUAX7I= +MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkAhv/1jhDeuPswDwYD +VR0TBAgwBgEB/wIBfzALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQEFBQADggEBAERQ +tJZx5ZphNnvH+gWIOelGW7CzYw1aG8Fw/ddqnJ0MlbetT5vCNCSQ2Uu/B/cY17gT +OtUBjea2Ff+klDZNe7YDLxKuQOHtvpUtLGwinj6HEnxcvJWQKsvj4YU+YE8J1kSD +FX5PyLu3g8kTF5tgVkd8z22DW56ahPX9K6pVfLf8ZrVJZnfkSLY6stVvqNglo6L6 +TW+serMXqV1gUleA8147K8K1ha/wosgL/2YRkNklEuFDBMUhH7ckisNtqR0y3nJb +fv6iqm9U48ol/fKGQUs867YLNv6TFF42TnkiFUVkoap42VF5eC9y9pG990vSSiT/ +2y1Mj+pdsNt6z7mtQ/U= -----END CERTIFICATE----- diff --git a/certs/test-pathlen/server-128-ca.pem b/certs/test-pathlen/server-128-ca.pem index 0a328543d..c46b3cbf2 100644 --- a/certs/test-pathlen/server-128-ca.pem +++ b/certs/test-pathlen/server-128-ca.pem @@ -1,12 +1,12 @@ Certificate: Data: Version: 3 (0x2) - Serial Number: 108 (0x6c) + Serial Number: 106 (0x6a) Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Sep 19 23:25:55 2016 GMT - Not After : Jun 16 23:25:55 2019 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 128 CA/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -37,34 +37,34 @@ Certificate: X509v3 Authority Key Identifier: keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:B7:B6:90:33:66:1B:6B:23 + serial:86:FF:F5:8E:10:DE:B8:FB X509v3 Basic Constraints: CA:TRUE, pathlen:128 X509v3 Key Usage: Certificate Sign, CRL Sign Signature Algorithm: sha1WithRSAEncryption - 2c:4e:94:b0:f6:75:cc:c4:9e:b5:68:56:f6:af:57:00:aa:74: - 99:59:6e:a8:de:d1:31:79:8a:b2:0c:42:d1:84:42:e4:89:7a: - 65:d1:cb:3f:fe:10:0c:ab:3a:89:a2:34:67:2d:43:cd:c1:09: - 80:b5:79:8c:0c:d8:2e:aa:c9:4c:89:59:0b:4a:1f:cd:f3:7c: - c1:7b:9e:26:7e:ea:c6:cd:de:b5:74:10:54:ee:0f:8f:85:5e: - 1a:9d:61:59:80:ac:f1:b8:be:a3:7e:57:41:62:6f:c4:30:18: - 92:cb:75:a2:fa:97:b7:90:db:ab:4f:b3:0d:05:cc:a9:e6:b8: - b2:57:2d:b8:b6:85:bf:98:7d:43:d1:82:11:3e:ca:8d:2f:b0: - 5f:0d:d2:29:70:30:02:08:3a:38:bc:c9:e9:6c:59:7f:17:7b: - 97:9a:96:9a:f4:bf:6e:e3:44:70:ac:95:f8:5a:08:74:b4:5f: - 35:17:5e:da:77:3b:49:22:1f:9e:1d:1f:da:30:3f:69:6a:61: - 57:8b:59:b0:4b:50:c2:22:bd:6b:79:b3:a4:7b:11:00:34:cf: - a9:fc:ad:99:a0:33:5c:1e:45:ab:d8:a7:71:11:c6:3a:f4:cb: - b5:67:85:0d:34:46:fa:f0:76:4b:51:12:6b:3a:fd:25:30:f6: - 65:5a:61:ef + 23:cf:7d:44:56:10:44:29:12:31:cc:c4:9b:b8:a8:dd:4e:c3: + 9f:2c:f5:7f:1b:d7:05:43:82:dd:c8:19:be:b9:54:d8:32:4d: + 88:2e:38:fb:be:ff:9d:fc:0a:99:8d:d3:67:08:22:a4:bb:62: + 5a:ec:49:3f:3a:38:cb:8e:f0:bd:42:d7:f7:16:43:31:00:df: + 10:53:c9:35:3f:bf:b9:4b:14:d0:f6:7f:d2:04:ef:69:c4:e6: + 53:d5:74:17:e1:f6:63:90:30:a2:90:9f:f1:13:1a:0e:bf:ec: + c0:e2:ae:41:40:20:41:55:84:69:e9:39:04:84:ab:f8:88:29: + 31:4c:15:19:12:ab:6f:f0:62:fe:83:a9:dc:52:52:7b:3a:14: + 86:8f:45:da:25:7d:c1:f3:21:84:84:bb:82:d6:ef:f9:4b:ec: + f4:21:87:ed:c1:53:77:8e:98:05:50:2c:d9:1f:42:30:dd:8b: + 85:57:3c:5a:fa:bd:06:55:11:95:3f:7f:fb:02:50:7d:88:57: + 0b:c8:a2:b3:fc:d0:fd:40:19:03:9a:8e:bb:d5:38:b0:d0:d6: + e3:e2:fa:45:91:2c:18:c7:9a:24:f0:78:ee:c2:0d:a0:53:4e: + c7:68:ad:80:6e:82:35:4b:1d:c7:15:b9:db:40:63:08:56:72: + 56:a2:55:7e -----BEGIN CERTIFICATE----- -MIIEuzCCA6OgAwIBAgIBbDANBgkqhkiG9w0BAQUFADCBlDELMAkGA1UEBhMCVVMx +MIIEuzCCA6OgAwIBAgIBajANBgkqhkiG9w0BAQUFADCBlDELMAkGA1UEBhMCVVMx EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz -bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTYwOTE5 -MjMyNTU1WhcNMTkwNjE2MjMyNTU1WjCBmjELMAkGA1UEBhMCVVMxEzARBgNVBAgM +bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTgwNDEz +MTUyMzEwWhcNMjEwMTA3MTUyMzEwWjCBmjELMAkGA1UEBhMCVVMxEzARBgNVBAgM Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdvbGZTU0wg SW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxFjAUBgNVBAMMDVNlcnZlciAxMjgg Q0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3 @@ -78,12 +78,12 @@ CjAdBgNVHQ4EFgQUsxEyyZKYhOLJ+NA7bgNCyh8OjjwwgckGA1UdIwSBwTCBvoAU J45nEXTDJh0/7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYD VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290 aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t -MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkAt7aQM2YbayMwEAYD -VR0TBAkwBwEB/wICAIAwCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQAs -TpSw9nXMxJ61aFb2r1cAqnSZWW6o3tExeYqyDELRhELkiXpl0cs//hAMqzqJojRn -LUPNwQmAtXmMDNguqslMiVkLSh/N83zBe54mfurGzd61dBBU7g+PhV4anWFZgKzx -uL6jfldBYm/EMBiSy3Wi+pe3kNurT7MNBcyp5riyVy24toW/mH1D0YIRPsqNL7Bf -DdIpcDACCDo4vMnpbFl/F3uXmpaa9L9u40RwrJX4Wgh0tF81F17adztJIh+eHR/a -MD9pamFXi1mwS1DCIr1rebOkexEANM+p/K2ZoDNcHkWr2KdxEcY69Mu1Z4UNNEb6 -8HZLURJrOv0lMPZlWmHv +MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkAhv/1jhDeuPswEAYD +VR0TBAkwBwEB/wICAIAwCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQAj +z31EVhBEKRIxzMSbuKjdTsOfLPV/G9cFQ4LdyBm+uVTYMk2ILjj7vv+d/AqZjdNn +CCKku2Ja7Ek/OjjLjvC9Qtf3FkMxAN8QU8k1P7+5SxTQ9n/SBO9pxOZT1XQX4fZj +kDCikJ/xExoOv+zA4q5BQCBBVYRp6TkEhKv4iCkxTBUZEqtv8GL+g6ncUlJ7OhSG +j0XaJX3B8yGEhLuC1u/5S+z0IYftwVN3jpgFUCzZH0Iw3YuFVzxa+r0GVRGVP3/7 +AlB9iFcLyKKz/ND9QBkDmo671Tiw0Nbj4vpFkSwYx5ok8Hjuwg2gU07HaK2AboI1 +Sx3HFbnbQGMIVnJWolV+ -----END CERTIFICATE----- diff --git a/certs/test-pathlen/server-128-cert.pem b/certs/test-pathlen/server-128-cert.pem index a873da4a3..6a4d6b140 100644 --- a/certs/test-pathlen/server-128-cert.pem +++ b/certs/test-pathlen/server-128-cert.pem @@ -1,12 +1,12 @@ Certificate: Data: Version: 3 (0x2) - Serial Number: 109 (0x6d) + Serial Number: 107 (0x6b) Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 128 CA/emailAddress=info@wolfssl.com Validity - Not Before: Sep 20 00:10:39 2016 GMT - Not After : Jun 17 00:10:39 2019 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 128/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -37,32 +37,32 @@ Certificate: X509v3 Authority Key Identifier: keyid:B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:6C + serial:6A X509v3 Basic Constraints: CA:FALSE Signature Algorithm: sha1WithRSAEncryption - b5:8d:6e:c1:2f:26:fb:25:f5:48:99:97:42:b0:20:22:73:3a: - 37:96:f4:f5:33:ae:10:10:51:2c:8b:30:2e:de:27:0d:f5:68: - b8:fd:4c:28:59:5a:ec:e5:31:7e:83:97:37:96:26:09:88:d1: - 19:46:48:74:59:d1:4e:4a:f6:bf:f5:ea:1b:3b:99:d4:aa:7c: - 46:60:f5:38:43:a2:2b:a7:d9:b5:30:cb:a5:2b:5a:de:68:a5: - 9f:8c:3b:d6:6e:b2:0a:6f:3f:df:88:fe:70:83:d2:21:58:c0: - 53:89:da:a0:33:9d:1d:f7:a1:88:d3:18:ac:9c:2a:18:45:68: - 37:af:46:85:1a:1c:4c:bf:8c:b0:1a:c6:3e:3e:98:2e:9e:26: - 6d:1c:8a:db:15:d2:5e:28:48:cc:07:9d:1d:e1:7d:89:b5:7a: - 13:b1:5a:b3:03:3f:77:c4:21:7b:d2:2a:96:24:3c:d9:65:76: - 42:e5:cb:20:30:d3:17:bc:f9:8d:dd:e4:63:ae:2a:13:0f:3c: - df:c5:86:dd:d4:db:79:50:6f:88:b8:58:bd:6f:09:2b:c5:21: - bd:1e:a0:9c:e8:97:6b:cb:c8:9a:8e:09:ac:8e:5a:72:ed:d7: - b0:d0:7f:85:b0:91:73:e4:2b:28:e1:a1:6d:3f:2a:8f:ea:d1: - df:57:64:25 + a5:a7:5d:17:a3:a7:15:08:10:89:5a:47:84:ee:63:dc:c7:f5: + b0:ae:a4:99:c2:b1:02:bf:97:8a:cd:d1:ab:f5:87:b6:0b:98: + 30:e0:33:f1:40:db:2c:33:79:98:ab:87:43:b4:10:8a:4f:92: + cf:97:49:fc:e8:a6:7a:52:4b:6a:dc:b4:ed:e4:55:2f:3c:dc: + 56:b3:2c:a8:4c:fa:6a:55:ae:7e:f1:e5:d6:64:96:e6:67:3e: + 46:d0:b8:b2:eb:cb:98:a5:d1:7c:d8:cc:de:ba:39:4d:a5:b3: + 45:45:62:0e:05:be:60:54:6d:4d:e8:90:e3:ad:5e:86:52:43: + 12:60:5b:fa:07:33:10:fb:6d:a6:c0:8c:3d:8a:9a:8a:1c:3e: + 7a:34:bf:41:f0:d2:d5:5d:16:00:ce:52:51:2b:13:a2:ef:be: + 07:dd:09:91:54:a1:74:2d:53:d2:db:94:f9:a1:98:62:1f:06: + 0c:69:3b:34:2a:9a:00:3c:9b:2f:c1:46:80:c2:dd:c7:7e:95: + ea:f7:05:19:29:b0:82:02:b8:b6:f3:a1:bf:00:5e:23:77:6f: + d2:63:c2:29:df:67:47:5a:2c:69:ce:6c:88:28:43:34:da:6c: + d4:2d:ee:cd:ef:fb:1a:69:e5:d7:8e:f4:2b:de:b2:b0:7d:8c: + 5c:50:91:d9 -----BEGIN CERTIFICATE----- -MIIEoDCCA4igAwIBAgIBbTANBgkqhkiG9w0BAQUFADCBmjELMAkGA1UEBhMCVVMx +MIIEoDCCA4igAwIBAgIBazANBgkqhkiG9w0BAQUFADCBmjELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxFjAUBgNVBAMMDVNl cnZlciAxMjggQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcN -MTYwOTIwMDAxMDM5WhcNMTkwNjE3MDAxMDM5WjCBlzELMAkGA1UEBhMCVVMxEzAR +MTgwNDEzMTUyMzEwWhcNMjEwMTA3MTUyMzEwWjCBlzELMAkGA1UEBhMCVVMxEzAR BgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdv bGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxEzARBgNVBAMMClNlcnZl ciAxMjgxHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqG @@ -76,11 +76,11 @@ ge4wHQYDVR0OBBYEFLMRMsmSmITiyfjQO24DQsofDo48MIHBBgNVHSMEgbkwgbaA FLMRMsmSmITiyfjQO24DQsofDo48oYGapIGXMIGUMQswCQYDVQQGEwJVUzEQMA4G A1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3dG9v dGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNv -bTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIBbDAJBgNVHRMEAjAA -MA0GCSqGSIb3DQEBBQUAA4IBAQC1jW7BLyb7JfVImZdCsCAiczo3lvT1M64QEFEs -izAu3icN9Wi4/UwoWVrs5TF+g5c3liYJiNEZRkh0WdFOSva/9eobO5nUqnxGYPU4 -Q6Irp9m1MMulK1reaKWfjDvWbrIKbz/fiP5wg9IhWMBTidqgM50d96GI0xisnCoY -RWg3r0aFGhxMv4ywGsY+PpguniZtHIrbFdJeKEjMB50d4X2JtXoTsVqzAz93xCF7 -0iqWJDzZZXZC5csgMNMXvPmN3eRjrioTDzzfxYbd1Nt5UG+IuFi9bwkrxSG9HqCc -6Jdry8iajgmsjlpy7dew0H+FsJFz5Cso4aFtPyqP6tHfV2Ql +bTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIBajAJBgNVHRMEAjAA +MA0GCSqGSIb3DQEBBQUAA4IBAQClp10Xo6cVCBCJWkeE7mPcx/WwrqSZwrECv5eK +zdGr9Ye2C5gw4DPxQNssM3mYq4dDtBCKT5LPl0n86KZ6Uktq3LTt5FUvPNxWsyyo +TPpqVa5+8eXWZJbmZz5G0Liy68uYpdF82MzeujlNpbNFRWIOBb5gVG1N6JDjrV6G +UkMSYFv6BzMQ+22mwIw9ipqKHD56NL9B8NLVXRYAzlJRKxOi774H3QmRVKF0LVPS +25T5oZhiHwYMaTs0KpoAPJsvwUaAwt3HfpXq9wUZKbCCAri286G/AF4jd2/SY8Ip +32dHWixpzmyIKEM02mzULe7N7/saaeXXjvQr3rKwfYxcUJHZ -----END CERTIFICATE----- diff --git a/certs/test-pathlen/server-128-chain.pem b/certs/test-pathlen/server-128-chain.pem index 0b43488c7..341138e7a 100644 --- a/certs/test-pathlen/server-128-chain.pem +++ b/certs/test-pathlen/server-128-chain.pem @@ -1,12 +1,12 @@ Certificate: Data: Version: 3 (0x2) - Serial Number: 109 (0x6d) + Serial Number: 107 (0x6b) Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 128 CA/emailAddress=info@wolfssl.com Validity - Not Before: Sep 20 00:10:39 2016 GMT - Not After : Jun 17 00:10:39 2019 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 128/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -37,32 +37,32 @@ Certificate: X509v3 Authority Key Identifier: keyid:B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:6C + serial:6A X509v3 Basic Constraints: CA:FALSE Signature Algorithm: sha1WithRSAEncryption - b5:8d:6e:c1:2f:26:fb:25:f5:48:99:97:42:b0:20:22:73:3a: - 37:96:f4:f5:33:ae:10:10:51:2c:8b:30:2e:de:27:0d:f5:68: - b8:fd:4c:28:59:5a:ec:e5:31:7e:83:97:37:96:26:09:88:d1: - 19:46:48:74:59:d1:4e:4a:f6:bf:f5:ea:1b:3b:99:d4:aa:7c: - 46:60:f5:38:43:a2:2b:a7:d9:b5:30:cb:a5:2b:5a:de:68:a5: - 9f:8c:3b:d6:6e:b2:0a:6f:3f:df:88:fe:70:83:d2:21:58:c0: - 53:89:da:a0:33:9d:1d:f7:a1:88:d3:18:ac:9c:2a:18:45:68: - 37:af:46:85:1a:1c:4c:bf:8c:b0:1a:c6:3e:3e:98:2e:9e:26: - 6d:1c:8a:db:15:d2:5e:28:48:cc:07:9d:1d:e1:7d:89:b5:7a: - 13:b1:5a:b3:03:3f:77:c4:21:7b:d2:2a:96:24:3c:d9:65:76: - 42:e5:cb:20:30:d3:17:bc:f9:8d:dd:e4:63:ae:2a:13:0f:3c: - df:c5:86:dd:d4:db:79:50:6f:88:b8:58:bd:6f:09:2b:c5:21: - bd:1e:a0:9c:e8:97:6b:cb:c8:9a:8e:09:ac:8e:5a:72:ed:d7: - b0:d0:7f:85:b0:91:73:e4:2b:28:e1:a1:6d:3f:2a:8f:ea:d1: - df:57:64:25 + a5:a7:5d:17:a3:a7:15:08:10:89:5a:47:84:ee:63:dc:c7:f5: + b0:ae:a4:99:c2:b1:02:bf:97:8a:cd:d1:ab:f5:87:b6:0b:98: + 30:e0:33:f1:40:db:2c:33:79:98:ab:87:43:b4:10:8a:4f:92: + cf:97:49:fc:e8:a6:7a:52:4b:6a:dc:b4:ed:e4:55:2f:3c:dc: + 56:b3:2c:a8:4c:fa:6a:55:ae:7e:f1:e5:d6:64:96:e6:67:3e: + 46:d0:b8:b2:eb:cb:98:a5:d1:7c:d8:cc:de:ba:39:4d:a5:b3: + 45:45:62:0e:05:be:60:54:6d:4d:e8:90:e3:ad:5e:86:52:43: + 12:60:5b:fa:07:33:10:fb:6d:a6:c0:8c:3d:8a:9a:8a:1c:3e: + 7a:34:bf:41:f0:d2:d5:5d:16:00:ce:52:51:2b:13:a2:ef:be: + 07:dd:09:91:54:a1:74:2d:53:d2:db:94:f9:a1:98:62:1f:06: + 0c:69:3b:34:2a:9a:00:3c:9b:2f:c1:46:80:c2:dd:c7:7e:95: + ea:f7:05:19:29:b0:82:02:b8:b6:f3:a1:bf:00:5e:23:77:6f: + d2:63:c2:29:df:67:47:5a:2c:69:ce:6c:88:28:43:34:da:6c: + d4:2d:ee:cd:ef:fb:1a:69:e5:d7:8e:f4:2b:de:b2:b0:7d:8c: + 5c:50:91:d9 -----BEGIN CERTIFICATE----- -MIIEoDCCA4igAwIBAgIBbTANBgkqhkiG9w0BAQUFADCBmjELMAkGA1UEBhMCVVMx +MIIEoDCCA4igAwIBAgIBazANBgkqhkiG9w0BAQUFADCBmjELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxFjAUBgNVBAMMDVNl cnZlciAxMjggQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcN -MTYwOTIwMDAxMDM5WhcNMTkwNjE3MDAxMDM5WjCBlzELMAkGA1UEBhMCVVMxEzAR +MTgwNDEzMTUyMzEwWhcNMjEwMTA3MTUyMzEwWjCBlzELMAkGA1UEBhMCVVMxEzAR BgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdv bGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxEzARBgNVBAMMClNlcnZl ciAxMjgxHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqG @@ -76,23 +76,23 @@ ge4wHQYDVR0OBBYEFLMRMsmSmITiyfjQO24DQsofDo48MIHBBgNVHSMEgbkwgbaA FLMRMsmSmITiyfjQO24DQsofDo48oYGapIGXMIGUMQswCQYDVQQGEwJVUzEQMA4G A1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3dG9v dGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNv -bTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIBbDAJBgNVHRMEAjAA -MA0GCSqGSIb3DQEBBQUAA4IBAQC1jW7BLyb7JfVImZdCsCAiczo3lvT1M64QEFEs -izAu3icN9Wi4/UwoWVrs5TF+g5c3liYJiNEZRkh0WdFOSva/9eobO5nUqnxGYPU4 -Q6Irp9m1MMulK1reaKWfjDvWbrIKbz/fiP5wg9IhWMBTidqgM50d96GI0xisnCoY -RWg3r0aFGhxMv4ywGsY+PpguniZtHIrbFdJeKEjMB50d4X2JtXoTsVqzAz93xCF7 -0iqWJDzZZXZC5csgMNMXvPmN3eRjrioTDzzfxYbd1Nt5UG+IuFi9bwkrxSG9HqCc -6Jdry8iajgmsjlpy7dew0H+FsJFz5Cso4aFtPyqP6tHfV2Ql +bTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIBajAJBgNVHRMEAjAA +MA0GCSqGSIb3DQEBBQUAA4IBAQClp10Xo6cVCBCJWkeE7mPcx/WwrqSZwrECv5eK +zdGr9Ye2C5gw4DPxQNssM3mYq4dDtBCKT5LPl0n86KZ6Uktq3LTt5FUvPNxWsyyo +TPpqVa5+8eXWZJbmZz5G0Liy68uYpdF82MzeujlNpbNFRWIOBb5gVG1N6JDjrV6G +UkMSYFv6BzMQ+22mwIw9ipqKHD56NL9B8NLVXRYAzlJRKxOi774H3QmRVKF0LVPS +25T5oZhiHwYMaTs0KpoAPJsvwUaAwt3HfpXq9wUZKbCCAri286G/AF4jd2/SY8Ip +32dHWixpzmyIKEM02mzULe7N7/saaeXXjvQr3rKwfYxcUJHZ -----END CERTIFICATE----- Certificate: Data: Version: 3 (0x2) - Serial Number: 108 (0x6c) + Serial Number: 106 (0x6a) Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Sep 19 23:25:55 2016 GMT - Not After : Jun 16 23:25:55 2019 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL Inc., OU=Engineering, CN=Server 128 CA/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -123,34 +123,34 @@ Certificate: X509v3 Authority Key Identifier: keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:B7:B6:90:33:66:1B:6B:23 + serial:86:FF:F5:8E:10:DE:B8:FB X509v3 Basic Constraints: CA:TRUE, pathlen:128 X509v3 Key Usage: Certificate Sign, CRL Sign Signature Algorithm: sha1WithRSAEncryption - 2c:4e:94:b0:f6:75:cc:c4:9e:b5:68:56:f6:af:57:00:aa:74: - 99:59:6e:a8:de:d1:31:79:8a:b2:0c:42:d1:84:42:e4:89:7a: - 65:d1:cb:3f:fe:10:0c:ab:3a:89:a2:34:67:2d:43:cd:c1:09: - 80:b5:79:8c:0c:d8:2e:aa:c9:4c:89:59:0b:4a:1f:cd:f3:7c: - c1:7b:9e:26:7e:ea:c6:cd:de:b5:74:10:54:ee:0f:8f:85:5e: - 1a:9d:61:59:80:ac:f1:b8:be:a3:7e:57:41:62:6f:c4:30:18: - 92:cb:75:a2:fa:97:b7:90:db:ab:4f:b3:0d:05:cc:a9:e6:b8: - b2:57:2d:b8:b6:85:bf:98:7d:43:d1:82:11:3e:ca:8d:2f:b0: - 5f:0d:d2:29:70:30:02:08:3a:38:bc:c9:e9:6c:59:7f:17:7b: - 97:9a:96:9a:f4:bf:6e:e3:44:70:ac:95:f8:5a:08:74:b4:5f: - 35:17:5e:da:77:3b:49:22:1f:9e:1d:1f:da:30:3f:69:6a:61: - 57:8b:59:b0:4b:50:c2:22:bd:6b:79:b3:a4:7b:11:00:34:cf: - a9:fc:ad:99:a0:33:5c:1e:45:ab:d8:a7:71:11:c6:3a:f4:cb: - b5:67:85:0d:34:46:fa:f0:76:4b:51:12:6b:3a:fd:25:30:f6: - 65:5a:61:ef + 23:cf:7d:44:56:10:44:29:12:31:cc:c4:9b:b8:a8:dd:4e:c3: + 9f:2c:f5:7f:1b:d7:05:43:82:dd:c8:19:be:b9:54:d8:32:4d: + 88:2e:38:fb:be:ff:9d:fc:0a:99:8d:d3:67:08:22:a4:bb:62: + 5a:ec:49:3f:3a:38:cb:8e:f0:bd:42:d7:f7:16:43:31:00:df: + 10:53:c9:35:3f:bf:b9:4b:14:d0:f6:7f:d2:04:ef:69:c4:e6: + 53:d5:74:17:e1:f6:63:90:30:a2:90:9f:f1:13:1a:0e:bf:ec: + c0:e2:ae:41:40:20:41:55:84:69:e9:39:04:84:ab:f8:88:29: + 31:4c:15:19:12:ab:6f:f0:62:fe:83:a9:dc:52:52:7b:3a:14: + 86:8f:45:da:25:7d:c1:f3:21:84:84:bb:82:d6:ef:f9:4b:ec: + f4:21:87:ed:c1:53:77:8e:98:05:50:2c:d9:1f:42:30:dd:8b: + 85:57:3c:5a:fa:bd:06:55:11:95:3f:7f:fb:02:50:7d:88:57: + 0b:c8:a2:b3:fc:d0:fd:40:19:03:9a:8e:bb:d5:38:b0:d0:d6: + e3:e2:fa:45:91:2c:18:c7:9a:24:f0:78:ee:c2:0d:a0:53:4e: + c7:68:ad:80:6e:82:35:4b:1d:c7:15:b9:db:40:63:08:56:72: + 56:a2:55:7e -----BEGIN CERTIFICATE----- -MIIEuzCCA6OgAwIBAgIBbDANBgkqhkiG9w0BAQUFADCBlDELMAkGA1UEBhMCVVMx +MIIEuzCCA6OgAwIBAgIBajANBgkqhkiG9w0BAQUFADCBlDELMAkGA1UEBhMCVVMx EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz -bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTYwOTE5 -MjMyNTU1WhcNMTkwNjE2MjMyNTU1WjCBmjELMAkGA1UEBhMCVVMxEzARBgNVBAgM +bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTgwNDEz +MTUyMzEwWhcNMjEwMTA3MTUyMzEwWjCBmjELMAkGA1UEBhMCVVMxEzARBgNVBAgM Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdvbGZTU0wg SW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxFjAUBgNVBAMMDVNlcnZlciAxMjgg Q0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3 @@ -164,12 +164,12 @@ CjAdBgNVHQ4EFgQUsxEyyZKYhOLJ+NA7bgNCyh8OjjwwgckGA1UdIwSBwTCBvoAU J45nEXTDJh0/7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYD VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290 aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t -MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkAt7aQM2YbayMwEAYD -VR0TBAkwBwEB/wICAIAwCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQAs -TpSw9nXMxJ61aFb2r1cAqnSZWW6o3tExeYqyDELRhELkiXpl0cs//hAMqzqJojRn -LUPNwQmAtXmMDNguqslMiVkLSh/N83zBe54mfurGzd61dBBU7g+PhV4anWFZgKzx -uL6jfldBYm/EMBiSy3Wi+pe3kNurT7MNBcyp5riyVy24toW/mH1D0YIRPsqNL7Bf -DdIpcDACCDo4vMnpbFl/F3uXmpaa9L9u40RwrJX4Wgh0tF81F17adztJIh+eHR/a -MD9pamFXi1mwS1DCIr1rebOkexEANM+p/K2ZoDNcHkWr2KdxEcY69Mu1Z4UNNEb6 -8HZLURJrOv0lMPZlWmHv +MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkAhv/1jhDeuPswEAYD +VR0TBAkwBwEB/wICAIAwCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQAj +z31EVhBEKRIxzMSbuKjdTsOfLPV/G9cFQ4LdyBm+uVTYMk2ILjj7vv+d/AqZjdNn +CCKku2Ja7Ek/OjjLjvC9Qtf3FkMxAN8QU8k1P7+5SxTQ9n/SBO9pxOZT1XQX4fZj +kDCikJ/xExoOv+zA4q5BQCBBVYRp6TkEhKv4iCkxTBUZEqtv8GL+g6ncUlJ7OhSG +j0XaJX3B8yGEhLuC1u/5S+z0IYftwVN3jpgFUCzZH0Iw3YuFVzxa+r0GVRGVP3/7 +AlB9iFcLyKKz/ND9QBkDmo671Tiw0Nbj4vpFkSwYx5ok8Hjuwg2gU07HaK2AboI1 +Sx3HFbnbQGMIVnJWolV+ -----END CERTIFICATE----- diff --git a/certs/test-servercert.p12 b/certs/test-servercert.p12 index 9a1ffd7d57354dcd8f32d506bacbacac1d21fb48..c85fdd27920792f450a379f825e30978dc693687 100644 GIT binary patch delta 5191 zcmbQMIahN+Y`yBcD;8XDBd#$qaWFJA@$LAem1Ggt`sPN%+}7|N7x!1~-(WIRXR<_C zV4Z?gZ(YGItHsI*TcwWQ?hlg7+xAOIHtE6#Z?<0=uln1#?YZKkBdW_S+KZno{qQ;G z`OdaIy%iz9-fZc03$#utGB^|w_$RR6_rlS~=HdU%-76*(2ME^tX|4C#b-;*Sy*YC za#!VDzc(H_ZU=>@tY(^c;~?)$ZQ*MF|BI(wmn^;+aW(D0%B8;;gAYfzl=YU&A1YG4 ze!J_Q^g&^*jE?5$$$xpz)zzQ+G*_f9?pB;tuATkfe?^=-`z*dH?fbUth_(2~cg!bZ z_!!l;CVhMT?NpWE>BN?tAJto^pPmWS5AHLLG? z&~~5q@sk}_|4FB=Tc>kCZQYf?prFPri;A~ho2|61xLCt|jkfwPks`&)`lB<~SqSj{ zdMdK3@>#vuA0N)OJ9cc5KX-#iLvTmnyo;33v# zeFo!)_T}bTCnsHQZ(AKF`TnD_yKCR=%QyYwud-xXU9nlRLR z4=$?7pUqM)Z_j&3Kdy22Zq5t89n;@*s=YX9tdqVh?e=K~{!<#!w=YO$G`zFc7U-%@ zu|1XbYfp|s!|t0qSkLnAJ{Y!zx$sTeqb^pKR>SA4%I)XwyuFrRc}vUw$%O6hr&`Y} z-0y5xv3c8rO|No&*2%uO@t&(u)XVq`m)63_rsv&}ipI`<%=MCT+H-h?d(K+Kn^ZpY zcb#_lrbL>}ddr)CHc8E`l>Fq|^XjP1gHrzP(|XrGweVISlP}lqSg_vC_32f$7D4vd z2NFV3)^|j&SnYQ-4PvxSH9uv%gZWEsZPuZ1?N^s4wni{Eq%r*}toDlCRR5~sX`x~E z%``42(VCUoVz$#ASFf*cuNUz-^Jb=-fAF!k%W~x!H-as;{D{wBi|C*2+V=O$EX~OB z;4o9~H4j(1PY&N!D(P>r!74C!%hRWiESo=g^RIj4${O~Rse*0NhIeyW*RJ+f?cDq9 zRp!HW*A_}zrAwrHJg5;~6UWJG>@zh!hksc9?6h^?B);19wg*0*xS&+`UTHCF#k&`6=_l{1 zFJJAp|M%`{rPh|g(v zjJ$cVev9cNo}J7~5+5?ow(?`&sqA@yY5Ug~IoW3~F$u0&eKutKoeADdON)+*IPlb) zbEUpIxK>R)pz!h0`-L;vjn{-H)oc!F`1<{Ok2%-Ziq4mH6YtzV$H~@o@l>7LoH(Zw z+;UYCdC~l(Q(8)vt1A@fiWYg5OYEspvy5PzRP)f(pt8RAtAwt*iglmn$BmcVje=Z{ z-4pfyK6zP4b8qPjo%*&H%zCC>HV>7->kF7cuRGhLue=bfnxnK@&){goTvD^11>@}#FFV~aR zFE`Dpyz&p*59WUi_1UUNpX-Ix91>CbYSO(@E^GOZQ{A;IoBe+8oN8%ODY-Q4o6!X= z*5p5zzn6U}xScdTEGA8_H1r0;HPxjR?l+>|x%^lhp8NN8*1xSsUJExy-B&w#wDRxm zX$&V~bPrxkcXJG~?%Mp`Y=+0FY3tWSI)9K4o~H8d;j^f((Z<_*jLUA+7jaEZD%|pz z%k-DnISJWq*PVW?pYZE^&_kO|sVjo394kXRleBHp4qk2|2RanhPxtrHwIpN=}>FwpJsiK&CTs& z*+Y*LeiNVa)O{)Pyz-u#S-RWAiJGnT&teTaC%s>_^cGvp;@fv0KIRVUy~n@v`kh90Iq_X$Z{=9mOsre6 zZjv%Xr!ViNGsllkt@nK~wM2FO!;DvPy_voZMvvOB>72DY5^`o)*Vl!n`z5|qCvyF| z^SyIYX>)$=6d};ARTV;_BPkGCz|36-xI(Zr>l)1GQvd z`Kp~vVoYt~%E;`GebRnxk+JoD4%6oiTSG3Kw!h~Zdhy_{=ksorcJ(h4Rf>9;;kh&> zAd(5yZdWXeTW>!va(0H0(eal>PUdNPv%LQhNf4VKM*7Kdst_%PE^?}cx zl8$8(U$*(`^r-#5(HxPnAo#e8rF`R8;pyD(1>YR+T7^|!%^gRCCxJ%Ic{E5civqi!g6H?9|a=r0WwD=C^#QlqEIY0TH|DL8F zGWkZ{Ts1l6ubWK$<`w!nd(FtKuUjBB=~t)pi*2(Rk1#y``iQOZ-pU1$`{pvfV$*Ml zxXaRKJ^zwDSKVLVN~xUJOQM>SA=KB^Q#VdcWUTavf zd2#64;=jsAm0bQ$tqfOsDP6HF^=861%@d#6B@<@7c%Q)4ruuHd+J;^Etha8O9^l}t zXLF16c_RjZJMGzxFHSytclGAoyIFK|^|@BB>@=y%`7C_5eC5^S z4z(P=O4|2Z+;$bHnV9_APr6P{K6+8bv%m)DYPqS8Ka}d{hp(C^^}o%(=H>37MS^K73W-gxtmxI?40epMToW zuM+TK>yoIuCvGxcwi3MSEzu-5&D5Xgce2?F6uRFU+z>K?6r|NRx z=}G^T`xT2fmDWGpGp94MW5WWUp6wINa`y{bCaT?Au;gdNi`^DJ^S^m~3g^?QwXsgg zxu_BFt%tSXnwS2fcah4m%GFiJjRkZt1@FDM1ov-<(#SQ2#+*a{Iw2TIug| za~@e)ezbniC%m`iUQw=Q-}#kJ`?fHYDooxe`ap4UoxlJ71jPfi6MP;y`{24v-QCnU1g^^>lZHB&Ajb?q2iYM4V~ZCD@k?q zRqK~Dyjt`0aarC?vA@EPIb#kqJgD)#<*`JQ&9}6)?CI{;-}&BE>DeAxW2$LvEwak7 zY1c;{SD^)&yB6(LY1}OMiXlALe5IB_6RRT|r&gOs+jm|@cE$xwtVS$Nta=7btds5e zb?Td*T27c}aa|SE2WDwvIT0bUBb51^hEn(RnmW zEf>xGYUU`gbthkVX>a@I!xyC;7khVp4LK7zH=tp~(+cZWtw{H)OIO%^T7S&k=~({j zivR5AIZfx3cW-l=m609I!Ss}Kxm?my$vas&a}LyBd?g|yEf`zWX~nMbt!7rA*X1nN zU+O}v34;5!WoWM`bYhJyFaI}px_0aZc3vI+c@K`X7_$XmIdMb#%hZ1&omu^>7+bu9 z)XvUs{ygho*s7oPRVQ{#di4F}rx%@(zU_Lvw%lCPaaA!|R+`TC2?Pnd| z$A}&%_WLboS8u&mKlix(Wozl(DZ3me@~UQ9c=PnFmRzKizW&jK@DJaMa;F|FdtRP- zBWAvS%Y=UC!>K5xmd$liHNIM*-A z`#Y>Jc;4Tr@N?T4f~&ets>m?U(=$&r&(Z93n{wIV%i&Ga=3T9S@Yhx4GI!b>rlpe> zPP8>W_g!T|`l|QS-u;l?(lsks-0B_6f5DZ{6_(!Lu|S^bu;EK5JucU8EXAukH@+*G zcO$X7e_z3g*_DT_tLGlp?CI)ADV^-hCO%qtw?BLLNixX#)$%SV zx^j&B!Y1=VE=OH~_a`FG2iG6@CH7&P%j&=9CjV)kZ?II4r$T$ldCTiz5pFWe0&c$x z?w)7TBUp2CSDlomZG7re;cWHGGk7PzRn`9HuE4tDfvxdL?H0efM=eoQ5Ki_ve_w~x{7n>hf%qiX;_hiocde=j7i>Juf_tl@* zRSMJTOuNl6wRL3}&(=Ubzb5{o{sL<;U1`R;hhLQDU-#d5Vited2@} zy{>Bf)fsd(>X)*+@q3T=1}}w^MdtaG`?njtpR)MF*}il8@5_e@I&^W$sE6mbUR}yF z(Rr7`q#v&=n4fuPCLfFtbTYKNqqC{2`HOq~*L{v|6CC%x7mg9FVxO?c>%>v}@$H~r^vn?T{tSi&mOY6ziSsyL_8}8QaYB2hG%kOAVgV%}kl13dz zc@%GZ|916Our9i}$nffXW$~YPH1c1RuM3%d@uT_luP@%d))i(eoBJqix^;S$@Tovi zcliUi4%Z8R+Y_waG52=euLUpWM;f!WEd8r@#U#5YRdea1_nOm|Ki(uZB};knwON_l z(|*g`Q;=mZpJ%>`>%_I44cyzc?G)q=+w4nZJ9XRe!uJx2 zuZ{7vVz&OaaKA^e{)aO;TXy}>nbMncar#*U>w`8Qx#nGIy!c_kWHIg4FSgVgNxR`y1$ z(c%#CdwZqlOrKKQWBF?*>L1Fi#xZh?9kW0i|;$#G`}N# zKOrwk=E_^W4*U|+j7Q-J=-&X&fWILx^stDKTro5MQT<-Png3X6-FD0(1ZR?IV zFf>p!;ACUf=3{1(Vr5_vSswOslJDZUlKr`tzVB-l6kYb@@M0E@8@87N&e=YU29=ip DS~m98 delta 5191 zcmbQMIahN+Z2f_0N!F9YoZ^|7I2an5_;&c%B;>DFoxg8>r(jW?jev^mt8WpkI`@~q zG3UCUxF|JzbwI_`P12M0D?W4U+7eQ`Y`v~`o-c2*`<~>WH9X9nK>@s0JBvR2`+$$%o-dN2|r8{8fHE(){at4^7E!SYlm&+HBKH_w%{kI_Ia0 ze|#v@TEv+5sK<0(@~c*k<2vhBZOqj+Uh|+ksPmZRSXMP zbR25-<}QifP|JC;Azm-OG{2~Gv&!l#^6?s5?&uX2`^=l^ke67$e4RPNN$yYA{wm8j z-!!?hbIsB|ak*pj^mVlIC)T%HnV5tzhTAbb=m}tCARIio3Hhh zoLMRPuB$;W^>~rZ_AKL_6CSRyd2BOp(g7v4>WCd#g0Cm59bU10a;oyOiXAOl_1R~& zrucazaZid0oH*@EPR$ePjqOql6Y9h6y%e;ZlCx-Y-x=ix7U7R>sMXtk_m;Guz_l;p zqi5od0^Xf!bKQ>BG#z+0`TXwm8@A^7CU)62OWhi6VY*ZJYFrHuFc z!)L$C#KruY*r7jXRoeaM4;klY*lyA`e|c$Zy_&ziNBLxvXIpcw&N*tT8uIC>ArbS#{tpP4!E*f?H zdcspa>8?N&?;p=@mmeMtkwtTM#L79ZTkbnsb*6E;Sm3mI8ZoKH@^S`$?w7V6K2Se> zuSv6SLbZm>v(6XgGHmmY=+tM&#gZ7J#bOZ zyr2!Y{rooU>wog?fAO*B6EEz3crw3(;habARr#`hDUIWjk8;mVF?sXrjo-K#`Y!(!e(n=wdht+qgDTsy8z1xQ z<7)1;&$i(x5ni8p-5`2KUuMT$np4a%@6Uz+^T%&Z)w@$fPv3CerernIGR`di!K>*u zMw$#4IP3#XxeKy>l9+XU!`7Z7v;Qh=TXsKKW1VZm9nr&XXTQzYD!cegQ^#;t{msD$@;o*Y@B^L4A4*zc>|lbCrzJx{8}U7We=mg!%|fYa0WO}Y@a@S4gz(@L}c`_U)8 zY;R9Gn?1?x)C4ot9}Vk%b{~CO^v?35{Jb}R&)BA>&;9SdxlnXxl9Tj1Uw?-&+uM;~az1Ev!hC*Gj z+H%h?a}19kn)^Pke&WMF`xm$AA9*2||LjcvyLOeN`{lPx+Ka_34sMukkGgH&+)60La@d{n8yi(!w zvBgSHwomT4A(N!3Q0ecw&7Y%Yxu?iX<@1)V71d(D47My$NUky4Vs!54)~7PjD|hoP zw_5c2-u54sM_pcjKJ+xpv6eyg>jrhvK<2EVtTOMu z*zv7o!?{0cu3xHWM%jPr4?J3LW?S(rYV(pcrICV8?TbEC%$ks~$}_Kn?^WA9dycMy zx%qaylQumGyuo(h<=&0X^PWBRyD9IJd3$vW(?LboFz@d>^IAK~`i%?b%-M2O=^qav$tK+X`Rm7&q<2NPMjaZ<=3)Ax#z6tn+dZ;z7*X$$6bF; zj`e*kPu#|M&$WCT4>f-}ps-KzlUsD}mZ%AnLTVpmyyw5ip1!)j>y2_P!=e-FEE_LX z@SO>*+n2Rvz51f1H@uI0>FLV;+QlJsCF%Sz{*Mvz*OpxEob&f>?iB}TzEdi8Np{-3 zA8(1yomufkC*elDlf;aeV_#2R`WX=!*uUDDuYT(qPp#Gyy=)5%v{eLT?k+xjWsfFn zqSU1|FWKKm+Mic{yX_{I-JxY411E*an_Gk%h8xfC`#2#}(dfU?l6Tidk4w8R)_TBe zzjxhS1%|onuZSM742|yWn_`_Ip}r#dWb38&%p3QP9mtZsRJ6in(KDGB*R`7)lwDV= z9{wu&;9+xleeW0B<@a~0J&sy=%kw*<(chCt-tS75W1e{7r@;42r}ve{H;)JNK3fte zzs2dR1)DwiKX$;`#s9%zcLbVE868ab+z@;<^+S52gSl7uk7B{FS(H*u=UQZXqmZ2 zZLcS{e7UoOi%rT|reoprdt90f$JgI(u>F^F^JSp_q>@E_`%ic)UshW*i}!oM!t^_R zCr`VV{N*~q!L@8hkV@k!#bqyV-ahT)Z@a3*Po^uQJNb6!w(wt>Zbt)prHqm_+T$m* z&Q@G49{QkP+dx*~kK4Ngzkbyx?qsvDTeFBys&?Ctr(exasWARk&YRJ`;%F|Ld}E49 z%#}sCaY}#opL!-5P<`O{ajVnuTX=(mS3THv#a2kJf3c+frZarcUEgmCaPO`Xu6lMo zIidRf$4<_J7aph8M=o1$!?gX(vJ;tmIR9V0U%M`w!!|fWbW+Ez7krC?jM@`6ZK$78 zV7?^R_YaG~w0sZSrrobRw%umSW~y^~#jVzo{#>ZO_+m(I!x#qKX%eQ7v=_uu&c+7H{iq2LWo9n5GO$xjR9wk)%{FYf_F82SBXHgB` z@daHArd78tNDi%Zc3;q6^4~&cw`Y&C+JugWz5<8zs{^}v4EB8PPyDIVUZ|mab&~Y| zgNxJ;m)9#^3)w3vGG&d})i#r)>pw+baQ_c5-Q``NvN(<7Pv4%N6E5t1#y`|PDDnHh zJ0&aQYPW6Xev6ltuWvtWO`SUX*t>({6Gf`($Ce zbk~__%i}Aq?9aY%@L-znvGi}>Vsz46AKl#(@%ieLzSEq!<{YwJZujE0d~#*7i*#K3 z!T0GgrI$i}u_E{QbT;a=zCGRh-DppCm)6bJrR;a^Ra=F>vW@3S3%p#M)_=99uJ5ew z6_(34;&gK&nPN3WI%?`4M9qzvwn(Jfq$|7jugZsGpI2=-P;=+yF4o{nhbH&!d}eu4 zU}1{e#ahnZ{4GhRZ@brA%$IuVbMbC$&lkbF`g1m&{{N%o?lU2G#kJ4o%zpOV`0VF3 z&n|dLJt}M7tjc4abM49Ru%~OA<}Q$l*=K&Jz%q`3mvdU^;-zo;?poh%WRR>^$qhXG zzHrKoO1~xgN#C!%)|b2SkNdjE%gnd~dne}4@Sa!3UVWmq^@`*)nZIY0)D&DFdALq} zxZyhQh0{`#4<5d&u&!KgcB9+2J#oht2tNq(5~`Y{xTsCPkn2g3@UI{42Q2hm(gad$ zRQqaYf3ReTTxSsxez8BOGFwq&(Ov&0w)%*`eZCHE_xv2>gx!57B@2g~W{FgoZ4$TiD)y z*FDP1@ILtTg^c?Z|Fv{pbUw99ySVS6WAC!tOgp({OjTA`T>fF@U}XDQ*Wkn{-}OF8 zL3ah~6&Fm-7ics3UIWn<+lSy)kdi?9q z?u@eLng&J3=?k=W-*d5)G5gLrYq9u4#kznqItLZ>=02LoyCv~l1W&lSMyQ3Wo`r!4 z_oTK|ZHrpQrYpM*M7PhFeq!ax3N9-lbJbkyQ9Cm)V!@rOf8qmV+q)9gj&{HLQ0 z6hr(ar%VigZ@KosqRUU~=FHq}y83D6(L?_)D_MkHTD^T=(HZNWlj4uKvbwOR=kb@Aa&%VO8rofyBCND=cHw1-deIT56cqS|0u(c7^$rYHygR zh`aQB{f>*2jl@3=2l6mIRxVYzp2VXV)a zKfSl7SH^uk611mTf<4x8)*pK(XQSRFf0yuFVw=-_vp(oq44e8Sl{>HG&WQC)?2hw0 zRbX<=F>JfDZ_d>?S;ud@-@g61`D@aF@->B8(r0C7PK#W!uKbeu`OwDT6K1^o9p25- zzho+8-t%~|+R8t`rRJ_}|%`vpM zYhgjfFT2iL%zU!-Yg0D}pUdvLVRy%t-Sq3VhqDSh=CoYC^(d;t^uoQImgtiY<#Sg~ zF)El7(!MTKsco9XkGr?8v`6jC$njb5X4mx}=cmLgeiEIq(#1mHeDCr_D)ZTWAFv*^ zs(zZbFk3xoW`0MrdxF#AkNV|hzl7Z$CYX2pe?RAY%I-=<-lu$1{ddR0Z=M$7W5qaSn@ zh_q{3KZ|KLSXS7V7ntiiH6y9LhBGKI`u?>0kwt%&vn&dj8>084^W%F-mo_bzcZ`4Q zZ_fXJrHSkAw4b^wCvK8zd(-sxkfK|-@y)UoPXlK8te?96!ui0h(@%bss4jSR} z=1hg1`#a_yIupHmHD690i}cd`Hrc-hs;?}+e|`R?zI#gEoeT!{6Sd1utyhh_!?Dic zl*mlcRsU8^XI%7u)uZK{_os=RH#0O`?0+QoWN=l8(7lv;eb%j=Q3b2_ZK!h*uu63? zV&KX9BFxx$tZ>QywX=?&v)xoF^B~YOa(lq#t-UYqPA;7ldjDD8zh4hBWI9x|wgL&QB}goAah7xH+rVXXYd|)w%03 zl5ENyBK1=n|Li!Lc6?{~UzfF|tIhSVe?R0eSg*6?l&HZ3<<~i@Z`MzoaNN&EEc^3M z9hYk7nWx@_yeNP8X+HNqk0+5u`$ODQZG#?kHFU3@yyd*zukuIV?Yi8es|C5-_2IdHlbUS)Z;MTp*HkM*RRd*s`Nt`0D8?efyZ^%(gKh7&<{wS5aetXMZP&tT zKXwB{14RQ)HdbvuW+o|C1{RUOE6%N}*t_j^%T;p+{k){YbOy;V7LFw+U#|@7UvU^z GUIGBWL;DW^ diff --git a/certs/test/cert-ext-ia.der b/certs/test/cert-ext-ia.der index de005a63ca25b19db9dfea7b307c9738dc746ecf..a6fb6508c60523319dbcd1e7e08bf407ed2af2e6 100644 GIT binary patch delta 320 zcmeyz{*PV4po#gHK@-!X1~8l*T}%o z(8vtJ-S|?JseV7}^(8!;9#1T0(>w9Rw)$Z9K2Hw&A4el6UD+Ab@UH6e&AM3;jX_*m zB@-;R1kCJ;o9pl+cE**(j-?a4`#ZH?^GvlDVSezo-oQ)1-D0oYyHm0A49b?A=U~(i z)DU`O{`0=m%h^H;OXO}BdnL~a+7Wa{a{a43sS3S&?^yX`_-_l=|GjOe_u6hp*Dj|| zQPn)gS3}P)7H`ts@@4tfH_T0I|0UL}`&xW$V|g5V;|3-^ Z+wU`GZwM6Z=Hh(g^Pg$j3>l_Vd;miujn@DG diff --git a/certs/test/cert-ext-nc.der b/certs/test/cert-ext-nc.der index ea0559e17112f9b533bf5029d2a6f356d93588fa..10438666b3d551d97f78837611b4634dde0ac363 100644 GIT binary patch delta 320 zcmeyx@ry&kpoyi-pouwd0W%XL6B8#xdsdK6Q&kN2M2VdeCWgj_rbfnw22tX?MurB4 z2Idg%#+MVB>L;>)&)hb3nOCaYlmw2K>QjFBTR*Q3+;d#x_u|qeId?Wpcivr*d1bSP zL1g_qo$1HF>&f@ep3L+)Fa6IOfnSfVL6mP$OI&a#){kyNTnK(+$yg6HXL#g(nSS5?g^=Dr)v9rBNUwLT4 z!ukm}4<{!ITob%LUE!$e!-S=CmI|C_iaokgFLQa)*>^wnifSZI&;G$OL0?d3y6cl; zOw|$J@(&znkNeoN^oL@$w}f{lYiaD%6)H(D9UMPR!MjfbHXRuJ8=rrQEmWt36ReK delta 320 zcmeyx@ry&kpoyi-pouwd0W%XL6B8%H=UbT<7c6SuFi~Qsgt38xic2;GI)97Z-IJ#;M-FVJeQrE zGhzA1Jua&~63rg)H$UoO)76ysKkC2H_g=V(>xwgf>zDSlmBdBV7am{loBNsXcVd-- zqwF+oFEy9b9CQA}9iC`drJBO{{fE`QY*yVqWhk^+Q)}{yeT?U;mFu zF2vPyZro?vONCBRXZ*UR7foyLT6J+LL%cr2q2E)TzxORt)T?m$cW~m&-#ZYcs%jq(@2T|83N-RpgR|0_DYhP7Ju^y|3P zS*w|zbVOTsb00sma#{Do_6?F!JQ@-CGlS~hZm`O*?&0DnDO$ag^XOZax_oXKPQ?pn z>wg}JQ&)J>S{%fBY1fad{f=jp^@MWw7|wW}ytq&8>d7 XX!6AHD{mw`ko&sk zVAsNpb*+8v3i=#|YvYc2ok;vLk6mt&(%a&i)_1>>?gW^v`g?rtDhZa~ug>UX%-+26 z(6k!|&qURI=bgv#V6J9&i(CKYiCJ5BRK=X}4`tjj%VWV5=ToZgL0sRz?Avg$Fn4K? YS8BkfwSKY>au{#?c5Zm~go(!j0C%mFK>z>% diff --git a/certs/test/server-cert-rsa-badsig.pem b/certs/test/server-cert-rsa-badsig.pem index 00dd52c0b..addafbad3 100644 --- a/certs/test/server-cert-rsa-badsig.pem +++ b/certs/test/server-cert-rsa-badsig.pem @@ -1,9 +1,68 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com + Validity + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT + Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL, OU=Support, CN=www.wolfssl.com/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27: + 01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6: + f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75: + f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab: + 64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e: + 86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25: + 4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c: + 34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6: + 8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc: + 40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8: + dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3: + e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9: + 64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0: + c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77: + ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4: + b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22: + a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f: + ad:d7 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C + X509v3 Authority Key Identifier: + keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 + DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com + serial:86:FF:F5:8E:10:DE:B8:FB + + X509v3 Basic Constraints: + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + b4:54:60:ad:a0:03:32:de:02:7f:21:4a:81:c6:ed:cd:cd:d8: + 12:8a:c0:ba:82:5b:75:ad:54:e3:7c:80:6a:ac:2e:6c:20:4e: + be:4d:82:a7:47:13:5c:f4:c6:6a:2b:10:99:58:de:ab:6b:7c: + 22:05:c1:83:9d:cb:ff:3c:e4:2d:57:6a:a6:96:df:d3:c1:68: + e3:d2:c6:83:4b:97:e2:c6:32:0e:be:c4:03:b9:07:8a:5b:b8: + 84:ba:c5:39:3f:1c:58:a7:55:d7:f0:9b:e8:d2:45:b9:e3:83: + 2e:ee:b6:71:56:b9:3a:ee:3f:27:d8:77:e8:fb:44:48:65:27: + 47:4c:fb:fe:72:c3:ac:05:7b:1d:cb:eb:5e:65:9a:ab:02:e4: + 88:5b:3b:8b:0b:c7:cc:a9:a6:8b:e1:87:b0:19:1a:0c:28:58: + 6f:99:52:7e:ed:b0:3a:68:3b:8c:0a:08:74:72:ab:b9:09:c5: + ed:04:7e:6f:0b:1c:09:21:d0:cd:7f:f9:c4:5e:27:20:e4:85: + 73:52:05:d2:ba:f8:d5:8f:41:cc:23:2e:12:6d:bc:31:98:e7: + 63:a3:8e:26:cd:e8:2b:88:ee:e2:fe:3a:74:52:34:0e:fd:12: + e5:5e:69:50:20:31:34:e4:31:f1:e7:e4:5b:03:13:da:ac:41: + 6c:e7:cf:2b -----BEGIN CERTIFICATE----- MIIEnjCCA4agAwIBAgIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz -bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTYwODEx -MjAwNzM3WhcNMTkwNTA4MjAwNzM3WjCBkDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM +bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTgwNDEz +MTUyMzEwWhcNMjEwMTA3MTUyMzEwWjCBkDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xEDAOBgNVBAoMB3dvbGZTU0wxEDAO BgNVBAsMB1N1cHBvcnQxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP @@ -17,11 +76,97 @@ sxEyyZKYhOLJ+NA7bgNCyh8OjjwwgckGA1UdIwSBwTCBvoAUJ45nEXTDJh0/7TNj s6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5h MRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwK Q29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcN -AQkBFhBpbmZvQHdvbGZzc2wuY29tggkAt7aQM2YbayMwDAYDVR0TBAUwAwEB/zAN -BgkqhkiG9w0BAQsFAAOCAQEAUf4q3wd+Q8pmjRXEK9tXsgZtDZBm/6UknBTvgfKk -q5mpakkgpdJx5xw8mQfHR/zolrT1QjDOOQFL0cLovJWEh85VXZefz3jzVpulCG2s -9qVcxO8+KjmmSCYpey3gzaaMV0gLuzEywr/ZQ0xHJRiBqMkzgkGbumGG14STFyQl -NspNY2tPlXnYYOAe9azBiqGxfoWOhyAvCDGtXsZKyGH0ngceoiLtc3yF7vpi3FA2 -qv3HnaoYBPvqzCxom7OpwpbYwcxafvcNngjgnSmLhEaP05Fqtbh6XMxPVQG4mkig -lEPKJUdSCvf0vrDRcW2lUkplULKtTh3gbAHY+0OA5uQMOA== +AQkBFhBpbmZvQHdvbGZzc2wuY29tggkAhv/1jhDeuPswDAYDVR0TBAUwAwEB/zAN +BgkqhkiG9w0BAQsFAAOCAQEAtFRgraADMt4CfyFKgcbtzc3YEorAuoJbda1U43yA +aqwubCBOvk2Cp0cTXPTGaisQmVjeq2t8IgXBg53L/zzkLVdqppbf08Fo49LGg0uX +4sYyDr7EA7kHilu4hLrFOT8cWKdV1/Cb6NJFueODLu62cVa5Ou4/J9h36PtESGUn +R0z7/nLDrAV7HcvrXmWaqwLkiFs7iwvHzKmmi+GHsBkaDChYb5lSfu2wOmg7jAoI +dHKruQnF7QR+bwscCSHQzX/5xF4nIOSFc1IF0rr41Y9BzCMuEm28MZjnY6OOJs3o +K4ju4v46dFI0Dv0S5V5pUCAxNOQx8efkWwMT2qxBbOfPKw== +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 9727763710660753659 (0x86fff58e10deb8fb) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com + Validity + Not Before: Apr 13 15:23:09 2018 GMT + Not After : Jan 7 15:23:09 2021 GMT + Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:bf:0c:ca:2d:14:b2:1e:84:42:5b:cd:38:1f:4a: + f2:4d:75:10:f1:b6:35:9f:df:ca:7d:03:98:d3:ac: + de:03:66:ee:2a:f1:d8:b0:7d:6e:07:54:0b:10:98: + 21:4d:80:cb:12:20:e7:cc:4f:de:45:7d:c9:72:77: + 32:ea:ca:90:bb:69:52:10:03:2f:a8:f3:95:c5:f1: + 8b:62:56:1b:ef:67:6f:a4:10:41:95:ad:0a:9b:e3: + a5:c0:b0:d2:70:76:50:30:5b:a8:e8:08:2c:7c:ed: + a7:a2:7a:8d:38:29:1c:ac:c7:ed:f2:7c:95:b0:95: + 82:7d:49:5c:38:cd:77:25:ef:bd:80:75:53:94:3c: + 3d:ca:63:5b:9f:15:b5:d3:1d:13:2f:19:d1:3c:db: + 76:3a:cc:b8:7d:c9:e5:c2:d7:da:40:6f:d8:21:dc: + 73:1b:42:2d:53:9c:fe:1a:fc:7d:ab:7a:36:3f:98: + de:84:7c:05:67:ce:6a:14:38:87:a9:f1:8c:b5:68: + cb:68:7f:71:20:2b:f5:a0:63:f5:56:2f:a3:26:d2: + b7:6f:b1:5a:17:d7:38:99:08:fe:93:58:6f:fe:c3: + 13:49:08:16:0b:a7:4d:67:00:52:31:67:23:4e:98: + ed:51:45:1d:b9:04:d9:0b:ec:d8:28:b3:4b:bd:ed: + 36:79 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 + X509v3 Authority Key Identifier: + keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 + DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com + serial:86:FF:F5:8E:10:DE:B8:FB + + X509v3 Basic Constraints: + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 9e:28:88:72:00:ca:e6:e7:97:ca:c1:f1:1f:9e:12:b2:b8:c7: + 51:ea:28:e1:36:b5:2d:e6:2f:08:23:cb:a9:4a:87:25:c6:5d: + 89:45:ea:f5:00:98:ac:76:fb:1b:af:f0:ce:64:9e:da:08:bf: + b6:eb:b4:b5:0c:a0:e7:f6:47:59:1c:61:cf:2e:0e:58:a4:82: + ac:0f:3f:ec:c4:ae:80:f7:b0:8a:1e:85:41:e8:ff:fe:fe:4f: + 1a:24:d5:49:fa:fb:fe:5e:e5:d3:91:0e:4f:4e:0c:21:51:71: + 83:04:6b:62:7b:4f:59:76:48:81:1e:b4:f7:04:47:8a:91:57: + a3:11:a9:f2:20:b4:78:33:62:3d:b0:5e:0d:f9:86:38:82:da: + a1:98:8d:19:06:87:21:39:b7:02:f7:da:7d:58:ba:52:15:d8: + 3b:c9:7b:58:34:a0:c7:e2:7c:a9:83:13:e1:b6:ec:01:bf:52: + 33:0b:c4:fe:43:d3:c6:a4:8e:2f:87:7f:7a:44:ea:ca:53:6c: + 85:ed:65:76:73:31:03:4e:ea:bd:35:54:13:f3:64:87:6b:df: + 34:dd:34:a1:88:3b:db:4d:af:1b:64:90:92:71:30:8e:c8:cc: + e5:60:24:af:31:16:39:33:91:50:f9:ab:68:42:74:7a:35:d9: + dd:c8:c4:52 +-----BEGIN CERTIFICATE----- +MIIEqjCCA5KgAwIBAgIJAIb/9Y4Q3rj7MA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD +VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G +A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3 +dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAe +Fw0xODA0MTMxNTIzMDlaFw0yMTAxMDcxNTIzMDlaMIGUMQswCQYDVQQGEwJVUzEQ +MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3 +dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns +LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAL8Myi0Ush6EQlvNOB9K8k11EPG2NZ/fyn0D +mNOs3gNm7irx2LB9bgdUCxCYIU2AyxIg58xP3kV9yXJ3MurKkLtpUhADL6jzlcXx +i2JWG+9nb6QQQZWtCpvjpcCw0nB2UDBbqOgILHztp6J6jTgpHKzH7fJ8lbCVgn1J +XDjNdyXvvYB1U5Q8PcpjW58VtdMdEy8Z0TzbdjrMuH3J5cLX2kBv2CHccxtCLVOc +/hr8fat6Nj+Y3oR8BWfOahQ4h6nxjLVoy2h/cSAr9aBj9VYvoybSt2+xWhfXOJkI +/pNYb/7DE0kIFgunTWcAUjFnI06Y7VFFHbkE2Qvs2CizS73tNnkCAwEAAaOB/DCB ++TAdBgNVHQ4EFgQUJ45nEXTDJh0/7TNjs6TYHTDl6NUwgckGA1UdIwSBwTCBvoAU +J45nEXTDJh0/7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYD +VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290 +aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t +MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkAhv/1jhDeuPswDAYD +VR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAniiIcgDK5ueXysHxH54SsrjH +Ueoo4Ta1LeYvCCPLqUqHJcZdiUXq9QCYrHb7G6/wzmSe2gi/tuu0tQyg5/ZHWRxh +zy4OWKSCrA8/7MSugPewih6FQej//v5PGiTVSfr7/l7l05EOT04MIVFxgwRrYntP +WXZIgR609wRHipFXoxGp8iC0eDNiPbBeDfmGOILaoZiNGQaHITm3AvfafVi6UhXY +O8l7WDSgx+J8qYMT4bbsAb9SMwvE/kPTxqSOL4d/ekTqylNshe1ldnMxA07qvTVU +E/Nkh2vfNN00oYg7202vG2SQknEwjsjM5WAkrzEWOTORUPmraEJ0ejXZ3cjExg== -----END CERTIFICATE----- diff --git a/certs/test/server-duplicate-policy.pem b/certs/test/server-duplicate-policy.pem index ce80d5b09..bdc9af911 100644 --- a/certs/test/server-duplicate-policy.pem +++ b/certs/test/server-duplicate-policy.pem @@ -5,8 +5,8 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Mar 10 20:37:22 2017 GMT - Not After : Dec 5 20:37:22 2019 GMT + Not Before: Apr 13 15:23:10 2018 GMT + Not After : Jan 7 15:23:10 2021 GMT Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL, OU=testing duplicate policy, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -37,7 +37,7 @@ Certificate: X509v3 Authority Key Identifier: keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:9C:86:DC:5C:A7:73:35:83 + serial:86:FF:F5:8E:10:DE:B8:FB X509v3 Basic Constraints: CA:FALSE @@ -49,27 +49,27 @@ Certificate: Explicit Text: Test of duplicate OIDs with different qualifiers Signature Algorithm: sha256WithRSAEncryption - 82:59:1f:4c:a7:19:9f:e7:ab:cc:51:21:da:ef:4f:73:75:22: - 6c:db:55:83:c4:35:c7:40:69:49:46:45:56:78:06:03:76:d8: - 3b:6c:75:aa:2c:a5:c0:61:e8:5c:c0:2b:ed:66:a9:66:c0:b3: - 37:83:23:c5:2c:b2:45:59:61:84:be:dd:44:72:00:7a:6b:f9: - 50:89:31:66:a7:84:46:74:0f:bb:5b:05:0d:1f:2d:4d:b4:dc: - 69:2c:e2:a0:fd:5e:93:14:c7:ce:a2:6e:50:61:8f:73:94:a0: - 7a:65:e5:9d:76:f0:1b:1c:da:da:72:3e:f9:8c:4d:c0:4a:cb: - 24:e8:40:51:a1:37:9c:e7:87:1a:0e:cd:a6:7f:54:39:65:5f: - 63:64:04:60:5e:cc:1d:a6:71:78:1f:44:32:32:f9:27:0d:23: - 75:95:01:0b:0d:f3:90:ec:e2:7e:df:0f:43:96:e4:32:c3:b4: - e2:df:87:12:97:a1:1e:f1:c8:73:fe:5e:ea:55:5c:f7:4b:88: - 2e:31:6c:52:ff:b3:05:85:f7:fe:e7:ac:f6:74:a8:4f:8e:96: - 88:5f:73:5a:f1:77:9d:b9:16:a3:53:e2:4a:5b:e2:5e:2b:88: - 1c:a8:b8:ee:e2:ee:72:cb:b2:51:ab:c2:90:5f:15:df:1c:ff: - fd:0d:95:20 + a0:b0:d4:b9:0b:bb:1e:3a:50:21:43:6a:e0:99:61:7e:46:cb: + d6:d3:5a:84:47:4c:9b:e9:13:c8:d4:44:b5:17:1f:52:29:a8: + 3d:e1:33:50:4a:4a:9c:a4:8d:86:99:83:72:7e:87:ba:04:b0: + bc:9b:39:ce:73:15:49:99:03:f1:e1:b5:ef:cb:85:bc:45:5e: + a8:fd:f6:82:f2:45:80:31:e9:cd:56:9b:cc:84:ff:6c:36:ee: + a6:e0:7f:a7:f1:49:0d:b6:ed:12:5b:34:05:b8:c5:4d:e2:ec: + 5b:25:dd:9c:3a:1a:4b:dc:cf:8e:41:a4:dd:ca:83:6a:cc:bc: + cd:4d:75:92:1f:45:8a:b0:6d:e4:72:8d:2c:18:12:26:b2:dc: + 3f:47:bd:76:c1:cb:da:9e:bd:58:10:6c:3e:57:22:9b:34:3e: + 6f:88:d7:e3:fd:4f:f5:97:a2:d2:9f:1d:58:fc:36:fa:94:dd: + 4e:13:e6:57:35:1c:5c:a5:69:6a:ce:3d:d3:21:51:1a:1a:3e: + cf:89:a4:c1:a0:9e:c4:0f:a1:d1:39:ac:31:1e:5e:e7:2f:d0: + 22:c3:9f:4d:57:90:ab:d6:f8:3d:dc:7f:9d:71:94:5d:95:48: + 9d:01:66:13:3a:26:0f:76:cc:c2:63:7d:0c:c8:0c:88:6b:84: + 01:c7:0a:a4 -----BEGIN CERTIFICATE----- MIIFJjCCBA6gAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz -bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTcwMzEw -MjAzNzIyWhcNMTkxMjA1MjAzNzIyWjCBoTELMAkGA1UEBhMCVVMxEDAOBgNVBAgM +bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTgwNDEz +MTUyMzEwWhcNMjEwMTA3MTUyMzEwWjCBoTELMAkGA1UEBhMCVVMxEDAOBgNVBAgM B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xEDAOBgNVBAoMB3dvbGZTU0wxITAf BgNVBAsMGHRlc3RpbmcgZHVwbGljYXRlIHBvbGljeTEYMBYGA1UEAwwPd3d3Lndv bGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIBIjAN @@ -83,26 +83,26 @@ o4IBcjCCAW4wHQYDVR0OBBYEFLMRMsmSmITiyfjQO24DQsofDo48MIHJBgNVHSME gcEwgb6AFCeOZxF0wyYdP+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYDVQQGEwJV UzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwI U2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xm -c3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIJAJyG3Fyn -czWDMAkGA1UdEwQCMAAwdgYDVR0gBG8wbTAFBgMqAwQwZAYDKgMEMF0wGwYIKwYB +c3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIJAIb/9Y4Q +3rj7MAkGA1UdEwQCMAAwdgYDVR0gBG8wbTAFBgMqAwQwZAYDKgMEMF0wGwYIKwYB BQUHAgEWD3d3dy53b2xmc3NsLmNvbTA+BggrBgEFBQcCAjAyGjBUZXN0IG9mIGR1 cGxpY2F0ZSBPSURzIHdpdGggZGlmZmVyZW50IHF1YWxpZmllcnMwDQYJKoZIhvcN -AQELBQADggEBAIJZH0ynGZ/nq8xRIdrvT3N1ImzbVYPENcdAaUlGRVZ4BgN22Dts -daospcBh6FzAK+1mqWbAszeDI8UsskVZYYS+3URyAHpr+VCJMWanhEZ0D7tbBQ0f -LU203Gks4qD9XpMUx86iblBhj3OUoHpl5Z128Bsc2tpyPvmMTcBKyyToQFGhN5zn -hxoOzaZ/VDllX2NkBGBezB2mcXgfRDIy+ScNI3WVAQsN85Ds4n7fD0OW5DLDtOLf -hxKXoR7xyHP+XupVXPdLiC4xbFL/swWF9/7nrPZ0qE+Olohfc1rxd525FqNT4kpb -4l4riByouO7i7nLLslGrwpBfFd8c//0NlSA= +AQELBQADggEBAKCw1LkLux46UCFDauCZYX5Gy9bTWoRHTJvpE8jURLUXH1IpqD3h +M1BKSpykjYaZg3J+h7oEsLybOc5zFUmZA/Hhte/LhbxFXqj99oLyRYAx6c1Wm8yE +/2w27qbgf6fxSQ227RJbNAW4xU3i7Fsl3Zw6Gkvcz45BpN3Kg2rMvM1NdZIfRYqw +beRyjSwYEiay3D9HvXbBy9qevVgQbD5XIps0Pm+I1+P9T/WXotKfHVj8NvqU3U4T +5lc1HFylaWrOPdMhURoaPs+JpMGgnsQPodE5rDEeXucv0CLDn01XkKvW+D3cf51x +lF2VSJ0BZhM6Jg92zMJjfQzIDIhrhAHHCqQ= -----END CERTIFICATE----- Certificate: Data: Version: 3 (0x2) - Serial Number: 11278944607300433283 (0x9c86dc5ca7733583) + Serial Number: 9727763710660753659 (0x86fff58e10deb8fb) Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Mar 10 20:37:22 2017 GMT - Not After : Dec 5 20:37:22 2019 GMT + Not Before: Apr 13 15:23:09 2018 GMT + Not After : Jan 7 15:23:09 2021 GMT Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -133,32 +133,32 @@ Certificate: X509v3 Authority Key Identifier: keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:9C:86:DC:5C:A7:73:35:83 + serial:86:FF:F5:8E:10:DE:B8:FB X509v3 Basic Constraints: CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 10:6b:75:29:65:17:7e:78:ae:85:2e:b7:a4:50:98:69:74:f9: - 50:a1:8e:2c:9f:b0:43:66:a1:e0:42:32:38:15:5f:2e:cc:cc: - c4:b9:7c:b5:c2:bc:59:24:49:17:ad:1c:e4:6e:dc:70:e3:93: - fc:69:dd:04:7b:41:dd:08:f0:13:ee:2a:cb:6f:cf:af:d4:96: - 3c:44:50:29:45:60:89:cd:ec:5f:c1:bb:b0:03:61:74:b3:29: - ad:df:e9:7c:d9:f2:18:22:45:e7:3d:d4:72:37:2c:b4:18:7d: - 34:ca:55:00:0d:89:d0:f7:3e:81:4d:da:02:4c:2b:a6:61:4b: - bf:b1:ec:73:11:6a:53:a3:0a:0f:20:04:5d:17:67:b1:a6:a2: - 37:a8:f5:ea:78:6d:00:8b:64:16:62:0a:6f:44:94:15:9e:4d: - 15:0c:33:f0:ba:9d:e2:be:69:6f:12:9f:69:95:39:ba:97:9e: - c3:af:22:ad:f2:f2:3b:67:81:1a:99:d2:02:89:86:6d:8f:92: - 98:32:dd:c1:fa:2e:38:03:2e:fc:02:a5:e7:b8:dc:94:3b:88: - 15:4a:09:80:98:61:b4:5e:07:b5:87:57:f4:a0:91:5c:7e:89: - f5:89:16:f2:7a:15:52:1b:55:26:7c:59:d2:d0:23:e3:0e:12: - b1:99:f9:6b + 9e:28:88:72:00:ca:e6:e7:97:ca:c1:f1:1f:9e:12:b2:b8:c7: + 51:ea:28:e1:36:b5:2d:e6:2f:08:23:cb:a9:4a:87:25:c6:5d: + 89:45:ea:f5:00:98:ac:76:fb:1b:af:f0:ce:64:9e:da:08:bf: + b6:eb:b4:b5:0c:a0:e7:f6:47:59:1c:61:cf:2e:0e:58:a4:82: + ac:0f:3f:ec:c4:ae:80:f7:b0:8a:1e:85:41:e8:ff:fe:fe:4f: + 1a:24:d5:49:fa:fb:fe:5e:e5:d3:91:0e:4f:4e:0c:21:51:71: + 83:04:6b:62:7b:4f:59:76:48:81:1e:b4:f7:04:47:8a:91:57: + a3:11:a9:f2:20:b4:78:33:62:3d:b0:5e:0d:f9:86:38:82:da: + a1:98:8d:19:06:87:21:39:b7:02:f7:da:7d:58:ba:52:15:d8: + 3b:c9:7b:58:34:a0:c7:e2:7c:a9:83:13:e1:b6:ec:01:bf:52: + 33:0b:c4:fe:43:d3:c6:a4:8e:2f:87:7f:7a:44:ea:ca:53:6c: + 85:ed:65:76:73:31:03:4e:ea:bd:35:54:13:f3:64:87:6b:df: + 34:dd:34:a1:88:3b:db:4d:af:1b:64:90:92:71:30:8e:c8:cc: + e5:60:24:af:31:16:39:33:91:50:f9:ab:68:42:74:7a:35:d9: + dd:c8:c4:52 -----BEGIN CERTIFICATE----- -MIIEqjCCA5KgAwIBAgIJAJyG3FynczWDMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD +MIIEqjCCA5KgAwIBAgIJAIb/9Y4Q3rj7MA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3 dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAe -Fw0xNzAzMTAyMDM3MjJaFw0xOTEyMDUyMDM3MjJaMIGUMQswCQYDVQQGEwJVUzEQ +Fw0xODA0MTMxNTIzMDlaFw0yMTAxMDcxNTIzMDlaMIGUMQswCQYDVQQGEwJVUzEQ MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3 dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZI @@ -172,11 +172,11 @@ XDjNdyXvvYB1U5Q8PcpjW58VtdMdEy8Z0TzbdjrMuH3J5cLX2kBv2CHccxtCLVOc J45nEXTDJh0/7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYD VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290 aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t -MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkAnIbcXKdzNYMwDAYD -VR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAEGt1KWUXfniuhS63pFCYaXT5 -UKGOLJ+wQ2ah4EIyOBVfLszMxLl8tcK8WSRJF60c5G7ccOOT/GndBHtB3QjwE+4q -y2/Pr9SWPERQKUVgic3sX8G7sANhdLMprd/pfNnyGCJF5z3UcjcstBh9NMpVAA2J -0Pc+gU3aAkwrpmFLv7HscxFqU6MKDyAEXRdnsaaiN6j16nhtAItkFmIKb0SUFZ5N -FQwz8Lqd4r5pbxKfaZU5upeew68irfLyO2eBGpnSAomGbY+SmDLdwfouOAMu/AKl -57jclDuIFUoJgJhhtF4HtYdX9KCRXH6J9YkW8noVUhtVJnxZ0tAj4w4SsZn5aw== +MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkAhv/1jhDeuPswDAYD +VR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAniiIcgDK5ueXysHxH54SsrjH +Ueoo4Ta1LeYvCCPLqUqHJcZdiUXq9QCYrHb7G6/wzmSe2gi/tuu0tQyg5/ZHWRxh +zy4OWKSCrA8/7MSugPewih6FQej//v5PGiTVSfr7/l7l05EOT04MIVFxgwRrYntP +WXZIgR609wRHipFXoxGp8iC0eDNiPbBeDfmGOILaoZiNGQaHITm3AvfafVi6UhXY +O8l7WDSgx+J8qYMT4bbsAb9SMwvE/kPTxqSOL4d/ekTqylNshe1ldnMxA07qvTVU +E/Nkh2vfNN00oYg7202vG2SQknEwjsjM5WAkrzEWOTORUPmraEJ0ejXZ3cjEUg== -----END CERTIFICATE----- diff --git a/tests/api.c b/tests/api.c index 92fda88e7..aed001787 100644 --- a/tests/api.c +++ b/tests/api.c @@ -15051,7 +15051,7 @@ static void test_wolfSSL_ASN1_TIME_print() sizeof_client_cert_der_2048, WOLFSSL_FILETYPE_ASN1)); AssertIntEQ(ASN1_TIME_print(bio, X509_get_notBefore(x509)), 1); AssertIntEQ(BIO_read(bio, buf, sizeof(buf)), 24); - AssertIntEQ(XMEMCMP(buf, "Aug 11 20:07:37 2016 GMT", sizeof(buf) - 1), 0); + AssertIntEQ(XMEMCMP(buf, "Apr 13 15:23:09 2018 GMT", sizeof(buf) - 1), 0); /* create a bad time and test results */ AssertNotNull(t = X509_get_notAfter(x509)); diff --git a/wolfssl/certs_test.h b/wolfssl/certs_test.h index 28c91dbcf..7a7eec70a 100644 --- a/wolfssl/certs_test.h +++ b/wolfssl/certs_test.h @@ -99,8 +99,8 @@ static const int sizeof_client_keypub_der_1024 = sizeof(client_keypub_der_1024); static const unsigned char client_cert_der_1024[] = { 0x30, 0x82, 0x03, 0xC5, 0x30, 0x82, 0x03, 0x2E, 0xA0, 0x03, - 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xF3, 0x63, 0xB8, 0x35, - 0x1D, 0x0A, 0xD8, 0xD9, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, + 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xBB, 0xD3, 0x10, 0x03, + 0xE6, 0x9D, 0x28, 0x03, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, @@ -118,10 +118,10 @@ static const unsigned char client_cert_der_1024[] = 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, - 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x36, 0x30, 0x38, 0x31, 0x31, - 0x32, 0x30, 0x30, 0x37, 0x33, 0x37, 0x5A, 0x17, 0x0D, 0x31, - 0x39, 0x30, 0x35, 0x30, 0x38, 0x32, 0x30, 0x30, 0x37, 0x33, - 0x37, 0x5A, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06, + 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x38, 0x30, 0x34, 0x31, 0x33, + 0x31, 0x35, 0x32, 0x33, 0x30, 0x39, 0x5A, 0x17, 0x0D, 0x32, + 0x31, 0x30, 0x31, 0x30, 0x37, 0x31, 0x35, 0x32, 0x33, 0x30, + 0x39, 0x5A, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, @@ -178,23 +178,23 @@ static const unsigned char client_cert_der_1024[] = 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x09, 0x00, - 0xF3, 0x63, 0xB8, 0x35, 0x1D, 0x0A, 0xD8, 0xD9, 0x30, 0x0C, + 0xBB, 0xD3, 0x10, 0x03, 0xE6, 0x9D, 0x28, 0x03, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, 0x81, 0x81, - 0x00, 0x31, 0x5E, 0xC5, 0x8C, 0x6F, 0xB7, 0xC5, 0x47, 0x1B, - 0x51, 0x5F, 0x99, 0x91, 0xA1, 0x23, 0x45, 0x3C, 0x36, 0x59, - 0x20, 0xFE, 0x90, 0x46, 0x95, 0x79, 0xE8, 0xB8, 0xD9, 0xDB, - 0x44, 0x7F, 0x63, 0x42, 0x71, 0x59, 0xD5, 0x59, 0xA5, 0x3C, - 0xD3, 0x43, 0x83, 0xA0, 0x7D, 0x1E, 0x56, 0x36, 0x02, 0x92, - 0xE2, 0x0A, 0x19, 0xF6, 0x97, 0xF2, 0x82, 0x12, 0xA6, 0xB2, - 0xBF, 0x3B, 0xB6, 0xB0, 0x07, 0xFC, 0x7A, 0x5B, 0x78, 0x22, - 0xA0, 0x31, 0xF4, 0x3D, 0xEB, 0x0A, 0xC5, 0xE4, 0xE5, 0xB4, - 0xC7, 0xBB, 0x4F, 0xA9, 0xB8, 0x37, 0x19, 0xBF, 0xC7, 0x64, - 0x9D, 0x74, 0x9E, 0x78, 0xDF, 0x09, 0xF5, 0xD6, 0xDD, 0xC2, - 0xFB, 0xCE, 0x94, 0xD5, 0xBF, 0x97, 0xB0, 0x76, 0xB5, 0xE9, - 0x10, 0x65, 0x6C, 0x48, 0x85, 0xC4, 0x1B, 0xFF, 0x5B, 0x64, - 0xC7, 0x11, 0x30, 0x06, 0xE4, 0x40, 0xF5, 0x90, 0x2B + 0x00, 0x84, 0x99, 0xD9, 0xE5, 0x37, 0xC4, 0x44, 0x7D, 0xCE, + 0x29, 0xB8, 0xB6, 0x80, 0x0E, 0xEA, 0xA3, 0xE2, 0xFA, 0xA2, + 0x2F, 0x5C, 0xD2, 0x4A, 0x85, 0x67, 0xB9, 0x8B, 0xFA, 0x9F, + 0x7D, 0xDA, 0x6D, 0x85, 0x2A, 0xC2, 0x20, 0xF3, 0x18, 0xC8, + 0xD4, 0x6B, 0x26, 0xB2, 0x7A, 0x68, 0xE7, 0x82, 0x52, 0x87, + 0xE7, 0x0C, 0x5B, 0x08, 0x47, 0x7A, 0x55, 0xA5, 0x0D, 0xFA, + 0x72, 0xCE, 0x6B, 0xA1, 0xB2, 0xAE, 0x5A, 0xA1, 0x63, 0xFF, + 0x68, 0xDB, 0xE5, 0x49, 0xEF, 0xF1, 0x0E, 0x98, 0x96, 0x09, + 0xB5, 0x04, 0x5F, 0xD4, 0x0A, 0x9B, 0x8A, 0xAF, 0xD2, 0x31, + 0x1F, 0x95, 0xE5, 0x0F, 0xA8, 0xCD, 0xBB, 0xA1, 0x2D, 0x64, + 0xB0, 0xB7, 0xEE, 0x47, 0xA7, 0x58, 0xD9, 0xC7, 0xDB, 0xB0, + 0x92, 0xBB, 0xAA, 0xCF, 0xB8, 0x8A, 0x04, 0x5B, 0x0F, 0x9F, + 0x3E, 0xE0, 0xD2, 0x42, 0x52, 0xBD, 0x5D, 0xA7, 0x48 }; static const int sizeof_client_cert_der_1024 = sizeof(client_cert_der_1024); @@ -408,8 +408,8 @@ static const int sizeof_ca_key_der_1024 = sizeof(ca_key_der_1024); static const unsigned char ca_cert_der_1024[] = { 0x30, 0x82, 0x03, 0xB5, 0x30, 0x82, 0x03, 0x1E, 0xA0, 0x03, - 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xB5, 0x4E, 0x78, 0x83, - 0xDD, 0xEF, 0xE7, 0x8F, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, + 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xDA, 0xFB, 0x6A, 0x0D, + 0xFE, 0xCF, 0x9B, 0x47, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x30, 0x81, 0x99, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, @@ -427,9 +427,9 @@ static const unsigned char ca_cert_der_1024[] = 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x31, - 0x36, 0x30, 0x38, 0x31, 0x31, 0x32, 0x30, 0x30, 0x37, 0x33, - 0x37, 0x5A, 0x17, 0x0D, 0x31, 0x39, 0x30, 0x35, 0x30, 0x38, - 0x32, 0x30, 0x30, 0x37, 0x33, 0x37, 0x5A, 0x30, 0x81, 0x99, + 0x38, 0x30, 0x34, 0x31, 0x33, 0x31, 0x35, 0x32, 0x33, 0x31, + 0x30, 0x5A, 0x17, 0x0D, 0x32, 0x31, 0x30, 0x31, 0x30, 0x37, + 0x31, 0x35, 0x32, 0x33, 0x31, 0x30, 0x5A, 0x30, 0x81, 0x99, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, @@ -485,24 +485,24 @@ static const unsigned char ca_cert_der_1024[] = 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, - 0x6D, 0x82, 0x09, 0x00, 0xB5, 0x4E, 0x78, 0x83, 0xDD, 0xEF, - 0xE7, 0x8F, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, + 0x6D, 0x82, 0x09, 0x00, 0xDA, 0xFB, 0x6A, 0x0D, 0xFE, 0xCF, + 0x9B, 0x47, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, - 0x00, 0x03, 0x81, 0x81, 0x00, 0x5A, 0x09, 0xC3, 0x7E, 0xD5, - 0xCD, 0x73, 0x6F, 0xD6, 0x5D, 0x1D, 0x6C, 0xA8, 0x4A, 0x12, - 0x82, 0x3D, 0xBE, 0xFE, 0x09, 0xD6, 0x02, 0x24, 0x23, 0x9A, - 0x07, 0x67, 0x4B, 0x6E, 0x60, 0xA6, 0x6D, 0x42, 0xAA, 0x86, - 0x36, 0x07, 0x20, 0xA9, 0x44, 0xB4, 0x95, 0xD6, 0x81, 0xDB, - 0x9D, 0x28, 0x13, 0x5F, 0xA9, 0x75, 0x38, 0x2D, 0x80, 0xC6, - 0x60, 0xF7, 0x4A, 0x48, 0x23, 0xC0, 0x97, 0xEE, 0xF7, 0x65, - 0x35, 0x19, 0x8D, 0x20, 0xA2, 0x00, 0x24, 0x5C, 0xD9, 0x35, - 0x22, 0x99, 0x1F, 0xDD, 0x5F, 0x0C, 0x83, 0xF8, 0xAB, 0x4D, - 0x88, 0x69, 0x6A, 0xB0, 0xF4, 0x82, 0x5C, 0x77, 0xA5, 0x50, - 0xB1, 0x09, 0xD1, 0x5D, 0x94, 0xD8, 0xB0, 0x26, 0xBF, 0xC1, - 0x55, 0x14, 0x9F, 0xE2, 0xF0, 0x2E, 0x48, 0xD1, 0x7B, 0xFC, - 0x52, 0xBF, 0xAC, 0x6D, 0x1A, 0x3A, 0xDD, 0x36, 0xEE, 0xCA, - 0x51, 0x4C, 0x1D + 0x00, 0x03, 0x81, 0x81, 0x00, 0x1D, 0x48, 0xF6, 0x40, 0x41, + 0x04, 0x06, 0xF2, 0xE4, 0x72, 0x2F, 0xEA, 0xFF, 0xC1, 0x67, + 0x6B, 0x15, 0xBB, 0x0A, 0x28, 0x23, 0x28, 0x07, 0xC6, 0xD7, + 0x13, 0x2C, 0xBE, 0x00, 0x00, 0xAC, 0x1D, 0xF7, 0xF4, 0x92, + 0xD3, 0x2B, 0xAF, 0x23, 0xEB, 0x9F, 0x1A, 0xE2, 0x11, 0x3C, + 0x2D, 0x97, 0xF2, 0x0F, 0xAC, 0xAE, 0x97, 0x86, 0x0A, 0xFB, + 0xA8, 0x4F, 0x74, 0x1B, 0xDE, 0x19, 0x51, 0xDB, 0xCD, 0xE2, + 0x11, 0x38, 0xC1, 0xA4, 0x9D, 0x56, 0xAB, 0x47, 0x5C, 0xDE, + 0xBA, 0xEB, 0x27, 0xDF, 0x6D, 0xC8, 0x7E, 0x3A, 0xBD, 0x2E, + 0x9B, 0x2A, 0xAD, 0x22, 0x3B, 0x95, 0xA9, 0xF2, 0x28, 0x03, + 0xBC, 0xE5, 0xEC, 0xCC, 0xF2, 0x08, 0xD4, 0xC8, 0x2F, 0xDB, + 0xEA, 0xFB, 0x2E, 0x52, 0x16, 0x8C, 0x42, 0x02, 0xA4, 0x59, + 0x6D, 0x4C, 0x33, 0xB4, 0x9A, 0xD2, 0x73, 0x4A, 0x1E, 0x9F, + 0xD9, 0xC8, 0x83 }; static const int sizeof_ca_cert_der_1024 = sizeof(ca_cert_der_1024); @@ -595,9 +595,9 @@ static const unsigned char server_cert_der_1024[] = 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x1E, 0x17, - 0x0D, 0x31, 0x36, 0x30, 0x38, 0x31, 0x31, 0x32, 0x30, 0x30, - 0x37, 0x33, 0x38, 0x5A, 0x17, 0x0D, 0x31, 0x39, 0x30, 0x35, - 0x30, 0x38, 0x32, 0x30, 0x30, 0x37, 0x33, 0x38, 0x5A, 0x30, + 0x0D, 0x31, 0x38, 0x30, 0x34, 0x31, 0x33, 0x31, 0x35, 0x32, + 0x33, 0x31, 0x30, 0x5A, 0x17, 0x0D, 0x32, 0x31, 0x30, 0x31, + 0x30, 0x37, 0x31, 0x35, 0x32, 0x33, 0x31, 0x30, 0x5A, 0x30, 0x81, 0x95, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, @@ -653,24 +653,24 @@ static const unsigned char server_cert_der_1024[] = 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, - 0x09, 0x00, 0xB5, 0x4E, 0x78, 0x83, 0xDD, 0xEF, 0xE7, 0x8F, + 0x09, 0x00, 0xDA, 0xFB, 0x6A, 0x0D, 0xFE, 0xCF, 0x9B, 0x47, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, - 0x81, 0x81, 0x00, 0x2C, 0xAA, 0xA2, 0x46, 0xF7, 0x79, 0xC7, - 0x7F, 0xCE, 0xEF, 0x4D, 0xE6, 0x04, 0xAA, 0x7C, 0x5C, 0x77, - 0x72, 0x55, 0x66, 0x41, 0x97, 0x7F, 0xC5, 0x6E, 0x98, 0xA0, - 0xC4, 0x10, 0xC6, 0xD6, 0x9C, 0x70, 0x0A, 0xEE, 0xBA, 0xEA, - 0x98, 0x47, 0x78, 0x6F, 0x33, 0x8F, 0x44, 0x7A, 0xD5, 0x74, - 0x8A, 0x7E, 0xAB, 0x49, 0x1D, 0xD7, 0x95, 0x12, 0x11, 0x8E, - 0xA0, 0x54, 0x5D, 0x7D, 0x0B, 0xDA, 0xC2, 0xC3, 0x01, 0x1A, - 0xE7, 0x20, 0x5E, 0x5A, 0xF7, 0x16, 0x81, 0x89, 0xB7, 0xCD, - 0xE7, 0xDC, 0x46, 0xE6, 0x5E, 0xF9, 0x1A, 0xC2, 0x40, 0xA5, - 0x59, 0xF1, 0xF5, 0xFA, 0x55, 0xDB, 0x15, 0xEA, 0x3C, 0xC6, - 0x39, 0xFD, 0xE6, 0x7B, 0x5B, 0x01, 0x5F, 0xA7, 0xC9, 0x36, - 0xA0, 0x1E, 0x73, 0x11, 0xB5, 0xD3, 0xB8, 0x3F, 0x8D, 0x88, - 0x32, 0x6A, 0xE7, 0xCD, 0xB7, 0x1D, 0x31, 0x4E, 0x49, 0xE8, - 0xB9 + 0x81, 0x81, 0x00, 0x0B, 0xC3, 0xAF, 0x43, 0x85, 0x64, 0x61, + 0xE7, 0xAB, 0x5A, 0x2A, 0x1B, 0xB2, 0x29, 0xD5, 0x66, 0x68, + 0x44, 0x1A, 0x6D, 0x66, 0xFC, 0x3D, 0xB1, 0x88, 0xEC, 0xA5, + 0x41, 0x18, 0x67, 0x62, 0x34, 0xA4, 0x5E, 0xC9, 0x69, 0xCD, + 0x40, 0xC8, 0x56, 0x7E, 0xBF, 0xEB, 0xBC, 0x61, 0x1F, 0x33, + 0x34, 0x58, 0xBE, 0x57, 0xFD, 0xE6, 0x98, 0xDD, 0x51, 0x27, + 0x7C, 0xB7, 0x2C, 0xBC, 0xC9, 0x39, 0xE5, 0xE5, 0x95, 0x82, + 0xE1, 0x3F, 0xD9, 0xB9, 0x97, 0x30, 0x4E, 0x33, 0x2C, 0xEF, + 0xF8, 0xDB, 0xB4, 0xEE, 0x35, 0x75, 0x9E, 0x7A, 0x3F, 0x22, + 0x8F, 0xA5, 0x71, 0xD4, 0x01, 0x64, 0x6C, 0xF2, 0x85, 0xF7, + 0x72, 0x99, 0x2C, 0x80, 0x0F, 0xA4, 0x31, 0x1D, 0xD4, 0x0B, + 0x1E, 0xA5, 0x0F, 0xE7, 0x53, 0x0A, 0xDE, 0x15, 0x0D, 0xB2, + 0xD0, 0x6B, 0xF4, 0xD6, 0x2F, 0xE2, 0x0B, 0xA3, 0x8A, 0x5A, + 0x6E }; static const int sizeof_server_cert_der_1024 = sizeof(server_cert_der_1024); @@ -844,8 +844,8 @@ static const int sizeof_client_keypub_der_2048 = sizeof(client_keypub_der_2048); static const unsigned char client_cert_der_2048[] = { 0x30, 0x82, 0x04, 0xCA, 0x30, 0x82, 0x03, 0xB2, 0xA0, 0x03, - 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xB9, 0xBC, 0x90, 0xED, - 0xAD, 0xAA, 0x0A, 0x8C, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, + 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xAA, 0xC4, 0xBF, 0x4C, + 0x50, 0xBD, 0x55, 0x77, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, @@ -863,10 +863,10 @@ static const unsigned char client_cert_der_2048[] = 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, - 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x36, 0x30, 0x38, 0x31, 0x31, - 0x32, 0x30, 0x30, 0x37, 0x33, 0x37, 0x5A, 0x17, 0x0D, 0x31, - 0x39, 0x30, 0x35, 0x30, 0x38, 0x32, 0x30, 0x30, 0x37, 0x33, - 0x37, 0x5A, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06, + 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x38, 0x30, 0x34, 0x31, 0x33, + 0x31, 0x35, 0x32, 0x33, 0x30, 0x39, 0x5A, 0x17, 0x0D, 0x32, + 0x31, 0x30, 0x31, 0x30, 0x37, 0x31, 0x35, 0x32, 0x33, 0x30, + 0x39, 0x5A, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, @@ -936,36 +936,36 @@ static const unsigned char client_cert_der_2048[] = 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, - 0x09, 0x00, 0xB9, 0xBC, 0x90, 0xED, 0xAD, 0xAA, 0x0A, 0x8C, + 0x09, 0x00, 0xAA, 0xC4, 0xBF, 0x4C, 0x50, 0xBD, 0x55, 0x77, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, - 0x82, 0x01, 0x01, 0x00, 0x33, 0x85, 0x08, 0xB4, 0x58, 0x0E, - 0xA2, 0x00, 0x03, 0x74, 0xDE, 0x77, 0xFB, 0xD1, 0x2B, 0x76, - 0x9C, 0x97, 0x90, 0x20, 0x21, 0xA2, 0xE8, 0x2E, 0x22, 0x50, - 0x26, 0x04, 0x76, 0xBA, 0x5B, 0x47, 0x79, 0xE5, 0x52, 0xF7, - 0xC4, 0x0D, 0x79, 0xFF, 0x62, 0x3F, 0x05, 0x7C, 0xC3, 0x08, - 0x6C, 0xE0, 0xB7, 0x81, 0xD0, 0xCE, 0xC6, 0xC9, 0x46, 0xB9, - 0x8E, 0x4B, 0x5F, 0x56, 0x79, 0x4B, 0x13, 0xB6, 0xD1, 0x6B, - 0x66, 0x4B, 0xCE, 0x00, 0x0D, 0xE3, 0x76, 0x5E, 0xFB, 0xCB, - 0xB5, 0x5D, 0x12, 0x31, 0x05, 0xF1, 0xBB, 0x39, 0xF6, 0x86, - 0x90, 0xCA, 0x92, 0x56, 0xA4, 0xA0, 0x75, 0x21, 0xB6, 0x1D, - 0x4C, 0x96, 0xC3, 0x45, 0xEB, 0x5A, 0x91, 0x94, 0x32, 0xD3, - 0x59, 0xB8, 0xC9, 0x73, 0x1F, 0x03, 0xA9, 0x81, 0x63, 0xE0, - 0x43, 0xC0, 0x1E, 0xC8, 0x65, 0xBE, 0x3B, 0xA7, 0x53, 0xC3, - 0x44, 0xFF, 0xB3, 0xFB, 0x47, 0x84, 0xA8, 0xB6, 0x9D, 0x00, - 0xD5, 0x6B, 0xAE, 0x87, 0xF8, 0xBB, 0x35, 0xB2, 0x6C, 0x66, - 0x0B, 0x11, 0xEE, 0x6F, 0xFE, 0x12, 0xED, 0x59, 0x79, 0xF1, - 0x3E, 0xF2, 0xD3, 0x61, 0x27, 0x8B, 0x95, 0x7E, 0x99, 0x75, - 0x8D, 0xA4, 0x9F, 0x34, 0x85, 0xF1, 0x25, 0x4D, 0x48, 0x1E, - 0x9B, 0x6B, 0x70, 0xF6, 0x66, 0xCC, 0x56, 0xB1, 0xA3, 0x02, - 0x52, 0x8A, 0x7C, 0xAA, 0xAF, 0x07, 0xDA, 0x97, 0xC6, 0x0C, - 0xA5, 0x8F, 0xED, 0xCB, 0xF5, 0xD8, 0x04, 0x5D, 0x97, 0x0A, - 0x5D, 0x5A, 0x2B, 0x49, 0xF5, 0xBD, 0x93, 0xE5, 0x23, 0x9B, - 0x99, 0xB5, 0x0C, 0xFF, 0x0C, 0x7E, 0x38, 0x82, 0xB2, 0x6E, - 0xAB, 0x8A, 0xC9, 0xA7, 0x45, 0xAB, 0xD6, 0xD7, 0x93, 0x35, - 0x70, 0x07, 0x7E, 0xC8, 0x3D, 0xA5, 0xFE, 0x33, 0x8F, 0xD9, - 0x85, 0xC0, 0xC7, 0x5A, 0x02, 0xE4, 0x7C, 0xD6, 0x35, 0x9E + 0x82, 0x01, 0x01, 0x00, 0x80, 0x52, 0x54, 0x61, 0x2A, 0x77, + 0x80, 0x53, 0x44, 0xA9, 0x80, 0x6D, 0x45, 0xFF, 0x0D, 0x25, + 0x7D, 0x1A, 0x8F, 0x23, 0x93, 0x53, 0x74, 0x35, 0x12, 0x6F, + 0xF0, 0x2E, 0x20, 0xEA, 0xED, 0x80, 0x63, 0x69, 0x88, 0xE6, + 0x0C, 0xA1, 0x49, 0x30, 0xE0, 0x82, 0xDB, 0x68, 0x0F, 0x7E, + 0x84, 0xAC, 0xFF, 0xFF, 0x7B, 0x42, 0xFA, 0x7E, 0x2F, 0xB2, + 0x52, 0x9F, 0xD2, 0x79, 0x5E, 0x35, 0x12, 0x27, 0x36, 0xBC, + 0xDF, 0x96, 0x58, 0x44, 0x96, 0x55, 0xC8, 0x4A, 0x94, 0x02, + 0x5F, 0x4A, 0x9D, 0xDC, 0xD3, 0x3A, 0xF7, 0x6D, 0xAC, 0x8B, + 0x79, 0x6E, 0xFC, 0xBE, 0x8F, 0x23, 0x58, 0x6A, 0x8A, 0xF5, + 0x38, 0x0A, 0x42, 0xF6, 0x98, 0x74, 0x88, 0x53, 0x2E, 0x02, + 0xAF, 0xE1, 0x0E, 0xBE, 0x6F, 0xCC, 0x74, 0x33, 0x7C, 0xEC, + 0xB4, 0xCB, 0xA7, 0x49, 0x6D, 0x82, 0x42, 0x4F, 0xEB, 0x73, + 0x29, 0xC3, 0x32, 0x00, 0x2B, 0x15, 0xF8, 0x88, 0x7A, 0x8F, + 0x6D, 0x20, 0x1B, 0xAE, 0x65, 0x5F, 0xC5, 0xD0, 0x8A, 0xD1, + 0xE2, 0x64, 0x6D, 0xA3, 0xA8, 0xFE, 0x64, 0xE1, 0xA9, 0x5B, + 0xE6, 0xD0, 0x23, 0xD6, 0x02, 0x72, 0x5A, 0xEC, 0x03, 0x8E, + 0x87, 0x67, 0x19, 0x8D, 0xE4, 0xA8, 0x99, 0x15, 0xC1, 0x3D, + 0x91, 0x48, 0x99, 0x8D, 0xFE, 0xAE, 0x1C, 0xBF, 0xF6, 0x28, + 0x1B, 0x45, 0xBE, 0xAD, 0xEF, 0x72, 0x83, 0x9A, 0xF6, 0xC7, + 0x3B, 0x51, 0xA3, 0x6E, 0x7A, 0x73, 0xBD, 0x83, 0xAA, 0x97, + 0xFD, 0x63, 0xB4, 0xF4, 0x6B, 0x1C, 0x14, 0x81, 0x9A, 0xEF, + 0x14, 0x24, 0xD3, 0xE1, 0x8B, 0xF4, 0x04, 0x04, 0x84, 0x54, + 0x0F, 0x61, 0xA2, 0xA8, 0xF2, 0x50, 0x37, 0x0C, 0x17, 0x0C, + 0xBC, 0xE0, 0xC2, 0x84, 0x85, 0xF4, 0x0B, 0xAE, 0x00, 0xCA, + 0x9F, 0x27, 0xE2, 0x44, 0x4F, 0x15, 0x0B, 0x8B, 0x1D, 0xB4 }; static const int sizeof_client_cert_der_2048 = sizeof(client_cert_der_2048); @@ -1349,8 +1349,8 @@ static const int sizeof_ca_key_der_2048 = sizeof(ca_key_der_2048); static const unsigned char ca_cert_der_2048[] = { 0x30, 0x82, 0x04, 0xAA, 0x30, 0x82, 0x03, 0x92, 0xA0, 0x03, - 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xB7, 0xB6, 0x90, 0x33, - 0x66, 0x1B, 0x6B, 0x23, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, + 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0x86, 0xFF, 0xF5, 0x8E, + 0x10, 0xDE, 0xB8, 0xFB, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, @@ -1367,10 +1367,10 @@ static const unsigned char ca_cert_der_2048[] = 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, - 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x36, 0x30, 0x38, 0x31, 0x31, - 0x32, 0x30, 0x30, 0x37, 0x33, 0x37, 0x5A, 0x17, 0x0D, 0x31, - 0x39, 0x30, 0x35, 0x30, 0x38, 0x32, 0x30, 0x30, 0x37, 0x33, - 0x37, 0x5A, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06, + 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x38, 0x30, 0x34, 0x31, 0x33, + 0x31, 0x35, 0x32, 0x33, 0x30, 0x39, 0x5A, 0x17, 0x0D, 0x32, + 0x31, 0x30, 0x31, 0x30, 0x37, 0x31, 0x35, 0x32, 0x33, 0x30, + 0x39, 0x5A, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, @@ -1438,36 +1438,36 @@ static const unsigned char ca_cert_der_2048[] = 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x09, 0x00, - 0xB7, 0xB6, 0x90, 0x33, 0x66, 0x1B, 0x6B, 0x23, 0x30, 0x0C, + 0x86, 0xFF, 0xF5, 0x8E, 0x10, 0xDE, 0xB8, 0xFB, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, 0x82, 0x01, - 0x01, 0x00, 0x0E, 0x93, 0x48, 0x44, 0x4A, 0x72, 0x96, 0x60, - 0x71, 0x25, 0x82, 0xA9, 0x2C, 0xCA, 0x60, 0x5B, 0xF2, 0x88, - 0x3E, 0xCF, 0x11, 0x74, 0x5A, 0x11, 0x4A, 0xDC, 0xD9, 0xD8, - 0xF6, 0x58, 0x2C, 0x05, 0xD3, 0x56, 0xD9, 0xE9, 0x8F, 0x37, - 0xEF, 0x8E, 0x3E, 0x3B, 0xFF, 0x22, 0x36, 0x00, 0xCA, 0xD8, - 0xE2, 0x96, 0x3F, 0xA7, 0xD1, 0xED, 0x1F, 0xDE, 0x7A, 0xB0, - 0xD7, 0x8F, 0x36, 0xBD, 0x41, 0x55, 0x1E, 0xD4, 0xB9, 0x86, - 0x3B, 0x87, 0x25, 0x69, 0x35, 0x60, 0x48, 0xD6, 0xE4, 0x5A, - 0x94, 0xCE, 0xA2, 0xFA, 0x70, 0x38, 0x36, 0xC4, 0x85, 0xB4, - 0x4B, 0x23, 0xFE, 0x71, 0x9E, 0x2F, 0xDB, 0x06, 0xC7, 0xB5, - 0x9C, 0x21, 0xF0, 0x3E, 0x7C, 0xEB, 0x91, 0xF8, 0x5C, 0x09, - 0xFD, 0x84, 0x43, 0xA4, 0xB3, 0x4E, 0x04, 0x0C, 0x22, 0x31, - 0x71, 0x6A, 0x48, 0xC8, 0xAB, 0xBB, 0xE8, 0xCE, 0xFA, 0x67, - 0x15, 0x1A, 0x3A, 0x82, 0x98, 0x43, 0x33, 0xB5, 0x0E, 0x1F, - 0x1E, 0x89, 0xF8, 0x37, 0xDE, 0x1B, 0xE6, 0xB5, 0xA0, 0xF4, - 0xA2, 0x8B, 0xB7, 0x1C, 0x90, 0xBA, 0x98, 0x6D, 0x94, 0x21, - 0x08, 0x80, 0x5D, 0xF3, 0xBF, 0x66, 0xAD, 0xC9, 0x72, 0x28, - 0x7A, 0x6A, 0x48, 0xEE, 0xCF, 0x63, 0x69, 0x31, 0x8C, 0xC5, - 0x8E, 0x66, 0xDA, 0x4B, 0x78, 0x65, 0xE8, 0x03, 0x3A, 0x4B, - 0xF8, 0xCC, 0x42, 0x54, 0xD3, 0x52, 0x5C, 0x2D, 0x04, 0xAE, - 0x26, 0x87, 0xE1, 0x7E, 0x40, 0xCB, 0x45, 0x41, 0x16, 0x4B, - 0x6E, 0xA3, 0x2E, 0x4A, 0x76, 0xBD, 0x29, 0x7F, 0x1C, 0x53, - 0x37, 0x06, 0xAD, 0xE9, 0x5B, 0x6A, 0xD6, 0xB7, 0x4E, 0x94, - 0xA2, 0x7C, 0xE8, 0xAC, 0x4E, 0xA6, 0x50, 0x3E, 0x2B, 0x32, - 0x9E, 0x68, 0x42, 0x1B, 0xE4, 0x59, 0x67, 0x61, 0xEA, 0xC7, - 0x9A, 0x51, 0x9C, 0x1C, 0x55, 0xA3, 0x77, 0x76 + 0x01, 0x00, 0x9E, 0x28, 0x88, 0x72, 0x00, 0xCA, 0xE6, 0xE7, + 0x97, 0xCA, 0xC1, 0xF1, 0x1F, 0x9E, 0x12, 0xB2, 0xB8, 0xC7, + 0x51, 0xEA, 0x28, 0xE1, 0x36, 0xB5, 0x2D, 0xE6, 0x2F, 0x08, + 0x23, 0xCB, 0xA9, 0x4A, 0x87, 0x25, 0xC6, 0x5D, 0x89, 0x45, + 0xEA, 0xF5, 0x00, 0x98, 0xAC, 0x76, 0xFB, 0x1B, 0xAF, 0xF0, + 0xCE, 0x64, 0x9E, 0xDA, 0x08, 0xBF, 0xB6, 0xEB, 0xB4, 0xB5, + 0x0C, 0xA0, 0xE7, 0xF6, 0x47, 0x59, 0x1C, 0x61, 0xCF, 0x2E, + 0x0E, 0x58, 0xA4, 0x82, 0xAC, 0x0F, 0x3F, 0xEC, 0xC4, 0xAE, + 0x80, 0xF7, 0xB0, 0x8A, 0x1E, 0x85, 0x41, 0xE8, 0xFF, 0xFE, + 0xFE, 0x4F, 0x1A, 0x24, 0xD5, 0x49, 0xFA, 0xFB, 0xFE, 0x5E, + 0xE5, 0xD3, 0x91, 0x0E, 0x4F, 0x4E, 0x0C, 0x21, 0x51, 0x71, + 0x83, 0x04, 0x6B, 0x62, 0x7B, 0x4F, 0x59, 0x76, 0x48, 0x81, + 0x1E, 0xB4, 0xF7, 0x04, 0x47, 0x8A, 0x91, 0x57, 0xA3, 0x11, + 0xA9, 0xF2, 0x20, 0xB4, 0x78, 0x33, 0x62, 0x3D, 0xB0, 0x5E, + 0x0D, 0xF9, 0x86, 0x38, 0x82, 0xDA, 0xA1, 0x98, 0x8D, 0x19, + 0x06, 0x87, 0x21, 0x39, 0xB7, 0x02, 0xF7, 0xDA, 0x7D, 0x58, + 0xBA, 0x52, 0x15, 0xD8, 0x3B, 0xC9, 0x7B, 0x58, 0x34, 0xA0, + 0xC7, 0xE2, 0x7C, 0xA9, 0x83, 0x13, 0xE1, 0xB6, 0xEC, 0x01, + 0xBF, 0x52, 0x33, 0x0B, 0xC4, 0xFE, 0x43, 0xD3, 0xC6, 0xA4, + 0x8E, 0x2F, 0x87, 0x7F, 0x7A, 0x44, 0xEA, 0xCA, 0x53, 0x6C, + 0x85, 0xED, 0x65, 0x76, 0x73, 0x31, 0x03, 0x4E, 0xEA, 0xBD, + 0x35, 0x54, 0x13, 0xF3, 0x64, 0x87, 0x6B, 0xDF, 0x34, 0xDD, + 0x34, 0xA1, 0x88, 0x3B, 0xDB, 0x4D, 0xAF, 0x1B, 0x64, 0x90, + 0x92, 0x71, 0x30, 0x8E, 0xC8, 0xCC, 0xE5, 0x60, 0x24, 0xAF, + 0x31, 0x16, 0x39, 0x33, 0x91, 0x50, 0xF9, 0xAB, 0x68, 0x42, + 0x74, 0x7A, 0x35, 0xD9, 0xDD, 0xC8, 0xC4, 0x52 }; static const int sizeof_ca_cert_der_2048 = sizeof(ca_cert_der_2048); @@ -1618,10 +1618,10 @@ static const unsigned char server_cert_der_2048[] = 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, - 0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x36, 0x30, 0x38, - 0x31, 0x31, 0x32, 0x30, 0x30, 0x37, 0x33, 0x37, 0x5A, 0x17, - 0x0D, 0x31, 0x39, 0x30, 0x35, 0x30, 0x38, 0x32, 0x30, 0x30, - 0x37, 0x33, 0x37, 0x5A, 0x30, 0x81, 0x90, 0x31, 0x0B, 0x30, + 0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x38, 0x30, 0x34, + 0x31, 0x33, 0x31, 0x35, 0x32, 0x33, 0x31, 0x30, 0x5A, 0x17, + 0x0D, 0x32, 0x31, 0x30, 0x31, 0x30, 0x37, 0x31, 0x35, 0x32, + 0x33, 0x31, 0x30, 0x5A, 0x30, 0x81, 0x90, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, @@ -1688,37 +1688,37 @@ static const unsigned char server_cert_der_2048[] = 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, - 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x09, 0x00, 0xB7, 0xB6, - 0x90, 0x33, 0x66, 0x1B, 0x6B, 0x23, 0x30, 0x0C, 0x06, 0x03, + 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x09, 0x00, 0x86, 0xFF, + 0xF5, 0x8E, 0x10, 0xDE, 0xB8, 0xFB, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, - 0x51, 0xFE, 0x2A, 0xDF, 0x07, 0x7E, 0x43, 0xCA, 0x66, 0x8D, - 0x15, 0xC4, 0x2B, 0xDB, 0x57, 0xB2, 0x06, 0x6D, 0x0D, 0x90, - 0x66, 0xFF, 0xA5, 0x24, 0x9C, 0x14, 0xEF, 0x81, 0xF2, 0xA4, - 0xAB, 0x99, 0xA9, 0x6A, 0x49, 0x20, 0xA5, 0xD2, 0x71, 0xE7, - 0x1C, 0x3C, 0x99, 0x07, 0xC7, 0x47, 0xFC, 0xE8, 0x96, 0xB4, - 0xF5, 0x42, 0x30, 0xCE, 0x39, 0x01, 0x4B, 0xD1, 0xC2, 0xE8, - 0xBC, 0x95, 0x84, 0x87, 0xCE, 0x55, 0x5D, 0x97, 0x9F, 0xCF, - 0x78, 0xF3, 0x56, 0x9B, 0xA5, 0x08, 0x6D, 0xAC, 0xF6, 0xA5, - 0x5C, 0xC4, 0xEF, 0x3E, 0x2A, 0x39, 0xA6, 0x48, 0x26, 0x29, - 0x7B, 0x2D, 0xE0, 0xCD, 0xA6, 0x8C, 0x57, 0x48, 0x0B, 0xBB, - 0x31, 0x32, 0xC2, 0xBF, 0xD9, 0x43, 0x4C, 0x47, 0x25, 0x18, - 0x81, 0xA8, 0xC9, 0x33, 0x82, 0x41, 0x9B, 0xBA, 0x61, 0x86, - 0xD7, 0x84, 0x93, 0x17, 0x24, 0x25, 0x36, 0xCA, 0x4D, 0x63, - 0x6B, 0x4F, 0x95, 0x79, 0xD8, 0x60, 0xE0, 0x1E, 0xF5, 0xAC, - 0xC1, 0x8A, 0xA1, 0xB1, 0x7E, 0x85, 0x8E, 0x87, 0x20, 0x2F, - 0x08, 0x31, 0xAD, 0x5E, 0xC6, 0x4A, 0xC8, 0x61, 0xF4, 0x9E, - 0x07, 0x1E, 0xA2, 0x22, 0xED, 0x73, 0x7C, 0x85, 0xEE, 0xFA, - 0x62, 0xDC, 0x50, 0x36, 0xAA, 0xFD, 0xC7, 0x9D, 0xAA, 0x18, - 0x04, 0xFB, 0xEA, 0xCC, 0x2C, 0x68, 0x9B, 0xB3, 0xA9, 0xC2, - 0x96, 0xD8, 0xC1, 0xCC, 0x5A, 0x7E, 0xF7, 0x0D, 0x9E, 0x08, - 0xE0, 0x9D, 0x29, 0x8B, 0x84, 0x46, 0x8F, 0xD3, 0x91, 0x6A, - 0xB5, 0xB8, 0x7A, 0x5C, 0xCC, 0x4F, 0x55, 0x01, 0xB8, 0x9A, - 0x48, 0xA0, 0x94, 0x43, 0xCA, 0x25, 0x47, 0x52, 0x0A, 0xF7, - 0xF4, 0xBE, 0xB0, 0xD1, 0x71, 0x6D, 0xA5, 0x52, 0x4A, 0x65, - 0x50, 0xB2, 0xAD, 0x4E, 0x1D, 0xE0, 0x6C, 0x01, 0xD8, 0xFB, - 0x43, 0x80, 0xE6, 0xE4, 0x0C, 0x37 + 0xB4, 0x54, 0x60, 0xAD, 0xA0, 0x03, 0x32, 0xDE, 0x02, 0x7F, + 0x21, 0x4A, 0x81, 0xC6, 0xED, 0xCD, 0xCD, 0xD8, 0x12, 0x8A, + 0xC0, 0xBA, 0x82, 0x5B, 0x75, 0xAD, 0x54, 0xE3, 0x7C, 0x80, + 0x6A, 0xAC, 0x2E, 0x6C, 0x20, 0x4E, 0xBE, 0x4D, 0x82, 0xA7, + 0x47, 0x13, 0x5C, 0xF4, 0xC6, 0x6A, 0x2B, 0x10, 0x99, 0x58, + 0xDE, 0xAB, 0x6B, 0x7C, 0x22, 0x05, 0xC1, 0x83, 0x9D, 0xCB, + 0xFF, 0x3C, 0xE4, 0x2D, 0x57, 0x6A, 0xA6, 0x96, 0xDF, 0xD3, + 0xC1, 0x68, 0xE3, 0xD2, 0xC6, 0x83, 0x4B, 0x97, 0xE2, 0xC6, + 0x32, 0x0E, 0xBE, 0xC4, 0x03, 0xB9, 0x07, 0x8A, 0x5B, 0xB8, + 0x84, 0xBA, 0xC5, 0x39, 0x3F, 0x1C, 0x58, 0xA7, 0x55, 0xD7, + 0xF0, 0x9B, 0xE8, 0xD2, 0x45, 0xB9, 0xE3, 0x83, 0x2E, 0xEE, + 0xB6, 0x71, 0x56, 0xB9, 0x3A, 0xEE, 0x3F, 0x27, 0xD8, 0x77, + 0xE8, 0xFB, 0x44, 0x48, 0x65, 0x27, 0x47, 0x4C, 0xFB, 0xFE, + 0x72, 0xC3, 0xAC, 0x05, 0x7B, 0x1D, 0xCB, 0xEB, 0x5E, 0x65, + 0x9A, 0xAB, 0x02, 0xE4, 0x88, 0x5B, 0x3B, 0x8B, 0x0B, 0xC7, + 0xCC, 0xA9, 0xA6, 0x8B, 0xE1, 0x87, 0xB0, 0x19, 0x1A, 0x0C, + 0x28, 0x58, 0x6F, 0x99, 0x52, 0x7E, 0xED, 0xB0, 0x3A, 0x68, + 0x3B, 0x8C, 0x0A, 0x08, 0x74, 0x72, 0xAB, 0xB9, 0x09, 0xC5, + 0xED, 0x04, 0x7E, 0x6F, 0x0B, 0x1C, 0x09, 0x21, 0xD0, 0xCD, + 0x7F, 0xF9, 0xC4, 0x5E, 0x27, 0x20, 0xE4, 0x85, 0x73, 0x52, + 0x05, 0xD2, 0xBA, 0xF8, 0xD5, 0x8F, 0x41, 0xCC, 0x23, 0x2E, + 0x12, 0x6D, 0xBC, 0x31, 0x98, 0xE7, 0x63, 0xA3, 0x8E, 0x26, + 0xCD, 0xE8, 0x2B, 0x88, 0xEE, 0xE2, 0xFE, 0x3A, 0x74, 0x52, + 0x34, 0x0E, 0xFD, 0x12, 0xE5, 0x5E, 0x69, 0x50, 0x20, 0x31, + 0x34, 0xE4, 0x31, 0xF1, 0xE7, 0xE4, 0x5B, 0x03, 0x13, 0xDA, + 0xAC, 0x41, 0x6C, 0xE7, 0xCF, 0x2B }; static const int sizeof_server_cert_der_2048 = sizeof(server_cert_der_2048); @@ -1764,9 +1764,9 @@ static const int sizeof_ecc_clikeypub_der_256 = sizeof(ecc_clikeypub_der_256); /* ./certs/client-ecc-cert.der, ECC */ static const unsigned char cliecc_cert_der_256[] = { - 0x30, 0x82, 0x03, 0x09, 0x30, 0x82, 0x02, 0xAF, 0xA0, 0x03, - 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xE7, 0x72, 0xA6, 0x9E, - 0x13, 0x1D, 0x17, 0x5C, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, + 0x30, 0x82, 0x03, 0x08, 0x30, 0x82, 0x02, 0xAF, 0xA0, 0x03, + 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0x93, 0xBF, 0x6A, 0xDE, + 0x9B, 0x41, 0x9D, 0xAD, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x30, 0x81, 0x8D, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x0F, 0x30, 0x0D, 0x06, 0x03, 0x55, 0x04, @@ -1782,10 +1782,10 @@ static const unsigned char cliecc_cert_der_256[] = 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, - 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x36, 0x30, 0x38, 0x31, 0x31, - 0x32, 0x30, 0x30, 0x37, 0x33, 0x38, 0x5A, 0x17, 0x0D, 0x31, - 0x39, 0x30, 0x35, 0x30, 0x38, 0x32, 0x30, 0x30, 0x37, 0x33, - 0x38, 0x5A, 0x30, 0x81, 0x8D, 0x31, 0x0B, 0x30, 0x09, 0x06, + 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x38, 0x30, 0x34, 0x31, 0x33, + 0x31, 0x35, 0x32, 0x33, 0x31, 0x30, 0x5A, 0x17, 0x0D, 0x32, + 0x31, 0x30, 0x31, 0x30, 0x37, 0x31, 0x35, 0x32, 0x33, 0x31, + 0x30, 0x5A, 0x30, 0x81, 0x8D, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x0F, 0x30, 0x0D, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x06, 0x4F, 0x72, 0x65, 0x67, 0x6F, 0x6E, 0x31, 0x0E, 0x30, 0x0C, 0x06, @@ -1831,18 +1831,18 @@ static const unsigned char cliecc_cert_der_256[] = 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, - 0x82, 0x09, 0x00, 0xE7, 0x72, 0xA6, 0x9E, 0x13, 0x1D, 0x17, - 0x5C, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, + 0x82, 0x09, 0x00, 0x93, 0xBF, 0x6A, 0xDE, 0x9B, 0x41, 0x9D, + 0xAD, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x0A, 0x06, 0x08, 0x2A, - 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x03, 0x48, 0x00, - 0x30, 0x45, 0x02, 0x20, 0x43, 0x9A, 0xB6, 0x7E, 0x87, 0x8E, - 0x8C, 0xD7, 0x16, 0xF1, 0x0D, 0xD2, 0x50, 0x11, 0xA4, 0xAC, - 0xB6, 0xAC, 0x07, 0xEF, 0xE9, 0x60, 0xE1, 0x90, 0xA2, 0x5F, - 0xC9, 0x76, 0xE6, 0x54, 0x1A, 0x81, 0x02, 0x21, 0x00, 0xD6, - 0x8B, 0x7C, 0xBA, 0x53, 0x12, 0x05, 0x06, 0xFA, 0x8F, 0xC5, - 0xC7, 0x58, 0xC3, 0x9A, 0x9F, 0xA1, 0x84, 0x8C, 0xB4, 0x88, - 0x83, 0x4D, 0x6A, 0xB4, 0xB7, 0x85, 0x7A, 0xB3, 0x3C, 0xF3, - 0xDF + 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x03, 0x47, 0x00, + 0x30, 0x44, 0x02, 0x20, 0x61, 0xBC, 0x9D, 0x4D, 0x88, 0x64, + 0x86, 0xB8, 0x71, 0xAA, 0x35, 0x59, 0x68, 0xB8, 0xEE, 0x2C, + 0xF3, 0x23, 0xB5, 0x1A, 0xB9, 0xBA, 0x41, 0x50, 0xA8, 0xC6, + 0xC3, 0x58, 0xEB, 0x58, 0xBD, 0x60, 0x02, 0x20, 0x61, 0xAA, + 0xEB, 0xB5, 0x73, 0x0D, 0x01, 0xDB, 0x69, 0x8F, 0x52, 0xF5, + 0x72, 0x6D, 0x37, 0x42, 0xB5, 0xFD, 0x94, 0xB6, 0x6E, 0xB1, + 0xC4, 0x25, 0x2E, 0x96, 0x96, 0xF3, 0x39, 0xB2, 0x5D, 0xEA + }; static const int sizeof_cliecc_cert_der_256 = sizeof(cliecc_cert_der_256); @@ -1884,9 +1884,9 @@ static const int sizeof_ecc_key_pub_der_256 = sizeof(ecc_key_pub_der_256); /* ./certs/server-ecc-comp.der, ECC */ static const unsigned char serv_ecc_comp_der_256[] = { - 0x30, 0x82, 0x03, 0x24, 0x30, 0x82, 0x02, 0xCA, 0xA0, 0x03, - 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xC3, 0xCD, 0xC5, 0xE4, - 0x24, 0x18, 0x70, 0xCA, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, + 0x30, 0x82, 0x03, 0x23, 0x30, 0x82, 0x02, 0xCA, 0xA0, 0x03, + 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0x80, 0x78, 0xC9, 0xB7, + 0x06, 0x5A, 0xC5, 0x83, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x30, 0x81, 0xA0, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, @@ -1904,9 +1904,9 @@ static const unsigned char serv_ecc_comp_der_256[] = 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, - 0x1E, 0x17, 0x0D, 0x31, 0x36, 0x30, 0x38, 0x31, 0x31, 0x32, - 0x30, 0x30, 0x37, 0x33, 0x38, 0x5A, 0x17, 0x0D, 0x31, 0x39, - 0x30, 0x35, 0x30, 0x38, 0x32, 0x30, 0x30, 0x37, 0x33, 0x38, + 0x1E, 0x17, 0x0D, 0x31, 0x38, 0x30, 0x34, 0x31, 0x33, 0x31, + 0x35, 0x32, 0x33, 0x31, 0x30, 0x5A, 0x17, 0x0D, 0x32, 0x31, + 0x30, 0x31, 0x30, 0x37, 0x31, 0x35, 0x32, 0x33, 0x31, 0x30, 0x5A, 0x30, 0x81, 0xA0, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, @@ -1954,17 +1954,17 @@ static const unsigned char serv_ecc_comp_der_256[] = 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x09, 0x00, - 0xC3, 0xCD, 0xC5, 0xE4, 0x24, 0x18, 0x70, 0xCA, 0x30, 0x0C, + 0x80, 0x78, 0xC9, 0xB7, 0x06, 0x5A, 0xC5, 0x83, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, - 0x3D, 0x04, 0x03, 0x02, 0x03, 0x48, 0x00, 0x30, 0x45, 0x02, - 0x21, 0x00, 0xCA, 0x10, 0xEC, 0x8F, 0xF1, 0xEB, 0x92, 0x19, - 0x76, 0xD7, 0x16, 0x54, 0xF2, 0x21, 0x1C, 0x38, 0x0E, 0x6E, - 0x22, 0x3D, 0x95, 0xA4, 0xBD, 0xC8, 0x8C, 0xD2, 0xD8, 0x28, - 0xD3, 0x9C, 0x21, 0x6D, 0x02, 0x20, 0x71, 0x39, 0x0B, 0x0D, - 0xEC, 0x68, 0x8C, 0x64, 0xB6, 0x2C, 0x68, 0xDA, 0x03, 0xB1, - 0xD8, 0xE7, 0xD4, 0xF7, 0xCB, 0xA6, 0x73, 0x7E, 0x08, 0x00, - 0xC6, 0xB8, 0x04, 0x9D, 0x17, 0x3E, 0x66, 0x7F + 0x3D, 0x04, 0x03, 0x02, 0x03, 0x47, 0x00, 0x30, 0x44, 0x02, + 0x20, 0x31, 0x44, 0xD0, 0x4E, 0xD7, 0xC4, 0xB4, 0x96, 0xA3, + 0xE6, 0x25, 0xFD, 0xFA, 0xD6, 0x28, 0xA8, 0x67, 0x51, 0x72, + 0x90, 0x95, 0x31, 0xF9, 0xCD, 0x10, 0xBF, 0x11, 0xE4, 0xEC, + 0xB7, 0x42, 0x5B, 0x02, 0x20, 0x45, 0xDB, 0x45, 0x0A, 0x24, + 0x58, 0x8E, 0x2E, 0xE6, 0xEA, 0x0C, 0x6C, 0xBC, 0x72, 0x4F, + 0x0A, 0x1B, 0xF3, 0x2D, 0x97, 0xE9, 0xC2, 0x19, 0xF9, 0x97, + 0x3A, 0x60, 0xDD, 0x08, 0xD3, 0x52, 0x3E }; static const int sizeof_serv_ecc_comp_der_256 = sizeof(serv_ecc_comp_der_256); @@ -1989,10 +1989,10 @@ static const unsigned char serv_ecc_rsa_der_256[] = 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, - 0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x36, 0x30, 0x38, - 0x31, 0x31, 0x32, 0x30, 0x30, 0x37, 0x33, 0x38, 0x5A, 0x17, - 0x0D, 0x31, 0x39, 0x30, 0x35, 0x30, 0x38, 0x32, 0x30, 0x30, - 0x37, 0x33, 0x38, 0x5A, 0x30, 0x81, 0x9D, 0x31, 0x0B, 0x30, + 0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x38, 0x30, 0x34, + 0x31, 0x33, 0x31, 0x35, 0x32, 0x33, 0x31, 0x30, 0x5A, 0x17, + 0x0D, 0x32, 0x31, 0x30, 0x31, 0x30, 0x37, 0x31, 0x35, 0x32, + 0x33, 0x31, 0x30, 0x5A, 0x30, 0x81, 0x9D, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, @@ -2040,37 +2040,37 @@ static const unsigned char serv_ecc_rsa_der_256[] = 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, - 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x09, 0x00, 0xB7, 0xB6, - 0x90, 0x33, 0x66, 0x1B, 0x6B, 0x23, 0x30, 0x0C, 0x06, 0x03, + 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x09, 0x00, 0x86, 0xFF, + 0xF5, 0x8E, 0x10, 0xDE, 0xB8, 0xFB, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, - 0xAB, 0xB7, 0x78, 0xC8, 0x18, 0x6E, 0x6A, 0x27, 0x5D, 0xBB, - 0x16, 0xA1, 0xD3, 0xAE, 0xB5, 0xFD, 0x46, 0x50, 0xCF, 0xDC, - 0x82, 0xF9, 0x4A, 0x19, 0xEC, 0xBF, 0x44, 0xCD, 0xF5, 0x1F, - 0x15, 0x2C, 0x5A, 0xE9, 0x65, 0x27, 0xB2, 0xE1, 0x88, 0x62, - 0x0F, 0xBC, 0xA1, 0x3C, 0x95, 0xFB, 0x62, 0x8A, 0x71, 0xE0, - 0xC6, 0x22, 0xCE, 0x2E, 0x00, 0xCA, 0x4E, 0x7A, 0x03, 0x2A, - 0x12, 0x90, 0x98, 0x7B, 0x53, 0x9F, 0x46, 0xA0, 0xFF, 0x6B, - 0x04, 0xDC, 0x2A, 0x8D, 0xBB, 0x93, 0xE7, 0xB9, 0x0B, 0xD0, - 0x61, 0x0F, 0x62, 0x97, 0x18, 0x99, 0xBB, 0xE7, 0x1C, 0xE3, - 0xA2, 0xAB, 0x70, 0x8F, 0x32, 0x47, 0x7F, 0x1E, 0x3B, 0xCB, - 0x62, 0x55, 0x41, 0xA4, 0xAF, 0x1F, 0x01, 0x2C, 0x9B, 0xB2, - 0xCC, 0x06, 0x8D, 0x28, 0x04, 0x57, 0x5B, 0xF6, 0x32, 0xB8, - 0xE8, 0x18, 0xB6, 0x6B, 0xA1, 0xB9, 0xAA, 0x3F, 0x49, 0xEA, - 0xC1, 0x02, 0xC7, 0x92, 0xD9, 0xC7, 0x23, 0xEA, 0xA2, 0xF7, - 0x70, 0xA9, 0xDA, 0x9E, 0x5E, 0x82, 0xEF, 0x30, 0x07, 0xC7, - 0x89, 0xDA, 0xC9, 0xE0, 0xCF, 0xED, 0xE9, 0x4C, 0x34, 0xD4, - 0x72, 0x0E, 0x16, 0x49, 0x82, 0xC5, 0xA9, 0xB4, 0xA7, 0x05, - 0x07, 0xCC, 0x5D, 0xEB, 0xB4, 0xEF, 0x9A, 0x09, 0x73, 0xA2, - 0xD4, 0xB6, 0xC5, 0xBE, 0x34, 0xC0, 0xC9, 0x09, 0x29, 0xA5, - 0xD5, 0xF1, 0xE4, 0x82, 0x49, 0x70, 0xBF, 0x75, 0x79, 0x15, - 0xCD, 0xC1, 0xC8, 0xA3, 0x4D, 0x9B, 0xB4, 0xE2, 0x94, 0x5E, - 0x27, 0x61, 0xEA, 0x34, 0x69, 0x88, 0x47, 0xBD, 0x61, 0xE9, - 0x0D, 0xF3, 0x95, 0x8F, 0xFF, 0x53, 0xE7, 0x5C, 0x11, 0xE3, - 0xF4, 0xD0, 0x70, 0xAD, 0x9A, 0x73, 0x5D, 0x29, 0x30, 0xFC, - 0x23, 0x2E, 0xC0, 0x62, 0xD4, 0xD3, 0xA8, 0xCE, 0xB2, 0xE9, - 0xD3, 0xB9, 0x3F, 0x10, 0x0A, 0xF2 + 0x0C, 0xBB, 0x67, 0xBD, 0xFC, 0xCD, 0x53, 0x6C, 0xFB, 0x4E, + 0x58, 0xC8, 0xEA, 0x52, 0x92, 0xEB, 0xE4, 0xC8, 0xBC, 0x57, + 0x0F, 0x08, 0x20, 0xC8, 0x83, 0xB0, 0xD5, 0xEA, 0x57, 0x27, + 0xBD, 0x68, 0x91, 0xFB, 0x99, 0x84, 0x8D, 0x15, 0x9E, 0x4F, + 0x8F, 0xC4, 0xCB, 0x34, 0x61, 0xC0, 0x59, 0x12, 0x9B, 0xC8, + 0x82, 0x17, 0x38, 0x4F, 0x9E, 0x53, 0x08, 0xA3, 0x69, 0x2E, + 0x2F, 0xC0, 0xB4, 0x2F, 0xA2, 0x4E, 0x10, 0x64, 0xB0, 0x07, + 0xA1, 0x51, 0x08, 0x1D, 0x91, 0x53, 0xA2, 0x79, 0x55, 0x20, + 0x41, 0x65, 0x35, 0x3E, 0x0B, 0x38, 0x01, 0x57, 0x02, 0x8C, + 0x25, 0xE7, 0xAB, 0x4F, 0x8B, 0x59, 0xF0, 0xED, 0x8E, 0x4A, + 0x15, 0x0B, 0x32, 0xFB, 0x7A, 0x8B, 0x02, 0xEA, 0x9D, 0xE1, + 0xAB, 0xC4, 0x07, 0xCC, 0xDA, 0x0F, 0xA3, 0x16, 0xDB, 0x8E, + 0x5B, 0xBC, 0x96, 0xAB, 0x10, 0xB8, 0xDE, 0x09, 0x8B, 0xF7, + 0xCB, 0xA7, 0x78, 0x66, 0x17, 0xE3, 0x25, 0x6E, 0x57, 0x9D, + 0x13, 0x61, 0x7B, 0x55, 0x1A, 0xDF, 0x8F, 0x39, 0x15, 0x4E, + 0x42, 0x22, 0x00, 0x85, 0xC4, 0x51, 0x0B, 0x6B, 0xA6, 0x67, + 0xC0, 0xFB, 0xEA, 0x22, 0x77, 0x7D, 0x48, 0x76, 0xAB, 0x39, + 0x20, 0x09, 0xD5, 0x52, 0x89, 0x3E, 0x6B, 0x30, 0x7B, 0x50, + 0x18, 0xE8, 0x62, 0x05, 0xBE, 0xBB, 0x7F, 0x16, 0x77, 0x9C, + 0xBB, 0x5A, 0x22, 0x96, 0x99, 0xB0, 0x96, 0x83, 0xB7, 0x43, + 0x31, 0x97, 0xCF, 0xFD, 0x85, 0x52, 0xD8, 0x52, 0xC8, 0x67, + 0x5C, 0xF8, 0x22, 0x72, 0x35, 0x93, 0x92, 0x6C, 0xEC, 0x3C, + 0x6A, 0xC6, 0x81, 0x20, 0xA5, 0xCD, 0x50, 0xF9, 0x21, 0x7A, + 0xA6, 0x7A, 0x1E, 0xE7, 0x59, 0x22, 0x5D, 0x8A, 0x93, 0x51, + 0x8E, 0xFB, 0x29, 0x56, 0xFB, 0xBE, 0x9B, 0x87, 0x48, 0x5F, + 0xA5, 0x72, 0xE7, 0x4E, 0xFE, 0x5E }; static const int sizeof_serv_ecc_rsa_der_256 = sizeof(serv_ecc_rsa_der_256); @@ -2188,9 +2188,9 @@ static const int sizeof_ca_ecc_key_der_256 = sizeof(ca_ecc_key_der_256); /* ./certs/ca-ecc-cert.der, ECC */ static const unsigned char ca_ecc_cert_der_256[] = { - 0x30, 0x82, 0x02, 0x8A, 0x30, 0x82, 0x02, 0x30, 0xA0, 0x03, - 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0x97, 0xB4, 0xBD, 0x16, - 0x78, 0xF8, 0x47, 0xF2, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, + 0x30, 0x82, 0x02, 0x8B, 0x30, 0x82, 0x02, 0x30, 0xA0, 0x03, + 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xFD, 0x0E, 0x29, 0x21, + 0x66, 0xCB, 0x48, 0xA3, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x30, 0x81, 0x97, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, @@ -2207,10 +2207,10 @@ static const unsigned char ca_ecc_cert_der_256[] = 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, - 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x37, 0x31, 0x30, 0x32, 0x30, - 0x31, 0x38, 0x31, 0x39, 0x30, 0x36, 0x5A, 0x17, 0x0D, 0x33, - 0x37, 0x31, 0x30, 0x31, 0x35, 0x31, 0x38, 0x31, 0x39, 0x30, - 0x36, 0x5A, 0x30, 0x81, 0x97, 0x31, 0x0B, 0x30, 0x09, 0x06, + 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x38, 0x30, 0x34, 0x31, 0x33, + 0x31, 0x35, 0x32, 0x33, 0x31, 0x30, 0x5A, 0x17, 0x0D, 0x32, + 0x31, 0x30, 0x31, 0x30, 0x37, 0x31, 0x35, 0x32, 0x33, 0x31, + 0x30, 0x5A, 0x30, 0x81, 0x97, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x0A, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6E, 0x67, 0x74, 0x6F, 0x6E, 0x31, @@ -2246,14 +2246,14 @@ static const unsigned char ca_ecc_cert_der_256[] = 0x01, 0xFF, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x1D, 0x0F, 0x01, 0x01, 0xFF, 0x04, 0x04, 0x03, 0x02, 0x01, 0x86, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, - 0x03, 0x48, 0x00, 0x30, 0x45, 0x02, 0x20, 0x32, 0x26, 0x81, - 0xE4, 0x15, 0xEC, 0xE3, 0xAA, 0xD3, 0xE5, 0xB8, 0x2A, 0xCA, - 0xA3, 0x06, 0xA7, 0x04, 0x97, 0xD8, 0x43, 0x7F, 0xD4, 0x94, - 0x47, 0xF8, 0x18, 0x0D, 0x93, 0x52, 0x23, 0x8B, 0x08, 0x02, - 0x21, 0x00, 0xE1, 0x9E, 0x34, 0xD0, 0x92, 0xEE, 0x56, 0x0D, - 0x23, 0x38, 0x4A, 0x20, 0xBC, 0xCF, 0x11, 0xC3, 0x33, 0x77, - 0x96, 0x81, 0x56, 0x2B, 0xCA, 0xC4, 0xD5, 0xC6, 0x65, 0x5D, - 0x36, 0x73, 0x2F, 0xBA + 0x03, 0x49, 0x00, 0x30, 0x46, 0x02, 0x21, 0x00, 0xF0, 0x7B, + 0xCC, 0x24, 0x73, 0x19, 0x3F, 0x61, 0x68, 0xED, 0xC8, 0x0A, + 0x54, 0x4A, 0xB8, 0xAC, 0x79, 0xEF, 0x10, 0x32, 0x91, 0x52, + 0x2C, 0x3E, 0xBF, 0x50, 0xAA, 0x5F, 0x18, 0xC1, 0x97, 0xF5, + 0x02, 0x21, 0x00, 0xD9, 0x4B, 0x63, 0x67, 0x6F, 0x9B, 0x29, + 0xA9, 0xD7, 0x6B, 0x63, 0x9B, 0x98, 0x9F, 0x32, 0x82, 0x36, + 0xDA, 0xF0, 0xA9, 0xF7, 0x51, 0xB4, 0x97, 0xAA, 0xFA, 0xFA, + 0xDD, 0xEF, 0xEF, 0x4A, 0xAE }; static const int sizeof_ca_ecc_cert_der_256 = sizeof(ca_ecc_cert_der_256); @@ -2284,8 +2284,8 @@ static const int sizeof_ca_ecc_key_der_384 = sizeof(ca_ecc_key_der_384); static const unsigned char ca_ecc_cert_der_384[] = { 0x30, 0x82, 0x02, 0xC7, 0x30, 0x82, 0x02, 0x4D, 0xA0, 0x03, - 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xF5, 0xE1, 0x8F, 0xF1, - 0x4B, 0xA6, 0x83, 0x8E, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, + 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xFC, 0x39, 0x04, 0xA4, + 0x0E, 0xA5, 0x6C, 0x87, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x03, 0x30, 0x81, 0x97, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, @@ -2302,10 +2302,10 @@ static const unsigned char ca_ecc_cert_der_384[] = 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, - 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x37, 0x31, 0x30, 0x32, 0x30, - 0x31, 0x38, 0x31, 0x39, 0x30, 0x36, 0x5A, 0x17, 0x0D, 0x33, - 0x37, 0x31, 0x30, 0x31, 0x35, 0x31, 0x38, 0x31, 0x39, 0x30, - 0x36, 0x5A, 0x30, 0x81, 0x97, 0x31, 0x0B, 0x30, 0x09, 0x06, + 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x38, 0x30, 0x34, 0x31, 0x33, + 0x31, 0x35, 0x32, 0x33, 0x31, 0x30, 0x5A, 0x17, 0x0D, 0x32, + 0x31, 0x30, 0x31, 0x30, 0x37, 0x31, 0x35, 0x32, 0x33, 0x31, + 0x30, 0x5A, 0x30, 0x81, 0x97, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x0A, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6E, 0x67, 0x74, 0x6F, 0x6E, 0x31, @@ -2344,17 +2344,17 @@ static const unsigned char ca_ecc_cert_der_384[] = 0xFF, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x1D, 0x0F, 0x01, 0x01, 0xFF, 0x04, 0x04, 0x03, 0x02, 0x01, 0x86, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x03, 0x03, - 0x68, 0x00, 0x30, 0x65, 0x02, 0x30, 0x17, 0xDD, 0xB9, 0xA5, - 0xE0, 0xEC, 0x8A, 0x03, 0x8B, 0x66, 0x45, 0x69, 0xAD, 0x5E, - 0xAD, 0x32, 0xBC, 0x45, 0x4C, 0x89, 0x85, 0x3F, 0xA1, 0xDD, - 0xA4, 0x74, 0x4B, 0x5D, 0x08, 0x65, 0x1B, 0xD8, 0x07, 0x00, - 0x49, 0x5D, 0xEF, 0x10, 0xFC, 0xEB, 0x8F, 0x64, 0xA8, 0x62, - 0x99, 0x88, 0x20, 0x59, 0x02, 0x31, 0x00, 0x94, 0x40, 0x64, - 0x29, 0x86, 0xD0, 0x00, 0x76, 0x1C, 0x98, 0x23, 0x9C, 0xB7, - 0x9B, 0xBE, 0x78, 0x73, 0x3A, 0x88, 0xBE, 0x52, 0x00, 0x3F, - 0xE3, 0x81, 0x36, 0xD9, 0x14, 0x22, 0x3D, 0x9E, 0xA2, 0x8A, - 0x4A, 0x56, 0x9C, 0xC4, 0x3F, 0x5F, 0x88, 0x2E, 0xB1, 0xA7, - 0x6C, 0x4D, 0x0E, 0xCC, 0x92 + 0x68, 0x00, 0x30, 0x65, 0x02, 0x30, 0x0D, 0x0A, 0x62, 0xFB, + 0xE6, 0x3A, 0xFE, 0x71, 0xD8, 0x2B, 0x44, 0xE5, 0x97, 0x34, + 0x04, 0xA9, 0x8C, 0x0A, 0x99, 0x88, 0xA0, 0xBD, 0x1F, 0xB0, + 0xDF, 0x94, 0x59, 0x27, 0xBB, 0x2B, 0xC6, 0x2A, 0xBE, 0xA4, + 0x69, 0x1B, 0xCF, 0x97, 0x78, 0x2A, 0x28, 0x96, 0xEE, 0xBA, + 0xD4, 0x87, 0x45, 0xFD, 0x02, 0x31, 0x00, 0xC0, 0x73, 0x19, + 0x66, 0x76, 0x5E, 0x9F, 0xA3, 0x65, 0x85, 0x41, 0xEF, 0xB7, + 0x7B, 0x3D, 0x63, 0x6D, 0x98, 0x71, 0x99, 0x6F, 0x9C, 0xDB, + 0xA8, 0x5E, 0x53, 0x6E, 0xA0, 0x68, 0x11, 0x65, 0xBC, 0x78, + 0x74, 0x28, 0x69, 0xC7, 0x64, 0x9D, 0x88, 0xF2, 0xD8, 0xC2, + 0x3D, 0x29, 0x03, 0x83, 0x23 }; static const int sizeof_ca_ecc_cert_der_384 = sizeof(ca_ecc_cert_der_384); @@ -2387,95 +2387,10 @@ static const unsigned char dh_g[] = /* ./certs/ed25519/server-ed25519.der, ED25519 */ static const unsigned char server_ed25519_cert[] = { - 0x30, 0x82, 0x02, 0x4B, 0x30, 0x82, 0x01, 0xFD, 0xA0, 0x03, - 0x02, 0x01, 0x02, 0x02, 0x08, 0x01, 0xD0, 0x92, 0x10, 0x6A, - 0x5A, 0x46, 0x57, 0x30, 0x05, 0x06, 0x03, 0x2B, 0x65, 0x70, - 0x30, 0x81, 0x9D, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, - 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, - 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, - 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, - 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, - 0x61, 0x6E, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, - 0x04, 0x0C, 0x02, 0x43, 0x41, 0x31, 0x10, 0x30, 0x0E, 0x06, - 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x07, 0x77, 0x6F, 0x6C, 0x66, - 0x53, 0x53, 0x4C, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, - 0x04, 0x0B, 0x0C, 0x07, 0x45, 0x44, 0x32, 0x35, 0x35, 0x31, - 0x39, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, - 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, - 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, - 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, - 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, - 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, - 0x30, 0x22, 0x18, 0x0F, 0x32, 0x30, 0x31, 0x37, 0x30, 0x35, - 0x32, 0x38, 0x32, 0x33, 0x32, 0x36, 0x32, 0x39, 0x5A, 0x18, - 0x0F, 0x32, 0x30, 0x31, 0x39, 0x30, 0x35, 0x32, 0x39, 0x32, - 0x33, 0x32, 0x36, 0x32, 0x39, 0x5A, 0x30, 0x81, 0x9F, 0x31, - 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, - 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, - 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, - 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, - 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x0D, - 0x30, 0x0B, 0x06, 0x03, 0x55, 0x04, 0x04, 0x0C, 0x04, 0x4C, - 0x65, 0x61, 0x66, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, - 0x04, 0x0A, 0x0C, 0x07, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, - 0x4C, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x0B, - 0x0C, 0x07, 0x45, 0x44, 0x32, 0x35, 0x35, 0x31, 0x39, 0x31, - 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, - 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, - 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, - 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, - 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, - 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x2A, - 0x30, 0x05, 0x06, 0x03, 0x2B, 0x65, 0x70, 0x03, 0x21, 0x00, - 0x1A, 0x30, 0x88, 0x18, 0x47, 0x2F, 0x97, 0xDA, 0x04, 0xF4, - 0xA4, 0xE3, 0xBD, 0x6C, 0x0C, 0x16, 0xB9, 0x48, 0xC1, 0xD1, - 0x42, 0xD7, 0x8E, 0x92, 0x84, 0xA0, 0x74, 0x2A, 0x43, 0x9E, - 0x0E, 0x29, 0xA3, 0x53, 0x30, 0x51, 0x30, 0x1D, 0x06, 0x03, - 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0xF6, 0xB2, 0x84, - 0x1A, 0x95, 0xB4, 0x70, 0x32, 0x53, 0xFE, 0xD9, 0xEB, 0x9B, - 0x29, 0x80, 0x4B, 0xD6, 0xB5, 0xF1, 0xC0, 0x30, 0x1F, 0x06, - 0x03, 0x55, 0x1D, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, - 0x92, 0xD5, 0x0B, 0xDA, 0xF1, 0x04, 0x8B, 0xB9, 0xA1, 0x8B, - 0x03, 0x02, 0x9F, 0x58, 0x00, 0x35, 0x36, 0x07, 0x7A, 0xC9, - 0x30, 0x0F, 0x06, 0x03, 0x55, 0x1D, 0x0F, 0x01, 0x01, 0xFF, - 0x04, 0x05, 0x03, 0x02, 0x06, 0xC0, 0x00, 0x30, 0x05, 0x06, - 0x03, 0x2B, 0x65, 0x70, 0x03, 0x41, 0x00, 0x12, 0x56, 0x77, - 0x0C, 0x96, 0x42, 0x98, 0xDA, 0xC9, 0x15, 0x6C, 0x4E, 0x48, - 0x95, 0x05, 0x1D, 0xD0, 0x78, 0x32, 0xF8, 0x86, 0x46, 0x9A, - 0x46, 0x9B, 0x64, 0x8B, 0x31, 0xB0, 0x19, 0x6B, 0x77, 0x99, - 0x8B, 0xFF, 0xFC, 0x02, 0x36, 0x05, 0x0B, 0x69, 0x37, 0x87, - 0x62, 0x75, 0xDA, 0x50, 0x2C, 0x2D, 0x5D, 0x52, 0x94, 0x3F, - 0x00, 0x9D, 0x18, 0x45, 0x6F, 0x37, 0x12, 0x8E, 0xF4, 0xE4, - 0x00 -}; -static const int sizeof_server_ed25519_cert = sizeof(server_ed25519_cert); - -/* ./certs/ed25519/ca-ed25519.der, ED25519 */ -static const unsigned char ca_ed25519_cert[] = -{ - 0x30, 0x82, 0x02, 0x59, 0x30, 0x82, 0x02, 0x0B, 0xA0, 0x03, - 0x02, 0x01, 0x02, 0x02, 0x08, 0x01, 0xF6, 0xE1, 0x3E, 0xBC, - 0x79, 0xA1, 0x85, 0x30, 0x05, 0x06, 0x03, 0x2B, 0x65, 0x70, - 0x30, 0x81, 0x9F, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, - 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, - 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, - 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, - 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, - 0x61, 0x6E, 0x31, 0x0D, 0x30, 0x0B, 0x06, 0x03, 0x55, 0x04, - 0x04, 0x0C, 0x04, 0x52, 0x6F, 0x6F, 0x74, 0x31, 0x10, 0x30, - 0x0E, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x07, 0x77, 0x6F, - 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x31, 0x10, 0x30, 0x0E, 0x06, - 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x07, 0x45, 0x44, 0x32, 0x35, - 0x35, 0x31, 0x39, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, - 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, - 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, - 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, - 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, - 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, - 0x6F, 0x6D, 0x30, 0x22, 0x18, 0x0F, 0x32, 0x30, 0x31, 0x37, - 0x30, 0x35, 0x32, 0x38, 0x32, 0x33, 0x32, 0x36, 0x32, 0x39, - 0x5A, 0x18, 0x0F, 0x32, 0x30, 0x31, 0x39, 0x30, 0x35, 0x32, - 0x39, 0x32, 0x33, 0x32, 0x36, 0x32, 0x39, 0x5A, 0x30, 0x81, + 0x30, 0x82, 0x02, 0x52, 0x30, 0x82, 0x02, 0x04, 0xA0, 0x03, + 0x02, 0x01, 0x02, 0x02, 0x10, 0x00, 0xCD, 0xF2, 0x2F, 0xBE, + 0xDC, 0x07, 0xFA, 0xBB, 0x65, 0x03, 0xE2, 0xFF, 0xEA, 0x6A, + 0x99, 0x30, 0x05, 0x06, 0x03, 0x2B, 0x65, 0x70, 0x30, 0x81, 0x9D, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, @@ -2491,29 +2406,115 @@ static const unsigned char ca_ed25519_cert[] = 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, - 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x2A, - 0x30, 0x05, 0x06, 0x03, 0x2B, 0x65, 0x70, 0x03, 0x21, 0x00, - 0x41, 0x07, 0xEC, 0x75, 0x0C, 0x68, 0x72, 0x12, 0x3C, 0x04, - 0x82, 0x07, 0x6E, 0x16, 0x6F, 0x40, 0x41, 0x6D, 0xA4, 0x8F, - 0x08, 0xF2, 0xE2, 0x9D, 0xA7, 0x43, 0xC2, 0x24, 0x28, 0x98, - 0x7E, 0xAC, 0xA3, 0x61, 0x30, 0x5F, 0x30, 0x0C, 0x06, 0x03, - 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, - 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, - 0x14, 0x92, 0xD5, 0x0B, 0xDA, 0xF1, 0x04, 0x8B, 0xB9, 0xA1, - 0x8B, 0x03, 0x02, 0x9F, 0x58, 0x00, 0x35, 0x36, 0x07, 0x7A, - 0xC9, 0x30, 0x1F, 0x06, 0x03, 0x55, 0x1D, 0x23, 0x04, 0x18, - 0x30, 0x16, 0x80, 0x14, 0x86, 0xC0, 0x27, 0xE9, 0x9E, 0xFA, - 0x85, 0xC1, 0xFD, 0xE3, 0x6F, 0xFC, 0x54, 0x59, 0x72, 0x37, - 0xC7, 0x33, 0x92, 0xBB, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x1D, - 0x0F, 0x01, 0x01, 0xFF, 0x04, 0x05, 0x03, 0x02, 0x01, 0xC6, - 0x00, 0x30, 0x05, 0x06, 0x03, 0x2B, 0x65, 0x70, 0x03, 0x41, - 0x00, 0x22, 0x1B, 0x06, 0x17, 0xC0, 0x11, 0x74, 0x1F, 0x64, - 0xD1, 0xA3, 0xF6, 0x7B, 0x06, 0x00, 0x1A, 0x0B, 0x50, 0x8E, - 0xEB, 0xB1, 0x63, 0x92, 0x45, 0xBA, 0xDC, 0xE2, 0xC1, 0x68, - 0x14, 0x23, 0x0C, 0x6E, 0x2C, 0x95, 0x3C, 0xB1, 0x1C, 0x19, - 0x27, 0x98, 0x50, 0x3E, 0x55, 0x51, 0xCC, 0xC4, 0x49, 0x58, - 0xAF, 0xB9, 0x46, 0x4F, 0xED, 0x9C, 0x57, 0x38, 0x04, 0x29, - 0xD4, 0xA9, 0x12, 0xFE, 0x08 + 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x22, + 0x18, 0x0F, 0x32, 0x30, 0x31, 0x38, 0x30, 0x34, 0x31, 0x32, + 0x31, 0x36, 0x32, 0x32, 0x31, 0x37, 0x5A, 0x18, 0x0F, 0x32, + 0x30, 0x32, 0x31, 0x30, 0x31, 0x30, 0x37, 0x31, 0x35, 0x32, + 0x32, 0x31, 0x37, 0x5A, 0x30, 0x81, 0x9F, 0x31, 0x0B, 0x30, + 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, + 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, + 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, + 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, + 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x0D, 0x30, 0x0B, + 0x06, 0x03, 0x55, 0x04, 0x04, 0x0C, 0x04, 0x4C, 0x65, 0x61, + 0x66, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x0A, + 0x0C, 0x07, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x31, + 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x07, + 0x45, 0x44, 0x32, 0x35, 0x35, 0x31, 0x39, 0x31, 0x18, 0x30, + 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, + 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, + 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, + 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, + 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, + 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x2A, 0x30, 0x05, + 0x06, 0x03, 0x2B, 0x65, 0x70, 0x03, 0x21, 0x00, 0x61, 0x5D, + 0xEC, 0xB7, 0x45, 0x93, 0xC9, 0x84, 0x7B, 0x68, 0x21, 0x4A, + 0x4D, 0xF4, 0x04, 0x8B, 0xBD, 0xCD, 0x6C, 0x5D, 0x3D, 0xB7, + 0x62, 0x2C, 0x2D, 0x25, 0xC3, 0x22, 0x49, 0xC8, 0x86, 0xF2, + 0xA3, 0x52, 0x30, 0x50, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, + 0x0E, 0x04, 0x16, 0x04, 0x14, 0x33, 0xC8, 0x28, 0x63, 0x8C, + 0xF4, 0x57, 0xEE, 0x1E, 0xB0, 0xC7, 0x12, 0x12, 0x76, 0x8A, + 0x80, 0x30, 0x3A, 0xCB, 0x10, 0x30, 0x1F, 0x06, 0x03, 0x55, + 0x1D, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x92, 0x3F, + 0x96, 0x72, 0x02, 0xFA, 0x61, 0x1C, 0x21, 0x6D, 0x88, 0xDD, + 0xEB, 0xDD, 0x3C, 0x9B, 0x17, 0xC4, 0x9F, 0xB7, 0x30, 0x0E, + 0x06, 0x03, 0x55, 0x1D, 0x0F, 0x01, 0x01, 0xFF, 0x04, 0x04, + 0x03, 0x02, 0x06, 0xC0, 0x30, 0x05, 0x06, 0x03, 0x2B, 0x65, + 0x70, 0x03, 0x41, 0x00, 0x15, 0x88, 0x86, 0xFC, 0x66, 0xD1, + 0xE0, 0xF6, 0xCF, 0xC9, 0x09, 0x46, 0xD0, 0x50, 0xE2, 0x01, + 0x5D, 0xF7, 0xCF, 0x57, 0xB8, 0xBA, 0x90, 0x84, 0xCB, 0xF1, + 0x24, 0x4B, 0xEF, 0xA5, 0x95, 0x7D, 0x69, 0x92, 0x88, 0xA8, + 0x89, 0x63, 0xCC, 0x90, 0x40, 0xC2, 0x41, 0x3A, 0x40, 0x76, + 0xB1, 0x2D, 0xA8, 0xA8, 0x97, 0xC9, 0x73, 0xC7, 0x82, 0x30, + 0x24, 0x61, 0xB0, 0xAA, 0xCA, 0xAA, 0x68, 0x00 +}; +static const int sizeof_server_ed25519_cert = sizeof(server_ed25519_cert); + +/* ./certs/ed25519/ca-ed25519.der, ED25519 */ +static const unsigned char ca_ed25519_cert[] = +{ + 0x30, 0x82, 0x02, 0x60, 0x30, 0x82, 0x02, 0x12, 0xA0, 0x03, + 0x02, 0x01, 0x02, 0x02, 0x10, 0x00, 0x80, 0xBA, 0x68, 0x77, + 0xEF, 0xA5, 0xE5, 0x42, 0x7D, 0xC6, 0x73, 0x2C, 0x54, 0x85, + 0xB8, 0x30, 0x05, 0x06, 0x03, 0x2B, 0x65, 0x70, 0x30, 0x81, + 0x9F, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, + 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, + 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, + 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, + 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, + 0x31, 0x0D, 0x30, 0x0B, 0x06, 0x03, 0x55, 0x04, 0x04, 0x0C, + 0x04, 0x52, 0x6F, 0x6F, 0x74, 0x31, 0x10, 0x30, 0x0E, 0x06, + 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x07, 0x77, 0x6F, 0x6C, 0x66, + 0x53, 0x53, 0x4C, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, + 0x04, 0x0B, 0x0C, 0x07, 0x45, 0x44, 0x32, 0x35, 0x35, 0x31, + 0x39, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, + 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, + 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, + 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, + 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, + 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, + 0x30, 0x22, 0x18, 0x0F, 0x32, 0x30, 0x31, 0x38, 0x30, 0x34, + 0x31, 0x32, 0x31, 0x36, 0x32, 0x32, 0x31, 0x37, 0x5A, 0x18, + 0x0F, 0x32, 0x30, 0x32, 0x31, 0x30, 0x31, 0x30, 0x37, 0x31, + 0x35, 0x32, 0x32, 0x31, 0x37, 0x5A, 0x30, 0x81, 0x9D, 0x31, + 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, + 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, + 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, + 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, + 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x0B, + 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x04, 0x0C, 0x02, 0x43, + 0x41, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x0A, + 0x0C, 0x07, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x31, + 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x07, + 0x45, 0x44, 0x32, 0x35, 0x35, 0x31, 0x39, 0x31, 0x18, 0x30, + 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, + 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, + 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, + 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, + 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, + 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x2A, 0x30, 0x05, + 0x06, 0x03, 0x2B, 0x65, 0x70, 0x03, 0x21, 0x00, 0x65, 0xAA, + 0x7F, 0x05, 0xA4, 0x04, 0x34, 0xA0, 0xEA, 0xAD, 0x1F, 0xA9, + 0x86, 0xF0, 0xD8, 0x7F, 0x72, 0xDF, 0xA9, 0x0E, 0x13, 0xA0, + 0x38, 0x66, 0x26, 0x5E, 0xEB, 0x48, 0x30, 0x80, 0x48, 0x49, + 0xA3, 0x60, 0x30, 0x5E, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, + 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x1D, + 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0x92, + 0x3F, 0x96, 0x72, 0x02, 0xFA, 0x61, 0x1C, 0x21, 0x6D, 0x88, + 0xDD, 0xEB, 0xDD, 0x3C, 0x9B, 0x17, 0xC4, 0x9F, 0xB7, 0x30, + 0x1F, 0x06, 0x03, 0x55, 0x1D, 0x23, 0x04, 0x18, 0x30, 0x16, + 0x80, 0x14, 0xFE, 0x01, 0x46, 0x7F, 0x6F, 0x2B, 0x3E, 0x1C, + 0xB0, 0x6F, 0xE1, 0xCC, 0x4D, 0x02, 0x25, 0xF7, 0x4D, 0x0A, + 0x95, 0xB8, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x1D, 0x0F, 0x01, + 0x01, 0xFF, 0x04, 0x04, 0x03, 0x02, 0x01, 0xC6, 0x30, 0x05, + 0x06, 0x03, 0x2B, 0x65, 0x70, 0x03, 0x41, 0x00, 0x4C, 0x40, + 0xD0, 0x7F, 0xBC, 0xFB, 0xF4, 0xA2, 0x1A, 0x58, 0xF6, 0x72, + 0xE3, 0xE8, 0xDA, 0x18, 0x0D, 0x94, 0xDC, 0x0E, 0xFD, 0xC1, + 0xE7, 0x02, 0xA5, 0x7A, 0xEE, 0xCB, 0xC2, 0x7E, 0xFA, 0xA1, + 0xFC, 0x15, 0x9A, 0xFE, 0x1E, 0xE0, 0x37, 0xDF, 0x7F, 0xAB, + 0x76, 0x50, 0x06, 0xD4, 0x3D, 0x1A, 0x65, 0x73, 0x3F, 0x92, + 0xD4, 0x44, 0x62, 0xA7, 0x4C, 0xB3, 0x2A, 0x01, 0x87, 0xE3, + 0x06, 0x06 }; static const int sizeof_ca_ed25519_cert = sizeof(ca_ed25519_cert); From 48b3aa90d38e3f749e41e942c26ecf284a4f5ae9 Mon Sep 17 00:00:00 2001 From: "brian@tangent.org" Date: Sat, 14 Apr 2018 23:31:01 -1000 Subject: [PATCH 002/146] Update autoconf m4 files, except pthreads which should be its own commit --- m4/ax_add_am_macro.m4 | 4 +- m4/ax_am_jobserver.m4 | 7 +- m4/ax_am_macros.m4 | 6 +- m4/ax_append_compile_flags.m4 | 20 +- m4/ax_append_flag.m4 | 34 +- m4/ax_append_link_flags.m4 | 16 +- m4/ax_append_to_file.m4 | 6 +- m4/ax_check_compile_flag.m4 | 16 +- m4/ax_check_library.m4 | 56 ++-- m4/ax_check_link_flag.m4 | 17 +- m4/ax_compiler_version.m4 | 587 +++++++++++++++++++++++++++++----- m4/ax_count_cpus.m4 | 106 ++++-- m4/ax_file_escapes.m4 | 4 +- m4/ax_print_to_file.m4 | 4 +- m4/visibility.m4 | 4 +- 15 files changed, 686 insertions(+), 201 deletions(-) diff --git a/m4/ax_add_am_macro.m4 b/m4/ax_add_am_macro.m4 index 51ce0d0c2..3962002bf 100644 --- a/m4/ax_add_am_macro.m4 +++ b/m4/ax_add_am_macro.m4 @@ -1,5 +1,5 @@ # =========================================================================== -# http://www.gnu.org/software/autoconf-archive/ax_add_am_macro.html +# https://www.gnu.org/software/autoconf-archive/ax_add_am_macro.html # =========================================================================== # # SYNOPSIS @@ -21,7 +21,7 @@ # and this notice are preserved. This file is offered as-is, without any # warranty. -#serial 9 +#serial 10 AC_DEFUN([AX_ADD_AM_MACRO],[ AC_REQUIRE([AX_AM_MACROS]) diff --git a/m4/ax_am_jobserver.m4 b/m4/ax_am_jobserver.m4 index 5a398f8bb..dfbcdbb2f 100644 --- a/m4/ax_am_jobserver.m4 +++ b/m4/ax_am_jobserver.m4 @@ -1,5 +1,5 @@ # =========================================================================== -# http://www.gnu.org/software/autoconf-archive/ax_am_jobserver.html +# https://www.gnu.org/software/autoconf-archive/ax_am_jobserver.html # =========================================================================== # # SYNOPSIS @@ -33,7 +33,7 @@ # and this notice are preserved. This file is offered as-is, without any # warranty. -#serial 7.1 +#serial 8 AC_DEFUN([AX_AM_JOBSERVER], [ AC_REQUIRE([AX_COUNT_CPUS]) @@ -44,7 +44,8 @@ AC_DEFUN([AX_AM_JOBSERVER], [ yes: enable one more than CPU count ],, [enable_jobserver=m4_ifval([$1],[$1],[yes])]) if test "x$enable_jobserver" = "xyes"; then - let enable_jobserver=$CPU_COUNT+1 + enable_jobserver=$CPU_COUNT + ((enable_jobserver++)) fi m4_pattern_allow(AM_MAKEFLAGS) if test "x$enable_jobserver" != "xno"; then diff --git a/m4/ax_am_macros.m4 b/m4/ax_am_macros.m4 index 6b4bd2239..36c3ab6a2 100644 --- a/m4/ax_am_macros.m4 +++ b/m4/ax_am_macros.m4 @@ -1,5 +1,5 @@ # =========================================================================== -# http://www.gnu.org/software/autoconf-archive/ax_am_macros.html +# https://www.gnu.org/software/autoconf-archive/ax_am_macros.html # =========================================================================== # # SYNOPSIS @@ -24,7 +24,7 @@ # and this notice are preserved. This file is offered as-is, without any # warranty. -#serial 9 +#serial 11 AC_DEFUN([AX_AM_MACROS], [ @@ -32,7 +32,7 @@ AC_MSG_NOTICE([adding automake macro support]) AMINCLUDE="aminclude.am" AC_SUBST(AMINCLUDE) AC_MSG_NOTICE([creating $AMINCLUDE]) -AMINCLUDE_TIME=`date` +AMINCLUDE_TIME=`LC_ALL=C date` AX_PRINT_TO_FILE([$AMINCLUDE],[[ # generated automatically by configure from AX_AUTOMAKE_MACROS # on $AMINCLUDE_TIME diff --git a/m4/ax_append_compile_flags.m4 b/m4/ax_append_compile_flags.m4 index 1f8e70845..5b6f1af51 100644 --- a/m4/ax_append_compile_flags.m4 +++ b/m4/ax_append_compile_flags.m4 @@ -1,10 +1,10 @@ -# =========================================================================== -# http://www.gnu.org/software/autoconf-archive/ax_append_compile_flags.html -# =========================================================================== +# ============================================================================ +# https://www.gnu.org/software/autoconf-archive/ax_append_compile_flags.html +# ============================================================================ # # SYNOPSIS # -# AX_APPEND_COMPILE_FLAGS([FLAG1 FLAG2 ...], [FLAGS-VARIABLE], [EXTRA-FLAGS]) +# AX_APPEND_COMPILE_FLAGS([FLAG1 FLAG2 ...], [FLAGS-VARIABLE], [EXTRA-FLAGS], [INPUT]) # # DESCRIPTION # @@ -20,6 +20,8 @@ # the flags: "CFLAGS EXTRA-FLAGS FLAG". This can for example be used to # force the compiler to issue an error when a bad flag is given. # +# INPUT gives an alternative input source to AC_COMPILE_IFELSE. +# # NOTE: This macro depends on the AX_APPEND_FLAG and # AX_CHECK_COMPILE_FLAG. Please keep this macro in sync with # AX_APPEND_LINK_FLAGS. @@ -39,7 +41,7 @@ # Public License for more details. # # You should have received a copy of the GNU General Public License along -# with this program. If not, see . +# with this program. If not, see . # # As a special exception, the respective Autoconf Macro's copyright owner # gives unlimited permission to copy, distribute and modify the configure @@ -54,12 +56,12 @@ # modified version of the Autoconf Macro, you may extend this special # exception to the GPL to apply to your modified version as well. -#serial 3 +#serial 6 AC_DEFUN([AX_APPEND_COMPILE_FLAGS], -[AC_REQUIRE([AX_CHECK_COMPILE_FLAG]) -AC_REQUIRE([AX_APPEND_FLAG]) +[AX_REQUIRE_DEFINED([AX_CHECK_COMPILE_FLAG]) +AX_REQUIRE_DEFINED([AX_APPEND_FLAG]) for flag in $1; do - AX_CHECK_COMPILE_FLAG([$flag], [AX_APPEND_FLAG([$flag], [$2])], [], [$3]) + AX_CHECK_COMPILE_FLAG([$flag], [AX_APPEND_FLAG([$flag], [$2])], [], [$3], [$4]) done ])dnl AX_APPEND_COMPILE_FLAGS diff --git a/m4/ax_append_flag.m4 b/m4/ax_append_flag.m4 index 1d38b76fb..e8c5312af 100644 --- a/m4/ax_append_flag.m4 +++ b/m4/ax_append_flag.m4 @@ -1,5 +1,5 @@ # =========================================================================== -# http://www.gnu.org/software/autoconf-archive/ax_append_flag.html +# https://www.gnu.org/software/autoconf-archive/ax_append_flag.html # =========================================================================== # # SYNOPSIS @@ -34,7 +34,7 @@ # Public License for more details. # # You should have received a copy of the GNU General Public License along -# with this program. If not, see . +# with this program. If not, see . # # As a special exception, the respective Autoconf Macro's copyright owner # gives unlimited permission to copy, distribute and modify the configure @@ -49,21 +49,23 @@ # modified version of the Autoconf Macro, you may extend this special # exception to the GPL to apply to your modified version as well. -#serial 2 +#serial 7 AC_DEFUN([AX_APPEND_FLAG], -[AC_PREREQ(2.59)dnl for _AC_LANG_PREFIX -AS_VAR_PUSHDEF([FLAGS], [m4_default($2,_AC_LANG_PREFIX[FLAGS])])dnl -AS_VAR_SET_IF(FLAGS, - [case " AS_VAR_GET(FLAGS) " in - *" $1 "*) - AC_RUN_LOG([: FLAGS already contains $1]) - ;; - *) - AC_RUN_LOG([: FLAGS="$FLAGS $1"]) - AS_VAR_SET(FLAGS, ["AS_VAR_GET(FLAGS) $1"]) - ;; - esac], - [AS_VAR_SET(FLAGS,["$1"])]) +[dnl +AC_PREREQ(2.64)dnl for _AC_LANG_PREFIX and AS_VAR_SET_IF +AS_VAR_PUSHDEF([FLAGS], [m4_default($2,_AC_LANG_PREFIX[FLAGS])]) +AS_VAR_SET_IF(FLAGS,[ + AS_CASE([" AS_VAR_GET(FLAGS) "], + [*" $1 "*], [AC_RUN_LOG([: FLAGS already contains $1])], + [ + AS_VAR_APPEND(FLAGS,[" $1"]) + AC_RUN_LOG([: FLAGS="$FLAGS"]) + ]) + ], + [ + AS_VAR_SET(FLAGS,[$1]) + AC_RUN_LOG([: FLAGS="$FLAGS"]) + ]) AS_VAR_POPDEF([FLAGS])dnl ])dnl AX_APPEND_FLAG diff --git a/m4/ax_append_link_flags.m4 b/m4/ax_append_link_flags.m4 index 48cbd4bb1..6f7f17456 100644 --- a/m4/ax_append_link_flags.m4 +++ b/m4/ax_append_link_flags.m4 @@ -1,10 +1,10 @@ # =========================================================================== -# http://www.gnu.org/software/autoconf-archive/ax_append_link_flags.html +# https://www.gnu.org/software/autoconf-archive/ax_append_link_flags.html # =========================================================================== # # SYNOPSIS # -# AX_APPEND_LINK_FLAGS([FLAG1 FLAG2 ...], [FLAGS-VARIABLE], [EXTRA-FLAGS]) +# AX_APPEND_LINK_FLAGS([FLAG1 FLAG2 ...], [FLAGS-VARIABLE], [EXTRA-FLAGS], [INPUT]) # # DESCRIPTION # @@ -19,6 +19,8 @@ # EXTRA-FLAGS FLAG". This can for example be used to force the linker to # issue an error when a bad flag is given. # +# INPUT gives an alternative input source to AC_COMPILE_IFELSE. +# # NOTE: This macro depends on the AX_APPEND_FLAG and AX_CHECK_LINK_FLAG. # Please keep this macro in sync with AX_APPEND_COMPILE_FLAGS. # @@ -37,7 +39,7 @@ # Public License for more details. # # You should have received a copy of the GNU General Public License along -# with this program. If not, see . +# with this program. If not, see . # # As a special exception, the respective Autoconf Macro's copyright owner # gives unlimited permission to copy, distribute and modify the configure @@ -52,12 +54,12 @@ # modified version of the Autoconf Macro, you may extend this special # exception to the GPL to apply to your modified version as well. -#serial 3 +#serial 6 AC_DEFUN([AX_APPEND_LINK_FLAGS], -[AC_REQUIRE([AX_CHECK_LINK_FLAG]) -AC_REQUIRE([AX_APPEND_FLAG]) +[AX_REQUIRE_DEFINED([AX_CHECK_LINK_FLAG]) +AX_REQUIRE_DEFINED([AX_APPEND_FLAG]) for flag in $1; do - AX_CHECK_LINK_FLAG([$flag], [AX_APPEND_FLAG([$flag], [m4_default([$2], [LDFLAGS])])], [], [$3]) + AX_CHECK_LINK_FLAG([$flag], [AX_APPEND_FLAG([$flag], [m4_default([$2], [LDFLAGS])])], [], [$3], [$4]) done ])dnl AX_APPEND_LINK_FLAGS diff --git a/m4/ax_append_to_file.m4 b/m4/ax_append_to_file.m4 index f9f54e088..fca570837 100644 --- a/m4/ax_append_to_file.m4 +++ b/m4/ax_append_to_file.m4 @@ -1,5 +1,5 @@ # =========================================================================== -# http://www.gnu.org/software/autoconf-archive/ax_append_to_file.html +# https://www.gnu.org/software/autoconf-archive/ax_append_to_file.html # =========================================================================== # # SYNOPSIS @@ -19,9 +19,9 @@ # and this notice are preserved. This file is offered as-is, without any # warranty. -#serial 8 +#serial 9 AC_DEFUN([AX_APPEND_TO_FILE],[ AC_REQUIRE([AX_FILE_ESCAPES]) -printf "$2\n" >> "$1" +printf "%s" "$2" >> "$1" ]) diff --git a/m4/ax_check_compile_flag.m4 b/m4/ax_check_compile_flag.m4 index c3a8d695a..dcabb92a1 100644 --- a/m4/ax_check_compile_flag.m4 +++ b/m4/ax_check_compile_flag.m4 @@ -1,10 +1,10 @@ # =========================================================================== -# http://www.gnu.org/software/autoconf-archive/ax_check_compile_flag.html +# https://www.gnu.org/software/autoconf-archive/ax_check_compile_flag.html # =========================================================================== # # SYNOPSIS # -# AX_CHECK_COMPILE_FLAG(FLAG, [ACTION-SUCCESS], [ACTION-FAILURE], [EXTRA-FLAGS]) +# AX_CHECK_COMPILE_FLAG(FLAG, [ACTION-SUCCESS], [ACTION-FAILURE], [EXTRA-FLAGS], [INPUT]) # # DESCRIPTION # @@ -19,6 +19,8 @@ # the flags: "CFLAGS EXTRA-FLAGS FLAG". This can for example be used to # force the compiler to issue an error when a bad flag is given. # +# INPUT gives an alternative input source to AC_COMPILE_IFELSE. +# # NOTE: Implementation based on AX_CFLAGS_GCC_OPTION. Please keep this # macro in sync with AX_CHECK_{PREPROC,LINK}_FLAG. # @@ -38,7 +40,7 @@ # Public License for more details. # # You should have received a copy of the GNU General Public License along -# with this program. If not, see . +# with this program. If not, see . # # As a special exception, the respective Autoconf Macro's copyright owner # gives unlimited permission to copy, distribute and modify the configure @@ -53,19 +55,19 @@ # modified version of the Autoconf Macro, you may extend this special # exception to the GPL to apply to your modified version as well. -#serial 2 +#serial 5 AC_DEFUN([AX_CHECK_COMPILE_FLAG], -[AC_PREREQ(2.59)dnl for _AC_LANG_PREFIX +[AC_PREREQ(2.64)dnl for _AC_LANG_PREFIX and AS_VAR_IF AS_VAR_PUSHDEF([CACHEVAR],[ax_cv_check_[]_AC_LANG_ABBREV[]flags_$4_$1])dnl AC_CACHE_CHECK([whether _AC_LANG compiler accepts $1], CACHEVAR, [ ax_check_save_flags=$[]_AC_LANG_PREFIX[]FLAGS _AC_LANG_PREFIX[]FLAGS="$[]_AC_LANG_PREFIX[]FLAGS $4 $1" - AC_COMPILE_IFELSE([AC_LANG_PROGRAM()], + AC_COMPILE_IFELSE([m4_default([$5],[AC_LANG_PROGRAM()])], [AS_VAR_SET(CACHEVAR,[yes])], [AS_VAR_SET(CACHEVAR,[no])]) _AC_LANG_PREFIX[]FLAGS=$ax_check_save_flags]) -AS_IF([test x"AS_VAR_GET(CACHEVAR)" = xyes], +AS_VAR_IF(CACHEVAR,yes, [m4_default([$2], :)], [m4_default([$3], :)]) AS_VAR_POPDEF([CACHEVAR])dnl diff --git a/m4/ax_check_library.m4 b/m4/ax_check_library.m4 index dd27ff41f..4def2f4d2 100644 --- a/m4/ax_check_library.m4 +++ b/m4/ax_check_library.m4 @@ -1,5 +1,5 @@ # =========================================================================== -# http://www.gnu.org/software/autoconf-archive/ax_check_library.html +# https://www.gnu.org/software/autoconf-archive/ax_check_library.html # =========================================================================== # # SYNOPSIS @@ -32,7 +32,6 @@ # # LICENSE # -# Copyright (c) 2012 Brian Aker # Copyright (c) 2010 Diego Elio Petteno` # # This program is free software: you can redistribute it and/or modify it @@ -46,7 +45,7 @@ # Public License for more details. # # You should have received a copy of the GNU General Public License along -# with this program. If not, see . +# with this program. If not, see . # # As a special exception, the respective Autoconf Macro's copyright owner # gives unlimited permission to copy, distribute and modify the configure @@ -61,35 +60,36 @@ # modified version of the Autoconf Macro, you may extend this special # exception to the GPL to apply to your modified version as well. -#serial 7 +#serial 5 -AC_DEFUN([AX_CHECK_LIBRARY], - [AC_ARG_VAR($1[_CPPFLAGS],[C preprocessor flags for ]$1[ headers]) - AC_ARG_VAR($1[_LDFLAGS],[linker flags for ]$1[ libraries]) +AC_DEFUN([AX_CHECK_LIBRARY], [ + AC_ARG_VAR($1[_CPPFLAGS], [C preprocessor flags for ]$1[ headers]) + AC_ARG_VAR($1[_LDFLAGS], [linker flags for ]$1[ libraries]) - AC_CACHE_VAL(AS_TR_SH([ax_cv_have_]$1), - [AX_SAVE_FLAGS + AC_CACHE_VAL(AS_TR_SH([ax_cv_have_]$1), + [save_CPPFLAGS="$CPPFLAGS" + save_LDFLAGS="$LDFLAGS" + save_LIBS="$LIBS" - AS_IF([test "x$]$1[_CPPFLAGS" != "x"], - [CPPFLAGS="$CPPFLAGS $]$1[_CPPFLAGS"]) + AS_IF([test "x$]$1[_CPPFLAGS" != "x"], + [CPPFLAGS="$CPPFLAGS $]$1[_CPPFLAGS"]) - AS_IF([test "x$]$1[_LDFLAGS" != "x"], - [LDFLAGS="$LDFLAGS $]$1[_LDFLAGS"]) + AS_IF([test "x$]$1[_LDFLAGS" != "x"], + [LDFLAGS="$LDFLAGS $]$1[_LDFLAGS"]) - AC_CHECK_HEADER($2, [ - AC_CHECK_LIB($3, [main], - [AS_TR_SH([ax_cv_have_]$1)=yes], - [AS_TR_SH([ax_cv_have_]$1)=no]) - ], [AS_TR_SH([ax_cv_have_]$1)=no]) + AC_CHECK_HEADER($2, [ + AC_CHECK_LIB($3, [main], + [AS_TR_SH([ax_cv_have_]$1)=yes], + [AS_TR_SH([ax_cv_have_]$1)=no]) + ], [AS_TR_SH([ax_cv_have_]$1)=no]) - AX_RESTORE_FLAGS - ]) - - AS_IF([test "$]AS_TR_SH([ax_cv_have_]$1)[" = "yes"], - [AC_DEFINE([HAVE_]$1, [1], [Define to 1 if ]$1[ is found]) - AC_SUBST($1[_CPPFLAGS]) - AC_SUBST($1[_LDFLAGS]) - AC_SUBST($1[_LIB],[-l]$3) - ifelse([$4], , :, [$4])], - [ifelse([$5], , :, [$5])]) + CPPFLAGS="$save_CPPFLAGS" + LDFLAGS="$save_LDFLAGS" + LIBS="$save_LIBS" ]) + + AS_IF([test "$]AS_TR_SH([ax_cv_have_]$1)[" = "yes"], + AC_DEFINE([HAVE_]$1, [1], [Define to 1 if ]$1[ is found]) + [$4], + [$5]) +]) diff --git a/m4/ax_check_link_flag.m4 b/m4/ax_check_link_flag.m4 index e2d0d363e..819409a20 100644 --- a/m4/ax_check_link_flag.m4 +++ b/m4/ax_check_link_flag.m4 @@ -1,10 +1,10 @@ # =========================================================================== -# http://www.gnu.org/software/autoconf-archive/ax_check_link_flag.html +# https://www.gnu.org/software/autoconf-archive/ax_check_link_flag.html # =========================================================================== # # SYNOPSIS # -# AX_CHECK_LINK_FLAG(FLAG, [ACTION-SUCCESS], [ACTION-FAILURE], [EXTRA-FLAGS]) +# AX_CHECK_LINK_FLAG(FLAG, [ACTION-SUCCESS], [ACTION-FAILURE], [EXTRA-FLAGS], [INPUT]) # # DESCRIPTION # @@ -19,6 +19,8 @@ # EXTRA-FLAGS FLAG". This can for example be used to force the linker to # issue an error when a bad flag is given. # +# INPUT gives an alternative input source to AC_LINK_IFELSE. +# # NOTE: Implementation based on AX_CFLAGS_GCC_OPTION. Please keep this # macro in sync with AX_CHECK_{PREPROC,COMPILE}_FLAG. # @@ -38,7 +40,7 @@ # Public License for more details. # # You should have received a copy of the GNU General Public License along -# with this program. If not, see . +# with this program. If not, see . # # As a special exception, the respective Autoconf Macro's copyright owner # gives unlimited permission to copy, distribute and modify the configure @@ -53,18 +55,19 @@ # modified version of the Autoconf Macro, you may extend this special # exception to the GPL to apply to your modified version as well. -#serial 2 +#serial 5 AC_DEFUN([AX_CHECK_LINK_FLAG], -[AS_VAR_PUSHDEF([CACHEVAR],[ax_cv_check_ldflags_$4_$1])dnl +[AC_PREREQ(2.64)dnl for _AC_LANG_PREFIX and AS_VAR_IF +AS_VAR_PUSHDEF([CACHEVAR],[ax_cv_check_ldflags_$4_$1])dnl AC_CACHE_CHECK([whether the linker accepts $1], CACHEVAR, [ ax_check_save_flags=$LDFLAGS LDFLAGS="$LDFLAGS $4 $1" - AC_LINK_IFELSE([AC_LANG_PROGRAM()], + AC_LINK_IFELSE([m4_default([$5],[AC_LANG_PROGRAM()])], [AS_VAR_SET(CACHEVAR,[yes])], [AS_VAR_SET(CACHEVAR,[no])]) LDFLAGS=$ax_check_save_flags]) -AS_IF([test x"AS_VAR_GET(CACHEVAR)" = xyes], +AS_VAR_IF(CACHEVAR,yes, [m4_default([$2], :)], [m4_default([$3], :)]) AS_VAR_POPDEF([CACHEVAR])dnl diff --git a/m4/ax_compiler_version.m4 b/m4/ax_compiler_version.m4 index e074cf743..0581d1bc0 100644 --- a/m4/ax_compiler_version.m4 +++ b/m4/ax_compiler_version.m4 @@ -1,100 +1,529 @@ # =========================================================================== -# https://github.com/BrianAker/ddm4/ +# https://www.gnu.org/software/autoconf-archive/ax_compiler_version.html # =========================================================================== # # SYNOPSIS # -# AX_COMPILER_VERSION() +# AX_COMPILER_VERSION # # DESCRIPTION # -# Capture version of C/C++ compiler +# This macro retrieves the compiler version and returns it in the cache +# variable $ax_cv_c_compiler_version for C and $ax_cv_cxx_compiler_version +# for C++. +# +# Version is returned as epoch:major.minor.patchversion +# +# Epoch is used in order to have an increasing version number in case of +# marketing change. +# +# Epoch use: * borland compiler use chronologically 0turboc for turboc +# era, +# +# 1borlanc BORLANDC++ before 5, 2cppbuilder for cppbuilder era, +# 3borlancpp for return of BORLANDC++ (after version 5.5), +# 4cppbuilder for cppbuilder with year version, +# and 5xe for XE era. +# +# An empty string is returned otherwise. # # LICENSE # -# Copyright (C) 2012 Brian Aker -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions are -# met: -# -# * Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# -# * Redistributions in binary form must reproduce the above -# copyright notice, this list of conditions and the following disclaimer -# in the documentation and/or other materials provided with the -# distribution. -# -# * The names of its contributors may not be used to endorse or -# promote products derived from this software without specific prior -# written permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR -# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT -# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT -# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# Copyright (c) 2014 Bastien ROUCARIES +# +# Copying and distribution of this file, with or without modification, are +# permitted in any medium without royalty provided the copyright notice +# and this notice are preserved. This file is offered as-is, without any +# warranty. -#serial 5 -AC_DEFUN([_C_COMPILER_VERSION], - [AC_MSG_CHECKING([C Compiler version]) +#serial 12 - AS_CASE(["$ax_cv_c_compiler_vendor"], - [sun],[ax_c_compiler_version=`$CC -V 2>&1 | sed 1q`], - [intel],[ax_c_compiler_version=`$CC --version 2>&1 | sed 1q`], - [clang],[ax_c_compiler_version=`$CC --version 2>&1 | sed 1q`], - [gnu],[ax_c_compiler_version=`$CC --version | sed 1q`], - [mingw],[ax_c_compiler_version=`$CC --version | sed 1q`], - [ax_c_compiler_version="unknown: $ax_cv_c_compiler_vendor"]) - - AC_MSG_RESULT(["$ax_c_compiler_version"]) - AC_SUBST([CC_VERSION_VENDOR],["$ax_cv_c_compiler_vendor"]) - AC_SUBST([CC_VERSION],["$ax_c_compiler_version"]) +# for intel +AC_DEFUN([_AX_COMPILER_VERSION_INTEL], + [ dnl + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_major, + [__INTEL_COMPILER/100],, + AC_MSG_FAILURE([[[$0]] unknown intel compiler version])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor, + [(__INTEL_COMPILER%100)/10],, + AC_MSG_FAILURE([[[$0]] unknown intel compiler version])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch, + [(__INTEL_COMPILER%10)],, + AC_MSG_FAILURE([[[$0]] unknown intel compiler version])) + ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="$_ax_[]_AC_LANG_ABBREV[]_compiler_version_major.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch" ]) -AC_DEFUN([_CXX_COMPILER_VERSION], - [AC_MSG_CHECKING([C++ Compiler version]) - - AS_CASE(["$ax_cv_c_compiler_vendor"], - [sun],[ax_cxx_compiler_version=`$CXX -V 2>&1 | sed 1q`], - [intel],[ax_cxx_compiler_version=`$CXX --version 2>&1 | sed 1q`], - [clang],[ax_cxx_compiler_version=`$CXX --version 2>&1 | sed 1q`], - [gnu],[ax_cxx_compiler_version=`$CXX --version | sed 1q`], - [mingw],[ax_cxx_compiler_version=`$CXX --version | sed 1q`], - [ax_cxx_compiler_version="unknown: $ax_cv_c_compiler_vendor"]) - - AC_MSG_RESULT(["$ax_cxx_compiler_version"]) - AC_SUBST([CXX_VERSION_VENDOR],["$ax_cv_c_compiler_vendor"]) - AC_SUBST([CXX_VERSION],["$ax_cxx_compiler_version"]) +# for IBM +AC_DEFUN([_AX_COMPILER_VERSION_IBM], + [ dnl + dnl check between z/OS C/C++ and XL C/C++ + AC_COMPILE_IFELSE([ + AC_LANG_PROGRAM([], + [ + #if defined(__COMPILER_VER__) + choke me; + #endif + ])], + [ + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_major, + [__xlC__/100],, + AC_MSG_FAILURE([[[$0]] unknown IBM compiler major version])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor, + [__xlC__%100],, + AC_MSG_FAILURE([[[$0]] unknown IBM compiler minor version])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch, + [__xlC_ver__/0x100],, + AC_MSG_FAILURE([[[$0]] unknown IBM compiler patch version])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_build, + [__xlC_ver__%0x100],, + AC_MSG_FAILURE([[[$0]] unknown IBM compiler build version])) + ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="$_ax_[]_AC_LANG_ABBREV[]_compiler_version_major.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_build" + ], + [ + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch, + [__xlC__%1000],, + AC_MSG_FAILURE([[[$0]] unknown IBM compiler patch version])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor, + [(__xlC__/10000)%10],, + AC_MSG_FAILURE([[[$0]] unknown IBM compiler minor version])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_major, + [(__xlC__/100000)%10],, + AC_MSG_FAILURE([[[$0]] unknown IBM compiler major version])) + ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="$_ax_[]_AC_LANG_ABBREV[]_compiler_version_major.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch" ]) +]) -AC_DEFUN([AX_COMPILER_VERSION], - [AC_REQUIRE([AX_COMPILER_VENDOR]) +# for pathscale +AC_DEFUN([_AX_COMPILER_VERSION_PATHSCALE],[ + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_major, + __PATHCC__,, + AC_MSG_FAILURE([[[$0]] unknown pathscale major])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor, + __PATHCC_MINOR__,, + AC_MSG_FAILURE([[[$0]] unknown pathscale minor])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch, + [__PATHCC_PATCHLEVEL__],, + AC_MSG_FAILURE([[[$0]] unknown pathscale patch level])) + ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="$_ax_[]_AC_LANG_ABBREV[]_compiler_version_major.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch" + ]) - AC_MSG_CHECKING([MINGW]) - AC_CHECK_DECL([__MINGW32__], - [MINGW=yes - ax_c_compiler_version_vendor=mingw], - [MINGW=no]) - AC_MSG_RESULT([$MINGW]) +# for clang +AC_DEFUN([_AX_COMPILER_VERSION_CLANG],[ + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_major, + __clang_major__,, + AC_MSG_FAILURE([[[$0]] unknown clang major])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor, + __clang_minor__,, + AC_MSG_FAILURE([[[$0]] unknown clang minor])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch, + [__clang_patchlevel__],,0) + ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="$_ax_[]_AC_LANG_ABBREV[]_compiler_version_major.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch" + ]) - AC_REQUIRE([_C_COMPILER_VERSION]) - AC_REQUIRE([_CXX_COMPILER_VERSION]) - AS_IF([test "x$GCC" = xyes], - [AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ -#if !defined(__GNUC__) || (__GNUC__ < 4) || ((__GNUC__ >= 4) && (__GNUC_MINOR__ < 7)) -# error GCC is Too Old! -#endif - ]])], - [ac_c_gcc_recent=yes], - [ac_c_gcc_recent=no]) +# for crayc +AC_DEFUN([_AX_COMPILER_VERSION_CRAY],[ + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_major, + _RELEASE,, + AC_MSG_FAILURE([[[$0]] unknown crayc release])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor, + _RELEASE_MINOR,, + AC_MSG_FAILURE([[[$0]] unknown crayc minor])) + ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="$_ax_[]_AC_LANG_ABBREV[]_compiler_version_major.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor" + ]) + +# for fujitsu +AC_DEFUN([_AX_COMPILER_VERSION_FUJITSU],[ + AC_COMPUTE_INT(ax_cv_[]_AC_LANG_ABBREV[]_compiler_version, + __FCC_VERSION,, + AC_MSG_FAILURE([[[$0]]unknown fujitsu release])) + ]) + +# for GNU +AC_DEFUN([_AX_COMPILER_VERSION_GNU],[ + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_major, + __GNUC__,, + AC_MSG_FAILURE([[[$0]] unknown gcc major])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor, + __GNUC_MINOR__,, + AC_MSG_FAILURE([[[$0]] unknown gcc minor])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch, + [__GNUC_PATCHLEVEL__],, + AC_MSG_FAILURE([[[$0]] unknown gcc patch level])) + ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="$_ax_[]_AC_LANG_ABBREV[]_compiler_version_major.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch" + ]) + +# For sun +AC_DEFUN([_AX_COMPILER_VERSION_SUN],[ + m4_define([_AX_COMPILER_VERSION_SUN_NUMBER], + [ + #if defined(__SUNPRO_CC) + __SUNPRO_CC + #else + __SUNPRO_C + #endif + ]) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_until59, + !!(_AX_COMPILER_VERSION_SUN_NUMBER < 0x1000),, + AC_MSG_FAILURE([[[$0]] unknown sun release version])) + AS_IF([test "X$_ax_[]_AC_LANG_ABBREV[]_compiler_version_until59" = X1], + [dnl + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch, + _AX_COMPILER_VERSION_SUN_NUMBER % 0x10,, + AC_MSG_FAILURE([[[$0]] unknown sun patch version])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor, + (_AX_COMPILER_VERSION_SUN_NUMBER / 0x10) % 0x10,, + AC_MSG_FAILURE([[[$0]] unknown sun minor version])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_major, + (_AX_COMPILER_VERSION_SUN_NUMBER / 0x100),, + AC_MSG_FAILURE([[[$0]] unknown sun major version])) + ], + [dnl + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch, + _AX_COMPILER_VERSION_SUN_NUMBER % 0x10,, + AC_MSG_FAILURE([[[$0]] unknown sun patch version])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor, + (_AX_COMPILER_VERSION_SUN_NUMBER / 0x100) % 0x100,, + AC_MSG_FAILURE([[[$0]] unknown sun minor version])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_major, + (_AX_COMPILER_VERSION_SUN_NUMBER / 0x1000),, + AC_MSG_FAILURE([[[$0]] unknown sun major version])) + ]) + ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="$_ax_[]_AC_LANG_ABBREV[]_compiler_version_major.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch" +]) + +AC_DEFUN([_AX_COMPILER_VERSION_HP],[ + m4_define([_AX_COMPILER_VERSION_HP_NUMBER], + [ + #if defined(__HP_cc) + __HP_cc + #else + __HP_aCC + #endif + ]) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_untilA0121, + !!(_AX_COMPILER_VERSION_HP_NUMBER <= 1),, + AC_MSG_FAILURE([[[$0]] unknown hp release version])) + AS_IF([test "X$_ax_[]_AC_LANG_ABBREV[]_compiler_version_untilA0121" = X1], + [dnl By default output last version with this behavior. + dnl it is so old + ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="01.21.00" + ], + [dnl + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch, + (_AX_COMPILER_VERSION_HP_NUMBER % 100),, + AC_MSG_FAILURE([[[$0]] unknown hp release version])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor, + ((_AX_COMPILER_VERSION_HP_NUMBER / 100)%100),, + AC_MSG_FAILURE([[[$0]] unknown hp minor version])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_major, + ((_AX_COMPILER_VERSION_HP_NUMBER / 10000)%100),, + AC_MSG_FAILURE([[[$0]] unknown hp major version])) + ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="$_ax_[]_AC_LANG_ABBREV[]_compiler_version_major.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch" + ]) +]) + +AC_DEFUN([_AX_COMPILER_VERSION_DEC],[dnl + m4_define([_AX_COMPILER_VERSION_DEC_NUMBER], + [ + #if defined(__DECC_VER) + __DECC_VER + #else + __DECCXX_VER + #endif + ]) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch, + (_AX_COMPILER_VERSION_DEC_NUMBER % 10000),, + AC_MSG_FAILURE([[[$0]] unknown dec release version])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor, + ((_AX_COMPILER_VERSION_DEC_NUMBER / 100000UL)%100),, + AC_MSG_FAILURE([[[$0]] unknown dec minor version])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_major, + ((_AX_COMPILER_VERSION_DEC_NUMBER / 10000000UL)%100),, + AC_MSG_FAILURE([[[$0]] unknown dec major version])) + ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="$_ax_[]_AC_LANG_ABBREV[]_compiler_version_major.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch" + ]) + +# borland +AC_DEFUN([_AX_COMPILER_VERSION_BORLAND],[dnl + m4_define([_AX_COMPILER_VERSION_TURBOC_NUMBER], + [ + #if defined(__TURBOC__) + __TURBOC__ + #else + choke me + #endif + ]) + m4_define([_AX_COMPILER_VERSION_BORLANDC_NUMBER], + [ + #if defined(__BORLANDC__) + __BORLANDC__ + #else + __CODEGEARC__ + #endif + ]) + AC_COMPILE_IFELSE( + [AC_LANG_PROGRAM(, + _AX_COMPILER_VERSION_TURBOC_NUMBER)], + [dnl TURBOC + AC_COMPUTE_INT( + _ax_[]_AC_LANG_ABBREV[]_compiler_version_turboc_raw, + _AX_COMPILER_VERSION_TURBOC_NUMBER,, + AC_MSG_FAILURE([[[$0]] unknown turboc version])) + AS_IF( + [test $_ax_[]_AC_LANG_ABBREV[]_compiler_version_turboc_raw -lt 661 || test $_ax_[]_AC_LANG_ABBREV[]_compiler_version_turboc_raw -gt 1023], + [dnl compute normal version + AC_COMPUTE_INT( + _ax_[]_AC_LANG_ABBREV[]_compiler_version_minor, + _AX_COMPILER_VERSION_TURBOC_NUMBER % 0x100,, + AC_MSG_FAILURE([[[$0]] unknown turboc minor version])) + AC_COMPUTE_INT( + _ax_[]_AC_LANG_ABBREV[]_compiler_version_major, + (_AX_COMPILER_VERSION_TURBOC_NUMBER/0x100)%0x100,, + AC_MSG_FAILURE([[[$0]] unknown turboc major version])) + ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="0turboc:$_ax_[]_AC_LANG_ABBREV[]_compiler_version_major.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor"], + [dnl special version + AS_CASE([$_ax_[]_AC_LANG_ABBREV[]_compiler_version_turboc_raw], + [661],[ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="0turboc:1.00"], + [662],[ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="0turboc:1.01"], + [663],[ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="0turboc:2.00"], + [ + AC_MSG_WARN([[[$0]] unknown turboc version between 0x295 and 0x400 please report bug]) + ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="" + ]) + ]) + ], + # borlandc + [ + AC_COMPUTE_INT( + _ax_[]_AC_LANG_ABBREV[]_compiler_version_borlandc_raw, + _AX_COMPILER_VERSION_BORLANDC_NUMBER,, + AC_MSG_FAILURE([[[$0]] unknown borlandc version])) + AS_CASE([$_ax_[]_AC_LANG_ABBREV[]_compiler_version_borlandc_raw], + dnl BORLANDC++ before 5.5 + [512] ,[ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="1borlanc:2.00"], + [1024],[ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="1borlanc:3.00"], + [1024],[ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="1borlanc:3.00"], + [1040],[ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="1borlanc:3.1"], + [1106],[ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="1borlanc:4.0"], + [1280],[ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="1borlanc:5.0"], + [1312],[ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="1borlanc:5.02"], + dnl C++ Builder era + [1328],[ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="2cppbuilder:3.0"], + [1344],[ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="2cppbuilder:4.0"], + dnl BORLANDC++ after 5.5 + [1360],[ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="3borlancpp:5.5"], + [1361],[ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="3borlancpp:5.51"], + [1378],[ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="3borlancpp:5.6.4"], + dnl C++ Builder with year number + [1392],[ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="4cppbuilder:2006"], + [1424],[ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="4cppbuilder:2007"], + [1555],[ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="4cppbuilder:2009"], + [1569],[ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="4cppbuilder:2010"], + dnl XE version + [1584],[ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="5xe"], + [1600],[ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="5xe:2"], + [1616],[ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="5xe:3"], + [1632],[ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="5xe:4"], + [ + AC_MSG_WARN([[[$0]] Unknown borlandc compiler version $_ax_[]_AC_LANG_ABBREV[]_compiler_version_borlandc_raw please report bug]) ]) ]) + ]) + +# COMO +AC_DEFUN([_AX_COMPILER_VERSION_COMEAU], + [ dnl + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor, + [__COMO_VERSION__%100],, + AC_MSG_FAILURE([[[$0]] unknown comeau compiler minor version])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_major, + [(__COMO_VERSION__/100)%10],, + AC_MSG_FAILURE([[[$0]] unknown comeau compiler major version])) + ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="$_ax_[]_AC_LANG_ABBREV[]_compiler_version_major.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor" + ]) + +# KAI +AC_DEFUN([_AX_COMPILER_VERSION_KAI],[ + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch, + [__KCC_VERSION%100],, + AC_MSG_FAILURE([[[$0]] unknown kay compiler patch version])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor, + [(__KCC_VERSION/100)%10],, + AC_MSG_FAILURE([[[$0]] unknown kay compiler minor version])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_major, + [(__KCC_VERSION/1000)%10],, + AC_MSG_FAILURE([[[$0]] unknown kay compiler major version])) + ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="$_ax_[]_AC_LANG_ABBREV[]_compiler_version_major.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch" + ]) + +dnl LCC +dnl LCC does not output version... + +# SGI +AC_DEFUN([_AX_COMPILER_VERSION_SGI],[ + m4_define([_AX_COMPILER_VERSION_SGI_NUMBER], + [ + #if defined(_COMPILER_VERSION) + _COMPILER_VERSION + #else + _SGI_COMPILER_VERSION + #endif + ]) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch, + [_AX_COMPILER_VERSION_SGI_NUMBER%10],, + AC_MSG_FAILURE([[[$0]] unknown SGI compiler patch version])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor, + [(_AX_COMPILER_VERSION_SGI_NUMBER/10)%10],, + AC_MSG_FAILURE([[[$0]] unknown SGI compiler minor version])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_major, + [(_AX_COMPILER_VERSION_SGI_NUMBER/100)%10],, + AC_MSG_FAILURE([[[$0]] unknown SGI compiler major version])) + ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="$_ax_[]_AC_LANG_ABBREV[]_compiler_version_major.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch" + ]) + +# microsoft +AC_DEFUN([_AX_COMPILER_VERSION_MICROSOFT],[ + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor, + _MSC_VER%100,, + AC_MSG_FAILURE([[[$0]] unknown microsoft compiler minor version])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_major, + (_MSC_VER/100)%100,, + AC_MSG_FAILURE([[[$0]] unknown microsoft compiler major version])) + dnl could be overridden + _ax_[]_AC_LANG_ABBREV[]_compiler_version_patch=0 + _ax_[]_AC_LANG_ABBREV[]_compiler_version_build=0 + # special case for version 6 + AS_IF([test "X$_ax_[]_AC_LANG_ABBREV[]_compiler_version_major" = "X12"], + [AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch, + _MSC_FULL_VER%1000,, + _ax_[]_AC_LANG_ABBREV[]_compiler_version_patch=0)]) + # for version 7 + AS_IF([test "X$_ax_[]_AC_LANG_ABBREV[]_compiler_version_major" = "X13"], + [AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch, + _MSC_FULL_VER%1000,, + AC_MSG_FAILURE([[[$0]] unknown microsoft compiler patch version])) + ]) + # for version > 8 + AS_IF([test $_ax_[]_AC_LANG_ABBREV[]_compiler_version_major -ge 14], + [AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch, + _MSC_FULL_VER%10000,, + AC_MSG_FAILURE([[[$0]] unknown microsoft compiler patch version])) + ]) + AS_IF([test $_ax_[]_AC_LANG_ABBREV[]_compiler_version_major -ge 15], + [AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_build, + _MSC_BUILD,, + AC_MSG_FAILURE([[[$0]] unknown microsoft compiler build version])) + ]) + ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="$_ax_[]_AC_LANG_ABBREV[]_compiler_version_major.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_build" + ]) + +# for metrowerks +AC_DEFUN([_AX_COMPILER_VERSION_METROWERKS],[dnl + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch, + __MWERKS__%0x100,, + AC_MSG_FAILURE([[[$0]] unknown metrowerks compiler patch version])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor, + (__MWERKS__/0x100)%0x10,, + AC_MSG_FAILURE([[[$0]] unknown metrowerks compiler minor version])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_major, + (__MWERKS__/0x1000)%0x10,, + AC_MSG_FAILURE([[[$0]] unknown metrowerks compiler major version])) + ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="$_ax_[]_AC_LANG_ABBREV[]_compiler_version_major.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch" + ]) + +# for watcom +AC_DEFUN([_AX_COMPILER_VERSION_WATCOM],[dnl + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor, + __WATCOMC__%100,, + AC_MSG_FAILURE([[[$0]] unknown watcom compiler minor version])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_major, + (__WATCOMC__/100)%100,, + AC_MSG_FAILURE([[[$0]] unknown watcom compiler major version])) + ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="$_ax_[]_AC_LANG_ABBREV[]_compiler_version_major.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor" + ]) + +# for PGI +AC_DEFUN([_AX_COMPILER_VERSION_PORTLAND],[ + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_major, + __PGIC__,, + AC_MSG_FAILURE([[[$0]] unknown pgi major])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor, + __PGIC_MINOR__,, + AC_MSG_FAILURE([[[$0]] unknown pgi minor])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch, + [__PGIC_PATCHLEVEL__],, + AC_MSG_FAILURE([[[$0]] unknown pgi patch level])) + ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="$_ax_[]_AC_LANG_ABBREV[]_compiler_version_major.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch" + ]) + +# tcc +AC_DEFUN([_AX_COMPILER_VERSION_TCC],[ + ax_cv_[]_AC_LANG_ABBREV[]_compiler_version=[`tcc -v | $SED 's/^[ ]*tcc[ ]\+version[ ]\+\([0-9.]\+\).*/\1/g'`] + ]) + +# for GNU +AC_DEFUN([_AX_COMPILER_VERSION_SDCC],[ + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_major, + /* avoid parse error with comments */ + #if(defined(__SDCC_VERSION_MAJOR)) + __SDCC_VERSION_MAJOR + #else + SDCC/100 + #endif + ,, + AC_MSG_FAILURE([[[$0]] unknown sdcc major])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor, + /* avoid parse error with comments */ + #if(defined(__SDCC_VERSION_MINOR)) + __SDCC_VERSION_MINOR + #else + (SDCC%100)/10 + #endif + ,, + AC_MSG_FAILURE([[[$0]] unknown sdcc minor])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch, + [ + /* avoid parse error with comments */ + #if(defined(__SDCC_VERSION_PATCH)) + __SDCC_VERSION_PATCH + #elsif(defined(_SDCC_VERSION_PATCHLEVEL)) + __SDCC_VERSION_PATCHLEVEL + #else + SDCC%10 + #endif + ],, + AC_MSG_FAILURE([[[$0]] unknown sdcc patch level])) + ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="$_ax_[]_AC_LANG_ABBREV[]_compiler_version_major.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch" + ]) + +# main entry point +AC_DEFUN([AX_COMPILER_VERSION],[dnl + AC_REQUIRE([AX_COMPILER_VENDOR]) + AC_REQUIRE([AC_PROG_SED]) + AC_CACHE_CHECK([for _AC_LANG compiler version], + ax_cv_[]_AC_LANG_ABBREV[]_compiler_version, + [ dnl + AS_CASE([$ax_cv_[]_AC_LANG_ABBREV[]_compiler_vendor], + [intel],[_AX_COMPILER_VERSION_INTEL], + [ibm],[_AX_COMPILER_VERSION_IBM], + [pathscale],[_AX_COMPILER_VERSION_PATHSCALE], + [clang],[_AX_COMPILER_VERSION_CLANG], + [cray],[_AX_COMPILER_VERSION_CRAY], + [fujitsu],[_AX_COMPILER_VERSION_FUJITSU], + [gnu],[_AX_COMPILER_VERSION_GNU], + [sun],[_AX_COMPILER_VERSION_SUN], + [hp],[_AX_COMPILER_VERSION_HP], + [dec],[_AX_COMPILER_VERSION_DEC], + [borland],[_AX_COMPILER_VERSION_BORLAND], + [comeau],[_AX_COMPILER_VERSION_COMEAU], + [kai],[_AX_COMPILER_VERSION_KAI], + [sgi],[_AX_COMPILER_VERSION_SGI], + [microsoft],[_AX_COMPILER_VERSION_MICROSOFT], + [metrowerks],[_AX_COMPILER_VERSION_METROWERKS], + [watcom],[_AX_COMPILER_VERSION_WATCOM], + [portland],[_AX_COMPILER_VERSION_PORTLAND], + [tcc],[_AX_COMPILER_VERSION_TCC], + [sdcc],[_AX_COMPILER_VERSION_SDCC], + [ax_cv_[]_AC_LANG_ABBREV[]_compiler_version=""]) + ]) +]) diff --git a/m4/ax_count_cpus.m4 b/m4/ax_count_cpus.m4 index d4f3d290f..5db892553 100644 --- a/m4/ax_count_cpus.m4 +++ b/m4/ax_count_cpus.m4 @@ -1,20 +1,24 @@ # =========================================================================== -# http://www.gnu.org/software/autoconf-archive/ax_count_cpus.html +# https://www.gnu.org/software/autoconf-archive/ax_count_cpus.html # =========================================================================== # # SYNOPSIS # -# AX_COUNT_CPUS +# AX_COUNT_CPUS([ACTION-IF-DETECTED],[ACTION-IF-NOT-DETECTED]) # # DESCRIPTION # -# Attempt to count the number of processors present on the machine. If the -# detection fails, then a value of 1 is assumed. +# Attempt to count the number of logical processor cores (including +# virtual and HT cores) currently available to use on the machine and +# place detected value in CPU_COUNT variable. # -# The value is placed in the CPU_COUNT variable. +# On successful detection, ACTION-IF-DETECTED is executed if present. If +# the detection fails, then ACTION-IF-NOT-DETECTED is triggered. The +# default ACTION-IF-NOT-DETECTED is to set CPU_COUNT to 1. # # LICENSE # +# Copyright (c) 2014,2016 Karlson2k (Evgeny Grin) # Copyright (c) 2012 Brian Aker # Copyright (c) 2008 Michael Paul Bailey # Copyright (c) 2008 Christophe Tournayre @@ -24,34 +28,74 @@ # and this notice are preserved. This file is offered as-is, without any # warranty. -#serial 10 +#serial 22 - AC_DEFUN([AX_COUNT_CPUS],[ - AC_REQUIRE([AC_CANONICAL_HOST]) - AC_REQUIRE([AC_PROG_EGREP]) + AC_DEFUN([AX_COUNT_CPUS],[dnl + AC_REQUIRE([AC_CANONICAL_HOST])dnl + AC_REQUIRE([AC_PROG_EGREP])dnl AC_MSG_CHECKING([the number of available CPUs]) CPU_COUNT="0" - AS_CASE([$host_os],[ - *darwin*],[ - AS_IF([test -x /usr/sbin/sysctl],[ - sysctl_a=`/usr/sbin/sysctl -a 2>/dev/null| grep -c hw.cpu` - AS_IF([test sysctl_a],[ - CPU_COUNT=`/usr/sbin/sysctl -n hw.ncpu` - ]) - ])],[ - *linux*],[ - AS_IF([test "x$CPU_COUNT" = "x0" -a -e /proc/cpuinfo],[ - AS_IF([test "x$CPU_COUNT" = "x0" -a -e /proc/cpuinfo],[ - CPU_COUNT=`$EGREP -c '^processor' /proc/cpuinfo` - ]) - ]) - ]) + # Try generic methods - AS_IF([test "x$CPU_COUNT" = "x0"],[ - CPU_COUNT="1" - AC_MSG_RESULT( [unable to detect (assuming 1)] ) - ],[ - AC_MSG_RESULT( $CPU_COUNT ) - ]) - ]) + # 'getconf' is POSIX utility, but '_NPROCESSORS_ONLN' and + # 'NPROCESSORS_ONLN' are platform-specific + command -v getconf >/dev/null 2>&1 && \ + CPU_COUNT=`getconf _NPROCESSORS_ONLN 2>/dev/null || getconf NPROCESSORS_ONLN 2>/dev/null` || CPU_COUNT="0" + AS_IF([[test "$CPU_COUNT" -gt "0" 2>/dev/null || ! command -v nproc >/dev/null 2>&1]],[[: # empty]],[dnl + # 'nproc' is part of GNU Coreutils and is widely available + CPU_COUNT=`OMP_NUM_THREADS='' nproc 2>/dev/null` || CPU_COUNT=`nproc 2>/dev/null` || CPU_COUNT="0" + ])dnl + + AS_IF([[test "$CPU_COUNT" -gt "0" 2>/dev/null]],[[: # empty]],[dnl + # Try platform-specific preferred methods + AS_CASE([[$host_os]],dnl + [[*linux*]],[[CPU_COUNT=`lscpu -p 2>/dev/null | $EGREP -e '^@<:@0-9@:>@+,' -c` || CPU_COUNT="0"]],dnl + [[*darwin*]],[[CPU_COUNT=`sysctl -n hw.logicalcpu 2>/dev/null` || CPU_COUNT="0"]],dnl + [[freebsd*]],[[command -v sysctl >/dev/null 2>&1 && CPU_COUNT=`sysctl -n kern.smp.cpus 2>/dev/null` || CPU_COUNT="0"]],dnl + [[netbsd*]], [[command -v sysctl >/dev/null 2>&1 && CPU_COUNT=`sysctl -n hw.ncpuonline 2>/dev/null` || CPU_COUNT="0"]],dnl + [[solaris*]],[[command -v psrinfo >/dev/null 2>&1 && CPU_COUNT=`psrinfo 2>/dev/null | $EGREP -e '^@<:@0-9@:>@.*on-line' -c 2>/dev/null` || CPU_COUNT="0"]],dnl + [[mingw*]],[[CPU_COUNT=`ls -qpU1 /proc/registry/HKEY_LOCAL_MACHINE/HARDWARE/DESCRIPTION/System/CentralProcessor/ 2>/dev/null | $EGREP -e '^@<:@0-9@:>@+/' -c` || CPU_COUNT="0"]],dnl + [[msys*]],[[CPU_COUNT=`ls -qpU1 /proc/registry/HKEY_LOCAL_MACHINE/HARDWARE/DESCRIPTION/System/CentralProcessor/ 2>/dev/null | $EGREP -e '^@<:@0-9@:>@+/' -c` || CPU_COUNT="0"]],dnl + [[cygwin*]],[[CPU_COUNT=`ls -qpU1 /proc/registry/HKEY_LOCAL_MACHINE/HARDWARE/DESCRIPTION/System/CentralProcessor/ 2>/dev/null | $EGREP -e '^@<:@0-9@:>@+/' -c` || CPU_COUNT="0"]]dnl + )dnl + ])dnl + + AS_IF([[test "$CPU_COUNT" -gt "0" 2>/dev/null || ! command -v sysctl >/dev/null 2>&1]],[[: # empty]],[dnl + # Try less preferred generic method + # 'hw.ncpu' exist on many platforms, but not on GNU/Linux + CPU_COUNT=`sysctl -n hw.ncpu 2>/dev/null` || CPU_COUNT="0" + ])dnl + + AS_IF([[test "$CPU_COUNT" -gt "0" 2>/dev/null]],[[: # empty]],[dnl + # Try platform-specific fallback methods + # They can be less accurate and slower then preferred methods + AS_CASE([[$host_os]],dnl + [[*linux*]],[[CPU_COUNT=`$EGREP -e '^processor' -c /proc/cpuinfo 2>/dev/null` || CPU_COUNT="0"]],dnl + [[*darwin*]],[[CPU_COUNT=`system_profiler SPHardwareDataType 2>/dev/null | $EGREP -i -e 'number of cores:'|cut -d : -f 2 -s|tr -d ' '` || CPU_COUNT="0"]],dnl + [[freebsd*]],[[CPU_COUNT=`dmesg 2>/dev/null| $EGREP -e '^cpu@<:@0-9@:>@+: '|sort -u|$EGREP -e '^' -c` || CPU_COUNT="0"]],dnl + [[netbsd*]], [[CPU_COUNT=`command -v cpuctl >/dev/null 2>&1 && cpuctl list 2>/dev/null| $EGREP -e '^@<:@0-9@:>@+ .* online ' -c` || \ + CPU_COUNT=`dmesg 2>/dev/null| $EGREP -e '^cpu@<:@0-9@:>@+ at'|sort -u|$EGREP -e '^' -c` || CPU_COUNT="0"]],dnl + [[solaris*]],[[command -v kstat >/dev/null 2>&1 && CPU_COUNT=`kstat -m cpu_info -s state -p 2>/dev/null | $EGREP -c -e 'on-line'` || \ + CPU_COUNT=`kstat -m cpu_info 2>/dev/null | $EGREP -c -e 'module: cpu_info'` || CPU_COUNT="0"]],dnl + [[mingw*]],[AS_IF([[CPU_COUNT=`reg query 'HKLM\\Hardware\\Description\\System\\CentralProcessor' 2>/dev/null | $EGREP -e '\\\\@<:@0-9@:>@+$' -c`]],dnl + [[: # empty]],[[test "$NUMBER_OF_PROCESSORS" -gt "0" 2>/dev/null && CPU_COUNT="$NUMBER_OF_PROCESSORS"]])],dnl + [[msys*]],[[test "$NUMBER_OF_PROCESSORS" -gt "0" 2>/dev/null && CPU_COUNT="$NUMBER_OF_PROCESSORS"]],dnl + [[cygwin*]],[[test "$NUMBER_OF_PROCESSORS" -gt "0" 2>/dev/null && CPU_COUNT="$NUMBER_OF_PROCESSORS"]]dnl + )dnl + ])dnl + + AS_IF([[test "x$CPU_COUNT" != "x0" && test "$CPU_COUNT" -gt 0 2>/dev/null]],[dnl + AC_MSG_RESULT([[$CPU_COUNT]]) + m4_ifvaln([$1],[$1],)dnl + ],[dnl + m4_ifval([$2],[dnl + AS_UNSET([[CPU_COUNT]]) + AC_MSG_RESULT([[unable to detect]]) + $2 + ], [dnl + CPU_COUNT="1" + AC_MSG_RESULT([[unable to detect (assuming 1)]]) + ])dnl + ])dnl + ])dnl diff --git a/m4/ax_file_escapes.m4 b/m4/ax_file_escapes.m4 index f4c6a06ae..a86fdc326 100644 --- a/m4/ax_file_escapes.m4 +++ b/m4/ax_file_escapes.m4 @@ -1,5 +1,5 @@ # =========================================================================== -# http://www.gnu.org/software/autoconf-archive/ax_file_escapes.html +# https://www.gnu.org/software/autoconf-archive/ax_file_escapes.html # =========================================================================== # # SYNOPSIS @@ -19,7 +19,7 @@ # and this notice are preserved. This file is offered as-is, without any # warranty. -#serial 7 +#serial 8 AC_DEFUN([AX_FILE_ESCAPES],[ AX_DOLLAR="\$" diff --git a/m4/ax_print_to_file.m4 b/m4/ax_print_to_file.m4 index 5b9d1c391..8aa71120d 100644 --- a/m4/ax_print_to_file.m4 +++ b/m4/ax_print_to_file.m4 @@ -1,5 +1,5 @@ # =========================================================================== -# http://www.gnu.org/software/autoconf-archive/ax_print_to_file.html +# https://www.gnu.org/software/autoconf-archive/ax_print_to_file.html # =========================================================================== # # SYNOPSIS @@ -19,7 +19,7 @@ # and this notice are preserved. This file is offered as-is, without any # warranty. -#serial 7 +#serial 8 AC_DEFUN([AX_PRINT_TO_FILE],[ AC_REQUIRE([AX_FILE_ESCAPES]) diff --git a/m4/visibility.m4 b/m4/visibility.m4 index 757154f33..7e9976475 100644 --- a/m4/visibility.m4 +++ b/m4/visibility.m4 @@ -1,5 +1,5 @@ # visibility.m4 serial 5 (gettext-0.18.2) -dnl Copyright (C) 2005, 2008, 2010-2014 Free Software Foundation, Inc. +dnl Copyright (C) 2005, 2008, 2010-2018 Free Software Foundation, Inc. dnl This file is free software; the Free Software Foundation dnl gives unlimited permission to copy and/or distribute it, dnl with or without modifications, as long as this notice is preserved. @@ -58,7 +58,7 @@ AC_DEFUN([gl_VISIBILITY], extern __attribute__((__visibility__("default"))) int exportedvar; extern __attribute__((__visibility__("hidden"))) int hiddenfunc (void); extern __attribute__((__visibility__("default"))) int exportedfunc (void); - int hiddenfunc (void) { return 0; } + void dummyfunc (void) {} ]], [[]])], [gl_cv_cc_visibility=yes], From 11065f9222276124d355effb768b94ab4b056238 Mon Sep 17 00:00:00 2001 From: John Safranek Date: Tue, 17 Apr 2018 13:23:17 -0700 Subject: [PATCH 003/146] added the missing macro file ax_require_defined.m4. --- m4/ax_require_defined.m4 | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100644 m4/ax_require_defined.m4 diff --git a/m4/ax_require_defined.m4 b/m4/ax_require_defined.m4 new file mode 100644 index 000000000..17c3eab7d --- /dev/null +++ b/m4/ax_require_defined.m4 @@ -0,0 +1,37 @@ +# =========================================================================== +# https://www.gnu.org/software/autoconf-archive/ax_require_defined.html +# =========================================================================== +# +# SYNOPSIS +# +# AX_REQUIRE_DEFINED(MACRO) +# +# DESCRIPTION +# +# AX_REQUIRE_DEFINED is a simple helper for making sure other macros have +# been defined and thus are available for use. This avoids random issues +# where a macro isn't expanded. Instead the configure script emits a +# non-fatal: +# +# ./configure: line 1673: AX_CFLAGS_WARN_ALL: command not found +# +# It's like AC_REQUIRE except it doesn't expand the required macro. +# +# Here's an example: +# +# AX_REQUIRE_DEFINED([AX_CHECK_LINK_FLAG]) +# +# LICENSE +# +# Copyright (c) 2014 Mike Frysinger +# +# Copying and distribution of this file, with or without modification, are +# permitted in any medium without royalty provided the copyright notice +# and this notice are preserved. This file is offered as-is, without any +# warranty. + +#serial 2 + +AC_DEFUN([AX_REQUIRE_DEFINED], [dnl + m4_ifndef([$1], [m4_fatal([macro ]$1[ is not defined; is a m4 file missing?])]) +])dnl AX_REQUIRE_DEFINED From 4f0893bda5af3c4bbb68f5a6db88a3cc79486c89 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Mon, 7 May 2018 14:16:27 -0600 Subject: [PATCH 004/146] fix ecc public key print with X509 print function --- src/ssl.c | 73 ++++++++++++++++++++++++++++++++++++------------------- 1 file changed, 48 insertions(+), 25 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 2d33b4d7a..d4239b138 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -16300,8 +16300,10 @@ WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509* x509) != 0) { return WOLFSSL_FAILURE; } - if (wc_ecc_import_x963(x509->pubKey.buffer, - x509->pubKey.length, &ecc) != 0) { + + i = 0; + if (wc_EccPublicKeyDecode(x509->pubKey.buffer, &i, + &ecc, x509->pubKey.length) != 0) { wc_ecc_free(&ecc); return WOLFSSL_FAILURE; } @@ -16315,41 +16317,62 @@ WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509* x509) return WOLFSSL_FAILURE; } XSNPRINTF(tmp, sizeof(tmp) - 1," "); - for (i = 0; i < x509->pubKey.length; i++) { - char val[5]; - int valSz = 5; + { + word32 derSz; + byte* der; - if (i == 0) { - XSNPRINTF(val, valSz - 1, "%02x", - x509->pubKey.buffer[i]); + derSz = wc_ecc_size(&ecc) * WOLFSSL_BIT_SIZE; + der = XMALLOC(derSz, x509->heap, + DYNAMIC_TYPE_TMP_BUFFER); + if (der == NULL) { + wc_ecc_free(&ecc); + return WOLFSSL_FAILURE; } - else if ((i % 15) == 0) { - tmp[sizeof(tmp) - 1] = '\0'; - if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) - <= 0) { - wc_ecc_free(&ecc); - return WOLFSSL_FAILURE; + + if (wc_ecc_export_x963(&ecc, der, &derSz) != 0) { + wc_ecc_free(&ecc); + XFREE(der, x509->heap, DYNAMIC_TYPE_TMP_BUFFER); + return WOLFSSL_FAILURE; + } + for (i = 0; i < derSz; i++) { + char val[5]; + int valSz = 5; + + if (i == 0) { + XSNPRINTF(val, valSz - 1, "%02x", der[i]); } - XSNPRINTF(tmp, sizeof(tmp) - 1, + else if ((i % 15) == 0) { + tmp[sizeof(tmp) - 1] = '\0'; + if (wolfSSL_BIO_write(bio, tmp, + (int)XSTRLEN(tmp)) <= 0) { + wc_ecc_free(&ecc); + XFREE(der, x509->heap, + DYNAMIC_TYPE_TMP_BUFFER); + return WOLFSSL_FAILURE; + } + XSNPRINTF(tmp, sizeof(tmp) - 1, ":\n "); - XSNPRINTF(val, valSz - 1, "%02x", - x509->pubKey.buffer[i]); + XSNPRINTF(val, valSz - 1, "%02x", der[i]); + } + else { + XSNPRINTF(val, valSz - 1, ":%02x", der[i]); + } + XSTRNCAT(tmp, val, valSz); } - else { - XSNPRINTF(val, valSz - 1, ":%02x", - x509->pubKey.buffer[i]); - } - XSTRNCAT(tmp, val, valSz); - } - /* print out remaning modulus values */ - if ((i > 0) && (((i - 1) % 15) != 0)) { + /* print out remaning modulus values */ + if ((i > 0) && (((i - 1) % 15) != 0)) { tmp[sizeof(tmp) - 1] = '\0'; if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) { wc_ecc_free(&ecc); + XFREE(der, x509->heap, + DYNAMIC_TYPE_TMP_BUFFER); return WOLFSSL_FAILURE; } + } + + XFREE(der, x509->heap, DYNAMIC_TYPE_TMP_BUFFER); } XSNPRINTF(tmp, sizeof(tmp) - 1, "\n%s%s: %s\n", " ", "ASN1 OID", From 4ee957afa38de9f8fb6842cc9702133d7958cf94 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Tue, 8 May 2018 10:19:51 -0600 Subject: [PATCH 005/146] fix for relative URI detection --- wolfcrypt/src/asn.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index ce2532a9e..e7d1f908b 100755 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -5717,7 +5717,7 @@ static int DecodeAltNames(byte* input, int sz, DecodedCert* cert) /* Verify RFC 5280 Sec 4.2.1.6 rule: "The name MUST NOT be a relative URI" */ - if (XSTRNCMP((const char*)&input[idx], "://", strLen + 1) != 0) { + if (XSTRNSTR((const char*)&input[idx], "://", strLen + 1) == NULL) { WOLFSSL_MSG("\tAlt Name must be absolute URI"); return ASN_ALT_NAME_E; } From bb979980ca50bb0a79a028f36ca7c467a1346f33 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Tue, 8 May 2018 16:24:41 -0600 Subject: [PATCH 006/146] add test case for parsing URI from certificate --- certs/client-uri-cert.pem | 89 ++++++++++++++++++++++++++++++++++++ certs/renewcerts.sh | 16 +++++++ certs/renewcerts/wolfssl.cnf | 7 +++ tests/api.c | 21 +++++++++ 4 files changed, 133 insertions(+) create mode 100644 certs/client-uri-cert.pem diff --git a/certs/client-uri-cert.pem b/certs/client-uri-cert.pem new file mode 100644 index 000000000..1a96baccd --- /dev/null +++ b/certs/client-uri-cert.pem @@ -0,0 +1,89 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 9402123678722384441 (0x827b0dabd4896239) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Montana, L=Bozeman, O=wolfSSL_2048, OU=URI, CN=www.wolfssl.com/emailAddress=info@wolfssl.com + Validity + Not Before: May 8 21:54:16 2018 GMT + Not After : Feb 1 21:54:16 2021 GMT + Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL_2048, OU=URI, CN=www.wolfssl.com/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c3:03:d1:2b:fe:39:a4:32:45:3b:53:c8:84:2b: + 2a:7c:74:9a:bd:aa:2a:52:07:47:d6:a6:36:b2:07: + 32:8e:d0:ba:69:7b:c6:c3:44:9e:d4:81:48:fd:2d: + 68:a2:8b:67:bb:a1:75:c8:36:2c:4a:d2:1b:f7:8b: + ba:cf:0d:f9:ef:ec:f1:81:1e:7b:9b:03:47:9a:bf: + 65:cc:7f:65:24:69:a6:e8:14:89:5b:e4:34:f7:c5: + b0:14:93:f5:67:7b:3a:7a:78:e1:01:56:56:91:a6: + 13:42:8d:d2:3c:40:9c:4c:ef:d1:86:df:37:51:1b: + 0c:a1:3b:f5:f1:a3:4a:35:e4:e1:ce:96:df:1b:7e: + bf:4e:97:d0:10:e8:a8:08:30:81:af:20:0b:43:14: + c5:74:67:b4:32:82:6f:8d:86:c2:88:40:99:36:83: + ba:1e:40:72:22:17:d7:52:65:24:73:b0:ce:ef:19: + cd:ae:ff:78:6c:7b:c0:12:03:d4:4e:72:0d:50:6d: + 3b:a3:3b:a3:99:5e:9d:c8:d9:0c:85:b3:d9:8a:d9: + 54:26:db:6d:fa:ac:bb:ff:25:4c:c4:d1:79:f4:71: + d3:86:40:18:13:b0:63:b5:72:4e:30:c4:97:84:86: + 2d:56:2f:d7:15:f7:7f:c0:ae:f5:fc:5b:e5:fb:a1: + ba:d3 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 33:D8:45:66:D7:68:87:18:7E:54:0D:70:27:91:C7:26:D7:85:65:C0 + X509v3 Authority Key Identifier: + keyid:33:D8:45:66:D7:68:87:18:7E:54:0D:70:27:91:C7:26:D7:85:65:C0 + DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL_2048/OU=URI/CN=www.wolfssl.com/emailAddress=info@wolfssl.com + serial:82:7B:0D:AB:D4:89:62:39 + + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Alternative Name: + URI:https://www.wolfssl.com + Signature Algorithm: sha256WithRSAEncryption + 18:bb:46:7a:13:a5:32:c2:aa:1c:60:cf:d1:b7:59:f3:86:fd: + b4:db:62:6e:40:4d:d3:cb:b5:8f:0a:45:43:9f:0b:50:7b:ac: + 41:ed:27:32:a5:b3:fb:6a:a5:9c:36:00:f2:88:da:dd:80:b5: + 49:29:6c:4d:1c:22:24:07:5b:7b:9a:88:8b:21:a0:62:43:1c: + 14:23:d2:08:a8:27:cc:f2:d5:4f:e2:5c:b1:f8:3c:f5:7c:b2: + ef:b1:ad:1e:fe:a9:92:5f:00:26:fb:f3:8d:e2:c7:38:8a:9a: + e4:a8:4a:29:61:44:f6:80:61:09:5d:49:9b:1c:10:e0:1e:27: + 03:26:e2:46:01:83:49:6a:1d:5f:6e:71:c8:1e:61:44:32:2a: + 84:cd:5a:45:d3:9f:a4:ec:76:4b:1a:6c:26:ca:55:d7:c3:ad: + 94:57:7b:8b:d4:9f:be:25:3d:e2:30:08:d5:fb:18:9a:aa:ee: + c1:ce:bb:ea:de:5d:a7:77:40:c2:b1:57:aa:11:43:41:69:73: + 0c:bd:87:0e:b9:8d:ba:f9:cc:ac:38:60:8a:62:32:2a:c0:0d: + 1c:88:d3:d3:92:d6:f1:2e:82:67:8e:f5:42:b9:e4:28:b3:fd: + fb:7c:9a:16:5f:fe:20:da:37:5f:c2:5e:74:9b:99:f3:de:35: + 45:8d:49:28 +-----BEGIN CERTIFICATE----- +MIIExDCCA6ygAwIBAgIJAIJ7DavUiWI5MA0GCSqGSIb3DQEBCwUAMIGRMQswCQYD +VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEVMBMG +A1UECgwMd29sZlNTTF8yMDQ4MQwwCgYDVQQLDANVUkkxGDAWBgNVBAMMD3d3dy53 +b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0x +ODA1MDgyMTU0MTZaFw0yMTAyMDEyMTU0MTZaMIGRMQswCQYDVQQGEwJVUzEQMA4G +A1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEVMBMGA1UECgwMd29sZlNT +TF8yMDQ4MQwwCgYDVQQLDANVUkkxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEf +MB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBAMMD0Sv+OaQyRTtTyIQrKnx0mr2qKlIHR9amNrIHMo7Q +uml7xsNEntSBSP0taKKLZ7uhdcg2LErSG/eLus8N+e/s8YEee5sDR5q/Zcx/ZSRp +pugUiVvkNPfFsBST9Wd7Onp44QFWVpGmE0KN0jxAnEzv0YbfN1EbDKE79fGjSjXk +4c6W3xt+v06X0BDoqAgwga8gC0MUxXRntDKCb42GwohAmTaDuh5AciIX11JlJHOw +zu8Zza7/eGx7wBID1E5yDVBtO6M7o5lencjZDIWz2YrZVCbbbfqsu/8lTMTRefRx +04ZAGBOwY7VyTjDEl4SGLVYv1xX3f8Cu9fxb5fuhutMCAwEAAaOCARswggEXMB0G +A1UdDgQWBBQz2EVm12iHGH5UDXAnkccm14VlwDCBxgYDVR0jBIG+MIG7gBQz2EVm +12iHGH5UDXAnkccm14VlwKGBl6SBlDCBkTELMAkGA1UEBhMCVVMxEDAOBgNVBAgM +B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFTATBgNVBAoMDHdvbGZTU0xfMjA0 +ODEMMAoGA1UECwwDVVJJMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkq +hkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CCQCCew2r1IliOTAJBgNVHRMEAjAA +MCIGA1UdEQQbMBmGF2h0dHBzOi8vd3d3LndvbGZzc2wuY29tMA0GCSqGSIb3DQEB +CwUAA4IBAQAYu0Z6E6UywqocYM/Rt1nzhv2022JuQE3Ty7WPCkVDnwtQe6xB7Scy +pbP7aqWcNgDyiNrdgLVJKWxNHCIkB1t7moiLIaBiQxwUI9IIqCfM8tVP4lyx+Dz1 +fLLvsa0e/qmSXwAm+/ON4sc4iprkqEopYUT2gGEJXUmbHBDgHicDJuJGAYNJah1f +bnHIHmFEMiqEzVpF05+k7HZLGmwmylXXw62UV3uL1J++JT3iMAjV+xiaqu7Bzrvq +3l2nd0DCsVeqEUNBaXMMvYcOuY26+cysOGCKYjIqwA0ciNPTktbxLoJnjvVCueQo +s/37fJoWX/4g2jdfwl50m5nz3jVFjUko +-----END CERTIFICATE----- diff --git a/certs/renewcerts.sh b/certs/renewcerts.sh index 39bcc135d..f42b004ce 100755 --- a/certs/renewcerts.sh +++ b/certs/renewcerts.sh @@ -22,6 +22,7 @@ # client-ca.pem # test/digsigku.pem # ecc-privOnlyCert.pem +# uri-cert.pem # updates the following crls: # crl/cliCrl.pem # crl/crl.pem @@ -45,6 +46,21 @@ function run_renewcerts(){ # To generate these all in sha1 add the flag "-sha1" on appropriate lines # That is all lines beginning with: "openssl req" + ############################################################ + #### update the self-signed (2048-bit) client-uri-cert.pem # + ############################################################ + echo "Updating 2048-bit client-uri-cert.pem" + echo "" + #pipe the following arguments to openssl req... + echo -e "US\nMontana\nBozeman\nwolfSSL_2048\nURI\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key client-key.pem -nodes -out client-cert.csr + + + openssl x509 -req -in client-cert.csr -days 1000 -extfile wolfssl.cnf -extensions uri -signkey client-key.pem -out client-uri-cert.pem + rm client-cert.csr + + openssl x509 -in client-uri-cert.pem -text > tmp.pem + mv tmp.pem client-uri-cert.pem + ############################################################ #### update the self-signed (2048-bit) client-cert.pem ##### ############################################################ diff --git a/certs/renewcerts/wolfssl.cnf b/certs/renewcerts/wolfssl.cnf index c251cc71e..91c0312b9 100644 --- a/certs/renewcerts/wolfssl.cnf +++ b/certs/renewcerts/wolfssl.cnf @@ -220,6 +220,13 @@ keyUsage=critical, digitalSignature, keyEncipherment, keyAgreement extendedKeyUsage=serverAuth nsCertType=server +# test parsing URI +[ uri ] +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid:always,issuer:always +basicConstraints=CA:false +subjectAltName=URI:https://www.wolfssl.com + #tsa default [ tsa ] default_tsa = tsa_config1 diff --git a/tests/api.c b/tests/api.c index 11bcbded3..e2ebaaea1 100644 --- a/tests/api.c +++ b/tests/api.c @@ -2956,6 +2956,26 @@ static void test_wolfSSL_PKCS5(void) #endif /* defined(OPENSSL_EXTRA) && !defined(NO_SHA) */ } +/* test parsing URI from certificate */ +static void test_wolfSSL_URI(void) +{ +#if !defined(NO_CERTS) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) \ + && (defined(KEEP_PEER_CERT) || defined(SESSION_CERTS) || \ + defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) + WOLFSSL_X509* x509; + const char uri[] = "./certs/client-uri-cert.pem"; + + printf(testingFmt, "wolfSSL URI parse"); + + x509 = wolfSSL_X509_load_certificate_file(uri, WOLFSSL_FILETYPE_PEM); + AssertNotNull(x509); + + wolfSSL_FreeX509(x509); + + printf(resultFmt, passed); +#endif +} + /* Testing function wolfSSL_CTX_SetMinVersion; sets the minimum downgrade * version allowed. * POST: 1 on success. @@ -18612,6 +18632,7 @@ void ApiTest(void) test_wolfSSL_PKCS12(); test_wolfSSL_PKCS8(); test_wolfSSL_PKCS5(); + test_wolfSSL_URI(); /*OCSP Stapling. */ AssertIntEQ(test_wolfSSL_UseOCSPStapling(), WOLFSSL_SUCCESS); From d1192021a59a46db7e3ea9355a5a473f2b4ea677 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Wed, 9 May 2018 14:43:52 -0600 Subject: [PATCH 007/146] alter search behavior for testing if URI is a absolute path --- wolfcrypt/src/asn.c | 25 ++++++++++++++++++++++--- 1 file changed, 22 insertions(+), 3 deletions(-) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index e7d1f908b..24581efad 100755 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -5717,9 +5717,28 @@ static int DecodeAltNames(byte* input, int sz, DecodedCert* cert) /* Verify RFC 5280 Sec 4.2.1.6 rule: "The name MUST NOT be a relative URI" */ - if (XSTRNSTR((const char*)&input[idx], "://", strLen + 1) == NULL) { - WOLFSSL_MSG("\tAlt Name must be absolute URI"); - return ASN_ALT_NAME_E; + { + int i; + + /* skip past scheme (i.e http,ftp,...) finding first ':' char */ + for (i = 0; i < strLen; i++) { + if (input[idx + i] == ':') { + break; + } + if (input[idx + i] == '/') { + i = strLen; /* error, found relative path since '/' was + * encountered before ':'. Returning error + * value in next if statement. */ + } + } + + /* test if no ':' char was found and test that the next two + * chars are // to match the pattern "://" */ + if (i == strLen || (input[idx + i + 1] != '/' || + input[idx + i + 2] != '/')) { + WOLFSSL_MSG("\tAlt Name must be absolute URI"); + return ASN_ALT_NAME_E; + } } #endif From 110c41613fc7aa3bc1ed9dd502a024dd6334a12d Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Wed, 9 May 2018 14:50:26 -0600 Subject: [PATCH 008/146] cast on return of malloc --- src/ssl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/ssl.c b/src/ssl.c index d4239b138..a0bc54e5f 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -16322,7 +16322,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509* x509) byte* der; derSz = wc_ecc_size(&ecc) * WOLFSSL_BIT_SIZE; - der = XMALLOC(derSz, x509->heap, + der = (byte*)XMALLOC(derSz, x509->heap, DYNAMIC_TYPE_TMP_BUFFER); if (der == NULL) { wc_ecc_free(&ecc); From cb2f1d6d7d1d161d31325540f159a65997538e3c Mon Sep 17 00:00:00 2001 From: David Garske Date: Fri, 11 May 2018 16:09:18 +0200 Subject: [PATCH 009/146] Added new `async-check.sh` script for setting up the async simulator for internal testing. --- SCRIPTS-LIST | 2 ++ async-check.sh | 80 ++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 82 insertions(+) create mode 100755 async-check.sh diff --git a/SCRIPTS-LIST b/SCRIPTS-LIST index c2f36b3d2..d4635b6f3 100644 --- a/SCRIPTS-LIST +++ b/SCRIPTS-LIST @@ -10,6 +10,8 @@ commit-tests.sh - our commit tests, must pass before a commit is accepted, use fips-check.sh - checks if current wolfSSL version works against FIPS wolfCrypt comment out last line to leave working directory +async-check.sh - internal script for validating wolfSSL Async using the simulator. + gencertbuf.pl - creates certs_test.h, our certs / keys C array for easy non filesystem testing diff --git a/async-check.sh b/async-check.sh new file mode 100755 index 000000000..ed8ab5084 --- /dev/null +++ b/async-check.sh @@ -0,0 +1,80 @@ +#!/bin/bash + +# async-check.sh + +# This script creates symbolic links to the required asynchronous +# file for using the asynchronous simulator and make check +# +# $ ./async-check [keep] +# +# - keep: (default off) ./async and links kept around for inspection +# + +function Usage() { + printf '\n%s\n' "Usage: $0 [keep]" + printf '\n%s\n\n' "Where \"keep\" means keep (default off) async files around for inspection" + printf '%s\n' "EXAMPLE:" + printf '%s\n' "---------------------------------" + printf '%s\n' "./async-check.sh keep" + printf '%s\n\n' "---------------------------------" +} + +ASYNC_REPO=git@github.com:wolfSSL/wolfAsyncCrypt.git +#ASYNC_REPO=../wolfAsyncCrypt + +# Optionally keep async files +if [ "x$1" == "xkeep" ]; then KEEP="yes"; else KEEP="no"; fi + + +if [ -d ./async ]; +then + echo "\n\nUsing existing async repo\n\n" +else + # make a clone of the wolfAsyncCrypt repository + git clone $ASYNC_REPO async + [ $? -ne 0 ] && echo "\n\nCouldn't checkout the wolfAsyncCrypt repository\n\n" && exit 1 +fi + +# setup auto-conf +./autogen.sh + + +# link files +ln -s -F ../../async/wolfcrypt/src/async.c ./wolfcrypt/src/async.c +ln -s -F ../../async/wolfssl/wolfcrypt/async.h ./wolfssl/wolfcrypt/async.h +ln -s -F ../../../../async/wolfcrypt/src/port/intel/quickassist.c ./wolfcrypt/src/port/intel/quickassist.c +ln -s -F ../../../../async/wolfcrypt/src/port/intel/quickassist_mem.c ./wolfcrypt/src/port/intel/quickassist_mem.c +ln -s -F ../../../../async/wolfcrypt/src/port/intel/README.md ./wolfcrypt/src/port/intel/README.md +ln -s -F ../../../../async/wolfssl/wolfcrypt/port/intel/quickassist.h ./wolfssl/wolfcrypt/port/intel/quickassist.h +ln -s -F ../../../../async/wolfssl/wolfcrypt/port/intel/quickassist_mem.h ./wolfssl/wolfcrypt/port/intel/quickassist_mem.h +ln -s -F ../../../../async/wolfcrypt/src/port/cavium/cavium_nitrox.c ./wolfcrypt/src/port/cavium/cavium_nitrox.c +ln -s -F ../../../../async/wolfssl/wolfcrypt/port/cavium/cavium_nitrox.h ./wolfssl/wolfcrypt/port/cavium/cavium_nitrox.h +ln -s -F ../../../../async/wolfcrypt/src/port/cavium/README.md ./wolfcrypt/src/port/cavium/README.md + + +./configure --enable-asynccrypt --enable-all +make check +[ $? -ne 0 ] && echo "\n\nMake check failed. Debris left for analysis." && exit 1 + + +# Clean up +popd +if [ "x$KEEP" == "xno" ]; +then + unlink ./wolfcrypt/src/async.c + unlink ./wolfssl/wolfcrypt/async.h + unlink ./wolfcrypt/src/port/intel/quickassist.c + unlink ./wolfcrypt/src/port/intel/quickassist_mem.c + unlink ./wolfcrypt/src/port/intel/README.md + unlink ./wolfssl/wolfcrypt/port/intel/quickassist.h + unlink ./wolfssl/wolfcrypt/port/intel/quickassist_mem.h + unlink ./wolfcrypt/src/port/cavium/cavium_nitrox.c + unlink ./wolfssl/wolfcrypt/port/cavium/cavium_nitrox.h + unlink ./wolfcrypt/src/port/cavium/README.md + + rm -rf ./async + + # restore original README.md files + git checkout -- wolfcrypt/src/port/cavium/README.md + git checkout -- wolfcrypt/src/port/intel/README.md +fi From af9507391a0b2d9bebb144c80b2071f856ba9caa Mon Sep 17 00:00:00 2001 From: David Garske Date: Fri, 11 May 2018 16:40:32 +0200 Subject: [PATCH 010/146] Fixes and improvements for FreeRTOS AWS. Fixes for building openssl compatibility with FreeRTOS. Fixes for TLS 1.3 possibly uninitialized vars. --- src/ssl.c | 2 ++ src/tls.c | 2 ++ src/tls13.c | 10 ++++++++-- wolfssl/wolfcrypt/types.h | 4 ++-- wolfssl/wolfio.h | 3 +++ 5 files changed, 17 insertions(+), 4 deletions(-) mode change 100644 => 100755 src/tls13.c diff --git a/src/ssl.c b/src/ssl.c index 2d33b4d7a..a2f3c6802 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -21079,6 +21079,7 @@ int wolfSSL_RAND_write_file(const char* fname) return bytes; } +#ifndef FREERTOS_TCP /* These constant values are protocol values made by egd */ #if defined(USE_WOLFSSL_IO) && !defined(USE_WINDOWS_API) @@ -21243,6 +21244,7 @@ int wolfSSL_RAND_egd(const char* nm) #endif /* defined(USE_WOLFSSL_IO) && !defined(USE_WINDOWS_API) */ } +#endif /* !FREERTOS_TCP */ void wolfSSL_RAND_Cleanup(void) { diff --git a/src/tls.c b/src/tls.c index b09a6f256..3364c53c2 100755 --- a/src/tls.c +++ b/src/tls.c @@ -6280,6 +6280,8 @@ static int TLSX_KeyShare_New(KeyShareEntry** list, int group, void *heap, *list = kse; *keyShareEntry = kse; + (void)heap; + return 0; } diff --git a/src/tls13.c b/src/tls13.c old mode 100644 new mode 100755 index 337cd343e..35a371845 --- a/src/tls13.c +++ b/src/tls13.c @@ -302,7 +302,7 @@ static int DeriveKeyMsg(WOLFSSL* ssl, byte* output, int outputLen, word32 hashSz = 0; const byte* protocol; word32 protocolLen; - int digestAlg; + int digestAlg = -1; int ret = BAD_FUNC_ARG; switch (hashAlgo) { @@ -345,8 +345,14 @@ static int DeriveKeyMsg(WOLFSSL* ssl, byte* output, int outputLen, digestAlg = WC_SHA512; break; #endif + default: + digestAlg = -1; + break; } + if (digestAlg < 0) + return HASH_TYPE_E; + if (ret != 0) return ret; @@ -3729,7 +3735,7 @@ static int RestartHandshakeHashWithCookie(WOLFSSL* ssl, Cookie* cookie) int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, word32 helloSz) { - int ret; + int ret = VERSION_ERROR; byte b; ProtocolVersion pv; Suites clSuites; diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h index 8da6f8038..3329b794f 100755 --- a/wolfssl/wolfcrypt/types.h +++ b/wolfssl/wolfcrypt/types.h @@ -171,7 +171,7 @@ #if defined(_MSC_VER) #define THREAD_LS_T __declspec(thread) /* Thread local storage only in FreeRTOS v8.2.1 and higher */ - #elif defined(FREERTOS) + #elif defined(FREERTOS) || defined(FREERTOS_TCP) #define THREAD_LS_T #else #define THREAD_LS_T __thread @@ -329,7 +329,7 @@ #if defined(MICROCHIP_PIC32) || defined(WOLFSSL_TIRTOS) /* XC32 does not support strncasecmp, so use case sensitive one */ #define XSTRNCASECMP(s1,s2,n) strncmp((s1),(s2),(n)) - #elif defined(USE_WINDOWS_API) + #elif defined(USE_WINDOWS_API) || defined(FREERTOS_TCP_WINSIM) #define XSTRNCASECMP(s1,s2,n) _strnicmp((s1),(s2),(n)) #else #if (defined(HAVE_STRINGS_H) || defined(WOLF_C99)) && \ diff --git a/wolfssl/wolfio.h b/wolfssl/wolfio.h index f14f7df1b..d60bdbe7a 100644 --- a/wolfssl/wolfio.h +++ b/wolfssl/wolfio.h @@ -219,6 +219,9 @@ #else #define CloseSocket(s) close(s) #define StartTCP() + #ifdef FREERTOS_TCP_WINSIM + extern int close(int); + #endif #endif From 83257d662ac14656dac84f46ffde3641d555a38e Mon Sep 17 00:00:00 2001 From: David Garske Date: Mon, 30 Apr 2018 09:18:22 -0700 Subject: [PATCH 011/146] Also check returned size matches for RSA verfiy in openssl compatability layer. --- src/ssl.c | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 2d33b4d7a..6c1a0545e 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -24090,25 +24090,25 @@ int wolfSSL_RSA_verify(int type, const unsigned char* m, unsigned int len; WOLFSSL_ENTER("wolfSSL_RSA_verify"); - if((m == NULL) || (sig == NULL)) { + if ((m == NULL) || (sig == NULL)) { WOLFSSL_MSG("Bad function arguments"); return WOLFSSL_FAILURE; } sigRet = (unsigned char *)XMALLOC(sigLen, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if(sigRet == NULL){ + if (sigRet == NULL) { WOLFSSL_MSG("Memory failure"); return WOLFSSL_FAILURE; } sigDec = (unsigned char *)XMALLOC(sigLen, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if(sigDec == NULL){ + if (sigDec == NULL) { WOLFSSL_MSG("Memory failure"); XFREE(sigRet, NULL, DYNAMIC_TYPE_TMP_BUFFER); return WOLFSSL_FAILURE; } /* get non-encrypted signature to be compared with decrypted sugnature*/ ret = wolfSSL_RSA_sign_ex(type, m, mLen, sigRet, &len, rsa, 0); - if(ret <= 0){ + if (ret <= 0) { WOLFSSL_MSG("Message Digest Error"); XFREE(sigRet, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(sigDec, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -24116,8 +24116,9 @@ int wolfSSL_RSA_verify(int type, const unsigned char* m, } show("Encoded Message", sigRet, len); /* decrypt signature */ - ret = wc_RsaSSL_Verify(sig, sigLen, (unsigned char *)sigDec, sigLen, (RsaKey*)rsa->internal); - if(ret <= 0){ + ret = wc_RsaSSL_Verify(sig, sigLen, (unsigned char *)sigDec, sigLen, + (RsaKey*)rsa->internal); + if (ret <= 0) { WOLFSSL_MSG("RSA Decrypt error"); XFREE(sigRet, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(sigDec, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -24125,12 +24126,13 @@ int wolfSSL_RSA_verify(int type, const unsigned char* m, } show("Decrypted Signature", sigDec, ret); - if(XMEMCMP(sigRet, sigDec, ret) == 0){ + if ((int)len == ret && XMEMCMP(sigRet, sigDec, ret) == 0) { WOLFSSL_MSG("wolfSSL_RSA_verify success"); XFREE(sigRet, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(sigDec, NULL, DYNAMIC_TYPE_TMP_BUFFER); return WOLFSSL_SUCCESS; - } else { + } + else { WOLFSSL_MSG("wolfSSL_RSA_verify failed"); XFREE(sigRet, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(sigDec, NULL, DYNAMIC_TYPE_TMP_BUFFER); From 2a4d386a5043e29339b9533febd73349954536a4 Mon Sep 17 00:00:00 2001 From: John Safranek Date: Fri, 11 May 2018 10:21:47 -0700 Subject: [PATCH 012/146] Update ax_pthread.m4 1. Updated to the most recent copy of ax_pthread.m4. 2. Removed the darwin-clang check m4. 3. Added a check to see if AX_PTHREAD added the flag `-Qunused-arguments` for clang and if so prepend `-Xcompiler` so libtool will use it. Otherwise when building on Sierra's clang you get "soft" warnings on the build of the dylib. --- configure.ac | 3 + m4/ax_pthread.m4 | 397 ++++++++++++++++++++++++++----------- m4/wolfssl_darwin_clang.m4 | 37 ---- 3 files changed, 284 insertions(+), 153 deletions(-) delete mode 100644 m4/wolfssl_darwin_clang.m4 diff --git a/configure.ac b/configure.ac index c55936f83..01a6ea8c5 100644 --- a/configure.ac +++ b/configure.ac @@ -268,6 +268,9 @@ AC_ARG_ENABLE([singlethreaded], AS_IF([ test "x$ENABLED_SINGLETHREADED" = "xno" ],[ AX_PTHREAD([ AC_DEFINE([HAVE_PTHREAD], [1], [Define if you have POSIX threads libraries and header files.]) + # If AX_PTHREAD is adding -Qunused-arguments, need to prepend with -Xcompiler libtool will use it. Newer + # versions of clang don't need the -Q flag when using pthreads. + AS_CASE([$PTHREAD_CFLAGS],[-Qunused-arguments*],[PTHREAD_CFLAGS="-Xcompiler $PTHREAD_CFLAGS"]) AM_CFLAGS="-D_POSIX_THREADS $AM_CFLAGS $PTHREAD_CFLAGS" LIBS="$LIBS $PTHREAD_LIBS" ],[ diff --git a/m4/ax_pthread.m4 b/m4/ax_pthread.m4 index bdb34b0ae..5fbf9fe0d 100644 --- a/m4/ax_pthread.m4 +++ b/m4/ax_pthread.m4 @@ -1,5 +1,5 @@ # =========================================================================== -# http://www.gnu.org/software/autoconf-archive/ax_pthread.html +# https://www.gnu.org/software/autoconf-archive/ax_pthread.html # =========================================================================== # # SYNOPSIS @@ -19,10 +19,10 @@ # is necessary on AIX to use the special cc_r compiler alias.) # # NOTE: You are assumed to not only compile your program with these flags, -# but also link it with them as well. e.g. you should link with +# but also to link with them as well. For example, you might link with # $PTHREAD_CC $CFLAGS $PTHREAD_CFLAGS $LDFLAGS ... $PTHREAD_LIBS $LIBS # -# If you are only building threads programs, you may wish to use these +# If you are only building threaded programs, you may wish to use these # variables in your default LIBS, CFLAGS, and CC: # # LIBS="$PTHREAD_LIBS $LIBS" @@ -30,8 +30,8 @@ # CC="$PTHREAD_CC" # # In addition, if the PTHREAD_CREATE_JOINABLE thread-attribute constant -# has a nonstandard name, defines PTHREAD_CREATE_JOINABLE to that name -# (e.g. PTHREAD_CREATE_UNDETACHED on AIX). +# has a nonstandard name, this macro defines PTHREAD_CREATE_JOINABLE to +# that name (e.g. PTHREAD_CREATE_UNDETACHED on AIX). # # Also HAVE_PTHREAD_PRIO_INHERIT is defined if pthread is found and the # PTHREAD_PRIO_INHERIT symbol is defined when compiling with @@ -67,7 +67,7 @@ # Public License for more details. # # You should have received a copy of the GNU General Public License along -# with this program. If not, see . +# with this program. If not, see . # # As a special exception, the respective Autoconf Macro's copyright owner # gives unlimited permission to copy, distribute and modify the configure @@ -82,35 +82,40 @@ # modified version of the Autoconf Macro, you may extend this special # exception to the GPL to apply to your modified version as well. -#serial 20 +#serial 24 AU_ALIAS([ACX_PTHREAD], [AX_PTHREAD]) AC_DEFUN([AX_PTHREAD], [ AC_REQUIRE([AC_CANONICAL_HOST]) +AC_REQUIRE([AC_PROG_CC]) +AC_REQUIRE([AC_PROG_SED]) AC_LANG_PUSH([C]) ax_pthread_ok=no # We used to check for pthread.h first, but this fails if pthread.h -# requires special compiler flags (e.g. on True64 or Sequent). +# requires special compiler flags (e.g. on Tru64 or Sequent). # It gets checked for in the link test anyway. # First of all, check if the user has set any of the PTHREAD_LIBS, # etcetera environment variables, and if threads linking works using # them: -if test x"$PTHREAD_LIBS$PTHREAD_CFLAGS" != x; then - save_CFLAGS="$CFLAGS" +if test "x$PTHREAD_CFLAGS$PTHREAD_LIBS" != "x"; then + ax_pthread_save_CC="$CC" + ax_pthread_save_CFLAGS="$CFLAGS" + ax_pthread_save_LIBS="$LIBS" + AS_IF([test "x$PTHREAD_CC" != "x"], [CC="$PTHREAD_CC"]) CFLAGS="$CFLAGS $PTHREAD_CFLAGS" - save_LIBS="$LIBS" LIBS="$PTHREAD_LIBS $LIBS" - AC_MSG_CHECKING([for pthread_join in LIBS=$PTHREAD_LIBS with CFLAGS=$PTHREAD_CFLAGS]) - AC_TRY_LINK_FUNC(pthread_join, ax_pthread_ok=yes) - AC_MSG_RESULT($ax_pthread_ok) - if test x"$ax_pthread_ok" = xno; then + AC_MSG_CHECKING([for pthread_join using $CC $PTHREAD_CFLAGS $PTHREAD_LIBS]) + AC_LINK_IFELSE([AC_LANG_CALL([], [pthread_join])], [ax_pthread_ok=yes]) + AC_MSG_RESULT([$ax_pthread_ok]) + if test "x$ax_pthread_ok" = "xno"; then PTHREAD_LIBS="" PTHREAD_CFLAGS="" fi - LIBS="$save_LIBS" - CFLAGS="$save_CFLAGS" + CC="$ax_pthread_save_CC" + CFLAGS="$ax_pthread_save_CFLAGS" + LIBS="$ax_pthread_save_LIBS" fi # We must check for the threads library under a number of different @@ -123,7 +128,7 @@ fi # which indicates that we try without any flags at all, and "pthread-config" # which is a program returning the flags for the Pth emulation library. -ax_pthread_flags="pthreads none -Kthread -kthread lthread -pthread -pthreads -mthreads pthread --thread-safe -mt pthread-config" +ax_pthread_flags="pthreads none -Kthread -pthread -pthreads -mthreads pthread --thread-safe -mt pthread-config" # The ordering *is* (sometimes) important. Some notes on the # individual items follow: @@ -132,71 +137,225 @@ ax_pthread_flags="pthreads none -Kthread -kthread lthread -pthread -pthreads -mt # none: in case threads are in libc; should be tried before -Kthread and # other compiler flags to prevent continual compiler warnings # -Kthread: Sequent (threads in libc, but -Kthread needed for pthread.h) -# -kthread: FreeBSD kernel threads (preferred to -pthread since SMP-able) -# lthread: LinuxThreads port on FreeBSD (also preferred to -pthread) -# -pthread: Linux/gcc (kernel threads), BSD/gcc (userland threads) -# -pthreads: Solaris/gcc -# -mthreads: Mingw32/gcc, Lynx/gcc +# -pthread: Linux/gcc (kernel threads), BSD/gcc (userland threads), Tru64 +# (Note: HP C rejects this with "bad form for `-t' option") +# -pthreads: Solaris/gcc (Note: HP C also rejects) # -mt: Sun Workshop C (may only link SunOS threads [-lthread], but it -# doesn't hurt to check since this sometimes defines pthreads too; -# also defines -D_REENTRANT) -# ... -mt is also the pthreads flag for HP/aCC +# doesn't hurt to check since this sometimes defines pthreads and +# -D_REENTRANT too), HP C (must be checked before -lpthread, which +# is present but should not be used directly; and before -mthreads, +# because the compiler interprets this as "-mt" + "-hreads") +# -mthreads: Mingw32/gcc, Lynx/gcc # pthread: Linux, etcetera # --thread-safe: KAI C++ # pthread-config: use pthread-config program (for GNU Pth library) -case ${host_os} in +case $host_os in + + freebsd*) + + # -kthread: FreeBSD kernel threads (preferred to -pthread since SMP-able) + # lthread: LinuxThreads port on FreeBSD (also preferred to -pthread) + + ax_pthread_flags="-kthread lthread $ax_pthread_flags" + ;; + + hpux*) + + # From the cc(1) man page: "[-mt] Sets various -D flags to enable + # multi-threading and also sets -lpthread." + + ax_pthread_flags="-mt -pthread pthread $ax_pthread_flags" + ;; + + openedition*) + + # IBM z/OS requires a feature-test macro to be defined in order to + # enable POSIX threads at all, so give the user a hint if this is + # not set. (We don't define these ourselves, as they can affect + # other portions of the system API in unpredictable ways.) + + AC_EGREP_CPP([AX_PTHREAD_ZOS_MISSING], + [ +# if !defined(_OPEN_THREADS) && !defined(_UNIX03_THREADS) + AX_PTHREAD_ZOS_MISSING +# endif + ], + [AC_MSG_WARN([IBM z/OS requires -D_OPEN_THREADS or -D_UNIX03_THREADS to enable pthreads support.])]) + ;; + solaris*) # On Solaris (at least, for some versions), libc contains stubbed # (non-functional) versions of the pthreads routines, so link-based - # tests will erroneously succeed. (We need to link with -pthreads/-mt/ - # -lpthread.) (The stubs are missing pthread_cleanup_push, or rather - # a function called by this macro, so we could check for that, but - # who knows whether they'll stub that too in a future libc.) So, - # we'll just look for -pthreads and -lpthread first: + # tests will erroneously succeed. (N.B.: The stubs are missing + # pthread_cleanup_push, or rather a function called by this macro, + # so we could check for that, but who knows whether they'll stub + # that too in a future libc.) So we'll check first for the + # standard Solaris way of linking pthreads (-mt -lpthread). - ax_pthread_flags="-pthreads pthread -mt -pthread $ax_pthread_flags" - ;; - - darwin*) - AC_REQUIRE([WOLFSSL_DARWIN_USING_CLANG]) - AS_IF([test x"$wolfssl_darwin_clang" = x"yes"], - [ax_pthread_flags="$ax_pthread_flags"], - [ax_pthread_flags="-pthread $ax_pthread_flags"]) + ax_pthread_flags="-mt,pthread pthread $ax_pthread_flags" ;; esac -if test x"$ax_pthread_ok" = xno; then -for flag in $ax_pthread_flags; do +# GCC generally uses -pthread, or -pthreads on some platforms (e.g. SPARC) - case $flag in +AS_IF([test "x$GCC" = "xyes"], + [ax_pthread_flags="-pthread -pthreads $ax_pthread_flags"]) + +# The presence of a feature test macro requesting re-entrant function +# definitions is, on some systems, a strong hint that pthreads support is +# correctly enabled + +case $host_os in + darwin* | hpux* | linux* | osf* | solaris*) + ax_pthread_check_macro="_REENTRANT" + ;; + + aix*) + ax_pthread_check_macro="_THREAD_SAFE" + ;; + + *) + ax_pthread_check_macro="--" + ;; +esac +AS_IF([test "x$ax_pthread_check_macro" = "x--"], + [ax_pthread_check_cond=0], + [ax_pthread_check_cond="!defined($ax_pthread_check_macro)"]) + +# Are we compiling with Clang? + +AC_CACHE_CHECK([whether $CC is Clang], + [ax_cv_PTHREAD_CLANG], + [ax_cv_PTHREAD_CLANG=no + # Note that Autoconf sets GCC=yes for Clang as well as GCC + if test "x$GCC" = "xyes"; then + AC_EGREP_CPP([AX_PTHREAD_CC_IS_CLANG], + [/* Note: Clang 2.7 lacks __clang_[a-z]+__ */ +# if defined(__clang__) && defined(__llvm__) + AX_PTHREAD_CC_IS_CLANG +# endif + ], + [ax_cv_PTHREAD_CLANG=yes]) + fi + ]) +ax_pthread_clang="$ax_cv_PTHREAD_CLANG" + +ax_pthread_clang_warning=no + +# Clang needs special handling, because older versions handle the -pthread +# option in a rather... idiosyncratic way + +if test "x$ax_pthread_clang" = "xyes"; then + + # Clang takes -pthread; it has never supported any other flag + + # (Note 1: This will need to be revisited if a system that Clang + # supports has POSIX threads in a separate library. This tends not + # to be the way of modern systems, but it's conceivable.) + + # (Note 2: On some systems, notably Darwin, -pthread is not needed + # to get POSIX threads support; the API is always present and + # active. We could reasonably leave PTHREAD_CFLAGS empty. But + # -pthread does define _REENTRANT, and while the Darwin headers + # ignore this macro, third-party headers might not.) + + PTHREAD_CFLAGS="-pthread" + PTHREAD_LIBS= + + ax_pthread_ok=yes + + # However, older versions of Clang make a point of warning the user + # that, in an invocation where only linking and no compilation is + # taking place, the -pthread option has no effect ("argument unused + # during compilation"). They expect -pthread to be passed in only + # when source code is being compiled. + # + # Problem is, this is at odds with the way Automake and most other + # C build frameworks function, which is that the same flags used in + # compilation (CFLAGS) are also used in linking. Many systems + # supported by AX_PTHREAD require exactly this for POSIX threads + # support, and in fact it is often not straightforward to specify a + # flag that is used only in the compilation phase and not in + # linking. Such a scenario is extremely rare in practice. + # + # Even though use of the -pthread flag in linking would only print + # a warning, this can be a nuisance for well-run software projects + # that build with -Werror. So if the active version of Clang has + # this misfeature, we search for an option to squash it. + + AC_CACHE_CHECK([whether Clang needs flag to prevent "argument unused" warning when linking with -pthread], + [ax_cv_PTHREAD_CLANG_NO_WARN_FLAG], + [ax_cv_PTHREAD_CLANG_NO_WARN_FLAG=unknown + # Create an alternate version of $ac_link that compiles and + # links in two steps (.c -> .o, .o -> exe) instead of one + # (.c -> exe), because the warning occurs only in the second + # step + ax_pthread_save_ac_link="$ac_link" + ax_pthread_sed='s/conftest\.\$ac_ext/conftest.$ac_objext/g' + ax_pthread_link_step=`$as_echo "$ac_link" | sed "$ax_pthread_sed"` + ax_pthread_2step_ac_link="($ac_compile) && (echo ==== >&5) && ($ax_pthread_link_step)" + ax_pthread_save_CFLAGS="$CFLAGS" + for ax_pthread_try in '' -Qunused-arguments -Wno-unused-command-line-argument unknown; do + AS_IF([test "x$ax_pthread_try" = "xunknown"], [break]) + CFLAGS="-Werror -Wunknown-warning-option $ax_pthread_try -pthread $ax_pthread_save_CFLAGS" + ac_link="$ax_pthread_save_ac_link" + AC_LINK_IFELSE([AC_LANG_SOURCE([[int main(void){return 0;}]])], + [ac_link="$ax_pthread_2step_ac_link" + AC_LINK_IFELSE([AC_LANG_SOURCE([[int main(void){return 0;}]])], + [break]) + ]) + done + ac_link="$ax_pthread_save_ac_link" + CFLAGS="$ax_pthread_save_CFLAGS" + AS_IF([test "x$ax_pthread_try" = "x"], [ax_pthread_try=no]) + ax_cv_PTHREAD_CLANG_NO_WARN_FLAG="$ax_pthread_try" + ]) + + case "$ax_cv_PTHREAD_CLANG_NO_WARN_FLAG" in + no | unknown) ;; + *) PTHREAD_CFLAGS="$ax_cv_PTHREAD_CLANG_NO_WARN_FLAG $PTHREAD_CFLAGS" ;; + esac + +fi # $ax_pthread_clang = yes + +if test "x$ax_pthread_ok" = "xno"; then +for ax_pthread_try_flag in $ax_pthread_flags; do + + case $ax_pthread_try_flag in none) AC_MSG_CHECKING([whether pthreads work without any flags]) ;; + -mt,pthread) + AC_MSG_CHECKING([whether pthreads work with -mt -lpthread]) + PTHREAD_CFLAGS="-mt" + PTHREAD_LIBS="-lpthread" + ;; + -*) - AC_MSG_CHECKING([whether pthreads work with $flag]) - PTHREAD_CFLAGS="$flag" + AC_MSG_CHECKING([whether pthreads work with $ax_pthread_try_flag]) + PTHREAD_CFLAGS="$ax_pthread_try_flag" ;; pthread-config) - AC_CHECK_PROG(ax_pthread_config, pthread-config, yes, no) - if test x"$ax_pthread_config" = xno; then continue; fi + AC_CHECK_PROG([ax_pthread_config], [pthread-config], [yes], [no]) + AS_IF([test "x$ax_pthread_config" = "xno"], [continue]) PTHREAD_CFLAGS="`pthread-config --cflags`" PTHREAD_LIBS="`pthread-config --ldflags` `pthread-config --libs`" ;; *) - AC_MSG_CHECKING([for the pthreads library -l$flag]) - PTHREAD_LIBS="-l$flag" + AC_MSG_CHECKING([for the pthreads library -l$ax_pthread_try_flag]) + PTHREAD_LIBS="-l$ax_pthread_try_flag" ;; esac - save_LIBS="$LIBS" - save_CFLAGS="$CFLAGS" - LIBS="$PTHREAD_LIBS $LIBS" + ax_pthread_save_CFLAGS="$CFLAGS" + ax_pthread_save_LIBS="$LIBS" CFLAGS="$CFLAGS $PTHREAD_CFLAGS" + LIBS="$PTHREAD_LIBS $LIBS" # Check for various functions. We must include pthread.h, # since some functions may be macros. (On the Sequent, we @@ -207,7 +366,11 @@ for flag in $ax_pthread_flags; do # pthread_cleanup_push because it is one of the few pthread # functions on Solaris that doesn't have a non-functional libc stub. # We try pthread_create on general principles. + AC_LINK_IFELSE([AC_LANG_PROGRAM([#include +# if $ax_pthread_check_cond +# error "$ax_pthread_check_macro must be defined" +# endif static void routine(void *a) { a = 0; } static void *start_routine(void *a) { return a; }], [pthread_t th; pthread_attr_t attr; @@ -216,16 +379,14 @@ for flag in $ax_pthread_flags; do pthread_attr_init(&attr); pthread_cleanup_push(routine, 0); pthread_cleanup_pop(0) /* ; */])], - [ax_pthread_ok=yes], - []) + [ax_pthread_ok=yes], + []) - LIBS="$save_LIBS" - CFLAGS="$save_CFLAGS" + CFLAGS="$ax_pthread_save_CFLAGS" + LIBS="$ax_pthread_save_LIBS" - AC_MSG_RESULT($ax_pthread_ok) - if test "x$ax_pthread_ok" = xyes; then - break; - fi + AC_MSG_RESULT([$ax_pthread_ok]) + AS_IF([test "x$ax_pthread_ok" = "xyes"], [break]) PTHREAD_LIBS="" PTHREAD_CFLAGS="" @@ -233,70 +394,74 @@ done fi # Various other checks: -if test "x$ax_pthread_ok" = xyes; then - save_LIBS="$LIBS" - LIBS="$PTHREAD_LIBS $LIBS" - save_CFLAGS="$CFLAGS" +if test "x$ax_pthread_ok" = "xyes"; then + ax_pthread_save_CFLAGS="$CFLAGS" + ax_pthread_save_LIBS="$LIBS" CFLAGS="$CFLAGS $PTHREAD_CFLAGS" + LIBS="$PTHREAD_LIBS $LIBS" # Detect AIX lossage: JOINABLE attribute is called UNDETACHED. - AC_MSG_CHECKING([for joinable pthread attribute]) - attr_name=unknown - for attr in PTHREAD_CREATE_JOINABLE PTHREAD_CREATE_UNDETACHED; do - AC_LINK_IFELSE([AC_LANG_PROGRAM([#include ], - [int attr = $attr; return attr /* ; */])], - [attr_name=$attr; break], - []) - done - AC_MSG_RESULT($attr_name) - if test "$attr_name" != PTHREAD_CREATE_JOINABLE; then - AC_DEFINE_UNQUOTED(PTHREAD_CREATE_JOINABLE, $attr_name, - [Define to necessary symbol if this constant - uses a non-standard name on your system.]) - fi + AC_CACHE_CHECK([for joinable pthread attribute], + [ax_cv_PTHREAD_JOINABLE_ATTR], + [ax_cv_PTHREAD_JOINABLE_ATTR=unknown + for ax_pthread_attr in PTHREAD_CREATE_JOINABLE PTHREAD_CREATE_UNDETACHED; do + AC_LINK_IFELSE([AC_LANG_PROGRAM([#include ], + [int attr = $ax_pthread_attr; return attr /* ; */])], + [ax_cv_PTHREAD_JOINABLE_ATTR=$ax_pthread_attr; break], + []) + done + ]) + AS_IF([test "x$ax_cv_PTHREAD_JOINABLE_ATTR" != "xunknown" && \ + test "x$ax_cv_PTHREAD_JOINABLE_ATTR" != "xPTHREAD_CREATE_JOINABLE" && \ + test "x$ax_pthread_joinable_attr_defined" != "xyes"], + [AC_DEFINE_UNQUOTED([PTHREAD_CREATE_JOINABLE], + [$ax_cv_PTHREAD_JOINABLE_ATTR], + [Define to necessary symbol if this constant + uses a non-standard name on your system.]) + ax_pthread_joinable_attr_defined=yes + ]) - AC_MSG_CHECKING([if more special flags are required for pthreads]) - flag=no - case ${host_os} in - aix* | freebsd* | darwin*) flag="-D_THREAD_SAFE";; - osf* | hpux*) flag="-D_REENTRANT";; - solaris*) - if test "$GCC" = "yes"; then - flag="-D_REENTRANT" - else - flag="-mt -D_REENTRANT" - fi - ;; - esac - AC_MSG_RESULT(${flag}) - if test "x$flag" != xno; then - PTHREAD_CFLAGS="$flag $PTHREAD_CFLAGS" - fi + AC_CACHE_CHECK([whether more special flags are required for pthreads], + [ax_cv_PTHREAD_SPECIAL_FLAGS], + [ax_cv_PTHREAD_SPECIAL_FLAGS=no + case $host_os in + solaris*) + ax_cv_PTHREAD_SPECIAL_FLAGS="-D_POSIX_PTHREAD_SEMANTICS" + ;; + esac + ]) + AS_IF([test "x$ax_cv_PTHREAD_SPECIAL_FLAGS" != "xno" && \ + test "x$ax_pthread_special_flags_added" != "xyes"], + [PTHREAD_CFLAGS="$ax_cv_PTHREAD_SPECIAL_FLAGS $PTHREAD_CFLAGS" + ax_pthread_special_flags_added=yes]) AC_CACHE_CHECK([for PTHREAD_PRIO_INHERIT], - ax_cv_PTHREAD_PRIO_INHERIT, [ - AC_LINK_IFELSE([ - AC_LANG_PROGRAM([[#include ]], [[int i = PTHREAD_PRIO_INHERIT;]])], - [ax_cv_PTHREAD_PRIO_INHERIT=yes], - [ax_cv_PTHREAD_PRIO_INHERIT=no]) + [ax_cv_PTHREAD_PRIO_INHERIT], + [AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include ]], + [[int i = PTHREAD_PRIO_INHERIT;]])], + [ax_cv_PTHREAD_PRIO_INHERIT=yes], + [ax_cv_PTHREAD_PRIO_INHERIT=no]) ]) - AS_IF([test "x$ax_cv_PTHREAD_PRIO_INHERIT" = "xyes"], - AC_DEFINE([HAVE_PTHREAD_PRIO_INHERIT], 1, [Have PTHREAD_PRIO_INHERIT.])) + AS_IF([test "x$ax_cv_PTHREAD_PRIO_INHERIT" = "xyes" && \ + test "x$ax_pthread_prio_inherit_defined" != "xyes"], + [AC_DEFINE([HAVE_PTHREAD_PRIO_INHERIT], [1], [Have PTHREAD_PRIO_INHERIT.]) + ax_pthread_prio_inherit_defined=yes + ]) - LIBS="$save_LIBS" - CFLAGS="$save_CFLAGS" + CFLAGS="$ax_pthread_save_CFLAGS" + LIBS="$ax_pthread_save_LIBS" # More AIX lossage: compile with *_r variant - if test "x$GCC" != xyes; then + if test "x$GCC" != "xyes"; then case $host_os in aix*) AS_CASE(["x/$CC"], - [x*/c89|x*/c89_128|x*/c99|x*/c99_128|x*/cc|x*/cc128|x*/xlc|x*/xlc_v6|x*/xlc128|x*/xlc128_v6], - [#handle absolute path differently from PATH based program lookup - AS_CASE(["x$CC"], - [x/*], - [AS_IF([AS_EXECUTABLE_P([${CC}_r])],[PTHREAD_CC="${CC}_r"])], - [AC_CHECK_PROGS([PTHREAD_CC],[${CC}_r],[$CC])])]) + [x*/c89|x*/c89_128|x*/c99|x*/c99_128|x*/cc|x*/cc128|x*/xlc|x*/xlc_v6|x*/xlc128|x*/xlc128_v6], + [#handle absolute path differently from PATH based program lookup + AS_CASE(["x$CC"], + [x/*], + [AS_IF([AS_EXECUTABLE_P([${CC}_r])],[PTHREAD_CC="${CC}_r"])], + [AC_CHECK_PROGS([PTHREAD_CC],[${CC}_r],[$CC])])]) ;; esac fi @@ -304,13 +469,13 @@ fi test -n "$PTHREAD_CC" || PTHREAD_CC="$CC" -AC_SUBST(PTHREAD_LIBS) -AC_SUBST(PTHREAD_CFLAGS) -AC_SUBST(PTHREAD_CC) +AC_SUBST([PTHREAD_LIBS]) +AC_SUBST([PTHREAD_CFLAGS]) +AC_SUBST([PTHREAD_CC]) # Finally, execute ACTION-IF-FOUND/ACTION-IF-NOT-FOUND: -if test x"$ax_pthread_ok" = xyes; then - ifelse([$1],,AC_DEFINE(HAVE_PTHREAD,1,[Define if you have POSIX threads libraries and header files.]),[$1]) +if test "x$ax_pthread_ok" = "xyes"; then + ifelse([$1],,[AC_DEFINE([HAVE_PTHREAD],[1],[Define if you have POSIX threads libraries and header files.])],[$1]) : else ax_pthread_ok=no diff --git a/m4/wolfssl_darwin_clang.m4 b/m4/wolfssl_darwin_clang.m4 deleted file mode 100644 index fee9b6ae0..000000000 --- a/m4/wolfssl_darwin_clang.m4 +++ /dev/null @@ -1,37 +0,0 @@ -# =========================================================================== -# -# SYNOPSIS -# -# WOLFSSL_DARWIN_USING_CLANG -# -# DESCRIPTION -# -# With the advent of Apple Xcode v5.0, the old tool sets are missing from -# the distribution. The provided "gcc" executable wrapper accepts the -# "-pthread" flag, and passes it to the underlying "clang" which chokes -# on it. This script checks the version of the gcc executable to see if -# it reports it is really "clang". -# -# The value is placed in the wolfssl_darwin_clang variable. -# -# LICENSE -# -# Copyright (c) 2013 John Safranek -# -# Copying and distribution of this file, with or without modification, are -# permitted in any medium without royalty provided the copyright notice -# and this notice are preserved. This file is offered as-is, without any -# warranty. - -#serial 1 - -AC_DEFUN([WOLFSSL_DARWIN_USING_CLANG], - [ - if test x"$CC" = xclang; then - wolfssl_darwin_clang=yes - elif test x"$CC" = x || test x"$CC" = xgcc; then - if /usr/bin/gcc -v 2>&1 | grep 'clang' >/dev/null 2>&1; then - wolfssl_darwin_clang=yes - fi - fi - ]) From 9c33244158005463804a76e43d8dbe35d13a4e01 Mon Sep 17 00:00:00 2001 From: John Safranek Date: Fri, 11 May 2018 17:39:51 -0700 Subject: [PATCH 013/146] Update ax_pthread.m4 The AX_PTHREAD macro has a check for side-effects of the pthread flag beyond the functions being available. It also checks for a particular macro being set when compiling the test file. When running the build through the scan-build static analysis, for some reason, the check value isn't set. The build fails. I commented the check out for now. --- m4/ax_pthread.m4 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/m4/ax_pthread.m4 b/m4/ax_pthread.m4 index 5fbf9fe0d..ada7071f2 100644 --- a/m4/ax_pthread.m4 +++ b/m4/ax_pthread.m4 @@ -368,9 +368,9 @@ for ax_pthread_try_flag in $ax_pthread_flags; do # We try pthread_create on general principles. AC_LINK_IFELSE([AC_LANG_PROGRAM([#include -# if $ax_pthread_check_cond -# error "$ax_pthread_check_macro must be defined" -# endif +dnl# if $ax_pthread_check_cond +dnl# error "$ax_pthread_check_macro must be defined" +dnl# endif static void routine(void *a) { a = 0; } static void *start_routine(void *a) { return a; }], [pthread_t th; pthread_attr_t attr; From 63a0e872c534c6c38b541ab606e270d1dcbff0bc Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Mon, 14 May 2018 14:27:02 -0600 Subject: [PATCH 014/146] add test for fail case when parsing relative URI path --- certs/client-relative-uri.pem | 90 +++++++++++++++++++++++++++++++++++ certs/renewcerts.sh | 18 ++++++- certs/renewcerts/wolfssl.cnf | 7 +++ tests/api.c | 4 ++ 4 files changed, 118 insertions(+), 1 deletion(-) create mode 100644 certs/client-relative-uri.pem diff --git a/certs/client-relative-uri.pem b/certs/client-relative-uri.pem new file mode 100644 index 000000000..f4e0f5ca0 --- /dev/null +++ b/certs/client-relative-uri.pem @@ -0,0 +1,90 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 9930516258332383263 (0x89d047ec3e24981f) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Montana, L=Bozeman, O=wolfSSL_2048, OU=RELATIVE_URI, CN=www.wolfssl.com/emailAddress=info@wolfssl.com + Validity + Not Before: May 14 20:24:06 2018 GMT + Not After : Feb 7 20:24:06 2021 GMT + Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL_2048, OU=RELATIVE_URI, CN=www.wolfssl.com/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c3:03:d1:2b:fe:39:a4:32:45:3b:53:c8:84:2b: + 2a:7c:74:9a:bd:aa:2a:52:07:47:d6:a6:36:b2:07: + 32:8e:d0:ba:69:7b:c6:c3:44:9e:d4:81:48:fd:2d: + 68:a2:8b:67:bb:a1:75:c8:36:2c:4a:d2:1b:f7:8b: + ba:cf:0d:f9:ef:ec:f1:81:1e:7b:9b:03:47:9a:bf: + 65:cc:7f:65:24:69:a6:e8:14:89:5b:e4:34:f7:c5: + b0:14:93:f5:67:7b:3a:7a:78:e1:01:56:56:91:a6: + 13:42:8d:d2:3c:40:9c:4c:ef:d1:86:df:37:51:1b: + 0c:a1:3b:f5:f1:a3:4a:35:e4:e1:ce:96:df:1b:7e: + bf:4e:97:d0:10:e8:a8:08:30:81:af:20:0b:43:14: + c5:74:67:b4:32:82:6f:8d:86:c2:88:40:99:36:83: + ba:1e:40:72:22:17:d7:52:65:24:73:b0:ce:ef:19: + cd:ae:ff:78:6c:7b:c0:12:03:d4:4e:72:0d:50:6d: + 3b:a3:3b:a3:99:5e:9d:c8:d9:0c:85:b3:d9:8a:d9: + 54:26:db:6d:fa:ac:bb:ff:25:4c:c4:d1:79:f4:71: + d3:86:40:18:13:b0:63:b5:72:4e:30:c4:97:84:86: + 2d:56:2f:d7:15:f7:7f:c0:ae:f5:fc:5b:e5:fb:a1: + ba:d3 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 33:D8:45:66:D7:68:87:18:7E:54:0D:70:27:91:C7:26:D7:85:65:C0 + X509v3 Authority Key Identifier: + keyid:33:D8:45:66:D7:68:87:18:7E:54:0D:70:27:91:C7:26:D7:85:65:C0 + DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL_2048/OU=RELATIVE_URI/CN=www.wolfssl.com/emailAddress=info@wolfssl.com + serial:89:D0:47:EC:3E:24:98:1F + + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Alternative Name: + URI:../relative/page.html + Signature Algorithm: sha256WithRSAEncryption + 29:cb:c0:50:61:da:51:c5:da:50:15:b7:bd:c3:f4:9b:c5:b8: + 2a:9b:6c:c7:91:7a:26:e3:eb:48:d2:40:fa:e3:ab:f9:b7:e2: + 4a:37:9b:b6:03:ad:9c:f4:f2:5d:12:eb:5c:c6:97:c4:3a:18: + 99:70:47:49:93:f3:a5:32:ab:aa:22:71:6f:5c:36:1c:42:2f: + d4:19:da:64:73:84:d3:1e:a8:5f:af:8a:58:e7:64:18:38:79: + 69:f2:08:d4:f2:be:b0:9c:18:d8:f1:a5:eb:b6:9c:67:21:0f: + ba:bf:95:68:e9:d2:23:56:84:cf:87:7c:a4:2a:3a:0d:c1:72: + 3a:43:da:53:bb:6c:f0:b5:f1:03:3c:ff:b6:0a:1f:54:c5:1b: + d5:40:80:24:74:e2:f6:4c:41:88:f1:df:a3:36:64:78:e9:c2: + 0e:c3:0f:f3:5f:19:e6:44:85:79:e1:6a:ee:78:39:9b:58:e3: + c4:39:27:d7:05:1a:b9:7c:21:75:61:7a:71:53:fd:fc:7f:57: + ef:3a:19:be:69:c6:cb:73:49:bd:72:7d:2b:eb:68:52:8e:0f: + d7:47:d3:90:86:5a:14:03:0d:dc:6b:07:10:57:2b:e0:b6:d2: + a0:49:2d:63:88:d0:17:b3:b2:50:c4:60:15:1e:b6:ce:13:14: + 0d:ec:45:eb +-----BEGIN CERTIFICATE----- +MIIE3TCCA8WgAwIBAgIJAInQR+w+JJgfMA0GCSqGSIb3DQEBCwUAMIGaMQswCQYD +VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEVMBMG +A1UECgwMd29sZlNTTF8yMDQ4MRUwEwYDVQQLDAxSRUxBVElWRV9VUkkxGDAWBgNV +BAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3Ns +LmNvbTAeFw0xODA1MTQyMDI0MDZaFw0yMTAyMDcyMDI0MDZaMIGaMQswCQYDVQQG +EwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEVMBMGA1UE +CgwMd29sZlNTTF8yMDQ4MRUwEwYDVQQLDAxSRUxBVElWRV9VUkkxGDAWBgNVBAMM +D3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNv +bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMMD0Sv+OaQyRTtTyIQr +Knx0mr2qKlIHR9amNrIHMo7Quml7xsNEntSBSP0taKKLZ7uhdcg2LErSG/eLus8N ++e/s8YEee5sDR5q/Zcx/ZSRppugUiVvkNPfFsBST9Wd7Onp44QFWVpGmE0KN0jxA +nEzv0YbfN1EbDKE79fGjSjXk4c6W3xt+v06X0BDoqAgwga8gC0MUxXRntDKCb42G +wohAmTaDuh5AciIX11JlJHOwzu8Zza7/eGx7wBID1E5yDVBtO6M7o5lencjZDIWz +2YrZVCbbbfqsu/8lTMTRefRx04ZAGBOwY7VyTjDEl4SGLVYv1xX3f8Cu9fxb5fuh +utMCAwEAAaOCASIwggEeMB0GA1UdDgQWBBQz2EVm12iHGH5UDXAnkccm14VlwDCB +zwYDVR0jBIHHMIHEgBQz2EVm12iHGH5UDXAnkccm14VlwKGBoKSBnTCBmjELMAkG +A1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFTAT +BgNVBAoMDHdvbGZTU0xfMjA0ODEVMBMGA1UECwwMUkVMQVRJVkVfVVJJMRgwFgYD +VQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNz +bC5jb22CCQCJ0EfsPiSYHzAJBgNVHRMEAjAAMCAGA1UdEQQZMBeGFS4uL3JlbGF0 +aXZlL3BhZ2UuaHRtbDANBgkqhkiG9w0BAQsFAAOCAQEAKcvAUGHaUcXaUBW3vcP0 +m8W4Kptsx5F6JuPrSNJA+uOr+bfiSjebtgOtnPTyXRLrXMaXxDoYmXBHSZPzpTKr +qiJxb1w2HEIv1BnaZHOE0x6oX6+KWOdkGDh5afII1PK+sJwY2PGl67acZyEPur+V +aOnSI1aEz4d8pCo6DcFyOkPaU7ts8LXxAzz/tgofVMUb1UCAJHTi9kxBiPHfozZk +eOnCDsMP818Z5kSFeeFq7ng5m1jjxDkn1wUauXwhdWF6cVP9/H9X7zoZvmnGy3NJ +vXJ9K+toUo4P10fTkIZaFAMN3GsHEFcr4LbSoEktY4jQF7OyUMRgFR62zhMUDexF +6w== +-----END CERTIFICATE----- diff --git a/certs/renewcerts.sh b/certs/renewcerts.sh index f42b004ce..693abb9c6 100755 --- a/certs/renewcerts.sh +++ b/certs/renewcerts.sh @@ -22,7 +22,8 @@ # client-ca.pem # test/digsigku.pem # ecc-privOnlyCert.pem -# uri-cert.pem +# client-uri-cert.pem +# client-relative-uri.pem # updates the following crls: # crl/cliCrl.pem # crl/crl.pem @@ -61,6 +62,21 @@ function run_renewcerts(){ openssl x509 -in client-uri-cert.pem -text > tmp.pem mv tmp.pem client-uri-cert.pem + ############################################################ + #### update the self-signed (2048-bit) client-relative-uri.pem + ############################################################ + echo "Updating 2048-bit client-relative-uri.pem" + echo "" + #pipe the following arguments to openssl req... + echo -e "US\nMontana\nBozeman\nwolfSSL_2048\nRELATIVE_URI\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key client-key.pem -nodes -out client-cert.csr + + + openssl x509 -req -in client-cert.csr -days 1000 -extfile wolfssl.cnf -extensions relative_uri -signkey client-key.pem -out client-relative-uri.pem + rm client-cert.csr + + openssl x509 -in client-relative-uri.pem -text > tmp.pem + mv tmp.pem client-relative-uri.pem + ############################################################ #### update the self-signed (2048-bit) client-cert.pem ##### ############################################################ diff --git a/certs/renewcerts/wolfssl.cnf b/certs/renewcerts/wolfssl.cnf index 91c0312b9..421194bc2 100644 --- a/certs/renewcerts/wolfssl.cnf +++ b/certs/renewcerts/wolfssl.cnf @@ -227,6 +227,13 @@ authorityKeyIdentifier=keyid:always,issuer:always basicConstraints=CA:false subjectAltName=URI:https://www.wolfssl.com +# test parsing relative URI +[ relative_uri ] +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid:always,issuer:always +basicConstraints=CA:false +subjectAltName=URI:../relative/page.html + #tsa default [ tsa ] default_tsa = tsa_config1 diff --git a/tests/api.c b/tests/api.c index e2ebaaea1..4a470efde 100644 --- a/tests/api.c +++ b/tests/api.c @@ -2964,6 +2964,7 @@ static void test_wolfSSL_URI(void) defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) WOLFSSL_X509* x509; const char uri[] = "./certs/client-uri-cert.pem"; + const char badUri[] = "./certs/client-relative-uri.pem"; printf(testingFmt, "wolfSSL URI parse"); @@ -2972,6 +2973,9 @@ static void test_wolfSSL_URI(void) wolfSSL_FreeX509(x509); + x509 = wolfSSL_X509_load_certificate_file(badUri, WOLFSSL_FILETYPE_PEM); + AssertNull(x509); + printf(resultFmt, passed); #endif } From a6ad6b94d1c9941b4101e862bee6265d183431db Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Mon, 14 May 2018 16:03:51 -0600 Subject: [PATCH 015/146] account for IGNORE_NAME_CONSTRAINTS when testing the parsing of a relative URI --- tests/api.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/api.c b/tests/api.c index 4a470efde..d6547e61f 100644 --- a/tests/api.c +++ b/tests/api.c @@ -2974,7 +2974,11 @@ static void test_wolfSSL_URI(void) wolfSSL_FreeX509(x509); x509 = wolfSSL_X509_load_certificate_file(badUri, WOLFSSL_FILETYPE_PEM); +#ifndef IGNORE_NAME_CONSTRAINTS AssertNull(x509); +#else + AssertNotNull(x509); +#endif printf(resultFmt, passed); #endif From f021375c4bd7d85ff7a81021274061aeeb4b5df6 Mon Sep 17 00:00:00 2001 From: David Garske Date: Tue, 15 May 2018 17:23:35 -0700 Subject: [PATCH 016/146] Fixes for fsanitize reports. --- src/crl.c | 14 ++++++++------ src/internal.c | 8 +++++--- src/ssl.c | 6 ++++-- wolfcrypt/src/tfm.c | 2 +- 4 files changed, 18 insertions(+), 12 deletions(-) diff --git a/src/crl.c b/src/crl.c index 790c2f962..e033802e5 100644 --- a/src/crl.c +++ b/src/crl.c @@ -373,12 +373,14 @@ int CheckCertCRL(WOLFSSL_CRL* crl, DecodedCert* cert) WOLFSSL_MSG("Issuing missing CRL callback"); url[0] = '\0'; - if (cert->extCrlInfoSz < (int)sizeof(url) -1 ) { - XMEMCPY(url, cert->extCrlInfo, cert->extCrlInfoSz); - url[cert->extCrlInfoSz] = '\0'; - } - else { - WOLFSSL_MSG("CRL url too long"); + if (cert->extCrlInfo) { + if (cert->extCrlInfoSz < (int)sizeof(url) -1 ) { + XMEMCPY(url, cert->extCrlInfo, cert->extCrlInfoSz); + url[cert->extCrlInfoSz] = '\0'; + } + else { + WOLFSSL_MSG("CRL url too long"); + } } crl->cm->cbMissingCRL(url); diff --git a/src/internal.c b/src/internal.c index 42508d492..18957dc0c 100644 --- a/src/internal.c +++ b/src/internal.c @@ -7699,7 +7699,7 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert) XMEMCPY(x509->serial, dCert->serial, EXTERNAL_SERIAL_SIZE); x509->serialSz = dCert->serialSz; - if (dCert->subjectCNLen < ASN_NAME_MAX) { + if (dCert->subjectCN && dCert->subjectCNLen < ASN_NAME_MAX) { XMEMCPY(x509->subjectCN, dCert->subjectCN, dCert->subjectCNLen); x509->subjectCN[dCert->subjectCNLen] = '\0'; } @@ -8982,8 +8982,10 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, } /* store for callback use */ - if (args->dCert->subjectCNLen < ASN_NAME_MAX) { - XMEMCPY(args->domain, args->dCert->subjectCN, args->dCert->subjectCNLen); + if (args->dCert->subjectCN && + args->dCert->subjectCNLen < ASN_NAME_MAX) { + XMEMCPY(args->domain, args->dCert->subjectCN, + args->dCert->subjectCNLen); args->domain[args->dCert->subjectCNLen] = '\0'; } else { diff --git a/src/ssl.c b/src/ssl.c index 2d33b4d7a..4f22b68ca 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -3612,8 +3612,10 @@ int wolfSSL_SetVersion(WOLFSSL* ssl, int version) /* Make a work from the front of random hash */ static INLINE word32 MakeWordFromHash(const byte* hashID) { - return (hashID[0] << 24) | (hashID[1] << 16) | (hashID[2] << 8) | - hashID[3]; + return (((word32)hashID[0] << 24) | + ((word32)hashID[1] << 16) | + ((word32)hashID[2] << 8) | + ((word32)hashID[3])); } #endif /* !NO_CERTS || !NO_SESSION_CACHE */ diff --git a/wolfcrypt/src/tfm.c b/wolfcrypt/src/tfm.c index 8690ecf06..664a74b54 100644 --- a/wolfcrypt/src/tfm.c +++ b/wolfcrypt/src/tfm.c @@ -485,7 +485,7 @@ void fp_mul_comba(fp_int *A, fp_int *B, fp_int *C) for (ix = 0; ix < pa; ix++) { /* get offsets into the two bignums */ - ty = MIN(ix, B->used-1); + ty = MIN(ix, (B->used > 0 ? B->used - 1 : 0)); tx = ix - ty; /* setup temp aliases */ From 1ca62ee0a1835a409d67741a05091115dd22cb04 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Tue, 15 May 2018 22:51:11 -0600 Subject: [PATCH 017/146] add error return for unsuported version --- wolfcrypt/src/asn.c | 1 + 1 file changed, 1 insertion(+) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index fafaf3f21..a9f689adf 100755 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -2600,6 +2600,7 @@ int UnTraditionalEnc(byte* key, word32 keySz, byte* out, word32* outSz, if (version == PKCS5v2) { WOLFSSL_MSG("PKCS5v2 Not supported yet\n"); + return ASN_VERSION_E; } if (salt == NULL || saltSz <= 0) { From 566bb4cefe0edcb26d9ef5973fb5782e992840f3 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Wed, 16 May 2018 08:38:50 -0600 Subject: [PATCH 018/146] version for PBE SHA1 DES oid --- wolfcrypt/src/asn.c | 4 ---- wolfcrypt/src/pkcs12.c | 7 ++++++- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index a9f689adf..28b7a5666 100755 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -2394,10 +2394,6 @@ static int CheckAlgo(int first, int second, int* id, int* version) return 0; #endif #ifndef NO_DES3 - case PBE_SHA1_DES: - *id = PBE_SHA1_DES; - *version = PKCS12v1; - return 0; case PBE_SHA1_DES3: *id = PBE_SHA1_DES3; *version = PKCS12v1; diff --git a/wolfcrypt/src/pkcs12.c b/wolfcrypt/src/pkcs12.c index 80f80d5c5..aebf2ed58 100644 --- a/wolfcrypt/src/pkcs12.c +++ b/wolfcrypt/src/pkcs12.c @@ -1150,7 +1150,7 @@ static int wc_PKCS12_shroud_key(WC_PKCS12* pkcs12, WC_RNG* rng, { void* heap; word32 tmpIdx = 0; - int vPKCS = 1; /* PKCS#12 is always set to 1 */ + int vPKCS = 1; /* PKCS#12 default set to 1 */ word32 sz; word32 totalSz = 0; int ret; @@ -1190,6 +1190,11 @@ static int wc_PKCS12_shroud_key(WC_PKCS12* pkcs12, WC_RNG* rng, else { WOLFSSL_MSG("creating PKCS12 Shrouded Key Bag"); + if (vAlgo == PBE_SHA1_DES) { + vPKCS = PKCS5; + vAlgo = 10; + } + ret = UnTraditionalEnc(key, keySz, out + tmpIdx, &sz, pass, passSz, vPKCS, vAlgo, NULL, 0, itt, rng, heap); } From d373844a18a4cdab781678d7afc75aa56ac15d96 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Wed, 16 May 2018 10:16:15 -0600 Subject: [PATCH 019/146] fix sequence with pkcs12 shrouded keybag creation --- wolfcrypt/src/asn.