feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge commit 'd67a031132b87fc01f0808f161eda0e3101dbba7' into IntelAsm

Browse Source
This commit is contained in:
Takashi Kojo
2015-04-06 10:22:33 +09:00
parent ebedd64c5f d67a031132
commit 3a372aebe3
40 changed files with 831 additions and 391 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.gitignore vendored
View File

@@ -14,6 +14,9 @@ config*
*Release/
*.ncb
*.suo
*.sdf
*.opensdf
ipch/
build-aux/
rpm/spec
stamp-h

6
IDE/iOS/README.md
View File

@@ -66,7 +66,6 @@ for "Preprocessor Macros" and add the following under both `Release` and
* `HAVE_AESGCM`
* `WOLFSSL_SHA512`
* `WOLFSSL_SHA384`
* `NO_PWDBASED` -- for now, can drop later
# Using the FIPS library
@@ -80,3 +79,8 @@ libraries like this, so static builds are required. This creates a problem.
Every time the application is changed, the FIPS checksum will change, because
the FIPS library's position in the executable may change.
You need to add something to your application that will output the verifyCore
value to be used. The verifyCore in fips_test.c will need to be updated with this
value, the library rebuilt, and relinked into your application. The application
should not be changed during this process or the verifyCore check will fail again.

3
README
View File

@@ -34,6 +34,9 @@ before calling wolfSSL_new(); Though it's not recommended.
*** end Notes ***
- GNU Binutils 2.24 ld has problems with some debug builds, to fix an ld error
add -fdebug-types-section to C_EXTRA_FLAGS
wolfSSL (Formerly CyaSSL) Release 3.4.6 (03/30/2015)
Release 3.4.6 of wolfSSL has bug fixes and new features including:

3
README.md
View File

@@ -35,6 +35,9 @@ wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
before calling wolfSSL_new(); Though it's not recommended.
```
- GNU Binutils 2.24 ld has problems with some debug builds, to fix an ld error
add -fdebug-types-section to C_EXTRA_FLAGS
#wolfSSL (Formerly CyaSSL) Release 3.4.6 (03/30/2015)
##Release 3.4.6 of wolfSSL has bug fixes and new features including:

91
configure.ac
View File

@@ -6,7 +6,7 @@
#
#
AC_INIT([wolfssl],[3.4.6],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com])
AC_INIT([wolfssl],[3.4.7],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com])
AC_CONFIG_AUX_DIR([build-aux])
@@ -165,6 +165,13 @@ then
fi
# High Strength Build
AC_ARG_ENABLE([maxstrength],
[AS_HELP_STRING([--enable-maxstrength],[Enable Max Strengh build, allows TLSv1.2-AEAD-PFS ciphers only (default: disabled)])],
[ENABLED_MAXSTRENGTH=$enableval],
[ENABLED_MAXSTRENGTH=no])
# IPv6 Test Apps
AC_ARG_ENABLE([ipv6],
[ --enable-ipv6 Enable testing of IPV6 (default: disabled)],
@@ -320,6 +327,12 @@ AC_ARG_ENABLE([sniffer],
[ ENABLED_SNIFFER=no ]
)
# sniffer does't work in maxstrength mode
if test "$ENABLED_SNIFFER" = "yes" && test "$ENABLED_MAXSTRENGTH" = "yes"
then
AC_MSG_ERROR([cannot enable maxstrength in sniffer mode.])
fi
ENABLED_SNIFFTEST=no
AS_IF([ test "x$ENABLED_SNIFFER" = "xyes" ],
[
@@ -335,12 +348,12 @@ AM_CONDITIONAL([BUILD_SNIFFTEST], [ test "x$ENABLED_SNIFFTEST" = "xyes" ])
# AES-GCM
AC_ARG_ENABLE([aesgcm],
[ --enable-aesgcm Enable wolfSSL AES-GCM support (default: disabled)],
[AS_HELP_STRING([--enable-aesgcm],[Enable wolfSSL AES-GCM support (default: enabled)])],
[ ENABLED_AESGCM=$enableval ],
[ ENABLED_AESGCM=yes ]
)
# lean pks does't need gcm
# lean psk does't need gcm
if test "$ENABLED_LEANPSK" = "yes"
then
ENABLED_AESGCM=no
@@ -426,12 +439,12 @@ AM_CONDITIONAL([BUILD_AESNI], [test "x$ENABLED_AESNI" = "xyes"])
# POLY1305
AC_ARG_ENABLE([poly1305],
[AS_HELP_STRING([--enable-poly1305],[Enable wolfSSL POLY1305 support (default: disabled)])],
[AS_HELP_STRING([--enable-poly1305],[Enable wolfSSL POLY1305 support (default: enabled)])],
[ ENABLED_POLY1305=$enableval ],
[ ENABLED_POLY1305=yes ]
)
# lean pks does't need poly1305
# lean psk does't need poly1305
if test "$ENABLED_LEANPSK" = "yes"
then
ENABLED_POLY1305=no
@@ -522,13 +535,26 @@ fi
AM_CONDITIONAL([BUILD_BLAKE2], [test "x$ENABLED_BLAKE2" = "xyes"])
# set sha512 default
SHA512_DEFAULT=no
if test "$host_cpu" = "x86_64"
then
SHA512_DEFAULT=yes
fi
# SHA512
AC_ARG_ENABLE([sha512],
[ --enable-sha512 Enable wolfSSL SHA-512 support (default: disabled)],
[AS_HELP_STRING([--enable-sha512],[Enable wolfSSL SHA-512 support (default: enabled on x86_64)])],
[ ENABLED_SHA512=$enableval ],
[ ENABLED_SHA512=no ]
[ ENABLED_SHA512=$SHA512_DEFAULT ]
)
# lean psk does't need sha512
if test "$ENABLED_LEANPSK" = "yes"
then
ENABLED_SHA512=no
fi
if test "$ENABLED_SHA512" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA512 -DWOLFSSL_SHA384"
@@ -638,13 +664,27 @@ fi
AM_CONDITIONAL([BUILD_DSA], [test "x$ENABLED_DSA" = "xyes"])
# ECC
# set ecc default
ECC_DEFAULT=no
if test "$host_cpu" = "x86_64"
then
ECC_DEFAULT=yes
fi
# ECC
AC_ARG_ENABLE([ecc],
[ --enable-ecc Enable ECC (default: disabled)],
[AS_HELP_STRING([--enable-ecc],[Enable ECC (default: enabled on x86_64)])],
[ ENABLED_ECC=$enableval ],
[ ENABLED_ECC=no ]
[ ENABLED_ECC=$ECC_DEFAULT ]
)
# lean psk does't need ecc
if test "$ENABLED_LEANPSK" = "yes"
then
ENABLED_ECC=no
fi
if test "$ENABLED_ECC" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256 -DECC_SHAMIR"
@@ -655,7 +695,7 @@ AM_CONDITIONAL([BUILD_ECC], [test "x$ENABLED_ECC" = "xyes"])
if test "$ENABLED_ECC" = "yes" && test "$ENABLED_SMALL" = "yes"
then
AC_MSG_ERROR([cannot enable ecc and small, ecc requires TLS which small turns off.])
AC_MSG_ERROR([cannot enable ecc and small, ecc requires TLS which small turns off.])
fi
@@ -857,7 +897,7 @@ AM_CONDITIONAL([BUILD_RSA], [test "x$ENABLED_RSA" = "xyes"])
# DH
AC_ARG_ENABLE([dh],
[ --enable-dh Enable DH (default: disabled)],
[AS_HELP_STRING([--enable-dh],[Enable DH (default: enabled)])],
[ ENABLED_DH=$enableval ],
[ ENABLED_DH=yes ]
)
@@ -1027,7 +1067,7 @@ AM_CONDITIONAL([BUILD_DES3], [test "x$ENABLED_DES3" = "xyes"])
# ARC4
AC_ARG_ENABLE([arc4],
[ --enable-arc4 Enable ARC4 (default: enabled)],
[ --enable-arc4 Enable ARC4 (default: disabled)],
[ ENABLED_ARC4=$enableval ],
[ ENABLED_ARC4=no ]
)
@@ -1156,12 +1196,12 @@ AM_CONDITIONAL([BUILD_RABBIT], [test "x$ENABLED_RABBIT" = "xyes"])
# CHACHA
AC_ARG_ENABLE([chacha],
[ --enable-chacha Enable CHACHA (default: disabled)],
[ --enable-chacha Enable CHACHA (default: enabled)],
[ ENABLED_CHACHA=$enableval ],
[ ENABLED_CHACHA=yes ]
)
# lean pks does't need chacha
# lean psk does't need chacha
if test "$ENABLED_LEANPSK" = "yes"
then
ENABLED_CHACHA=no
@@ -1677,6 +1717,11 @@ then
AM_CFLAGS="$AM_CFLAGS -DUSE_FAST_MATH"
ENABLED_SLOWMATH="no"
fi
if test "$host_cpu" = "x86_64"
then
# Have settings.h set FP_MAX_BITS higher if user didn't set directly
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_X86_64_BUILD"
fi
fi
@@ -1817,6 +1862,21 @@ fi
AM_CONDITIONAL([BUILD_MCAPI], [test "x$ENABLED_MCAPI" = "xyes"])
# Check for build-type conflicts
AS_IF([test "x$ENABLED_MAXSTRENGTH" = "xyes" && \
test "x$ENABLED_LEANPSK" = "xyes"],
[AC_MSG_ERROR([Cannot use Max Strength and Lean PSK at the same time.])])
