diff --git a/.gitignore b/.gitignore
index e712a00ef..dfedec021 100644
--- a/.gitignore
+++ b/.gitignore
@@ -78,6 +78,7 @@ pkcs7signedData.der
pkcs7envelopedData.der
diff
sslSniffer/sslSnifferTest/tracefile.txt
+tracefile.txt
*.gz
*.zip
*.bak
diff --git a/IDE/IAR-EWARM/Projects/CyaSSL-Lib/CyaSSL-Lib.eww b/IDE/IAR-EWARM/Projects/CyaSSL-Lib/CyaSSL-Lib.eww
deleted file mode 100644
index 9702cae02..000000000
--- a/IDE/IAR-EWARM/Projects/CyaSSL-Lib/CyaSSL-Lib.eww
+++ /dev/null
@@ -1,16 +0,0 @@
-
-
-
-
- $WS_DIR$\CyaSSL-Lib.ewp
-
-
- $WS_DIR$\wolfCrypt-benchmark.ewp
-
-
- $WS_DIR$\wolfCrypt-test.ewp
-
-
-
-
-
diff --git a/IDE/IAR-EWARM/Projects/CyaSSL-Lib/wolfCrypt-benchmark.ewp b/IDE/IAR-EWARM/Projects/CyaSSL-Lib/wolfCrypt-benchmark.ewp
deleted file mode 100644
index d61e0a0e9..000000000
--- a/IDE/IAR-EWARM/Projects/CyaSSL-Lib/wolfCrypt-benchmark.ewp
+++ /dev/null
@@ -1,1877 +0,0 @@
-
-
-
- 2
-
- Debug
-
- ARM
-
- 1
-
- General
- 3
-
- 22
- 1
- 1
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- ICCARM
- 2
-
- 29
- 1
- 1
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- AARM
- 2
-
- 9
- 1
- 1
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- OBJCOPY
- 0
-
- 1
- 1
- 1
-
-
-
-
-
-
-
-
- CUSTOM
- 3
-
-
-
-
-
-
- BICOMP
- 0
-
-
-
- BUILDACTION
- 1
-
-
-
-
-
-
- ILINK
- 0
-
- 16
- 1
- 1
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- IARCHIVE
- 0
-
- 0
- 1
- 1
-
-
-
-
-
-
- BILINK
- 0
-
-
-
-
- Release
-
- ARM
-
- 0
-
- General
- 3
-
- 22
- 1
- 0
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- ICCARM
- 2
-
- 29
- 1
- 0
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- AARM
- 2
-
- 9
- 1
- 0
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- OBJCOPY
- 0
-
- 1
- 1
- 0
-
-
-
-
-
-
-
-
- CUSTOM
- 3
-
-
-
-
-
-
- BICOMP
- 0
-
-
-
- BUILDACTION
- 1
-
-
-
-
-
-
- ILINK
- 0
-
- 16
- 1
- 0
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- IARCHIVE
- 0
-
- 0
- 1
- 0
-
-
-
-
-
-
- BILINK
- 0
-
-
-
-
- $PROJ_DIR$\benchmark-main.c
-
-
- $PROJ_DIR$\..\..\..\..\ctaocrypt\benchmark\benchmark.c
-
-
-
-
diff --git a/IDE/IAR-EWARM/Projects/CyaSSL-Lib/wolfCrypt-benchmark.icf b/IDE/IAR-EWARM/Projects/CyaSSL-Lib/wolfCrypt-benchmark.icf
deleted file mode 100644
index a4ab009ee..000000000
--- a/IDE/IAR-EWARM/Projects/CyaSSL-Lib/wolfCrypt-benchmark.icf
+++ /dev/null
@@ -1,32 +0,0 @@
-/*###ICF### Section handled by ICF editor, don't touch! ****/
-/*-Editor annotation file-*/
-/* IcfEditorFile="$TOOLKIT_DIR$\config\ide\IcfEditor\cortex_v1_0.xml" */
-/*-Specials-*/
-define symbol __ICFEDIT_intvec_start__ = 0x00000000;
-/*-Memory Regions-*/
-define symbol __ICFEDIT_region_ROM_start__ = 0x00000000;
-define symbol __ICFEDIT_region_ROM_end__ = 0x0007FFFF;
-define symbol __ICFEDIT_region_RAM_start__ = 0x20000000;
-define symbol __ICFEDIT_region_RAM_end__ = 0x2000FFFF;
-/*-Sizes-*/
-define symbol __ICFEDIT_size_cstack__ = 0x2000;
-define symbol __ICFEDIT_size_heap__ = 0x2000;
-/**** End of ICF editor section. ###ICF###*/
-
-
-define memory mem with size = 4G;
-define region ROM_region = mem:[from __ICFEDIT_region_ROM_start__ to __ICFEDIT_region_ROM_end__];
-define region RAM_region = mem:[from __ICFEDIT_region_RAM_start__ to __ICFEDIT_region_RAM_end__];
-
-define block CSTACK with alignment = 8, size = __ICFEDIT_size_cstack__ { };
-define block HEAP with alignment = 8, size = __ICFEDIT_size_heap__ { };
-
-initialize by copy { readwrite };
-//initialize by copy with packing = none { section __DLIB_PERTHREAD }; // Required in a multi-threaded application
-do not initialize { section .noinit };
-
-place at address mem:__ICFEDIT_intvec_start__ { readonly section .intvec };
-
-place in ROM_region { readonly };
-place in RAM_region { readwrite,
- block CSTACK, block HEAP };
\ No newline at end of file
diff --git a/IDE/IAR-EWARM/Projects/CyaSSL-Lib/wolfCrypt-test.ewp b/IDE/IAR-EWARM/Projects/CyaSSL-Lib/wolfCrypt-test.ewp
deleted file mode 100644
index 60e146e43..000000000
--- a/IDE/IAR-EWARM/Projects/CyaSSL-Lib/wolfCrypt-test.ewp
+++ /dev/null
@@ -1,1877 +0,0 @@
-
-
-
- 2
-
- Debug
-
- ARM
-
- 1
-
- General
- 3
-
- 22
- 1
- 1
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- ICCARM
- 2
-
- 29
- 1
- 1
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- AARM
- 2
-
- 9
- 1
- 1
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- OBJCOPY
- 0
-
- 1
- 1
- 1
-
-
-
-
-
-
-
-
- CUSTOM
- 3
-
-
-
-
-
-
- BICOMP
- 0
-
-
-
- BUILDACTION
- 1
-
-
-
-
-
-
- ILINK
- 0
-
- 16
- 1
- 1
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- IARCHIVE
- 0
-
- 0
- 1
- 1
-
-
-
-
-
-
- BILINK
- 0
-
-
-
-
- Release
-
- ARM
-
- 0
-
- General
- 3
-
- 22
- 1
- 0
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- ICCARM
- 2
-
- 29
- 1
- 0
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- AARM
- 2
-
- 9
- 1
- 0
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- OBJCOPY
- 0
-
- 1
- 1
- 0
-
-
-
-
-
-
-
-
- CUSTOM
- 3
-
-
-
-
-
-
- BICOMP
- 0
-
-
-
- BUILDACTION
- 1
-
-
-
-
-
-
- ILINK
- 0
-
- 16
- 1
- 0
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- IARCHIVE
- 0
-
- 0
- 1
- 0
-
-
-
-
-
-
- BILINK
- 0
-
-
-
-
- $PROJ_DIR$\test-main.c
-
-
- $PROJ_DIR$\..\..\..\..\ctaocrypt\test\test.c
-
-
-
-
diff --git a/IDE/IAR-EWARM/Projects/CyaSSL-Lib/wolfCrypt-test.icf b/IDE/IAR-EWARM/Projects/CyaSSL-Lib/wolfCrypt-test.icf
deleted file mode 100644
index 211d253d4..000000000
--- a/IDE/IAR-EWARM/Projects/CyaSSL-Lib/wolfCrypt-test.icf
+++ /dev/null
@@ -1,31 +0,0 @@
-/*###ICF### Section handled by ICF editor, don't touch! ****/
-/*-Editor annotation file-*/
-/* IcfEditorFile="$TOOLKIT_DIR$\config\ide\IcfEditor\cortex_v1_0.xml" */
-/*-Specials-*/
-define symbol __ICFEDIT_intvec_start__ = 0x0;
-/*-Memory Regions-*/
-define symbol __ICFEDIT_region_ROM_start__ = 0x0;
-define symbol __ICFEDIT_region_ROM_end__ = 0x000FFFFF;
-define symbol __ICFEDIT_region_RAM_start__ = 0x1FFF0000;
-define symbol __ICFEDIT_region_RAM_end__ = 0x2000FFFF;
-/*-Sizes-*/
-define symbol __ICFEDIT_size_cstack__ = 0x2000;
-define symbol __ICFEDIT_size_heap__ = 0x3000;
-/**** End of ICF editor section. ###ICF###*/
-
-
-define memory mem with size = 4G;
-define region ROM_region = mem:[from __ICFEDIT_region_ROM_start__ to __ICFEDIT_region_ROM_end__];
-define region RAM_region = mem:[from __ICFEDIT_region_RAM_start__ to __ICFEDIT_region_RAM_end__];
-
-define block CSTACK with alignment = 8, size = __ICFEDIT_size_cstack__ { };
-define block HEAP with alignment = 8, size = __ICFEDIT_size_heap__ { };
-
-initialize by copy { readwrite };
-do not initialize { section .noinit };
-
-place at address mem:__ICFEDIT_intvec_start__ { readonly section .intvec };
-
-place in ROM_region { readonly };
-place in RAM_region { readwrite,
- block CSTACK, block HEAP };
\ No newline at end of file
diff --git a/IDE/IAR-EWARM/Projects/CyaSSL-Lib/benchmark-main.c b/IDE/IAR-EWARM/Projects/benchmark/benchmark-main.c
similarity index 88%
rename from IDE/IAR-EWARM/Projects/CyaSSL-Lib/benchmark-main.c
rename to IDE/IAR-EWARM/Projects/benchmark/benchmark-main.c
index 113fc4d23..d8f559d4c 100644
--- a/IDE/IAR-EWARM/Projects/CyaSSL-Lib/benchmark-main.c
+++ b/IDE/IAR-EWARM/Projects/benchmark/benchmark-main.c
@@ -19,7 +19,11 @@
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
-#include "stdio.h"
+#ifdef HAVE_CONFIG_H
+ #include
+#endif
+
+#include
typedef struct func_args {
int argc;
@@ -29,6 +33,7 @@ typedef struct func_args {
func_args args = { 0 } ;
+extern double current_time(int reset) ;
extern int benchmark_test(void *args) ;
main(void) {
@@ -37,4 +42,3 @@ main(void) {
}
-
diff --git a/IDE/IAR-EWARM/Projects/benchmark/current_time.c b/IDE/IAR-EWARM/Projects/benchmark/current_time.c
new file mode 100644
index 000000000..9a21fd740
--- /dev/null
+++ b/IDE/IAR-EWARM/Projects/benchmark/current_time.c
@@ -0,0 +1,66 @@
+/* current-time.c
+ *
+ * Copyright (C) 2006-2015 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL. (formerly known as CyaSSL)
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+ #include
+#endif
+
+#include
+
+#ifdef WOLFSSL_TI_CURRTIME
+#include
+#include
+#include
+
+#include "inc/hw_ints.h"
+#include "inc/hw_memmap.h"
+#include "inc/hw_timer.h"
+#include "driverlib/rom.h"
+#include "driverlib/sysctl.h"
+#include "driverlib/timer.h"
+
+void InitTimer(void) {
+ uint32_t ui32SysClock = ROM_SysCtlClockFreqSet((SYSCTL_XTAL_25MHZ |
+ SYSCTL_OSC_MAIN |
+ SYSCTL_USE_PLL |
+ SYSCTL_CFG_VCO_480), 120000000);
+
+ printf("Clock=%dMHz\n", ui32SysClock/1000000) ;
+ ROM_SysCtlPeripheralEnable(SYSCTL_PERIPH_TIMER0);
+ ROM_TimerConfigure(TIMER0_BASE, TIMER_CFG_PERIODIC);
+ ROM_TimerLoadSet(TIMER0_BASE, TIMER_A, -1);
+ ROM_TimerEnable(TIMER0_BASE, TIMER_A);
+}
+
+static int initFlag = false ;
+double current_time(int reset)
+{
+ if(!initFlag)InitTimer() ;
+ initFlag = true ;
+ if(reset)ROM_TimerLoadSet(TIMER0_BASE, TIMER_A, -1);
+ return (double)(-(int)ROM_TimerValueGet(TIMER0_BASE, TIMER_A ))/120000000.0 ;
+}
+
+#else
+
+double current_time(int reset) { return 0.0 ; }
+
+#endif
\ No newline at end of file
diff --git a/IDE/IAR-EWARM/Projects/CyaSSL-Lib/wolfCrypt-benchmark.ewd b/IDE/IAR-EWARM/Projects/benchmark/wolfCrypt-benchmark.ewd
similarity index 50%
rename from IDE/IAR-EWARM/Projects/CyaSSL-Lib/wolfCrypt-benchmark.ewd
rename to IDE/IAR-EWARM/Projects/benchmark/wolfCrypt-benchmark.ewd
index 0bf90e8eb..3f908a2d3 100644
--- a/IDE/IAR-EWARM/Projects/CyaSSL-Lib/wolfCrypt-benchmark.ewd
+++ b/IDE/IAR-EWARM/Projects/benchmark/wolfCrypt-benchmark.ewd
@@ -12,7 +12,7 @@
C-SPY
2
- 25
+ 26
1
1
+
+
+
+
+
+
@@ -245,7 +269,7 @@
@@ -421,7 +469,7 @@
-
-
-
- IARROM_ID
- 2
-
- 1
- 1
- 1
-
-
-
-
-
-
-
-
- IJET_ID
- 2
-
- 2
- 1
- 1
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- JLINK_ID
- 2
-
- 15
- 1
- 1
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- LMIFTDI_ID
- 2
-
- 2
- 1
- 1
-
-
-
-
-
-
-
-
-
- MACRAIGOR_ID
- 2
-
- 3
- 1
- 1
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- PEMICRO_ID
- 2
-
- 1
- 1
- 1
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- RDI_ID
- 2
-
- 2
- 1
- 1
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- STLINK_ID
- 2
-
- 2
- 1
- 1
-
-
-
-
-
-
-
-
-
-
- THIRDPARTY_ID
- 2
-
- 0
- 1
- 1
-
-
-
-
-
-
-
- XDS100_ID
- 2
-
- 2
- 1
- 1
-
-
-
-
-
-
-
-
-
-
-
-
- $TOOLKIT_DIR$\plugins\middleware\HCCWare\HCCWare.ewplugin
- 0
-
-
- $TOOLKIT_DIR$\plugins\rtos\AVIX\AVIX.ENU.ewplugin
- 0
-
-
- $TOOLKIT_DIR$\plugins\rtos\CMX\CmxArmPlugin.ENU.ewplugin
- 0
-
-
- $TOOLKIT_DIR$\plugins\rtos\CMX\CmxTinyArmPlugin.ENU.ewplugin
- 0
-
-
- $TOOLKIT_DIR$\plugins\rtos\embOS\embOSPlugin.ewplugin
- 0
-
-
- $TOOLKIT_DIR$\plugins\rtos\MQX\MQXRtosPlugin.ewplugin
- 0
-
-
- $TOOLKIT_DIR$\plugins\rtos\OpenRTOS\OpenRTOSPlugin.ewplugin
- 0
-
-
- $TOOLKIT_DIR$\plugins\rtos\PowerPac\PowerPacRTOS.ewplugin
- 0
-
-
- $TOOLKIT_DIR$\plugins\rtos\Quadros\Quadros_EWB6_Plugin.ewplugin
- 0
-
-
- $TOOLKIT_DIR$\plugins\rtos\SafeRTOS\SafeRTOSPlugin.ewplugin
- 0
-
-
- $TOOLKIT_DIR$\plugins\rtos\ThreadX\ThreadXArmPlugin.ENU.ewplugin
- 0
-
-
- $TOOLKIT_DIR$\plugins\rtos\uCOS-II\uCOS-II-286-KA-CSpy.ewplugin
- 0
-
-
- $TOOLKIT_DIR$\plugins\rtos\uCOS-II\uCOS-II-KA-CSpy.ewplugin
- 0
-
-
- $TOOLKIT_DIR$\plugins\rtos\uCOS-III\uCOS-III-KA-CSpy.ewplugin
- 0
-
-
- $EW_DIR$\common\plugins\CodeCoverage\CodeCoverage.ENU.ewplugin
- 1
-
-
- $EW_DIR$\common\plugins\Orti\Orti.ENU.ewplugin
- 0
-
-
- $EW_DIR$\common\plugins\SymList\SymList.ENU.ewplugin
- 1
-
-
- $EW_DIR$\common\plugins\uCProbe\uCProbePlugin.ENU.ewplugin
- 0
-
-
-
-
- Release
-
- ARM
-
- 0
-
- C-SPY
- 2
-
- 25
- 1
- 0
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- ARMSIM_ID
- 2
-
- 1
- 1
- 0
-
-
-
-
-
-
-
- ANGEL_ID
- 2
-
- 0
- 1
- 0
-
-
-
-
-
-
-
-
-
-
-
- CMSISDAP_ID
- 2
-
- 0
- 1
- 0
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- GDBSERVER_ID
- 2
-
- 0
- 1
- 0
-
-
-
-
-
-
-
@@ -1740,14 +491,14 @@
1
1
- 0
+ 1
@@ -1971,7 +744,7 @@
15
1
- 0
+ 1
@@ -257,7 +281,7 @@
CMSISDAP_ID
2
- 0
+ 2
1
1
+
+
+
+
+
+
@@ -472,7 +520,7 @@
IJET_ID
2
- 2
+ 3
1
1
+
@@ -677,7 +729,7 @@
1
@@ -1554,7 +1626,7 @@
CMSISDAP_ID
2
- 0
+ 2
1
0
+
+
+
+
+
+
@@ -1769,7 +1865,7 @@
IJET_ID
2
- 2
+ 3
1
0
+
@@ -1974,7 +2074,7 @@
0
@@ -602,6 +616,7 @@
+ 0
@@ -924,7 +939,7 @@
@@ -961,7 +976,7 @@
- CyaSSL
+ Config
+
+ $PROJ_DIR$\..\..\..\..\wolfssl\wolfcrypt\settings.h
+
+
+ $PROJ_DIR$\..\user_settings.h
+
+
+
+ wolfCrypt
+
+ $PROJ_DIR$\..\..\..\..\wolfcrypt\src\aes.c
+
+
+ $PROJ_DIR$\..\..\..\..\wolfcrypt\src\arc4.c
+
+
+ $PROJ_DIR$\..\..\..\..\wolfcrypt\src\asm.c
+
+
+ $PROJ_DIR$\..\..\..\..\wolfcrypt\src\asn.c
+
+
+ $PROJ_DIR$\..\..\..\..\wolfcrypt\src\blake2b.c
+
+
+ $PROJ_DIR$\..\..\..\..\wolfcrypt\src\camellia.c
+
+
+ $PROJ_DIR$\..\..\..\..\wolfcrypt\src\chacha.c
+
+
+ $PROJ_DIR$\..\..\..\..\wolfcrypt\src\chacha20_poly1305.c
+
+
+ $PROJ_DIR$\..\..\..\..\wolfcrypt\src\coding.c
+
+
+ $PROJ_DIR$\..\..\..\..\wolfcrypt\src\compress.c
+
+
+ $PROJ_DIR$\..\..\..\..\wolfcrypt\src\curve25519.c
+
+
+ $PROJ_DIR$\..\..\..\..\wolfcrypt\src\des3.c
+
+
+ $PROJ_DIR$\..\..\..\..\wolfcrypt\src\dh.c
+
+
+ $PROJ_DIR$\..\..\..\..\wolfcrypt\src\dsa.c
+
+
+ $PROJ_DIR$\..\..\..\..\wolfcrypt\src\ecc.c
+
+
+ $PROJ_DIR$\..\..\..\..\wolfcrypt\src\ecc_fp.c
+
+
+ $PROJ_DIR$\..\..\..\..\wolfcrypt\src\ed25519.c
+
+
+ $PROJ_DIR$\..\..\..\..\wolfcrypt\src\error.c
+
+
+ $PROJ_DIR$\..\..\..\..\wolfcrypt\src\fe_low_mem.c
+
+
+ $PROJ_DIR$\..\..\..\..\wolfcrypt\src\fe_operations.c
+
+
+ $PROJ_DIR$\..\..\..\..\wolfcrypt\src\ge_low_mem.c
+
+
+ $PROJ_DIR$\..\..\..\..\wolfcrypt\src\ge_operations.c
+
+
+ $PROJ_DIR$\..\..\..\..\wolfcrypt\src\hash.c
+
+
+ $PROJ_DIR$\..\..\..\..\wolfcrypt\src\hc128.c
+
+
+ $PROJ_DIR$\..\..\..\..\wolfcrypt\src\hmac.c
+
+
+ $PROJ_DIR$\..\..\..\..\wolfcrypt\src\integer.c
+
+
+ $PROJ_DIR$\..\..\..\..\wolfcrypt\src\logging.c
+
+
+ $PROJ_DIR$\..\..\..\..\wolfcrypt\src\md2.c
+
+
+ $PROJ_DIR$\..\..\..\..\wolfcrypt\src\md4.c
+
+
+ $PROJ_DIR$\..\..\..\..\wolfcrypt\src\md5.c
+
+
+ $PROJ_DIR$\..\..\..\..\wolfcrypt\src\memory.c
+
+
+ $PROJ_DIR$\..\..\..\..\wolfcrypt\src\misc.c
+
+
+ $PROJ_DIR$\..\..\..\..\wolfcrypt\src\pkcs7.c
+
+
+ $PROJ_DIR$\..\..\..\..\wolfcrypt\src\poly1305.c
+
+
+ $PROJ_DIR$\..\..\..\..\wolfcrypt\src\pwdbased.c
+
+
+ $PROJ_DIR$\..\..\..\..\wolfcrypt\src\rabbit.c
+
+
+ $PROJ_DIR$\..\..\..\..\wolfcrypt\src\random.c
+
+
+ $PROJ_DIR$\..\..\..\..\wolfcrypt\src\ripemd.c
+
+
+ $PROJ_DIR$\..\..\..\..\wolfcrypt\src\rsa.c
+
+
+ $PROJ_DIR$\..\..\..\..\wolfcrypt\src\sha.c
+
+
+ $PROJ_DIR$\..\..\..\..\wolfcrypt\src\sha256.c
+
+
+ $PROJ_DIR$\..\..\..\..\wolfcrypt\src\sha512.c
+
+
+ $PROJ_DIR$\..\..\..\..\wolfcrypt\src\srp.c
+
+
+ $PROJ_DIR$\..\..\..\..\wolfcrypt\src\tfm.c
+
+
+ $PROJ_DIR$\..\..\..\..\wolfcrypt\src\wc_encrypt.c
+
+
+ $PROJ_DIR$\..\..\..\..\wolfcrypt\src\wc_port.c
+
+
+
+ wolfSSL
$PROJ_DIR$\..\..\..\..\src\crl.c
@@ -1893,108 +2068,6 @@
$PROJ_DIR$\..\..\..\..\src\tls.c
-
- wolfCrypt
-
- $PROJ_DIR$\..\..\..\..\ctaocrypt\src\aes.c
-
-
- $PROJ_DIR$\..\..\..\..\ctaocrypt\src\arc4.c
-
-
- $PROJ_DIR$\..\..\..\..\ctaocrypt\src\asm.c
-
-
- $PROJ_DIR$\..\..\..\..\ctaocrypt\src\asn.c
-
-
- $PROJ_DIR$\..\..\..\..\ctaocrypt\src\blake2b.c
-
-
- $PROJ_DIR$\..\..\..\..\ctaocrypt\src\camellia.c
-
-
- $PROJ_DIR$\..\..\..\..\ctaocrypt\src\coding.c
-
-
- $PROJ_DIR$\..\..\..\..\ctaocrypt\src\compress.c
-
-
- $PROJ_DIR$\..\..\..\..\ctaocrypt\src\des3.c
-
-
- $PROJ_DIR$\..\..\..\..\ctaocrypt\src\dh.c
-
-
- $PROJ_DIR$\..\..\..\..\ctaocrypt\src\dsa.c
-
-
- $PROJ_DIR$\..\..\..\..\ctaocrypt\src\ecc.c
-
-
- $PROJ_DIR$\..\..\..\..\ctaocrypt\src\ecc_fp.c
-
-
- $PROJ_DIR$\..\..\..\..\ctaocrypt\src\error.c
-
-
- $PROJ_DIR$\..\..\..\..\ctaocrypt\src\hc128.c
-
-
- $PROJ_DIR$\..\..\..\..\ctaocrypt\src\hmac.c
-
-
- $PROJ_DIR$\..\..\..\..\ctaocrypt\src\integer.c
-
-
- $PROJ_DIR$\..\..\..\..\ctaocrypt\src\logging.c
-
-
- $PROJ_DIR$\..\..\..\..\ctaocrypt\src\md2.c
-
-
- $PROJ_DIR$\..\..\..\..\ctaocrypt\src\md4.c
-
-
- $PROJ_DIR$\..\..\..\..\ctaocrypt\src\md5.c
-
-
- $PROJ_DIR$\..\..\..\..\ctaocrypt\src\memory.c
-
-
- $PROJ_DIR$\..\..\..\..\ctaocrypt\src\misc.c
-
-
- $PROJ_DIR$\..\..\..\..\ctaocrypt\src\wc_port.c
-
-
- $PROJ_DIR$\..\..\..\..\ctaocrypt\src\pwdbased.c
-
-
- $PROJ_DIR$\..\..\..\..\ctaocrypt\src\rabbit.c
-
-
- $PROJ_DIR$\..\..\..\..\ctaocrypt\src\random.c
-
-
- $PROJ_DIR$\..\..\..\..\ctaocrypt\src\ripemd.c
-
-
- $PROJ_DIR$\..\..\..\..\ctaocrypt\src\rsa.c
-
-
- $PROJ_DIR$\..\..\..\..\ctaocrypt\src\sha.c
-
-
- $PROJ_DIR$\..\..\..\..\ctaocrypt\src\sha256.c
-
-
- $PROJ_DIR$\..\..\..\..\ctaocrypt\src\sha512.c
-
-
- $PROJ_DIR$\..\..\..\..\ctaocrypt\src\tfm.c
-
-
diff --git a/IDE/IAR-EWARM/Projects/CyaSSL-Lib/test-main.c b/IDE/IAR-EWARM/Projects/test/test-main.c
similarity index 93%
rename from IDE/IAR-EWARM/Projects/CyaSSL-Lib/test-main.c
rename to IDE/IAR-EWARM/Projects/test/test-main.c
index 5ebfe3219..ad78746d5 100644
--- a/IDE/IAR-EWARM/Projects/CyaSSL-Lib/test-main.c
+++ b/IDE/IAR-EWARM/Projects/test/test-main.c
@@ -28,9 +28,10 @@ typedef struct func_args {
func_args args = { 0 } ;
-extern int ctaocrypt_test(void *args) ;
+extern int wolfcrypt_test(void *args) ;
main(void) {
- ctaocrypt_test(&args) ;
+ wolfcrypt_test(&args) ;
return 0;
}
+
diff --git a/IDE/IAR-EWARM/Projects/test/wolfCrypt-test.ewd b/IDE/IAR-EWARM/Projects/test/wolfCrypt-test.ewd
new file mode 100644
index 000000000..3f908a2d3
--- /dev/null
+++ b/IDE/IAR-EWARM/Projects/test/wolfCrypt-test.ewd
@@ -0,0 +1,1374 @@
+
+
+
+ 2
+
+ Debug
+
+ ARM
+
+ 1
+
+ C-SPY
+ 2
+
+ 26
+ 1
+ 1
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ ARMSIM_ID
+ 2
+
+ 1
+ 1
+ 1
+
+
+
+
+
+
+
+ ANGEL_ID
+ 2
+
+ 0
+ 1
+ 1
+
+
+
+
+
+
+
+
+
+
+
+ CMSISDAP_ID
+ 2
+
+ 2
+ 1
+ 1
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ GDBSERVER_ID
+ 2
+
+ 0
+ 1
+ 1
+
+
+
+
+
+
+
+
+
+
+ IARROM_ID
+ 2
+
+ 1
+ 1
+ 1
+
+
+
+
+
+
+
+
+ IJET_ID
+ 2
+
+ 6
+ 1
+ 1
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ JLINK_ID
+ 2
+
+ 15
+ 1
+ 1
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ LMIFTDI_ID
+ 2
+
+ 2
+ 1
+ 1
+
+
+
+
+
+
+
+
+
+ MACRAIGOR_ID
+ 2
+
+ 3
+ 1
+ 1
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ PEMICRO_ID
+ 2
+
+ 1
+ 1
+ 1
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ RDI_ID
+ 2
+
+ 2
+ 1
+ 1
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ STLINK_ID
+ 2
+
+ 2
+ 1
+ 1
+
+
+
+
+
+
+
+
+
+
+ THIRDPARTY_ID
+ 2
+
+ 0
+ 1
+ 1
+
+
+
+
+
+
+
+ XDS100_ID
+ 2
+
+ 2
+ 1
+ 1
+
+
+
+
+
+
+
+
+
+
+
+
+ $TOOLKIT_DIR$\plugins\middleware\HCCWare\HCCWare.ewplugin
+ 0
+
+
+ $TOOLKIT_DIR$\plugins\rtos\AVIX\AVIX.ENU.ewplugin
+ 0
+
+
+ $TOOLKIT_DIR$\plugins\rtos\CMX\CmxArmPlugin.ENU.ewplugin
+ 0
+
+
+ $TOOLKIT_DIR$\plugins\rtos\CMX\CmxTinyArmPlugin.ENU.ewplugin
+ 0
+
+
+ $TOOLKIT_DIR$\plugins\rtos\embOS\embOSPlugin.ewplugin
+ 0
+
+
+ $TOOLKIT_DIR$\plugins\rtos\MQX\MQXRtosPlugin.ewplugin
+ 0
+
+
+ $TOOLKIT_DIR$\plugins\rtos\OpenRTOS\OpenRTOSPlugin.ewplugin
+ 0
+
+
+ $TOOLKIT_DIR$\plugins\rtos\Quadros\Quadros_EWB7_Plugin.ewplugin
+ 0
+
+
+ $TOOLKIT_DIR$\plugins\rtos\SafeRTOS\SafeRTOSPlugin.ewplugin
+ 0
+
+
+ $TOOLKIT_DIR$\plugins\rtos\ThreadX\ThreadXArmPlugin.ENU.ewplugin
+ 0
+
+
+ $TOOLKIT_DIR$\plugins\rtos\TI-RTOS\tirtosplugin.ewplugin
+ 0
+
+
+ $TOOLKIT_DIR$\plugins\rtos\uCOS-II\uCOS-II-286-KA-CSpy.ewplugin
+ 0
+
+
+ $TOOLKIT_DIR$\plugins\rtos\uCOS-II\uCOS-II-KA-CSpy.ewplugin
+ 0
+
+
+ $TOOLKIT_DIR$\plugins\rtos\uCOS-III\uCOS-III-KA-CSpy.ewplugin
+ 0
+
+
+ $EW_DIR$\common\plugins\CodeCoverage\CodeCoverage.ENU.ewplugin
+ 1
+
+
+ $EW_DIR$\common\plugins\Orti\Orti.ENU.ewplugin
+ 0
+
+
+ $EW_DIR$\common\plugins\SymList\SymList.ENU.ewplugin
+ 1
+
+
+ $EW_DIR$\common\plugins\uCProbe\uCProbePlugin.ENU.ewplugin
+ 0
+
+
+
+
+
+
diff --git a/IDE/IAR-EWARM/Projects/test/wolfCrypt-test.ewp b/IDE/IAR-EWARM/Projects/test/wolfCrypt-test.ewp
new file mode 100644
index 000000000..ec45ce948
--- /dev/null
+++ b/IDE/IAR-EWARM/Projects/test/wolfCrypt-test.ewp
@@ -0,0 +1,978 @@
+
+
+
+ 2
+
+ Debug
+
+ ARM
+
+ 1
+
+ General
+ 3
+
+ 22
+ 1
+ 1
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ ICCARM
+ 2
+
+ 31
+ 1
+ 1
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ AARM
+ 2
+
+ 9
+ 1
+ 1
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ OBJCOPY
+ 0
+
+ 1
+ 1
+ 1
+
+
+
+
+
+
+
+
+ CUSTOM
+ 3
+
+
+
+ 0
+
+
+
+ BICOMP
+ 0
+
+
+
+ BUILDACTION
+ 1
+
+
+
+
+
+
+ ILINK
+ 0
+
+ 16
+ 1
+ 1
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ IARCHIVE
+ 0
+
+ 0
+ 1
+ 1
+
+
+
+
+
+
+ BILINK
+ 0
+
+
+
+
+ Config
+
+ $PROJ_DIR$\..\user_settings.h
+
+
+
+ Lib
+
+ $PROJ_DIR$\..\lib\ewarm\Exe\wolfSSL-Lib.a
+
+
+
+ Source
+
+ $PROJ_DIR$\..\common\minimum-startup.c
+
+
+ $PROJ_DIR$\test-main.c
+
+
+ $PROJ_DIR$\..\..\..\..\wolfcrypt\test\test.c
+
+
+
+
+
diff --git a/IDE/IAR-EWARM/Projects/user_settings.h b/IDE/IAR-EWARM/Projects/user_settings.h
new file mode 100644
index 000000000..5e4f36e9a
--- /dev/null
+++ b/IDE/IAR-EWARM/Projects/user_settings.h
@@ -0,0 +1,14 @@
+
+#define NO_MAIN_DRIVER
+#define BENCH_EMBEDDED
+#define SINGLE_THREADED
+#define NO_FILESYSTEM
+#define NO_WRITEV
+#define WOLFSSL_USER_IO
+#define NO_DEV_RANDOM
+#define USE_CERT_BUFFERS_2048
+#define WOLFSSL_USER_CURRTIME
+
+#define CUSTOM_RAND_GENERATE custom_rand_generate
+/* warning "write a real random seed!!!!, just for testing now" */
+static int custom_rand_generate(void) { return 0 ; }
\ No newline at end of file
diff --git a/IDE/IAR-EWARM/Projects/wolfssl.eww b/IDE/IAR-EWARM/Projects/wolfssl.eww
new file mode 100644
index 000000000..b080e4115
--- /dev/null
+++ b/IDE/IAR-EWARM/Projects/wolfssl.eww
@@ -0,0 +1,224 @@
+
+
+
+
+ $WS_DIR$\benchmark\wolfCrypt-benchmark.ewp
+
+
+ $WS_DIR$\test\wolfCrypt-test.ewp
+
+
+ $WS_DIR$\lib\wolfSSL-Lib.ewp
+
+
+
+ All Examples
+
+ driverlib
+ Debug
+
+
+ grlib
+ Debug
+
+
+ usblib
+ Debug
+
+
+ aes128_cbc_decrypt
+ Debug
+
+
+ aes128_cbc_encrypt
+ Debug
+
+
+ aes128_ccm_decrypt
+ Debug
+
+
+ aes128_ccm_encrypt
+ Debug
+
+
+ aes128_cmac
+ Debug
+
+
+ aes128_ecb_decrypt
+ Debug
+
+
+ aes128_ecb_encrypt
+ Debug
+
+
+ aes128_gcm_decrypt
+ Debug
+
+
+ aes128_gcm_encrypt
+ Debug
+
+
+ bitband
+ Debug
+
+
+ blinky
+ Debug
+
+
+ boot_demo_uart
+ Debug
+
+
+ boot_demo_usb
+ Debug
+
+
+ calibrate
+ Debug
+
+
+ crc32
+ Debug
+
+
+ enet_io
+ Debug
+
+
+ enet_lwip
+ Debug
+
+
+ enet_uip
+ Debug
+
+
+ fontview
+ Debug
+
+
+ gpio_jtag
+ Debug
+
+
+ grlib_demo
+ Debug
+
+
+ hello
+ Debug
+
+
+ hello_widget
+ Debug
+
+
+ hibernate
+ Debug
+
+
+ interrupts
+ Debug
+
+
+ lang_demo
+ Debug
+
+
+ mpu_fault
+ Debug
+
+
+ qs_weather
+ Debug
+
+
+ scribble
+ Debug
+
+
+ sd_card
+ Debug
+
+
+ sha1_hash
+ Debug
+
+
+ sha1_hmac
+ Debug
+
+
+ synth
+ Debug
+
+
+ tamper
+ Debug
+
+
+ tdes_cbc_decrypt
+ Debug
+
+
+ tdes_cbc_encrypt
+ Debug
+
+
+ timers
+ Debug
+
+
+ uart_echo
+ Debug
+
+
+ udma_demo
+ Debug
+
+
+ usb_dev_bulk
+ Debug
+
+
+ usb_dev_keyboard
+ Debug
+
+
+ usb_dev_msc
+ Debug
+
+
+ usb_host_hub
+ Debug
+
+
+ usb_host_msc
+ Debug
+
+
+ usb_otg_mouse
+ Debug
+
+
+ usb_stick_demo
+ Debug
+
+
+ usb_stick_update
+ Debug
+
+
+ watchdog
+ Debug
+
+
+
+
+
+
diff --git a/IDE/IAR-EWARM/README b/IDE/IAR-EWARM/README
index f393cae30..2731104ea 100644
--- a/IDE/IAR-EWARM/README
+++ b/IDE/IAR-EWARM/README
@@ -7,38 +7,38 @@ In order to generate project for specific target MPU, take following steps.
Included Project Files
-----------------------
-1. Workspace: CyaSSL-Lib.eww
- The workspace includes CyaSSL-Lib library and wolfCrypt-test, wolfCrypt-benchmark
- executable projects. The library project generates full set library of wolfCrypt
- and CyaSSL functions.