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 28b7a5666..707f2cbde 100755 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -2591,9 +2591,6 @@ int UnTraditionalEnc(byte* key, word32 keySz, byte* out, word32* outSz, MAX_LENGTH_SZ + MAX_SHORT_SZ + 1) return BUFFER_E; - sz = SetAlgoID(id, out + inOutIdx, oidPBEType, 0); - totalSz += sz; inOutIdx += sz; - if (version == PKCS5v2) { WOLFSSL_MSG("PKCS5v2 Not supported yet\n"); return ASN_VERSION_E; @@ -2621,6 +2618,7 @@ int UnTraditionalEnc(byte* key, word32 keySz, byte* out, word32* outSz, /* leave room for a sequence (contains salt and iterations int) */ inOutIdx += MAX_SEQ_SZ; sz = 0; + inOutIdx += MAX_ALGO_SZ; /* place salt in buffer */ out[inOutIdx++] = ASN_OCTET_STRING; sz++; @@ -2642,7 +2640,13 @@ int UnTraditionalEnc(byte* key, word32 keySz, byte* out, word32* outSz, inOutIdx -= (sz + MAX_SEQ_SZ); tmpSz = SetSequence(sz, out + inOutIdx); XMEMMOVE(out + inOutIdx + tmpSz, out + inOutIdx + MAX_SEQ_SZ, sz); - inOutIdx += tmpSz + sz; totalSz += tmpSz + sz; + totalSz += tmpSz + sz; sz += tmpSz; + + /* add in algo ID */ + inOutIdx -= MAX_ALGO_SZ; + tmpSz = SetAlgoID(id, out + inOutIdx, oidPBEType, sz); + XMEMMOVE(out + inOutIdx + tmpSz, out + inOutIdx + MAX_ALGO_SZ, sz); + totalSz += tmpSz; inOutIdx += tmpSz + sz; /* octet string containing encrypted key */ out[inOutIdx++] = ASN_OCTET_STRING; totalSz++; From 52b66edf72a48dad0f307fff2aec9dc6181b69e1 Mon Sep 17 00:00:00 2001 From: David Garske Date: Wed, 16 May 2018 13:27:13 -0700 Subject: [PATCH 020/146] Fixes for a few more fsanitize issues. Added alignment for ForceZero. Added word32 aligned acceleration for ForceZeero. Added 'NO_ALIGNED_FORCEZERO' define to allow disabling aligned ForceZero acceleration. We cast the 24 left-shifts to word32 because compiler assumes signed int type, and a runtime value with MSB set results into runtime fsanitize error. --- src/ssl.c | 6 ++---- wolfcrypt/src/misc.c | 25 ++++++++++++++++++++++++- wolfcrypt/src/pwdbased.c | 2 +- 3 files changed, 27 insertions(+), 6 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 4f22b68ca..2a38aaa2a 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -3612,10 +3612,8 @@ int wolfSSL_SetVersion(WOLFSSL* ssl, int version) /* Make a work from the front of random hash */ static INLINE word32 MakeWordFromHash(const byte* hashID) { - return (((word32)hashID[0] << 24) | - ((word32)hashID[1] << 16) | - ((word32)hashID[2] << 8) | - ((word32)hashID[3])); + return ((word32)hashID[0] << 24) | (hashID[1] << 16) | + (hashID[2] << 8) | hashID[3]; } #endif /* !NO_CERTS || !NO_SESSION_CACHE */ diff --git a/wolfcrypt/src/misc.c b/wolfcrypt/src/misc.c index 484ffd501..b56d16e48 100644 --- a/wolfcrypt/src/misc.c +++ b/wolfcrypt/src/misc.c @@ -199,13 +199,36 @@ STATIC INLINE void xorbuf(void* buf, const void* mask, word32 count) STATIC INLINE void ForceZero(const void* mem, word32 len) { volatile byte* z = (volatile byte*)mem; + +#ifndef NO_ALIGNED_FORCEZERO #if defined(WOLFSSL_X86_64_BUILD) && defined(WORD64_AVAILABLE) volatile word64* w; + /* align buffer */ + while (len && ((word64)z % sizeof(word64)) != 0) { + *z++ = 0; len--; + } + + /* do aligned force zero */ for (w = (volatile word64*)z; len >= sizeof(*w); len -= sizeof(*w)) *w++ = 0; z = (volatile byte*)w; +#else + volatile word32* w; + + /* align buffer */ + while (len && ((word32)z % sizeof(word32)) != 0) { + *z++ = 0; len--; + } + + /* do aligned force zero */ + for (w = (volatile word32*)z; len >= sizeof(*w); len -= sizeof(*w)) + *w++ = 0; + z = (volatile byte*)w; #endif +#endif /* NO_ALIGNED_FORCEZERO */ + + /* do byte by byte force zero */ while (len--) *z++ = 0; } @@ -292,7 +315,7 @@ STATIC INLINE void ato16(const byte* c, word16* wc_u16) /* convert opaque to 32 bit integer */ STATIC INLINE void ato32(const byte* c, word32* wc_u32) { - *wc_u32 = (c[0] << 24) | (c[1] << 16) | (c[2] << 8) | c[3]; + *wc_u32 = ((word32)c[0] << 24) | (c[1] << 16) | (c[2] << 8) | c[3]; } diff --git a/wolfcrypt/src/pwdbased.c b/wolfcrypt/src/pwdbased.c index f29665a7f..cadd1c892 100755 --- a/wolfcrypt/src/pwdbased.c +++ b/wolfcrypt/src/pwdbased.c @@ -645,7 +645,7 @@ static void scryptROMix(byte* x, byte* v, byte* y, int r, word32 n) #endif #else byte* t = x + (2*r - 1) * 64; - j = (t[0] | (t[1] << 8) | (t[2] << 16) | (t[3] << 24)) & (n-1); + j = (t[0] | (t[1] << 8) | (t[2] << 16) | ((word32)t[3] << 24)) & (n-1); #endif #ifdef WORD64_AVAILABLE for (k = 0; k < bSz / 8; k++) From dad574edb8219b5467f94ae5bd04bfbf063cf2d1 Mon Sep 17 00:00:00 2001 From: David Garske Date: Wed, 16 May 2018 14:34:16 -0700 Subject: [PATCH 021/146] Fix to use proper type (`size_t`) for alignment check. --- wolfcrypt/src/misc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/wolfcrypt/src/misc.c b/wolfcrypt/src/misc.c index b56d16e48..1fbe774da 100644 --- a/wolfcrypt/src/misc.c +++ b/wolfcrypt/src/misc.c @@ -205,7 +205,7 @@ STATIC INLINE void ForceZero(const void* mem, word32 len) volatile word64* w; /* align buffer */ - while (len && ((word64)z % sizeof(word64)) != 0) { + while (len && ((size_t)z % sizeof(word64)) != 0) { *z++ = 0; len--; } @@ -217,7 +217,7 @@ STATIC INLINE void ForceZero(const void* mem, word32 len) volatile word32* w; /* align buffer */ - while (len && ((word32)z % sizeof(word32)) != 0) { + while (len && ((size_t)z % sizeof(word32)) != 0) { *z++ = 0; len--; } From 81632251804fa990eed28ddf5ab7b8fa0770d450 Mon Sep 17 00:00:00 2001 From: David Garske Date: Wed, 16 May 2018 12:22:17 -0700 Subject: [PATCH 022/146] Refactor of the cipher suite names to use single array, which contains internal name, IANA name and cipher suite bytes. --- src/internal.c | 1361 ++++++++------------------------------------ src/ssl.c | 28 +- tests/api.c | 16 + wolfssl/internal.h | 16 +- wolfssl/ssl.h | 2 + 5 files changed, 271 insertions(+), 1152 deletions(-) diff --git a/src/internal.c b/src/internal.c index 42508d492..5dd6b0567 100644 --- a/src/internal.c +++ b/src/internal.c @@ -1854,7 +1854,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, #ifdef HAVE_RENEGOTIATION_INDICATION if (side == WOLFSSL_CLIENT_END) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_EMPTY_RENEGOTIATION_INFO_SCSV; } #endif @@ -1868,28 +1868,28 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, #ifdef BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA if (tls && haveNTRU && haveRSA) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_NTRU_RSA_WITH_AES_256_CBC_SHA; } #endif #ifdef BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA if (tls && haveNTRU && haveRSA) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_NTRU_RSA_WITH_AES_128_CBC_SHA; } #endif #ifdef BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA if (!dtls && tls && haveNTRU && haveRSA) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_NTRU_RSA_WITH_RC4_128_SHA; } #endif #ifdef BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA if (tls && haveNTRU && haveRSA) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA; } #endif @@ -1961,28 +1961,28 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 if (tls1_2 && haveDH && haveRSA) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_256_GCM_SHA384; } #endif #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 if (tls1_2 && haveDH && haveRSA) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_128_GCM_SHA256; } #endif #ifdef BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384 if (tls1_2 && haveRSA) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_RSA_WITH_AES_256_GCM_SHA384; } #endif #ifdef BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256 if (tls1_2 && haveRSA) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_RSA_WITH_AES_128_GCM_SHA256; } #endif @@ -2017,35 +2017,42 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, #ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 if (tls1_2 && haveDH && havePSK) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_DHE_PSK_WITH_AES_256_GCM_SHA384; } #endif +#ifdef BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA + if (tls1_2 && haveDH) { + suites->suites[idx++] = CIPHER_BYTE; + suites->suites[idx++] = TLS_DH_anon_WITH_AES_128_CBC_SHA; + } +#endif + #ifdef BUILD_TLS_DH_anon_WITH_AES_256_GCM_SHA384 if (tls1_2 && haveDH) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_DH_anon_WITH_AES_256_GCM_SHA384; } #endif #ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 if (tls1_2 && haveDH && havePSK) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_DHE_PSK_WITH_AES_128_GCM_SHA256; } #endif #ifdef BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384 if (tls1_2 && havePSK) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_PSK_WITH_AES_256_GCM_SHA384; } #endif #ifdef BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256 if (tls1_2 && havePSK) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_PSK_WITH_AES_128_GCM_SHA256; } #endif @@ -2075,7 +2082,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, #if defined(WOLFSSL_MYSQL_COMPATIBLE) #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA if (tls && haveDH && haveRSA) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_256_CBC_SHA; } #endif @@ -2286,14 +2293,14 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 if (tls && haveDH && haveRSA) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_256_CBC_SHA256; } #endif #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 if (tls && haveDH && haveRSA) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_128_CBC_SHA256; } #endif @@ -2302,7 +2309,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, #if !defined(WOLFSSL_MYSQL_COMPATIBLE) #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA if (tls && haveDH && haveRSA) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_256_CBC_SHA; } #endif @@ -2310,42 +2317,42 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA if (tls && haveDH && haveRSA) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_128_CBC_SHA; } #endif #ifdef BUILD_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA if (tls && haveDH && haveRSA) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA; } #endif #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256 if (tls && haveRSA) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_RSA_WITH_AES_256_CBC_SHA256; } #endif #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256 if (tls && haveRSA) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_RSA_WITH_AES_128_CBC_SHA256; } #endif #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA if (tls && haveRSA) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_RSA_WITH_AES_256_CBC_SHA; } #endif #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA if (tls && haveRSA) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_RSA_WITH_AES_128_CBC_SHA; } #endif @@ -2381,56 +2388,56 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, #ifdef BUILD_TLS_RSA_WITH_NULL_SHA if (tls && haveRSA) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_RSA_WITH_NULL_SHA; } #endif #ifdef BUILD_TLS_RSA_WITH_NULL_SHA256 if (tls && haveRSA) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_RSA_WITH_NULL_SHA256; } #endif #ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA if (tls && havePSK) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_PSK_WITH_AES_256_CBC_SHA; } #endif #ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 if (tls && haveDH && havePSK) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_DHE_PSK_WITH_AES_256_CBC_SHA384; } #endif #ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384 if (tls && havePSK) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_PSK_WITH_AES_256_CBC_SHA384; } #endif #ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 if (tls && haveDH && havePSK) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_DHE_PSK_WITH_AES_128_CBC_SHA256; } #endif #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256 if (tls && havePSK) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_PSK_WITH_AES_128_CBC_SHA256; } #endif #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA if (tls && havePSK) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_PSK_WITH_AES_128_CBC_SHA; } #endif @@ -2507,14 +2514,14 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, #ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA384 if (tls && haveDH && havePSK) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_DHE_PSK_WITH_NULL_SHA384; } #endif #ifdef BUILD_TLS_PSK_WITH_NULL_SHA384 if (tls && havePSK) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_PSK_WITH_NULL_SHA384; } #endif @@ -2528,147 +2535,147 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, #ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA256 if (tls && haveDH && havePSK) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_DHE_PSK_WITH_NULL_SHA256; } #endif #ifdef BUILD_TLS_PSK_WITH_NULL_SHA256 if (tls && havePSK) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_PSK_WITH_NULL_SHA256; } #endif #ifdef BUILD_TLS_PSK_WITH_NULL_SHA if (tls && havePSK) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_PSK_WITH_NULL_SHA; } #endif #ifdef BUILD_SSL_RSA_WITH_RC4_128_SHA if (!dtls && haveRSA) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = SSL_RSA_WITH_RC4_128_SHA; } #endif #ifdef BUILD_SSL_RSA_WITH_RC4_128_MD5 if (!dtls && haveRSA) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = SSL_RSA_WITH_RC4_128_MD5; } #endif #ifdef BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA if (haveRSA ) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = SSL_RSA_WITH_3DES_EDE_CBC_SHA; } #endif #ifdef BUILD_TLS_RSA_WITH_HC_128_MD5 if (!dtls && tls && haveRSA) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_RSA_WITH_HC_128_MD5; } #endif #ifdef BUILD_TLS_RSA_WITH_HC_128_SHA if (!dtls && tls && haveRSA) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_RSA_WITH_HC_128_SHA; } #endif #ifdef BUILD_TLS_RSA_WITH_HC_128_B2B256 if (!dtls && tls && haveRSA) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_RSA_WITH_HC_128_B2B256; } #endif #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256 if (tls && haveRSA) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_RSA_WITH_AES_128_CBC_B2B256; } #endif #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256 if (tls && haveRSA) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_RSA_WITH_AES_256_CBC_B2B256; } #endif #ifdef BUILD_TLS_RSA_WITH_RABBIT_SHA if (!dtls && tls && haveRSA) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_RSA_WITH_RABBIT_SHA; } #endif #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA if (tls && haveRSA) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_RSA_WITH_CAMELLIA_128_CBC_SHA; } #endif #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA if (tls && haveDH && haveRSA) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA; } #endif #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA if (tls && haveRSA) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_RSA_WITH_CAMELLIA_256_CBC_SHA; } #endif #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA if (tls && haveDH && haveRSA) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA; } #endif #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 if (tls && haveRSA) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256; } #endif #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 if (tls && haveDH && haveRSA) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256; } #endif #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 if (tls && haveRSA) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256; } #endif #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 if (tls && haveDH && haveRSA) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256; } #endif #ifdef BUILD_SSL_RSA_WITH_IDEA_CBC_SHA if (haveRSA) { - suites->suites[idx++] = 0; + suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = SSL_RSA_WITH_IDEA_CBC_SHA; } #endif @@ -15222,1466 +15229,546 @@ void SetErrorString(int error, char* str) XSTRNCPY(str, wolfSSL_ERR_reason_error_string(error), WOLFSSL_MAX_ERROR_SZ); } +#ifdef NO_ERROR_STRINGS + #define NAME_IANA(name) NULL +#else + #define NAME_IANA(name) name +#endif -/* be sure to add to cipher_name_idx too !!!! */ -static const char* const cipher_names[] = +static const CipherSuiteInfo cipher_names[] = { #ifdef BUILD_SSL_RSA_WITH_RC4_128_SHA - "RC4-SHA", + {"RC4-SHA", NAME_IANA("SSL_RSA_WITH_RC4_128_SHA"), CIPHER_BYTE, SSL_RSA_WITH_RC4_128_SHA}, #endif #ifdef BUILD_SSL_RSA_WITH_RC4_128_MD5 - "RC4-MD5", + {"RC4-MD5", NAME_IANA("SSL_RSA_WITH_RC4_128_MD5"), CIPHER_BYTE, SSL_RSA_WITH_RC4_128_MD5}, #endif #ifdef BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA - "DES-CBC3-SHA", + {"DES-CBC3-SHA", NAME_IANA("SSL_RSA_WITH_3DES_EDE_CBC_SHA"), CIPHER_BYTE, SSL_RSA_WITH_3DES_EDE_CBC_SHA}, #endif #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA - "AES128-SHA", + {"AES128-SHA", NAME_IANA("TLS_RSA_WITH_AES_128_CBC_SHA"), CIPHER_BYTE, TLS_RSA_WITH_AES_128_CBC_SHA}, #endif #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA - "AES256-SHA", + {"AES256-SHA", NAME_IANA("TLS_RSA_WITH_AES_256_CBC_SHA"), CIPHER_BYTE, TLS_RSA_WITH_AES_256_CBC_SHA}, #endif #ifdef BUILD_TLS_RSA_WITH_NULL_SHA - "NULL-SHA", + {"NULL-SHA", NAME_IANA("TLS_RSA_WITH_NULL_SHA"), CIPHER_BYTE, TLS_RSA_WITH_NULL_SHA}, #endif #ifdef BUILD_TLS_RSA_WITH_NULL_SHA256 - "NULL-SHA256", + {"NULL-SHA256", NAME_IANA("TLS_RSA_WITH_NULL_SHA256"), CIPHER_BYTE, TLS_RSA_WITH_NULL_SHA256}, #endif #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA - "DHE-RSA-AES128-SHA", + {"DHE-RSA-AES128-SHA", NAME_IANA("TLS_DHE_RSA_WITH_AES_128_CBC_SHA"), CIPHER_BYTE, TLS_DHE_RSA_WITH_AES_128_CBC_SHA}, #endif #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA - "DHE-RSA-AES256-SHA", + {"DHE-RSA-AES256-SHA", NAME_IANA("TLS_DHE_RSA_WITH_AES_256_CBC_SHA"), CIPHER_BYTE, TLS_DHE_RSA_WITH_AES_256_CBC_SHA}, #endif #ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 - "DHE-PSK-AES256-GCM-SHA384", + {"DHE-PSK-AES256-GCM-SHA384", NAME_IANA("TLS_DHE_PSK_WITH_AES_256_GCM_SHA384"), CIPHER_BYTE, TLS_DHE_PSK_WITH_AES_256_GCM_SHA384}, #endif #ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 - "DHE-PSK-AES128-GCM-SHA256", + {"DHE-PSK-AES128-GCM-SHA256", NAME_IANA("TLS_DHE_PSK_WITH_AES_128_GCM_SHA256"), CIPHER_BYTE, TLS_DHE_PSK_WITH_AES_128_GCM_SHA256}, #endif #ifdef BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384 - "PSK-AES256-GCM-SHA384", + {"PSK-AES256-GCM-SHA384", NAME_IANA("TLS_PSK_WITH_AES_256_GCM_SHA384"), CIPHER_BYTE, TLS_PSK_WITH_AES_256_GCM_SHA384}, #endif #ifdef BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256 - "PSK-AES128-GCM-SHA256", + {"PSK-AES128-GCM-SHA256", NAME_IANA("TLS_PSK_WITH_AES_128_GCM_SHA256"), CIPHER_BYTE, TLS_PSK_WITH_AES_128_GCM_SHA256}, #endif #ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 - "DHE-PSK-AES256-CBC-SHA384", + {"DHE-PSK-AES256-CBC-SHA384", NAME_IANA("TLS_DHE_PSK_WITH_AES_256_CBC_SHA384"), CIPHER_BYTE, TLS_DHE_PSK_WITH_AES_256_CBC_SHA384}, #endif #ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 - "DHE-PSK-AES128-CBC-SHA256", + {"DHE-PSK-AES128-CBC-SHA256", NAME_IANA("TLS_DHE_PSK_WITH_AES_128_CBC_SHA256"), CIPHER_BYTE, TLS_DHE_PSK_WITH_AES_128_CBC_SHA256}, #endif #ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384 - "PSK-AES256-CBC-SHA384", + {"PSK-AES256-CBC-SHA384", NAME_IANA("TLS_PSK_WITH_AES_256_CBC_SHA384"), CIPHER_BYTE, TLS_PSK_WITH_AES_256_CBC_SHA384}, #endif #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256 - "PSK-AES128-CBC-SHA256", + {"PSK-AES128-CBC-SHA256", NAME_IANA("TLS_PSK_WITH_AES_128_CBC_SHA256"), CIPHER_BYTE, TLS_PSK_WITH_AES_128_CBC_SHA256}, #endif #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA - "PSK-AES128-CBC-SHA", + {"PSK-AES128-CBC-SHA", NAME_IANA("TLS_PSK_WITH_AES_128_CBC_SHA"), CIPHER_BYTE, TLS_PSK_WITH_AES_128_CBC_SHA}, #endif #ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA - "PSK-AES256-CBC-SHA", + {"PSK-AES256-CBC-SHA", NAME_IANA("TLS_PSK_WITH_AES_256_CBC_SHA"), CIPHER_BYTE, TLS_PSK_WITH_AES_256_CBC_SHA}, #endif #ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CCM - "DHE-PSK-AES128-CCM", + {"DHE-PSK-AES128-CCM", NAME_IANA("TLS_DHE_PSK_WITH_AES_128_CCM"), ECC_BYTE, TLS_DHE_PSK_WITH_AES_128_CCM}, #endif #ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CCM - "DHE-PSK-AES256-CCM", + {"DHE-PSK-AES256-CCM", NAME_IANA("TLS_DHE_PSK_WITH_AES_256_CCM"), ECC_BYTE, TLS_DHE_PSK_WITH_AES_256_CCM}, #endif #ifdef BUILD_TLS_PSK_WITH_AES_128_CCM - "PSK-AES128-CCM", + {"PSK-AES128-CCM", NAME_IANA("TLS_PSK_WITH_AES_128_CCM"), ECC_BYTE, TLS_PSK_WITH_AES_128_CCM}, #endif #ifdef BUILD_TLS_PSK_WITH_AES_256_CCM - "PSK-AES256-CCM", + {"PSK-AES256-CCM", NAME_IANA("TLS_PSK_WITH_AES_256_CCM"), ECC_BYTE, TLS_PSK_WITH_AES_256_CCM}, #endif #ifdef BUILD_TLS_PSK_WITH_AES_128_CCM_8 - "PSK-AES128-CCM-8", + {"PSK-AES128-CCM-8", NAME_IANA("TLS_PSK_WITH_AES_128_CCM_8"), ECC_BYTE, TLS_PSK_WITH_AES_128_CCM_8}, #endif #ifdef BUILD_TLS_PSK_WITH_AES_256_CCM_8 - "PSK-AES256-CCM-8", + {"PSK-AES256-CCM-8", NAME_IANA("TLS_PSK_WITH_AES_256_CCM_8"), ECC_BYTE, TLS_PSK_WITH_AES_256_CCM_8}, #endif #ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA384 - "DHE-PSK-NULL-SHA384", + {"DHE-PSK-NULL-SHA384", NAME_IANA("TLS_DHE_PSK_WITH_NULL_SHA384"), CIPHER_BYTE, TLS_DHE_PSK_WITH_NULL_SHA384}, #endif #ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA256 - "DHE-PSK-NULL-SHA256", + {"DHE-PSK-NULL-SHA256", NAME_IANA("TLS_DHE_PSK_WITH_NULL_SHA256"), CIPHER_BYTE, TLS_DHE_PSK_WITH_NULL_SHA256}, #endif #ifdef BUILD_TLS_PSK_WITH_NULL_SHA384 - "PSK-NULL-SHA384", + {"PSK-NULL-SHA384", NAME_IANA("TLS_PSK_WITH_NULL_SHA384"), CIPHER_BYTE, TLS_PSK_WITH_NULL_SHA384}, #endif #ifdef BUILD_TLS_PSK_WITH_NULL_SHA256 - "PSK-NULL-SHA256", + {"PSK-NULL-SHA256", NAME_IANA("TLS_PSK_WITH_NULL_SHA256"), CIPHER_BYTE, TLS_PSK_WITH_NULL_SHA256}, #endif #ifdef BUILD_TLS_PSK_WITH_NULL_SHA - "PSK-NULL-SHA", + {"PSK-NULL-SHA", NAME_IANA("TLS_PSK_WITH_NULL_SHA"), CIPHER_BYTE, TLS_PSK_WITH_NULL_SHA}, #endif #ifdef BUILD_TLS_RSA_WITH_HC_128_MD5 - "HC128-MD5", + {"HC128-MD5", NAME_IANA("TLS_RSA_WITH_HC_128_MD5"), CIPHER_BYTE, TLS_RSA_WITH_HC_128_MD5}, #endif #ifdef BUILD_TLS_RSA_WITH_HC_128_SHA - "HC128-SHA", + {"HC128-SHA", NAME_IANA("TLS_RSA_WITH_HC_128_SHA"), CIPHER_BYTE, TLS_RSA_WITH_HC_128_SHA}, #endif #ifdef BUILD_TLS_RSA_WITH_HC_128_B2B256 - "HC128-B2B256", + {"HC128-B2B256", NAME_IANA("TLS_RSA_WITH_HC_128_B2B256"), CIPHER_BYTE, TLS_RSA_WITH_HC_128_B2B256}, #endif #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256 - "AES128-B2B256", + {"AES128-B2B256", NAME_IANA("TLS_RSA_WITH_AES_128_CBC_B2B256"), CIPHER_BYTE, TLS_RSA_WITH_AES_128_CBC_B2B256}, #endif #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256 - "AES256-B2B256", + {"AES256-B2B256", NAME_IANA("TLS_RSA_WITH_AES_256_CBC_B2B256"), CIPHER_BYTE, TLS_RSA_WITH_AES_256_CBC_B2B256}, #endif #ifdef BUILD_TLS_RSA_WITH_RABBIT_SHA - "RABBIT-SHA", + {"RABBIT-SHA", NAME_IANA("TLS_RSA_WITH_RABBIT_SHA"), CIPHER_BYTE, TLS_RSA_WITH_RABBIT_SHA}, #endif #ifdef BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA - "NTRU-RC4-SHA", + {"NTRU-RC4-SHA", NAME_IANA("TLS_NTRU_RSA_WITH_RC4_128_SHA"), CIPHER_BYTE, TLS_NTRU_RSA_WITH_RC4_128_SHA}, #endif #ifdef BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA - "NTRU-DES-CBC3-SHA", + {"NTRU-DES-CBC3-SHA", NAME_IANA("TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA"), CIPHER_BYTE, TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA}, #endif #ifdef BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA - "NTRU-AES128-SHA", + {"NTRU-AES128-SHA", NAME_IANA("TLS_NTRU_RSA_WITH_AES_128_CBC_SHA"), CIPHER_BYTE, TLS_NTRU_RSA_WITH_AES_128_CBC_SHA}, #endif #ifdef BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA - "NTRU-AES256-SHA", + {"NTRU-AES256-SHA", NAME_IANA("TLS_NTRU_RSA_WITH_AES_256_CBC_SHA"), CIPHER_BYTE, TLS_NTRU_RSA_WITH_AES_256_CBC_SHA}, #endif #ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8 - "AES128-CCM-8", + {"AES128-CCM-8", NAME_IANA("TLS_RSA_WITH_AES_128_CCM_8"), ECC_BYTE, TLS_RSA_WITH_AES_128_CCM_8}, #endif #ifdef BUILD_TLS_RSA_WITH_AES_256_CCM_8 - "AES256-CCM-8", + {"AES256-CCM-8", NAME_IANA("TLS_RSA_WITH_AES_256_CCM_8"), ECC_BYTE, TLS_RSA_WITH_AES_256_CCM_8}, #endif #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM - "ECDHE-ECDSA-AES128-CCM", + {"ECDHE-ECDSA-AES128-CCM", NAME_IANA("TLS_ECDHE_ECDSA_WITH_AES_128_CCM"), ECC_BYTE, TLS_ECDHE_ECDSA_WITH_AES_128_CCM}, #endif #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 - "ECDHE-ECDSA-AES128-CCM-8", + {"ECDHE-ECDSA-AES128-CCM-8", NAME_IANA("TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8"), ECC_BYTE, TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8}, #endif #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 - "ECDHE-ECDSA-AES256-CCM-8", + {"ECDHE-ECDSA-AES256-CCM-8", NAME_IANA("TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8"), ECC_BYTE, TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8}, #endif #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - "ECDHE-RSA-AES128-SHA", + {"ECDHE-RSA-AES128-SHA", NAME_IANA("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"), ECC_BYTE, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA}, #endif #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - "ECDHE-RSA-AES256-SHA", + {"ECDHE-RSA-AES256-SHA", NAME_IANA("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"), ECC_BYTE, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA}, #endif #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA - "ECDHE-ECDSA-AES128-SHA", + {"ECDHE-ECDSA-AES128-SHA", NAME_IANA("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA"), ECC_BYTE, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA}, #endif #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA - "ECDHE-ECDSA-AES256-SHA", + {"ECDHE-ECDSA-AES256-SHA", NAME_IANA("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"), ECC_BYTE, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA}, #endif #ifdef BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA - "ECDHE-RSA-RC4-SHA", + {"ECDHE-RSA-RC4-SHA", NAME_IANA("TLS_ECDHE_RSA_WITH_RC4_128_SHA"), ECC_BYTE, TLS_ECDHE_RSA_WITH_RC4_128_SHA}, #endif #ifdef BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA - "ECDHE-RSA-DES-CBC3-SHA", + {"ECDHE-RSA-DES-CBC3-SHA", NAME_IANA("TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA"), ECC_BYTE, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA}, #endif #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA - "ECDHE-ECDSA-RC4-SHA", + {"ECDHE-ECDSA-RC4-SHA", NAME_IANA("TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"), ECC_BYTE, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA}, #endif #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA - "ECDHE-ECDSA-DES-CBC3-SHA", + {"ECDHE-ECDSA-DES-CBC3-SHA", NAME_IANA("TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA"), ECC_BYTE, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA}, #endif #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256 - "AES128-SHA256", + {"AES128-SHA256", NAME_IANA("TLS_RSA_WITH_AES_128_CBC_SHA256"), CIPHER_BYTE, TLS_RSA_WITH_AES_128_CBC_SHA256}, #endif #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256 - "AES256-SHA256", + {"AES256-SHA256", NAME_IANA("TLS_RSA_WITH_AES_256_CBC_SHA256"), CIPHER_BYTE, TLS_RSA_WITH_AES_256_CBC_SHA256}, #endif #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 - "DHE-RSA-AES128-SHA256", + {"DHE-RSA-AES128-SHA256", NAME_IANA("TLS_DHE_RSA_WITH_AES_128_CBC_SHA256"), CIPHER_BYTE, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256}, #endif #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 - "DHE-RSA-AES256-SHA256", + {"DHE-RSA-AES256-SHA256", NAME_IANA("TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"), CIPHER_BYTE, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256}, #endif #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA - "ECDH-RSA-AES128-SHA", + {"ECDH-RSA-AES128-SHA", NAME_IANA("TLS_ECDH_RSA_WITH_AES_128_CBC_SHA"), ECC_BYTE, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA}, #endif #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA - "ECDH-RSA-AES256-SHA", + {"ECDH-RSA-AES256-SHA", NAME_IANA("TLS_ECDH_RSA_WITH_AES_256_CBC_SHA"), ECC_BYTE, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA}, #endif #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA - "ECDH-ECDSA-AES128-SHA", + {"ECDH-ECDSA-AES128-SHA", NAME_IANA("TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA"), ECC_BYTE, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA}, #endif #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA - "ECDH-ECDSA-AES256-SHA", + {"ECDH-ECDSA-AES256-SHA", NAME_IANA("TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA"), ECC_BYTE, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA}, #endif #ifdef BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA - "ECDH-RSA-RC4-SHA", + {"ECDH-RSA-RC4-SHA", NAME_IANA("TLS_ECDH_RSA_WITH_RC4_128_SHA"), ECC_BYTE, TLS_ECDH_RSA_WITH_RC4_128_SHA}, #endif #ifdef BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA - "ECDH-RSA-DES-CBC3-SHA", + {"ECDH-RSA-DES-CBC3-SHA", NAME_IANA("TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA"), ECC_BYTE, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA}, #endif #ifdef BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA - "ECDH-ECDSA-RC4-SHA", + {"ECDH-ECDSA-RC4-SHA", NAME_IANA("TLS_ECDH_ECDSA_WITH_RC4_128_SHA"), ECC_BYTE, TLS_ECDH_ECDSA_WITH_RC4_128_SHA}, #endif #ifdef BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA - "ECDH-ECDSA-DES-CBC3-SHA", + {"ECDH-ECDSA-DES-CBC3-SHA", NAME_IANA("TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA"), ECC_BYTE, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA}, #endif #ifdef BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256 - "AES128-GCM-SHA256", + {"AES128-GCM-SHA256", NAME_IANA("TLS_RSA_WITH_AES_128_GCM_SHA256"), CIPHER_BYTE, TLS_RSA_WITH_AES_128_GCM_SHA256}, #endif #ifdef BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384 - "AES256-GCM-SHA384", + {"AES256-GCM-SHA384", NAME_IANA("TLS_RSA_WITH_AES_256_GCM_SHA384"), CIPHER_BYTE, TLS_RSA_WITH_AES_256_GCM_SHA384}, #endif #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 - "DHE-RSA-AES128-GCM-SHA256", + {"DHE-RSA-AES128-GCM-SHA256", NAME_IANA("TLS_DHE_RSA_WITH_AES_128_GCM_SHA256"), CIPHER_BYTE, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256}, #endif #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 - "DHE-RSA-AES256-GCM-SHA384", + {"DHE-RSA-AES256-GCM-SHA384", NAME_IANA("TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"), CIPHER_BYTE, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384}, #endif #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - "ECDHE-RSA-AES128-GCM-SHA256", + {"ECDHE-RSA-AES128-GCM-SHA256", NAME_IANA("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"), ECC_BYTE, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256}, #endif #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - "ECDHE-RSA-AES256-GCM-SHA384", + {"ECDHE-RSA-AES256-GCM-SHA384", NAME_IANA("TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"), ECC_BYTE, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384}, #endif #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - "ECDHE-ECDSA-AES128-GCM-SHA256", + {"ECDHE-ECDSA-AES128-GCM-SHA256", NAME_IANA("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"), ECC_BYTE, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256}, #endif #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 - "ECDHE-ECDSA-AES256-GCM-SHA384", + {"ECDHE-ECDSA-AES256-GCM-SHA384", NAME_IANA("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"), ECC_BYTE, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384}, #endif #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 - "ECDH-RSA-AES128-GCM-SHA256", + {"ECDH-RSA-AES128-GCM-SHA256", NAME_IANA("TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256"), ECC_BYTE, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256}, #endif #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 - "ECDH-RSA-AES256-GCM-SHA384", + {"ECDH-RSA-AES256-GCM-SHA384", NAME_IANA("TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384"), ECC_BYTE, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384}, #endif #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 - "ECDH-ECDSA-AES128-GCM-SHA256", + {"ECDH-ECDSA-AES128-GCM-SHA256", NAME_IANA("TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256"), ECC_BYTE, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256}, #endif #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 - "ECDH-ECDSA-AES256-GCM-SHA384", + {"ECDH-ECDSA-AES256-GCM-SHA384", NAME_IANA("TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384"), ECC_BYTE, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384}, #endif #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA - "CAMELLIA128-SHA", + {"CAMELLIA128-SHA", NAME_IANA("TLS_RSA_WITH_CAMELLIA_128_CBC_SHA"), CIPHER_BYTE, TLS_RSA_WITH_CAMELLIA_128_CBC_SHA}, #endif #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA - "DHE-RSA-CAMELLIA128-SHA", + {"DHE-RSA-CAMELLIA128-SHA", NAME_IANA("TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA"), CIPHER_BYTE, TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA}, #endif #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA - "CAMELLIA256-SHA", + {"CAMELLIA256-SHA", NAME_IANA("TLS_RSA_WITH_CAMELLIA_256_CBC_SHA"), CIPHER_BYTE, TLS_RSA_WITH_CAMELLIA_256_CBC_SHA}, #endif #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA - "DHE-RSA-CAMELLIA256-SHA", + {"DHE-RSA-CAMELLIA256-SHA", NAME_IANA("TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA"), CIPHER_BYTE, TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA}, #endif #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 - "CAMELLIA128-SHA256", + {"CAMELLIA128-SHA256", NAME_IANA("TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256"), CIPHER_BYTE, TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256}, #endif #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 - "DHE-RSA-CAMELLIA128-SHA256", + {"DHE-RSA-CAMELLIA128-SHA256", NAME_IANA("TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256"), CIPHER_BYTE, TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256}, #endif #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 - "CAMELLIA256-SHA256", + {"CAMELLIA256-SHA256", NAME_IANA("TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256"), CIPHER_BYTE, TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256}, #endif #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 - "DHE-RSA-CAMELLIA256-SHA256", + {"DHE-RSA-CAMELLIA256-SHA256", NAME_IANA("TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256"), CIPHER_BYTE, TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256}, #endif #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - "ECDHE-RSA-AES128-SHA256", + {"ECDHE-RSA-AES128-SHA256", NAME_IANA("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"), ECC_BYTE, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256}, #endif #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 - "ECDHE-ECDSA-AES128-SHA256", + {"ECDHE-ECDSA-AES128-SHA256", NAME_IANA("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"), ECC_BYTE, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256}, #endif #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 - "ECDH-RSA-AES128-SHA256", + {"ECDH-RSA-AES128-SHA256", NAME_IANA("TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256"), ECC_BYTE, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256}, #endif #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 - "ECDH-ECDSA-AES128-SHA256", + {"ECDH-ECDSA-AES128-SHA256", NAME_IANA("TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256"), ECC_BYTE, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256}, #endif #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 - "ECDHE-RSA-AES256-SHA384", + {"ECDHE-RSA-AES256-SHA384", NAME_IANA("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"), ECC_BYTE, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384}, #endif #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 - "ECDHE-ECDSA-AES256-SHA384", + {"ECDHE-ECDSA-AES256-SHA384", NAME_IANA("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384"), ECC_BYTE, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384}, #endif #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 - "ECDH-RSA-AES256-SHA384", + {"ECDH-RSA-AES256-SHA384", NAME_IANA("TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384"), ECC_BYTE, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384}, #endif #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 - "ECDH-ECDSA-AES256-SHA384", + {"ECDH-ECDSA-AES256-SHA384", NAME_IANA("TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384"), ECC_BYTE, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384}, #endif #ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - "ECDHE-RSA-CHACHA20-POLY1305", + {"ECDHE-RSA-CHACHA20-POLY1305", NAME_IANA("TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"), CHACHA_BYTE, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256}, #endif #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 - "ECDHE-ECDSA-CHACHA20-POLY1305", + {"ECDHE-ECDSA-CHACHA20-POLY1305", NAME_IANA("TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"), CHACHA_BYTE, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256}, #endif #ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - "DHE-RSA-CHACHA20-POLY1305", + {"DHE-RSA-CHACHA20-POLY1305", NAME_IANA("TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256"), CHACHA_BYTE, TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256}, #endif #ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 - "ECDHE-RSA-CHACHA20-POLY1305-OLD", + {"ECDHE-RSA-CHACHA20-POLY1305-OLD", NAME_IANA("TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256"), CHACHA_BYTE, TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256}, #endif #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256 - "ECDHE-ECDSA-CHACHA20-POLY1305-OLD", + {"ECDHE-ECDSA-CHACHA20-POLY1305-OLD", NAME_IANA("TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256"), CHACHA_BYTE, TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256}, #endif #ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 - "DHE-RSA-CHACHA20-POLY1305-OLD", + {"DHE-RSA-CHACHA20-POLY1305-OLD", NAME_IANA("TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256"), CHACHA_BYTE, TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256}, #endif #ifdef BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA - "ADH-AES128-SHA", + {"ADH-AES128-SHA", NAME_IANA("TLS_DH_anon_WITH_AES_128_CBC_SHA"), CIPHER_BYTE, TLS_DH_anon_WITH_AES_128_CBC_SHA}, #endif #ifdef BUILD_TLS_DH_anon_WITH_AES_256_GCM_SHA384 - "ADH-AES256-GCM-SHA384", + {"ADH-AES256-GCM-SHA384", NAME_IANA("TLS_DH_anon_WITH_AES_256_GCM_SHA384"), CIPHER_BYTE, TLS_DH_anon_WITH_AES_256_GCM_SHA384}, #endif #ifdef BUILD_TLS_QSH - "QSH", + {"QSH", NAME_IANA("TLS_QSH"), QSH_BYTE, TLS_QSH}, #endif #ifdef HAVE_RENEGOTIATION_INDICATION - "RENEGOTIATION-INFO", + {"RENEGOTIATION-INFO", NAME_IANA("TLS_EMPTY_RENEGOTIATION_INFO_SCSV"), CIPHER_BYTE, TLS_EMPTY_RENEGOTIATION_INFO_SCSV}, #endif #ifdef BUILD_SSL_RSA_WITH_IDEA_CBC_SHA - "IDEA-CBC-SHA", + {"IDEA-CBC-SHA", NAME_IANA("SSL_RSA_WITH_IDEA_CBC_SHA"), CIPHER_BYTE, SSL_RSA_WITH_IDEA_CBC_SHA}, #endif #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_NULL_SHA - "ECDHE-ECDSA-NULL-SHA", + {"ECDHE-ECDSA-NULL-SHA", NAME_IANA("TLS_ECDHE_ECDSA_WITH_NULL_SHA"), ECC_BYTE, TLS_ECDHE_ECDSA_WITH_NULL_SHA}, #endif #ifdef BUILD_TLS_ECDHE_PSK_WITH_NULL_SHA256 - "ECDHE-PSK-NULL-SHA256", + {"ECDHE-PSK-NULL-SHA256", NAME_IANA("TLS_ECDHE_PSK_WITH_NULL_SHA256"), ECC_BYTE, TLS_ECDHE_PSK_WITH_NULL_SHA256}, #endif #ifdef BUILD_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 - "ECDHE-PSK-AES128-CBC-SHA256", + {"ECDHE-PSK-AES128-CBC-SHA256", NAME_IANA("TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256"), ECC_BYTE, TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256}, #endif #ifdef BUILD_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 - "PSK-CHACHA20-POLY1305", + {"PSK-CHACHA20-POLY1305", NAME_IANA("TLS_PSK_WITH_CHACHA20_POLY1305_SHA256"), CHACHA_BYTE, TLS_PSK_WITH_CHACHA20_POLY1305_SHA256}, #endif #ifdef BUILD_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 - "ECDHE-PSK-CHACHA20-POLY1305", + {"ECDHE-PSK-CHACHA20-POLY1305", NAME_IANA("TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256"), CHACHA_BYTE, TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256}, #endif #ifdef BUILD_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 - "DHE-PSK-CHACHA20-POLY1305", + {"DHE-PSK-CHACHA20-POLY1305", NAME_IANA("TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256"), CHACHA_BYTE, TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256}, #endif #ifdef BUILD_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA - "EDH-RSA-DES-CBC3-SHA", + {"EDH-RSA-DES-CBC3-SHA", NAME_IANA("TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA"), CIPHER_BYTE, TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA}, #endif #ifdef BUILD_TLS_AES_128_GCM_SHA256 - "TLS13-AES128-GCM-SHA256", + {"TLS13-AES128-GCM-SHA256", NAME_IANA("TLS_AES_128_GCM_SHA256"), TLS13_BYTE, TLS_AES_128_GCM_SHA256}, #endif #ifdef BUILD_TLS_AES_256_GCM_SHA384 - "TLS13-AES256-GCM-SHA384", + {"TLS13-AES256-GCM-SHA384", NAME_IANA("TLS_AES_256_GCM_SHA384"), TLS13_BYTE, TLS_AES_256_GCM_SHA384}, #endif #ifdef BUILD_TLS_CHACHA20_POLY1305_SHA256 - "TLS13-CHACHA20-POLY1305-SHA256", + {"TLS13-CHACHA20-POLY1305-SHA256", NAME_IANA("TLS_CHACHA20_POLY1305_SHA256"), TLS13_BYTE, TLS_CHACHA20_POLY1305_SHA256}, #endif #ifdef BUILD_TLS_AES_128_CCM_SHA256 - "TLS13-AES128-CCM-SHA256", + {"TLS13-AES128-CCM-SHA256", NAME_IANA("TLS_AES_128_CCM_SHA256"), TLS13_BYTE, TLS_AES_128_CCM_SHA256}, #endif #ifdef BUILD_TLS_AES_128_CCM_8_SHA256 - "TLS13-AES128-CCM-8-SHA256", + {"TLS13-AES128-CCM-8-SHA256", NAME_IANA("TLS_AES_128_CCM_8_SHA256"), TLS13_BYTE, TLS_AES_128_CCM_8_SHA256}, #endif #ifdef BUILD_WDM_WITH_NULL_SHA256 - "WDM-NULL-SHA256", + {"WDM-NULL-SHA256", NAME_IANA("WDM_WITH_NULL_SHA256"), CIPHER_BYTE, WDM_WITH_NULL_SHA256}, #endif }; - -/* cipher suite number that matches above name table */ -static const int cipher_name_idx[] = -{ -#ifdef BUILD_SSL_RSA_WITH_RC4_128_SHA - SSL_RSA_WITH_RC4_128_SHA, -#endif - -#ifdef BUILD_SSL_RSA_WITH_RC4_128_MD5 - SSL_RSA_WITH_RC4_128_MD5, -#endif - -#ifdef BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA - SSL_RSA_WITH_3DES_EDE_CBC_SHA, -#endif - -#ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA - TLS_RSA_WITH_AES_128_CBC_SHA, -#endif - -#ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA - TLS_RSA_WITH_AES_256_CBC_SHA, -#endif - -#ifdef BUILD_TLS_RSA_WITH_NULL_SHA - TLS_RSA_WITH_NULL_SHA, -#endif - -#ifdef BUILD_TLS_RSA_WITH_NULL_SHA256 - TLS_RSA_WITH_NULL_SHA256, -#endif - -#ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA - TLS_DHE_RSA_WITH_AES_128_CBC_SHA, -#endif - -#ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA - TLS_DHE_RSA_WITH_AES_256_CBC_SHA, -#endif - -#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 - TLS_DHE_PSK_WITH_AES_256_GCM_SHA384, -#endif - -#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 - TLS_DHE_PSK_WITH_AES_128_GCM_SHA256, -#endif - -#ifdef BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384 - TLS_PSK_WITH_AES_256_GCM_SHA384, -#endif - -#ifdef BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256 - TLS_PSK_WITH_AES_128_GCM_SHA256, -#endif - -#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 - TLS_DHE_PSK_WITH_AES_256_CBC_SHA384, -#endif - -#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 - TLS_DHE_PSK_WITH_AES_128_CBC_SHA256, -#endif - -#ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384 - TLS_PSK_WITH_AES_256_CBC_SHA384, -#endif - -#ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256 - TLS_PSK_WITH_AES_128_CBC_SHA256, -#endif - -#ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA - TLS_PSK_WITH_AES_128_CBC_SHA, -#endif - -#ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA - TLS_PSK_WITH_AES_256_CBC_SHA, -#endif - -#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CCM - TLS_DHE_PSK_WITH_AES_128_CCM, -#endif - -#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CCM - TLS_DHE_PSK_WITH_AES_256_CCM, -#endif - -#ifdef BUILD_TLS_PSK_WITH_AES_128_CCM - TLS_PSK_WITH_AES_128_CCM, -#endif - -#ifdef BUILD_TLS_PSK_WITH_AES_256_CCM - TLS_PSK_WITH_AES_256_CCM, -#endif - -#ifdef BUILD_TLS_PSK_WITH_AES_128_CCM_8 - TLS_PSK_WITH_AES_128_CCM_8, -#endif - -#ifdef BUILD_TLS_PSK_WITH_AES_256_CCM_8 - TLS_PSK_WITH_AES_256_CCM_8, -#endif - -#ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA384 - TLS_DHE_PSK_WITH_NULL_SHA384, -#endif - -#ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA256 - TLS_DHE_PSK_WITH_NULL_SHA256, -#endif - -#ifdef BUILD_TLS_PSK_WITH_NULL_SHA384 - TLS_PSK_WITH_NULL_SHA384, -#endif - -#ifdef BUILD_TLS_PSK_WITH_NULL_SHA256 - TLS_PSK_WITH_NULL_SHA256, -#endif - -#ifdef BUILD_TLS_PSK_WITH_NULL_SHA - TLS_PSK_WITH_NULL_SHA, -#endif - -#ifdef BUILD_TLS_RSA_WITH_HC_128_MD5 - TLS_RSA_WITH_HC_128_MD5, -#endif - -#ifdef BUILD_TLS_RSA_WITH_HC_128_SHA - TLS_RSA_WITH_HC_128_SHA, -#endif - -#ifdef BUILD_TLS_RSA_WITH_HC_128_B2B256 - TLS_RSA_WITH_HC_128_B2B256, -#endif - -#ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256 - TLS_RSA_WITH_AES_128_CBC_B2B256, -#endif - -#ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256 - TLS_RSA_WITH_AES_256_CBC_B2B256, -#endif - -#ifdef BUILD_TLS_RSA_WITH_RABBIT_SHA - TLS_RSA_WITH_RABBIT_SHA, -#endif - -#ifdef BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA - TLS_NTRU_RSA_WITH_RC4_128_SHA, -#endif - -#ifdef BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA - TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA, -#endif - -#ifdef BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA - TLS_NTRU_RSA_WITH_AES_128_CBC_SHA, -#endif - -#ifdef BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA - TLS_NTRU_RSA_WITH_AES_256_CBC_SHA, -#endif - -#ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8 - TLS_RSA_WITH_AES_128_CCM_8, -#endif - -#ifdef BUILD_TLS_RSA_WITH_AES_256_CCM_8 - TLS_RSA_WITH_AES_256_CCM_8, -#endif - -#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM - TLS_ECDHE_ECDSA_WITH_AES_128_CCM, -#endif - -#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 - TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, -#endif - -#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 - TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8, -#endif - -#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, -#endif - -#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, -#endif - -#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, -#endif - -#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, -#endif - -#ifdef BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA - TLS_ECDHE_RSA_WITH_RC4_128_SHA, -#endif - -#ifdef BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA - TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, -#endif - -#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA - TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, -#endif - -#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA - TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, -#endif - -#ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256 - TLS_RSA_WITH_AES_128_CBC_SHA256, -#endif - -#ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256 - TLS_RSA_WITH_AES_256_CBC_SHA256, -#endif - -#ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 - TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, -#endif - -#ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 - TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, -#endif - -#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA - TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, -#endif - -#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA - TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, -#endif - -#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA - TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, -#endif - -#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA - TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, -#endif - -#ifdef BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA - TLS_ECDH_RSA_WITH_RC4_128_SHA, -#endif - -#ifdef BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA - TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, -#endif - -#ifdef BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA - TLS_ECDH_ECDSA_WITH_RC4_128_SHA, -#endif - -#ifdef BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA - TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, -#endif - -#ifdef BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256 - TLS_RSA_WITH_AES_128_GCM_SHA256, -#endif - -#ifdef BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384 - TLS_RSA_WITH_AES_256_GCM_SHA384, -#endif - -#ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 - TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, -#endif - -#ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 - TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, -#endif - -#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, -#endif - -#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, -#endif - -#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, -#endif - -#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, -#endif - -#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 - TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, -#endif - -#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 - TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, -#endif - -#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 - TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, -#endif - -#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 - TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, -#endif - -#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA - TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, -#endif - -#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA - TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, -#endif - -#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA - TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, -#endif - -#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA - TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, -#endif - -#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 - TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256, -#endif - -#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 - TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, -#endif - -#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 - TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256, -#endif - -#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 - TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, -#endif - -#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, -#endif - -#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, -#endif - -#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 - TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, -#endif - -#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 - TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, -#endif - -#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, -#endif - -#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, -#endif - -#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 - TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, -#endif - -#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 - TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, -#endif - -#ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, -#endif - -#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, -#endif - -#ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, -#endif - -#ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 - TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256, -#endif - -#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256 - TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256, -#endif - -#ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 - TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256, -#endif - -#ifdef BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA - TLS_DH_anon_WITH_AES_128_CBC_SHA, -#endif - -#ifdef BUILD_TLS_DH_anon_WITH_AES_256_GCM_SHA384 - TLS_DH_anon_WITH_AES_256_GCM_SHA384, -#endif - -#ifdef BUILD_TLS_QSH - TLS_QSH, -#endif - -#ifdef HAVE_RENEGOTIATION_INDICATION - TLS_EMPTY_RENEGOTIATION_INFO_SCSV, -#endif - -#ifdef BUILD_SSL_RSA_WITH_IDEA_CBC_SHA - SSL_RSA_WITH_IDEA_CBC_SHA, -#endif - -#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_NULL_SHA - TLS_ECDHE_ECDSA_WITH_NULL_SHA, -#endif - -#ifdef BUILD_TLS_ECDHE_PSK_WITH_NULL_SHA256 - TLS_ECDHE_PSK_WITH_NULL_SHA256, -#endif - -#ifdef BUILD_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 - TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256, -#endif - -#ifdef BUILD_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 - TLS_PSK_WITH_CHACHA20_POLY1305_SHA256, -#endif - -#ifdef BUILD_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 - TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256, -#endif - -#ifdef BUILD_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 - TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256, -#endif - -#ifdef BUILD_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA - TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, -#endif - -#ifdef BUILD_TLS_AES_128_GCM_SHA256 - TLS_AES_128_GCM_SHA256, -#endif - -#ifdef BUILD_TLS_AES_256_GCM_SHA384 - TLS_AES_256_GCM_SHA384, -#endif - -#ifdef BUILD_TLS_CHACHA20_POLY1305_SHA256 - TLS_CHACHA20_POLY1305_SHA256, -#endif - -#ifdef BUILD_TLS_AES_128_CCM_SHA256 - TLS_AES_128_CCM_SHA256, -#endif - -#ifdef BUILD_TLS_AES_128_CCM_8_SHA256 - TLS_AES_128_CCM_8_SHA256, -#endif - -#ifdef BUILD_WDM_WITH_NULL_SHA256 - WDM_WITH_NULL_SHA256, -#endif -}; +#undef NAME_IANA /* returns the cipher_names array */ -const char* const* GetCipherNames(void) +const CipherSuiteInfo* GetCipherNames(void) { return cipher_names; } -/* returns the size of the cipher_names array */ +/* returns the number of elements in the cipher_names array */ int GetCipherNamesSize(void) { - return (int)(sizeof(cipher_names) / sizeof(char*)); + return (int)(sizeof(cipher_names) / sizeof(CipherSuiteInfo)); } -/* gets cipher name in the format DHE-RSA-... rather then TLS_DHE... */ -const char* GetCipherNameInternal(const char* cipherName, int cipherSuite) + +const char* GetCipherNameInternal(const byte cipherSuite0, const byte cipherSuite) { - const char* result = NULL; - const char* first; int i; + const char* nameInternal = NULL; - if (cipherName == NULL) { - WOLFSSL_MSG("Bad argument"); - return NULL; - } - - first = - #ifdef HAVE_CHACHA - (XSTRSTR(cipherName, "CHACHA")) ? "CHACHA" : - #endif - #ifdef HAVE_ECC - (XSTRSTR(cipherName, "EC")) ? "EC" : - #endif - #ifdef HAVE_AESCCM - (XSTRSTR(cipherName, "CCM")) ? "CCM" : - #endif - NULL; /* normal */ - - for (i = 0; i < (int)(sizeof(cipher_name_idx)/sizeof(int)); i++) { - if (cipher_name_idx[i] == cipherSuite) { - const char* nameFound = cipher_names[i]; - - /* extra sanity check on returned cipher name */ - if (nameFound == NULL) { - continue; - } - - /* if first is null then not any */ - if (first == NULL) { - #if defined(HAVE_AESCCM) || defined(HAVE_CHACHA) || \ - defined(HAVE_ECC) - if ( !XSTRSTR(nameFound, "CHACHA") && - !XSTRSTR(nameFound, "EC") && - !XSTRSTR(nameFound, "CCM")) { - result = nameFound; - break; - } - #endif - } - else if (XSTRSTR(nameFound, first)) { - result = nameFound; - break; - } + for (i = 0; i < GetCipherNamesSize(); i++) { + if ((cipher_names[i].cipherSuite0 == cipherSuite0) && + (cipher_names[i].cipherSuite == cipherSuite)) { + nameInternal = cipher_names[i].name; + break; } } + return nameInternal; +} - return result; +const char* GetCipherNameIana(const byte cipherSuite0, const byte cipherSuite) +{ + int i; + const char* nameIana = "NONE"; + + for (i = 0; i < GetCipherNamesSize(); i++) { + if ((cipher_names[i].cipherSuite0 == cipherSuite0) && + (cipher_names[i].cipherSuite == cipherSuite)) { + nameIana = cipher_names[i].name_iana; + break; + } + } + return nameIana; } const char* wolfSSL_get_cipher_name_internal(WOLFSSL* ssl) { if (ssl == NULL) { - WOLFSSL_MSG("Bad argument"); return NULL; } - return GetCipherNameInternal( - wolfSSL_CIPHER_get_name(&ssl->cipher), - ssl->options.cipherSuite); + return GetCipherNameInternal(ssl->options.cipherSuite0, ssl->options.cipherSuite); } - -const char* wolfSSL_get_cipher_name_from_suite(const unsigned char cipherSuite, - const unsigned char cipherSuite0) +const char* wolfSSL_get_cipher_name_iana(WOLFSSL* ssl) { - - WOLFSSL_ENTER("wolfSSL_get_cipher_name_from_suite"); - - (void)cipherSuite; - (void)cipherSuite0; - -#ifndef NO_ERROR_STRINGS - -#if defined(HAVE_CHACHA) - if (cipherSuite0 == CHACHA_BYTE) { - /* ChaCha suites */ - switch (cipherSuite) { -#ifdef HAVE_POLY1305 -#ifndef NO_RSA - case TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 : - return "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"; - - case TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 : - return "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256"; - - case TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 : - return "TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256"; - - case TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 : - return "TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256"; -#endif - case TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 : - return "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"; - - case TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256 : - return "TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256"; -#ifndef NO_PSK - case TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 : - return "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256"; - case TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 : - return "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256"; - case TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 : - return "TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256"; -#endif /* NO_PSK */ -#endif /* HAVE_POLY1305 */ - } /* switch */ - } /* chacha */ -#endif /* HAVE_CHACHA */ - -#if defined(HAVE_ECC) || defined(HAVE_AESCCM) - /* Awkwardly, the ECC cipher suites use the ECC_BYTE as expected, - * but the AES-CCM cipher suites also use it, even the ones that - * aren't ECC. */ - if (cipherSuite0 == ECC_BYTE) { - /* ECC suites */ - switch (cipherSuite) { -#ifdef HAVE_ECC - #ifndef NO_RSA - case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 : - return "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"; - #endif /* !NO_RSA */ - case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 : - return "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"; - #ifndef NO_RSA - case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 : - return "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256"; - #endif /* !NO_RSA */ - case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 : - return "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256"; - #ifndef NO_RSA - case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 : - return "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"; - #endif /* !NO_RSA */ - case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 : - return "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384"; - #ifndef NO_RSA - case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 : - return "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384"; - #endif /* !NO_RSA */ - case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 : - return "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384"; -#ifndef NO_SHA - #ifndef NO_RSA - case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA : - return "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"; - case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA : - return "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"; - #endif /* !NO_RSA */ - case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA : - return "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA"; - case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA : - return "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"; - #ifndef NO_RC4 - #ifndef NO_RSA - case TLS_ECDHE_RSA_WITH_RC4_128_SHA : - return "TLS_ECDHE_RSA_WITH_RC4_128_SHA"; - #endif /* !NO_RSA */ - case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA : - return "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"; - #endif /* !NO_RC4 */ - #ifndef NO_DES3 - #ifndef NO_RSA - case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA : - return "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA"; - #endif /* !NO_RSA */ - case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA : - return "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA"; - #endif /* !NO_DES3 */ - - #ifndef NO_RSA - case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA : - return "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA"; - case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA : - return "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA"; - #endif /* !NO_RSA */ - case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA : - return "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA"; - case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA : - return "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA"; - #ifndef NO_RC4 - #ifndef NO_RSA - case TLS_ECDH_RSA_WITH_RC4_128_SHA : - return "TLS_ECDH_RSA_WITH_RC4_128_SHA"; - #endif /* !NO_RSA */ - case TLS_ECDH_ECDSA_WITH_RC4_128_SHA : - return "TLS_ECDH_ECDSA_WITH_RC4_128_SHA"; - #endif /* !NO_RC4 */ - #ifndef NO_DES3 - #ifndef NO_RSA - case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA : - return "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA"; - #endif /* !NO_RSA */ - case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA : - return "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA"; - #endif /* !NO_DES3 */ -#endif /* HAVE_ECC */ - -#ifdef HAVE_AESGCM - #ifndef NO_RSA - case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 : - return "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"; - case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 : - return "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"; - #endif /* !NO_RSA */ - case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 : - return "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"; - case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 : - return "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"; - #ifndef NO_RSA - case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 : - return "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256"; - case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 : - return "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384"; - #endif /* !NO_RSA */ - case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 : - return "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256"; - case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 : - return "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384"; -#endif /* HAVE_AESGCM */ - - case TLS_ECDHE_ECDSA_WITH_NULL_SHA : - return "TLS_ECDHE_ECDSA_WITH_NULL_SHA"; - #ifndef NO_PSK - case TLS_ECDHE_PSK_WITH_NULL_SHA256 : - return "TLS_ECDHE_PSK_WITH_NULL_SHA256"; - case TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 : - return "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256"; - #endif /* !NO_PSK */ - #ifndef NO_RSA - case TLS_RSA_WITH_AES_128_CCM_8 : - return "TLS_RSA_WITH_AES_128_CCM_8"; - case TLS_RSA_WITH_AES_256_CCM_8 : - return "TLS_RSA_WITH_AES_256_CCM_8"; - #endif /* !NO_RSA */ - #ifndef NO_PSK - case TLS_PSK_WITH_AES_128_CCM_8 : - return "TLS_PSK_WITH_AES_128_CCM_8"; - case TLS_PSK_WITH_AES_256_CCM_8 : - return "TLS_PSK_WITH_AES_256_CCM_8"; - case TLS_PSK_WITH_AES_128_CCM : - return "TLS_PSK_WITH_AES_128_CCM"; - case TLS_PSK_WITH_AES_256_CCM : - return "TLS_PSK_WITH_AES_256_CCM"; - case TLS_DHE_PSK_WITH_AES_128_CCM : - return "TLS_DHE_PSK_WITH_AES_128_CCM"; - case TLS_DHE_PSK_WITH_AES_256_CCM : - return "TLS_DHE_PSK_WITH_AES_256_CCM"; - #endif /* !NO_PSK */ - #ifdef HAVE_ECC - case TLS_ECDHE_ECDSA_WITH_AES_128_CCM: - return "TLS_ECDHE_ECDSA_WITH_AES_128_CCM"; - case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8: - return "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8"; - case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 : - return "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8"; - #endif /* HAVE_ECC */ -#endif /* HAVE_AESGCM */ - - default: - return "NONE"; - } /* switch */ - } /* ECC and AES CCM/GCM */ -#endif /* HAVE_ECC || HAVE_AESCCM*/ - - if (cipherSuite0 == TLS13_BYTE) { - /* TLS v1.3 suites */ - switch (cipherSuite) { -#ifdef WOLFSSL_TLS13 - #ifdef HAVE_AESGCM - case TLS_AES_128_GCM_SHA256 : - return "TLS_AES_128_GCM_SHA256"; - case TLS_AES_256_GCM_SHA384 : - return "TLS_AES_256_GCM_SHA384"; - #endif - - #ifdef HAVE_CHACHA - case TLS_CHACHA20_POLY1305_SHA256 : - return "TLS_CHACHA20_POLY1305_SHA256"; - #endif - - #ifdef HAVE_AESCCM - case TLS_AES_128_CCM_SHA256 : - return "TLS_AES_128_CCM_SHA256"; - case TLS_AES_128_CCM_8_SHA256 : - return "TLS_AES_256_CCM_8_SHA256"; - #endif -#endif - - default: - return "NONE"; - } + if (ssl == NULL) { + return NULL; } - if (cipherSuite0 != ECC_BYTE && - cipherSuite0 != CHACHA_BYTE && - cipherSuite0 != TLS13_BYTE) { - - /* normal suites */ - switch (cipherSuite) { -#ifndef NO_RSA - #ifndef NO_RC4 - #ifndef NO_SHA - case SSL_RSA_WITH_RC4_128_SHA : - return "SSL_RSA_WITH_RC4_128_SHA"; - #endif /* !NO_SHA */ - #ifndef NO_MD5 - case SSL_RSA_WITH_RC4_128_MD5 : - return "SSL_RSA_WITH_RC4_128_MD5"; - #endif /* !NO_MD5 */ - #endif /* !NO_RC4 */ - #ifndef NO_SHA - #ifndef NO_DES3 - case SSL_RSA_WITH_3DES_EDE_CBC_SHA : - return "SSL_RSA_WITH_3DES_EDE_CBC_SHA"; - #endif /* !NO_DES3 */ - #ifdef HAVE_IDEA - case SSL_RSA_WITH_IDEA_CBC_SHA : - return "SSL_RSA_WITH_IDEA_CBC_SHA"; - #endif /* HAVE_IDEA */ - - case TLS_RSA_WITH_AES_128_CBC_SHA : - return "TLS_RSA_WITH_AES_128_CBC_SHA"; - case TLS_RSA_WITH_AES_256_CBC_SHA : - return "TLS_RSA_WITH_AES_256_CBC_SHA"; - #endif /* !NO_SHA */ - case TLS_RSA_WITH_AES_128_CBC_SHA256 : - return "TLS_RSA_WITH_AES_128_CBC_SHA256"; - case TLS_RSA_WITH_AES_256_CBC_SHA256 : - return "TLS_RSA_WITH_AES_256_CBC_SHA256"; - #ifdef HAVE_BLAKE2 - case TLS_RSA_WITH_AES_128_CBC_B2B256: - return "TLS_RSA_WITH_AES_128_CBC_B2B256"; - case TLS_RSA_WITH_AES_256_CBC_B2B256: - return "TLS_RSA_WITH_AES_256_CBC_B2B256"; - #endif /* HAVE_BLAKE2 */ - #ifndef NO_SHA - case TLS_RSA_WITH_NULL_SHA : - return "TLS_RSA_WITH_NULL_SHA"; - #endif /* !NO_SHA */ - case TLS_RSA_WITH_NULL_SHA256 : - return "TLS_RSA_WITH_NULL_SHA256"; -#endif /* NO_RSA */ - -#ifndef NO_PSK - #ifndef NO_SHA - case TLS_PSK_WITH_AES_128_CBC_SHA : - return "TLS_PSK_WITH_AES_128_CBC_SHA"; - case TLS_PSK_WITH_AES_256_CBC_SHA : - return "TLS_PSK_WITH_AES_256_CBC_SHA"; - #endif /* !NO_SHA */ - #ifndef NO_SHA256 - case TLS_PSK_WITH_AES_128_CBC_SHA256 : - return "TLS_PSK_WITH_AES_128_CBC_SHA256"; - case TLS_PSK_WITH_NULL_SHA256 : - return "TLS_PSK_WITH_NULL_SHA256"; - case TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 : - return "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256"; - case TLS_DHE_PSK_WITH_NULL_SHA256 : - return "TLS_DHE_PSK_WITH_NULL_SHA256"; - #ifdef HAVE_AESGCM - case TLS_PSK_WITH_AES_128_GCM_SHA256 : - return "TLS_PSK_WITH_AES_128_GCM_SHA256"; - case TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 : - return "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256"; - #endif /* HAVE_AESGCM */ - #endif /* !NO_SHA256 */ - #ifdef WOLFSSL_SHA384 - case TLS_PSK_WITH_AES_256_CBC_SHA384 : - return "TLS_PSK_WITH_AES_256_CBC_SHA384"; - case TLS_PSK_WITH_NULL_SHA384 : - return "TLS_PSK_WITH_NULL_SHA384"; - case TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 : - return "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384"; - case TLS_DHE_PSK_WITH_NULL_SHA384 : - return "TLS_DHE_PSK_WITH_NULL_SHA384"; - #ifdef HAVE_AESGCM - case TLS_PSK_WITH_AES_256_GCM_SHA384 : - return "TLS_PSK_WITH_AES_256_GCM_SHA384"; - case TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 : - return "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384"; - #endif /* HAVE_AESGCM */ - #endif /* WOLFSSL_SHA384 */ - #ifndef NO_SHA - case TLS_PSK_WITH_NULL_SHA : - return "TLS_PSK_WITH_NULL_SHA"; - #endif /* !NO_SHA */ - #endif /* NO_PSK */ - - #ifndef NO_RSA - case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 : - return "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256"; - case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 : - return "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"; - #ifndef NO_SHA - case TLS_DHE_RSA_WITH_AES_128_CBC_SHA : - return "TLS_DHE_RSA_WITH_AES_128_CBC_SHA"; - case TLS_DHE_RSA_WITH_AES_256_CBC_SHA : - return "TLS_DHE_RSA_WITH_AES_256_CBC_SHA"; - #ifndef NO_DES3 - case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA: - return "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA"; - #endif - #endif /* !NO_RSA */ - #ifndef NO_HC128 - #ifndef NO_MD5 - case TLS_RSA_WITH_HC_128_MD5 : - return "TLS_RSA_WITH_HC_128_MD5"; - #endif /* !NO_MD5 */ - #ifndef NO_SHA - case TLS_RSA_WITH_HC_128_SHA : - return "TLS_RSA_WITH_HC_128_SHA"; - #endif /* !NO_SHA */ - #ifdef HAVE_BLAKE2 - case TLS_RSA_WITH_HC_128_B2B256: - return "TLS_RSA_WITH_HC_128_B2B256"; - #endif /* HAVE_BLAKE2 */ - #endif /* !NO_HC128 */ - #ifndef NO_SHA - #ifndef NO_RABBIT - case TLS_RSA_WITH_RABBIT_SHA : - return "TLS_RSA_WITH_RABBIT_SHA"; - #endif /* !NO_RABBIT */ - #ifdef HAVE_NTRU - #ifndef NO_RC4 - case TLS_NTRU_RSA_WITH_RC4_128_SHA : - return "TLS_NTRU_RSA_WITH_RC4_128_SHA"; - #endif /* !NO_RC4 */ - #ifndef NO_DES3 - case TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA : - return "TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA"; - #endif /* !NO_DES3 */ - case TLS_NTRU_RSA_WITH_AES_128_CBC_SHA : - return "TLS_NTRU_RSA_WITH_AES_128_CBC_SHA"; - case TLS_NTRU_RSA_WITH_AES_256_CBC_SHA : - return "TLS_NTRU_RSA_WITH_AES_256_CBC_SHA"; - #endif /* HAVE_NTRU */ - - #ifdef HAVE_QSH - case TLS_QSH : - return "TLS_QSH"; - #endif /* HAVE_QSH */ - #endif /* !NO_SHA */ - - case TLS_RSA_WITH_AES_128_GCM_SHA256 : - return "TLS_RSA_WITH_AES_128_GCM_SHA256"; - case TLS_RSA_WITH_AES_256_GCM_SHA384 : - return "TLS_RSA_WITH_AES_256_GCM_SHA384"; - case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 : - return "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256"; - case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 : - return "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"; - #ifndef NO_SHA - case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA : - return "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA"; - case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA : - return "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA"; - #endif /* !NO_SHA */ - case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 : - return "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256"; - case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 : - return "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256"; - #ifndef NO_SHA - case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA : - return "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA"; - case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA : - return "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA"; - #endif /* !NO_SHA */ - case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 : - return "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256"; - case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 : - return "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256"; -#endif /* !NO_PSK */ - -#ifdef BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA - case TLS_DH_anon_WITH_AES_128_CBC_SHA : - return "TLS_DH_anon_WITH_AES_128_CBC_SHA"; -#endif - -#ifdef BUILD_TLS_DH_anon_WITH_AES_256_GCM_SHA384 - case TLS_DH_anon_WITH_AES_256_GCM_SHA384: - return "TLS_DH_anon_WITH_AES_256_GCM_SHA384"; -#endif - -#ifdef BUILD_WDM_WITH_NULL_SHA256 - case WDM_WITH_NULL_SHA256 : - return "WDM_WITH_NULL_SHA256"; -#endif - default: - return "NONE"; - } /* switch */ - } /* normal / PSK */ -#endif /* NO_ERROR_STRINGS */ - - return "NONE"; + return GetCipherNameIana(ssl->options.cipherSuite0, ssl->options.cipherSuite); } @@ -16727,7 +15814,7 @@ int SetCipherList(WOLFSSL_CTX* ctx, Suites* suites, const char* list) name[(length == sizeof(name)) ? length - 1 : length] = 0; for (i = 0; i < suiteSz; i++) { - if (XSTRNCMP(name, cipher_names[i], sizeof(name)) == 0) { + if (XSTRNCMP(name, cipher_names[i].name, sizeof(name)) == 0) { #ifdef WOLFSSL_DTLS /* don't allow stream ciphers with DTLS */ if (ctx->method->version.major == DTLS_MAJOR) { @@ -16763,9 +15850,9 @@ int SetCipherList(WOLFSSL_CTX* ctx, Suites* suites, const char* list) #ifdef HAVE_AESCCM (XSTRSTR(name, "CCM")) ? ECC_BYTE : #endif - 0x00; /* normal */ + CIPHER_BYTE; /* normal */ - suites->suites[idx++] = (byte)cipher_name_idx[i]; + suites->suites[idx++] = cipher_names[i].cipherSuite; /* The suites are either ECDSA, RSA, PSK, or Anon. The RSA * suites don't necessarily have RSA in the name. */ #ifdef WOLFSSL_TLS13 @@ -16816,6 +15903,7 @@ int SetCipherList(WOLFSSL_CTX* ctx, Suites* suites, const char* list) return ret; } + #if !defined(NO_WOLFSSL_SERVER) || !defined(NO_CERTS) void PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, word32 hashSigAlgoSz) @@ -16908,13 +15996,14 @@ void PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, void FinishHandShakeInfo(HandShakeInfo* info) { int i; - int sz = sizeof(cipher_name_idx)/sizeof(int); + int sz = GetCipherNamesSize(); for (i = 0; i < sz; i++) - if (info->ssl->options.cipherSuite == (byte)cipher_name_idx[i]) { + if (info->ssl->options.cipherSuite == + (byte)cipher_names[i].cipherSuite) { if (info->ssl->options.cipherSuite0 == ECC_BYTE) continue; /* ECC suites at end */ - XSTRNCPY(info->cipherName, cipher_names[i], MAX_CIPHERNAME_SZ); + XSTRNCPY(info->cipherName, cipher_names[i].name, MAX_CIPHERNAME_SZ); info->cipherName[MAX_CIPHERNAME_SZ] = '\0'; break; } diff --git a/src/ssl.c b/src/ssl.c index fc65e21e8..09d402f9e 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -644,13 +644,13 @@ int wolfSSL_set_write_fd(WOLFSSL* ssl, int fd) */ char* wolfSSL_get_cipher_list(int priority) { - const char* const* ciphers = GetCipherNames(); + const CipherSuiteInfo* ciphers = GetCipherNames(); if (priority >= GetCipherNamesSize() || priority < 0) { return 0; } - return (char*)ciphers[priority]; + return (char*)ciphers[priority].name; } @@ -683,7 +683,7 @@ char* wolfSSL_get_cipher_list_ex(WOLFSSL* ssl, int priority) int wolfSSL_get_ciphers(char* buf, int len) { - const char* const* ciphers = GetCipherNames(); + const CipherSuiteInfo* ciphers = GetCipherNames(); int totalInc = 0; int step = 0; char delim = ':'; @@ -695,13 +695,13 @@ int wolfSSL_get_ciphers(char* buf, int len) /* Add each member to the buffer delimited by a : */ for (i = 0; i < size; i++) { - step = (int)(XSTRLEN(ciphers[i]) + 1); /* delimiter */ + step = (int)(XSTRLEN(ciphers[i].name) + 1); /* delimiter */ totalInc += step; /* Check to make sure buf is large enough and will not overflow */ if (totalInc < len) { - size_t cipherLen = XSTRLEN(ciphers[i]); - XSTRNCPY(buf, ciphers[i], cipherLen); + size_t cipherLen = XSTRLEN(ciphers[i].name); + XSTRNCPY(buf, ciphers[i].name, cipherLen); buf += cipherLen; if (i < size - 1) @@ -722,8 +722,7 @@ const char* wolfSSL_get_shared_ciphers(WOLFSSL* ssl, char* buf, int len) if (ssl == NULL) return NULL; - cipher = wolfSSL_get_cipher_name_from_suite(ssl->options.cipherSuite, - ssl->options.cipherSuite0); + cipher = wolfSSL_get_cipher_name_iana(ssl); len = min(len, (int)(XSTRLEN(cipher) + 1)); XMEMCPY(buf, cipher, len); return buf; @@ -15291,8 +15290,7 @@ const char* wolfSSL_CIPHER_get_name(const WOLFSSL_CIPHER* cipher) return NULL; } - return wolfSSL_get_cipher_name_from_suite(cipher->ssl->options.cipherSuite, - cipher->ssl->options.cipherSuite0); + return wolfSSL_get_cipher_name_iana(cipher->ssl); } const char* wolfSSL_SESSION_CIPHER_get_name(WOLFSSL_SESSION* session) @@ -15302,8 +15300,7 @@ const char* wolfSSL_SESSION_CIPHER_get_name(WOLFSSL_SESSION* session) } #ifdef SESSION_CERTS - return wolfSSL_get_cipher_name_from_suite(session->cipherSuite, - session->cipherSuite0); + return GetCipherNameIana(session->cipherSuite0, session->cipherSuite); #else return NULL; #endif @@ -15322,6 +15319,13 @@ const char* wolfSSL_get_cipher_name(WOLFSSL* ssl) return wolfSSL_get_cipher_name_internal(ssl); } +const char* wolfSSL_get_cipher_name_from_suite(const byte cipherSuite0, + const byte cipherSuite) +{ + return GetCipherNameInternal(cipherSuite0, cipherSuite); +} + + #ifdef HAVE_ECC /* Return the name of the curve used for key exchange as a printable string. * diff --git a/tests/api.c b/tests/api.c index 11bcbded3..4f3a32d5e 100644 --- a/tests/api.c +++ b/tests/api.c @@ -1311,12 +1311,15 @@ static void test_client_nofail(void* args, void *cb) WOLFSSL_METHOD* method = 0; WOLFSSL_CTX* ctx = 0; WOLFSSL* ssl = 0; + WOLFSSL_CIPHER* cipher; char msg[64] = "hello wolfssl!"; char reply[1024]; int input; int msgSz = (int)XSTRLEN(msg); int ret, err = 0; + int cipherSuite; + const char* cipherName1, *cipherName2; #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); @@ -1398,6 +1401,19 @@ static void test_client_nofail(void* args, void *cb) goto done2; } + /* test the various get cipher methods */ + cipherSuite = wolfSSL_get_current_cipher_suite(ssl); + cipherName1 = wolfSSL_get_cipher_name(ssl); + cipherName2 = wolfSSL_get_cipher_name_from_suite( + (cipherSuite >> 8), cipherSuite & 0xFF); + AssertStrEQ(cipherName1, cipherName2); + + cipher = wolfSSL_get_current_cipher(ssl); + cipherName1 = wolfSSL_CIPHER_get_name(cipher); + cipherName2 = wolfSSL_get_cipher(ssl); + AssertStrEQ(cipherName1, cipherName2); + + if(cb != NULL)((cbType)cb)(ctx, ssl); if (wolfSSL_write(ssl, msg, msgSz) != msgSz) diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 8c41a5893..09295cbc0 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -1014,6 +1014,7 @@ enum { enum Misc { + CIPHER_BYTE = 0x00, /* Default ciphers */ ECC_BYTE = 0xC0, /* ECC first cipher suite byte */ QSH_BYTE = 0xD0, /* Quantum-safe Handshake cipher suite */ CHACHA_BYTE = 0xCC, /* ChaCha first cipher suite */ @@ -3964,12 +3965,19 @@ WOLFSSL_LOCAL word32 LowResTimer(void); WOLFSSL_LOCAL int CopyDecodedToX509(WOLFSSL_X509*, DecodedCert*); #endif -WOLFSSL_LOCAL const char* const* GetCipherNames(void); +typedef struct CipherSuiteInfo { + const char* name; + const char* name_iana; + byte cipherSuite0; + byte cipherSuite; +} CipherSuiteInfo; + +WOLFSSL_LOCAL const CipherSuiteInfo* GetCipherNames(void); WOLFSSL_LOCAL int GetCipherNamesSize(void); -WOLFSSL_LOCAL const char* GetCipherNameInternal(const char* cipherName, int cipherSuite); +WOLFSSL_LOCAL const char* GetCipherNameInternal(const byte cipherSuite0, const byte cipherSuite); +WOLFSSL_LOCAL const char* GetCipherNameIana(const byte cipherSuite0, const byte cipherSuite); WOLFSSL_LOCAL const char* wolfSSL_get_cipher_name_internal(WOLFSSL* ssl); -WOLFSSL_LOCAL const char* wolfSSL_get_cipher_name_from_suite( - const unsigned char cipherSuite, const unsigned char cipherSuite0); +WOLFSSL_LOCAL const char* wolfSSL_get_cipher_name_iana(WOLFSSL* ssl); enum encrypt_side { ENCRYPT_SIDE_ONLY = 1, diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index f425729ee..320f4df99 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -536,6 +536,8 @@ WOLFSSL_API char* wolfSSL_get_cipher_list(int priority); WOLFSSL_API char* wolfSSL_get_cipher_list_ex(WOLFSSL* ssl, int priority); WOLFSSL_API int wolfSSL_get_ciphers(char*, int); WOLFSSL_API const char* wolfSSL_get_cipher_name(WOLFSSL* ssl); +WOLFSSL_API const char* wolfSSL_get_cipher_name_from_suite(const unsigned char, + const unsigned char); WOLFSSL_API const char* wolfSSL_get_shared_ciphers(WOLFSSL* ssl, char* buf, int len); WOLFSSL_API const char* wolfSSL_get_curve_name(WOLFSSL* ssl); From e1745428aca7de4646e334944374766bf76e2740 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Wed, 16 May 2018 20:16:40 -0600 Subject: [PATCH 023/146] add set short int helper function --- wolfcrypt/src/asn.c | 70 ++++++++++++++++++++++++++++++++++++--------- 1 file changed, 57 insertions(+), 13 deletions(-) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 707f2cbde..f6387c105 100755 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -646,6 +646,51 @@ int GetShortInt(const byte* input, word32* inOutIdx, int* number, word32 maxIdx) return *number; } + + +/* Set small integer, 32 bits or less. DER encoding with no leading 0s + * returns total amount written including ASN tag and length byte on success */ +static int SetShortInt(byte* input, word32* inOutIdx, word32 number, + word32 maxIdx) +{ + word32 idx = *inOutIdx; + word32 len = 0; + int i; + byte ar[MAX_LENGTH_SZ]; + + /* check for room for type and length bytes */ + if ((idx + 2) > maxIdx) + return BUFFER_E; + + input[idx++] = ASN_INTEGER; + idx++; /* place holder for length byte */ + if (MAX_LENGTH_SZ + idx > maxIdx) + return ASN_PARSE_E; + + /* find first non zero byte */ + XMEMSET(ar, 0, MAX_LENGTH_SZ); + c32toa(number, ar); + for (i = 0; i < MAX_LENGTH_SZ; i++) { + if (ar[i] != 0) { + break; + } + } + + /* handle case of 0 */ + if (i == MAX_LENGTH_SZ) { + input[idx++] = 0; len++; + } + + for (; i < MAX_LENGTH_SZ && idx < maxIdx; i++) { + input[idx++] = ar[i]; len++; + } + + /* set number of bytes for integer and update index value */ + input[*inOutIdx + 1] = len; + *inOutIdx = idx; + + return len + 2; /* size of integer bytes plus ASN TAG and length byte */ +} #endif /* !NO_PWDBASED */ /* May not have one, not an error */ @@ -2628,13 +2673,11 @@ int UnTraditionalEnc(byte* key, word32 keySz, byte* out, word32* outSz, inOutIdx += saltSz; sz += saltSz; /* place iteration count in buffer */ - out[inOutIdx++] = ASN_INTEGER; sz++; - out[inOutIdx++] = sizeof(word32); sz++; - out[inOutIdx++] = (itt >> 24) & 0xFF; - out[inOutIdx++] = (itt >> 16) & 0xFF; - out[inOutIdx++] = (itt >> 8 ) & 0xFF; - out[inOutIdx++] = itt & 0xFF; - sz += 4; + ret = SetShortInt(out, &inOutIdx, itt, *outSz); + if (ret < 0) { + return ret; + } + sz += (word32)ret; /* wind back index and set sequence then clean up buffer */ inOutIdx -= (sz + MAX_SEQ_SZ); @@ -3037,12 +3080,13 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz, tmpIdx += saltSz; /* place itteration setting in buffer */ - out[tmpIdx++] = ASN_INTEGER; - out[tmpIdx++] = sizeof(word32); - out[tmpIdx++] = (itt >> 24) & 0xFF; - out[tmpIdx++] = (itt >> 16) & 0xFF; - out[tmpIdx++] = (itt >> 8) & 0xFF; - out[tmpIdx++] = itt & 0xFF; + ret = SetShortInt(out, &tmpIdx, itt, *outSz); + if (ret < 0) { + #ifdef WOLFSSL_SMALL_STACK + XFREE(saltTmp, heap, DYNAMIC_TYPE_TMP_BUFFER); + #endif + return ret; + } /* rewind and place sequence */ sz = tmpIdx - inOutIdx - MAX_SEQ_SZ; From 5cbb9e8341892e82bdf2b96a0138ca97b6e53c63 Mon Sep 17 00:00:00 2001 From: Eric Blankenhorn Date: Thu, 17 May 2018 08:53:21 -0500 Subject: [PATCH 024/146] wolfSSL_HMAC_Final parameter len should be optional --- src/ssl.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/ssl.c b/src/ssl.c index 41e1aba2d..4150db2f9 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -24508,7 +24508,8 @@ int wolfSSL_HMAC_Final(WOLFSSL_HMAC_CTX* ctx, unsigned char* hash, WOLFSSL_MSG("wolfSSL_HMAC_Final"); - if (ctx == NULL || hash == NULL || len == NULL) { + /* "len" parameter is optional. */ + if (ctx == NULL || hash == NULL) { WOLFSSL_MSG("invalid parameter"); return WOLFSSL_FAILURE; } From b6a92a97ce56e2bdf08f7346e2b95f76b251ec0a Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Thu, 17 May 2018 08:55:07 -0600 Subject: [PATCH 025/146] convert to byte to fix warning --- wolfcrypt/src/asn.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index f6387c105..2e5cb96e9 100755 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -686,7 +686,7 @@ static int SetShortInt(byte* input, word32* inOutIdx, word32 number, } /* set number of bytes for integer and update index value */ - input[*inOutIdx + 1] = len; + input[*inOutIdx + 1] = (byte)len; *inOutIdx = idx; return len + 2; /* size of integer bytes plus ASN TAG and length byte */ From b973d6e8b162d732739171059227617b4b16633f Mon Sep 17 00:00:00 2001 From: David Garske Date: Thu, 17 May 2018 10:24:02 -0700 Subject: [PATCH 026/146] Fix to handle `NO_ERROR_STRINGS` case in unit test. The IANA names are disabled when `NO_ERROR_STRINGS` is defined. --- tests/api.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tests/api.c b/tests/api.c index 4f3a32d5e..ec4a54869 100644 --- a/tests/api.c +++ b/tests/api.c @@ -1411,7 +1411,12 @@ static void test_client_nofail(void* args, void *cb) cipher = wolfSSL_get_current_cipher(ssl); cipherName1 = wolfSSL_CIPHER_get_name(cipher); cipherName2 = wolfSSL_get_cipher(ssl); +#ifdef NO_ERROR_STRINGS + AssertNull(cipherName1); + AssertNull(cipherName2); +#else AssertStrEQ(cipherName1, cipherName2); +#endif if(cb != NULL)((cbType)cb)(ctx, ssl); From d8c33c55518772a99f4010e105d4756b3e7ea7c9 Mon Sep 17 00:00:00 2001 From: John Safranek Date: Thu, 17 May 2018 15:53:38 -0700 Subject: [PATCH 027/146] Fix TCP with Timeout 1. Take out DTLS support from EmbedReceive(). DTLS uses EmbedReceiveFrom(). 2. Modify EmbedReceive() to return TIMEOUT if the session is set to blocking mode. --- src/wolfio.c | 23 +---------------------- 1 file changed, 1 insertion(+), 22 deletions(-) diff --git a/src/wolfio.c b/src/wolfio.c index 053d7f453..03f62be6d 100644 --- a/src/wolfio.c +++ b/src/wolfio.c @@ -194,34 +194,13 @@ int EmbedReceive(WOLFSSL *ssl, char *buf, int sz, void *ctx) int sd = *(int*)ctx; int recvd; -#ifdef WOLFSSL_DTLS - { - int dtls_timeout = wolfSSL_dtls_get_current_timeout(ssl); - if (wolfSSL_dtls(ssl) - && !wolfSSL_get_using_nonblock(ssl) - && dtls_timeout != 0) { - #ifdef USE_WINDOWS_API - DWORD timeout = dtls_timeout * 1000; - #else - struct timeval timeout; - XMEMSET(&timeout, 0, sizeof(timeout)); - timeout.tv_sec = dtls_timeout; - #endif - if (setsockopt(sd, SOL_SOCKET, SO_RCVTIMEO, (char*)&timeout, - sizeof(timeout)) != 0) { - WOLFSSL_MSG("setsockopt rcvtimeo failed"); - } - } - } -#endif - recvd = wolfIO_Recv(sd, buf, sz, ssl->rflags); if (recvd < 0) { int err = wolfSSL_LastError(); WOLFSSL_MSG("Embed Receive error"); if (err == SOCKET_EWOULDBLOCK || err == SOCKET_EAGAIN) { - if (!wolfSSL_dtls(ssl) || wolfSSL_get_using_nonblock(ssl)) { + if (wolfSSL_get_using_nonblock(ssl)) { WOLFSSL_MSG("\tWould block"); return WOLFSSL_CBIO_ERR_WANT_READ; } From f67046f485e85d9281a4b0fb19b2794387ae3b1d Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Thu, 17 May 2018 16:55:59 -0600 Subject: [PATCH 028/146] better bounds checking --- wolfcrypt/src/asn.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 24581efad..c5016aee9 100755 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -5713,6 +5713,11 @@ static int DecodeAltNames(byte* input, int sz, DecodedCert* cert) } length -= (idx - lenStartIdx); + /* check that strLen at index is not past input buffer */ + if (strLen + (int)idx > sz) { + return BUFFER_E; + } + #ifndef WOLFSSL_NO_ASN_STRICT /* Verify RFC 5280 Sec 4.2.1.6 rule: "The name MUST NOT be a relative URI" */ @@ -5734,8 +5739,8 @@ static int DecodeAltNames(byte* input, int sz, DecodedCert* cert) /* test if no ':' char was found and test that the next two * chars are // to match the pattern "://" */ - if (i == strLen || (input[idx + i + 1] != '/' || - input[idx + i + 2] != '/')) { + if (i >= strLen - 2 || (input[idx + i + 1] != '/' || + input[idx + i + 2] != '/')) { WOLFSSL_MSG("\tAlt Name must be absolute URI"); return ASN_ALT_NAME_E; } From d63da10c965d2f7636b93801bd299260edc9edbb Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Tue, 15 May 2018 10:45:11 +1000 Subject: [PATCH 029/146] ForceZero - align 64-bit access on Intel 64-bit Test added to ensure ForceZero works. --- wolfcrypt/src/misc.c | 6 ++++++ wolfcrypt/test/test.c | 37 +++++++++++++++++++++++++++++++++++++ 2 files changed, 43 insertions(+) diff --git a/wolfcrypt/src/misc.c b/wolfcrypt/src/misc.c index 484ffd501..ffb03a8d1 100644 --- a/wolfcrypt/src/misc.c +++ b/wolfcrypt/src/misc.c @@ -201,7 +201,13 @@ STATIC INLINE void ForceZero(const void* mem, word32 len) volatile byte* z = (volatile byte*)mem; #if defined(WOLFSSL_X86_64_BUILD) && defined(WORD64_AVAILABLE) volatile word64* w; + #ifndef WOLFSSL_UNALIGNED_64BIT_ACCESS + word32 l = (8 - ((size_t)z & 0x7)) & 0x7; + if (len < l) l = len; + len -= l; + while (l--) *z++ = 0; + #endif for (w = (volatile word64*)z; len >= sizeof(*w); len -= sizeof(*w)) *w++ = 0; z = (volatile byte*)w; diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index bd1b90ffd..314285f0c 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -120,6 +120,10 @@ #include #endif +#define WOLFSSL_MISC_INCLUDED +#include + + /* only for stack size check */ #ifdef HAVE_STACK_SIZE #include @@ -335,6 +339,7 @@ int memcb_test(void); #ifdef WOLFSSL_IMX6_CAAM_BLOB int blob_test(void); #endif +int misc_test(void); /* General big buffer size for many tests. */ @@ -950,6 +955,11 @@ initDefaultName(); printf( "blob test passed!\n"); #endif + if ( (ret = misc_test()) != 0) + return err_sys("misc test failed!\n", ret); + else + printf( "misc test passed!\n"); + #ifdef WOLFSSL_ASYNC_CRYPT wolfAsync_DevClose(&devId); #endif @@ -18524,6 +18534,33 @@ int blob_test(void) } #endif /* WOLFSSL_IMX6_CAAM_BLOB */ +int misc_test(void) +{ + unsigned char data[32]; + unsigned int i, j, len; + + /* Test ForceZero */ + for (i = 0; i < sizeof(data); i++) { + for (len = 1; len < sizeof(data) - i; len++) { + for (j = 0; j < sizeof(data); j++) + data[j] = j + 1; + + ForceZero(data + i, len); + + for (j = 0; j < sizeof(data); j++) { + if (j < i || j >= i + len) { + if (data[j] == 0x00) + return -9000; + } + else if (data[j] != 0x00) + return -9001; + } + } + } + + return 0; +} + #undef ERROR_OUT #else From cf70b1a013b4582d577463a99861016e295c857a Mon Sep 17 00:00:00 2001 From: David Garske Date: Fri, 18 May 2018 05:29:09 -0700 Subject: [PATCH 030/146] Revert ForceZero changes in favor of PR #1567. --- wolfcrypt/src/misc.c | 21 --------------------- 1 file changed, 21 deletions(-) diff --git a/wolfcrypt/src/misc.c b/wolfcrypt/src/misc.c index 1fbe774da..6d7f0e3ed 100644 --- a/wolfcrypt/src/misc.c +++ b/wolfcrypt/src/misc.c @@ -200,35 +200,14 @@ STATIC INLINE void ForceZero(const void* mem, word32 len) { volatile byte* z = (volatile byte*)mem; -#ifndef NO_ALIGNED_FORCEZERO #if defined(WOLFSSL_X86_64_BUILD) && defined(WORD64_AVAILABLE) volatile word64* w; - /* align buffer */ - while (len && ((size_t)z % sizeof(word64)) != 0) { - *z++ = 0; len--; - } - - /* do aligned force zero */ for (w = (volatile word64*)z; len >= sizeof(*w); len -= sizeof(*w)) *w++ = 0; z = (volatile byte*)w; -#else - volatile word32* w; - - /* align buffer */ - while (len && ((size_t)z % sizeof(word32)) != 0) { - *z++ = 0; len--; - } - - /* do aligned force zero */ - for (w = (volatile word32*)z; len >= sizeof(*w); len -= sizeof(*w)) - *w++ = 0; - z = (volatile byte*)w; #endif -#endif /* NO_ALIGNED_FORCEZERO */ - /* do byte by byte force zero */ while (len--) *z++ = 0; } From 03846b2d2d2eaaeaab11e2136c60beaefc5782b2 Mon Sep 17 00:00:00 2001 From: Takashi Kojo Date: Thu, 3 May 2018 19:00:24 +0900 Subject: [PATCH 031/146] d2i_RSAPublicKey, d2i_X509_CRL, d2i_X509_CRL_fp, X509_CRL_free, PEM_read_X509_CRL --- src/ssl.c | 228 ++++++++++++++++++++++++++++++++++++++++ tests/api.c | 94 +++++++++++++++++ wolfcrypt/src/asn.c | 10 ++ wolfssl/openssl/ssl.h | 6 ++ wolfssl/ssl.h | 20 +++- wolfssl/wolfcrypt/rsa.h | 3 +- 6 files changed, 357 insertions(+), 4 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 5b449fb5b..989e9e685 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -17971,6 +17971,121 @@ int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx) } #endif /* NO_CERTS */ +#ifdef HAVE_CRL + +WOLFSSL_X509_CRL* wolfSSL_d2i_X509_CRL(WOLFSSL_X509_CRL** crl, const unsigned char* in, int len) +{ + WOLFSSL_X509_CRL *newcrl = NULL; + WOLFSSL_CERT_MANAGER *cert= NULL; + int ret ; + + WOLFSSL_ENTER("wolfSSL_X509_CRL_d2i"); + + if(in == NULL){ + WOLFSSL_MSG("Bad argument value"); + return NULL; + } + + newcrl = (WOLFSSL_X509_CRL*)XMALLOC(sizeof(WOLFSSL_X509_CRL), NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (newcrl == NULL){ + WOLFSSL_MSG("New CRL allocation failed"); + return NULL; + } + cert = wolfSSL_CertManagerNew(); + if (cert == NULL){ + WOLFSSL_MSG("CertManagerNew failed"); + goto err_exit; + } + if (InitCRL(newcrl, cert) < 0) { + WOLFSSL_MSG("Init tmp CRL failed"); + goto err_exit; + } + ret = BufferLoadCRL(newcrl, in, len, WOLFSSL_FILETYPE_ASN1, 1); + if (ret != WOLFSSL_SUCCESS){ + WOLFSSL_MSG("Buffer Load CRL failed"); + goto err_exit; + } + if(crl){ + *crl = newcrl; + } + goto _exit; + +err_exit: + if(newcrl != NULL) + XFREE(newcrl, NULL, DYNAMIC_TYPE_FILE); + newcrl = NULL; + if(cert != NULL) + wolfSSL_CertManagerFree(cert); +_exit: + return newcrl; +} + +#ifndef NO_FILESYSTEM +WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL_fp(WOLFSSL_X509_CRL **crl, XFILE file) +{ + WOLFSSL_X509_CRL *newcrl = NULL; + DerBuffer* der = NULL; + byte *fileBuffer = NULL; + + WOLFSSL_ENTER("wolfSSL_d2i_X509_CRL_fp"); + + if (file != XBADFILE) + { + long sz = 0; + + XFSEEK(file, 0, XSEEK_END); + sz = XFTELL(file); + XREWIND(file); + + if (sz < 0) + { + WOLFSSL_MSG("Bad tell on FILE"); + return NULL; + } + + fileBuffer = (byte *)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE); + if (fileBuffer != NULL) + { + if((long)XFREAD(fileBuffer, 1, sz, file) != sz) + { + WOLFSSL_MSG("File read failed"); + goto err_exit; + } + + newcrl = wolfSSL_d2i_X509_CRL(NULL, fileBuffer, (int)sz); + if(newcrl == NULL) + { + WOLFSSL_MSG("X509_CRL failed"); + goto err_exit; + } + } + } + if (crl != NULL) + *crl = newcrl; + + goto _exit; + +err_exit: + if(newcrl != NULL) + XFREE(newcrl, NULL, DYNAMIC_TYPE_FILE); +_exit: + if(der != NULL) + FreeDer(&der); + if(fileBuffer != NULL) + XFREE(fileBuffer, NULL, DYNAMIC_TYPE_FILE); + return newcrl; +} +#endif + +void wolfSSL_X509_CRL_free(WOLFSSL_X509_CRL *crl) +{ + WOLFSSL_ENTER("wolfSSL_X509_CRL_free"); + + FreeCRL(crl, 1); + return; +} +#endif + #ifndef NO_WOLFSSL_STUB WOLFSSL_ASN1_TIME* wolfSSL_X509_CRL_get_lastUpdate(WOLFSSL_X509_CRL* crl) { @@ -27369,6 +27484,57 @@ int wolfSSL_PEM_write_RSA_PUBKEY(FILE *fp, WOLFSSL_RSA *x) #endif /* OPENSSL_EXTRA */ #if !defined(NO_RSA) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) +WOLFSSL_RSA *wolfSSL_d2i_RSAPublicKey(WOLFSSL_RSA **r, const unsigned char **pp, long len) +{ + WOLFSSL_RSA *rsa = NULL; + + WOLFSSL_ENTER("d2i_RSAPublicKey"); + if((rsa = wolfSSL_RSA_new()) == NULL){ + WOLFSSL_MSG("RSA_new failed"); + return NULL; + } + + if(wolfSSL_RSA_LoadDer_ex(rsa, *pp, (int)len, WOLFSSL_RSA_LOAD_PUBLIC) + != WOLFSSL_SUCCESS){ + WOLFSSL_MSG("RSA_LoadDer failed"); + return NULL; + } + + *r = rsa; + return rsa; +} + +int wolfSSL_i2d_RSAPublicKey(WOLFSSL_RSA *rsa, const unsigned char **pp) +{ + byte *der; + word32 derLen = 165; + int ret; + + WOLFSSL_ENTER("i2d_RSAPublicKey"); + if(pp == NULL) + return WOLFSSL_FATAL_ERROR; + der = (byte*)XMALLOC(derLen, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (der == NULL) { + ret = WOLFSSL_FATAL_ERROR; + } + if((ret = SetRsaInternal(rsa)) != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("SetRsaInternal Failed"); + XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return _REXT_OK; + } + +#if 0 + if((ret = wc_RsaKeyToPublicDer((RsaKey *)rsa->internal, der, derLen)) < 0){ + WOLFSSL_MSG("RsaKeyToPublicDer failed"); + XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return ret; + } +#endif + + *pp = der; + return ret; +} + /* return WOLFSSL_SUCCESS if success, WOLFSSL_FATAL_ERROR if error */ int wolfSSL_RSA_LoadDer(WOLFSSL_RSA* rsa, const unsigned char* derBuf, int derSz) { @@ -28352,6 +28518,68 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) return x509; } +#ifndef NO_FILESYSTEM + WOLFSSL_API WOLFSSL_X509_CRL* wolfSSL_PEM_read_X509_CRL(FILE *fp, WOLFSSL_X509_CRL **crl, + pem_password_cb *cb, void *u) + { +#if defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM) + unsigned char* pem = NULL; + DerBuffer* der = NULL; + int pemSz; + int derSz; + long i = 0, l; + WOLFSSL_X509_CRL* newcrl; + + WOLFSSL_ENTER("wolfSSL_PEM_read_X509_CRL"); + + if (fp == NULL) { + WOLFSSL_LEAVE("wolfSSL_PEM_read_X509_CRL", BAD_FUNC_ARG); + return NULL; + } + /* Read in CRL from file */ + i = XFTELL(fp); + if (i < 0) { + WOLFSSL_LEAVE("wolfSSL_PEM_read_X509_CRL", BAD_FUNC_ARG); + return NULL; + } + + if (XFSEEK(fp, 0, SEEK_END) != 0) + return NULL; + l = XFTELL(fp); + if (l < 0) + return NULL; + if (XFSEEK(fp, i, SEEK_SET) != 0) + return NULL; + pemSz = (int)(l - i); + /* check calculated length */ + if (pemSz < 0) + return NULL; + if((pem = (unsigned char*)XMALLOC(pemSz, 0, DYNAMIC_TYPE_PEM)) == NULL) + return NULL; + + if((int)XFREAD((char *)pem, 1, pemSz, fp) != pemSz) + goto err_exit; + if((PemToDer(pem, pemSz, CRL_TYPE, &der, NULL, NULL, NULL)) < 0) + goto err_exit; + + derSz = der->length; + if((newcrl = wolfSSL_d2i_X509_CRL(crl, (const unsigned char *)der->buffer, derSz)) == NULL) + goto err_exit; + return newcrl; + + err_exit: + if(pem != NULL) + XFREE(pem, 0, DYNAMIC_TYPE_PEM); + if(der != NULL) + FreeDer(&der); + return NULL; + + (void)cb; + (void)u; + #endif + + } +#endif /* * bp : bio to read X509 from diff --git a/tests/api.c b/tests/api.c index 11bcbded3..2799abfa9 100644 --- a/tests/api.c +++ b/tests/api.c @@ -17376,6 +17376,42 @@ static void test_wolfSSL_RSA(void) #endif } +static void test_wolfSSL_RSA_DER(void) +{ +#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) + + RSA *rsa; + int i; + + struct + { + const unsigned char *der; + int sz; + } tbl[] = { +#ifdef USE_CERT_BUFFERS_1024 + {client_key_der_1024, sizeof_client_key_der_1024}, + {server_key_der_1024, sizeof_server_key_der_1024}, +#endif +#ifdef USE_CERT_BUFFERS_2048 + {client_key_der_2048, sizeof_client_key_der_2048}, + {server_key_der_2048, sizeof_server_key_der_2048}, +#endif + {NULL, 0} + }; + + printf(testingFmt, "test_wolfSSL_RSA_DER()"); + + for (i = 0; tbl[i].der != NULL; i++) + { + AssertNotNull(d2i_RSAPublicKey(&rsa, &tbl[i].der, tbl[i].sz)); + AssertNotNull(rsa); + RSA_free(rsa); + } + printf(resultFmt, passed); + +#endif +} + static void test_wolfSSL_verify_depth(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) @@ -18570,6 +18606,62 @@ static int test_wc_RNG_GenerateBlock() } #endif +static void test_wolfSSL_X509_CRL(void) +{ +#if defined(OPENSSL_EXTRA) && defined(HAVE_CRL) + + X509_CRL *crl; + char pem[][100] = { + "./certs/crl/crl.pem", + "./certs/crl/crl2.pem", + "./certs/crl/caEccCrl.pem", + "./certs/crl/eccCliCRL.pem", + "./certs/crl/eccSrvCRL.pem", + "" + }; + + char der[][100] = { + "./certs/crl/crl.der", + "./certs/crl/crl2.der", + ""}; + + FILE * fp; + int i; + + printf(testingFmt, "test_wolfSSL_X509_CRL"); + + for (i = 0; pem[i][0] != '\0'; i++) + { + AssertNotNull(fp = XFOPEN(pem[i], "rb")); + AssertNotNull(crl = (X509_CRL *)PEM_read_X509_CRL(fp, (X509_CRL **)NULL, NULL, NULL)); + AssertNotNull(crl); + X509_CRL_free(crl); + XFCLOSE(fp); + AssertNotNull(fp = XFOPEN(pem[i], "rb")); + AssertNotNull((X509_CRL *)PEM_read_X509_CRL(fp, (X509_CRL **)&crl, NULL, NULL)); + AssertNotNull(crl); + X509_CRL_free(crl); + XFCLOSE(fp); + } + + for(i = 0; der[i][0] != '\0'; i++){ + AssertNotNull(fp = XFOPEN(der[i], "rb")); + AssertNotNull(crl = (X509_CRL *)d2i_X509_CRL_fp((X509_CRL **)NULL, fp)); + AssertNotNull(crl); + X509_CRL_free(crl); + XFCLOSE(fp); + AssertNotNull(fp = XFOPEN(der[i], "rb")); + AssertNotNull((X509_CRL *)d2i_X509_CRL_fp((X509_CRL **)&crl, fp)); + AssertNotNull(crl); + X509_CRL_free(crl); + XFCLOSE(fp); + } + + printf(resultFmt, passed); +#endif + return; +} + /*----------------------------------------------------------------------------* | Main *----------------------------------------------------------------------------*/ @@ -18668,6 +18760,7 @@ void ApiTest(void) test_wolfSSL_sk_GENERAL_NAME(); test_wolfSSL_MD4(); test_wolfSSL_RSA(); + test_wolfSSL_RSA_DER(); test_wolfSSL_verify_depth(); test_wolfSSL_HMAC_CTX(); test_wolfSSL_msg_callback(); @@ -18676,6 +18769,7 @@ void ApiTest(void) test_wolfSSL_AES_ecb_encrypt(); test_wolfSSL_SHA256(); test_wolfSSL_X509_get_serialNumber(); + test_wolfSSL_X509_CRL(); /* test the no op functions for compatibility */ test_no_op_functions(); diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index fafaf3f21..623a24eb4 100755 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -7244,6 +7244,11 @@ const char* const END_PUB_KEY = "-----END PUBLIC KEY-----"; const char* const BEGIN_EDDSA_PRIV = "-----BEGIN EDDSA PRIVATE KEY-----"; const char* const END_EDDSA_PRIV = "-----END EDDSA PRIVATE KEY-----"; #endif +#ifdef HAVE_CRL + const char *const BEGIN_CRL = "-----BEGIN X509 CRL-----"; + const char* const END_CRL = "-----END X509 CRL-----"; +#endif + int wc_PemGetHeaderFooter(int type, const char** header, const char** footer) @@ -7716,6 +7721,11 @@ int PemToDer(const unsigned char* buff, long longSz, int type, { header = BEGIN_EDDSA_PRIV; footer = END_EDDSA_PRIV; } else +#endif +#ifdef HAVE_CRL + if (type == CRL_TYPE) { + header = BEGIN_CRL; footer = END_CRL; + } else #endif { break; diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index e90a5213a..ad8e8cf67 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -513,6 +513,11 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; #define d2i_X509_bio wolfSSL_d2i_X509_bio #define i2d_X509 wolfSSL_i2d_X509 #define d2i_X509 wolfSSL_d2i_X509 +#define d2i_RSAPublicKey wolfSSL_d2i_RSAPublicKey +#define i2d_RSAPublicKey wolfSSL_i2d_RSAPublicKey +#define d2i_X509_CRL wolfSSL_d2i_X509_CRL +#define d2i_X509_CRL_fp wolfSSL_d2i_X509_CRL_fp +#define X509_CRL_free wolfSSL_X509_CRL_free #define SSL_CTX_get_ex_data wolfSSL_CTX_get_ex_data #define SSL_CTX_set_ex_data wolfSSL_CTX_set_ex_data @@ -528,6 +533,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; #define SSL_CTX_get_ex_new_index wolfSSL_CTX_get_ex_new_index #define PEM_read_bio_X509 wolfSSL_PEM_read_bio_X509 #define PEM_read_bio_X509_AUX wolfSSL_PEM_read_bio_X509_AUX +#define PEM_read_X509_CRL wolfSSL_PEM_read_X509_CRL /*#if OPENSSL_API_COMPAT < 0x10100000L*/ #define CONF_modules_free() diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index f425729ee..04c8428ac 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -164,7 +164,7 @@ typedef struct WOLFSSL_ECDSA_SIG WOLFSSL_ECDSA_SIG; typedef struct WOLFSSL_CIPHER WOLFSSL_CIPHER; typedef struct WOLFSSL_X509_LOOKUP WOLFSSL_X509_LOOKUP; typedef struct WOLFSSL_X509_LOOKUP_METHOD WOLFSSL_X509_LOOKUP_METHOD; -typedef struct WOLFSSL_X509_CRL WOLFSSL_X509_CRL; +typedef struct WOLFSSL_CRL WOLFSSL_X509_CRL; typedef struct WOLFSSL_X509_STORE WOLFSSL_X509_STORE; typedef struct WOLFSSL_X509_VERIFY_PARAM WOLFSSL_X509_VERIFY_PARAM; typedef struct WOLFSSL_BIO WOLFSSL_BIO; @@ -987,8 +987,10 @@ WOLFSSL_API const char* wolfSSL_state_string_long(const WOLFSSL*); WOLFSSL_API WOLFSSL_RSA* wolfSSL_RSA_generate_key(int, unsigned long, void(*)(int, int, void*), void*); -WOLFSSL_API void wolfSSL_CTX_set_tmp_rsa_callback(WOLFSSL_CTX*, - WOLFSSL_RSA*(*)(WOLFSSL*, int, int)); +WOLFSSL_API WOLFSSL_RSA *wolfSSL_d2i_RSAPublicKey(WOLFSSL_RSA **r, const unsigned char **pp, long len); +WOLFSSL_API int wolfSSL_i2d_RSAPublicKey(WOLFSSL_RSA *r, const unsigned char **pp); +WOLFSSL_API void wolfSSL_CTX_set_tmp_rsa_callback(WOLFSSL_CTX *, + WOLFSSL_RSA *(*)(WOLFSSL *, int, int)); WOLFSSL_API int wolfSSL_PEM_def_callback(char*, int num, int w, void* key); @@ -1513,6 +1515,11 @@ WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509(WOLFSSL_X509** x509, WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_d2i(WOLFSSL_X509** x509, const unsigned char* in, int len); WOLFSSL_API int wolfSSL_i2d_X509(WOLFSSL_X509* x509, unsigned char** out); +WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL(WOLFSSL_X509_CRL **crl, + const unsigned char *in, int len); +WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL_fp(WOLFSSL_X509_CRL **crl, XFILE file); +WOLFSSL_API void wolfSSL_X509_CRL_free(WOLFSSL_X509_CRL *crl); + #ifndef NO_FILESYSTEM #ifndef NO_STDIO_FILESYSTEM WOLFSSL_API WOLFSSL_X509* @@ -2538,6 +2545,13 @@ WOLFSSL_API int wolfSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *p WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u); WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509_AUX (WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u); +WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL(WOLFSSL_X509_CRL **crl, + const unsigned char *in, int len); +#ifndef NO_FILESYSTEM +WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL_fp(WOLFSSL_X509_CRL **crl, XFILE file); +WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_PEM_read_X509_CRL(FILE *fp, WOLFSSL_X509_CRL **x, + pem_password_cb *cb, void *u); +#endif /*lighttp compatibility */ diff --git a/wolfssl/wolfcrypt/rsa.h b/wolfssl/wolfcrypt/rsa.h index 5cbc76770..a11b016eb 100644 --- a/wolfssl/wolfcrypt/rsa.h +++ b/wolfssl/wolfcrypt/rsa.h @@ -247,8 +247,9 @@ WOLFSSL_API int wc_RsaExportKey(RsaKey* key, byte* p, word32* pSz, byte* q, word32* qSz); +WOLFSSL_API int wc_RsaKeyToPublicDer(RsaKey*, byte* output, word32 inLen); + #ifdef WOLFSSL_KEY_GEN - WOLFSSL_API int wc_RsaKeyToPublicDer(RsaKey*, byte* output, word32 inLen); WOLFSSL_API int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng); WOLFSSL_API int wc_CheckProbablePrime(const byte* p, word32 pSz, const byte* q, word32 qSz, From 138f9f8f66f3475353497567ef2b7a2a0f43df10 Mon Sep 17 00:00:00 2001 From: Takashi Kojo Date: Fri, 4 May 2018 08:32:13 +0900 Subject: [PATCH 032/146] add wc_RsaKeyToPublicDer in asn.c when OPENSSL_EXTRA, fix wolfSSL_i2d_RSAPublicKey --- src/ssl.c | 5 ++--- wolfcrypt/src/asn.c | 5 +++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 989e9e685..2d7f6e85e 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -27520,21 +27520,20 @@ int wolfSSL_i2d_RSAPublicKey(WOLFSSL_RSA *rsa, const unsigned char **pp) if((ret = SetRsaInternal(rsa)) != WOLFSSL_SUCCESS) { WOLFSSL_MSG("SetRsaInternal Failed"); XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); - return _REXT_OK; + return ret; } -#if 0 if((ret = wc_RsaKeyToPublicDer((RsaKey *)rsa->internal, der, derLen)) < 0){ WOLFSSL_MSG("RsaKeyToPublicDer failed"); XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); return ret; } -#endif *pp = der; return ret; } + /* return WOLFSSL_SUCCESS if success, WOLFSSL_FATAL_ERROR if error */ int wolfSSL_RSA_LoadDer(WOLFSSL_RSA* rsa, const unsigned char* derBuf, int derSz) { diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 623a24eb4..939efce98 100755 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -8186,7 +8186,7 @@ int wc_PemPubKeyToDer(const char* fileName, #if !defined(NO_RSA) && (defined(WOLFSSL_CERT_GEN) || \ - (defined(WOLFSSL_KEY_GEN) && !defined(HAVE_USER_RSA))) + ((defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA)) && !defined(HAVE_USER_RSA))) /* USER RSA ifdef portions used instead of refactor in consideration for possible fips build */ /* Write a public RSA key to output */ @@ -8438,8 +8438,9 @@ int wc_RsaKeyToDer(RsaKey* key, byte* output, word32 inLen) return outLen; } +#endif - +#if (defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA)) && !defined(NO_RSA) && !defined(HAVE_USER_RSA) /* Convert Rsa Public key to DER format, write to output (inLen), return bytes written */ int wc_RsaKeyToPublicDer(RsaKey* key, byte* output, word32 inLen) From f56fd5db0071d04c12fb378c97115c92d4f5955d Mon Sep 17 00:00:00 2001 From: Takashi Kojo Date: Fri, 4 May 2018 08:55:26 +0900 Subject: [PATCH 033/146] eliminate dupricated func prototypes --- wolfssl/ssl.h | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 04c8428ac..e5d594eab 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -1517,7 +1517,9 @@ WOLFSSL_API WOLFSSL_X509* WOLFSSL_API int wolfSSL_i2d_X509(WOLFSSL_X509* x509, unsigned char** out); WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL(WOLFSSL_X509_CRL **crl, const unsigned char *in, int len); +#ifndef NO_FILESYSTEM WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL_fp(WOLFSSL_X509_CRL **crl, XFILE file); +#endif WOLFSSL_API void wolfSSL_X509_CRL_free(WOLFSSL_X509_CRL *crl); #ifndef NO_FILESYSTEM @@ -2545,10 +2547,7 @@ WOLFSSL_API int wolfSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *p WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u); WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509_AUX (WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u); -WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL(WOLFSSL_X509_CRL **crl, - const unsigned char *in, int len); #ifndef NO_FILESYSTEM -WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL_fp(WOLFSSL_X509_CRL **crl, XFILE file); WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_PEM_read_X509_CRL(FILE *fp, WOLFSSL_X509_CRL **x, pem_password_cb *cb, void *u); #endif From 2e4884b6f99daedc32f8a984ba216aad4a3e29de Mon Sep 17 00:00:00 2001 From: Takashi Kojo Date: Fri, 4 May 2018 09:30:08 +0900 Subject: [PATCH 034/146] PEM_read_X509_CRL only with HAVE_CRL --- src/ssl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/ssl.c b/src/ssl.c index 2d7f6e85e..08b7dbc30 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -28517,7 +28517,7 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) return x509; } -#ifndef NO_FILESYSTEM +#if defined(HAVE_CRL) && !defined(NO_FILESYSTEM) WOLFSSL_API WOLFSSL_X509_CRL* wolfSSL_PEM_read_X509_CRL(FILE *fp, WOLFSSL_X509_CRL **crl, pem_password_cb *cb, void *u) { From 5d4c0c582ed0c588daceacfcd5b47d7640fbed8d Mon Sep 17 00:00:00 2001 From: Takashi Kojo Date: Fri, 4 May 2018 10:18:33 +0900 Subject: [PATCH 035/146] skip d2i_X509_CRL_fp test. Done locally. --- tests/api.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/api.c b/tests/api.c index 2799abfa9..b2db365dc 100644 --- a/tests/api.c +++ b/tests/api.c @@ -18620,10 +18620,12 @@ static void test_wolfSSL_X509_CRL(void) "" }; +#ifdef HAVE_TEST_d2i_X509_CRL_fp char der[][100] = { "./certs/crl/crl.der", "./certs/crl/crl2.der", ""}; +#endif FILE * fp; int i; @@ -18644,6 +18646,7 @@ static void test_wolfSSL_X509_CRL(void) XFCLOSE(fp); } +#ifdef HAVE_TEST_d2i_X509_CRL_fp for(i = 0; der[i][0] != '\0'; i++){ AssertNotNull(fp = XFOPEN(der[i], "rb")); AssertNotNull(crl = (X509_CRL *)d2i_X509_CRL_fp((X509_CRL **)NULL, fp)); @@ -18656,6 +18659,7 @@ static void test_wolfSSL_X509_CRL(void) X509_CRL_free(crl); XFCLOSE(fp); } +#endif printf(resultFmt, passed); #endif From 6580a1fefa05639dfcf7a41b96f0c6672e35b3e7 Mon Sep 17 00:00:00 2001 From: Takashi Kojo Date: Fri, 4 May 2018 11:29:04 +0900 Subject: [PATCH 036/146] enable SetBitString, SetASNInt, SetASNIntMP with OPENSSL_EXTRA --- wolfcrypt/src/asn.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 939efce98..83bd11863 100755 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -502,7 +502,7 @@ char* GetSigName(int oid) { #if !defined(NO_DSA) || defined(HAVE_ECC) || \ (!defined(NO_RSA) && \ (defined(WOLFSSL_CERT_GEN) || \ - (defined(WOLFSSL_KEY_GEN) && !defined(HAVE_USER_RSA)))) + ((defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA)) && !defined(HAVE_USER_RSA)))) /* Set the DER/BER encoding of the ASN.1 INTEGER header. * * len Length of data to encode. @@ -526,7 +526,7 @@ static int SetASNInt(int len, byte firstByte, byte* output) #endif #if !defined(NO_DSA) || defined(HAVE_ECC) || defined(WOLFSSL_CERT_GEN) || \ - (defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) && !defined(HAVE_USER_RSA)) + ((defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA)) && !defined(NO_RSA) && !defined(HAVE_USER_RSA)) /* Set the DER/BER encoding of the ASN.1 INTEGER element with an mp_int. * The number is assumed to be positive. * @@ -750,10 +750,10 @@ static int CheckBitString(const byte* input, word32* inOutIdx, int* len, /* RSA (with CertGen or KeyGen) OR ECC OR ED25519 (with CertGen or KeyGen) */ #if (!defined(NO_RSA) && !defined(HAVE_USER_RSA) && \ - (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN))) || \ + (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA))) || \ defined(HAVE_ECC) || \ (defined(HAVE_ED25519) && \ - (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN))) + (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA))) /* Set the DER/BER encoding of the ASN.1 BIT_STRING header. * From 76686c9e201a1f982702be4a83377282945c241f Mon Sep 17 00:00:00 2001 From: Takashi Kojo Date: Fri, 4 May 2018 11:37:23 +0900 Subject: [PATCH 037/146] fix error return, i2d_RSAPublicKey --- src/ssl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/ssl.c b/src/ssl.c index 08b7dbc30..ff08d53c8 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -27515,7 +27515,7 @@ int wolfSSL_i2d_RSAPublicKey(WOLFSSL_RSA *rsa, const unsigned char **pp) return WOLFSSL_FATAL_ERROR; der = (byte*)XMALLOC(derLen, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (der == NULL) { - ret = WOLFSSL_FATAL_ERROR; + return WOLFSSL_FATAL_ERROR; } if((ret = SetRsaInternal(rsa)) != WOLFSSL_SUCCESS) { WOLFSSL_MSG("SetRsaInternal Failed"); From 6cef2e5d317437baa3bd6cede4be1a0c4110b8dd Mon Sep 17 00:00:00 2001 From: Takashi Kojo Date: Sat, 5 May 2018 14:41:35 +0900 Subject: [PATCH 038/146] memory leak in d2i_X509_CRL --- src/crl.c | 8 +++++--- src/ssl.c | 17 ++++++----------- 2 files changed, 11 insertions(+), 14 deletions(-) diff --git a/src/crl.c b/src/crl.c index 790c2f962..f96570a7c 100644 --- a/src/crl.c +++ b/src/crl.c @@ -49,8 +49,10 @@ int InitCRL(WOLFSSL_CRL* crl, WOLFSSL_CERT_MANAGER* cm) { WOLFSSL_ENTER("InitCRL"); - - crl->heap = cm->heap; + if(cm != NULL) + crl->heap = cm->heap; + else + crl->heap = NULL; crl->cm = cm; crl->crlList = NULL; crl->monitors[0].path = NULL; @@ -153,7 +155,7 @@ void FreeCRL(WOLFSSL_CRL* crl, int dynamic) CRL_Entry* tmp = crl->crlList; WOLFSSL_ENTER("FreeCRL"); - + printf("sizeof(CRL_Entry)=%lu\n", sizeof(CRL_Entry)); if (crl->monitors[0].path) XFREE(crl->monitors[0].path, crl->heap, DYNAMIC_TYPE_CRL_MONITOR); diff --git a/src/ssl.c b/src/ssl.c index ff08d53c8..e33612814 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -17976,7 +17976,6 @@ int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx) WOLFSSL_X509_CRL* wolfSSL_d2i_X509_CRL(WOLFSSL_X509_CRL** crl, const unsigned char* in, int len) { WOLFSSL_X509_CRL *newcrl = NULL; - WOLFSSL_CERT_MANAGER *cert= NULL; int ret ; WOLFSSL_ENTER("wolfSSL_X509_CRL_d2i"); @@ -17991,12 +17990,7 @@ WOLFSSL_X509_CRL* wolfSSL_d2i_X509_CRL(WOLFSSL_X509_CRL** crl, const unsigned ch WOLFSSL_MSG("New CRL allocation failed"); return NULL; } - cert = wolfSSL_CertManagerNew(); - if (cert == NULL){ - WOLFSSL_MSG("CertManagerNew failed"); - goto err_exit; - } - if (InitCRL(newcrl, cert) < 0) { + if (InitCRL(newcrl, NULL) < 0) { WOLFSSL_MSG("Init tmp CRL failed"); goto err_exit; } @@ -18014,8 +18008,6 @@ err_exit: if(newcrl != NULL) XFREE(newcrl, NULL, DYNAMIC_TYPE_FILE); newcrl = NULL; - if(cert != NULL) - wolfSSL_CertManagerFree(cert); _exit: return newcrl; } @@ -27499,8 +27491,8 @@ WOLFSSL_RSA *wolfSSL_d2i_RSAPublicKey(WOLFSSL_RSA **r, const unsigned char **pp, WOLFSSL_MSG("RSA_LoadDer failed"); return NULL; } - - *r = rsa; + if(r != NULL) + *r = rsa; return rsa; } @@ -28560,10 +28552,13 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) goto err_exit; if((PemToDer(pem, pemSz, CRL_TYPE, &der, NULL, NULL, NULL)) < 0) goto err_exit; + XFREE(pem, 0, DYNAMIC_TYPE_PEM); derSz = der->length; if((newcrl = wolfSSL_d2i_X509_CRL(crl, (const unsigned char *)der->buffer, derSz)) == NULL) goto err_exit; + FreeDer(&der); + return newcrl; err_exit: From ad71f44f3cf962bddace1c7b12452cdddf82c8cf Mon Sep 17 00:00:00 2001 From: Takashi Kojo Date: Sat, 5 May 2018 17:41:40 +0900 Subject: [PATCH 039/146] suppress i2d_RSAPublicKey with HAVE_FAST_RSA --- src/ssl.c | 3 ++- tests/api.c | 5 +++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index e33612814..bb4d5bd56 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -27496,6 +27496,7 @@ WOLFSSL_RSA *wolfSSL_d2i_RSAPublicKey(WOLFSSL_RSA **r, const unsigned char **pp, return rsa; } +#if !defined(HAVE_FAST_RSA) int wolfSSL_i2d_RSAPublicKey(WOLFSSL_RSA *rsa, const unsigned char **pp) { byte *der; @@ -27525,12 +27526,12 @@ int wolfSSL_i2d_RSAPublicKey(WOLFSSL_RSA *rsa, const unsigned char **pp) return ret; } - /* return WOLFSSL_SUCCESS if success, WOLFSSL_FATAL_ERROR if error */ int wolfSSL_RSA_LoadDer(WOLFSSL_RSA* rsa, const unsigned char* derBuf, int derSz) { return wolfSSL_RSA_LoadDer_ex(rsa, derBuf, derSz, WOLFSSL_RSA_LOAD_PRIVATE); } +#endif /* #if !defined(HAVE_FAST_RSA) */ int wolfSSL_RSA_LoadDer_ex(WOLFSSL_RSA* rsa, const unsigned char* derBuf, int derSz, int opt) diff --git a/tests/api.c b/tests/api.c index b2db365dc..c5b0614a9 100644 --- a/tests/api.c +++ b/tests/api.c @@ -9852,9 +9852,10 @@ static int test_wc_RsaKeyToDer (void) * Testing wc_RsaKeyToPublicDer() */ static int test_wc_RsaKeyToPublicDer (void) -{ +{ int ret = 0; -#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) +#if (!defined(NO_RSA) || !defined(HAVE_FAST_RSA) || defined(WOLFSSL_KEY_GEN)) && \ + (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) RsaKey key; WC_RNG rng; byte* der; From 03d68812a9dc6b388b1a1061565118aea0490864 Mon Sep 17 00:00:00 2001 From: Takashi Kojo Date: Sat, 5 May 2018 18:16:57 +0900 Subject: [PATCH 040/146] Fix #if condition for test --- tests/api.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/api.c b/tests/api.c index c5b0614a9..11695b9d9 100644 --- a/tests/api.c +++ b/tests/api.c @@ -9854,7 +9854,7 @@ static int test_wc_RsaKeyToDer (void) static int test_wc_RsaKeyToPublicDer (void) { int ret = 0; -#if (!defined(NO_RSA) || !defined(HAVE_FAST_RSA) || defined(WOLFSSL_KEY_GEN)) && \ +#if (!defined(NO_RSA) || !defined(HAVE_FAST_RSA)) && defined(WOLFSSL_KEY_GEN) && \ (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) RsaKey key; WC_RNG rng; From c26bcdd199fe8c441772bc972ffbb219175d9fcd Mon Sep 17 00:00:00 2001 From: Takashi Kojo Date: Sat, 5 May 2018 20:00:40 +0900 Subject: [PATCH 041/146] Enable RSA_LoadDer with HAVE_FAST_RSA --- src/ssl.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/ssl.c b/src/ssl.c index bb4d5bd56..8b2ca5f3e 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -27525,13 +27525,14 @@ int wolfSSL_i2d_RSAPublicKey(WOLFSSL_RSA *rsa, const unsigned char **pp) *pp = der; return ret; } +#endif /* #if !defined(HAVE_FAST_RSA) */ /* return WOLFSSL_SUCCESS if success, WOLFSSL_FATAL_ERROR if error */ int wolfSSL_RSA_LoadDer(WOLFSSL_RSA* rsa, const unsigned char* derBuf, int derSz) { return wolfSSL_RSA_LoadDer_ex(rsa, derBuf, derSz, WOLFSSL_RSA_LOAD_PRIVATE); } -#endif /* #if !defined(HAVE_FAST_RSA) */ + int wolfSSL_RSA_LoadDer_ex(WOLFSSL_RSA* rsa, const unsigned char* derBuf, int derSz, int opt) From 98ef7f43e173e61678317d0cebbf6f341aa4ebd6 Mon Sep 17 00:00:00 2001 From: Takashi Kojo Date: Tue, 8 May 2018 13:29:33 +0900 Subject: [PATCH 042/146] use wolfSSL_X509_CRL_free instead of XFREE --- src/crl.c | 1 - src/ssl.c | 4 ++-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/src/crl.c b/src/crl.c index f96570a7c..4f67cf53b 100644 --- a/src/crl.c +++ b/src/crl.c @@ -155,7 +155,6 @@ void FreeCRL(WOLFSSL_CRL* crl, int dynamic) CRL_Entry* tmp = crl->crlList; WOLFSSL_ENTER("FreeCRL"); - printf("sizeof(CRL_Entry)=%lu\n", sizeof(CRL_Entry)); if (crl->monitors[0].path) XFREE(crl->monitors[0].path, crl->heap, DYNAMIC_TYPE_CRL_MONITOR); diff --git a/src/ssl.c b/src/ssl.c index 8b2ca5f3e..83f731b32 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -18006,7 +18006,7 @@ WOLFSSL_X509_CRL* wolfSSL_d2i_X509_CRL(WOLFSSL_X509_CRL** crl, const unsigned ch err_exit: if(newcrl != NULL) - XFREE(newcrl, NULL, DYNAMIC_TYPE_FILE); + wolfSSL_X509_CRL_free(newcrl); newcrl = NULL; _exit: return newcrl; @@ -18059,7 +18059,7 @@ WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL_fp(WOLFSSL_X509_CRL **crl, XFILE file) err_exit: if(newcrl != NULL) - XFREE(newcrl, NULL, DYNAMIC_TYPE_FILE); + wolfSSL_X509_CRL_free(newcrl); _exit: if(der != NULL) FreeDer(&der); From 4efe8740ad621b3ca4097dda21ae8f372d70404f Mon Sep 17 00:00:00 2001 From: Takashi Kojo Date: Thu, 17 May 2018 06:26:49 +0900 Subject: [PATCH 043/146] Eliminate d2i_RSAPublicKey test when HAVE_FAST_RSA is enabled --- tests/api.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/api.c b/tests/api.c index 11695b9d9..e72415d89 100644 --- a/tests/api.c +++ b/tests/api.c @@ -9516,7 +9516,8 @@ static int test_wc_RsaPublicKeyDecodeRaw (void) } /* END test_wc_RsaPublicKeyDecodeRaw */ -#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) +#if (!defined(NO_RSA) || !defined(HAVE_FAST_RSA)) && (defined(WOLFSSL_KEY_GEN) || \ + defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) /* In FIPS builds, wc_MakeRsaKey() will return an error if it cannot find * a probable prime in 5*(modLen/2) attempts. In non-FIPS builds, it keeps * trying until it gets a probable prime. */ @@ -9854,8 +9855,7 @@ static int test_wc_RsaKeyToDer (void) static int test_wc_RsaKeyToPublicDer (void) { int ret = 0; -#if (!defined(NO_RSA) || !defined(HAVE_FAST_RSA)) && defined(WOLFSSL_KEY_GEN) && \ - (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) +#if (!defined(NO_RSA) || !defined(HAVE_FAST_RSA)) && defined(WOLFSSL_KEY_GEN) RsaKey key; WC_RNG rng; byte* der; @@ -17379,7 +17379,7 @@ static void test_wolfSSL_RSA(void) static void test_wolfSSL_RSA_DER(void) { -#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) +#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_FAST_RSA) RSA *rsa; int i; From c275dfc5ab96960b371ea661422c65ca0405ddbc Mon Sep 17 00:00:00 2001 From: Takashi Kojo Date: Sat, 19 May 2018 09:22:44 +0900 Subject: [PATCH 044/146] X509_STORE_add_crl --- src/crl.c | 28 +++++++++++++++++++++++++ src/ssl.c | 48 +++++++++++++++++++++++++++++++------------ tests/api.c | 31 +++++++++++++++++++++++++++- wolfssl/openssl/ssl.h | 6 ++++-- wolfssl/ssl.h | 4 ++++ 5 files changed, 101 insertions(+), 16 deletions(-) diff --git a/src/crl.c b/src/crl.c index 4f67cf53b..8850e9617 100644 --- a/src/crl.c +++ b/src/crl.c @@ -490,6 +490,34 @@ int BufferLoadCRL(WOLFSSL_CRL* crl, const byte* buff, long sz, int type, return ret ? ret : WOLFSSL_SUCCESS; /* convert 0 to WOLFSSL_SUCCESS */ } +#if defined(OPENSSL_EXTRA) || defined(HAVE_CRL) +int wolfSSL_X509_STORE_add_crl(WOLFSSL_X509_STORE *store, WOLFSSL_X509_CRL *newcrl) +{ + CRL_Entry *crle; + WOLFSSL_CRL *crl; + + WOLFSSL_ENTER("wolfSSL_X509_STORE_add_crl"); + if (store == NULL || newcrl == NULL) + return BAD_FUNC_ARG; + + crl = store->crl; + crle = newcrl->crlList; + + if (wc_LockMutex(&crl->crlLock) != 0) + { + WOLFSSL_MSG("wc_LockMutex failed"); + return BAD_MUTEX_E; + } + crle->next = crl->crlList; + crl->crlList = crle; + newcrl->crlList = NULL; + wc_UnLockMutex(&crl->crlLock); + + WOLFSSL_LEAVE("wolfSSL_X509_STORE_add_crl", WOLFSSL_SUCCESS); + + return WOLFSSL_SUCCESS; +} +#endif #ifdef HAVE_CRL_MONITOR diff --git a/src/ssl.c b/src/ssl.c index 83f731b32..704fd2d24 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -17817,24 +17817,42 @@ int wolfSSL_X509_STORE_add_cert(WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509) return result; } - WOLFSSL_X509_STORE* wolfSSL_X509_STORE_new(void) { WOLFSSL_X509_STORE* store = NULL; - store = (WOLFSSL_X509_STORE*)XMALLOC(sizeof(WOLFSSL_X509_STORE), NULL, - DYNAMIC_TYPE_X509_STORE); - if (store != NULL) { - store->cm = wolfSSL_CertManagerNew(); - if (store->cm == NULL) { - XFREE(store, NULL, DYNAMIC_TYPE_X509_STORE); - store = NULL; - } - else - store->isDynamic = 1; - } + if((store = (WOLFSSL_X509_STORE*)XMALLOC(sizeof(WOLFSSL_X509_STORE), NULL, + DYNAMIC_TYPE_X509_STORE)) == NULL) + goto err_exit; + + if((store->cm = wolfSSL_CertManagerNew()) == NULL) + goto err_exit; + + store->isDynamic = 1; + +#ifdef HAVE_CRL + store->crl = NULL; + if((store->crl = (WOLFSSL_X509_CRL *)XMALLOC(sizeof(WOLFSSL_X509_CRL), + NULL, DYNAMIC_TYPE_TMP_BUFFER)) == NULL) + goto err_exit; + if(InitCRL(store->crl, NULL) < 0) + goto err_exit; +#endif return store; + +err_exit: + if(store == NULL) + return NULL; + if(store->cm != NULL) + wolfSSL_CertManagerFree(store->cm); +#ifdef HAVE_CRL + if(store->crl != NULL) + wolfSSL_X509_CRL_free(store->crl); +#endif + wolfSSL_X509_STORE_free(store); + + return NULL; } @@ -17842,7 +17860,11 @@ void wolfSSL_X509_STORE_free(WOLFSSL_X509_STORE* store) { if (store != NULL && store->isDynamic) { if (store->cm != NULL) - wolfSSL_CertManagerFree(store->cm); + wolfSSL_CertManagerFree(store->cm); +#ifdef HAVE_CRL + if (store->crl != NULL) + wolfSSL_X509_CRL_free(store->crl); +#endif XFREE(store, NULL, DYNAMIC_TYPE_X509_STORE); } } diff --git a/tests/api.c b/tests/api.c index e72415d89..9228a2d2f 100644 --- a/tests/api.c +++ b/tests/api.c @@ -9855,7 +9855,8 @@ static int test_wc_RsaKeyToDer (void) static int test_wc_RsaKeyToPublicDer (void) { int ret = 0; -#if (!defined(NO_RSA) || !defined(HAVE_FAST_RSA)) && defined(WOLFSSL_KEY_GEN) +#if !defined(NO_RSA) && !defined(HAVE_FAST_RSA) && defined(WOLFSSL_KEY_GEN) &&\ + (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) RsaKey key; WC_RNG rng; byte* der; @@ -15985,6 +15986,33 @@ static void test_wolfSSL_CTX_set_srp_password(void) /* && !NO_SHA256 && !WC_NO_RNG */ } +static void test_wolfSSL_X509_STORE(void) +{ +#if defined(OPENSSL_EXTRA) && defined(HAVE_CRL) + X509_STORE *store; + X509_CRL *crl; + X509 *x509; + const char crl_pem[] = "./certs/crl/crl.pem"; + const char svrCert[] = "./certs/server-cert.pem"; + XFILE fp; + + printf(testingFmt, "test_wolfSSL_X509_STORE"); + AssertNotNull(store = (X509_STORE *)X509_STORE_new()); + AssertNotNull((x509 = + wolfSSL_X509_load_certificate_file(svrCert, SSL_FILETYPE_PEM))); + AssertIntEQ(X509_STORE_add_cert(store, x509), SSL_SUCCESS); + X509_free(x509); + AssertNotNull(fp = XFOPEN(crl_pem, "rb")); + AssertNotNull(crl = (X509_CRL *)PEM_read_X509_CRL(fp, (X509_CRL **)NULL, NULL, NULL)); + XFCLOSE(fp); + AssertIntEQ(X509_STORE_add_crl(store, crl), SSL_SUCCESS); + X509_CRL_free(crl); + X509_STORE_free(store); + printf(resultFmt, passed); +#endif + return; +} + static void test_wolfSSL_BN(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_ASN) @@ -18738,6 +18766,7 @@ void ApiTest(void) test_wolfSSL_X509_LOOKUP_load_file(); test_wolfSSL_X509_NID(); test_wolfSSL_X509_STORE_CTX_set_time(); + test_wolfSSL_X509_STORE(); test_wolfSSL_BN(); test_wolfSSL_PEM_read_bio(); test_wolfSSL_BIO(); diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index ad8e8cf67..85181bb56 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -322,6 +322,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; #define X509_STORE_CTX_get_current_cert wolfSSL_X509_STORE_CTX_get_current_cert #define X509_STORE_add_cert wolfSSL_X509_STORE_add_cert +#define X509_STORE_add_crl wolfSSL_X509_STORE_add_crl #define X509_STORE_set_flags wolfSSL_X509_STORE_set_flags #define X509_STORE_CTX_set_verify_cb wolfSSL_X509_STORE_CTX_set_verify_cb #define X509_STORE_CTX_free wolfSSL_X509_STORE_CTX_free @@ -348,7 +349,8 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; #define X509_LOOKUP_file wolfSSL_X509_LOOKUP_file #define X509_STORE_add_lookup wolfSSL_X509_STORE_add_lookup -#define X509_STORE_new wolfSSL_X509_STORE_new +#define X509_STORE_new wolfSSL_X509_STORE_new +#define X509_STORE_free wolfSSL_X509_STORE_free #define X509_STORE_get_by_subject wolfSSL_X509_STORE_get_by_subject #define X509_STORE_CTX_init wolfSSL_X509_STORE_CTX_init #define X509_STORE_CTX_cleanup wolfSSL_X509_STORE_CTX_cleanup @@ -555,7 +557,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; #define X509_NAME_free wolfSSL_X509_NAME_free #define X509_NAME_new wolfSSL_X509_NAME_new -typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; + typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; #define SSL_CTX_use_certificate wolfSSL_CTX_use_certificate #define SSL_CTX_use_PrivateKey wolfSSL_CTX_use_PrivateKey diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index e5d594eab..61dcb886c 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -300,6 +300,9 @@ struct WOLFSSL_X509_STORE { #ifdef OPENSSL_EXTRA int isDynamic; #endif +#if defined(OPENSSL_EXTRA) && defined(HAVE_CRL) + WOLFSSL_X509_CRL *crl; +#endif }; #ifdef OPENSSL_EXTRA @@ -2883,6 +2886,7 @@ WOLFSSL_API int i2t_ASN1_OBJECT(char *buf, int buf_len, WOLFSSL_ASN1_OBJECT *a); WOLFSSL_API void SSL_CTX_set_tmp_dh_callback(WOLFSSL_CTX *ctx, WOLFSSL_DH *(*dh) (WOLFSSL *ssl, int is_export, int keylength)); WOLFSSL_API WOLF_STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void); WOLFSSL_API int X509_STORE_load_locations(WOLFSSL_X509_STORE *ctx, const char *file, const char *dir); +WOLFSSL_API int wolfSSL_X509_STORE_add_crl(WOLFSSL_X509_STORE *ctx, WOLFSSL_X509_CRL *x); WOLFSSL_API int wolfSSL_sk_SSL_CIPHER_num(const void * p); WOLFSSL_API int wolfSSL_sk_SSL_COMP_zero(WOLFSSL_STACK* st); WOLFSSL_API WOLFSSL_CIPHER* wolfSSL_sk_SSL_CIPHER_value(void *ciphers, int idx); From 460becf739308d5d2541ea4ce8874c4024015252 Mon Sep 17 00:00:00 2001 From: Takashi Kojo Date: Sat, 19 May 2018 11:19:39 +0900 Subject: [PATCH 045/146] SHA256, SHA384, SHA512 --- src/ssl.c | 96 ++++++++++++++++++++++++++++++++++++++ tests/api.c | 46 ++++++++++++++++++ wolfssl/openssl/ssl.h | 7 +++ wolfssl/ssl.h | 2 + wolfssl/wolfcrypt/sha.h | 4 +- wolfssl/wolfcrypt/sha256.h | 3 +- wolfssl/wolfcrypt/sha512.h | 4 +- 7 files changed, 158 insertions(+), 4 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 704fd2d24..8a0131bc7 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -29328,6 +29328,102 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) } } #endif /* ! NO_SHA256 */ + +#if defined(WOLFSSL_SHA384) && defined(WOLFSSL_SHA512) + /* One shot SHA384 hash of message. + * + * d message to hash + * n size of d buffer + * md buffer to hold digest. Should be WC_SHA256_DIGEST_SIZE. + * + * Note: if md is null then a static buffer of WC_SHA256_DIGEST_SIZE is used. + * When the static buffer is used this function is not thread safe. + * + * Returns a pointer to the message digest on success and NULL on failure. + */ + unsigned char *wolfSSL_SHA384(const unsigned char *d, size_t n, + unsigned char *md) + { + static byte dig[WC_SHA384_DIGEST_SIZE]; + wc_Sha384 sha; + + WOLFSSL_ENTER("wolfSSL_SHA384"); + + if (wc_InitSha384_ex(&sha, NULL, 0) != 0) { + WOLFSSL_MSG("SHA384 Init failed"); + return NULL; + } + + if (wc_Sha384Update(&sha, (const byte*)d, (word32)n) != 0) { + WOLFSSL_MSG("SHA384 Update failed"); + return NULL; + } + + if (wc_Sha384Final(&sha, dig) != 0) { + WOLFSSL_MSG("SHA384 Final failed"); + return NULL; + } + + wc_Sha384Free(&sha); + + if (md != NULL) { + XMEMCPY(md, dig, WC_SHA384_DIGEST_SIZE); + return md; + } + else { + return (unsigned char*)dig; + } + } +#endif /* defined(WOLFSSL_SHA384) && defined(WOLFSSL_SHA512) */ + + +#if defined(WOLFSSL_SHA512) + /* One shot SHA512 hash of message. + * + * d message to hash + * n size of d buffer + * md buffer to hold digest. Should be WC_SHA256_DIGEST_SIZE. + * + * Note: if md is null then a static buffer of WC_SHA256_DIGEST_SIZE is used. + * When the static buffer is used this function is not thread safe. + * + * Returns a pointer to the message digest on success and NULL on failure. + */ + unsigned char *wolfSSL_SHA512(const unsigned char *d, size_t n, + unsigned char *md) + { + static byte dig[WC_SHA512_DIGEST_SIZE]; + wc_Sha384 sha; + + WOLFSSL_ENTER("wolfSSL_SHA512"); + + if (wc_InitSha512_ex(&sha, NULL, 0) != 0) { + WOLFSSL_MSG("SHA512 Init failed"); + return NULL; + } + + if (wc_Sha512Update(&sha, (const byte*)d, (word32)n) != 0) { + WOLFSSL_MSG("SHA512 Update failed"); + return NULL; + } + + if (wc_Sha512Final(&sha, dig) != 0) { + WOLFSSL_MSG("SHA512 Final failed"); + return NULL; + } + + wc_Sha512Free(&sha); + + if (md != NULL) { + XMEMCPY(md, dig, WC_SHA512_DIGEST_SIZE); + return md; + } + else { + return (unsigned char*)dig; + } + } +#endif /* defined(WOLFSSL_SHA512) */ + char wolfSSL_CTX_use_certificate(WOLFSSL_CTX *ctx, WOLFSSL_X509 *x) { int ret; diff --git a/tests/api.c b/tests/api.c index 9228a2d2f..2c7a6fd7c 100644 --- a/tests/api.c +++ b/tests/api.c @@ -17708,6 +17708,52 @@ static void test_wolfSSL_SHA(void) AssertIntEQ(XMEMCMP(out, expected, WC_SHA_DIGEST_SIZE), 0); } #endif + + #if !defined(NO_SHA256) + { + const unsigned char in[] = "abc"; + unsigned char expected[] = "\xBA\x78\x16\xBF\x8F\x01\xCF\xEA\x41\x41\x40\xDE\x5D\xAE\x22" + "\x23\xB0\x03\x61\xA3\x96\x17\x7A\x9C\xB4\x10\xFF\x61\xF2\x00" + "\x15\xAD"; + unsigned char out[WC_SHA256_DIGEST_SIZE]; + + XMEMSET(out, 0, WC_SHA256_DIGEST_SIZE); + AssertNotNull(SHA256(in, XSTRLEN((char*)in), out)); + AssertIntEQ(XMEMCMP(out, expected, WC_SHA256_DIGEST_SIZE), 0); + } + #endif + + #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_SHA512) + { + const unsigned char in[] = "abc"; + unsigned char expected[] = "\xcb\x00\x75\x3f\x45\xa3\x5e\x8b\xb5\xa0\x3d\x69\x9a\xc6\x50" + "\x07\x27\x2c\x32\xab\x0e\xde\xd1\x63\x1a\x8b\x60\x5a\x43\xff" + "\x5b\xed\x80\x86\x07\x2b\xa1\xe7\xcc\x23\x58\xba\xec\xa1\x34" + "\xc8\x25\xa7"; + unsigned char out[WC_SHA384_DIGEST_SIZE]; + + XMEMSET(out, 0, WC_SHA384_DIGEST_SIZE); + AssertNotNull(SHA384(in, XSTRLEN((char*)in), out)); + AssertIntEQ(XMEMCMP(out, expected, WC_SHA384_DIGEST_SIZE), 0); + } + #endif + + #if !defined(WOLFSSL_SHA512) + { + const unsigned char in[] = "abc"; + unsigned char expected[] = "\xdd\xaf\x35\xa1\x93\x61\x7a\xba\xcc\x41\x73\x49\xae\x20\x41" + "\x31\x12\xe6\xfa\x4e\x89\xa9\x7e\xa2\x0a\x9e\xee\xe6\x4b\x55" + "\xd3\x9a\x21\x92\x99\x2a\x27\x4f\xc1\xa8\x36\xba\x3c\x23\xa3" + "\xfe\xeb\xbd\x45\x4d\x44\x23\x64\x3c\xe8\x0e\x2a\x9a\xc9\x4f" + "\xa5\x4c\xa4\x9f"; + unsigned char out[WC_SHA512_DIGEST_SIZE]; + + XMEMSET(out, 0, WC_SHA512_DIGEST_SIZE); + AssertNotNull(SHA512(in, XSTRLEN((char*)in), out)); + AssertIntEQ(XMEMCMP(out, expected, WC_SHA512_DIGEST_SIZE), 0); + } + #endif + printf(resultFmt, passed); #endif } diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index 85181bb56..b7ac3b5a8 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -576,6 +576,13 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; #define X509_NAME_ENTRY_get_data wolfSSL_X509_NAME_ENTRY_get_data #define sk_X509_NAME_pop_free wolfSSL_sk_X509_NAME_pop_free #define SHA1 wolfSSL_SHA1 + +#ifdef OPENSSL_EXTRA +#define SHA256 wolfSSL_SHA256 +#define SHA384 wolfSSL_SHA384 +#define SHA512 wolfSSL_SHA512 +#endif + #define X509_check_private_key wolfSSL_X509_check_private_key #define SSL_dup_CA_list wolfSSL_dup_CA_list diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 61dcb886c..28c8c6698 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -2586,6 +2586,8 @@ WOLFSSL_API WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_get_entry(WOLFSSL_X509_NA WOLFSSL_API void wolfSSL_sk_X509_NAME_pop_free(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk, void f (WOLFSSL_X509_NAME*)); WOLFSSL_API unsigned char *wolfSSL_SHA1(const unsigned char *d, size_t n, unsigned char *md); WOLFSSL_API unsigned char *wolfSSL_SHA256(const unsigned char *d, size_t n, unsigned char *md); +WOLFSSL_API unsigned char *wolfSSL_SHA384(const unsigned char *d, size_t n, unsigned char *md); +WOLFSSL_API unsigned char *wolfSSL_SHA512(const unsigned char *d, size_t n, unsigned char *md); WOLFSSL_API int wolfSSL_X509_check_private_key(WOLFSSL_X509*, WOLFSSL_EVP_PKEY*); WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_NAME) *wolfSSL_dup_CA_list( WOLF_STACK_OF(WOLFSSL_X509_NAME) *sk ); diff --git a/wolfssl/wolfcrypt/sha.h b/wolfssl/wolfcrypt/sha.h index 8e3519f50..6d08cf5eb 100644 --- a/wolfssl/wolfcrypt/sha.h +++ b/wolfssl/wolfcrypt/sha.h @@ -64,7 +64,9 @@ #ifndef NO_OLD_WC_NAMES #define Sha wc_Sha - #define SHA WC_SHA + #if !defined(OPENSSL_EXTRA) + #define SHA WC_SHA + #endif #define SHA_BLOCK_SIZE WC_SHA_BLOCK_SIZE #define SHA_DIGEST_SIZE WC_SHA_DIGEST_SIZE #define SHA_PAD_SIZE WC_SHA_PAD_SIZE diff --git a/wolfssl/wolfcrypt/sha256.h b/wolfssl/wolfcrypt/sha256.h index a2d387a13..d16a2afdf 100644 --- a/wolfssl/wolfcrypt/sha256.h +++ b/wolfssl/wolfcrypt/sha256.h @@ -81,9 +81,10 @@ #define SHA256_NOINLINE #endif -#ifndef NO_OLD_SHA256_NAMES +#if !defined(NO_OLD_SHA256_NAMES) || !defined(OPENSSL_EXTRA) #define SHA256 WC_SHA256 #endif + #ifndef NO_OLD_WC_NAMES #define Sha256 wc_Sha256 #define SHA256_BLOCK_SIZE WC_SHA256_BLOCK_SIZE diff --git a/wolfssl/wolfcrypt/sha512.h b/wolfssl/wolfcrypt/sha512.h index ec93e80ef..0d961a525 100644 --- a/wolfssl/wolfcrypt/sha512.h +++ b/wolfssl/wolfcrypt/sha512.h @@ -71,7 +71,7 @@ #define SHA512_NOINLINE #endif -#ifndef NO_OLD_WC_NAMES +#if !defined(NO_OLD_WC_NAMES) && !defined(OPENSSL_EXTRA) #define Sha512 wc_Sha512 #define SHA512 WC_SHA512 #define SHA512_BLOCK_SIZE WC_SHA512_BLOCK_SIZE @@ -123,7 +123,7 @@ WOLFSSL_API int wc_Sha512Copy(wc_Sha512* src, wc_Sha512* dst); #ifndef HAVE_FIPS /* avoid redefinition of structs */ -#ifndef NO_OLD_WC_NAMES +#if !defined(NO_OLD_SHA_NAMES) && !defined(OPENSSL_EXTRA) #define Sha384 wc_Sha384 #define SHA384 WC_SHA384 #define SHA384_BLOCK_SIZE WC_SHA384_BLOCK_SIZE From 153bcb52978d7ca227e3e459dba2d4f93f8199c3 Mon Sep 17 00:00:00 2001 From: Takashi Kojo Date: Sat, 19 May 2018 14:44:49 +0900 Subject: [PATCH 046/146] d2i_X509_fp --- src/ssl.c | 139 ++++++++++++++++++++++++------------------ tests/api.c | 19 +++++- wolfssl/openssl/ssl.h | 1 + wolfssl/ssl.h | 6 +- 4 files changed, 104 insertions(+), 61 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 8a0131bc7..bcf16c2a7 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -17993,14 +17993,94 @@ int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx) } #endif /* NO_CERTS */ +#ifndef NO_FILESYSTEM +static void *wolfSSL_d2i_X509_fp_ex(XFILE file, void **x509, int type) +{ + void *new = NULL; + DerBuffer* der = NULL; + byte *fileBuffer = NULL; + + if (file != XBADFILE) + { + long sz = 0; + + XFSEEK(file, 0, XSEEK_END); + sz = XFTELL(file); + XREWIND(file); + + if (sz < 0) + { + WOLFSSL_MSG("Bad tell on FILE"); + return NULL; + } + + fileBuffer = (byte *)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE); + if (fileBuffer != NULL) + { + if((long)XFREAD(fileBuffer, 1, sz, file) != sz) + { + WOLFSSL_MSG("File read failed"); + goto err_exit; + } + if(type == CERT_TYPE) + new = (void *)wolfSSL_X509_d2i(NULL, fileBuffer, (int)sz); + #ifdef HAVE_CRL + else if(type == CRL_TYPE) + new = (void *)wolfSSL_d2i_X509_CRL(NULL, fileBuffer, (int)sz); + #endif + else goto err_exit; + if(new == NULL) + { + WOLFSSL_MSG("X509 failed"); + goto err_exit; + } + } + } + if (x509 != NULL) + *x509 = new; + + goto _exit; + +err_exit: + if(new != NULL){ + if(type == CERT_TYPE) + wolfSSL_X509_free(new); + #ifdef HAVE_CRL + else { + if(type == CRL_TYPE) + wolfSSL_X509_CRL_free(new); + } + #endif + } +_exit: + if(der != NULL) + FreeDer(&der); + if(fileBuffer != NULL) + XFREE(fileBuffer, NULL, DYNAMIC_TYPE_FILE); + return new; +} + +WOLFSSL_X509 *wolfSSL_d2i_X509_fp(XFILE fp, WOLFSSL_X509 **x509) +{ + WOLFSSL_ENTER("wolfSSL_d2i_X509_fp"); + return (WOLFSSL_X509 *)wolfSSL_d2i_X509_fp_ex(fp, (void **)x509, CERT_TYPE); +} +#endif /* NO_FILESYSTEM */ + + #ifdef HAVE_CRL +WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL_fp(XFILE fp, WOLFSSL_X509_CRL **crl) +{ + WOLFSSL_ENTER("wolfSSL_d2i_X509_CRL_fp"); + return (WOLFSSL_X509_CRL *)wolfSSL_d2i_X509_fp_ex(fp, (void **)crl, CRL_TYPE); +} WOLFSSL_X509_CRL* wolfSSL_d2i_X509_CRL(WOLFSSL_X509_CRL** crl, const unsigned char* in, int len) { WOLFSSL_X509_CRL *newcrl = NULL; int ret ; - WOLFSSL_ENTER("wolfSSL_X509_CRL_d2i"); + WOLFSSL_ENTER("wolfSSL_d2i_X509_CRL"); if(in == NULL){ WOLFSSL_MSG("Bad argument value"); @@ -18034,63 +18114,6 @@ _exit: return newcrl; } -#ifndef NO_FILESYSTEM -WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL_fp(WOLFSSL_X509_CRL **crl, XFILE file) -{ - WOLFSSL_X509_CRL *newcrl = NULL; - DerBuffer* der = NULL; - byte *fileBuffer = NULL; - - WOLFSSL_ENTER("wolfSSL_d2i_X509_CRL_fp"); - - if (file != XBADFILE) - { - long sz = 0; - - XFSEEK(file, 0, XSEEK_END); - sz = XFTELL(file); - XREWIND(file); - - if (sz < 0) - { - WOLFSSL_MSG("Bad tell on FILE"); - return NULL; - } - - fileBuffer = (byte *)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE); - if (fileBuffer != NULL) - { - if((long)XFREAD(fileBuffer, 1, sz, file) != sz) - { - WOLFSSL_MSG("File read failed"); - goto err_exit; - } - - newcrl = wolfSSL_d2i_X509_CRL(NULL, fileBuffer, (int)sz); - if(newcrl == NULL) - { - WOLFSSL_MSG("X509_CRL failed"); - goto err_exit; - } - } - } - if (crl != NULL) - *crl = newcrl; - - goto _exit; - -err_exit: - if(newcrl != NULL) - wolfSSL_X509_CRL_free(newcrl); -_exit: - if(der != NULL) - FreeDer(&der); - if(fileBuffer != NULL) - XFREE(fileBuffer, NULL, DYNAMIC_TYPE_FILE); - return newcrl; -} -#endif - void wolfSSL_X509_CRL_free(WOLFSSL_X509_CRL *crl) { WOLFSSL_ENTER("wolfSSL_X509_CRL_free"); diff --git a/tests/api.c b/tests/api.c index 2c7a6fd7c..aa58f52d4 100644 --- a/tests/api.c +++ b/tests/api.c @@ -16671,6 +16671,9 @@ static void test_wolfSSL_X509(void) X509_STORE_CTX* ctx; X509_STORE* store; + char der[] = "certs/ca-cert.der"; + XFILE fp; + printf(testingFmt, "wolfSSL_X509()"); AssertNotNull(x509 = X509_new()); @@ -16695,6 +16698,18 @@ static void test_wolfSSL_X509(void) X509_STORE_CTX_free(ctx); BIO_free(bio); + /** d2i_X509_fp test **/ + AssertNotNull(fp = XFOPEN(der, "rb")); + AssertNotNull(x509 = (X509 *)d2i_X509_fp(fp, (X509 **)NULL)); + AssertNotNull(x509); + X509_free(x509); + XFCLOSE(fp); + AssertNotNull(fp = XFOPEN(der, "rb")); + AssertNotNull((X509 *)d2i_X509_fp(fp, (X509 **)&x509)); + AssertNotNull(x509); + X509_free(x509); + XFCLOSE(fp); + printf(resultFmt, passed); #endif } @@ -18724,12 +18739,12 @@ static void test_wolfSSL_X509_CRL(void) #ifdef HAVE_TEST_d2i_X509_CRL_fp for(i = 0; der[i][0] != '\0'; i++){ AssertNotNull(fp = XFOPEN(der[i], "rb")); - AssertNotNull(crl = (X509_CRL *)d2i_X509_CRL_fp((X509_CRL **)NULL, fp)); + AssertNotNull(crl = (X509_CRL *)d2i_X509_CRL_fp((fp, X509_CRL **)NULL)); AssertNotNull(crl); X509_CRL_free(crl); XFCLOSE(fp); AssertNotNull(fp = XFOPEN(der[i], "rb")); - AssertNotNull((X509_CRL *)d2i_X509_CRL_fp((X509_CRL **)&crl, fp)); + AssertNotNull((X509_CRL *)d2i_X509_CRL_fp(fp, (X509_CRL **)&crl)); AssertNotNull(crl); X509_CRL_free(crl); XFCLOSE(fp); diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index b7ac3b5a8..a2b8a49ca 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -513,6 +513,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; #define sk_X509_free wolfSSL_sk_X509_free #define i2d_X509_bio wolfSSL_i2d_X509_bio #define d2i_X509_bio wolfSSL_d2i_X509_bio +#define d2i_X509_fp wolfSSL_d2i_X509_fp #define i2d_X509 wolfSSL_i2d_X509 #define d2i_X509 wolfSSL_d2i_X509 #define d2i_RSAPublicKey wolfSSL_d2i_RSAPublicKey diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 28c8c6698..30b5fb32a 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -1521,7 +1521,7 @@ WOLFSSL_API int wolfSSL_i2d_X509(WOLFSSL_X509* x509, unsigned char** out); WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL(WOLFSSL_X509_CRL **crl, const unsigned char *in, int len); #ifndef NO_FILESYSTEM -WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL_fp(WOLFSSL_X509_CRL **crl, XFILE file); +WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL_fp(XFILE file, WOLFSSL_X509_CRL **crl); #endif WOLFSSL_API void wolfSSL_X509_CRL_free(WOLFSSL_X509_CRL *crl); @@ -2537,6 +2537,10 @@ WOLFSSL_API int wolfSSL_SESSION_get_master_key_length(const WOLFSSL_SESSION* ses WOLFSSL_API void wolfSSL_CTX_set_cert_store(WOLFSSL_CTX* ctx, WOLFSSL_X509_STORE* str); WOLFSSL_API int wolfSSL_i2d_X509_bio(WOLFSSL_BIO* bio, WOLFSSL_X509* x509); +#if !defined(NO_FILESYSTEM) +WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509_fp(XFILE fp, + WOLFSSL_X509** x509); +#endif WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509_bio(WOLFSSL_BIO* bio, WOLFSSL_X509** x509); WOLFSSL_API WOLFSSL_X509_STORE* wolfSSL_CTX_get_cert_store(WOLFSSL_CTX* ctx); From 874022d93802ad5204c699c16688e14101a19638 Mon Sep 17 00:00:00 2001 From: Takashi Kojo Date: Sat, 19 May 2018 17:57:00 +0900 Subject: [PATCH 047/146] fix #if conditions and others --- src/crl.c | 2 +- src/ssl.c | 18 +++++++++--------- tests/api.c | 2 +- wolfssl/openssl/ssl.h | 2 ++ wolfssl/ssl.h | 4 ++++ wolfssl/wolfcrypt/sha256.h | 2 +- 6 files changed, 18 insertions(+), 12 deletions(-) diff --git a/src/crl.c b/src/crl.c index 8850e9617..5bceabbd4 100644 --- a/src/crl.c +++ b/src/crl.c @@ -490,7 +490,7 @@ int BufferLoadCRL(WOLFSSL_CRL* crl, const byte* buff, long sz, int type, return ret ? ret : WOLFSSL_SUCCESS; /* convert 0 to WOLFSSL_SUCCESS */ } -#if defined(OPENSSL_EXTRA) || defined(HAVE_CRL) +#if defined(OPENSSL_EXTRA) && defined(HAVE_CRL) int wolfSSL_X509_STORE_add_crl(WOLFSSL_X509_STORE *store, WOLFSSL_X509_CRL *newcrl) { CRL_Entry *crle; diff --git a/src/ssl.c b/src/ssl.c index bcf16c2a7..9b989e913 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -17996,7 +17996,7 @@ int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx) #ifndef NO_FILESYSTEM static void *wolfSSL_d2i_X509_fp_ex(XFILE file, void **x509, int type) { - void *new = NULL; + void *newx509 = NULL; DerBuffer* der = NULL; byte *fileBuffer = NULL; @@ -18023,13 +18023,13 @@ static void *wolfSSL_d2i_X509_fp_ex(XFILE file, void **x509, int type) goto err_exit; } if(type == CERT_TYPE) - new = (void *)wolfSSL_X509_d2i(NULL, fileBuffer, (int)sz); + newx509 = (void *)wolfSSL_X509_d2i(NULL, fileBuffer, (int)sz); #ifdef HAVE_CRL else if(type == CRL_TYPE) - new = (void *)wolfSSL_d2i_X509_CRL(NULL, fileBuffer, (int)sz); + newx509 = (void *)wolfSSL_d2i_X509_CRL(NULL, fileBuffer, (int)sz); #endif else goto err_exit; - if(new == NULL) + if(newx509 == NULL) { WOLFSSL_MSG("X509 failed"); goto err_exit; @@ -18037,18 +18037,18 @@ static void *wolfSSL_d2i_X509_fp_ex(XFILE file, void **x509, int type) } } if (x509 != NULL) - *x509 = new; + *x509 = newx509; goto _exit; err_exit: - if(new != NULL){ + if(newx509 != NULL){ if(type == CERT_TYPE) - wolfSSL_X509_free(new); + wolfSSL_X509_free((WOLFSSL_X509*)newx509); #ifdef HAVE_CRL else { if(type == CRL_TYPE) - wolfSSL_X509_CRL_free(new); + wolfSSL_X509_CRL_free((WOLFSSL_X509_CRL*)newx509); } #endif } @@ -18057,7 +18057,7 @@ _exit: FreeDer(&der); if(fileBuffer != NULL) XFREE(fileBuffer, NULL, DYNAMIC_TYPE_FILE); - return new; + return newx509; } WOLFSSL_X509 *wolfSSL_d2i_X509_fp(XFILE fp, WOLFSSL_X509 **x509) diff --git a/tests/api.c b/tests/api.c index aa58f52d4..47a5cb197 100644 --- a/tests/api.c +++ b/tests/api.c @@ -17753,7 +17753,7 @@ static void test_wolfSSL_SHA(void) } #endif - #if !defined(WOLFSSL_SHA512) + #if defined(WOLFSSL_SHA512) { const unsigned char in[] = "abc"; unsigned char expected[] = "\xdd\xaf\x35\xa1\x93\x61\x7a\xba\xcc\x41\x73\x49\xae\x20\x41" diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index a2b8a49ca..c87da9855 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -516,6 +516,8 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; #define d2i_X509_fp wolfSSL_d2i_X509_fp #define i2d_X509 wolfSSL_i2d_X509 #define d2i_X509 wolfSSL_d2i_X509 +#define d2i_PKCS12_bio wolfSSL_d2i_PKCS12_bio +#define d2i_PKCS12_fp wolfSSL_d2i_PKCS12_fp #define d2i_RSAPublicKey wolfSSL_d2i_RSAPublicKey #define i2d_RSAPublicKey wolfSSL_i2d_RSAPublicKey #define d2i_X509_CRL wolfSSL_d2i_X509_CRL diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 30b5fb32a..0ab534153 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -1554,6 +1554,10 @@ WOLFSSL_API int wolfSSL_connect_cert(WOLFSSL* ssl); typedef struct WC_PKCS12 WC_PKCS12; WOLFSSL_API WC_PKCS12* wolfSSL_d2i_PKCS12_bio(WOLFSSL_BIO* bio, WC_PKCS12** pkcs12); +#ifndef NO_FILESYSTEM +WOLFSSL_API WC_PKCS12* wolfSSL_d2i_PKCS12_fp(XFILE fp, + WC_PKCS12** pkcs12); +#endif WOLFSSL_API int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw, WOLFSSL_EVP_PKEY** pkey, WOLFSSL_X509** cert, WOLF_STACK_OF(WOLFSSL_X509)** ca); diff --git a/wolfssl/wolfcrypt/sha256.h b/wolfssl/wolfcrypt/sha256.h index d16a2afdf..3409b5151 100644 --- a/wolfssl/wolfcrypt/sha256.h +++ b/wolfssl/wolfcrypt/sha256.h @@ -81,7 +81,7 @@ #define SHA256_NOINLINE #endif -#if !defined(NO_OLD_SHA256_NAMES) || !defined(OPENSSL_EXTRA) +#if !defined(NO_OLD_SHA256_NAMES) #define SHA256 WC_SHA256 #endif From d10f0911a4a22fc48d4722a5428d359d4beddac5 Mon Sep 17 00:00:00 2001 From: Takashi Kojo Date: Sun, 20 May 2018 08:51:43 +0900 Subject: [PATCH 048/146] sHA384, SHA512 conflict with openSSL --- wolfssl/wolfcrypt/sha512.h | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/wolfssl/wolfcrypt/sha512.h b/wolfssl/wolfcrypt/sha512.h index 0d961a525..c2a421f69 100644 --- a/wolfssl/wolfcrypt/sha512.h +++ b/wolfssl/wolfcrypt/sha512.h @@ -71,9 +71,11 @@ #define SHA512_NOINLINE #endif -#if !defined(NO_OLD_WC_NAMES) && !defined(OPENSSL_EXTRA) +#if !defined(NO_OLD_WC_NAMES) #define Sha512 wc_Sha512 + #if !defined(OPENSSL_EXTRA) #define SHA512 WC_SHA512 + #endif #define SHA512_BLOCK_SIZE WC_SHA512_BLOCK_SIZE #define SHA512_DIGEST_SIZE WC_SHA512_DIGEST_SIZE #define SHA512_PAD_SIZE WC_SHA512_PAD_SIZE @@ -123,9 +125,11 @@ WOLFSSL_API int wc_Sha512Copy(wc_Sha512* src, wc_Sha512* dst); #ifndef HAVE_FIPS /* avoid redefinition of structs */ -#if !defined(NO_OLD_SHA_NAMES) && !defined(OPENSSL_EXTRA) +#if !defined(NO_OLD_SHA_NAMES) #define Sha384 wc_Sha384 + #if !defined(OPENSSL_EXTRA) #define SHA384 WC_SHA384 + #endif #define SHA384_BLOCK_SIZE WC_SHA384_BLOCK_SIZE #define SHA384_DIGEST_SIZE WC_SHA384_DIGEST_SIZE #define SHA384_PAD_SIZE WC_SHA384_PAD_SIZE From d347f5ca77fe967286630b9cf455e4b4a9fe33b9 Mon Sep 17 00:00:00 2001 From: Takashi Kojo Date: Sun, 20 May 2018 13:40:57 +0900 Subject: [PATCH 049/146] #define SHA384/512 WC_SHA384/512 -> wolfSSL_SHA384/512 --- wolfssl/openssl/sha.h | 12 ++++++++++-- wolfssl/wolfcrypt/sha512.h | 6 ------ 2 files changed, 10 insertions(+), 8 deletions(-) diff --git a/wolfssl/openssl/sha.h b/wolfssl/openssl/sha.h index 86e657bcb..9c098972c 100644 --- a/wolfssl/openssl/sha.h +++ b/wolfssl/openssl/sha.h @@ -148,7 +148,11 @@ typedef WOLFSSL_SHA384_CTX SHA384_CTX; #define SHA384_Init wolfSSL_SHA384_Init #define SHA384_Update wolfSSL_SHA384_Update #define SHA384_Final wolfSSL_SHA384_Final - +#if defined(NO_OLD_SHA256_NAMES) && !defined(HAVE_FIPS) + /* SHA384 is only available in non-fips mode because of SHA256 enum in FIPS + * build. */ + #define SHA384 wolfSSL_SHA384 +#endif #endif /* WOLFSSL_SHA384 */ #ifdef WOLFSSL_SHA512 @@ -173,7 +177,11 @@ typedef WOLFSSL_SHA512_CTX SHA512_CTX; #define SHA512_Init wolfSSL_SHA512_Init #define SHA512_Update wolfSSL_SHA512_Update #define SHA512_Final wolfSSL_SHA512_Final - +#if defined(NO_OLD_SHA256_NAMES) && !defined(HAVE_FIPS) + /* SHA256 is only available in non-fips mode because of SHA256 enum in FIPS + * build. */ + #define SHA512 wolfSSL_SHA512 +#endif #endif /* WOLFSSL_SHA512 */ diff --git a/wolfssl/wolfcrypt/sha512.h b/wolfssl/wolfcrypt/sha512.h index c2a421f69..315f56df0 100644 --- a/wolfssl/wolfcrypt/sha512.h +++ b/wolfssl/wolfcrypt/sha512.h @@ -73,9 +73,6 @@ #if !defined(NO_OLD_WC_NAMES) #define Sha512 wc_Sha512 - #if !defined(OPENSSL_EXTRA) - #define SHA512 WC_SHA512 - #endif #define SHA512_BLOCK_SIZE WC_SHA512_BLOCK_SIZE #define SHA512_DIGEST_SIZE WC_SHA512_DIGEST_SIZE #define SHA512_PAD_SIZE WC_SHA512_PAD_SIZE @@ -127,9 +124,6 @@ WOLFSSL_API int wc_Sha512Copy(wc_Sha512* src, wc_Sha512* dst); #if !defined(NO_OLD_SHA_NAMES) #define Sha384 wc_Sha384 - #if !defined(OPENSSL_EXTRA) - #define SHA384 WC_SHA384 - #endif #define SHA384_BLOCK_SIZE WC_SHA384_BLOCK_SIZE #define SHA384_DIGEST_SIZE WC_SHA384_DIGEST_SIZE #define SHA384_PAD_SIZE WC_SHA384_PAD_SIZE From da8452ab29a609e9bb7eaaedde9149849bf16fc5 Mon Sep 17 00:00:00 2001 From: Takashi Kojo Date: Sun, 20 May 2018 14:29:40 +0900 Subject: [PATCH 050/146] Removed redundant #defines --- wolfssl/openssl/ssl.h | 6 ------ 1 file changed, 6 deletions(-) diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index c87da9855..3fbbed639 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -580,12 +580,6 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; #define sk_X509_NAME_pop_free wolfSSL_sk_X509_NAME_pop_free #define SHA1 wolfSSL_SHA1 -#ifdef OPENSSL_EXTRA -#define SHA256 wolfSSL_SHA256 -#define SHA384 wolfSSL_SHA384 -#define SHA512 wolfSSL_SHA512 -#endif - #define X509_check_private_key wolfSSL_X509_check_private_key #define SSL_dup_CA_list wolfSSL_dup_CA_list From 22078d68111c4cc2f4aaf3247342c7b41e2544ea Mon Sep 17 00:00:00 2001 From: Takashi Kojo Date: Sun, 20 May 2018 15:50:16 +0900 Subject: [PATCH 051/146] wc_Sha512 type --- src/ssl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/ssl.c b/src/ssl.c index 9b989e913..7ec5fa00e 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -29416,7 +29416,7 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) unsigned char *md) { static byte dig[WC_SHA512_DIGEST_SIZE]; - wc_Sha384 sha; + wc_Sha512 sha; WOLFSSL_ENTER("wolfSSL_SHA512"); From 3a27d85c4ea374bde196c8261ec4d4758e48d6dd Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Mon, 21 May 2018 21:26:25 +1000 Subject: [PATCH 052/146] Use sizeof instead of constant value --- wolfcrypt/src/misc.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/wolfcrypt/src/misc.c b/wolfcrypt/src/misc.c index ffb03a8d1..872652d20 100644 --- a/wolfcrypt/src/misc.c +++ b/wolfcrypt/src/misc.c @@ -202,7 +202,8 @@ STATIC INLINE void ForceZero(const void* mem, word32 len) #if defined(WOLFSSL_X86_64_BUILD) && defined(WORD64_AVAILABLE) volatile word64* w; #ifndef WOLFSSL_UNALIGNED_64BIT_ACCESS - word32 l = (8 - ((size_t)z & 0x7)) & 0x7; + word32 l = (sizeof(word64) - ((size_t)z & (sizeof(word64)-1))) & + (sizeof(word64)-1); if (len < l) l = len; len -= l; From f447fe22b04782f39e6766411c1999ba87683a04 Mon Sep 17 00:00:00 2001 From: MJSPollard Date: Mon, 21 May 2018 10:55:56 -0600 Subject: [PATCH 053/146] added Poly1305SetKey Unit Test --- tests/api.c | 47 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) diff --git a/tests/api.c b/tests/api.c index 11bcbded3..70b5a58bd 100644 --- a/tests/api.c +++ b/tests/api.c @@ -193,6 +193,11 @@ #ifdef HAVE_CHACHA #include #endif + +#ifdef HAVE_POLY1305 + #include +#endif + #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) #include #endif @@ -7402,6 +7407,7 @@ static int test_wc_Des3_SetKey (void) return ret; } /* END test_wc_Des3_SetKey */ + /* * Test function for wc_Des3_CbcEncrypt and wc_Des3_CbcDecrypt @@ -7642,6 +7648,45 @@ static int test_wc_Chacha_SetKey (void) return ret; } /* END test_wc_Chacha_SetKey */ +/* + * unit test for wc_Poly1305SetKey() + */ +static int test_wc_Poly1305SetKey(void) +{ + int ret = 0; + +#ifdef HAVE_POLY1305 + Poly1305 ctx; + const byte key[] = + { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01 + }; + + printf(testingFmt, "wc_Poly1305_SetKey()"); + + ret = wc_Poly1305SetKey(&ctx, key, (word32)(sizeof(key)/sizeof(byte))); + /* Test bad args. */ + if (ret == 0) { + ret = wc_Poly1305SetKey(NULL, key, (word32)(sizeof(key)/sizeof(byte))); + if (ret == BAD_FUNC_ARG) { + ret = wc_Poly1305SetKey(&ctx, key, 18); + } + if (ret == BAD_FUNC_ARG) { + ret = 0; + } else { + ret = WOLFSSL_FATAL_ERROR; + } + } + + printf(resultFmt, ret == 0 ? passed : failed); + +#endif + return ret; +} /* END test_wc_Poly1305_SetKey() */ + /* * Testing wc_Chacha_Process() */ @@ -18774,6 +18819,7 @@ void ApiTest(void) AssertIntEQ(test_wc_Chacha_SetKey(), 0); AssertIntEQ(test_wc_Chacha_Process(), 0); AssertIntEQ(test_wc_ChaCha20Poly1305_aead(), 0); + AssertIntEQ(test_wc_Poly1305SetKey(), 0); AssertIntEQ(test_wc_CamelliaSetKey(), 0); AssertIntEQ(test_wc_CamelliaSetIV(), 0); @@ -18802,6 +18848,7 @@ void ApiTest(void) AssertIntEQ(test_wc_MakeRsaKey(), 0); AssertIntEQ(test_wc_SetKeyUsage (), 0); + AssertIntEQ(test_wc_RsaKeyToDer(), 0); AssertIntEQ(test_wc_RsaKeyToPublicDer(), 0); AssertIntEQ(test_wc_RsaPublicEncryptDecrypt(), 0); From 8197d9ec36c6fd373366066f7037fcc0b6e058ea Mon Sep 17 00:00:00 2001 From: Aaron Jense Date: Mon, 21 May 2018 10:59:02 -0600 Subject: [PATCH 054/146] Added unit-test for wc_curve25519_init and wc_curve25519_free in tests/api.c --- tests/api.c | 46 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) diff --git a/tests/api.c b/tests/api.c index 11bcbded3..1fa519767 100644 --- a/tests/api.c +++ b/tests/api.c @@ -265,6 +265,10 @@ #include #endif +#ifdef HAVE_CURVE25519 + #include +#endif + #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) #include #ifndef NO_ASN @@ -12115,6 +12119,43 @@ static int test_wc_ed25519_exportKey (void) } /* END test_wc_ed25519_exportKey */ +/* + * Testing wc_curve25519_init and wc_curve25519_free. + */ +static int test_wc_curve25519_init (void) +{ + int ret = 0; + +#if defined(HAVE_CURVE25519) + + curve25519_key key; + + printf(testingFmt, "wc_curve25519_init()"); + + ret = wc_curve25519_init(&key); + + /* Test bad args for wc_curve25519_init */ + if (ret == 0) { + ret = wc_curve25519_init(NULL); + if (ret == BAD_FUNC_ARG) { + ret = 0; + } else if (ret == 0) { + ret = SSL_FATAL_ERROR; + } + } + + printf(resultFmt, ret == 0 ? passed : failed); + + /* Test good args for wc_curve_25519_free */ + wc_curve25519_free(&key); + + wc_curve25519_free(NULL); + +#endif + return ret; + +} /* END test_wc_curve25519_init and wc_curve_25519_free*/ + /* * Testing wc_ecc_make_key. */ @@ -18690,6 +18731,9 @@ void ApiTest(void) test_wc_ecc_get_curve_id_from_name(); test_wc_ecc_get_curve_id_from_params(); + /* wolfCrypt curve25519 tests */ + test_wc_curve25519_init(); + #ifdef WOLFSSL_TLS13 /* TLS v1.3 API tests */ test_tls13_apis(); @@ -18842,6 +18886,8 @@ void ApiTest(void) AssertIntEQ(test_wc_ed25519_size(), 0); AssertIntEQ(test_wc_ed25519_exportKey(), 0); + AssertIntEQ(test_wc_curve25519_init(), 0); + AssertIntEQ(test_wc_ecc_make_key(), 0); AssertIntEQ(test_wc_ecc_init(), 0); AssertIntEQ(test_wc_ecc_check_key(), 0); From f214dbc3dd6c22537fd211d0a25bc6858765d33b Mon Sep 17 00:00:00 2001 From: Aaron Jense Date: Mon, 21 May 2018 11:50:52 -0600 Subject: [PATCH 055/146] Removed unneeded call on test_wc_curve25519_init --- tests/api.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/tests/api.c b/tests/api.c index 1fa519767..f7526d0d5 100644 --- a/tests/api.c +++ b/tests/api.c @@ -18731,9 +18731,6 @@ void ApiTest(void) test_wc_ecc_get_curve_id_from_name(); test_wc_ecc_get_curve_id_from_params(); - /* wolfCrypt curve25519 tests */ - test_wc_curve25519_init(); - #ifdef WOLFSSL_TLS13 /* TLS v1.3 API tests */ test_tls13_apis(); From 2b49f69f1b51302c30fd8f0d6ca130e2dd0e500d Mon Sep 17 00:00:00 2001 From: MJSPollard Date: Mon, 21 May 2018 12:44:59 -0600 Subject: [PATCH 056/146] updated unit test --- tests/api.c | 3 +++ wolfcrypt/src/poly1305.c | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/tests/api.c b/tests/api.c index 70b5a58bd..dc33129a9 100644 --- a/tests/api.c +++ b/tests/api.c @@ -7671,6 +7671,9 @@ static int test_wc_Poly1305SetKey(void) /* Test bad args. */ if (ret == 0) { ret = wc_Poly1305SetKey(NULL, key, (word32)(sizeof(key)/sizeof(byte))); + if(ret == BAD_FUNC_ARG) { + ret = wc_Poly1305SetKey(&ctx, NULL, (word32)(sizeof(key)/sizeof(byte))); + } if (ret == BAD_FUNC_ARG) { ret = wc_Poly1305SetKey(&ctx, key, 18); } diff --git a/wolfcrypt/src/poly1305.c b/wolfcrypt/src/poly1305.c index 4fcc712f0..e54d7cf98 100644 --- a/wolfcrypt/src/poly1305.c +++ b/wolfcrypt/src/poly1305.c @@ -1222,7 +1222,7 @@ int wc_Poly1305SetKey(Poly1305* ctx, const byte* key, word32 keySz) printf("\n"); #endif - if (keySz != 32 || ctx == NULL) + if (keySz != 32 || ctx == NULL || key == NULL) return BAD_FUNC_ARG; #ifdef USE_INTEL_SPEEDUP From fb247a5d8dfa24e15d309e7d27324bae04bead12 Mon Sep 17 00:00:00 2001 From: MJSPollard Date: Mon, 21 May 2018 13:59:15 -0600 Subject: [PATCH 057/146] added null check for key --- wolfcrypt/src/poly1305.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/wolfcrypt/src/poly1305.c b/wolfcrypt/src/poly1305.c index e54d7cf98..adf3dbf80 100644 --- a/wolfcrypt/src/poly1305.c +++ b/wolfcrypt/src/poly1305.c @@ -1211,6 +1211,9 @@ int wc_Poly1305SetKey(Poly1305* ctx, const byte* key, word32 keySz) word64 t0,t1; #endif + if (key == NULL) + return BAD_FUNC_ARG; + #ifdef CHACHA_AEAD_TEST word32 k; printf("Poly key used:\n"); @@ -1222,7 +1225,7 @@ int wc_Poly1305SetKey(Poly1305* ctx, const byte* key, word32 keySz) printf("\n"); #endif - if (keySz != 32 || ctx == NULL || key == NULL) + if (keySz != 32 || ctx == NULL) return BAD_FUNC_ARG; #ifdef USE_INTEL_SPEEDUP From 1b9cff1c5d09adb0af858992e2a2df01b1d4dc58 Mon Sep 17 00:00:00 2001 From: John Safranek Date: Wed, 16 May 2018 09:55:16 -0400 Subject: [PATCH 058/146] Hush ar warning At some point, ar on Ubuntu started throwing the following warning: ar: `u' modifier ignored since `D' is the default (see `U') Add the "U" option to the ar flags if the version of ar supports it. (The version used by macOS does not support the flag, for example.) The AR_FLAGS set in configure will later be used by libtool. --- configure.ac | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/configure.ac b/configure.ac index c96e5ce2a..0f8a47530 100644 --- a/configure.ac +++ b/configure.ac @@ -16,6 +16,10 @@ AC_CONFIG_AUX_DIR([build-aux]) : ${CFLAGS=""} : ${CXXFLAGS=""} +# Test ar for the "U" option. Should be checked before the libtool macros. +xxx_ar_flags=$((ar --help) 2>&1) +AS_CASE([$xxx_ar_flags],[*'use actual timestamps and uids/gids'*],[: ${AR_FLAGS="Ucru"}]) + AC_CANONICAL_HOST AC_CANONICAL_BUILD From 85511067e454441fa8e74ab17abd8cd1bf0ac212 Mon Sep 17 00:00:00 2001 From: David Garske Date: Mon, 21 May 2018 13:03:49 -0700 Subject: [PATCH 059/146] Added crypto device framework to handle PK RSA/ECC operations using callbacks. Adds new build option `./configure --enable-cryptodev` or `#define WOLF_CRYPTO_DEV`. Added devId support to PKCS7. --- configure.ac | 14 +++ wolfcrypt/src/cryptodev.c | 207 ++++++++++++++++++++++++++++++++++ wolfcrypt/src/ecc.c | 37 +++++- wolfcrypt/src/include.am | 4 + wolfcrypt/src/pkcs7.c | 29 ++--- wolfcrypt/src/rsa.c | 22 +++- wolfcrypt/src/wc_port.c | 8 ++ wolfcrypt/test/test.c | 37 +++++- wolfssl/wolfcrypt/cryptodev.h | 114 +++++++++++++++++++ wolfssl/wolfcrypt/ecc.h | 2 +- wolfssl/wolfcrypt/include.am | 3 +- wolfssl/wolfcrypt/pkcs7.h | 1 + wolfssl/wolfcrypt/rsa.h | 3 + wolfssl/wolfcrypt/types.h | 32 +++++- 14 files changed, 486 insertions(+), 27 deletions(-) create mode 100644 wolfcrypt/src/cryptodev.c create mode 100644 wolfssl/wolfcrypt/cryptodev.h diff --git a/configure.ac b/configure.ac index 9c8dfd4d3..a240142ab 100644 --- a/configure.ac +++ b/configure.ac @@ -3868,6 +3868,20 @@ else fi +# Support for crypto device hardware +AC_ARG_ENABLE([cryptodev], + [AS_HELP_STRING([--enable-cryptodev],[Enable crypto hardware support (default: disabled)])], + [ ENABLED_CRYPTODEV=$enableval ], + [ ENABLED_CRYPTODEV=no ] + ) + +if test "$ENABLED_CRYPTODEV" = "yes" +then + AM_CFLAGS="$AM_CFLAGS -DWOLF_CRYPTO_DEV" +fi +AM_CONDITIONAL([BUILD_CRYPTODEV], [test "x$ENABLED_CRYPTODEV" = "xyes"]) + + # Session Export AC_ARG_ENABLE([sessionexport], [AS_HELP_STRING([--enable-sessionexport],[Enable export and import of sessions (default: disabled)])], diff --git a/wolfcrypt/src/cryptodev.c b/wolfcrypt/src/cryptodev.c new file mode 100644 index 000000000..80179e0e1 --- /dev/null +++ b/wolfcrypt/src/cryptodev.c @@ -0,0 +1,207 @@ +/* cryptodev.c + * + * Copyright (C) 2006-2018 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +/* This framework provides a central place for crypto hardware integration + using the devId scheme. If not supported return `NOT_COMPILED_IN`. */ + +#ifdef HAVE_CONFIG_H + #include +#endif + +#include + +#ifdef WOLF_CRYPTO_DEV + +#include +#include +#include + + +/* TODO: Consider linked list with mutex */ +#ifndef MAX_CRYPTO_DEVICES +#define MAX_CRYPTO_DEVICES 8 +#endif + +typedef struct CryptoDev { + int devId; + CryptoDevCallbackFunc cb; + void* ctx; +} CryptoDev; +static CryptoDev gCryptoDev[MAX_CRYPTO_DEVICES]; + +static CryptoDev* wc_CryptoDev_FindDevice(int devId) +{ + int i; + for (i=0; idevId = devId; + dev->cb = cb; + dev->ctx = ctx; + + return 0; +} + +void wc_CryptoDev_UnRegisterDevice(int devId) +{ + CryptoDev* dev = wc_CryptoDev_FindDevice(devId); + if (dev) { + XMEMSET(dev, 0, sizeof(*dev)); + dev->devId = INVALID_DEVID; + } +} + +#ifndef NO_RSA +int wc_CryptoDev_Rsa(const byte* in, word32 inLen, byte* out, + word32* outLen, int type, RsaKey* key, WC_RNG* rng) +{ + int ret = NOT_COMPILED_IN; + CryptoDev* dev; + + /* locate registered callback */ + dev = wc_CryptoDev_FindDevice(key->devId); + if (dev) { + if (dev->cb) { + wc_CryptoInfo cryptoInfo; + XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo)); + cryptoInfo.algo_type = WC_ALGO_TYPE_PK; + cryptoInfo.pk.type = WC_PK_TYPE_RSA; + cryptoInfo.pk.rsa.in = in; + cryptoInfo.pk.rsa.inLen = inLen; + cryptoInfo.pk.rsa.out = out; + cryptoInfo.pk.rsa.outLen = outLen; + cryptoInfo.pk.rsa.type = type; + cryptoInfo.pk.rsa.key = key; + cryptoInfo.pk.rsa.rng = rng; + + ret = dev->cb(key->devId, &cryptoInfo, dev->ctx); + } + } + + return ret; +} +#endif /* !NO_RSA */ + +#ifdef HAVE_ECC +int wc_CryptoDev_Ecdh(ecc_key* private_key, ecc_key* public_key, + byte* out, word32* outlen) +{ + int ret = NOT_COMPILED_IN; + CryptoDev* dev; + + /* locate registered callback */ + dev = wc_CryptoDev_FindDevice(private_key->devId); + if (dev) { + if (dev->cb) { + wc_CryptoInfo cryptoInfo; + XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo)); + cryptoInfo.algo_type = WC_ALGO_TYPE_PK; + cryptoInfo.pk.type = WC_PK_TYPE_ECDH; + cryptoInfo.pk.ecdh.private_key = private_key; + cryptoInfo.pk.ecdh.public_key = public_key; + cryptoInfo.pk.ecdh.out = out; + cryptoInfo.pk.ecdh.outlen = outlen; + + ret = dev->cb(private_key->devId, &cryptoInfo, dev->ctx); + } + } + + return ret; +} + +int wc_CryptoDev_EccSign(const byte* in, word32 inlen, byte* out, + word32 *outlen, WC_RNG* rng, ecc_key* key) +{ + int ret = NOT_COMPILED_IN; + CryptoDev* dev; + + /* locate registered callback */ + dev = wc_CryptoDev_FindDevice(key->devId); + if (dev) { + if (dev->cb) { + wc_CryptoInfo cryptoInfo; + XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo)); + cryptoInfo.algo_type = WC_ALGO_TYPE_PK; + cryptoInfo.pk.type = WC_PK_TYPE_ECDSA_SIGN; + cryptoInfo.pk.eccsign.in = in; + cryptoInfo.pk.eccsign.inlen = inlen; + cryptoInfo.pk.eccsign.out = out; + cryptoInfo.pk.eccsign.outlen = outlen; + cryptoInfo.pk.eccsign.rng = rng; + cryptoInfo.pk.eccsign.key = key; + + ret = dev->cb(key->devId, &cryptoInfo, dev->ctx); + } + } + + return ret; +} + +int wc_CryptoDev_EccVerify(const byte* sig, word32 siglen, + const byte* hash, word32 hashlen, int* res, ecc_key* key) +{ + int ret = NOT_COMPILED_IN; + CryptoDev* dev; + + /* locate registered callback */ + dev = wc_CryptoDev_FindDevice(key->devId); + if (dev) { + if (dev->cb) { + wc_CryptoInfo cryptoInfo; + XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo)); + cryptoInfo.algo_type = WC_ALGO_TYPE_PK; + cryptoInfo.pk.type = WC_PK_TYPE_ECDSA_VERIFY; + cryptoInfo.pk.eccverify.sig = sig; + cryptoInfo.pk.eccverify.siglen = siglen; + cryptoInfo.pk.eccverify.hash = hash; + cryptoInfo.pk.eccverify.hashlen = hashlen; + cryptoInfo.pk.eccverify.res = res; + cryptoInfo.pk.eccverify.key = key; + + ret = dev->cb(key->devId, &cryptoInfo, dev->ctx); + } + } + + return ret; +} +#endif /* HAVE_ECC */ + +#endif /* WOLF_CRYPTO_DEV */ diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index 9801a51c5..d53847ae7 100755 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -122,6 +122,10 @@ ECC Curve Sizes: #include #endif +#ifdef WOLF_CRYPTO_DEV + #include +#endif + #ifdef NO_INLINE #include #else @@ -2793,6 +2797,15 @@ int wc_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out, return BAD_FUNC_ARG; } +#ifdef WOLF_CRYPTO_DEV + if (private_key->devId != INVALID_DEVID) { + err = wc_CryptoDev_Ecdh(private_key, public_key, out, outlen); + if (err != NOT_COMPILED_IN) + return err; + err = 0; /* reset error code and try using software */ + } +#endif + /* type valid? */ if (private_key->type != ECC_PRIVATEKEY && private_key->type != ECC_PRIVATEKEY_ONLY) { @@ -3495,8 +3508,10 @@ int wc_ecc_init_ex(ecc_key* key, void* heap, int devId) XMEMSET(key, 0, sizeof(ecc_key)); key->state = ECC_STATE_NONE; -#ifdef PLUTON_CRYPTO_ECC +#if defined(PLUTON_CRYPTO_ECC) || defined(WOLF_CRYPTO_DEV) key->devId = devId; +#else + (void)devId; #endif #ifdef WOLFSSL_ATECC508A @@ -3532,8 +3547,6 @@ int wc_ecc_init_ex(ecc_key* key, void* heap, int devId) /* handle as async */ ret = wolfAsync_DevCtxInit(&key->asyncDev, WOLFSSL_ASYNC_MARKER_ECC, key->heap, devId); -#else - (void)devId; #endif return ret; @@ -3641,6 +3654,15 @@ int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen, return ECC_BAD_ARG_E; } +#ifdef WOLF_CRYPTO_DEV + if (key->devId != INVALID_DEVID) { + err = wc_CryptoDev_EccSign(in, inlen, out, outlen, rng, key); + if (err != NOT_COMPILED_IN) + return err; + err = 0; /* reset error code and try using software */ + } +#endif + #ifdef WOLFSSL_ASYNC_CRYPT err = wc_ecc_alloc_async(key); if (err != 0) @@ -4291,6 +4313,15 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash, return ECC_BAD_ARG_E; } +#ifdef WOLF_CRYPTO_DEV + if (key->devId != INVALID_DEVID) { + err = wc_CryptoDev_EccVerify(sig, siglen, hash, hashlen, res, key); + if (err != NOT_COMPILED_IN) + return err; + err = 0; /* reset error code and try using software */ + } +#endif + #ifdef WOLFSSL_ASYNC_CRYPT err = wc_ecc_alloc_async(key); if (err != 0) diff --git a/wolfcrypt/src/include.am b/wolfcrypt/src/include.am index 315388e12..cf181f82f 100644 --- a/wolfcrypt/src/include.am +++ b/wolfcrypt/src/include.am @@ -63,6 +63,10 @@ EXTRA_DIST += wolfcrypt/src/port/ti/ti-aes.c \ wolfcrypt/src/port/caam/caam_doc.pdf \ wolfcrypt/src/port/st/stm32.c +if BUILD_CRYPTODEV +src_libwolfssl_la_SOURCES += wolfcrypt/src/cryptodev.c +endif + if BUILD_CAVIUM src_libwolfssl_la_SOURCES += wolfcrypt/src/port/cavium/cavium_nitrox.c diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c index 807d90e00..835f58209 100644 --- a/wolfcrypt/src/pkcs7.c +++ b/wolfcrypt/src/pkcs7.c @@ -247,8 +247,8 @@ int wc_PKCS7_Init(PKCS7* pkcs7, void* heap, int devId) XMEMSET(pkcs7, 0, sizeof(PKCS7)); pkcs7->heap = heap; + pkcs7->devId = devId; - (void)devId; /* silence unused warning */ return 0; } @@ -600,8 +600,7 @@ static int wc_PKCS7_RsaSign(PKCS7* pkcs7, byte* in, word32 inSz, ESD* esd) return MEMORY_E; #endif - ret = wc_InitRsaKey(privKey, pkcs7->heap); - + ret = wc_InitRsaKey_ex(privKey, pkcs7->heap, pkcs7->devId); if (ret == 0) { idx = 0; ret = wc_RsaPrivateKeyDecode(pkcs7->privateKey, &idx, privKey, @@ -649,7 +648,7 @@ static int wc_PKCS7_EcdsaSign(PKCS7* pkcs7, byte* in, word32 inSz, ESD* esd) return MEMORY_E; #endif - ret = wc_ecc_init_ex(privKey, pkcs7->heap, INVALID_DEVID); + ret = wc_ecc_init_ex(privKey, pkcs7->heap, pkcs7->devId); if (ret == 0) { idx = 0; @@ -1309,7 +1308,7 @@ static int wc_PKCS7_RsaVerify(PKCS7* pkcs7, byte* sig, int sigSz, XMEMSET(digest, 0, MAX_PKCS7_DIGEST_SZ); - ret = wc_InitRsaKey(key, pkcs7->heap); + ret = wc_InitRsaKey_ex(key, pkcs7->heap, pkcs7->devId); if (ret != 0) { #ifdef WOLFSSL_SMALL_STACK XFREE(digest, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -1384,7 +1383,7 @@ static int wc_PKCS7_EcdsaVerify(PKCS7* pkcs7, byte* sig, int sigSz, XMEMSET(digest, 0, MAX_PKCS7_DIGEST_SZ); - ret = wc_ecc_init_ex(key, pkcs7->heap, INVALID_DEVID); + ret = wc_ecc_init_ex(key, pkcs7->heap, pkcs7->devId); if (ret != 0) { #ifdef WOLFSSL_SMALL_STACK XFREE(digest, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -2124,6 +2123,7 @@ int wc_PKCS7_VerifySignedData(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz) typedef struct WC_PKCS7_KARI { DecodedCert* decoded; /* decoded recip cert */ void* heap; /* user heap, points to PKCS7->heap */ + int devId; /* device ID for HW based private key */ ecc_key* recipKey; /* recip key (pub | priv) */ ecc_key* senderKey; /* sender key (pub | priv) */ byte* senderKeyExport; /* sender ephemeral key DER */ @@ -2249,6 +2249,7 @@ static WC_PKCS7_KARI* wc_PKCS7_KariNew(PKCS7* pkcs7, byte direction) kari->direction = direction; kari->heap = pkcs7->heap; + kari->devId = pkcs7->devId; return kari; } @@ -2333,7 +2334,7 @@ static int wc_PKCS7_KariParseRecipCert(WC_PKCS7_KARI* kari, const byte* cert, return BAD_FUNC_ARG; } - ret = wc_ecc_init_ex(kari->recipKey, kari->heap, INVALID_DEVID); + ret = wc_ecc_init_ex(kari->recipKey, kari->heap, kari->devId); if (ret != 0) return ret; @@ -2384,7 +2385,7 @@ static int wc_PKCS7_KariGenerateEphemeralKey(WC_PKCS7_KARI* kari, WC_RNG* rng) kari->senderKeyExportSz = kari->decoded->pubKeySize; - ret = wc_ecc_init_ex(kari->senderKey, kari->heap, INVALID_DEVID); + ret = wc_ecc_init_ex(kari->senderKey, kari->heap, kari->devId); if (ret != 0) return ret; @@ -2986,7 +2987,7 @@ static int wc_CreateRecipientInfo(const byte* cert, word32 certSz, #endif /* EncryptedKey */ - ret = wc_InitRsaKey(pubKey, 0); + ret = wc_InitRsaKey_ex(pubKey, heap, INVALID_DEVID); if (ret != 0) { FreeDecodedCert(decoded); #ifdef WOLFSSL_SMALL_STACK @@ -3250,7 +3251,7 @@ static int wc_PKCS7_GenerateIV(PKCS7* pkcs7, WC_RNG* rng, byte* iv, word32 ivSz) if (rnd == NULL) return MEMORY_E; - ret = wc_InitRng_ex(rnd, pkcs7->heap, INVALID_DEVID); + ret = wc_InitRng_ex(rnd, pkcs7->heap, pkcs7->devId); if (ret != 0) { XFREE(rnd, pkcs7->heap, DYNAMIC_TYPE_RNG); return ret; @@ -3384,7 +3385,7 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz) } /* generate random content encryption key */ - ret = wc_InitRng_ex(&rng, pkcs7->heap, INVALID_DEVID); + ret = wc_InitRng_ex(&rng, pkcs7->heap, pkcs7->devId); if (ret != 0) return ret; @@ -3712,7 +3713,7 @@ static int wc_PKCS7_DecodeKtri(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz, } #endif - ret = wc_InitRsaKey(privKey, 0); + ret = wc_InitRsaKey_ex(privKey, NULL, INVALID_DEVID); if (ret != 0) { #ifdef WOLFSSL_SMALL_STACK XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -3735,7 +3736,7 @@ static int wc_PKCS7_DecodeKtri(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz, /* decrypt encryptedKey */ #ifdef WC_RSA_BLINDING - ret = wc_InitRng_ex(&rng, pkcs7->heap, INVALID_DEVID); + ret = wc_InitRng_ex(&rng, pkcs7->heap, pkcs7->devId); if (ret == 0) { ret = wc_RsaSetRNG(privKey, &rng); } @@ -3823,7 +3824,7 @@ static int wc_PKCS7_KariGetOriginatorIdentifierOrKey(WC_PKCS7_KARI* kari, return ASN_EXPECT_0_E; /* get sender ephemeral public ECDSA key */ - ret = wc_ecc_init_ex(kari->senderKey, kari->heap, INVALID_DEVID); + ret = wc_ecc_init_ex(kari->senderKey, kari->heap, kari->devId); if (ret != 0) return ret; diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c index 658b5a29c..6108aa583 100644 --- a/wolfcrypt/src/rsa.c +++ b/wolfcrypt/src/rsa.c @@ -190,6 +190,9 @@ int wc_RsaFlattenPublicKey(RsaKey* key, byte* a, word32* aSz, byte* b, #include #include +#ifdef WOLF_CRYPTO_DEV + #include +#endif #ifdef NO_INLINE #include #else @@ -237,8 +240,6 @@ int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId) return BAD_FUNC_ARG; } - (void)devId; - XMEMSET(key, 0, sizeof(RsaKey)); key->type = RSA_TYPE_UNKNOWN; @@ -251,6 +252,12 @@ int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId) key->rng = NULL; #endif +#ifdef WOLF_CRYPTO_DEV + key->devId = devId; +#else + (void)devId; +#endif + #ifdef WOLFSSL_ASYNC_CRYPT #ifdef WOLFSSL_CERT_GEN XMEMSET(&key->certSignCtx, 0, sizeof(CertSignCtx)); @@ -263,8 +270,6 @@ int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId) if (ret != 0) return ret; #endif /* WC_ASYNC_ENABLE_RSA */ -#else - (void)devId; #endif /* WOLFSSL_ASYNC_CRYPT */ ret = mp_init_multi(&key->n, &key->e, NULL, NULL, NULL, NULL); @@ -1619,6 +1624,15 @@ int wc_RsaFunction(const byte* in, word32 inLen, byte* out, return BAD_FUNC_ARG; } +#ifdef WOLF_CRYPTO_DEV + if (key->devId != INVALID_DEVID) { + ret = wc_CryptoDev_Rsa(in, inLen, out, outLen, type, key, rng); + if (ret != NOT_COMPILED_IN) + return ret; + ret = 0; /* reset error code and try using software */ + } +#endif + #ifndef NO_RSA_BOUNDS_CHECK if (type == RSA_PRIVATE_DECRYPT && key->state == RSA_STATE_DECRYPT_EXPTMOD) { diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c index b0d2c1998..9b2868be0 100644 --- a/wolfcrypt/src/wc_port.c +++ b/wolfcrypt/src/wc_port.c @@ -64,6 +64,10 @@ #include #endif +#ifdef WOLF_CRYPTO_DEV + #include +#endif + #ifdef _MSC_VER /* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */ #pragma warning(disable: 4996) @@ -82,6 +86,10 @@ int wolfCrypt_Init(void) if (initRefCount == 0) { WOLFSSL_ENTER("wolfCrypt_Init"); + #ifdef WOLF_CRYPTO_DEV + wc_CryptoDev_Init(); + #endif + #ifdef WOLFSSL_ASYNC_CRYPT ret = wolfAsync_HardwareStart(); if (ret != 0) { diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 314285f0c..3945d57ce 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -119,6 +119,9 @@ #ifdef WOLFSSL_IMX6_CAAM_BLOB #include #endif +#ifdef WOLF_CRYPTO_DEV + #include +#endif #define WOLFSSL_MISC_INCLUDED #include @@ -341,6 +344,9 @@ int blob_test(void); #endif int misc_test(void); +#ifdef WOLF_CRYPTO_DEV +int cryptodev_test(void); +#endif /* General big buffer size for many tests. */ #define FOURK_BUF 4096 @@ -960,6 +966,13 @@ initDefaultName(); else printf( "misc test passed!\n"); +#ifdef WOLF_CRYPTO_DEV + if ( (ret = cryptodev_test()) != 0) + return err_sys("crypto dev test failed!\n", ret); + else + printf( "crypto dev test passed!\n"); +#endif + #ifdef WOLFSSL_ASYNC_CRYPT wolfAsync_DevClose(&devId); #endif @@ -8297,7 +8310,7 @@ static int rsa_sig_test(RsaKey* key, word32 keyLen, int modLen, WC_RNG* rng) * -101 = USER_CRYPTO_ERROR */ if (ret == 0) -#elif defined(WOLFSSL_ASYNC_CRYPT) +#elif defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_DEV) /* async may not require RNG */ if (ret != 0 && ret != MISSING_RNG_E) #elif defined(HAVE_FIPS) || defined(WOLFSSL_ASYNC_CRYPT) || \ @@ -18561,6 +18574,28 @@ int misc_test(void) return 0; } +#ifdef WOLF_CRYPTO_DEV +int cryptodev_test(void) +{ + int ret = 0; + + /* set devId to something other than INVALID_DEVID */ + devId = 1; + +#ifndef NO_RSA + if (ret == 0) + ret = rsa_test(); +#endif +#ifdef HAVE_ECC + if (ret == 0) + ret = ecc_test(); +#endif + + return ret; +} +#endif /* WOLF_CRYPTO_DEV */ + + #undef ERROR_OUT #else diff --git a/wolfssl/wolfcrypt/cryptodev.h b/wolfssl/wolfcrypt/cryptodev.h new file mode 100644 index 000000000..98be93cb4 --- /dev/null +++ b/wolfssl/wolfcrypt/cryptodev.h @@ -0,0 +1,114 @@ +/* cryptodev.h + * + * Copyright (C) 2006-2018 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +#ifndef _WOLF_CRYPTO_DEV_H_ +#define _WOLF_CRYPTO_DEV_H_ + +#include + +#ifdef __cplusplus + extern "C" { +#endif + +#ifdef WOLF_CRYPTO_DEV + +#ifndef NO_RSA + #include +#endif +#ifdef HAVE_ECC + #include +#endif + +/* Crypto Information Structure for callbacks */ +typedef struct wc_CryptoInfo { + int algo_type; /* enum wc_AlgoType */ + struct { + int type; /* enum wc_PkType */ + union { + #ifndef NO_RSA + struct { + const byte* in; + word32 inLen; + byte* out; + word32* outLen; + int type; + RsaKey* key; + WC_RNG* rng; + } rsa; + #endif + #ifdef HAVE_ECC + struct { + ecc_key* private_key; + ecc_key* public_key; + byte* out; + word32* outlen; + } ecdh; + struct { + const byte* in; + word32 inlen; + byte* out; + word32 *outlen; + WC_RNG* rng; + ecc_key* key; + } eccsign; + struct { + const byte* sig; + word32 siglen; + const byte* hash; + word32 hashlen; + int* res; + ecc_key* key; + } eccverify; + #endif + }; + } pk; +} wc_CryptoInfo; + +typedef int (*CryptoDevCallbackFunc)(int devId, wc_CryptoInfo* info, void* ctx); + +WOLFSSL_LOCAL void wc_CryptoDev_Init(void); + +WOLFSSL_API int wc_CryptoDev_RegisterDevice(int devId, CryptoDevCallbackFunc cb, void* ctx); +WOLFSSL_API void wc_CryptoDev_UnRegisterDevice(int devId); + + +#ifndef NO_RSA +WOLFSSL_LOCAL int wc_CryptoDev_Rsa(const byte* in, word32 inLen, byte* out, + word32* outLen, int type, RsaKey* key, WC_RNG* rng); +#endif /* !NO_RSA */ + +#ifdef HAVE_ECC +WOLFSSL_LOCAL int wc_CryptoDev_Ecdh(ecc_key* private_key, ecc_key* public_key, + byte* out, word32* outlen); + +WOLFSSL_LOCAL int wc_CryptoDev_EccSign(const byte* in, word32 inlen, byte* out, + word32 *outlen, WC_RNG* rng, ecc_key* key); + +WOLFSSL_LOCAL int wc_CryptoDev_EccVerify(const byte* sig, word32 siglen, + const byte* hash, word32 hashlen, int* res, ecc_key* key); +#endif /* HAVE_ECC */ + +#endif /* WOLF_CRYPTO_DEV */ + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* _WOLF_CRYPTO_DEV_H_ */ diff --git a/wolfssl/wolfcrypt/ecc.h b/wolfssl/wolfcrypt/ecc.h index f6fdf219b..7554c2963 100644 --- a/wolfssl/wolfcrypt/ecc.h +++ b/wolfssl/wolfcrypt/ecc.h @@ -319,7 +319,7 @@ struct ecc_key { int slot; /* Key Slot Number (-1 unknown) */ byte pubkey_raw[ECC_MAX_CRYPTO_HW_PUBKEY_SIZE]; #endif -#ifdef PLUTON_CRYPTO_ECC +#if defined(PLUTON_CRYPTO_ECC) || defined(WOLF_CRYPTO_DEV) int devId; #endif #ifdef WOLFSSL_ASYNC_CRYPT diff --git a/wolfssl/wolfcrypt/include.am b/wolfssl/wolfcrypt/include.am index 6e84ed9d5..95221ef1d 100644 --- a/wolfssl/wolfcrypt/include.am +++ b/wolfssl/wolfcrypt/include.am @@ -61,7 +61,8 @@ nobase_include_HEADERS+= \ wolfssl/wolfcrypt/pkcs12.h \ wolfssl/wolfcrypt/wolfmath.h \ wolfssl/wolfcrypt/sha3.h \ - wolfssl/wolfcrypt/cpuid.h + wolfssl/wolfcrypt/cpuid.h \ + wolfssl/wolfcrypt/cryptodev.h noinst_HEADERS+= \ wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h \ diff --git a/wolfssl/wolfcrypt/pkcs7.h b/wolfssl/wolfcrypt/pkcs7.h index 764e2668e..f0b4deed1 100644 --- a/wolfssl/wolfcrypt/pkcs7.h +++ b/wolfssl/wolfcrypt/pkcs7.h @@ -133,6 +133,7 @@ typedef struct PKCS7 { int encryptOID; /* key encryption algorithm OID */ int keyWrapOID; /* key wrap algorithm OID */ int keyAgreeOID; /* key agreement algorithm OID */ + int devId; /* device ID for HW based private key */ byte issuerHash[KEYID_SIZE]; /* hash of all alt Names */ byte issuerSn[MAX_SN_SZ]; /* singleCert's serial number */ byte publicKey[MAX_RSA_INT_SZ + MAX_RSA_E_SZ ];/*MAX RSA key size (m + e)*/ diff --git a/wolfssl/wolfcrypt/rsa.h b/wolfssl/wolfcrypt/rsa.h index 5cbc76770..ecf41413d 100644 --- a/wolfssl/wolfcrypt/rsa.h +++ b/wolfssl/wolfcrypt/rsa.h @@ -121,6 +121,9 @@ struct RsaKey { #ifdef WC_RSA_BLINDING WC_RNG* rng; /* for PrivateDecrypt blinding */ #endif +#ifdef WOLF_CRYPTO_DEV + int devId; +#endif #ifdef WOLFSSL_ASYNC_CRYPT WC_ASYNC_DEV asyncDev; #ifdef WOLFSSL_CERT_GEN diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h index 3329b794f..37a982bf8 100755 --- a/wolfssl/wolfcrypt/types.h +++ b/wolfssl/wolfcrypt/types.h @@ -102,7 +102,7 @@ (defined(LP64) || defined(_LP64)) /* LP64 with GNU GCC compiler is reserved for when long int is 64 bits * and int uses 32 bits. When using Solaris Studio sparc and __sparc are - * avialable for 32 bit detection but __sparc64__ could be missed. This + * available for 32 bit detection but __sparc64__ could be missed. This * uses LP64 for checking 64 bit CPU arch. */ typedef word64 wolfssl_word; #define WC_64BIT_CPU @@ -201,7 +201,7 @@ /* idea to add global alloc override by Moises Guimaraes */ /* default to libc stuff */ /* XREALLOC is used once in normal math lib, not in fast math lib */ - /* XFREE on some embeded systems doesn't like free(0) so test */ + /* XFREE on some embedded systems doesn't like free(0) so test */ #if defined(HAVE_IO_POOL) WOLFSSL_API void* XMALLOC(size_t n, void* heap, int type); WOLFSSL_API void* XREALLOC(void *p, size_t n, void* heap, int type); @@ -496,6 +496,17 @@ MIN_STACK_BUFFER = 8 }; + + /* Algorithm Types */ + enum wc_AlgoType { + WC_ALGO_TYPE_NONE = 0, + WC_ALGO_TYPE_HASH = 1, + WC_ALGO_TYPE_CIPHER = 2, + WC_ALGO_TYPE_PK = 3, + + WC_ALGO_TYPE_MAX = WC_ALGO_TYPE_PK + }; + /* hash types */ enum wc_HashType { WC_HASH_TYPE_NONE = 0, @@ -518,7 +529,7 @@ }; /* cipher types */ - enum CipherTypes { + enum wc_CipherType { WC_CIPHER_NONE = 0, WC_CIPHER_AES = 1, WC_CIPHER_AES_CBC = 2, @@ -530,10 +541,25 @@ WC_CIPHER_DES = 8, WC_CIPHER_CHACHA = 9, WC_CIPHER_HC128 = 10, + WC_CIPHER_IDEA = 11, WC_CIPHER_MAX = WC_CIPHER_HC128 }; + /* PK=public key (asymmetric) based algorithms */ + enum wc_PkType { + WC_PK_TYPE_NONE = 0, + WC_PK_TYPE_RSA = 1, + WC_PK_TYPE_DH = 2, + WC_PK_TYPE_ECDH = 3, + WC_PK_TYPE_ECDSA_SIGN = 4, + WC_PK_TYPE_ECDSA_VERIFY = 5, + WC_PK_TYPE_ED25519 = 6, + WC_PK_TYPE_CURVE25519 = 7, + + WC_PK_TYPE_MAX = WC_PK_TYPE_CURVE25519 + }; + /* settings detection for compile vs runtime math incompatibilities */ enum { From 6cc84d230120a9bd8e5208f838d499302d91c288 Mon Sep 17 00:00:00 2001 From: Carie Pointer Date: Mon, 21 May 2018 17:11:21 -0600 Subject: [PATCH 060/146] Add initial test_wc_SignatureGetSize() method --- tests/api.c | 145 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 145 insertions(+) diff --git a/tests/api.c b/tests/api.c index 11bcbded3..c35490fc7 100644 --- a/tests/api.c +++ b/tests/api.c @@ -24,6 +24,10 @@ | Includes *----------------------------------------------------------------------------*/ +#ifndef NO_SIG_WRAPPER + #include +#endif + #ifdef HAVE_CONFIG_H #include #endif @@ -14731,6 +14735,144 @@ static void test_wc_PKCS7_EncodeEncryptedData (void) } /* END test_wc_PKCS7_EncodeEncryptedData() */ +/* Testing wc_SignatureGetSize() */ +static int test_wc_SignatureGetSize(void) { + + int ret = 0; + enum wc_SignatureType sig_type; + word32 key_len; + ecc_key ecc; + + RsaKey rsa_key; + byte* tmp = NULL; + size_t bytes; + + /* Initialize ECC Key */ + const char* qx = "fa2737fb93488d19caef11ae7faf6b7f4bcd67b286e3fc54e8a65c2b74aeccb0"; + const char* qy = "d4ccd6dae698208aa8c3a6f39e45510d03be09b2f124bfc067856c324f9b4d09"; + const char* d = "be34baa8d040a3b991f9075b56ba292f755b90e4b6dc10dad36715c33cfdac25"; + + ret = wc_ecc_init(&ecc); + if (ret != 0) { + ret = WOLFSSL_FATAL_ERROR; + return ret; + } + ret = wc_ecc_import_raw(&ecc, qx, qy, d, "SECP256R1"); + if (ret != 0) { + wc_ecc_free(&ecc); + ret = WOLFSSL_FATAL_ERROR; + return ret; + } + + /* Initialize RSA Key */ + #ifdef USE_CERT_BUFFERS_1024 + bytes = (size_t)sizeof_client_key_der_1024; + if (bytes < (size_t)sizeof_client_key_der_1024) + bytes = (size_t)sizeof_client_cert_der_1024; + #elif defined(USE_CERT_BUFFERS_2048) + bytes = (size_t)sizeof_client_key_der_2048; + if (bytes < (size_t)sizeof_client_cert_der_2048) + bytes = (size_t)sizeof_client_cert_der_2048; + #else + bytes = FOURK_BUF; + #endif + tmp = (byte*)XMALLOC(bytes, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (tmp == NULL + #ifdef WOLFSSL_ASYNC_CRYPT + || out == NULL || plain == NULL + #endif + ) { + ret = WOLFSSL_FATAL_ERROR; + return ret; + } + #ifdef USE_CERT_BUFFERS_1024 + XMEMCPY(tmp, client_key_der_1024, (size_t)sizeof_client_key_ker_1024); + #elif defined(USE_CERT_BUFFERS_2048) + XMEMCPY(tmp, client_key_der_2048, (size_t)sizeof_client_key_der_2048); + #elif !defined(NO_FILESYSTEM) + file = fopen(clientKey, "rb"); + if (!file) { + ret = WOLFSSL_FATAL_ERROR; + return ret; + } + bytes = fread(tmp, 1, FOURK_BUF, file); + fclose(file); + #else + /* No key to use */ + ret = WOLFSSL_FATAL_ERROR; + return ret; + #endif + ret = wc_InitRsaKey_ex(&rsa_key, HEAP_HINT, devId); + if (ret != 0) { + ret = WOLFSSL_FATAL_ERROR; + } + ret = wc_RsaPrivateKeyDecode(tmp, 0, &rsa_key, (word32)bytes); + if (ret != 0) { + ret = WOLFSSL_FATAL_ERROR; + } + + + /* Input for signature type ECC */ + sig_type = WC_SIGNATURE_TYPE_ECC; + key_len = sizeof(ecc_key); + ret = wc_SignatureGetSize(sig_type, &ecc, key_len); + + if (ret > 0) { + #ifdef HAVE_ECC + sig_type = 100; + ret = wc_SignatureGetSize(sig_type, &ecc, key_len); + if (ret == BAD_FUNC_ARG) { + sig_type = WC_SIGNATURE_TYPE_ECC; + ret = wc_SignatureGetSize(sig_type, NULL, key_len); + } + if (ret == BAD_FUNC_ARG) { + key_len = 0; + ret = wc_SignatureGetSize(sig_type, &ecc, key_len); + } + #else + ret = SIG_TYPE_E; + #endif + if (ret != SIG_TYPE_E) { + return ret; + } + } else { + ret = WOLFSSL_FATAL_ERROR; + } + + /* Input for signature type RSA */ + sig_type = WC_SIGNATURE_TYPE_RSA; + key_len = sizeof(RsaKey); + ret = wc_SignatureGetSize(sig_type, &rsa_key, key_len); + + if (ret > 0) { + #ifndef NO_RSA + sig_type = 100; + ret = wc_SignatureGetSize(sig_type, &rsa_key, key_len); + if (ret == BAD_FUNC_ARG) { + sig_type = WC_SIGNATURE_TYPE_RSA; + ret = wc_SignatureGetSize(sig_type, NULL, key_len); + } + if (ret == BAD_FUNC_ARG) { + key_len = 0; + ret = wc_SignatureGetSize(sig_type, &rsa_key, key_len); + } + #else + ret = SIG_TYPE_E; + #endif + if (ret == SIG_TYPE_E) { + ret = 0; + } + } else { + ret = WOLFSSL_FATAL_ERROR; + } + + wc_ecc_free(&ecc); + wc_FreeRsaKey(&rsa_key); + printf(resultFmt, ret == 0 ? passed : failed); + + return ret; +}/* END test_wc_SignatureGetSize(void) */ + /*----------------------------------------------------------------------------* | Compatibility Tests @@ -18823,6 +18965,9 @@ void ApiTest(void) AssertIntEQ(test_wc_DsaExportParamsRaw(), 0); AssertIntEQ(test_wc_DsaExportKeyRaw(), 0); + /*NEW*/ + AssertIntEQ(test_wc_SignatureGetSize(), 0); + #ifdef OPENSSL_EXTRA /*wolfSSS_EVP_get_cipherbynid test*/ test_wolfSSL_EVP_get_cipherbynid(); From df24bc6096e7a1b5de524a6f91b35f0154eeb597 Mon Sep 17 00:00:00 2001 From: Carie Pointer Date: Tue, 22 May 2018 09:22:01 -0600 Subject: [PATCH 061/146] Update unit test --- tests/api.c | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/tests/api.c b/tests/api.c index c35490fc7..41dfa94ce 100644 --- a/tests/api.c +++ b/tests/api.c @@ -24,10 +24,6 @@ | Includes *----------------------------------------------------------------------------*/ -#ifndef NO_SIG_WRAPPER - #include -#endif - #ifdef HAVE_CONFIG_H #include #endif @@ -226,6 +222,11 @@ #endif #endif +#ifndef NO_SIG_WRAPPER + #include +#endif + + #ifdef HAVE_AESCCM #include #endif @@ -14741,8 +14742,7 @@ static int test_wc_SignatureGetSize(void) { int ret = 0; enum wc_SignatureType sig_type; word32 key_len; - ecc_key ecc; - + ecc_key ecc; RsaKey rsa_key; byte* tmp = NULL; size_t bytes; @@ -18964,8 +18964,6 @@ void ApiTest(void) AssertIntEQ(test_wc_DsaImportParamsRaw(), 0); AssertIntEQ(test_wc_DsaExportParamsRaw(), 0); AssertIntEQ(test_wc_DsaExportKeyRaw(), 0); - - /*NEW*/ AssertIntEQ(test_wc_SignatureGetSize(), 0); #ifdef OPENSSL_EXTRA From f2ce8dcbcaa6cca4ab35a2633376402d175fc98d Mon Sep 17 00:00:00 2001 From: Quinn Miller Date: Tue, 22 May 2018 10:47:44 -0600 Subject: [PATCH 062/146] Added unit test for Blake2 --- tests/api.c | 76 +++++++++++++++++++++++++++++++++++++++++ wolfcrypt/src/blake2b.c | 3 ++ 2 files changed, 79 insertions(+) diff --git a/tests/api.c b/tests/api.c index 194045dcb..daa8f2666 100644 --- a/tests/api.c +++ b/tests/api.c @@ -214,6 +214,10 @@ #include #endif +#ifdef HAVE_BLAKE2 + #include +#endif + #ifndef NO_RSA #include @@ -3157,6 +3161,77 @@ static void test_wolfSSL_mcast(void) | Wolfcrypt *----------------------------------------------------------------------------*/ +/* + * Unit test for the wc_InitBlake2b() + */ +static int test_wc_InitBlake2b (void) +{ + int ret = 0; +#ifdef HAVE_BLAKE2 + + Blake2b blake2; + + printf(testingFmt, "wc_InitBlake2B()"); + + /* Test good arg. */ + ret = wc_InitBlake2b(&blake2, 64); + if (ret != 0) { + ret = WOLFSSL_FATAL_ERROR; + } + + /* Test bad arg. */ + if (!ret) { + ret = wc_InitBlake2b(NULL, 64); + if (ret == 0) { + ret = WOLFSSL_FATAL_ERROR; + } else { + ret = 0; + } + } + + if (!ret) { + ret = wc_InitBlake2b(NULL, 128); + if (ret == 0) { + ret = WOLFSSL_FATAL_ERROR; + } else { + ret = 0; + } + } + + if (!ret) { + ret = wc_InitBlake2b(&blake2, 128); + if (ret == 0) { + ret = WOLFSSL_FATAL_ERROR; + } else { + ret = 0; + } + } + + if (!ret) { + ret = wc_InitBlake2b(NULL, 0); + if (ret == 0) { + ret = WOLFSSL_FATAL_ERROR; + } else { + ret = 0; + } + } + + if (!ret) { + ret = wc_InitBlake2b(&blake2, 0); + if (ret == 0) { + ret = WOLFSSL_FATAL_ERROR; + } else { + ret = 0; + } + } + + printf(resultFmt, ret == 0 ? passed : failed); + +#endif + return ret; +} /*END test_wc_InitBlake2b*/ + + /* * Unit test for the wc_InitMd5() */ @@ -18837,6 +18912,7 @@ void ApiTest(void) AssertFalse(test_wc_InitSha224()); AssertFalse(test_wc_Sha224Update()); AssertFalse(test_wc_Sha224Final()); + AssertFalse(test_wc_InitBlake2b()); AssertFalse(test_wc_InitRipeMd()); AssertFalse(test_wc_RipeMdUpdate()); AssertFalse(test_wc_RipeMdFinal()); diff --git a/wolfcrypt/src/blake2b.c b/wolfcrypt/src/blake2b.c index 2c99c2a75..d043da8a2 100644 --- a/wolfcrypt/src/blake2b.c +++ b/wolfcrypt/src/blake2b.c @@ -422,6 +422,9 @@ int main( int argc, char **argv ) /* Init Blake2b digest, track size in case final doesn't want to "remember" */ int wc_InitBlake2b(Blake2b* b2b, word32 digestSz) { + if (b2b == NULL){ + return -1; + } b2b->digestSz = digestSz; return blake2b_init(b2b->S, (byte)digestSz); From d6809c029d406d5eaa571a086101c87f409bb5b4 Mon Sep 17 00:00:00 2001 From: Tim Date: Tue, 22 May 2018 13:21:37 -0600 Subject: [PATCH 063/146] First unit test --- tests/api.c | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) diff --git a/tests/api.c b/tests/api.c index 11bcbded3..92381b462 100644 --- a/tests/api.c +++ b/tests/api.c @@ -14730,6 +14730,45 @@ static void test_wc_PKCS7_EncodeEncryptedData (void) #endif } /* END test_wc_PKCS7_EncodeEncryptedData() */ +/*----------------------------------------------------------------------------* + | hash.h Tests + *----------------------------------------------------------------------------*/ +static void test_wc_HashInit(void) +{ + /*enum for holding supported algorithms, #ifndef's restrict if disabled*/ + enum wc_HashType enumArray[] = { + #ifndef NO_MD5 + WC_HASH_TYPE_MD5, + #endif + #ifndef NO_SHA + WC_HASH_TYPE_SHA, + #endif + #ifndef NO_SHA224 + WC_HASH_TYPE_SHA224, + #endif + #ifndef NO_SHA256 + WC_HASH_TYPE_SHA256, + #endif + #ifndef NO_SHA384 + WC_HASH_TYPE_SHA384, + #endif + #ifndef NO_SHA512 + WC_HASH_TYPE_SHA512, + #endif + }; + int enumlen = (sizeof(enumArray))/4;/*dynamically finds the length*/ + printf("the len of enum is: %d\n", enumlen); + /*For loop to test various arguments...*/ + for(int i =0; i < enumlen; i++){ + wc_HashAlg hash; + if(wc_HashInit(&hash, enumArray[i])==BAD_FUNC_ARG){/*checking for bad args*/ + printf("Testing with argument itm# %d with a goodPtr-BAD_FUNC_ARG\n", i); + } + if(wc_HashInit(NULL, enumArray[i])==BAD_FUNC_ARG){/*checking for null ptr*/ + printf("Testing with null pointer itm# %d returned BAD_FUNC_ARG\n", i); + } + }/* end of for loop */ +}/* end of test_wc_HashInit */ /*----------------------------------------------------------------------------* @@ -18876,6 +18915,8 @@ void ApiTest(void) test_wc_PKCS7_EncodeDecodeEnvelopedData(); test_wc_PKCS7_EncodeEncryptedData(); + test_wc_HashInit(); + printf(" End API Tests\n"); } From 6321008ef477ee5bf9d70075ea826cde7c6ecc4c Mon Sep 17 00:00:00 2001 From: Carie Pointer Date: Tue, 22 May 2018 13:24:36 -0600 Subject: [PATCH 064/146] Modify wc_SignatureGetSize test for ECC and RSA specific API --- tests/api.c | 147 ++++++++++++++++++++++++++++------------------------ 1 file changed, 80 insertions(+), 67 deletions(-) diff --git a/tests/api.c b/tests/api.c index 41dfa94ce..abf9ad22b 100644 --- a/tests/api.c +++ b/tests/api.c @@ -14737,88 +14737,93 @@ static void test_wc_PKCS7_EncodeEncryptedData (void) /* Testing wc_SignatureGetSize() */ -static int test_wc_SignatureGetSize(void) { +static int test_wc_SignatureGetSize(void) +{ int ret = 0; enum wc_SignatureType sig_type; word32 key_len; - ecc_key ecc; - RsaKey rsa_key; - byte* tmp = NULL; - size_t bytes; /* Initialize ECC Key */ - const char* qx = "fa2737fb93488d19caef11ae7faf6b7f4bcd67b286e3fc54e8a65c2b74aeccb0"; - const char* qy = "d4ccd6dae698208aa8c3a6f39e45510d03be09b2f124bfc067856c324f9b4d09"; - const char* d = "be34baa8d040a3b991f9075b56ba292f755b90e4b6dc10dad36715c33cfdac25"; + #if defined(HAVE_ECC) && !defined(NO_ECC256) + ecc_key ecc; + + const char* qx = + "fa2737fb93488d19caef11ae7faf6b7f4bcd67b286e3fc54e8a65c2b74aeccb0"; + const char* qy = + "d4ccd6dae698208aa8c3a6f39e45510d03be09b2f124bfc067856c324f9b4d09"; + const char* d = + "be34baa8d040a3b991f9075b56ba292f755b90e4b6dc10dad36715c33cfdac25"; - ret = wc_ecc_init(&ecc); - if (ret != 0) { - ret = WOLFSSL_FATAL_ERROR; - return ret; - } - ret = wc_ecc_import_raw(&ecc, qx, qy, d, "SECP256R1"); - if (ret != 0) { - wc_ecc_free(&ecc); - ret = WOLFSSL_FATAL_ERROR; - return ret; - } - - /* Initialize RSA Key */ - #ifdef USE_CERT_BUFFERS_1024 - bytes = (size_t)sizeof_client_key_der_1024; - if (bytes < (size_t)sizeof_client_key_der_1024) - bytes = (size_t)sizeof_client_cert_der_1024; - #elif defined(USE_CERT_BUFFERS_2048) - bytes = (size_t)sizeof_client_key_der_2048; - if (bytes < (size_t)sizeof_client_cert_der_2048) - bytes = (size_t)sizeof_client_cert_der_2048; - #else - bytes = FOURK_BUF; - #endif - tmp = (byte*)XMALLOC(bytes, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (tmp == NULL - #ifdef WOLFSSL_ASYNC_CRYPT - || out == NULL || plain == NULL - #endif - ) { - ret = WOLFSSL_FATAL_ERROR; - return ret; - } - #ifdef USE_CERT_BUFFERS_1024 - XMEMCPY(tmp, client_key_der_1024, (size_t)sizeof_client_key_ker_1024); - #elif defined(USE_CERT_BUFFERS_2048) - XMEMCPY(tmp, client_key_der_2048, (size_t)sizeof_client_key_der_2048); - #elif !defined(NO_FILESYSTEM) - file = fopen(clientKey, "rb"); - if (!file) { - ret = WOLFSSL_FATAL_ERROR; - return ret; - } - bytes = fread(tmp, 1, FOURK_BUF, file); - fclose(file); - #else - /* No key to use */ - ret = WOLFSSL_FATAL_ERROR; - return ret; - #endif - ret = wc_InitRsaKey_ex(&rsa_key, HEAP_HINT, devId); + ret = wc_ecc_init(&ecc); if (ret != 0) { ret = WOLFSSL_FATAL_ERROR; + goto done; } - ret = wc_RsaPrivateKeyDecode(tmp, 0, &rsa_key, (word32)bytes); + ret = wc_ecc_import_raw(&ecc, qx, qy, d, "SECP256R1"); if (ret != 0) { + wc_ecc_free(&ecc); ret = WOLFSSL_FATAL_ERROR; - } + goto done; + } + #endif + /* Initialize RSA Key */ + #ifndef NO_RSA + RsaKey rsa_key; + byte* tmp = NULL; + size_t bytes; + + #ifdef USE_CERT_BUFFERS_1024 + bytes = (size_t)sizeof_client_key_der_1024; + if (bytes < (size_t)sizeof_client_key_der_1024) + bytes = (size_t)sizeof_client_cert_der_1024; + #elif defined(USE_CERT_BUFFERS_2048) + bytes = (size_t)sizeof_client_key_der_2048; + if (bytes < (size_t)sizeof_client_cert_der_2048) + bytes = (size_t)sizeof_client_cert_der_2048; + #else + bytes = FOURK_BUF; + #endif + tmp = (byte*)XMALLOC(bytes, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (tmp == NULL) { + ret = WOLFSSL_FATAL_ERROR; + goto done; + } + #ifdef USE_CERT_BUFFERS_1024 + XMEMCPY(tmp, client_key_der_1024, (size_t)sizeof_client_key_ker_1024); + #elif defined(USE_CERT_BUFFERS_2048) + XMEMCPY(tmp, client_key_der_2048, (size_t)sizeof_client_key_der_2048); + #elif !defined(NO_FILESYSTEM) + file = fopen(clientKey, "rb"); + if (!file) { + ret = WOLFSSL_FATAL_ERROR; + goto done; + } + bytes = fread(tmp, 1, FOURK_BUF, file); + fclose(file); + #else + ret = WOLFSSL_FATAL_ERROR; + goto done; + #endif + ret = wc_InitRsaKey_ex(&rsa_key, HEAP_HINT, devId); + if (ret != 0) { + ret = WOLFSSL_FATAL_ERROR; + } + ret = wc_RsaPrivateKeyDecode(tmp, 0, &rsa_key, (word32)bytes); + if (ret != 0) { + ret = WOLFSSL_FATAL_ERROR; + } + #endif /* Input for signature type ECC */ + #ifdef HAVE_ECC sig_type = WC_SIGNATURE_TYPE_ECC; key_len = sizeof(ecc_key); ret = wc_SignatureGetSize(sig_type, &ecc, key_len); + /* Test bad args */ if (ret > 0) { - #ifdef HAVE_ECC sig_type = 100; ret = wc_SignatureGetSize(sig_type, &ecc, key_len); if (ret == BAD_FUNC_ARG) { @@ -14833,19 +14838,21 @@ static int test_wc_SignatureGetSize(void) { ret = SIG_TYPE_E; #endif if (ret != SIG_TYPE_E) { - return ret; + goto done; } } else { ret = WOLFSSL_FATAL_ERROR; + goto done; } /* Input for signature type RSA */ + #ifndef NO_RSA sig_type = WC_SIGNATURE_TYPE_RSA; key_len = sizeof(RsaKey); ret = wc_SignatureGetSize(sig_type, &rsa_key, key_len); + /* Test bad args */ if (ret > 0) { - #ifndef NO_RSA sig_type = 100; ret = wc_SignatureGetSize(sig_type, &rsa_key, key_len); if (ret == BAD_FUNC_ARG) { @@ -14864,11 +14871,17 @@ static int test_wc_SignatureGetSize(void) { } } else { ret = WOLFSSL_FATAL_ERROR; + goto done; } - wc_ecc_free(&ecc); - wc_FreeRsaKey(&rsa_key); - printf(resultFmt, ret == 0 ? passed : failed); + done: + #ifdef HAVE_ECC + wc_ecc_free(&ecc); + #endif + #ifndef NO_RSA + wc_FreeRsaKey(&rsa_key); + #endif + printf(resultFmt, ret == 0 ? passed : failed); return ret; }/* END test_wc_SignatureGetSize(void) */ From 58ac951471db2d43ad5970e0c743b7242f3646dc Mon Sep 17 00:00:00 2001 From: Tim Date: Tue, 22 May 2018 16:00:40 -0600 Subject: [PATCH 065/146] Changes made- Thank you --- tests/api.c | 28 ++++++++++++++++++++-------- 1 file changed, 20 insertions(+), 8 deletions(-) diff --git a/tests/api.c b/tests/api.c index bfef64625..2700c7a3a 100644 --- a/tests/api.c +++ b/tests/api.c @@ -14824,7 +14824,8 @@ static void test_wc_PKCS7_EncodeEncryptedData (void) NULL, sizeof(decoded)), BAD_FUNC_ARG); AssertIntEQ(wc_PKCS7_DecodeEncryptedData(&pkcs7, encrypted, encryptedSz, decoded, 0), BAD_FUNC_ARG); - /* Test struct fields */ + /* Test + struct fields */ tmpBytePtr = pkcs7.encryptionKey; pkcs7.encryptionKey = NULL; @@ -14853,31 +14854,42 @@ static void test_wc_HashInit(void) #ifndef NO_SHA WC_HASH_TYPE_SHA, #endif - #ifndef NO_SHA224 + #ifndef WOLFSSL_SHA224 WC_HASH_TYPE_SHA224, #endif #ifndef NO_SHA256 WC_HASH_TYPE_SHA256, #endif - #ifndef NO_SHA384 + #ifndef WOLFSSL_SHA384 WC_HASH_TYPE_SHA384, #endif - #ifndef NO_SHA512 + #ifndef WOLFSSL_SHA512 WC_HASH_TYPE_SHA512, #endif }; + int ret = 0; /*0 indicates tests passed, 1 indicates failure*/ int enumlen = (sizeof(enumArray))/4;/*dynamically finds the length*/ - printf("the len of enum is: %d\n", enumlen); + /*For loop to test various arguments...*/ for(int i =0; i < enumlen; i++){ wc_HashAlg hash; if(wc_HashInit(&hash, enumArray[i])==BAD_FUNC_ARG){/*checking for bad args*/ - printf("Testing with argument itm# %d with a goodPtr-BAD_FUNC_ARG\n", i); + ret = 1; } - if(wc_HashInit(NULL, enumArray[i])==BAD_FUNC_ARG){/*checking for null ptr*/ - printf("Testing with null pointer itm# %d returned BAD_FUNC_ARG\n", i); + if(wc_HashInit(NULL, enumArray[i])!=BAD_FUNC_ARG){/*checking for null ptr*/ + ret = 1; } + }/* end of for loop */ + + printf(testingFmt, "wc_HashInit()"); + if(ret==0){/* all tests have passed */ + printf(resultFmt, passed); + } + if(ret==1){/* a test has failed */ + printf(resultFmt, failed); + } + }/* end of test_wc_HashInit */ From 83e67a41976d822e98683661b9364523f0454262 Mon Sep 17 00:00:00 2001 From: Tim Date: Tue, 22 May 2018 17:25:22 -0600 Subject: [PATCH 066/146] additional changes made --- tests/api.c | 46 +++++++++++++++++++++++++++------------------- 1 file changed, 27 insertions(+), 19 deletions(-) diff --git a/tests/api.c b/tests/api.c index 2700c7a3a..725f0c708 100644 --- a/tests/api.c +++ b/tests/api.c @@ -14844,9 +14844,13 @@ static void test_wc_PKCS7_EncodeEncryptedData (void) /*----------------------------------------------------------------------------* | hash.h Tests *----------------------------------------------------------------------------*/ -static void test_wc_HashInit(void) +static int test_wc_HashInit(void) { - /*enum for holding supported algorithms, #ifndef's restrict if disabled*/ + int ret = 0, i; /* 0 indicates tests passed, 1 indicates failure */ + + wc_HashAlg hash; + + /* enum for holding supported algorithms, #ifndef's restrict if disabled */ enum wc_HashType enumArray[] = { #ifndef NO_MD5 WC_HASH_TYPE_MD5, @@ -14866,30 +14870,33 @@ static void test_wc_HashInit(void) #ifndef WOLFSSL_SHA512 WC_HASH_TYPE_SHA512, #endif - }; - int ret = 0; /*0 indicates tests passed, 1 indicates failure*/ - int enumlen = (sizeof(enumArray))/4;/*dynamically finds the length*/ + }; + /* dynamically finds the length */ + int enumlen = (sizeof(enumArray)/sizeof(enum wc_HashType)); - /*For loop to test various arguments...*/ - for(int i =0; i < enumlen; i++){ - wc_HashAlg hash; - if(wc_HashInit(&hash, enumArray[i])==BAD_FUNC_ARG){/*checking for bad args*/ - ret = 1; - } - if(wc_HashInit(NULL, enumArray[i])!=BAD_FUNC_ARG){/*checking for null ptr*/ - ret = 1; - } + /* For loop to test various arguments... */ + for(i = 0; i < enumlen; i++) { + /* check for bad args */ + if(wc_HashInit(&hash, enumArray[i]) == BAD_FUNC_ARG) { + ret = 1; + break; + } + /* check for null ptr */ + if(wc_HashInit(NULL, enumArray[i]) != BAD_FUNC_ARG) { + ret = 1; + break; + } }/* end of for loop */ printf(testingFmt, "wc_HashInit()"); - if(ret==0){/* all tests have passed */ + if(ret==0) { /* all tests have passed */ printf(resultFmt, passed); } - if(ret==1){/* a test has failed */ + if(ret==1) { /* a test has failed */ printf(resultFmt, failed); } - + return ret; }/* end of test_wc_HashInit */ @@ -18919,6 +18926,8 @@ void ApiTest(void) AssertFalse(test_wc_Sha384HmacUpdate()); AssertFalse(test_wc_Sha384HmacFinal()); + AssertIntEQ(test_wc_HashInit(), 0); + AssertIntEQ(test_wc_InitCmac(), 0); AssertIntEQ(test_wc_CmacUpdate(), 0); AssertIntEQ(test_wc_CmacFinal(), 0); @@ -19040,8 +19049,7 @@ void ApiTest(void) test_wc_PKCS7_VerifySignedData(); test_wc_PKCS7_EncodeDecodeEnvelopedData(); test_wc_PKCS7_EncodeEncryptedData(); - - test_wc_HashInit(); + printf(" End API Tests\n"); From 124f45d4495f4bf1034ec8203d2c897d916fac03 Mon Sep 17 00:00:00 2001 From: Tim Date: Tue, 22 May 2018 17:45:04 -0600 Subject: [PATCH 067/146] re-upload --- tests/api.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/api.c b/tests/api.c index 725f0c708..0bbe02feb 100644 --- a/tests/api.c +++ b/tests/api.c @@ -14848,7 +14848,7 @@ static int test_wc_HashInit(void) { int ret = 0, i; /* 0 indicates tests passed, 1 indicates failure */ - wc_HashAlg hash; + wc_HashAlg hash; /* enum for holding supported algorithms, #ifndef's restrict if disabled */ enum wc_HashType enumArray[] = { From 3bb4949e02e61e98abfa584dd6e9d6ff5b203460 Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Wed, 23 May 2018 13:27:36 +1000 Subject: [PATCH 068/146] Improve coverage Renumber errors in test.c to be unique. Fix stack usage to work in --enable-distro --enable-stacksize builds. --- wolfcrypt/src/dh.c | 111 +- wolfcrypt/src/hash.c | 4 +- wolfcrypt/src/rsa.c | 3 +- wolfcrypt/src/sp_x86_64.c | 52 +- wolfcrypt/test/test.c | 4621 +++++++++++++++++++++---------------- 5 files changed, 2700 insertions(+), 2091 deletions(-) diff --git a/wolfcrypt/src/dh.c b/wolfcrypt/src/dh.c index 21508c19d..dd7f9e2ae 100644 --- a/wolfcrypt/src/dh.c +++ b/wolfcrypt/src/dh.c @@ -614,8 +614,7 @@ static int GeneratePrivateDh186(DhKey* key, WC_RNG* rng, byte* priv, int qSz, pSz, cSz, err; mp_int tmpQ, tmpX; - if (key == NULL || rng == NULL || priv == NULL || privSz == NULL) - return BAD_FUNC_ARG; + /* Parameters validated in calling functions. */ if (mp_iszero(&key->q) == MP_YES) { WOLFSSL_MSG("DH q parameter needed for FIPS 186-4 key generation"); @@ -649,14 +648,8 @@ static int GeneratePrivateDh186(DhKey* key, WC_RNG* rng, byte* priv, * Hash_DRBG uses SHA-256 which matches maximum * requested_security_strength of (L,N) */ err = wc_RNG_GenerateBlock(rng, cBuf, cSz); - if (err != MP_OKAY) { - mp_clear(&tmpX); - mp_clear(&tmpQ); - XFREE(cBuf, key->heap, DYNAMIC_TYPE_TMP_BUFFER); - return err; - } - - err = mp_read_unsigned_bin(&tmpX, cBuf, cSz); + if (err == MP_OKAY) + err = mp_read_unsigned_bin(&tmpX, cBuf, cSz); if (err != MP_OKAY) { mp_clear(&tmpX); mp_clear(&tmpQ); @@ -1166,57 +1159,71 @@ int wc_DhAgree(DhKey* key, byte* agree, word32* agreeSz, const byte* priv, int wc_DhSetKey_ex(DhKey* key, const byte* p, word32 pSz, const byte* g, word32 gSz, const byte* q, word32 qSz) { + int ret = 0; + mp_int* keyP = NULL; + mp_int* keyG = NULL; + mp_int* keyQ = NULL; + if (key == NULL || p == NULL || g == NULL || pSz == 0 || gSz == 0) { - return BAD_FUNC_ARG; + ret = BAD_FUNC_ARG; } - /* may have leading 0 */ - if (p[0] == 0) { - pSz--; p++; - } - - if (g[0] == 0) { - gSz--; g++; - } - - if (q != NULL) { - if (q[0] == 0) { - qSz--; q++; + if (ret == 0) { + /* may have leading 0 */ + if (p[0] == 0) { + pSz--; p++; } - } - if (mp_init(&key->p) != MP_OKAY) - return MP_INIT_E; - if (mp_read_unsigned_bin(&key->p, p, pSz) != 0) { - mp_clear(&key->p); - return ASN_DH_KEY_E; - } - - if (mp_init(&key->g) != MP_OKAY) { - mp_clear(&key->p); - return MP_INIT_E; - } - if (mp_read_unsigned_bin(&key->g, g, gSz) != 0) { - mp_clear(&key->g); - mp_clear(&key->p); - return ASN_DH_KEY_E; - } - - if (q != NULL) { - if (mp_init(&key->q) != MP_OKAY) { - mp_clear(&key->g); - mp_clear(&key->p); - return MP_INIT_E; + if (g[0] == 0) { + gSz--; g++; } - if (mp_read_unsigned_bin(&key->q, q, qSz) != 0) { - mp_clear(&key->g); - mp_clear(&key->p); - mp_clear(&key->q); - return MP_INIT_E; + + if (q != NULL) { + if (q[0] == 0) { + qSz--; q++; + } } + + if (mp_init(&key->p) != MP_OKAY) + ret = MP_INIT_E; } - return 0; + if (ret == 0) { + if (mp_read_unsigned_bin(&key->p, p, pSz) != MP_OKAY) + ret = ASN_DH_KEY_E; + else + keyP = &key->p; + } + if (ret == 0 && mp_init(&key->g) != MP_OKAY) + ret = MP_INIT_E; + if (ret == 0) { + if (mp_read_unsigned_bin(&key->g, g, gSz) != MP_OKAY) + ret = ASN_DH_KEY_E; + else + keyG = &key->g; + } + + if (ret == 0 && q != NULL) { + if (mp_init(&key->q) != MP_OKAY) + ret = MP_INIT_E; + } + if (ret == 0 && q != NULL) { + if (mp_read_unsigned_bin(&key->q, q, qSz) != MP_OKAY) + ret = MP_INIT_E; + else + keyQ = &key->q; + } + + if (ret != 0 && key != NULL) { + if (keyQ) + mp_clear(keyQ); + if (keyG) + mp_clear(keyG); + if (keyP) + mp_clear(keyP); + } + + return ret; } diff --git a/wolfcrypt/src/hash.c b/wolfcrypt/src/hash.c index bd17034bb..4d796d8bc 100644 --- a/wolfcrypt/src/hash.c +++ b/wolfcrypt/src/hash.c @@ -182,7 +182,7 @@ enum wc_HashType wc_OidGetHash(int oid) #endif break; case SHA224h: - #if defined(WOLFSSL_SHA224) + #ifdef WOLFSSL_SHA224 hash_type = WC_HASH_TYPE_SHA224; #endif break; @@ -247,7 +247,7 @@ int wc_HashGetDigestSize(enum wc_HashType hash_type) #endif break; case WC_HASH_TYPE_SHA384: - #if defined(WOLFSSL_SHA512) && defined(WOLFSSL_SHA384) + #ifdef WOLFSSL_SHA384 dig_size = WC_SHA384_DIGEST_SIZE; #endif break; diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c index 658b5a29c..e44a7222d 100644 --- a/wolfcrypt/src/rsa.c +++ b/wolfcrypt/src/rsa.c @@ -2310,8 +2310,7 @@ static int RsaGetValue(mp_int* in, byte* out, word32* outSz) word32 sz; int ret = 0; - if (in == NULL || out == NULL || outSz == NULL) - return BAD_FUNC_ARG; + /* Parameters ensured by calling function. */ sz = (word32)mp_unsigned_bin_size(in); if (sz > *outSz) diff --git a/wolfcrypt/src/sp_x86_64.c b/wolfcrypt/src/sp_x86_64.c index 5f270dffd..692faba19 100644 --- a/wolfcrypt/src/sp_x86_64.c +++ b/wolfcrypt/src/sp_x86_64.c @@ -7084,11 +7084,9 @@ static int sp_2048_mod_exp_16(sp_digit* r, sp_digit* a, sp_digit* e, sp_2048_mont_mul_16(r, r, t[y], m, mp); } - y = e[0] & 0xf; - sp_2048_mont_sqr_16(r, r, m, mp); - sp_2048_mont_sqr_16(r, r, m, mp); - sp_2048_mont_sqr_16(r, r, m, mp); - sp_2048_mont_sqr_16(r, r, m, mp); + y = e[0] & ((1 << c) - 1); + for (; c > 0; c--) + sp_2048_mont_sqr_16(r, r, m, mp); sp_2048_mont_mul_16(r, r, t[y], m, mp); XMEMSET(&r[16], 0, sizeof(sp_digit) * 16); @@ -7401,11 +7399,9 @@ static int sp_2048_mod_exp_avx2_16(sp_digit* r, sp_digit* a, sp_digit* e, sp_2048_mont_mul_avx2_16(r, r, t[y], m, mp); } - y = e[0] & 0xf; - sp_2048_mont_sqr_avx2_16(r, r, m, mp); - sp_2048_mont_sqr_avx2_16(r, r, m, mp); - sp_2048_mont_sqr_avx2_16(r, r, m, mp); - sp_2048_mont_sqr_avx2_16(r, r, m, mp); + y = e[0] & ((1 << c) - 1); + for (; c > 0; c--) + sp_2048_mont_sqr_avx2_16(r, r, m, mp); sp_2048_mont_mul_avx2_16(r, r, t[y], m, mp); XMEMSET(&r[16], 0, sizeof(sp_digit) * 16); @@ -9126,10 +9122,9 @@ static int sp_2048_mod_exp_32(sp_digit* r, sp_digit* a, sp_digit* e, sp_2048_mont_mul_32(r, r, t[y], m, mp); } - y = e[0] & 0x7; - sp_2048_mont_sqr_32(r, r, m, mp); - sp_2048_mont_sqr_32(r, r, m, mp); - sp_2048_mont_sqr_32(r, r, m, mp); + y = e[0] & ((1 << c) - 1); + for (; c > 0; c--) + sp_2048_mont_sqr_32(r, r, m, mp); sp_2048_mont_mul_32(r, r, t[y], m, mp); XMEMSET(&r[32], 0, sizeof(sp_digit) * 32); @@ -9540,10 +9535,9 @@ static int sp_2048_mod_exp_avx2_32(sp_digit* r, sp_digit* a, sp_digit* e, sp_2048_mont_mul_avx2_32(r, r, t[y], m, mp); } - y = e[0] & 0x7; - sp_2048_mont_sqr_avx2_32(r, r, m, mp); - sp_2048_mont_sqr_avx2_32(r, r, m, mp); - sp_2048_mont_sqr_avx2_32(r, r, m, mp); + y = e[0] & ((1 << c) - 1); + for (; c > 0; c--) + sp_2048_mont_sqr_avx2_32(r, r, m, mp); sp_2048_mont_mul_avx2_32(r, r, t[y], m, mp); XMEMSET(&r[32], 0, sizeof(sp_digit) * 32); @@ -23649,8 +23643,9 @@ static int sp_3072_mod_exp_24(sp_digit* r, sp_digit* a, sp_digit* e, sp_3072_mont_mul_24(r, r, t[y], m, mp); } - y = e[0] & 0x1; - sp_3072_mont_sqr_24(r, r, m, mp); + y = e[0] & ((1 << c) - 1); + for (; c > 0; c--) + sp_3072_mont_sqr_24(r, r, m, mp); sp_3072_mont_mul_24(r, r, t[y], m, mp); XMEMSET(&r[24], 0, sizeof(sp_digit) * 24); @@ -24011,8 +24006,9 @@ static int sp_3072_mod_exp_avx2_24(sp_digit* r, sp_digit* a, sp_digit* e, sp_3072_mont_mul_avx2_24(r, r, t[y], m, mp); } - y = e[0] & 0x1; - sp_3072_mont_sqr_avx2_24(r, r, m, mp); + y = e[0] & ((1 << c) - 1); + for (; c > 0; c--) + sp_3072_mont_sqr_avx2_24(r, r, m, mp); sp_3072_mont_mul_avx2_24(r, r, t[y], m, mp); XMEMSET(&r[24], 0, sizeof(sp_digit) * 24); @@ -26357,9 +26353,9 @@ static int sp_3072_mod_exp_48(sp_digit* r, sp_digit* a, sp_digit* e, sp_3072_mont_mul_48(r, r, t[y], m, mp); } - y = e[0] & 0x3; - sp_3072_mont_sqr_48(r, r, m, mp); - sp_3072_mont_sqr_48(r, r, m, mp); + y = e[0] & ((1 << c) - 1); + for (; c > 0; c--) + sp_3072_mont_sqr_48(r, r, m, mp); sp_3072_mont_mul_48(r, r, t[y], m, mp); XMEMSET(&r[48], 0, sizeof(sp_digit) * 48); @@ -26866,9 +26862,9 @@ static int sp_3072_mod_exp_avx2_48(sp_digit* r, sp_digit* a, sp_digit* e, sp_3072_mont_mul_avx2_48(r, r, t[y], m, mp); } - y = e[0] & 0x3; - sp_3072_mont_sqr_avx2_48(r, r, m, mp); - sp_3072_mont_sqr_avx2_48(r, r, m, mp); + y = e[0] & ((1 << c) - 1); + for (; c > 0; c--) + sp_3072_mont_sqr_avx2_48(r, r, m, mp); sp_3072_mont_mul_avx2_48(r, r, t[y], m, mp); XMEMSET(&r[48], 0, sizeof(sp_digit) * 48); diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 314285f0c..30deba40a 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -986,7 +986,7 @@ initDefaultName(); #ifdef HAVE_WNR if (wc_InitNetRandom(wnrConfigFile, NULL, 5000) != 0) { err_sys("Whitewood netRandom global config failed", -1002); - return -1002; + return -1001; } #endif @@ -1257,23 +1257,23 @@ int base16_test(void) encodedLen = sizeof(encoded); ret = Base16_Encode(testData, sizeof(testData), encoded, &encodedLen); if (ret != 0) - return -1234; + return -1300; len = (word32)XSTRLEN((char*)encoded); if (len != encodedLen - 1) - return -1235; + return -1301; len = sizeof(plain); ret = Base16_Decode(encoded, encodedLen - 1, plain, &len); if (ret != 0) - return -1236; + return -1302; if (len != sizeof(testData) || XMEMCMP(testData, plain, len) != 0) - return -1237; + return -1303; if (encodedLen != sizeof(encodedTestData) || XMEMCMP(encoded, encodedTestData, encodedLen) != 0) { - return -1238; + return -1304; } return 0; @@ -1303,27 +1303,27 @@ int asn_test(void) ret = wc_GetDateInfo(dateBuf, (int)sizeof(dateBuf), &datePart, &format, &length); if (ret != 0) - return -1300; + return -1400; #ifndef NO_ASN_TIME /* Parameter Validation tests. */ if (wc_GetTime(NULL, sizeof(now)) != BAD_FUNC_ARG) - return -1301; + return -1401; if (wc_GetTime(&now, 0) != BUFFER_E) - return -1302; + return -1402; now = 0; if (wc_GetTime(&now, sizeof(now)) != 0) { - return -1303; + return -1403; } if (now == 0) { printf("RTC/Time not set!\n"); - return -1304; + return -1404; } ret = wc_GetDateAsCalendarTime(datePart, length, format, &time); if (ret != 0) - return -1305; + return -1405; #endif /* !NO_ASN_TIME */ return 0; @@ -1399,7 +1399,7 @@ int md2_test(void) wc_Md2Final(&md2, hash); if (XMEMCMP(hash, test_md2[i].output, MD2_DIGEST_SIZE) != 0) - return -1400 - i; + return -1500 - i; } return 0; @@ -1410,7 +1410,7 @@ int md2_test(void) int md5_test(void) { int ret = 0; - wc_Md5 md5; + wc_Md5 md5, md5Copy; byte hash[WC_MD5_DIGEST_SIZE]; byte hashcopy[WC_MD5_DIGEST_SIZE]; testVector a, b, c, d, e, f; @@ -1464,27 +1464,36 @@ int md5_test(void) ret = wc_InitMd5_ex(&md5, HEAP_HINT, devId); if (ret != 0) - return -1500; + return -1600; + ret = wc_InitMd5_ex(&md5Copy, HEAP_HINT, devId); + if (ret != 0) { + wc_Md5Free(&md5); + return -1601; + } for (i = 0; i < times; ++i) { ret = wc_Md5Update(&md5, (byte*)test_md5[i].input, (word32)test_md5[i].inLen); if (ret != 0) - ERROR_OUT(-1510 - i, exit); + ERROR_OUT(-1602 - i, exit); ret = wc_Md5GetHash(&md5, hashcopy); if (ret != 0) - ERROR_OUT(-1520 - i, exit); + ERROR_OUT(-1603 - i, exit); + + ret = wc_Md5Copy(&md5, &md5Copy); + if (ret != 0) + ERROR_OUT(-1604 - i, exit); ret = wc_Md5Final(&md5, hash); if (ret != 0) - ERROR_OUT(-1530 - i, exit); + ERROR_OUT(-1605 - i, exit); if (XMEMCMP(hash, test_md5[i].output, WC_MD5_DIGEST_SIZE) != 0) - ERROR_OUT(-1540 - i, exit); + ERROR_OUT(-1606 - i, exit); if (XMEMCMP(hash, hashcopy, WC_MD5_DIGEST_SIZE) != 0) - ERROR_OUT(-1550 - i, exit); + ERROR_OUT(-1607 - i, exit); } /* BEGIN LARGE HASH TEST */ { @@ -1503,18 +1512,19 @@ int md5_test(void) ret = wc_Md5Update(&md5, (byte*)large_input, (word32)sizeof(large_input)); if (ret != 0) - ERROR_OUT(-1560, exit); + ERROR_OUT(-1608, exit); } ret = wc_Md5Final(&md5, hash); if (ret != 0) - ERROR_OUT(-1561, exit); + ERROR_OUT(-1609, exit); if (XMEMCMP(hash, large_digest, WC_MD5_DIGEST_SIZE) != 0) - ERROR_OUT(-1562, exit); + ERROR_OUT(-1610, exit); } /* END LARGE HASH TEST */ exit: wc_Md5Free(&md5); + wc_Md5Free(&md5Copy); return ret; } @@ -1591,7 +1601,7 @@ int md4_test(void) wc_Md4Final(&md4, hash); if (XMEMCMP(hash, test_md4[i].output, MD4_DIGEST_SIZE) != 0) - return -1600 - i; + return -1700 - i; } return 0; @@ -1604,7 +1614,7 @@ int md4_test(void) int sha_test(void) { int ret = 0; - wc_Sha sha; + wc_Sha sha, shaCopy; byte hash[WC_SHA_DIGEST_SIZE]; byte hashcopy[WC_SHA_DIGEST_SIZE]; testVector a, b, c, d, e; @@ -1652,24 +1662,32 @@ int sha_test(void) ret = wc_InitSha_ex(&sha, HEAP_HINT, devId); if (ret != 0) - return -1700; + return -1800; + ret = wc_InitSha_ex(&shaCopy, HEAP_HINT, devId); + if (ret != 0) { + wc_ShaFree(&sha); + return -1801; + } for (i = 0; i < times; ++i) { ret = wc_ShaUpdate(&sha, (byte*)test_sha[i].input, (word32)test_sha[i].inLen); if (ret != 0) - ERROR_OUT(-1710 - i, exit); + ERROR_OUT(-1802 - i, exit); ret = wc_ShaGetHash(&sha, hashcopy); if (ret != 0) - ERROR_OUT(-1720 - i, exit); + ERROR_OUT(-1803 - i, exit); + ret = wc_ShaCopy(&sha, &shaCopy); + if (ret != 0) + ERROR_OUT(-1804 - i, exit); ret = wc_ShaFinal(&sha, hash); if (ret != 0) - ERROR_OUT(-1730 - i, exit); + ERROR_OUT(-1805 - i, exit); if (XMEMCMP(hash, test_sha[i].output, WC_SHA_DIGEST_SIZE) != 0) - ERROR_OUT(-1740 - i, exit); + ERROR_OUT(-1806 - i, exit); if (XMEMCMP(hash, hashcopy, WC_SHA_DIGEST_SIZE) != 0) - ERROR_OUT(-1750 - i, exit); + ERROR_OUT(-1807 - i, exit); } /* BEGIN LARGE HASH TEST */ { @@ -1689,18 +1707,19 @@ int sha_test(void) ret = wc_ShaUpdate(&sha, (byte*)large_input, (word32)sizeof(large_input)); if (ret != 0) - ERROR_OUT(-1760, exit); + ERROR_OUT(-1808, exit); } ret = wc_ShaFinal(&sha, hash); if (ret != 0) - ERROR_OUT(-1761, exit); + ERROR_OUT(-1809, exit); if (XMEMCMP(hash, large_digest, WC_SHA_DIGEST_SIZE) != 0) - ERROR_OUT(-1762, exit); + ERROR_OUT(-1810, exit); } /* END LARGE HASH TEST */ exit: wc_ShaFree(&sha); + wc_ShaFree(&shaCopy); return ret; } @@ -1750,23 +1769,23 @@ int ripemd_test(void) ret = wc_InitRipeMd(&ripemd); if (ret != 0) { - return -1800; + return -1900; } for (i = 0; i < times; ++i) { ret = wc_RipeMdUpdate(&ripemd, (byte*)test_ripemd[i].input, (word32)test_ripemd[i].inLen); if (ret != 0) { - return -1810 - i; + return -1901 - i; } ret = wc_RipeMdFinal(&ripemd, hash); if (ret != 0) { - return -1820 - i; + return -1911 - i; } if (XMEMCMP(hash, test_ripemd[i].output, RIPEMD_DIGEST_SIZE) != 0) - return -1830 - i; + return -1921 - i; } return 0; @@ -1828,18 +1847,18 @@ int blake2b_test(void) for (i = 0; i < BLAKE2_TESTS; i++) { ret = wc_InitBlake2b(&b2b, 64); if (ret != 0) - return -1900 - i; + return -2000 - i; ret = wc_Blake2bUpdate(&b2b, input, i); if (ret != 0) - return -1910 - 1; + return -2010 - 1; ret = wc_Blake2bFinal(&b2b, digest, 64); if (ret != 0) - return -1920 - i; + return -2020 - i; if (XMEMCMP(digest, blake2b_vec[i], 64) != 0) { - return -1930 - i; + return -2030 - i; } } @@ -1851,7 +1870,7 @@ int blake2b_test(void) #ifdef WOLFSSL_SHA224 int sha224_test(void) { - wc_Sha224 sha; + wc_Sha224 sha, shaCopy; byte hash[WC_SHA224_DIGEST_SIZE]; byte hashcopy[WC_SHA224_DIGEST_SIZE]; int ret = 0; @@ -1884,28 +1903,37 @@ int sha224_test(void) ret = wc_InitSha224_ex(&sha, HEAP_HINT, devId); if (ret != 0) - return -2000; + return -2100; + ret = wc_InitSha224_ex(&shaCopy, HEAP_HINT, devId); + if (ret != 0) { + wc_Sha224Free(&sha); + return -2101; + } for (i = 0; i < times; ++i) { ret = wc_Sha224Update(&sha, (byte*)test_sha[i].input, (word32)test_sha[i].inLen); if (ret != 0) - ERROR_OUT(-2010 - i, exit); + ERROR_OUT(-2102 - i, exit); ret = wc_Sha224GetHash(&sha, hashcopy); if (ret != 0) - ERROR_OUT(-2020 - i, exit); + ERROR_OUT(-2103 - i, exit); + ret = wc_Sha224Copy(&sha, &shaCopy); + if (ret != 0) + ERROR_OUT(-2104 - i, exit); ret = wc_Sha224Final(&sha, hash); if (ret != 0) - ERROR_OUT(-2030 - i, exit); + ERROR_OUT(-2105 - i, exit); if (XMEMCMP(hash, test_sha[i].output, WC_SHA224_DIGEST_SIZE) != 0) - ERROR_OUT(-2040 - i, exit); + ERROR_OUT(-2106 - i, exit); if (XMEMCMP(hash, hashcopy, WC_SHA224_DIGEST_SIZE) != 0) - ERROR_OUT(-2050 - i, exit); + ERROR_OUT(-2107 - i, exit); } exit: wc_Sha224Free(&sha); + wc_Sha224Free(&shaCopy); return ret; } @@ -1915,7 +1943,7 @@ exit: #ifndef NO_SHA256 int sha256_test(void) { - wc_Sha256 sha; + wc_Sha256 sha, shaCopy; byte hash[WC_SHA256_DIGEST_SIZE]; byte hashcopy[WC_SHA256_DIGEST_SIZE]; int ret = 0; @@ -1951,24 +1979,32 @@ int sha256_test(void) ret = wc_InitSha256_ex(&sha, HEAP_HINT, devId); if (ret != 0) - return -2100; + return -2200; + ret = wc_InitSha256_ex(&shaCopy, HEAP_HINT, devId); + if (ret != 0) { + wc_Sha256Free(&sha); + return -2201; + } for (i = 0; i < times; ++i) { ret = wc_Sha256Update(&sha, (byte*)test_sha[i].input, (word32)test_sha[i].inLen); if (ret != 0) - ERROR_OUT(-2110 - i, exit); + ERROR_OUT(-2202 - i, exit); ret = wc_Sha256GetHash(&sha, hashcopy); if (ret != 0) - ERROR_OUT(-2120 - i, exit); + ERROR_OUT(-2203 - i, exit); + ret = wc_Sha256Copy(&sha, &shaCopy); + if (ret != 0) + ERROR_OUT(-2204 - i, exit); ret = wc_Sha256Final(&sha, hash); if (ret != 0) - ERROR_OUT(-2130 - i, exit); + ERROR_OUT(-2205 - i, exit); if (XMEMCMP(hash, test_sha[i].output, WC_SHA256_DIGEST_SIZE) != 0) - ERROR_OUT(-2140 - i, exit); + ERROR_OUT(-2206 - i, exit); if (XMEMCMP(hash, hashcopy, WC_SHA256_DIGEST_SIZE) != 0) - ERROR_OUT(-2150 - i, exit); + ERROR_OUT(-2207 - i, exit); } /* BEGIN LARGE HASH TEST */ { @@ -1988,18 +2024,19 @@ int sha256_test(void) ret = wc_Sha256Update(&sha, (byte*)large_input, (word32)sizeof(large_input)); if (ret != 0) - ERROR_OUT(-2160, exit); + ERROR_OUT(-2208, exit); } ret = wc_Sha256Final(&sha, hash); if (ret != 0) - ERROR_OUT(-2161, exit); + ERROR_OUT(-2209, exit); if (XMEMCMP(hash, large_digest, WC_SHA256_DIGEST_SIZE) != 0) - ERROR_OUT(-2162, exit); + ERROR_OUT(-2210, exit); } /* END LARGE HASH TEST */ exit: wc_Sha256Free(&sha); + wc_Sha256Free(&shaCopy); return ret; } @@ -2009,7 +2046,7 @@ exit: #ifdef WOLFSSL_SHA512 int sha512_test(void) { - wc_Sha512 sha; + wc_Sha512 sha, shaCopy; byte hash[WC_SHA512_DIGEST_SIZE]; byte hashcopy[WC_SHA512_DIGEST_SIZE]; int ret = 0; @@ -2052,24 +2089,32 @@ int sha512_test(void) ret = wc_InitSha512_ex(&sha, HEAP_HINT, devId); if (ret != 0) - return -2200; + return -2300; + ret = wc_InitSha512_ex(&shaCopy, HEAP_HINT, devId); + if (ret != 0) { + wc_Sha512Free(&sha); + return -2301; + } for (i = 0; i < times; ++i) { ret = wc_Sha512Update(&sha, (byte*)test_sha[i].input, (word32)test_sha[i].inLen); if (ret != 0) - ERROR_OUT(-2210 - i, exit); + ERROR_OUT(-2302 - i, exit); ret = wc_Sha512GetHash(&sha, hashcopy); if (ret != 0) - ERROR_OUT(-2220 - i, exit); + ERROR_OUT(-2303 - i, exit); + ret = wc_Sha512Copy(&sha, &shaCopy); + if (ret != 0) + ERROR_OUT(-2304 - i, exit); ret = wc_Sha512Final(&sha, hash); if (ret != 0) - ERROR_OUT(-2230 - i, exit); + ERROR_OUT(-2305 - i, exit); if (XMEMCMP(hash, test_sha[i].output, WC_SHA512_DIGEST_SIZE) != 0) - ERROR_OUT(-2240 - i, exit); + ERROR_OUT(-2306 - i, exit); if (XMEMCMP(hash, hashcopy, WC_SHA512_DIGEST_SIZE) != 0) - ERROR_OUT(-2250 - i, exit); + ERROR_OUT(-2307 - i, exit); } /* BEGIN LARGE HASH TEST */ { @@ -2088,17 +2133,18 @@ int sha512_test(void) ret = wc_Sha512Update(&sha, (byte*)large_input, (word32)sizeof(large_input)); if (ret != 0) - ERROR_OUT(-2260, exit); + ERROR_OUT(-2308, exit); } ret = wc_Sha512Final(&sha, hash); if (ret != 0) - ERROR_OUT(-2261, exit); + ERROR_OUT(-2309, exit); if (XMEMCMP(hash, large_digest, WC_SHA512_DIGEST_SIZE) != 0) - ERROR_OUT(-2262, exit); + ERROR_OUT(-2310, exit); } /* END LARGE HASH TEST */ exit: wc_Sha512Free(&sha); + wc_Sha512Free(&shaCopy); return ret; } @@ -2108,7 +2154,7 @@ exit: #ifdef WOLFSSL_SHA384 int sha384_test(void) { - wc_Sha384 sha; + wc_Sha384 sha, shaCopy; byte hash[WC_SHA384_DIGEST_SIZE]; byte hashcopy[WC_SHA384_DIGEST_SIZE]; int ret = 0; @@ -2149,24 +2195,32 @@ int sha384_test(void) ret = wc_InitSha384_ex(&sha, HEAP_HINT, devId); if (ret != 0) - return -2300; + return -2400; + ret = wc_InitSha384_ex(&shaCopy, HEAP_HINT, devId); + if (ret != 0) { + wc_Sha384Free(&sha); + return -2401; + } for (i = 0; i < times; ++i) { ret = wc_Sha384Update(&sha, (byte*)test_sha[i].input, (word32)test_sha[i].inLen); if (ret != 0) - ERROR_OUT(-2310 - i, exit); + ERROR_OUT(-2402 - i, exit); ret = wc_Sha384GetHash(&sha, hashcopy); if (ret != 0) - ERROR_OUT(-2320 - i, exit); + ERROR_OUT(-2403 - i, exit); + ret = wc_Sha384Copy(&sha, &shaCopy); + if (ret != 0) + ERROR_OUT(-2404 - i, exit); ret = wc_Sha384Final(&sha, hash); if (ret != 0) - ERROR_OUT(-2330 - i, exit); + ERROR_OUT(-2405 - i, exit); if (XMEMCMP(hash, test_sha[i].output, WC_SHA384_DIGEST_SIZE) != 0) - ERROR_OUT(-2340 - i, exit); + ERROR_OUT(-2406 - i, exit); if (XMEMCMP(hash, hashcopy, WC_SHA384_DIGEST_SIZE) != 0) - ERROR_OUT(-2350 - i, exit); + ERROR_OUT(-2407 - i, exit); } /* BEGIN LARGE HASH TEST */ { @@ -2184,18 +2238,19 @@ int sha384_test(void) ret = wc_Sha384Update(&sha, (byte*)large_input, (word32)sizeof(large_input)); if (ret != 0) - ERROR_OUT(-2360, exit); + ERROR_OUT(-2408, exit); } ret = wc_Sha384Final(&sha, hash); if (ret != 0) - ERROR_OUT(-2361, exit); + ERROR_OUT(-2409, exit); if (XMEMCMP(hash, large_digest, WC_SHA384_DIGEST_SIZE) != 0) - ERROR_OUT(-2362, exit); + ERROR_OUT(-2410, exit); } /* END LARGE HASH TEST */ exit: wc_Sha384Free(&sha); + wc_Sha384Free(&shaCopy); return ret; } @@ -2238,24 +2293,24 @@ static int sha3_224_test(void) ret = wc_InitSha3_224(&sha, HEAP_HINT, devId); if (ret != 0) - return -2000; + return -2500; for (i = 0; i < times; ++i) { ret = wc_Sha3_224_Update(&sha, (byte*)test_sha[i].input, (word32)test_sha[i].inLen); if (ret != 0) - ERROR_OUT(-2010 - i, exit); + ERROR_OUT(-2501 - i, exit); ret = wc_Sha3_224_GetHash(&sha, hashcopy); if (ret != 0) - ERROR_OUT(-2020 - i, exit); + ERROR_OUT(-2502 - i, exit); ret = wc_Sha3_224_Final(&sha, hash); if (ret != 0) - ERROR_OUT(-2030 - i, exit); + ERROR_OUT(-2503 - i, exit); if (XMEMCMP(hash, test_sha[i].output, WC_SHA3_224_DIGEST_SIZE) != 0) - ERROR_OUT(-2040 - i, exit); + ERROR_OUT(-2504 - i, exit); if (XMEMCMP(hash, hashcopy, WC_SHA3_224_DIGEST_SIZE) != 0) - ERROR_OUT(-2050 - i, exit); + ERROR_OUT(-2505 - i, exit); } /* BEGIN LARGE HASH TEST */ { @@ -2272,13 +2327,13 @@ static int sha3_224_test(void) ret = wc_Sha3_224_Update(&sha, (byte*)large_input, (word32)sizeof(large_input)); if (ret != 0) - ERROR_OUT(-2060, exit); + ERROR_OUT(-2506, exit); } ret = wc_Sha3_224_Final(&sha, hash); if (ret != 0) - ERROR_OUT(-2061, exit); + ERROR_OUT(-2507, exit); if (XMEMCMP(hash, large_digest, WC_SHA3_224_DIGEST_SIZE) != 0) - ERROR_OUT(-2062, exit); + ERROR_OUT(-2508, exit); } /* END LARGE HASH TEST */ exit: @@ -2327,24 +2382,24 @@ static int sha3_256_test(void) ret = wc_InitSha3_256(&sha, HEAP_HINT, devId); if (ret != 0) - return -2100; + return -2600; for (i = 0; i < times; ++i) { ret = wc_Sha3_256_Update(&sha, (byte*)test_sha[i].input, (word32)test_sha[i].inLen); if (ret != 0) - ERROR_OUT(-2110 - i, exit); + ERROR_OUT(-2601 - i, exit); ret = wc_Sha3_256_GetHash(&sha, hashcopy); if (ret != 0) - ERROR_OUT(-2120 - i, exit); + ERROR_OUT(-2602 - i, exit); ret = wc_Sha3_256_Final(&sha, hash); if (ret != 0) - ERROR_OUT(-2130 - i, exit); + ERROR_OUT(-2603 - i, exit); if (XMEMCMP(hash, test_sha[i].output, WC_SHA3_256_DIGEST_SIZE) != 0) - ERROR_OUT(-2140 - i, exit); + ERROR_OUT(-2604 - i, exit); if (XMEMCMP(hash, hashcopy, WC_SHA3_256_DIGEST_SIZE) != 0) - ERROR_OUT(-2150 - i, exit); + ERROR_OUT(-2605 - i, exit); } /* BEGIN LARGE HASH TEST */ { @@ -2361,13 +2416,13 @@ static int sha3_256_test(void) ret = wc_Sha3_256_Update(&sha, (byte*)large_input, (word32)sizeof(large_input)); if (ret != 0) - ERROR_OUT(-2160, exit); + ERROR_OUT(-2606, exit); } ret = wc_Sha3_256_Final(&sha, hash); if (ret != 0) - ERROR_OUT(-2161, exit); + ERROR_OUT(-2607, exit); if (XMEMCMP(hash, large_digest, WC_SHA3_256_DIGEST_SIZE) != 0) - ERROR_OUT(-2162, exit); + ERROR_OUT(-2608, exit); } /* END LARGE HASH TEST */ exit: @@ -2419,24 +2474,24 @@ static int sha3_384_test(void) ret = wc_InitSha3_384(&sha, HEAP_HINT, devId); if (ret != 0) - return -2200; + return -2700; for (i = 0; i < times; ++i) { ret = wc_Sha3_384_Update(&sha, (byte*)test_sha[i].input, (word32)test_sha[i].inLen); if (ret != 0) - ERROR_OUT(-2210 - i, exit); + ERROR_OUT(-2701 - i, exit); ret = wc_Sha3_384_GetHash(&sha, hashcopy); if (ret != 0) - ERROR_OUT(-2220 - i, exit); + ERROR_OUT(-2702 - i, exit); ret = wc_Sha3_384_Final(&sha, hash); if (ret != 0) - ERROR_OUT(-2230 - i, exit); + ERROR_OUT(-2703 - i, exit); if (XMEMCMP(hash, test_sha[i].output, WC_SHA3_384_DIGEST_SIZE) != 0) - ERROR_OUT(-2240 - i, exit); + ERROR_OUT(-2704 - i, exit); if (XMEMCMP(hash, hashcopy, WC_SHA3_384_DIGEST_SIZE) != 0) - ERROR_OUT(-2250 - i, exit); + ERROR_OUT(-2705 - i, exit); } /* BEGIN LARGE HASH TEST */ { @@ -2454,13 +2509,13 @@ static int sha3_384_test(void) ret = wc_Sha3_384_Update(&sha, (byte*)large_input, (word32)sizeof(large_input)); if (ret != 0) - ERROR_OUT(-2260, exit); + ERROR_OUT(-2706, exit); } ret = wc_Sha3_384_Final(&sha, hash); if (ret != 0) - ERROR_OUT(-2261, exit); + ERROR_OUT(-2707, exit); if (XMEMCMP(hash, large_digest, WC_SHA3_384_DIGEST_SIZE) != 0) - ERROR_OUT(-2262, exit); + ERROR_OUT(-2708, exit); } /* END LARGE HASH TEST */ exit: @@ -2515,24 +2570,24 @@ static int sha3_512_test(void) ret = wc_InitSha3_512(&sha, HEAP_HINT, devId); if (ret != 0) - return -2300; + return -2800; for (i = 0; i < times; ++i) { ret = wc_Sha3_512_Update(&sha, (byte*)test_sha[i].input, (word32)test_sha[i].inLen); if (ret != 0) - ERROR_OUT(-2310 - i, exit); + ERROR_OUT(-2801 - i, exit); ret = wc_Sha3_512_GetHash(&sha, hashcopy); if (ret != 0) - ERROR_OUT(-2320 - i, exit); + ERROR_OUT(-2802 - i, exit); ret = wc_Sha3_512_Final(&sha, hash); if (ret != 0) - ERROR_OUT(-2330 - i, exit); + ERROR_OUT(-2803 - i, exit); if (XMEMCMP(hash, test_sha[i].output, WC_SHA3_512_DIGEST_SIZE) != 0) - ERROR_OUT(-2340 - i, exit); + ERROR_OUT(-2804 - i, exit); if (XMEMCMP(hash, hashcopy, WC_SHA3_512_DIGEST_SIZE) != 0) - ERROR_OUT(-2350 - i, exit); + ERROR_OUT(-2805 - i, exit); } /* BEGIN LARGE HASH TEST */ { @@ -2551,13 +2606,13 @@ static int sha3_512_test(void) ret = wc_Sha3_512_Update(&sha, (byte*)large_input, (word32)sizeof(large_input)); if (ret != 0) - ERROR_OUT(-2360, exit); + ERROR_OUT(-2806, exit); } ret = wc_Sha3_512_Final(&sha, hash); if (ret != 0) - ERROR_OUT(-2361, exit); + ERROR_OUT(-2807, exit); if (XMEMCMP(hash, large_digest, WC_SHA3_512_DIGEST_SIZE) != 0) - ERROR_OUT(-2362, exit); + ERROR_OUT(-2808, exit); } /* END LARGE HASH TEST */ exit: @@ -2598,8 +2653,13 @@ int hash_test(void) wc_HashAlg hash; int ret, exp_ret; int i, j; + int digestSz; byte data[] = "0123456789abcdef0123456789abcdef012345"; byte out[WC_MAX_DIGEST_SIZE]; + byte hashOut[WC_MAX_DIGEST_SIZE]; +#if !