# Update CFLAGS based on options
AS_IF([test "x$ENABLED_MAXSTRENGTH" = "xyes"],
[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MAX_STRENGTH"])
AS_IF([test "x$ENABLED_MAXSTRENGTH" = "xyes" && \
test "x$ENABLED_OLD_TLS" = "xyes"],
[AM_CFLAGS="$AM_CFLAGS -DNO_OLD_TLS"
ENABLED_OLD_TLS=no])
# OPTIMIZE FLAGS
if test "$GCC" = "yes"
@@ -1972,6 +2032,7 @@ echo " Features "
echo " * Single threaded: $ENABLED_SINGLETHREADED"
echo " * Filesystem: $ENABLED_FILESYSTEM"
echo " * OpenSSL Extra API: $ENABLED_OPENSSLEXTRA"
echo " * Max Strength Build: $ENABLED_MAXSTRENGTH"
echo " * fastmath: $ENABLED_FASTMATH"
echo " * sniffer: $ENABLED_SNIFFER"
echo " * snifftest: $ENABLED_SNIFFTEST"

13
examples/client/client.c
View File

@@ -566,7 +566,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
#endif
#if defined(WOLFSSL_SNIFFER) && !defined(HAVE_NTRU) && !defined(HAVE_ECC)
#if defined(WOLFSSL_SNIFFER)
if (cipherList == NULL) {
/* don't use EDH, can't sniff tmp keys */
if (wolfSSL_CTX_set_cipher_list(ctx, "AES256-SHA256") != SSL_SUCCESS) {
@@ -607,10 +607,15 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
}
if (!usePsk && !useAnon) {
if (wolfSSL_CTX_load_verify_locations(ctx, verifyCert, 0) != SSL_SUCCESS)
err_sys("can't load ca file, Please run from wolfSSL home dir");
if (wolfSSL_CTX_load_verify_locations(ctx, verifyCert,0) != SSL_SUCCESS)
err_sys("can't load ca file, Please run from wolfSSL home dir");
#ifdef HAVE_ECC
/* load ecc verify too, echoserver uses it by default w/ ecc */
if (wolfSSL_CTX_load_verify_locations(ctx, eccCert, 0) != SSL_SUCCESS)
err_sys("can't load ecc ca file, Please run from wolfSSL home dir");
#endif /* HAVE_ECC */
}
#endif
#endif /* !NO_FILESYSTEM && !NO_CERTS */
#if !defined(NO_CERTS)
if (!usePsk && !useAnon && doPeerCheck == 0)
wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);

2
examples/echoclient/echoclient.c
View File

@@ -130,7 +130,7 @@ void echoclient_test(void* args)
load_buffer(ctx, caCert, CYASSL_CA);
#endif
#if defined(CYASSL_SNIFFER) && !defined(HAVE_NTRU) && !defined(HAVE_ECC)
#if defined(CYASSL_SNIFFER)
/* don't use EDH, can't sniff tmp keys */
SSL_CTX_set_cipher_list(ctx, "AES256-SHA");
#endif

4
examples/echoserver/echoserver.c
View File

@@ -160,7 +160,7 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
!= SSL_SUCCESS)
err_sys("can't load ntru key file, "
"Please run from wolfSSL home dir");
#elif defined(HAVE_ECC)
#elif defined(HAVE_ECC) && !defined(CYASSL_SNIFFER)
/* ecc */
if (CyaSSL_CTX_use_certificate_file(ctx, eccCert, SSL_FILETYPE_PEM)
!= SSL_SUCCESS)
@@ -193,7 +193,7 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
}
#endif
#if defined(CYASSL_SNIFFER) && !defined(HAVE_NTRU) && !defined(HAVE_ECC)
#if defined(CYASSL_SNIFFER)
/* don't use EDH, can't sniff tmp keys */
CyaSSL_CTX_set_cipher_list(ctx, "AES256-SHA");
#endif

2
examples/server/server.c
View File

@@ -485,7 +485,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
}
#endif
#if defined(CYASSL_SNIFFER) && !defined(HAVE_NTRU) && !defined(HAVE_ECC)
#if defined(CYASSL_SNIFFER)
/* don't use EDH, can't sniff tmp keys */
if (cipherList == NULL) {
if (SSL_CTX_set_cipher_list(ctx, "AES256-SHA256") != SSL_SUCCESS)

9
rpm/spec.in
View File

@@ -69,7 +69,7 @@ mkdir -p $RPM_BUILD_ROOT/
%{_libdir}/libwolfssl.la
%{_libdir}/libwolfssl.so
%{_libdir}/libwolfssl.so.0
%{_libdir}/libwolfssl.so.0.0.0
%{_libdir}/libwolfssl.so.0.0.1
%files devel
%defattr(-,root,root,-)
@@ -174,14 +174,19 @@ mkdir -p $RPM_BUILD_ROOT/
%{_includedir}/wolfssl/wolfcrypt/blake2.h
%{_includedir}/wolfssl/wolfcrypt/camellia.h
%{_includedir}/wolfssl/wolfcrypt/chacha.h
%{_includedir}/wolfssl/wolfcrypt/chacha20_poly1305.h
%{_includedir}/wolfssl/wolfcrypt/coding.h
%{_includedir}/wolfssl/wolfcrypt/compress.h
%{_includedir}/wolfssl/wolfcrypt/curve25519.h
%{_includedir}/wolfssl/wolfcrypt/des3.h
%{_includedir}/wolfssl/wolfcrypt/dh.h
%{_includedir}/wolfssl/wolfcrypt/dsa.h
%{_includedir}/wolfssl/wolfcrypt/ecc.h
%{_includedir}/wolfssl/wolfcrypt/ed25519.h
%{_includedir}/wolfssl/wolfcrypt/error-crypt.h
%{_includedir}/wolfssl/wolfcrypt/fe_operations.h
%{_includedir}/wolfssl/wolfcrypt/fips_test.h
%{_includedir}/wolfssl/wolfcrypt/ge_operations.h
%{_includedir}/wolfssl/wolfcrypt/hc128.h
%{_includedir}/wolfssl/wolfcrypt/hmac.h
%{_includedir}/wolfssl/wolfcrypt/integer.h
@@ -251,6 +256,8 @@ mkdir -p $RPM_BUILD_ROOT/
%{_libdir}/pkgconfig/wolfssl.pc
%changelog
* Tue Mar 31 2015 John Safranek <john@wolfssl.com>
- Added recent new wolfcrypt headers for curve25519
* Fri Jan 09 2015 John Safranek <john@wolfssl.com>
- Update for cyassl->wolfssl name change
* Fri Oct 20 2012 Brian Aker <brian@tangent.org>

226
src/internal.c
View File

@@ -588,6 +588,10 @@ static void InitSuitesHashSigAlgo(Suites* suites, int haveECDSAsig,
int idx = 0;
if (haveECDSAsig) {
#ifdef WOLFSSL_SHA512
suites->hashSigAlgo[idx++] = sha512_mac;
suites->hashSigAlgo[idx++] = ecc_dsa_sa_algo;
#endif
#ifdef WOLFSSL_SHA384
suites->hashSigAlgo[idx++] = sha384_mac;
suites->hashSigAlgo[idx++] = ecc_dsa_sa_algo;
@@ -603,6 +607,10 @@ static void InitSuitesHashSigAlgo(Suites* suites, int haveECDSAsig,
}
if (haveRSAsig) {
#ifdef WOLFSSL_SHA512
suites->hashSigAlgo[idx++] = sha512_mac;
suites->hashSigAlgo[idx++] = rsa_sa_algo;
#endif
#ifdef WOLFSSL_SHA384
suites->hashSigAlgo[idx++] = sha384_mac;
suites->hashSigAlgo[idx++] = rsa_sa_algo;
@@ -1622,6 +1630,12 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
return ret;
}
#endif
#ifdef WOLFSSL_SHA512
ret = wc_InitSha512(&ssl->hsHashes->hashSha512);
if (ret != 0) {
return ret;
}
#endif
/* increment CTX reference count */
if (LockMutex(&ctx->countMutex) != 0) {
@@ -2349,7 +2363,7 @@ ProtocolVersion MakeDTLSv1_2(void)
word32 LowResTimer(void)
{
return (word32) MYTIME_gettime();
return (word32) Seconds_get();
}
#elif defined(USER_TICKS)
@@ -2362,6 +2376,21 @@ ProtocolVersion MakeDTLSv1_2(void)
*/
}
#endif
#elif defined(TIME_OVERRIDES)
/* use same asn time overrides unless user wants tick override above */
#ifndef HAVE_TIME_T_TYPE
typedef long time_t;
#endif
extern time_t XTIME(time_t * timer);
word32 LowResTimer(void)
{
return (word32) XTIME(0);
}
#else /* !USE_WINDOWS_API && !HAVE_RTP_SYS && !MICRIUM && !USER_TICKS */
#include <time.h>
@@ -2412,6 +2441,11 @@ static int HashOutput(WOLFSSL* ssl, const byte* output, int sz, int ivSz)
ret = wc_Sha384Update(&ssl->hsHashes->hashSha384, adj, sz);
if (ret != 0)
return ret;
#endif
#ifdef WOLFSSL_SHA512
ret = wc_Sha512Update(&ssl->hsHashes->hashSha512, adj, sz);
if (ret != 0)
return ret;
#endif
}
@@ -2453,6 +2487,11 @@ static int HashInput(WOLFSSL* ssl, const byte* input, int sz)
ret = wc_Sha384Update(&ssl->hsHashes->hashSha384, adj, sz);
if (ret != 0)
return ret;
#endif
#ifdef WOLFSSL_SHA512
ret = wc_Sha512Update(&ssl->hsHashes->hashSha512, adj, sz);
if (ret != 0)
return ret;
#endif
}
@@ -3003,6 +3042,7 @@ static void BuildSHA(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
#endif
/* Finished doesn't support SHA512, not SHA512 cipher suites yet */
static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