+1. Workspace: wolfssl.eww
+ The workspace includes wolfSSL-Lib library and wolfCrypt-test, wolfCrypt-benchmark
+ executable projects.
-2. Test suites Project: wolfCrypt-test.ewp
+2. wolfSSL-Lib Project: lib/wolfSSL-lib.ewp
+ generates full set library of wolfCrypt and wolfSSL functions.
+
+3. Test suites Project: test/wolfCrypt-test.ewp
generates test.out test suites executable
-3. Benchmark Project: wolfCrypt-benchmark.ewp
+4. Benchmark Project: benchmark/wolfCrypt-benchmark.ewp
generates benchmark.out benchmark executable
Set Up Steps
------------
0. Default Setting
Default Target of the projects are set to Cortex-M3 Simulator.
- For check the projects, you can build and download to the simulator.
+ user_settings.h includes default options for the projects.
+ You can build and download the to the simulator.
Open Terminal I/O window, by "view"->"Terminal I/O", and start execution.
1. Project option settings
For each project,...
General Options: Choose appropriate "Target" options
- For executable projects,...
+2. For executable projects,...
Add "SystemInit" and "startup" for your MPU
Debugger: Choose your debug "Driver"
-2. For benchmark project,...
- Write your own "current_time" benchmark timer under "defined(CYASSL_IAR_ARM)" in benchmark.c
-
-3. settings.h
- Uncomment the "CYASSL_IAR_ARM" define located in:
- /cyassl/ctaocrypt/settings.
+3. For benchmark project,...
+ Choose option for current_time function.
+ Or write own "current_time" benchmark timer with WOLFSSL_USER_CURRTIME option.
4. Build and download
Go to "Project->Make" and "Download and Debug" in Menu bar for EWARM build and download.
diff --git a/IDE/MDK-ARM/MDK-ARM/CyaSSL/Retarget.c b/IDE/MDK-ARM/MDK-ARM/wolfSSL/Retarget.c
similarity index 98%
rename from IDE/MDK-ARM/MDK-ARM/CyaSSL/Retarget.c
rename to IDE/MDK-ARM/MDK-ARM/wolfSSL/Retarget.c
index bb59c8ce1..573247983 100644
--- a/IDE/MDK-ARM/MDK-ARM/CyaSSL/Retarget.c
+++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/Retarget.c
@@ -55,7 +55,9 @@ int sendchar (int c)
int getkey (void)
{
int ch = SER_GetChar();
-
+ #if defined (HAVE_KEIL_RTX)
+ os_itv_wait ();
+ #endif
if (ch < 0) {
return 0;
}
@@ -250,7 +252,7 @@ char *_sys_command_string (char *cmd, int len)
void _sys_exit (int return_code)
{
-#ifdef CYASSL_MDK_SHELL
+#ifdef WOLFSSL_MDK_SHELL
return ;
#else
/* Endless loop. */
diff --git a/IDE/MDK-ARM/MDK-ARM/CyaSSL/cert_data.c b/IDE/MDK-ARM/MDK-ARM/wolfSSL/cert_data.c
similarity index 96%
rename from IDE/MDK-ARM/MDK-ARM/CyaSSL/cert_data.c
rename to IDE/MDK-ARM/MDK-ARM/wolfSSL/cert_data.c
index d6cef016d..a29e8fcbb 100644
--- a/IDE/MDK-ARM/MDK-ARM/CyaSSL/cert_data.c
+++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/cert_data.c
@@ -24,5 +24,5 @@
#endif
/* Define initial data for cert buffers */
-#include
+#include
diff --git a/IDE/MDK-ARM/MDK-ARM/CyaSSL/cert_data.h b/IDE/MDK-ARM/MDK-ARM/wolfSSL/cert_data.h
similarity index 95%
rename from IDE/MDK-ARM/MDK-ARM/CyaSSL/cert_data.h
rename to IDE/MDK-ARM/MDK-ARM/wolfSSL/cert_data.h
index 6629ee051..d06afdd1d 100644
--- a/IDE/MDK-ARM/MDK-ARM/CyaSSL/cert_data.h
+++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/cert_data.h
@@ -1,5 +1,5 @@
-#ifndef CYASSL_CERT_DATA_H
-#define CYASSL_CERT_DATA_H
+#ifndef WOLFSSL_CERT_DATA_H
+#define WOLFSSL_CERT_DATA_H
#ifdef USE_CERT_BUFFERS_1024
extern const unsigned char client_key_der_1024[] ;
diff --git a/IDE/MDK-ARM/MDK-ARM/CyaSSL/config-BARE-METAL.h b/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-BARE-METAL.h
similarity index 91%
rename from IDE/MDK-ARM/MDK-ARM/CyaSSL/config-BARE-METAL.h
rename to IDE/MDK-ARM/MDK-ARM/wolfSSL/config-BARE-METAL.h
index 56178bf79..5ce08dc3d 100644
--- a/IDE/MDK-ARM/MDK-ARM/CyaSSL/config-BARE-METAL.h
+++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-BARE-METAL.h
@@ -20,20 +20,21 @@
*/
-/**** CyaSSL for KEIL-RL Configuration ****/
+/**** wolfSSL for KEIL-RL Configuration ****/
#define __CORTEX_M3__
-#define CYASSL_MDK_ARM
+#define WOLFSSL_MDK_ARM
#define NO_WRITEV
-#define NO_CYASSL_DIR
-#define NO_MAIN_DRIVER
+#define NO_WOLFSSL_DIR
+//#define NO_MAIN_DRIVER
-#define CYASSL_DER_LOAD
+#define WOLFSSL_DER_LOAD
#define HAVE_NULL_CIPHER
#define SINGLE_THREADED
#define NO_FILESYSTEM
#define NO_TLS
+#define WOLFSSL_USER_IO
#define NO_ECHOSERVER
#define NO_ECHOCLIENT
@@ -48,10 +49,10 @@
// Command Shell
#define MDK_CONF_SHELL 1
#if MDK_CONF_SHELL == 1
-#define CYASSL_MDK_SHELL
+#define WOLFSSL_MDK_SHELL
#endif
//
-// CyaSSL Apps
+// wolfSSL Apps
// Crypt/Cipher
// Cert Storage <1=> Mem Buff (1024bytes) <2=> Mem Buff (2048bytes)
#define MDK_CONF_CERT_BUFF 1
@@ -95,14 +96,14 @@
//
-// CTaoCrypt Library
+// wolfCrypt Library
// MD5, SHA, SHA-256, AES, RC4, ASN, RSA
//
// MD2
#define MDK_CONF_MD2 0
#if MDK_CONF_MD2 == 1
-#define CYASSL_MD2
+#define WOLFSSL_MD2
#endif
//
// MD4
@@ -115,19 +116,19 @@
// This has to be with SHA512
#define MDK_CONF_SHA384 0
#if MDK_CONF_SHA384 == 1
-#define CYASSL_SHA384
+#define WOLFSSL_SHA384
#endif
//
// SHA-512
#define MDK_CONF_SHA512 0
#if MDK_CONF_SHA512 == 1
-#define CYASSL_SHA512
+#define WOLFSSL_SHA512
#endif
//
// RIPEMD
#define MDK_CONF_RIPEMD 0
#if MDK_CONF_RIPEMD == 1
-#define CYASSL_RIPEMD
+#define WOLFSSL_RIPEMD
#endif
//
// HMAC
@@ -169,7 +170,7 @@
//
// DH
-// need this for CYASSL_SERVER, OPENSSL_EXTRA
+// need this for WOLFSSL_SERVER, OPENSSL_EXTRA
#define MDK_CONF_DH 1
#if MDK_CONF_DH == 0
#define NO_DH
@@ -233,13 +234,13 @@
// Debug Message
#define MDK_CONF_DebugMessage 0
#if MDK_CONF_DebugMessage == 1
-#define DEBUG_CYASSL
+#define DEBUG_WOLFSSL
#endif
//
// Check malloc
#define MDK_CONF_CheckMalloc 1
#if MDK_CONF_CheckMalloc == 1
-#define CYASSL_MALLOC_CHECK
+#define WOLFSSL_MALLOC_CHECK
#endif
//
@@ -274,7 +275,7 @@
// Small Stack
#define MDK_CONF_SmallStack 1
#if MDK_CONF_SmallStack == 0
-#define NO_CYASSL_SMALL_STACK
+#define NO_WOLFSSL_SMALL_STACK
#endif
//
// Use Fast Math
diff --git a/IDE/MDK-ARM/MDK-ARM/CyaSSL/config-FS.h b/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-FS.h
similarity index 91%
rename from IDE/MDK-ARM/MDK-ARM/CyaSSL/config-FS.h
rename to IDE/MDK-ARM/MDK-ARM/wolfSSL/config-FS.h
index 6d348a719..37c92f446 100644
--- a/IDE/MDK-ARM/MDK-ARM/CyaSSL/config-FS.h
+++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-FS.h
@@ -20,16 +20,16 @@
*/
-/**** CyaSSL for KEIL-RL Configuration ****/
+/**** wolfSSL for KEIL-RL Configuration ****/
#define __CORTEX_M3__
-#define CYASSL_KEIL_RL
+#define WOLFSSL_KEIL_RL
#define NO_WRITEV
-#define NO_CYASSL_DIR
+#define NO_WOLFSSL_DIR
#define NO_MAIN_DRIVER
+#define WOLFSSL_USER_IO
-
-#define CYASSL_DER_LOAD
+#define WOLFSSL_DER_LOAD
#define HAVE_NULL_CIPHER
#define SINGLE_THREADED
@@ -47,10 +47,10 @@
// Command Shell
#define MDK_CONF_SHELL 1
#if MDK_CONF_SHELL == 1
-#define CYASSL_MDK_SHELL
+#define WOLFSSL_MDK_SHELL
#endif
//
-// CyaSSL Apps
+// wolfSSL Apps
// Crypt/Cipher
// Cert Storage <0=> SD Card <1=> Mem Buff (1024bytes) <2=> Mem Buff (2048bytes)
#define MDK_CONF_CERT_BUFF 0
@@ -92,7 +92,7 @@
//
-// CyaSSL Library
+// wolfSSL Library
// SSL (Included by default)
//
@@ -106,19 +106,19 @@
// CertGen
#define MDK_CONF_CERT_GEN 0
#if MDK_CONF_CERT_GEN == 1
-#define CYASSL_CERT_GEN
+#define WOLFSSL_CERT_GEN
#endif
//
// KeyGen
#define MDK_CONF_KEY_GEN 0
#if MDK_CONF_KEY_GEN == 1
-#define CYASSL_KEY_GEN
+#define WOLFSSL_KEY_GEN
#endif
//
// CRL
#define MDK_CONF_DER_LOAD 0
#if MDK_CONF_DER_LOAD == 1
-#define CYASSL_DER_LOAD
+#define WOLFSSL_DER_LOAD
#endif
//
// OpenSSL Extra
@@ -132,7 +132,7 @@
//
-// CTaoCrypt Library
+// wolfCrypt Library
// MD5, SHA, SHA-256, AES, RC4, ASN, RSA
//
@@ -140,7 +140,7 @@
// MD2
#define MDK_CONF_MD2 0
#if MDK_CONF_MD2 == 1
-#define CYASSL_MD2
+#define WOLFSSL_MD2
#endif
//
// MD4
@@ -153,19 +153,19 @@
// This has to be with SHA512
#define MDK_CONF_SHA384 0
#if MDK_CONF_SHA384 == 1
-#define CYASSL_SHA384
+#define WOLFSSL_SHA384
#endif
//
// SHA-512
#define MDK_CONF_SHA512 0
#if MDK_CONF_SHA512 == 1
-#define CYASSL_SHA512
+#define WOLFSSL_SHA512
#endif
//
// RIPEMD
#define MDK_CONF_RIPEMD 0
#if MDK_CONF_RIPEMD == 1
-#define CYASSL_RIPEMD
+#define WOLFSSL_RIPEMD
#endif
//
// HMAC
@@ -207,7 +207,7 @@
//
// DH
-// need this for CYASSL_SERVER, OPENSSL_EXTRA
+// need this for WOLFSSL_SERVER, OPENSSL_EXTRA
#define MDK_CONF_DH 1
#if MDK_CONF_DH == 0
#define NO_DH
@@ -271,13 +271,13 @@
// Debug Message
#define MDK_CONF_DebugMessage 0
#if MDK_CONF_DebugMessage == 1
-#define DEBUG_CYASSL
+#define DEBUG_WOLFSSL
#endif
//
// Check malloc
#define MDK_CONF_CheckMalloc 1
#if MDK_CONF_CheckMalloc == 1
-#define CYASSL_MALLOC_CHECK
+#define WOLFSSL_MALLOC_CHECK
#endif
//
@@ -312,7 +312,7 @@
// Small Stack
#define MDK_CONF_SmallStack 1
#if MDK_CONF_SmallStack == 0
-#define NO_CYASSL_SMALL_STACK
+#define NO_WOLFSSL_SMALL_STACK
#endif
//
// Use Fast Math
diff --git a/IDE/MDK-ARM/MDK-ARM/CyaSSL/config-RTX-TCP-FS.h b/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-RTX-TCP-FS.h
similarity index 88%
rename from IDE/MDK-ARM/MDK-ARM/CyaSSL/config-RTX-TCP-FS.h
rename to IDE/MDK-ARM/MDK-ARM/wolfSSL/config-RTX-TCP-FS.h
index 4f513ef14..454b86bce 100644
--- a/IDE/MDK-ARM/MDK-ARM/CyaSSL/config-RTX-TCP-FS.h
+++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-RTX-TCP-FS.h
@@ -20,20 +20,20 @@
*/
-/**** CyaSSL for KEIL-RL Configuration ****/
+
+/**** wolfSSL for MDK-RTX-TCP-FS Configuration ****/
#define __CORTEX_M3__
-#define CYASSL_MDK_ARM
+#define WOLFSSL_MDK_ARM
#define NO_WRITEV
-#define NO_CYASSL_DIR
+#define NO_WOLFSSL_DIR
#define NO_MAIN_DRIVER
-
-#define CYASSL_DER_LOAD
+#define WOLFSSL_DER_LOAD
#define HAVE_NULL_CIPHER
#define HAVE_KEIL_RTX
-#define CYASSL_KEIL_TCP_NET
+#define WOLFSSL_KEIL_TCP_NET
// <<< Use Configuration Wizard in Context Menu >>>
@@ -43,10 +43,10 @@
// Command Shell
#define MDK_CONF_SHELL 1
#if MDK_CONF_SHELL == 1
-#define CYASSL_MDK_SHELL
+#define WOLFSSL_MDK_SHELL
#endif
//
-// CyaSSL Apps
+// wolfSSL Apps
// Crypt/Cipher
// Cert Storage <0=> SD Card <1=> Mem Buff (1024bytes) <2=> Mem Buff (2048bytes)
#define MDK_CONF_CERT_BUFF 0
@@ -115,7 +115,7 @@
//
-// CyaSSL Library
+// wolfSSL Library
// SSL (Included by default)
//
@@ -129,23 +129,23 @@
// CertGen
#define MDK_CONF_CERT_GEN 0
#if MDK_CONF_CERT_GEN == 1
-#define CYASSL_CERT_GEN
+#define WOLFSSL_CERT_GEN
#endif
//
// KeyGen
#define MDK_CONF_KEY_GEN 0
#if MDK_CONF_KEY_GEN == 1
-#define CYASSL_KEY_GEN
+#define WOLFSSL_KEY_GEN
#endif
//
// CRL
#define MDK_CONF_DER_LOAD 0
#if MDK_CONF_DER_LOAD == 1
-#define CYASSL_DER_LOAD
+#define WOLFSSL_DER_LOAD
#endif
//
// OpenSSL Extra
-#define MDK_CONF_OPENSSL_EXTRA 1
+#define MDK_CONF_OPENSSL_EXTRA 0
#if MDK_CONF_OPENSSL_EXTRA == 1
#define OPENSSL_EXTRA
#endif
@@ -155,18 +155,18 @@
//
-// CTaoCrypt Library
+// wolfCrypt Library
// MD5, SHA, SHA-256, AES, RC4, ASN, RSA
//
// MD2
#define MDK_CONF_MD2 0
#if MDK_CONF_MD2 == 1
-#define CYASSL_MD2
+#define WOLFSSL_MD2
#endif
//
// MD4
-#define MDK_CONF_MD4 1
+#define MDK_CONF_MD4 0
#if MDK_CONF_MD4 == 0
#define NO_MD4
#endif
@@ -175,19 +175,19 @@
// This has to be with SHA512
#define MDK_CONF_SHA384 0
#if MDK_CONF_SHA384 == 1
-#define CYASSL_SHA384
+#define WOLFSSL_SHA384
#endif
//
// SHA-512
#define MDK_CONF_SHA512 0
#if MDK_CONF_SHA512 == 1
-#define CYASSL_SHA512
+#define WOLFSSL_SHA512
#endif
//
// RIPEMD
-#define MDK_CONF_RIPEMD 1
+#define MDK_CONF_RIPEMD 0
#if MDK_CONF_RIPEMD == 1
-#define CYASSL_RIPEMD
+#define WOLFSSL_RIPEMD
#endif
//
// HMAC
@@ -216,7 +216,7 @@
#endif
//
// DES3
-#define MDK_CONF_DES3 1
+#define MDK_CONF_DES3 0
#if MDK_CONF_DES3 == 0
#define NO_DES3
#endif
@@ -229,7 +229,7 @@
//
// DH
-// need this for CYASSL_SERVER, OPENSSL_EXTRA
+// need this for WOLFSSL_SERVER, OPENSSL_EXTRA
#define MDK_CONF_DH 1
#if MDK_CONF_DH == 0
#define NO_DH
@@ -249,7 +249,7 @@
//
// ECC
-#define MDK_CONF_ECC 1
+#define MDK_CONF_ECC 0
#if MDK_CONF_ECC == 1
#define HAVE_ECC
#endif
@@ -293,13 +293,13 @@
// Debug Message
#define MDK_CONF_DEBUG_MSG 0
#if MDK_CONF_DEBUG_MSG == 1
-#define DEBUG_CYASSL
+#define DEBUG_WOLFSSL
#endif
//
// Check malloc
#define MDK_CONF_CHECK_MALLOC 1
#if MDK_CONF_CHECK_MALLOC == 1
-#define CYASSL_MALLOC_CHECK
+#define WOLFSSL_MALLOC_CHECK
#endif
//
@@ -325,7 +325,7 @@
//
// Error Strings
-#define MDK_CONF_ErrorStrings 1
+#define MDK_CONF_ErrorStrings 0
#if MDK_CONF_ErrorStrings == 0
#define NO_ERROR_STRINGS
#endif
@@ -334,13 +334,14 @@
// Small Stack
#define MDK_CONF_SMALL_STACK 1
#if MDK_CONF_SMALL_STACK == 0
-#define NO_CYASSL_SMALL_STACK
+#define NO_WOLFSSL_SMALL_STACK
#endif
//
// Use Fast Math
-#define MDK_CONF_FASTMATH 0
+#define MDK_CONF_FASTMATH 1
#if MDK_CONF_FASTMATH == 1
#define USE_FAST_MATH
+#define TFM_TIMING_RESISTANT
#endif
//
@@ -349,3 +350,4 @@
//
// <<< end of configuration section >>>
+
diff --git a/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-WOLFLIB.h b/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-WOLFLIB.h
new file mode 100644
index 000000000..3f4ddf4f6
--- /dev/null
+++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-WOLFLIB.h
@@ -0,0 +1,13 @@
+
+#define SINGLE_THREADED /* or define RTOS option */
+
+#define WOLFSSL_USER_IO /* Use own TCP/IP lib */
+
+#define NO_DEV_RANDOM
+#define WOLFSSL_MDK_ARM
+
+#define NO_WOLFSSL_DIR
+#define NO_WRITEV
+
+#define USE_FAST_MATH
+#define TFM_TIMING_RESISTANT
diff --git a/IDE/MDK-ARM/MDK-ARM/CyaSSL/config.h b/IDE/MDK-ARM/MDK-ARM/wolfSSL/config.h
similarity index 75%
rename from IDE/MDK-ARM/MDK-ARM/CyaSSL/config.h
rename to IDE/MDK-ARM/MDK-ARM/wolfSSL/config.h
index fff7a5ab8..3f5c11191 100644
--- a/IDE/MDK-ARM/MDK-ARM/CyaSSL/config.h
+++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/config.h
@@ -19,20 +19,26 @@
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
*/
-
-/**** CyaSSL for KEIL-RL Configuration ****/
+#ifndef MDK_CONFIG_H__
+#define MDK_CONFIG_H__
+/**** wolfSSL for KEIL-RL Configuration ****/
#define __CORTEX_M3__
-#define CYASSL_MDK_ARM
+#define WOLFSSL_MDK_ARM
+
#define NO_WRITEV
-#define NO_CYASSL_DIR
+#define NO_WOLFSSL_DIR
+#define NO_MAIN_DRIVER
/* for Retarget.c */
#define STDIO
#define BENCH_EMBEDDED
-#define CYASSL_DER_LOAD
+#define WOLFSSL_DER_LOAD
#define HAVE_NULL_CIPHER
+#define WOLFSSL_USER_TIME
+#define NO_TIME_H
+static int ValidateDate(const unsigned char* date, unsigned char format, int dateType){ return 1; }
#if defined(MDK_CONF_RTX_TCP_FS)
#include "config-RTX-TCP-FS.h"
@@ -42,5 +48,8 @@
#include "config-FS.h"
#elif defined(MDK_CONF_BARE_METAL)
#include "config-BARE-METAL.h"
+#elif defined(MDK_WOLFLIB)
+#include "config-WOLFLIB.h"
#endif
+#endif
diff --git a/IDE/MDK-ARM/MDK-ARM/CyaSSL/main.c b/IDE/MDK-ARM/MDK-ARM/wolfSSL/main.c
similarity index 85%
rename from IDE/MDK-ARM/MDK-ARM/CyaSSL/main.c
rename to IDE/MDK-ARM/MDK-ARM/wolfSSL/main.c
index db48b833d..a12d16249 100644
--- a/IDE/MDK-ARM/MDK-ARM/CyaSSL/main.c
+++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/main.c
@@ -23,12 +23,12 @@
#include
#endif
-#include
-#include
+#include
+#include
#include
#include
-#include "cyassl_MDK_ARM.h"
+#include "wolfssl_MDK_ARM.h"
/*-----------------------------------------------------------------------------
* Initialize a Flash Memory Card
@@ -53,11 +53,11 @@ static void init_card (void)
/*-----------------------------------------------------------------------------
* TCP/IP tasks
*----------------------------------------------------------------------------*/
-#ifdef CYASSL_KEIL_TCP_NET
+#ifdef WOLFSSL_KEIL_TCP_NET
__task void tcp_tick (void)
{
- CYASSL_MSG("Time tick started.") ;
+ WOLFSSL_MSG("Time tick started.") ;
#if defined (HAVE_KEIL_RTX)
os_itv_set (10);
#endif
@@ -73,7 +73,7 @@ __task void tcp_tick (void)
__task void tcp_poll (void)
{
- CYASSL_MSG("TCP polling started.\n") ;
+ WOLFSSL_MSG("TCP polling started.\n") ;
while (1) {
main_TcpNet ();
#if defined (HAVE_KEIL_RTX)
@@ -83,13 +83,13 @@ __task void tcp_poll (void)
}
#endif
-#if defined(HAVE_KEIL_RTX) && defined(CYASSL_MDK_SHELL)
+#if defined(HAVE_KEIL_RTX) && defined(WOLFSSL_MDK_SHELL)
#define SHELL_STACKSIZE 1000
static unsigned char Shell_stack[SHELL_STACKSIZE] ;
#endif
-#if defined(CYASSL_MDK_SHELL)
+#if defined(WOLFSSL_MDK_SHELL)
extern void shell_main(void) ;
#endif
@@ -104,14 +104,14 @@ extern void SER_Init(void) ;
/*** This is the parent task entry ***/
void main_task (void)
{
- #ifdef CYASSL_KEIL_TCP_NET
+ #ifdef WOLFSSL_KEIL_TCP_NET
init_TcpNet ();
os_tsk_create (tcp_tick, 2);
os_tsk_create (tcp_poll, 1);
#endif
- #ifdef CYASSL_MDK_SHELL
+ #ifdef WOLFSSL_MDK_SHELL
#ifdef HAVE_KEIL_RTX
os_tsk_create_user(shell_main, 1, Shell_stack, SHELL_STACKSIZE) ;
#else
@@ -127,7 +127,7 @@ void main_task (void)
#endif
#ifdef HAVE_KEIL_RTX
- CYASSL_MSG("Terminating tcp_main\n") ;
+ WOLFSSL_MSG("Terminating tcp_main\n") ;
os_tsk_delete_self ();
#endif
@@ -137,28 +137,24 @@ void main_task (void)
int myoptind = 0;
char* myoptarg = NULL;
-#if defined(DEBUG_CYASSL)
- extern void CyaSSL_Debugging_ON(void) ;
+#if defined(DEBUG_WOLFSSL)
+ extern void wolfSSL_Debugging_ON(void) ;
#endif
/*** main entry ***/
-extern void init_time(void) ;
extern void SystemInit(void);
int main() {
SystemInit();
- SER_Init() ;
#if !defined(NO_FILESYSTEM)
init_card () ; /* initializing SD card */
#endif
- init_time() ;
-
- #if defined(DEBUG_CYASSL)
+ #if defined(DEBUG_WOLFSSL)
printf("Turning ON Debug message\n") ;
- CyaSSL_Debugging_ON() ;
+ wolfSSL_Debugging_ON() ;
#endif
#ifdef HAVE_KEIL_RTX
diff --git a/IDE/MDK-ARM/MDK-ARM/CyaSSL/shell.c b/IDE/MDK-ARM/MDK-ARM/wolfSSL/shell.c
similarity index 90%
rename from IDE/MDK-ARM/MDK-ARM/CyaSSL/shell.c
rename to IDE/MDK-ARM/MDK-ARM/wolfSSL/shell.c
index 58b645e0e..446efbe20 100644
--- a/IDE/MDK-ARM/MDK-ARM/CyaSSL/shell.c
+++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/shell.c
@@ -19,26 +19,26 @@
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
*/
- /*** tiny Shell for CyaSSL apps ***/
+ /*** tiny Shell for wolfSSL apps ***/
#ifdef HAVE_CONFIG_H
#include
#endif
-#include "cyassl/internal.h"
-#undef RNG
-#include
+#include
-#if defined(CYASSL_MDK_ARM)
+#include
+
+#if defined(WOLFSSL_MDK_ARM)
#include
#include
#include
#include
- #include "cyassl_MDK_ARM.h"
+ #include "wolfssl_MDK_ARM.h"
#endif
-#ifdef CYASSL_KEIL_NET
-#include "cyassl/test.h"
+#ifdef WOLFSSL_KEIL_NET
+#include "wolfassl/test.h"
#else
typedef struct func_args {
int argc;
@@ -66,7 +66,7 @@ typedef struct func_args {
#define ctaocrypt_test command_not_found
#endif
-#ifndef CYASSL_KEIL_NET
+#ifndef WOLFSSL_KEIL_NET
#define ipaddr_comm command_not_found
#endif
@@ -75,7 +75,7 @@ typedef struct func_args {
#endif
-#if !defined(DEBUG_CYASSL)
+#if !defined(DEBUG_WOLFSSL)
#define dbg_comm command_not_found
#endif
@@ -87,11 +87,11 @@ void command_not_found(void *argv) {
extern void echoclient_test(void *args) ;
extern void echoserver_test(void *args) ;
extern void benchmark_test(void *args) ;
-extern void ctaocrypt_test(void *args) ;
+extern void wolfcrypt_test(void *args) ;
extern void client_test(void *args) ;
extern void server_test(void *args) ;
extern void kill_task(void *args) ;
-extern void time_main(void *args) ;
+
extern void ipaddr_comm(void *args) ;
extern void stack_comm(void *args) ;
extern void for_command(void *args) ;
@@ -103,7 +103,7 @@ extern void help_comm(void *arg) ;
#ifndef NO_MD5
extern void md5_test(void *arg) ;
#endif
-#ifdef CYASSL_MD2
+#ifdef WOLFSSL_MD2
extern void md2_test(void *arg) ;
#endif
#ifndef NO_MD4
@@ -115,15 +115,15 @@ extern void sha_test(void *arg) ;
#ifndef NO_SHA256
extern void sha256_test(void *arg) ;
#endif
-#ifdef CYASSL_SHA384
+#ifdef WOLFSSL_SHA384
extern void sha384_test(void *arg) ;
#endif
-#ifdef CYASSL_SHA512
+#ifdef WOLFSSL_SHA512
extern void sha512_test(void *arg) ;
#endif
-#ifdef CYASSL_RIPEMD
+#ifdef WOLFSSL_RIPEMD
extern void ripemd_test(void *arg) ;
#endif
#ifndef NO_HMAC
@@ -136,7 +136,7 @@ extern void hmac_sha_test(void *arg) ;
extern void hmac_sha256_test(void *arg) ;
#endif
- #ifdef CYASSL_SHA384
+ #ifdef WOLFSSL_SHA384
extern void hmac_sha384_test(void *arg) ;
#endif
#endif
@@ -206,10 +206,9 @@ static struct {
"echoclient", echoclient_test,
"echoserver", echoserver_test,
"benchmark", benchmark_test,
- "test", ctaocrypt_test,
+ "test", wolfcrypt_test,
"client", client_test,
"server", server_test,
- "time", time_main, /* get/set RTC: [-d yy/mm/dd] [-t hh:mm:ss]*/
"ipaddr", ipaddr_comm, /* TBD */
"stack", stack_comm, /* On/Off check stack size */
"for", for_command, /* iterate next command X times */
@@ -220,7 +219,7 @@ static struct {
"ec", echoclient_test,
"es", echoserver_test,
"bm", benchmark_test,
- "te", ctaocrypt_test,
+ "te", wolfcrypt_test,
"cl", client_test,
"sv", server_test,
"ip", ipaddr_comm,
@@ -233,7 +232,7 @@ static struct {
#ifndef NO_MD5
"md5", md5_test,
#endif
-#ifdef CYASSL_MD2
+#ifdef WOLFSSL_MD2
"md2", md2_test,
#endif
#ifndef NO_MD4
@@ -243,13 +242,13 @@ static struct {
#ifndef NO_SHA256
"sha256", sha256_test,
#endif
-#ifdef CYASSL_SHA384
+#ifdef WOLFSSL_SHA384
"sha384", sha384_test,
#endif
-#ifdef CYASSL_SHA512
+#ifdef WOLFSSL_SHA512
"sha512", sha512_test,
#endif
-#ifdef CYASSL_RIPEMD
+#ifdef WOLFSSL_RIPEMD
"ripemd", ripemd_test,
#endif
#ifndef NO_HMAC
@@ -260,7 +259,7 @@ static struct {
#ifndef NO_SHA256
"hmac_sha256", hmac_sha256_test,
#endif
- #ifdef CYASSL_SHA384
+ #ifdef WOLFSSL_SHA384
"hmac_sha384", hmac_sha384_test,
#endif
#endif
@@ -362,18 +361,18 @@ static int BackGround = 0 ; /* 1: background job is running */
/************* Embedded Shell Commands **********************************/
#define IP_SIZE 16
-#ifdef CYASSL_KEIL_NET
+#ifdef WOLFSSL_KEIL_NET
static void ipaddr_comm(void *args)
{
if(((func_args *)args)->argc == 1) {
- printf("IP addr: %s, port %d\n", yasslIP, yasslPort) ;
+ printf("IP addr: %s, port %d\n", wolfSSLIP, wolfSSLPort) ;
} else {
if(BackGround != 0) {
printf("Cannot change IP addr while background server is running\n") ;
} else if(((func_args *)args)->argc == 3 &&
((func_args *)args)->argv[1][0] == '-'&&
((func_args *)args)->argv[1][1] == 'a' ) {
-/* strcpy(yasslIP, ((func_args *)args)->argv[2]) ; */
+/* strcpy(wolfSSLIP, ((func_args *)args)->argv[2]) ; */
} else if(((func_args *)args)->argc == 3 &&
((func_args *)args)->argv[1][0] == '-' &&
((func_args *)args)->argv[1][1] == 'p' ) {
@@ -442,20 +441,20 @@ static void for_command(void *args)
}
-#if defined(DEBUG_CYASSL)
+#if defined(DEBUG_WOLFSSL)
-static int CyasslDebug = 1 ;
+static int wolfsslDebug = 1 ;
static void dbg_comm(void *args)
{
- if(CyasslDebug == 1) {
- CyasslDebug = 0 ;
+ if(wolfsslDebug == 1) {
+ wolfsslDebug = 0 ;
printf("Turning OFF Debug message\n") ;
- CyaSSL_Debugging_OFF() ;
+ wolfSSL_Debugging_OFF() ;
} else {
- CyasslDebug = 1 ;
+ wolfsslDebug = 1 ;
printf("Turning ON Debug message\n") ;
- CyaSSL_Debugging_ON() ;
+ wolfSSL_Debugging_ON() ;
}
}
#endif
@@ -467,20 +466,20 @@ static void help_comm(void *args)
-#define BG_JOB_STACK_SIZE 12000
+#define BG_JOB_STACK_SIZE 16000
#if (!defined(NO_SIMPLE_SERVER) && !defined(NO_ECHOSERVER)) && \
defined(HAVE_KEIL_RTX)
static char bg_job_stack[BG_JOB_STACK_SIZE] ;
#endif
-#define COMMAND_STACK_SIZE 12000
+#define COMMAND_STACK_SIZE 16000
#if defined(HAVE_KEIL_RTX)
static char command_stack[COMMAND_STACK_SIZE] ;
#endif
#ifdef HAVE_KEIL_RTX
-static CyaSSL_Mutex command_mutex ;
+static wolfSSL_Mutex command_mutex ;
#endif
/*********** Invoke Forground Command *********************/
@@ -491,7 +490,7 @@ static void command_invoke(void *args)
func = (void(*)(void *))((func_args *)args)->argv[0] ;
#ifdef HAVE_KEIL_RTX
- LockMutex((CyaSSL_Mutex *)&command_mutex) ;
+ LockMutex((wolfSSL_Mutex *)&command_mutex) ;
#endif
iteration = for_iteration ;
for(i=0; i< iteration; i++) {
@@ -509,7 +508,7 @@ static void command_invoke(void *args)
if(iteration > 1)
for_iteration = 1 ;
#ifdef HAVE_KEIL_RTX
- UnLockMutex((CyaSSL_Mutex *)&command_mutex) ;
+ UnLockMutex((wolfSSL_Mutex *)&command_mutex) ;
os_tsk_delete_self() ;
#endif
}
@@ -525,7 +524,7 @@ static void bg_job_invoke(void *args)
func = (void(*)(void *))((func_args *)args)->argv[0] ;
func(args) ; /* invoke command */
stack_check(bg_job_stack, BG_JOB_STACK_SIZE) ;
- #ifdef CYASSL_KEIL_NET
+ #ifdef WOLFSSL_KEIL_NET
init_TcpNet ();
#endif
BackGround = 0 ;
@@ -550,7 +549,6 @@ void shell_main(void) {
#if defined(HAVE_KEIL_RTX)
InitMutex(&command_mutex) ;
#endif
- time_main(NULL) ;
printf("Starting Shell\n") ;
while(1) {
if(getline(line, LINESIZE, &args, &bf_flg) > 0) {
@@ -559,14 +557,14 @@ void shell_main(void) {
args.argv[0] = (char *) commandTable[i].func ;
if(bf_flg == FORGROUND) {
#ifdef HAVE_KEIL_RTX
- UnLockMutex((CyaSSL_Mutex *)&command_mutex) ;
+ UnLockMutex((wolfSSL_Mutex *)&command_mutex) ;
os_tsk_create_user_ex( (void(*)(void *))&command_invoke, 7,
command_stack, COMMAND_STACK_SIZE, &args) ;
#else
command_invoke(&args) ;
#endif
#ifdef HAVE_KEIL_RTX
- LockMutex((CyaSSL_Mutex *)&command_mutex) ;
+ LockMutex((wolfSSL_Mutex *)&command_mutex) ;
#endif
} else {
#if (!defined(NO_SIMPLE_SERVER) && \
diff --git a/IDE/MDK-ARM/MDK-ARM/CyaSSL/ssl-dummy.c b/IDE/MDK-ARM/MDK-ARM/wolfSSL/time-CortexM3-4.c
similarity index 61%
rename from IDE/MDK-ARM/MDK-ARM/CyaSSL/ssl-dummy.c
rename to IDE/MDK-ARM/MDK-ARM/wolfSSL/time-CortexM3-4.c
index aee366966..ca5046138 100644
--- a/IDE/MDK-ARM/MDK-ARM/CyaSSL/ssl-dummy.c
+++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/time-CortexM3-4.c
@@ -1,4 +1,4 @@
-/* ssl-dummy.c
+/* time-STM32F2.c
*
* Copyright (C) 2006-2015 wolfSSL Inc.