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC) + enum wc_HashType hashType; +#endif enum wc_HashType typesGood[] = { WC_HASH_TYPE_MD5, WC_HASH_TYPE_SHA, WC_HASH_TYPE_SHA224, WC_HASH_TYPE_SHA256, WC_HASH_TYPE_SHA384, WC_HASH_TYPE_SHA512 }; @@ -2626,41 +2686,52 @@ int hash_test(void) }; enum wc_HashType typesBad[] = { WC_HASH_TYPE_NONE, WC_HASH_TYPE_MD5_SHA, WC_HASH_TYPE_MD2, WC_HASH_TYPE_MD4 }; + enum wc_HashType typesSha3[] = { WC_HASH_TYPE_SHA3_224, + WC_HASH_TYPE_SHA3_256, + WC_HASH_TYPE_SHA3_384, + WC_HASH_TYPE_SHA3_512 }; + enum wc_HashType typesHashBad[] = { WC_HASH_TYPE_MD2, WC_HASH_TYPE_MD4, + WC_HASH_TYPE_SHA3_224, + WC_HASH_TYPE_SHA3_256, + WC_HASH_TYPE_SHA3_384, + WC_HASH_TYPE_SHA3_512, + WC_HASH_TYPE_BLAKE2B, + WC_HASH_TYPE_NONE }; /* Parameter Validation testing. */ ret = wc_HashInit(NULL, WC_HASH_TYPE_SHA256); if (ret != BAD_FUNC_ARG) - return -2400; + return -2900; ret = wc_HashUpdate(NULL, WC_HASH_TYPE_SHA256, NULL, sizeof(data)); if (ret != BAD_FUNC_ARG) - return -2401; + return -2901; ret = wc_HashUpdate(&hash, WC_HASH_TYPE_SHA256, NULL, sizeof(data)); if (ret != BAD_FUNC_ARG) - return -2402; + return -2902; ret = wc_HashUpdate(NULL, WC_HASH_TYPE_SHA256, data, sizeof(data)); if (ret != BAD_FUNC_ARG) - return -2403; + return -2903; ret = wc_HashFinal(NULL, WC_HASH_TYPE_SHA256, NULL); if (ret != BAD_FUNC_ARG) - return -2404; + return -2904; ret = wc_HashFinal(&hash, WC_HASH_TYPE_SHA256, NULL); if (ret != BAD_FUNC_ARG) - return -2405; + return -2905; ret = wc_HashFinal(NULL, WC_HASH_TYPE_SHA256, out); if (ret != BAD_FUNC_ARG) - return -2406; + return -2906; /* Try invalid hash algorithms. */ for (i = 0; i < (int)(sizeof(typesBad)/sizeof(*typesBad)); i++) { ret = wc_HashInit(&hash, typesBad[i]); if (ret != BAD_FUNC_ARG) - return -2407 - i; + return -2907 - i; ret = wc_HashUpdate(&hash, typesBad[i], data, sizeof(data)); if (ret != BAD_FUNC_ARG) - return -2417 - i; + return -2917 - i; ret = wc_HashFinal(&hash, typesBad[i], out); if (ret != BAD_FUNC_ARG) - return -2427 - i; + return -2927 - i; } /* Try valid hash algorithms. */ @@ -2673,87 +2744,211 @@ int hash_test(void) } ret = wc_HashInit(&hash, typesGood[i]); if (ret != exp_ret) - return -2437 - i; + return -2937 - i; ret = wc_HashUpdate(&hash, typesGood[i], data, sizeof(data)); if (ret != exp_ret) - return -2447 - i; + return -2947 - i; ret = wc_HashFinal(&hash, typesGood[i], out); if (ret != exp_ret) - return -2457 - i; + return -2957 - i; + + digestSz = wc_HashGetDigestSize(typesGood[i]); + if (exp_ret < 0 && digestSz != exp_ret) + return -2967 - i; + if (exp_ret == 0 && digestSz < 0) + return -2977 - i; + if (exp_ret == 0) { + ret = wc_Hash(typesGood[i], data, sizeof(data), hashOut, + digestSz - 1); + if (ret != BUFFER_E) + return -2987 - i; + } + ret = wc_Hash(typesGood[i], data, sizeof(data), hashOut, digestSz); + if (ret != exp_ret) + return -2997 - i; + if (exp_ret == 0 && XMEMCMP(out, hashOut, digestSz) != 0) + return -3007 -i; + + ret = wc_HashGetBlockSize(typesGood[i]); + if (exp_ret < 0 && ret != exp_ret) + return -3008 - i; + if (exp_ret == 0 && ret < 0) + return -3018 - i; + #if !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC) ret = wc_HashGetOID(typesGood[i]); if (ret == BAD_FUNC_ARG || (exp_ret == 0 && ret == HASH_TYPE_E) || (exp_ret != 0 && ret != HASH_TYPE_E)) { - return -2467 - i; + return -3028 - i; } + + hashType = wc_OidGetHash(ret); + if (exp_ret < 0 && ret != exp_ret) + return -3038 - i; + if (exp_ret == 0 && hashType != typesGood[i]) + return -3048 - i; #endif /* !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC) */ } + for (i = 0; i < (int)(sizeof(typesHashBad)/sizeof(*typesHashBad)); i++) { + ret = wc_Hash(typesHashBad[i], data, sizeof(data), out, sizeof(out)); + if (ret != BAD_FUNC_ARG && ret != BUFFER_E) + return -3058 - i; + } + #if !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC) ret = wc_HashGetOID(WC_HASH_TYPE_MD2); #ifdef WOLFSSL_MD2 if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG) - return -2477; + return -3068; #else if (ret != HASH_TYPE_E) - return -2478; + return -3069; #endif + hashType = wc_OidGetHash(646); /* Md2h */ +#ifdef WOLFSSL_MD2 + if (hashType != WC_HASH_TYPE_MD2) + return -3070; +#else + if (hashType != WC_HASH_TYPE_NONE) + return -3071; +#endif + ret = wc_HashGetOID(WC_HASH_TYPE_MD5_SHA); #ifndef NO_MD5 if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG) - return -2479; + return -3072; #else if (ret != HASH_TYPE_E) - return -2480; + return -3073; #endif ret = wc_HashGetOID(WC_HASH_TYPE_MD4); if (ret != BAD_FUNC_ARG) - return -2481; + return -3074; ret = wc_HashGetOID(WC_HASH_TYPE_NONE); if (ret != BAD_FUNC_ARG) - return -2482; + return -3075; + + hashType = wc_OidGetHash(0); + if (hashType != WC_HASH_TYPE_NONE) + return -3076; #endif /* !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC) */ + ret = wc_HashGetBlockSize(WC_HASH_TYPE_MD2); +#ifdef WOLFSSL_MD2 + if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG) + return -3077; +#else + if (ret != HASH_TYPE_E) + return -3078; +#endif + ret = wc_HashGetDigestSize(WC_HASH_TYPE_MD2); +#ifdef WOLFSSL_MD2 + if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG) + return -3079; +#else + if (ret != HASH_TYPE_E) + return -3080; +#endif + + ret = wc_HashGetBlockSize(WC_HASH_TYPE_MD4); +#ifndef NO_MD4 + if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG) + return -3081; +#else + if (ret != HASH_TYPE_E) + return -3082; +#endif + ret = wc_HashGetDigestSize(WC_HASH_TYPE_MD4); +#ifndef NO_MD4 + if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG) + return -3083; +#else + if (ret != HASH_TYPE_E) + return -3084; +#endif + ret = wc_HashGetBlockSize(WC_HASH_TYPE_MD5_SHA); +#if !defined(NO_MD5) && !defined(NO_SHA) + if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG) + return -3085; +#else + if (ret != HASH_TYPE_E) + return -3086; +#endif + + for (i = 0; i < (int)(sizeof(typesSha3)/sizeof(*typesSha3)); i++) { + ret = wc_HashGetBlockSize(typesSha3[i]); + #ifdef WOLFSSL_SHA3 + if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG) + return -3087; + #else + if (ret != HASH_TYPE_E) + return -3088; + #endif + ret = wc_HashGetDigestSize(typesSha3[i]); + #ifdef WOLFSSL_SHA3 + if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG) + return -3089; + #else + if (ret != HASH_TYPE_E) + return -3090; + #endif + } + + ret = wc_HashGetBlockSize(WC_HASH_TYPE_BLAKE2B); + if (ret != BAD_FUNC_ARG) + return -3091; + ret = wc_HashGetDigestSize(WC_HASH_TYPE_BLAKE2B); + if (ret != BAD_FUNC_ARG) + return -3092; + + ret = wc_HashGetBlockSize(WC_HASH_TYPE_NONE); + if (ret != BAD_FUNC_ARG) + return -3093; + ret = wc_HashGetDigestSize(WC_HASH_TYPE_NONE); + if (ret != BAD_FUNC_ARG) + return -3094; + #ifndef NO_ASN #ifdef WOLFSSL_MD2 ret = wc_GetCTC_HashOID(MD2); if (ret == 0) - return -2483; + return -3095; #endif #ifndef NO_MD5 ret = wc_GetCTC_HashOID(WC_MD5); if (ret == 0) - return -2484; + return -3096; #endif #ifndef NO_SHA ret = wc_GetCTC_HashOID(WC_SHA); if (ret == 0) - return -2485; + return -3097; #endif #ifdef WOLFSSL_SHA224 ret = wc_GetCTC_HashOID(WC_SHA224); if (ret == 0) - return -2486; + return -3098; #endif #ifndef NO_SHA256 ret = wc_GetCTC_HashOID(WC_SHA256); if (ret == 0) - return -2487; + return -3099; #endif #ifdef WOLFSSL_SHA384 ret = wc_GetCTC_HashOID(WC_SHA384); if (ret == 0) - return -2488; + return -3100; #endif #ifdef WOLFSSL_SHA512 ret = wc_GetCTC_HashOID(WC_SHA512); if (ret == 0) - return -2489; + return -3101; #endif ret = wc_GetCTC_HashOID(-1); if (ret != 0) - return -2490; + return -3102; #endif return 0; @@ -2811,30 +3006,30 @@ int hmac_md5_test(void) #endif if (wc_HmacInit(&hmac, HEAP_HINT, devId) != 0) { - return -2500; + return -3200; } ret = wc_HmacSetKey(&hmac, WC_MD5, (byte*)keys[i], (word32)XSTRLEN(keys[i])); if (ret != 0) - return -2501; + return -3201; ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input, (word32)test_hmac[i].inLen); if (ret != 0) - return -2502; + return -3202; ret = wc_HmacFinal(&hmac, hash); if (ret != 0) - return -2503; + return -3203; if (XMEMCMP(hash, test_hmac[i].output, WC_MD5_DIGEST_SIZE) != 0) - return -2504 - i; + return -3204 - i; wc_HmacFree(&hmac); } #ifndef HAVE_FIPS if (wc_HmacSizeByType(WC_MD5) != WC_MD5_DIGEST_SIZE) - return -2514; + return -3214; #endif return 0; @@ -2894,29 +3089,29 @@ int hmac_sha_test(void) #endif if (wc_HmacInit(&hmac, HEAP_HINT, devId) != 0) - return -20010; + return -3300; ret = wc_HmacSetKey(&hmac, WC_SHA, (byte*)keys[i], (word32)XSTRLEN(keys[i])); if (ret != 0) - return -2601; + return -3301; ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input, (word32)test_hmac[i].inLen); if (ret != 0) - return -2602; + return -3302; ret = wc_HmacFinal(&hmac, hash); if (ret != 0) - return -2603; + return -3303; if (XMEMCMP(hash, test_hmac[i].output, WC_SHA_DIGEST_SIZE) != 0) - return -2604 - i; + return -3304 - i; wc_HmacFree(&hmac); } #ifndef HAVE_FIPS if (wc_HmacSizeByType(WC_SHA) != WC_SHA_DIGEST_SIZE) - return -2614; + return -3314; #endif return 0; @@ -2936,11 +3131,16 @@ int hmac_sha224_test(void) "\x0b\x0b\x0b", "Jefe", "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" - "\xAA\xAA\xAA" + "\xAA\xAA\xAA", + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" }; - testVector a, b, c; - testVector test_hmac[3]; + testVector a, b, c, d; + testVector test_hmac[4]; int ret; int times = sizeof(test_hmac) / sizeof(testVector), i; @@ -2966,9 +3166,16 @@ int hmac_sha224_test(void) c.inLen = XSTRLEN(c.input); c.outLen = WC_SHA224_DIGEST_SIZE; + d.input = "Big Key Input"; + d.output = "\xe7\x4e\x2b\x8a\xa9\xf0\x37\x2f\xed\xae\x70\x0c\x49\x47\xf1" + "\x46\x54\xa7\x32\x6b\x55\x01\x87\xd2\xc8\x02\x0e\x3a"; + d.inLen = XSTRLEN(d.input); + d.outLen = WC_SHA224_DIGEST_SIZE; + test_hmac[0] = a; test_hmac[1] = b; test_hmac[2] = c; + test_hmac[3] = d; for (i = 0; i < times; ++i) { #if defined(HAVE_FIPS) || defined(HAVE_CAVIUM) @@ -2977,29 +3184,29 @@ int hmac_sha224_test(void) #endif if (wc_HmacInit(&hmac, HEAP_HINT, devId) != 0) - return -2700; + return -3400; ret = wc_HmacSetKey(&hmac, WC_SHA224, (byte*)keys[i], (word32)XSTRLEN(keys[i])); if (ret != 0) - return -2701; + return -3401; ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input, (word32)test_hmac[i].inLen); if (ret != 0) - return -2702; + return -3402; ret = wc_HmacFinal(&hmac, hash); if (ret != 0) - return -2703; + return -3403; if (XMEMCMP(hash, test_hmac[i].output, WC_SHA224_DIGEST_SIZE) != 0) - return -2704 - i; + return -3404 - i; wc_HmacFree(&hmac); } #ifndef HAVE_FIPS if (wc_HmacSizeByType(WC_SHA224) != WC_SHA224_DIGEST_SIZE) - return -2714; + return -3414; #endif return 0; @@ -3019,11 +3226,13 @@ int hmac_sha256_test(void) "\x0b\x0b\x0b", "Jefe", "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" - "\xAA\xAA\xAA" + "\xAA\xAA\xAA", + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA", }; - testVector a, b, c; - testVector test_hmac[3]; + testVector a, b, c, d; + testVector test_hmac[4]; int ret; int times = sizeof(test_hmac) / sizeof(testVector), i; @@ -3052,9 +3261,17 @@ int hmac_sha256_test(void) c.inLen = XSTRLEN(c.input); c.outLen = WC_SHA256_DIGEST_SIZE; + d.input = 0; + d.output = "\x86\xe5\x4f\xd4\x48\x72\x5d\x7e\x5d\xcf\xe2\x23\x53\xc8\x28" + "\xaf\x48\x78\x1e\xb4\x8c\xae\x81\x06\xa7\xe1\xd4\x98\x94\x9f" + "\x3e\x46"; + d.inLen = 0; + d.outLen = WC_SHA256_DIGEST_SIZE; + test_hmac[0] = a; test_hmac[1] = b; test_hmac[2] = c; + test_hmac[3] = d; for (i = 0; i < times; ++i) { #if defined(HAVE_FIPS) || defined(HAVE_CAVIUM) @@ -3063,34 +3280,36 @@ int hmac_sha256_test(void) #endif if (wc_HmacInit(&hmac, HEAP_HINT, devId) != 0) - return -2800; + return -3500 - i; ret = wc_HmacSetKey(&hmac, WC_SHA256, (byte*)keys[i], (word32)XSTRLEN(keys[i])); if (ret != 0) - return -2801; - ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input, - (word32)test_hmac[i].inLen); - if (ret != 0) - return -2802; + return -3510 - i; + if (test_hmac[i].input != NULL) { + ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input, + (word32)test_hmac[i].inLen); + if (ret != 0) + return -3520 - i; + } ret = wc_HmacFinal(&hmac, hash); if (ret != 0) - return -2803; + return -3530 - i; if (XMEMCMP(hash, test_hmac[i].output, WC_SHA256_DIGEST_SIZE) != 0) - return -2804 - i; + return -3540 - i; wc_HmacFree(&hmac); } #ifndef HAVE_FIPS if (wc_HmacSizeByType(WC_SHA256) != WC_SHA256_DIGEST_SIZE) - return -2814; + return -3550; if (wc_HmacSizeByType(20) != BAD_FUNC_ARG) - return -2815; + return -3551; #endif if (wolfSSL_GetHmacMaxSize() != WC_MAX_DIGEST_SIZE) - return -2816; + return -3552; return 0; } @@ -3155,30 +3374,30 @@ int hmac_blake2b_test(void) #if defined(HAVE_CAVIUM) && !defined(HAVE_CAVIUM_V) /* Blake2 only supported on Cavium Nitrox III */ if (wc_HmacInit(&hmac, HEAP_HINT, devId) != 0) - return -2900; + return -3600; #endif ret = wc_HmacSetKey(&hmac, BLAKE2B_ID, (byte*)keys[i], (word32)XSTRLEN(keys[i])); if (ret != 0) - return -2901; + return -3601; ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input, (word32)test_hmac[i].inLen); if (ret != 0) - return -2902; + return -3602; ret = wc_HmacFinal(&hmac, hash); if (ret != 0) - return -2903; + return -3603; if (XMEMCMP(hash, test_hmac[i].output, BLAKE2B_256) != 0) - return -2904 - i; + return -3604 - i; wc_HmacFree(&hmac); } #ifndef HAVE_FIPS if (wc_HmacSizeByType(BLAKE2B_ID) != BLAKE2B_OUTBYTES) - return -2914; + return -3614; #endif return 0; @@ -3198,11 +3417,20 @@ int hmac_sha384_test(void) "\x0b\x0b\x0b", "Jefe", "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" - "\xAA\xAA\xAA" + "\xAA\xAA\xAA", + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" }; - testVector a, b, c; - testVector test_hmac[3]; + testVector a, b, c, d; + testVector test_hmac[4]; int ret; int times = sizeof(test_hmac) / sizeof(testVector), i; @@ -3234,9 +3462,18 @@ int hmac_sha384_test(void) c.inLen = XSTRLEN(c.input); c.outLen = WC_SHA384_DIGEST_SIZE; + d.input = "Big Key Input"; + d.output = "\xd2\x3d\x29\x6e\xf5\x1e\x23\x23\x49\x18\xb3\xbf\x4c\x38\x7b" + "\x31\x21\x17\xbb\x09\x73\x27\xf8\x12\x9d\xe9\xc6\x5d\xf9\x54" + "\xd6\x38\x5a\x68\x53\x14\xee\xe0\xa6\x4f\x36\x7e\xb2\xf3\x1a" + "\x57\x41\x69"; + d.inLen = XSTRLEN(d.input); + d.outLen = WC_SHA384_DIGEST_SIZE; + test_hmac[0] = a; test_hmac[1] = b; test_hmac[2] = c; + test_hmac[3] = d; for (i = 0; i < times; ++i) { #if defined(HAVE_FIPS) @@ -3245,29 +3482,29 @@ int hmac_sha384_test(void) #endif if (wc_HmacInit(&hmac, HEAP_HINT, devId) != 0) - return -3000; + return -3700; ret = wc_HmacSetKey(&hmac, WC_SHA384, (byte*)keys[i], (word32)XSTRLEN(keys[i])); if (ret != 0) - return -3001; + return -3701; ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input, (word32)test_hmac[i].inLen); if (ret != 0) - return -3002; + return -3702; ret = wc_HmacFinal(&hmac, hash); if (ret != 0) - return -3003; + return -3703; if (XMEMCMP(hash, test_hmac[i].output, WC_SHA384_DIGEST_SIZE) != 0) - return -3004 - i; + return -3704 - i; wc_HmacFree(&hmac); } #ifndef HAVE_FIPS if (wc_HmacSizeByType(WC_SHA384) != WC_SHA384_DIGEST_SIZE) - return -3013; + return -3714; #endif return 0; @@ -3287,11 +3524,20 @@ int hmac_sha512_test(void) "\x0b\x0b\x0b", "Jefe", "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" - "\xAA\xAA\xAA" + "\xAA\xAA\xAA", + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" }; - testVector a, b, c; - testVector test_hmac[3]; + testVector a, b, c, d; + testVector test_hmac[4]; int ret; int times = sizeof(test_hmac) / sizeof(testVector), i; @@ -3326,9 +3572,19 @@ int hmac_sha512_test(void) c.inLen = XSTRLEN(c.input); c.outLen = WC_SHA512_DIGEST_SIZE; + d.input = "Big Key Input"; + d.output = "\x3f\xa9\xc9\xe1\xbd\xbb\x04\x55\x1f\xef\xcc\x92\x33\x08\xeb" + "\xcf\xc1\x9a\x5b\x5b\xc0\x7c\x86\x84\xae\x8c\x40\xaf\xb1\x27" + "\x87\x38\x92\x04\xa8\xed\xd7\xd7\x07\xa9\x85\xa0\xc2\xcd\x30" + "\xc0\x56\x14\x49\xbc\x2f\x69\x15\x6a\x97\xd8\x79\x2f\xb3\x3b" + "\x1e\x18\xfe\xfa"; + d.inLen = XSTRLEN(d.input); + d.outLen = WC_SHA512_DIGEST_SIZE; + test_hmac[0] = a; test_hmac[1] = b; test_hmac[2] = c; + test_hmac[3] = d; for (i = 0; i < times; ++i) { #if defined(HAVE_FIPS) @@ -3337,29 +3593,29 @@ int hmac_sha512_test(void) #endif if (wc_HmacInit(&hmac, HEAP_HINT, devId) != 0) - return -3100; + return -3800; ret = wc_HmacSetKey(&hmac, WC_SHA512, (byte*)keys[i], (word32)XSTRLEN(keys[i])); if (ret != 0) - return -3101; + return -3801; ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input, (word32)test_hmac[i].inLen); if (ret != 0) - return -3102; + return -3802; ret = wc_HmacFinal(&hmac, hash); if (ret != 0) - return -3103; + return -3803; if (XMEMCMP(hash, test_hmac[i].output, WC_SHA512_DIGEST_SIZE) != 0) - return -3104 - i; + return -3804 - i; wc_HmacFree(&hmac); } #ifndef HAVE_FIPS if (wc_HmacSizeByType(WC_SHA512) != WC_SHA512_DIGEST_SIZE) - return -3113; + return -3814; #endif return 0; @@ -3373,7 +3629,7 @@ int hmac_sha3_test(void) Hmac hmac; byte hash[WC_SHA3_512_DIGEST_SIZE]; - const char* key[3] = + const char* key[4] = { "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b" "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b", @@ -3381,10 +3637,21 @@ int hmac_sha3_test(void) "Jefe", "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" - "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa", + + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" }; - const char* input[3] = + const char* input[4] = { "Hi There", @@ -3394,7 +3661,9 @@ int hmac_sha3_test(void) "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd" "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd" "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd" - "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd" + "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd", + + "Big Key Input" }; const int hashType[4] = @@ -3408,7 +3677,7 @@ int hmac_sha3_test(void) WC_SHA3_384_DIGEST_SIZE, WC_SHA3_512_DIGEST_SIZE }; - const char* output[12] = + const char* output[16] = { /* key = 0b..., input = Hi There */ /* HMAC-SHA3-224 */ @@ -3459,7 +3728,25 @@ int hmac_sha3_test(void) "\x30\x9e\x99\xf9\xec\x07\x5e\xc6\xc6\xd4\x75\xed\xa1\x18\x06\x87" "\xfc\xf1\x53\x11\x95\x80\x2a\x99\xb5\x67\x74\x49\xa8\x62\x51\x82" "\x85\x1c\xb3\x32\xaf\xb6\xa8\x9c\x41\x13\x25\xfb\xcb\xcd\x42\xaf" - "\xcb\x7b\x6e\x5a\xab\x7e\xa4\x2c\x66\x0f\x97\xfd\x85\x84\xbf\x03" + "\xcb\x7b\x6e\x5a\xab\x7e\xa4\x2c\x66\x0f\x97\xfd\x85\x84\xbf\x03", + + /* key = big key, input = Big Key Input */ + /* HMAC-SHA3-224 */ + "\x29\xe0\x5e\x46\xc4\xa4\x5e\x46\x74\xbf\xd7\x2d\x1a\xd8\x66\xdb" + "\x2d\x0d\x10\x4e\x2b\xfa\xad\x53\x7d\x15\x69\x8b", + /* HMAC-SHA3-256 */ + "\xb5\x5b\x8d\x64\xb6\x9c\x21\xd0\xbf\x20\x5c\xa2\xf7\xb9\xb1\x4e" + "\x88\x21\x61\x2c\x66\xc3\x91\xae\x6c\x95\x16\x85\x83\xe6\xf4\x9b", + /* HMAC-SHA3-384 */ + "\xaa\x91\xb3\xa6\x2f\x56\xa1\xbe\x8c\x3e\x74\x38\xdb\x58\xd9\xd3" + "\x34\xde\xa0\x60\x6d\x8d\x46\xe0\xec\xa9\xf6\x06\x35\x14\xe6\xed" + "\x83\xe6\x7c\x77\x24\x6c\x11\xb5\x90\x82\xb5\x75\xda\x7b\x83\x2d", + /* HMAC-SHA3-512 */ + "\x1c\xc3\xa9\x24\x4a\x4a\x3f\xbd\xc7\x20\x00\x16\x9b\x79\x47\x03" + "\x78\x75\x2c\xb5\xf1\x2e\x62\x7c\xbe\xef\x4e\x8f\x0b\x11\x2b\x32" + "\xa0\xee\xc9\xd0\x4d\x64\x64\x0b\x37\xf4\xdd\x66\xf7\x8b\xb3\xad" + "\x52\x52\x6b\x65\x12\xde\x0d\x7c\xc0\x8b\x60\x01\x6c\x37\xd7\xa8" + }; int i, iMax = sizeof(input) / sizeof(input[0]), @@ -3469,24 +3756,32 @@ int hmac_sha3_test(void) for (i = 0; i < iMax; i++) { for (j = 0; j < jMax; j++) { if (wc_HmacInit(&hmac, HEAP_HINT, devId) != 0) - return -3114; + return -3900; ret = wc_HmacSetKey(&hmac, hashType[j], (byte*)key[i], - (word32)XSTRLEN(key[i])); + (word32)XSTRLEN(key[i])); if (ret != 0) - return -3115; + return -3901; ret = wc_HmacUpdate(&hmac, (byte*)input[i], - (word32)XSTRLEN(input[i])); + (word32)XSTRLEN(input[i])); if (ret != 0) - return -3116; + return -3902; ret = wc_HmacFinal(&hmac, hash); if (ret != 0) - return -3117; - + return -3903; if (XMEMCMP(hash, output[(i*jMax) + j], hashSz[j]) != 0) - return -3118; + return -3904; wc_HmacFree(&hmac); + + if (i > 0) + continue; + + #ifndef HAVE_FIPS + ret = wc_HmacSizeByType(hashType[j]); + if (ret != hashSz[j]) + return -3905; + #endif } } @@ -3547,9 +3842,9 @@ int arc4_test(void) keylen = 4; if (wc_Arc4Init(&enc, HEAP_HINT, devId) != 0) - return -3200; + return -4000; if (wc_Arc4Init(&dec, HEAP_HINT, devId) != 0) - return -3201; + return -4001; wc_Arc4SetKey(&enc, (byte*)keys[i], keylen); wc_Arc4SetKey(&dec, (byte*)keys[i], keylen); @@ -3559,10 +3854,10 @@ int arc4_test(void) wc_Arc4Process(&dec, plain, cipher, (word32)test_arc4[i].outLen); if (XMEMCMP(plain, test_arc4[i].input, test_arc4[i].outLen)) - return -3202 - i; + return -4002 - i; if (XMEMCMP(cipher, test_arc4[i].output, test_arc4[i].outLen)) - return -3212 - i; + return -4012 - i; wc_Arc4Free(&enc); wc_Arc4Free(&dec); @@ -3641,18 +3936,18 @@ int hc128_test(void) XMEMCPY(plain, test_hc128[i].input, test_hc128[i].outLen); if (wc_Hc128_Process(&enc, cipher, plain, (word32)test_hc128[i].outLen) != 0) { - return -3300; + return -4100; } if (wc_Hc128_Process(&dec, plain, cipher, (word32)test_hc128[i].outLen) != 0) { - return -3301; + return -4101; } if (XMEMCMP(plain, test_hc128[i].input, test_hc128[i].outLen)) - return -3302 - i; + return -4102 - i; if (XMEMCMP(cipher, test_hc128[i].output, test_hc128[i].outLen)) - return -3312 - i; + return -4112 - i; } #endif /* HAVE_HC128 */ @@ -3725,10 +4020,10 @@ int rabbit_test(void) wc_RabbitProcess(&dec, plain, cipher, (word32)test_rabbit[i].outLen); if (XMEMCMP(plain, test_rabbit[i].input, test_rabbit[i].outLen)) - return -3400 - i; + return -4200 - i; if (XMEMCMP(cipher, test_rabbit[i].output, test_rabbit[i].outLen)) - return -3410 - i; + return -4210 - i; } return 0; @@ -3834,10 +4129,10 @@ int chacha_test(void) return ret; if (XMEMCMP(test_chacha[i], cipher, 8)) - return -3500 - i; + return -4300 - i; if (XMEMCMP(plain, input, 8)) - return -3510 - i; + return -4310 - i; } /* test of starting at a different counter @@ -3863,7 +4158,7 @@ int chacha_test(void) return ret; if (XMEMCMP(plain + 64, sliver, 64)) - return -3520; + return -4320; return 0; } @@ -4036,33 +4331,33 @@ int poly1305_test(void) for (i = 0; i < 6; i++) { ret = wc_Poly1305SetKey(&enc, keys[i], 32); if (ret != 0) - return -3600 - i; + return -4400 - i; ret = wc_Poly1305Update(&enc, msgs[i], szm[i]); if (ret != 0) - return -3610 - i; + return -4410 - i; ret = wc_Poly1305Final(&enc, tag); if (ret != 0) - return -3620 - i; + return -4420 - i; if (XMEMCMP(tag, tests[i], sizeof(tag))) - return -3630 - i; + return -4430 - i; } /* Check TLS MAC function from 2.8.2 https://tools.ietf.org/html/rfc7539 */ XMEMSET(tag, 0, sizeof(tag)); ret = wc_Poly1305SetKey(&enc, key4, sizeof(key4)); if (ret != 0) - return -3650; + return -4440; ret = wc_Poly1305_MAC(&enc, additional, sizeof(additional), (byte*)msg4, sizeof(msg4), tag, sizeof(tag)); if (ret != 0) - return -3651; + return -4441; if (XMEMCMP(tag, correct4, sizeof(tag))) - return -3652; + return -4442; /* Check fail of TLS MAC function if altering additional data */ XMEMSET(tag, 0, sizeof(tag)); @@ -4070,10 +4365,10 @@ int poly1305_test(void) ret = wc_Poly1305_MAC(&enc, additional, sizeof(additional), (byte*)msg4, sizeof(msg4), tag, sizeof(tag)); if (ret != 0) - return -3653; + return -4443; if (XMEMCMP(tag, correct4, sizeof(tag)) == 0) - return -3654; + return -4444; return 0; @@ -4258,53 +4553,53 @@ int chacha20_poly1305_aead_test(void) err = wc_ChaCha20Poly1305_Encrypt(NULL, iv1, aad1, sizeof(aad1), plaintext1, sizeof(plaintext1), generatedCiphertext, generatedAuthTag); if (err != BAD_FUNC_ARG) - return -3700; + return -4500; err = wc_ChaCha20Poly1305_Encrypt(key1, NULL, aad1, sizeof(aad1), plaintext1, sizeof(plaintext1), generatedCiphertext, generatedAuthTag); if (err != BAD_FUNC_ARG) - return -3701; + return -4501; err = wc_ChaCha20Poly1305_Encrypt(key1, iv1, aad1, sizeof(aad1), NULL, sizeof(plaintext1), generatedCiphertext, generatedAuthTag); if (err != BAD_FUNC_ARG) - return -3702; + return -4502; err = wc_ChaCha20Poly1305_Encrypt(key1, iv1, aad1, sizeof(aad1), plaintext1, sizeof(plaintext1), NULL, generatedAuthTag); if (err != BAD_FUNC_ARG) - return -3703; + return -4503; err = wc_ChaCha20Poly1305_Encrypt(key1, iv1, aad1, sizeof(aad1), plaintext1, sizeof(plaintext1), generatedCiphertext, NULL); if (err != BAD_FUNC_ARG) - return -3704; + return -4504; err = wc_ChaCha20Poly1305_Encrypt(key1, iv1, aad1, sizeof(aad1), plaintext1, 0, generatedCiphertext, generatedAuthTag); if (err != BAD_FUNC_ARG) - return -3705; + return -4505; /* Decrypt */ err = wc_ChaCha20Poly1305_Decrypt(NULL, iv2, aad2, sizeof(aad2), cipher2, sizeof(cipher2), authTag2, generatedPlaintext); if (err != BAD_FUNC_ARG) - return -3706; + return -4506; err = wc_ChaCha20Poly1305_Decrypt(key2, NULL, aad2, sizeof(aad2), cipher2, sizeof(cipher2), authTag2, generatedPlaintext); if (err != BAD_FUNC_ARG) - return -3707; + return -4507; err = wc_ChaCha20Poly1305_Decrypt(key2, iv2, aad2, sizeof(aad2), NULL, sizeof(cipher2), authTag2, generatedPlaintext); if (err != BAD_FUNC_ARG) - return -3708; + return -4508; err = wc_ChaCha20Poly1305_Decrypt(key2, iv2, aad2, sizeof(aad2), cipher2, sizeof(cipher2), NULL, generatedPlaintext); if (err != BAD_FUNC_ARG) - return -3709; + return -4509; err = wc_ChaCha20Poly1305_Decrypt(key2, iv2, aad2, sizeof(aad2), cipher2, sizeof(cipher2), authTag2, NULL); if (err != BAD_FUNC_ARG) - return -3710; + return -4510; err = wc_ChaCha20Poly1305_Decrypt(key2, iv2, aad2, sizeof(aad2), cipher2, 0, authTag2, generatedPlaintext); if (err != BAD_FUNC_ARG) - return -3711; + return -4511; /* Test #1 */ @@ -4319,11 +4614,11 @@ int chacha20_poly1305_aead_test(void) /* -- Check the ciphertext and authtag */ if (XMEMCMP(generatedCiphertext, cipher1, sizeof(cipher1))) { - return -3712; + return -4512; } if (XMEMCMP(generatedAuthTag, authTag1, sizeof(authTag1))) { - return -3713; + return -4513; } /* -- Verify decryption works */ @@ -4337,7 +4632,7 @@ int chacha20_poly1305_aead_test(void) } if (XMEMCMP(generatedPlaintext, plaintext1, sizeof( plaintext1))) { - return -3714; + return -4514; } XMEMSET(generatedCiphertext, 0, sizeof(generatedCiphertext)); @@ -4357,11 +4652,11 @@ int chacha20_poly1305_aead_test(void) /* -- Check the ciphertext and authtag */ if (XMEMCMP(generatedCiphertext, cipher2, sizeof(cipher2))) { - return -3715; + return -4515; } if (XMEMCMP(generatedAuthTag, authTag2, sizeof(authTag2))) { - return -3716; + return -4516; } /* -- Verify decryption works */ @@ -4375,7 +4670,7 @@ int chacha20_poly1305_aead_test(void) } if (XMEMCMP(generatedPlaintext, plaintext2, sizeof(plaintext2))) { - return -3717; + return -4517; } return err; @@ -4419,25 +4714,25 @@ int des_test(void) ret = wc_Des_SetKey(&enc, key, iv, DES_ENCRYPTION); if (ret != 0) - return -3800; + return -4600; ret = wc_Des_CbcEncrypt(&enc, cipher, vector, sizeof(vector)); if (ret != 0) - return -3801; + return -4601; ret = wc_Des_SetKey(&dec, key, iv, DES_DECRYPTION); if (ret != 0) - return -3802; + return -4602; ret = wc_Des_CbcDecrypt(&dec, plain, cipher, sizeof(cipher)); if (ret != 0) - return -3803; + return -4603; if (XMEMCMP(plain, vector, sizeof(plain))) - return -3804; + return -4604; if (XMEMCMP(cipher, verify, sizeof(cipher))) - return -3805; + return -4605; return 0; } @@ -4484,34 +4779,34 @@ int des3_test(void) if (wc_Des3Init(&enc, HEAP_HINT, devId) != 0) - return -3900; + return -4700; if (wc_Des3Init(&dec, HEAP_HINT, devId) != 0) - return -3901; + return -4701; ret = wc_Des3_SetKey(&enc, key3, iv3, DES_ENCRYPTION); if (ret != 0) - return -3902; + return -4702; ret = wc_Des3_SetKey(&dec, key3, iv3, DES_DECRYPTION); if (ret != 0) - return -3903; + return -4703; ret = wc_Des3_CbcEncrypt(&enc, cipher, vector, sizeof(vector)); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &enc.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (ret != 0) - return -3904; + return -4704; ret = wc_Des3_CbcDecrypt(&dec, plain, cipher, sizeof(cipher)); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &dec.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (ret != 0) - return -3905; + return -4705; if (XMEMCMP(plain, vector, sizeof(plain))) - return -3906; + return -4706; if (XMEMCMP(cipher, verify3, sizeof(cipher))) - return -3907; + return -4707; #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) /* test the same vectors with using compatibility layer */ @@ -4535,10 +4830,10 @@ int des3_test(void) &iv4, DES_DECRYPT); if (XMEMCMP(plain, vector, sizeof(plain))) - return -37; + return -4708; if (XMEMCMP(cipher, verify3, sizeof(cipher))) - return -38; + return -4709; } #endif /* OPENSSL_EXTRA */ @@ -4669,39 +4964,39 @@ int des3_test(void) /* 128 key tests */ ret = wc_AesSetKey(&enc, key1, AES_BLOCK_SIZE, iv, AES_ENCRYPTION); if (ret != 0) - return -1101; + return -4710; #ifdef HAVE_AES_DECRYPT /* decrypt uses AES_ENCRYPTION */ ret = wc_AesSetKey(&dec, key1, AES_BLOCK_SIZE, iv, AES_ENCRYPTION); if (ret != 0) - return -1102; + return -4711; #endif XMEMSET(cipher, 0, sizeof(cipher)); ret = wc_AesCfbEncrypt(&enc, cipher, msg1, AES_BLOCK_SIZE * 2); if (ret != 0) - return -1105; + return -4712; if (XMEMCMP(cipher, cipher1, AES_BLOCK_SIZE * 2)) - return -1106; + return -4713; /* test restarting encryption process */ ret = wc_AesCfbEncrypt(&enc, cipher + (AES_BLOCK_SIZE * 2), msg1 + (AES_BLOCK_SIZE * 2), AES_BLOCK_SIZE); if (ret != 0) - return -1107; + return -4714; if (XMEMCMP(cipher + (AES_BLOCK_SIZE * 2), cipher1 + (AES_BLOCK_SIZE * 2), AES_BLOCK_SIZE)) - return -1108; + return -4715; #ifdef HAVE_AES_DECRYPT ret = wc_AesCfbDecrypt(&dec, plain, cipher, AES_BLOCK_SIZE * 3); if (ret != 0) - return -1109; + return -4716; if (XMEMCMP(plain, msg1, AES_BLOCK_SIZE * 3)) - return -1110; + return -4717; #endif /* HAVE_AES_DECRYPT */ #endif /* WOLFSSL_AES_128 */ @@ -4709,29 +5004,29 @@ int des3_test(void) /* 192 key size test */ ret = wc_AesSetKey(&enc, key2, sizeof(key2), iv, AES_ENCRYPTION); if (ret != 0) - return -1111; + return -4718; #ifdef HAVE_AES_DECRYPT /* decrypt uses AES_ENCRYPTION */ ret = wc_AesSetKey(&dec, key2, sizeof(key2), iv, AES_ENCRYPTION); if (ret != 0) - return -1112; + return -4719; #endif XMEMSET(cipher, 0, sizeof(cipher)); ret = wc_AesCfbEncrypt(&enc, cipher, msg2, AES_BLOCK_SIZE * 4); if (ret != 0) - return -1113; + return -4720; if (XMEMCMP(cipher, cipher2, AES_BLOCK_SIZE * 4)) - return -1114; + return -4721; #ifdef HAVE_AES_DECRYPT ret = wc_AesCfbDecrypt(&dec, plain, cipher, AES_BLOCK_SIZE * 4); if (ret != 0) - return -1115; + return -4722; if (XMEMCMP(plain, msg2, AES_BLOCK_SIZE * 4)) - return -1116; + return -4723; #endif /* HAVE_AES_DECRYPT */ #endif /* WOLFSSL_AES_192 */ @@ -4739,64 +5034,64 @@ int des3_test(void) /* 256 key size test */ ret = wc_AesSetKey(&enc, key3, sizeof(key3), iv, AES_ENCRYPTION); if (ret != 0) - return -1117; + return -4724; #ifdef HAVE_AES_DECRYPT /* decrypt uses AES_ENCRYPTION */ ret = wc_AesSetKey(&dec, key3, sizeof(key3), iv, AES_ENCRYPTION); if (ret != 0) - return -1118; + return -4725; #endif /* test with data left overs, magic lengths are checking near edges */ XMEMSET(cipher, 0, sizeof(cipher)); ret = wc_AesCfbEncrypt(&enc, cipher, msg3, 4); if (ret != 0) - return -1119; + return -4726; if (XMEMCMP(cipher, cipher3, 4)) - return -1120; + return -4727; ret = wc_AesCfbEncrypt(&enc, cipher + 4, msg3 + 4, 27); if (ret != 0) - return -1121; + return -4728; if (XMEMCMP(cipher + 4, cipher3 + 4, 27)) - return -1122; + return -4729; ret = wc_AesCfbEncrypt(&enc, cipher + 31, msg3 + 31, (AES_BLOCK_SIZE * 4) - 31); if (ret != 0) - return -1123; + return -4730; if (XMEMCMP(cipher, cipher3, AES_BLOCK_SIZE * 4)) - return -1124; + return -4731; #ifdef HAVE_AES_DECRYPT ret = wc_AesCfbDecrypt(&dec, plain, cipher, 4); if (ret != 0) - return -1125; + return -4732; if (XMEMCMP(plain, msg3, 4)) - return -1126; + return -4733; ret = wc_AesCfbDecrypt(&dec, plain + 4, cipher + 4, 4); if (ret != 0) - return -1127; + return -4734; ret = wc_AesCfbDecrypt(&dec, plain + 8, cipher + 8, 23); if (ret != 0) - return -1128; + return -4735; if (XMEMCMP(plain + 4, msg3 + 4, 27)) - return -1129; + return -4736; ret = wc_AesCfbDecrypt(&dec, plain + 31, cipher + 31, (AES_BLOCK_SIZE * 4) - 31); if (ret != 0) - return -1130; + return -4737; if (XMEMCMP(plain, msg3, AES_BLOCK_SIZE * 4)) - return -1131; + return -4738; #endif /* HAVE_AES_DECRYPT */ #endif /* WOLFSSL_AES_256 */ @@ -4825,27 +5120,27 @@ static int aes_key_size_test(void) #ifdef WC_INITAES_H ret = wc_InitAes_h(NULL, NULL); if (ret != BAD_FUNC_ARG) - return -4000; + return -4800; ret = wc_InitAes_h(&aes, NULL); if (ret != 0) - return -4001; + return -4801; #endif #ifndef HAVE_FIPS /* Parameter Validation testing. */ ret = wc_AesGetKeySize(NULL, NULL); if (ret != BAD_FUNC_ARG) - return -4002; + return -4802; ret = wc_AesGetKeySize(&aes, NULL); if (ret != BAD_FUNC_ARG) - return -4003; + return -4803; ret = wc_AesGetKeySize(NULL, &keySize); if (ret != BAD_FUNC_ARG) - return -4004; + return -4804; /* Crashes in FIPS */ ret = wc_AesSetKey(NULL, key16, sizeof(key16), iv, AES_ENCRYPTION); if (ret != BAD_FUNC_ARG) - return -4005; + return -4805; #endif /* NULL IV indicates to use all zeros IV. */ ret = wc_AesSetKey(&aes, key16, sizeof(key16), NULL, AES_ENCRYPTION); @@ -4854,16 +5149,16 @@ static int aes_key_size_test(void) #else if (ret != BAD_FUNC_ARG) #endif - return -4006; + return -4806; ret = wc_AesSetKey(&aes, key32, sizeof(key32) - 1, iv, AES_ENCRYPTION); if (ret != BAD_FUNC_ARG) - return -4007; + return -4807; #ifndef HAVE_FIPS /* Force invalid rounds */ aes.rounds = 16; ret = wc_AesGetKeySize(&aes, &keySize); if (ret != BAD_FUNC_ARG) - return -4008; + return -4808; #endif ret = wc_AesSetKey(&aes, key16, sizeof(key16), iv, AES_ENCRYPTION); @@ -4872,11 +5167,11 @@ static int aes_key_size_test(void) #else if (ret != BAD_FUNC_ARG) #endif - return -4009; + return -4809; #if !defined(HAVE_FIPS) && defined(WOLFSSL_AES_128) ret = wc_AesGetKeySize(&aes, &keySize); if (ret != 0 || keySize != sizeof(key16)) - return -4010; + return -4810; #endif ret = wc_AesSetKey(&aes, key24, sizeof(key24), iv, AES_ENCRYPTION); @@ -4885,11 +5180,11 @@ static int aes_key_size_test(void) #else if (ret != BAD_FUNC_ARG) #endif - return -4011; + return -4811; #if !defined(HAVE_FIPS) && defined(WOLFSSL_AES_192) ret = wc_AesGetKeySize(&aes, &keySize); if (ret != 0 || keySize != sizeof(key24)) - return -4012; + return -4812; #endif ret = wc_AesSetKey(&aes, key32, sizeof(key32), iv, AES_ENCRYPTION); @@ -4898,11 +5193,11 @@ static int aes_key_size_test(void) #else if (ret != BAD_FUNC_ARG) #endif - return -4013; + return -4813; #if !defined(HAVE_FIPS) && defined(WOLFSSL_AES_256) ret = wc_AesGetKeySize(&aes, &keySize); if (ret != 0 || keySize != sizeof(key32)) - return -4014; + return -4814; #endif return 0; @@ -4977,28 +5272,28 @@ static int aes_xts_128_test(void) XMEMSET(buf, 0, sizeof(buf)); if (wc_AesXtsSetKey(&aes, k2, sizeof(k2), AES_ENCRYPTION, HEAP_HINT, devId) != 0) - return -4000; + return -4900; ret = wc_AesXtsEncrypt(&aes, buf, p2, sizeof(p2), i2, sizeof(i2)); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (ret != 0) - return -4001; + return -4901; if (XMEMCMP(c2, buf, sizeof(c2))) - return -4002; + return -4902; XMEMSET(buf, 0, sizeof(buf)); if (wc_AesXtsSetKey(&aes, k1, sizeof(k1), AES_ENCRYPTION, HEAP_HINT, devId) != 0) - return -4003; + return -4903; ret = wc_AesXtsEncrypt(&aes, buf, p1, sizeof(p1), i1, sizeof(i1)); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (ret != 0) - return -4004; + return -4904; if (XMEMCMP(c1, buf, AES_BLOCK_SIZE)) - return -4005; + return -4905; /* partial block encryption test */ XMEMSET(cipher, 0, sizeof(cipher)); @@ -5007,22 +5302,22 @@ static int aes_xts_128_test(void) ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (ret != 0) - return -4006; + return -4906; wc_AesXtsFree(&aes); /* partial block decrypt test */ XMEMSET(buf, 0, sizeof(buf)); if (wc_AesXtsSetKey(&aes, k1, sizeof(k1), AES_DECRYPTION, HEAP_HINT, devId) != 0) - return -4007; + return -4907; ret = wc_AesXtsDecrypt(&aes, buf, cipher, sizeof(pp), i1, sizeof(i1)); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (ret != 0) - return -4008; + return -4908; if (XMEMCMP(pp, buf, sizeof(pp))) - return -4009; + return -4909; /* NIST decrypt test vector */ XMEMSET(buf, 0, sizeof(buf)); @@ -5031,9 +5326,9 @@ static int aes_xts_128_test(void) ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (ret != 0) - return -4010; + return -4910; if (XMEMCMP(p1, buf, AES_BLOCK_SIZE)) - return -4011; + return -4911; /* fail case with decrypting using wrong key */ XMEMSET(buf, 0, sizeof(buf)); @@ -5042,23 +5337,23 @@ static int aes_xts_128_test(void) ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (ret != 0) - return -4012; + return -4912; if (XMEMCMP(p2, buf, sizeof(p2)) == 0) /* fail case with wrong key */ - return -4013; + return -4913; /* set correct key and retest */ XMEMSET(buf, 0, sizeof(buf)); if (wc_AesXtsSetKey(&aes, k2, sizeof(k2), AES_DECRYPTION, HEAP_HINT, devId) != 0) - return -4014; + return -4914; ret = wc_AesXtsDecrypt(&aes, buf, c2, sizeof(c2), i2, sizeof(i2)); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (ret != 0) - return -4015; + return -4915; if (XMEMCMP(p2, buf, sizeof(p2))) - return -4016; + return -4916; wc_AesXtsFree(&aes); return ret; @@ -5149,28 +5444,28 @@ static int aes_xts_256_test(void) XMEMSET(buf, 0, sizeof(buf)); if (wc_AesXtsSetKey(&aes, k2, sizeof(k2), AES_ENCRYPTION, HEAP_HINT, devId) != 0) - return -4017; + return -5000; ret = wc_AesXtsEncrypt(&aes, buf, p2, sizeof(p2), i2, sizeof(i2)); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (ret != 0) - return -4018; + return -5001; if (XMEMCMP(c2, buf, sizeof(c2))) - return -4019; + return -5002; XMEMSET(buf, 0, sizeof(buf)); if (wc_AesXtsSetKey(&aes, k1, sizeof(k1), AES_ENCRYPTION, HEAP_HINT, devId) != 0) - return -4020; + return -5003; ret = wc_AesXtsEncrypt(&aes, buf, p1, sizeof(p1), i1, sizeof(i1)); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (ret != 0) - return -4021; + return -5004; if (XMEMCMP(c1, buf, AES_BLOCK_SIZE)) - return -4022; + return -5005; /* partial block encryption test */ XMEMSET(cipher, 0, sizeof(cipher)); @@ -5179,22 +5474,22 @@ static int aes_xts_256_test(void) ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (ret != 0) - return -4023; + return -5006; wc_AesXtsFree(&aes); /* partial block decrypt test */ XMEMSET(buf, 0, sizeof(buf)); if (wc_AesXtsSetKey(&aes, k1, sizeof(k1), AES_DECRYPTION, HEAP_HINT, devId) != 0) - return -4024; + return -5007; ret = wc_AesXtsDecrypt(&aes, buf, cipher, sizeof(pp), i1, sizeof(i1)); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (ret != 0) - return -4025; + return -5008; if (XMEMCMP(pp, buf, sizeof(pp))) - return -4026; + return -5009; /* NIST decrypt test vector */ XMEMSET(buf, 0, sizeof(buf)); @@ -5203,22 +5498,22 @@ static int aes_xts_256_test(void) ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (ret != 0) - return -4027; + return -5010; if (XMEMCMP(p1, buf, AES_BLOCK_SIZE)) - return -4028; + return -5011; XMEMSET(buf, 0, sizeof(buf)); if (wc_AesXtsSetKey(&aes, k2, sizeof(k2), AES_DECRYPTION, HEAP_HINT, devId) != 0) - return -4029; + return -5012; ret = wc_AesXtsDecrypt(&aes, buf, c2, sizeof(c2), i2, sizeof(i2)); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (ret != 0) - return -4030; + return -5013; if (XMEMCMP(p2, buf, sizeof(p2))) - return -4031; + return -5014; wc_AesXtsFree(&aes); return ret; @@ -5283,58 +5578,58 @@ static int aes_xts_sector_test(void) XMEMSET(buf, 0, sizeof(buf)); if (wc_AesXtsSetKey(&aes, k1, sizeof(k1), AES_ENCRYPTION, HEAP_HINT, devId) != 0) - return -4032; + return -5100; ret = wc_AesXtsEncryptSector(&aes, buf, p1, sizeof(p1), s1); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (ret != 0) - return -4033; + return -5101; if (XMEMCMP(c1, buf, AES_BLOCK_SIZE)) - return -4034; + return -5102; /* decrypt test */ XMEMSET(buf, 0, sizeof(buf)); if (wc_AesXtsSetKey(&aes, k1, sizeof(k1), AES_DECRYPTION, HEAP_HINT, devId) != 0) - return -4035; + return -5103; ret = wc_AesXtsDecryptSector(&aes, buf, c1, sizeof(c1), s1); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (ret != 0) - return -4036; + return -5104; if (XMEMCMP(p1, buf, AES_BLOCK_SIZE)) - return -4037; + return -5105; wc_AesXtsFree(&aes); /* 256 bit key tests */ XMEMSET(buf, 0, sizeof(buf)); if (wc_AesXtsSetKey(&aes, k2, sizeof(k2), AES_ENCRYPTION, HEAP_HINT, devId) != 0) - return -4038; + return -5106; ret = wc_AesXtsEncryptSector(&aes, buf, p2, sizeof(p2), s2); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (ret != 0) - return -4039; + return -5107; if (XMEMCMP(c2, buf, sizeof(c2))) - return -4040; + return -5108; /* decrypt test */ XMEMSET(buf, 0, sizeof(buf)); if (wc_AesXtsSetKey(&aes, k2, sizeof(k2), AES_DECRYPTION, HEAP_HINT, devId) != 0) - return -4041; + return -5109; ret = wc_AesXtsDecryptSector(&aes, buf, c2, sizeof(c2), s2); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (ret != 0) - return -4042; + return -5110; if (XMEMCMP(p2, buf, sizeof(p2))) - return -4043; + return -5111; wc_AesXtsFree(&aes); return ret; @@ -5371,47 +5666,47 @@ static int aes_xts_args_test(void) if (wc_AesXtsSetKey(NULL, k1, sizeof(k1), AES_ENCRYPTION, HEAP_HINT, devId) == 0) - return -4044; + return -5200; if (wc_AesXtsSetKey(&aes, NULL, sizeof(k1), AES_ENCRYPTION, HEAP_HINT, devId) == 0) - return -4045; + return -5201; /* encryption operations */ if (wc_AesXtsSetKey(&aes, k1, sizeof(k1), AES_ENCRYPTION, HEAP_HINT, devId) != 0) - return -4046; + return -5202; ret = wc_AesXtsEncryptSector(NULL, buf, p1, sizeof(p1), s1); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (ret == 0) - return -4047; + return -5203; ret = wc_AesXtsEncryptSector(&aes, NULL, p1, sizeof(p1), s1); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (ret == 0) - return -4048; + return -5204; wc_AesXtsFree(&aes); /* decryption operations */ if (wc_AesXtsSetKey(&aes, k1, sizeof(k1), AES_DECRYPTION, HEAP_HINT, devId) != 0) - return -4046; + return -5205; ret = wc_AesXtsDecryptSector(NULL, buf, c1, sizeof(c1), s1); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (ret == 0) - return -4049; + return -5206; ret = wc_AesXtsDecryptSector(&aes, NULL, c1, sizeof(c1), s1); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (ret == 0) - return -4050; + return -5207; wc_AesXtsFree(&aes); return 0; @@ -5436,24 +5731,24 @@ static int aes_cbc_test(void) /* Parameter Validation testing. */ ret = wc_AesCbcEncryptWithKey(cipher, msg, AES_BLOCK_SIZE, key, 17, NULL); if (ret != BAD_FUNC_ARG) - return -4100; + return -5300; #ifdef HAVE_AES_DECRYPT ret = wc_AesCbcDecryptWithKey(plain, cipher, AES_BLOCK_SIZE, key, 17, NULL); if (ret != BAD_FUNC_ARG) - return -4101; + return -5301; #endif ret = wc_AesCbcEncryptWithKey(cipher, msg, AES_BLOCK_SIZE, key, AES_BLOCK_SIZE, iv); if (ret != 0) - return -4102; + return -5302; #ifdef HAVE_AES_DECRYPT ret = wc_AesCbcDecryptWithKey(plain, cipher, AES_BLOCK_SIZE, key, AES_BLOCK_SIZE, iv); if (ret != 0) - return -4103; + return -5303; if (XMEMCMP(plain, msg, AES_BLOCK_SIZE) != 0) - return -4104; + return -5304; #endif /* HAVE_AES_DECRYPT */ (void)plain; @@ -5492,18 +5787,18 @@ int aes_test(void) #ifdef WOLFSSL_ASYNC_CRYPT if (wc_AesInit(&enc, HEAP_HINT, devId) != 0) - return -4200; + return -5400; if (wc_AesInit(&dec, HEAP_HINT, devId) != 0) - return -4201; + return -5401; #endif ret = wc_AesSetKey(&enc, key, AES_BLOCK_SIZE, iv, AES_ENCRYPTION); if (ret != 0) - return -4202; + return -5402; #ifdef HAVE_AES_DECRYPT ret = wc_AesSetKey(&dec, key, AES_BLOCK_SIZE, iv, AES_DECRYPTION); if (ret != 0) - return -4203; + return -5403; #endif ret = wc_AesCbcEncrypt(&enc, cipher, msg, AES_BLOCK_SIZE); @@ -5511,20 +5806,20 @@ int aes_test(void) ret = wc_AsyncWait(ret, &enc.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (ret != 0) - return -4204; + return -5404; #ifdef HAVE_AES_DECRYPT ret = wc_AesCbcDecrypt(&dec, plain, cipher, AES_BLOCK_SIZE); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &dec.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (ret != 0) - return -4205; + return -5405; if (XMEMCMP(plain, msg, AES_BLOCK_SIZE)) - return -4206; + return -5406; #endif /* HAVE_AES_DECRYPT */ if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE)) - return -4207; + return -5407; #endif /* WOLFSSL_AES_128 */ #if defined(WOLFSSL_AESNI) && defined(HAVE_AES_DECRYPT) @@ -5596,27 +5891,27 @@ int aes_test(void) XMEMSET(bigPlain, 0, sizeof(bigPlain)); ret = wc_AesSetKey(&enc, bigKey, keySz, iv, AES_ENCRYPTION); if (ret != 0) - return -4208; + return -5408; ret = wc_AesSetKey(&dec, bigKey, keySz, iv, AES_DECRYPTION); if (ret != 0) - return -4209; + return -5409; ret = wc_AesCbcEncrypt(&enc, bigCipher, bigMsg, msgSz); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &enc.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (ret != 0) - return -4210; + return -5410; ret = wc_AesCbcDecrypt(&dec, bigPlain, bigCipher, msgSz); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &dec.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (ret != 0) - return -4211; + return -5411; if (XMEMCMP(bigPlain, bigMsg, msgSz)) - return -4212; + return -5412; } } } @@ -5655,16 +5950,16 @@ int aes_test(void) ret = wc_AesSetKey(&enc, key2, sizeof(key2), iv2, AES_ENCRYPTION); if (ret != 0) - return -5366; + return -5413; XMEMSET(cipher, 0, AES_BLOCK_SIZE * 2); ret = wc_AesCbcEncrypt(&enc, cipher, msg2, AES_BLOCK_SIZE); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &enc.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (ret != 0) - return -5367; + return -5414; if (XMEMCMP(cipher, verify2, AES_BLOCK_SIZE)) - return -5368; + return -5415; ret = wc_AesCbcEncrypt(&enc, cipher + AES_BLOCK_SIZE, msg2 + AES_BLOCK_SIZE, AES_BLOCK_SIZE); @@ -5672,24 +5967,24 @@ int aes_test(void) ret = wc_AsyncWait(ret, &enc.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (ret != 0) - return -5369; + return -5416; if (XMEMCMP(cipher + AES_BLOCK_SIZE, verify2 + AES_BLOCK_SIZE, AES_BLOCK_SIZE)) - return -5370; + return -5417; #if defined(HAVE_AES_DECRYPT) ret = wc_AesSetKey(&dec, key2, sizeof(key2), iv2, AES_DECRYPTION); if (ret != 0) - return -5371; + return -5418; XMEMSET(plain, 0, AES_BLOCK_SIZE * 2); ret = wc_AesCbcDecrypt(&dec, plain, verify2, AES_BLOCK_SIZE); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &dec.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (ret != 0) - return -5372; + return -5419; if (XMEMCMP(plain, msg2, AES_BLOCK_SIZE)) - return -5373; + return -5420; ret = wc_AesCbcDecrypt(&dec, plain + AES_BLOCK_SIZE, verify2 + AES_BLOCK_SIZE, AES_BLOCK_SIZE); @@ -5697,10 +5992,10 @@ int aes_test(void) ret = wc_AsyncWait(ret, &dec.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (ret != 0) - return -5374; + return -5421; if (XMEMCMP(plain + AES_BLOCK_SIZE, msg2 + AES_BLOCK_SIZE, AES_BLOCK_SIZE)) - return -5375; + return -5422; #endif /* HAVE_AES_DECRYPT */ } @@ -5807,17 +6102,17 @@ int aes_test(void) ret = wc_AesCtrEncrypt(&enc, cipher, ctrPlain, sizeof(ctrPlain)); if (ret != 0) { - return -4227; + return -5423; } ret = wc_AesCtrEncrypt(&dec, plain, cipher, sizeof(ctrPlain)); if (ret != 0) { - return -4228; + return -5424; } if (XMEMCMP(plain, ctrPlain, sizeof(ctrPlain))) - return -4213; + return -5425; if (XMEMCMP(cipher, ctr128Cipher, sizeof(ctr128Cipher))) - return -4214; + return -5426; /* let's try with just 9 bytes, non block size test */ wc_AesSetKeyDirect(&enc, ctr128Key, AES_BLOCK_SIZE, @@ -5828,34 +6123,34 @@ int aes_test(void) ret = wc_AesCtrEncrypt(&enc, cipher, ctrPlain, sizeof(oddCipher)); if (ret != 0) { - return -4229; + return -5427; } ret = wc_AesCtrEncrypt(&dec, plain, cipher, sizeof(oddCipher)); if (ret != 0) { - return -4230; + return -5428; } if (XMEMCMP(plain, ctrPlain, sizeof(oddCipher))) - return -4215; + return -5429; if (XMEMCMP(cipher, ctr128Cipher, sizeof(oddCipher))) - return -4216; + return -5430; /* and an additional 9 bytes to reuse tmp left buffer */ ret = wc_AesCtrEncrypt(&enc, cipher, ctrPlain, sizeof(oddCipher)); if (ret != 0) { - return -4231; + return -5431; } ret = wc_AesCtrEncrypt(&dec, plain, cipher, sizeof(oddCipher)); if (ret != 0) { - return -4232; + return -5432; } if (XMEMCMP(plain, ctrPlain, sizeof(oddCipher))) - return -4217; + return -5433; if (XMEMCMP(cipher, oddCipher, sizeof(oddCipher))) - return -4218; + return -5434; #endif /* WOLFSSL_AES_128 */ #ifdef WOLFSSL_AES_192 @@ -5869,18 +6164,18 @@ int aes_test(void) XMEMSET(plain, 0, sizeof(plain)); ret = wc_AesCtrEncrypt(&enc, plain, ctr192Cipher, sizeof(ctr192Cipher)); if (ret != 0) { - return -4233; + return -5435; } if (XMEMCMP(plain, ctrPlain, sizeof(ctr192Cipher))) - return -4219; + return -5436; ret = wc_AesCtrEncrypt(&dec, cipher, ctrPlain, sizeof(ctrPlain)); if (ret != 0) { - return -4234; + return -5437; } if (XMEMCMP(ctr192Cipher, cipher, sizeof(ctr192Cipher))) - return -4220; + return -5438; #endif /* WOLFSSL_AES_192 */ #ifdef WOLFSSL_AES_256 @@ -5894,18 +6189,18 @@ int aes_test(void) XMEMSET(plain, 0, sizeof(plain)); ret = wc_AesCtrEncrypt(&enc, plain, ctr256Cipher, sizeof(ctr256Cipher)); if (ret != 0) { - return -4235; + return -5439; } if (XMEMCMP(plain, ctrPlain, sizeof(ctrPlain))) - return -4221; + return -5440; ret = wc_AesCtrEncrypt(&dec, cipher, ctrPlain, sizeof(ctrPlain)); if (ret != 0) { - return -4236; + return -5441; } if (XMEMCMP(ctr256Cipher, cipher, sizeof(ctr256Cipher))) - return -4222; + return -5442; #endif /* WOLFSSL_AES_256 */ } #endif /* WOLFSSL_AES_COUNTER */ @@ -5935,18 +6230,18 @@ int aes_test(void) XMEMSET(cipher, 0, AES_BLOCK_SIZE); ret = wc_AesSetKey(&enc, niKey, sizeof(niKey), cipher, AES_ENCRYPTION); if (ret != 0) - return -4223; + return -5443; wc_AesEncryptDirect(&enc, cipher, niPlain); if (XMEMCMP(cipher, niCipher, AES_BLOCK_SIZE) != 0) - return -4224; + return -5444; XMEMSET(plain, 0, AES_BLOCK_SIZE); ret = wc_AesSetKey(&dec, niKey, sizeof(niKey), plain, AES_DECRYPTION); if (ret != 0) - return -4225; + return -5445; wc_AesDecryptDirect(&dec, plain, niCipher); if (XMEMCMP(plain, niPlain, AES_BLOCK_SIZE) != 0) - return -4226; + return -5446; } #endif /* WOLFSSL_AES_DIRECT && WOLFSSL_AES_256 */ @@ -6041,19 +6336,19 @@ int aes192_test(void) if (wc_AesInit(&enc, HEAP_HINT, devId) != 0) - return -4230; + return -5500; #ifdef HAVE_AES_DECRYPT if (wc_AesInit(&dec, HEAP_HINT, devId) != 0) - return -4231; + return -5501; #endif ret = wc_AesSetKey(&enc, key, (int) sizeof(key), iv, AES_ENCRYPTION); if (ret != 0) - return -4232; + return -5502; #ifdef HAVE_AES_DECRYPT ret = wc_AesSetKey(&dec, key, (int) sizeof(key), iv, AES_DECRYPTION); if (ret != 0) - return -4233; + return -5503; #endif ret = wc_AesCbcEncrypt(&enc, cipher, msg, (int) sizeof(msg)); @@ -6061,21 +6356,21 @@ int aes192_test(void) ret = wc_AsyncWait(ret, &enc.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (ret != 0) - return -4234; + return -5504; #ifdef HAVE_AES_DECRYPT ret = wc_AesCbcDecrypt(&dec, plain, cipher, (int) sizeof(cipher)); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &dec.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (ret != 0) - return -4235; + return -5505; if (XMEMCMP(plain, msg, (int) sizeof(plain))) { - return -4236; + return -5506; } #endif if (XMEMCMP(cipher, verify, (int) sizeof(cipher))) - return -4237; + return -5507; wc_AesFree(&enc); #ifdef HAVE_AES_DECRYPT @@ -6128,19 +6423,19 @@ int aes256_test(void) if (wc_AesInit(&enc, HEAP_HINT, devId) != 0) - return -4240; + return -5600; #ifdef HAVE_AES_DECRYPT if (wc_AesInit(&dec, HEAP_HINT, devId) != 0) - return -4241; + return -5601; #endif ret = wc_AesSetKey(&enc, key, (int) sizeof(key), iv, AES_ENCRYPTION); if (ret != 0) - return -4242; + return -5602; #ifdef HAVE_AES_DECRYPT ret = wc_AesSetKey(&dec, key, (int) sizeof(key), iv, AES_DECRYPTION); if (ret != 0) - return -4243; + return -5603; #endif ret = wc_AesCbcEncrypt(&enc, cipher, msg, (int) sizeof(msg)); @@ -6148,21 +6443,21 @@ int aes256_test(void) ret = wc_AsyncWait(ret, &enc.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (ret != 0) - return -4244; + return -5604; #ifdef HAVE_AES_DECRYPT ret = wc_AesCbcDecrypt(&dec, plain, cipher, (int) sizeof(cipher)); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &dec.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (ret != 0) - return -4245; + return -5605; if (XMEMCMP(plain, msg, (int) sizeof(plain))) { - return -4246; + return -5606; } #endif if (XMEMCMP(cipher, verify, (int) sizeof(cipher))) - return -4247; + return -5607; wc_AesFree(&enc); #ifdef HAVE_AES_DECRYPT @@ -6353,13 +6648,13 @@ int aesgcm_test(void) XMEMSET(resultP, 0, sizeof(resultP)); if (wc_AesInit(&enc, HEAP_HINT, devId) != 0) { - return -4300; + return -5700; } #ifdef WOLFSSL_AES_256 result = wc_AesGcmSetKey(&enc, k1, sizeof(k1)); if (result != 0) - return -4301; + return -5701; /* AES-GCM encrypt and decrypt both use AES encrypt internally */ result = wc_AesGcmEncrypt(&enc, resultC, p, sizeof(p), iv1, sizeof(iv1), @@ -6368,11 +6663,11 @@ int aesgcm_test(void) result = wc_AsyncWait(result, &enc.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (result != 0) - return -4302; + return -5702; if (XMEMCMP(c1, resultC, sizeof(resultC))) - return -4303; + return -5703; if (XMEMCMP(t1, resultT, sizeof(resultT))) - return -4304; + return -5704; #ifdef HAVE_AES_DECRYPT result = wc_AesGcmDecrypt(&enc, resultP, resultC, sizeof(resultC), @@ -6381,9 +6676,9 @@ int aesgcm_test(void) result = wc_AsyncWait(result, &enc.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (result != 0) - return -4305; + return -5705; if (XMEMCMP(p, resultP, sizeof(resultP))) - return -4306; + return -5706; #endif /* HAVE_AES_DECRYPT */ /* Large buffer test */ @@ -6400,7 +6695,7 @@ int aesgcm_test(void) result = wc_AsyncWait(result, &enc.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (result != 0) - return -4307; + return -5707; #ifdef HAVE_AES_DECRYPT result = wc_AesGcmDecrypt(&enc, large_outdec, large_output, @@ -6410,9 +6705,9 @@ int aesgcm_test(void) result = wc_AsyncWait(result, &enc.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (result != 0) - return -4308; + return -5708; if (XMEMCMP(large_input, large_outdec, BENCH_AESGCM_LARGE)) - return -4309; + return -5709; #endif /* HAVE_AES_DECRYPT */ #endif /* BENCH_AESGCM_LARGE */ #ifdef ENABLE_NON_12BYTE_IV_TEST @@ -6425,7 +6720,7 @@ int aesgcm_test(void) result = wc_AsyncWait(result, &enc.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (result != 0) - return -4310; + return -5710; #ifdef HAVE_AES_DECRYPT result = wc_AesGcmDecrypt(&enc, resultP, resultC, sizeof(resultC), k1, (word32)ivlen, resultT, sizeof(resultT), a, sizeof(a)); @@ -6433,7 +6728,7 @@ int aesgcm_test(void) result = wc_AsyncWait(result, &enc.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (result != 0) - return -4311; + return -5711; #endif /* HAVE_AES_DECRYPT */ } #endif @@ -6447,7 +6742,7 @@ int aesgcm_test(void) result = wc_AsyncWait(result, &enc.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (result != 0) - return -4312; + return -5712; #ifdef HAVE_AES_DECRYPT result = wc_AesGcmDecrypt(&enc, resultP, resultC, sizeof(resultC), iv1, sizeof(iv1), resultT, sizeof(resultT), p, (word32)alen); @@ -6455,7 +6750,7 @@ int aesgcm_test(void) result = wc_AsyncWait(result, &enc.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (result != 0) - return -4313; + return -5713; #endif /* HAVE_AES_DECRYPT */ } @@ -6470,7 +6765,7 @@ int aesgcm_test(void) result = wc_AsyncWait(result, &enc.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (result != 0) - return -4314; + return -5714; #ifdef HAVE_AES_DECRYPT result = wc_AesGcmDecrypt(&enc, large_outdec, large_output, @@ -6480,7 +6775,7 @@ int aesgcm_test(void) result = wc_AsyncWait(result, &enc.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (result != 0) - return -4315; + return -5715; #endif /* HAVE_AES_DECRYPT */ } #else @@ -6493,7 +6788,7 @@ int aesgcm_test(void) result = wc_AsyncWait(result, &enc.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (result != 0) - return -4314; + return -5716; #ifdef HAVE_AES_DECRYPT result = wc_AesGcmDecrypt(&enc, resultP, resultC, (word32)plen, iv1, sizeof(iv1), resultT, sizeof(resultT), a, sizeof(a)); @@ -6501,7 +6796,7 @@ int aesgcm_test(void) result = wc_AsyncWait(result, &enc.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (result != 0) - return -4315; + return -5717; #endif /* HAVE_AES_DECRYPT */ } #endif /* BENCH_AESGCM_LARGE */ @@ -6522,11 +6817,11 @@ int aesgcm_test(void) result = wc_AsyncWait(result, &enc.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (result != 0) - return -4316; + return -5718; if (XMEMCMP(c2, resultC, sizeof(resultC))) - return -4317; + return -5719; if (XMEMCMP(t2, resultT, sizeof(resultT))) - return -4318; + return -5720; #ifdef HAVE_AES_DECRYPT result = wc_AesGcmDecrypt(&enc, resultP, resultC, sizeof(resultC), @@ -6535,9 +6830,9 @@ int aesgcm_test(void) result = wc_AsyncWait(result, &enc.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (result != 0) - return -4319; + return -5721; if (XMEMCMP(p, resultP, sizeof(resultP))) - return -4320; + return -5722; #endif /* HAVE_AES_DECRYPT */ XMEMSET(resultT, 0, sizeof(resultT)); @@ -6553,11 +6848,11 @@ int aesgcm_test(void) result = wc_AsyncWait(result, &enc.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (result != 0) - return -8209; + return -5723; if (XMEMCMP(c3, resultC, sizeof(c3))) - return -8210; + return -5724; if (XMEMCMP(t3, resultT, sizeof(t3))) - return -8211; + return -5725; #ifdef HAVE_AES_DECRYPT result = wc_AesGcmDecrypt(&enc, resultP, resultC, sizeof(c3), @@ -6566,9 +6861,9 @@ int aesgcm_test(void) result = wc_AsyncWait(result, &enc.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (result != 0) - return -8212; + return -5726; if (XMEMCMP(p3, resultP, sizeof(p3))) - return -8213; + return -5727; #endif /* HAVE_AES_DECRYPT */ #endif /* WOLFSSL_AES_128 */ #endif /* ENABLE_NON_12BYTE_IV_TEST */ @@ -6586,11 +6881,11 @@ int aesgcm_test(void) result = wc_AsyncWait(result, &enc.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (result != 0) - return -4321; + return -5728; if (XMEMCMP(c1, resultC, sizeof(resultC))) - return -4322; + return -5729; if (XMEMCMP(t1, resultT + 1, sizeof(resultT) - 1)) - return -4323; + return -5730; #ifdef HAVE_AES_DECRYPT result = wc_AesGcmDecrypt(&enc, resultP, resultC, sizeof(resultC), @@ -6599,9 +6894,9 @@ int aesgcm_test(void) result = wc_AsyncWait(result, &enc.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (result != 0) - return -4324; + return -5731; if (XMEMCMP(p, resultP, sizeof(resultP))) - return -4325; + return -5732; #endif /* HAVE_AES_DECRYPT */ #endif /* WOLFSSL_AES_256 */ wc_AesFree(&enc); @@ -6663,13 +6958,13 @@ int gmac_test(void) wc_GmacSetKey(&gmac, k1, sizeof(k1)); wc_GmacUpdate(&gmac, iv1, sizeof(iv1), a1, sizeof(a1), tag, sizeof(t1)); if (XMEMCMP(t1, tag, sizeof(t1)) != 0) - return -4400; + return -5800; XMEMSET(tag, 0, sizeof(tag)); wc_GmacSetKey(&gmac, k2, sizeof(k2)); wc_GmacUpdate(&gmac, iv2, sizeof(iv2), a2, sizeof(a2), tag, sizeof(t2)); if (XMEMCMP(t2, tag, sizeof(t2)) != 0) - return -4401; + return -5801; return 0; } @@ -6733,37 +7028,37 @@ int aesccm_test(void) result = wc_AesCcmSetKey(&enc, k, sizeof(k)); if (result != 0) - return -4500; + return -5900; /* AES-CCM encrypt and decrypt both use AES encrypt internally */ result = wc_AesCcmEncrypt(&enc, c2, p, sizeof(c2), iv, sizeof(iv), t2, sizeof(t2), a, sizeof(a)); if (result != 0) - return -4501; + return -5901; if (XMEMCMP(c, c2, sizeof(c2))) - return -4502; + return -5902; if (XMEMCMP(t, t2, sizeof(t2))) - return -4503; + return -5903; result = wc_AesCcmDecrypt(&enc, p2, c2, sizeof(p2), iv, sizeof(iv), t2, sizeof(t2), a, sizeof(a)); if (result != 0) - return -4504; + return -5904; if (XMEMCMP(p, p2, sizeof(p2))) - return -4505; + return -5905; /* Test the authentication failure */ t2[0]++; /* Corrupt the authentication tag. */ result = wc_AesCcmDecrypt(&enc, p2, c, sizeof(p2), iv, sizeof(iv), t2, sizeof(t2), a, sizeof(a)); if (result == 0) - return -4506; + return -5906; /* Clear c2 to compare against p2. p2 should be set to zero in case of * authentication fail. */ XMEMSET(c2, 0, sizeof(c2)); if (XMEMCMP(p2, c2, sizeof(p2))) - return -4507; + return -5907; return 0; } @@ -6952,20 +7247,20 @@ int aeskeywrap_test(void) output, sizeof(output), NULL); if ( (wrapSz < 0) || (wrapSz != (int)test_wrap[i].verifyLen) ) - return -4600; + return -6000; if (XMEMCMP(output, test_wrap[i].verify, test_wrap[i].verifyLen) != 0) - return -4601; + return -6001; plainSz = wc_AesKeyUnWrap((byte*)test_wrap[i].kek, test_wrap[i].kekLen, output, wrapSz, plain, sizeof(plain), NULL); if ( (plainSz < 0) || (plainSz != (int)test_wrap[i].dataLen) ) - return -4602; + return -6002; if (XMEMCMP(plain, test_wrap[i].data, test_wrap[i].dataLen) != 0) - return -4610 - i; + return -6003 - i; } return 0; @@ -7158,24 +7453,24 @@ int camellia_test(void) /* Setting the IV and checking it was actually set. */ ret = wc_CamelliaSetIV(&cam, ivc); if (ret != 0 || XMEMCMP(cam.reg, ivc, CAMELLIA_BLOCK_SIZE)) - return -4700; + return -6100; /* Setting the IV to NULL should be same as all zeros IV */ if (wc_CamelliaSetIV(&cam, NULL) != 0 || XMEMCMP(cam.reg, ive, CAMELLIA_BLOCK_SIZE)) - return -4701; + return -6101; /* First parameter should never be null */ if (wc_CamelliaSetIV(NULL, NULL) == 0) - return -4702; + return -6102; /* First parameter should never be null, check it fails */ if (wc_CamelliaSetKey(NULL, k1, sizeof(k1), NULL) == 0) - return -4703; + return -6103; /* Key should have a size of 16, 24, or 32 */ if (wc_CamelliaSetKey(&cam, k1, 0, NULL) == 0) - return -4704; + return -6104; return 0; } @@ -7252,14 +7547,14 @@ int idea_test(void) NULL, IDEA_ENCRYPTION); if (ret != 0) { printf("wc_IdeaSetKey (enc) failed\n"); - return -4800; + return -6200; } /* Data encryption */ ret = wc_IdeaCipher(&idea, data, v1_plain[i]); if (ret != 0 || XMEMCMP(&v1_cipher[i], data, IDEA_BLOCK_SIZE)) { printf("Bad encryption\n"); - return -4801; + return -6201; } /* Set decryption key */ @@ -7268,14 +7563,14 @@ int idea_test(void) NULL, IDEA_DECRYPTION); if (ret != 0) { printf("wc_IdeaSetKey (dec) failed\n"); - return -4802; + return -6202; } /* Data decryption */ ret = wc_IdeaCipher(&idea, data, data); if (ret != 0 || XMEMCMP(v1_plain[i], data, IDEA_BLOCK_SIZE)) { printf("Bad decryption\n"); - return -4803; + return -6203; } /* Set encryption key */ @@ -7284,7 +7579,7 @@ int idea_test(void) v_key[i], IDEA_ENCRYPTION); if (ret != 0) { printf("wc_IdeaSetKey (enc) failed\n"); - return -4804; + return -6204; } XMEMSET(msg_enc, 0, sizeof(msg_enc)); @@ -7292,7 +7587,7 @@ int idea_test(void) (word32)XSTRLEN(message)+1); if (ret != 0) { printf("wc_IdeaCbcEncrypt failed\n"); - return -4805; + return -6205; } /* Set decryption key */ @@ -7301,7 +7596,7 @@ int idea_test(void) v_key[i], IDEA_DECRYPTION); if (ret != 0) { printf("wc_IdeaSetKey (dec) failed\n"); - return -4806; + return -6206; } XMEMSET(msg_dec, 0, sizeof(msg_dec)); @@ -7309,12 +7604,12 @@ int idea_test(void) (word32)XSTRLEN(message)+1); if (ret != 0) { printf("wc_IdeaCbcDecrypt failed\n"); - return -4807; + return -6207; } if (XMEMCMP(message, msg_dec, (word32)XSTRLEN(message))) { printf("Bad CBC decryption\n"); - return -4808; + return -6208; } } @@ -7325,7 +7620,7 @@ int idea_test(void) NULL, IDEA_ENCRYPTION); if (ret != 0) { printf("wc_IdeaSetKey (enc) failed\n"); - return -4809; + return -6209; } /* 100 times data encryption */ @@ -7333,13 +7628,13 @@ int idea_test(void) for (j = 0; j < 100; j++) { ret = wc_IdeaCipher(&idea, data, data); if (ret != 0) { - return -4821; + return -6210; } } if (XMEMCMP(v1_cipher_100[i], data, IDEA_BLOCK_SIZE)) { printf("Bad encryption (100 times)\n"); - return -4810; + return -6211; } /* 1000 times data encryption */ @@ -7347,13 +7642,13 @@ int idea_test(void) for (j = 0; j < 1000; j++) { ret = wc_IdeaCipher(&idea, data, data); if (ret != 0) { - return -4822; + return -6212; } } if (XMEMCMP(v1_cipher_1000[i], data, IDEA_BLOCK_SIZE)) { printf("Bad encryption (100 times)\n"); - return -4811; + return -6213; } } @@ -7371,30 +7666,30 @@ int idea_test(void) ret = wc_InitRng(&rng); #endif if (ret != 0) - return -4812; + return -6214; for (i = 0; i < 1000; i++) { /* random key */ ret = wc_RNG_GenerateBlock(&rng, key, sizeof(key)); if (ret != 0) - return -4813; + return -6215; /* random iv */ ret = wc_RNG_GenerateBlock(&rng, iv, sizeof(iv)); if (ret != 0) - return -4814; + return -6216; /* random data */ ret = wc_RNG_GenerateBlock(&rng, rnd, sizeof(rnd)); if (ret != 0) - return -4815; + return -6217; /* Set encryption key */ XMEMSET(&idea, 0, sizeof(Idea)); ret = wc_IdeaSetKey(&idea, key, IDEA_KEY_SIZE, iv, IDEA_ENCRYPTION); if (ret != 0) { printf("wc_IdeaSetKey (enc) failed\n"); - return -4816; + return -6218; } /* Data encryption */ @@ -7402,7 +7697,7 @@ int idea_test(void) ret = wc_IdeaCbcEncrypt(&idea, enc, rnd, sizeof(rnd)); if (ret != 0) { printf("wc_IdeaCbcEncrypt failed\n"); - return -4817; + return -6219; } /* Set decryption key */ @@ -7410,7 +7705,7 @@ int idea_test(void) ret = wc_IdeaSetKey(&idea, key, IDEA_KEY_SIZE, iv, IDEA_DECRYPTION); if (ret != 0) { printf("wc_IdeaSetKey (enc) failed\n"); - return -4818; + return -6220; } /* Data decryption */ @@ -7418,12 +7713,12 @@ int idea_test(void) ret = wc_IdeaCbcDecrypt(&idea, dec, enc, sizeof(enc)); if (ret != 0) { printf("wc_IdeaCbcDecrypt failed\n"); - return -4819; + return -6221; } if (XMEMCMP(rnd, dec, sizeof(rnd))) { printf("Bad CBC decryption\n"); - return -4820; + return -6222; } } @@ -7448,13 +7743,13 @@ static int random_rng_test(void) #else ret = wc_InitRng(&rng); #endif - if (ret != 0) return -4900; + if (ret != 0) return -6300; XMEMSET(block, 0, sizeof(block)); ret = wc_RNG_GenerateBlock(&rng, block, sizeof(block)); if (ret != 0) { - ret = -4901; + ret = -6301; goto exit; } @@ -7466,16 +7761,40 @@ static int random_rng_test(void) } /* All zeros count check */ if (ret >= (int)sizeof(block)) { - ret = -4902; + ret = -6302; goto exit; } ret = wc_RNG_GenerateByte(&rng, block); if (ret != 0) { - ret = -4903; + ret = -6303; goto exit; } + /* Parameter validation testing. */ + ret = wc_RNG_GenerateBlock(NULL, block, sizeof(block)); + if (ret != BAD_FUNC_ARG) { + ret = -6304; + goto exit; + } + ret = wc_RNG_GenerateBlock(&rng, NULL, sizeof(block)); + if (ret != BAD_FUNC_ARG) { + ret = -6305; + goto exit; + } + + ret = wc_RNG_GenerateByte(NULL, block); + if (ret != BAD_FUNC_ARG) { + ret = -6306; + goto exit; + } + ret = wc_RNG_GenerateByte(&rng, NULL); + if (ret != BAD_FUNC_ARG) { + ret = -6307; + goto exit; + } + + ret = 0; exit: /* Make sure and free RNG */ wc_FreeRng(&rng); @@ -7542,23 +7861,23 @@ int random_test(void) ret = wc_RNG_HealthTest(0, test1Entropy, sizeof(test1Entropy), NULL, 0, output, sizeof(output)); if (ret != 0) - return -5000; + return -6400; if (XMEMCMP(test1Output, output, sizeof(output)) != 0) - return -5001; + return -6401; ret = wc_RNG_HealthTest(1, test2EntropyA, sizeof(test2EntropyA), test2EntropyB, sizeof(test2EntropyB), output, sizeof(output)); if (ret != 0) - return -5002; + return -6402; if (XMEMCMP(test2Output, output, sizeof(output)) != 0) - return -5003; + return -6403; /* Basic RNG generate block test */ - if (random_rng_test() != 0) - return -5004; + if ((ret = random_rng_test()) != 0) + return ret; return 0; } @@ -7589,84 +7908,84 @@ int memory_test(void) /* check macro settings */ if (sizeof(size)/sizeof(word32) != WOLFMEM_MAX_BUCKETS) { - return -5100; + return -6500; } if (sizeof(dist)/sizeof(word32) != WOLFMEM_MAX_BUCKETS) { - return -5101; + return -6501; } for (i = 0; i < WOLFMEM_MAX_BUCKETS; i++) { if ((size[i] % WOLFSSL_STATIC_ALIGN) != 0) { /* each element in array should be divisable by alignment size */ - return -5102; + return -6502; } } for (i = 1; i < WOLFMEM_MAX_BUCKETS; i++) { if (size[i - 1] >= size[i]) { - return -5103; /* sizes should be in increasing order */ + return -6503; /* sizes should be in increasing order */ } } /* check that padding size returned is possible */ if (wolfSSL_MemoryPaddingSz() < WOLFSSL_STATIC_ALIGN) { - return -5104; /* no room for wc_Memory struct */ + return -6504; /* no room for wc_Memory struct */ } if (wolfSSL_MemoryPaddingSz() < 0) { - return -5105; + return -6505; } if (wolfSSL_MemoryPaddingSz() % WOLFSSL_STATIC_ALIGN != 0) { - return -5106; /* not aligned! */ + return -6506; /* not aligned! */ } /* check function to return optimum buffer size (rounded down) */ ret = wolfSSL_StaticBufferSz(buffer, sizeof(buffer), WOLFMEM_GENERAL); if ((ret - pad) % WOLFSSL_STATIC_ALIGN != 0) { - return -5107; /* not aligned! */ + return -6507; /* not aligned! */ } if (ret < 0) { - return -5108; + return -6508; } if ((unsigned int)ret > sizeof(buffer)) { - return -5109; /* did not round down as expected */ + return -6509; /* did not round down as expected */ } if (ret != wolfSSL_StaticBufferSz(buffer, ret, WOLFMEM_GENERAL)) { - return -5110; /* retrun value changed when using suggested value */ + return -6510; /* retrun value changed when using suggested value */ } ret = wolfSSL_MemoryPaddingSz(); ret += pad; /* add space that is going to be needed if buffer not aligned */ if (wolfSSL_StaticBufferSz(buffer, size[0] + ret + 1, WOLFMEM_GENERAL) != (ret + (int)size[0])) { - return -5111; /* did not round down to nearest bucket value */ + return -6511; /* did not round down to nearest bucket value */ } ret = wolfSSL_StaticBufferSz(buffer, sizeof(buffer), WOLFMEM_IO_POOL); if ((ret - pad) < 0) { - return -5112; + return -6512; } if (((ret - pad) % (WOLFMEM_IO_SZ + wolfSSL_MemoryPaddingSz())) != 0) { - return -5113; /* not even chunks of memory for IO size */ + return -6513; /* not even chunks of memory for IO size */ } if (((ret - pad) % WOLFSSL_STATIC_ALIGN) != 0) { - return -5114; /* memory not aligned */ + return -6514; /* memory not aligned */ } /* check for passing bad or unknown argments to functions */ if (wolfSSL_StaticBufferSz(NULL, 1, WOLFMEM_GENERAL) > 0) { - return -5115; + return -6515; } if (wolfSSL_StaticBufferSz(buffer, 1, WOLFMEM_GENERAL) != 0) { - return -5116; /* should round to 0 since struct + bucket will not fit */ + return -6516; /* should round to 0 since struct + bucket will not fit */ } (void)dist; /* avoid static analysis warning of variable not used */ @@ -7908,7 +8227,7 @@ int cert_test(void) tmp = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (tmp == NULL) - return -5200; + return -6600; /* Certificate with Name Constraints extension. */ #ifdef FREESCALE_MQX @@ -7917,14 +8236,14 @@ int cert_test(void) file = fopen("./certs/test/cert-ext-nc.der", "rb"); #endif if (!file) { - ERROR_OUT(-5201, done); + ERROR_OUT(-6601, done); } bytes = fread(tmp, 1, FOURK_BUF, file); fclose(file); InitDecodedCert(&cert, tmp, (word32)bytes, 0); ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, NULL); if (ret != 0) { - ERROR_OUT(-5202, done); + ERROR_OUT(-6602, done); } FreeDecodedCert(&cert); @@ -7935,14 +8254,14 @@ int cert_test(void) file = fopen("./certs/test/cert-ext-ia.der", "rb"); #endif if (!file) { - ERROR_OUT(-5203, done); + ERROR_OUT(-6603, done); } bytes = fread(tmp, 1, FOURK_BUF, file); fclose(file); InitDecodedCert(&cert, tmp, (word32)bytes, 0); ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, NULL); if (ret != 0) { - ERROR_OUT(-5204, done); + ERROR_OUT(-6604, done); } done: @@ -7989,13 +8308,13 @@ int certext_test(void) tmp = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (tmp == NULL) - return -5300; + return -6700; /* load othercert.der (Cert signed by an authority) */ file = fopen(otherCertDerFile, "rb"); if (!file) { XFREE(tmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); - return -5301; + return -6701; } bytes = fread(tmp, 1, FOURK_BUF, file); @@ -8005,34 +8324,34 @@ int certext_test(void) ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, 0); if (ret != 0) - return -5302; + return -6702; /* check the SKID from a RSA certificate */ if (XMEMCMP(skid_rsa, cert.extSubjKeyId, sizeof(cert.extSubjKeyId))) - return -5303; + return -6703; /* check the AKID from an RSA certificate */ if (XMEMCMP(akid_rsa, cert.extAuthKeyId, sizeof(cert.extAuthKeyId))) - return -5304; + return -6704; /* check the Key Usage from an RSA certificate */ if (!cert.extKeyUsageSet) - return -5305; + return -6705; if (cert.extKeyUsage != (KEYUSE_KEY_ENCIPHER|KEYUSE_KEY_AGREE)) - return -5306; + return -6706; /* check the CA Basic Constraints from an RSA certificate */ if (cert.isCA) - return -5307; + return -6707; #ifndef WOLFSSL_SEP /* test only if not using SEP policies */ /* check the Certificate Policies Id */ if (cert.extCertPoliciesNb != 1) - return -5308; + return -6708; if (strncmp(cert.extCertPolicies[0], "2.16.840.1.101.3.4.1.42", 23)) - return -5309; + return -6709; #endif FreeDecodedCert(&cert); @@ -8042,7 +8361,7 @@ int certext_test(void) file = fopen(certEccDerFile, "rb"); if (!file) { XFREE(tmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); - return -5310; + return -6710; } bytes = fread(tmp, 1, FOURK_BUF, file); @@ -8052,35 +8371,35 @@ int certext_test(void) ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, 0); if (ret != 0) - return -5311; + return -6711; /* check the SKID from a ECC certificate - generated dynamically */ /* check the AKID from an ECC certificate */ if (XMEMCMP(akid_ecc, cert.extAuthKeyId, sizeof(cert.extAuthKeyId))) - return -5313; + return -6712; /* check the Key Usage from an ECC certificate */ if (!cert.extKeyUsageSet) - return -5314; + return -6713; if (cert.extKeyUsage != (KEYUSE_DIGITAL_SIG|KEYUSE_CONTENT_COMMIT)) - return -5315; + return -6714; /* check the CA Basic Constraints from an ECC certificate */ if (cert.isCA) - return -5316; + return -6715; #ifndef WOLFSSL_SEP /* test only if not using SEP policies */ /* check the Certificate Policies Id */ if (cert.extCertPoliciesNb != 2) - return -5317; + return -6716; if (strncmp(cert.extCertPolicies[0], "2.4.589440.587.101.2.1.9632587.1", 32)) - return -5318; + return -6717; if (strncmp(cert.extCertPolicies[1], "1.2.13025.489.1.113549", 22)) - return -5319; + return -6718; #endif FreeDecodedCert(&cert); @@ -8090,7 +8409,7 @@ int certext_test(void) file = fopen(certDerFile, "rb"); if (!file) { XFREE(tmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); - return -5320; + return -6719; } bytes = fread(tmp, 1, FOURK_BUF, file); @@ -8100,37 +8419,37 @@ int certext_test(void) ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, 0); if (ret != 0) - return -5321; + return -6720; /* check the SKID from a CA certificate */ if (XMEMCMP(kid_ca, cert.extSubjKeyId, sizeof(cert.extSubjKeyId))) - return -5322; + return -6721; /* check the AKID from an CA certificate */ if (XMEMCMP(kid_ca, cert.extAuthKeyId, sizeof(cert.extAuthKeyId))) - return -5323; + return -6722; /* check the Key Usage from CA certificate */ if (!cert.extKeyUsageSet) - return -5324; + return -6723; if (cert.extKeyUsage != (KEYUSE_KEY_CERT_SIGN|KEYUSE_CRL_SIGN)) - return -5325; + return -6724; /* check the CA Basic Constraints CA certificate */ if (!cert.isCA) - return -5326; + return -6725; #ifndef WOLFSSL_SEP /* test only if not using SEP policies */ /* check the Certificate Policies Id */ if (cert.extCertPoliciesNb != 2) - return -5327; + return -6726; if (strncmp(cert.extCertPolicies[0], "2.16.840.1.101.3.4.1.42", 23)) - return -5328; + return -6727; if (strncmp(cert.extCertPolicies[1], "1.2.840.113549.1.9.16.6.5", 25)) - return -5329; + return -6728; #endif FreeDecodedCert(&cert); @@ -8158,7 +8477,7 @@ static int rsa_flatten_test(RsaKey* key) #else if (ret != BAD_FUNC_ARG) #endif - return -5330; + return -6729; ret = wc_RsaFlattenPublicKey(key, NULL, &eSz, n, &nSz); #ifdef HAVE_USER_RSA /* Implementation using IPP Libraries returns: @@ -8168,7 +8487,7 @@ static int rsa_flatten_test(RsaKey* key) #else if (ret != BAD_FUNC_ARG) #endif - return -5331; + return -6730; ret = wc_RsaFlattenPublicKey(key, e, NULL, n, &nSz); #ifdef HAVE_USER_RSA /* Implementation using IPP Libraries returns: @@ -8178,7 +8497,7 @@ static int rsa_flatten_test(RsaKey* key) #else if (ret != BAD_FUNC_ARG) #endif - return -5332; + return -6731; ret = wc_RsaFlattenPublicKey(key, e, &eSz, NULL, &nSz); #ifdef HAVE_USER_RSA /* Implementation using IPP Libraries returns: @@ -8188,7 +8507,7 @@ static int rsa_flatten_test(RsaKey* key) #else if (ret != BAD_FUNC_ARG) #endif - return -5333; + return -6732; ret = wc_RsaFlattenPublicKey(key, e, &eSz, n, NULL); #ifdef HAVE_USER_RSA /* Implementation using IPP Libraries returns: @@ -8198,10 +8517,10 @@ static int rsa_flatten_test(RsaKey* key) #else if (ret != BAD_FUNC_ARG) #endif - return -5334; + return -6733; ret = wc_RsaFlattenPublicKey(key, e, &eSz, n, &nSz); if (ret != 0) - return -5335; + return -6734; eSz = 0; ret = wc_RsaFlattenPublicKey(key, e, &eSz, n, &nSz); #ifdef HAVE_USER_RSA @@ -8215,7 +8534,7 @@ static int rsa_flatten_test(RsaKey* key) #else if (ret != RSA_BUFFER_E) #endif - return -5336; + return -6735; eSz = sizeof(e); nSz = 0; ret = wc_RsaFlattenPublicKey(key, e, &eSz, n, &nSz); @@ -8227,11 +8546,85 @@ static int rsa_flatten_test(RsaKey* key) #else if (ret != RSA_BUFFER_E) #endif - return -5337; + return -6736; return 0; } +#if !defined(HAVE_FIPS) && !defined(HAVE_USER_RSA) +static int rsa_export_key_test(RsaKey* key) +{ + int ret; + byte e[3]; + word32 eSz = sizeof(e); + byte n[256]; + word32 nSz = sizeof(n); + byte d[256]; + word32 dSz = sizeof(d); + byte p[128]; + word32 pSz = sizeof(p); + byte q[128]; + word32 qSz = sizeof(q); + word32 zero = 0; + + ret = wc_RsaExportKey(NULL, e, &eSz, n, &nSz, d, &dSz, p, &pSz, q, &qSz); + if (ret != BAD_FUNC_ARG) + return -6737; + ret = wc_RsaExportKey(key, NULL, &eSz, n, &nSz, d, &dSz, p, &pSz, q, &qSz); + if (ret != BAD_FUNC_ARG) + return -6738; + ret = wc_RsaExportKey(key, e, NULL, n, &nSz, d, &dSz, p, &pSz, q, &qSz); + if (ret != BAD_FUNC_ARG) + return -6739; + ret = wc_RsaExportKey(key, e, &eSz, NULL, &nSz, d, &dSz, p, &pSz, q, &qSz); + if (ret != BAD_FUNC_ARG) + return -6740; + ret = wc_RsaExportKey(key, e, &eSz, n, NULL, d, &dSz, p, &pSz, q, &qSz); + if (ret != BAD_FUNC_ARG) + return -6741; + ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, NULL, &dSz, p, &pSz, q, &qSz); + if (ret != BAD_FUNC_ARG) + return -6742; + ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, NULL, p, &pSz, q, &qSz); + if (ret != BAD_FUNC_ARG) + return -6743; + ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, NULL, &pSz, q, &qSz); + if (ret != BAD_FUNC_ARG) + return -6744; + ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, NULL, q, &qSz); + if (ret != BAD_FUNC_ARG) + return -6745; + ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, &pSz, NULL, &qSz); + if (ret != BAD_FUNC_ARG) + return -6746; + ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, &pSz, q, NULL); + if (ret != BAD_FUNC_ARG) + return -6747; + + ret = wc_RsaExportKey(key, e, &zero, n, &nSz, d, &dSz, p, &pSz, q, &qSz); + if (ret != RSA_BUFFER_E) + return -6748; + ret = wc_RsaExportKey(key, e, &eSz, n, &zero, d, &dSz, p, &pSz, q, &qSz); + if (ret != RSA_BUFFER_E) + return -6749; + ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &zero, p, &pSz, q, &qSz); + if (ret != RSA_BUFFER_E) + return -6750; + ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, &zero, q, &qSz); + if (ret != RSA_BUFFER_E) + return -6751; + ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, &pSz, q, &zero); + if (ret != RSA_BUFFER_E) + return -6752; + + ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, &pSz, q, &qSz); + if (ret != 0) + return -6753; + + return 0; +} +#endif /* !HAVE_FIPS */ + #ifndef NO_SIG_WRAPPER static int rsa_sig_test(RsaKey* key, word32 keyLen, int modLen, WC_RNG* rng) { @@ -8260,36 +8653,36 @@ static int rsa_sig_test(RsaKey* key, word32 keyLen, int modLen, WC_RNG* rng) /* Parameter Validation testing. */ ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_NONE, key, keyLen); if (ret != BAD_FUNC_ARG) - return -5338; + return -6754; ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_RSA, key, 0); if (ret != BAD_FUNC_ARG) - return -5339; + return -6755; sigSz = (word32)modLen; ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, NULL, inLen, out, &sigSz, key, keyLen, rng); if (ret != BAD_FUNC_ARG) - return -5340; + return -6756; ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, 0, out, &sigSz, key, keyLen, rng); if (ret != BAD_FUNC_ARG) - return -5341; + return -6757; ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, inLen, NULL, &sigSz, key, keyLen, rng); if (ret != BAD_FUNC_ARG) - return -5342; + return -6758; ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, inLen, out, NULL, key, keyLen, rng); if (ret != BAD_FUNC_ARG) - return -5343; + return -6759; ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, inLen, out, &sigSz, NULL, keyLen, rng); if (ret != BAD_FUNC_ARG) - return -5344; + return -6760; ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, inLen, out, &sigSz, key, 0, rng); if (ret != BAD_FUNC_ARG) - return -5345; + return -6761; ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, inLen, out, &sigSz, key, keyLen, NULL); #ifdef HAVE_USER_RSA @@ -8307,79 +8700,79 @@ static int rsa_sig_test(RsaKey* key, word32 keyLen, int modLen, WC_RNG* rng) #else if (ret != MISSING_RNG_E) #endif - return -5346; + return -6762; sigSz = 0; ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, inLen, out, &sigSz, key, keyLen, rng); if (ret != BAD_FUNC_ARG) - return -5347; + return -6763; ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, NULL, inLen, out, (word32)modLen, key, keyLen); if (ret != BAD_FUNC_ARG) - return -5348; + return -6764; ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, 0, out, (word32)modLen, key, keyLen); if (ret != BAD_FUNC_ARG) - return -5349; + return -6765; ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, inLen, NULL, (word32)modLen, key, keyLen); if (ret != BAD_FUNC_ARG) - return -5350; + return -6766; ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, inLen, out, 0, key, keyLen); if (ret != BAD_FUNC_ARG) - return -5351; + return -6767; ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, inLen, out, (word32)modLen, NULL, keyLen); if (ret != BAD_FUNC_ARG) - return -5352; + return -6768; ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, inLen, out, (word32)modLen, key, 0); if (ret != BAD_FUNC_ARG) - return -5353; + return -6769; #ifndef HAVE_ECC ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_ECC, key, keyLen); if (ret != SIG_TYPE_E) - return -5354; + return -6770; #endif /* Use APIs. */ ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_RSA, key, keyLen); if (ret != modLen) - return -5355; + return -6771; ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_RSA_W_ENC, key, keyLen); if (ret != modLen) - return -5356; + return -6772; sigSz = (word32)ret; ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, inLen, out, &sigSz, key, keyLen, rng); if (ret != 0) - return -5357; + return -6773; ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, inLen, out, (word32)modLen, key, keyLen); if (ret != 0) - return -5358; + return -6774; sigSz = (word32)sizeof(out); ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA_W_ENC, in, inLen, out, &sigSz, key, keyLen, rng); if (ret != 0) - return -5359; + return -6775; ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA_W_ENC, in, inLen, out, (word32)modLen, key, keyLen); if (ret != 0) - return -5360; + return -6776; /* Wrong signature type. */ ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, inLen, out, (word32)modLen, key, keyLen); if (ret == 0) - return -5361; + return -6777; /* check hash functions */ @@ -8387,269 +8780,278 @@ static int rsa_sig_test(RsaKey* key, word32 keyLen, int modLen, WC_RNG* rng) ret = wc_SignatureGenerateHash(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, hash, (int)sizeof(hash), out, &sigSz, key, keyLen, rng); if (ret != 0) - return -5362; + return -6778; ret = wc_SignatureVerifyHash(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, hash, (int)sizeof(hash), out, (word32)modLen, key, keyLen); if (ret != 0) - return -5363; + return -6779; sigSz = (word32)sizeof(out); ret = wc_SignatureGenerateHash(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA_W_ENC, hashEnc, (int)sizeof(hashEnc), out, &sigSz, key, keyLen, rng); if (ret != 0) - return -5364; + return -6780; ret = wc_SignatureVerifyHash(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA_W_ENC, hashEnc, (int)sizeof(hashEnc), out, (word32)modLen, key, keyLen); if (ret != 0) - return -5365; + return -6781; return 0; } #endif /* !NO_SIG_WRAPPER */ #ifndef HAVE_USER_RSA -static int rsa_decode_test(void) +static int rsa_decode_test(RsaKey* keyPub) { int ret; word32 inSz; word32 inOutIdx; - RsaKey keyPub; - const byte n[2] = { 0x00, 0x23 }; - const byte e[2] = { 0x00, 0x03 }; - const byte good[] = { 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 }; - const byte goodAlgId[] = { 0x30, 0x0f, 0x30, 0x0d, 0x06, 0x00, + static const byte n[2] = { 0x00, 0x23 }; + static const byte e[2] = { 0x00, 0x03 }; + static const byte good[] = { 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1, + 0x03 }; + static const byte goodAlgId[] = { 0x30, 0x0f, 0x30, 0x0d, 0x06, 0x00, 0x03, 0x09, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 }; - const byte goodAlgIdNull[] = { 0x30, 0x11, 0x30, 0x0f, 0x06, 0x00, + static const byte goodAlgIdNull[] = { 0x30, 0x11, 0x30, 0x0f, 0x06, 0x00, 0x05, 0x00, 0x03, 0x09, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 }; - const byte badAlgIdNull[] = { 0x30, 0x12, 0x30, 0x10, 0x06, 0x00, + static const byte badAlgIdNull[] = { 0x30, 0x12, 0x30, 0x10, 0x06, 0x00, 0x05, 0x01, 0x00, 0x03, 0x09, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 }; - const byte badNotBitString[] = { 0x30, 0x0f, 0x30, 0x0d, 0x06, 0x00, + static const byte badNotBitString[] = { 0x30, 0x0f, 0x30, 0x0d, 0x06, 0x00, 0x04, 0x09, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 }; - const byte badBitStringLen[] = { 0x30, 0x0f, 0x30, 0x0d, 0x06, 0x00, + static const byte badBitStringLen[] = { 0x30, 0x0f, 0x30, 0x0d, 0x06, 0x00, 0x03, 0x0a, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 }; - const byte badNoSeq[] = { 0x30, 0x0d, 0x30, 0x0b, 0x06, 0x00, 0x03, 0x07, - 0x00, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 }; - const byte badNoObj[] = { + static const byte badNoSeq[] = { 0x30, 0x0d, 0x30, 0x0b, 0x06, 0x00, 0x03, + 0x07, 0x00, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 }; + static const byte badNoObj[] = { 0x30, 0x0f, 0x30, 0x0d, 0x05, 0x00, 0x03, 0x09, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 }; - const byte badIntN[] = { 0x30, 0x06, 0x02, 0x05, 0x23, 0x02, 0x1, 0x03 }; - const byte badNotIntE[] = { 0x30, 0x06, 0x02, 0x01, 0x23, 0x04, 0x1, 0x03 }; - const byte badLength[] = { 0x30, 0x04, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 }; - const byte badBitStrNoZero[] = { 0x30, 0x0e, 0x30, 0x0c, 0x06, 0x00, + static const byte badIntN[] = { 0x30, 0x06, 0x02, 0x05, 0x23, 0x02, 0x1, + 0x03 }; + static const byte badNotIntE[] = { 0x30, 0x06, 0x02, 0x01, 0x23, 0x04, 0x1, + 0x03 }; + static const byte badLength[] = { 0x30, 0x04, 0x02, 0x01, 0x23, 0x02, 0x1, + 0x03 }; + static const byte badBitStrNoZero[] = { 0x30, 0x0e, 0x30, 0x0c, 0x06, 0x00, 0x03, 0x08, 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 }; - ret = wc_InitRsaKey(&keyPub, NULL); + ret = wc_InitRsaKey(keyPub, NULL); if (ret != 0) - return -5400; + return -6782; /* Parameter Validation testing. */ - ret = wc_RsaPublicKeyDecodeRaw(NULL, sizeof(n), e, sizeof(e), &keyPub); + ret = wc_RsaPublicKeyDecodeRaw(NULL, sizeof(n), e, sizeof(e), keyPub); if (ret != BAD_FUNC_ARG) { - ret = -5401; + ret = -6783; goto done; } - ret = wc_RsaPublicKeyDecodeRaw(n, sizeof(n), NULL, sizeof(e), &keyPub); + ret = wc_RsaPublicKeyDecodeRaw(n, sizeof(n), NULL, sizeof(e), keyPub); if (ret != BAD_FUNC_ARG) { - ret = -5402; + ret = -6784; goto done; } ret = wc_RsaPublicKeyDecodeRaw(n, sizeof(n), e, sizeof(e), NULL); if (ret != BAD_FUNC_ARG) { - ret = -5403; + ret = -6785; goto done; } /* TODO: probably should fail when length is -1! */ - ret = wc_RsaPublicKeyDecodeRaw(n, (word32)-1, e, sizeof(e), &keyPub); + ret = wc_RsaPublicKeyDecodeRaw(n, (word32)-1, e, sizeof(e), keyPub); if (ret != 0) { - ret = -5404; + ret = -6786; goto done; } - wc_FreeRsaKey(&keyPub); - ret = wc_InitRsaKey(&keyPub, NULL); + wc_FreeRsaKey(keyPub); + ret = wc_InitRsaKey(keyPub, NULL); if (ret != 0) - return -5405; - ret = wc_RsaPublicKeyDecodeRaw(n, sizeof(n), e, (word32)-1, &keyPub); + return -6787; + ret = wc_RsaPublicKeyDecodeRaw(n, sizeof(n), e, (word32)-1, keyPub); if (ret != 0) { - ret = -5406; + ret = -6788; goto done; } - wc_FreeRsaKey(&keyPub); - ret = wc_InitRsaKey(&keyPub, NULL); + wc_FreeRsaKey(keyPub); + ret = wc_InitRsaKey(keyPub, NULL); if (ret != 0) - return -5407; + return -6789; /* Use API. */ - ret = wc_RsaPublicKeyDecodeRaw(n, sizeof(n), e, sizeof(e), &keyPub); + ret = wc_RsaPublicKeyDecodeRaw(n, sizeof(n), e, sizeof(e), keyPub); if (ret != 0) { - ret = -5408; + ret = -6790; goto done; } - wc_FreeRsaKey(&keyPub); - ret = wc_InitRsaKey(&keyPub, NULL); + wc_FreeRsaKey(keyPub); + ret = wc_InitRsaKey(keyPub, NULL); if (ret != 0) - return -5409; + return -6791; /* Parameter Validation testing. */ inSz = sizeof(good); - ret = wc_RsaPublicKeyDecode(NULL, &inOutIdx, &keyPub, inSz); + ret = wc_RsaPublicKeyDecode(NULL, &inOutIdx, keyPub, inSz); if (ret != BAD_FUNC_ARG) { - ret = -5410; + ret = -6792; goto done; } - ret = wc_RsaPublicKeyDecode(good, NULL, &keyPub, inSz); + ret = wc_RsaPublicKeyDecode(good, NULL, keyPub, inSz); if (ret != BAD_FUNC_ARG) { - ret = -5411; + ret = -6793; goto done; } ret = wc_RsaPublicKeyDecode(good, &inOutIdx, NULL, inSz); if (ret != BAD_FUNC_ARG) { - ret = -5412; + ret = -6794; goto done; } /* Use good data and offest to bad data. */ inOutIdx = 2; inSz = sizeof(good) - inOutIdx; - ret = wc_RsaPublicKeyDecode(good, &inOutIdx, &keyPub, inSz); + ret = wc_RsaPublicKeyDecode(good, &inOutIdx, keyPub, inSz); if (ret != ASN_PARSE_E) { - ret = -5413; + ret = -6795; goto done; } inOutIdx = 2; inSz = sizeof(goodAlgId) - inOutIdx; - ret = wc_RsaPublicKeyDecode(goodAlgId, &inOutIdx, &keyPub, inSz); + ret = wc_RsaPublicKeyDecode(goodAlgId, &inOutIdx, keyPub, inSz); if (ret != ASN_PARSE_E) { - ret = -5414; + ret = -6796; + goto done; + } + inOutIdx = 2; + inSz = sizeof(goodAlgId); + ret = wc_RsaPublicKeyDecode(goodAlgId, &inOutIdx, keyPub, inSz); + if (ret != ASN_PARSE_E) { + ret = -6797; goto done; } /* Try different bad data. */ inSz = sizeof(badAlgIdNull); inOutIdx = 0; - ret = wc_RsaPublicKeyDecode(badAlgIdNull, &inOutIdx, &keyPub, inSz); + ret = wc_RsaPublicKeyDecode(badAlgIdNull, &inOutIdx, keyPub, inSz); if (ret != ASN_EXPECT_0_E) { - ret = -5415; + ret = -6798; goto done; } inSz = sizeof(badNotBitString); inOutIdx = 0; - ret = wc_RsaPublicKeyDecode(badNotBitString, &inOutIdx, &keyPub, inSz); + ret = wc_RsaPublicKeyDecode(badNotBitString, &inOutIdx, keyPub, inSz); if (ret != ASN_BITSTR_E) { - ret = -5416; + ret = -6799; goto done; } inSz = sizeof(badBitStringLen); inOutIdx = 0; - ret = wc_RsaPublicKeyDecode(badBitStringLen, &inOutIdx, &keyPub, inSz); + ret = wc_RsaPublicKeyDecode(badBitStringLen, &inOutIdx, keyPub, inSz); if (ret != ASN_PARSE_E) { - ret = -5417; + ret = -6800; goto done; } inSz = sizeof(badNoSeq); inOutIdx = 0; - ret = wc_RsaPublicKeyDecode(badNoSeq, &inOutIdx, &keyPub, inSz); + ret = wc_RsaPublicKeyDecode(badNoSeq, &inOutIdx, keyPub, inSz); if (ret != ASN_PARSE_E) { - ret = -5418; + ret = -6801; goto done; } inSz = sizeof(badNoObj); inOutIdx = 0; - ret = wc_RsaPublicKeyDecode(badNoObj, &inOutIdx, &keyPub, inSz); + ret = wc_RsaPublicKeyDecode(badNoObj, &inOutIdx, keyPub, inSz); if (ret != ASN_PARSE_E) { - ret = -5419; + ret = -6802; goto done; } inSz = sizeof(badIntN); inOutIdx = 0; - ret = wc_RsaPublicKeyDecode(badIntN, &inOutIdx, &keyPub, inSz); + ret = wc_RsaPublicKeyDecode(badIntN, &inOutIdx, keyPub, inSz); if (ret != ASN_RSA_KEY_E) { - ret = -5420; + ret = -6803; goto done; } inSz = sizeof(badNotIntE); inOutIdx = 0; - ret = wc_RsaPublicKeyDecode(badNotIntE, &inOutIdx, &keyPub, inSz); + ret = wc_RsaPublicKeyDecode(badNotIntE, &inOutIdx, keyPub, inSz); if (ret != ASN_RSA_KEY_E) { - ret = -5421; + ret = -6804; goto done; } /* TODO: Shouldn't pass as the sequence length is too small. */ inSz = sizeof(badLength); inOutIdx = 0; - ret = wc_RsaPublicKeyDecode(badLength, &inOutIdx, &keyPub, inSz); + ret = wc_RsaPublicKeyDecode(badLength, &inOutIdx, keyPub, inSz); if (ret != 0) { - ret = -5422; + ret = -6805; goto done; } /* TODO: Shouldn't ignore object id's data. */ - wc_FreeRsaKey(&keyPub); - ret = wc_InitRsaKey(&keyPub, NULL); + wc_FreeRsaKey(keyPub); + ret = wc_InitRsaKey(keyPub, NULL); if (ret != 0) - return -5423; + return -6806; + + inSz = sizeof(badBitStrNoZero); + inOutIdx = 0; + ret = wc_RsaPublicKeyDecode(badBitStrNoZero, &inOutIdx, keyPub, inSz); + if (ret != ASN_EXPECT_0_E) { + ret = -6807; + goto done; + } + wc_FreeRsaKey(keyPub); + ret = wc_InitRsaKey(keyPub, NULL); + if (ret != 0) + return -6808; /* Valid data cases. */ inSz = sizeof(good); inOutIdx = 0; - ret = wc_RsaPublicKeyDecode(good, &inOutIdx, &keyPub, inSz); + ret = wc_RsaPublicKeyDecode(good, &inOutIdx, keyPub, inSz); if (ret != 0) { - ret = -5424; + ret = -6809; goto done; } if (inOutIdx != inSz) { - ret = -5425; + ret = -6810; goto done; } - wc_FreeRsaKey(&keyPub); - ret = wc_InitRsaKey(&keyPub, NULL); + wc_FreeRsaKey(keyPub); + ret = wc_InitRsaKey(keyPub, NULL); if (ret != 0) - return -5426; + return -6811; inSz = sizeof(goodAlgId); inOutIdx = 0; - ret = wc_RsaPublicKeyDecode(goodAlgId, &inOutIdx, &keyPub, inSz); + ret = wc_RsaPublicKeyDecode(goodAlgId, &inOutIdx, keyPub, inSz); if (ret != 0) { - ret = -5427; + ret = -6812; goto done; } if (inOutIdx != inSz) { - ret = -5428; + ret = -6813; goto done; } - wc_FreeRsaKey(&keyPub); - ret = wc_InitRsaKey(&keyPub, NULL); + wc_FreeRsaKey(keyPub); + ret = wc_InitRsaKey(keyPub, NULL); if (ret != 0) - return -5429; + return -6814; inSz = sizeof(goodAlgIdNull); inOutIdx = 0; - ret = wc_RsaPublicKeyDecode(goodAlgIdNull, &inOutIdx, &keyPub, inSz); + ret = wc_RsaPublicKeyDecode(goodAlgIdNull, &inOutIdx, keyPub, inSz); if (ret != 0) { - ret = -5430; + ret = -6815; goto done; } if (inOutIdx != inSz) { - ret = -5431; + ret = -6816; goto done; } - wc_FreeRsaKey(&keyPub); - ret = wc_InitRsaKey(&keyPub, NULL); - if (ret != 0) - return -5432; - - inSz = sizeof(badBitStrNoZero); - inOutIdx = 0; - ret = wc_RsaPublicKeyDecode(badBitStrNoZero, &inOutIdx, &keyPub, inSz); - if (ret != ASN_EXPECT_0_E) { - ret = -5433; - goto done; - } - ret = 0; done: - wc_FreeRsaKey(&keyPub); + wc_FreeRsaKey(keyPub); return ret; } #endif @@ -8711,7 +9113,7 @@ static int rsa_pss_test(WC_RNG* rng, RsaKey* key) /* Calculate hash of message. */ ret = wc_Hash(hash[j], in, inLen, digest, sizeof(digest)); if (ret != 0) - ERROR_OUT(-5450, exit_rsa_pss); + ERROR_OUT(-6817, exit_rsa_pss); digestSz = wc_HashGetDigestSize(hash[j]); for (i = 0; i < (int)(sizeof(mgf)/sizeof(*mgf)); i++) { @@ -8727,7 +9129,7 @@ static int rsa_pss_test(WC_RNG* rng, RsaKey* key) } } while (ret == WC_PENDING_E); if (ret <= 0) - ERROR_OUT(-5451, exit_rsa_pss); + ERROR_OUT(-6818, exit_rsa_pss); outSz = ret; XMEMCPY(sig, out, outSz); @@ -8744,13 +9146,13 @@ static int rsa_pss_test(WC_RNG* rng, RsaKey* key) } } while (ret == WC_PENDING_E); if (ret <= 0) - ERROR_OUT(-5452, exit_rsa_pss); + ERROR_OUT(-6819, exit_rsa_pss); plainSz = ret; ret = wc_RsaPSS_CheckPadding(digest, digestSz, plain, plainSz, hash[j]); if (ret != 0) - ERROR_OUT(-5453, exit_rsa_pss); + ERROR_OUT(-6820, exit_rsa_pss); #ifdef RSA_PSS_TEST_WRONG_PARAMS for (k = 0; k < (int)(sizeof(mgf)/sizeof(*mgf)); k++) { @@ -8771,7 +9173,7 @@ static int rsa_pss_test(WC_RNG* rng, RsaKey* key) } } while (ret == WC_PENDING_E); if (ret >= 0) - ERROR_OUT(-5454, exit_rsa_pss); + ERROR_OUT(-6821, exit_rsa_pss); } } #endif @@ -8792,7 +9194,7 @@ static int rsa_pss_test(WC_RNG* rng, RsaKey* key) } } while (ret == WC_PENDING_E); if (ret <= 0) - ERROR_OUT(-5460, exit_rsa_pss); + ERROR_OUT(-6822, exit_rsa_pss); outSz = ret; do { @@ -8806,7 +9208,7 @@ static int rsa_pss_test(WC_RNG* rng, RsaKey* key) } } while (ret == WC_PENDING_E); if (ret <= 0) - ERROR_OUT(-5461, exit_rsa_pss); + ERROR_OUT(-6823, exit_rsa_pss); plainSz = ret; do { @@ -8820,7 +9222,7 @@ static int rsa_pss_test(WC_RNG* rng, RsaKey* key) } } while (ret == WC_PENDING_E); if (ret != 0) - ERROR_OUT(-5462, exit_rsa_pss); + ERROR_OUT(-6824, exit_rsa_pss); XMEMCPY(sig, out, outSz); plain = NULL; @@ -8835,13 +9237,13 @@ static int rsa_pss_test(WC_RNG* rng, RsaKey* key) } } while (ret == WC_PENDING_E); if (ret <= 0) - ERROR_OUT(-5463, exit_rsa_pss); + ERROR_OUT(-6825, exit_rsa_pss); plainSz = ret; ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz, hash[0], 0); if (ret != 0) - ERROR_OUT(-5464, exit_rsa_pss); + ERROR_OUT(-6826, exit_rsa_pss); /* Test bad salt lengths in various APIs. */ digestSz = wc_HashGetDigestSize(hash[0]); @@ -8857,7 +9259,7 @@ static int rsa_pss_test(WC_RNG* rng, RsaKey* key) } } while (ret == WC_PENDING_E); if (ret != PSS_SALTLEN_E) - ERROR_OUT(-5470, exit_rsa_pss); + ERROR_OUT(-6827, exit_rsa_pss); do { #if defined(WOLFSSL_ASYNC_CRYPT) @@ -8870,7 +9272,7 @@ static int rsa_pss_test(WC_RNG* rng, RsaKey* key) } } while (ret == WC_PENDING_E); if (ret != PSS_SALTLEN_E) - ERROR_OUT(-5471, exit_rsa_pss); + ERROR_OUT(-6828, exit_rsa_pss); do { #if defined(WOLFSSL_ASYNC_CRYPT) @@ -8883,7 +9285,7 @@ static int rsa_pss_test(WC_RNG* rng, RsaKey* key) } } while (ret == WC_PENDING_E); if (ret != PSS_SALTLEN_E) - ERROR_OUT(-5472, exit_rsa_pss); + ERROR_OUT(-6829, exit_rsa_pss); do { #if defined(WOLFSSL_ASYNC_CRYPT) @@ -8896,16 +9298,16 @@ static int rsa_pss_test(WC_RNG* rng, RsaKey* key) } } while (ret == WC_PENDING_E); if (ret != PSS_SALTLEN_E) - ERROR_OUT(-5473, exit_rsa_pss); + ERROR_OUT(-6830, exit_rsa_pss); ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz, hash[0], -2); if (ret != PSS_SALTLEN_E) - ERROR_OUT(-5474, exit_rsa_pss); + ERROR_OUT(-6831, exit_rsa_pss); ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz, hash[0], digestSz + 1); if (ret != PSS_SALTLEN_E) - ERROR_OUT(-5475, exit_rsa_pss); + ERROR_OUT(-6832, exit_rsa_pss); ret = 0; exit_rsa_pss: @@ -8956,7 +9358,7 @@ int rsa_no_pad_test(void) || out == NULL || plain == NULL #endif ) { - return -500; + return -6900; } #ifdef USE_CERT_BUFFERS_1024 @@ -8968,23 +9370,23 @@ int rsa_no_pad_test(void) if (!file) { err_sys("can't open ./certs/client-key.der, " "Please run from wolfSSL home dir", -40); - ERROR_OUT(-501, exit_rsa_nopadding); + ERROR_OUT(-6901, exit_rsa_nopadding); } bytes = fread(tmp, 1, FOURK_BUF, file); fclose(file); #else /* No key to use. */ - ERROR_OUT(-502, exit_rsa_nopadding); + ERROR_OUT(-6902, exit_rsa_nopadding); #endif /* USE_CERT_BUFFERS */ ret = wc_InitRsaKey_ex(&key, HEAP_HINT, devId); if (ret != 0) { - ERROR_OUT(-503, exit_rsa_nopadding); + ERROR_OUT(-6903, exit_rsa_nopadding); } ret = wc_RsaPrivateKeyDecode(tmp, &idx, &key, (word32)bytes); if (ret != 0) { - ERROR_OUT(-504, exit_rsa_nopadding); + ERROR_OUT(-6904, exit_rsa_nopadding); } /* after loading in key use tmp as the test buffer */ @@ -8995,7 +9397,7 @@ int rsa_no_pad_test(void) ret = wc_InitRng(&rng); #endif if (ret != 0) { - ERROR_OUT(-505, exit_rsa_nopadding); + ERROR_OUT(-6905, exit_rsa_nopadding); } inLen = wc_RsaEncryptSize(&key); @@ -9010,12 +9412,12 @@ int rsa_no_pad_test(void) } } while (ret == WC_PENDING_E); if (ret <= 0) { - ERROR_OUT(-506, exit_rsa_nopadding); + ERROR_OUT(-6906, exit_rsa_nopadding); } /* encrypted result should not be the same as input */ if (XMEMCMP(out, tmp, inLen) == 0) { - ERROR_OUT(-507, exit_rsa_nopadding); + ERROR_OUT(-6907, exit_rsa_nopadding); } /* decrypt with public key and compare result */ @@ -9029,17 +9431,22 @@ int rsa_no_pad_test(void) } } while (ret == WC_PENDING_E); if (ret <= 0) { - ERROR_OUT(-508, exit_rsa_nopadding); + ERROR_OUT(-6908, exit_rsa_nopadding); } if (XMEMCMP(plain, tmp, inLen) != 0) { - ERROR_OUT(-509, exit_rsa_nopadding); + ERROR_OUT(-6909, exit_rsa_nopadding); } #ifdef WC_RSA_BLINDING + ret = wc_RsaSetRNG(NULL, &rng); + if (ret != BAD_FUNC_ARG) { + ERROR_OUT(-6910, exit_rsa_nopadding); + } + ret = wc_RsaSetRNG(&key, &rng); if (ret < 0) { - ERROR_OUT(-510, exit_rsa_nopadding); + ERROR_OUT(-6911, exit_rsa_nopadding); } #endif @@ -9054,7 +9461,7 @@ int rsa_no_pad_test(void) } } while (ret == WC_PENDING_E); if (ret < 0) { - ERROR_OUT(-511, exit_rsa_nopadding); + ERROR_OUT(-6912, exit_rsa_nopadding); } do { @@ -9067,36 +9474,36 @@ int rsa_no_pad_test(void) } } while (ret == WC_PENDING_E); if (ret < 0) { - ERROR_OUT(-512, exit_rsa_nopadding); + ERROR_OUT(-6913, exit_rsa_nopadding); } if (XMEMCMP(plain, tmp, inLen) != 0) { - ERROR_OUT(-513, exit_rsa_nopadding); + ERROR_OUT(-6914, exit_rsa_nopadding); } /* test some bad arguments */ ret = wc_RsaDirect(out, outSz, plain, &plainSz, &key, -1, &rng); if (ret != BAD_FUNC_ARG) { - ERROR_OUT(-514, exit_rsa_nopadding); + ERROR_OUT(-6915, exit_rsa_nopadding); } ret = wc_RsaDirect(out, outSz, plain, &plainSz, NULL, RSA_PUBLIC_DECRYPT, &rng); if (ret != BAD_FUNC_ARG) { - ERROR_OUT(-515, exit_rsa_nopadding); + ERROR_OUT(-6916, exit_rsa_nopadding); } ret = wc_RsaDirect(out, outSz, NULL, &plainSz, &key, RSA_PUBLIC_DECRYPT, &rng); if (ret != LENGTH_ONLY_E || plainSz != inLen) { - ERROR_OUT(-516, exit_rsa_nopadding); + ERROR_OUT(-6917, exit_rsa_nopadding); } ret = wc_RsaDirect(out, outSz - 10, plain, &plainSz, &key, RSA_PUBLIC_DECRYPT, &rng); if (ret != BAD_FUNC_ARG) { - ERROR_OUT(-517, exit_rsa_nopadding); + ERROR_OUT(-6918, exit_rsa_nopadding); } /* if making it to this point of code without hitting an ERROR_OUT then @@ -9111,6 +9518,574 @@ exit_rsa_nopadding: } #endif /* WC_RSA_NO_PADDING */ +#ifdef WOLFSSL_CERT_GEN +static int rsa_certgen_test(RsaKey* key, RsaKey* keypub, WC_RNG* rng, byte* tmp) +{ + RsaKey caKey; + byte* der = NULL; + byte* pem = NULL; + int ret; + Cert* myCert = NULL; + int certSz; + size_t bytes3; + word32 idx3 = 0; +#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) + FILE* file3; +#endif +#ifdef WOLFSSL_TEST_CERT + DecodedCert decode; +#endif +#if defined(WOLFSSL_ALT_NAMES) && !defined(NO_ASN_TIME) + struct tm beforeTime; + struct tm afterTime; +#endif + const byte mySerial[8] = {1,2,3,4,5,6,7,8}; + + (void)keypub; + + XMEMSET(&caKey, 0, sizeof(caKey)); + + der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (der == NULL) { + ERROR_OUT(-6919, exit_rsa); + } + pem = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,DYNAMIC_TYPE_TMP_BUFFER); + if (pem == NULL) { + ERROR_OUT(-6920, exit_rsa); + } + myCert = (Cert*)XMALLOC(sizeof(Cert), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (myCert == NULL) { + ERROR_OUT(-6921, exit_rsa); + } + + /* self signed */ + if (wc_InitCert(myCert)) { + ERROR_OUT(-6922, exit_rsa); + } + + XMEMCPY(&myCert->subject, &certDefaultName, sizeof(CertName)); + XMEMCPY(myCert->serial, mySerial, sizeof(mySerial)); + myCert->serialSz = (int)sizeof(mySerial); + myCert->isCA = 1; +#ifndef NO_SHA256 + myCert->sigType = CTC_SHA256wRSA; +#else + myCert->sigType = CTC_SHAwRSA; +#endif + + +#ifdef WOLFSSL_CERT_EXT + /* add Policies */ + XSTRNCPY(myCert->certPolicies[0], "2.16.840.1.101.3.4.1.42", + CTC_MAX_CERTPOL_SZ); + XSTRNCPY(myCert->certPolicies[1], "1.2.840.113549.1.9.16.6.5", + CTC_MAX_CERTPOL_SZ); + myCert->certPoliciesNb = 2; + + /* add SKID from the Public Key */ + if (wc_SetSubjectKeyIdFromPublicKey(myCert, keypub, NULL) != 0) { + ERROR_OUT(-6923, exit_rsa); + } + + /* add AKID from the Public Key */ + if (wc_SetAuthKeyIdFromPublicKey(myCert, keypub, NULL) != 0) { + ERROR_OUT(-6924, exit_rsa); + } + + /* add Key Usage */ + if (wc_SetKeyUsage(myCert,"cRLSign,keyCertSign") != 0) { + ERROR_OUT(-6925, exit_rsa); + } +#ifdef WOLFSSL_EKU_OID + { + const char unique[] = "2.16.840.1.111111.100.1.10.1"; + if (wc_SetExtKeyUsageOID(myCert, unique, sizeof(unique), 0, + HEAP_HINT) != 0) { + ERROR_OUT(-6926, exit_rsa); + } + } +#endif /* WOLFSSL_EKU_OID */ +#endif /* WOLFSSL_CERT_EXT */ + + ret = 0; + do { +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); +#endif + if (ret >= 0) { + ret = wc_MakeSelfCert(myCert, der, FOURK_BUF, key, rng); + } + } while (ret == WC_PENDING_E); + if (ret < 0) { + ERROR_OUT(-6927, exit_rsa); + } + certSz = ret; + +#ifdef WOLFSSL_TEST_CERT + InitDecodedCert(&decode, der, certSz, HEAP_HINT); + ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0); + if (ret != 0) { + FreeDecodedCert(&decode); + ERROR_OUT(-6928, exit_rsa); + } + FreeDecodedCert(&decode); +#endif + + ret = SaveDerAndPem(der, certSz, pem, FOURK_BUF, certDerFile, + certPemFile, CERT_TYPE, -5578); + if (ret != 0) { + goto exit_rsa; + } + + /* Setup Certificate */ + if (wc_InitCert(myCert)) { + ERROR_OUT(-6929, exit_rsa); + } + +#ifdef WOLFSSL_ALT_NAMES + /* Get CA Cert for testing */ + #ifdef USE_CERT_BUFFERS_1024 + XMEMCPY(tmp, ca_cert_der_1024, sizeof_ca_cert_der_1024); + bytes3 = sizeof_ca_cert_der_1024; + #elif defined(USE_CERT_BUFFERS_2048) + XMEMCPY(tmp, ca_cert_der_2048, sizeof_ca_cert_der_2048); + bytes3 = sizeof_ca_cert_der_2048; + #else + file3 = fopen(rsaCaCertDerFile, "rb"); + if (!file3) { + ERROR_OUT(-6930, exit_rsa); + } + bytes3 = fread(tmp, 1, FOURK_BUF, file3); + fclose(file3); + #endif /* USE_CERT_BUFFERS */ + + #ifndef NO_FILESYSTEM + ret = wc_SetAltNames(myCert, rsaCaCertFile); + if (ret != 0) { + ERROR_OUT(-6931, exit_rsa); + } + #endif + /* get alt names from der */ + ret = wc_SetAltNamesBuffer(myCert, tmp, (int)bytes3); + if (ret != 0) { + ERROR_OUT(-6932, exit_rsa); + } + + /* get dates from der */ + ret = wc_SetDatesBuffer(myCert, tmp, (int)bytes3); + if (ret != 0) { + ERROR_OUT(-6933, exit_rsa); + } + + #ifndef NO_ASN_TIME + ret = wc_GetCertDates(myCert, &beforeTime, &afterTime); + if (ret < 0) { + ERROR_OUT(-6934, exit_rsa); + } + #endif +#endif /* WOLFSSL_ALT_NAMES */ + + /* Get CA Key */ +#ifdef USE_CERT_BUFFERS_1024 + XMEMCPY(tmp, ca_key_der_1024, sizeof_ca_key_der_1024); + bytes3 = sizeof_ca_key_der_1024; +#elif defined(USE_CERT_BUFFERS_2048) + XMEMCPY(tmp, ca_key_der_2048, sizeof_ca_key_der_2048); + bytes3 = sizeof_ca_key_der_2048; +#else + file3 = fopen(rsaCaKeyFile, "rb"); + if (!file3) { + ERROR_OUT(-6935, exit_rsa); + } + + bytes3 = fread(tmp, 1, FOURK_BUF, file3); + fclose(file3); +#endif /* USE_CERT_BUFFERS */ + + ret = wc_InitRsaKey(&caKey, HEAP_HINT); + if (ret != 0) { + ERROR_OUT(-6936, exit_rsa); + } + ret = wc_RsaPrivateKeyDecode(tmp, &idx3, &caKey, (word32)bytes3); + if (ret != 0) { + ERROR_OUT(-6937, exit_rsa); + } + +#ifndef NO_SHA256 + myCert->sigType = CTC_SHA256wRSA; +#else + myCert->sigType = CTC_SHAwRSA; +#endif + + XMEMCPY(&myCert->subject, &certDefaultName, sizeof(CertName)); + +#ifdef WOLFSSL_CERT_EXT + /* add Policies */ + XSTRNCPY(myCert->certPolicies[0], "2.16.840.1.101.3.4.1.42", + CTC_MAX_CERTPOL_SZ); + myCert->certPoliciesNb =1; + + /* add SKID from the Public Key */ + if (wc_SetSubjectKeyIdFromPublicKey(myCert, key, NULL) != 0) { + ERROR_OUT(-6938, exit_rsa); + } + + /* add AKID from the CA certificate */ +#if defined(USE_CERT_BUFFERS_2048) + ret = wc_SetAuthKeyIdFromCert(myCert, ca_cert_der_2048, + sizeof_ca_cert_der_2048); +#elif defined(USE_CERT_BUFFERS_1024) + ret = wc_SetAuthKeyIdFromCert(myCert, ca_cert_der_1024, + sizeof_ca_cert_der_1024); +#else + ret = wc_SetAuthKeyId(myCert, rsaCaCertFile); +#endif + if (ret != 0) { + ERROR_OUT(-6939, exit_rsa); + } + + /* add Key Usage */ + if (wc_SetKeyUsage(myCert,"keyEncipherment,keyAgreement") != 0) { + ERROR_OUT(-6940, exit_rsa); + } +#endif /* WOLFSSL_CERT_EXT */ + +#if defined(USE_CERT_BUFFERS_2048) + ret = wc_SetIssuerBuffer(myCert, ca_cert_der_2048, + sizeof_ca_cert_der_2048); +#elif defined(USE_CERT_BUFFERS_1024) + ret = wc_SetIssuerBuffer(myCert, ca_cert_der_1024, + sizeof_ca_cert_der_1024); +#else + ret = wc_SetIssuer(myCert, rsaCaCertFile); +#endif + if (ret < 0) { + ERROR_OUT(-6941, exit_rsa); + } + + certSz = wc_MakeCert(myCert, der, FOURK_BUF, key, NULL, rng); + if (certSz < 0) { + ERROR_OUT(-6942, exit_rsa); + } + + ret = 0; + do { + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &caKey.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); + #endif + if (ret >= 0) { + ret = wc_SignCert(myCert->bodySz, myCert->sigType, der, FOURK_BUF, + &caKey, NULL, rng); + } + } while (ret == WC_PENDING_E); + if (ret < 0) { + ERROR_OUT(-6943, exit_rsa); + } + certSz = ret; + +#ifdef WOLFSSL_TEST_CERT + InitDecodedCert(&decode, der, certSz, HEAP_HINT); + ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0); + if (ret != 0) { + FreeDecodedCert(&decode); + ERROR_OUT(-6944, exit_rsa); + } + FreeDecodedCert(&decode); +#endif + + ret = SaveDerAndPem(der, certSz, pem, FOURK_BUF, otherCertDerFile, + otherCertPemFile, CERT_TYPE, -5598); + if (ret != 0) { + goto exit_rsa; + } + +exit_rsa: + wc_FreeRsaKey(&caKey); + + XFREE(myCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + myCert = NULL; + XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + pem = NULL; + XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + der = NULL; + + return ret; +} +#endif + +#if !defined(NO_RSA) && defined(HAVE_ECC) && defined(WOLFSSL_CERT_GEN) +/* Make Cert / Sign example for ECC cert and RSA CA */ +static int rsa_ecc_certgen_test(WC_RNG* rng, byte* tmp) +{ + RsaKey caKey; + ecc_key caEccKey; + ecc_key caEccKeyPub; + byte* der = NULL; + byte* pem = NULL; + Cert* myCert = NULL; + int certSz; + size_t bytes3; + word32 idx3 = 0; +#if (!defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)) \ + || !defined(USE_CERT_BUFFERS_256) + FILE* file3; +#endif +#ifdef WOLFSSL_TEST_CERT + DecodedCert decode; +#endif + int ret; + + XMEMSET(&caKey, 0, sizeof(caKey)); + XMEMSET(&caEccKey, 0, sizeof(caEccKey)); + XMEMSET(&caEccKeyPub, 0, sizeof(caEccKeyPub)); + + der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (der == NULL) { + ERROR_OUT(-6945, exit_rsa); + } + pem = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (pem == NULL) { + ERROR_OUT(-6946, exit_rsa); + } + myCert = (Cert*)XMALLOC(sizeof(Cert), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (myCert == NULL) { + ERROR_OUT(-6947, exit_rsa); + } + + /* Get CA Key */ +#ifdef USE_CERT_BUFFERS_1024 + XMEMCPY(tmp, ca_key_der_1024, sizeof_ca_key_der_1024); + bytes3 = sizeof_ca_key_der_1024; +#elif defined(USE_CERT_BUFFERS_2048) + XMEMCPY(tmp, ca_key_der_2048, sizeof_ca_key_der_2048); + bytes3 = sizeof_ca_key_der_2048; +#else + file3 = fopen(rsaCaKeyFile, "rb"); + if (!file3) { + ERROR_OUT(-6948, exit_rsa); + } + + bytes3 = fread(tmp, 1, FOURK_BUF, file3); + fclose(file3); +#endif /* USE_CERT_BUFFERS */ + + ret = wc_InitRsaKey(&caKey, HEAP_HINT); + if (ret != 0) { + ERROR_OUT(-6949, exit_rsa); + } + ret = wc_RsaPrivateKeyDecode(tmp, &idx3, &caKey, (word32)bytes3); + if (ret != 0) { + ERROR_OUT(-6950, exit_rsa); + } + + /* Get Cert Key */ +#ifdef USE_CERT_BUFFERS_256 + XMEMCPY(tmp, ecc_key_pub_der_256, sizeof_ecc_key_pub_der_256); + bytes3 = sizeof_ecc_key_pub_der_256; +#else + file3 = fopen(eccKeyPubFile, "rb"); + if (!file3) { + ERROR_OUT(-6951, exit_rsa); + } + + bytes3 = fread(tmp, 1, FOURK_BUF, file3); + fclose(file3); +#endif + + ret = wc_ecc_init_ex(&caEccKeyPub, HEAP_HINT, devId); + if (ret != 0) { + ERROR_OUT(-6952, exit_rsa); + } + + idx3 = 0; + ret = wc_EccPublicKeyDecode(tmp, &idx3, &caEccKeyPub, (word32)bytes3); + if (ret != 0) { + ERROR_OUT(-6953, exit_rsa); + } + + /* Setup Certificate */ + if (wc_InitCert(myCert)) { + ERROR_OUT(-6954, exit_rsa); + } + +#ifndef NO_SHA256 + myCert->sigType = CTC_SHA256wRSA; +#else + myCert->sigType = CTC_SHAwRSA; +#endif + + XMEMCPY(&myCert->subject, &certDefaultName, sizeof(CertName)); + +#ifdef WOLFSSL_CERT_EXT + /* add Policies */ + XSTRNCPY(myCert->certPolicies[0], "2.4.589440.587.101.2.1.9632587.1", + CTC_MAX_CERTPOL_SZ); + XSTRNCPY(myCert->certPolicies[1], "1.2.13025.489.1.113549", + CTC_MAX_CERTPOL_SZ); + myCert->certPoliciesNb = 2; + + /* add SKID from the Public Key */ + if (wc_SetSubjectKeyIdFromPublicKey(myCert, NULL, &caEccKeyPub) != 0) { + ERROR_OUT(-6955, exit_rsa); + } + + /* add AKID from the CA certificate */ +#if defined(USE_CERT_BUFFERS_2048) + ret = wc_SetAuthKeyIdFromCert(myCert, ca_cert_der_2048, + sizeof_ca_cert_der_2048); +#elif defined(USE_CERT_BUFFERS_1024) + ret = wc_SetAuthKeyIdFromCert(myCert, ca_cert_der_1024, + sizeof_ca_cert_der_1024); +#else + ret = wc_SetAuthKeyId(myCert, rsaCaCertFile); +#endif + if (ret != 0) { + ERROR_OUT(-6956, exit_rsa); + } + + /* add Key Usage */ + if (wc_SetKeyUsage(myCert, certKeyUsage) != 0) { + ERROR_OUT(-6957, exit_rsa); + } +#endif /* WOLFSSL_CERT_EXT */ + +#if defined(USE_CERT_BUFFERS_2048) + ret = wc_SetIssuerBuffer(myCert, ca_cert_der_2048, + sizeof_ca_cert_der_2048); +#elif defined(USE_CERT_BUFFERS_1024) + ret = wc_SetIssuerBuffer(myCert, ca_cert_der_1024, + sizeof_ca_cert_der_1024); +#else + ret = wc_SetIssuer(myCert, rsaCaCertFile); +#endif + if (ret < 0) { + ERROR_OUT(-6958, exit_rsa); + } + + certSz = wc_MakeCert(myCert, der, FOURK_BUF, NULL, &caEccKeyPub, rng); + if (certSz < 0) { + ERROR_OUT(-6959, exit_rsa); + } + + ret = 0; + do { + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &caEccKey.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); + #endif + if (ret >= 0) { + ret = wc_SignCert(myCert->bodySz, myCert->sigType, der, + FOURK_BUF, &caKey, NULL, rng); + } + } while (ret == WC_PENDING_E); + if (ret < 0) { + ERROR_OUT(-6960, exit_rsa); + } + certSz = ret; + +#ifdef WOLFSSL_TEST_CERT + InitDecodedCert(&decode, der, certSz, 0); + ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0); + if (ret != 0) { + FreeDecodedCert(&decode); + ERROR_OUT(-6961, exit_rsa); + + } + FreeDecodedCert(&decode); +#endif + + ret = SaveDerAndPem(der, certSz, pem, FOURK_BUF, certEccRsaDerFile, + certEccRsaPemFile, CERT_TYPE, -5616); + if (ret != 0) { + goto exit_rsa; + } + +exit_rsa: + wc_FreeRsaKey(&caKey); + wc_ecc_free(&caEccKey); + wc_ecc_free(&caEccKeyPub); + + XFREE(myCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + myCert = NULL; + XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + pem = NULL; + XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + der = NULL; + + if (ret >= 0) + ret = 0; + return ret; +} +#endif /* !NO_RSA && HAVE_ECC && WOLFSSL_CERT_GEN */ + +#ifdef WOLFSSL_KEY_GEN +static int rsa_keygen_test(WC_RNG* rng) +{ + RsaKey genKey; + int ret; + byte* der = NULL; + byte* pem = NULL; + word32 idx = 0; + int derSz = 0; + int keySz = 1024; + + XMEMSET(&genKey, 0, sizeof(genKey)); + + #ifdef HAVE_FIPS + keySz = 2048; + #endif /* HAVE_FIPS */ + + ret = wc_InitRsaKey(&genKey, HEAP_HINT); + if (ret != 0) { + ERROR_OUT(-6962, exit_rsa); + } + ret = wc_MakeRsaKey(&genKey, keySz, WC_RSA_EXPONENT, rng); + if (ret != 0) { + ERROR_OUT(-6963, exit_rsa); + } + + der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (der == NULL) { + ERROR_OUT(-6964, exit_rsa); + } + pem = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (pem == NULL) { + ERROR_OUT(-6965, exit_rsa); + } + + derSz = wc_RsaKeyToDer(&genKey, der, FOURK_BUF); + if (derSz < 0) { + ERROR_OUT(-6966, exit_rsa); + } + + ret = SaveDerAndPem(der, derSz, pem, FOURK_BUF, keyDerFile, keyPemFile, + PRIVATEKEY_TYPE, -5555); + if (ret != 0) { + goto exit_rsa; + } + + wc_FreeRsaKey(&genKey); + ret = wc_InitRsaKey(&genKey, HEAP_HINT); + if (ret != 0) { + ERROR_OUT(-6967, exit_rsa); + } + idx = 0; + ret = wc_RsaPrivateKeyDecode(der, &idx, &genKey, derSz); + if (ret != 0) { + ERROR_OUT(-6968, exit_rsa); + } + + wc_FreeRsaKey(&genKey); + XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + pem = NULL; + XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + der = NULL; + +exit_rsa: + wc_FreeRsaKey(&genKey); + return ret; +} +#endif + int rsa_test(void) { int ret; @@ -9120,21 +10095,12 @@ int rsa_test(void) size_t bytes; WC_RNG rng; RsaKey key; -#ifdef WOLFSSL_CERT_EXT +#if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN) RsaKey keypub; #endif -#ifdef WOLFSSL_KEY_GEN - RsaKey genKey; -#endif -#if defined(WOLFSSL_CERT_GEN) || defined(HAVE_NTRU) +#if defined(HAVE_NTRU) RsaKey caKey; #endif -#ifdef HAVE_ECC - #ifdef WOLFSSL_CERT_GEN - ecc_key caEccKey; - ecc_key caEccKeyPub; - #endif -#endif /* HAVE_ECC */ word32 idx = 0; byte* res; const char* inStr = "Everyone gets Friday off."; @@ -9164,21 +10130,12 @@ int rsa_test(void) #ifdef WOLFSSL_CERT_EXT XMEMSET(&keypub, 0, sizeof(keypub)); #endif -#ifdef WOLFSSL_KEY_GEN - XMEMSET(&genKey, 0, sizeof(genKey)); -#endif -#if defined(WOLFSSL_CERT_GEN) || defined(HAVE_NTRU) +#if defined(HAVE_NTRU) XMEMSET(&caKey, 0, sizeof(caKey)); #endif -#ifdef HAVE_ECC - #ifdef WOLFSSL_CERT_GEN - XMEMSET(&caEccKey, 0, sizeof(caEccKey)); - XMEMSET(&caEccKeyPub, 0, sizeof(caEccKeyPub)); - #endif -#endif /* HAVE_ECC */ #ifndef HAVE_USER_RSA - ret = rsa_decode_test(); + ret = rsa_decode_test(&key); if (ret != 0) return ret; #endif @@ -9201,7 +10158,7 @@ int rsa_test(void) || out == NULL || plain == NULL #endif ) { - return -5500; + return -7000; } #ifdef USE_CERT_BUFFERS_1024 @@ -9213,23 +10170,23 @@ int rsa_test(void) if (!file) { err_sys("can't open ./certs/client-key.der, " "Please run from wolfSSL home dir", -40); - ERROR_OUT(-5501, exit_rsa); + ERROR_OUT(-7001, exit_rsa); } bytes = fread(tmp, 1, FOURK_BUF, file); fclose(file); #else /* No key to use. */ - ERROR_OUT(-5502, exit_rsa); + ERROR_OUT(-7002, exit_rsa); #endif /* USE_CERT_BUFFERS */ ret = wc_InitRsaKey_ex(&key, HEAP_HINT, devId); if (ret != 0) { - ERROR_OUT(-5503, exit_rsa); + ERROR_OUT(-7003, exit_rsa); } ret = wc_RsaPrivateKeyDecode(tmp, &idx, &key, (word32)bytes); if (ret != 0) { - ERROR_OUT(-5504, exit_rsa); + ERROR_OUT(-7004, exit_rsa); } #ifndef HAVE_FIPS @@ -9238,7 +10195,7 @@ int rsa_test(void) ret = wc_InitRng(&rng); #endif if (ret != 0) { - ERROR_OUT(-5505, exit_rsa); + ERROR_OUT(-7005, exit_rsa); } #ifndef NO_SIG_WRAPPER @@ -9256,7 +10213,7 @@ int rsa_test(void) } } while (ret == WC_PENDING_E); if (ret < 0) { - ERROR_OUT(-5506, exit_rsa); + ERROR_OUT(-7006, exit_rsa); } #ifdef WC_RSA_BLINDING @@ -9264,7 +10221,7 @@ int rsa_test(void) int tmpret = ret; ret = wc_RsaSetRNG(&key, &rng); if (ret < 0) { - ERROR_OUT(-5507, exit_rsa); + ERROR_OUT(-7007, exit_rsa); } ret = tmpret; } @@ -9280,11 +10237,11 @@ int rsa_test(void) } } while (ret == WC_PENDING_E); if (ret < 0) { - ERROR_OUT(-5508, exit_rsa); + ERROR_OUT(-7008, exit_rsa); } if (XMEMCMP(plain, in, inLen)) { - ERROR_OUT(-5509, exit_rsa); + ERROR_OUT(-7009, exit_rsa); } do { #if defined(WOLFSSL_ASYNC_CRYPT) @@ -9295,13 +10252,13 @@ int rsa_test(void) } } while (ret == WC_PENDING_E); if (ret < 0) { - ERROR_OUT(-5510, exit_rsa); + ERROR_OUT(-7010, exit_rsa); } if (ret != (int)inLen) { - ERROR_OUT(-5511, exit_rsa); + ERROR_OUT(-7011, exit_rsa); } if (XMEMCMP(res, in, inLen)) { - ERROR_OUT(-5512, exit_rsa); + ERROR_OUT(-7012, exit_rsa); } do { @@ -9313,7 +10270,7 @@ int rsa_test(void) } } while (ret == WC_PENDING_E); if (ret < 0) { - ERROR_OUT(-5513, exit_rsa); + ERROR_OUT(-7013, exit_rsa); } idx = (word32)ret; @@ -9327,11 +10284,11 @@ int rsa_test(void) } } while (ret == WC_PENDING_E); if (ret < 0) { - ERROR_OUT(-5514, exit_rsa); + ERROR_OUT(-7014, exit_rsa); } if (XMEMCMP(plain, in, (size_t)ret)) { - ERROR_OUT(-5515, exit_rsa); + ERROR_OUT(-7015, exit_rsa); } #ifndef WC_NO_RSA_OAEP @@ -9352,7 +10309,7 @@ int rsa_test(void) } } while (ret == WC_PENDING_E); if (ret < 0) { - ERROR_OUT(-5516, exit_rsa); + ERROR_OUT(-7016, exit_rsa); } idx = (word32)ret; @@ -9366,11 +10323,11 @@ int rsa_test(void) } } while (ret == WC_PENDING_E); if (ret < 0) { - ERROR_OUT(-5517, exit_rsa); + ERROR_OUT(-7017, exit_rsa); } if (XMEMCMP(plain, in, inLen)) { - ERROR_OUT(-5518, exit_rsa); + ERROR_OUT(-7018, exit_rsa); } #endif /* NO_SHA */ @@ -9386,7 +10343,7 @@ int rsa_test(void) } } while (ret == WC_PENDING_E); if (ret < 0) { - ERROR_OUT(-5519, exit_rsa); + ERROR_OUT(-7019, exit_rsa); } idx = (word32)ret; @@ -9400,11 +10357,11 @@ int rsa_test(void) } } while (ret == WC_PENDING_E); if (ret < 0) { - ERROR_OUT(-5520, exit_rsa); + ERROR_OUT(-7020, exit_rsa); } if (XMEMCMP(plain, in, inLen)) { - ERROR_OUT(-5521, exit_rsa); + ERROR_OUT(-7021, exit_rsa); } do { @@ -9417,13 +10374,13 @@ int rsa_test(void) } } while (ret == WC_PENDING_E); if (ret < 0) { - ERROR_OUT(-5522, exit_rsa); + ERROR_OUT(-7022, exit_rsa); } if (ret != (int)inLen) { - ERROR_OUT(-5523, exit_rsa); + ERROR_OUT(-7023, exit_rsa); } if (XMEMCMP(res, in, inLen)) { - ERROR_OUT(-5524, exit_rsa); + ERROR_OUT(-7024, exit_rsa); } /* check fails if not using the same optional label */ @@ -9438,7 +10395,7 @@ int rsa_test(void) } } while (ret == WC_PENDING_E); if (ret < 0) { - ERROR_OUT(-5525, exit_rsa); + ERROR_OUT(-7025, exit_rsa); } /* TODO: investigate why Cavium Nitrox doesn't detect decrypt error here */ @@ -9454,7 +10411,7 @@ int rsa_test(void) } } while (ret == WC_PENDING_E); if (ret > 0) { /* in this case decrypt should fail */ - ERROR_OUT(-5526, exit_rsa); + ERROR_OUT(-7026, exit_rsa); } ret = 0; #endif /* !HAVE_CAVIUM */ @@ -9471,7 +10428,7 @@ int rsa_test(void) } } while (ret == WC_PENDING_E); if (ret < 0) { - ERROR_OUT(-5527, exit_rsa); + ERROR_OUT(-7027, exit_rsa); } idx = (word32)ret; @@ -9485,11 +10442,11 @@ int rsa_test(void) } } while (ret == WC_PENDING_E); if (ret < 0) { - ERROR_OUT(-5528, exit_rsa); + ERROR_OUT(-7028, exit_rsa); } if (XMEMCMP(plain, in, inLen)) { - ERROR_OUT(-5529, exit_rsa); + ERROR_OUT(-7029, exit_rsa); } #ifndef NO_SHA @@ -9505,7 +10462,7 @@ int rsa_test(void) } } while (ret == WC_PENDING_E); if (ret < 0) { - ERROR_OUT(-5530, exit_rsa); + ERROR_OUT(-7030, exit_rsa); } /* TODO: investigate why Cavium Nitrox doesn't detect decrypt error here */ @@ -9522,7 +10479,7 @@ int rsa_test(void) } } while (ret == WC_PENDING_E); if (ret > 0) { /* should fail */ - ERROR_OUT(-5531, exit_rsa); + ERROR_OUT(-7031, exit_rsa); } ret = 0; #endif /* !HAVE_CAVIUM */ @@ -9546,7 +10503,7 @@ int rsa_test(void) } } while (ret == WC_PENDING_E); if (ret < 0) { - ERROR_OUT(-5532, exit_rsa); + ERROR_OUT(-7032, exit_rsa); } idx = ret; @@ -9560,11 +10517,11 @@ int rsa_test(void) } } while (ret == WC_PENDING_E); if (ret < 0) { - ERROR_OUT(-5533, exit_rsa); + ERROR_OUT(-7033, exit_rsa); } if (XMEMCMP(plain, in, inLen)) { - ERROR_OUT(-5534, exit_rsa); + ERROR_OUT(-7034, exit_rsa); } } #endif /* WOLFSSL_SHA512 */ @@ -9581,7 +10538,7 @@ int rsa_test(void) } } while (ret == WC_PENDING_E); if (ret < 0) { - ERROR_OUT(-5535, exit_rsa); + ERROR_OUT(-7035, exit_rsa); } idx = (word32)ret; @@ -9595,15 +10552,21 @@ int rsa_test(void) } } while (ret == WC_PENDING_E); if (ret < 0) { - ERROR_OUT(-5536, exit_rsa); + ERROR_OUT(-7036, exit_rsa); } if (XMEMCMP(plain, in, inLen)) { - ERROR_OUT(-5537, exit_rsa); + ERROR_OUT(-7037, exit_rsa); } #endif /* !HAVE_FAST_RSA && !HAVE_FIPS */ #endif /* WC_NO_RSA_OAEP */ +#if !defined(HAVE_FIPS) && !defined(HAVE_USER_RSA) + ret = rsa_export_key_test(&key); + if (ret != 0) + return ret; +#endif + ret = rsa_flatten_test(&key); if (ret != 0) return ret; @@ -9621,14 +10584,14 @@ int rsa_test(void) #elif !defined(NO_FILESYSTEM) file2 = fopen(clientCert, "rb"); if (!file2) { - ERROR_OUT(-5538, exit_rsa); + ERROR_OUT(-7038, exit_rsa); } bytes = fread(tmp, 1, FOURK_BUF, file2); fclose(file2); #else /* No certificate to use. */ - ERROR_OUT(-5539, exit_rsa); + ERROR_OUT(-7039, exit_rsa); #endif #ifdef sizeof @@ -9641,7 +10604,7 @@ int rsa_test(void) ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, 0); if (ret != 0) { FreeDecodedCert(&cert); - ERROR_OUT(-5540, exit_rsa); + ERROR_OUT(-7040, exit_rsa); } FreeDecodedCert(&cert); @@ -9662,7 +10625,7 @@ int rsa_test(void) if (!file) { err_sys("can't open ./certs/client-keyPub.der, " "Please run from wolfSSL home dir", -40); - ERROR_OUT(-5541, exit_rsa); + ERROR_OUT(-7041, exit_rsa); } bytes = fread(tmp, 1, FOURK_BUF, file); @@ -9671,550 +10634,34 @@ int rsa_test(void) ret = wc_InitRsaKey(&keypub, HEAP_HINT); if (ret != 0) { - ERROR_OUT(-5542, exit_rsa); + ERROR_OUT(-7042, exit_rsa); } idx = 0; ret = wc_RsaPublicKeyDecode(tmp, &idx, &keypub, (word32)bytes); if (ret != 0) { - ERROR_OUT(-5543, exit_rsa); + ERROR_OUT(-7043, exit_rsa); } #endif /* WOLFSSL_CERT_EXT */ #ifdef WOLFSSL_KEY_GEN - { - int derSz = 0; - int keySz = 1024; - - #ifdef HAVE_FIPS - keySz = 2048; - #endif /* HAVE_FIPS */ - - ret = wc_InitRsaKey(&genKey, HEAP_HINT); - if (ret != 0) { - ERROR_OUT(-5550, exit_rsa); - } - ret = wc_MakeRsaKey(&genKey, keySz, WC_RSA_EXPONENT, &rng); - if (ret != 0) { - ERROR_OUT(-5551, exit_rsa); - } - - der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (der == NULL) { - ERROR_OUT(-5552, exit_rsa); - } - pem = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (pem == NULL) { - ERROR_OUT(-5553, exit_rsa); - } - - derSz = wc_RsaKeyToDer(&genKey, der, FOURK_BUF); - if (derSz < 0) { - ERROR_OUT(-5554, exit_rsa); - } - - ret = SaveDerAndPem(der, derSz, pem, FOURK_BUF, keyDerFile, keyPemFile, - PRIVATEKEY_TYPE, -5555); - if (ret != 0) { - goto exit_rsa; - } - - wc_FreeRsaKey(&genKey); - ret = wc_InitRsaKey(&genKey, HEAP_HINT); - if (ret != 0) { - ERROR_OUT(-5560, exit_rsa); - } - idx = 0; - ret = wc_RsaPrivateKeyDecode(der, &idx, &genKey, derSz); - if (ret != 0) { - ERROR_OUT(-5561, exit_rsa); - } - - wc_FreeRsaKey(&genKey); - XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - pem = NULL; - XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - der = NULL; - } -#endif /* WOLFSSL_KEY_GEN */ + ret = rsa_keygen_test(&rng); + if (ret != 0) + goto exit_rsa; +#endif #ifdef WOLFSSL_CERT_GEN - /* self signed */ - { - Cert myCert; - const byte mySerial[8] = {1,2,3,4,5,6,7,8}; - int certSz; - #ifdef WOLFSSL_TEST_CERT - DecodedCert decode; - #endif - - der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (der == NULL) { - ERROR_OUT(-5570, exit_rsa); - } - pem = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,DYNAMIC_TYPE_TMP_BUFFER); - if (pem == NULL) { - ERROR_OUT(-5571, exit_rsa); - } - - if (wc_InitCert(&myCert)) { - ERROR_OUT(-5572, exit_rsa); - } - - XMEMCPY(&myCert.subject, &certDefaultName, sizeof(CertName)); - XMEMCPY(myCert.serial, mySerial, sizeof(mySerial)); - myCert.serialSz = (int)sizeof(mySerial); - myCert.isCA = 1; - #ifndef NO_SHA256 - myCert.sigType = CTC_SHA256wRSA; - #else - myCert.sigType = CTC_SHAwRSA; - #endif - - - #ifdef WOLFSSL_CERT_EXT - /* add Policies */ - XSTRNCPY(myCert.certPolicies[0], "2.16.840.1.101.3.4.1.42", - CTC_MAX_CERTPOL_SZ); - XSTRNCPY(myCert.certPolicies[1], "1.2.840.113549.1.9.16.6.5", - CTC_MAX_CERTPOL_SZ); - myCert.certPoliciesNb = 2; - - /* add SKID from the Public Key */ - if (wc_SetSubjectKeyIdFromPublicKey(&myCert, &keypub, NULL) != 0) { - ERROR_OUT(-5573, exit_rsa); - } - - /* add AKID from the Public Key */ - if (wc_SetAuthKeyIdFromPublicKey(&myCert, &keypub, NULL) != 0) { - ERROR_OUT(-5574, exit_rsa); - } - - /* add Key Usage */ - if (wc_SetKeyUsage(&myCert,"cRLSign,keyCertSign") != 0) { - ERROR_OUT(-5575, exit_rsa); - } - #ifdef WOLFSSL_EKU_OID - { - const char unique[] = "2.16.840.1.111111.100.1.10.1"; - if (wc_SetExtKeyUsageOID(&myCert, unique, sizeof(unique), 0, - HEAP_HINT) != 0) { - ERROR_OUT(-5651, exit_rsa); - } - } - #endif /* WOLFSSL_EKU_OID */ - #endif /* WOLFSSL_CERT_EXT */ - - ret = 0; - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret >= 0) { - ret = wc_MakeSelfCert(&myCert, der, FOURK_BUF, &key, &rng); - } - } while (ret == WC_PENDING_E); - if (ret < 0) { - ERROR_OUT(-5576, exit_rsa); - } - certSz = ret; - - #ifdef WOLFSSL_TEST_CERT - InitDecodedCert(&decode, der, certSz, HEAP_HINT); - ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0); - if (ret != 0) { - FreeDecodedCert(&decode); - ERROR_OUT(-5577, exit_rsa); - } - FreeDecodedCert(&decode); - #endif - - ret = SaveDerAndPem(der, certSz, pem, FOURK_BUF, certDerFile, - certPemFile, CERT_TYPE, -5578); - if (ret != 0) { - goto exit_rsa; - } - - XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - pem = NULL; - XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - der = NULL; - } /* Make Cert / Sign example for RSA cert and RSA CA */ - { - Cert myCert; - int certSz; - size_t bytes3; - word32 idx3 = 0; - #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) - FILE* file3; - #endif - #ifdef WOLFSSL_TEST_CERT - DecodedCert decode; - #endif - #if defined(WOLFSSL_ALT_NAMES) && !defined(NO_ASN_TIME) - struct tm beforeTime; - struct tm afterTime; - #endif + ret = rsa_certgen_test(&key, &keypub, &rng, tmp); + if (ret != 0) + goto exit_rsa; - der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (der == NULL) { - ERROR_OUT(-5580, exit_rsa); - } - pem = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,DYNAMIC_TYPE_TMP_BUFFER); - if (pem == NULL) { - ERROR_OUT(-5581, exit_rsa); - } - - /* Setup Certificate */ - if (wc_InitCert(&myCert)) { - ERROR_OUT(-5582, exit_rsa); - } - -#ifdef WOLFSSL_ALT_NAMES - /* Get CA Cert for testing */ - #ifdef USE_CERT_BUFFERS_1024 - XMEMCPY(tmp, ca_cert_der_1024, sizeof_ca_cert_der_1024); - bytes3 = sizeof_ca_cert_der_1024; - #elif defined(USE_CERT_BUFFERS_2048) - XMEMCPY(tmp, ca_cert_der_2048, sizeof_ca_cert_der_2048); - bytes3 = sizeof_ca_cert_der_2048; - #else - file3 = fopen(rsaCaCertDerFile, "rb"); - if (!file3) { - ERROR_OUT(-5583, exit_rsa); - } - bytes3 = fread(tmp, 1, FOURK_BUF, file3); - fclose(file3); - #endif /* USE_CERT_BUFFERS */ - - #ifndef NO_FILESYSTEM - ret = wc_SetAltNames(&myCert, rsaCaCertFile); - if (ret != 0) { - ERROR_OUT(-5584, exit_rsa); - } - #endif - /* get alt names from der */ - ret = wc_SetAltNamesBuffer(&myCert, tmp, (int)bytes3); - if (ret != 0) { - ERROR_OUT(-5585, exit_rsa); - } - - /* get dates from der */ - ret = wc_SetDatesBuffer(&myCert, tmp, (int)bytes3); - if (ret != 0) { - ERROR_OUT(-5586, exit_rsa); - } - - #ifndef NO_ASN_TIME - ret = wc_GetCertDates(&myCert, &beforeTime, &afterTime); - if (ret < 0) { - ERROR_OUT(-5587, exit_rsa); - } - #endif -#endif /* WOLFSSL_ALT_NAMES */ - - /* Get CA Key */ - #ifdef USE_CERT_BUFFERS_1024 - XMEMCPY(tmp, ca_key_der_1024, sizeof_ca_key_der_1024); - bytes3 = sizeof_ca_key_der_1024; - #elif defined(USE_CERT_BUFFERS_2048) - XMEMCPY(tmp, ca_key_der_2048, sizeof_ca_key_der_2048); - bytes3 = sizeof_ca_key_der_2048; - #else - file3 = fopen(rsaCaKeyFile, "rb"); - if (!file3) { - ERROR_OUT(-5588, exit_rsa); - } - - bytes3 = fread(tmp, 1, FOURK_BUF, file3); - fclose(file3); - #endif /* USE_CERT_BUFFERS */ - - ret = wc_InitRsaKey(&caKey, HEAP_HINT); - if (ret != 0) { - ERROR_OUT(-5589, exit_rsa); - } - ret = wc_RsaPrivateKeyDecode(tmp, &idx3, &caKey, (word32)bytes3); - if (ret != 0) { - ERROR_OUT(-5590, exit_rsa); - } - - #ifndef NO_SHA256 - myCert.sigType = CTC_SHA256wRSA; - #else - myCert.sigType = CTC_SHAwRSA; - #endif - - XMEMCPY(&myCert.subject, &certDefaultName, sizeof(CertName)); - - #ifdef WOLFSSL_CERT_EXT - /* add Policies */ - XSTRNCPY(myCert.certPolicies[0], "2.16.840.1.101.3.4.1.42", - CTC_MAX_CERTPOL_SZ); - myCert.certPoliciesNb =1; - - /* add SKID from the Public Key */ - if (wc_SetSubjectKeyIdFromPublicKey(&myCert, &key, NULL) != 0) { - ERROR_OUT(-5591, exit_rsa); - } - - /* add AKID from the CA certificate */ - #if defined(USE_CERT_BUFFERS_2048) - ret = wc_SetAuthKeyIdFromCert(&myCert, ca_cert_der_2048, - sizeof_ca_cert_der_2048); - #elif defined(USE_CERT_BUFFERS_1024) - ret = wc_SetAuthKeyIdFromCert(&myCert, ca_cert_der_1024, - sizeof_ca_cert_der_1024); - #else - ret = wc_SetAuthKeyId(&myCert, rsaCaCertFile); - #endif - if (ret != 0) { - ERROR_OUT(-5592, exit_rsa); - } - - /* add Key Usage */ - if (wc_SetKeyUsage(&myCert,"keyEncipherment,keyAgreement") != 0) { - ERROR_OUT(-5593, exit_rsa); - } - #endif /* WOLFSSL_CERT_EXT */ - - #if defined(USE_CERT_BUFFERS_2048) - ret = wc_SetIssuerBuffer(&myCert, ca_cert_der_2048, - sizeof_ca_cert_der_2048); - #elif defined(USE_CERT_BUFFERS_1024) - ret = wc_SetIssuerBuffer(&myCert, ca_cert_der_1024, - sizeof_ca_cert_der_1024); - #else - ret = wc_SetIssuer(&myCert, rsaCaCertFile); - #endif - if (ret < 0) { - ERROR_OUT(-5594, exit_rsa); - } - - certSz = wc_MakeCert(&myCert, der, FOURK_BUF, &key, NULL, &rng); - if (certSz < 0) { - ERROR_OUT(-5595, exit_rsa); - } - - ret = 0; - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &caKey.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret >= 0) { - ret = wc_SignCert(myCert.bodySz, myCert.sigType, der, FOURK_BUF, - &caKey, NULL, &rng); - } - } while (ret == WC_PENDING_E); - if (ret < 0) { - ERROR_OUT(-5596, exit_rsa); - } - certSz = ret; - - #ifdef WOLFSSL_TEST_CERT - InitDecodedCert(&decode, der, certSz, HEAP_HINT); - ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0); - if (ret != 0) { - FreeDecodedCert(&decode); - ERROR_OUT(-5597, exit_rsa); - } - FreeDecodedCert(&decode); - #endif - - ret = SaveDerAndPem(der, certSz, pem, FOURK_BUF, otherCertDerFile, - otherCertPemFile, CERT_TYPE, -5598); - if (ret != 0) { - goto exit_rsa; - } - - wc_FreeRsaKey(&caKey); - - XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - pem = NULL; - XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - der = NULL; - } #if !defined(NO_RSA) && defined(HAVE_ECC) - /* Make Cert / Sign example for ECC cert and RSA CA */ - { - Cert myCert; - int certSz; - size_t bytes3; - word32 idx3 = 0; - #if (!defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)) \ - || !defined(USE_CERT_BUFFERS_256) - FILE* file3; - #endif - #ifdef WOLFSSL_TEST_CERT - DecodedCert decode; - #endif + ret = rsa_ecc_certgen_test(&rng, tmp); + if (ret != 0) + goto exit_rsa; +#endif - der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (der == NULL) { - ERROR_OUT(-5600, exit_rsa); - } - pem = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,DYNAMIC_TYPE_TMP_BUFFER); - if (pem == NULL) { - ERROR_OUT(-5601, exit_rsa); - } - - /* Get CA Key */ - #ifdef USE_CERT_BUFFERS_1024 - XMEMCPY(tmp, ca_key_der_1024, sizeof_ca_key_der_1024); - bytes3 = sizeof_ca_key_der_1024; - #elif defined(USE_CERT_BUFFERS_2048) - XMEMCPY(tmp, ca_key_der_2048, sizeof_ca_key_der_2048); - bytes3 = sizeof_ca_key_der_2048; - #else - file3 = fopen(rsaCaKeyFile, "rb"); - if (!file3) { - ERROR_OUT(-5602, exit_rsa); - } - - bytes3 = fread(tmp, 1, FOURK_BUF, file3); - fclose(file3); - #endif /* USE_CERT_BUFFERS */ - - ret = wc_InitRsaKey(&caKey, HEAP_HINT); - if (ret != 0) { - ERROR_OUT(-5603, exit_rsa); - } - ret = wc_RsaPrivateKeyDecode(tmp, &idx3, &caKey, (word32)bytes3); - if (ret != 0) { - ERROR_OUT(-5604, exit_rsa); - } - - /* Get Cert Key */ - #ifdef USE_CERT_BUFFERS_256 - XMEMCPY(tmp, ecc_key_pub_der_256, sizeof_ecc_key_pub_der_256); - bytes3 = sizeof_ecc_key_pub_der_256; - #else - file3 = fopen(eccKeyPubFile, "rb"); - if (!file3) { - ERROR_OUT(-5605, exit_rsa); - } - - bytes3 = fread(tmp, 1, FOURK_BUF, file3); - fclose(file3); - #endif - - ret = wc_ecc_init_ex(&caEccKeyPub, HEAP_HINT, devId); - if (ret != 0) { - ERROR_OUT(-5606, exit_rsa); - } - - idx3 = 0; - ret = wc_EccPublicKeyDecode(tmp, &idx3, &caEccKeyPub, (word32)bytes3); - if (ret != 0) { - ERROR_OUT(-5607, exit_rsa); - } - - /* Setup Certificate */ - if (wc_InitCert(&myCert)) { - ERROR_OUT(-5608, exit_rsa); - } - - #ifndef NO_SHA256 - myCert.sigType = CTC_SHA256wRSA; - #else - myCert.sigType = CTC_SHAwRSA; - #endif - - XMEMCPY(&myCert.subject, &certDefaultName, sizeof(CertName)); - -#ifdef WOLFSSL_CERT_EXT - /* add Policies */ - XSTRNCPY(myCert.certPolicies[0], "2.4.589440.587.101.2.1.9632587.1", - CTC_MAX_CERTPOL_SZ); - XSTRNCPY(myCert.certPolicies[1], "1.2.13025.489.1.113549", - CTC_MAX_CERTPOL_SZ); - myCert.certPoliciesNb = 2; - - /* add SKID from the Public Key */ - if (wc_SetSubjectKeyIdFromPublicKey(&myCert, NULL, &caEccKeyPub) != 0) { - ERROR_OUT(-5609, exit_rsa); - } - - /* add AKID from the CA certificate */ - #if defined(USE_CERT_BUFFERS_2048) - ret = wc_SetAuthKeyIdFromCert(&myCert, ca_cert_der_2048, - sizeof_ca_cert_der_2048); - #elif defined(USE_CERT_BUFFERS_1024) - ret = wc_SetAuthKeyIdFromCert(&myCert, ca_cert_der_1024, - sizeof_ca_cert_der_1024); - #else - ret = wc_SetAuthKeyId(&myCert, rsaCaCertFile); - #endif - if (ret != 0) { - ERROR_OUT(-5610, exit_rsa); - } - - /* add Key Usage */ - if (wc_SetKeyUsage(&myCert, certKeyUsage) != 0) { - ERROR_OUT(-5611, exit_rsa); - } -#endif /* WOLFSSL_CERT_EXT */ - - #if defined(USE_CERT_BUFFERS_2048) - ret = wc_SetIssuerBuffer(&myCert, ca_cert_der_2048, - sizeof_ca_cert_der_2048); - #elif defined(USE_CERT_BUFFERS_1024) - ret = wc_SetIssuerBuffer(&myCert, ca_cert_der_1024, - sizeof_ca_cert_der_1024); - #else - ret = wc_SetIssuer(&myCert, rsaCaCertFile); - #endif - if (ret < 0) { - ERROR_OUT(-5612, exit_rsa); - } - - certSz = wc_MakeCert(&myCert, der, FOURK_BUF, NULL, &caEccKeyPub, &rng); - if (certSz < 0) { - ERROR_OUT(-5613, exit_rsa); - } - - ret = 0; - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &caEccKey.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret >= 0) { - ret = wc_SignCert(myCert.bodySz, myCert.sigType, der, - FOURK_BUF, &caKey, NULL, &rng); - } - } while (ret == WC_PENDING_E); - if (ret < 0) { - ERROR_OUT(-5614, exit_rsa); - } - certSz = ret; - - #ifdef WOLFSSL_TEST_CERT - InitDecodedCert(&decode, der, certSz, 0); - ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0); - if (ret != 0) { - FreeDecodedCert(&decode); - ERROR_OUT(-5615, exit_rsa); - - } - FreeDecodedCert(&decode); - #endif - - ret = SaveDerAndPem(der, certSz, pem, FOURK_BUF, certEccRsaDerFile, - certEccRsaPemFile, CERT_TYPE, -5616); - if (ret != 0) { - goto exit_rsa; - } - - wc_ecc_free(&caEccKeyPub); - wc_FreeRsaKey(&caKey); - - XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - pem = NULL; - XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - der = NULL; - } -#endif /* !NO_RSA && HAVE_ECC */ #ifdef HAVE_NTRU { Cert myCert; @@ -10238,26 +10685,26 @@ int rsa_test(void) word32 rc = ntru_crypto_drbg_instantiate(112, pers_str, sizeof(pers_str), GetEntropy, &drbg); if (rc != DRBG_OK) { - ERROR_OUT(-5620, exit_rsa); + ERROR_OUT(-7044, exit_rsa); } rc = ntru_crypto_ntru_encrypt_keygen(drbg, NTRU_EES401EP2, &public_key_len, NULL, &private_key_len, NULL); if (rc != NTRU_OK) { - ERROR_OUT(-5621, exit_rsa); + ERROR_OUT(-7045, exit_rsa); } rc = ntru_crypto_ntru_encrypt_keygen(drbg, NTRU_EES401EP2, &public_key_len, public_key, &private_key_len, private_key); if (rc != NTRU_OK) { - ERROR_OUT(-5622, exit_rsa); + ERROR_OUT(-7046, exit_rsa); } rc = ntru_crypto_drbg_uninstantiate(drbg); if (rc != NTRU_OK) { - ERROR_OUT(-5623, exit_rsa); + ERROR_OUT(-7047, exit_rsa); } #ifdef USE_CERT_BUFFERS_1024 @@ -10269,7 +10716,7 @@ int rsa_test(void) #else caFile = fopen(rsaCaKeyFile, "rb"); if (!caFile) { - ERROR_OUT(-5624, exit_rsa); + ERROR_OUT(-7048, exit_rsa); } bytes = fread(tmp, 1, FOURK_BUF, caFile); @@ -10278,15 +10725,15 @@ int rsa_test(void) ret = wc_InitRsaKey(&caKey, HEAP_HINT); if (ret != 0) { - ERROR_OUT(-5625, exit_rsa); + ERROR_OUT(-7049, exit_rsa); } ret = wc_RsaPrivateKeyDecode(tmp, &idx3, &caKey, (word32)bytes); if (ret != 0) { - ERROR_OUT(-5626, exit_rsa); + ERROR_OUT(-7050, exit_rsa); } if (wc_InitCert(&myCert)) { - ERROR_OUT(-5627, exit_rsa); + ERROR_OUT(-7051, exit_rsa); } XMEMCPY(&myCert.subject, &certDefaultName, sizeof(CertName)); @@ -10296,7 +10743,7 @@ int rsa_test(void) /* add SKID from the Public Key */ if (wc_SetSubjectKeyIdFromNtruPublicKey(&myCert, public_key, public_key_len) != 0) { - ERROR_OUT(-5628, exit_rsa); + ERROR_OUT(-7052, exit_rsa); } /* add AKID from the CA certificate */ @@ -10310,12 +10757,12 @@ int rsa_test(void) ret = wc_SetAuthKeyId(&myCert, rsaCaCertFile); #endif if (ret != 0) { - ERROR_OUT(-5629, exit_rsa); + ERROR_OUT(-7053, exit_rsa); } /* add Key Usage */ if (wc_SetKeyUsage(&myCert, certKeyUsage2) != 0) { - ERROR_OUT(-5630, exit_rsa); + ERROR_OUT(-7054, exit_rsa); } #endif /* WOLFSSL_CERT_EXT */ @@ -10329,22 +10776,22 @@ int rsa_test(void) ret = wc_SetIssuer(&myCert, rsaCaCertFile); #endif if (ret < 0) { - ERROR_OUT(-5631, exit_rsa); + ERROR_OUT(-7055, exit_rsa); } der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (der == NULL) { - ERROR_OUT(-5632, exit_rsa); + ERROR_OUT(-7056, exit_rsa); } pem = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,DYNAMIC_TYPE_TMP_BUFFER); if (pem == NULL) { - ERROR_OUT(-5633, exit_rsa); + ERROR_OUT(-7057, exit_rsa); } certSz = wc_MakeNtruCert(&myCert, der, FOURK_BUF, public_key, public_key_len, &rng); if (certSz < 0) { - ERROR_OUT(-5634, exit_rsa); + ERROR_OUT(-7058, exit_rsa); } ret = 0; @@ -10359,7 +10806,7 @@ int rsa_test(void) } while (ret == WC_PENDING_E); wc_FreeRsaKey(&caKey); if (ret < 0) { - ERROR_OUT(-5635, exit_rsa); + ERROR_OUT(-7059, exit_rsa); } certSz = ret; @@ -10368,7 +10815,7 @@ int rsa_test(void) ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0); if (ret != 0) { FreeDecodedCert(&decode); - ERROR_OUT(-5636, exit_rsa); + ERROR_OUT(-7060, exit_rsa); } FreeDecodedCert(&decode); #endif @@ -10382,12 +10829,12 @@ int rsa_test(void) #if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES) ntruPrivFile = fopen("./ntru-key.raw", "wb"); if (!ntruPrivFile) { - ERROR_OUT(-5638, exit_rsa); + ERROR_OUT(-7061, exit_rsa); } ret = (int)fwrite(private_key, 1, private_key_len, ntruPrivFile); fclose(ntruPrivFile); if (ret != private_key_len) { - ERROR_OUT(-5639, exit_rsa); + ERROR_OUT(-7062, exit_rsa); } #endif @@ -10404,15 +10851,15 @@ int rsa_test(void) der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,DYNAMIC_TYPE_TMP_BUFFER); if (der == NULL) { - ERROR_OUT(-5640, exit_rsa); + ERROR_OUT(-7063, exit_rsa); } pem = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,DYNAMIC_TYPE_TMP_BUFFER); if (pem == NULL) { - ERROR_OUT(-5641, exit_rsa); + ERROR_OUT(-7064, exit_rsa); } if (wc_InitCert(&req)) { - ERROR_OUT(-5642, exit_rsa); + ERROR_OUT(-7065, exit_rsa); } req.version = 0; @@ -10429,25 +10876,25 @@ int rsa_test(void) #ifdef WOLFSSL_CERT_EXT /* add SKID from the Public Key */ if (wc_SetSubjectKeyIdFromPublicKey(&req, &keypub, NULL) != 0) { - ERROR_OUT(-5643, exit_rsa); + ERROR_OUT(-7066, exit_rsa); } /* add Key Usage */ if (wc_SetKeyUsage(&req, certKeyUsage2) != 0) { - ERROR_OUT(-5644, exit_rsa); + ERROR_OUT(-7067, exit_rsa); } /* add Extended Key Usage */ if (wc_SetExtKeyUsage(&req, "serverAuth,clientAuth,codeSigning," "emailProtection,timeStamping,OCSPSigning") != 0) { - ERROR_OUT(-5645, exit_rsa); + ERROR_OUT(-7068, exit_rsa); } #ifdef WOLFSSL_EKU_OID { const char unique[] = "2.16.840.1.111111.100.1.10.1"; if (wc_SetExtKeyUsageOID(&req, unique, sizeof(unique), 0, HEAP_HINT) != 0) { - ERROR_OUT(-5652, exit_rsa); + ERROR_OUT(-7069, exit_rsa); } } #endif /* WOLFSSL_EKU_OID */ @@ -10455,17 +10902,17 @@ int rsa_test(void) derSz = wc_MakeCertReq(&req, der, FOURK_BUF, &key, NULL); if (derSz < 0) { - ERROR_OUT(-5646, exit_rsa); + ERROR_OUT(-7070, exit_rsa); } #ifdef WOLFSSL_CERT_EXT /* Try again with "any" flag set, will override all others */ if (wc_SetExtKeyUsage(&req, "any") != 0) { - ERROR_OUT(-5647, exit_rsa); + ERROR_OUT(-7071, exit_rsa); } derSz = wc_MakeCertReq(&req, der, FOURK_BUF, &key, NULL); if (derSz < 0) { - ERROR_OUT(-5648, exit_rsa); + ERROR_OUT(-7072, exit_rsa); } #endif /* WOLFSSL_CERT_EXT */ @@ -10480,7 +10927,7 @@ int rsa_test(void) } } while (ret == WC_PENDING_E); if (ret < 0) { - ERROR_OUT(-5649, exit_rsa); + ERROR_OUT(-7073, exit_rsa); } derSz = ret; @@ -10507,17 +10954,8 @@ exit_rsa: #ifdef WOLFSSL_CERT_EXT wc_FreeRsaKey(&keypub); #endif -#ifdef WOLFSSL_KEY_GEN - wc_FreeRsaKey(&genKey); -#endif -#ifdef WOLFSSL_CERT_GEN +#if defined(HAVE_NTRU) wc_FreeRsaKey(&caKey); - #ifdef HAVE_ECC - wc_ecc_free(&caEccKey); - #ifdef WOLFSSL_CERT_EXT - wc_ecc_free(&caEccKeyPub); - #endif - #endif #endif XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); @@ -10622,18 +11060,56 @@ static int dh_fips_generate_test(WC_RNG *rng) 0xec, 0x24, 0x5d, 0x78, 0x59, 0xe7, 0x8d, 0xb5, 0x40, 0x52, 0xed, 0x41 }; + static byte q0[] = { + 0x00, + 0xe0, 0x35, 0x37, 0xaf, 0xb2, 0x50, 0x91, 0x8e, + 0xf2, 0x62, 0x2b, 0xd9, 0x9f, 0x6c, 0x11, 0x75, + 0xec, 0x24, 0x5d, 0x78, 0x59, 0xe7, 0x8d, 0xb5, + 0x40, 0x52, 0xed, 0x41 + }; byte priv[256]; byte pub[256]; word32 privSz = sizeof(priv); word32 pubSz = sizeof(pub); + /* Parameter Validation testing. */ + ret = wc_DhGenerateKeyPair(NULL, rng, priv, &privSz, pub, &pubSz); + if (ret != BAD_FUNC_ARG) + return -7074; + ret = wc_DhGenerateKeyPair(&key, NULL, priv, &privSz, pub, &pubSz); + if (ret != BAD_FUNC_ARG) + return -7075; + ret = wc_DhGenerateKeyPair(&key, rng, NULL, &privSz, pub, &pubSz); + if (ret != BAD_FUNC_ARG) + return -7076; + ret = wc_DhGenerateKeyPair(&key, rng, priv, NULL, pub, &pubSz); + if (ret != BAD_FUNC_ARG) + return -7077; + ret = wc_DhGenerateKeyPair(&key, rng, priv, &privSz, NULL, &pubSz); + if (ret != BAD_FUNC_ARG) + return -7078; + ret = wc_DhGenerateKeyPair(&key, rng, priv, &privSz, pub, NULL); + if (ret != BAD_FUNC_ARG) + return -7079; + ret = wc_InitDhKey_ex(&key, HEAP_HINT, devId); if (ret != 0) - return -5725; + return -7080; + + ret = wc_DhSetKey_ex(&key, p, sizeof(p), g, sizeof(g), q0, sizeof(q0)); + if (ret != 0) { + ERROR_OUT(-7081, exit_gen_test); + } + + wc_FreeDhKey(&key); + + ret = wc_InitDhKey_ex(&key, HEAP_HINT, devId); + if (ret != 0) + return -7082; ret = wc_DhSetKey_ex(&key, p, sizeof(p), g, sizeof(g), q, sizeof(q)); if (ret != 0) { - ERROR_OUT(-5726, exit_gen_test); + ERROR_OUT(-7083, exit_gen_test); } /* Use API. */ @@ -10642,9 +11118,28 @@ static int dh_fips_generate_test(WC_RNG *rng) ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (ret != 0) { - ret = -5727; + ERROR_OUT(-7084, exit_gen_test); } + ret = wc_DhCheckPubKey_ex(&key, pub, pubSz, q0, sizeof(q0)); + if (ret != 0) { + ERROR_OUT(-7085, exit_gen_test); + } + + wc_FreeDhKey(&key); + ret = wc_InitDhKey_ex(&key, HEAP_HINT, devId); + if (ret != 0) + return -7086; + + ret = wc_DhSetKey(&key, p, sizeof(p), g, sizeof(g)); + if (ret != 0) { + ERROR_OUT(-7087, exit_gen_test); + } + + ret = wc_DhCheckPubKey_ex(&key, pub, pubSz, q, sizeof(q)); + if (ret != 0) + ret = -7088; + exit_gen_test: wc_FreeDhKey(&key); @@ -10672,32 +11167,37 @@ static int dh_generate_test(WC_RNG *rng) ret = wc_InitDhKey_ex(&smallKey, HEAP_HINT, devId); if (ret != 0) - return -5700; + return -7089; /* Parameter Validation testing. */ + ret = wc_InitDhKey_ex(NULL, HEAP_HINT, devId); + if (ret != BAD_FUNC_ARG) + return -7090; + wc_FreeDhKey(NULL); + ret = wc_DhSetKey(NULL, p, sizeof(p), g, sizeof(g)); if (ret != BAD_FUNC_ARG) { - ERROR_OUT(-5701, exit_gen_test); + ERROR_OUT(-7091, exit_gen_test); } ret = wc_DhSetKey(&smallKey, NULL, sizeof(p), g, sizeof(g)); if (ret != BAD_FUNC_ARG) { - ERROR_OUT(-5702, exit_gen_test); + ERROR_OUT(-7092, exit_gen_test); } ret = wc_DhSetKey(&smallKey, p, 0, g, sizeof(g)); if (ret != BAD_FUNC_ARG) { - ERROR_OUT(-5703, exit_gen_test); + ERROR_OUT(-7093, exit_gen_test); } ret = wc_DhSetKey(&smallKey, p, sizeof(p), NULL, sizeof(g)); if (ret != BAD_FUNC_ARG) { - ERROR_OUT(-5704, exit_gen_test); + ERROR_OUT(-7094, exit_gen_test); } ret = wc_DhSetKey(&smallKey, p, sizeof(p), g, 0); if (ret != BAD_FUNC_ARG) { - ERROR_OUT(-5705, exit_gen_test); + ERROR_OUT(-7095, exit_gen_test); } ret = wc_DhSetKey(&smallKey, p, sizeof(p), g, sizeof(g)); if (ret != 0) { - ERROR_OUT(-5706, exit_gen_test); + ERROR_OUT(-7096, exit_gen_test); } #ifndef WOLFSSL_SP_MATH @@ -10707,7 +11207,7 @@ static int dh_generate_test(WC_RNG *rng) ret = wc_AsyncWait(ret, &smallKey.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (ret != 0) { - ret = -5707; + ret = -7097; } #else (void)rng; @@ -10747,48 +11247,55 @@ int dh_test(void) #elif !defined(NO_FILESYSTEM) FILE* file = fopen(dhKey, "rb"); if (!file) - return -5710; + return -7100; bytes = (word32) fread(tmp, 1, sizeof(tmp), file); fclose(file); #else /* No DH key to use. */ - return -5711; + return -7101; #endif /* USE_CERT_BUFFERS */ (void)idx; (void)tmp; (void)bytes; + /* Use API for coverage. */ + ret = wc_InitDhKey(&key); + if (ret != 0) { + ERROR_OUT(-7102, done); + } + wc_FreeDhKey(&key); + ret = wc_InitDhKey_ex(&key, HEAP_HINT, devId); if (ret != 0) { - ERROR_OUT(-5712, done); + ERROR_OUT(-7103, done); } ret = wc_InitDhKey_ex(&key2, HEAP_HINT, devId); if (ret != 0) { - ERROR_OUT(-5713, done); + ERROR_OUT(-7104, done); } #ifdef NO_ASN ret = wc_DhSetKey(&key, dh_p, sizeof(dh_p), dh_g, sizeof(dh_g)); if (ret != 0) { - ERROR_OUT(-5714, done); + ERROR_OUT(-7105, done); } ret = wc_DhSetKey(&key2, dh_p, sizeof(dh_p), dh_g, sizeof(dh_g)); if (ret != 0) { - ERROR_OUT(-5715, done); + ERROR_OUT(-7106, done); } #else ret = wc_DhKeyDecode(tmp, &idx, &key, bytes); if (ret != 0) { - ERROR_OUT(-5716, done); + ERROR_OUT(-7107, done); } idx = 0; ret = wc_DhKeyDecode(tmp, &idx, &key2, bytes); if (ret != 0) { - ERROR_OUT(-5717, done); + ERROR_OUT(-7108, done); } #endif @@ -10798,7 +11305,7 @@ int dh_test(void) ret = wc_InitRng(&rng); #endif if (ret != 0) { - ERROR_OUT(-5718, done); + ERROR_OUT(-7109, done); } ret = wc_DhGenerateKeyPair(&key, &rng, priv, &privSz, pub, &pubSz); @@ -10806,7 +11313,7 @@ int dh_test(void) ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (ret != 0) { - ERROR_OUT(-5719, done); + ERROR_OUT(-7110, done); } ret = wc_DhGenerateKeyPair(&key2, &rng, priv2, &privSz2, pub2, &pubSz2); @@ -10814,7 +11321,7 @@ int dh_test(void) ret = wc_AsyncWait(ret, &key2.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (ret != 0) { - ERROR_OUT(-5720, done); + ERROR_OUT(-7111, done); } ret = wc_DhAgree(&key, agree, &agreeSz, priv, privSz, pub2, pubSz2); @@ -10822,7 +11329,7 @@ int dh_test(void) ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (ret != 0) { - ERROR_OUT(-5721, done); + ERROR_OUT(-7112, done); } ret = wc_DhAgree(&key2, agree2, &agreeSz2, priv2, privSz2, pub, pubSz); @@ -10830,11 +11337,11 @@ int dh_test(void) ret = wc_AsyncWait(ret, &key2.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (ret != 0) { - ERROR_OUT(-5722, done); + ERROR_OUT(-7113, done); } if (agreeSz != agreeSz2 || XMEMCMP(agree, agree2, agreeSz)) { - ERROR_OUT(-5723, done); + ERROR_OUT(-7114, done); } ret = dh_generate_test(&rng); @@ -10876,7 +11383,7 @@ int dsa_test(void) #else FILE* file = fopen(dsaKey, "rb"); if (!file) - return -5800; + return -7200; bytes = (word32) fread(tmp, 1, sizeof(tmp), file); fclose(file); @@ -10884,30 +11391,30 @@ int dsa_test(void) ret = wc_InitSha_ex(&sha, HEAP_HINT, devId); if (ret != 0) - return -5801; + return -7201; wc_ShaUpdate(&sha, tmp, bytes); wc_ShaFinal(&sha, hash); wc_ShaFree(&sha); ret = wc_InitDsaKey(&key); - if (ret != 0) return -5802; + if (ret != 0) return -7202; ret = wc_DsaPrivateKeyDecode(tmp, &idx, &key, bytes); - if (ret != 0) return -5803; + if (ret != 0) return -7203; #ifndef HAVE_FIPS ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); #else ret = wc_InitRng(&rng); #endif - if (ret != 0) return -5804; + if (ret != 0) return -7204; ret = wc_DsaSign(hash, signature, &key, &rng); - if (ret != 0) return -5805; + if (ret != 0) return -7205; ret = wc_DsaVerify(hash, signature, &key, &answer); - if (ret != 0) return -5806; - if (answer != 1) return -5807; + if (ret != 0) return -7206; + if (answer != 1) return -7207; wc_FreeDsaKey(&key); @@ -10920,37 +11427,37 @@ int dsa_test(void) DsaKey genKey; ret = wc_InitDsaKey(&genKey); - if (ret != 0) return -5808; + if (ret != 0) return -7208; ret = wc_MakeDsaParameters(&rng, 1024, &genKey); if (ret != 0) { wc_FreeDsaKey(&genKey); - return -5809; + return -7209; } ret = wc_MakeDsaKey(&rng, &genKey); if (ret != 0) { wc_FreeDsaKey(&genKey); - return -5810; + return -7210; } der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (der == NULL) { wc_FreeDsaKey(&genKey); - return -5811; + return -7211; } pem = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (pem == NULL) { XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_FreeDsaKey(&genKey); - return -5812; + return -7212; } derSz = wc_DsaKeyToDer(&genKey, der, FOURK_BUF); if (derSz < 0) { XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - return -5813; + return -7213; } ret = SaveDerAndPem(der, derSz, pem, FOURK_BUF, keyDerFile, @@ -10967,7 +11474,7 @@ int dsa_test(void) XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_FreeDsaKey(&genKey); - return -5819; + return -7214; } idx = 0; @@ -10977,7 +11484,7 @@ int dsa_test(void) XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_FreeDsaKey(&derIn); wc_FreeDsaKey(&genKey); - return -5820; + return -7215; } wc_FreeDsaKey(&derIn); @@ -10997,11 +11504,11 @@ int dsa_test(void) static int generate_random_salt(byte *buf, word32 size) { - int ret = -5821; + int ret = -7216; WC_RNG rng; if(NULL == buf || !size) - return -5822; + return -7217; if (buf && size && wc_InitRng_ex(&rng, HEAP_HINT, devId) == 0) { ret = wc_RNG_GenerateBlock(&rng, (byte *)buf, size); @@ -11144,25 +11651,25 @@ static int openssl_aes_test(void) EVP_CIPHER_CTX_init(&en); if (EVP_CipherInit(&en, EVP_aes_128_cbc(), (unsigned char*)key, (unsigned char*)iv, 1) == 0) - return -3401; + return -7300; if (EVP_CipherUpdate(&en, (byte*)cipher, &outlen, (byte*)cbcPlain, 9) == 0) - return -3402; + return -7301; if (outlen != 0) - return -3403; + return -7302; total += outlen; if (EVP_CipherUpdate(&en, (byte*)&cipher[total], &outlen, (byte*)&cbcPlain[9] , 9) == 0) - return -3404; + return -7303; if (outlen != 16) - return -3405; + return -7304; total += outlen; if (EVP_CipherFinal(&en, (byte*)&cipher[total], &outlen) == 0) - return -3406; + return -7305; if (outlen != 16) - return -3407; + return -7306; total += outlen; if (total != 32) return 3408; @@ -11171,38 +11678,38 @@ static int openssl_aes_test(void) EVP_CIPHER_CTX_init(&de); if (EVP_CipherInit(&de, EVP_aes_128_cbc(), (unsigned char*)key, (unsigned char*)iv, 0) == 0) - return -3420; + return -7307; if (EVP_CipherUpdate(&de, (byte*)plain, &outlen, (byte*)cipher, 6) == 0) - return -3421; + return -7308; if (outlen != 0) - return -3422; + return -7309; total += outlen; if (EVP_CipherUpdate(&de, (byte*)&plain[total], &outlen, (byte*)&cipher[6], 12) == 0) - return -3423; + return -7310; if (outlen != 0) total += outlen; if (EVP_CipherUpdate(&de, (byte*)&plain[total], &outlen, (byte*)&cipher[6+12], 14) == 0) - return -3423; + return -7311; if (outlen != 16) - return -3424; + return -7312; total += outlen; if (EVP_CipherFinal(&de, (byte*)&plain[total], &outlen) == 0) - return -3425; + return -7313; if (outlen != 2) - return -3426; + return -7314; total += outlen; if (total != 18) return 3427; if (XMEMCMP(plain, cbcPlain, 18)) - return -3428; + return -7315; } { /* evp_cipher test: EVP_aes_128_cbc */ @@ -11228,23 +11735,23 @@ static int openssl_aes_test(void) EVP_CIPHER_CTX_init(&ctx); if (EVP_CipherInit(&ctx, EVP_aes_128_cbc(), key, iv, 1) == 0) - return -81; + return -7316; if (EVP_Cipher(&ctx, cipher, (byte*)msg, 16) == 0) - return -82; + return -7317; if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE)) - return -83; + return -7318; EVP_CIPHER_CTX_init(&ctx); if (EVP_CipherInit(&ctx, EVP_aes_128_cbc(), key, iv, 0) == 0) - return -84; + return -7319; if (EVP_Cipher(&ctx, plain, cipher, 16) == 0) - return -85; + return -7320; if (XMEMCMP(plain, msg, AES_BLOCK_SIZE)) - return -86; + return -7321; } /* end evp_cipher test: EVP_aes_128_cbc*/ @@ -11280,23 +11787,23 @@ static int openssl_aes_test(void) EVP_CIPHER_CTX_init(&ctx); if (EVP_CipherInit(&ctx, EVP_aes_256_ecb(), (unsigned char*)key, NULL, 1) == 0) - return -181; + return -7322; if (EVP_Cipher(&ctx, cipher, (byte*)msg, 16) == 0) - return -182; + return -7323; if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE)) - return -183; + return -7324; EVP_CIPHER_CTX_init(&ctx); if (EVP_CipherInit(&ctx, EVP_aes_256_ecb(), (unsigned char*)key, NULL, 0) == 0) - return -184; + return -7325; if (EVP_Cipher(&ctx, plain, cipher, 16) == 0) - return -185; + return -7326; if (XMEMCMP(plain, msg, AES_BLOCK_SIZE)) - return -186; + return -7327; } /* end evp_cipher test */ #endif /* HAVE_AES_ECB && WOLFSSL_AES_256 */ @@ -11341,11 +11848,11 @@ static int openssl_aes_test(void) #ifdef HAVE_AES_DECRYPT AES_decrypt(cipher, plain, &dec); if (XMEMCMP(plain, msg, AES_BLOCK_SIZE)) - return -187; + return -7328; #endif /* HAVE_AES_DECRYPT */ if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE)) - return -188; + return -7329; } #endif /* WOLFSSL_AES_DIRECT && WOLFSSL_AES_256 */ @@ -11470,130 +11977,130 @@ static int openssl_aes_test(void) EVP_CIPHER_CTX_init(&en); if (EVP_CipherInit(&en, EVP_aes_128_ctr(), (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0) - return -3300; + return -7330; if (EVP_Cipher(&en, (byte*)cipherBuff, (byte*)ctrPlain, AES_BLOCK_SIZE*4) == 0) - return -3301; + return -7331; EVP_CIPHER_CTX_init(&de); if (EVP_CipherInit(&de, EVP_aes_128_ctr(), (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0) - return -3302; + return -7332; if (EVP_Cipher(&de, (byte*)plainBuff, (byte*)cipherBuff, AES_BLOCK_SIZE*4) == 0) - return -3303; + return -7333; if (XMEMCMP(cipherBuff, ctrCipher, AES_BLOCK_SIZE*4)) - return -3304; + return -7334; if (XMEMCMP(plainBuff, ctrPlain, AES_BLOCK_SIZE*4)) - return -3305; + return -7335; p_en = wolfSSL_EVP_CIPHER_CTX_new(); if (p_en == NULL) - return -3390; + return -7336; p_de = wolfSSL_EVP_CIPHER_CTX_new(); if (p_de == NULL) - return -3391; + return -7337; if (EVP_CipherInit(p_en, EVP_aes_128_ctr(), (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0) - return -3392; + return -7338; if (EVP_Cipher(p_en, (byte*)cipherBuff, (byte*)ctrPlain, AES_BLOCK_SIZE*4) == 0) - return -3393; + return -7339; if (EVP_CipherInit(p_de, EVP_aes_128_ctr(), (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0) - return -3394; + return -7340; if (EVP_Cipher(p_de, (byte*)plainBuff, (byte*)cipherBuff, AES_BLOCK_SIZE*4) == 0) - return -3395; + return -7341; wolfSSL_EVP_CIPHER_CTX_free(p_en); wolfSSL_EVP_CIPHER_CTX_free(p_de); if (XMEMCMP(cipherBuff, ctrCipher, AES_BLOCK_SIZE*4)) - return -3396; + return -7342; if (XMEMCMP(plainBuff, ctrPlain, AES_BLOCK_SIZE*4)) - return -3397; + return -7343; EVP_CIPHER_CTX_init(&en); if (EVP_CipherInit(&en, EVP_aes_128_ctr(), (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0) - return -3306; + return -7344; if (EVP_Cipher(&en, (byte*)cipherBuff, (byte*)ctrPlain, 9) == 0) - return -3307; + return -7345; EVP_CIPHER_CTX_init(&de); if (EVP_CipherInit(&de, EVP_aes_128_ctr(), (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0) - return -3308; + return -7346; if (EVP_Cipher(&de, (byte*)plainBuff, (byte*)cipherBuff, 9) == 0) - return -3309; + return -7347; if (XMEMCMP(plainBuff, ctrPlain, 9)) - return -3310; + return -7348; if (XMEMCMP(cipherBuff, ctrCipher, 9)) - return -3311; + return -7349; if (EVP_Cipher(&en, (byte*)cipherBuff, (byte*)ctrPlain, 9) == 0) - return -3312; + return -7350; if (EVP_Cipher(&de, (byte*)plainBuff, (byte*)cipherBuff, 9) == 0) - return -3313; + return -7351; if (XMEMCMP(plainBuff, ctrPlain, 9)) - return -3314; + return -7352; if (XMEMCMP(cipherBuff, oddCipher, 9)) - return -3315; + return -7353; #endif /* WOLFSSL_AES_128 */ #ifdef WOLFSSL_AES_192 EVP_CIPHER_CTX_init(&en); if (EVP_CipherInit(&en, EVP_aes_192_ctr(), (unsigned char*)ctr192Key, (unsigned char*)ctr192Iv, 0) == 0) - return -3316; + return -7354; if (EVP_Cipher(&en, (byte*)cipherBuff, (byte*)ctr192Plain, AES_BLOCK_SIZE) == 0) - return -3317; + return -7355; EVP_CIPHER_CTX_init(&de); if (EVP_CipherInit(&de, EVP_aes_192_ctr(), (unsigned char*)ctr192Key, (unsigned char*)ctr192Iv, 0) == 0) - return -3318; + return -7356; XMEMSET(plainBuff, 0, sizeof(plainBuff)); if (EVP_Cipher(&de, (byte*)plainBuff, (byte*)cipherBuff, AES_BLOCK_SIZE) == 0) - return -3319; + return -7357; if (XMEMCMP(plainBuff, ctr192Plain, sizeof(ctr192Plain))) - return -3320; + return -7358; if (XMEMCMP(ctr192Cipher, cipherBuff, sizeof(ctr192Cipher))) - return -3321; + return -7359; #endif /* WOLFSSL_AES_192 */ #ifdef WOLFSSL_AES_256 EVP_CIPHER_CTX_init(&en); if (EVP_CipherInit(&en, EVP_aes_256_ctr(), (unsigned char*)ctr256Key, (unsigned char*)ctr256Iv, 0) == 0) - return -3322; + return -7360; if (EVP_Cipher(&en, (byte*)cipherBuff, (byte*)ctr256Plain, AES_BLOCK_SIZE) == 0) - return -3323; + return -7361; EVP_CIPHER_CTX_init(&de); if (EVP_CipherInit(&de, EVP_aes_256_ctr(), (unsigned char*)ctr256Key, (unsigned char*)ctr256Iv, 0) == 0) - return -3324; + return -7362; XMEMSET(plainBuff, 0, sizeof(plainBuff)); if (EVP_Cipher(&de, (byte*)plainBuff, (byte*)cipherBuff, AES_BLOCK_SIZE) == 0) - return -3325; + return -7363; if (XMEMCMP(plainBuff, ctr256Plain, sizeof(ctr256Plain))) - return -3326; + return -7364; if (XMEMCMP(ctr256Cipher, cipherBuff, sizeof(ctr256Cipher))) - return -3327; + return -7365; #endif /* WOLFSSL_AES_256 */ } #endif /* HAVE_AES_COUNTER */ @@ -11642,20 +12149,20 @@ static int openssl_aes_test(void) &num, AES_ENCRYPT); if (XMEMCMP(cipher, cipher1, AES_BLOCK_SIZE - 1)) - return -3328; + return -7366; if (num != 15) /* should have used 15 of the 16 bytes */ - return -3329; + return -7367; wolfSSL_AES_cfb128_encrypt(msg + AES_BLOCK_SIZE - 1, cipher + AES_BLOCK_SIZE - 1, AES_BLOCK_SIZE + 1, &enc, iv, &num, AES_ENCRYPT); if (XMEMCMP(cipher, cipher1, AES_BLOCK_SIZE * 2)) - return -3330; + return -7368; if (num != 0) - return -3331; + return -7369; } #endif /* WOLFSSL_AES_CFB && WOLFSSL_AES_128 */ return 0; @@ -11679,7 +12186,7 @@ int openssl_test(void) byte* p; p = (byte*)CRYPTO_malloc(10, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (p == NULL) { - return -5900; + return -7400; } XMEMSET(p, 0, 10); CRYPTO_free(p, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); @@ -11701,7 +12208,7 @@ int openssl_test(void) EVP_DigestFinal(&md_ctx, hash, 0); if (XMEMCMP(hash, a.output, WC_MD5_DIGEST_SIZE) != 0) - return -5901; + return -7401; #endif /* NO_MD5 */ @@ -11722,7 +12229,7 @@ int openssl_test(void) EVP_DigestFinal(&md_ctx, hash, 0); if (XMEMCMP(hash, b.output, WC_SHA_DIGEST_SIZE) != 0) - return -5902; + return -7402; #endif /* NO_SHA */ @@ -11742,7 +12249,7 @@ int openssl_test(void) EVP_DigestFinal(&md_ctx, hash, 0); if (XMEMCMP(hash, e.output, WC_SHA224_DIGEST_SIZE) != 0) - return -5903; + return -7403; #endif /* WOLFSSL_SHA224 */ @@ -11761,7 +12268,7 @@ int openssl_test(void) EVP_DigestFinal(&md_ctx, hash, 0); if (XMEMCMP(hash, d.output, WC_SHA256_DIGEST_SIZE) != 0) - return -5904; + return -7404; #ifdef WOLFSSL_SHA384 @@ -11781,7 +12288,7 @@ int openssl_test(void) EVP_DigestFinal(&md_ctx, hash, 0); if (XMEMCMP(hash, e.output, WC_SHA384_DIGEST_SIZE) != 0) - return -5905; + return -7405; #endif /* WOLFSSL_SHA384 */ @@ -11805,14 +12312,14 @@ int openssl_test(void) EVP_DigestFinal(&md_ctx, hash, 0); if (XMEMCMP(hash, f.output, WC_SHA512_DIGEST_SIZE) != 0) - return -5906; + return -7406; #endif /* WOLFSSL_SHA512 */ #ifndef NO_MD5 if (RAND_bytes(hash, sizeof(hash)) != 1) - return -5907; + return -7407; c.input = "what do ya want for nothing?"; c.output = "\x55\x78\xe8\x48\x4b\xcc\x93\x80\x93\xec\x53\xaf\x22\xd6\x14" @@ -11824,7 +12331,7 @@ int openssl_test(void) "JefeJefeJefeJefe", 16, (byte*)c.input, (int)c.inLen, hash, 0); if (XMEMCMP(hash, c.output, WC_MD5_DIGEST_SIZE) != 0) - return -5908; + return -7408; #endif /* NO_MD5 */ @@ -11864,17 +12371,17 @@ int openssl_test(void) DES_cbc_encrypt(cipher, plain, sizeof(vector), &sched, &iv, DES_DECRYPT); if (XMEMCMP(plain, vector, sizeof(vector)) != 0) - return -5909; + return -7409; if (XMEMCMP(cipher, verify, sizeof(verify)) != 0) - return -5910; + return -7410; /* test changing iv */ DES_ncbc_encrypt(vector, cipher, 8, &sched, &iv, DES_ENCRYPT); DES_ncbc_encrypt(vector + 8, cipher + 8, 16, &sched, &iv, DES_ENCRYPT); if (XMEMCMP(cipher, verify, sizeof(verify)) != 0) - return -5911; + return -7411; } /* end des test */ @@ -11882,7 +12389,7 @@ int openssl_test(void) #if !defined(NO_AES) && !defined(WOLFCRYPT_ONLY) if (openssl_aes_test() != 0) - return -3429; + return -7412; #ifdef WOLFSSL_AES_128 { /* evp_cipher test: EVP_aes_128_cbc */ @@ -11919,50 +12426,50 @@ int openssl_test(void) EVP_CIPHER_CTX_init(&ctx); if (EVP_CipherInit(&ctx, EVP_aes_128_cbc(), key, iv, 1) == 0) - return -5912; + return -7413; if (EVP_CipherUpdate(&ctx, cipher, &idx, (byte*)msg, sizeof(msg)) == 0) - return -5913; + return -7414; cipherSz = idx; if (EVP_CipherFinal(&ctx, cipher + cipherSz, &idx) == 0) - return -8107; + return -7415; cipherSz += idx; if ((cipherSz != (int)sizeof(verify)) && XMEMCMP(cipher, verify, cipherSz)) - return -5914; + return -7416; EVP_CIPHER_CTX_init(&ctx); if (EVP_CipherInit(&ctx, EVP_aes_128_cbc(), key, iv, 0) == 0) - return -5915; + return -7417; if (EVP_CipherUpdate(&ctx, plain, &idx, cipher, cipherSz) == 0) - return -5916; + return -7418; plainSz = idx; if (EVP_CipherFinal(&ctx, plain + plainSz, &idx) == 0) - return -8108; + return -7419; plainSz += idx; if ((plainSz != sizeof(msg)) || XMEMCMP(plain, msg, sizeof(msg))) - return -5917; + return -7420; EVP_CIPHER_CTX_init(&ctx); if (EVP_CipherInit(&ctx, EVP_aes_128_cbc(), key, iv, 1) == 0) - return -8109; + return -7421; if (EVP_CipherUpdate(&ctx, cipher, &idx, msg, AES_BLOCK_SIZE) == 0) - return -8110; + return -7422; cipherSz = idx; if (EVP_CipherFinal(&ctx, cipher + cipherSz, &idx) == 0) - return -8111; + return -7423; cipherSz += idx; if ((cipherSz != (int)sizeof(verify2)) || XMEMCMP(cipher, verify2, cipherSz)) - return -8112; + return -7424; } /* end evp_cipher test: EVP_aes_128_cbc*/ #endif /* WOLFSSL_AES_128 */ @@ -11997,24 +12504,24 @@ int openssl_test(void) EVP_CIPHER_CTX_init(&ctx); if (EVP_CipherInit(&ctx, EVP_aes_256_ecb(), (unsigned char*)key, NULL, 1) == 0) - return -5918; + return -7425; if (EVP_Cipher(&ctx, cipher, (byte*)msg, 16) == 0) - return -5919; + return -7426; if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE)) - return -5920; + return -7427; EVP_CIPHER_CTX_init(&ctx); if (EVP_CipherInit(&ctx, EVP_aes_256_ecb(), (unsigned char*)key, NULL, 0) == 0) - return -5921; + return -7428; if (EVP_Cipher(&ctx, plain, cipher, 16) == 0) - return -5922; + return -7429; if (XMEMCMP(plain, msg, AES_BLOCK_SIZE)) - return -5923; + return -7430; } /* end evp_cipher test */ #endif /* HAVE_AES_ECB && WOLFSSL_AES_128 */ @@ -12195,128 +12702,128 @@ int openssl_test(void) EVP_CIPHER_CTX_init(&en); if (EVP_CipherInit(&en, EVP_aes_128_ctr(), (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0) - return -5924; + return -7431; if (EVP_Cipher(&en, (byte*)cipherBuff, (byte*)ctrPlain, AES_BLOCK_SIZE*4) == 0) - return -5925; + return -7432; EVP_CIPHER_CTX_init(&de); if (EVP_CipherInit(&de, EVP_aes_128_ctr(), (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0) - return -5926; + return -7433; if (EVP_Cipher(&de, (byte*)plainBuff, (byte*)cipherBuff, AES_BLOCK_SIZE*4) == 0) - return -5927; + return -7434; if (XMEMCMP(cipherBuff, ctrCipher, AES_BLOCK_SIZE*4)) - return -5928; + return -7435; if (XMEMCMP(plainBuff, ctrPlain, AES_BLOCK_SIZE*4)) - return -5929; + return -7436; p_en = wolfSSL_EVP_CIPHER_CTX_new(); - if(p_en == NULL)return -5930; + if(p_en == NULL)return -7437; p_de = wolfSSL_EVP_CIPHER_CTX_new(); - if(p_de == NULL)return -5931; + if(p_de == NULL)return -7438; if (EVP_CipherInit(p_en, EVP_aes_128_ctr(), (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0) - return -5932; + return -7439; if (EVP_Cipher(p_en, (byte*)cipherBuff, (byte*)ctrPlain, AES_BLOCK_SIZE*4) == 0) - return -5933; + return -7440; if (EVP_CipherInit(p_de, EVP_aes_128_ctr(), (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0) - return -5934; + return -7441; if (EVP_Cipher(p_de, (byte*)plainBuff, (byte*)cipherBuff, AES_BLOCK_SIZE*4) == 0) - return -5935; + return -7442; wolfSSL_EVP_CIPHER_CTX_free(p_en); wolfSSL_EVP_CIPHER_CTX_free(p_de); if (XMEMCMP(cipherBuff, ctrCipher, AES_BLOCK_SIZE*4)) - return -5936; + return -7443; if (XMEMCMP(plainBuff, ctrPlain, AES_BLOCK_SIZE*4)) - return -5937; + return -7444; EVP_CIPHER_CTX_init(&en); if (EVP_CipherInit(&en, EVP_aes_128_ctr(), (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0) - return -5938; + return -7445; if (EVP_Cipher(&en, (byte*)cipherBuff, (byte*)ctrPlain, 9) == 0) - return -5939; + return -7446; EVP_CIPHER_CTX_init(&de); if (EVP_CipherInit(&de, EVP_aes_128_ctr(), (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0) - return -5940; + return -7447; if (EVP_Cipher(&de, (byte*)plainBuff, (byte*)cipherBuff, 9) == 0) - return -5941; + return -7448; if (XMEMCMP(plainBuff, ctrPlain, 9)) - return -5942; + return -7449; if (XMEMCMP(cipherBuff, ctrCipher, 9)) - return -5943; + return -7450; if (EVP_Cipher(&en, (byte*)cipherBuff, (byte*)ctrPlain, 9) == 0) - return -5944; + return -7451; if (EVP_Cipher(&de, (byte*)plainBuff, (byte*)cipherBuff, 9) == 0) - return -5945; + return -7452; if (XMEMCMP(plainBuff, ctrPlain, 9)) - return -5946; + return -7453; if (XMEMCMP(cipherBuff, oddCipher, 9)) - return -5947; + return -7454; #endif /* WOLFSSL_AES_128 */ #ifdef WOLFSSL_AES_192 EVP_CIPHER_CTX_init(&en); if (EVP_CipherInit(&en, EVP_aes_192_ctr(), (unsigned char*)ctr192Key, (unsigned char*)ctr192Iv, 0) == 0) - return -5948; + return -7455; if (EVP_Cipher(&en, (byte*)cipherBuff, (byte*)ctr192Plain, AES_BLOCK_SIZE) == 0) - return -5949; + return -7456; EVP_CIPHER_CTX_init(&de); if (EVP_CipherInit(&de, EVP_aes_192_ctr(), (unsigned char*)ctr192Key, (unsigned char*)ctr192Iv, 0) == 0) - return -5950; + return -7457; XMEMSET(plainBuff, 0, sizeof(plainBuff)); if (EVP_Cipher(&de, (byte*)plainBuff, (byte*)cipherBuff, AES_BLOCK_SIZE) == 0) - return -5951; + return -7458; if (XMEMCMP(plainBuff, ctr192Plain, sizeof(ctr192Plain))) - return -5952; + return -7459; if (XMEMCMP(ctr192Cipher, cipherBuff, sizeof(ctr192Cipher))) - return -5953; + return -7460; #endif /* WOLFSSL_AES_192 */ #ifdef WOLFSSL_AES_256 EVP_CIPHER_CTX_init(&en); if (EVP_CipherInit(&en, EVP_aes_256_ctr(), (unsigned char*)ctr256Key, (unsigned char*)ctr256Iv, 0) == 0) - return -5954; + return -7461; if (EVP_Cipher(&en, (byte*)cipherBuff, (byte*)ctr256Plain, AES_BLOCK_SIZE) == 0) - return -5955; + return -7462; EVP_CIPHER_CTX_init(&de); if (EVP_CipherInit(&de, EVP_aes_256_ctr(), (unsigned char*)ctr256Key, (unsigned char*)ctr256Iv, 0) == 0) - return -5956; + return -7463; XMEMSET(plainBuff, 0, sizeof(plainBuff)); if (EVP_Cipher(&de, (byte*)plainBuff, (byte*)cipherBuff, AES_BLOCK_SIZE) == 0) - return -5957; + return -7464; if (XMEMCMP(plainBuff, ctr256Plain, sizeof(ctr256Plain))) - return -5958; + return -7465; if (XMEMCMP(ctr256Cipher, cipherBuff, sizeof(ctr256Cipher))) - return -5959; + return -7466; #endif /* WOLFSSL_AES_256 */ } #endif /* HAVE_AES_COUNTER */ @@ -12351,96 +12858,96 @@ int openssl_test(void) EVP_CIPHER_CTX_init(&en); if (EVP_CipherInit(&en, EVP_aes_128_cbc(), (unsigned char*)key, (unsigned char*)iv, 1) == 0) - return -5960; + return -7467; /* openSSL compatibility, if(inlen == 0)return 1; */ if (EVP_CipherUpdate(&en, (byte*)cipher, &outlen, (byte*)cbcPlain, 0) != 1) - return -5960; + return -7468; EVP_CIPHER_CTX_init(&en); if (EVP_CipherInit(&en, EVP_aes_128_cbc(), (unsigned char*)key, (unsigned char*)iv, 1) == 0) - return -5960; + return -7469; if (EVP_CipherUpdate(&en, (byte*)cipher, &outlen, (byte*)cbcPlain, 9) == 0) - return -5961; + return -7470; if(outlen != 0) - return -5962; + return -7471; total += outlen; if (EVP_CipherUpdate(&en, (byte*)&cipher[total], &outlen, (byte*)&cbcPlain[9] , 9) == 0) - return -5963; + return -7472; if(outlen != 16) - return -5964; + return -7473; total += outlen; if (EVP_CipherFinal(&en, (byte*)&cipher[total], &outlen) == 0) - return -5965; + return -7474; if(outlen != 16) - return -5966; + return -7475; total += outlen; if(total != 32) - return -5967; + return -7476; total = 0; EVP_CIPHER_CTX_init(&de); if (EVP_CipherInit(&de, EVP_aes_128_cbc(), (unsigned char*)key, (unsigned char*)iv, 0) == 0) - return -5968; + return -7477; if (EVP_CipherUpdate(&de, (byte*)plain, &outlen, (byte*)cipher, 6) == 0) - return -5969; + return -7478; if(outlen != 0) - return -5970; + return -7479; total += outlen; if (EVP_CipherUpdate(&de, (byte*)&plain[total], &outlen, (byte*)&cipher[6], 12) == 0) - return -5971; + return -7480; if(outlen != 0) total += outlen; if (EVP_CipherUpdate(&de, (byte*)&plain[total], &outlen, (byte*)&cipher[6+12], 14) == 0) - return -5972; + return -7481; if(outlen != 16) - return -5973; + return -7482; total += outlen; if (EVP_CipherFinal(&de, (byte*)&plain[total], &outlen) == 0) - return -5974; + return -7483; if(outlen != 2) - return -5975; + return -7484; total += outlen; if(total != 18) - return -5976; + return -7485; if (XMEMCMP(plain, cbcPlain, 18)) - return -5977; + return -7486; total = 0; EVP_CIPHER_CTX_init(&en); if (EVP_EncryptInit(&en, EVP_aes_128_cbc(), (unsigned char*)key, (unsigned char*)iv) == 0) - return -3431; + return -7487; if (EVP_CipherUpdate(&en, (byte*)cipher, &outlen, (byte*)cbcPlain, 9) == 0) - return -3432; + return -7488; if(outlen != 0) - return -3433; + return -7489; total += outlen; if (EVP_CipherUpdate(&en, (byte*)&cipher[total], &outlen, (byte*)&cbcPlain[9] , 9) == 0) - return -3434; + return -7490; if(outlen != 16) - return -3435; + return -7491; total += outlen; if (EVP_EncryptFinal(&en, (byte*)&cipher[total], &outlen) == 0) - return -3436; + return -7492; if(outlen != 16) - return -3437; + return -7493; total += outlen; if(total != 32) return 3438; @@ -12449,36 +12956,36 @@ int openssl_test(void) EVP_CIPHER_CTX_init(&de); if (EVP_DecryptInit(&de, EVP_aes_128_cbc(), (unsigned char*)key, (unsigned char*)iv) == 0) - return -3440; + return -7494; if (EVP_CipherUpdate(&de, (byte*)plain, &outlen, (byte*)cipher, 6) == 0) - return -3441; + return -7495; if(outlen != 0) - return -3442; + return -7496; total += outlen; if (EVP_CipherUpdate(&de, (byte*)&plain[total], &outlen, (byte*)&cipher[6], 12) == 0) - return -3443; + return -7497; if(outlen != 0) total += outlen; if (EVP_CipherUpdate(&de, (byte*)&plain[total], &outlen, (byte*)&cipher[6+12], 14) == 0) - return -3443; + return -7498; if(outlen != 16) - return -3444; + return -7499; total += outlen; if (EVP_DecryptFinal(&de, (byte*)&plain[total], &outlen) == 0) - return -3445; + return -7500; if(outlen != 2) - return -3446; + return -7501; total += outlen; if(total != 18) return 3447; if (XMEMCMP(plain, cbcPlain, 18)) - return -3448; + return -7502; } @@ -12499,38 +13006,38 @@ int openSSL_evpMD_test(void) ret = EVP_DigestInit(ctx, EVP_sha256()); if (ret != SSL_SUCCESS) { - return -3449; + return -7600; } ret = EVP_MD_CTX_copy(ctx2, ctx); if (ret != SSL_SUCCESS) { - return -3450; + return -7601; } if (EVP_MD_type(EVP_sha256()) != EVP_MD_CTX_type(ctx2)) { - return -3451; + return -7602; } ret = EVP_DigestInit(ctx, EVP_sha1()); if (ret != SSL_SUCCESS) { - return -3452; + return -7603; } if (EVP_MD_type(EVP_sha256()) != EVP_MD_CTX_type(ctx2)) { - return -3453; + return -7604; } ret = EVP_MD_CTX_copy_ex(ctx2, ctx); if (ret != SSL_SUCCESS) { - return -3454; + return -7605; } if (EVP_MD_type(EVP_sha256()) == EVP_MD_CTX_type(ctx2)) { - return -3455; + return -7606; } if (EVP_MD_type(EVP_sha1()) != EVP_MD_CTX_type(ctx2)) { - return -3456; + return -7607; } EVP_MD_CTX_destroy(ctx); @@ -12783,7 +13290,7 @@ int openssl_pkey1_test(void) if (!f) { err_sys("can't open ./certs/client-key.der, " "Please run from wolfSSL home dir", -41); - return -41; + return -7700; } cliKeySz = (long)fread(tmp, 1, FOURK_BUF, f); @@ -12795,82 +13302,82 @@ int openssl_pkey1_test(void) clikey = tmp; if ((prvKey = EVP_PKEY_new()) == NULL) { - return -42; + return -7701; } EVP_PKEY_free(prvKey); prvKey = NULL; if (x509 == NULL) { - ret = -43; + ret = -7702; goto openssl_pkey1_test_done; } pubKey = X509_get_pubkey(x509); if (pubKey == NULL) { - ret = -44; + ret = -7703; goto openssl_pkey1_test_done; } prvKey = d2i_PrivateKey(EVP_PKEY_RSA, NULL, &clikey, cliKeySz); if (prvKey == NULL) { - ret = -45; + ret = -7704; goto openssl_pkey1_test_done; } /* phase 2 API to create EVP_PKEY_CTX and encrypt/decrypt */ if (EVP_PKEY_bits(prvKey) != 2048) { - ret = -46; + ret = -7705; goto openssl_pkey1_test_done; } if (EVP_PKEY_size(prvKey) != 256) { - ret = -47; + ret = -7706; goto openssl_pkey1_test_done; } dec = EVP_PKEY_CTX_new(prvKey, NULL); enc = EVP_PKEY_CTX_new(pubKey, NULL); if (dec == NULL || enc == NULL) { - ret = -48; + ret = -7707; goto openssl_pkey1_test_done; } if (EVP_PKEY_decrypt_init(dec) != 1) { - ret = -49; + ret = -7708; goto openssl_pkey1_test_done; } if (EVP_PKEY_encrypt_init(enc) != 1) { - ret = -50; + ret = -7709; goto openssl_pkey1_test_done; } if (EVP_PKEY_CTX_set_rsa_padding(dec, RSA_PKCS1_PADDING) <= 0) { - ret = -51; + ret = -7710; goto openssl_pkey1_test_done; } #ifndef HAVE_FIPS if (EVP_PKEY_CTX_set_rsa_padding(dec, RSA_PKCS1_OAEP_PADDING) <= 0){ - ret = -52; + ret = -7711; goto openssl_pkey1_test_done; } if (EVP_PKEY_CTX_set_rsa_padding(enc, RSA_PKCS1_OAEP_PADDING) <= 0) { - ret = -53; + ret = -7712; goto openssl_pkey1_test_done; } #endif XMEMSET(cipher, 0, sizeof(cipher)); if (EVP_PKEY_encrypt(enc, cipher, &outlen, msg, sizeof(msg)) < 0) { - ret = -54; + ret = -7713; goto openssl_pkey1_test_done; } XMEMSET(plain, 0, sizeof(plain)); if (EVP_PKEY_decrypt(dec, plain, &outlen, cipher, sizeof(cipher)) != 1) { - ret = -55; + ret = -7714; goto openssl_pkey1_test_done; } @@ -13125,33 +13632,33 @@ int scrypt_test(void) ret = wc_scrypt(derived, NULL, 0, NULL, 0, 4, 1, 1, sizeof(verify1)); if (ret != 0) - return -6000; + return -7800; if (XMEMCMP(derived, verify1, sizeof(verify1)) != 0) - return -6001; + return -7801; ret = wc_scrypt(derived, (byte*)"password", 8, (byte*)"NaCl", 4, 10, 8, 16, sizeof(verify2)); if (ret != 0) - return -6002; + return -7802; if (XMEMCMP(derived, verify2, sizeof(verify2)) != 0) - return -6003; + return -7803; /* Don't run these test on embedded, since they use large mallocs */ #if !defined(BENCH_EMBEDDED) && !defined(HAVE_INTEL_QA) ret = wc_scrypt(derived, (byte*)"pleaseletmein", 13, (byte*)"SodiumChloride", 14, 14, 8, 1, sizeof(verify3)); if (ret != 0) - return -6004; + return -7804; if (XMEMCMP(derived, verify3, sizeof(verify3)) != 0) - return -6005; + return -7805; #ifdef SCRYPT_TEST_ALL ret = wc_scrypt(derived, (byte*)"pleaseletmein", 13, (byte*)"SodiumChloride", 14, 20, 8, 1, sizeof(verify4)); if (ret != 0) - return -6006; + return -7806; if (XMEMCMP(derived, verify4, sizeof(verify4)) != 0) - return -6007; + return -7807; #endif #endif /* !BENCH_EMBEDDED && !HAVE_INTEL_QA */ @@ -13189,24 +13696,24 @@ int pkcs12_test(void) iterations, kLen, WC_SHA256, id); if (ret < 0) - return -6100; + return -7900; if ( (ret = XMEMCMP(derived, verify, kLen)) != 0) - return -6101; + return -7901; iterations = 1000; ret = wc_PKCS12_PBKDF(derived, passwd2, sizeof(passwd2), salt2, 8, iterations, kLen, WC_SHA256, id); if (ret < 0) - return -6102; + return -7902; ret = wc_PKCS12_PBKDF_ex(derived, passwd2, sizeof(passwd2), salt2, 8, iterations, kLen, WC_SHA256, id, HEAP_HINT); if (ret < 0) - return -6103; + return -7903; if ( (ret = XMEMCMP(derived, verify2, 24)) != 0) - return -6104; + return -7904; return 0; } @@ -13231,7 +13738,7 @@ int pbkdf2_test(void) return ret; if (XMEMCMP(derived, verify, sizeof(verify)) != 0) - return -6200; + return -8000; return 0; @@ -13256,7 +13763,7 @@ int pbkdf1_test(void) kLen, WC_SHA); if (XMEMCMP(derived, verify, sizeof(verify)) != 0) - return -6300; + return -8100; return 0; } @@ -13337,38 +13844,38 @@ int hkdf_test(void) #ifndef NO_SHA ret = wc_HKDF(WC_SHA, ikm1, 22, NULL, 0, NULL, 0, okm1, L); if (ret != 0) - return -6400; + return -8200; if (XMEMCMP(okm1, res1, L) != 0) - return -6401; + return -8201; #ifndef HAVE_FIPS /* fips can't have key size under 14 bytes, salt is key too */ ret = wc_HKDF(WC_SHA, ikm1, 11, salt1, 13, info1, 10, okm1, L); if (ret != 0) - return -6402; + return -8202; if (XMEMCMP(okm1, res2, L) != 0) - return -6403; + return -8203; #endif /* HAVE_FIPS */ #endif /* NO_SHA */ #ifndef NO_SHA256 ret = wc_HKDF(WC_SHA256, ikm1, 22, NULL, 0, NULL, 0, okm1, L); if (ret != 0) - return -6404; + return -8204; if (XMEMCMP(okm1, res3, L) != 0) - return -6405; + return -8205; #ifndef HAVE_FIPS /* fips can't have key size under 14 bytes, salt is key too */ ret = wc_HKDF(WC_SHA256, ikm1, 22, salt1, 13, info1, 10, okm1, L); if (ret != 0) - return -6406; + return -8206; if (XMEMCMP(okm1, res4, L) != 0) - return -6407; + return -8207; #endif /* HAVE_FIPS */ #endif /* NO_SHA256 */ @@ -13484,38 +13991,38 @@ int x963kdf_test(void) ret = wc_X963_KDF(WC_HASH_TYPE_SHA, Z, sizeof(Z), NULL, 0, kek, sizeof(verify)); if (ret != 0) - return -6500; + return -8300; if (XMEMCMP(verify, kek, sizeof(verify)) != 0) - return -6501; + return -8301; #endif #ifndef NO_SHA256 ret = wc_X963_KDF(WC_HASH_TYPE_SHA256, Z2, sizeof(Z2), NULL, 0, kek, sizeof(verify2)); if (ret != 0) - return -6502; + return -8302; if (XMEMCMP(verify2, kek, sizeof(verify2)) != 0) - return -6503; + return -8303; #endif #ifdef WOLFSSL_SHA512 ret = wc_X963_KDF(WC_HASH_TYPE_SHA512, Z3, sizeof(Z3), NULL, 0, kek, sizeof(verify3)); if (ret != 0) - return -6504; + return -8304; if (XMEMCMP(verify3, kek, sizeof(verify3)) != 0) - return -6505; + return -8305; ret = wc_X963_KDF(WC_HASH_TYPE_SHA512, Z4, sizeof(Z4), info4, sizeof(info4), kek, sizeof(verify4)); if (ret != 0) - return -6506; + return -8306; if (XMEMCMP(verify4, kek, sizeof(verify4)) != 0) - return -6507; + return -8307; #endif return 0; @@ -13529,7 +14036,7 @@ int x963kdf_test(void) #ifdef BENCH_EMBEDDED #define ECC_SHARED_SIZE 128 #else - #define ECC_SHARED_SIZE 1024 + #define ECC_SHARED_SIZE MAX_ECC_BYTES #endif #define ECC_DIGEST_SIZE MAX_ECC_BYTES #define ECC_SIG_SIZE ECC_MAX_SIG_SIZE @@ -13553,14 +14060,24 @@ typedef struct eccVector { const char* curveName; word32 msgLen; word32 keySize; +#ifndef NO_ASN + const byte* r; + word32 rSz; + const byte* s; + word32 sSz; +#endif } eccVector; static int ecc_test_vector_item(const eccVector* vector) { int ret = 0, verify = 0; - word32 x; + word32 sigSz; ecc_key userA; DECLARE_VAR(sig, byte, ECC_SIG_SIZE, HEAP_HINT); +#ifndef NO_ASN + word32 sigRawSz; + DECLARE_VAR(sigRaw, byte, ECC_SIG_SIZE, HEAP_HINT); +#endif ret = wc_ecc_init_ex(&userA, HEAP_HINT, devId); if (ret != 0) { @@ -13568,25 +14085,38 @@ static int ecc_test_vector_item(const eccVector* vector) return ret; } - XMEMSET(sig, 0, ECC_SIG_SIZE); - x = ECC_SIG_SIZE; - ret = wc_ecc_import_raw(&userA, vector->Qx, vector->Qy, - vector->d, vector->curveName); + vector->d, vector->curveName); if (ret != 0) goto done; - ret = wc_ecc_rs_to_sig(vector->R, vector->S, sig, &x); + XMEMSET(sig, 0, ECC_SIG_SIZE); + sigSz = ECC_SIG_SIZE; + ret = wc_ecc_rs_to_sig(vector->R, vector->S, sig, &sigSz); if (ret != 0) goto done; +#ifndef NO_ASN + XMEMSET(sigRaw, 0, ECC_SIG_SIZE); + sigRawSz = ECC_SIG_SIZE; + ret = wc_ecc_rs_raw_to_sig(vector->r, vector->rSz, vector->s, vector->sSz, + sigRaw, &sigRawSz); + if (ret != 0) + goto done; + + if (sigSz != sigRawSz || XMEMCMP(sig, sigRaw, sigSz) != 0) { + ret = -8308; + goto done; + } +#endif + do { #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &userA.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); #endif if (ret >= 0) { - ret = wc_ecc_verify_hash(sig, x, (byte*)vector->msg, vector->msgLen, - &verify, &userA); + ret = wc_ecc_verify_hash(sig, sigSz, (byte*)vector->msg, + vector->msgLen, &verify, &userA); } } while (ret == WC_PENDING_E); @@ -13594,7 +14124,7 @@ static int ecc_test_vector_item(const eccVector* vector) goto done; if (verify != 1) - ret = -6508; + ret = -8309; done: wc_ecc_free(&userA); @@ -13646,12 +14176,20 @@ static int ecc_test_vector(int keySize) "\xee\xd0\x78\x53\x87\x50\x88\x77\x11\x43\x59\xce\xe4\xa0\x71\xcf"; vec.msgLen = 128; #endif - vec.Qx = "07008ea40b08dbe76432096e80a2494c94982d2d5bcf98e6"; - vec.Qy = "76fab681d00b414ea636ba215de26d98c41bd7f2e4d65477"; - vec.d = "e14f37b3d1374ff8b03f41b9b3fdd2f0ebccf275d660d7f3"; - vec.R = "6994d962bdd0d793ffddf855ec5bf2f91a9698b46258a63e"; - vec.S = "02ba6465a234903744ab02bc8521405b73cf5fc00e1a9f41"; + vec.Qx = "07008ea40b08dbe76432096e80a2494c94982d2d5bcf98e6"; + vec.Qy = "76fab681d00b414ea636ba215de26d98c41bd7f2e4d65477"; + vec.d = "e14f37b3d1374ff8b03f41b9b3fdd2f0ebccf275d660d7f3"; + vec.R = "6994d962bdd0d793ffddf855ec5bf2f91a9698b46258a63e"; + vec.S = "02ba6465a234903744ab02bc8521405b73cf5fc00e1a9f41"; vec.curveName = "SECP192R1"; + #ifndef NO_ASN + vec.r = (byte*)"\x69\x94\xd9\x62\xbd\xd0\xd7\x93\xff\xdd\xf8\x55" + "\xec\x5b\xf2\xf9\x1a\x96\x98\xb4\x62\x58\xa6\x3e"; + vec.rSz = 24; + vec.s = (byte*)"\x02\xba\x64\x65\xa2\x34\x90\x37\x44\xab\x02\xbc" + "\x85\x21\x40\x5b\x73\xcf\x5f\xc0\x0e\x1a\x9f\x41"; + vec.sSz = 24; + #endif break; #endif /* HAVE_ECC192 */ @@ -13674,12 +14212,22 @@ static int ecc_test_vector(int keySize) "\xb9\x4d\xac\x55\x34\xef\x7b\x59\x94\x24\xd6\x9b\xe1\xf7\x1c\x20"; vec.msgLen = 128; #endif - vec.Qx = "8a4dca35136c4b70e588e23554637ae251077d1365a6ba5db9585de7"; - vec.Qy = "ad3dee06de0be8279d4af435d7245f14f3b4f82eb578e519ee0057b1"; - vec.d = "97c4b796e1639dd1035b708fc00dc7ba1682cec44a1002a1a820619f"; - vec.R = "147b33758321e722a0360a4719738af848449e2c1d08defebc1671a7"; - vec.S = "24fc7ed7f1352ca3872aa0916191289e2e04d454935d50fe6af3ad5b"; + vec.Qx = "8a4dca35136c4b70e588e23554637ae251077d1365a6ba5db9585de7"; + vec.Qy = "ad3dee06de0be8279d4af435d7245f14f3b4f82eb578e519ee0057b1"; + vec.d = "97c4b796e1639dd1035b708fc00dc7ba1682cec44a1002a1a820619f"; + vec.R = "147b33758321e722a0360a4719738af848449e2c1d08defebc1671a7"; + vec.S = "24fc7ed7f1352ca3872aa0916191289e2e04d454935d50fe6af3ad5b"; vec.curveName = "SECP224R1"; + #ifndef NO_ASN + vec.r = (byte*)"\x14\x7b\x33\x75\x83\x21\xe7\x22\xa0\x36\x0a\x47" + "\x19\x73\x8a\xf8\x48\x44\x9e\x2c\x1d\x08\xde\xfe" + "\xbc\x16\x71\xa7"; + vec.rSz = 28; + vec.s = (byte*)"\x24\xfc\x7e\xd7\xf1\x35\x2c\xa3\x87\x2a\xa0\x91" + "\x61\x91\x28\x9e\x2e\x04\xd4\x54\x93\x5d\x50\xfe" + "\x6a\xf3\xad\x5b"; + vec.sSz = 28; + #endif break; #endif /* HAVE_ECC224 */ @@ -13707,11 +14255,21 @@ static int ecc_test_vector(int keySize) "\x8f\xc8\x95\xdf\x35\x7e\x1a\x48\xa6\x53\xbb\x35\x5a\x31\xa1\xb4" vec.msgLen = 128; #endif - vec.Qx = "fa2737fb93488d19caef11ae7faf6b7f4bcd67b286e3fc54e8a65c2b74aeccb0"; - vec.Qy = "d4ccd6dae698208aa8c3a6f39e45510d03be09b2f124bfc067856c324f9b4d09"; - vec.d = "be34baa8d040a3b991f9075b56ba292f755b90e4b6dc10dad36715c33cfdac25"; - vec.R = "2b826f5d44e2d0b6de531ad96b51e8f0c56fdfead3c236892e4d84eacfc3b75c"; - vec.S = "a2248b62c03db35a7cd63e8a120a3521a89d3d2f61ff99035a2148ae32e3a248"; + vec.Qx = "fa2737fb93488d19caef11ae7faf6b7f4bcd67b286e3fc54e8a65c2b74aeccb0"; + vec.Qy = "d4ccd6dae698208aa8c3a6f39e45510d03be09b2f124bfc067856c324f9b4d09"; + vec.d = "be34baa8d040a3b991f9075b56ba292f755b90e4b6dc10dad36715c33cfdac25"; + vec.R = "2b826f5d44e2d0b6de531ad96b51e8f0c56fdfead3c236892e4d84eacfc3b75c"; + vec.S = "a2248b62c03db35a7cd63e8a120a3521a89d3d2f61ff99035a2148ae32e3a248"; + #ifndef NO_ASN + vec.r = (byte*)"\x2b\x82\x6f\x5d\x44\xe2\xd0\xb6\xde\x53\x1a\xd9" + "\x6b\x51\xe8\xf0\xc5\x6f\xdf\xea\xd3\xc2\x36\x89" + "\x2e\x4d\x84\xea\xcf\xc3\xb7\x5c"; + vec.rSz = 32; + vec.s = (byte*)"\xa2\x24\x8b\x62\xc0\x3d\xb3\x5a\x7c\xd6\x3e\x8a" + "\x12\x0a\x35\x21\xa8\x9d\x3d\x2f\x61\xff\x99\x03" + "\x5a\x21\x48\xae\x32\xe3\xa2\x48"; + vec.sSz = 32; + #endif vec.curveName = "SECP256R1"; break; #endif /* !NO_ECC256 */ @@ -13740,12 +14298,24 @@ static int ecc_test_vector(int keySize) "\x21\x1f\x61\x64\x9a\xd6\x27\x43\x14\xbf\x0d\x43\x8a\x81\xe0\x60" vec.msgLen = 128; #endif - vec.Qx = "e55fee6c49d8d523f5ce7bf9c0425ce4ff650708b7de5cfb095901523979a7f042602db30854735369813b5c3f5ef868"; - vec.Qy = "28f59cc5dc509892a988d38a8e2519de3d0c4fd0fbdb0993e38f18506c17606c5e24249246f1ce94983a5361c5be983e"; - vec.d = "a492ce8fa90084c227e1a32f7974d39e9ff67a7e8705ec3419b35fb607582bebd461e0b1520ac76ec2dd4e9b63ebae71"; - vec.R = "6820b8585204648aed63bdff47f6d9acebdea62944774a7d14f0e14aa0b9a5b99545b2daee6b3c74ebf606667a3f39b7"; - vec.S = "491af1d0cccd56ddd520b233775d0bc6b40a6255cc55207d8e9356741f23c96c14714221078dbd5c17f4fdd89b32a907"; + vec.Qx = "e55fee6c49d8d523f5ce7bf9c0425ce4ff650708b7de5cfb095901523979a7f042602db30854735369813b5c3f5ef868"; + vec.Qy = "28f59cc5dc509892a988d38a8e2519de3d0c4fd0fbdb0993e38f18506c17606c5e24249246f1ce94983a5361c5be983e"; + vec.d = "a492ce8fa90084c227e1a32f7974d39e9ff67a7e8705ec3419b35fb607582bebd461e0b1520ac76ec2dd4e9b63ebae71"; + vec.R = "6820b8585204648aed63bdff47f6d9acebdea62944774a7d14f0e14aa0b9a5b99545b2daee6b3c74ebf606667a3f39b7"; + vec.S = "491af1d0cccd56ddd520b233775d0bc6b40a6255cc55207d8e9356741f23c96c14714221078dbd5c17f4fdd89b32a907"; vec.curveName = "SECP384R1"; + #ifndef NO_ASN + vec.r = (byte*)"\x68\x20\xb8\x58\x52\x04\x64\x8a\xed\x63\xbd\xff" + "\x47\xf6\xd9\xac\xeb\xde\xa6\x29\x44\x77\x4a\x7d" + "\x14\xf0\xe1\x4a\xa0\xb9\xa5\xb9\x95\x45\xb2\xda" + "\xee\x6b\x3c\x74\xeb\xf6\x06\x66\x7a\x3f\x39\xb7"; + vec.rSz = 48; + vec.s = (byte*)"\x49\x1a\xf1\xd0\xcc\xcd\x56\xdd\xd5\x20\xb2\x33" + "\x77\x5d\x0b\xc6\xb4\x0a\x62\x55\xcc\x55\x20\x7d" + "\x8e\x93\x56\x74\x1f\x23\xc9\x6c\x14\x71\x42\x21" + "\x07\x8d\xbd\x5c\x17\xf4\xfd\xd8\x9b\x32\xa9\x07"; + vec.sSz = 48; + #endif break; #endif /* HAVE_ECC384 */ @@ -13773,12 +14343,28 @@ static int ecc_test_vector(int keySize) "\xa8\x2b\xb7\xe0\x18\xee\xda\xc4\xea\x7b\x36\x2e\xc8\x9c\x38\x2b" vec.msgLen = 128; #endif - vec.Qx = "12fbcaeffa6a51f3ee4d3d2b51c5dec6d7c726ca353fc014ea2bf7cfbb9b910d32cbfa6a00fe39b6cdb8946f22775398b2e233c0cf144d78c8a7742b5c7a3bb5d23"; - vec.Qy = "09cdef823dd7bf9a79e8cceacd2e4527c231d0ae5967af0958e931d7ddccf2805a3e618dc3039fec9febbd33052fe4c0fee98f033106064982d88f4e03549d4a64d"; - vec.d = "1bd56bd106118eda246155bd43b42b8e13f0a6e25dd3bb376026fab4dc92b6157bc6dfec2d15dd3d0cf2a39aa68494042af48ba9601118da82c6f2108a3a203ad74"; - vec.R = "0bd117b4807710898f9dd7778056485777668f0e78e6ddf5b000356121eb7a220e9493c7f9a57c077947f89ac45d5acb6661bbcd17abb3faea149ba0aa3bb1521be"; - vec.S = "019cd2c5c3f9870ecdeb9b323abdf3a98cd5e231d85c6ddc5b71ab190739f7f226e6b134ba1d5889ddeb2751dabd97911dff90c34684cdbe7bb669b6c3d22f2480c"; + vec.Qx = "12fbcaeffa6a51f3ee4d3d2b51c5dec6d7c726ca353fc014ea2bf7cfbb9b910d32cbfa6a00fe39b6cdb8946f22775398b2e233c0cf144d78c8a7742b5c7a3bb5d23"; + vec.Qy = "09cdef823dd7bf9a79e8cceacd2e4527c231d0ae5967af0958e931d7ddccf2805a3e618dc3039fec9febbd33052fe4c0fee98f033106064982d88f4e03549d4a64d"; + vec.d = "1bd56bd106118eda246155bd43b42b8e13f0a6e25dd3bb376026fab4dc92b6157bc6dfec2d15dd3d0cf2a39aa68494042af48ba9601118da82c6f2108a3a203ad74"; + vec.R = "0bd117b4807710898f9dd7778056485777668f0e78e6ddf5b000356121eb7a220e9493c7f9a57c077947f89ac45d5acb6661bbcd17abb3faea149ba0aa3bb1521be"; + vec.S = "019cd2c5c3f9870ecdeb9b323abdf3a98cd5e231d85c6ddc5b71ab190739f7f226e6b134ba1d5889ddeb2751dabd97911dff90c34684cdbe7bb669b6c3d22f2480c"; vec.curveName = "SECP521R1"; + #ifndef NO_ASN + vec.r = (byte*)"\x00\xbd\x11\x7b\x48\x07\x71\x08\x98\xf9\xdd\x77" + "\x78\x05\x64\x85\x77\x76\x68\xf0\xe7\x8e\x6d\xdf" + "\x5b\x00\x03\x56\x12\x1e\xb7\xa2\x20\xe9\x49\x3c" + "\x7f\x9a\x57\xc0\x77\x94\x7f\x89\xac\x45\xd5\xac" + "\xb6\x66\x1b\xbc\xd1\x7a\xbb\x3f\xae\xa1\x49\xba" + "\x0a\xa3\xbb\x15\x21\xbe"; + vec.rSz = 66; + vec.s = (byte*)"\x00\x19\xcd\x2c\x5c\x3f\x98\x70\xec\xde\xb9\xb3" + "\x23\xab\xdf\x3a\x98\xcd\x5e\x23\x1d\x85\xc6\xdd" + "\xc5\xb7\x1a\xb1\x90\x73\x9f\x7f\x22\x6e\x6b\x13" + "\x4b\xa1\xd5\x88\x9d\xde\xb2\x75\x1d\xab\xd9\x79" + "\x11\xdf\xf9\x0c\x34\x68\x4c\xdb\xe7\xbb\x66\x9b" + "\x6c\x3d\x22\xf2\x48\x0c"; + vec.sSz = 66; + #endif break; #endif /* HAVE_ECC521 */ default: @@ -13841,7 +14427,7 @@ static int ecc_test_cdh_vectors(void) /* compare results */ if (x != z || XMEMCMP(sharedA, sharedB, x)) { - ERROR_OUT(-6509, done); + ERROR_OUT(-8310, done); } done: @@ -13875,12 +14461,12 @@ static int ecc_test_make_pub(WC_RNG* rng) tmp = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (tmp == NULL) { - return -6810; + return -8311; } exportBuf = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (exportBuf == NULL) { XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - return -6811; + return -8312; } #ifdef USE_CERT_BUFFERS_256 @@ -13889,7 +14475,7 @@ static int ecc_test_make_pub(WC_RNG* rng) #else file = fopen(eccKeyDerFile, "rb"); if (!file) { - ERROR_OUT(-6812, done); + ERROR_OUT(-8313, done); } tmpSz = (word32)fread(tmp, 1, FOURK_BUF, file); @@ -13901,25 +14487,25 @@ static int ecc_test_make_pub(WC_RNG* rng) /* import private only then test with */ ret = wc_ecc_import_private_key(tmp, tmpSz, NULL, 0, NULL); if (ret == 0) { - ERROR_OUT(-6813, done); + ERROR_OUT(-8314, done); } ret = wc_ecc_import_private_key(NULL, tmpSz, NULL, 0, &key); if (ret == 0) { - ERROR_OUT(-6814, done); + ERROR_OUT(-8315, done); } x = 0; ret = wc_EccPrivateKeyDecode(tmp, &x, &key, tmpSz); if (ret != 0) { - ERROR_OUT(-6815, done); + ERROR_OUT(-8316, done); } #ifdef HAVE_ECC_KEY_EXPORT x = FOURK_BUF; ret = wc_ecc_export_private_only(&key, exportBuf, &x); if (ret != 0) { - ERROR_OUT(-6816, done); + ERROR_OUT(-8317, done); } /* make private only key */ @@ -13927,30 +14513,30 @@ static int ecc_test_make_pub(WC_RNG* rng) wc_ecc_init(&key); ret = wc_ecc_import_private_key(exportBuf, x, NULL, 0, &key); if (ret != 0) { - ERROR_OUT(-6817, done); + ERROR_OUT(-8318, done); } x = FOURK_BUF; ret = wc_ecc_export_x963_ex(&key, exportBuf, &x, 0); if (ret == 0) { - ERROR_OUT(-6818, done); + ERROR_OUT(-8319, done); } #endif /* HAVE_ECC_KEY_EXPORT */ ret = wc_ecc_make_pub(NULL, NULL); if (ret == 0) { - ERROR_OUT(-6819, done); + ERROR_OUT(-8320, done); } pubPoint = wc_ecc_new_point_h(HEAP_HINT); if (pubPoint == NULL) { - ERROR_OUT(-6820, done); + ERROR_OUT(-8321, done); } ret = wc_ecc_make_pub(&key, pubPoint); if (ret != 0) { - ERROR_OUT(-6821, done); + ERROR_OUT(-8322, done); } #ifdef HAVE_ECC_KEY_EXPORT @@ -13958,7 +14544,7 @@ static int ecc_test_make_pub(WC_RNG* rng) x = FOURK_BUF; ret = wc_ecc_export_x963_ex(&key, exportBuf, &x, 0); if (ret == 0) { - ERROR_OUT(-6822, done); + ERROR_OUT(-8323, done); } #endif /* HAVE_ECC_KEY_EXPORT */ @@ -13966,25 +14552,25 @@ static int ecc_test_make_pub(WC_RNG* rng) tmpSz = FOURK_BUF; ret = wc_ecc_sign_hash(msg, sizeof(msg), tmp, &tmpSz, rng, &key); if (ret != 0) { - ERROR_OUT(-6823, done); + ERROR_OUT(-8324, done); } #ifdef HAVE_ECC_VERIFY /* try verify with private only key */ ret = wc_ecc_verify_hash(tmp, tmpSz, msg, sizeof(msg), &verify, &key); if (ret != 0) { - ERROR_OUT(-6824, done); + ERROR_OUT(-8325, done); } if (verify != 1) { - ERROR_OUT(-6825, done); + ERROR_OUT(-8326, done); } #ifdef HAVE_ECC_KEY_EXPORT /* exporting the public part should now work */ x = FOURK_BUF; ret = wc_ecc_export_x963_ex(&key, exportBuf, &x, 0); if (ret != 0) { - ERROR_OUT(-6826, done); + ERROR_OUT(-8327, done); } #endif /* HAVE_ECC_KEY_EXPORT */ #endif /* HAVE_ECC_VERIFY */ @@ -13996,7 +14582,7 @@ static int ecc_test_make_pub(WC_RNG* rng) x = FOURK_BUF; ret = wc_ecc_export_private_only(&key, exportBuf, &x); if (ret != 0) { - ERROR_OUT(-6827, done); + ERROR_OUT(-8328, done); } /* make private only key */ @@ -14004,14 +14590,14 @@ static int ecc_test_make_pub(WC_RNG* rng) wc_ecc_init(&key); ret = wc_ecc_import_private_key(exportBuf, x, NULL, 0, &key); if (ret != 0) { - ERROR_OUT(-6828, done); + ERROR_OUT(-8329, done); } /* check that public export fails with private only key */ x = FOURK_BUF; ret = wc_ecc_export_x963_ex(&key, exportBuf, &x, 0); if (ret == 0) { - ERROR_OUT(-6829, done); + ERROR_OUT(-8330, done); } /* make public key for shared secret */ @@ -14021,14 +14607,14 @@ static int ecc_test_make_pub(WC_RNG* rng) ret = wc_AsyncWait(ret, &pub.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); #endif if (ret != 0) { - ERROR_OUT(-6830, done); + ERROR_OUT(-8331, done); } x = FOURK_BUF; ret = wc_ecc_shared_secret(&key, &pub, exportBuf, &x); wc_ecc_free(&pub); if (ret != 0) { - ERROR_OUT(-6831, done); + ERROR_OUT(-8332, done); } #endif /* HAVE_ECC_DHE && HAVE_ECC_KEY_EXPORT */ @@ -14059,12 +14645,12 @@ static int ecc_test_key_gen(WC_RNG* rng, int keySize) der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (der == NULL) { - return -6840; + return -8333; } pem = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (pem == NULL) { XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - return -6840; + return -8334; } ret = wc_ecc_init_ex(&userA, HEAP_HINT, devId); @@ -14099,7 +14685,7 @@ static int ecc_test_key_gen(WC_RNG* rng, int keySize) ERROR_OUT(derSz, done); } if (derSz == 0) { - ERROR_OUT(-6514, done); + ERROR_OUT(-8335, done); } ret = SaveDerAndPem(der, derSz, NULL, 0, eccPubKeyDerFile, @@ -14116,7 +14702,7 @@ static int ecc_test_key_gen(WC_RNG* rng, int keySize) } if (derSz == 0) { - ERROR_OUT(-6516, done); + ERROR_OUT(-8336, done); } ret = SaveDerAndPem(der, derSz, NULL, 0, eccPkcs8KeyDerFile, @@ -14141,7 +14727,7 @@ static int ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerifyCount, DECLARE_VAR(sharedA, byte, ECC_SHARED_SIZE, HEAP_HINT); DECLARE_VAR(sharedB, byte, ECC_SHARED_SIZE, HEAP_HINT); #ifdef HAVE_ECC_KEY_EXPORT - byte exportBuf[1024]; + byte exportBuf[MAX_ECC_BYTES * 2 + 32]; #endif word32 x, y; #ifdef HAVE_ECC_SIGN @@ -14154,6 +14740,7 @@ static int ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerifyCount, #endif /* HAVE_ECC_SIGN */ int ret; ecc_key userA, userB, pubKey; + int curveSize; (void)testVerifyCount; (void)dp; @@ -14190,6 +14777,14 @@ static int ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerifyCount, if (ret != 0) goto done; + if (wc_ecc_get_curve_idx(curve_id) != -1) { + curveSize = wc_ecc_get_curve_size_from_id(userA.dp->id); + if (curveSize != userA.dp->size) { + ret = -8337; + goto done; + } + } + ret = wc_ecc_check_key(&userA); if (ret != 0) goto done; @@ -14233,10 +14828,10 @@ static int ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerifyCount, goto done; if (y != x) - ERROR_OUT(-6517, done); + ERROR_OUT(-8338, done); if (XMEMCMP(sharedA, sharedB, x)) - ERROR_OUT(-6518, done); + ERROR_OUT(-8339, done); #endif /* HAVE_ECC_DHE */ #ifdef HAVE_ECC_CDH @@ -14256,10 +14851,10 @@ static int ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerifyCount, goto done; if (y != x) - ERROR_OUT(-6519, done); + ERROR_OUT(-8340, done); if (XMEMCMP(sharedA, sharedB, x)) - ERROR_OUT(-6520, done); + ERROR_OUT(-8341, done); /* remove cofactor flag */ wc_ecc_set_flags(&userA, 0); @@ -14296,7 +14891,7 @@ static int ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerifyCount, goto done; if (XMEMCMP(sharedA, sharedB, y)) - ERROR_OUT(-6521, done); + ERROR_OUT(-8342, done); #endif /* HAVE_ECC_DHE */ #ifdef HAVE_COMP_KEY @@ -14333,7 +14928,7 @@ static int ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerifyCount, goto done; if (XMEMCMP(sharedA, sharedB, y)) - ERROR_OUT(-6522, done); + ERROR_OUT(-8343, done); #endif /* HAVE_ECC_DHE */ #endif /* HAVE_COMP_KEY */ @@ -14375,7 +14970,7 @@ static int ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerifyCount, if (ret != 0) goto done; if (verify != 1) - ERROR_OUT(-6523, done); + ERROR_OUT(-8344, done); } #endif /* HAVE_ECC_VERIFY */ #endif /* ECC_SHAMIR && !WOLFSSL_ASYNC_CRYPT */ @@ -14395,7 +14990,7 @@ static int ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerifyCount, &userA); } while (ret == WC_PENDING_E); if (ret != 0) - ERROR_OUT(-6524, done); + ERROR_OUT(-8345, done); #ifdef HAVE_ECC_VERIFY for (i=0; iidx, &key->pubkey, pub, &pubLen); if (ret != 0) { - ret = -6632; + ret = -8434; goto done; } ret = wc_ecc_import_private_key(priv, privLen, pub, pubLen, &keyImp); if (ret != 0) { - ret = -6633; + ret = -8435; goto done; } @@ -14792,7 +15387,7 @@ static int ecc_exp_imp_test(ecc_key* key) ret = wc_ecc_import_raw_ex(&keyImp, qx, qy, d, ECC_SECP256R1); if (ret != 0) { - ret = -6634; + ret = -8436; goto done; } @@ -14801,7 +15396,7 @@ static int ecc_exp_imp_test(ecc_key* key) curve_id = wc_ecc_get_curve_id(key->idx); if (curve_id < 0) { - ret = -6635; + ret = -8437; goto done; } @@ -14809,7 +15404,7 @@ static int ecc_exp_imp_test(ecc_key* key) ret = wc_ecc_import_private_key_ex(priv, privLen, NULL, 0, &keyImp, curve_id); if (ret != 0) { - ret = -6636; + ret = -8438; goto done; } @@ -14820,7 +15415,7 @@ static int ecc_exp_imp_test(ecc_key* key) pubLenX = pubLenY = 32; ret = wc_ecc_export_public_raw(key, pub, &pubLenX, &pub[32], &pubLenY); if (ret != 0) { - ret = -6637; + ret = -8439; goto done; } @@ -14828,7 +15423,7 @@ static int ecc_exp_imp_test(ecc_key* key) /* test import of public */ ret = wc_ecc_import_unsigned(&keyImp, pub, &pub[32], NULL, ECC_SECP256R1); if (ret != 0) { - ret = -6638; + ret = -8440; goto done; } #endif @@ -14841,7 +15436,7 @@ static int ecc_exp_imp_test(ecc_key* key) ret = wc_ecc_export_private_raw(key, pub, &pubLenX, &pub[32], &pubLenY, priv, &privLen); if (ret != 0) { - ret = -6639; + ret = -8441; goto done; } @@ -14849,7 +15444,7 @@ static int ecc_exp_imp_test(ecc_key* key) /* test import of private and public */ ret = wc_ecc_import_unsigned(&keyImp, pub, &pub[32], priv, ECC_SECP256R1); if (ret != 0) { - ret = -6640; + ret = -8442; goto done; } #endif @@ -14891,7 +15486,7 @@ static int ecc_mulmod_test(ecc_key* key1) ret = wc_ecc_mulmod(&key1->k, &key2.pubkey, &key3.pubkey, &key2.k, &key3.k, 1); if (ret != 0) { - ret = -6641; + ret = -8443; goto done; } @@ -14911,21 +15506,21 @@ static int ecc_ssh_test(ecc_key* key) /* Parameter Validation testing. */ ret = wc_ecc_shared_secret_ssh(NULL, &key->pubkey, out, &outLen); if (ret != BAD_FUNC_ARG) - return -6642; + return -8444; ret = wc_ecc_shared_secret_ssh(key, NULL, out, &outLen); if (ret != BAD_FUNC_ARG) - return -6643; + return -8445; ret = wc_ecc_shared_secret_ssh(key, &key->pubkey, NULL, &outLen); if (ret != BAD_FUNC_ARG) - return -6644; + return -8446; ret = wc_ecc_shared_secret_ssh(key, &key->pubkey, out, NULL); if (ret != BAD_FUNC_ARG) - return -6645; + return -8447; /* Use API. */ ret = wc_ecc_shared_secret_ssh(key, &key->pubkey, out, &outLen); if (ret != 0) - return -6646; + return -8448; return 0; } #endif @@ -14937,12 +15532,24 @@ static int ecc_def_curve_test(WC_RNG *rng) wc_ecc_init(&key); + /* Use API */ + ret = wc_ecc_set_flags(NULL, 0); + if (ret != BAD_FUNC_ARG) { + ret = -8449; + goto done; + } + ret = wc_ecc_set_flags(&key, 0); + if (ret != 0) { + ret = -8450; + goto done; + } + ret = wc_ecc_make_key(rng, 32, &key); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); #endif if (ret != 0) { - ret = -6647; + ret = -8451; goto done; } @@ -14981,27 +15588,27 @@ static int ecc_decode_test(void) /* SECP256R1 OID: 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07 */ - const byte good[] = { 0x30, 0x14, 0x30, 0x0b, 0x06, 0x00, + static const byte good[] = { 0x30, 0x14, 0x30, 0x0b, 0x06, 0x00, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x04, 0x00, 0x04, 0x01, 0x01 }; - const byte badNoObjId[] = { 0x30, 0x08, 0x30, 0x06, 0x03, 0x04, + static const byte badNoObjId[] = { 0x30, 0x08, 0x30, 0x06, 0x03, 0x04, 0x00, 0x04, 0x01, 0x01 }; - const byte badOneObjId[] = { 0x30, 0x0a, 0x30, 0x08, 0x06, 0x00, 0x03, 0x04, - 0x00, 0x04, 0x01, 0x01 }; - const byte badObjId1Len[] = { 0x30, 0x0c, 0x30, 0x0a, 0x06, 0x09, + static const byte badOneObjId[] = { 0x30, 0x0a, 0x30, 0x08, 0x06, 0x00, + 0x03, 0x04, 0x00, 0x04, 0x01, 0x01 }; + static const byte badObjId1Len[] = { 0x30, 0x0c, 0x30, 0x0a, 0x06, 0x09, 0x06, 0x00, 0x03, 0x04, 0x00, 0x04, 0x01, 0x01 }; - const byte badObj2d1Len[] = { 0x30, 0x0c, 0x30, 0x0a, 0x06, 0x00, + static const byte badObj2d1Len[] = { 0x30, 0x0c, 0x30, 0x0a, 0x06, 0x00, 0x06, 0x07, 0x03, 0x04, 0x00, 0x04, 0x01, 0x01 }; - const byte badNotBitStr[] = { 0x30, 0x14, 0x30, 0x0b, 0x06, 0x00, + static const byte badNotBitStr[] = { 0x30, 0x14, 0x30, 0x0b, 0x06, 0x00, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x04, 0x04, 0x00, 0x04, 0x01, 0x01 }; - const byte badBitStrLen[] = { 0x30, 0x14, 0x30, 0x0b, 0x06, 0x00, + static const byte badBitStrLen[] = { 0x30, 0x14, 0x30, 0x0b, 0x06, 0x00, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x05, 0x00, 0x04, 0x01, 0x01 }; - const byte badNoBitStrZero[] = { 0x30, 0x13, 0x30, 0x0a, 0x06, 0x00, + static const byte badNoBitStrZero[] = { 0x30, 0x13, 0x30, 0x0a, 0x06, 0x00, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x03, 0x04, 0x01, 0x01 }; - const byte badPoint[] = { 0x30, 0x12, 0x30, 0x09, 0x06, 0x00, + static const byte badPoint[] = { 0x30, 0x12, 0x30, 0x09, 0x06, 0x00, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x03, 0x00, 0x04, 0x01 }; @@ -15011,22 +15618,22 @@ static int ecc_decode_test(void) inSz = sizeof(good); ret = wc_EccPublicKeyDecode(NULL, &inOutIdx, &key, inSz); if (ret != BAD_FUNC_ARG) { - ret = -6700; + ret = -8500; goto done; } ret = wc_EccPublicKeyDecode(good, NULL, &key, inSz); if (ret != BAD_FUNC_ARG) { - ret = -6701; + ret = -8501; goto done; } ret = wc_EccPublicKeyDecode(good, &inOutIdx, NULL, inSz); if (ret != BAD_FUNC_ARG) { - ret = -6702; + ret = -8502; goto done; } ret = wc_EccPublicKeyDecode(good, &inOutIdx, &key, 0); if (ret != BAD_FUNC_ARG) { - ret = -6703; + ret = -8503; goto done; } @@ -15035,14 +15642,14 @@ static int ecc_decode_test(void) inSz = sizeof(good) - inOutIdx; ret = wc_EccPublicKeyDecode(good, &inOutIdx, &key, inSz); if (ret != ASN_PARSE_E) { - ret = -6704; + ret = -8504; goto done; } inOutIdx = 4; inSz = sizeof(good) - inOutIdx; ret = wc_EccPublicKeyDecode(good, &inOutIdx, &key, inSz); if (ret != ASN_PARSE_E) { - ret = -6705; + ret = -8505; goto done; } /* Bad data. */ @@ -15050,56 +15657,56 @@ static int ecc_decode_test(void) inOutIdx = 0; ret = wc_EccPublicKeyDecode(badNoObjId, &inOutIdx, &key, inSz); if (ret != ASN_OBJECT_ID_E) { - ret = -6706; + ret = -8506; goto done; } inSz = sizeof(badOneObjId); inOutIdx = 0; ret = wc_EccPublicKeyDecode(badOneObjId, &inOutIdx, &key, inSz); if (ret != ASN_OBJECT_ID_E) { - ret = -6707; + ret = -8507; goto done; } inSz = sizeof(badObjId1Len); inOutIdx = 0; ret = wc_EccPublicKeyDecode(badObjId1Len, &inOutIdx, &key, inSz); if (ret != ASN_PARSE_E) { - ret = -6708; + ret = -8508; goto done; } inSz = sizeof(badObj2d1Len); inOutIdx = 0; ret = wc_EccPublicKeyDecode(badObj2d1Len, &inOutIdx, &key, inSz); if (ret != ASN_PARSE_E) { - ret = -6709; + ret = -8509; goto done; } inSz = sizeof(badNotBitStr); inOutIdx = 0; ret = wc_EccPublicKeyDecode(badNotBitStr, &inOutIdx, &key, inSz); if (ret != ASN_BITSTR_E) { - ret = -6710; + ret = -8510; goto done; } inSz = sizeof(badBitStrLen); inOutIdx = 0; ret = wc_EccPublicKeyDecode(badBitStrLen, &inOutIdx, &key, inSz); if (ret != ASN_PARSE_E) { - ret = -6711; + ret = -8511; goto done; } inSz = sizeof(badNoBitStrZero); inOutIdx = 0; ret = wc_EccPublicKeyDecode(badNoBitStrZero, &inOutIdx, &key, inSz); if (ret != ASN_EXPECT_0_E) { - ret = -6712; + ret = -8512; goto done; } inSz = sizeof(badPoint); inOutIdx = 0; ret = wc_EccPublicKeyDecode(badPoint, &inOutIdx, &key, inSz); if (ret != ASN_ECC_KEY_E) { - ret = -6713; + ret = -8513; goto done; } @@ -15107,7 +15714,7 @@ static int ecc_decode_test(void) inOutIdx = 0; ret = wc_EccPublicKeyDecode(good, &inOutIdx, &key, inSz); if (ret != 0) { - ret = -6714; + ret = -8514; goto done; } @@ -15205,14 +15812,14 @@ static int ecc_test_custom_curves(WC_RNG* rng) ret = wc_ecc_init_ex(&key, HEAP_HINT, devId); if (ret != 0) { - return -6715; + return -8515; } inOutIdx = 0; ret = wc_EccPublicKeyDecode(eccKeyExplicitCurve, &inOutIdx, &key, sizeof(eccKeyExplicitCurve)); if (ret != 0) - return -6716; + return -8516; wc_ecc_free(&key); @@ -15246,11 +15853,11 @@ static int ecc_test_cert_gen(WC_RNG* rng) der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (der == NULL) { - ERROR_OUT(-6720, exit); + ERROR_OUT(-8517, exit); } pem = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (pem == NULL) { - ERROR_OUT(-6721, exit); + ERROR_OUT(-8518, exit); } /* Get cert private key */ @@ -15262,7 +15869,7 @@ static int ecc_test_cert_gen(WC_RNG* rng) #else file = fopen(eccCaKey384File, "rb"); if (!file) { - ERROR_OUT(-6722, exit); + ERROR_OUT(-8519, exit); } bytes = fread(der, 1, FOURK_BUF, file); @@ -15276,7 +15883,7 @@ static int ecc_test_cert_gen(WC_RNG* rng) #else file = fopen(eccCaKeyFile, "rb"); if (!file) { - ERROR_OUT(-6722, exit); + ERROR_OUT(-8520, exit); } bytes = fread(der, 1, FOURK_BUF, file); fclose(file); @@ -15289,17 +15896,17 @@ static int ecc_test_cert_gen(WC_RNG* rng) /* Get CA Key */ ret = wc_ecc_init_ex(&caEccKey, HEAP_HINT, devId); if (ret != 0) { - ERROR_OUT(-6723, exit); + ERROR_OUT(-8521, exit); } ret = wc_EccPrivateKeyDecode(der, &idx, &caEccKey, (word32)bytes); if (ret != 0) { - ERROR_OUT(-6724, exit); + ERROR_OUT(-8522, exit); } /* Make a public key */ ret = wc_ecc_init_ex(&certPubKey, HEAP_HINT, devId); if (ret != 0) { - ERROR_OUT(-6725, exit); + ERROR_OUT(-8523, exit); } ret = wc_ecc_make_key(rng, 32, &certPubKey); @@ -15307,12 +15914,12 @@ static int ecc_test_cert_gen(WC_RNG* rng) ret = wc_AsyncWait(ret, &certPubKey.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); #endif if (ret != 0) { - ERROR_OUT(-6726, exit); + ERROR_OUT(-8524, exit); } /* Setup Certificate */ if (wc_InitCert(&myCert)) { - ERROR_OUT(-6727, exit); + ERROR_OUT(-8525, exit); } #ifndef NO_SHA256 @@ -15332,17 +15939,17 @@ static int ecc_test_cert_gen(WC_RNG* rng) /* add SKID from the Public Key */ if (wc_SetSubjectKeyIdFromPublicKey(&myCert, NULL, &certPubKey) != 0) { - ERROR_OUT(-6728, exit); + ERROR_OUT(-8526, exit); } /* add AKID from the Public Key */ if (wc_SetAuthKeyIdFromPublicKey(&myCert, NULL, &caEccKey) != 0) { - ERROR_OUT(-6729, exit); + ERROR_OUT(-8527, exit); } /* add Key Usage */ if (wc_SetKeyUsage(&myCert, certKeyUsage) != 0) { - ERROR_OUT(-6730, exit); + ERROR_OUT(-8528, exit); } #endif /* WOLFSSL_CERT_EXT */ @@ -15366,12 +15973,12 @@ static int ecc_test_cert_gen(WC_RNG* rng) #endif #endif /* ENABLE_ECC384_CERT_GEN_TEST */ if (ret < 0) { - ERROR_OUT(-6731, exit); + ERROR_OUT(-8529, exit); } certSz = wc_MakeCert(&myCert, der, FOURK_BUF, NULL, &certPubKey, rng); if (certSz < 0) { - ERROR_OUT(-6732, exit); + ERROR_OUT(-8530, exit); } ret = 0; @@ -15385,7 +15992,7 @@ static int ecc_test_cert_gen(WC_RNG* rng) } } while (ret == WC_PENDING_E); if (ret < 0) { - ERROR_OUT(-6733, exit); + ERROR_OUT(-8531, exit); } certSz = ret; @@ -15394,7 +16001,7 @@ static int ecc_test_cert_gen(WC_RNG* rng) ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0); if (ret != 0) { FreeDecodedCert(&decode); - ERROR_OUT(-6734, exit); + ERROR_OUT(-8532, exit); } FreeDecodedCert(&decode); @@ -15434,7 +16041,7 @@ int ecc_test(void) ret = wc_InitRng(&rng); #endif if (ret != 0) - return -6800; + return -8600; #if defined(HAVE_ECC112) || defined(HAVE_ALL_CURVES) ret = ecc_test_curve(&rng, 14); @@ -15579,7 +16186,7 @@ int ecc_encrypt_test(void) ret = wc_InitRng(&rng); #endif if (ret != 0) - return -6900; + return -8700; XMEMSET(&userA, 0, sizeof(userA)); XMEMSET(&userB, 0, sizeof(userB)); @@ -15596,7 +16203,7 @@ int ecc_encrypt_test(void) ret = wc_AsyncWait(ret, &userA.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (ret != 0){ - ret = -6901; goto done; + ret = -8701; goto done; } ret = wc_ecc_make_key(&rng, 32, &userB); @@ -15604,7 +16211,7 @@ int ecc_encrypt_test(void) ret = wc_AsyncWait(ret, &userB.