feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Added support for building with certificate parsing only. ./configure --enable-asn=nocrypt. Added new API for parsing PIV format certificates wc_ParseCertPIV with WOLFSSL_CERT_PIV build option. Added wc_DeCompress_ex with ability to decompress GZIP. Moved the ZLIB error codes into wolfCrypt.

Browse Source
This commit is contained in:
David Garske
2018-09-25 12:16:59 -07:00
parent 4ca7460735
commit 680a863054
13 changed files with 215 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
configure.ac
View File

@@ -1826,6 +1826,11 @@ else
then then
AM_CFLAGS="$AM_CFLAGS -DNO_ASN -DNO_CERTS -DNO_BIG_INT" AM_CFLAGS="$AM_CFLAGS -DNO_ASN -DNO_CERTS -DNO_BIG_INT"
ENABLED_ASN=no ENABLED_ASN=no
else
if test "$ENABLED_ASN" = "nocrypt"
then
AM_CFLAGS="$AM_CFLAGS -DNO_ASN_CRYPT"
fi
fi fi
fi fi

9
src/internal.c
View File

@@ -15414,15 +15414,6 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e)
case NTRU_DECRYPT_ERROR: case NTRU_DECRYPT_ERROR:
return "NTRU decrypt error"; return "NTRU decrypt error";
case ZLIB_INIT_ERROR:
return "zlib init error";
case ZLIB_COMPRESS_ERROR:
return "zlib compress error";
case ZLIB_DECOMPRESS_ERROR:
return "zlib decompress error";
case GETTIME_ERROR: case GETTIME_ERROR:
return "gettimeofday() error"; return "gettimeofday() error";