*
@@ -18,36 +18,24 @@
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
*/
-
+
#ifdef HAVE_CONFIG_H
#include
#endif
-#include
-#include
-#include
-#include
-Signer* GetCA(void* vp, byte* hash)
-{
- Signer*s ;
- return s ;
-}
-
-int CyaSSL_dtls(CYASSL* ssl)
+#include
+#define DWT ((DWT_Type *) (0xE0001000UL) )
+typedef struct
{
- return ssl->options.dtls;
-}
+ uint32_t CTRL; /*!< Offset: 0x000 (R/W) Control Register */
+ uint32_t CYCCNT; /*!< Offset: 0x004 (R/W) Cycle Count Register */
+} DWT_Type;
-int CyaSSL_get_using_nonblock(CYASSL* ssl)
-{
- CYASSL_ENTER("CyaSSL_get_using_nonblock");
- CYASSL_LEAVE("CyaSSL_get_using_nonblock", ssl->options.usingNonblock);
- return ssl->options.usingNonblock;
-}
+extern uint32_t SystemCoreClock ;
-Signer* GetCAByName(void* vp, byte* hash)
+double current_time(int reset)
{
- Signer * ca ;
- return(ca) ;
+ if(reset) DWT->CYCCNT = 0 ;
+ return ((double)DWT->CYCCNT/SystemCoreClock) ;
}
diff --git a/IDE/MDK-ARM/MDK-ARM/wolfSSL/time-dummy.c b/IDE/MDK-ARM/MDK-ARM/wolfSSL/time-dummy.c
new file mode 100644
index 000000000..ba1a6a734
--- /dev/null
+++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/time-dummy.c
@@ -0,0 +1,34 @@
+/* time-dummy.c.c
+ *
+ * Copyright (C) 2006-2015 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL. (formerly known as CyaSSL)
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+ #include
+#endif
+
+#include "time.h"
+
+struct tm *wolfssl_MDK_gmtime(const time_t *c)
+{
+ static struct tm date ;
+ return(&date) ;
+}
+
+time_t time(time_t * t) { return 0 ; }
diff --git a/IDE/MDK-ARM/MDK-ARM/CyaSSL/cyassl_MDK_ARM.c b/IDE/MDK-ARM/MDK-ARM/wolfSSL/wolfssl_MDK_ARM.c
similarity index 71%
rename from IDE/MDK-ARM/MDK-ARM/CyaSSL/cyassl_MDK_ARM.c
rename to IDE/MDK-ARM/MDK-ARM/wolfSSL/wolfssl_MDK_ARM.c
index 23ca2f63c..ab71b87ab 100644
--- a/IDE/MDK-ARM/MDK-ARM/CyaSSL/cyassl_MDK_ARM.c
+++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/wolfssl_MDK_ARM.c
@@ -1,4 +1,4 @@
-/* cyassl_MDK_ARM.c
+/* wolfssl_KEIL_RL.c
*
* Copyright (C) 2006-2015 wolfSSL Inc.
*
@@ -27,22 +27,29 @@
#include
#endif
-#include
-#if defined (CYASSL_MDK5)
- #include "cmsis_os.h"
- #if defined(CYASSL_KEIL_TCP_NET)
- #include "rl_net.h"
- #endif
-#else
- #include
+#include
+
+#if defined(WOLFSSL_MDK_ARM)
+ #include
+ #include
+
+ #if defined(WOLFSSL_MDK5)
+ #include "cmsis_os.h"
+ #include "rl_fs.h"
+ #include "rl_net.h"
+ #else
+ #include "rtl.h"
+ #endif
+
+ #include "wolfssl_MDK_ARM.h"
#endif
-#include "cyassl_MDK_ARM.h"
+#include "wolfssl_MDK_ARM.h"
-#include
-#include
+#include
+#include
-#if defined (CYASSL_CMSIS_RTOS)
+#if defined (WOLFSSL_CMSIS_RTOS)
#define os_dly_wait(t) osDelay(10*t)
#endif
@@ -50,7 +57,7 @@
/** KEIL-RL TCPnet ****/
/** TCPnet BSD socket does not have following functions. **/
-#if defined(CYASSL_KEIL_TCP_NET)
+#if defined(WOLFSSL_KEIL_TCP_NET)
char *inet_ntoa(struct in_addr in)
{
#define NAMESIZE 16
@@ -69,10 +76,10 @@ unsigned long inet_addr(const char *cp)
/*** tcp_connect is actually associated with following syassl_tcp_connect. ***/
-int Cyassl_connect(int sd, const struct sockaddr* sa, int sz)
+int wolfssl_connect(int sd, const struct sockaddr* sa, int sz)
{
int ret = 0 ;
- #if defined(CYASSL_KEIL_TCP_NET)
+ #if defined(WOLFSSL_KEIL_TCP_NET)
SOCKADDR_IN addr ;
@@ -83,100 +90,100 @@ int Cyassl_connect(int sd, const struct sockaddr* sa, int sz)
ret = connect(sd, (SOCKADDR *)&addr, sizeof(addr)) ;
os_dly_wait(50);
} while(ret == SCK_EWOULDBLOCK) ;
- #ifdef DEBUG_CYASSL
+ #ifdef DEBUG_WOLFSSL
{
char msg[50] ;
sprintf(msg, "BSD Connect return code: %d\n", ret) ;
- CYASSL_MSG(msg) ;
+ WOLFSSL_MSG(msg) ;
}
#endif
- #endif /* CYASSL_KEIL_TCP_NET */
+ #endif /* WOLFSSL_KEIL_TCP_NET */
return(ret ) ;
}
-int Cyassl_accept(int sd, struct sockaddr *addr, int *addrlen)
+int wolfssl_accept(int sd, struct sockaddr *addr, int *addrlen)
{
int ret = 0 ;
- #if defined(CYASSL_KEIL_TCP_NET)
+ #if defined(WOLFSSL_KEIL_TCP_NET)
while(1) {
#undef accept /* Go to KEIL TCPnet accept */
ret = accept(sd, addr, addrlen) ;
if(ret != SCK_EWOULDBLOCK) break ;
os_dly_wait(1);
}
- #ifdef DEBUG_CYASSL
+ #ifdef DEBUG_WOLFSSL
{
char msg[50] ;
sprintf(msg, "BSD Accept return code: %d\n", ret) ;
- CYASSL_MSG(msg) ;
+ WOLFSSL_MSG(msg) ;
}
#endif
- #endif /* CYASSL_KEIL_TCP_NET */
+ #endif /* WOLFSSL_KEIL_TCP_NET */
return(ret ) ;
}
-int Cyassl_recv(int sd, void *buf, size_t len, int flags)
+int wolfssl_recv(int sd, void *buf, size_t len, int flags)
{
int ret = 0;
- #if defined(CYASSL_KEIL_TCP_NET)
+ #if defined(WOLFSSL_KEIL_TCP_NET)
while(1) {
#undef recv /* Go to KEIL TCPnet recv */
ret = recv(sd, buf, len, flags) ;
if((ret != SCK_EWOULDBLOCK) &&( ret != SCK_ETIMEOUT)) break ;
os_dly_wait(1);
}
- #ifdef DEBUG_CYASSL
+ #ifdef DEBUG_WOLFSSL
{
char msg[50] ;
sprintf(msg, "BSD Recv return code: %d\n", ret) ;
- CYASSL_MSG(msg) ;
+ WOLFSSL_MSG(msg) ;
}
#endif
- #endif /* CYASSL_KEIL_TCP_NET */
+ #endif /* WOLFSSL_KEIL_TCP_NET */
return(ret ) ;
}
-int Cyassl_send(int sd, const void *buf, size_t len, int flags)
+int wolfssl_send(int sd, const void *buf, size_t len, int flags)
{
int ret = 0 ;
- #if defined(CYASSL_KEIL_TCP_NET)
+ #if defined(WOLFSSL_KEIL_TCP_NET)
while(1) {
#undef send /* Go to KEIL TCPnet send */
ret = send(sd, buf, len, flags) ;
if(ret != SCK_EWOULDBLOCK) break ;
os_dly_wait(1);
}
- #ifdef DEBUG_CYASSL
+ #ifdef DEBUG_WOLFSSL
{
char msg[50] ;
sprintf(msg, "BSD Send return code: %d\n", ret) ;
- CYASSL_MSG(msg) ;
+ WOLFSSL_MSG(msg) ;
}
#endif
-#endif /* CYASSL_KEIL_TCP_NET */
+#endif /* WOLFSSL_KEIL_TCP_NET */
return(ret) ;
}
-#endif /* CYASSL_KEIL_TCP_NET */
+#endif /* WOLFSSL_KEIL_TCP_NET */
-#if defined(CYASSL_KEIL_TCP_NET)
-void Cyassl_sleep(int t)
+#if defined(WOLFSSL_KEIL_TCP_NET)
+void wolfssl_sleep(int t)
{
#if defined(HAVE_KEIL_RTX)
os_dly_wait(t/1000+1) ;
#endif
}
-int Cyassl_tcp_select(int sd, int timeout)
+int wolfssl_tcp_select(int sd, int timeout)
{
return 0 ;
@@ -184,9 +191,7 @@ int Cyassl_tcp_select(int sd, int timeout)
}
#endif
-extern int strlen(const char *s) ;
-
-FILE * CyaSSL_fopen(const char *name, const char *openmode)
+FILE * wolfSSL_fopen(const char *name, const char *openmode)
{
int i ; FILE * ret ;
#define PATHSIZE 100
@@ -206,30 +211,23 @@ FILE * CyaSSL_fopen(const char *name, const char *openmode)
return(ret) ;
}
-#if defined (CYASSL_MDK5)
#define getkey getchar
#define sendchar putchar
-#else
-extern int getkey(void) ;
-extern int sendchar(int c) ;
-#endif
-char * Cyassl_fgets ( char * str, int num, FILE * f )
+char * wolfssl_fgets ( char * str, int num, FILE * f )
{
int i ;
for(i = 0 ; i< num ; i++) {
while((str[i] = getkey()) == 0) {
- #if defined (HAVE_KEIL_RTX)
- #if !defined(CYASSL_CMSIS_RTOS)
- os_tsk_pass ();
- #else
- osThreadYield ();
- #endif
- #endif
+ #if defined (HAVE_KEIL_RTX) && !defined(WOLFSSL_CMSIS_RTOS)
+ os_tsk_pass ();
+ #elif defined(WOLFSSL_CMSIS_RTOS)
+ osThreadYield ();
+ #endif
}
if(str[i] == '\n' || str[i] == '\012' || str[i] == '\015') {
- sendchar('\n') ;
+ sendchar('\n') ;
str[i++] = '\n' ;
str[i] = '\0' ;
break ;
diff --git a/IDE/MDK-ARM/MDK-ARM/CyaSSL/cyassl_MDK_ARM.h b/IDE/MDK-ARM/MDK-ARM/wolfSSL/wolfssl_MDK_ARM.h
similarity index 58%
rename from IDE/MDK-ARM/MDK-ARM/CyaSSL/cyassl_MDK_ARM.h
rename to IDE/MDK-ARM/MDK-ARM/wolfSSL/wolfssl_MDK_ARM.h
index dbcfcf68e..665fc62c0 100644
--- a/IDE/MDK-ARM/MDK-ARM/CyaSSL/cyassl_MDK_ARM.h
+++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/wolfssl_MDK_ARM.h
@@ -1,4 +1,4 @@
-/* cyassl_KEIL_RL.h
+/* wolfssl_KEIL_RL.h
*
* Copyright (C) 2006-2015 wolfSSL Inc.
*
@@ -22,16 +22,16 @@
/******************************************************************************/
/** This file is for defining types, values for specific to KEIL-MDK-ARM. **/
/******************************************************************************/
-#ifndef CYASSL_KEIL_RL_H
-#define CYASSL_KEIL_RL_H
+#ifndef WOLFSSL_KEIL_RL_H
+#define WOLFSSL_KEIL_RL_H
#include
/* Go to STDIN */
-#define fgets(buff, sz, fd) Cyassl_fgets(buff, sz, fd)
-extern char * Cyassl_fgets ( char * str, int num, FILE * f ) ;
+#define fgets(buff, sz, fd) wolfssl_fgets(buff, sz, fd)
+extern char * wolfssl_fgets ( char * str, int num, FILE * f ) ;
#define SOCKET_T int
@@ -43,7 +43,7 @@ typedef long fd_mask;
#define NFDBITS (sizeof(fd_mask) * NUMBITSPERBYTE) /* bits per mask */
typedef struct fd_set {
- fd_mask fds_bits[(FD_SETSIZE + NFDBITS - 1) / NFDBITS];
+ fd_mask fds_bits[(FD_SETSIZE + NFDBITS - 1) / NFDBITS];
} fd_set;
/*** #include ***/
@@ -52,39 +52,37 @@ struct timeval {
long tv_usec; /* microseconds */
};
+#if defined(WOLFSSL_KEIL_TCP_NET)
-/*** #include **/
-/*
- int select(int nfds, fd_set *readfds, fd_set *writefds,
- fd_set *exceptfds, const struct timeval *timeout);
- void FD_CLR(int fd, fd_set *set);
- int FD_ISSET(int fd, fd_set *set);
- void FD_SET(int fd, fd_set *set);
- void FD_ZERO(fd_set *set);
-*/
+#if defined(WOLFSSL_MDK5)
+#define SCK_EWOULDBLOCK BSD_ERROR_WOULDBLOCK
+#define SCK_ETIMEOUT BSD_ERROR_TIMEOUT
+#include "rl_net.h"
+#endif
+
typedef int socklen_t ;
/* for avoiding conflict with KEIL-TCPnet BSD socket */
-/* Bodies are in cyassl_KEIL_RL.c */
-#define connect Cyassl_connect
-#define accept Cyassl_accept
-#define recv Cyassl_recv
-#define send Cyassl_send
-#define sleep Cyassl_sleep
+/* Bodies are in wolfssl_KEIL_RL.c */
+#define connect(a,b,c) wolfssl_connect(a, (struct sockaddr* )(b), c)
+#define accept wolfssl_accept
+#define recv wolfssl_recv
+#define send wolfssl_send
+#define sleep wolfssl_sleep
/* for avoiding conflicting with KEIL-TCPnet TCP socket */
/* Bodies are in test.h */
-#define tcp_connect Cyassl_tcp_connect
-#define tcp_socket Cyassl_tcp_soket
-#define tcp_listen Cyassl_tcp_listen
-#define tcp_select Cyassl_tcp_select
+#define tcp_connect wolfssl_tcp_connect
+#define tcp_socket wolfssl_tcp_soket
+#define tcp_listen wolfssl_tcp_listen
+#define tcp_select wolfssl_tcp_select
-extern int Cyassl_connect(int sd, const struct sockaddr * sa, int sz) ;
-extern int Cyassl_accept(int sd, struct sockaddr *addr, socklen_t *addrlen);
-extern int Cyassl_recv(int sd, void *buf, size_t len, int flags);
-extern int Cyassl_send(int sd, const void *buf, size_t len, int flags);
-extern void Cyassl_sleep(int sec) ;
-extern int Cyassl_tcp_select(int sd, int timeout) ;
+extern int wolfssl_connect(int sd, const struct sockaddr* sa, int sz) ;
+extern int wolfssl_accept(int sd, struct sockaddr*addr, socklen_t *addrlen);
+extern int wolfssl_recv(int sd, void *buf, size_t len, int flags);
+extern int wolfssl_send(int sd, const void *buf, size_t len, int flags);
+extern void wolfssl_sleep(int sec) ;
+extern int wolfssl_tcp_select(int sd, int timeout) ;
/** KEIL-RL TCPnet ****/
/* TCPnet BSD socket does not have following functions. */
@@ -95,9 +93,6 @@ extern int setsockopt(int sockfd, int level, int optname,
extern int select(int nfds, fd_set *readfds, fd_set *writefds,
fd_set *exceptfds, const struct timeval *timeout);
-/* CyaSSL MDK-ARM time functions */
-#include
-struct tm *Cyassl_MDK_gmtime(const time_t *c) ;
-extern double current_time(void) ;
+#endif /* WOLFSSL_KEIL_TCP_NET */
-#endif /* CYASSL_KEIL_RL_H */
+#endif /* WOLFSSL_KEIL_RL_H */
diff --git a/IDE/MDK-ARM/Projects/MDK-ARM-LPC43xx.uvproj b/IDE/MDK-ARM/Projects/MDK-ARM-LPC43xx.uvproj
deleted file mode 100644
index 6504d782a..000000000
--- a/IDE/MDK-ARM/Projects/MDK-ARM-LPC43xx.uvproj
+++ /dev/null
@@ -1,3510 +0,0 @@
-
-
-
- 1.1
-
- ### uVision Project, (C) Keil Software
-
-
-
- MDK-RTX-TCP-FS
- 0x4
- ARM-ADS
-
-
- LPC4357
- NXP (founded by Philips)
- IRAM(0x10000000-0x10007FFF) IRAM2(0x20000000-0x2000FFFF) IROM(0x1A000000-0x1A07FFFF) IROM2(0x1B000000-0x1B07FFFF) CLOCK(12000000) CPUTYPE("Cortex-M4") FPU2
-
- "STARTUP\NXP\LPC43xx\startup_LPC43xx.s" ("NXP LPC43xx Startup Code")
- UL2CM3(-O975 -S0 -C0 -FO7 -FD10000000 -FC800 -FN2 -FF0LPC18xx43xx_512_BA -FS01A000000 -FL080000 -FF1LPC18xx43xx_512_BB -FS11B000000 -FL180000)
- 6414
- LPC43xx.H
-
-
-
-
-
-
-
-
-
- SFD\NXP\LPC43xx\LPC43xx.SFR
- 0
-
-
-
- NXP\LPC43xx\
- NXP\LPC43xx\
-
- 0
- 0
- 0
- 0
- 1
-
- .\MDK-RTX-TCP-FS\
- LCP43xx-MDK-RTX-TCP-FS
- 1
- 0
- 0
- 1
- 1
- .\Lst\
- 1
- 0
- 0
-
- 0
- 0
-
-
- 0
- 0
- 0
- 0
-
-
- 0
- 0
-
-
- 0
- 0
-
-
- 1
- 0
- $K\ARM\BIN\ElfDwT.exe !L BASEADDRESS(0x1A000000)
-
- 0
- 0
-
- 0
-
-
-
- 0
- 0
- 0
- 0
- 0
- 1
- 0
- 0
- 0
- 0
- 3
-
-
-
-
- SARMCM3.DLL
- -MPU
- DCM.DLL
- -pCM4
- SARMCM3.DLL
- -MPU
- TCM.DLL
- -pCM4
-
-
-
- 1
- 0
- 0
- 0
- 16
-
-
- 0
- 1
- 1
- 1
- 1
- 1
- 1
- 1
- 0
-
-
- 1
- 1
- 0
- 1
- 1
- 1
- 0
- 1
- 0
-
- 0
- 9
-
-
-
-
-
-
-
-
-
-
-
-
- ..\MDK-ARM\config\Dbg_Flash.ini
- BIN\ULP2CM3.DLL
-
-
-
-
- 1
- 0
- 0
- 1
- 1
- 4100
-
- 0
- BIN\ULP2CM3.DLL
- "" ()
-
-
-
-
- 0
- 1
- 1
- 1
- 1
- 1
- 1
- 1
- 0
- 1
- 1
- 0
- 1
- 1
- 0
- 0
- 1
- 1
- 1
- 1
- 1
- 1
- 1
- 1
- 1
- 0
- 0
- "Cortex-M4"
-
- 1
- 0
- 0
- 1
- 1
- 0
- 0
- 1
- 1
- 1
- 8
- 0
- 0
- 0
- 3
- 3
- 1
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- 1
- 1
- 1
- 0
- 0
- 1
- 1
-
-
- 0
- 0x0
- 0x0
-
-
- 0
- 0x0
- 0x0
-
-
- 0
- 0x0
- 0x0
-
-
- 0
- 0x0
- 0x0
-
-
- 0
- 0x0
- 0x0
-
-
- 0
- 0x0
- 0x0
-
-
- 0
- 0x10000000
- 0x8000
-
-
- 1
- 0x1a000000
- 0x80000
-
-
- 0
- 0x0
- 0x0
-
-
- 1
- 0x0
- 0x0
-
-
- 1
- 0x0
- 0x0
-
-
- 1
- 0x0
- 0x0
-
-
- 1
- 0x1a000000
- 0x80000
-
-
- 1
- 0x1b000000
- 0x80000
-
-
- 0
- 0x10080000
- 0xa000
-
-
- 0
- 0x0
- 0x0
-
-
- 0
- 0x0
- 0x0
-
-
- 0
- 0x10000000
- 0x8000
-
-
- 0
- 0x20000000
- 0x10000
-
-
-
-
-
- 1
- 4
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- 0
-
-
- HAVE_CONFIG_H CYASSL_LPC43xx __DBG_ITM CORE_M4 __RTX USE_STDPERIPH_DRIVER MDK_CONF_RTX_TCP_FS
-
- ..\MDK-ARM\CyaSSL;../../..;..\LPC43xx\Drivers\include;..\LPC43xx\LPC43xx\Include
-
-
-
- 1
- 0
- 0
- 1
- 0
- 0
- 0
- 0
-
-
-
-
-
-
-
-
- 1
- 0
- 0
- 0
- 1
- 0
-
-
-
-
-
-
-
-
-
-
-
-
-
- CyaSSL Apps
-
-
- echoclient.c
- 1
- ..\..\..\examples\echoclient\echoclient.c
-
-
- echoserver.c
- 1
- ..\..\..\examples\echoserver\echoserver.c
-
-
- test.c
- 1
- ..\..\..\ctaocrypt\test\test.c
-
-
- benchmark.c
- 1
- ..\..\..\ctaocrypt\benchmark\benchmark.c
-
-
- client.c
- 1
- ..\..\..\examples\client\client.c
-
-
- server.c
- 1
- ..\..\..\examples\server\server.c
-
-
- shell.c
- 1
- ..\MDK-ARM\CyaSSL\shell.c
-
-
- main.c
- 1
- ..\MDK-ARM\CyaSSL\main.c
-
-
- cert_data.c
- 1
- ..\MDK-ARM\CyaSSL\cert_data.c
-
-
-
-
- LPC43xx
-
-
- lpc43xx_rtc.c
- 1
- ..\LPC43xx\Drivers\source\lpc43xx_rtc.c
-
-
- lpc43xx_timer.c
- 1
- ..\LPC43xx\Drivers\source\lpc43xx_timer.c
-
-
- lpc43xx_cgu.c
- 1
- ..\LPC43xx\Drivers\source\lpc43xx_cgu.c
-
-
- lpc43xx_scu.c
- 1
- ..\LPC43xx\Drivers\source\lpc43xx_scu.c
-
-
-
-
- MDK-ARM
-
-
- FS_CM3.lib
- 4
- c:\Keil\ARM\RV31\LIB\FS_CM3.lib
-
-
- RTX_CM3.lib
- 4
- c:\Keil\ARM\RV31\LIB\\RTX_CM3.lib
-
-
- TCPD_CM3.lib
- 4
- c:\Keil\ARM\RV31\LIB\TCPD_CM3.lib
-
-
- 2
- 0
- 0
- 0
- 0
- 0
- 2
- 2
- 2
- 2
- 11
-
-
-
-
-
-
-
- TCP_CM3.lib
- 4
- c:\Keil\ARM\RV31\LIB\TCP_CM3.lib
-
-
- Serial.c
- 1
- C:\Keil\ARM\Boards\Keil\MCB4300\RL\FlashFS\SD_File\Serial.c
-
-
- ETH_LPC43xx.c
- 1
- C:\Keil\ARM\RL\TCPnet\Drivers\ETH_LPC43xx.c
-
-
- SDIO_LPC43xx.c
- 1
- C:\Keil\ARM\Boards\Keil\MCB4300\RL\FlashFS\SD_File\SDIO_LPC43xx.c
-
-
- system_LPC43xx.c
- 1
- C:\Keil\ARM\Boards\Keil\MCB4300\RL\FlashFS\SD_File\system_LPC43xx.c
-
-
-
-
- CyaSSL Library
-
-
- crl.c
- 1
- ..\..\..\src\crl.c
-
-
- internal.c
- 1
- ..\..\..\src\internal.c
-
-
- io.c
- 1
- ..\..\..\src\io.c
-
-
- keys.c
- 1
- ..\..\..\src\keys.c
-
-
- ocsp.c
- 1
- ..\..\..\src\ocsp.c
-
-
- sniffer.c
- 1
- ..\..\..\src\sniffer.c
-
-
- ssl.c
- 1
- ..\..\..\src\ssl.c
-
-
- tls.c
- 1
- ..\..\..\src\tls.c
-
-
- ssl-dummy.c
- 1
- ..\MDK-ARM\CyaSSL\ssl-dummy.c
-
-
- 2
- 0
- 0
- 0
- 0
- 0
- 2
- 2
- 2
- 2
- 11
-
-
-
-
-
- 2
- 0
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 0
- 2
- 2
-
-
-
-
-
-
-
-
-
-
-
-
-
- Crypt/Cipher Library
-
-
- aes.c
- 1
- ..\..\..\ctaocrypt\src\aes.c
-
-
- arc4.c
- 1
- ..\..\..\ctaocrypt\src\arc4.c
-
-
- asm.c
- 1
- ..\..\..\ctaocrypt\src\asm.c
-
-
- asn.c
- 1
- ..\..\..\ctaocrypt\src\asn.c
-
-
- camellia.c
- 1
- ..\..\..\ctaocrypt\src\camellia.c
-
-
- coding.c
- 1
- ..\..\..\ctaocrypt\src\coding.c
-
-
- des3.c
- 1
- ..\..\..\ctaocrypt\src\des3.c
-
-
- dh.c
- 1
- ..\..\..\ctaocrypt\src\dh.c
-
-
- dsa.c
- 1
- ..\..\..\ctaocrypt\src\dsa.c
-
-
- ecc.c
- 1
- ..\..\..\ctaocrypt\src\ecc.c
-
-
- ecc_fp.c
- 1
- ..\..\..\ctaocrypt\src\ecc_fp.c
-
-
- error.c
- 1
- ..\..\..\ctaocrypt\src\error.c
-
-
- hc128.c
- 1
- ..\..\..\ctaocrypt\src\hc128.c
-
-
- hmac.c
- 1
- ..\..\..\ctaocrypt\src\hmac.c
-
-
- integer.c
- 1
- ..\..\..\ctaocrypt\src\integer.c
-
-
- logging.c
- 1
- ..\..\..\ctaocrypt\src\logging.c
-
-
- md2.c
- 1
- ..\..\..\ctaocrypt\src\md2.c
-
-
- md4.c
- 1
- ..\..\..\ctaocrypt\src\md4.c
-
-
- md5.c
- 1
- ..\..\..\ctaocrypt\src\md5.c
-
-
- memory.c
- 1
- ..\..\..\ctaocrypt\src\memory.c
-
-
- misc.c
- 1
- ..\..\..\ctaocrypt\src\misc.c
-
-
- wc_port.c
- 1
- ..\..\..\ctaocrypt\src\wc_port.c
-
-
- pwdbased.c
- 1
- ..\..\..\ctaocrypt\src\pwdbased.c
-
-
- rabbit.c
- 1
- ..\..\..\ctaocrypt\src\rabbit.c
-
-
- random.c
- 1
- ..\..\..\ctaocrypt\src\random.c
-
-
- ripemd.c
- 1
- ..\..\..\ctaocrypt\src\ripemd.c
-
-
- rsa.c
- 1
- ..\..\..\ctaocrypt\src\rsa.c
-
-
- sha.c
- 1
- ..\..\..\ctaocrypt\src\sha.c
-
-
- sha256.c
- 1
- ..\..\..\ctaocrypt\src\sha256.c
-
-
- sha512.c
- 1
- ..\..\..\ctaocrypt\src\sha512.c
-
-
- tfm.c
- 1
- ..\..\..\ctaocrypt\src\tfm.c
-
-
- 2
- 0
- 0
- 0
- 0
- 0
- 2
- 2
- 2
- 2
- 11
-
-
-
-
-
- 2
- 0
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 0
- 2
- 2
-
-
-
-
-
-
-
-
-
-
-
-
-
- Configuration
-
-
- File_Config.c
- 1
- ..\MDK-ARM\config\File_Config.c
-
-
- Net_Config.c
- 1
- ..\MDK-ARM\config\Net_Config.c
-
-
- config.h
- 5
- ..\MDK-ARM\CyaSSL\config.h
-
-
- RTX_Conf_CM.c
- 1
- ..\MDK-ARM\config\RTX_Conf_CM.c
-
-
- Net_Debug.c
- 1
- ..\MDK-ARM\config\Net_Debug.c
-
-
- 2
- 0
- 0
- 0
- 0
- 0
- 2
- 2
- 2
- 2
- 11
-
-
-
-
-
- 2
- 0
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 0
- 2
- 2
-
-
-
-
-
-
-
-
-
-
-
- config-FS.h
- 5
- ..\MDK-ARM\CyaSSL\config-FS.h
-
-
- config-RTX-TCP-FS.h
- 5
- ..\MDK-ARM\CyaSSL\config-RTX-TCP-FS.h
-
-
- config-BARE-METAL.h
- 5
- ..\MDK-ARM\CyaSSL\config-BARE-METAL.h
-
-
- startup_LPC43xx.s
- 2
- ..\LPC43xx\startup_LPC43xx.s
-
-
-
-
- CyaSSL-MDK
-
-
- cyassl_MDK_ARM.c
- 1
- ..\MDK-ARM\CyaSSL\cyassl_MDK_ARM.c
-
-
- Retarget.c
- 1
- ..\MDK-ARM\CyaSSL\Retarget.c
-
-
- time-LCP43xx.c
- 1
- ..\LPC43xx\time-LCP43xx.c
-
-
-
-
-
-
- MDK-FS
- 0x4
- ARM-ADS
-
-
- LPC4357
- NXP (founded by Philips)
- IRAM(0x10000000-0x10007FFF) IRAM2(0x20000000-0x2000FFFF) IROM(0x1A000000-0x1A07FFFF) IROM2(0x1B000000-0x1B07FFFF) CLOCK(12000000) CPUTYPE("Cortex-M4") FPU2
-
- "STARTUP\NXP\LPC43xx\startup_LPC43xx.s" ("NXP LPC43xx Startup Code")
- UL2CM3(-O975 -S0 -C0 -FO7 -FD10000000 -FC800 -FN2 -FF0LPC18xx43xx_512_BA -FS01A000000 -FL080000 -FF1LPC18xx43xx_512_BB -FS11B000000 -FL180000)
- 6414
- LPC43xx.H
-
-
-
-
-
-
-
-
-
- SFD\NXP\LPC43xx\LPC43xx.SFR
- 0
-
-
-
- NXP\LPC43xx\
- NXP\LPC43xx\
-
- 0
- 0
- 0
- 0
- 1
-
- .\MDK-FS\
- LCP43xx-MDK-FS
- 1
- 0
- 0
- 1
- 1
- .\Lst\
- 1
- 0
- 0
-
- 0
- 0
-
-
- 0
- 0
- 0
- 0
-
-
- 0
- 0
-
-
- 0
- 0
-
-
- 1
- 0
- $K\ARM\BIN\ElfDwT.exe !L BASEADDRESS(0x1A000000)
-
- 0
- 0
-
- 0
-
-
-
- 0
- 0
- 0
- 0
- 0
- 1
- 0
- 0
- 0
- 0
- 3
-
-
-
-
- SARMCM3.DLL
- -MPU
- DCM.DLL
- -pCM4
- SARMCM3.DLL
- -MPU
- TCM.DLL
- -pCM4
-
-
-
- 1
- 0
- 0
- 0
- 16
-
-
- 0
- 1
- 1
- 1
- 1
- 1
- 1
- 1
- 0
-
-
- 1
- 1
- 1
- 1
- 1
- 1
- 0
- 1
- 0
-
- 0
- 9
-
-
-
-
-
-
-
-
-
-
-
-
- ..\MDK-ARM\config\Dbg_Flash.ini
- BIN\ULP2CM3.DLL
-
-
-
-
- 1
- 0
- 0
- 1
- 1
- 4100
-
- 0
- BIN\ULP2CM3.DLL
- "" ()
-
-
-
-
- 0
- 1
- 1
- 1
- 1
- 1
- 1
- 1
- 0
- 1
- 1
- 0
- 1
- 1
- 0
- 0
- 1
- 1
- 1
- 1
- 1
- 1
- 1
- 1
- 1
- 0
- 0
- "Cortex-M4"
-
- 0
- 0
- 0
- 1
- 1
- 0
- 0
- 1
- 1
- 1
- 8
- 0
- 0
- 0
- 3
- 3
- 1
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- 1
- 1
- 1
- 0
- 0
- 1
- 1
-
-
- 0
- 0x0
- 0x0
-
-
- 0
- 0x0
- 0x0
-
-
- 0
- 0x0
- 0x0
-
-
- 0
- 0x0
- 0x0
-
-
- 0
- 0x0
- 0x0
-
-
- 0
- 0x0
- 0x0
-
-
- 0
- 0x10000000
- 0x8000
-
-
- 1
- 0x1a000000
- 0x80000
-
-
- 0
- 0x0
- 0x0
-
-
- 1
- 0x0
- 0x0
-
-
- 1
- 0x0
- 0x0
-
-
- 1
- 0x0
- 0x0
-
-
- 1
- 0x1a000000
- 0x80000
-
-
- 1
- 0x1b000000
- 0x80000
-
-
- 0
- 0x10080000
- 0xa000
-
-
- 0
- 0x0
- 0x0
-
-
- 0
- 0x0
- 0x0
-
-
- 0
- 0x10000000
- 0x8000
-
-
- 0
- 0x20000000
- 0x10000
-
-
-
-
-
- 1
- 4
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- 0
-
-
- HAVE_CONFIG_H CYASSL_LPC43xx __DBG_ITM CORE_M4 __RTX USE_STDPERIPH_DRIVER MDK_CONF_FS
-
- ..\MDK-ARM\CyaSSL;../../..;..\LPC43xx\Drivers\include;..\LPC43xx\LPC43xx\Include
-
-
-
- 1
- 0
- 0
- 1
- 0
- 0
- 0
- 0
-
-
-
-
-
-
-
-
- 1
- 0
- 0
- 0
- 1
- 0
-
-
-
-
-
-
-
-
-
-
-
-
-
- CyaSSL Apps
-
-
- echoclient.c
- 1
- ..\..\..\examples\echoclient\echoclient.c
-
-
- 2
- 0
- 0
- 0
- 0
- 0
- 2
- 2
- 2
- 2
- 11
-
-
-
-
-
- 2
- 0
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 0
- 2
- 2
-
-
-
-
-
-
-
-
-
-
-
- echoserver.c
- 1
- ..\..\..\examples\echoserver\echoserver.c
-
-
- 2
- 0
- 0
- 0
- 0
- 0
- 2
- 2
- 2
- 2
- 11
-
-
-
-
-
- 2
- 0
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 0
- 2
- 2
-
-
-
-
-
-
-
-
-
-
-
- test.c
- 1
- ..\..\..\ctaocrypt\test\test.c
-
-
- benchmark.c
- 1
- ..\..\..\ctaocrypt\benchmark\benchmark.c
-
-
- client.c
- 1
- ..\..\..\examples\client\client.c
-
-
- 2
- 0
- 0
- 0
- 0
- 0
- 2
- 2
- 2
- 2
- 11
-
-
-
-
-
- 2
- 0
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 0
- 2
- 2
-
-
-
-
-
-
-
-
-
-
-
- server.c
- 1
- ..\..\..\examples\server\server.c
-
-
- 2
- 0
- 0
- 0
- 0
- 0
- 2
- 2
- 2
- 2
- 11
-
-
-
-
-
- 2
- 0
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 0
- 2
- 2
-
-
-
-
-
-
-
-
-
-
-
- shell.c
- 1
- ..\MDK-ARM\CyaSSL\shell.c
-
-
- main.c
- 1
- ..\MDK-ARM\CyaSSL\main.c
-
-
- cert_data.c
- 1
- ..\MDK-ARM\CyaSSL\cert_data.c
-
-
-
-
- LPC43xx
-
-
- lpc43xx_rtc.c
- 1
- ..\LPC43xx\Drivers\source\lpc43xx_rtc.c
-
-
- lpc43xx_timer.c
- 1