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (ret != 0){ - ret = -6902; goto done; + ret = -8702; goto done; } /* set message to incrementing 0,1,2,etc... */ @@ -15614,36 +16221,36 @@ int ecc_encrypt_test(void) /* encrypt msg to B */ ret = wc_ecc_encrypt(&userA, &userB, msg, sizeof(msg), out, &outSz, NULL); if (ret != 0) { - ret = -6903; goto done; + ret = -8703; goto done; } /* decrypt msg from A */ ret = wc_ecc_decrypt(&userB, &userA, out, outSz, plain, &plainSz, NULL); if (ret != 0) { - ret = -6904; goto done; + ret = -8704; goto done; } if (XMEMCMP(plain, msg, sizeof(msg)) != 0) { - ret = -6905; goto done; + ret = -8705; goto done; } /* let's verify message exchange works, A is client, B is server */ cliCtx = wc_ecc_ctx_new(REQ_RESP_CLIENT, &rng); srvCtx = wc_ecc_ctx_new(REQ_RESP_SERVER, &rng); if (cliCtx == NULL || srvCtx == NULL) { - ret = -6906; goto done; + ret = -8706; goto done; } /* get salt to send to peer */ tmpSalt = wc_ecc_ctx_get_own_salt(cliCtx); if (tmpSalt == NULL) { - ret = -6907; goto done; + ret = -8707; goto done; } XMEMCPY(cliSalt, tmpSalt, EXCHANGE_SALT_SZ); tmpSalt = wc_ecc_ctx_get_own_salt(srvCtx); if (tmpSalt == NULL) { - ret = -6908; goto done; + ret = -8708; goto done; } XMEMCPY(srvSalt, tmpSalt, EXCHANGE_SALT_SZ); @@ -15675,7 +16282,7 @@ int ecc_encrypt_test(void) goto done; if (XMEMCMP(plain, msg, sizeof(msg)) != 0) { - ret = -6909; goto done; + ret = -8709; goto done; } /* msg2 (response) from B to A */ @@ -15695,7 +16302,7 @@ int ecc_encrypt_test(void) goto done; if (XMEMCMP(plain2, msg2, sizeof(msg2)) != 0) { - ret = -6910; goto done; + ret = -8710; goto done; } done: @@ -15734,7 +16341,7 @@ int ecc_test_buffers(void) { ret = wc_EccPrivateKeyDecode(ecc_clikey_der_256, &idx, &cliKey, (word32)bytes); if (ret != 0) - return -6915; + return -8711; idx = 0; bytes = (size_t)sizeof_ecc_key_der_256; @@ -15743,7 +16350,7 @@ int ecc_test_buffers(void) { ret = wc_EccPrivateKeyDecode(ecc_key_der_256, &idx, &servKey, (word32)bytes); if (ret != 0) - return -6916; + return -8712; #ifndef HAVE_FIPS ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); @@ -15751,7 +16358,7 @@ int ecc_test_buffers(void) { ret = wc_InitRng(&rng); #endif if (ret != 0) - return -6917; + return -8713; #if defined(HAVE_ECC_ENCRYPT) && defined(HAVE_HKDF) { @@ -15760,15 +16367,15 @@ int ecc_test_buffers(void) { x = sizeof(out); ret = wc_ecc_encrypt(&cliKey, &servKey, in, sizeof(in), out, &x, NULL); if (ret < 0) - return -6918; + return -8714; y = sizeof(plain); ret = wc_ecc_decrypt(&cliKey, &servKey, out, x, plain, &y, NULL); if (ret < 0) - return -6919; + return -8715; if (XMEMCMP(plain, in, inLen)) - return -6920; + return -8716; } #endif @@ -15776,16 +16383,16 @@ int ecc_test_buffers(void) { x = sizeof(out); ret = wc_ecc_sign_hash(in, inLen, out, &x, &rng, &cliKey); if (ret < 0) - return -6921; + return -8717; XMEMSET(plain, 0, sizeof(plain)); ret = wc_ecc_verify_hash(out, x, plain, sizeof(plain), &verify, &cliKey); if (ret < 0) - return -6922; + return -8718; if (XMEMCMP(plain, in, (word32)ret)) - return -6923; + return -8719; #ifdef WOLFSSL_CERT_EXT idx = 0; @@ -15795,7 +16402,7 @@ int ecc_test_buffers(void) { ret = wc_EccPublicKeyDecode(ecc_clikeypub_der_256, &idx, &cliKey, (word32) bytes); if (ret != 0) - return -6924; + return -8720; #endif wc_ecc_free(&cliKey); @@ -15877,7 +16484,7 @@ int curve25519_test(void) ret = wc_InitRng(&rng); #endif if (ret != 0) - return -7000; + return -8800; wc_curve25519_init(&userA); wc_curve25519_init(&userB); @@ -15885,38 +16492,38 @@ int curve25519_test(void) /* make curve25519 keys */ if (wc_curve25519_make_key(&rng, 32, &userA) != 0) - return -7001; + return -8801; if (wc_curve25519_make_key(&rng, 32, &userB) != 0) - return -7002; + return -8802; #ifdef HAVE_CURVE25519_SHARED_SECRET /* find shared secret key */ x = sizeof(sharedA); if (wc_curve25519_shared_secret(&userA, &userB, sharedA, &x) != 0) - return -7003; + return -8803; y = sizeof(sharedB); if (wc_curve25519_shared_secret(&userB, &userA, sharedB, &y) != 0) - return -7004; + return -8804; /* compare shared secret keys to test they are the same */ if (y != x) - return -7005; + return -8805; if (XMEMCMP(sharedA, sharedB, x)) - return -7006; + return -8806; #endif #ifdef HAVE_CURVE25519_KEY_EXPORT /* export a public key and import it for another user */ x = sizeof(exportBuf); if (wc_curve25519_export_public(&userA, exportBuf, &x) != 0) - return -7007; + return -8807; #ifdef HAVE_CURVE25519_KEY_IMPORT if (wc_curve25519_import_public(exportBuf, x, &pubKey) != 0) - return -7008; + return -8808; #endif #endif @@ -15925,60 +16532,60 @@ int curve25519_test(void) XMEMSET(sharedB, 0, sizeof(sharedB)); y = sizeof(sharedB); if (wc_curve25519_shared_secret(&userB, &pubKey, sharedB, &y) != 0) - return -7009; + return -8809; if (XMEMCMP(sharedA, sharedB, y)) - return -7010; + return -8810; /* import RFC test vectors and compare shared key */ if (wc_curve25519_import_private_raw(sa, sizeof(sa), pa, sizeof(pa), &userA) != 0) - return -7011; + return -8811; if (wc_curve25519_import_private_raw(sb, sizeof(sb), pb, sizeof(pb), &userB) != 0) - return -7012; + return -8812; /* test against known test vector */ XMEMSET(sharedB, 0, sizeof(sharedB)); y = sizeof(sharedB); if (wc_curve25519_shared_secret(&userA, &userB, sharedB, &y) != 0) - return -7013; + return -8813; if (XMEMCMP(ss, sharedB, y)) - return -7014; + return -8814; /* test swaping roles of keys and generating same shared key */ XMEMSET(sharedB, 0, sizeof(sharedB)); y = sizeof(sharedB); if (wc_curve25519_shared_secret(&userB, &userA, sharedB, &y) != 0) - return -7015; + return -8815; if (XMEMCMP(ss, sharedB, y)) - return -7016; + return -8816; /* test with 1 generated key and 1 from known test vector */ if (wc_curve25519_import_private_raw(sa, sizeof(sa), pa, sizeof(pa), &userA) != 0) - return -7017; + return -8817; if (wc_curve25519_make_key(&rng, 32, &userB) != 0) - return -7018; + return -8818; x = sizeof(sharedA); if (wc_curve25519_shared_secret(&userA, &userB, sharedA, &x) != 0) - return -7019; + return -8819; y = sizeof(sharedB); if (wc_curve25519_shared_secret(&userB, &userA, sharedB, &y) != 0) - return -7020; + return -8820; /* compare shared secret keys to test they are the same */ if (y != x) - return -7021; + return -8821; if (XMEMCMP(sharedA, sharedB, x)) - return -7022; + return -8822; #endif /* HAVE_CURVE25519_SHARED_SECRET */ /* clean up keys when done */ @@ -16012,7 +16619,7 @@ static int ed25519_test_cert(void) tmp = XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (tmp == NULL) { - ERROR_OUT(-7200, done); + ERROR_OUT(-8823, done); } #ifdef USE_CERT_BUFFERS_256 @@ -16021,20 +16628,20 @@ static int ed25519_test_cert(void) #elif !defined(NO_FILESYSTEM) file = fopen(caEd25519Cert, "rb"); if (file == NULL) { - ERROR_OUT(-7201, done); + ERROR_OUT(-8824, done); } bytes = fread(tmp, 1, FOURK_BUF, file); fclose(file); #else /* No certificate to use. */ - ERROR_OUT(-7202, done); + ERROR_OUT(-8825, done); #endif InitDecodedCert(&cert[0], tmp, (word32)bytes, 0); caCert = &cert[0]; ret = ParseCert(caCert, CERT_TYPE, NO_VERIFY, NULL); if (ret != 0) { - ERROR_OUT(-7203, done); + ERROR_OUT(-8826, done); } #ifdef USE_CERT_BUFFERS_256 @@ -16043,39 +16650,39 @@ static int ed25519_test_cert(void) #elif !defined(NO_FILESYSTEM) file = fopen(serverEd25519Cert, "rb"); if (file == NULL) { - ERROR_OUT(-7204, done); + ERROR_OUT(-8827, done); } bytes = fread(tmp, 1, FOURK_BUF, file); fclose(file); #else /* No certificate to use. */ - ERROR_OUT(-7205, done); + ERROR_OUT(-8828, done); #endif InitDecodedCert(&cert[1], tmp, (word32)bytes, 0); serverCert = &cert[1]; ret = ParseCert(serverCert, CERT_TYPE, NO_VERIFY, NULL); if (ret != 0) { - ERROR_OUT(-7206, done); + ERROR_OUT(-8829, done); } #ifdef HAVE_ED25519_VERIFY ret = wc_ed25519_init(&key); if (ret < 0) { - ERROR_OUT(-7207, done); + ERROR_OUT(-8830, done); } pubKey = &key; ret = wc_ed25519_import_public(caCert->publicKey, caCert->pubKeySize, pubKey); if (ret < 0) { - ERROR_OUT(-7208, done); + ERROR_OUT(-8831, done); } if (wc_ed25519_verify_msg(serverCert->signature, serverCert->sigLength, serverCert->source + serverCert->certBegin, serverCert->sigIndex - serverCert->certBegin, &verify, pubKey) < 0 || verify != 1) { - ERROR_OUT(-7209, done); + ERROR_OUT(-8832, done); } #endif /* HAVE_ED25519_VERIFY */ @@ -16111,7 +16718,7 @@ static int ed25519_test_make_cert(void) ret = wc_InitRng(&rng); #endif if (ret != 0) - return -7220; + return -8833; wc_ed25519_init(&key); privKey = &key; @@ -16125,38 +16732,38 @@ static int ed25519_test_make_cert(void) #ifdef WOLFSSL_CERT_EXT ret = wc_SetKeyUsage(&cert, certKeyUsage); if (ret < 0) { - ERROR_OUT(-7221, done); + ERROR_OUT(-8834, done); } ret = wc_SetSubjectKeyIdFromPublicKey_ex(&cert, ED25519_TYPE, privKey); if (ret < 0) { - ERROR_OUT(-7222, done); + ERROR_OUT(-8835, done); } ret = wc_SetAuthKeyIdFromPublicKey_ex(&cert, ED25519_TYPE, privKey); if (ret < 0) { - ERROR_OUT(-7223, done); + ERROR_OUT(-8836, done); } #endif tmp = XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (tmp == NULL) { - ERROR_OUT(-7224, done); + ERROR_OUT(-8837, done); } cert.sigType = CTC_ED25519; ret = wc_MakeCert_ex(&cert, tmp, FOURK_BUF, ED25519_TYPE, privKey, &rng); if (ret < 0) { - ERROR_OUT(-7225, done); + ERROR_OUT(-8838, done); } ret = wc_SignCert_ex(cert.bodySz, cert.sigType, tmp, FOURK_BUF, ED25519_TYPE, privKey, &rng); if (ret < 0) { - ERROR_OUT(-7226, done); + ERROR_OUT(-8839, done); } InitDecodedCert(&decode, tmp, ret, HEAP_HINT); ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0); FreeDecodedCert(&decode); if (ret != 0) { - ERROR_OUT(-7227, done); + ERROR_OUT(-8840, done); } done: @@ -16517,7 +17124,7 @@ int ed25519_test(void) ret = wc_InitRng(&rng); #endif if (ret != 0) - return -7100; + return -8900; wc_ed25519_init(&key); wc_ed25519_init(&key2); @@ -16536,57 +17143,57 @@ int ed25519_test(void) if (wc_ed25519_import_private_key(sKeys[i], ED25519_KEY_SIZE, pKeys[i], pKeySz[i], &key) != 0) - return -7101 - i; + return -8901 - i; if (wc_ed25519_sign_msg(msgs[i], msgSz[i], out, &outlen, &key) != 0) - return -7111 - i; + return -8911 - i; if (XMEMCMP(out, sigs[i], 64)) - return -7121 - i; + return -8921 - i; #if defined(HAVE_ED25519_VERIFY) /* test verify on good msg */ if (wc_ed25519_verify_msg(out, outlen, msgs[i], msgSz[i], &verify, &key) != 0 || verify != 1) - return -7131 - i; + return -8931 - i; /* test verify on bad msg */ out[outlen-1] = out[outlen-1] + 1; if (wc_ed25519_verify_msg(out, outlen, msgs[i], msgSz[i], &verify, &key) == 0 || verify == 1) - return -7141 - i; + return -8941 - i; #endif /* HAVE_ED25519_VERIFY */ /* test api for import/exporting keys */ exportPSz = sizeof(exportPKey); exportSSz = sizeof(exportSKey); if (wc_ed25519_export_public(&key, exportPKey, &exportPSz) != 0) - return -7151 - i; + return -8951 - i; if (wc_ed25519_import_public(exportPKey, exportPSz, &key2) != 0) - return -7161 - i; + return -8961 - i; if (wc_ed25519_export_private_only(&key, exportSKey, &exportSSz) != 0) - return -7171 - i; + return -8971 - i; if (wc_ed25519_import_private_key(exportSKey, exportSSz, exportPKey, exportPSz, &key2) != 0) - return -7181 - i; + return -8981 - i; /* clear "out" buffer and test sign with imported keys */ outlen = sizeof(out); XMEMSET(out, 0, sizeof(out)); if (wc_ed25519_sign_msg(msgs[i], msgSz[i], out, &outlen, &key2) != 0) - return -7191 - i; + return -8991 - i; #if defined(HAVE_ED25519_VERIFY) if (wc_ed25519_verify_msg(out, outlen, msgs[i], msgSz[i], &verify, &key2) != 0 || verify != 1) - return -7201 - i; + return -9001 - i; if (XMEMCMP(out, sigs[i], 64)) - return -7211 - i; + return -9011 - i; #endif /* HAVE_ED25519_VERIFY */ } #endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_EXPORT && HAVE_ED25519_KEY_IMPORT */ @@ -16788,34 +17395,34 @@ int cmac_test(void) XMEMSET(tag, 0, sizeof(tag)); tagSz = AES_BLOCK_SIZE; if (wc_InitCmac(&cmac, tc->k, tc->kSz, tc->type, NULL) != 0) - return -7300; + return -9100; if (tc->partial) { if (wc_CmacUpdate(&cmac, tc->m, tc->mSz/2 - tc->partial) != 0) - return -7301; + return -9101; if (wc_CmacUpdate(&cmac, tc->m + tc->mSz/2 - tc->partial, tc->mSz/2 + tc->partial) != 0) - return -7302; + return -9102; } else { if (wc_CmacUpdate(&cmac, tc->m, tc->mSz) != 0) - return -7303; + return -9103; } if (wc_CmacFinal(&cmac, tag, &tagSz) != 0) - return -7304; + return -9104; if (XMEMCMP(tag, tc->t, AES_BLOCK_SIZE) != 0) - return -7305; + return -9105; XMEMSET(tag, 0, sizeof(tag)); tagSz = sizeof(tag); if (wc_AesCmacGenerate(tag, &tagSz, tc->m, tc->mSz, tc->k, tc->kSz) != 0) - return -7306; + return -9106; if (XMEMCMP(tag, tc->t, AES_BLOCK_SIZE) != 0) - return -7307; + return -9107; if (wc_AesCmacVerify(tc->t, tc->tSz, tc->m, tc->mSz, tc->k, tc->kSz) != 0) - return -7308; + return -9108; } return 0; @@ -16914,7 +17521,7 @@ int compress_test(void) c = XMALLOC(cSz * sizeof(byte), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); d = XMALLOC(dSz * sizeof(byte), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (c == NULL || d == NULL) { - ERROR_OUT(-7400, exit); + ERROR_OUT(-9200, exit); } /* follow calloc and initialize to 0 */ @@ -16922,16 +17529,16 @@ int compress_test(void) XMEMSET(d, 0, dSz); if ((ret = wc_Compress(c, cSz, sample_text, dSz, 0)) < 0) { - ERROR_OUT(-7401, exit); + ERROR_OUT(-9201, exit); } cSz = (word32)ret; if ((ret = wc_DeCompress(d, dSz, c, cSz)) != (int)dSz) { - ERROR_OUT(-7402, exit); + ERROR_OUT(-9202, exit); } if (XMEMCMP(d, sample_text, dSz)) { - ERROR_OUT(-7403, exit); + ERROR_OUT(-9203, exit); } ret = 0; @@ -16997,20 +17604,20 @@ static int pkcs7_load_certs_keys(byte* rsaCert, word32* rsaCertSz, #ifdef USE_CERT_BUFFERS_1024 if (*rsaCertSz < (word32)sizeof_client_cert_der_1024) - return -7410; + return -9204; XMEMCPY(rsaCert, client_cert_der_1024, sizeof_client_cert_der_1024); *rsaCertSz = sizeof_client_cert_der_1024; #elif defined(USE_CERT_BUFFERS_2048) if (*rsaCertSz < (word32)sizeof_client_cert_der_2048) - return -7411; + return -9205; XMEMCPY(rsaCert, client_cert_der_2048, sizeof_client_cert_der_2048); *rsaCertSz = sizeof_client_cert_der_2048; #else certFile = fopen(clientCert, "rb"); if (!certFile) - return -7412; + return -9206; *rsaCertSz = (word32)fread(rsaCert, 1, *rsaCertSz, certFile); fclose(certFile); @@ -17018,20 +17625,20 @@ static int pkcs7_load_certs_keys(byte* rsaCert, word32* rsaCertSz, #ifdef USE_CERT_BUFFERS_1024 if (*rsaPrivKeySz < (word32)sizeof_client_key_der_1024) - return -7413; + return -9207; XMEMCPY(rsaPrivKey, client_key_der_1024, sizeof_client_key_der_1024); *rsaPrivKeySz = sizeof_client_key_der_1024; #elif defined(USE_CERT_BUFFERS_2048) if (*rsaPrivKeySz < (word32)sizeof_client_key_der_2048) - return -7414; + return -9208; XMEMCPY(rsaPrivKey, client_key_der_2048, sizeof_client_key_der_2048); *rsaPrivKeySz = sizeof_client_key_der_2048; #else keyFile = fopen(clientKey, "rb"); if (!keyFile) - return -7415; + return -9209; *rsaPrivKeySz = (word32)fread(rsaPrivKey, 1, *rsaPrivKeySz, keyFile); fclose(keyFile); @@ -17044,14 +17651,14 @@ static int pkcs7_load_certs_keys(byte* rsaCert, word32* rsaCertSz, #ifdef USE_CERT_BUFFERS_256 if (*eccCertSz < (word32)sizeof_cliecc_cert_der_256) - return -7416; + return -9210; XMEMCPY(eccCert, cliecc_cert_der_256, sizeof_cliecc_cert_der_256); *eccCertSz = sizeof_cliecc_cert_der_256; #else certFile = fopen(eccClientCert, "rb"); if (!certFile) - return -7417; + return -9211; *eccCertSz = (word32)fread(eccCert, 1, *eccCertSz, certFile); fclose(certFile); @@ -17059,14 +17666,14 @@ static int pkcs7_load_certs_keys(byte* rsaCert, word32* rsaCertSz, #ifdef USE_CERT_BUFFERS_256 if (*eccPrivKeySz < (word32)sizeof_ecc_clikey_der_256) - return -7418; + return -9212; XMEMCPY(eccPrivKey, ecc_clikey_der_256, sizeof_ecc_clikey_der_256); *eccPrivKeySz = sizeof_ecc_clikey_der_256; #else keyFile = fopen(eccClientKey, "rb"); if (!keyFile) - return -7419; + return -9213; *eccPrivKeySz = (word32)fread(eccPrivKey, 1, *eccPrivKeySz, keyFile); fclose(keyFile); @@ -17201,12 +17808,12 @@ static int pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz, ret = wc_PKCS7_Init(&pkcs7, HEAP_HINT, devId); if (ret != 0) - return -7419; + return -9214; ret = wc_PKCS7_InitWithCert(&pkcs7, testVectors[i].cert, (word32)testVectors[i].certSz); if (ret != 0) - return -7420; + return -9215; pkcs7.content = (byte*)testVectors[i].content; pkcs7.contentSz = testVectors[i].contentSz; @@ -17224,29 +17831,29 @@ static int pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz, sizeof(enveloped)); if (envelopedSz <= 0) { printf("DEBUG: i = %d, envelopedSz = %d\n", i, envelopedSz); - return -7421; + return -9216; } /* decode envelopedData */ decodedSz = wc_PKCS7_DecodeEnvelopedData(&pkcs7, enveloped, envelopedSz, decoded, sizeof(decoded)); if (decodedSz <= 0) - return -7422; + return -9217; /* test decode result */ if (XMEMCMP(decoded, data, sizeof(data)) != 0) - return -7423; + return -9218; #ifdef PKCS7_OUTPUT_TEST_BUNDLES /* output pkcs7 envelopedData for external testing */ pkcs7File = fopen(testVectors[i].outFileName, "wb"); if (!pkcs7File) - return -7424; + return -9219; ret = (int)fwrite(enveloped, 1, envelopedSz, pkcs7File); fclose(pkcs7File); if (ret != envelopedSz) { - return -7425; + return -9220; } #endif /* PKCS7_OUTPUT_TEST_BUNDLES */ @@ -17288,12 +17895,12 @@ int pkcs7enveloped_test(void) /* read client RSA cert and key in DER format */ rsaCert = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (rsaCert == NULL) - return -7500; + return -9300; rsaPrivKey = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (rsaPrivKey == NULL) { XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - return -7501; + return -9301; } rsaCertSz = FOURK_BUF; @@ -17308,7 +17915,7 @@ int pkcs7enveloped_test(void) XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); #endif - return -7504; + return -9302; } eccPrivKey =(byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); @@ -17318,7 +17925,7 @@ int pkcs7enveloped_test(void) XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); #endif XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - return -7505; + return -9303; } eccCertSz = FOURK_BUF; @@ -17504,7 +18111,7 @@ int pkcs7encrypted_test(void) for (i = 0; i < testSz; i++) { ret = wc_PKCS7_Init(&pkcs7, HEAP_HINT, devId); if (ret != 0) - return -7599; + return -9400; pkcs7.content = (byte*)testVectors[i].content; pkcs7.contentSz = testVectors[i].contentSz; @@ -17519,17 +18126,17 @@ int pkcs7encrypted_test(void) encryptedSz = wc_PKCS7_EncodeEncryptedData(&pkcs7, encrypted, sizeof(encrypted)); if (encryptedSz <= 0) - return -7600; + return -9401; /* decode encryptedData */ decodedSz = wc_PKCS7_DecodeEncryptedData(&pkcs7, encrypted, encryptedSz, decoded, sizeof(decoded)); if (decodedSz <= 0) - return -7601; + return -9402; /* test decode result */ if (XMEMCMP(decoded, data, sizeof(data)) != 0) - return -7602; + return -9403; /* verify decoded unprotected attributes */ if (pkcs7.decodedAttrib != NULL) { @@ -17545,12 +18152,12 @@ int pkcs7encrypted_test(void) /* verify oid */ if (XMEMCMP(decodedAttrib->oid, expectedAttrib->oid, decodedAttrib->oidSz) != 0) - return -7603; + return -9404; /* verify value */ if (XMEMCMP(decodedAttrib->value, expectedAttrib->value, decodedAttrib->valueSz) != 0) - return -7604; + return -9405; decodedAttrib = decodedAttrib->next; attribIdx++; @@ -17561,7 +18168,7 @@ int pkcs7encrypted_test(void) /* output pkcs7 envelopedData for external testing */ pkcs7File = fopen(testVectors[i].outFileName, "wb"); if (!pkcs7File) - return -7605; + return -9406; ret = (int)fwrite(encrypted, encryptedSz, 1, pkcs7File); fclose(pkcs7File); @@ -17725,12 +18332,12 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz, outSz = FOURK_BUF; out = (byte*)XMALLOC(outSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (out == NULL) - return -7700; + return -9407; ret = wc_PKCS7_PadData((byte*)data, sizeof(data), out, outSz, 16); if (ret < 0) { XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - return -7710; + return -9408; } #ifndef HAVE_FIPS @@ -17740,7 +18347,7 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz, #endif if (ret != 0) { XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - return -7701; + return -9409; } for (i = 0; i < testSz; i++) { @@ -17751,7 +18358,7 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz, if (ret != 0) { XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - return -7702; + return -9410; } pkcs7.rng = &rng; @@ -17773,7 +18380,7 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz, if (ret != 0) { XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_PKCS7_Free(&pkcs7); - return -7703; + return -9411; } } @@ -17796,7 +18403,7 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz, if (ret != 0) { XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_PKCS7_Free(&pkcs7); - return -7704; + return -9412; } wc_ShaUpdate(&sha, pkcs7.publicKey, pkcs7.publicKeySz); wc_ShaFinal(&sha, digest); @@ -17806,7 +18413,7 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz, if (ret != 0) { XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_PKCS7_Free(&pkcs7); - return -7704; + return -9413; } wc_Sha256Update(&sha, pkcs7.publicKey, pkcs7.publicKeySz); wc_Sha256Final(&sha, digest); @@ -17822,7 +18429,7 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz, if (encodedSz < 0) { XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_PKCS7_Free(&pkcs7); - return -7705; + return -9414; } #ifdef PKCS7_OUTPUT_TEST_BUNDLES @@ -17831,14 +18438,14 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz, if (!file) { XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_PKCS7_Free(&pkcs7); - return -7706; + return -9415; } ret = (int)fwrite(out, 1, encodedSz, file); fclose(file); if (ret != (int)encodedSz) { XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_PKCS7_Free(&pkcs7); - return -7707; + return -9416; } #endif /* PKCS7_OUTPUT_TEST_BUNDLES */ @@ -17849,13 +18456,13 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz, if (ret < 0) { XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_PKCS7_Free(&pkcs7); - return -7708; + return -9417; } if (pkcs7.singleCert == NULL || pkcs7.singleCertSz == 0) { XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_PKCS7_Free(&pkcs7); - return -7709; + return -9418; } @@ -17875,13 +18482,13 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz, NULL, (word32*)&bufSz) != LENGTH_ONLY_E) { XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_PKCS7_Free(&pkcs7); - return -7710; + return -9419; } if (bufSz > (int)sizeof(buf)) { XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_PKCS7_Free(&pkcs7); - return -7711; + return -9420; } bufSz = wc_PKCS7_GetAttributeValue(&pkcs7, oidPt, oidSz, @@ -17890,7 +18497,7 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz, (testVectors[i].signedAttribs == NULL && bufSz > 0)) { XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_PKCS7_Free(&pkcs7); - return -7712; + return -9421; } } @@ -17899,7 +18506,7 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz, if (!file) { XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_PKCS7_Free(&pkcs7); - return -7713; + return -9422; } ret = (int)fwrite(pkcs7.singleCert, 1, pkcs7.singleCertSz, file); fclose(file); @@ -17949,12 +18556,12 @@ int pkcs7signed_test(void) /* read client RSA cert and key in DER format */ rsaCert = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (rsaCert == NULL) - return -7720; + return -9500; rsaPrivKey = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (rsaPrivKey == NULL) { XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - return -7721; + return -9501; } rsaCertSz = FOURK_BUF; @@ -17967,7 +18574,7 @@ int pkcs7signed_test(void) if (eccCert == NULL) { XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - return -7722; + return -9502; } eccPrivKey =(byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); @@ -17975,7 +18582,7 @@ int pkcs7signed_test(void) XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - return -7723; + return -9503; } eccCertSz = FOURK_BUF; @@ -18047,7 +18654,7 @@ int mp_test(void) ret = mp_init_multi(&a, &b, &r1, &r2, NULL, NULL); if (ret != 0) - return -7800; + return -9600; mp_init_copy(&p, &a); @@ -18062,62 +18669,62 @@ int mp_test(void) #if defined(HAVE_ECC) || defined(WOLFSSL_KEY_GEN) mp_set_int(&a, 0); if (a.used != 0 || a.dp[0] != 0) - return -7801; + return -9601; for (j = 1; j <= MP_MAX_TEST_BYTE_LEN; j++) { for (i = 0; i < 4 * j; i++) { /* New values to use. */ ret = randNum(&p, j, &rng, NULL); if (ret != 0) - return -7802; + return -9602; ret = randNum(&a, j, &rng, NULL); if (ret != 0) - return -7803; + return -9603; ret = randNum(&b, j, &rng, NULL); if (ret != 0) - return -7804; + return -9604; ret = wc_RNG_GenerateBlock(&rng, (byte*)&d, sizeof(d)); if (ret != 0) - return -7805; + return -9605; d &= MP_MASK; /* Ensure sqrmod produce same result as mulmod. */ ret = mp_sqrmod(&a, &p, &r1); if (ret != 0) - return -7806; + return -9606; ret = mp_mulmod(&a, &a, &p, &r2); if (ret != 0) - return -7807; + return -9607; if (mp_cmp(&r1, &r2) != 0) - return -7808; + return -9608; /* Ensure add with mod produce same result as sub with mod. */ ret = mp_addmod(&a, &b, &p, &r1); if (ret != 0) - return -7809; + return -9609; b.sign ^= 1; ret = mp_submod(&a, &b, &p, &r2); if (ret != 0) - return -7810; + return -9610; if (mp_cmp(&r1, &r2) != 0) - return -7811; + return -9611; /* Ensure add digit produce same result as sub digit. */ ret = mp_add_d(&a, d, &r1); if (ret != 0) - return -7812; + return -9612; ret = mp_sub_d(&r1, d, &r2); if (ret != 0) - return -7813; + return -9613; if (mp_cmp(&a, &r2) != 0) - return -7814; + return -9614; /* Invert - if p is even it will use the slow impl. * - if p and a are even it will fail. */ ret = mp_invmod(&a, &p, &r1); if (ret != 0 && ret != MP_VAL) - return -7815; + return -9615; ret = 0; /* Shift up and down number all bits in a digit. */ @@ -18125,12 +18732,12 @@ int mp_test(void) mp_mul_2d(&a, k, &r1); mp_div_2d(&r1, k, &r2, &p); if (mp_cmp(&a, &r2) != 0) - return -7816; + return -9616; if (!mp_iszero(&p)) - return -7817; + return -9617; mp_rshb(&r1, k); if (mp_cmp(&a, &r1) != 0) - return -7818; + return -9618; } } } @@ -18139,14 +18746,14 @@ int mp_test(void) d &= 0xffffffff; mp_set_int(&a, d); if (a.used != 1 || a.dp[0] != d) - return -7819; + return -9619; /* Check setting a bit and testing a bit works. */ for (i = 0; i < MP_MAX_TEST_BYTE_LEN * 8; i++) { mp_zero(&a); mp_set_bit(&a, i); if (!mp_is_bit_set(&a, i)) - return -7820; + return -9620; } #endif @@ -18221,51 +18828,51 @@ int berder_test(void) for (i = 0; i < (int)(sizeof(testData) / sizeof(*testData)); i++) { ret = wc_BerToDer(testData[i].in, testData[i].inSz, NULL, &len); if (ret != LENGTH_ONLY_E) - return -7830 - i; + return -9700 - i; if (len != testData[i].outSz) - return -7840 - i; + return -9710 - i; len = testData[i].outSz; ret = wc_BerToDer(testData[i].in, testData[i].inSz, out, &len); if (ret != 0) - return -7850 - i; + return -9720 - i; if (XMEMCMP(out, testData[i].out, len) != 0) - return -7860 - i; + return -9730 - i; for (l = 1; l < testData[i].inSz; l++) { ret = wc_BerToDer(testData[i].in, l, NULL, &len); if (ret != ASN_PARSE_E) - return -7870; + return -9740; len = testData[i].outSz; ret = wc_BerToDer(testData[i].in, l, out, &len); if (ret != ASN_PARSE_E) - return -7871; + return -9741; } } ret = wc_BerToDer(NULL, 4, NULL, NULL); if (ret != BAD_FUNC_ARG) - return -7880; + return -9742; ret = wc_BerToDer(out, 4, NULL, NULL); if (ret != BAD_FUNC_ARG) - return -7881; + return -9743; ret = wc_BerToDer(NULL, 4, NULL, &len); if (ret != BAD_FUNC_ARG) - return -7882; + return -9744; ret = wc_BerToDer(NULL, 4, out, NULL); if (ret != BAD_FUNC_ARG) - return -7883; + return -9745; ret = wc_BerToDer(out, 4, out, NULL); if (ret != BAD_FUNC_ARG) - return -7884; + return -9746; ret = wc_BerToDer(NULL, 4, out, &len); if (ret != BAD_FUNC_ARG) - return -7885; + return -9747; for (l = 1; l < sizeof(good4_out); l++) { len = l; ret = wc_BerToDer(good4_in, sizeof(good4_in), out, &len); if (ret != BUFFER_E) - return -7890; + return -9748; } return 0; @@ -18294,10 +18901,10 @@ int logging_test(void) b[i] = i; if (wolfSSL_Debugging_ON() != 0) - return -7900; + return -9800; if (wolfSSL_SetLoggingCb(my_Logging_cb) != 0) - return -7901; + return -9801; WOLFSSL_MSG(msg); WOLFSSL_BUFFER(a, sizeof(a)); @@ -18322,7 +18929,7 @@ int logging_test(void) /* check the logs were disabled */ if (i != log_cnt) - return -7904; + return -9802; /* restore callback and leave logging enabled */ wolfSSL_SetLoggingCb(NULL); @@ -18334,10 +18941,10 @@ int logging_test(void) #else if (wolfSSL_Debugging_ON() != NOT_COMPILED_IN) - return -7906; + return -9803; wolfSSL_Debugging_OFF(); if (wolfSSL_SetLoggingCb(NULL) != NOT_COMPILED_IN) - return -7907; + return -9804; #endif /* DEBUG_WOLFSSL */ return 0; } @@ -18350,25 +18957,25 @@ int mutex_test(void) #endif wolfSSL_Mutex *mm = wc_InitAndAllocMutex(); if (mm == NULL) - return -8000; + return -9900; wc_FreeMutex(mm); XFREE(mm, NULL, DYNAMIC_TYPE_MUTEX); #ifdef WOLFSSL_PTHREADS if (wc_InitMutex(&m) != 0) - return -8001; + return -9901; if (wc_LockMutex(&m) != 0) - return -8002; + return -9902; if (wc_FreeMutex(&m) != BAD_MUTEX_E) - return -8003; + return -9903; if (wc_UnLockMutex(&m) != 0) - return -8004; + return -9904; if (wc_FreeMutex(&m) != 0) - return -8005; + return -9905; if (wc_LockMutex(&m) != BAD_MUTEX_E) - return -8006; + return -9906; if (wc_UnLockMutex(&m) != BAD_MUTEX_E) - return -8007; + return -9907; #endif return 0; @@ -18405,12 +19012,12 @@ int memcb_test(void) /* Save existing memory callbacks */ if (wolfSSL_GetAllocators(&mc, &fc, &rc) != 0) - return -8100; + return -10000; /* test realloc */ b = (byte*)XREALLOC(b, 1024, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (b == NULL) { - ERROR_OUT(-8101, exit_memcb); + ERROR_OUT(-10001, exit_memcb); } XFREE(b, NULL, DYNAMIC_TYPE_TMP_BUFFER); b = NULL; @@ -18418,21 +19025,21 @@ int memcb_test(void) /* Parameter Validation testing. */ if (wolfSSL_SetAllocators(NULL, (wolfSSL_Free_cb)&my_Free_cb, (wolfSSL_Realloc_cb)&my_Realloc_cb) != BAD_FUNC_ARG) { - ERROR_OUT(-8102, exit_memcb); + ERROR_OUT(-10002, exit_memcb); } if (wolfSSL_SetAllocators((wolfSSL_Malloc_cb)&my_Malloc_cb, NULL, (wolfSSL_Realloc_cb)&my_Realloc_cb) != BAD_FUNC_ARG) { - ERROR_OUT(-8103, exit_memcb); + ERROR_OUT(-10003, exit_memcb); } if (wolfSSL_SetAllocators((wolfSSL_Malloc_cb)&my_Malloc_cb, (wolfSSL_Free_cb)&my_Free_cb, NULL) != BAD_FUNC_ARG) { - ERROR_OUT(-8104, exit_memcb); + ERROR_OUT(-10004, exit_memcb); } /* Use API. */ if (wolfSSL_SetAllocators((wolfSSL_Malloc_cb)&my_Malloc_cb, (wolfSSL_Free_cb)&my_Free_cb, (wolfSSL_Realloc_cb)my_Realloc_cb) != 0) { - ERROR_OUT(-8105, exit_memcb); + ERROR_OUT(-10005, exit_memcb); } b = (byte*)XMALLOC(1024, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -18444,7 +19051,7 @@ int memcb_test(void) #else if (malloc_cnt != 0 || free_cnt != 0 || realloc_cnt != 0) #endif - ret = -8106; + ret = -10006; exit_memcb: @@ -18487,45 +19094,45 @@ int blob_test(void) outSz = sizeof(blob); ret = wc_caamCreateBlob((byte*)iv, sizeof(iv), blob, &outSz); if (ret != 0) { - ERROR_OUT(-8200, exit_blob); + ERROR_OUT(-10100, exit_blob); } blob[outSz - 2] += 1; ret = wc_caamOpenBlob(blob, outSz, out, &outSz); if (ret == 0) { /* should fail with altered blob */ - ERROR_OUT(-8201, exit_blob); + ERROR_OUT(-10101, exit_blob); } memset(blob, 0, sizeof(blob)); outSz = sizeof(blob); ret = wc_caamCreateBlob((byte*)iv, sizeof(iv), blob, &outSz); if (ret != 0) { - ERROR_OUT(-8202, exit_blob); + ERROR_OUT(-10102, exit_blob); } ret = wc_caamOpenBlob(blob, outSz, out, &outSz); if (ret != 0) { - ERROR_OUT(-8203, exit_blob); + ERROR_OUT(-10103, exit_blob); } if (XMEMCMP(out, iv, sizeof(iv))) { - ERROR_OUT(-8204, exit_blob); + ERROR_OUT(-10104, exit_blob); } memset(blob, 0, sizeof(blob)); outSz = sizeof(blob); ret = wc_caamCreateBlob((byte*)text, sizeof(text), blob, &outSz); if (ret != 0) { - ERROR_OUT(-8205, exit_blob); + ERROR_OUT(-10105, exit_blob); } ret = wc_caamOpenBlob(blob, outSz, out, &outSz); if (ret != 0) { - ERROR_OUT(-8206, exit_blob); + ERROR_OUT(-10106, exit_blob); } if (XMEMCMP(out, text, sizeof(text))) { - ERROR_OUT(-8207, exit_blob); + ERROR_OUT(-10107, exit_blob); } exit_blob: @@ -18550,10 +19157,10 @@ int misc_test(void) for (j = 0; j < sizeof(data); j++) { if (j < i || j >= i + len) { if (data[j] == 0x00) - return -9000; + return -10200; } else if (data[j] != 0x00) - return -9001; + return -10201; } } } From cd9f86d921d387fa20d0fc336f24372def7980d5 Mon Sep 17 00:00:00 2001 From: C-Treff Date: Wed, 23 May 2018 10:33:56 +0200 Subject: [PATCH 069/146] time 64bit, test update 64bit settings for time is mandatory for INtime. Changed the project file. Test for ecc_test_buffers was unreliable, as the structs were not initialized befor usage. --- IDE/INTIME-RTOS/libwolfssl.vcxproj | 4 ++-- wolfcrypt/test/test.c | 3 +++ 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/IDE/INTIME-RTOS/libwolfssl.vcxproj b/IDE/INTIME-RTOS/libwolfssl.vcxproj index 5fc200943..72bdd824c 100755 --- a/IDE/INTIME-RTOS/libwolfssl.vcxproj +++ b/IDE/INTIME-RTOS/libwolfssl.vcxproj @@ -192,7 +192,7 @@ Async - _USRDLL;WOLFSSL_DLL;BUILDING_WOLFSSL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + _USRDLL;WOLFSSL_DLL;BUILDING_WOLFSSL;WOLFSSL_USER_SETTINGS;_USE_64BIT_TIME_T;%(PreprocessorDefinitions) $(ProjectDir);$(ProjectDir)..\..\;%(AdditionalIncludeDirectories) $(IntDir) $(IntDir) @@ -211,7 +211,7 @@ Async - _USRDLL;WOLFSSL_DLL;BUILDING_WOLFSSL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + _USRDLL;WOLFSSL_DLL;BUILDING_WOLFSSL;WOLFSSL_USER_SETTINGS;_USE_64BIT_TIME_T;%(PreprocessorDefinitions) $(ProjectDir);$(ProjectDir)..\..\;%(AdditionalIncludeDirectories) $(IntDir) $(IntDir) diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 314285f0c..4554cd83a 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -15729,6 +15729,9 @@ int ecc_test_buffers(void) { int verify = 0; word32 x; + memset(&cliKey, 0, sizeof(ecc_key)); + memset(&servKey, 0, sizeof(ecc_key)); + bytes = (size_t)sizeof_ecc_clikey_der_256; /* place client key into ecc_key struct cliKey */ ret = wc_EccPrivateKeyDecode(ecc_clikey_der_256, &idx, &cliKey, From 29d9759aa005aeb7b88c8f0d3c6f69b65cd54429 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Wed, 23 May 2018 11:53:33 -0600 Subject: [PATCH 070/146] check on cipher suites for AEAD --- wolfssl/internal.h | 24 ++++++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 09295cbc0..b4aa72d04 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -773,6 +773,25 @@ defined(BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384) || \ defined(BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384) #define BUILD_AESGCM +#else + /* No AES-GCM cipher suites available with build */ + #define NO_AESGCM_AEAD +#endif + +#if defined(BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256) || \ + defined(BUILD_TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256) || \ + defined(BUILD_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256) || \ + defined(BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256) || \ + defined(BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256) || \ + defined(BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256) || \ + defined(BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256) || \ + defined(BUILD_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256) || \ + defined(BUILD_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256) || \ + defined(BUILD_TLS_CHACHA20_POLY1305_SHA256) + /* Have an available ChaCha Poly cipher suite */ +#else + /* No ChaCha Poly cipher suites available with build */ + #define NO_CHAPOL_AEAD #endif #if defined(BUILD_TLS_RSA_WITH_HC_128_SHA) || \ @@ -810,8 +829,9 @@ #endif #if defined(WOLFSSL_MAX_STRENGTH) || \ - defined(HAVE_AESGCM) || defined(HAVE_AESCCM) || \ - (defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) + (defined(HAVE_AESGCM) && !defined(NO_AESGCM_AEAD)) || \ + defined(HAVE_AESCCM) || \ + (defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(NO_CHAPOL_AEAD)) #define HAVE_AEAD #endif From 4fd85853c5017329444ab53568614a28753989bb Mon Sep 17 00:00:00 2001 From: Tim Date: Wed, 23 May 2018 11:57:12 -0600 Subject: [PATCH 071/146] I think I now understand the trailing white space... --- tests/api.c | 57 +++++++++++++++++++++++++++-------------------------- 1 file changed, 29 insertions(+), 28 deletions(-) diff --git a/tests/api.c b/tests/api.c index 0bbe02feb..01c3d0b8e 100644 --- a/tests/api.c +++ b/tests/api.c @@ -14824,8 +14824,7 @@ static void test_wc_PKCS7_EncodeEncryptedData (void) NULL, sizeof(decoded)), BAD_FUNC_ARG); AssertIntEQ(wc_PKCS7_DecodeEncryptedData(&pkcs7, encrypted, encryptedSz, decoded, 0), BAD_FUNC_ARG); - /* Test - struct fields */ + /* Test struct fields */ tmpBytePtr = pkcs7.encryptionKey; pkcs7.encryptionKey = NULL; @@ -14841,15 +14840,18 @@ static void test_wc_PKCS7_EncodeEncryptedData (void) #endif } /* END test_wc_PKCS7_EncodeEncryptedData() */ + /*----------------------------------------------------------------------------* | hash.h Tests *----------------------------------------------------------------------------*/ -static int test_wc_HashInit(void) + + +static int test_wc_HashInit(void) { int ret = 0, i; /* 0 indicates tests passed, 1 indicates failure */ - wc_HashAlg hash; - + wc_HashAlg hash; + /* enum for holding supported algorithms, #ifndef's restrict if disabled */ enum wc_HashType enumArray[] = { #ifndef NO_MD5 @@ -14860,44 +14862,44 @@ static int test_wc_HashInit(void) #endif #ifndef WOLFSSL_SHA224 WC_HASH_TYPE_SHA224, - #endif - #ifndef NO_SHA256 - WC_HASH_TYPE_SHA256, - #endif - #ifndef WOLFSSL_SHA384 - WC_HASH_TYPE_SHA384, - #endif - #ifndef WOLFSSL_SHA512 - WC_HASH_TYPE_SHA512, - #endif - }; + #endif + #ifndef NO_SHA256 + WC_HASH_TYPE_SHA256, + #endif + #ifndef WOLFSSL_SHA384 + WC_HASH_TYPE_SHA384, + #endif + #ifndef WOLFSSL_SHA512 + WC_HASH_TYPE_SHA512, + #endif + }; /* dynamically finds the length */ - int enumlen = (sizeof(enumArray)/sizeof(enum wc_HashType)); + int enumlen = (sizeof(enumArray)/sizeof(enum wc_HashType)); /* For loop to test various arguments... */ - for(i = 0; i < enumlen; i++) { + for (i = 0; i < enumlen; i++) { /* check for bad args */ - if(wc_HashInit(&hash, enumArray[i]) == BAD_FUNC_ARG) { + if (wc_HashInit(&hash, enumArray[i]) == BAD_FUNC_ARG) { ret = 1; - break; + break; } /* check for null ptr */ - if(wc_HashInit(NULL, enumArray[i]) != BAD_FUNC_ARG) { + if (wc_HashInit(NULL, enumArray[i]) != BAD_FUNC_ARG) { ret = 1; - break; + break; } - }/* end of for loop */ + } /* end of for loop */ printf(testingFmt, "wc_HashInit()"); - if(ret==0) { /* all tests have passed */ + if (ret==0) { /* all tests have passed */ printf(resultFmt, passed); } - if(ret==1) { /* a test has failed */ + else { /* a test has failed */ printf(resultFmt, failed); } - return ret; -}/* end of test_wc_HashInit */ + return ret; +} /* end of test_wc_HashInit */ /*----------------------------------------------------------------------------* @@ -19050,7 +19052,6 @@ void ApiTest(void) test_wc_PKCS7_EncodeDecodeEnvelopedData(); test_wc_PKCS7_EncodeEncryptedData(); - printf(" End API Tests\n"); } From 89fbb1b40df63553f6520c0a4a61de9a1721514a Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Wed, 23 May 2018 12:07:35 -0600 Subject: [PATCH 072/146] only compile SEQ increment function in case of DTLS or HAVE_AEAD --- src/internal.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/internal.c b/src/internal.c index 8df6575bb..621975aba 100644 --- a/src/internal.c +++ b/src/internal.c @@ -5227,8 +5227,9 @@ void FreeSSL(WOLFSSL* ssl, void* heap) (void)heap; } -#if !defined(NO_OLD_TLS) || defined(HAVE_CHACHA) || defined(HAVE_AESCCM) \ - || defined(HAVE_AESGCM) || defined(WOLFSSL_DTLS) +#if !defined(NO_OLD_TLS) || defined(WOLFSSL_DTLS) || \ + ((defined(HAVE_CHACHA) || defined(HAVE_AESCCM) || defined(HAVE_AESGCM)) \ + && defined(HAVE_AEAD)) static INLINE void GetSEQIncrement(WOLFSSL* ssl, int verify, word32 seq[2]) { if (verify) { @@ -5342,7 +5343,6 @@ static INLINE void WriteSEQ(WOLFSSL* ssl, int verifyOrder, byte* out) } #endif - #ifdef WOLFSSL_DTLS /* functions for managing DTLS datagram reordering */ From b1ed852f363ce4fb85a1cf8638fa110b09ae223a Mon Sep 17 00:00:00 2001 From: John Safranek Date: Wed, 23 May 2018 11:29:16 -0700 Subject: [PATCH 073/146] Fix TCP with Timeout wolfSSL remains agnostic to network socket behavior be it blocking or non-blocking. The non-blocking flag was meant for the default EmbedRecvFrom() callback for use with UDP to assist the timing of the handshake. 1. Deprecate wolfSSL_set_using_nonblock() and wolfSSL_get_using_nonblock() for use with TLS sockets. They become don't-cares when used with TLS sessions. 2. Added functions wolfSSL_dtls_set_using_nonblock() and wolfSSL_dtls_get_using_nonblock(). 3. Removed a test case from EmbedReceive() that only applied to UDP. 4. Removed the checks for non-blocking sockets from EmbedReceive(). 5. Socket timeouts only apply to DTLS sessions. --- cyassl/ssl.h | 2 +- doc/dox_comments/header_files/ssl.h | 117 ++++++++++++++-------------- src/internal.c | 4 +- src/ssl.c | 53 +++++++++---- src/wolfio.c | 26 ++----- wolfssl/internal.h | 2 +- wolfssl/ssl.h | 7 +- 7 files changed, 111 insertions(+), 100 deletions(-) diff --git a/cyassl/ssl.h b/cyassl/ssl.h index 37b9a275d..d7a1a5bad 100644 --- a/cyassl/ssl.h +++ b/cyassl/ssl.h @@ -485,7 +485,6 @@ #define CyaDTLSv1_2_client_method wolfDTLSv1_2_client_method #define CyaDTLSv1_2_server_method wolfDTLSv1_2_server_method #define CyaSSL_set_group_messages wolfSSL_set_group_messages -#define CyaSSL_set_using_nonblock wolfSSL_set_using_nonblock #define CyaSSL_CTX_set_cipher_list wolfSSL_CTX_set_cipher_list #define CyaSSL_CTX_set_group_messages wolfSSL_CTX_set_group_messages #define CyaSSL_CTX_set_session_cache_mode wolfSSL_CTX_set_session_cache_mode @@ -623,6 +622,7 @@ #define CyaSSL_dtls_get_peer wolfSSL_dtls_get_peer #define CyaSSL_dtls_got_timeout wolfSSL_dtls_got_timeout #define CyaSSL_dtls_get_current_timeout wolfSSL_dtls_get_current_timeout +#define CyaSSL_set_using_nonblock wolfSSL_dtls_set_using_nonblock /* Certificate Manager */ #define CyaSSL_CertManagerNew wolfSSL_CertManagerNew diff --git a/doc/dox_comments/header_files/ssl.h b/doc/dox_comments/header_files/ssl.h index 3eba5f2ec..4c143c29c 100644 --- a/doc/dox_comments/header_files/ssl.h +++ b/doc/dox_comments/header_files/ssl.h @@ -1570,65 +1570,6 @@ WOLFSSL_API const char* wolfSSL_get_cipher_name(WOLFSSL* ssl); \sa wolfSSL_set_fd */ WOLFSSL_API int wolfSSL_get_fd(const WOLFSSL*); -/*! - \ingroup Setup - - \brief This function informs the WOLFSSL object that the underlying - I/O is non-blocking. After an application creates a WOLFSSL object, - if it will be used with a non-blocking socket, call - wolfSSL_set_using_nonblock() on it. This lets the WOLFSSL object know - that receiving EWOULDBLOCK means that the recvfrom call would - block rather than that it timed out. - - \return none No return. - - \param ssl pointer to the SSL session, created with wolfSSL_new(). - \param nonblock value used to set non-blocking flag on WOLFSSL object. - Use 1 to specify non-blocking, otherwise 0. - - _Example_ - \code - WOLFSSL* ssl = 0; - ... - wolfSSL_set_using_nonblock(ssl, 1); - \endcode - - \sa wolfSSL_get_using_nonblock - \sa wolfSSL_dtls_got_timeout - \sa wolfSSL_dtls_get_current_timeout -*/ -WOLFSSL_API void wolfSSL_set_using_nonblock(WOLFSSL*, int); -/*! - \ingroup IO - - \brief This function allows the application to determine if wolfSSL is - using non-blocking I/O. If wolfSSL is using non-blocking I/O, this - function will return 1, otherwise 0. After an application creates a - WOLFSSL object, if it will be used with a non-blocking socket, call - wolfSSL_set_using_nonblock() on it. This lets the WOLFSSL object know - that receiving EWOULDBLOCK means that the recvfrom call would block - rather than that it timed out. - - \return 0 underlying I/O is blocking. - \return 1 underlying I/O is non-blocking. - - \param ssl pointer to the SSL session, created with wolfSSL_new(). - - _Example_ - \code - int ret = 0; - WOLFSSL* ssl = 0; - ... - ret = wolfSSL_get_using_nonblock(ssl); - if (ret == 1) { - // underlying I/O is non-blocking - } - ... - \endcode - - \sa wolfSSL_set_session -*/ -WOLFSSL_API int wolfSSL_get_using_nonblock(WOLFSSL*); /*! \ingroup IO @@ -2996,6 +2937,64 @@ WOLFSSL_API int wolfSSL_CTX_set_cipher_list(WOLFSSL_CTX*, const char*); \sa wolfSSL_new */ WOLFSSL_API int wolfSSL_set_cipher_list(WOLFSSL*, const char*); +/*! + \brief This function informs the WOLFSSL DTLS object that the underlying + UDP I/O is non-blocking. After an application creates a WOLFSSL object, + if it will be used with a non-blocking UDP socket, call + wolfSSL_dtls_set_using_nonblock() on it. This lets the WOLFSSL object know + that receiving EWOULDBLOCK means that the recvfrom call would + block rather than that it timed out. + + \return none No return. + + \param ssl pointer to the DTLS session, created with wolfSSL_new(). + \param nonblock value used to set non-blocking flag on WOLFSSL object. + Use 1 to specify non-blocking, otherwise 0. + + _Example_ + \code + WOLFSSL* ssl = 0; + ... + wolfSSL_dtls_set_using_nonblock(ssl, 1); + \endcode + + \sa wolfSSL_dtls_get_using_nonblock + \sa wolfSSL_dtls_got_timeout + \sa wolfSSL_dtls_get_current_timeout +*/ +WOLFSSL_API void wolfSSL_dtls_set_using_nonblock(WOLFSSL*, int); +/*! + \brief This function allows the application to determine if wolfSSL is + using non-blocking I/O with UDP. If wolfSSL is using non-blocking I/O, this + function will return 1, otherwise 0. After an application creates a + WOLFSSL object, if it will be used with a non-blocking UDP socket, call + wolfSSL_dtls_set_using_nonblock() on it. This lets the WOLFSSL object know + that receiving EWOULDBLOCK means that the recvfrom call would block + rather than that it timed out. This function is only meaningful to DTLS + sessions. + + \return 0 underlying I/O is blocking. + \return 1 underlying I/O is non-blocking. + + \param ssl pointer to the DTLS session, created with wolfSSL_new(). + + _Example_ + \code + int ret = 0; + WOLFSSL* ssl = 0; + ... + ret = wolfSSL_dtls_get_using_nonblock(ssl); + if (ret == 1) { + // underlying I/O is non-blocking + } + ... + \endcode + + \sa wolfSSL_dtls_set_using_nonblock + \sa wolfSSL_dtls_got_timeout + \sa wolfSSL_dtls_set_using_nonblock +*/ +WOLFSSL_API int wolfSSL_dtls_get_using_nonblock(WOLFSSL*); /*! \brief This function returns the current timeout value in seconds for the WOLFSSL object. When using non-blocking sockets, something in the user diff --git a/src/internal.c b/src/internal.c index 42508d492..05eb34016 100644 --- a/src/internal.c +++ b/src/internal.c @@ -6311,8 +6311,8 @@ retry: ssl->options.isClosed = 1; return -1; + #ifdef WOLFSSL_DTLS case WOLFSSL_CBIO_ERR_TIMEOUT: - #ifdef WOLFSSL_DTLS if (IsDtlsNotSctpMode(ssl) && !ssl->options.handShakeDone && DtlsMsgPoolTimeout(ssl) == 0 && @@ -6320,8 +6320,8 @@ retry: goto retry; } - #endif return -1; + #endif default: return recvd; diff --git a/src/ssl.c b/src/ssl.c index fc65e21e8..9368bf524 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -737,14 +737,6 @@ int wolfSSL_get_fd(const WOLFSSL* ssl) } -int wolfSSL_get_using_nonblock(WOLFSSL* ssl) -{ - WOLFSSL_ENTER("wolfSSL_get_using_nonblock"); - WOLFSSL_LEAVE("wolfSSL_get_using_nonblock", ssl->options.usingNonblock); - return ssl->options.usingNonblock; -} - - int wolfSSL_dtls(WOLFSSL* ssl) { return ssl->options.dtls; @@ -752,13 +744,6 @@ int wolfSSL_dtls(WOLFSSL* ssl) #ifndef WOLFSSL_LEANPSK -void wolfSSL_set_using_nonblock(WOLFSSL* ssl, int nonblock) -{ - WOLFSSL_ENTER("wolfSSL_set_using_nonblock"); - ssl->options.usingNonblock = (nonblock != 0); -} - - int wolfSSL_dtls_set_peer(WOLFSSL* ssl, void* peer, unsigned int peerSz) { #ifdef WOLFSSL_DTLS @@ -8273,13 +8258,47 @@ int wolfSSL_set_cipher_list(WOLFSSL* ssl, const char* list) } +int wolfSSL_dtls_get_using_nonblock(WOLFSSL* ssl) +{ + int useNb = 0; + + WOLFSSL_ENTER("wolfSSL_dtls_get_using_nonblock"); + if (ssl->options.dtls) { +#ifdef WOLFSSL_DTLS + useNb = ssl->options.dtlsUseNonblock; +#endif + } + else { + WOLFSSL_MSG("wolfSSL_dtls_get_using_nonblock() is " + "DEPRECATED for non-DTLS use."); + } + return useNb; +} + + #ifndef WOLFSSL_LEANPSK + +void wolfSSL_dtls_set_using_nonblock(WOLFSSL* ssl, int nonblock) +{ + (void)nonblock; + + WOLFSSL_ENTER("wolfSSL_dtls_set_using_nonblock"); + if (ssl->options.dtls) { +#ifdef WOLFSSL_DTLS + ssl->options.dtlsUseNonblock = (nonblock != 0); +#endif + } + else { + WOLFSSL_MSG("wolfSSL_dtls_set_using_nonblock() is " + "DEPRECATED for non-DTLS use."); + } +} + + #ifdef WOLFSSL_DTLS int wolfSSL_dtls_get_current_timeout(WOLFSSL* ssl) { - (void)ssl; - return ssl->dtls_timeout; } diff --git a/src/wolfio.c b/src/wolfio.c index 03f62be6d..d99280236 100644 --- a/src/wolfio.c +++ b/src/wolfio.c @@ -200,14 +200,8 @@ int EmbedReceive(WOLFSSL *ssl, char *buf, int sz, void *ctx) WOLFSSL_MSG("Embed Receive error"); if (err == SOCKET_EWOULDBLOCK || err == SOCKET_EAGAIN) { - if (wolfSSL_get_using_nonblock(ssl)) { - WOLFSSL_MSG("\tWould block"); - return WOLFSSL_CBIO_ERR_WANT_READ; - } - else { - WOLFSSL_MSG("\tSocket timeout"); - return WOLFSSL_CBIO_ERR_TIMEOUT; - } + WOLFSSL_MSG("\tWould block"); + return WOLFSSL_CBIO_ERR_WANT_READ; } else if (err == SOCKET_ECONNRESET) { WOLFSSL_MSG("\tConnection reset"); @@ -217,10 +211,6 @@ int EmbedReceive(WOLFSSL *ssl, char *buf, int sz, void *ctx) WOLFSSL_MSG("\tSocket interrupted"); return WOLFSSL_CBIO_ERR_ISR; } - else if (err == SOCKET_ECONNREFUSED) { - WOLFSSL_MSG("\tConnection refused"); - return WOLFSSL_CBIO_ERR_WANT_READ; - } else if (err == SOCKET_ECONNABORTED) { WOLFSSL_MSG("\tConnection aborted"); return WOLFSSL_CBIO_ERR_CONN_CLOSE; @@ -327,7 +317,7 @@ int EmbedReceiveFrom(WOLFSSL *ssl, char *buf, int sz, void *ctx) WOLFSSL_MSG("Embed Receive From error"); if (err == SOCKET_EWOULDBLOCK || err == SOCKET_EAGAIN) { - if (wolfSSL_get_using_nonblock(ssl)) { + if (wolfSSL_dtls_get_using_nonblock(ssl)) { WOLFSSL_MSG("\tWould block"); return WOLFSSL_CBIO_ERR_WANT_READ; } @@ -438,7 +428,7 @@ int EmbedReceiveFromMcast(WOLFSSL *ssl, char *buf, int sz, void *ctx) WOLFSSL_MSG("Embed Receive From error"); if (err == SOCKET_EWOULDBLOCK || err == SOCKET_EAGAIN) { - if (wolfSSL_get_using_nonblock(ssl)) { + if (wolfSSL_dtls_get_using_nonblock(ssl)) { WOLFSSL_MSG("\tWould block"); return WOLFSSL_CBIO_ERR_WANT_READ; } @@ -1694,7 +1684,7 @@ int MicriumReceive(WOLFSSL *ssl, char *buf, int sz, void *ctx) { int dtls_timeout = wolfSSL_dtls_get_current_timeout(ssl); if (wolfSSL_dtls(ssl) - && !wolfSSL_get_using_nonblock(ssl) + && !wolfSSL_dtls_get_using_nonblock(ssl) && dtls_timeout != 0) { /* needs timeout in milliseconds */ NetSock_CfgTimeoutRxQ_Set(sd, dtls_timeout * 1000, &err); @@ -1711,7 +1701,7 @@ int MicriumReceive(WOLFSSL *ssl, char *buf, int sz, void *ctx) if (err == NET_ERR_RX || err == NET_SOCK_ERR_RX_Q_EMPTY || err == NET_ERR_FAULT_LOCK_ACQUIRE) { - if (!wolfSSL_dtls(ssl) || wolfSSL_get_using_nonblock(ssl)) { + if (!wolfSSL_dtls(ssl) || wolfSSL_dtls_get_using_nonblock(ssl)) { WOLFSSL_MSG("\tWould block"); return WOLFSSL_CBIO_ERR_WANT_READ; } @@ -1751,7 +1741,7 @@ int MicriumReceiveFrom(WOLFSSL *ssl, char *buf, int sz, void *ctx) if (ssl->options.handShakeDone) dtls_timeout = 0; - if (!wolfSSL_get_using_nonblock(ssl)) { + if (!wolfSSL_dtls_get_using_nonblock(ssl)) { /* needs timeout in milliseconds */ NetSock_CfgTimeoutRxQ_Set(sd, dtls_timeout * 1000, &err); if (err != NET_SOCK_ERR_NONE) { @@ -1766,7 +1756,7 @@ int MicriumReceiveFrom(WOLFSSL *ssl, char *buf, int sz, void *ctx) if (err == NET_ERR_RX || err == NET_SOCK_ERR_RX_Q_EMPTY || err == NET_ERR_FAULT_LOCK_ACQUIRE) { - if (wolfSSL_get_using_nonblock(ssl)) { + if (wolfSSL_dtls_get_using_nonblock(ssl)) { WOLFSSL_MSG("\tWould block"); return WOLFSSL_CBIO_ERR_WANT_READ; } diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 8c41a5893..8f5d862fe 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -3010,7 +3010,6 @@ typedef struct Options { word16 quietShutdown:1; /* don't send close notify */ word16 certOnly:1; /* stop once we get cert */ word16 groupMessages:1; /* group handshake messages */ - word16 usingNonblock:1; /* are we using nonblocking socket */ word16 saveArrays:1; /* save array Memory for user get keys or psk */ word16 weOwnRng:1; /* will be true unless CTX owns */ @@ -3030,6 +3029,7 @@ typedef struct Options { #endif #endif #ifdef WOLFSSL_DTLS + word16 dtlsUseNonblock:1; /* are we using nonblocking socket */ word16 dtlsHsRetain:1; /* DTLS retaining HS data */ word16 haveMcast:1; /* using multicast ? */ #ifdef WOLFSSL_SCTP diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index f425729ee..071150eec 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -540,8 +540,6 @@ WOLFSSL_API const char* wolfSSL_get_shared_ciphers(WOLFSSL* ssl, char* buf, int len); WOLFSSL_API const char* wolfSSL_get_curve_name(WOLFSSL* ssl); WOLFSSL_API int wolfSSL_get_fd(const WOLFSSL*); -WOLFSSL_API void wolfSSL_set_using_nonblock(WOLFSSL*, int); -WOLFSSL_API int wolfSSL_get_using_nonblock(WOLFSSL*); /* please see note at top of README if you get an error from connect */ WOLFSSL_API int wolfSSL_connect(WOLFSSL*); WOLFSSL_API int wolfSSL_write(WOLFSSL*, const void*, int); @@ -660,6 +658,11 @@ WOLFSSL_API int wolfSSL_CTX_set_cipher_list(WOLFSSL_CTX*, const char*); WOLFSSL_API int wolfSSL_set_cipher_list(WOLFSSL*, const char*); /* Nonblocking DTLS helper functions */ +WOLFSSL_API void wolfSSL_dtls_set_using_nonblock(WOLFSSL*, int); +WOLFSSL_API int wolfSSL_dtls_get_using_nonblock(WOLFSSL*); +#define wolfSSL_set_using_nonblock wolfSSL_dtls_set_using_nonblock +#define wolfSSL_get_using_nonblock wolfSSL_dtls_get_using_nonblock + /* The old names are deprecated. */ WOLFSSL_API int wolfSSL_dtls_get_current_timeout(WOLFSSL* ssl); WOLFSSL_API int wolfSSL_dtls_set_timeout_init(WOLFSSL* ssl, int); WOLFSSL_API int wolfSSL_dtls_set_timeout_max(WOLFSSL* ssl, int); From 902109189641891faa1dcdf84842138b957c5962 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Wed, 23 May 2018 14:04:41 -0600 Subject: [PATCH 074/146] update comments --- wolfcrypt/src/asn.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 2e5cb96e9..e3ab7e545 100755 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -685,7 +685,8 @@ static int SetShortInt(byte* input, word32* inOutIdx, word32 number, input[idx++] = ar[i]; len++; } - /* set number of bytes for integer and update index value */ + /* jump back to beginning of input buffer using unaltered inOutIdx value + * and set number of bytes for integer, then update the index value */ input[*inOutIdx + 1] = (byte)len; *inOutIdx = idx; From 8bd41629ae771266d9a94004022f7ec8c0368366 Mon Sep 17 00:00:00 2001 From: Carie Pointer Date: Wed, 23 May 2018 14:26:35 -0600 Subject: [PATCH 075/146] Split wc_SignatureGetSize test into wc_SignatureGetSize_ecc and wc_SignatureGetSize_rsa tests --- tests/api.c | 230 +++++++++++++++++++++++++++------------------------- 1 file changed, 121 insertions(+), 109 deletions(-) diff --git a/tests/api.c b/tests/api.c index abf9ad22b..399c8a80d 100644 --- a/tests/api.c +++ b/tests/api.c @@ -14736,18 +14736,16 @@ static void test_wc_PKCS7_EncodeEncryptedData (void) } /* END test_wc_PKCS7_EncodeEncryptedData() */ -/* Testing wc_SignatureGetSize() */ -static int test_wc_SignatureGetSize(void) -{ - +/* Testing wc_SignatureGetSize() for signature type ECC */ +static int test_wc_SignatureGetSize_ecc(void) +{ int ret = 0; - enum wc_SignatureType sig_type; - word32 key_len; - - /* Initialize ECC Key */ #if defined(HAVE_ECC) && !defined(NO_ECC256) - ecc_key ecc; - + enum wc_SignatureType sig_type; + word32 key_len; + + /* Initialize ECC Key */ + ecc_key ecc; const char* qx = "fa2737fb93488d19caef11ae7faf6b7f4bcd67b286e3fc54e8a65c2b74aeccb0"; const char* qy = @@ -14756,20 +14754,61 @@ static int test_wc_SignatureGetSize(void) "be34baa8d040a3b991f9075b56ba292f755b90e4b6dc10dad36715c33cfdac25"; ret = wc_ecc_init(&ecc); - if (ret != 0) { - ret = WOLFSSL_FATAL_ERROR; - goto done; + if (ret == 0) { + ret = wc_ecc_import_raw(&ecc, qx, qy, d, "SECP256R1"); } - ret = wc_ecc_import_raw(&ecc, qx, qy, d, "SECP256R1"); - if (ret != 0) { - wc_ecc_free(&ecc); + printf(testingFmt, "wc_SigntureGetSize_ecc()"); + if (ret == 0) { + /* Input for signature type ECC */ + sig_type = WC_SIGNATURE_TYPE_ECC; + key_len = sizeof(ecc_key); + ret = wc_SignatureGetSize(sig_type, &ecc, key_len); + + /* Test bad args */ + if (ret > 0) { + sig_type = 100; + ret = wc_SignatureGetSize(sig_type, &ecc, key_len); + if (ret == BAD_FUNC_ARG) { + sig_type = WC_SIGNATURE_TYPE_ECC; + ret = wc_SignatureGetSize(sig_type, NULL, key_len); + } + if (ret >= 0) { + key_len = 0; + ret = wc_SignatureGetSize(sig_type, &ecc, key_len); + } + if (ret == BAD_FUNC_ARG) { + ret = SIG_TYPE_E; + } + } + } else { ret = WOLFSSL_FATAL_ERROR; - goto done; - } + } + wc_ecc_free(&ecc); + #else + ret = SIG_TYPE_E; #endif - /* Initialize RSA Key */ + if (ret == SIG_TYPE_E) { + ret = 0; + } + else { + ret = WOLFSSL_FATAL_ERROR; + } + + printf(resultFmt, ret == 0 ? passed : failed); + return ret; +}/* END test_wc_SignatureGetSize_ecc() */ + +/* Testing wc_SignatureGetSize() for signature type rsa */ +static int test_wc_SignatureGetSize_rsa(void) +{ + int ret = 0; #ifndef NO_RSA + enum wc_SignatureType sig_type; + word32 key_len; + word32 idx = 0; + + /* Initialize RSA Key */ RsaKey rsa_key; byte* tmp = NULL; size_t bytes; @@ -14785,106 +14824,78 @@ static int test_wc_SignatureGetSize(void) #else bytes = FOURK_BUF; #endif - tmp = (byte*)XMALLOC(bytes, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (tmp == NULL) { + + tmp = (byte*)XMALLOC(bytes, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (tmp != NULL) { + #ifdef USE_CERT_BUFFERS_1024 + XMEMCPY(tmp, client_key_der_1024, + (size_t)sizeof_client_key_ker_1024); + #elif defined(USE_CERT_BUFFERS_2048) + XMEMCPY(tmp, client_key_der_2048, + (size_t)sizeof_client_key_der_2048); + #elif !defined(NO_FILESYSTEM) + file = fopen(clientKey, "rb"); + if (file != NULL) { + bytes = fread(tmp, 1, FOURK_BUF, file); + fclose(file); + } + else { + ret = WOLFSSL_FATAL_ERROR; + } + #else ret = WOLFSSL_FATAL_ERROR; - goto done; + #endif + if (ret == 0) { + ret = wc_InitRsaKey_ex(&rsa_key, HEAP_HINT, devId); + if (ret == 0) { + ret = wc_RsaPrivateKeyDecode(tmp, &idx, &rsa_key, + (word32)bytes); + } } - #ifdef USE_CERT_BUFFERS_1024 - XMEMCPY(tmp, client_key_der_1024, (size_t)sizeof_client_key_ker_1024); - #elif defined(USE_CERT_BUFFERS_2048) - XMEMCPY(tmp, client_key_der_2048, (size_t)sizeof_client_key_der_2048); - #elif !defined(NO_FILESYSTEM) - file = fopen(clientKey, "rb"); - if (!file) { - ret = WOLFSSL_FATAL_ERROR; - goto done; - } - bytes = fread(tmp, 1, FOURK_BUF, file); - fclose(file); - #else + } else { ret = WOLFSSL_FATAL_ERROR; - goto done; - #endif - ret = wc_InitRsaKey_ex(&rsa_key, HEAP_HINT, devId); - if (ret != 0) { - ret = WOLFSSL_FATAL_ERROR; - } - ret = wc_RsaPrivateKeyDecode(tmp, 0, &rsa_key, (word32)bytes); - if (ret != 0) { - ret = WOLFSSL_FATAL_ERROR; - } - #endif + } - /* Input for signature type ECC */ - #ifdef HAVE_ECC - sig_type = WC_SIGNATURE_TYPE_ECC; - key_len = sizeof(ecc_key); - ret = wc_SignatureGetSize(sig_type, &ecc, key_len); - - /* Test bad args */ - if (ret > 0) { - sig_type = 100; - ret = wc_SignatureGetSize(sig_type, &ecc, key_len); - if (ret == BAD_FUNC_ARG) { - sig_type = WC_SIGNATURE_TYPE_ECC; - ret = wc_SignatureGetSize(sig_type, NULL, key_len); - } - if (ret == BAD_FUNC_ARG) { - key_len = 0; - ret = wc_SignatureGetSize(sig_type, &ecc, key_len); - } - #else - ret = SIG_TYPE_E; - #endif - if (ret != SIG_TYPE_E) { - goto done; - } - } else { - ret = WOLFSSL_FATAL_ERROR; - goto done; - } - - /* Input for signature type RSA */ - #ifndef NO_RSA - sig_type = WC_SIGNATURE_TYPE_RSA; - key_len = sizeof(RsaKey); - ret = wc_SignatureGetSize(sig_type, &rsa_key, key_len); - - /* Test bad args */ - if (ret > 0) { - sig_type = 100; - ret = wc_SignatureGetSize(sig_type, &rsa_key, key_len); - if (ret == BAD_FUNC_ARG) { + printf(testingFmt, "wc_SigntureGetSize_rsa()"); + if (ret == 0) { + /* Input for signature type RSA */ sig_type = WC_SIGNATURE_TYPE_RSA; - ret = wc_SignatureGetSize(sig_type, NULL, key_len); - } - if (ret == BAD_FUNC_ARG) { - key_len = 0; + key_len = sizeof(RsaKey); ret = wc_SignatureGetSize(sig_type, &rsa_key, key_len); - } + + /* Test bad args */ + if (ret > 0) { + sig_type = 100; + ret = wc_SignatureGetSize(sig_type, &rsa_key, key_len); + if (ret == BAD_FUNC_ARG) { + sig_type = WC_SIGNATURE_TYPE_RSA; + ret = wc_SignatureGetSize(sig_type, NULL, key_len); + } + if (ret == BAD_FUNC_ARG) { + key_len = 0; + ret = wc_SignatureGetSize(sig_type, &rsa_key, key_len); + } + if (ret == BAD_FUNC_ARG) { + ret = SIG_TYPE_E; + } + } + } else { + ret = WOLFSSL_FATAL_ERROR; + } + wc_FreeRsaKey(&rsa_key); #else ret = SIG_TYPE_E; #endif - if (ret == SIG_TYPE_E) { - ret = 0; - } - } else { + + if (ret == SIG_TYPE_E) { + ret = 0; + }else { ret = WOLFSSL_FATAL_ERROR; - goto done; } - - done: - #ifdef HAVE_ECC - wc_ecc_free(&ecc); - #endif - #ifndef NO_RSA - wc_FreeRsaKey(&rsa_key); - #endif - printf(resultFmt, ret == 0 ? passed : failed); - - return ret; -}/* END test_wc_SignatureGetSize(void) */ + + printf(resultFmt, ret == 0 ? passed : failed); + return ret; +}/* END test_wc_SignatureGetSize_rsa(void) */ /*----------------------------------------------------------------------------* @@ -18977,7 +18988,8 @@ void ApiTest(void) AssertIntEQ(test_wc_DsaImportParamsRaw(), 0); AssertIntEQ(test_wc_DsaExportParamsRaw(), 0); AssertIntEQ(test_wc_DsaExportKeyRaw(), 0); - AssertIntEQ(test_wc_SignatureGetSize(), 0); + AssertIntEQ(test_wc_SignatureGetSize_ecc(), 0); + AssertIntEQ(test_wc_SignatureGetSize_rsa(), 0); #ifdef OPENSSL_EXTRA /*wolfSSS_EVP_get_cipherbynid test*/ From a18f220a5a8475c0659483ab1ccfd4d29d8750e5 Mon Sep 17 00:00:00 2001 From: Carie Pointer Date: Wed, 23 May 2018 14:39:36 -0600 Subject: [PATCH 076/146] Remove trailing whitespaces --- tests/api.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/api.c b/tests/api.c index 399c8a80d..88fb44b75 100644 --- a/tests/api.c +++ b/tests/api.c @@ -14745,7 +14745,7 @@ static int test_wc_SignatureGetSize_ecc(void) word32 key_len; /* Initialize ECC Key */ - ecc_key ecc; + ecc_key ecc; const char* qx = "fa2737fb93488d19caef11ae7faf6b7f4bcd67b286e3fc54e8a65c2b74aeccb0"; const char* qy = @@ -14774,7 +14774,7 @@ static int test_wc_SignatureGetSize_ecc(void) } if (ret >= 0) { key_len = 0; - ret = wc_SignatureGetSize(sig_type, &ecc, key_len); + ret = wc_SignatureGetSize(sig_type, &ecc, key_len); } if (ret == BAD_FUNC_ARG) { ret = SIG_TYPE_E; @@ -14826,7 +14826,7 @@ static int test_wc_SignatureGetSize_rsa(void) #endif tmp = (byte*)XMALLOC(bytes, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (tmp != NULL) { + if (tmp != NULL) { #ifdef USE_CERT_BUFFERS_1024 XMEMCPY(tmp, client_key_der_1024, (size_t)sizeof_client_key_ker_1024); From 9a75e5cf68f883526b82f8d43d923fd6145845d9 Mon Sep 17 00:00:00 2001 From: David Garske Date: Wed, 23 May 2018 14:48:10 -0700 Subject: [PATCH 077/146] Fixes in PKCS7 for handling hardware based devId and no private key. Fix to handle scenario where `kari->decoded` is allocated, but not initalized (was causing use of unitliaized in `FreeDecodedCert`). Fix to handle hardware base RSA key size. --- tests/api.c | 1 + wolfcrypt/src/pkcs7.c | 76 ++++++++++++++++++++++++++----------------- wolfcrypt/src/rsa.c | 13 +++++++- 3 files changed, 60 insertions(+), 30 deletions(-) diff --git a/tests/api.c b/tests/api.c index 2c87e39db..b42c48804 100644 --- a/tests/api.c +++ b/tests/api.c @@ -14537,6 +14537,7 @@ static void test_wc_PKCS7_EncodeDecodeEnvelopedData (void) printf(testingFmt, "wc_PKCS7_EncodeEnvelopedData()"); testSz = (int)sizeof(testVectors)/(int)sizeof(pkcs7EnvelopedVector); for (i = 0; i < testSz; i++) { + AssertIntEQ(wc_PKCS7_Init(&pkcs7, HEAP_HINT, devId), 0); AssertIntEQ(wc_PKCS7_InitWithCert(&pkcs7, (testVectors + i)->cert, (word32)(testVectors + i)->certSz), 0); diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c index 835f58209..1f54df3d9 100644 --- a/wolfcrypt/src/pkcs7.c +++ b/wolfcrypt/src/pkcs7.c @@ -259,7 +259,7 @@ int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* cert, word32 certSz) { int ret = 0; void* heap; - + int devId; if (pkcs7 == NULL || (cert == NULL && certSz != 0)) { return BAD_FUNC_ARG; @@ -270,9 +270,11 @@ int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* cert, word32 certSz) #else heap = pkcs7->heap; #endif + devId = pkcs7->devId; XMEMSET(pkcs7, 0, sizeof(PKCS7)); pkcs7->heap = heap; + pkcs7->devId = devId; if (cert != NULL && certSz > 0) { #ifdef WOLFSSL_SMALL_STACK @@ -590,9 +592,9 @@ static int wc_PKCS7_RsaSign(PKCS7* pkcs7, byte* in, word32 inSz, ESD* esd) RsaKey* privKey = &stack_privKey; #endif - if (pkcs7 == NULL || pkcs7->privateKey == NULL || pkcs7->rng == NULL || - in == NULL || esd == NULL) + if (pkcs7 == NULL || pkcs7->rng == NULL || in == NULL || esd == NULL) { return BAD_FUNC_ARG; + } #ifdef WOLFSSL_SMALL_STACK privKey = (RsaKey*)XMALLOC(sizeof(RsaKey), NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -602,11 +604,15 @@ static int wc_PKCS7_RsaSign(PKCS7* pkcs7, byte* in, word32 inSz, ESD* esd) ret = wc_InitRsaKey_ex(privKey, pkcs7->heap, pkcs7->devId); if (ret == 0) { - idx = 0; - ret = wc_RsaPrivateKeyDecode(pkcs7->privateKey, &idx, privKey, - pkcs7->privateKeySz); + if (pkcs7->privateKey != NULL && pkcs7->privateKeySz > 0) { + idx = 0; + ret = wc_RsaPrivateKeyDecode(pkcs7->privateKey, &idx, privKey, + pkcs7->privateKeySz); + } + else if (pkcs7->devId == INVALID_DEVID) { + ret = BAD_FUNC_ARG; + } } - if (ret == 0) { ret = wc_RsaSSL_Sign(in, inSz, esd->encContentDigest, sizeof(esd->encContentDigest), @@ -638,9 +644,9 @@ static int wc_PKCS7_EcdsaSign(PKCS7* pkcs7, byte* in, word32 inSz, ESD* esd) ecc_key* privKey = &stack_privKey; #endif - if (pkcs7 == NULL || pkcs7->privateKey == NULL || pkcs7->rng == NULL || - in == NULL || esd == NULL) + if (pkcs7 == NULL || pkcs7->rng == NULL || in == NULL || esd == NULL) { return BAD_FUNC_ARG; + } #ifdef WOLFSSL_SMALL_STACK privKey = (ecc_key*)XMALLOC(sizeof(ecc_key), NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -649,13 +655,16 @@ static int wc_PKCS7_EcdsaSign(PKCS7* pkcs7, byte* in, word32 inSz, ESD* esd) #endif ret = wc_ecc_init_ex(privKey, pkcs7->heap, pkcs7->devId); - if (ret == 0) { - idx = 0; - ret = wc_EccPrivateKeyDecode(pkcs7->privateKey, &idx, privKey, - pkcs7->privateKeySz); + if (pkcs7->privateKey != NULL && pkcs7->privateKeySz > 0) { + idx = 0; + ret = wc_EccPrivateKeyDecode(pkcs7->privateKey, &idx, privKey, + pkcs7->privateKeySz); + } + else if (pkcs7->devId == INVALID_DEVID) { + ret = BAD_FUNC_ARG; + } } - if (ret == 0) { outSz = sizeof(esd->encContentDigest); ret = wc_ecc_sign_hash(in, inSz, esd->encContentDigest, @@ -1032,9 +1041,9 @@ int wc_PKCS7_EncodeSignedData(PKCS7* pkcs7, byte* output, word32 outputSz) if (pkcs7 == NULL || pkcs7->content == NULL || pkcs7->contentSz == 0 || pkcs7->encryptOID == 0 || pkcs7->hashOID == 0 || pkcs7->rng == 0 || pkcs7->singleCert == NULL || pkcs7->singleCertSz == 0 || - pkcs7->privateKey == NULL || pkcs7->privateKeySz == 0 || - output == NULL || outputSz == 0) + output == NULL || outputSz == 0) { return BAD_FUNC_ARG; + } #ifdef WOLFSSL_SMALL_STACK esd = (ESD*)XMALLOC(sizeof(ESD), NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -2136,6 +2145,7 @@ typedef struct WC_PKCS7_KARI { word32 sharedInfoSz; /* size of ECC-CMS-SharedInfo encoded */ byte ukmOwner; /* do we own ukm buffer? 1:yes, 0:no */ byte direction; /* WC_PKCS7_ENCODE | WC_PKCS7_DECODE */ + byte decodedInit : 1; /* indicates decoded was intiialized */ } WC_PKCS7_KARI; @@ -2247,6 +2257,7 @@ static WC_PKCS7_KARI* wc_PKCS7_KariNew(PKCS7* pkcs7, byte direction) kari->sharedInfo = NULL; kari->sharedInfoSz = 0; kari->direction = direction; + kari->decodedInit = 0; kari->heap = pkcs7->heap; kari->devId = pkcs7->devId; @@ -2264,7 +2275,9 @@ static int wc_PKCS7_KariFree(WC_PKCS7_KARI* kari) heap = kari->heap; if (kari->decoded) { - FreeDecodedCert(kari->decoded); + if (kari->decodedInit) { + FreeDecodedCert(kari->decoded); + } XFREE(kari->decoded, heap, DYNAMIC_TYPE_PKCS7); } if (kari->senderKey) { @@ -2318,12 +2331,9 @@ static int wc_PKCS7_KariParseRecipCert(WC_PKCS7_KARI* kari, const byte* cert, cert == NULL || certSz == 0) return BAD_FUNC_ARG; - if (kari->direction == WC_PKCS7_DECODE && - (key == NULL || keySz == 0)) - return BAD_FUNC_ARG; - /* decode certificate */ InitDecodedCert(kari->decoded, (byte*)cert, certSz, kari->heap); + kari->decodedInit = 1; ret = ParseCert(kari->decoded, CA_TYPE, NO_VERIFY, 0); if (ret < 0) return ret; @@ -2349,9 +2359,13 @@ static int wc_PKCS7_KariParseRecipCert(WC_PKCS7_KARI* kari, const byte* cert, } /* get recip private key */ else if (kari->direction == WC_PKCS7_DECODE) { - - idx = 0; - ret = wc_EccPrivateKeyDecode(key, &idx, kari->recipKey, keySz); + if (key != NULL && keySz > 0) { + idx = 0; + ret = wc_EccPrivateKeyDecode(key, &idx, kari->recipKey, keySz); + } + else if (kari->devId == INVALID_DEVID) { + ret = BAD_FUNC_ARG; + } if (ret != 0) return ret; @@ -3722,9 +3736,14 @@ static int wc_PKCS7_DecodeKtri(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz, return ret; } - keyIdx = 0; - ret = wc_RsaPrivateKeyDecode(pkcs7->privateKey, &keyIdx, privKey, - pkcs7->privateKeySz); + if (pkcs7->privateKey != NULL && pkcs7->privateKeySz > 0) { + keyIdx = 0; + ret = wc_RsaPrivateKeyDecode(pkcs7->privateKey, &keyIdx, privKey, + pkcs7->privateKeySz); + } + else if (pkcs7->devId == INVALID_DEVID) { + ret = BAD_FUNC_ARG; + } if (ret != 0) { WOLFSSL_MSG("Failed to decode RSA private key"); #ifdef WOLFSSL_SMALL_STACK @@ -4381,8 +4400,7 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg, int explicitOctet; if (pkcs7 == NULL || pkcs7->singleCert == NULL || - pkcs7->singleCertSz == 0 || pkcs7->privateKey == NULL || - pkcs7->privateKeySz == 0) + pkcs7->singleCertSz == 0) return BAD_FUNC_ARG; if (pkiMsg == NULL || pkiMsgSz == 0 || diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c index 6108aa583..18045d47b 100644 --- a/wolfcrypt/src/rsa.c +++ b/wolfcrypt/src/rsa.c @@ -2282,10 +2282,21 @@ int wc_RsaPSS_Sign_ex(const byte* in, word32 inLen, byte* out, word32 outLen, int wc_RsaEncryptSize(RsaKey* key) { + int ret; + if (key == NULL) { return BAD_FUNC_ARG; } - return mp_unsigned_bin_size(&key->n); + + ret = mp_unsigned_bin_size(&key->n); + +#ifdef WOLF_CRYPTO_DEV + if (ret == 0 && key->devId != INVALID_DEVID) { + ret = 2048/8; /* hardware handles, use 2048-bit as default */ + } +#endif + + return ret; } From 72d168028e81c7041ca00325656fac8b1fc46b4d Mon Sep 17 00:00:00 2001 From: David Garske Date: Wed, 23 May 2018 15:29:33 -0700 Subject: [PATCH 078/146] Fixes to better handle PKCS7 error cases. --- tests/api.c | 4 +++- wolfcrypt/src/pkcs7.c | 21 ++++++++++++++++----- 2 files changed, 19 insertions(+), 6 deletions(-) diff --git a/tests/api.c b/tests/api.c index b42c48804..9d89de83c 100644 --- a/tests/api.c +++ b/tests/api.c @@ -14535,9 +14535,11 @@ static void test_wc_PKCS7_EncodeDecodeEnvelopedData (void) }; /* END pkcs7EnvelopedVector */ printf(testingFmt, "wc_PKCS7_EncodeEnvelopedData()"); + + AssertIntEQ(wc_PKCS7_Init(&pkcs7, HEAP_HINT, devId), 0); + testSz = (int)sizeof(testVectors)/(int)sizeof(pkcs7EnvelopedVector); for (i = 0; i < testSz; i++) { - AssertIntEQ(wc_PKCS7_Init(&pkcs7, HEAP_HINT, devId), 0); AssertIntEQ(wc_PKCS7_InitWithCert(&pkcs7, (testVectors + i)->cert, (word32)(testVectors + i)->certSz), 0); diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c index 1f54df3d9..2da4c5e15 100644 --- a/wolfcrypt/src/pkcs7.c +++ b/wolfcrypt/src/pkcs7.c @@ -2145,7 +2145,9 @@ typedef struct WC_PKCS7_KARI { word32 sharedInfoSz; /* size of ECC-CMS-SharedInfo encoded */ byte ukmOwner; /* do we own ukm buffer? 1:yes, 0:no */ byte direction; /* WC_PKCS7_ENCODE | WC_PKCS7_DECODE */ - byte decodedInit : 1; /* indicates decoded was intiialized */ + byte decodedInit : 1; /* indicates decoded was initialized */ + byte recipKeyInit : 1; /* indicates recipKey was initialized */ + byte senderKeyInit : 1; /* indicates senderKey was initialized */ } WC_PKCS7_KARI; @@ -2258,6 +2260,8 @@ static WC_PKCS7_KARI* wc_PKCS7_KariNew(PKCS7* pkcs7, byte direction) kari->sharedInfoSz = 0; kari->direction = direction; kari->decodedInit = 0; + kari->recipKeyInit = 0; + kari->senderKeyInit = 0; kari->heap = pkcs7->heap; kari->devId = pkcs7->devId; @@ -2275,17 +2279,18 @@ static int wc_PKCS7_KariFree(WC_PKCS7_KARI* kari) heap = kari->heap; if (kari->decoded) { - if (kari->decodedInit) { + if (kari->decodedInit) FreeDecodedCert(kari->decoded); - } XFREE(kari->decoded, heap, DYNAMIC_TYPE_PKCS7); } if (kari->senderKey) { - wc_ecc_free(kari->senderKey); + if (kari->senderKeyInit) + wc_ecc_free(kari->senderKey); XFREE(kari->senderKey, heap, DYNAMIC_TYPE_PKCS7); } if (kari->recipKey) { - wc_ecc_free(kari->recipKey); + if (kari->recipKeyInit) + wc_ecc_free(kari->recipKey); XFREE(kari->recipKey, heap, DYNAMIC_TYPE_PKCS7); } if (kari->senderKeyExport) { @@ -2348,6 +2353,8 @@ static int wc_PKCS7_KariParseRecipCert(WC_PKCS7_KARI* kari, const byte* cert, if (ret != 0) return ret; + kari->recipKeyInit = 1; + /* get recip public key */ if (kari->direction == WC_PKCS7_ENCODE) { @@ -2403,6 +2410,8 @@ static int wc_PKCS7_KariGenerateEphemeralKey(WC_PKCS7_KARI* kari, WC_RNG* rng) if (ret != 0) return ret; + kari->senderKeyInit = 1; + ret = wc_ecc_make_key_ex(rng, kari->recipKey->dp->size, kari->senderKey, kari->recipKey->dp->id); if (ret != 0) @@ -3847,6 +3856,8 @@ static int wc_PKCS7_KariGetOriginatorIdentifierOrKey(WC_PKCS7_KARI* kari, if (ret != 0) return ret; + kari->senderKeyInit = 1; + /* length-1 for unused bits counter */ ret = wc_ecc_import_x963(pkiMsg + (*idx), length - 1, kari->senderKey); if (ret != 0) From 58f523beba15eaa18e878df6f6cbb5e42e3b1e1e Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Fri, 27 Apr 2018 14:43:04 +1000 Subject: [PATCH 079/146] Allow Ed25519 private-only keys to work in TLS Change Ed25519 in TLS 1.2 to keep a copy of all the messages for certificate verification - interop with OpenSSL. --- certs/ed25519/client-ed25519-priv.der | Bin 0 -> 48 bytes certs/ed25519/client-ed25519-priv.pem | 3 + certs/ed25519/server-ed25519-priv.der | Bin 0 -> 48 bytes certs/ed25519/server-ed25519-priv.pem | 3 + examples/client/client.c | 4 + examples/server/server.c | 34 +++- src/internal.c | 278 ++++++++++++++++++-------- src/ssl.c | 14 +- src/tls13.c | 5 +- tests/test-ed25519.conf | 50 ++--- wolfcrypt/src/asn.c | 49 +++-- wolfcrypt/src/ed25519.c | 8 + wolfcrypt/test/test.c | 80 +++++++- wolfssl/internal.h | 6 + wolfssl/wolfcrypt/ed25519.h | 1 + 15 files changed, 392 insertions(+), 143 deletions(-) create mode 100644 certs/ed25519/client-ed25519-priv.der create mode 100644 certs/ed25519/client-ed25519-priv.pem create mode 100644 certs/ed25519/server-ed25519-priv.der create mode 100644 certs/ed25519/server-ed25519-priv.pem diff --git a/certs/ed25519/client-ed25519-priv.der b/certs/ed25519/client-ed25519-priv.der new file mode 100644 index 0000000000000000000000000000000000000000..e5a27a4117330b059cf37c364e9a802dcefbd0f4 GIT binary patch literal 48 zcmXreV`5}5U}a<0PAy Benchmark throughput using bytes and print stats\n"); +#ifdef HAVE_CRL + printf("-V Disable CRL\n"); +#endif #ifdef WOLFSSL_TRUST_PEER_CERT printf("-E Path to load trusted peer cert\n"); #endif @@ -462,7 +465,14 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) char input[80]; int ch; int version = SERVER_DEFAULT_VERSION; +#ifndef WOLFSSL_NO_CLIENT_AUTH int doCliCertCheck = 1; +#else + int doCliCertCheck = 0; +#endif +#ifdef HAVE_CRL + int disableCRL = 0; +#endif int useAnyAddr = 0; word16 port = wolfSSLPort; int usePsk = 0; @@ -601,7 +611,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) /* Not Used: h, m, z, F, M, T, V, W, X */ while ((ch = mygetopt(argc, argv, "?" "abc:defgijk:l:nop:q:rstuv:wxy" - "A:B:C:D:E:GH:IJKL:NO:PQR:S:TUYZ:" + "A:B:C:D:E:GH:IJKL:NO:PQR:S:TUVYZ:" "03:")) != -1) { switch (ch) { case '?' : @@ -616,6 +626,12 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) doCliCertCheck = 0; break; + case 'V' : + #ifdef HAVE_CRL + disableCRL = 1; + #endif + break; + case 'b' : useAnyAddr = 1; break; @@ -1286,6 +1302,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) wolfSSL_SetHsDoneCb(ssl, myHsDoneCb, NULL); #endif #ifdef HAVE_CRL + if (!disableCRL) { #ifdef HAVE_CRL_MONITOR crlFlags = CYASSL_CRL_MONITOR | CYASSL_CRL_START_MON; #endif @@ -1296,6 +1313,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) err_sys_ex(runWithErrors, "unable to load CRL"); if (CyaSSL_SetCRL_Cb(ssl, CRL_CallBack) != WOLFSSL_SUCCESS) err_sys_ex(runWithErrors, "unable to set CRL callback url"); + } #endif #ifdef HAVE_OCSP if (useOcsp) { @@ -1563,17 +1581,19 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) if (postHandAuth) { SSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER | - ((usePskPlus)? WOLFSSL_VERIFY_FAIL_EXCEPT_PSK : - WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT),0); + ((usePskPlus) ? WOLFSSL_VERIFY_FAIL_EXCEPT_PSK : + WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT), 0); if (SSL_CTX_load_verify_locations(ctx, verifyCert, 0) - != WOLFSSL_SUCCESS) { - err_sys_ex(runWithErrors, "can't load ca file, Please run from wolfSSL home dir"); + != WOLFSSL_SUCCESS) { + err_sys_ex(runWithErrors, "can't load ca file, Please run from " + "wolfSSL home dir"); } #ifdef WOLFSSL_TRUST_PEER_CERT if (trustCert) { if ((ret = wolfSSL_CTX_trust_peer_cert(ctx, trustCert, - WOLFSSL_FILETYPE_PEM)) != WOLFSSL_SUCCESS) { - err_sys_ex(runWithErrors, "can't load trusted peer cert file"); + WOLFSSL_FILETYPE_PEM)) != WOLFSSL_SUCCESS) { + err_sys_ex(runWithErrors, "can't load trusted peer cert " + "file"); } } #endif /* WOLFSSL_TRUST_PEER_CERT */ diff --git a/src/internal.c b/src/internal.c index 8df6575bb..66c5b45b1 100644 --- a/src/internal.c +++ b/src/internal.c @@ -103,7 +103,8 @@ WOLFSSL_CALLBACKS needs LARGE_STATIC_BUFFERS, please add LARGE_STATIC_BUFFERS #ifndef NO_WOLFSSL_SERVER static int DoClientKeyExchange(WOLFSSL* ssl, byte* input, word32*, word32); - #if !defined(NO_RSA) || defined(HAVE_ECC) + #if (!defined(NO_RSA) || defined(HAVE_ECC) || defined(HAVE_ED25519)) && \ + !defined(WOLFSSL_NO_CLIENT_AUTH) static int DoCertificateVerify(WOLFSSL* ssl, byte*, word32*, word32); #endif #ifdef WOLFSSL_DTLS @@ -2692,7 +2693,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, * * input The encoded signature algorithm. * hashalgo The hash algorithm. - * hsType The signature type. + * hsType The signature type. */ static INLINE void DecodeSigAlg(const byte* input, byte* hashAlgo, byte* hsType) { @@ -2888,35 +2889,37 @@ static INLINE void EncodeSigAlg(byte hashAlgo, byte hsType, byte* output) (void)output; } +#if !defined(WOLFSSL_NO_CLIENT_AUTH) static void SetDigest(WOLFSSL* ssl, int hashAlgo) { switch (hashAlgo) { - #ifndef NO_SHA + #ifndef NO_SHA case sha_mac: ssl->buffers.digest.buffer = ssl->hsHashes->certHashes.sha; ssl->buffers.digest.length = WC_SHA_DIGEST_SIZE; break; - #endif /* !NO_SHA */ - #ifndef NO_SHA256 + #endif /* !NO_SHA */ + #ifndef NO_SHA256 case sha256_mac: ssl->buffers.digest.buffer = ssl->hsHashes->certHashes.sha256; ssl->buffers.digest.length = WC_SHA256_DIGEST_SIZE; break; - #endif /* !NO_SHA256 */ - #ifdef WOLFSSL_SHA384 + #endif /* !NO_SHA256 */ + #ifdef WOLFSSL_SHA384 case sha384_mac: ssl->buffers.digest.buffer = ssl->hsHashes->certHashes.sha384; ssl->buffers.digest.length = WC_SHA384_DIGEST_SIZE; break; - #endif /* WOLFSSL_SHA384 */ - #ifdef WOLFSSL_SHA512 + #endif /* WOLFSSL_SHA384 */ + #ifdef WOLFSSL_SHA512 case sha512_mac: ssl->buffers.digest.buffer = ssl->hsHashes->certHashes.sha512; ssl->buffers.digest.length = WC_SHA512_DIGEST_SIZE; break; - #endif /* WOLFSSL_SHA512 */ + #endif /* WOLFSSL_SHA512 */ } /* switch */ } +#endif /* !WOLFSSL_NO_CLIENT_AUTH */ #endif /* !NO_CERTS */ #ifndef NO_RSA @@ -3632,6 +3635,43 @@ int EccMakeKey(WOLFSSL* ssl, ecc_key* key, ecc_key* peer) #endif /* HAVE_ECC */ #ifdef HAVE_ED25519 +/* Check whether the key contains a public key. + * If not then pull it out of the leaf certificate. + * + * ssl SSL/TLS object. + * returns MEMORY_E when unable to allocate memory, a parsing error, otherwise + * 0 on success. + */ +int Ed25519CheckPubKey(WOLFSSL* ssl) +{ + ed25519_key* key = (ed25519_key*)ssl->hsKey; + int ret = 0; + + /* Public key required for signing. */ + if (!key->pubKeySet) { + DerBuffer* leaf = ssl->buffers.certificate; + DecodedCert* cert = (DecodedCert*)XMALLOC(sizeof(*cert), + ssl->heap, DYNAMIC_TYPE_DCERT); + if (cert == NULL) + ret = MEMORY_E; + + if (ret == 0) { + InitDecodedCert(cert, leaf->buffer, leaf->length, ssl->heap); + ret = DecodeToKey(cert, 0); + } + if (ret == 0) { + ret = wc_ed25519_import_public(cert->publicKey, cert->pubKeySize, + key); + } + if (cert != NULL) { + FreeDecodedCert(cert); + XFREE(cert, ssl->heap, DYNAMIC_TYPE_DCERT); + } + } + + return ret; +} + /* Sign the data using EdDSA and key using X25519. * * ssl SSL object. @@ -4287,6 +4327,10 @@ void FreeHandshakeHashes(WOLFSSL* ssl) #ifdef WOLFSSL_SHA512 wc_Sha512Free(&ssl->hsHashes->hashSha512); #endif + #if defined(HAVE_ED25519) && !defined(WOLFSSL_NO_CLIENT_AUTH) + if (ssl->hsHashes->messages != NULL) + XFREE(ssl->hsHashes->messages, ssl->heap, DYNAMIC_TYPE_HASHES); + #endif XFREE(ssl->hsHashes, ssl->heap, DYNAMIC_TYPE_HASHES); ssl->hsHashes = NULL; @@ -5994,7 +6038,36 @@ ProtocolVersion MakeDTLSv1_2(void) return (word32)XTIME(0); } #endif +#if defined(HAVE_ED25519) && !defined(WOLFSSL_NO_CLIENT_AUTH) +/* Store the message for use with CertificateVerify using Ed25519. + * + * ssl SSL/TLS object. + * data Message to store. + * sz Size of message to store. + * returns MEMORY_E if not able to reallocate, otherwise 0. + */ +static int Ed25519Update(WOLFSSL* ssl, const byte* data, int sz) +{ + int ret = 0; + byte* msgs; + if (!IsAtLeastTLSv1_3(ssl->version) || ssl->options.downgrade) { + msgs = (byte*)XREALLOC(ssl->hsHashes->messages, + ssl->hsHashes->length + sz, ssl->heap, + DYNAMIC_TYPE_HASHES); + if (msgs == NULL) + ret = MEMORY_E; + if (ret == 0) { + ssl->hsHashes->messages = msgs; + XMEMCPY(msgs + ssl->hsHashes->length, data, sz); + ssl->hsHashes->prevLen = ssl->hsHashes->length; + ssl->hsHashes->length += sz; + } + } + + return ret; +} +#endif /* HAVE_ED25519 && !WOLFSSL_NO_CLIENT_AUTH */ #ifndef NO_CERTS int HashOutputRaw(WOLFSSL* ssl, const byte* output, int sz) @@ -6012,30 +6085,35 @@ int HashOutputRaw(WOLFSSL* ssl, const byte* output, int sz) ssl->fuzzerCb(ssl, output, sz, FUZZ_HASH, ssl->fuzzerCtx); #endif #ifndef NO_OLD_TLS -#ifndef NO_SHA - wc_ShaUpdate(&ssl->hsHashes->hashSha, output, sz); -#endif -#ifndef NO_MD5 - wc_Md5Update(&ssl->hsHashes->hashMd5, output, sz); -#endif + #ifndef NO_SHA + wc_ShaUpdate(&ssl->hsHashes->hashSha, output, sz); + #endif + #ifndef NO_MD5 + wc_Md5Update(&ssl->hsHashes->hashMd5, output, sz); + #endif #endif /* NO_OLD_TLS */ if (IsAtLeastTLSv1_2(ssl)) { -#ifndef NO_SHA256 + #ifndef NO_SHA256 ret = wc_Sha256Update(&ssl->hsHashes->hashSha256, output, sz); if (ret != 0) return ret; -#endif -#ifdef WOLFSSL_SHA384 + #endif + #ifdef WOLFSSL_SHA384 ret = wc_Sha384Update(&ssl->hsHashes->hashSha384, output, sz); if (ret != 0) return ret; -#endif -#ifdef WOLFSSL_SHA512 + #endif + #ifdef WOLFSSL_SHA512 ret = wc_Sha512Update(&ssl->hsHashes->hashSha512, output, sz); if (ret != 0) return ret; -#endif + #endif + #if defined(HAVE_ED25519) && !defined(WOLFSSL_NO_CLIENT_AUTH) + ret = Ed25519Update(ssl, output, sz); + if (ret != 0) + return ret; + #endif } return ret; @@ -6063,30 +6141,35 @@ int HashOutput(WOLFSSL* ssl, const byte* output, int sz, int ivSz) } #endif #ifndef NO_OLD_TLS -#ifndef NO_SHA - wc_ShaUpdate(&ssl->hsHashes->hashSha, adj, sz); -#endif -#ifndef NO_MD5 - wc_Md5Update(&ssl->hsHashes->hashMd5, adj, sz); -#endif + #ifndef NO_SHA + wc_ShaUpdate(&ssl->hsHashes->hashSha, adj, sz); + #endif + #ifndef NO_MD5 + wc_Md5Update(&ssl->hsHashes->hashMd5, adj, sz); + #endif #endif if (IsAtLeastTLSv1_2(ssl)) { -#ifndef NO_SHA256 + #ifndef NO_SHA256 ret = wc_Sha256Update(&ssl->hsHashes->hashSha256, adj, sz); if (ret != 0) return ret; -#endif -#ifdef WOLFSSL_SHA384 + #endif + #ifdef WOLFSSL_SHA384 ret = wc_Sha384Update(&ssl->hsHashes->hashSha384, adj, sz); if (ret != 0) return ret; -#endif -#ifdef WOLFSSL_SHA512 + #endif + #ifdef WOLFSSL_SHA512 ret = wc_Sha512Update(&ssl->hsHashes->hashSha512, adj, sz); if (ret != 0) return ret; -#endif + #endif + #if defined(HAVE_ED25519) && !defined(WOLFSSL_NO_CLIENT_AUTH) + ret = Ed25519Update(ssl, adj, sz); + if (ret != 0) + return ret; + #endif } return ret; @@ -6116,30 +6199,35 @@ int HashInput(WOLFSSL* ssl, const byte* input, int sz) } #ifndef NO_OLD_TLS -#ifndef NO_SHA - wc_ShaUpdate(&ssl->hsHashes->hashSha, adj, sz); -#endif -#ifndef NO_MD5 - wc_Md5Update(&ssl->hsHashes->hashMd5, adj, sz); -#endif + #ifndef NO_SHA + wc_ShaUpdate(&ssl->hsHashes->hashSha, adj, sz); + #endif + #ifndef NO_MD5 + wc_Md5Update(&ssl->hsHashes->hashMd5, adj, sz); + #endif #endif if (IsAtLeastTLSv1_2(ssl)) { -#ifndef NO_SHA256 + #ifndef NO_SHA256 ret = wc_Sha256Update(&ssl->hsHashes->hashSha256, adj, sz); if (ret != 0) return ret; -#endif -#ifdef WOLFSSL_SHA384 + #endif + #ifdef WOLFSSL_SHA384 ret = wc_Sha384Update(&ssl->hsHashes->hashSha384, adj, sz); if (ret != 0) return ret; -#endif -#ifdef WOLFSSL_SHA512 + #endif + #ifdef WOLFSSL_SHA512 ret = wc_Sha512Update(&ssl->hsHashes->hashSha512, adj, sz); if (ret != 0) return ret; -#endif + #endif + #if defined(HAVE_ED25519) && !defined(WOLFSSL_NO_CLIENT_AUTH) + ret = Ed25519Update(ssl, adj, sz); + if (ret != 0) + return ret; + #endif } return ret; @@ -9185,7 +9273,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, } break; } - #endif /* HAVE_ECC */ + #endif /* HAVE_ED25519 */ default: break; } @@ -9408,7 +9496,7 @@ static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx, int ret; WOLFSSL_START(WC_FUNC_CERTIFICATE_DO); - WOLFSSL_ENTER("DoCertificateVerify"); + WOLFSSL_ENTER("DoCertificate"); ret = ProcessPeerCerts(ssl, input, inOutIdx, size); @@ -9416,7 +9504,7 @@ static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx, ssl->options.serverState = SERVER_CERT_COMPLETE; #endif - WOLFSSL_LEAVE("DoCertificateVerify", ret); + WOLFSSL_LEAVE("DoCertificate", ret); WOLFSSL_END(WC_FUNC_CERTIFICATE_DO); return ret; @@ -10231,12 +10319,13 @@ static int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx, ret = DoClientKeyExchange(ssl, input, inOutIdx, size); break; -#if !defined(NO_RSA) || defined(HAVE_ECC) +#if (!defined(NO_RSA) || defined(HAVE_ECC) || defined(HAVE_ED25519)) && \ + !defined(WOLFSSL_NO_CLIENT_AUTH) case certificate_verify: WOLFSSL_MSG("processing certificate verify"); ret = DoCertificateVerify(ssl, input, inOutIdx, size); break; -#endif /* !NO_RSA || HAVE_ECC */ +#endif /* (!NO_RSA || HAVE_ECC || HAVE_ED25519) && !WOLFSSL_NO_CLIENT_AUTH */ #endif /* !NO_WOLFSSL_SERVER */ @@ -13582,6 +13671,7 @@ int SendFinished(WOLFSSL* ssl) #ifndef NO_CERTS +#if !defined(NO_WOLFSSL_SERVER) || !defined(WOLFSSL_NO_CLIENT_AUTH) /* handle generation of certificate (11) */ int SendCertificate(WOLFSSL* ssl) { @@ -13845,6 +13935,7 @@ int SendCertificate(WOLFSSL* ssl) return ret; } +#endif /* !NO_WOLFSSL_SERVER || !WOLFSSL_NO_CLIENT_AUTH */ /* handle generation of certificate_request (13) */ int SendCertificateRequest(WOLFSSL* ssl) @@ -17751,7 +17842,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, } break; } - #endif /* HAVE_ECC */ + #endif /* HAVE_ED25519 */ default: ret = ALGO_ID_E; @@ -17871,7 +17962,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, break; } - #endif /* HAVE_ECC */ + #endif /* HAVE_ED25519 */ default: ret = ALGO_ID_E; @@ -17985,7 +18076,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, case ed25519_sa_algo: /* Nothing to do in this algo */ break; - #endif /* HAVE_ECC */ + #endif /* HAVE_ED25519 */ default: ret = ALGO_ID_E; } /* switch (sigAlgo) */ @@ -19627,9 +19718,9 @@ int DecodePrivateKey(WOLFSSL *ssl, word16* length) } #endif #ifdef HAVE_ED25519 -#if !defined(NO_RSA) || defined(HAVE_ECC) - FreeKey(ssl, ssl->hsType, (void**)&ssl->hsKey); -#endif + #if !defined(NO_RSA) || defined(HAVE_ECC) + FreeKey(ssl, ssl->hsType, (void**)&ssl->hsKey); + #endif ssl->hsType = DYNAMIC_TYPE_ED25519; ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey); @@ -19637,13 +19728,13 @@ int DecodePrivateKey(WOLFSSL *ssl, word16* length) goto exit_dpk; } -#ifdef HAVE_ECC - WOLFSSL_MSG("Trying ED25519 private key, ECC didn't work"); -#elif !defined(NO_RSA) - WOLFSSL_MSG("Trying ED25519 private key, RSA didn't work"); -#else - WOLFSSL_MSG("Trying ED25519 private key"); -#endif + #ifdef HAVE_ECC + WOLFSSL_MSG("Trying ED25519 private key, ECC didn't work"); + #elif !defined(NO_RSA) + WOLFSSL_MSG("Trying ED25519 private key, RSA didn't work"); + #else + WOLFSSL_MSG("Trying ED25519 private key"); + #endif /* Set start of data to beginning of buffer. */ idx = 0; @@ -19665,7 +19756,7 @@ int DecodePrivateKey(WOLFSSL *ssl, word16* length) goto exit_dpk; } -#endif +#endif /* HAVE_ED25519 */ (void)idx; (void)keySz; @@ -19675,6 +19766,7 @@ exit_dpk: } +#ifndef WOLFSSL_NO_CLIENT_AUTH typedef struct ScvArgs { byte* output; /* not allocated */ #ifndef NO_RSA @@ -19883,6 +19975,13 @@ int SendCertificateVerify(WOLFSSL* ssl) c16toa(args->length, args->verify + args->extraSz); } #endif /* !NO_RSA */ + #ifdef HAVE_ED25519 + if (args->sigAlgo == ed25519_sa_algo) { + ret = Ed25519CheckPubKey(ssl); + if (ret != 0) + goto exit_scv; + } + #endif /* HAVE_ED25519 */ /* Advance state and proceed */ ssl->options.asyncState = TLS_ASYNC_DO; @@ -19913,7 +20012,7 @@ int SendCertificateVerify(WOLFSSL* ssl) ed25519_key* key = (ed25519_key*)ssl->hsKey; ret = Ed25519Sign(ssl, - ssl->buffers.digest.buffer, ssl->buffers.digest.length, + ssl->hsHashes->messages, ssl->hsHashes->length, ssl->buffers.sig.buffer, &ssl->buffers.sig.length, key, #ifdef HAVE_PK_CALLBACKS @@ -19924,7 +20023,7 @@ int SendCertificateVerify(WOLFSSL* ssl) #endif ); } - #endif /* HAVE_ECC */ + #endif /* HAVE_ED25519 */ #ifndef NO_RSA if (ssl->hsType == DYNAMIC_TYPE_RSA) { RsaKey* key = (RsaKey*)ssl->hsKey; @@ -20133,6 +20232,7 @@ exit_scv: return ret; } +#endif /* WOLFSSL_NO_CLIENT_AUTH */ #endif /* NO_CERTS */ @@ -21330,13 +21430,17 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, break; #endif #endif /* !NO_RSA */ - #ifdef HAVE_ED25519 - case ed25519_sa_algo: - #endif case ecc_dsa_sa_algo: { break; } + #ifdef HAVE_ED25519 + case ed25519_sa_algo: + ret = Ed25519CheckPubKey(ssl); + if (ret != 0) + goto exit_sske; + break; + #endif /* HAVE_ED25519 */ } /* switch(ssl->specs.sig_algo) */ break; } @@ -21796,18 +21900,9 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, } #endif case ecc_dsa_sa_algo: - { - /* Now that we know the real sig size, write it. */ - c16toa((word16)args->sigSz, - args->output + args->idx); - - /* And adjust length and sendSz from estimates */ - args->length += args->sigSz - args->tmpSigSz; - args->sendSz += args->sigSz - args->tmpSigSz; - break; - } #ifdef HAVE_ED25519 case ed25519_sa_algo: + #endif { /* Now that we know the real sig size, write it. */ c16toa((word16)args->sigSz, @@ -21818,7 +21913,6 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, args->sendSz += args->sigSz - args->tmpSigSz; break; } - #endif default: ERROR_OUT(ALGO_ID_E, exit_sske); /* unsupported type */ } /* switch(ssl->specs.sig_algo) */ @@ -22977,7 +23071,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, } -#if !defined(NO_RSA) || defined(HAVE_ECC) +#if (!defined(NO_RSA) || defined(HAVE_ECC) || defined(HAVE_ED25519)) && \ + !defined(WOLFSSL_NO_CLIENT_AUTH) typedef struct DcvArgs { byte* output; /* not allocated */ @@ -23179,6 +23274,23 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, ); } #endif /* HAVE_ECC */ + #ifdef HAVE_ED25519 + if (ssl->peerEd25519KeyPresent) { + WOLFSSL_MSG("Doing Ed25519 peer cert verify"); + + ret = Ed25519Verify(ssl, + input + args->idx, args->sz, + ssl->hsHashes->messages, ssl->hsHashes->prevLen, + ssl->peerEd25519Key, + #ifdef HAVE_PK_CALLBACKS + &ssl->buffers.peerEd25519Key, + ssl->Ed25519VerifyCtx + #else + NULL, NULL + #endif + ); + } + #endif /* HAVE_ED25519 */ /* Check for error */ if (ret != 0) { @@ -23311,7 +23423,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, return ret; } -#endif /* !NO_RSA || HAVE_ECC */ +#endif /* (!NO_RSA || HAVE_ECC || HAVE_ED25519) && !WOLFSSL_NO_CLIENT_AUTH */ /* handle generation of server_hello_done (14) */ int SendServerHelloDone(WOLFSSL* ssl) diff --git a/src/ssl.c b/src/ssl.c index 766919905..10adf8b3b 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -8659,11 +8659,11 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, FALL_THROUGH; case FIRST_REPLY_DONE : - #ifdef WOLFSSL_TLS13 - if (ssl->options.tls1_3) - return wolfSSL_connect_TLSv13(ssl); - #endif - #ifndef NO_CERTS + #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_CLIENT_AUTH) + #ifdef WOLFSSL_TLS13 + if (ssl->options.tls1_3) + return wolfSSL_connect_TLSv13(ssl); + #endif if (ssl->options.sendVerify) { if ( (ssl->error = SendCertificate(ssl)) != 0) { WOLFSSL_ERROR(ssl->error); @@ -8695,7 +8695,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, FALL_THROUGH; case FIRST_REPLY_SECOND : - #ifndef NO_CERTS + #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_CLIENT_AUTH) if (ssl->options.sendVerify) { if ( (ssl->error = SendCertificateVerify(ssl)) != 0) { WOLFSSL_ERROR(ssl->error); @@ -8703,7 +8703,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, } WOLFSSL_MSG("sent: certificate verify"); } - #endif + #endif /* !NO_CERTS && !WOLFSSL_NO_CLIENT_AUTH */ ssl->options.connectState = FIRST_REPLY_THIRD; WOLFSSL_MSG("connect state: FIRST_REPLY_THIRD"); FALL_THROUGH; diff --git a/src/tls13.c b/src/tls13.c index 35a371845..ce444ea47 100755 --- a/src/tls13.c +++ b/src/tls13.c @@ -5252,7 +5252,10 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl) #endif /* HAVE_ECC */ #ifdef HAVE_ED25519 if (ssl->hsType == DYNAMIC_TYPE_ED25519) { - /* Nothing to do */ + ret = Ed25519CheckPubKey(ssl); + if (ret < 0) { + ERROR_OUT(ret, exit_scv); + } sig->length = ED25519_SIG_SIZE; } #endif /* HAVE_ECC */ diff --git a/tests/test-ed25519.conf b/tests/test-ed25519.conf index cc68ba2d7..e13c67b18 100644 --- a/tests/test-ed25519.conf +++ b/tests/test-ed25519.conf @@ -10,21 +10,22 @@ -A ./certs/ed25519/root-ed25519.pem -C -# Enable when CRL for ED25519 certificates available. # server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 -#-v 3 -#-l ECDHE-ECDSA-AES128-GCM-SHA256 -#-c ./certs/ed25519/server-ed25519.pem -#-k ./certs/ed25519/server-ed25519-key.pem -#-A ./certs/ed25519/client-ed25519.pem +-v 3 +-l ECDHE-ECDSA-AES128-GCM-SHA256 +-c ./certs/ed25519/server-ed25519.pem +-k ./certs/ed25519/server-ed25519-key.pem +-A ./certs/ed25519/client-ed25519.pem +-V +# Remove -V when CRL for ED25519 certificates available. # client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 -#-v 3 -#-l ECDHE-ECDSA-AES128-GCM-SHA256 -#-c ./certs/ed25519/client-ed25519.pem -#-k ./certs/ed25519/client-ed25519-key.pem -#-A ./certs/ed25519/root-ed25519.pem -#-C +-v 3 +-l ECDHE-ECDSA-AES128-GCM-SHA256 +-c ./certs/ed25519/client-ed25519.pem +-k ./certs/ed25519/client-ed25519-key.pem +-A ./certs/ed25519/root-ed25519.pem +-C # server TLSv1.3 TLS13-AES128-GCM-SHA256 -v 4 @@ -40,16 +41,19 @@ # Enable when CRL for ED25519 certificates available. # server TLSv1.3 TLS13-AES128-GCM-SHA256 -#-v 4 -#-l TLS13-AES128-GCM-SHA256 -#-c ./certs/ed25519/server-ed25519.pem -#-k ./certs/ed25519/server-ed25519-key.pem -#-A ./certs/ed25519/client-ed25519.pem +-v 4 +-l TLS13-AES128-GCM-SHA256 +-c ./certs/ed25519/server-ed25519.pem +-k ./certs/ed25519/server-ed25519-key.pem +-A ./certs/ed25519/client-ed25519.pem +-V +# Remove -V when CRL for ED25519 certificates available. # client TLSv1.3 TLS13-AES128-GCM-SHA256 -#-v 4 -#-l TLS13-AES128-GCM-SHA256 -#-c ./certs/ed25519/client-ed25519.pem -#-k ./certs/ed25519/client-ed25519-key.pem -#-A ./certs/ed25519/root-ed25519.pem -#-C +-v 4 +-l TLS13-AES128-GCM-SHA256 +-c ./certs/ed25519/client-ed25519.pem +-k ./certs/ed25519/client-ed25519-key.pem +-A ./certs/ed25519/root-ed25519.pem +-C + diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index fafaf3f21..a0a5fee08 100755 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -12226,29 +12226,38 @@ int wc_Ed25519PrivateKeyDecode(const byte* input, word32* inOutIdx, if (input == NULL || inOutIdx == NULL || key == NULL || inSz == 0) return BAD_FUNC_ARG; - if (GetSequence(input, inOutIdx, &length, inSz) < 0) - return ASN_PARSE_E; - endKeyIdx = *inOutIdx + length; + if (GetSequence(input, inOutIdx, &length, inSz) >= 0) { + endKeyIdx = *inOutIdx + length; - if (GetMyVersion(input, inOutIdx, &version, inSz) < 0) - return ASN_PARSE_E; - if (version != 0) { - WOLFSSL_MSG("Unrecognized version of ED25519 private key"); - return ASN_PARSE_E; + if (GetMyVersion(input, inOutIdx, &version, inSz) < 0) + return ASN_PARSE_E; + if (version != 0) { + WOLFSSL_MSG("Unrecognized version of ED25519 private key"); + return ASN_PARSE_E; + } + + if (GetAlgoId(input, inOutIdx, &oid, oidKeyType, inSz) < 0) + return ASN_PARSE_E; + if (oid != ED25519k) + return ASN_PARSE_E; + + if (GetOctetString(input, inOutIdx, &length, inSz) < 0) + return ASN_PARSE_E; + + if (GetOctetString(input, inOutIdx, &privSz, inSz) < 0) + return ASN_PARSE_E; + + priv = input + *inOutIdx; + *inOutIdx += privSz; } + else { + if (GetOctetString(input, inOutIdx, &privSz, inSz) < 0) + return ASN_PARSE_E; - if (GetAlgoId(input, inOutIdx, &oid, oidKeyType, inSz) < 0) - return ASN_PARSE_E; - if (oid != ED25519k) - return ASN_PARSE_E; - - if (GetOctetString(input, inOutIdx, &length, inSz) < 0) - return ASN_PARSE_E; - - if (GetOctetString(input, inOutIdx, &privSz, inSz) < 0) - return ASN_PARSE_E; - priv = input + *inOutIdx; - *inOutIdx += privSz; + priv = input + *inOutIdx; + *inOutIdx += privSz; + endKeyIdx = *inOutIdx; + } if (endKeyIdx == (int)*inOutIdx) { ret = wc_ed25519_import_private_only(priv, privSz, key); diff --git a/wolfcrypt/src/ed25519.c b/wolfcrypt/src/ed25519.c index 633eb5c07..12d784347 100644 --- a/wolfcrypt/src/ed25519.c +++ b/wolfcrypt/src/ed25519.c @@ -90,6 +90,8 @@ int wc_ed25519_make_key(WC_RNG* rng, int keySz, ed25519_key* key) /* put public key after private key, on the same buffer */ XMEMMOVE(key->k + ED25519_KEY_SIZE, key->p, ED25519_PUB_KEY_SIZE); + key->pubKeySet = 1; + return ret; } @@ -121,6 +123,8 @@ int wc_ed25519_sign_msg(const byte* in, word32 inlen, byte* out, /* sanity check on arguments */ if (in == NULL || out == NULL || outLen == NULL || key == NULL) return BAD_FUNC_ARG; + if (!key->pubKeySet) + return BAD_FUNC_ARG; /* check and set up out length */ if (*outLen < ED25519_SIG_SIZE) { @@ -370,6 +374,7 @@ int wc_ed25519_import_public(const byte* in, word32 inLen, ed25519_key* key) pubKey.Y = key->pointY; LTC_PKHA_Ed25519_PointDecompress(key->p, ED25519_PUB_KEY_SIZE, &pubKey); #endif + key->pubKeySet = 1; return 0; } @@ -389,6 +394,8 @@ int wc_ed25519_import_public(const byte* in, word32 inLen, ed25519_key* key) ret = ge_compress_key(key->p, in+1, in+1+ED25519_PUB_KEY_SIZE, ED25519_PUB_KEY_SIZE); #endif /* FREESCALE_LTC_ECC */ + if (ret == 0) + key->pubKeySet = 1; return ret; } @@ -403,6 +410,7 @@ int wc_ed25519_import_public(const byte* in, word32 inLen, ed25519_key* key) pubKey.Y = key->pointY; LTC_PKHA_Ed25519_PointDecompress(key->p, ED25519_PUB_KEY_SIZE, &pubKey); #endif + key->pubKeySet = 1; return 0; } diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 30deba40a..df451da0f 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -17115,6 +17115,38 @@ int ed25519_test(void) 0 /*sizeof(msg1)*/, sizeof(msg4) }; + static byte privateEd25519[] = { + 0x30,0x2e,0x02,0x01,0x00,0x30,0x05,0x06, + 0x03,0x2b,0x65,0x70,0x04,0x22,0x04,0x20, + 0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60, + 0xba,0x84,0x4a,0xf4,0x92,0xec,0x2c,0xc4, + 0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19, + 0x70,0x3b,0xac,0x03,0x1c,0xae,0x7f,0x60 + }; + static byte publicEd25519[] = { + 0x30,0x2a,0x30,0x05,0x06,0x03,0x2b,0x65, + 0x70,0x03,0x21,0x00,0xd7,0x5a,0x98,0x01, + 0x82,0xb1,0x0a,0xb7,0xd5,0x4b,0xfe,0xd3, + 0xc9,0x64,0x07,0x3a,0x0e,0xe1,0x72,0xf3, + 0xda,0xa6,0x23,0x25,0xaf,0x02,0x1a,0x68, + 0xf7,0x07,0x51,0x1a + }; + static byte privPubEd25519[] = { + 0x30,0x52,0x02,0x01,0x00,0x30,0x05,0x06, + 0x03,0x2b,0x65,0x70,0x04,0x22,0x04,0x20, + 0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60, + 0xba,0x84,0x4a,0xf4,0x92,0xec,0x2c,0xc4, + 0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19, + 0x70,0x3b,0xac,0x03,0x1c,0xae,0x7f,0x60, + 0xa1,0x22,0x04,0x20,0xd7,0x5a,0x98,0x01, + 0x82,0xb1,0x0a,0xb7,0xd5,0x4b,0xfe,0xd3, + 0xc9,0x64,0x07,0x3a,0x0e,0xe1,0x72,0xf3, + 0xda,0xa6,0x23,0x25,0xaf,0x02,0x1a,0x68, + 0xf7,0x07,0x51,0x1a + }; + word32 idx; + ed25519_key key3; + #endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_EXPORT && HAVE_ED25519_KEY_IMPORT */ /* create ed25519 keys */ @@ -17128,6 +17160,7 @@ int ed25519_test(void) wc_ed25519_init(&key); wc_ed25519_init(&key2); + wc_ed25519_init(&key3); wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key); wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key2); @@ -17145,8 +17178,7 @@ int ed25519_test(void) pKeySz[i], &key) != 0) return -8901 - i; - if (wc_ed25519_sign_msg(msgs[i], msgSz[i], out, &outlen, &key) - != 0) + if (wc_ed25519_sign_msg(msgs[i], msgSz[i], out, &outlen, &key) != 0) return -8911 - i; if (XMEMCMP(out, sigs[i], 64)) @@ -17196,6 +17228,50 @@ int ed25519_test(void) return -9011 - i; #endif /* HAVE_ED25519_VERIFY */ } + + /* Try ASN.1 encoded private-only key and public key. */ + idx = 0; + if (wc_Ed25519PrivateKeyDecode(privateEd25519, &idx, &key3, + sizeof(privateEd25519)) != 0) + return -7230 - i; + + if (wc_ed25519_sign_msg(msgs[0], msgSz[0], out, &outlen, &key3) + != BAD_FUNC_ARG) + return -7231 - i; + + idx = 0; + if (wc_Ed25519PublicKeyDecode(publicEd25519, &idx, &key3, + sizeof(publicEd25519)) != 0) + return -7232 - i; + + if (wc_ed25519_sign_msg(msgs[0], msgSz[0], out, &outlen, &key3) != 0) + return -7233 - i; + + if (XMEMCMP(out, sigs[0], 64)) + return -7234 - i; + +#if defined(HAVE_ED25519_VERIFY) + /* test verify on good msg */ + if (wc_ed25519_verify_msg(out, outlen, msgs[0], msgSz[0], &verify, &key3) + != 0 || verify != 1) + return -7233 - i; +#endif /* HAVE_ED25519_VERIFY */ + + wc_ed25519_free(&key3); + wc_ed25519_init(&key3); + + idx = 0; + if (wc_Ed25519PrivateKeyDecode(privPubEd25519, &idx, &key3, + sizeof(privPubEd25519)) != 0) + return -7230 - i; + + if (wc_ed25519_sign_msg(msgs[0], msgSz[0], out, &outlen, &key3) != 0) + return -7233 - i; + + if (XMEMCMP(out, sigs[0], 64)) + return -7234 - i; + + wc_ed25519_free(&key3); #endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_EXPORT && HAVE_ED25519_KEY_IMPORT */ /* clean up keys when done */ diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 09295cbc0..de1da1212 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -3349,6 +3349,11 @@ typedef struct HS_Hashes { #ifdef WOLFSSL_SHA512 wc_Sha512 hashSha512; /* sha512 hash of handshake msgs */ #endif +#if defined(HAVE_ED25519) && !defined(WOLFSSL_NO_CLIENT_AUTH) + byte* messages; /* handshake messages */ + int length; /* length of handhsake messages' data */ + int prevLen; /* length of messages but last */ +#endif } HS_Hashes; @@ -3875,6 +3880,7 @@ WOLFSSL_LOCAL int wolfSSL_GetMaxRecordSize(WOLFSSL* ssl, int maxFragment); word32* outlen, int side, void* ctx); #endif /* HAVE_ECC */ #ifdef HAVE_ED25519 + WOLFSSL_LOCAL int Ed25519CheckPubKey(WOLFSSL* ssl); WOLFSSL_LOCAL int Ed25519Sign(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out, word32* outSz, ed25519_key* key, DerBuffer* keyBufInfo, void* ctx); diff --git a/wolfssl/wolfcrypt/ed25519.h b/wolfssl/wolfcrypt/ed25519.h index 82aa41062..e3950c3ea 100644 --- a/wolfssl/wolfcrypt/ed25519.h +++ b/wolfssl/wolfcrypt/ed25519.h @@ -77,6 +77,7 @@ struct ed25519_key { byte pointX[ED25519_KEY_SIZE]; /* recovered X coordinate */ byte pointY[ED25519_KEY_SIZE]; /* Y coordinate is the public key with The most significant bit of the final octet always zero. */ #endif + int pubKeySet:1; #ifdef WOLFSSL_ASYNC_CRYPT WC_ASYNC_DEV asyncDev; #endif From 9358edf5dd46bb05de85378367f77c73de8a0392 Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Wed, 9 May 2018 08:43:22 +1000 Subject: [PATCH 080/146] Fixes from code review Include new private key files in release. Set messages field to NULL after free. --- certs/include.am | 6 +++++- src/internal.c | 4 +++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/certs/include.am b/certs/include.am index 55e8632f2..7a227aa95 100755 --- a/certs/include.am +++ b/certs/include.am @@ -72,6 +72,8 @@ EXTRA_DIST += \ certs/ed25519/client-ed25519-key.der \ certs/ed25519/client-ed25519-key.pem \ certs/ed25519/client-ed25519.pem \ + certs/ed25519/client-ed25519-priv.pem \ + certs/ed25519/client-ed25519-priv.pem \ certs/ed25519/root-ed25519.der \ certs/ed25519/root-ed25519-key.der \ certs/ed25519/root-ed25519-key.pem \ @@ -79,7 +81,9 @@ EXTRA_DIST += \ certs/ed25519/server-ed25519.der \ certs/ed25519/server-ed25519-key.der \ certs/ed25519/server-ed25519-key.pem \ - certs/ed25519/server-ed25519.pem + certs/ed25519/server-ed25519.pem \ + certs/ed25519/server-ed25519-priv.der \ + certs/ed25519/server-ed25519-priv.pem # ECC CA prime256v1 EXTRA_DIST += \ diff --git a/src/internal.c b/src/internal.c index 66c5b45b1..a45c7d54d 100644 --- a/src/internal.c +++ b/src/internal.c @@ -4328,8 +4328,10 @@ void FreeHandshakeHashes(WOLFSSL* ssl) wc_Sha512Free(&ssl->hsHashes->hashSha512); #endif #if defined(HAVE_ED25519) && !defined(WOLFSSL_NO_CLIENT_AUTH) - if (ssl->hsHashes->messages != NULL) + if (ssl->hsHashes->messages != NULL) { XFREE(ssl->hsHashes->messages, ssl->heap, DYNAMIC_TYPE_HASHES); + ssl->hsHashes->messages = NULL; + } #endif XFREE(ssl->hsHashes, ssl->heap, DYNAMIC_TYPE_HASHES); From 982119b4958606af7b1a3df535565148ab9e4a95 Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Tue, 15 May 2018 10:43:17 +1000 Subject: [PATCH 081/146] Only cache messages when required. --- src/internal.c | 32 ++++++++++++++++++++------------ 1 file changed, 20 insertions(+), 12 deletions(-) diff --git a/src/internal.c b/src/internal.c index a45c7d54d..1ec9f1b38 100644 --- a/src/internal.c +++ b/src/internal.c @@ -6053,18 +6053,26 @@ static int Ed25519Update(WOLFSSL* ssl, const byte* data, int sz) int ret = 0; byte* msgs; - if (!IsAtLeastTLSv1_3(ssl->version) || ssl->options.downgrade) { - msgs = (byte*)XREALLOC(ssl->hsHashes->messages, - ssl->hsHashes->length + sz, ssl->heap, - DYNAMIC_TYPE_HASHES); - if (msgs == NULL) - ret = MEMORY_E; - if (ret == 0) { - ssl->hsHashes->messages = msgs; - XMEMCPY(msgs + ssl->hsHashes->length, data, sz); - ssl->hsHashes->prevLen = ssl->hsHashes->length; - ssl->hsHashes->length += sz; - } + if (!IsAtLeastTLSv1_2(ssl)) + return 0; + if (IsAtLeastTLSv1_3(ssl->version) && !ssl->options.downgrade) + return 0; + if (ssl->options.side == WOLFSSL_CLIENT_END && + ssl->buffers.keyType != ed25519_sa_algo) + return 0; + if (ssl->options.side == WOLFSSL_SERVER_END && (ssl->options.resuming || + !ssl->options.verifyPeer)) + return 0; + + msgs = (byte*)XREALLOC(ssl->hsHashes->messages, ssl->hsHashes->length + sz, + ssl->heap, DYNAMIC_TYPE_HASHES); + if (msgs == NULL) + ret = MEMORY_E; + if (ret == 0) { + ssl->hsHashes->messages = msgs; + XMEMCPY(msgs + ssl->hsHashes->length, data, sz); + ssl->hsHashes->prevLen = ssl->hsHashes->length; + ssl->hsHashes->length += sz; } return ret; From 450741f8ef13bf9f70b1bf35c3d0de520f7d6f82 Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Fri, 18 May 2018 09:45:30 +1000 Subject: [PATCH 082/146] Change checks for message chaching to happen once Add compile option to remove Ed25119 client auth in TLS 1.2. Cipher suite choice does not affect client auth. --- src/internal.c | 88 +++++++++++++++++++++++++++------------------- wolfssl/internal.h | 4 +++ 2 files changed, 56 insertions(+), 36 deletions(-) diff --git a/src/internal.c b/src/internal.c index 1ec9f1b38..3171ba4b2 100644 --- a/src/internal.c +++ b/src/internal.c @@ -4178,6 +4178,12 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) ssl->buffers.keyType = ctx->privateKeyType; ssl->buffers.keySz = ctx->privateKeySz; #endif +#if !defined(WOLFSSL_NO_CLIENT_AUTH) && defined(HAVE_ED25519) && \ + !defined(NO_ED25519_CLIENT_AUTH) + ssl->options.cacheMessages = ssl->options.side == WOLFSSL_SERVER_END || + ssl->buffers.keyType == ed25519_sa_algo; +#endif + #ifdef WOLFSSL_ASYNC_CRYPT ssl->devId = ctx->devId; @@ -6040,7 +6046,8 @@ ProtocolVersion MakeDTLSv1_2(void) return (word32)XTIME(0); } #endif -#if defined(HAVE_ED25519) && !defined(WOLFSSL_NO_CLIENT_AUTH) +#if !defined(WOLFSSL_NO_CLIENT_AUTH) && defined(HAVE_ED25519) && \ + !defined(NO_ED25519_CLIENT_AUTH) /* Store the message for use with CertificateVerify using Ed25519. * * ssl SSL/TLS object. @@ -6053,26 +6060,18 @@ static int Ed25519Update(WOLFSSL* ssl, const byte* data, int sz) int ret = 0; byte* msgs; - if (!IsAtLeastTLSv1_2(ssl)) - return 0; - if (IsAtLeastTLSv1_3(ssl->version) && !ssl->options.downgrade) - return 0; - if (ssl->options.side == WOLFSSL_CLIENT_END && - ssl->buffers.keyType != ed25519_sa_algo) - return 0; - if (ssl->options.side == WOLFSSL_SERVER_END && (ssl->options.resuming || - !ssl->options.verifyPeer)) - return 0; - - msgs = (byte*)XREALLOC(ssl->hsHashes->messages, ssl->hsHashes->length + sz, + if (ssl->options.cacheMessages) { + msgs = (byte*)XREALLOC(ssl->hsHashes->messages, + ssl->hsHashes->length + sz, ssl->heap, DYNAMIC_TYPE_HASHES); - if (msgs == NULL) - ret = MEMORY_E; - if (ret == 0) { - ssl->hsHashes->messages = msgs; - XMEMCPY(msgs + ssl->hsHashes->length, data, sz); - ssl->hsHashes->prevLen = ssl->hsHashes->length; - ssl->hsHashes->length += sz; + if (msgs == NULL) + ret = MEMORY_E; + if (ret == 0) { + ssl->hsHashes->messages = msgs; + XMEMCPY(msgs + ssl->hsHashes->length, data, sz); + ssl->hsHashes->prevLen = ssl->hsHashes->length; + ssl->hsHashes->length += sz; + } } return ret; @@ -6119,7 +6118,8 @@ int HashOutputRaw(WOLFSSL* ssl, const byte* output, int sz) if (ret != 0) return ret; #endif - #if defined(HAVE_ED25519) && !defined(WOLFSSL_NO_CLIENT_AUTH) + #if !defined(WOLFSSL_NO_CLIENT_AUTH) && defined(HAVE_ED25519) && \ + !defined(NO_ED25519_CLIENT_AUTH) ret = Ed25519Update(ssl, output, sz); if (ret != 0) return ret; @@ -6175,7 +6175,8 @@ int HashOutput(WOLFSSL* ssl, const byte* output, int sz, int ivSz) if (ret != 0) return ret; #endif - #if defined(HAVE_ED25519) && !defined(WOLFSSL_NO_CLIENT_AUTH) + #if !defined(WOLFSSL_NO_CLIENT_AUTH) && defined(HAVE_ED25519) && \ + !defined(NO_ED25519_CLIENT_AUTH) ret = Ed25519Update(ssl, adj, sz); if (ret != 0) return ret; @@ -6233,7 +6234,8 @@ int HashInput(WOLFSSL* ssl, const byte* input, int sz) if (ret != 0) return ret; #endif - #if defined(HAVE_ED25519) && !defined(WOLFSSL_NO_CLIENT_AUTH) + #if !defined(WOLFSSL_NO_CLIENT_AUTH) && defined(HAVE_ED25519) && \ + !defined(NO_ED25519_CLIENT_AUTH) ret = Ed25519Update(ssl, adj, sz); if (ret != 0) return ret; @@ -10261,6 +10263,13 @@ static int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx, case server_hello: WOLFSSL_MSG("processing server hello"); ret = DoServerHello(ssl, input, inOutIdx, size); + #if !defined(WOLFSSL_NO_CLIENT_AUTH) && defined(HAVE_ED25519) && \ + !defined(NO_ED25519_CLIENT_AUTH) + if (ssl->options.resuming || !IsAtLeastTLSv1_2(ssl) || + IsAtLeastTLSv1_3(ssl->version)) { + ssl->options.cacheMessages = 0; + } + #endif break; #ifndef NO_CERTS @@ -10322,6 +10331,13 @@ static int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx, case client_hello: WOLFSSL_MSG("processing client hello"); ret = DoClientHello(ssl, input, inOutIdx, size); + #if !defined(WOLFSSL_NO_CLIENT_AUTH) && defined(HAVE_ED25519) && \ + !defined(NO_ED25519_CLIENT_AUTH) + if (ssl->options.resuming || !ssl->options.verifyPeer || \ + !IsAtLeastTLSv1_2(ssl) || IsAtLeastTLSv1_3(ssl->version)) { + ssl->options.cacheMessages = 0; + } + #endif break; case client_key_exchange: @@ -17844,7 +17860,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, break; } #endif /* HAVE_ECC */ - #ifdef HAVE_ED25519 + #if defined(HAVE_ED25519) case ed25519_sa_algo: { if (!ssl->peerEd25519KeyPresent) { @@ -17954,7 +17970,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, break; } #endif /* HAVE_ECC */ - #ifdef HAVE_ED25519 + #if defined(HAVE_ED25519) case ed25519_sa_algo: { ret = Ed25519Verify(ssl, @@ -18082,7 +18098,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, /* Nothing to do in this algo */ break; #endif /* HAVE_ECC */ - #ifdef HAVE_ED25519 + #if defined(HAVE_ED25519) case ed25519_sa_algo: /* Nothing to do in this algo */ break; @@ -19985,13 +20001,13 @@ int SendCertificateVerify(WOLFSSL* ssl) c16toa(args->length, args->verify + args->extraSz); } #endif /* !NO_RSA */ - #ifdef HAVE_ED25519 + #if defined(HAVE_ED25519) && !defined(NO_ED25519_CLIENT_AUTH) if (args->sigAlgo == ed25519_sa_algo) { ret = Ed25519CheckPubKey(ssl); if (ret != 0) goto exit_scv; } - #endif /* HAVE_ED25519 */ + #endif /* HAVE_ED25519 && !NO_ED25519_CLIENT_AUTH */ /* Advance state and proceed */ ssl->options.asyncState = TLS_ASYNC_DO; @@ -20017,7 +20033,7 @@ int SendCertificateVerify(WOLFSSL* ssl) ); } #endif /* HAVE_ECC */ - #ifdef HAVE_ED25519 + #if defined(HAVE_ED25519) && !defined(NO_ED25519_CLIENT_AUTH) if (ssl->hsType == DYNAMIC_TYPE_ED25519) { ed25519_key* key = (ed25519_key*)ssl->hsKey; @@ -20033,7 +20049,7 @@ int SendCertificateVerify(WOLFSSL* ssl) #endif ); } - #endif /* HAVE_ED25519 */ + #endif /* HAVE_ED25519 && !NO_ED25519_CLIENT_AUTH */ #ifndef NO_RSA if (ssl->hsType == DYNAMIC_TYPE_RSA) { RsaKey* key = (RsaKey*)ssl->hsKey; @@ -23177,10 +23193,10 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, else if (ssl->peerEccDsaKeyPresent) args->sigAlgo = ecc_dsa_sa_algo; #endif - #ifdef HAVE_ED25519 + #if defined(HAVE_ED25519) && !defined(NO_ED25519_CLIENT_AUTH) else if (ssl->peerEd25519KeyPresent) args->sigAlgo = ed25519_sa_algo; - #endif + #endif /* HAVE_ED25519 && !NO_ED25519_CLIENT_AUTH */ if ((args->idx - args->begin) + OPAQUE16_LEN > size) { ERROR_OUT(BUFFER_ERROR, exit_dcv); @@ -23221,7 +23237,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, } } #endif /* HAVE_ECC */ - #ifdef HAVE_ED25519 + #if defined(HAVE_ED25519) && !defined(NO_ED25519_CLIENT_AUTH) if (ssl->peerEd25519KeyPresent) { WOLFSSL_MSG("Doing ED25519 peer cert verify"); if (IsAtLeastTLSv1_2(ssl) && @@ -23230,7 +23246,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, "Oops, peer sent ED25519 key but not in verify"); } } - #endif /* HAVE_ED25519 */ + #endif /* HAVE_ED25519 && !NO_ED25519_CLIENT_AUTH */ /* Advance state and proceed */ ssl->options.asyncState = TLS_ASYNC_DO; @@ -23284,7 +23300,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, ); } #endif /* HAVE_ECC */ - #ifdef HAVE_ED25519 + #if defined(HAVE_ED25519) && !defined(NO_ED25519_CLIENT_AUTH) if (ssl->peerEd25519KeyPresent) { WOLFSSL_MSG("Doing Ed25519 peer cert verify"); @@ -23300,7 +23316,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, #endif ); } - #endif /* HAVE_ED25519 */ + #endif /* HAVE_ED25519 && !NO_ED25519_CLIENT_AUTH */ /* Check for error */ if (ret != 0) { diff --git a/wolfssl/internal.h b/wolfssl/internal.h index de1da1212..a5f3701d2 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -3055,6 +3055,10 @@ typedef struct Options { #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TLS13_MIDDLEBOX_COMPAT) word16 sentChangeCipher:1; /* Change Cipher Spec sent */ #endif +#if !defined(WOLFSSL_NO_CLIENT_AUTH) && defined(HAVE_ED25519) && \ + !defined(NO_ED25519_CLIENT_AUTH) + word16 cacheMessages:1; /* Cache messages for sign/verify */ +#endif /* need full byte values for this section */ byte processReply; /* nonblocking resume */ From 0315b378f57c2fcde66eb2feac35168df2cc22cb Mon Sep 17 00:00:00 2001 From: John Safranek Date: Wed, 23 May 2018 16:07:45 -0700 Subject: [PATCH 083/146] Fix TCP with Timeout Updated example client and server to use the new wolfSSL_dtls_set_using_nonblock() function. --- examples/client/client.c | 12 ++++++++++-- examples/server/server.c | 6 +++++- 2 files changed, 15 insertions(+), 3 deletions(-) diff --git a/examples/client/client.c b/examples/client/client.c index 018b91e7c..ba048b1af 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -2075,7 +2075,11 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) wolfSSL_check_domain_name(ssl, domain); #ifndef WOLFSSL_CALLBACKS if (nonBlocking) { - wolfSSL_set_using_nonblock(ssl, 1); +#ifdef WOLFSSL_DTLS + if (doDTLS) { + wolfSSL_dtls_set_using_nonblock(ssl, 1); + } +#endif tcp_set_nonblocking(&sockfd); ret = NonBlockingSSL_Connect(ssl); } @@ -2328,7 +2332,11 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) #ifndef WOLFSSL_CALLBACKS if (nonBlocking) { - wolfSSL_set_using_nonblock(sslResume, 1); +#ifdef WOLFSSL_DTLS + if (doDTLS) { + wolfSSL_dtls_set_using_nonblock(ssl, 1); + } +#endif tcp_set_nonblocking(&sockfd); ret = NonBlockingSSL_Connect(sslResume); } diff --git a/examples/server/server.c b/examples/server/server.c index 0a44095ed..f31cf3b24 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -1426,7 +1426,11 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) #ifndef CYASSL_CALLBACKS if (nonBlocking) { - CyaSSL_set_using_nonblock(ssl, 1); +#ifdef WOLFSSL_DTLS + if (doDTLS) { + wolfSSL_dtls_set_using_nonblock(ssl, 1); + } +#endif tcp_set_nonblocking(&clientfd); } #endif From 6f221ff75ceca49c260a0e0d2d46dd956126b357 Mon Sep 17 00:00:00 2001 From: David Garske Date: Wed, 23 May 2018 16:21:49 -0700 Subject: [PATCH 084/146] Fix possible leak in PKCS for failure case with small stack enabled. --- wolfcrypt/src/pkcs7.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c index 2da4c5e15..4f7e6bf0c 100644 --- a/wolfcrypt/src/pkcs7.c +++ b/wolfcrypt/src/pkcs7.c @@ -4186,6 +4186,9 @@ static int wc_PKCS7_DecodeKari(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz, pkcs7->privateKeySz); if (ret != 0) { wc_PKCS7_KariFree(kari); + #ifdef WOLFSSL_SMALL_STACK + XFREE(encryptedKey, NULL, DYNAMIC_TYPE_PKCS7); + #endif return ret; } From 005a0d4dff2514224c5b4fb906529368d120c606 Mon Sep 17 00:00:00 2001 From: Carie Pointer Date: Wed, 23 May 2018 20:17:11 -0600 Subject: [PATCH 085/146] Define devId if RSA is enabled --- tests/api.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/api.c b/tests/api.c index 0c3050c56..e3a4a8cbb 100644 --- a/tests/api.c +++ b/tests/api.c @@ -249,7 +249,7 @@ #include #endif -#if defined(WOLFSSL_SHA3) || defined(HAVE_PKCS7) +#if defined(WOLFSSL_SHA3) || defined(HAVE_PKCS7) || !defined(NO_RSA) static int devId = INVALID_DEVID; #endif #ifndef NO_DSA From 1d281ce515636c4f9d560fd3a9cd19395110a886 Mon Sep 17 00:00:00 2001 From: C-Treff Date: Thu, 24 May 2018 09:35:46 +0200 Subject: [PATCH 086/146] replace memset by XMEMSET replaced memset with XMEMSET as requested by @dgarske INtime project files cleanup --- IDE/INTIME-RTOS/libwolfssl.vcxproj | 10 ---------- IDE/INTIME-RTOS/wolfExamples.vcxproj | 7 ------- wolfcrypt/test/test.c | 20 ++++++++++---------- wolfssl/test.h | 10 +++++----- 4 files changed, 15 insertions(+), 32 deletions(-) diff --git a/IDE/INTIME-RTOS/libwolfssl.vcxproj b/IDE/INTIME-RTOS/libwolfssl.vcxproj index 72bdd824c..85bb1d783 100755 --- a/IDE/INTIME-RTOS/libwolfssl.vcxproj +++ b/IDE/INTIME-RTOS/libwolfssl.vcxproj @@ -27,7 +27,6 @@ - @@ -40,7 +39,6 @@ - @@ -194,10 +192,6 @@ Async _USRDLL;WOLFSSL_DLL;BUILDING_WOLFSSL;WOLFSSL_USER_SETTINGS;_USE_64BIT_TIME_T;%(PreprocessorDefinitions) $(ProjectDir);$(ProjectDir)..\..\;%(AdditionalIncludeDirectories) - $(IntDir) - $(IntDir) - $(IntDir) - $(IntDir)vc$(PlatformToolsetVersion).pdb @@ -213,10 +207,6 @@ Async _USRDLL;WOLFSSL_DLL;BUILDING_WOLFSSL;WOLFSSL_USER_SETTINGS;_USE_64BIT_TIME_T;%(PreprocessorDefinitions) $(ProjectDir);$(ProjectDir)..\..\;%(AdditionalIncludeDirectories) - $(IntDir) - $(IntDir) - $(IntDir) - $(IntDir)vc$(PlatformToolsetVersion).pdb diff --git a/IDE/INTIME-RTOS/wolfExamples.vcxproj b/IDE/INTIME-RTOS/wolfExamples.vcxproj index 81f82318e..81b1e6d4f 100755 --- a/IDE/INTIME-RTOS/wolfExamples.vcxproj +++ b/IDE/INTIME-RTOS/wolfExamples.vcxproj @@ -68,10 +68,6 @@ Async WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) $(ProjectDir);$(ProjectDir)..\..\;%(AdditionalIncludeDirectories) - $(IntDir) - $(IntDir) - $(IntDir)vc$(PlatformToolsetVersion).pdb - $(IntDir) @@ -88,10 +84,7 @@ Async WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) $(ProjectDir);$(ProjectDir)..\..\;%(AdditionalIncludeDirectories) - $(IntDir) - $(IntDir) $(IntDir)vc$(PlatformToolsetVersion).pdb - $(IntDir) diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 4554cd83a..508971ce2 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -12671,7 +12671,7 @@ int openssl_pkey0_test(void) printf("error with encrypt init\n"); return ERR_BASE_PKEY-17; } - memset(out, 0, sizeof(out)); + XMEMSET(out, 0, sizeof(out)); ret = EVP_PKEY_encrypt(enc, out, &outlen, in, sizeof(in)); if (ret != 1) { printf("error encrypting msg\n"); @@ -12680,7 +12680,7 @@ int openssl_pkey0_test(void) show("encrypted msg", out, outlen); - memset(plain, 0, sizeof(plain)); + XMEMSET(plain, 0, sizeof(plain)); ret = EVP_PKEY_decrypt(dec, plain, &outlen, out, keySz); if (ret != 1) { printf("error decrypting msg\n"); @@ -12717,7 +12717,7 @@ int openssl_pkey0_test(void) } #endif - memset(out, 0, sizeof(out)); + XMEMSET(out, 0, sizeof(out)); ret = EVP_PKEY_encrypt(enc, out, &outlen, in, sizeof(in)); if (ret != 1) { printf("error encrypting msg\n"); @@ -12726,7 +12726,7 @@ int openssl_pkey0_test(void) show("encrypted msg", out, outlen); - memset(plain, 0, sizeof(plain)); + XMEMSET(plain, 0, sizeof(plain)); ret = EVP_PKEY_decrypt(dec, plain, &outlen, out, keySz); if (ret != 1) { printf("error decrypting msg\n"); @@ -13017,7 +13017,7 @@ int openssl_evpSig_test() show("message = ", (char *)msg, count); /* sign */ - memset(sig, 0, sizeof(sig)); + XMEMSET(sig, 0, sizeof(sig)); pt = (const void*)msg; ret1 = EVP_SignUpdate(sign, pt, count); ret2 = EVP_SignFinal(sign, sig, &sigSz, prvPkey); @@ -15729,8 +15729,8 @@ int ecc_test_buffers(void) { int verify = 0; word32 x; - memset(&cliKey, 0, sizeof(ecc_key)); - memset(&servKey, 0, sizeof(ecc_key)); + XMEMSET(&cliKey, 0, sizeof(ecc_key)); + XMEMSET(&servKey, 0, sizeof(ecc_key)); bytes = (size_t)sizeof_ecc_clikey_der_256; /* place client key into ecc_key struct cliKey */ @@ -18486,7 +18486,7 @@ int blob_test(void) }; - memset(blob, 0, sizeof(blob)); + XMEMSET(blob, 0, sizeof(blob)); outSz = sizeof(blob); ret = wc_caamCreateBlob((byte*)iv, sizeof(iv), blob, &outSz); if (ret != 0) { @@ -18499,7 +18499,7 @@ int blob_test(void) ERROR_OUT(-8201, exit_blob); } - memset(blob, 0, sizeof(blob)); + XMEMSET(blob, 0, sizeof(blob)); outSz = sizeof(blob); ret = wc_caamCreateBlob((byte*)iv, sizeof(iv), blob, &outSz); if (ret != 0) { @@ -18515,7 +18515,7 @@ int blob_test(void) ERROR_OUT(-8204, exit_blob); } - memset(blob, 0, sizeof(blob)); + XMEMSET(blob, 0, sizeof(blob)); outSz = sizeof(blob); ret = wc_caamCreateBlob((byte*)text, sizeof(text), blob, &outSz); if (ret != 0) { diff --git a/wolfssl/test.h b/wolfssl/test.h index 2c66ee6f5..77dee8474 100644 --- a/wolfssl/test.h +++ b/wolfssl/test.h @@ -639,7 +639,7 @@ static INLINE void build_addr(SOCKADDR_IN_T* addr, const char* peer, if (addr == NULL) err_sys("invalid argument to build_addr, addr is NULL"); - memset(addr, 0, sizeof(SOCKADDR_IN_T)); + XMEMSET(addr, 0, sizeof(SOCKADDR_IN_T)); #ifndef TEST_IPV6 /* peer could be in human readable form */ @@ -692,7 +692,7 @@ static INLINE void build_addr(SOCKADDR_IN_T* addr, const char* peer, int ret; char strPort[80]; - memset(&hints, 0, sizeof(hints)); + XMEMSET(&hints, 0, sizeof(hints)); hints.ai_family = AF_INET_V; if (udp) { @@ -1422,7 +1422,7 @@ static INLINE int myDateCb(int preverify, WOLFSSL_X509_STORE_CTX* store) #ifdef HAVE_EXT_CACHE -static INLINE WOLFSSL_SESSION* mySessGetCb(WOLFSSL* ssl, unsigned char* id, +static INLINE WOLFSSL_SESSION* mySessGetCb(WOLFSSL* ssl, unsigned char* id, int id_len, int* copy) { (void)ssl; @@ -1852,14 +1852,14 @@ static INLINE void SetupAtomicUser(WOLFSSL_CTX* ctx, WOLFSSL* ssl) encCtx = (AtomicEncCtx*)malloc(sizeof(AtomicEncCtx)); if (encCtx == NULL) err_sys("AtomicEncCtx malloc failed"); - memset(encCtx, 0, sizeof(AtomicEncCtx)); + XMEMSET(encCtx, 0, sizeof(AtomicEncCtx)); decCtx = (AtomicDecCtx*)malloc(sizeof(AtomicDecCtx)); if (decCtx == NULL) { free(encCtx); err_sys("AtomicDecCtx malloc failed"); } - memset(decCtx, 0, sizeof(AtomicDecCtx)); + XMEMSET(decCtx, 0, sizeof(AtomicDecCtx)); wolfSSL_CTX_SetMacEncryptCb(ctx, myMacEncryptCb); wolfSSL_SetMacEncryptCtx(ssl, encCtx); From 06e9354629ac62e0694e008abe4f4acc746ece13 Mon Sep 17 00:00:00 2001 From: C-Treff Date: Thu, 24 May 2018 09:48:18 +0200 Subject: [PATCH 087/146] removed tabs --- wolfcrypt/test/test.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 508971ce2..b31461a67 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -13017,7 +13017,7 @@ int openssl_evpSig_test() show("message = ", (char *)msg, count); /* sign */ - XMEMSET(sig, 0, sizeof(sig)); + XMEMSET(sig, 0, sizeof(sig)); pt = (const void*)msg; ret1 = EVP_SignUpdate(sign, pt, count); ret2 = EVP_SignFinal(sign, sig, &sigSz, prvPkey); @@ -15729,7 +15729,7 @@ int ecc_test_buffers(void) { int verify = 0; word32 x; - XMEMSET(&cliKey, 0, sizeof(ecc_key)); + XMEMSET(&cliKey, 0, sizeof(ecc_key)); XMEMSET(&servKey, 0, sizeof(ecc_key)); bytes = (size_t)sizeof_ecc_clikey_der_256; @@ -18486,7 +18486,7 @@ int blob_test(void) }; - XMEMSET(blob, 0, sizeof(blob)); + XMEMSET(blob, 0, sizeof(blob)); outSz = sizeof(blob); ret = wc_caamCreateBlob((byte*)iv, sizeof(iv), blob, &outSz); if (ret != 0) { @@ -18499,7 +18499,7 @@ int blob_test(void) ERROR_OUT(-8201, exit_blob); } - XMEMSET(blob, 0, sizeof(blob)); + XMEMSET(blob, 0, sizeof(blob)); outSz = sizeof(blob); ret = wc_caamCreateBlob((byte*)iv, sizeof(iv), blob, &outSz); if (ret != 0) { @@ -18515,7 +18515,7 @@ int blob_test(void) ERROR_OUT(-8204, exit_blob); } - XMEMSET(blob, 0, sizeof(blob)); + XMEMSET(blob, 0, sizeof(blob)); outSz = sizeof(blob); ret = wc_caamCreateBlob((byte*)text, sizeof(text), blob, &outSz); if (ret != 0) { From 5d693b263d3ad1d8e2f2cf2086580b829f54cec5 Mon Sep 17 00:00:00 2001 From: C-Treff Date: Thu, 24 May 2018 09:56:54 +0200 Subject: [PATCH 088/146] removed more tabs --- wolfcrypt/test/test.c | 8 ++++---- wolfssl/test.h | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index b31461a67..8d6700057 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -12671,7 +12671,7 @@ int openssl_pkey0_test(void) printf("error with encrypt init\n"); return ERR_BASE_PKEY-17; } - XMEMSET(out, 0, sizeof(out)); + XMEMSET(out, 0, sizeof(out)); ret = EVP_PKEY_encrypt(enc, out, &outlen, in, sizeof(in)); if (ret != 1) { printf("error encrypting msg\n"); @@ -12680,7 +12680,7 @@ int openssl_pkey0_test(void) show("encrypted msg", out, outlen); - XMEMSET(plain, 0, sizeof(plain)); + XMEMSET(plain, 0, sizeof(plain)); ret = EVP_PKEY_decrypt(dec, plain, &outlen, out, keySz); if (ret != 1) { printf("error decrypting msg\n"); @@ -12717,7 +12717,7 @@ int openssl_pkey0_test(void) } #endif - XMEMSET(out, 0, sizeof(out)); + XMEMSET(out, 0, sizeof(out)); ret = EVP_PKEY_encrypt(enc, out, &outlen, in, sizeof(in)); if (ret != 1) { printf("error encrypting msg\n"); @@ -12726,7 +12726,7 @@ int openssl_pkey0_test(void) show("encrypted msg", out, outlen); - XMEMSET(plain, 0, sizeof(plain)); + XMEMSET(plain, 0, sizeof(plain)); ret = EVP_PKEY_decrypt(dec, plain, &outlen, out, keySz); if (ret != 1) { printf("error decrypting msg\n"); diff --git a/wolfssl/test.h b/wolfssl/test.h index 77dee8474..1b584c0a0 100644 --- a/wolfssl/test.h +++ b/wolfssl/test.h @@ -639,7 +639,7 @@ static INLINE void build_addr(SOCKADDR_IN_T* addr, const char* peer, if (addr == NULL) err_sys("invalid argument to build_addr, addr is NULL"); - XMEMSET(addr, 0, sizeof(SOCKADDR_IN_T)); + XMEMSET(addr, 0, sizeof(SOCKADDR_IN_T)); #ifndef TEST_IPV6 /* peer could be in human readable form */ @@ -692,7 +692,7 @@ static INLINE void build_addr(SOCKADDR_IN_T* addr, const char* peer, int ret; char strPort[80]; - XMEMSET(&hints, 0, sizeof(hints)); + XMEMSET(&hints, 0, sizeof(hints)); hints.ai_family = AF_INET_V; if (udp) { @@ -1852,14 +1852,14 @@ static INLINE void SetupAtomicUser(WOLFSSL_CTX* ctx, WOLFSSL* ssl) encCtx = (AtomicEncCtx*)malloc(sizeof(AtomicEncCtx)); if (encCtx == NULL) err_sys("AtomicEncCtx malloc failed"); - XMEMSET(encCtx, 0, sizeof(AtomicEncCtx)); + XMEMSET(encCtx, 0, sizeof(AtomicEncCtx)); decCtx = (AtomicDecCtx*)malloc(sizeof(AtomicDecCtx)); if (decCtx == NULL) { free(encCtx); err_sys("AtomicDecCtx malloc failed"); } - XMEMSET(decCtx, 0, sizeof(AtomicDecCtx)); + XMEMSET(decCtx, 0, sizeof(AtomicDecCtx)); wolfSSL_CTX_SetMacEncryptCb(ctx, myMacEncryptCb); wolfSSL_SetMacEncryptCtx(ssl, encCtx); From a5c2e8b912c8a661577ec7180bfddbbfb7552c16 Mon Sep 17 00:00:00 2001 From: David Garske Date: Thu, 24 May 2018 14:39:35 -0700 Subject: [PATCH 089/146] Added test for common name with invalid domain fails as expected when set with `wolfSSL_check_domain_name`. --- ...gen-badaltnamenull.sh => gen-testcerts.sh} | 23 ++++++ certs/test/include.am | 24 +++--- certs/test/server-nomatch.conf | 16 ++++ certs/test/server-nomatch.csr | 17 +++++ certs/test/server-nomatch.der | Bin 0 -> 837 bytes certs/test/server-nomatch.key | 27 +++++++ certs/test/server-nomatch.pem | 69 ++++++++++++++++++ tests/test-fails.conf | 15 ++++ 8 files changed, 181 insertions(+), 10 deletions(-) rename certs/test/{gen-badaltnamenull.sh => gen-testcerts.sh} (50%) create mode 100644 certs/test/server-nomatch.conf create mode 100644 certs/test/server-nomatch.csr create mode 100644 certs/test/server-nomatch.der create mode 100644 certs/test/server-nomatch.key create mode 100644 certs/test/server-nomatch.pem diff --git a/certs/test/gen-badaltnamenull.sh b/certs/test/gen-testcerts.sh similarity index 50% rename from certs/test/gen-badaltnamenull.sh rename to certs/test/gen-testcerts.sh index 8ca9d8c7a..f51942597 100755 --- a/certs/test/gen-badaltnamenull.sh +++ b/certs/test/gen-testcerts.sh @@ -1,5 +1,6 @@ #!/bin/sh +# Generate CN=localhost, AltName=localhost\0h echo "step 1 create key" openssl genrsa -out server-badaltnamenull.key 2048 @@ -18,3 +19,25 @@ openssl x509 -inform pem -in server-badaltnamenull.pem -text > tmp.pem mv tmp.pem server-badaltnamenull.pem openssl x509 -inform pem -in server-badaltnamenull.pem -outform der -out server-badaltnamenull.der + + +# Generate CN=www.nomatch.com, no AltName +echo "step 1 create key" +openssl genrsa -out server-nomatch.key 2048 + +echo "step 2 create csr" +echo "US\nMontana\nBozeman\nEngineering\nwww.nomatch.com\n.\n" | openssl req -new -sha256 -out server-nomatch.csr -key server-nomatch.key -config server-nomatch.conf + +echo "step 3 check csr" +openssl req -text -noout -in server-nomatch.csr + +echo "step 4 create cert" +openssl x509 -req -days 1000 -in server-nomatch.csr -signkey server-nomatch.key \ + -out server-nomatch.pem -extensions req_ext -extfile server-nomatch.conf + +echo "step 5 make human reviewable" +openssl x509 -inform pem -in server-nomatch.pem -text > tmp.pem +mv tmp.pem server-nomatch.pem + +openssl x509 -inform pem -in server-nomatch.pem -outform der -out server-nomatch.der + diff --git a/certs/test/include.am b/certs/test/include.am index 6b9d07d72..f62e97084 100644 --- a/certs/test/include.am +++ b/certs/test/include.am @@ -3,26 +3,30 @@ # EXTRA_DIST += \ - certs/test/cert-ext-ia.cfg \ - certs/test/cert-ext-ia.der \ - certs/test/cert-ext-nc.cfg \ - certs/test/cert-ext-nc.der \ - certs/test/cert-ext-ns.der \ - certs/test/gen-ext-certs.sh \ + certs/test/cert-ext-ia.cfg \ + certs/test/cert-ext-ia.der \ + certs/test/cert-ext-nc.cfg \ + certs/test/cert-ext-nc.der \ + certs/test/cert-ext-ns.der \ + certs/test/gen-ext-certs.sh \ certs/test/server-duplicate-policy.pem # The certs/server-cert with the last byte (signature byte) changed EXTRA_DIST += \ certs/test/server-cert-rsa-badsig.der \ certs/test/server-cert-rsa-badsig.pem \ - certs/test/server-cert-ecc-badsig.der \ + certs/test/server-cert-ecc-badsig.der \ certs/test/server-cert-ecc-badsig.pem - EXTRA_DIST += \ - certs/test/gen-badaltnamenull.sh \ + certs/test/gen-testcerts.sh \ certs/test/server-badaltnamenull.conf \ certs/test/server-badaltnamenull.csr \ certs/test/server-badaltnamenull.key \ certs/test/server-badaltnamenull.pem \ - certs/test/server-badaltnamenull.der + certs/test/server-badaltnamenull.der \ + certs/test/server-nomatch.conf \ + certs/test/server-nomatch.csr \ + certs/test/server-nomatch.key \ + certs/test/server-nomatch.pem \ + certs/test/server-nomatch.der diff --git a/certs/test/server-nomatch.conf b/certs/test/server-nomatch.conf new file mode 100644 index 000000000..b53010c37 --- /dev/null +++ b/certs/test/server-nomatch.conf @@ -0,0 +1,16 @@ +[ req ] +default_bits = 2048 +distinguished_name = req_distinguished_name +req_extensions = req_ext + +[ req_distinguished_name ] +countryName = US +stateOrProvinceName = Montana +localityName = Bozeman +organizationName = Engineering +commonName = www.nomatch.com +commonName_max = 64 + +[ req_ext ] +#subjectAltName = localhost\0h +#subjectAltName = DER:30:0d:82:0b:6c:6f:63:61:6c:68:6f:73:74:00:68 diff --git a/certs/test/server-nomatch.csr b/certs/test/server-nomatch.csr new file mode 100644 index 000000000..5fdc8f777 --- /dev/null +++ b/certs/test/server-nomatch.csr @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICtDCCAZwCAQAwYDELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAO +BgNVBAcMB0JvemVtYW4xFDASBgNVBAoMC0VuZ2luZWVyaW5nMRcwFQYDVQQDDA53 +d3cubm9uYW1lLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ1B +JYwNWaXJdfnKJAz61T0m1w6xMGxELhZWjDks49zn98lW8E8wMZtCoguE1feuu9pF +6yGnfRmK2J+4QjeWVejmMqt8SQyJpW8nWCvRpFVha0RFbmT60nuvKMRX68Lku6iU +Vav2KHU+cz4yBj1m9QO6AqzJWQWiLY5t25OBq+EkhWUd9I39rGmF8ba1Bnpus27U +tqRVJ8cmEwnNPc8ihvcN8RsrYdnQNyYIiIUdJIA2iduDE7PeOSY3jT9mtmeWQOHp +l91xh/RGbJWNpLBd66TkreLTnz4zmQMMTzZGj1pdv9B3UFc6mIMNWmLsERRhiOMO +hiaFfEJwFJZBN9PaXYsCAwEAAaAPMA0GCSqGSIb3DQEJDjEAMA0GCSqGSIb3DQEB +CwUAA4IBAQCA0S++HN0qb94u8setTM5akJjpM1b2o4rcrQluFKMel8mMip9hinvG +sPkJL1KB28/O9TcdmMX57zfXBsumxLSpjzmjIqri7fVabcu/kybE2wdNNvM+9ZzT +pNbYhWEhsCS8XAegiApx/JVszmH77GLExuVAY2XqxA7Cy2Ia/qyiR6v0agMd6I4z +T7nlJHBckOOEdJ6cjqy67vqWy+BKwCK/kRnOJuirIeJ+SechS4tXuRrVni0pkDuK +xQ2uHQjpzFR40U6pFGgwZcdR1bvLCWOlC7efS4ayIETZzhOuXTZa4qQ5/IcCyM+N +scJS5z+YQpQMgOs5jj5DWYLUtMs63UmQ +-----END CERTIFICATE REQUEST----- diff --git a/certs/test/server-nomatch.der b/certs/test/server-nomatch.der new file mode 100644 index 0000000000000000000000000000000000000000..0dcf502a06857e1ab2ee8b5a8c1b6474a8178ea1 GIT binary patch literal 837 zcmXqLVs)N8c56ub&ylk9WZ60mkc^Mg5Ss4rx47m+B*_cCF z*o2uvgAD}?_&^*E9(LdSypqJcM3@LW54%%-RcdZxo}q|=5J(Ld54USxdS+f~YEfoh zx}ms%C`gootyqzdrP2_lhZ@tG{WK+7;UwvDv15W!}ZK=42%6BHg~++mjnt zKU8T=mHpEDcTHyN$8B5Ls`57HUD>uIRQsc|S^PC*HhZuEx>PDy!09 z)_J>Gc=J6=HS=Ekv~B6r93H-$ez&mwi(Agr-X$AiUoUyG_R;0}cE&TAdHl`X`lDj^ zUnma4JcGL#LAkN|C4>S`R0^uPc|;s)P5p&{9CGQ3ojF&hT7A@HH z(SFWf^`CC7k6D+RY*?1#^1(^Ws8IiG(;;J4E*qQY?c&$vSNb&{l5<nM{9kTRuMU^Yh!?wR%3BRUN?_ I#bUMq03_Q%cmMzZ literal 0 HcmV?d00001 diff --git a/certs/test/server-nomatch.key b/certs/test/server-nomatch.key new file mode 100644 index 000000000..182b27380 --- /dev/null +++ b/certs/test/server-nomatch.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAnUEljA1Zpcl1+cokDPrVPSbXDrEwbEQuFlaMOSzj3Of3yVbw +TzAxm0KiC4TV96672kXrIad9GYrYn7hCN5ZV6OYyq3xJDImlbydYK9GkVWFrREVu +ZPrSe68oxFfrwuS7qJRVq/YodT5zPjIGPWb1A7oCrMlZBaItjm3bk4Gr4SSFZR30 +jf2saYXxtrUGem6zbtS2pFUnxyYTCc09zyKG9w3xGyth2dA3JgiIhR0kgDaJ24MT +s945JjeNP2a2Z5ZA4emX3XGH9EZslY2ksF3rpOSt4tOfPjOZAwxPNkaPWl2/0HdQ +VzqYgw1aYuwRFGGI4w6GJoV8QnAUlkE309pdiwIDAQABAoIBAQCKxhIHfUSOvLHj +JRMZbUY/OAZzTcTo1mZBilEmp8nSidculA1wJJyyYmQ0fB6C/G2E20z8Hx2UK+at +VOMCwSXBaVxv3zdr3BDlfbgeu1wliNornoYkkQCs68+zLc+95zMAOx87qPjdNqZm +zaiaCUDR8BYqO2nXQd6oIaSzkKyI+tqTO9zW4NG8Y5zv0waKCjPK9Ep/kze9uC4S +WIp2eYhUb+x60dECDBGI9xvlgeZyP5PMCfCyaZk3CxnLsR4tI9R5WwDgMcjCShJk +3+kHyrtNU8ak2TrfUoh96arHu0HMLFJaJSdxYT9FUSKhKu+fWMn1J36AkxdqntAw +6HATVD4ZAoGBAM0DCqI5BKvmPWdO587+fpPAa76iqQDqqkaAQ94xcGtTYA0yEfbA +V4JFfsCEFm7evteMmJgmDyNNVvnSi/LQhL+ih40Q0LKREYzBiMy3aothQZAYb+Ex +fVllfZhIaWI8q/DoeZ7qohRHFGBA/znav6vls3kE3jRWx0O30eq9cX1tAoGBAMRd +bQNcp2mCm+fe//s5GKXm4ak4zeo077fUCxJly4DE5e2+IGrP+JYwVrJsMuFu/3C1 +/6+qCgLS+/08BMQ+e6xmTDJrRXtk9KmDI38tEoqzH8tkAgSTxby771/5uNr7hbgX +LtCCIsxhwSAML0b7M2I8xmEfL3Dmu1q7/GEDAMPXAoGABd/ucBOeNKbWX519OwtD +6Uv8Smwy15nh4z9NspJMHGc5O2eR6DY+y7beGPowAmFTqq2WudVtXZ+bvHDyHbUn ++K3ZoIs4z8UkcZoiJ2uiG/hffpeUrSlT5DnqTXDVxEDk1HR0977Vgis/RDrYlXnV +QEHG0NL44xsRfrlHxKhFFkkCgYB1HsgzliLgQp+c2BxUCkUSRrhXx2LCC5rjSRzl +d0O+5THC8IDDVJIPentrZi+e2CaRYmxDqSbZcmAMNa0eI6p+NHHELMk/hQKMzIPy +ib6ibZ5MILU3Z7AsFuf6labVLeoe1+z7PnNk9fVLmRjlvFR0ho1IRmJ0c5pRzwgE +ENd29wKBgA5WnuCBKF9Kv8H9E1hAuAGXwBxmw9PVeWB63/TAernlOQhF47ra9ExH +GtkZv9D/2tNJaoft1YQ1yhBn7l7rW+vfQYXAOW4yRg0FSOOgefBwN/eTOXVRU9Zg +9LBwnQlvimQUm0GrxLLAseDqFMn/a3x/KxftvF95JGx/1Lscukdz +-----END RSA PRIVATE KEY----- diff --git a/certs/test/server-nomatch.pem b/certs/test/server-nomatch.pem new file mode 100644 index 000000000..a1753cbf3 --- /dev/null +++ b/certs/test/server-nomatch.pem @@ -0,0 +1,69 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 13225619248861184800 (0xb78ad6a26ef08320) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, ST=Montana, L=Bozeman, O=Engineering, CN=www.noname.com + Validity + Not Before: May 24 21:25:38 2018 GMT + Not After : Feb 17 21:25:38 2021 GMT + Subject: C=US, ST=Montana, L=Bozeman, O=Engineering, CN=www.noname.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:9d:41:25:8c:0d:59:a5:c9:75:f9:ca:24:0c:fa: + d5:3d:26:d7:0e:b1:30:6c:44:2e:16:56:8c:39:2c: + e3:dc:e7:f7:c9:56:f0:4f:30:31:9b:42:a2:0b:84: + d5:f7:ae:bb:da:45:eb:21:a7:7d:19:8a:d8:9f:b8: + 42:37:96:55:e8:e6:32:ab:7c:49:0c:89:a5:6f:27: + 58:2b:d1:a4:55:61:6b:44:45:6e:64:fa:d2:7b:af: + 28:c4:57:eb:c2:e4:bb:a8:94:55:ab:f6:28:75:3e: + 73:3e:32:06:3d:66:f5:03:ba:02:ac:c9:59:05:a2: + 2d:8e:6d:db:93:81:ab:e1:24:85:65:1d:f4:8d:fd: + ac:69:85:f1:b6:b5:06:7a:6e:b3:6e:d4:b6:a4:55: + 27:c7:26:13:09:cd:3d:cf:22:86:f7:0d:f1:1b:2b: + 61:d9:d0:37:26:08:88:85:1d:24:80:36:89:db:83: + 13:b3:de:39:26:37:8d:3f:66:b6:67:96:40:e1:e9: + 97:dd:71:87:f4:46:6c:95:8d:a4:b0:5d:eb:a4:e4: + ad:e2:d3:9f:3e:33:99:03:0c:4f:36:46:8f:5a:5d: + bf:d0:77:50:57:3a:98:83:0d:5a:62:ec:11:14:61: + 88:e3:0e:86:26:85:7c:42:70:14:96:41:37:d3:da: + 5d:8b + Exponent: 65537 (0x10001) + Signature Algorithm: sha1WithRSAEncryption + 6d:df:c3:7a:74:32:b6:ba:f5:2c:87:93:6c:64:7c:b9:5f:6e: + 79:f3:e7:b2:6a:58:c6:8d:20:9a:f6:46:b1:60:f9:59:59:6f: + 22:32:e3:f8:5c:a2:2d:53:84:48:b9:68:6d:2e:59:03:c1:e4: + ad:5b:ce:91:6e:13:bd:5c:71:2a:69:d8:7d:a8:07:cf:6f:83: + 0c:05:cf:d4:39:7f:10:3d:35:98:1c:f9:77:26:53:d5:81:f1: + 6a:0b:ca:fb:86:f9:6d:bb:92:b9:e0:57:a2:3b:43:14:cc:e0: + 75:27:10:c2:50:1d:91:ca:af:f8:36:88:cc:5d:1d:37:77:fe: + 1d:ea:b3:d9:94:b6:e4:b1:a7:29:2b:e4:1e:c7:f6:65:1d:59: + d7:e2:2d:01:d2:08:a1:72:a0:b2:f1:3f:9c:fd:27:f9:46:85: + e3:05:a5:34:b0:a6:6c:44:f0:42:16:32:71:2f:cd:82:c2:33: + 05:0a:3c:3c:e7:87:17:d7:1f:a9:4e:83:c2:1e:46:a5:0f:7a: + c2:98:f7:98:a1:75:b8:72:26:d9:1b:65:24:f0:f3:d7:2c:9c: + cf:a6:88:c4:8c:56:00:87:16:be:49:28:91:a0:bc:c7:9f:e3: + 02:35:fb:0b:39:e3:c0:f9:f3:ed:bb:7d:2e:4c:09:7a:88:53: + b1:16:5c:b4 +-----BEGIN CERTIFICATE----- +MIIDQTCCAimgAwIBAgIJALeK1qJu8IMgMA0GCSqGSIb3DQEBBQUAMGAxCzAJBgNV +BAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRQwEgYD +VQQKDAtFbmdpbmVlcmluZzEXMBUGA1UEAwwOd3d3Lm5vbmFtZS5jb20wHhcNMTgw +NTI0MjEyNTM4WhcNMjEwMjE3MjEyNTM4WjBgMQswCQYDVQQGEwJVUzEQMA4GA1UE +CAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEUMBIGA1UECgwLRW5naW5lZXJp +bmcxFzAVBgNVBAMMDnd3dy5ub25hbWUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEAnUEljA1Zpcl1+cokDPrVPSbXDrEwbEQuFlaMOSzj3Of3yVbw +TzAxm0KiC4TV96672kXrIad9GYrYn7hCN5ZV6OYyq3xJDImlbydYK9GkVWFrREVu +ZPrSe68oxFfrwuS7qJRVq/YodT5zPjIGPWb1A7oCrMlZBaItjm3bk4Gr4SSFZR30 +jf2saYXxtrUGem6zbtS2pFUnxyYTCc09zyKG9w3xGyth2dA3JgiIhR0kgDaJ24MT +s945JjeNP2a2Z5ZA4emX3XGH9EZslY2ksF3rpOSt4tOfPjOZAwxPNkaPWl2/0HdQ +VzqYgw1aYuwRFGGI4w6GJoV8QnAUlkE309pdiwIDAQABMA0GCSqGSIb3DQEBBQUA +A4IBAQBt38N6dDK2uvUsh5NsZHy5X2558+eyaljGjSCa9kaxYPlZWW8iMuP4XKIt +U4RIuWhtLlkDweStW86RbhO9XHEqadh9qAfPb4MMBc/UOX8QPTWYHPl3JlPVgfFq +C8r7hvltu5K54FeiO0MUzOB1JxDCUB2Ryq/4NojMXR03d/4d6rPZlLbksacpK+Qe +x/ZlHVnX4i0B0gihcqCy8T+c/Sf5RoXjBaU0sKZsRPBCFjJxL82CwjMFCjw854cX +1x+pToPCHkalD3rCmPeYoXW4cibZG2Uk8PPXLJzPpojEjFYAhxa+SSiRoLzHn+MC +NfsLOePA+fPtu30uTAl6iFOxFly0 +-----END CERTIFICATE----- diff --git a/tests/test-fails.conf b/tests/test-fails.conf index 3c78cc038..32fd0c0e1 100644 --- a/tests/test-fails.conf +++ b/tests/test-fails.conf @@ -13,6 +13,21 @@ -m -x +# server nomatch common name +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-k ./certs/test/server-nomatch.key +-c ./certs/test/server-nomatch.pem +-d + +# client nomatch common name +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-h localhost +-A ./certs/test/server-nomatch.pem +-m +-x + # server RSA no signer error -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 From 65014248f93f95a58b0213fccc67399338db714e Mon Sep 17 00:00:00 2001 From: Carie Pointer Date: Thu, 24 May 2018 16:32:27 -0600 Subject: [PATCH 090/146] Fix typos, update ret for if HAVE_USER_RSA defined --- tests/api.c | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/tests/api.c b/tests/api.c index e3a4a8cbb..0eccc4616 100644 --- a/tests/api.c +++ b/tests/api.c @@ -14950,14 +14950,14 @@ static int test_wc_SignatureGetSize_ecc(void) /* Test bad args */ if (ret > 0) { - sig_type = 100; + sig_type = (enum wc_SignatureType) 100; ret = wc_SignatureGetSize(sig_type, &ecc, key_len); if (ret == BAD_FUNC_ARG) { sig_type = WC_SIGNATURE_TYPE_ECC; ret = wc_SignatureGetSize(sig_type, NULL, key_len); } if (ret >= 0) { - key_len = 0; + key_len = (word32) 0; ret = wc_SignatureGetSize(sig_type, &ecc, key_len); } if (ret == BAD_FUNC_ARG) { @@ -15013,7 +15013,7 @@ static int test_wc_SignatureGetSize_rsa(void) if (tmp != NULL) { #ifdef USE_CERT_BUFFERS_1024 XMEMCPY(tmp, client_key_der_1024, - (size_t)sizeof_client_key_ker_1024); + (size_t)sizeof_client_key_der_1024); #elif defined(USE_CERT_BUFFERS_2048) XMEMCPY(tmp, client_key_der_2048, (size_t)sizeof_client_key_der_2048); @@ -15049,14 +15049,18 @@ static int test_wc_SignatureGetSize_rsa(void) /* Test bad args */ if (ret > 0) { - sig_type = 100; + sig_type = (enum wc_SignatureType) 100; ret = wc_SignatureGetSize(sig_type, &rsa_key, key_len); if (ret == BAD_FUNC_ARG) { sig_type = WC_SIGNATURE_TYPE_RSA; ret = wc_SignatureGetSize(sig_type, NULL, key_len); } + #ifndef HAVE_USER_RSA if (ret == BAD_FUNC_ARG) { - key_len = 0; + #else + if (ret == USER_CRYPTO_ERROR) { + #endif + key_len = (word32)0; ret = wc_SignatureGetSize(sig_type, &rsa_key, key_len); } if (ret == BAD_FUNC_ARG) { @@ -15067,6 +15071,7 @@ static int test_wc_SignatureGetSize_rsa(void) ret = WOLFSSL_FATAL_ERROR; } wc_FreeRsaKey(&rsa_key); + XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); #else ret = SIG_TYPE_E; #endif From ba8e441e53071ef27b03a8d7cbe31c47c960e420 Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Thu, 17 May 2018 09:08:03 +1000 Subject: [PATCH 091/146] Allow TLS 1.2 to be compiled out. --- configure.ac | 13 + examples/benchmark/tls_bench.c | 4 +- examples/client/client.c | 6 + examples/server/server.c | 56 +++- scripts/google.test | 7 + scripts/openssl.test | 21 +- scripts/psk.test | 93 +++---- scripts/tls13.test | 478 +++------------------------------ src/internal.c | 231 ++++++++++++---- src/keys.c | 14 +- src/ssl.c | 53 +++- src/tls.c | 21 +- src/tls13.c | 68 ++++- tests/api.c | 131 ++++++++- tests/include.am | 3 + tests/suites.c | 31 ++- tests/test-psk.conf | 15 ++ tests/test-tls13-down.conf | 43 +++ tests/test-tls13-psk.conf | 31 +++ tests/test-tls13.conf | 122 +++++++++ wolfssl/test.h | 8 + 21 files changed, 843 insertions(+), 606 deletions(-) create mode 100644 tests/test-psk.conf create mode 100644 tests/test-tls13-down.conf create mode 100644 tests/test-tls13-psk.conf diff --git a/configure.ac b/configure.ac index 8d84a38f0..a5e44a91e 100644 --- a/configure.ac +++ b/configure.ac @@ -1508,6 +1508,19 @@ else fi +# TLSv1.2 +AC_ARG_ENABLE([tlsv12], + [AS_HELP_STRING([--enable-tlsv12],[Enable TLS versions 1.2 (default: enabled)])], + [ ENABLED_TLSV12=$enableval ], + [ ENABLED_TLSV12=yes ] + ) + +if test "$ENABLED_TLSV12" = "no" +then + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_TLS12 -DNO_OLD_TLS" +fi + + # TLSv1.0 AC_ARG_ENABLE([tlsv10], [AS_HELP_STRING([--enable-tlsv10],[Enable old TLS versions 1.0 (default: disabled)])], diff --git a/examples/benchmark/tls_bench.c b/examples/benchmark/tls_bench.c index 1234914bd..199ab3755 100644 --- a/examples/benchmark/tls_bench.c +++ b/examples/benchmark/tls_bench.c @@ -354,7 +354,7 @@ static void* client_thread(void* args) int haveShownPeerInfo = 0; /* set up client */ - cli_ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()); + cli_ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); if (cli_ctx == NULL) err_sys("error creating ctx"); #ifndef NO_CERTS @@ -480,7 +480,7 @@ static void* server_thread(void* args) WOLFSSL* srv_ssl; /* set up server */ - srv_ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method()); + srv_ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()); if (srv_ctx == NULL) err_sys("error creating server ctx"); #ifndef NO_CERTS diff --git a/examples/client/client.c b/examples/client/client.c index 35f46e98e..b7f2a37c3 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -182,7 +182,9 @@ static void ShowVersions(void) #endif printf("2:"); #endif /* NO_OLD_TLS */ +#ifndef WOLFSSL_NO_TLS12 printf("3:"); +#endif #ifdef WOLFSSL_TLS13 printf("4:"); #endif @@ -1489,9 +1491,11 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) #endif /* !NO_OLD_TLS */ #ifndef NO_TLS + #ifndef WOLFSSL_NO_TLS12 case 3: method = wolfTLSv1_2_client_method_ex; break; + #endif #ifdef WOLFSSL_TLS13 case 4: @@ -1511,9 +1515,11 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) break; #endif + #ifndef WOLFSSL_NO_TLS12 case -2: method = wolfDTLSv1_2_client_method_ex; break; + #endif #endif default: diff --git a/examples/server/server.c b/examples/server/server.c index 44e3b5910..b2fa31ad2 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -281,6 +281,46 @@ int ServerEchoData(SSL* ssl, int clientfd, int echoData, int block, return EXIT_SUCCESS; } +#ifdef WOLFSSL_TLS13 +static void NonBlockingServerRead(WOLFSSL* ssl, char* input, int inputLen) +{ + int ret, err; + char buffer[CYASSL_MAX_ERROR_SZ]; + + /* Read data */ + do { + err = 0; /* reset error */ + ret = SSL_read(ssl, input, inputLen); + if (ret < 0) { + err = SSL_get_error(ssl, 0); + + #ifdef WOLFSSL_ASYNC_CRYPT + if (err == WC_PENDING_E) { + ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW); + if (ret < 0) break; + } + else + #endif + #ifdef CYASSL_DTLS + if (wolfSSL_dtls(ssl) && err == DECRYPT_ERROR) { + printf("Dropped client's message due to a bad MAC\n"); + } + else + #endif + if (err != WOLFSSL_ERROR_WANT_READ) { + printf("SSL_read input error %d, %s\n", err, + ERR_error_string(err, buffer)); + err_sys_ex(runWithErrors, "SSL_read failed"); + } + } + } while (err == WC_PENDING_E || err == WOLFSSL_ERROR_WANT_READ); + if (ret > 0) { + input[ret] = 0; /* null terminate message */ + printf("Client message: %s\n", input); + } +} +#endif + static void ServerRead(WOLFSSL* ssl, char* input, int inputLen) { int ret, err; @@ -543,9 +583,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) int noPskDheKe = 0; #endif int updateKeysIVs = 0; -#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) int postHandAuth = 0; -#endif #ifdef WOLFSSL_EARLY_DATA int earlyData = 0; #endif @@ -598,6 +636,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) (void)crlFlags; (void)readySignal; (void)updateKeysIVs; + (void)postHandAuth; (void)mcastID; (void)useX25519; @@ -967,9 +1006,11 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) #endif /* !NO_OLD_TLS */ #ifndef NO_TLS + #ifndef WOLFSSL_NO_TLS12 case 3: method = wolfTLSv1_2_server_method_ex; break; + #endif #ifdef WOLFSSL_TLS13 case 4: @@ -989,9 +1030,11 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) break; #endif + #ifndef WOLFSSL_NO_TLS12 case -2: method = wolfDTLSv1_2_server_method_ex; break; + #endif #endif default: @@ -1635,10 +1678,13 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) } ServerWrite(ssl, write_msg, write_msg_sz); -#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) - if (postHandAuth) { +#ifdef WOLFSSL_TLS13 + if (updateKeysIVs || postHandAuth) { ServerWrite(ssl, write_msg, write_msg_sz); - ServerRead(ssl, input, sizeof(input)-1); + if (nonBlocking) + NonBlockingServerRead(ssl, input, sizeof(input)-1); + else + ServerRead(ssl, input, sizeof(input)-1); } #endif } diff --git a/scripts/google.test b/scripts/google.test index ecc126836..7b58a8a29 100755 --- a/scripts/google.test +++ b/scripts/google.test @@ -6,6 +6,13 @@ server=www.google.com [ ! -x ./examples/client/client ] && echo -e "\n\nClient doesn't exist" && exit 1 +# TODO: [TLS13] Remove this when google supports final version of TLS 1.3 +./examples/client/client -v 3 2>&1 | grep -- 'Bad SSL version' +if [ $? -eq 0 ]; then + echo -e "\n\nClient doesn't support TLS v1.2" + exit 0 +fi + # is our desired server there? ./scripts/ping.test $server 2 RESULT=$? diff --git a/scripts/openssl.test b/scripts/openssl.test index d8ed4fdf5..3fa04e058 100755 --- a/scripts/openssl.test +++ b/scripts/openssl.test @@ -21,6 +21,9 @@ wolf_suites_total=0 counter=0 testing_summary="OpenSSL Interop Testing Summary:\nVersion\tTested\t#Found\t#Tested\n" versionName="Invalid" +if [ "$OPENSSL" = "" ]; then + OPENSSL=openssl +fi version_name() { case $version in "0") @@ -73,7 +76,7 @@ else fi echo -e "\nTesting existence of openssl command...\n" -command -v openssl >/dev/null 2>&1 || { echo >&2 "Requires openssl command, but it's not installed. Ending."; exit 0; } +command -v $OPENSSL >/dev/null 2>&1 || { echo >&2 "Requires openssl command, but it's not installed. Ending."; exit 0; } echo -e "\nTesting for _build directory as part of distcheck, different paths" @@ -92,7 +95,7 @@ found_free_port=0 while [ "$counter" -lt 20 ]; do echo -e "\nTrying to start openssl server on port $openssl_port...\n" - openssl s_server -accept $openssl_port -cert ./certs/server-cert.pem -key ./certs/server-key.pem -quiet -CAfile ./certs/client-ca.pem -www -dhparam ./certs/dh2048.pem -dcert ./certs/server-ecc.pem -dkey ./certs/ecc-key.pem -verify 10 -verify_return_error -psk 1a2b3c4d -cipher "ALL:eNULL" & + $OPENSSL s_server -accept $openssl_port -cert ./certs/server-cert.pem -key ./certs/server-key.pem -quiet -CAfile ./certs/client-ca.pem -www -dhparam ./certs/dh2048.pem -dcert ./certs/server-ecc.pem -dkey ./certs/ecc-key.pem -verify 10 -verify_return_error -psk 1a2b3c4d -cipher "ALL:eNULL" & server_pid=$! # wait to see if s_server successfully starts before continuing sleep 0.1 @@ -127,7 +130,7 @@ case $wolf_ciphers in while [ "$counter" -lt 20 ]; do echo -e "\nTrying to start ECDH-RSA openssl server on port $ecdh_port...\n" - openssl s_server -accept $ecdh_port -cert ./certs/server-ecc-rsa.pem -key ./certs/ecc-key.pem -quiet -CAfile ./certs/client-ca.pem -www -dhparam ./certs/dh2048.pem -verify 10 -verify_return_error -cipher "ALL:eNULL" & + $OPENSSL s_server -accept $ecdh_port -cert ./certs/server-ecc-rsa.pem -key ./certs/ecc-key.pem -quiet -CAfile ./certs/client-ca.pem -www -dhparam ./certs/dh2048.pem -verify 10 -verify_return_error -cipher "ALL:eNULL" & ecdh_server_pid=$! # wait to see if s_server successfully starts before continuing sleep 0.1 @@ -193,11 +196,11 @@ do echo -e "version = $version" # get openssl ciphers depending on version case $version in "0") - openssl_ciphers=`openssl ciphers "SSLv3"` + openssl_ciphers=`$OPENSSL ciphers "SSLv3"` # double check that can actually do a sslv3 connection using # client-cert.pem to send but any file with EOF works - openssl s_client -ssl3 -no_ign_eof -host localhost -port $openssl_port < ./certs/client-cert.pem + $OPENSSL s_client -ssl3 -no_ign_eof -host localhost -port $openssl_port < ./certs/client-cert.pem sslv3_sup=$? if [ $sslv3_sup != 0 ] @@ -208,7 +211,7 @@ do fi ;; "1") - openssl_ciphers=`openssl ciphers "TLSv1"` + openssl_ciphers=`$OPENSSL ciphers "TLSv1"` tlsv1_sup=$? if [ $tlsv1_sup != 0 ] then @@ -218,7 +221,7 @@ do fi ;; "2") - openssl_ciphers=`openssl ciphers "TLSv1.1"` + openssl_ciphers=`$OPENSSL ciphers "TLSv1.1"` tlsv1_1_sup=$? if [ $tlsv1_1_sup != 0 ] then @@ -228,7 +231,7 @@ do fi ;; "3") - openssl_ciphers=`openssl ciphers "TLSv1.2"` + openssl_ciphers=`$OPENSSL ciphers "TLSv1.2"` tlsv1_2_sup=$? if [ $tlsv1_2_sup != 0 ] then @@ -238,7 +241,7 @@ do fi ;; "4") #test all suites - openssl_ciphers=`openssl ciphers "ALL"` + openssl_ciphers=`$OPENSSL ciphers "ALL"` all_sup=$? if [ $all_sup != 0 ] then diff --git a/scripts/psk.test b/scripts/psk.test index 01313b91b..d8a0c3d07 100755 --- a/scripts/psk.test +++ b/scripts/psk.test @@ -83,67 +83,40 @@ echo "" # client test against the server ############################### -# usual psk server / psk client -port=0 -./examples/server/server -j -R $ready_file -p $port & -server_pid=$! -create_port -./examples/client/client -s -p $port -RESULT=$? -remove_ready_file -if [ $RESULT -ne 0 ]; then - echo -e "\n\nClient connection failed" - do_cleanup - exit 1 -fi -echo "" +./examples/client/client -v 3 2>&1 | grep -- 'Bad SSL version' +if [ $? -ne 0 ]; then + # Usual server / client. This use case is tested in + # tests/unit.test and is used here for just checking if cipher suite + # is available (one case for example is with disable-asn) + port=0 + ./examples/server/server -R $ready_file -p $port -l DHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-DES-CBC3-SHA & + server_pid=$! + create_port + ./examples/client/client -p $port + RESULT=$? + remove_ready_file + # if fail here then is a settings issue so return 0 + if [ $RESULT -ne 0 ]; then + echo -e "\n\nIssue with choosen non PSK suites" + do_cleanup + exit 0 + fi + echo "" -# Usual server / client. This use case is tested in -# tests/unit.test and is used here for just checking if cipher suite -# is available (one case for example is with disable-asn) -port=0 -./examples/server/server -R $ready_file -p $port -l DHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-DES-CBC3-SHA & -server_pid=$! -create_port -./examples/client/client -p $port -RESULT=$? -remove_ready_file -# if fail here then is a settings issue so return 0 -if [ $RESULT -ne 0 ]; then - echo -e "\n\nIssue with choosen non PSK suites" - do_cleanup - exit 0 -fi -echo "" - -# psk server with non psk client -port=0 -./examples/server/server -j -R $ready_file -p $port & -server_pid=$! -create_port -./examples/client/client -p $port -RESULT=$? -remove_ready_file -if [ $RESULT -ne 0 ]; then - echo -e "\n\nClient connection failed" - do_cleanup - exit 1 -fi -echo "" - -# check fail if no auth, psk server with non psk client -echo "Checking fail when not sending peer cert" -port=0 -./examples/server/server -j -R $ready_file -p $port & -server_pid=$! -create_port -./examples/client/client -x -p $port -RESULT=$? -remove_ready_file -if [ $RESULT -eq 0 ]; then - echo -e "\n\nClient connected when supposed to fail" - do_cleanup - exit 1 + # check fail if no auth, psk server with non psk client + echo "Checking fail when not sending peer cert" + port=0 + ./examples/server/server -j -R $ready_file -p $port & + server_pid=$! + create_port + ./examples/client/client -x -p $port + RESULT=$? + remove_ready_file + if [ $RESULT -eq 0 ]; then + echo -e "\n\nClient connected when supposed to fail" + do_cleanup + exit 1 + fi fi echo -e "\nALL Tests Passed" diff --git a/scripts/tls13.test b/scripts/tls13.test index 368256963..8154d7fdd 100755 --- a/scripts/tls13.test +++ b/scripts/tls13.test @@ -14,12 +14,13 @@ counter=0 # also let's add some randomness by adding pid in case multiple 'make check's # per source tree ready_file=`pwd`/wolfssl_tls13_ready$$ +client_file=/tmp/wolfssl_tls13_client$$ echo "ready file $ready_file" create_port() { while [ ! -s $ready_file ]; do - if [ -a "$counter" -gt 50 ]; then + if [ "$counter" -gt 50 ]; then break fi echo -e "waiting for ready file..." @@ -54,6 +55,10 @@ do_cleanup() { kill -9 $server_pid fi remove_ready_file + if [ -e $client_file ]; then + echo -e "removing existing client file" + rm $client_file + fi } do_trap() { @@ -72,7 +77,7 @@ port=0 ./examples/server/server -v 4 -R $ready_file -p $port & server_pid=$! create_port -./examples/client/client -v 4 -p $port +./examples/client/client -v 4 -p $port | tee $client_file RESULT=$? remove_ready_file if [ $RESULT -ne 0 ]; then @@ -82,268 +87,6 @@ if [ $RESULT -ne 0 ]; then fi echo "" -# Usual TLS v1.3 server / TLS v1.3 client - fragment. -echo -e "\n\nTLS v1.3 server with TLS v1.3 client - fragment" -port=0 -./examples/server/server -v 4 -R $ready_file -p $port & -server_pid=$! -create_port -./examples/client/client -v 4 -F 1 -p $port -RESULT=$? -remove_ready_file -if [ $RESULT -ne 0 ]; then - echo -e "\n\nTLS v1.3 and fragments not working" - do_cleanup - exit 1 -fi -echo "" - -# Use HelloRetryRequest with TLS v1.3 server / TLS v1.3 client. -echo -e "\n\nTLS v1.3 HelloRetryRequest" -port=0 -./examples/server/server -v 4 -R $ready_file -p $port & -server_pid=$! -create_port -./examples/client/client -v 4 -J -p $port -RESULT=$? -remove_ready_file -if [ $RESULT -ne 0 ]; then - echo -e "\n\nTLS v1.3 HelloRetryRequest not working" - do_cleanup - exit 1 -fi -echo "" - -# Use HelloRetryRequest with TLS v1.3 server / TLS v1.3 client using cookie -echo -e "\n\nTLS v1.3 HelloRetryRequest with cookie" -port=0 -./examples/server/server -v 4 -J -R $ready_file -p $port & -server_pid=$! -create_port -./examples/client/client -v 4 -J -p $port -RESULT=$? -remove_ready_file -if [ $RESULT -ne 0 ]; then - echo -e "\n\nTLS v1.3 HelloRetryRequest with cookie not working" - do_cleanup - exit 1 -fi -echo "" - -# Use HelloRetryRequest with TLS v1.3 server / TLS v1.3 client - SHA384. -echo -e "\n\nTLS v1.3 HelloRetryRequest - SHA384" -port=0 -./examples/server/server -v 4 -l TLS13-AES256-GCM-SHA384 -R $ready_file -p $port & -server_pid=$! -create_port -./examples/client/client -v 4 -J -p $port -RESULT=$? -remove_ready_file -if [ $RESULT -ne 0 ]; then - echo -e "\n\nTLS v1.3 HelloRetryRequest with SHA384 not working" - do_cleanup - exit 1 -fi -echo "" - -# Resumption TLS v1.3 server / TLS v1.3 client. -echo -e "\n\nTLS v1.3 resumption" -port=0 -./examples/server/server -v 4 -r -R $ready_file -p $port & -server_pid=$! -create_port -./examples/client/client -v 4 -r -p $port -RESULT=$? -remove_ready_file -if [ $RESULT -ne 0 ]; then - echo -e "\n\nTLS v1.3 resumption not working" - do_cleanup - exit 1 -fi -echo "" - -# Resumption TLS v1.3 server / TLS v1.3 client - SHA384 -echo -e "\n\nTLS v1.3 resumption - SHA384" -port=0 -./examples/server/server -v 4 -l TLS13-AES256-GCM-SHA384 -r -R $ready_file -p $port & -server_pid=$! -create_port -./examples/client/client -v 4 -l TLS13-AES256-GCM-SHA384 -r -p $port -RESULT=$? -remove_ready_file -if [ $RESULT -ne 0 ]; then - echo -e "\n\nTLS v1.3 resumption with SHA384 not working" - do_cleanup - exit 1 -fi -echo "" - -./examples/client/client -v 4 -e 2>&1 | grep -- '-ECC' -if [ $? -eq 0 ]; then - # Usual TLS v1.3 server / TLS v1.3 client and ECC certificates. - echo -e "\n\nTLS v1.3 server with TLS v1.3 client - ECC certificates" - port=0 - ./examples/server/server -v 4 -A certs/client-ecc-cert.pem -c certs/server-ecc.pem -k certs/ecc-key.pem -R $ready_file -p $port & - server_pid=$! - create_port - ./examples/client/client -v 4 -A certs/ca-ecc-cert.pem -c certs/client-ecc-cert.pem -k certs/ecc-client-key.pem -p $port - RESULT=$? - remove_ready_file - if [ $RESULT -ne 0 ]; then - echo -e "\n\nTLS v1.3 ECC certificates not working" - do_cleanup - exit 1 - fi - echo "" -fi - -# Usual TLS v1.3 server / TLS v1.3 client and no client certificate. -echo -e "\n\nTLS v1.3 server with TLS v1.3 client - no client cretificate" -port=0 -./examples/server/server -v 4 -R $ready_file -p $port & -server_pid=$! -create_port -./examples/client/client -v 4 -x -p $port -RESULT=$? -remove_ready_file -if [ $RESULT -ne 0 ]; then - echo -e "\n\nTLS v1.3 and no client certificate not working" - do_cleanup - exit 1 -fi -echo "" - -# Usual TLS v1.3 server / TLS v1.3 client and DH Key. -echo -e "\n\nTLS v1.3 server with TLS v1.3 client - DH Key Exchange" -port=0 -./examples/server/server -v 4 -R $ready_file -p $port & -server_pid=$! -create_port -./examples/client/client -v 4 -y -p $port -RESULT=$? -remove_ready_file -if [ $RESULT -ne 0 ]; then - echo -e "\n\nTLS v1.3 DH Key Exchange not working" - do_cleanup - exit 1 -fi -echo "" - -# Usual TLS v1.3 server / TLS v1.3 client and ECC Key. -echo -e "\n\nTLS v1.3 server with TLS v1.3 client - ECC Key Exchange" -port=0 -./examples/server/server -v 4 -R $ready_file -p $port & -server_pid=$! -create_port -./examples/client/client -v 4 -Y -p $port -RESULT=$? -remove_ready_file -if [ $RESULT -ne 0 ]; then - echo -e "\n\nTLS v1.3 ECDH Key Exchange not working" - do_cleanup - exit 1 -fi -echo "" - -# TLS 1.3 cipher suites server / client. -echo -e "\n\nOnly TLS v1.3 cipher suites" -port=0 -./examples/server/server -v 4 -R $ready_file -p $port -l TLS13-AES128-GCM-SHA256:TLS13-AES256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES128-CCM-SHA256:TLS13-AES128-CCM-8-SHA256 & -server_pid=$! -create_port -./examples/client/client -v 4 -p $port -RESULT=$? -remove_ready_file -if [ $RESULT -ne 0 ]; then - echo -e "\n\nIssue with TLS v1.3 cipher suites - only TLS v1.3" - do_cleanup - exit 1 -fi -echo "" - -# TLS 1.3 cipher suites server / client. -echo -e "\n\nOnly TLS v1.3 cipher suite - AES128-GCM SHA-256" -port=0 -./examples/server/server -v 4 -R $ready_file -p $port -l TLS13-AES128-GCM-SHA256 & -server_pid=$! -create_port -./examples/client/client -v 4 -p $port -RESULT=$? -remove_ready_file -if [ $RESULT -ne 0 ]; then - echo -e "\n\nIssue with TLS v1.3 cipher suites - AES128-GCM SHA-256" - do_cleanup - exit 1 -fi -echo "" - -# TLS 1.3 cipher suites server / client. -echo -e "\n\nOnly TLS v1.3 cipher suite - AES256-GCM SHA-384" -port=0 -./examples/server/server -v 4 -R $ready_file -p $port -l TLS13-AES256-GCM-SHA384 & -server_pid=$! -create_port -./examples/client/client -v 4 -p $port -RESULT=$? -remove_ready_file -if [ $RESULT -ne 0 ]; then - echo -e "\n\nIssue with TLS v1.3 cipher suites - AES256-GCM SHA-384" - do_cleanup - exit 1 -fi -echo "" - -# TLS 1.3 cipher suites server / client. -echo -e "\n\nOnly TLS v1.3 cipher suite - CHACHA20-POLY1305 SHA-256" -port=0 -./examples/server/server -v 4 -R $ready_file -p $port -l TLS13-CHACHA20-POLY1305-SHA256 & -server_pid=$! -create_port -./examples/client/client -v 4 -p $port -RESULT=$? -remove_ready_file -if [ $RESULT -ne 0 ]; then - echo -e "\n\nIssue with TLS v1.3 cipher suites - CHACHA20-POLY1305 SHA-256" - do_cleanup - exit 1 -fi -echo "" - -./examples/client/client -v 4 -e 2>&1 | grep -- '-CCM' -if [ $? -eq 0 ]; then - # TLS 1.3 cipher suites server / client. - echo -e "\n\nOnly TLS v1.3 cipher suite - AES128-CCM SHA-256" - port=0 - ./examples/server/server -v 4 -R $ready_file -p $port -l TLS13-AES128-CCM-SHA256 & - server_pid=$! - create_port - ./examples/client/client -v 4 -p $port - RESULT=$? - remove_ready_file - if [ $RESULT -ne 0 ]; then - echo -e "\n\nIssue with TLS v1.3 cipher suites - AES128-CCM SHA-256" - do_cleanup - exit 1 - fi - echo "" - - # TLS 1.3 cipher suites server / client. - echo -e "\n\nOnly TLS v1.3 cipher suite - AES128-CCM-8 SHA-256" - port=0 - ./examples/server/server -v 4 -R $ready_file -p $port -l TLS13-AES128-CCM-8-SHA256 & - server_pid=$! - create_port - ./examples/client/client -v 4 -p $port - RESULT=$? - remove_ready_file - if [ $RESULT -ne 0 ]; then - echo -e "\n\nIssue with TLS v1.3 cipher suites - AES128-CCM-8 SHA-256" - do_cleanup - exit 1 - fi - echo "" -fi - # TLS 1.3 cipher suites server / client. echo -e "\n\nTLS v1.3 cipher suite mismatch" port=0 @@ -353,189 +96,48 @@ create_port ./examples/client/client -v 4 -p $port -l TLS13-AES256-GCM-SHA384 RESULT=$? remove_ready_file -if [ $RESULT -ne 1 ]; then +if [ $RESULT -eq 0 ]; then echo -e "\n\nIssue with mismatched TLS v1.3 cipher suites" do_cleanup exit 1 fi echo "" -# TLS 1.3 server / TLS 1.2 client. -echo -e "\n\nTLS v1.3 server downgrading to TLS v1.2" -port=0 -./examples/server/server -v 4 -R $ready_file -p $port & -server_pid=$! -create_port -./examples/client/client -v 3 -p $port -RESULT=$? -remove_ready_file -if [ $RESULT -eq 0 ]; then - echo -e "\n\nIssue with TLS v1.3 server downgrading to TLS v1.2" - do_cleanup - exit 1 -fi -echo "" -# TLS Downgrade server / TLS 1.2 client. -echo -e "\n\nTLS server downgrading to TLS v1.2" -port=0 -./examples/server/server -v d -R $ready_file -p $port & -server_pid=$! -create_port -./examples/client/client -v 3 -p $port -RESULT=$? -remove_ready_file -if [ $RESULT -ne 0 ]; then - echo -e "\n\nIssue with TLS server downgrading to TLS v1.2" - do_cleanup - exit 1 -fi -echo "" +./examples/client/client -v 3 2>&1 | grep -- 'Bad SSL version' +if [ $? -ne 0 ]; then + # TLS 1.3 server / TLS 1.2 client. + echo -e "\n\nTLS v1.3 server downgrading to TLS v1.2" + port=0 + ./examples/server/server -v 4 -R $ready_file -p $port & + server_pid=$! + create_port + ./examples/client/client -v 3 -p $port + RESULT=$? + remove_ready_file + if [ $RESULT -eq 0 ]; then + echo -e "\n\nIssue with TLS v1.3 server downgrading to TLS v1.2" + do_cleanup + exit 1 + fi + echo "" -# TLS 1.2 server / TLS 1.3 client. -echo -e "\n\nTLS v1.3 client upgrading server to TLS v1.3" -port=0 -./examples/server/server -v 3 -R $ready_file -p $port & -server_pid=$! -create_port -./examples/client/client -v 4 -p $port -RESULT=$? -remove_ready_file -if [ $RESULT -eq 0 ]; then - echo -e "\n\nIssue with TLS v1.3 client upgrading server to TLS v1.3" - do_cleanup - exit 1 + # TLS 1.2 server / TLS 1.3 client. + echo -e "\n\nTLS v1.3 client upgrading server to TLS v1.3" + port=0 + ./examples/server/server -v 3 -R $ready_file -p $port & + server_pid=$! + create_port + ./examples/client/client -v 4 -p $port + RESULT=$? + remove_ready_file + if [ $RESULT -eq 0 ]; then + echo -e "\n\nIssue with TLS v1.3 client upgrading server to TLS v1.3" + do_cleanup + exit 1 + fi + echo "" fi -echo "" - -# TLS 1.2 server / TLS downgrade client. -echo -e "\n\nTLS client downgrading to TLS v1.2" -port=0 -./examples/server/server -v 3 -R $ready_file -p $port & -server_pid=$! -create_port -./examples/client/client -v d -p $port -RESULT=$? -remove_ready_file -if [ $RESULT -ne 0 ]; then - echo -e "\n\nIssue with TLS client downgrading to TLS v1.2" - do_cleanup - exit 1 -fi -echo "" - -# TLS Downgrade server / TLS Downgrade client. -echo -e "\n\nTLS server and client able to downgrade but don't" -port=0 -./examples/server/server -v d -R $ready_file -p $port & -server_pid=$! -create_port -./examples/client/client -v d -p $port -RESULT=$? -remove_ready_file -if [ $RESULT -ne 0 ]; then - echo -e "\n\nIssue with TLS not downgrading" - do_cleanup - exit 1 -fi -echo "" - -# TLS Downgrade server / TLS Downgrade client resumption. -echo -e "\n\nTLS server and client able to downgrade but don't and resume" -port=0 -./examples/server/server -v d -r -R $ready_file -p $port & -server_pid=$! -create_port -./examples/client/client -v d -r -p $port -RESULT=$? -remove_ready_file -if [ $RESULT -ne 0 ]; then - echo -e "\n\nIssue with TLS not downgrading and resumption" - do_cleanup - exit 1 -fi -echo "" - -# TLS Downgrade server / TLS 1.2 client and resume. -echo -e "\n\nTLS server downgrade and resume" -port=0 -./examples/server/server -v d -r -R $ready_file -p $port & -server_pid=$! -create_port -./examples/client/client -v 3 -r -p $port -RESULT=$? -remove_ready_file -if [ $RESULT -ne 0 ]; then - echo -e "\n\nIssue with TLS server downgrading and resumption" - do_cleanup - exit 1 -fi -echo "" - -# TLS 1.2 server / TLS downgrade client and resume. -echo -e "\n\nTLS client downgrade and resume" -port=0 -./examples/server/server -v 3 -r -R $ready_file -p $port & -server_pid=$! -create_port -./examples/client/client -v d -r -p $port -RESULT=$? -remove_ready_file -if [ $RESULT -ne 0 ]; then - echo -e "\n\nIssue with TLS client downgrading and resumption" - do_cleanup - exit 1 -fi -echo "" - -# TLS Downgrade server / TLS Downgrade client. -# TLS 1.3 server / TLS 1.3 client send KeyUpdate before sending app data. -echo -e "\n\nTLS v1.3 KeyUpdate" -port=0 -./examples/server/server -v 4 -U -R $ready_file -p $port & -server_pid=$! -create_port -./examples/client/client -v 4 -I -p $port -RESULT=$? -remove_ready_file -if [ $RESULT -ne 0 ]; then - echo -e "\n\nIssue with TLS v1.3 KeyUpdate" - do_cleanup - exit 1 -fi -echo "" - -# TLS 1.3 server / TLS 1.3 client - don't use (EC)DHE with PSK. -echo -e "\n\nTLS v1.3 PSK without (EC)DHE" -port=0 -./examples/server/server -v 4 -r -R $ready_file -p $port & -server_pid=$! -create_port -./examples/client/client -v 4 -r -K -p $port -RESULT=$? -remove_ready_file -if [ $RESULT -ne 0 ]; then - echo -e "\n\nIssue with TLS v1.3 PSK without (EC)DHE" - do_cleanup - exit 1 -fi -echo "" - -# TLS 1.3 server / TLS 1.3 client and Post-Handshake Authentication. -echo -e "\n\nTLS v1.3 Post-Handshake Authentication" -port=0 -./examples/server/server -v 4 -Q -R $ready_file -p $port & -server_pid=$! -create_port -./examples/client/client -v 4 -Q -p $port -RESULT=$? -remove_ready_file -if [ $RESULT -ne 0 ]; then - echo -e "\n\nIssue with TLS v1.3 Post-Handshake Auth" - do_cleanup - exit 1 -fi -echo "" echo -e "\nALL Tests Passed" diff --git a/src/internal.c b/src/internal.c index 6df5dd578..a65b2365c 100644 --- a/src/internal.c +++ b/src/internal.c @@ -85,6 +85,8 @@ WOLFSSL_CALLBACKS needs LARGE_STATIC_BUFFERS, please add LARGE_STATIC_BUFFERS #error Cannot use both secure-renegotiation and renegotiation-indication #endif +#ifndef WOLFSSL_NO_TLS12 + #ifndef NO_WOLFSSL_CLIENT static int DoHelloVerifyRequest(WOLFSSL* ssl, const byte* input, word32*, word32); @@ -112,6 +114,7 @@ WOLFSSL_CALLBACKS needs LARGE_STATIC_BUFFERS, please add LARGE_STATIC_BUFFERS #endif /* WOLFSSL_DTLS */ #endif +#endif /* !WOLFSSL_NO_TLS12 */ #ifdef WOLFSSL_DTLS static INLINE int DtlsCheckWindow(WOLFSSL* ssl); @@ -132,6 +135,8 @@ enum processReply { }; +#ifndef WOLFSSL_NO_TLS12 + /* Server random bytes for TLS v1.3 described downgrade protection mechanism. */ static const byte tls13Downgrade[7] = { 0x44, 0x4f, 0x47, 0x4e, 0x47, 0x52, 0x44 @@ -145,6 +150,8 @@ static int SSL_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, #endif +#endif /* !WOLFSSL_NO_TLS12 */ + #ifdef HAVE_QSH int QSH_Init(WOLFSSL* ssl); #endif @@ -176,7 +183,6 @@ int IsAtLeastTLSv1_3(const ProtocolVersion pv) return (pv.major == SSLv3_MAJOR && pv.minor >= TLSv1_3_MINOR); } - static INLINE int IsEncryptionOn(WOLFSSL* ssl, int isSend) { (void)isSend; @@ -1832,6 +1838,45 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, if (suites->setSuites) return; /* trust user settings, don't override */ +#ifdef WOLFSSL_TLS13 +#ifdef BUILD_TLS_AES_128_GCM_SHA256 + if (tls1_3) { + suites->suites[idx++] = TLS13_BYTE; + suites->suites[idx++] = TLS_AES_128_GCM_SHA256; + } +#endif + +#ifdef BUILD_TLS_AES_256_GCM_SHA384 + if (tls1_3) { + suites->suites[idx++] = TLS13_BYTE; + suites->suites[idx++] = TLS_AES_256_GCM_SHA384; + } +#endif + +#ifdef BUILD_TLS_CHACHA20_POLY1305_SHA256 + if (tls1_3) { + suites->suites[idx++] = TLS13_BYTE; + suites->suites[idx++] = TLS_CHACHA20_POLY1305_SHA256; + } +#endif + +#ifdef BUILD_TLS_AES_128_CCM_SHA256 + if (tls1_3) { + suites->suites[idx++] = TLS13_BYTE; + suites->suites[idx++] = TLS_AES_128_CCM_SHA256; + } +#endif + +#ifdef BUILD_TLS_AES_128_CCM_8_SHA256 + if (tls1_3) { + suites->suites[idx++] = TLS13_BYTE; + suites->suites[idx++] = TLS_AES_128_CCM_8_SHA256; + } +#endif +#endif /* WOLFSSL_TLS13 */ + +#ifndef WOLFSSL_NO_TLS12 + #ifndef NO_WOLFSSL_SERVER if (side == WOLFSSL_SERVER_END && haveStaticECC) { haveRSA = 0; /* can't do RSA with ECDSA key */ @@ -1895,43 +1940,6 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, } #endif -#ifdef WOLFSSL_TLS13 -#ifdef BUILD_TLS_AES_128_GCM_SHA256 - if (tls1_3) { - suites->suites[idx++] = TLS13_BYTE; - suites->suites[idx++] = TLS_AES_128_GCM_SHA256; - } -#endif - -#ifdef BUILD_TLS_AES_256_GCM_SHA384 - if (tls1_3) { - suites->suites[idx++] = TLS13_BYTE; - suites->suites[idx++] = TLS_AES_256_GCM_SHA384; - } -#endif - -#ifdef BUILD_TLS_CHACHA20_POLY1305_SHA256 - if (tls1_3) { - suites->suites[idx++] = TLS13_BYTE; - suites->suites[idx++] = TLS_CHACHA20_POLY1305_SHA256; - } -#endif - -#ifdef BUILD_TLS_AES_128_CCM_SHA256 - if (tls1_3) { - suites->suites[idx++] = TLS13_BYTE; - suites->suites[idx++] = TLS_AES_128_CCM_SHA256; - } -#endif - -#ifdef BUILD_TLS_AES_128_CCM_8_SHA256 - if (tls1_3) { - suites->suites[idx++] = TLS13_BYTE; - suites->suites[idx++] = TLS_AES_128_CCM_8_SHA256; - } -#endif -#endif /* WOLFSSL_TLS13 */ - #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 if (tls1_2 && haveECC) { suites->suites[idx++] = ECC_BYTE; @@ -2681,6 +2689,8 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, } #endif +#endif /* !WOLFSSL_NO_TLS12 */ + suites->suiteSz = idx; InitSuitesHashSigAlgo(suites, haveECDSAsig, haveRSAsig, 0, tls1_2, keySz); @@ -2724,8 +2734,10 @@ static INLINE void DecodeSigAlg(const byte* input, byte* hashAlgo, byte* hsType) } #endif /* !NO_WOLFSSL_SERVER || !NO_CERTS */ +#ifndef WOLFSSL_NO_TLS12 + #if !defined(NO_DH) || defined(HAVE_ECC) || \ - (!defined(NO_RSA) && defined(WC_RSA_PSS)) + (!defined(NO_RSA) && defined(WC_RSA_PSS)) static enum wc_HashType HashAlgoToType(int hashAlgo) { @@ -2757,6 +2769,8 @@ static enum wc_HashType HashAlgoToType(int hashAlgo) #endif /* !NO_DH || HAVE_ECC || (!NO_RSA && WC_RSA_PSS) */ +#endif + #ifndef NO_CERTS @@ -2889,7 +2903,7 @@ static INLINE void EncodeSigAlg(byte hashAlgo, byte hsType, byte* output) (void)output; } -#if !defined(WOLFSSL_NO_CLIENT_AUTH) +#if !defined(WOLFSSL_NO_TLS12) && !defined(WOLFSSL_NO_CLIENT_AUTH) static void SetDigest(WOLFSSL* ssl, int hashAlgo) { switch (hashAlgo) { @@ -2919,10 +2933,11 @@ static void SetDigest(WOLFSSL* ssl, int hashAlgo) #endif /* WOLFSSL_SHA512 */ } /* switch */ } -#endif /* !WOLFSSL_NO_CLIENT_AUTH */ +#endif /* !WOLFSSL_NO_TLS12 && !WOLFSSL_NO_CLIENT_AUTH */ #endif /* !NO_CERTS */ #ifndef NO_RSA +#ifndef WOLFSSL_NO_TLS12 static int TypeHash(int hashAlgo) { switch (hashAlgo) { @@ -2946,6 +2961,7 @@ static int TypeHash(int hashAlgo) return 0; } +#endif /* !WOLFSSL_NO_TLS12 */ #if defined(WC_RSA_PSS) int ConvertHashPss(int hashAlgo, enum wc_HashType* hashType, int* mgf) @@ -3250,6 +3266,8 @@ int VerifyRsaSign(WOLFSSL* ssl, byte* verifySig, word32 sigSz, return ret; } +#ifndef WOLFSSL_NO_TLS12 + int RsaDec(WOLFSSL* ssl, byte* in, word32 inSz, byte** out, word32* outSz, RsaKey* key, DerBuffer* keyBufInfo, void* ctx) { @@ -3367,6 +3385,8 @@ int RsaEnc(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out, word32* outSz, return ret; } +#endif /* !WOLFSSL_NO_TLS12 */ + #endif /* NO_RSA */ #ifdef HAVE_ECC @@ -3803,6 +3823,8 @@ int Ed25519Verify(WOLFSSL* ssl, const byte* in, word32 inSz, const byte* msg, } #endif /* HAVE_ED25519 */ +#ifndef WOLFSSL_NO_TLS12 + #ifdef HAVE_CURVE25519 #ifdef HAVE_PK_CALLBACKS /* Gets X25519 key for shared secret callback testing @@ -4003,6 +4025,8 @@ int DhAgree(WOLFSSL* ssl, DhKey* dhKey, #endif /* !NO_DH */ #endif /* !NO_CERTS || !NO_PSK */ +#endif /* !WOLFSSL_NO_TLS12 */ + #ifdef HAVE_PK_CALLBACKS int wolfSSL_CTX_IsPrivatePkSet(WOLFSSL_CTX* ctx) @@ -4504,7 +4528,7 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) #ifndef NO_OLD_TLS ssl->hmac = SSL_hmac; /* default to SSLv3 */ - #else + #elif !defined(WOLFSSL_NO_TLS12) ssl->hmac = TLS_hmac; #endif @@ -5864,6 +5888,8 @@ ProtocolVersion MakeDTLSv1(void) return pv; } +#ifndef WOLFSSL_NO_TLS12 + ProtocolVersion MakeDTLSv1_2(void) { ProtocolVersion pv; @@ -5873,6 +5899,8 @@ ProtocolVersion MakeDTLSv1_2(void) return pv; } +#endif /* !WOLFSSL_NO_TLS12 */ + #endif /* WOLFSSL_DTLS */ @@ -6295,6 +6323,7 @@ static void AddRecordHeader(byte* output, word32 length, byte type, WOLFSSL* ssl } +#if !defined(WOLFSSL_NO_TLS12) || defined(HAVE_SESSION_TICKET) /* add handshake header for message */ static void AddHandShakeHeader(byte* output, word32 length, word32 fragOffset, word32 fragLength, @@ -6325,7 +6354,6 @@ static void AddHandShakeHeader(byte* output, word32 length, #endif } - /* add both headers for handshake message */ static void AddHeaders(byte* output, word32 length, byte type, WOLFSSL* ssl) { @@ -6342,8 +6370,10 @@ static void AddHeaders(byte* output, word32 length, byte type, WOLFSSL* ssl) AddRecordHeader(output, length + lengthAdj, handshake, ssl); AddHandShakeHeader(output + outputAdj, length, 0, length, type, ssl); } +#endif /* !WOLFSSL_NO_TLS12 || HAVE_SESSION_TICKET */ +#ifndef WOLFSSL_NO_TLS12 #ifndef NO_CERTS static void AddFragHeaders(byte* output, word32 fragSz, word32 fragOffset, word32 length, byte type, WOLFSSL* ssl) @@ -6363,6 +6393,7 @@ static void AddFragHeaders(byte* output, word32 fragSz, word32 fragOffset, AddHandShakeHeader(output + outputAdj, length, fragOffset, fragSz, type, ssl); } #endif /* NO_CERTS */ +#endif /* !WOLFSSL_NO_TLS12 */ /* return bytes received, -1 on error */ @@ -6810,7 +6841,7 @@ static int GetRecordHeader(WOLFSSL* ssl, const byte* input, word32* inOutIdx, return 0; } - +#ifndef WOLFSSL_NO_TLS12 static int GetHandShakeHeader(WOLFSSL* ssl, const byte* input, word32* inOutIdx, byte *type, word32 *size, word32 totalSz) { @@ -6826,7 +6857,7 @@ static int GetHandShakeHeader(WOLFSSL* ssl, const byte* input, word32* inOutIdx, return 0; } - +#endif #ifdef WOLFSSL_DTLS static int GetDtlsHandShakeHeader(WOLFSSL* ssl, const byte* input, @@ -6985,6 +7016,8 @@ static int BuildSHA(WOLFSSL* ssl, Hashes* hashes, const byte* sender) } #endif +#ifndef WOLFSSL_NO_TLS12 + /* Finished doesn't support SHA512, not SHA512 cipher suites yet */ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) { @@ -7043,6 +7076,7 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) return ret; } +#endif /* WOLFSSL_NO_TLS12 */ /* cipher requirements */ enum { @@ -7063,6 +7097,10 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) static int CipherRequires(byte first, byte second, int requirement) { + (void)requirement; + +#ifndef WOLFSSL_NO_TLS12 + if (first == CHACHA_BYTE) { switch (second) { @@ -7350,6 +7388,8 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) } /* switch */ } /* if */ +#endif /* !WOLFSSL_NO_TLS12 */ + /* Distinct TLS v1.3 cipher suites with cipher and digest only. */ if (first == TLS13_BYTE) { @@ -7370,6 +7410,8 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) } } +#ifndef WOLFSSL_NO_TLS12 + if (first != ECC_BYTE && first != CHACHA_BYTE && first != TLS13_BYTE) { /* normal suites */ switch (second) { @@ -7586,6 +7628,8 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) } /* switch */ } /* if ECC / Normal suites else */ +#endif /* !WOLFSSL_NO_TLS12 */ + return 0; } @@ -9501,6 +9545,8 @@ exit_ppc: return ret; } +#ifndef WOLFSSL_NO_TLS12 + /* handle processing of certificate (11) */ static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx, word32 size) @@ -9736,8 +9782,11 @@ static int DoCertificateStatus(WOLFSSL* ssl, byte* input, word32* inOutIdx, return ret; } +#endif /* !WOLFSSL_NO_TLS12 */ + #endif /* !NO_CERTS */ +#ifndef WOLFSSL_NO_TLS12 static int DoHelloRequest(WOLFSSL* ssl, const byte* input, word32* inOutIdx, word32 size, word32 totalSz) @@ -10484,6 +10533,8 @@ static int DoHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx, return ret; } +#endif /* !WOLFSSL_NO_TLS12 */ + #ifdef WOLFSSL_DTLS static INLINE int DtlsCheckWindow(WOLFSSL* ssl) @@ -10866,6 +10917,7 @@ static int DoDtlsHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx, } #endif +#ifndef WOLFSSL_NO_TLS12 #ifdef HAVE_AEAD static INLINE void AeadIncrementExpIV(WOLFSSL* ssl) @@ -11753,6 +11805,8 @@ static INLINE int Decrypt(WOLFSSL* ssl, byte* plain, const byte* input, return ret; } +#endif /* !WOLFSSL_NO_TLS12 */ + /* Check conditions for a cipher to have an explicit IV. * * ssl The SSL/TLS object. @@ -11806,7 +11860,6 @@ static int SanityCheckCipherText(WOLFSSL* ssl, word32 encryptSz) return 0; } - #ifndef NO_OLD_TLS static INLINE void Md5Rounds(int rounds, const byte* data, int sz) @@ -11837,6 +11890,7 @@ static INLINE void ShaRounds(int rounds, const byte* data, int sz) } #endif +#ifndef WOLFSSL_NO_TLS12 #ifndef NO_SHA256 @@ -11894,7 +11948,6 @@ static INLINE void Sha512Rounds(int rounds, const byte* data, int sz) #endif - #ifdef WOLFSSL_RIPEMD static INLINE void RmdRounds(int rounds, const byte* data, int sz) @@ -12062,6 +12115,8 @@ static int TimingPadVerify(WOLFSSL* ssl, const byte* input, int padLen, int t, return ret; } +#endif /* WOLFSSL_NO_TLS12 */ + int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx) { @@ -12273,6 +12328,7 @@ static int GetInputData(WOLFSSL *ssl, word32 size) static INLINE int VerifyMac(WOLFSSL* ssl, const byte* input, word32 msgSz, int content, word32* padSz) { +#ifndef WOLFSSL_NO_TLS12 int ivExtra = 0; int ret; word32 pad = 0; @@ -12285,6 +12341,7 @@ static INLINE int VerifyMac(WOLFSSL* ssl, const byte* input, word32 msgSz, #endif byte verify[WC_MAX_DIGEST_SIZE]; + if (ssl->specs.cipher_type == block) { if (ssl->options.tls1_1) ivExtra = ssl->specs.block_size; @@ -12329,12 +12386,20 @@ static INLINE int VerifyMac(WOLFSSL* ssl, const byte* input, word32 msgSz, return VERIFY_MAC_ERROR; } +#endif /* WOLFSSL_NO_TLS12 */ + if (ssl->specs.cipher_type == aead) { *padSz = ssl->specs.aead_mac_size; } +#ifndef WOLFSSL_NO_TLS12 else { *padSz = digestSz + pad + padByte; } +#endif /* WOLFSSL_NO_TLS12 */ + + (void)input; + (void)msgSz; + (void)content; return 0; } @@ -12553,13 +12618,18 @@ int ProcessReply(WOLFSSL* ssl) } else { if (!ssl->options.tls1_3) { + #ifndef WOLFSSL_NO_TLS12 ret = Decrypt(ssl, in->buffer + in->idx, in->buffer + in->idx, ssl->curSize); + #else + ret = DECRYPT_ERROR; + #endif } - else { - #ifdef WOLFSSL_TLS13 + else + { + #ifdef WOLFSSL_TLS13 #if defined(WOLFSSL_TLS13_DRAFT_18) || \ defined(WOLFSSL_TLS13_DRAFT_22) || \ defined(WOLFSSL_TLS13_DRAFT_23) @@ -12574,9 +12644,9 @@ int ProcessReply(WOLFSSL* ssl) ssl->curSize, (byte*)&ssl->curRL, RECORD_HEADER_SZ); #endif - #else + #else ret = DECRYPT_ERROR; - #endif /* WOLFSSL_TLS13 */ + #endif /* WOLFSSL_TLS13 */ } } @@ -12586,12 +12656,14 @@ int ProcessReply(WOLFSSL* ssl) #endif if (ret >= 0) { + #ifndef WOLFSSL_NO_TLS12 /* handle success */ if (ssl->options.tls1_1 && ssl->specs.cipher_type == block) ssl->buffers.inputBuffer.idx += ssl->specs.block_size; /* go past TLSv1.1 IV */ if (CipherHasExpIV(ssl)) ssl->buffers.inputBuffer.idx += AESGCM_EXP_IV_SZ; + #endif } else { WOLFSSL_MSG("Decrypt failed"); @@ -12712,10 +12784,14 @@ int ProcessReply(WOLFSSL* ssl) #endif } else if (!IsAtLeastTLSv1_3(ssl->version)) { +#ifndef WOLFSSL_NO_TLS12 ret = DoHandShakeMsg(ssl, ssl->buffers.inputBuffer.buffer, &ssl->buffers.inputBuffer.idx, ssl->buffers.inputBuffer.length); +#else + ret = BUFFER_ERROR; +#endif } else { #ifdef WOLFSSL_TLS13 @@ -12780,6 +12856,7 @@ int ProcessReply(WOLFSSL* ssl) #endif #endif +#ifndef WOLFSSL_NO_TLS12 ret = SanityCheckMsgReceived(ssl, change_cipher_hs); if (ret != 0) { if (!ssl->options.dtls) { @@ -12864,6 +12941,7 @@ int ProcessReply(WOLFSSL* ssl) server : client); if (ret != 0) return ret; +#endif /* !WOLFSSL_NO_TLS12 */ break; case application_data: @@ -13298,8 +13376,9 @@ int BuildCertHashes(WOLFSSL* ssl, Hashes* hashes) return ret; } -#endif /* WOLFSSL_LEANPSK */ +#endif /* !NO_CERTS */ +#ifndef WOLFSSL_NO_TLS12 /* Persistable BuildMessage arguments */ typedef struct BuildMsgArgs { word32 digestSz; @@ -13321,11 +13400,13 @@ static void FreeBuildMsgArgs(WOLFSSL* ssl, void* pArgs) /* no allocations in BuildMessage */ } +#endif /* Build SSL Message, encrypted */ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input, int inSz, int type, int hashOutput, int sizeOnly, int asyncOkay) { +#ifndef WOLFSSL_NO_TLS12 int ret = 0; BuildMsgArgs* args; BuildMsgArgs lcl_args; @@ -13333,6 +13414,7 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input, args = (BuildMsgArgs*)ssl->async.args; typedef char args_test[sizeof(ssl->async.args) >= sizeof(*args) ? 1 : -1]; (void)sizeof(args_test); +#endif #endif WOLFSSL_ENTER("BuildMessage"); @@ -13341,6 +13423,10 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input, return BAD_FUNC_ARG; } +#ifdef WOLFSSL_NO_TLS12 + return BuildTls13Message(ssl, output, outSz, input, inSz, type, + hashOutput, sizeOnly, asyncOkay); +#else #ifdef WOLFSSL_TLS13 if (ssl->options.tls1_3) { return BuildTls13Message(ssl, output, outSz, input, inSz, type, @@ -13575,8 +13661,10 @@ exit_buildmsg: FreeBuildMsgArgs(ssl, args); return ret; +#endif /* !WOLFSSL_NO_TLS12 */ } +#ifndef WOLFSSL_NO_TLS12 int SendFinished(WOLFSSL* ssl) { @@ -14548,6 +14636,7 @@ int SendCertificateStatus(WOLFSSL* ssl) #endif /* !NO_CERTS */ +#endif /* WOLFSSL_NO_TLS12 */ int SendData(WOLFSSL* ssl, const void* data, int sz) { @@ -15356,6 +15445,8 @@ void SetErrorString(int error, char* str) static const CipherSuiteInfo cipher_names[] = { +#ifndef WOLFSSL_NO_TLS12 + #ifdef BUILD_SSL_RSA_WITH_RC4_128_SHA {"RC4-SHA", NAME_IANA("SSL_RSA_WITH_RC4_128_SHA"), CIPHER_BYTE, SSL_RSA_WITH_RC4_128_SHA}, #endif @@ -15800,6 +15891,12 @@ static const CipherSuiteInfo cipher_names[] = {"EDH-RSA-DES-CBC3-SHA", NAME_IANA("TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA"), CIPHER_BYTE, TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA}, #endif +#ifdef BUILD_WDM_WITH_NULL_SHA256 + {"WDM-NULL-SHA256", NAME_IANA("WDM_WITH_NULL_SHA256"), CIPHER_BYTE, WDM_WITH_NULL_SHA256}, +#endif + +#endif /* WOLFSSL_NO_TLS12 */ + #ifdef BUILD_TLS_AES_128_GCM_SHA256 {"TLS13-AES128-GCM-SHA256", NAME_IANA("TLS_AES_128_GCM_SHA256"), TLS13_BYTE, TLS_AES_128_GCM_SHA256}, #endif @@ -15819,10 +15916,6 @@ static const CipherSuiteInfo cipher_names[] = #ifdef BUILD_TLS_AES_128_CCM_8_SHA256 {"TLS13-AES128-CCM-8-SHA256", NAME_IANA("TLS_AES_128_CCM_8_SHA256"), TLS13_BYTE, TLS_AES_128_CCM_8_SHA256}, #endif - -#ifdef BUILD_WDM_WITH_NULL_SHA256 - {"WDM-NULL-SHA256", NAME_IANA("WDM_WITH_NULL_SHA256"), CIPHER_BYTE, WDM_WITH_NULL_SHA256}, -#endif }; #undef NAME_IANA @@ -16038,6 +16131,7 @@ void PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, ssl->suites->sigAlgo = ssl->buffers.keyType; #endif } +#ifndef WOLFSSL_NO_TLS12 else if (IsAtLeastTLSv1_2(ssl)) { #ifdef WOLFSSL_ALLOW_TLS_SHA1 ssl->suites->hashAlgo = sha_mac; @@ -16048,6 +16142,7 @@ void PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, else { ssl->suites->hashAlgo = sha_mac; } +#endif /* i+1 since peek a byte ahead for type */ for (i = 0; (i+1) < hashSigAlgoSz; i += HELLO_EXT_SIGALGO_SZ) { @@ -16288,10 +16383,11 @@ void PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, #endif /* WOLFSSL_CALLBACKS */ - /* client only parts */ #ifndef NO_WOLFSSL_CLIENT +#ifndef WOLFSSL_NO_TLS12 + /* handle generation of client_hello (1) */ int SendClientHello(WOLFSSL* ssl) { @@ -17006,6 +17102,8 @@ void PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, return SetCipherSpecs(ssl); } +#endif /* WOLFSSL_NO_TLS12 */ + /* Make sure client setup is valid for this suite, true on success */ int VerifyClientSuite(WOLFSSL* ssl) @@ -17031,6 +17129,7 @@ void PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, return 1; /* success */ } +#ifndef WOLFSSL_NO_TLS12 #ifndef NO_CERTS /* handle processing of certificate_request (13) */ @@ -19609,6 +19708,7 @@ exit_scke: return ret; } +#endif /* !WOLFSSL_NO_TLS12 */ #ifndef NO_CERTS @@ -19791,6 +19891,7 @@ exit_dpk: return ret; } +#ifndef WOLFSSL_NO_TLS12 #ifndef WOLFSSL_NO_CLIENT_AUTH typedef struct ScvArgs { @@ -20260,6 +20361,8 @@ exit_scv: } #endif /* WOLFSSL_NO_CLIENT_AUTH */ +#endif /* WOLFSSL_NO_TLS12 */ + #endif /* NO_CERTS */ @@ -20300,6 +20403,8 @@ int SetTicket(WOLFSSL* ssl, const byte* ticket, word32 length) return 0; } +#ifndef WOLFSSL_NO_TLS12 + /* handle processing of session_ticket (4) */ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, word32 size) @@ -20347,12 +20452,17 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, return 0; } + +#endif /* !WOLFSSL_NO_TLS12 */ + #endif /* HAVE_SESSION_TICKET */ #endif /* NO_WOLFSSL_CLIENT */ #ifndef NO_WOLFSSL_SERVER +#ifndef WOLFSSL_NO_TLS12 + /* handle generation of server_hello (2) */ int SendServerHello(WOLFSSL* ssl) { @@ -22133,6 +22243,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, #endif +#endif /* !WOLFSSL_NO_TLS12 */ + /* Make sure server cert/key are valid for this suite, true on success */ static int VerifyServerSuite(WOLFSSL* ssl, word16 idx) { @@ -22528,6 +22640,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, #endif /* OLD_HELLO_ALLOWED */ +#ifndef WOLFSSL_NO_TLS12 + int HandleTlsResumption(WOLFSSL* ssl, int bogusID, Suites* clSuites) { int ret = 0; @@ -23509,6 +23623,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, return ret; } +#endif /* !WOLFSSL_NO_TLS12 */ #ifdef HAVE_SESSION_TICKET @@ -23807,6 +23922,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, #endif /* HAVE_SESSION_TICKET */ +#ifndef WOLFSSL_NO_TLS12 #ifdef WOLFSSL_DTLS /* handle generation of DTLS hello_verify_request (3) */ @@ -24956,6 +25072,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, return ret; } +#endif /* !WOLFSSL_NO_TLS12 */ #if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \ defined(WOLFSSL_HAPROXY) diff --git a/src/keys.c b/src/keys.c index 3418da2a1..d4211a382 100644 --- a/src/keys.c +++ b/src/keys.c @@ -2125,7 +2125,9 @@ int SetCipherSpecs(WOLFSSL* ssl) if (ssl->version.major == 3 && ssl->version.minor >= 1) { #ifndef NO_TLS ssl->options.tls = 1; + #ifndef WOLFSSL_NO_TLS12 ssl->hmac = TLS_hmac; + #endif if (ssl->version.minor >= 2) { ssl->options.tls1_1 = 1; if (ssl->version.minor >= 4) @@ -3440,14 +3442,14 @@ int MakeMasterSecret(WOLFSSL* ssl) } #endif -#ifdef NO_OLD_TLS - return MakeTlsMasterSecret(ssl); -#elif !defined(NO_TLS) - if (ssl->options.tls) return MakeTlsMasterSecret(ssl); -#endif - #ifndef NO_OLD_TLS + if (ssl->options.tls) return MakeTlsMasterSecret(ssl); return MakeSslMasterSecret(ssl); +#elif !defined(WOLFSSL_NO_TLS12) + return MakeTlsMasterSecret(ssl); +#else + (void)ssl; + return 0; #endif } diff --git a/src/ssl.c b/src/ssl.c index 5c7ba8b8f..3bebd01d6 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -564,11 +564,16 @@ int NotifyWriteSide(WOLFSSL* ssl, int err) /* set if to use old poly 1 for yes 0 to use new poly */ int wolfSSL_use_old_poly(WOLFSSL* ssl, int value) { + (void)ssl; + (void)value; + +#ifndef WOLFSSL_NO_TLS12 WOLFSSL_ENTER("SSL_use_old_poly"); WOLFSSL_MSG("Warning SSL connection auto detects old/new and this function" "is depriciated"); ssl->options.oldPoly = (word16)value; WOLFSSL_LEAVE("SSL_use_old_poly", 0); +#endif return 0; } #endif @@ -3455,10 +3460,17 @@ static int SetMinVersionHelper(byte* minVersion, int version) *minVersion = TLSv1_1_MINOR; break; #endif + #ifndef WOLFSSL_NO_TLS12 case WOLFSSL_TLSV1_2: *minVersion = TLSv1_2_MINOR; break; + #endif #endif + #ifdef WOLFSSL_TLS13 + case WOLFSSL_TLSV1_3: + *minVersion = TLSv1_3_MINOR; + break; + #endif default: WOLFSSL_MSG("Bad function argument"); @@ -3555,9 +3567,11 @@ int wolfSSL_SetVersion(WOLFSSL* ssl, int version) ssl->version = MakeTLSv1_1(); break; #endif + #ifndef WOLFSSL_NO_TLS12 case WOLFSSL_TLSV1_2: ssl->version = MakeTLSv1_2(); break; + #endif #endif #ifdef WOLFSSL_TLS13 case WOLFSSL_TLSV1_3: @@ -5021,14 +5035,18 @@ static INLINE WOLFSSL_METHOD* cm_pick_method(void) #ifndef NO_WOLFSSL_CLIENT #if defined(WOLFSSL_ALLOW_SSLV3) && !defined(NO_OLD_TLS) return wolfSSLv3_client_method(); - #else + #elif !defined(WOLFSSL_NO_TLS12) return wolfTLSv1_2_client_method(); + #elif defined(WOLFSSL_TLS13) + return wolfTLSv1_3_client_method(); #endif #elif !defined(NO_WOLFSSL_SERVER) #if defined(WOLFSSL_ALLOW_SSLV3) && !defined(NO_OLD_TLS) return wolfSSLv3_server_method(); - #else + #elif !defined(WOLFSSL_NO_TLS12) return wolfTLSv1_2_server_method(); + #elif defined(WOLFSSL_TLS13) + return wolfTLSv1_3_server_method(); #endif #else return NULL; @@ -8518,7 +8536,9 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, /* please see note at top of README if you get an error from connect */ int wolfSSL_connect(WOLFSSL* ssl) { + #ifndef WOLFSSL_NO_TLS12 int neededState; + #endif WOLFSSL_ENTER("SSL_connect()"); @@ -8540,6 +8560,9 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, return WOLFSSL_FATAL_ERROR; } + #ifdef WOLFSSL_NO_TLS12 + return wolfSSL_connect_TLSv13(ssl); + #else #ifdef WOLFSSL_TLS13 if (ssl->options.tls1_3) return wolfSSL_connect_TLSv13(ssl); @@ -8789,6 +8812,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, WOLFSSL_MSG("Unknown connect state ERROR"); return WOLFSSL_FATAL_ERROR; /* unknown connect state */ } + #endif /* !WOLFSSL_NO_TLS12 */ } #endif /* NO_WOLFSSL_CLIENT */ @@ -8874,14 +8898,19 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, int wolfSSL_accept(WOLFSSL* ssl) { +#ifndef WOLFSSL_NO_TLS12 word16 havePSK = 0; word16 haveAnon = 0; word16 haveMcast = 0; +#endif -#ifdef WOLFSSL_TLS13 +#ifdef WOLFSSL_NO_TLS12 + return wolfSSL_accept_TLSv13(ssl); +#else + #ifdef WOLFSSL_TLS13 if (ssl->options.tls1_3) return wolfSSL_accept_TLSv13(ssl); -#endif + #endif WOLFSSL_ENTER("SSL_accept()"); #ifdef HAVE_ERRNO_H @@ -9160,6 +9189,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, WOLFSSL_MSG("Unknown accept state ERROR"); return WOLFSSL_FATAL_ERROR; } +#endif /* !WOLFSSL_NO_TLS12 */ } #endif /* NO_WOLFSSL_SERVER */ @@ -15247,7 +15277,22 @@ const char* wolfSSL_get_version(WOLFSSL* ssl) return "TLSv1.2"; #ifdef WOLFSSL_TLS13 case TLSv1_3_MINOR : + /* TODO: [TLS13] Remove draft versions. */ + #ifndef WOLFSSL_TLS13_FINAL + #ifdef WOLFSSL_TLS13_DRAFT_18 + return "TLSv1.3 (Draft 18)"; + #elif defined(WOLFSSL_TLS13_DRAFT_22) + return "TLSv1.3 (Draft 22)"; + #elif defined(WOLFSSL_TLS13_DRAFT_23) + return "TLSv1.3 (Draft 23)"; + #elif defined(WOLFSSL_TLS13_DRAFT_26) + return "TLSv1.3 (Draft 26)"; + #else + return "TLSv1.3 (Draft 28)"; + #endif + #else return "TLSv1.3"; + #endif #endif default: return "unknown"; diff --git a/src/tls.c b/src/tls.c index 3364c53c2..df8ac64f5 100755 --- a/src/tls.c +++ b/src/tls.c @@ -99,13 +99,14 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions); #endif +#ifndef WOLFSSL_NO_TLS12 + #ifdef WOLFSSL_SHA384 #define P_HASH_MAX_SIZE WC_SHA384_DIGEST_SIZE #else #define P_HASH_MAX_SIZE WC_SHA256_DIGEST_SIZE #endif - /* compute p_hash for MD5, SHA-1, SHA-256, or SHA-384 for TLSv1 PRF */ static int p_hash(byte* result, word32 resLen, const byte* secret, word32 secLen, const byte* seed, word32 seedLen, int hash, @@ -233,6 +234,8 @@ static int p_hash(byte* result, word32 resLen, const byte* secret, #undef P_HASH_MAX_SIZE +#endif /* !WOLFSSL_NO_TLS12 */ + #ifndef NO_OLD_TLS @@ -325,6 +328,8 @@ static int doPRF(byte* digest, word32 digLen, const byte* secret,word32 secLen, #endif +#ifndef WOLFSSL_NO_TLS12 + /* Wrapper to call straight thru to p_hash in TSL 1.2 cases to remove stack use */ static int PRF(byte* digest, word32 digLen, const byte* secret, word32 secLen, @@ -452,6 +457,7 @@ int BuildTlsFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) return ret; } +#endif /* !WOLFSSL_NO_TLS12 */ #ifndef NO_OLD_TLS @@ -479,6 +485,8 @@ ProtocolVersion MakeTLSv1_1(void) #endif /* !NO_OLD_TLS */ +#ifndef WOLFSSL_NO_TLS12 + ProtocolVersion MakeTLSv1_2(void) { ProtocolVersion pv; @@ -488,6 +496,8 @@ ProtocolVersion MakeTLSv1_2(void) return pv; } +#endif /* !WOLFSSL_NO_TLS12 */ + #ifdef WOLFSSL_TLS13 /* The TLS v1.3 protocol version. * @@ -503,6 +513,7 @@ ProtocolVersion MakeTLSv1_3(void) } #endif +#ifndef WOLFSSL_NO_TLS12 #ifdef HAVE_EXTENDED_MASTER static const byte ext_master_label[EXT_MASTER_LABEL_SZ + 1] = @@ -877,6 +888,8 @@ int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, return ret; } +#endif /* !WOLFSSL_NO_TLS12 */ + #ifdef HAVE_TLS_EXTENSIONS /** @@ -9464,6 +9477,7 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType, #endif /* !NO_OLD_TLS */ +#ifndef WOLFSSL_NO_TLS12 WOLFSSL_METHOD* wolfTLSv1_2_client_method(void) { @@ -9481,6 +9495,8 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType, return method; } +#endif /* WOLFSSL_NO_TLS12 */ + #ifdef WOLFSSL_TLS13 /* The TLS v1.3 client method data. * @@ -9586,6 +9602,7 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType, } #endif /* !NO_OLD_TLS */ +#ifndef WOLFSSL_NO_TLS12 WOLFSSL_METHOD* wolfTLSv1_2_server_method(void) { @@ -9605,6 +9622,8 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType, return method; } +#endif /* !WOLFSSL_NO_TLS12 */ + #ifdef WOLFSSL_TLS13 /* The TLS v1.3 server method data. * diff --git a/src/tls13.c b/src/tls13.c index ce444ea47..694298bb6 100755 --- a/src/tls13.c +++ b/src/tls13.c @@ -2376,11 +2376,18 @@ int SendTls13ClientHello(WOLFSSL* ssl) if (ssl->options.resuming && (ssl->session.version.major != ssl->version.major || ssl->session.version.minor != ssl->version.minor)) { - /* Cannot resume with a different protocol version - new handshake. */ - ssl->options.resuming = 0; - ssl->version.major = ssl->session.version.major; - ssl->version.minor = ssl->session.version.minor; - return SendClientHello(ssl); + #ifndef WOLFSSL_NO_TLS12 + if (ssl->session.version.major == ssl->version.major && + ssl->session.version.minor < ssl->version.minor) { + /* Cannot resume with a different protocol version. */ + ssl->options.resuming = 0; + ssl->version.major = ssl->session.version.major; + ssl->version.minor = ssl->session.version.minor; + return SendClientHello(ssl); + } + else + #endif + return VERSION_ERROR; } #endif @@ -2774,15 +2781,18 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, if (ret != 0) return ret; if (!IsAtLeastTLSv1_3(pv) && pv.major != TLS_DRAFT_MAJOR) { +#ifndef WOLFSSL_NO_TLS12 if (ssl->options.downgrade) { ssl->version = pv; return DoServerHello(ssl, input, inOutIdx, helloSz); } +#endif - WOLFSSL_MSG("CLient using higher version, fatal error"); + WOLFSSL_MSG("Client using higher version, fatal error"); return VERSION_ERROR; } #else +#ifndef WOLFSSL_NO_TLS12 if (pv.major == ssl->version.major && pv.minor < TLSv1_2_MINOR && ssl->options.downgrade) { /* Force client hello version 1.2 to work for static RSA. */ @@ -2790,6 +2800,7 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, ssl->version.minor = TLSv1_2_MINOR; return DoServerHello(ssl, input, inOutIdx, helloSz); } +#endif if (pv.major != ssl->version.major || pv.minor != TLSv1_2_MINOR) return VERSION_ERROR; #endif @@ -2848,7 +2859,9 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, if ((i - begin) + OPAQUE16_LEN > helloSz) { if (!ssl->options.downgrade) return BUFFER_ERROR; +#ifndef WOLFSSL_NO_TLS12 ssl->version.minor = TLSv1_2_MINOR; +#endif ssl->options.haveEMS = 0; } if ((i - begin) < helloSz) @@ -2891,6 +2904,7 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, * Only now do we know how to deal with session id. */ if (!IsAtLeastTLSv1_3(ssl->version)) { +#ifndef WOLFSSL_NO_TLS12 ssl->arrays->sessionIDSz = sessIdSz; if (ssl->arrays->sessionIDSz > ID_LEN) { @@ -2907,6 +2921,10 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, ssl->chVersion.minor = TLSv1_2_MINOR; /* Complete TLS v1.2 processing of ServerHello. */ ret = CompleteServerHello(ssl); +#else + WOLFSSL_MSG("Client using higher version, fatal error"); + ret = VERSION_ERROR; +#endif WOLFSSL_LEAVE("DoTls13ServerHello", ret); @@ -3744,7 +3762,9 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, word16 totalExtSz = 0; int usingPSK = 0; byte sessIdSz; +#ifndef WOLFSSL_NO_TLS12 int bogusID = 0; +#endif WOLFSSL_START(WC_FUNC_CLIENT_HELLO_DO); WOLFSSL_ENTER("DoTls13ClientHello"); @@ -3766,8 +3786,10 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, if (pv.major == SSLv3_MAJOR && pv.minor >= TLSv1_3_MINOR) pv.minor = TLSv1_2_MINOR; +#ifndef WOLFSSL_NO_TLS12 if (ssl->version.major == SSLv3_MAJOR && ssl->version.minor < TLSv1_3_MINOR) return DoClientHello(ssl, input, inOutIdx, helloSz); +#endif #ifdef HAVE_SESSION_TICKET if (ssl->options.downgrade) { @@ -3802,9 +3824,11 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, XMEMCPY(ssl->session.sessionID, input + i, sessIdSz); i += ID_LEN; } -#ifdef HAVE_SESSION_TICKET - if (sessIdSz > 0 && sessIdSz < ID_LEN) - bogusID = 1; +#ifndef WOLFSSL_NO_TLS12 + #ifdef HAVE_SESSION_TICKET + if (sessIdSz > 0 && sessIdSz < ID_LEN) + bogusID = 1; + #endif #endif /* Cipher suites */ @@ -3919,6 +3943,7 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, return ret; #endif } +#ifndef WOLFSSL_NO_TLS12 else if (ssl->options.resuming) { ret = HandleTlsResumption(ssl, bogusID, &clSuites); if (ret != 0) @@ -3931,6 +3956,12 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, return ret; } } +#else + else { + WOLFSSL_MSG("Negotiated lesser version than TLS v1.3"); + return VERSION_ERROR; + } +#endif if (!usingPSK) { if ((ret = MatchSuite(ssl, &clSuites)) < 0) { @@ -3941,6 +3972,7 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, /* Check that the negotiated ciphersuite matches protocol version. */ if (IsAtLeastTLSv1_3(ssl->version)) { if (ssl->options.cipherSuite0 != TLS13_BYTE) { +#ifndef WOLFSSL_NO_TLS12 TLSX* ext; if (!ssl->options.downgrade) { @@ -3960,6 +3992,11 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, ext = TLSX_Find(ssl->extensions, TLSX_SUPPORTED_VERSIONS); if (ext != NULL) ext->resp = 0; +#else + WOLFSSL_MSG("Negotiated ciphersuite from lesser version than " + "TLS v1.3"); + return VERSION_ERROR; +#endif } } /* VerifyServerSuite handles when version is less than 1.3 */ @@ -7360,8 +7397,10 @@ int wolfSSL_connect_TLSv13(WOLFSSL* ssl) return WOLFSSL_SUCCESS; if (!ssl->options.tls1_3) { + #ifndef WOLFSSL_NO_TLS12 if (ssl->options.downgrade) return wolfSSL_connect(ssl); + #endif WOLFSSL_MSG("Client using higher version, fatal error"); return VERSION_ERROR; @@ -7462,9 +7501,14 @@ int wolfSSL_connect_TLSv13(WOLFSSL* ssl) FALL_THROUGH; case FIRST_REPLY_THIRD: - if ((ssl->error = SendTls13Finished(ssl)) != 0) { - WOLFSSL_ERROR(ssl->error); - return WOLFSSL_FATAL_ERROR; + #if !defined(NO_CERTS) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) + if (!ssl->options.sendVerify || !ssl->options.postHandshakeAuth) + #endif + { + if ((ssl->error = SendTls13Finished(ssl)) != 0) { + WOLFSSL_ERROR(ssl->error); + return WOLFSSL_FATAL_ERROR; + } } WOLFSSL_MSG("sent: finished"); diff --git a/tests/api.c b/tests/api.c index 123e18396..48a1ee885 100644 --- a/tests/api.c +++ b/tests/api.c @@ -462,11 +462,26 @@ static void test_wolfSSL_Method_Allocators(void) TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_1_server_method); TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_1_client_method); #endif +#ifndef WOLFSSL_NO_TLS12 + #ifndef NO_WOLFSSL_SERVER + TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_2_server_method); + #endif + #ifndef NO_WOLFSSL_CLIENT + TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_2_client_method); + #endif +#endif +#ifdef WOLFSSL_TLS13 + #ifndef NO_WOLFSSL_SERVER + TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_3_server_method); + #endif + #ifndef NO_WOLFSSL_CLIENT + TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_3_client_method); + #endif +#endif #ifndef NO_WOLFSSL_SERVER - TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_2_server_method); + TEST_VALID_METHOD_ALLOCATOR(wolfSSLv23_server_method); #endif #ifndef NO_WOLFSSL_CLIENT - TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_2_client_method); TEST_VALID_METHOD_ALLOCATOR(wolfSSLv23_client_method); #endif #ifdef WOLFSSL_DTLS @@ -898,12 +913,18 @@ static int test_wolfSSL_SetMinVersion(void) #ifndef NO_OLD_TLS const int versions[] = { WOLFSSL_TLSV1, WOLFSSL_TLSV1_1, WOLFSSL_TLSV1_2}; - #else + #elif !defined(WOLFSSL_NO_TLS12) const int versions[] = { WOLFSSL_TLSV1_2 }; + #else + const int versions[] = { WOLFSSL_TLSV1_3 }; #endif AssertTrue(wolfSSL_Init()); - ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()); + #ifndef WOLFSSL_NO_TLS12 + ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()); + #else + ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()); + #endif ssl = wolfSSL_new(ctx); printf(testingFmt, "wolfSSL_SetMinVersion()"); @@ -2945,7 +2966,11 @@ static void test_wolfSSL_PKCS8(void) /* Note that wolfSSL_Init() or wolfCrypt_Init() has been called before these * function calls */ +#ifndef WOLFSSL_NO_TLS12 AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())); +#else + AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method())); +#endif wolfSSL_CTX_set_default_passwd_cb(ctx, &PKCS8TestCallBack); wolfSSL_CTX_set_default_passwd_cb_userdata(ctx, (void*)&flag); AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buffer, bytes, @@ -3032,14 +3057,20 @@ static int test_wolfSSL_CTX_SetMinVersion(void) #ifndef NO_OLD_TLS const int versions[] = { WOLFSSL_TLSV1, WOLFSSL_TLSV1_1, WOLFSSL_TLSV1_2 }; - #else + #elif !defined(WOLFSSL_NO_TLS12) const int versions[] = { WOLFSSL_TLSV1_2 }; + #elif defined(WOLFSSL_TLS13) + const int versions[] = { WOLFSSL_TLSV1_3 }; #endif failFlag = WOLFSSL_SUCCESS; AssertTrue(wolfSSL_Init()); +#ifndef WOLFSSL_NO_TLS12 ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()); +#else + ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()); +#endif printf(testingFmt, "wolfSSL_CTX_SetMinVersion()"); @@ -3078,7 +3109,11 @@ static int test_wolfSSL_UseOCSPStapling(void) WOLFSSL* ssl; wolfSSL_Init(); + #ifndef WOLFSSL_NO_TLS12 ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()); + #else + ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()); + #endif ssl = wolfSSL_new(ctx); printf(testingFmt, "wolfSSL_UseOCSPStapling()"); @@ -3118,7 +3153,11 @@ static int test_wolfSSL_UseOCSPStaplingV2 (void) WOLFSSL* ssl; wolfSSL_Init(); + #ifndef WOLFSSL_NO_TLS12 ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()); + #else + ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()); + #endif ssl = wolfSSL_new(ctx); printf(testingFmt, "wolfSSL_UseOCSPStaplingV2()"); @@ -15513,7 +15552,11 @@ static void test_wolfSSL_PEM_PrivateKey(void) SSL_CTX* ctx; char passwd[] = "bad password"; + #ifndef WOLFSSL_NO_TLS12 AssertNotNull(ctx = SSL_CTX_new(TLSv1_2_server_method())); + #else + AssertNotNull(ctx = SSL_CTX_new(TLSv1_3_server_method())); + #endif AssertNotNull(bio = BIO_new_file("./certs/server-keyEnc.pem", "rb")); SSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); @@ -15550,7 +15593,11 @@ static void test_wolfSSL_PEM_PrivateKey(void) XFILE f; SSL_CTX* ctx; + #ifndef WOLFSSL_NO_TLS12 AssertNotNull(ctx = SSL_CTX_new(TLSv1_2_server_method())); + #else + AssertNotNull(ctx = SSL_CTX_new(TLSv1_3_server_method())); + #endif AssertNotNull(f = XFOPEN("./certs/ecc-key.der", "rb")); bytes = XFREAD(buf, 1, sizeof(buf), f); @@ -15852,7 +15899,8 @@ static void test_wolfSSL_ERR_peek_last_error_line(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ !defined(NO_FILESYSTEM) && defined(DEBUG_WOLFSSL) && \ - !defined(NO_OLD_TLS) && defined(HAVE_IO_TESTS_DEPENDENCIES) + !defined(NO_OLD_TLS) && !defined(WOLFSSL_NO_TLS12) && \ + defined(HAVE_IO_TESTS_DEPENDENCIES) tcp_ready ready; func_args client_args; func_args server_args; @@ -16381,7 +16429,7 @@ static void msg_cb(int write_p, int version, int content_type, #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ !defined(NO_FILESYSTEM) && defined(DEBUG_WOLFSSL) && \ - !defined(NO_OLD_TLS) && defined(HAVE_IO_TESTS_DEPENDENCIES) + defined(HAVE_IO_TESTS_DEPENDENCIES) #ifndef SINGLE_THREADED static int msgCb(SSL_CTX *ctx, SSL *ssl) { @@ -16401,7 +16449,7 @@ static void test_wolfSSL_msgCb(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ !defined(NO_FILESYSTEM) && defined(DEBUG_WOLFSSL) && \ - !defined(NO_OLD_TLS) && defined(HAVE_IO_TESTS_DEPENDENCIES) + defined(HAVE_IO_TESTS_DEPENDENCIES) tcp_ready ready; func_args client_args; @@ -16426,8 +16474,13 @@ static void test_wolfSSL_msgCb(void) XMEMSET(&client_cb, 0, sizeof(callback_functions)); XMEMSET(&server_cb, 0, sizeof(callback_functions)); +#ifndef WOLFSSL_NO_TLS12 client_cb.method = wolfTLSv1_2_client_method; server_cb.method = wolfTLSv1_2_server_method; +#else + client_cb.method = wolfTLSv1_3_client_method; + server_cb.method = wolfTLSv1_3_server_method; +#endif server_args.signal = &ready; server_args.callbacks = &server_cb; @@ -18403,10 +18456,12 @@ static char earlyDataBuffer[1]; static int test_tls13_apis(void) { int ret = 0; +#ifndef WOLFSSL_NO_TLS12 WOLFSSL_CTX* clientTls12Ctx; WOLFSSL* clientTls12Ssl; WOLFSSL_CTX* serverTls12Ctx; WOLFSSL* serverTls12Ssl; +#endif WOLFSSL_CTX* clientCtx; WOLFSSL* clientSsl; WOLFSSL_CTX* serverCtx; @@ -18421,6 +18476,7 @@ static int test_tls13_apis(void) int groups[1] = { WOLFSSL_ECC_X25519 }; int numGroups = 1; +#ifndef WOLFSSL_NO_TLS12 clientTls12Ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()); clientTls12Ssl = wolfSSL_new(clientTls12Ctx); serverTls12Ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method()); @@ -18429,6 +18485,7 @@ static int test_tls13_apis(void) wolfSSL_CTX_use_PrivateKey_file(serverTls12Ctx, ourKey, WOLFSSL_FILETYPE_PEM); #endif serverTls12Ssl = wolfSSL_new(serverTls12Ctx); +#endif clientCtx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()); clientSsl = wolfSSL_new(clientCtx); @@ -18442,7 +18499,9 @@ static int test_tls13_apis(void) #ifdef WOLFSSL_SEND_HRR_COOKIE AssertIntEQ(wolfSSL_send_hrr_cookie(NULL, NULL, 0), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_send_hrr_cookie(clientSsl, NULL, 0), SIDE_ERROR); +#ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_send_hrr_cookie(serverTls12Ssl, NULL, 0), BAD_FUNC_ARG); +#endif AssertIntEQ(wolfSSL_send_hrr_cookie(serverSsl, NULL, 0), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_send_hrr_cookie(serverSsl, fixedKey, sizeof(fixedKey)), @@ -18453,88 +18512,116 @@ static int test_tls13_apis(void) AssertIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_SECP256R1), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_UseKeyShare(serverSsl, WOLFSSL_ECC_SECP256R1), WOLFSSL_SUCCESS); +#ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_UseKeyShare(clientTls12Ssl, WOLFSSL_ECC_SECP256R1), WOLFSSL_SUCCESS); +#endif AssertIntEQ(wolfSSL_UseKeyShare(clientSsl, WOLFSSL_ECC_SECP256R1), WOLFSSL_SUCCESS); #elif defined(HAVE_CURVE25519) AssertIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_X25519), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_UseKeyShare(serverSsl, WOLFSSL_ECC_X25519), WOLFSSL_SUCCESS); +#ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_UseKeyShare(clientTls12Ssl, WOLFSSL_ECC_X25519), WOLFSSL_SUCCESS); +#endif AssertIntEQ(wolfSSL_UseKeyShare(clientSsl, WOLFSSL_ECC_X25519), WOLFSSL_SUCCESS); #else AssertIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_SECP256R1), BAD_FUNC_ARG); +#ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_UseKeyShare(clientTls12Ssl, WOLFSSL_ECC_SECP256R1), NOT_COMPILED_IN); +#endif AssertIntEQ(wolfSSL_UseKeyShare(clientSsl, WOLFSSL_ECC_SECP256R1), NOT_COMPILED_IN); #endif AssertIntEQ(wolfSSL_NoKeyShares(NULL), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_NoKeyShares(serverSsl), SIDE_ERROR); +#ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_NoKeyShares(clientTls12Ssl), WOLFSSL_SUCCESS); +#endif AssertIntEQ(wolfSSL_NoKeyShares(clientSsl), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_CTX_no_ticket_TLSv13(NULL), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_CTX_no_ticket_TLSv13(clientCtx), SIDE_ERROR); +#ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_CTX_no_ticket_TLSv13(serverTls12Ctx), BAD_FUNC_ARG); +#endif AssertIntEQ(wolfSSL_CTX_no_ticket_TLSv13(serverCtx), 0); AssertIntEQ(wolfSSL_no_ticket_TLSv13(NULL), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_no_ticket_TLSv13(clientSsl), SIDE_ERROR); +#ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_no_ticket_TLSv13(serverTls12Ssl), BAD_FUNC_ARG); +#endif AssertIntEQ(wolfSSL_no_ticket_TLSv13(serverSsl), 0); AssertIntEQ(wolfSSL_CTX_no_dhe_psk(NULL), BAD_FUNC_ARG); +#ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_CTX_no_dhe_psk(clientTls12Ctx), BAD_FUNC_ARG); +#endif AssertIntEQ(wolfSSL_CTX_no_dhe_psk(serverCtx), 0); AssertIntEQ(wolfSSL_CTX_no_dhe_psk(clientCtx), 0); AssertIntEQ(wolfSSL_no_dhe_psk(NULL), BAD_FUNC_ARG); +#ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_no_dhe_psk(clientTls12Ssl), BAD_FUNC_ARG); +#endif AssertIntEQ(wolfSSL_no_dhe_psk(serverSsl), 0); AssertIntEQ(wolfSSL_no_dhe_psk(clientSsl), 0); AssertIntEQ(wolfSSL_update_keys(NULL), BAD_FUNC_ARG); +#ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_update_keys(clientTls12Ssl), BAD_FUNC_ARG); +#endif AssertIntEQ(wolfSSL_update_keys(serverSsl), BUILD_MSG_ERROR); AssertIntEQ(wolfSSL_update_keys(clientSsl), BUILD_MSG_ERROR); #if !defined(NO_CERTS) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) AssertIntEQ(wolfSSL_CTX_allow_post_handshake_auth(NULL), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_CTX_allow_post_handshake_auth(serverCtx), SIDE_ERROR); +#ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_CTX_allow_post_handshake_auth(clientTls12Ctx), BAD_FUNC_ARG); +#endif AssertIntEQ(wolfSSL_CTX_allow_post_handshake_auth(clientCtx), 0); AssertIntEQ(wolfSSL_allow_post_handshake_auth(NULL), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_allow_post_handshake_auth(serverSsl), SIDE_ERROR); +#ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_allow_post_handshake_auth(clientTls12Ssl), BAD_FUNC_ARG); +#endif AssertIntEQ(wolfSSL_allow_post_handshake_auth(clientSsl), 0); AssertIntEQ(wolfSSL_request_certificate(NULL), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_request_certificate(clientSsl), SIDE_ERROR); +#ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_request_certificate(serverTls12Ssl), BAD_FUNC_ARG); +#endif AssertIntEQ(wolfSSL_request_certificate(serverSsl), NOT_READY_ERROR); #endif #ifndef WOLFSSL_NO_SERVER_GROUPS_EXT AssertIntEQ(wolfSSL_preferred_group(NULL), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_preferred_group(serverSsl), SIDE_ERROR); +#ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_preferred_group(clientTls12Ssl), BAD_FUNC_ARG); +#endif AssertIntEQ(wolfSSL_preferred_group(clientSsl), NOT_READY_ERROR); #endif AssertIntEQ(wolfSSL_CTX_set_groups(NULL, NULL, 0), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_CTX_set_groups(clientCtx, NULL, 0), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_CTX_set_groups(NULL, groups, numGroups), BAD_FUNC_ARG); +#ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_CTX_set_groups(clientTls12Ctx, groups, numGroups), BAD_FUNC_ARG); +#endif AssertIntEQ(wolfSSL_CTX_set_groups(clientCtx, groups, WOLFSSL_MAX_GROUP_COUNT + 1), BAD_FUNC_ARG); @@ -18546,8 +18633,10 @@ static int test_tls13_apis(void) AssertIntEQ(wolfSSL_set_groups(NULL, NULL, 0), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_set_groups(clientSsl, NULL, 0), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_set_groups(NULL, groups, numGroups), BAD_FUNC_ARG); +#ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_set_groups(clientTls12Ssl, groups, numGroups), BAD_FUNC_ARG); +#endif AssertIntEQ(wolfSSL_set_groups(clientSsl, groups, WOLFSSL_MAX_GROUP_COUNT + 1), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_set_groups(clientSsl, groups, numGroups), @@ -18558,13 +18647,17 @@ static int test_tls13_apis(void) #ifdef WOLFSSL_EARLY_DATA AssertIntEQ(wolfSSL_CTX_set_max_early_data(NULL, 0), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_CTX_set_max_early_data(clientCtx, 0), SIDE_ERROR); +#ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_CTX_set_max_early_data(serverTls12Ctx, 0), BAD_FUNC_ARG); +#endif AssertIntEQ(wolfSSL_CTX_set_max_early_data(serverCtx, 0), 0); AssertIntEQ(wolfSSL_set_max_early_data(NULL, 0), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_set_max_early_data(clientSsl, 0), SIDE_ERROR); +#ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_set_max_early_data(serverTls12Ssl, 0), BAD_FUNC_ARG); +#endif AssertIntEQ(wolfSSL_set_max_early_data(serverSsl, 0), 0); AssertIntEQ(wolfSSL_write_early_data(NULL, earlyData, sizeof(earlyData), @@ -18579,9 +18672,11 @@ static int test_tls13_apis(void) AssertIntEQ(wolfSSL_write_early_data(serverSsl, earlyData, sizeof(earlyData), &outSz), SIDE_ERROR); +#ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_write_early_data(clientTls12Ssl, earlyData, sizeof(earlyData), &outSz), BAD_FUNC_ARG); +#endif AssertIntEQ(wolfSSL_write_early_data(clientSsl, earlyData, sizeof(earlyData), &outSz), WOLFSSL_FATAL_ERROR); @@ -18600,9 +18695,11 @@ static int test_tls13_apis(void) AssertIntEQ(wolfSSL_read_early_data(clientSsl, earlyDataBuffer, sizeof(earlyDataBuffer), &outSz), SIDE_ERROR); +#ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_read_early_data(serverTls12Ssl, earlyDataBuffer, sizeof(earlyDataBuffer), &outSz), BAD_FUNC_ARG); +#endif AssertIntEQ(wolfSSL_read_early_data(serverSsl, earlyDataBuffer, sizeof(earlyDataBuffer), &outSz), WOLFSSL_FATAL_ERROR); @@ -18613,10 +18710,12 @@ static int test_tls13_apis(void) wolfSSL_free(clientSsl); wolfSSL_CTX_free(clientCtx); +#ifndef WOLFSSL_NO_TLS12 wolfSSL_free(serverTls12Ssl); wolfSSL_CTX_free(serverTls12Ctx); wolfSSL_free(clientTls12Ssl); wolfSSL_CTX_free(clientTls12Ctx); +#endif return ret; } @@ -18744,12 +18843,20 @@ static void test_DhCallbacks(void) /* set callbacks to use DH functions */ func_cb_client.ctx_ready = &test_dh_ctx_setup; func_cb_client.ssl_ready = &test_dh_ssl_setup; +#ifndef WOLFSSL_NO_TLS12 func_cb_client.method = wolfTLSv1_2_client_method; +#else + func_cb_client.method = wolfTLSv1_3_client_method; +#endif client_args.callbacks = &func_cb_client; func_cb_server.ctx_ready = &test_dh_ctx_setup; func_cb_server.ssl_ready = &test_dh_ssl_setup; +#ifndef WOLFSSL_NO_TLS12 func_cb_server.method = wolfTLSv1_2_server_method; +#else + func_cb_server.method = wolfTLSv1_3_server_method; +#endif server_args.callbacks = &func_cb_server; start_thread(test_server_nofail, &server_args, &serverThread); @@ -18791,12 +18898,20 @@ static void test_DhCallbacks(void) /* set callbacks to use DH functions */ func_cb_client.ctx_ready = &test_dh_ctx_setup; func_cb_client.ssl_ready = &test_dh_ssl_setup_fail; +#ifndef WOLFSSL_NO_TLS12 func_cb_client.method = wolfTLSv1_2_client_method; +#else + func_cb_client.method = wolfTLSv1_3_client_method; +#endif client_args.callbacks = &func_cb_client; func_cb_server.ctx_ready = &test_dh_ctx_setup; func_cb_server.ssl_ready = &test_dh_ssl_setup_fail; +#ifndef WOLFSSL_NO_TLS12 func_cb_server.method = wolfTLSv1_2_server_method; +#else + func_cb_server.method = wolfTLSv1_3_server_method; +#endif server_args.callbacks = &func_cb_server; start_thread(test_server_nofail, &server_args, &serverThread); diff --git a/tests/include.am b/tests/include.am index 91100e49a..9c7aa09ca 100644 --- a/tests/include.am +++ b/tests/include.am @@ -21,8 +21,11 @@ endif EXTRA_DIST += tests/unit.h EXTRA_DIST += tests/test.conf \ tests/test-tls13.conf \ + tests/test-tls13-down.conf \ tests/test-tls13-ecc.conf \ + tests/test-tls13-psk.conf \ tests/test-qsh.conf \ + tests/test-psk.conf \ tests/test-psk-no-id.conf \ tests/test-dtls.conf \ tests/test-sctp.conf \ diff --git a/tests/suites.c b/tests/suites.c index f6ef5b06b..bf25430e8 100644 --- a/tests/suites.c +++ b/tests/suites.c @@ -576,7 +576,7 @@ int SuiteTest(void) (void)test_harness; - cipherSuiteCtx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()); + cipherSuiteCtx = wolfSSL_CTX_new(wolfSSLv23_client_method()); if (cipherSuiteCtx == NULL) { printf("can't get cipher suite ctx\n"); exit(EXIT_FAILURE); @@ -634,6 +634,16 @@ int SuiteTest(void) exit(EXIT_FAILURE); } #endif + #ifndef WOLFSSL_NO_TLS12 + /* add TLSv13 downgrade tets */ + strcpy(argv0[1], "tests/test-tls13-down.conf"); + printf("starting TLSv13 Downgrade extra tests\n"); + test_harness(&args); + if (args.return_code != 0) { + printf("error from script %d\n", args.return_code); + exit(EXIT_FAILURE); + } + #endif #endif #if defined(HAVE_CURVE25519) && defined(HAVE_ED25519) /* add ED25519 certificate cipher suite tests */ @@ -692,15 +702,28 @@ int SuiteTest(void) } #endif #ifndef NO_PSK - /* add psk extra suites */ - strcpy(argv0[1], "tests/test-psk-no-id.conf"); - printf("starting psk no identity extra cipher suite tests\n"); + #ifndef WOLFSSL_NO_TLS12 + /* add psk cipher suites */ + strcpy(argv0[1], "tests/test-psk.conf"); + printf("starting psk cipher suite tests\n"); test_harness(&args); if (args.return_code != 0) { printf("error from script %d\n", args.return_code); args.return_code = EXIT_FAILURE; goto exit; } + #endif + #ifdef WOLFSSL_TLS13 + /* add psk extra suites */ + strcpy(argv0[1], "tests/test-tls13-psk.conf"); + printf("starting TLS 1.3 psk no identity extra cipher suite tests\n"); + test_harness(&args); + if (args.return_code != 0) { + printf("error from script %d\n", args.return_code); + args.return_code = EXIT_FAILURE; + goto exit; + } + #endif #endif #if defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_DES3) /* test encrypted keys */ diff --git a/tests/test-psk.conf b/tests/test-psk.conf new file mode 100644 index 000000000..4086b3e93 --- /dev/null +++ b/tests/test-psk.conf @@ -0,0 +1,15 @@ +# server - standard PSK +-j +-l PSK-CHACHA20-POLY1305 + +# client- standard PSK +-s +-l PSK-CHACHA20-POLY1305 + +# server +-j +-l ECDHE-RSA-AES256-GCM-SHA384:PSK-CHACHA20-POLY1305 + +# client +-l ECDHE-RSA-AES256-GCM-SHA384:PSK-CHACHA20-POLY1305 + diff --git a/tests/test-tls13-down.conf b/tests/test-tls13-down.conf new file mode 100644 index 000000000..b52910e67 --- /dev/null +++ b/tests/test-tls13-down.conf @@ -0,0 +1,43 @@ +# server TLSv1.3 downgrade +-v d +-l TLS13-CHACHA20-POLY1305-SHA256 + +# client TLSv1.2 +-v 3 + +# server TLSv1.2 +-v 3 + +# client TLSv1.3 downgrade +-v d + +# server TLSv1.3 downgrade +-v d + +# client TLSv1.3 downgrade +-v d + +# server TLSv1.3 downgrade but don't and resume +-v d +-r + +# client TLSv1.3 downgrade but don't and resume +-v d +-r + +# server TLSv1.3 downgrade and resume +-v d +-r + +# client TLSv1.2 and resume +-v 3 +-r + +# server TLSv1.2 and resume +-v d +-r + +# lcient TLSv1.3 downgrade and resume +-v 3 +-r + diff --git a/tests/test-tls13-psk.conf b/tests/test-tls13-psk.conf new file mode 100644 index 000000000..b8b7e2607 --- /dev/null +++ b/tests/test-tls13-psk.conf @@ -0,0 +1,31 @@ +# server TLSv1.3 PSK +-v 4 +-s +-l TLS13-AES128-GCM-SHA256 +-d + +# client TLSv1.3 PSK +-v 4 +-s +-l TLS13-AES128-GCM-SHA256 + +# server TLSv1.3 PSK +-v 4 +-j +-l TLS13-AES128-GCM-SHA256 +-d + +# client TLSv1.3 PSK +-v 4 +-s +-l TLS13-AES128-GCM-SHA256 + +# server TLSv1.3 PSK +-v 4 +-j +-l TLS13-AES128-GCM-SHA256 +-d + +# client TLSv1.3 not-PSK +-v 4 +-l TLS13-AES128-GCM-SHA256 diff --git a/tests/test-tls13.conf b/tests/test-tls13.conf index 8233626d9..5e07ad3fe 100644 --- a/tests/test-tls13.conf +++ b/tests/test-tls13.conf @@ -38,6 +38,37 @@ -v 4 -l TLS13-AES128-CCM-8-SHA256 +# server TLSv1.3 resumption +-v 4 +-l TLS13-AES128-GCM-SHA256 +-r + +# client TLSv1.3 resumption +-v 4 +-l TLS13-AES128-GCM-SHA256 +-r + +# server TLSv1.3 resumption - SHA384 +-v 4 +-l TLS13-AES256-GCM-SHA384 +-r + +# client TLSv1.3 resumption - SHA384 +-v 4 +-l TLS13-AES256-GCM-SHA384 +-r + +# server TLSv1.3 PSK without (EC)DHE +-v 4 +-l TLS13-AES128-GCM-SHA256 +-r + +# client TLSv1.3 PSK without (EC)DHE +-v 4 +-l TLS13-AES128-GCM-SHA256 +-r +-K + # server TLSv1.3 accepting EarlyData -v 4 -l TLS13-AES128-GCM-SHA256 @@ -71,3 +102,94 @@ -v 4 -l TLS13-AES128-GCM-SHA256 -r + +# server TLSv1.3 +-v 4 +-l TLS13-AES128-GCM-SHA256 + +# client TLSv1.3 Fragments +-v 4 +-l TLS13-AES128-GCM-SHA256 +-F 1 + +# server TLSv1.3 +-v 4 +-l TLS13-AES128-GCM-SHA256 + +# client TLSv1.3 HelloRetryRequest to negotiate Key Exchange algorithm +-v 4 +-l TLS13-AES128-GCM-SHA256 +-J + +# server TLSv1.3 +-v 4 +-l TLS13-AES128-GCM-SHA256 +-J + +# client TLSv1.3 HelloRetryRequest with cookie +-v 4 +-l TLS13-AES128-GCM-SHA256 +-J + +# server TLSv1.3 +-v 4 +-l TLS13-AES128-GCM-SHA256 + +# client TLSv1.3 no client certificate +-v 4 +-l TLS13-AES128-GCM-SHA256 +-x + +# server TLSv1.3 +-v 4 +-l TLS13-AES128-GCM-SHA256 + +# client TLSv1.3 DH key exchange +-v 4 +-l TLS13-AES128-GCM-SHA256 +-y + +# server TLSv1.3 +-v 4 +-l TLS13-AES128-GCM-SHA256 + +# client TLSv1.3 ECC key exchange +-v 4 +-l TLS13-AES128-GCM-SHA256 +-Y + +# server TLSv1.3 +-v 4 +-l TLS13-AES128-GCM-SHA256 + +# client TLSv1.3 ECC key exchange +-v 4 +-l TLS13-AES128-GCM-SHA256 +-Y + +# server TLSv1.3 multiple cipher suites +-v 4 +-l TLS13-AES128-GCM-SHA256:TLS13-AES256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES128-CCM-SHA256:TLS13-AES128-CCM-8-SHA256 + +# client TLSv1.3 +-v 4 + +# server TLSv1.3 KeyUpdate +-v 4 +-l TLS13-AES128-GCM-SHA256 +-U + +# client TLSv1.3 KeyUpdate +-v 4 +-l TLS13-AES128-GCM-SHA256 +-I + +# server TLSv1.3 Post-Handshake Authentication +-v 4 +-l TLS13-AES128-GCM-SHA256 +-Q + +# client TLSv1.3 Post-Handshake Authentication +-v 4 +-l TLS13-AES128-GCM-SHA256 +-Q diff --git a/wolfssl/test.h b/wolfssl/test.h index 2c66ee6f5..f446828db 100644 --- a/wolfssl/test.h +++ b/wolfssl/test.h @@ -220,11 +220,19 @@ #endif +#ifndef WOLFSSL_NO_TLS12 #define SERVER_DEFAULT_VERSION 3 +#else +#define SERVER_DEFAULT_VERSION 4 +#endif #define SERVER_DTLS_DEFAULT_VERSION (-2) #define SERVER_INVALID_VERSION (-99) #define SERVER_DOWNGRADE_VERSION (-98) +#ifndef WOLFSSL_NO_TLS12 #define CLIENT_DEFAULT_VERSION 3 +#else +#define CLIENT_DEFAULT_VERSION 4 +#endif #define CLIENT_DTLS_DEFAULT_VERSION (-2) #define CLIENT_INVALID_VERSION (-99) #define CLIENT_DOWNGRADE_VERSION (-98) From 12dc346058a8cf0b92599a38284e78840d2017ea Mon Sep 17 00:00:00 2001 From: Carie Pointer Date: Fri, 25 May 2018 09:25:25 -0600 Subject: [PATCH 092/146] Change return value to 0 for null key when HAVE_USER_RSA is defined --- tests/api.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/api.c b/tests/api.c index 0eccc4616..a9b3871a8 100644 --- a/tests/api.c +++ b/tests/api.c @@ -15058,7 +15058,7 @@ static int test_wc_SignatureGetSize_rsa(void) #ifndef HAVE_USER_RSA if (ret == BAD_FUNC_ARG) { #else - if (ret == USER_CRYPTO_ERROR) { + if (ret == 0) { #endif key_len = (word32)0; ret = wc_SignatureGetSize(sig_type, &rsa_key, key_len); From 3939eadf9ce80e40e5e00f5babed43d80acefda6 Mon Sep 17 00:00:00 2001 From: Takashi Kojo Date: Sat, 26 May 2018 10:55:17 +0900 Subject: [PATCH 093/146] get derLen by RsaPublicKeyDerSize --- src/ssl.c | 20 ++++++----- tests/api.c | 2 +- wolfcrypt/src/asn.c | 79 +++++++++++++++++++++++++++++++++++++++++ wolfssl/wolfcrypt/asn.h | 1 + 4 files changed, 93 insertions(+), 9 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 7ec5fa00e..abcb7d217 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -27526,6 +27526,10 @@ WOLFSSL_RSA *wolfSSL_d2i_RSAPublicKey(WOLFSSL_RSA **r, const unsigned char **pp, WOLFSSL_RSA *rsa = NULL; WOLFSSL_ENTER("d2i_RSAPublicKey"); + if(pp == NULL){ + WOLFSSL_MSG("Bad argument"); + return NULL; + } if((rsa = wolfSSL_RSA_new()) == NULL){ WOLFSSL_MSG("RSA_new failed"); return NULL; @@ -27545,22 +27549,22 @@ WOLFSSL_RSA *wolfSSL_d2i_RSAPublicKey(WOLFSSL_RSA **r, const unsigned char **pp, int wolfSSL_i2d_RSAPublicKey(WOLFSSL_RSA *rsa, const unsigned char **pp) { byte *der; - word32 derLen = 165; + int derLen; int ret; WOLFSSL_ENTER("i2d_RSAPublicKey"); - if(pp == NULL) + if((rsa == NULL) || (pp == NULL)) + return WOLFSSL_FATAL_ERROR; + if((ret = SetRsaInternal(rsa)) != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("SetRsaInternal Failed"); + return ret; + } + if((derLen = RsaPublicKeyDerSize((RsaKey *)rsa->internal, 1)) < 0) return WOLFSSL_FATAL_ERROR; der = (byte*)XMALLOC(derLen, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (der == NULL) { return WOLFSSL_FATAL_ERROR; } - if((ret = SetRsaInternal(rsa)) != WOLFSSL_SUCCESS) { - WOLFSSL_MSG("SetRsaInternal Failed"); - XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); - return ret; - } - if((ret = wc_RsaKeyToPublicDer((RsaKey *)rsa->internal, der, derLen)) < 0){ WOLFSSL_MSG("RsaKeyToPublicDer failed"); XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); diff --git a/tests/api.c b/tests/api.c index 47a5cb197..0ffc42797 100644 --- a/tests/api.c +++ b/tests/api.c @@ -18717,7 +18717,7 @@ static void test_wolfSSL_X509_CRL(void) ""}; #endif - FILE * fp; + XFILE fp; int i; printf(testingFmt, "test_wolfSSL_X509_CRL"); diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 83bd11863..b082a6023 100755 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -8326,6 +8326,85 @@ static int SetRsaPublicKey(byte* output, RsaKey* key, return idx; } + +int RsaPublicKeyDerSize(RsaKey* key, int with_header) +{ + byte* dummy = NULL; + byte seq[MAX_SEQ_SZ]; + byte bitString[1 + MAX_LENGTH_SZ + 1]; + int nSz; + int eSz; + int seqSz; + int bitStringSz; + int idx; + + if (key == NULL) + return BAD_FUNC_ARG; + + /* n */ + dummy = (byte*)XMALLOC(MAX_RSA_INT_SZ, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (dummy == NULL) + return MEMORY_E; + +#ifdef HAVE_USER_RSA + nSz = SetASNIntRSA(key->n, dummy); +#else + nSz = SetASNIntMP(&key->n, MAX_RSA_INT_SZ, dummy); +#endif + XFREE(dummy, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (nSz < 0) { + return nSz; + } + + /* e */ + dummy = (byte*)XMALLOC(MAX_RSA_E_SZ, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (dummy == NULL) { + XFREE(dummy, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + return MEMORY_E; + } + +#ifdef HAVE_USER_RSA + eSz = SetASNIntRSA(key->e, dummy); +#else + eSz = SetASNIntMP(&key->e, MAX_RSA_INT_SZ, dummy); +#endif + XFREE(dummy, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (eSz < 0) { + return eSz; + } + + seqSz = SetSequence(nSz + eSz, seq); + + /* headers */ + if (with_header) { + int algoSz; + dummy = (byte*)XMALLOC(MAX_RSA_INT_SZ, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (dummy == NULL) + return MEMORY_E; + + algoSz = SetAlgoID(RSAk, dummy, oidKeyType, 0); + bitStringSz = SetBitString(seqSz + nSz + eSz, 0, bitString); + + idx = SetSequence(nSz + eSz + seqSz + bitStringSz + algoSz, dummy); + XFREE(dummy, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + + /* algo */ + idx += algoSz; + /* bit string */ + idx += bitStringSz; + } + else + idx = 0; + + /* seq */ + idx += seqSz; + /* n */ + idx += nSz; + /* e */ + idx += eSz; + + return idx; +} #endif /* !NO_RSA && (WOLFSSL_CERT_GEN || (WOLFSSL_KEY_GEN && !HAVE_USER_RSA))) */ diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index da73afe58..35b372355 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -860,6 +860,7 @@ WOLFSSL_LOCAL int GetSerialNumber(const byte* input, word32* inOutIdx, WOLFSSL_LOCAL int GetNameHash(const byte* source, word32* idx, byte* hash, int maxIdx); WOLFSSL_LOCAL int wc_CheckPrivateKey(byte* key, word32 keySz, DecodedCert* der); +WOLFSSL_LOCAL int RsaPublicKeyDerSize(RsaKey* key, int with_header); #ifdef HAVE_ECC /* ASN sig helpers */ From ba03f6e08b97a230bdad26cd1a0f968bd9d2f555 Mon Sep 17 00:00:00 2001 From: Takashi Kojo Date: Sat, 26 May 2018 13:04:06 +0900 Subject: [PATCH 094/146] wolfSSL_d2i_PKCS12_fp --- src/ssl.c | 12 ++++++++++++ wolfssl/ssl.h | 5 +++-- wolfssl/wolfcrypt/asn_public.h | 3 ++- 3 files changed, 17 insertions(+), 3 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index abcb7d217..fb292e4e4 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -18028,6 +18028,12 @@ static void *wolfSSL_d2i_X509_fp_ex(XFILE file, void **x509, int type) else if(type == CRL_TYPE) newx509 = (void *)wolfSSL_d2i_X509_CRL(NULL, fileBuffer, (int)sz); #endif + else if(type == PKCS12_TYPE){ + if((newx509 = wc_PKCS12_new()) == NULL) + goto err_exit; + if(wc_d2i_PKCS12(fileBuffer, (int)sz, (WC_PKCS12*)newx509) < 0) + goto err_exit; + } else goto err_exit; if(newx509 == NULL) { @@ -18060,6 +18066,12 @@ _exit: return newx509; } +WOLFSSL_X509_PKCS12 *wolfSSL_d2i_PKCS12_fp(XFILE fp, WOLFSSL_X509_PKCS12 **pkcs12) +{ + WOLFSSL_ENTER("wolfSSL_d2i_PKCS12_fp"); + return (WOLFSSL_X509_PKCS12 *)wolfSSL_d2i_X509_fp_ex(fp, (void **)pkcs12, PKCS12_TYPE); +} + WOLFSSL_X509 *wolfSSL_d2i_X509_fp(XFILE fp, WOLFSSL_X509 **x509) { WOLFSSL_ENTER("wolfSSL_d2i_X509_fp"); diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 0ab534153..bb0133cf3 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -121,6 +121,7 @@ typedef struct WOLFSSL_X509 WOLFSSL_X509; typedef struct WOLFSSL_X509_NAME WOLFSSL_X509_NAME; typedef struct WOLFSSL_X509_NAME_ENTRY WOLFSSL_X509_NAME_ENTRY; typedef struct WOLFSSL_X509_CHAIN WOLFSSL_X509_CHAIN; +typedef struct WC_PKCS12 WOLFSSL_X509_PKCS12; typedef struct WOLFSSL_CERT_MANAGER WOLFSSL_CERT_MANAGER; typedef struct WOLFSSL_SOCKADDR WOLFSSL_SOCKADDR; @@ -1555,8 +1556,8 @@ typedef struct WC_PKCS12 WC_PKCS12; WOLFSSL_API WC_PKCS12* wolfSSL_d2i_PKCS12_bio(WOLFSSL_BIO* bio, WC_PKCS12** pkcs12); #ifndef NO_FILESYSTEM -WOLFSSL_API WC_PKCS12* wolfSSL_d2i_PKCS12_fp(XFILE fp, - WC_PKCS12** pkcs12); +WOLFSSL_API WOLFSSL_X509_PKCS12* wolfSSL_d2i_PKCS12_fp(XFILE fp, + WOLFSSL_X509_PKCS12** pkcs12); #endif WOLFSSL_API int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw, WOLFSSL_EVP_PKEY** pkey, WOLFSSL_X509** cert, diff --git a/wolfssl/wolfcrypt/asn_public.h b/wolfssl/wolfcrypt/asn_public.h index 312332f96..9bd337eff 100644 --- a/wolfssl/wolfcrypt/asn_public.h +++ b/wolfssl/wolfcrypt/asn_public.h @@ -72,7 +72,8 @@ enum CertType { ECC_PUBLICKEY_TYPE, TRUSTED_PEER_TYPE, EDDSA_PRIVATEKEY_TYPE, - ED25519_TYPE + ED25519_TYPE, + PKCS12_TYPE }; From c60b60c50c26f588096ad5b84cfc1f64228c8a3a Mon Sep 17 00:00:00 2001 From: Takashi Kojo Date: Sat, 26 May 2018 16:02:51 +0900 Subject: [PATCH 095/146] #if condition to refer wc_PKCS12_new, wc_d2i_PKCS12 --- src/ssl.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/ssl.c b/src/ssl.c index fb292e4e4..92538116c 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -18028,12 +18028,14 @@ static void *wolfSSL_d2i_X509_fp_ex(XFILE file, void **x509, int type) else if(type == CRL_TYPE) newx509 = (void *)wolfSSL_d2i_X509_CRL(NULL, fileBuffer, (int)sz); #endif + #if !defined(NO_ASN) && !defined(NO_PWDBASED) else if(type == PKCS12_TYPE){ if((newx509 = wc_PKCS12_new()) == NULL) goto err_exit; if(wc_d2i_PKCS12(fileBuffer, (int)sz, (WC_PKCS12*)newx509) < 0) goto err_exit; } + #endif else goto err_exit; if(newx509 == NULL) { From 1d8fb7be82395edc09d29c5f4c20d0be2bbdff59 Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Mon, 28 May 2018 09:18:26 +1000 Subject: [PATCH 096/146] Allow multiple NewSessionTicket messages Interopability testing with OpenSSL --- src/tls13.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/src/tls13.c b/src/tls13.c index ce444ea47..d3be2061c 100755 --- a/src/tls13.c +++ b/src/tls13.c @@ -6688,10 +6688,6 @@ static int SanityCheckTls13MsgReceived(WOLFSSL* ssl, byte type) WOLFSSL_MSG("NewSessionTicket received out of order"); return OUT_OF_ORDER_E; } - if (ssl->msgsReceived.got_session_ticket) { - WOLFSSL_MSG("Duplicate NewSessionTicket received"); - return DUPLICATE_MSG_E; - } ssl->msgsReceived.got_session_ticket = 1; break; From 68666101b706eecc8f31fd62b9028102d8117694 Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Tue, 29 May 2018 09:25:38 +1000 Subject: [PATCH 097/146] Fix for g++ 7.3 - macro strings in asm --- wolfcrypt/src/aes.c | 2630 ++++++++++++++++++++-------------------- wolfcrypt/src/sha256.c | 622 +++++----- wolfcrypt/src/sha512.c | 398 +++--- 3 files changed, 1825 insertions(+), 1825 deletions(-) diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index 827293b83..2e63ea841 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -3711,7 +3711,7 @@ while (0) -#define _VAR(a) ""#a"" +#define _VAR(a) "" #a "" #define VAR(a) _VAR(a) #define HR %%xmm14 @@ -3739,12 +3739,12 @@ while (0) "aesenc %%xmm12, %%xmm10\n\t" \ "aesenc %%xmm12, %%xmm11\n\t" -#define AESENC_SET(o) \ - "movdqa "#o"(%[KEY]), %%xmm12\n\t" \ +#define AESENC_SET(o) \ + "movdqa " #o "(%[KEY]), %%xmm12\n\t" \ AESENC() #define AESENC_CTR() \ - "movdqu "VAR(CTR1)", %%xmm4\n\t" \ + "movdqu " VAR(CTR1) ", %%xmm4\n\t" \ "movdqa %[BSWAP_EPI64], %%xmm1\n\t" \ "movdqu %%xmm4, %%xmm0\n\t" \ "pshufb %%xmm1, %%xmm4\n\t" \ @@ -3771,241 +3771,241 @@ while (0) "pshufb %%xmm1, %%xmm11\n\t" \ "paddd %[EIGHT], %%xmm0\n\t" -#define AESENC_XOR() \ - "movdqa (%[KEY]), %%xmm12\n\t" \ - "movdqu %%xmm0, "VAR(CTR1)"\n\t" \ - "pxor %%xmm12, %%xmm4\n\t" \ - "pxor %%xmm12, %%xmm5\n\t" \ - "pxor %%xmm12, %%xmm6\n\t" \ - "pxor %%xmm12, %%xmm7\n\t" \ - "pxor %%xmm12, %%xmm8\n\t" \ - "pxor %%xmm12, %%xmm9\n\t" \ - "pxor %%xmm12, %%xmm10\n\t" \ +#define AESENC_XOR() \ + "movdqa (%[KEY]), %%xmm12\n\t" \ + "movdqu %%xmm0, " VAR(CTR1) "\n\t" \ + "pxor %%xmm12, %%xmm4\n\t" \ + "pxor %%xmm12, %%xmm5\n\t" \ + "pxor %%xmm12, %%xmm6\n\t" \ + "pxor %%xmm12, %%xmm7\n\t" \ + "pxor %%xmm12, %%xmm8\n\t" \ + "pxor %%xmm12, %%xmm9\n\t" \ + "pxor %%xmm12, %%xmm10\n\t" \ "pxor %%xmm12, %%xmm11\n\t" /* Encrypt and carry-less multiply for AVX1. */ -#define AESENC_PCLMUL_1(src, o1, o2, o3) \ - "movdqu "#o3"("VAR(HTR)"), %%xmm12\n\t" \ - "movdqu "#o2"("#src"), %%xmm0\n\t" \ - "aesenc "#o1"(%[KEY]), %%xmm4\n\t" \ - "pshufb %[BSWAP_MASK], %%xmm0\n\t" \ - "pxor %%xmm2, %%xmm0\n\t" \ - "pshufd $0x4e, %%xmm12, %%xmm1\n\t" \ - "pshufd $0x4e, %%xmm0, %%xmm14\n\t" \ - "pxor %%xmm12, %%xmm1\n\t" \ - "pxor %%xmm0, %%xmm14\n\t" \ - "movdqa %%xmm0, %%xmm3\n\t" \ - "pclmulqdq $0x11, %%xmm12, %%xmm3\n\t" \ - "aesenc "#o1"(%[KEY]), %%xmm5\n\t" \ - "aesenc "#o1"(%[KEY]), %%xmm6\n\t" \ - "movdqa %%xmm0, %%xmm2\n\t" \ - "pclmulqdq $0x00, %%xmm12, %%xmm2\n\t" \ - "aesenc "#o1"(%[KEY]), %%xmm7\n\t" \ - "aesenc "#o1"(%[KEY]), %%xmm8\n\t" \ - "pclmulqdq $0x00, %%xmm14, %%xmm1\n\t" \ - "aesenc "#o1"(%[KEY]), %%xmm9\n\t" \ - "aesenc "#o1"(%[KEY]), %%xmm10\n\t" \ - "aesenc "#o1"(%[KEY]), %%xmm11\n\t" \ - "pxor %%xmm2, %%xmm1\n\t" \ - "pxor %%xmm3, %%xmm1\n\t" \ +#define AESENC_PCLMUL_1(src, o1, o2, o3) \ + "movdqu " #o3 "(" VAR(HTR) "), %%xmm12\n\t" \ + "movdqu " #o2 "(" #src "), %%xmm0\n\t" \ + "aesenc " #o1 "(%[KEY]), %%xmm4\n\t" \ + "pshufb %[BSWAP_MASK], %%xmm0\n\t" \ + "pxor %%xmm2, %%xmm0\n\t" \ + "pshufd $0x4e, %%xmm12, %%xmm1\n\t" \ + "pshufd $0x4e, %%xmm0, %%xmm14\n\t" \ + "pxor %%xmm12, %%xmm1\n\t" \ + "pxor %%xmm0, %%xmm14\n\t" \ + "movdqa %%xmm0, %%xmm3\n\t" \ + "pclmulqdq $0x11, %%xmm12, %%xmm3\n\t" \ + "aesenc " #o1 "(%[KEY]), %%xmm5\n\t" \ + "aesenc " #o1 "(%[KEY]), %%xmm6\n\t" \ + "movdqa %%xmm0, %%xmm2\n\t" \ + "pclmulqdq $0x00, %%xmm12, %%xmm2\n\t" \ + "aesenc " #o1 "(%[KEY]), %%xmm7\n\t" \ + "aesenc " #o1 "(%[KEY]), %%xmm8\n\t" \ + "pclmulqdq $0x00, %%xmm14, %%xmm1\n\t" \ + "aesenc " #o1 "(%[KEY]), %%xmm9\n\t" \ + "aesenc " #o1 "(%[KEY]), %%xmm10\n\t" \ + "aesenc " #o1 "(%[KEY]), %%xmm11\n\t" \ + "pxor %%xmm2, %%xmm1\n\t" \ + "pxor %%xmm3, %%xmm1\n\t" \ -#define AESENC_PCLMUL_N(src, o1, o2, o3) \ - "movdqu "#o3"("VAR(HTR)"), %%xmm12\n\t" \ - "movdqu "#o2"("#src"), %%xmm0\n\t" \ - "pshufd $0x4e, %%xmm12, %%xmm13\n\t" \ - "pshufb %[BSWAP_MASK], %%xmm0\n\t" \ - "aesenc "#o1"(%[KEY]), %%xmm4\n\t" \ - "pxor %%xmm12, %%xmm13\n\t" \ - "pshufd $0x4e, %%xmm0, %%xmm14\n\t" \ - "pxor %%xmm0, %%xmm14\n\t" \ - "movdqa %%xmm0, %%xmm15\n\t" \ - "pclmulqdq $0x11, %%xmm12, %%xmm15\n\t" \ - "aesenc "#o1"(%[KEY]), %%xmm5\n\t" \ - "aesenc "#o1"(%[KEY]), %%xmm6\n\t" \ - "pclmulqdq $0x00, %%xmm0, %%xmm12\n\t" \ - "aesenc "#o1"(%[KEY]), %%xmm7\n\t" \ - "aesenc "#o1"(%[KEY]), %%xmm8\n\t" \ - "pclmulqdq $0x00, %%xmm14, %%xmm13\n\t" \ - "aesenc "#o1"(%[KEY]), %%xmm9\n\t" \ - "aesenc "#o1"(%[KEY]), %%xmm10\n\t" \ - "aesenc "#o1"(%[KEY]), %%xmm11\n\t" \ - "pxor %%xmm12, %%xmm1\n\t" \ - "pxor %%xmm12, %%xmm2\n\t" \ - "pxor %%xmm15, %%xmm1\n\t" \ - "pxor %%xmm15, %%xmm3\n\t" \ - "pxor %%xmm13, %%xmm1\n\t" \ +#define AESENC_PCLMUL_N(src, o1, o2, o3) \ + "movdqu " #o3 "(" VAR(HTR) "), %%xmm12\n\t" \ + "movdqu " #o2 "(" #src" ), %%xmm0\n\t" \ + "pshufd $0x4e, %%xmm12, %%xmm13\n\t" \ + "pshufb %[BSWAP_MASK], %%xmm0\n\t" \ + "aesenc " #o1 "(%[KEY]), %%xmm4\n\t" \ + "pxor %%xmm12, %%xmm13\n\t" \ + "pshufd $0x4e, %%xmm0, %%xmm14\n\t" \ + "pxor %%xmm0, %%xmm14\n\t" \ + "movdqa %%xmm0, %%xmm15\n\t" \ + "pclmulqdq $0x11, %%xmm12, %%xmm15\n\t" \ + "aesenc " #o1 "(%[KEY]), %%xmm5\n\t" \ + "aesenc " #o1 "(%[KEY]), %%xmm6\n\t" \ + "pclmulqdq $0x00, %%xmm0, %%xmm12\n\t" \ + "aesenc " #o1 "(%[KEY]), %%xmm7\n\t" \ + "aesenc " #o1 "(%[KEY]), %%xmm8\n\t" \ + "pclmulqdq $0x00, %%xmm14, %%xmm13\n\t" \ + "aesenc " #o1 "(%[KEY]), %%xmm9\n\t" \ + "aesenc " #o1 "(%[KEY]), %%xmm10\n\t" \ + "aesenc " #o1 "(%[KEY]), %%xmm11\n\t" \ + "pxor %%xmm12, %%xmm1\n\t" \ + "pxor %%xmm12, %%xmm2\n\t" \ + "pxor %%xmm15, %%xmm1\n\t" \ + "pxor %%xmm15, %%xmm3\n\t" \ + "pxor %%xmm13, %%xmm1\n\t" \ -#define AESENC_PCLMUL_L(o) \ - "movdqa %%xmm1, %%xmm14\n\t" \ - "psrldq $8, %%xmm1\n\t" \ - "pslldq $8, %%xmm14\n\t" \ - "aesenc "#o"(%[KEY]), %%xmm4\n\t" \ - "pxor %%xmm14, %%xmm2\n\t" \ - "pxor %%xmm1, %%xmm3\n\t" \ - "movdqa %%xmm2, %%xmm12\n\t" \ - "movdqa %%xmm2, %%xmm13\n\t" \ - "movdqa %%xmm2, %%xmm14\n\t" \ - "aesenc "#o"(%[KEY]), %%xmm5\n\t" \ - "pslld $31, %%xmm12\n\t" \ - "pslld $30, %%xmm13\n\t" \ - "pslld $25, %%xmm14\n\t" \ - "aesenc "#o"(%[KEY]), %%xmm6\n\t" \ - "pxor %%xmm13, %%xmm12\n\t" \ - "pxor %%xmm14, %%xmm12\n\t" \ - "aesenc "#o"(%[KEY]), %%xmm7\n\t" \ - "movdqa %%xmm12, %%xmm13\n\t" \ - "pslldq $12, %%xmm12\n\t" \ - "psrldq $4, %%xmm13\n\t" \ - "aesenc "#o"(%[KEY]), %%xmm8\n\t" \ - "pxor %%xmm12, %%xmm2\n\t" \ - "movdqa %%xmm2, %%xmm14\n\t" \ - "movdqa %%xmm2, %%xmm1\n\t" \ - "movdqa %%xmm2, %%xmm0\n\t" \ - "aesenc "#o"(%[KEY]), %%xmm9\n\t" \ - "psrld $1, %%xmm14\n\t" \ - "psrld $2, %%xmm1\n\t" \ - "psrld $7, %%xmm0\n\t" \ - "aesenc "#o"(%[KEY]), %%xmm10\n\t" \ - "pxor %%xmm1, %%xmm14\n\t" \ - "pxor %%xmm0, %%xmm14\n\t" \ - "aesenc "#o"(%[KEY]), %%xmm11\n\t" \ - "pxor %%xmm13, %%xmm14\n\t" \ - "pxor %%xmm14, %%xmm2\n\t" \ - "pxor %%xmm3, %%xmm2\n\t" \ +#define AESENC_PCLMUL_L(o) \ + "movdqa %%xmm1, %%xmm14\n\t" \ + "psrldq $8, %%xmm1\n\t" \ + "pslldq $8, %%xmm14\n\t" \ + "aesenc " #o "(%[KEY]), %%xmm4\n\t" \ + "pxor %%xmm14, %%xmm2\n\t" \ + "pxor %%xmm1, %%xmm3\n\t" \ + "movdqa %%xmm2, %%xmm12\n\t" \ + "movdqa %%xmm2, %%xmm13\n\t" \ + "movdqa %%xmm2, %%xmm14\n\t" \ + "aesenc " #o "(%[KEY]), %%xmm5\n\t" \ + "pslld $31, %%xmm12\n\t" \ + "pslld $30, %%xmm13\n\t" \ + "pslld $25, %%xmm14\n\t" \ + "aesenc " #o "(%[KEY]), %%xmm6\n\t" \ + "pxor %%xmm13, %%xmm12\n\t" \ + "pxor %%xmm14, %%xmm12\n\t" \ + "aesenc " #o "(%[KEY]), %%xmm7\n\t" \ + "movdqa %%xmm12, %%xmm13\n\t" \ + "pslldq $12, %%xmm12\n\t" \ + "psrldq $4, %%xmm13\n\t" \ + "aesenc " #o "(%[KEY]), %%xmm8\n\t" \ + "pxor %%xmm12, %%xmm2\n\t" \ + "movdqa %%xmm2, %%xmm14\n\t" \ + "movdqa %%xmm2, %%xmm1\n\t" \ + "movdqa %%xmm2, %%xmm0\n\t" \ + "aesenc " #o "(%[KEY]), %%xmm9\n\t" \ + "psrld $1, %%xmm14\n\t" \ + "psrld $2, %%xmm1\n\t" \ + "psrld $7, %%xmm0\n\t" \ + "aesenc " #o "(%[KEY]), %%xmm10\n\t" \ + "pxor %%xmm1, %%xmm14\n\t" \ + "pxor %%xmm0, %%xmm14\n\t" \ + "aesenc " #o "(%[KEY]), %%xmm11\n\t" \ + "pxor %%xmm13, %%xmm14\n\t" \ + "pxor %%xmm14, %%xmm2\n\t" \ + "pxor %%xmm3, %%xmm2\n\t" \ /* Encrypt and carry-less multiply with last key. */ -#define AESENC_LAST(in, out) \ - "aesenclast %%xmm12, %%xmm4\n\t" \ - "aesenclast %%xmm12, %%xmm5\n\t" \ - "movdqu ("#in"),%%xmm0\n\t" \ - "movdqu 16("#in"),%%xmm1\n\t" \ - "pxor %%xmm0, %%xmm4\n\t" \ - "pxor %%xmm1, %%xmm5\n\t" \ - "movdqu %%xmm4, ("#out")\n\t" \ - "movdqu %%xmm5, 16("#out")\n\t" \ - "aesenclast %%xmm12, %%xmm6\n\t" \ - "aesenclast %%xmm12, %%xmm7\n\t" \ - "movdqu 32("#in"),%%xmm0\n\t" \ - "movdqu 48("#in"),%%xmm1\n\t" \ - "pxor %%xmm0, %%xmm6\n\t" \ - "pxor %%xmm1, %%xmm7\n\t" \ - "movdqu %%xmm6, 32("#out")\n\t" \ - "movdqu %%xmm7, 48("#out")\n\t" \ - "aesenclast %%xmm12, %%xmm8\n\t" \ - "aesenclast %%xmm12, %%xmm9\n\t" \ - "movdqu 64("#in"),%%xmm0\n\t" \ - "movdqu 80("#in"),%%xmm1\n\t" \ - "pxor %%xmm0, %%xmm8\n\t" \ - "pxor %%xmm1, %%xmm9\n\t" \ - "movdqu %%xmm8, 64("#out")\n\t" \ - "movdqu %%xmm9, 80("#out")\n\t" \ - "aesenclast %%xmm12, %%xmm10\n\t" \ - "aesenclast %%xmm12, %%xmm11\n\t" \ - "movdqu 96("#in"),%%xmm0\n\t" \ - "movdqu 112("#in"),%%xmm1\n\t" \ - "pxor %%xmm0, %%xmm10\n\t" \ - "pxor %%xmm1, %%xmm11\n\t" \ - "movdqu %%xmm10, 96("#out")\n\t" \ - "movdqu %%xmm11, 112("#out")\n\t" +#define AESENC_LAST(in, out) \ + "aesenclast %%xmm12, %%xmm4\n\t" \ + "aesenclast %%xmm12, %%xmm5\n\t" \ + "movdqu (" #in "),%%xmm0\n\t" \ + "movdqu 16(" #in "),%%xmm1\n\t" \ + "pxor %%xmm0, %%xmm4\n\t" \ + "pxor %%xmm1, %%xmm5\n\t" \ + "movdqu %%xmm4, (" #out ")\n\t" \ + "movdqu %%xmm5, 16(" #out ")\n\t" \ + "aesenclast %%xmm12, %%xmm6\n\t" \ + "aesenclast %%xmm12, %%xmm7\n\t" \ + "movdqu 32(" #in "),%%xmm0\n\t" \ + "movdqu 48(" #in "),%%xmm1\n\t" \ + "pxor %%xmm0, %%xmm6\n\t" \ + "pxor %%xmm1, %%xmm7\n\t" \ + "movdqu %%xmm6, 32(" #out ")\n\t" \ + "movdqu %%xmm7, 48(" #out ")\n\t" \ + "aesenclast %%xmm12, %%xmm8\n\t" \ + "aesenclast %%xmm12, %%xmm9\n\t" \ + "movdqu 64(" #in "),%%xmm0\n\t" \ + "movdqu 80(" #in "),%%xmm1\n\t" \ + "pxor %%xmm0, %%xmm8\n\t" \ + "pxor %%xmm1, %%xmm9\n\t" \ + "movdqu %%xmm8, 64(" #out ")\n\t" \ + "movdqu %%xmm9, 80(" #out ")\n\t" \ + "aesenclast %%xmm12, %%xmm10\n\t" \ + "aesenclast %%xmm12, %%xmm11\n\t" \ + "movdqu 96(" #in "),%%xmm0\n\t" \ + "movdqu 112(" #in "),%%xmm1\n\t" \ + "pxor %%xmm0, %%xmm10\n\t" \ + "pxor %%xmm1, %%xmm11\n\t" \ + "movdqu %%xmm10, 96(" #out ")\n\t" \ + "movdqu %%xmm11, 112(" #out ")\n\t" #define _AESENC_AVX(r) \ - "aesenc 16(%[KEY]), "#r"\n\t" \ - "aesenc 32(%[KEY]), "#r"\n\t" \ - "aesenc 48(%[KEY]), "#r"\n\t" \ - "aesenc 64(%[KEY]), "#r"\n\t" \ - "aesenc 80(%[KEY]), "#r"\n\t" \ - "aesenc 96(%[KEY]), "#r"\n\t" \ - "aesenc 112(%[KEY]), "#r"\n\t" \ - "aesenc 128(%[KEY]), "#r"\n\t" \ - "aesenc 144(%[KEY]), "#r"\n\t" \ + "aesenc 16(%[KEY]), " #r "\n\t" \ + "aesenc 32(%[KEY]), " #r "\n\t" \ + "aesenc 48(%[KEY]), " #r "\n\t" \ + "aesenc 64(%[KEY]), " #r "\n\t" \ + "aesenc 80(%[KEY]), " #r "\n\t" \ + "aesenc 96(%[KEY]), " #r "\n\t" \ + "aesenc 112(%[KEY]), " #r "\n\t" \ + "aesenc 128(%[KEY]), " #r "\n\t" \ + "aesenc 144(%[KEY]), " #r "\n\t" \ "cmpl $11, %[nr]\n\t" \ "movdqa 160(%[KEY]), %%xmm5\n\t" \ "jl %=f\n\t" \ - "aesenc %%xmm5, "#r"\n\t" \ - "aesenc 176(%[KEY]), "#r"\n\t" \ + "aesenc %%xmm5, " #r "\n\t" \ + "aesenc 176(%[KEY]), " #r "\n\t" \ "cmpl $13, %[nr]\n\t" \ "movdqa 192(%[KEY]), %%xmm5\n\t" \ "jl %=f\n\t" \ - "aesenc %%xmm5, "#r"\n\t" \ - "aesenc 208(%[KEY]), "#r"\n\t" \ + "aesenc %%xmm5, " #r "\n\t" \ + "aesenc 208(%[KEY]), " #r "\n\t" \ "movdqa 224(%[KEY]), %%xmm5\n\t" \ "%=:\n\t" \ - "aesenclast %%xmm5, "#r"\n\t" + "aesenclast %%xmm5, " #r "\n\t" #define AESENC_AVX(r) \ _AESENC_AVX(r) #define AESENC_BLOCK(in, out) \ - "movdqu "VAR(CTR1)", %%xmm4\n\t" \ + "movdqu " VAR(CTR1) ", %%xmm4\n\t" \ "movdqu %%xmm4, %%xmm5\n\t" \ "pshufb %[BSWAP_EPI64], %%xmm4\n\t" \ "paddd %[ONE], %%xmm5\n\t" \ "pxor (%[KEY]), %%xmm4\n\t" \ - "movdqu %%xmm5, "VAR(CTR1)"\n\t" \ + "movdqu %%xmm5, " VAR(CTR1) "\n\t" \ AESENC_AVX(%%xmm4) \ - "movdqu ("#in"), %%xmm5\n\t" \ + "movdqu (" #in "), %%xmm5\n\t" \ "pxor %%xmm5, %%xmm4\n\t" \ - "movdqu %%xmm4, ("#out")\n\t" \ + "movdqu %%xmm4, (" #out ")\n\t" \ "pshufb %[BSWAP_MASK], %%xmm4\n\t" \ - "pxor %%xmm4, "VAR(XR)"\n\t" + "pxor %%xmm4, " VAR(XR) "\n\t" -#define _AESENC_GFMUL(in, out, H, X) \ - "movdqu "VAR(CTR1)", %%xmm4\n\t" \ - "movdqu %%xmm4, %%xmm5\n\t" \ - "pshufb %[BSWAP_EPI64], %%xmm4\n\t" \ - "paddd %[ONE], %%xmm5\n\t" \ - "pxor (%[KEY]), %%xmm4\n\t" \ - "movdqu %%xmm5, "VAR(CTR1)"\n\t" \ - "movdqa "#X", %%xmm6\n\t" \ - "pclmulqdq $0x10, "#H", %%xmm6\n\t" \ - "aesenc 16(%[KEY]), %%xmm4\n\t" \ - "aesenc 32(%[KEY]), %%xmm4\n\t" \ - "movdqa "#X", %%xmm7\n\t" \ - "pclmulqdq $0x01, "#H", %%xmm7\n\t" \ - "aesenc 48(%[KEY]), %%xmm4\n\t" \ - "aesenc 64(%[KEY]), %%xmm4\n\t" \ - "movdqa "#X", %%xmm8\n\t" \ - "pclmulqdq $0x00, "#H", %%xmm8\n\t" \ - "aesenc 80(%[KEY]), %%xmm4\n\t" \ - "movdqa "#X", %%xmm1\n\t" \ - "pclmulqdq $0x11, "#H", %%xmm1\n\t" \ - "aesenc 96(%[KEY]), %%xmm4\n\t" \ - "pxor %%xmm7, %%xmm6\n\t" \ - "movdqa %%xmm6, %%xmm2\n\t" \ - "psrldq $8, %%xmm6\n\t" \ - "pslldq $8, %%xmm2\n\t" \ - "aesenc 112(%[KEY]), %%xmm4\n\t" \ - "movdqa %%xmm1, %%xmm3\n\t" \ - "pxor %%xmm8, %%xmm2\n\t" \ - "pxor %%xmm6, %%xmm3\n\t" \ - "movdqa %[MOD2_128], %%xmm0\n\t" \ - "movdqa %%xmm2, %%xmm7\n\t" \ - "pclmulqdq $0x10, %%xmm0, %%xmm7\n\t" \ - "aesenc 128(%[KEY]), %%xmm4\n\t" \ - "pshufd $0x4e, %%xmm2, %%xmm6\n\t" \ - "pxor %%xmm7, %%xmm6\n\t" \ - "movdqa %%xmm6, %%xmm7\n\t" \ - "pclmulqdq $0x10, %%xmm0, %%xmm7\n\t" \ - "aesenc 144(%[KEY]), %%xmm4\n\t" \ - "pshufd $0x4e, %%xmm6, "VAR(XR)"\n\t" \ - "pxor %%xmm7, "VAR(XR)"\n\t" \ - "pxor %%xmm3, "VAR(XR)"\n\t" \ - "cmpl $11, %[nr]\n\t" \ - "movdqu 160(%[KEY]), %%xmm5\n\t" \ - "jl %=f\n\t" \ - "aesenc %%xmm5, %%xmm4\n\t" \ - "aesenc 176(%[KEY]), %%xmm4\n\t" \ - "cmpl $13, %[nr]\n\t" \ - "movdqu 192(%[KEY]), %%xmm5\n\t" \ - "jl %=f\n\t" \ - "aesenc %%xmm5, %%xmm4\n\t" \ - "aesenc 208(%[KEY]), %%xmm4\n\t" \ - "movdqa 224(%[KEY]), %%xmm5\n\t" \ - "%=:\n\t" \ - "aesenclast %%xmm5, %%xmm4\n\t" \ - "movdqu ("#in"), %%xmm5\n\t" \ - "pxor %%xmm5, %%xmm4\n\t" \ - "movdqu %%xmm4, ("#out")\n\t" -#define AESENC_GFMUL(in, out, H, X) \ +#define _AESENC_GFMUL(in, out, H, X) \ + "movdqu " VAR(CTR1) ", %%xmm4\n\t" \ + "movdqu %%xmm4, %%xmm5\n\t" \ + "pshufb %[BSWAP_EPI64], %%xmm4\n\t" \ + "paddd %[ONE], %%xmm5\n\t" \ + "pxor (%[KEY]), %%xmm4\n\t" \ + "movdqu %%xmm5, " VAR(CTR1) "\n\t" \ + "movdqa " #X ", %%xmm6\n\t" \ + "pclmulqdq $0x10, " #H ", %%xmm6\n\t" \ + "aesenc 16(%[KEY]), %%xmm4\n\t" \ + "aesenc 32(%[KEY]), %%xmm4\n\t" \ + "movdqa " #X ", %%xmm7\n\t" \ + "pclmulqdq $0x01, " #H ", %%xmm7\n\t" \ + "aesenc 48(%[KEY]), %%xmm4\n\t" \ + "aesenc 64(%[KEY]), %%xmm4\n\t" \ + "movdqa " #X ", %%xmm8\n\t" \ + "pclmulqdq $0x00, " #H ", %%xmm8\n\t" \ + "aesenc 80(%[KEY]), %%xmm4\n\t" \ + "movdqa " #X ", %%xmm1\n\t" \ + "pclmulqdq $0x11, " #H ", %%xmm1\n\t" \ + "aesenc 96(%[KEY]), %%xmm4\n\t" \ + "pxor %%xmm7, %%xmm6\n\t" \ + "movdqa %%xmm6, %%xmm2\n\t" \ + "psrldq $8, %%xmm6\n\t" \ + "pslldq $8, %%xmm2\n\t" \ + "aesenc 112(%[KEY]), %%xmm4\n\t" \ + "movdqa %%xmm1, %%xmm3\n\t" \ + "pxor %%xmm8, %%xmm2\n\t" \ + "pxor %%xmm6, %%xmm3\n\t" \ + "movdqa %[MOD2_128], %%xmm0\n\t" \ + "movdqa %%xmm2, %%xmm7\n\t" \ + "pclmulqdq $0x10, %%xmm0, %%xmm7\n\t" \ + "aesenc 128(%[KEY]), %%xmm4\n\t" \ + "pshufd $0x4e, %%xmm2, %%xmm6\n\t" \ + "pxor %%xmm7, %%xmm6\n\t" \ + "movdqa %%xmm6, %%xmm7\n\t" \ + "pclmulqdq $0x10, %%xmm0, %%xmm7\n\t" \ + "aesenc 144(%[KEY]), %%xmm4\n\t" \ + "pshufd $0x4e, %%xmm6, " VAR(XR) "\n\t" \ + "pxor %%xmm7, " VAR(XR) "\n\t" \ + "pxor %%xmm3, " VAR(XR) "\n\t" \ + "cmpl $11, %[nr]\n\t" \ + "movdqu 160(%[KEY]), %%xmm5\n\t" \ + "jl %=f\n\t" \ + "aesenc %%xmm5, %%xmm4\n\t" \ + "aesenc 176(%[KEY]), %%xmm4\n\t" \ + "cmpl $13, %[nr]\n\t" \ + "movdqu 192(%[KEY]), %%xmm5\n\t" \ + "jl %=f\n\t" \ + "aesenc %%xmm5, %%xmm4\n\t" \ + "aesenc 208(%[KEY]), %%xmm4\n\t" \ + "movdqa 224(%[KEY]), %%xmm5\n\t" \ + "%=:\n\t" \ + "aesenclast %%xmm5, %%xmm4\n\t" \ + "movdqu (" #in "), %%xmm5\n\t" \ + "pxor %%xmm5, %%xmm4\n\t" \ + "movdqu %%xmm4, (" #out ")\n\t" +#define AESENC_GFMUL(in, out, H, X) \ _AESENC_GFMUL(in, out, H, X) #define _GHASH_GFMUL_AVX(r, r2, a, b) \ @@ -4022,11 +4022,11 @@ while (0) "pxor %%xmm3, %%xmm1\n\t" \ "movdqa %%xmm1, %%xmm2\n\t" \ "movdqa %%xmm0, "#r2"\n\t" \ - "movdqa %%xmm3, "#r"\n\t" \ + "movdqa %%xmm3, " #r "\n\t" \ "pslldq $8, %%xmm2\n\t" \ "psrldq $8, %%xmm1\n\t" \ "pxor %%xmm2, "#r2"\n\t" \ - "pxor %%xmm1, "#r"\n\t" + "pxor %%xmm1, " #r "\n\t" #define GHASH_GFMUL_AVX(r, r2, a, b) \ _GHASH_GFMUL_AVX(r, r2, a, b) @@ -4044,28 +4044,28 @@ while (0) "pxor %%xmm3, %%xmm1\n\t" \ "movdqa %%xmm1, %%xmm2\n\t" \ "pxor %%xmm0, "#r2"\n\t" \ - "pxor %%xmm3, "#r"\n\t" \ + "pxor %%xmm3, " #r "\n\t" \ "pslldq $8, %%xmm2\n\t" \ "psrldq $8, %%xmm1\n\t" \ "pxor %%xmm2, "#r2"\n\t" \ - "pxor %%xmm1, "#r"\n\t" + "pxor %%xmm1, " #r "\n\t" #define GHASH_GFMUL_XOR_AVX(r, r2, a, b) \ _GHASH_GFMUL_XOR_AVX(r, r2, a, b) #define GHASH_MID_AVX(r, r2) \ "movdqa "#r2", %%xmm0\n\t" \ - "movdqa "#r", %%xmm1\n\t" \ + "movdqa " #r ", %%xmm1\n\t" \ "psrld $31, %%xmm0\n\t" \ "psrld $31, %%xmm1\n\t" \ "pslld $1, "#r2"\n\t" \ - "pslld $1, "#r"\n\t" \ + "pslld $1, " #r "\n\t" \ "movdqa %%xmm0, %%xmm2\n\t" \ "pslldq $4, %%xmm0\n\t" \ "psrldq $12, %%xmm2\n\t" \ "pslldq $4, %%xmm1\n\t" \ - "por %%xmm2, "#r"\n\t" \ + "por %%xmm2, " #r "\n\t" \ "por %%xmm0, "#r2"\n\t" \ - "por %%xmm1, "#r"\n\t" + "por %%xmm1, " #r "\n\t" #define _GHASH_GFMUL_RED_AVX(r, a, b) \ "pshufd $0x4e, "#a", %%xmm5\n\t" \ @@ -4080,11 +4080,11 @@ while (0) "pxor %%xmm4, %%xmm5\n\t" \ "pxor %%xmm7, %%xmm5\n\t" \ "movdqa %%xmm5, %%xmm6\n\t" \ - "movdqa %%xmm7, "#r"\n\t" \ + "movdqa %%xmm7, " #r "\n\t" \ "pslldq $8, %%xmm6\n\t" \ "psrldq $8, %%xmm5\n\t" \ "pxor %%xmm6, %%xmm4\n\t" \ - "pxor %%xmm5, "#r"\n\t" \ + "pxor %%xmm5, " #r "\n\t" \ "movdqa %%xmm4, %%xmm8\n\t" \ "movdqa %%xmm4, %%xmm9\n\t" \ "movdqa %%xmm4, %%xmm10\n\t" \ @@ -4107,7 +4107,7 @@ while (0) "pxor %%xmm5, %%xmm10\n\t" \ "pxor %%xmm9, %%xmm10\n\t" \ "pxor %%xmm4, %%xmm10\n\t" \ - "pxor %%xmm10, "#r"\n\t" + "pxor %%xmm10, " #r "\n\t" #define GHASH_GFMUL_RED_AVX(r, a, b) \ _GHASH_GFMUL_RED_AVX(r, a, b) @@ -4134,7 +4134,7 @@ while (0) "pxor %%xmm0, %%xmm2\n\t" \ "pxor %%xmm1, %%xmm2\n\t" \ "pxor "#r2", %%xmm2\n\t" \ - "pxor %%xmm2, "#r"\n\t" + "pxor %%xmm2, " #r "\n\t" #define GHASH_GFMUL_RED_XOR_AVX(r, r2, a, b) \ GHASH_GFMUL_XOR_AVX(r, r2, a, b) \ @@ -4154,65 +4154,65 @@ while (0) "pinsrd $3, %%ecx, %%xmm13\n\t" \ "# H = Encrypt X(=0) and T = Encrypt counter\n\t" \ "movdqu %%xmm13, %%xmm1\n\t" \ - "movdqa 0(%[KEY]), "VAR(HR)"\n\t" \ - "pxor "VAR(HR)", %%xmm1\n\t" \ + "movdqa 0(%[KEY]), " VAR(HR) "\n\t" \ + "pxor " VAR(HR) ", %%xmm1\n\t" \ "movdqa 16(%[KEY]), %%xmm12\n\t" \ - "aesenc %%xmm12, "VAR(HR)"\n\t" \ + "aesenc %%xmm12, " VAR(HR) "\n\t" \ "aesenc %%xmm12, %%xmm1\n\t" \ "movdqa 32(%[KEY]), %%xmm12\n\t" \ - "aesenc %%xmm12, "VAR(HR)"\n\t" \ + "aesenc %%xmm12, " VAR(HR) "\n\t" \ "aesenc %%xmm12, %%xmm1\n\t" \ "movdqa 48(%[KEY]), %%xmm12\n\t" \ - "aesenc %%xmm12, "VAR(HR)"\n\t" \ + "aesenc %%xmm12, " VAR(HR) "\n\t" \ "aesenc %%xmm12, %%xmm1\n\t" \ "movdqa 64(%[KEY]), %%xmm12\n\t" \ - "aesenc %%xmm12, "VAR(HR)"\n\t" \ + "aesenc %%xmm12, " VAR(HR) "\n\t" \ "aesenc %%xmm12, %%xmm1\n\t" \ "movdqa 80(%[KEY]), %%xmm12\n\t" \ - "aesenc %%xmm12, "VAR(HR)"\n\t" \ + "aesenc %%xmm12, " VAR(HR) "\n\t" \ "aesenc %%xmm12, %%xmm1\n\t" \ "movdqa 96(%[KEY]), %%xmm12\n\t" \ - "aesenc %%xmm12, "VAR(HR)"\n\t" \ + "aesenc %%xmm12, " VAR(HR) "\n\t" \ "aesenc %%xmm12, %%xmm1\n\t" \ "movdqa 112(%[KEY]), %%xmm12\n\t" \ - "aesenc %%xmm12, "VAR(HR)"\n\t" \ + "aesenc %%xmm12, " VAR(HR) "\n\t" \ "aesenc %%xmm12, %%xmm1\n\t" \ "movdqa 128(%[KEY]), %%xmm12\n\t" \ - "aesenc %%xmm12, "VAR(HR)"\n\t" \ + "aesenc %%xmm12, " VAR(HR) "\n\t" \ "aesenc %%xmm12, %%xmm1\n\t" \ "movdqa 144(%[KEY]), %%xmm12\n\t" \ - "aesenc %%xmm12, "VAR(HR)"\n\t" \ + "aesenc %%xmm12, " VAR(HR) "\n\t" \ "aesenc %%xmm12, %%xmm1\n\t" \ "cmpl $11, %[nr]\n\t" \ "movdqa 160(%[KEY]), %%xmm12\n\t" \ "jl 31f\n\t" \ - "aesenc %%xmm12, "VAR(HR)"\n\t" \ + "aesenc %%xmm12, " VAR(HR) "\n\t" \ "aesenc %%xmm12, %%xmm1\n\t" \ "movdqa 176(%[KEY]), %%xmm12\n\t" \ - "aesenc %%xmm12, "VAR(HR)"\n\t" \ + "aesenc %%xmm12, " VAR(HR) "\n\t" \ "aesenc %%xmm12, %%xmm1\n\t" \ "cmpl $13, %[nr]\n\t" \ "movdqa 192(%[KEY]), %%xmm12\n\t" \ "jl 31f\n\t" \ - "aesenc %%xmm12, "VAR(HR)"\n\t" \ + "aesenc %%xmm12, " VAR(HR) "\n\t" \ "aesenc %%xmm12, %%xmm1\n\t" \ "movdqu 208(%[KEY]), %%xmm12\n\t" \ - "aesenc %%xmm12, "VAR(HR)"\n\t" \ + "aesenc %%xmm12, " VAR(HR) "\n\t" \ "aesenc %%xmm12, %%xmm1\n\t" \ "movdqu 224(%[KEY]), %%xmm12\n\t" \ "31:\n\t" \ - "aesenclast %%xmm12, "VAR(HR)"\n\t" \ + "aesenclast %%xmm12, " VAR(HR) "\n\t" \ "aesenclast %%xmm12, %%xmm1\n\t" \ - "pshufb %[BSWAP_MASK], "VAR(HR)"\n\t" \ - "movdqu %%xmm1, "VAR(TR)"\n\t" \ + "pshufb %[BSWAP_MASK], " VAR(HR) "\n\t" \ + "movdqu %%xmm1, " VAR(TR) "\n\t" \ "jmp 39f\n\t" #define CALC_IV() \ "# Calculate values when IV is not 12 bytes\n\t" \ "# H = Encrypt X(=0)\n\t" \ - "movdqa 0(%[KEY]), "VAR(HR)"\n\t" \ + "movdqa 0(%[KEY]), " VAR(HR) "\n\t" \ AESENC_AVX(HR) \ - "pshufb %[BSWAP_MASK], "VAR(HR)"\n\t" \ + "pshufb %[BSWAP_MASK], " VAR(HR) "\n\t" \ "# Calc counter\n\t" \ "# Initialization vector\n\t" \ "cmpl $0, %%edx\n\t" \ @@ -4264,7 +4264,7 @@ while (0) "movdqa 0(%[KEY]), %%xmm4\n\t" \ "pxor %%xmm13, %%xmm4\n\t" \ AESENC_AVX(%%xmm4) \ - "movdqu %%xmm4, "VAR(TR)"\n\t" + "movdqu %%xmm4, " VAR(TR) "\n\t" #define CALC_AAD() \ "# Additional authentication data\n\t" \ @@ -4280,7 +4280,7 @@ while (0) "23:\n\t" \ "movdqu (%%rax,%%rcx,1), %%xmm4\n\t" \ "pshufb %[BSWAP_MASK], %%xmm4\n\t" \ - "pxor %%xmm4, "VAR(XR)"\n\t" \ + "pxor %%xmm4, " VAR(XR) "\n\t" \ GHASH_FULL_AVX(XR, %%xmm12, XR, HR) \ "addl $16, %%ecx\n\t" \ "cmpl %%edx, %%ecx\n\t" \ @@ -4304,148 +4304,148 @@ while (0) "movdqu (%%rsp), %%xmm4\n\t" \ "addq $16, %%rsp\n\t" \ "pshufb %[BSWAP_MASK], %%xmm4\n\t" \ - "pxor %%xmm4, "VAR(XR)"\n\t" \ + "pxor %%xmm4, " VAR(XR) "\n\t" \ GHASH_FULL_AVX(XR, %%xmm12, XR, HR) \ "\n" \ "25:\n\t" -#define CALC_HT_8_AVX() \ - "movdqa "VAR(XR)", %%xmm2\n\t" \ - "# H ^ 1\n\t" \ - "movdqu "VAR(HR)", 0("VAR(HTR)")\n\t" \ - "# H ^ 2\n\t" \ - GHASH_GFMUL_RED_AVX(%%xmm0, HR, HR) \ - "movdqu %%xmm0 , 16("VAR(HTR)")\n\t" \ - "# H ^ 3\n\t" \ - GHASH_GFMUL_RED_AVX(%%xmm1, HR, %%xmm0) \ - "movdqu %%xmm1 , 32("VAR(HTR)")\n\t" \ - "# H ^ 4\n\t" \ - GHASH_GFMUL_RED_AVX(%%xmm3, %%xmm0, %%xmm0) \ - "movdqu %%xmm3 , 48("VAR(HTR)")\n\t" \ - "# H ^ 5\n\t" \ - GHASH_GFMUL_RED_AVX(%%xmm12, %%xmm0, %%xmm1) \ - "movdqu %%xmm12, 64("VAR(HTR)")\n\t" \ - "# H ^ 6\n\t" \ - GHASH_GFMUL_RED_AVX(%%xmm12, %%xmm1, %%xmm1) \ - "movdqu %%xmm12, 80("VAR(HTR)")\n\t" \ - "# H ^ 7\n\t" \ - GHASH_GFMUL_RED_AVX(%%xmm12, %%xmm1, %%xmm3) \ - "movdqu %%xmm12, 96("VAR(HTR)")\n\t" \ - "# H ^ 8\n\t" \ - GHASH_GFMUL_RED_AVX(%%xmm12, %%xmm3, %%xmm3) \ - "movdqu %%xmm12, 112("VAR(HTR)")\n\t" +#define CALC_HT_8_AVX() \ + "movdqa " VAR(XR) ", %%xmm2\n\t" \ + "# H ^ 1\n\t" \ + "movdqu " VAR(HR) ", 0(" VAR(HTR) ")\n\t" \ + "# H ^ 2\n\t" \ + GHASH_GFMUL_RED_AVX(%%xmm0, HR, HR) \ + "movdqu %%xmm0 , 16(" VAR(HTR) ")\n\t" \ + "# H ^ 3\n\t" \ + GHASH_GFMUL_RED_AVX(%%xmm1, HR, %%xmm0) \ + "movdqu %%xmm1 , 32(" VAR(HTR) ")\n\t" \ + "# H ^ 4\n\t" \ + GHASH_GFMUL_RED_AVX(%%xmm3, %%xmm0, %%xmm0) \ + "movdqu %%xmm3 , 48(" VAR(HTR) ")\n\t" \ + "# H ^ 5\n\t" \ + GHASH_GFMUL_RED_AVX(%%xmm12, %%xmm0, %%xmm1) \ + "movdqu %%xmm12, 64(" VAR(HTR) ")\n\t" \ + "# H ^ 6\n\t" \ + GHASH_GFMUL_RED_AVX(%%xmm12, %%xmm1, %%xmm1) \ + "movdqu %%xmm12, 80(" VAR(HTR) ")\n\t" \ + "# H ^ 7\n\t" \ + GHASH_GFMUL_RED_AVX(%%xmm12, %%xmm1, %%xmm3) \ + "movdqu %%xmm12, 96(" VAR(HTR) ")\n\t" \ + "# H ^ 8\n\t" \ + GHASH_GFMUL_RED_AVX(%%xmm12, %%xmm3, %%xmm3) \ + "movdqu %%xmm12, 112(" VAR(HTR) ")\n\t" -#define AESENC_128_GHASH_AVX(src, o) \ - "leaq (%[in],"VAR(KR64)",1), %%rcx\n\t" \ - "leaq (%[out],"VAR(KR64)",1), %%rdx\n\t" \ - /* src is either %%rcx or %%rdx */ \ - AESENC_CTR() \ - AESENC_XOR() \ - AESENC_PCLMUL_1(src, 16, o-128, 112) \ - AESENC_PCLMUL_N(src, 32, o-112, 96) \ - AESENC_PCLMUL_N(src, 48, o -96, 80) \ - AESENC_PCLMUL_N(src, 64, o -80, 64) \ - AESENC_PCLMUL_N(src, 80, o -64, 48) \ - AESENC_PCLMUL_N(src, 96, o -48, 32) \ - AESENC_PCLMUL_N(src, 112, o -32, 16) \ - AESENC_PCLMUL_N(src, 128, o -16, 0) \ - AESENC_PCLMUL_L(144) \ - "cmpl $11, %[nr]\n\t" \ - "movdqa 160(%[KEY]), %%xmm12\n\t" \ - "jl 4f\n\t" \ - AESENC() \ - AESENC_SET(176) \ - "cmpl $13, %[nr]\n\t" \ - "movdqa 192(%[KEY]), %%xmm12\n\t" \ - "jl 4f\n\t" \ - AESENC() \ - AESENC_SET(208) \ - "movdqa 224(%[KEY]), %%xmm12\n\t" \ - "\n" \ -"4:\n\t" \ +#define AESENC_128_GHASH_AVX(src, o) \ + "leaq (%[in]," VAR(KR64) ",1), %%rcx\n\t" \ + "leaq (%[out]," VAR(KR64) ",1), %%rdx\n\t" \ + /* src is either %%rcx or %%rdx */ \ + AESENC_CTR() \ + AESENC_XOR() \ + AESENC_PCLMUL_1(src, 16, o-128, 112) \ + AESENC_PCLMUL_N(src, 32, o-112, 96) \ + AESENC_PCLMUL_N(src, 48, o -96, 80) \ + AESENC_PCLMUL_N(src, 64, o -80, 64) \ + AESENC_PCLMUL_N(src, 80, o -64, 48) \ + AESENC_PCLMUL_N(src, 96, o -48, 32) \ + AESENC_PCLMUL_N(src, 112, o -32, 16) \ + AESENC_PCLMUL_N(src, 128, o -16, 0) \ + AESENC_PCLMUL_L(144) \ + "cmpl $11, %[nr]\n\t" \ + "movdqa 160(%[KEY]), %%xmm12\n\t" \ + "jl 4f\n\t" \ + AESENC() \ + AESENC_SET(176) \ + "cmpl $13, %[nr]\n\t" \ + "movdqa 192(%[KEY]), %%xmm12\n\t" \ + "jl 4f\n\t" \ + AESENC() \ + AESENC_SET(208) \ + "movdqa 224(%[KEY]), %%xmm12\n\t" \ + "\n" \ +"4:\n\t" \ AESENC_LAST(%%rcx, %%rdx) -#define AESENC_LAST15_ENC_AVX() \ - "movl %[nbytes], %%ecx\n\t" \ - "movl %%ecx, %%edx\n\t" \ - "andl $0x0f, %%ecx\n\t" \ - "jz 55f\n\t" \ - "movdqu "VAR(CTR1)", %%xmm13\n\t" \ - "pshufb %[BSWAP_EPI64], %%xmm13\n\t" \ - "pxor 0(%[KEY]), %%xmm13\n\t" \ - AESENC_AVX(%%xmm13) \ - "subq $16, %%rsp\n\t" \ - "xorl %%ecx, %%ecx\n\t" \ - "movdqu %%xmm13, (%%rsp)\n\t" \ - "\n" \ - "51:\n\t" \ - "movzbl (%[in],"VAR(KR64)",1), %%r13d\n\t" \ - "xorb (%%rsp,%%rcx,1), %%r13b\n\t" \ - "movb %%r13b, (%[out],"VAR(KR64)",1)\n\t" \ - "movb %%r13b, (%%rsp,%%rcx,1)\n\t" \ - "incl "VAR(KR)"\n\t" \ - "incl %%ecx\n\t" \ - "cmpl %%edx, "VAR(KR)"\n\t" \ - "jl 51b\n\t" \ - "xorq %%r13, %%r13\n\t" \ - "cmpl $16, %%ecx\n\t" \ - "je 53f\n\t" \ - "\n" \ - "52:\n\t" \ - "movb %%r13b, (%%rsp,%%rcx,1)\n\t" \ - "incl %%ecx\n\t" \ - "cmpl $16, %%ecx\n\t" \ - "jl 52b\n\t" \ - "53:\n\t" \ - "movdqu (%%rsp), %%xmm13\n\t" \ - "addq $16, %%rsp\n\t" \ - "pshufb %[BSWAP_MASK], %%xmm13\n\t" \ - "pxor %%xmm13, "VAR(XR)"\n\t" \ - GHASH_GFMUL_RED_AVX(XR, HR, XR) \ +#define AESENC_LAST15_ENC_AVX() \ + "movl %[nbytes], %%ecx\n\t" \ + "movl %%ecx, %%edx\n\t" \ + "andl $0x0f, %%ecx\n\t" \ + "jz 55f\n\t" \ + "movdqu " VAR(CTR1) ", %%xmm13\n\t" \ + "pshufb %[BSWAP_EPI64], %%xmm13\n\t" \ + "pxor 0(%[KEY]), %%xmm13\n\t" \ + AESENC_AVX(%%xmm13) \ + "subq $16, %%rsp\n\t" \ + "xorl %%ecx, %%ecx\n\t" \ + "movdqu %%xmm13, (%%rsp)\n\t" \ + "\n" \ + "51:\n\t" \ + "movzbl (%[in]," VAR(KR64) ",1), %%r13d\n\t" \ + "xorb (%%rsp,%%rcx,1), %%r13b\n\t" \ + "movb %%r13b, (%[out]," VAR(KR64) ",1)\n\t" \ + "movb %%r13b, (%%rsp,%%rcx,1)\n\t" \ + "incl " VAR(KR) "\n\t" \ + "incl %%ecx\n\t" \ + "cmpl %%edx, " VAR(KR) "\n\t" \ + "jl 51b\n\t" \ + "xorq %%r13, %%r13\n\t" \ + "cmpl $16, %%ecx\n\t" \ + "je 53f\n\t" \ + "\n" \ + "52:\n\t" \ + "movb %%r13b, (%%rsp,%%rcx,1)\n\t" \ + "incl %%ecx\n\t" \ + "cmpl $16, %%ecx\n\t" \ + "jl 52b\n\t" \ + "53:\n\t" \ + "movdqu (%%rsp), %%xmm13\n\t" \ + "addq $16, %%rsp\n\t" \ + "pshufb %[BSWAP_MASK], %%xmm13\n\t" \ + "pxor %%xmm13, " VAR(XR) "\n\t" \ + GHASH_GFMUL_RED_AVX(XR, HR, XR) \ -#define AESENC_LAST15_DEC_AVX() \ - "movl %[nbytes], %%ecx\n\t" \ - "movl %%ecx, %%edx\n\t" \ - "andl $0x0f, %%ecx\n\t" \ - "jz 55f\n\t" \ - "movdqu "VAR(CTR1)", %%xmm13\n\t" \ - "pshufb %[BSWAP_EPI64], %%xmm13\n\t" \ - "pxor 0(%[KEY]), %%xmm13\n\t" \ - AESENC_AVX(%%xmm13) \ - "subq $32, %%rsp\n\t" \ - "xorl %%ecx, %%ecx\n\t" \ - "movdqu %%xmm13, (%%rsp)\n\t" \ - "pxor %%xmm0, %%xmm0\n\t" \ - "movdqu %%xmm0, 16(%%rsp)\n\t" \ - "\n" \ - "51:\n\t" \ - "movzbl (%[in],"VAR(KR64)",1), %%r13d\n\t" \ - "movb %%r13b, 16(%%rsp,%%rcx,1)\n\t" \ - "xorb (%%rsp,%%rcx,1), %%r13b\n\t" \ - "movb %%r13b, (%[out],"VAR(KR64)",1)\n\t" \ - "incl "VAR(KR)"\n\t" \ - "incl %%ecx\n\t" \ - "cmpl %%edx, "VAR(KR)"\n\t" \ - "jl 51b\n\t" \ - "53:\n\t" \ - "movdqu 16(%%rsp), %%xmm13\n\t" \ - "addq $32, %%rsp\n\t" \ - "pshufb %[BSWAP_MASK], %%xmm13\n\t" \ - "pxor %%xmm13, "VAR(XR)"\n\t" \ - GHASH_GFMUL_RED_AVX(XR, HR, XR) \ +#define AESENC_LAST15_DEC_AVX() \ + "movl %[nbytes], %%ecx\n\t" \ + "movl %%ecx, %%edx\n\t" \ + "andl $0x0f, %%ecx\n\t" \ + "jz 55f\n\t" \ + "movdqu " VAR(CTR1) ", %%xmm13\n\t" \ + "pshufb %[BSWAP_EPI64], %%xmm13\n\t" \ + "pxor 0(%[KEY]), %%xmm13\n\t" \ + AESENC_AVX(%%xmm13) \ + "subq $32, %%rsp\n\t" \ + "xorl %%ecx, %%ecx\n\t" \ + "movdqu %%xmm13, (%%rsp)\n\t" \ + "pxor %%xmm0, %%xmm0\n\t" \ + "movdqu %%xmm0, 16(%%rsp)\n\t" \ + "\n" \ + "51:\n\t" \ + "movzbl (%[in]," VAR(KR64) ",1), %%r13d\n\t" \ + "movb %%r13b, 16(%%rsp,%%rcx,1)\n\t" \ + "xorb (%%rsp,%%rcx,1), %%r13b\n\t" \ + "movb %%r13b, (%[out]," VAR(KR64) ",1)\n\t" \ + "incl " VAR(KR) "\n\t" \ + "incl %%ecx\n\t" \ + "cmpl %%edx, " VAR(KR) "\n\t" \ + "jl 51b\n\t" \ + "53:\n\t" \ + "movdqu 16(%%rsp), %%xmm13\n\t" \ + "addq $32, %%rsp\n\t" \ + "pshufb %[BSWAP_MASK], %%xmm13\n\t" \ + "pxor %%xmm13, " VAR(XR) "\n\t" \ + GHASH_GFMUL_RED_AVX(XR, HR, XR) \ -#define CALC_TAG() \ - "movl %[nbytes], %%edx\n\t" \ - "movl %[abytes], %%ecx\n\t" \ - "shlq $3, %%rdx\n\t" \ - "shlq $3, %%rcx\n\t" \ - "pinsrq $0, %%rdx, %%xmm0\n\t" \ - "pinsrq $1, %%rcx, %%xmm0\n\t" \ - "pxor %%xmm0, "VAR(XR)"\n\t" \ - GHASH_GFMUL_RED_AVX(XR, HR, XR) \ - "pshufb %[BSWAP_MASK], "VAR(XR)"\n\t" \ - "movdqu "VAR(TR)", %%xmm0\n\t" \ - "pxor "VAR(XR)", %%xmm0\n\t" \ +#define CALC_TAG() \ + "movl %[nbytes], %%edx\n\t" \ + "movl %[abytes], %%ecx\n\t" \ + "shlq $3, %%rdx\n\t" \ + "shlq $3, %%rcx\n\t" \ + "pinsrq $0, %%rdx, %%xmm0\n\t" \ + "pinsrq $1, %%rcx, %%xmm0\n\t" \ + "pxor %%xmm0, " VAR(XR) "\n\t" \ + GHASH_GFMUL_RED_AVX(XR, HR, XR) \ + "pshufb %[BSWAP_MASK], " VAR(XR) "\n\t" \ + "movdqu " VAR(TR) ", %%xmm0\n\t" \ + "pxor " VAR(XR) ", %%xmm0\n\t" \ #define STORE_TAG() \ "cmpl $16, %[tbytes]\n\t" \ @@ -4509,10 +4509,10 @@ static void AES_GCM_encrypt(const unsigned char *in, unsigned char *out, register unsigned int ivLen asm("ebx") = ibytes; __asm__ __volatile__ ( - "subq $"VAR(STACK_OFFSET)", %%rsp\n\t" + "subq $" VAR(STACK_OFFSET) ", %%rsp\n\t" /* Counter is xmm13 */ "pxor %%xmm13, %%xmm13\n\t" - "pxor "VAR(XR)", "VAR(XR)"\n\t" + "pxor " VAR(XR) ", " VAR(XR) "\n\t" "movl %[ibytes], %%edx\n\t" "cmpl $12, %%edx\n\t" "jne 35f\n\t" @@ -4527,20 +4527,20 @@ static void AES_GCM_encrypt(const unsigned char *in, unsigned char *out, "# Calculate counter and H\n\t" "pshufb %[BSWAP_EPI64], %%xmm13\n\t" - "movdqa "VAR(HR)", %%xmm5\n\t" + "movdqa " VAR(HR) ", %%xmm5\n\t" "paddd %[ONE], %%xmm13\n\t" - "movdqa "VAR(HR)", %%xmm4\n\t" - "movdqu %%xmm13, "VAR(CTR1)"\n\t" + "movdqa " VAR(HR) ", %%xmm4\n\t" + "movdqu %%xmm13, " VAR(CTR1) "\n\t" "psrlq $63, %%xmm5\n\t" "psllq $1, %%xmm4\n\t" "pslldq $8, %%xmm5\n\t" "por %%xmm5, %%xmm4\n\t" - "pshufd $0xff, "VAR(HR)", "VAR(HR)"\n\t" - "psrad $31, "VAR(HR)"\n\t" - "pand %[MOD2_128], "VAR(HR)"\n\t" - "pxor %%xmm4, "VAR(HR)"\n\t" + "pshufd $0xff, " VAR(HR) ", " VAR(HR) "\n\t" + "psrad $31, " VAR(HR) "\n\t" + "pand %[MOD2_128], " VAR(HR) "\n\t" + "pxor %%xmm4, " VAR(HR) "\n\t" - "xorl "VAR(KR)", "VAR(KR)"\n\t" + "xorl " VAR(KR) ", " VAR(KR) "\n\t" #if !defined(AES_GCM_AESNI_NO_UNROLL) && !defined(AES_GCM_AVX1_NO_UNROLL) "cmpl $128, %[nbytes]\n\t" @@ -4578,15 +4578,15 @@ static void AES_GCM_encrypt(const unsigned char *in, unsigned char *out, AESENC_LAST(%[in], %[out]) "cmpl $128, %%r13d\n\t" - "movl $128, "VAR(KR)"\n\t" + "movl $128, " VAR(KR) "\n\t" "jle 2f\n\t" "# More 128 bytes of input\n\t" "\n" "3:\n\t" AESENC_128_GHASH_AVX(%%rdx, 0) - "addl $128, "VAR(KR)"\n\t" - "cmpl %%r13d, "VAR(KR)"\n\t" + "addl $128, " VAR(KR) "\n\t" + "cmpl %%r13d, " VAR(KR) "\n\t" "jl 3b\n\t" "\n" "2:\n\t" @@ -4601,51 +4601,51 @@ static void AES_GCM_encrypt(const unsigned char *in, unsigned char *out, "pshufb %%xmm13, %%xmm10\n\t" "pshufb %%xmm13, %%xmm11\n\t" - "movdqu 112("VAR(HTR)"), %%xmm12\n\t" + "movdqu 112(" VAR(HTR) "), %%xmm12\n\t" GHASH_GFMUL_AVX(XR, %%xmm13, %%xmm4, %%xmm12) - "movdqu 96("VAR(HTR)"), %%xmm12\n\t" + "movdqu 96(" VAR(HTR) "), %%xmm12\n\t" GHASH_GFMUL_XOR_AVX(XR, %%xmm13, %%xmm5, %%xmm12) - "movdqu 80("VAR(HTR)"), %%xmm12\n\t" + "movdqu 80(" VAR(HTR) "), %%xmm12\n\t" GHASH_GFMUL_XOR_AVX(XR, %%xmm13, %%xmm6, %%xmm12) - "movdqu 64("VAR(HTR)"), %%xmm12\n\t" + "movdqu 64(" VAR(HTR) "), %%xmm12\n\t" GHASH_GFMUL_XOR_AVX(XR, %%xmm13, %%xmm7, %%xmm12) - "movdqu 48("VAR(HTR)"), %%xmm12\n\t" + "movdqu 48(" VAR(HTR) "), %%xmm12\n\t" GHASH_GFMUL_XOR_AVX(XR, %%xmm13, %%xmm8, %%xmm12) - "movdqu 32("VAR(HTR)"), %%xmm12\n\t" + "movdqu 32(" VAR(HTR) "), %%xmm12\n\t" GHASH_GFMUL_XOR_AVX(XR, %%xmm13, %%xmm9, %%xmm12) - "movdqu 16("VAR(HTR)"), %%xmm12\n\t" + "movdqu 16(" VAR(HTR) "), %%xmm12\n\t" GHASH_GFMUL_XOR_AVX(XR, %%xmm13, %%xmm10, %%xmm12) - "movdqu ("VAR(HTR)"), %%xmm12\n\t" + "movdqu (" VAR(HTR) "), %%xmm12\n\t" GHASH_GFMUL_RED_XOR_AVX(XR, %%xmm13, %%xmm11, %%xmm12) - "movdqu 0("VAR(HTR)"), "VAR(HR)"\n\t" + "movdqu 0(" VAR(HTR) "), " VAR(HR) "\n\t" "\n" "5:\n\t" "movl %[nbytes], %%edx\n\t" - "cmpl %%edx, "VAR(KR)"\n\t" + "cmpl %%edx, " VAR(KR) "\n\t" "jge 55f\n\t" #endif "movl %[nbytes], %%r13d\n\t" "andl $0xfffffff0, %%r13d\n\t" - "cmpl %%r13d, "VAR(KR)"\n\t" + "cmpl %%r13d, " VAR(KR) "\n\t" "jge 14f\n\t" - "leaq (%[in],"VAR(KR64)",1), %%rcx\n\t" - "leaq (%[out],"VAR(KR64)",1), %%rdx\n\t" + "leaq (%[in]," VAR(KR64) ",1), %%rcx\n\t" + "leaq (%[out]," VAR(KR64) ",1), %%rdx\n\t" AESENC_BLOCK(%%rcx, %%rdx) - "addl $16, "VAR(KR)"\n\t" - "cmpl %%r13d, "VAR(KR)"\n\t" + "addl $16, " VAR(KR) "\n\t" + "cmpl %%r13d, " VAR(KR) "\n\t" "jge 13f\n\t" "\n" "12:\n\t" - "leaq (%[in],"VAR(KR64)",1), %%rcx\n\t" - "leaq (%[out],"VAR(KR64)",1), %%rdx\n\t" + "leaq (%[in]," VAR(KR64) ",1), %%rcx\n\t" + "leaq (%[out]," VAR(KR64) ",1), %%rdx\n\t" AESENC_GFMUL(%%rcx, %%rdx, HR, XR) "pshufb %[BSWAP_MASK], %%xmm4\n\t" - "pxor %%xmm4, "VAR(XR)"\n\t" - "addl $16, "VAR(KR)"\n\t" - "cmpl %%r13d, "VAR(KR)"\n\t" + "pxor %%xmm4, " VAR(XR) "\n\t" + "addl $16, " VAR(KR) "\n\t" + "cmpl %%r13d, " VAR(KR) "\n\t" "jl 12b\n\t" "\n" "13:\n\t" @@ -4659,7 +4659,7 @@ static void AES_GCM_encrypt(const unsigned char *in, unsigned char *out, CALC_TAG() STORE_TAG() - "addq $"VAR(STACK_OFFSET)", %%rsp\n\t" + "addq $" VAR(STACK_OFFSET) ", %%rsp\n\t" : : [KEY] "r" (key), @@ -4700,7 +4700,7 @@ static void AES_GCM_encrypt(const unsigned char *in, unsigned char *out, VAESENC() #define VAESENC_CTR() \ - "vmovdqu "VAR(CTR1)", %%xmm0\n\t" \ + "vmovdqu " VAR(CTR1) ", %%xmm0\n\t" \ "vmovdqa %[BSWAP_EPI64], %%xmm1\n\t" \ "vpshufb %%xmm1, %%xmm0, %%xmm4\n\t" \ "vpaddd %[ONE], %%xmm0, %%xmm5\n\t" \ @@ -4721,7 +4721,7 @@ static void AES_GCM_encrypt(const unsigned char *in, unsigned char *out, #define VAESENC_XOR() \ "vmovdqa (%[KEY]), %%xmm12\n\t" \ - "vmovdqu %%xmm0, "VAR(CTR1)"\n\t" \ + "vmovdqu %%xmm0, " VAR(CTR1) "\n\t" \ "vpxor %%xmm12, %%xmm4, %%xmm4\n\t" \ "vpxor %%xmm12, %%xmm5, %%xmm5\n\t" \ "vpxor %%xmm12, %%xmm6, %%xmm6\n\t" \ @@ -4759,53 +4759,53 @@ static void AES_GCM_encrypt(const unsigned char *in, unsigned char *out, VAESENC_LAST(%[in], %[out]) /* Encrypt and carry-less multiply for AVX1. */ -#define VAESENC_PCLMUL_1(src, o1, o2, o3) \ - "vmovdqu "#o3"("VAR(HTR)"), %%xmm12\n\t" \ - "vmovdqu "#o2"("#src"), %%xmm0\n\t" \ - "vaesenc "#o1"(%[KEY]), %%xmm4, %%xmm4\n\t" \ - "vpshufb %[BSWAP_MASK], %%xmm0, %%xmm0\n\t" \ - "vpxor %%xmm2, %%xmm0, %%xmm0\n\t" \ - "vpshufd $0x4e, %%xmm12, %%xmm1\n\t" \ - "vpshufd $0x4e, %%xmm0, %%xmm14\n\t" \ - "vpxor %%xmm12, %%xmm1, %%xmm1\n\t" \ - "vpxor %%xmm0, %%xmm14, %%xmm14\n\t" \ - "vpclmulqdq $0x11, %%xmm12, %%xmm0, %%xmm3\n\t" \ - "vaesenc "#o1"(%[KEY]), %%xmm5, %%xmm5\n\t" \ - "vaesenc "#o1"(%[KEY]), %%xmm6, %%xmm6\n\t" \ - "vpclmulqdq $0x00, %%xmm12, %%xmm0, %%xmm2\n\t" \ - "vaesenc "#o1"(%[KEY]), %%xmm7, %%xmm7\n\t" \ - "vaesenc "#o1"(%[KEY]), %%xmm8, %%xmm8\n\t" \ - "vpclmulqdq $0x00, %%xmm14, %%xmm1, %%xmm1\n\t" \ - "vaesenc "#o1"(%[KEY]), %%xmm9, %%xmm9\n\t" \ - "vaesenc "#o1"(%[KEY]), %%xmm10, %%xmm10\n\t" \ - "vaesenc "#o1"(%[KEY]), %%xmm11, %%xmm11\n\t" \ - "vpxor %%xmm2, %%xmm1, %%xmm1\n\t" \ - "vpxor %%xmm3, %%xmm1, %%xmm1\n\t" \ +#define VAESENC_PCLMUL_1(src, o1, o2, o3) \ + "vmovdqu " #o3 "(" VAR(HTR) "), %%xmm12\n\t" \ + "vmovdqu " #o2 "(" #src "), %%xmm0\n\t" \ + "vaesenc " #o1 "(%[KEY]), %%xmm4, %%xmm4\n\t" \ + "vpshufb %[BSWAP_MASK], %%xmm0, %%xmm0\n\t" \ + "vpxor %%xmm2, %%xmm0, %%xmm0\n\t" \ + "vpshufd $0x4e, %%xmm12, %%xmm1\n\t" \ + "vpshufd $0x4e, %%xmm0, %%xmm14\n\t" \ + "vpxor %%xmm12, %%xmm1, %%xmm1\n\t" \ + "vpxor %%xmm0, %%xmm14, %%xmm14\n\t" \ + "vpclmulqdq $0x11, %%xmm12, %%xmm0, %%xmm3\n\t" \ + "vaesenc " #o1 "(%[KEY]), %%xmm5, %%xmm5\n\t" \ + "vaesenc " #o1 "(%[KEY]), %%xmm6, %%xmm6\n\t" \ + "vpclmulqdq $0x00, %%xmm12, %%xmm0, %%xmm2\n\t" \ + "vaesenc " #o1 "(%[KEY]), %%xmm7, %%xmm7\n\t" \ + "vaesenc " #o1 "(%[KEY]), %%xmm8, %%xmm8\n\t" \ + "vpclmulqdq $0x00, %%xmm14, %%xmm1, %%xmm1\n\t" \ + "vaesenc " #o1 "(%[KEY]), %%xmm9, %%xmm9\n\t" \ + "vaesenc " #o1 "(%[KEY]), %%xmm10, %%xmm10\n\t" \ + "vaesenc " #o1 "(%[KEY]), %%xmm11, %%xmm11\n\t" \ + "vpxor %%xmm2, %%xmm1, %%xmm1\n\t" \ + "vpxor %%xmm3, %%xmm1, %%xmm1\n\t" \ -#define VAESENC_PCLMUL_N(src, o1, o2, o3) \ - "vmovdqu "#o3"("VAR(HTR)"), %%xmm12\n\t" \ - "vmovdqu "#o2"("#src"), %%xmm0\n\t" \ - "vpshufd $0x4e, %%xmm12, %%xmm13\n\t" \ - "vpshufb %[BSWAP_MASK], %%xmm0, %%xmm0\n\t" \ - "vaesenc "#o1"(%[KEY]), %%xmm4, %%xmm4\n\t" \ - "vpxor %%xmm12, %%xmm13, %%xmm13\n\t" \ - "vpshufd $0x4e, %%xmm0, %%xmm14\n\t" \ - "vpxor %%xmm0, %%xmm14, %%xmm14\n\t" \ - "vpclmulqdq $0x11, %%xmm12, %%xmm0, %%xmm15\n\t" \ - "vaesenc "#o1"(%[KEY]), %%xmm5, %%xmm5\n\t" \ - "vaesenc "#o1"(%[KEY]), %%xmm6, %%xmm6\n\t" \ - "vpclmulqdq $0x00, %%xmm12, %%xmm0, %%xmm12\n\t" \ - "vaesenc "#o1"(%[KEY]), %%xmm7, %%xmm7\n\t" \ - "vaesenc "#o1"(%[KEY]), %%xmm8, %%xmm8\n\t" \ - "vpclmulqdq $0x00, %%xmm14, %%xmm13, %%xmm13\n\t" \ - "vaesenc "#o1"(%[KEY]), %%xmm9, %%xmm9\n\t" \ - "vaesenc "#o1"(%[KEY]), %%xmm10, %%xmm10\n\t" \ - "vaesenc "#o1"(%[KEY]), %%xmm11, %%xmm11\n\t" \ - "vpxor %%xmm12, %%xmm1, %%xmm1\n\t" \ - "vpxor %%xmm12, %%xmm2, %%xmm2\n\t" \ - "vpxor %%xmm15, %%xmm1, %%xmm1\n\t" \ - "vpxor %%xmm15, %%xmm3, %%xmm3\n\t" \ - "vpxor %%xmm13, %%xmm1, %%xmm1\n\t" \ +#define VAESENC_PCLMUL_N(src, o1, o2, o3) \ + "vmovdqu " #o3 "(" VAR(HTR) "), %%xmm12\n\t" \ + "vmovdqu " #o2 "(" #src "), %%xmm0\n\t" \ + "vpshufd $0x4e, %%xmm12, %%xmm13\n\t" \ + "vpshufb %[BSWAP_MASK], %%xmm0, %%xmm0\n\t" \ + "vaesenc " #o1 "(%[KEY]), %%xmm4, %%xmm4\n\t" \ + "vpxor %%xmm12, %%xmm13, %%xmm13\n\t" \ + "vpshufd $0x4e, %%xmm0, %%xmm14\n\t" \ + "vpxor %%xmm0, %%xmm14, %%xmm14\n\t" \ + "vpclmulqdq $0x11, %%xmm12, %%xmm0, %%xmm15\n\t" \ + "vaesenc " #o1 "(%[KEY]), %%xmm5, %%xmm5\n\t" \ + "vaesenc " #o1 "(%[KEY]), %%xmm6, %%xmm6\n\t" \ + "vpclmulqdq $0x00, %%xmm12, %%xmm0, %%xmm12\n\t" \ + "vaesenc " #o1 "(%[KEY]), %%xmm7, %%xmm7\n\t" \ + "vaesenc " #o1 "(%[KEY]), %%xmm8, %%xmm8\n\t" \ + "vpclmulqdq $0x00, %%xmm14, %%xmm13, %%xmm13\n\t" \ + "vaesenc " #o1 "(%[KEY]), %%xmm9, %%xmm9\n\t" \ + "vaesenc " #o1 "(%[KEY]), %%xmm10, %%xmm10\n\t" \ + "vaesenc " #o1 "(%[KEY]), %%xmm11, %%xmm11\n\t" \ + "vpxor %%xmm12, %%xmm1, %%xmm1\n\t" \ + "vpxor %%xmm12, %%xmm2, %%xmm2\n\t" \ + "vpxor %%xmm15, %%xmm1, %%xmm1\n\t" \ + "vpxor %%xmm15, %%xmm3, %%xmm3\n\t" \ + "vpxor %%xmm13, %%xmm1, %%xmm1\n\t" \ #define VAESENC_PCLMUL_L(o) \ "vpslldq $8, %%xmm1, %%xmm14\n\t" \ @@ -4842,120 +4842,120 @@ static void AES_GCM_encrypt(const unsigned char *in, unsigned char *out, #define VAESENC_LAST(in, out) \ "vaesenclast %%xmm12, %%xmm4, %%xmm4\n\t" \ "vaesenclast %%xmm12, %%xmm5, %%xmm5\n\t" \ - "vmovdqu ("#in"), %%xmm0\n\t" \ - "vmovdqu 16("#in"), %%xmm1\n\t" \ + "vmovdqu (" #in "), %%xmm0\n\t" \ + "vmovdqu 16(" #in "), %%xmm1\n\t" \ "vpxor %%xmm0, %%xmm4, %%xmm4\n\t" \ "vpxor %%xmm1, %%xmm5, %%xmm5\n\t" \ - "vmovdqu %%xmm4, ("#out")\n\t" \ - "vmovdqu %%xmm5, 16("#out")\n\t" \ + "vmovdqu %%xmm4, (" #out ")\n\t" \ + "vmovdqu %%xmm5, 16(" #out ")\n\t" \ "vaesenclast %%xmm12, %%xmm6, %%xmm6\n\t" \ "vaesenclast %%xmm12, %%xmm7, %%xmm7\n\t" \ - "vmovdqu 32("#in"), %%xmm0\n\t" \ - "vmovdqu 48("#in"), %%xmm1\n\t" \ + "vmovdqu 32(" #in "), %%xmm0\n\t" \ + "vmovdqu 48(" #in "), %%xmm1\n\t" \ "vpxor %%xmm0, %%xmm6, %%xmm6\n\t" \ "vpxor %%xmm1, %%xmm7, %%xmm7\n\t" \ - "vmovdqu %%xmm6, 32("#out")\n\t" \ - "vmovdqu %%xmm7, 48("#out")\n\t" \ + "vmovdqu %%xmm6, 32(" #out ")\n\t" \ + "vmovdqu %%xmm7, 48(" #out ")\n\t" \ "vaesenclast %%xmm12, %%xmm8, %%xmm8\n\t" \ "vaesenclast %%xmm12, %%xmm9, %%xmm9\n\t" \ - "vmovdqu 64("#in"), %%xmm0\n\t" \ - "vmovdqu 80("#in"), %%xmm1\n\t" \ + "vmovdqu 64(" #in "), %%xmm0\n\t" \ + "vmovdqu 80(" #in "), %%xmm1\n\t" \ "vpxor %%xmm0, %%xmm8, %%xmm8\n\t" \ "vpxor %%xmm1, %%xmm9, %%xmm9\n\t" \ - "vmovdqu %%xmm8, 64("#out")\n\t" \ - "vmovdqu %%xmm9, 80("#out")\n\t" \ + "vmovdqu %%xmm8, 64(" #out ")\n\t" \ + "vmovdqu %%xmm9, 80(" #out ")\n\t" \ "vaesenclast %%xmm12, %%xmm10, %%xmm10\n\t" \ "vaesenclast %%xmm12, %%xmm11, %%xmm11\n\t" \ - "vmovdqu 96("#in"), %%xmm0\n\t" \ - "vmovdqu 112("#in"), %%xmm1\n\t" \ + "vmovdqu 96(" #in "), %%xmm0\n\t" \ + "vmovdqu 112(" #in "), %%xmm1\n\t" \ "vpxor %%xmm0, %%xmm10, %%xmm10\n\t" \ "vpxor %%xmm1, %%xmm11, %%xmm11\n\t" \ - "vmovdqu %%xmm10, 96("#out")\n\t" \ - "vmovdqu %%xmm11, 112("#out")\n\t" + "vmovdqu %%xmm10, 96(" #out ")\n\t" \ + "vmovdqu %%xmm11, 112(" #out ")\n\t" -#define VAESENC_BLOCK() \ - "vmovdqu "VAR(CTR1)", %%xmm5\n\t" \ - "vpshufb %[BSWAP_EPI64], %%xmm5, %%xmm4\n\t" \ - "vpaddd %[ONE], %%xmm5, %%xmm5\n\t" \ - "vmovdqu %%xmm5, "VAR(CTR1)"\n\t" \ - "vpxor (%[KEY]), %%xmm4, %%xmm4\n\t" \ - "vaesenc 16(%[KEY]), %%xmm4, %%xmm4\n\t" \ - "vaesenc 32(%[KEY]), %%xmm4, %%xmm4\n\t" \ - "vaesenc 48(%[KEY]), %%xmm4, %%xmm4\n\t" \ - "vaesenc 64(%[KEY]), %%xmm4, %%xmm4\n\t" \ - "vaesenc 80(%[KEY]), %%xmm4, %%xmm4\n\t" \ - "vaesenc 96(%[KEY]), %%xmm4, %%xmm4\n\t" \ - "vaesenc 112(%[KEY]), %%xmm4, %%xmm4\n\t" \ - "vaesenc 128(%[KEY]), %%xmm4, %%xmm4\n\t" \ - "vaesenc 144(%[KEY]), %%xmm4, %%xmm4\n\t" \ - "cmpl $11, %[nr]\n\t" \ - "vmovdqa 160(%[KEY]), %%xmm5\n\t" \ - "jl %=f\n\t" \ - "vaesenc %%xmm5, %%xmm4, %%xmm4\n\t" \ - "vaesenc 176(%[KEY]), %%xmm4, %%xmm4\n\t" \ - "cmpl $13, %[nr]\n\t" \ - "vmovdqa 192(%[KEY]), %%xmm5\n\t" \ - "jl %=f\n\t" \ - "vaesenc %%xmm5, %%xmm4, %%xmm4\n\t" \ - "vaesenc 208(%[KEY]), %%xmm4, %%xmm4\n\t" \ - "vmovdqa 224(%[KEY]), %%xmm5\n\t" \ - "%=:\n\t" \ - "vaesenclast %%xmm5, %%xmm4, %%xmm4\n\t" \ - "vmovdqu (%[in],"VAR(KR64)",1), %%xmm5\n\t" \ - "vpxor %%xmm5, %%xmm4, %%xmm4\n\t" \ - "vmovdqu %%xmm4, (%[out],"VAR(KR64)",1)\n\t" \ - "vpshufb %[BSWAP_MASK], %%xmm4, %%xmm4\n\t" \ - "vpxor %%xmm4, "VAR(XR)", "VAR(XR)"\n\t" +#define VAESENC_BLOCK() \ + "vmovdqu " VAR(CTR1) ", %%xmm5\n\t" \ + "vpshufb %[BSWAP_EPI64], %%xmm5, %%xmm4\n\t" \ + "vpaddd %[ONE], %%xmm5, %%xmm5\n\t" \ + "vmovdqu %%xmm5, " VAR(CTR1) "\n\t" \ + "vpxor (%[KEY]), %%xmm4, %%xmm4\n\t" \ + "vaesenc 16(%[KEY]), %%xmm4, %%xmm4\n\t" \ + "vaesenc 32(%[KEY]), %%xmm4, %%xmm4\n\t" \ + "vaesenc 48(%[KEY]), %%xmm4, %%xmm4\n\t" \ + "vaesenc 64(%[KEY]), %%xmm4, %%xmm4\n\t" \ + "vaesenc 80(%[KEY]), %%xmm4, %%xmm4\n\t" \ + "vaesenc 96(%[KEY]), %%xmm4, %%xmm4\n\t" \ + "vaesenc 112(%[KEY]), %%xmm4, %%xmm4\n\t" \ + "vaesenc 128(%[KEY]), %%xmm4, %%xmm4\n\t" \ + "vaesenc 144(%[KEY]), %%xmm4, %%xmm4\n\t" \ + "cmpl $11, %[nr]\n\t" \ + "vmovdqa 160(%[KEY]), %%xmm5\n\t" \ + "jl %=f\n\t" \ + "vaesenc %%xmm5, %%xmm4, %%xmm4\n\t" \ + "vaesenc 176(%[KEY]), %%xmm4, %%xmm4\n\t" \ + "cmpl $13, %[nr]\n\t" \ + "vmovdqa 192(%[KEY]), %%xmm5\n\t" \ + "jl %=f\n\t" \ + "vaesenc %%xmm5, %%xmm4, %%xmm4\n\t" \ + "vaesenc 208(%[KEY]), %%xmm4, %%xmm4\n\t" \ + "vmovdqa 224(%[KEY]), %%xmm5\n\t" \ + "%=:\n\t" \ + "vaesenclast %%xmm5, %%xmm4, %%xmm4\n\t" \ + "vmovdqu (%[in]," VAR(KR64) ",1), %%xmm5\n\t" \ + "vpxor %%xmm5, %%xmm4, %%xmm4\n\t" \ + "vmovdqu %%xmm4, (%[out]," VAR(KR64) ",1)\n\t" \ + "vpshufb %[BSWAP_MASK], %%xmm4, %%xmm4\n\t" \ + "vpxor %%xmm4, " VAR(XR) ", " VAR(XR) "\n\t" -#define _VAESENC_GFMUL(in, H, X) \ - "vmovdqu "VAR(CTR1)", %%xmm5\n\t" \ - "vpshufb %[BSWAP_EPI64], %%xmm5, %%xmm4\n\t" \ - "vpaddd %[ONE], %%xmm5, %%xmm5\n\t" \ - "vmovdqu %%xmm5, "VAR(CTR1)"\n\t" \ - "vpxor (%[KEY]), %%xmm4, %%xmm4\n\t" \ - "vpclmulqdq $0x10, "#H", "#X", %%xmm6\n\t" \ - "vaesenc 16(%[KEY]), %%xmm4, %%xmm4\n\t" \ - "vaesenc 32(%[KEY]), %%xmm4, %%xmm4\n\t" \ - "vpclmulqdq $0x01, "#H", "#X", %%xmm7\n\t" \ - "vaesenc 48(%[KEY]), %%xmm4, %%xmm4\n\t" \ - "vaesenc 64(%[KEY]), %%xmm4, %%xmm4\n\t" \ - "vpclmulqdq $0x00, "#H", "#X", %%xmm8\n\t" \ - "vaesenc 80(%[KEY]), %%xmm4, %%xmm4\n\t" \ - "vpclmulqdq $0x11, "#H", "#X", %%xmm1\n\t" \ - "vaesenc 96(%[KEY]), %%xmm4, %%xmm4\n\t" \ - "vpxor %%xmm7, %%xmm6, %%xmm6\n\t" \ - "vpslldq $8, %%xmm6, %%xmm2\n\t" \ - "vpsrldq $8, %%xmm6, %%xmm6\n\t" \ - "vaesenc 112(%[KEY]), %%xmm4, %%xmm4\n\t" \ - "vpxor %%xmm8, %%xmm2, %%xmm2\n\t" \ - "vpxor %%xmm6, %%xmm1, %%xmm3\n\t" \ - "vmovdqa %[MOD2_128], %%xmm0\n\t" \ - "vpclmulqdq $0x10, %%xmm0, %%xmm2, %%xmm7\n\t" \ - "vaesenc 128(%[KEY]), %%xmm4, %%xmm4\n\t" \ - "vpshufd $0x4e, %%xmm2, %%xmm6\n\t" \ - "vpxor %%xmm7, %%xmm6, %%xmm6\n\t" \ - "vpclmulqdq $0x10, %%xmm0, %%xmm6, %%xmm7\n\t" \ - "vaesenc 144(%[KEY]), %%xmm4, %%xmm4\n\t" \ - "vpshufd $0x4e, %%xmm6, %%xmm6\n\t" \ - "vpxor %%xmm7, %%xmm6, %%xmm6\n\t" \ - "vpxor %%xmm3, %%xmm6, "VAR(XR)"\n\t" \ - "cmpl $11, %[nr]\n\t" \ - "vmovdqa 160(%[KEY]), %%xmm5\n\t" \ - "jl 1f\n\t" \ - "vaesenc %%xmm5, %%xmm4, %%xmm4\n\t" \ - "vaesenc 176(%[KEY]), %%xmm4, %%xmm4\n\t" \ - "cmpl $13, %[nr]\n\t" \ - "vmovdqa 192(%[KEY]), %%xmm5\n\t" \ - "jl 1f\n\t" \ - "vaesenc %%xmm5, %%xmm4, %%xmm4\n\t" \ - "vaesenc 208(%[KEY]), %%xmm4, %%xmm4\n\t" \ - "vmovdqa 224(%[KEY]), %%xmm5\n\t" \ - "1:\n\t" \ - "vaesenclast %%xmm5, %%xmm4, %%xmm4\n\t" \ - "vmovdqu "#in", %%xmm0\n\t" \ - "vpxor %%xmm0, %%xmm4, %%xmm4\n\t" \ - "vmovdqu %%xmm4, (%[out],"VAR(KR64)",1)\n\t" -#define VAESENC_GFMUL(in, H, X) \ +#define _VAESENC_GFMUL(in, H, X) \ + "vmovdqu " VAR(CTR1) ", %%xmm5\n\t" \ + "vpshufb %[BSWAP_EPI64], %%xmm5, %%xmm4\n\t" \ + "vpaddd %[ONE], %%xmm5, %%xmm5\n\t" \ + "vmovdqu %%xmm5, " VAR(CTR1) "\n\t" \ + "vpxor (%[KEY]), %%xmm4, %%xmm4\n\t" \ + "vpclmulqdq $0x10, " #H ", " #X ", %%xmm6\n\t" \ + "vaesenc 16(%[KEY]), %%xmm4, %%xmm4\n\t" \ + "vaesenc 32(%[KEY]), %%xmm4, %%xmm4\n\t" \ + "vpclmulqdq $0x01, " #H ", " #X ", %%xmm7\n\t" \ + "vaesenc 48(%[KEY]), %%xmm4, %%xmm4\n\t" \ + "vaesenc 64(%[KEY]), %%xmm4, %%xmm4\n\t" \ + "vpclmulqdq $0x00, " #H ", " #X ", %%xmm8\n\t" \ + "vaesenc 80(%[KEY]), %%xmm4, %%xmm4\n\t" \ + "vpclmulqdq $0x11, " #H ", " #X ", %%xmm1\n\t" \ + "vaesenc 96(%[KEY]), %%xmm4, %%xmm4\n\t" \ + "vpxor %%xmm7, %%xmm6, %%xmm6\n\t" \ + "vpslldq $8, %%xmm6, %%xmm2\n\t" \ + "vpsrldq $8, %%xmm6, %%xmm6\n\t" \ + "vaesenc 112(%[KEY]), %%xmm4, %%xmm4\n\t" \ + "vpxor %%xmm8, %%xmm2, %%xmm2\n\t" \ + "vpxor %%xmm6, %%xmm1, %%xmm3\n\t" \ + "vmovdqa %[MOD2_128], %%xmm0\n\t" \ + "vpclmulqdq $0x10, %%xmm0, %%xmm2, %%xmm7\n\t" \ + "vaesenc 128(%[KEY]), %%xmm4, %%xmm4\n\t" \ + "vpshufd $0x4e, %%xmm2, %%xmm6\n\t" \ + "vpxor %%xmm7, %%xmm6, %%xmm6\n\t" \ + "vpclmulqdq $0x10, %%xmm0, %%xmm6, %%xmm7\n\t" \ + "vaesenc 144(%[KEY]), %%xmm4, %%xmm4\n\t" \ + "vpshufd $0x4e, %%xmm6, %%xmm6\n\t" \ + "vpxor %%xmm7, %%xmm6, %%xmm6\n\t" \ + "vpxor %%xmm3, %%xmm6, " VAR(XR) "\n\t" \ + "cmpl $11, %[nr]\n\t" \ + "vmovdqa 160(%[KEY]), %%xmm5\n\t" \ + "jl 1f\n\t" \ + "vaesenc %%xmm5, %%xmm4, %%xmm4\n\t" \ + "vaesenc 176(%[KEY]), %%xmm4, %%xmm4\n\t" \ + "cmpl $13, %[nr]\n\t" \ + "vmovdqa 192(%[KEY]), %%xmm5\n\t" \ + "jl 1f\n\t" \ + "vaesenc %%xmm5, %%xmm4, %%xmm4\n\t" \ + "vaesenc 208(%[KEY]), %%xmm4, %%xmm4\n\t" \ + "vmovdqa 224(%[KEY]), %%xmm5\n\t" \ + "1:\n\t" \ + "vaesenclast %%xmm5, %%xmm4, %%xmm4\n\t" \ + "vmovdqu " #in ", %%xmm0\n\t" \ + "vpxor %%xmm0, %%xmm4, %%xmm4\n\t" \ + "vmovdqu %%xmm4, (%[out]," VAR(KR64) ",1)\n\t" +#define VAESENC_GFMUL(in, H, X) \ _VAESENC_GFMUL(in, H, X) @@ -4970,11 +4970,11 @@ static void AES_GCM_encrypt(const unsigned char *in, unsigned char *out, "vpxor %%xmm0, %%xmm1, %%xmm1\n\t" \ "vpxor %%xmm3, %%xmm1, %%xmm1\n\t" \ "vmovdqa %%xmm0, "#r2"\n\t" \ - "vmovdqa %%xmm3, "#r"\n\t" \ + "vmovdqa %%xmm3, " #r "\n\t" \ "vpslldq $8, %%xmm1, %%xmm2\n\t" \ "vpsrldq $8, %%xmm1, %%xmm1\n\t" \ "vpxor %%xmm2, "#r2", "#r2"\n\t" \ - "vpxor %%xmm1, "#r", "#r"\n\t" + "vpxor %%xmm1, " #r ", " #r "\n\t" #define GHASH_GFMUL_AVX1(r, r2, a, b) \ _GHASH_GFMUL_AVX1(r, r2, a, b) @@ -4989,25 +4989,25 @@ static void AES_GCM_encrypt(const unsigned char *in, unsigned char *out, "vpxor %%xmm0, %%xmm1, %%xmm1\n\t" \ "vpxor %%xmm3, %%xmm1, %%xmm1\n\t" \ "vpxor %%xmm0, "#r2", "#r2"\n\t" \ - "vpxor %%xmm3, "#r", "#r"\n\t" \ + "vpxor %%xmm3, " #r ", " #r "\n\t" \ "vpslldq $8, %%xmm1, %%xmm2\n\t" \ "vpsrldq $8, %%xmm1, %%xmm1\n\t" \ "vpxor %%xmm2, "#r2", "#r2"\n\t" \ - "vpxor %%xmm1, "#r", "#r"\n\t" + "vpxor %%xmm1, " #r ", " #r "\n\t" #define GHASH_GFMUL_XOR_AVX1(r, r2, a, b) \ _GHASH_GFMUL_XOR_AVX1(r, r2, a, b) -#define GHASH_MID_AVX1(r, r2) \ - "vpsrld $31, "#r2", %%xmm0\n\t" \ - "vpsrld $31, "#r", %%xmm1\n\t" \ - "vpslld $1, "#r2", "#r2"\n\t" \ - "vpslld $1, "#r", "#r"\n\t" \ - "vpsrldq $12, %%xmm0, %%xmm2\n\t" \ - "vpslldq $4, %%xmm0, %%xmm0\n\t" \ - "vpslldq $4, %%xmm1, %%xmm1\n\t" \ - "vpor %%xmm2, "#r", "#r"\n\t" \ - "vpor %%xmm0, "#r2", "#r2"\n\t" \ - "vpor %%xmm1, "#r", "#r"\n\t" +#define GHASH_MID_AVX1(r, r2) \ + "vpsrld $31, "#r2", %%xmm0\n\t" \ + "vpsrld $31, " #r ", %%xmm1\n\t" \ + "vpslld $1, "#r2", "#r2"\n\t" \ + "vpslld $1, " #r ", " #r "\n\t" \ + "vpsrldq $12, %%xmm0, %%xmm2\n\t" \ + "vpslldq $4, %%xmm0, %%xmm0\n\t" \ + "vpslldq $4, %%xmm1, %%xmm1\n\t" \ + "vpor %%xmm2, " #r ", " #r "\n\t" \ + "vpor %%xmm0, "#r2", "#r2"\n\t" \ + "vpor %%xmm1, " #r ", " #r "\n\t" #define _GHASH_GFMUL_RED_AVX1(r, a, b) \ "vpshufd $0x4e, "#a", %%xmm5\n\t" \ @@ -5022,7 +5022,7 @@ static void AES_GCM_encrypt(const unsigned char *in, unsigned char *out, "vpslldq $8, %%xmm5, %%xmm6\n\t" \ "vpsrldq $8, %%xmm5, %%xmm5\n\t" \ "vpxor %%xmm6, %%xmm4, %%xmm4\n\t" \ - "vpxor %%xmm5, %%xmm7, "#r"\n\t" \ + "vpxor %%xmm5, %%xmm7, " #r "\n\t" \ "vpslld $31, %%xmm4, %%xmm8\n\t" \ "vpslld $30, %%xmm4, %%xmm9\n\t" \ "vpslld $25, %%xmm4, %%xmm10\n\t" \ @@ -5038,13 +5038,13 @@ static void AES_GCM_encrypt(const unsigned char *in, unsigned char *out, "vpxor %%xmm5, %%xmm10, %%xmm10\n\t" \ "vpxor %%xmm9, %%xmm10, %%xmm10\n\t" \ "vpxor %%xmm4, %%xmm10, %%xmm10\n\t" \ - "vpxor %%xmm10, "#r", "#r"\n\t" + "vpxor %%xmm10, " #r ", " #r "\n\t" #define GHASH_GFMUL_RED_AVX1(r, a, b) \ _GHASH_GFMUL_RED_AVX1(r, a, b) #define _GHASH_GFSQR_RED_AVX1(r, a) \ "vpclmulqdq $0x00, "#a", "#a", %%xmm4\n\t" \ - "vpclmulqdq $0x11, "#a", "#a", "#r"\n\t" \ + "vpclmulqdq $0x11, "#a", "#a", " #r "\n\t" \ "vpslld $31, %%xmm4, %%xmm8\n\t" \ "vpslld $30, %%xmm4, %%xmm9\n\t" \ "vpslld $25, %%xmm4, %%xmm10\n\t" \ @@ -5060,7 +5060,7 @@ static void AES_GCM_encrypt(const unsigned char *in, unsigned char *out, "vpxor %%xmm5, %%xmm10, %%xmm10\n\t" \ "vpxor %%xmm9, %%xmm10, %%xmm10\n\t" \ "vpxor %%xmm4, %%xmm10, %%xmm10\n\t" \ - "vpxor %%xmm10, "#r", "#r"\n\t" + "vpxor %%xmm10, " #r ", " #r "\n\t" #define GHASH_GFSQR_RED_AVX1(r, a) \ _GHASH_GFSQR_RED_AVX1(r, a) @@ -5081,7 +5081,7 @@ static void AES_GCM_encrypt(const unsigned char *in, unsigned char *out, "vpxor %%xmm0, %%xmm2, %%xmm2\n\t" \ "vpxor %%xmm1, %%xmm2, %%xmm2\n\t" \ "vpxor "#r2", %%xmm2, %%xmm2\n\t" \ - "vpxor %%xmm2, "#r", "#r"\n\t" + "vpxor %%xmm2, " #r ", " #r "\n\t" #define GHASH_GFMUL_RED_XOR_AVX1(r, r2, a, b) \ GHASH_GFMUL_XOR_AVX1(r, r2, a, b) \ @@ -5092,198 +5092,198 @@ static void AES_GCM_encrypt(const unsigned char *in, unsigned char *out, GHASH_MID_AVX1(r, r2) \ GHASH_RED_AVX1(r, r2) -#define CALC_IV_12_AVX1() \ - "# Calculate values when IV is 12 bytes\n\t" \ - "# Set counter based on IV\n\t" \ - "movl $0x01000000, %%ecx\n\t" \ - "vpinsrq $0, 0(%%rax), %%xmm13, %%xmm13\n\t" \ - "vpinsrd $2, 8(%%rax), %%xmm13, %%xmm13\n\t" \ - "vpinsrd $3, %%ecx, %%xmm13, %%xmm13\n\t" \ - "# H = Encrypt X(=0) and T = Encrypt counter\n\t" \ - "vmovdqa 0(%[KEY]), "VAR(HR)"\n\t" \ - "vpxor "VAR(HR)", %%xmm13, %%xmm1\n\t" \ - "vmovdqa 16(%[KEY]), %%xmm12\n\t" \ - "vaesenc %%xmm12, "VAR(HR)", "VAR(HR)"\n\t" \ - "vaesenc %%xmm12, %%xmm1, %%xmm1\n\t" \ - "vmovdqa 32(%[KEY]), %%xmm12\n\t" \ - "vaesenc %%xmm12, "VAR(HR)", "VAR(HR)"\n\t" \ - "vaesenc %%xmm12, %%xmm1, %%xmm1\n\t" \ - "vmovdqa 48(%[KEY]), %%xmm12\n\t" \ - "vaesenc %%xmm12, "VAR(HR)", "VAR(HR)"\n\t" \ - "vaesenc %%xmm12, %%xmm1, %%xmm1\n\t" \ - "vmovdqa 64(%[KEY]), %%xmm12\n\t" \ - "vaesenc %%xmm12, "VAR(HR)", "VAR(HR)"\n\t" \ - "vaesenc %%xmm12, %%xmm1, %%xmm1\n\t" \ - "vmovdqa 80(%[KEY]), %%xmm12\n\t" \ - "vaesenc %%xmm12, "VAR(HR)", "VAR(HR)"\n\t" \ - "vaesenc %%xmm12, %%xmm1, %%xmm1\n\t" \ - "vmovdqa 96(%[KEY]), %%xmm12\n\t" \ - "vaesenc %%xmm12, "VAR(HR)", "VAR(HR)"\n\t" \ - "vaesenc %%xmm12, %%xmm1, %%xmm1\n\t" \ - "vmovdqa 112(%[KEY]), %%xmm12\n\t" \ - "vaesenc %%xmm12, "VAR(HR)", "VAR(HR)"\n\t" \ - "vaesenc %%xmm12, %%xmm1, %%xmm1\n\t" \ - "vmovdqa 128(%[KEY]), %%xmm12\n\t" \ - "vaesenc %%xmm12, "VAR(HR)", "VAR(HR)"\n\t" \ - "vaesenc %%xmm12, %%xmm1, %%xmm1\n\t" \ - "vmovdqa 144(%[KEY]), %%xmm12\n\t" \ - "vaesenc %%xmm12, "VAR(HR)", "VAR(HR)"\n\t" \ - "vaesenc %%xmm12, %%xmm1, %%xmm1\n\t" \ - "cmpl $11, %[nr]\n\t" \ - "vmovdqa 160(%[KEY]), %%xmm12\n\t" \ - "jl 31f\n\t" \ - "vaesenc %%xmm12, "VAR(HR)", "VAR(HR)"\n\t" \ - "vaesenc %%xmm12, %%xmm1, %%xmm1\n\t" \ - "vmovdqa 176(%[KEY]), %%xmm12\n\t" \ - "vaesenc %%xmm12, "VAR(HR)", "VAR(HR)"\n\t" \ - "vaesenc %%xmm12, %%xmm1, %%xmm1\n\t" \ - "cmpl $13, %[nr]\n\t" \ - "vmovdqa 192(%[KEY]), %%xmm12\n\t" \ - "jl 31f\n\t" \ - "vaesenc %%xmm12, "VAR(HR)", "VAR(HR)"\n\t" \ - "vaesenc %%xmm12, %%xmm1, %%xmm1\n\t" \ - "vmovdqa 208(%[KEY]), %%xmm12\n\t" \ - "vaesenc %%xmm12, "VAR(HR)", "VAR(HR)"\n\t" \ - "vaesenc %%xmm12, %%xmm1, %%xmm1\n\t" \ - "vmovdqu 224(%[KEY]), %%xmm12\n\t" \ - "31:\n\t" \ - "vaesenclast %%xmm12, "VAR(HR)", "VAR(HR)"\n\t" \ - "vaesenclast %%xmm12, %%xmm1, %%xmm1\n\t" \ - "vpshufb %[BSWAP_MASK], "VAR(HR)", "VAR(HR)"\n\t" \ - "vmovdqu %%xmm1, "VAR(TR)"\n\t" \ +#define CALC_IV_12_AVX1() \ + "# Calculate values when IV is 12 bytes\n\t" \ + "# Set counter based on IV\n\t" \ + "movl $0x01000000, %%ecx\n\t" \ + "vpinsrq $0, 0(%%rax), %%xmm13, %%xmm13\n\t" \ + "vpinsrd $2, 8(%%rax), %%xmm13, %%xmm13\n\t" \ + "vpinsrd $3, %%ecx, %%xmm13, %%xmm13\n\t" \ + "# H = Encrypt X(=0) and T = Encrypt counter\n\t" \ + "vmovdqa 0(%[KEY]), " VAR(HR) "\n\t" \ + "vpxor " VAR(HR) ", %%xmm13, %%xmm1\n\t" \ + "vmovdqa 16(%[KEY]), %%xmm12\n\t" \ + "vaesenc %%xmm12, " VAR(HR) ", " VAR(HR) "\n\t" \ + "vaesenc %%xmm12, %%xmm1, %%xmm1\n\t" \ + "vmovdqa 32(%[KEY]), %%xmm12\n\t" \ + "vaesenc %%xmm12, " VAR(HR) ", " VAR(HR) "\n\t" \ + "vaesenc %%xmm12, %%xmm1, %%xmm1\n\t" \ + "vmovdqa 48(%[KEY]), %%xmm12\n\t" \ + "vaesenc %%xmm12, " VAR(HR) ", " VAR(HR) "\n\t" \ + "vaesenc %%xmm12, %%xmm1, %%xmm1\n\t" \ + "vmovdqa 64(%[KEY]), %%xmm12\n\t" \ + "vaesenc %%xmm12, " VAR(HR) ", " VAR(HR) "\n\t" \ + "vaesenc %%xmm12, %%xmm1, %%xmm1\n\t" \ + "vmovdqa 80(%[KEY]), %%xmm12\n\t" \ + "vaesenc %%xmm12, " VAR(HR) ", " VAR(HR) "\n\t" \ + "vaesenc %%xmm12, %%xmm1, %%xmm1\n\t" \ + "vmovdqa 96(%[KEY]), %%xmm12\n\t" \ + "vaesenc %%xmm12, " VAR(HR) ", " VAR(HR) "\n\t" \ + "vaesenc %%xmm12, %%xmm1, %%xmm1\n\t" \ + "vmovdqa 112(%[KEY]), %%xmm12\n\t" \ + "vaesenc %%xmm12, " VAR(HR) ", " VAR(HR) "\n\t" \ + "vaesenc %%xmm12, %%xmm1, %%xmm1\n\t" \ + "vmovdqa 128(%[KEY]), %%xmm12\n\t" \ + "vaesenc %%xmm12, " VAR(HR) ", " VAR(HR) "\n\t" \ + "vaesenc %%xmm12, %%xmm1, %%xmm1\n\t" \ + "vmovdqa 144(%[KEY]), %%xmm12\n\t" \ + "vaesenc %%xmm12, " VAR(HR) ", " VAR(HR) "\n\t" \ + "vaesenc %%xmm12, %%xmm1, %%xmm1\n\t" \ + "cmpl $11, %[nr]\n\t" \ + "vmovdqa 160(%[KEY]), %%xmm12\n\t" \ + "jl 31f\n\t" \ + "vaesenc %%xmm12, " VAR(HR) ", " VAR(HR) "\n\t" \ + "vaesenc %%xmm12, %%xmm1, %%xmm1\n\t" \ + "vmovdqa 176(%[KEY]), %%xmm12\n\t" \ + "vaesenc %%xmm12, " VAR(HR) ", " VAR(HR) "\n\t" \ + "vaesenc %%xmm12, %%xmm1, %%xmm1\n\t" \ + "cmpl $13, %[nr]\n\t" \ + "vmovdqa 192(%[KEY]), %%xmm12\n\t" \ + "jl 31f\n\t" \ + "vaesenc %%xmm12, " VAR(HR) ", " VAR(HR) "\n\t" \ + "vaesenc %%xmm12, %%xmm1, %%xmm1\n\t" \ + "vmovdqa 208(%[KEY]), %%xmm12\n\t" \ + "vaesenc %%xmm12, " VAR(HR) ", " VAR(HR) "\n\t" \ + "vaesenc %%xmm12, %%xmm1, %%xmm1\n\t" \ + "vmovdqu 224(%[KEY]), %%xmm12\n\t" \ + "31:\n\t" \ + "vaesenclast %%xmm12, " VAR(HR) ", " VAR(HR) "\n\t" \ + "vaesenclast %%xmm12, %%xmm1, %%xmm1\n\t" \ + "vpshufb %[BSWAP_MASK], " VAR(HR) ", " VAR(HR) "\n\t" \ + "vmovdqu %%xmm1, " VAR(TR) "\n\t" \ "jmp 39f\n\t" -#define CALC_IV_AVX1() \ - "# Calculate values when IV is not 12 bytes\n\t" \ - "# H = Encrypt X(=0)\n\t" \ - "vmovdqa 0(%[KEY]), "VAR(HR)"\n\t" \ - VAESENC_AVX(HR) \ - "vpshufb %[BSWAP_MASK], "VAR(HR)", "VAR(HR)"\n\t" \ - "# Calc counter\n\t" \ - "# Initialization vector\n\t" \ - "cmpl $0, %%edx\n\t" \ - "movq $0, %%rcx\n\t" \ - "je 45f\n\t" \ - "cmpl $16, %%edx\n\t" \ - "jl 44f\n\t" \ - "andl $0xfffffff0, %%edx\n\t" \ - "\n" \ - "43:\n\t" \ - "vmovdqu (%%rax,%%rcx,1), %%xmm4\n\t" \ - "vpshufb %[BSWAP_MASK], %%xmm4, %%xmm4\n\t" \ - "vpxor %%xmm4, %%xmm13, %%xmm13\n\t" \ - GHASH_FULL_AVX1(%%xmm13, %%xmm12, %%xmm13, HR) \ - "addl $16, %%ecx\n\t" \ - "cmpl %%edx, %%ecx\n\t" \ - "jl 43b\n\t" \ - "movl %[ibytes], %%edx\n\t" \ - "cmpl %%edx, %%ecx\n\t" \ - "je 45f\n\t" \ - "\n" \ - "44:\n\t" \ - "subq $16, %%rsp\n\t" \ - "vpxor %%xmm4, %%xmm4, %%xmm4\n\t" \ - "xorl %%ebx, %%ebx\n\t" \ - "vmovdqu %%xmm4, (%%rsp)\n\t" \ - "42:\n\t" \ - "movzbl (%%rax,%%rcx,1), %%r13d\n\t" \ - "movb %%r13b, (%%rsp,%%rbx,1)\n\t" \ - "incl %%ecx\n\t" \ - "incl %%ebx\n\t" \ - "cmpl %%edx, %%ecx\n\t" \ - "jl 42b\n\t" \ - "vmovdqu (%%rsp), %%xmm4\n\t" \ - "addq $16, %%rsp\n\t" \ - "vpshufb %[BSWAP_MASK], %%xmm4, %%xmm4\n\t" \ - "vpxor %%xmm4, %%xmm13, %%xmm13\n\t" \ - GHASH_FULL_AVX1(%%xmm13, %%xmm12, %%xmm13, HR) \ - "\n" \ - "45:\n\t" \ - "# T = Encrypt counter\n\t" \ - "vpxor %%xmm0, %%xmm0, %%xmm0\n\t" \ - "shll $3, %%edx\n\t" \ - "vpinsrq $0, %%rdx, %%xmm0, %%xmm0\n\t" \ - "vpxor %%xmm0, %%xmm13, %%xmm13\n\t" \ - GHASH_FULL_AVX1(%%xmm13, %%xmm12, %%xmm13, HR) \ - "vpshufb %[BSWAP_MASK], %%xmm13, %%xmm13\n\t" \ - "# Encrypt counter\n\t" \ - "vmovdqa 0(%[KEY]), %%xmm4\n\t" \ - "vpxor %%xmm13, %%xmm4, %%xmm4\n\t" \ - VAESENC_AVX(%%xmm4) \ - "vmovdqu %%xmm4, "VAR(TR)"\n\t" +#define CALC_IV_AVX1() \ + "# Calculate values when IV is not 12 bytes\n\t" \ + "# H = Encrypt X(=0)\n\t" \ + "vmovdqa 0(%[KEY]), " VAR(HR) "\n\t" \ + VAESENC_AVX(HR) \ + "vpshufb %[BSWAP_MASK], " VAR(HR) ", " VAR(HR) "\n\t" \ + "# Calc counter\n\t" \ + "# Initialization vector\n\t" \ + "cmpl $0, %%edx\n\t" \ + "movq $0, %%rcx\n\t" \ + "je 45f\n\t" \ + "cmpl $16, %%edx\n\t" \ + "jl 44f\n\t" \ + "andl $0xfffffff0, %%edx\n\t" \ + "\n" \ + "43:\n\t" \ + "vmovdqu (%%rax,%%rcx,1), %%xmm4\n\t" \ + "vpshufb %[BSWAP_MASK], %%xmm4, %%xmm4\n\t" \ + "vpxor %%xmm4, %%xmm13, %%xmm13\n\t" \ + GHASH_FULL_AVX1(%%xmm13, %%xmm12, %%xmm13, HR) \ + "addl $16, %%ecx\n\t" \ + "cmpl %%edx, %%ecx\n\t" \ + "jl 43b\n\t" \ + "movl %[ibytes], %%edx\n\t" \ + "cmpl %%edx, %%ecx\n\t" \ + "je 45f\n\t" \ + "\n" \ + "44:\n\t" \ + "subq $16, %%rsp\n\t" \ + "vpxor %%xmm4, %%xmm4, %%xmm4\n\t" \ + "xorl %%ebx, %%ebx\n\t" \ + "vmovdqu %%xmm4, (%%rsp)\n\t" \ + "42:\n\t" \ + "movzbl (%%rax,%%rcx,1), %%r13d\n\t" \ + "movb %%r13b, (%%rsp,%%rbx,1)\n\t" \ + "incl %%ecx\n\t" \ + "incl %%ebx\n\t" \ + "cmpl %%edx, %%ecx\n\t" \ + "jl 42b\n\t" \ + "vmovdqu (%%rsp), %%xmm4\n\t" \ + "addq $16, %%rsp\n\t" \ + "vpshufb %[BSWAP_MASK], %%xmm4, %%xmm4\n\t" \ + "vpxor %%xmm4, %%xmm13, %%xmm13\n\t" \ + GHASH_FULL_AVX1(%%xmm13, %%xmm12, %%xmm13, HR) \ + "\n" \ + "45:\n\t" \ + "# T = Encrypt counter\n\t" \ + "vpxor %%xmm0, %%xmm0, %%xmm0\n\t" \ + "shll $3, %%edx\n\t" \ + "vpinsrq $0, %%rdx, %%xmm0, %%xmm0\n\t" \ + "vpxor %%xmm0, %%xmm13, %%xmm13\n\t" \ + GHASH_FULL_AVX1(%%xmm13, %%xmm12, %%xmm13, HR) \ + "vpshufb %[BSWAP_MASK], %%xmm13, %%xmm13\n\t" \ + "# Encrypt counter\n\t" \ + "vmovdqa 0(%[KEY]), %%xmm4\n\t" \ + "vpxor %%xmm13, %%xmm4, %%xmm4\n\t" \ + VAESENC_AVX(%%xmm4) \ + "vmovdqu %%xmm4, " VAR(TR) "\n\t" -#define CALC_AAD_AVX1() \ - "# Additional authentication data\n\t" \ - "movl %[abytes], %%edx\n\t" \ - "cmpl $0, %%edx\n\t" \ - "je 25f\n\t" \ - "movq %[addt], %%rax\n\t" \ - "xorl %%ecx, %%ecx\n\t" \ - "cmpl $16, %%edx\n\t" \ - "jl 24f\n\t" \ - "andl $0xfffffff0, %%edx\n\t" \ - "\n" \ - "23:\n\t" \ - "vmovdqu (%%rax,%%rcx,1), %%xmm4\n\t" \ - "vpshufb %[BSWAP_MASK], %%xmm4, %%xmm4\n\t" \ - "vpxor %%xmm4, "VAR(XR)", "VAR(XR)"\n\t" \ - GHASH_FULL_AVX1(XR, %%xmm12, XR, HR) \ - "addl $16, %%ecx\n\t" \ - "cmpl %%edx, %%ecx\n\t" \ - "jl 23b\n\t" \ - "movl %[abytes], %%edx\n\t" \ - "cmpl %%edx, %%ecx\n\t" \ - "je 25f\n\t" \ - "\n" \ - "24:\n\t" \ - "subq $16, %%rsp\n\t" \ - "vpxor %%xmm4, %%xmm4, %%xmm4\n\t" \ - "xorl %%ebx, %%ebx\n\t" \ - "vmovdqu %%xmm4, (%%rsp)\n\t" \ - "22:\n\t" \ - "movzbl (%%rax,%%rcx,1), %%r13d\n\t" \ - "movb %%r13b, (%%rsp,%%rbx,1)\n\t" \ - "incl %%ecx\n\t" \ - "incl %%ebx\n\t" \ - "cmpl %%edx, %%ecx\n\t" \ - "jl 22b\n\t" \ - "vmovdqu (%%rsp), %%xmm4\n\t" \ - "addq $16, %%rsp\n\t" \ - "vpshufb %[BSWAP_MASK], %%xmm4, %%xmm4\n\t" \ - "vpxor %%xmm4, "VAR(XR)", "VAR(XR)"\n\t" \ - GHASH_FULL_AVX1(XR, %%xmm12, XR, HR) \ - "\n" \ +#define CALC_AAD_AVX1() \ + "# Additional authentication data\n\t" \ + "movl %[abytes], %%edx\n\t" \ + "cmpl $0, %%edx\n\t" \ + "je 25f\n\t" \ + "movq %[addt], %%rax\n\t" \ + "xorl %%ecx, %%ecx\n\t" \ + "cmpl $16, %%edx\n\t" \ + "jl 24f\n\t" \ + "andl $0xfffffff0, %%edx\n\t" \ + "\n" \ + "23:\n\t" \ + "vmovdqu (%%rax,%%rcx,1), %%xmm4\n\t" \ + "vpshufb %[BSWAP_MASK], %%xmm4, %%xmm4\n\t" \ + "vpxor %%xmm4, " VAR(XR) ", " VAR(XR) "\n\t" \ + GHASH_FULL_AVX1(XR, %%xmm12, XR, HR) \ + "addl $16, %%ecx\n\t" \ + "cmpl %%edx, %%ecx\n\t" \ + "jl 23b\n\t" \ + "movl %[abytes], %%edx\n\t" \ + "cmpl %%edx, %%ecx\n\t" \ + "je 25f\n\t" \ + "\n" \ + "24:\n\t" \ + "subq $16, %%rsp\n\t" \ + "vpxor %%xmm4, %%xmm4, %%xmm4\n\t" \ + "xorl %%ebx, %%ebx\n\t" \ + "vmovdqu %%xmm4, (%%rsp)\n\t" \ + "22:\n\t" \ + "movzbl (%%rax,%%rcx,1), %%r13d\n\t" \ + "movb %%r13b, (%%rsp,%%rbx,1)\n\t" \ + "incl %%ecx\n\t" \ + "incl %%ebx\n\t" \ + "cmpl %%edx, %%ecx\n\t" \ + "jl 22b\n\t" \ + "vmovdqu (%%rsp), %%xmm4\n\t" \ + "addq $16, %%rsp\n\t" \ + "vpshufb %[BSWAP_MASK], %%xmm4, %%xmm4\n\t" \ + "vpxor %%xmm4, " VAR(XR) ", " VAR(XR) "\n\t" \ + GHASH_FULL_AVX1(XR, %%xmm12, XR, HR) \ + "\n" \ "25:\n\t" #define CALC_HT_8_AVX1() \ - "vmovdqa "VAR(XR)", %%xmm2\n\t" \ + "vmovdqa " VAR(XR) ", %%xmm2\n\t" \ "# H ^ 1\n\t" \ - "vmovdqu "VAR(HR)", 0("VAR(HTR)")\n\t" \ + "vmovdqu " VAR(HR) ", 0(" VAR(HTR) ")\n\t" \ "# H ^ 2\n\t" \ GHASH_GFSQR_RED_AVX1(%%xmm0, HR) \ - "vmovdqu %%xmm0 , 16("VAR(HTR)")\n\t" \ + "vmovdqu %%xmm0 , 16(" VAR(HTR) ")\n\t" \ "# H ^ 3\n\t" \ GHASH_GFMUL_RED_AVX1(%%xmm1, HR, %%xmm0) \ - "vmovdqu %%xmm1 , 32("VAR(HTR)")\n\t" \ + "vmovdqu %%xmm1 , 32(" VAR(HTR) ")\n\t" \ "# H ^ 4\n\t" \ GHASH_GFSQR_RED_AVX1(%%xmm3, %%xmm0) \ - "vmovdqu %%xmm3 , 48("VAR(HTR)")\n\t" \ + "vmovdqu %%xmm3 , 48(" VAR(HTR) ")\n\t" \ "# H ^ 5\n\t" \ GHASH_GFMUL_RED_AVX1(%%xmm12, %%xmm0, %%xmm1) \ - "vmovdqu %%xmm12, 64("VAR(HTR)")\n\t" \ + "vmovdqu %%xmm12, 64(" VAR(HTR) ")\n\t" \ "# H ^ 6\n\t" \ GHASH_GFSQR_RED_AVX1(%%xmm12, %%xmm1) \ - "vmovdqu %%xmm12, 80("VAR(HTR)")\n\t" \ + "vmovdqu %%xmm12, 80(" VAR(HTR) ")\n\t" \ "# H ^ 7\n\t" \ GHASH_GFMUL_RED_AVX1(%%xmm12, %%xmm1, %%xmm3) \ - "vmovdqu %%xmm12, 96("VAR(HTR)")\n\t" \ + "vmovdqu %%xmm12, 96(" VAR(HTR) ")\n\t" \ "# H ^ 8\n\t" \ GHASH_GFSQR_RED_AVX1(%%xmm12, %%xmm3) \ - "vmovdqu %%xmm12, 112("VAR(HTR)")\n\t" + "vmovdqu %%xmm12, 112(" VAR(HTR) ")\n\t" -#define VAESENC_128_GHASH_AVX1(src, o) \ - "leaq (%[in],"VAR(KR64)",1), %%rcx\n\t" \ - "leaq (%[out],"VAR(KR64)",1), %%rdx\n\t" \ +#define VAESENC_128_GHASH_AVX1(src, o) \ + "leaq (%[in]," VAR(KR64) ",1), %%rcx\n\t" \ + "leaq (%[out]," VAR(KR64) ",1), %%rdx\n\t" \ /* src is either %%rcx or %%rdx */ \ VAESENC_CTR() \ VAESENC_XOR() \ @@ -5311,112 +5311,112 @@ static void AES_GCM_encrypt(const unsigned char *in, unsigned char *out, "4:\n\t" \ VAESENC_LAST(%%rcx, %%rdx) -#define _VAESENC_AVX(r) \ - "vaesenc 16(%[KEY]), "#r", "#r"\n\t" \ - "vaesenc 32(%[KEY]), "#r", "#r"\n\t" \ - "vaesenc 48(%[KEY]), "#r", "#r"\n\t" \ - "vaesenc 64(%[KEY]), "#r", "#r"\n\t" \ - "vaesenc 80(%[KEY]), "#r", "#r"\n\t" \ - "vaesenc 96(%[KEY]), "#r", "#r"\n\t" \ - "vaesenc 112(%[KEY]), "#r", "#r"\n\t" \ - "vaesenc 128(%[KEY]), "#r", "#r"\n\t" \ - "vaesenc 144(%[KEY]), "#r", "#r"\n\t" \ - "cmpl $11, %[nr]\n\t" \ - "vmovdqa 160(%[KEY]), %%xmm5\n\t" \ - "jl %=f\n\t" \ - "vaesenc %%xmm5, "#r", "#r"\n\t" \ - "vaesenc 176(%[KEY]), "#r", "#r"\n\t" \ - "cmpl $13, %[nr]\n\t" \ - "vmovdqa 192(%[KEY]), %%xmm5\n\t" \ - "jl %=f\n\t" \ - "vaesenc %%xmm5, "#r", "#r"\n\t" \ - "vaesenc 208(%[KEY]), "#r", "#r"\n\t" \ - "vmovdqa 224(%[KEY]), %%xmm5\n\t" \ - "%=:\n\t" \ - "vaesenclast %%xmm5, "#r", "#r"\n\t" -#define VAESENC_AVX(r) \ +#define _VAESENC_AVX(r) \ + "vaesenc 16(%[KEY]), " #r ", " #r "\n\t" \ + "vaesenc 32(%[KEY]), " #r ", " #r "\n\t" \ + "vaesenc 48(%[KEY]), " #r ", " #r "\n\t" \ + "vaesenc 64(%[KEY]), " #r ", " #r "\n\t" \ + "vaesenc 80(%[KEY]), " #r ", " #r "\n\t" \ + "vaesenc 96(%[KEY]), " #r ", " #r "\n\t" \ + "vaesenc 112(%[KEY]), " #r ", " #r "\n\t" \ + "vaesenc 128(%[KEY]), " #r ", " #r "\n\t" \ + "vaesenc 144(%[KEY]), " #r ", " #r "\n\t" \ + "cmpl $11, %[nr]\n\t" \ + "vmovdqa 160(%[KEY]), %%xmm5\n\t" \ + "jl %=f\n\t" \ + "vaesenc %%xmm5, " #r ", " #r "\n\t" \ + "vaesenc 176(%[KEY]), " #r ", " #r "\n\t" \ + "cmpl $13, %[nr]\n\t" \ + "vmovdqa 192(%[KEY]), %%xmm5\n\t" \ + "jl %=f\n\t" \ + "vaesenc %%xmm5, " #r ", " #r "\n\t" \ + "vaesenc 208(%[KEY]), " #r ", " #r "\n\t" \ + "vmovdqa 224(%[KEY]), %%xmm5\n\t" \ + "%=:\n\t" \ + "vaesenclast %%xmm5, " #r ", " #r "\n\t" +#define VAESENC_AVX(r) \ _VAESENC_AVX(r) -#define AESENC_LAST15_ENC_AVX1() \ - "movl %[nbytes], %%ecx\n\t" \ - "movl %%ecx, %%edx\n\t" \ - "andl $0x0f, %%ecx\n\t" \ - "jz 55f\n\t" \ - "vmovdqu "VAR(CTR1)", %%xmm13\n\t" \ - "vpshufb %[BSWAP_EPI64], %%xmm13, %%xmm13\n\t" \ - "vpxor 0(%[KEY]), %%xmm13, %%xmm13\n\t" \ - VAESENC_AVX(%%xmm13) \ - "subq $16, %%rsp\n\t" \ - "xorl %%ecx, %%ecx\n\t" \ - "vmovdqu %%xmm13, (%%rsp)\n\t" \ - "\n" \ - "51:\n\t" \ - "movzbl (%[in],"VAR(KR64)",1), %%r13d\n\t" \ - "xorb (%%rsp,%%rcx,1), %%r13b\n\t" \ - "movb %%r13b, (%[out],"VAR(KR64)",1)\n\t" \ - "movb %%r13b, (%%rsp,%%rcx,1)\n\t" \ - "incl "VAR(KR)"\n\t" \ - "incl %%ecx\n\t" \ - "cmpl %%edx, "VAR(KR)"\n\t" \ - "jl 51b\n\t" \ - "xorq %%r13, %%r13\n\t" \ - "cmpl $16, %%ecx\n\t" \ - "je 53f\n\t" \ - "\n" \ - "52:\n\t" \ - "movb %%r13b, (%%rsp,%%rcx,1)\n\t" \ - "incl %%ecx\n\t" \ - "cmpl $16, %%ecx\n\t" \ - "jl 52b\n\t" \ - "53:\n\t" \ - "vmovdqu (%%rsp), %%xmm13\n\t" \ - "addq $16, %%rsp\n\t" \ - "vpshufb %[BSWAP_MASK], %%xmm13, %%xmm13\n\t" \ - "vpxor %%xmm13, "VAR(XR)", "VAR(XR)"\n\t" \ - GHASH_GFMUL_RED_AVX1(XR, HR, XR) \ +#define AESENC_LAST15_ENC_AVX1() \ + "movl %[nbytes], %%ecx\n\t" \ + "movl %%ecx, %%edx\n\t" \ + "andl $0x0f, %%ecx\n\t" \ + "jz 55f\n\t" \ + "vmovdqu " VAR(CTR1) ", %%xmm13\n\t" \ + "vpshufb %[BSWAP_EPI64], %%xmm13, %%xmm13\n\t" \ + "vpxor 0(%[KEY]), %%xmm13, %%xmm13\n\t" \ + VAESENC_AVX(%%xmm13) \ + "subq $16, %%rsp\n\t" \ + "xorl %%ecx, %%ecx\n\t" \ + "vmovdqu %%xmm13, (%%rsp)\n\t" \ + "\n" \ + "51:\n\t" \ + "movzbl (%[in]," VAR(KR64) ",1), %%r13d\n\t" \ + "xorb (%%rsp,%%rcx,1), %%r13b\n\t" \ + "movb %%r13b, (%[out]," VAR(KR64) ",1)\n\t" \ + "movb %%r13b, (%%rsp,%%rcx,1)\n\t" \ + "incl " VAR(KR) "\n\t" \ + "incl %%ecx\n\t" \ + "cmpl %%edx, " VAR(KR) "\n\t" \ + "jl 51b\n\t" \ + "xorq %%r13, %%r13\n\t" \ + "cmpl $16, %%ecx\n\t" \ + "je 53f\n\t" \ + "\n" \ + "52:\n\t" \ + "movb %%r13b, (%%rsp,%%rcx,1)\n\t" \ + "incl %%ecx\n\t" \ + "cmpl $16, %%ecx\n\t" \ + "jl 52b\n\t" \ + "53:\n\t" \ + "vmovdqu (%%rsp), %%xmm13\n\t" \ + "addq $16, %%rsp\n\t" \ + "vpshufb %[BSWAP_MASK], %%xmm13, %%xmm13\n\t" \ + "vpxor %%xmm13, " VAR(XR) ", " VAR(XR) "\n\t" \ + GHASH_GFMUL_RED_AVX1(XR, HR, XR) \ -#define AESENC_LAST15_DEC_AVX1() \ - "movl %[nbytes], %%ecx\n\t" \ - "movl %%ecx, %%edx\n\t" \ - "andl $0x0f, %%ecx\n\t" \ - "jz 55f\n\t" \ - "vmovdqu "VAR(CTR1)", %%xmm13\n\t" \ - "vpshufb %[BSWAP_EPI64], %%xmm13, %%xmm13\n\t" \ - "vpxor 0(%[KEY]), %%xmm13, %%xmm13\n\t" \ - VAESENC_AVX(%%xmm13) \ - "subq $32, %%rsp\n\t" \ - "xorl %%ecx, %%ecx\n\t" \ - "vmovdqu %%xmm13, (%%rsp)\n\t" \ - "vpxor %%xmm0, %%xmm0, %%xmm0\n\t" \ - "vmovdqu %%xmm0, 16(%%rsp)\n\t" \ - "\n" \ - "51:\n\t" \ - "movzbl (%[in],"VAR(KR64)",1), %%r13d\n\t" \ - "movb %%r13b, 16(%%rsp,%%rcx,1)\n\t" \ - "xorb (%%rsp,%%rcx,1), %%r13b\n\t" \ - "movb %%r13b, (%[out],"VAR(KR64)",1)\n\t" \ - "incl "VAR(KR)"\n\t" \ - "incl %%ecx\n\t" \ - "cmpl %%edx, "VAR(KR)"\n\t" \ - "jl 51b\n\t" \ - "53:\n\t" \ - "vmovdqu 16(%%rsp), %%xmm13\n\t" \ - "addq $32, %%rsp\n\t" \ - "vpshufb %[BSWAP_MASK], %%xmm13, %%xmm13\n\t" \ - "vpxor %%xmm13, "VAR(XR)", "VAR(XR)"\n\t" \ - GHASH_GFMUL_RED_AVX1(XR, HR, XR) \ +#define AESENC_LAST15_DEC_AVX1() \ + "movl %[nbytes], %%ecx\n\t" \ + "movl %%ecx, %%edx\n\t" \ + "andl $0x0f, %%ecx\n\t" \ + "jz 55f\n\t" \ + "vmovdqu " VAR(CTR1) ", %%xmm13\n\t" \ + "vpshufb %[BSWAP_EPI64], %%xmm13, %%xmm13\n\t" \ + "vpxor 0(%[KEY]), %%xmm13, %%xmm13\n\t" \ + VAESENC_AVX(%%xmm13) \ + "subq $32, %%rsp\n\t" \ + "xorl %%ecx, %%ecx\n\t" \ + "vmovdqu %%xmm13, (%%rsp)\n\t" \ + "vpxor %%xmm0, %%xmm0, %%xmm0\n\t" \ + "vmovdqu %%xmm0, 16(%%rsp)\n\t" \ + "\n" \ + "51:\n\t" \ + "movzbl (%[in]," VAR(KR64) ",1), %%r13d\n\t" \ + "movb %%r13b, 16(%%rsp,%%rcx,1)\n\t" \ + "xorb (%%rsp,%%rcx,1), %%r13b\n\t" \ + "movb %%r13b, (%[out]," VAR(KR64) ",1)\n\t" \ + "incl " VAR(KR) "\n\t" \ + "incl %%ecx\n\t" \ + "cmpl %%edx, " VAR(KR) "\n\t" \ + "jl 51b\n\t" \ + "53:\n\t" \ + "vmovdqu 16(%%rsp), %%xmm13\n\t" \ + "addq $32, %%rsp\n\t" \ + "vpshufb %[BSWAP_MASK], %%xmm13, %%xmm13\n\t" \ + "vpxor %%xmm13, " VAR(XR) ", " VAR(XR) "\n\t" \ + GHASH_GFMUL_RED_AVX1(XR, HR, XR) \ -#define CALC_TAG_AVX1() \ - "movl %[nbytes], %%edx\n\t" \ - "movl %[abytes], %%ecx\n\t" \ - "shlq $3, %%rdx\n\t" \ - "shlq $3, %%rcx\n\t" \ - "vpinsrq $0, %%rdx, %%xmm0, %%xmm0\n\t" \ - "vpinsrq $1, %%rcx, %%xmm0, %%xmm0\n\t" \ - "vpxor %%xmm0, "VAR(XR)", "VAR(XR)"\n\t" \ - GHASH_GFMUL_RED_AVX1(XR, HR, XR) \ - "vpshufb %[BSWAP_MASK], "VAR(XR)", "VAR(XR)"\n\t" \ - "vpxor "VAR(TR)", "VAR(XR)", %%xmm0\n\t" \ +#define CALC_TAG_AVX1() \ + "movl %[nbytes], %%edx\n\t" \ + "movl %[abytes], %%ecx\n\t" \ + "shlq $3, %%rdx\n\t" \ + "shlq $3, %%rcx\n\t" \ + "vpinsrq $0, %%rdx, %%xmm0, %%xmm0\n\t" \ + "vpinsrq $1, %%rcx, %%xmm0, %%xmm0\n\t" \ + "vpxor %%xmm0, " VAR(XR) ", " VAR(XR) "\n\t" \ + GHASH_GFMUL_RED_AVX1(XR, HR, XR) \ + "vpshufb %[BSWAP_MASK], " VAR(XR) ", " VAR(XR) "\n\t" \ + "vpxor " VAR(TR) ", " VAR(XR) ", %%xmm0\n\t" \ #define STORE_TAG_AVX() \ "cmpl $16, %[tbytes]\n\t" \ @@ -5479,10 +5479,10 @@ static void AES_GCM_encrypt_avx1(const unsigned char *in, unsigned char *out, register unsigned int ivLen asm("ebx") = ibytes; __asm__ __volatile__ ( - "subq $"VAR(STACK_OFFSET)", %%rsp\n\t" + "subq $" VAR(STACK_OFFSET) ", %%rsp\n\t" /* Counter is xmm13 */ "vpxor %%xmm13, %%xmm13, %%xmm13\n\t" - "vpxor "VAR(XR)", "VAR(XR)", "VAR(XR)"\n\t" + "vpxor " VAR(XR) ", " VAR(XR) ", " VAR(XR) "\n\t" "movl %[ibytes], %%edx\n\t" "cmpl $12, %%edx\n\t" "jne 35f\n\t" @@ -5496,19 +5496,19 @@ static void AES_GCM_encrypt_avx1(const unsigned char *in, unsigned char *out, CALC_AAD_AVX1() "# Calculate counter and H\n\t" - "vpsrlq $63, "VAR(HR)", %%xmm5\n\t" - "vpsllq $1, "VAR(HR)", %%xmm4\n\t" + "vpsrlq $63, " VAR(HR) ", %%xmm5\n\t" + "vpsllq $1, " VAR(HR) ", %%xmm4\n\t" "vpslldq $8, %%xmm5, %%xmm5\n\t" "vpor %%xmm5, %%xmm4, %%xmm4\n\t" - "vpshufd $0xff, "VAR(HR)", "VAR(HR)"\n\t" - "vpsrad $31, "VAR(HR)", "VAR(HR)"\n\t" + "vpshufd $0xff, " VAR(HR) ", " VAR(HR) "\n\t" + "vpsrad $31, " VAR(HR) ", " VAR(HR) "\n\t" "vpshufb %[BSWAP_EPI64], %%xmm13, %%xmm13\n\t" - "vpand %[MOD2_128], "VAR(HR)", "VAR(HR)"\n\t" + "vpand %[MOD2_128], " VAR(HR) ", " VAR(HR) "\n\t" "vpaddd %[ONE], %%xmm13, %%xmm13\n\t" - "vpxor %%xmm4, "VAR(HR)", "VAR(HR)"\n\t" - "vmovdqu %%xmm13, "VAR(CTR1)"\n\t" + "vpxor %%xmm4, " VAR(HR) ", " VAR(HR) "\n\t" + "vmovdqu %%xmm13, " VAR(CTR1) "\n\t" - "xorl "VAR(KR)", "VAR(KR)"\n\t" + "xorl " VAR(KR) ", " VAR(KR) "\n\t" #if !defined(AES_GCM_AESNI_NO_UNROLL) && !defined(AES_GCM_AVX1_NO_UNROLL) "cmpl $128, %[nbytes]\n\t" @@ -5522,15 +5522,15 @@ static void AES_GCM_encrypt_avx1(const unsigned char *in, unsigned char *out, VAESENC_128() "cmpl $128, %%r13d\n\t" - "movl $128, "VAR(KR)"\n\t" + "movl $128, " VAR(KR) "\n\t" "jle 2f\n\t" "# More 128 bytes of input\n\t" "\n" "3:\n\t" VAESENC_128_GHASH_AVX1(%%rdx, 0) - "addl $128, "VAR(KR)"\n\t" - "cmpl %%r13d, "VAR(KR)"\n\t" + "addl $128, " VAR(KR) "\n\t" + "cmpl %%r13d, " VAR(KR) "\n\t" "jl 3b\n\t" "\n" "2:\n\t" @@ -5545,48 +5545,48 @@ static void AES_GCM_encrypt_avx1(const unsigned char *in, unsigned char *out, "vpshufb %%xmm13, %%xmm10, %%xmm10\n\t" "vpshufb %%xmm13, %%xmm11, %%xmm11\n\t" - "vmovdqu ("VAR(HTR)"), %%xmm12\n\t" - "vmovdqu 16("VAR(HTR)"), %%xmm14\n\t" + "vmovdqu (" VAR(HTR) "), %%xmm12\n\t" + "vmovdqu 16(" VAR(HTR) "), %%xmm14\n\t" GHASH_GFMUL_AVX1(XR, %%xmm13, %%xmm11, %%xmm12) GHASH_GFMUL_XOR_AVX1(XR, %%xmm13, %%xmm10, %%xmm14) - "vmovdqu 32("VAR(HTR)"), %%xmm12\n\t" - "vmovdqu 48("VAR(HTR)"), %%xmm14\n\t" + "vmovdqu 32(" VAR(HTR) "), %%xmm12\n\t" + "vmovdqu 48(" VAR(HTR) "), %%xmm14\n\t" GHASH_GFMUL_XOR_AVX1(XR, %%xmm13, %%xmm9, %%xmm12) GHASH_GFMUL_XOR_AVX1(XR, %%xmm13, %%xmm8, %%xmm14) - "vmovdqu 64("VAR(HTR)"), %%xmm12\n\t" - "vmovdqu 80("VAR(HTR)"), %%xmm14\n\t" + "vmovdqu 64(" VAR(HTR) "), %%xmm12\n\t" + "vmovdqu 80(" VAR(HTR) "), %%xmm14\n\t" GHASH_GFMUL_XOR_AVX1(XR, %%xmm13, %%xmm7, %%xmm12) GHASH_GFMUL_XOR_AVX1(XR, %%xmm13, %%xmm6, %%xmm14) - "vmovdqu 96("VAR(HTR)"), %%xmm12\n\t" - "vmovdqu 112("VAR(HTR)"), %%xmm14\n\t" + "vmovdqu 96(" VAR(HTR) "), %%xmm12\n\t" + "vmovdqu 112(" VAR(HTR) "), %%xmm14\n\t" GHASH_GFMUL_XOR_AVX1(XR, %%xmm13, %%xmm5, %%xmm12) GHASH_GFMUL_RED_XOR_AVX1(XR, %%xmm13, %%xmm4, %%xmm14) - "vmovdqu 0("VAR(HTR)"), "VAR(HR)"\n\t" + "vmovdqu 0(" VAR(HTR) "), " VAR(HR) "\n\t" "\n" "5:\n\t" "movl %[nbytes], %%edx\n\t" - "cmpl %%edx, "VAR(KR)"\n\t" + "cmpl %%edx, " VAR(KR) "\n\t" "jge 55f\n\t" #endif "movl %[nbytes], %%r13d\n\t" "andl $0xfffffff0, %%r13d\n\t" - "cmpl %%r13d, "VAR(KR)"\n\t" + "cmpl %%r13d, " VAR(KR) "\n\t" "jge 14f\n\t" VAESENC_BLOCK() - "addl $16, "VAR(KR)"\n\t" - "cmpl %%r13d, "VAR(KR)"\n\t" + "addl $16, " VAR(KR) "\n\t" + "cmpl %%r13d, " VAR(KR) "\n\t" "jge 13f\n\t" "\n" "12:\n\t" - "vmovdqu (%[in],"VAR(KR64)",1), %%xmm9\n\t" + "vmovdqu (%[in]," VAR(KR64) ",1), %%xmm9\n\t" VAESENC_GFMUL(%%xmm9, HR, XR) "vpshufb %[BSWAP_MASK], %%xmm4, %%xmm4\n\t" - "addl $16, "VAR(KR)"\n\t" - "vpxor %%xmm4, "VAR(XR)", "VAR(XR)"\n\t" - "cmpl %%r13d, "VAR(KR)"\n\t" + "addl $16, " VAR(KR) "\n\t" + "vpxor %%xmm4, " VAR(XR) ", " VAR(XR) "\n\t" + "cmpl %%r13d, " VAR(KR) "\n\t" "jl 12b\n\t" "\n" "13:\n\t" @@ -5600,7 +5600,7 @@ static void AES_GCM_encrypt_avx1(const unsigned char *in, unsigned char *out, CALC_TAG_AVX1() STORE_TAG_AVX() - "addq $"VAR(STACK_OFFSET)", %%rsp\n\t" + "addq $" VAR(STACK_OFFSET) ", %%rsp\n\t" "vzeroupper\n\t" : @@ -5628,10 +5628,10 @@ static void AES_GCM_encrypt_avx1(const unsigned char *in, unsigned char *out, #ifdef HAVE_INTEL_AVX2 /* Encrypt and carry-less multiply for AVX2. */ #define VAESENC_PCLMUL_AVX2_1(src, o1, o2, o3) \ - "vmovdqu "#o2"("#src"), %%xmm12\n\t" \ - "vmovdqa "#o1"(%[KEY]), %%xmm0\n\t" \ + "vmovdqu " #o2 "(" #src "), %%xmm12\n\t" \ + "vmovdqa " #o1 "(%[KEY]), %%xmm0\n\t" \ "vpshufb %[BSWAP_MASK], %%xmm12, %%xmm12\n\t" \ - "vmovdqu "#o3"("VAR(HTR)"), %%xmm13\n\t" \ + "vmovdqu " #o3 "(" VAR(HTR) "), %%xmm13\n\t" \ "vpxor %%xmm2, %%xmm12, %%xmm12\n\t" \ "vpclmulqdq $0x10, %%xmm13, %%xmm12, %%xmm1\n\t" \ "vpclmulqdq $0x01, %%xmm13, %%xmm12, %%xmm14\n\t" \ @@ -5647,15 +5647,15 @@ static void AES_GCM_encrypt_avx1(const unsigned char *in, unsigned char *out, "vaesenc %%xmm0, %%xmm11, %%xmm11\n\t" \ #define VAESENC_PCLMUL_AVX2_2(src, o1, o2, o3) \ - "vmovdqu "#o2"("#src"), %%xmm12\n\t" \ - "vmovdqu "#o3"("VAR(HTR)"), %%xmm0\n\t" \ + "vmovdqu " #o2 "(" #src "), %%xmm12\n\t" \ + "vmovdqu " #o3 "(" VAR(HTR) "), %%xmm0\n\t" \ "vpshufb %[BSWAP_MASK], %%xmm12, %%xmm12\n\t" \ "vpxor %%xmm14, %%xmm1, %%xmm1\n\t" \ "vpclmulqdq $0x10, %%xmm0, %%xmm12, %%xmm13\n\t" \ "vpclmulqdq $0x01, %%xmm0, %%xmm12, %%xmm14\n\t" \ "vpclmulqdq $0x00, %%xmm0, %%xmm12, %%xmm15\n\t" \ "vpclmulqdq $0x11, %%xmm0, %%xmm12, %%xmm12\n\t" \ - "vmovdqa "#o1"(%[KEY]), %%xmm0\n\t" \ + "vmovdqa " #o1 "(%[KEY]), %%xmm0\n\t" \ "vpxor %%xmm13, %%xmm1, %%xmm1\n\t" \ "vpxor %%xmm12, %%xmm3, %%xmm3\n\t" \ "vaesenc %%xmm0, %%xmm4, %%xmm4\n\t" \ @@ -5668,8 +5668,8 @@ static void AES_GCM_encrypt_avx1(const unsigned char *in, unsigned char *out, "vaesenc %%xmm0, %%xmm11, %%xmm11\n\t" \ #define VAESENC_PCLMUL_AVX2_N(src, o1, o2, o3) \ - "vmovdqu "#o2"("#src"), %%xmm12\n\t" \ - "vmovdqu "#o3"("VAR(HTR)"), %%xmm0\n\t" \ + "vmovdqu " #o2 "(" #src "), %%xmm12\n\t" \ + "vmovdqu " #o3 "(" VAR(HTR) "), %%xmm0\n\t" \ "vpshufb %[BSWAP_MASK], %%xmm12, %%xmm12\n\t" \ "vpxor %%xmm14, %%xmm1, %%xmm1\n\t" \ "vpxor %%xmm15, %%xmm2, %%xmm2\n\t" \ @@ -5677,7 +5677,7 @@ static void AES_GCM_encrypt_avx1(const unsigned char *in, unsigned char *out, "vpclmulqdq $0x01, %%xmm0, %%xmm12, %%xmm14\n\t" \ "vpclmulqdq $0x00, %%xmm0, %%xmm12, %%xmm15\n\t" \ "vpclmulqdq $0x11, %%xmm0, %%xmm12, %%xmm12\n\t" \ - "vmovdqa "#o1"(%[KEY]), %%xmm0\n\t" \ + "vmovdqa " #o1 "(%[KEY]), %%xmm0\n\t" \ "vpxor %%xmm13, %%xmm1, %%xmm1\n\t" \ "vpxor %%xmm12, %%xmm3, %%xmm3\n\t" \ "vaesenc %%xmm0, %%xmm4, %%xmm4\n\t" \ @@ -5714,39 +5714,39 @@ static void AES_GCM_encrypt_avx1(const unsigned char *in, unsigned char *out, "vpxor %%xmm3, %%xmm2, %%xmm2\n\t" \ "vaesenc %%xmm15, %%xmm11, %%xmm11\n\t" -#define VAESENC_BLOCK_AVX2() \ - "vmovdqu "VAR(CTR1)", %%xmm5\n\t" \ - "vpshufb %[BSWAP_EPI64], %%xmm5, %%xmm4\n\t" \ - "vpaddd %[ONE], %%xmm5, %%xmm5\n\t" \ - "vmovdqu %%xmm5, "VAR(CTR1)"\n\t" \ - "vpxor (%[KEY]), %%xmm4, %%xmm4\n\t" \ - "vaesenc 16(%[KEY]), %%xmm4, %%xmm4\n\t" \ - "vaesenc 32(%[KEY]), %%xmm4, %%xmm4\n\t" \ - "vaesenc 48(%[KEY]), %%xmm4, %%xmm4\n\t" \ - "vaesenc 64(%[KEY]), %%xmm4, %%xmm4\n\t" \ - "vaesenc 80(%[KEY]), %%xmm4, %%xmm4\n\t" \ - "vaesenc 96(%[KEY]), %%xmm4, %%xmm4\n\t" \ - "vaesenc 112(%[KEY]), %%xmm4, %%xmm4\n\t" \ - "vaesenc 128(%[KEY]), %%xmm4, %%xmm4\n\t" \ - "vaesenc 144(%[KEY]), %%xmm4, %%xmm4\n\t" \ - "cmpl $11, %[nr]\n\t" \ - "vmovdqa 160(%[KEY]), %%xmm5\n\t" \ - "jl %=f\n\t" \ - "vaesenc %%xmm5, %%xmm4, %%xmm4\n\t" \ - "vaesenc 176(%[KEY]), %%xmm4, %%xmm4\n\t" \ - "cmpl $13, %[nr]\n\t" \ - "vmovdqa 192(%[KEY]), %%xmm5\n\t" \ - "jl %=f\n\t" \ - "vaesenc %%xmm5, %%xmm4, %%xmm4\n\t" \ - "vaesenc 208(%[KEY]), %%xmm4, %%xmm4\n\t" \ - "vmovdqa 224(%[KEY]), %%xmm5\n\t" \ - "%=:\n\t" \ - "vaesenclast %%xmm5, %%xmm4, %%xmm4\n\t" \ - "vmovdqu (%[in],"VAR(KR64)",1), %%xmm5\n\t" \ - "vpxor %%xmm5, %%xmm4, %%xmm4\n\t" \ - "vmovdqu %%xmm4, (%[out],"VAR(KR64)",1)\n\t" \ - "vpshufb %[BSWAP_MASK], %%xmm4, %%xmm4\n\t" \ - "vpxor %%xmm4, "VAR(XR)", "VAR(XR)"\n\t" +#define VAESENC_BLOCK_AVX2() \ + "vmovdqu " VAR(CTR1) ", %%xmm5\n\t" \ + "vpshufb %[BSWAP_EPI64], %%xmm5, %%xmm4\n\t" \ + "vpaddd %[ONE], %%xmm5, %%xmm5\n\t" \ + "vmovdqu %%xmm5, " VAR(CTR1) "\n\t" \ + "vpxor (%[KEY]), %%xmm4, %%xmm4\n\t" \ + "vaesenc 16(%[KEY]), %%xmm4, %%xmm4\n\t" \ + "vaesenc 32(%[KEY]), %%xmm4, %%xmm4\n\t" \ + "vaesenc 48(%[KEY]), %%xmm4, %%xmm4\n\t" \ + "vaesenc 64(%[KEY]), %%xmm4, %%xmm4\n\t" \ + "vaesenc 80(%[KEY]), %%xmm4, %%xmm4\n\t" \ + "vaesenc 96(%[KEY]), %%xmm4, %%xmm4\n\t" \ + "vaesenc 112(%[KEY]), %%xmm4, %%xmm4\n\t" \ + "vaesenc 128(%[KEY]), %%xmm4, %%xmm4\n\t" \ + "vaesenc 144(%[KEY]), %%xmm4, %%xmm4\n\t" \ + "cmpl $11, %[nr]\n\t" \ + "vmovdqa 160(%[KEY]), %%xmm5\n\t" \ + "jl %=f\n\t" \ + "vaesenc %%xmm5, %%xmm4, %%xmm4\n\t" \ + "vaesenc 176(%[KEY]), %%xmm4, %%xmm4\n\t" \ + "cmpl $13, %[nr]\n\t" \ + "vmovdqa 192(%[KEY]), %%xmm5\n\t" \ + "jl %=f\n\t" \ + "vaesenc %%xmm5, %%xmm4, %%xmm4\n\t" \ + "vaesenc 208(%[KEY]), %%xmm4, %%xmm4\n\t" \ + "vmovdqa 224(%[KEY]), %%xmm5\n\t" \ + "%=:\n\t" \ + "vaesenclast %%xmm5, %%xmm4, %%xmm4\n\t" \ + "vmovdqu (%[in]," VAR(KR64) ",1), %%xmm5\n\t" \ + "vpxor %%xmm5, %%xmm4, %%xmm4\n\t" \ + "vmovdqu %%xmm4, (%[out]," VAR(KR64) ",1)\n\t" \ + "vpshufb %[BSWAP_MASK], %%xmm4, %%xmm4\n\t" \ + "vpxor %%xmm4, " VAR(XR) ", " VAR(XR) "\n\t" /* Karatsuba multiplication - slower * H01 = H[1] ^ H[0] (top and bottom 64-bits XORed) @@ -5775,36 +5775,36 @@ static void AES_GCM_encrypt_avx1(const unsigned char *in, unsigned char *out, "vmovdqa 224(%[KEY]), %%xmm5\n\t" \ "%=:\n\t" \ "vaesenclast %%xmm5, %%xmm4, %%xmm4\n\t" \ - "vmovdqu "#in", %%xmm0\n\t" \ + "vmovdqu " #in ", %%xmm0\n\t" \ "vpxor %%xmm0, %%xmm4, %%xmm4\n\t" \ -\ - "vpsrldq $8, "#X", %%xmm2\n\t" \ - "vpxor "#X", %%xmm2, %%xmm2\n\t" \ - "vpclmulqdq $0x00, "#H", "#X", %%xmm5\n\t" \ - "vpclmulqdq $0x11, "#H", "#X", %%xmm8\n\t" \ - "vpclmulqdq $0x00, "#H01", %%xmm2, %%xmm7\n\t" \ - "vpxor %%xmm5, %%xmm7, %%xmm7\n\t" \ - "vpxor %%xmm8, %%xmm7, %%xmm7\n\t" \ - "vpslldq $8, %%xmm7, %%xmm6\n\t" \ - "vpsrldq $8, %%xmm7, %%xmm7\n\t" \ - "vpxor %%xmm7, %%xmm8, %%xmm8\n\t" \ - "vpxor %%xmm5, %%xmm6, %%xmm6\n\t" \ -\ - "vpclmulqdq $0x10, %[MOD2_128], %%xmm6, %%xmm5\n\t" \ - "vpshufd $0x4e, %%xmm6, %%xmm6\n\t" \ - "vpxor %%xmm5, %%xmm6, %%xmm6\n\t" \ - "vpclmulqdq $0x10, %[MOD2_128], %%xmm6, %%xmm5\n\t" \ - "vpshufd $0x4e, %%xmm6, %%xmm6\n\t" \ - "vpxor %%xmm8, %%xmm6, %%xmm6\n\t" \ - "vpxor %%xmm5, %%xmm6, "VAR(XR)"\n\t" + \ + "vpsrldq $8, " #X ", %%xmm2\n\t" \ + "vpxor " #X ", %%xmm2, %%xmm2\n\t" \ + "vpclmulqdq $0x00, " #H ", " #X ", %%xmm5\n\t" \ + "vpclmulqdq $0x11, " #H ", " #X ", %%xmm8\n\t" \ + "vpclmulqdq $0x00, "#H01", %%xmm2, %%xmm7\n\t" \ + "vpxor %%xmm5, %%xmm7, %%xmm7\n\t" \ + "vpxor %%xmm8, %%xmm7, %%xmm7\n\t" \ + "vpslldq $8, %%xmm7, %%xmm6\n\t" \ + "vpsrldq $8, %%xmm7, %%xmm7\n\t" \ + "vpxor %%xmm7, %%xmm8, %%xmm8\n\t" \ + "vpxor %%xmm5, %%xmm6, %%xmm6\n\t" \ + \ + "vpclmulqdq $0x10, %[MOD2_128], %%xmm6, %%xmm5\n\t" \ + "vpshufd $0x4e, %%xmm6, %%xmm6\n\t" \ + "vpxor %%xmm5, %%xmm6, %%xmm6\n\t" \ + "vpclmulqdq $0x10, %[MOD2_128], %%xmm6, %%xmm5\n\t" \ + "vpshufd $0x4e, %%xmm6, %%xmm6\n\t" \ + "vpxor %%xmm8, %%xmm6, %%xmm6\n\t" \ + "vpxor %%xmm5, %%xmm6, " VAR(XR) "\n\t" #define VAESENC_GFMUL_AVX2(in, H, X, ctr1) \ _VAESENC_GFMUL_AVX2(in, H, X, ctr1) #define _VAESENC_GFMUL_SB_AVX2(in, H, X, ctr1) \ - "vpclmulqdq $0x10, "#H", "#X", %%xmm7\n\t" \ - "vpclmulqdq $0x01, "#H", "#X", %%xmm6\n\t" \ - "vpclmulqdq $0x00, "#H", "#X", %%xmm5\n\t" \ - "vpclmulqdq $0x11, "#H", "#X", %%xmm8\n\t" \ + "vpclmulqdq $0x10, " #H ", " #X ", %%xmm7\n\t" \ + "vpclmulqdq $0x01, " #H ", " #X ", %%xmm6\n\t" \ + "vpclmulqdq $0x00, " #H ", " #X ", %%xmm5\n\t" \ + "vpclmulqdq $0x11, " #H ", " #X ", %%xmm8\n\t" \ "vpxor (%[KEY]), %%xmm4, %%xmm4\n\t" \ "vaesenc 16(%[KEY]), %%xmm4, %%xmm4\n\t" \ "vpxor %%xmm6, %%xmm7, %%xmm7\n\t" \ @@ -5839,8 +5839,8 @@ static void AES_GCM_encrypt_avx1(const unsigned char *in, unsigned char *out, "vmovdqa 224(%[KEY]), %%xmm3\n\t" \ "%=:\n\t" \ "vaesenclast %%xmm3, %%xmm4, %%xmm4\n\t" \ - "vpxor %%xmm5, %%xmm6, "VAR(XR)"\n\t" \ - "vmovdqu "#in", %%xmm5\n\t" \ + "vpxor %%xmm5, %%xmm6, " VAR(XR) "\n\t" \ + "vmovdqu " #in ", %%xmm5\n\t" \ "vpxor %%xmm5, %%xmm4, %%xmm4\n\t" #define VAESENC_GFMUL_SB_AVX2(in, H, X, ctr1) \ _VAESENC_GFMUL_SB_AVX2(in, H, X, ctr1) @@ -5855,21 +5855,21 @@ static void AES_GCM_encrypt_avx1(const unsigned char *in, unsigned char *out, "vpslldq $8, %%xmm2, %%xmm1\n\t" \ "vpsrldq $8, %%xmm2, %%xmm2\n\t" \ "vpxor %%xmm1, %%xmm0, "#r2"\n\t" \ - "vpxor %%xmm2, %%xmm3, "#r"\n\t" + "vpxor %%xmm2, %%xmm3, " #r "\n\t" #define GHASH_GFMUL_AVX2(r, r2, a, b) \ _GHASH_GFMUL_AVX2(r, r2, a, b) -#define GHASH_MID_AVX2(r, r2) \ - "vpsrld $31, "#r2", %%xmm0\n\t" \ - "vpsrld $31, "#r", %%xmm1\n\t" \ - "vpslld $1, "#r2", "#r2"\n\t" \ - "vpslld $1, "#r", "#r"\n\t" \ - "vpsrldq $12, %%xmm0, %%xmm2\n\t" \ - "vpslldq $4, %%xmm0, %%xmm0\n\t" \ - "vpslldq $4, %%xmm1, %%xmm1\n\t" \ - "vpor %%xmm2, "#r", "#r"\n\t" \ - "vpor %%xmm0, "#r2", "#r2"\n\t" \ - "vpor %%xmm1, "#r", "#r"\n\t" +#define GHASH_MID_AVX2(r, r2) \ + "vpsrld $31, "#r2", %%xmm0\n\t" \ + "vpsrld $31, " #r ", %%xmm1\n\t" \ + "vpslld $1, "#r2", "#r2"\n\t" \ + "vpslld $1, " #r ", " #r "\n\t" \ + "vpsrldq $12, %%xmm0, %%xmm2\n\t" \ + "vpslldq $4, %%xmm0, %%xmm0\n\t" \ + "vpslldq $4, %%xmm1, %%xmm1\n\t" \ + "vpor %%xmm2, " #r ", " #r "\n\t" \ + "vpor %%xmm0, "#r2", "#r2"\n\t" \ + "vpor %%xmm1, " #r ", " #r "\n\t" #define _GHASH_GFMUL_RED_AVX2(r, a, b) \ "vpclmulqdq $0x10, "#a", "#b", %%xmm7\n\t" \ @@ -5887,7 +5887,7 @@ static void AES_GCM_encrypt_avx1(const unsigned char *in, unsigned char *out, "vpshufd $0x4e, %%xmm6, %%xmm6\n\t" \ "vpxor %%xmm7, %%xmm8, %%xmm8\n\t" \ "vpxor %%xmm8, %%xmm6, %%xmm6\n\t" \ - "vpxor %%xmm5, %%xmm6, "#r"\n\t" + "vpxor %%xmm5, %%xmm6, " #r "\n\t" #define GHASH_GFMUL_RED_AVX2(r, a, b) \ _GHASH_GFMUL_RED_AVX2(r, a, b) @@ -5900,7 +5900,7 @@ static void AES_GCM_encrypt_avx1(const unsigned char *in, unsigned char *out, "vpclmulqdq $0x10, "#mod128", %%xmm6, %%xmm5\n\t" \ "vpshufd $0x4e, %%xmm6, %%xmm6\n\t" \ "vpxor %%xmm5, %%xmm6, %%xmm6\n\t" \ - "vpxor %%xmm6, %%xmm8, "#r"\n\t" + "vpxor %%xmm6, %%xmm8, " #r "\n\t" #define GHASH_GFSQR_RED2_AVX2(r, a, mod128) \ _GHASH_GFSQR_RED2_AVX2(r, a, mod128) @@ -5935,23 +5935,23 @@ static void AES_GCM_encrypt_avx1(const unsigned char *in, unsigned char *out, #define CALC_HT_8_AVX2() \ "vmovdqa %[MOD2_128], %%xmm11\n\t" \ - "vmovdqa "VAR(XR)", %%xmm2\n\t" \ + "vmovdqa " VAR(XR) ", %%xmm2\n\t" \ "# H ^ 1 and H ^ 2\n\t" \ GHASH_GFSQR_RED2_AVX2(%%xmm0, HR, %%xmm11) \ - "vmovdqu "VAR(HR)", 0("VAR(HTR)")\n\t" \ - "vmovdqu %%xmm0 , 16("VAR(HTR)")\n\t" \ + "vmovdqu " VAR(HR) ", 0(" VAR(HTR) ")\n\t" \ + "vmovdqu %%xmm0 , 16(" VAR(HTR) ")\n\t" \ "# H ^ 3 and H ^ 4\n\t" \ GHASH_GFMUL_SQR_RED2_AVX2(%%xmm1, %%xmm3, HR, %%xmm0, %%xmm11) \ - "vmovdqu %%xmm1 , 32("VAR(HTR)")\n\t" \ - "vmovdqu %%xmm3 , 48("VAR(HTR)")\n\t" \ + "vmovdqu %%xmm1 , 32(" VAR(HTR) ")\n\t" \ + "vmovdqu %%xmm3 , 48(" VAR(HTR) ")\n\t" \ "# H ^ 5 and H ^ 6\n\t" \ GHASH_GFMUL_SQR_RED2_AVX2(%%xmm12, %%xmm0, %%xmm0, %%xmm1, %%xmm11) \ - "vmovdqu %%xmm12, 64("VAR(HTR)")\n\t" \ - "vmovdqu %%xmm0 , 80("VAR(HTR)")\n\t" \ + "vmovdqu %%xmm12, 64(" VAR(HTR) ")\n\t" \ + "vmovdqu %%xmm0 , 80(" VAR(HTR) ")\n\t" \ "# H ^ 7 and H ^ 8\n\t" \ GHASH_GFMUL_SQR_RED2_AVX2(%%xmm12, %%xmm0, %%xmm1, %%xmm3, %%xmm11) \ - "vmovdqu %%xmm12, 96("VAR(HTR)")\n\t" \ - "vmovdqu %%xmm0 , 112("VAR(HTR)")\n\t" + "vmovdqu %%xmm12, 96(" VAR(HTR) ")\n\t" \ + "vmovdqu %%xmm0 , 112(" VAR(HTR) ")\n\t" #define _GHASH_RED_AVX2(r, r2) \ "vmovdqa %[MOD2_128], %%xmm2\n\t" \ @@ -5961,7 +5961,7 @@ static void AES_GCM_encrypt_avx1(const unsigned char *in, unsigned char *out, "vpclmulqdq $0x10, %%xmm2, %%xmm1, %%xmm0\n\t" \ "vpshufd $0x4e, %%xmm1, %%xmm1\n\t" \ "vpxor %%xmm0, %%xmm1, %%xmm1\n\t" \ - "vpxor %%xmm1, "#r", "#r"\n\t" + "vpxor %%xmm1, " #r ", " #r "\n\t" #define GHASH_RED_AVX2(r, r2) \ _GHASH_RED_AVX2(r, r2) @@ -5974,7 +5974,7 @@ static void AES_GCM_encrypt_avx1(const unsigned char *in, unsigned char *out, "vpclmulqdq $0x10, "#a", "#b", "#r3"\n\t" \ "vpclmulqdq $0x01, "#a", "#b", %%xmm1\n\t" \ "vpclmulqdq $0x00, "#a", "#b", "#r2"\n\t" \ - "vpclmulqdq $0x11, "#a", "#b", "#r"\n\t" \ + "vpclmulqdq $0x11, "#a", "#b", " #r "\n\t" \ "vpxor %%xmm1, "#r3", "#r3"\n\t" #define GFMUL_3V_AVX2(r, r2, r3, a, b) \ _GFMUL_3V_AVX2(r, r2, r3, a, b) @@ -5985,200 +5985,200 @@ static void AES_GCM_encrypt_avx1(const unsigned char *in, unsigned char *out, "vpclmulqdq $0x00, "#a", "#b", %%xmm0\n\t" \ "vpclmulqdq $0x11, "#a", "#b", %%xmm3\n\t" \ "vpxor %%xmm1, %%xmm2, %%xmm2\n\t" \ - "vpxor %%xmm3, "#r", "#r"\n\t" \ + "vpxor %%xmm3, " #r ", " #r "\n\t" \ "vpxor %%xmm2, "#r3", "#r3"\n\t" \ "vpxor %%xmm0, "#r2", "#r2"\n\t" #define GFMUL_XOR_3V_AVX2(r, r2, r3, a, b) \ _GFMUL_XOR_3V_AVX2(r, r2, r3, a, b) #define GHASH_GFMUL_RED_8_AVX2() \ - "vmovdqu ("VAR(HTR)"), %%xmm12\n\t" \ + "vmovdqu (" VAR(HTR) "), %%xmm12\n\t" \ GFMUL_3V_AVX2(XR, %%xmm13, %%xmm14, %%xmm11, %%xmm12) \ - "vmovdqu 16("VAR(HTR)"), %%xmm12\n\t" \ + "vmovdqu 16(" VAR(HTR) "), %%xmm12\n\t" \ GFMUL_XOR_3V_AVX2(XR, %%xmm13, %%xmm14, %%xmm10, %%xmm12) \ - "vmovdqu 32("VAR(HTR)"), %%xmm11\n\t" \ - "vmovdqu 48("VAR(HTR)"), %%xmm12\n\t" \ + "vmovdqu 32(" VAR(HTR) "), %%xmm11\n\t" \ + "vmovdqu 48(" VAR(HTR) "), %%xmm12\n\t" \ GFMUL_XOR_3V_AVX2(XR, %%xmm13, %%xmm14, %%xmm9, %%xmm11) \ GFMUL_XOR_3V_AVX2(XR, %%xmm13, %%xmm14, %%xmm8, %%xmm12) \ - "vmovdqu 64("VAR(HTR)"), %%xmm11\n\t" \ - "vmovdqu 80("VAR(HTR)"), %%xmm12\n\t" \ + "vmovdqu 64(" VAR(HTR) "), %%xmm11\n\t" \ + "vmovdqu 80(" VAR(HTR) "), %%xmm12\n\t" \ GFMUL_XOR_3V_AVX2(XR, %%xmm13, %%xmm14, %%xmm7, %%xmm11) \ GFMUL_XOR_3V_AVX2(XR, %%xmm13, %%xmm14, %%xmm6, %%xmm12) \ - "vmovdqu 96("VAR(HTR)"), %%xmm11\n\t" \ - "vmovdqu 112("VAR(HTR)"), %%xmm12\n\t" \ + "vmovdqu 96(" VAR(HTR) "), %%xmm11\n\t" \ + "vmovdqu 112(" VAR(HTR) "), %%xmm12\n\t" \ GFMUL_XOR_3V_AVX2(XR, %%xmm13, %%xmm14, %%xmm5, %%xmm11) \ GFMUL_XOR_3V_AVX2(XR, %%xmm13, %%xmm14, %%xmm4, %%xmm12) \ "vpslldq $8, %%xmm14, %%xmm12\n\t" \ "vpsrldq $8, %%xmm14, %%xmm14\n\t" \ "vpxor %%xmm12, %%xmm13, %%xmm13\n\t" \ - "vpxor %%xmm14, "VAR(XR)", "VAR(XR)"\n\t" \ + "vpxor %%xmm14, " VAR(XR) ", " VAR(XR) "\n\t" \ GHASH_RED_AVX2(XR, %%xmm13) -#define CALC_IV_12_AVX2() \ - "# Calculate values when IV is 12 bytes\n\t" \ - "# Set counter based on IV\n\t" \ - "movl $0x01000000, %%ecx\n\t" \ - "vpinsrq $0, 0(%%rax), %%xmm13, %%xmm13\n\t" \ - "vpinsrd $2, 8(%%rax), %%xmm13, %%xmm13\n\t" \ - "vpinsrd $3, %%ecx, %%xmm13, %%xmm13\n\t" \ - "# H = Encrypt X(=0) and T = Encrypt counter\n\t" \ - "vmovdqa 0(%[KEY]), "VAR(HR)"\n\t" \ - "vmovdqa 16(%[KEY]), %%xmm12\n\t" \ - "vpxor "VAR(HR)", %%xmm13, %%xmm1\n\t" \ - "vaesenc %%xmm12, "VAR(HR)", "VAR(HR)"\n\t" \ - "vaesenc %%xmm12, %%xmm1, %%xmm1\n\t" \ - "vmovdqa 32(%[KEY]), %%xmm0\n\t" \ - "vmovdqa 48(%[KEY]), %%xmm12\n\t" \ - "vaesenc %%xmm0, "VAR(HR)", "VAR(HR)"\n\t" \ - "vaesenc %%xmm0, %%xmm1, %%xmm1\n\t" \ - "vaesenc %%xmm12, "VAR(HR)", "VAR(HR)"\n\t" \ - "vaesenc %%xmm12, %%xmm1, %%xmm1\n\t" \ - "vmovdqa 64(%[KEY]), %%xmm0\n\t" \ - "vmovdqa 80(%[KEY]), %%xmm12\n\t" \ - "vaesenc %%xmm0, "VAR(HR)", "VAR(HR)"\n\t" \ - "vaesenc %%xmm0, %%xmm1, %%xmm1\n\t" \ - "vaesenc %%xmm12, "VAR(HR)", "VAR(HR)"\n\t" \ - "vaesenc %%xmm12, %%xmm1, %%xmm1\n\t" \ - "vmovdqa 96(%[KEY]), %%xmm0\n\t" \ - "vmovdqa 112(%[KEY]), %%xmm12\n\t" \ - "vaesenc %%xmm0, "VAR(HR)", "VAR(HR)"\n\t" \ - "vaesenc %%xmm0, %%xmm1, %%xmm1\n\t" \ - "vaesenc %%xmm12, "VAR(HR)", "VAR(HR)"\n\t" \ - "vaesenc %%xmm12, %%xmm1, %%xmm1\n\t" \ - "vmovdqa 128(%[KEY]), %%xmm0\n\t" \ - "vmovdqa 144(%[KEY]), %%xmm12\n\t" \ - "vaesenc %%xmm0, "VAR(HR)", "VAR(HR)"\n\t" \ - "vaesenc %%xmm0, %%xmm1, %%xmm1\n\t" \ - "vaesenc %%xmm12, "VAR(HR)", "VAR(HR)"\n\t" \ - "vaesenc %%xmm12, %%xmm1, %%xmm1\n\t" \ - "cmpl $11, %[nr]\n\t" \ - "vmovdqa 160(%[KEY]), %%xmm0\n\t" \ - "jl 31f\n\t" \ - "vmovdqa 176(%[KEY]), %%xmm12\n\t" \ - "vaesenc %%xmm0, "VAR(HR)", "VAR(HR)"\n\t" \ - "vaesenc %%xmm0, %%xmm1, %%xmm1\n\t" \ - "vaesenc %%xmm12, "VAR(HR)", "VAR(HR)"\n\t" \ - "vaesenc %%xmm12, %%xmm1, %%xmm1\n\t" \ - "cmpl $13, %[nr]\n\t" \ - "vmovdqa 192(%[KEY]), %%xmm0\n\t" \ - "jl 31f\n\t" \ - "vmovdqa 208(%[KEY]), %%xmm12\n\t" \ - "vaesenc %%xmm0, "VAR(HR)", "VAR(HR)"\n\t" \ - "vaesenc %%xmm0, %%xmm1, %%xmm1\n\t" \ - "vaesenc %%xmm12, "VAR(HR)", "VAR(HR)"\n\t" \ - "vaesenc %%xmm12, %%xmm1, %%xmm1\n\t" \ - "vmovdqu 224(%[KEY]), %%xmm0\n\t" \ - "31:\n\t" \ - "vaesenclast %%xmm0, "VAR(HR)", "VAR(HR)"\n\t" \ - "vaesenclast %%xmm0, %%xmm1, %%xmm1\n\t" \ - "vpshufb %[BSWAP_MASK], "VAR(HR)", "VAR(HR)"\n\t" \ - "vmovdqu %%xmm1, "VAR(TR)"\n\t" \ +#define CALC_IV_12_AVX2() \ + "# Calculate values when IV is 12 bytes\n\t" \ + "# Set counter based on IV\n\t" \ + "movl $0x01000000, %%ecx\n\t" \ + "vpinsrq $0, 0(%%rax), %%xmm13, %%xmm13\n\t" \ + "vpinsrd $2, 8(%%rax), %%xmm13, %%xmm13\n\t" \ + "vpinsrd $3, %%ecx, %%xmm13, %%xmm13\n\t" \ + "# H = Encrypt X(=0) and T = Encrypt counter\n\t" \ + "vmovdqa 0(%[KEY]), " VAR(HR) "\n\t" \ + "vmovdqa 16(%[KEY]), %%xmm12\n\t" \ + "vpxor " VAR(HR) ", %%xmm13, %%xmm1\n\t" \ + "vaesenc %%xmm12, " VAR(HR) ", " VAR(HR) "\n\t" \ + "vaesenc %%xmm12, %%xmm1, %%xmm1\n\t" \ + "vmovdqa 32(%[KEY]), %%xmm0\n\t" \ + "vmovdqa 48(%[KEY]), %%xmm12\n\t" \ + "vaesenc %%xmm0, " VAR(HR) ", " VAR(HR) "\n\t" \ + "vaesenc %%xmm0, %%xmm1, %%xmm1\n\t" \ + "vaesenc %%xmm12, " VAR(HR) ", " VAR(HR) "\n\t" \ + "vaesenc %%xmm12, %%xmm1, %%xmm1\n\t" \ + "vmovdqa 64(%[KEY]), %%xmm0\n\t" \ + "vmovdqa 80(%[KEY]), %%xmm12\n\t" \ + "vaesenc %%xmm0, " VAR(HR) ", " VAR(HR) "\n\t" \ + "vaesenc %%xmm0, %%xmm1, %%xmm1\n\t" \ + "vaesenc %%xmm12, " VAR(HR) ", " VAR(HR) "\n\t" \ + "vaesenc %%xmm12, %%xmm1, %%xmm1\n\t" \ + "vmovdqa 96(%[KEY]), %%xmm0\n\t" \ + "vmovdqa 112(%[KEY]), %%xmm12\n\t" \ + "vaesenc %%xmm0, " VAR(HR) ", " VAR(HR) "\n\t" \ + "vaesenc %%xmm0, %%xmm1, %%xmm1\n\t" \ + "vaesenc %%xmm12, " VAR(HR) ", " VAR(HR) "\n\t" \ + "vaesenc %%xmm12, %%xmm1, %%xmm1\n\t" \ + "vmovdqa 128(%[KEY]), %%xmm0\n\t" \ + "vmovdqa 144(%[KEY]), %%xmm12\n\t" \ + "vaesenc %%xmm0, " VAR(HR) ", " VAR(HR) "\n\t" \ + "vaesenc %%xmm0, %%xmm1, %%xmm1\n\t" \ + "vaesenc %%xmm12, " VAR(HR) ", " VAR(HR) "\n\t" \ + "vaesenc %%xmm12, %%xmm1, %%xmm1\n\t" \ + "cmpl $11, %[nr]\n\t" \ + "vmovdqa 160(%[KEY]), %%xmm0\n\t" \ + "jl 31f\n\t" \ + "vmovdqa 176(%[KEY]), %%xmm12\n\t" \ + "vaesenc %%xmm0, " VAR(HR) ", " VAR(HR) "\n\t" \ + "vaesenc %%xmm0, %%xmm1, %%xmm1\n\t" \ + "vaesenc %%xmm12, " VAR(HR) ", " VAR(HR) "\n\t" \ + "vaesenc %%xmm12, %%xmm1, %%xmm1\n\t" \ + "cmpl $13, %[nr]\n\t" \ + "vmovdqa 192(%[KEY]), %%xmm0\n\t" \ + "jl 31f\n\t" \ + "vmovdqa 208(%[KEY]), %%xmm12\n\t" \ + "vaesenc %%xmm0, " VAR(HR) ", " VAR(HR) "\n\t" \ + "vaesenc %%xmm0, %%xmm1, %%xmm1\n\t" \ + "vaesenc %%xmm12, " VAR(HR) ", " VAR(HR) "\n\t" \ + "vaesenc %%xmm12, %%xmm1, %%xmm1\n\t" \ + "vmovdqu 224(%[KEY]), %%xmm0\n\t" \ + "31:\n\t" \ + "vaesenclast %%xmm0, " VAR(HR) ", " VAR(HR) "\n\t" \ + "vaesenclast %%xmm0, %%xmm1, %%xmm1\n\t" \ + "vpshufb %[BSWAP_MASK], " VAR(HR) ", " VAR(HR) "\n\t" \ + "vmovdqu %%xmm1, " VAR(TR) "\n\t" \ -#define CALC_IV_AVX2() \ - "# Calculate values when IV is not 12 bytes\n\t" \ - "# H = Encrypt X(=0)\n\t" \ - "vmovdqa 0(%[KEY]), "VAR(HR)"\n\t" \ - VAESENC_AVX(HR) \ - "vpshufb %[BSWAP_MASK], "VAR(HR)", "VAR(HR)"\n\t" \ - "# Calc counter\n\t" \ - "# Initialization vector\n\t" \ - "cmpl $0, %%edx\n\t" \ - "movq $0, %%rcx\n\t" \ - "je 45f\n\t" \ - "cmpl $16, %%edx\n\t" \ - "jl 44f\n\t" \ - "andl $0xfffffff0, %%edx\n\t" \ - "\n" \ - "43:\n\t" \ - "vmovdqu (%%rax,%%rcx,1), %%xmm4\n\t" \ - "vpshufb %[BSWAP_MASK], %%xmm4, %%xmm4\n\t" \ - "vpxor %%xmm4, %%xmm13, %%xmm13\n\t" \ - GHASH_FULL_AVX2(%%xmm13, %%xmm12, %%xmm13, HR) \ - "addl $16, %%ecx\n\t" \ - "cmpl %%edx, %%ecx\n\t" \ - "jl 43b\n\t" \ - "movl %[ibytes], %%edx\n\t" \ - "cmpl %%edx, %%ecx\n\t" \ - "je 45f\n\t" \ - "\n" \ - "44:\n\t" \ - "subq $16, %%rsp\n\t" \ - "vpxor %%xmm4, %%xmm4, %%xmm4\n\t" \ - "xorl %%ebx, %%ebx\n\t" \ - "vmovdqu %%xmm4, (%%rsp)\n\t" \ - "42:\n\t" \ - "movzbl (%%rax,%%rcx,1), %%r13d\n\t" \ - "movb %%r13b, (%%rsp,%%rbx,1)\n\t" \ - "incl %%ecx\n\t" \ - "incl %%ebx\n\t" \ - "cmpl %%edx, %%ecx\n\t" \ - "jl 42b\n\t" \ - "vmovdqu (%%rsp), %%xmm4\n\t" \ - "addq $16, %%rsp\n\t" \ - "vpshufb %[BSWAP_MASK], %%xmm4, %%xmm4\n\t" \ - "vpxor %%xmm4, %%xmm13, %%xmm13\n\t" \ - GHASH_FULL_AVX2(%%xmm13, %%xmm12, %%xmm13, HR) \ - "\n" \ - "45:\n\t" \ - "# T = Encrypt counter\n\t" \ - "vpxor %%xmm0, %%xmm0, %%xmm0\n\t" \ - "shll $3, %%edx\n\t" \ - "vpinsrq $0, %%rdx, %%xmm0, %%xmm0\n\t" \ - "vpxor %%xmm0, %%xmm13, %%xmm13\n\t" \ - GHASH_FULL_AVX2(%%xmm13, %%xmm12, %%xmm13, HR) \ - "vpshufb %[BSWAP_MASK], %%xmm13, %%xmm13\n\t" \ - "# Encrypt counter\n\t" \ - "vmovdqa 0(%[KEY]), %%xmm4\n\t" \ - "vpxor %%xmm13, %%xmm4, %%xmm4\n\t" \ - VAESENC_AVX(%%xmm4) \ - "vmovdqu %%xmm4, "VAR(TR)"\n\t" +#define CALC_IV_AVX2() \ + "# Calculate values when IV is not 12 bytes\n\t" \ + "# H = Encrypt X(=0)\n\t" \ + "vmovdqa 0(%[KEY]), " VAR(HR) "\n\t" \ + VAESENC_AVX(HR) \ + "vpshufb %[BSWAP_MASK], " VAR(HR) ", " VAR(HR) "\n\t" \ + "# Calc counter\n\t" \ + "# Initialization vector\n\t" \ + "cmpl $0, %%edx\n\t" \ + "movq $0, %%rcx\n\t" \ + "je 45f\n\t" \ + "cmpl $16, %%edx\n\t" \ + "jl 44f\n\t" \ + "andl $0xfffffff0, %%edx\n\t" \ + "\n" \ + "43:\n\t" \ + "vmovdqu (%%rax,%%rcx,1), %%xmm4\n\t" \ + "vpshufb %[BSWAP_MASK], %%xmm4, %%xmm4\n\t" \ + "vpxor %%xmm4, %%xmm13, %%xmm13\n\t" \ + GHASH_FULL_AVX2(%%xmm13, %%xmm12, %%xmm13, HR) \ + "addl $16, %%ecx\n\t" \ + "cmpl %%edx, %%ecx\n\t" \ + "jl 43b\n\t" \ + "movl %[ibytes], %%edx\n\t" \ + "cmpl %%edx, %%ecx\n\t" \ + "je 45f\n\t" \ + "\n" \ + "44:\n\t" \ + "subq $16, %%rsp\n\t" \ + "vpxor %%xmm4, %%xmm4, %%xmm4\n\t" \ + "xorl %%ebx, %%ebx\n\t" \ + "vmovdqu %%xmm4, (%%rsp)\n\t" \ + "42:\n\t" \ + "movzbl (%%rax,%%rcx,1), %%r13d\n\t" \ + "movb %%r13b, (%%rsp,%%rbx,1)\n\t" \ + "incl %%ecx\n\t" \ + "incl %%ebx\n\t" \ + "cmpl %%edx, %%ecx\n\t" \ + "jl 42b\n\t" \ + "vmovdqu (%%rsp), %%xmm4\n\t" \ + "addq $16, %%rsp\n\t" \ + "vpshufb %[BSWAP_MASK], %%xmm4, %%xmm4\n\t" \ + "vpxor %%xmm4, %%xmm13, %%xmm13\n\t" \ + GHASH_FULL_AVX2(%%xmm13, %%xmm12, %%xmm13, HR) \ + "\n" \ + "45:\n\t" \ + "# T = Encrypt counter\n\t" \ + "vpxor %%xmm0, %%xmm0, %%xmm0\n\t" \ + "shll $3, %%edx\n\t" \ + "vpinsrq $0, %%rdx, %%xmm0, %%xmm0\n\t" \ + "vpxor %%xmm0, %%xmm13, %%xmm13\n\t" \ + GHASH_FULL_AVX2(%%xmm13, %%xmm12, %%xmm13, HR) \ + "vpshufb %[BSWAP_MASK], %%xmm13, %%xmm13\n\t" \ + "# Encrypt counter\n\t" \ + "vmovdqa 0(%[KEY]), %%xmm4\n\t" \ + "vpxor %%xmm13, %%xmm4, %%xmm4\n\t" \ + VAESENC_AVX(%%xmm4) \ + "vmovdqu %%xmm4, " VAR(TR) "\n\t" -#define CALC_AAD_AVX2() \ - "# Additional authentication data\n\t" \ - "movl %[abytes], %%edx\n\t" \ - "cmpl $0, %%edx\n\t" \ - "je 25f\n\t" \ - "movq %[addt], %%rax\n\t" \ - "xorl %%ecx, %%ecx\n\t" \ - "cmpl $16, %%edx\n\t" \ - "jl 24f\n\t" \ - "andl $0xfffffff0, %%edx\n\t" \ - "\n" \ - "23:\n\t" \ - "vmovdqu (%%rax,%%rcx,1), %%xmm4\n\t" \ - "vpshufb %[BSWAP_MASK], %%xmm4, %%xmm4\n\t" \ - "vpxor %%xmm4, "VAR(XR)", "VAR(XR)"\n\t" \ - GHASH_FULL_AVX2(XR, %%xmm12, XR, HR) \ - "addl $16, %%ecx\n\t" \ - "cmpl %%edx, %%ecx\n\t" \ - "jl 23b\n\t" \ - "movl %[abytes], %%edx\n\t" \ - "cmpl %%edx, %%ecx\n\t" \ - "je 25f\n\t" \ - "\n" \ - "24:\n\t" \ - "subq $16, %%rsp\n\t" \ - "vpxor %%xmm4, %%xmm4, %%xmm4\n\t" \ - "xorl %%ebx, %%ebx\n\t" \ - "vmovdqu %%xmm4, (%%rsp)\n\t" \ - "22:\n\t" \ - "movzbl (%%rax,%%rcx,1), %%r13d\n\t" \ - "movb %%r13b, (%%rsp,%%rbx,1)\n\t" \ - "incl %%ecx\n\t" \ - "incl %%ebx\n\t" \ - "cmpl %%edx, %%ecx\n\t" \ - "jl 22b\n\t" \ - "vmovdqu (%%rsp), %%xmm4\n\t" \ - "addq $16, %%rsp\n\t" \ - "vpshufb %[BSWAP_MASK], %%xmm4, %%xmm4\n\t" \ - "vpxor %%xmm4, "VAR(XR)", "VAR(XR)"\n\t" \ - GHASH_FULL_AVX2(XR, %%xmm12, XR, HR) \ - "\n" \ +#define CALC_AAD_AVX2() \ + "# Additional authentication data\n\t" \ + "movl %[abytes], %%edx\n\t" \ + "cmpl $0, %%edx\n\t" \ + "je 25f\n\t" \ + "movq %[addt], %%rax\n\t" \ + "xorl %%ecx, %%ecx\n\t" \ + "cmpl $16, %%edx\n\t" \ + "jl 24f\n\t" \ + "andl $0xfffffff0, %%edx\n\t" \ + "\n" \ + "23:\n\t" \ + "vmovdqu (%%rax,%%rcx,1), %%xmm4\n\t" \ + "vpshufb %[BSWAP_MASK], %%xmm4, %%xmm4\n\t" \ + "vpxor %%xmm4, " VAR(XR) ", " VAR(XR) "\n\t" \ + GHASH_FULL_AVX2(XR, %%xmm12, XR, HR) \ + "addl $16, %%ecx\n\t" \ + "cmpl %%edx, %%ecx\n\t" \ + "jl 23b\n\t" \ + "movl %[abytes], %%edx\n\t" \ + "cmpl %%edx, %%ecx\n\t" \ + "je 25f\n\t" \ + "\n" \ + "24:\n\t" \ + "subq $16, %%rsp\n\t" \ + "vpxor %%xmm4, %%xmm4, %%xmm4\n\t" \ + "xorl %%ebx, %%ebx\n\t" \ + "vmovdqu %%xmm4, (%%rsp)\n\t" \ + "22:\n\t" \ + "movzbl (%%rax,%%rcx,1), %%r13d\n\t" \ + "movb %%r13b, (%%rsp,%%rbx,1)\n\t" \ + "incl %%ecx\n\t" \ + "incl %%ebx\n\t" \ + "cmpl %%edx, %%ecx\n\t" \ + "jl 22b\n\t" \ + "vmovdqu (%%rsp), %%xmm4\n\t" \ + "addq $16, %%rsp\n\t" \ + "vpshufb %[BSWAP_MASK], %%xmm4, %%xmm4\n\t" \ + "vpxor %%xmm4, " VAR(XR) ", " VAR(XR) "\n\t" \ + GHASH_FULL_AVX2(XR, %%xmm12, XR, HR) \ + "\n" \ "25:\n\t" -#define VAESENC_128_GHASH_AVX2(src, o) \ - "leaq (%[in],"VAR(KR64)",1), %%rcx\n\t" \ - "leaq (%[out],"VAR(KR64)",1), %%rdx\n\t" \ +#define VAESENC_128_GHASH_AVX2(src, o) \ + "leaq (%[in]," VAR(KR64) ",1), %%rcx\n\t" \ + "leaq (%[out]," VAR(KR64) ",1), %%rdx\n\t" \ /* src is either %%rcx or %%rdx */ \ VAESENC_CTR() \ VAESENC_XOR() \ @@ -6206,86 +6206,86 @@ static void AES_GCM_encrypt_avx1(const unsigned char *in, unsigned char *out, "4:\n\t" \ VAESENC_LAST(%%rcx, %%rdx) -#define AESENC_LAST15_ENC_AVX2() \ - "movl %[nbytes], %%ecx\n\t" \ - "movl %%ecx, %%edx\n\t" \ - "andl $0x0f, %%ecx\n\t" \ - "jz 55f\n\t" \ - "vmovdqu "VAR(CTR1)", %%xmm13\n\t" \ - "vpshufb %[BSWAP_EPI64], %%xmm13, %%xmm13\n\t" \ - "vpxor 0(%[KEY]), %%xmm13, %%xmm13\n\t" \ - VAESENC_AVX(%%xmm13) \ - "subq $16, %%rsp\n\t" \ - "xorl %%ecx, %%ecx\n\t" \ - "vmovdqu %%xmm13, (%%rsp)\n\t" \ - "\n" \ - "51:\n\t" \ - "movzbl (%[in],"VAR(KR64)",1), %%r13d\n\t" \ - "xorb (%%rsp,%%rcx,1), %%r13b\n\t" \ - "movb %%r13b, (%[out],"VAR(KR64)",1)\n\t" \ - "movb %%r13b, (%%rsp,%%rcx,1)\n\t" \ - "incl "VAR(KR)"\n\t" \ - "incl %%ecx\n\t" \ - "cmpl %%edx, "VAR(KR)"\n\t" \ - "jl 51b\n\t" \ - "xorq %%r13, %%r13\n\t" \ - "cmpl $16, %%ecx\n\t" \ - "je 53f\n\t" \ - "\n" \ - "52:\n\t" \ - "movb %%r13b, (%%rsp,%%rcx,1)\n\t" \ - "incl %%ecx\n\t" \ - "cmpl $16, %%ecx\n\t" \ - "jl 52b\n\t" \ - "53:\n\t" \ - "vmovdqu (%%rsp), %%xmm13\n\t" \ - "addq $16, %%rsp\n\t" \ - "vpshufb %[BSWAP_MASK], %%xmm13, %%xmm13\n\t" \ - "vpxor %%xmm13, "VAR(XR)", "VAR(XR)"\n\t" \ - GHASH_GFMUL_RED_AVX2(XR, HR, XR) \ +#define AESENC_LAST15_ENC_AVX2() \ + "movl %[nbytes], %%ecx\n\t" \ + "movl %%ecx, %%edx\n\t" \ + "andl $0x0f, %%ecx\n\t" \ + "jz 55f\n\t" \ + "vmovdqu " VAR(CTR1) ", %%xmm13\n\t" \ + "vpshufb %[BSWAP_EPI64], %%xmm13, %%xmm13\n\t" \ + "vpxor 0(%[KEY]), %%xmm13, %%xmm13\n\t" \ + VAESENC_AVX(%%xmm13) \ + "subq $16, %%rsp\n\t" \ + "xorl %%ecx, %%ecx\n\t" \ + "vmovdqu %%xmm13, (%%rsp)\n\t" \ + "\n" \ + "51:\n\t" \ + "movzbl (%[in]," VAR(KR64) ",1), %%r13d\n\t" \ + "xorb (%%rsp,%%rcx,1), %%r13b\n\t" \ + "movb %%r13b, (%[out]," VAR(KR64) ",1)\n\t" \ + "movb %%r13b, (%%rsp,%%rcx,1)\n\t" \ + "incl " VAR(KR) "\n\t" \ + "incl %%ecx\n\t" \ + "cmpl %%edx, " VAR(KR) "\n\t" \ + "jl 51b\n\t" \ + "xorq %%r13, %%r13\n\t" \ + "cmpl $16, %%ecx\n\t" \ + "je 53f\n\t" \ + "\n" \ + "52:\n\t" \ + "movb %%r13b, (%%rsp,%%rcx,1)\n\t" \ + "incl %%ecx\n\t" \ + "cmpl $16, %%ecx\n\t" \ + "jl 52b\n\t" \ + "53:\n\t" \ + "vmovdqu (%%rsp), %%xmm13\n\t" \ + "addq $16, %%rsp\n\t" \ + "vpshufb %[BSWAP_MASK], %%xmm13, %%xmm13\n\t" \ + "vpxor %%xmm13, " VAR(XR) ", " VAR(XR) "\n\t" \ + GHASH_GFMUL_RED_AVX2(XR, HR, XR) \ -#define AESENC_LAST15_DEC_AVX2() \ - "movl %[nbytes], %%ecx\n\t" \ - "movl %%ecx, %%edx\n\t" \ - "andl $0x0f, %%ecx\n\t" \ - "jz 55f\n\t" \ - "vmovdqu "VAR(CTR1)", %%xmm13\n\t" \ - "vpshufb %[BSWAP_EPI64], %%xmm13, %%xmm13\n\t" \ - "vpxor 0(%[KEY]), %%xmm13, %%xmm13\n\t" \ - VAESENC_AVX(%%xmm13) \ - "subq $32, %%rsp\n\t" \ - "xorl %%ecx, %%ecx\n\t" \ - "vmovdqu %%xmm13, (%%rsp)\n\t" \ - "vpxor %%xmm0, %%xmm0, %%xmm0\n\t" \ - "vmovdqu %%xmm0, 16(%%rsp)\n\t" \ - "\n" \ - "51:\n\t" \ - "movzbl (%[in],"VAR(KR64)",1), %%r13d\n\t" \ - "movb %%r13b, 16(%%rsp,%%rcx,1)\n\t" \ - "xorb (%%rsp,%%rcx,1), %%r13b\n\t" \ - "movb %%r13b, (%[out],"VAR(KR64)",1)\n\t" \ - "incl "VAR(KR)"\n\t" \ - "incl %%ecx\n\t" \ - "cmpl %%edx, "VAR(KR)"\n\t" \ - "jl 51b\n\t" \ - "53:\n\t" \ - "vmovdqu 16(%%rsp), %%xmm13\n\t" \ - "addq $32, %%rsp\n\t" \ - "vpshufb %[BSWAP_MASK], %%xmm13, %%xmm13\n\t" \ - "vpxor %%xmm13, "VAR(XR)", "VAR(XR)"\n\t" \ - GHASH_GFMUL_RED_AVX2(XR, HR, XR) \ +#define AESENC_LAST15_DEC_AVX2() \ + "movl %[nbytes], %%ecx\n\t" \ + "movl %%ecx, %%edx\n\t" \ + "andl $0x0f, %%ecx\n\t" \ + "jz 55f\n\t" \ + "vmovdqu " VAR(CTR1) ", %%xmm13\n\t" \ + "vpshufb %[BSWAP_EPI64], %%xmm13, %%xmm13\n\t" \ + "vpxor 0(%[KEY]), %%xmm13, %%xmm13\n\t" \ + VAESENC_AVX(%%xmm13) \ + "subq $32, %%rsp\n\t" \ + "xorl %%ecx, %%ecx\n\t" \ + "vmovdqu %%xmm13, (%%rsp)\n\t" \ + "vpxor %%xmm0, %%xmm0, %%xmm0\n\t" \ + "vmovdqu %%xmm0, 16(%%rsp)\n\t" \ + "\n" \ + "51:\n\t" \ + "movzbl (%[in]," VAR(KR64) ",1), %%r13d\n\t" \ + "movb %%r13b, 16(%%rsp,%%rcx,1)\n\t" \ + "xorb (%%rsp,%%rcx,1), %%r13b\n\t" \ + "movb %%r13b, (%[out]," VAR(KR64) ",1)\n\t" \ + "incl " VAR(KR) "\n\t" \ + "incl %%ecx\n\t" \ + "cmpl %%edx, " VAR(KR) "\n\t" \ + "jl 51b\n\t" \ + "53:\n\t" \ + "vmovdqu 16(%%rsp), %%xmm13\n\t" \ + "addq $32, %%rsp\n\t" \ + "vpshufb %[BSWAP_MASK], %%xmm13, %%xmm13\n\t" \ + "vpxor %%xmm13, " VAR(XR) ", " VAR(XR) "\n\t" \ + GHASH_GFMUL_RED_AVX2(XR, HR, XR) \ -#define CALC_TAG_AVX2() \ - "movl %[nbytes], %%edx\n\t" \ - "movl %[abytes], %%ecx\n\t" \ - "shlq $3, %%rdx\n\t" \ - "shlq $3, %%rcx\n\t" \ - "vpinsrq $0, %%rdx, %%xmm0, %%xmm0\n\t" \ - "vpinsrq $1, %%rcx, %%xmm0, %%xmm0\n\t" \ - "vpxor %%xmm0, "VAR(XR)", "VAR(XR)"\n\t" \ - GHASH_GFMUL_RED_AVX2(XR, HR, XR) \ - "vpshufb %[BSWAP_MASK], "VAR(XR)", "VAR(XR)"\n\t" \ - "vpxor "VAR(TR)", "VAR(XR)", %%xmm0\n\t" \ +#define CALC_TAG_AVX2() \ + "movl %[nbytes], %%edx\n\t" \ + "movl %[abytes], %%ecx\n\t" \ + "shlq $3, %%rdx\n\t" \ + "shlq $3, %%rcx\n\t" \ + "vpinsrq $0, %%rdx, %%xmm0, %%xmm0\n\t" \ + "vpinsrq $1, %%rcx, %%xmm0, %%xmm0\n\t" \ + "vpxor %%xmm0, " VAR(XR) ", " VAR(XR) "\n\t" \ + GHASH_GFMUL_RED_AVX2(XR, HR, XR) \ + "vpshufb %[BSWAP_MASK], " VAR(XR) ", " VAR(XR) "\n\t" \ + "vpxor " VAR(TR) ", " VAR(XR) ", %%xmm0\n\t" \ static void AES_GCM_encrypt_avx2(const unsigned char *in, unsigned char *out, @@ -6299,10 +6299,10 @@ static void AES_GCM_encrypt_avx2(const unsigned char *in, unsigned char *out, register unsigned int ivLen asm("ebx") = ibytes; __asm__ __volatile__ ( - "subq $"VAR(STACK_OFFSET)", %%rsp\n\t" + "subq $" VAR(STACK_OFFSET) ", %%rsp\n\t" /* Counter is xmm13 */ "vpxor %%xmm13, %%xmm13, %%xmm13\n\t" - "vpxor "VAR(XR)", "VAR(XR)", "VAR(XR)"\n\t" + "vpxor " VAR(XR) ", " VAR(XR) ", " VAR(XR) "\n\t" "movl %[ibytes], %%edx\n\t" "cmpl $12, %%edx\n\t" "jne 35f\n\t" @@ -6317,19 +6317,19 @@ static void AES_GCM_encrypt_avx2(const unsigned char *in, unsigned char *out, CALC_AAD_AVX2() "# Calculate counter and H\n\t" - "vpsrlq $63, "VAR(HR)", %%xmm5\n\t" - "vpsllq $1, "VAR(HR)", %%xmm4\n\t" + "vpsrlq $63, " VAR(HR) ", %%xmm5\n\t" + "vpsllq $1, " VAR(HR) ", %%xmm4\n\t" "vpslldq $8, %%xmm5, %%xmm5\n\t" "vpor %%xmm5, %%xmm4, %%xmm4\n\t" - "vpshufd $0xff, "VAR(HR)", "VAR(HR)"\n\t" - "vpsrad $31, "VAR(HR)", "VAR(HR)"\n\t" + "vpshufd $0xff, " VAR(HR) ", " VAR(HR) "\n\t" + "vpsrad $31, " VAR(HR) ", " VAR(HR) "\n\t" "vpshufb %[BSWAP_EPI64], %%xmm13, %%xmm13\n\t" - "vpand %[MOD2_128], "VAR(HR)", "VAR(HR)"\n\t" + "vpand %[MOD2_128], " VAR(HR) ", " VAR(HR) "\n\t" "vpaddd %[ONE], %%xmm13, %%xmm13\n\t" - "vpxor %%xmm4, "VAR(HR)", "VAR(HR)"\n\t" - "vmovdqu %%xmm13, "VAR(CTR1)"\n\t" + "vpxor %%xmm4, " VAR(HR) ", " VAR(HR) "\n\t" + "vmovdqu %%xmm13, " VAR(CTR1) "\n\t" - "xorl "VAR(KR)", "VAR(KR)"\n\t" + "xorl " VAR(KR) ", " VAR(KR) "\n\t" #if !defined(AES_GCM_AESNI_NO_UNROLL) && !defined(AES_GCM_AVX2_NO_UNROLL) "cmpl $128, %[nbytes]\n\t" @@ -6343,15 +6343,15 @@ static void AES_GCM_encrypt_avx2(const unsigned char *in, unsigned char *out, VAESENC_128() "cmpl $128, %%r13d\n\t" - "movl $128, "VAR(KR)"\n\t" + "movl $128, " VAR(KR) "\n\t" "jle 2f\n\t" "# More 128 bytes of input\n\t" "\n" "3:\n\t" VAESENC_128_GHASH_AVX2(%%rdx, 0) - "addl $128, "VAR(KR)"\n\t" - "cmpl %%r13d, "VAR(KR)"\n\t" + "addl $128, " VAR(KR) "\n\t" + "cmpl %%r13d, " VAR(KR) "\n\t" "jl 3b\n\t" "\n" "2:\n\t" @@ -6368,37 +6368,37 @@ static void AES_GCM_encrypt_avx2(const unsigned char *in, unsigned char *out, GHASH_GFMUL_RED_8_AVX2() - "vmovdqu 0("VAR(HTR)"), "VAR(HR)"\n\t" + "vmovdqu 0(" VAR(HTR) "), " VAR(HR) "\n\t" "\n" "5:\n\t" "movl %[nbytes], %%edx\n\t" - "cmpl %%edx, "VAR(KR)"\n\t" + "cmpl %%edx, " VAR(KR) "\n\t" "jge 55f\n\t" #endif "movl %[nbytes], %%r13d\n\t" "andl $0xfffffff0, %%r13d\n\t" - "cmpl %%r13d, "VAR(KR)"\n\t" + "cmpl %%r13d, " VAR(KR) "\n\t" "jge 14f\n\t" VAESENC_BLOCK_AVX2() - "addl $16, "VAR(KR)"\n\t" - "cmpl %%r13d, "VAR(KR)"\n\t" + "addl $16, " VAR(KR) "\n\t" + "cmpl %%r13d, " VAR(KR) "\n\t" "jge 13f\n\t" "vmovdqa %[MOD2_128], %%xmm0\n\t" "\n" "12:\n\t" - "vmovdqu (%[in],"VAR(KR64)",1), %%xmm9\n\t" - "vmovdqu "VAR(CTR1)", %%xmm5\n\t" + "vmovdqu (%[in]," VAR(KR64) ",1), %%xmm9\n\t" + "vmovdqu " VAR(CTR1) ", %%xmm5\n\t" "vpshufb %[BSWAP_EPI64], %%xmm5, %%xmm4\n\t" "vpaddd %[ONE], %%xmm5, %%xmm5\n\t" - "vmovdqu %%xmm5, "VAR(CTR1)"\n\t" + "vmovdqu %%xmm5, " VAR(CTR1) "\n\t" VAESENC_GFMUL_SB_AVX2(%%xmm9, HR, XR, CTR1) - "vmovdqu %%xmm4, (%[out],"VAR(KR64)",1)\n\t" + "vmovdqu %%xmm4, (%[out]," VAR(KR64) ",1)\n\t" "vpshufb %[BSWAP_MASK], %%xmm4, %%xmm4\n\t" - "addl $16, "VAR(KR)"\n\t" - "vpxor %%xmm4, "VAR(XR)", "VAR(XR)"\n\t" - "cmpl %%r13d, "VAR(KR)"\n\t" + "addl $16, " VAR(KR) "\n\t" + "vpxor %%xmm4, " VAR(XR) ", " VAR(XR) "\n\t" + "cmpl %%r13d, " VAR(KR) "\n\t" "jl 12b\n\t" "\n" "13:\n\t" @@ -6412,7 +6412,7 @@ static void AES_GCM_encrypt_avx2(const unsigned char *in, unsigned char *out, CALC_TAG_AVX2() STORE_TAG_AVX() - "addq $"VAR(STACK_OFFSET)", %%rsp\n\t" + "addq $" VAR(STACK_OFFSET) ", %%rsp\n\t" "vzeroupper\n\t" : @@ -6454,7 +6454,7 @@ static void AES_GCM_decrypt(const unsigned char *in, unsigned char *out, __asm__ __volatile__ ( "pushq %%rdx\n\t" - "subq $"VAR(STACK_OFFSET)", %%rsp\n\t" + "subq $" VAR(STACK_OFFSET) ", %%rsp\n\t" /* Counter is xmm13 */ "pxor %%xmm13, %%xmm13\n\t" "pxor %%xmm15, %%xmm15\n\t" @@ -6472,20 +6472,20 @@ static void AES_GCM_decrypt(const unsigned char *in, unsigned char *out, "# Calculate counter and H\n\t" "pshufb %[BSWAP_EPI64], %%xmm13\n\t" - "movdqa "VAR(HR)", %%xmm5\n\t" + "movdqa " VAR(HR) ", %%xmm5\n\t" "paddd %[ONE], %%xmm13\n\t" - "movdqa "VAR(HR)", %%xmm4\n\t" - "movdqu %%xmm13, "VAR(CTR1)"\n\t" + "movdqa " VAR(HR) ", %%xmm4\n\t" + "movdqu %%xmm13, " VAR(CTR1) "\n\t" "psrlq $63, %%xmm5\n\t" "psllq $1, %%xmm4\n\t" "pslldq $8, %%xmm5\n\t" "por %%xmm5, %%xmm4\n\t" - "pshufd $0xff, "VAR(HR)", "VAR(HR)"\n\t" - "psrad $31, "VAR(HR)"\n\t" - "pand %[MOD2_128], "VAR(HR)"\n\t" - "pxor %%xmm4, "VAR(HR)"\n\t" + "pshufd $0xff, " VAR(HR) ", " VAR(HR) "\n\t" + "psrad $31, " VAR(HR) "\n\t" + "pand %[MOD2_128], " VAR(HR) "\n\t" + "pxor %%xmm4, " VAR(HR) "\n\t" - "xorl "VAR(KR)", "VAR(KR)"\n\t" + "xorl " VAR(KR) ", " VAR(KR) "\n\t" #if !defined(AES_GCM_AESNI_NO_UNROLL) && !defined(AES_GCM_AVX1_NO_UNROLL) "cmpl $128, %[nbytes]\n\t" @@ -6498,33 +6498,33 @@ static void AES_GCM_decrypt(const unsigned char *in, unsigned char *out, "\n" "2:\n\t" AESENC_128_GHASH_AVX(%%rcx, 128) - "addl $128, "VAR(KR)"\n\t" - "cmpl %%r13d, "VAR(KR)"\n\t" + "addl $128, " VAR(KR) "\n\t" + "cmpl %%r13d, " VAR(KR) "\n\t" "jl 2b\n\t" - "movdqa %%xmm2, "VAR(XR)"\n\t" - "movdqu (%%rsp), "VAR(HR)"\n\t" + "movdqa %%xmm2, " VAR(XR) "\n\t" + "movdqu (%%rsp), " VAR(HR) "\n\t" "5:\n\t" "movl %[nbytes], %%edx\n\t" - "cmpl %%edx, "VAR(KR)"\n\t" + "cmpl %%edx, " VAR(KR) "\n\t" "jge 55f\n\t" #endif "movl %[nbytes], %%r13d\n\t" "andl $0xfffffff0, %%r13d\n\t" - "cmpl %%r13d, "VAR(KR)"\n\t" + "cmpl %%r13d, " VAR(KR) "\n\t" "jge 13f\n\t" "\n" "12:\n\t" - "leaq (%[in],"VAR(KR64)",1), %%rcx\n\t" - "leaq (%[out],"VAR(KR64)",1), %%rdx\n\t" + "leaq (%[in]," VAR(KR64) ",1), %%rcx\n\t" + "leaq (%[out]," VAR(KR64) ",1), %%rdx\n\t" "movdqu (%%rcx), %%xmm1\n\t" - "movdqa "VAR(HR)", %%xmm0\n\t" + "movdqa " VAR(HR) ", %%xmm0\n\t" "pshufb %[BSWAP_MASK], %%xmm1\n\t" - "pxor "VAR(XR)", %%xmm1\n\t" + "pxor " VAR(XR) ", %%xmm1\n\t" AESENC_GFMUL(%%rcx, %%rdx, %%xmm0, %%xmm1) - "addl $16, "VAR(KR)"\n\t" - "cmpl %%r13d, "VAR(KR)"\n\t" + "addl $16, " VAR(KR) "\n\t" + "cmpl %%r13d, " VAR(KR) "\n\t" "jl 12b\n\t" "\n" "13:\n\t" @@ -6534,7 +6534,7 @@ static void AES_GCM_decrypt(const unsigned char *in, unsigned char *out, "55:\n\t" CALC_TAG() - "addq $"VAR(STACK_OFFSET)", %%rsp\n\t" + "addq $" VAR(STACK_OFFSET) ", %%rsp\n\t" "popq %%rdx\n\t" CMP_TAG() @@ -6574,7 +6574,7 @@ static void AES_GCM_decrypt_avx1(const unsigned char *in, unsigned char *out, __asm__ __volatile__ ( "pushq %%rdx\n\t" - "subq $"VAR(STACK_OFFSET)", %%rsp\n\t" + "subq $" VAR(STACK_OFFSET) ", %%rsp\n\t" /* Counter is xmm13 */ "vpxor %%xmm13, %%xmm13, %%xmm13\n\t" "vpxor %%xmm15, %%xmm15, %%xmm15\n\t" @@ -6591,19 +6591,19 @@ static void AES_GCM_decrypt_avx1(const unsigned char *in, unsigned char *out, CALC_AAD_AVX1() "# Calculate counter and H\n\t" - "vpsrlq $63, "VAR(HR)", %%xmm5\n\t" - "vpsllq $1, "VAR(HR)", %%xmm4\n\t" + "vpsrlq $63, " VAR(HR) ", %%xmm5\n\t" + "vpsllq $1, " VAR(HR) ", %%xmm4\n\t" "vpslldq $8, %%xmm5, %%xmm5\n\t" "vpor %%xmm5, %%xmm4, %%xmm4\n\t" - "vpshufd $0xff, "VAR(HR)", "VAR(HR)"\n\t" - "vpsrad $31, "VAR(HR)", "VAR(HR)"\n\t" + "vpshufd $0xff, " VAR(HR) ", " VAR(HR) "\n\t" + "vpsrad $31, " VAR(HR) ", " VAR(HR) "\n\t" "vpshufb %[BSWAP_EPI64], %%xmm13, %%xmm13\n\t" - "vpand %[MOD2_128], "VAR(HR)", "VAR(HR)"\n\t" + "vpand %[MOD2_128], " VAR(HR) ", " VAR(HR) "\n\t" "vpaddd %[ONE], %%xmm13, %%xmm13\n\t" - "vpxor %%xmm4, "VAR(HR)", "VAR(HR)"\n\t" - "vmovdqu %%xmm13, "VAR(CTR1)"\n\t" + "vpxor %%xmm4, " VAR(HR) ", " VAR(HR) "\n\t" + "vmovdqu %%xmm13, " VAR(CTR1) "\n\t" - "xorl "VAR(KR)", "VAR(KR)"\n\t" + "xorl " VAR(KR) ", " VAR(KR) "\n\t" #if !defined(AES_GCM_AESNI_NO_UNROLL) && !defined(AES_GCM_AVX1_NO_UNROLL) "cmpl $128, %[nbytes]\n\t" @@ -6616,31 +6616,31 @@ static void AES_GCM_decrypt_avx1(const unsigned char *in, unsigned char *out, "\n" "2:\n\t" VAESENC_128_GHASH_AVX1(%%rcx, 128) - "addl $128, "VAR(KR)"\n\t" - "cmpl %%r13d, "VAR(KR)"\n\t" + "addl $128, " VAR(KR) "\n\t" + "cmpl %%r13d, " VAR(KR) "\n\t" "jl 2b\n\t" - "vmovdqa %%xmm2, "VAR(XR)"\n\t" - "vmovdqu (%%rsp), "VAR(HR)"\n\t" + "vmovdqa %%xmm2, " VAR(XR) "\n\t" + "vmovdqu (%%rsp), " VAR(HR) "\n\t" "5:\n\t" "movl %[nbytes], %%edx\n\t" - "cmpl %%edx, "VAR(KR)"\n\t" + "cmpl %%edx, " VAR(KR) "\n\t" "jge 55f\n\t" #endif "movl %[nbytes], %%r13d\n\t" "andl $0xfffffff0, %%r13d\n\t" - "cmpl %%r13d, "VAR(KR)"\n\t" + "cmpl %%r13d, " VAR(KR) "\n\t" "jge 13f\n\t" "\n" "12:\n\t" - "vmovdqu (%[in],"VAR(KR64)",1), %%xmm9\n\t" - "vmovdqa "VAR(HR)", %%xmm0\n\t" + "vmovdqu (%[in]," VAR(KR64) ",1), %%xmm9\n\t" + "vmovdqa " VAR(HR) ", %%xmm0\n\t" "vpshufb %[BSWAP_MASK], %%xmm9, %%xmm1\n\t" - "vpxor "VAR(XR)", %%xmm1, %%xmm1\n\t" + "vpxor " VAR(XR) ", %%xmm1, %%xmm1\n\t" VAESENC_GFMUL(%%xmm9, %%xmm0, %%xmm1) - "addl $16, "VAR(KR)"\n\t" - "cmpl %%r13d, "VAR(KR)"\n\t" + "addl $16, " VAR(KR) "\n\t" + "cmpl %%r13d, " VAR(KR) "\n\t" "jl 12b\n\t" "\n" "13:\n\t" @@ -6650,7 +6650,7 @@ static void AES_GCM_decrypt_avx1(const unsigned char *in, unsigned char *out, "55:\n\t" CALC_TAG_AVX1() - "addq $"VAR(STACK_OFFSET)", %%rsp\n\t" + "addq $" VAR(STACK_OFFSET) ", %%rsp\n\t" "popq %%rdx\n\t" CMP_TAG_AVX() "vzeroupper\n\t" @@ -6691,7 +6691,7 @@ static void AES_GCM_decrypt_avx2(const unsigned char *in, unsigned char *out, __asm__ __volatile__ ( "pushq %%rdx\n\t" - "subq $"VAR(STACK_OFFSET)", %%rsp\n\t" + "subq $" VAR(STACK_OFFSET) ", %%rsp\n\t" /* Counter is xmm13 */ "vpxor %%xmm13, %%xmm13, %%xmm13\n\t" "vpxor %%xmm15, %%xmm15, %%xmm15\n\t" @@ -6709,19 +6709,19 @@ static void AES_GCM_decrypt_avx2(const unsigned char *in, unsigned char *out, CALC_AAD_AVX2() "# Calculate counter and H\n\t" - "vpsrlq $63, "VAR(HR)", %%xmm5\n\t" - "vpsllq $1, "VAR(HR)", %%xmm4\n\t" + "vpsrlq $63, " VAR(HR) ", %%xmm5\n\t" + "vpsllq $1, " VAR(HR) ", %%xmm4\n\t" "vpslldq $8, %%xmm5, %%xmm5\n\t" "vpor %%xmm5, %%xmm4, %%xmm4\n\t" - "vpshufd $0xff, "VAR(HR)", "VAR(HR)"\n\t" - "vpsrad $31, "VAR(HR)", "VAR(HR)"\n\t" + "vpshufd $0xff, " VAR(HR) ", " VAR(HR) "\n\t" + "vpsrad $31, " VAR(HR) ", " VAR(HR) "\n\t" "vpshufb %[BSWAP_EPI64], %%xmm13, %%xmm13\n\t" - "vpand %[MOD2_128], "VAR(HR)", "VAR(HR)"\n\t" + "vpand %[MOD2_128], " VAR(HR) ", " VAR(HR) "\n\t" "vpaddd %[ONE], %%xmm13, %%xmm13\n\t" - "vpxor %%xmm4, "VAR(HR)", "VAR(HR)"\n\t" - "vmovdqu %%xmm13, "VAR(CTR1)"\n\t" + "vpxor %%xmm4, " VAR(HR) ", " VAR(HR) "\n\t" + "vmovdqu %%xmm13, " VAR(CTR1) "\n\t" - "xorl "VAR(KR)", "VAR(KR)"\n\t" + "xorl " VAR(KR) ", " VAR(KR) "\n\t" #if !defined(AES_GCM_AESNI_NO_UNROLL) && !defined(AES_GCM_AVX2_NO_UNROLL) "cmpl $128, %[nbytes]\n\t" @@ -6734,36 +6734,36 @@ static void AES_GCM_decrypt_avx2(const unsigned char *in, unsigned char *out, "\n" "2:\n\t" VAESENC_128_GHASH_AVX2(%%rcx, 128) - "addl $128, "VAR(KR)"\n\t" - "cmpl %%r13d, "VAR(KR)"\n\t" + "addl $128, " VAR(KR) "\n\t" + "cmpl %%r13d, " VAR(KR) "\n\t" "jl 2b\n\t" - "vmovdqa %%xmm2, "VAR(XR)"\n\t" - "vmovdqu (%%rsp), "VAR(HR)"\n\t" + "vmovdqa %%xmm2, " VAR(XR) "\n\t" + "vmovdqu (%%rsp), " VAR(HR) "\n\t" "5:\n\t" "movl %[nbytes], %%edx\n\t" - "cmpl %%edx, "VAR(KR)"\n\t" + "cmpl %%edx, " VAR(KR) "\n\t" "jge 55f\n\t" #endif "movl %[nbytes], %%r13d\n\t" "andl $0xfffffff0, %%r13d\n\t" - "cmpl %%r13d, "VAR(KR)"\n\t" + "cmpl %%r13d, " VAR(KR) "\n\t" "jge 13f\n\t" "vmovdqa %[MOD2_128], %%xmm0\n\t" "\n" "12:\n\t" - "vmovdqu (%[in],"VAR(KR64)",1), %%xmm9\n\t" - "vmovdqu "VAR(CTR1)", %%xmm5\n\t" + "vmovdqu (%[in]," VAR(KR64) ",1), %%xmm9\n\t" + "vmovdqu " VAR(CTR1) ", %%xmm5\n\t" "vpshufb %[BSWAP_MASK], %%xmm9, %%xmm1\n\t" "vpshufb %[BSWAP_EPI64], %%xmm5, %%xmm4\n\t" "vpaddd %[ONE], %%xmm5, %%xmm5\n\t" - "vpxor "VAR(XR)", %%xmm1, %%xmm1\n\t" - "vmovdqu %%xmm5, "VAR(CTR1)"\n\t" + "vpxor " VAR(XR) ", %%xmm1, %%xmm1\n\t" + "vmovdqu %%xmm5, " VAR(CTR1) "\n\t" VAESENC_GFMUL_SB_AVX2(%%xmm9, HR, %%xmm1, CTR1) - "vmovdqu %%xmm4, (%[out],"VAR(KR64)",1)\n\t" - "addl $16, "VAR(KR)"\n\t" - "cmpl %%r13d, "VAR(KR)"\n\t" + "vmovdqu %%xmm4, (%[out]," VAR(KR64) ",1)\n\t" + "addl $16, " VAR(KR) "\n\t" + "cmpl %%r13d, " VAR(KR) "\n\t" "jl 12b\n\t" "\n" "13:\n\t" @@ -6773,7 +6773,7 @@ static void AES_GCM_decrypt_avx2(const unsigned char *in, unsigned char *out, "55:\n\t" CALC_TAG_AVX2() - "addq $"VAR(STACK_OFFSET)", %%rsp\n\t" + "addq $" VAR(STACK_OFFSET) ", %%rsp\n\t" "popq %%rdx\n\t" CMP_TAG_AVX() "vzeroupper\n\t" diff --git a/wolfcrypt/src/sha256.c b/wolfcrypt/src/sha256.c index 1efe335eb..731e1605f 100644 --- a/wolfcrypt/src/sha256.c +++ b/wolfcrypt/src/sha256.c @@ -875,231 +875,231 @@ static int InitSha256(wc_Sha256* sha256) #if defined(HAVE_INTEL_RORX) #define RND_STEP_RORX_0_1(a, b, c, d, e, f, g, h, i) \ /* L3 = f */ \ - "movl %"#f", "L3"\n\t" \ + "movl %" #f ", " L3 "\n\t" \ /* L2 = e>>>11 */ \ - "rorx $11, %"#e", "L2"\n\t" \ + "rorx $11, %" #e ", " L2 "\n\t" \ /* h += w_k */ \ - "addl ("#i")*4("WK"), %"#h"\n\t" \ + "addl (" #i ")*4(" WK "), %" #h "\n\t" \ #define RND_STEP_RORX_0_2(a, b, c, d, e, f, g, h, i) \ /* L2 = (e>>>6) ^ (e>>>11) */ \ - "xorl "L1", "L2"\n\t" \ + "xorl " L1 ", " L2 "\n\t" \ /* L3 = f ^ g */ \ - "xorl %"#g", "L3"\n\t" \ + "xorl %" #g ", " L3 "\n\t" \ /* L1 = e>>>25 */ \ - "rorx $25, %"#e", "L1"\n\t" \ + "rorx $25, %" #e ", " L1 "\n\t" \ #define RND_STEP_RORX_0_3(a, b, c, d, e, f, g, h, i) \ /* L3 = (f ^ g) & e */ \ - "andl %"#e", "L3"\n\t" \ + "andl %" #e ", " L3 "\n\t" \ /* L1 = Sigma1(e) */ \ - "xorl "L2", "L1"\n\t" \ + "xorl " L2 ", " L1 "\n\t" \ /* L2 = a>>>13 */ \ - "rorx $13, %"#a", "L2"\n\t" \ + "rorx $13, %" #a ", " L2 "\n\t" \ #define RND_STEP_RORX_0_4(a, b, c, d, e, f, g, h, i) \ /* h += Sigma1(e) */ \ - "addl "L1", %"#h"\n\t" \ + "addl " L1 ", %" #h "\n\t" \ /* L1 = a>>>2 */ \ - "rorx $2, %"#a", "L1"\n\t" \ + "rorx $2, %" #a ", " L1 "\n\t" \ /* L3 = Ch(e,f,g) */ \ - "xorl %"#g", "L3"\n\t" \ + "xorl %" #g ", " L3 "\n\t" \ #define RND_STEP_RORX_0_5(a, b, c, d, e, f, g, h, i) \ /* L2 = (a>>>2) ^ (a>>>13) */ \ - "xorl "L1", "L2"\n\t" \ + "xorl " L1 ", " L2 "\n\t" \ /* L1 = a>>>22 */ \ - "rorx $22, %"#a", "L1"\n\t" \ + "rorx $22, %" #a ", " L1 "\n\t" \ /* h += Ch(e,f,g) */ \ - "addl "L3", %"#h"\n\t" \ + "addl " L3 ", %" #h "\n\t" \ #define RND_STEP_RORX_0_6(a, b, c, d, e, f, g, h, i) \ /* L1 = Sigma0(a) */ \ - "xorl "L2", "L1"\n\t" \ + "xorl " L2 ", " L1 "\n\t" \ /* L3 = b */ \ - "movl %"#b", "L3"\n\t" \ + "movl %" #b ", " L3 "\n\t" \ /* d += h + w_k + Sigma1(e) + Ch(e,f,g) */ \ - "addl %"#h", %"#d"\n\t" \ + "addl %" #h ", %" #d "\n\t" \ #define RND_STEP_RORX_0_7(a, b, c, d, e, f, g, h, i) \ /* L3 = a ^ b */ \ - "xorl %"#a", "L3"\n\t" \ + "xorl %" #a ", " L3 "\n\t" \ /* h += Sigma0(a) */ \ - "addl "L1", %"#h"\n\t" \ + "addl " L1 ", %" #h "\n\t" \ /* L4 = (a ^ b) & (b ^ c) */ \ - "andl "L3", "L4"\n\t" \ + "andl " L3 ", " L4 "\n\t" \ #define RND_STEP_RORX_0_8(a, b, c, d, e, f, g, h, i) \ /* L4 = Maj(a,b,c) */ \ - "xorl %"#b", "L4"\n\t" \ + "xorl %" #b ", " L4 "\n\t" \ /* L1 = d>>>6 (= e>>>6 next RND) */ \ - "rorx $6, %"#d", "L1"\n\t" \ + "rorx $6, %" #d ", " L1 "\n\t" \ /* h += Maj(a,b,c) */ \ - "addl "L4", %"#h"\n\t" \ + "addl " L4 ", %" #h "\n\t" \ #define RND_STEP_RORX_1_1(a, b, c, d, e, f, g, h, i) \ /* L4 = f */ \ - "movl %"#f", "L4"\n\t" \ + "movl %" #f ", " L4 "\n\t" \ /* L2 = e>>>11 */ \ - "rorx $11, %"#e", "L2"\n\t" \ + "rorx $11, %" #e ", " L2 "\n\t" \ /* h += w_k */ \ - "addl ("#i")*4("WK"), %"#h"\n\t" \ + "addl (" #i ")*4(" WK "), %" #h "\n\t" \ #define RND_STEP_RORX_1_2(a, b, c, d, e, f, g, h, i) \ /* L2 = (e>>>6) ^ (e>>>11) */ \ - "xorl "L1", "L2"\n\t" \ + "xorl " L1 ", " L2 "\n\t" \ /* L4 = f ^ g */ \ - "xorl %"#g", "L4"\n\t" \ + "xorl %" #g ", " L4 "\n\t" \ /* L1 = e>>>25 */ \ - "rorx $25, %"#e", "L1"\n\t" \ + "rorx $25, %" #e ", " L1 "\n\t" \ #define RND_STEP_RORX_1_3(a, b, c, d, e, f, g, h, i) \ /* L4 = (f ^ g) & e */ \ - "andl %"#e", "L4"\n\t" \ + "andl %" #e ", " L4 "\n\t" \ /* L1 = Sigma1(e) */ \ - "xorl "L2", "L1"\n\t" \ + "xorl " L2 ", " L1 "\n\t" \ /* L2 = a>>>13 */ \ - "rorx $13, %"#a", "L2"\n\t" \ + "rorx $13, %" #a ", " L2 "\n\t" \ #define RND_STEP_RORX_1_4(a, b, c, d, e, f, g, h, i) \ /* h += Sigma1(e) */ \ - "addl "L1", %"#h"\n\t" \ + "addl " L1 ", %" #h "\n\t" \ /* L1 = a>>>2 */ \ - "rorx $2, %"#a", "L1"\n\t" \ + "rorx $2, %" #a ", " L1 "\n\t" \ /* L4 = Ch(e,f,g) */ \ - "xorl %"#g", "L4"\n\t" \ + "xorl %" #g ", " L4 "\n\t" \ #define RND_STEP_RORX_1_5(a, b, c, d, e, f, g, h, i) \ /* L2 = (a>>>2) ^ (a>>>13) */ \ - "xorl "L1", "L2"\n\t" \ + "xorl " L1 ", " L2 "\n\t" \ /* L1 = a>>>22 */ \ - "rorx $22, %"#a", "L1"\n\t" \ + "rorx $22, %" #a ", " L1 "\n\t" \ /* h += Ch(e,f,g) */ \ - "addl "L4", %"#h"\n\t" \ + "addl " L4 ", %" #h "\n\t" \ #define RND_STEP_RORX_1_6(a, b, c, d, e, f, g, h, i) \ /* L1 = Sigma0(a) */ \ - "xorl "L2", "L1"\n\t" \ + "xorl " L2 ", " L1 "\n\t" \ /* L4 = b */ \ - "movl %"#b", "L4"\n\t" \ + "movl %" #b ", " L4 "\n\t" \ /* d += h + w_k + Sigma1(e) + Ch(e,f,g) */ \ - "addl %"#h", %"#d"\n\t" \ + "addl %" #h ", %" #d "\n\t" \ #define RND_STEP_RORX_1_7(a, b, c, d, e, f, g, h, i) \ /* L4 = a ^ b */ \ - "xorl %"#a", "L4"\n\t" \ + "xorl %" #a ", " L4 "\n\t" \ /* h += Sigma0(a) */ \ - "addl "L1", %"#h"\n\t" \ + "addl " L1 ", %" #h "\n\t" \ /* L3 = (a ^ b) & (b ^ c) */ \ - "andl "L4", "L3"\n\t" \ + "andl " L4 ", " L3 "\n\t" \ #define RND_STEP_RORX_1_8(a, b, c, d, e, f, g, h, i) \ /* L3 = Maj(a,b,c) */ \ - "xorl %"#b", "L3"\n\t" \ + "xorl %" #b ", " L3 "\n\t" \ /* L1 = d>>>6 (= e>>>6 next RND) */ \ - "rorx $6, %"#d", "L1"\n\t" \ + "rorx $6, %" #d ", " L1 "\n\t" \ /* h += Maj(a,b,c) */ \ - "addl "L3", %"#h"\n\t" \ + "addl " L3 ", %" #h "\n\t" \ #define _RND_RORX_X_0(a, b, c, d, e, f, g, h, i) \ /* L1 = e>>>6 */ \ - "rorx $6, %"#e", "L1"\n\t" \ + "rorx $6, %" #e ", " L1 "\n\t" \ /* L2 = e>>>11 */ \ - "rorx $11, %"#e", "L2"\n\t" \ + "rorx $11, %" #e ", " L2 "\n\t" \ /* Prev RND: h += Maj(a,b,c) */ \ - "addl "L3", %"#a"\n\t" \ + "addl " L3 ", %" #a "\n\t" \ /* h += w_k */ \ - "addl ("#i")*4("WK"), %"#h"\n\t" \ + "addl (" #i ")*4(" WK "), %" #h "\n\t" \ /* L3 = f */ \ - "movl %"#f", "L3"\n\t" \ + "movl %" #f ", " L3 "\n\t" \ /* L2 = (e>>>6) ^ (e>>>11) */ \ - "xorl "L1", "L2"\n\t" \ + "xorl " L1 ", " L2 "\n\t" \ /* L3 = f ^ g */ \ - "xorl %"#g", "L3"\n\t" \ + "xorl %" #g ", " L3 "\n\t" \ /* L1 = e>>>25 */ \ - "rorx $25, %"#e", "L1"\n\t" \ + "rorx $25, %" #e ", " L1 "\n\t" \ /* L1 = Sigma1(e) */ \ - "xorl "L2", "L1"\n\t" \ + "xorl " L2 ", " L1 "\n\t" \ /* L3 = (f ^ g) & e */ \ - "andl %"#e", "L3"\n\t" \ + "andl %" #e ", " L3 "\n\t" \ /* h += Sigma1(e) */ \ - "addl "L1", %"#h"\n\t" \ + "addl " L1 ", %" #h "\n\t" \ /* L1 = a>>>2 */ \ - "rorx $2, %"#a", "L1"\n\t" \ + "rorx $2, %" #a ", " L1 "\n\t" \ /* L2 = a>>>13 */ \ - "rorx $13, %"#a", "L2"\n\t" \ + "rorx $13, %" #a ", " L2 "\n\t" \ /* L3 = Ch(e,f,g) */ \ - "xorl %"#g", "L3"\n\t" \ + "xorl %" #g ", " L3 "\n\t" \ /* L2 = (a>>>2) ^ (a>>>13) */ \ - "xorl "L1", "L2"\n\t" \ + "xorl " L1 ", " L2 "\n\t" \ /* L1 = a>>>22 */ \ - "rorx $22, %"#a", "L1"\n\t" \ + "rorx $22, %" #a ", " L1 "\n\t" \ /* h += Ch(e,f,g) */ \ - "addl "L3", %"#h"\n\t" \ + "addl " L3 ", %" #h "\n\t" \ /* L1 = Sigma0(a) */ \ - "xorl "L2", "L1"\n\t" \ + "xorl " L2 ", " L1 "\n\t" \ /* L3 = b */ \ - "movl %"#b", "L3"\n\t" \ + "movl %" #b ", " L3 "\n\t" \ /* d += h + w_k + Sigma1(e) + Ch(e,f,g) */ \ - "addl %"#h", %"#d"\n\t" \ + "addl %" #h ", %" #d "\n\t" \ /* L3 = a ^ b */ \ - "xorl %"#a", "L3"\n\t" \ + "xorl %" #a ", " L3 "\n\t" \ /* L4 = (a ^ b) & (b ^ c) */ \ - "andl "L3", "L4"\n\t" \ + "andl " L3 ", " L4 "\n\t" \ /* h += Sigma0(a) */ \ - "addl "L1", %"#h"\n\t" \ + "addl " L1 ", %" #h "\n\t" \ /* L4 = Maj(a,b,c) */ \ - "xorl %"#b", "L4"\n\t" \ + "xorl %" #b ", " L4 "\n\t" \ #define _RND_RORX_X_1(a, b, c, d, e, f, g, h, i) \ /* L1 = e>>>6 */ \ - "rorx $6, %"#e", "L1"\n\t" \ + "rorx $6, %" #e ", " L1 "\n\t" \ /* L2 = e>>>11 */ \ - "rorx $11, %"#e", "L2"\n\t" \ + "rorx $11, %" #e ", " L2 "\n\t" \ /* Prev RND: h += Maj(a,b,c) */ \ - "addl "L4", %"#a"\n\t" \ + "addl " L4 ", %" #a "\n\t" \ /* h += w_k */ \ - "addl ("#i")*4("WK"), %"#h"\n\t" \ + "addl (" #i ")*4(" WK "), %" #h "\n\t" \ /* L4 = f */ \ - "movl %"#f", "L4"\n\t" \ + "movl %" #f ", " L4 "\n\t" \ /* L2 = (e>>>6) ^ (e>>>11) */ \ - "xorl "L1", "L2"\n\t" \ + "xorl " L1 ", " L2 "\n\t" \ /* L4 = f ^ g */ \ - "xorl %"#g", "L4"\n\t" \ + "xorl %" #g ", " L4 "\n\t" \ /* L1 = e>>>25 */ \ - "rorx $25, %"#e", "L1"\n\t" \ + "rorx $25, %" #e ", " L1 "\n\t" \ /* L1 = Sigma1(e) */ \ - "xorl "L2", "L1"\n\t" \ + "xorl " L2 ", " L1 "\n\t" \ /* L4 = (f ^ g) & e */ \ - "andl %"#e", "L4"\n\t" \ + "andl %" #e ", " L4 "\n\t" \ /* h += Sigma1(e) */ \ - "addl "L1", %"#h"\n\t" \ + "addl " L1 ", %" #h "\n\t" \ /* L1 = a>>>2 */ \ - "rorx $2, %"#a", "L1"\n\t" \ + "rorx $2, %" #a ", " L1 "\n\t" \ /* L2 = a>>>13 */ \ - "rorx $13, %"#a", "L2"\n\t" \ + "rorx $13, %" #a ", " L2 "\n\t" \ /* L4 = Ch(e,f,g) */ \ - "xorl %"#g", "L4"\n\t" \ + "xorl %" #g ", " L4 "\n\t" \ /* L2 = (a>>>2) ^ (a>>>13) */ \ - "xorl "L1", "L2"\n\t" \ + "xorl " L1 ", " L2 "\n\t" \ /* L1 = a>>>22 */ \ - "rorx $22, %"#a", "L1"\n\t" \ + "rorx $22, %" #a ", " L1 "\n\t" \ /* h += Ch(e,f,g) */ \ - "addl "L4", %"#h"\n\t" \ + "addl " L4 ", %" #h "\n\t" \ /* L1 = Sigma0(a) */ \ - "xorl "L2", "L1"\n\t" \ + "xorl " L2 ", " L1 "\n\t" \ /* L4 = b */ \ - "movl %"#b", "L4"\n\t" \ + "movl %" #b ", " L4 "\n\t" \ /* d += h + w_k + Sigma1(e) + Ch(e,f,g) */ \ - "addl %"#h", %"#d"\n\t" \ + "addl %" #h ", %" #d "\n\t" \ /* L4 = a ^ b */ \ - "xorl %"#a", "L4"\n\t" \ + "xorl %" #a ", " L4 "\n\t" \ /* L2 = (a ^ b) & (b ^ c) */ \ - "andl "L4", "L3"\n\t" \ + "andl " L4 ", " L3 "\n\t" \ /* h += Sigma0(a) */ \ - "addl "L1", %"#h"\n\t" \ + "addl " L1 ", %" #h "\n\t" \ /* L3 = Maj(a,b,c) */ \ - "xorl %"#b", "L3"\n\t" \ + "xorl %" #b ", " L3 "\n\t" \ #define RND_RORX_X_0(a,b,c,d,e,f,g,h,i) \ @@ -1117,247 +1117,247 @@ static int InitSha256(wc_Sha256* sha256) #define RND_STEP_0_1(a,b,c,d,e,f,g,h,i) \ /* L1 = e>>>14 */ \ - "rorl $14, "L1"\n\t" \ + "rorl $14, " L1 "\n\t" \ #define RND_STEP_0_2(a,b,c,d,e,f,g,h,i) \ /* L3 = b */ \ - "movl %"#b", "L3"\n\t" \ + "movl %" #b ", " L3 "\n\t" \ /* L2 = f */ \ - "movl %"#f", "L2"\n\t" \ + "movl %" #f ", " L2 "\n\t" \ /* h += w_k */ \ - "addl ("#i")*4("WK"), %"#h"\n\t" \ + "addl (" #i ")*4(" WK "), %" #h "\n\t" \ /* L2 = f ^ g */ \ - "xorl %"#g", "L2"\n\t" \ + "xorl %" #g ", " L2 "\n\t" \ #define RND_STEP_0_3(a,b,c,d,e,f,g,h,i) \ /* L1 = (e>>>14) ^ e */ \ - "xorl %"#e", "L1"\n\t" \ + "xorl %" #e ", " L1 "\n\t" \ /* L2 = (f ^ g) & e */ \ - "andl %"#e", "L2"\n\t" \ - + "andl %" #e ", " L2 "\n\t" \ + #define RND_STEP_0_4(a,b,c,d,e,f,g,h,i) \ /* L1 = ((e>>>14) ^ e) >>> 5 */ \ - "rorl $5, "L1"\n\t" \ + "rorl $5, " L1 "\n\t" \ /* L2 = Ch(e,f,g) */ \ - "xorl %"#g", "L2"\n\t" \ + "xorl %" #g ", " L2 "\n\t" \ /* L1 = (((e>>>14) ^ e) >>> 5) ^ e */ \ - "xorl %"#e", "L1"\n\t" \ + "xorl %" #e ", " L1 "\n\t" \ /* h += Ch(e,f,g) */ \ - "addl "L2", %"#h"\n\t" \ + "addl " L2 ", %" #h "\n\t" \ #define RND_STEP_0_5(a,b,c,d,e,f,g,h,i) \ /* L1 = ((((e>>>14) ^ e) >>> 5) ^ e) >>> 6 */ \ - "rorl $6, "L1"\n\t" \ + "rorl $6, " L1 "\n\t" \ /* L3 = a ^ b (= b ^ c of next RND) */ \ - "xorl %"#a", "L3"\n\t" \ + "xorl %" #a ", " L3 "\n\t" \ /* h = h + w_k + Sigma1(e) */ \ - "addl "L1", %"#h"\n\t" \ + "addl " L1 ", %" #h "\n\t" \ /* L2 = a */ \ - "movl %"#a", "L2"\n\t" \ + "movl %" #a ", " L2 "\n\t" \ #define RND_STEP_0_6(a,b,c,d,e,f,g,h,i) \ /* L3 = (a ^ b) & (b ^ c) */ \ - "andl "L3", "L4"\n\t" \ + "andl " L3 ", " L4 "\n\t" \ /* L2 = a>>>9 */ \ - "rorl $9, "L2"\n\t" \ + "rorl $9, " L2 "\n\t" \ /* L2 = (a>>>9) ^ a */ \ - "xorl %"#a", "L2"\n\t" \ + "xorl %" #a ", " L2 "\n\t" \ /* L1 = Maj(a,b,c) */ \ - "xorl %"#b", "L4"\n\t" \ + "xorl %" #b ", " L4 "\n\t" \ #define RND_STEP_0_7(a,b,c,d,e,f,g,h,i) \ /* L2 = ((a>>>9) ^ a) >>> 11 */ \ - "rorl $11, "L2"\n\t" \ + "rorl $11, " L2 "\n\t" \ /* d += h + w_k + Sigma1(e) + Ch(e,f,g) */ \ - "addl %"#h", %"#d"\n\t" \ + "addl %" #h ", %" #d "\n\t" \ /* L2 = (((a>>>9) ^ a) >>> 11) ^ a */ \ - "xorl %"#a", "L2"\n\t" \ + "xorl %" #a ", " L2 "\n\t" \ /* h = h + w_k + Sigma1(e) + Ch(e,f,g) + Maj(a,b,c) */ \ - "addl "L4", %"#h"\n\t" \ + "addl " L4 ", %" #h "\n\t" \ #define RND_STEP_0_8(a,b,c,d,e,f,g,h,i) \ /* L2 = ((((a>>>9) ^ a) >>> 11) ^ a) >>> 2 */ \ - "rorl $2, "L2"\n\t" \ + "rorl $2, " L2 "\n\t" \ /* L1 = d (e of next RND) */ \ - "movl %"#d", "L1"\n\t" \ + "movl %" #d ", " L1 "\n\t" \ /* h = h + w_k + Sigma1(e) Sigma0(a) + Ch(e,f,g) + Maj(a,b,c) */ \ - "addl "L2", %"#h"\n\t" \ + "addl " L2 ", %" #h "\n\t" \ #define RND_STEP_1_1(a,b,c,d,e,f,g,h,i) \ /* L1 = e>>>14 */ \ - "rorl $14, "L1"\n\t" \ - + "rorl $14, " L1 "\n\t" \ + #define RND_STEP_1_2(a,b,c,d,e,f,g,h,i) \ /* L3 = b */ \ - "movl %"#b", "L4"\n\t" \ + "movl %" #b ", " L4 "\n\t" \ /* L2 = f */ \ - "movl %"#f", "L2"\n\t" \ + "movl %" #f ", " L2 "\n\t" \ /* h += w_k */ \ - "addl ("#i")*4("WK"), %"#h"\n\t" \ + "addl (" #i ")*4(" WK "), %" #h "\n\t" \ /* L2 = f ^ g */ \ - "xorl %"#g", "L2"\n\t" \ - + "xorl %" #g ", " L2 "\n\t" \ + #define RND_STEP_1_3(a,b,c,d,e,f,g,h,i) \ /* L1 = (e>>>14) ^ e */ \ - "xorl %"#e", "L1"\n\t" \ + "xorl %" #e ", " L1 "\n\t" \ /* L2 = (f ^ g) & e */ \ - "andl %"#e", "L2"\n\t" \ - + "andl %" #e ", " L2 "\n\t" \ + #define RND_STEP_1_4(a,b,c,d,e,f,g,h,i) \ /* L1 = ((e>>>14) ^ e) >>> 5 */ \ - "rorl $5, "L1"\n\t" \ + "rorl $5, " L1 "\n\t" \ /* L2 = Ch(e,f,g) */ \ - "xorl %"#g", "L2"\n\t" \ + "xorl %" #g ", " L2 "\n\t" \ /* L1 = (((e>>>14) ^ e) >>> 5) ^ e */ \ - "xorl %"#e", "L1"\n\t" \ + "xorl %" #e ", " L1 "\n\t" \ /* h += Ch(e,f,g) */ \ - "addl "L2", %"#h"\n\t" \ + "addl " L2 ", %" #h "\n\t" \ #define RND_STEP_1_5(a,b,c,d,e,f,g,h,i) \ /* L1 = ((((e>>>14) ^ e) >>> 5) ^ e) >>> 6 */ \ - "rorl $6, "L1"\n\t" \ + "rorl $6, " L1 "\n\t" \ /* L4 = a ^ b (= b ^ c of next RND) */ \ - "xorl %"#a", "L4"\n\t" \ + "xorl %" #a ", " L4 "\n\t" \ /* h = h + w_k + Sigma1(e) */ \ - "addl "L1", %"#h"\n\t" \ + "addl " L1 ", %" #h "\n\t" \ /* L2 = a */ \ - "movl %"#a", "L2"\n\t" \ + "movl %" #a ", " L2 "\n\t" \ #define RND_STEP_1_6(a,b,c,d,e,f,g,h,i) \ /* L3 = (a ^ b) & (b ^ c) */ \ - "andl "L4", "L3"\n\t" \ + "andl " L4 ", " L3 "\n\t" \ /* L2 = a>>>9 */ \ - "rorl $9, "L2"\n\t" \ + "rorl $9, " L2 "\n\t" \ /* L2 = (a>>>9) ^ a */ \ - "xorl %"#a", "L2"\n\t" \ + "xorl %" #a ", " L2 "\n\t" \ /* L1 = Maj(a,b,c) */ \ - "xorl %"#b", "L3"\n\t" \ + "xorl %" #b ", " L3 "\n\t" \ #define RND_STEP_1_7(a,b,c,d,e,f,g,h,i) \ /* L2 = ((a>>>9) ^ a) >>> 11 */ \ - "rorl $11, "L2"\n\t" \ + "rorl $11, " L2 "\n\t" \ /* d += h + w_k + Sigma1(e) + Ch(e,f,g) */ \ - "addl %"#h", %"#d"\n\t" \ + "addl %" #h ", %" #d "\n\t" \ /* L2 = (((a>>>9) ^ a) >>> 11) ^ a */ \ - "xorl %"#a", "L2"\n\t" \ + "xorl %" #a ", " L2 "\n\t" \ /* h = h + w_k + Sigma1(e) + Ch(e,f,g) + Maj(a,b,c) */ \ - "addl "L3", %"#h"\n\t" \ + "addl " L3 ", %" #h "\n\t" \ #define RND_STEP_1_8(a,b,c,d,e,f,g,h,i) \ /* L2 = ((((a>>>9) ^ a) >>> 11) ^ a) >>> 2 */ \ - "rorl $2, "L2"\n\t" \ + "rorl $2, " L2 "\n\t" \ /* L1 = d (e of next RND) */ \ - "movl %"#d", "L1"\n\t" \ + "movl %" #d ", " L1 "\n\t" \ /* h = h + w_k + Sigma1(e) Sigma0(a) + Ch(e,f,g) + Maj(a,b,c) */ \ - "addl "L2", %"#h"\n\t" \ + "addl " L2 ", %" #h "\n\t" \ #define _RND_ALL_0(a,b,c,d,e,f,g,h,i) \ /* h += w_k */ \ - "addl ("#i")*4("WK"), %"#h"\n\t" \ + "addl (" #i ")*4(" WK "), %" #h "\n\t" \ /* L2 = f */ \ - "movl %"#f", "L2"\n\t" \ + "movl %" #f ", " L2 "\n\t" \ /* L3 = b */ \ - "movl %"#b", "L3"\n\t" \ + "movl %" #b ", " L3 "\n\t" \ /* L2 = f ^ g */ \ - "xorl %"#g", "L2"\n\t" \ + "xorl %" #g ", " L2 "\n\t" \ /* L1 = e>>>14 */ \ - "rorl $14, "L1"\n\t" \ + "rorl $14, " L1 "\n\t" \ /* L2 = (f ^ g) & e */ \ - "andl %"#e", "L2"\n\t" \ + "andl %" #e ", " L2 "\n\t" \ /* L1 = (e>>>14) ^ e */ \ - "xorl %"#e", "L1"\n\t" \ + "xorl %" #e ", " L1 "\n\t" \ /* L2 = Ch(e,f,g) */ \ - "xorl %"#g", "L2"\n\t" \ + "xorl %" #g ", " L2 "\n\t" \ /* L1 = ((e>>>14) ^ e) >>> 5 */ \ - "rorl $5, "L1"\n\t" \ + "rorl $5, " L1 "\n\t" \ /* h += Ch(e,f,g) */ \ - "addl "L2", %"#h"\n\t" \ + "addl " L2 ", %" #h "\n\t" \ /* L1 = (((e>>>14) ^ e) >>> 5) ^ e */ \ - "xorl %"#e", "L1"\n\t" \ + "xorl %" #e ", " L1 "\n\t" \ /* L3 = a ^ b */ \ - "xorl %"#a", "L3"\n\t" \ + "xorl %" #a ", " L3 "\n\t" \ /* L1 = ((((e>>>14) ^ e) >>> 5) ^ e) >>> 6 */ \ - "rorl $6, "L1"\n\t" \ + "rorl $6, " L1 "\n\t" \ /* L2 = a */ \ - "movl %"#a", "L2"\n\t" \ + "movl %" #a ", " L2 "\n\t" \ /* h = h + w_k + Sigma1(e) */ \ - "addl "L1", %"#h"\n\t" \ + "addl " L1 ", %" #h "\n\t" \ /* L2 = a>>>9 */ \ - "rorl $9, "L2"\n\t" \ + "rorl $9, " L2 "\n\t" \ /* L3 = (a ^ b) & (b ^ c) */ \ - "andl "L3", "L4"\n\t" \ + "andl " L3 ", " L4 "\n\t" \ /* L2 = (a>>>9) ^ a */ \ - "xorl %"#a", "L2"\n\t" \ + "xorl %" #a ", " L2 "\n\t" \ /* L1 = Maj(a,b,c) */ \ - "xorl %"#b", "L4"\n\t" \ + "xorl %" #b ", " L4 "\n\t" \ /* L2 = ((a>>>9) ^ a) >>> 11 */ \ - "rorl $11, "L2"\n\t" \ + "rorl $11, " L2 "\n\t" \ /* d += h + w_k + Sigma1(e) + Ch(e,f,g) */ \ - "addl %"#h", %"#d"\n\t" \ + "addl %" #h ", %" #d "\n\t" \ /* L2 = (((a>>>9) ^ a) >>> 11) ^ a */ \ - "xorl %"#a", "L2"\n\t" \ + "xorl %" #a ", " L2 "\n\t" \ /* h = h + w_k + Sigma1(e) + Ch(e,f,g) + Maj(a,b,c) */ \ - "addl "L4", %"#h"\n\t" \ + "addl " L4 ", %" #h "\n\t" \ /* L2 = ((((a>>>9) ^ a) >>> 11) ^ a) >>> 2 */ \ - "rorl $2, "L2"\n\t" \ + "rorl $2, " L2 "\n\t" \ /* L1 = d (e of next RND) */ \ - "movl %"#d", "L1"\n\t" \ + "movl %" #d ", " L1 "\n\t" \ /* h = h + w_k + Sigma1(e) Sigma0(a) + Ch(e,f,g) + Maj(a,b,c) */ \ - "addl "L2", %"#h"\n\t" \ + "addl " L2 ", %" #h "\n\t" \ #define _RND_ALL_1(a,b,c,d,e,f,g,h,i) \ /* h += w_k */ \ - "addl ("#i")*4("WK"), %"#h"\n\t" \ + "addl (" #i ")*4(" WK "), %" #h "\n\t" \ /* L2 = f */ \ - "movl %"#f", "L2"\n\t" \ + "movl %" #f ", " L2 "\n\t" \ /* L3 = b */ \ - "movl %"#b", "L4"\n\t" \ + "movl %" #b ", " L4 "\n\t" \ /* L2 = f ^ g */ \ - "xorl %"#g", "L2"\n\t" \ + "xorl %" #g ", " L2 "\n\t" \ /* L1 = e>>>14 */ \ - "rorl $14, "L1"\n\t" \ + "rorl $14, " L1 "\n\t" \ /* L2 = (f ^ g) & e */ \ - "andl %"#e", "L2"\n\t" \ + "andl %" #e ", " L2 "\n\t" \ /* L1 = (e>>>14) ^ e */ \ - "xorl %"#e", "L1"\n\t" \ + "xorl %" #e ", " L1 "\n\t" \ /* L2 = Ch(e,f,g) */ \ - "xorl %"#g", "L2"\n\t" \ + "xorl %" #g ", " L2 "\n\t" \ /* L1 = ((e>>>14) ^ e) >>> 5 */ \ - "rorl $5, "L1"\n\t" \ + "rorl $5, " L1 "\n\t" \ /* h += Ch(e,f,g) */ \ - "addl "L2", %"#h"\n\t" \ + "addl " L2 ", %" #h "\n\t" \ /* L1 = (((e>>>14) ^ e) >>> 5) ^ e */ \ - "xorl %"#e", "L1"\n\t" \ + "xorl %" #e ", " L1 "\n\t" \ /* L3 = a ^ b */ \ - "xorl %"#a", "L4"\n\t" \ + "xorl %" #a ", " L4 "\n\t" \ /* L1 = ((((e>>>14) ^ e) >>> 5) ^ e) >>> 6 */ \ - "rorl $6, "L1"\n\t" \ + "rorl $6, " L1 "\n\t" \ /* L2 = a */ \ - "movl %"#a", "L2"\n\t" \ + "movl %" #a ", " L2 "\n\t" \ /* h = h + w_k + Sigma1(e) */ \ - "addl "L1", %"#h"\n\t" \ + "addl " L1 ", %" #h "\n\t" \ /* L2 = a>>>9 */ \ - "rorl $9, "L2"\n\t" \ + "rorl $9, " L2 "\n\t" \ /* L3 = (a ^ b) & (b ^ c) */ \ - "andl "L4", "L3"\n\t" \ + "andl " L4 ", " L3 "\n\t" \ /* L2 = (a>>>9) ^ a */ \ - "xorl %"#a", "L2"\n\t" \ + "xorl %" #a", " L2 "\n\t" \ /* L1 = Maj(a,b,c) */ \ - "xorl %"#b", "L3"\n\t" \ + "xorl %" #b ", " L3 "\n\t" \ /* L2 = ((a>>>9) ^ a) >>> 11 */ \ - "rorl $11, "L2"\n\t" \ + "rorl $11, " L2 "\n\t" \ /* d += h + w_k + Sigma1(e) + Ch(e,f,g) */ \ - "addl %"#h", %"#d"\n\t" \ + "addl %" #h ", %" #d "\n\t" \ /* L2 = (((a>>>9) ^ a) >>> 11) ^ a */ \ - "xorl %"#a", "L2"\n\t" \ + "xorl %" #a ", " L2 "\n\t" \ /* h = h + w_k + Sigma1(e) + Ch(e,f,g) + Maj(a,b,c) */ \ - "addl "L3", %"#h"\n\t" \ + "addl " L3 ", %" #h "\n\t" \ /* L2 = ((((a>>>9) ^ a) >>> 11) ^ a) >>> 2 */ \ - "rorl $2, "L2"\n\t" \ + "rorl $2, " L2 "\n\t" \ /* L1 = d (e of next RND) */ \ - "movl %"#d", "L1"\n\t" \ + "movl %" #d ", " L1 "\n\t" \ /* h = h + w_k + Sigma1(e) Sigma0(a) + Ch(e,f,g) + Maj(a,b,c) */ \ - "addl "L2", %"#h"\n\t" \ + "addl " L2 ", %" #h "\n\t" \ #define RND_ALL_0(a, b, c, d, e, f, g, h, i) \ @@ -1376,43 +1376,43 @@ static int InitSha256(wc_Sha256* sha256) #if defined(HAVE_INTEL_AVX1) /* inline Assember for Intel AVX1 instructions */ #define _VPALIGNR(op1, op2, op3, op4) \ - "vpalignr $"#op4", %"#op3", %"#op2", %"#op1"\n\t" + "vpalignr $" #op4", %" #op3", %" #op2", %" #op1"\n\t" #define VPALIGNR(op1, op2, op3, op4) \ _VPALIGNR(op1, op2, op3, op4) #define _VPADDD(op1, op2, op3) \ - "vpaddd %"#op3", %"#op2", %"#op1"\n\t" + "vpaddd %" #op3", %" #op2", %" #op1"\n\t" #define VPADDD(op1, op2, op3) \ _VPADDD(op1, op2, op3) #define _VPSRLD(op1, op2, op3) \ - "vpsrld $"#op3", %"#op2", %"#op1"\n\t" + "vpsrld $" #op3", %" #op2", %" #op1"\n\t" #define VPSRLD(op1, op2, op3) \ _VPSRLD(op1, op2, op3) #define _VPSRLQ(op1, op2, op3) \ - "vpsrlq $"#op3", %"#op2", %"#op1"\n\t" + "vpsrlq $" #op3", %" #op2", %" #op1"\n\t" #define VPSRLQ(op1,op2,op3) \ _VPSRLQ(op1,op2,op3) #define _VPSLLD(op1,op2,op3) \ - "vpslld $"#op3", %"#op2", %"#op1"\n\t" + "vpslld $" #op3", %" #op2", %" #op1"\n\t" #define VPSLLD(op1,op2,op3) \ _VPSLLD(op1,op2,op3) #define _VPOR(op1,op2,op3) \ - "vpor %"#op3", %"#op2", %"#op1"\n\t" + "vpor %" #op3", %" #op2", %" #op1"\n\t" #define VPOR(op1,op2,op3) \ _VPOR(op1,op2,op3) #define _VPXOR(op1,op2,op3) \ - "vpxor %"#op3", %"#op2", %"#op1"\n\t" + "vpxor %" #op3", %" #op2", %" #op1"\n\t" #define VPXOR(op1,op2,op3) \ _VPXOR(op1,op2,op3) #define _VPSHUFD(op1,op2,op3) \ - "vpshufd $"#op3", %"#op2", %"#op1"\n\t" + "vpshufd $" #op3", %" #op2", %" #op1"\n\t" #define VPSHUFD(op1,op2,op3) \ _VPSHUFD(op1,op2,op3) #define _VPSHUFB(op1,op2,op3) \ - "vpshufb %"#op3", %"#op2", %"#op1"\n\t" + "vpshufb %" #op3", %" #op2", %" #op1"\n\t" #define VPSHUFB(op1,op2,op3) \ _VPSHUFB(op1,op2,op3) #define _VPSLLDQ(op1,op2,op3) \ - "vpslldq $"#op3", %"#op2", %"#op1"\n\t" + "vpslldq $" #op3", %" #op2", %" #op1"\n\t" #define VPSLLDQ(op1,op2,op3) \ _VPSLLDQ(op1,op2,op3) @@ -1554,12 +1554,12 @@ static int InitSha256(wc_Sha256* sha256) #define _W_K_from_buff(X0, X1, X2, X3, BYTE_FLIP_MASK) \ "# X0, X1, X2, X3 = W[0..15]\n\t" \ - "vmovdqu (%%rax), %"#X0"\n\t" \ - "vmovdqu 16(%%rax), %"#X1"\n\t" \ + "vmovdqu (%%rax), %" #X0 "\n\t" \ + "vmovdqu 16(%%rax), %" #X1 "\n\t" \ VPSHUFB(X0, X0, BYTE_FLIP_MASK) \ VPSHUFB(X1, X1, BYTE_FLIP_MASK) \ - "vmovdqu 32(%%rax), %"#X2"\n\t" \ - "vmovdqu 48(%%rax), %"#X3"\n\t" \ + "vmovdqu 32(%%rax), %" #X2 "\n\t" \ + "vmovdqu 48(%%rax), %" #X3 "\n\t" \ VPSHUFB(X2, X2, BYTE_FLIP_MASK) \ VPSHUFB(X3, X3, BYTE_FLIP_MASK) @@ -1568,14 +1568,14 @@ static int InitSha256(wc_Sha256* sha256) #define _SET_W_K_XFER_4(i) \ - "vpaddd ("#i"*4)+ 0+%[K], %%xmm0, %%xmm4\n\t" \ - "vpaddd ("#i"*4)+16+%[K], %%xmm1, %%xmm5\n\t" \ - "vmovdqu %%xmm4, ("WK")\n\t" \ - "vmovdqu %%xmm5, 16("WK")\n\t" \ - "vpaddd ("#i"*4)+32+%[K], %%xmm2, %%xmm6\n\t" \ - "vpaddd ("#i"*4)+48+%[K], %%xmm3, %%xmm7\n\t" \ - "vmovdqu %%xmm6, 32("WK")\n\t" \ - "vmovdqu %%xmm7, 48("WK")\n\t" + "vpaddd (" #i "*4)+ 0+%[K], %%xmm0, %%xmm4\n\t" \ + "vpaddd (" #i "*4)+16+%[K], %%xmm1, %%xmm5\n\t" \ + "vmovdqu %%xmm4, (" WK ")\n\t" \ + "vmovdqu %%xmm5, 16(" WK ")\n\t" \ + "vpaddd (" #i "*4)+32+%[K], %%xmm2, %%xmm6\n\t" \ + "vpaddd (" #i "*4)+48+%[K], %%xmm3, %%xmm7\n\t" \ + "vmovdqu %%xmm6, 32(" WK ")\n\t" \ + "vmovdqu %%xmm7, 48(" WK ")\n\t" #define SET_W_K_XFER_4(i) \ _SET_W_K_XFER_4(i) @@ -1588,10 +1588,10 @@ static const ALIGN32 word64 mSHUF_DC00[] = static const ALIGN32 word64 mBYTE_FLIP_MASK[] = { 0x0405060700010203, 0x0c0d0e0f08090a0b }; -#define _Init_Masks(mask1, mask2, mask3) \ - "vmovdqa %[FLIP], %"#mask1"\n\t" \ - "vmovdqa %[SHUF00BA], %"#mask2"\n\t" \ - "vmovdqa %[SHUFDC00], %"#mask3"\n\t" +#define _Init_Masks(mask1, mask2, mask3) \ + "vmovdqa %[FLIP], %" #mask1 "\n\t" \ + "vmovdqa %[SHUF00BA], %" #mask2 "\n\t" \ + "vmovdqa %[SHUFDC00], %" #mask3 "\n\t" #define Init_Masks(BYTE_FLIP_MASK, SHUF_00BA, SHUF_DC00) \ _Init_Masks(BYTE_FLIP_MASK, SHUF_00BA, SHUF_DC00) @@ -1626,9 +1626,9 @@ SHA256_NOINLINE static int Transform_Sha256_AVX1(wc_Sha256* sha256) W_K_from_buff(X0, X1, X2, X3, BYTE_FLIP_MASK) - "movl %%r9d, "L4"\n\t" - "movl %%r12d, "L1"\n\t" - "xorl %%r10d, "L4"\n\t" + "movl %%r9d, " L4 "\n\t" + "movl %%r12d, " L1 "\n\t" + "xorl %%r10d, " L4 "\n\t" SET_W_K_XFER_4(0) MsgSched(X0, X1, X2, X3, S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7, 0) @@ -1686,9 +1686,9 @@ SHA256_NOINLINE static int Transform_Sha256_AVX1_Len(wc_Sha256* sha256, W_K_from_buff(X0, X1, X2, X3, BYTE_FLIP_MASK) - "movl %%r9d, "L4"\n\t" - "movl %%r12d, "L1"\n\t" - "xorl %%r10d, "L4"\n\t" + "movl %%r9d, " L4 "\n\t" + "movl %%r12d, " L1 "\n\t" + "xorl %%r10d, " L4 "\n\t" SET_W_K_XFER_4(0) MsgSched(X0, X1, X2, X3, S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7, 0) @@ -1755,9 +1755,9 @@ SHA256_NOINLINE static int Transform_Sha256_AVX1_RORX(wc_Sha256* sha256) LOAD_DIGEST() SET_W_K_XFER_4(0) - "movl %%r9d, "L4"\n\t" - "rorx $6, %%r12d, "L1"\n\t" - "xorl %%r10d, "L4"\n\t" + "movl %%r9d, " L4 "\n\t" + "rorx $6, %%r12d, " L1 "\n\t" + "xorl %%r10d, " L4 "\n\t" MsgSched_RORX(X0, X1, X2, X3, S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7, 0) MsgSched_RORX(X1, X2, X3, X0, S_4, S_5, S_6, S_7, S_0, S_1, S_2, S_3, 4) MsgSched_RORX(X2, X3, X0, X1, S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7, 8) @@ -1776,13 +1776,13 @@ SHA256_NOINLINE static int Transform_Sha256_AVX1_RORX(wc_Sha256* sha256) MsgSched_RORX(X3, X0, X1, X2, S_4, S_5, S_6, S_7, S_0, S_1, S_2, S_3, 12) SET_W_K_XFER_4(48) - "xorl "L3", "L3"\n\t" + "xorl " L3 ", " L3 "\n\t" RND_RORX_X4(S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7, 0) RND_RORX_X4(S_4, S_5, S_6, S_7, S_0, S_1, S_2, S_3, 4) RND_RORX_X4(S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7, 8) RND_RORX_X4(S_4, S_5, S_6, S_7, S_0, S_1, S_2, S_3, 12) /* Prev RND: h += Maj(a,b,c) */ - "addl "L3", %%r8d\n\t" + "addl " L3 ", %%r8d\n\t" STORE_ADD_DIGEST() @@ -1817,9 +1817,9 @@ SHA256_NOINLINE static int Transform_Sha256_AVX1_RORX_Len(wc_Sha256* sha256, W_K_from_buff(X0, X1, X2, X3, BYTE_FLIP_MASK) SET_W_K_XFER_4(0) - "movl %%r9d, "L4"\n\t" - "rorx $6, %%r12d, "L1"\n\t" - "xorl %%r10d, "L4"\n\t" + "movl %%r9d, " L4 "\n\t" + "rorx $6, %%r12d, " L1 "\n\t" + "xorl %%r10d, " L4 "\n\t" MsgSched_RORX(X0, X1, X2, X3, S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7, 0) MsgSched_RORX(X1, X2, X3, X0, S_4, S_5, S_6, S_7, S_0, S_1, S_2, S_3, 4) MsgSched_RORX(X2, X3, X0, X1, S_4, S_5, S_6, S_7, S_0, S_1, S_2, S_3, 8) @@ -1838,14 +1838,14 @@ SHA256_NOINLINE static int Transform_Sha256_AVX1_RORX_Len(wc_Sha256* sha256, MsgSched_RORX(X3, X0, X1, X2, S_4, S_5, S_6, S_7, S_0, S_1, S_2, S_3, 12) SET_W_K_XFER_4(48) - "xorl "L3", "L3"\n\t" - "xorl "L2", "L2"\n\t" + "xorl " L3 ", " L3 "\n\t" + "xorl " L2 ", " L2 "\n\t" RND_RORX_X4(S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7, 0) RND_RORX_X4(S_4, S_5, S_6, S_7, S_0, S_1, S_2, S_3, 4) RND_RORX_X4(S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7, 8) RND_RORX_X4(S_4, S_5, S_6, S_7, S_0, S_1, S_2, S_3, 12) /* Prev RND: h += Maj(a,b,c) */ - "addl "L3", %%r8d\n\t" + "addl " L3 ", %%r8d\n\t" "movq 120(%[sha256]), %%rax\n\t" ADD_DIGEST() @@ -2027,43 +2027,43 @@ SHA256_NOINLINE static int Transform_Sha256_AVX1_RORX_Len(wc_Sha256* sha256, #endif /* HAVE_INTEL_RORX */ #define _VINSERTI128(op1,op2,op3,op4) \ - "vinserti128 $"#op4", %"#op3", %"#op2", %"#op1"\n\t" + "vinserti128 $" #op4 ", %" #op3 ", %" #op2 ", %" #op1 "\n\t" #define VINSERTI128(op1,op2,op3,op4) \ _VINSERTI128(op1,op2,op3,op4) -#define _LOAD_W_K_LOW(BYTE_FLIP_MASK, reg) \ - "# X0, X1, X2, X3 = W[0..15]\n\t" \ - "vmovdqu (%%"#reg"), %%xmm0\n\t" \ - "vmovdqu 16(%%"#reg"), %%xmm1\n\t" \ - VPSHUFB(X0, X0, BYTE_FLIP_MASK) \ - VPSHUFB(X1, X1, BYTE_FLIP_MASK) \ - "vmovdqu 32(%%"#reg"), %%xmm2\n\t" \ - "vmovdqu 48(%%"#reg"), %%xmm3\n\t" \ - VPSHUFB(X2, X2, BYTE_FLIP_MASK) \ +#define _LOAD_W_K_LOW(BYTE_FLIP_MASK, reg) \ + "# X0, X1, X2, X3 = W[0..15]\n\t" \ + "vmovdqu (%%" #reg "), %%xmm0\n\t" \ + "vmovdqu 16(%%" #reg "), %%xmm1\n\t" \ + VPSHUFB(X0, X0, BYTE_FLIP_MASK) \ + VPSHUFB(X1, X1, BYTE_FLIP_MASK) \ + "vmovdqu 32(%%" #reg "), %%xmm2\n\t" \ + "vmovdqu 48(%%" #reg "), %%xmm3\n\t" \ + VPSHUFB(X2, X2, BYTE_FLIP_MASK) \ VPSHUFB(X3, X3, BYTE_FLIP_MASK) #define LOAD_W_K_LOW(BYTE_FLIP_MASK, reg) \ _LOAD_W_K_LOW(BYTE_FLIP_MASK, reg) -#define _LOAD_W_K(BYTE_FLIP_Y_MASK, reg) \ - "# X0, X1, X2, X3 = W[0..15]\n\t" \ - "vmovdqu (%%"#reg"), %%xmm0\n\t" \ - "vmovdqu 16(%%"#reg"), %%xmm1\n\t" \ - "vmovdqu 64(%%"#reg"), %%xmm4\n\t" \ - "vmovdqu 80(%%"#reg"), %%xmm5\n\t" \ - VINSERTI128(Y0, Y0, XTMP0, 1) \ - VINSERTI128(Y1, Y1, XTMP1, 1) \ - VPSHUFB(Y0, Y0, BYTE_FLIP_Y_MASK) \ - VPSHUFB(Y1, Y1, BYTE_FLIP_Y_MASK) \ - "vmovdqu 32(%%"#reg"), %%xmm2\n\t" \ - "vmovdqu 48(%%"#reg"), %%xmm3\n\t" \ - "vmovdqu 96(%%"#reg"), %%xmm6\n\t" \ - "vmovdqu 112(%%"#reg"), %%xmm7\n\t" \ - VINSERTI128(Y2, Y2, XTMP2, 1) \ - VINSERTI128(Y3, Y3, XTMP3, 1) \ - VPSHUFB(Y2, Y2, BYTE_FLIP_Y_MASK) \ +#define _LOAD_W_K(BYTE_FLIP_Y_MASK, reg) \ + "# X0, X1, X2, X3 = W[0..15]\n\t" \ + "vmovdqu (%%" #reg "), %%xmm0\n\t" \ + "vmovdqu 16(%%" #reg "), %%xmm1\n\t" \ + "vmovdqu 64(%%" #reg "), %%xmm4\n\t" \ + "vmovdqu 80(%%" #reg "), %%xmm5\n\t" \ + VINSERTI128(Y0, Y0, XTMP0, 1) \ + VINSERTI128(Y1, Y1, XTMP1, 1) \ + VPSHUFB(Y0, Y0, BYTE_FLIP_Y_MASK) \ + VPSHUFB(Y1, Y1, BYTE_FLIP_Y_MASK) \ + "vmovdqu 32(%%" #reg "), %%xmm2\n\t" \ + "vmovdqu 48(%%" #reg "), %%xmm3\n\t" \ + "vmovdqu 96(%%" #reg "), %%xmm6\n\t" \ + "vmovdqu 112(%%" #reg "), %%xmm7\n\t" \ + VINSERTI128(Y2, Y2, XTMP2, 1) \ + VINSERTI128(Y3, Y3, XTMP3, 1) \ + VPSHUFB(Y2, Y2, BYTE_FLIP_Y_MASK) \ VPSHUFB(Y3, Y3, BYTE_FLIP_Y_MASK) #define LOAD_W_K(BYTE_FLIP_Y_MASK, reg) \ @@ -2071,14 +2071,14 @@ SHA256_NOINLINE static int Transform_Sha256_AVX1_RORX_Len(wc_Sha256* sha256, #define _SET_W_Y_4(i) \ - "vpaddd ("#i"*8)+ 0+%[K], %%ymm0, %%ymm4\n\t" \ - "vpaddd ("#i"*8)+32+%[K], %%ymm1, %%ymm5\n\t" \ - "vmovdqu %%ymm4, ("#i"*8)+ 0("WK")\n\t" \ - "vmovdqu %%ymm5, ("#i"*8)+32("WK")\n\t" \ - "vpaddd ("#i"*8)+64+%[K], %%ymm2, %%ymm4\n\t" \ - "vpaddd ("#i"*8)+96+%[K], %%ymm3, %%ymm5\n\t" \ - "vmovdqu %%ymm4, ("#i"*8)+64("WK")\n\t" \ - "vmovdqu %%ymm5, ("#i"*8)+96("WK")\n\t" + "vpaddd (" #i "*8)+ 0+%[K], %%ymm0, %%ymm4\n\t" \ + "vpaddd (" #i "*8)+32+%[K], %%ymm1, %%ymm5\n\t" \ + "vmovdqu %%ymm4, (" #i "*8)+ 0(" WK ")\n\t" \ + "vmovdqu %%ymm5, (" #i "*8)+32(" WK ")\n\t" \ + "vpaddd (" #i "*8)+64+%[K], %%ymm2, %%ymm4\n\t" \ + "vpaddd (" #i "*8)+96+%[K], %%ymm3, %%ymm5\n\t" \ + "vmovdqu %%ymm4, (" #i "*8)+64(" WK ")\n\t" \ + "vmovdqu %%ymm5, (" #i "*8)+96(" WK ")\n\t" #define SET_W_Y_4(i) \ _SET_W_Y_4(i) @@ -2095,9 +2095,9 @@ static const ALIGN32 word64 mBYTE_FLIP_Y_MASK[] = 0x0405060700010203, 0x0c0d0e0f08090a0b }; #define _INIT_MASKS_Y(BYTE_FLIP_MASK, SHUF_00BA, SHUF_DC00) \ - "vmovdqa %[FLIP], %"#BYTE_FLIP_MASK"\n\t" \ - "vmovdqa %[SHUF00BA], %"#SHUF_00BA"\n\t" \ - "vmovdqa %[SHUFDC00], %"#SHUF_DC00"\n\t" + "vmovdqa %[FLIP], %" #BYTE_FLIP_MASK "\n\t" \ + "vmovdqa %[SHUF00BA], %" #SHUF_00BA "\n\t" \ + "vmovdqa %[SHUFDC00], %" #SHUF_DC00 "\n\t" #define INIT_MASKS_Y(BYTE_FLIP_MASK, SHUF_00BA, SHUF_DC00) \ _INIT_MASKS_Y(BYTE_FLIP_MASK, SHUF_00BA, SHUF_DC00) @@ -2149,9 +2149,9 @@ SHA256_NOINLINE static int Transform_Sha256_AVX2(wc_Sha256* sha256) LOAD_W_K_LOW(BYTE_FLIP_MASK, rax) - "movl %%r9d, "L4"\n\t" - "movl %%r12d, "L1"\n\t" - "xorl %%r10d, "L4"\n\t" + "movl %%r9d, " L4 "\n\t" + "movl %%r12d, " L1 "\n\t" + "xorl %%r10d, " L4 "\n\t" SET_W_Y_4(0) MsgSched_Y(Y0, Y1, Y2, Y3, S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7, 0) @@ -2218,9 +2218,9 @@ SHA256_NOINLINE static int Transform_Sha256_AVX2_Len(wc_Sha256* sha256, LOAD_W_K(BYTE_FLIP_Y_MASK, rax) - "movl %%r9d, "L4"\n\t" - "movl %%r12d, "L1"\n\t" - "xorl %%r10d, "L4"\n\t" + "movl %%r9d, " L4 "\n\t" + "movl %%r12d, " L1 "\n\t" + "xorl %%r10d, " L4 "\n\t" SET_W_Y_4(0) MsgSched_Y(Y0, Y1, Y2, Y3, S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7, 0) @@ -2249,9 +2249,9 @@ SHA256_NOINLINE static int Transform_Sha256_AVX2_Len(wc_Sha256* sha256, ADD_DIGEST() STORE_DIGEST() - "movl %%r9d, "L4"\n\t" - "movl %%r12d, "L1"\n\t" - "xorl %%r10d, "L4"\n\t" + "movl %%r9d, " L4 "\n\t" + "movl %%r12d, " L1 "\n\t" + "xorl %%r10d, " L4 "\n\t" RND_ALL_4(S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7, 4) RND_ALL_4(S_4, S_5, S_6, S_7, S_0, S_1, S_2, S_3, 12) @@ -2309,9 +2309,9 @@ SHA256_NOINLINE static int Transform_Sha256_AVX2_RORX(wc_Sha256* sha256) LOAD_DIGEST() - "movl %%r9d, "L4"\n\t" - "rorx $6, %%r12d, "L1"\n\t" - "xorl %%r10d, "L4"\n\t" + "movl %%r9d, " L4 "\n\t" + "rorx $6, %%r12d, " L1 "\n\t" + "xorl %%r10d, " L4 "\n\t" SET_W_Y_4(0) MsgSched_Y_RORX(Y0, Y1, Y2, Y3, S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7, 0) @@ -2332,14 +2332,14 @@ SHA256_NOINLINE static int Transform_Sha256_AVX2_RORX(wc_Sha256* sha256) MsgSched_Y_RORX(Y3, Y0, Y1, Y2, S_4, S_5, S_6, S_7, S_0, S_1, S_2, S_3, 88) SET_W_Y_4(48) - "xorl "L3", "L3"\n\t" - "xorl "L2", "L2"\n\t" + "xorl " L3 ", " L3 "\n\t" + "xorl " L2 ", " L2 "\n\t" RND_RORX_X4(S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7, 96) RND_RORX_X4(S_4, S_5, S_6, S_7, S_0, S_1, S_2, S_3, 104) RND_RORX_X4(S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7, 112) RND_RORX_X4(S_4, S_5, S_6, S_7, S_0, S_1, S_2, S_3, 120) /* Prev RND: h += Maj(a,b,c) */ - "addl "L3", %%r8d\n\t" + "addl " L3 ", %%r8d\n\t" STORE_ADD_DIGEST() @@ -2382,9 +2382,9 @@ SHA256_NOINLINE static int Transform_Sha256_AVX2_RORX_Len(wc_Sha256* sha256, LOAD_W_K(BYTE_FLIP_Y_MASK, rax) - "movl %%r9d, "L4"\n\t" - "rorx $6, %%r12d, "L1"\n\t" - "xorl %%r10d, "L4"\n\t" + "movl %%r9d, " L4 "\n\t" + "rorx $6, %%r12d, " L1 "\n\t" + "xorl %%r10d, " L4 "\n\t" SET_W_Y_4(0) MsgSched_Y_RORX(Y0, Y1, Y2, Y3, S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7, 0) @@ -2405,22 +2405,22 @@ SHA256_NOINLINE static int Transform_Sha256_AVX2_RORX_Len(wc_Sha256* sha256, MsgSched_Y_RORX(Y3, Y0, Y1, Y2, S_4, S_5, S_6, S_7, S_0, S_1, S_2, S_3, 88) SET_W_Y_4(48) - "xorl "L3", "L3"\n\t" - "xorl "L2", "L2"\n\t" + "xorl " L3 ", " L3 "\n\t" + "xorl " L2 ", " L2 "\n\t" RND_RORX_X4(S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7, 96) RND_RORX_X4(S_4, S_5, S_6, S_7, S_0, S_1, S_2, S_3, 104) RND_RORX_X4(S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7, 112) RND_RORX_X4(S_4, S_5, S_6, S_7, S_0, S_1, S_2, S_3, 120) /* Prev RND: h += Maj(a,b,c) */ - "addl "L3", %%r8d\n\t" - "xorl "L2", "L2"\n\t" + "addl " L3 ", %%r8d\n\t" + "xorl " L2 ", " L2 "\n\t" ADD_DIGEST() STORE_DIGEST() - "movl %%r9d, "L4"\n\t" - "xorl "L3", "L3"\n\t" - "xorl %%r10d, "L4"\n\t" + "movl %%r9d, " L4 "\n\t" + "xorl " L3 ", " L3 "\n\t" + "xorl %%r10d, " L4 "\n\t" RND_RORX_X4(S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7, 4) RND_RORX_X4(S_4, S_5, S_6, S_7, S_0, S_1, S_2, S_3, 12) @@ -2439,7 +2439,7 @@ SHA256_NOINLINE static int Transform_Sha256_AVX2_RORX_Len(wc_Sha256* sha256, RND_RORX_X4(S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7, 116) RND_RORX_X4(S_4, S_5, S_6, S_7, S_0, S_1, S_2, S_3, 124) /* Prev RND: h += Maj(a,b,c) */ - "addl "L3", %%r8d\n\t" + "addl " L3 ", %%r8d\n\t" "movq 120(%[sha256]), %%rax\n\t" ADD_DIGEST() diff --git a/wolfcrypt/src/sha512.c b/wolfcrypt/src/sha512.c index b96b29ad6..9def45576 100644 --- a/wolfcrypt/src/sha512.c +++ b/wolfcrypt/src/sha512.c @@ -764,33 +764,33 @@ static word64 mBYTE_FLIP_MASK[] = { 0x0001020304050607, 0x08090a0b0c0d0e0f }; "xmm0", "xmm1", "xmm2", "xmm3", "xmm4", "xmm5", "xmm6", "xmm7", \ "xmm8", "xmm9", "xmm10", "xmm11", "xmm12", "xmm13", "xmm14", "xmm15" -#define _VPALIGNR(dest, src1, src2, bits) \ - "vpalignr $"#bits", %%"#src2", %%"#src1", %%"#dest"\n\t" +#define _VPALIGNR(dest, src1, src2, bits) \ + "vpalignr $" #bits ", %%" #src2 ", %%" #src1 ", %%" #dest "\n\t" #define VPALIGNR(dest, src1, src2, bits) \ _VPALIGNR(dest, src1, src2, bits) #define _V_SHIFT_R(dest, src, bits) \ - "vpsrlq $"#bits", %%"#src", %%"#dest"\n\t" + "vpsrlq $" #bits ", %%" #src ", %%" #dest "\n\t" #define V_SHIFT_R(dest, src, bits) \ _V_SHIFT_R(dest, src, bits) #define _V_SHIFT_L(dest, src, bits) \ - "vpsllq $"#bits", %%"#src", %%"#dest"\n\t" + "vpsllq $" #bits ", %%" #src ", %%" #dest "\n\t" #define V_SHIFT_L(dest, src, bits) \ _V_SHIFT_L(dest, src, bits) #define _V_ADD(dest, src1, src2) \ - "vpaddq %%"#src1", %%"#src2", %%"#dest"\n\t" + "vpaddq %%" #src1 ", %%" #src2 ", %%" #dest "\n\t" #define V_ADD(dest, src1, src2) \ _V_ADD(dest, src1, src2) #define _V_XOR(dest, src1, src2) \ - "vpxor %%"#src1", %%"#src2", %%"#dest"\n\t" + "vpxor %%" #src1 ", %%" #src2 ", %%" #dest "\n\t" #define V_XOR(dest, src1, src2) \ _V_XOR(dest, src1, src2) #define _V_OR(dest, src1, src2) \ - "vpor %%"#src1", %%"#src2", %%"#dest"\n\t" + "vpor %%" #src1 ", %%" #src2 ", %%" #dest "\n\t" #define V_OR(dest, src1, src2) \ _V_OR(dest, src1, src2) @@ -815,179 +815,179 @@ static word64 mBYTE_FLIP_MASK[] = { 0x0001020304050607, 0x08090a0b0c0d0e0f }; #define RND_0_1(a,b,c,d,e,f,g,h,i) \ /* L1 = e >>> 23 */ \ - "rorq $23, "L1"\n\t" \ + "rorq $23, " L1 "\n\t" \ #define RND_0_2(a,b,c,d,e,f,g,h,i) \ /* L3 = a */ \ - "movq "#a", "L3"\n\t" \ + "movq "#a", " L3 "\n\t" \ /* L2 = f */ \ - "movq "#f", "L2"\n\t" \ + "movq "#f", " L2 "\n\t" \ /* h += W_X[i] */ \ - "addq ("#i")*8("WX"), "#h"\n\t" \ + "addq ("#i")*8(" WX "), "#h"\n\t" \ /* L2 = f ^ g */ \ - "xorq "#g", "L2"\n\t" \ + "xorq "#g", " L2 "\n\t" \ #define RND_0_2_A(a,b,c,d,e,f,g,h,i) \ /* L3 = a */ \ - "movq "#a", "L3"\n\t" \ + "movq "#a", " L3 "\n\t" \ /* L2 = f */ \ - "movq "#f", "L2"\n\t" \ + "movq "#f", " L2 "\n\t" \ #define RND_0_2_B(a,b,c,d,e,f,g,h,i) \ /* h += W_X[i] */ \ - "addq ("#i")*8("WX"), "#h"\n\t" \ + "addq ("#i")*8(" WX "), "#h"\n\t" \ /* L2 = f ^ g */ \ - "xorq "#g", "L2"\n\t" \ + "xorq "#g", " L2 "\n\t" \ #define RND_0_3(a,b,c,d,e,f,g,h,i) \ /* L1 = (e >>> 23) ^ e */ \ - "xorq "#e", "L1"\n\t" \ + "xorq "#e", " L1 "\n\t" \ /* L2 = (f ^ g) & e */ \ - "andq "#e", "L2"\n\t" \ + "andq "#e", " L2 "\n\t" \ #define RND_0_4(a,b,c,d,e,f,g,h,i) \ /* L1 = ((e >>> 23) ^ e) >>> 4 */ \ - "rorq $4, "L1"\n\t" \ + "rorq $4, " L1 "\n\t" \ /* L2 = ((f ^ g) & e) ^ g */ \ - "xorq "#g", "L2"\n\t" \ + "xorq "#g", " L2 "\n\t" \ #define RND_0_5(a,b,c,d,e,f,g,h,i) \ /* L1 = (((e >>> 23) ^ e) >>> 4) ^ e */ \ - "xorq "#e", "L1"\n\t" \ + "xorq "#e", " L1 "\n\t" \ /* h += Ch(e,f,g) */ \ - "addq "L2", "#h"\n\t" \ + "addq " L2 ", "#h"\n\t" \ #define RND_0_6(a,b,c,d,e,f,g,h,i) \ /* L1 = ((((e >>> 23) ^ e) >>> 4) ^ e) >>> 14 */ \ - "rorq $14, "L1"\n\t" \ + "rorq $14, " L1 "\n\t" \ /* L3 = a ^ b */ \ - "xorq "#b", "L3"\n\t" \ + "xorq "#b", " L3 "\n\t" \ #define RND_0_7(a,b,c,d,e,f,g,h,i) \ /* h += Sigma1(e) */ \ - "addq "L1", "#h"\n\t" \ + "addq " L1 ", "#h"\n\t" \ /* L2 = a */ \ - "movq "#a", "L2"\n\t" \ + "movq "#a", " L2 "\n\t" \ #define RND_0_8(a,b,c,d,e,f,g,h,i) \ /* L4 = (a ^ b) & (b ^ c) */ \ - "andq "L3", "L4"\n\t" \ + "andq " L3 ", " L4 "\n\t" \ /* L2 = a >>> 5 */ \ - "rorq $5, "L2"\n\t" \ + "rorq $5, " L2 "\n\t" \ #define RND_0_9(a,b,c,d,e,f,g,h,i) \ /* L2 = (a >>> 5) ^ a */ \ - "xorq "#a", "L2"\n\t" \ + "xorq "#a", " L2 "\n\t" \ /* L4 = ((a ^ b) & (b ^ c) ^ b */ \ - "xorq "#b", "L4"\n\t" \ + "xorq "#b", " L4 "\n\t" \ #define RND_0_10(a,b,c,d,e,f,g,h,i) \ /* L2 = ((a >>> 5) ^ a) >>> 6 */ \ - "rorq $6, "L2"\n\t" \ + "rorq $6, " L2 "\n\t" \ /* d += h */ \ "addq "#h", "#d"\n\t" \ #define RND_0_11(a,b,c,d,e,f,g,h,i) \ /* L2 = (((a >>> 5) ^ a) >>> 6) ^ a */ \ - "xorq "#a", "L2"\n\t" \ + "xorq "#a", " L2 "\n\t" \ /* h += Sigma0(a) */ \ - "addq "L4", "#h"\n\t" \ + "addq " L4 ", "#h"\n\t" \ #define RND_0_12(a,b,c,d,e,f,g,h,i) \ /* L2 = ((((a >>> 5) ^ a) >>> 6) ^ a) >>> 28 */ \ - "rorq $28, "L2"\n\t" \ + "rorq $28, " L2 "\n\t" \ /* d (= e next RND) */ \ - "movq "#d", "L1"\n\t" \ + "movq "#d", " L1 "\n\t" \ /* h += Maj(a,b,c) */ \ - "addq "L2", "#h"\n\t" \ + "addq " L2 ", "#h"\n\t" \ #define RND_1_1(a,b,c,d,e,f,g,h,i) \ /* L1 = e >>> 23 */ \ - "rorq $23, "L1"\n\t" \ + "rorq $23, " L1 "\n\t" \ #define RND_1_2(a,b,c,d,e,f,g,h,i) \ /* L4 = a */ \ - "movq "#a", "L4"\n\t" \ + "movq "#a", " L4 "\n\t" \ /* L2 = f */ \ - "movq "#f", "L2"\n\t" \ + "movq "#f", " L2 "\n\t" \ /* h += W_X[i] */ \ - "addq ("#i")*8("WX"), "#h"\n\t" \ + "addq ("#i")*8(" WX "), "#h"\n\t" \ /* L2 = f ^ g */ \ - "xorq "#g", "L2"\n\t" \ + "xorq "#g", " L2 "\n\t" \ #define RND_1_2_A(a,b,c,d,e,f,g,h,i) \ /* L4 = a */ \ - "movq "#a", "L4"\n\t" \ + "movq "#a", " L4 "\n\t" \ /* L2 = f */ \ - "movq "#f", "L2"\n\t" \ + "movq "#f", " L2 "\n\t" \ #define RND_1_2_B(a,b,c,d,e,f,g,h,i) \ /* h += W_X[i] */ \ - "addq ("#i")*8("WX"), "#h"\n\t" \ + "addq ("#i")*8(" WX "), "#h"\n\t" \ /* L2 = f ^ g */ \ - "xorq "#g", "L2"\n\t" \ + "xorq "#g", " L2 "\n\t" \ #define RND_1_3(a,b,c,d,e,f,g,h,i) \ /* L1 = (e >>> 23) ^ e */ \ - "xorq "#e", "L1"\n\t" \ + "xorq "#e", " L1 "\n\t" \ /* L2 = (f ^ g) & e */ \ - "andq "#e", "L2"\n\t" \ + "andq "#e", " L2 "\n\t" \ #define RND_1_4(a,b,c,d,e,f,g,h,i) \ /* ((e >>> 23) ^ e) >>> 4 */ \ - "rorq $4, "L1"\n\t" \ + "rorq $4, " L1 "\n\t" \ /* ((f ^ g) & e) ^ g */ \ - "xorq "#g", "L2"\n\t" \ + "xorq "#g", " L2 "\n\t" \ #define RND_1_5(a,b,c,d,e,f,g,h,i) \ /* (((e >>> 23) ^ e) >>> 4) ^ e */ \ - "xorq "#e", "L1"\n\t" \ + "xorq "#e", " L1 "\n\t" \ /* h += Ch(e,f,g) */ \ - "addq "L2", "#h"\n\t" \ + "addq " L2 ", "#h"\n\t" \ #define RND_1_6(a,b,c,d,e,f,g,h,i) \ /* L1 = ((((e >>> 23) ^ e) >>> 4) ^ e) >>> 14 */ \ - "rorq $14, "L1"\n\t" \ + "rorq $14, " L1 "\n\t" \ /* L4 = a ^ b */ \ - "xorq "#b", "L4"\n\t" \ + "xorq "#b", " L4 "\n\t" \ #define RND_1_7(a,b,c,d,e,f,g,h,i) \ /* h += Sigma1(e) */ \ - "addq "L1", "#h"\n\t" \ + "addq " L1 ", "#h"\n\t" \ /* L2 = a */ \ - "movq "#a", "L2"\n\t" \ - + "movq "#a", " L2 "\n\t" \ + #define RND_1_8(a,b,c,d,e,f,g,h,i) \ /* L3 = (a ^ b) & (b ^ c) */ \ - "andq "L4", "L3"\n\t" \ + "andq " L4 ", " L3 "\n\t" \ /* L2 = a >>> 5 */ \ - "rorq $5, "L2"\n\t" \ + "rorq $5, " L2 "\n\t" \ #define RND_1_9(a,b,c,d,e,f,g,h,i) \ /* L2 = (a >>> 5) ^ a */ \ - "xorq "#a", "L2"\n\t" \ + "xorq "#a", " L2 "\n\t" \ /* L3 = ((a ^ b) & (b ^ c) ^ b */ \ - "xorq "#b", "L3"\n\t" \ + "xorq "#b", " L3 "\n\t" \ #define RND_1_10(a,b,c,d,e,f,g,h,i) \ /* L2 = ((a >>> 5) ^ a) >>> 6 */ \ - "rorq $6, "L2"\n\t" \ + "rorq $6, " L2 "\n\t" \ /* d += h */ \ "addq "#h", "#d"\n\t" \ #define RND_1_11(a,b,c,d,e,f,g,h,i) \ /* L2 = (((a >>> 5) ^ a) >>> 6) ^ a */ \ - "xorq "#a", "L2"\n\t" \ + "xorq "#a", " L2 "\n\t" \ /* h += Sigma0(a) */ \ - "addq "L3", "#h"\n\t" \ + "addq " L3 ", "#h"\n\t" \ #define RND_1_12(a,b,c,d,e,f,g,h,i) \ /* L2 = ((((a >>> 5) ^ a) >>> 6) ^ a) >>> 28 */ \ - "rorq $28, "L2"\n\t" \ + "rorq $28, " L2 "\n\t" \ /* d (= e next RND) */ \ - "movq "#d", "L1"\n\t" \ + "movq "#d", " L1 "\n\t" \ /* h += Maj(a,b,c) */ \ - "addq "L2", "#h"\n\t" \ + "addq " L2 ", "#h"\n\t" \ #define MsgSched2(W_0,W_2,W_4,W_6,W_8,W_10,W_12,W_14,a,b,c,d,e,f,g,h,i) \ @@ -1070,131 +1070,131 @@ static word64 mBYTE_FLIP_MASK[] = { 0x0001020304050607, 0x08090a0b0c0d0e0f }; #define RND_RORX_0_1(a, b, c, d, e, f, g, h, i) \ /* L1 = e>>>14 */ \ - "rorxq $14, "#e", "L1"\n\t" \ + "rorxq $14, "#e", " L1 "\n\t" \ /* L2 = e>>>18 */ \ - "rorxq $18, "#e", "L2"\n\t" \ + "rorxq $18, "#e", " L2 "\n\t" \ /* Prev RND: h += Maj(a,b,c) */ \ - "addq "L3", "#a"\n\t" \ + "addq " L3 ", "#a"\n\t" \ #define RND_RORX_0_2(a, b, c, d, e, f, g, h, i) \ /* h += w_k */ \ - "addq ("#i")*8("WX"), "#h"\n\t" \ + "addq ("#i")*8(" WX "), "#h"\n\t" \ /* L3 = f */ \ - "movq "#f", "L3"\n\t" \ + "movq "#f", " L3 "\n\t" \ /* L2 = (e>>>14) ^ (e>>>18) */ \ - "xorq "L1", "L2"\n\t" \ + "xorq " L1 ", " L2 "\n\t" \ #define RND_RORX_0_3(a, b, c, d, e, f, g, h, i) \ /* L3 = f ^ g */ \ - "xorq "#g", "L3"\n\t" \ + "xorq "#g", " L3 "\n\t" \ /* L1 = e>>>41 */ \ - "rorxq $41, "#e", "L1"\n\t" \ + "rorxq $41, "#e", " L1 "\n\t" \ /* L1 = Sigma1(e) */ \ - "xorq "L2", "L1"\n\t" \ + "xorq " L2 ", " L1 "\n\t" \ #define RND_RORX_0_4(a, b, c, d, e, f, g, h, i) \ /* L3 = (f ^ g) & e */ \ - "andq "#e", "L3"\n\t" \ + "andq "#e", " L3 "\n\t" \ /* h += Sigma1(e) */ \ - "addq "L1", "#h"\n\t" \ + "addq " L1 ", "#h"\n\t" \ /* L1 = a>>>28 */ \ - "rorxq $28, "#a", "L1"\n\t" \ + "rorxq $28, "#a", " L1 "\n\t" \ #define RND_RORX_0_5(a, b, c, d, e, f, g, h, i) \ /* L2 = a>>>34 */ \ - "rorxq $34, "#a", "L2"\n\t" \ + "rorxq $34, "#a", " L2 "\n\t" \ /* L3 = Ch(e,f,g) */ \ - "xorq "#g", "L3"\n\t" \ + "xorq "#g", " L3 "\n\t" \ /* L2 = (a>>>28) ^ (a>>>34) */ \ - "xorq "L1", "L2"\n\t" \ + "xorq " L1 ", " L2 "\n\t" \ #define RND_RORX_0_6(a, b, c, d, e, f, g, h, i) \ /* L1 = a>>>39 */ \ - "rorxq $39, "#a", "L1"\n\t" \ + "rorxq $39, "#a", " L1 "\n\t" \ /* h += Ch(e,f,g) */ \ - "addq "L3", "#h"\n\t" \ + "addq " L3 ", "#h"\n\t" \ /* L1 = Sigma0(a) */ \ - "xorq "L2", "L1"\n\t" \ + "xorq " L2 ", " L1 "\n\t" \ #define RND_RORX_0_7(a, b, c, d, e, f, g, h, i) \ /* L3 = b */ \ - "movq "#b", "L3"\n\t" \ + "movq "#b", " L3 "\n\t" \ /* d += h + w_k + Sigma1(e) + Ch(e,f,g) */ \ "addq "#h", "#d"\n\t" \ /* L3 = a ^ b */ \ - "xorq "#a", "L3"\n\t" \ + "xorq "#a", " L3 "\n\t" \ #define RND_RORX_0_8(a, b, c, d, e, f, g, h, i) \ /* L4 = (a ^ b) & (b ^ c) */ \ - "andq "L3", "L4"\n\t" \ + "andq " L3 ", " L4 "\n\t" \ /* h += Sigma0(a) */ \ - "addq "L1", "#h"\n\t" \ + "addq " L1 ", "#h"\n\t" \ /* L4 = Maj(a,b,c) */ \ - "xorq "#b", "L4"\n\t" \ + "xorq "#b", " L4 "\n\t" \ #define RND_RORX_1_1(a, b, c, d, e, f, g, h, i) \ /* L1 = e>>>14 */ \ - "rorxq $14, "#e", "L1"\n\t" \ + "rorxq $14, "#e", " L1 "\n\t" \ /* L2 = e>>>18 */ \ - "rorxq $18, "#e", "L2"\n\t" \ + "rorxq $18, "#e", " L2 "\n\t" \ /* Prev RND: h += Maj(a,b,c) */ \ - "addq "L4", "#a"\n\t" \ + "addq " L4 ", "#a"\n\t" \ #define RND_RORX_1_2(a, b, c, d, e, f, g, h, i) \ /* h += w_k */ \ - "addq ("#i")*8("WX"), "#h"\n\t" \ + "addq ("#i")*8(" WX "), "#h"\n\t" \ /* L4 = f */ \ - "movq "#f", "L4"\n\t" \ + "movq "#f", " L4 "\n\t" \ /* L2 = (e>>>14) ^ (e>>>18) */ \ - "xorq "L1", "L2"\n\t" \ + "xorq " L1 ", " L2 "\n\t" \ #define RND_RORX_1_3(a, b, c, d, e, f, g, h, i) \ /* L4 = f ^ g */ \ - "xorq "#g", "L4"\n\t" \ + "xorq "#g", " L4 "\n\t" \ /* L1 = e>>>41 */ \ - "rorxq $41, "#e", "L1"\n\t" \ + "rorxq $41, "#e", " L1 "\n\t" \ /* L1 = Sigma1(e) */ \ - "xorq "L2", "L1"\n\t" \ + "xorq " L2 ", " L1 "\n\t" \ #define RND_RORX_1_4(a, b, c, d, e, f, g, h, i) \ /* L4 = (f ^ g) & e */ \ - "andq "#e", "L4"\n\t" \ + "andq "#e", " L4 "\n\t" \ /* h += Sigma1(e) */ \ - "addq "L1", "#h"\n\t" \ + "addq " L1 ", "#h"\n\t" \ /* L1 = a>>>28 */ \ - "rorxq $28, "#a", "L1"\n\t" \ + "rorxq $28, "#a", " L1 "\n\t" \ #define RND_RORX_1_5(a, b, c, d, e, f, g, h, i) \ /* L2 = a>>>34 */ \ - "rorxq $34, "#a", "L2"\n\t" \ + "rorxq $34, "#a", " L2 "\n\t" \ /* L4 = Ch(e,f,g) */ \ - "xorq "#g", "L4"\n\t" \ + "xorq "#g", " L4 "\n\t" \ /* L2 = (a>>>28) ^ (a>>>34) */ \ - "xorq "L1", "L2"\n\t" \ + "xorq " L1 ", " L2 "\n\t" \ #define RND_RORX_1_6(a, b, c, d, e, f, g, h, i) \ /* L1 = a>>>39 */ \ - "rorxq $39, "#a", "L1"\n\t" \ + "rorxq $39, "#a", " L1 "\n\t" \ /* h += Ch(e,f,g) */ \ - "addq "L4", "#h"\n\t" \ + "addq " L4 ", "#h"\n\t" \ /* L1 = Sigma0(a) */ \ - "xorq "L2", "L1"\n\t" \ + "xorq " L2 ", " L1 "\n\t" \ #define RND_RORX_1_7(a, b, c, d, e, f, g, h, i) \ /* L4 = b */ \ - "movq "#b", "L4"\n\t" \ + "movq "#b", " L4 "\n\t" \ /* d += h + w_k + Sigma1(e) + Ch(e,f,g) */ \ "addq "#h", "#d"\n\t" \ /* L4 = a ^ b */ \ - "xorq "#a", "L4"\n\t" \ + "xorq "#a", " L4 "\n\t" \ #define RND_RORX_1_8(a, b, c, d, e, f, g, h, i) \ /* L2 = (a ^ b) & (b ^ c) */ \ - "andq "L4", "L3"\n\t" \ + "andq " L4 ", " L3 "\n\t" \ /* h += Sigma0(a) */ \ - "addq "L1", "#h"\n\t" \ + "addq " L1 ", "#h"\n\t" \ /* L3 = Maj(a,b,c) */ \ - "xorq "#b", "L3"\n\t" \ + "xorq "#b", " L3 "\n\t" \ #define RND_RORX_ALL_2(a, b, c, d, e, f, g, h, i) \ RND_RORX_0_1(a, b, c, d, e, f, g, h, i+0) \ @@ -1262,15 +1262,15 @@ static word64 mBYTE_FLIP_MASK[] = { 0x0001020304050607, 0x08090a0b0c0d0e0f }; #endif #define _INIT_MASK(mask) \ - "vmovdqu %[mask], %%"#mask"\n\t" + "vmovdqu %[mask], %%" #mask "\n\t" #define INIT_MASK(mask) \ _INIT_MASK(mask) -#define _LOAD_W_2(i1, i2, xmm1, xmm2, mask, reg) \ - "vmovdqu "#i1"*16(%%"#reg"), %%"#xmm1"\n\t" \ - "vmovdqu "#i2"*16(%%"#reg"), %%"#xmm2"\n\t" \ - "vpshufb %%"#mask", %%"#xmm1", %%"#xmm1"\n\t" \ - "vpshufb %%"#mask", %%"#xmm2", %%"#xmm2"\n\t" +#define _LOAD_W_2(i1, i2, xmm1, xmm2, mask, reg) \ + "vmovdqu " #i1 "*16(%%" #reg "), %%" #xmm1 "\n\t" \ + "vmovdqu " #i2 "*16(%%" #reg "), %%" #xmm2 "\n\t" \ + "vpshufb %%" #mask ", %%" #xmm1 ", %%" #xmm1 "\n\t" \ + "vpshufb %%" #mask ", %%" #xmm2 ", %%" #xmm2 "\n\t" #define LOAD_W_2(i1, i2, xmm1, xmm2, mask, reg) \ _LOAD_W_2(i1, i2, xmm1, xmm2, mask, reg) @@ -1281,11 +1281,11 @@ static word64 mBYTE_FLIP_MASK[] = { 0x0001020304050607, 0x08090a0b0c0d0e0f }; LOAD_W_2(4, 5, W_8 , W_10, mask, reg) \ LOAD_W_2(6, 7, W_12, W_14, mask, reg) -#define _SET_W_X_2(xmm0, xmm1, reg, i) \ - "vpaddq "#i"+ 0(%%"#reg"), %%"#xmm0", %%xmm8\n\t" \ - "vpaddq "#i"+16(%%"#reg"), %%"#xmm1", %%xmm9\n\t" \ - "vmovdqu %%xmm8, "#i"+ 0("WX")\n\t" \ - "vmovdqu %%xmm9, "#i"+16("WX")\n\t" \ +#define _SET_W_X_2(xmm0, xmm1, reg, i) \ + "vpaddq " #i "+ 0(%%" #reg "), %%" #xmm0 ", %%xmm8\n\t" \ + "vpaddq " #i "+16(%%" #reg "), %%" #xmm1 ", %%xmm9\n\t" \ + "vmovdqu %%xmm8, " #i "+ 0(" WX ")\n\t" \ + "vmovdqu %%xmm9, " #i "+16(" WX ")\n\t" \ #define SET_W_X_2(xmm0, xmm1, reg, i) \ _SET_W_X_2(xmm0, xmm1, reg, i) @@ -1354,14 +1354,14 @@ static int Transform_Sha512_AVX1(wc_Sha512* sha512) LOAD_W(MASK, rax) - "movl $4, 16*8("WX")\n\t" + "movl $4, 16*8(" WX ")\n\t" "leaq %[K512], %%rsi\n\t" /* b */ - "movq %%r9, "L4"\n\t" + "movq %%r9, " L4 "\n\t" /* e */ - "movq %%r12, "L1"\n\t" + "movq %%r12, " L1 "\n\t" /* b ^ c */ - "xorq %%r10, "L4"\n\t" + "xorq %%r10, " L4 "\n\t" "# Start of 16 rounds\n" "1:\n\t" @@ -1379,7 +1379,7 @@ static int Transform_Sha512_AVX1(wc_Sha512* sha512) MsgSched2(W_12,W_14,W_0,W_2,W_4,W_6,W_8,W_10,RE,RF,RG,RH,RA,RB,RC,RD,12) MsgSched2(W_14,W_0,W_2,W_4,W_6,W_8,W_10,W_12,RC,RD,RE,RF,RG,RH,RA,RB,14) - "subl $1, 16*8("WX")\n\t" + "subl $1, 16*8(" WX ")\n\t" "jne 1b\n\t" SET_W_X(rsi) @@ -1427,13 +1427,13 @@ static int Transform_Sha512_AVX1_Len(wc_Sha512* sha512, word32 len) LOAD_W(MASK, rsi) - "movl $4, 16*8("WX")\n\t" + "movl $4, 16*8(" WX ")\n\t" /* b */ - "movq %%r9, "L4"\n\t" + "movq %%r9, " L4 "\n\t" /* e */ - "movq %%r12, "L1"\n\t" + "movq %%r12, " L1 "\n\t" /* b ^ c */ - "xorq %%r10, "L4"\n\t" + "xorq %%r10, " L4 "\n\t" SET_W_X(rdx) @@ -1456,7 +1456,7 @@ static int Transform_Sha512_AVX1_Len(wc_Sha512* sha512, word32 len) SET_W_X(rdx) - "subl $1, 16*8("WX")\n\t" + "subl $1, 16*8(" WX ")\n\t" "jne 1b\n\t" RND_ALL_2(RA,RB,RC,RD,RE,RF,RG,RH, 0) @@ -1506,14 +1506,14 @@ static int Transform_Sha512_AVX1_RORX(wc_Sha512* sha512) LOAD_W(MASK, rax) - "movl $4, 16*8("WX")\n\t" + "movl $4, 16*8(" WX ")\n\t" "leaq %[K512], %%rsi\n\t" /* L4 = b */ - "movq %%r9, "L4"\n\t" + "movq %%r9, " L4 "\n\t" /* L3 = 0 (add to prev h) */ - "xorq "L3", "L3"\n\t" + "xorq " L3 ", " L3 "\n\t" /* L4 = b ^ c */ - "xorq %%r10, "L4"\n\t" + "xorq %%r10, " L4 "\n\t" SET_W_X(rsi) @@ -1533,7 +1533,7 @@ static int Transform_Sha512_AVX1_RORX(wc_Sha512* sha512) SET_W_X(rsi) - "subl $1, 16*8("WX")\n\t" + "subl $1, 16*8(" WX ")\n\t" "jne 1b\n\t" RND_RORX_ALL_2(RA,RB,RC,RD,RE,RF,RG,RH, 0) @@ -1547,7 +1547,7 @@ static int Transform_Sha512_AVX1_RORX(wc_Sha512* sha512) RND_RORX_ALL_2(RC,RD,RE,RF,RG,RH,RA,RB,14) /* Prev RND: h += Maj(a,b,c) */ - "addq "L3", %%r8\n\t" + "addq " L3 ", %%r8\n\t" "addq $144, %%rsp\n\t" STORE_ADD_DIGEST() @@ -1581,13 +1581,13 @@ static int Transform_Sha512_AVX1_RORX_Len(wc_Sha512* sha512, word32 len) LOAD_W(MASK, rsi) - "movl $4, 16*8("WX")\n\t" + "movl $4, 16*8(" WX ")\n\t" /* L4 = b */ - "movq %%r9, "L4"\n\t" + "movq %%r9, " L4 "\n\t" /* L3 = 0 (add to prev h) */ - "xorq "L3", "L3"\n\t" + "xorq " L3 ", " L3 "\n\t" /* L4 = b ^ c */ - "xorq %%r10, "L4"\n\t" + "xorq %%r10, " L4 "\n\t" SET_W_X(rcx) @@ -1610,7 +1610,7 @@ static int Transform_Sha512_AVX1_RORX_Len(wc_Sha512* sha512, word32 len) SET_W_X(rcx) - "subl $1, 16*8("WX")\n\t" + "subl $1, 16*8(" WX ")\n\t" "jne 1b\n\t" SET_W_X(rcx) @@ -1626,7 +1626,7 @@ static int Transform_Sha512_AVX1_RORX_Len(wc_Sha512* sha512, word32 len) RND_RORX_ALL_2(RC,RD,RE,RF,RG,RH,RA,RB,14) /* Prev RND: h += Maj(a,b,c) */ - "addq "L3", %%r8\n\t" + "addq " L3 ", %%r8\n\t" "addq $256, %%rsp\n\t" ADD_DIGEST() @@ -1694,28 +1694,28 @@ static const unsigned long mBYTE_FLIP_MASK_Y[] = "ymm0", "ymm1", "ymm2", "ymm3", "ymm4", "ymm5", "ymm6", "ymm7", \ "xmm8", "ymm9", "ymm10", "ymm11", "ymm12", "ymm13", "ymm14", "ymm15" -#define _VPERM2I128(dest, src1, src2, sel) \ - "vperm2I128 $"#sel", %%"#src2", %%"#src1", %%"#dest"\n\t" +#define _VPERM2I128(dest, src1, src2, sel) \ + "vperm2I128 $" #sel ", %%" #src2 ", %%" #src1 ", %%" #dest "\n\t" #define VPERM2I128(dest, src1, src2, sel) \ _VPERM2I128(dest, src1, src2, sel) -#define _VPERMQ(dest, src, sel) \ - "vpermq $"#sel", %%"#src", %%"#dest"\n\t" +#define _VPERMQ(dest, src, sel) \ + "vpermq $" #sel ", %%" #src ", %%" #dest "\n\t" #define VPERMQ(dest, src, sel) \ _VPERMQ(dest, src, sel) -#define _VPBLENDD(dest, src1, src2, sel) \ - "vpblendd $"#sel", %%"#src2", %%"#src1", %%"#dest"\n\t" +#define _VPBLENDD(dest, src1, src2, sel) \ + "vpblendd $" #sel ", %%" #src2 ", %%" #src1 ", %%" #dest "\n\t" #define VPBLENDD(dest, src1, src2, sel) \ _VPBLENDD(dest, src1, src2, sel) -#define _V_ADD_I(dest, src1, addr, i) \ - "vpaddq "#i"*8(%%"#addr"), %%"#src1", %%"#dest"\n\t" +#define _V_ADD_I(dest, src1, addr, i) \ + "vpaddq "#i"*8(%%" #addr "), %%" #src1 ", %%" #dest "\n\t" #define V_ADD_I(dest, src1, addr, i) \ _V_ADD_I(dest, src1, addr, i) -#define _VMOVDQU_I(addr, i, src) \ - "vmovdqu %%"#src", "#i"*8(%%"#addr")\n\t" +#define _VMOVDQU_I(addr, i, src) \ + "vmovdqu %%" #src ", " #i "*8(%%" #addr ")\n\t" #define VMOVDQU_I(addr, i, src) \ _VMOVDQU_I(addr, i, src) @@ -2052,12 +2052,12 @@ static const unsigned long mBYTE_FLIP_MASK_Y[] = _INIT_MASK_Y(mask) /* Load into YMM registers and swap endian. */ -#define _LOAD_BLOCK_W_Y_2(mask, ymm0, ymm1, reg, i) \ - /* buffer[0..15] => ymm0..ymm3; */ \ - "vmovdqu "#i"+ 0(%%"#reg"), %%"#ymm0"\n\t" \ - "vmovdqu "#i"+32(%%"#reg"), %%"#ymm1"\n\t" \ - "vpshufb %%"#mask", %%"#ymm0", %%"#ymm0"\n\t" \ - "vpshufb %%"#mask", %%"#ymm1", %%"#ymm1"\n\t" +#define _LOAD_BLOCK_W_Y_2(mask, ymm0, ymm1, reg, i) \ + /* buffer[0..15] => ymm0..ymm3; */ \ + "vmovdqu " #i "+ 0(%%" #reg "), %%" #ymm0 "\n\t" \ + "vmovdqu " #i "+32(%%" #reg "), %%" #ymm1 "\n\t" \ + "vpshufb %%" #mask ", %%" #ymm0 ", %%" #ymm0 "\n\t" \ + "vpshufb %%" #mask ", %%" #ymm1 ", %%" #ymm1 "\n\t" #define LOAD_BLOCK_W_Y_2(mask, ymm1, ymm2, reg, i) \ _LOAD_BLOCK_W_Y_2(mask, ymm1, ymm2, reg, i) @@ -2066,11 +2066,11 @@ static const unsigned long mBYTE_FLIP_MASK_Y[] = LOAD_BLOCK_W_Y_2(mask, W_Y_0, W_Y_4 , reg, 0) \ LOAD_BLOCK_W_Y_2(mask, W_Y_8, W_Y_12, reg, 64) -#define _SET_W_Y_2(ymm0, ymm1, ymm2, ymm3, reg, i) \ - "vpaddq "#i"+ 0(%%"#reg"), %%"#ymm0", %%"#ymm2"\n\t" \ - "vpaddq "#i"+32(%%"#reg"), %%"#ymm1", %%"#ymm3"\n\t" \ - "vmovdqu %%"#ymm2", "#i"+ 0("WX")\n\t" \ - "vmovdqu %%"#ymm3", "#i"+32("WX")\n\t" +#define _SET_W_Y_2(ymm0, ymm1, ymm2, ymm3, reg, i) \ + "vpaddq " #i "+ 0(%%" #reg "), %%" #ymm0 ", %%" #ymm2 "\n\t" \ + "vpaddq " #i "+32(%%" #reg "), %%" #ymm1 ", %%" #ymm3 "\n\t" \ + "vmovdqu %%" #ymm2 ", " #i "+ 0(" WX ")\n\t" \ + "vmovdqu %%" #ymm3 ", " #i "+32(" WX ")\n\t" #define SET_W_Y_2(ymm0, ymm1, ymm2, ymm3, reg, i) \ _SET_W_Y_2(ymm0, ymm1, ymm2, ymm3, reg, i) @@ -2081,14 +2081,14 @@ static const unsigned long mBYTE_FLIP_MASK_Y[] = /* Load into YMM registers and swap endian. */ #define _LOAD_BLOCK2_W_Y_2(mask, Y0, Y1, X0, X1, X8, X9, reg, i) \ - "vmovdqu "#i"+ 0(%%"#reg"), %%"#X0"\n\t" \ - "vmovdqu "#i"+ 16(%%"#reg"), %%"#X1"\n\t" \ - "vmovdqu "#i"+128(%%"#reg"), %%"#X8"\n\t" \ - "vmovdqu "#i"+144(%%"#reg"), %%"#X9"\n\t" \ - "vinserti128 $1, %%"#X8", %%"#Y0", %%"#Y0"\n\t" \ - "vinserti128 $1, %%"#X9", %%"#Y1", %%"#Y1"\n\t" \ - "vpshufb %%"#mask", %%"#Y0", %%"#Y0"\n\t" \ - "vpshufb %%"#mask", %%"#Y1", %%"#Y1"\n\t" + "vmovdqu " #i "+ 0(%%" #reg "), %%" #X0 "\n\t" \ + "vmovdqu " #i "+ 16(%%" #reg "), %%" #X1 "\n\t" \ + "vmovdqu " #i "+128(%%" #reg "), %%" #X8 "\n\t" \ + "vmovdqu " #i "+144(%%" #reg "), %%" #X9 "\n\t" \ + "vinserti128 $1, %%" #X8 ", %%" #Y0 ", %%" #Y0 "\n\t" \ + "vinserti128 $1, %%" #X9 ", %%" #Y1 ", %%" #Y1 "\n\t" \ + "vpshufb %%" #mask ", %%" #Y0 ", %%" #Y0 "\n\t" \ + "vpshufb %%" #mask ", %%" #Y1 ", %%" #Y1 "\n\t" #define LOAD_BLOCK2_W_Y_2(mask, Y0, Y1, X0, X1, X8, X9, reg, i) \ _LOAD_BLOCK2_W_Y_2(mask, Y0, Y1, X0, X1, X8, X9, reg, i) @@ -2202,14 +2202,14 @@ static int Transform_Sha512_AVX2(wc_Sha512* sha512) LOAD_BLOCK_W_Y(MASK_Y, rax) - "movl $4, 16*8("WX")\n\t" + "movl $4, 16*8(" WX ")\n\t" "leaq %[K512], %%rsi\n\t" /* b */ - "movq %%r9, "L4"\n\t" + "movq %%r9, " L4 "\n\t" /* e */ - "movq %%r12, "L1"\n\t" + "movq %%r12, " L1 "\n\t" /* b ^ c */ - "xorq %%r10, "L4"\n\t" + "xorq %%r10, " L4 "\n\t" SET_BLOCK_W_Y(rsi) @@ -2225,7 +2225,7 @@ static int Transform_Sha512_AVX2(wc_Sha512* sha512) SET_BLOCK_W_Y(rsi) - "subl $1, 16*8("WX")\n\t" + "subl $1, 16*8(" WX ")\n\t" "jne 1b\n\t" RND_ALL_2(RA,RB,RC,RD,RE,RF,RG,RH, 0) @@ -2277,14 +2277,14 @@ static int Transform_Sha512_AVX2_Len(wc_Sha512* sha512, word32 len) "leaq %[K512], %%rsi\n\t" /* L4 = b */ - "movq %%r9, "L4"\n\t" + "movq %%r9, " L4 "\n\t" /* e */ - "movq %%r12, "L1"\n\t" + "movq %%r12, " L1 "\n\t" LOAD_BLOCK2_W_Y(MASK_Y, rcx) /* L4 = b ^ c */ - "xorq %%r10, "L4"\n\t" + "xorq %%r10, " L4 "\n\t" "\n" "1:\n\t" SET_BLOCK2_W_Y(rsi) @@ -2317,11 +2317,11 @@ static int Transform_Sha512_AVX2_Len(wc_Sha512* sha512, word32 len) STORE_DIGEST() /* L4 = b */ - "movq %%r9, "L4"\n\t" + "movq %%r9, " L4 "\n\t" /* e */ - "movq %%r12, "L1"\n\t" + "movq %%r12, " L1 "\n\t" /* L4 = b ^ c */ - "xorq %%r10, "L4"\n\t" + "xorq %%r10, " L4 "\n\t" "movq $5, %%rsi\n\t" "\n" @@ -2370,21 +2370,21 @@ static int Transform_Sha512_AVX2_RORX(wc_Sha512* sha512) /* 16 Ws plus loop counter. */ "subq $136, %%rsp\n\t" - "leaq 64(%[sha512]), "L2"\n\t" + "leaq 64(%[sha512]), " L2 "\n\t" INIT_MASK(MASK_Y) LOAD_DIGEST() LOAD_BLOCK_W_Y(MASK_Y, rcx) - "movl $4, 16*8("WX")\n\t" + "movl $4, 16*8(" WX ")\n\t" "leaq %[K512], %%rsi\n\t" /* b */ - "movq %%r9, "L4"\n\t" + "movq %%r9, " L4 "\n\t" /* L3 = 0 (add to prev h) */ - "xorq "L3", "L3"\n\t" + "xorq " L3 ", " L3 "\n\t" /* b ^ c */ - "xorq %%r10, "L4"\n\t" + "xorq %%r10, " L4 "\n\t" SET_BLOCK_W_Y(rsi) @@ -2406,7 +2406,7 @@ static int Transform_Sha512_AVX2_RORX(wc_Sha512* sha512) RND_RORX_ALL_4(RA,RB,RC,RD,RE,RF,RG,RH, 8) RND_RORX_ALL_4(RE,RF,RG,RH,RA,RB,RC,RD,12) /* Prev RND: h += Maj(a,b,c) */ - "addq "L3", %%r8\n\t" + "addq " L3 ", %%r8\n\t" "addq $136, %%rsp\n\t" STORE_ADD_DIGEST() @@ -2446,14 +2446,14 @@ static int Transform_Sha512_AVX2_RORX_Len(wc_Sha512* sha512, word32 len) "leaq %[K512], %%rsi\n\t" /* L4 = b */ - "movq %%r9, "L4"\n\t" + "movq %%r9, " L4 "\n\t" /* L3 = 0 (add to prev h) */ - "xorq "L3", "L3"\n\t" + "xorq " L3 ", " L3 "\n\t" LOAD_BLOCK2_W_Y(MASK_Y, rax) /* L4 = b ^ c */ - "xorq %%r10, "L4"\n\t" + "xorq %%r10, " L4 "\n\t" "\n" "1:\n\t" SET_BLOCK2_W_Y(rsi) @@ -2480,18 +2480,18 @@ static int Transform_Sha512_AVX2_RORX_Len(wc_Sha512* sha512, word32 len) RND_RORX_ALL_2(RG,RH,RA,RB,RC,RD,RE,RF,20) RND_RORX_ALL_2(RE,RF,RG,RH,RA,RB,RC,RD,24) RND_RORX_ALL_2(RC,RD,RE,RF,RG,RH,RA,RB,28) - "addq "L3", %%r8\n\t" + "addq " L3 ", %%r8\n\t" "subq $1024, %%rsp\n\t" ADD_DIGEST() STORE_DIGEST() /* L4 = b */ - "movq %%r9, "L4"\n\t" + "movq %%r9, " L4 "\n\t" /* L3 = 0 (add to prev h) */ - "xorq "L3", "L3"\n\t" + "xorq " L3 ", " L3 "\n\t" /* L4 = b ^ c */ - "xorq %%r10, "L4"\n\t" + "xorq %%r10, " L4 "\n\t" "movq $5, %%rsi\n\t" "\n" @@ -2509,7 +2509,7 @@ static int Transform_Sha512_AVX2_RORX_Len(wc_Sha512* sha512, word32 len) "subq $1, %%rsi\n\t" "jnz 3b\n\t" - "addq "L3", %%r8\n\t" + "addq " L3 ", %%r8\n\t" ADD_DIGEST() From f871bafe3ab21990a5a31c866b7110127f3175f6 Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Tue, 29 May 2018 09:56:34 +1000 Subject: [PATCH 098/146] Fix uninitialized --- wolfcrypt/src/sp_c32.c | 4 ++-- wolfcrypt/src/sp_c64.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/wolfcrypt/src/sp_c32.c b/wolfcrypt/src/sp_c32.c index 99d71a56b..2a195ff91 100644 --- a/wolfcrypt/src/sp_c32.c +++ b/wolfcrypt/src/sp_c32.c @@ -3107,7 +3107,7 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, mp_int* em, mp_int* mm, byte* out, word32* outLen) { #ifdef WOLFSSL_SP_SMALL - sp_digit* d; + sp_digit* d = NULL; sp_digit* a; sp_digit* m; sp_digit* r; @@ -6476,7 +6476,7 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, mp_int* em, mp_int* mm, byte* out, word32* outLen) { #ifdef WOLFSSL_SP_SMALL - sp_digit* d; + sp_digit* d = NULL; sp_digit* a; sp_digit* m; sp_digit* r; diff --git a/wolfcrypt/src/sp_c64.c b/wolfcrypt/src/sp_c64.c index b85dd62aa..079c12163 100644 --- a/wolfcrypt/src/sp_c64.c +++ b/wolfcrypt/src/sp_c64.c @@ -2530,7 +2530,7 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, mp_int* em, mp_int* mm, byte* out, word32* outLen) { #ifdef WOLFSSL_SP_SMALL - sp_digit* d; + sp_digit* d = NULL; sp_digit* a; sp_digit* m; sp_digit* r; @@ -5912,7 +5912,7 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, mp_int* em, mp_int* mm, byte* out, word32* outLen) { #ifdef WOLFSSL_SP_SMALL - sp_digit* d; + sp_digit* d = NULL; sp_digit* a; sp_digit* m; sp_digit* r; From b2225a0bc0de7ce8e929f1f587c4888db2857133 Mon Sep 17 00:00:00 2001 From: John Safranek Date: Tue, 29 May 2018 14:34:57 -0700 Subject: [PATCH 099/146] Rerefactor Cipher Suite List 1. Do not add iana_name to the struct if disabling error strings. 2. Change the IANA_NAME macro to SUITE_INFO, and build the suite info records as appropriate for the error string enablement. --- src/internal.c | 248 +++++++++++++++++++++++---------------------- wolfssl/internal.h | 2 + 2 files changed, 128 insertions(+), 122 deletions(-) diff --git a/src/internal.c b/src/internal.c index a65b2365c..d47316f25 100644 --- a/src/internal.c +++ b/src/internal.c @@ -15437,10 +15437,10 @@ void SetErrorString(int error, char* str) XSTRNCPY(str, wolfSSL_ERR_reason_error_string(error), WOLFSSL_MAX_ERROR_SZ); } -#ifdef NO_ERROR_STRINGS - #define NAME_IANA(name) NULL +#ifndef NO_ERROR_STRINGS + #define SUITE_INFO(x,y,z,w) {(x),(y),(z),(w)} #else - #define NAME_IANA(name) name + #define SUITE_INFO(x,y,z,w) {(x),(z),(w)} #endif static const CipherSuiteInfo cipher_names[] = @@ -15448,478 +15448,476 @@ static const CipherSuiteInfo cipher_names[] = #ifndef WOLFSSL_NO_TLS12 #ifdef BUILD_SSL_RSA_WITH_RC4_128_SHA - {"RC4-SHA", NAME_IANA("SSL_RSA_WITH_RC4_128_SHA"), CIPHER_BYTE, SSL_RSA_WITH_RC4_128_SHA}, + SUITE_INFO("RC4-SHA","SSL_RSA_WITH_RC4_128_SHA",CIPHER_BYTE,SSL_RSA_WITH_RC4_128_SHA), #endif #ifdef BUILD_SSL_RSA_WITH_RC4_128_MD5 - {"RC4-MD5", NAME_IANA("SSL_RSA_WITH_RC4_128_MD5"), CIPHER_BYTE, SSL_RSA_WITH_RC4_128_MD5}, + SUITE_INFO("RC4-MD5","SSL_RSA_WITH_RC4_128_MD5",CIPHER_BYTE,SSL_RSA_WITH_RC4_128_MD5), #endif #ifdef BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA - {"DES-CBC3-SHA", NAME_IANA("SSL_RSA_WITH_3DES_EDE_CBC_SHA"), CIPHER_BYTE, SSL_RSA_WITH_3DES_EDE_CBC_SHA}, + SUITE_INFO("DES-CBC3-SHA","SSL_RSA_WITH_3DES_EDE_CBC_SHA",CIPHER_BYTE,SSL_RSA_WITH_3DES_EDE_CBC_SHA), #endif #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA - {"AES128-SHA", NAME_IANA("TLS_RSA_WITH_AES_128_CBC_SHA"), CIPHER_BYTE, TLS_RSA_WITH_AES_128_CBC_SHA}, + SUITE_INFO("AES128-SHA","TLS_RSA_WITH_AES_128_CBC_SHA",CIPHER_BYTE,TLS_RSA_WITH_AES_128_CBC_SHA), #endif #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA - {"AES256-SHA", NAME_IANA("TLS_RSA_WITH_AES_256_CBC_SHA"), CIPHER_BYTE, TLS_RSA_WITH_AES_256_CBC_SHA}, + SUITE_INFO("AES256-SHA","TLS_RSA_WITH_AES_256_CBC_SHA",CIPHER_BYTE,TLS_RSA_WITH_AES_256_CBC_SHA), #endif #ifdef BUILD_TLS_RSA_WITH_NULL_SHA - {"NULL-SHA", NAME_IANA("TLS_RSA_WITH_NULL_SHA"), CIPHER_BYTE, TLS_RSA_WITH_NULL_SHA}, + SUITE_INFO("NULL-SHA","TLS_RSA_WITH_NULL_SHA",CIPHER_BYTE,TLS_RSA_WITH_NULL_SHA), #endif #ifdef BUILD_TLS_RSA_WITH_NULL_SHA256 - {"NULL-SHA256", NAME_IANA("TLS_RSA_WITH_NULL_SHA256"), CIPHER_BYTE, TLS_RSA_WITH_NULL_SHA256}, + SUITE_INFO("NULL-SHA256","TLS_RSA_WITH_NULL_SHA256",CIPHER_BYTE,TLS_RSA_WITH_NULL_SHA256), #endif #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA - {"DHE-RSA-AES128-SHA", NAME_IANA("TLS_DHE_RSA_WITH_AES_128_CBC_SHA"), CIPHER_BYTE, TLS_DHE_RSA_WITH_AES_128_CBC_SHA}, + SUITE_INFO("DHE-RSA-AES128-SHA","TLS_DHE_RSA_WITH_AES_128_CBC_SHA",CIPHER_BYTE,TLS_DHE_RSA_WITH_AES_128_CBC_SHA), #endif #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA - {"DHE-RSA-AES256-SHA", NAME_IANA("TLS_DHE_RSA_WITH_AES_256_CBC_SHA"), CIPHER_BYTE, TLS_DHE_RSA_WITH_AES_256_CBC_SHA}, + SUITE_INFO("DHE-RSA-AES256-SHA","TLS_DHE_RSA_WITH_AES_256_CBC_SHA",CIPHER_BYTE,TLS_DHE_RSA_WITH_AES_256_CBC_SHA), #endif #ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 - {"DHE-PSK-AES256-GCM-SHA384", NAME_IANA("TLS_DHE_PSK_WITH_AES_256_GCM_SHA384"), CIPHER_BYTE, TLS_DHE_PSK_WITH_AES_256_GCM_SHA384}, + SUITE_INFO("DHE-PSK-AES256-GCM-SHA384","TLS_DHE_PSK_WITH_AES_256_GCM_SHA384",CIPHER_BYTE,TLS_DHE_PSK_WITH_AES_256_GCM_SHA384), #endif #ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 - {"DHE-PSK-AES128-GCM-SHA256", NAME_IANA("TLS_DHE_PSK_WITH_AES_128_GCM_SHA256"), CIPHER_BYTE, TLS_DHE_PSK_WITH_AES_128_GCM_SHA256}, + SUITE_INFO("DHE-PSK-AES128-GCM-SHA256","TLS_DHE_PSK_WITH_AES_128_GCM_SHA256",CIPHER_BYTE,TLS_DHE_PSK_WITH_AES_128_GCM_SHA256), #endif #ifdef BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384 - {"PSK-AES256-GCM-SHA384", NAME_IANA("TLS_PSK_WITH_AES_256_GCM_SHA384"), CIPHER_BYTE, TLS_PSK_WITH_AES_256_GCM_SHA384}, + SUITE_INFO("PSK-AES256-GCM-SHA384","TLS_PSK_WITH_AES_256_GCM_SHA384",CIPHER_BYTE,TLS_PSK_WITH_AES_256_GCM_SHA384), #endif #ifdef BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256 - {"PSK-AES128-GCM-SHA256", NAME_IANA("TLS_PSK_WITH_AES_128_GCM_SHA256"), CIPHER_BYTE, TLS_PSK_WITH_AES_128_GCM_SHA256}, + SUITE_INFO("PSK-AES128-GCM-SHA256","TLS_PSK_WITH_AES_128_GCM_SHA256",CIPHER_BYTE,TLS_PSK_WITH_AES_128_GCM_SHA256), #endif #ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 - {"DHE-PSK-AES256-CBC-SHA384", NAME_IANA("TLS_DHE_PSK_WITH_AES_256_CBC_SHA384"), CIPHER_BYTE, TLS_DHE_PSK_WITH_AES_256_CBC_SHA384}, + SUITE_INFO("DHE-PSK-AES256-CBC-SHA384","TLS_DHE_PSK_WITH_AES_256_CBC_SHA384",CIPHER_BYTE,TLS_DHE_PSK_WITH_AES_256_CBC_SHA384), #endif #ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 - {"DHE-PSK-AES128-CBC-SHA256", NAME_IANA("TLS_DHE_PSK_WITH_AES_128_CBC_SHA256"), CIPHER_BYTE, TLS_DHE_PSK_WITH_AES_128_CBC_SHA256}, + SUITE_INFO("DHE-PSK-AES128-CBC-SHA256","TLS_DHE_PSK_WITH_AES_128_CBC_SHA256",CIPHER_BYTE,TLS_DHE_PSK_WITH_AES_128_CBC_SHA256), #endif #ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384 - {"PSK-AES256-CBC-SHA384", NAME_IANA("TLS_PSK_WITH_AES_256_CBC_SHA384"), CIPHER_BYTE, TLS_PSK_WITH_AES_256_CBC_SHA384}, + SUITE_INFO("PSK-AES256-CBC-SHA384","TLS_PSK_WITH_AES_256_CBC_SHA384",CIPHER_BYTE,TLS_PSK_WITH_AES_256_CBC_SHA384), #endif #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256 - {"PSK-AES128-CBC-SHA256", NAME_IANA("TLS_PSK_WITH_AES_128_CBC_SHA256"), CIPHER_BYTE, TLS_PSK_WITH_AES_128_CBC_SHA256}, + SUITE_INFO("PSK-AES128-CBC-SHA256","TLS_PSK_WITH_AES_128_CBC_SHA256",CIPHER_BYTE,TLS_PSK_WITH_AES_128_CBC_SHA256), #endif #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA - {"PSK-AES128-CBC-SHA", NAME_IANA("TLS_PSK_WITH_AES_128_CBC_SHA"), CIPHER_BYTE, TLS_PSK_WITH_AES_128_CBC_SHA}, + SUITE_INFO("PSK-AES128-CBC-SHA","TLS_PSK_WITH_AES_128_CBC_SHA",CIPHER_BYTE,TLS_PSK_WITH_AES_128_CBC_SHA), #endif #ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA - {"PSK-AES256-CBC-SHA", NAME_IANA("TLS_PSK_WITH_AES_256_CBC_SHA"), CIPHER_BYTE, TLS_PSK_WITH_AES_256_CBC_SHA}, + SUITE_INFO("PSK-AES256-CBC-SHA","TLS_PSK_WITH_AES_256_CBC_SHA",CIPHER_BYTE,TLS_PSK_WITH_AES_256_CBC_SHA), #endif #ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CCM - {"DHE-PSK-AES128-CCM", NAME_IANA("TLS_DHE_PSK_WITH_AES_128_CCM"), ECC_BYTE, TLS_DHE_PSK_WITH_AES_128_CCM}, + SUITE_INFO("DHE-PSK-AES128-CCM","TLS_DHE_PSK_WITH_AES_128_CCM",ECC_BYTE,TLS_DHE_PSK_WITH_AES_128_CCM), #endif #ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CCM - {"DHE-PSK-AES256-CCM", NAME_IANA("TLS_DHE_PSK_WITH_AES_256_CCM"), ECC_BYTE, TLS_DHE_PSK_WITH_AES_256_CCM}, + SUITE_INFO("DHE-PSK-AES256-CCM","TLS_DHE_PSK_WITH_AES_256_CCM",ECC_BYTE,TLS_DHE_PSK_WITH_AES_256_CCM), #endif #ifdef BUILD_TLS_PSK_WITH_AES_128_CCM - {"PSK-AES128-CCM", NAME_IANA("TLS_PSK_WITH_AES_128_CCM"), ECC_BYTE, TLS_PSK_WITH_AES_128_CCM}, + SUITE_INFO("PSK-AES128-CCM","TLS_PSK_WITH_AES_128_CCM",ECC_BYTE,TLS_PSK_WITH_AES_128_CCM), #endif #ifdef BUILD_TLS_PSK_WITH_AES_256_CCM - {"PSK-AES256-CCM", NAME_IANA("TLS_PSK_WITH_AES_256_CCM"), ECC_BYTE, TLS_PSK_WITH_AES_256_CCM}, + SUITE_INFO("PSK-AES256-CCM","TLS_PSK_WITH_AES_256_CCM",ECC_BYTE,TLS_PSK_WITH_AES_256_CCM), #endif #ifdef BUILD_TLS_PSK_WITH_AES_128_CCM_8 - {"PSK-AES128-CCM-8", NAME_IANA("TLS_PSK_WITH_AES_128_CCM_8"), ECC_BYTE, TLS_PSK_WITH_AES_128_CCM_8}, + SUITE_INFO("PSK-AES128-CCM-8","TLS_PSK_WITH_AES_128_CCM_8",ECC_BYTE,TLS_PSK_WITH_AES_128_CCM_8), #endif #ifdef BUILD_TLS_PSK_WITH_AES_256_CCM_8 - {"PSK-AES256-CCM-8", NAME_IANA("TLS_PSK_WITH_AES_256_CCM_8"), ECC_BYTE, TLS_PSK_WITH_AES_256_CCM_8}, + SUITE_INFO("PSK-AES256-CCM-8","TLS_PSK_WITH_AES_256_CCM_8",ECC_BYTE,TLS_PSK_WITH_AES_256_CCM_8), #endif #ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA384 - {"DHE-PSK-NULL-SHA384", NAME_IANA("TLS_DHE_PSK_WITH_NULL_SHA384"), CIPHER_BYTE, TLS_DHE_PSK_WITH_NULL_SHA384}, + SUITE_INFO("DHE-PSK-NULL-SHA384","TLS_DHE_PSK_WITH_NULL_SHA384",CIPHER_BYTE,TLS_DHE_PSK_WITH_NULL_SHA384), #endif #ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA256 - {"DHE-PSK-NULL-SHA256", NAME_IANA("TLS_DHE_PSK_WITH_NULL_SHA256"), CIPHER_BYTE, TLS_DHE_PSK_WITH_NULL_SHA256}, + SUITE_INFO("DHE-PSK-NULL-SHA256","TLS_DHE_PSK_WITH_NULL_SHA256",CIPHER_BYTE,TLS_DHE_PSK_WITH_NULL_SHA256), #endif #ifdef BUILD_TLS_PSK_WITH_NULL_SHA384 - {"PSK-NULL-SHA384", NAME_IANA("TLS_PSK_WITH_NULL_SHA384"), CIPHER_BYTE, TLS_PSK_WITH_NULL_SHA384}, + SUITE_INFO("PSK-NULL-SHA384","TLS_PSK_WITH_NULL_SHA384",CIPHER_BYTE,TLS_PSK_WITH_NULL_SHA384), #endif #ifdef BUILD_TLS_PSK_WITH_NULL_SHA256 - {"PSK-NULL-SHA256", NAME_IANA("TLS_PSK_WITH_NULL_SHA256"), CIPHER_BYTE, TLS_PSK_WITH_NULL_SHA256}, + SUITE_INFO("PSK-NULL-SHA256","TLS_PSK_WITH_NULL_SHA256",CIPHER_BYTE,TLS_PSK_WITH_NULL_SHA256), #endif #ifdef BUILD_TLS_PSK_WITH_NULL_SHA - {"PSK-NULL-SHA", NAME_IANA("TLS_PSK_WITH_NULL_SHA"), CIPHER_BYTE, TLS_PSK_WITH_NULL_SHA}, + SUITE_INFO("PSK-NULL-SHA","TLS_PSK_WITH_NULL_SHA",CIPHER_BYTE,TLS_PSK_WITH_NULL_SHA), #endif #ifdef BUILD_TLS_RSA_WITH_HC_128_MD5 - {"HC128-MD5", NAME_IANA("TLS_RSA_WITH_HC_128_MD5"), CIPHER_BYTE, TLS_RSA_WITH_HC_128_MD5}, + SUITE_INFO("HC128-MD5","TLS_RSA_WITH_HC_128_MD5",CIPHER_BYTE,TLS_RSA_WITH_HC_128_MD5), #endif #ifdef BUILD_TLS_RSA_WITH_HC_128_SHA - {"HC128-SHA", NAME_IANA("TLS_RSA_WITH_HC_128_SHA"), CIPHER_BYTE, TLS_RSA_WITH_HC_128_SHA}, + SUITE_INFO("HC128-SHA","TLS_RSA_WITH_HC_128_SHA",CIPHER_BYTE,TLS_RSA_WITH_HC_128_SHA), #endif #ifdef BUILD_TLS_RSA_WITH_HC_128_B2B256 - {"HC128-B2B256", NAME_IANA("TLS_RSA_WITH_HC_128_B2B256"), CIPHER_BYTE, TLS_RSA_WITH_HC_128_B2B256}, + SUITE_INFO("HC128-B2B256","TLS_RSA_WITH_HC_128_B2B256",CIPHER_BYTE,TLS_RSA_WITH_HC_128_B2B256), #endif #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256 - {"AES128-B2B256", NAME_IANA("TLS_RSA_WITH_AES_128_CBC_B2B256"), CIPHER_BYTE, TLS_RSA_WITH_AES_128_CBC_B2B256}, + SUITE_INFO("AES128-B2B256","TLS_RSA_WITH_AES_128_CBC_B2B256",CIPHER_BYTE,TLS_RSA_WITH_AES_128_CBC_B2B256), #endif #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256 - {"AES256-B2B256", NAME_IANA("TLS_RSA_WITH_AES_256_CBC_B2B256"), CIPHER_BYTE, TLS_RSA_WITH_AES_256_CBC_B2B256}, + SUITE_INFO("AES256-B2B256","TLS_RSA_WITH_AES_256_CBC_B2B256",CIPHER_BYTE,TLS_RSA_WITH_AES_256_CBC_B2B256), #endif #ifdef BUILD_TLS_RSA_WITH_RABBIT_SHA - {"RABBIT-SHA", NAME_IANA("TLS_RSA_WITH_RABBIT_SHA"), CIPHER_BYTE, TLS_RSA_WITH_RABBIT_SHA}, + SUITE_INFO("RABBIT-SHA","TLS_RSA_WITH_RABBIT_SHA",CIPHER_BYTE,TLS_RSA_WITH_RABBIT_SHA), #endif #ifdef BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA - {"NTRU-RC4-SHA", NAME_IANA("TLS_NTRU_RSA_WITH_RC4_128_SHA"), CIPHER_BYTE, TLS_NTRU_RSA_WITH_RC4_128_SHA}, + SUITE_INFO("NTRU-RC4-SHA","TLS_NTRU_RSA_WITH_RC4_128_SHA",CIPHER_BYTE,TLS_NTRU_RSA_WITH_RC4_128_SHA), #endif #ifdef BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA - {"NTRU-DES-CBC3-SHA", NAME_IANA("TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA"), CIPHER_BYTE, TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA}, + SUITE_INFO("NTRU-DES-CBC3-SHA","TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA",CIPHER_BYTE,TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA), #endif #ifdef BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA - {"NTRU-AES128-SHA", NAME_IANA("TLS_NTRU_RSA_WITH_AES_128_CBC_SHA"), CIPHER_BYTE, TLS_NTRU_RSA_WITH_AES_128_CBC_SHA}, + SUITE_INFO("NTRU-AES128-SHA","TLS_NTRU_RSA_WITH_AES_128_CBC_SHA",CIPHER_BYTE,TLS_NTRU_RSA_WITH_AES_128_CBC_SHA), #endif #ifdef BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA - {"NTRU-AES256-SHA", NAME_IANA("TLS_NTRU_RSA_WITH_AES_256_CBC_SHA"), CIPHER_BYTE, TLS_NTRU_RSA_WITH_AES_256_CBC_SHA}, + SUITE_INFO("NTRU-AES256-SHA","TLS_NTRU_RSA_WITH_AES_256_CBC_SHA",CIPHER_BYTE,TLS_NTRU_RSA_WITH_AES_256_CBC_SHA), #endif #ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8 - {"AES128-CCM-8", NAME_IANA("TLS_RSA_WITH_AES_128_CCM_8"), ECC_BYTE, TLS_RSA_WITH_AES_128_CCM_8}, + SUITE_INFO("AES128-CCM-8","TLS_RSA_WITH_AES_128_CCM_8",ECC_BYTE,TLS_RSA_WITH_AES_128_CCM_8), #endif #ifdef BUILD_TLS_RSA_WITH_AES_256_CCM_8 - {"AES256-CCM-8", NAME_IANA("TLS_RSA_WITH_AES_256_CCM_8"), ECC_BYTE, TLS_RSA_WITH_AES_256_CCM_8}, + SUITE_INFO("AES256-CCM-8","TLS_RSA_WITH_AES_256_CCM_8",ECC_BYTE,TLS_RSA_WITH_AES_256_CCM_8), #endif #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM - {"ECDHE-ECDSA-AES128-CCM", NAME_IANA("TLS_ECDHE_ECDSA_WITH_AES_128_CCM"), ECC_BYTE, TLS_ECDHE_ECDSA_WITH_AES_128_CCM}, + SUITE_INFO("ECDHE-ECDSA-AES128-CCM","TLS_ECDHE_ECDSA_WITH_AES_128_CCM",ECC_BYTE,TLS_ECDHE_ECDSA_WITH_AES_128_CCM), #endif #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 - {"ECDHE-ECDSA-AES128-CCM-8", NAME_IANA("TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8"), ECC_BYTE, TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8}, + SUITE_INFO("ECDHE-ECDSA-AES128-CCM-8","TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8",ECC_BYTE,TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8), #endif #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 - {"ECDHE-ECDSA-AES256-CCM-8", NAME_IANA("TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8"), ECC_BYTE, TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8}, + SUITE_INFO("ECDHE-ECDSA-AES256-CCM-8","TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8",ECC_BYTE,TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8), #endif #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - {"ECDHE-RSA-AES128-SHA", NAME_IANA("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"), ECC_BYTE, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA}, + SUITE_INFO("ECDHE-RSA-AES128-SHA","TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",ECC_BYTE,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA), #endif #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - {"ECDHE-RSA-AES256-SHA", NAME_IANA("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"), ECC_BYTE, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA}, + SUITE_INFO("ECDHE-RSA-AES256-SHA","TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",ECC_BYTE,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA), #endif #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA - {"ECDHE-ECDSA-AES128-SHA", NAME_IANA("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA"), ECC_BYTE, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA}, + SUITE_INFO("ECDHE-ECDSA-AES128-SHA","TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",ECC_BYTE,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA), #endif #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA - {"ECDHE-ECDSA-AES256-SHA", NAME_IANA("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"), ECC_BYTE, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA}, + SUITE_INFO("ECDHE-ECDSA-AES256-SHA","TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",ECC_BYTE,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA), #endif #ifdef BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA - {"ECDHE-RSA-RC4-SHA", NAME_IANA("TLS_ECDHE_RSA_WITH_RC4_128_SHA"), ECC_BYTE, TLS_ECDHE_RSA_WITH_RC4_128_SHA}, + SUITE_INFO("ECDHE-RSA-RC4-SHA","TLS_ECDHE_RSA_WITH_RC4_128_SHA",ECC_BYTE,TLS_ECDHE_RSA_WITH_RC4_128_SHA), #endif #ifdef BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA - {"ECDHE-RSA-DES-CBC3-SHA", NAME_IANA("TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA"), ECC_BYTE, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA}, + SUITE_INFO("ECDHE-RSA-DES-CBC3-SHA","TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",ECC_BYTE,TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA), #endif #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA - {"ECDHE-ECDSA-RC4-SHA", NAME_IANA("TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"), ECC_BYTE, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA}, + SUITE_INFO("ECDHE-ECDSA-RC4-SHA","TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",ECC_BYTE,TLS_ECDHE_ECDSA_WITH_RC4_128_SHA), #endif #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA - {"ECDHE-ECDSA-DES-CBC3-SHA", NAME_IANA("TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA"), ECC_BYTE, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA}, + SUITE_INFO("ECDHE-ECDSA-DES-CBC3-SHA","TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA",ECC_BYTE,TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA), #endif #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256 - {"AES128-SHA256", NAME_IANA("TLS_RSA_WITH_AES_128_CBC_SHA256"), CIPHER_BYTE, TLS_RSA_WITH_AES_128_CBC_SHA256}, + SUITE_INFO("AES128-SHA256","TLS_RSA_WITH_AES_128_CBC_SHA256",CIPHER_BYTE,TLS_RSA_WITH_AES_128_CBC_SHA256), #endif #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256 - {"AES256-SHA256", NAME_IANA("TLS_RSA_WITH_AES_256_CBC_SHA256"), CIPHER_BYTE, TLS_RSA_WITH_AES_256_CBC_SHA256}, + SUITE_INFO("AES256-SHA256","TLS_RSA_WITH_AES_256_CBC_SHA256",CIPHER_BYTE,TLS_RSA_WITH_AES_256_CBC_SHA256), #endif #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 - {"DHE-RSA-AES128-SHA256", NAME_IANA("TLS_DHE_RSA_WITH_AES_128_CBC_SHA256"), CIPHER_BYTE, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256}, + SUITE_INFO("DHE-RSA-AES128-SHA256","TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",CIPHER_BYTE,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256), #endif #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 - {"DHE-RSA-AES256-SHA256", NAME_IANA("TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"), CIPHER_BYTE, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256}, + SUITE_INFO("DHE-RSA-AES256-SHA256","TLS_DHE_RSA_WITH_AES_256_CBC_SHA256",CIPHER_BYTE,TLS_DHE_RSA_WITH_AES_256_CBC_SHA256), #endif #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA - {"ECDH-RSA-AES128-SHA", NAME_IANA("TLS_ECDH_RSA_WITH_AES_128_CBC_SHA"), ECC_BYTE, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA}, + SUITE_INFO("ECDH-RSA-AES128-SHA","TLS_ECDH_RSA_WITH_AES_128_CBC_SHA",ECC_BYTE,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA), #endif #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA - {"ECDH-RSA-AES256-SHA", NAME_IANA("TLS_ECDH_RSA_WITH_AES_256_CBC_SHA"), ECC_BYTE, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA}, + SUITE_INFO("ECDH-RSA-AES256-SHA","TLS_ECDH_RSA_WITH_AES_256_CBC_SHA",ECC_BYTE,TLS_ECDH_RSA_WITH_AES_256_CBC_SHA), #endif #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA - {"ECDH-ECDSA-AES128-SHA", NAME_IANA("TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA"), ECC_BYTE, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA}, + SUITE_INFO("ECDH-ECDSA-AES128-SHA","TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA",ECC_BYTE,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA), #endif #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA - {"ECDH-ECDSA-AES256-SHA", NAME_IANA("TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA"), ECC_BYTE, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA}, + SUITE_INFO("ECDH-ECDSA-AES256-SHA","TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA",ECC_BYTE,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA), #endif #ifdef BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA - {"ECDH-RSA-RC4-SHA", NAME_IANA("TLS_ECDH_RSA_WITH_RC4_128_SHA"), ECC_BYTE, TLS_ECDH_RSA_WITH_RC4_128_SHA}, + SUITE_INFO("ECDH-RSA-RC4-SHA","TLS_ECDH_RSA_WITH_RC4_128_SHA",ECC_BYTE,TLS_ECDH_RSA_WITH_RC4_128_SHA), #endif #ifdef BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA - {"ECDH-RSA-DES-CBC3-SHA", NAME_IANA("TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA"), ECC_BYTE, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA}, + SUITE_INFO("ECDH-RSA-DES-CBC3-SHA","TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA",ECC_BYTE,TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA), #endif #ifdef BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA - {"ECDH-ECDSA-RC4-SHA", NAME_IANA("TLS_ECDH_ECDSA_WITH_RC4_128_SHA"), ECC_BYTE, TLS_ECDH_ECDSA_WITH_RC4_128_SHA}, + SUITE_INFO("ECDH-ECDSA-RC4-SHA","TLS_ECDH_ECDSA_WITH_RC4_128_SHA",ECC_BYTE,TLS_ECDH_ECDSA_WITH_RC4_128_SHA), #endif #ifdef BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA - {"ECDH-ECDSA-DES-CBC3-SHA", NAME_IANA("TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA"), ECC_BYTE, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA}, + SUITE_INFO("ECDH-ECDSA-DES-CBC3-SHA","TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA",ECC_BYTE,TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA), #endif #ifdef BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256 - {"AES128-GCM-SHA256", NAME_IANA("TLS_RSA_WITH_AES_128_GCM_SHA256"), CIPHER_BYTE, TLS_RSA_WITH_AES_128_GCM_SHA256}, + SUITE_INFO("AES128-GCM-SHA256","TLS_RSA_WITH_AES_128_GCM_SHA256",CIPHER_BYTE,TLS_RSA_WITH_AES_128_GCM_SHA256), #endif #ifdef BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384 - {"AES256-GCM-SHA384", NAME_IANA("TLS_RSA_WITH_AES_256_GCM_SHA384"), CIPHER_BYTE, TLS_RSA_WITH_AES_256_GCM_SHA384}, + SUITE_INFO("AES256-GCM-SHA384","TLS_RSA_WITH_AES_256_GCM_SHA384",CIPHER_BYTE,TLS_RSA_WITH_AES_256_GCM_SHA384), #endif #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 - {"DHE-RSA-AES128-GCM-SHA256", NAME_IANA("TLS_DHE_RSA_WITH_AES_128_GCM_SHA256"), CIPHER_BYTE, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256}, + SUITE_INFO("DHE-RSA-AES128-GCM-SHA256","TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",CIPHER_BYTE,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256), #endif #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 - {"DHE-RSA-AES256-GCM-SHA384", NAME_IANA("TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"), CIPHER_BYTE, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384}, + SUITE_INFO("DHE-RSA-AES256-GCM-SHA384","TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",CIPHER_BYTE,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384), #endif #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - {"ECDHE-RSA-AES128-GCM-SHA256", NAME_IANA("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"), ECC_BYTE, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256}, + SUITE_INFO("ECDHE-RSA-AES128-GCM-SHA256","TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",ECC_BYTE,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256), #endif #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - {"ECDHE-RSA-AES256-GCM-SHA384", NAME_IANA("TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"), ECC_BYTE, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384}, + SUITE_INFO("ECDHE-RSA-AES256-GCM-SHA384","TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",ECC_BYTE,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384), #endif #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - {"ECDHE-ECDSA-AES128-GCM-SHA256", NAME_IANA("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"), ECC_BYTE, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256}, + SUITE_INFO("ECDHE-ECDSA-AES128-GCM-SHA256","TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",ECC_BYTE,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256), #endif #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 - {"ECDHE-ECDSA-AES256-GCM-SHA384", NAME_IANA("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"), ECC_BYTE, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384}, + SUITE_INFO("ECDHE-ECDSA-AES256-GCM-SHA384","TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",ECC_BYTE,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384), #endif #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 - {"ECDH-RSA-AES128-GCM-SHA256", NAME_IANA("TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256"), ECC_BYTE, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256}, + SUITE_INFO("ECDH-RSA-AES128-GCM-SHA256","TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256",ECC_BYTE,TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256), #endif #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 - {"ECDH-RSA-AES256-GCM-SHA384", NAME_IANA("TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384"), ECC_BYTE, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384}, + SUITE_INFO("ECDH-RSA-AES256-GCM-SHA384","TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384",ECC_BYTE,TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384), #endif #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 - {"ECDH-ECDSA-AES128-GCM-SHA256", NAME_IANA("TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256"), ECC_BYTE, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256}, + SUITE_INFO("ECDH-ECDSA-AES128-GCM-SHA256","TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256",ECC_BYTE,TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256), #endif #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 - {"ECDH-ECDSA-AES256-GCM-SHA384", NAME_IANA("TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384"), ECC_BYTE, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384}, + SUITE_INFO("ECDH-ECDSA-AES256-GCM-SHA384","TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384",ECC_BYTE,TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384), #endif #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA - {"CAMELLIA128-SHA", NAME_IANA("TLS_RSA_WITH_CAMELLIA_128_CBC_SHA"), CIPHER_BYTE, TLS_RSA_WITH_CAMELLIA_128_CBC_SHA}, + SUITE_INFO("CAMELLIA128-SHA","TLS_RSA_WITH_CAMELLIA_128_CBC_SHA",CIPHER_BYTE,TLS_RSA_WITH_CAMELLIA_128_CBC_SHA), #endif #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA - {"DHE-RSA-CAMELLIA128-SHA", NAME_IANA("TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA"), CIPHER_BYTE, TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA}, + SUITE_INFO("DHE-RSA-CAMELLIA128-SHA","TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA",CIPHER_BYTE,TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA), #endif #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA - {"CAMELLIA256-SHA", NAME_IANA("TLS_RSA_WITH_CAMELLIA_256_CBC_SHA"), CIPHER_BYTE, TLS_RSA_WITH_CAMELLIA_256_CBC_SHA}, + SUITE_INFO("CAMELLIA256-SHA","TLS_RSA_WITH_CAMELLIA_256_CBC_SHA",CIPHER_BYTE,TLS_RSA_WITH_CAMELLIA_256_CBC_SHA), #endif #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA - {"DHE-RSA-CAMELLIA256-SHA", NAME_IANA("TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA"), CIPHER_BYTE, TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA}, + SUITE_INFO("DHE-RSA-CAMELLIA256-SHA","TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA",CIPHER_BYTE,TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA), #endif #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 - {"CAMELLIA128-SHA256", NAME_IANA("TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256"), CIPHER_BYTE, TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256}, + SUITE_INFO("CAMELLIA128-SHA256","TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256",CIPHER_BYTE,TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256), #endif #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 - {"DHE-RSA-CAMELLIA128-SHA256", NAME_IANA("TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256"), CIPHER_BYTE, TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256}, + SUITE_INFO("DHE-RSA-CAMELLIA128-SHA256","TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256",CIPHER_BYTE,TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256), #endif #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 - {"CAMELLIA256-SHA256", NAME_IANA("TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256"), CIPHER_BYTE, TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256}, + SUITE_INFO("CAMELLIA256-SHA256","TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256",CIPHER_BYTE,TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256), #endif #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 - {"DHE-RSA-CAMELLIA256-SHA256", NAME_IANA("TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256"), CIPHER_BYTE, TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256}, + SUITE_INFO("DHE-RSA-CAMELLIA256-SHA256","TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256",CIPHER_BYTE,TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256), #endif #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - {"ECDHE-RSA-AES128-SHA256", NAME_IANA("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"), ECC_BYTE, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256}, + SUITE_INFO("ECDHE-RSA-AES128-SHA256","TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",ECC_BYTE,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256), #endif #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 - {"ECDHE-ECDSA-AES128-SHA256", NAME_IANA("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"), ECC_BYTE, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256}, + SUITE_INFO("ECDHE-ECDSA-AES128-SHA256","TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",ECC_BYTE,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256), #endif #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 - {"ECDH-RSA-AES128-SHA256", NAME_IANA("TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256"), ECC_BYTE, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256}, + SUITE_INFO("ECDH-RSA-AES128-SHA256","TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256",ECC_BYTE,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256), #endif #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 - {"ECDH-ECDSA-AES128-SHA256", NAME_IANA("TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256"), ECC_BYTE, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256}, + SUITE_INFO("ECDH-ECDSA-AES128-SHA256","TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256",ECC_BYTE,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256), #endif #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 - {"ECDHE-RSA-AES256-SHA384", NAME_IANA("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"), ECC_BYTE, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384}, + SUITE_INFO("ECDHE-RSA-AES256-SHA384","TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",ECC_BYTE,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384), #endif #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 - {"ECDHE-ECDSA-AES256-SHA384", NAME_IANA("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384"), ECC_BYTE, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384}, + SUITE_INFO("ECDHE-ECDSA-AES256-SHA384","TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",ECC_BYTE,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384), #endif #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 - {"ECDH-RSA-AES256-SHA384", NAME_IANA("TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384"), ECC_BYTE, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384}, + SUITE_INFO("ECDH-RSA-AES256-SHA384","TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384",ECC_BYTE,TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384), #endif #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 - {"ECDH-ECDSA-AES256-SHA384", NAME_IANA("TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384"), ECC_BYTE, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384}, + SUITE_INFO("ECDH-ECDSA-AES256-SHA384","TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384",ECC_BYTE,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384), #endif #ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - {"ECDHE-RSA-CHACHA20-POLY1305", NAME_IANA("TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"), CHACHA_BYTE, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256}, + SUITE_INFO("ECDHE-RSA-CHACHA20-POLY1305","TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",CHACHA_BYTE,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256), #endif #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 - {"ECDHE-ECDSA-CHACHA20-POLY1305", NAME_IANA("TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"), CHACHA_BYTE, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256}, + SUITE_INFO("ECDHE-ECDSA-CHACHA20-POLY1305","TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",CHACHA_BYTE,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256), #endif #ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - {"DHE-RSA-CHACHA20-POLY1305", NAME_IANA("TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256"), CHACHA_BYTE, TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256}, + SUITE_INFO("DHE-RSA-CHACHA20-POLY1305","TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256",CHACHA_BYTE,TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256), #endif #ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 - {"ECDHE-RSA-CHACHA20-POLY1305-OLD", NAME_IANA("TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256"), CHACHA_BYTE, TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256}, + SUITE_INFO("ECDHE-RSA-CHACHA20-POLY1305-OLD","TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256",CHACHA_BYTE,TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256), #endif #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256 - {"ECDHE-ECDSA-CHACHA20-POLY1305-OLD", NAME_IANA("TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256"), CHACHA_BYTE, TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256}, + SUITE_INFO("ECDHE-ECDSA-CHACHA20-POLY1305-OLD","TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256",CHACHA_BYTE,TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256), #endif #ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 - {"DHE-RSA-CHACHA20-POLY1305-OLD", NAME_IANA("TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256"), CHACHA_BYTE, TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256}, + SUITE_INFO("DHE-RSA-CHACHA20-POLY1305-OLD","TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256",CHACHA_BYTE,TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256), #endif #ifdef BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA - {"ADH-AES128-SHA", NAME_IANA("TLS_DH_anon_WITH_AES_128_CBC_SHA"), CIPHER_BYTE, TLS_DH_anon_WITH_AES_128_CBC_SHA}, + SUITE_INFO("ADH-AES128-SHA","TLS_DH_anon_WITH_AES_128_CBC_SHA",CIPHER_BYTE,TLS_DH_anon_WITH_AES_128_CBC_SHA), #endif #ifdef BUILD_TLS_DH_anon_WITH_AES_256_GCM_SHA384 - {"ADH-AES256-GCM-SHA384", NAME_IANA("TLS_DH_anon_WITH_AES_256_GCM_SHA384"), CIPHER_BYTE, TLS_DH_anon_WITH_AES_256_GCM_SHA384}, + SUITE_INFO("ADH-AES256-GCM-SHA384","TLS_DH_anon_WITH_AES_256_GCM_SHA384",CIPHER_BYTE,TLS_DH_anon_WITH_AES_256_GCM_SHA384), #endif #ifdef BUILD_TLS_QSH - {"QSH", NAME_IANA("TLS_QSH"), QSH_BYTE, TLS_QSH}, + SUITE_INFO("QSH","TLS_QSH",QSH_BYTE,TLS_QSH), #endif #ifdef HAVE_RENEGOTIATION_INDICATION - {"RENEGOTIATION-INFO", NAME_IANA("TLS_EMPTY_RENEGOTIATION_INFO_SCSV"), CIPHER_BYTE, TLS_EMPTY_RENEGOTIATION_INFO_SCSV}, + SUITE_INFO("RENEGOTIATION-INFO","TLS_EMPTY_RENEGOTIATION_INFO_SCSV",CIPHER_BYTE,TLS_EMPTY_RENEGOTIATION_INFO_SCSV), #endif #ifdef BUILD_SSL_RSA_WITH_IDEA_CBC_SHA - {"IDEA-CBC-SHA", NAME_IANA("SSL_RSA_WITH_IDEA_CBC_SHA"), CIPHER_BYTE, SSL_RSA_WITH_IDEA_CBC_SHA}, + SUITE_INFO("IDEA-CBC-SHA","SSL_RSA_WITH_IDEA_CBC_SHA",CIPHER_BYTE,SSL_RSA_WITH_IDEA_CBC_SHA), #endif #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_NULL_SHA - {"ECDHE-ECDSA-NULL-SHA", NAME_IANA("TLS_ECDHE_ECDSA_WITH_NULL_SHA"), ECC_BYTE, TLS_ECDHE_ECDSA_WITH_NULL_SHA}, + SUITE_INFO("ECDHE-ECDSA-NULL-SHA","TLS_ECDHE_ECDSA_WITH_NULL_SHA",ECC_BYTE,TLS_ECDHE_ECDSA_WITH_NULL_SHA), #endif #ifdef BUILD_TLS_ECDHE_PSK_WITH_NULL_SHA256 - {"ECDHE-PSK-NULL-SHA256", NAME_IANA("TLS_ECDHE_PSK_WITH_NULL_SHA256"), ECC_BYTE, TLS_ECDHE_PSK_WITH_NULL_SHA256}, + SUITE_INFO("ECDHE-PSK-NULL-SHA256","TLS_ECDHE_PSK_WITH_NULL_SHA256",ECC_BYTE,TLS_ECDHE_PSK_WITH_NULL_SHA256), #endif #ifdef BUILD_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 - {"ECDHE-PSK-AES128-CBC-SHA256", NAME_IANA("TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256"), ECC_BYTE, TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256}, + SUITE_INFO("ECDHE-PSK-AES128-CBC-SHA256","TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256",ECC_BYTE,TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256), #endif #ifdef