117
wolfcrypt/src/asn.c
View File

@@ -2336,7 +2336,7 @@ int wc_CheckPrivateKey(byte* key, word32 keySz, DecodedCert* der)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
} }
#if !defined(NO_RSA) #if !defined(NO_RSA) && !defined(NO_ASN_CRYPT)
/* test if RSA key */ /* test if RSA key */
if (der->keyOID == RSAk) { if (der->keyOID == RSAk) {
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
@@ -2404,9 +2404,9 @@ int wc_CheckPrivateKey(byte* key, word32 keySz, DecodedCert* der)
#endif #endif
} }
else else
#endif /* NO_RSA */ #endif /* !NO_RSA && !NO_ASN_CRYPT */
#if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) #if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) && !defined(NO_ASN_CRYPT)
if (der->keyOID == ECDSAk) { if (der->keyOID == ECDSAk) {
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
ecc_key* key_pair = NULL; ecc_key* key_pair = NULL;
@@ -2469,9 +2469,9 @@ int wc_CheckPrivateKey(byte* key, word32 keySz, DecodedCert* der)
#endif #endif
} }
else else
#endif /* HAVE_ECC */ #endif /* HAVE_ECC && HAVE_ECC_KEY_EXPORT && !NO_ASN_CRYPT */
#ifdef HAVE_ED25519 #if defined(HAVE_ED25519) && !defined(NO_ASN_CRYPT)
if (der->keyOID == ED25519k) { if (der->keyOID == ED25519k) {
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
ed25519_key* key_pair = NULL; ed25519_key* key_pair = NULL;
@@ -2512,7 +2512,7 @@ int wc_CheckPrivateKey(byte* key, word32 keySz, DecodedCert* der)
#endif #endif
} }
else else
#endif #endif /* HAVE_ED25519 && !NO_ASN_CRYPT */
{ {
ret = 0; ret = 0;
} }
@@ -2624,7 +2624,7 @@ int wc_GetKeyOID(byte* key, word32 keySz, const byte** curveOID, word32* oidSz,
*algoID = 0; *algoID = 0;
#ifndef NO_RSA #if !defined(NO_RSA) && !defined(NO_ASN_CRYPT)
{ {
RsaKey rsa; RsaKey rsa;
@@ -2637,8 +2637,8 @@ int wc_GetKeyOID(byte* key, word32 keySz, const byte** curveOID, word32* oidSz,
} }
wc_FreeRsaKey(&rsa); wc_FreeRsaKey(&rsa);
} }
#endif /* NO_RSA */ #endif /* !NO_RSA && !NO_ASN_CRYPT */
#ifdef HAVE_ECC #if defined(HAVE_ECC) && !defined(NO_ASN_CRYPT)
if (*algoID == 0) { if (*algoID == 0) {
ecc_key ecc; ecc_key ecc;
@@ -2659,8 +2659,8 @@ int wc_GetKeyOID(byte* key, word32 keySz, const byte** curveOID, word32* oidSz,
} }
wc_ecc_free(&ecc); wc_ecc_free(&ecc);
} }
#endif /* HAVE_ECC */ #endif /* HAVE_ECC && !NO_ASN_CRYPT */
#ifdef HAVE_ED25519 #if defined(HAVE_ED25519) && !defined(NO_ASN_CRYPT)
if (*algoID != RSAk && *algoID != ECDSAk) { if (*algoID != RSAk && *algoID != ECDSAk) {
ed25519_key ed25519; ed25519_key ed25519;
@@ -2679,7 +2679,7 @@ int wc_GetKeyOID(byte* key, word32 keySz, const byte** curveOID, word32* oidSz,
WOLFSSL_MSG("GetKeyOID wc_ed25519_init failed"); WOLFSSL_MSG("GetKeyOID wc_ed25519_init failed");
} }
} }
#endif #endif /* HAVE_ED25519 && !NO_ASN_CRYPT */
/* if flag is not set then is neither RSA or ECC key that could be /* if flag is not set then is neither RSA or ECC key that could be
* found */ * found */
@@ -5382,6 +5382,7 @@ void FreeSignatureCtx(SignatureCtx* sigCtx)
sigCtx->plain = NULL; sigCtx->plain = NULL;
} }
#endif #endif
#ifndef NO_ASN_CRYPT
if (sigCtx->key.ptr) { if (sigCtx->key.ptr) {
switch (sigCtx->keyOID) { switch (sigCtx->keyOID) {