{
int ret = 0;
@@ -3802,9 +3842,9 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
x509->derCert.length = dCert->maxIdx;
}
x509->altNames = dCert->altNames;
dCert->altNames = NULL; /* takes ownership */
x509->altNamesNext = x509->altNames; /* index hint */
x509->altNames = dCert->altNames;
dCert->weOwnAltNames = 0;
x509->altNamesNext = x509->altNames; /* index hint */
x509->isCa = dCert->isCA;
#ifdef OPENSSL_EXTRA
@@ -6866,6 +6906,9 @@ static int BuildCertHashes(WOLFSSL* ssl, Hashes* hashes)
#ifdef WOLFSSL_SHA384
Sha384 sha384 = ssl->hsHashes->hashSha384;
#endif
#ifdef WOLFSSL_SHA512
Sha512 sha512 = ssl->hsHashes->hashSha512;
#endif
if (ssl->options.tls) {
#if ! defined( NO_OLD_TLS )
@@ -6885,6 +6928,11 @@ static int BuildCertHashes(WOLFSSL* ssl, Hashes* hashes)
if (ret != 0)
return ret;
#endif
#ifdef WOLFSSL_SHA512
ret = wc_Sha512Final(&ssl->hsHashes->hashSha512,hashes->sha512);
if (ret != 0)
return ret;
#endif
}
}
#if ! defined( NO_OLD_TLS )
@@ -6904,6 +6952,9 @@ static int BuildCertHashes(WOLFSSL* ssl, Hashes* hashes)
#ifdef WOLFSSL_SHA384
ssl->hsHashes->hashSha384 = sha384;
#endif
#ifdef WOLFSSL_SHA512
ssl->hsHashes->hashSha512 = sha512;
#endif
}
return 0;
@@ -8866,6 +8917,12 @@ static void PickHashSigAlgo(WOLFSSL* ssl,
break;
}
#endif
#ifdef WOLFSSL_SHA512
else if (hashSigAlgo[i] == sha512_mac) {
ssl->suites->hashAlgo = sha512_mac;
break;
}
#endif
}
}
}
@@ -9892,6 +9949,15 @@ static void PickHashSigAlgo(WOLFSSL* ssl,
byte hash384[SHA384_DIGEST_SIZE];
#endif
#endif
#ifdef WOLFSSL_SHA512
#ifdef WOLFSSL_SMALL_STACK
Sha512* sha512 = NULL;
byte* hash512 = NULL;
#else
Sha512 sha512[1];
byte hash512[SHA512_DIGEST_SIZE];
#endif
#endif
#ifdef WOLFSSL_SMALL_STACK
byte* hash = NULL;
byte* messageVerify = NULL;
@@ -10011,6 +10077,24 @@ static void PickHashSigAlgo(WOLFSSL* ssl,
goto done;
#endif
#ifdef WOLFSSL_SHA512
#ifdef WOLFSSL_SMALL_STACK
sha512 = (Sha512*)XMALLOC(sizeof(Sha512), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
hash512 = (byte*)XMALLOC(SHA512_DIGEST_SIZE, NULL,
DYNAMIC_TYPE_TMP_BUFFER);
if (sha512 == NULL || hash512 == NULL)
ERROR_OUT(MEMORY_E, done);
#endif
if (!(ret = wc_InitSha512(sha512))
&& !(ret = wc_Sha512Update(sha512, ssl->arrays->clientRandom, RAN_LEN))
&& !(ret = wc_Sha512Update(sha512, ssl->arrays->serverRandom, RAN_LEN))
&& !(ret = wc_Sha512Update(sha512, messageVerify, verifySz)))
ret = wc_Sha512Final(sha512, hash512);
if (ret != 0)
goto done;
#endif
#ifndef NO_RSA
/* rsa */
if (sigAlgo == rsa_sa_algo)
@@ -10079,6 +10163,13 @@ static void PickHashSigAlgo(WOLFSSL* ssl,
digestSz = SHA384_DIGEST_SIZE;
#endif
}
else if (hashAlgo == sha512_mac) {
#ifdef WOLFSSL_SHA512
digest = hash512;
typeH = SHA512h;
digestSz = SHA512_DIGEST_SIZE;
#endif
}
#ifdef WOLFSSL_SMALL_STACK
encodedSig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ, NULL,
@@ -10144,6 +10235,12 @@ static void PickHashSigAlgo(WOLFSSL* ssl,
digestSz = SHA384_DIGEST_SIZE;
#endif
}
else if (hashAlgo == sha512_mac) {
#ifdef WOLFSSL_SHA512
digest = hash512;
digestSz = SHA512_DIGEST_SIZE;
#endif
}
}
if (doUserEcc) {
#ifdef HAVE_PK_CALLBACKS
@@ -10183,6 +10280,10 @@ static void PickHashSigAlgo(WOLFSSL* ssl,
#ifdef WOLFSSL_SHA384
XFREE(sha384, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(hash384, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
#ifdef WOLFSSL_SHA512
XFREE(sha512, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(hash512, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
XFREE(hash, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(messageVerify, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -10872,6 +10973,12 @@ static void PickHashSigAlgo(WOLFSSL* ssl,
digestSz = SHA384_DIGEST_SIZE;
#endif
}
else if (ssl->suites->hashAlgo == sha512_mac) {
#ifdef WOLFSSL_SHA512
digest = ssl->hsHashes->certHashes.sha512;
digestSz = SHA512_DIGEST_SIZE;
#endif
}
}
if (doUserEcc) {
@@ -10940,6 +11047,14 @@ static void PickHashSigAlgo(WOLFSSL* ssl,
didSet = 1;
#endif
}
else if (ssl->suites->hashAlgo == sha512_mac) {
#ifdef WOLFSSL_SHA512
digest = ssl->hsHashes->certHashes.sha512;
typeH = SHA512h;
digestSz = SHA512_DIGEST_SIZE;
didSet = 1;
#endif
}
if (didSet == 0) {
/* defaults */
@@ -11670,6 +11785,15 @@ int DoSessionTicket(WOLFSSL* ssl,
byte hash384[SHA384_DIGEST_SIZE];
#endif
#endif
#ifdef WOLFSSL_SHA512
#ifdef WOLFSSL_SMALL_STACK
Sha512* sha512 = NULL;
byte* hash512 = NULL;
#else
Sha512 sha512[1];
byte hash512[SHA512_DIGEST_SIZE];
#endif
#endif
#ifdef WOLFSSL_SMALL_STACK
hash = (byte*)XMALLOC(FINISHED_SZ, NULL,
@@ -11750,6 +11874,28 @@ int DoSessionTicket(WOLFSSL* ssl,
goto done_a2;
#endif
#ifdef WOLFSSL_SHA512
#ifdef WOLFSSL_SMALL_STACK
sha512 = (Sha512*)XMALLOC(sizeof(Sha512), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
hash512 = (byte*)XMALLOC(SHA512_DIGEST_SIZE, NULL,
DYNAMIC_TYPE_TMP_BUFFER);
if (sha512 == NULL || hash512 == NULL)
ERROR_OUT(MEMORY_E, done_a2);
#endif
if (!(ret = wc_InitSha512(sha512))
&& !(ret = wc_Sha512Update(sha512, ssl->arrays->clientRandom,
RAN_LEN))
&& !(ret = wc_Sha512Update(sha512, ssl->arrays->serverRandom,
RAN_LEN))
&& !(ret = wc_Sha512Update(sha512, output + preSigIdx, preSigSz)))
ret = wc_Sha512Final(sha512, hash512);
if (ret != 0)
goto done_a2;
#endif
#ifndef NO_RSA
if (ssl->suites->sigAlgo == rsa_sa_algo) {
byte* signBuffer = hash;
@@ -11792,6 +11938,13 @@ int DoSessionTicket(WOLFSSL* ssl,
digestSz = SHA384_DIGEST_SIZE;
#endif
}
else if (ssl->suites->hashAlgo == sha512_mac) {
#ifdef WOLFSSL_SHA512
digest = hash512;
typeH = SHA512h;
digestSz = SHA512_DIGEST_SIZE;
#endif
}
signSz = wc_EncodeSignature(encodedSig, digest, digestSz,
typeH);
@@ -11862,6 +12015,12 @@ int DoSessionTicket(WOLFSSL* ssl,
digestSz = SHA384_DIGEST_SIZE;
#endif
}
else if (ssl->suites->hashAlgo == sha512_mac) {
#ifdef WOLFSSL_SHA512
digest = hash512;
digestSz = SHA512_DIGEST_SIZE;
#endif
}
}
if (doUserEcc) {
@@ -11908,6 +12067,10 @@ int DoSessionTicket(WOLFSSL* ssl,
XFREE(sha384, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(hash384, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
#ifdef WOLFSSL_SHA512
XFREE(sha512, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(hash512, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
#endif
if (ret < 0)
@@ -12111,6 +12274,15 @@ int DoSessionTicket(WOLFSSL* ssl,
byte hash384[SHA384_DIGEST_SIZE];
#endif
#endif
#ifdef WOLFSSL_SHA512
#ifdef WOLFSSL_SMALL_STACK
Sha512* sha512 = NULL;
byte* hash512 = NULL;
#else
Sha512 sha512[1];
byte hash512[SHA512_DIGEST_SIZE];
#endif
#endif
/* Add hash/signature algo ID */
if (IsAtLeastTLSv1_2(ssl)) {
@@ -12205,6 +12377,28 @@ int DoSessionTicket(WOLFSSL* ssl,
goto done_b;
#endif
#ifdef WOLFSSL_SHA512
#ifdef WOLFSSL_SMALL_STACK
sha512 = (Sha512*)XMALLOC(sizeof(Sha512), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
hash512 = (byte*)XMALLOC(SHA512_DIGEST_SIZE, NULL,
DYNAMIC_TYPE_TMP_BUFFER);
if (sha512 == NULL || hash512 == NULL)
ERROR_OUT(MEMORY_E, done_b);
#endif
if (!(ret = wc_InitSha512(sha512))
&& !(ret = wc_Sha512Update(sha512, ssl->arrays->clientRandom,