BUILD_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 - {"PSK-CHACHA20-POLY1305", NAME_IANA("TLS_PSK_WITH_CHACHA20_POLY1305_SHA256"), CHACHA_BYTE, TLS_PSK_WITH_CHACHA20_POLY1305_SHA256}, + SUITE_INFO("PSK-CHACHA20-POLY1305","TLS_PSK_WITH_CHACHA20_POLY1305_SHA256",CHACHA_BYTE,TLS_PSK_WITH_CHACHA20_POLY1305_SHA256), #endif #ifdef BUILD_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 - {"ECDHE-PSK-CHACHA20-POLY1305", NAME_IANA("TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256"), CHACHA_BYTE, TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256}, + SUITE_INFO("ECDHE-PSK-CHACHA20-POLY1305","TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256",CHACHA_BYTE,TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256), #endif #ifdef BUILD_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 - {"DHE-PSK-CHACHA20-POLY1305", NAME_IANA("TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256"), CHACHA_BYTE, TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256}, + SUITE_INFO("DHE-PSK-CHACHA20-POLY1305","TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256",CHACHA_BYTE,TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256), #endif #ifdef BUILD_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA - {"EDH-RSA-DES-CBC3-SHA", NAME_IANA("TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA"), CIPHER_BYTE, TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA}, + SUITE_INFO("EDH-RSA-DES-CBC3-SHA","TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA",CIPHER_BYTE,TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA), #endif #ifdef BUILD_WDM_WITH_NULL_SHA256 - {"WDM-NULL-SHA256", NAME_IANA("WDM_WITH_NULL_SHA256"), CIPHER_BYTE, WDM_WITH_NULL_SHA256}, + SUITE_INFO("WDM-NULL-SHA256","WDM_WITH_NULL_SHA256",CIPHER_BYTE,WDM_WITH_NULL_SHA256), #endif #endif /* WOLFSSL_NO_TLS12 */ #ifdef BUILD_TLS_AES_128_GCM_SHA256 - {"TLS13-AES128-GCM-SHA256", NAME_IANA("TLS_AES_128_GCM_SHA256"), TLS13_BYTE, TLS_AES_128_GCM_SHA256}, + SUITE_INFO("TLS13-AES128-GCM-SHA256","TLS_AES_128_GCM_SHA256",TLS13_BYTE,TLS_AES_128_GCM_SHA256), #endif #ifdef BUILD_TLS_AES_256_GCM_SHA384 - {"TLS13-AES256-GCM-SHA384", NAME_IANA("TLS_AES_256_GCM_SHA384"), TLS13_BYTE, TLS_AES_256_GCM_SHA384}, + SUITE_INFO("TLS13-AES256-GCM-SHA384","TLS_AES_256_GCM_SHA384",TLS13_BYTE,TLS_AES_256_GCM_SHA384), #endif #ifdef BUILD_TLS_CHACHA20_POLY1305_SHA256 - {"TLS13-CHACHA20-POLY1305-SHA256", NAME_IANA("TLS_CHACHA20_POLY1305_SHA256"), TLS13_BYTE, TLS_CHACHA20_POLY1305_SHA256}, + SUITE_INFO("TLS13-CHACHA20-POLY1305-SHA256","TLS_CHACHA20_POLY1305_SHA256",TLS13_BYTE,TLS_CHACHA20_POLY1305_SHA256), #endif #ifdef BUILD_TLS_AES_128_CCM_SHA256 - {"TLS13-AES128-CCM-SHA256", NAME_IANA("TLS_AES_128_CCM_SHA256"), TLS13_BYTE, TLS_AES_128_CCM_SHA256}, + SUITE_INFO("TLS13-AES128-CCM-SHA256","TLS_AES_128_CCM_SHA256",TLS13_BYTE,TLS_AES_128_CCM_SHA256), #endif #ifdef BUILD_TLS_AES_128_CCM_8_SHA256 - {"TLS13-AES128-CCM-8-SHA256", NAME_IANA("TLS_AES_128_CCM_8_SHA256"), TLS13_BYTE, TLS_AES_128_CCM_8_SHA256}, + SUITE_INFO("TLS13-AES128-CCM-8-SHA256","TLS_AES_128_CCM_8_SHA256",TLS13_BYTE,TLS_AES_128_CCM_8_SHA256), #endif }; -#undef NAME_IANA - /* returns the cipher_names array */ const CipherSuiteInfo* GetCipherNames(void) @@ -15952,6 +15950,7 @@ const char* GetCipherNameInternal(const byte cipherSuite0, const byte cipherSuit const char* GetCipherNameIana(const byte cipherSuite0, const byte cipherSuite) { +#ifndef NO_ERROR_STRINGS int i; const char* nameIana = "NONE"; @@ -15963,6 +15962,11 @@ const char* GetCipherNameIana(const byte cipherSuite0, const byte cipherSuite) } } return nameIana; +#else + (void)cipherSuite0; + (void)cipherSuite; + return NULL; +#endif } const char* wolfSSL_get_cipher_name_internal(WOLFSSL* ssl) diff --git a/wolfssl/internal.h b/wolfssl/internal.h index c9ef6413d..a4be73250 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -3997,7 +3997,9 @@ WOLFSSL_LOCAL word32 LowResTimer(void); typedef struct CipherSuiteInfo { const char* name; +#ifndef NO_ERROR_STRINGS const char* name_iana; +#endif byte cipherSuite0; byte cipherSuite; } CipherSuiteInfo; From 1a7d208a6053942cf5e0c3ad8b55611f90e31251 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Tue, 29 May 2018 16:57:30 -0600 Subject: [PATCH 100/146] add crl2.pem to renew certs script --- certs/crl/caEcc384Crl.pem | 32 ++++++------ certs/crl/caEccCrl.pem | 24 ++++----- certs/crl/cliCrl.pem | 56 ++++++++++---------- certs/crl/crl.pem | 54 +++++++++---------- certs/crl/crl.revoked | 58 ++++++++++----------- certs/crl/crl2.pem | 106 +++++++++++++++++++------------------- certs/crl/eccCliCRL.pem | 26 +++++----- certs/crl/eccSrvCRL.pem | 24 ++++----- certs/crl/gencrls.sh | 8 +++ 9 files changed, 198 insertions(+), 190 deletions(-) diff --git a/certs/crl/caEcc384Crl.pem b/certs/crl/caEcc384Crl.pem index 89a6da907..f8b35397c 100644 --- a/certs/crl/caEcc384Crl.pem +++ b/certs/crl/caEcc384Crl.pem @@ -2,28 +2,28 @@ Certificate Revocation List (CRL): Version 2 (0x1) Signature Algorithm: ecdsa-with-SHA256 Issuer: /C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Development/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - Last Update: Apr 13 15:23:11 2018 GMT - Next Update: Jan 7 15:23:11 2021 GMT + Last Update: May 29 22:47:57 2018 GMT + Next Update: Jan 7 22:47:57 2021 GMT CRL extensions: X509v3 CRL Number: - 4 + 5 Revoked Certificates: Serial Number: 02 - Revocation Date: Apr 13 15:23:11 2018 GMT + Revocation Date: May 29 22:47:57 2018 GMT Signature Algorithm: ecdsa-with-SHA256 - 30:64:02:30:10:47:d3:ee:02:8f:67:b4:f5:8a:c6:36:67:dd: - c2:ea:f4:69:1f:e2:a1:24:80:6c:d7:77:93:af:80:ed:b2:d1: - 89:cc:c4:39:a7:69:85:7a:4f:13:7c:83:c6:62:f4:ae:02:30: - 68:2e:c7:67:a0:65:7e:bc:1d:01:f0:af:96:0f:7f:de:b1:4b: - a8:3d:10:8f:39:bc:82:9a:55:a8:45:d0:16:d4:08:f2:c9:d6: - dc:11:f1:0c:50:5a:72:6a:00:62:06:97 + 30:65:02:31:00:93:d7:82:a5:dc:83:90:fd:67:07:55:0a:70: + f4:61:8c:7d:9a:22:49:e7:a2:27:02:90:99:9e:cd:5d:58:ef: + 5e:fc:cb:ad:88:6a:ac:93:39:b2:85:e5:7b:22:fd:f4:23:02: + 30:5a:a8:08:73:d1:ac:59:02:7d:5c:33:16:b2:18:d1:8b:98: + a4:16:f5:bd:cb:aa:60:07:7a:39:17:0b:06:8d:58:f2:12:98: + 2e:09:01:a7:f2:b6:7d:69:3c:35:ef:4b:e0 -----BEGIN X509 CRL----- -MIIBZTCB7QIBATAKBggqhkjOPQQDAjCBlzELMAkGA1UEBhMCVVMxEzARBgNVBAgM +MIIBZjCB7QIBATAKBggqhkjOPQQDAjCBlzELMAkGA1UEBhMCVVMxEzARBgNVBAgM Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZTU0wx FDASBgNVBAsMC0RldmVsb3BtZW50MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20x -HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTE4MDQxMzE1MjMxMVoX -DTIxMDEwNzE1MjMxMVowFDASAgECFw0xODA0MTMxNTIzMTFaoA4wDDAKBgNVHRQE -AwIBBDAKBggqhkjOPQQDAgNnADBkAjAQR9PuAo9ntPWKxjZn3cLq9Gkf4qEkgGzX -d5OvgO2y0YnMxDmnaYV6TxN8g8Zi9K4CMGgux2egZX68HQHwr5YPf96xS6g9EI85 -vIKaVahF0BbUCPLJ1twR8QxQWnJqAGIGlw== +HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTE4MDUyOTIyNDc1N1oX +DTIxMDEwNzIyNDc1N1owFDASAgECFw0xODA1MjkyMjQ3NTdaoA4wDDAKBgNVHRQE +AwIBBTAKBggqhkjOPQQDAgNoADBlAjEAk9eCpdyDkP1nB1UKcPRhjH2aIknnoicC +kJmezV1Y7178y62IaqyTObKF5Xsi/fQjAjBaqAhz0axZAn1cMxayGNGLmKQW9b3L +qmAHejkXCwaNWPISmC4JAafytn1pPDXvS+A= -----END X509 CRL----- diff --git a/certs/crl/caEccCrl.pem b/certs/crl/caEccCrl.pem index 4aefaf9d0..23799573c 100644 --- a/certs/crl/caEccCrl.pem +++ b/certs/crl/caEccCrl.pem @@ -2,25 +2,25 @@ Certificate Revocation List (CRL): Version 2 (0x1) Signature Algorithm: ecdsa-with-SHA256 Issuer: /C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Development/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - Last Update: Apr 13 15:23:11 2018 GMT - Next Update: Jan 7 15:23:11 2021 GMT + Last Update: May 29 22:47:57 2018 GMT + Next Update: Jan 7 22:47:57 2021 GMT CRL extensions: X509v3 CRL Number: - 3 + 4 Revoked Certificates: Serial Number: 02 - Revocation Date: Apr 13 15:23:11 2018 GMT + Revocation Date: May 29 22:47:57 2018 GMT Signature Algorithm: ecdsa-with-SHA256 - 30:45:02:21:00:90:9f:1f:35:29:5a:07:13:62:12:93:6f:8a: - e4:3a:73:fe:ca:20:36:17:7a:26:b4:88:c8:0a:6d:a2:b4:02: - 4b:02:20:53:77:d5:8f:fc:ac:d7:1e:e5:71:46:9b:19:65:d0: - 75:4d:3c:88:c9:e1:d1:c5:3f:a5:99:08:b9:f6:37:34:33 + 30:45:02:20:56:6f:9b:7d:a8:f2:8e:f1:f5:76:fa:f2:89:1a: + a4:0f:c4:5c:e8:60:33:a5:39:2d:d1:0a:72:4e:4e:ac:5e:fe: + 02:21:00:b9:66:ac:5c:dc:8c:98:f1:f8:bb:cf:ff:13:06:3e: + 47:b8:24:22:54:89:95:60:11:ab:31:60:27:4d:c4:9c:70 -----BEGIN X509 CRL----- MIIBRjCB7QIBATAKBggqhkjOPQQDAjCBlzELMAkGA1UEBhMCVVMxEzARBgNVBAgM Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZTU0wx FDASBgNVBAsMC0RldmVsb3BtZW50MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20x -HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTE4MDQxMzE1MjMxMVoX -DTIxMDEwNzE1MjMxMVowFDASAgECFw0xODA0MTMxNTIzMTFaoA4wDDAKBgNVHRQE -AwIBAzAKBggqhkjOPQQDAgNIADBFAiEAkJ8fNSlaBxNiEpNviuQ6c/7KIDYXeia0 -iMgKbaK0AksCIFN31Y/8rNce5XFGmxll0HVNPIjJ4dHFP6WZCLn2NzQz +HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTE4MDUyOTIyNDc1N1oX +DTIxMDEwNzIyNDc1N1owFDASAgECFw0xODA1MjkyMjQ3NTdaoA4wDDAKBgNVHRQE +AwIBBDAKBggqhkjOPQQDAgNIADBFAiBWb5t9qPKO8fV2+vKJGqQPxFzoYDOlOS3R +CnJOTqxe/gIhALlmrFzcjJjx+LvP/xMGPke4JCJUiZVgEasxYCdNxJxw -----END X509 CRL----- diff --git a/certs/crl/cliCrl.pem b/certs/crl/cliCrl.pem index b0fce0a2a..6a0ce1b37 100644 --- a/certs/crl/cliCrl.pem +++ b/certs/crl/cliCrl.pem @@ -2,41 +2,41 @@ Certificate Revocation List (CRL): Version 2 (0x1) Signature Algorithm: sha256WithRSAEncryption Issuer: /C=US/ST=Montana/L=Bozeman/O=wolfSSL_2048/OU=Programming-2048/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - Last Update: Apr 13 15:23:11 2018 GMT - Next Update: Jan 7 15:23:11 2021 GMT + Last Update: May 29 22:47:57 2018 GMT + Next Update: Jan 7 22:47:57 2021 GMT CRL extensions: X509v3 CRL Number: - 5 + 6 Revoked Certificates: Serial Number: 02 - Revocation Date: Apr 13 15:23:11 2018 GMT + Revocation Date: May 29 22:47:57 2018 GMT Signature Algorithm: sha256WithRSAEncryption - 2b:9e:c4:ff:03:1d:6c:76:08:5d:72:17:85:f6:26:0c:9a:b9: - 89:88:00:99:1e:2a:98:b0:0e:41:11:c0:c5:ed:c1:29:75:db: - f2:41:4b:83:a6:17:95:cf:de:d5:03:85:f0:a9:be:25:68:a6: - 43:a3:35:79:e9:49:e4:27:d0:57:fb:cf:2e:01:67:9e:68:ba: - ae:40:2c:87:ba:6f:3f:3c:5f:25:fa:71:f5:5d:79:71:44:8d: - 34:8f:56:de:dc:74:76:cd:67:14:8a:ab:0f:8d:8c:37:aa:4b: - e6:bb:5f:c6:a1:23:46:f5:73:ab:42:c4:10:6f:66:57:4d:db: - 7a:0d:0d:4a:a1:bd:f6:8a:bf:9d:82:00:99:8f:51:87:b3:42: - c3:3b:44:e2:e5:2c:a3:84:65:b7:5e:17:2d:7e:d2:81:6d:41: - d6:36:62:24:f1:e0:a8:12:eb:2d:84:36:bd:c7:36:8a:10:e8: - dd:09:de:b6:0f:3a:8a:d7:74:37:71:69:52:fb:b6:74:39:43: - 53:0e:18:c6:7c:09:5b:26:bb:59:f6:c1:db:dc:a2:1c:ee:64: - 36:dd:7a:49:f3:f5:53:7b:a0:f0:e7:91:af:03:cd:89:20:f4: - 1c:76:9b:3a:f0:15:4c:88:ab:86:82:c3:d2:90:5b:9f:f2:a6: - 4d:18:06:55 + 7b:c2:9a:bc:3a:b4:15:d0:fc:7c:8c:cd:da:23:30:08:7b:2d: + 8e:a7:2a:d7:e0:2e:c7:a6:2b:54:c9:0b:2f:d6:52:6c:98:c6: + 2a:fb:5d:68:0f:43:26:d6:c6:63:8c:79:1f:53:df:55:a9:64: + 88:da:da:09:49:90:11:dd:d2:43:87:14:f7:54:37:8d:57:52: + 72:af:56:0a:cf:93:f1:46:fa:ed:f8:cd:af:a9:9e:26:ec:45: + e3:ec:3f:ed:7e:48:10:cf:3a:94:45:8f:24:e0:e6:41:2e:1e: + bf:11:a9:4b:d3:d9:b3:1e:95:5b:6b:9b:68:18:a3:74:08:a6: + 87:b2:f3:a8:9a:33:5b:8b:97:09:16:72:68:8b:52:a2:79:2a: + e7:b5:aa:17:4e:b3:99:60:8f:30:35:c0:19:6a:0f:1a:23:b9: + bc:5a:8c:99:0e:cd:e4:bd:a3:6e:47:5e:e9:c1:53:97:40:ec: + 56:0b:24:cf:e5:7f:aa:1e:62:4d:46:a1:21:85:c7:b8:1b:74: + d4:03:52:d7:50:58:70:e0:db:03:66:ef:77:cc:6d:1e:a1:4d: + 84:45:c5:c2:15:d0:88:76:73:44:be:7b:8b:f2:94:b6:5b:99: + d4:69:7e:0f:4a:4e:90:ed:a9:b8:19:92:e1:b5:64:75:56:26: + f9:c1:2f:06 -----BEGIN X509 CRL----- MIICDjCB9wIBATANBgkqhkiG9w0BAQsFADCBnjELMAkGA1UEBhMCVVMxEDAOBgNV BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFTATBgNVBAoMDHdvbGZTU0xf MjA0ODEZMBcGA1UECwwQUHJvZ3JhbW1pbmctMjA0ODEYMBYGA1UEAwwPd3d3Lndv -bGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0xODA0 -MTMxNTIzMTFaFw0yMTAxMDcxNTIzMTFaMBQwEgIBAhcNMTgwNDEzMTUyMzExWqAO -MAwwCgYDVR0UBAMCAQUwDQYJKoZIhvcNAQELBQADggEBACuexP8DHWx2CF1yF4X2 -JgyauYmIAJkeKpiwDkERwMXtwSl12/JBS4OmF5XP3tUDhfCpviVopkOjNXnpSeQn -0Ff7zy4BZ55ouq5ALIe6bz88XyX6cfVdeXFEjTSPVt7cdHbNZxSKqw+NjDeqS+a7 -X8ahI0b1c6tCxBBvZldN23oNDUqhvfaKv52CAJmPUYezQsM7ROLlLKOEZbdeFy1+ -0oFtQdY2YiTx4KgS6y2ENr3HNooQ6N0J3rYPOorXdDdxaVL7tnQ5Q1MOGMZ8CVsm -u1n2wdvcohzuZDbdeknz9VN7oPDnka8DzYkg9Bx2mzrwFUyIq4aCw9KQW5/ypk0Y -BlU= +bGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0xODA1 +MjkyMjQ3NTdaFw0yMTAxMDcyMjQ3NTdaMBQwEgIBAhcNMTgwNTI5MjI0NzU3WqAO +MAwwCgYDVR0UBAMCAQYwDQYJKoZIhvcNAQELBQADggEBAHvCmrw6tBXQ/HyMzdoj +MAh7LY6nKtfgLsemK1TJCy/WUmyYxir7XWgPQybWxmOMeR9T31WpZIja2glJkBHd +0kOHFPdUN41XUnKvVgrPk/FG+u34za+pnibsRePsP+1+SBDPOpRFjyTg5kEuHr8R +qUvT2bMelVtrm2gYo3QIpoey86iaM1uLlwkWcmiLUqJ5Kue1qhdOs5lgjzA1wBlq +DxojubxajJkOzeS9o25HXunBU5dA7FYLJM/lf6oeYk1GoSGFx7gbdNQDUtdQWHDg +2wNm73fMbR6hTYRFxcIV0Ih2c0S+e4vylLZbmdRpfg9KTpDtqbgZkuG1ZHVWJvnB +LwY= -----END X509 CRL----- diff --git a/certs/crl/crl.pem b/certs/crl/crl.pem index a566ff103..bbcf5ecdd 100644 --- a/certs/crl/crl.pem +++ b/certs/crl/crl.pem @@ -2,40 +2,40 @@ Certificate Revocation List (CRL): Version 2 (0x1) Signature Algorithm: sha256WithRSAEncryption Issuer: /C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - Last Update: Apr 13 15:23:11 2018 GMT - Next Update: Jan 7 15:23:11 2021 GMT + Last Update: May 29 22:47:57 2018 GMT + Next Update: Jan 7 22:47:57 2021 GMT CRL extensions: X509v3 CRL Number: - 1 + 2 Revoked Certificates: Serial Number: 02 - Revocation Date: Apr 13 15:23:11 2018 GMT + Revocation Date: May 29 22:47:57 2018 GMT Signature Algorithm: sha256WithRSAEncryption - 23:8e:10:e0:29:d3:dc:ab:f4:82:ad:d9:66:a4:96:ff:5b:c0: - 5f:f2:44:cf:6e:cc:df:b4:52:2f:06:8a:d3:80:a3:0e:63:3c: - 49:da:76:51:4a:70:c8:05:d9:e8:14:7b:87:df:62:39:46:e1: - d4:a1:45:2b:33:37:c7:94:e9:92:2c:ca:b0:d5:34:1c:ea:b4: - d8:a2:10:5b:36:ff:04:b2:a9:f4:9b:94:18:c0:a2:03:2f:1a: - d3:f5:d3:c4:fd:b6:6b:b2:c6:f6:3c:e5:45:a2:d6:97:2c:b9: - 63:ad:0a:cd:01:33:a0:ff:0c:ac:86:b5:22:b8:a7:aa:8b:9d: - c0:ea:79:01:12:6b:b1:be:13:fe:85:d0:40:24:75:7e:8d:4e: - 30:5d:62:4f:9b:5b:01:5e:4a:b2:50:c8:c1:39:50:b7:3f:8d: - 9c:d0:30:6f:0c:e6:66:69:f6:f9:51:6d:c9:6c:b1:df:6e:d5: - 73:53:61:4c:99:2a:58:88:db:5c:b6:60:ed:18:2a:81:be:83: - 09:c4:f5:0c:0c:a2:44:c7:ab:c8:ff:68:c5:48:24:c9:a4:fa: - bf:b4:f5:42:12:fd:b6:6e:db:8b:8d:e7:86:a5:4c:02:8f:fe: - 01:c7:0f:bd:fb:48:ce:c6:29:a6:ed:48:51:d3:3f:c8:ce:ca: - 4b:e7:b4:f6 + 6b:c1:26:13:77:62:8e:4e:a9:e5:87:b6:f6:66:c8:1f:cc:6a: + 20:94:f0:f6:a5:c6:b7:aa:03:b7:60:cf:74:16:5e:2f:c6:10: + 8c:82:c9:31:da:20:23:c0:9e:f0:64:4b:cc:d8:6c:ec:57:1a: + 5c:27:ec:36:db:64:f0:28:b2:34:33:d2:aa:1b:55:e7:4a:1f: + c2:51:e9:b8:32:a8:be:53:ee:21:65:f7:c5:92:d0:0d:98:db: + 65:50:7f:35:98:21:5b:52:a0:1e:ce:79:af:66:de:55:81:11: + 0f:b0:8d:20:a8:48:f3:ff:ca:99:69:04:d8:c6:ec:98:de:8b: + 56:e1:53:cf:0b:da:47:91:9e:27:ff:d2:2d:a3:65:61:80:89: + 64:20:65:12:41:ce:8e:c8:55:a5:90:8d:fa:02:45:6b:28:6e: + 28:ab:5a:94:c3:49:37:d0:b1:8e:d1:3b:9f:da:7e:36:73:d9: + 8d:a5:60:97:71:51:6f:7b:88:90:84:14:0a:50:31:3c:e1:63: + d6:dd:26:e9:f5:63:b2:ae:54:4e:8f:80:aa:2b:4c:94:ab:08: + 16:03:b0:31:3a:16:f3:c6:20:0a:00:c9:52:7c:88:72:23:8d: + 80:c9:98:45:c3:44:1e:84:99:b8:53:1e:67:23:bc:aa:80:f6: + 77:58:0a:7a -----BEGIN X509 CRL----- MIICBDCB7QIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMxEDAOBgNV BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3Ro MRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20x -HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTE4MDQxMzE1MjMxMVoX -DTIxMDEwNzE1MjMxMVowFDASAgECFw0xODA0MTMxNTIzMTFaoA4wDDAKBgNVHRQE -AwIBATANBgkqhkiG9w0BAQsFAAOCAQEAI44Q4CnT3Kv0gq3ZZqSW/1vAX/JEz27M -37RSLwaK04CjDmM8Sdp2UUpwyAXZ6BR7h99iOUbh1KFFKzM3x5TpkizKsNU0HOq0 -2KIQWzb/BLKp9JuUGMCiAy8a0/XTxP22a7LG9jzlRaLWlyy5Y60KzQEzoP8MrIa1 -IrinqoudwOp5ARJrsb4T/oXQQCR1fo1OMF1iT5tbAV5KslDIwTlQtz+NnNAwbwzm -Zmn2+VFtyWyx327Vc1NhTJkqWIjbXLZg7Rgqgb6DCcT1DAyiRMeryP9oxUgkyaT6 -v7T1QhL9tm7bi43nhqVMAo/+AccPvftIzsYppu1IUdM/yM7KS+e09g== +HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTE4MDUyOTIyNDc1N1oX +DTIxMDEwNzIyNDc1N1owFDASAgECFw0xODA1MjkyMjQ3NTdaoA4wDDAKBgNVHRQE +AwIBAjANBgkqhkiG9w0BAQsFAAOCAQEAa8EmE3dijk6p5Ye29mbIH8xqIJTw9qXG +t6oDt2DPdBZeL8YQjILJMdogI8Ce8GRLzNhs7FcaXCfsNttk8CiyNDPSqhtV50of +wlHpuDKovlPuIWX3xZLQDZjbZVB/NZghW1KgHs55r2beVYERD7CNIKhI8//KmWkE +2MbsmN6LVuFTzwvaR5GeJ//SLaNlYYCJZCBlEkHOjshVpZCN+gJFayhuKKtalMNJ +N9CxjtE7n9p+NnPZjaVgl3FRb3uIkIQUClAxPOFj1t0m6fVjsq5UTo+AqitMlKsI +FgOwMToW88YgCgDJUnyIciONgMmYRcNEHoSZuFMeZyO8qoD2d1gKeg== -----END X509 CRL----- diff --git a/certs/crl/crl.revoked b/certs/crl/crl.revoked index 9fa2b6b0f..df6c204e8 100644 --- a/certs/crl/crl.revoked +++ b/certs/crl/crl.revoked @@ -2,43 +2,43 @@ Certificate Revocation List (CRL): Version 2 (0x1) Signature Algorithm: sha256WithRSAEncryption Issuer: /C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - Last Update: Apr 13 15:23:11 2018 GMT - Next Update: Jan 7 15:23:11 2021 GMT + Last Update: May 29 22:47:57 2018 GMT + Next Update: Jan 7 22:47:57 2021 GMT CRL extensions: X509v3 CRL Number: - 2 + 3 Revoked Certificates: Serial Number: 01 - Revocation Date: Apr 13 15:23:11 2018 GMT + Revocation Date: May 29 22:47:57 2018 GMT Serial Number: 02 - Revocation Date: Apr 13 15:23:11 2018 GMT + Revocation Date: May 29 22:47:57 2018 GMT Signature Algorithm: sha256WithRSAEncryption - 35:8c:0d:51:3a:59:d5:2a:f3:da:b6:bc:1e:f6:3f:b3:6b:2d: - d2:c0:e3:6a:1d:7f:c5:33:39:2a:be:1b:14:58:55:bd:3d:42: - 2a:62:7a:46:96:b6:0b:cc:b7:3d:5b:22:2d:fc:25:95:4b:9a: - de:0d:df:fc:c1:95:72:dd:90:a0:86:ec:3b:6a:7a:30:96:4a: - 7d:e9:56:e3:0b:b2:7c:fd:01:c1:79:41:5d:53:3a:e2:a2:b5: - 29:7b:a2:d2:8e:10:c3:4c:3c:18:54:68:7e:25:1b:c2:2d:7e: - 7c:01:51:6b:57:cb:31:57:80:84:51:1c:da:45:43:4b:65:6c: - 26:e7:a1:b7:49:16:8c:e2:47:9f:3b:64:bd:b9:94:4a:ae:19: - 8b:1d:a8:a8:08:01:3b:c9:14:91:55:71:d6:68:87:0a:dd:bb: - 81:d6:0f:96:bc:91:64:98:28:a1:45:7c:50:d8:78:dd:7f:b7: - 81:6b:db:d6:cc:28:c5:d4:77:78:b9:d0:51:08:98:61:ff:fb: - fe:aa:0a:ac:1e:4e:27:7b:c7:aa:0f:86:bd:1e:34:21:ba:e0: - 4b:ce:bc:65:1b:ec:e7:d0:4e:0f:cd:c1:ac:13:da:51:08:e3: - 11:d8:87:15:5d:f1:5f:f1:8b:7f:5d:5b:bd:24:5c:a8:13:24: - 6f:19:6d:8a + b4:bb:8c:be:03:d7:e3:38:93:ef:31:1c:11:a4:de:77:9a:5d: + 11:4c:5c:e4:7b:e5:c7:ac:6a:b4:bc:2a:f9:5a:01:bd:72:20: + 77:b6:46:4b:8c:c3:25:d7:c4:a6:39:fe:cf:9a:99:9d:af:02: + 3e:15:fe:38:b2:04:7e:99:74:63:61:07:8e:8e:f7:23:b4:96: + b8:85:2f:01:cb:e6:e4:c3:3d:cb:31:e7:60:38:02:3b:8a:da: + 15:d2:37:34:8b:da:3d:c7:c8:0d:f6:1f:da:f5:ac:66:a1:0d: + 22:73:a5:78:76:88:04:ec:7c:80:8b:a0:99:40:4b:56:aa:aa: + 8e:01:7b:66:b7:6e:9e:5b:82:e7:4c:9d:99:27:8f:cb:cb:26: + c1:38:ed:bc:3c:e5:07:79:0b:79:7c:29:60:08:72:01:fc:9a: + 2a:60:7e:93:f3:a8:a5:29:93:58:e6:8d:2f:6a:02:d5:70:7e: + cc:fd:69:6f:b4:09:60:c0:da:bb:ca:b1:e1:e2:91:85:9c:a3: + 46:73:99:19:4d:77:e5:1c:80:33:04:34:5d:c1:e3:88:6d:b1: + 10:6c:79:9a:dd:e9:ac:d8:82:f6:0d:f0:7c:4b:de:fd:f1:17: + 04:54:8e:56:ec:3c:79:06:17:30:42:39:d5:98:0d:bb:78:b3: + 9f:4e:5b:87 -----BEGIN X509 CRL----- MIICGTCCAQECAQEwDQYJKoZIhvcNAQELBQAwgZQxCzAJBgNVBAYTAlVTMRAwDgYD VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290 aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t -MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0xODA0MTMxNTIzMTFa -Fw0yMTAxMDcxNTIzMTFaMCgwEgIBARcNMTgwNDEzMTUyMzExWjASAgECFw0xODA0 -MTMxNTIzMTFaoA4wDDAKBgNVHRQEAwIBAjANBgkqhkiG9w0BAQsFAAOCAQEANYwN -UTpZ1Srz2ra8HvY/s2st0sDjah1/xTM5Kr4bFFhVvT1CKmJ6Rpa2C8y3PVsiLfwl -lUua3g3f/MGVct2QoIbsO2p6MJZKfelW4wuyfP0BwXlBXVM64qK1KXui0o4Qw0w8 -GFRofiUbwi1+fAFRa1fLMVeAhFEc2kVDS2VsJueht0kWjOJHnztkvbmUSq4Zix2o -qAgBO8kUkVVx1miHCt27gdYPlryRZJgooUV8UNh43X+3gWvb1swoxdR3eLnQUQiY -Yf/7/qoKrB5OJ3vHqg+GvR40IbrgS868ZRvs59BOD83BrBPaUQjjEdiHFV3xX/GL -f11bvSRcqBMkbxltig== +MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0xODA1MjkyMjQ3NTda +Fw0yMTAxMDcyMjQ3NTdaMCgwEgIBARcNMTgwNTI5MjI0NzU3WjASAgECFw0xODA1 +MjkyMjQ3NTdaoA4wDDAKBgNVHRQEAwIBAzANBgkqhkiG9w0BAQsFAAOCAQEAtLuM +vgPX4ziT7zEcEaTed5pdEUxc5Hvlx6xqtLwq+VoBvXIgd7ZGS4zDJdfEpjn+z5qZ +na8CPhX+OLIEfpl0Y2EHjo73I7SWuIUvAcvm5MM9yzHnYDgCO4raFdI3NIvaPcfI +DfYf2vWsZqENInOleHaIBOx8gIugmUBLVqqqjgF7ZrdunluC50ydmSePy8smwTjt +vDzlB3kLeXwpYAhyAfyaKmB+k/OopSmTWOaNL2oC1XB+zP1pb7QJYMDau8qx4eKR +hZyjRnOZGU135RyAMwQ0XcHjiG2xEGx5mt3prNiC9g3wfEve/fEXBFSOVuw8eQYX +MEI51ZgNu3izn05bhw== -----END X509 CRL----- diff --git a/certs/crl/crl2.pem b/certs/crl/crl2.pem index e357de068..75a916a91 100644 --- a/certs/crl/crl2.pem +++ b/certs/crl/crl2.pem @@ -2,79 +2,79 @@ Certificate Revocation List (CRL): Version 2 (0x1) Signature Algorithm: sha256WithRSAEncryption Issuer: /C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - Last Update: Aug 11 20:07:38 2016 GMT - Next Update: May 8 20:07:38 2019 GMT + Last Update: May 29 22:47:57 2018 GMT + Next Update: Jan 7 22:47:57 2021 GMT CRL extensions: X509v3 CRL Number: - 1 + 2 Revoked Certificates: Serial Number: 02 - Revocation Date: Aug 11 20:07:38 2016 GMT + Revocation Date: May 29 22:47:57 2018 GMT Signature Algorithm: sha256WithRSAEncryption - 35:c6:7f:57:9a:e5:86:5a:15:1a:e2:e5:2b:9f:54:79:2a:58: - 51:a2:12:0c:4e:53:58:eb:99:e3:c2:ee:2b:d7:23:e4:3c:4d: - 0a:ab:ae:71:9b:ce:b1:c1:75:a1:b6:e5:32:5f:10:b0:72:28: - 2e:74:b1:99:dd:47:53:20:f6:9a:83:5c:bd:20:b0:aa:df:32: - f6:95:54:98:9e:59:96:55:7b:0a:74:be:94:66:44:b7:32:82: - f0:eb:16:f8:30:86:16:9f:73:43:98:82:b5:5e:ad:58:c0:c8: - 79:da:ad:b1:b4:d7:fb:34:c1:cc:3a:67:af:a4:56:5a:70:5c: - 2d:1f:73:16:78:92:01:06:e3:2c:fb:f1:ba:d5:8f:f9:be:dd: - e1:4a:ce:de:ca:e6:2d:96:09:24:06:40:9e:10:15:2e:f2:cd: - 85:d6:84:88:db:9c:4a:7b:75:7a:06:0e:40:02:20:60:7e:91: - f7:92:53:1e:34:7a:ea:ee:df:e7:cd:a8:9e:a6:61:b4:56:50: - 4d:dc:b1:78:0d:86:cf:45:c3:a6:0a:b9:88:2c:56:a7:b1:d3: - d3:0d:44:aa:93:a4:05:4d:ce:9f:01:b0:c6:1e:e4:ea:6b:92: - 6f:93:dd:98:cf:fb:1d:06:72:ac:d4:99:e7:f2:b4:11:57:bd: - 9d:63:e5:dc + 6b:c1:26:13:77:62:8e:4e:a9:e5:87:b6:f6:66:c8:1f:cc:6a: + 20:94:f0:f6:a5:c6:b7:aa:03:b7:60:cf:74:16:5e:2f:c6:10: + 8c:82:c9:31:da:20:23:c0:9e:f0:64:4b:cc:d8:6c:ec:57:1a: + 5c:27:ec:36:db:64:f0:28:b2:34:33:d2:aa:1b:55:e7:4a:1f: + c2:51:e9:b8:32:a8:be:53:ee:21:65:f7:c5:92:d0:0d:98:db: + 65:50:7f:35:98:21:5b:52:a0:1e:ce:79:af:66:de:55:81:11: + 0f:b0:8d:20:a8:48:f3:ff:ca:99:69:04:d8:c6:ec:98:de:8b: + 56:e1:53:cf:0b:da:47:91:9e:27:ff:d2:2d:a3:65:61:80:89: + 64:20:65:12:41:ce:8e:c8:55:a5:90:8d:fa:02:45:6b:28:6e: + 28:ab:5a:94:c3:49:37:d0:b1:8e:d1:3b:9f:da:7e:36:73:d9: + 8d:a5:60:97:71:51:6f:7b:88:90:84:14:0a:50:31:3c:e1:63: + d6:dd:26:e9:f5:63:b2:ae:54:4e:8f:80:aa:2b:4c:94:ab:08: + 16:03:b0:31:3a:16:f3:c6:20:0a:00:c9:52:7c:88:72:23:8d: + 80:c9:98:45:c3:44:1e:84:99:b8:53:1e:67:23:bc:aa:80:f6: + 77:58:0a:7a -----BEGIN X509 CRL----- MIICBDCB7QIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMxEDAOBgNV BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3Ro MRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20x -HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTE2MDgxMTIwMDczOFoX -DTE5MDUwODIwMDczOFowFDASAgECFw0xNjA4MTEyMDA3MzhaoA4wDDAKBgNVHRQE -AwIBATANBgkqhkiG9w0BAQsFAAOCAQEANcZ/V5rlhloVGuLlK59UeSpYUaISDE5T -WOuZ48LuK9cj5DxNCquucZvOscF1obblMl8QsHIoLnSxmd1HUyD2moNcvSCwqt8y -9pVUmJ5ZllV7CnS+lGZEtzKC8OsW+DCGFp9zQ5iCtV6tWMDIedqtsbTX+zTBzDpn -r6RWWnBcLR9zFniSAQbjLPvxutWP+b7d4UrO3srmLZYJJAZAnhAVLvLNhdaEiNuc -Snt1egYOQAIgYH6R95JTHjR66u7f582onqZhtFZQTdyxeA2Gz0XDpgq5iCxWp7HT -0w1EqpOkBU3OnwGwxh7k6muSb5PdmM/7HQZyrNSZ5/K0EVe9nWPl3A== +HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTE4MDUyOTIyNDc1N1oX +DTIxMDEwNzIyNDc1N1owFDASAgECFw0xODA1MjkyMjQ3NTdaoA4wDDAKBgNVHRQE +AwIBAjANBgkqhkiG9w0BAQsFAAOCAQEAa8EmE3dijk6p5Ye29mbIH8xqIJTw9qXG +t6oDt2DPdBZeL8YQjILJMdogI8Ce8GRLzNhs7FcaXCfsNttk8CiyNDPSqhtV50of +wlHpuDKovlPuIWX3xZLQDZjbZVB/NZghW1KgHs55r2beVYERD7CNIKhI8//KmWkE +2MbsmN6LVuFTzwvaR5GeJ//SLaNlYYCJZCBlEkHOjshVpZCN+gJFayhuKKtalMNJ +N9CxjtE7n9p+NnPZjaVgl3FRb3uIkIQUClAxPOFj1t0m6fVjsq5UTo+AqitMlKsI +FgOwMToW88YgCgDJUnyIciONgMmYRcNEHoSZuFMeZyO8qoD2d1gKeg== -----END X509 CRL----- Certificate Revocation List (CRL): Version 2 (0x1) Signature Algorithm: sha256WithRSAEncryption Issuer: /C=US/ST=Montana/L=Bozeman/O=wolfSSL_2048/OU=Programming-2048/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - Last Update: Aug 11 20:07:38 2016 GMT - Next Update: May 8 20:07:38 2019 GMT + Last Update: May 29 22:47:57 2018 GMT + Next Update: Jan 7 22:47:57 2021 GMT CRL extensions: X509v3 CRL Number: - 3 + 1 No Revoked Certificates. Signature Algorithm: sha256WithRSAEncryption - 14:85:d5:c8:db:62:74:48:94:5e:dc:52:0f:5e:43:8b:29:83: - 32:e0:7a:4c:5c:76:e3:7e:c1:87:74:40:b2:6f:f8:33:4c:2c: - 32:08:f0:5f:d9:85:b3:20:05:34:5d:15:4d:ba:45:bc:2d:9c: - ae:40:d0:d8:9a:b3:a1:4f:0b:94:ce:c4:23:c6:bf:a2:f8:a6: - 02:4c:6d:ad:5a:59:b3:83:55:dd:37:91:f6:75:d4:6f:83:5f: - 1c:29:94:cd:01:09:dc:38:d8:6c:c0:9f:1e:76:9d:f9:8f:70: - 0d:48:e5:99:82:90:3a:36:f1:33:17:69:73:8a:ee:a7:22:4c: - 58:93:a1:dc:59:b9:44:8f:88:99:0b:c4:d3:74:aa:02:9a:84: - 36:48:d8:a0:05:73:bc:14:32:1e:76:23:85:c5:94:56:b2:2c: - 61:3b:07:d7:bd:0c:27:f7:d7:23:40:bd:0c:6c:c7:e0:f7:28: - 74:67:98:20:93:72:16:b6:6e:67:3f:9e:c9:34:c5:64:09:bf: - b1:ab:87:0c:80:b6:1f:89:d8:0e:67:c2:c7:19:df:ee:9f:b2: - e6:fb:64:3d:82:7a:47:e2:8d:a3:93:1d:29:f6:94:db:83:2f: - b6:0a:a0:da:77:e3:56:ec:d7:d2:22:3c:88:4d:4a:87:de:b5: - 1c:eb:7b:08 + 84:f8:1b:da:76:f6:ea:e9:17:f3:01:18:8f:4e:51:10:37:4b: + b4:2a:2d:6f:9b:0e:47:d4:f0:3d:c1:44:3d:67:9c:77:21:eb: + 26:c0:93:f6:19:7c:21:a1:d5:1a:72:e4:7d:5d:9b:a8:67:83: + bc:d1:f1:c8:17:1b:55:d6:eb:bc:59:46:ca:95:15:76:55:be: + 99:b9:de:3a:b0:d7:aa:dd:36:16:43:29:61:8d:7a:50:ee:e7: + 44:f8:d0:b0:9a:96:39:a8:62:86:3b:6c:28:85:b3:66:27:38: + c3:81:f7:38:32:bd:0a:be:db:33:3e:2f:3b:85:32:1a:56:d4: + 5d:b9:c1:ac:a1:f0:2a:34:1f:30:85:3b:2b:8f:95:bc:7b:21: + 52:86:3a:d2:b1:f7:6e:b3:98:47:6c:df:2f:6d:e1:e4:86:d9: + 06:08:ee:f1:7f:ae:02:3b:3f:99:dc:01:3e:41:1a:4d:76:fd: + 53:fa:84:9c:11:fd:81:b7:ce:e1:31:c5:eb:f8:57:39:11:0d: + 77:44:dd:ae:80:26:ef:48:cd:fe:7d:25:83:5f:54:b2:a1:50: + 82:10:25:47:b1:c7:86:12:37:b1:09:22:ef:97:3e:45:15:e0: + 21:69:61:e8:4c:0e:c1:74:1a:e1:e4:bb:80:92:dd:9b:b5:9b: + e7:1b:57:d7 -----BEGIN X509 CRL----- MIIB+DCB4QIBATANBgkqhkiG9w0BAQsFADCBnjELMAkGA1UEBhMCVVMxEDAOBgNV BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFTATBgNVBAoMDHdvbGZTU0xf MjA0ODEZMBcGA1UECwwQUHJvZ3JhbW1pbmctMjA0ODEYMBYGA1UEAwwPd3d3Lndv -bGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0xNjA4 -MTEyMDA3MzhaFw0xOTA1MDgyMDA3MzhaoA4wDDAKBgNVHRQEAwIBAzANBgkqhkiG -9w0BAQsFAAOCAQEAFIXVyNtidEiUXtxSD15DiymDMuB6TFx2437Bh3RAsm/4M0ws -MgjwX9mFsyAFNF0VTbpFvC2crkDQ2JqzoU8LlM7EI8a/ovimAkxtrVpZs4NV3TeR -9nXUb4NfHCmUzQEJ3DjYbMCfHnad+Y9wDUjlmYKQOjbxMxdpc4rupyJMWJOh3Fm5 -RI+ImQvE03SqApqENkjYoAVzvBQyHnYjhcWUVrIsYTsH170MJ/fXI0C9DGzH4Pco -dGeYIJNyFrZuZz+eyTTFZAm/sauHDIC2H4nYDmfCxxnf7p+y5vtkPYJ6R+KNo5Md -KfaU24Mvtgqg2nfjVuzX0iI8iE1Kh961HOt7CA== +bGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0xODA1 +MjkyMjQ3NTdaFw0yMTAxMDcyMjQ3NTdaoA4wDDAKBgNVHRQEAwIBATANBgkqhkiG +9w0BAQsFAAOCAQEAhPgb2nb26ukX8wEYj05REDdLtCotb5sOR9TwPcFEPWecdyHr +JsCT9hl8IaHVGnLkfV2bqGeDvNHxyBcbVdbrvFlGypUVdlW+mbneOrDXqt02FkMp +YY16UO7nRPjQsJqWOahihjtsKIWzZic4w4H3ODK9Cr7bMz4vO4UyGlbUXbnBrKHw +KjQfMIU7K4+VvHshUoY60rH3brOYR2zfL23h5IbZBgju8X+uAjs/mdwBPkEaTXb9 +U/qEnBH9gbfO4THF6/hXORENd0TdroAm70jN/n0lg19UsqFQghAlR7HHhhI3sQki +75c+RRXgIWlh6EwOwXQa4eS7gJLdm7Wb5xtX1w== -----END X509 CRL----- diff --git a/certs/crl/eccCliCRL.pem b/certs/crl/eccCliCRL.pem index 8eea77976..ffa155b49 100644 --- a/certs/crl/eccCliCRL.pem +++ b/certs/crl/eccCliCRL.pem @@ -2,25 +2,25 @@ Certificate Revocation List (CRL): Version 2 (0x1) Signature Algorithm: ecdsa-with-SHA256 Issuer: /C=US/ST=Oregon/L=Salem/O=Client ECC/OU=Fast/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - Last Update: Apr 13 15:23:11 2018 GMT - Next Update: Jan 7 15:23:11 2021 GMT + Last Update: May 29 22:47:57 2018 GMT + Next Update: Jan 7 22:47:57 2021 GMT CRL extensions: X509v3 CRL Number: - 6 + 7 Revoked Certificates: Serial Number: 02 - Revocation Date: Apr 13 15:23:11 2018 GMT + Revocation Date: May 29 22:47:57 2018 GMT Signature Algorithm: ecdsa-with-SHA256 - 30:45:02:20:70:84:36:14:46:a2:c6:eb:58:da:a8:0d:2d:9c: - c0:35:3f:c7:6e:18:c2:73:f5:65:2c:c9:35:67:b0:92:3a:56: - 02:21:00:bf:ef:69:a2:81:d2:7b:ca:19:ba:5f:39:f1:07:d2: - 5f:40:51:fe:87:41:e2:2d:45:65:4f:ea:7b:56:ee:2f:5c + 30:44:02:20:7b:58:a3:78:b4:fa:98:8b:bb:ce:83:a0:36:ee: + d5:69:ac:d2:8b:f6:67:86:c3:1d:44:2a:58:28:de:29:3e:d8: + 02:20:5a:56:34:28:7f:2b:75:0e:81:7f:80:2b:53:6c:13:e5: + d8:3a:2d:68:78:8d:c3:d6:e6:39:11:82:ee:ed:1f:5b -----BEGIN X509 CRL----- -MIIBPDCB4wIBATAKBggqhkjOPQQDAjCBjTELMAkGA1UEBhMCVVMxDzANBgNVBAgM +MIIBOzCB4wIBATAKBggqhkjOPQQDAjCBjTELMAkGA1UEBhMCVVMxDzANBgNVBAgM Bk9yZWdvbjEOMAwGA1UEBwwFU2FsZW0xEzARBgNVBAoMCkNsaWVudCBFQ0MxDTAL BgNVBAsMBEZhc3QxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3 -DQEJARYQaW5mb0B3b2xmc3NsLmNvbRcNMTgwNDEzMTUyMzExWhcNMjEwMTA3MTUy -MzExWjAUMBICAQIXDTE4MDQxMzE1MjMxMVqgDjAMMAoGA1UdFAQDAgEGMAoGCCqG -SM49BAMCA0gAMEUCIHCENhRGosbrWNqoDS2cwDU/x24YwnP1ZSzJNWewkjpWAiEA -v+9pooHSe8oZul858QfSX0BR/odB4i1FZU/qe1buL1w= +DQEJARYQaW5mb0B3b2xmc3NsLmNvbRcNMTgwNTI5MjI0NzU3WhcNMjEwMTA3MjI0 +NzU3WjAUMBICAQIXDTE4MDUyOTIyNDc1N1qgDjAMMAoGA1UdFAQDAgEHMAoGCCqG +SM49BAMCA0cAMEQCIHtYo3i0+piLu86DoDbu1Wms0ov2Z4bDHUQqWCjeKT7YAiBa +VjQofyt1DoF/gCtTbBPl2DotaHiNw9bmORGC7u0fWw== -----END X509 CRL----- diff --git a/certs/crl/eccSrvCRL.pem b/certs/crl/eccSrvCRL.pem index 92e07f2c6..1af3e8f8e 100644 --- a/certs/crl/eccSrvCRL.pem +++ b/certs/crl/eccSrvCRL.pem @@ -2,25 +2,25 @@ Certificate Revocation List (CRL): Version 2 (0x1) Signature Algorithm: ecdsa-with-SHA256 Issuer: /C=US/ST=Washington/L=Seattle/O=Eliptic/OU=ECC/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - Last Update: Apr 13 15:23:11 2018 GMT - Next Update: Jan 7 15:23:11 2021 GMT + Last Update: May 29 22:47:57 2018 GMT + Next Update: Jan 7 22:47:57 2021 GMT CRL extensions: X509v3 CRL Number: - 7 + 8 Revoked Certificates: Serial Number: 02 - Revocation Date: Apr 13 15:23:11 2018 GMT + Revocation Date: May 29 22:47:57 2018 GMT Signature Algorithm: ecdsa-with-SHA256 - 30:44:02:20:20:27:85:f0:9e:8a:1c:08:4f:47:b0:19:77:8f: - ee:e5:7f:8a:e0:71:a7:45:fb:48:6b:58:29:c9:39:96:27:04: - 02:20:5e:08:5e:8f:b6:e0:62:14:34:19:ea:b7:71:ac:3d:11: - ab:43:52:06:9d:23:41:e3:b7:4c:63:78:fe:27:86:c1 + 30:44:02:20:17:18:ac:ac:96:28:7b:87:6a:d4:10:03:df:d8: + 34:23:33:67:ed:ad:20:df:ab:da:a9:7c:f4:61:c0:d1:d5:4b: + 02:20:74:47:c1:26:c7:8c:92:f3:7c:c2:91:96:26:91:90:ff: + d2:23:b8:dc:e9:62:f9:d2:19:18:11:94:e5:b2:ff:85 -----BEGIN X509 CRL----- MIIBPTCB5QIBATAKBggqhkjOPQQDAjCBjzELMAkGA1UEBhMCVVMxEzARBgNVBAgM Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB0VsaXB0aWMx DDAKBgNVBAsMA0VDQzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZI -hvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0xODA0MTMxNTIzMTFaFw0yMTAxMDcx -NTIzMTFaMBQwEgIBAhcNMTgwNDEzMTUyMzExWqAOMAwwCgYDVR0UBAMCAQcwCgYI -KoZIzj0EAwIDRwAwRAIgICeF8J6KHAhPR7AZd4/u5X+K4HGnRftIa1gpyTmWJwQC -IF4IXo+24GIUNBnqt3GsPRGrQ1IGnSNB47dMY3j+J4bB +hvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0xODA1MjkyMjQ3NTdaFw0yMTAxMDcy +MjQ3NTdaMBQwEgIBAhcNMTgwNTI5MjI0NzU3WqAOMAwwCgYDVR0UBAMCAQgwCgYI +KoZIzj0EAwIDRwAwRAIgFxisrJYoe4dq1BAD39g0IzNn7a0g36vaqXz0YcDR1UsC +IHRHwSbHjJLzfMKRliaRkP/SI7jc6WL50hkYEZTlsv+F -----END X509 CRL----- diff --git a/certs/crl/gencrls.sh b/certs/crl/gencrls.sh index 8ef69a43d..378c3f507 100755 --- a/certs/crl/gencrls.sh +++ b/certs/crl/gencrls.sh @@ -30,6 +30,8 @@ setup_files # caCrl # revoke server-revoked-cert.pem +openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out crl2.pem -keyfile ../client-key.pem -cert ../client-cert.pem + openssl ca -config ../renewcerts/wolfssl.cnf -revoke ../server-revoked-cert.pem -keyfile ../ca-key.pem -cert ../ca-cert.pem openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out crl.pem -keyfile ../ca-key.pem -cert ../ca-cert.pem @@ -40,6 +42,11 @@ mv tmp crl.pem # install (only needed if working outside wolfssl) #cp crl.pem ~/wolfssl/certs/crl/crl.pem +# crl2 create +openssl crl -in crl.pem -text > tmp +openssl crl -in crl2.pem -text >> tmp +mv tmp crl2.pem + # caCrl server revoked openssl ca -config ../renewcerts/wolfssl.cnf -revoke ../server-cert.pem -keyfile ../ca-key.pem -cert ../ca-cert.pem @@ -52,6 +59,7 @@ mv tmp crl.revoked # install (only needed if working outside wolfssl) #cp crl.revoked ~/wolfssl/certs/crl/crl.revoked + # remove revoked so next time through the normal CA won't have server revoked cp blank.index.txt demoCA/index.txt From e684156a1ecff2ef3bd9a57b30f02ab8bca2a4eb Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Fri, 11 May 2018 16:11:01 +1000 Subject: [PATCH 101/146] Constant time padding and HMAC verification in TLS --- src/internal.c | 343 +++++-------- src/tls.c | 484 ++++++++++++++++++- wolfcrypt/src/misc.c | 42 ++ wolfcrypt/src/sha.c | 14 + wolfcrypt/src/sha256.c | 14 + wolfcrypt/src/sha512.c | 28 ++ wolfssl/internal.h | 11 +- wolfssl/wolfcrypt/misc.h | 9 + wolfssl/wolfcrypt/port/caam/wolfcaam_sha.h | 2 + wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h | 2 + wolfssl/wolfcrypt/port/st/stm32.h | 2 + wolfssl/wolfcrypt/port/ti/ti-hash.h | 2 + wolfssl/wolfcrypt/sha.h | 1 + wolfssl/wolfcrypt/sha256.h | 1 + wolfssl/wolfcrypt/sha512.h | 2 + 15 files changed, 708 insertions(+), 249 deletions(-) diff --git a/src/internal.c b/src/internal.c index a65b2365c..f7ca86595 100644 --- a/src/internal.c +++ b/src/internal.c @@ -146,7 +146,7 @@ static const byte tls13Downgrade[7] = { #ifndef NO_OLD_TLS static int SSL_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, - int content, int verify); + int padSz, int content, int verify); #endif @@ -11860,173 +11860,6 @@ static int SanityCheckCipherText(WOLFSSL* ssl, word32 encryptSz) return 0; } -#ifndef NO_OLD_TLS - -static INLINE void Md5Rounds(int rounds, const byte* data, int sz) -{ - wc_Md5 md5; - int i; - - wc_InitMd5(&md5); /* no error check on purpose, dummy round */ - - for (i = 0; i < rounds; i++) - wc_Md5Update(&md5, data, sz); - wc_Md5Free(&md5); /* in case needed to release resources */ -} - - - -/* do a dummy sha round */ -static INLINE void ShaRounds(int rounds, const byte* data, int sz) -{ - wc_Sha sha; - int i; - - wc_InitSha(&sha); /* no error check on purpose, dummy round */ - - for (i = 0; i < rounds; i++) - wc_ShaUpdate(&sha, data, sz); - wc_ShaFree(&sha); /* in case needed to release resources */ -} -#endif - -#ifndef WOLFSSL_NO_TLS12 - -#ifndef NO_SHA256 - -static INLINE void Sha256Rounds(int rounds, const byte* data, int sz) -{ - wc_Sha256 sha256; - int i; - - wc_InitSha256(&sha256); /* no error check on purpose, dummy round */ - - for (i = 0; i < rounds; i++) { - wc_Sha256Update(&sha256, data, sz); - /* no error check on purpose, dummy round */ - } - wc_Sha256Free(&sha256); /* in case needed to release resources */ -} - -#endif - - -#ifdef WOLFSSL_SHA384 - -static INLINE void Sha384Rounds(int rounds, const byte* data, int sz) -{ - wc_Sha384 sha384; - int i; - - wc_InitSha384(&sha384); /* no error check on purpose, dummy round */ - - for (i = 0; i < rounds; i++) { - wc_Sha384Update(&sha384, data, sz); - /* no error check on purpose, dummy round */ - } - wc_Sha384Free(&sha384); /* in case needed to release resources */ -} - -#endif - - -#ifdef WOLFSSL_SHA512 - -static INLINE void Sha512Rounds(int rounds, const byte* data, int sz) -{ - wc_Sha512 sha512; - int i; - - wc_InitSha512(&sha512); /* no error check on purpose, dummy round */ - - for (i = 0; i < rounds; i++) { - wc_Sha512Update(&sha512, data, sz); - /* no error check on purpose, dummy round */ - } - wc_Sha512Free(&sha512); /* in case needed to release resources */ -} - -#endif - -#ifdef WOLFSSL_RIPEMD - -static INLINE void RmdRounds(int rounds, const byte* data, int sz) -{ - RipeMd ripemd; - int i; - - (void)wc_InitRipeMd(&ripemd); - - for (i = 0; i < rounds; i++) - (void)wc_RipeMdUpdate(&ripemd, data, sz); -} - -#endif - - -/* Do dummy rounds */ -static INLINE void DoRounds(int type, int rounds, const byte* data, int sz) -{ - (void)rounds; - (void)data; - (void)sz; - - switch (type) { - case no_mac : - break; - -#ifndef NO_OLD_TLS -#ifndef NO_MD5 - case md5_mac : - Md5Rounds(rounds, data, sz); - break; -#endif - -#ifndef NO_SHA - case sha_mac : - ShaRounds(rounds, data, sz); - break; -#endif -#endif - -#ifndef NO_SHA256 - case sha256_mac : - Sha256Rounds(rounds, data, sz); - break; -#endif - -#ifdef WOLFSSL_SHA384 - case sha384_mac : - Sha384Rounds(rounds, data, sz); - break; -#endif - -#ifdef WOLFSSL_SHA512 - case sha512_mac : - Sha512Rounds(rounds, data, sz); - break; -#endif - -#ifdef WOLFSSL_RIPEMD - case rmd_mac : - RmdRounds(rounds, data, sz); - break; -#endif - - default: - WOLFSSL_MSG("Bad round type"); - break; - } -} - - -/* do number of compression rounds on dummy data */ -static INLINE void CompressRounds(WOLFSSL* ssl, int rounds, const byte* dummy) -{ - if (rounds) - DoRounds(ssl->specs.mac_algorithm, rounds, dummy, COMPRESS_LOWER); -} - /* check all length bytes for the pad value, return 0 on success */ static int PadCheck(const byte* a, byte pad, int length) @@ -12042,81 +11875,127 @@ static int PadCheck(const byte* a, byte pad, int length) } -/* get compression extra rounds */ -static INLINE int GetRounds(int pLen, int padLen, int t) +/* Mask the padding bytes with the expected values. + * Constant time implementation - does maximum pad size possible. + * + * data Message data. + * sz Size of the message including MAC and padding and padding length. + * macSz Size of the MAC. + * returns 0 on success, otherwise failure. + */ +static byte MaskPadding(const byte* data, int sz, int macSz) { - int roundL1 = 1; /* round up flags */ - int roundL2 = 1; + int i; + int checkSz = sz - 1; + byte paddingSz = data[sz - 1]; + byte mask; + byte good = ctMaskGT(paddingSz, sz - 1 - macSz); - int L1 = COMPRESS_CONSTANT + pLen - t; - int L2 = COMPRESS_CONSTANT + pLen - padLen - 1 - t; + if (checkSz > TLS_MAX_PAD_SZ) + checkSz = TLS_MAX_PAD_SZ; - L1 -= COMPRESS_UPPER; - L2 -= COMPRESS_UPPER; + for (i = 0; i < checkSz; i++) { + mask = ctMaskLTE(i, paddingSz); + good |= mask & (data[sz - 1 - i] ^ paddingSz); + } - if ( (L1 % COMPRESS_LOWER) == 0) - roundL1 = 0; - if ( (L2 % COMPRESS_LOWER) == 0) - roundL2 = 0; - - L1 /= COMPRESS_LOWER; - L2 /= COMPRESS_LOWER; - - L1 += roundL1; - L2 += roundL2; - - return L1 - L2; + return good; } +/* Mask the MAC in the message with the MAC calculated. + * Constant time implementation - starts looking for MAC where maximum padding + * size has it. + * + * data Message data. + * sz Size of the message including MAC and padding and padding length. + * macSz Size of the MAC data. + * expMac Expected MAC value. + * returns 0 on success, otherwise failure. + */ +static byte MaskMac(const byte* data, int sz, int macSz, byte* expMac) +{ + int i, j; + unsigned char mac[WC_MAX_DIGEST_SIZE]; + int scanStart = sz - 1 - TLS_MAX_PAD_SZ - macSz; + int macEnd = sz - 1 - data[sz - 1]; + int macStart = macEnd - macSz; + int r = 0; + unsigned char started, notEnded; + unsigned char good = 0; + + if (scanStart < 0) + scanStart = 0; + + /* Div on Intel has different speeds depending on value. + * Use a bitwise AND or mod a specific value (converted to mul). */ + if ((macSz & (macSz - 1)) == 0) + r = (macSz - (scanStart - macStart)) & (macSz - 1); +#ifndef NO_SHA + else if (macSz == WC_SHA_DIGEST_SIZE) + r = (macSz - (scanStart - macStart)) % WC_SHA_DIGEST_SIZE; +#endif +#ifdef WOLFSSL_SHA384 + else if (macSz == WC_SHA384_DIGEST_SIZE) + r = (macSz - (scanStart - macStart)) % WC_SHA384_DIGEST_SIZE; +#endif + + XMEMSET(mac, 0, macSz); + for (i = scanStart; i < sz; i += macSz) { + for (j = 0; j < macSz && j + i < sz; j++) { + started = ctMaskGTE(i + j, macStart); + notEnded = ctMaskLT(i + j, macEnd); + mac[j] |= started & notEnded & data[i + j]; + } + } + + if ((macSz & (macSz - 1)) == 0) { + for (i = 0; i < macSz; i++) + good |= expMac[i] ^ mac[(i + r) & (macSz - 1)]; + } +#ifndef NO_SHA + else if (macSz == WC_SHA_DIGEST_SIZE) { + for (i = 0; i < macSz; i++) + good |= expMac[i] ^ mac[(i + r) % WC_SHA_DIGEST_SIZE]; + } +#endif +#ifdef WOLFSSL_SHA384 + else if (macSz == WC_SHA384_DIGEST_SIZE) { + for (i = 0; i < macSz; i++) + good |= expMac[i] ^ mac[(i + r) % WC_SHA384_DIGEST_SIZE]; + } +#endif + + return good; +} /* timing resistant pad/verify check, return 0 on success */ -static int TimingPadVerify(WOLFSSL* ssl, const byte* input, int padLen, int t, - int pLen, int content) +int TimingPadVerify(WOLFSSL* ssl, const byte* input, int padLen, int macSz, + int pLen, int content) { byte verify[WC_MAX_DIGEST_SIZE]; - byte dmy[sizeof(WOLFSSL) >= MAX_PAD_SIZE ? 1 : MAX_PAD_SIZE] = {0}; - byte* dummy = sizeof(dmy) < MAX_PAD_SIZE ? (byte*) ssl : dmy; + byte good; int ret = 0; - (void)dmy; + good = MaskPadding(input, pLen, macSz); + ret = ssl->hmac(ssl, verify, input, pLen - macSz - padLen - 1, padLen, + content, 1); + good |= MaskMac(input, pLen, ssl->specs.hash_size, verify); - if ( (t + padLen + 1) > pLen) { - WOLFSSL_MSG("Plain Len not long enough for pad/mac"); - PadCheck(dummy, (byte)padLen, MAX_PAD_SIZE); - ssl->hmac(ssl, verify, input, pLen - t, content, 1); /* still compare */ - ConstantCompare(verify, input + pLen - t, t); + /* Non-zero on failure. */ + good = ~good; + good &= good >> 4; + good &= good >> 2; + good &= good >> 1; + /* Make ret negative on masking failure. */ + ret -= 1 - good; - return VERIFY_MAC_ERROR; - } - - if (PadCheck(input + pLen - (padLen + 1), (byte)padLen, padLen + 1) != 0) { - WOLFSSL_MSG("PadCheck failed"); - PadCheck(dummy, (byte)padLen, MAX_PAD_SIZE - padLen - 1); - ssl->hmac(ssl, verify, input, pLen - t, content, 1); /* still compare */ - ConstantCompare(verify, input + pLen - t, t); - - return VERIFY_MAC_ERROR; - } - - PadCheck(dummy, (byte)padLen, MAX_PAD_SIZE - padLen - 1); - ret = ssl->hmac(ssl, verify, input, pLen - padLen - 1 - t, content, 1); - - CompressRounds(ssl, GetRounds(pLen, padLen, t), dummy); - - if (ConstantCompare(verify, input + (pLen - padLen - 1 - t), t) != 0) { - WOLFSSL_MSG("Verify MAC compare failed"); - return VERIFY_MAC_ERROR; - } - - /* treat any faulure as verify MAC error */ + /* Treat any faulure as verify MAC error. */ if (ret != 0) ret = VERIFY_MAC_ERROR; return ret; } -#endif /* WOLFSSL_NO_TLS12 */ - int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx) { @@ -12368,8 +12247,8 @@ static INLINE int VerifyMac(WOLFSSL* ssl, const byte* input, word32 msgSz, badPadLen = 1; } PadCheck(dummy, (byte)pad, MAX_PAD_SIZE); /* timing only */ - ret = ssl->hmac(ssl, verify, input, msgSz - digestSz - pad - 1, - content, 1); + ret = ssl->hmac(ssl, verify, input, msgSz - digestSz - pad - 1, pad, + content, 1); if (ConstantCompare(verify, input + msgSz - digestSz - pad - 1, digestSz) != 0) return VERIFY_MAC_ERROR; @@ -12378,7 +12257,7 @@ static INLINE int VerifyMac(WOLFSSL* ssl, const byte* input, word32 msgSz, } } else if (ssl->specs.cipher_type == stream) { - ret = ssl->hmac(ssl, verify, input, msgSz - digestSz, content, 1); + ret = ssl->hmac(ssl, verify, input, msgSz - digestSz, -1, content, 1); if (ConstantCompare(verify, input + msgSz - digestSz, digestSz) != 0){ return VERIFY_MAC_ERROR; } @@ -13118,7 +12997,7 @@ int SendChangeCipher(WOLFSSL* ssl) #ifndef NO_OLD_TLS static int SSL_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, - int content, int verify) + int padLen, int content, int verify) { byte result[WC_MAX_DIGEST_SIZE]; word32 digestSz = ssl->specs.hash_size; /* actual sizes */ @@ -13133,6 +13012,8 @@ static int SSL_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, byte conLen[ENUM_LEN + LENGTH_SZ]; /* content & length */ const byte* macSecret = wolfSSL_GetMacSecret(ssl, verify); + (void)padLen; + #ifdef HAVE_FUZZER if (ssl->fuzzerCb) ssl->fuzzerCb(ssl, in, sz, FUZZ_HMAC, ssl->fuzzerCtx); @@ -13609,8 +13490,8 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input, ERROR_OUT(MEMORY_E, exit_buildmsg); #endif - ret = ssl->hmac(ssl, hmac, output + args->headerSz + args->ivSz, inSz, - type, 0); + ret = ssl->hmac(ssl, hmac, output + args->headerSz + args->ivSz, + inSz, -1, type, 0); XMEMCPY(output + args->idx, hmac, args->digestSz); #ifdef WOLFSSL_SMALL_STACK @@ -13619,8 +13500,8 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input, } else #endif - ret = ssl->hmac(ssl, output + args->idx, output + args->headerSz + args->ivSz, - inSz, type, 0); + ret = ssl->hmac(ssl, output + args->idx, output + + args->headerSz + args->ivSz, inSz, -1, type, 0); #ifdef WOLFSSL_DTLS if (ssl->options.dtls) DtlsSEQIncrement(ssl, CUR_ORDER); diff --git a/src/tls.c b/src/tls.c index df8ac64f5..efd9bd4e0 100755 --- a/src/tls.c +++ b/src/tls.c @@ -852,13 +852,447 @@ int wolfSSL_SetTlsHmacInner(WOLFSSL* ssl, byte* inner, word32 sz, int content, } -/* TLS type HMAC */ -int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, - int content, int verify) +#if !defined(WOLFSSL_NO_HASH_RAW) && !defined(HAVE_FIPS) + +/* Update the hash in the HMAC. + * + * hmac HMAC object. + * data Data to be hashed. + * sz Size of data to hash. + * returns 0 on success, otherwise failure. + */ +static int Hmac_HashUpdate(Hmac* hmac, const byte* data, word32 sz) { - Hmac hmac; - int ret = 0; - byte myInner[WOLFSSL_TLS_HMAC_INNER_SZ]; + int ret = BAD_FUNC_ARG; + + switch (hmac->macType) { + #ifndef NO_SHA + case WC_SHA: + ret = wc_ShaUpdate(&hmac->hash.sha, data, sz); + break; + #endif /* !NO_SHA */ + + #ifndef NO_SHA256 + case WC_SHA256: + ret = wc_Sha256Update(&hmac->hash.sha256, data, sz); + break; + #endif /* !NO_SHA256 */ + + #ifdef WOLFSSL_SHA384 + case WC_SHA384: + ret = wc_Sha384Update(&hmac->hash.sha384, data, sz); + break; + #endif /* WOLFSSL_SHA384 */ + + #ifdef WOLFSSL_SHA512 + case WC_SHA512: + ret = wc_Sha512Update(&hmac->hash.sha512, data, sz); + break; + #endif /* WOLFSSL_SHA512 */ + } + + return ret; +} + +/* Finalize the hash but don't put the EOC, padding or length in. + * + * hmac HMAC object. + * hash Hash result. + * returns 0 on success, otherwise failure. + */ +static int Hmac_HashFinalRaw(Hmac* hmac, unsigned char* hash) +{ + int ret = BAD_FUNC_ARG; + + switch (hmac->macType) { + #ifndef NO_SHA + case WC_SHA: + ret = wc_ShaFinalRaw(&hmac->hash.sha, hash); + break; + #endif /* !NO_SHA */ + + #ifndef NO_SHA256 + case WC_SHA256: + ret = wc_Sha256FinalRaw(&hmac->hash.sha256, hash); + break; + #endif /* !NO_SHA256 */ + + #ifdef WOLFSSL_SHA384 + case WC_SHA384: + ret = wc_Sha384FinalRaw(&hmac->hash.sha384, hash); + break; + #endif /* WOLFSSL_SHA384 */ + + #ifdef WOLFSSL_SHA512 + case WC_SHA512: + ret = wc_Sha512FinalRaw(&hmac->hash.sha512, hash); + break; + #endif /* WOLFSSL_SHA512 */ + } + + return ret; +} + +/* Finalize the HMAC by performing outer hash. + * + * hmac HMAC object. + * mac MAC result. + * returns 0 on success, otherwise failure. + */ +static int Hmac_OuterHash(Hmac* hmac, unsigned char* mac) +{ + int ret = BAD_FUNC_ARG; + + switch (hmac->macType) { + #ifndef NO_SHA + case WC_SHA: + ret = wc_InitSha(&hmac->hash.sha); + if (ret == 0) + ret = wc_ShaUpdate(&hmac->hash.sha, (byte*)hmac->opad, + WC_SHA_BLOCK_SIZE); + if (ret == 0) + ret = wc_ShaUpdate(&hmac->hash.sha, (byte*)hmac->innerHash, + WC_SHA_DIGEST_SIZE); + if (ret == 0) + ret = wc_ShaFinal(&hmac->hash.sha, mac); + break; + #endif /* !NO_SHA */ + + #ifndef NO_SHA256 + case WC_SHA256: + ret = wc_InitSha256(&hmac->hash.sha256); + if (ret == 0) + ret = wc_Sha256Update(&hmac->hash.sha256, (byte*)hmac->opad, + WC_SHA256_BLOCK_SIZE); + if (ret == 0) + ret = wc_Sha256Update(&hmac->hash.sha256, + (byte*)hmac->innerHash, + WC_SHA256_DIGEST_SIZE); + if (ret == 0) + ret = wc_Sha256Final(&hmac->hash.sha256, mac); + break; + #endif /* !NO_SHA256 */ + + #ifdef WOLFSSL_SHA384 + case WC_SHA384: + ret = wc_InitSha384(&hmac->hash.sha384); + if (ret == 0) + ret = wc_Sha384Update(&hmac->hash.sha384, (byte*)hmac->opad, + WC_SHA384_BLOCK_SIZE); + if (ret == 0) + ret = wc_Sha384Update(&hmac->hash.sha384, + (byte*)hmac->innerHash, + WC_SHA384_DIGEST_SIZE); + if (ret == 0) + ret = wc_Sha384Final(&hmac->hash.sha384, mac); + break; + #endif /* WOLFSSL_SHA384 */ + + #ifdef WOLFSSL_SHA512 + case WC_SHA512: + ret = wc_InitSha512(&hmac->hash.sha512); + if (ret == 0) + ret = wc_Sha512Update(&hmac->hash.sha512,(byte*)hmac->opad, + WC_SHA512_BLOCK_SIZE); + if (ret == 0) + ret = wc_Sha512Update(&hmac->hash.sha512, + (byte*)hmac->innerHash, + WC_SHA512_DIGEST_SIZE); + if (ret == 0) + ret = wc_Sha512Final(&hmac->hash.sha512, mac); + break; + #endif /* WOLFSSL_SHA512 */ + } + + return ret; +} + +/* Calculate the HMAC of the header + message data. + * Constant time implementation using wc_Sha*FinalRaw(). + * + * hmac HMAC object. + * digest MAC result. + * in Message data. + * sz Size of the message data. + * header Constructed record header with length of handshake data. + * returns 0 on success, otherwise failure. + */ +static int Hmac_UpdateFinal_CT(Hmac* hmac, byte* digest, const byte* in, + word32 sz, byte* header) +{ + byte lenBytes[8]; + int i, j, k; + int blockBits, blockMask; + int realLen, lastBlockLen, macLen, extraLen, eocIndex; + int blocks, safeBlocks, lenBlock, eocBlock; + int maxLen; + int blockSz, padSz; + int ret; + byte extraBlock; + + switch (hmac->macType) { + #ifndef NO_SHA + case WC_SHA: + blockSz = WC_SHA_BLOCK_SIZE; + blockBits = 6; + macLen = WC_SHA_DIGEST_SIZE; + padSz = WC_SHA_BLOCK_SIZE - WC_SHA_PAD_SIZE + 1; + break; + #endif /* !NO_SHA */ + + #ifndef NO_SHA256 + case WC_SHA256: + blockSz = WC_SHA256_BLOCK_SIZE; + blockBits = 6; + macLen = WC_SHA256_DIGEST_SIZE; + padSz = WC_SHA256_BLOCK_SIZE - WC_SHA256_PAD_SIZE + 1; + break; + #endif /* !NO_SHA256 */ + + #ifdef WOLFSSL_SHA384 + case WC_SHA384: + blockSz = WC_SHA384_BLOCK_SIZE; + blockBits = 7; + macLen = WC_SHA384_DIGEST_SIZE; + padSz = WC_SHA384_BLOCK_SIZE - WC_SHA384_PAD_SIZE + 1; + break; + #endif /* WOLFSSL_SHA384 */ + + #ifdef WOLFSSL_SHA512 + case WC_SHA512: + blockSz = WC_SHA512_BLOCK_SIZE; + blockBits = 7; + macLen = WC_SHA512_DIGEST_SIZE; + padSz = WC_SHA512_BLOCK_SIZE - WC_SHA512_PAD_SIZE + 1; + break; + #endif /* WOLFSSL_SHA512 */ + + default: + return BAD_FUNC_ARG; + } + blockMask = blockSz - 1; + + /* Size of data to HMAC if padding length byte is zero. */ + maxLen = WOLFSSL_TLS_HMAC_INNER_SZ + sz - 1 - macLen; + /* Complete data (including padding) has block for EOC and/or length. */ + extraBlock = ctSetLTE((maxLen + padSz) & blockMask, padSz); + /* Total number of blocks for data including padding. */ + blocks = ((maxLen + blockSz - 1) >> blockBits) + extraBlock; + /* Up to last 6 blocks can be hashed safely. */ + safeBlocks = blocks - 6; + + /* Length of message data. */ + realLen = maxLen - in[sz - 1]; + /* Number of message bytes in last block. */ + lastBlockLen = realLen & blockMask; + /* Number of padding bytes in last block. */ + extraLen = ((blockSz * 2 - padSz - lastBlockLen) & blockMask) + 1; + /* Number of blocks to create for hash. */ + lenBlock = (realLen + extraLen) >> blockBits; + /* Block containing EOC byte. */ + eocBlock = realLen >> blockBits; + /* Index of EOC byte in block. */ + eocIndex = realLen & blockMask; + + /* Add length of hmac's ipad to total length. */ + realLen += blockSz; + /* Length as bits - 8 bytes bigendian. */ + c32toa(realLen >> ((sizeof(word32) * 8) - 3), lenBytes); + c32toa(realLen << 3, lenBytes + sizeof(word32)); + + ret = Hmac_HashUpdate(hmac, (unsigned char*)hmac->ipad, blockSz); + if (ret != 0) + return ret; + + XMEMSET(hmac->innerHash, 0, macLen); + + if (safeBlocks > 0) { + ret = Hmac_HashUpdate(hmac, header, WOLFSSL_TLS_HMAC_INNER_SZ); + if (ret != 0) + return ret; + ret = Hmac_HashUpdate(hmac, in, safeBlocks * blockSz - + WOLFSSL_TLS_HMAC_INNER_SZ); + if (ret != 0) + return ret; + } + else + safeBlocks = 0; + + XMEMSET(digest, 0, macLen); + k = safeBlocks * blockSz; + for (i = safeBlocks; i < blocks; i++) { + unsigned char hashBlock[WC_MAX_BLOCK_SIZE]; + unsigned char isEocBlock = ctMaskEq(i, eocBlock); + unsigned char isOutBlock = ctMaskEq(i, lenBlock); + + for (j = 0; j < blockSz; j++, k++) { + unsigned char atEoc = ctMaskEq(j, eocIndex) & isEocBlock; + unsigned char pastEoc = ctMaskGT(j, eocIndex) & isEocBlock; + unsigned char b = 0; + + if (k < WOLFSSL_TLS_HMAC_INNER_SZ) + b = header[k]; + else if (k < maxLen) + b = in[k - WOLFSSL_TLS_HMAC_INNER_SZ]; + + b = ctMaskSel(atEoc, b, 0x80); + b &= ~pastEoc; + b &= ~isOutBlock | isEocBlock; + + if (j >= blockSz - 8) { + b = ctMaskSel(isOutBlock, b, lenBytes[j - (blockSz - 8)]); + } + + hashBlock[j] = b; + } + + ret = Hmac_HashUpdate(hmac, hashBlock, blockSz); + if (ret != 0) + return ret; + ret = Hmac_HashFinalRaw(hmac, hashBlock); + if (ret != 0) + return ret; + for (j = 0; j < macLen; j++) + ((unsigned char*)hmac->innerHash)[j] |= hashBlock[j] & isOutBlock; + } + + ret = Hmac_OuterHash(hmac, digest); + + return ret; +} + +#endif + +#if defined(WOLFSSL_NO_HASH_RAW) || defined(HAVE_FIPS) || defined(HAVE_BLAKE2) + +/* Calculate the HMAC of the header + message data. + * Constant time implementation using normal hashing operations. + * Update-Final need to be constant time. + * + * hmac HMAC object. + * digest MAC result. + * in Message data. + * sz Size of the message data. + * header Constructed record header with length of handshake data. + * returns 0 on success, otherwise failure. + */ +static int Hmac_UpdateFinal(Hmac* hmac, byte* digest, const byte* in, + word32 sz, byte* header) +{ + byte dummy[WC_MAX_BLOCK_SIZE] = {0}; + int ret; + word32 msgSz, blockSz, macSz, padSz, maxSz, realSz; + word32 currSz, offset; + int msgBlocks, blocks, blockBits; + int i; + + switch (hmac->macType) { + #ifndef NO_SHA + case WC_SHA: + blockSz = WC_SHA_BLOCK_SIZE; + blockBits = 6; + macSz = WC_SHA_DIGEST_SIZE; + padSz = WC_SHA_BLOCK_SIZE - WC_SHA_PAD_SIZE + 1; + break; + #endif /* !NO_SHA */ + + #ifndef NO_SHA256 + case WC_SHA256: + blockSz = WC_SHA256_BLOCK_SIZE; + blockBits = 6; + macSz = WC_SHA256_DIGEST_SIZE; + padSz = WC_SHA256_BLOCK_SIZE - WC_SHA256_PAD_SIZE + 1; + break; + #endif /* !NO_SHA256 */ + + #ifdef WOLFSSL_SHA384 + case WC_SHA384: + blockSz = WC_SHA384_BLOCK_SIZE; + blockBits = 7; + macSz = WC_SHA384_DIGEST_SIZE; + padSz = WC_SHA384_BLOCK_SIZE - WC_SHA384_PAD_SIZE + 1; + break; + #endif /* WOLFSSL_SHA384 */ + + #ifdef WOLFSSL_SHA512 + case WC_SHA512: + blockSz = WC_SHA512_BLOCK_SIZE; + blockBits = 7; + macSz = WC_SHA512_DIGEST_SIZE; + padSz = WC_SHA512_BLOCK_SIZE - WC_SHA512_PAD_SIZE + 1; + break; + #endif /* WOLFSSL_SHA512 */ + + #ifdef HAVE_BLAKE2 + case WC_HASH_TYPE_BLAKE2B: + blockSz = BLAKE2B_BLOCKBYTES; + blockBits = 7; + macSz = BLAKE2B_256; + padSz = 0; + break; + #endif /* HAVE_BLAK2 */ + + default: + return BAD_FUNC_ARG; + } + + msgSz = sz - (1 + in[sz - 1] + macSz); + /* Make negative result 0 */ + msgSz &= ~(0 - (msgSz >> 31)); + realSz = WOLFSSL_TLS_HMAC_INNER_SZ + msgSz; + maxSz = WOLFSSL_TLS_HMAC_INNER_SZ + (sz - 1) - macSz; + + /* Calculate #blocks processed in HMAC for max and real data. */ + blocks = maxSz >> blockBits; + blocks += ((maxSz + padSz) % blockSz) < padSz; + msgBlocks = realSz >> blockBits; + /* #Extra blocks to process. */ + blocks -= msgBlocks + (((realSz + padSz) % blockSz) < padSz); + /* Calculate whole blocks. */ + msgBlocks--; + + ret = wc_HmacUpdate(hmac, header, WOLFSSL_TLS_HMAC_INNER_SZ); + if (ret == 0) { + /* Fill the rest of the block with any available data. */ + currSz = ctMaskLT(msgSz, blockSz) & msgSz; + currSz |= ctMaskGTE(msgSz, blockSz) & blockSz; + currSz -= WOLFSSL_TLS_HMAC_INNER_SZ; + currSz &= ~(0 - (currSz >> 31)); + ret = wc_HmacUpdate(hmac, in, currSz); + offset = currSz; + } + if (ret == 0) { + /* Do the hash operations on a block basis. */ + for (i = 0; i < msgBlocks; i++, offset += blockSz) { + ret = wc_HmacUpdate(hmac, in + offset, blockSz); + if (ret != 0) + break; + } + } + if (ret == 0) + ret = wc_HmacUpdate(hmac, in + offset, msgSz - offset); + if (ret == 0) + ret = wc_HmacFinal(hmac, digest); + if (ret == 0) { + /* Do the dummy hash operations. Do at least one. */ + for (i = 0; i < blocks + 1; i++) { + ret = wc_HmacUpdate(hmac, dummy, blockSz); + if (ret != 0) + break; + } + } + + return ret; +} + +#endif + +int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, int padSz, + int content, int verify) +{ + Hmac hmac; + byte myInner[WOLFSSL_TLS_HMAC_INNER_SZ]; + int ret = 0; if (ssl == NULL) return BAD_FUNC_ARG; @@ -875,14 +1309,40 @@ int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, return ret; ret = wc_HmacSetKey(&hmac, wolfSSL_GetHmacType(ssl), - wolfSSL_GetMacSecret(ssl, verify), ssl->specs.hash_size); + wolfSSL_GetMacSecret(ssl, verify), + ssl->specs.hash_size); if (ret == 0) { - ret = wc_HmacUpdate(&hmac, myInner, sizeof(myInner)); - if (ret == 0) - ret = wc_HmacUpdate(&hmac, in, sz); /* content */ - if (ret == 0) - ret = wc_HmacFinal(&hmac, digest); + /* Constant time verification required. */ + if (verify && padSz >= 0) { +#if !defined(WOLFSSL_NO_HASH_RAW) && !defined(HAVE_FIPS) + #ifdef HAVE_BLAKE2 + if (wolfSSL_GetHmacType(ssl) == WC_HASH_TYPE_BLAKE2B) { + ret = Hmac_UpdateFinal(&hmac, digest, in, sz + + ssl->specs.hash_size + padSz + 1, + myInner); + } + else + #endif + { + ret = Hmac_UpdateFinal_CT(&hmac, digest, in, sz + + ssl->specs.hash_size + padSz + 1, + myInner); + } +#else + ret = Hmac_UpdateFinal(&hmac, digest, in, sz + + ssl->specs.hash_size + padSz + 1, + myInner); +#endif + } + else { + ret = wc_HmacUpdate(&hmac, myInner, sizeof(myInner)); + if (ret == 0) + ret = wc_HmacUpdate(&hmac, in, sz); /* content */ + if (ret == 0) + ret = wc_HmacFinal(&hmac, digest); + } } + wc_HmacFree(&hmac); return ret; diff --git a/wolfcrypt/src/misc.c b/wolfcrypt/src/misc.c index 8cfe780ae..f5017e356 100644 --- a/wolfcrypt/src/misc.c +++ b/wolfcrypt/src/misc.c @@ -311,6 +311,48 @@ STATIC INLINE word32 btoi(byte b) } +/* Constant time - mask set when a > b. */ +STATIC INLINE byte ctMaskGT(int a, int b) +{ + return (((word32)a - b - 1) >> 31) - 1; +} + +/* Constant time - mask set when a >= b. */ +STATIC INLINE byte ctMaskGTE(int a, int b) +{ + return (((word32)a - b ) >> 31) - 1; +} + +/* Constant time - mask set when a < b. */ +STATIC INLINE byte ctMaskLT(int a, int b) +{ + return (((word32)b - a - 1) >> 31) - 1; +} + +/* Constant time - mask set when a <= b. */ +STATIC INLINE byte ctMaskLTE(int a, int b) +{ + return (((word32)b - a ) >> 31) - 1; +} + +/* Constant time - mask set when a == b. */ +STATIC INLINE byte ctMaskEq(int a, int b) +{ + return 0 - (a == b); +} + +/* Constant time - select b when mask is set and a otherwise. */ +STATIC INLINE byte ctMaskSel(byte m, byte a, byte b) +{ + return (a & ~m) | (b & m); +} + +/* Constant time - bit set when a <= b. */ +STATIC INLINE byte ctSetLTE(int a, int b) +{ + return ((word32)a - b - 1) >> 31; +} + #undef STATIC diff --git a/wolfcrypt/src/sha.c b/wolfcrypt/src/sha.c index 3a4a97376..15fc5e9a3 100644 --- a/wolfcrypt/src/sha.c +++ b/wolfcrypt/src/sha.c @@ -431,6 +431,20 @@ int wc_ShaUpdate(wc_Sha* sha, const byte* data, word32 len) return 0; } +int wc_ShaFinalRaw(wc_Sha* sha, byte* hash) +{ + if (sha == NULL || hash == NULL) { + return BAD_FUNC_ARG; + } + + XMEMCPY(hash, sha->digest, WC_SHA_DIGEST_SIZE); +#ifdef LITTLE_ENDIAN_ORDER + ByteReverseWords((word32*)hash, (word32*)hash, WC_SHA_DIGEST_SIZE); +#endif + + return 0; +} + int wc_ShaFinal(wc_Sha* sha, byte* hash) { byte* local; diff --git a/wolfcrypt/src/sha256.c b/wolfcrypt/src/sha256.c index 731e1605f..c6be6a40e 100644 --- a/wolfcrypt/src/sha256.c +++ b/wolfcrypt/src/sha256.c @@ -765,6 +765,20 @@ static int InitSha256(wc_Sha256* sha256) return XTRANSFORM(sha256); } + int wc_Sha256FinalRaw(wc_Sha256* sha256, byte* hash) + { + if (sha256 == NULL || hash == NULL) { + return BAD_FUNC_ARG; + } + + XMEMCPY(hash, sha256->digest, WC_SHA256_DIGEST_SIZE); + #if defined(LITTLE_ENDIAN_ORDER) + ByteReverseWords((word32*)hash, (word32*)hash, WC_SHA256_DIGEST_SIZE); + #endif + + return 0; + } + int wc_Sha256Final(wc_Sha256* sha256, byte* hash) { int ret; diff --git a/wolfcrypt/src/sha512.c b/wolfcrypt/src/sha512.c index 9def45576..7b14a59eb 100644 --- a/wolfcrypt/src/sha512.c +++ b/wolfcrypt/src/sha512.c @@ -695,6 +695,20 @@ static INLINE int Sha512Final(wc_Sha512* sha512) return 0; } +int wc_Sha512FinalRaw(wc_Sha512* sha512, byte* hash) +{ + if (sha512 == NULL || hash == NULL) { + return BAD_FUNC_ARG; + } + + XMEMCPY(hash, sha512->digest, WC_SHA512_DIGEST_SIZE); +#if defined(LITTLE_ENDIAN_ORDER) + ByteReverseWords64((word64*)hash, (word64*)hash, WC_SHA512_DIGEST_SIZE); +#endif + + return 0; +} + int wc_Sha512Final(wc_Sha512* sha512, byte* hash) { int ret; @@ -2588,6 +2602,20 @@ int wc_Sha384Update(wc_Sha384* sha384, const byte* data, word32 len) } +int wc_Sha384FinalRaw(wc_Sha384* sha384, byte* hash) +{ + if (sha384 == NULL || hash == NULL) { + return BAD_FUNC_ARG; + } + + XMEMCPY(hash, sha384->digest, WC_SHA384_DIGEST_SIZE); +#if defined(LITTLE_ENDIAN_ORDER) + ByteReverseWords64((word64*)hash, (word64*)hash, WC_SHA384_DIGEST_SIZE); +#endif + + return 0; +} + int wc_Sha384Final(wc_Sha384* sha384, byte* hash) { int ret; diff --git a/wolfssl/internal.h b/wolfssl/internal.h index c9ef6413d..7b15cf307 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -1095,10 +1095,6 @@ enum Misc { PAD_MD5 = 48, /* pad length for finished */ PAD_SHA = 40, /* pad length for finished */ MAX_PAD_SIZE = 256, /* maximum length of padding */ - COMPRESS_DUMMY_SIZE = 64, /* compression dummy round size */ - COMPRESS_CONSTANT = 13, /* compression calc constant */ - COMPRESS_UPPER = 55, /* compression calc numerator */ - COMPRESS_LOWER = 64, /* compression calc denominator */ LENGTH_SZ = 2, /* length field for HMAC, data only */ VERSION_SZ = 2, /* length of proctocol version */ @@ -1181,6 +1177,7 @@ enum Misc { OPAQUE8_LEN + WC_MAX_DIGEST_SIZE, MAX_REQUEST_SZ = 256, /* Maximum cert req len (no auth yet */ SESSION_FLUSH_COUNT = 256, /* Flush session cache unless user turns off */ + TLS_MAX_PAD_SZ = 255, /* Max padding in TLS */ #ifdef HAVE_FIPS MAX_SYM_KEY_SIZE = AES_256_KEY_SIZE, @@ -1550,6 +1547,8 @@ WOLFSSL_LOCAL int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, word32 helloSz, byte* extMsgType); #endif +int TimingPadVerify(WOLFSSL* ssl, const byte* input, int padLen, int t, + int pLen, int content); enum { @@ -2853,7 +2852,7 @@ WOLFSSL_SESSION* GetSession(WOLFSSL*, byte*, byte); WOLFSSL_LOCAL int SetSession(WOLFSSL*, WOLFSSL_SESSION*); -typedef int (*hmacfp) (WOLFSSL*, byte*, const byte*, word32, int, int); +typedef int (*hmacfp) (WOLFSSL*, byte*, const byte*, word32, int, int, int); #ifndef NO_CLIENT_CACHE WOLFSSL_SESSION* GetSessionClient(WOLFSSL*, const byte*, int); @@ -3942,7 +3941,7 @@ WOLFSSL_LOCAL int GrowInputBuffer(WOLFSSL* ssl, int size, int usedLength); #ifndef NO_TLS WOLFSSL_LOCAL int MakeTlsMasterSecret(WOLFSSL*); WOLFSSL_LOCAL int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, - word32 sz, int content, int verify); + word32 sz, int padSz, int content, int verify); #endif #ifndef NO_WOLFSSL_CLIENT diff --git a/wolfssl/wolfcrypt/misc.h b/wolfssl/wolfcrypt/misc.h index ea86dd707..7cf4cff2a 100644 --- a/wolfssl/wolfcrypt/misc.h +++ b/wolfssl/wolfcrypt/misc.h @@ -91,6 +91,15 @@ void ato24(const byte* c, word32* u24); void ato32(const byte* c, word32* u32); word32 btoi(byte b); + +WOLFSSL_LOCAL byte ctMaskGT(int a, int b); +WOLFSSL_LOCAL byte ctMaskGTE(int a, int b); +WOLFSSL_LOCAL byte ctMaskLT(int a, int b); +WOLFSSL_LOCAL byte ctMaskLTE(int a, int b); +WOLFSSL_LOCAL byte ctMaskEq(int a, int b); +WOLFSSL_LOCAL byte ctMaskSel(byte m, byte a, byte b); +WOLFSSL_LOCAL byte ctSetLTE(int a, int b); + #endif /* NO_INLINE */ diff --git a/wolfssl/wolfcrypt/port/caam/wolfcaam_sha.h b/wolfssl/wolfcrypt/port/caam/wolfcaam_sha.h index cb4b08781..95ddf55bf 100644 --- a/wolfssl/wolfcrypt/port/caam/wolfcaam_sha.h +++ b/wolfssl/wolfcrypt/port/caam/wolfcaam_sha.h @@ -28,6 +28,8 @@ #include +#define WOLFSSL_NO_HASH_RAW + #ifndef WC_CAAM_CTXLEN /* last 8 bytes of context is for length */ #define WC_CAAM_CTXLEN 8 diff --git a/wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h b/wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h index 1eae5837a..354c832c4 100644 --- a/wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h +++ b/wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h @@ -196,6 +196,8 @@ int wc_Pic32DesCrypt(word32 *key, int keyLen, word32 *iv, int ivLen, #endif #ifdef WOLFSSL_PIC32MZ_HASH +#define WOLFSSL_NO_HASH_RAW + int wc_Pic32Hash(const byte* in, int inLen, word32* out, int outLen, int algo); int wc_Pic32HashCopy(hashUpdCache* src, hashUpdCache* dst); #endif diff --git a/wolfssl/wolfcrypt/port/st/stm32.h b/wolfssl/wolfcrypt/port/st/stm32.h index 2c82b4760..40629aaf6 100644 --- a/wolfssl/wolfcrypt/port/st/stm32.h +++ b/wolfssl/wolfcrypt/port/st/stm32.h @@ -24,6 +24,8 @@ #ifdef STM32_HASH +#define WOLFSSL_NO_HASH_RAW + /* Generic STM32 Hashing Function */ /* Supports CubeMX HAL or Standard Peripheral Library */ diff --git a/wolfssl/wolfcrypt/port/ti/ti-hash.h b/wolfssl/wolfcrypt/port/ti/ti-hash.h index 361993896..d42404e01 100644 --- a/wolfssl/wolfcrypt/port/ti/ti-hash.h +++ b/wolfssl/wolfcrypt/port/ti/ti-hash.h @@ -33,6 +33,8 @@ #define WOLFSSL_MAX_HASH_SIZE 64 #endif +#define WOLFSSL_NO_HASH_RAW + typedef struct { byte *msg; word32 used; diff --git a/wolfssl/wolfcrypt/sha.h b/wolfssl/wolfcrypt/sha.h index 6d08cf5eb..5357cce6f 100644 --- a/wolfssl/wolfcrypt/sha.h +++ b/wolfssl/wolfcrypt/sha.h @@ -122,6 +122,7 @@ typedef struct wc_Sha { WOLFSSL_API int wc_InitSha(wc_Sha*); WOLFSSL_API int wc_InitSha_ex(wc_Sha* sha, void* heap, int devId); WOLFSSL_API int wc_ShaUpdate(wc_Sha*, const byte*, word32); +WOLFSSL_API int wc_ShaFinalRaw(wc_Sha*, byte*); WOLFSSL_API int wc_ShaFinal(wc_Sha*, byte*); WOLFSSL_API void wc_ShaFree(wc_Sha*); diff --git a/wolfssl/wolfcrypt/sha256.h b/wolfssl/wolfcrypt/sha256.h index 3409b5151..4667143fe 100644 --- a/wolfssl/wolfcrypt/sha256.h +++ b/wolfssl/wolfcrypt/sha256.h @@ -139,6 +139,7 @@ typedef struct wc_Sha256 { WOLFSSL_API int wc_InitSha256(wc_Sha256*); WOLFSSL_API int wc_InitSha256_ex(wc_Sha256*, void*, int); WOLFSSL_API int wc_Sha256Update(wc_Sha256*, const byte*, word32); +WOLFSSL_API int wc_Sha256FinalRaw(wc_Sha256*, byte*); WOLFSSL_API int wc_Sha256Final(wc_Sha256*, byte*); WOLFSSL_API void wc_Sha256Free(wc_Sha256*); diff --git a/wolfssl/wolfcrypt/sha512.h b/wolfssl/wolfcrypt/sha512.h index 315f56df0..88ea52457 100644 --- a/wolfssl/wolfcrypt/sha512.h +++ b/wolfssl/wolfcrypt/sha512.h @@ -112,6 +112,7 @@ typedef struct wc_Sha512 { WOLFSSL_API int wc_InitSha512(wc_Sha512*); WOLFSSL_API int wc_InitSha512_ex(wc_Sha512*, void*, int); WOLFSSL_API int wc_Sha512Update(wc_Sha512*, const byte*, word32); +WOLFSSL_API int wc_Sha512FinalRaw(wc_Sha512*, byte*); WOLFSSL_API int wc_Sha512Final(wc_Sha512*, byte*); WOLFSSL_API void wc_Sha512Free(wc_Sha512*); @@ -144,6 +145,7 @@ typedef wc_Sha512 wc_Sha384; WOLFSSL_API int wc_InitSha384(wc_Sha384*); WOLFSSL_API int wc_InitSha384_ex(wc_Sha384*, void*, int); WOLFSSL_API int wc_Sha384Update(wc_Sha384*, const byte*, word32); +WOLFSSL_API int wc_Sha384FinalRaw(wc_Sha384*, byte*); WOLFSSL_API int wc_Sha384Final(wc_Sha384*, byte*); WOLFSSL_API void wc_Sha384Free(wc_Sha384*); From fb7d74c19761a0a00b54f1c8c22ede63c027547f Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Fri, 25 May 2018 09:01:44 +1000 Subject: [PATCH 102/146] FinalRaw parameter hash may not be aligned. --- wolfcrypt/src/sha.c | 10 ++++++++-- wolfcrypt/src/sha256.c | 11 +++++++++-- wolfcrypt/src/sha512.c | 22 ++++++++++++++++++---- 3 files changed, 35 insertions(+), 8 deletions(-) diff --git a/wolfcrypt/src/sha.c b/wolfcrypt/src/sha.c index 15fc5e9a3..d800e2d9b 100644 --- a/wolfcrypt/src/sha.c +++ b/wolfcrypt/src/sha.c @@ -433,13 +433,19 @@ int wc_ShaUpdate(wc_Sha* sha, const byte* data, word32 len) int wc_ShaFinalRaw(wc_Sha* sha, byte* hash) { +#ifdef LITTLE_ENDIAN_ORDER + word32 digest[WC_SHA_DIGEST_SIZE / sizeof(word32)]; +#endif + if (sha == NULL || hash == NULL) { return BAD_FUNC_ARG; } - XMEMCPY(hash, sha->digest, WC_SHA_DIGEST_SIZE); #ifdef LITTLE_ENDIAN_ORDER - ByteReverseWords((word32*)hash, (word32*)hash, WC_SHA_DIGEST_SIZE); + ByteReverseWords((word32*)digest, (word32*)sha->digest, WC_SHA_DIGEST_SIZE); + XMEMCPY(hash, digest, WC_SHA_DIGEST_SIZE); +#else + XMEMCPY(hash, sha->digest, WC_SHA_DIGEST_SIZE); #endif return 0; diff --git a/wolfcrypt/src/sha256.c b/wolfcrypt/src/sha256.c index c6be6a40e..bd234c4f0 100644 --- a/wolfcrypt/src/sha256.c +++ b/wolfcrypt/src/sha256.c @@ -767,13 +767,20 @@ static int InitSha256(wc_Sha256* sha256) int wc_Sha256FinalRaw(wc_Sha256* sha256, byte* hash) { + #ifdef LITTLE_ENDIAN_ORDER + word32 digest[WC_SHA256_DIGEST_SIZE / sizeof(word32)]; + #endif + if (sha256 == NULL || hash == NULL) { return BAD_FUNC_ARG; } + #ifdef LITTLE_ENDIAN_ORDER + ByteReverseWords((word32*)digest, (word32*)sha256->digest, + WC_SHA256_DIGEST_SIZE); + XMEMCPY(hash, digest, WC_SHA256_DIGEST_SIZE); + #else XMEMCPY(hash, sha256->digest, WC_SHA256_DIGEST_SIZE); - #if defined(LITTLE_ENDIAN_ORDER) - ByteReverseWords((word32*)hash, (word32*)hash, WC_SHA256_DIGEST_SIZE); #endif return 0; diff --git a/wolfcrypt/src/sha512.c b/wolfcrypt/src/sha512.c index 7b14a59eb..a39bd8379 100644 --- a/wolfcrypt/src/sha512.c +++ b/wolfcrypt/src/sha512.c @@ -697,13 +697,20 @@ static INLINE int Sha512Final(wc_Sha512* sha512) int wc_Sha512FinalRaw(wc_Sha512* sha512, byte* hash) { +#ifdef LITTLE_ENDIAN_ORDER + word64 digest[WC_SHA512_DIGEST_SIZE / sizeof(word64)]; +#endif + if (sha512 == NULL || hash == NULL) { return BAD_FUNC_ARG; } +#ifdef LITTLE_ENDIAN_ORDER + ByteReverseWords64((word64*)digest, (word64*)sha512->digest, + WC_SHA512_DIGEST_SIZE); + XMEMCPY(hash, digest, WC_SHA512_DIGEST_SIZE); +#else XMEMCPY(hash, sha512->digest, WC_SHA512_DIGEST_SIZE); -#if defined(LITTLE_ENDIAN_ORDER) - ByteReverseWords64((word64*)hash, (word64*)hash, WC_SHA512_DIGEST_SIZE); #endif return 0; @@ -2604,13 +2611,20 @@ int wc_Sha384Update(wc_Sha384* sha384, const byte* data, word32 len) int wc_Sha384FinalRaw(wc_Sha384* sha384, byte* hash) { +#ifdef LITTLE_ENDIAN_ORDER + word64 digest[WC_SHA384_DIGEST_SIZE / sizeof(word64)]; +#endif + if (sha384 == NULL || hash == NULL) { return BAD_FUNC_ARG; } +#ifdef LITTLE_ENDIAN_ORDER + ByteReverseWords64((word64*)digest, (word64*)sha384->digest, + WC_SHA384_DIGEST_SIZE); + XMEMCPY(hash, digest, WC_SHA384_DIGEST_SIZE); +#else XMEMCPY(hash, sha384->digest, WC_SHA384_DIGEST_SIZE); -#if defined(LITTLE_ENDIAN_ORDER) - ByteReverseWords64((word64*)hash, (word64*)hash, WC_SHA384_DIGEST_SIZE); #endif return 0; From 24ff55b0856fb60c793eba3d1907b1f53c10a77b Mon Sep 17 00:00:00 2001 From: Go Hosohara Date: Thu, 3 May 2018 15:52:42 +0900 Subject: [PATCH 103/146] RAND_poll --- src/ssl.c | 21 +++++++++++++++++++++ tests/api.c | 1 + wolfssl/openssl/evp.h | 4 ++++ wolfssl/openssl/ssl.h | 1 + wolfssl/ssl.h | 1 + 5 files changed, 28 insertions(+) diff --git a/src/ssl.c b/src/ssl.c index 9f7e1306d..74cfb3d14 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -21564,6 +21564,27 @@ int wolfSSL_RAND_bytes(unsigned char* buf, int num) return ret; } +#define RAND_ENTROPY_SZ (256/16) +int wolfSSL_RAND_poll() +{ + WOLFSSL_ENTER("wolfSSL_RAND_poll"); + byte entropy[RAND_ENTROPY_SZ]; + int ret = 0; + + if (initGlobalRNG == 0){ + WOLFSSL_MSG("Global RNG no Init"); + return WOLFSSL_FAILURE; + } + ret = wc_GenerateSeed(&globalRNG.seed, entropy, RAND_ENTROPY_SZ); + if (ret != 0){ + WOLFSSL_MSG("Bad wc_RNG_GenerateBlock"); + ret = WOLFSSL_FAILURE; + }else + ret = WOLFSSL_SUCCESS; + + return ret; +} + WOLFSSL_BN_CTX* wolfSSL_BN_CTX_new(void) { static int ctx; /* wolfcrypt doesn't now need ctx */ diff --git a/tests/api.c b/tests/api.c index f9f6bff54..e9e99079a 100644 --- a/tests/api.c +++ b/tests/api.c @@ -17216,6 +17216,7 @@ static void test_wolfSSL_RAND(void) printf(testingFmt, "wolfSSL_RAND()"); RAND_seed(seed, sizeof(seed)); + AssertIntEQ(RAND_poll(), 1); RAND_cleanup(); AssertIntEQ(RAND_egd(NULL), -1); diff --git a/wolfssl/openssl/evp.h b/wolfssl/openssl/evp.h index 75b682dc1..f1d935fc6 100644 --- a/wolfssl/openssl/evp.h +++ b/wolfssl/openssl/evp.h @@ -564,6 +564,10 @@ typedef WOLFSSL_EVP_CIPHER_CTX EVP_CIPHER_CTX; WOLFSSL_API void printPKEY(WOLFSSL_EVP_PKEY *k); +WOLFSSL_API void wolfSSL_OPENSSL_add_all_algorithms_noconf(void); + +#define OPENSSL_add_all_algorithms_noconf wolfSSL_OPENSSL_add_all_algorithms_noconf + #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index 3fbbed639..c9e620faa 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -297,6 +297,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; #define RAND_seed wolfSSL_RAND_seed #define RAND_cleanup wolfSSL_RAND_Cleanup #define RAND_add wolfSSL_RAND_add +#define RAND_poll wolfSSL_RAND_poll #define COMP_zlib wolfSSL_COMP_zlib #define COMP_rle wolfSSL_COMP_rle diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 968898585..eaca4c03b 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -837,6 +837,7 @@ WOLFSSL_API int wolfSSL_RAND_egd(const char*); WOLFSSL_API int wolfSSL_RAND_seed(const void*, int); WOLFSSL_API void wolfSSL_RAND_Cleanup(void); WOLFSSL_API void wolfSSL_RAND_add(const void*, int, double); +WOLFSSL_API int wolfSSL_RAND_poll(void); WOLFSSL_API WOLFSSL_COMP_METHOD* wolfSSL_COMP_zlib(void); WOLFSSL_API WOLFSSL_COMP_METHOD* wolfSSL_COMP_rle(void); From 005284a127fe1b5edcb05b26e0c882d31235d43e Mon Sep 17 00:00:00 2001 From: Go Hosohara Date: Fri, 4 May 2018 15:18:44 +0900 Subject: [PATCH 104/146] ASN1_GENERALIZEDTIME_free --- src/ssl.c | 17 +++++++++++++++++ tests/api.c | 18 ++++++++++++++++++ wolfssl/openssl/evp.h | 4 ---- wolfssl/openssl/ssl.h | 4 ++++ wolfssl/ssl.h | 8 +++++++- 5 files changed, 46 insertions(+), 5 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 74cfb3d14..cca6da23a 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -10832,6 +10832,15 @@ int wolfSSL_set_compression(WOLFSSL* ssl) return WOLFSSL_FATAL_ERROR; } +#ifndef NO_WOLFSSL_STUB + int wolfSSL_OPENSSL_add_all_algorithms_noconf(void) + { + WOLFSSL_ENTER("wolfSSL_OPENSSL_add_all_algorithms_noconf"); + + WOLFSSL_STUB("OPENSSL_add_all_algorigorithms_noconf"); + return SSL_NOT_IMPLEMENTED; + } +#endif /* returns previous set cache size which stays constant */ long wolfSSL_CTX_sess_set_cache_size(WOLFSSL_CTX* ctx, long sz) @@ -20744,6 +20753,14 @@ int wolfSSL_ASN1_GENERALIZEDTIME_print(WOLFSSL_BIO* bio, return 0; } +void wolfSSL_ASN1_GENERALIZEDTIME_free(WOLFSSL_ASN1_TIME* asn1Time) +{ + WOLFSSL_ENTER("wolfSSL_ASN1_GENERALIZEDTIME_free"); + if (asn1Time == NULL) + return; + XMEMSET(asn1Time->data, 0, sizeof(asn1Time->data)); +} + int wolfSSL_sk_num(WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)* sk) { if (sk == NULL) diff --git a/tests/api.c b/tests/api.c index e9e99079a..215eb99cd 100644 --- a/tests/api.c +++ b/tests/api.c @@ -15550,6 +15550,23 @@ static void test_wolfSSL_ASN1_TIME_print() } +static void test_wolfSSL_ASN1_GENERALIZEDTIME_free(){ + #if defined(OPENSSL_EXTRA) + WOLFSSL_ASN1_GENERALIZEDTIME* asn1_gtime; + unsigned char nullstr[32]; + + XMEMSET(nullstr, 0, 32); + asn1_gtime = XMALLOC(sizeof(ASN1_GENERALIZEDTIME), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + XMEMCPY(asn1_gtime->data,"20180504123500Z",15); + wolfSSL_ASN1_GENERALIZEDTIME_free(asn1_gtime); + AssertIntEQ(0, XMEMCMP(asn1_gtime->data, nullstr, 32)); + + XFREE(asn1_gtime, NULL, DYNAMIC_TYPE_TMP_BUFFER); + #endif /* opensslextra */ +} + + static void test_wolfSSL_private_keys(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ @@ -19368,6 +19385,7 @@ void ApiTest(void) test_wolfSSL_DES(); test_wolfSSL_certs(); test_wolfSSL_ASN1_TIME_print(); + test_wolfSSL_ASN1_GENERALIZEDTIME_free(); test_wolfSSL_private_keys(); test_wolfSSL_PEM_PrivateKey(); test_wolfSSL_PEM_RSAPrivateKey(); diff --git a/wolfssl/openssl/evp.h b/wolfssl/openssl/evp.h index f1d935fc6..75b682dc1 100644 --- a/wolfssl/openssl/evp.h +++ b/wolfssl/openssl/evp.h @@ -564,10 +564,6 @@ typedef WOLFSSL_EVP_CIPHER_CTX EVP_CIPHER_CTX; WOLFSSL_API void printPKEY(WOLFSSL_EVP_PKEY *k); -WOLFSSL_API void wolfSSL_OPENSSL_add_all_algorithms_noconf(void); - -#define OPENSSL_add_all_algorithms_noconf wolfSSL_OPENSSL_add_all_algorithms_noconf - #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index c9e620faa..fce991e69 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -381,6 +381,9 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; #define ASN1_TIME_print wolfSSL_ASN1_TIME_print #define ASN1_GENERALIZEDTIME_print wolfSSL_ASN1_GENERALIZEDTIME_print #define ASN1_TIME_adj wolfSSL_ASN1_TIME_adj +#define ASN1_GENERALIZEDTIME_free wolfSSL_ASN1_GENERALIZEDTIME_free +#define ASN1_STRING_print_ex wolfSSL_ASN1_STRING_print_ex +#define ASN1_TIME_to_generalizedtime wolfSSL_ASN1_TIME_to_generalizedtime #define ASN1_INTEGER_new wolfSSL_ASN1_INTEGER_new #define ASN1_INTEGER_free wolfSSL_ASN1_INTEGER_free @@ -919,6 +922,7 @@ typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING; #define SSL_CTX_add_client_CA wolfSSL_CTX_add_client_CA #define SSL_CTX_set_srp_password wolfSSL_CTX_set_srp_password #define SSL_CTX_set_srp_username wolfSSL_CTX_set_srp_username +#define OPENSSL_add_algorithms_noconf wolfSSL_OPENSSL_add_alogrithms_noconf #ifdef __cplusplus } /* extern "C" */ diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index eaca4c03b..2a4f6f4c0 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -806,6 +806,10 @@ WOLFSSL_API long wolfSSL_BIO_set_fd(WOLFSSL_BIO* b, int fd, int flag); WOLFSSL_API void wolfSSL_set_bio(WOLFSSL*, WOLFSSL_BIO* rd, WOLFSSL_BIO* wr); WOLFSSL_API int wolfSSL_add_all_algorithms(void); +#ifdef OPENSSL_EXTRA +WOLFSSL_API int wolfSSL_OPENSSL_add_all_algorithms_noconf(void); +#endif + #ifndef NO_FILESYSTEM WOLFSSL_API WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_file(void); #endif @@ -1387,7 +1391,6 @@ enum { WOLFSSL_BIO_UNSET = -2, WOLFSSL_BIO_SIZE = 17000 /* default BIO write size if not set */ }; - #endif WOLFSSL_API void wolfSSL_ERR_put_error(int lib, int fun, int err, @@ -1439,6 +1442,9 @@ WOLFSSL_API int wolfSSL_ASN1_UTCTIME_print(WOLFSSL_BIO*, const WOLFSSL_ASN1_UTCTIME*); WOLFSSL_API int wolfSSL_ASN1_GENERALIZEDTIME_print(WOLFSSL_BIO*, const WOLFSSL_ASN1_GENERALIZEDTIME*); +WOLFSSL_API void wolfSSL_ASN1_GENERALIZEDTIME_free(WOLFSSL_ASN1_GENERALIZEDTIME*); +WOLFSSL_API int wolfSSL_ASN1_STRING_print_ex(WOLFSSL_BIO*, WOLFSSL_ASN1_STRING*, + unsigned long); WOLFSSL_API int wolfSSL_sk_num(WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)*); WOLFSSL_API void* wolfSSL_sk_value(WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)*, int); From 5ff460bb7ff294bcc251dada0fe159d9d791f9d0 Mon Sep 17 00:00:00 2001 From: Go Hosohara Date: Fri, 4 May 2018 15:59:03 +0900 Subject: [PATCH 105/146] OPENSSL_add_all_algorightms_noconf --- src/ssl.c | 8 ++++---- tests/api.c | 10 ++++++++++ wolfssl/ssl.h | 2 -- 3 files changed, 14 insertions(+), 6 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index cca6da23a..3b5931d90 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -10832,15 +10832,15 @@ int wolfSSL_set_compression(WOLFSSL* ssl) return WOLFSSL_FATAL_ERROR; } -#ifndef NO_WOLFSSL_STUB int wolfSSL_OPENSSL_add_all_algorithms_noconf(void) { WOLFSSL_ENTER("wolfSSL_OPENSSL_add_all_algorithms_noconf"); - WOLFSSL_STUB("OPENSSL_add_all_algorigorithms_noconf"); - return SSL_NOT_IMPLEMENTED; + if (wolfSSL_add_all_algorithms() == WOLFSSL_FATAL_ERROR) + return WOLFSSL_FATAL_ERROR; + + return WOLFSSL_SUCCESS; } -#endif /* returns previous set cache size which stays constant */ long wolfSSL_CTX_sess_set_cache_size(WOLFSSL_CTX* ctx, long sz) diff --git a/tests/api.c b/tests/api.c index 215eb99cd..487ad3531 100644 --- a/tests/api.c +++ b/tests/api.c @@ -18436,6 +18436,15 @@ static void test_wolfSSL_X509_get_serialNumber(void) #endif } + +static void test_wolfSSL_OPENSSL_add_all_algorithms(void){ +#if defined(OPENSSL_EXTRA) + AssertIntEQ(wolfSSL_OPENSSL_add_all_algorithms_noconf(),WOLFSSL_SUCCESS); + wolfSSL_Cleanup(); +#endif +} + + static void test_no_op_functions(void) { #if defined(OPENSSL_EXTRA) @@ -19440,6 +19449,7 @@ void ApiTest(void) test_wolfSSL_SHA256(); test_wolfSSL_X509_get_serialNumber(); test_wolfSSL_X509_CRL(); + test_wolfSSL_OPENSSL_add_all_algorithms(); /* test the no op functions for compatibility */ test_no_op_functions(); diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 2a4f6f4c0..7541a5a7f 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -1443,8 +1443,6 @@ WOLFSSL_API int wolfSSL_ASN1_UTCTIME_print(WOLFSSL_BIO*, WOLFSSL_API int wolfSSL_ASN1_GENERALIZEDTIME_print(WOLFSSL_BIO*, const WOLFSSL_ASN1_GENERALIZEDTIME*); WOLFSSL_API void wolfSSL_ASN1_GENERALIZEDTIME_free(WOLFSSL_ASN1_GENERALIZEDTIME*); -WOLFSSL_API int wolfSSL_ASN1_STRING_print_ex(WOLFSSL_BIO*, WOLFSSL_ASN1_STRING*, - unsigned long); WOLFSSL_API int wolfSSL_sk_num(WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)*); WOLFSSL_API void* wolfSSL_sk_value(WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)*, int); From 36ced360cba01ff2ba5e5495716be1dbe006b0f6 Mon Sep 17 00:00:00 2001 From: Go Hosohara Date: Mon, 7 May 2018 14:49:43 +0900 Subject: [PATCH 106/146] Add Renesas CS+ project files. --- IDE/Renesas/cs+/Projects/common/user_settings.h | 2 ++ wolfcrypt/src/fe_low_mem.c | 8 +++++--- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/IDE/Renesas/cs+/Projects/common/user_settings.h b/IDE/Renesas/cs+/Projects/common/user_settings.h index 5f2854334..c7133877d 100644 --- a/IDE/Renesas/cs+/Projects/common/user_settings.h +++ b/IDE/Renesas/cs+/Projects/common/user_settings.h @@ -44,3 +44,5 @@ #define HAVE_CURVE25519 #define CURVE25519_SMALL #define HAVE_ED25519 + +/* #define NO_WOLFSSL_STUB */ diff --git a/wolfcrypt/src/fe_low_mem.c b/wolfcrypt/src/fe_low_mem.c index f85181822..26eaeee7b 100644 --- a/wolfcrypt/src/fe_low_mem.c +++ b/wolfcrypt/src/fe_low_mem.c @@ -55,15 +55,17 @@ void lm_copy(byte* x, const byte* a) x[i] = a[i]; } +#ifndef FREESCALE_LTC_ECC #if ((defined(HAVE_CURVE25519) && !defined(CURVE25519_SMALL)) || \ - (defined(HAVE_ED25519) && !defined(ED25519_SMALL))) && \ - !defined(FREESCALE_LTC_ECC) - /* to be Complementary to fe_operations.c */ + (defined(HAVE_ED25519) && !defined(ED25519_SMALL))) && \ + !defined(FREESCALE_LTC_ECC) + /* to be Complementary to fe_low_mem.c */ #else void fe_init() { } #endif +#endif #ifdef CURVE25519_SMALL From b1ef0c808ea1e4cc91d3f45ba11249d08d84a89b Mon Sep 17 00:00:00 2001 From: Go Hosohara Date: Mon, 7 May 2018 19:27:43 +0900 Subject: [PATCH 107/146] Add all stubs. --- src/ssl.c | 135 ++++++++++++++++++++++++++++++++++++++++- wolfssl/openssl/asn1.h | 25 +++++++- wolfssl/openssl/ssl.h | 8 ++- wolfssl/ssl.h | 9 +++ 4 files changed, 171 insertions(+), 6 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 3b5931d90..be347fc6b 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -14364,7 +14364,15 @@ WOLFSSL_X509* wolfSSL_X509_d2i(WOLFSSL_X509** x509, const byte* in, int len) return newX509; } - +#ifndef NO_WOLFSSL_STUB +WOLFSSL_X509* wolfSSL_d2i_X509_fp(FILE *fp, WOLFSSL_X509 **x509) +{ + WOLFSSL_STUB("d2i_X509_fp"); + (void)fp; + (void)x509; + return 0; +} +#endif #endif /* KEEP_PEER_CERT || SESSION_CERTS || OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ @@ -21582,6 +21590,7 @@ int wolfSSL_RAND_bytes(unsigned char* buf, int num) } #define RAND_ENTROPY_SZ (256/16) + int wolfSSL_RAND_poll() { WOLFSSL_ENTER("wolfSSL_RAND_poll"); @@ -32619,3 +32628,127 @@ int wolfSSL_CTX_set_alpn_protos(WOLFSSL_CTX *ctx, const unsigned char *p, #endif #endif /* WOLFCRYPT_ONLY */ + +#if defined(OPENSSL_EXTRA) +#ifndef NO_WOLFSSL_STUB +int wolfSSL_X509_check_ca(WOLFSSL_X509 *x509) +{ + WOLFSSL_STUB("X509_check_ca"); + (void)x509; + return 0; +} + +int wolfSSL_d2i_PKCS12_fp(FILE *fp, WC_PKCS12 *pkcs12) +{ + WOLFSSL_STUB("d2i_PKCS12_fp"); + (void)fp; + (void)pkcs12; + return 0; +} + +const char *wolfSSL_ASN1_tag2str(int tag){ + static const char *const tag_label[] = { + "EOC", "BOOLEAN", "INTEGER", "BIT STRING", "OCTET STRING", "NULL", + "OBJECT", "OBJECT DESCRIPTOR", "EXTERNAL", "REAL", "ENUMRATED", + "", "UTF8STRING", "", "", "", + "SEQUENCE", "SET", "NUMERICSTRING", "PRINTABLESTRING", "T61STRING", + "VIDEOTEXTSTRING", "IA5STRING", "TUCTIME", "GENERALIZEDTIME", + "GRAPHICSTRING", "VISIBLESTRING", "GENERALSTRING", "UNIVERSALSTRING", + "", "BMPSTRINT" + }; + + if ((tag == V_ASN1_NEG_INTEGER) || (tag == V_ASN1_NEG_ENUMERATED)) + tag &= ~0x100; + if (tag < 0 || tag > 30) + return "(unknown)"; + return tag_label[tag]; +} + +int wolfSSL_ASN1_STRING_print_ex(WOLFSSL_BIO *out, WOLFSSL_ASN1_STRING *str, + unsigned long flags) +{ + WOLFSSL_STUB("ASN1_STRING_PRINT_ex"); + int strLen = 0; + unsigned char *strBuf = NULL; + + if (out == NULL || str == NULL) + return WOLFSSL_FAILURE; + + if (flags & ASN1_STRFLGS_SHOW_TYPE){ + const char *tag = wolfSSL_ASN1_tag2str(str->type); + strLen += XSTRLEN(tag); + strBuf = (unsigned char *)XMALLOC(strLen + 1, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (strBuf == NULL){ + WOLFSSL_MSG("memory alloc failed."); + return WOLFSSL_FAILURE; + } + XMEMSET(strBuf, 0, strLen + 1); + XSNPRINTF((char*)strBuf, strLen + 1, "%s:", tag); + if (wolfSSL_BIO_write(out, strBuf, strLen) <= 0){ + XFREE(strBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return WOLFSSL_FAILURE; + } + strLen++; + XFREE(strBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + } + + if (flags & ASN1_STRFLGS_DUMP_ALL){ + if (!(flags & ASN1_STRFLGS_DUMP_DER)){ + static const char hexChar[] = { '0', '1', '2', '3', '4', '5', '6', + '7','8', '9', 'a', 'b', 'c', 'd', + 'e', 'f' }; + char hextmp[2]; + char *strPtr, *strEnd; + + strPtr = str->data; + strEnd = str->data + str->length; + while (strPtr != strEnd){ + hextmp[0] = hexChar[*strPtr >> 4]; + hextmp[1] = hexChar[*strPtr & 0xf]; + if (wolfSSL_BIO_write(out, hextmp, 2) <= 0){ + return WOLFSSL_FAILURE; + } + strPtr++; + strLen += 2; + } + return strLen; + } + /* ASN1_STRFLGS_DUMP_DER */ + wolfSSL_BIO_write(out, str->data, str->length); + strLen += str->length; + return strLen; + } + + if (flags & ASN1_STRFLGS_UTF8_CONVERT){ + /* Not implemented yet */ + } + + return 0; +} + +WOLFSSL_ASN1_TIME *wolfSSL_ASN1_TIME_to_generalizedtime(WOLFSSL_ASN1_TIME *t, + WOLFSSL_ASN1_TIME **out) +{ + WOLFSSL_STUB("ASN1_TIME_to_generalizedtime"); + (void)t; + (void)out; + return 0; +} + +int wolfSSL_i2c_ASN1_INTEGER(WOLFSSL_ASN1_INTEGER **a, unsigned char **pp) +{ + WOLFSSL_STUB("i2c_ASN1_INTEGER"); + (void)a; + (void)pp; + return 0; +} + +int wolfSSL_X509_STORE_add_crl(WOLFSSL_X509_STORE *ctx, WOLFSSL_X509_CRL *x) +{ + (void)ctx; + (void)x; + return 0; +} + +#endif +#endif \ No newline at end of file diff --git a/wolfssl/openssl/asn1.h b/wolfssl/openssl/asn1.h index 272698fe6..44a66189f 100644 --- a/wolfssl/openssl/asn1.h +++ b/wolfssl/openssl/asn1.h @@ -31,5 +31,26 @@ #define ASN1_STRING_set wolfSSL_ASN1_STRING_set #define ASN1_STRING_free wolfSSL_ASN1_STRING_free -#define V_ASN1_OCTET_STRING 0x04 /* tag for ASN1_OCTET_STRING */ -#endif /* WOLFSSL_ASN1_H_ */ +#define V_ASN1_OCTET_STRING 0x04 /* tag for ASN1_OCTET_STRING */ +#define V_ASN1_NEG 0x100 +#define V_ASN1_NEG_INTEGER (2 | V_ASN1_NEG) +#define V_ASN1_NEG_ENUMERATED (10 | V_ASN1_NEG) + +/* Type for ASN1_print_ex */ +# define ASN1_STRFLGS_ESC_2253 1 +# define ASN1_STRFLGS_ESC_CTRL 2 +# define ASN1_STRFLGS_ESC_MSB 4 +# define ASN1_STRFLGS_ESC_QUOTE 8 +# define ASN1_STRFLGS_UTF8_CONVERT 0x10 +# define ASN1_STRFLGS_IGNORE_TYPE 0x20 +# define ASN1_STRFLGS_SHOW_TYPE 0x40 +# define ASN1_STRFLGS_DUMP_ALL 0x80 +# define ASN1_STRFLGS_DUMP_UNKNOWN 0x100 +# define ASN1_STRFLGS_DUMP_DER 0x200 +# define ASN1_STRFLGS_RFC2253 (ASN1_STRFLGS_ESC_2253 | \ + ASN1_STRFLGS_ESC_CTRL | \ + ASN1_STRFLGS_ESC_MSB | \ + ASN1_STRFLGS_UTF8_CONVERT | \ + ASN1_STRFLGS_DUMP_UNKNOWN | \ + ASN1_STRFLGS_DUMP_DER) +#endif /* WOLFSSL_ASN1_H_ */ \ No newline at end of file diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index fce991e69..0c2d9ebb1 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -128,6 +128,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; #define SSL_use_certificate_ASN1 wolfSSL_use_certificate_ASN1 #define d2i_PKCS8_PRIV_KEY_INFO_bio wolfSSL_d2i_PKCS8_PKEY_bio #define PKCS8_PRIV_KEY_INFO_free wolfSSL_EVP_PKEY_free +#define d2i_PKCS12_fp wolfSSL_d2i_PKCS12_fp #define d2i_PUBKEY_bio wolfSSL_d2i_PUBKEY_bio #define d2i_PrivateKey wolfSSL_d2i_PrivateKey @@ -383,6 +384,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; #define ASN1_TIME_adj wolfSSL_ASN1_TIME_adj #define ASN1_GENERALIZEDTIME_free wolfSSL_ASN1_GENERALIZEDTIME_free #define ASN1_STRING_print_ex wolfSSL_ASN1_STRING_print_ex +#define ASN1_tag2str wolfSSL_ASN1_tag2str #define ASN1_TIME_to_generalizedtime wolfSSL_ASN1_TIME_to_generalizedtime #define ASN1_INTEGER_new wolfSSL_ASN1_INTEGER_new @@ -586,8 +588,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; #define X509_check_private_key wolfSSL_X509_check_private_key #define SSL_dup_CA_list wolfSSL_dup_CA_list - - +#define X509_check_ca wolfSSL_X509_check_ca /* NIDs */ @@ -894,6 +895,7 @@ typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING; #define SSL_get0_session wolfSSL_SSL_get0_session #define X509_check_host wolfSSL_X509_check_host #define i2a_ASN1_INTEGER wolfSSL_i2a_ASN1_INTEGER +#define i2c_ASN1_INTEGER wolfSSL_i2a_ASN1_INTEGER #define ERR_peek_error_line_data wolfSSL_ERR_peek_error_line_data #define ERR_load_BIO_strings wolfSSL_ERR_load_BIO_strings #define SSL_CTX_set_tlsext_ticket_key_cb wolfSSL_CTX_set_tlsext_ticket_key_cb @@ -922,7 +924,7 @@ typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING; #define SSL_CTX_add_client_CA wolfSSL_CTX_add_client_CA #define SSL_CTX_set_srp_password wolfSSL_CTX_set_srp_password #define SSL_CTX_set_srp_username wolfSSL_CTX_set_srp_username -#define OPENSSL_add_algorithms_noconf wolfSSL_OPENSSL_add_alogrithms_noconf +#define OPENSSL_add_all_algorithms_noconf wolfSSL_OPENSSL_add_all_alogrithms_noconf #ifdef __cplusplus } /* extern "C" */ diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 7541a5a7f..5914f75a8 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -1528,6 +1528,7 @@ WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509(WOLFSSL_X509** x509, const unsigned char** in, int len); WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_d2i(WOLFSSL_X509** x509, const unsigned char* in, int len); +WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509_fp(FILE *fp, WOLFSSL_X509 **x509); WOLFSSL_API int wolfSSL_i2d_X509(WOLFSSL_X509* x509, unsigned char** out); WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL(WOLFSSL_X509_CRL **crl, const unsigned char *in, int len); @@ -2609,6 +2610,7 @@ WOLFSSL_API unsigned char *wolfSSL_SHA384(const unsigned char *d, size_t n, unsi WOLFSSL_API unsigned char *wolfSSL_SHA512(const unsigned char *d, size_t n, unsigned char *md); WOLFSSL_API int wolfSSL_X509_check_private_key(WOLFSSL_X509*, WOLFSSL_EVP_PKEY*); WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_NAME) *wolfSSL_dup_CA_list( WOLF_STACK_OF(WOLFSSL_X509_NAME) *sk ); +WOLFSSL_API int wolfSSL_X509_check_ca(WOLFSSL_X509 *x509); #ifndef NO_FILESYSTEM WOLFSSL_API long wolfSSL_BIO_set_fp(WOLFSSL_BIO *bio, XFILE fp, int c); @@ -2914,6 +2916,13 @@ WOLFSSL_API WOLFSSL_CIPHER* wolfSSL_sk_SSL_CIPHER_value(void *ciphers, int idx); WOLFSSL_API void ERR_load_SSL_strings(void); WOLFSSL_API void wolfSSL_EC_POINT_dump(const char *msg, const WOLFSSL_EC_POINT *p); +WOLFSSL_API int wolfSSL_d2i_PKCS12_fp(FILE *fp, WC_PKCS12 *pkcs12); +WOLFSSL_API const char *wolfSSL_ASN1_tag2str(int tag); +WOLFSSL_API int wolfSSL_ASN1_STRING_print_ex(WOLFSSL_BIO *out, WOLFSSL_ASN1_STRING *str, unsigned long flags); +WOLFSSL_API WOLFSSL_ASN1_TIME *wolfSSL_ASN1_TIME_to_generalizedtime(WOLFSSL_ASN1_TIME *t, + WOLFSSL_ASN1_TIME **out); +WOLFSSL_API int wolfSSL_i2c_ASN1_INTEGER(WOLFSSL_ASN1_INTEGER **a, unsigned char **pp); +WOLFSSL_API int wolfSSL_X509_STORE_add_crl(WOLFSSL_X509_STORE *ctx, WOLFSSL_X509_CRL *x); #endif /* OPENSSL_EXTRA */ #ifdef HAVE_PK_CALLBACKS From 5c11e1440fc48a287624c4c0a563c0103baf10ea Mon Sep 17 00:00:00 2001 From: Go Hosohara Date: Wed, 16 May 2018 14:07:34 +0900 Subject: [PATCH 108/146] ASN1_TIME_to_generalizedtime --- src/ssl.c | 134 ++++++++++++++++++++++++++++++++++++---------------- tests/api.c | 77 +++++++++++++++++++++++++++--- 2 files changed, 165 insertions(+), 46 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index be347fc6b..42292bd02 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -1476,7 +1476,7 @@ int wolfSSL_SetTmpDH(WOLFSSL* ssl, const unsigned char* p, int pSz, ssl->buffers.serverDH_P.buffer = (byte*)XMALLOC(pSz, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); if (ssl->buffers.serverDH_P.buffer == NULL) - return MEMORY_E; + return MEMORY_E; ssl->buffers.serverDH_G.buffer = (byte*)XMALLOC(gSz, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); @@ -14364,15 +14364,19 @@ WOLFSSL_X509* wolfSSL_X509_d2i(WOLFSSL_X509** x509, const byte* in, int len) return newX509; } + + #ifndef NO_WOLFSSL_STUB +#ifndef NO_FILESYSTEM WOLFSSL_X509* wolfSSL_d2i_X509_fp(FILE *fp, WOLFSSL_X509 **x509) { - WOLFSSL_STUB("d2i_X509_fp"); + WOLFSSL_STUB("wolfSSL_d2i_X509_fp"); (void)fp; (void)x509; return 0; } -#endif +#endif /* !NO_FILESYSTEM */ +#endif /* !NO_WOLFSSL_STUB */ #endif /* KEEP_PEER_CERT || SESSION_CERTS || OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ @@ -32638,6 +32642,7 @@ int wolfSSL_X509_check_ca(WOLFSSL_X509 *x509) return 0; } + int wolfSSL_d2i_PKCS12_fp(FILE *fp, WC_PKCS12 *pkcs12) { WOLFSSL_STUB("d2i_PKCS12_fp"); @@ -32645,6 +32650,8 @@ int wolfSSL_d2i_PKCS12_fp(FILE *fp, WC_PKCS12 *pkcs12) (void)pkcs12; return 0; } +#endif /* NO_WOLFSSL_STUB */ + const char *wolfSSL_ASN1_tag2str(int tag){ static const char *const tag_label[] = { @@ -32664,59 +32671,61 @@ const char *wolfSSL_ASN1_tag2str(int tag){ return tag_label[tag]; } + int wolfSSL_ASN1_STRING_print_ex(WOLFSSL_BIO *out, WOLFSSL_ASN1_STRING *str, unsigned long flags) { - WOLFSSL_STUB("ASN1_STRING_PRINT_ex"); - int strLen = 0; - unsigned char *strBuf = NULL; + WOLFSSL_MSG("ASN1_STRING_PRINT_ex"); + int str_len = 0; + unsigned char *strbuf = NULL; if (out == NULL || str == NULL) return WOLFSSL_FAILURE; if (flags & ASN1_STRFLGS_SHOW_TYPE){ const char *tag = wolfSSL_ASN1_tag2str(str->type); - strLen += XSTRLEN(tag); - strBuf = (unsigned char *)XMALLOC(strLen + 1, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (strBuf == NULL){ + str_len += (int)XSTRLEN(tag); + strbuf = (unsigned char *)XMALLOC(str_len + 1, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (strbuf == NULL){ WOLFSSL_MSG("memory alloc failed."); return WOLFSSL_FAILURE; } - XMEMSET(strBuf, 0, strLen + 1); - XSNPRINTF((char*)strBuf, strLen + 1, "%s:", tag); - if (wolfSSL_BIO_write(out, strBuf, strLen) <= 0){ - XFREE(strBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XMEMSET(strbuf, 0, str_len + 1); + XSNPRINTF((char*)strbuf, str_len + 1, "%s:", tag); + if (wolfSSL_BIO_write(out, strbuf, str_len) <= 0){ + XFREE(strbuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); return WOLFSSL_FAILURE; } - strLen++; - XFREE(strBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + str_len++; + XFREE(strbuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); } if (flags & ASN1_STRFLGS_DUMP_ALL){ if (!(flags & ASN1_STRFLGS_DUMP_DER)){ - static const char hexChar[] = { '0', '1', '2', '3', '4', '5', '6', + static const char hex_char[] = { '0', '1', '2', '3', '4', '5', '6', '7','8', '9', 'a', 'b', 'c', 'd', 'e', 'f' }; - char hextmp[2]; - char *strPtr, *strEnd; + char hex_tmp[2]; + char *str_ptr, *str_end; - strPtr = str->data; - strEnd = str->data + str->length; - while (strPtr != strEnd){ - hextmp[0] = hexChar[*strPtr >> 4]; - hextmp[1] = hexChar[*strPtr & 0xf]; - if (wolfSSL_BIO_write(out, hextmp, 2) <= 0){ + str_ptr = str->data; + str_end = str->data + str->length; + while (str_ptr < str_end){ + hex_tmp[0] = hex_char[*str_ptr >> 4]; + hex_tmp[1] = hex_char[*str_ptr & 0xf]; + if (wolfSSL_BIO_write(out, hex_tmp, 2) <= 0){ return WOLFSSL_FAILURE; } - strPtr++; - strLen += 2; + str_ptr++; + str_len += 2; } - return strLen; + return str_len; } /* ASN1_STRFLGS_DUMP_DER */ - wolfSSL_BIO_write(out, str->data, str->length); - strLen += str->length; - return strLen; + if (wolfSSL_BIO_write(out, str->data, str->length) <= 0) + return WOLFSSL_FAILURE; + str_len += str->length; + return str_len; } if (flags & ASN1_STRFLGS_UTF8_CONVERT){ @@ -32726,15 +32735,58 @@ int wolfSSL_ASN1_STRING_print_ex(WOLFSSL_BIO *out, WOLFSSL_ASN1_STRING *str, return 0; } -WOLFSSL_ASN1_TIME *wolfSSL_ASN1_TIME_to_generalizedtime(WOLFSSL_ASN1_TIME *t, - WOLFSSL_ASN1_TIME **out) -{ - WOLFSSL_STUB("ASN1_TIME_to_generalizedtime"); - (void)t; - (void)out; - return 0; -} +#ifndef NO_ASN_TIME +WOLFSSL_ASN1_TIME *wolfSSL_ASN1_TIME_to_generalizedtime(WOLFSSL_ASN1_TIME *t, + WOLFSSL_ASN1_TIME **out) +{ + WOLFSSL_ENTER("ASN1_TIME_to_generalizedtime"); + unsigned char time_type; + WOLFSSL_ASN1_TIME *ret = NULL; + unsigned char *data_ptr = NULL; + + if (t == NULL) + return NULL; + + time_type = t->data[0]; + if (time_type != ASN_UTC_TIME && time_type != ASN_GENERALIZED_TIME){ + WOLFSSL_MSG("Invalid ASN_TIME type."); + return NULL; + } + if (out == NULL || *out == NULL){ + ret = (WOLFSSL_ASN1_TIME*)XMALLOC(sizeof(WOLFSSL_ASN1_TIME), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (ret == NULL){ + WOLFSSL_MSG("memory alloc failed."); + return NULL; + } + XMEMSET(ret, 0, sizeof(WOLFSSL_ASN1_TIME)); + } else + ret = *out; + + if (time_type == ASN_GENERALIZED_TIME){ + XMEMCPY(ret->data, t->data, ASN_GENERALIZED_TIME_SIZE); + return ret; + } else if (time_type == ASN_UTC_TIME){ + ret->data[0] = ASN_GENERALIZED_TIME; + ret->data[1] = ASN_GENERALIZED_TIME_SIZE; + data_ptr = ret->data + 2; + if (t->data[2] >= '5') + XSNPRINTF((char*)data_ptr, ASN_UTC_TIME_SIZE + 2, "19%s", t->data + 2); + else + XSNPRINTF((char*)data_ptr, ASN_UTC_TIME_SIZE + 2, "20%s", t->data + 2); + + return ret; + } + + WOLFSSL_MSG("Invalid ASN_TIME value"); + return NULL; +} +#endif /* !NO_ASN_TIME */ + + +#ifndef NO_WOLFSSL_STUB +#ifndef NO_ASN int wolfSSL_i2c_ASN1_INTEGER(WOLFSSL_ASN1_INTEGER **a, unsigned char **pp) { WOLFSSL_STUB("i2c_ASN1_INTEGER"); @@ -32742,6 +32794,9 @@ int wolfSSL_i2c_ASN1_INTEGER(WOLFSSL_ASN1_INTEGER **a, unsigned char **pp) (void)pp; return 0; } +#endif /* !NO_ASN */ +#endif /* !NO_WOLFSSL_STUB */ + int wolfSSL_X509_STORE_add_crl(WOLFSSL_X509_STORE *ctx, WOLFSSL_X509_CRL *x) { @@ -32750,5 +32805,4 @@ int wolfSSL_X509_STORE_add_crl(WOLFSSL_X509_STORE *ctx, WOLFSSL_X509_CRL *x) return 0; } -#endif -#endif \ No newline at end of file +#endif /* OPENSSLEXTRA */ \ No newline at end of file diff --git a/tests/api.c b/tests/api.c index 487ad3531..0fc7d146d 100644 --- a/tests/api.c +++ b/tests/api.c @@ -15556,14 +15556,15 @@ static void test_wolfSSL_ASN1_GENERALIZEDTIME_free(){ unsigned char nullstr[32]; XMEMSET(nullstr, 0, 32); - asn1_gtime = XMALLOC(sizeof(ASN1_GENERALIZEDTIME), NULL, - DYNAMIC_TYPE_TMP_BUFFER); - XMEMCPY(asn1_gtime->data,"20180504123500Z",15); + asn1_gtime = (WOLFSSL_ASN1_GENERALIZEDTIME*)XMALLOC( + sizeof(WOLFSSL_ASN1_GENERALIZEDTIME), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + XMEMCPY(asn1_gtime->data,"20180504123500Z",ASN_GENERALIZED_TIME_SIZE); wolfSSL_ASN1_GENERALIZEDTIME_free(asn1_gtime); AssertIntEQ(0, XMEMCMP(asn1_gtime->data, nullstr, 32)); XFREE(asn1_gtime, NULL, DYNAMIC_TYPE_TMP_BUFFER); - #endif /* opensslextra */ + #endif /* OPENSSL_EXTRA */ } @@ -17974,6 +17975,7 @@ static void test_wolfSSL_verify_depth(void) WOLFSSL_CTX* ctx; long depth; + printf(testingFmt, "test_wolfSSL_verify_depth()"); AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, SSL_FILETYPE_PEM)); @@ -18439,8 +18441,69 @@ static void test_wolfSSL_X509_get_serialNumber(void) static void test_wolfSSL_OPENSSL_add_all_algorithms(void){ #if defined(OPENSSL_EXTRA) - AssertIntEQ(wolfSSL_OPENSSL_add_all_algorithms_noconf(),WOLFSSL_SUCCESS); - wolfSSL_Cleanup(); + printf(testingFmt, "wolfSSL_OPENSSL_add_all_algorithms()"); + + AssertIntEQ(wolfSSL_OPENSSL_add_all_algorithms_noconf(),WOLFSSL_SUCCESS); + wolfSSL_Cleanup(); + + printf(resultFmt, passed); +#endif +} + +static void test_wolfSSL_ASN1_STRING_print_ex(void){ +#if defined(OPENSSL_EXTRA) +#endif +} + + +static void test_wolfSSL_ASN1_TIME_to_generalizedtime(void){ +#if defined(OPENSSL_EXTRA) && !defined(NO_ASN1_TIME) + WOLFSSL_ASN1_TIME *t; + WOLFSSL_ASN1_TIME *out; + WOLFSSL_ASN1_TIME *gtime; + + printf(testingFmt, "wolfSSL_ASN1_TIME_to_generalizedtime()"); + + /* UTC Time test */ + t = (WOLFSSL_ASN1_TIME*)XMALLOC(sizeof(WOLFSSL_ASN1_TIME), NULL, DYNAMIC_TYPE_TMP_BUFFER); + XMEMSET(t->data, 0, ASN_GENERALIZED_TIME_SIZE); + out = (WOLFSSL_ASN1_TIME*)XMALLOC(sizeof(WOLFSSL_ASN1_TIME), NULL, DYNAMIC_TYPE_TMP_BUFFER); + t->data[0] = ASN_UTC_TIME; + t->data[1] = ASN_UTC_TIME_SIZE; + XMEMCPY(t->data + 2,"050727123456Z",ASN_UTC_TIME_SIZE); + + gtime = wolfSSL_ASN1_TIME_to_generalizedtime(t, &out); + AssertIntEQ(gtime->data[0], ASN_GENERALIZED_TIME); + AssertIntEQ(gtime->data[1], ASN_GENERALIZED_TIME_SIZE); + AssertStrEQ((char*)gtime->data + 2, "20050727123456Z"); + + /* Generalized Time test */ + XMEMSET(t, 0, ASN_GENERALIZED_TIME_SIZE); + XMEMSET(out, 0, ASN_GENERALIZED_TIME_SIZE); + gtime = NULL; + t->data[0] = ASN_GENERALIZED_TIME; + t->data[1] = ASN_GENERALIZED_TIME_SIZE; + XMEMCPY(t->data + 2,"20050727123456Z",ASN_GENERALIZED_TIME_SIZE); + gtime = wolfSSL_ASN1_TIME_to_generalizedtime(t, &out); + AssertIntEQ(gtime->data[0], ASN_GENERALIZED_TIME); + AssertIntEQ(gtime->data[1], ASN_GENERALIZED_TIME_SIZE); + AssertStrEQ((char*)gtime->data + 2, "20050727123456Z"); + XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER); + + /* Null parameter test */ + XMEMSET(t, 0, ASN_GENERALIZED_TIME_SIZE); + gtime = NULL; + out = NULL; + t->data[0] = ASN_UTC_TIME; + t->data[1] = ASN_UTC_TIME_SIZE; + XMEMCPY(t->data + 2,"050727123456Z",ASN_UTC_TIME_SIZE); + AssertNotNull(gtime = wolfSSL_ASN1_TIME_to_generalizedtime(t, NULL)); + AssertIntEQ(gtime->data[0], ASN_GENERALIZED_TIME); + AssertIntEQ(gtime->data[1], ASN_GENERALIZED_TIME_SIZE); + AssertStrEQ((char*)gtime->data + 2, "20050727123456Z"); + + XFREE(t, NULL, DYNAMIC_TYPE_TMP_BUFFER); + printf(resultFmt, passed); #endif } @@ -19450,6 +19513,8 @@ void ApiTest(void) test_wolfSSL_X509_get_serialNumber(); test_wolfSSL_X509_CRL(); test_wolfSSL_OPENSSL_add_all_algorithms(); + test_wolfSSL_ASN1_STRING_print_ex(); + test_wolfSSL_ASN1_TIME_to_generalizedtime(); /* test the no op functions for compatibility */ test_no_op_functions(); From d7e4bbf1cf12f3ad6714a83b5cca3dcac901b1e6 Mon Sep 17 00:00:00 2001 From: Go Hosohara Date: Sun, 20 May 2018 11:50:33 +0900 Subject: [PATCH 109/146] ASN1_STRING_print_ex --- src/ssl.c | 162 ++++++++++++++++++++++++++++++++++++++-------------- tests/api.c | 64 +++++++++++++++++++++ 2 files changed, 182 insertions(+), 44 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 42292bd02..85d6b21f3 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -32653,15 +32653,16 @@ int wolfSSL_d2i_PKCS12_fp(FILE *fp, WC_PKCS12 *pkcs12) #endif /* NO_WOLFSSL_STUB */ -const char *wolfSSL_ASN1_tag2str(int tag){ +const char *wolfSSL_ASN1_tag2str(int tag) +{ static const char *const tag_label[] = { "EOC", "BOOLEAN", "INTEGER", "BIT STRING", "OCTET STRING", "NULL", - "OBJECT", "OBJECT DESCRIPTOR", "EXTERNAL", "REAL", "ENUMRATED", + "OBJECT", "OBJECT DESCRIPTOR", "EXTERNAL", "REAL", "ENUMERATED", "", "UTF8STRING", "", "", "", "SEQUENCE", "SET", "NUMERICSTRING", "PRINTABLESTRING", "T61STRING", - "VIDEOTEXTSTRING", "IA5STRING", "TUCTIME", "GENERALIZEDTIME", + "VIDEOTEXTSTRING", "IA5STRING", "UTCTIME", "GENERALIZEDTIME", "GRAPHICSTRING", "VISIBLESTRING", "GENERALSTRING", "UNIVERSALSTRING", - "", "BMPSTRINT" + "", "BMPSTRING" }; if ((tag == V_ASN1_NEG_INTEGER) || (tag == V_ASN1_NEG_ENUMERATED)) @@ -32671,70 +32672,143 @@ const char *wolfSSL_ASN1_tag2str(int tag){ return tag_label[tag]; } +static int check_esc_char(char c, char *esc) +{ + char *ptr = NULL; + + ptr = esc; + while(*ptr != 0){ + if (c == *ptr) + return 1; + ptr++; + } + return 0; +} int wolfSSL_ASN1_STRING_print_ex(WOLFSSL_BIO *out, WOLFSSL_ASN1_STRING *str, unsigned long flags) { - WOLFSSL_MSG("ASN1_STRING_PRINT_ex"); - int str_len = 0; - unsigned char *strbuf = NULL; + WOLFSSL_ENTER("ASN1_STRING_PRINT_ex"); + size_t str_len = 0, type_len = 0; + unsigned char *typebuf = NULL; + const char *hash="#"; + //unsigned char * strbuf = NULL; if (out == NULL || str == NULL) return WOLFSSL_FAILURE; + /* add ASN1 type tag */ if (flags & ASN1_STRFLGS_SHOW_TYPE){ const char *tag = wolfSSL_ASN1_tag2str(str->type); - str_len += (int)XSTRLEN(tag); - strbuf = (unsigned char *)XMALLOC(str_len + 1, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (strbuf == NULL){ + /* colon len + tag len + null*/ + type_len = XSTRLEN(tag) + 2; + typebuf = (unsigned char *)XMALLOC(str_len , NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (typebuf == NULL){ WOLFSSL_MSG("memory alloc failed."); return WOLFSSL_FAILURE; } - XMEMSET(strbuf, 0, str_len + 1); - XSNPRINTF((char*)strbuf, str_len + 1, "%s:", tag); - if (wolfSSL_BIO_write(out, strbuf, str_len) <= 0){ - XFREE(strbuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XMEMSET(typebuf, 0, type_len); + XSNPRINTF((char*)typebuf, (size_t)type_len , "%s:", tag); + type_len--; + } + + /* dump hex */ + if (flags & ASN1_STRFLGS_DUMP_ALL){ + static const char hex_char[] = { '0', '1', '2', '3', '4', '5', '6', + '7','8', '9', 'A', 'B', 'C', 'D', + 'E', 'F' }; + char hex_tmp[4]; + char *str_ptr, *str_end; + + if (type_len > 0){ + if (wolfSSL_BIO_write(out, typebuf, type_len) != (int)type_len){ + XFREE(typebuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return WOLFSSL_FAILURE; + } + str_len += type_len; + } + if (wolfSSL_BIO_write(out, hash, 1) != 1){ + if (type_len > 0) + XFREE(typebuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); return WOLFSSL_FAILURE; } str_len++; - XFREE(strbuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } - - if (flags & ASN1_STRFLGS_DUMP_ALL){ - if (!(flags & ASN1_STRFLGS_DUMP_DER)){ - static const char hex_char[] = { '0', '1', '2', '3', '4', '5', '6', - '7','8', '9', 'a', 'b', 'c', 'd', - 'e', 'f' }; - char hex_tmp[2]; - char *str_ptr, *str_end; - - str_ptr = str->data; - str_end = str->data + str->length; - while (str_ptr < str_end){ - hex_tmp[0] = hex_char[*str_ptr >> 4]; - hex_tmp[1] = hex_char[*str_ptr & 0xf]; - if (wolfSSL_BIO_write(out, hex_tmp, 2) <= 0){ - return WOLFSSL_FAILURE; - } - str_ptr++; - str_len += 2; + if (flags & ASN1_STRFLGS_DUMP_DER){ + hex_tmp[0] = hex_char[str->type >> 4]; + hex_tmp[1] = hex_char[str->type & 0xf]; + hex_tmp[2] = hex_char[str->length >> 4]; + hex_tmp[3] = hex_char[str->length & 0xf]; + if (wolfSSL_BIO_write(out, hex_tmp, 4) != 4){ + if (type_len > 0) + XFREE(typebuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return WOLFSSL_FAILURE; } - return str_len; + str_len += 4; + XMEMSET(hex_tmp, 0, 4); } - /* ASN1_STRFLGS_DUMP_DER */ - if (wolfSSL_BIO_write(out, str->data, str->length) <= 0) - return WOLFSSL_FAILURE; - str_len += str->length; + + str_ptr = str->data; + str_end = str->data + str->length; + while (str_ptr < str_end){ + hex_tmp[0] = hex_char[*str_ptr >> 4]; + hex_tmp[1] = hex_char[*str_ptr & 0xf]; + if (wolfSSL_BIO_write(out, hex_tmp, 2) != 2){ + if (type_len > 0) + XFREE(typebuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return WOLFSSL_FAILURE; + } + str_ptr++; + str_len += 2; + } + fprintf(stderr, "str_len = %d\n", (int)str_len); return str_len; } - if (flags & ASN1_STRFLGS_UTF8_CONVERT){ - /* Not implemented yet */ + if (type_len > 0){ + if (wolfSSL_BIO_write(out, typebuf, type_len) != (int)type_len){ + XFREE(typebuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return WOLFSSL_FAILURE; + } + str_len += type_len; } - return 0; -} + if (flags & ASN1_STRFLGS_ESC_2253){ + char esc_ch[] = "+;<>\\"; + char* esc_ptr = NULL; + esc_ptr = str->data; + while (*esc_ptr != 0){ + if (check_esc_char(*esc_ptr, esc_ch)){ + fprintf(stderr, "esc_char = %c\n",*esc_ptr); + if (wolfSSL_BIO_write(out,"\\", 1) != 1) + goto err_exit; + str_len++; + } + if (wolfSSL_BIO_write(out, esc_ptr, 1) != 1) + goto err_exit; + str_len++; + esc_ptr++; + } + if (type_len > 0) + XFREE(typebuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return str_len; + } + + if (wolfSSL_BIO_write(out, str->data, str->length) != str->length){ + if (type_len > 0) + XFREE(typebuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return WOLFSSL_FAILURE; + } + str_len += str->length; + + XFREE(typebuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return str_len; + +err_exit: + if (type_len > 0) + XFREE(typebuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return WOLFSSL_FAILURE; +} #ifndef NO_ASN_TIME WOLFSSL_ASN1_TIME *wolfSSL_ASN1_TIME_to_generalizedtime(WOLFSSL_ASN1_TIME *t, diff --git a/tests/api.c b/tests/api.c index 0fc7d146d..e27817b0a 100644 --- a/tests/api.c +++ b/tests/api.c @@ -18452,6 +18452,70 @@ static void test_wolfSSL_OPENSSL_add_all_algorithms(void){ static void test_wolfSSL_ASN1_STRING_print_ex(void){ #if defined(OPENSSL_EXTRA) + ASN1_STRING* asn_str = NULL; + const char data[] = "Hello wolfSSL!"; + ASN1_STRING* esc_str = NULL; + const char esc_data[] = "a+;<>"; + BIO *bio; + unsigned long flags; + int p_len; + unsigned char rbuf[256]; + + printf(testingFmt, "wolfSSL_ASN1_STRING_print_ex()"); + + /* setup */ + XMEMSET(rbuf, 0, 256); + bio = BIO_new(BIO_s_mem()); + BIO_set_write_buf_size(bio,256); + + asn_str = ASN1_STRING_type_new(V_ASN1_OCTET_STRING); + ASN1_STRING_set(asn_str, (const void*)data, sizeof(data)); + esc_str = ASN1_STRING_type_new(V_ASN1_OCTET_STRING); + ASN1_STRING_set(esc_str, (const void*)esc_data, sizeof(esc_data)); + + /* RFC2253 Escape */ + flags = ASN1_STRFLGS_ESC_2253; + p_len = wolfSSL_ASN1_STRING_print_ex(bio, esc_str, flags); + AssertIntEQ(p_len, 9); + BIO_read(bio, (void*)rbuf, 9); + AssertStrEQ((char*)rbuf, "a\\+\\;\\<\\>"); + + /* Show type */ + XMEMSET(rbuf, 0, 256); + flags = ASN1_STRFLGS_SHOW_TYPE; + p_len = wolfSSL_ASN1_STRING_print_ex(bio, asn_str, flags); + AssertIntEQ(p_len, 28); + BIO_read(bio, (void*)rbuf, 28); + AssertStrEQ((char*)rbuf, "OCTET STRING:Hello wolfSSL!"); + + /* Dump All */ + XMEMSET(rbuf, 0, 256); + flags = ASN1_STRFLGS_DUMP_ALL; + p_len = wolfSSL_ASN1_STRING_print_ex(bio, asn_str, flags); + AssertIntEQ(p_len, 31); + BIO_read(bio, (void*)rbuf, 31); + AssertStrEQ((char*)rbuf, "#48656C6C6F20776F6C6653534C2100"); + + /* Dump Der */ + XMEMSET(rbuf, 0, 256); + flags = ASN1_STRFLGS_DUMP_ALL | ASN1_STRFLGS_DUMP_DER; + p_len = wolfSSL_ASN1_STRING_print_ex(bio, asn_str, flags); + AssertIntEQ(p_len, 35); + BIO_read(bio, (void*)rbuf, 35); + AssertStrEQ((char*)rbuf, "#040F48656C6C6F20776F6C6653534C2100"); + + /* Dump All + Show type */ + XMEMSET(rbuf, 0, 256); + flags = ASN1_STRFLGS_DUMP_ALL | ASN1_STRFLGS_SHOW_TYPE; + p_len = wolfSSL_ASN1_STRING_print_ex(bio, asn_str, flags); + AssertIntEQ(p_len, 44); + BIO_read(bio, (void*)rbuf, 44); + AssertStrEQ((char*)rbuf, "OCTET STRING:#48656C6C6F20776F6C6653534C2100"); + + BIO_free(bio); + ASN1_STRING_free(asn_str); + + printf(resultFmt, passed); #endif } From 0fb446ad3662a86722339181730faf5b5e5d4664 Mon Sep 17 00:00:00 2001 From: Go Hosohara Date: Tue, 22 May 2018 18:53:00 +0900 Subject: [PATCH 110/146] i2c_ASN1_INTEGER --- src/ssl.c | 121 ++++++++++++++++++++++++++++++++---------- tests/api.c | 96 ++++++++++++++++++++++++++++++++- wolfssl/openssl/ssl.h | 2 +- wolfssl/ssl.h | 7 +-- 4 files changed, 192 insertions(+), 34 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 85d6b21f3..2f31e5345 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -32637,8 +32637,11 @@ int wolfSSL_CTX_set_alpn_protos(WOLFSSL_CTX *ctx, const unsigned char *p, #ifndef NO_WOLFSSL_STUB int wolfSSL_X509_check_ca(WOLFSSL_X509 *x509) { - WOLFSSL_STUB("X509_check_ca"); - (void)x509; + WOLFSSL_ENTER("X509_check_ca"); + + if (x509->isCa) + return 1; + return 0; } @@ -32688,11 +32691,10 @@ static int check_esc_char(char c, char *esc) int wolfSSL_ASN1_STRING_print_ex(WOLFSSL_BIO *out, WOLFSSL_ASN1_STRING *str, unsigned long flags) { - WOLFSSL_ENTER("ASN1_STRING_PRINT_ex"); + WOLFSSL_ENTER("wolfSSL_ASN1_STRING_PRINT_ex"); size_t str_len = 0, type_len = 0; unsigned char *typebuf = NULL; const char *hash="#"; - //unsigned char * strbuf = NULL; if (out == NULL || str == NULL) return WOLFSSL_FAILURE; @@ -32702,7 +32704,7 @@ int wolfSSL_ASN1_STRING_print_ex(WOLFSSL_BIO *out, WOLFSSL_ASN1_STRING *str, const char *tag = wolfSSL_ASN1_tag2str(str->type); /* colon len + tag len + null*/ type_len = XSTRLEN(tag) + 2; - typebuf = (unsigned char *)XMALLOC(str_len , NULL, DYNAMIC_TYPE_TMP_BUFFER); + typebuf = (unsigned char *)XMALLOC(type_len , NULL, DYNAMIC_TYPE_TMP_BUFFER); if (typebuf == NULL){ WOLFSSL_MSG("memory alloc failed."); return WOLFSSL_FAILURE; @@ -32721,7 +32723,7 @@ int wolfSSL_ASN1_STRING_print_ex(WOLFSSL_BIO *out, WOLFSSL_ASN1_STRING *str, char *str_ptr, *str_end; if (type_len > 0){ - if (wolfSSL_BIO_write(out, typebuf, type_len) != (int)type_len){ + if (wolfSSL_BIO_write(out, typebuf, (int)type_len) != (int)type_len){ XFREE(typebuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); return WOLFSSL_FAILURE; } @@ -32760,12 +32762,11 @@ int wolfSSL_ASN1_STRING_print_ex(WOLFSSL_BIO *out, WOLFSSL_ASN1_STRING *str, str_ptr++; str_len += 2; } - fprintf(stderr, "str_len = %d\n", (int)str_len); - return str_len; + return (int)str_len; } if (type_len > 0){ - if (wolfSSL_BIO_write(out, typebuf, type_len) != (int)type_len){ + if (wolfSSL_BIO_write(out, typebuf, (int)type_len) != (int)type_len){ XFREE(typebuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); return WOLFSSL_FAILURE; } @@ -32779,7 +32780,6 @@ int wolfSSL_ASN1_STRING_print_ex(WOLFSSL_BIO *out, WOLFSSL_ASN1_STRING *str, esc_ptr = str->data; while (*esc_ptr != 0){ if (check_esc_char(*esc_ptr, esc_ch)){ - fprintf(stderr, "esc_char = %c\n",*esc_ptr); if (wolfSSL_BIO_write(out,"\\", 1) != 1) goto err_exit; str_len++; @@ -32791,7 +32791,7 @@ int wolfSSL_ASN1_STRING_print_ex(WOLFSSL_BIO *out, WOLFSSL_ASN1_STRING *str, } if (type_len > 0) XFREE(typebuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); - return str_len; + return (int)str_len; } if (wolfSSL_BIO_write(out, str->data, str->length) != str->length){ @@ -32802,7 +32802,7 @@ int wolfSSL_ASN1_STRING_print_ex(WOLFSSL_BIO *out, WOLFSSL_ASN1_STRING *str, str_len += str->length; XFREE(typebuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); - return str_len; + return (int)str_len; err_exit: if (type_len > 0) @@ -32814,7 +32814,7 @@ err_exit: WOLFSSL_ASN1_TIME *wolfSSL_ASN1_TIME_to_generalizedtime(WOLFSSL_ASN1_TIME *t, WOLFSSL_ASN1_TIME **out) { - WOLFSSL_ENTER("ASN1_TIME_to_generalizedtime"); + WOLFSSL_ENTER("wolfSSL_ASN1_TIME_to_generalizedtime"); unsigned char time_type; WOLFSSL_ASN1_TIME *ret = NULL; unsigned char *data_ptr = NULL; @@ -32859,24 +32859,89 @@ WOLFSSL_ASN1_TIME *wolfSSL_ASN1_TIME_to_generalizedtime(WOLFSSL_ASN1_TIME *t, #endif /* !NO_ASN_TIME */ -#ifndef NO_WOLFSSL_STUB #ifndef NO_ASN -int wolfSSL_i2c_ASN1_INTEGER(WOLFSSL_ASN1_INTEGER **a, unsigned char **pp) +int wolfSSL_i2c_ASN1_INTEGER(WOLFSSL_ASN1_INTEGER *a, unsigned char **pp) { - WOLFSSL_STUB("i2c_ASN1_INTEGER"); - (void)a; - (void)pp; - return 0; + WOLFSSL_ENTER("wolfSSL_i2c_ASN1_INTEGER"); + + unsigned char *pptr = NULL; + char pad = 0 ; + unsigned char pad_val = 0; + int ret_size = 0; + unsigned char data1 = 0; + unsigned char neg = 0; + int i = 0; + + if (a == NULL) + return WOLFSSL_FAILURE; + + ret_size = a->intData[1]; + if (ret_size == 0) + ret_size = 1; + else{ + ret_size = (int)a->intData[1]; + neg = a->negative; + data1 = a->intData[2]; + if (ret_size == 1 && data1 == 0) + neg = 0; + /* 0x80 or greater positive number in first byte */ + if (!neg && (data1 > 127)){ + pad = 1; + pad_val = 0; + } else if (neg){ + /* negative number */ + if (data1 > 128){ + pad = 1; + pad_val = 0xff; + } else if (data1 == 128){ + for (i = 3; i < a->intData[1] + 2; i++){ + if (a->intData[i]){ + pad = 1; + pad_val = 0xff; + break; + } + } + } + } + ret_size += (int)pad; + } + if (pp == NULL) + return ret_size; + + pptr = *pp; + if (pad) + *(pptr++) = pad_val; + if (a->intData[1] == 0) + *(pptr++) = 0; + else if (!neg){ + /* positive number */ + for (i=0; i < a->intData[1]; i++){ + *pptr = a->intData[i+2]; + pptr++; + } + } else { + /* negative number */ + int str_len = 0; + + /* 0 padding from end of buffer */ + str_len = (int)a->intData[1]; + pptr += a->intData[1] - 1; + while (!a->intData[str_len + 2] && str_len > 1){ + *(pptr--) = 0; + str_len--; + } + /* 2's complement next octet */ + *(pptr--) = ((a->intData[str_len + 1]) ^ 0xff) + 1; + str_len--; + /* Complement any octets left */ + while (str_len > 0){ + *(pptr--) = a->intData[str_len + 1] ^ 0xff; + str_len--; + } + } + *pp += ret_size; + return ret_size; } #endif /* !NO_ASN */ -#endif /* !NO_WOLFSSL_STUB */ - - -int wolfSSL_X509_STORE_add_crl(WOLFSSL_X509_STORE *ctx, WOLFSSL_X509_CRL *x) -{ - (void)ctx; - (void)x; - return 0; -} #endif /* OPENSSLEXTRA */ \ No newline at end of file diff --git a/tests/api.c b/tests/api.c index e27817b0a..7be19f42e 100644 --- a/tests/api.c +++ b/tests/api.c @@ -17139,8 +17139,8 @@ static void test_wolfSSL_ASN1_TIME_adj(void) /* GeneralizedTime notation test */ /* 2055/03/01 09:00:00 */ t = (time_t)85 * year + 59 * day + 9 * hour + 21 * day; - offset_day = 12; - offset_sec = 10 * mini; + offset_day = 12; + offset_sec = 10 * mini; asn_time = wolfSSL_ASN1_TIME_adj(s, t, offset_day, offset_sec); AssertTrue(asn_time->data[0] == asn_gen_time); XSTRNCPY(date_str,(const char*) &asn_time->data+2, 15); @@ -18514,6 +18514,7 @@ static void test_wolfSSL_ASN1_STRING_print_ex(void){ BIO_free(bio); ASN1_STRING_free(asn_str); + ASN1_STRING_free(esc_str); printf(resultFmt, passed); #endif @@ -19465,6 +19466,96 @@ static void test_wolfSSL_X509_CRL(void) return; } +static void test_wolfSSL_i2c_ASN1_INTEGER() +{ +#ifdef OPENSSL_EXTRA + ASN1_INTEGER *a; + unsigned char *pp,*tpp; + int ret; + + a = wolfSSL_ASN1_INTEGER_new(); + + /* 40 */ + a->intData[0] = ASN_INTEGER; + a->intData[1] = 1; + a->intData[2] = 40; + ret = wolfSSL_i2c_ASN1_INTEGER(a, NULL); + AssertIntEQ(ret, 1); + pp = (unsigned char*)XMALLOC(ret + 1, NULL, DYNAMIC_TYPE_TMP_BUFFER); + tpp = pp; + XMEMSET(pp, 0, ret + 1); + wolfSSL_i2c_ASN1_INTEGER(a, &pp); + pp--; + AssertIntEQ(*pp, 40); + XFREE(tpp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + + /* 128 */ + a->intData[0] = ASN_INTEGER; + a->intData[1] = 1; + a->intData[2] = 128; + ret = wolfSSL_i2c_ASN1_INTEGER(a, NULL); + AssertIntEQ(ret, 2); + pp = (unsigned char*)XMALLOC(ret + 1, NULL, DYNAMIC_TYPE_TMP_BUFFER); + tpp = pp; + XMEMSET(pp, 0, ret + 1); + wolfSSL_i2c_ASN1_INTEGER(a, &pp); + pp--; + AssertIntEQ(*(pp--), 128); + AssertIntEQ(*pp, 0); + XFREE(tpp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + + /* -40 */ + a->intData[0] = ASN_INTEGER; + a->intData[1] = 1; + a->intData[2] = 40; + a->negative = 1; + ret = wolfSSL_i2c_ASN1_INTEGER(a, NULL); + AssertIntEQ(ret, 1); + pp = (unsigned char*)XMALLOC(ret + 1, NULL, DYNAMIC_TYPE_TMP_BUFFER); + tpp = pp; + XMEMSET(pp, 0, ret + 1); + wolfSSL_i2c_ASN1_INTEGER(a, &pp); + pp--; + AssertIntEQ(*pp, 216); + XFREE(tpp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + + /* -128 */ + a->intData[0] = ASN_INTEGER; + a->intData[1] = 1; + a->intData[2] = 128; + a->negative = 1; + ret = wolfSSL_i2c_ASN1_INTEGER(a, NULL); + AssertIntEQ(ret, 1); + pp = (unsigned char*)XMALLOC(ret + 1, NULL, DYNAMIC_TYPE_TMP_BUFFER); + tpp = pp; + XMEMSET(pp, 0, ret + 1); + wolfSSL_i2c_ASN1_INTEGER(a, &pp); + pp--; + AssertIntEQ(*pp, 128); + XFREE(tpp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + + /* -200 */ + a->intData[0] = ASN_INTEGER; + a->intData[1] = 1; + a->intData[2] = 200; + a->negative = 1; + ret = wolfSSL_i2c_ASN1_INTEGER(a, NULL); + AssertIntEQ(ret, 2); + pp = (unsigned char*)XMALLOC(ret + 1, NULL, DYNAMIC_TYPE_TMP_BUFFER); + tpp = pp; + XMEMSET(pp, 0, ret + 1); + wolfSSL_i2c_ASN1_INTEGER(a, &pp); + pp--; + AssertIntEQ(*(pp--), 56); + AssertIntEQ(*pp, 255); + + XFREE(tpp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + wolfSSL_ASN1_INTEGER_free(a); + + printf(resultFmt, passed); +#endif /* OPENSSL_EXTRA */ +} + /*----------------------------------------------------------------------------* | Main *----------------------------------------------------------------------------*/ @@ -19579,6 +19670,7 @@ void ApiTest(void) test_wolfSSL_OPENSSL_add_all_algorithms(); test_wolfSSL_ASN1_STRING_print_ex(); test_wolfSSL_ASN1_TIME_to_generalizedtime(); + test_wolfSSL_i2c_ASN1_INTEGER(); /* test the no op functions for compatibility */ test_no_op_functions(); diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index 0c2d9ebb1..a50e99bcb 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -895,7 +895,7 @@ typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING; #define SSL_get0_session wolfSSL_SSL_get0_session #define X509_check_host wolfSSL_X509_check_host #define i2a_ASN1_INTEGER wolfSSL_i2a_ASN1_INTEGER -#define i2c_ASN1_INTEGER wolfSSL_i2a_ASN1_INTEGER +#define i2c_ASN1_INTEGER wolfSSL_i2c_ASN1_INTEGER #define ERR_peek_error_line_data wolfSSL_ERR_peek_error_line_data #define ERR_load_BIO_strings wolfSSL_ERR_load_BIO_strings #define SSL_CTX_set_tlsext_ticket_key_cb wolfSSL_CTX_set_tlsext_ticket_key_cb diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 5914f75a8..963854b9f 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -189,6 +189,7 @@ struct WOLFSSL_ASN1_INTEGER { * byte type */ unsigned char intData[WOLFSSL_ASN1_INTEGER_MAX]; /* ASN_INTEGER | LENGTH | hex of number */ + unsigned char negative; /* negative number flag */ unsigned char* data; unsigned int dataMax; /* max size of data buffer */ @@ -1528,12 +1529,12 @@ WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509(WOLFSSL_X509** x509, const unsigned char** in, int len); WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_d2i(WOLFSSL_X509** x509, const unsigned char* in, int len); -WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509_fp(FILE *fp, WOLFSSL_X509 **x509); WOLFSSL_API int wolfSSL_i2d_X509(WOLFSSL_X509* x509, unsigned char** out); WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL(WOLFSSL_X509_CRL **crl, const unsigned char *in, int len); #ifndef NO_FILESYSTEM -WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL_fp(XFILE file, WOLFSSL_X509_CRL **crl); +WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509_fp(FILE *fp, WOLFSSL_X509 **x509); +WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL_fp(WOLFSSL_X509_CRL **crl, XFILE file); #endif WOLFSSL_API void wolfSSL_X509_CRL_free(WOLFSSL_X509_CRL *crl); @@ -2921,7 +2922,7 @@ WOLFSSL_API const char *wolfSSL_ASN1_tag2str(int tag); WOLFSSL_API int wolfSSL_ASN1_STRING_print_ex(WOLFSSL_BIO *out, WOLFSSL_ASN1_STRING *str, unsigned long flags); WOLFSSL_API WOLFSSL_ASN1_TIME *wolfSSL_ASN1_TIME_to_generalizedtime(WOLFSSL_ASN1_TIME *t, WOLFSSL_ASN1_TIME **out); -WOLFSSL_API int wolfSSL_i2c_ASN1_INTEGER(WOLFSSL_ASN1_INTEGER **a, unsigned char **pp); +WOLFSSL_API int wolfSSL_i2c_ASN1_INTEGER(WOLFSSL_ASN1_INTEGER *a, unsigned char **pp); WOLFSSL_API int wolfSSL_X509_STORE_add_crl(WOLFSSL_X509_STORE *ctx, WOLFSSL_X509_CRL *x); #endif /* OPENSSL_EXTRA */ From 3f6b7c883310a9bcc36c353bbdc9a9f62924399c Mon Sep 17 00:00:00 2001 From: Go Hosohara Date: Wed, 23 May 2018 16:33:11 +0900 Subject: [PATCH 111/146] Merge with openSSL-Compat-CRL-STORE on kojo1/wolfssl --- src/ssl.c | 57 +++++++++++++++------------------------------------ tests/api.c | 29 ++++++++++++++++---------- wolfssl/ssl.h | 5 +---- 3 files changed, 35 insertions(+), 56 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 2f31e5345..448c4a8dc 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -14364,19 +14364,6 @@ WOLFSSL_X509* wolfSSL_X509_d2i(WOLFSSL_X509** x509, const byte* in, int len) return newX509; } - - -#ifndef NO_WOLFSSL_STUB -#ifndef NO_FILESYSTEM -WOLFSSL_X509* wolfSSL_d2i_X509_fp(FILE *fp, WOLFSSL_X509 **x509) -{ - WOLFSSL_STUB("wolfSSL_d2i_X509_fp"); - (void)fp; - (void)x509; - return 0; -} -#endif /* !NO_FILESYSTEM */ -#endif /* !NO_WOLFSSL_STUB */ #endif /* KEEP_PEER_CERT || SESSION_CERTS || OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ @@ -18082,7 +18069,7 @@ int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx) } #endif /* NO_CERTS */ -#ifndef NO_FILESYSTEM +#if !defined(NO_FILESYSTEM) static void *wolfSSL_d2i_X509_fp_ex(XFILE file, void **x509, int type) { void *newx509 = NULL; @@ -18168,15 +18155,18 @@ WOLFSSL_X509 *wolfSSL_d2i_X509_fp(XFILE fp, WOLFSSL_X509 **x509) WOLFSSL_ENTER("wolfSSL_d2i_X509_fp"); return (WOLFSSL_X509 *)wolfSSL_d2i_X509_fp_ex(fp, (void **)x509, CERT_TYPE); } -#endif /* NO_FILESYSTEM */ +#endif /* !NO_FILESYSTEM */ #ifdef HAVE_CRL +#ifndef NO_FILESYSTEM WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL_fp(XFILE fp, WOLFSSL_X509_CRL **crl) { WOLFSSL_ENTER("wolfSSL_d2i_X509_CRL_fp"); return (WOLFSSL_X509_CRL *)wolfSSL_d2i_X509_fp_ex(fp, (void **)crl, CRL_TYPE); } +#endif /* !NO_FILESYSTEM */ + WOLFSSL_X509_CRL* wolfSSL_d2i_X509_CRL(WOLFSSL_X509_CRL** crl, const unsigned char* in, int len) { @@ -18224,7 +18214,7 @@ void wolfSSL_X509_CRL_free(WOLFSSL_X509_CRL *crl) FreeCRL(crl, 1); return; } -#endif +#endif /* HAVE_CRL */ #ifndef NO_WOLFSSL_STUB WOLFSSL_ASN1_TIME* wolfSSL_X509_CRL_get_lastUpdate(WOLFSSL_X509_CRL* crl) @@ -32634,7 +32624,6 @@ int wolfSSL_CTX_set_alpn_protos(WOLFSSL_CTX *ctx, const unsigned char *p, #endif /* WOLFCRYPT_ONLY */ #if defined(OPENSSL_EXTRA) -#ifndef NO_WOLFSSL_STUB int wolfSSL_X509_check_ca(WOLFSSL_X509 *x509) { WOLFSSL_ENTER("X509_check_ca"); @@ -32646,19 +32635,9 @@ int wolfSSL_X509_check_ca(WOLFSSL_X509 *x509) } -int wolfSSL_d2i_PKCS12_fp(FILE *fp, WC_PKCS12 *pkcs12) -{ - WOLFSSL_STUB("d2i_PKCS12_fp"); - (void)fp; - (void)pkcs12; - return 0; -} -#endif /* NO_WOLFSSL_STUB */ - - const char *wolfSSL_ASN1_tag2str(int tag) { - static const char *const tag_label[] = { + static const char *const tag_label[31] = { "EOC", "BOOLEAN", "INTEGER", "BIT STRING", "OCTET STRING", "NULL", "OBJECT", "OBJECT DESCRIPTOR", "EXTERNAL", "REAL", "ENUMERATED", "", "UTF8STRING", "", "", "", @@ -32730,9 +32709,7 @@ int wolfSSL_ASN1_STRING_print_ex(WOLFSSL_BIO *out, WOLFSSL_ASN1_STRING *str, str_len += type_len; } if (wolfSSL_BIO_write(out, hash, 1) != 1){ - if (type_len > 0) - XFREE(typebuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); - return WOLFSSL_FAILURE; + goto err_exit; } str_len++; if (flags & ASN1_STRFLGS_DUMP_DER){ @@ -32741,9 +32718,7 @@ int wolfSSL_ASN1_STRING_print_ex(WOLFSSL_BIO *out, WOLFSSL_ASN1_STRING *str, hex_tmp[2] = hex_char[str->length >> 4]; hex_tmp[3] = hex_char[str->length & 0xf]; if (wolfSSL_BIO_write(out, hex_tmp, 4) != 4){ - if (type_len > 0) - XFREE(typebuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); - return WOLFSSL_FAILURE; + goto err_exit; } str_len += 4; XMEMSET(hex_tmp, 0, 4); @@ -32755,13 +32730,14 @@ int wolfSSL_ASN1_STRING_print_ex(WOLFSSL_BIO *out, WOLFSSL_ASN1_STRING *str, hex_tmp[0] = hex_char[*str_ptr >> 4]; hex_tmp[1] = hex_char[*str_ptr & 0xf]; if (wolfSSL_BIO_write(out, hex_tmp, 2) != 2){ - if (type_len > 0) - XFREE(typebuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); - return WOLFSSL_FAILURE; + goto err_exit; } str_ptr++; str_len += 2; } + if (type_len > 0) + XFREE(typebuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return (int)str_len; } @@ -32795,13 +32771,12 @@ int wolfSSL_ASN1_STRING_print_ex(WOLFSSL_BIO *out, WOLFSSL_ASN1_STRING *str, } if (wolfSSL_BIO_write(out, str->data, str->length) != str->length){ - if (type_len > 0) - XFREE(typebuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); - return WOLFSSL_FAILURE; + goto err_exit; } str_len += str->length; + if (type_len > 0) + XFREE(typebuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(typebuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); return (int)str_len; err_exit: diff --git a/tests/api.c b/tests/api.c index 7be19f42e..44ed1c806 100644 --- a/tests/api.c +++ b/tests/api.c @@ -18451,7 +18451,7 @@ static void test_wolfSSL_OPENSSL_add_all_algorithms(void){ } static void test_wolfSSL_ASN1_STRING_print_ex(void){ -#if defined(OPENSSL_EXTRA) +#if defined(OPENSSL_EXTRA) && !defined(NO_ASN) ASN1_STRING* asn_str = NULL; const char data[] = "Hello wolfSSL!"; ASN1_STRING* esc_str = NULL; @@ -18459,21 +18459,30 @@ static void test_wolfSSL_ASN1_STRING_print_ex(void){ BIO *bio; unsigned long flags; int p_len; - unsigned char rbuf[256]; + unsigned char rbuf[255]; printf(testingFmt, "wolfSSL_ASN1_STRING_print_ex()"); /* setup */ - XMEMSET(rbuf, 0, 256); + XMEMSET(rbuf, 0, 255); bio = BIO_new(BIO_s_mem()); - BIO_set_write_buf_size(bio,256); + BIO_set_write_buf_size(bio,255); asn_str = ASN1_STRING_type_new(V_ASN1_OCTET_STRING); ASN1_STRING_set(asn_str, (const void*)data, sizeof(data)); esc_str = ASN1_STRING_type_new(V_ASN1_OCTET_STRING); ASN1_STRING_set(esc_str, (const void*)esc_data, sizeof(esc_data)); + /* no flags */ + XMEMSET(rbuf, 0, 255); + flags = 0; + p_len = wolfSSL_ASN1_STRING_print_ex(bio, asn_str, flags); + AssertIntEQ(p_len, 15); + BIO_read(bio, (void*)rbuf, 15); + AssertStrEQ((char*)rbuf, "Hello wolfSSL!"); + /* RFC2253 Escape */ + XMEMSET(rbuf, 0, 255); flags = ASN1_STRFLGS_ESC_2253; p_len = wolfSSL_ASN1_STRING_print_ex(bio, esc_str, flags); AssertIntEQ(p_len, 9); @@ -18481,7 +18490,7 @@ static void test_wolfSSL_ASN1_STRING_print_ex(void){ AssertStrEQ((char*)rbuf, "a\\+\\;\\<\\>"); /* Show type */ - XMEMSET(rbuf, 0, 256); + XMEMSET(rbuf, 0, 255); flags = ASN1_STRFLGS_SHOW_TYPE; p_len = wolfSSL_ASN1_STRING_print_ex(bio, asn_str, flags); AssertIntEQ(p_len, 28); @@ -18489,7 +18498,7 @@ static void test_wolfSSL_ASN1_STRING_print_ex(void){ AssertStrEQ((char*)rbuf, "OCTET STRING:Hello wolfSSL!"); /* Dump All */ - XMEMSET(rbuf, 0, 256); + XMEMSET(rbuf, 0, 255); flags = ASN1_STRFLGS_DUMP_ALL; p_len = wolfSSL_ASN1_STRING_print_ex(bio, asn_str, flags); AssertIntEQ(p_len, 31); @@ -18497,7 +18506,7 @@ static void test_wolfSSL_ASN1_STRING_print_ex(void){ AssertStrEQ((char*)rbuf, "#48656C6C6F20776F6C6653534C2100"); /* Dump Der */ - XMEMSET(rbuf, 0, 256); + XMEMSET(rbuf, 0, 255); flags = ASN1_STRFLGS_DUMP_ALL | ASN1_STRFLGS_DUMP_DER; p_len = wolfSSL_ASN1_STRING_print_ex(bio, asn_str, flags); AssertIntEQ(p_len, 35); @@ -18505,7 +18514,7 @@ static void test_wolfSSL_ASN1_STRING_print_ex(void){ AssertStrEQ((char*)rbuf, "#040F48656C6C6F20776F6C6653534C2100"); /* Dump All + Show type */ - XMEMSET(rbuf, 0, 256); + XMEMSET(rbuf, 0, 255); flags = ASN1_STRFLGS_DUMP_ALL | ASN1_STRFLGS_SHOW_TYPE; p_len = wolfSSL_ASN1_STRING_print_ex(bio, asn_str, flags); AssertIntEQ(p_len, 44); @@ -18520,7 +18529,6 @@ static void test_wolfSSL_ASN1_STRING_print_ex(void){ #endif } - static void test_wolfSSL_ASN1_TIME_to_generalizedtime(void){ #if defined(OPENSSL_EXTRA) && !defined(NO_ASN1_TIME) WOLFSSL_ASN1_TIME *t; @@ -18567,12 +18575,12 @@ static void test_wolfSSL_ASN1_TIME_to_generalizedtime(void){ AssertIntEQ(gtime->data[1], ASN_GENERALIZED_TIME_SIZE); AssertStrEQ((char*)gtime->data + 2, "20050727123456Z"); + XFREE(gtime, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(t, NULL, DYNAMIC_TYPE_TMP_BUFFER); printf(resultFmt, passed); #endif } - static void test_no_op_functions(void) { #if defined(OPENSSL_EXTRA) @@ -19555,7 +19563,6 @@ static void test_wolfSSL_i2c_ASN1_INTEGER() printf(resultFmt, passed); #endif /* OPENSSL_EXTRA */ } - /*----------------------------------------------------------------------------* | Main *----------------------------------------------------------------------------*/ diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 963854b9f..705944cef 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -1533,8 +1533,7 @@ WOLFSSL_API int wolfSSL_i2d_X509(WOLFSSL_X509* x509, unsigned char** out); WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL(WOLFSSL_X509_CRL **crl, const unsigned char *in, int len); #ifndef NO_FILESYSTEM -WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509_fp(FILE *fp, WOLFSSL_X509 **x509); -WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL_fp(WOLFSSL_X509_CRL **crl, XFILE file); +WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL_fp(XFILE file, WOLFSSL_X509_CRL **crl); #endif WOLFSSL_API void wolfSSL_X509_CRL_free(WOLFSSL_X509_CRL *crl); @@ -2917,13 +2916,11 @@ WOLFSSL_API WOLFSSL_CIPHER* wolfSSL_sk_SSL_CIPHER_value(void *ciphers, int idx); WOLFSSL_API void ERR_load_SSL_strings(void); WOLFSSL_API void wolfSSL_EC_POINT_dump(const char *msg, const WOLFSSL_EC_POINT *p); -WOLFSSL_API int wolfSSL_d2i_PKCS12_fp(FILE *fp, WC_PKCS12 *pkcs12); WOLFSSL_API const char *wolfSSL_ASN1_tag2str(int tag); WOLFSSL_API int wolfSSL_ASN1_STRING_print_ex(WOLFSSL_BIO *out, WOLFSSL_ASN1_STRING *str, unsigned long flags); WOLFSSL_API WOLFSSL_ASN1_TIME *wolfSSL_ASN1_TIME_to_generalizedtime(WOLFSSL_ASN1_TIME *t, WOLFSSL_ASN1_TIME **out); WOLFSSL_API int wolfSSL_i2c_ASN1_INTEGER(WOLFSSL_ASN1_INTEGER *a, unsigned char **pp); -WOLFSSL_API int wolfSSL_X509_STORE_add_crl(WOLFSSL_X509_STORE *ctx, WOLFSSL_X509_CRL *x); #endif /* OPENSSL_EXTRA */ #ifdef HAVE_PK_CALLBACKS From c715bb5ade6311260bbe11445b4d94a2272ffc7a Mon Sep 17 00:00:00 2001 From: Go Hosohara Date: Thu, 24 May 2018 18:14:47 +0900 Subject: [PATCH 112/146] X509_check_ca --- src/ssl.c | 10 +++++++--- tests/api.c | 15 +++++++++++++++ 2 files changed, 22 insertions(+), 3 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 448c4a8dc..167be0f5b 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -21583,19 +21583,19 @@ int wolfSSL_RAND_bytes(unsigned char* buf, int num) return ret; } -#define RAND_ENTROPY_SZ (256/16) int wolfSSL_RAND_poll() { WOLFSSL_ENTER("wolfSSL_RAND_poll"); - byte entropy[RAND_ENTROPY_SZ]; + byte entropy[16]; int ret = 0; + const int entropy_sz = 16; if (initGlobalRNG == 0){ WOLFSSL_MSG("Global RNG no Init"); return WOLFSSL_FAILURE; } - ret = wc_GenerateSeed(&globalRNG.seed, entropy, RAND_ENTROPY_SZ); + ret = wc_GenerateSeed(&globalRNG.seed, entropy, entropy_sz); if (ret != 0){ WOLFSSL_MSG("Bad wc_RNG_GenerateBlock"); ret = WOLFSSL_FAILURE; @@ -32628,8 +32628,12 @@ int wolfSSL_X509_check_ca(WOLFSSL_X509 *x509) { WOLFSSL_ENTER("X509_check_ca"); + if (x509 == NULL) + return WOLFSSL_FAILURE; if (x509->isCa) return 1; + if (x509->extKeyUsageCrit) + return 4; return 0; } diff --git a/tests/api.c b/tests/api.c index 44ed1c806..e4d0c9fc3 100644 --- a/tests/api.c +++ b/tests/api.c @@ -18581,6 +18581,20 @@ static void test_wolfSSL_ASN1_TIME_to_generalizedtime(void){ #endif } +static void test_wolfSSL_X509_check_ca(void){ +#if defined(OPENSSL_EXTRA) + WOLFSSL_X509 *x509; + + x509 = wolfSSL_X509_load_certificate_file(svrCertFile, WOLFSSL_FILETYPE_PEM); + AssertIntEQ(wolfSSL_X509_check_ca(x509), 1); + wolfSSL_X509_free(x509); + + x509 = wolfSSL_X509_load_certificate_file(ntruCertFile, WOLFSSL_FILETYPE_PEM); + AssertIntEQ(wolfSSL_X509_check_ca(x509), 0); + wolfSSL_X509_free(x509); +#endif +} + static void test_no_op_functions(void) { #if defined(OPENSSL_EXTRA) @@ -19678,6 +19692,7 @@ void ApiTest(void) test_wolfSSL_ASN1_STRING_print_ex(); test_wolfSSL_ASN1_TIME_to_generalizedtime(); test_wolfSSL_i2c_ASN1_INTEGER(); + test_wolfSSL_X509_check_ca(); /* test the no op functions for compatibility */ test_no_op_functions(); From 8cd357aa3a10a30c562ef66408eb7a7cb6f7f5dc Mon Sep 17 00:00:00 2001 From: Go Hosohara Date: Mon, 28 May 2018 12:15:44 +0900 Subject: [PATCH 113/146] d2i_PKCS12_fp --- src/ssl.c | 18 +++++++++++++++++- tests/api.c | 2 +- 2 files changed, 18 insertions(+), 2 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 167be0f5b..e09a7f624 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -18150,6 +18150,13 @@ WOLFSSL_X509_PKCS12 *wolfSSL_d2i_PKCS12_fp(XFILE fp, WOLFSSL_X509_PKCS12 **pkcs1 return (WOLFSSL_X509_PKCS12 *)wolfSSL_d2i_X509_fp_ex(fp, (void **)pkcs12, PKCS12_TYPE); } +WOLFSSL_X509_PKCS12 *wolfSSL_d2i_PKCS12_fp(XFILE fp, WOLFSSL_X509_PKCS12 **pkcs12) +{ + WOLFSSL_ENTER("wolfSSL_d2i_PKCS12_fp"); + return (WOLFSSL_X509_PKCS12 *)wolfSSL_d2i_X509_fp_ex(fp, (void **)pkcs12, PKCS12_TYPE); +} + + WOLFSSL_X509 *wolfSSL_d2i_X509_fp(XFILE fp, WOLFSSL_X509 **x509) { WOLFSSL_ENTER("wolfSSL_d2i_X509_fp"); @@ -21589,7 +21596,8 @@ int wolfSSL_RAND_poll() WOLFSSL_ENTER("wolfSSL_RAND_poll"); byte entropy[16]; int ret = 0; - const int entropy_sz = 16; + word32 entropy_sz = 16; + if (initGlobalRNG == 0){ WOLFSSL_MSG("Global RNG no Init"); @@ -27672,7 +27680,11 @@ WOLFSSL_RSA *wolfSSL_d2i_RSAPublicKey(WOLFSSL_RSA **r, const unsigned char **pp, int wolfSSL_i2d_RSAPublicKey(WOLFSSL_RSA *rsa, const unsigned char **pp) { byte *der; +<<<<<<< HEAD int derLen; +======= + int derLen = 165; +>>>>>>> d2i_PKCS12_fp int ret; WOLFSSL_ENTER("i2d_RSAPublicKey"); @@ -27682,6 +27694,10 @@ int wolfSSL_i2d_RSAPublicKey(WOLFSSL_RSA *rsa, const unsigned char **pp) WOLFSSL_MSG("SetRsaInternal Failed"); return ret; } +<<<<<<< HEAD +======= + +>>>>>>> d2i_PKCS12_fp if((derLen = RsaPublicKeyDerSize((RsaKey *)rsa->internal, 1)) < 0) return WOLFSSL_FATAL_ERROR; der = (byte*)XMALLOC(derLen, NULL, DYNAMIC_TYPE_TMP_BUFFER); diff --git a/tests/api.c b/tests/api.c index e4d0c9fc3..13ed6f9a7 100644 --- a/tests/api.c +++ b/tests/api.c @@ -18582,7 +18582,7 @@ static void test_wolfSSL_ASN1_TIME_to_generalizedtime(void){ } static void test_wolfSSL_X509_check_ca(void){ -#if defined(OPENSSL_EXTRA) +#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) WOLFSSL_X509 *x509; x509 = wolfSSL_X509_load_certificate_file(svrCertFile, WOLFSSL_FILETYPE_PEM); From b84f111d5192db80ccbda3d9812deab9545f4f43 Mon Sep 17 00:00:00 2001 From: Go Hosohara Date: Wed, 30 May 2018 12:17:52 +0900 Subject: [PATCH 114/146] rebase with master branch and fix some code. --- src/ssl.c | 25 ++++--------------------- wolfcrypt/src/fe_low_mem.c | 2 -- 2 files changed, 4 insertions(+), 23 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index e09a7f624..052e794b4 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -18150,13 +18150,6 @@ WOLFSSL_X509_PKCS12 *wolfSSL_d2i_PKCS12_fp(XFILE fp, WOLFSSL_X509_PKCS12 **pkcs1 return (WOLFSSL_X509_PKCS12 *)wolfSSL_d2i_X509_fp_ex(fp, (void **)pkcs12, PKCS12_TYPE); } -WOLFSSL_X509_PKCS12 *wolfSSL_d2i_PKCS12_fp(XFILE fp, WOLFSSL_X509_PKCS12 **pkcs12) -{ - WOLFSSL_ENTER("wolfSSL_d2i_PKCS12_fp"); - return (WOLFSSL_X509_PKCS12 *)wolfSSL_d2i_X509_fp_ex(fp, (void **)pkcs12, PKCS12_TYPE); -} - - WOLFSSL_X509 *wolfSSL_d2i_X509_fp(XFILE fp, WOLFSSL_X509 **x509) { WOLFSSL_ENTER("wolfSSL_d2i_X509_fp"); @@ -21593,12 +21586,11 @@ int wolfSSL_RAND_bytes(unsigned char* buf, int num) int wolfSSL_RAND_poll() { - WOLFSSL_ENTER("wolfSSL_RAND_poll"); byte entropy[16]; int ret = 0; word32 entropy_sz = 16; - + WOLFSSL_ENTER("wolfSSL_RAND_poll"); if (initGlobalRNG == 0){ WOLFSSL_MSG("Global RNG no Init"); return WOLFSSL_FAILURE; @@ -27680,11 +27672,7 @@ WOLFSSL_RSA *wolfSSL_d2i_RSAPublicKey(WOLFSSL_RSA **r, const unsigned char **pp, int wolfSSL_i2d_RSAPublicKey(WOLFSSL_RSA *rsa, const unsigned char **pp) { byte *der; -<<<<<<< HEAD int derLen; -======= - int derLen = 165; ->>>>>>> d2i_PKCS12_fp int ret; WOLFSSL_ENTER("i2d_RSAPublicKey"); @@ -27694,10 +27682,6 @@ int wolfSSL_i2d_RSAPublicKey(WOLFSSL_RSA *rsa, const unsigned char **pp) WOLFSSL_MSG("SetRsaInternal Failed"); return ret; } -<<<<<<< HEAD -======= - ->>>>>>> d2i_PKCS12_fp if((derLen = RsaPublicKeyDerSize((RsaKey *)rsa->internal, 1)) < 0) return WOLFSSL_FATAL_ERROR; der = (byte*)XMALLOC(derLen, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -32690,11 +32674,11 @@ static int check_esc_char(char c, char *esc) int wolfSSL_ASN1_STRING_print_ex(WOLFSSL_BIO *out, WOLFSSL_ASN1_STRING *str, unsigned long flags) { - WOLFSSL_ENTER("wolfSSL_ASN1_STRING_PRINT_ex"); size_t str_len = 0, type_len = 0; unsigned char *typebuf = NULL; const char *hash="#"; + WOLFSSL_ENTER("wolfSSL_ASN1_STRING_PRINT_ex"); if (out == NULL || str == NULL) return WOLFSSL_FAILURE; @@ -32809,11 +32793,11 @@ err_exit: WOLFSSL_ASN1_TIME *wolfSSL_ASN1_TIME_to_generalizedtime(WOLFSSL_ASN1_TIME *t, WOLFSSL_ASN1_TIME **out) { - WOLFSSL_ENTER("wolfSSL_ASN1_TIME_to_generalizedtime"); unsigned char time_type; WOLFSSL_ASN1_TIME *ret = NULL; unsigned char *data_ptr = NULL; + WOLFSSL_ENTER("wolfSSL_ASN1_TIME_to_generalizedtime"); if (t == NULL) return NULL; @@ -32857,8 +32841,6 @@ WOLFSSL_ASN1_TIME *wolfSSL_ASN1_TIME_to_generalizedtime(WOLFSSL_ASN1_TIME *t, #ifndef NO_ASN int wolfSSL_i2c_ASN1_INTEGER(WOLFSSL_ASN1_INTEGER *a, unsigned char **pp) { - WOLFSSL_ENTER("wolfSSL_i2c_ASN1_INTEGER"); - unsigned char *pptr = NULL; char pad = 0 ; unsigned char pad_val = 0; @@ -32867,6 +32849,7 @@ int wolfSSL_i2c_ASN1_INTEGER(WOLFSSL_ASN1_INTEGER *a, unsigned char **pp) unsigned char neg = 0; int i = 0; + WOLFSSL_ENTER("wolfSSL_i2c_ASN1_INTEGER"); if (a == NULL) return WOLFSSL_FAILURE; diff --git a/wolfcrypt/src/fe_low_mem.c b/wolfcrypt/src/fe_low_mem.c index 26eaeee7b..de0b4464a 100644 --- a/wolfcrypt/src/fe_low_mem.c +++ b/wolfcrypt/src/fe_low_mem.c @@ -55,7 +55,6 @@ void lm_copy(byte* x, const byte* a) x[i] = a[i]; } -#ifndef FREESCALE_LTC_ECC #if ((defined(HAVE_CURVE25519) && !defined(CURVE25519_SMALL)) || \ (defined(HAVE_ED25519) && !defined(ED25519_SMALL))) && \ !defined(FREESCALE_LTC_ECC) @@ -65,7 +64,6 @@ void fe_init() { } #endif -#endif #ifdef CURVE25519_SMALL From fc482235b0bebf4285ef09bf631c477ebf4b6fe0 Mon Sep 17 00:00:00 2001 From: David Garske Date: Wed, 30 May 2018 09:11:44 -0700 Subject: [PATCH 115/146] Improved the CryptoDev test to include example callback with context. --- wolfcrypt/test/test.c | 101 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 101 insertions(+) diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 3945d57ce..5c442435e 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -18575,12 +18575,110 @@ int misc_test(void) } #ifdef WOLF_CRYPTO_DEV + +/* Example custom context for crypto callback */ +typedef struct { + int exampleVar; /* example, not used */ +} myCryptoDevCtx; + + +/* Example crypto dev callback function that calls software version */ +static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) +{ + int ret = NOT_COMPILED_IN; /* return this to bypass HW and use SW */ + myCryptoDevCtx* myCtx = (myCryptoDevCtx*)ctx; + + if (info == NULL) + return BAD_FUNC_ARG; + + if (info->algo_type == WC_ALGO_TYPE_PK) { + #ifdef DEBUG_WOLFSSL + printf("CryptoDevCb: Pk Type %d\n", info->pk.type); + #endif + + #ifndef NO_RSA + if (info->pk.type == WC_PK_TYPE_RSA) { + /* set devId to invalid, so software is used */ + info->pk.rsa.key->devId = INVALID_DEVID; + + switch (info->pk.rsa.type) { + case RSA_PUBLIC_ENCRYPT: + case RSA_PUBLIC_DECRYPT: + /* perform software based RSA public op */ + ret = wc_RsaFunction( + info->pk.rsa.in, info->pk.rsa.inLen, + info->pk.rsa.out, info->pk.rsa.outLen, + info->pk.rsa.type, info->pk.rsa.key, info->pk.rsa.rng); + break; + case RSA_PRIVATE_ENCRYPT: + case RSA_PRIVATE_DECRYPT: + /* perform software based RSA private op */ + ret = wc_RsaFunction( + info->pk.rsa.in, info->pk.rsa.inLen, + info->pk.rsa.out, info->pk.rsa.outLen, + info->pk.rsa.type, info->pk.rsa.key, info->pk.rsa.rng); + break; + } + + /* reset devId */ + info->pk.rsa.key->devId = devIdArg; + } + #endif /* !NO_RSA */ + #ifdef HAVE_ECC + if (info->pk.type == WC_PK_TYPE_ECDSA_SIGN) { + /* set devId to invalid, so software is used */ + info->pk.eccsign.key->devId = INVALID_DEVID; + + ret = wc_ecc_sign_hash( + info->pk.eccsign.in, info->pk.eccsign.inlen, + info->pk.eccsign.out, info->pk.eccsign.outlen, + info->pk.eccsign.rng, info->pk.eccsign.key); + + /* reset devId */ + info->pk.eccsign.key->devId = devIdArg; + } + else if (info->pk.type == WC_PK_TYPE_ECDSA_VERIFY) { + /* set devId to invalid, so software is used */ + info->pk.eccverify.key->devId = INVALID_DEVID; + + ret = wc_ecc_verify_hash( + info->pk.eccverify.sig, info->pk.eccverify.siglen, + info->pk.eccverify.hash, info->pk.eccverify.hashlen, + info->pk.eccverify.res, info->pk.eccverify.key); + + /* reset devId */ + info->pk.eccverify.key->devId = devIdArg; + } + else if (info->pk.type == WC_PK_TYPE_ECDH) { + /* set devId to invalid, so software is used */ + info->pk.ecdh.private_key->devId = INVALID_DEVID; + + ret = wc_ecc_shared_secret( + info->pk.ecdh.private_key, info->pk.ecdh.public_key, + info->pk.ecdh.out, info->pk.ecdh.outlen); + + /* reset devId */ + info->pk.ecdh.private_key->devId = devIdArg; + } + #endif /* HAVE_ECC */ + } + + (void)myCtx; + + return ret; +} + int cryptodev_test(void) { int ret = 0; + myCryptoDevCtx myCtx; + + /* example data for callback */ + myCtx.exampleVar = 1; /* set devId to something other than INVALID_DEVID */ devId = 1; + ret = wc_CryptoDev_RegisterDevice(devId, myCryptoDevCb, &myCtx); #ifndef NO_RSA if (ret == 0) @@ -18591,6 +18689,9 @@ int cryptodev_test(void) ret = ecc_test(); #endif + /* reset devId */ + devId = INVALID_DEVID; + return ret; } #endif /* WOLF_CRYPTO_DEV */ From 5d99079603c59996bce72c63a6375e3649b5704e Mon Sep 17 00:00:00 2001 From: Chris Conlon Date: Wed, 30 May 2018 10:53:14 -0600 Subject: [PATCH 116/146] fix HAVE_SELFTEST build for CAVP selftest --- wolfcrypt/src/hash.c | 16 ++++++++++++++-- wolfcrypt/test/test.c | 4 ++-- wolfssl/internal.h | 6 ++++++ wolfssl/wolfcrypt/sha3.h | 2 ++ 4 files changed, 24 insertions(+), 4 deletions(-) diff --git a/wolfcrypt/src/hash.c b/wolfcrypt/src/hash.c index 4d796d8bc..f3ee7a2ca 100644 --- a/wolfcrypt/src/hash.c +++ b/wolfcrypt/src/hash.c @@ -48,14 +48,26 @@ enum Hash_Sum { }; #endif /* !NO_ASN */ +#ifdef HAVE_SELFTEST +enum { + /* CAVP selftest includes these in hmac.h instead of sha3.h, + copied here for that build */ + WC_SHA3_224_BLOCK_SIZE = 144, + WC_SHA3_256_BLOCK_SIZE = 136, + WC_SHA3_384_BLOCK_SIZE = 104, + WC_SHA3_512_BLOCK_SIZE = 72, +}; +#endif + /* function converts int hash type to enum */ enum wc_HashType wc_HashTypeConvert(int hashType) { /* Default to hash type none as error */ enum wc_HashType eHashType = WC_HASH_TYPE_NONE; -#ifdef HAVE_FIPS - /* original FIPSv1 requires a mapping for unique hash type to wc_HashType */ +#if defined(HAVE_FIPS) || defined(HAVE_SELFTEST) + /* original FIPSv1 and CAVP selftest require a mapping for unique hash + type to wc_HashType */ switch (hashType) { #ifndef NO_MD5 case WC_MD5: diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index baf590a4b..9205ad799 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -14074,7 +14074,7 @@ static int ecc_test_vector_item(const eccVector* vector) word32 sigSz; ecc_key userA; DECLARE_VAR(sig, byte, ECC_SIG_SIZE, HEAP_HINT); -#ifndef NO_ASN +#if !defined(NO_ASN) && !defined(HAVE_SELFTEST) word32 sigRawSz; DECLARE_VAR(sigRaw, byte, ECC_SIG_SIZE, HEAP_HINT); #endif @@ -14096,7 +14096,7 @@ static int ecc_test_vector_item(const eccVector* vector) if (ret != 0) goto done; -#ifndef NO_ASN +#if !defined(NO_ASN) && !defined(HAVE_SELFTEST) XMEMSET(sigRaw, 0, ECC_SIG_SIZE); sigRawSz = ECC_SIG_SIZE; ret = wc_ecc_rs_raw_to_sig(vector->r, vector->rSz, vector->s, vector->sSz, diff --git a/wolfssl/internal.h b/wolfssl/internal.h index a4be73250..c1ac96531 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -1188,6 +1188,12 @@ enum Misc { MAX_SYM_KEY_SIZE = WC_MAX_SYM_KEY_SIZE, #endif +#ifdef HAVE_SELFTEST + AES_256_KEY_SIZE = 32, + AES_IV_SIZE = 16, + AES_128_KEY_SIZE = 16, +#endif + AEAD_SEQ_OFFSET = 4, /* Auth Data: Sequence number */ AEAD_TYPE_OFFSET = 8, /* Auth Data: Type */ AEAD_VMAJ_OFFSET = 9, /* Auth Data: Major Version */ diff --git a/wolfssl/wolfcrypt/sha3.h b/wolfssl/wolfcrypt/sha3.h index 7f725e670..7c31bd36f 100644 --- a/wolfssl/wolfcrypt/sha3.h +++ b/wolfssl/wolfcrypt/sha3.h @@ -60,12 +60,14 @@ enum { WC_SHA3_512_DIGEST_SIZE = 64, WC_SHA3_512_COUNT = 9, +#ifndef HAVE_SELFTEST /* These values are used for HMAC, not SHA-3 directly. * They come from from FIPS PUB 202. */ WC_SHA3_224_BLOCK_SIZE = 144, WC_SHA3_256_BLOCK_SIZE = 136, WC_SHA3_384_BLOCK_SIZE = 104, WC_SHA3_512_BLOCK_SIZE = 72, +#endif }; #ifndef NO_OLD_WC_NAMES From d7b560f2aba1629b5dc0bf6190bd19cdfe4b7c96 Mon Sep 17 00:00:00 2001 From: David Garske Date: Wed, 30 May 2018 12:44:55 -0700 Subject: [PATCH 117/146] Fix for scan-build warning about value being stored and not used. Changed the `wc_RsaFunction` API to public. Added ability to expose `wc_RsaDirect` with new define `WC_RSA_DIRECT`. --- wolfcrypt/src/ecc.c | 1 - wolfcrypt/src/rsa.c | 4 ++-- wolfssl/wolfcrypt/rsa.h | 6 +++++- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index d53847ae7..6bf7a5851 100755 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -2802,7 +2802,6 @@ int wc_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out, err = wc_CryptoDev_Ecdh(private_key, public_key, out, outlen); if (err != NOT_COMPILED_IN) return err; - err = 0; /* reset error code and try using software */ } #endif diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c index 18045d47b..7d1055172 100644 --- a/wolfcrypt/src/rsa.c +++ b/wolfcrypt/src/rsa.c @@ -1517,7 +1517,7 @@ static int wc_RsaFunctionAsync(const byte* in, word32 inLen, byte* out, } #endif /* WOLFSSL_ASYNC_CRYPT && WC_ASYNC_ENABLE_RSA */ -#ifdef WC_RSA_NO_PADDING +#if defined(WC_RSA_DIRECT) || defined(WC_RSA_NO_PADDING) /* Function that does the RSA operation directly with no padding. * * in buffer to do operation on @@ -1611,7 +1611,7 @@ int wc_RsaDirect(byte* in, word32 inLen, byte* out, word32* outSz, return ret; } -#endif /* WC_RSA_NO_PADDING */ +#endif /* WC_RSA_DIRECT || WC_RSA_NO_PADDING */ int wc_RsaFunction(const byte* in, word32 inLen, byte* out, diff --git a/wolfssl/wolfcrypt/rsa.h b/wolfssl/wolfcrypt/rsa.h index ecf41413d..e2337c77a 100644 --- a/wolfssl/wolfcrypt/rsa.h +++ b/wolfssl/wolfcrypt/rsa.h @@ -152,7 +152,7 @@ WOLFSSL_API int wc_FreeRsaKey(RsaKey* key); WOLFSSL_LOCAL int wc_InitRsaHw(RsaKey* key); #endif /* WOLFSSL_XILINX_CRYPT */ -WOLFSSL_LOCAL int wc_RsaFunction(const byte* in, word32 inLen, byte* out, +WOLFSSL_API int wc_RsaFunction(const byte* in, word32 inLen, byte* out, word32* outLen, int type, RsaKey* key, WC_RNG* rng); WOLFSSL_API int wc_RsaPublicEncrypt(const byte* in, word32 inLen, byte* out, @@ -238,9 +238,13 @@ WOLFSSL_API int wc_RsaPrivateDecrypt_ex(const byte* in, word32 inLen, WOLFSSL_API int wc_RsaPrivateDecryptInline_ex(byte* in, word32 inLen, byte** out, RsaKey* key, int type, enum wc_HashType hash, int mgf, byte* label, word32 lableSz); +#if defined(WC_RSA_DIRECT) || defined(WC_RSA_NO_PADDING) WOLFSSL_API int wc_RsaDirect(byte* in, word32 inLen, byte* out, word32* outSz, RsaKey* key, int type, WC_RNG* rng); +#endif + #endif /* HAVE_FIPS*/ + WOLFSSL_API int wc_RsaFlattenPublicKey(RsaKey*, byte*, word32*, byte*, word32*); WOLFSSL_API int wc_RsaExportKey(RsaKey* key, From 33d416a060e2c3a57d829b600c8552e519ac003e Mon Sep 17 00:00:00 2001 From: David Garske Date: Wed, 30 May 2018 13:23:08 -0700 Subject: [PATCH 118/146] Fix two more scan-build issues with set but not used. --- wolfcrypt/src/ecc.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index 6bf7a5851..7ecaaeff6 100755 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -3658,7 +3658,6 @@ int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen, err = wc_CryptoDev_EccSign(in, inlen, out, outlen, rng, key); if (err != NOT_COMPILED_IN) return err; - err = 0; /* reset error code and try using software */ } #endif @@ -4317,7 +4316,6 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash, err = wc_CryptoDev_EccVerify(sig, siglen, hash, hashlen, res, key); if (err != NOT_COMPILED_IN) return err; - err = 0; /* reset error code and try using software */ } #endif From 4ecff14bd2bfeddd60861bde71dd94872fe4110c Mon Sep 17 00:00:00 2001 From: Quinn Miller Date: Wed, 30 May 2018 14:53:03 -0600 Subject: [PATCH 119/146] Fixed a filename in the pkcs7.h comments --- wolfssl/wolfcrypt/pkcs7.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wolfssl/wolfcrypt/pkcs7.h b/wolfssl/wolfcrypt/pkcs7.h index 764e2668e..513c6d7b2 100644 --- a/wolfssl/wolfcrypt/pkcs7.h +++ b/wolfssl/wolfcrypt/pkcs7.h @@ -20,7 +20,7 @@ */ /*! - \file wolfssl/wolfcrypt/pksc7.h + \file wolfssl/wolfcrypt/pkcs7.h */ #ifndef WOLF_CRYPT_PKCS7_H From 587484a1ef3fadd7f9dcf697fd0fdb81abd517ee Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Wed, 30 May 2018 16:10:34 -0600 Subject: [PATCH 120/146] add NO_OLD_SHA_NAMES macro and add back SHA512, SHA384 --- configure.ac | 2 +- wolfssl/openssl/sha.h | 10 +++++----- wolfssl/wolfcrypt/settings.h | 4 ++-- wolfssl/wolfcrypt/sha.h | 7 ++++--- wolfssl/wolfcrypt/sha256.h | 2 +- wolfssl/wolfcrypt/sha512.h | 8 ++++++++ 6 files changed, 21 insertions(+), 12 deletions(-) diff --git a/configure.ac b/configure.ac index a5e44a91e..8cae247aa 100644 --- a/configure.ac +++ b/configure.ac @@ -3930,7 +3930,7 @@ AC_ARG_ENABLE([oldnames], if test "x$ENABLED_OLDNAMES" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno" then AM_CFLAGS="$AM_CFLAGS -DNO_OLD_RNGNAME -DNO_OLD_WC_NAMES -DNO_OLD_SSL_NAMES" - AM_CFLAGS="$AM_CFLAGS -DNO_OLD_SHA256_NAMES" + AM_CFLAGS="$AM_CFLAGS -DNO_OLD_SHA_NAMES" fi diff --git a/wolfssl/openssl/sha.h b/wolfssl/openssl/sha.h index 9c098972c..2a930d96d 100644 --- a/wolfssl/openssl/sha.h +++ b/wolfssl/openssl/sha.h @@ -119,7 +119,7 @@ typedef WOLFSSL_SHA256_CTX SHA256_CTX; #define SHA256_Init wolfSSL_SHA256_Init #define SHA256_Update wolfSSL_SHA256_Update #define SHA256_Final wolfSSL_SHA256_Final -#if defined(NO_OLD_SHA256_NAMES) && !defined(HAVE_FIPS) +#if defined(NO_OLD_SHA_NAMES) && !defined(HAVE_FIPS) /* SHA256 is only available in non-fips mode because of SHA256 enum in FIPS * build. */ #define SHA256 wolfSSL_SHA256 @@ -148,8 +148,8 @@ typedef WOLFSSL_SHA384_CTX SHA384_CTX; #define SHA384_Init wolfSSL_SHA384_Init #define SHA384_Update wolfSSL_SHA384_Update #define SHA384_Final wolfSSL_SHA384_Final -#if defined(NO_OLD_SHA256_NAMES) && !defined(HAVE_FIPS) - /* SHA384 is only available in non-fips mode because of SHA256 enum in FIPS +#if defined(NO_OLD_SHA_NAMES) && !defined(HAVE_FIPS) + /* SHA384 is only available in non-fips mode because of SHA384 enum in FIPS * build. */ #define SHA384 wolfSSL_SHA384 #endif @@ -177,8 +177,8 @@ typedef WOLFSSL_SHA512_CTX SHA512_CTX; #define SHA512_Init wolfSSL_SHA512_Init #define SHA512_Update wolfSSL_SHA512_Update #define SHA512_Final wolfSSL_SHA512_Final -#if defined(NO_OLD_SHA256_NAMES) && !defined(HAVE_FIPS) - /* SHA256 is only available in non-fips mode because of SHA256 enum in FIPS +#if defined(NO_OLD_SHA_NAMES) && !defined(HAVE_FIPS) + /* SHA512 is only available in non-fips mode because of SHA512 enum in FIPS * build. */ #define SHA512 wolfSSL_SHA512 #endif diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 93cb0a2e2..a966db6f0 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -1639,8 +1639,8 @@ extern void uITRON4_free(void *p) ; #if defined(NO_OLD_WC_NAMES) || defined(OPENSSL_EXTRA) /* added to have compatibility with SHA256() */ - #if !defined(NO_OLD_SHA256_NAMES) && !defined(HAVE_FIPS) - #define NO_OLD_SHA256_NAMES + #if !defined(NO_OLD_SHA_NAMES) && !defined(HAVE_FIPS) + #define NO_OLD_SHA_NAMES #endif #endif diff --git a/wolfssl/wolfcrypt/sha.h b/wolfssl/wolfcrypt/sha.h index 6d08cf5eb..a6a9284ee 100644 --- a/wolfssl/wolfcrypt/sha.h +++ b/wolfssl/wolfcrypt/sha.h @@ -62,11 +62,12 @@ #include #endif +#if !defined(NO_OLD_SHA_NAMES) + #define SHA WC_SHA +#endif + #ifndef NO_OLD_WC_NAMES #define Sha wc_Sha - #if !defined(OPENSSL_EXTRA) - #define SHA WC_SHA - #endif #define SHA_BLOCK_SIZE WC_SHA_BLOCK_SIZE #define SHA_DIGEST_SIZE WC_SHA_DIGEST_SIZE #define SHA_PAD_SIZE WC_SHA_PAD_SIZE diff --git a/wolfssl/wolfcrypt/sha256.h b/wolfssl/wolfcrypt/sha256.h index 3409b5151..4ea49d0af 100644 --- a/wolfssl/wolfcrypt/sha256.h +++ b/wolfssl/wolfcrypt/sha256.h @@ -81,7 +81,7 @@ #define SHA256_NOINLINE #endif -#if !defined(NO_OLD_SHA256_NAMES) +#if !defined(NO_OLD_SHA_NAMES) #define SHA256 WC_SHA256 #endif diff --git a/wolfssl/wolfcrypt/sha512.h b/wolfssl/wolfcrypt/sha512.h index 315f56df0..c899ac77e 100644 --- a/wolfssl/wolfcrypt/sha512.h +++ b/wolfssl/wolfcrypt/sha512.h @@ -71,6 +71,10 @@ #define SHA512_NOINLINE #endif +#if !defined(NO_OLD_SHA_NAMES) + #define SHA512 WC_SHA512 +#endif + #if !defined(NO_OLD_WC_NAMES) #define Sha512 wc_Sha512 #define SHA512_BLOCK_SIZE WC_SHA512_BLOCK_SIZE @@ -123,6 +127,10 @@ WOLFSSL_API int wc_Sha512Copy(wc_Sha512* src, wc_Sha512* dst); #ifndef HAVE_FIPS /* avoid redefinition of structs */ #if !defined(NO_OLD_SHA_NAMES) + #define SHA384 WC_SHA384 +#endif + +#if !defined(NO_OLD_WC_NAMES) #define Sha384 wc_Sha384 #define SHA384_BLOCK_SIZE WC_SHA384_BLOCK_SIZE #define SHA384_DIGEST_SIZE WC_SHA384_DIGEST_SIZE From 5849e9f1a15fa49d5a7d0c5dd1f19f6aea29cc20 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Wed, 30 May 2018 17:42:07 -0600 Subject: [PATCH 121/146] update macro name in test case --- tests/api.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/api.c b/tests/api.c index 88c8d06ad..1d53b3fb1 100644 --- a/tests/api.c +++ b/tests/api.c @@ -18383,7 +18383,7 @@ static void test_wolfSSL_AES_ecb_encrypt(void) static void test_wolfSSL_SHA256(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_SHA256) && \ - defined(NO_OLD_SHA256_NAMES) && !defined(HAVE_FIPS) + defined(NO_OLD_SHA_NAMES) && !defined(HAVE_FIPS) unsigned char input[] = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"; unsigned char output[] = From 6a2c30e5931201e36c91f1ed1703075842b16faa Mon Sep 17 00:00:00 2001 From: John Safranek Date: Wed, 30 May 2018 17:11:38 -0700 Subject: [PATCH 122/146] Release v3.15.0 1. Update configure.ac for new version. 2. Update the version header. 3. Update the README files with the new changelog. 4. Moved all previous change logs from README files to NEWS files. --- NEWS | 1917 +++++++++++++++++++++++++++++++++++++++++++++ NEWS.md | 1908 ++++++++++++++++++++++++++++++++++++++++++++ README | 1911 ++++---------------------------------------- README.md | 1903 +++----------------------------------------- configure.ac | 26 +- wolfssl/version.h | 4 +- 6 files changed, 4065 insertions(+), 3604 deletions(-) create mode 100644 NEWS.md diff --git a/NEWS b/NEWS index e69de29bb..2cf67a6ac 100644 --- a/NEWS +++ b/NEWS @@ -0,0 +1,1917 @@ +wolfSSL Release 3.15.0 (05/01/2018) + +Release 3.15.0 of wolfSSL embedded TLS has bug fixes and new features including: + +- Support for TLS 1.3 Draft versions 23, 26 and 28. +- Improved downgrade support for TLS 1.3. +- Improved TLS 1.3 support from interoperability testing. +- Single Precision assembly code added for ARM and 64-bit ARM. +- Improved performance for Single Precision maths on 32-bit. +- Allow TLS 1.2 to be compiled out. +- Ed25519 support in TLS 1.2 and 1.3. +- Update wolfSSL_HMAC_Final() so the length parameter is optional. +- Various fixes for Coverity static analysis reports. +- Add define to use internal struct timeval (USE_WOLF_TIMEVAL_T). +- Switch LowResTimer() to call XTIME instead of time(0) for better portability. +- Expanded OpenSSL compatibility layer. +- Added Renesas CS+ project files. +- Align DH support with NIST SP 800-56A, add wc_DhSetKey_ex() for q parameter. +- Add build option for CAVP self test build (--enable-selftest). +- Expose mp_toradix() when WOLFSSL_PUBLIC_MP is defined. +- Add FIPS SGX support. +- Example certificate expiration dates and generation script updated. +- Additional optimizations to trim out unused strings depending on build + options. +- Fix for DN tag strings to have “=” when returning the string value to users. +- Fix for wolfSSL_ERR_get_error_line_data return value if no more errors are + in the queue. +- Fix for AES-CBC IV value with PIC32 hardware acceleration. +- Fix for wolfSSL_X509_print with ECC certificates. +- Fix for strict checking on URI absolute vs relative path. +- Added crypto device framework to handle PK RSA/ECC operations using + callbacks, which adds new build option `./configure --enable-cryptodev` or + `WOLF_CRYPTO_DEV`. +- Added devId support to ECC and PKCS7 for hardware based private key. +- Fixes in PKCS7 for handling possible memory leak in some error cases. +- Added test for invalid cert common name when set with + `wolfSSL_check_domain_name`. +- Refactor of the cipher suite names to use single array, which contains + internal name, IANA name and cipher suite bytes. +- Added new function `wolfSSL_get_cipher_name_from_suite` for getting IANA + cipher suite name using bytes. +- Fixes for fsanitize reports. +- Fix for openssl compatibility function `wolfSSL_RSA_verify` to check + returned size. +- Fixes and improvements for FreeRTOS AWS. +- Fixes for building openssl compatibility with FreeRTOS. +- Fix and new test for handling match on domain name that may have a null + terminator inside. +- Cleanup of the socket close code used for examples, CRL/OCSP and BIO to use + single macro `CloseSocket`. +- Refactor of the TLSX code to support returning error codes. +- Added new signature wrapper functions `wc_SignatureVerifyHash` and + `wc_SignatureGenerateHash` to allow direct use of hash. +- Improvement to GCC-ARM IDE example. +- Enhancements and cleanups for the ASN date/time code including new API's + `wc_GetDateInfo`, `wc_GetCertDates` and `wc_GetDateAsCalendarTime`. +- Fixes to resolve issues with C99 compliance. Added build option `WOLF_C99` + to force C99. +- Added a new `--enable-opensslall` option to enable all openssl compatibility + features. +- Added new `--enable-webclient` option for enabling a few HTTP API's. +- Added new `wc_OidGetHash` API for getting the hash type from a hash OID. +- Moved `wolfSSL_CertPemToDer`, `wolfSSL_KeyPemToDer`, `wolfSSL_PubKeyPemToDer` + to asn.c and renamed to `wc_`. Added backwards compatibility macro for old + function names. +- Added new `WC_MAX_SYM_KEY_SIZE` macro for helping determine max key size. +- Added `--enable-enckeys` or (`WOLFSSL_ENCRYPTED_KEYS`) to enable support for + encrypted PEM private keys using password callback without having to use + opensslextra. +- Added ForceZero on the password buffer after done using it. +- Refactor unique hash types to use same internal values + (ex WC_MD5 == WC_HASH_TYPE_MD5). +- Refactor the Sha3 types to use `wc_` naming, while retaining old names for + compatibility. +- Improvements to `wc_PBKDF1` to support more hash types and the non-standard + extra data option. +- Fix TLS 1.3 with ECC disabled and CURVE25519 enabled. +- Added new define `NO_DEV_URANDOM` to disable the use of `/dev/urandom`. +- Added `WC_RNG_BLOCKING` to indicate block w/sleep(0) is okay. +- Fix for `HAVE_EXT_CACHE` callbacks not being available without + `OPENSSL_EXTRA` defined. +- Fix for ECC max bits `MAX_ECC_BITS` not always calculating correctly due to + macro order. +- Added support for building and using PKCS7 without RSA (assuming ECC is + enabled). +- Fixes and additions for Cavium Nitrox V to support ECC, AES-GCM and HMAC + (SHA-224 and SHA3). +- Enabled ECC, AES-GCM and SHA-512/384 by default in (Linux and Windows) +- Added `./configure --enable-base16` and `WOLFSSL_BASE16` configuration + option to enable Base16 API's. +- Improvements to ATECC508A support for building without `WOLFSSL_ATMEL` + defined. +- Refactor IO callback function names to use `_CTX_` to eliminate confusion + about the first parameter. +- Added support for not loading a private key for server or client when + `HAVE_PK_CALLBACK` is defined and the private PK callback is set. +- Added new ECC API `wc_ecc_sig_size_calc` to return max signature size for + a key size. +- Cleanup ECC point import/export code and added new API + `wc_ecc_import_unsigned`. +- Fixes for handling OCSP with non-blocking. +- Added new PK (Primary Key) callbacks for the VerifyRsaSign. The new + callbacks API's are `wolfSSL_CTX_SetRsaVerifySignCb` and + `wolfSSL_CTX_SetRsaPssVerifySignCb`. +- Added new ECC API `wc_ecc_rs_raw_to_sig` to take raw unsigned R and S and + encodes them into ECDSA signature format. +- Added support for `WOLFSSL_STM32F1`. +- Cleanup of the ASN X509 header/footer and XSTRNCPY logic. +- Add copyright notice to autoconf files. (Thanks Brian Aker!) +- Updated the M4 files for autotools. (Thanks Brian Aker!) +- Add support for the cipher suite TLS_DH_anon_WITH_AES256_GCM_SHA384 with + test cases. (Thanks Thivya Ashok!) +- Add the TLS alert message unknown_psk_identity (115) from RFC 4279, + section 2. (Thanks Thivya Ashok!) +- Fix the case when using TCP with timeouts with TLS. wolfSSL shall be + agnostic to network socket behavior for TLS. (DTLS is another matter.) + The functions `wolfSSL_set_using_nonblock()` and + `wolfSSL_get_using_nonblock()` are deprecated. +- Hush the AR warning when building the static library with autotools. +- Hush the “-pthread” warning when building in some environments. +- Added a dist-hook target to the Makefile to reset the default options.h file. +- Removed the need for the darwin-clang.m4 file with the updates provided by + Brian A. +- Renamed the AES assembly file so GCC on the Mac will build it using the + preprocessor. +- Add a disable option (--disable-optflags) to turn off the default + optimization flags so user may supply their own custom flags. +- Correctly touch the dummy fips.h header. + +See INSTALL file for build instructions. +More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html + + +********* wolfSSL Release 3.14.0 (3/02/2018) + +Release 3.14.0 of wolfSSL embedded TLS has bug fixes and new features including: + +- TLS 1.3 draft 22 and 23 support added +- Additional unit tests for; SHA3, AES-CMAC, Ed25519, ECC, RSA-PSS, AES-GCM +- Many additions to the OpenSSL compatibility layer were made in this release. Some of these being enhancements to PKCS12, WOLFSSL_X509 use, WOLFSSL_EVP_PKEY, and WOLFSSL_BIO operations +- AVX1 and AVX2 performance improvements with ChaCha20 and Poly1305 +- Added i.MX CAAM driver support with Integrity OS support +- Improvements to logging with debugging, including exposing more API calls and adding options to reduce debugging code size +- Fix for signature type detection with PKCS7 RSA SignedData +- Public key call back functions added for DH Agree +- RSA-PSS API added for operating on non inline buffers (separate input and output buffers) +- API added for importing and exporting raw DSA parameters +- Updated DSA key generation to be FIPS 186-4 compliant +- Fix for wolfSSL_check_private_key when comparing ECC keys +- Support for AES Cipher Feedback(CFB) mode added +- Updated RSA key generation to be FIPS 186-4 compliant +- Update added for the ARM CMSIS software pack +- WOLFSSL_IGNORE_FILE_WARN macro added for avoiding build warnings when not working with autotools +- Performance improvements for AES-GCM with AVX1 and AVX2 +- Fix for possible memory leak on error case with wc_RsaKeyToDer function +- Make wc_PKCS7_PadData function available +- Updates made to building SGX on Linux +- STM32 hashing algorithm improvements including clock/power optimizations and auto detection of if SHA2 is supported +- Update static memory feature for FREERTOS use +- Reverse the order that certificates are compared during PKCS12 parse to account for case where multiple certificates have the same matching private key +- Update NGINX port to version 1.13.8 +- Support for HMAC-SHA3 added +- Added stricter ASN checks to enforce RFC 5280 rules. Thanks to the report from Professor Zhenhua Duan, Professor Cong Tian, and Ph.D candidate Chu Chen from Institute of Computing Theory and Technology (ICTT) of Xidian University. +- Option to have ecc_mul2add function public facing +- Getter function wc_PKCS7_GetAttributeValue added for PKCS7 attributes +- Macros NO_AES_128, NO_AES_192, NO_AES_256 added for AES key size selection at compile time +- Support for writing multiple organizations units (OU) and domain components (DC) with CSR and certificate creation +- Support for indefinite length BER encodings in PKCS7 +- Added API for additional validation of prime q in a public DH key +- Added support for RSA encrypt and decrypt without padding + + +See INSTALL file for build instructions. +More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html + + +********* wolfSSL (Formerly CyaSSL) Release 3.13.0 (12/21/2017) + +wolfSSL 3.13.0 includes bug fixes and new features, including support for +TLS 1.3 Draft 21, performance and footprint optimizations, build fixes, +updated examples and project files, and one vulnerability fix. The full list +of changes and additions in this release include: + +- Fixes for TLS 1.3, support for Draft 21 +- TLS 1.0 disabled by default, addition of “--enable-tlsv10” configure option +- New option to reduce SHA-256 code size at expense of performance + (USE_SLOW_SHA256) +- New option for memory reduced build (--enable-lowresource) +- AES-GCM performance improvements on AVX1 (IvyBridge) and AVX2 +- SHA-256 and SHA-512 performance improvements using AVX1/2 ASM +- SHA-3 size and performance optimizations +- Fixes for Intel AVX2 builds on Mac/OSX +- Intel assembly for Curve25519, and Ed25519 performance optimizations +- New option to force 32-bit mode with “--enable-32bit” +- New option to disable all inline assembly with “--disable-asm” +- Ability to override maximum signature algorithms using WOLFSSL_MAX_SIGALGO +- Fixes for handling of unsupported TLS extensions. +- Fixes for compiling AES-GCM code with GCC 4.8.* +- Allow adjusting static I/O buffer size with WOLFMEM_IO_SZ +- Fixes for building without a filesystem +- Removes 3DES and SHA1 dependencies from PKCS#7 +- Adds ability to disable PKCS#7 EncryptedData type (NO_PKCS7_ENCRYPTED_DATA) +- Add ability to get client-side SNI +- Expanded OpenSSL compatibility layer +- Fix for logging file names with OpenSSL compatibility layer enabled, with + WOLFSSL_MAX_ERROR_SZ user-overridable +- Adds static memory support to the wolfSSL example client +- Fixes for sniffer to use TLS 1.2 client method +- Adds option to wolfCrypt benchmark to benchmark individual algorithms +- Adds option to wolfCrypt benchmark to display benchmarks in powers + of 10 (-base10) +- Updated Visual Studio for ARM builds (for ECC supported curves and SHA-384) +- Updated Texas Instruments TI-RTOS build +- Updated STM32 CubeMX build with fixes for SHA +- Updated IAR EWARM project files +- Updated Apple Xcode projects with the addition of a benchmark example project + +This release of wolfSSL fixes 1 security vulnerability. + +wolfSSL is cited in the recent ROBOT Attack by Böck, Somorovsky, and Young. +The paper notes that wolfSSL only gives a weak oracle without a practical +attack but this is still a flaw. This release contains a fix for this report. +Please note that wolfSSL has static RSA cipher suites disabled by default as +of version 3.6.6 because of the lack of perfect forward secrecy. Only users +who have explicitly enabled static RSA cipher suites with WOLFSSL_STATIC_RSA +and use those suites on a host are affected. More information will be +available on our website at: + + https://wolfssl.com/wolfSSL/security/vulnerabilities.php + +See INSTALL file for build instructions. +More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html + + +********* wolfSSL (Formerly CyaSSL) Release 3.12.2 (10/23/2017) + +Release 3.12.2 of wolfSSL has bug fixes and new features including: + +This release includes many performance improvements with Intel ASM (AVX/AVX2) and AES-NI. New single precision math option to speedup RSA, DH and ECC. Embedded hardware support has been expanded for STM32, PIC32MZ and ATECC508A. AES now supports XTS mode for disk encryption. Certificate improvements for setting serial number, key usage and extended key usage. Refactor of SSL_ and hash types to allow openssl coexistence. Improvements for TLS 1.3. Fixes for OCSP stapling to allow disable and WOLFSSL specific user context for callbacks. Fixes for openssl and MySQL compatibility. Updated Micrium port. Fixes for asynchronous modes. + +- Added TLS extension for Supported Point Formats (ec_point_formats) +- Fix to not send OCSP stapling extensions in client_hello when not enabled +- Added new API's for disabling OCSP stapling +- Add check for SIZEOF_LONG with sun and LP64 +- Fixes for various TLS 1.3 disable options (RSA, ECC and ED/Curve 25519). +- Fix to disallow upgrading to TLS v1.3 +- Fixes for wolfSSL_EVP_CipherFinal() when message size is a round multiple of a block size. +- Add HMAC benchmark and expanded AES key size benchmarks +- Added simple GCC ARM Makefile example +- Add tests for 3072-bit RSA and DH. +- Fixed DRAFT_18 define and fixed downgrading with TLS v1.3 +- Fixes to allow custom serial number during certificate generation +- Add method to get WOLFSSL_CTX certificate manager +- Improvement to `wolfSSL_SetOCSP_Cb` to allow context per WOLFSSL object +- Alternate certificate chain support `WOLFSSL_ALT_CERT_CHAINS`. Enables checking cert against multiple CA's. +- Added new `--disable-oldnames` option to allow for using openssl along-side wolfssl headers (without OPENSSL_EXTRA). +- Refactor SSL_ and hashing types to use wolf specific prefix (WOLFSSL and WC_) to allow openssl coexistence. +- Fixes for HAVE_INTEL_MULX +- Cleanup include paths for MySQL cmake build +- Added configure option for building library for wolfSSH (--enable-wolfssh) +- Openssl compatibility layer improvements +- Expanded API unit tests +- Fixes for STM32 crypto hardware acceleration +- Added AES XTS mode (--enable-xts) +- Added ASN Extended Key Usage Support (see wc_SetExtKeyUsage). +- Math updates and added TFM_MIPS speedup. +- Fix for creation of the KeyUsage BitString +- Fix for 8k keys with MySQL compatibility +- Fixes for ATECC508A. +- Fixes for PIC32MZ hashing. +- Fixes and improvements to asynchronous modes for Intel QuickAssist and Cavium Nitrox V. +- Update HASH_DRBG Reseed mechanism and add test case +- Rename the file io.h/io.c to wolfio.h/wolfio.c +- Cleanup the wolfIO_Send function. +- OpenSSL Compatibility Additions and Fixes +- Improvements to Visual Studio DLL project/solution. +- Added function to generate public ECC key from private key +- Added async blocking support for sniffer tool. +- Added wolfCrypt hash tests for empty string and large data. +- Added ability to use of wolf implementation of `strtok` using `USE_WOLF_STRTOK`. +- Updated Micrium uC/OS-III Port +- Updated root certs for OCSP scripts +- New Single Precision math option for RSA, DH and ECC (off by default). See `--enable-sp`. +- Speedups for AES GCM with AESNI (--enable-aesni) +- Speedups for SHA2, ChaCha20/Poly1035 using AVX/AVX2 + + +********* wolfSSL (Formerly CyaSSL) Release 3.12.0 (8/04/2017) + +Release 3.12.0 of wolfSSL has bug fixes and new features including: + +- TLS 1.3 with Nginx! TLS 1.3 with ARMv8! TLS 1.3 with Async Crypto! (--enable-tls13) +- TLS 1.3 0RTT feature added +- Added port for using Intel SGX with Linux +- Update and fix PIC32MZ port +- Additional unit testing for MD5, SHA, SHA224, SHA256, SHA384, SHA512, RipeMd, HMAC, 3DES, IDEA, ChaCha20, ChaCha20Poly1305 AEAD, Camellia, Rabbit, ARC4, AES, RSA, Hc128 +- AVX and AVX2 assembly for improved ChaCha20 performance +- Intel QAT fixes for when using --disable-fastmath +- Update how DTLS handles decryption and MAC failures +- Update DTLS session export version number for --enable-sessionexport feature +- Add additional input argument sanity checks to ARMv8 assembly port +- Fix for making PKCS12 dynamic types match +- Fixes for potential memory leaks when using --enable-fast-rsa +- Fix for when using custom ECC curves and add BRAINPOOLP256R1 test +- Update TI-RTOS port for dependency on new wolfSSL source files +- DTLS multicast feature added, --enable-mcast +- Fix for Async crypto with GCC 7.1 and HMAC when not using Intel QuickAssist +- Improvements and enhancements to Intel QuickAssist support +- Added Xilinx port +- Added SHA3 Keccak feature, --enable-sha3 +- Expand wolfSSL Python wrapper to now include a client side implementation +- Adjust example servers to not treat a peer closed error as a hard error +- Added more sanity checks to fp_read_unsigned_bin function +- Add SHA224 and AES key wrap to ARMv8 port +- Update MQX classics and mmCAU ports +- Fix for potential buffer over read with wolfSSL_CertPemToDer +- Add PKCS7/CMS decode support for KARI with IssuerAndSerialNumber +- Fix ThreadX/NetX warning +- Fixes for OCSP and CRL non blocking sockets and for incomplete cert chain with OCSP +- Added RSA PSS sign and verify +- Fix for STM32F4 AES-GCM +- Added enable all feature (--enable-all) +- Added trackmemory feature (--enable-trackmemory) +- Fixes for AES key wrap and PKCS7 on Windows VS +- Added benchmark block size argument +- Support use of staticmemory with PKCS7 +- Fix for Blake2b build with GCC 5.4 +- Fixes for compiling wolfSSL with GCC version 7, most dealing with switch statement fall through warnings. +- Added warning when compiling without hardened math operations + + +Note: +There is a known issue with using ChaCha20 AVX assembly on versions of GCC earlier than 5.2. This is encountered with using the wolfSSL enable options --enable-intelasm and --enable-chacha. To avoid this issue ChaCha20 can be enabled with --enable-chacha=noasm. +If using --enable-intelasm and also using --enable-sha224 or --enable-sha256 there is a known issue with trying to use -fsanitize=address. + +This release of wolfSSL fixes 1 low level security vulnerability. + +Low level fix for a potential DoS attack on a wolfSSL client. Previously a client would accept many warning alert messages without a limit. This fix puts a limit to the number of warning alert messages received and if this limit is reached a fatal error ALERT_COUNT_E is returned. The max number of warning alerts by default is set to 5 and can be adjusted with the macro WOLFSSL_ALERT_COUNT_MAX. Thanks for the report from Tarun Yadav and Koustav Sadhukhan from Defence Research and Development Organization, INDIA. + + +See INSTALL file for build instructions. +More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html + + +********* wolfSSL (Formerly CyaSSL) Release 3.11.1 (5/11/2017) + +Release 3.11.1 of wolfSSL is a TLS 1.3 BETA release, which includes: + +- TLS 1.3 client and server support for TLS 1.3 with Draft 18 support + +This is strictly a BETA release, and designed for testing and user feedback. +Please send any comments, testing results, or feedback to wolfSSL at +support@wolfssl.com. + +See INSTALL file for build instructions. +More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html + + +********* wolfSSL (Formerly CyaSSL) Release 3.11.0 (5/04/2017) + +Release 3.11.0 of wolfSSL has bug fixes and new features including: + +- Code updates for warnings reported by Coverity scans +- Testing and warning fixes for FreeBSD on PowerPC +- Updates and refactoring done to ASN1 parsing functions +- Change max PSK identity buffer to account for an identity length of 128 characters +- Update Arduino script to handle recent files and additions +- Added support for PKCS#7 Signed Data with ECDSA +- Fix for interoperability with ChaCha20-Poly1305 suites using older draft versions +- DTLS update to allow multiple handshake messages in one DTLS record. Thanks to Eric Samsel over at Welch Allyn for reporting this bug. +- Intel QuickAssist asynchronous support (PR #715 - https://www.wolfssl.com/wolfSSL/Blog/Entries/2017/1/18_wolfSSL_Asynchronous_Intel_QuickAssist_Support.html) +- Added support for HAproxy load balancer +- Added option to allow SHA1 with TLS 1.2 for IIS compatibility (WOLFSSL_ALLOW_TLS_SHA1) +- Added Curve25519 51-bit Implementation, increasing performance on systems that have 128 bit types +- Fix to not send session ID on server side if session cache is off unless we're echoing +session ID as part of session tickets +- Fixes for ensuring all default ciphers are setup correctly (see PR #830) +- Added NXP Hexiwear example in `IDE/HEXIWEAR`. +- Added wolfSSL_write_dup() to create write only WOLFSSL object for concurrent access +- Fixes for TLS elliptic curve selection on private key import. +- Fixes for RNG with Intel rdrand and rdseed speedups. +- Improved performance with Intel rdrand to use full 64-bit output +- Added new --enable-intelrand option to indicate use of RDRAND preference for RNG source +- Removed RNG ARC4 support +- Added ECC helpers to get size and id from curve name. +- Added ECC Cofactor DH (ECC-CDH) support +- Added ECC private key only import / export functions. +- Added PKCS8 create function +- Improvements to TLS layer CTX handling for switching keys / certs. +- Added check for duplicate certificate policy OID in certificates. +- Normal math speed-up to not allocate on mp_int and defer until mp_grow +- Reduce heap usage with fast math when not using ALT_ECC_SIZE +- Fixes for building CRL with Windows +- Added support for inline CRL lookup when HAVE_CRL_IO is defined +- Added port for tenAsys INtime RTOS +- Improvements to uTKernel port (WOLFSSL_uTKERNEL2) +- Updated WPA Supplicant support +- Added support for Nginx +- Update stunnel port for version 5.40 +- Fixes for STM32 hardware crypto acceleration +- Extended test code coverage in bundled test.c +- Added a sanity check for minimum authentication tag size with AES-GCM. Thanks to Yueh-Hsun Lin and Peng Li at KNOX Security at Samsung Research America for suggesting this. +- Added a sanity check that subject key identifier is marked as non-critical and a check that no policy OIDS appear more than once in the cert policies extension. Thanks to the report from Professor Zhenhua Duan, Professor Cong Tian, and Ph.D candidate Chu Chen from Institute of Computing Theory and Technology (ICTT) of Xidian University, China. Profs. Zhenhua Duan and Cong Tian are supervisors of Ph.D candidate Chu Chen. + + +This release of wolfSSL fixes 5 low and 1 medium level security vulnerability. + +3 Low level fixes reported by Yueh-Hsun Lin and Peng Li from KNOX Security, Samsung Research America. +- Fix for out of bounds memory access in wc_DhParamsLoad() when GetLength() returns a zero. Before this fix there is a case where wolfSSL would read out of bounds memory in the function wc_DhParamsLoad. +- Fix for DH key accepted by wc_DhAgree when the key was malformed. +- Fix for a double free case when adding CA cert into X509_store. + +Low level fix for memory management with static memory feature enabled. By default static memory is disabled. Thanks to GitHub user hajjihraf for reporting this. + +Low level fix for out of bounds write in the function wolfSSL_X509_NAME_get_text_by_NID. This function is not used by TLS or crypto operations but could result in a buffer out of bounds write by one if called explicitly in an application. Discovered by Aleksandar Nikolic of Cisco Talos. http://talosintelligence.com/vulnerability-reports/ + +Medium level fix for check on certificate signature. There is a case in release versions 3.9.10, 3.10.0 and 3.10.2 where a corrupted signature on a peer certificate would not be properly flagged. Thanks to Wens Lo, James Tsai, Kenny Chang, and Oscar Yang at Castles Technology. + + +See INSTALL file for build instructions. +More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html + + +********* wolfSSL (Formerly CyaSSL) Release 3.10.2 (2/10/2017) + +Release 3.10.2 of wolfSSL has bug fixes and new features including: + +- Poly1305 Windows macros fix. Thanks to GitHub user Jay Satiro +- Compatibility layer expanded with multiple functions added +- Improve fp_copy performance with ALT_ECC_SIZE +- OCSP updates and improvements +- Fixes for IAR EWARM 8 compiler warnings +- Reduce stack usage with ECC_CACHE_CURVE disabled +- Added ECC export raw for public and private key +- Fix for NO_ASN_TIME build +- Supported curves extensions now populated by default +- Add DTLS build without big integer math +- Fix for static memory feature with wc_ecc_verify_hash_ex and not SHAMIR +- Added PSK interoperability testing to script bundled with wolfSSL +- Fix for Python wrapper random number generation. Compiler optimizations with Python could place the random number in same buffer location each time. Thanks to GitHub user Erik Bray (embray) +- Fix for tests on unaligned memory with static memory feature +- Add macro WOLFSSL_NO_OCSP_OPTIONAL_CERTS to skip optional OCSP certificates +- Sanity checks on NULL arguments added to wolfSSL_set_fd and wolfSSL_DTLS_SetCookieSecret +- mp_jacobi stack use reduced, thanks to Szabi Tolnai for providing a solution to reduce stack usage + + +This release of wolfSSL fixes 2 low and 1 medium level security vulnerability. + +Low level fix of buffer overflow for when loading in a malformed temporary DH file. Thanks to Yueh-Hsun Lin and Peng Li from KNOX Security, Samsung Research America for the report. + +Medium level fix for processing of OCSP response. If using OCSP without hard faults enforced and no alternate revocation checks like OCSP stapling then it is recommended to update. + +Low level fix for potential cache attack on RSA operations. If using wolfSSL RSA on a server that other users can have access to monitor the cache, then it is recommended to update wolfSSL. Thanks to Andreas Zankl, Johann Heyszl and Georg Sigl at Fraunhofer AISEC for the initial report. + +See INSTALL file for build instructions. +More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html + +********* wolfSSL (Formerly CyaSSL) Release 3.10.0 (12/21/2016) + +Release 3.10.0 of wolfSSL has bug fixes and new features including: + +- Added support for SHA224 +- Added scrypt feature +- Build for Intel SGX use, added in directory IDE/WIN-SGX +- Fix for ChaCha20-Poly1305 ECDSA certificate type request +- Enhance PKCS#7 with ECC enveloped data and AES key wrap support +- Added support for RIOT OS +- Add support for parsing PKCS#12 files +- ECC performance increased with custom curves +- ARMv8 expanded to AArch32 and performance increased +- Added ANSI-X9.63-KDF support +- Port to STM32 F2/F4 CubeMX +- Port to Atmel ATECC508A board +- Removed fPIE by default when wolfSSL library is compiled +- Update to Python wrapper, dropping DES and adding wc_RSASetRNG +- Added support for NXP K82 hardware acceleration +- Added SCR client and server verify check +- Added a disable rng option with autoconf +- Added more tests vectors to test.c with AES-CTR +- Updated DTLS session export version number +- Updated DTLS for 64 bit sequence numbers +- Fix for memory management with TI and WOLFSSL_SMALL_STACK +- Hardening RSA CRT to be constant time +- Fix uninitialized warning with IAR compiler +- Fix for C# wrapper example IO hang on unexpected connection termination + + +This release of wolfSSL fixes a low level security vulnerability. The vulnerability reported was a potential cache attack on RSA operations. If using wolfSSL RSA on a server that other users can have access to monitor the cache, then it is recommended to update wolfSSL. Thanks to Andreas Zankl, Johann Heyszl and Georg Sigl at Fraunhofer AISEC for the report. More information will be available on our site: + +https://wolfssl.com/wolfSSL/security/vulnerabilities.php + +See INSTALL file for build instructions. +More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html + +********* wolfSSL (Formerly CyaSSL) Release 3.9.10 (9/23/2016) + +Release 3.9.10 of wolfSSL has bug fixes and new features including: + +- Default configure option changes: + 1. DES3 disabled by default + 2. ECC Supported Curves Extension enabled by default + 3. New option Extended Master Secret enabled by default +- Added checking CA certificate path length, and new test certs +- Fix to DSA pre padding and sanity check on R/S values +- Added CTX level RNG for single-threaded builds +- Intel RDSEED enhancements +- ARMv8 hardware acceleration support for AES-CBC/CTR/GCM, SHA-256 +- Arduino support updates +- Added the Extended Master Secret TLS extension + 1. Enabled by default in configure options, API to disable + 2. Added support for Extended Master Secret to sniffer +- OCSP fix with issuer key hash, lookup refactor +- Added support for Frosted OS +- Added support for DTLS over SCTP +- Added support for static memory with wolfCrypt +- Fix to ECC Custom Curve support +- Support for asynchronous wolfCrypt RSA and TLS client +- Added distribution build configure option +- Update the test certificates + +This release of wolfSSL fixes medium level security vulnerabilities. Fixes for +potential AES, RSA, and ECC side channel leaks is included that a local user +monitoring the same CPU core cache could exploit. VM users, hyper-threading +users, and users where potential attackers have access to the CPU cache will +need to update if they utilize AES, RSA private keys, or ECC private keys. +Thanks to Gorka Irazoqui Apecechea and Xiaofei Guo from Intel Corporation for +the report. More information will be available on our site: + + https://wolfssl.com/wolfSSL/security/vulnerabilities.php + +See INSTALL file for build instructions. +More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html + +********* wolfSSL (Formerly CyaSSL) Release 3.9.8 (7/29/2016) + +Release 3.9.8 of wolfSSL has bug fixes and new features including: + +- Add support for custom ECC curves. +- Add cipher suite ECDHE-ECDSA-AES128-CCM. +- Add compkey enable option. This option is for compressed ECC keys. +- Add in the option to use test.h without gettimeofday function using the macro + WOLFSSL_USER_CURRTIME. +- Add RSA blinding for private key operations. Enable option of harden which is + on by default. This negates timing attacks. +- Add ECC and TLS support for all SECP, Koblitz and Brainpool curves. +- Add helper functions for static memory option to allow getting optimum buffer + sizes. +- Update DTLS behavior on bad MAC. DTLS silently drops packets with bad MACs now. +- Update fp_isprime function from libtom enchancement/cleanup repository. +- Update sanity checks on inputs and return values for AES-CMAC. +- Update wolfSSL for use with MYSQL v5.6.30. +- Update LPCXpresso eclipse project to not include misc.c when not needed. +- Fix retransmit of last DTLS flight with timeout notification. The last flight + is no longer retransmitted on timeout. +- Fixes to some code in math sections for compressed ECC keys. This includes + edge cases for buffer size on allocation and adjustments for compressed curves + build. The code and full list can be found on github with pull request #456. +- Fix function argument mismatch for build with secure renegotiation. +- X.509 bug fixes for reading in malformed certificates, reported by researchers + at Columbia University +- Fix GCC version 6 warning about hard tabs in poly1305.c. This was a warning + produced by GCC 6 trying to determine the intent of code. +- Fixes for static memory option. Including avoid potential race conditions with + counters, decrement handshake counter correctly. +- Fix anonymous cipher with Diffie Hellman on the server side. Was an issue of a + possible buffer corruption. For information and code see pull request #481. + + +- One high level security fix that requires an update for use with static RSA + cipher suites was submitted. This fix was the addition of RSA blinding for + private RSA operations. We recommend servers who allow static RSA cipher + suites to also generate new private RSA keys. Static RSA cipher suites are + turned off by default. + +See INSTALL file for build instructions. +More info can be found on-line at //http://wolfssl.com/wolfSSL/Docs.html + + ********* wolfSSL (Formerly CyaSSL) Release 3.9.6 (6/14/2016) + +Release 3.9.6 of wolfSSL has bug fixes and new features including: + +- Add staticmemory feature +- Add public wc_GetTime API with base64encode feature +- Add AES CMAC algorithm +- Add DTLS sessionexport feature +- Add python wolfCrypt wrapper +- Add ECC encrypt/decrypt benchmarks +- Add dynamic session tickets +- Add eccshamir option +- Add Whitewood netRandom support --with-wnr +- Add embOS port +- Add minimum key size checks for RSA and ECC +- Add STARTTLS support to examples +- Add uTasker port +- Add asynchronous crypto and wolf event support +- Add compile check for misc.c with inline +- Add RNG benchmark +- Add reduction to stack usage with hash-based RNG +- Update STM32F2_CRYPTO port with additional algorithms supported +- Update MDK5 projects +- Update AES-NI +- Fix for STM32 with STM32F2_HASH defined +- Fix for building with MinGw +- Fix ECC math bugs with ALT_ECC_SIZE and key sizes over 256 bit (1) +- Fix certificate buffers github issue #422 +- Fix decrypt max size with RSA OAEP +- Fix DTLS sanity check with DTLS timeout notification +- Fix free of WOLFSSL_METHOD on failure to create CTX +- Fix memory leak in failure case with wc_RsaFunction (2) + +- No high level security fixes that requires an update though we always +recommend updating to the latest +- (1) Code changes for ECC fix can be found at pull requests #411, #416, and #428 +- (2) Builds using RSA with using normal math and not RSA_LOW_MEM should update +- Tag 3.9.6w is for a Windows example echoserver fix + +See INSTALL file for build instructions. +More info can be found on-line at //http://wolfssl.com/wolfSSL/Docs.html + + ********* wolfSSL (Formerly CyaSSL) Release 3.9.0 (3/18/2016) + +Release 3.9.0 of wolfSSL has bug fixes and new features including: + +- Add new leantls configuration +- Add RSA OAEP padding at wolfCrypt level +- Add Arduino port and example client +- Add fixed point DH operation +- Add CUSTOM_RAND_GENRATE_SEED_OS and CUSTOM_RAND_GENERATE_BLOCK +- Add ECDHE-PSK cipher suites +- Add PSK ChaCha20-Poly1305 cipher suites +- Add option for fail on no peer cert except PSK suites +- Add port for Nordic nRF51 +- Add additional ECC NIST test vectors for 256, 384 and 521 +- Add more granular ECC, Ed25519/Curve25519 and AES configs +- Update to ChaCha20-Poly1305 +- Update support for Freescale KSDK 1.3.0 +- Update DER buffer handling code, refactoring and reducing memory +- Fix to AESNI 192 bit key expansion +- Fix to C# wrapper character encoding +- Fix sequence number issue with DTLS epoch 0 messages +- Fix RNGA with K64 build +- Fix ASN.1 X509 V3 certificate policy extension parsing +- Fix potential free of uninitialized RSA key in asn.c +- Fix potential underflow when using ECC build with FP_ECC +- Fixes for warnings in Visual Studio 2015 build + +- No high level security fixes that requires an update though we always +recommend updating to the latest +- FP_ECC is off by default, users with it enabled should update for the zero +sized hash fix + +See INSTALL file for build instructions. +More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html + + ********* wolfSSL (Formerly CyaSSL) Release 3.8.0 (12/30/2015) + +Release 3.8.0 of wolfSSL has bug fixes and new features including: + +- Example client/server with VxWorks +- AESNI use with AES-GCM +- Stunnel compatibility enhancements +- Single shot hash and signature/verify API added +- Update cavium nitrox port +- LPCXpresso IDE support added +- C# wrapper to support wolfSSL use by a C# program +- (BETA version)OCSP stapling added +- Update OpenSSH compatibility +- Improve DTLS handshake when retransmitting finished message +- fix idea_mult() for 16 and 32bit systems +- fix LowResTimer on Microchip ports + +- No high level security fixes that requires an update though we always +recommend updating to the latest + +See INSTALL file for build instructions. +More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html + + ********* wolfSSL (Formerly CyaSSL) Release 3.7.0 (10/26/2015) + +Release 3.7.0 of wolfSSL has bug fixes and new features including: + +- ALPN extension support added for HTTP2 connections with --enable-alpn +- Change of example/client/client max fragment flag -L -> -F +- Throughput benchmarking, added scripts/benchmark.test +- Sniffer API ssl_FreeDecodeBuffer added +- Addition of AES_GCM to Sniffer +- Sniffer change to handle unlimited decrypt buffer size +- New option for the sniffer where it will try to pick up decoding after a + sequence number acknowldgement fault. Also includes some additional stats. +- JNI API setter and getter function for jobject added +- User RSA crypto plugin abstraction. An example placed in wolfcrypt/user-crypto +- fix to asn configuration bug +- AES-GCM/CCM fixes. +- Port for Rowley added +- Rowley Crossworks bare metal examples added +- MDK5-ARM project update +- FreeRTOS support updates. +- VXWorks support updates. +- Added the IDEA cipher and support in wolfSSL. +- Update wolfSSL website CA. +- CFLAGS is usable when configuring source. + +- No high level security fixes that requires an update though we always +recommend updating to the latest + +See INSTALL file for build instructions. +More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html + + ********* wolfSSL (Formerly CyaSSL) Release 3.6.8 (09/17/2015) + +Release 3.6.8 of wolfSSL fixes two high severity vulnerabilities. It also +includes bug fixes and new features including: + +- Two High level security fixes, all users SHOULD update. + a) If using wolfSSL for DTLS on the server side of a publicly accessible + machine you MUST update. + b) If using wolfSSL for TLS on the server side with private RSA keys allowing + ephemeral key exchange without low memory optimizations you MUST update and + regenerate the private RSA keys. + + Please see https://www.wolfssl.com/wolfSSL/Blog/Blog.html for more details + +- No filesystem build fixes for various configurations +- Certificate generation now supports several extensions including KeyUsage, + SKID, AKID, and Certificate Policies +- CRLs can be loaded from buffers as well as files now +- SHA-512 Certificate Signing generation +- Fixes for sniffer reassembly processing + +See INSTALL file for build instructions. +More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html + + ********* wolfSSL (Formerly CyaSSL) Release 3.6.6 (08/20/2015) + +Release 3.6.6 of wolfSSL has bug fixes and new features including: + +- OpenSSH compatibility with --enable-openssh +- stunnel compatibility with --enable-stunnel +- lighttpd compatibility with --enable-lighty +- SSLv3 is now disabled by default, can be enabled with --enable-sslv3 +- Ephemeral key cipher suites only are now supported by default + To enable static ECDH cipher suites define WOLFSSL_STATIC_DH + To enable static RSA cipher suites define WOLFSSL_STATIC_RSA + To enable static PSK cipher suites define WOLFSSL_STATIC_PSK +- Added QSH (quantum-safe handshake) extension with --enable-ntru +- SRP is now part of wolfCrypt, enable with --enabe-srp +- Certificate handshake messages can now be sent fragmented if the record + size is smaller than the total message size, no user action required. +- DTLS duplicate message fixes +- Visual Studio project files now support DLL and static builds for 32/64bit. +- Support for new Freescale I/O +- FreeRTOS FIPS support + +- No high level security fixes that requires an update though we always + recommend updating to the latest + +See INSTALL file for build instructions. +More information can be found on-line at //http://wolfssl.com/yaSSL/Docs.html + + **************** wolfSSL (Formerly CyaSSL) Release 3.6.0 (06/19/2015) + +Release 3.6.0 of wolfSSL has bug fixes and new features including: + +- Max Strength build that only allows TLSv1.2, AEAD ciphers, and PFS (Perfect + Forward Secrecy). With --enable-maxstrength +- Server side session ticket support, the example server and echoserver use the + example callback myTicketEncCb(), see wolfSSL_CTX_set_TicketEncCb() +- FIPS version submitted for iOS. +- TI Crypto Hardware Acceleration +- DTLS fragmentation fixes +- ECC key check validation with wc_ecc_check_key() +- 32bit code options to reduce memory for Curve25519 and Ed25519 +- wolfSSL JNI build switch with --enable-jni +- PicoTCP support improvements +- DH min ephemeral key size enforcement with wolfSSL_CTX_SetMinDhKey_Sz() +- KEEP_PEER_CERT and AltNames can now be used together +- ChaCha20 big endian fix +- SHA-512 signature algorithm support for key exchange and verify messages +- ECC make key crash fix on RNG failure, ECC users must update. +- Improvements to usage of time code. +- Improvements to VS solution files. +- GNU Binutils 2.24 (and late 2.23) ld has problems with some debug builds, + to fix an ld error add C_EXTRA_FLAGS="-fdebug-types-section -g1". + +- No high level security fixes that requires an update though we always + recommend updating to the latest (except note 14, ecc RNG failure) + +See INSTALL file for build instructions. +More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html + + + *****************wolfSSL (Formerly CyaSSL) Release 3.4.6 (03/30/2015) + +Release 3.4.6 of wolfSSL has bug fixes and new features including: + +- Intel Assembly Speedups using instructions rdrand, rdseed, aesni, avx1/2, + rorx, mulx, adox, adcx . They can be enabled with --enable-intelasm. + These speedup the use of RNG, SHA2, and public key algorithms. +- Ed25519 support at the crypto level. Turn on with --enable-ed25519. Examples + in wolcrypt/test/test.c ed25519_test(). +- Post Handshake Memory reductions. wolfSSL can now hold less than 1,000 bytes + of memory per secure connection including cipher state. +- wolfSSL API and wolfCrypt API fixes, you can still include the cyassl and + ctaocrypt headers which will enable the compatibility APIs for the + foreseeable future +- INSTALL file to help direct users to build instructions for their environment +- For ECC users with the normal math library a fix that prevents a crash when + verify signature fails. Users of 3.4.0 with ECC and the normal math library + must update +- RC4 is now disabled by default in autoconf mode +- AES-GCM and ChaCha20/Poly1305 are now enabled by default to make AEAD ciphers + available without a switch +- External ChaCha-Poly AEAD API, thanks to Andrew Burks for the contribution +- DHE-PSK cipher suites can now be built without ASN or Cert support +- Fix some NO MD5 build issues with optional features +- Freescale CodeWarrior project updates +- ECC curves can be individually turned on/off at build time. +- Sniffer handles Cert Status message and other minor fixes +- SetMinVersion() at the wolfSSL Context level instead of just SSL session level + to allow minimum protocol version allowed at runtime +- RNG failure resource cleanup fix + +- No high level security fixes that requires an update though we always + recommend updating to the latest (except note 6 use case of ecc/normal math) + +See INSTALL file for build instructions. +More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html + + + *****************wolfSSL (Formerly CyaSSL) Release 3.4.0 (02/23/2015) + +Release 3.4.0 wolfSSL has bug fixes and new features including: + +- wolfSSL API and wolfCrypt API, you can still include the cyassl and ctaocrypt + headers which will enable the compatibility APIs for the foreseeable future +- Example use of the wolfCrypt API can be found in wolfcrypt/test/test.c +- Example use of the wolfSSL API can be found in examples/client/client.c +- Curve25519 now supported at the wolfCrypt level, wolfSSL layer coming soon +- Improvements in the build configuration under AIX +- Microchip Pic32 MZ updates +- TIRTOS updates +- PowerPC updates +- Xcode project update +- Bidirectional shutdown examples in client/server with -w (wait for full + shutdown) option +- Cycle counts on benchmarks for x86_64, more coming soon +- ALT_ECC_SIZE for reducing ecc heap use with fastmath when also using large RSA + keys +- Various compile warnings +- Scan-build warning fixes +- Changed a memcpy to memmove in the sniffer (if using sniffer please update) +- No high level security fixes that requires an update though we always + recommend updating to the latest + + + ***********CyaSSL Release 3.3.0 (12/05/2014) + +- Countermeasuers for Handshake message duplicates, CHANGE CIPHER without + FINISHED, and fast forward attempts. Thanks to Karthikeyan Bhargavan from + the Prosecco team at INRIA Paris-Rocquencourt for the report. +- FIPS version submitted +- Removes SSLv2 Client Hello processing, can be enabled with OLD_HELLO_ALLOWED +- User can set minimum downgrade version with CyaSSL_SetMinVersion() +- Small stack improvements at TLS/SSL layer +- TLS Master Secret generation and Key Expansion are now exposed +- Adds client side Secure Renegotiation, * not recommended * +- Client side session ticket support, not fully tested with Secure Renegotiation +- Allows up to 4096bit DHE at TLS Key Exchange layer +- Handles non standard SessionID sizes in Hello Messages +- PicoTCP Support +- Sniffer now supports SNI Virtual Hosts +- Sniffer now handles non HTTPS protocols using STARTTLS +- Sniffer can now parse records with multiple messages +- TI-RTOS updates +- Fix for ColdFire optimized fp_digit read only in explicit 32bit case +- ADH Cipher Suite ADH-AES128-SHA for EAP-FAST + +The CyaSSL manual is available at: +http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + + +***********CyaSSL Release 3.2.0 (09/10/2014) + +Release 3.2.0 CyaSSL has bug fixes and new features including: + +- ChaCha20 and Poly1305 crypto and suites +- Small stack improvements for OCSP, CRL, TLS, DTLS +- NTRU Encrypt and Decrypt benchmarks +- Updated Visual Studio project files +- Updated Keil MDK5 project files +- Fix for DTLS sequence numbers with GCM/CCM +- Updated HashDRBG with more secure struct declaration +- TI-RTOS support and example Code Composer Studio project files +- Ability to get enabled cipher suites, CyaSSL_get_ciphers() +- AES-GCM/CCM/Direct support for Freescale mmCAU and CAU +- Sniffer improvement checking for decrypt key setup +- Support for raw ECC key import +- Ability to convert ecc_key to DER, EccKeyToDer() +- Security fix for RSA Padding check vulnerability reported by Intel Security + Advanced Threat Research team + +The CyaSSL manual is available at: +http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + + +************ CyaSSL Release 3.1.0 (07/14/2014) + +Release 3.1.0 CyaSSL has bug fixes and new features including: + +- Fix for older versions of icc without 128-bit type +- Intel ASM syntax for AES-NI +- Updated NTRU support, keygen benchmark +- FIPS check for minimum required HMAC key length +- Small stack (--enable-smallstack) improvements for PKCS#7, ASN +- TLS extension support for DTLS +- Default I/O callbacks external to user +- Updated example client with bad clock test +- Ability to set optional ECC context info +- Ability to enable/disable DH separate from opensslextra +- Additional test key/cert buffers for CA and server +- Updated example certificates + +The CyaSSL manual is available at: +http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + + +************ CyaSSL Release 3.0.2 (05/30/2014) + +Release 3.0.2 CyaSSL has bug fixes and new features including: + +- Added the following cipher suites: + * TLS_PSK_WITH_AES_128_GCM_SHA256 + * TLS_PSK_WITH_AES_256_GCM_SHA384 + * TLS_PSK_WITH_AES_256_CBC_SHA384 + * TLS_PSK_WITH_NULL_SHA384 + * TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 + * TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 + * TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 + * TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 + * TLS_DHE_PSK_WITH_NULL_SHA256 + * TLS_DHE_PSK_WITH_NULL_SHA384 + * TLS_DHE_PSK_WITH_AES_128_CCM + * TLS_DHE_PSK_WITH_AES_256_CCM +- Added AES-NI support for Microsoft Visual Studio builds. +- Changed small stack build to be disabled by default. +- Updated the Hash DRBG and provided a configure option to enable. + +The CyaSSL manual is available at: +http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + + +************ CyaSSL Release 3.0.0 (04/29/2014) + +Release 3.0.0 CyaSSL has bug fixes and new features including: + +- FIPS release candidate +- X.509 improvements that address items reported by Suman Jana with security + researchers at UT Austin and UC Davis +- Small stack size improvements, --enable-smallstack. Offloads large local + variables to the heap. (Note this is not complete.) +- Updated AES-CCM-8 cipher suites to use approved suite numbers. + +The CyaSSL manual is available at: +http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + + +************ CyaSSL Release 2.9.4 (04/09/2014) + +Release 2.9.4 CyaSSL has bug fixes and new features including: + +- Security fixes that address items reported by Ivan Fratric of the Google + Security Team +- X.509 Unknown critical extensions treated as errors, report by Suman Jana with + security researchers at UT Austin and UC Davis +- Sniffer fixes for corrupted packet length and Jumbo frames +- ARM thumb mode assembly fixes +- Xcode 5.1 support including new clang +- PIC32 MZ hardware support +- CyaSSL Object has enough room to read the Record Header now w/o allocs +- FIPS wrappers for AES, 3DES, SHA1, SHA256, SHA384, HMAC, and RSA. +- A sample I/O pool is demonstrated with --enable-iopool to overtake memory + handling and reduce memory fragmentation on I/O large sizes + +The CyaSSL manual is available at: +http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + + +************ CyaSSL Release 2.9.0 (02/07/2014) + +Release 2.9.0 CyaSSL has bug fixes and new features including: +- Freescale Kinetis RNGB support +- Freescale Kinetis mmCAU support +- TLS Hello extensions + - ECC + - Secure Renegotiation (null) + - Truncated HMAC +- SCEP support + - PKCS #7 Enveloped data and signed data + - PKCS #10 Certificate Signing Request generation +- DTLS sliding window +- OCSP Improvements + - API change to integrate into Certificate Manager + - IPv4/IPv6 agnostic + - example client/server support for OCSP + - OCSP nonces are optional +- GMAC hashing +- Windows build additions +- Windows CYGWIN build fixes +- Updated test certificates +- Microchip MPLAB Harmony support +- Update autoconf scripts +- Additional X.509 inspection functions +- ECC encrypt/decrypt primitives +- ECC Certificate generation + +The Freescale Kinetis K53 RNGB documentation can be found in Chapter 33 of the +K53 Sub-Family Reference Manual: +http://cache.freescale.com/files/32bit/doc/ref_manual/K53P144M100SF2RM.pdf + +Freescale Kinetis K60 mmCAU (AES, DES, 3DES, MD5, SHA, SHA256) documentation +can be found in the "ColdFire/ColdFire+ CAU and Kinetis mmCAU Software Library +User Guide": +http://cache.freescale.com/files/32bit/doc/user_guide/CAUAPIUG.pdf + + +*****************CyaSSL Release 2.8.0 (8/30/2013) + +Release 2.8.0 CyaSSL has bug fixes and new features including: +- AES-GCM and AES-CCM use AES-NI +- NetX default IO callback handlers +- IPv6 fixes for DTLS Hello Cookies +- The ability to unload Certs/Keys after the handshake, CyaSSL_UnloadCertsKeys() +- SEP certificate extensions +- Callback getters for easier resource freeing +- External CYASSL_MAX_ERROR_SZ for correct error buffer sizing +- MacEncrypt and DecryptVerify Callbacks for User Atomic Record Layer Processing +- Public Key Callbacks for ECC and RSA +- Client now sends blank cert upon request if doesn't have one with TLS <= 1.2 + + +The CyaSSL manual is available at: +http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + + +*****************CyaSSL Release 2.7.0 (6/17/2013) + +Release 2.7.0 CyaSSL has bug fixes and new features including: +- SNI support for client and server +- KEIL MDK-ARM projects +- Wildcard check to domain name match, and Subject altnames are checked too +- Better error messages for certificate verification errors +- Ability to discard session during handshake verify +- More consistent error returns across all APIs +- Ability to unload CAs at the CTX or CertManager level +- Authority subject id support for Certificate matching +- Persistent session cache functionality +- Persistent CA cache functionality +- Client session table lookups to push serverID table to library level +- Camellia support to sniffer +- User controllable settings for DTLS timeout values +- Sniffer fixes for caching long lived sessions +- DTLS reliability enhancements for the handshake +- Better ThreadX support + +When compiling with Mingw, libtool may give the following warning due to +path conversion errors: + +libtool: link: Could not determine host file name corresponding to ** +libtool: link: Continuing, but uninstalled executables may not work. + +If so, examples and testsuite will have problems when run, showing an +error while loading shared libraries. To resolve, please run "make install". + +The CyaSSL manual is available at: +http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + + +************** CyaSSL Release 2.6.0 (04/15/2013) + +Release 2.6.0 CyaSSL has bug fixes and new features including: +- DTLS 1.2 support including AEAD ciphers +- SHA-3 finalist Blake2 support, it's fast and uses little resources +- SHA-384 cipher suites including ECC ones +- HMAC now supports SHA-512 +- Track memory use for example client/server with -t option +- Better IPv6 examples with --enable-ipv6, before if ipv6 examples/tests were + turned on, localhost only was used. Now link-local (with scope ids) and ipv6 + hosts can be used as well. +- Xcode v4.6 project for iOS v6.1 update +- settings.h is now checked in all *.c files for true one file setting detection +- Better alignment at SSL layer for hardware crypto alignment needs + * Note, SSL itself isn't friendly to alignment with 5 byte TLS headers and + 13 bytes DTLS headers, but every effort is now made to align with the + CYASSL_GENERAL_ALIGNMENT flag which sets desired alignment requirement +- NO_64BIT flag to turn off 64bit data type accumulators in public key code + * Note, some systems are faster with 32bit accumulators +- --enable-stacksize for example client/server stack use + * Note, modern desktop Operating Systems may add bytes to each stack frame +- Updated compression/decompression with direct crypto access +- All ./configure options are now lowercase only for consistency +- ./configure builds default to fastmath option + * Note, if on ia32 and building in shared mode this may produce a problem + with a missing register being available because of PIC, there are at least + 6 solutions to this: + 1) --disable-fastmath , don't use fastmath + 2) --disable-shared, don't build a shared library + 3) C_EXTRA_FLAGS=-DTFM_NO_ASM , turn off assembly use + 4) use clang, it just seems to work + 5) play around with no PIC options to force all registers being open, + e.g, --without-pic + 6) if static lib is still a problem try removing fPIE +- Many new ./configure switches for option enable/disable for example + * rsa + * dh + * dsa + * md5 + * sha + * arc4 + * null (allow NULL ciphers) + * oldtls (only use TLS 1.2) + * asn (no certs or public keys allowed) +- ./configure generates cyassl/options.h which allows a header the user can + include in their app to make sure the same options are set at the app and + CyaSSL level. +- autoconf no longer needs serial-tests which lowers version requirements of + automake to 1.11 and autoconf to 2.63 + +The CyaSSL manual is available at: +http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + + + +************** CyaSSL Release 2.5.0 (02/04/2013) + +Release 2.5.0 CyaSSL has bug fixes and new features including: +- Fix for TLS CBC padding timing attack identified by Nadhem Alfardan and + Kenny Paterson: http://www.isg.rhul.ac.uk/tls/ +- Microchip PIC32 (MIPS16, MIPS32) support +- Microchip MPLAB X example projects for PIC32 Ethernet Starter Kit +- Updated CTaoCrypt benchmark app for embedded systems +- 1024-bit test certs/keys and cert/key buffers +- AES-CCM-8 crypto and cipher suites +- Camellia crypto and cipher suites +- Bumped minimum autoconf version to 2.65, automake version to 1.12 +- Addition of OCSP callbacks +- STM32F2 support with hardware crypto and RNG +- Cavium NITROX support + +CTaoCrypt now has support for the Microchip PIC32 and has been tested with +the Microchip PIC32 Ethernet Starter Kit, the XC32 compiler and +MPLAB X IDE in both MIPS16 and MIPS32 instruction set modes. See the README +located under the /mplabx directory for more details. + +To add Cavium NITROX support do: + +./configure --with-cavium=/home/user/cavium/software + +pointing to your licensed cavium/software directory. Since Cavium doesn't +build a library we pull in the cavium_common.o file which gives a libtool +warning about the portability of this. Also, if you're using the github source +tree you'll need to remove the -Wredundant-decls warning from the generated +Makefile because the cavium headers don't conform to this warning. Currently +CyaSSL supports Cavium RNG, AES, 3DES, RC4, HMAC, and RSA directly at the crypto +layer. Support at the SSL level is partial and currently just does AES, 3DES, +and RC4. RSA and HMAC are slower until the Cavium calls can be utilized in non +blocking mode. The example client turns on cavium support as does the crypto +test and benchmark. Please see the HAVE_CAVIUM define. + +CyaSSL is able to use the STM32F2 hardware-based cryptography and random number +generator through the STM32F2 Standard Peripheral Library. For necessary +defines, see the CYASSL_STM32F2 define in settings.h. Documentation for the +STM32F2 Standard Peripheral Library can be found in the following document: +http://www.st.com/internet/com/TECHNICAL_RESOURCES/TECHNICAL_LITERATURE/USER_MANUAL/DM00023896.pdf + +The CyaSSL manual is available at: +http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + + + +*************** CyaSSL Release 2.4.6 (12/20/2012) + +Release 2.4.6 CyaSSL has bug fixes and a few new features including: +- ECC into main version +- Lean PSK build (reduced code size, RAM usage, and stack usage) +- FreeBSD CRL monitor support +- CyaSSL_peek() +- CyaSSL_send() and CyaSSL_recv() for I/O flag setting +- CodeWarrior Support +- MQX Support +- Freescale Kinetis support including Hardware RNG +- autoconf builds use jobserver +- cyassl-config +- Sniffer memory reductions + +Thanks to Brian Aker for the improved autoconf system, make rpm, cyassl-config, +warning system, and general good ideas for improving CyaSSL! + +The Freescale Kinetis K70 RNGA documentation can be found in Chapter 37 of the +K70 Sub-Family Reference Manual: +http://cache.freescale.com/files/microcontrollers/doc/ref_manual/K70P256M150SF3RM.pdf + +The CyaSSL manual is available at: +http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + + +*************** CyaSSL Release 2.4.0 (10/10/2012) + +Release 2.4.0 CyaSSL has bug fixes and a few new features including: +- DTLS reliability +- Reduced memory usage after handshake +- Updated build process + +The CyaSSL manual is available at: +http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + + + +*************** CyaSSL Release 2.3.0 (8/10/2012) + +Release 2.3.0 CyaSSL has bug fixes and a few new features including: +- AES-GCM crypto and cipher suites +- make test cipher suite checks +- Subject AltName processing +- Command line support for client/server examples +- Sniffer SessionTicket support +- SHA-384 cipher suites +- Verify cipher suite validity when user overrides +- CRL dir monitoring +- DTLS Cookie support, reliability coming soon + +The CyaSSL manual is available at: +http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + + + +***************CyaSSL Release 2.2.0 (5/18/2012) + +Release 2.2.0 CyaSSL has bug fixes and a few new features including: +- Initial CRL support (--enable-crl) +- Initial OCSP support (--enable-ocsp) +- Add static ECDH suites +- SHA-384 support +- ECC client certificate support +- Add medium session cache size (1055 sessions) +- Updated unit tests +- Protection against mutex reinitialization + + +The CyaSSL manual is available at: +http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + + + +***************CyaSSL Release 2.0.8 (2/24/2012) + +Release 2.0.8 CyaSSL has bug fixes and a few new features including: +- A fix for malicious certificates pointed out by Remi Gacogne (thanks) + resulting in NULL pointer use. +- Respond to renegotiation attempt with no_renegoatation alert +- Add basic path support for load_verify_locations() +- Add set Temp EC-DHE key size +- Extra checks on rsa test when porting into + + +The CyaSSL manual is available at: +http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + + + +************* CyaSSL Release 2.0.6 (1/27/2012) + +Release 2.0.6 CyaSSL has bug fixes and a few new features including: +- Fixes for CA basis constraint check +- CTX reference counting +- Initial unit test additions +- Lean and Mean Windows fix +- ECC benchmarking +- SSMTP build support +- Ability to group handshake messages with set_group_messages(ctx/ssl) +- CA cache addition callback +- Export Base64_Encode for general use + +The CyaSSL manual is available at: +http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + + + +************* CyaSSL Release 2.0.2 (12/05/2011) + +Release 2.0.2 CyaSSL has bug fixes and a few new features including: +- CTaoCrypt Runtime library detection settings when directly using the crypto + library +- Default certificate generation now uses SHAwRSA and adds SHA256wRSA generation +- All test certificates now use 2048bit and SHA-1 for better modern browser + support +- Direct AES block access and AES-CTR (counter) mode +- Microchip pic32 support + +The CyaSSL manual is available at: +http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + + + +************* CyaSSL Release 2.0.0rc3 (9/28/2011) + +Release 2.0.0rc3 for CyaSSL has bug fixes and a few new features including: +- updated autoconf support +- better make install and uninstall (uses system directories) +- make test / make check +- CyaSSL headers now in +- CTaocrypt headers now in +- OpenSSL compatibility headers now in +- examples and tests all run from home directory so can use certs in ./certs + (see note 1) + +So previous applications that used the OpenSSL compatibility header + now need to include instead, no other +changes are required. + +Special Thanks to Brian Aker for his autoconf, install, and header patches. + +The CyaSSL manual is available at: +http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + +************CyaSSL Release 2.0.0rc2 (6/6/2011) + +Release 2.0.0rc2 for CyaSSL has bug fixes and a few new features including: +- bug fixes (Alerts, DTLS with DHE) +- FreeRTOS support +- lwIP support +- Wshadow warnings removed +- asn public header +- CTaoCrypt public headers now all have ctc_ prefix (the manual is still being + updated to reflect this change) +- and more. + +This is the 2nd and perhaps final release candidate for version 2. +Please send any comments or questions to support@wolfssl.com. + +The CyaSSL manual is available at: +http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + +***********CyaSSL Release 2.0.0rc1 (5/2/2011) + +Release 2.0.0rc1 for CyaSSL has many new features including: +- bug fixes +- SHA-256 cipher suites +- Root Certificate Verification (instead of needing all certs in the chain) +- PKCS #8 private key encryption (supports PKCS #5 v1-v2 and PKCS #12) +- Serial number retrieval for x509 +- PBKDF2 and PKCS #12 PBKDF +- UID parsing for x509 +- SHA-256 certificate signatures +- Client and server can send chains (SSL_CTX_use_certificate_chain_file) +- CA loading can now parse multiple certificates per file +- Dynamic memory runtime hooks +- Runtime hooks for logging +- EDH on server side +- More informative error codes +- More informative logging messages +- Version downgrade more robust (use SSL_v23*) +- Shared build only by default through ./configure +- Compiler visibility is now used, internal functions not polluting namespace +- Single Makefile, no recursion, for faster and simpler building +- Turn on all warnings possible build option, warning fixes +- and more. + +Because of all the new features and the multiple OS, compiler, feature-set +options that CyaSSL allows, there may be some configuration fixes needed. +Please send any comments or questions to support@wolfssl.com. + +The CyaSSL manual is available at: +http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + +****************** CyaSSL Release 1.9.0 (3/2/2011) + +Release 1.9.0 for CyaSSL adds bug fixes, improved TLSv1.2 through testing and +better hash/sig algo ids, --enable-webServer for the yaSSL embedded web server, +improper AES key setup detection, user cert verify callback improvements, and +more. + +The CyaSSL manual offering is included in the doc/ directory. For build +instructions and comments about the new features please check the manual. + +Please send any comments or questions to support@wolfssl.com. + +****************** CyaSSL Release 1.8.0 (12/23/2010) + +Release 1.8.0 for CyaSSL adds bug fixes, x509 v3 CA signed certificate +generation, a C standard library abstraction layer, lower memory use, increased +portability through the os_settings.h file, and the ability to use NTRU cipher +suites when used in conjunction with an NTRU license and library. + +The initial CyaSSL manual offering is included in the doc/ directory. For +build instructions and comments about the new features please check the manual. + +Please send any comments or questions to support@wolfssl.com. + +Happy Holidays. + + +********************* CyaSSL Release 1.6.5 (9/9/2010) + +Release 1.6.5 for CyaSSL adds bug fixes and x509 v3 self signed certificate +generation. + +For general build instructions see doc/Building_CyaSSL.pdf. + +To enable certificate generation support add this option to ./configure +./configure --enable-certgen + +An example is included in ctaocrypt/test/test.c and documentation is provided +in doc/CyaSSL_Extensions_Reference.pdf item 11. + +********************** CyaSSL Release 1.6.0 (8/27/2010) + +Release 1.6.0 for CyaSSL adds bug fixes, RIPEMD-160, SHA-512, and RSA key +generation. + +For general build instructions see doc/Building_CyaSSL.pdf. + +To add RIPEMD-160 support add this option to ./configure +./configure --enable-ripemd + +To add SHA-512 support add this option to ./configure +./configure --enable-sha512 + +To add RSA key generation support add this option to ./configure +./configure --enable-keygen + +Please see ctaocrypt/test/test.c for examples and usage. + +For Windows, RIPEMD-160 and SHA-512 are enabled by default but key generation is +off by default. To turn key generation on add the define CYASSL_KEY_GEN to +CyaSSL. + + +************* CyaSSL Release 1.5.6 (7/28/2010) + +Release 1.5.6 for CyaSSL adds bug fixes, compatibility for our JSSE provider, +and a fix for GCC builds on some systems. + +For general build instructions see doc/Building_CyaSSL.pdf. + +To add AES-NI support add this option to ./configure +./configure --enable-aesni + +You'll need GCC 4.4.3 or later to make use of the assembly. + +************** CyaSSL Release 1.5.4 (7/7/2010) + +Release 1.5.4 for CyaSSL adds bug fixes, support for AES-NI, SHA1 speed +improvements from loop unrolling, and support for the Mongoose Web Server. + +For general build instructions see doc/Building_CyaSSL.pdf. + +To add AES-NI support add this option to ./configure +./configure --enable-aesni + +You'll need GCC 4.4.3 or later to make use of the assembly. + +*************** CyaSSL Release 1.5.0 (5/11/2010) + +Release 1.5.0 for CyaSSL adds bug fixes, GoAhead WebServer support, sniffer +support, and initial swig interface support. + +For general build instructions see doc/Building_CyaSSL.pdf. + +To add support for GoAhead WebServer either --enable-opensslExtra or if you +don't want all the features of opensslExtra you can just define GOAHEAD_WS +instead. GOAHEAD_WS can be added to ./configure with CFLAGS=-DGOAHEAD_WS or +you can define it yourself. + +To look at the sniffer support please see the sniffertest app in +sslSniffer/sslSnifferTest. Build with --enable-sniffer on *nix or use the +vcproj files on windows. You'll need to have pcap installed on *nix and +WinPcap on windows. + +A swig interface file is now located in the swig directory for using Python, +Java, Perl, and others with CyaSSL. This is initial support and experimental, +please send questions or comments to support@wolfssl.com. + +When doing load testing with CyaSSL, on the echoserver example say, the client +machine may run out of tcp ephemeral ports, they will end up in the TIME_WAIT +queue, and can't be reused by default. There are generally two ways to fix +this. 1) Reduce the length sockets remain on the TIME_WAIT queue or 2) Allow +items on the TIME_WAIT queue to be reused. + + +To reduce the TIME_WAIT length in OS X to 3 seconds (3000 milliseconds) + +sudo sysctl -w net.inet.tcp.msl=3000 + +In Linux + +sudo sysctl -w net.ipv4.tcp_tw_reuse=1 + +allows reuse of sockets in TIME_WAIT + +sudo sysctl -w net.ipv4.tcp_tw_recycle=1 + +works but seems to remove sockets from TIME_WAIT entirely? + +sudo sysctl -w net.ipv4.tcp_fin_timeout=1 + +doen't control TIME_WAIT, it controls FIN_WAIT(2) contrary to some posts + + +******************** CyaSSL Release 1.4.0 (2/18/2010) + +Release 1.3.0 for CyaSSL adds bug fixes, better multi TLS/SSL version support +through SSLv23_server_method(), and improved documentation in the doc/ folder. + +For general build instructions doc/Building_CyaSSL.pdf. + +******************** CyaSSL Release 1.3.0 (1/21/2010) + +Release 1.3.0 for CyaSSL adds bug fixes, a potential security problem fix, +better porting support, removal of assert()s, and a complete THREADX port. + +For general build instructions see rc1 below. + +******************** CyaSSL Release 1.2.0 (11/2/2009) + +Release 1.2.0 for CyaSSL adds bug fixes and session negotiation if first use is +read or write. + +For general build instructions see rc1 below. + +******************** CyaSSL Release 1.1.0 (9/2/2009) + +Release 1.1.0 for CyaSSL adds bug fixes, a check against malicious session +cache use, support for lighttpd, and TLS 1.2. + +To get TLS 1.2 support please use the client and server functions: + +SSL_METHOD *TLSv1_2_server_method(void); +SSL_METHOD *TLSv1_2_client_method(void); + +CyaSSL was tested against lighttpd 1.4.23. To build CyaSSL for use with +lighttpd use the following commands from the CyaSSL install dir : + +./configure --disable-shared --enable-opensslExtra --enable-fastmath --without-zlib + +make +make openssl-links + +Then to build lighttpd with CyaSSL use the following commands from the +lighttpd install dir: + +./configure --with-openssl --with-openssl-includes=/include --with-openssl-libs=/lib LDFLAGS=-lm + +make + +On some systems you may get a linker error about a duplicate symbol for +MD5_Init or other MD5 calls. This seems to be caused by the lighttpd src file +md5.c, which defines MD5_Init(), and is included in liblightcomp_la-md5.o. +When liblightcomp is linked with the SSL_LIBs the linker may complain about +the duplicate symbol. This can be fixed by editing the lighttpd src file md5.c +and adding this line to the beginning of the file: + +#if 0 + +and this line to the end of the file + +#endif + +Then from the lighttpd src dir do a: + +make clean +make + + +If you get link errors about undefined symbols more than likely the actual +OpenSSL libraries are found by the linker before the CyaSSL openssl-links that +point to the CyaSSL library, causing the linker confusion. This can be fixed +by editing the Makefile in the lighttpd src directory and changing the line: + +SSL_LIB = -lssl -lcrypto + +to + +SSL_LIB = -lcyassl + +Then from the lighttpd src dir do a: + +make clean +make + +This should remove any confusion the linker may be having with missing symbols. + +For any questions or concerns please contact support@wolfssl.com . + +For general build instructions see rc1 below. + +******************CyaSSL Release 1.0.6 (8/03/2009) + +Release 1.0.6 for CyaSSL adds bug fixes, an improved session cache, and faster +math with a huge code option. + +The session cache now defaults to a client mode, also good for embedded servers. +For servers not under heavy load (less than 200 new sessions per minute), define +BIG_SESSION_CACHE. If the server will be under heavy load, define +HUGE_SESSION_CACHE. + +There is now a fasthugemath option for configure. This enables fastmath plus +even faster math by greatly increasing the code size of the math library. Use +the benchmark utility to compare public key operations. + + +For general build instructions see rc1 below. + +******************CyaSSL Release 1.0.3 (5/10/2009) + +Release 1.0.3 for CyaSSL adds bug fixes and add increased support for OpenSSL +compatibility when building other applications. + +Release 1.0.3 includes an alpha release of DTLS for both client and servers. +This is only for testing purposes at this time. Rebroadcast and reordering +aren't fully implemented at this time but will be for the next release. + +For general build instructions see rc1 below. + +******************CyaSSL Release 1.0.2 (4/3/2009) + +Release 1.0.2 for CyaSSL adds bug fixes for a couple I/O issues. Some systems +will send a SIGPIPE on socket recv() at any time and this should be handled by +the application by turning off SIGPIPE through setsockopt() or returning from +the handler. + +Release 1.0.2 includes an alpha release of DTLS for both client and servers. +This is only for testing purposes at this time. Rebroadcast and reordering +aren't fully implemented at this time but will be for the next release. + +For general build instructions see rc1 below. + +*****************CyaSSL Release Candidate 3 rc3-1.0.0 (2/25/2009) + + +Release Candidate 3 for CyaSSL 1.0.0 adds bug fixes and adds a project file for +iPhone development with Xcode. cyassl-iphone.xcodeproj is located in the root +directory. This release also includes a fix for supporting other +implementations that bundle multiple messages at the record layer, this was +lost when cyassl i/o was re-implemented but is now fixed. + +For general build instructions see rc1 below. + +*****************CyaSSL Release Candidate 2 rc2-1.0.0 (1/21/2009) + + +Release Candidate 2 for CyaSSL 1.0.0 adds bug fixes and adds two new stream +ciphers along with their respective cipher suites. CyaSSL adds support for +HC-128 and RABBIT stream ciphers. The new suites are: + +TLS_RSA_WITH_HC_128_SHA +TLS_RSA_WITH_RABBIT_SHA + +And the corresponding cipher names are + +HC128-SHA +RABBIT-SHA + +CyaSSL also adds support for building with devkitPro for PPC by changing the +library proper to use libogc. The examples haven't been changed yet but if +there's interest they can be. Here's an example ./configure to build CyaSSL +for devkitPro: + +./configure --disable-shared CC=/pathTo/devkitpro/devkitPPC/bin/powerpc-gekko-gcc --host=ppc --without-zlib --enable-singleThreaded RANLIB=/pathTo/devkitpro/devkitPPC/bin/powerpc-gekko-ranlib CFLAGS="-DDEVKITPRO -DGEKKO" + +For linking purposes you'll need + +LDFLAGS="-g -mrvl -mcpu=750 -meabi -mhard-float -Wl,-Map,$(notdir $@).map" + +For general build instructions see rc1 below. + + +********************CyaSSL Release Candidate 1 rc1-1.0.0 (12/17/2008) + + +Release Candidate 1 for CyaSSL 1.0.0 contains major internal changes. Several +areas have optimization improvements, less dynamic memory use, and the I/O +strategy has been refactored to allow alternate I/O handling or Library use. +Many thanks to Thierry Fournier for providing these ideas and most of the work. + +Because of these changes, this release is only a candidate since some problems +are probably inevitable on some platform with some I/O use. Please report any +problems and we'll try to resolve them as soon as possible. You can contact us +at support@wolfssl.com or todd@wolfssl.com. + +Using TomsFastMath by passing --enable-fastmath to ./configure now uses assembly +on some platforms. This is new so please report any problems as every compiler, +mode, OS combination hasn't been tested. On ia32 all of the registers need to +be available so be sure to pass these options to CFLAGS: + +CFLAGS="-O3 -fomit-frame-pointer" + +OS X will also need -mdynamic-no-pic added to CFLAGS + +Also if you're building in shared mode for ia32 you'll need to pass options to +LDFLAGS as well on OS X: + +LDFLAGS=-Wl,-read_only_relocs,warning + +This gives warnings for some symbols but seems to work. + + +--To build on Linux, Solaris, *BSD, Mac OS X, or Cygwin: + + ./configure + make + + from the ./testsuite/ directory run ./testsuite + +to make a debug build: + + ./configure --enable-debug --disable-shared + make + + + +--To build on Win32 + +Choose (Re)Build All from the project workspace + +Run the testsuite program + + + + + +*************************CyaSSL version 0.9.9 (7/25/2008) + +This release of CyaSSL adds bug fixes, Pre-Shared Keys, over-rideable memory +handling, and optionally TomsFastMath. Thanks to Moisés Guimarães for the +work on TomsFastMath. + +To optionally use TomsFastMath pass --enable-fastmath to ./configure +Or define USE_FAST_MATH in each project from CyaSSL for MSVC. + +Please use the benchmark routine before and after to see the performance +difference, on some platforms the gains will be little but RSA encryption +always seems to be faster. On x86-64 machines with GCC the normal math library +may outperform the fast one when using CFLAGS=-m64 because TomsFastMath can't +yet use -m64 because of GCCs inability to do 128bit division. + + **** UPDATE GCC 4.2.1 can now do 128bit division *** + +See notes below (0.2.0) for complete build instructions. + + +****************CyaSSL version 0.9.8 (5/7/2008) + +This release of CyaSSL adds bug fixes, client side Diffie-Hellman, and better +socket handling. + +See notes below (0.2.0) for complete build instructions. + + +****************CyaSSL version 0.9.6 (1/31/2008) + +This release of CyaSSL adds bug fixes, increased session management, and a fix +for gnutls. + +See notes below (0.2.0) for complete build instructions. + + +****************CyaSSL version 0.9.0 (10/15/2007) + +This release of CyaSSL adds bug fixes, MSVC 2005 support, GCC 4.2 support, +IPV6 support and test, and new test certificates. + +See notes below (0.2.0) for complete build instructions. + + +****************CyaSSL version 0.8.0 (1/10/2007) + +This release of CyaSSL adds increased socket support, for non-blocking writes, +connects, and interrupted system calls. + +See notes below (0.2.0) for complete build instructions. + + +****************CyaSSL version 0.6.3 (10/30/2006) + +This release of CyaSSL adds debug logging to stderr to aid in the debugging of +CyaSSL on systems that may not provide the best support. + +If CyaSSL is built with debugging support then you need to call +CyaSSL_Debugging_ON() to turn logging on. + +On Unix use ./configure --enable-debug + +On Windows define DEBUG_CYASSL when building CyaSSL + + +To turn logging back off call CyaSSL_Debugging_OFF() + +See notes below (0.2.0) for complete build instructions. + + +*****************CyaSSL version 0.6.2 (10/29/2006) + +This release of CyaSSL adds TLS 1.1. + +Note that CyaSSL has certificate verification on by default, unlike OpenSSL. +To emulate OpenSSL behavior, you must call SSL_CTX_set_verify() with +SSL_VERIFY_NONE. In order to have full security you should never do this, +provide CyaSSL with the proper certificates to eliminate impostors and call +CyaSSL_check_domain_name() to prevent man in the middle attacks. + +See notes below (0.2.0) for build instructions. + +*****************CyaSSL version 0.6.0 (10/25/2006) + +This release of CyaSSL adds more SSL functions, better autoconf, nonblocking +I/O for accept, connect, and read. There is now an --enable-small configure +option that turns off TLS, AES, DES3, HMAC, and ERROR_STRINGS, see configure.in +for the defines. Note that TLS requires HMAC and AES requires TLS. + +See notes below (0.2.0) for build instructions. + + +*****************CyaSSL version 0.5.5 (09/27/2006) + +This mini release of CyaSSL adds better input processing through buffered input +and big message support. Added SSL_pending() and some sanity checks on user +settings. + +See notes below (0.2.0) for build instructions. + + +*****************CyaSSL version 0.5.0 (03/27/2006) + +This release of CyaSSL adds AES support and minor bug fixes. + +See notes below (0.2.0) for build instructions. + + +*****************CyaSSL version 0.4.0 (03/15/2006) + +This release of CyaSSL adds TLSv1 client/server support and libtool. + +See notes below for build instructions. + + +*****************CyaSSL version 0.3.0 (02/26/2006) + +This release of CyaSSL adds SSLv3 server support and session resumption. + +See notes below for build instructions. + + +*****************CyaSSL version 0.2.0 (02/19/2006) + + +This is the first release of CyaSSL and its crypt brother, CTaoCrypt. CyaSSL +is written in ANSI C with the idea of a small code size, footprint, and memory +usage in mind. CTaoCrypt can be as small as 32K, and the current client +version of CyaSSL can be as small as 12K. + + +The first release of CTaoCrypt supports MD5, SHA-1, 3DES, ARC4, Big Integer +Support, RSA, ASN parsing, and basic x509 (en/de)coding. + +The first release of CyaSSL supports normal client RSA mode SSLv3 connections +with support for SHA-1 and MD5 digests. Ciphers include 3DES and RC4. + + +--To build on Linux, Solaris, *BSD, Mac OS X, or Cygwin: + + ./configure + make + + from the ./testsuite/ directory run ./testsuite + +to make a debug build: + + ./configure --enable-debug --disable-shared + make + + + +--To build on Win32 + +Choose (Re)Build All from the project workspace + +Run the testsuite program + + + +*** The next release of CyaSSL will support a server and more OpenSSL +compatibility functions. + + +Please send questions or comments to todd@wolfssl.com + + diff --git a/NEWS.md b/NEWS.md new file mode 100644 index 000000000..d3f0a8f3d --- /dev/null +++ b/NEWS.md @@ -0,0 +1,1908 @@ +# wolfSSL Release 3.15.0 (05/01/2018) + +Release 3.15.0 of wolfSSL embedded TLS has bug fixes and new features including: + +* Support for TLS 1.3 Draft versions 23, 26 and 28. +* Improved downgrade support for TLS 1.3. +* Improved TLS 1.3 support from interoperability testing. +* Single Precision assembly code added for ARM and 64-bit ARM. +* Improved performance for Single Precision maths on 32-bit. +* Allow TLS 1.2 to be compiled out. +* Ed25519 support in TLS 1.2 and 1.3. +* Update wolfSSL_HMAC_Final() so the length parameter is optional. +* Various fixes for Coverity static analysis reports. +* Add define to use internal struct timeval (USE_WOLF_TIMEVAL_T). +* Switch LowResTimer() to call XTIME instead of time(0) for better portability. +* Expanded OpenSSL compatibility layer. +* Added Renesas CS+ project files. +* Align DH support with NIST SP 800-56A, add wc_DhSetKey_ex() for q parameter. +* Add build option for CAVP self test build (--enable-selftest). +* Expose mp_toradix() when WOLFSSL_PUBLIC_MP is defined. +* Add FIPS SGX support. +* Example certificate expiration dates and generation script updated. +* Additional optimizations to trim out unused strings depending on build options. +* Fix for DN tag strings to have “=” when returning the string value to users. +* Fix for wolfSSL_ERR_get_error_line_data return value if no more errors are in the queue. +* Fix for AES-CBC IV value with PIC32 hardware acceleration. +* Fix for wolfSSL_X509_print with ECC certificates. +* Fix for strict checking on URI absolute vs relative path. +* Added crypto device framework to handle PK RSA/ECC operations using callbacks, which adds new build option `./configure --enable-cryptodev` or `WOLF_CRYPTO_DEV`. +* Added devId support to ECC and PKCS7 for hardware based private key. +* Fixes in PKCS7 for handling possible memory leak in some error cases. +* Added test for invalid cert common name when set with `wolfSSL_check_domain_name`. +* Refactor of the cipher suite names to use single array, which contains internal name, IANA name and cipher suite bytes. +* Added new function `wolfSSL_get_cipher_name_from_suite` for getting IANA cipher suite name using bytes. +* Fixes for fsanitize reports. +* Fix for openssl compatibility function `wolfSSL_RSA_verify` to check returned size. +* Fixes and improvements for FreeRTOS AWS. +* Fixes for building openssl compatibility with FreeRTOS. +* Fix and new test for handling match on domain name that may have a null terminator inside. +* Cleanup of the socket close code used for examples, CRL/OCSP and BIO to use single macro `CloseSocket`. +* Refactor of the TLSX code to support returning error codes. +* Added new signature wrapper functions `wc_SignatureVerifyHash` and `wc_SignatureGenerateHash` to allow direct use of hash. +* Improvement to GCC-ARM IDE example. +* Enhancements and cleanups for the ASN date/time code including new API's `wc_GetDateInfo`, `wc_GetCertDates` and `wc_GetDateAsCalendarTime`. +* Fixes to resolve issues with C99 compliance. Added build option `WOLF_C99` to force C99. +* Added a new `--enable-opensslall` option to enable all openssl compatibility features. +* Added new `--enable-webclient` option for enabling a few HTTP API's. +* Added new `wc_OidGetHash` API for getting the hash type from a hash OID. +* Moved `wolfSSL_CertPemToDer`, `wolfSSL_KeyPemToDer`, `wolfSSL_PubKeyPemToDer` to asn.c and renamed to `wc_`. Added backwards compatibility macro for old function names. +* Added new `WC_MAX_SYM_KEY_SIZE` macro for helping determine max key size. +* Added `--enable-enckeys` or (`WOLFSSL_ENCRYPTED_KEYS`) to enable support for encrypted PEM private keys using password callback without having to use opensslextra. +* Added ForceZero on the password buffer after done using it. +* Refactor unique hash types to use same internal values (ex WC_MD5 == WC_HASH_TYPE_MD5). +* Refactor the Sha3 types to use `wc_` naming, while retaining old names for compatibility. +* Improvements to `wc_PBKDF1` to support more hash types and the non-standard extra data option. +* Fix TLS 1.3 with ECC disabled and CURVE25519 enabled. +* Added new define `NO_DEV_URANDOM` to disable the use of `/dev/urandom`. +* Added `WC_RNG_BLOCKING` to indicate block w/sleep(0) is okay. +* Fix for `HAVE_EXT_CACHE` callbacks not being available without `OPENSSL_EXTRA` defined. +* Fix for ECC max bits `MAX_ECC_BITS` not always calculating correctly due to macro order. +* Added support for building and using PKCS7 without RSA (assuming ECC is enabled). +* Fixes and additions for Cavium Nitrox V to support ECC, AES-GCM and HMAC (SHA-224 and SHA3). +* Enabled ECC, AES-GCM and SHA-512/384 by default in (Linux and Windows) +* Added `./configure --enable-base16` and `WOLFSSL_BASE16` configuration option to enable Base16 API's. +* Improvements to ATECC508A support for building without `WOLFSSL_ATMEL` defined. +* Refactor IO callback function names to use `_CTX_` to eliminate confusion about the first parameter. +* Added support for not loading a private key for server or client when `HAVE_PK_CALLBACK` is defined and the private PK callback is set. +* Added new ECC API `wc_ecc_sig_size_calc` to return max signature size for a key size. +* Cleanup ECC point import/export code and added new API `wc_ecc_import_unsigned`. +* Fixes for handling OCSP with non-blocking. +* Added new PK (Primary Key) callbacks for the VerifyRsaSign. The new callbacks API's are `wolfSSL_CTX_SetRsaVerifySignCb` and `wolfSSL_CTX_SetRsaPssVerifySignCb`. +* Added new ECC API `wc_ecc_rs_raw_to_sig` to take raw unsigned R and S and encodes them into ECDSA signature format. +* Added support for `WOLFSSL_STM32F1`. +* Cleanup of the ASN X509 header/footer and XSTRNCPY logic. +* Add copyright notice to autoconf files. (Thanks Brian Aker!) +* Updated the M4 files for autotools. (Thanks Brian Aker!) +* Add support for the cipher suite TLS_DH_anon_WITH_AES256_GCM_SHA384 with test cases. (Thanks Thivya Ashok!) +* Add the TLS alert message unknown_psk_identity (115) from RFC 4279, section 2. (Thanks Thivya Ashok!) +* Fix the case when using TCP with timeouts with TLS. wolfSSL shall be agnostic to network socket behavior for TLS. (DTLS is another matter.) The functions `wolfSSL_set_using_nonblock()` and `wolfSSL_get_using_nonblock()` are deprecated. +* Hush the AR warning when building the static library with autotools. +* Hush the “-pthread” warning when building in some environments. +* Added a dist-hook target to the Makefile to reset the default options.h file. +* Removed the need for the darwin-clang.m4 file with the updates provided by Brian A. +* Renamed the AES assembly file so GCC on the Mac will build it using the preprocessor. +* Add a disable option (--disable-optflags) to turn off the default optimization flags so user may supply their own custom flags. +* Correctly touch the dummy fips.h header. + +See INSTALL file for build instructions. +More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html + + +# wolfSSL Release 3.14.0 (03/02/2018) + +Release 3.14.0 of wolfSSL embedded TLS has bug fixes and new features including: + +* TLS 1.3 draft 22 and 23 support added +* Additional unit tests for; SHA3, AES-CMAC, Ed25519, ECC, RSA-PSS, AES-GCM +* Many additions to the OpenSSL compatibility layer were made in this release. Some of these being enhancements to PKCS12, WOLFSSL_X509 use, WOLFSSL_EVP_PKEY, and WOLFSSL_BIO operations +* AVX1 and AVX2 performance improvements with ChaCha20 and Poly1305 +* Added i.MX CAAM driver support with Integrity OS support +* Improvements to logging with debugging, including exposing more API calls and adding options to reduce debugging code size +* Fix for signature type detection with PKCS7 RSA SignedData +* Public key call back functions added for DH Agree +* RSA-PSS API added for operating on non inline buffers (separate input and output buffers) +* API added for importing and exporting raw DSA parameters +* Updated DSA key generation to be FIPS 186-4 compliant +* Fix for wolfSSL_check_private_key when comparing ECC keys +* Support for AES Cipher Feedback(CFB) mode added +* Updated RSA key generation to be FIPS 186-4 compliant +* Update added for the ARM CMSIS software pack +* WOLFSSL_IGNORE_FILE_WARN macro added for avoiding build warnings when not working with autotools +* Performance improvements for AES-GCM with AVX1 and AVX2 +* Fix for possible memory leak on error case with wc_RsaKeyToDer function +* Make wc_PKCS7_PadData function available +* Updates made to building SGX on Linux +* STM32 hashing algorithm improvements including clock/power optimizations and auto detection of if SHA2 is supported +* Update static memory feature for FREERTOS use +* Reverse the order that certificates are compared during PKCS12 parse to account for case where multiple certificates have the same matching private key +* Update NGINX port to version 1.13.8 +* Support for HMAC-SHA3 added +* Added stricter ASN checks to enforce RFC 5280 rules. Thanks to the report from Professor Zhenhua Duan, Professor Cong Tian, and Ph.D candidate Chu Chen from Institute of Computing Theory and Technology (ICTT) of Xidian University. +* Option to have ecc_mul2add function public facing +* Getter function wc_PKCS7_GetAttributeValue added for PKCS7 attributes +* Macros NO_AES_128, NO_AES_192, NO_AES_256 added for AES key size selection at compile time +* Support for writing multiple organizations units (OU) and domain components (DC) with CSR and certificate creation +* Support for indefinite length BER encodings in PKCS7 +* Added API for additional validation of prime q in a public DH key +* Added support for RSA encrypt and decrypt without padding + + +See INSTALL file for build instructions. +More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html + + +# wolfSSL (Formerly CyaSSL) Release 3.13.0 (12/21/2017) + +wolfSSL 3.13.0 includes bug fixes and new features, including support for +TLS 1.3 Draft 21, performance and footprint optimizations, build fixes, +updated examples and project files, and one vulnerability fix. The full list +of changes and additions in this release include: + +* Fixes for TLS 1.3, support for Draft 21 +* TLS 1.0 disabled by default, addition of “--enable-tlsv10” configure option +* New option to reduce SHA-256 code size at expense of performance + (USE_SLOW_SHA256) +* New option for memory reduced build (--enable-lowresource) +* AES-GCM performance improvements on AVX1 (IvyBridge) and AVX2 +* SHA-256 and SHA-512 performance improvements using AVX1/2 ASM +* SHA-3 size and performance optimizations +* Fixes for Intel AVX2 builds on Mac/OSX +* Intel assembly for Curve25519, and Ed25519 performance optimizations +* New option to force 32-bit mode with “--enable-32bit” +* New option to disable all inline assembly with “--disable-asm” +* Ability to override maximum signature algorithms using WOLFSSL_MAX_SIGALGO +* Fixes for handling of unsupported TLS extensions. +* Fixes for compiling AES-GCM code with GCC 4.8.