#ifndef NO_RSA #ifndef NO_RSA
@@ -5407,11 +5408,13 @@ void FreeSignatureCtx(SignatureCtx* sigCtx)
} /* switch (keyOID) */ } /* switch (keyOID) */
sigCtx->key.ptr = NULL; sigCtx->key.ptr = NULL;
} }
#endif
/* reset state, we are done */ /* reset state, we are done */
sigCtx->state = SIG_STATE_BEGIN; sigCtx->state = SIG_STATE_BEGIN;
} }
#ifndef NO_ASN_CRYPT
static int HashForSignature(const byte* buf, word32 bufSz, word32 sigOID, static int HashForSignature(const byte* buf, word32 bufSz, word32 sigOID,
byte* digest, int* typeH, int* digestSz, int verify) byte* digest, int* typeH, int* digestSz, int verify)
{ {
@@ -5498,6 +5501,7 @@ static int HashForSignature(const byte* buf, word32 bufSz, word32 sigOID,
return ret; return ret;
} }
#endif /* !NO_ASN_CRYPT */
/* Return codes: 0=Success, Negative (see error-crypt.h), ASN_SIG_CONFIRM_E */ /* Return codes: 0=Success, Negative (see error-crypt.h), ASN_SIG_CONFIRM_E */
static int ConfirmSignature(SignatureCtx* sigCtx, static int ConfirmSignature(SignatureCtx* sigCtx,
@@ -5519,6 +5523,7 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
WOLFSSL_ENTER("ConfirmSignature"); WOLFSSL_ENTER("ConfirmSignature");
#ifndef NO_ASN_CRYPT
switch (sigCtx->state) { switch (sigCtx->state) {
case SIG_STATE_BEGIN: case SIG_STATE_BEGIN:
{ {
@@ -5796,6 +5801,8 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
exit_cs: exit_cs:
#endif /* !NO_ASN_CRYPT */
WOLFSSL_LEAVE("ConfirmSignature", ret); WOLFSSL_LEAVE("ConfirmSignature", ret);
if (ret != WC_PENDING_E) { if (ret != WC_PENDING_E) {
@@ -9348,7 +9355,7 @@ static word32 SetUTF8String(word32 len, byte* output)
#endif /* WOLFSSL_CERT_REQ */ #endif /* WOLFSSL_CERT_REQ */
#endif /*WOLFSSL_CERT_GEN */ #endif /* WOLFSSL_CERT_GEN */
#if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) #if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT)
@@ -9482,7 +9489,7 @@ int wc_EccPublicKeyToDer(ecc_key* key, byte* output, word32 inLen,
return SetEccPublicKey(output, key, with_AlgCurve); return SetEccPublicKey(output, key, with_AlgCurve);
} }
#endif /* HAVE_ECC */ #endif /* HAVE_ECC && HAVE_ECC_KEY_EXPORT */
#if defined(HAVE_ED25519) && (defined(WOLFSSL_CERT_GEN) || \ #if defined(HAVE_ED25519) && (defined(WOLFSSL_CERT_GEN) || \
defined(WOLFSSL_KEY_GEN)) defined(WOLFSSL_KEY_GEN))
@@ -11769,7 +11776,7 @@ int wc_SetAuthKeyIdFromPublicKey(Cert *cert, RsaKey *rsakey, ecc_key *eckey)
} }
#ifndef NO_FILESYSTEM #if !defined(NO_FILESYSTEM) && !defined(NO_ASN_CRYPT)
/* Set SKID from public key file in PEM */ /* Set SKID from public key file in PEM */
int wc_SetSubjectKeyId(Cert *cert, const char* file) int wc_SetSubjectKeyId(Cert *cert, const char* file)
@@ -11869,7 +11876,7 @@ int wc_SetSubjectKeyId(Cert *cert, const char* file)
return ret; return ret;
} }
#endif /* NO_FILESYSTEM */ #endif /* !NO_FILESYSTEM && !NO_ASN_CRYPT */
/* Set AKID from certificate contains in buffer (DER encoded) */ /* Set AKID from certificate contains in buffer (DER encoded) */
int wc_SetAuthKeyIdFromCert(Cert *cert, const byte *der, int derSz) int wc_SetAuthKeyIdFromCert(Cert *cert, const byte *der, int derSz)
@@ -13015,7 +13022,7 @@ int wc_EccPublicKeyDecode(const byte* input, word32* inOutIdx,