- ..\LPC43xx\Drivers\source\lpc43xx_timer.c
-
-
- lpc43xx_cgu.c
- 1
- ..\LPC43xx\Drivers\source\lpc43xx_cgu.c
-
-
- lpc43xx_scu.c
- 1
- ..\LPC43xx\Drivers\source\lpc43xx_scu.c
-
-
-
-
- MDK-ARM
-
-
- FS_CM3.lib
- 4
- c:\Keil\ARM\RV31\LIB\FS_CM3.lib
-
-
- RTX_CM3.lib
- 4
- c:\Keil\ARM\RV31\LIB\\RTX_CM3.lib
-
-
- 2
- 0
- 0
- 0
- 0
- 0
- 2
- 2
- 2
- 2
- 11
-
-
-
-
-
-
-
- TCPD_CM3.lib
- 4
- c:\Keil\ARM\RV31\LIB\TCPD_CM3.lib
-
-
- 2
- 0
- 0
- 0
- 0
- 0
- 2
- 2
- 2
- 2
- 11
-
-
-
-
-
-
-
- TCP_CM3.lib
- 4
- c:\Keil\ARM\RV31\LIB\TCP_CM3.lib
-
-
- 2
- 0
- 0
- 0
- 0
- 0
- 2
- 2
- 2
- 2
- 11
-
-
-
-
-
-
-
- Serial.c
- 1
- C:\Keil\ARM\Boards\Keil\MCB4300\RL\FlashFS\SD_File\Serial.c
-
-
- ETH_LPC43xx.c
- 1
- C:\Keil\ARM\RL\TCPnet\Drivers\ETH_LPC43xx.c
-
-
- 2
- 0
- 0
- 0
- 0
- 0
- 2
- 2
- 2
- 2
- 11
-
-
-
-
-
- 2
- 0
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 0
- 2
- 2
-
-
-
-
-
-
-
-
-
-
-
- SDIO_LPC43xx.c
- 1
- C:\Keil\ARM\Boards\Keil\MCB4300\RL\FlashFS\SD_File\SDIO_LPC43xx.c
-
-
- system_LPC43xx.c
- 1
- C:\Keil\ARM\Boards\Keil\MCB4300\RL\FlashFS\SD_File\system_LPC43xx.c
-
-
-
-
- CyaSSL Library
-
-
- crl.c
- 1
- ..\..\..\src\crl.c
-
-
- internal.c
- 1
- ..\..\..\src\internal.c
-
-
- io.c
- 1
- ..\..\..\src\io.c
-
-
- keys.c
- 1
- ..\..\..\src\keys.c
-
-
- ocsp.c
- 1
- ..\..\..\src\ocsp.c
-
-
- sniffer.c
- 1
- ..\..\..\src\sniffer.c
-
-
- ssl.c
- 1
- ..\..\..\src\ssl.c
-
-
- tls.c
- 1
- ..\..\..\src\tls.c
-
-
- ssl-dummy.c
- 1
- ..\MDK-ARM\CyaSSL\ssl-dummy.c
-
-
- 2
- 0
- 0
- 0
- 0
- 0
- 2
- 2
- 2
- 2
- 11
-
-
-
-
-
- 2
- 0
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 0
- 2
- 2
-
-
-
-
-
-
-
-
-
-
-
-
-
- Crypt/Cipher Library
-
-
- aes.c
- 1
- ..\..\..\ctaocrypt\src\aes.c
-
-
- arc4.c
- 1
- ..\..\..\ctaocrypt\src\arc4.c
-
-
- asm.c
- 1
- ..\..\..\ctaocrypt\src\asm.c
-
-
- asn.c
- 1
- ..\..\..\ctaocrypt\src\asn.c
-
-
- camellia.c
- 1
- ..\..\..\ctaocrypt\src\camellia.c
-
-
- coding.c
- 1
- ..\..\..\ctaocrypt\src\coding.c
-
-
- des3.c
- 1
- ..\..\..\ctaocrypt\src\des3.c
-
-
- dh.c
- 1
- ..\..\..\ctaocrypt\src\dh.c
-
-
- dsa.c
- 1
- ..\..\..\ctaocrypt\src\dsa.c
-
-
- ecc.c
- 1
- ..\..\..\ctaocrypt\src\ecc.c
-
-
- ecc_fp.c
- 1
- ..\..\..\ctaocrypt\src\ecc_fp.c
-
-
- error.c
- 1
- ..\..\..\ctaocrypt\src\error.c
-
-
- hc128.c
- 1
- ..\..\..\ctaocrypt\src\hc128.c
-
-
- hmac.c
- 1
- ..\..\..\ctaocrypt\src\hmac.c
-
-
- integer.c
- 1
- ..\..\..\ctaocrypt\src\integer.c
-
-
- logging.c
- 1
- ..\..\..\ctaocrypt\src\logging.c
-
-
- md2.c
- 1
- ..\..\..\ctaocrypt\src\md2.c
-
-
- md4.c
- 1
- ..\..\..\ctaocrypt\src\md4.c
-
-
- md5.c
- 1
- ..\..\..\ctaocrypt\src\md5.c
-
-
- memory.c
- 1
- ..\..\..\ctaocrypt\src\memory.c
-
-
- misc.c
- 1
- ..\..\..\ctaocrypt\src\misc.c
-
-
- pwdbased.c
- 1
- ..\..\..\ctaocrypt\src\pwdbased.c
-
-
- rabbit.c
- 1
- ..\..\..\ctaocrypt\src\rabbit.c
-
-
- random.c
- 1
- ..\..\..\ctaocrypt\src\random.c
-
-
- ripemd.c
- 1
- ..\..\..\ctaocrypt\src\ripemd.c
-
-
- rsa.c
- 1
- ..\..\..\ctaocrypt\src\rsa.c
-
-
- sha.c
- 1
- ..\..\..\ctaocrypt\src\sha.c
-
-
- sha256.c
- 1
- ..\..\..\ctaocrypt\src\sha256.c
-
-
- sha512.c
- 1
- ..\..\..\ctaocrypt\src\sha512.c
-
-
- tfm.c
- 1
- ..\..\..\ctaocrypt\src\tfm.c
-
-
- 2
- 0
- 0
- 0
- 0
- 0
- 2
- 2
- 2
- 2
- 11
-
-
-
-
-
- 2
- 0
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 0
- 2
- 2
-
-
-
-
-
-
-
-
-
-
-
- wc_port.c
- 1
- ..\..\..\ctaocrypt\src\wc_port.c
-
-
-
-
- Configuration
-
-
- File_Config.c
- 1
- ..\MDK-ARM\config\File_Config.c
-
-
- Net_Config.c
- 1
- ..\MDK-ARM\config\Net_Config.c
-
-
- 2
- 0
- 0
- 0
- 0
- 0
- 2
- 2
- 2
- 2
- 11
-
-
-
-
-
- 2
- 0
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 0
- 2
- 2
-
-
-
-
-
-
-
-
-
-
-
- config.h
- 5
- ..\MDK-ARM\CyaSSL\config.h
-
-
- RTX_Conf_CM.c
- 1
- ..\MDK-ARM\config\RTX_Conf_CM.c
-
-
- 2
- 0
- 0
- 0
- 0
- 0
- 2
- 2
- 2
- 2
- 11
-
-
-
-
-
- 2
- 0
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 0
- 2
- 2
-
-
-
-
-
-
-
-
-
-
-
- Net_Debug.c
- 1
- ..\MDK-ARM\config\Net_Debug.c
-
-
- 2
- 0
- 0
- 0
- 0
- 0
- 2
- 2
- 2
- 2
- 11
-
-
-
-
-
- 2
- 0
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 0
- 2
- 2
-
-
-
-
-
-
-
-
-
-
-
- config-FS.h
- 5
- ..\MDK-ARM\CyaSSL\config-FS.h
-
-
- config-RTX-TCP-FS.h
- 5
- ..\MDK-ARM\CyaSSL\config-RTX-TCP-FS.h
-
-
- config-BARE-METAL.h
- 5
- ..\MDK-ARM\CyaSSL\config-BARE-METAL.h
-
-
- startup_LPC43xx.s
- 2
- ..\LPC43xx\startup_LPC43xx.s
-
-
-
-
- CyaSSL-MDK
-
-
- cyassl_MDK_ARM.c
- 1
- ..\MDK-ARM\CyaSSL\cyassl_MDK_ARM.c
-
-
- Retarget.c
- 1
- ..\MDK-ARM\CyaSSL\Retarget.c
-
-
- time-LCP43xx.c
- 1
- ..\LPC43xx\time-LCP43xx.c
-
-
-
-
-
-
- MDK-BARE-METAL
- 0x4
- ARM-ADS
-
-
- LPC4357
- NXP (founded by Philips)
- IRAM(0x10000000-0x10007FFF) IRAM2(0x20000000-0x2000FFFF) IROM(0x1A000000-0x1A07FFFF) IROM2(0x1B000000-0x1B07FFFF) CLOCK(12000000) CPUTYPE("Cortex-M4") FPU2
-
- "STARTUP\NXP\LPC43xx\startup_LPC43xx.s" ("NXP LPC43xx Startup Code")
- UL2CM3(-O975 -S0 -C0 -FO7 -FD10000000 -FC800 -FN2 -FF0LPC18xx43xx_512_BA -FS01A000000 -FL080000 -FF1LPC18xx43xx_512_BB -FS11B000000 -FL180000)
- 6414
- LPC43xx.H
-
-
-
-
-
-
-
-
-
- SFD\NXP\LPC43xx\LPC43xx.SFR
- 0
-
-
-
- NXP\LPC43xx\
- NXP\LPC43xx\
-
- 0
- 0
- 0
- 0
- 1
-
- .\MDK-BARE-METAL\
- LCP43xx-MDK-BARE-METAL
- 1
- 0
- 0
- 1
- 1
- .\Lst\
- 1
- 0
- 0
-
- 0
- 0
-
-
- 0
- 0
- 0
- 0
-
-
- 0
- 0
-
-
- 0
- 0
-
-
- 1
- 0
- $K\ARM\BIN\ElfDwT.exe !L BASEADDRESS(0x1A000000)
-
- 0
- 0
-
- 0
-
-
-
- 0
- 0
- 0
- 0
- 0
- 1
- 0
- 0
- 0
- 0
- 3
-
-
-
-
- SARMCM3.DLL
- -MPU
- DCM.DLL
- -pCM4
- SARMCM3.DLL
- -MPU
- TCM.DLL
- -pCM4
-
-
-
- 1
- 0
- 0
- 0
- 16
-
-
- 0
- 1
- 1
- 1
- 1
- 1
- 1
- 1
- 0
-
-
- 1
- 1
- 1
- 1
- 1
- 1
- 0
- 1
- 0
-
- 0
- 9
-
-
-
-
-
-
-
-
-
-
-
-
- ..\MDK-ARM\config\Dbg_Flash.ini
- BIN\ULP2CM3.DLL
-
-
-
-
- 1
- 0
- 0
- 1
- 1
- 4100
-
- 0
- BIN\ULP2CM3.DLL
- "" ()
-
-
-
-
- 0
- 1
- 1
- 1
- 1
- 1
- 1
- 1
- 0
- 1
- 1
- 0
- 1
- 1
- 0
- 0
- 1
- 1
- 1
- 1
- 1
- 1
- 1
- 1
- 1
- 0
- 0
- "Cortex-M4"
-
- 0
- 0
- 0
- 1
- 1
- 0
- 0
- 1
- 1
- 1
- 8
- 0
- 0
- 0
- 3
- 3
- 1
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- 1
- 1
- 1
- 0
- 0
- 1
- 1
-
-
- 0
- 0x0
- 0x0
-
-
- 0
- 0x0
- 0x0
-
-
- 0
- 0x0
- 0x0
-
-
- 0
- 0x0
- 0x0
-
-
- 0
- 0x0
- 0x0
-
-
- 0
- 0x0
- 0x0
-
-
- 0
- 0x10000000
- 0x8000
-
-
- 1
- 0x1a000000
- 0x80000
-
-
- 0
- 0x0
- 0x0
-
-
- 1
- 0x0
- 0x0
-
-
- 1
- 0x0
- 0x0
-
-
- 1
- 0x0
- 0x0
-
-
- 1
- 0x1a000000
- 0x80000
-
-
- 1
- 0x1b000000
- 0x80000
-
-
- 0
- 0x10080000
- 0xa000
-
-
- 0
- 0x0
- 0x0
-
-
- 0
- 0x0
- 0x0
-
-
- 0
- 0x10000000
- 0x8000
-
-
- 0
- 0x20000000
- 0x10000
-
-
-
-
-
- 1
- 4
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- 0
-
-
- HAVE_CONFIG_H CYASSL_LPC43xx __DBG_ITM CORE_M4 __RTX USE_STDPERIPH_DRIVER MDK_CONF_BARE_METAL
-
- ..\MDK-ARM\CyaSSL;../../..;..\LPC43xx\Drivers\include;..\LPC43xx\LPC43xx\Include
-
-
-
- 1
- 0
- 0
- 1
- 0
- 0
- 0
- 0
-
-
-
-
-
-
-
-
- 1
- 0
- 0
- 0
- 1
- 0
-
-
-
-
-
-
-
-
-
-
-
-
-
- CyaSSL Apps
-
-
- echoclient.c
- 1
- ..\..\..\examples\echoclient\echoclient.c
-
-
- 2
- 0
- 0
- 0
- 0
- 0
- 2
- 2
- 2
- 2
- 11
-
-
-
-
-
- 2
- 0
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 0
- 2
- 2
-
-
-
-
-
-
-
-
-
-
-
- echoserver.c
- 1
- ..\..\..\examples\echoserver\echoserver.c
-
-
- 2
- 0
- 0
- 0
- 0
- 0
- 2
- 2
- 2
- 2
- 11
-
-
-
-
-
- 2
- 0
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 0
- 2
- 2
-
-
-
-
-
-
-
-
-
-
-
- test.c
- 1
- ..\..\..\ctaocrypt\test\test.c
-
-
- benchmark.c
- 1
- ..\..\..\ctaocrypt\benchmark\benchmark.c
-
-
- client.c
- 1
- ..\..\..\examples\client\client.c
-
-
- 2
- 0
- 0
- 0
- 0
- 0
- 2
- 2
- 2
- 2
- 11
-
-
-
-
-
- 2
- 0
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 0
- 2
- 2
-
-
-
-
-
-
-
-
-
-
-
- server.c
- 1
- ..\..\..\examples\server\server.c
-
-
- 2
- 0
- 0
- 0
- 0
- 0
- 2
- 2
- 2
- 2
- 11
-
-
-
-
-
- 2
- 0
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 0
- 2
- 2
-
-
-
-
-
-
-
-
-
-
-
- shell.c
- 1
- ..\MDK-ARM\CyaSSL\shell.c
-
-
- main.c
- 1
- ..\MDK-ARM\CyaSSL\main.c
-
-
- cert_data.c
- 1
- ..\MDK-ARM\CyaSSL\cert_data.c
-
-
-
-
- LPC43xx
-
-
- lpc43xx_rtc.c
- 1
- ..\LPC43xx\Drivers\source\lpc43xx_rtc.c
-
-
- lpc43xx_timer.c
- 1
- ..\LPC43xx\Drivers\source\lpc43xx_timer.c
-
-
- lpc43xx_cgu.c
- 1
- ..\LPC43xx\Drivers\source\lpc43xx_cgu.c
-
-
- lpc43xx_scu.c
- 1
- ..\LPC43xx\Drivers\source\lpc43xx_scu.c
-
-
-
-
- MDK-ARM
-
-
- FS_CM3.lib
- 4
- c:\Keil\ARM\RV31\LIB\FS_CM3.lib
-
-
- 2
- 0
- 0
- 0
- 0
- 0
- 2
- 2
- 2
- 2
- 11
-
-
-
-
-
-
-
- RTX_CM3.lib
- 4
- c:\Keil\ARM\RV31\LIB\\RTX_CM3.lib
-
-
- 2
- 0
- 0
- 0
- 0
- 0
- 2
- 2
- 2
- 2
- 11
-
-
-
-
-
-
-
- TCPD_CM3.lib
- 4
- c:\Keil\ARM\RV31\LIB\TCPD_CM3.lib
-
-
- 2
- 0
- 0
- 0
- 0
- 0
- 2
- 2
- 2
- 2
- 11
-
-
-
-
-
-
-
- TCP_CM3.lib
- 4
- c:\Keil\ARM\RV31\LIB\TCP_CM3.lib
-
-
- 2
- 0
- 0
- 0
- 0
- 0
- 2
- 2
- 2
- 2
- 11
-
-
-
-
-
-
-
- Serial.c
- 1
- C:\Keil\ARM\Boards\Keil\MCB4300\RL\FlashFS\SD_File\Serial.c
-
-
- ETH_LPC43xx.c
- 1
- C:\Keil\ARM\RL\TCPnet\Drivers\ETH_LPC43xx.c
-
-
- 2
- 0
- 0
- 0
- 0
- 0
- 2
- 2
- 2
- 2
- 11
-
-
-
-
-
- 2
- 0
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 0
- 2
- 2
-
-
-
-
-
-
-
-
-
-
-
- SDIO_LPC43xx.c
- 1
- C:\Keil\ARM\Boards\Keil\MCB4300\RL\FlashFS\SD_File\SDIO_LPC43xx.c
-
-
- 2
- 0
- 0
- 0
- 0
- 0
- 2
- 2
- 2
- 2
- 11
-
-
-
-
-
- 2
- 0
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 0
- 2
- 2
-
-
-
-
-
-
-
-
-
-
-
- system_LPC43xx.c
- 1
- C:\Keil\ARM\Boards\Keil\MCB4300\RL\FlashFS\SD_File\system_LPC43xx.c
-
-
-
-
- CyaSSL Library
-
-
- crl.c
- 1
- ..\..\..\src\crl.c
-
-
- internal.c
- 1
- ..\..\..\src\internal.c
-
-
- io.c
- 1
- ..\..\..\src\io.c
-
-
- keys.c
- 1
- ..\..\..\src\keys.c
-
-
- ocsp.c
- 1
- ..\..\..\src\ocsp.c
-
-
- sniffer.c
- 1
- ..\..\..\src\sniffer.c
-
-
- ssl.c
- 1
- ..\..\..\src\ssl.c
-
-
- tls.c
- 1
- ..\..\..\src\tls.c
-
-
- ssl-dummy.c
- 1
- ..\MDK-ARM\CyaSSL\ssl-dummy.c
-
-
- 2
- 0
- 0
- 0
- 0
- 0
- 2
- 2
- 2
- 2
- 11
-
-
-
-
-
- 2
- 0
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 0
- 2
- 2
-
-
-
-
-
-
-
-
-
-
-
-
-
- Crypt/Cipher Library
-
-
- aes.c
- 1
- ..\..\..\ctaocrypt\src\aes.c
-
-
- arc4.c
- 1
- ..\..\..\ctaocrypt\src\arc4.c
-
-
- asm.c
- 1
- ..\..\..\ctaocrypt\src\asm.c
-
-
- asn.c
- 1
- ..\..\..\ctaocrypt\src\asn.c
-
-
- camellia.c
- 1
- ..\..\..\ctaocrypt\src\camellia.c
-
-
- coding.c
- 1
- ..\..\..\ctaocrypt\src\coding.c
-
-
- des3.c
- 1
- ..\..\..\ctaocrypt\src\des3.c
-
-
- dh.c
- 1
- ..\..\..\ctaocrypt\src\dh.c
-
-
- dsa.c
- 1
- ..\..\..\ctaocrypt\src\dsa.c
-
-
- ecc.c
- 1
- ..\..\..\ctaocrypt\src\ecc.c
-
-
- ecc_fp.c
- 1
- ..\..\..\ctaocrypt\src\ecc_fp.c
-
-
- error.c
- 1
- ..\..\..\ctaocrypt\src\error.c
-
-
- hc128.c
- 1
- ..\..\..\ctaocrypt\src\hc128.c
-
-
- hmac.c
- 1
- ..\..\..\ctaocrypt\src\hmac.c
-
-
- integer.c
- 1
- ..\..\..\ctaocrypt\src\integer.c
-
-
- logging.c
- 1
- ..\..\..\ctaocrypt\src\logging.c
-
-
- md2.c
- 1
- ..\..\..\ctaocrypt\src\md2.c
-
-
- md4.c
- 1
- ..\..\..\ctaocrypt\src\md4.c
-
-
- md5.c
- 1
- ..\..\..\ctaocrypt\src\md5.c
-
-
- memory.c
- 1
- ..\..\..\ctaocrypt\src\memory.c
-
-
- misc.c
- 1
- ..\..\..\ctaocrypt\src\misc.c
-
-
- pwdbased.c
- 1
- ..\..\..\ctaocrypt\src\pwdbased.c
-
-
- rabbit.c
- 1
- ..\..\..\ctaocrypt\src\rabbit.c
-
-
- random.c
- 1
- ..\..\..\ctaocrypt\src\random.c
-
-
- ripemd.c
- 1
- ..\..\..\ctaocrypt\src\ripemd.c
-
-
- rsa.c
- 1
- ..\..\..\ctaocrypt\src\rsa.c
-
-
- sha.c
- 1
- ..\..\..\ctaocrypt\src\sha.c
-
-
- sha256.c
- 1
- ..\..\..\ctaocrypt\src\sha256.c
-
-
- sha512.c
- 1
- ..\..\..\ctaocrypt\src\sha512.c
-
-
- tfm.c
- 1
- ..\..\..\ctaocrypt\src\tfm.c
-
-
- 2
- 0
- 0
- 0
- 0
- 0
- 2
- 2
- 2
- 2
- 11
-
-
-
-
-
- 2
- 0
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 0
- 2
- 2
-
-
-
-
-
-
-
-
-
-
-
- wc_port.c
- 1
- ..\..\..\ctaocrypt\src\wc_port.c
-
-
-
-
- Configuration
-
-
- File_Config.c
- 1
- ..\MDK-ARM\config\File_Config.c
-
-
- 2
- 0
- 0
- 0
- 0
- 0
- 2
- 2
- 2
- 2
- 11
-
-
-
-
-
- 2
- 0
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 0
- 2
- 2
-
-
-
-
-
-
-
-
-
-
-
- Net_Config.c
- 1
- ..\MDK-ARM\config\Net_Config.c
-
-
- 2
- 0
- 0
- 0
- 0
- 0
- 2
- 2
- 2
- 2
- 11
-
-
-
-
-
- 2
- 0
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 0
- 2
- 2
-
-
-
-
-
-
-
-
-
-
-
- config.h
- 5
- ..\MDK-ARM\CyaSSL\config.h
-
-
- RTX_Conf_CM.c
- 1
- ..\MDK-ARM\config\RTX_Conf_CM.c
-
-
- 2
- 0
- 0
- 0
- 0
- 0
- 2
- 2
- 2
- 2
- 11
-
-
-
-
-
- 2
- 0
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 0
- 2
- 2
-
-
-
-
-
-
-
-
-
-
-
- Net_Debug.c
- 1
- ..\MDK-ARM\config\Net_Debug.c
-
-
- 2
- 0
- 0
- 0
- 0
- 0
- 2
- 2
- 2
- 2
- 11
-
-
-
-
-
- 2
- 0
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 0
- 2
- 2
-
-
-
-
-
-
-
-
-
-
-
- config-FS.h
- 5
- ..\MDK-ARM\CyaSSL\config-FS.h
-
-
- config-RTX-TCP-FS.h
- 5
- ..\MDK-ARM\CyaSSL\config-RTX-TCP-FS.h
-
-
- config-BARE-METAL.h
- 5
- ..\MDK-ARM\CyaSSL\config-BARE-METAL.h
-
-
- startup_LPC43xx.s
- 2
- ..\LPC43xx\startup_LPC43xx.s
-
-
-
-
- CyaSSL-MDK
-
-
- cyassl_MDK_ARM.c
- 1
- ..\MDK-ARM\CyaSSL\cyassl_MDK_ARM.c
-
-
- Retarget.c
- 1
- ..\MDK-ARM\CyaSSL\Retarget.c
-
-
- time-LCP43xx.c
- 1
- ..\LPC43xx\time-LCP43xx.c
-
-
-
-
-
-
-
-
diff --git a/IDE/MDK-ARM/Projects/MDK-ARM-STM32F2xx.uvopt b/IDE/MDK-ARM/Projects/MDK-ARM-STM32F2xx.uvopt
index f051310b2..173f3e1b0 100644
--- a/IDE/MDK-ARM/Projects/MDK-ARM-STM32F2xx.uvopt
+++ b/IDE/MDK-ARM/Projects/MDK-ARM-STM32F2xx.uvopt
@@ -13,6 +13,7 @@
*.txt; *.h; *.inc
*.plm
*.cpp
+ 0
@@ -31,6 +32,7 @@
1
0
1
+ 0
1
@@ -76,16 +78,6 @@
0
255
-
- SARMCM3.DLL
- -MPU
- DARMSTM.DLL
- -pSTM32F207IG
- SARMCM3.DLL
- -MPU
- TARMSTM.DLL
- -pSTM32F207IG
-
0
1
@@ -97,16 +89,18 @@
1
1
1
- 0
+ 1
1
1
1
0
1
0
+ 1
+ 1
0
0
- 9
+ 7
@@ -116,14 +110,19 @@
- ..\MDK-ARM\config\STM32_SWO.ini
+ c:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\Blinky_ULp\STM32_SWO.ini
BIN\ULP2CM3.DLL
+
+ 0
+ ARMRTXEVENTFLAGS
+ -L70 -Z18 -C0 -M0 -T1
+
0
UL2CM3
- UL2CM3(-S0 -C0 -P0 -FD20000000 -FC1000 -FN1 -FF0STM32F2xx_1024 -FS08000000 -FL0100000 -FP0($$Device:STM32F207IG$Flash\STM32F2xx_1024.flm))
+ -UM1020ADE -O206 -S8 -C0 -P00 -N00("ARM CoreSight SW-DP") -D00(2BA01477) -L00(0) -TO23 -TC120000000 -TP21 -TDS801F -TDT0 -TDC10 -TIE1 -TIP9 -FO7 -FD20000000 -FC1000 -FN1 -FF0STM32F2xx_1024 -FS08000000 -FL0100000
0
@@ -143,10 +142,18 @@
0
ULP2CM3
- -UP1135060 -O206 -S0 -C0 -P00 -N00("ARM CoreSight SW-DP") -D00(2BA01477) -L00(0) -TO23 -TC10000000 -TP18 -TDX0 -TDD0 -TDS7 -TDT0 -TDC1F -TIEFFFFFFFF -TIP8 -FO7 -FD20000000 -FC800 -FN1 -FF0STM32F2xx_1024 -FS08000000 -FL0100000
+ -UP1135060 -O206 -S8 -C0 -P00 -N00("ARM CoreSight SW-DP") -D00(2BA01477) -L00(0) -TO23 -TC120000000 -TP18 -TDX0 -TDD0 -TDS8000 -TDT0 -TDC1F -TIE1 -TIP1 -FO7 -FD20000000 -FC800 -FN1 -FF0STM32F2xx_1024 -FS08000000 -FL0100000
+
+
+ 1
+ 0
+ 0x802f36c
+ 0
+
+
0
@@ -192,6 +199,7 @@
1
1
0
+ 0
1
@@ -237,16 +245,6 @@
1
255
-
- SARMCM3.DLL
- -MPU
- DARMSTM.DLL
- -pSTM32F207IG
- SARMCM3.DLL
- -MPU
- TARMSTM.DLL
- -pSTM32F207IG
-
0
1
@@ -265,9 +263,11 @@
0
1
0
+ 1
+ 1
0
0
- 9
+ 1
@@ -277,10 +277,20 @@
- ..\MDK-ARM\config\STM32_SWO.ini
- BIN\ULP2CM3.DLL
+ ..\..\..\..\..\..\..\Keil\ARM\Boards\Keil\MCBSTM32F200\Blinky_ULp\STM32_SWO.ini
+ BIN\UL2CM3.DLL
+
+ 0
+ ARMRTXEVENTFLAGS
+ -L70 -Z18 -C0 -M0 -T1
+
+
+ 0
+ UL2CM3
+ -UM1020ADE -O207 -S0 -C0 -P00 -N00("ARM CoreSight SW-DP") -D00(2BA01477) -L00(0) -TO23 -TC120000000 -TP21 -TDS801F -TDT0 -TDC1F -TIE1 -TIP9 -FO7 -FD20000000 -FC800 -FN1 -FF0STM32F2xx_1024 -FS08000000 -FL0100000
+
0
DLGTARM
@@ -294,12 +304,12 @@
0
DLGUARM
-
+ (105=-1,-1,-1,-1,0)
0
ULP2CM3
- -UP1135060 -O206 -S0 -C0 -P00 -N00("ARM CoreSight SW-DP") -D00(2BA01477) -L00(0) -TO23 -TC10000000 -TP18 -TDX0 -TDD0 -TDS7 -TDT0 -TDC1F -TIEFFFFFFFF -TIP8 -FO7 -FD20000000 -FC800 -FN1 -FF0STM32F2xx_1024 -FS08000000 -FL0100000
+ -UP1135060 -O206 -S0 -C0 -P00 -N00("ARM CoreSight SW-DP") -D00(2BA01477) -L00(0) -TO23 -TC10000000 -TP18 -TDX0 -TDD0 -TDS7 -TDT0 -TDC1F -TIEFFFFFFFF -TIP9 -FO7 -FD20000000 -FC800 -FN1 -FF0STM32F2xx_1024 -FS08000000 -FL0100000
@@ -348,6 +358,7 @@
1
1
0
+ 0
1
@@ -393,16 +404,6 @@
0
255
-
- SARMCM3.DLL
- -MPU
- DARMSTM.DLL
- -pSTM32F207IG
- SARMCM3.DLL
- -MPU
- TARMSTM.DLL
- -pSTM32F207IG
-
0
1
@@ -421,9 +422,11 @@
0
1
0
+ 1
+ 1
0
0
- 9
+ 1
@@ -433,10 +436,20 @@
- ..\MDK-ARM\config\STM32_SWO.ini
- BIN\ULP2CM3.DLL
+ ..\..\..\..\..\..\..\Keil\ARM\Boards\Keil\MCBSTM32F200\Blinky_ULp\STM32_SWO.ini
+ BIN\UL2CM3.DLL
+
+ 0
+ ARMRTXEVENTFLAGS
+ -L70 -Z18 -C0 -M0 -T1
+
+
+ 0
+ UL2CM3
+ -UM1020ADE -O79 -S8 -C0 -P00 -N00("ARM CoreSight SW-DP") -D00(2BA01477) -L00(0) -TO23 -TC120000000 -TP21 -TDS801F -TDT0 -TDC1F -TIE1 -TIP9 -FO7 -FD20000000 -FC800 -FN1 -FF0STM32F2xx_1024 -FS08000000 -FL0100000
+
0
DLGTARM
@@ -450,15 +463,64 @@
0
DLGUARM
-
+ (105=-1,-1,-1,-1,0)
0
ULP2CM3
- -UP1135060 -O206 -S0 -C0 -P00 -N00("ARM CoreSight SW-DP") -D00(2BA01477) -L00(0) -TO23 -TC10000000 -TP18 -TDX0 -TDD0 -TDS7 -TDT0 -TDC1F -TIEFFFFFFFF -TIP0 -FO7 -FD20000000 -FC800 -FN1 -FF0STM32F2xx_1024 -FS08000000 -FL0100000
+ -UP1135060 -O206 -S8 -C0 -P00 -N00("ARM CoreSight SW-DP") -D00(2BA01477) -L00(0) -TO23 -TC120000000 -TP18 -TDX0 -TDD0 -TDS8000 -TDT0 -TDC1F -TIE1 -TIP1 -FO7 -FD20000000 -FC800 -FN1 -FF0STM32F2xx_1024 -FS08000000 -FL0100000
-
+
+
+ 0
+ 0
+ 542
+ 1
+ 0
+ 0
+ 0
+ 0
+ 0
+ 0
+ 0
+ ..\MDK-ARM\wolfSSL\shell.c
+
+
+
+
+ 1
+ 0
+ 150
+ 1
+ 0
+ 0
+ 0
+ 0
+ 0
+ 0
+ 0
+ ..\MDK-ARM\wolfSSL\main.c
+
+
+
+
+ 2
+ 0
+ 540
+ 1
+ 0
+ 0
+ 0
+ 0
+ 0
+ 0
+ 0
+ ..\MDK-ARM\wolfSSL\shell.c
+
+
+
+
0
@@ -494,7 +556,7 @@
- CyaSSL Apps
+ wolfSSL Apps
1
0
0
@@ -505,13 +567,10 @@
1
0
0
- 0
0
- 0
- 0
0
- ..\..\..\examples\echoclient\echoclient.c
- echoclient.c
+ ..\..\..\examples\client\client.c
+ client.c
0
0
@@ -521,13 +580,10 @@
1
0
0
- 0
0
- 0
- 0
0
- ..\..\..\examples\echoserver\echoserver.c
- echoserver.c
+ ..\MDK-ARM\wolfSSL\shell.c
+ shell.c
0
0
@@ -537,13 +593,10 @@
1
0
0
- 5
0
- 0
- 0
0
- ..\..\..\ctaocrypt\test\test.c
- test.c
+ ..\..\..\examples\server\server.c
+ server.c
0
0
@@ -553,13 +606,10 @@
1
0
0
- 21
0
- 0
- 0
0
- ..\..\..\ctaocrypt\benchmark\benchmark.c
- benchmark.c
+ ..\MDK-ARM\wolfSSL\main.c
+ main.c
0
0
@@ -569,13 +619,10 @@
1
0
0
- 0
0
- 0
- 0
0
- ..\..\..\examples\client\client.c
- client.c
+ ..\..\..\wolfcrypt\test\test.c
+ test.c
0
0
@@ -585,13 +632,10 @@
1
0
0
- 0
0
- 0
- 0
0
- ..\..\..\examples\server\server.c
- server.c
+ ..\..\..\wolfcrypt\benchmark\benchmark.c
+ benchmark.c
0
0
@@ -601,13 +645,10 @@
1
0
0
- 0
0
- 0
- 0
0
- ..\MDK-ARM\CyaSSL\shell.c
- shell.c
+ ..\..\..\examples\echoclient\echoclient.c
+ echoclient.c
0
0
@@ -617,40 +658,13 @@
1
0
0
- 0
0
- 106
- 149
0
- ..\MDK-ARM\CyaSSL\main.c
- main.c
+ ..\..\..\examples\echoserver\echoserver.c
+ echoserver.c
0
0
-
- 1
- 9
- 1
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- ..\MDK-ARM\CyaSSL\cert_data.c
- cert_data.c
- 0
- 0
-
-
-
-
- STM32F2xx_StdPeriph_Lib
- 1
- 0
- 0
- 0
@@ -660,786 +674,93 @@
0
0
- 3
- 10
- 1
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- c:\Keil\ARM\Boards\Keil\MCBSTM32F200\RL\FlashFS\SD_File\Serial.c
- Serial.c
- 0
- 0
-
-
- 3
- 11
- 1
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- c:\Keil\ARM\RL\FlashFS\Drivers\SDIO_STM32F2xx.c
- SDIO_STM32F2xx.c
- 0
- 0
-
-
- 3
- 12
+ 2
+ 9
4
0
0
- 0
0
- 0
- 0
0
- c:\Keil\ARM\RV31\LIB\FS_CM3.lib
- FS_CM3.lib
- 0
- 0
-
-
- 3
- 13
- 4
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- c:\Keil\ARM\RV31\LIB\\RTX_CM3.lib
+ c:\Keil_v5\ARM\RV31\LIB\\RTX_CM3.lib
RTX_CM3.lib
0
0
- 3
- 14
+ 2
+ 10
1
0
0
- 0
0
- 0
- 0
0
- c:\Keil\ARM\RL\TCPnet\Drivers\ETH_STM32F2xx.c
+ c:\Keil_v5\ARM\RL\TCPnet\Drivers\ETH_STM32F2xx.c
ETH_STM32F2xx.c
0
0
- 3
- 15
+ 2
+ 11
4
0
0
- 0
0
- 0
- 0
0
- c:\Keil\ARM\RV31\LIB\TCPD_CM3.lib
+ c:\Keil_v5\ARM\RV31\LIB\TCPD_CM3.lib
TCPD_CM3.lib
0
0
- 3
- 16
+ 2
+ 12
4
0
0
- 0
0
- 0
- 0
0
- c:\Keil\ARM\RV31\LIB\TCP_CM3.lib
+ c:\Keil_v5\ARM\RV31\LIB\TCP_CM3.lib
TCP_CM3.lib
0
0
- 3
- 17
+ 2
+ 13
1
0
0
- 0
0
- 0
- 0
0
- C:\Keil\ARM\Startup\ST\STM32F2xx\system_stm32f2xx.c
+ C:\Keil_v5\ARM\Startup\ST\STM32F2xx\system_stm32f2xx.c
system_stm32f2xx.c
0
0
-
-
-
- CyaSSL Library
- 1
- 0
- 0
- 0
- 4
- 18
+ 2
+ 14
1
0
0
- 0
0
- 0
- 0
0
- ..\..\..\src\crl.c
- crl.c
+ C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\FlashFS\SD_File\SDIO_STM32F2xx.c
+ SDIO_STM32F2xx.c
0
0
- 4
- 19
- 1
+ 2
+ 15
+ 4
0
0
- 0
0
- 0
- 0
0
- ..\..\..\src\internal.c
- internal.c
- 0
- 0
-
-
- 4
- 20
- 1
- 0
- 0
- 23
- 0
- 0
- 0
- 0
- ..\..\..\src\io.c
- io.c
- 0
- 0
-
-
- 4
- 21
- 1
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- ..\..\..\src\keys.c
- keys.c
- 0
- 0
-
-
- 4
- 22
- 1
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- ..\..\..\src\ocsp.c
- ocsp.c
- 0
- 0
-
-
- 4
- 23
- 1
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- ..\..\..\src\sniffer.c
- sniffer.c
- 0
- 0
-
-
- 4
- 24
- 1
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- ..\..\..\src\ssl.c
- ssl.c
- 0
- 0
-
-
- 4
- 25
- 1
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- ..\..\..\src\tls.c
- tls.c
- 0
- 0
-
-
- 4
- 26
- 1
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- ..\MDK-ARM\CyaSSL\ssl-dummy.c
- ssl-dummy.c
- 0
- 0
-
-
-
-
- Crypt/Cipher Library
- 1
- 0
- 0
- 0
-
- 5
- 27
- 1
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- ..\..\..\ctaocrypt\src\aes.c
- aes.c
- 0
- 0
-
-
- 5
- 28
- 1
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- ..\..\..\ctaocrypt\src\arc4.c
- arc4.c
- 0
- 0
-
-
- 5
- 29
- 1
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- ..\..\..\ctaocrypt\src\asm.c
- asm.c
- 0
- 0
-
-
- 5
- 30
- 1
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- ..\..\..\ctaocrypt\src\asn.c
- asn.c
- 0
- 0
-
-
- 5
- 31
- 1
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- ..\..\..\ctaocrypt\src\camellia.c
- camellia.c
- 0
- 0
-
-
- 5
- 32
- 1
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- ..\..\..\ctaocrypt\src\coding.c
- coding.c
- 0
- 0
-
-
- 5
- 33
- 1
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- ..\..\..\ctaocrypt\src\des3.c
- des3.c
- 0
- 0
-
-
- 5
- 34
- 1