RAN_LEN))
&& !(ret = wc_Sha512Update(sha512, ssl->arrays->serverRandom,
RAN_LEN))
&& !(ret = wc_Sha512Update(sha512, output + preSigIdx, preSigSz)))
ret = wc_Sha512Final(sha512, hash512);
if (ret != 0)
goto done_b;
#endif
#ifndef NO_RSA
if (ssl->suites->sigAlgo == rsa_sa_algo) {
byte* signBuffer = hash;
@@ -12247,6 +12441,13 @@ int DoSessionTicket(WOLFSSL* ssl,
digestSz = SHA384_DIGEST_SIZE;
#endif
}
else if (ssl->suites->hashAlgo == sha512_mac) {
#ifdef WOLFSSL_SHA512
digest = hash512;
typeH = SHA512h;
digestSz = SHA512_DIGEST_SIZE;
#endif
}
signSz = wc_EncodeSignature(encodedSig, digest, digestSz,
typeH);
@@ -12289,6 +12490,10 @@ int DoSessionTicket(WOLFSSL* ssl,
XFREE(sha384, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(hash384, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
#ifdef WOLFSSL_SHA512
XFREE(sha512, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(hash512, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
#endif
if (ret < 0) return ret;
@@ -13030,6 +13235,13 @@ int DoSessionTicket(WOLFSSL* ssl,
digestSz = SHA384_DIGEST_SIZE;
#endif
}
else if (hashAlgo == sha512_mac) {
#ifdef WOLFSSL_SHA512
digest = ssl->hsHashes->certHashes.sha512;
typeH = SHA512h;
digestSz = SHA512_DIGEST_SIZE;
#endif
}
sigSz = wc_EncodeSignature(encodedSig, digest, digestSz, typeH);
@@ -13082,6 +13294,12 @@ int DoSessionTicket(WOLFSSL* ssl,
digestSz = SHA384_DIGEST_SIZE;
#endif
}
else if (hashAlgo == sha512_mac) {
#ifdef WOLFSSL_SHA512
digest = ssl->hsHashes->certHashes.sha512;
digestSz = SHA512_DIGEST_SIZE;
#endif
}
}
if (doUserEcc) {

24
src/keys.c
View File

@@ -2407,11 +2407,33 @@ int SetKeysSide(WOLFSSL* ssl, enum encrypt_side side)
/* Initialize the AES-GCM/CCM explicit IV to a zero. */
XMEMCPY(ssl->keys.aead_exp_IV, keys->aead_exp_IV,
AEAD_EXP_IV_SZ);
/* Initialize encrypt implicit IV by encrypt side */
if (ssl->options.side == WOLFSSL_CLIENT_END) {
XMEMCPY(ssl->keys.aead_enc_imp_IV,
keys->client_write_IV, AEAD_IMP_IV_SZ);
} else {
XMEMCPY(ssl->keys.aead_enc_imp_IV,
keys->server_write_IV, AEAD_IMP_IV_SZ);
}
}
#endif
}
if (wc_decrypt)
if (wc_decrypt) {
ssl->keys.peer_sequence_number = keys->peer_sequence_number;
#ifdef HAVE_AEAD
if (ssl->specs.cipher_type == aead) {
/* Initialize decrypt implicit IV by decrypt side */
if (ssl->options.side == WOLFSSL_SERVER_END) {
XMEMCPY(ssl->keys.aead_dec_imp_IV,
keys->client_write_IV, AEAD_IMP_IV_SZ);
} else {
XMEMCPY(ssl->keys.aead_dec_imp_IV,
keys->server_write_IV, AEAD_IMP_IV_SZ);
}
}
#endif
}
ssl->secure_renegotiation->cache_status++;
}
#endif /* HAVE_SECURE_RENEGOTIATION */

10
src/sniffer.c
View File

@@ -1075,8 +1075,12 @@ static int SetNamedPrivateKey(const char* name, const char* address, int port,
}
XMEMSET(namedKey, 0, sizeof(NamedKey));
namedKey->nameSz = (word32)strnlen(name, sizeof(namedKey->name));
strncpy(namedKey->name, name, sizeof(namedKey->name));
namedKey->nameSz = (word32)XSTRLEN(name);
XSTRNCPY(namedKey->name, name, sizeof(namedKey->name));
if (namedKey->nameSz >= sizeof(namedKey->name)) {
namedKey->nameSz = sizeof(namedKey->name) - 1;
namedKey->name[namedKey->nameSz] = '\0';
}
ret = LoadKeyFile(&namedKey->key, &namedKey->keySz,
keyFile, type, password);
@@ -1578,6 +1582,8 @@ static int ProcessClientHello(const byte* input, int* sslBytes,
if (ret == SSL_SUCCESS) {
NamedKey* namedKey;
if (nameSz >= sizeof(name))
nameSz = sizeof(name) - 1;
name[nameSz] = 0;
LockMutex(&session->context->namedKeysMutex);
namedKey = session->context->namedKeys;

89
src/ssl.c
View File

@@ -475,6 +475,39 @@ int wolfSSL_SetTmpDH(WOLFSSL* ssl, const unsigned char* p, int pSz,
WOLFSSL_LEAVE("wolfSSL_SetTmpDH", 0);
return SSL_SUCCESS;
}
/* server ctx Diffie-Hellman parameters, SSL_SUCCESS on ok */
int wolfSSL_CTX_SetTmpDH(WOLFSSL_CTX* ctx, const unsigned char* p, int pSz,
const unsigned char* g, int gSz)
{
WOLFSSL_ENTER("wolfSSL_CTX_SetTmpDH");
if (ctx == NULL || p == NULL || g == NULL) return BAD_FUNC_ARG;
XFREE(ctx->serverDH_P.buffer, ctx->heap, DYNAMIC_TYPE_DH);
XFREE(ctx->serverDH_G.buffer, ctx->heap, DYNAMIC_TYPE_DH);
ctx->serverDH_P.buffer = (byte*)XMALLOC(pSz, ctx->heap,DYNAMIC_TYPE_DH);
if (ctx->serverDH_P.buffer == NULL)
return MEMORY_E;
ctx->serverDH_G.buffer = (byte*)XMALLOC(gSz, ctx->heap,DYNAMIC_TYPE_DH);
if (ctx->serverDH_G.buffer == NULL) {
XFREE(ctx->serverDH_P.buffer, ctx->heap, DYNAMIC_TYPE_DH);
return MEMORY_E;
}
ctx->serverDH_P.length = pSz;
ctx->serverDH_G.length = gSz;
XMEMCPY(ctx->serverDH_P.buffer, p, pSz);
XMEMCPY(ctx->serverDH_G.buffer, g, gSz);
ctx->haveDH = 1;
WOLFSSL_LEAVE("wolfSSL_CTX_SetTmpDH", 0);
return SSL_SUCCESS;
}
#endif /* !NO_DH */
@@ -816,6 +849,11 @@ int wolfSSL_Rehandshake(WOLFSSL* ssl)
if (ret !=0)
return ret;
#endif
#ifdef WOLFSSL_SHA512
ret = wc_InitSha512(&ssl->hsHashes->hashSha512);
if (ret !=0)
return ret;
#endif
ret = wolfSSL_negotiate(ssl);
return ret;
@@ -3822,37 +3860,6 @@ int wolfSSL_CTX_SetTmpDH_file(WOLFSSL_CTX* ctx, const char* fname, int format)
}
/* server ctx Diffie-Hellman parameters, SSL_SUCCESS on ok */
int wolfSSL_CTX_SetTmpDH(WOLFSSL_CTX* ctx, const unsigned char* p, int pSz,
const unsigned char* g, int gSz)
{
WOLFSSL_ENTER("wolfSSL_CTX_SetTmpDH");
if (ctx == NULL || p == NULL || g == NULL) return BAD_FUNC_ARG;
XFREE(ctx->serverDH_P.buffer, ctx->heap, DYNAMIC_TYPE_DH);
XFREE(ctx->serverDH_G.buffer, ctx->heap, DYNAMIC_TYPE_DH);
ctx->serverDH_P.buffer = (byte*)XMALLOC(pSz, ctx->heap,DYNAMIC_TYPE_DH);
if (ctx->serverDH_P.buffer == NULL)
return MEMORY_E;
ctx->serverDH_G.buffer = (byte*)XMALLOC(gSz, ctx->heap,DYNAMIC_TYPE_DH);
if (ctx->serverDH_G.buffer == NULL) {
XFREE(ctx->serverDH_P.buffer, ctx->heap, DYNAMIC_TYPE_DH);
return MEMORY_E;
}
ctx->serverDH_P.length = pSz;
ctx->serverDH_G.length = gSz;
XMEMCPY(ctx->serverDH_P.buffer, p, pSz);
XMEMCPY(ctx->serverDH_G.buffer, g, gSz);
ctx->haveDH = 1;
WOLFSSL_LEAVE("wolfSSL_CTX_SetTmpDH", 0);
return SSL_SUCCESS;
}
#endif /* NO_DH */
@@ -5165,6 +5172,13 @@ int wolfSSL_dtls_got_timeout(WOLFSSL* ssl)
return SSL_FATAL_ERROR;
}
#endif
#ifdef WOLFSSL_SHA512
if ( (ssl->error = wc_InitSha512(
&ssl->hsHashes->hashSha512)) != 0) {
WOLFSSL_ERROR(ssl->error);
return SSL_FATAL_ERROR;
}
#endif
}
if ( (ssl->error = SendClientHello(ssl)) != 0) {
WOLFSSL_ERROR(ssl->error);
@@ -5444,6 +5458,13 @@ int wolfSSL_dtls_got_timeout(WOLFSSL* ssl)
return SSL_FATAL_ERROR;
}
#endif
#ifdef WOLFSSL_SHA512
if ( (ssl->error = wc_InitSha512(
&ssl->hsHashes->hashSha512)) != 0) {
WOLFSSL_ERROR(ssl->error);
return SSL_FATAL_ERROR;
}
#endif
}
while (ssl->options.clientState < CLIENT_HELLO_COMPLETE)
@@ -8222,13 +8243,13 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
long wolfSSL_SSL_SESSION_set_timeout(WOLFSSL_SESSION* ses, long t)
{
word32 time;
word32 tmptime;
if (!ses || t < 0)
return BAD_FUNC_ARG;
time = t & 0xFFFFFFFF;
tmptime = t & 0xFFFFFFFF;
ses->timeout = time;
ses->timeout = tmptime;
return SSL_SUCCESS;
}

2
support/wolfssl.pc
View File

@@ -5,6 +5,6 @@ includedir=${prefix}/include
Name: wolfssl
Description: wolfssl C library.