return 0; return 0;
} }
#if defined(HAVE_ECC_KEY_EXPORT) #if defined(HAVE_ECC_KEY_EXPORT) && !defined(NO_ASN_CRYPT)
/* build DER formatted ECC key, include optional public key if requested, /* build DER formatted ECC key, include optional public key if requested,
* return length on success, negative on error */ * return length on success, negative on error */
static int wc_BuildEccKeyDer(ecc_key* key, byte* output, word32 inLen, static int wc_BuildEccKeyDer(ecc_key* key, byte* output, word32 inLen,
@@ -13133,7 +13140,7 @@ static int wc_BuildEccKeyDer(ecc_key* key, byte* output, word32 inLen,
return totalSz; return totalSz;
} }
#ifndef NO_ASN_CRYPT
/* Write a Private ecc key, including public to DER format, /* Write a Private ecc key, including public to DER format,
* length on success else < 0 */ * length on success else < 0 */
int wc_EccKeyToDer(ecc_key* key, byte* output, word32 inLen) int wc_EccKeyToDer(ecc_key* key, byte* output, word32 inLen)
@@ -13148,6 +13155,7 @@ int wc_EccPrivateKeyToDer(ecc_key* key, byte* output, word32 inLen)
{ {
return wc_BuildEccKeyDer(key, output, inLen, 0); return wc_BuildEccKeyDer(key, output, inLen, 0);
} }
#endif /* !NO_ASN_CRYPT */
/* Write only private ecc key to unencrypted PKCS#8 format. /* Write only private ecc key to unencrypted PKCS#8 format.
* *
@@ -14451,6 +14459,79 @@ int ParseCRL(DecodedCRL* dcrl, const byte* buff, word32 sz, void* cm)
#endif /* HAVE_CRL */ #endif /* HAVE_CRL */
#ifdef WOLFSSL_CERT_PIV
int wc_ParseCertPIV(wc_CertPIV* piv, const byte* buf, word32 totalSz)
{
int length = 0;
word32 idx = 0;
WOLFSSL_ENTER("wc_ParseCertPIV");
if (piv == NULL || buf == NULL || totalSz == 0)
return BAD_FUNC_ARG;
XMEMSET(piv, 0, sizeof(wc_CertPIV));
/* Certificate - Total Length (0A 82 05FA) */
if (GetASNHeader(buf, ASN_PIV_CERT, &idx, &length, totalSz) >= 0) {
/* Certificate Buffer (53 82 05F6) */
if (GetASNHeader(buf, ASN_APPLICATION | ASN_PRINTABLE_STRING, &idx,
&length, totalSz) < 0) {
return ASN_PARSE_E;
}
/* PIV Certificate (70 82 05ED) */
if (GetASNHeader(buf, ASN_PIV_TAG_CERT, &idx, &length,
totalSz) < 0) {
return ASN_PARSE_E;
}
/* Capture certificate buffer pointer and length */
piv->cert = &buf[idx];
piv->certSz = length;
idx += length;
/* PIV Certificate Info (71 01 00) */
if (GetASNHeader(buf, ASN_PIV_TAG_CERT_INFO, &idx, &length,
totalSz) >= 0) {
if (length >= 1) {
piv->compression = (buf[idx] & ASN_PIV_CERT_INFO_COMPRESSED);
piv->isX509 = (buf[idx] & ASN_PIV_CERT_INFO_ISX509);
}
idx += length;
}
/* PIV Error Detection (FE 00) */
if (GetASNHeader(buf, ASN_PIV_TAG_ERR_DET, &idx, &length,
totalSz) >= 0) {
piv->certErrDet = &buf[idx];
piv->certErrDetSz = length;
idx += length;
}
}
/* Nonce (0B 14) */
if (GetASNHeader(buf, ASN_PIV_NONCE, &idx, &length, totalSz) >= 0) {
piv->nonce = &buf[idx];
piv->nonceSz = length;
idx += length;
}
/* Signed Nonce (0C 82 0100) */
if (GetASNHeader(buf, ASN_PIV_SIGNED_NONCE, &idx, &length, totalSz) >= 0) {
piv->signedNonce = &buf[idx];
piv->signedNonceSz = length;
idx += length;
}
return 0;
}
#endif /* WOLFSSL_CERT_PIV */
#undef ERROR_OUT #undef ERROR_OUT
#endif /* !NO_ASN */ #endif /* !NO_ASN */