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- ..\..\..\ctaocrypt\src\dh.c
- dh.c
- 0
- 0
-
-
- 5
- 35
- 1
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- ..\..\..\ctaocrypt\src\dsa.c
- dsa.c
- 0
- 0
-
-
- 5
- 36
- 1
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- ..\..\..\ctaocrypt\src\ecc.c
- ecc.c
- 0
- 0
-
-
- 5
- 37
- 1
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- ..\..\..\ctaocrypt\src\ecc_fp.c
- ecc_fp.c
- 0
- 0
-
-
- 5
- 38
- 1
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- ..\..\..\ctaocrypt\src\error.c
- error.c
- 0
- 0
-
-
- 5
- 39
- 1
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- ..\..\..\ctaocrypt\src\hc128.c
- hc128.c
- 0
- 0
-
-
- 5
- 40
- 1
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- ..\..\..\ctaocrypt\src\hmac.c
- hmac.c
- 0
- 0
-
-
- 5
- 41
- 1
- 0
- 0
- 19
- 0
- 0
- 0
- 0
- ..\..\..\ctaocrypt\src\integer.c
- integer.c
- 0
- 0
-
-
- 5
- 42
- 1
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- ..\..\..\ctaocrypt\src\logging.c
- logging.c
- 0
- 0
-
-
- 5
- 43
- 1
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- ..\..\..\ctaocrypt\src\md2.c
- md2.c
- 0
- 0
-
-
- 5
- 44
- 1
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- ..\..\..\ctaocrypt\src\md4.c
- md4.c
- 0
- 0
-
-
- 5
- 45
- 1
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- ..\..\..\ctaocrypt\src\md5.c
- md5.c
- 0
- 0
-
-
- 5
- 46
- 1
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- ..\..\..\ctaocrypt\src\memory.c
- memory.c
- 0
- 0
-
-
- 5
- 47
- 1
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- ..\..\..\ctaocrypt\src\misc.c
- misc.c
- 0
- 0
-
-
- 5
- 48
- 1
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- ..\..\..\ctaocrypt\src\wc_port.c
- wc_port.c
- 0
- 0
-
-
- 5
- 49
- 1
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- ..\..\..\ctaocrypt\src\pwdbased.c
- pwdbased.c
- 0
- 0
-
-
- 5
- 50
- 1
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- ..\..\..\ctaocrypt\src\rabbit.c
- rabbit.c
- 0
- 0
-
-
- 5
- 51
- 1
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- ..\..\..\ctaocrypt\src\random.c
- random.c
- 0
- 0
-
-
- 5
- 52
- 1
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- ..\..\..\ctaocrypt\src\ripemd.c
- ripemd.c
- 0
- 0
-
-
- 5
- 53
- 1
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- ..\..\..\ctaocrypt\src\rsa.c
- rsa.c
- 0
- 0
-
-
- 5
- 54
- 1
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- ..\..\..\ctaocrypt\src\sha.c
- sha.c
- 0
- 0
-
-
- 5
- 55
- 1
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- ..\..\..\ctaocrypt\src\sha256.c
- sha256.c
- 0
- 0
-
-
- 5
- 56
- 1
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- ..\..\..\ctaocrypt\src\sha512.c
- sha512.c
- 0
- 0
-
-
- 5
- 57
- 1
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- ..\..\..\ctaocrypt\src\tfm.c
- tfm.c
+ C:\Keil_v5\ARM\RV31\LIB\FS_CM3.lib
+ FS_CM3.lib
0
0
@@ -1452,202 +773,226 @@
0
0
- 6
- 58
+ 3
+ 16
1
0
0
- 0
0
- 0
- 0
0
- ..\MDK-ARM\config\File_Config.c
- File_Config.c
- 0
- 0
-
-
- 6
- 59
- 1
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- ..\MDK-ARM\config\Net_Config.c
+ C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\TCPnet\Http_demo\Net_Config.c
Net_Config.c
0
0
- 6
- 60
+ 3
+ 17
5
0
0
- 0
0
- 0
- 0
0
- ..\MDK-ARM\CyaSSL\config.h
+ ..\MDK-ARM\wolfSSL\config.h
config.h
0
0
- 6
- 61
+ 3
+ 18
1
0
0
- 0
0
- 0
- 0
0
- ..\MDK-ARM\config\RTX_Conf_CM.c
- RTX_Conf_CM.c
+ C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\TCPnet\Http_demo\RTX_Config.c
+ RTX_Config.c
0
0
- 6
- 62
+ 3
+ 19
1
0
0
- 0
0
- 0
- 0
0
- ..\MDK-ARM\config\Net_Debug.c
+ C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\TCPnet\Http_demo\Net_Debug.c
Net_Debug.c
0
0
- 6
- 63
+ 3
+ 20
5
0
0
- 0
0
- 1
- 1
0
- ..\MDK-ARM\CyaSSL\config-FS.h
+ ..\MDK-ARM\wolfSSL\config-FS.h
config-FS.h
0
0
- 6
- 64
+ 3
+ 21
5
0
0
- 0
0
- 0
- 0
0
- ..\MDK-ARM\CyaSSL\config-RTX-TCP-FS.h
+ ..\MDK-ARM\wolfSSL\config-RTX-TCP-FS.h
config-RTX-TCP-FS.h
0
0
- 6
- 65
+ 3
+ 22
5
0
0
- 0
0
- 0
- 0
0
- ..\MDK-ARM\CyaSSL\config-BARE-METAL.h
+ ..\MDK-ARM\wolfSSL\config-BARE-METAL.h
config-BARE-METAL.h
0
0
- 6
- 66
+ 3
+ 23
2
0
0
- 0
0
- 152
- 169
0
- ..\MDK-ARM\config\startup_stm32f2xx.s
+ C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\TCPnet\Http_demo\startup_stm32f2xx.s
startup_stm32f2xx.s
0
0
+
+ 3
+ 24
+ 1
+ 0
+ 0
+ 0
+ 0
+ C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\FlashFS\SD_File\File_Config.c
+ File_Config.c
+ 0
+ 0
+
+
+ 3
+ 25
+ 5
+ 0
+ 0
+ 0
+ 0
+ ..\MDK-ARM\wolfSSL\config-WOLFLIB.h
+ config-WOLFLIB.h
+ 0
+ 0
+
- CyaSSL-MDK
+ wolfSSL-MDK
1
0
0
0
- 7
- 67
+ 4
+ 26
1
0
0
- 0
0
- 182
- 222
0
- ..\MDK-ARM\CyaSSL\cyassl_MDK_ARM.c
- cyassl_MDK_ARM.c
- 0
- 0
-
-
- 7
- 68
- 1
- 1
- 0
- 0
- 0
- 0
- 0
- 0
- ..\MDK-ARM\CyaSSL\Retarget.c
+ ..\MDK-ARM\wolfSSL\Retarget.c
Retarget.c
0
0
- 7
- 69
+ 4
+ 27
1
0
0
- 1
0
- 0
- 0
0
- ..\STM32F2xx_StdPeriph_Lib\time-STM32F2xx.c
- time-STM32F2xx.c
+ ..\MDK-ARM\wolfSSL\time-CortexM3-4.c
+ time-CortexM3-4.c
+ 0
+ 0
+
+
+ 4
+ 28
+ 1
+ 0
+ 0
+ 0
+ 0
+ ..\MDK-ARM\wolfSSL\time-dummy.c
+ time-dummy.c
+ 0
+ 0
+
+
+ 4
+ 29
+ 1
+ 0
+ 0
+ 0
+ 0
+ ..\MDK-ARM\wolfSSL\wolfssl_MDK_ARM.c
+ wolfssl_MDK_ARM.c
+ 0
+ 0
+
+
+ 4
+ 30
+ 1
+ 0
+ 0
+ 0
+ 0
+ C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\Blinky_ULp\Serial.c
+ Serial.c
+ 0
+ 0
+
+
+
+
+ wolfSSL-Lib
+ 1
+ 0
+ 0
+ 0
+
+ 5
+ 31
+ 4
+ 0
+ 0
+ 0
+ 0
+ .\wolfSSL-lib\wolfSSL.lib
+ wolfSSL.lib
0
0
diff --git a/IDE/MDK-ARM/Projects/MDK-ARM-STM32F2xx.uvproj b/IDE/MDK-ARM/Projects/MDK-ARM-STM32F2xx.uvproj
index f7cf9b176..b194c1113 100644
--- a/IDE/MDK-ARM/Projects/MDK-ARM-STM32F2xx.uvproj
+++ b/IDE/MDK-ARM/Projects/MDK-ARM-STM32F2xx.uvproj
@@ -30,6 +30,7 @@
SFD\ST\STM32F2xx\STM32F20x.sfr
+ 0
0
@@ -71,6 +72,8 @@
0
0
+ 0
+ 0
0
@@ -97,6 +100,7 @@
3
+ 1
SARMCM3.DLL
@@ -126,20 +130,22 @@
1
1
0
+ 1
1
1
- 0
+ 1
1
1
1
0
1
0
+ 1
0
- 9
+ 7
@@ -152,7 +158,7 @@
- ..\MDK-ARM\config\STM32_SWO.ini
+ c:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\Blinky_ULp\STM32_SWO.ini
BIN\ULP2CM3.DLL
@@ -169,6 +175,10 @@
BIN\ULP2CM3.DLL
"" ()
+
+
+
+ 0
@@ -347,11 +357,13 @@
0
0
0
+ 0
+ 0
HAVE_CONFIG_H CYASSL_STM32F2xx __DBG_ITM __RTX MDK_CONF_RTX_TCP_FS
- ..\MDK-ARM\CyaSSL;C:..\STM32F2xx_StdPeriph_Lib\inc;..\..\..\
+ ..\MDK-ARM\wolfSSL;..\..\..\; .\; C:\Keil_v5\ARM\RV31\INC
@@ -363,6 +375,7 @@
0
0
0
+ 0
@@ -379,6 +392,7 @@
0
0x08000000
0x20000000
+
@@ -390,8 +404,38 @@
- CyaSSL Apps
+ wolfSSL Apps
+
+ client.c
+ 1
+ ..\..\..\examples\client\client.c
+
+
+ shell.c
+ 1
+ ..\MDK-ARM\wolfSSL\shell.c
+
+
+ server.c
+ 1
+ ..\..\..\examples\server\server.c
+
+
+ main.c
+ 1
+ ..\MDK-ARM\wolfSSL\main.c
+
+
+ test.c
+ 1
+ ..\..\..\wolfcrypt\test\test.c
+
+
+ benchmark.c
+ 1
+ ..\..\..\wolfcrypt\benchmark\benchmark.c
+
echoclient.c
1
@@ -402,78 +446,25 @@
1
..\..\..\examples\echoserver\echoserver.c
-
- test.c
- 1
- ..\..\..\ctaocrypt\test\test.c
-
-
- benchmark.c
- 1
- ..\..\..\ctaocrypt\benchmark\benchmark.c
-
-
- client.c
- 1
- ..\..\..\examples\client\client.c
-
-
- server.c
- 1
- ..\..\..\examples\server\server.c
-
-
- shell.c
- 1
- ..\MDK-ARM\CyaSSL\shell.c
-
-
- main.c
- 1
- ..\MDK-ARM\CyaSSL\main.c
-
-
- cert_data.c
- 1
- ..\MDK-ARM\CyaSSL\cert_data.c
-
-
- STM32F2xx_StdPeriph_Lib
-
MDK-ARM
-
- Serial.c
- 1
- c:\Keil\ARM\Boards\Keil\MCBSTM32F200\RL\FlashFS\SD_File\Serial.c
-
-
- SDIO_STM32F2xx.c
- 1
- c:\Keil\ARM\RL\FlashFS\Drivers\SDIO_STM32F2xx.c
-
-
- FS_CM3.lib
- 4
- c:\Keil\ARM\RV31\LIB\FS_CM3.lib
-
RTX_CM3.lib
4
- c:\Keil\ARM\RV31\LIB\\RTX_CM3.lib
+ c:\Keil_v5\ARM\RV31\LIB\\RTX_CM3.lib
ETH_STM32F2xx.c
1
- c:\Keil\ARM\RL\TCPnet\Drivers\ETH_STM32F2xx.c
+ c:\Keil_v5\ARM\RL\TCPnet\Drivers\ETH_STM32F2xx.c
TCPD_CM3.lib
4
- c:\Keil\ARM\RV31\LIB\TCPD_CM3.lib
+ c:\Keil_v5\ARM\RV31\LIB\TCPD_CM3.lib
2
@@ -489,6 +480,7 @@
11
+ 1
@@ -496,332 +488,47 @@
TCP_CM3.lib
4
- c:\Keil\ARM\RV31\LIB\TCP_CM3.lib
+ c:\Keil_v5\ARM\RV31\LIB\TCP_CM3.lib
system_stm32f2xx.c
1
- C:\Keil\ARM\Startup\ST\STM32F2xx\system_stm32f2xx.c
-
-
-
-
- CyaSSL Library
-
-
- crl.c
- 1
- ..\..\..\src\crl.c
+ C:\Keil_v5\ARM\Startup\ST\STM32F2xx\system_stm32f2xx.c
- internal.c
+ SDIO_STM32F2xx.c
1
- ..\..\..\src\internal.c
+ C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\FlashFS\SD_File\SDIO_STM32F2xx.c
- io.c
- 1
- ..\..\..\src\io.c
-
-
- keys.c
- 1
- ..\..\..\src\keys.c
-
-
- ocsp.c
- 1
- ..\..\..\src\ocsp.c
-
-
- sniffer.c
- 1
- ..\..\..\src\sniffer.c
-
-
- ssl.c
- 1
- ..\..\..\src\ssl.c
-
-
- tls.c
- 1
- ..\..\..\src\tls.c
-
-
- ssl-dummy.c
- 1
- ..\MDK-ARM\CyaSSL\ssl-dummy.c
-
-
- 2
- 0
- 0
- 0
- 0
- 0
- 2
- 2
- 2
- 2
- 11
-
-
-
-
-
- 2
- 0
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 0
- 2
- 2
-
-
-
-
-
-
-
-
-
-
-
-
-
- Crypt/Cipher Library
-
-
- aes.c
- 1
- ..\..\..\ctaocrypt\src\aes.c
-
-
- arc4.c
- 1
- ..\..\..\ctaocrypt\src\arc4.c
-
-
- asm.c
- 1
- ..\..\..\ctaocrypt\src\asm.c
-
-
- asn.c
- 1
- ..\..\..\ctaocrypt\src\asn.c
-
-
- camellia.c
- 1
- ..\..\..\ctaocrypt\src\camellia.c
-
-
- coding.c
- 1
- ..\..\..\ctaocrypt\src\coding.c
-
-
- des3.c
- 1
- ..\..\..\ctaocrypt\src\des3.c
-
-
- dh.c
- 1
- ..\..\..\ctaocrypt\src\dh.c
-
-
- dsa.c
- 1
- ..\..\..\ctaocrypt\src\dsa.c
-
-
- ecc.c
- 1
- ..\..\..\ctaocrypt\src\ecc.c
-
-
- ecc_fp.c
- 1
- ..\..\..\ctaocrypt\src\ecc_fp.c
-
-
- error.c
- 1
- ..\..\..\ctaocrypt\src\error.c
-
-
- hc128.c
- 1
- ..\..\..\ctaocrypt\src\hc128.c
-
-
- hmac.c
- 1
- ..\..\..\ctaocrypt\src\hmac.c
-
-
- integer.c
- 1
- ..\..\..\ctaocrypt\src\integer.c
-
-
- logging.c
- 1
- ..\..\..\ctaocrypt\src\logging.c
-
-
- md2.c
- 1
- ..\..\..\ctaocrypt\src\md2.c
-
-
- md4.c
- 1
- ..\..\..\ctaocrypt\src\md4.c
-
-
- md5.c
- 1
- ..\..\..\ctaocrypt\src\md5.c
-
-
- memory.c
- 1
- ..\..\..\ctaocrypt\src\memory.c
-
-
- misc.c
- 1
- ..\..\..\ctaocrypt\src\misc.c
-
-
- wc_port.c
- 1
- ..\..\..\ctaocrypt\src\wc_port.c
-
-
- pwdbased.c
- 1
- ..\..\..\ctaocrypt\src\pwdbased.c
-
-
- rabbit.c
- 1
- ..\..\..\ctaocrypt\src\rabbit.c
-
-
- random.c
- 1
- ..\..\..\ctaocrypt\src\random.c
-
-
- ripemd.c
- 1
- ..\..\..\ctaocrypt\src\ripemd.c
-
-
- rsa.c
- 1
- ..\..\..\ctaocrypt\src\rsa.c
-
-
- sha.c
- 1
- ..\..\..\ctaocrypt\src\sha.c
-
-
- sha256.c
- 1
- ..\..\..\ctaocrypt\src\sha256.c
-
-
- sha512.c
- 1
- ..\..\..\ctaocrypt\src\sha512.c
-
-
- tfm.c
- 1
- ..\..\..\ctaocrypt\src\tfm.c
-
-
- 2
- 0
- 0
- 0
- 0
- 0
- 2
- 2
- 2
- 2
- 11
-
-
-
-
-
- 2
- 0
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 0
- 2
- 2
-
-
-
-
-
-
-
-
-
+ FS_CM3.lib
+ 4
+ C:\Keil_v5\ARM\RV31\LIB\FS_CM3.lib
Configuration
-
- File_Config.c
- 1
- ..\MDK-ARM\config\File_Config.c
-
Net_Config.c
1
- ..\MDK-ARM\config\Net_Config.c
+ C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\TCPnet\Http_demo\Net_Config.c
config.h
5
- ..\MDK-ARM\CyaSSL\config.h
+ ..\MDK-ARM\wolfSSL\config.h
- RTX_Conf_CM.c
+ RTX_Config.c
1
- ..\MDK-ARM\config\RTX_Conf_CM.c
+ C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\TCPnet\Http_demo\RTX_Config.c
Net_Debug.c
1
- ..\MDK-ARM\config\Net_Debug.c
+ C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\TCPnet\Http_demo\Net_Debug.c
2
@@ -837,6 +544,7 @@
11
+ 1
@@ -853,6 +561,8 @@
0
2
2
+ 2
+ 2
@@ -866,42 +576,91 @@
config-FS.h
5
- ..\MDK-ARM\CyaSSL\config-FS.h
+ ..\MDK-ARM\wolfSSL\config-FS.h
config-RTX-TCP-FS.h
5
- ..\MDK-ARM\CyaSSL\config-RTX-TCP-FS.h
+ ..\MDK-ARM\wolfSSL\config-RTX-TCP-FS.h
config-BARE-METAL.h
5
- ..\MDK-ARM\CyaSSL\config-BARE-METAL.h
+ ..\MDK-ARM\wolfSSL\config-BARE-METAL.h
startup_stm32f2xx.s
2
- ..\MDK-ARM\config\startup_stm32f2xx.s
+ C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\TCPnet\Http_demo\startup_stm32f2xx.s
+
+
+ File_Config.c
+ 1
+ C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\FlashFS\SD_File\File_Config.c
+
+
+ config-WOLFLIB.h
+ 5
+ ..\MDK-ARM\wolfSSL\config-WOLFLIB.h
- CyaSSL-MDK
+ wolfSSL-MDK
-
- cyassl_MDK_ARM.c
- 1
- ..\MDK-ARM\CyaSSL\cyassl_MDK_ARM.c
-
Retarget.c
1
- ..\MDK-ARM\CyaSSL\Retarget.c
+ ..\MDK-ARM\wolfSSL\Retarget.c
- time-STM32F2xx.c
+ time-CortexM3-4.c
1
- ..\STM32F2xx_StdPeriph_Lib\time-STM32F2xx.c
+ ..\MDK-ARM\wolfSSL\time-CortexM3-4.c
+
+
+ time-dummy.c
+ 1
+ ..\MDK-ARM\wolfSSL\time-dummy.c
+
+
+ wolfssl_MDK_ARM.c
+ 1
+ ..\MDK-ARM\wolfSSL\wolfssl_MDK_ARM.c
+
+
+ Serial.c
+ 1
+ C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\Blinky_ULp\Serial.c
+
+
+
+
+ wolfSSL-Lib
+
+
+ wolfSSL.lib
+ 4
+ .\wolfSSL-lib\wolfSSL.lib
+
+
+ 2
+ 0
+ 0
+ 0
+ 0
+ 1
+ 2
+ 2
+ 2
+ 2
+ 11
+
+
+ 1
+
+
+
@@ -931,6 +690,7 @@
SFD\ST\STM32F2xx\STM32F20x.sfr
+ 0
0
@@ -972,6 +732,8 @@
0
0
+ 0
+ 0
0
@@ -998,6 +760,7 @@
3
+ 1
SARMCM3.DLL
@@ -1027,6 +790,7 @@
1
1
0
+ 1
1
@@ -1038,9 +802,10 @@
0
1
0
+ 1
0
- 9
+ 1
@@ -1053,8 +818,8 @@
- ..\MDK-ARM\config\STM32_SWO.ini
- BIN\ULP2CM3.DLL
+ ..\..\..\..\..\..\..\Keil\ARM\Boards\Keil\MCBSTM32F200\Blinky_ULp\STM32_SWO.ini
+ BIN\UL2CM3.DLL
@@ -1066,10 +831,14 @@
1
4100
- 0
+ 1
BIN\ULP2CM3.DLL
"" ()
+
+
+
+ 0
@@ -1248,11 +1017,13 @@
0
0
0
+ 0
+ 0
- HAVE_CONFIG_H CYASSL_STM32F2xx __DBG_ITM MDK_CONF_FS
+ HAVE_CONFIG_H WOLFSSL_STM32F2xx __DBG_ITM MDK_CONF_FS
- ..\MDK-ARM\CyaSSL;..\MDK-ARM\inc;..\STM32F2xx_StdPeriph_Lib\inc;..\POSIX\..\..\..\
+ ..\MDK-ARM\wolfSSL;..\MDK-ARM\inc;..\..\..\
@@ -1264,6 +1035,7 @@
0
0
0
+ 0
@@ -1280,6 +1052,7 @@
0
0x08000000
0x20000000
+
@@ -1291,8 +1064,124 @@
- CyaSSL Apps
+ wolfSSL Apps
+
+ client.c
+ 1
+ ..\..\..\examples\client\client.c
+
+
+ 2
+ 0
+ 0
+ 0
+ 0
+ 0
+ 2
+ 2
+ 2
+ 2
+ 11
+
+
+ 1
+
+
+
+ 2
+ 0
+ 2
+ 2
+ 2
+ 2
+ 2
+ 2
+ 2
+ 2
+ 0
+ 2
+ 2
+ 2
+ 2
+
+
+
+
+
+
+
+
+
+
+
+ shell.c
+ 1
+ ..\MDK-ARM\wolfSSL\shell.c
+
+
+ server.c
+ 1
+ ..\..\..\examples\server\server.c
+
+
+ 2
+ 0
+ 0
+ 0
+ 0
+ 0
+ 2
+ 2
+ 2
+ 2
+ 11
+
+
+ 1
+
+
+
+ 2
+ 0
+ 2
+ 2
+ 2
+ 2
+ 2
+ 2
+ 2
+ 2
+ 0
+ 2
+ 2
+ 2
+ 2
+
+
+
+
+
+
+
+
+
+
+
+ main.c
+ 1
+ ..\MDK-ARM\wolfSSL\main.c
+
+
+ test.c
+ 1
+ ..\..\..\wolfcrypt\test\test.c
+
+
+ benchmark.c
+ 1
+ ..\..\..\wolfcrypt\benchmark\benchmark.c
+
echoclient.c
1
@@ -1312,6 +1201,7 @@
11
+ 1
@@ -1325,9 +1215,11 @@
2
2
2
- 0
+ 2
2
2
+ 2
+ 2
@@ -1357,6 +1249,7 @@
11
+ 1
@@ -1370,9 +1263,11 @@
2
2
2
- 0
+ 2
2
2
+ 2
+ 2
@@ -1383,148 +1278,15 @@
-
- test.c
- 1
- ..\..\..\ctaocrypt\test\test.c
-
-
- benchmark.c
- 1
- ..\..\..\ctaocrypt\benchmark\benchmark.c
-
-
- client.c
- 1
- ..\..\..\examples\client\client.c
-
-
- 2
- 0
- 0
- 0
- 0
- 0
- 2
- 2
- 2
- 2
- 11
-
-
-
-
-
- 2
- 0
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 0
- 2
- 2
-
-
-
-
-
-
-
-
-
-
-
- server.c
- 1
- ..\..\..\examples\server\server.c
-
-
- 2
- 0
- 0
- 0
- 0
- 0
- 2
- 2
- 2
- 2
- 11
-
-
-
-
-
- 2
- 0
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 0
- 2
- 2
-
-
-
-
-
-
-
-
-
-
-
- shell.c
- 1
- ..\MDK-ARM\CyaSSL\shell.c
-
-
- main.c
- 1
- ..\MDK-ARM\CyaSSL\main.c
-
-
- cert_data.c
- 1
- ..\MDK-ARM\CyaSSL\cert_data.c
-
-
- STM32F2xx_StdPeriph_Lib
-
MDK-ARM
-
- Serial.c
- 1
- c:\Keil\ARM\Boards\Keil\MCBSTM32F200\RL\FlashFS\SD_File\Serial.c
-
-
- SDIO_STM32F2xx.c
- 1
- c:\Keil\ARM\RL\FlashFS\Drivers\SDIO_STM32F2xx.c
-
-
- FS_CM3.lib
- 4
- c:\Keil\ARM\RV31\LIB\FS_CM3.lib
-
RTX_CM3.lib
4
- c:\Keil\ARM\RV31\LIB\\RTX_CM3.lib
+ c:\Keil_v5\ARM\RV31\LIB\\RTX_CM3.lib
2
@@ -1532,7 +1294,7 @@
0
0
0
- 0
+ 1
2
2
2
@@ -1540,6 +1302,7 @@
11
+ 1
@@ -1547,7 +1310,7 @@
ETH_STM32F2xx.c
1
- c:\Keil\ARM\RL\TCPnet\Drivers\ETH_STM32F2xx.c
+ c:\Keil_v5\ARM\RL\TCPnet\Drivers\ETH_STM32F2xx.c
2
@@ -1563,6 +1326,7 @@
11
+ 1
@@ -1579,6 +1343,8 @@
0
2
2
+ 2
+ 2
@@ -1592,7 +1358,7 @@
TCPD_CM3.lib
4
- c:\Keil\ARM\RV31\LIB\TCPD_CM3.lib
+ c:\Keil_v5\ARM\RV31\LIB\TCPD_CM3.lib
2
@@ -1608,6 +1374,7 @@
11
+ 1
@@ -1615,7 +1382,7 @@
TCP_CM3.lib
4
- c:\Keil\ARM\RV31\LIB\TCP_CM3.lib
+ c:\Keil_v5\ARM\RV31\LIB\TCP_CM3.lib
2
@@ -1631,6 +1398,7 @@
11
+ 1
@@ -1638,552 +1406,27 @@
system_stm32f2xx.c
1
- C:\Keil\ARM\Startup\ST\STM32F2xx\system_stm32f2xx.c
-
-
-
-
- CyaSSL Library
-
-
- crl.c
- 1
- ..\..\..\src\crl.c
-
-
- 2
- 0
- 0
- 0
- 0
- 0
- 2
- 2
- 2
- 2
- 11
-
-
-
-
-
- 2
- 0
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 0
- 2
- 2
-
-
-
-
-
-
-
-
-
+ C:\Keil_v5\ARM\Startup\ST\STM32F2xx\system_stm32f2xx.c
- internal.c
+ SDIO_STM32F2xx.c
1
- ..\..\..\src\internal.c
-
-
- 2
- 0
- 0
- 0
- 0
- 0
- 2
- 2
- 2
- 2
- 11
-
-
-
-
-
- 2
- 0
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 0
- 2
- 2
-
-
-
-
-
-
-
-
-
+ C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\FlashFS\SD_File\SDIO_STM32F2xx.c
- io.c
- 1
- ..\..\..\src\io.c
-
-
- 2
- 0
- 0
- 0
- 0
- 0
- 2
- 2
- 2
- 2
- 11
-
-
-
-
-
- 2
- 0
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 0
- 2
- 2
-
-
-
-
-
-
-
-
-
-
-
- keys.c
- 1
- ..\..\..\src\keys.c
-
-
- 2
- 0
- 0
- 0
- 0
- 0
- 2
- 2
- 2
- 2
- 11
-
-
-
-
-
- 2
- 0
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 0
- 2
- 2
-
-
-
-
-
-
-
-
-
-
-
- ocsp.c
- 1
- ..\..\..\src\ocsp.c
-
-
- 2
- 0
- 0
- 0
- 0
- 0
- 2
- 2
- 2
- 2
- 11
-
-
-
-
-
- 2
- 0
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 0
- 2
- 2
-
-
-
-
-
-
-
-
-
-
-
- sniffer.c
- 1
- ..\..\..\src\sniffer.c
-
-
- 2
- 0
- 0
- 0
- 0
- 0
- 2
- 2
- 2
- 2
- 11
-
-
-
-
-
- 2
- 0
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 0
- 2
- 2
-
-
-
-
-
-
-
-
-
-
-
- ssl.c
- 1
- ..\..\..\src\ssl.c
-
-
- 2
- 0
- 0
- 0
- 0
- 0
- 2
- 2
- 2
- 2
- 11
-
-
-
-
-
- 2
- 0
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 0
- 2
- 2
-
-
-
-
-
-
-
-
-
-
-
- tls.c
- 1
- ..\..\..\src\tls.c
-
-
- 2
- 0
- 0
- 0
- 0
- 0
- 2
- 2
- 2
- 2
- 11
-
-
-
-
-
- 2
- 0
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 0
- 2
- 2
-
-
-
-
-
-
-
-
-
-
-
- ssl-dummy.c
- 1
- ..\MDK-ARM\CyaSSL\ssl-dummy.c
-
-
-
-
- Crypt/Cipher Library
-
-
- aes.c
- 1
- ..\..\..\ctaocrypt\src\aes.c
-
-
- arc4.c
- 1
- ..\..\..\ctaocrypt\src\arc4.c
-
-
- asm.c
- 1
- ..\..\..\ctaocrypt\src\asm.c
-
-
- asn.c
- 1
- ..\..\..\ctaocrypt\src\asn.c
-
-
- camellia.c
- 1
- ..\..\..\ctaocrypt\src\camellia.c
-
-
- coding.c
- 1
- ..\..\..\ctaocrypt\src\coding.c
-
-
- des3.c
- 1
- ..\..\..\ctaocrypt\src\des3.c
-
-
- dh.c
- 1
- ..\..\..\ctaocrypt\src\dh.c
-
-
- dsa.c
- 1
- ..\..\..\ctaocrypt\src\dsa.c
-
-
- ecc.c
- 1
- ..\..\..\ctaocrypt\src\ecc.c
-
-
- ecc_fp.c
- 1
- ..\..\..\ctaocrypt\src\ecc_fp.c
-
-
- error.c
- 1
- ..\..\..\ctaocrypt\src\error.c
-
-
- hc128.c
- 1
- ..\..\..\ctaocrypt\src\hc128.c
-
-
- hmac.c
- 1
- ..\..\..\ctaocrypt\src\hmac.c
-
-
- integer.c
- 1
- ..\..\..\ctaocrypt\src\integer.c
-
-
- logging.c
- 1
- ..\..\..\ctaocrypt\src\logging.c
-
-
- md2.c
- 1
- ..\..\..\ctaocrypt\src\md2.c
-
-
- md4.c
- 1
- ..\..\..\ctaocrypt\src\md4.c
-
-
- md5.c
- 1
- ..\..\..\ctaocrypt\src\md5.c
-
-
- memory.c
- 1
- ..\..\..\ctaocrypt\src\memory.c
-
-
- misc.c
- 1
- ..\..\..\ctaocrypt\src\misc.c
-
-
- wc_port.c
- 1
- ..\..\..\ctaocrypt\src\wc_port.c
-
-
- pwdbased.c
- 1
- ..\..\..\ctaocrypt\src\pwdbased.c
-
-
- rabbit.c
- 1
- ..\..\..\ctaocrypt\src\rabbit.c
-
-
- random.c
- 1
- ..\..\..\ctaocrypt\src\random.c
-
-
- ripemd.c
- 1
- ..\..\..\ctaocrypt\src\ripemd.c
-
-
- rsa.c
- 1
- ..\..\..\ctaocrypt\src\rsa.c
-
-
- sha.c
- 1
- ..\..\..\ctaocrypt\src\sha.c
-
-
- sha256.c
- 1
- ..\..\..\ctaocrypt\src\sha256.c
-
-
- sha512.c
- 1
- ..\..\..\ctaocrypt\src\sha512.c
-
-
- tfm.c
- 1
- ..\..\..\ctaocrypt\src\tfm.c
+ FS_CM3.lib
+ 4
+ C:\Keil_v5\ARM\RV31\LIB\FS_CM3.lib
Configuration
-
- File_Config.c
- 1
- ..\MDK-ARM\config\File_Config.c
-
Net_Config.c
1
- ..\MDK-ARM\config\Net_Config.c
+ C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\TCPnet\Http_demo\Net_Config.c
2
@@ -2199,6 +1442,7 @@
11
+ 1
@@ -2215,6 +1459,8 @@
0
2
2
+ 2
+ 2
@@ -2228,12 +1474,12 @@
config.h
5
- ..\MDK-ARM\CyaSSL\config.h
+ ..\MDK-ARM\wolfSSL\config.h
- RTX_Conf_CM.c
+ RTX_Config.c
1
- ..\MDK-ARM\config\RTX_Conf_CM.c
+ C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\TCPnet\Http_demo\RTX_Config.c
2
@@ -2249,6 +1495,7 @@
11
+ 1
@@ -2265,6 +1512,8 @@
0
2
2
+ 2
+ 2
@@ -2278,7 +1527,7 @@
Net_Debug.c
1
- ..\MDK-ARM\config\Net_Debug.c
+ C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\TCPnet\Http_demo\Net_Debug.c
2
@@ -2294,6 +1543,7 @@
11
+ 1
@@ -2310,6 +1560,8 @@
0
2
2
+ 2
+ 2
@@ -2323,42 +1575,72 @@
config-FS.h
5
- ..\MDK-ARM\CyaSSL\config-FS.h
+ ..\MDK-ARM\wolfSSL\config-FS.h
config-RTX-TCP-FS.h
5
- ..\MDK-ARM\CyaSSL\config-RTX-TCP-FS.h
+ ..\MDK-ARM\wolfSSL\config-RTX-TCP-FS.h
config-BARE-METAL.h
5
- ..\MDK-ARM\CyaSSL\config-BARE-METAL.h
+ ..\MDK-ARM\wolfSSL\config-BARE-METAL.h
startup_stm32f2xx.s
2
- ..\MDK-ARM\config\startup_stm32f2xx.s
+ C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\TCPnet\Http_demo\startup_stm32f2xx.s
+
+
+ File_Config.c
+ 1
+ C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\FlashFS\SD_File\File_Config.c
+
+
+ config-WOLFLIB.h
+ 5
+ ..\MDK-ARM\wolfSSL\config-WOLFLIB.h
- CyaSSL-MDK
+ wolfSSL-MDK
-
- cyassl_MDK_ARM.c
- 1
- ..\MDK-ARM\CyaSSL\cyassl_MDK_ARM.c
-
Retarget.c
1
- ..\MDK-ARM\CyaSSL\Retarget.c
+ ..\MDK-ARM\wolfSSL\Retarget.c
- time-STM32F2xx.c
+ time-CortexM3-4.c
1
- ..\STM32F2xx_StdPeriph_Lib\time-STM32F2xx.c
+ ..\MDK-ARM\wolfSSL\time-CortexM3-4.c
+
+
+ time-dummy.c
+ 1
+ ..\MDK-ARM\wolfSSL\time-dummy.c
+
+
+ wolfssl_MDK_ARM.c
+ 1
+ ..\MDK-ARM\wolfSSL\wolfssl_MDK_ARM.c
+
+
+ Serial.c
+ 1
+ C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\Blinky_ULp\Serial.c
+
+
+
+
+ wolfSSL-Lib
+
+
+ wolfSSL.lib
+ 4
+ .\wolfSSL-lib\wolfSSL.lib
@@ -2388,6 +1670,7 @@
SFD\ST\STM32F2xx\STM32F20x.sfr
+ 0
0
@@ -2401,8 +1684,8 @@
0
1
- .\MDK-BARE-METAL\
- STM32F2xx-MDK-BARE-METAL
+ .\MDK-BAREMETAL\
+ STM32F2xx-BARE-METAL
1
0
0
@@ -2429,6 +1712,8 @@
0
0
+ 0
+ 0
0
@@ -2455,6 +1740,7 @@
3
+ 1
SARMCM3.DLL
@@ -2484,6 +1770,7 @@
1
1
0
+ 1
1
@@ -2495,9 +1782,10 @@
0
1
0
+ 1
0
- 9
+ 1
@@ -2510,8 +1798,8 @@
- ..\MDK-ARM\config\STM32_SWO.ini
- BIN\ULP2CM3.DLL
+ ..\..\..\..\..\..\..\Keil\ARM\Boards\Keil\MCBSTM32F200\Blinky_ULp\STM32_SWO.ini
+ BIN\UL2CM3.DLL
@@ -2523,10 +1811,14 @@
1
4100
- 0
+ 1
BIN\ULP2CM3.DLL
"" ()
+
+
+
+ 0
@@ -2542,11 +1834,11 @@
1
1
0
- 1
+ 0
1
0
0
- 1
+ 0
1
1
1
@@ -2705,11 +1997,13 @@
0
0
0
+ 0
+ 0
HAVE_CONFIG_H CYASSL_STM32F2xx __DBG_ITM MDK_CONF_BARE_METAL