Version: 3.4.6
Version: 3.4.7
Libs: -L${libdir} -lwolfssl
Cflags: -I${includedir}

20
tirtos/include.am
View File

@@ -9,14 +9,14 @@ EXTRA_DIST += \
tirtos/packages/ti/net/wolfssl/package.bld \
tirtos/packages/ti/net/wolfssl/package.xdc \
tirtos/packages/ti/net/wolfssl/package.xs \
tirtos/packages/ti/net/wolfssl/tests/wolfcrypt/test/package.bld \
tirtos/packages/ti/net/wolfssl/tests/wolfcrypt/test/package.xdc \
tirtos/packages/ti/net/wolfssl/tests/wolfcrypt/test/test.cfg \
tirtos/packages/ti/net/wolfssl/tests/wolfcrypt/test/TM4C1294NC.icf \
tirtos/packages/ti/net/wolfssl/tests/wolfcrypt/test/main.c \
tirtos/packages/ti/net/wolfssl/tests/wolfcrypt/benchmark/package.bld \
tirtos/packages/ti/net/wolfssl/tests/wolfcrypt/benchmark/package.xdc \
tirtos/packages/ti/net/wolfssl/tests/wolfcrypt/benchmark/benchmark.cfg \
tirtos/packages/ti/net/wolfssl/tests/wolfcrypt/benchmark/TM4C1294NC.icf \
tirtos/packages/ti/net/wolfssl/tests/wolfcrypt/benchmark/main.c
tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/test/package.bld \
tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/test/package.xdc \
tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/test/test.cfg \
tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/test/TM4C1294NC.icf \
tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/test/main.c \
tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/benchmark/package.bld \
tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/benchmark/package.xdc \
tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/benchmark/benchmark.cfg \
tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/benchmark/TM4C1294NC.icf \
tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/benchmark/main.c

2
tirtos/packages/ti/net/wolfssl/package.bld
View File

@@ -50,7 +50,7 @@ var wolfSSLObjList = [
for each (var targ in Build.targets) {
var libOptions = {incs: wolfsslPathInclude};
var lib = Pkg.addLibrary("lib/" + Pkg.name, targ, libOptions);
var lib = Pkg.addLibrary("lib/wolfssl", targ, libOptions);
lib.addObjects(wolfSSLObjList);
}

3
tirtos/packages/ti/net/wolfssl/package.xdc
View File

@@ -1,7 +1,6 @@
/*!
* ======== ti.net.wolfssl ========
* wolfSSL library for TI-RTOS
*
*/
package ti.net.wolfssl {
package ti.net.wolfssl [1, 0, 0] {
}

2
tirtos/packages/ti/net/wolfssl/package.xs
View File

@@ -8,5 +8,5 @@
*/
function getLibs(prog)
{
return ("lib/" + this.$name + ".a" + prog.build.target.suffix);
return ("lib/wolfssl.a" + prog.build.target.suffix);
}

0
tirtos/packages/ti/net/wolfssl/tests/wolfcrypt/benchmark/TM4C1294NC.icf → tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/benchmark/TM4C1294NC.icf
View File

0
tirtos/packages/ti/net/wolfssl/tests/wolfcrypt/benchmark/benchmark.cfg → tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/benchmark/benchmark.cfg
View File

4
tirtos/packages/ti/net/wolfssl/tests/wolfcrypt/benchmark/main.c → tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/benchmark/main.c
View File

@@ -1,6 +1,6 @@
/*
* ======== main.c ========
* Entry point for Benchmark application
* Entry point for Benchmark application
*/
/* BIOS Header files */
#include <ti/sysbios/BIOS.h>
@@ -27,7 +27,7 @@ void runBenchmarks(UArg arg0, UArg arg1)
{
void *args = NULL;
msTimer_init();
System_printf("Running benchmarks...\n");
System_flush();
benchmark_test(args);

10
tirtos/packages/ti/net/wolfssl/tests/wolfcrypt/benchmark/package.bld → tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/benchmark/package.bld
View File

@@ -10,7 +10,7 @@ if ((typeof(TivaWareDir) == undefined) || (TivaWareDir == "")) {
var Build = xdc.useModule('xdc.bld.BuildEnvironment');
var Pkg = xdc.useModule('xdc.bld.PackageContents');
/* make command to search for the srcs */
/* make command to search for the srcs */
Pkg.makePrologue = "vpath %.c $(subst ;, ,$(XPKGPATH))";
var srcs = [
@@ -37,16 +37,16 @@ for each (var targ in Build.targets) {
targ.$orig.lnkOpts.suffix = suffix.replace(/PrintfSmall/, "PrintfFull");
}
else if (targ.$name.match(/^gnu/)) {
targ.$orig.lnkOpts.suffix += " -L" + TivaWareDir + "/driverlib/gcc "
targ.$orig.lnkOpts.suffix += " -L" + TivaWareDir + "/driverlib/gcc "
+ " -Wl,--start-group -ldriver -Wl,--end-group ";
targ.$orig.bspLib = "rdimon";
}
var exeOptions = { incs: wolfsslPathInclude
var exeOptions = { incs: wolfsslPathInclude
+ " -DNO_MAIN_DRIVER -D_INCLUDE_NIMU_CODE -DBENCH_EMBEDDED "
+ " -DTIVAWARE -DPART_TM4C1294NCPDT",
lopts: lnkOpts
};
};
var exe = Pkg.addExecutable("benchmark", targ, platform, exeOptions);
exe.addObjects(srcs);

6
tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/benchmark/package.xdc Normal file
View File

@@ -0,0 +1,6 @@
/*
* ======== ti.net.wolfssl.tests.EK_TM4C1294XL.wolfcrypt.benchmark ========
* wc_ Benchmark Application
*/
package ti.net.wolfssl.tests.EK_TM4C1294XL.wolfcrypt.benchmark [1, 0, 0] {
}

0
tirtos/packages/ti/net/wolfssl/tests/wolfcrypt/test/TM4C1294NC.icf → tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/test/TM4C1294NC.icf
View File

3
tirtos/packages/ti/net/wolfssl/tests/wolfcrypt/test/main.c → tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/test/main.c
View File

@@ -1,6 +1,6 @@
/*
* ======== main.c ========
* Entry point to wolfcrypt Test Application
* Entry point to wolfcrypt Test Application
*/
/* XDCtools Header files */
@@ -53,4 +53,3 @@ int main(int argc, char** argv)
BIOS_start();
}

10
tirtos/packages/ti/net/wolfssl/tests/wolfcrypt/test/package.bld → tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/test/package.bld
View File

@@ -10,7 +10,7 @@ if ((typeof(TivaWareDir) == undefined) || (TivaWareDir == "")) {
var Build = xdc.useModule('xdc.bld.BuildEnvironment');
var Pkg = xdc.useModule('xdc.bld.PackageContents');
/* make command to search for the srcs */
/* make command to search for the srcs */
Pkg.makePrologue = "vpath %.c $(subst ;, ,$(XPKGPATH))";
var srcs = [
@@ -33,16 +33,16 @@ for each (var targ in Build.targets) {
platform = "ti.platforms.tiva:TM4C1294NCPDT";
}
else if (targ.$name.match(/^gnu/)) {
targ.$orig.lnkOpts.suffix += " -L" + TivaWareDir + "/driverlib/gcc "
targ.$orig.lnkOpts.suffix += " -L" + TivaWareDir + "/driverlib/gcc "
+ " -Wl,--start-group -ldriver -Wl,--end-group ";
targ.$orig.bspLib = "rdimon";
}
var exeOptions = { incs: wolfsslPathInclude
var exeOptions = { incs: wolfsslPathInclude
+ " -DNO_MAIN_DRIVER -D_INCLUDE_NIMU_CODE -DBENCH_EMBEDDED "
+ " -DTIVAWARE -DPART_TM4C1294NCPDT",
lopts: lnkOpts,
};
};
var exe = Pkg.addExecutable("test", targ, platform, exeOptions);
exe.addObjects(srcs);

6
tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/test/package.xdc Normal file
View File

@@ -0,0 +1,6 @@
/*
* ======== ti.net.wolfssl.tests.EK_TM4C1294XL.wolfcrypt.test ========
* wolfcrypt Test Application
*/
package ti.net.wolfssl.tests.EK_TM4C1294XL.wolfcrypt.test [1, 0, 0] {
}

0
tirtos/packages/ti/net/wolfssl/tests/wolfcrypt/test/test.cfg → tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/test/test.cfg
View File

6
tirtos/packages/ti/net/wolfssl/tests/wolfcrypt/benchmark/package.xdc
View File

@@ -1,6 +0,0 @@
/*
* ======== ti.net.wolfssl.tests.wolfcrypt.benchmark ========
* wc_ Benchmark Application
*/
package ti.net.wolfssl.tests.wolfcrypt.benchmark {
}

6
tirtos/packages/ti/net/wolfssl/tests/wolfcrypt/test/package.xdc
View File

@@ -1,6 +0,0 @@
/*
* ======== ti.net.wolfssl.tests.wolfcrypt.test ========
* wolfcrypt Test Application
*/
package ti.net.wolfssl.tests.wolfcrypt.test {
}

13
tirtos/wolfssl.bld
View File

@@ -32,21 +32,24 @@
*/
var armOpts = " -ms ";
var gnuOpts = "";
var gnuOpts = " -D_POSIX_SOURCE ";
var iarOpts = "";
/* Uncomment the following lines to build libraries for debug mode: */
// Pkg.attrs.profile = "debug";