28
wolfcrypt/src/compress.c
View File

@@ -121,13 +121,26 @@ int wc_Compress(byte* out, word32 outSz, const byte* in, word32 inSz, word32 fla
} }
int wc_DeCompress(byte* out, word32 outSz, const byte* in, word32 inSz) /* windowBits:
* deflateInit() and inflateInit(), as well as deflateInit2() and inflateInit2()
with windowBits in 0..15 all process zlib-wrapped deflate data.
(See RFC 1950 and RFC 1951.)
* deflateInit2() and inflateInit2() with negative windowBits in -1..-15 process
raw deflate data with no header or trailer.
* deflateInit2() and inflateInit2() with windowBits in 16..31, i.e. 16
added to 0..15, process gzip-wrapped deflate data (RFC 1952).
* inflateInit2() with windowBits in 32..47 (32 added to 0..15) will
automatically detect either a gzip or zlib header (but not raw deflate
data), and decompress accordingly.
*/
int wc_DeCompress_ex(byte* out, word32 outSz, const byte* in, word32 inSz,
int windowBits)
/* /*
* out - pointer to destination buffer * out - pointer to destination buffer
* outSz - size of destination buffer * outSz - size of destination buffer
* in - pointer to source buffer to compress * in - pointer to source buffer to compress
* inSz - size of source to compress * inSz - size of source to compress
* flags - flags to control how compress operates * windowBits - flags to control how decompress operates
* *
* return: * return:
* negative - error code * negative - error code
@@ -150,10 +163,11 @@ int wc_DeCompress(byte* out, word32 outSz, const byte* in, word32 inSz)
stream.zfree = (free_func)myFree; stream.zfree = (free_func)myFree;
stream.opaque = (voidpf)0; stream.opaque = (voidpf)0;
if (inflateInit2(&stream, DEFLATE_DEFAULT_WINDOWBITS) != Z_OK) if (inflateInit2(&stream, windowBits) != Z_OK)
return DECOMPRESS_INIT_E; return DECOMPRESS_INIT_E;
if (inflate(&stream, Z_FINISH) != Z_STREAM_END) { result = inflate(&stream, Z_FINISH);
if (result != Z_STREAM_END) {
inflateEnd(&stream); inflateEnd(&stream);
return DECOMPRESS_E; return DECOMPRESS_E;
} }
@@ -167,5 +181,11 @@ int wc_DeCompress(byte* out, word32 outSz, const byte* in, word32 inSz)
} }
int wc_DeCompress(byte* out, word32 outSz, const byte* in, word32 inSz)
{
return wc_DeCompress_ex(out, outSz, in, inSz, DEFLATE_DEFAULT_WINDOWBITS);
}
#endif /* HAVE_LIBZ */ #endif /* HAVE_LIBZ */

9
wolfcrypt/src/cryptodev.c
View File

@@ -330,4 +330,13 @@ int wc_CryptoDev_AesGcmDecrypt(Aes* aes, byte* out,
} }
#endif /* !NO_AES && HAVE_AESGCM */ #endif /* !NO_AES && HAVE_AESGCM */
/* call to support callback for entire buffer hash */
int wc_CryptoDev_Sha256Hash(const byte* data, word32 len, byte* hash)
{
(void)data;
(void)len;
(void)hash;
return NOT_COMPILED_IN;
}
#endif /* WOLF_CRYPTO_DEV */ #endif /* WOLF_CRYPTO_DEV */

13
wolfcrypt/src/error.c
View File

@@ -483,10 +483,19 @@ const char* wc_GetErrorString(int error)
return "DH Check Private Key failure"; return "DH Check Private Key failure";
case WC_AFALG_SOCK_E: case WC_AFALG_SOCK_E:
return "AF_ALG socket error"; return "AF_ALG socket error";
case WC_DEVCRYPTO_E: case WC_DEVCRYPTO_E:
return "Error with /dev/crypto"; return "Error with /dev/crypto";
case ZLIB_INIT_ERROR:
return "zlib init error";
case ZLIB_COMPRESS_ERROR:
return "zlib compress error";
case ZLIB_DECOMPRESS_ERROR:
return "zlib decompress error";
default: default:
return "unknown error number"; return "unknown error number";

2
wolfcrypt/src/tfm.c
View File

@@ -2324,7 +2324,7 @@ int fp_to_unsigned_bin(fp_int *a, unsigned char *b)
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
XFREE(t, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(t, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif #endif
return FP_OKAY; return FP_OKAY;
} }
int fp_unsigned_bin_size(fp_int *a) int fp_unsigned_bin_size(fp_int *a)

3
wolfssl/error-ssl.h
View File

@@ -66,9 +66,6 @@ enum wolfSSL_ErrorCodes {
CLIENT_ID_ERROR = -331, /* psk client identity error */ CLIENT_ID_ERROR = -331, /* psk client identity error */
SERVER_HINT_ERROR = -332, /* psk server hint error */ SERVER_HINT_ERROR = -332, /* psk server hint error */
PSK_KEY_ERROR = -333, /* psk key error */ PSK_KEY_ERROR = -333, /* psk key error */
ZLIB_INIT_ERROR = -334, /* zlib init error */
ZLIB_COMPRESS_ERROR = -335, /* zlib compression error */
ZLIB_DECOMPRESS_ERROR = -336, /* zlib decompression error */
GETTIME_ERROR = -337, /* gettimeofday failed ??? */ GETTIME_ERROR = -337, /* gettimeofday failed ??? */
GETITIMER_ERROR = -338, /* getitimer failed ??? */ GETITIMER_ERROR = -338, /* getitimer failed ??? */