- ..\MDK-ARM\CyaSSL;..\MDK-ARM\inc;..\STM32F2xx_StdPeriph_Lib\inc;..\POSIX;..\..\..\
+ ..\MDK-ARM\wolfSSL;..\MDK-ARM\inc;..\..\..\
@@ -2721,6 +2015,7 @@
0
0
0
+ 0
@@ -2737,6 +2032,7 @@
0
0x08000000
0x20000000
+
@@ -2748,108 +2044,8 @@
- CyaSSL Apps
+ wolfSSL Apps
-
- echoclient.c
- 1
- ..\..\..\examples\echoclient\echoclient.c
-
-
- 2
- 0
- 0
- 0
- 0
- 0
- 2
- 2
- 2
- 2
- 11
-
-
-
-
-
- 2
- 0
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 0
- 2
- 2
-
-
-
-
-
-
-
-
-
-
-
- echoserver.c
- 1
- ..\..\..\examples\echoserver\echoserver.c
-
-
- 2
- 0
- 0
- 0
- 0
- 0
- 2
- 2
- 2
- 2
- 11
-
-
-
-
-
- 2
- 0
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 0
- 2
- 2
-
-
-
-
-
-
-
-
-
-
-
- test.c
- 1
- ..\..\..\ctaocrypt\test\test.c
-
-
- benchmark.c
- 1
- ..\..\..\ctaocrypt\benchmark\benchmark.c
-
client.c
1
@@ -2869,6 +2065,7 @@
11
+ 1
@@ -2885,6 +2082,56 @@
0
2
2
+ 2
+ 2
+
+
+
+
+
+
+
+
+
+
+
+ shell.c
+ 1
+ ..\MDK-ARM\wolfSSL\shell.c
+
+
+ 2
+ 0
+ 0
+ 0
+ 0
+ 1
+ 2
+ 2
+ 2
+ 2
+ 11
+
+
+ 1
+
+
+
+ 2
+ 0
+ 2
+ 2
+ 2
+ 2
+ 2
+ 2
+ 2
+ 2
+ 2
+ 2
+ 2
+ 2
+ 2
@@ -2914,6 +2161,7 @@
11
+ 1
@@ -2930,6 +2178,8 @@
0
2
2
+ 2
+ 2
@@ -2940,106 +2190,212 @@
-
- shell.c
- 1
- ..\MDK-ARM\CyaSSL\shell.c
-
main.c
1
- ..\MDK-ARM\CyaSSL\main.c
+ ..\MDK-ARM\wolfSSL\main.c
+
+
+ 2
+ 0
+ 0
+ 0
+ 0
+ 1
+ 2
+ 2
+ 2
+ 2
+ 11
+
+
+ 1
+
+
+
+ 2
+ 0
+ 2
+ 2
+ 2
+ 2
+ 2
+ 2
+ 2
+ 2
+ 2
+ 2
+ 2
+ 2
+ 2
+
+
+
+
+
+
+
+
+
- cert_data.c
+ test.c
1
- ..\MDK-ARM\CyaSSL\cert_data.c
+ ..\..\..\wolfcrypt\test\test.c
+
+
+ benchmark.c
+ 1
+ ..\..\..\wolfcrypt\benchmark\benchmark.c
+
+
+ 2
+ 0
+ 0
+ 0
+ 0
+ 1
+ 2
+ 2
+ 2
+ 2
+ 11
+
+
+ 1
+
+
+
+ 2
+ 0
+ 2
+ 2
+ 2
+ 2
+ 2
+ 2
+ 2
+ 2
+ 2
+ 2
+ 2
+ 2
+ 2
+
+
+
+
+
+
+
+
+
+
+
+ echoclient.c
+ 1
+ ..\..\..\examples\echoclient\echoclient.c
+
+
+ 2
+ 0
+ 0
+ 0
+ 0
+ 0
+ 2
+ 2
+ 2
+ 2
+ 11
+
+
+ 1
+
+
+
+ 2
+ 0
+ 2
+ 2
+ 2
+ 2
+ 2
+ 2
+ 2
+ 2
+ 2
+ 2
+ 2
+ 2
+ 2
+
+
+
+
+
+
+
+
+
+
+
+ echoserver.c
+ 1
+ ..\..\..\examples\echoserver\echoserver.c
+
+
+ 2
+ 0
+ 0
+ 0
+ 0
+ 0
+ 2
+ 2
+ 2
+ 2
+ 11
+
+
+ 1
+
+
+
+ 2
+ 0
+ 2
+ 2
+ 2
+ 2
+ 2
+ 2
+ 2
+ 2
+ 2
+ 2
+ 2
+ 2
+ 2
+
+
+
+
+
+
+
+
+
-
- STM32F2xx_StdPeriph_Lib
-
MDK-ARM
-
- Serial.c
- 1
- c:\Keil\ARM\Boards\Keil\MCBSTM32F200\RL\FlashFS\SD_File\Serial.c
-
-
- SDIO_STM32F2xx.c
- 1
- c:\Keil\ARM\RL\FlashFS\Drivers\SDIO_STM32F2xx.c
-
-
- 2
- 0
- 0
- 0
- 0
- 0
- 2
- 2
- 2
- 2
- 11
-
-
-
-
-
- 2
- 0
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 0
- 2
- 2
-
-
-
-
-
-
-
-
-
-
-
- FS_CM3.lib
- 4
- c:\Keil\ARM\RV31\LIB\FS_CM3.lib
-
-
- 2
- 0
- 0
- 0
- 0
- 0
- 2
- 2
- 2
- 2
- 11
-
-
-
-
-
-
RTX_CM3.lib
4
- c:\Keil\ARM\RV31\LIB\\RTX_CM3.lib
+ c:\Keil_v5\ARM\RV31\LIB\\RTX_CM3.lib
2
@@ -3047,7 +2403,7 @@
0
0
0
- 0
+ 1
2
2
2
@@ -3055,6 +2411,7 @@
11
+ 1
@@ -3062,7 +2419,7 @@
ETH_STM32F2xx.c
1
- c:\Keil\ARM\RL\TCPnet\Drivers\ETH_STM32F2xx.c
+ c:\Keil_v5\ARM\RL\TCPnet\Drivers\ETH_STM32F2xx.c
2
@@ -3078,6 +2435,7 @@
11
+ 1
@@ -3094,6 +2452,8 @@
0
2
2
+ 2
+ 2
@@ -3107,7 +2467,7 @@
TCPD_CM3.lib
4
- c:\Keil\ARM\RV31\LIB\TCPD_CM3.lib
+ c:\Keil_v5\ARM\RV31\LIB\TCPD_CM3.lib
2
@@ -3123,6 +2483,7 @@
11
+ 1
@@ -3130,7 +2491,7 @@
TCP_CM3.lib
4
- c:\Keil\ARM\RV31\LIB\TCP_CM3.lib
+ c:\Keil_v5\ARM\RV31\LIB\TCP_CM3.lib
2
@@ -3146,6 +2507,7 @@
11
+ 1
@@ -3153,17 +2515,12 @@
system_stm32f2xx.c
1
- C:\Keil\ARM\Startup\ST\STM32F2xx\system_stm32f2xx.c
+ C:\Keil_v5\ARM\Startup\ST\STM32F2xx\system_stm32f2xx.c
-
-
-
- CyaSSL Library
-
- crl.c
+ SDIO_STM32F2xx.c
1
- ..\..\..\src\crl.c
+ C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\FlashFS\SD_File\SDIO_STM32F2xx.c
2
@@ -3179,6 +2536,7 @@
11
+ 1
@@ -3192,9 +2550,11 @@
2
2
2
- 0
+ 2
2
2
+ 2
+ 2
@@ -3206,579 +2566,19 @@
- internal.c
- 1
- ..\..\..\src\internal.c
-
-
- 2
- 0
- 0
- 0
- 0
- 0
- 2
- 2
- 2
- 2
- 11
-
-
-
-
-
- 2
- 0
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 0
- 2
- 2
-
-
-
-
-
-
-
-
-
-
-
- io.c
- 1
- ..\..\..\src\io.c
-
-
- 2
- 0
- 0
- 0
- 0
- 0
- 2
- 2
- 2
- 2
- 11
-
-
-
-
-
- 2
- 0
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 0
- 2
- 2
-
-
-
-
-
-
-
-
-
-
-
- keys.c
- 1
- ..\..\..\src\keys.c
-
-
- 2
- 0
- 0
- 0
- 0
- 0
- 2
- 2
- 2
- 2
- 11
-
-
-
-
-
- 2
- 0
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 0
- 2
- 2
-
-
-
-
-
-
-
-
-
-
-
- ocsp.c
- 1
- ..\..\..\src\ocsp.c
-
-
- 2
- 0
- 0
- 0
- 0
- 0
- 2
- 2
- 2
- 2
- 11
-
-
-
-
-
- 2
- 0
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 0
- 2
- 2
-
-
-
-
-
-
-
-
-
-
-
- sniffer.c
- 1
- ..\..\..\src\sniffer.c
-
-
- 2
- 0
- 0
- 0
- 0
- 0
- 2
- 2
- 2
- 2
- 11
-
-
-
-
-
- 2
- 0
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 0
- 2
- 2
-
-
-
-
-
-
-
-
-
-
-
- ssl.c
- 1
- ..\..\..\src\ssl.c
-
-
- 2
- 0
- 0
- 0
- 0
- 0
- 2
- 2
- 2
- 2
- 11
-
-
-
-
-
- 2
- 0
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 0
- 2
- 2
-
-
-
-
-
-
-
-
-
-
-
- tls.c
- 1
- ..\..\..\src\tls.c
-
-
- 2
- 0
- 0
- 0
- 0
- 0
- 2
- 2
- 2
- 2
- 11
-
-
-
-
-
- 2
- 0
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 0
- 2
- 2
-
-
-
-
-
-
-
-
-
-
-
- ssl-dummy.c
- 1
- ..\MDK-ARM\CyaSSL\ssl-dummy.c
-
-
-
-
- Crypt/Cipher Library
-
-
- aes.c
- 1
- ..\..\..\ctaocrypt\src\aes.c
-
-
- arc4.c
- 1
- ..\..\..\ctaocrypt\src\arc4.c
-
-
- asm.c
- 1
- ..\..\..\ctaocrypt\src\asm.c
-
-
- asn.c
- 1
- ..\..\..\ctaocrypt\src\asn.c
-
-
- camellia.c
- 1
- ..\..\..\ctaocrypt\src\camellia.c
-
-
- coding.c
- 1
- ..\..\..\ctaocrypt\src\coding.c
-
-
- des3.c
- 1
- ..\..\..\ctaocrypt\src\des3.c
-
-
- dh.c
- 1
- ..\..\..\ctaocrypt\src\dh.c
-
-
- dsa.c
- 1
- ..\..\..\ctaocrypt\src\dsa.c
-
-
- ecc.c
- 1
- ..\..\..\ctaocrypt\src\ecc.c
-
-
- ecc_fp.c
- 1
- ..\..\..\ctaocrypt\src\ecc_fp.c
-
-
- error.c
- 1
- ..\..\..\ctaocrypt\src\error.c
-
-
- hc128.c
- 1
- ..\..\..\ctaocrypt\src\hc128.c
-
-
- hmac.c
- 1
- ..\..\..\ctaocrypt\src\hmac.c
-
-
- integer.c
- 1
- ..\..\..\ctaocrypt\src\integer.c
-
-
- logging.c
- 1
- ..\..\..\ctaocrypt\src\logging.c
-
-
- md2.c
- 1
- ..\..\..\ctaocrypt\src\md2.c
-
-
- md4.c
- 1
- ..\..\..\ctaocrypt\src\md4.c
-
-
- md5.c
- 1
- ..\..\..\ctaocrypt\src\md5.c
-
-
- memory.c
- 1
- ..\..\..\ctaocrypt\src\memory.c
-
-
- misc.c
- 1
- ..\..\..\ctaocrypt\src\misc.c
-
-
- wc_port.c
- 1
- ..\..\..\ctaocrypt\src\wc_port.c
-
-
- pwdbased.c
- 1
- ..\..\..\ctaocrypt\src\pwdbased.c
-
-
- rabbit.c
- 1
- ..\..\..\ctaocrypt\src\rabbit.c
-
-
- random.c
- 1
- ..\..\..\ctaocrypt\src\random.c
-
-
- ripemd.c
- 1
- ..\..\..\ctaocrypt\src\ripemd.c
-
-
- rsa.c
- 1
- ..\..\..\ctaocrypt\src\rsa.c
-
-
- sha.c
- 1
- ..\..\..\ctaocrypt\src\sha.c
-
-
- sha256.c
- 1
- ..\..\..\ctaocrypt\src\sha256.c
-
-
- sha512.c
- 1
- ..\..\..\ctaocrypt\src\sha512.c
-
-
- tfm.c
- 1
- ..\..\..\ctaocrypt\src\tfm.c
-
-
- 2
- 0
- 0
- 0
- 0
- 0
- 2
- 2
- 2
- 2
- 11
-
-
-
-
-
- 2
- 0
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 0
- 2
- 2
-
-
-
-
-
-
-
-
-
+ FS_CM3.lib
+ 4
+ C:\Keil_v5\ARM\RV31\LIB\FS_CM3.lib
Configuration
-
- File_Config.c
- 1
- ..\MDK-ARM\config\File_Config.c
-
-
- 2
- 0
- 0
- 0
- 0
- 0
- 2
- 2
- 2
- 2
- 11
-
-
-
-
-
- 2
- 0
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 2
- 0
- 2
- 2
-
-
-
-
-
-
-
-
-
-
Net_Config.c
1
- ..\MDK-ARM\config\Net_Config.c
+ C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\TCPnet\Http_demo\Net_Config.c
2
@@ -3794,6 +2594,7 @@
11
+ 1
@@ -3810,6 +2611,8 @@
0
2
2
+ 2
+ 2
@@ -3823,12 +2626,12 @@
config.h
5
- ..\MDK-ARM\CyaSSL\config.h
+ ..\MDK-ARM\wolfSSL\config.h
- RTX_Conf_CM.c
+ RTX_Config.c
1
- ..\MDK-ARM\config\RTX_Conf_CM.c
+ C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\TCPnet\Http_demo\RTX_Config.c
2
@@ -3844,6 +2647,7 @@
11
+ 1
@@ -3860,6 +2664,8 @@
0
2
2
+ 2
+ 2
@@ -3873,7 +2679,7 @@
Net_Debug.c
1
- ..\MDK-ARM\config\Net_Debug.c
+ C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\TCPnet\Http_demo\Net_Debug.c
2
@@ -3889,6 +2695,7 @@
11
+ 1
@@ -3905,6 +2712,8 @@
0
2
2
+ 2
+ 2
@@ -3918,42 +2727,244 @@
config-FS.h
5
- ..\MDK-ARM\CyaSSL\config-FS.h
+ ..\MDK-ARM\wolfSSL\config-FS.h
config-RTX-TCP-FS.h
5
- ..\MDK-ARM\CyaSSL\config-RTX-TCP-FS.h
+ ..\MDK-ARM\wolfSSL\config-RTX-TCP-FS.h
config-BARE-METAL.h
5
- ..\MDK-ARM\CyaSSL\config-BARE-METAL.h
+ ..\MDK-ARM\wolfSSL\config-BARE-METAL.h
startup_stm32f2xx.s
2
- ..\MDK-ARM\config\startup_stm32f2xx.s
+ C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\TCPnet\Http_demo\startup_stm32f2xx.s
+
+
+ File_Config.c
+ 1
+ C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\FlashFS\SD_File\File_Config.c
+
+
+ 2
+ 0
+ 0
+ 0
+ 0
+ 0
+ 2
+ 2
+ 2
+ 2
+ 11
+
+
+ 1
+
+
+
+ 2
+ 0
+ 2
+ 2
+ 2
+ 2
+ 2
+ 2
+ 2
+ 2
+ 2
+ 2
+ 2
+ 2
+ 2
+
+
+
+
+
+
+
+
+
+
+
+ config-WOLFLIB.h
+ 5
+ ..\MDK-ARM\wolfSSL\config-WOLFLIB.h
- CyaSSL-MDK
+ wolfSSL-MDK
-
- cyassl_MDK_ARM.c
- 1
- ..\MDK-ARM\CyaSSL\cyassl_MDK_ARM.c
-
Retarget.c
1
- ..\MDK-ARM\CyaSSL\Retarget.c
+ ..\MDK-ARM\wolfSSL\Retarget.c
+
+
+ 2
+ 0
+ 0
+ 0
+ 0
+ 1
+ 2
+ 2
+ 2
+ 2
+ 11
+
+
+ 1
+
+
+
+ 2
+ 0
+ 2
+ 2
+ 2
+ 2
+ 2
+ 2
+ 2
+ 2
+ 2
+ 2
+ 2
+ 2
+ 2
+
+
+
+
+
+
+
+
+
- time-STM32F2xx.c
+ time-CortexM3-4.c
1
- ..\STM32F2xx_StdPeriph_Lib\time-STM32F2xx.c
+ ..\MDK-ARM\wolfSSL\time-CortexM3-4.c
+
+
+ time-dummy.c
+ 1
+ ..\MDK-ARM\wolfSSL\time-dummy.c
+
+
+ 2
+ 0
+ 0
+ 0
+ 0
+ 1
+ 2
+ 2
+ 2
+ 2
+ 11
+
+
+ 1
+
+
+
+ 2
+ 0
+ 2
+ 2
+ 2
+ 2
+ 2
+ 2
+ 2
+ 2
+ 2
+ 2
+ 2
+ 2
+ 2
+
+
+
+
+
+
+
+
+
+
+
+ wolfssl_MDK_ARM.c
+ 1
+ ..\MDK-ARM\wolfSSL\wolfssl_MDK_ARM.c
+
+
+ 2
+ 0
+ 0
+ 0
+ 0
+ 1
+ 2
+ 2
+ 2
+ 2
+ 11
+
+
+ 1
+
+
+
+ 2
+ 0
+ 2
+ 2
+ 2
+ 2
+ 2
+ 2
+ 2
+ 2
+ 2
+ 2
+ 2
+ 2
+ 2
+
+
+
+
+
+
+
+
+
+
+
+ Serial.c
+ 1
+ C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\Blinky_ULp\Serial.c
+
+
+
+
+ wolfSSL-Lib
+
+
+ wolfSSL.lib
+ 4
+ .\wolfSSL-lib\wolfSSL.lib
diff --git a/IDE/MDK-ARM/Projects/MDK-ARM-LPC43xx.uvopt b/IDE/MDK-ARM/Projects/MDK-ARM-wolfSSL-Lib.uvopt
similarity index 55%
rename from IDE/MDK-ARM/Projects/MDK-ARM-LPC43xx.uvopt
rename to IDE/MDK-ARM/Projects/MDK-ARM-wolfSSL-Lib.uvopt
index 1e83de18e..69f64de42 100644
--- a/IDE/MDK-ARM/Projects/MDK-ARM-LPC43xx.uvopt
+++ b/IDE/MDK-ARM/Projects/MDK-ARM-wolfSSL-Lib.uvopt
@@ -13,6 +13,7 @@
*.txt; *.h; *.inc
*.plm
*.cpp
+ 0
@@ -21,16 +22,17 @@
- MDK-RTX-TCP-FS
+ MDK-RTX-TCP-FS-Lib
0x4
ARM-ADS
- 12000000
+ 25000000
1
- 0
- 1
- 0
+ 1
+ 0
+ 1
+ 0
1
@@ -43,7 +45,166 @@
79
66
8
- .\Lst\
+ .\Flash\
+
+
+ 1
+ 1
+ 1
+ 0
+ 1
+ 1
+ 0
+ 1
+ 0
+ 0
+ 0
+ 0
+
+
+ 1
+ 1
+ 1
+ 1
+ 1
+ 1
+ 1
+ 0
+ 0
+
+
+ 1
+ 0
+ 0
+
+ 255
+
+ 0
+ 1
+ 1
+ 1
+ 1
+ 1
+ 1
+ 1
+ 1
+ 1
+ 1
+ 1
+ 1
+ 1
+ 0
+ 1
+ 0
+ 1
+ 1
+ 0
+ 0
+ 7
+
+
+
+
+
+
+
+
+
+ c:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\Blinky_ULp\STM32_SWO.ini
+ BIN\ULP2CM3.DLL
+
+
+
+ 0
+ ARMRTXEVENTFLAGS
+ -L70 -Z18 -C0 -M0 -T1
+
+
+ 0
+ UL2CM3
+ -UM1020ADE -O206 -S8 -C0 -P00 -N00("ARM CoreSight SW-DP") -D00(2BA01477) -L00(0) -TO23 -TC120000000 -TP21 -TDS801F -TDT0 -TDC10 -TIE1 -TIP9 -FO7 -FD20000000 -FC1000 -FN1 -FF0STM32F2xx_1024 -FS08000000 -FL0100000
+
+
+ 0
+ DLGTARM
+ (1010=-1,-1,-1,-1,0)(1007=-1,-1,-1,-1,0)(1008=-1,-1,-1,-1,0)(1009=-1,-1,-1,-1,0)(1012=-1,-1,-1,-1,0)
+
+
+ 0
+ ARMDBGFLAGS
+
+
+
+ 0
+ DLGUARM
+
+
+
+ 0
+ ULP2CM3
+ -UP1135060 -O206 -S8 -C0 -P00 -N00("ARM CoreSight SW-DP") -D00(2BA01477) -L00(0) -TO23 -TC120000000 -TP18 -TDX0 -TDD0 -TDS8000 -TDT0 -TDC1F -TIE1 -TIP1 -FO7 -FD20000000 -FC800 -FN1 -FF0STM32F2xx_1024 -FS08000000 -FL0100000
+
+
+
+
+ 0
+
+
+ 0
+ 0
+ 1
+ 0
+ 0
+ 0
+ 0
+ 1
+ 0
+ 0
+ 0
+ 0
+ 0
+ 0
+ 0
+ 0
+ 0
+ 0
+ 0
+ 1
+ 1
+ 0
+ 0
+ 0
+
+
+
+
+
+
+
+ MDK-FS-Lib
+ 0x4
+ ARM-ADS
+
+ 25000000
+
+ 1
+ 1
+ 1
+ 0
+ 0
+
+
+ 1
+ 65535
+ 0
+ 0
+ 0
+
+
+ 79
+ 66
+ 8
+ .\Flash\
1
@@ -75,17 +236,199 @@
0
1
- 8
-
- SARMCM3.DLL
- -MPU
- DCM.DLL
- -pCM4
- SARMCM3.DLL
- -MPU
- TCM.DLL
- -pCM4
-
+ 255
+
+ 0
+ 1
+ 1
+ 1
+ 1
+ 1
+ 1
+ 1
+ 1
+ 1
+ 1
+ 1
+ 1
+ 1
+ 0
+ 1
+ 0
+ 1
+ 1
+ 0
+ 0
+ 1
+
+
+
+
+
+
+
+
+
+ ..\..\..\..\..\..\..\Keil\ARM\Boards\Keil\MCBSTM32F200\Blinky_ULp\STM32_SWO.ini
+ BIN\UL2CM3.DLL
+
+
+
+ 0
+ ARMRTXEVENTFLAGS
+ -L70 -Z18 -C0 -M0 -T1
+
+
+ 0
+ UL2CM3
+ -UM1020ADE -O207 -S0 -C0 -P00 -N00("ARM CoreSight SW-DP") -D00(2BA01477) -L00(0) -TO23 -TC120000000 -TP21 -TDS801F -TDT0 -TDC1F -TIE1 -TIP9 -FO7 -FD20000000 -FC800 -FN1 -FF0STM32F2xx_1024 -FS08000000 -FL0100000
+
+
+ 0
+ DLGTARM
+ (1010=-1,-1,-1,-1,0)(1007=-1,-1,-1,-1,0)(1008=-1,-1,-1,-1,0)(1009=-1,-1,-1,-1,0)(1012=-1,-1,-1,-1,0)
+
+
+ 0
+ ARMDBGFLAGS
+
+
+
+ 0
+ DLGUARM
+ (105=-1,-1,-1,-1,0)
+
+
+ 0
+ ULP2CM3
+ -UP1135060 -O206 -S0 -C0 -P00 -N00("ARM CoreSight SW-DP") -D00(2BA01477) -L00(0) -TO23 -TC10000000 -TP18 -TDX0 -TDD0 -TDS7 -TDT0 -TDC1F -TIEFFFFFFFF -TIP9 -FO7 -FD20000000 -FC800 -FN1 -FF0STM32F2xx_1024 -FS08000000 -FL0100000
+
+
+
+
+ 0
+ 0
+ 150
+ 1
+ 134219020
+ 0
+ 0
+ 0
+ 0
+ 0
+ 1
+ C:\ROOT\CyaSSL-Support\MDK4\wolfssl-3.4.6\IDE\MDK-ARM\MDK-ARM\wolfSSL\main.c
+
+
+
+
+ 1
+ 0
+ 542
+ 1
+ 0
+ 0
+ 0
+ 0
+ 0
+ 0
+ 0
+ C:\ROOT\CyaSSL-Support\MDK4\wolfssl-3.4.6\IDE\MDK-ARM\MDK-ARM\wolfSSL\shell.c
+
+
+
+
+
+ 0
+
+
+ 0
+ 0
+ 1
+ 0
+ 0
+ 0
+ 0
+ 1
+ 0
+ 0
+ 0
+ 0
+ 0
+ 0
+ 0
+ 0
+ 0
+ 0
+ 0
+ 1
+ 0
+ 0
+ 0
+ 0
+
+
+
+
+
+
+
+ wolfSSL-Lib
+ 0x4
+ ARM-ADS
+
+ 25000000
+
+ 1
+ 1
+ 1
+ 0
+ 0
+
+
+ 1
+ 65535
+ 0
+ 0
+ 0
+
+
+ 79
+ 66
+ 8
+ .\Flash\
+
+
+ 1
+ 1
+ 1
+ 0
+ 1
+ 1
+ 0
+ 1
+ 0
+ 0
+ 0
+ 0
+
+
+ 1
+ 1
+ 1
+ 1
+ 1
+ 1
+ 1
+ 0
+ 0
+
+
+ 1
+ 0
+ 0
+
+ 255
0
1
@@ -104,9 +447,11 @@
0
1
0
+ 1
+ 1
0
0
- 9
+ 1
@@ -116,10 +461,20 @@
- ..\MDK-ARM\config\Dbg_Flash.ini
- BIN\ULP2CM3.DLL
+ ..\..\..\..\..\..\..\Keil\ARM\Boards\Keil\MCBSTM32F200\Blinky_ULp\STM32_SWO.ini
+ BIN\UL2CM3.DLL
+
+ 0
+ ARMRTXEVENTFLAGS
+ -L70 -Z18 -C0 -M0 -T1
+
+
+ 0
+ UL2CM3
+ -UM1020ADE -O79 -S8 -C0 -P00 -N00("ARM CoreSight SW-DP") -D00(2BA01477) -L00(0) -TO23 -TC120000000 -TP21 -TDS801F -TDT0 -TDC1F -TIE1 -TIP9 -FO7 -FD20000000 -FC800 -FN1 -FF0STM32F2xx_1024 -FS08000000 -FL0100000
+
0
DLGTARM
@@ -133,29 +488,48 @@
0
DLGUARM
-
+ (105=-1,-1,-1,-1,0)
0
ULP2CM3
- -UP1135060 -O974 -S8 -C0 -P00 -N00("ARM CoreSight SW-DP") -D00(2BA01477) -L00(0) -TO23 -TC10000000 -TP18 -TDX0 -TDD0 -TDS7 -TDT0 -TDC1F -TIEFFFFFFFF -TIP8 -FO7 -FD10000000 -FC800 -FN2 -FF0LPC18xx43xx_512_BA -FS01A000000 -FL080000 -FF1LPC18xx43xx_512_BB -FS11B000000 -FL180000
+ -UP1135060 -O206 -S8 -C0 -P00 -N00("ARM CoreSight SW-DP") -D00(2BA01477) -L00(0) -TO23 -TC120000000 -TP18 -TDX0 -TDD0 -TDS8000 -TDT0 -TDC1F -TIE1 -TIP1 -FO7 -FD20000000 -FC800 -FN1 -FF0STM32F2xx_1024 -FS08000000 -FL0100000
-
-
-
- 1
- 0
- 0x10005960
-
-
-
-
- 0
- Reset Peripherals
- Per_Reset()
-
-
+
+
+ 0
+ 0
+ 150
+ 1
+ 134218980
+ 0
+ 0
+ 0
+ 0
+ 0
+ 1
+ C:\ROOT\CyaSSL-Support\MDK4\wolfssl-3.4.6\IDE\MDK-ARM\MDK-ARM\wolfSSL\main.c
+
+
+
+
+ 1
+ 0
+ 542
+ 1
+ 0
+ 0
+ 0
+ 0
+ 0
+ 0
+ 0
+ C:\ROOT\CyaSSL-Support\MDK4\wolfssl-3.4.6\IDE\MDK-ARM\MDK-ARM\wolfSSL\shell.c
+
+
+
+
0
@@ -170,347 +544,7 @@
1
0
0
- 1
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- 1
- 0
- 0
- 0
- 0
-
-
-
-
-
-
-
- MDK-FS
- 0x4
- ARM-ADS
-
- 12000000
-
- 1
- 1
- 1
- 0
-
-
- 1
- 65535
- 0
- 0
- 0
-
-
- 79
- 66
- 8
- .\Lst\
-
-
- 1
- 1
- 1
- 0
- 1
- 1
- 0
- 1
- 0
- 0
- 0
- 0
-
-
- 1
- 1
- 1
- 1
- 1
- 1
- 1
- 0
- 0
-
-
- 1
- 0
- 0
-
- 8
-
- SARMCM3.DLL
- -MPU
- DCM.DLL
- -pCM4
- SARMCM3.DLL
- -MPU
- TCM.DLL
- -pCM4
-
-
- 0
- 1
- 1
- 1
- 1
- 1
- 1
- 1
- 1
- 1
- 1
- 1
- 1
- 1
- 0
- 1
- 0
- 0
- 0
- 9
-
-
-
-
-
-
-
-
-
- ..\MDK-ARM\config\Dbg_Flash.ini
- BIN\ULP2CM3.DLL
-
-
-
- 0
- DLGTARM
- (1010=-1,-1,-1,-1,0)(1007=-1,-1,-1,-1,0)(1008=-1,-1,-1,-1,0)(1009=-1,-1,-1,-1,0)(1012=-1,-1,-1,-1,0)
-
-
- 0
- ARMDBGFLAGS
-
-
-
- 0
- DLGUARM
-
-
-
- 0
- ULP2CM3
- -UP1135060 -O974 -S8 -C0 -P00 -N00("ARM CoreSight SW-DP") -D00(2BA01477) -L00(0) -TO23 -TC10000000 -TP18 -TDX0 -TDD0 -TDS7 -TDT0 -TDC1F -TIEFFFFFFFF -TIP8 -FO7 -FD10000000 -FC800 -FN2 -FF0LPC18xx43xx_512_BA -FS01A000000 -FL080000 -FF1LPC18xx43xx_512_BB -FS11B000000 -FL180000
-
-
-
-
-
- 1
- 0
- 0x10005960
-
-
-
-
- 0
- Reset Peripherals
- Per_Reset()
-
-
-
- 0
-
-
- 0
- 0
- 1
- 0
- 0
- 0
- 0
- 1
- 0
- 0
- 1
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- 1
- 0
- 0
- 0
- 0
-
-
-
-
-
-
-
- MDK-BARE-METAL
- 0x4
- ARM-ADS
-
- 12000000
-
- 1
- 1
- 1
- 0
-
-
- 1
- 65535
- 0
- 0
- 0
-
-
- 79
- 66
- 8
- .\Lst\
-
-
- 1
- 1
- 1
- 0
- 1
- 1
- 0
- 1
- 0
- 0
- 0
- 0
-
-
- 1
- 1
- 1
- 1
- 1
- 1
- 1
- 0
- 0
-
-
- 1
- 0
- 0
-
- 8
-
- SARMCM3.DLL
- -MPU
- DCM.DLL
- -pCM4
- SARMCM3.DLL
- -MPU
- TCM.DLL
- -pCM4
-
-
- 0
- 1
- 1
- 1
- 1
- 1
- 1
- 1
- 1
- 1
- 1
- 1
- 1
- 1
- 0
- 1
- 0
- 0
- 0
- 9
-
-
-
-
-
-
-
-
-
- ..\MDK-ARM\config\Dbg_Flash.ini
- BIN\ULP2CM3.DLL
-
-
-
- 0
- DLGTARM
- (1010=-1,-1,-1,-1,0)(1007=-1,-1,-1,-1,0)(1008=-1,-1,-1,-1,0)(1009=-1,-1,-1,-1,0)(1012=-1,-1,-1,-1,0)
-
-
- 0
- ARMDBGFLAGS
-
-
-
- 0
- DLGUARM
-
-
-
- 0
- ULP2CM3
- -UP1135060 -O975 -S8 -C0 -P00 -N00("ARM CoreSight SW-DP") -D00(2BA01477) -L00(0) -TO23 -TC120000000 -TP18 -TDX0 -TDD0 -TDS7 -TDT0 -TDC1F -TIEFFFFFFFF -TIP9 -FO7 -FD10000000 -FC800 -FN2 -FF0LPC18xx43xx_512_BA -FS01A000000 -FL080000 -FF1LPC18xx43xx_512_BB -FS11B000000 -FL180000
-
-
-
-
-
- 1
- 0
- 0x10005960
-
-
-
-
- 0
- Reset Peripherals
- Per_Reset()
-
-
-
- 0
-
-
- 0
- 0
- 1
- 0
- 0
- 0
- 0
- 1
- 0
- 0
- 1
+ 0
0
0
0
@@ -531,24 +565,21 @@
- CyaSSL Apps
- 1
+ Crypt
+ 0
0
0
0
1
1
- 1
+ 5
0
0
- 0
0
- 0
- 0
0
- ..\..\..\examples\echoclient\echoclient.c
- echoclient.c
+ ..\MDK-ARM\wolfSSL\config-FS.h
+ config-FS.h
0
0
@@ -558,13 +589,10 @@
1
0
0
- 0
0
- 0
- 0
0
- ..\..\..\examples\echoserver\echoserver.c
- echoserver.c
+ ..\..\..\wolfcrypt\src\aes.c
+ aes.c
0
0
@@ -574,13 +602,10 @@
1
0
0
- 0
0
- 0
- 0
0
- ..\..\..\ctaocrypt\test\test.c
- test.c
+ ..\..\..\wolfcrypt\src\arc4.c
+ arc4.c
0
0
@@ -590,13 +615,10 @@
1
0
0
- 0
0
- 0
- 0
0
- ..\..\..\ctaocrypt\benchmark\benchmark.c
- benchmark.c
+ ..\..\..\wolfcrypt\src\asm.c
+ asm.c
0
0
@@ -606,13 +628,10 @@
1
0
0
- 0
0
- 0
- 0
0
- ..\..\..\examples\client\client.c
- client.c
+ ..\..\..\wolfcrypt\src\asn.c
+ asn.c
0
0
@@ -622,13 +641,10 @@
1
0
0
- 0
0
- 0
- 0
0
- ..\..\..\examples\server\server.c
- server.c
+ ..\..\..\wolfcrypt\src\blake2b.c
+ blake2b.c
0
0
@@ -638,13 +654,10 @@
1
0
0
- 0
0
- 0
- 0
0
- ..\MDK-ARM\CyaSSL\shell.c
- shell.c
+ ..\..\..\wolfcrypt\src\camellia.c
+ camellia.c
0
0
@@ -654,13 +667,10 @@
1
0
0
- 0
0
- 0
- 0
0
- ..\MDK-ARM\CyaSSL\main.c
- main.c
+ ..\..\..\wolfcrypt\src\chacha.c
+ chacha.c
0
0
@@ -670,242 +680,522 @@
1
0
0
- 0
0
- 0
- 0
0
- ..\MDK-ARM\CyaSSL\cert_data.c
- cert_data.c
+ ..\..\..\wolfcrypt\src\chacha20_poly1305.c
+ chacha20_poly1305.c
0
0
-
-
-
- LPC43xx
- 1
- 0
- 0
- 0
- 2
+ 1
10
1
0
0
- 0
0
- 0
- 0
0
- ..\LPC43xx\Drivers\source\lpc43xx_rtc.c
- lpc43xx_rtc.c
+ ..\..\..\wolfcrypt\src\coding.c
+ coding.c
0
0
- 2
+ 1
11
1
0
0
- 0
0
- 0
- 0
0
- ..\LPC43xx\Drivers\source\lpc43xx_timer.c
- lpc43xx_timer.c
+ ..\..\..\wolfcrypt\src\compress.c
+ compress.c
0
0
- 2
+ 1
12
1
0
0
- 0
0
- 0
- 0
0
- ..\LPC43xx\Drivers\source\lpc43xx_cgu.c
- lpc43xx_cgu.c
+ ..\..\..\wolfcrypt\src\curve25519.c
+ curve25519.c
0
0
- 2
+ 1
13
1
0
0
- 0
0
- 0
- 0
0
- ..\LPC43xx\Drivers\source\lpc43xx_scu.c
- lpc43xx_scu.c
+ ..\..\..\wolfcrypt\src\des3.c
+ des3.c
+ 0
+ 0
+
+
+ 1
+ 14
+ 1
+ 0
+ 0
+ 0
+ 0
+ ..\..\..\wolfcrypt\src\dh.c
+ dh.c
+ 0
+ 0
+
+
+ 1
+ 15
+ 1
+ 0
+ 0
+ 0
+ 0
+ ..\..\..\wolfcrypt\src\dsa.c
+ dsa.c
+ 0
+ 0
+
+
+ 1
+ 16
+ 1
+ 0
+ 0
+ 0
+ 0
+ ..\..\..\wolfcrypt\src\ecc.c
+ ecc.c
+ 0
+ 0
+
+
+ 1
+ 17
+ 1
+ 0
+ 0
+ 0
+ 0
+ ..\..\..\wolfcrypt\src\ecc_fp.c
+ ecc_fp.c
+ 0
+ 0
+
+
+ 1
+ 18
+ 1
+ 0
+ 0
+ 0
+ 0
+ ..\..\..\wolfcrypt\src\ed25519.c
+ ed25519.c
+ 0
+ 0
+
+
+ 1
+ 19
+ 1
+ 0
+ 0
+ 0
+ 0
+ ..\..\..\wolfcrypt\src\error.c
+ error.c
+ 0
+ 0
+
+
+ 1
+ 20
+ 1
+ 0
+ 0
+ 0
+ 0
+ ..\..\..\wolfcrypt\src\fe_operations.c
+ fe_operations.c
+ 0
+ 0
+
+
+ 1
+ 21
+ 1
+ 0
+ 0
+ 0
+ 0
+ ..\..\..\wolfcrypt\src\ge_operations.c
+ ge_operations.c
+ 0
+ 0
+
+
+ 1
+ 22
+ 1
+ 0
+ 0
+ 0
+ 0
+ ..\..\..\wolfcrypt\src\hc128.c
+ hc128.c
+ 0
+ 0
+
+
+ 1
+ 23
+ 1
+ 0
+ 0
+ 0
+ 0
+ ..\..\..\wolfcrypt\src\hmac.c
+ hmac.c
+ 0
+ 0
+
+
+ 1
+ 24
+ 1
+ 0
+ 0
+ 0
+ 0
+ ..\..\..\wolfcrypt\src\integer.c
+ integer.c
+ 0
+ 0
+
+
+ 1
+ 25
+ 1
+ 0
+ 0
+ 0
+ 0
+ ..\..\..\wolfcrypt\src\logging.c
+ logging.c
+ 0
+ 0
+
+
+ 1
+ 26
+ 1
+ 0
+ 0
+ 0
+ 0
+ ..\..\..\wolfcrypt\src\md2.c
+ md2.c
+ 0
+ 0
+
+
+ 1
+ 27
+ 1
+ 0
+ 0
+ 0
+ 0
+ ..\..\..\wolfcrypt\src\md4.c
+ md4.c
+ 0
+ 0
+
+
+ 1
+ 28
+ 1
+ 0
+ 0
+ 0
+ 0
+ ..\..\..\wolfcrypt\src\md5.c
+ md5.c
+ 0
+ 0
+
+
+ 1
+ 29
+ 1
+ 0
+ 0
+ 0
+ 0
+ ..\..\..\wolfcrypt\src\memory.c
+ memory.c
+ 0
+ 0
+
+
+ 1
+ 30
+ 1
+ 0
+ 0
+ 0
+ 0
+ ..\..\..\wolfcrypt\src\pkcs7.c
+ pkcs7.c
+ 0
+ 0
+
+
+ 1
+ 31
+ 1
+ 0
+ 0
+ 0
+ 0
+ ..\..\..\wolfcrypt\src\poly1305.c
+ poly1305.c
+ 0
+ 0
+
+
+ 1
+ 32
+ 1
+ 0
+ 0
+ 0
+ 0
+ ..\..\..\wolfcrypt\src\pwdbased.c
+ pwdbased.c
+ 0
+ 0
+
+
+ 1
+ 33
+ 1
+ 0
+ 0
+ 0
+ 0
+ ..\..\..\wolfcrypt\src\rabbit.c
+ rabbit.c
+ 0
+ 0
+
+
+ 1
+ 34
+ 1
+ 0
+ 0
+ 0
+ 0
+ ..\..\..\wolfcrypt\src\random.c
+ random.c
+ 0
+ 0
+
+
+ 1
+ 35
+ 1
+ 0
+ 0
+ 0
+ 0
+ ..\..\..\wolfcrypt\src\ripemd.c
+ ripemd.c
+ 0
+ 0
+
+
+ 1
+ 36
+ 1
+ 0
+ 0
+ 0
+ 0
+ ..\..\..\wolfcrypt\src\rsa.c
+ rsa.c
+ 0
+ 0
+
+
+ 1
+ 37
+ 1
+ 0
+ 0
+ 0
+ 0
+ ..\..\..\wolfcrypt\src\sha.c
+ sha.c
+ 0
+ 0
+
+
+ 1
+ 38
+ 1
+ 0
+ 0
+ 0
+ 0
+ ..\..\..\wolfcrypt\src\sha256.c
+ sha256.c
+ 0
+ 0
+
+
+ 1
+ 39
+ 1
+ 0
+ 0
+ 0
+ 0
+ ..\..\..\wolfcrypt\src\sha512.c
+ sha512.c
+ 0
+ 0
+
+
+ 1
+ 40
+ 1
+ 1
+ 0
+ 0
+ 0
+ ..\..\..\wolfcrypt\src\tfm.c
+ tfm.c
+ 0
+ 0
+
+
+ 1
+ 41
+ 1
+ 0
+ 0
+ 0
+ 0
+ ..\..\..\wolfcrypt\src\wc_port.c
+ wc_port.c
+ 0
+ 0
+
+
+ 1
+ 42
+ 1
+ 0
+ 0
+ 0
+ 0
+ ..\..\..\wolfcrypt\src\fe_low_mem.c
+ fe_low_mem.c
+ 0
+ 0
+
+
+ 1
+ 43
+ 1
+ 0
+ 0
+ 0
+ 0
+ ..\..\..\wolfcrypt\src\ge_low_mem.c
+ ge_low_mem.c
+ 0
+ 0
+
+
+ 1
+ 44
+ 1
+ 0
+ 0
+ 0
+ 0
+ ..\..\..\wolfcrypt\src\hash.c
+ hash.c
+ 0
+ 0
+
+
+ 1
+ 45
+ 1
+ 0
+ 0
+ 0
+ 0
+ ..\..\..\wolfcrypt\src\misc.c
+ misc.c
+ 0
+ 0
+
+
+ 1
+ 46
+ 1
+ 0
+ 0
+ 0
+ 0
+ ..\..\..\wolfcrypt\src\srp.c
+ srp.c
+ 0
+ 0
+
+
+ 1
+ 47
+ 1
+ 0
+ 0
+ 0
+ 0
+ ..\..\..\wolfcrypt\src\wc_encrypt.c
+ wc_encrypt.c
0
0
- MDK-ARM
+ SSL
1
0
0
0
- 3
- 14
- 4
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- c:\Keil\ARM\RV31\LIB\FS_CM3.lib