// armOpts += " -g -o0 ";
// gnuOpts += " -g ";
// gnuOpts += " -g -D_POSIX_SOURCE ";
// iarOpts += " --debug ";
var ccOpts = {
"ti.targets.arm.elf.M4F" : armOpts,
"ti.targets.arm.elf.M4" : armOpts,
"ti.targets.arm.elf.M4F" : armOpts,
"gnu.targets.arm.M4F" : gnuOpts,
"gnu.targets.arm.M4" : gnuOpts,
"gnu.targets.arm.M4F" : gnuOpts,
"iar.targets.arm.M4F" : iarOpts,
"iar.targets.arm.M4" : iarOpts,
"iar.targets.arm.M4F" : iarOpts,
};
/* initialize local vars with those set in xdcpaths.mak (via XDCARGS) */

29
wolfcrypt/src/asn.c
View File

@@ -363,7 +363,7 @@ time_t XTIME(time_t * timer)
{
time_t sec = 0;
sec = (time_t) MYTIME_gettime();
sec = (time_t) Seconds_get();
if (timer != NULL)
*timer = sec;
@@ -1425,6 +1425,7 @@ void InitDecodedCert(DecodedCert* cert, byte* source, word32 inSz, void* heap)
cert->subjectCNLen = 0;
cert->subjectCNEnc = CTC_UTF8;
cert->subjectCNStored = 0;
cert->weOwnAltNames = 0;
cert->altNames = NULL;
#ifndef IGNORE_NAME_CONSTRAINTS
cert->altEmailNames = NULL;
@@ -1563,7 +1564,7 @@ void FreeDecodedCert(DecodedCert* cert)
XFREE(cert->subjectCN, cert->heap, DYNAMIC_TYPE_SUBJECT_CN);
if (cert->pubKeyStored == 1)
XFREE(cert->publicKey, cert->heap, DYNAMIC_TYPE_PUBLIC_KEY);
if (cert->altNames)
if (cert->weOwnAltNames && cert->altNames)
FreeAltNames(cert->altNames, cert->heap);
#ifndef IGNORE_NAME_CONSTRAINTS
if (cert->altEmailNames)
@@ -2363,12 +2364,12 @@ int ValidateDate(const byte* date, byte format, int dateType)
time_t ltime;
struct tm certTime;
struct tm* localTime;
struct tm* tmpTime;
struct tm* tmpTime = NULL;
int i = 0;
#ifdef FREESCALE_MQX
struct tm mqxTime;
tmpTime = &mqxTime;
#if defined(FREESCALE_MQX) || defined(TIME_OVERRIDES)
struct tm tmpTimeStorage;
tmpTime = &tmpTimeStorage;
#else
(void)tmpTime;
#endif
@@ -2394,9 +2395,9 @@ int ValidateDate(const byte* date, byte format, int dateType)
GetTime((int*)&certTime.tm_hour, date, &i);
GetTime((int*)&certTime.tm_min, date, &i);
GetTime((int*)&certTime.tm_sec, date, &i);
if (date[i] != 'Z') { /* only Zulu supported for this profile */
WOLFSSL_MSG("Only Zulu time supported for this profile");
WOLFSSL_MSG("Only Zulu time supported for this profile");
return 0;
}
@@ -3416,6 +3417,8 @@ static int DecodeAltNames(byte* input, int sz, DecodedCert* cert)
return ASN_PARSE_E;
}
cert->weOwnAltNames = 1;
while (length > 0) {
byte b = input[idx++];
@@ -5217,13 +5220,13 @@ static int SetValidity(byte* output, int daysValid)
time_t ticks;
time_t normalTime;
struct tm* now;
struct tm* tmpTime;
struct tm* tmpTime = NULL;
struct tm local;
#ifdef FREESCALE_MQX
/* for use with MQX gmtime_r */
struct tm mqxTime;
tmpTime = &mqxTime;
#if defined(FREESCALE_MQX) || defined(TIME_OVERRIDES)
/* for use with gmtime_r */
struct tm tmpTimeStorage;
tmpTime = &tmpTimeStorage;
#else
(void)tmpTime;
#endif

37
wolfcrypt/src/chacha.c
View File

@@ -78,10 +78,6 @@
int wc_Chacha_SetIV(ChaCha* ctx, const byte* inIv, word32 counter)
{
word32 temp[3]; /* used for alignment of memory */
XMEMSET(temp, 0, 12);
if (ctx == NULL)
return BAD_FUNC_ARG;
#ifdef CHACHA_AEAD_TEST
word32 i;
@@ -92,12 +88,15 @@ int wc_Chacha_SetIV(ChaCha* ctx, const byte* inIv, word32 counter)
printf("\n\n");
#endif
if (ctx == NULL)
return BAD_FUNC_ARG;
XMEMCPY(temp, inIv, 12);
ctx->X[12] = counter; /* block counter */
ctx->X[13] = temp[0]; /* fixed variable from nonce */
ctx->X[14] = temp[1]; /* counter from nonce */
ctx->X[15] = temp[2]; /* counter from nonce */
ctx->X[12] = LITTLE32(counter); /* block counter */
ctx->X[13] = LITTLE32(temp[0]); /* fixed variable from nonce */
ctx->X[14] = LITTLE32(temp[1]); /* counter from nonce */
ctx->X[15] = LITTLE32(temp[2]); /* counter from nonce */
return 0;
}
@@ -115,14 +114,20 @@ int wc_Chacha_SetKey(ChaCha* ctx, const byte* key, word32 keySz)
const word32* constants;
const byte* k;
#ifdef XSTREAM_ALIGN
word32 alignKey[8];
#endif
if (ctx == NULL)
return BAD_FUNC_ARG;
if (keySz != 16 && keySz != 32)
return BAD_FUNC_ARG;
#ifdef XSTREAM_ALIGN
word32 alignKey[keySz / 4];
if ((wolfssl_word)key % 4) {
WOLFSSL_MSG("wc_ChachaSetKey unaligned key");
XMEMCPY(alignKey, key, sizeof(alignKey));
XMEMCPY(alignKey, key, keySz);
k = (byte*)alignKey;
}
else {
@@ -152,20 +157,16 @@ int wc_Chacha_SetKey(ChaCha* ctx, const byte* key, word32 keySz)
constants = sigma;
}
else {
/* key size of 128 */
if (keySz != 16)
return BAD_FUNC_ARG;
constants = tau;
}
ctx->X[ 8] = U8TO32_LITTLE(k + 0);
ctx->X[ 9] = U8TO32_LITTLE(k + 4);
ctx->X[10] = U8TO32_LITTLE(k + 8);
ctx->X[11] = U8TO32_LITTLE(k + 12);
ctx->X[ 0] = U8TO32_LITTLE(constants + 0);
ctx->X[ 1] = U8TO32_LITTLE(constants + 1);
ctx->X[ 2] = U8TO32_LITTLE(constants + 2);
ctx->X[ 3] = U8TO32_LITTLE(constants + 3);
ctx->X[ 0] = constants[0];
ctx->X[ 1] = constants[1];
ctx->X[ 2] = constants[2];
ctx->X[ 3] = constants[3];
return 0;
}

10
wolfcrypt/src/sha256.c
View File

@@ -446,9 +446,9 @@ int wc_Sha256Update(Sha256* sha256, const byte* data, word32 len)
if (sha256->buffLen == SHA256_BLOCK_SIZE) {
int ret;
#if defined(LITTLE_ENDIAN_ORDER)
#if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
#if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)
if(!IS_INTEL_AVX1 && !IS_INTEL_AVX2)
if(!IS_INTEL_AVX1 && !IS_INTEL_AVX2)
#endif
ByteReverseWords(sha256->buffer, sha256->buffer,
SHA256_BLOCK_SIZE);
@@ -481,7 +481,7 @@ int wc_Sha256Final(Sha256* sha256, byte* hash)
XMEMSET(&local[sha256->buffLen], 0, SHA256_BLOCK_SIZE - sha256->buffLen);
sha256->buffLen += SHA256_BLOCK_SIZE - sha256->buffLen;
#if defined(LITTLE_ENDIAN_ORDER)
#if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
#if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)
if(!IS_INTEL_AVX1 && !IS_INTEL_AVX2)
#endif
@@ -502,7 +502,7 @@ int wc_Sha256Final(Sha256* sha256, byte* hash)
sha256->loLen = sha256->loLen << 3;
/* store lengths */
#if defined(LITTLE_ENDIAN_ORDER)
#if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
#if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)
if(!IS_INTEL_AVX1 && !IS_INTEL_AVX2)
#endif
@@ -512,7 +512,7 @@ int wc_Sha256Final(Sha256* sha256, byte* hash)
XMEMCPY(&local[SHA256_PAD_SIZE], &sha256->hiLen, sizeof(word32));
XMEMCPY(&local[SHA256_PAD_SIZE + sizeof(word32)], &sha256->loLen,
sizeof(word32));
#if defined(FREESCALE_MMCAU) || defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)
/* Kinetis requires only these bytes reversed */
#if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)

521
wolfssl/internal.h
View File

@@ -181,172 +181,284 @@ typedef byte word24[3];
make sure to use at least one BUILD_SSL_xxx or BUILD_TLS_xxx is defined
When adding cipher suites, add name to cipher_names, idx to cipher_name_idx
Now that there is a maximum strength crypto build, the following BUILD_XXX
flags need to be divided into two groups selected by WOLFSSL_MAX_STRENGTH.
Those that do not use Perfect Forward Security and do not use AEAD ciphers
need to be switched off. Allowed suites use (EC)DHE, AES-GCM|CCM, or
CHACHA-POLY.
*/
#if !defined(NO_RSA) && !defined(NO_RC4)
#if !defined(NO_SHA)
#define BUILD_SSL_RSA_WITH_RC4_128_SHA
#endif
#if !defined(NO_MD5)
#define BUILD_SSL_RSA_WITH_RC4_128_MD5
#endif
#if !defined(NO_TLS) && defined(HAVE_NTRU) && !defined(NO_SHA)
#define BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA
#endif
/* Check that if WOLFSSL_MAX_STRENGTH is set that all the required options are
* not turned off. */
#if defined(WOLFSSL_MAX_STRENGTH) && \
((!defined(HAVE_ECC) && (defined(NO_DH) || defined(NO_RSA))) || \
(!defined(HAVE_AESGCM) && !defined(HAVE_AESCCM) && \
(!defined(HAVE_POLY1305) || !defined(HAVE_CHACHA))) || \
(defined(NO_SHA256) && !defined(WOLFSSL_SHA384)) || \
!defined(NO_OLD_TLS))
#error "You are trying to build max strength with requirements disabled."