39
wolfssl/wolfcrypt/asn.h
View File

@@ -58,6 +58,9 @@
#include <wolfssl/wolfcrypt/sha256.h> #include <wolfssl/wolfcrypt/sha256.h>
#include <wolfssl/wolfcrypt/asn_public.h> /* public interface */ #include <wolfssl/wolfcrypt/asn_public.h> /* public interface */
#if defined(NO_SHA) && defined(NO_SHA256)
#define WC_SHA256_DIGEST_SIZE 32
#endif
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
@@ -85,6 +88,7 @@ enum ASN_Tags {
ASN_UTF8STRING = 0x0c, ASN_UTF8STRING = 0x0c,
ASN_SEQUENCE = 0x10, ASN_SEQUENCE = 0x10,
ASN_SET = 0x11, ASN_SET = 0x11,
ASN_PRINTABLE_STRING = 0x13,
ASN_UTC_TIME = 0x17, ASN_UTC_TIME = 0x17,
ASN_OTHER_TYPE = 0x00, ASN_OTHER_TYPE = 0x00,
ASN_RFC822_TYPE = 0x01, ASN_RFC822_TYPE = 0x01,
@@ -99,6 +103,7 @@ enum ASN_Tags {
/* ASN_Flags - Bitmask */ /* ASN_Flags - Bitmask */
ASN_CONSTRUCTED = 0x20, ASN_CONSTRUCTED = 0x20,
ASN_APPLICATION = 0x40,
ASN_CONTEXT_SPECIFIC = 0x80, ASN_CONTEXT_SPECIFIC = 0x80,
}; };
@@ -137,7 +142,7 @@ enum DN_Tags {
#define WOLFSSL_BUS_CAT "/businessCategory=" #define WOLFSSL_BUS_CAT "/businessCategory="
#define WOLFSSL_JOI_C "/jurisdictionC=" #define WOLFSSL_JOI_C "/jurisdictionC="
#define WOLFSSL_JOI_ST "/jurisdictionST=" #define WOLFSSL_JOI_ST "/jurisdictionST="
#define WOLFSSL_EMAIL_ADDR "/emailAddress=" #define WOLFSSL_EMAIL_ADDR "/emailAddress="
/* NIDs */ /* NIDs */
enum enum
@@ -186,6 +191,24 @@ enum ECC_TYPES
ECC_PREFIX_1 = 161 ECC_PREFIX_1 = 161
}; };
#ifdef WOLFSSL_CERT_PIV
enum PIV_Tags {
ASN_PIV_CERT = 0x0A,
ASN_PIV_NONCE = 0x0B,
ASN_PIV_SIGNED_NONCE = 0x0C,
ASN_PIV_TAG_CERT = 0x70,
ASN_PIV_TAG_CERT_INFO = 0x71,
ASN_PIV_TAG_MSCUID = 0x72,
ASN_PIV_TAG_ERR_DET = 0xFE,
/* certificate info masks */
ASN_PIV_CERT_INFO_COMPRESSED = 0x03,
ASN_PIV_CERT_INFO_ISX509 = 0x04,
};
#endif /* WOLFSSL_CERT_PIV */
#define ASN_JOI_PREFIX "\x2b\x06\x01\x04\x01\x82\x37\x3c\x02\x01" #define ASN_JOI_PREFIX "\x2b\x06\x01\x04\x01\x82\x37\x3c\x02\x01"
#define ASN_JOI_C 0x3 #define ASN_JOI_C 0x3
#define ASN_JOI_ST 0x2 #define ASN_JOI_ST 0x2
@@ -896,11 +919,17 @@ struct TrustedPeerCert {
#define WOLFSSL_ASN_API WOLFSSL_LOCAL #define WOLFSSL_ASN_API WOLFSSL_LOCAL
#endif #endif
/* Macro for calculating hashId */
#ifdef NO_SHA #if defined(NO_SHA) && defined(NO_SHA256)
#define CalcHashId(data, len, hash) wc_Sha256Hash(data, len, hash) #ifdef WOLF_CRYPTO_DEV
#define CalcHashId(data, len, hash) wc_CryptoDevSha256Hash(data, len, hash)
#else
#define CalcHashId(data, len, hash) NOT_COMPILED_IN
#endif
#elif defined(NO_SHA)
#define CalcHashId(data, len, hash) wc_Sha256Hash(data, len, hash)
#else #else
#define CalcHashId(data, len, hash) wc_ShaHash(data, len, hash) #define CalcHashId(data, len, hash) wc_ShaHash(data, len, hash)
#endif #endif