- FS_CM3.lib
- 0
- 0
-
-
- 3
- 15
- 4
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- c:\Keil\ARM\RV31\LIB\\RTX_CM3.lib
- RTX_CM3.lib
- 0
- 0
-
-
- 3
- 16
- 4
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- c:\Keil\ARM\RV31\LIB\TCPD_CM3.lib
- TCPD_CM3.lib
- 0
- 0
-
-
- 3
- 17
- 4
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- c:\Keil\ARM\RV31\LIB\TCP_CM3.lib
- TCP_CM3.lib
- 0
- 0
-
-
- 3
- 18
+ 2
+ 48
1
0
0
- 0
0
- 0
- 0
- 0
- C:\Keil\ARM\Boards\Keil\MCB4300\RL\FlashFS\SD_File\Serial.c
- Serial.c
- 0
- 0
-
-
- 3
- 19
- 1
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- C:\Keil\ARM\RL\TCPnet\Drivers\ETH_LPC43xx.c
- ETH_LPC43xx.c
- 0
- 0
-
-
- 3
- 20
- 1
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- C:\Keil\ARM\Boards\Keil\MCB4300\RL\FlashFS\SD_File\SDIO_LPC43xx.c
- SDIO_LPC43xx.c
- 0
- 0
-
-
- 3
- 21
- 1
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- C:\Keil\ARM\Boards\Keil\MCB4300\RL\FlashFS\SD_File\system_LPC43xx.c
- system_LPC43xx.c
- 0
- 0
-
-
-
-
- CyaSSL Library
- 0
- 0
- 0
- 0
-
- 4
- 22
- 1
- 0
- 0
- 0
- 0
- 0
- 0
0
..\..\..\src\crl.c
crl.c
@@ -913,15 +1203,12 @@
0
- 4
- 23
+ 2
+ 49
1
0
0
- 0
0
- 0
- 0
0
..\..\..\src\internal.c
internal.c
@@ -929,15 +1216,12 @@
0
- 4
- 24
+ 2
+ 50
1
0
0
- 0
0
- 0
- 0
0
..\..\..\src\io.c
io.c
@@ -945,15 +1229,12 @@
0
- 4
- 25
+ 2
+ 51
1
0
0
- 0
0
- 0
- 0
0
..\..\..\src\keys.c
keys.c
@@ -961,15 +1242,12 @@
0
- 4
- 26
+ 2
+ 52
1
0
0
- 0
0
- 0
- 0
0
..\..\..\src\ocsp.c
ocsp.c
@@ -977,15 +1255,12 @@
0
- 4
- 27
+ 2
+ 53
1
0
0
- 0
0
- 0
- 0
0
..\..\..\src\sniffer.c
sniffer.c
@@ -993,15 +1268,12 @@
0
- 4
- 28
+ 2
+ 54
1
0
0
- 0
0
- 0
- 0
0
..\..\..\src\ssl.c
ssl.c
@@ -1009,746 +1281,75 @@
0
- 4
- 29
+ 2
+ 55
1
0
0
- 0
0
- 0
- 0
0
..\..\..\src\tls.c
tls.c
0
0
-
- 4
- 30
- 1
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- ..\MDK-ARM\CyaSSL\ssl-dummy.c
- ssl-dummy.c
- 0
- 0
-
- Crypt/Cipher Library
+ Config
1
0
0
0
- 5
- 31
- 1
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- ..\..\..\ctaocrypt\src\aes.c
- aes.c
- 0
- 0
-
-
- 5
- 32
- 1
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- ..\..\..\ctaocrypt\src\arc4.c
- arc4.c
- 0
- 0
-
-
- 5
- 33
- 1
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- ..\..\..\ctaocrypt\src\asm.c
- asm.c
- 0
- 0
-
-
- 5
- 34
- 1
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- ..\..\..\ctaocrypt\src\asn.c
- asn.c
- 0
- 0
-
-
- 5
- 35
- 1
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- ..\..\..\ctaocrypt\src\camellia.c
- camellia.c
- 0
- 0
-
-
- 5
- 36
- 1
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- ..\..\..\ctaocrypt\src\coding.c
- coding.c
- 0
- 0
-
-
- 5
- 37
- 1
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- ..\..\..\ctaocrypt\src\des3.c
- des3.c
- 0
- 0
-
-
- 5
- 38
- 1
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- ..\..\..\ctaocrypt\src\dh.c
- dh.c
- 0
- 0
-
-
- 5
- 39
- 1
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- ..\..\..\ctaocrypt\src\dsa.c
- dsa.c
- 0
- 0
-
-
- 5
- 40
- 1
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- ..\..\..\ctaocrypt\src\ecc.c
- ecc.c
- 0
- 0
-
-
- 5
- 41
- 1
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- ..\..\..\ctaocrypt\src\ecc_fp.c
- ecc_fp.c
- 0
- 0
-
-
- 5
- 42
- 1
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- ..\..\..\ctaocrypt\src\error.c
- error.c
- 0
- 0
-
-
- 5
- 43
- 1
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- ..\..\..\ctaocrypt\src\hc128.c
- hc128.c
- 0
- 0
-
-
- 5
- 44
- 1
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- ..\..\..\ctaocrypt\src\hmac.c
- hmac.c
- 0
- 0
-
-
- 5
- 45
- 1
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- ..\..\..\ctaocrypt\src\integer.c
- integer.c
- 0
- 0
-
-
- 5
- 46
- 1
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- ..\..\..\ctaocrypt\src\logging.c
- logging.c
- 0
- 0
-
-
- 5
- 47
- 1
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- ..\..\..\ctaocrypt\src\md2.c
- md2.c
- 0
- 0
-
-
- 5
- 48
- 1
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- ..\..\..\ctaocrypt\src\md4.c
- md4.c
- 0
- 0
-
-
- 5
- 49
- 1
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- ..\..\..\ctaocrypt\src\md5.c
- md5.c
- 0
- 0
-
-
- 5
- 50
- 1
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- ..\..\..\ctaocrypt\src\memory.c
- memory.c
- 0
- 0
-
-
- 5
- 51
- 1
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- ..\..\..\ctaocrypt\src\misc.c
- misc.c
- 0
- 0
-
-
- 5
- 52
- 1
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- ..\..\..\ctaocrypt\src\pwdbased.c
- pwdbased.c
- 0
- 0
-
-
- 5
- 53
- 1
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- ..\..\..\ctaocrypt\src\rabbit.c
- rabbit.c
- 0
- 0
-
-
- 5
- 54
- 1
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- ..\..\..\ctaocrypt\src\random.c
- random.c
- 0
- 0
-
-
- 5
- 55
- 1
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- ..\..\..\ctaocrypt\src\ripemd.c
- ripemd.c
- 0
- 0
-
-
- 5
+ 3
56
- 1
+ 5
0
0
- 0
0
- 0
- 0
0
- ..\..\..\ctaocrypt\src\rsa.c
- rsa.c
+ .\Readme.txt
+ Readme.txt
0
0
- 5
+ 3
57
- 1
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- ..\..\..\ctaocrypt\src\sha.c
- sha.c
- 0
- 0
-
-
- 5
- 58
- 1
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- ..\..\..\ctaocrypt\src\sha256.c
- sha256.c
- 0
- 0
-
-
- 5
- 59
- 1
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- ..\..\..\ctaocrypt\src\sha512.c
- sha512.c
- 0
- 0
-
-
- 5
- 60
- 1
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- ..\..\..\ctaocrypt\src\tfm.c
- tfm.c
- 0
- 0
-
-
- 5
- 61
- 1
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- ..\..\..\ctaocrypt\src\wc_port.c
- wc_port.c
- 0
- 0
-
-
-
-
- Configuration
- 1
- 0
- 0
- 0
-
- 6
- 62
- 1
- 0
- 0
- 1
- 0
- 0
- 0
- 0
- ..\MDK-ARM\config\File_Config.c
- File_Config.c
- 0
- 0
-
-
- 6
- 63
- 1
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- ..\MDK-ARM\config\Net_Config.c
- Net_Config.c
- 0
- 0
-
-
- 6
- 64
5
0
0
- 0
0
- 0
- 0
0
- ..\MDK-ARM\CyaSSL\config.h
- config.h
- 0
- 0
-
-
- 6
- 65
- 1
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- ..\MDK-ARM\config\RTX_Conf_CM.c
- RTX_Conf_CM.c
- 0
- 0
-
-
- 6
- 66
- 1
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- ..\MDK-ARM\config\Net_Debug.c
- Net_Debug.c
- 0
- 0
-
-
- 6
- 67
- 5
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- ..\MDK-ARM\CyaSSL\config-FS.h
- config-FS.h
- 0
- 0
-
-
- 6
- 68
- 5
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- ..\MDK-ARM\CyaSSL\config-RTX-TCP-FS.h
- config-RTX-TCP-FS.h
- 0
- 0
-
-
- 6
- 69
- 5
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- ..\MDK-ARM\CyaSSL\config-BARE-METAL.h
+ ..\MDK-ARM\wolfSSL\config-BARE-METAL.h
config-BARE-METAL.h
0
0
- 6
- 70
- 2
+ 3
+ 58
+ 5
0
0
- 0
0
- 0
- 0
0
- ..\LPC43xx\startup_LPC43xx.s
- startup_LPC43xx.s
- 0
- 0
-
-
-
-
- CyaSSL-MDK
- 1
- 0
- 0
- 0
-
- 7
- 71
- 1
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- ..\MDK-ARM\CyaSSL\cyassl_MDK_ARM.c
- cyassl_MDK_ARM.c
+ ..\MDK-ARM\wolfSSL\config-RTX-TCP-FS.h
+ config-RTX-TCP-FS.h
0
0
- 7
- 72
- 1
+ 3
+ 59
+ 5
0
0
- 8
0
- 0
- 0
0
- ..\MDK-ARM\CyaSSL\Retarget.c
- Retarget.c
- 0
- 0
-
-
- 7
- 73
- 1
- 0
- 0
- 0
- 0
- 0
- 0
- 0
- ..\LPC43xx\time-LCP43xx.c
- time-LCP43xx.c
+ ..\MDK-ARM\wolfSSL\config-WOLFLIB.h
+ config-WOLFLIB.h
0
0
diff --git a/IDE/MDK-ARM/Projects/MDK-ARM-wolfSSL-Lib.uvproj b/IDE/MDK-ARM/Projects/MDK-ARM-wolfSSL-Lib.uvproj
new file mode 100644
index 000000000..7997abb80
--- /dev/null
+++ b/IDE/MDK-ARM/Projects/MDK-ARM-wolfSSL-Lib.uvproj
@@ -0,0 +1,2138 @@
+
+
+
+ 1.1
+
+ ### uVision Project, (C) Keil Software
+
+
+
+ MDK-RTX-TCP-FS-Lib
+ 0x4
+ ARM-ADS
+
+
+ STM32F207IG
+ STMicroelectronics
+ IRAM(0x20000000-0x2001FFFF) IROM(0x8000000-0x80FFFFF) CLOCK(25000000) CPUTYPE("Cortex-M3")
+
+ "STARTUP\ST\STM32F2xx\startup_stm32f2xx.s" ("STM32F2xx Startup Code")
+ UL2CM3(-O207 -S0 -C0 -FO7 -FD20000000 -FC800 -FN1 -FF0STM32F2xx_1024 -FS08000000 -FL0100000)
+ 5124
+ stm32f2xx.h
+
+
+
+
+
+
+
+
+
+ SFD\ST\STM32F2xx\STM32F20x.sfr
+ 0
+ 0
+
+
+
+ ST\STM32F2xx\
+ ST\STM32F2xx\
+
+ 0
+ 0
+ 0
+ 0
+ 1
+
+ .\wolfSSL-Lib\
+ wolfSSL
+ 0
+ 1
+ 0
+ 1
+ 1
+ .\Flash\
+ 1
+ 0
+ 0
+
+ 0
+ 0
+
+
+ 0
+ 0
+ 0
+ 0
+
+
+ 0
+ 0
+
+
+ 0
+ 0
+ 0
+ 0
+
+
+ 0
+ 0
+
+
+ 0
+ 0
+
+ 0
+
+
+
+ 0
+ 0
+ 0
+ 0
+ 0
+ 1
+ 0
+ 0
+ 0
+ 0
+ 3
+
+
+ 1
+
+
+ SARMCM3.DLL
+ -MPU
+ DARMSTM.DLL
+ -pSTM32F207IG
+ SARMCM3.DLL
+ -MPU
+ TARMSTM.DLL
+ -pSTM32F207IG
+
+
+
+ 1
+ 0
+ 0
+ 0
+ 16
+
+
+ 0
+ 1
+ 1
+ 1
+ 1
+ 1
+ 1
+ 1
+ 0
+ 1
+
+
+ 1
+ 1
+ 1
+ 1
+ 1
+ 1
+ 0
+ 1
+ 0
+ 1
+
+ 0
+ 7
+
+
+
+
+
+
+
+
+
+
+
+
+ c:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\Blinky_ULp\STM32_SWO.ini
+ BIN\ULP2CM3.DLL
+
+
+
+
+ 1
+ 0
+ 0
+ 1
+ 1
+ 4100
+
+ 1
+ BIN\ULP2CM3.DLL
+ "" ()
+
+
+
+
+ 0
+
+
+
+ 0
+ 1
+ 1
+ 1
+ 1
+ 1
+ 1
+ 1
+ 0
+ 1
+ 1
+ 0
+ 1
+ 1
+ 0
+ 0
+ 1
+ 1
+ 1
+ 1
+ 1
+ 1
+ 1
+ 1
+ 1
+ 0
+ 0
+ "Cortex-M3"
+
+ 1
+ 0
+ 0
+ 1
+ 1
+ 0
+ 0
+ 0
+ 0
+ 0
+ 8
+ 0
+ 0
+ 0
+ 3
+ 3
+ 0
+ 0
+ 0
+ 0
+ 0
+ 0
+ 0
+ 0
+ 0
+ 0
+ 1
+ 0
+ 0
+ 0
+ 0
+ 1
+ 0
+
+
+ 0
+ 0x0
+ 0x0
+
+
+ 0
+ 0x0
+ 0x0
+
+
+ 0
+ 0x0
+ 0x0
+
+
+ 0
+ 0x0
+ 0x0
+
+
+ 0
+ 0x0
+ 0x0
+
+
+ 0
+ 0x0
+ 0x0
+
+
+ 0
+ 0x20000000
+ 0x20000
+
+
+ 1
+ 0x8000000
+ 0x100000
+
+
+ 0
+ 0x0
+ 0x0
+
+
+ 1
+ 0x0
+ 0x0
+
+
+ 1
+ 0x0
+ 0x0
+
+
+ 1
+ 0x0
+ 0x0
+
+
+ 1
+ 0x8000000
+ 0x100000
+
+
+ 1
+ 0x0
+ 0x0
+
+
+ 0
+ 0x0
+ 0x0
+
+
+ 0
+ 0x0
+ 0x0
+
+
+ 0
+ 0x0
+ 0x0
+
+
+ 0
+ 0x20000000
+ 0x20000
+
+
+ 0
+ 0x0
+ 0x0
+
+
+
+
+
+ 1
+ 4
+ 0
+ 0
+ 0
+ 0
+ 0
+ 0
+ 0
+ 0
+ 0
+ 0
+ 0
+ 0
+ 0
+
+
+ HAVE_CONFIG_H WOLFSSL_STM32F2xx __DBG_ITM __RTX MDK_CONF_RTX_TCP_FS
+
+ ..\MDK-ARM\wolfSSL;..\..\..\; .\; C:\Keil_v5\ARM\RV31\INC
+
+
+
+ 1
+ 0
+ 0
+ 0
+ 0
+ 0
+ 0
+ 0
+ 0
+
+
+
+
+
+
+
+
+ 1
+ 0
+ 0
+ 0
+ 1
+ 0
+ 0x08000000
+ 0x20000000
+
+
+
+
+
+
+
+
+
+
+
+
+ Crypt
+
+
+ config-FS.h
+ 5
+ ..\MDK-ARM\wolfSSL\config-FS.h
+
+
+ aes.c
+ 1
+ ..\..\..\wolfcrypt\src\aes.c
+
+
+ arc4.c
+ 1
+ ..\..\..\wolfcrypt\src\arc4.c
+
+
+ asm.c
+ 1
+ ..\..\..\wolfcrypt\src\asm.c
+
+
+ asn.c
+ 1
+ ..\..\..\wolfcrypt\src\asn.c
+
+
+ blake2b.c
+ 1
+ ..\..\..\wolfcrypt\src\blake2b.c
+
+
+ camellia.c
+ 1
+ ..\..\..\wolfcrypt\src\camellia.c
+
+
+ chacha.c
+ 1
+ ..\..\..\wolfcrypt\src\chacha.c
+
+
+ chacha20_poly1305.c
+ 1
+ ..\..\..\wolfcrypt\src\chacha20_poly1305.c
+
+
+ coding.c
+ 1
+ ..\..\..\wolfcrypt\src\coding.c
+
+
+ compress.c
+ 1
+ ..\..\..\wolfcrypt\src\compress.c
+
+
+ curve25519.c
+ 1
+ ..\..\..\wolfcrypt\src\curve25519.c
+
+
+ des3.c
+ 1
+ ..\..\..\wolfcrypt\src\des3.c
+
+
+ dh.c
+ 1
+ ..\..\..\wolfcrypt\src\dh.c
+
+
+ dsa.c
+ 1
+ ..\..\..\wolfcrypt\src\dsa.c
+
+
+ ecc.c
+ 1
+ ..\..\..\wolfcrypt\src\ecc.c
+
+
+ ecc_fp.c
+ 1
+ ..\..\..\wolfcrypt\src\ecc_fp.c
+
+
+ ed25519.c
+ 1
+ ..\..\..\wolfcrypt\src\ed25519.c
+
+
+ error.c
+ 1
+ ..\..\..\wolfcrypt\src\error.c
+
+
+ fe_operations.c
+ 1
+ ..\..\..\wolfcrypt\src\fe_operations.c
+
+
+ ge_operations.c
+ 1
+ ..\..\..\wolfcrypt\src\ge_operations.c
+
+
+ hc128.c
+ 1
+ ..\..\..\wolfcrypt\src\hc128.c
+
+
+ hmac.c
+ 1
+ ..\..\..\wolfcrypt\src\hmac.c
+
+
+ integer.c
+ 1
+ ..\..\..\wolfcrypt\src\integer.c
+
+
+ logging.c
+ 1
+ ..\..\..\wolfcrypt\src\logging.c
+
+
+ md2.c
+ 1
+ ..\..\..\wolfcrypt\src\md2.c
+
+
+ md4.c
+ 1
+ ..\..\..\wolfcrypt\src\md4.c
+
+
+ md5.c
+ 1
+ ..\..\..\wolfcrypt\src\md5.c
+
+
+ memory.c
+ 1
+ ..\..\..\wolfcrypt\src\memory.c
+
+
+ pkcs7.c
+ 1
+ ..\..\..\wolfcrypt\src\pkcs7.c
+
+
+ poly1305.c
+ 1
+ ..\..\..\wolfcrypt\src\poly1305.c
+
+
+ pwdbased.c
+ 1
+ ..\..\..\wolfcrypt\src\pwdbased.c
+
+
+ rabbit.c
+ 1
+ ..\..\..\wolfcrypt\src\rabbit.c
+
+
+ random.c
+ 1
+ ..\..\..\wolfcrypt\src\random.c
+
+
+ ripemd.c
+ 1
+ ..\..\..\wolfcrypt\src\ripemd.c
+
+
+ rsa.c
+ 1
+ ..\..\..\wolfcrypt\src\rsa.c
+
+
+ sha.c
+ 1
+ ..\..\..\wolfcrypt\src\sha.c
+
+
+ sha256.c
+ 1
+ ..\..\..\wolfcrypt\src\sha256.c
+
+
+ sha512.c
+ 1
+ ..\..\..\wolfcrypt\src\sha512.c
+
+
+ tfm.c
+ 1
+ ..\..\..\wolfcrypt\src\tfm.c
+
+
+ wc_port.c
+ 1
+ ..\..\..\wolfcrypt\src\wc_port.c
+
+
+ fe_low_mem.c
+ 1
+ ..\..\..\wolfcrypt\src\fe_low_mem.c
+
+
+ ge_low_mem.c
+ 1
+ ..\..\..\wolfcrypt\src\ge_low_mem.c
+
+
+ hash.c
+ 1
+ ..\..\..\wolfcrypt\src\hash.c
+
+
+ misc.c
+ 1
+ ..\..\..\wolfcrypt\src\misc.c
+
+
+ srp.c
+ 1
+ ..\..\..\wolfcrypt\src\srp.c
+
+
+ wc_encrypt.c
+ 1
+ ..\..\..\wolfcrypt\src\wc_encrypt.c
+
+
+
+
+ SSL
+
+
+ crl.c
+ 1
+ ..\..\..\src\crl.c
+
+
+ internal.c
+ 1
+ ..\..\..\src\internal.c
+
+
+ io.c
+ 1
+ ..\..\..\src\io.c
+
+
+ keys.c
+ 1
+ ..\..\..\src\keys.c
+
+
+ ocsp.c
+ 1
+ ..\..\..\src\ocsp.c
+
+
+ sniffer.c
+ 1
+ ..\..\..\src\sniffer.c
+
+
+ ssl.c
+ 1
+ ..\..\..\src\ssl.c
+
+
+ tls.c
+ 1
+ ..\..\..\src\tls.c
+
+
+
+
+ Config
+
+
+ Readme.txt
+ 5
+ .\Readme.txt
+
+
+ config-BARE-METAL.h
+ 5
+ ..\MDK-ARM\wolfSSL\config-BARE-METAL.h
+
+
+ config-RTX-TCP-FS.h
+ 5
+ ..\MDK-ARM\wolfSSL\config-RTX-TCP-FS.h
+
+
+ config-WOLFLIB.h
+ 5
+ ..\MDK-ARM\wolfSSL\config-WOLFLIB.h
+
+
+
+
+
+
+ MDK-FS-Lib
+ 0x4
+ ARM-ADS
+
+
+ STM32F207IG
+ STMicroelectronics
+ IRAM(0x20000000-0x2001FFFF) IROM(0x8000000-0x80FFFFF) CLOCK(25000000) CPUTYPE("Cortex-M3")
+
+ "STARTUP\ST\STM32F2xx\startup_stm32f2xx.s" ("STM32F2xx Startup Code")
+ UL2CM3(-O207 -S0 -C0 -FO7 -FD20000000 -FC800 -FN1 -FF0STM32F2xx_1024 -FS08000000 -FL0100000)
+ 5124
+ stm32f2xx.h
+
+
+
+
+
+
+
+
+
+ SFD\ST\STM32F2xx\STM32F20x.sfr
+ 0
+ 0
+
+
+
+ ST\STM32F2xx\
+ ST\STM32F2xx\
+
+ 0
+ 0
+ 0
+ 0
+ 1
+
+ .\wolfSSL-Lib\
+ wolfSSL
+ 0
+ 1
+ 0
+ 1
+ 1
+ .\Flash\
+ 1
+ 0
+ 0
+
+ 0
+ 0
+
+
+ 0
+ 0
+ 0
+ 0
+
+
+ 0
+ 0
+
+
+ 0
+ 0
+ 0
+ 0
+
+
+ 0
+ 0
+
+
+ 0
+ 0
+
+ 0
+
+
+
+ 0
+ 0
+ 0
+ 0
+ 0
+ 1
+ 0
+ 0
+ 0
+ 0
+ 3
+
+
+ 1
+
+
+ SARMCM3.DLL
+ -MPU
+ DARMSTM.DLL
+ -pSTM32F207IG
+ SARMCM3.DLL
+ -MPU
+ TARMSTM.DLL
+ -pSTM32F207IG
+
+
+
+ 1
+ 0
+ 0
+ 0
+ 16
+
+
+ 0
+ 1
+ 1
+ 1
+ 1
+ 1
+ 1
+ 1
+ 0
+ 1
+
+
+ 1
+ 1
+ 1
+ 1
+ 1
+ 1
+ 0
+ 1
+ 0
+ 1
+
+ 0
+ 1
+
+
+
+
+
+
+
+
+
+
+
+
+ ..\..\..\..\..\..\..\Keil\ARM\Boards\Keil\MCBSTM32F200\Blinky_ULp\STM32_SWO.ini
+ BIN\UL2CM3.DLL
+
+
+
+
+ 1
+ 0
+ 0
+ 1
+ 1
+ 4100
+
+ 1
+ BIN\ULP2CM3.DLL
+ "" ()
+
+
+
+
+ 0
+
+
+
+ 0
+ 1
+ 1
+ 1
+ 1
+ 1
+ 1
+ 1
+ 0
+ 1
+ 1
+ 0
+ 1
+ 1
+ 0
+ 0
+ 1
+ 1
+ 1
+ 1
+ 1
+ 1
+ 1
+ 1
+ 1
+ 0
+ 0
+ "Cortex-M3"
+
+ 0
+ 0
+ 0
+ 1
+ 1
+ 0
+ 0
+ 0
+ 0
+ 0
+ 8
+ 0
+ 0
+ 0
+ 3
+ 3
+ 0
+ 0
+ 0
+ 0
+ 0
+ 0
+ 0
+ 0
+ 0
+ 0
+ 1
+ 0
+ 0
+ 0
+ 0
+ 1
+ 0
+
+
+ 0
+ 0x0
+ 0x0
+
+
+ 0
+ 0x0
+ 0x0
+
+
+ 0
+ 0x0
+ 0x0
+
+
+ 0
+ 0x0
+ 0x0
+
+
+ 0
+ 0x0
+ 0x0
+
+
+ 0
+ 0x0
+ 0x0
+
+
+ 0
+ 0x20000000
+ 0x20000
+
+
+ 1
+ 0x8000000
+ 0x100000
+
+
+ 0
+ 0x0
+ 0x0
+
+
+ 1
+ 0x0
+ 0x0
+
+
+ 1
+ 0x0
+ 0x0
+
+
+ 1
+ 0x0
+ 0x0
+
+
+ 1
+ 0x8000000
+ 0x100000
+
+
+ 1
+ 0x0
+ 0x0
+
+
+ 0
+ 0x0
+ 0x0
+
+
+ 0
+ 0x0
+ 0x0
+
+
+ 0
+ 0x0
+ 0x0
+
+
+ 0
+ 0x20000000
+ 0x20000
+
+
+ 0
+ 0x0
+ 0x0
+
+
+
+
+
+ 1
+ 1
+ 0
+ 0
+ 0
+ 0
+ 0
+ 0
+ 0
+ 0
+ 0
+ 0
+ 0
+ 0
+ 0
+
+
+ HAVE_CONFIG_H CYASSL_STM32F2xx __DBG_ITM MDK_CONF_FS
+
+ ..\MDK-ARM\wolfSSL;..\MDK-ARM\inc;..\..\..\
+
+
+
+ 1
+ 0
+ 0
+ 0
+ 0
+ 0
+ 0
+ 0
+ 0
+
+
+
+
+
+
+
+
+ 1
+ 0
+ 0
+ 0
+ 1
+ 0
+ 0x08000000
+ 0x20000000
+
+
+
+
+
+
+
+
+
+
+
+
+ Crypt
+
+
+ config-FS.h
+ 5
+ ..\MDK-ARM\wolfSSL\config-FS.h
+
+
+ aes.c
+ 1
+ ..\..\..\wolfcrypt\src\aes.c
+
+
+ arc4.c
+ 1
+ ..\..\..\wolfcrypt\src\arc4.c
+
+
+ asm.c
+ 1
+ ..\..\..\wolfcrypt\src\asm.c
+
+
+ asn.c
+ 1
+ ..\..\..\wolfcrypt\src\asn.c
+
+
+ blake2b.c
+ 1
+ ..\..\..\wolfcrypt\src\blake2b.c
+
+
+ camellia.c
+ 1
+ ..\..\..\wolfcrypt\src\camellia.c
+
+
+ chacha.c
+ 1
+ ..\..\..\wolfcrypt\src\chacha.c
+
+
+ chacha20_poly1305.c
+ 1
+ ..\..\..\wolfcrypt\src\chacha20_poly1305.c
+
+
+ coding.c
+ 1
+ ..\..\..\wolfcrypt\src\coding.c
+
+
+ compress.c
+ 1
+ ..\..\..\wolfcrypt\src\compress.c
+
+
+ curve25519.c
+ 1
+ ..\..\..\wolfcrypt\src\curve25519.c
+
+
+ des3.c
+ 1
+ ..\..\..\wolfcrypt\src\des3.c
+
+
+ dh.c
+ 1
+ ..\..\..\wolfcrypt\src\dh.c
+
+
+ dsa.c
+ 1
+ ..\..\..\wolfcrypt\src\dsa.c
+
+
+ ecc.c
+ 1
+ ..\..\..\wolfcrypt\src\ecc.c
+
+
+ ecc_fp.c
+ 1
+ ..\..\..\wolfcrypt\src\ecc_fp.c
+
+
+ ed25519.c
+ 1
+ ..\..\..\wolfcrypt\src\ed25519.c
+
+
+ error.c
+ 1
+ ..\..\..\wolfcrypt\src\error.c
+
+
+ fe_operations.c
+ 1
+ ..\..\..\wolfcrypt\src\fe_operations.c
+
+
+ ge_operations.c
+ 1
+ ..\..\..\wolfcrypt\src\ge_operations.c
+
+
+ hc128.c
+ 1
+ ..\..\..\wolfcrypt\src\hc128.c
+
+
+ hmac.c
+ 1
+ ..\..\..\wolfcrypt\src\hmac.c
+
+
+ integer.c
+ 1
+ ..\..\..\wolfcrypt\src\integer.c
+
+
+ logging.c
+ 1
+ ..\..\..\wolfcrypt\src\logging.c
+
+
+ md2.c
+ 1
+ ..\..\..\wolfcrypt\src\md2.c
+
+
+ md4.c
+ 1
+ ..\..\..\wolfcrypt\src\md4.c
+
+
+ md5.c
+ 1
+ ..\..\..\wolfcrypt\src\md5.c
+
+
+ memory.c
+ 1
+ ..\..\..\wolfcrypt\src\memory.c
+
+
+ pkcs7.c
+ 1
+ ..\..\..\wolfcrypt\src\pkcs7.c
+
+
+ poly1305.c
+ 1
+ ..\..\..\wolfcrypt\src\poly1305.c
+
+
+ pwdbased.c
+ 1
+ ..\..\..\wolfcrypt\src\pwdbased.c
+
+
+ rabbit.c
+ 1
+ ..\..\..\wolfcrypt\src\rabbit.c
+
+
+ random.c
+ 1
+ ..\..\..\wolfcrypt\src\random.c
+
+
+ ripemd.c
+ 1
+ ..\..\..\wolfcrypt\src\ripemd.c
+
+
+ rsa.c
+ 1
+ ..\..\..\wolfcrypt\src\rsa.c
+
+
+ sha.c
+ 1
+ ..\..\..\wolfcrypt\src\sha.c
+
+
+ sha256.c
+ 1
+ ..\..\..\wolfcrypt\src\sha256.c
+
+
+ sha512.c
+ 1
+ ..\..\..\wolfcrypt\src\sha512.c
+
+
+ tfm.c
+ 1
+ ..\..\..\wolfcrypt\src\tfm.c
+
+
+ wc_port.c
+ 1
+ ..\..\..\wolfcrypt\src\wc_port.c
+
+
+ fe_low_mem.c
+ 1
+ ..\..\..\wolfcrypt\src\fe_low_mem.c
+
+
+ ge_low_mem.c
+ 1
+ ..\..\..\wolfcrypt\src\ge_low_mem.c
+
+
+ hash.c
+ 1
+ ..\..\..\wolfcrypt\src\hash.c
+
+
+ misc.c
+ 1
+ ..\..\..\wolfcrypt\src\misc.c
+
+
+ srp.c
+ 1
+ ..\..\..\wolfcrypt\src\srp.c
+
+
+ wc_encrypt.c
+ 1
+ ..\..\..\wolfcrypt\src\wc_encrypt.c
+
+
+
+
+ SSL
+
+
+ crl.c
+ 1
+ ..\..\..\src\crl.c
+
+
+ internal.c
+ 1
+ ..\..\..\src\internal.c
+
+
+ io.c
+ 1
+ ..\..\..\src\io.c
+
+
+ keys.c
+ 1
+ ..\..\..\src\keys.c
+
+
+ ocsp.c
+ 1
+ ..\..\..\src\ocsp.c
+
+
+ sniffer.c
+ 1
+ ..\..\..\src\sniffer.c
+
+
+ ssl.c
+ 1
+ ..\..\..\src\ssl.c
+
+
+ tls.c
+ 1
+ ..\..\..\src\tls.c
+
+
+
+
+ Config
+
+
+ Readme.txt
+ 5
+ .\Readme.txt
+
+
+ config-BARE-METAL.h
+ 5
+ ..\MDK-ARM\wolfSSL\config-BARE-METAL.h
+
+
+ config-RTX-TCP-FS.h
+ 5
+ ..\MDK-ARM\wolfSSL\config-RTX-TCP-FS.h
+
+
+ config-WOLFLIB.h
+ 5
+ ..\MDK-ARM\wolfSSL\config-WOLFLIB.h
+
+
+
+
+
+
+ wolfSSL-Lib
+ 0x4
+ ARM-ADS
+
+
+ STM32F207IG
+ STMicroelectronics
+ IRAM(0x20000000-0x2001FFFF) IROM(0x8000000-0x80FFFFF) CLOCK(25000000) CPUTYPE("Cortex-M3")
+
+ "STARTUP\ST\STM32F2xx\startup_stm32f2xx.s" ("STM32F2xx Startup Code")
+ UL2CM3(-O207 -S0 -C0 -FO7 -FD20000000 -FC800 -FN1 -FF0STM32F2xx_1024 -FS08000000 -FL0100000)
+ 5124
+ stm32f2xx.h
+
+
+
+
+
+
+
+
+
+ SFD\ST\STM32F2xx\STM32F20x.sfr
+ 0
+ 0
+
+
+
+ ST\STM32F2xx\
+ ST\STM32F2xx\
+
+ 0
+ 0
+ 0
+ 0
+ 1
+
+ .\wolfSSL-Lib\
+ wolfSSL
+ 0
+ 1
+ 0
+ 1
+ 1
+ .\Flash\
+ 1
+ 0
+ 0
+
+ 0
+ 0
+
+
+ 0
+ 0
+ 0
+ 0
+
+
+ 0
+ 0
+
+
+ 0
+ 0
+ 0
+ 0
+
+
+ 0
+ 0
+
+
+ 0
+ 0
+
+ 0
+
+
+
+ 0
+ 0
+ 0
+ 0
+ 0
+ 1
+ 0
+ 0
+ 0
+ 0
+ 3
+
+
+ 1
+
+
+ SARMCM3.DLL
+ -MPU
+ DARMSTM.DLL
+ -pSTM32F207IG
+ SARMCM3.DLL
+ -MPU
+ TARMSTM.DLL
+ -pSTM32F207IG
+
+
+
+ 1
+ 0
+ 0
+ 0
+ 16
+
+
+ 0
+ 1
+ 1
+ 1
+ 1
+ 1
+ 1
+ 1
+ 0
+ 1
+
+
+ 1
+ 1
+ 0
+ 1
+ 1
+ 1
+ 0
+ 1
+ 0
+ 1
+
+ 0
+ 1
+
+
+
+
+
+
+
+
+
+
+
+
+ ..\..\..\..\..\..\..\Keil\ARM\Boards\Keil\MCBSTM32F200\Blinky_ULp\STM32_SWO.ini
+ BIN\UL2CM3.DLL
+
+
+
+
+ 1
+ 0
+ 0
+ 1
+ 1
+ 4100
+
+ 1
+ BIN\ULP2CM3.DLL
+ "" ()
+
+
+
+
+ 0
+
+
+
+ 0
+ 1
+ 1
+ 1
+ 1
+ 1
+ 1
+ 1
+ 0
+ 1
+ 1
+ 0
+ 0
+ 1
+ 0
+ 0
+ 0
+ 1
+ 1
+ 1
+ 1
+ 1
+ 1
+ 1
+ 1
+ 0
+ 0
+ "Cortex-M3"
+
+ 0
+ 0
+ 0
+ 1
+ 1
+ 0
+ 0
+ 0
+ 0
+ 0
+ 8
+ 0
+ 0
+ 0
+ 3
+ 3
+ 0
+ 0
+ 0
+ 0
+ 0
+ 0
+ 0
+ 0
+ 0
+ 0
+ 1
+ 0
+ 0
+ 0
+ 0
+ 1
+ 0
+
+
+ 0
+ 0x0
+ 0x0
+
+
+ 0
+ 0x0
+ 0x0
+
+
+ 0
+ 0x0
+ 0x0
+
+
+ 0
+ 0x0
+ 0x0
+
+
+ 0
+ 0x0
+ 0x0
+
+
+ 0
+ 0x0
+ 0x0
+
+
+ 0
+ 0x20000000
+ 0x20000
+
+
+ 1
+ 0x8000000
+ 0x100000
+
+
+ 0
+ 0x0
+ 0x0
+
+
+ 1
+ 0x0
+ 0x0
+
+
+ 1
+ 0x0
+ 0x0
+
+
+ 1
+ 0x0
+ 0x0
+
+
+ 1
+ 0x8000000
+ 0x100000
+
+
+ 1
+ 0x0
+ 0x0
+
+
+ 0
+ 0x0
+ 0x0
+
+
+ 0
+ 0x0
+ 0x0
+
+
+ 0
+ 0x0
+ 0x0
+
+
+ 0
+ 0x20000000
+ 0x20000
+
+
+ 0
+ 0x0
+ 0x0
+
+
+
+
+
+ 1
+ 4
+ 0
+ 0
+ 0
+ 0
+ 0
+ 0
+ 0
+ 0
+ 0
+ 0
+ 0
+ 0
+ 0
+
+
+ HAVE_CONFIG_H MDK_WOLFLIB
+
+ ..\..\..\;.\;..\MDK-ARM\wolfSSL
+
+
+
+ 1
+ 0
+ 0
+ 0
+ 0
+ 0
+ 0
+ 0
+ 0
+
+
+
+
+
+
+
+
+ 1
+ 0
+ 0
+ 0
+ 1
+ 0
+ 0x08000000
+ 0x20000000
+
+
+
+
+
+
+
+
+
+
+
+
+ Crypt
+
+
+ config-FS.h
+ 5
+ ..\MDK-ARM\wolfSSL\config-FS.h
+
+
+ aes.c
+ 1
+ ..\..\..\wolfcrypt\src\aes.c
+
+
+ arc4.c
+ 1
+ ..\..\..\wolfcrypt\src\arc4.c
+
+
+ asm.c
+ 1
+ ..\..\..\wolfcrypt\src\asm.c
+
+
+ asn.c
+ 1
+ ..\..\..\wolfcrypt\src\asn.c
+
+
+ blake2b.c
+ 1
+ ..\..\..\wolfcrypt\src\blake2b.c
+
+
+ camellia.c
+ 1
+ ..\..\..\wolfcrypt\src\camellia.c
+
+
+ chacha.c
+ 1
+ ..\..\..\wolfcrypt\src\chacha.c
+
+
+ chacha20_poly1305.c
+ 1
+ ..\..\..\wolfcrypt\src\chacha20_poly1305.c
+
+
+ coding.c
+ 1
+ ..\..\..\wolfcrypt\src\coding.c
+
+
+ compress.c
+ 1
+ ..\..\..\wolfcrypt\src\compress.c
+
+
+ curve25519.c
+ 1
+ ..\..\..\wolfcrypt\src\curve25519.c
+
+
+ des3.c
+ 1
+ ..\..\..\wolfcrypt\src\des3.c
+
+
+ dh.c
+ 1
+ ..\..\..\wolfcrypt\src\dh.c
+
+
+ dsa.c
+ 1
+ ..\..\..\wolfcrypt\src\dsa.c
+
+
+ ecc.c
+ 1
+ ..\..\..\wolfcrypt\src\ecc.c
+
+
+ ecc_fp.c
+ 1
+ ..\..\..\wolfcrypt\src\ecc_fp.c
+
+
+ ed25519.c
+ 1
+ ..\..\..\wolfcrypt\src\ed25519.c
+
+
+ error.c
+ 1
+ ..\..\..\wolfcrypt\src\error.c
+
+
+ fe_operations.c
+ 1
+ ..\..\..\wolfcrypt\src\fe_operations.c
+
+
+ ge_operations.c
+ 1
+ ..\..\..\wolfcrypt\src\ge_operations.c
+
+
+ hc128.c
+ 1
+ ..\..\..\wolfcrypt\src\hc128.c
+
+
+ hmac.c
+ 1
+ ..\..\..\wolfcrypt\src\hmac.c
+
+
+ integer.c
+ 1
+ ..\..\..\wolfcrypt\src\integer.c
+
+
+ logging.c
+ 1
+ ..\..\..\wolfcrypt\src\logging.c
+
+
+ md2.c
+ 1
+ ..\..\..\wolfcrypt\src\md2.c
+
+
+ md4.c
+ 1
+ ..\..\..\wolfcrypt\src\md4.c
+
+
+ md5.c
+ 1
+ ..\..\..\wolfcrypt\src\md5.c
+
+
+ memory.c
+ 1
+ ..\..\..\wolfcrypt\src\memory.c
+
+
+ pkcs7.c
+ 1
+ ..\..\..\wolfcrypt\src\pkcs7.c
+
+
+ poly1305.c
+ 1
+ ..\..\..\wolfcrypt\src\poly1305.c
+
+
+ pwdbased.c
+ 1
+ ..\..\..\wolfcrypt\src\pwdbased.c