#endif
#if !defined(NO_RSA) && !defined(NO_DES3)
#if !defined(NO_SHA)
#define BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA
#if !defined(NO_TLS) && defined(HAVE_NTRU)
#define BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA
#endif
#endif
#endif
#ifndef WOLFSSL_MAX_STRENGTH
#if !defined(NO_RSA) && !defined(NO_AES) && !defined(NO_TLS)
#if !defined(NO_SHA)
#define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA
#define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA
#if defined(HAVE_NTRU)
#define BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA
#define BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA
#endif
#endif
#if !defined (NO_SHA256)
#define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256
#define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256
#endif
#if defined (HAVE_AESGCM)
#define BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256
#if defined (WOLFSSL_SHA384)
#define BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384
#if !defined(NO_RSA) && !defined(NO_RC4)
#if !defined(NO_SHA)
#define BUILD_SSL_RSA_WITH_RC4_128_SHA
#endif
#if !defined(NO_MD5)
#define BUILD_SSL_RSA_WITH_RC4_128_MD5
#endif
#if !defined(NO_TLS) && defined(HAVE_NTRU) && !defined(NO_SHA)
#define BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA
#endif
#endif
#if defined (HAVE_AESCCM)
#define BUILD_TLS_RSA_WITH_AES_128_CCM_8
#define BUILD_TLS_RSA_WITH_AES_256_CCM_8
#endif
#if defined(HAVE_BLAKE2)
#define BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256
#define BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256
#endif
#endif
#if defined(HAVE_CAMELLIA) && !defined(NO_TLS)
#ifndef NO_RSA
#if !defined(NO_SHA)
#define BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
#define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
#endif
#ifndef NO_SHA256
#define BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
#define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
#if !defined(NO_RSA) && !defined(NO_DES3)
#if !defined(NO_SHA)
#define BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA
#if !defined(NO_TLS) && defined(HAVE_NTRU)
#define BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA
#endif
#endif
#if !defined(NO_DH)
#endif
#if !defined(NO_RSA) && !defined(NO_AES) && !defined(NO_TLS)
#if !defined(NO_SHA)
#define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA
#define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA
#if defined(HAVE_NTRU)
#define BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA
#define BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA
#endif
#endif
#if !defined (NO_SHA256)
#define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256
#define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256
#endif
#if defined (HAVE_AESGCM)
#define BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256
#if defined (WOLFSSL_SHA384)
#define BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384
#endif
#endif
#if defined (HAVE_AESCCM)
#define BUILD_TLS_RSA_WITH_AES_128_CCM_8
#define BUILD_TLS_RSA_WITH_AES_256_CCM_8
#endif
#if defined(HAVE_BLAKE2)
#define BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256
#define BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256
#endif
#endif
#if defined(HAVE_CAMELLIA) && !defined(NO_TLS)
#ifndef NO_RSA
#if !defined(NO_SHA)
#define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
#define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
#define BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
#define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
#endif
#ifndef NO_SHA256
#define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
#define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
#define BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
#define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
#endif
#if !defined(NO_DH)
#if !defined(NO_SHA)
#define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
#define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
#endif
#ifndef NO_SHA256
#define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
#define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
#endif
#endif
#endif
#endif
#endif
#if !defined(NO_PSK) && !defined(NO_AES) && !defined(NO_TLS)
#if !defined(NO_SHA)
#define BUILD_TLS_PSK_WITH_AES_128_CBC_SHA
#define BUILD_TLS_PSK_WITH_AES_256_CBC_SHA
#endif
#ifndef NO_SHA256
#define BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256
#ifdef HAVE_AESGCM
#define BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256
#if !defined(NO_PSK) && !defined(NO_AES) && !defined(NO_TLS)
#if !defined(NO_SHA)
#define BUILD_TLS_PSK_WITH_AES_128_CBC_SHA
#define BUILD_TLS_PSK_WITH_AES_256_CBC_SHA
#endif
#ifdef HAVE_AESCCM
#define BUILD_TLS_PSK_WITH_AES_128_CCM_8
#define BUILD_TLS_PSK_WITH_AES_256_CCM_8
#define BUILD_TLS_PSK_WITH_AES_128_CCM
#define BUILD_TLS_PSK_WITH_AES_256_CCM
#endif
#endif
#ifdef WOLFSSL_SHA384
#define BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384
#ifdef HAVE_AESGCM
#define BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384
#endif
#endif
#endif
#if !defined(NO_TLS) && defined(HAVE_NULL_CIPHER)
#if !defined(NO_RSA)
#if !defined(NO_SHA)
#define BUILD_TLS_RSA_WITH_NULL_SHA
#endif
#ifndef NO_SHA256
#define BUILD_TLS_RSA_WITH_NULL_SHA256
#endif
#endif
#if !defined(NO_PSK)
#if !defined(NO_SHA)
#define BUILD_TLS_PSK_WITH_NULL_SHA
#endif
#ifndef NO_SHA256
#define BUILD_TLS_PSK_WITH_NULL_SHA256
#define BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256
#ifdef HAVE_AESGCM
#define BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256
#endif
#ifdef HAVE_AESCCM
#define BUILD_TLS_PSK_WITH_AES_128_CCM_8
#define BUILD_TLS_PSK_WITH_AES_256_CCM_8
#define BUILD_TLS_PSK_WITH_AES_128_CCM
#define BUILD_TLS_PSK_WITH_AES_256_CCM
#endif
#endif
#ifdef WOLFSSL_SHA384
#define BUILD_TLS_PSK_WITH_NULL_SHA384
#endif
#endif
#endif
#if !defined(NO_HC128) && !defined(NO_RSA) && !defined(NO_TLS)
#define BUILD_TLS_RSA_WITH_HC_128_MD5
#if !defined(NO_SHA)
#define BUILD_TLS_RSA_WITH_HC_128_SHA
#endif
#if defined(HAVE_BLAKE2)
#define BUILD_TLS_RSA_WITH_HC_128_B2B256
#endif
#endif
#if !defined(NO_RABBIT) && !defined(NO_TLS) && !defined(NO_RSA)
#if !defined(NO_SHA)
#define BUILD_TLS_RSA_WITH_RABBIT_SHA
#endif
#endif
#if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && \
!defined(NO_RSA)
#if !defined(NO_SHA)
#define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
#define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
#endif
#if !defined (NO_SHA256)
#define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
#define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
#if defined (HAVE_AESGCM)
#define BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
#if defined (WOLFSSL_SHA384)
#define BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
#define BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384
#ifdef HAVE_AESGCM
#define BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384
#endif
#endif
#endif
#endif
#if defined(HAVE_ANON) && !defined(NO_TLS) && !defined(NO_DH) && \
!defined(NO_AES) && !defined(NO_SHA)
#define BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA
#if !defined(NO_TLS) && defined(HAVE_NULL_CIPHER)
#if !defined(NO_RSA)
#if !defined(NO_SHA)
#define BUILD_TLS_RSA_WITH_NULL_SHA
#endif
#ifndef NO_SHA256
#define BUILD_TLS_RSA_WITH_NULL_SHA256
#endif
#endif
#if !defined(NO_PSK)
#if !defined(NO_SHA)
#define BUILD_TLS_PSK_WITH_NULL_SHA
#endif
#ifndef NO_SHA256
#define BUILD_TLS_PSK_WITH_NULL_SHA256
#endif
#ifdef WOLFSSL_SHA384
#define BUILD_TLS_PSK_WITH_NULL_SHA384
#endif
#endif
#endif
#if !defined(NO_HC128) && !defined(NO_RSA) && !defined(NO_TLS)
#define BUILD_TLS_RSA_WITH_HC_128_MD5
#if !defined(NO_SHA)
#define BUILD_TLS_RSA_WITH_HC_128_SHA
#endif
#if defined(HAVE_BLAKE2)
#define BUILD_TLS_RSA_WITH_HC_128_B2B256
#endif
#endif
#if !defined(NO_RABBIT) && !defined(NO_TLS) && !defined(NO_RSA)
#if !defined(NO_SHA)
#define BUILD_TLS_RSA_WITH_RABBIT_SHA
#endif
#endif
#if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && \
!defined(NO_RSA)
#if !defined(NO_SHA)
#define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
#define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
#endif
#if !defined(NO_SHA256)
#define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
#define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
#endif
#endif
#if defined(HAVE_ANON) && !defined(NO_TLS) && !defined(NO_DH) && \
!defined(NO_AES) && !defined(NO_SHA)
#define BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA
#endif
#if !defined(NO_DH) && !defined(NO_PSK) && !defined(NO_TLS)
#ifndef NO_SHA256
#define BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
#ifdef HAVE_NULL_CIPHER
#define BUILD_TLS_DHE_PSK_WITH_NULL_SHA256
#endif
#endif
#ifdef WOLFSSL_SHA384
#define BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
#ifdef HAVE_NULL_CIPHER
#define BUILD_TLS_DHE_PSK_WITH_NULL_SHA384
#endif
#endif
#endif
#if defined(HAVE_ECC) && !defined(NO_TLS)
#if !defined(NO_AES)
#if !defined(NO_SHA)
#if !defined(NO_RSA)
#define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
#define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
#define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
#define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
#endif
#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
#define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
#define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
#endif /* NO_SHA */
#ifndef NO_SHA256
#if !defined(NO_RSA)
#define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
#define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
#endif
#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
#define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
#endif
#ifdef WOLFSSL_SHA384
#if !defined(NO_RSA)
#define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
#define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
#endif
#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
#define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
#endif
#if defined (HAVE_AESGCM)
#if !defined(NO_RSA)
#define BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
#if defined(WOLFSSL_SHA384)
#define BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
#endif
#endif
#define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