21
wolfssl/wolfcrypt/asn_public.h
View File

@@ -479,6 +479,27 @@ WOLFSSL_API int wc_GetTime(void* timePtr, word32 timeSize);
#endif #endif
#ifdef WOLFSSL_CERT_PIV
typedef struct _wc_CertPIV {
const byte* cert;
word32 certSz;
const byte* certErrDet;
word32 certErrDetSz;
const byte* nonce;
word32 nonceSz;
const byte* signedNonce;
word32 signedNonceSz;
/* flags */
word16 compression:2;
word16 isX509:1;
} wc_CertPIV;
WOLFSSL_API int wc_ParseCertPIV(wc_CertPIV* cert, const byte* buf, word32 totalSz);
#endif /* WOLFSSL_CERT_PIV */
#ifdef __cplusplus #ifdef __cplusplus
} /* extern "C" */ } /* extern "C" */
#endif #endif

5
wolfssl/wolfcrypt/compress.h
View File

@@ -38,10 +38,13 @@
#define COMPRESS_FIXED 1 #define COMPRESS_FIXED 1
#define LIBZ_WINBITS_GZIP 16
WOLFSSL_API int wc_Compress(byte*, word32, const byte*, word32, word32); WOLFSSL_API int wc_Compress(byte*, word32, const byte*, word32, word32);
WOLFSSL_API int wc_DeCompress(byte*, word32, const byte*, word32); WOLFSSL_API int wc_DeCompress(byte*, word32, const byte*, word32);
WOLFSSL_API int wc_DeCompress_ex(byte* out, word32 outSz, const byte* in,
word32 inSz, int windowBits);
#ifdef __cplusplus #ifdef __cplusplus
} /* extern "C" */ } /* extern "C" */

2
wolfssl/wolfcrypt/cryptodev.h
View File

@@ -175,6 +175,8 @@ WOLFSSL_LOCAL int wc_CryptoDev_AesGcmDecrypt(Aes* aes, byte* out,
#endif /* !NO_AES && HAVE_AESGCM */ #endif /* !NO_AES && HAVE_AESGCM */
WOLFSSL_LOCAL int wc_CryptoDev_Sha256Hash(const byte* data, word32 len, byte* hash);
#endif /* WOLF_CRYPTO_DEV */ #endif /* WOLF_CRYPTO_DEV */
#ifdef __cplusplus #ifdef __cplusplus

6
wolfssl/wolfcrypt/error-crypt.h
View File

@@ -216,7 +216,11 @@ enum {
WC_AFALG_SOCK_E = -264, /* AF_ALG socket error */ WC_AFALG_SOCK_E = -264, /* AF_ALG socket error */
WC_DEVCRYPTO_E = -265, /* /dev/crypto error */ WC_DEVCRYPTO_E = -265, /* /dev/crypto error */
WC_LAST_E = -265, /* Update this to indicate last error */ ZLIB_INIT_ERROR = -266, /* zlib init error */
ZLIB_COMPRESS_ERROR = -267, /* zlib compression error */
ZLIB_DECOMPRESS_ERROR = -268, /* zlib decompression error */
WC_LAST_E = -268, /* Update this to indicate last error */
MIN_CODE_E = -300 /* errors -101 - -299 */ MIN_CODE_E = -300 /* errors -101 - -299 */
/* add new companion error id strings for any new error codes /* add new companion error id strings for any new error codes