* +* Allow adjusting static I/O buffer size with WOLFMEM_IO_SZ +* Fixes for building without a filesystem +* Removes 3DES and SHA1 dependencies from PKCS#7 +* Adds ability to disable PKCS#7 EncryptedData type (NO_PKCS7_ENCRYPTED_DATA) +* Add ability to get client-side SNI +* Expanded OpenSSL compatibility layer +* Fix for logging file names with OpenSSL compatibility layer enabled, with + WOLFSSL_MAX_ERROR_SZ user-overridable +* Adds static memory support to the wolfSSL example client +* Fixes for sniffer to use TLS 1.2 client method +* Adds option to wolfCrypt benchmark to benchmark individual algorithms +* Adds option to wolfCrypt benchmark to display benchmarks in powers + of 10 (-base10) +* Updated Visual Studio for ARM builds (for ECC supported curves and SHA-384) +* Updated Texas Instruments TI-RTOS build +* Updated STM32 CubeMX build with fixes for SHA +* Updated IAR EWARM project files +* Updated Apple Xcode projects with the addition of a benchmark example project + +This release of wolfSSL fixes 1 security vulnerability. + +wolfSSL is cited in the recent ROBOT Attack by Böck, Somorovsky, and Young. +The paper notes that wolfSSL only gives a weak oracle without a practical +attack but this is still a flaw. This release contains a fix for this report. +Please note that wolfSSL has static RSA cipher suites disabled by default as +of version 3.6.6 because of the lack of perfect forward secrecy. Only users +who have explicitly enabled static RSA cipher suites with WOLFSSL_STATIC_RSA +and use those suites on a host are affected. More information will be +available on our website at: + +https://wolfssl.com/wolfSSL/security/vulnerabilities.php + +See INSTALL file for build instructions. +More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html + + +# wolfSSL (Formerly CyaSSL) Release 3.12.2 (10/23/2017) + +## Release 3.12.2 of wolfSSL has bug fixes and new features including: + +This release includes many performance improvements with Intel ASM (AVX/AVX2) and AES-NI. New single precision math option to speedup RSA, DH and ECC. Embedded hardware support has been expanded for STM32, PIC32MZ and ATECC508A. AES now supports XTS mode for disk encryption. Certificate improvements for setting serial number, key usage and extended key usage. Refactor of SSL_ and hash types to allow openssl coexistence. Improvements for TLS 1.3. Fixes for OCSP stapling to allow disable and WOLFSSL specific user context for callbacks. Fixes for openssl and MySQL compatibility. Updated Micrium port. Fixes for asynchronous modes. + +* Added TLS extension for Supported Point Formats (ec_point_formats) +* Fix to not send OCSP stapling extensions in client_hello when not enabled +* Added new API's for disabling OCSP stapling +* Add check for SIZEOF_LONG with sun and LP64 +* Fixes for various TLS 1.3 disable options (RSA, ECC and ED/Curve 25519). +* Fix to disallow upgrading to TLS v1.3 +* Fixes for wolfSSL_EVP_CipherFinal() when message size is a round multiple of a block size. +* Add HMAC benchmark and expanded AES key size benchmarks +* Added simple GCC ARM Makefile example +* Add tests for 3072-bit RSA and DH. +* Fixed DRAFT_18 define and fixed downgrading with TLS v1.3 +* Fixes to allow custom serial number during certificate generation +* Add method to get WOLFSSL_CTX certificate manager +* Improvement to `wolfSSL_SetOCSP_Cb` to allow context per WOLFSSL object +* Alternate certificate chain support `WOLFSSL_ALT_CERT_CHAINS`. Enables checking cert against multiple CA's. +* Added new `--disable-oldnames` option to allow for using openssl along-side wolfssl headers (without OPENSSL_EXTRA). +* Refactor SSL_ and hashing types to use wolf specific prefix (WOLFSSL and WC_) to allow openssl coexistence. +* Fixes for HAVE_INTEL_MULX +* Cleanup include paths for MySQL cmake build +* Added configure option for building library for wolfSSH (--enable-wolfssh) +* Openssl compatibility layer improvements +* Expanded API unit tests +* Fixes for STM32 crypto hardware acceleration +* Added AES XTS mode (--enable-xts) +* Added ASN Extended Key Usage Support (see wc_SetExtKeyUsage). +* Math updates and added TFM_MIPS speedup. +* Fix for creation of the KeyUsage BitString +* Fix for 8k keys with MySQL compatibility +* Fixes for ATECC508A. +* Fixes for PIC32MZ hashing. +* Fixes and improvements to asynchronous modes for Intel QuickAssist and Cavium Nitrox V. +* Update HASH_DRBG Reseed mechanism and add test case +* Rename the file io.h/io.c to wolfio.h/wolfio.c +* Cleanup the wolfIO_Send function. +* OpenSSL Compatibility Additions and Fixes +* Improvements to Visual Studio DLL project/solution. +* Added function to generate public ECC key from private key +* Added async blocking support for sniffer tool. +* Added wolfCrypt hash tests for empty string and large data. +* Added ability to use of wolf implementation of `strtok` using `USE_WOLF_STRTOK`. +* Updated Micrium uC/OS-III Port +* Updated root certs for OCSP scripts +* New Single Precision math option for RSA, DH and ECC (off by default). See `--enable-sp`. +* Speedups for AES GCM with AESNI (--enable-aesni) +* Speedups for SHA2, ChaCha20/Poly1035 using AVX/AVX2 + + +# wolfSSL (Formerly CyaSSL) Release 3.12.0 (8/04/2017) + +## Release 3.12.0 of wolfSSL has bug fixes and new features including: + +- TLS 1.3 with Nginx! TLS 1.3 with ARMv8! TLS 1.3 with Async Crypto! (--enable-tls13) +- TLS 1.3 0RTT feature added +- Added port for using Intel SGX with Linux +- Update and fix PIC32MZ port +- Additional unit testing for MD5, SHA, SHA224, SHA256, SHA384, SHA512, RipeMd, HMAC, 3DES, IDEA, ChaCha20, ChaCha20Poly1305 AEAD, Camellia, Rabbit, ARC4, AES, RSA, Hc128 +- AVX and AVX2 assembly for improved ChaCha20 performance +- Intel QAT fixes for when using --disable-fastmath +- Update how DTLS handles decryption and MAC failures +- Update DTLS session export version number for --enable-sessionexport feature +- Add additional input argument sanity checks to ARMv8 assembly port +- Fix for making PKCS12 dynamic types match +- Fixes for potential memory leaks when using --enable-fast-rsa +- Fix for when using custom ECC curves and add BRAINPOOLP256R1 test +- Update TI-RTOS port for dependency on new wolfSSL source files +- DTLS multicast feature added, --enable-mcast +- Fix for Async crypto with GCC 7.1 and HMAC when not using Intel QuickAssist +- Improvements and enhancements to Intel QuickAssist support +- Added Xilinx port +- Added SHA3 Keccak feature, --enable-sha3 +- Expand wolfSSL Python wrapper to now include a client side implementation +- Adjust example servers to not treat a peer closed error as a hard error +- Added more sanity checks to fp_read_unsigned_bin function +- Add SHA224 and AES key wrap to ARMv8 port +- Update MQX classics and mmCAU ports +- Fix for potential buffer over read with wolfSSL_CertPemToDer +- Add PKCS7/CMS decode support for KARI with IssuerAndSerialNumber +- Fix ThreadX/NetX warning +- Fixes for OCSP and CRL non blocking sockets and for incomplete cert chain with OCSP +- Added RSA PSS sign and verify +- Fix for STM32F4 AES-GCM +- Added enable all feature (--enable-all) +- Added trackmemory feature (--enable-trackmemory) +- Fixes for AES key wrap and PKCS7 on Windows VS +- Added benchmark block size argument +- Support use of staticmemory with PKCS7 +- Fix for Blake2b build with GCC 5.4 +- Fixes for compiling wolfSSL with GCC version 7, most dealing with switch statement fall through warnings. +- Added warning when compiling without hardened math operations + + +Note: +There is a known issue with using ChaCha20 AVX assembly on versions of GCC earlier than 5.2. This is encountered with using the wolfSSL enable options --enable-intelasm and --enable-chacha. To avoid this issue ChaCha20 can be enabled with --enable-chacha=noasm. +If using --enable-intelasm and also using --enable-sha224 or --enable-sha256 there is a known issue with trying to use -fsanitize=address. + +This release of wolfSSL fixes 1 low level security vulnerability. + +Low level fix for a potential DoS attack on a wolfSSL client. Previously a client would accept many warning alert messages without a limit. This fix puts a limit to the number of warning alert messages received and if this limit is reached a fatal error ALERT_COUNT_E is returned. The max number of warning alerts by default is set to 5 and can be adjusted with the macro WOLFSSL_ALERT_COUNT_MAX. Thanks for the report from Tarun Yadav and Koustav Sadhukhan from Defence Research and Development Organization, INDIA. + + +See INSTALL file for build instructions. +More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html + + +# wolfSSL (Formerly CyaSSL) Release 3.11.1 (5/11/2017) + +## Release 3.11.1 of wolfSSL is a TLS 1.3 BETA release, which includes: + +- TLS 1.3 client and server support for TLS 1.3 with Draft 18 support + +This is strictly a BETA release, and designed for testing and user feedback. +Please send any comments, testing results, or feedback to wolfSSL at +support@wolfssl.com. + +See INSTALL file for build instructions. +More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html + + +# wolfSSL (Formerly CyaSSL) Release 3.11.0 (5/04/2017) + +## Release 3.11.0 of wolfSSL has bug fixes and new features including: + +- Code updates for warnings reported by Coverity scans +- Testing and warning fixes for FreeBSD on PowerPC +- Updates and refactoring done to ASN1 parsing functions +- Change max PSK identity buffer to account for an identity length of 128 characters +- Update Arduino script to handle recent files and additions +- Added support for PKCS#7 Signed Data with ECDSA +- Fix for interoperability with ChaCha20-Poly1305 suites using older draft versions +- DTLS update to allow multiple handshake messages in one DTLS record. Thanks to Eric Samsel over at Welch Allyn for reporting this bug. +- Intel QuickAssist asynchronous support (PR #715 - https://www.wolfssl.com/wolfSSL/Blog/Entries/2017/1/18_wolfSSL_Asynchronous_Intel_QuickAssist_Support.html) +- Added support for HAproxy load balancer +- Added option to allow SHA1 with TLS 1.2 for IIS compatibility (WOLFSSL_ALLOW_TLS_SHA1) +- Added Curve25519 51-bit Implementation, increasing performance on systems that have 128 bit types +- Fix to not send session ID on server side if session cache is off unless we're echoing +session ID as part of session tickets +- Fixes for ensuring all default ciphers are setup correctly (see PR #830) +- Added NXP Hexiwear example in `IDE/HEXIWEAR`. +- Added wolfSSL_write_dup() to create write only WOLFSSL object for concurrent access +- Fixes for TLS elliptic curve selection on private key import. +- Fixes for RNG with Intel rdrand and rdseed speedups. +- Improved performance with Intel rdrand to use full 64-bit output +- Added new --enable-intelrand option to indicate use of RDRAND preference for RNG source +- Removed RNG ARC4 support +- Added ECC helpers to get size and id from curve name. +- Added ECC Cofactor DH (ECC-CDH) support +- Added ECC private key only import / export functions. +- Added PKCS8 create function +- Improvements to TLS layer CTX handling for switching keys / certs. +- Added check for duplicate certificate policy OID in certificates. +- Normal math speed-up to not allocate on mp_int and defer until mp_grow +- Reduce heap usage with fast math when not using ALT_ECC_SIZE +- Fixes for building CRL with Windows +- Added support for inline CRL lookup when HAVE_CRL_IO is defined +- Added port for tenAsys INtime RTOS +- Improvements to uTKernel port (WOLFSSL_uTKERNEL2) +- Updated WPA Supplicant support +- Added support for Nginx +- Update stunnel port for version 5.40 +- Fixes for STM32 hardware crypto acceleration +- Extended test code coverage in bundled test.c +- Added a sanity check for minimum authentication tag size with AES-GCM. Thanks to Yueh-Hsun Lin and Peng Li at KNOX Security at Samsung Research America for suggesting this. +- Added a sanity check that subject key identifier is marked as non-critical and a check that no policy OIDS appear more than once in the cert policies extension. Thanks to the report from Professor Zhenhua Duan, Professor Cong Tian, and Ph.D candidate Chu Chen from Institute of Computing Theory and Technology (ICTT) of Xidian University, China. Profs. Zhenhua Duan and Cong Tian are supervisors of Ph.D candidate Chu Chen. + +This release of wolfSSL fixes 5 low and 1 medium level security vulnerability. + +3 Low level fixes reported by Yueh-Hsun Lin and Peng Li from KNOX Security, Samsung Research America. +- Fix for out of bounds memory access in wc_DhParamsLoad() when GetLength() returns a zero. Before this fix there is a case where wolfSSL would read out of bounds memory in the function wc_DhParamsLoad. +- Fix for DH key accepted by wc_DhAgree when the key was malformed. +- Fix for a double free case when adding CA cert into X509_store. + +Low level fix for memory management with static memory feature enabled. By default static memory is disabled. Thanks to GitHub user hajjihraf for reporting this. + + +Low level fix for out of bounds write in the function wolfSSL_X509_NAME_get_text_by_NID. This function is not used by TLS or crypto operations but could result in a buffer out of bounds write by one if called explicitly in an application. Discovered by Aleksandar Nikolic of Cisco Talos. http://talosintelligence.com/vulnerability-reports/ + +Medium level fix for check on certificate signature. There is a case in release versions 3.9.10, 3.10.0 and 3.10.2 where a corrupted signature on a peer certificate would not be properly flagged. Thanks to Wens Lo, James Tsai, Kenny Chang, and Oscar Yang at Castles Technology. + + +See INSTALL file for build instructions. +More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html + + +# wolfSSL (Formerly CyaSSL) Release 3.10.2 (2/10/2017) + +## Release 3.10.2 of wolfSSL has bug fixes and new features including: + +- Poly1305 Windows macros fix. Thanks to GitHub user Jay Satiro +- Compatibility layer expanded with multiple functions added +- Improve fp_copy performance with ALT_ECC_SIZE +- OCSP updates and improvements +- Fixes for IAR EWARM 8 compiler warnings +- Reduce stack usage with ECC_CACHE_CURVE disabled +- Added ECC export raw for public and private key +- Fix for NO_ASN_TIME build +- Supported curves extensions now populated by default +- Add DTLS build without big integer math +- Fix for static memory feature with wc_ecc_verify_hash_ex and not SHAMIR +- Added PSK interoperability testing to script bundled with wolfSSL +- Fix for Python wrapper random number generation. Compiler optimizations with Python could place the random number in same buffer location each time. Thanks to GitHub user Erik Bray (embray) +- Fix for tests on unaligned memory with static memory feature +- Add macro WOLFSSL_NO_OCSP_OPTIONAL_CERTS to skip optional OCSP certificates +- Sanity checks on NULL arguments added to wolfSSL_set_fd and wolfSSL_DTLS_SetCookieSecret +- mp_jacobi stack use reduced, thanks to Szabi Tolnai for providing a solution to reduce stack usage + + +This release of wolfSSL fixes 2 low and 1 medium level security vulnerability. + +Low level fix of buffer overflow for when loading in a malformed temporary DH file. Thanks to Yueh-Hsun Lin and Peng Li from KNOX Security, Samsung Research America for the report. + +Medium level fix for processing of OCSP response. If using OCSP without hard faults enforced and no alternate revocation checks like OCSP stapling then it is recommended to update. + +Low level fix for potential cache attack on RSA operations. If using wolfSSL RSA on a server that other users can have access to monitor the cache, then it is recommended to update wolfSSL. Thanks to Andreas Zankl, Johann Heyszl and Georg Sigl at Fraunhofer AISEC for the initial report. + +See INSTALL file for build instructions. +More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html + + +# wolfSSL (Formerly CyaSSL) Release 3.10.0 (12/21/2016) + +## Release 3.10.0 of wolfSSL has bug fixes and new features including: + +- Added support for SHA224 +- Added scrypt feature +- Build for Intel SGX use, added in directory IDE/WIN-SGX +- Fix for ChaCha20-Poly1305 ECDSA certificate type request +- Enhance PKCS#7 with ECC enveloped data and AES key wrap support +- Added support for RIOT OS +- Add support for parsing PKCS#12 files +- ECC performance increased with custom curves +- ARMv8 expanded to AArch32 and performance increased +- Added ANSI-X9.63-KDF support +- Port to STM32 F2/F4 CubeMX +- Port to Atmel ATECC508A board +- Removed fPIE by default when wolfSSL library is compiled +- Update to Python wrapper, dropping DES and adding wc_RSASetRNG +- Added support for NXP K82 hardware acceleration +- Added SCR client and server verify check +- Added a disable rng option with autoconf +- Added more tests vectors to test.c with AES-CTR +- Updated DTLS session export version number +- Updated DTLS for 64 bit sequence numbers +- Fix for memory management with TI and WOLFSSL_SMALL_STACK +- Hardening RSA CRT to be constant time +- Fix uninitialized warning with IAR compiler +- Fix for C# wrapper example IO hang on unexpected connection termination + + +This release of wolfSSL fixes a low level security vulnerability. The vulnerability reported was a potential cache attack on RSA operations. If using wolfSSL RSA on a server that other users can have access to monitor the cache, then it is recommended to update wolfSSL. Thanks to Andreas Zankl, Johann Heyszl and Georg Sigl at Fraunhofer AISEC for the report. More information will be available on our site: + +https://wolfssl.com/wolfSSL/security/vulnerabilities.php + +See INSTALL file for build instructions. +More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html + + +# wolfSSL (Formerly CyaSSL) Release 3.9.10 (9/23/2016) + +## Release 3.9.10 of wolfSSL has bug fixes and new features including: + +- Default configure option changes: + 1. DES3 disabled by default + 2. ECC Supported Curves Extension enabled by default + 3. New option Extended Master Secret enabled by default +- Added checking CA certificate path length, and new test certs +- Fix to DSA pre padding and sanity check on R/S values +- Added CTX level RNG for single-threaded builds +- Intel RDSEED enhancements +- ARMv8 hardware acceleration support for AES-CBC/CTR/GCM, SHA-256 +- Arduino support updates +- Added the Extended Master Secret TLS extension + 1. Enabled by default in configure options, API to disable + 2. Added support for Extended Master Secret to sniffer +- OCSP fix with issuer key hash, lookup refactor +- Added support for Frosted OS +- Added support for DTLS over SCTP +- Added support for static memory with wolfCrypt +- Fix to ECC Custom Curve support +- Support for asynchronous wolfCrypt RSA and TLS client +- Added distribution build configure option +- Update the test certificates + +This release of wolfSSL fixes medium level security vulnerabilities. Fixes for +potential AES, RSA, and ECC side channel leaks is included that a local user +monitoring the same CPU core cache could exploit. VM users, hyper-threading +users, and users where potential attackers have access to the CPU cache will +need to update if they utilize AES, RSA private keys, or ECC private keys. +Thanks to Gorka Irazoqui Apecechea and Xiaofei Guo from Intel Corporation for +the report. More information will be available on our site: + +https://wolfssl.com/wolfSSL/security/vulnerabilities.php + +See INSTALL file for build instructions. +More info can be found on-line at https://wolfssl.com/wolfSSL/Docs.html + + +# wolfSSL (Formerly CyaSSL) Release 3.9.8 (7/29/2016) + +##Release 3.9.8 of wolfSSL has bug fixes and new features including: + +- Add support for custom ECC curves. +- Add cipher suite ECDHE-ECDSA-AES128-CCM. +- Add compkey enable option. This option is for compressed ECC keys. +- Add in the option to use test.h without gettimeofday function using the macro + WOLFSSL_USER_CURRTIME. +- Add RSA blinding for private key operations. Enable option of harden which is + on by default. This negates timing attacks. +- Add ECC and TLS support for all SECP, Koblitz and Brainpool curves. +- Add helper functions for static memory option to allow getting optimum buffer + sizes. +- Update DTLS behavior on bad MAC. DTLS silently drops packets with bad MACs now. +- Update fp_isprime function from libtom enchancement/cleanup repository. +- Update sanity checks on inputs and return values for AES-CMAC. +- Update wolfSSL for use with MYSQL v5.6.30. +- Update LPCXpresso eclipse project to not include misc.c when not needed. +- Fix retransmit of last DTLS flight with timeout notification. The last flight + is no longer retransmitted on timeout. +- Fixes to some code in math sections for compressed ECC keys. This includes + edge cases for buffer size on allocation and adjustments for compressed curves + build. The code and full list can be found on github with pull request #456. +- Fix function argument mismatch for build with secure renegotiation. +- X.509 bug fixes for reading in malformed certificates, reported by researchers + at Columbia University +- Fix GCC version 6 warning about hard tabs in poly1305.c. This was a warning + produced by GCC 6 trying to determine the intent of code. +- Fixes for static memory option. Including avoid potential race conditions with + counters, decrement handshake counter correctly. +- Fix anonymous cipher with Diffie Hellman on the server side. Was an issue of a + possible buffer corruption. For information and code see pull request #481. + + +- One high level security fix that requires an update for use with static RSA + cipher suites was submitted. This fix was the addition of RSA blinding for + private RSA operations. We recommend servers who allow static RSA cipher + suites to also generate new private RSA keys. Static RSA cipher suites are + turned off by default. + +See INSTALL file for build instructions. +More info can be found on-line at //http://wolfssl.com/wolfSSL/Docs.html + +# wolfSSL (Formerly CyaSSL) Release 3.9.6 (6/14/2016) + +##Release 3.9.6 of wolfSSL has bug fixes and new features including: + +- Add staticmemory feature +- Add public wc_GetTime API with base64encode feature +- Add AES CMAC algorithm +- Add DTLS sessionexport feature +- Add python wolfCrypt wrapper +- Add ECC encrypt/decrypt benchmarks +- Add dynamic session tickets +- Add eccshamir option +- Add Whitewood netRandom support --with-wnr +- Add embOS port +- Add minimum key size checks for RSA and ECC +- Add STARTTLS support to examples +- Add uTasker port +- Add asynchronous crypto and wolf event support +- Add compile check for misc.c with inline +- Add RNG benchmark +- Add reduction to stack usage with hash-based RNG +- Update STM32F2_CRYPTO port with additional algorithms supported +- Update MDK5 projects +- Update AES-NI +- Fix for STM32 with STM32F2_HASH defined +- Fix for building with MinGw +- Fix ECC math bugs with ALT_ECC_SIZE and key sizes over 256 bit (1) +- Fix certificate buffers github issue #422 +- Fix decrypt max size with RSA OAEP +- Fix DTLS sanity check with DTLS timeout notification +- Fix free of WOLFSSL_METHOD on failure to create CTX +- Fix memory leak in failure case with wc_RsaFunction (2) + +- No high level security fixes that requires an update though we always +recommend updating to the latest +- (1) Code changes for ECC fix can be found at pull requests #411, #416, and #428 +- (2) Builds using RSA with using normal math and not RSA_LOW_MEM should update + +See INSTALL file for build instructions. +More info can be found on-line at //http://wolfssl.com/wolfSSL/Docs.html + +# wolfSSL (Formerly CyaSSL) Release 3.9.0 (03/18/2016) + +##Release 3.9.0 of wolfSSL has bug fixes and new features including: + +- Add new leantls configuration +- Add RSA OAEP padding at wolfCrypt level +- Add Arduino port and example client +- Add fixed point DH operation +- Add CUSTOM_RAND_GENRATE_SEED_OS and CUSTOM_RAND_GENERATE_BLOCK +- Add ECDHE-PSK cipher suites +- Add PSK ChaCha20-Poly1305 cipher suites +- Add option for fail on no peer cert except PSK suites +- Add port for Nordic nRF51 +- Add additional ECC NIST test vectors for 256, 384 and 521 +- Add more granular ECC, Ed25519/Curve25519 and AES configs +- Update to ChaCha20-Poly1305 +- Update support for Freescale KSDK 1.3.0 +- Update DER buffer handling code, refactoring and reducing memory +- Fix to AESNI 192 bit key expansion +- Fix to C# wrapper character encoding +- Fix sequence number issue with DTLS epoch 0 messages +- Fix RNGA with K64 build +- Fix ASN.1 X509 V3 certificate policy extension parsing +- Fix potential free of uninitialized RSA key in asn.c +- Fix potential underflow when using ECC build with FP_ECC +- Fixes for warnings in Visual Studio 2015 build + +- No high level security fixes that requires an update though we always +recommend updating to the latest +- FP_ECC is off by default, users with it enabled should update for the zero +sized hash fix + +See INSTALL file for build instructions. +More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html + +# wolfSSL (Formerly CyaSSL) Release 3.8.0 (12/30/2015) + +##Release 3.8.0 of wolfSSL has bug fixes and new features including: + +- Example client/server with VxWorks +- AESNI use with AES-GCM +- Stunnel compatibility enhancements +- Single shot hash and signature/verify API added +- Update cavium nitrox port +- LPCXpresso IDE support added +- C# wrapper to support wolfSSL use by a C# program +- (BETA version)OCSP stapling added +- Update OpenSSH compatibility +- Improve DTLS handshake when retransmitting finished message +- fix idea_mult() for 16 and 32bit systems +- fix LowResTimer on Microchip ports + +- No high level security fixes that requires an update though we always +recommend updating to the latest + +See INSTALL file for build instructions. +More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html + +# wolfSSL (Formerly CyaSSL) Release 3.7.0 (10/26/2015) + +##Release 3.7.0 of wolfSSL has bug fixes and new features including: + +- ALPN extension support added for HTTP2 connections with --enable-alpn +- Change of example/client/client max fragment flag -L -> -F +- Throughput benchmarking, added scripts/benchmark.test +- Sniffer API ssl_FreeDecodeBuffer added +- Addition of AES_GCM to Sniffer +- Sniffer change to handle unlimited decrypt buffer size +- New option for the sniffer where it will try to pick up decoding after a + sequence number acknowldgement fault. Also includes some additional stats. +- JNI API setter and getter function for jobject added +- User RSA crypto plugin abstraction. An example placed in wolfcrypt/user-crypto +- fix to asn configuration bug +- AES-GCM/CCM fixes. +- Port for Rowley added +- Rowley Crossworks bare metal examples added +- MDK5-ARM project update +- FreeRTOS support updates. +- VXWorks support updates. +- Added the IDEA cipher and support in wolfSSL. +- Update wolfSSL website CA. +- CFLAGS is usable when configuring source. + +- No high level security fixes that requires an update though we always +recommend updating to the latest + +See INSTALL file for build instructions. +More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html + +#wolfSSL (Formerly CyaSSL) Release 3.6.8 (09/17/2015) + +##Release 3.6.8 of wolfSSL fixes two high severity vulnerabilities. +##It also includes bug fixes and new features including: + +- Two High level security fixes, all users SHOULD update. + a) If using wolfSSL for DTLS on the server side of a publicly accessible + machine you MUST update. + b) If using wolfSSL for TLS on the server side with private RSA keys allowing + ephemeral key exchange without low memory optimziations you MUST update and + regenerate the private RSA keys. + + Please see https://www.wolfssl.com/wolfSSL/Blog/Blog.html for more details + +- No filesystem build fixes for various configurations +- Certificate generation now supports several extensions including KeyUsage, + SKID, AKID, and Ceritifcate Policies +- CRLs can be loaded from buffers as well as files now +- SHA-512 Ceritifcate Signing generation +- Fixes for sniffer reassembly processing + +See INSTALL file for build instructions. +More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html + +#wolfSSL (Formerly CyaSSL) Release 3.6.6 (08/20/2015) + +##Release 3.6.6 of wolfSSL has bug fixes and new features including: + +- OpenSSH compatibility with --enable-openssh +- stunnel compatibility with --enable-stunnel +- lighttpd compatibility with --enable-lighty +- SSLv3 is now disabled by default, can be enabled with --enable-sslv3 +- Ephemeral key cipher suites only are now supported by default + To enable static ECDH cipher suites define WOLFSSL_STATIC_DH + To enable static RSA cipher suites define WOLFSSL_STATIC_RSA + To enable static PSK cipher suites define WOLFSSL_STATIC_PSK +- Added QSH (quantum-safe handshake) extension with --enable-ntru +- SRP is now part of wolfCrypt, enable with --enabe-srp +- Certificate handshake messages can now be sent fragmented if the record + size is smaller than the total message size, no user action required. +- DTLS duplicate message fixes +- Visual Studio project files now support DLL and static builds for 32/64bit. +- Support for new Freesacle I/O +- FreeRTOS FIPS support + +- No high level security fixes that requires an update though we always + recommend updating to the latest + +See INSTALL file for build instructions. +More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html + + +#wolfSSL (Formerly CyaSSL) Release 3.6.0 (06/19/2015) + +##Release 3.6.0 of wolfSSL has bug fixes and new features including: + +- Max Strength build that only allows TLSv1.2, AEAD ciphers, and PFS (Perfect + Forward Secrecy). With --enable-maxstrength +- Server side session ticket support, the example server and echosever use the + example callback myTicketEncCb(), see wolfSSL_CTX_set_TicketEncCb() +- FIPS version submitted for iOS. +- TI Crypto Hardware Acceleration +- DTLS fragmentation fixes +- ECC key check validation with wc_ecc_check_key() +- 32bit code options to reduce memory for Curve25519 and Ed25519 +- wolfSSL JNI build switch with --enable-jni +- PicoTCP support improvements +- DH min ephemeral key size enforcement with wolfSSL_CTX_SetMinDhKey_Sz() +- KEEP_PEER_CERT and AltNames can now be used together +- ChaCha20 big endian fix +- SHA-512 signature algorithm support for key exchange and verify messages +- ECC make key crash fix on RNG failure, ECC users must update. +- Improvements to usage of time code. +- Improvements to VS solution files. +- GNU Binutils 2.24 ld has problems with some debug builds, to fix an ld error + add -fdebug-types-section to C_EXTRA_FLAGS + +- No high level security fixes that requires an update though we always + recommend updating to the latest (except note 14, ecc RNG failure) + +See INSTALL file for build instructions. +More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html + + +#wolfSSL (Formerly CyaSSL) Release 3.4.8 (04/06/2015) + +##Release 3.4.8 of wolfSSL has bug fixes and new features including: + +- FIPS version submitted for iOS. +- Max Strength build that only allows TLSv1.2, AEAD ciphers, and PFS. +- Improvements to usage of time code. +- Improvements to VS solution files. + +See INSTALL file for build instructions. +More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html + + +#wolfSSL (Formerly CyaSSL) Release 3.4.6 (03/30/2015) + +##Release 3.4.6 of wolfSSL has bug fixes and new features including: + +- Intel Assembly Speedups using instructions rdrand, rdseed, aesni, avx1/2, + rorx, mulx, adox, adcx . They can be enabled with --enable-intelasm. + These speedup the use of RNG, SHA2, and public key algorithms. +- Ed25519 support at the crypto level. Turn on with --enable-ed25519. Examples + in wolcrypt/test/test.c ed25519_test(). +- Post Handshake Memory reductions. wolfSSL can now hold less than 1,000 bytes + of memory per secure connection including cipher state. +- wolfSSL API and wolfCrypt API fixes, you can still include the cyassl and + ctaocrypt headers which will enable the compatibility APIs for the + foreseeable future +- INSTALL file to help direct users to build instructions for their environment +- For ECC users with the normal math library a fix that prevents a crash when + verify signature fails. Users of 3.4.0 with ECC and the normal math library + must update +- RC4 is now disabled by default in autoconf mode +- AES-GCM and ChaCha20/Poly1305 are now enabled by default to make AEAD ciphers + available without a switch +- External ChaCha-Poly AEAD API, thanks to Andrew Burks for the contribution +- DHE-PSK cipher suites can now be built without ASN or Cert support +- Fix some NO MD5 build issues with optional features +- Freescale CodeWarrior project updates +- ECC curves can be individually turned on/off at build time. +- Sniffer handles Cert Status message and other minor fixes +- SetMinVersion() at the wolfSSL Context level instead of just SSL session level + to allow minimum protocol version allowed at runtime +- RNG failure resource cleanup fix + +- No high level security fixes that requires an update though we always + recommend updating to the latest (except note 6 use case of ecc/normal math) + +See INSTALL file for build instructions. +More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html + + +#wolfSSL (Formerly CyaSSL) Release 3.4.0 (02/23/2015) + +## Release 3.4.0 wolfSSL has bug fixes and new features including: + +- wolfSSL API and wolfCrypt API, you can still include the cyassl and ctaocrypt + headers which will enable the compatibility APIs for the foreseeable future +- Example use of the wolfCrypt API can be found in wolfcrypt/test/test.c +- Example use of the wolfSSL API can be found in examples/client/client.c +- Curve25519 now supported at the wolfCrypt level, wolfSSL layer coming soon +- Improvements in the build configuration under AIX +- Microchip Pic32 MZ updates +- TIRTOS updates +- PowerPC updates +- Xcode project update +- Bidirectional shutdown examples in client/server with -w (wait for full + shutdown) option +- Cycle counts on benchmarks for x86_64, more coming soon +- ALT_ECC_SIZE for reducing ecc heap use with fastmath when also using large RSA + keys +- Various compile warnings +- Scan-build warning fixes +- Changed a memcpy to memmove in the sniffer (if using sniffer please update) +- No high level security fixes that requires an update though we always + recommend updating to the latest + + +# CyaSSL Release 3.3.0 (12/05/2014) + +- Countermeasuers for Handshake message duplicates, CHANGE CIPHER without + FINISHED, and fast forward attempts. Thanks to Karthikeyan Bhargavan from + the Prosecco team at INRIA Paris-Rocquencourt for the report. +- FIPS version submitted +- Removes SSLv2 Client Hello processing, can be enabled with OLD_HELLO_ALLOWED +- User can set mimimum downgrade version with CyaSSL_SetMinVersion() +- Small stack improvements at TLS/SSL layer +- TLS Master Secret generation and Key Expansion are now exposed +- Adds client side Secure Renegotiation, * not recommended * +- Client side session ticket support, not fully tested with Secure Renegotiation +- Allows up to 4096bit DHE at TLS Key Exchange layer +- Handles non standard SessionID sizes in Hello Messages +- PicoTCP Support +- Sniffer now supports SNI Virtual Hosts +- Sniffer now handles non HTTPS protocols using STARTTLS +- Sniffer can now parse records with multiple messages +- TI-RTOS updates +- Fix for ColdFire optimized fp_digit read only in explicit 32bit case +- ADH Cipher Suite ADH-AES128-SHA for EAP-FAST + +The CyaSSL manual is available at: +http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + + +# CyaSSL Release 3.2.0 (09/10/2014) + +#### Release 3.2.0 CyaSSL has bug fixes and new features including: + +- ChaCha20 and Poly1305 crypto and suites +- Small stack improvements for OCSP, CRL, TLS, DTLS +- NTRU Encrypt and Decrypt benchmarks +- Updated Visual Studio project files +- Updated Keil MDK5 project files +- Fix for DTLS sequence numbers with GCM/CCM +- Updated HashDRBG with more secure struct declaration +- TI-RTOS support and example Code Composer Studio project files +- Ability to get enabled cipher suites, CyaSSL_get_ciphers() +- AES-GCM/CCM/Direct support for Freescale mmCAU and CAU +- Sniffer improvement checking for decrypt key setup +- Support for raw ECC key import +- Ability to convert ecc_key to DER, EccKeyToDer() +- Security fix for RSA Padding check vulnerability reported by Intel Security + Advanced Threat Research team + +The CyaSSL manual is available at: +http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + + +# CyaSSL Release 3.1.0 (07/14/2014) + +#### Release 3.1.0 CyaSSL has bug fixes and new features including: + +- Fix for older versions of icc without 128-bit type +- Intel ASM syntax for AES-NI +- Updated NTRU support, keygen benchmark +- FIPS check for minimum required HMAC key length +- Small stack (--enable-smallstack) improvements for PKCS#7, ASN +- TLS extension support for DTLS +- Default I/O callbacks external to user +- Updated example client with bad clock test +- Ability to set optional ECC context info +- Ability to enable/disable DH separate from opensslextra +- Additional test key/cert buffers for CA and server +- Updated example certificates + +The CyaSSL manual is available at: +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + + +# CyaSSL Release 3.0.2 (05/30/2014) + +#### Release 3.0.2 CyaSSL has bug fixes and new features including: + +- Added the following cipher suites: + * TLS_PSK_WITH_AES_128_GCM_SHA256 + * TLS_PSK_WITH_AES_256_GCM_SHA384 + * TLS_PSK_WITH_AES_256_CBC_SHA384 + * TLS_PSK_WITH_NULL_SHA384 + * TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 + * TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 + * TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 + * TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 + * TLS_DHE_PSK_WITH_NULL_SHA256 + * TLS_DHE_PSK_WITH_NULL_SHA384 + * TLS_DHE_PSK_WITH_AES_128_CCM + * TLS_DHE_PSK_WITH_AES_256_CCM +- Added AES-NI support for Microsoft Visual Studio builds. +- Changed small stack build to be disabled by default. +- Updated the Hash DRBG and provided a configure option to enable. + +The CyaSSL manual is available at: +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + + +# CyaSSL Release 3.0.0 (04/29/2014) + +#### Release 3.0.0 CyaSSL has bug fixes and new features including: + +- FIPS release candidate +- X.509 improvements that address items reported by Suman Jana with security + researchers at UT Austin and UC Davis +- Small stack size improvements, --enable-smallstack. Offloads large local + variables to the heap. (Note this is not complete.) +- Updated AES-CCM-8 cipher suites to use approved suite numbers. + +The CyaSSL manual is available at: +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + + +# CyaSSL Release 2.9.4 (04/09/2014) + +#### Release 2.9.4 CyaSSL has bug fixes and new features including: + +- Security fixes that address items reported by Ivan Fratric of the Google + Security Team +- X.509 Unknown critical extensions treated as errors, report by Suman Jana with + security researchers at UT Austin and UC Davis +- Sniffer fixes for corrupted packet length and Jumbo frames +- ARM thumb mode assembly fixes +- Xcode 5.1 support including new clang +- PIC32 MZ hardware support +- CyaSSL Object has enough room to read the Record Header now w/o allocs +- FIPS wrappers for AES, 3DES, SHA1, SHA256, SHA384, HMAC, and RSA. +- A sample I/O pool is demonstrated with --enable-iopool to overtake memory + handling and reduce memory fragmentation on I/O large sizes + +The CyaSSL manual is available at: +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + + +# CyaSSL Release 2.9.0 (02/07/2014) + +#### Release 2.9.0 CyaSSL has bug fixes and new features including: +- Freescale Kinetis RNGB support +- Freescale Kinetis mmCAU support +- TLS Hello extensions + - ECC + - Secure Renegotiation (null) + - Truncated HMAC +- SCEP support + - PKCS #7 Enveloped data and signed data + - PKCS #10 Certificate Signing Request generation +- DTLS sliding window +- OCSP Improvements + - API change to integrate into Certificate Manager + - IPv4/IPv6 agnostic + - example client/server support for OCSP + - OCSP nonces are optional +- GMAC hashing +- Windows build additions +- Windows CYGWIN build fixes +- Updated test certificates +- Microchip MPLAB Harmony support +- Update autoconf scripts +- Additional X.509 inspection functions +- ECC encrypt/decrypt primitives +- ECC Certificate generation + +The Freescale Kinetis K53 RNGB documentation can be found in Chapter 33 of the +K53 Sub-Family Reference Manual: +http://cache.freescale.com/files/32bit/doc/ref_manual/K53P144M100SF2RM.pdf + +Freescale Kinetis K60 mmCAU (AES, DES, 3DES, MD5, SHA, SHA256) documentation +can be found in the "ColdFire/ColdFire+ CAU and Kinetis mmCAU Software Library +User Guide": +http://cache.freescale.com/files/32bit/doc/user_guide/CAUAPIUG.pdf + + +# CyaSSL Release 2.8.0 (8/30/2013) + +#### Release 2.8.0 CyaSSL has bug fixes and new features including: +- AES-GCM and AES-CCM use AES-NI +- NetX default IO callback handlers +- IPv6 fixes for DTLS Hello Cookies +- The ability to unload Certs/Keys after the handshake, CyaSSL_UnloadCertsKeys() +- SEP certificate extensions +- Callback getters for easier resource freeing +- External CYASSL_MAX_ERROR_SZ for correct error buffer sizing +- MacEncrypt and DecryptVerify Callbacks for User Atomic Record Layer Processing +- Public Key Callbacks for ECC and RSA +- Client now sends blank cert upon request if doesn't have one with TLS <= 1.2 + + +The CyaSSL manual is available at: +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + + +# CyaSSL Release 2.7.0 (6/17/2013) + +#### Release 2.7.0 CyaSSL has bug fixes and new features including: +- SNI support for client and server +- KEIL MDK-ARM projects +- Wildcard check to domain name match, and Subject altnames are checked too +- Better error messages for certificate verification errors +- Ability to discard session during handshake verify +- More consistent error returns across all APIs +- Ability to unload CAs at the CTX or CertManager level +- Authority subject id support for Certificate matching +- Persistent session cache functionality +- Persistent CA cache functionality +- Client session table lookups to push serverID table to library level +- Camellia support to sniffer +- User controllable settings for DTLS timeout values +- Sniffer fixes for caching long lived sessions +- DTLS reliability enhancements for the handshake +- Better ThreadX support + +When compiling with Mingw, libtool may give the following warning due to +path conversion errors: + +``` +libtool: link: Could not determine host file name corresponding to ** +libtool: link: Continuing, but uninstalled executables may not work. +``` + +If so, examples and testsuite will have problems when run, showing an +error while loading shared libraries. To resolve, please run "make install". + +The CyaSSL manual is available at: +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + + +# CyaSSL Release 2.6.0 (04/15/2013) + +#### Release 2.6.0 CyaSSL has bug fixes and new features including: +- DTLS 1.2 support including AEAD ciphers +- SHA-3 finalist Blake2 support, it's fast and uses little resources +- SHA-384 cipher suites including ECC ones +- HMAC now supports SHA-512 +- Track memory use for example client/server with -t option +- Better IPv6 examples with --enable-ipv6, before if ipv6 examples/tests were + turned on, localhost only was used. Now link-local (with scope ids) and ipv6 + hosts can be used as well. +- Xcode v4.6 project for iOS v6.1 update +- settings.h is now checked in all *.c files for true one file setting detection +- Better alignment at SSL layer for hardware crypto alignment needs + * Note, SSL itself isn't friendly to alignment with 5 byte TLS headers and + 13 bytes DTLS headers, but every effort is now made to align with the + CYASSL_GENERAL_ALIGNMENT flag which sets desired alignment requirement +- NO_64BIT flag to turn off 64bit data type accumulators in public key code + * Note, some systems are faster with 32bit accumulators +- --enable-stacksize for example client/server stack use + * Note, modern desktop Operating Systems may add bytes to each stack frame +- Updated compression/decompression with direct crypto access +- All ./configure options are now lowercase only for consistency +- ./configure builds default to fastmath option + * Note, if on ia32 and building in shared mode this may produce a problem + with a missing register being available because of PIC, there are at least + 6 solutions to this: + 1) --disable-fastmath , don't use fastmath + 2) --disable-shared, don't build a shared library + 3) C_EXTRA_FLAGS=-DTFM_NO_ASM , turn off assembly use + 4) use clang, it just seems to work + 5) play around with no PIC options to force all registers being open, + e.g., --without-pic + 6) if static lib is still a problem try removing fPIE +- Many new ./configure switches for option enable/disable for example + * rsa + * dh + * dsa + * md5 + * sha + * arc4 + * null (allow NULL ciphers) + * oldtls (only use TLS 1.2) + * asn (no certs or public keys allowed) +- ./configure generates cyassl/options.h which allows a header the user can + include in their app to make sure the same options are set at the app and + CyaSSL level. +- autoconf no longer needs serial-tests which lowers version requirements of + automake to 1.11 and autoconf to 2.63 + +The CyaSSL manual is available at: +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + + + +# CyaSSL Release 2.5.0 (02/04/2013) + +#### Release 2.5.0 CyaSSL has bug fixes and new features including: +- Fix for TLS CBC padding timing attack identified by Nadhem Alfardan and + Kenny Paterson: http://www.isg.rhul.ac.uk/tls/ +- Microchip PIC32 (MIPS16, MIPS32) support +- Microchip MPLAB X example projects for PIC32 Ethernet Starter Kit +- Updated CTaoCrypt benchmark app for embedded systems +- 1024-bit test certs/keys and cert/key buffers +- AES-CCM-8 crypto and cipher suites +- Camellia crypto and cipher suites +- Bumped minimum autoconf version to 2.65, automake version to 1.12 +- Addition of OCSP callbacks +- STM32F2 support with hardware crypto and RNG +- Cavium NITROX support + +CTaoCrypt now has support for the Microchip PIC32 and has been tested with +the Microchip PIC32 Ethernet Starter Kit, the XC32 compiler and +MPLAB X IDE in both MIPS16 and MIPS32 instruction set modes. See the README +located under the /mplabx directory for more details. + +To add Cavium NITROX support do: + +./configure --with-cavium=/home/user/cavium/software + +pointing to your licensed cavium/software directory. Since Cavium doesn't +build a library we pull in the cavium_common.o file which gives a libtool +warning about the portability of this. Also, if you're using the github source +tree you'll need to remove the -Wredundant-decls warning from the generated +Makefile because the cavium headers don't conform to this warning. Currently +CyaSSL supports Cavium RNG, AES, 3DES, RC4, HMAC, and RSA directly at the crypto +layer. Support at the SSL level is partial and currently just does AES, 3DES, +and RC4. RSA and HMAC are slower until the Cavium calls can be utilized in non +blocking mode. The example client turns on cavium support as does the crypto +test and benchmark. Please see the HAVE_CAVIUM define. + +CyaSSL is able to use the STM32F2 hardware-based cryptography and random number +generator through the STM32F2 Standard Peripheral Library. For necessary +defines, see the CYASSL_STM32F2 define in settings.h. Documentation for the +STM32F2 Standard Peripheral Library can be found in the following document: +http://www.st.com/internet/com/TECHNICAL_RESOURCES/TECHNICAL_LITERATURE/USER_MANUAL/DM00023896.pdf + +The CyaSSL manual is available at: +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + + + +# CyaSSL Release 2.4.6 (12/20/2012) + +#### Release 2.4.6 CyaSSL has bug fixes and a few new features including: +- ECC into main version +- Lean PSK build (reduced code size, RAM usage, and stack usage) +- FreeBSD CRL monitor support +- CyaSSL_peek() +- CyaSSL_send() and CyaSSL_recv() for I/O flag setting +- CodeWarrior Support +- MQX Support +- Freescale Kinetis support including Hardware RNG +- autoconf builds use jobserver +- cyassl-config +- Sniffer memory reductions + +Thanks to Brian Aker for the improved autoconf system, make rpm, cyassl-config, +warning system, and general good ideas for improving CyaSSL! + +The Freescale Kinetis K70 RNGA documentation can be found in Chapter 37 of the +K70 Sub-Family Reference Manual: +http://cache.freescale.com/files/microcontrollers/doc/ref_manual/K70P256M150SF3RM.pdf + +The CyaSSL manual is available at: +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + + +# CyaSSL Release 2.4.0 (10/10/2012) + +#### Release 2.4.0 CyaSSL has bug fixes and a few new features including: +- DTLS reliability +- Reduced memory usage after handshake +- Updated build process + +The CyaSSL manual is available at: +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + + + +# CyaSSL Release 2.3.0 (8/10/2012) + +#### Release 2.3.0 CyaSSL has bug fixes and a few new features including: +- AES-GCM crypto and cipher suites +- make test cipher suite checks +- Subject AltName processing +- Command line support for client/server examples +- Sniffer SessionTicket support +- SHA-384 cipher suites +- Verify cipher suite validity when user overrides +- CRL dir monitoring +- DTLS Cookie support, reliability coming soon + +The CyaSSL manual is available at: +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + + + +# CyaSSL Release 2.2.0 (5/18/2012) + +#### Release 2.2.0 CyaSSL has bug fixes and a few new features including: +- Initial CRL support (--enable-crl) +- Initial OCSP support (--enable-ocsp) +- Add static ECDH suites +- SHA-384 support +- ECC client certificate support +- Add medium session cache size (1055 sessions) +- Updated unit tests +- Protection against mutex reinitialization + + +The CyaSSL manual is available at: +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + + + +# CyaSSL Release 2.0.8 (2/24/2012) + +#### Release 2.0.8 CyaSSL has bug fixes and a few new features including: +- A fix for malicious certificates pointed out by Remi Gacogne (thanks) + resulting in NULL pointer use. +- Respond to renegotiation attempt with no_renegoatation alert +- Add basic path support for load_verify_locations() +- Add set Temp EC-DHE key size +- Extra checks on rsa test when porting into + + +The CyaSSL manual is available at: +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + + + +# CyaSSL Release 2.0.6 (1/27/2012) + +#### Release 2.0.6 CyaSSL has bug fixes and a few new features including: +- Fixes for CA basis constraint check +- CTX reference counting +- Initial unit test additions +- Lean and Mean Windows fix +- ECC benchmarking +- SSMTP build support +- Ability to group handshake messages with set_group_messages(ctx/ssl) +- CA cache addition callback +- Export Base64_Encode for general use + +The CyaSSL manual is available at: +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + + + +# CyaSSL Release 2.0.2 (12/05/2011) + +#### Release 2.0.2 CyaSSL has bug fixes and a few new features including: +- CTaoCrypt Runtime library detection settings when directly using the crypto + library +- Default certificate generation now uses SHAwRSA and adds SHA256wRSA generation +- All test certificates now use 2048bit and SHA-1 for better modern browser + support +- Direct AES block access and AES-CTR (counter) mode +- Microchip pic32 support + +The CyaSSL manual is available at: +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + + + +# CyaSSL Release 2.0.0rc3 (9/28/2011) + +#### Release 2.0.0rc3 for CyaSSL has bug fixes and a few new features including: +- updated autoconf support +- better make install and uninstall (uses system directories) +- make test / make check +- CyaSSL headers now in +- CTaocrypt headers now in +- OpenSSL compatibility headers now in +- examples and tests all run from home directory so can use certs in ./certs + (see note 1) + +So previous applications that used the OpenSSL compatibility header + now need to include instead, no other +changes are required. + +Special Thanks to Brian Aker for his autoconf, install, and header patches. + +The CyaSSL manual is available at: +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + +# CyaSSL Release 2.0.0rc2 (6/6/2011) + +#### Release 2.0.0rc2 for CyaSSL has bug fixes and a few new features including: +- bug fixes (Alerts, DTLS with DHE) +- FreeRTOS support +- lwIP support +- Wshadow warnings removed +- asn public header +- CTaoCrypt public headers now all have ctc_ prefix (the manual is still being + updated to reflect this change) +- and more. + +This is the 2nd and perhaps final release candidate for version 2. +Please send any comments or questions to support@yassl.com. + +The CyaSSL manual is available at: +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + +# CyaSSL Release 2.0.0rc1 (5/2/2011) + +#### Release 2.0.0rc1 for CyaSSL has many new features including: +- bug fixes +- SHA-256 cipher suites +- Root Certificate Verification (instead of needing all certs in the chain) +- PKCS #8 private key encryption (supports PKCS #5 v1-v2 and PKCS #12) +- Serial number retrieval for x509 +- PBKDF2 and PKCS #12 PBKDF +- UID parsing for x509 +- SHA-256 certificate signatures +- Client and server can send chains (SSL_CTX_use_certificate_chain_file) +- CA loading can now parse multiple certificates per file +- Dynamic memory runtime hooks +- Runtime hooks for logging +- EDH on server side +- More informative error codes +- More informative logging messages +- Version downgrade more robust (use SSL_v23*) +- Shared build only by default through ./configure +- Compiler visibility is now used, internal functions not polluting namespace +- Single Makefile, no recursion, for faster and simpler building +- Turn on all warnings possible build option, warning fixes +- and more. + +Because of all the new features and the multiple OS, compiler, feature-set +options that CyaSSL allows, there may be some configuration fixes needed. +Please send any comments or questions to support@yassl.com. + +The CyaSSL manual is available at: +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + +# CyaSSL Release 1.9.0 (3/2/2011) + +Release 1.9.0 for CyaSSL adds bug fixes, improved TLSv1.2 through testing and +better hash/sig algo ids, --enable-webServer for the yaSSL embedded web server, +improper AES key setup detection, user cert verify callback improvements, and +more. + +The CyaSSL manual offering is included in the doc/ directory. For build +instructions and comments about the new features please check the manual. + +Please send any comments or questions to support@yassl.com. + +# CyaSSL Release 1.8.0 (12/23/2010) + +Release 1.8.0 for CyaSSL adds bug fixes, x509 v3 CA signed certificate +generation, a C standard library abstraction layer, lower memory use, increased +portability through the os_settings.h file, and the ability to use NTRU cipher +suites when used in conjunction with an NTRU license and library. + +The initial CyaSSL manual offering is included in the doc/ directory. For +build instructions and comments about the new features please check the manual. + +Please send any comments or questions to support@yassl.com. + +Happy Holidays. + + +# CyaSSL Release 1.6.5 (9/9/2010) + +Release 1.6.5 for CyaSSL adds bug fixes and x509 v3 self signed certificate +generation. + +For general build instructions see doc/Building_CyaSSL.pdf. + +To enable certificate generation support add this option to ./configure +./configure --enable-certgen + +An example is included in ctaocrypt/test/test.c and documentation is provided +in doc/CyaSSL_Extensions_Reference.pdf item 11. + +# CyaSSL Release 1.6.0 (8/27/2010) + +Release 1.6.0 for CyaSSL adds bug fixes, RIPEMD-160, SHA-512, and RSA key +generation. + +For general build instructions see doc/Building_CyaSSL.pdf. + +To add RIPEMD-160 support add this option to ./configure +./configure --enable-ripemd + +To add SHA-512 support add this option to ./configure +./configure --enable-sha512 + +To add RSA key generation support add this option to ./configure +./configure --enable-keygen + +Please see ctaocrypt/test/test.c for examples and usage. + +For Windows, RIPEMD-160 and SHA-512 are enabled by default but key generation is +off by default. To turn key generation on add the define CYASSL_KEY_GEN to +CyaSSL. + + +# CyaSSL Release 1.5.6 (7/28/2010) + +Release 1.5.6 for CyaSSL adds bug fixes, compatibility for our JSSE provider, +and a fix for GCC builds on some systems. + +For general build instructions see doc/Building_CyaSSL.pdf. + +To add AES-NI support add this option to ./configure +./configure --enable-aesni + +You'll need GCC 4.4.3 or later to make use of the assembly. + +# CyaSSL Release 1.5.4 (7/7/2010) + +Release 1.5.4 for CyaSSL adds bug fixes, support for AES-NI, SHA1 speed +improvements from loop unrolling, and support for the Mongoose Web Server. + +For general build instructions see doc/Building_CyaSSL.pdf. + +To add AES-NI support add this option to ./configure +./configure --enable-aesni + +You'll need GCC 4.4.3 or later to make use of the assembly. + +# CyaSSL Release 1.5.0 (5/11/2010) + +Release 1.5.0 for CyaSSL adds bug fixes, GoAhead WebServer support, sniffer +support, and initial swig interface support. + +For general build instructions see doc/Building_CyaSSL.pdf. + +To add support for GoAhead WebServer either --enable-opensslExtra or if you +don't want all the features of opensslExtra you can just define GOAHEAD_WS +instead. GOAHEAD_WS can be added to ./configure with CFLAGS=-DGOAHEAD_WS or +you can define it yourself. + +To look at the sniffer support please see the sniffertest app in +sslSniffer/sslSnifferTest. Build with --enable-sniffer on *nix or use the +vcproj files on windows. You'll need to have pcap installed on *nix and +WinPcap on windows. + +A swig interface file is now located in the swig directory for using Python, +Java, Perl, and others with CyaSSL. This is initial support and experimental, +please send questions or comments to support@yassl.com. + +When doing load testing with CyaSSL, on the echoserver example say, the client +machine may run out of tcp ephemeral ports, they will end up in the TIME_WAIT +queue, and can't be reused by default. There are generally two ways to fix +this. + +1. Reduce the length sockets remain on the TIME_WAIT queue OR +2. Allow items on the TIME_WAIT queue to be reused. + + +To reduce the TIME_WAIT length in OS X to 3 seconds (3000 milliseconds) + +`sudo sysctl -w net.inet.tcp.msl=3000` + +In Linux + +`sudo sysctl -w net.ipv4.tcp_tw_reuse=1` + +allows reuse of sockets in TIME_WAIT + +`sudo sysctl -w net.ipv4.tcp_tw_recycle=1` + +works but seems to remove sockets from TIME_WAIT entirely? + +`sudo sysctl -w net.ipv4.tcp_fin_timeout=1` + +doen't control TIME_WAIT, it controls FIN_WAIT(2) contrary to some posts + + +# CyaSSL Release 1.4.0 (2/18/2010) + +Release 1.3.0 for CyaSSL adds bug fixes, better multi TLS/SSL version support +through SSLv23_server_method(), and improved documentation in the doc/ folder. + +For general build instructions doc/Building_CyaSSL.pdf. + +# CyaSSL Release 1.3.0 (1/21/2010) + +Release 1.3.0 for CyaSSL adds bug fixes, a potential security problem fix, +better porting support, removal of assert()s, and a complete THREADX port. + +For general build instructions see rc1 below. + +# CyaSSL Release 1.2.0 (11/2/2009) + +Release 1.2.0 for CyaSSL adds bug fixes and session negotiation if first use is +read or write. + +For general build instructions see rc1 below. + +# CyaSSL Release 1.1.0 (9/2/2009) + +Release 1.1.0 for CyaSSL adds bug fixes, a check against malicious session +cache use, support for lighttpd, and TLS 1.2. + +To get TLS 1.2 support please use the client and server functions: + +```c +SSL_METHOD *TLSv1_2_server_method(void); +SSL_METHOD *TLSv1_2_client_method(void); +``` + +CyaSSL was tested against lighttpd 1.4.23. To build CyaSSL for use with +lighttpd use the following commands from the CyaSSL install dir : + +``` +./configure --disable-shared --enable-opensslExtra --enable-fastmath --without-zlib + +make +make openssl-links +``` + +Then to build lighttpd with CyaSSL use the following commands from the +lighttpd install dir: + +``` +./configure --with-openssl --with-openssl-includes=/include --with-openssl-libs=/lib LDFLAGS=-lm + +make +``` + +On some systems you may get a linker error about a duplicate symbol for +MD5_Init or other MD5 calls. This seems to be caused by the lighttpd src file +md5.c, which defines MD5_Init(), and is included in liblightcomp_la-md5.o. +When liblightcomp is linked with the SSL_LIBs the linker may complain about +the duplicate symbol. This can be fixed by editing the lighttpd src file md5.c +and adding this line to the beginning of the file: + +\#if 0 + +and this line to the end of the file + +\#endif + +Then from the lighttpd src dir do a: + +``` +make clean +make +``` + +If you get link errors about undefined symbols more than likely the actual +OpenSSL libraries are found by the linker before the CyaSSL openssl-links that +point to the CyaSSL library, causing the linker confusion. This can be fixed +by editing the Makefile in the lighttpd src directory and changing the line: + +`SSL_LIB = -lssl -lcrypto` + +to + +`SSL_LIB = -lcyassl` + +Then from the lighttpd src dir do a: + +``` +make clean +make +``` + +This should remove any confusion the linker may be having with missing symbols. + +For any questions or concerns please contact support@yassl.com . + +For general build instructions see rc1 below. + +# CyaSSL Release 1.0.6 (8/03/2009) + +Release 1.0.6 for CyaSSL adds bug fixes, an improved session cache, and faster +math with a huge code option. + +The session cache now defaults to a client mode, also good for embedded servers. +For servers not under heavy load (less than 200 new sessions per minute), define +BIG_SESSION_CACHE. If the server will be under heavy load, define +HUGE_SESSION_CACHE. + +There is now a fasthugemath option for configure. This enables fastmath plus +even faster math by greatly increasing the code size of the math library. Use +the benchmark utility to compare public key operations. + + +For general build instructions see rc1 below. + +# CyaSSL Release 1.0.3 (5/10/2009) + +Release 1.0.3 for CyaSSL adds bug fixes and add increased support for OpenSSL +compatibility when building other applications. + +Release 1.0.3 includes an alpha release of DTLS for both client and servers. +This is only for testing purposes at this time. Rebroadcast and reordering +aren't fully implemented at this time but will be for the next release. + +For general build instructions see rc1 below. + +# CyaSSL Release 1.0.2 (4/3/2009) + +Release 1.0.2 for CyaSSL adds bug fixes for a couple I/O issues. Some systems +will send a SIGPIPE on socket recv() at any time and this should be handled by +the application by turning off SIGPIPE through setsockopt() or returning from +the handler. + +Release 1.0.2 includes an alpha release of DTLS for both client and servers. +This is only for testing purposes at this time. Rebroadcast and reordering +aren't fully implemented at this time but will be for the next release. + +For general build instructions see rc1 below. + +## CyaSSL Release Candidate 3 rc3-1.0.0 (2/25/2009) + + +Release Candidate 3 for CyaSSL 1.0.0 adds bug fixes and adds a project file for +iPhone development with Xcode. cyassl-iphone.xcodeproj is located in the root +directory. This release also includes a fix for supporting other +implementations that bundle multiple messages at the record layer, this was +lost when cyassl i/o was re-implemented but is now fixed. + +For general build instructions see rc1 below. + +## CyaSSL Release Candidate 2 rc2-1.0.0 (1/21/2009) + + +Release Candidate 2 for CyaSSL 1.0.0 adds bug fixes and adds two new stream +ciphers along with their respective cipher suites. CyaSSL adds support for +HC-128 and RABBIT stream ciphers. The new suites are: + +``` +TLS_RSA_WITH_HC_128_SHA +TLS_RSA_WITH_RABBIT_SHA +``` + +And the corresponding cipher names are + +``` +HC128-SHA +RABBIT-SHA +``` + +CyaSSL also adds support for building with devkitPro for PPC by changing the +library proper to use libogc. The examples haven't been changed yet but if +there's interest they can be. Here's an example ./configure to build CyaSSL +for devkitPro: + +``` +./configure --disable-shared CC=/pathTo/devkitpro/devkitPPC/bin/powerpc-gekko-gcc --host=ppc --without-zlib --enable-singleThreaded RANLIB=/pathTo/devkitpro/devkitPPC/bin/powerpc-gekko-ranlib CFLAGS="-DDEVKITPRO -DGEKKO" +``` + +For linking purposes you'll need + +`LDFLAGS="-g -mrvl -mcpu=750 -meabi -mhard-float -Wl,-Map,$(notdir $@).map"` + +For general build instructions see rc1 below. + + +## CyaSSL Release Candidate 1 rc1-1.0.0 (12/17/2008) + + +Release Candidate 1 for CyaSSL 1.0.0 contains major internal changes. Several +areas have optimization improvements, less dynamic memory use, and the I/O +strategy has been refactored to allow alternate I/O handling or Library use. +Many thanks to Thierry Fournier for providing these ideas and most of the work. + +Because of these changes, this release is only a candidate since some problems +are probably inevitable on some platform with some I/O use. Please report any +problems and we'll try to resolve them as soon as possible. You can contact us +at support@yassl.com or todd@yassl.com. + +Using TomsFastMath by passing --enable-fastmath to ./configure now uses assembly +on some platforms. This is new so please report any problems as every compiler, +mode, OS combination hasn't been tested. On ia32 all of the registers need to +be available so be sure to pass these options to CFLAGS: + +`CFLAGS="-O3 -fomit-frame-pointer"` + +OS X will also need -mdynamic-no-pic added to CFLAGS + +Also if you're building in shared mode for ia32 you'll need to pass options to +LDFLAGS as well on OS X: + +`LDFLAGS=-Wl,-read_only_relocs,warning` + +This gives warnings for some symbols but seems to work. + + +#### To build on Linux, Solaris, *BSD, Mac OS X, or Cygwin: + + ./configure + make + + from the ./testsuite/ directory run ./testsuite + +#### To make a debug build: + + ./configure --enable-debug --disable-shared + make + + + +#### To build on Win32 + +Choose (Re)Build All from the project workspace + +Run the testsuite program + + + + + +# CyaSSL version 0.9.9 (7/25/2008) + +This release of CyaSSL adds bug fixes, Pre-Shared Keys, over-rideable memory +handling, and optionally TomsFastMath. Thanks to Moisés Guimarães for the +work on TomsFastMath. + +To optionally use TomsFastMath pass --enable-fastmath to ./configure +Or define USE_FAST_MATH in each project from CyaSSL for MSVC. + +Please use the benchmark routine before and after to see the performance +difference, on some platforms the gains will be little but RSA encryption +always seems to be faster. On x86-64 machines with GCC the normal math library +may outperform the fast one when using CFLAGS=-m64 because TomsFastMath can't +yet use -m64 because of GCCs inability to do 128bit division. + + *** UPDATE GCC 4.2.1 can now do 128bit division *** + +See notes below (0.2.0) for complete build instructions. + + +# CyaSSL version 0.9.8 (5/7/2008) + +This release of CyaSSL adds bug fixes, client side Diffie-Hellman, and better +socket handling. + +See notes below (0.2.0) for complete build instructions. + + +# CyaSSL version 0.9.6 (1/31/2008) + +This release of CyaSSL adds bug fixes, increased session management, and a fix +for gnutls. + +See notes below (0.2.0) for complete build instructions. + + +# CyaSSL version 0.9.0 (10/15/2007) + +This release of CyaSSL adds bug fixes, MSVC 2005 support, GCC 4.2 support, +IPV6 support and test, and new test certificates. + +See notes below (0.2.0) for complete build instructions. + + +# CyaSSL version 0.8.0 (1/10/2007) + +This release of CyaSSL adds increased socket support, for non-blocking writes, +connects, and interrupted system calls. + +See notes below (0.2.0) for complete build instructions. + + +# CyaSSL version 0.6.3 (10/30/2006) + +This release of CyaSSL adds debug logging to stderr to aid in the debugging of +CyaSSL on systems that may not provide the best support. + +If CyaSSL is built with debugging support then you need to call +CyaSSL_Debugging_ON() to turn logging on. + +On Unix use ./configure --enable-debug + +On Windows define DEBUG_CYASSL when building CyaSSL + + +To turn logging back off call CyaSSL_Debugging_OFF() + +See notes below (0.2.0) for complete build instructions. + + +# CyaSSL version 0.6.2 (10/29/2006) + +This release of CyaSSL adds TLS 1.1. + +Note that CyaSSL has certificate verification on by default, unlike OpenSSL. +To emulate OpenSSL behavior, you must call SSL_CTX_set_verify() with +SSL_VERIFY_NONE. In order to have full security you should never do this, +provide CyaSSL with the proper certificates to eliminate impostors and call +CyaSSL_check_domain_name() to prevent man in the middle attacks. + +See notes below (0.2.0) for build instructions. + +# CyaSSL version 0.6.0 (10/25/2006) + +This release of CyaSSL adds more SSL functions, better autoconf, nonblocking +I/O for accept, connect, and read. There is now an --enable-small configure +option that turns off TLS, AES, DES3, HMAC, and ERROR_STRINGS, see configure.in +for the defines. Note that TLS requires HMAC and AES requires TLS. + +See notes below (0.2.0) for build instructions. + + +# CyaSSL version 0.5.5 (09/27/2006) + +This mini release of CyaSSL adds better input processing through buffered input +and big message support. Added SSL_pending() and some sanity checks on user +settings. + +See notes below (0.2.0) for build instructions. + + +# CyaSSL version 0.5.0 (03/27/2006) + +This release of CyaSSL adds AES support and minor bug fixes. + +See notes below (0.2.0) for build instructions. + + +# CyaSSL version 0.4.0 (03/15/2006) + +This release of CyaSSL adds TLSv1 client/server support and libtool. + +See notes below for build instructions. + + +# CyaSSL version 0.3.0 (02/26/2006) + +This release of CyaSSL adds SSLv3 server support and session resumption. + +See notes below for build instructions. + + +# CyaSSL version 0.2.0 (02/19/2006) + + +This is the first release of CyaSSL and its crypt brother, CTaoCrypt. CyaSSL +is written in ANSI C with the idea of a small code size, footprint, and memory +usage in mind. CTaoCrypt can be as small as 32K, and the current client +version of CyaSSL can be as small as 12K. + + +The first release of CTaoCrypt supports MD5, SHA-1, 3DES, ARC4, Big Integer +Support, RSA, ASN parsing, and basic x509 (en/de)coding. + +The first release of CyaSSL supports normal client RSA mode SSLv3 connections +with support for SHA-1 and MD5 digests. Ciphers include 3DES and RC4. + + +#### To build on Linux, Solaris, *BSD, Mac OS X, or Cygwin: + + ./configure + make + + from the ./testsuite/ directory run ./testsuite + +#### to make a debug build: + + ./configure --enable-debug --disable-shared + make + + + +#### To build on Win32 + +Choose (Re)Build All from the project workspace + +Run the testsuite program + + + +*** The next release of CyaSSL will support a server and more OpenSSL +compatibility functions. + + +Please send questions or comments to todd@wolfssl.com diff --git a/README b/README index ace91ea4c..296cffb37 100644 --- a/README +++ b/README @@ -72,1789 +72,144 @@ wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0); before calling wolfSSL_new(); Though it's not recommended. +Note 3) +The enum values SHA, SHA256, SHA384, SHA512 are no longer available when +wolfSSL is built with --enable-opensslextra (OPENSSL_EXTRA) or with the macro +NO_OLD_SHA_NAMES. These names get mapped to the OpenSSL API for a single call +hash function. Instead the name WC_SHA, WC_SHA256, WC_SHA384 and WC_SHA512 +should be used for the enum name. + *** end Notes *** -********* wolfSSL Release 3.14.0 (3/02/2018) +** wolfSSL Release 3.15.0 (05/01/2018) -Release 3.14.0 of wolfSSL embedded TLS has bug fixes and new features including: - -- TLS 1.3 draft 22 and 23 support added -- Additional unit tests for; SHA3, AES-CMAC, Ed25519, ECC, RSA-PSS, AES-GCM -- Many additions to the OpenSSL compatibility layer were made in this release. Some of these being enhancements to PKCS12, WOLFSSL_X509 use, WOLFSSL_EVP_PKEY, and WOLFSSL_BIO operations -- AVX1 and AVX2 performance improvements with ChaCha20 and Poly1305 -- Added i.MX CAAM driver support with Integrity OS support -- Improvements to logging with debugging, including exposing more API calls and adding options to reduce debugging code size -- Fix for signature type detection with PKCS7 RSA SignedData -- Public key call back functions added for DH Agree -- RSA-PSS API added for operating on non inline buffers (separate input and output buffers) -- API added for importing and exporting raw DSA parameters -- Updated DSA key generation to be FIPS 186-4 compliant -- Fix for wolfSSL_check_private_key when comparing ECC keys -- Support for AES Cipher Feedback(CFB) mode added -- Updated RSA key generation to be FIPS 186-4 compliant -- Update added for the ARM CMSIS software pack -- WOLFSSL_IGNORE_FILE_WARN macro added for avoiding build warnings when not working with autotools -- Performance improvements for AES-GCM with AVX1 and AVX2 -- Fix for possible memory leak on error case with wc_RsaKeyToDer function -- Make wc_PKCS7_PadData function available -- Updates made to building SGX on Linux -- STM32 hashing algorithm improvements including clock/power optimizations and auto detection of if SHA2 is supported -- Update static memory feature for FREERTOS use -- Reverse the order that certificates are compared during PKCS12 parse to account for case where multiple certificates have the same matching private key -- Update NGINX port to version 1.13.8 -- Support for HMAC-SHA3 added -- Added stricter ASN checks to enforce RFC 5280 rules. Thanks to the report from Professor Zhenhua Duan, Professor Cong Tian, and Ph.D candidate Chu Chen from Institute of Computing Theory and Technology (ICTT) of Xidian University. -- Option to have ecc_mul2add function public facing -- Getter function wc_PKCS7_GetAttributeValue added for PKCS7 attributes -- Macros NO_AES_128, NO_AES_192, NO_AES_256 added for AES key size selection at compile time -- Support for writing multiple organizations units (OU) and domain components (DC) with CSR and certificate creation -- Support for indefinite length BER encodings in PKCS7 -- Added API for additional validation of prime q in a public DH key -- Added support for RSA encrypt and decrypt without padding +Release 3.15.0 of wolfSSL embedded TLS has bug fixes and new features including: +- Support for TLS 1.3 Draft versions 23, 26 and 28. +- Improved downgrade support for TLS 1.3. +- Improved TLS 1.3 support from interoperability testing. +- Single Precision assembly code added for ARM and 64-bit ARM. +- Improved performance for Single Precision maths on 32-bit. +- Allow TLS 1.2 to be compiled out. +- Ed25519 support in TLS 1.2 and 1.3. +- Update wolfSSL_HMAC_Final() so the length parameter is optional. +- Various fixes for Coverity static analysis reports. +- Add define to use internal struct timeval (USE_WOLF_TIMEVAL_T). +- Switch LowResTimer() to call XTIME instead of time(0) for better portability. +- Expanded OpenSSL compatibility layer. +- Added Renesas CS+ project files. +- Align DH support with NIST SP 800-56A, add wc_DhSetKey_ex() for q parameter. +- Add build option for CAVP self test build (--enable-selftest). +- Expose mp_toradix() when WOLFSSL_PUBLIC_MP is defined. +- Add FIPS SGX support. +- Example certificate expiration dates and generation script updated. +- Additional optimizations to trim out unused strings depending on build + options. +- Fix for DN tag strings to have “=” when returning the string value to users. +- Fix for wolfSSL_ERR_get_error_line_data return value if no more errors are + in the queue. +- Fix for AES-CBC IV value with PIC32 hardware acceleration. +- Fix for wolfSSL_X509_print with ECC certificates. +- Fix for strict checking on URI absolute vs relative path. +- Added crypto device framework to handle PK RSA/ECC operations using + callbacks, which adds new build option `./configure --enable-cryptodev` or + `WOLF_CRYPTO_DEV`. +- Added devId support to ECC and PKCS7 for hardware based private key. +- Fixes in PKCS7 for handling possible memory leak in some error cases. +- Added test for invalid cert common name when set with + `wolfSSL_check_domain_name`. +- Refactor of the cipher suite names to use single array, which contains + internal name, IANA name and cipher suite bytes. +- Added new function `wolfSSL_get_cipher_name_from_suite` for getting IANA + cipher suite name using bytes. +- Fixes for fsanitize reports. +- Fix for openssl compatibility function `wolfSSL_RSA_verify` to check + returned size. +- Fixes and improvements for FreeRTOS AWS. +- Fixes for building openssl compatibility with FreeRTOS. +- Fix and new test for handling match on domain name that may have a null + terminator inside. +- Cleanup of the socket close code used for examples, CRL/OCSP and BIO to use + single macro `CloseSocket`. +- Refactor of the TLSX code to support returning error codes. +- Added new signature wrapper functions `wc_SignatureVerifyHash` and + `wc_SignatureGenerateHash` to allow direct use of hash. +- Improvement to GCC-ARM IDE example. +- Enhancements and cleanups for the ASN date/time code including new API's + `wc_GetDateInfo`, `wc_GetCertDates` and `wc_GetDateAsCalendarTime`. +- Fixes to resolve issues with C99 compliance. Added build option `WOLF_C99` + to force C99. +- Added a new `--enable-opensslall` option to enable all openssl compatibility + features. +- Added new `--enable-webclient` option for enabling a few HTTP API's. +- Added new `wc_OidGetHash` API for getting the hash type from a hash OID. +- Moved `wolfSSL_CertPemToDer`, `wolfSSL_KeyPemToDer`, `wolfSSL_PubKeyPemToDer` + to asn.c and renamed to `wc_`. Added backwards compatibility macro for old + function names. +- Added new `WC_MAX_SYM_KEY_SIZE` macro for helping determine max key size. +- Added `--enable-enckeys` or (`WOLFSSL_ENCRYPTED_KEYS`) to enable support for + encrypted PEM private keys using password callback without having to use + opensslextra. +- Added ForceZero on the password buffer after done using it. +- Refactor unique hash types to use same internal values + (ex WC_MD5 == WC_HASH_TYPE_MD5). +- Refactor the Sha3 types to use `wc_` naming, while retaining old names for + compatibility. +- Improvements to `wc_PBKDF1` to support more hash types and the non-standard + extra data option. +- Fix TLS 1.3 with ECC disabled and CURVE25519 enabled. +- Added new define `NO_DEV_URANDOM` to disable the use of `/dev/urandom`. +- Added `WC_RNG_BLOCKING` to indicate block w/sleep(0) is okay. +- Fix for `HAVE_EXT_CACHE` callbacks not being available without + `OPENSSL_EXTRA` defined. +- Fix for ECC max bits `MAX_ECC_BITS` not always calculating correctly due to + macro order. +- Added support for building and using PKCS7 without RSA (assuming ECC is + enabled). +- Fixes and additions for Cavium Nitrox V to support ECC, AES-GCM and HMAC + (SHA-224 and SHA3). +- Enabled ECC, AES-GCM and SHA-512/384 by default in (Linux and Windows) +- Added `./configure --enable-base16` and `WOLFSSL_BASE16` configuration + option to enable Base16 API's. +- Improvements to ATECC508A support for building without `WOLFSSL_ATMEL` + defined. +- Refactor IO callback function names to use `_CTX_` to eliminate confusion + about the first parameter. +- Added support for not loading a private key for server or client when + `HAVE_PK_CALLBACK` is defined and the private PK callback is set. +- Added new ECC API `wc_ecc_sig_size_calc` to return max signature size for + a key size. +- Cleanup ECC point import/export code and added new API + `wc_ecc_import_unsigned`. +- Fixes for handling OCSP with non-blocking. +- Added new PK (Primary Key) callbacks for the VerifyRsaSign. The new + callbacks API's are `wolfSSL_CTX_SetRsaVerifySignCb` and + `wolfSSL_CTX_SetRsaPssVerifySignCb`. +- Added new ECC API `wc_ecc_rs_raw_to_sig` to take raw unsigned R and S and + encodes them into ECDSA signature format. +- Added support for `WOLFSSL_STM32F1`. +- Cleanup of the ASN X509 header/footer and XSTRNCPY logic. +- Add copyright notice to autoconf files. (Thanks Brian Aker!) +- Updated the M4 files for autotools. (Thanks Brian Aker!) +- Add support for the cipher suite TLS_DH_anon_WITH_AES256_GCM_SHA384 with + test cases. (Thanks Thivya Ashok!) +- Add the TLS alert message unknown_psk_identity (115) from RFC 4279, + section 2. (Thanks Thivya Ashok!) +- Fix the case when using TCP with timeouts with TLS. wolfSSL shall be + agnostic to network socket behavior for TLS. (DTLS is another matter.) + The functions `wolfSSL_set_using_nonblock()` and + `wolfSSL_get_using_nonblock()` are deprecated. +- Hush the AR warning when building the static library with autotools. +- Hush the “-pthread” warning when building in some environments. +- Added a dist-hook target to the Makefile to reset the default options.h file. +- Removed the need for the darwin-clang.m4 file with the updates provided by + Brian A. +- Renamed the AES assembly file so GCC on the Mac will build it using the + preprocessor. +- Add a disable option (--disable-optflags) to turn off the default + optimization flags so user may supply their own custom flags. +- Correctly touch the dummy fips.h header. See INSTALL file for build instructions. More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html - - -********* wolfSSL (Formerly CyaSSL) Release 3.13.0 (12/21/2017) - -wolfSSL 3.13.0 includes bug fixes and new features, including support for -TLS 1.3 Draft 21, performance and footprint optimizations, build fixes, -updated examples and project files, and one vulnerability fix. The full list -of changes and additions in this release include: - -- Fixes for TLS 1.3, support for Draft 21 -- TLS 1.0 disabled by default, addition of “--enable-tlsv10” configure option -- New option to reduce SHA-256 code size at expense of performance - (USE_SLOW_SHA256) -- New option for memory reduced build (--enable-lowresource) -- AES-GCM performance improvements on AVX1 (IvyBridge) and AVX2 -- SHA-256 and SHA-512 performance improvements using AVX1/2 ASM -- SHA-3 size and performance optimizations -- Fixes for Intel AVX2 builds on Mac/OSX -- Intel assembly for Curve25519, and Ed25519 performance optimizations -- New option to force 32-bit mode with “--enable-32bit” -- New option to disable all inline assembly with “--disable-asm” -- Ability to override maximum signature algorithms using WOLFSSL_MAX_SIGALGO -- Fixes for handling of unsupported TLS extensions. -- Fixes for compiling AES-GCM code with GCC 4.8.* -- Allow adjusting static I/O buffer size with WOLFMEM_IO_SZ -- Fixes for building without a filesystem -- Removes 3DES and SHA1 dependencies from PKCS#7 -- Adds ability to disable PKCS#7 EncryptedData type (NO_PKCS7_ENCRYPTED_DATA) -- Add ability to get client-side SNI -- Expanded OpenSSL compatibility layer -- Fix for logging file names with OpenSSL compatibility layer enabled, with - WOLFSSL_MAX_ERROR_SZ user-overridable -- Adds static memory support to the wolfSSL example client -- Fixes for sniffer to use TLS 1.2 client method -- Adds option to wolfCrypt benchmark to benchmark individual algorithms -- Adds option to wolfCrypt benchmark to display benchmarks in powers - of 10 (-base10) -- Updated Visual Studio for ARM builds (for ECC supported curves and SHA-384) -- Updated Texas Instruments TI-RTOS build -- Updated STM32 CubeMX build with fixes for SHA -- Updated IAR EWARM project files -- Updated Apple Xcode projects with the addition of a benchmark example project - -This release of wolfSSL fixes 1 security vulnerability. - -wolfSSL is cited in the recent ROBOT Attack by Böck, Somorovsky, and Young. -The paper notes that wolfSSL only gives a weak oracle without a practical -attack but this is still a flaw. This release contains a fix for this report. -Please note that wolfSSL has static RSA cipher suites disabled by default as -of version 3.6.6 because of the lack of perfect forward secrecy. Only users -who have explicitly enabled static RSA cipher suites with WOLFSSL_STATIC_RSA -and use those suites on a host are affected. More information will be -available on our website at: - - https://wolfssl.com/wolfSSL/security/vulnerabilities.php - -See INSTALL file for build instructions. -More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html - - -********* wolfSSL (Formerly CyaSSL) Release 3.12.2 (10/23/2017) - -Release 3.12.2 of wolfSSL has bug fixes and new features including: - -This release includes many performance improvements with Intel ASM (AVX/AVX2) and AES-NI. New single precision math option to speedup RSA, DH and ECC. Embedded hardware support has been expanded for STM32, PIC32MZ and ATECC508A. AES now supports XTS mode for disk encryption. Certificate improvements for setting serial number, key usage and extended key usage. Refactor of SSL_ and hash types to allow openssl coexistence. Improvements for TLS 1.3. Fixes for OCSP stapling to allow disable and WOLFSSL specific user context for callbacks. Fixes for openssl and MySQL compatibility. Updated Micrium port. Fixes for asynchronous modes. - -- Added TLS extension for Supported Point Formats (ec_point_formats) -- Fix to not send OCSP stapling extensions in client_hello when not enabled -- Added new API's for disabling OCSP stapling -- Add check for SIZEOF_LONG with sun and LP64 -- Fixes for various TLS 1.3 disable options (RSA, ECC and ED/Curve 25519). -- Fix to disallow upgrading to TLS v1.3 -- Fixes for wolfSSL_EVP_CipherFinal() when message size is a round multiple of a block size. -- Add HMAC benchmark and expanded AES key size benchmarks -- Added simple GCC ARM Makefile example -- Add tests for 3072-bit RSA and DH. -- Fixed DRAFT_18 define and fixed downgrading with TLS v1.3 -- Fixes to allow custom serial number during certificate generation -- Add method to get WOLFSSL_CTX certificate manager -- Improvement to `wolfSSL_SetOCSP_Cb` to allow context per WOLFSSL object -- Alternate certificate chain support `WOLFSSL_ALT_CERT_CHAINS`. Enables checking cert against multiple CA's. -- Added new `--disable-oldnames` option to allow for using openssl along-side wolfssl headers (without OPENSSL_EXTRA). -- Refactor SSL_ and hashing types to use wolf specific prefix (WOLFSSL and WC_) to allow openssl coexistence. -- Fixes for HAVE_INTEL_MULX -- Cleanup include paths for MySQL cmake build -- Added configure option for building library for wolfSSH (--enable-wolfssh) -- Openssl compatibility layer improvements -- Expanded API unit tests -- Fixes for STM32 crypto hardware acceleration -- Added AES XTS mode (--enable-xts) -- Added ASN Extended Key Usage Support (see wc_SetExtKeyUsage). -- Math updates and added TFM_MIPS speedup. -- Fix for creation of the KeyUsage BitString -- Fix for 8k keys with MySQL compatibility -- Fixes for ATECC508A. -- Fixes for PIC32MZ hashing. -- Fixes and improvements to asynchronous modes for Intel QuickAssist and Cavium Nitrox V. -- Update HASH_DRBG Reseed mechanism and add test case -- Rename the file io.h/io.c to wolfio.h/wolfio.c -- Cleanup the wolfIO_Send function. -- OpenSSL Compatibility Additions and Fixes -- Improvements to Visual Studio DLL project/solution. -- Added function to generate public ECC key from private key -- Added async blocking support for sniffer tool. -- Added wolfCrypt hash tests for empty string and large data. -- Added ability to use of wolf implementation of `strtok` using `USE_WOLF_STRTOK`. -- Updated Micrium uC/OS-III Port -- Updated root certs for OCSP scripts -- New Single Precision math option for RSA, DH and ECC (off by default). See `--enable-sp`. -- Speedups for AES GCM with AESNI (--enable-aesni) -- Speedups for SHA2, ChaCha20/Poly1035 using AVX/AVX2 - - -********* wolfSSL (Formerly CyaSSL) Release 3.12.0 (8/04/2017) - -Release 3.12.0 of wolfSSL has bug fixes and new features including: - -- TLS 1.3 with Nginx! TLS 1.3 with ARMv8! TLS 1.3 with Async Crypto! (--enable-tls13) -- TLS 1.3 0RTT feature added -- Added port for using Intel SGX with Linux -- Update and fix PIC32MZ port -- Additional unit testing for MD5, SHA, SHA224, SHA256, SHA384, SHA512, RipeMd, HMAC, 3DES, IDEA, ChaCha20, ChaCha20Poly1305 AEAD, Camellia, Rabbit, ARC4, AES, RSA, Hc128 -- AVX and AVX2 assembly for improved ChaCha20 performance -- Intel QAT fixes for when using --disable-fastmath -- Update how DTLS handles decryption and MAC failures -- Update DTLS session export version number for --enable-sessionexport feature -- Add additional input argument sanity checks to ARMv8 assembly port -- Fix for making PKCS12 dynamic types match -- Fixes for potential memory leaks when using --enable-fast-rsa -- Fix for when using custom ECC curves and add BRAINPOOLP256R1 test -- Update TI-RTOS port for dependency on new wolfSSL source files -- DTLS multicast feature added, --enable-mcast -- Fix for Async crypto with GCC 7.1 and HMAC when not using Intel QuickAssist -- Improvements and enhancements to Intel QuickAssist support -- Added Xilinx port -- Added SHA3 Keccak feature, --enable-sha3 -- Expand wolfSSL Python wrapper to now include a client side implementation -- Adjust example servers to not treat a peer closed error as a hard error -- Added more sanity checks to fp_read_unsigned_bin function -- Add SHA224 and AES key wrap to ARMv8 port -- Update MQX classics and mmCAU ports -- Fix for potential buffer over read with wolfSSL_CertPemToDer -- Add PKCS7/CMS decode support for KARI with IssuerAndSerialNumber -- Fix ThreadX/NetX warning -- Fixes for OCSP and CRL non blocking sockets and for incomplete cert chain with OCSP -- Added RSA PSS sign and verify -- Fix for STM32F4 AES-GCM -- Added enable all feature (--enable-all) -- Added trackmemory feature (--enable-trackmemory) -- Fixes for AES key wrap and PKCS7 on Windows VS -- Added benchmark block size argument -- Support use of staticmemory with PKCS7 -- Fix for Blake2b build with GCC 5.4 -- Fixes for compiling wolfSSL with GCC version 7, most dealing with switch statement fall through warnings. -- Added warning when compiling without hardened math operations - - -Note: -There is a known issue with using ChaCha20 AVX assembly on versions of GCC earlier than 5.2. This is encountered with using the wolfSSL enable options --enable-intelasm and --enable-chacha. To avoid this issue ChaCha20 can be enabled with --enable-chacha=noasm. -If using --enable-intelasm and also using --enable-sha224 or --enable-sha256 there is a known issue with trying to use -fsanitize=address. - -This release of wolfSSL fixes 1 low level security vulnerability. - -Low level fix for a potential DoS attack on a wolfSSL client. Previously a client would accept many warning alert messages without a limit. This fix puts a limit to the number of warning alert messages received and if this limit is reached a fatal error ALERT_COUNT_E is returned. The max number of warning alerts by default is set to 5 and can be adjusted with the macro WOLFSSL_ALERT_COUNT_MAX. Thanks for the report from Tarun Yadav and Koustav Sadhukhan from Defence Research and Development Organization, INDIA. - - -See INSTALL file for build instructions. -More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html - - -********* wolfSSL (Formerly CyaSSL) Release 3.11.1 (5/11/2017) - -Release 3.11.1 of wolfSSL is a TLS 1.3 BETA release, which includes: - -- TLS 1.3 client and server support for TLS 1.3 with Draft 18 support - -This is strictly a BETA release, and designed for testing and user feedback. -Please send any comments, testing results, or feedback to wolfSSL at -support@wolfssl.com. - -See INSTALL file for build instructions. -More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html - - -********* wolfSSL (Formerly CyaSSL) Release 3.11.0 (5/04/2017) - -Release 3.11.0 of wolfSSL has bug fixes and new features including: - -- Code updates for warnings reported by Coverity scans -- Testing and warning fixes for FreeBSD on PowerPC -- Updates and refactoring done to ASN1 parsing functions -- Change max PSK identity buffer to account for an identity length of 128 characters -- Update Arduino script to handle recent files and additions -- Added support for PKCS#7 Signed Data with ECDSA -- Fix for interoperability with ChaCha20-Poly1305 suites using older draft versions -- DTLS update to allow multiple handshake messages in one DTLS record. Thanks to Eric Samsel over at Welch Allyn for reporting this bug. -- Intel QuickAssist asynchronous support (PR #715 - https://www.wolfssl.com/wolfSSL/Blog/Entries/2017/1/18_wolfSSL_Asynchronous_Intel_QuickAssist_Support.html) -- Added support for HAproxy load balancer -- Added option to allow SHA1 with TLS 1.2 for IIS compatibility (WOLFSSL_ALLOW_TLS_SHA1) -- Added Curve25519 51-bit Implementation, increasing performance on systems that have 128 bit types -- Fix to not send session ID on server side if session cache is off unless we're echoing -session ID as part of session tickets -- Fixes for ensuring all default ciphers are setup correctly (see PR #830) -- Added NXP Hexiwear example in `IDE/HEXIWEAR`. -- Added wolfSSL_write_dup() to create write only WOLFSSL object for concurrent access -- Fixes for TLS elliptic curve selection on private key import. -- Fixes for RNG with Intel rdrand and rdseed speedups. -- Improved performance with Intel rdrand to use full 64-bit output -- Added new --enable-intelrand option to indicate use of RDRAND preference for RNG source -- Removed RNG ARC4 support -- Added ECC helpers to get size and id from curve name. -- Added ECC Cofactor DH (ECC-CDH) support -- Added ECC private key only import / export functions. -- Added PKCS8 create function -- Improvements to TLS layer CTX handling for switching keys / certs. -- Added check for duplicate certificate policy OID in certificates. -- Normal math speed-up to not allocate on mp_int and defer until mp_grow -- Reduce heap usage with fast math when not using ALT_ECC_SIZE -- Fixes for building CRL with Windows -- Added support for inline CRL lookup when HAVE_CRL_IO is defined -- Added port for tenAsys INtime RTOS -- Improvements to uTKernel port (WOLFSSL_uTKERNEL2) -- Updated WPA Supplicant support -- Added support for Nginx -- Update stunnel port for version 5.40 -- Fixes for STM32 hardware crypto acceleration -- Extended test code coverage in bundled test.c -- Added a sanity check for minimum authentication tag size with AES-GCM. Thanks to Yueh-Hsun Lin and Peng Li at KNOX Security at Samsung Research America for suggesting this. -- Added a sanity check that subject key identifier is marked as non-critical and a check that no policy OIDS appear more than once in the cert policies extension. Thanks to the report from Professor Zhenhua Duan, Professor Cong Tian, and Ph.D candidate Chu Chen from Institute of Computing Theory and Technology (ICTT) of Xidian University, China. Profs. Zhenhua Duan and Cong Tian are supervisors of Ph.D candidate Chu Chen. - - -This release of wolfSSL fixes 5 low and 1 medium level security vulnerability. - -3 Low level fixes reported by Yueh-Hsun Lin and Peng Li from KNOX Security, Samsung Research America. -- Fix for out of bounds memory access in wc_DhParamsLoad() when GetLength() returns a zero. Before this fix there is a case where wolfSSL would read out of bounds memory in the function wc_DhParamsLoad. -- Fix for DH key accepted by wc_DhAgree when the key was malformed. -- Fix for a double free case when adding CA cert into X509_store. - -Low level fix for memory management with static memory feature enabled. By default static memory is disabled. Thanks to GitHub user hajjihraf for reporting this. - -Low level fix for out of bounds write in the function wolfSSL_X509_NAME_get_text_by_NID. This function is not used by TLS or crypto operations but could result in a buffer out of bounds write by one if called explicitly in an application. Discovered by Aleksandar Nikolic of Cisco Talos. http://talosintelligence.com/vulnerability-reports/ - -Medium level fix for check on certificate signature. There is a case in release versions 3.9.10, 3.10.0 and 3.10.2 where a corrupted signature on a peer certificate would not be properly flagged. Thanks to Wens Lo, James Tsai, Kenny Chang, and Oscar Yang at Castles Technology. - - -See INSTALL file for build instructions. -More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html - - -********* wolfSSL (Formerly CyaSSL) Release 3.10.2 (2/10/2017) - -Release 3.10.2 of wolfSSL has bug fixes and new features including: - -- Poly1305 Windows macros fix. Thanks to GitHub user Jay Satiro -- Compatibility layer expanded with multiple functions added -- Improve fp_copy performance with ALT_ECC_SIZE -- OCSP updates and improvements -- Fixes for IAR EWARM 8 compiler warnings -- Reduce stack usage with ECC_CACHE_CURVE disabled -- Added ECC export raw for public and private key -- Fix for NO_ASN_TIME build -- Supported curves extensions now populated by default -- Add DTLS build without big integer math -- Fix for static memory feature with wc_ecc_verify_hash_ex and not SHAMIR -- Added PSK interoperability testing to script bundled with wolfSSL -- Fix for Python wrapper random number generation. Compiler optimizations with Python could place the random number in same buffer location each time. Thanks to GitHub user Erik Bray (embray) -- Fix for tests on unaligned memory with static memory feature -- Add macro WOLFSSL_NO_OCSP_OPTIONAL_CERTS to skip optional OCSP certificates -- Sanity checks on NULL arguments added to wolfSSL_set_fd and wolfSSL_DTLS_SetCookieSecret -- mp_jacobi stack use reduced, thanks to Szabi Tolnai for providing a solution to reduce stack usage - - -This release of wolfSSL fixes 2 low and 1 medium level security vulnerability. - -Low level fix of buffer overflow for when loading in a malformed temporary DH file. Thanks to Yueh-Hsun Lin and Peng Li from KNOX Security, Samsung Research America for the report. - -Medium level fix for processing of OCSP response. If using OCSP without hard faults enforced and no alternate revocation checks like OCSP stapling then it is recommended to update. - -Low level fix for potential cache attack on RSA operations. If using wolfSSL RSA on a server that other users can have access to monitor the cache, then it is recommended to update wolfSSL. Thanks to Andreas Zankl, Johann Heyszl and Georg Sigl at Fraunhofer AISEC for the initial report. - -See INSTALL file for build instructions. -More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html - -********* wolfSSL (Formerly CyaSSL) Release 3.10.0 (12/21/2016) - -Release 3.10.0 of wolfSSL has bug fixes and new features including: - -- Added support for SHA224 -- Added scrypt feature -- Build for Intel SGX use, added in directory IDE/WIN-SGX -- Fix for ChaCha20-Poly1305 ECDSA certificate type request -- Enhance PKCS#7 with ECC enveloped data and AES key wrap support -- Added support for RIOT OS -- Add support for parsing PKCS#12 files -- ECC performance increased with custom curves -- ARMv8 expanded to AArch32 and performance increased -- Added ANSI-X9.63-KDF support -- Port to STM32 F2/F4 CubeMX -- Port to Atmel ATECC508A board -- Removed fPIE by default when wolfSSL library is compiled -- Update to Python wrapper, dropping DES and adding wc_RSASetRNG -- Added support for NXP K82 hardware acceleration -- Added SCR client and server verify check -- Added a disable rng option with autoconf -- Added more tests vectors to test.c with AES-CTR -- Updated DTLS session export version number -- Updated DTLS for 64 bit sequence numbers -- Fix for memory management with TI and WOLFSSL_SMALL_STACK -- Hardening RSA CRT to be constant time -- Fix uninitialized warning with IAR compiler -- Fix for C# wrapper example IO hang on unexpected connection termination - - -This release of wolfSSL fixes a low level security vulnerability. The vulnerability reported was a potential cache attack on RSA operations. If using wolfSSL RSA on a server that other users can have access to monitor the cache, then it is recommended to update wolfSSL. Thanks to Andreas Zankl, Johann Heyszl and Georg Sigl at Fraunhofer AISEC for the report. More information will be available on our site: - -https://wolfssl.com/wolfSSL/security/vulnerabilities.php - -See INSTALL file for build instructions. -More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html - -********* wolfSSL (Formerly CyaSSL) Release 3.9.10 (9/23/2016) - -Release 3.9.10 of wolfSSL has bug fixes and new features including: - -- Default configure option changes: - 1. DES3 disabled by default - 2. ECC Supported Curves Extension enabled by default - 3. New option Extended Master Secret enabled by default -- Added checking CA certificate path length, and new test certs -- Fix to DSA pre padding and sanity check on R/S values -- Added CTX level RNG for single-threaded builds -- Intel RDSEED enhancements -- ARMv8 hardware acceleration support for AES-CBC/CTR/GCM, SHA-256 -- Arduino support updates -- Added the Extended Master Secret TLS extension - 1. Enabled by default in configure options, API to disable - 2. Added support for Extended Master Secret to sniffer -- OCSP fix with issuer key hash, lookup refactor -- Added support for Frosted OS -- Added support for DTLS over SCTP -- Added support for static memory with wolfCrypt -- Fix to ECC Custom Curve support -- Support for asynchronous wolfCrypt RSA and TLS client -- Added distribution build configure option -- Update the test certificates - -This release of wolfSSL fixes medium level security vulnerabilities. Fixes for -potential AES, RSA, and ECC side channel leaks is included that a local user -monitoring the same CPU core cache could exploit. VM users, hyper-threading -users, and users where potential attackers have access to the CPU cache will -need to update if they utilize AES, RSA private keys, or ECC private keys. -Thanks to Gorka Irazoqui Apecechea and Xiaofei Guo from Intel Corporation for -the report. More information will be available on our site: - - https://wolfssl.com/wolfSSL/security/vulnerabilities.php - -See INSTALL file for build instructions. -More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html - -********* wolfSSL (Formerly CyaSSL) Release 3.9.8 (7/29/2016) - -Release 3.9.8 of wolfSSL has bug fixes and new features including: - -- Add support for custom ECC curves. -- Add cipher suite ECDHE-ECDSA-AES128-CCM. -- Add compkey enable option. This option is for compressed ECC keys. -- Add in the option to use test.h without gettimeofday function using the macro - WOLFSSL_USER_CURRTIME. -- Add RSA blinding for private key operations. Enable option of harden which is - on by default. This negates timing attacks. -- Add ECC and TLS support for all SECP, Koblitz and Brainpool curves. -- Add helper functions for static memory option to allow getting optimum buffer - sizes. -- Update DTLS behavior on bad MAC. DTLS silently drops packets with bad MACs now. -- Update fp_isprime function from libtom enchancement/cleanup repository. -- Update sanity checks on inputs and return values for AES-CMAC. -- Update wolfSSL for use with MYSQL v5.6.30. -- Update LPCXpresso eclipse project to not include misc.c when not needed. -- Fix retransmit of last DTLS flight with timeout notification. The last flight - is no longer retransmitted on timeout. -- Fixes to some code in math sections for compressed ECC keys. This includes - edge cases for buffer size on allocation and adjustments for compressed curves - build. The code and full list can be found on github with pull request #456. -- Fix function argument mismatch for build with secure renegotiation. -- X.509 bug fixes for reading in malformed certificates, reported by researchers - at Columbia University -- Fix GCC version 6 warning about hard tabs in poly1305.c. This was a warning - produced by GCC 6 trying to determine the intent of code. -- Fixes for static memory option. Including avoid potential race conditions with - counters, decrement handshake counter correctly. -- Fix anonymous cipher with Diffie Hellman on the server side. Was an issue of a - possible buffer corruption. For information and code see pull request #481. - - -- One high level security fix that requires an update for use with static RSA - cipher suites was submitted. This fix was the addition of RSA blinding for - private RSA operations. We recommend servers who allow static RSA cipher - suites to also generate new private RSA keys. Static RSA cipher suites are - turned off by default. - -See INSTALL file for build instructions. -More info can be found on-line at //http://wolfssl.com/wolfSSL/Docs.html - - ********* wolfSSL (Formerly CyaSSL) Release 3.9.6 (6/14/2016) - -Release 3.9.6 of wolfSSL has bug fixes and new features including: - -- Add staticmemory feature -- Add public wc_GetTime API with base64encode feature -- Add AES CMAC algorithm -- Add DTLS sessionexport feature -- Add python wolfCrypt wrapper -- Add ECC encrypt/decrypt benchmarks -- Add dynamic session tickets -- Add eccshamir option -- Add Whitewood netRandom support --with-wnr -- Add embOS port -- Add minimum key size checks for RSA and ECC -- Add STARTTLS support to examples -- Add uTasker port -- Add asynchronous crypto and wolf event support -- Add compile check for misc.c with inline -- Add RNG benchmark -- Add reduction to stack usage with hash-based RNG -- Update STM32F2_CRYPTO port with additional algorithms supported -- Update MDK5 projects -- Update AES-NI -- Fix for STM32 with STM32F2_HASH defined -- Fix for building with MinGw -- Fix ECC math bugs with ALT_ECC_SIZE and key sizes over 256 bit (1) -- Fix certificate buffers github issue #422 -- Fix decrypt max size with RSA OAEP -- Fix DTLS sanity check with DTLS timeout notification -- Fix free of WOLFSSL_METHOD on failure to create CTX -- Fix memory leak in failure case with wc_RsaFunction (2) - -- No high level security fixes that requires an update though we always -recommend updating to the latest -- (1) Code changes for ECC fix can be found at pull requests #411, #416, and #428 -- (2) Builds using RSA with using normal math and not RSA_LOW_MEM should update -- Tag 3.9.6w is for a Windows example echoserver fix - -See INSTALL file for build instructions. -More info can be found on-line at //http://wolfssl.com/wolfSSL/Docs.html - - ********* wolfSSL (Formerly CyaSSL) Release 3.9.0 (3/18/2016) - -Release 3.9.0 of wolfSSL has bug fixes and new features including: - -- Add new leantls configuration -- Add RSA OAEP padding at wolfCrypt level -- Add Arduino port and example client -- Add fixed point DH operation -- Add CUSTOM_RAND_GENRATE_SEED_OS and CUSTOM_RAND_GENERATE_BLOCK -- Add ECDHE-PSK cipher suites -- Add PSK ChaCha20-Poly1305 cipher suites -- Add option for fail on no peer cert except PSK suites -- Add port for Nordic nRF51 -- Add additional ECC NIST test vectors for 256, 384 and 521 -- Add more granular ECC, Ed25519/Curve25519 and AES configs -- Update to ChaCha20-Poly1305 -- Update support for Freescale KSDK 1.3.0 -- Update DER buffer handling code, refactoring and reducing memory -- Fix to AESNI 192 bit key expansion -- Fix to C# wrapper character encoding -- Fix sequence number issue with DTLS epoch 0 messages -- Fix RNGA with K64 build -- Fix ASN.1 X509 V3 certificate policy extension parsing -- Fix potential free of uninitialized RSA key in asn.c -- Fix potential underflow when using ECC build with FP_ECC -- Fixes for warnings in Visual Studio 2015 build - -- No high level security fixes that requires an update though we always -recommend updating to the latest -- FP_ECC is off by default, users with it enabled should update for the zero -sized hash fix - -See INSTALL file for build instructions. -More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html - - ********* wolfSSL (Formerly CyaSSL) Release 3.8.0 (12/30/2015) - -Release 3.8.0 of wolfSSL has bug fixes and new features including: - -- Example client/server with VxWorks -- AESNI use with AES-GCM -- Stunnel compatibility enhancements -- Single shot hash and signature/verify API added -- Update cavium nitrox port -- LPCXpresso IDE support added -- C# wrapper to support wolfSSL use by a C# program -- (BETA version)OCSP stapling added -- Update OpenSSH compatibility -- Improve DTLS handshake when retransmitting finished message -- fix idea_mult() for 16 and 32bit systems -- fix LowResTimer on Microchip ports - -- No high level security fixes that requires an update though we always -recommend updating to the latest - -See INSTALL file for build instructions. -More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html - - ********* wolfSSL (Formerly CyaSSL) Release 3.7.0 (10/26/2015) - -Release 3.7.0 of wolfSSL has bug fixes and new features including: - -- ALPN extension support added for HTTP2 connections with --enable-alpn -- Change of example/client/client max fragment flag -L -> -F -- Throughput benchmarking, added scripts/benchmark.test -- Sniffer API ssl_FreeDecodeBuffer added -- Addition of AES_GCM to Sniffer -- Sniffer change to handle unlimited decrypt buffer size -- New option for the sniffer where it will try to pick up decoding after a - sequence number acknowldgement fault. Also includes some additional stats. -- JNI API setter and getter function for jobject added -- User RSA crypto plugin abstraction. An example placed in wolfcrypt/user-crypto -- fix to asn configuration bug -- AES-GCM/CCM fixes. -- Port for Rowley added -- Rowley Crossworks bare metal examples added -- MDK5-ARM project update -- FreeRTOS support updates. -- VXWorks support updates. -- Added the IDEA cipher and support in wolfSSL. -- Update wolfSSL website CA. -- CFLAGS is usable when configuring source. - -- No high level security fixes that requires an update though we always -recommend updating to the latest - -See INSTALL file for build instructions. -More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html - - ********* wolfSSL (Formerly CyaSSL) Release 3.6.8 (09/17/2015) - -Release 3.6.8 of wolfSSL fixes two high severity vulnerabilities. It also -includes bug fixes and new features including: - -- Two High level security fixes, all users SHOULD update. - a) If using wolfSSL for DTLS on the server side of a publicly accessible - machine you MUST update. - b) If using wolfSSL for TLS on the server side with private RSA keys allowing - ephemeral key exchange without low memory optimizations you MUST update and - regenerate the private RSA keys. - - Please see https://www.wolfssl.com/wolfSSL/Blog/Blog.html for more details - -- No filesystem build fixes for various configurations -- Certificate generation now supports several extensions including KeyUsage, - SKID, AKID, and Certificate Policies -- CRLs can be loaded from buffers as well as files now -- SHA-512 Certificate Signing generation -- Fixes for sniffer reassembly processing - -See INSTALL file for build instructions. -More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html - - ********* wolfSSL (Formerly CyaSSL) Release 3.6.6 (08/20/2015) - -Release 3.6.6 of wolfSSL has bug fixes and new features including: - -- OpenSSH compatibility with --enable-openssh -- stunnel compatibility with --enable-stunnel -- lighttpd compatibility with --enable-lighty -- SSLv3 is now disabled by default, can be enabled with --enable-sslv3 -- Ephemeral key cipher suites only are now supported by default - To enable static ECDH cipher suites define WOLFSSL_STATIC_DH - To enable static RSA cipher suites define WOLFSSL_STATIC_RSA - To enable static PSK cipher suites define WOLFSSL_STATIC_PSK -- Added QSH (quantum-safe handshake) extension with --enable-ntru -- SRP is now part of wolfCrypt, enable with --enabe-srp -- Certificate handshake messages can now be sent fragmented if the record - size is smaller than the total message size, no user action required. -- DTLS duplicate message fixes -- Visual Studio project files now support DLL and static builds for 32/64bit. -- Support for new Freescale I/O -- FreeRTOS FIPS support - -- No high level security fixes that requires an update though we always - recommend updating to the latest - -See INSTALL file for build instructions. -More information can be found on-line at //http://wolfssl.com/yaSSL/Docs.html - - **************** wolfSSL (Formerly CyaSSL) Release 3.6.0 (06/19/2015) - -Release 3.6.0 of wolfSSL has bug fixes and new features including: - -- Max Strength build that only allows TLSv1.2, AEAD ciphers, and PFS (Perfect - Forward Secrecy). With --enable-maxstrength -- Server side session ticket support, the example server and echoserver use the - example callback myTicketEncCb(), see wolfSSL_CTX_set_TicketEncCb() -- FIPS version submitted for iOS. -- TI Crypto Hardware Acceleration -- DTLS fragmentation fixes -- ECC key check validation with wc_ecc_check_key() -- 32bit code options to reduce memory for Curve25519 and Ed25519 -- wolfSSL JNI build switch with --enable-jni -- PicoTCP support improvements -- DH min ephemeral key size enforcement with wolfSSL_CTX_SetMinDhKey_Sz() -- KEEP_PEER_CERT and AltNames can now be used together -- ChaCha20 big endian fix -- SHA-512 signature algorithm support for key exchange and verify messages -- ECC make key crash fix on RNG failure, ECC users must update. -- Improvements to usage of time code. -- Improvements to VS solution files. -- GNU Binutils 2.24 (and late 2.23) ld has problems with some debug builds, - to fix an ld error add C_EXTRA_FLAGS="-fdebug-types-section -g1". - -- No high level security fixes that requires an update though we always - recommend updating to the latest (except note 14, ecc RNG failure) - -See INSTALL file for build instructions. -More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html - - - *****************wolfSSL (Formerly CyaSSL) Release 3.4.6 (03/30/2015) - -Release 3.4.6 of wolfSSL has bug fixes and new features including: - -- Intel Assembly Speedups using instructions rdrand, rdseed, aesni, avx1/2, - rorx, mulx, adox, adcx . They can be enabled with --enable-intelasm. - These speedup the use of RNG, SHA2, and public key algorithms. -- Ed25519 support at the crypto level. Turn on with --enable-ed25519. Examples - in wolcrypt/test/test.c ed25519_test(). -- Post Handshake Memory reductions. wolfSSL can now hold less than 1,000 bytes - of memory per secure connection including cipher state. -- wolfSSL API and wolfCrypt API fixes, you can still include the cyassl and - ctaocrypt headers which will enable the compatibility APIs for the - foreseeable future -- INSTALL file to help direct users to build instructions for their environment -- For ECC users with the normal math library a fix that prevents a crash when - verify signature fails. Users of 3.4.0 with ECC and the normal math library - must update -- RC4 is now disabled by default in autoconf mode -- AES-GCM and ChaCha20/Poly1305 are now enabled by default to make AEAD ciphers - available without a switch -- External ChaCha-Poly AEAD API, thanks to Andrew Burks for the contribution -- DHE-PSK cipher suites can now be built without ASN or Cert support -- Fix some NO MD5 build issues with optional features -- Freescale CodeWarrior project updates -- ECC curves can be individually turned on/off at build time. -- Sniffer handles Cert Status message and other minor fixes -- SetMinVersion() at the wolfSSL Context level instead of just SSL session level - to allow minimum protocol version allowed at runtime -- RNG failure resource cleanup fix - -- No high level security fixes that requires an update though we always - recommend updating to the latest (except note 6 use case of ecc/normal math) - -See INSTALL file for build instructions. -More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html - - - *****************wolfSSL (Formerly CyaSSL) Release 3.4.0 (02/23/2015) - -Release 3.4.0 wolfSSL has bug fixes and new features including: - -- wolfSSL API and wolfCrypt API, you can still include the cyassl and ctaocrypt - headers which will enable the compatibility APIs for the foreseeable future -- Example use of the wolfCrypt API can be found in wolfcrypt/test/test.c -- Example use of the wolfSSL API can be found in examples/client/client.c -- Curve25519 now supported at the wolfCrypt level, wolfSSL layer coming soon -- Improvements in the build configuration under AIX -- Microchip Pic32 MZ updates -- TIRTOS updates -- PowerPC updates -- Xcode project update -- Bidirectional shutdown examples in client/server with -w (wait for full - shutdown) option -- Cycle counts on benchmarks for x86_64, more coming soon -- ALT_ECC_SIZE for reducing ecc heap use with fastmath when also using large RSA - keys -- Various compile warnings -- Scan-build warning fixes -- Changed a memcpy to memmove in the sniffer (if using sniffer please update) -- No high level security fixes that requires an update though we always - recommend updating to the latest - - - ***********CyaSSL Release 3.3.0 (12/05/2014) - -- Countermeasuers for Handshake message duplicates, CHANGE CIPHER without - FINISHED, and fast forward attempts. Thanks to Karthikeyan Bhargavan from - the Prosecco team at INRIA Paris-Rocquencourt for the report. -- FIPS version submitted -- Removes SSLv2 Client Hello processing, can be enabled with OLD_HELLO_ALLOWED -- User can set minimum downgrade version with CyaSSL_SetMinVersion() -- Small stack improvements at TLS/SSL layer -- TLS Master Secret generation and Key Expansion are now exposed -- Adds client side Secure Renegotiation, * not recommended * -- Client side session ticket support, not fully tested with Secure Renegotiation -- Allows up to 4096bit DHE at TLS Key Exchange layer -- Handles non standard SessionID sizes in Hello Messages -- PicoTCP Support -- Sniffer now supports SNI Virtual Hosts -- Sniffer now handles non HTTPS protocols using STARTTLS -- Sniffer can now parse records with multiple messages -- TI-RTOS updates -- Fix for ColdFire optimized fp_digit read only in explicit 32bit case -- ADH Cipher Suite ADH-AES128-SHA for EAP-FAST - -The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - -***********CyaSSL Release 3.2.0 (09/10/2014) - -Release 3.2.0 CyaSSL has bug fixes and new features including: - -- ChaCha20 and Poly1305 crypto and suites -- Small stack improvements for OCSP, CRL, TLS, DTLS -- NTRU Encrypt and Decrypt benchmarks -- Updated Visual Studio project files -- Updated Keil MDK5 project files -- Fix for DTLS sequence numbers with GCM/CCM -- Updated HashDRBG with more secure struct declaration -- TI-RTOS support and example Code Composer Studio project files -- Ability to get enabled cipher suites, CyaSSL_get_ciphers() -- AES-GCM/CCM/Direct support for Freescale mmCAU and CAU -- Sniffer improvement checking for decrypt key setup -- Support for raw ECC key import -- Ability to convert ecc_key to DER, EccKeyToDer() -- Security fix for RSA Padding check vulnerability reported by Intel Security - Advanced Threat Research team - -The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - -************ CyaSSL Release 3.1.0 (07/14/2014) - -Release 3.1.0 CyaSSL has bug fixes and new features including: - -- Fix for older versions of icc without 128-bit type -- Intel ASM syntax for AES-NI -- Updated NTRU support, keygen benchmark -- FIPS check for minimum required HMAC key length -- Small stack (--enable-smallstack) improvements for PKCS#7, ASN -- TLS extension support for DTLS -- Default I/O callbacks external to user -- Updated example client with bad clock test -- Ability to set optional ECC context info -- Ability to enable/disable DH separate from opensslextra -- Additional test key/cert buffers for CA and server -- Updated example certificates - -The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - -************ CyaSSL Release 3.0.2 (05/30/2014) - -Release 3.0.2 CyaSSL has bug fixes and new features including: - -- Added the following cipher suites: - * TLS_PSK_WITH_AES_128_GCM_SHA256 - * TLS_PSK_WITH_AES_256_GCM_SHA384 - * TLS_PSK_WITH_AES_256_CBC_SHA384 - * TLS_PSK_WITH_NULL_SHA384 - * TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 - * TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 - * TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 - * TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 - * TLS_DHE_PSK_WITH_NULL_SHA256 - * TLS_DHE_PSK_WITH_NULL_SHA384 - * TLS_DHE_PSK_WITH_AES_128_CCM - * TLS_DHE_PSK_WITH_AES_256_CCM -- Added AES-NI support for Microsoft Visual Studio builds. -- Changed small stack build to be disabled by default. -- Updated the Hash DRBG and provided a configure option to enable. - -The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - -************ CyaSSL Release 3.0.0 (04/29/2014) - -Release 3.0.0 CyaSSL has bug fixes and new features including: - -- FIPS release candidate -- X.509 improvements that address items reported by Suman Jana with security - researchers at UT Austin and UC Davis -- Small stack size improvements, --enable-smallstack. Offloads large local - variables to the heap. (Note this is not complete.) -- Updated AES-CCM-8 cipher suites to use approved suite numbers. - -The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - -************ CyaSSL Release 2.9.4 (04/09/2014) - -Release 2.9.4 CyaSSL has bug fixes and new features including: - -- Security fixes that address items reported by Ivan Fratric of the Google - Security Team -- X.509 Unknown critical extensions treated as errors, report by Suman Jana with - security researchers at UT Austin and UC Davis -- Sniffer fixes for corrupted packet length and Jumbo frames -- ARM thumb mode assembly fixes -- Xcode 5.1 support including new clang -- PIC32 MZ hardware support -- CyaSSL Object has enough room to read the Record Header now w/o allocs -- FIPS wrappers for AES, 3DES, SHA1, SHA256, SHA384, HMAC, and RSA. -- A sample I/O pool is demonstrated with --enable-iopool to overtake memory - handling and reduce memory fragmentation on I/O large sizes - -The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - -************ CyaSSL Release 2.9.0 (02/07/2014) - -Release 2.9.0 CyaSSL has bug fixes and new features including: -- Freescale Kinetis RNGB support -- Freescale Kinetis mmCAU support -- TLS Hello extensions - - ECC - - Secure Renegotiation (null) - - Truncated HMAC -- SCEP support - - PKCS #7 Enveloped data and signed data - - PKCS #10 Certificate Signing Request generation -- DTLS sliding window -- OCSP Improvements - - API change to integrate into Certificate Manager - - IPv4/IPv6 agnostic - - example client/server support for OCSP - - OCSP nonces are optional -- GMAC hashing -- Windows build additions -- Windows CYGWIN build fixes -- Updated test certificates -- Microchip MPLAB Harmony support -- Update autoconf scripts -- Additional X.509 inspection functions -- ECC encrypt/decrypt primitives -- ECC Certificate generation - -The Freescale Kinetis K53 RNGB documentation can be found in Chapter 33 of the -K53 Sub-Family Reference Manual: -http://cache.freescale.com/files/32bit/doc/ref_manual/K53P144M100SF2RM.pdf - -Freescale Kinetis K60 mmCAU (AES, DES, 3DES, MD5, SHA, SHA256) documentation -can be found in the "ColdFire/ColdFire+ CAU and Kinetis mmCAU Software Library -User Guide": -http://cache.freescale.com/files/32bit/doc/user_guide/CAUAPIUG.pdf - - -*****************CyaSSL Release 2.8.0 (8/30/2013) - -Release 2.8.0 CyaSSL has bug fixes and new features including: -- AES-GCM and AES-CCM use AES-NI -- NetX default IO callback handlers -- IPv6 fixes for DTLS Hello Cookies -- The ability to unload Certs/Keys after the handshake, CyaSSL_UnloadCertsKeys() -- SEP certificate extensions -- Callback getters for easier resource freeing -- External CYASSL_MAX_ERROR_SZ for correct error buffer sizing -- MacEncrypt and DecryptVerify Callbacks for User Atomic Record Layer Processing -- Public Key Callbacks for ECC and RSA -- Client now sends blank cert upon request if doesn't have one with TLS <= 1.2 - - -The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - -*****************CyaSSL Release 2.7.0 (6/17/2013) - -Release 2.7.0 CyaSSL has bug fixes and new features including: -- SNI support for client and server -- KEIL MDK-ARM projects -- Wildcard check to domain name match, and Subject altnames are checked too -- Better error messages for certificate verification errors -- Ability to discard session during handshake verify -- More consistent error returns across all APIs -- Ability to unload CAs at the CTX or CertManager level -- Authority subject id support for Certificate matching -- Persistent session cache functionality -- Persistent CA cache functionality -- Client session table lookups to push serverID table to library level -- Camellia support to sniffer -- User controllable settings for DTLS timeout values -- Sniffer fixes for caching long lived sessions -- DTLS reliability enhancements for the handshake -- Better ThreadX support - -When compiling with Mingw, libtool may give the following warning due to -path conversion errors: - -libtool: link: Could not determine host file name corresponding to ** -libtool: link: Continuing, but uninstalled executables may not work. - -If so, examples and testsuite will have problems when run, showing an -error while loading shared libraries. To resolve, please run "make install". - -The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - -************** CyaSSL Release 2.6.0 (04/15/2013) - -Release 2.6.0 CyaSSL has bug fixes and new features including: -- DTLS 1.2 support including AEAD ciphers -- SHA-3 finalist Blake2 support, it's fast and uses little resources -- SHA-384 cipher suites including ECC ones -- HMAC now supports SHA-512 -- Track memory use for example client/server with -t option -- Better IPv6 examples with --enable-ipv6, before if ipv6 examples/tests were - turned on, localhost only was used. Now link-local (with scope ids) and ipv6 - hosts can be used as well. -- Xcode v4.6 project for iOS v6.1 update -- settings.h is now checked in all *.c files for true one file setting detection -- Better alignment at SSL layer for hardware crypto alignment needs - * Note, SSL itself isn't friendly to alignment with 5 byte TLS headers and - 13 bytes DTLS headers, but every effort is now made to align with the - CYASSL_GENERAL_ALIGNMENT flag which sets desired alignment requirement -- NO_64BIT flag to turn off 64bit data type accumulators in public key code - * Note, some systems are faster with 32bit accumulators -- --enable-stacksize for example client/server stack use - * Note, modern desktop Operating Systems may add bytes to each stack frame -- Updated compression/decompression with direct crypto access -- All ./configure options are now lowercase only for consistency -- ./configure builds default to fastmath option - * Note, if on ia32 and building in shared mode this may produce a problem - with a missing register being available because of PIC, there are at least - 6 solutions to this: - 1) --disable-fastmath , don't use fastmath - 2) --disable-shared, don't build a shared library - 3) C_EXTRA_FLAGS=-DTFM_NO_ASM , turn off assembly use - 4) use clang, it just seems to work - 5) play around with no PIC options to force all registers being open, - e.g, --without-pic - 6) if static lib is still a problem try removing fPIE -- Many new ./configure switches for option enable/disable for example - * rsa - * dh - * dsa - * md5 - * sha - * arc4 - * null (allow NULL ciphers) - * oldtls (only use TLS 1.2) - * asn (no certs or public keys allowed) -- ./configure generates cyassl/options.h which allows a header the user can - include in their app to make sure the same options are set at the app and - CyaSSL level. -- autoconf no longer needs serial-tests which lowers version requirements of - automake to 1.11 and autoconf to 2.63 - -The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - - -************** CyaSSL Release 2.5.0 (02/04/2013) - -Release 2.5.0 CyaSSL has bug fixes and new features including: -- Fix for TLS CBC padding timing attack identified by Nadhem Alfardan and - Kenny Paterson: http://www.isg.rhul.ac.uk/tls/ -- Microchip PIC32 (MIPS16, MIPS32) support -- Microchip MPLAB X example projects for PIC32 Ethernet Starter Kit -- Updated CTaoCrypt benchmark app for embedded systems -- 1024-bit test certs/keys and cert/key buffers -- AES-CCM-8 crypto and cipher suites -- Camellia crypto and cipher suites -- Bumped minimum autoconf version to 2.65, automake version to 1.12 -- Addition of OCSP callbacks -- STM32F2 support with hardware crypto and RNG -- Cavium NITROX support - -CTaoCrypt now has support for the Microchip PIC32 and has been tested with -the Microchip PIC32 Ethernet Starter Kit, the XC32 compiler and -MPLAB X IDE in both MIPS16 and MIPS32 instruction set modes. See the README -located under the /mplabx directory for more details. - -To add Cavium NITROX support do: - -./configure --with-cavium=/home/user/cavium/software - -pointing to your licensed cavium/software directory. Since Cavium doesn't -build a library we pull in the cavium_common.o file which gives a libtool -warning about the portability of this. Also, if you're using the github source -tree you'll need to remove the -Wredundant-decls warning from the generated -Makefile because the cavium headers don't conform to this warning. Currently -CyaSSL supports Cavium RNG, AES, 3DES, RC4, HMAC, and RSA directly at the crypto -layer. Support at the SSL level is partial and currently just does AES, 3DES, -and RC4. RSA and HMAC are slower until the Cavium calls can be utilized in non -blocking mode. The example client turns on cavium support as does the crypto -test and benchmark. Please see the HAVE_CAVIUM define. - -CyaSSL is able to use the STM32F2 hardware-based cryptography and random number -generator through the STM32F2 Standard Peripheral Library. For necessary -defines, see the CYASSL_STM32F2 define in settings.h. Documentation for the -STM32F2 Standard Peripheral Library can be found in the following document: -http://www.st.com/internet/com/TECHNICAL_RESOURCES/TECHNICAL_LITERATURE/USER_MANUAL/DM00023896.pdf - -The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - - -*************** CyaSSL Release 2.4.6 (12/20/2012) - -Release 2.4.6 CyaSSL has bug fixes and a few new features including: -- ECC into main version -- Lean PSK build (reduced code size, RAM usage, and stack usage) -- FreeBSD CRL monitor support -- CyaSSL_peek() -- CyaSSL_send() and CyaSSL_recv() for I/O flag setting -- CodeWarrior Support -- MQX Support -- Freescale Kinetis support including Hardware RNG -- autoconf builds use jobserver -- cyassl-config -- Sniffer memory reductions - -Thanks to Brian Aker for the improved autoconf system, make rpm, cyassl-config, -warning system, and general good ideas for improving CyaSSL! - -The Freescale Kinetis K70 RNGA documentation can be found in Chapter 37 of the -K70 Sub-Family Reference Manual: -http://cache.freescale.com/files/microcontrollers/doc/ref_manual/K70P256M150SF3RM.pdf - -The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - -*************** CyaSSL Release 2.4.0 (10/10/2012) - -Release 2.4.0 CyaSSL has bug fixes and a few new features including: -- DTLS reliability -- Reduced memory usage after handshake -- Updated build process - -The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - - -*************** CyaSSL Release 2.3.0 (8/10/2012) - -Release 2.3.0 CyaSSL has bug fixes and a few new features including: -- AES-GCM crypto and cipher suites -- make test cipher suite checks -- Subject AltName processing -- Command line support for client/server examples -- Sniffer SessionTicket support -- SHA-384 cipher suites -- Verify cipher suite validity when user overrides -- CRL dir monitoring -- DTLS Cookie support, reliability coming soon - -The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - - -***************CyaSSL Release 2.2.0 (5/18/2012) - -Release 2.2.0 CyaSSL has bug fixes and a few new features including: -- Initial CRL support (--enable-crl) -- Initial OCSP support (--enable-ocsp) -- Add static ECDH suites -- SHA-384 support -- ECC client certificate support -- Add medium session cache size (1055 sessions) -- Updated unit tests -- Protection against mutex reinitialization - - -The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - - -***************CyaSSL Release 2.0.8 (2/24/2012) - -Release 2.0.8 CyaSSL has bug fixes and a few new features including: -- A fix for malicious certificates pointed out by Remi Gacogne (thanks) - resulting in NULL pointer use. -- Respond to renegotiation attempt with no_renegoatation alert -- Add basic path support for load_verify_locations() -- Add set Temp EC-DHE key size -- Extra checks on rsa test when porting into - - -The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - - -************* CyaSSL Release 2.0.6 (1/27/2012) - -Release 2.0.6 CyaSSL has bug fixes and a few new features including: -- Fixes for CA basis constraint check -- CTX reference counting -- Initial unit test additions -- Lean and Mean Windows fix -- ECC benchmarking -- SSMTP build support -- Ability to group handshake messages with set_group_messages(ctx/ssl) -- CA cache addition callback -- Export Base64_Encode for general use - -The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - - -************* CyaSSL Release 2.0.2 (12/05/2011) - -Release 2.0.2 CyaSSL has bug fixes and a few new features including: -- CTaoCrypt Runtime library detection settings when directly using the crypto - library -- Default certificate generation now uses SHAwRSA and adds SHA256wRSA generation -- All test certificates now use 2048bit and SHA-1 for better modern browser - support -- Direct AES block access and AES-CTR (counter) mode -- Microchip pic32 support - -The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - - -************* CyaSSL Release 2.0.0rc3 (9/28/2011) - -Release 2.0.0rc3 for CyaSSL has bug fixes and a few new features including: -- updated autoconf support -- better make install and uninstall (uses system directories) -- make test / make check -- CyaSSL headers now in -- CTaocrypt headers now in -- OpenSSL compatibility headers now in -- examples and tests all run from home directory so can use certs in ./certs - (see note 1) - -So previous applications that used the OpenSSL compatibility header - now need to include instead, no other -changes are required. - -Special Thanks to Brian Aker for his autoconf, install, and header patches. - -The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - -************CyaSSL Release 2.0.0rc2 (6/6/2011) - -Release 2.0.0rc2 for CyaSSL has bug fixes and a few new features including: -- bug fixes (Alerts, DTLS with DHE) -- FreeRTOS support -- lwIP support -- Wshadow warnings removed -- asn public header -- CTaoCrypt public headers now all have ctc_ prefix (the manual is still being - updated to reflect this change) -- and more. - -This is the 2nd and perhaps final release candidate for version 2. -Please send any comments or questions to support@wolfssl.com. - -The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - -***********CyaSSL Release 2.0.0rc1 (5/2/2011) - -Release 2.0.0rc1 for CyaSSL has many new features including: -- bug fixes -- SHA-256 cipher suites -- Root Certificate Verification (instead of needing all certs in the chain) -- PKCS #8 private key encryption (supports PKCS #5 v1-v2 and PKCS #12) -- Serial number retrieval for x509 -- PBKDF2 and PKCS #12 PBKDF -- UID parsing for x509 -- SHA-256 certificate signatures -- Client and server can send chains (SSL_CTX_use_certificate_chain_file) -- CA loading can now parse multiple certificates per file -- Dynamic memory runtime hooks -- Runtime hooks for logging -- EDH on server side -- More informative error codes -- More informative logging messages -- Version downgrade more robust (use SSL_v23*) -- Shared build only by default through ./configure -- Compiler visibility is now used, internal functions not polluting namespace -- Single Makefile, no recursion, for faster and simpler building -- Turn on all warnings possible build option, warning fixes -- and more. - -Because of all the new features and the multiple OS, compiler, feature-set -options that CyaSSL allows, there may be some configuration fixes needed. -Please send any comments or questions to support@wolfssl.com. - -The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - -****************** CyaSSL Release 1.9.0 (3/2/2011) - -Release 1.9.0 for CyaSSL adds bug fixes, improved TLSv1.2 through testing and -better hash/sig algo ids, --enable-webServer for the yaSSL embedded web server, -improper AES key setup detection, user cert verify callback improvements, and -more. - -The CyaSSL manual offering is included in the doc/ directory. For build -instructions and comments about the new features please check the manual. - -Please send any comments or questions to support@wolfssl.com. - -****************** CyaSSL Release 1.8.0 (12/23/2010) - -Release 1.8.0 for CyaSSL adds bug fixes, x509 v3 CA signed certificate -generation, a C standard library abstraction layer, lower memory use, increased -portability through the os_settings.h file, and the ability to use NTRU cipher -suites when used in conjunction with an NTRU license and library. - -The initial CyaSSL manual offering is included in the doc/ directory. For -build instructions and comments about the new features please check the manual. - -Please send any comments or questions to support@wolfssl.com. - -Happy Holidays. - - -********************* CyaSSL Release 1.6.5 (9/9/2010) - -Release 1.6.5 for CyaSSL adds bug fixes and x509 v3 self signed certificate -generation. - -For general build instructions see doc/Building_CyaSSL.pdf. - -To enable certificate generation support add this option to ./configure -./configure --enable-certgen - -An example is included in ctaocrypt/test/test.c and documentation is provided -in doc/CyaSSL_Extensions_Reference.pdf item 11. - -********************** CyaSSL Release 1.6.0 (8/27/2010) - -Release 1.6.0 for CyaSSL adds bug fixes, RIPEMD-160, SHA-512, and RSA key -generation. - -For general build instructions see doc/Building_CyaSSL.pdf. - -To add RIPEMD-160 support add this option to ./configure -./configure --enable-ripemd - -To add SHA-512 support add this option to ./configure -./configure --enable-sha512 - -To add RSA key generation support add this option to ./configure -./configure --enable-keygen - -Please see ctaocrypt/test/test.c for examples and usage. - -For Windows, RIPEMD-160 and SHA-512 are enabled by default but key generation is -off by default. To turn key generation on add the define CYASSL_KEY_GEN to -CyaSSL. - - -************* CyaSSL Release 1.5.6 (7/28/2010) - -Release 1.5.6 for CyaSSL adds bug fixes, compatibility for our JSSE provider, -and a fix for GCC builds on some systems. - -For general build instructions see doc/Building_CyaSSL.pdf. - -To add AES-NI support add this option to ./configure -./configure --enable-aesni - -You'll need GCC 4.4.3 or later to make use of the assembly. - -************** CyaSSL Release 1.5.4 (7/7/2010) - -Release 1.5.4 for CyaSSL adds bug fixes, support for AES-NI, SHA1 speed -improvements from loop unrolling, and support for the Mongoose Web Server. - -For general build instructions see doc/Building_CyaSSL.pdf. - -To add AES-NI support add this option to ./configure -./configure --enable-aesni - -You'll need GCC 4.4.3 or later to make use of the assembly. - -*************** CyaSSL Release 1.5.0 (5/11/2010) - -Release 1.5.0 for CyaSSL adds bug fixes, GoAhead WebServer support, sniffer -support, and initial swig interface support. - -For general build instructions see doc/Building_CyaSSL.pdf. - -To add support for GoAhead WebServer either --enable-opensslExtra or if you -don't want all the features of opensslExtra you can just define GOAHEAD_WS -instead. GOAHEAD_WS can be added to ./configure with CFLAGS=-DGOAHEAD_WS or -you can define it yourself. - -To look at the sniffer support please see the sniffertest app in -sslSniffer/sslSnifferTest. Build with --enable-sniffer on *nix or use the -vcproj files on windows. You'll need to have pcap installed on *nix and -WinPcap on windows. - -A swig interface file is now located in the swig directory for using Python, -Java, Perl, and others with CyaSSL. This is initial support and experimental, -please send questions or comments to support@wolfssl.com. - -When doing load testing with CyaSSL, on the echoserver example say, the client -machine may run out of tcp ephemeral ports, they will end up in the TIME_WAIT -queue, and can't be reused by default. There are generally two ways to fix -this. 1) Reduce the length sockets remain on the TIME_WAIT queue or 2) Allow -items on the TIME_WAIT queue to be reused. - - -To reduce the TIME_WAIT length in OS X to 3 seconds (3000 milliseconds) - -sudo sysctl -w net.inet.tcp.msl=3000 - -In Linux - -sudo sysctl -w net.ipv4.tcp_tw_reuse=1 - -allows reuse of sockets in TIME_WAIT - -sudo sysctl -w net.ipv4.tcp_tw_recycle=1 - -works but seems to remove sockets from TIME_WAIT entirely? - -sudo sysctl -w net.ipv4.tcp_fin_timeout=1 - -doen't control TIME_WAIT, it controls FIN_WAIT(2) contrary to some posts - - -******************** CyaSSL Release 1.4.0 (2/18/2010) - -Release 1.3.0 for CyaSSL adds bug fixes, better multi TLS/SSL version support -through SSLv23_server_method(), and improved documentation in the doc/ folder. - -For general build instructions doc/Building_CyaSSL.pdf. - -******************** CyaSSL Release 1.3.0 (1/21/2010) - -Release 1.3.0 for CyaSSL adds bug fixes, a potential security problem fix, -better porting support, removal of assert()s, and a complete THREADX port. - -For general build instructions see rc1 below. - -******************** CyaSSL Release 1.2.0 (11/2/2009) - -Release 1.2.0 for CyaSSL adds bug fixes and session negotiation if first use is -read or write. - -For general build instructions see rc1 below. - -******************** CyaSSL Release 1.1.0 (9/2/2009) - -Release 1.1.0 for CyaSSL adds bug fixes, a check against malicious session -cache use, support for lighttpd, and TLS 1.2. - -To get TLS 1.2 support please use the client and server functions: - -SSL_METHOD *TLSv1_2_server_method(void); -SSL_METHOD *TLSv1_2_client_method(void); - -CyaSSL was tested against lighttpd 1.4.23. To build CyaSSL for use with -lighttpd use the following commands from the CyaSSL install dir : - -./configure --disable-shared --enable-opensslExtra --enable-fastmath --without-zlib - -make -make openssl-links - -Then to build lighttpd with CyaSSL use the following commands from the -lighttpd install dir: - -./configure --with-openssl --with-openssl-includes=/include --with-openssl-libs=/lib LDFLAGS=-lm - -make - -On some systems you may get a linker error about a duplicate symbol for -MD5_Init or other MD5 calls. This seems to be caused by the lighttpd src file -md5.c, which defines MD5_Init(), and is included in liblightcomp_la-md5.o. -When liblightcomp is linked with the SSL_LIBs the linker may complain about -the duplicate symbol. This can be fixed by editing the lighttpd src file md5.c -and adding this line to the beginning of the file: - -#if 0 - -and this line to the end of the file - -#endif - -Then from the lighttpd src dir do a: - -make clean -make - - -If you get link errors about undefined symbols more than likely the actual -OpenSSL libraries are found by the linker before the CyaSSL openssl-links that -point to the CyaSSL library, causing the linker confusion. This can be fixed -by editing the Makefile in the lighttpd src directory and changing the line: - -SSL_LIB = -lssl -lcrypto - -to - -SSL_LIB = -lcyassl - -Then from the lighttpd src dir do a: - -make clean -make - -This should remove any confusion the linker may be having with missing symbols. - -For any questions or concerns please contact support@wolfssl.com . - -For general build instructions see rc1 below. - -******************CyaSSL Release 1.0.6 (8/03/2009) - -Release 1.0.6 for CyaSSL adds bug fixes, an improved session cache, and faster -math with a huge code option. - -The session cache now defaults to a client mode, also good for embedded servers. -For servers not under heavy load (less than 200 new sessions per minute), define -BIG_SESSION_CACHE. If the server will be under heavy load, define -HUGE_SESSION_CACHE. - -There is now a fasthugemath option for configure. This enables fastmath plus -even faster math by greatly increasing the code size of the math library. Use -the benchmark utility to compare public key operations. - - -For general build instructions see rc1 below. - -******************CyaSSL Release 1.0.3 (5/10/2009) - -Release 1.0.3 for CyaSSL adds bug fixes and add increased support for OpenSSL -compatibility when building other applications. - -Release 1.0.3 includes an alpha release of DTLS for both client and servers. -This is only for testing purposes at this time. Rebroadcast and reordering -aren't fully implemented at this time but will be for the next release. - -For general build instructions see rc1 below. - -******************CyaSSL Release 1.0.2 (4/3/2009) - -Release 1.0.2 for CyaSSL adds bug fixes for a couple I/O issues. Some systems -will send a SIGPIPE on socket recv() at any time and this should be handled by -the application by turning off SIGPIPE through setsockopt() or returning from -the handler. - -Release 1.0.2 includes an alpha release of DTLS for both client and servers. -This is only for testing purposes at this time. Rebroadcast and reordering -aren't fully implemented at this time but will be for the next release. - -For general build instructions see rc1 below. - -*****************CyaSSL Release Candidate 3 rc3-1.0.0 (2/25/2009) - - -Release Candidate 3 for CyaSSL 1.0.0 adds bug fixes and adds a project file for -iPhone development with Xcode. cyassl-iphone.xcodeproj is located in the root -directory. This release also includes a fix for supporting other -implementations that bundle multiple messages at the record layer, this was -lost when cyassl i/o was re-implemented but is now fixed. - -For general build instructions see rc1 below. - -*****************CyaSSL Release Candidate 2 rc2-1.0.0 (1/21/2009) - - -Release Candidate 2 for CyaSSL 1.0.0 adds bug fixes and adds two new stream -ciphers along with their respective cipher suites. CyaSSL adds support for -HC-128 and RABBIT stream ciphers. The new suites are: - -TLS_RSA_WITH_HC_128_SHA -TLS_RSA_WITH_RABBIT_SHA - -And the corresponding cipher names are - -HC128-SHA -RABBIT-SHA - -CyaSSL also adds support for building with devkitPro for PPC by changing the -library proper to use libogc. The examples haven't been changed yet but if -there's interest they can be. Here's an example ./configure to build CyaSSL -for devkitPro: - -./configure --disable-shared CC=/pathTo/devkitpro/devkitPPC/bin/powerpc-gekko-gcc --host=ppc --without-zlib --enable-singleThreaded RANLIB=/pathTo/devkitpro/devkitPPC/bin/powerpc-gekko-ranlib CFLAGS="-DDEVKITPRO -DGEKKO" - -For linking purposes you'll need - -LDFLAGS="-g -mrvl -mcpu=750 -meabi -mhard-float -Wl,-Map,$(notdir $@).map" - -For general build instructions see rc1 below. - - -********************CyaSSL Release Candidate 1 rc1-1.0.0 (12/17/2008) - - -Release Candidate 1 for CyaSSL 1.0.0 contains major internal changes. Several -areas have optimization improvements, less dynamic memory use, and the I/O -strategy has been refactored to allow alternate I/O handling or Library use. -Many thanks to Thierry Fournier for providing these ideas and most of the work. - -Because of these changes, this release is only a candidate since some problems -are probably inevitable on some platform with some I/O use. Please report any -problems and we'll try to resolve them as soon as possible. You can contact us -at support@wolfssl.com or todd@wolfssl.com. - -Using TomsFastMath by passing --enable-fastmath to ./configure now uses assembly -on some platforms. This is new so please report any problems as every compiler, -mode, OS combination hasn't been tested. On ia32 all of the registers need to -be available so be sure to pass these options to CFLAGS: - -CFLAGS="-O3 -fomit-frame-pointer" - -OS X will also need -mdynamic-no-pic added to CFLAGS - -Also if you're building in shared mode for ia32 you'll need to pass options to -LDFLAGS as well on OS X: - -LDFLAGS=-Wl,-read_only_relocs,warning - -This gives warnings for some symbols but seems to work. - - ---To build on Linux, Solaris, *BSD, Mac OS X, or Cygwin: - - ./configure - make - - from the ./testsuite/ directory run ./testsuite - -to make a debug build: - - ./configure --enable-debug --disable-shared - make - - - ---To build on Win32 - -Choose (Re)Build All from the project workspace - -Run the testsuite program - - - - - -*************************CyaSSL version 0.9.9 (7/25/2008) - -This release of CyaSSL adds bug fixes, Pre-Shared Keys, over-rideable memory -handling, and optionally TomsFastMath. Thanks to Moisés Guimarães for the -work on TomsFastMath. - -To optionally use TomsFastMath pass --enable-fastmath to ./configure -Or define USE_FAST_MATH in each project from CyaSSL for MSVC. - -Please use the benchmark routine before and after to see the performance -difference, on some platforms the gains will be little but RSA encryption -always seems to be faster. On x86-64 machines with GCC the normal math library -may outperform the fast one when using CFLAGS=-m64 because TomsFastMath can't -yet use -m64 because of GCCs inability to do 128bit division. - - **** UPDATE GCC 4.2.1 can now do 128bit division *** - -See notes below (0.2.0) for complete build instructions. - - -****************CyaSSL version 0.9.8 (5/7/2008) - -This release of CyaSSL adds bug fixes, client side Diffie-Hellman, and better -socket handling. - -See notes below (0.2.0) for complete build instructions. - - -****************CyaSSL version 0.9.6 (1/31/2008) - -This release of CyaSSL adds bug fixes, increased session management, and a fix -for gnutls. - -See notes below (0.2.0) for complete build instructions. - - -****************CyaSSL version 0.9.0 (10/15/2007) - -This release of CyaSSL adds bug fixes, MSVC 2005 support, GCC 4.2 support, -IPV6 support and test, and new test certificates. - -See notes below (0.2.0) for complete build instructions. - - -****************CyaSSL version 0.8.0 (1/10/2007) - -This release of CyaSSL adds increased socket support, for non-blocking writes, -connects, and interrupted system calls. - -See notes below (0.2.0) for complete build instructions. - - -****************CyaSSL version 0.6.3 (10/30/2006) - -This release of CyaSSL adds debug logging to stderr to aid in the debugging of -CyaSSL on systems that may not provide the best support. - -If CyaSSL is built with debugging support then you need to call -CyaSSL_Debugging_ON() to turn logging on. - -On Unix use ./configure --enable-debug - -On Windows define DEBUG_CYASSL when building CyaSSL - - -To turn logging back off call CyaSSL_Debugging_OFF() - -See notes below (0.2.0) for complete build instructions. - - -*****************CyaSSL version 0.6.2 (10/29/2006) - -This release of CyaSSL adds TLS 1.1. - -Note that CyaSSL has certificate verification on by default, unlike OpenSSL. -To emulate OpenSSL behavior, you must call SSL_CTX_set_verify() with -SSL_VERIFY_NONE. In order to have full security you should never do this, -provide CyaSSL with the proper certificates to eliminate impostors and call -CyaSSL_check_domain_name() to prevent man in the middle attacks. - -See notes below (0.2.0) for build instructions. - -*****************CyaSSL version 0.6.0 (10/25/2006) - -This release of CyaSSL adds more SSL functions, better autoconf, nonblocking -I/O for accept, connect, and read. There is now an --enable-small configure -option that turns off TLS, AES, DES3, HMAC, and ERROR_STRINGS, see configure.in -for the defines. Note that TLS requires HMAC and AES requires TLS. - -See notes below (0.2.0) for build instructions. - - -*****************CyaSSL version 0.5.5 (09/27/2006) - -This mini release of CyaSSL adds better input processing through buffered input -and big message support. Added SSL_pending() and some sanity checks on user -settings. - -See notes below (0.2.0) for build instructions. - - -*****************CyaSSL version 0.5.0 (03/27/2006) - -This release of CyaSSL adds AES support and minor bug fixes. - -See notes below (0.2.0) for build instructions. - - -*****************CyaSSL version 0.4.0 (03/15/2006) - -This release of CyaSSL adds TLSv1 client/server support and libtool. - -See notes below for build instructions. - - -*****************CyaSSL version 0.3.0 (02/26/2006) - -This release of CyaSSL adds SSLv3 server support and session resumption. - -See notes below for build instructions. - - -*****************CyaSSL version 0.2.0 (02/19/2006) - - -This is the first release of CyaSSL and its crypt brother, CTaoCrypt. CyaSSL -is written in ANSI C with the idea of a small code size, footprint, and memory -usage in mind. CTaoCrypt can be as small as 32K, and the current client -version of CyaSSL can be as small as 12K. - - -The first release of CTaoCrypt supports MD5, SHA-1, 3DES, ARC4, Big Integer -Support, RSA, ASN parsing, and basic x509 (en/de)coding. - -The first release of CyaSSL supports normal client RSA mode SSLv3 connections -with support for SHA-1 and MD5 digests. Ciphers include 3DES and RC4. - - ---To build on Linux, Solaris, *BSD, Mac OS X, or Cygwin: - - ./configure - make - - from the ./testsuite/ directory run ./testsuite - -to make a debug build: - - ./configure --enable-debug --disable-shared - make - - - ---To build on Win32 - -Choose (Re)Build All from the project workspace - -Run the testsuite program - - - -*** The next release of CyaSSL will support a server and more OpenSSL -compatibility functions. - - -Please send questions or comments to todd@wolfssl.com - diff --git a/README.md b/README.md index 77fb35441..4ac7655bf 100644 --- a/README.md +++ b/README.md @@ -66,1820 +66,101 @@ wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0); before calling wolfSSL_new(); Though it's not recommended. ``` -# wolfSSL Release 3.14.0 (3/02/2018) +## Note 3 +``` +The enum values SHA, SHA256, SHA384, SHA512 are no longer available when +wolfSSL is built with --enable-opensslextra (OPENSSL_EXTRA) or with the macro +NO_OLD_SHA_NAMES. These names get mapped to the OpenSSL API for a single call +hash function. Instead the name WC_SHA, WC_SHA256, WC_SHA384 and WC_SHA512 +should be used for the enum name. +``` -Release 3.14.0 of wolfSSL embedded TLS has bug fixes and new features including: +# wolfSSL Release 3.15.0 (05/01/2018) -* TLS 1.3 draft 22 and 23 support added -* Additional unit tests for; SHA3, AES-CMAC, Ed25519, ECC, RSA-PSS, AES-GCM -* Many additions to the OpenSSL compatibility layer were made in this release. Some of these being enhancements to PKCS12, WOLFSSL_X509 use, WOLFSSL_EVP_PKEY, and WOLFSSL_BIO operations -* AVX1 and AVX2 performance improvements with ChaCha20 and Poly1305 -* Added i.MX CAAM driver support with Integrity OS support -* Improvements to logging with debugging, including exposing more API calls and adding options to reduce debugging code size -* Fix for signature type detection with PKCS7 RSA SignedData -* Public key call back functions added for DH Agree -* RSA-PSS API added for operating on non inline buffers (separate input and output buffers) -* API added for importing and exporting raw DSA parameters -* Updated DSA key generation to be FIPS 186-4 compliant -* Fix for wolfSSL_check_private_key when comparing ECC keys -* Support for AES Cipher Feedback(CFB) mode added -* Updated RSA key generation to be FIPS 186-4 compliant -* Update added for the ARM CMSIS software pack -* WOLFSSL_IGNORE_FILE_WARN macro added for avoiding build warnings when not working with autotools -* Performance improvements for AES-GCM with AVX1 and AVX2 -* Fix for possible memory leak on error case with wc_RsaKeyToDer function -* Make wc_PKCS7_PadData function available -* Updates made to building SGX on Linux -* STM32 hashing algorithm improvements including clock/power optimizations and auto detection of if SHA2 is supported -* Update static memory feature for FREERTOS use -* Reverse the order that certificates are compared during PKCS12 parse to account for case where multiple certificates have the same matching private key -* Update NGINX port to version 1.13.8 -* Support for HMAC-SHA3 added -* Added stricter ASN checks to enforce RFC 5280 rules. Thanks to the report from Professor Zhenhua Duan, Professor Cong Tian, and Ph.D candidate Chu Chen from Institute of Computing Theory and Technology (ICTT) of Xidian University. -* Option to have ecc_mul2add function public facing -* Getter function wc_PKCS7_GetAttributeValue added for PKCS7 attributes -* Macros NO_AES_128, NO_AES_192, NO_AES_256 added for AES key size selection at compile time -* Support for writing multiple organizations units (OU) and domain components (DC) with CSR and certificate creation -* Support for indefinite length BER encodings in PKCS7 -* Added API for additional validation of prime q in a public DH key -* Added support for RSA encrypt and decrypt without padding +Release 3.15.0 of wolfSSL embedded TLS has bug fixes and new features including: +* Support for TLS 1.3 Draft versions 23, 26 and 28. +* Improved downgrade support for TLS 1.3. +* Improved TLS 1.3 support from interoperability testing. +* Single Precision assembly code added for ARM and 64-bit ARM. +* Improved performance for Single Precision maths on 32-bit. +* Allow TLS 1.2 to be compiled out. +* Ed25519 support in TLS 1.2 and 1.3. +* Update wolfSSL_HMAC_Final() so the length parameter is optional. +* Various fixes for Coverity static analysis reports. +* Add define to use internal struct timeval (USE_WOLF_TIMEVAL_T). +* Switch LowResTimer() to call XTIME instead of time(0) for better portability. +* Expanded OpenSSL compatibility layer. +* Added Renesas CS+ project files. +* Align DH support with NIST SP 800-56A, add wc_DhSetKey_ex() for q parameter. +* Add build option for CAVP self test build (--enable-selftest). +* Expose mp_toradix() when WOLFSSL_PUBLIC_MP is defined. +* Add FIPS SGX support. +* Example certificate expiration dates and generation script updated. +* Additional optimizations to trim out unused strings depending on build options. +* Fix for DN tag strings to have “=” when returning the string value to users. +* Fix for wolfSSL_ERR_get_error_line_data return value if no more errors are in the queue. +* Fix for AES-CBC IV value with PIC32 hardware acceleration. +* Fix for wolfSSL_X509_print with ECC certificates. +* Fix for strict checking on URI absolute vs relative path. +* Added crypto device framework to handle PK RSA/ECC operations using callbacks, which adds new build option `./configure --enable-cryptodev` or `WOLF_CRYPTO_DEV`. +* Added devId support to ECC and PKCS7 for hardware based private key. +* Fixes in PKCS7 for handling possible memory leak in some error cases. +* Added test for invalid cert common name when set with `wolfSSL_check_domain_name`. +* Refactor of the cipher suite names to use single array, which contains internal name, IANA name and cipher suite bytes. +* Added new function `wolfSSL_get_cipher_name_from_suite` for getting IANA cipher suite name using bytes. +* Fixes for fsanitize reports. +* Fix for openssl compatibility function `wolfSSL_RSA_verify` to check returned size. +* Fixes and improvements for FreeRTOS AWS. +* Fixes for building openssl compatibility with FreeRTOS. +* Fix and new test for handling match on domain name that may have a null terminator inside. +* Cleanup of the socket close code used for examples, CRL/OCSP and BIO to use single macro `CloseSocket`. +* Refactor of the TLSX code to support returning error codes. +* Added new signature wrapper functions `wc_SignatureVerifyHash` and `wc_SignatureGenerateHash` to allow direct use of hash. +* Improvement to GCC-ARM IDE example. +* Enhancements and cleanups for the ASN date/time code including new API's `wc_GetDateInfo`, `wc_GetCertDates` and `wc_GetDateAsCalendarTime`. +* Fixes to resolve issues with C99 compliance. Added build option `WOLF_C99` to force C99. +* Added a new `--enable-opensslall` option to enable all openssl compatibility features. +* Added new `--enable-webclient` option for enabling a few HTTP API's. +* Added new `wc_OidGetHash` API for getting the hash type from a hash OID. +* Moved `wolfSSL_CertPemToDer`, `wolfSSL_KeyPemToDer`, `wolfSSL_PubKeyPemToDer` to asn.c and renamed to `wc_`. Added backwards compatibility macro for old function names. +* Added new `WC_MAX_SYM_KEY_SIZE` macro for helping determine max key size. +* Added `--enable-enckeys` or (`WOLFSSL_ENCRYPTED_KEYS`) to enable support for encrypted PEM private keys using password callback without having to use opensslextra. +* Added ForceZero on the password buffer after done using it. +* Refactor unique hash types to use same internal values (ex WC_MD5 == WC_HASH_TYPE_MD5). +* Refactor the Sha3 types to use `wc_` naming, while retaining old names for compatibility. +* Improvements to `wc_PBKDF1` to support more hash types and the non-standard extra data option. +* Fix TLS 1.3 with ECC disabled and CURVE25519 enabled. +* Added new define `NO_DEV_URANDOM` to disable the use of `/dev/urandom`. +* Added `WC_RNG_BLOCKING` to indicate block w/sleep(0) is okay. +* Fix for `HAVE_EXT_CACHE` callbacks not being available without `OPENSSL_EXTRA` defined. +* Fix for ECC max bits `MAX_ECC_BITS` not always calculating correctly due to macro order. +* Added support for building and using PKCS7 without RSA (assuming ECC is enabled). +* Fixes and additions for Cavium Nitrox V to support ECC, AES-GCM and HMAC (SHA-224 and SHA3). +* Enabled ECC, AES-GCM and SHA-512/384 by default in (Linux and Windows) +* Added `./configure --enable-base16` and `WOLFSSL_BASE16` configuration option to enable Base16 API's. +* Improvements to ATECC508A support for building without `WOLFSSL_ATMEL` defined. +* Refactor IO callback function names to use `_CTX_` to eliminate confusion about the first parameter. +* Added support for not loading a private key for server or client when `HAVE_PK_CALLBACK` is defined and the private PK callback is set. +* Added new ECC API `wc_ecc_sig_size_calc` to return max signature size for a key size. +* Cleanup ECC point import/export code and added new API `wc_ecc_import_unsigned`. +* Fixes for handling OCSP with non-blocking. +* Added new PK (Primary Key) callbacks for the VerifyRsaSign. The new callbacks API's are `wolfSSL_CTX_SetRsaVerifySignCb` and `wolfSSL_CTX_SetRsaPssVerifySignCb`. +* Added new ECC API `wc_ecc_rs_raw_to_sig` to take raw unsigned R and S and encodes them into ECDSA signature format. +* Added support for `WOLFSSL_STM32F1`. +* Cleanup of the ASN X509 header/footer and XSTRNCPY logic. +* Add copyright notice to autoconf files. (Thanks Brian Aker!) +* Updated the M4 files for autotools. (Thanks Brian Aker!) +* Add support for the cipher suite TLS_DH_anon_WITH_AES256_GCM_SHA384 with test cases. (Thanks Thivya Ashok!) +* Add the TLS alert message unknown_psk_identity (115) from RFC 4279, section 2. (Thanks Thivya Ashok!) +* Fix the case when using TCP with timeouts with TLS. wolfSSL shall be agnostic to network socket behavior for TLS. (DTLS is another matter.) The functions `wolfSSL_set_using_nonblock()` and `wolfSSL_get_using_nonblock()` are deprecated. +* Hush the AR warning when building the static library with autotools. +* Hush the “-pthread” warning when building in some environments. +* Added a dist-hook target to the Makefile to reset the default options.h file. +* Removed the need for the darwin-clang.m4 file with the updates provided by Brian A. +* Renamed the AES assembly file so GCC on the Mac will build it using the preprocessor. +* Add a disable option (--disable-optflags) to turn off the default optimization flags so user may supply their own custom flags. +* Correctly touch the dummy fips.h header. See INSTALL file for build instructions. More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html - - -# wolfSSL (Formerly CyaSSL) Release 3.13.0 (12/21/2017) - -wolfSSL 3.13.0 includes bug fixes and new features, including support for -TLS 1.3 Draft 21, performance and footprint optimizations, build fixes, -updated examples and project files, and one vulnerability fix. The full list -of changes and additions in this release include: - -* Fixes for TLS 1.3, support for Draft 21 -* TLS 1.0 disabled by default, addition of “--enable-tlsv10” configure option -* New option to reduce SHA-256 code size at expense of performance - (USE_SLOW_SHA256) -* New option for memory reduced build (--enable-lowresource) -* AES-GCM performance improvements on AVX1 (IvyBridge) and AVX2 -* SHA-256 and SHA-512 performance improvements using AVX1/2 ASM -* SHA-3 size and performance optimizations -* Fixes for Intel AVX2 builds on Mac/OSX -* Intel assembly for Curve25519, and Ed25519 performance optimizations -* New option to force 32-bit mode with “--enable-32bit” -* New option to disable all inline assembly with “--disable-asm” -* Ability to override maximum signature algorithms using WOLFSSL_MAX_SIGALGO -* Fixes for handling of unsupported TLS extensions. -* Fixes for compiling AES-GCM code with GCC 4.8.