#if defined(WOLFSSL_SHA384)
#define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
#endif
#endif
#endif /* NO_AES */
#if !defined(NO_RC4)
#if !defined(NO_SHA)
#if !defined(NO_RSA)
#define BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA
#define BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA
#endif
#define BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
#define BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
#endif
#endif
#if !defined(NO_DES3)
#if !defined(NO_RSA)
#define BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
#define BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
#endif
#define BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
#define BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
#endif
#endif
#endif /* !WOLFSSL_MAX_STRENGTH */
#if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && \
!defined(NO_RSA) && defined(HAVE_AESGCM)
#ifndef NO_SHA256
#define BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
#endif
#ifdef WOLFSSL_SHA384
#define BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
#endif
#endif
#if !defined(NO_DH) && !defined(NO_PSK) && !defined(NO_TLS)
#ifndef NO_SHA256
#define BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
#ifdef HAVE_NULL_CIPHER
#define BUILD_TLS_DHE_PSK_WITH_NULL_SHA256
#endif
#ifdef HAVE_AESGCM
#define BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
#endif
@@ -355,93 +467,41 @@ typedef byte word24[3];
#define BUILD_TLS_DHE_PSK_WITH_AES_256_CCM
#endif
#endif
#ifdef WOLFSSL_SHA384
#define BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
#ifdef HAVE_NULL_CIPHER
#define BUILD_TLS_DHE_PSK_WITH_NULL_SHA384
#endif
#ifdef HAVE_AESGCM
#define BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
#endif
#if defined(WOLFSSL_SHA384) && defined(HAVE_AESGCM)
#define BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
#endif
#endif
#if defined(HAVE_ECC) && !defined(NO_TLS)
#if !defined(NO_AES)
#if !defined(NO_SHA)
#if !defined(NO_RSA)
#define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
#define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
#define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
#define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
#endif
#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
#define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
#define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
#endif /* NO_SHA */
#if defined(HAVE_ECC) && !defined(NO_TLS) && !defined(NO_AES)
#ifdef HAVE_AESGCM
#ifndef NO_SHA256
#if !defined(NO_RSA)
#define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
#define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
#endif
#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
#define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
#endif
#ifdef WOLFSSL_SHA384
#if !defined(NO_RSA)
#define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
#define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
#endif
#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
#define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
#endif
#if defined (HAVE_AESGCM)
#if !defined(NO_RSA)
#define BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
#define BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
#if defined(WOLFSSL_SHA384)
#define BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
#define BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
#endif
#endif
#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
#define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
#if defined(WOLFSSL_SHA384)
#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
#define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
#ifndef NO_RSA
#define BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
#endif
#endif
#if defined (HAVE_AESCCM)
#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
#endif
#endif /* NO_AES */
#if !defined(NO_RC4)
#if !defined(NO_SHA)
#if !defined(NO_RSA)
#define BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA
#define BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA
#ifdef WOLFSSL_SHA384
#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
#ifndef NO_RSA
#define BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
#endif
#define BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
#define BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
#endif
#endif
#if !defined(NO_DES3)
#if !defined(NO_RSA)
#define BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
#define BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
#endif
#if defined(HAVE_AESCCM) && !defined(NO_SHA256)
#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
#endif
#endif
#define BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
#define BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(NO_SHA256)
#ifdef HAVE_ECC
#define BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
#ifndef NO_RSA
#define BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
#endif
#endif
#if !defined(NO_DH) && !defined(NO_RSA)
#define BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
#endif
#endif
@@ -463,6 +523,7 @@ typedef byte word24[3];
#endif
#if defined(BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256) || \
defined(BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256) || \
defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) || \
defined(BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256)
#define BUILD_AESGCM
@@ -499,25 +560,21 @@ typedef byte word24[3];
#ifdef HAVE_CHACHA
#define CHACHA20_BLOCK_SIZE 16
/* ChaCha - Poly AEAD suites */
#if defined(HAVE_POLY1305) && !defined(NO_SHA256)
#if defined(HAVE_ECC)
#if !defined(NO_RSA)
#define BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
#endif
#define BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
#endif
#if !defined(NO_DH) && !defined(NO_RSA)
#define BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
#endif
#endif /* end of ChaCha - Poly AEAD suites */
#endif
#if defined(BUILD_AESGCM) || defined(HAVE_AESCCM) || \
(defined(HAVE_CHACHA) && defined(HAVE_POLY1305))
#if defined(WOLFSSL_MAX_STRENGTH) || \
defined(HAVE_AESGCM) || defined(HAVE_AESCCM) || \
(defined(HAVE_CHACHA) && defined(HAVE_POLY1305))
#define HAVE_AEAD
#endif
#if defined(WOLFSSL_MAX_STRENGTH) || \
defined(HAVE_ECC) || !defined(NO_DH)
#define HAVE_PFS
#endif
/* actual cipher values, 2nd byte */
enum {
@@ -1657,6 +1714,9 @@ typedef struct Hashes {
#ifdef WOLFSSL_SHA384
byte sha384[SHA384_DIGEST_SIZE];
#endif
#ifdef WOLFSSL_SHA512
byte sha512[SHA512_DIGEST_SIZE];
#endif
} Hashes;
@@ -2033,6 +2093,9 @@ typedef struct HS_Hashes {
#ifdef WOLFSSL_SHA384
Sha384 hashSha384; /* sha384 hash of handshake msgs */
#endif
#ifdef WOLFSSL_SHA512
Sha512 hashSha512; /* sha512 hash of handshake msgs */
#endif
} HS_Hashes;

5
wolfssl/ssl.h
View File

@@ -882,7 +882,6 @@ WOLFSSL_API int wolfSSL_SetTmpDH(WOLFSSL*, const unsigned char* p, int pSz,
const unsigned char* g, int gSz);
WOLFSSL_API int wolfSSL_SetTmpDH_buffer(WOLFSSL*, const unsigned char* b, long sz,
int format);
WOLFSSL_API int wolfSSL_SetTmpEC_DHE_Sz(WOLFSSL*, unsigned short);
#ifndef NO_FILESYSTEM
WOLFSSL_API int wolfSSL_SetTmpDH_file(WOLFSSL*, const char* f, int format);
#endif
@@ -892,7 +891,6 @@ WOLFSSL_API int wolfSSL_CTX_SetTmpDH(WOLFSSL_CTX*, const unsigned char* p,
int pSz, const unsigned char* g, int gSz);
WOLFSSL_API int wolfSSL_CTX_SetTmpDH_buffer(WOLFSSL_CTX*, const unsigned char* b,
long sz, int format);
WOLFSSL_API int wolfSSL_CTX_SetTmpEC_DHE_Sz(WOLFSSL_CTX*, unsigned short);
#ifndef NO_FILESYSTEM
WOLFSSL_API int wolfSSL_CTX_SetTmpDH_file(WOLFSSL_CTX*, const char* f,
@@ -900,6 +898,9 @@ WOLFSSL_API int wolfSSL_CTX_SetTmpEC_DHE_Sz(WOLFSSL_CTX*, unsigned short);
#endif
#endif /* NO_DH */
WOLFSSL_API int wolfSSL_SetTmpEC_DHE_Sz(WOLFSSL*, unsigned short);
WOLFSSL_API int wolfSSL_CTX_SetTmpEC_DHE_Sz(WOLFSSL_CTX*, unsigned short);
/* keyblock size in bytes or -1 */
/* need to call wolfSSL_KeepArrays before handshake to save keys */
WOLFSSL_API int wolfSSL_get_keyblock_size(WOLFSSL*);

4
wolfssl/version.h
View File

@@ -26,8 +26,8 @@
extern "C" {
#endif
#define LIBWOLFSSL_VERSION_STRING "3.4.6"
#define LIBWOLFSSL_VERSION_HEX 0x03004006
#define LIBWOLFSSL_VERSION_STRING "3.4.7"
#define LIBWOLFSSL_VERSION_HEX 0x03004007
#ifdef __cplusplus
}

1
wolfssl/wolfcrypt/asn.h
View File

@@ -387,6 +387,7 @@ struct DecodedCert {
byte extNameConstraintSet;
#endif /* IGNORE_NAME_CONSTRAINTS */
byte isCA; /* CA basic constraint true */
byte weOwnAltNames; /* altNames haven't been given to copy */
byte extKeyUsageSet;
word16 extKeyUsage; /* Key usage bitfield */
byte extExtKeyUsageSet; /* Extended Key Usage */

37
wolfssl/wolfcrypt/settings.h
View File

@@ -105,18 +105,21 @@
/* Uncomment next line if building for uT-Kernel */
/* #define WOLFSSL_uTKERNEL2 */
/* Uncomment next line if using Max Strength build */
/* #define WOLFSSL_MAX_STRENGTH */
#include <wolfssl/wolfcrypt/visibility.h>
#ifdef IPHONE
#define SIZEOF_LONG_LONG 8
#endif
#ifdef WOLFSSL_USER_SETTINGS
#include <user_settings.h>
#endif
#ifdef IPHONE
#define SIZEOF_LONG_LONG 8
#endif
#ifdef COMVERGE
#define THREADX
#define HAVE_NETX
@@ -337,7 +340,7 @@
#pragma diag_suppress=11
#endif
#include <ti/ndk/nettools/mytime/mytime.h>
#include <ti/sysbios/hal/Seconds.h>
#endif
#ifdef EBSNET
@@ -700,11 +703,11 @@
/* stream ciphers except arc4 need 32bit alignment, intel ok without */
#ifndef XSTREAM_ALIGNMENT
#ifndef XSTREAM_ALIGN
#if defined(__x86_64__) || defined(__ia64__) || defined(__i386__)
#define NO_XSTREAM_ALIGNMENT
#define NO_XSTREAM_ALIGN
#else
#define XSTREAM_ALIGNMENT
#define XSTREAM_ALIGN
#endif
#endif
@@ -720,7 +723,7 @@
#ifndef WOLFSSL_GENERAL_ALIGNMENT
#ifdef WOLFSSL_AESNI
#define WOLFSSL_GENERAL_ALIGNMENT 16
#elif defined(XSTREAM_ALIGNMENT)
#elif defined(XSTREAM_ALIGN)
#define WOLFSSL_GENERAL_ALIGNMENT 4
#elif defined(FREESCALE_MMCAU)
#define WOLFSSL_GENERAL_ALIGNMENT WOLFSSL_MMCAU_ALIGNMENT
@@ -748,6 +751,20 @@
#endif
#endif
/* if desktop type system and fastmath increase default max bits */
#ifdef WOLFSSL_X86_64_BUILD
#ifdef USE_FAST_MATH
#ifndef FP_MAX_BITS
#define FP_MAX_BITS 8192
#endif
#endif
#endif
/* If using the max strength build, ensure OLD TLS is disabled. */
#ifdef WOLFSSL_MAX_STRENGTH
#undef NO_OLD_TLS
#define NO_OLD_TLS
#endif
/* Place any other flags or defines here */