* -* Allow adjusting static I/O buffer size with WOLFMEM_IO_SZ -* Fixes for building without a filesystem -* Removes 3DES and SHA1 dependencies from PKCS#7 -* Adds ability to disable PKCS#7 EncryptedData type (NO_PKCS7_ENCRYPTED_DATA) -* Add ability to get client-side SNI -* Expanded OpenSSL compatibility layer -* Fix for logging file names with OpenSSL compatibility layer enabled, with - WOLFSSL_MAX_ERROR_SZ user-overridable -* Adds static memory support to the wolfSSL example client -* Fixes for sniffer to use TLS 1.2 client method -* Adds option to wolfCrypt benchmark to benchmark individual algorithms -* Adds option to wolfCrypt benchmark to display benchmarks in powers - of 10 (-base10) -* Updated Visual Studio for ARM builds (for ECC supported curves and SHA-384) -* Updated Texas Instruments TI-RTOS build -* Updated STM32 CubeMX build with fixes for SHA -* Updated IAR EWARM project files -* Updated Apple Xcode projects with the addition of a benchmark example project - -This release of wolfSSL fixes 1 security vulnerability. - -wolfSSL is cited in the recent ROBOT Attack by Böck, Somorovsky, and Young. -The paper notes that wolfSSL only gives a weak oracle without a practical -attack but this is still a flaw. This release contains a fix for this report. -Please note that wolfSSL has static RSA cipher suites disabled by default as -of version 3.6.6 because of the lack of perfect forward secrecy. Only users -who have explicitly enabled static RSA cipher suites with WOLFSSL_STATIC_RSA -and use those suites on a host are affected. More information will be -available on our website at: - -https://wolfssl.com/wolfSSL/security/vulnerabilities.php - -See INSTALL file for build instructions. -More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html - - -# wolfSSL (Formerly CyaSSL) Release 3.12.2 (10/23/2017) - -## Release 3.12.2 of wolfSSL has bug fixes and new features including: - -This release includes many performance improvements with Intel ASM (AVX/AVX2) and AES-NI. New single precision math option to speedup RSA, DH and ECC. Embedded hardware support has been expanded for STM32, PIC32MZ and ATECC508A. AES now supports XTS mode for disk encryption. Certificate improvements for setting serial number, key usage and extended key usage. Refactor of SSL_ and hash types to allow openssl coexistence. Improvements for TLS 1.3. Fixes for OCSP stapling to allow disable and WOLFSSL specific user context for callbacks. Fixes for openssl and MySQL compatibility. Updated Micrium port. Fixes for asynchronous modes. - -* Added TLS extension for Supported Point Formats (ec_point_formats) -* Fix to not send OCSP stapling extensions in client_hello when not enabled -* Added new API's for disabling OCSP stapling -* Add check for SIZEOF_LONG with sun and LP64 -* Fixes for various TLS 1.3 disable options (RSA, ECC and ED/Curve 25519). -* Fix to disallow upgrading to TLS v1.3 -* Fixes for wolfSSL_EVP_CipherFinal() when message size is a round multiple of a block size. -* Add HMAC benchmark and expanded AES key size benchmarks -* Added simple GCC ARM Makefile example -* Add tests for 3072-bit RSA and DH. -* Fixed DRAFT_18 define and fixed downgrading with TLS v1.3 -* Fixes to allow custom serial number during certificate generation -* Add method to get WOLFSSL_CTX certificate manager -* Improvement to `wolfSSL_SetOCSP_Cb` to allow context per WOLFSSL object -* Alternate certificate chain support `WOLFSSL_ALT_CERT_CHAINS`. Enables checking cert against multiple CA's. -* Added new `--disable-oldnames` option to allow for using openssl along-side wolfssl headers (without OPENSSL_EXTRA). -* Refactor SSL_ and hashing types to use wolf specific prefix (WOLFSSL and WC_) to allow openssl coexistence. -* Fixes for HAVE_INTEL_MULX -* Cleanup include paths for MySQL cmake build -* Added configure option for building library for wolfSSH (--enable-wolfssh) -* Openssl compatibility layer improvements -* Expanded API unit tests -* Fixes for STM32 crypto hardware acceleration -* Added AES XTS mode (--enable-xts) -* Added ASN Extended Key Usage Support (see wc_SetExtKeyUsage). -* Math updates and added TFM_MIPS speedup. -* Fix for creation of the KeyUsage BitString -* Fix for 8k keys with MySQL compatibility -* Fixes for ATECC508A. -* Fixes for PIC32MZ hashing. -* Fixes and improvements to asynchronous modes for Intel QuickAssist and Cavium Nitrox V. -* Update HASH_DRBG Reseed mechanism and add test case -* Rename the file io.h/io.c to wolfio.h/wolfio.c -* Cleanup the wolfIO_Send function. -* OpenSSL Compatibility Additions and Fixes -* Improvements to Visual Studio DLL project/solution. -* Added function to generate public ECC key from private key -* Added async blocking support for sniffer tool. -* Added wolfCrypt hash tests for empty string and large data. -* Added ability to use of wolf implementation of `strtok` using `USE_WOLF_STRTOK`. -* Updated Micrium uC/OS-III Port -* Updated root certs for OCSP scripts -* New Single Precision math option for RSA, DH and ECC (off by default). See `--enable-sp`. -* Speedups for AES GCM with AESNI (--enable-aesni) -* Speedups for SHA2, ChaCha20/Poly1035 using AVX/AVX2 - - -# wolfSSL (Formerly CyaSSL) Release 3.12.0 (8/04/2017) - -## Release 3.12.0 of wolfSSL has bug fixes and new features including: - -- TLS 1.3 with Nginx! TLS 1.3 with ARMv8! TLS 1.3 with Async Crypto! (--enable-tls13) -- TLS 1.3 0RTT feature added -- Added port for using Intel SGX with Linux -- Update and fix PIC32MZ port -- Additional unit testing for MD5, SHA, SHA224, SHA256, SHA384, SHA512, RipeMd, HMAC, 3DES, IDEA, ChaCha20, ChaCha20Poly1305 AEAD, Camellia, Rabbit, ARC4, AES, RSA, Hc128 -- AVX and AVX2 assembly for improved ChaCha20 performance -- Intel QAT fixes for when using --disable-fastmath -- Update how DTLS handles decryption and MAC failures -- Update DTLS session export version number for --enable-sessionexport feature -- Add additional input argument sanity checks to ARMv8 assembly port -- Fix for making PKCS12 dynamic types match -- Fixes for potential memory leaks when using --enable-fast-rsa -- Fix for when using custom ECC curves and add BRAINPOOLP256R1 test -- Update TI-RTOS port for dependency on new wolfSSL source files -- DTLS multicast feature added, --enable-mcast -- Fix for Async crypto with GCC 7.1 and HMAC when not using Intel QuickAssist -- Improvements and enhancements to Intel QuickAssist support -- Added Xilinx port -- Added SHA3 Keccak feature, --enable-sha3 -- Expand wolfSSL Python wrapper to now include a client side implementation -- Adjust example servers to not treat a peer closed error as a hard error -- Added more sanity checks to fp_read_unsigned_bin function -- Add SHA224 and AES key wrap to ARMv8 port -- Update MQX classics and mmCAU ports -- Fix for potential buffer over read with wolfSSL_CertPemToDer -- Add PKCS7/CMS decode support for KARI with IssuerAndSerialNumber -- Fix ThreadX/NetX warning -- Fixes for OCSP and CRL non blocking sockets and for incomplete cert chain with OCSP -- Added RSA PSS sign and verify -- Fix for STM32F4 AES-GCM -- Added enable all feature (--enable-all) -- Added trackmemory feature (--enable-trackmemory) -- Fixes for AES key wrap and PKCS7 on Windows VS -- Added benchmark block size argument -- Support use of staticmemory with PKCS7 -- Fix for Blake2b build with GCC 5.4 -- Fixes for compiling wolfSSL with GCC version 7, most dealing with switch statement fall through warnings. -- Added warning when compiling without hardened math operations - - -Note: -There is a known issue with using ChaCha20 AVX assembly on versions of GCC earlier than 5.2. This is encountered with using the wolfSSL enable options --enable-intelasm and --enable-chacha. To avoid this issue ChaCha20 can be enabled with --enable-chacha=noasm. -If using --enable-intelasm and also using --enable-sha224 or --enable-sha256 there is a known issue with trying to use -fsanitize=address. - -This release of wolfSSL fixes 1 low level security vulnerability. - -Low level fix for a potential DoS attack on a wolfSSL client. Previously a client would accept many warning alert messages without a limit. This fix puts a limit to the number of warning alert messages received and if this limit is reached a fatal error ALERT_COUNT_E is returned. The max number of warning alerts by default is set to 5 and can be adjusted with the macro WOLFSSL_ALERT_COUNT_MAX. Thanks for the report from Tarun Yadav and Koustav Sadhukhan from Defence Research and Development Organization, INDIA. - - -See INSTALL file for build instructions. -More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html - - -# wolfSSL (Formerly CyaSSL) Release 3.11.1 (5/11/2017) - -## Release 3.11.1 of wolfSSL is a TLS 1.3 BETA release, which includes: - -- TLS 1.3 client and server support for TLS 1.3 with Draft 18 support - -This is strictly a BETA release, and designed for testing and user feedback. -Please send any comments, testing results, or feedback to wolfSSL at -support@wolfssl.com. - -See INSTALL file for build instructions. -More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html - - -# wolfSSL (Formerly CyaSSL) Release 3.11.0 (5/04/2017) - -## Release 3.11.0 of wolfSSL has bug fixes and new features including: - -- Code updates for warnings reported by Coverity scans -- Testing and warning fixes for FreeBSD on PowerPC -- Updates and refactoring done to ASN1 parsing functions -- Change max PSK identity buffer to account for an identity length of 128 characters -- Update Arduino script to handle recent files and additions -- Added support for PKCS#7 Signed Data with ECDSA -- Fix for interoperability with ChaCha20-Poly1305 suites using older draft versions -- DTLS update to allow multiple handshake messages in one DTLS record. Thanks to Eric Samsel over at Welch Allyn for reporting this bug. -- Intel QuickAssist asynchronous support (PR #715 - https://www.wolfssl.com/wolfSSL/Blog/Entries/2017/1/18_wolfSSL_Asynchronous_Intel_QuickAssist_Support.html) -- Added support for HAproxy load balancer -- Added option to allow SHA1 with TLS 1.2 for IIS compatibility (WOLFSSL_ALLOW_TLS_SHA1) -- Added Curve25519 51-bit Implementation, increasing performance on systems that have 128 bit types -- Fix to not send session ID on server side if session cache is off unless we're echoing -session ID as part of session tickets -- Fixes for ensuring all default ciphers are setup correctly (see PR #830) -- Added NXP Hexiwear example in `IDE/HEXIWEAR`. -- Added wolfSSL_write_dup() to create write only WOLFSSL object for concurrent access -- Fixes for TLS elliptic curve selection on private key import. -- Fixes for RNG with Intel rdrand and rdseed speedups. -- Improved performance with Intel rdrand to use full 64-bit output -- Added new --enable-intelrand option to indicate use of RDRAND preference for RNG source -- Removed RNG ARC4 support -- Added ECC helpers to get size and id from curve name. -- Added ECC Cofactor DH (ECC-CDH) support -- Added ECC private key only import / export functions. -- Added PKCS8 create function -- Improvements to TLS layer CTX handling for switching keys / certs. -- Added check for duplicate certificate policy OID in certificates. -- Normal math speed-up to not allocate on mp_int and defer until mp_grow -- Reduce heap usage with fast math when not using ALT_ECC_SIZE -- Fixes for building CRL with Windows -- Added support for inline CRL lookup when HAVE_CRL_IO is defined -- Added port for tenAsys INtime RTOS -- Improvements to uTKernel port (WOLFSSL_uTKERNEL2) -- Updated WPA Supplicant support -- Added support for Nginx -- Update stunnel port for version 5.40 -- Fixes for STM32 hardware crypto acceleration -- Extended test code coverage in bundled test.c -- Added a sanity check for minimum authentication tag size with AES-GCM. Thanks to Yueh-Hsun Lin and Peng Li at KNOX Security at Samsung Research America for suggesting this. -- Added a sanity check that subject key identifier is marked as non-critical and a check that no policy OIDS appear more than once in the cert policies extension. Thanks to the report from Professor Zhenhua Duan, Professor Cong Tian, and Ph.D candidate Chu Chen from Institute of Computing Theory and Technology (ICTT) of Xidian University, China. Profs. Zhenhua Duan and Cong Tian are supervisors of Ph.D candidate Chu Chen. - -This release of wolfSSL fixes 5 low and 1 medium level security vulnerability. - -3 Low level fixes reported by Yueh-Hsun Lin and Peng Li from KNOX Security, Samsung Research America. -- Fix for out of bounds memory access in wc_DhParamsLoad() when GetLength() returns a zero. Before this fix there is a case where wolfSSL would read out of bounds memory in the function wc_DhParamsLoad. -- Fix for DH key accepted by wc_DhAgree when the key was malformed. -- Fix for a double free case when adding CA cert into X509_store. - -Low level fix for memory management with static memory feature enabled. By default static memory is disabled. Thanks to GitHub user hajjihraf for reporting this. - - -Low level fix for out of bounds write in the function wolfSSL_X509_NAME_get_text_by_NID. This function is not used by TLS or crypto operations but could result in a buffer out of bounds write by one if called explicitly in an application. Discovered by Aleksandar Nikolic of Cisco Talos. http://talosintelligence.com/vulnerability-reports/ - -Medium level fix for check on certificate signature. There is a case in release versions 3.9.10, 3.10.0 and 3.10.2 where a corrupted signature on a peer certificate would not be properly flagged. Thanks to Wens Lo, James Tsai, Kenny Chang, and Oscar Yang at Castles Technology. - - -See INSTALL file for build instructions. -More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html - - -# wolfSSL (Formerly CyaSSL) Release 3.10.2 (2/10/2017) - -## Release 3.10.2 of wolfSSL has bug fixes and new features including: - -- Poly1305 Windows macros fix. Thanks to GitHub user Jay Satiro -- Compatibility layer expanded with multiple functions added -- Improve fp_copy performance with ALT_ECC_SIZE -- OCSP updates and improvements -- Fixes for IAR EWARM 8 compiler warnings -- Reduce stack usage with ECC_CACHE_CURVE disabled -- Added ECC export raw for public and private key -- Fix for NO_ASN_TIME build -- Supported curves extensions now populated by default -- Add DTLS build without big integer math -- Fix for static memory feature with wc_ecc_verify_hash_ex and not SHAMIR -- Added PSK interoperability testing to script bundled with wolfSSL -- Fix for Python wrapper random number generation. Compiler optimizations with Python could place the random number in same buffer location each time. Thanks to GitHub user Erik Bray (embray) -- Fix for tests on unaligned memory with static memory feature -- Add macro WOLFSSL_NO_OCSP_OPTIONAL_CERTS to skip optional OCSP certificates -- Sanity checks on NULL arguments added to wolfSSL_set_fd and wolfSSL_DTLS_SetCookieSecret -- mp_jacobi stack use reduced, thanks to Szabi Tolnai for providing a solution to reduce stack usage - - -This release of wolfSSL fixes 2 low and 1 medium level security vulnerability. - -Low level fix of buffer overflow for when loading in a malformed temporary DH file. Thanks to Yueh-Hsun Lin and Peng Li from KNOX Security, Samsung Research America for the report. - -Medium level fix for processing of OCSP response. If using OCSP without hard faults enforced and no alternate revocation checks like OCSP stapling then it is recommended to update. - -Low level fix for potential cache attack on RSA operations. If using wolfSSL RSA on a server that other users can have access to monitor the cache, then it is recommended to update wolfSSL. Thanks to Andreas Zankl, Johann Heyszl and Georg Sigl at Fraunhofer AISEC for the initial report. - -See INSTALL file for build instructions. -More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html - - -# wolfSSL (Formerly CyaSSL) Release 3.10.0 (12/21/2016) - -## Release 3.10.0 of wolfSSL has bug fixes and new features including: - -- Added support for SHA224 -- Added scrypt feature -- Build for Intel SGX use, added in directory IDE/WIN-SGX -- Fix for ChaCha20-Poly1305 ECDSA certificate type request -- Enhance PKCS#7 with ECC enveloped data and AES key wrap support -- Added support for RIOT OS -- Add support for parsing PKCS#12 files -- ECC performance increased with custom curves -- ARMv8 expanded to AArch32 and performance increased -- Added ANSI-X9.63-KDF support -- Port to STM32 F2/F4 CubeMX -- Port to Atmel ATECC508A board -- Removed fPIE by default when wolfSSL library is compiled -- Update to Python wrapper, dropping DES and adding wc_RSASetRNG -- Added support for NXP K82 hardware acceleration -- Added SCR client and server verify check -- Added a disable rng option with autoconf -- Added more tests vectors to test.c with AES-CTR -- Updated DTLS session export version number -- Updated DTLS for 64 bit sequence numbers -- Fix for memory management with TI and WOLFSSL_SMALL_STACK -- Hardening RSA CRT to be constant time -- Fix uninitialized warning with IAR compiler -- Fix for C# wrapper example IO hang on unexpected connection termination - - -This release of wolfSSL fixes a low level security vulnerability. The vulnerability reported was a potential cache attack on RSA operations. If using wolfSSL RSA on a server that other users can have access to monitor the cache, then it is recommended to update wolfSSL. Thanks to Andreas Zankl, Johann Heyszl and Georg Sigl at Fraunhofer AISEC for the report. More information will be available on our site: - -https://wolfssl.com/wolfSSL/security/vulnerabilities.php - -See INSTALL file for build instructions. -More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html - - -# wolfSSL (Formerly CyaSSL) Release 3.9.10 (9/23/2016) - -## Release 3.9.10 of wolfSSL has bug fixes and new features including: - -- Default configure option changes: - 1. DES3 disabled by default - 2. ECC Supported Curves Extension enabled by default - 3. New option Extended Master Secret enabled by default -- Added checking CA certificate path length, and new test certs -- Fix to DSA pre padding and sanity check on R/S values -- Added CTX level RNG for single-threaded builds -- Intel RDSEED enhancements -- ARMv8 hardware acceleration support for AES-CBC/CTR/GCM, SHA-256 -- Arduino support updates -- Added the Extended Master Secret TLS extension - 1. Enabled by default in configure options, API to disable - 2. Added support for Extended Master Secret to sniffer -- OCSP fix with issuer key hash, lookup refactor -- Added support for Frosted OS -- Added support for DTLS over SCTP -- Added support for static memory with wolfCrypt -- Fix to ECC Custom Curve support -- Support for asynchronous wolfCrypt RSA and TLS client -- Added distribution build configure option -- Update the test certificates - -This release of wolfSSL fixes medium level security vulnerabilities. Fixes for -potential AES, RSA, and ECC side channel leaks is included that a local user -monitoring the same CPU core cache could exploit. VM users, hyper-threading -users, and users where potential attackers have access to the CPU cache will -need to update if they utilize AES, RSA private keys, or ECC private keys. -Thanks to Gorka Irazoqui Apecechea and Xiaofei Guo from Intel Corporation for -the report. More information will be available on our site: - -https://wolfssl.com/wolfSSL/security/vulnerabilities.php - -See INSTALL file for build instructions. -More info can be found on-line at https://wolfssl.com/wolfSSL/Docs.html - - -# wolfSSL (Formerly CyaSSL) Release 3.9.8 (7/29/2016) - -##Release 3.9.8 of wolfSSL has bug fixes and new features including: - -- Add support for custom ECC curves. -- Add cipher suite ECDHE-ECDSA-AES128-CCM. -- Add compkey enable option. This option is for compressed ECC keys. -- Add in the option to use test.h without gettimeofday function using the macro - WOLFSSL_USER_CURRTIME. -- Add RSA blinding for private key operations. Enable option of harden which is - on by default. This negates timing attacks. -- Add ECC and TLS support for all SECP, Koblitz and Brainpool curves. -- Add helper functions for static memory option to allow getting optimum buffer - sizes. -- Update DTLS behavior on bad MAC. DTLS silently drops packets with bad MACs now. -- Update fp_isprime function from libtom enchancement/cleanup repository. -- Update sanity checks on inputs and return values for AES-CMAC. -- Update wolfSSL for use with MYSQL v5.6.30. -- Update LPCXpresso eclipse project to not include misc.c when not needed. -- Fix retransmit of last DTLS flight with timeout notification. The last flight - is no longer retransmitted on timeout. -- Fixes to some code in math sections for compressed ECC keys. This includes - edge cases for buffer size on allocation and adjustments for compressed curves - build. The code and full list can be found on github with pull request #456. -- Fix function argument mismatch for build with secure renegotiation. -- X.509 bug fixes for reading in malformed certificates, reported by researchers - at Columbia University -- Fix GCC version 6 warning about hard tabs in poly1305.c. This was a warning - produced by GCC 6 trying to determine the intent of code. -- Fixes for static memory option. Including avoid potential race conditions with - counters, decrement handshake counter correctly. -- Fix anonymous cipher with Diffie Hellman on the server side. Was an issue of a - possible buffer corruption. For information and code see pull request #481. - - -- One high level security fix that requires an update for use with static RSA - cipher suites was submitted. This fix was the addition of RSA blinding for - private RSA operations. We recommend servers who allow static RSA cipher - suites to also generate new private RSA keys. Static RSA cipher suites are - turned off by default. - -See INSTALL file for build instructions. -More info can be found on-line at //http://wolfssl.com/wolfSSL/Docs.html - -# wolfSSL (Formerly CyaSSL) Release 3.9.6 (6/14/2016) - -##Release 3.9.6 of wolfSSL has bug fixes and new features including: - -- Add staticmemory feature -- Add public wc_GetTime API with base64encode feature -- Add AES CMAC algorithm -- Add DTLS sessionexport feature -- Add python wolfCrypt wrapper -- Add ECC encrypt/decrypt benchmarks -- Add dynamic session tickets -- Add eccshamir option -- Add Whitewood netRandom support --with-wnr -- Add embOS port -- Add minimum key size checks for RSA and ECC -- Add STARTTLS support to examples -- Add uTasker port -- Add asynchronous crypto and wolf event support -- Add compile check for misc.c with inline -- Add RNG benchmark -- Add reduction to stack usage with hash-based RNG -- Update STM32F2_CRYPTO port with additional algorithms supported -- Update MDK5 projects -- Update AES-NI -- Fix for STM32 with STM32F2_HASH defined -- Fix for building with MinGw -- Fix ECC math bugs with ALT_ECC_SIZE and key sizes over 256 bit (1) -- Fix certificate buffers github issue #422 -- Fix decrypt max size with RSA OAEP -- Fix DTLS sanity check with DTLS timeout notification -- Fix free of WOLFSSL_METHOD on failure to create CTX -- Fix memory leak in failure case with wc_RsaFunction (2) - -- No high level security fixes that requires an update though we always -recommend updating to the latest -- (1) Code changes for ECC fix can be found at pull requests #411, #416, and #428 -- (2) Builds using RSA with using normal math and not RSA_LOW_MEM should update - -See INSTALL file for build instructions. -More info can be found on-line at //http://wolfssl.com/wolfSSL/Docs.html - -# wolfSSL (Formerly CyaSSL) Release 3.9.0 (03/18/2016) - -##Release 3.9.0 of wolfSSL has bug fixes and new features including: - -- Add new leantls configuration -- Add RSA OAEP padding at wolfCrypt level -- Add Arduino port and example client -- Add fixed point DH operation -- Add CUSTOM_RAND_GENRATE_SEED_OS and CUSTOM_RAND_GENERATE_BLOCK -- Add ECDHE-PSK cipher suites -- Add PSK ChaCha20-Poly1305 cipher suites -- Add option for fail on no peer cert except PSK suites -- Add port for Nordic nRF51 -- Add additional ECC NIST test vectors for 256, 384 and 521 -- Add more granular ECC, Ed25519/Curve25519 and AES configs -- Update to ChaCha20-Poly1305 -- Update support for Freescale KSDK 1.3.0 -- Update DER buffer handling code, refactoring and reducing memory -- Fix to AESNI 192 bit key expansion -- Fix to C# wrapper character encoding -- Fix sequence number issue with DTLS epoch 0 messages -- Fix RNGA with K64 build -- Fix ASN.1 X509 V3 certificate policy extension parsing -- Fix potential free of uninitialized RSA key in asn.c -- Fix potential underflow when using ECC build with FP_ECC -- Fixes for warnings in Visual Studio 2015 build - -- No high level security fixes that requires an update though we always -recommend updating to the latest -- FP_ECC is off by default, users with it enabled should update for the zero -sized hash fix - -See INSTALL file for build instructions. -More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html - -# wolfSSL (Formerly CyaSSL) Release 3.8.0 (12/30/2015) - -##Release 3.8.0 of wolfSSL has bug fixes and new features including: - -- Example client/server with VxWorks -- AESNI use with AES-GCM -- Stunnel compatibility enhancements -- Single shot hash and signature/verify API added -- Update cavium nitrox port -- LPCXpresso IDE support added -- C# wrapper to support wolfSSL use by a C# program -- (BETA version)OCSP stapling added -- Update OpenSSH compatibility -- Improve DTLS handshake when retransmitting finished message -- fix idea_mult() for 16 and 32bit systems -- fix LowResTimer on Microchip ports - -- No high level security fixes that requires an update though we always -recommend updating to the latest - -See INSTALL file for build instructions. -More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html - -# wolfSSL (Formerly CyaSSL) Release 3.7.0 (10/26/2015) - -##Release 3.7.0 of wolfSSL has bug fixes and new features including: - -- ALPN extension support added for HTTP2 connections with --enable-alpn -- Change of example/client/client max fragment flag -L -> -F -- Throughput benchmarking, added scripts/benchmark.test -- Sniffer API ssl_FreeDecodeBuffer added -- Addition of AES_GCM to Sniffer -- Sniffer change to handle unlimited decrypt buffer size -- New option for the sniffer where it will try to pick up decoding after a - sequence number acknowldgement fault. Also includes some additional stats. -- JNI API setter and getter function for jobject added -- User RSA crypto plugin abstraction. An example placed in wolfcrypt/user-crypto -- fix to asn configuration bug -- AES-GCM/CCM fixes. -- Port for Rowley added -- Rowley Crossworks bare metal examples added -- MDK5-ARM project update -- FreeRTOS support updates. -- VXWorks support updates. -- Added the IDEA cipher and support in wolfSSL. -- Update wolfSSL website CA. -- CFLAGS is usable when configuring source. - -- No high level security fixes that requires an update though we always -recommend updating to the latest - -See INSTALL file for build instructions. -More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html - -#wolfSSL (Formerly CyaSSL) Release 3.6.8 (09/17/2015) - -##Release 3.6.8 of wolfSSL fixes two high severity vulnerabilities. -##It also includes bug fixes and new features including: - -- Two High level security fixes, all users SHOULD update. - a) If using wolfSSL for DTLS on the server side of a publicly accessible - machine you MUST update. - b) If using wolfSSL for TLS on the server side with private RSA keys allowing - ephemeral key exchange without low memory optimziations you MUST update and - regenerate the private RSA keys. - - Please see https://www.wolfssl.com/wolfSSL/Blog/Blog.html for more details - -- No filesystem build fixes for various configurations -- Certificate generation now supports several extensions including KeyUsage, - SKID, AKID, and Ceritifcate Policies -- CRLs can be loaded from buffers as well as files now -- SHA-512 Ceritifcate Signing generation -- Fixes for sniffer reassembly processing - -See INSTALL file for build instructions. -More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html - -#wolfSSL (Formerly CyaSSL) Release 3.6.6 (08/20/2015) - -##Release 3.6.6 of wolfSSL has bug fixes and new features including: - -- OpenSSH compatibility with --enable-openssh -- stunnel compatibility with --enable-stunnel -- lighttpd compatibility with --enable-lighty -- SSLv3 is now disabled by default, can be enabled with --enable-sslv3 -- Ephemeral key cipher suites only are now supported by default - To enable static ECDH cipher suites define WOLFSSL_STATIC_DH - To enable static RSA cipher suites define WOLFSSL_STATIC_RSA - To enable static PSK cipher suites define WOLFSSL_STATIC_PSK -- Added QSH (quantum-safe handshake) extension with --enable-ntru -- SRP is now part of wolfCrypt, enable with --enabe-srp -- Certificate handshake messages can now be sent fragmented if the record - size is smaller than the total message size, no user action required. -- DTLS duplicate message fixes -- Visual Studio project files now support DLL and static builds for 32/64bit. -- Support for new Freesacle I/O -- FreeRTOS FIPS support - -- No high level security fixes that requires an update though we always - recommend updating to the latest - -See INSTALL file for build instructions. -More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html - - -#wolfSSL (Formerly CyaSSL) Release 3.6.0 (06/19/2015) - -##Release 3.6.0 of wolfSSL has bug fixes and new features including: - -- Max Strength build that only allows TLSv1.2, AEAD ciphers, and PFS (Perfect - Forward Secrecy). With --enable-maxstrength -- Server side session ticket support, the example server and echosever use the - example callback myTicketEncCb(), see wolfSSL_CTX_set_TicketEncCb() -- FIPS version submitted for iOS. -- TI Crypto Hardware Acceleration -- DTLS fragmentation fixes -- ECC key check validation with wc_ecc_check_key() -- 32bit code options to reduce memory for Curve25519 and Ed25519 -- wolfSSL JNI build switch with --enable-jni -- PicoTCP support improvements -- DH min ephemeral key size enforcement with wolfSSL_CTX_SetMinDhKey_Sz() -- KEEP_PEER_CERT and AltNames can now be used together -- ChaCha20 big endian fix -- SHA-512 signature algorithm support for key exchange and verify messages -- ECC make key crash fix on RNG failure, ECC users must update. -- Improvements to usage of time code. -- Improvements to VS solution files. -- GNU Binutils 2.24 ld has problems with some debug builds, to fix an ld error - add -fdebug-types-section to C_EXTRA_FLAGS - -- No high level security fixes that requires an update though we always - recommend updating to the latest (except note 14, ecc RNG failure) - -See INSTALL file for build instructions. -More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html - - -#wolfSSL (Formerly CyaSSL) Release 3.4.8 (04/06/2015) - -##Release 3.4.8 of wolfSSL has bug fixes and new features including: - -- FIPS version submitted for iOS. -- Max Strength build that only allows TLSv1.2, AEAD ciphers, and PFS. -- Improvements to usage of time code. -- Improvements to VS solution files. - -See INSTALL file for build instructions. -More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html - - -#wolfSSL (Formerly CyaSSL) Release 3.4.6 (03/30/2015) - -##Release 3.4.6 of wolfSSL has bug fixes and new features including: - -- Intel Assembly Speedups using instructions rdrand, rdseed, aesni, avx1/2, - rorx, mulx, adox, adcx . They can be enabled with --enable-intelasm. - These speedup the use of RNG, SHA2, and public key algorithms. -- Ed25519 support at the crypto level. Turn on with --enable-ed25519. Examples - in wolcrypt/test/test.c ed25519_test(). -- Post Handshake Memory reductions. wolfSSL can now hold less than 1,000 bytes - of memory per secure connection including cipher state. -- wolfSSL API and wolfCrypt API fixes, you can still include the cyassl and - ctaocrypt headers which will enable the compatibility APIs for the - foreseeable future -- INSTALL file to help direct users to build instructions for their environment -- For ECC users with the normal math library a fix that prevents a crash when - verify signature fails. Users of 3.4.0 with ECC and the normal math library - must update -- RC4 is now disabled by default in autoconf mode -- AES-GCM and ChaCha20/Poly1305 are now enabled by default to make AEAD ciphers - available without a switch -- External ChaCha-Poly AEAD API, thanks to Andrew Burks for the contribution -- DHE-PSK cipher suites can now be built without ASN or Cert support -- Fix some NO MD5 build issues with optional features -- Freescale CodeWarrior project updates -- ECC curves can be individually turned on/off at build time. -- Sniffer handles Cert Status message and other minor fixes -- SetMinVersion() at the wolfSSL Context level instead of just SSL session level - to allow minimum protocol version allowed at runtime -- RNG failure resource cleanup fix - -- No high level security fixes that requires an update though we always - recommend updating to the latest (except note 6 use case of ecc/normal math) - -See INSTALL file for build instructions. -More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html - - -#wolfSSL (Formerly CyaSSL) Release 3.4.0 (02/23/2015) - -## Release 3.4.0 wolfSSL has bug fixes and new features including: - -- wolfSSL API and wolfCrypt API, you can still include the cyassl and ctaocrypt - headers which will enable the compatibility APIs for the foreseeable future -- Example use of the wolfCrypt API can be found in wolfcrypt/test/test.c -- Example use of the wolfSSL API can be found in examples/client/client.c -- Curve25519 now supported at the wolfCrypt level, wolfSSL layer coming soon -- Improvements in the build configuration under AIX -- Microchip Pic32 MZ updates -- TIRTOS updates -- PowerPC updates -- Xcode project update -- Bidirectional shutdown examples in client/server with -w (wait for full - shutdown) option -- Cycle counts on benchmarks for x86_64, more coming soon -- ALT_ECC_SIZE for reducing ecc heap use with fastmath when also using large RSA - keys -- Various compile warnings -- Scan-build warning fixes -- Changed a memcpy to memmove in the sniffer (if using sniffer please update) -- No high level security fixes that requires an update though we always - recommend updating to the latest - - -# CyaSSL Release 3.3.0 (12/05/2014) - -- Countermeasuers for Handshake message duplicates, CHANGE CIPHER without - FINISHED, and fast forward attempts. Thanks to Karthikeyan Bhargavan from - the Prosecco team at INRIA Paris-Rocquencourt for the report. -- FIPS version submitted -- Removes SSLv2 Client Hello processing, can be enabled with OLD_HELLO_ALLOWED -- User can set mimimum downgrade version with CyaSSL_SetMinVersion() -- Small stack improvements at TLS/SSL layer -- TLS Master Secret generation and Key Expansion are now exposed -- Adds client side Secure Renegotiation, * not recommended * -- Client side session ticket support, not fully tested with Secure Renegotiation -- Allows up to 4096bit DHE at TLS Key Exchange layer -- Handles non standard SessionID sizes in Hello Messages -- PicoTCP Support -- Sniffer now supports SNI Virtual Hosts -- Sniffer now handles non HTTPS protocols using STARTTLS -- Sniffer can now parse records with multiple messages -- TI-RTOS updates -- Fix for ColdFire optimized fp_digit read only in explicit 32bit case -- ADH Cipher Suite ADH-AES128-SHA for EAP-FAST - -The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - -# CyaSSL Release 3.2.0 (09/10/2014) - -#### Release 3.2.0 CyaSSL has bug fixes and new features including: - -- ChaCha20 and Poly1305 crypto and suites -- Small stack improvements for OCSP, CRL, TLS, DTLS -- NTRU Encrypt and Decrypt benchmarks -- Updated Visual Studio project files -- Updated Keil MDK5 project files -- Fix for DTLS sequence numbers with GCM/CCM -- Updated HashDRBG with more secure struct declaration -- TI-RTOS support and example Code Composer Studio project files -- Ability to get enabled cipher suites, CyaSSL_get_ciphers() -- AES-GCM/CCM/Direct support for Freescale mmCAU and CAU -- Sniffer improvement checking for decrypt key setup -- Support for raw ECC key import -- Ability to convert ecc_key to DER, EccKeyToDer() -- Security fix for RSA Padding check vulnerability reported by Intel Security - Advanced Threat Research team - -The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - -# CyaSSL Release 3.1.0 (07/14/2014) - -#### Release 3.1.0 CyaSSL has bug fixes and new features including: - -- Fix for older versions of icc without 128-bit type -- Intel ASM syntax for AES-NI -- Updated NTRU support, keygen benchmark -- FIPS check for minimum required HMAC key length -- Small stack (--enable-smallstack) improvements for PKCS#7, ASN -- TLS extension support for DTLS -- Default I/O callbacks external to user -- Updated example client with bad clock test -- Ability to set optional ECC context info -- Ability to enable/disable DH separate from opensslextra -- Additional test key/cert buffers for CA and server -- Updated example certificates - -The CyaSSL manual is available at: -http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - -# CyaSSL Release 3.0.2 (05/30/2014) - -#### Release 3.0.2 CyaSSL has bug fixes and new features including: - -- Added the following cipher suites: - * TLS_PSK_WITH_AES_128_GCM_SHA256 - * TLS_PSK_WITH_AES_256_GCM_SHA384 - * TLS_PSK_WITH_AES_256_CBC_SHA384 - * TLS_PSK_WITH_NULL_SHA384 - * TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 - * TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 - * TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 - * TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 - * TLS_DHE_PSK_WITH_NULL_SHA256 - * TLS_DHE_PSK_WITH_NULL_SHA384 - * TLS_DHE_PSK_WITH_AES_128_CCM - * TLS_DHE_PSK_WITH_AES_256_CCM -- Added AES-NI support for Microsoft Visual Studio builds. -- Changed small stack build to be disabled by default. -- Updated the Hash DRBG and provided a configure option to enable. - -The CyaSSL manual is available at: -http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - -# CyaSSL Release 3.0.0 (04/29/2014) - -#### Release 3.0.0 CyaSSL has bug fixes and new features including: - -- FIPS release candidate -- X.509 improvements that address items reported by Suman Jana with security - researchers at UT Austin and UC Davis -- Small stack size improvements, --enable-smallstack. Offloads large local - variables to the heap. (Note this is not complete.) -- Updated AES-CCM-8 cipher suites to use approved suite numbers. - -The CyaSSL manual is available at: -http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - -# CyaSSL Release 2.9.4 (04/09/2014) - -#### Release 2.9.4 CyaSSL has bug fixes and new features including: - -- Security fixes that address items reported by Ivan Fratric of the Google - Security Team -- X.509 Unknown critical extensions treated as errors, report by Suman Jana with - security researchers at UT Austin and UC Davis -- Sniffer fixes for corrupted packet length and Jumbo frames -- ARM thumb mode assembly fixes -- Xcode 5.1 support including new clang -- PIC32 MZ hardware support -- CyaSSL Object has enough room to read the Record Header now w/o allocs -- FIPS wrappers for AES, 3DES, SHA1, SHA256, SHA384, HMAC, and RSA. -- A sample I/O pool is demonstrated with --enable-iopool to overtake memory - handling and reduce memory fragmentation on I/O large sizes - -The CyaSSL manual is available at: -http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - -# CyaSSL Release 2.9.0 (02/07/2014) - -#### Release 2.9.0 CyaSSL has bug fixes and new features including: -- Freescale Kinetis RNGB support -- Freescale Kinetis mmCAU support -- TLS Hello extensions - - ECC - - Secure Renegotiation (null) - - Truncated HMAC -- SCEP support - - PKCS #7 Enveloped data and signed data - - PKCS #10 Certificate Signing Request generation -- DTLS sliding window -- OCSP Improvements - - API change to integrate into Certificate Manager - - IPv4/IPv6 agnostic - - example client/server support for OCSP - - OCSP nonces are optional -- GMAC hashing -- Windows build additions -- Windows CYGWIN build fixes -- Updated test certificates -- Microchip MPLAB Harmony support -- Update autoconf scripts -- Additional X.509 inspection functions -- ECC encrypt/decrypt primitives -- ECC Certificate generation - -The Freescale Kinetis K53 RNGB documentation can be found in Chapter 33 of the -K53 Sub-Family Reference Manual: -http://cache.freescale.com/files/32bit/doc/ref_manual/K53P144M100SF2RM.pdf - -Freescale Kinetis K60 mmCAU (AES, DES, 3DES, MD5, SHA, SHA256) documentation -can be found in the "ColdFire/ColdFire+ CAU and Kinetis mmCAU Software Library -User Guide": -http://cache.freescale.com/files/32bit/doc/user_guide/CAUAPIUG.pdf - - -# CyaSSL Release 2.8.0 (8/30/2013) - -#### Release 2.8.0 CyaSSL has bug fixes and new features including: -- AES-GCM and AES-CCM use AES-NI -- NetX default IO callback handlers -- IPv6 fixes for DTLS Hello Cookies -- The ability to unload Certs/Keys after the handshake, CyaSSL_UnloadCertsKeys() -- SEP certificate extensions -- Callback getters for easier resource freeing -- External CYASSL_MAX_ERROR_SZ for correct error buffer sizing -- MacEncrypt and DecryptVerify Callbacks for User Atomic Record Layer Processing -- Public Key Callbacks for ECC and RSA -- Client now sends blank cert upon request if doesn't have one with TLS <= 1.2 - - -The CyaSSL manual is available at: -http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - -# CyaSSL Release 2.7.0 (6/17/2013) - -#### Release 2.7.0 CyaSSL has bug fixes and new features including: -- SNI support for client and server -- KEIL MDK-ARM projects -- Wildcard check to domain name match, and Subject altnames are checked too -- Better error messages for certificate verification errors -- Ability to discard session during handshake verify -- More consistent error returns across all APIs -- Ability to unload CAs at the CTX or CertManager level -- Authority subject id support for Certificate matching -- Persistent session cache functionality -- Persistent CA cache functionality -- Client session table lookups to push serverID table to library level -- Camellia support to sniffer -- User controllable settings for DTLS timeout values -- Sniffer fixes for caching long lived sessions -- DTLS reliability enhancements for the handshake -- Better ThreadX support - -When compiling with Mingw, libtool may give the following warning due to -path conversion errors: - -``` -libtool: link: Could not determine host file name corresponding to ** -libtool: link: Continuing, but uninstalled executables may not work. -``` - -If so, examples and testsuite will have problems when run, showing an -error while loading shared libraries. To resolve, please run "make install". - -The CyaSSL manual is available at: -http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - -# CyaSSL Release 2.6.0 (04/15/2013) - -#### Release 2.6.0 CyaSSL has bug fixes and new features including: -- DTLS 1.2 support including AEAD ciphers -- SHA-3 finalist Blake2 support, it's fast and uses little resources -- SHA-384 cipher suites including ECC ones -- HMAC now supports SHA-512 -- Track memory use for example client/server with -t option -- Better IPv6 examples with --enable-ipv6, before if ipv6 examples/tests were - turned on, localhost only was used. Now link-local (with scope ids) and ipv6 - hosts can be used as well. -- Xcode v4.6 project for iOS v6.1 update -- settings.h is now checked in all *.c files for true one file setting detection -- Better alignment at SSL layer for hardware crypto alignment needs - * Note, SSL itself isn't friendly to alignment with 5 byte TLS headers and - 13 bytes DTLS headers, but every effort is now made to align with the - CYASSL_GENERAL_ALIGNMENT flag which sets desired alignment requirement -- NO_64BIT flag to turn off 64bit data type accumulators in public key code - * Note, some systems are faster with 32bit accumulators -- --enable-stacksize for example client/server stack use - * Note, modern desktop Operating Systems may add bytes to each stack frame -- Updated compression/decompression with direct crypto access -- All ./configure options are now lowercase only for consistency -- ./configure builds default to fastmath option - * Note, if on ia32 and building in shared mode this may produce a problem - with a missing register being available because of PIC, there are at least - 6 solutions to this: - 1) --disable-fastmath , don't use fastmath - 2) --disable-shared, don't build a shared library - 3) C_EXTRA_FLAGS=-DTFM_NO_ASM , turn off assembly use - 4) use clang, it just seems to work - 5) play around with no PIC options to force all registers being open, - e.g., --without-pic - 6) if static lib is still a problem try removing fPIE -- Many new ./configure switches for option enable/disable for example - * rsa - * dh - * dsa - * md5 - * sha - * arc4 - * null (allow NULL ciphers) - * oldtls (only use TLS 1.2) - * asn (no certs or public keys allowed) -- ./configure generates cyassl/options.h which allows a header the user can - include in their app to make sure the same options are set at the app and - CyaSSL level. -- autoconf no longer needs serial-tests which lowers version requirements of - automake to 1.11 and autoconf to 2.63 - -The CyaSSL manual is available at: -http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - - -# CyaSSL Release 2.5.0 (02/04/2013) - -#### Release 2.5.0 CyaSSL has bug fixes and new features including: -- Fix for TLS CBC padding timing attack identified by Nadhem Alfardan and - Kenny Paterson: http://www.isg.rhul.ac.uk/tls/ -- Microchip PIC32 (MIPS16, MIPS32) support -- Microchip MPLAB X example projects for PIC32 Ethernet Starter Kit -- Updated CTaoCrypt benchmark app for embedded systems -- 1024-bit test certs/keys and cert/key buffers -- AES-CCM-8 crypto and cipher suites -- Camellia crypto and cipher suites -- Bumped minimum autoconf version to 2.65, automake version to 1.12 -- Addition of OCSP callbacks -- STM32F2 support with hardware crypto and RNG -- Cavium NITROX support - -CTaoCrypt now has support for the Microchip PIC32 and has been tested with -the Microchip PIC32 Ethernet Starter Kit, the XC32 compiler and -MPLAB X IDE in both MIPS16 and MIPS32 instruction set modes. See the README -located under the /mplabx directory for more details. - -To add Cavium NITROX support do: - -./configure --with-cavium=/home/user/cavium/software - -pointing to your licensed cavium/software directory. Since Cavium doesn't -build a library we pull in the cavium_common.o file which gives a libtool -warning about the portability of this. Also, if you're using the github source -tree you'll need to remove the -Wredundant-decls warning from the generated -Makefile because the cavium headers don't conform to this warning. Currently -CyaSSL supports Cavium RNG, AES, 3DES, RC4, HMAC, and RSA directly at the crypto -layer. Support at the SSL level is partial and currently just does AES, 3DES, -and RC4. RSA and HMAC are slower until the Cavium calls can be utilized in non -blocking mode. The example client turns on cavium support as does the crypto -test and benchmark. Please see the HAVE_CAVIUM define. - -CyaSSL is able to use the STM32F2 hardware-based cryptography and random number -generator through the STM32F2 Standard Peripheral Library. For necessary -defines, see the CYASSL_STM32F2 define in settings.h. Documentation for the -STM32F2 Standard Peripheral Library can be found in the following document: -http://www.st.com/internet/com/TECHNICAL_RESOURCES/TECHNICAL_LITERATURE/USER_MANUAL/DM00023896.pdf - -The CyaSSL manual is available at: -http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - - -# CyaSSL Release 2.4.6 (12/20/2012) - -#### Release 2.4.6 CyaSSL has bug fixes and a few new features including: -- ECC into main version -- Lean PSK build (reduced code size, RAM usage, and stack usage) -- FreeBSD CRL monitor support -- CyaSSL_peek() -- CyaSSL_send() and CyaSSL_recv() for I/O flag setting -- CodeWarrior Support -- MQX Support -- Freescale Kinetis support including Hardware RNG -- autoconf builds use jobserver -- cyassl-config -- Sniffer memory reductions - -Thanks to Brian Aker for the improved autoconf system, make rpm, cyassl-config, -warning system, and general good ideas for improving CyaSSL! - -The Freescale Kinetis K70 RNGA documentation can be found in Chapter 37 of the -K70 Sub-Family Reference Manual: -http://cache.freescale.com/files/microcontrollers/doc/ref_manual/K70P256M150SF3RM.pdf - -The CyaSSL manual is available at: -http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - -# CyaSSL Release 2.4.0 (10/10/2012) - -#### Release 2.4.0 CyaSSL has bug fixes and a few new features including: -- DTLS reliability -- Reduced memory usage after handshake -- Updated build process - -The CyaSSL manual is available at: -http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - - -# CyaSSL Release 2.3.0 (8/10/2012) - -#### Release 2.3.0 CyaSSL has bug fixes and a few new features including: -- AES-GCM crypto and cipher suites -- make test cipher suite checks -- Subject AltName processing -- Command line support for client/server examples -- Sniffer SessionTicket support -- SHA-384 cipher suites -- Verify cipher suite validity when user overrides -- CRL dir monitoring -- DTLS Cookie support, reliability coming soon - -The CyaSSL manual is available at: -http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - - -# CyaSSL Release 2.2.0 (5/18/2012) - -#### Release 2.2.0 CyaSSL has bug fixes and a few new features including: -- Initial CRL support (--enable-crl) -- Initial OCSP support (--enable-ocsp) -- Add static ECDH suites -- SHA-384 support -- ECC client certificate support -- Add medium session cache size (1055 sessions) -- Updated unit tests -- Protection against mutex reinitialization - - -The CyaSSL manual is available at: -http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - - -# CyaSSL Release 2.0.8 (2/24/2012) - -#### Release 2.0.8 CyaSSL has bug fixes and a few new features including: -- A fix for malicious certificates pointed out by Remi Gacogne (thanks) - resulting in NULL pointer use. -- Respond to renegotiation attempt with no_renegoatation alert -- Add basic path support for load_verify_locations() -- Add set Temp EC-DHE key size -- Extra checks on rsa test when porting into - - -The CyaSSL manual is available at: -http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - - -# CyaSSL Release 2.0.6 (1/27/2012) - -#### Release 2.0.6 CyaSSL has bug fixes and a few new features including: -- Fixes for CA basis constraint check -- CTX reference counting -- Initial unit test additions -- Lean and Mean Windows fix -- ECC benchmarking -- SSMTP build support -- Ability to group handshake messages with set_group_messages(ctx/ssl) -- CA cache addition callback -- Export Base64_Encode for general use - -The CyaSSL manual is available at: -http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - - -# CyaSSL Release 2.0.2 (12/05/2011) - -#### Release 2.0.2 CyaSSL has bug fixes and a few new features including: -- CTaoCrypt Runtime library detection settings when directly using the crypto - library -- Default certificate generation now uses SHAwRSA and adds SHA256wRSA generation -- All test certificates now use 2048bit and SHA-1 for better modern browser - support -- Direct AES block access and AES-CTR (counter) mode -- Microchip pic32 support - -The CyaSSL manual is available at: -http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - - -# CyaSSL Release 2.0.0rc3 (9/28/2011) - -#### Release 2.0.0rc3 for CyaSSL has bug fixes and a few new features including: -- updated autoconf support -- better make install and uninstall (uses system directories) -- make test / make check -- CyaSSL headers now in -- CTaocrypt headers now in -- OpenSSL compatibility headers now in -- examples and tests all run from home directory so can use certs in ./certs - (see note 1) - -So previous applications that used the OpenSSL compatibility header - now need to include instead, no other -changes are required. - -Special Thanks to Brian Aker for his autoconf, install, and header patches. - -The CyaSSL manual is available at: -http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - -# CyaSSL Release 2.0.0rc2 (6/6/2011) - -#### Release 2.0.0rc2 for CyaSSL has bug fixes and a few new features including: -- bug fixes (Alerts, DTLS with DHE) -- FreeRTOS support -- lwIP support -- Wshadow warnings removed -- asn public header -- CTaoCrypt public headers now all have ctc_ prefix (the manual is still being - updated to reflect this change) -- and more. - -This is the 2nd and perhaps final release candidate for version 2. -Please send any comments or questions to support@yassl.com. - -The CyaSSL manual is available at: -http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - -# CyaSSL Release 2.0.0rc1 (5/2/2011) - -#### Release 2.0.0rc1 for CyaSSL has many new features including: -- bug fixes -- SHA-256 cipher suites -- Root Certificate Verification (instead of needing all certs in the chain) -- PKCS #8 private key encryption (supports PKCS #5 v1-v2 and PKCS #12) -- Serial number retrieval for x509 -- PBKDF2 and PKCS #12 PBKDF -- UID parsing for x509 -- SHA-256 certificate signatures -- Client and server can send chains (SSL_CTX_use_certificate_chain_file) -- CA loading can now parse multiple certificates per file -- Dynamic memory runtime hooks -- Runtime hooks for logging -- EDH on server side -- More informative error codes -- More informative logging messages -- Version downgrade more robust (use SSL_v23*) -- Shared build only by default through ./configure -- Compiler visibility is now used, internal functions not polluting namespace -- Single Makefile, no recursion, for faster and simpler building -- Turn on all warnings possible build option, warning fixes -- and more. - -Because of all the new features and the multiple OS, compiler, feature-set -options that CyaSSL allows, there may be some configuration fixes needed. -Please send any comments or questions to support@yassl.com. - -The CyaSSL manual is available at: -http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - -# CyaSSL Release 1.9.0 (3/2/2011) - -Release 1.9.0 for CyaSSL adds bug fixes, improved TLSv1.2 through testing and -better hash/sig algo ids, --enable-webServer for the yaSSL embedded web server, -improper AES key setup detection, user cert verify callback improvements, and -more. - -The CyaSSL manual offering is included in the doc/ directory. For build -instructions and comments about the new features please check the manual. - -Please send any comments or questions to support@yassl.com. - -# CyaSSL Release 1.8.0 (12/23/2010) - -Release 1.8.0 for CyaSSL adds bug fixes, x509 v3 CA signed certificate -generation, a C standard library abstraction layer, lower memory use, increased -portability through the os_settings.h file, and the ability to use NTRU cipher -suites when used in conjunction with an NTRU license and library. - -The initial CyaSSL manual offering is included in the doc/ directory. For -build instructions and comments about the new features please check the manual. - -Please send any comments or questions to support@yassl.com. - -Happy Holidays. - - -# CyaSSL Release 1.6.5 (9/9/2010) - -Release 1.6.5 for CyaSSL adds bug fixes and x509 v3 self signed certificate -generation. - -For general build instructions see doc/Building_CyaSSL.pdf. - -To enable certificate generation support add this option to ./configure -./configure --enable-certgen - -An example is included in ctaocrypt/test/test.c and documentation is provided -in doc/CyaSSL_Extensions_Reference.pdf item 11. - -# CyaSSL Release 1.6.0 (8/27/2010) - -Release 1.6.0 for CyaSSL adds bug fixes, RIPEMD-160, SHA-512, and RSA key -generation. - -For general build instructions see doc/Building_CyaSSL.pdf. - -To add RIPEMD-160 support add this option to ./configure -./configure --enable-ripemd - -To add SHA-512 support add this option to ./configure -./configure --enable-sha512 - -To add RSA key generation support add this option to ./configure -./configure --enable-keygen - -Please see ctaocrypt/test/test.c for examples and usage. - -For Windows, RIPEMD-160 and SHA-512 are enabled by default but key generation is -off by default. To turn key generation on add the define CYASSL_KEY_GEN to -CyaSSL. - - -# CyaSSL Release 1.5.6 (7/28/2010) - -Release 1.5.6 for CyaSSL adds bug fixes, compatibility for our JSSE provider, -and a fix for GCC builds on some systems. - -For general build instructions see doc/Building_CyaSSL.pdf. - -To add AES-NI support add this option to ./configure -./configure --enable-aesni - -You'll need GCC 4.4.3 or later to make use of the assembly. - -# CyaSSL Release 1.5.4 (7/7/2010) - -Release 1.5.4 for CyaSSL adds bug fixes, support for AES-NI, SHA1 speed -improvements from loop unrolling, and support for the Mongoose Web Server. - -For general build instructions see doc/Building_CyaSSL.pdf. - -To add AES-NI support add this option to ./configure -./configure --enable-aesni - -You'll need GCC 4.4.3 or later to make use of the assembly. - -# CyaSSL Release 1.5.0 (5/11/2010) - -Release 1.5.0 for CyaSSL adds bug fixes, GoAhead WebServer support, sniffer -support, and initial swig interface support. - -For general build instructions see doc/Building_CyaSSL.pdf. - -To add support for GoAhead WebServer either --enable-opensslExtra or if you -don't want all the features of opensslExtra you can just define GOAHEAD_WS -instead. GOAHEAD_WS can be added to ./configure with CFLAGS=-DGOAHEAD_WS or -you can define it yourself. - -To look at the sniffer support please see the sniffertest app in -sslSniffer/sslSnifferTest. Build with --enable-sniffer on *nix or use the -vcproj files on windows. You'll need to have pcap installed on *nix and -WinPcap on windows. - -A swig interface file is now located in the swig directory for using Python, -Java, Perl, and others with CyaSSL. This is initial support and experimental, -please send questions or comments to support@yassl.com. - -When doing load testing with CyaSSL, on the echoserver example say, the client -machine may run out of tcp ephemeral ports, they will end up in the TIME_WAIT -queue, and can't be reused by default. There are generally two ways to fix -this. - -1. Reduce the length sockets remain on the TIME_WAIT queue OR -2. Allow items on the TIME_WAIT queue to be reused. - - -To reduce the TIME_WAIT length in OS X to 3 seconds (3000 milliseconds) - -`sudo sysctl -w net.inet.tcp.msl=3000` - -In Linux - -`sudo sysctl -w net.ipv4.tcp_tw_reuse=1` - -allows reuse of sockets in TIME_WAIT - -`sudo sysctl -w net.ipv4.tcp_tw_recycle=1` - -works but seems to remove sockets from TIME_WAIT entirely? - -`sudo sysctl -w net.ipv4.tcp_fin_timeout=1` - -doen't control TIME_WAIT, it controls FIN_WAIT(2) contrary to some posts - - -# CyaSSL Release 1.4.0 (2/18/2010) - -Release 1.3.0 for CyaSSL adds bug fixes, better multi TLS/SSL version support -through SSLv23_server_method(), and improved documentation in the doc/ folder. - -For general build instructions doc/Building_CyaSSL.pdf. - -# CyaSSL Release 1.3.0 (1/21/2010) - -Release 1.3.0 for CyaSSL adds bug fixes, a potential security problem fix, -better porting support, removal of assert()s, and a complete THREADX port. - -For general build instructions see rc1 below. - -# CyaSSL Release 1.2.0 (11/2/2009) - -Release 1.2.0 for CyaSSL adds bug fixes and session negotiation if first use is -read or write. - -For general build instructions see rc1 below. - -# CyaSSL Release 1.1.0 (9/2/2009) - -Release 1.1.0 for CyaSSL adds bug fixes, a check against malicious session -cache use, support for lighttpd, and TLS 1.2. - -To get TLS 1.2 support please use the client and server functions: - -```c -SSL_METHOD *TLSv1_2_server_method(void); -SSL_METHOD *TLSv1_2_client_method(void); -``` - -CyaSSL was tested against lighttpd 1.4.23. To build CyaSSL for use with -lighttpd use the following commands from the CyaSSL install dir : - -``` -./configure --disable-shared --enable-opensslExtra --enable-fastmath --without-zlib - -make -make openssl-links -``` - -Then to build lighttpd with CyaSSL use the following commands from the -lighttpd install dir: - -``` -./configure --with-openssl --with-openssl-includes=/include --with-openssl-libs=/lib LDFLAGS=-lm - -make -``` - -On some systems you may get a linker error about a duplicate symbol for -MD5_Init or other MD5 calls. This seems to be caused by the lighttpd src file -md5.c, which defines MD5_Init(), and is included in liblightcomp_la-md5.o. -When liblightcomp is linked with the SSL_LIBs the linker may complain about -the duplicate symbol. This can be fixed by editing the lighttpd src file md5.c -and adding this line to the beginning of the file: - -\#if 0 - -and this line to the end of the file - -\#endif - -Then from the lighttpd src dir do a: - -``` -make clean -make -``` - -If you get link errors about undefined symbols more than likely the actual -OpenSSL libraries are found by the linker before the CyaSSL openssl-links that -point to the CyaSSL library, causing the linker confusion. This can be fixed -by editing the Makefile in the lighttpd src directory and changing the line: - -`SSL_LIB = -lssl -lcrypto` - -to - -`SSL_LIB = -lcyassl` - -Then from the lighttpd src dir do a: - -``` -make clean -make -``` - -This should remove any confusion the linker may be having with missing symbols. - -For any questions or concerns please contact support@yassl.com . - -For general build instructions see rc1 below. - -# CyaSSL Release 1.0.6 (8/03/2009) - -Release 1.0.6 for CyaSSL adds bug fixes, an improved session cache, and faster -math with a huge code option. - -The session cache now defaults to a client mode, also good for embedded servers. -For servers not under heavy load (less than 200 new sessions per minute), define -BIG_SESSION_CACHE. If the server will be under heavy load, define -HUGE_SESSION_CACHE. - -There is now a fasthugemath option for configure. This enables fastmath plus -even faster math by greatly increasing the code size of the math library. Use -the benchmark utility to compare public key operations. - - -For general build instructions see rc1 below. - -# CyaSSL Release 1.0.3 (5/10/2009) - -Release 1.0.3 for CyaSSL adds bug fixes and add increased support for OpenSSL -compatibility when building other applications. - -Release 1.0.3 includes an alpha release of DTLS for both client and servers. -This is only for testing purposes at this time. Rebroadcast and reordering -aren't fully implemented at this time but will be for the next release. - -For general build instructions see rc1 below. - -# CyaSSL Release 1.0.2 (4/3/2009) - -Release 1.0.2 for CyaSSL adds bug fixes for a couple I/O issues. Some systems -will send a SIGPIPE on socket recv() at any time and this should be handled by -the application by turning off SIGPIPE through setsockopt() or returning from -the handler. - -Release 1.0.2 includes an alpha release of DTLS for both client and servers. -This is only for testing purposes at this time. Rebroadcast and reordering -aren't fully implemented at this time but will be for the next release. - -For general build instructions see rc1 below. - -## CyaSSL Release Candidate 3 rc3-1.0.0 (2/25/2009) - - -Release Candidate 3 for CyaSSL 1.0.0 adds bug fixes and adds a project file for -iPhone development with Xcode. cyassl-iphone.xcodeproj is located in the root -directory. This release also includes a fix for supporting other -implementations that bundle multiple messages at the record layer, this was -lost when cyassl i/o was re-implemented but is now fixed. - -For general build instructions see rc1 below. - -## CyaSSL Release Candidate 2 rc2-1.0.0 (1/21/2009) - - -Release Candidate 2 for CyaSSL 1.0.0 adds bug fixes and adds two new stream -ciphers along with their respective cipher suites. CyaSSL adds support for -HC-128 and RABBIT stream ciphers. The new suites are: - -``` -TLS_RSA_WITH_HC_128_SHA -TLS_RSA_WITH_RABBIT_SHA -``` - -And the corresponding cipher names are - -``` -HC128-SHA -RABBIT-SHA -``` - -CyaSSL also adds support for building with devkitPro for PPC by changing the -library proper to use libogc. The examples haven't been changed yet but if -there's interest they can be. Here's an example ./configure to build CyaSSL -for devkitPro: - -``` -./configure --disable-shared CC=/pathTo/devkitpro/devkitPPC/bin/powerpc-gekko-gcc --host=ppc --without-zlib --enable-singleThreaded RANLIB=/pathTo/devkitpro/devkitPPC/bin/powerpc-gekko-ranlib CFLAGS="-DDEVKITPRO -DGEKKO" -``` - -For linking purposes you'll need - -`LDFLAGS="-g -mrvl -mcpu=750 -meabi -mhard-float -Wl,-Map,$(notdir $@).map"` - -For general build instructions see rc1 below. - - -## CyaSSL Release Candidate 1 rc1-1.0.0 (12/17/2008) - - -Release Candidate 1 for CyaSSL 1.0.0 contains major internal changes. Several -areas have optimization improvements, less dynamic memory use, and the I/O -strategy has been refactored to allow alternate I/O handling or Library use. -Many thanks to Thierry Fournier for providing these ideas and most of the work. - -Because of these changes, this release is only a candidate since some problems -are probably inevitable on some platform with some I/O use. Please report any -problems and we'll try to resolve them as soon as possible. You can contact us -at support@yassl.com or todd@yassl.com. - -Using TomsFastMath by passing --enable-fastmath to ./configure now uses assembly -on some platforms. This is new so please report any problems as every compiler, -mode, OS combination hasn't been tested. On ia32 all of the registers need to -be available so be sure to pass these options to CFLAGS: - -`CFLAGS="-O3 -fomit-frame-pointer"` - -OS X will also need -mdynamic-no-pic added to CFLAGS - -Also if you're building in shared mode for ia32 you'll need to pass options to -LDFLAGS as well on OS X: - -`LDFLAGS=-Wl,-read_only_relocs,warning` - -This gives warnings for some symbols but seems to work. - - -#### To build on Linux, Solaris, *BSD, Mac OS X, or Cygwin: - - ./configure - make - - from the ./testsuite/ directory run ./testsuite - -#### To make a debug build: - - ./configure --enable-debug --disable-shared - make - - - -#### To build on Win32 - -Choose (Re)Build All from the project workspace - -Run the testsuite program - - - - - -# CyaSSL version 0.9.9 (7/25/2008) - -This release of CyaSSL adds bug fixes, Pre-Shared Keys, over-rideable memory -handling, and optionally TomsFastMath. Thanks to Moisés Guimarães for the -work on TomsFastMath. - -To optionally use TomsFastMath pass --enable-fastmath to ./configure -Or define USE_FAST_MATH in each project from CyaSSL for MSVC. - -Please use the benchmark routine before and after to see the performance -difference, on some platforms the gains will be little but RSA encryption -always seems to be faster. On x86-64 machines with GCC the normal math library -may outperform the fast one when using CFLAGS=-m64 because TomsFastMath can't -yet use -m64 because of GCCs inability to do 128bit division. - - *** UPDATE GCC 4.2.1 can now do 128bit division *** - -See notes below (0.2.0) for complete build instructions. - - -# CyaSSL version 0.9.8 (5/7/2008) - -This release of CyaSSL adds bug fixes, client side Diffie-Hellman, and better -socket handling. - -See notes below (0.2.0) for complete build instructions. - - -# CyaSSL version 0.9.6 (1/31/2008) - -This release of CyaSSL adds bug fixes, increased session management, and a fix -for gnutls. - -See notes below (0.2.0) for complete build instructions. - - -# CyaSSL version 0.9.0 (10/15/2007) - -This release of CyaSSL adds bug fixes, MSVC 2005 support, GCC 4.2 support, -IPV6 support and test, and new test certificates. - -See notes below (0.2.0) for complete build instructions. - - -# CyaSSL version 0.8.0 (1/10/2007) - -This release of CyaSSL adds increased socket support, for non-blocking writes, -connects, and interrupted system calls. - -See notes below (0.2.0) for complete build instructions. - - -# CyaSSL version 0.6.3 (10/30/2006) - -This release of CyaSSL adds debug logging to stderr to aid in the debugging of -CyaSSL on systems that may not provide the best support. - -If CyaSSL is built with debugging support then you need to call -CyaSSL_Debugging_ON() to turn logging on. - -On Unix use ./configure --enable-debug - -On Windows define DEBUG_CYASSL when building CyaSSL - - -To turn logging back off call CyaSSL_Debugging_OFF() - -See notes below (0.2.0) for complete build instructions. - - -# CyaSSL version 0.6.2 (10/29/2006) - -This release of CyaSSL adds TLS 1.1. - -Note that CyaSSL has certificate verification on by default, unlike OpenSSL. -To emulate OpenSSL behavior, you must call SSL_CTX_set_verify() with -SSL_VERIFY_NONE. In order to have full security you should never do this, -provide CyaSSL with the proper certificates to eliminate impostors and call -CyaSSL_check_domain_name() to prevent man in the middle attacks. - -See notes below (0.2.0) for build instructions. - -# CyaSSL version 0.6.0 (10/25/2006) - -This release of CyaSSL adds more SSL functions, better autoconf, nonblocking -I/O for accept, connect, and read. There is now an --enable-small configure -option that turns off TLS, AES, DES3, HMAC, and ERROR_STRINGS, see configure.in -for the defines. Note that TLS requires HMAC and AES requires TLS. - -See notes below (0.2.0) for build instructions. - - -# CyaSSL version 0.5.5 (09/27/2006) - -This mini release of CyaSSL adds better input processing through buffered input -and big message support. Added SSL_pending() and some sanity checks on user -settings. - -See notes below (0.2.0) for build instructions. - - -# CyaSSL version 0.5.0 (03/27/2006) - -This release of CyaSSL adds AES support and minor bug fixes. - -See notes below (0.2.0) for build instructions. - - -# CyaSSL version 0.4.0 (03/15/2006) - -This release of CyaSSL adds TLSv1 client/server support and libtool. - -See notes below for build instructions. - - -# CyaSSL version 0.3.0 (02/26/2006) - -This release of CyaSSL adds SSLv3 server support and session resumption. - -See notes below for build instructions. - - -# CyaSSL version 0.2.0 (02/19/2006) - - -This is the first release of CyaSSL and its crypt brother, CTaoCrypt. CyaSSL -is written in ANSI C with the idea of a small code size, footprint, and memory -usage in mind. CTaoCrypt can be as small as 32K, and the current client -version of CyaSSL can be as small as 12K. - - -The first release of CTaoCrypt supports MD5, SHA-1, 3DES, ARC4, Big Integer -Support, RSA, ASN parsing, and basic x509 (en/de)coding. - -The first release of CyaSSL supports normal client RSA mode SSLv3 connections -with support for SHA-1 and MD5 digests. Ciphers include 3DES and RC4. - - -#### To build on Linux, Solaris, *BSD, Mac OS X, or Cygwin: - - ./configure - make - - from the ./testsuite/ directory run ./testsuite - -#### to make a debug build: - - ./configure --enable-debug --disable-shared - make - - - -#### To build on Win32 - -Choose (Re)Build All from the project workspace - -Run the testsuite program - - - -*** The next release of CyaSSL will support a server and more OpenSSL -compatibility functions. - - -Please send questions or comments to todd@wolfssl.com diff --git a/configure.ac b/configure.ac index 8cae247aa..61d350dfa 100644 --- a/configure.ac +++ b/configure.ac @@ -6,7 +6,7 @@ # # AC_COPYRIGHT([Copyright (C) 2006-2018 wolfSSL Inc.]) -AC_INIT([wolfssl],[3.14.0],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com]) +AC_INIT([wolfssl],[3.15.0],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[https://www.wolfssl.com]) AC_CONFIG_AUX_DIR([build-aux]) @@ -41,18 +41,18 @@ AC_CONFIG_MACRO_DIR([m4]) AC_CONFIG_HEADERS([config.h:config.in])dnl Keep filename to 8.3 for MS-DOS. #shared library versioning -WOLFSSL_LIBRARY_VERSION=16:0:0 -# | | | -# +------+ | +---+ -# | | | -# current:revision:age -# | | | -# | | +- increment if interfaces have been added -# | | set to zero if interfaces have been removed -# | | or changed -# | +- increment if source code has changed -# | set to zero if current is incremented -# +- increment if interfaces have been added, removed or changed +WOLFSSL_LIBRARY_VERSION=17:0:0 +# | | | +# +------+ | +---+ +# | | | +# current:revision:age +# | | | +# | | +- increment if interfaces have been added +# | | set to zero if interfaces have been removed +# | | or changed +# | +- increment if source code has changed +# | set to zero if current is incremented +# +- increment if interfaces have been added, removed or changed AC_SUBST([WOLFSSL_LIBRARY_VERSION]) # capture user C_EXTRA_FLAGS from ./configure line, CFLAGS may hold -g -O2 even diff --git a/wolfssl/version.h b/wolfssl/version.h index 0af5fb25f..238277058 100644 --- a/wolfssl/version.h +++ b/wolfssl/version.h @@ -28,8 +28,8 @@ extern "C" { #endif -#define LIBWOLFSSL_VERSION_STRING "3.14.0" -#define LIBWOLFSSL_VERSION_HEX 0x03014000 +#define LIBWOLFSSL_VERSION_STRING "3.15.0" +#define LIBWOLFSSL_VERSION_HEX 0x03015000 #ifdef __cplusplus } From a4e6cfd3ac0362e644d592e45a88b3178005564f Mon Sep 17 00:00:00 2001 From: John Safranek Date: Thu, 31 May 2018 10:12:34 -0700 Subject: [PATCH 123/146] Added new file NEWS.md to Makefile for dist builds. --- Makefile.am | 1 + 1 file changed, 1 insertion(+) diff --git a/Makefile.am b/Makefile.am index d92dc4462..c0e5ae35a 100644 --- a/Makefile.am +++ b/Makefile.am @@ -84,6 +84,7 @@ EXTRA_DIST+= wolfssl64.sln EXTRA_DIST+= valgrind-error.sh EXTRA_DIST+= gencertbuf.pl EXTRA_DIST+= README.md +EXTRA_DIST+= NEWS.md EXTRA_DIST+= LICENSING EXTRA_DIST+= INSTALL EXTRA_DIST+= IPP From 8a61b7303a6eebd853f582cb887af747a364ca09 Mon Sep 17 00:00:00 2001 From: John Safranek Date: Thu, 31 May 2018 10:14:47 -0700 Subject: [PATCH 124/146] Remove execute bit from a few files. --- certs/ca-ecc-cert.der | Bin certs/ca-ecc-key.der | Bin certs/ca-ecc-key.pem | 0 certs/ca-ecc384-cert.der | Bin certs/ca-ecc384-key.der | Bin certs/ca-ecc384-key.pem | 0 certs/include.am | 0 certs/server-ecc.der | Bin certs/test/server-cert-ecc-badsig.der | Bin src/tls.c | 0 src/tls13.c | 0 wolfcrypt/src/asn.c | 0 wolfcrypt/src/ecc.c | 0 wolfcrypt/src/pwdbased.c | 0 wolfssl/wolfcrypt/types.h | 0 15 files changed, 0 insertions(+), 0 deletions(-) mode change 100755 => 100644 certs/ca-ecc-cert.der mode change 100755 => 100644 certs/ca-ecc-key.der mode change 100755 => 100644 certs/ca-ecc-key.pem mode change 100755 => 100644 certs/ca-ecc384-cert.der mode change 100755 => 100644 certs/ca-ecc384-key.der mode change 100755 => 100644 certs/ca-ecc384-key.pem mode change 100755 => 100644 certs/include.am mode change 100755 => 100644 certs/server-ecc.der mode change 100755 => 100644 certs/test/server-cert-ecc-badsig.der mode change 100755 => 100644 src/tls.c mode change 100755 => 100644 src/tls13.c mode change 100755 => 100644 wolfcrypt/src/asn.c mode change 100755 => 100644 wolfcrypt/src/ecc.c mode change 100755 => 100644 wolfcrypt/src/pwdbased.c mode change 100755 => 100644 wolfssl/wolfcrypt/types.h diff --git a/certs/ca-ecc-cert.der b/certs/ca-ecc-cert.der old mode 100755 new mode 100644 diff --git a/certs/ca-ecc-key.der b/certs/ca-ecc-key.der old mode 100755 new mode 100644 diff --git a/certs/ca-ecc-key.pem b/certs/ca-ecc-key.pem old mode 100755 new mode 100644 diff --git a/certs/ca-ecc384-cert.der b/certs/ca-ecc384-cert.der old mode 100755 new mode 100644 diff --git a/certs/ca-ecc384-key.der b/certs/ca-ecc384-key.der old mode 100755 new mode 100644 diff --git a/certs/ca-ecc384-key.pem b/certs/ca-ecc384-key.pem old mode 100755 new mode 100644 diff --git a/certs/include.am b/certs/include.am old mode 100755 new mode 100644 diff --git a/certs/server-ecc.der b/certs/server-ecc.der old mode 100755 new mode 100644 diff --git a/certs/test/server-cert-ecc-badsig.der b/certs/test/server-cert-ecc-badsig.der old mode 100755 new mode 100644 diff --git a/src/tls.c b/src/tls.c old mode 100755 new mode 100644 diff --git a/src/tls13.c b/src/tls13.c old mode 100755 new mode 100644 diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c old mode 100755 new mode 100644 diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c old mode 100755 new mode 100644 diff --git a/wolfcrypt/src/pwdbased.c b/wolfcrypt/src/pwdbased.c old mode 100755 new mode 100644 diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h old mode 100755 new mode 100644 From dfca1beff057ca1c1b3a38a978673f2db7c67483 Mon Sep 17 00:00:00 2001 From: John Safranek Date: Thu, 31 May 2018 10:20:18 -0700 Subject: [PATCH 125/146] Touch the version number on the library filename in the rpm spec. --- rpm/spec.in | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/rpm/spec.in b/rpm/spec.in index 05fc27b84..e54f279cd 100644 --- a/rpm/spec.in +++ b/rpm/spec.in @@ -73,8 +73,8 @@ mkdir -p $RPM_BUILD_ROOT/ %{_docdir}/wolfssl/README.txt %{_libdir}/libwolfssl.la %{_libdir}/libwolfssl.so -%{_libdir}/libwolfssl.so.16 -%{_libdir}/libwolfssl.so.16.0.0 +%{_libdir}/libwolfssl.so.17 +%{_libdir}/libwolfssl.so.17.0.0 %files devel %defattr(-,root,root,-) @@ -287,6 +287,8 @@ mkdir -p $RPM_BUILD_ROOT/ %{_libdir}/pkgconfig/wolfssl.pc %changelog +* Thu May 31 2018 John Safranek +- Update the version number on the library SO file. * Fri Mar 02 2018 Jacob Barthelmeh - Added headder files fips.h, buffer.h, objects.h, rc4.h and example tls_bench.c * Fri Sep 08 2017 Jacob Barthelmeh From 3ff8c45aa8ba18a9671e99857f5c700e26e0c044 Mon Sep 17 00:00:00 2001 From: Takashi Kojo Date: Fri, 1 Jun 2018 09:30:20 +0900 Subject: [PATCH 126/146] FILE to XFILE --- doc/dox_comments/header_files/ssl.h | 2 +- src/ssl.c | 8 ++++---- wolfcrypt/src/logging.c | 2 +- wolfssl/openssl/bn.h | 2 +- wolfssl/ssl.h | 8 ++++---- wolfssl/wolfcrypt/logging.h | 2 +- 6 files changed, 12 insertions(+), 12 deletions(-) diff --git a/doc/dox_comments/header_files/ssl.h b/doc/dox_comments/header_files/ssl.h index 4c143c29c..ed2d0b498 100644 --- a/doc/dox_comments/header_files/ssl.h +++ b/doc/dox_comments/header_files/ssl.h @@ -5599,7 +5599,7 @@ WOLFSSL_API int wolfSSL_X509_version(WOLFSSL_X509*); \sa XFSEEK */ WOLFSSL_API WOLFSSL_X509* - wolfSSL_X509_d2i_fp(WOLFSSL_X509** x509, FILE* file); + wolfSSL_X509_d2i_fp(WOLFSSL_X509** x509, XFILE file); /*! \ingroup CertsKeys diff --git a/src/ssl.c b/src/ssl.c index 052e794b4..142d8484b 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -3366,7 +3366,7 @@ void wolfSSL_EVP_init(void) #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) -void wolfSSL_ERR_print_errors_fp(FILE* fp, int err) +void wolfSSL_ERR_print_errors_fp(XFILE fp, int err) { char data[WOLFSSL_MAX_ERROR_SZ + 1]; @@ -3376,7 +3376,7 @@ void wolfSSL_ERR_print_errors_fp(FILE* fp, int err) } #if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE) -void wolfSSL_ERR_dump_errors_fp(FILE* fp) +void wolfSSL_ERR_dump_errors_fp(XFILE fp) { wc_ERR_print_errors_fp(fp); } @@ -22526,7 +22526,7 @@ char *wolfSSL_BN_bn2hex(const WOLFSSL_BIGNUM *bn) /* return code compliant with OpenSSL : * 1 if success, 0 if error */ -int wolfSSL_BN_print_fp(FILE *fp, const WOLFSSL_BIGNUM *bn) +int wolfSSL_BN_print_fp(XFILE fp, const WOLFSSL_BIGNUM *bn) { #if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) || defined(DEBUG_WOLFSSL) char *buf; @@ -28684,7 +28684,7 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) } #if defined(HAVE_CRL) && !defined(NO_FILESYSTEM) - WOLFSSL_API WOLFSSL_X509_CRL* wolfSSL_PEM_read_X509_CRL(FILE *fp, WOLFSSL_X509_CRL **crl, + WOLFSSL_API WOLFSSL_X509_CRL* wolfSSL_PEM_read_X509_CRL(XFILE fp, WOLFSSL_X509_CRL **crl, pem_password_cb *cb, void *u) { #if defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM) diff --git a/wolfcrypt/src/logging.c b/wolfcrypt/src/logging.c index 0fdab2654..cc7d1545c 100644 --- a/wolfcrypt/src/logging.c +++ b/wolfcrypt/src/logging.c @@ -711,7 +711,7 @@ int wc_ERR_remove_state(void) #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) /* empties out the error queue into the file */ -void wc_ERR_print_errors_fp(FILE* fp) +void wc_ERR_print_errors_fp(XFILE fp) { WOLFSSL_ENTER("wc_ERR_print_errors_fp"); diff --git a/wolfssl/openssl/bn.h b/wolfssl/openssl/bn.h index b1097e882..d51450e7b 100644 --- a/wolfssl/openssl/bn.h +++ b/wolfssl/openssl/bn.h @@ -110,7 +110,7 @@ WOLFSSL_API int wolfSSL_BN_is_prime_ex(const WOLFSSL_BIGNUM*, int, WOLFSSL_API WOLFSSL_BN_ULONG wolfSSL_BN_mod_word(const WOLFSSL_BIGNUM*, WOLFSSL_BN_ULONG); #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) - WOLFSSL_API int wolfSSL_BN_print_fp(FILE*, const WOLFSSL_BIGNUM*); + WOLFSSL_API int wolfSSL_BN_print_fp(XFILE, const WOLFSSL_BIGNUM*); #endif WOLFSSL_API int wolfSSL_BN_rshift(WOLFSSL_BIGNUM*, const WOLFSSL_BIGNUM*, int); WOLFSSL_API WOLFSSL_BIGNUM *wolfSSL_BN_CTX_get(WOLFSSL_BN_CTX *ctx); diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 705944cef..713ca514f 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -1227,9 +1227,9 @@ enum { /* wolfSSL extension, provide last error from SSL_get_error since not using thread storage error queue */ #include -WOLFSSL_API void wolfSSL_ERR_print_errors_fp(FILE*, int err); +WOLFSSL_API void wolfSSL_ERR_print_errors_fp(XFILE, int err); #if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE) -WOLFSSL_API void wolfSSL_ERR_dump_errors_fp(FILE* fp); +WOLFSSL_API void wolfSSL_ERR_dump_errors_fp(XFILE fp); #endif #endif @@ -1540,7 +1540,7 @@ WOLFSSL_API void wolfSSL_X509_CRL_free(WOLFSSL_X509_CRL *crl); #ifndef NO_FILESYSTEM #ifndef NO_STDIO_FILESYSTEM WOLFSSL_API WOLFSSL_X509* - wolfSSL_X509_d2i_fp(WOLFSSL_X509** x509, FILE* file); + wolfSSL_X509_d2i_fp(WOLFSSL_X509** x509, XFILE file); #endif WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_load_certificate_file(const char* fname, int format); @@ -2571,7 +2571,7 @@ WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509(WOLFSSL_BIO *bp, WOLFSSL_X50 WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509_AUX (WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u); #ifndef NO_FILESYSTEM -WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_PEM_read_X509_CRL(FILE *fp, WOLFSSL_X509_CRL **x, +WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_PEM_read_X509_CRL(XFILE fp, WOLFSSL_X509_CRL **x, pem_password_cb *cb, void *u); #endif diff --git a/wolfssl/wolfcrypt/logging.h b/wolfssl/wolfcrypt/logging.h index cbff0fa64..19ea0e5cd 100644 --- a/wolfssl/wolfcrypt/logging.h +++ b/wolfssl/wolfcrypt/logging.h @@ -112,7 +112,7 @@ WOLFSSL_API void wolfSSL_Debugging_OFF(void); WOLFSSL_API int wc_SetLoggingHeap(void* h); WOLFSSL_API int wc_ERR_remove_state(void); #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) - WOLFSSL_API void wc_ERR_print_errors_fp(FILE* fp); + WOLFSSL_API void wc_ERR_print_errors_fp(XFILE fp); #endif #endif /* OPENSSL_EXTRA || DEBUG_WOLFSSL_VERBOSE */ From f1588e0ad9b22c202750dffc4bb4354bf8e74d15 Mon Sep 17 00:00:00 2001 From: John Safranek Date: Thu, 31 May 2018 17:38:47 -0700 Subject: [PATCH 127/146] Fix Cert Includes 1. Added files that were missing from the certs directory include.am files. 2. Fixed the duplicate items in the certs directory's include.am files. 3. Reorganized the certs directory include.am files to be a tree. --- Makefile.am | 4 ---- certs/ed25519/include.am | 25 +++++++++++++++++++++++++ certs/external/include.am | 1 + certs/include.am | 31 ++++++++----------------------- certs/test/include.am | 12 ++++++++++++ 5 files changed, 46 insertions(+), 27 deletions(-) create mode 100644 certs/ed25519/include.am diff --git a/Makefile.am b/Makefile.am index c0e5ae35a..7488c8069 100644 --- a/Makefile.am +++ b/Makefile.am @@ -95,10 +95,6 @@ include wrapper/include.am include cyassl/include.am include wolfssl/include.am include certs/include.am -include certs/1024/include.am -include certs/crl/include.am -include certs/external/include.am -include certs/ocsp/include.am include doc/include.am include swig/include.am diff --git a/certs/ed25519/include.am b/certs/ed25519/include.am new file mode 100644 index 000000000..ce3fb8081 --- /dev/null +++ b/certs/ed25519/include.am @@ -0,0 +1,25 @@ +# vim:ft=automake +# All paths should be given relative to the root +# + +EXTRA_DIST += \ + certs/ed25519/ca-ed25519.der \ + certs/ed25519/ca-ed25519.pem \ + certs/ed25519/ca-ed25519-key.der \ + certs/ed25519/ca-ed25519-key.pem \ + certs/ed25519/client-ed25519.der \ + certs/ed25519/client-ed25519.pem \ + certs/ed25519/client-ed25519-key.der \ + certs/ed25519/client-ed25519-key.pem \ + certs/ed25519/client-ed25519-priv.der \ + certs/ed25519/client-ed25519-priv.pem \ + certs/ed25519/root-ed25519.der \ + certs/ed25519/root-ed25519.pem \ + certs/ed25519/root-ed25519-key.der \ + certs/ed25519/root-ed25519-key.pem \ + certs/ed25519/server-ed25519.der \ + certs/ed25519/server-ed25519.pem \ + certs/ed25519/server-ed25519-key.der \ + certs/ed25519/server-ed25519-key.pem \ + certs/ed25519/server-ed25519-priv.der \ + certs/ed25519/server-ed25519-priv.pem diff --git a/certs/external/include.am b/certs/external/include.am index 4f242068b..05bf83968 100644 --- a/certs/external/include.am +++ b/certs/external/include.am @@ -4,4 +4,5 @@ EXTRA_DIST += \ certs/external/ca-globalsign-root-r3.pem \ + certs/external/ca-digicert-ev.pem \ certs/external/baltimore-cybertrust-root.pem diff --git a/certs/include.am b/certs/include.am index 7a227aa95..4964f59de 100644 --- a/certs/include.am +++ b/certs/include.am @@ -8,6 +8,8 @@ EXTRA_DIST += \ certs/client-cert.pem \ certs/client-keyEnc.pem \ certs/client-key.pem \ + certs/client-uri-cert.pem \ + certs/client-relative-uri.pem \ certs/ecc-key.pem \ certs/ecc-privkey.pem \ certs/ecc-keyPkcs8Enc.pem \ @@ -63,27 +65,6 @@ EXTRA_DIST += \ certs/server-ecc-self.der \ certs/server-ecc-rsa.der \ certs/server-cert-chain.der -EXTRA_DIST += \ - certs/ed25519/ca-ed25519.der \ - certs/ed25519/ca-ed25519-key.der \ - certs/ed25519/ca-ed25519-key.pem \ - certs/ed25519/ca-ed25519.pem \ - certs/ed25519/client-ed25519.der \ - certs/ed25519/client-ed25519-key.der \ - certs/ed25519/client-ed25519-key.pem \ - certs/ed25519/client-ed25519.pem \ - certs/ed25519/client-ed25519-priv.pem \ - certs/ed25519/client-ed25519-priv.pem \ - certs/ed25519/root-ed25519.der \ - certs/ed25519/root-ed25519-key.der \ - certs/ed25519/root-ed25519-key.pem \ - certs/ed25519/root-ed25519.pem \ - certs/ed25519/server-ed25519.der \ - certs/ed25519/server-ed25519-key.der \ - certs/ed25519/server-ed25519-key.pem \ - certs/ed25519/server-ed25519.pem \ - certs/ed25519/server-ed25519-priv.der \ - certs/ed25519/server-ed25519-priv.pem # ECC CA prime256v1 EXTRA_DIST += \ @@ -103,7 +84,11 @@ dist_doc_DATA+= certs/taoCert.txt EXTRA_DIST+= certs/ntru-key.raw +include certs/1024/include.am +include certs/crl/include.am +include certs/ecc/include.am +include certs/ed25519/include.am +include certs/external/include.am +include certs/ocsp/include.am include certs/test/include.am include certs/test-pathlen/include.am -include certs/test/include.am -include certs/ecc/include.am diff --git a/certs/test/include.am b/certs/test/include.am index f62e97084..0e8eec225 100644 --- a/certs/test/include.am +++ b/certs/test/include.am @@ -30,3 +30,15 @@ EXTRA_DIST += \ certs/test/server-nomatch.key \ certs/test/server-nomatch.pem \ certs/test/server-nomatch.der + +EXTRA_DIST += \ + certs/test/crit-cert.pem \ + certs/test/crit-key.pem \ + certs/test/dh1024.der \ + certs/test/dh1024.pem \ + certs/test/dh512.der \ + certs/test/dh512.pem \ + certs/test/digsigku.pem \ + certs/test/expired-ca.pem \ + certs/test/expired-cert.pem \ + certs/test/expired-key.pem From fcd22348416141f3769a227c9101172236d0e370 Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Fri, 1 Jun 2018 10:41:45 +1000 Subject: [PATCH 128/146] Fix for downgrading from TLS 1.3 due to old cipher suite TLS 1.3 specification doesn't allow downgrading based on cipher suite. --- scripts/tls13.test | 32 ++++++++++++++++++++ src/internal.c | 74 +++++++++++++++++++++++----------------------- src/tls.c | 30 +++++++++++-------- src/tls13.c | 22 -------------- 4 files changed, 86 insertions(+), 72 deletions(-) diff --git a/scripts/tls13.test b/scripts/tls13.test index 8154d7fdd..2a81a992a 100755 --- a/scripts/tls13.test +++ b/scripts/tls13.test @@ -137,6 +137,38 @@ if [ $? -ne 0 ]; then exit 1 fi echo "" + + echo "Find usable TLS 1.2 cipher suite" + for CS in ECDHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES128-GCM-SHA256 + do + echo $CS + ./examples/client/client -e | grep $CS >/dev/null + if [ "$?" = "0" ]; then + TLS12_CS=$CS + break + fi + done + if [ "$TLS12_CS" != "" ]; then + # TLS 1.3 downgrade server and client - no common TLS 1.3 ciphers + echo -e "\n\nTLS v1.3 downgrade server and client - no common TLS 1.3 ciphers" + port=0 + SERVER_CS="TLS13-AES256-GCM-SHA384:$TLS12_CS" + CLIENT_CS="TLS13-AES128-GCM-SHA256:$TLS12_CS" + ./examples/server/server -v d -l $SERVER_CS -R $ready_file -p $port & + server_pid=$! + create_port + ./examples/client/client -v d -l $CLIENT_CS -p $port + RESULT=$? + remove_ready_file + if [ $RESULT -eq 0 ]; then + echo -e "\n\nTLS v1.3 downgrading to TLS v1.2 due to ciphers" + do_cleanup + exit 1 + fi + echo "" + else + echo "No usable TLS 1.2 cipher suite found" + fi fi echo -e "\nALL Tests Passed" diff --git a/src/internal.c b/src/internal.c index d47316f25..b87fd4f01 100644 --- a/src/internal.c +++ b/src/internal.c @@ -16868,36 +16868,6 @@ void PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, XMEMCPY(ssl->arrays->serverRandom, input + i, RAN_LEN); i += RAN_LEN; - if (!ssl->options.resuming) { -#ifdef WOLFSSL_TLS13 - if (IsAtLeastTLSv1_3(ssl->ctx->method->version)) { - /* TLS v1.3 capable client not allowed to downgrade when - * connecting to TLS v1.3 capable server unless cipher suite - * demands it. - */ - if (XMEMCMP(input + i - (TLS13_DOWNGRADE_SZ + 1), - tls13Downgrade, TLS13_DOWNGRADE_SZ) == 0 && - (*(input + i - 1) == 0 || *(input + i - 1) == 1)) { - SendAlert(ssl, alert_fatal, illegal_parameter); - return VERSION_ERROR; - } - } - else -#endif - if (ssl->ctx->method->version.major == SSLv3_MAJOR && - ssl->ctx->method->version.minor == TLSv1_2_MINOR) { - /* TLS v1.2 capable client not allowed to downgrade when - * connecting to TLS v1.2 capable server. - */ - if (XMEMCMP(input + i - (TLS13_DOWNGRADE_SZ + 1), - tls13Downgrade, TLS13_DOWNGRADE_SZ) == 0 && - *(input + i - 1) == 0) { - SendAlert(ssl, alert_fatal, illegal_parameter); - return VERSION_ERROR; - } - } - } - /* session id */ ssl->arrays->sessionIDSz = input[i++]; @@ -17066,7 +17036,37 @@ void PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, { int ret; - if (ssl->options.resuming) { + if (!ssl->options.resuming) { + byte* down = ssl->arrays->serverRandom + RAN_LEN - + TLS13_DOWNGRADE_SZ - 1; + byte vers = ssl->arrays->serverRandom[RAN_LEN - 1]; + #ifdef WOLFSSL_TLS13 + if (IsAtLeastTLSv1_3(ssl->ctx->method->version)) { + /* TLS v1.3 capable client not allowed to downgrade when + * connecting to TLS v1.3 capable server unless cipher suite + * demands it. + */ + if (XMEMCMP(down, tls13Downgrade, TLS13_DOWNGRADE_SZ) == 0 && + (vers == 0 || vers == 1)) { + SendAlert(ssl, alert_fatal, illegal_parameter); + return VERSION_ERROR; + } + } + else + #endif + if (ssl->ctx->method->version.major == SSLv3_MAJOR && + ssl->ctx->method->version.minor == TLSv1_2_MINOR) { + /* TLS v1.2 capable client not allowed to downgrade when + * connecting to TLS v1.2 capable server. + */ + if (XMEMCMP(down, tls13Downgrade, TLS13_DOWNGRADE_SZ) == 0 && + vers == 0) { + SendAlert(ssl, alert_fatal, illegal_parameter); + return VERSION_ERROR; + } + } + } + else { if (DSH_CheckSessionId(ssl)) { if (SetCipherSpecs(ssl) == 0) { @@ -17097,11 +17097,11 @@ void PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, ssl->options.resuming = 0; /* server denied resumption try */ } } - #ifdef WOLFSSL_DTLS - if (ssl->options.dtls) { - DtlsMsgPoolReset(ssl); - } - #endif + #ifdef WOLFSSL_DTLS + if (ssl->options.dtls) { + DtlsMsgPoolReset(ssl); + } + #endif return SetCipherSpecs(ssl); } @@ -23461,7 +23461,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, args->output, args->sigSz, HashAlgoToType(args->hashAlgo)); if (ret != 0) - return ret; + goto exit_dcv; } else #endif diff --git a/src/tls.c b/src/tls.c index df8ac64f5..cc3d3b4ef 100644 --- a/src/tls.c +++ b/src/tls.c @@ -4810,34 +4810,38 @@ static int TLSX_SupportedVersions_Parse(WOLFSSL* ssl, byte* input, continue; /* No upgrade allowed. */ - if (ssl->version.minor > minor) + if (minor > ssl->version.minor) continue; /* Check downgrade. */ - if (ssl->version.minor < minor) { + if (minor < ssl->version.minor) { if (!ssl->options.downgrade) continue; if (minor < ssl->options.minDowngrade) continue; - /* Downgrade the version. */ - ssl->version.minor = minor; + if (newMinor == 0 && minor > ssl->options.oldMinor) { + /* Downgrade the version. */ + ssl->version.minor = minor; + } } if (minor >= TLSv1_3_MINOR) { - ssl->options.tls1_3 = 1; - TLSX_Push(&ssl->extensions, TLSX_SUPPORTED_VERSIONS, ssl, - ssl->heap); + if (!ssl->options.tls1_3) { + ssl->options.tls1_3 = 1; + TLSX_Push(&ssl->extensions, TLSX_SUPPORTED_VERSIONS, ssl, + ssl->heap); #ifndef WOLFSSL_TLS13_DRAFT_18 - TLSX_SetResponse(ssl, TLSX_SUPPORTED_VERSIONS); + TLSX_SetResponse(ssl, TLSX_SUPPORTED_VERSIONS); #endif - newMinor = minor; + } + if (minor > newMinor) { + ssl->version.minor = minor; + newMinor = minor; + } } - else if (ssl->options.oldMinor < minor) + else if (minor > ssl->options.oldMinor) ssl->options.oldMinor = minor; - - if (newMinor != 0 && ssl->options.oldMinor != 0) - break; } } #ifndef WOLFSSL_TLS13_DRAFT_18 diff --git a/src/tls13.c b/src/tls13.c index 75bc5ddc1..db073bdd7 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -3972,31 +3972,9 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, /* Check that the negotiated ciphersuite matches protocol version. */ if (IsAtLeastTLSv1_3(ssl->version)) { if (ssl->options.cipherSuite0 != TLS13_BYTE) { -#ifndef WOLFSSL_NO_TLS12 - TLSX* ext; - - if (!ssl->options.downgrade) { - WOLFSSL_MSG("Negotiated ciphersuite from lesser version " - "than TLS v1.3"); - return VERSION_ERROR; - } - - WOLFSSL_MSG("Downgrading protocol due to cipher suite"); - - if (pv.minor < ssl->options.minDowngrade) - return VERSION_ERROR; - ssl->version.minor = ssl->options.oldMinor; - - /* Downgrade from TLS v1.3 */ - ssl->options.tls1_3 = 0; - ext = TLSX_Find(ssl->extensions, TLSX_SUPPORTED_VERSIONS); - if (ext != NULL) - ext->resp = 0; -#else WOLFSSL_MSG("Negotiated ciphersuite from lesser version than " "TLS v1.3"); return VERSION_ERROR; -#endif } } /* VerifyServerSuite handles when version is less than 1.3 */ From 5eca844e01fed3ee0cc5778bf11549543c718ce2 Mon Sep 17 00:00:00 2001 From: David Garske Date: Mon, 4 Jun 2018 11:05:14 -0700 Subject: [PATCH 129/146] Fix for possible leak with normal math and verify fail for R and S in ECC verify. --- wolfcrypt/src/ecc.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index 7ecaaeff6..ee271da8f 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -4353,6 +4353,13 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash, key->state = ECC_STATE_VERIFY_DO; err = wc_ecc_verify_hash_ex(r, s, hash, hashlen, res, key); + + #ifndef WOLFSSL_ASYNC_CRYPT + /* done with R/S */ + mp_clear(r); + mp_clear(s); + #endif + if (err < 0) { break; } @@ -4361,10 +4368,6 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash, case ECC_STATE_VERIFY_RES: key->state = ECC_STATE_VERIFY_RES; err = 0; - - /* done with R/S */ - mp_clear(r); - mp_clear(s); break; default: From 4ac34b74bdc4f04478101d4317954a868c60defd Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Fri, 1 Jun 2018 09:24:28 +1000 Subject: [PATCH 130/146] Fix test to work with configurations not including AES-GCM --- scripts/psk.test | 15 +++++++++++++++ tests/suites.c | 20 +++++++++++--------- tests/test-psk.conf | 10 +--------- 3 files changed, 27 insertions(+), 18 deletions(-) diff --git a/scripts/psk.test b/scripts/psk.test index d8a0c3d07..0d21443f2 100755 --- a/scripts/psk.test +++ b/scripts/psk.test @@ -103,6 +103,21 @@ if [ $? -ne 0 ]; then fi echo "" + # psk server with non psk client + port=0 + ./examples/server/server -j -R $ready_file -p $port & + server_pid=$! + create_port + ./examples/client/client -p $port + RESULT=$? + remove_ready_file + if [ $RESULT -ne 0 ]; then + echo -e "\n\nClient connection failed" + do_cleanup + exit 1 + fi + echo "" + # check fail if no auth, psk server with non psk client echo "Checking fail when not sending peer cert" port=0 diff --git a/tests/suites.c b/tests/suites.c index bf25430e8..16bf850ce 100644 --- a/tests/suites.c +++ b/tests/suites.c @@ -703,15 +703,17 @@ int SuiteTest(void) #endif #ifndef NO_PSK #ifndef WOLFSSL_NO_TLS12 - /* add psk cipher suites */ - strcpy(argv0[1], "tests/test-psk.conf"); - printf("starting psk cipher suite tests\n"); - test_harness(&args); - if (args.return_code != 0) { - printf("error from script %d\n", args.return_code); - args.return_code = EXIT_FAILURE; - goto exit; - } + #if !defined(NO_RSA) || defined(HAVE_ECC) + /* add psk cipher suites */ + strcpy(argv0[1], "tests/test-psk.conf"); + printf("starting psk cipher suite tests\n"); + test_harness(&args); + if (args.return_code != 0) { + printf("error from script %d\n", args.return_code); + args.return_code = EXIT_FAILURE; + goto exit; + } + #endif #endif #ifdef WOLFSSL_TLS13 /* add psk extra suites */ diff --git a/tests/test-psk.conf b/tests/test-psk.conf index 4086b3e93..f4f11b298 100644 --- a/tests/test-psk.conf +++ b/tests/test-psk.conf @@ -1,15 +1,7 @@ -# server - standard PSK +# server - PSK plus certificates -j -l PSK-CHACHA20-POLY1305 # client- standard PSK -s -l PSK-CHACHA20-POLY1305 - -# server --j --l ECDHE-RSA-AES256-GCM-SHA384:PSK-CHACHA20-POLY1305 - -# client --l ECDHE-RSA-AES256-GCM-SHA384:PSK-CHACHA20-POLY1305 - From b63d3173a1fa2792efda89d0e6706900250131ea Mon Sep 17 00:00:00 2001 From: John Safranek Date: Tue, 5 Jun 2018 12:42:43 -0700 Subject: [PATCH 131/146] update change log (#1597) --- NEWS | 19 +++++++++++-------- NEWS.md | 19 ++++++++++--------- README | 19 +++++++++++-------- README.md | 19 ++++++++++--------- 4 files changed, 42 insertions(+), 34 deletions(-) diff --git a/NEWS b/NEWS index 2cf67a6ac..da18c8c2a 100644 --- a/NEWS +++ b/NEWS @@ -1,24 +1,26 @@ -wolfSSL Release 3.15.0 (05/01/2018) +wolfSSL Release 3.15.0 (05/05/2018) Release 3.15.0 of wolfSSL embedded TLS has bug fixes and new features including: - Support for TLS 1.3 Draft versions 23, 26 and 28. -- Improved downgrade support for TLS 1.3. -- Improved TLS 1.3 support from interoperability testing. -- Single Precision assembly code added for ARM and 64-bit ARM. +- Add FIPS SGX support! +- Single Precision assembly code added for ARM and 64-bit ARM to enhance + performance. - Improved performance for Single Precision maths on 32-bit. -- Allow TLS 1.2 to be compiled out. -- Ed25519 support in TLS 1.2 and 1.3. +- Improved downgrade support for the TLS 1.3 handshake. +- Improved TLS 1.3 support from interoperability testing. +- Added option to allow TLS 1.2 to be compiled out to reduce size and enhance + security. +- Added option to support Ed25519 in TLS 1.2 and 1.3. - Update wolfSSL_HMAC_Final() so the length parameter is optional. - Various fixes for Coverity static analysis reports. - Add define to use internal struct timeval (USE_WOLF_TIMEVAL_T). - Switch LowResTimer() to call XTIME instead of time(0) for better portability. -- Expanded OpenSSL compatibility layer. +- Expanded OpenSSL compatibility layer with a bevy of new functions. - Added Renesas CS+ project files. - Align DH support with NIST SP 800-56A, add wc_DhSetKey_ex() for q parameter. - Add build option for CAVP self test build (--enable-selftest). - Expose mp_toradix() when WOLFSSL_PUBLIC_MP is defined. -- Add FIPS SGX support. - Example certificate expiration dates and generation script updated. - Additional optimizations to trim out unused strings depending on build options. @@ -127,6 +129,7 @@ Release 3.15.0 of wolfSSL embedded TLS has bug fixes and new features including: optimization flags so user may supply their own custom flags. - Correctly touch the dummy fips.h header. +If you have questions on any of this, email us at info@wolfssl.com. See INSTALL file for build instructions. More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html diff --git a/NEWS.md b/NEWS.md index d3f0a8f3d..776f5ea3b 100644 --- a/NEWS.md +++ b/NEWS.md @@ -1,26 +1,26 @@ -# wolfSSL Release 3.15.0 (05/01/2018) +# wolfSSL Release 3.15.0 (05/05/2018) Release 3.15.0 of wolfSSL embedded TLS has bug fixes and new features including: * Support for TLS 1.3 Draft versions 23, 26 and 28. -* Improved downgrade support for TLS 1.3. -* Improved TLS 1.3 support from interoperability testing. -* Single Precision assembly code added for ARM and 64-bit ARM. +* Add FIPS SGX support! +* Single Precision assembly code added for ARM and 64-bit ARM to enhance performance. * Improved performance for Single Precision maths on 32-bit. -* Allow TLS 1.2 to be compiled out. -* Ed25519 support in TLS 1.2 and 1.3. +* Improved downgrade support for the TLS 1.3 handshake. +* Improved TLS 1.3 support from interoperability testing. +* Added option to allow TLS 1.2 to be compiled out to reduce size and enhance security. +* Added option to support Ed25519 in TLS 1.2 and 1.3. * Update wolfSSL_HMAC_Final() so the length parameter is optional. * Various fixes for Coverity static analysis reports. * Add define to use internal struct timeval (USE_WOLF_TIMEVAL_T). * Switch LowResTimer() to call XTIME instead of time(0) for better portability. -* Expanded OpenSSL compatibility layer. +* Expanded OpenSSL compatibility layer with a bevy of new functions. * Added Renesas CS+ project files. * Align DH support with NIST SP 800-56A, add wc_DhSetKey_ex() for q parameter. * Add build option for CAVP self test build (--enable-selftest). * Expose mp_toradix() when WOLFSSL_PUBLIC_MP is defined. -* Add FIPS SGX support. * Example certificate expiration dates and generation script updated. -* Additional optimizations to trim out unused strings depending on build options. +* Additional optimizations to trim out unused strings depending on build options. * Fix for DN tag strings to have “=” when returning the string value to users. * Fix for wolfSSL_ERR_get_error_line_data return value if no more errors are in the queue. * Fix for AES-CBC IV value with PIC32 hardware acceleration. @@ -85,6 +85,7 @@ Release 3.15.0 of wolfSSL embedded TLS has bug fixes and new features including: * Add a disable option (--disable-optflags) to turn off the default optimization flags so user may supply their own custom flags. * Correctly touch the dummy fips.h header. +If you have questions on any of this, then email us at info@wolfssl.com. See INSTALL file for build instructions. More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html diff --git a/README b/README index 296cffb37..a260e9c1a 100644 --- a/README +++ b/README @@ -82,27 +82,29 @@ should be used for the enum name. *** end Notes *** -** wolfSSL Release 3.15.0 (05/01/2018) +** wolfSSL Release 3.15.0 (05/05/2018) Release 3.15.0 of wolfSSL embedded TLS has bug fixes and new features including: - Support for TLS 1.3 Draft versions 23, 26 and 28. -- Improved downgrade support for TLS 1.3. -- Improved TLS 1.3 support from interoperability testing. -- Single Precision assembly code added for ARM and 64-bit ARM. +- Add FIPS SGX support! +- Single Precision assembly code added for ARM and 64-bit ARM to enhance + performance. - Improved performance for Single Precision maths on 32-bit. -- Allow TLS 1.2 to be compiled out. -- Ed25519 support in TLS 1.2 and 1.3. +- Improved downgrade support for the TLS 1.3 handshake. +- Improved TLS 1.3 support from interoperability testing. +- Added option to allow TLS 1.2 to be compiled out to reduce size and enhance + security. +- Added option to support Ed25519 in TLS 1.2 and 1.3. - Update wolfSSL_HMAC_Final() so the length parameter is optional. - Various fixes for Coverity static analysis reports. - Add define to use internal struct timeval (USE_WOLF_TIMEVAL_T). - Switch LowResTimer() to call XTIME instead of time(0) for better portability. -- Expanded OpenSSL compatibility layer. +- Expanded OpenSSL compatibility layer with a bevy of new functions. - Added Renesas CS+ project files. - Align DH support with NIST SP 800-56A, add wc_DhSetKey_ex() for q parameter. - Add build option for CAVP self test build (--enable-selftest). - Expose mp_toradix() when WOLFSSL_PUBLIC_MP is defined. -- Add FIPS SGX support. - Example certificate expiration dates and generation script updated. - Additional optimizations to trim out unused strings depending on build options. @@ -211,5 +213,6 @@ Release 3.15.0 of wolfSSL embedded TLS has bug fixes and new features including: optimization flags so user may supply their own custom flags. - Correctly touch the dummy fips.h header. +If you have questions on any of this, email us at info@wolfssl.com. See INSTALL file for build instructions. More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html diff --git a/README.md b/README.md index 4ac7655bf..c51ce7c51 100644 --- a/README.md +++ b/README.md @@ -75,29 +75,29 @@ hash function. Instead the name WC_SHA, WC_SHA256, WC_SHA384 and WC_SHA512 should be used for the enum name. ``` -# wolfSSL Release 3.15.0 (05/01/2018) +# wolfSSL Release 3.15.0 (05/05/2018) Release 3.15.0 of wolfSSL embedded TLS has bug fixes and new features including: * Support for TLS 1.3 Draft versions 23, 26 and 28. -* Improved downgrade support for TLS 1.3. -* Improved TLS 1.3 support from interoperability testing. -* Single Precision assembly code added for ARM and 64-bit ARM. +* Add FIPS SGX support! +* Single Precision assembly code added for ARM and 64-bit ARM to enhance performance. * Improved performance for Single Precision maths on 32-bit. -* Allow TLS 1.2 to be compiled out. -* Ed25519 support in TLS 1.2 and 1.3. +* Improved downgrade support for the TLS 1.3 handshake. +* Improved TLS 1.3 support from interoperability testing. +* Added option to allow TLS 1.2 to be compiled out to reduce size and enhance security. +* Added option to support Ed25519 in TLS 1.2 and 1.3. * Update wolfSSL_HMAC_Final() so the length parameter is optional. * Various fixes for Coverity static analysis reports. * Add define to use internal struct timeval (USE_WOLF_TIMEVAL_T). * Switch LowResTimer() to call XTIME instead of time(0) for better portability. -* Expanded OpenSSL compatibility layer. +* Expanded OpenSSL compatibility layer with a bevy of new functions. * Added Renesas CS+ project files. * Align DH support with NIST SP 800-56A, add wc_DhSetKey_ex() for q parameter. * Add build option for CAVP self test build (--enable-selftest). * Expose mp_toradix() when WOLFSSL_PUBLIC_MP is defined. -* Add FIPS SGX support. * Example certificate expiration dates and generation script updated. -* Additional optimizations to trim out unused strings depending on build options. +* Additional optimizations to trim out unused strings depending on build options. * Fix for DN tag strings to have “=” when returning the string value to users. * Fix for wolfSSL_ERR_get_error_line_data return value if no more errors are in the queue. * Fix for AES-CBC IV value with PIC32 hardware acceleration. @@ -162,5 +162,6 @@ Release 3.15.0 of wolfSSL embedded TLS has bug fixes and new features including: * Add a disable option (--disable-optflags) to turn off the default optimization flags so user may supply their own custom flags. * Correctly touch the dummy fips.h header. +If you have questions on any of this, then email us at info@wolfssl.com. See INSTALL file for build instructions. More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html From ab319ae5998d3d09f85d847c51f4bdfa322aba62 Mon Sep 17 00:00:00 2001 From: David Garske Date: Tue, 5 Jun 2018 14:32:17 -0700 Subject: [PATCH 132/146] Fixed a couple of places in PKCS7 error cases where key free (`wc_FreeRsaKey` or `wc_ecc_free`) might not be called. --- wolfcrypt/src/pkcs7.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c index 4f7e6bf0c..5e7af23da 100644 --- a/wolfcrypt/src/pkcs7.c +++ b/wolfcrypt/src/pkcs7.c @@ -1329,6 +1329,7 @@ static int wc_PKCS7_RsaVerify(PKCS7* pkcs7, byte* sig, int sigSz, if (wc_RsaPublicKeyDecode(pkcs7->publicKey, &scratch, key, pkcs7->publicKeySz) < 0) { WOLFSSL_MSG("ASN RSA key decode error"); + wc_FreeRsaKey(key); #ifdef WOLFSSL_SMALL_STACK XFREE(digest, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -1404,6 +1405,7 @@ static int wc_PKCS7_EcdsaVerify(PKCS7* pkcs7, byte* sig, int sigSz, if (wc_EccPublicKeyDecode(pkcs7->publicKey, &idx, key, pkcs7->publicKeySz) < 0) { WOLFSSL_MSG("ASN ECDSA key decode error"); + wc_ecc_free(key); #ifdef WOLFSSL_SMALL_STACK XFREE(digest, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -3755,6 +3757,7 @@ static int wc_PKCS7_DecodeKtri(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz, } if (ret != 0) { WOLFSSL_MSG("Failed to decode RSA private key"); + wc_FreeRsaKey(privKey); #ifdef WOLFSSL_SMALL_STACK XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(privKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); From 0c966d7700bba0a5c859053f71180a1e5b8ce1ff Mon Sep 17 00:00:00 2001 From: John Safranek Date: Thu, 31 May 2018 15:34:13 -0700 Subject: [PATCH 133/146] Update ChangeLog and NEWS While the GNU coding standard states that the NEWS file should be a list of the high level changes and the ChangeLog should be every change in detail, our public source repository contains the detailed log of all changes and the name "ChangeLog" makes more sense to me than "NEWS". Instead of keeping two copies of the README, one in plain text and one in MarkDown, only keeping the MarkDown copy. It displays better in the source repository, it is still plain text, and we aren't keeping two separate copies of the files. --- ChangeLog | 1 - NEWS.md => ChangeLog.md | 0 NEWS | 1920 --------------------------------------- README | 218 ----- 4 files changed, 2139 deletions(-) delete mode 100644 ChangeLog rename NEWS.md => ChangeLog.md (100%) delete mode 100644 NEWS delete mode 100644 README diff --git a/ChangeLog b/ChangeLog deleted file mode 100644 index 87ed82401..000000000 --- a/ChangeLog +++ /dev/null @@ -1 +0,0 @@ -Please see the file 'README' in this directory. diff --git a/NEWS.md b/ChangeLog.md similarity index 100% rename from NEWS.md rename to ChangeLog.md diff --git a/NEWS b/NEWS deleted file mode 100644 index da18c8c2a..000000000 --- a/NEWS +++ /dev/null @@ -1,1920 +0,0 @@ -wolfSSL Release 3.15.0 (05/05/2018) - -Release 3.15.0 of wolfSSL embedded TLS has bug fixes and new features including: - -- Support for TLS 1.3 Draft versions 23, 26 and 28. -- Add FIPS SGX support! -- Single Precision assembly code added for ARM and 64-bit ARM to enhance - performance. -- Improved performance for Single Precision maths on 32-bit. -- Improved downgrade support for the TLS 1.3 handshake. -- Improved TLS 1.3 support from interoperability testing. -- Added option to allow TLS 1.2 to be compiled out to reduce size and enhance - security. -- Added option to support Ed25519 in TLS 1.2 and 1.3. -- Update wolfSSL_HMAC_Final() so the length parameter is optional. -- Various fixes for Coverity static analysis reports. -- Add define to use internal struct timeval (USE_WOLF_TIMEVAL_T). -- Switch LowResTimer() to call XTIME instead of time(0) for better portability. -- Expanded OpenSSL compatibility layer with a bevy of new functions. -- Added Renesas CS+ project files. -- Align DH support with NIST SP 800-56A, add wc_DhSetKey_ex() for q parameter. -- Add build option for CAVP self test build (--enable-selftest). -- Expose mp_toradix() when WOLFSSL_PUBLIC_MP is defined. -- Example certificate expiration dates and generation script updated. -- Additional optimizations to trim out unused strings depending on build - options. -- Fix for DN tag strings to have “=” when returning the string value to users. -- Fix for wolfSSL_ERR_get_error_line_data return value if no more errors are - in the queue. -- Fix for AES-CBC IV value with PIC32 hardware acceleration. -- Fix for wolfSSL_X509_print with ECC certificates. -- Fix for strict checking on URI absolute vs relative path. -- Added crypto device framework to handle PK RSA/ECC operations using - callbacks, which adds new build option `./configure --enable-cryptodev` or - `WOLF_CRYPTO_DEV`. -- Added devId support to ECC and PKCS7 for hardware based private key. -- Fixes in PKCS7 for handling possible memory leak in some error cases. -- Added test for invalid cert common name when set with - `wolfSSL_check_domain_name`. -- Refactor of the cipher suite names to use single array, which contains - internal name, IANA name and cipher suite bytes. -- Added new function `wolfSSL_get_cipher_name_from_suite` for getting IANA - cipher suite name using bytes. -- Fixes for fsanitize reports. -- Fix for openssl compatibility function `wolfSSL_RSA_verify` to check - returned size. -- Fixes and improvements for FreeRTOS AWS. -- Fixes for building openssl compatibility with FreeRTOS. -- Fix and new test for handling match on domain name that may have a null - terminator inside. -- Cleanup of the socket close code used for examples, CRL/OCSP and BIO to use - single macro `CloseSocket`. -- Refactor of the TLSX code to support returning error codes. -- Added new signature wrapper functions `wc_SignatureVerifyHash` and - `wc_SignatureGenerateHash` to allow direct use of hash. -- Improvement to GCC-ARM IDE example. -- Enhancements and cleanups for the ASN date/time code including new API's - `wc_GetDateInfo`, `wc_GetCertDates` and `wc_GetDateAsCalendarTime`. -- Fixes to resolve issues with C99 compliance. Added build option `WOLF_C99` - to force C99. -- Added a new `--enable-opensslall` option to enable all openssl compatibility - features. -- Added new `--enable-webclient` option for enabling a few HTTP API's. -- Added new `wc_OidGetHash` API for getting the hash type from a hash OID. -- Moved `wolfSSL_CertPemToDer`, `wolfSSL_KeyPemToDer`, `wolfSSL_PubKeyPemToDer` - to asn.c and renamed to `wc_`. Added backwards compatibility macro for old - function names. -- Added new `WC_MAX_SYM_KEY_SIZE` macro for helping determine max key size. -- Added `--enable-enckeys` or (`WOLFSSL_ENCRYPTED_KEYS`) to enable support for - encrypted PEM private keys using password callback without having to use - opensslextra. -- Added ForceZero on the password buffer after done using it. -- Refactor unique hash types to use same internal values - (ex WC_MD5 == WC_HASH_TYPE_MD5). -- Refactor the Sha3 types to use `wc_` naming, while retaining old names for - compatibility. -- Improvements to `wc_PBKDF1` to support more hash types and the non-standard - extra data option. -- Fix TLS 1.3 with ECC disabled and CURVE25519 enabled. -- Added new define `NO_DEV_URANDOM` to disable the use of `/dev/urandom`. -- Added `WC_RNG_BLOCKING` to indicate block w/sleep(0) is okay. -- Fix for `HAVE_EXT_CACHE` callbacks not being available without - `OPENSSL_EXTRA` defined. -- Fix for ECC max bits `MAX_ECC_BITS` not always calculating correctly due to - macro order. -- Added support for building and using PKCS7 without RSA (assuming ECC is - enabled). -- Fixes and additions for Cavium Nitrox V to support ECC, AES-GCM and HMAC - (SHA-224 and SHA3). -- Enabled ECC, AES-GCM and SHA-512/384 by default in (Linux and Windows) -- Added `./configure --enable-base16` and `WOLFSSL_BASE16` configuration - option to enable Base16 API's. -- Improvements to ATECC508A support for building without `WOLFSSL_ATMEL` - defined. -- Refactor IO callback function names to use `_CTX_` to eliminate confusion - about the first parameter. -- Added support for not loading a private key for server or client when - `HAVE_PK_CALLBACK` is defined and the private PK callback is set. -- Added new ECC API `wc_ecc_sig_size_calc` to return max signature size for - a key size. -- Cleanup ECC point import/export code and added new API - `wc_ecc_import_unsigned`. -- Fixes for handling OCSP with non-blocking. -- Added new PK (Primary Key) callbacks for the VerifyRsaSign. The new - callbacks API's are `wolfSSL_CTX_SetRsaVerifySignCb` and - `wolfSSL_CTX_SetRsaPssVerifySignCb`. -- Added new ECC API `wc_ecc_rs_raw_to_sig` to take raw unsigned R and S and - encodes them into ECDSA signature format. -- Added support for `WOLFSSL_STM32F1`. -- Cleanup of the ASN X509 header/footer and XSTRNCPY logic. -- Add copyright notice to autoconf files. (Thanks Brian Aker!) -- Updated the M4 files for autotools. (Thanks Brian Aker!) -- Add support for the cipher suite TLS_DH_anon_WITH_AES256_GCM_SHA384 with - test cases. (Thanks Thivya Ashok!) -- Add the TLS alert message unknown_psk_identity (115) from RFC 4279, - section 2. (Thanks Thivya Ashok!) -- Fix the case when using TCP with timeouts with TLS. wolfSSL shall be - agnostic to network socket behavior for TLS. (DTLS is another matter.) - The functions `wolfSSL_set_using_nonblock()` and - `wolfSSL_get_using_nonblock()` are deprecated. -- Hush the AR warning when building the static library with autotools. -- Hush the “-pthread” warning when building in some environments. -- Added a dist-hook target to the Makefile to reset the default options.h file. -- Removed the need for the darwin-clang.m4 file with the updates provided by - Brian A. -- Renamed the AES assembly file so GCC on the Mac will build it using the - preprocessor. -- Add a disable option (--disable-optflags) to turn off the default - optimization flags so user may supply their own custom flags. -- Correctly touch the dummy fips.h header. - -If you have questions on any of this, email us at info@wolfssl.com. -See INSTALL file for build instructions. -More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html - - -********* wolfSSL Release 3.14.0 (3/02/2018) - -Release 3.14.0 of wolfSSL embedded TLS has bug fixes and new features including: - -- TLS 1.3 draft 22 and 23 support added -- Additional unit tests for; SHA3, AES-CMAC, Ed25519, ECC, RSA-PSS, AES-GCM -- Many additions to the OpenSSL compatibility layer were made in this release. Some of these being enhancements to PKCS12, WOLFSSL_X509 use, WOLFSSL_EVP_PKEY, and WOLFSSL_BIO operations -- AVX1 and AVX2 performance improvements with ChaCha20 and Poly1305 -- Added i.MX CAAM driver support with Integrity OS support -- Improvements to logging with debugging, including exposing more API calls and adding options to reduce debugging code size -- Fix for signature type detection with PKCS7 RSA SignedData -- Public key call back functions added for DH Agree -- RSA-PSS API added for operating on non inline buffers (separate input and output buffers) -- API added for importing and exporting raw DSA parameters -- Updated DSA key generation to be FIPS 186-4 compliant -- Fix for wolfSSL_check_private_key when comparing ECC keys -- Support for AES Cipher Feedback(CFB) mode added -- Updated RSA key generation to be FIPS 186-4 compliant -- Update added for the ARM CMSIS software pack -- WOLFSSL_IGNORE_FILE_WARN macro added for avoiding build warnings when not working with autotools -- Performance improvements for AES-GCM with AVX1 and AVX2 -- Fix for possible memory leak on error case with wc_RsaKeyToDer function -- Make wc_PKCS7_PadData function available -- Updates made to building SGX on Linux -- STM32 hashing algorithm improvements including clock/power optimizations and auto detection of if SHA2 is supported -- Update static memory feature for FREERTOS use -- Reverse the order that certificates are compared during PKCS12 parse to account for case where multiple certificates have the same matching private key -- Update NGINX port to version 1.13.8 -- Support for HMAC-SHA3 added -- Added stricter ASN checks to enforce RFC 5280 rules. Thanks to the report from Professor Zhenhua Duan, Professor Cong Tian, and Ph.D candidate Chu Chen from Institute of Computing Theory and Technology (ICTT) of Xidian University. -- Option to have ecc_mul2add function public facing -- Getter function wc_PKCS7_GetAttributeValue added for PKCS7 attributes -- Macros NO_AES_128, NO_AES_192, NO_AES_256 added for AES key size selection at compile time -- Support for writing multiple organizations units (OU) and domain components (DC) with CSR and certificate creation -- Support for indefinite length BER encodings in PKCS7 -- Added API for additional validation of prime q in a public DH key -- Added support for RSA encrypt and decrypt without padding - - -See INSTALL file for build instructions. -More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html - - -********* wolfSSL (Formerly CyaSSL) Release 3.13.0 (12/21/2017) - -wolfSSL 3.13.0 includes bug fixes and new features, including support for -TLS 1.3 Draft 21, performance and footprint optimizations, build fixes, -updated examples and project files, and one vulnerability fix. The full list -of changes and additions in this release include: - -- Fixes for TLS 1.3, support for Draft 21 -- TLS 1.0 disabled by default, addition of “--enable-tlsv10” configure option -- New option to reduce SHA-256 code size at expense of performance - (USE_SLOW_SHA256) -- New option for memory reduced build (--enable-lowresource) -- AES-GCM performance improvements on AVX1 (IvyBridge) and AVX2 -- SHA-256 and SHA-512 performance improvements using AVX1/2 ASM -- SHA-3 size and performance optimizations -- Fixes for Intel AVX2 builds on Mac/OSX -- Intel assembly for Curve25519, and Ed25519 performance optimizations -- New option to force 32-bit mode with “--enable-32bit” -- New option to disable all inline assembly with “--disable-asm” -- Ability to override maximum signature algorithms using WOLFSSL_MAX_SIGALGO -- Fixes for handling of unsupported TLS extensions. -- Fixes for compiling AES-GCM code with GCC 4.8.* -- Allow adjusting static I/O buffer size with WOLFMEM_IO_SZ -- Fixes for building without a filesystem -- Removes 3DES and SHA1 dependencies from PKCS#7 -- Adds ability to disable PKCS#7 EncryptedData type (NO_PKCS7_ENCRYPTED_DATA) -- Add ability to get client-side SNI -- Expanded OpenSSL compatibility layer -- Fix for logging file names with OpenSSL compatibility layer enabled, with - WOLFSSL_MAX_ERROR_SZ user-overridable -- Adds static memory support to the wolfSSL example client -- Fixes for sniffer to use TLS 1.2 client method -- Adds option to wolfCrypt benchmark to benchmark individual algorithms -- Adds option to wolfCrypt benchmark to display benchmarks in powers - of 10 (-base10) -- Updated Visual Studio for ARM builds (for ECC supported curves and SHA-384) -- Updated Texas Instruments TI-RTOS build -- Updated STM32 CubeMX build with fixes for SHA -- Updated IAR EWARM project files -- Updated Apple Xcode projects with the addition of a benchmark example project - -This release of wolfSSL fixes 1 security vulnerability. - -wolfSSL is cited in the recent ROBOT Attack by Böck, Somorovsky, and Young. -The paper notes that wolfSSL only gives a weak oracle without a practical -attack but this is still a flaw. This release contains a fix for this report. -Please note that wolfSSL has static RSA cipher suites disabled by default as -of version 3.6.6 because of the lack of perfect forward secrecy. Only users -who have explicitly enabled static RSA cipher suites with WOLFSSL_STATIC_RSA -and use those suites on a host are affected. More information will be -available on our website at: - - https://wolfssl.com/wolfSSL/security/vulnerabilities.php - -See INSTALL file for build instructions. -More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html - - -********* wolfSSL (Formerly CyaSSL) Release 3.12.2 (10/23/2017) - -Release 3.12.2 of wolfSSL has bug fixes and new features including: - -This release includes many performance improvements with Intel ASM (AVX/AVX2) and AES-NI. New single precision math option to speedup RSA, DH and ECC. Embedded hardware support has been expanded for STM32, PIC32MZ and ATECC508A. AES now supports XTS mode for disk encryption. Certificate improvements for setting serial number, key usage and extended key usage. Refactor of SSL_ and hash types to allow openssl coexistence. Improvements for TLS 1.3. Fixes for OCSP stapling to allow disable and WOLFSSL specific user context for callbacks. Fixes for openssl and MySQL compatibility. Updated Micrium port. Fixes for asynchronous modes. - -- Added TLS extension for Supported Point Formats (ec_point_formats) -- Fix to not send OCSP stapling extensions in client_hello when not enabled -- Added new API's for disabling OCSP stapling -- Add check for SIZEOF_LONG with sun and LP64 -- Fixes for various TLS 1.3 disable options (RSA, ECC and ED/Curve 25519). -- Fix to disallow upgrading to TLS v1.3 -- Fixes for wolfSSL_EVP_CipherFinal() when message size is a round multiple of a block size. -- Add HMAC benchmark and expanded AES key size benchmarks -- Added simple GCC ARM Makefile example -- Add tests for 3072-bit RSA and DH. -- Fixed DRAFT_18 define and fixed downgrading with TLS v1.3 -- Fixes to allow custom serial number during certificate generation -- Add method to get WOLFSSL_CTX certificate manager -- Improvement to `wolfSSL_SetOCSP_Cb` to allow context per WOLFSSL object -- Alternate certificate chain support `WOLFSSL_ALT_CERT_CHAINS`. Enables checking cert against multiple CA's. -- Added new `--disable-oldnames` option to allow for using openssl along-side wolfssl headers (without OPENSSL_EXTRA). -- Refactor SSL_ and hashing types to use wolf specific prefix (WOLFSSL and WC_) to allow openssl coexistence. -- Fixes for HAVE_INTEL_MULX -- Cleanup include paths for MySQL cmake build -- Added configure option for building library for wolfSSH (--enable-wolfssh) -- Openssl compatibility layer improvements -- Expanded API unit tests -- Fixes for STM32 crypto hardware acceleration -- Added AES XTS mode (--enable-xts) -- Added ASN Extended Key Usage Support (see wc_SetExtKeyUsage). -- Math updates and added TFM_MIPS speedup. -- Fix for creation of the KeyUsage BitString -- Fix for 8k keys with MySQL compatibility -- Fixes for ATECC508A. -- Fixes for PIC32MZ hashing. -- Fixes and improvements to asynchronous modes for Intel QuickAssist and Cavium Nitrox V. -- Update HASH_DRBG Reseed mechanism and add test case -- Rename the file io.h/io.c to wolfio.h/wolfio.c -- Cleanup the wolfIO_Send function. -- OpenSSL Compatibility Additions and Fixes -- Improvements to Visual Studio DLL project/solution. -- Added function to generate public ECC key from private key -- Added async blocking support for sniffer tool. -- Added wolfCrypt hash tests for empty string and large data. -- Added ability to use of wolf implementation of `strtok` using `USE_WOLF_STRTOK`. -- Updated Micrium uC/OS-III Port -- Updated root certs for OCSP scripts -- New Single Precision math option for RSA, DH and ECC (off by default). See `--enable-sp`. -- Speedups for AES GCM with AESNI (--enable-aesni) -- Speedups for SHA2, ChaCha20/Poly1035 using AVX/AVX2 - - -********* wolfSSL (Formerly CyaSSL) Release 3.12.0 (8/04/2017) - -Release 3.12.0 of wolfSSL has bug fixes and new features including: - -- TLS 1.3 with Nginx! TLS 1.3 with ARMv8! TLS 1.3 with Async Crypto! (--enable-tls13) -- TLS 1.3 0RTT feature added -- Added port for using Intel SGX with Linux -- Update and fix PIC32MZ port -- Additional unit testing for MD5, SHA, SHA224, SHA256, SHA384, SHA512, RipeMd, HMAC, 3DES, IDEA, ChaCha20, ChaCha20Poly1305 AEAD, Camellia, Rabbit, ARC4, AES, RSA, Hc128 -- AVX and AVX2 assembly for improved ChaCha20 performance -- Intel QAT fixes for when using --disable-fastmath -- Update how DTLS handles decryption and MAC failures -- Update DTLS session export version number for --enable-sessionexport feature -- Add additional input argument sanity checks to ARMv8 assembly port -- Fix for making PKCS12 dynamic types match -- Fixes for potential memory leaks when using --enable-fast-rsa -- Fix for when using custom ECC curves and add BRAINPOOLP256R1 test -- Update TI-RTOS port for dependency on new wolfSSL source files -- DTLS multicast feature added, --enable-mcast -- Fix for Async crypto with GCC 7.1 and HMAC when not using Intel QuickAssist -- Improvements and enhancements to Intel QuickAssist support -- Added Xilinx port -- Added SHA3 Keccak feature, --enable-sha3 -- Expand wolfSSL Python wrapper to now include a client side implementation -- Adjust example servers to not treat a peer closed error as a hard error -- Added more sanity checks to fp_read_unsigned_bin function -- Add SHA224 and AES key wrap to ARMv8 port -- Update MQX classics and mmCAU ports -- Fix for potential buffer over read with wolfSSL_CertPemToDer -- Add PKCS7/CMS decode support for KARI with IssuerAndSerialNumber -- Fix ThreadX/NetX warning -- Fixes for OCSP and CRL non blocking sockets and for incomplete cert chain with OCSP -- Added RSA PSS sign and verify -- Fix for STM32F4 AES-GCM -- Added enable all feature (--enable-all) -- Added trackmemory feature (--enable-trackmemory) -- Fixes for AES key wrap and PKCS7 on Windows VS -- Added benchmark block size argument -- Support use of staticmemory with PKCS7 -- Fix for Blake2b build with GCC 5.4 -- Fixes for compiling wolfSSL with GCC version 7, most dealing with switch statement fall through warnings. -- Added warning when compiling without hardened math operations - - -Note: -There is a known issue with using ChaCha20 AVX assembly on versions of GCC earlier than 5.2. This is encountered with using the wolfSSL enable options --enable-intelasm and --enable-chacha. To avoid this issue ChaCha20 can be enabled with --enable-chacha=noasm. -If using --enable-intelasm and also using --enable-sha224 or --enable-sha256 there is a known issue with trying to use -fsanitize=address. - -This release of wolfSSL fixes 1 low level security vulnerability. - -Low level fix for a potential DoS attack on a wolfSSL client. Previously a client would accept many warning alert messages without a limit. This fix puts a limit to the number of warning alert messages received and if this limit is reached a fatal error ALERT_COUNT_E is returned. The max number of warning alerts by default is set to 5 and can be adjusted with the macro WOLFSSL_ALERT_COUNT_MAX. Thanks for the report from Tarun Yadav and Koustav Sadhukhan from Defence Research and Development Organization, INDIA. - - -See INSTALL file for build instructions. -More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html - - -********* wolfSSL (Formerly CyaSSL) Release 3.11.1 (5/11/2017) - -Release 3.11.1 of wolfSSL is a TLS 1.3 BETA release, which includes: - -- TLS 1.3 client and server support for TLS 1.3 with Draft 18 support - -This is strictly a BETA release, and designed for testing and user feedback. -Please send any comments, testing results, or feedback to wolfSSL at -support@wolfssl.com. - -See INSTALL file for build instructions. -More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html - - -********* wolfSSL (Formerly CyaSSL) Release 3.11.0 (5/04/2017) - -Release 3.11.0 of wolfSSL has bug fixes and new features including: - -- Code updates for warnings reported by Coverity scans -- Testing and warning fixes for FreeBSD on PowerPC -- Updates and refactoring done to ASN1 parsing functions -- Change max PSK identity buffer to account for an identity length of 128 characters -- Update Arduino script to handle recent files and additions -- Added support for PKCS#7 Signed Data with ECDSA -- Fix for interoperability with ChaCha20-Poly1305 suites using older draft versions -- DTLS update to allow multiple handshake messages in one DTLS record. Thanks to Eric Samsel over at Welch Allyn for reporting this bug. -- Intel QuickAssist asynchronous support (PR #715 - https://www.wolfssl.com/wolfSSL/Blog/Entries/2017/1/18_wolfSSL_Asynchronous_Intel_QuickAssist_Support.html) -- Added support for HAproxy load balancer -- Added option to allow SHA1 with TLS 1.2 for IIS compatibility (WOLFSSL_ALLOW_TLS_SHA1) -- Added Curve25519 51-bit Implementation, increasing performance on systems that have 128 bit types -- Fix to not send session ID on server side if session cache is off unless we're echoing -session ID as part of session tickets -- Fixes for ensuring all default ciphers are setup correctly (see PR #830) -- Added NXP Hexiwear example in `IDE/HEXIWEAR`. -- Added wolfSSL_write_dup() to create write only WOLFSSL object for concurrent access -- Fixes for TLS elliptic curve selection on private key import. -- Fixes for RNG with Intel rdrand and rdseed speedups. -- Improved performance with Intel rdrand to use full 64-bit output -- Added new --enable-intelrand option to indicate use of RDRAND preference for RNG source -- Removed RNG ARC4 support -- Added ECC helpers to get size and id from curve name. -- Added ECC Cofactor DH (ECC-CDH) support -- Added ECC private key only import / export functions. -- Added PKCS8 create function -- Improvements to TLS layer CTX handling for switching keys / certs. -- Added check for duplicate certificate policy OID in certificates. -- Normal math speed-up to not allocate on mp_int and defer until mp_grow -- Reduce heap usage with fast math when not using ALT_ECC_SIZE -- Fixes for building CRL with Windows -- Added support for inline CRL lookup when HAVE_CRL_IO is defined -- Added port for tenAsys INtime RTOS -- Improvements to uTKernel port (WOLFSSL_uTKERNEL2) -- Updated WPA Supplicant support -- Added support for Nginx -- Update stunnel port for version 5.40 -- Fixes for STM32 hardware crypto acceleration -- Extended test code coverage in bundled test.c -- Added a sanity check for minimum authentication tag size with AES-GCM. Thanks to Yueh-Hsun Lin and Peng Li at KNOX Security at Samsung Research America for suggesting this. -- Added a sanity check that subject key identifier is marked as non-critical and a check that no policy OIDS appear more than once in the cert policies extension. Thanks to the report from Professor Zhenhua Duan, Professor Cong Tian, and Ph.D candidate Chu Chen from Institute of Computing Theory and Technology (ICTT) of Xidian University, China. Profs. Zhenhua Duan and Cong Tian are supervisors of Ph.D candidate Chu Chen. - - -This release of wolfSSL fixes 5 low and 1 medium level security vulnerability. - -3 Low level fixes reported by Yueh-Hsun Lin and Peng Li from KNOX Security, Samsung Research America. -- Fix for out of bounds memory access in wc_DhParamsLoad() when GetLength() returns a zero. Before this fix there is a case where wolfSSL would read out of bounds memory in the function wc_DhParamsLoad. -- Fix for DH key accepted by wc_DhAgree when the key was malformed. -- Fix for a double free case when adding CA cert into X509_store. - -Low level fix for memory management with static memory feature enabled. By default static memory is disabled. Thanks to GitHub user hajjihraf for reporting this. - -Low level fix for out of bounds write in the function wolfSSL_X509_NAME_get_text_by_NID. This function is not used by TLS or crypto operations but could result in a buffer out of bounds write by one if called explicitly in an application. Discovered by Aleksandar Nikolic of Cisco Talos. http://talosintelligence.com/vulnerability-reports/ - -Medium level fix for check on certificate signature. There is a case in release versions 3.9.10, 3.10.0 and 3.10.2 where a corrupted signature on a peer certificate would not be properly flagged. Thanks to Wens Lo, James Tsai, Kenny Chang, and Oscar Yang at Castles Technology. - - -See INSTALL file for build instructions. -More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html - - -********* wolfSSL (Formerly CyaSSL) Release 3.10.2 (2/10/2017) - -Release 3.10.2 of wolfSSL has bug fixes and new features including: - -- Poly1305 Windows macros fix. Thanks to GitHub user Jay Satiro -- Compatibility layer expanded with multiple functions added -- Improve fp_copy performance with ALT_ECC_SIZE -- OCSP updates and improvements -- Fixes for IAR EWARM 8 compiler warnings -- Reduce stack usage with ECC_CACHE_CURVE disabled -- Added ECC export raw for public and private key -- Fix for NO_ASN_TIME build -- Supported curves extensions now populated by default -- Add DTLS build without big integer math -- Fix for static memory feature with wc_ecc_verify_hash_ex and not SHAMIR -- Added PSK interoperability testing to script bundled with wolfSSL -- Fix for Python wrapper random number generation. Compiler optimizations with Python could place the random number in same buffer location each time. Thanks to GitHub user Erik Bray (embray) -- Fix for tests on unaligned memory with static memory feature -- Add macro WOLFSSL_NO_OCSP_OPTIONAL_CERTS to skip optional OCSP certificates -- Sanity checks on NULL arguments added to wolfSSL_set_fd and wolfSSL_DTLS_SetCookieSecret -- mp_jacobi stack use reduced, thanks to Szabi Tolnai for providing a solution to reduce stack usage - - -This release of wolfSSL fixes 2 low and 1 medium level security vulnerability. - -Low level fix of buffer overflow for when loading in a malformed temporary DH file. Thanks to Yueh-Hsun Lin and Peng Li from KNOX Security, Samsung Research America for the report. - -Medium level fix for processing of OCSP response. If using OCSP without hard faults enforced and no alternate revocation checks like OCSP stapling then it is recommended to update. - -Low level fix for potential cache attack on RSA operations. If using wolfSSL RSA on a server that other users can have access to monitor the cache, then it is recommended to update wolfSSL. Thanks to Andreas Zankl, Johann Heyszl and Georg Sigl at Fraunhofer AISEC for the initial report. - -See INSTALL file for build instructions. -More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html - -********* wolfSSL (Formerly CyaSSL) Release 3.10.0 (12/21/2016) - -Release 3.10.0 of wolfSSL has bug fixes and new features including: - -- Added support for SHA224 -- Added scrypt feature -- Build for Intel SGX use, added in directory IDE/WIN-SGX -- Fix for ChaCha20-Poly1305 ECDSA certificate type request -- Enhance PKCS#7 with ECC enveloped data and AES key wrap support -- Added support for RIOT OS -- Add support for parsing PKCS#12 files -- ECC performance increased with custom curves -- ARMv8 expanded to AArch32 and performance increased -- Added ANSI-X9.63-KDF support -- Port to STM32 F2/F4 CubeMX -- Port to Atmel ATECC508A board -- Removed fPIE by default when wolfSSL library is compiled -- Update to Python wrapper, dropping DES and adding wc_RSASetRNG -- Added support for NXP K82 hardware acceleration -- Added SCR client and server verify check -- Added a disable rng option with autoconf -- Added more tests vectors to test.c with AES-CTR -- Updated DTLS session export version number -- Updated DTLS for 64 bit sequence numbers -- Fix for memory management with TI and WOLFSSL_SMALL_STACK -- Hardening RSA CRT to be constant time -- Fix uninitialized warning with IAR compiler -- Fix for C# wrapper example IO hang on unexpected connection termination - - -This release of wolfSSL fixes a low level security vulnerability. The vulnerability reported was a potential cache attack on RSA operations. If using wolfSSL RSA on a server that other users can have access to monitor the cache, then it is recommended to update wolfSSL. Thanks to Andreas Zankl, Johann Heyszl and Georg Sigl at Fraunhofer AISEC for the report. More information will be available on our site: - -https://wolfssl.com/wolfSSL/security/vulnerabilities.php - -See INSTALL file for build instructions. -More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html - -********* wolfSSL (Formerly CyaSSL) Release 3.9.10 (9/23/2016) - -Release 3.9.10 of wolfSSL has bug fixes and new features including: - -- Default configure option changes: - 1. DES3 disabled by default - 2. ECC Supported Curves Extension enabled by default - 3. New option Extended Master Secret enabled by default -- Added checking CA certificate path length, and new test certs -- Fix to DSA pre padding and sanity check on R/S values -- Added CTX level RNG for single-threaded builds -- Intel RDSEED enhancements -- ARMv8 hardware acceleration support for AES-CBC/CTR/GCM, SHA-256 -- Arduino support updates -- Added the Extended Master Secret TLS extension - 1. Enabled by default in configure options, API to disable - 2. Added support for Extended Master Secret to sniffer -- OCSP fix with issuer key hash, lookup refactor -- Added support for Frosted OS -- Added support for DTLS over SCTP -- Added support for static memory with wolfCrypt -- Fix to ECC Custom Curve support -- Support for asynchronous wolfCrypt RSA and TLS client -- Added distribution build configure option -- Update the test certificates - -This release of wolfSSL fixes medium level security vulnerabilities. Fixes for -potential AES, RSA, and ECC side channel leaks is included that a local user -monitoring the same CPU core cache could exploit. VM users, hyper-threading -users, and users where potential attackers have access to the CPU cache will -need to update if they utilize AES, RSA private keys, or ECC private keys. -Thanks to Gorka Irazoqui Apecechea and Xiaofei Guo from Intel Corporation for -the report. More information will be available on our site: - - https://wolfssl.com/wolfSSL/security/vulnerabilities.php - -See INSTALL file for build instructions. -More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html - -********* wolfSSL (Formerly CyaSSL) Release 3.9.8 (7/29/2016) - -Release 3.9.8 of wolfSSL has bug fixes and new features including: - -- Add support for custom ECC curves. -- Add cipher suite ECDHE-ECDSA-AES128-CCM. -- Add compkey enable option. This option is for compressed ECC keys. -- Add in the option to use test.h without gettimeofday function using the macro - WOLFSSL_USER_CURRTIME. -- Add RSA blinding for private key operations. Enable option of harden which is - on by default. This negates timing attacks. -- Add ECC and TLS support for all SECP, Koblitz and Brainpool curves. -- Add helper functions for static memory option to allow getting optimum buffer - sizes. -- Update DTLS behavior on bad MAC. DTLS silently drops packets with bad MACs now. -- Update fp_isprime function from libtom enchancement/cleanup repository. -- Update sanity checks on inputs and return values for AES-CMAC. -- Update wolfSSL for use with MYSQL v5.6.30. -- Update LPCXpresso eclipse project to not include misc.c when not needed. -- Fix retransmit of last DTLS flight with timeout notification. The last flight - is no longer retransmitted on timeout. -- Fixes to some code in math sections for compressed ECC keys. This includes - edge cases for buffer size on allocation and adjustments for compressed curves - build. The code and full list can be found on github with pull request #456. -- Fix function argument mismatch for build with secure renegotiation. -- X.509 bug fixes for reading in malformed certificates, reported by researchers - at Columbia University -- Fix GCC version 6 warning about hard tabs in poly1305.c. This was a warning - produced by GCC 6 trying to determine the intent of code. -- Fixes for static memory option. Including avoid potential race conditions with - counters, decrement handshake counter correctly. -- Fix anonymous cipher with Diffie Hellman on the server side. Was an issue of a - possible buffer corruption. For information and code see pull request #481. - - -- One high level security fix that requires an update for use with static RSA - cipher suites was submitted. This fix was the addition of RSA blinding for - private RSA operations. We recommend servers who allow static RSA cipher - suites to also generate new private RSA keys. Static RSA cipher suites are - turned off by default. - -See INSTALL file for build instructions. -More info can be found on-line at //http://wolfssl.com/wolfSSL/Docs.html - - ********* wolfSSL (Formerly CyaSSL) Release 3.9.6 (6/14/2016) - -Release 3.9.6 of wolfSSL has bug fixes and new features including: - -- Add staticmemory feature -- Add public wc_GetTime API with base64encode feature -- Add AES CMAC algorithm -- Add DTLS sessionexport feature -- Add python wolfCrypt wrapper -- Add ECC encrypt/decrypt benchmarks -- Add dynamic session tickets -- Add eccshamir option -- Add Whitewood netRandom support --with-wnr -- Add embOS port -- Add minimum key size checks for RSA and ECC -- Add STARTTLS support to examples -- Add uTasker port -- Add asynchronous crypto and wolf event support -- Add compile check for misc.c with inline -- Add RNG benchmark -- Add reduction to stack usage with hash-based RNG -- Update STM32F2_CRYPTO port with additional algorithms supported -- Update MDK5 projects -- Update AES-NI -- Fix for STM32 with STM32F2_HASH defined -- Fix for building with MinGw -- Fix ECC math bugs with ALT_ECC_SIZE and key sizes over 256 bit (1) -- Fix certificate buffers github issue #422 -- Fix decrypt max size with RSA OAEP -- Fix DTLS sanity check with DTLS timeout notification -- Fix free of WOLFSSL_METHOD on failure to create CTX -- Fix memory leak in failure case with wc_RsaFunction (2) - -- No high level security fixes that requires an update though we always -recommend updating to the latest -- (1) Code changes for ECC fix can be found at pull requests #411, #416, and #428 -- (2) Builds using RSA with using normal math and not RSA_LOW_MEM should update -- Tag 3.9.6w is for a Windows example echoserver fix - -See INSTALL file for build instructions. -More info can be found on-line at //http://wolfssl.com/wolfSSL/Docs.html - - ********* wolfSSL (Formerly CyaSSL) Release 3.9.0 (3/18/2016) - -Release 3.9.0 of wolfSSL has bug fixes and new features including: - -- Add new leantls configuration -- Add RSA OAEP padding at wolfCrypt level -- Add Arduino port and example client -- Add fixed point DH operation -- Add CUSTOM_RAND_GENRATE_SEED_OS and CUSTOM_RAND_GENERATE_BLOCK -- Add ECDHE-PSK cipher suites -- Add PSK ChaCha20-Poly1305 cipher suites -- Add option for fail on no peer cert except PSK suites -- Add port for Nordic nRF51 -- Add additional ECC NIST test vectors for 256, 384 and 521 -- Add more granular ECC, Ed25519/Curve25519 and AES configs -- Update to ChaCha20-Poly1305 -- Update support for Freescale KSDK 1.3.0 -- Update DER buffer handling code, refactoring and reducing memory -- Fix to AESNI 192 bit key expansion -- Fix to C# wrapper character encoding -- Fix sequence number issue with DTLS epoch 0 messages -- Fix RNGA with K64 build -- Fix ASN.1 X509 V3 certificate policy extension parsing -- Fix potential free of uninitialized RSA key in asn.c -- Fix potential underflow when using ECC build with FP_ECC -- Fixes for warnings in Visual Studio 2015 build - -- No high level security fixes that requires an update though we always -recommend updating to the latest -- FP_ECC is off by default, users with it enabled should update for the zero -sized hash fix - -See INSTALL file for build instructions. -More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html - - ********* wolfSSL (Formerly CyaSSL) Release 3.8.0 (12/30/2015) - -Release 3.8.0 of wolfSSL has bug fixes and new features including: - -- Example client/server with VxWorks -- AESNI use with AES-GCM -- Stunnel compatibility enhancements -- Single shot hash and signature/verify API added -- Update cavium nitrox port -- LPCXpresso IDE support added -- C# wrapper to support wolfSSL use by a C# program -- (BETA version)OCSP stapling added -- Update OpenSSH compatibility -- Improve DTLS handshake when retransmitting finished message -- fix idea_mult() for 16 and 32bit systems -- fix LowResTimer on Microchip ports - -- No high level security fixes that requires an update though we always -recommend updating to the latest - -See INSTALL file for build instructions. -More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html - - ********* wolfSSL (Formerly CyaSSL) Release 3.7.0 (10/26/2015) - -Release 3.7.0 of wolfSSL has bug fixes and new features including: - -- ALPN extension support added for HTTP2 connections with --enable-alpn -- Change of example/client/client max fragment flag -L -> -F -- Throughput benchmarking, added scripts/benchmark.test -- Sniffer API ssl_FreeDecodeBuffer added -- Addition of AES_GCM to Sniffer -- Sniffer change to handle unlimited decrypt buffer size -- New option for the sniffer where it will try to pick up decoding after a - sequence number acknowldgement fault. Also includes some additional stats. -- JNI API setter and getter function for jobject added -- User RSA crypto plugin abstraction. An example placed in wolfcrypt/user-crypto -- fix to asn configuration bug -- AES-GCM/CCM fixes. -- Port for Rowley added -- Rowley Crossworks bare metal examples added -- MDK5-ARM project update -- FreeRTOS support updates. -- VXWorks support updates. -- Added the IDEA cipher and support in wolfSSL. -- Update wolfSSL website CA. -- CFLAGS is usable when configuring source. - -- No high level security fixes that requires an update though we always -recommend updating to the latest - -See INSTALL file for build instructions. -More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html - - ********* wolfSSL (Formerly CyaSSL) Release 3.6.8 (09/17/2015) - -Release 3.6.8 of wolfSSL fixes two high severity vulnerabilities. It also -includes bug fixes and new features including: - -- Two High level security fixes, all users SHOULD update. - a) If using wolfSSL for DTLS on the server side of a publicly accessible - machine you MUST update. - b) If using wolfSSL for TLS on the server side with private RSA keys allowing - ephemeral key exchange without low memory optimizations you MUST update and - regenerate the private RSA keys. - - Please see https://www.wolfssl.com/wolfSSL/Blog/Blog.html for more details - -- No filesystem build fixes for various configurations -- Certificate generation now supports several extensions including KeyUsage, - SKID, AKID, and Certificate Policies -- CRLs can be loaded from buffers as well as files now -- SHA-512 Certificate Signing generation -- Fixes for sniffer reassembly processing - -See INSTALL file for build instructions. -More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html - - ********* wolfSSL (Formerly CyaSSL) Release 3.6.6 (08/20/2015) - -Release 3.6.6 of wolfSSL has bug fixes and new features including: - -- OpenSSH compatibility with --enable-openssh -- stunnel compatibility with --enable-stunnel -- lighttpd compatibility with --enable-lighty -- SSLv3 is now disabled by default, can be enabled with --enable-sslv3 -- Ephemeral key cipher suites only are now supported by default - To enable static ECDH cipher suites define WOLFSSL_STATIC_DH - To enable static RSA cipher suites define WOLFSSL_STATIC_RSA - To enable static PSK cipher suites define WOLFSSL_STATIC_PSK -- Added QSH (quantum-safe handshake) extension with --enable-ntru -- SRP is now part of wolfCrypt, enable with --enabe-srp -- Certificate handshake messages can now be sent fragmented if the record - size is smaller than the total message size, no user action required. -- DTLS duplicate message fixes -- Visual Studio project files now support DLL and static builds for 32/64bit. -- Support for new Freescale I/O -- FreeRTOS FIPS support - -- No high level security fixes that requires an update though we always - recommend updating to the latest - -See INSTALL file for build instructions. -More information can be found on-line at //http://wolfssl.com/yaSSL/Docs.html - - **************** wolfSSL (Formerly CyaSSL) Release 3.6.0 (06/19/2015) - -Release 3.6.0 of wolfSSL has bug fixes and new features including: - -- Max Strength build that only allows TLSv1.2, AEAD ciphers, and PFS (Perfect - Forward Secrecy). With --enable-maxstrength -- Server side session ticket support, the example server and echoserver use the - example callback myTicketEncCb(), see wolfSSL_CTX_set_TicketEncCb() -- FIPS version submitted for iOS. -- TI Crypto Hardware Acceleration -- DTLS fragmentation fixes -- ECC key check validation with wc_ecc_check_key() -- 32bit code options to reduce memory for Curve25519 and Ed25519 -- wolfSSL JNI build switch with --enable-jni -- PicoTCP support improvements -- DH min ephemeral key size enforcement with wolfSSL_CTX_SetMinDhKey_Sz() -- KEEP_PEER_CERT and AltNames can now be used together -- ChaCha20 big endian fix -- SHA-512 signature algorithm support for key exchange and verify messages -- ECC make key crash fix on RNG failure, ECC users must update. -- Improvements to usage of time code. -- Improvements to VS solution files. -- GNU Binutils 2.24 (and late 2.23) ld has problems with some debug builds, - to fix an ld error add C_EXTRA_FLAGS="-fdebug-types-section -g1". - -- No high level security fixes that requires an update though we always - recommend updating to the latest (except note 14, ecc RNG failure) - -See INSTALL file for build instructions. -More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html - - - *****************wolfSSL (Formerly CyaSSL) Release 3.4.6 (03/30/2015) - -Release 3.4.6 of wolfSSL has bug fixes and new features including: - -- Intel Assembly Speedups using instructions rdrand, rdseed, aesni, avx1/2, - rorx, mulx, adox, adcx . They can be enabled with --enable-intelasm. - These speedup the use of RNG, SHA2, and public key algorithms. -- Ed25519 support at the crypto level. Turn on with --enable-ed25519. Examples - in wolcrypt/test/test.c ed25519_test(). -- Post Handshake Memory reductions. wolfSSL can now hold less than 1,000 bytes - of memory per secure connection including cipher state. -- wolfSSL API and wolfCrypt API fixes, you can still include the cyassl and - ctaocrypt headers which will enable the compatibility APIs for the - foreseeable future -- INSTALL file to help direct users to build instructions for their environment -- For ECC users with the normal math library a fix that prevents a crash when - verify signature fails. Users of 3.4.0 with ECC and the normal math library - must update -- RC4 is now disabled by default in autoconf mode -- AES-GCM and ChaCha20/Poly1305 are now enabled by default to make AEAD ciphers - available without a switch -- External ChaCha-Poly AEAD API, thanks to Andrew Burks for the contribution -- DHE-PSK cipher suites can now be built without ASN or Cert support -- Fix some NO MD5 build issues with optional features -- Freescale CodeWarrior project updates -- ECC curves can be individually turned on/off at build time. -- Sniffer handles Cert Status message and other minor fixes -- SetMinVersion() at the wolfSSL Context level instead of just SSL session level - to allow minimum protocol version allowed at runtime -- RNG failure resource cleanup fix - -- No high level security fixes that requires an update though we always - recommend updating to the latest (except note 6 use case of ecc/normal math) - -See INSTALL file for build instructions. -More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html - - - *****************wolfSSL (Formerly CyaSSL) Release 3.4.0 (02/23/2015) - -Release 3.4.0 wolfSSL has bug fixes and new features including: - -- wolfSSL API and wolfCrypt API, you can still include the cyassl and ctaocrypt - headers which will enable the compatibility APIs for the foreseeable future -- Example use of the wolfCrypt API can be found in wolfcrypt/test/test.c -- Example use of the wolfSSL API can be found in examples/client/client.c -- Curve25519 now supported at the wolfCrypt level, wolfSSL layer coming soon -- Improvements in the build configuration under AIX -- Microchip Pic32 MZ updates -- TIRTOS updates -- PowerPC updates -- Xcode project update -- Bidirectional shutdown examples in client/server with -w (wait for full - shutdown) option -- Cycle counts on benchmarks for x86_64, more coming soon -- ALT_ECC_SIZE for reducing ecc heap use with fastmath when also using large RSA - keys -- Various compile warnings -- Scan-build warning fixes -- Changed a memcpy to memmove in the sniffer (if using sniffer please update) -- No high level security fixes that requires an update though we always - recommend updating to the latest - - - ***********CyaSSL Release 3.3.0 (12/05/2014) - -- Countermeasuers for Handshake message duplicates, CHANGE CIPHER without - FINISHED, and fast forward attempts. Thanks to Karthikeyan Bhargavan from - the Prosecco team at INRIA Paris-Rocquencourt for the report. -- FIPS version submitted -- Removes SSLv2 Client Hello processing, can be enabled with OLD_HELLO_ALLOWED -- User can set minimum downgrade version with CyaSSL_SetMinVersion() -- Small stack improvements at TLS/SSL layer -- TLS Master Secret generation and Key Expansion are now exposed -- Adds client side Secure Renegotiation, * not recommended * -- Client side session ticket support, not fully tested with Secure Renegotiation -- Allows up to 4096bit DHE at TLS Key Exchange layer -- Handles non standard SessionID sizes in Hello Messages -- PicoTCP Support -- Sniffer now supports SNI Virtual Hosts -- Sniffer now handles non HTTPS protocols using STARTTLS -- Sniffer can now parse records with multiple messages -- TI-RTOS updates -- Fix for ColdFire optimized fp_digit read only in explicit 32bit case -- ADH Cipher Suite ADH-AES128-SHA for EAP-FAST - -The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - -***********CyaSSL Release 3.2.0 (09/10/2014) - -Release 3.2.0 CyaSSL has bug fixes and new features including: - -- ChaCha20 and Poly1305 crypto and suites -- Small stack improvements for OCSP, CRL, TLS, DTLS -- NTRU Encrypt and Decrypt benchmarks -- Updated Visual Studio project files -- Updated Keil MDK5 project files -- Fix for DTLS sequence numbers with GCM/CCM -- Updated HashDRBG with more secure struct declaration -- TI-RTOS support and example Code Composer Studio project files -- Ability to get enabled cipher suites, CyaSSL_get_ciphers() -- AES-GCM/CCM/Direct support for Freescale mmCAU and CAU -- Sniffer improvement checking for decrypt key setup -- Support for raw ECC key import -- Ability to convert ecc_key to DER, EccKeyToDer() -- Security fix for RSA Padding check vulnerability reported by Intel Security - Advanced Threat Research team - -The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - -************ CyaSSL Release 3.1.0 (07/14/2014) - -Release 3.1.0 CyaSSL has bug fixes and new features including: - -- Fix for older versions of icc without 128-bit type -- Intel ASM syntax for AES-NI -- Updated NTRU support, keygen benchmark -- FIPS check for minimum required HMAC key length -- Small stack (--enable-smallstack) improvements for PKCS#7, ASN -- TLS extension support for DTLS -- Default I/O callbacks external to user -- Updated example client with bad clock test -- Ability to set optional ECC context info -- Ability to enable/disable DH separate from opensslextra -- Additional test key/cert buffers for CA and server -- Updated example certificates - -The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - -************ CyaSSL Release 3.0.2 (05/30/2014) - -Release 3.0.2 CyaSSL has bug fixes and new features including: - -- Added the following cipher suites: - * TLS_PSK_WITH_AES_128_GCM_SHA256 - * TLS_PSK_WITH_AES_256_GCM_SHA384 - * TLS_PSK_WITH_AES_256_CBC_SHA384 - * TLS_PSK_WITH_NULL_SHA384 - * TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 - * TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 - * TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 - * TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 - * TLS_DHE_PSK_WITH_NULL_SHA256 - * TLS_DHE_PSK_WITH_NULL_SHA384 - * TLS_DHE_PSK_WITH_AES_128_CCM - * TLS_DHE_PSK_WITH_AES_256_CCM -- Added AES-NI support for Microsoft Visual Studio builds. -- Changed small stack build to be disabled by default. -- Updated the Hash DRBG and provided a configure option to enable. - -The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - -************ CyaSSL Release 3.0.0 (04/29/2014) - -Release 3.0.0 CyaSSL has bug fixes and new features including: - -- FIPS release candidate -- X.509 improvements that address items reported by Suman Jana with security - researchers at UT Austin and UC Davis -- Small stack size improvements, --enable-smallstack. Offloads large local - variables to the heap. (Note this is not complete.) -- Updated AES-CCM-8 cipher suites to use approved suite numbers. - -The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - -************ CyaSSL Release 2.9.4 (04/09/2014) - -Release 2.9.4 CyaSSL has bug fixes and new features including: - -- Security fixes that address items reported by Ivan Fratric of the Google - Security Team -- X.509 Unknown critical extensions treated as errors, report by Suman Jana with - security researchers at UT Austin and UC Davis -- Sniffer fixes for corrupted packet length and Jumbo frames -- ARM thumb mode assembly fixes -- Xcode 5.1 support including new clang -- PIC32 MZ hardware support -- CyaSSL Object has enough room to read the Record Header now w/o allocs -- FIPS wrappers for AES, 3DES, SHA1, SHA256, SHA384, HMAC, and RSA. -- A sample I/O pool is demonstrated with --enable-iopool to overtake memory - handling and reduce memory fragmentation on I/O large sizes - -The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - -************ CyaSSL Release 2.9.0 (02/07/2014) - -Release 2.9.0 CyaSSL has bug fixes and new features including: -- Freescale Kinetis RNGB support -- Freescale Kinetis mmCAU support -- TLS Hello extensions - - ECC - - Secure Renegotiation (null) - - Truncated HMAC -- SCEP support - - PKCS #7 Enveloped data and signed data - - PKCS #10 Certificate Signing Request generation -- DTLS sliding window -- OCSP Improvements - - API change to integrate into Certificate Manager - - IPv4/IPv6 agnostic - - example client/server support for OCSP - - OCSP nonces are optional -- GMAC hashing -- Windows build additions -- Windows CYGWIN build fixes -- Updated test certificates -- Microchip MPLAB Harmony support -- Update autoconf scripts -- Additional X.509 inspection functions -- ECC encrypt/decrypt primitives -- ECC Certificate generation - -The Freescale Kinetis K53 RNGB documentation can be found in Chapter 33 of the -K53 Sub-Family Reference Manual: -http://cache.freescale.com/files/32bit/doc/ref_manual/K53P144M100SF2RM.pdf - -Freescale Kinetis K60 mmCAU (AES, DES, 3DES, MD5, SHA, SHA256) documentation -can be found in the "ColdFire/ColdFire+ CAU and Kinetis mmCAU Software Library -User Guide": -http://cache.freescale.com/files/32bit/doc/user_guide/CAUAPIUG.pdf - - -*****************CyaSSL Release 2.8.0 (8/30/2013) - -Release 2.8.0 CyaSSL has bug fixes and new features including: -- AES-GCM and AES-CCM use AES-NI -- NetX default IO callback handlers -- IPv6 fixes for DTLS Hello Cookies -- The ability to unload Certs/Keys after the handshake, CyaSSL_UnloadCertsKeys() -- SEP certificate extensions -- Callback getters for easier resource freeing -- External CYASSL_MAX_ERROR_SZ for correct error buffer sizing -- MacEncrypt and DecryptVerify Callbacks for User Atomic Record Layer Processing -- Public Key Callbacks for ECC and RSA -- Client now sends blank cert upon request if doesn't have one with TLS <= 1.2 - - -The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - -*****************CyaSSL Release 2.7.0 (6/17/2013) - -Release 2.7.0 CyaSSL has bug fixes and new features including: -- SNI support for client and server -- KEIL MDK-ARM projects -- Wildcard check to domain name match, and Subject altnames are checked too -- Better error messages for certificate verification errors -- Ability to discard session during handshake verify -- More consistent error returns across all APIs -- Ability to unload CAs at the CTX or CertManager level -- Authority subject id support for Certificate matching -- Persistent session cache functionality -- Persistent CA cache functionality -- Client session table lookups to push serverID table to library level -- Camellia support to sniffer -- User controllable settings for DTLS timeout values -- Sniffer fixes for caching long lived sessions -- DTLS reliability enhancements for the handshake -- Better ThreadX support - -When compiling with Mingw, libtool may give the following warning due to -path conversion errors: - -libtool: link: Could not determine host file name corresponding to ** -libtool: link: Continuing, but uninstalled executables may not work. - -If so, examples and testsuite will have problems when run, showing an -error while loading shared libraries. To resolve, please run "make install". - -The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - -************** CyaSSL Release 2.6.0 (04/15/2013) - -Release 2.6.0 CyaSSL has bug fixes and new features including: -- DTLS 1.2 support including AEAD ciphers -- SHA-3 finalist Blake2 support, it's fast and uses little resources -- SHA-384 cipher suites including ECC ones -- HMAC now supports SHA-512 -- Track memory use for example client/server with -t option -- Better IPv6 examples with --enable-ipv6, before if ipv6 examples/tests were - turned on, localhost only was used. Now link-local (with scope ids) and ipv6 - hosts can be used as well. -- Xcode v4.6 project for iOS v6.1 update -- settings.h is now checked in all *.c files for true one file setting detection -- Better alignment at SSL layer for hardware crypto alignment needs - * Note, SSL itself isn't friendly to alignment with 5 byte TLS headers and - 13 bytes DTLS headers, but every effort is now made to align with the - CYASSL_GENERAL_ALIGNMENT flag which sets desired alignment requirement -- NO_64BIT flag to turn off 64bit data type accumulators in public key code - * Note, some systems are faster with 32bit accumulators -- --enable-stacksize for example client/server stack use - * Note, modern desktop Operating Systems may add bytes to each stack frame -- Updated compression/decompression with direct crypto access -- All ./configure options are now lowercase only for consistency -- ./configure builds default to fastmath option - * Note, if on ia32 and building in shared mode this may produce a problem - with a missing register being available because of PIC, there are at least - 6 solutions to this: - 1) --disable-fastmath , don't use fastmath - 2) --disable-shared, don't build a shared library - 3) C_EXTRA_FLAGS=-DTFM_NO_ASM , turn off assembly use - 4) use clang, it just seems to work - 5) play around with no PIC options to force all registers being open, - e.g, --without-pic - 6) if static lib is still a problem try removing fPIE -- Many new ./configure switches for option enable/disable for example - * rsa - * dh - * dsa - * md5 - * sha - * arc4 - * null (allow NULL ciphers) - * oldtls (only use TLS 1.2) - * asn (no certs or public keys allowed) -- ./configure generates cyassl/options.h which allows a header the user can - include in their app to make sure the same options are set at the app and - CyaSSL level. -- autoconf no longer needs serial-tests which lowers version requirements of - automake to 1.11 and autoconf to 2.63 - -The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - - -************** CyaSSL Release 2.5.0 (02/04/2013) - -Release 2.5.0 CyaSSL has bug fixes and new features including: -- Fix for TLS CBC padding timing attack identified by Nadhem Alfardan and - Kenny Paterson: http://www.isg.rhul.ac.uk/tls/ -- Microchip PIC32 (MIPS16, MIPS32) support -- Microchip MPLAB X example projects for PIC32 Ethernet Starter Kit -- Updated CTaoCrypt benchmark app for embedded systems -- 1024-bit test certs/keys and cert/key buffers -- AES-CCM-8 crypto and cipher suites -- Camellia crypto and cipher suites -- Bumped minimum autoconf version to 2.65, automake version to 1.12 -- Addition of OCSP callbacks -- STM32F2 support with hardware crypto and RNG -- Cavium NITROX support - -CTaoCrypt now has support for the Microchip PIC32 and has been tested with -the Microchip PIC32 Ethernet Starter Kit, the XC32 compiler and -MPLAB X IDE in both MIPS16 and MIPS32 instruction set modes. See the README -located under the /mplabx directory for more details. - -To add Cavium NITROX support do: - -./configure --with-cavium=/home/user/cavium/software - -pointing to your licensed cavium/software directory. Since Cavium doesn't -build a library we pull in the cavium_common.o file which gives a libtool -warning about the portability of this. Also, if you're using the github source -tree you'll need to remove the -Wredundant-decls warning from the generated -Makefile because the cavium headers don't conform to this warning. Currently -CyaSSL supports Cavium RNG, AES, 3DES, RC4, HMAC, and RSA directly at the crypto -layer. Support at the SSL level is partial and currently just does AES, 3DES, -and RC4. RSA and HMAC are slower until the Cavium calls can be utilized in non -blocking mode. The example client turns on cavium support as does the crypto -test and benchmark. Please see the HAVE_CAVIUM define. - -CyaSSL is able to use the STM32F2 hardware-based cryptography and random number -generator through the STM32F2 Standard Peripheral Library. For necessary -defines, see the CYASSL_STM32F2 define in settings.h. Documentation for the -STM32F2 Standard Peripheral Library can be found in the following document: -http://www.st.com/internet/com/TECHNICAL_RESOURCES/TECHNICAL_LITERATURE/USER_MANUAL/DM00023896.pdf - -The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - - -*************** CyaSSL Release 2.4.6 (12/20/2012) - -Release 2.4.6 CyaSSL has bug fixes and a few new features including: -- ECC into main version -- Lean PSK build (reduced code size, RAM usage, and stack usage) -- FreeBSD CRL monitor support -- CyaSSL_peek() -- CyaSSL_send() and CyaSSL_recv() for I/O flag setting -- CodeWarrior Support -- MQX Support -- Freescale Kinetis support including Hardware RNG -- autoconf builds use jobserver -- cyassl-config -- Sniffer memory reductions - -Thanks to Brian Aker for the improved autoconf system, make rpm, cyassl-config, -warning system, and general good ideas for improving CyaSSL! - -The Freescale Kinetis K70 RNGA documentation can be found in Chapter 37 of the -K70 Sub-Family Reference Manual: -http://cache.freescale.com/files/microcontrollers/doc/ref_manual/K70P256M150SF3RM.pdf - -The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - -*************** CyaSSL Release 2.4.0 (10/10/2012) - -Release 2.4.0 CyaSSL has bug fixes and a few new features including: -- DTLS reliability -- Reduced memory usage after handshake -- Updated build process - -The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - - -*************** CyaSSL Release 2.3.0 (8/10/2012) - -Release 2.3.0 CyaSSL has bug fixes and a few new features including: -- AES-GCM crypto and cipher suites -- make test cipher suite checks -- Subject AltName processing -- Command line support for client/server examples -- Sniffer SessionTicket support -- SHA-384 cipher suites -- Verify cipher suite validity when user overrides -- CRL dir monitoring -- DTLS Cookie support, reliability coming soon - -The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - - -***************CyaSSL Release 2.2.0 (5/18/2012) - -Release 2.2.0 CyaSSL has bug fixes and a few new features including: -- Initial CRL support (--enable-crl) -- Initial OCSP support (--enable-ocsp) -- Add static ECDH suites -- SHA-384 support -- ECC client certificate support -- Add medium session cache size (1055 sessions) -- Updated unit tests -- Protection against mutex reinitialization - - -The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - - -***************CyaSSL Release 2.0.8 (2/24/2012) - -Release 2.0.8 CyaSSL has bug fixes and a few new features including: -- A fix for malicious certificates pointed out by Remi Gacogne (thanks) - resulting in NULL pointer use. -- Respond to renegotiation attempt with no_renegoatation alert -- Add basic path support for load_verify_locations() -- Add set Temp EC-DHE key size -- Extra checks on rsa test when porting into - - -The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - - -************* CyaSSL Release 2.0.6 (1/27/2012) - -Release 2.0.6 CyaSSL has bug fixes and a few new features including: -- Fixes for CA basis constraint check -- CTX reference counting -- Initial unit test additions -- Lean and Mean Windows fix -- ECC benchmarking -- SSMTP build support -- Ability to group handshake messages with set_group_messages(ctx/ssl) -- CA cache addition callback -- Export Base64_Encode for general use - -The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - - -************* CyaSSL Release 2.0.2 (12/05/2011) - -Release 2.0.2 CyaSSL has bug fixes and a few new features including: -- CTaoCrypt Runtime library detection settings when directly using the crypto - library -- Default certificate generation now uses SHAwRSA and adds SHA256wRSA generation -- All test certificates now use 2048bit and SHA-1 for better modern browser - support -- Direct AES block access and AES-CTR (counter) mode -- Microchip pic32 support - -The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - - -************* CyaSSL Release 2.0.0rc3 (9/28/2011) - -Release 2.0.0rc3 for CyaSSL has bug fixes and a few new features including: -- updated autoconf support -- better make install and uninstall (uses system directories) -- make test / make check -- CyaSSL headers now in -- CTaocrypt headers now in -- OpenSSL compatibility headers now in -- examples and tests all run from home directory so can use certs in ./certs - (see note 1) - -So previous applications that used the OpenSSL compatibility header - now need to include instead, no other -changes are required. - -Special Thanks to Brian Aker for his autoconf, install, and header patches. - -The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - -************CyaSSL Release 2.0.0rc2 (6/6/2011) - -Release 2.0.0rc2 for CyaSSL has bug fixes and a few new features including: -- bug fixes (Alerts, DTLS with DHE) -- FreeRTOS support -- lwIP support -- Wshadow warnings removed -- asn public header -- CTaoCrypt public headers now all have ctc_ prefix (the manual is still being - updated to reflect this change) -- and more. - -This is the 2nd and perhaps final release candidate for version 2. -Please send any comments or questions to support@wolfssl.com. - -The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - -***********CyaSSL Release 2.0.0rc1 (5/2/2011) - -Release 2.0.0rc1 for CyaSSL has many new features including: -- bug fixes -- SHA-256 cipher suites -- Root Certificate Verification (instead of needing all certs in the chain) -- PKCS #8 private key encryption (supports PKCS #5 v1-v2 and PKCS #12) -- Serial number retrieval for x509 -- PBKDF2 and PKCS #12 PBKDF -- UID parsing for x509 -- SHA-256 certificate signatures -- Client and server can send chains (SSL_CTX_use_certificate_chain_file) -- CA loading can now parse multiple certificates per file -- Dynamic memory runtime hooks -- Runtime hooks for logging -- EDH on server side -- More informative error codes -- More informative logging messages -- Version downgrade more robust (use SSL_v23*) -- Shared build only by default through ./configure -- Compiler visibility is now used, internal functions not polluting namespace -- Single Makefile, no recursion, for faster and simpler building -- Turn on all warnings possible build option, warning fixes -- and more. - -Because of all the new features and the multiple OS, compiler, feature-set -options that CyaSSL allows, there may be some configuration fixes needed. -Please send any comments or questions to support@wolfssl.com. - -The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - -****************** CyaSSL Release 1.9.0 (3/2/2011) - -Release 1.9.0 for CyaSSL adds bug fixes, improved TLSv1.2 through testing and -better hash/sig algo ids, --enable-webServer for the yaSSL embedded web server, -improper AES key setup detection, user cert verify callback improvements, and -more. - -The CyaSSL manual offering is included in the doc/ directory. For build -instructions and comments about the new features please check the manual. - -Please send any comments or questions to support@wolfssl.com. - -****************** CyaSSL Release 1.8.0 (12/23/2010) - -Release 1.8.0 for CyaSSL adds bug fixes, x509 v3 CA signed certificate -generation, a C standard library abstraction layer, lower memory use, increased -portability through the os_settings.h file, and the ability to use NTRU cipher -suites when used in conjunction with an NTRU license and library. - -The initial CyaSSL manual offering is included in the doc/ directory. For -build instructions and comments about the new features please check the manual. - -Please send any comments or questions to support@wolfssl.com. - -Happy Holidays. - - -********************* CyaSSL Release 1.6.5 (9/9/2010) - -Release 1.6.5 for CyaSSL adds bug fixes and x509 v3 self signed certificate -generation. - -For general build instructions see doc/Building_CyaSSL.pdf. - -To enable certificate generation support add this option to ./configure -./configure --enable-certgen - -An example is included in ctaocrypt/test/test.c and documentation is provided -in doc/CyaSSL_Extensions_Reference.pdf item 11. - -********************** CyaSSL Release 1.6.0 (8/27/2010) - -Release 1.6.0 for CyaSSL adds bug fixes, RIPEMD-160, SHA-512, and RSA key -generation. - -For general build instructions see doc/Building_CyaSSL.pdf. - -To add RIPEMD-160 support add this option to ./configure -./configure --enable-ripemd - -To add SHA-512 support add this option to ./configure -./configure --enable-sha512 - -To add RSA key generation support add this option to ./configure -./configure --enable-keygen - -Please see ctaocrypt/test/test.c for examples and usage. - -For Windows, RIPEMD-160 and SHA-512 are enabled by default but key generation is -off by default. To turn key generation on add the define CYASSL_KEY_GEN to -CyaSSL. - - -************* CyaSSL Release 1.5.6 (7/28/2010) - -Release 1.5.6 for CyaSSL adds bug fixes, compatibility for our JSSE provider, -and a fix for GCC builds on some systems. - -For general build instructions see doc/Building_CyaSSL.pdf. - -To add AES-NI support add this option to ./configure -./configure --enable-aesni - -You'll need GCC 4.4.3 or later to make use of the assembly. - -************** CyaSSL Release 1.5.4 (7/7/2010) - -Release 1.5.4 for CyaSSL adds bug fixes, support for AES-NI, SHA1 speed -improvements from loop unrolling, and support for the Mongoose Web Server. - -For general build instructions see doc/Building_CyaSSL.pdf. - -To add AES-NI support add this option to ./configure -./configure --enable-aesni - -You'll need GCC 4.4.3 or later to make use of the assembly. - -*************** CyaSSL Release 1.5.0 (5/11/2010) - -Release 1.5.0 for CyaSSL adds bug fixes, GoAhead WebServer support, sniffer -support, and initial swig interface support. - -For general build instructions see doc/Building_CyaSSL.pdf. - -To add support for GoAhead WebServer either --enable-opensslExtra or if you -don't want all the features of opensslExtra you can just define GOAHEAD_WS -instead. GOAHEAD_WS can be added to ./configure with CFLAGS=-DGOAHEAD_WS or -you can define it yourself. - -To look at the sniffer support please see the sniffertest app in -sslSniffer/sslSnifferTest. Build with --enable-sniffer on *nix or use the -vcproj files on windows. You'll need to have pcap installed on *nix and -WinPcap on windows. - -A swig interface file is now located in the swig directory for using Python, -Java, Perl, and others with CyaSSL. This is initial support and experimental, -please send questions or comments to support@wolfssl.com. - -When doing load testing with CyaSSL, on the echoserver example say, the client -machine may run out of tcp ephemeral ports, they will end up in the TIME_WAIT -queue, and can't be reused by default. There are generally two ways to fix -this. 1) Reduce the length sockets remain on the TIME_WAIT queue or 2) Allow -items on the TIME_WAIT queue to be reused. - - -To reduce the TIME_WAIT length in OS X to 3 seconds (3000 milliseconds) - -sudo sysctl -w net.inet.tcp.msl=3000 - -In Linux - -sudo sysctl -w net.ipv4.tcp_tw_reuse=1 - -allows reuse of sockets in TIME_WAIT - -sudo sysctl -w net.ipv4.tcp_tw_recycle=1 - -works but seems to remove sockets from TIME_WAIT entirely? - -sudo sysctl -w net.ipv4.tcp_fin_timeout=1 - -doen't control TIME_WAIT, it controls FIN_WAIT(2) contrary to some posts - - -******************** CyaSSL Release 1.4.0 (2/18/2010) - -Release 1.3.0 for CyaSSL adds bug fixes, better multi TLS/SSL version support -through SSLv23_server_method(), and improved documentation in the doc/ folder. - -For general build instructions doc/Building_CyaSSL.pdf. - -******************** CyaSSL Release 1.3.0 (1/21/2010) - -Release 1.3.0 for CyaSSL adds bug fixes, a potential security problem fix, -better porting support, removal of assert()s, and a complete THREADX port. - -For general build instructions see rc1 below. - -******************** CyaSSL Release 1.2.0 (11/2/2009) - -Release 1.2.0 for CyaSSL adds bug fixes and session negotiation if first use is -read or write. - -For general build instructions see rc1 below. - -******************** CyaSSL Release 1.1.0 (9/2/2009) - -Release 1.1.0 for CyaSSL adds bug fixes, a check against malicious session -cache use, support for lighttpd, and TLS 1.2. - -To get TLS 1.2 support please use the client and server functions: - -SSL_METHOD *TLSv1_2_server_method(void); -SSL_METHOD *TLSv1_2_client_method(void); - -CyaSSL was tested against lighttpd 1.4.23. To build CyaSSL for use with -lighttpd use the following commands from the CyaSSL install dir : - -./configure --disable-shared --enable-opensslExtra --enable-fastmath --without-zlib - -make -make openssl-links - -Then to build lighttpd with CyaSSL use the following commands from the -lighttpd install dir: - -./configure --with-openssl --with-openssl-includes=/include --with-openssl-libs=/lib LDFLAGS=-lm - -make - -On some systems you may get a linker error about a duplicate symbol for -MD5_Init or other MD5 calls. This seems to be caused by the lighttpd src file -md5.c, which defines MD5_Init(), and is included in liblightcomp_la-md5.o. -When liblightcomp is linked with the SSL_LIBs the linker may complain about -the duplicate symbol. This can be fixed by editing the lighttpd src file md5.c -and adding this line to the beginning of the file: - -#if 0 - -and this line to the end of the file - -#endif - -Then from the lighttpd src dir do a: - -make clean -make - - -If you get link errors about undefined symbols more than likely the actual -OpenSSL libraries are found by the linker before the CyaSSL openssl-links that -point to the CyaSSL library, causing the linker confusion. This can be fixed -by editing the Makefile in the lighttpd src directory and changing the line: - -SSL_LIB = -lssl -lcrypto - -to - -SSL_LIB = -lcyassl - -Then from the lighttpd src dir do a: - -make clean -make - -This should remove any confusion the linker may be having with missing symbols. - -For any questions or concerns please contact support@wolfssl.com . - -For general build instructions see rc1 below. - -******************CyaSSL Release 1.0.6 (8/03/2009) - -Release 1.0.6 for CyaSSL adds bug fixes, an improved session cache, and faster -math with a huge code option. - -The session cache now defaults to a client mode, also good for embedded servers. -For servers not under heavy load (less than 200 new sessions per minute), define -BIG_SESSION_CACHE. If the server will be under heavy load, define -HUGE_SESSION_CACHE. - -There is now a fasthugemath option for configure. This enables fastmath plus -even faster math by greatly increasing the code size of the math library. Use -the benchmark utility to compare public key operations. - - -For general build instructions see rc1 below. - -******************CyaSSL Release 1.0.3 (5/10/2009) - -Release 1.0.3 for CyaSSL adds bug fixes and add increased support for OpenSSL -compatibility when building other applications. - -Release 1.0.3 includes an alpha release of DTLS for both client and servers. -This is only for testing purposes at this time. Rebroadcast and reordering -aren't fully implemented at this time but will be for the next release. - -For general build instructions see rc1 below. - -******************CyaSSL Release 1.0.2 (4/3/2009) - -Release 1.0.2 for CyaSSL adds bug fixes for a couple I/O issues. Some systems -will send a SIGPIPE on socket recv() at any time and this should be handled by -the application by turning off SIGPIPE through setsockopt() or returning from -the handler. - -Release 1.0.2 includes an alpha release of DTLS for both client and servers. -This is only for testing purposes at this time. Rebroadcast and reordering -aren't fully implemented at this time but will be for the next release. - -For general build instructions see rc1 below. - -*****************CyaSSL Release Candidate 3 rc3-1.0.0 (2/25/2009) - - -Release Candidate 3 for CyaSSL 1.0.0 adds bug fixes and adds a project file for -iPhone development with Xcode. cyassl-iphone.xcodeproj is located in the root -directory. This release also includes a fix for supporting other -implementations that bundle multiple messages at the record layer, this was -lost when cyassl i/o was re-implemented but is now fixed. - -For general build instructions see rc1 below. - -*****************CyaSSL Release Candidate 2 rc2-1.0.0 (1/21/2009) - - -Release Candidate 2 for CyaSSL 1.0.0 adds bug fixes and adds two new stream -ciphers along with their respective cipher suites. CyaSSL adds support for -HC-128 and RABBIT stream ciphers. The new suites are: - -TLS_RSA_WITH_HC_128_SHA -TLS_RSA_WITH_RABBIT_SHA - -And the corresponding cipher names are - -HC128-SHA -RABBIT-SHA - -CyaSSL also adds support for building with devkitPro for PPC by changing the -library proper to use libogc. The examples haven't been changed yet but if -there's interest they can be. Here's an example ./configure to build CyaSSL -for devkitPro: - -./configure --disable-shared CC=/pathTo/devkitpro/devkitPPC/bin/powerpc-gekko-gcc --host=ppc --without-zlib --enable-singleThreaded RANLIB=/pathTo/devkitpro/devkitPPC/bin/powerpc-gekko-ranlib CFLAGS="-DDEVKITPRO -DGEKKO" - -For linking purposes you'll need - -LDFLAGS="-g -mrvl -mcpu=750 -meabi -mhard-float -Wl,-Map,$(notdir $@).map" - -For general build instructions see rc1 below. - - -********************CyaSSL Release Candidate 1 rc1-1.0.0 (12/17/2008) - - -Release Candidate 1 for CyaSSL 1.0.0 contains major internal changes. Several -areas have optimization improvements, less dynamic memory use, and the I/O -strategy has been refactored to allow alternate I/O handling or Library use. -Many thanks to Thierry Fournier for providing these ideas and most of the work. - -Because of these changes, this release is only a candidate since some problems -are probably inevitable on some platform with some I/O use. Please report any -problems and we'll try to resolve them as soon as possible. You can contact us -at support@wolfssl.com or todd@wolfssl.com. - -Using TomsFastMath by passing --enable-fastmath to ./configure now uses assembly -on some platforms. This is new so please report any problems as every compiler, -mode, OS combination hasn't been tested. On ia32 all of the registers need to -be available so be sure to pass these options to CFLAGS: - -CFLAGS="-O3 -fomit-frame-pointer" - -OS X will also need -mdynamic-no-pic added to CFLAGS - -Also if you're building in shared mode for ia32 you'll need to pass options to -LDFLAGS as well on OS X: - -LDFLAGS=-Wl,-read_only_relocs,warning - -This gives warnings for some symbols but seems to work. - - ---To build on Linux, Solaris, *BSD, Mac OS X, or Cygwin: - - ./configure - make - - from the ./testsuite/ directory run ./testsuite - -to make a debug build: - - ./configure --enable-debug --disable-shared - make - - - ---To build on Win32 - -Choose (Re)Build All from the project workspace - -Run the testsuite program - - - - - -*************************CyaSSL version 0.9.9 (7/25/2008) - -This release of CyaSSL adds bug fixes, Pre-Shared Keys, over-rideable memory -handling, and optionally TomsFastMath. Thanks to Moisés Guimarães for the -work on TomsFastMath. - -To optionally use TomsFastMath pass --enable-fastmath to ./configure -Or define USE_FAST_MATH in each project from CyaSSL for MSVC. - -Please use the benchmark routine before and after to see the performance -difference, on some platforms the gains will be little but RSA encryption -always seems to be faster. On x86-64 machines with GCC the normal math library -may outperform the fast one when using CFLAGS=-m64 because TomsFastMath can't -yet use -m64 because of GCCs inability to do 128bit division. - - **** UPDATE GCC 4.2.1 can now do 128bit division *** - -See notes below (0.2.0) for complete build instructions. - - -****************CyaSSL version 0.9.8 (5/7/2008) - -This release of CyaSSL adds bug fixes, client side Diffie-Hellman, and better -socket handling. - -See notes below (0.2.0) for complete build instructions. - - -****************CyaSSL version 0.9.6 (1/31/2008) - -This release of CyaSSL adds bug fixes, increased session management, and a fix -for gnutls. - -See notes below (0.2.0) for complete build instructions. - - -****************CyaSSL version 0.9.0 (10/15/2007) - -This release of CyaSSL adds bug fixes, MSVC 2005 support, GCC 4.2 support, -IPV6 support and test, and new test certificates. - -See notes below (0.2.0) for complete build instructions. - - -****************CyaSSL version 0.8.0 (1/10/2007) - -This release of CyaSSL adds increased socket support, for non-blocking writes, -connects, and interrupted system calls. - -See notes below (0.2.0) for complete build instructions. - - -****************CyaSSL version 0.6.3 (10/30/2006) - -This release of CyaSSL adds debug logging to stderr to aid in the debugging of -CyaSSL on systems that may not provide the best support. - -If CyaSSL is built with debugging support then you need to call -CyaSSL_Debugging_ON() to turn logging on. - -On Unix use ./configure --enable-debug - -On Windows define DEBUG_CYASSL when building CyaSSL - - -To turn logging back off call CyaSSL_Debugging_OFF() - -See notes below (0.2.0) for complete build instructions. - - -*****************CyaSSL version 0.6.2 (10/29/2006) - -This release of CyaSSL adds TLS 1.1. - -Note that CyaSSL has certificate verification on by default, unlike OpenSSL. -To emulate OpenSSL behavior, you must call SSL_CTX_set_verify() with -SSL_VERIFY_NONE. In order to have full security you should never do this, -provide CyaSSL with the proper certificates to eliminate impostors and call -CyaSSL_check_domain_name() to prevent man in the middle attacks. - -See notes below (0.2.0) for build instructions. - -*****************CyaSSL version 0.6.0 (10/25/2006) - -This release of CyaSSL adds more SSL functions, better autoconf, nonblocking -I/O for accept, connect, and read. There is now an --enable-small configure -option that turns off TLS, AES, DES3, HMAC, and ERROR_STRINGS, see configure.in -for the defines. Note that TLS requires HMAC and AES requires TLS. - -See notes below (0.2.0) for build instructions. - - -*****************CyaSSL version 0.5.5 (09/27/2006) - -This mini release of CyaSSL adds better input processing through buffered input -and big message support. Added SSL_pending() and some sanity checks on user -settings. - -See notes below (0.2.0) for build instructions. - - -*****************CyaSSL version 0.5.0 (03/27/2006) - -This release of CyaSSL adds AES support and minor bug fixes. - -See notes below (0.2.0) for build instructions. - - -*****************CyaSSL version 0.4.0 (03/15/2006) - -This release of CyaSSL adds TLSv1 client/server support and libtool. - -See notes below for build instructions. - - -*****************CyaSSL version 0.3.0 (02/26/2006) - -This release of CyaSSL adds SSLv3 server support and session resumption. - -See notes below for build instructions. - - -*****************CyaSSL version 0.2.0 (02/19/2006) - - -This is the first release of CyaSSL and its crypt brother, CTaoCrypt. CyaSSL -is written in ANSI C with the idea of a small code size, footprint, and memory -usage in mind. CTaoCrypt can be as small as 32K, and the current client -version of CyaSSL can be as small as 12K. - - -The first release of CTaoCrypt supports MD5, SHA-1, 3DES, ARC4, Big Integer -Support, RSA, ASN parsing, and basic x509 (en/de)coding. - -The first release of CyaSSL supports normal client RSA mode SSLv3 connections -with support for SHA-1 and MD5 digests. Ciphers include 3DES and RC4. - - ---To build on Linux, Solaris, *BSD, Mac OS X, or Cygwin: - - ./configure - make - - from the ./testsuite/ directory run ./testsuite - -to make a debug build: - - ./configure --enable-debug --disable-shared - make - - - ---To build on Win32 - -Choose (Re)Build All from the project workspace - -Run the testsuite program - - - -*** The next release of CyaSSL will support a server and more OpenSSL -compatibility functions. - - -Please send questions or comments to todd@wolfssl.com - - diff --git a/README b/README deleted file mode 100644 index a260e9c1a..000000000 --- a/README +++ /dev/null @@ -1,218 +0,0 @@ -*** Resources *** - - wolfSSL website: https://www.wolfssl.com/ - wolfSSL wiki: https://github.com/wolfSSL/wolfssl/wiki - wolfSSL manual: https://wolfssl.com/wolfSSL/Docs-wolfssl-manual-toc.html - - FIPS FAQ: https://www.wolfssl.com/wolfSSL/fips.html - - wolfSSL API: https://wolfssl.com/wolfSSL/Docs-wolfssl-manual-17-wolfssl-api-reference.html - wolfCrypt API: https://wolfssl.com/wolfSSL/Docs-wolfssl-manual-18-wolfcrypt-api-reference.html - - TLS 1.3 https://www.wolfssl.com/docs/tls13/ - -*** Description *** - -The wolfSSL embedded SSL library (formerly CyaSSL) is a lightweight SSL/TLS -library written in ANSI C and targeted for embedded, RTOS, and -resource-constrained environments - primarily because of its small size, speed, -and feature set. It is commonly used in standard operating environments as well -because of its royalty-free pricing and excellent cross platform support. wolfSSL -supports industry standards up to the current TLS 1.3 and DTLS 1.3 levels, is up -to 20 times smaller than OpenSSL, and offers progressive ciphers such as ChaCha20, -Curve25519, NTRU, and Blake2b. User benchmarking and feedback reports -dramatically better performance when using wolfSSL over OpenSSL. - -wolfSSL is powered by the wolfCrypt library. A version of the wolfCrypt -cryptography library has been FIPS 140-2 validated (Certificate #2425). For -additional information, visit the wolfCrypt FIPS FAQ -(https://www.wolfssl.com/license/fips/) or contact fips@wolfssl.com - -*** Why choose wolfSSL? *** - -There are many reasons to choose wolfSSL as your embedded SSL solution. Some of -the top reasons include size (typical footprint sizes range from 20-100 kB), -support for the newest standards (SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3, -DTLS 1.0, and DTLS 1.2), current and progressive cipher support (including stream -ciphers), multi-platform, royalty free, and an OpenSSL compatibility API to ease -porting into existing applications which have previously used the OpenSSL package. -For a complete feature list, see https://www.wolfssl.com/docs/wolfssl-manual/ch4/ - -*** Notes, Please read *** - -Note 1) -wolfSSL as of 3.6.6 no longer enables SSLv3 by default. wolfSSL also no -longer supports static key cipher suites with PSK, RSA, or ECDH. This means -if you plan to use TLS cipher suites you must enable DH (DH is on by default), -or enable ECC (ECC is on by default), or you must enable static -key cipher suites with - WOLFSSL_STATIC_DH - WOLFSSL_STATIC_RSA - or - WOLFSSL_STATIC_PSK - -though static key cipher suites are deprecated and will be removed from future -versions of TLS. They also lower your security by removing PFS. Since current -NTRU suites available do not use ephemeral keys, WOLFSSL_STATIC_RSA needs to be -used in order to build with NTRU suites. - -When compiling ssl.c, wolfSSL will now issue a compiler error if no cipher suites -are available. You can remove this error by defining WOLFSSL_ALLOW_NO_SUITES -in the event that you desire that, i.e., you're not using TLS cipher suites. - -Note 2) -wolfSSL takes a different approach to certificate verification than OpenSSL -does. The default policy for the client is to verify the server, this means -that if you don't load CAs to verify the server you'll get a connect error, -no signer error to confirm failure (-188). -If you want to mimic OpenSSL behavior of having SSL_connect succeed even if -verifying the server fails and reducing security you can do this by calling: - -wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0); - -before calling wolfSSL_new(); Though it's not recommended. - -Note 3) -The enum values SHA, SHA256, SHA384, SHA512 are no longer available when -wolfSSL is built with --enable-opensslextra (OPENSSL_EXTRA) or with the macro -NO_OLD_SHA_NAMES. These names get mapped to the OpenSSL API for a single call -hash function. Instead the name WC_SHA, WC_SHA256, WC_SHA384 and WC_SHA512 -should be used for the enum name. - -*** end Notes *** - - -** wolfSSL Release 3.15.0 (05/05/2018) - -Release 3.15.0 of wolfSSL embedded TLS has bug fixes and new features including: - -- Support for TLS 1.3 Draft versions 23, 26 and 28. -- Add FIPS SGX support! -- Single Precision assembly code added for ARM and 64-bit ARM to enhance - performance. -- Improved performance for Single Precision maths on 32-bit. -- Improved downgrade support for the TLS 1.3 handshake. -- Improved TLS 1.3 support from interoperability testing. -- Added option to allow TLS 1.2 to be compiled out to reduce size and enhance - security. -- Added option to support Ed25519 in TLS 1.2 and 1.3. -- Update wolfSSL_HMAC_Final() so the length parameter is optional. -- Various fixes for Coverity static analysis reports. -- Add define to use internal struct timeval (USE_WOLF_TIMEVAL_T). -- Switch LowResTimer() to call XTIME instead of time(0) for better portability. -- Expanded OpenSSL compatibility layer with a bevy of new functions. -- Added Renesas CS+ project files. -- Align DH support with NIST SP 800-56A, add wc_DhSetKey_ex() for q parameter. -- Add build option for CAVP self test build (--enable-selftest). -- Expose mp_toradix() when WOLFSSL_PUBLIC_MP is defined. -- Example certificate expiration dates and generation script updated. -- Additional optimizations to trim out unused strings depending on build - options. -- Fix for DN tag strings to have “=” when returning the string value to users. -- Fix for wolfSSL_ERR_get_error_line_data return value if no more errors are - in the queue. -- Fix for AES-CBC IV value with PIC32 hardware acceleration. -- Fix for wolfSSL_X509_print with ECC certificates. -- Fix for strict checking on URI absolute vs relative path. -- Added crypto device framework to handle PK RSA/ECC operations using - callbacks, which adds new build option `./configure --enable-cryptodev` or - `WOLF_CRYPTO_DEV`. -- Added devId support to ECC and PKCS7 for hardware based private key. -- Fixes in PKCS7 for handling possible memory leak in some error cases. -- Added test for invalid cert common name when set with - `wolfSSL_check_domain_name`. -- Refactor of the cipher suite names to use single array, which contains - internal name, IANA name and cipher suite bytes. -- Added new function `wolfSSL_get_cipher_name_from_suite` for getting IANA - cipher suite name using bytes. -- Fixes for fsanitize reports. -- Fix for openssl compatibility function `wolfSSL_RSA_verify` to check - returned size. -- Fixes and improvements for FreeRTOS AWS. -- Fixes for building openssl compatibility with FreeRTOS. -- Fix and new test for handling match on domain name that may have a null - terminator inside. -- Cleanup of the socket close code used for examples, CRL/OCSP and BIO to use - single macro `CloseSocket`. -- Refactor of the TLSX code to support returning error codes. -- Added new signature wrapper functions `wc_SignatureVerifyHash` and - `wc_SignatureGenerateHash` to allow direct use of hash. -- Improvement to GCC-ARM IDE example. -- Enhancements and cleanups for the ASN date/time code including new API's - `wc_GetDateInfo`, `wc_GetCertDates` and `wc_GetDateAsCalendarTime`. -- Fixes to resolve issues with C99 compliance. Added build option `WOLF_C99` - to force C99. -- Added a new `--enable-opensslall` option to enable all openssl compatibility - features. -- Added new `--enable-webclient` option for enabling a few HTTP API's. -- Added new `wc_OidGetHash` API for getting the hash type from a hash OID. -- Moved `wolfSSL_CertPemToDer`, `wolfSSL_KeyPemToDer`, `wolfSSL_PubKeyPemToDer` - to asn.c and renamed to `wc_`. Added backwards compatibility macro for old - function names. -- Added new `WC_MAX_SYM_KEY_SIZE` macro for helping determine max key size. -- Added `--enable-enckeys` or (`WOLFSSL_ENCRYPTED_KEYS`) to enable support for - encrypted PEM private keys using password callback without having to use - opensslextra. -- Added ForceZero on the password buffer after done using it. -- Refactor unique hash types to use same internal values - (ex WC_MD5 == WC_HASH_TYPE_MD5). -- Refactor the Sha3 types to use `wc_` naming, while retaining old names for - compatibility. -- Improvements to `wc_PBKDF1` to support more hash types and the non-standard - extra data option. -- Fix TLS 1.3 with ECC disabled and CURVE25519 enabled. -- Added new define `NO_DEV_URANDOM` to disable the use of `/dev/urandom`. -- Added `WC_RNG_BLOCKING` to indicate block w/sleep(0) is okay. -- Fix for `HAVE_EXT_CACHE` callbacks not being available without - `OPENSSL_EXTRA` defined. -- Fix for ECC max bits `MAX_ECC_BITS` not always calculating correctly due to - macro order. -- Added support for building and using PKCS7 without RSA (assuming ECC is - enabled). -- Fixes and additions for Cavium Nitrox V to support ECC, AES-GCM and HMAC - (SHA-224 and SHA3). -- Enabled ECC, AES-GCM and SHA-512/384 by default in (Linux and Windows) -- Added `./configure --enable-base16` and `WOLFSSL_BASE16` configuration - option to enable Base16 API's. -- Improvements to ATECC508A support for building without `WOLFSSL_ATMEL` - defined. -- Refactor IO callback function names to use `_CTX_` to eliminate confusion - about the first parameter. -- Added support for not loading a private key for server or client when - `HAVE_PK_CALLBACK` is defined and the private PK callback is set. -- Added new ECC API `wc_ecc_sig_size_calc` to return max signature size for - a key size. -- Cleanup ECC point import/export code and added new API - `wc_ecc_import_unsigned`. -- Fixes for handling OCSP with non-blocking. -- Added new PK (Primary Key) callbacks for the VerifyRsaSign. The new - callbacks API's are `wolfSSL_CTX_SetRsaVerifySignCb` and - `wolfSSL_CTX_SetRsaPssVerifySignCb`. -- Added new ECC API `wc_ecc_rs_raw_to_sig` to take raw unsigned R and S and - encodes them into ECDSA signature format. -- Added support for `WOLFSSL_STM32F1`. -- Cleanup of the ASN X509 header/footer and XSTRNCPY logic. -- Add copyright notice to autoconf files. (Thanks Brian Aker!) -- Updated the M4 files for autotools. (Thanks Brian Aker!) -- Add support for the cipher suite TLS_DH_anon_WITH_AES256_GCM_SHA384 with - test cases. (Thanks Thivya Ashok!) -- Add the TLS alert message unknown_psk_identity (115) from RFC 4279, - section 2. (Thanks Thivya Ashok!) -- Fix the case when using TCP with timeouts with TLS. wolfSSL shall be - agnostic to network socket behavior for TLS. (DTLS is another matter.) - The functions `wolfSSL_set_using_nonblock()` and - `wolfSSL_get_using_nonblock()` are deprecated. -- Hush the AR warning when building the static library with autotools. -- Hush the “-pthread” warning when building in some environments. -- Added a dist-hook target to the Makefile to reset the default options.h file. -- Removed the need for the darwin-clang.m4 file with the updates provided by - Brian A. -- Renamed the AES assembly file so GCC on the Mac will build it using the - preprocessor. -- Add a disable option (--disable-optflags) to turn off the default - optimization flags so user may supply their own custom flags. -- Correctly touch the dummy fips.h header. - -If you have questions on any of this, email us at info@wolfssl.com. -See INSTALL file for build instructions. -More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html From 1c17f55ee4631f9dbdb6b49f0bc1dc22304b171c Mon Sep 17 00:00:00 2001 From: John Safranek Date: Tue, 5 Jun 2018 16:10:08 -0700 Subject: [PATCH 134/146] updated the readme/changelog with the correct release date --- ChangeLog.md | 2 +- README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/ChangeLog.md b/ChangeLog.md index 776f5ea3b..750274aed 100644 --- a/ChangeLog.md +++ b/ChangeLog.md @@ -1,4 +1,4 @@ -# wolfSSL Release 3.15.0 (05/05/2018) +# wolfSSL Release 3.15.0 (06/05/2018) Release 3.15.0 of wolfSSL embedded TLS has bug fixes and new features including: diff --git a/README.md b/README.md index c51ce7c51..8a6c57c32 100644 --- a/README.md +++ b/README.md @@ -75,7 +75,7 @@ hash function. Instead the name WC_SHA, WC_SHA256, WC_SHA384 and WC_SHA512 should be used for the enum name. ``` -# wolfSSL Release 3.15.0 (05/05/2018) +# wolfSSL Release 3.15.0 (06/05/2018) Release 3.15.0 of wolfSSL embedded TLS has bug fixes and new features including: From 9b9568d500f31f964af26ba8d01e542e1f27e5ca Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Mon, 28 May 2018 08:32:45 +1000 Subject: [PATCH 135/146] Change ECDSA signing to use blinding. --- wolfcrypt/src/ecc.c | 68 +++++++++++++++++++++++++++++++++++---------- 1 file changed, 54 insertions(+), 14 deletions(-) diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index ee271da8f..6bfd21058 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -3139,12 +3139,6 @@ static int wc_ecc_gen_k(WC_RNG* rng, int size, mp_int* k, mp_int* order) if (err == 0) err = mp_read_unsigned_bin(k, (byte*)buf, size); - /* quick sanity check to make sure we're not dealing with a 0 key */ - if (err == MP_OKAY) { - if (mp_iszero(k) == MP_YES) - err = MP_ZERO_E; - } - /* the key should be smaller than the order of base point */ if (err == MP_OKAY) { if (mp_cmp(k, order) != MP_LT) { @@ -3152,6 +3146,12 @@ static int wc_ecc_gen_k(WC_RNG* rng, int size, mp_int* k, mp_int* order) } } + /* quick sanity check to make sure we're not dealing with a 0 key */ + if (err == MP_OKAY) { + if (mp_iszero(k) == MP_YES) + err = MP_ZERO_E; + } + ForceZero(buf, ECC_MAXSIZE); #ifdef WOLFSSL_SMALL_STACK XFREE(buf, NULL, DYNAMIC_TYPE_ECC_BUFFER); @@ -3924,20 +3924,40 @@ int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, WC_RNG* rng, /* don't use async for key, since we don't support async return here */ if ((err = wc_ecc_init_ex(&pubkey, key->heap, INVALID_DEVID)) == MP_OKAY) { + mp_int b; + + if (err == MP_OKAY) { + err = mp_init(&b); + } + #ifdef WOLFSSL_CUSTOM_CURVES /* if custom curve, apply params to pubkey */ - if (key->idx == ECC_CUSTOM_IDX) { + if (err == MP_OKAY && key->idx == ECC_CUSTOM_IDX) { err = wc_ecc_set_custom_curve(&pubkey, key->dp); } #endif + if (err == MP_OKAY) { + /* Generate blinding value - non-zero value. */ + do { + if (++loop_check > 64) { + err = RNG_FAILURE_E; + break; + } + + err = wc_ecc_gen_k(rng, key->dp->size, &b, curve->order); + } + while (err == MP_ZERO_E); + loop_check = 0; + } + for (; err == MP_OKAY;) { if (++loop_check > 64) { err = RNG_FAILURE_E; break; } err = wc_ecc_make_key_ex(rng, key->dp->size, &pubkey, - key->dp->id); + key->dp->id); if (err != MP_OKAY) break; /* find r = x1 mod n */ @@ -3953,30 +3973,50 @@ int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, WC_RNG* rng, mp_forcezero(&pubkey.k); } else { - /* find s = (e + xr)/k */ + /* find s = (e + xr)/k + = b.(e/k.b + x.r/k.b) */ + + /* k = k.b */ + err = mp_mulmod(&pubkey.k, &b, curve->order, &pubkey.k); + if (err != MP_OKAY) break; + + /* k = 1/k.b */ err = mp_invmod(&pubkey.k, curve->order, &pubkey.k); if (err != MP_OKAY) break; - /* s = xr */ + /* s = x.r */ err = mp_mulmod(&key->k, r, curve->order, s); if (err != MP_OKAY) break; - /* s = e + xr */ + /* s = x.r/k.b */ + err = mp_mulmod(&pubkey.k, s, curve->order, s); + if (err != MP_OKAY) break; + + /* e = e/k.b */ + err = mp_mulmod(&pubkey.k, e, curve->order, e); + if (err != MP_OKAY) break; + + /* s = e/k.b + x.r/k.b + = (e + x.r)/k.b */ err = mp_add(e, s, s); if (err != MP_OKAY) break; - /* s = e + xr */ - err = mp_mod(s, curve->order, s); + /* s = b.(e + x.r)/k.b + = (e + x.r)/k */ + err = mp_mulmod(s, &b, curve->order, s); if (err != MP_OKAY) break; /* s = (e + xr)/k */ - err = mp_mulmod(s, &pubkey.k, curve->order, s); + err = mp_mod(s, curve->order, s); + if (err != MP_OKAY) break; if (mp_iszero(s) == MP_NO) break; } } wc_ecc_free(&pubkey); + mp_clear(&b); + mp_free(&b); } } From e9d9e7c37c2f22ac01e6cf692ab22dfd724d5a1e Mon Sep 17 00:00:00 2001 From: John Safranek Date: Wed, 6 Jun 2018 10:56:24 -0700 Subject: [PATCH 136/146] replaced NEWS.md in Makefile.am with ChangeLog.md --- Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile.am b/Makefile.am index 7488c8069..083ab0df7 100644 --- a/Makefile.am +++ b/Makefile.am @@ -84,7 +84,7 @@ EXTRA_DIST+= wolfssl64.sln EXTRA_DIST+= valgrind-error.sh EXTRA_DIST+= gencertbuf.pl EXTRA_DIST+= README.md -EXTRA_DIST+= NEWS.md +EXTRA_DIST+= ChangeLog.md EXTRA_DIST+= LICENSING EXTRA_DIST+= INSTALL EXTRA_DIST+= IPP From 020b69aba009f4fa5f571e123cef4be4170739bf Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Thu, 7 Jun 2018 22:01:42 +1000 Subject: [PATCH 137/146] Return TLS 1.3 draft version in ServerHello --- src/tls.c | 14 ++++++++++++-- src/tls13.c | 10 ++++++++-- 2 files changed, 20 insertions(+), 4 deletions(-) diff --git a/src/tls.c b/src/tls.c index df8ac64f5..0b76ae8d9 100644 --- a/src/tls.c +++ b/src/tls.c @@ -4751,8 +4751,18 @@ static int TLSX_SupportedVersions_Write(void* data, byte* output, } #ifndef WOLFSSL_TLS13_DRAFT_18 else if (msgType == server_hello || msgType == hello_retry_request) { - output[0] = ssl->version.major; - output[1] = ssl->version.minor; + #ifndef WOLFSSL_TLS13_FINAL + if (ssl->version.major == SSLv3_MAJOR && + ssl->version.minor == TLSv1_3_MINOR) { + output[0] = TLS_DRAFT_MAJOR; + output[1] = TLS_DRAFT_MINOR; + } + else + #endif + { + output[0] = ssl->version.major; + output[1] = ssl->version.minor; + } *pSz += OPAQUE16_LEN; } diff --git a/src/tls13.c b/src/tls13.c index 75bc5ddc1..9bf209ff3 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -3713,8 +3713,14 @@ static int RestartHandshakeHashWithCookie(WOLFSSL* ssl, Cookie* cookie) hrrIdx += 2; c16toa(OPAQUE16_LEN, hrr + hrrIdx); hrrIdx += 2; - hrr[hrrIdx++] = ssl->version.major; - hrr[hrrIdx++] = ssl->version.minor; + /* TODO: [TLS13] Change to ssl->version.major and minor once final. */ + #ifdef WOLFSSL_TLS13_FINAL + hrr[hrrIdx++] = ssl->version.major; + hrr[hrrIdx++] = ssl->version.minor; + #else + hrr[hrrIdx++] = TLS_DRAFT_MAJOR; + hrr[hrrIdx++] = TLS_DRAFT_MINOR; + #endif #endif /* Mandatory Cookie Extension */ c16toa(TLSX_COOKIE, hrr + hrrIdx); From 00ddeb07d873edecec776b1e171116dd5a53b12a Mon Sep 17 00:00:00 2001 From: David Garske Date: Thu, 7 Jun 2018 15:56:37 -0700 Subject: [PATCH 138/146] Resolves issue with reassembling large certificates. The `ProcessPeerCerts` function was using the wrong max size check for certs. Built and test with `./configure CFLAGS="-DMAX_CERTIFICATE_SZ=20000"`. --- src/internal.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/internal.c b/src/internal.c index d47316f25..716cd3a46 100644 --- a/src/internal.c +++ b/src/internal.c @@ -8276,7 +8276,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, } c24to32(input + args->idx, &listSz); args->idx += OPAQUE24_LEN; - if (listSz > MAX_RECORD_SIZE) { + if (listSz > MAX_CERTIFICATE_SZ) { ERROR_OUT(BUFFER_ERROR, exit_ppc); } if ((args->idx - args->begin) + listSz != totalSz) { From 587f4ae79e4c39d0eee83a8fbb21da2c942986f3 Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Fri, 8 Jun 2018 09:00:12 +1000 Subject: [PATCH 139/146] Don't include sys/time.h explicitly in tls13.c --- src/tls13.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/tls13.c b/src/tls13.c index 75bc5ddc1..27bc33b8b 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -80,7 +80,7 @@ #ifdef WOLFSSL_TLS13 #ifdef HAVE_SESSION_TICKET - #include + #include #endif #ifndef WOLFCRYPT_ONLY From 5547a7b4bd35b5b0202f2886bc220225c19e10cf Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Fri, 8 Jun 2018 17:38:11 +1000 Subject: [PATCH 140/146] Fix private-only keys and make them script generated --- certs/ed25519/ca-ed25519-priv.der | Bin 0 -> 48 bytes certs/ed25519/ca-ed25519-priv.pem | 3 +++ certs/ed25519/client-ed25519-priv.der | Bin 48 -> 48 bytes certs/ed25519/client-ed25519-priv.pem | 2 +- certs/ed25519/gen-ed25519.sh | 14 ++++++++++++++ certs/ed25519/include.am | 4 ++++ certs/ed25519/root-ed25519-priv.der | Bin 0 -> 48 bytes certs/ed25519/root-ed25519-priv.pem | 3 +++ certs/ed25519/server-ed25519-priv.der | Bin 48 -> 48 bytes certs/ed25519/server-ed25519-priv.pem | 2 +- 10 files changed, 26 insertions(+), 2 deletions(-) create mode 100644 certs/ed25519/ca-ed25519-priv.der create mode 100644 certs/ed25519/ca-ed25519-priv.pem create mode 100644 certs/ed25519/root-ed25519-priv.der create mode 100644 certs/ed25519/root-ed25519-priv.pem diff --git a/certs/ed25519/ca-ed25519-priv.der b/certs/ed25519/ca-ed25519-priv.der new file mode 100644 index 0000000000000000000000000000000000000000..1618c73b2c4c48b4b29a857314ca023582f5b0c1 GIT binary patch literal 48 zcmXreV`5}5U}a<0PAy6Au6Y literal 48 zcmXreV`5}5U}a<0PAy ${NAME}-ed25519-priv.der + head -c 48 ${NAME}-ed25519-key.der | tail -c 46 >> ${NAME}-ed25519-priv.der + + echo "-----BEGIN PRIVATE KEY-----" > ${NAME}-ed25519-priv.pem + openssl base64 -in ${NAME}-ed25519-priv.der >> ${NAME}-ed25519-priv.pem + echo "-----END PRIVATE KEY-----" >> ${NAME}-ed25519-priv.pem +} + +NAME=server convert +NAME=client convert +NAME=root convert +NAME=ca convert + diff --git a/certs/ed25519/include.am b/certs/ed25519/include.am index ce3fb8081..3bd79c6d1 100644 --- a/certs/ed25519/include.am +++ b/certs/ed25519/include.am @@ -7,6 +7,8 @@ EXTRA_DIST += \ certs/ed25519/ca-ed25519.pem \ certs/ed25519/ca-ed25519-key.der \ certs/ed25519/ca-ed25519-key.pem \ + certs/ed25519/ca-ed25519-priv.der \ + certs/ed25519/ca-ed25519-priv.pem \ certs/ed25519/client-ed25519.der \ certs/ed25519/client-ed25519.pem \ certs/ed25519/client-ed25519-key.der \ @@ -17,6 +19,8 @@ EXTRA_DIST += \ certs/ed25519/root-ed25519.pem \ certs/ed25519/root-ed25519-key.der \ certs/ed25519/root-ed25519-key.pem \ + certs/ed25519/root-ed25519-priv.der \ + certs/ed25519/root-ed25519-priv.pem \ certs/ed25519/server-ed25519.der \ certs/ed25519/server-ed25519.pem \ certs/ed25519/server-ed25519-key.der \ diff --git a/certs/ed25519/root-ed25519-priv.der b/certs/ed25519/root-ed25519-priv.der new file mode 100644 index 0000000000000000000000000000000000000000..6ca194a933fb8e812f0cd15c613a80cf7dc3bbda GIT binary patch literal 48 zcmXreV`5}5U}a<0PAy6Au6Y literal 0 HcmV?d00001 diff --git a/certs/ed25519/root-ed25519-priv.pem b/certs/ed25519/root-ed25519-priv.pem new file mode 100644 index 000000000..0104b1620 --- /dev/null +++ b/certs/ed25519/root-ed25519-priv.pem @@ -0,0 +1,3 @@ +-----BEGIN PRIVATE KEY----- +MC4CAQAwBQYDK2VwBCIEICejNCo11Lu44dzY7A/BoNGiXPkG8ERdO5dNvd9KO6NO +-----END PRIVATE KEY----- diff --git a/certs/ed25519/server-ed25519-priv.der b/certs/ed25519/server-ed25519-priv.der index a157ffd09cc1f70cdf39cf828741a8b2e1e0d946..2245c976d7fb955535195698835545bab2c05cde 100644 GIT binary patch literal 48 zcmXreV`5}5U}a<0PAy Date: Fri, 8 Jun 2018 10:16:40 -0600 Subject: [PATCH 141/146] Allow for wc_SetAltNamesBuffer call with larger than 16384 buffers at user discretion --- wolfssl/wolfcrypt/asn_public.h | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/wolfssl/wolfcrypt/asn_public.h b/wolfssl/wolfcrypt/asn_public.h index 9bd337eff..a3c914a58 100644 --- a/wolfssl/wolfcrypt/asn_public.h +++ b/wolfssl/wolfcrypt/asn_public.h @@ -100,11 +100,15 @@ enum Ctc_Encoding { CTC_PRINTABLE = 0x13 /* printable */ }; +#ifndef WC_CTC_MAX_ALT_SIZE + #define WC_CTC_MAX_ALT_SIZE 16384 +#endif + enum Ctc_Misc { CTC_COUNTRY_SIZE = 2, CTC_NAME_SIZE = 64, CTC_DATE_SIZE = 32, - CTC_MAX_ALT_SIZE = 16384, /* may be huge */ + CTC_MAX_ALT_SIZE = WC_CTC_MAX_ALT_SIZE, /* may be huge, default: 16384 */ CTC_SERIAL_SIZE = 16, #ifdef WOLFSSL_CERT_EXT /* AKID could contains: hash + (Option) AuthCertIssuer,AuthCertSerialNum From ce2f393bc7d80d74c4a27c338a03f73ced31d940 Mon Sep 17 00:00:00 2001 From: John Safranek Date: Fri, 8 Jun 2018 10:47:14 -0700 Subject: [PATCH 142/146] Autoconf Update 1. Remove many redundant macros. 2. Reorder several macros to more appropriate locations. 3. Several macros take lists of items to process, not just individual items. Combined duplicated macros' parameters into lists. 4. Some macros had unnecessary parameters. 5. Added some AX_REQUIRE_DEFINED() checks for the macros used. 6. Add cyassl/options.h to the AC_CONFIG_FILES list. It will be recreated from the template when running config.status the same as wolfssl/options.h 7. Remove the dist-dir rule from Makefile.am. This is prefering the process rather than automating that one step. Make dist will not run config.status. * AC_PROG_CC must be before any macros that will try to compile for tests. * AC_CHECK_SIZEOF takes a single type, no size values. * Only one of the AC_CANONICAL_X macros are expanded. Removed AC_CANONICAL_BUILD since it is never actually used. * Removed the AC_PROG_CXX and anything C++ related. * Removed LT_LANG([C]) as it is the default and the C doesn't do anything. --- Makefile.am | 3 -- configure.ac | 97 ++++++++-------------------------- m4/ax_harden_compiler_flags.m4 | 4 ++ 3 files changed, 27 insertions(+), 77 deletions(-) diff --git a/Makefile.am b/Makefile.am index 083ab0df7..036401fbf 100644 --- a/Makefile.am +++ b/Makefile.am @@ -205,6 +205,3 @@ merge-clean: @find ./ | $(GREP) \.BASE | xargs rm -f @find ./ | $(GREP) \~$$ | xargs rm -f -dist-hook: - cp $(distdir)/wolfssl/options.h.in $(distdir)/wolfssl/options.h - diff --git a/configure.ac b/configure.ac index 390435873..037fb89a2 100644 --- a/configure.ac +++ b/configure.ac @@ -6,39 +6,32 @@ # # AC_COPYRIGHT([Copyright (C) 2006-2018 wolfSSL Inc.]) +AC_PREREQ([2.63]) AC_INIT([wolfssl],[3.15.0],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[https://www.wolfssl.com]) - AC_CONFIG_AUX_DIR([build-aux]) # The following sets CFLAGS and CXXFLAGS to empty if unset on command line. -# We do not want the default "-g -O2" that AC_PROG_CC AC_PROG_CXX sets -# automatically. +# We do not want the default "-g -O2" that AC_PROG_CC sets automatically. : ${CFLAGS=""} -: ${CXXFLAGS=""} # Test ar for the "U" option. Should be checked before the libtool macros. xxx_ar_flags=$((ar --help) 2>&1) AS_CASE([$xxx_ar_flags],[*'use actual timestamps and uids/gids'*],[: ${AR_FLAGS="Ucru"}]) +AC_PROG_CC +AM_PROG_CC_C_O AC_CANONICAL_HOST -AC_CANONICAL_BUILD - -AM_INIT_AUTOMAKE([1.11 -Wall -Werror -Wno-portability foreign tar-ustar subdir-objects no-define color-tests]) -AC_PREREQ([2.63]) - -AC_ARG_PROGRAM -AC_DEFUN([PROTECT_AC_USE_SYSTEM_EXTENSIONS], - [AX_SAVE_FLAGS - AC_LANG_PUSH([C]) - AC_USE_SYSTEM_EXTENSIONS - AC_LANG_POP([C]) - AX_RESTORE_FLAGS - ]) -#PROTECT_AC_USE_SYSTEM_EXTENSIONS - AC_CONFIG_MACRO_DIR([m4]) -AC_CONFIG_HEADERS([config.h:config.in])dnl Keep filename to 8.3 for MS-DOS. +AM_INIT_AUTOMAKE([1.11 -Wall -Werror -Wno-portability foreign tar-ustar subdir-objects no-define color-tests]) +m4_ifdef([AM_SILENT_RULES],[AM_SILENT_RULES([yes])]) + +AC_ARG_PROGRAM + +AC_CONFIG_HEADERS([config.h:config.in]) + +LT_PREREQ([2.2]) +LT_INIT([disable-static win32-dll]) #shared library versioning WOLFSSL_LIBRARY_VERSION=17:0:0 @@ -60,57 +53,29 @@ AC_SUBST([WOLFSSL_LIBRARY_VERSION]) USER_C_EXTRA_FLAGS="$C_EXTRA_FLAGS" USER_CFLAGS="$CFLAGS" -LT_PREREQ([2.2]) -LT_INIT([disable-static],[win32-dll]) -LT_LANG([C++]) -LT_LANG([C]) - gl_VISIBILITY AS_IF([ test -n "$CFLAG_VISIBILITY" ], [ AM_CPPFLAGS="$AM_CPPFLAGS $CFLAG_VISIBILITY" CPPFLAGS="$CPPFLAGS $CFLAG_VISIBILITY" ]) -m4_ifdef([AM_SILENT_RULES],[AM_SILENT_RULES([yes])]) # Moved these size of and type checks before the library checks. # The library checks add the library to subsequent test compiles # and in some rare cases, the networking check causes these sizeof # checks to fail. -AC_CHECK_SIZEOF(long long, 8) -AC_CHECK_SIZEOF(long, 4) -AC_CHECK_TYPES(__uint128_t) -AC_CHECK_FUNCS([gethostbyname]) -AC_CHECK_FUNCS([getaddrinfo]) -AC_CHECK_FUNCS([gettimeofday]) -AC_CHECK_FUNCS([gmtime_r]) -AC_CHECK_FUNCS([inet_ntoa]) -AC_CHECK_FUNCS([memset]) -AC_CHECK_FUNCS([socket]) -AC_CHECK_HEADERS([arpa/inet.h]) -AC_CHECK_HEADERS([fcntl.h]) -AC_CHECK_HEADERS([limits.h]) -AC_CHECK_HEADERS([netdb.h]) -AC_CHECK_HEADERS([netinet/in.h]) -AC_CHECK_HEADERS([stddef.h]) -AC_CHECK_HEADERS([sys/ioctl.h]) -AC_CHECK_HEADERS([sys/socket.h]) -AC_CHECK_HEADERS([sys/time.h]) -AC_CHECK_HEADERS([errno.h]) -AC_CHECK_LIB(network,socket) +AC_CHECK_SIZEOF([long long]) +AC_CHECK_SIZEOF([long]) +AC_CHECK_TYPES([__uint128_t]) +AC_CHECK_FUNCS([gethostbyname getaddrinfo gettimeofday gmtime_r inet_ntoa memset socket]) +AC_CHECK_HEADERS([arpa/inet.h fcntl.h limits.h netdb.h netinet/in.h stddef.h sys/ioctl.h sys/socket.h sys/time.h errno.h]) +AC_CHECK_LIB([network],[socket]) AC_C_BIGENDIAN -# mktime check takes forever on some systems, if time supported it would be -# highly unusual for mktime to be missing -#AC_FUNC_MKTIME -AC_PROG_CC -AC_PROG_CC_C_O -AC_PROG_CXX AC_PROG_INSTALL AC_TYPE_SIZE_T AC_TYPE_UINT8_T AM_PROG_AS -AM_PROG_CC_C_O LT_LIB_M OPTIMIZE_CFLAGS="-Os -fomit-frame-pointer" @@ -120,13 +85,9 @@ DEBUG_CFLAGS="-g -DDEBUG -DDEBUG_WOLFSSL" LIB_ADD= LIB_STATIC_ADD= -thread_ls_on=no # Thread local storage -AX_TLS([ - [AM_CFLAGS="$AM_CFLAGS -DHAVE_THREAD_LS"] - [thread_ls_on=yes] - ] , [:]) - +AX_TLS([thread_ls_on=yes],[thread_ls_on=no]) +AS_IF([test "x$thread_ls_on" = "xyes"],[AM_CFLAGS="$AM_CFLAGS -DHAVE_THREAD_LS"]) # DEBUG AX_DEBUG @@ -135,7 +96,6 @@ AS_IF([test "$ax_enable_debug" = "yes"], [AM_CFLAGS="$AM_CFLAGS -DNDEBUG"]) - # Distro build feature subset (Debian, Ubuntu, etc.) AC_ARG_ENABLE([distro], [AS_HELP_STRING([--enable-distro],[Enable wolfSSL distro build (default: disabled)])], @@ -280,7 +240,7 @@ AS_IF([ test "x$ENABLED_SINGLETHREADED" = "xno" ],[ ],[ ENABLED_SINGLETHREADED=yes ]) - ]) + ]) AS_IF([ test "x$ENABLED_SINGLETHREADED" = "xyes" ],[ AM_CFLAGS="-DSINGLE_THREADED $AM_CFLAGS" ]) @@ -4225,7 +4185,6 @@ fi OPTION_FLAGS="$USER_CFLAGS $USER_C_EXTRA_FLAGS $CPPFLAGS $AM_CFLAGS" - CREATE_HEX_VERSION AC_SUBST([AM_CPPFLAGS]) AC_SUBST([AM_CFLAGS]) @@ -4236,17 +4195,7 @@ AC_SUBST([LIB_STATIC_ADD]) # FINAL AC_CONFIG_FILES([stamp-h], [echo timestamp > stamp-h]) -AC_CONFIG_FILES([Makefile]) -AC_CONFIG_FILES([wolfssl/version.h]) -AC_CONFIG_FILES([wolfssl/options.h]) -#have options.h and version.h for autoconf fips tag and build -#if test "x$ENABLED_FIPS" = "xyes" -#then -# AC_CONFIG_FILES([cyassl/version.h]) -# AC_CONFIG_FILES([cyassl/options.h]) -#fi -AC_CONFIG_FILES([support/wolfssl.pc]) -AC_CONFIG_FILES([rpm/spec]) +AC_CONFIG_FILES([Makefile wolfssl/version.h wolfssl/options.h cyassl/options.h support/wolfssl.pc rpm/spec]) AX_CREATE_GENERIC_CONFIG AX_AM_JOBSERVER([yes]) diff --git a/m4/ax_harden_compiler_flags.m4 b/m4/ax_harden_compiler_flags.m4 index c0ee1b17e..908855626 100644 --- a/m4/ax_harden_compiler_flags.m4 +++ b/m4/ax_harden_compiler_flags.m4 @@ -67,6 +67,7 @@ # changes: deleted the clearing of CFLAGS AC_DEFUN([AX_HARDEN_LINKER_FLAGS], [ + AX_REQUIRE_DEFINED([AX_CHECK_LINK_FLAG]) AC_REQUIRE([AX_VCS_CHECKOUT]) AC_REQUIRE([AX_DEBUG]) @@ -95,6 +96,7 @@ ]) AC_DEFUN([AX_HARDEN_CC_COMPILER_FLAGS], [ + AX_REQUIRE_DEFINED([AX_APPEND_COMPILE_FLAGS]) AC_REQUIRE([AX_HARDEN_LINKER_FLAGS]) AC_LANG_PUSH([C]) @@ -160,6 +162,7 @@ ]) AC_DEFUN([AX_HARDEN_CXX_COMPILER_FLAGS], [ + AC_REQUIRE_DEFINED([AX_APPEND_COMPILE_FLAGS]) AC_REQUIRE([AX_HARDEN_CC_COMPILER_FLAGS]) AC_LANG_PUSH([C++]) @@ -227,6 +230,7 @@ ]) AC_DEFUN([AX_CC_OTHER_FLAGS], [ + AX_REQUIRE_DEFINED([AX_APPEND_COMPILE_FLAGS]) AC_REQUIRE([AX_HARDEN_CC_COMPILER_FLAGS]) AC_LANG_PUSH([C]) From cf9c352d9188a5633b86446546d3ceff14193e45 Mon Sep 17 00:00:00 2001 From: David Garske Date: Fri, 8 Jun 2018 14:27:54 -0700 Subject: [PATCH 143/146] Fixes for Arduino. Don't use C99 for Arduino. Enhanced the script to create as new folder in `IDE/ARDUINO/wolfSSL`. Updated README.md. --- .gitignore | 3 ++ IDE/ARDUINO/README.md | 23 ++++++------ .../wolfssl_client/wolfssl_client.ino | 3 +- IDE/ARDUINO/wolfssl-arduino.sh | 37 ++++++++++++------- wolfssl/wolfcrypt/wc_port.h | 2 +- 5 files changed, 40 insertions(+), 28 deletions(-) diff --git a/.gitignore b/.gitignore index f5e254412..b96cadc36 100644 --- a/.gitignore +++ b/.gitignore @@ -237,3 +237,6 @@ IDE/LINUX-SGX/*.a wolfcrypt/src/port/intel/qat_test /mplabx/wolfssl.X/dist/default/ /mplabx/wolfcrypt_test.X/dist/default/ + +# Arduino Generated Files +/IDE/ARDUINO/wolfSSL diff --git a/IDE/ARDUINO/README.md b/IDE/ARDUINO/README.md index b16d492e5..7376c026b 100644 --- a/IDE/ARDUINO/README.md +++ b/IDE/ARDUINO/README.md @@ -4,22 +4,23 @@ This is a shell script that will re-organize the wolfSSL library to be compatible with Arduino projects. The Arduino IDE requires a library's source files to be in the library's root directory with a header file in the name of -the library. This script moves all src/ files to the root wolfssl directory and -creates a stub header file called wolfssl.h. +the library. This script moves all src/ files to the `IDE/ARDUINO/wolfSSL` +directory and creates a stub header file called `wolfssl.h`. Step 1: To configure wolfSSL with Arduino, enter the following from within the wolfssl/IDE/ARDUINO directory: - ./wolfssl-arduino.sh + `./wolfssl-arduino.sh` -Step 2: Edit /wolfssl/wolfcrypt/settings.h uncomment the define for -WOLFSSL_ARDUINO +Step 2: Edit `/IDE/ARDUINO/wolfSSL/wolfssl/wolfcrypt/settings.h` uncomment the define for `WOLFSSL_ARDUINO` +If building for Intel Galileo platform also uncomment the define for `INTEL_GALILEO`. -also uncomment the define for INTEL_GALILEO if building for that platform - #####Including wolfSSL in Arduino Libraries (for Arduino version 1.6.6) -1. Copy the wolfSSL directory into Arduino/libraries (or wherever Arduino searches for libraries). -2. In the Arduino IDE: - - Go to ```Sketch > Include Libraries > Manage Libraries```. This refreshes your changes to the libraries. - - Next go to ```Sketch > Include Libraries > wolfSSL```. This includes wolfSSL in your sketch. + +1. In the Arduino IDE: + - In `Sketch -> Include Library -> Add .ZIP Library...` and choose the + `IDE/ARDUNIO/wolfSSL` folder. + - In `Sketch -> Include Library` choose wolfSSL. + +An example wolfSSL client INO sketch exists here: `sketches/wolfssl_client/wolfssl_client.ino` diff --git a/IDE/ARDUINO/sketches/wolfssl_client/wolfssl_client.ino b/IDE/ARDUINO/sketches/wolfssl_client/wolfssl_client.ino index 6d52690c2..879a19109 100644 --- a/IDE/ARDUINO/sketches/wolfssl_client/wolfssl_client.ino +++ b/IDE/ARDUINO/sketches/wolfssl_client/wolfssl_client.ino @@ -1,6 +1,6 @@ /* wolfssl_client.ino * - * Copyright (C) 2006-2016 wolfSSL Inc. + * Copyright (C) 2006-2018 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -142,4 +142,3 @@ void loop() { } delay(1000); } - diff --git a/IDE/ARDUINO/wolfssl-arduino.sh b/IDE/ARDUINO/wolfssl-arduino.sh index 4da3ff4b6..2d84f26c0 100755 --- a/IDE/ARDUINO/wolfssl-arduino.sh +++ b/IDE/ARDUINO/wolfssl-arduino.sh @@ -7,20 +7,29 @@ DIR=${PWD##*/} if [ "$DIR" = "ARDUINO" ]; then - cp ../../src/*.c ../../ - cp ../../wolfcrypt/src/*.c ../../ - echo "/* stub header file for Arduino compatibility */" >> ../../wolfssl.h + rm -rf wolfSSL + mkdir wolfSSL + + cp ../../src/*.c ./wolfSSL + cp ../../wolfcrypt/src/*.c ./wolfSSL + + mkdir wolfSSL/wolfssl + cp ../../wolfssl/*.h ./wolfSSL/wolfssl + mkdir wolfSSL/wolfssl/wolfcrypt + cp ../../wolfssl/wolfcrypt/*.h ./wolfSSL/wolfssl/wolfcrypt + + # support misc.c as include in wolfcrypt/src + mkdir ./wolfSSL/wolfcrypt + mkdir ./wolfSSL/wolfcrypt/src + cp ../../wolfcrypt/src/misc.c ./wolfSSL/wolfcrypt/src + + # put bio and evp as includes + mv ./wolfSSL/bio.c ./wolfSSL/wolfssl + mv ./wolfSSL/evp.c ./wolfSSL/wolfssl + + echo "/* Generated wolfSSL header file for Arduino */" >> ./wolfSSL/wolfssl.h + echo "#include " >> ./wolfSSL/wolfssl.h + echo "#include " >> ./wolfSSL/wolfssl.h else echo "ERROR: You must be in the IDE/ARDUINO directory to run this script" fi - -#UPDATED: 19 Apr 2017 to remove bio.c and evp.c from the root directory since -# they are included inline and should not be compiled directly - -ARDUINO_DIR=${PWD} -cd ../../ -rm bio.c -rm evp.c -cd $ARDUINO_DIR -# end script in the origin directory for any future functionality that may be added. -#End UPDATE: 19 Apr 2017 diff --git a/wolfssl/wolfcrypt/wc_port.h b/wolfssl/wolfcrypt/wc_port.h index de4f8d9e5..cce21ba98 100644 --- a/wolfssl/wolfcrypt/wc_port.h +++ b/wolfssl/wolfcrypt/wc_port.h @@ -34,7 +34,7 @@ #endif /* detect C99 */ -#if !defined(WOLF_C99) && defined(__STDC_VERSION__) +#if !defined(WOLF_C99) && defined(__STDC_VERSION__) && !defined(WOLFSSL_ARDUINO) #if __STDC_VERSION__ >= 199901L #define WOLF_C99 #endif From 74d4a025421a6302a34678cc8929e88de2322ad5 Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Mon, 11 Jun 2018 14:43:46 +1000 Subject: [PATCH 144/146] Remove log file and change location to local --- scripts/tls13.test | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/scripts/tls13.test b/scripts/tls13.test index 8154d7fdd..1369b2419 100755 --- a/scripts/tls13.test +++ b/scripts/tls13.test @@ -14,7 +14,7 @@ counter=0 # also let's add some randomness by adding pid in case multiple 'make check's # per source tree ready_file=`pwd`/wolfssl_tls13_ready$$ -client_file=/tmp/wolfssl_tls13_client$$ +client_file=`pwd`/wolfssl_tls13_client$$ echo "ready file $ready_file" @@ -139,6 +139,8 @@ if [ $? -ne 0 ]; then echo "" fi +do_cleanup + echo -e "\nALL Tests Passed" exit 0 From a472325f8911824f71ac767faf8b1eec7d4d20c6 Mon Sep 17 00:00:00 2001 From: Chris Conlon Date: Mon, 11 Jun 2018 14:27:08 -0600 Subject: [PATCH 145/146] return WOLFSSL_FAILURE on error from EVP_DigestUpdate() and EVP_DigestFinal() --- src/ssl.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 142d8484b..7c7bd3924 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -13400,7 +13400,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) } - /* WOLFSSL_SUCCESS on ok */ + /* WOLFSSL_SUCCESS on ok, WOLFSSL_FAILURE on failure */ int wolfSSL_EVP_DigestUpdate(WOLFSSL_EVP_MD_CTX* ctx, const void* data, size_t sz) { @@ -13450,7 +13450,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) break; #endif /* WOLFSSL_SHA512 */ default: - return BAD_FUNC_ARG; + return WOLFSSL_FAILURE; } return WOLFSSL_SUCCESS; @@ -13506,7 +13506,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) break; #endif /* WOLFSSL_SHA512 */ default: - return BAD_FUNC_ARG; + return WOLFSSL_FAILURE; } return WOLFSSL_SUCCESS; @@ -32922,4 +32922,4 @@ int wolfSSL_i2c_ASN1_INTEGER(WOLFSSL_ASN1_INTEGER *a, unsigned char **pp) } #endif /* !NO_ASN */ -#endif /* OPENSSLEXTRA */ \ No newline at end of file +#endif /* OPENSSLEXTRA */ From b7caab938efe4566c2f3df44f74c6c37212353e3 Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Fri, 8 Jun 2018 17:34:03 +1000 Subject: [PATCH 146/146] Fix post authentication for TLS 1.3 --- examples/client/client.c | 12 ++-- examples/server/server.c | 55 ++------------- src/tls.c | 22 +++--- src/tls13.c | 147 ++++++++++++++++++++++----------------- 4 files changed, 105 insertions(+), 131 deletions(-) diff --git a/examples/client/client.c b/examples/client/client.c index b7f2a37c3..f90356c83 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -660,7 +660,11 @@ static void ClientWrite(WOLFSSL* ssl, char* msg, int msgSz) } #endif } - } while (err == WC_PENDING_E); + } while (err == WOLFSSL_ERROR_WANT_WRITE + #ifdef WOLFSSL_ASYNC_CRYPT + || err == WC_PENDING_E + #endif + ); if (ret != msgSz) { printf("SSL_write msg error %d, %s\n", err, wolfSSL_ERR_error_string(err, buffer)); @@ -925,9 +929,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) int onlyKeyShare = 0; #ifdef WOLFSSL_TLS13 int noPskDheKe = 0; -#ifdef WOLFSSL_POST_HANDSHAKE_AUTH int postHandAuth = 0; -#endif #endif int updateKeysIVs = 0; #ifdef WOLFSSL_EARLY_DATA @@ -2253,8 +2255,8 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) ClientRead(ssl, reply, sizeof(reply)-1, 1); -#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) - if (postHandAuth) +#if defined(WOLFSSL_TLS13) + if (updateKeysIVs || postHandAuth) ClientWrite(ssl, msg, msgSz); #endif if (sendGET) { /* get html */ diff --git a/examples/server/server.c b/examples/server/server.c index b2fa31ad2..f744a96c6 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -281,46 +281,6 @@ int ServerEchoData(SSL* ssl, int clientfd, int echoData, int block, return EXIT_SUCCESS; } -#ifdef WOLFSSL_TLS13 -static void NonBlockingServerRead(WOLFSSL* ssl, char* input, int inputLen) -{ - int ret, err; - char buffer[CYASSL_MAX_ERROR_SZ]; - - /* Read data */ - do { - err = 0; /* reset error */ - ret = SSL_read(ssl, input, inputLen); - if (ret < 0) { - err = SSL_get_error(ssl, 0); - - #ifdef WOLFSSL_ASYNC_CRYPT - if (err == WC_PENDING_E) { - ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW); - if (ret < 0) break; - } - else - #endif - #ifdef CYASSL_DTLS - if (wolfSSL_dtls(ssl) && err == DECRYPT_ERROR) { - printf("Dropped client's message due to a bad MAC\n"); - } - else - #endif - if (err != WOLFSSL_ERROR_WANT_READ) { - printf("SSL_read input error %d, %s\n", err, - ERR_error_string(err, buffer)); - err_sys_ex(runWithErrors, "SSL_read failed"); - } - } - } while (err == WC_PENDING_E || err == WOLFSSL_ERROR_WANT_READ); - if (ret > 0) { - input[ret] = 0; /* null terminate message */ - printf("Client message: %s\n", input); - } -} -#endif - static void ServerRead(WOLFSSL* ssl, char* input, int inputLen) { int ret, err; @@ -352,7 +312,7 @@ static void ServerRead(WOLFSSL* ssl, char* input, int inputLen) err_sys_ex(runWithErrors, "SSL_read failed"); } } - } while (err == WC_PENDING_E); + } while (err == WC_PENDING_E || err == WOLFSSL_ERROR_WANT_READ); if (ret > 0) { input[ret] = 0; /* null terminate message */ printf("Client message: %s\n", input); @@ -1627,7 +1587,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) if (postHandAuth) { - SSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER | + SSL_set_verify(ssl, WOLFSSL_VERIFY_PEER | ((usePskPlus) ? WOLFSSL_VERIFY_FAIL_EXCEPT_PSK : WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT), 0); if (SSL_CTX_load_verify_locations(ctx, verifyCert, 0) @@ -1637,7 +1597,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) } #ifdef WOLFSSL_TRUST_PEER_CERT if (trustCert) { - if ((ret = wolfSSL_CTX_trust_peer_cert(ctx, trustCert, + if ((ret = wolfSSL_trust_peer_cert(ssl, trustCert, WOLFSSL_FILETYPE_PEM)) != WOLFSSL_SUCCESS) { err_sys_ex(runWithErrors, "can't load trusted peer cert " "file"); @@ -1679,13 +1639,8 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) ServerWrite(ssl, write_msg, write_msg_sz); #ifdef WOLFSSL_TLS13 - if (updateKeysIVs || postHandAuth) { - ServerWrite(ssl, write_msg, write_msg_sz); - if (nonBlocking) - NonBlockingServerRead(ssl, input, sizeof(input)-1); - else - ServerRead(ssl, input, sizeof(input)-1); - } + if (updateKeysIVs || postHandAuth) + ServerRead(ssl, input, sizeof(input)-1); #endif } else { diff --git a/src/tls.c b/src/tls.c index df8ac64f5..0920bc081 100644 --- a/src/tls.c +++ b/src/tls.c @@ -7328,7 +7328,7 @@ int TLSX_PskKeModes_Use(WOLFSSL* ssl, byte modes) static word16 TLSX_PostHandAuth_GetSize(byte msgType) { if (msgType == client_hello) - return OPAQUE8_LEN; + return 0; return SANITY_MSG_E; } @@ -7343,10 +7343,10 @@ static word16 TLSX_PostHandAuth_GetSize(byte msgType) */ static word16 TLSX_PostHandAuth_Write(byte* output, byte msgType) { - if (msgType == client_hello) { - *output = 0; - return OPAQUE8_LEN; - } + (void)output; + + if (msgType == client_hello) + return 0; return SANITY_MSG_E; } @@ -7363,15 +7363,11 @@ static word16 TLSX_PostHandAuth_Write(byte* output, byte msgType) static int TLSX_PostHandAuth_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType) { - byte len; + (void)input; if (msgType == client_hello) { - /* Ensure length byte exists. */ - if (length < OPAQUE8_LEN) - return BUFFER_E; - - len = input[0]; - if (length - OPAQUE8_LEN != len || len != 0) + /* Ensure extension is empty. */ + if (length != 0) return BUFFER_E; ssl->options.postHandshakeAuth = 1; @@ -9347,7 +9343,7 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType, #ifdef WOLFSSL_POST_HANDSHAKE_AUTH case TLSX_POST_HANDSHAKE_AUTH: - WOLFSSL_MSG("PSK Key Exchange Modes extension received"); + WOLFSSL_MSG("Post Handshake Authentication extension received"); if (!IsAtLeastTLSv1_3(ssl->version)) break; diff --git a/src/tls13.c b/src/tls13.c index 75bc5ddc1..545dfcfd0 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -3202,16 +3202,6 @@ static int DoTls13CertificateRequest(WOLFSSL* ssl, const byte* input, /* This message is always encrypted so add encryption padding. */ *inOutIdx += ssl->keys.padSz; -#if !defined(NO_WOLFSSL_CLIENT) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) - if (ssl->options.side == WOLFSSL_CLIENT_END && - ssl->options.handShakeState == HANDSHAKE_DONE) { - /* reset handshake states */ - ssl->options.clientState = CLIENT_HELLO_COMPLETE; - ssl->options.connectState = FIRST_REPLY_DONE; - ssl->options.handShakeState = CLIENT_HELLO_COMPLETE; - } -#endif - WOLFSSL_LEAVE("DoTls13CertificateRequest", ret); WOLFSSL_END(WC_FUNC_CERTIFICATE_REQUEST_DO); @@ -5855,7 +5845,15 @@ static int DoTls13Finished(WOLFSSL* ssl, const byte* input, word32* inOutIdx, if (*inOutIdx + size + ssl->keys.padSz > totalSz) return BUFFER_E; - if (ssl->options.side == WOLFSSL_CLIENT_END) { + if (ssl->options.handShakeDone) { + ret = DeriveFinishedSecret(ssl, ssl->arrays->clientSecret, + ssl->keys.client_write_MAC_secret); + if (ret != 0) + return ret; + + secret = ssl->keys.client_write_MAC_secret; + } + else if (ssl->options.side == WOLFSSL_CLIENT_END) { /* All the handshake messages have been received to calculate * client and server finished keys. */ @@ -5961,7 +5959,15 @@ static int SendTls13Finished(WOLFSSL* ssl) AddTls13HandShakeHeader(input, finishedSz, 0, finishedSz, finished, ssl); /* make finished hashes */ - if (ssl->options.side == WOLFSSL_CLIENT_END) + if (ssl->options.handShakeDone) { + ret = DeriveFinishedSecret(ssl, ssl->arrays->clientSecret, + ssl->keys.client_write_MAC_secret); + if (ret != 0) + return ret; + + secret = ssl->keys.client_write_MAC_secret; + } + else if (ssl->options.side == WOLFSSL_CLIENT_END) secret = ssl->keys.client_write_MAC_secret; else { /* All the handshake messages have been done to calculate client and @@ -6864,13 +6870,14 @@ static int SanityCheckTls13MsgReceived(WOLFSSL* ssl, byte type) ssl->arrays->psk_keySz != 0) { WOLFSSL_MSG("CertificateRequset received while using PSK"); return SANITY_MSG_E; - return SANITY_MSG_E; } #endif + #ifndef WOLFSSL_POST_HANDSHAKE_AUTH if (ssl->msgsReceived.got_certificate_request) { WOLFSSL_MSG("Duplicate CertificateRequest received"); return DUPLICATE_MSG_E; } + #endif ssl->msgsReceived.got_certificate_request = 1; break; @@ -6878,20 +6885,20 @@ static int SanityCheckTls13MsgReceived(WOLFSSL* ssl, byte type) case certificate_verify: #ifndef NO_WOLFSSL_CLIENT - if (ssl->options.side == WOLFSSL_CLIENT_END && - ssl->options.serverState != SERVER_CERT_COMPLETE) { - WOLFSSL_MSG("No Cert before CertVerify"); - return OUT_OF_ORDER_E; + if (ssl->options.side == WOLFSSL_CLIENT_END) { + if (ssl->options.serverState != SERVER_CERT_COMPLETE) { + WOLFSSL_MSG("No Cert before CertVerify"); + return OUT_OF_ORDER_E; + } + #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) + /* Server's authenticating with PSK must not send this. */ + if (ssl->options.serverState == SERVER_CERT_COMPLETE && + ssl->arrays->psk_keySz != 0) { + WOLFSSL_MSG("CertificateVerify received while using PSK"); + return SANITY_MSG_E; + } + #endif } - #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) - /* Server's authenticating with PSK must not send this. */ - if (ssl->options.side == WOLFSSL_CLIENT_END && - ssl->options.serverState == SERVER_CERT_COMPLETE && - ssl->arrays->psk_keySz != 0) { - WOLFSSL_MSG("CertificateVerify received while using PSK"); - return SANITY_MSG_E; - } - #endif #endif #ifndef NO_WOLFSSL_SERVER if (ssl->options.side == WOLFSSL_SERVER_END) { @@ -7134,47 +7141,61 @@ int DoTls13HandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx, if (ssl->options.tls1_3) { /* Need to hash input message before deriving secrets. */ -#ifndef NO_WOLFSSL_CLIENT - if (type == server_hello && ssl->options.side == WOLFSSL_CLIENT_END) { - if ((ret = DeriveEarlySecret(ssl)) != 0) - return ret; - if ((ret = DeriveHandshakeSecret(ssl)) != 0) - return ret; + #ifndef NO_WOLFSSL_CLIENT + if (ssl->options.side == WOLFSSL_CLIENT_END) { + if (type == server_hello) { + if ((ret = DeriveEarlySecret(ssl)) != 0) + return ret; + if ((ret = DeriveHandshakeSecret(ssl)) != 0) + return ret; - if ((ret = DeriveTls13Keys(ssl, handshake_key, + if ((ret = DeriveTls13Keys(ssl, handshake_key, ENCRYPT_AND_DECRYPT_SIDE, 1)) != 0) { - return ret; + return ret; + } + #ifdef WOLFSSL_EARLY_DATA + if ((ret = SetKeysSide(ssl, DECRYPT_SIDE_ONLY)) != 0) + return ret; + #else + if ((ret = SetKeysSide(ssl, ENCRYPT_AND_DECRYPT_SIDE)) != 0) + return ret; + #endif } - #ifdef WOLFSSL_EARLY_DATA - if ((ret = SetKeysSide(ssl, DECRYPT_SIDE_ONLY)) != 0) - return ret; - #else - if ((ret = SetKeysSide(ssl, ENCRYPT_AND_DECRYPT_SIDE)) != 0) - return ret; - #endif - } - if (type == finished && ssl->options.side == WOLFSSL_CLIENT_END) { - if ((ret = DeriveMasterSecret(ssl)) != 0) - return ret; - #ifdef WOLFSSL_EARLY_DATA - if ((ret = DeriveTls13Keys(ssl, traffic_key, + if (type == finished) { + if ((ret = DeriveMasterSecret(ssl)) != 0) + return ret; + #ifdef WOLFSSL_EARLY_DATA + if ((ret = DeriveTls13Keys(ssl, traffic_key, ENCRYPT_AND_DECRYPT_SIDE, ssl->earlyData == no_early_data)) != 0) { - return ret; - } - #else - if ((ret = DeriveTls13Keys(ssl, traffic_key, + return ret; + } + #else + if ((ret = DeriveTls13Keys(ssl, traffic_key, ENCRYPT_AND_DECRYPT_SIDE, 1)) != 0) { - return ret; + return ret; + } + #endif } - #endif + #ifdef WOLFSSL_POST_HANDSHAKE_AUTH + if (type == certificate_request && + ssl->options.handShakeState == HANDSHAKE_DONE) { + /* reset handshake states */ + ssl->options.clientState = CLIENT_HELLO_COMPLETE; + ssl->options.connectState = FIRST_REPLY_DONE; + ssl->options.handShakeState = CLIENT_HELLO_COMPLETE; + + if (wolfSSL_connect_TLSv13(ssl) != SSL_SUCCESS) + ret = POST_HAND_AUTH_ERROR; + } + #endif } -#endif /* NO_WOLFSSL_CLIENT */ + #endif /* NO_WOLFSSL_CLIENT */ #ifndef NO_WOLFSSL_SERVER #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) - if (type == finished && ssl->options.side == WOLFSSL_SERVER_END) { + if (ssl->options.side == WOLFSSL_SERVER_END && type == finished) { ret = DeriveResumptionSecret(ssl, ssl->session.masterSecret); if (ret != 0) return ret; @@ -7497,14 +7518,9 @@ int wolfSSL_connect_TLSv13(WOLFSSL* ssl) FALL_THROUGH; case FIRST_REPLY_THIRD: - #if !defined(NO_CERTS) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) - if (!ssl->options.sendVerify || !ssl->options.postHandshakeAuth) - #endif - { - if ((ssl->error = SendTls13Finished(ssl)) != 0) { - WOLFSSL_ERROR(ssl->error); - return WOLFSSL_FATAL_ERROR; - } + if ((ssl->error = SendTls13Finished(ssl)) != 0) { + WOLFSSL_ERROR(ssl->error); + return WOLFSSL_FATAL_ERROR; } WOLFSSL_MSG("sent: finished"); @@ -7805,11 +7821,16 @@ int wolfSSL_request_certificate(WOLFSSL* ssl) certReqCtx->ctx = certReqCtx->next->ctx + 1; ssl->certReqCtx = certReqCtx; + ssl->msgsReceived.got_certificate = 0; + ssl->msgsReceived.got_certificate_verify = 0; + ssl->msgsReceived.got_finished = 0; + ret = SendTls13CertificateRequest(ssl, &certReqCtx->ctx, certReqCtx->len); if (ret == WANT_WRITE) ret = WOLFSSL_ERROR_WANT_WRITE; else if (ret == 0) ret = WOLFSSL_SUCCESS; + return ret; } #endif /* !NO_CERTS && WOLFSSL_POST_HANDSHAKE_AUTH */