+
+
+ rabbit.c
+ 1
+ ..\..\..\wolfcrypt\src\rabbit.c
+
+
+ random.c
+ 1
+ ..\..\..\wolfcrypt\src\random.c
+
+
+ ripemd.c
+ 1
+ ..\..\..\wolfcrypt\src\ripemd.c
+
+
+ rsa.c
+ 1
+ ..\..\..\wolfcrypt\src\rsa.c
+
+
+ sha.c
+ 1
+ ..\..\..\wolfcrypt\src\sha.c
+
+
+ sha256.c
+ 1
+ ..\..\..\wolfcrypt\src\sha256.c
+
+
+ sha512.c
+ 1
+ ..\..\..\wolfcrypt\src\sha512.c
+
+
+ tfm.c
+ 1
+ ..\..\..\wolfcrypt\src\tfm.c
+
+
+ wc_port.c
+ 1
+ ..\..\..\wolfcrypt\src\wc_port.c
+
+
+ fe_low_mem.c
+ 1
+ ..\..\..\wolfcrypt\src\fe_low_mem.c
+
+
+ ge_low_mem.c
+ 1
+ ..\..\..\wolfcrypt\src\ge_low_mem.c
+
+
+ hash.c
+ 1
+ ..\..\..\wolfcrypt\src\hash.c
+
+
+ misc.c
+ 1
+ ..\..\..\wolfcrypt\src\misc.c
+
+
+ srp.c
+ 1
+ ..\..\..\wolfcrypt\src\srp.c
+
+
+ wc_encrypt.c
+ 1
+ ..\..\..\wolfcrypt\src\wc_encrypt.c
+
+
+
+
+ SSL
+
+
+ crl.c
+ 1
+ ..\..\..\src\crl.c
+
+
+ internal.c
+ 1
+ ..\..\..\src\internal.c
+
+
+ io.c
+ 1
+ ..\..\..\src\io.c
+
+
+ keys.c
+ 1
+ ..\..\..\src\keys.c
+
+
+ ocsp.c
+ 1
+ ..\..\..\src\ocsp.c
+
+
+ sniffer.c
+ 1
+ ..\..\..\src\sniffer.c
+
+
+ ssl.c
+ 1
+ ..\..\..\src\ssl.c
+
+
+ tls.c
+ 1
+ ..\..\..\src\tls.c
+
+
+
+
+ Config
+
+
+ Readme.txt
+ 5
+ .\Readme.txt
+
+
+ config-BARE-METAL.h
+ 5
+ ..\MDK-ARM\wolfSSL\config-BARE-METAL.h
+
+
+ config-RTX-TCP-FS.h
+ 5
+ ..\MDK-ARM\wolfSSL\config-RTX-TCP-FS.h
+
+
+ config-WOLFLIB.h
+ 5
+ ..\MDK-ARM\wolfSSL\config-WOLFLIB.h
+
+
+
+
+
+
+
+
diff --git a/IDE/MDK-ARM/Projects/Readme.txt b/IDE/MDK-ARM/Projects/Readme.txt
new file mode 100644
index 000000000..87ba83c96
--- /dev/null
+++ b/IDE/MDK-ARM/Projects/Readme.txt
@@ -0,0 +1,8 @@
+
+Use appropriate config file for the target library.
+
+Configfile files Target
+config-WOLFLIB.h: wolfSSL-Lib /* for general use wolfSSL library */
+config-BARE-METAL.h: MDK-BAREMETAL-Lib /* for linking with MDK-BAREMETAL target in MDK-ARM-STM32F2xx project */
+config-FS.h: MDK-FS-Lib /* for linking with MDK-FS target in MDK-ARM-STM32F2xx project */
+config-RTX-TCP-FS.h: MDK-RTX-TCP-FS-Lib /* for linking with MDK-RTX-TCP-FS target in MDK-ARM-STM32F2xx project */
diff --git a/IDE/MDK5-ARM/Projects/CryptBenchmark/benchmark.c b/IDE/MDK5-ARM/Projects/CryptBenchmark/benchmark.c
index 417ae3177..9ee281329 100644
--- a/IDE/MDK5-ARM/Projects/CryptBenchmark/benchmark.c
+++ b/IDE/MDK5-ARM/Projects/CryptBenchmark/benchmark.c
@@ -52,7 +52,7 @@
#include "cavium_ioctl.h"
#endif
#ifdef HAVE_NTRU
- #include "ntru_crypto.h"
+ #include "libntruencrypt/ntru_crypto.h"
#endif
#if defined(CYASSL_MDK_ARM)
@@ -797,7 +797,7 @@ void bench_blake2(void)
#if !defined(NO_RSA) || !defined(NO_DH) \
|| defined(CYASSL_KEYGEN) || defined(HAVE_ECC)
-static RNG rng;
+static WC_RNG rng;
#endif
#ifndef NO_RSA
diff --git a/IDE/MDK5-ARM/Projects/CryptTest/test.c b/IDE/MDK5-ARM/Projects/CryptTest/test.c
index ac5c775b2..9b9bf3537 100644
--- a/IDE/MDK5-ARM/Projects/CryptTest/test.c
+++ b/IDE/MDK5-ARM/Projects/CryptTest/test.c
@@ -101,7 +101,7 @@
#endif
#ifdef HAVE_NTRU
- #include "ntru_crypto.h"
+ #include "libntruencrypt/ntru_crypto.h"
#endif
#ifdef HAVE_CAVIUM
#include "cavium_sysdep.h"
@@ -2667,7 +2667,7 @@ int random_test(void)
int random_test(void)
{
- RNG rng;
+ WC_RNG rng;
byte block[32];
int ret;
@@ -2693,7 +2693,7 @@ byte GetEntropy(ENTROPY_CMD cmd, byte* out);
byte GetEntropy(ENTROPY_CMD cmd, byte* out)
{
- static RNG rng;
+ static WC_RNG rng;
if (cmd == INIT)
return (InitRng(&rng) == 0) ? 1 : 0;
@@ -2768,7 +2768,7 @@ int rsa_test(void)
byte* tmp;
size_t bytes;
RsaKey key;
- RNG rng;
+ WC_RNG rng;
word32 idx = 0;
int ret;
byte in[] = "Everyone gets Friday off.";
@@ -3652,7 +3652,7 @@ int dh_test(void)
byte agree2[256];
DhKey key;
DhKey key2;
- RNG rng;
+ WC_RNG rng;
#ifdef USE_CERT_BUFFERS_1024
@@ -3725,7 +3725,7 @@ int dsa_test(void)
word32 idx = 0;
byte tmp[1024];
DsaKey key;
- RNG rng;
+ WC_RNG rng;
Sha sha;
byte hash[SHA_DIGEST_SIZE];
byte signature[40];
@@ -4200,7 +4200,7 @@ int hkdf_test(void)
int ecc_test(void)
{
- RNG rng;
+ WC_RNG rng;
byte sharedA[1024];
byte sharedB[1024];
byte sig[1024];
@@ -4300,7 +4300,7 @@ int ecc_test(void)
int ecc_encrypt_test(void)
{
- RNG rng;
+ WC_RNG rng;
int ret;
ecc_key userA, userB;
byte msg[48];
@@ -4669,7 +4669,7 @@ int pkcs7signed_test(void)
char data[] = "Hello World";
word32 dataSz, outSz, certDerSz, keyDerSz;
PKCS7 msg;
- RNG rng;
+ WC_RNG rng;
byte transIdOid[] =
{ 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
diff --git a/IDE/MDK5-ARM/Projects/CyaSSL-Full/benchmark.c b/IDE/MDK5-ARM/Projects/CyaSSL-Full/benchmark.c
index 528c0a76f..faf6b7793 100644
--- a/IDE/MDK5-ARM/Projects/CyaSSL-Full/benchmark.c
+++ b/IDE/MDK5-ARM/Projects/CyaSSL-Full/benchmark.c
@@ -772,7 +772,7 @@ void bench_blake2(void)
#if !defined(NO_RSA) || !defined(NO_DH) \
|| defined(CYASSL_KEYGEN) || defined(HAVE_ECC)
-static RNG rng;
+static WC_RNG rng;
#endif
#ifndef NO_RSA
diff --git a/IDE/MDK5-ARM/Projects/CyaSSL-Full/test.c b/IDE/MDK5-ARM/Projects/CyaSSL-Full/test.c
index 43f9e7952..751cfdf85 100644
--- a/IDE/MDK5-ARM/Projects/CyaSSL-Full/test.c
+++ b/IDE/MDK5-ARM/Projects/CyaSSL-Full/test.c
@@ -2583,7 +2583,7 @@ int camellia_test(void)
int random_test(void)
{
- RNG rng;
+ WC_RNG rng;
byte block[32];
int ret;
@@ -2607,7 +2607,7 @@ byte GetEntropy(ENTROPY_CMD cmd, byte* out);
byte GetEntropy(ENTROPY_CMD cmd, byte* out)
{
- static RNG rng;
+ static WC_RNG rng;
if (cmd == INIT)
return (InitRng(&rng) == 0) ? 1 : 0;
@@ -2682,7 +2682,7 @@ int rsa_test(void)
byte* tmp;
size_t bytes;
RsaKey key;
- RNG rng;
+ WC_RNG rng;
word32 idx = 0;
int ret;
byte in[] = "Everyone gets Friday off.";
@@ -3558,7 +3558,7 @@ int dh_test(void)
byte agree2[256];
DhKey key;
DhKey key2;
- RNG rng;
+ WC_RNG rng;
#ifdef USE_CERT_BUFFERS_1024
@@ -3631,7 +3631,7 @@ int dsa_test(void)
word32 idx = 0;
byte tmp[1024];
DsaKey key;
- RNG rng;
+ WC_RNG rng;
Sha sha;
byte hash[SHA_DIGEST_SIZE];
byte signature[40];
@@ -4098,7 +4098,7 @@ int hkdf_test(void)
int ecc_test(void)
{
- RNG rng;
+ WC_RNG rng;
byte sharedA[1024];
byte sharedB[1024];
byte sig[1024];
@@ -4198,7 +4198,7 @@ int ecc_test(void)
int ecc_encrypt_test(void)
{
- RNG rng;
+ WC_RNG rng;
int ret;
ecc_key userA, userB;
byte msg[48];
@@ -4563,8 +4563,8 @@ int pkcs7signed_test(void)
byte* out;
char data[] = "Hello World";
word32 dataSz, outSz, certDerSz, keyDerSz;
- PKCS7 msg;
- RNG rng;
+ PKCS7 msg;
+ WC_RNG rng;
byte transIdOid[] =
{ 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
diff --git a/IDE/MYSQL/CMakeLists_wolfCrypt.txt b/IDE/MYSQL/CMakeLists_wolfCrypt.txt
index 6c6f6b13f..62184780b 100644
--- a/IDE/MYSQL/CMakeLists_wolfCrypt.txt
+++ b/IDE/MYSQL/CMakeLists_wolfCrypt.txt
@@ -29,14 +29,15 @@ SET(WOLFCRYPT_SOURCES src/aes.c src/arc4.c src/asn.c src/blake2b.c
src/integer.c src/logging.c src/md2.c src/md4.c src/md5.c src/memory.c
src/misc.c src/pkcs7.c src/poly1305.c src/pwdbased.c src/rabbit.c
src/random.c src/ripemd.c src/rsa.c src/sha.c src/sha256.c src/sha512.c
- src/tfm.c src/wc_port.c
+ src/tfm.c src/wc_port.c src/wc_encrypt.c src/hash.c
../wolfssl/wolfcrypt/aes.h ../wolfssl/wolfcrypt/arc4.h ../wolfssl/wolfcrypt/asn.h ../wolfssl/wolfcrypt/blake2.h
../wolfssl/wolfcrypt/camellia.h ../wolfssl/wolfcrypt/chacha.h ../wolfssl/wolfcrypt/coding.h ../wolfssl/wolfcrypt/compress.h ../wolfssl/wolfcrypt/des3.h
../wolfssl/wolfcrypt/dh.h ../wolfssl/wolfcrypt/dsa.h ../wolfssl/wolfcrypt/ecc.h ../wolfssl/wolfcrypt/error-crypt.h ../wolfssl/wolfcrypt/hc128.h ../wolfssl/wolfcrypt/hmac.h
../wolfssl/wolfcrypt/integer.h ../wolfssl/wolfcrypt/logging.h ../wolfssl/wolfcrypt/md2.h ../wolfssl/wolfcrypt/md4.h ../wolfssl/wolfcrypt/md5.h ../wolfssl/wolfcrypt/memory.h
../wolfssl/wolfcrypt/misc.h ../wolfssl/wolfcrypt/pkcs7.h ../wolfssl/wolfcrypt/poly1305.h ../wolfssl/wolfcrypt/pwdbased.h ../wolfssl/wolfcrypt/rabbit.h
../wolfssl/wolfcrypt/random.h ../wolfssl/wolfcrypt/ripemd.h ../wolfssl/wolfcrypt/rsa.h ../wolfssl/wolfcrypt/sha.h ../wolfssl/wolfcrypt/sha256.h ../wolfssl/wolfcrypt/sha512.h
- ../wolfssl/wolfcrypt/tfm.h ../wolfssl/wolfcrypt/wc_port.h
+ ../wolfssl/wolfcrypt/tfm.h ../wolfssl/wolfcrypt/wc_port.h ../wolfssl/wolfcrypt/wc_encrypt.h
+ ../wolfssl/wolfcrypt/hash.h
)
ADD_CONVENIENCE_LIBRARY(wolfcrypt ${WOLFCRYPT_SOURCES})
diff --git a/IDE/WIN/README.txt b/IDE/WIN/README.txt
new file mode 100644
index 000000000..12e84bdee
--- /dev/null
+++ b/IDE/WIN/README.txt
@@ -0,0 +1,69 @@
+# Notes on the wolfssl-fips project
+
+First, if you did not get the FIPS files with your archive, you must contact
+wolfSSL to obtain them.
+
+
+# Building the wolfssl-fips project
+
+The wolfCrypt FIPS library for Windows is a part of the wolfSSL library. It
+must be built as a static library, for the moment.
+
+The library project is built with Whole Program Optimization disabled. This is
+required so that necessary components of the library are not optimized away.
+There are two functions added to the library that are used as markers in
+memory for the in-core memory check of the code. WPO consolidates them into a
+single function. WPO also optimizes away the automatic FIPS entry function.
+
+Each of the source files inside the FIPS boundary defines their own code and
+constant section. The code section names start with ".fipsA$" and the constant
+section names start with ".fipsB$". Each subsection has a letter to organize
+them in a secific order. This specific ordering puts marker functions and
+constants on either end of the boundary so it can be hashed.
+
+
+# In Core Memory Test
+
+The In Core Memory test calculates a checksum (HMAC-SHA256) of the wolfCrypt
+FIPS library code and constant data and compares it with a known value in
+the code.
+
+The Randomized Base Address setting needs to be disabled on the 32-bit builds
+but can be enabled on the 64-bit builds. In the 32-bit mode the addresses
+being different throws off the in-core memory calculation. It looks like in
+64-bit mode the library uses all offsets, so the core hash calculation
+is the same every time.
+
+The "verifyCore" check value in the source fips_test.c needs to be updated when
+building the code. The POS performs this check and the default failure callback
+will print out the calculated checksum. When developing your code, copy this
+value and paste it back into your code in the verifyCore initializer then
+rebuild the code. When statically linking, you may have to recalculate your
+check value when changing your application.
+
+
+# Build Options
+
+The default build options should be the proper default set of options:
+
+ * HAVE_FIPS
+ * HAVE_THREAD_LS
+ * HAVE_AESGCM
+ * HAVE_HASHDRBG
+ * WOLFSSL_SHA384
+ * WOLFSSL_SHA512
+ * NO_HC128
+ * NO_RC4
+ * NO_RABBIT
+ * NO_DSA
+ * NO_MD4
+
+The "NO" options explicitly disable algorithms that are not allowed in
+FIPS mode.
+
+Additionally one may enable:
+
+ * HAVE_ECC
+ * OPENSSL_EXTRA
+ * WOLFSSL_KEY_GEN
+
diff --git a/IDE/WIN/include.am b/IDE/WIN/include.am
new file mode 100644
index 000000000..ac6560514
--- /dev/null
+++ b/IDE/WIN/include.am
@@ -0,0 +1,8 @@
+# vim:ft=automake
+# included from Top Level Makefile.am
+# All paths should be given relative to the root
+
+EXTRA_DIST+= IDE/WIN/README.txt
+EXTRA_DIST+= IDE/WIN/test.vcxproj
+EXTRA_DIST+= IDE/WIN/wolfssl-fips.sln
+EXTRA_DIST+= IDE/WIN/wolfssl-fips.vcxproj
diff --git a/IDE/WIN/test.vcxproj b/IDE/WIN/test.vcxproj
new file mode 100644
index 000000000..06ad22bd3
--- /dev/null
+++ b/IDE/WIN/test.vcxproj
@@ -0,0 +1,276 @@
+
+
+
+
+ Debug
+ Win32
+
+
+ Debug
+ x64
+
+
+ DLL Debug
+ Win32
+
+
+ DLL Debug
+ x64
+
+
+ DLL Release
+ Win32
+
+
+ DLL Release
+ x64
+
+
+ Release
+ Win32
+
+
+ Release
+ x64
+
+
+
+ {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}
+ Win32Proj
+
+
+
+ Application
+ v110
+
+
+ Application
+ v110
+
+
+ Application
+ v110
+
+
+ Application
+ v110
+
+
+ Application
+ v110
+
+
+ Application
+ v110
+
+
+ Application
+ v110
+
+
+ Application
+ v110
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ <_ProjectFileVersion>11.0.61030.0
+
+
+ $(SolutionDir)$(Configuration)\$(Platform)\
+ $(Configuration)\$(Platform)\obj\
+ false
+
+
+
+ Disabled
+ ..\..\;%(AdditionalIncludeDirectories)
+ WIN32;_DEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;%(PreprocessorDefinitions)
+ EnableFastChecks
+ MultiThreadedDebugDLL
+
+ Level3
+ ProgramDatabase
+
+
+ true
+ Console
+ MachineX86
+ ws2_32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)
+ false
+
+
+
+
+ Disabled
+ ..\..\;%(AdditionalIncludeDirectories)
+ WIN32;_DEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;%(PreprocessorDefinitions)
+ EnableFastChecks
+ MultiThreadedDebugDLL
+
+ Level3
+ ProgramDatabase
+
+
+ true
+ Console
+ ws2_32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)
+ false
+
+
+
+
+ ..\..\;%(AdditionalIncludeDirectories)
+ WIN32;NDEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;%(PreprocessorDefinitions)
+ MultiThreadedDLL
+
+ Level3
+ ProgramDatabase
+ true
+
+
+ true
+ Console
+ MachineX86
+ ws2_32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)
+ true
+ true
+ UseLinkTimeCodeGeneration
+
+
+
+
+ ..\..\;%(AdditionalIncludeDirectories)
+ WIN32;NDEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;%(PreprocessorDefinitions)
+ MultiThreadedDLL
+
+ Level3
+ ProgramDatabase
+ true
+
+
+ true
+ Console
+ ws2_32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)
+ true
+ true
+ UseLinkTimeCodeGeneration
+
+
+
+
+ Disabled
+ ..\..\;%(AdditionalIncludeDirectories)
+ WIN32;_DEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;CYASSL_DLL;%(PreprocessorDefinitions)
+ EnableFastChecks
+ MultiThreadedDebugDLL
+
+ Level3
+ ProgramDatabase
+ false
+
+
+ true
+ Console
+ MachineX86
+ ws2_32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)
+ false
+
+
+
+
+ Disabled
+ ..\..\;%(AdditionalIncludeDirectories)
+ _DEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;CYASSL_DLL;%(PreprocessorDefinitions)
+ EnableFastChecks
+ MultiThreadedDebugDLL
+
+ Level3
+ ProgramDatabase
+ false
+
+
+ true
+ Console
+ ws2_32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)
+ false
+
+
+
+
+ ..\..\;%(AdditionalIncludeDirectories)
+ WIN32;NDEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;CYASSL_DLL;%(PreprocessorDefinitions)
+ MultiThreadedDLL
+
+ Level3
+ ProgramDatabase
+
+
+ true
+ Console
+ ws2_32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)
+ true
+ true
+ MachineX86
+ UseLinkTimeCodeGeneration
+ false
+
+
+
+
+ ..\..\;%(AdditionalIncludeDirectories)
+ WIN32;NDEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;CYASSL_DLL;%(PreprocessorDefinitions)
+ MultiThreadedDLL
+
+ Level3
+ ProgramDatabase
+
+
+ true
+ Console
+ ws2_32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)
+ true
+ true
+ UseLinkTimeCodeGeneration
+ false
+
+
+
+
+
+
+
+ {73973223-5ee8-41ca-8e88-1d60e89a237b}
+ false
+
+
+
+
+
+
\ No newline at end of file
diff --git a/IDE/WIN/wolfssl-fips.sln b/IDE/WIN/wolfssl-fips.sln
new file mode 100644
index 000000000..306616419
--- /dev/null
+++ b/IDE/WIN/wolfssl-fips.sln
@@ -0,0 +1,56 @@
+
+Microsoft Visual Studio Solution File, Format Version 10.00
+# Visual Studio Express 2012 for Windows Desktop
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "wolfssl-fips", "wolfssl-fips.vcxproj", "{73973223-5EE8-41CA-8E88-1D60E89A237B}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "test", "test.vcxproj", "{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}"
+EndProject
+Global
+ GlobalSection(SolutionConfigurationPlatforms) = preSolution
+ Debug|Win32 = Debug|Win32
+ Debug|x64 = Debug|x64
+ DLL Debug|Win32 = DLL Debug|Win32
+ DLL Debug|x64 = DLL Debug|x64
+ DLL Release|Win32 = DLL Release|Win32
+ DLL Release|x64 = DLL Release|x64
+ Release|Win32 = Release|Win32
+ Release|x64 = Release|x64
+ EndGlobalSection
+ GlobalSection(ProjectConfigurationPlatforms) = postSolution
+ {73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|Win32.ActiveCfg = Debug|Win32
+ {73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|Win32.Build.0 = Debug|Win32
+ {73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|x64.ActiveCfg = Debug|x64
+ {73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|x64.Build.0 = Debug|x64
+ {73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|Win32.ActiveCfg = DLL Debug|Win32
+ {73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|Win32.Build.0 = DLL Debug|Win32
+ {73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|x64.ActiveCfg = DLL Debug|x64
+ {73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|x64.Build.0 = DLL Debug|x64
+ {73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|Win32.ActiveCfg = DLL Release|Win32
+ {73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|Win32.Build.0 = DLL Release|Win32
+ {73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|x64.ActiveCfg = DLL Release|x64
+ {73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|x64.Build.0 = DLL Release|x64
+ {73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|Win32.ActiveCfg = Release|Win32
+ {73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|Win32.Build.0 = Release|Win32
+ {73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|x64.ActiveCfg = Release|x64
+ {73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|x64.Build.0 = Release|x64
+ {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|Win32.ActiveCfg = Debug|Win32
+ {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|Win32.Build.0 = Debug|Win32
+ {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|x64.ActiveCfg = Debug|x64
+ {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|x64.Build.0 = Debug|x64
+ {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|Win32.ActiveCfg = Debug|Win32
+ {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|Win32.Build.0 = Debug|Win32
+ {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|x64.ActiveCfg = DLL Debug|x64
+ {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|x64.Build.0 = DLL Debug|x64
+ {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|Win32.ActiveCfg = Release|Win32
+ {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|Win32.Build.0 = Release|Win32
+ {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|x64.ActiveCfg = DLL Release|x64
+ {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|x64.Build.0 = DLL Release|x64
+ {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|Win32.ActiveCfg = Release|Win32
+ {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|Win32.Build.0 = Release|Win32
+ {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|x64.ActiveCfg = Release|x64
+ {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|x64.Build.0 = Release|x64
+ EndGlobalSection
+ GlobalSection(SolutionProperties) = preSolution
+ HideSolutionNode = FALSE
+ EndGlobalSection
+EndGlobal
diff --git a/IDE/WIN/wolfssl-fips.vcxproj b/IDE/WIN/wolfssl-fips.vcxproj
new file mode 100644
index 000000000..5f007c9bf
--- /dev/null
+++ b/IDE/WIN/wolfssl-fips.vcxproj
@@ -0,0 +1,322 @@
+
+
+
+
+ Debug
+ Win32
+
+
+ Debug
+ x64
+
+
+ DLL Debug
+ Win32
+
+
+ DLL Debug
+ x64
+
+
+ DLL Release
+ Win32
+
+
+ DLL Release
+ x64
+
+
+ Release
+ Win32
+
+
+ Release
+ x64
+
+
+
+ {73973223-5EE8-41CA-8E88-1D60E89A237B}
+ wolfssl-fips
+ Win32Proj
+
+
+
+ StaticLibrary
+ v110
+ Unicode
+ true
+
+
+ DynamicLibrary
+ v110
+ Unicode
+ true
+
+
+ StaticLibrary
+ v110
+ Unicode
+ true
+
+
+ DynamicLibrary
+ v110
+ Unicode
+ true
+
+
+ StaticLibrary
+ v110
+ Unicode
+
+
+ DynamicLibrary
+ v110
+ Unicode
+
+
+ StaticLibrary
+ v110
+ Unicode
+
+
+ DynamicLibrary
+ v110
+ Unicode
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ $(SolutionDir)$(Configuration)\$(Platform)\
+ $(Configuration)\$(Platform)\obj\
+
+
+
+ Disabled
+ ./;../../;%(AdditionalIncludeDirectories)
+ OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)
+ EnableFastChecks
+ MultiThreadedDebugDLL
+ Level4
+ ProgramDatabase
+ 4206;4214;4706;%(DisableSpecificWarnings)
+
+
+
+
+ Disabled
+ ./;../../;%(AdditionalIncludeDirectories)
+ OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;BUILDING_WOLFSSL;CYASSL_DLL;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)
+ true
+ EnableFastChecks
+ MultiThreadedDebugDLL
+ Level4
+ ProgramDatabase
+ 4206;4214;4706;%(DisableSpecificWarnings)
+
+
+ ws2_32.lib;%(AdditionalDependencies)
+
+
+
+
+ Disabled
+ ./;../../;%(AdditionalIncludeDirectories)
+ OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)
+ EnableFastChecks
+ MultiThreadedDebugDLL
+ Level4
+ ProgramDatabase
+ 4206;4214;4706;%(DisableSpecificWarnings)
+
+
+
+
+ Disabled
+ ./;../../;%(AdditionalIncludeDirectories)
+ OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;BUILDING_WOLFSSL;CYASSL_DLL;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)
+ true
+ EnableFastChecks
+ MultiThreadedDebugDLL
+ Level4
+ ProgramDatabase
+ 4206;4214;4706;%(DisableSpecificWarnings)
+
+
+ ws2_32.lib;%(AdditionalDependencies)
+ false
+
+
+
+
+ MaxSpeed
+ true
+ ./;../../;%(AdditionalIncludeDirectories)
+ WIN32;OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)
+ MultiThreadedDLL
+ true
+ Level3
+ ProgramDatabase
+ false
+
+
+
+
+ MaxSpeed
+ true
+ ./;../../;%(AdditionalIncludeDirectories)
+ OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;BUILDING_WOLFSSL;CYASSL_DLL;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)
+ MultiThreadedDLL
+ true
+ Level3
+ ProgramDatabase
+
+
+ ws2_32.lib;%(AdditionalDependencies)
+
+
+
+
+ MaxSpeed
+ true
+ ./;../../;%(AdditionalIncludeDirectories)
+ OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)
+ MultiThreadedDLL
+ true
+ Level3
+ ProgramDatabase
+ false
+
+
+
+
+ MaxSpeed
+ true
+ ./;../../;%(AdditionalIncludeDirectories)
+ OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;BUILDING_WOLFSSL;CYASSL_DLL;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)
+ MultiThreadedDLL
+ true
+ Level3
+ ProgramDatabase
+
+
+ ws2_32.lib;%(AdditionalDependencies)
+ false
+
+
+
+
+ $(IntDir)ctaocrypt\
+
+
+ $(IntDir)ctaocrypt\
+
+
+ $(IntDir)ctaocrypt\
+
+
+ $(IntDir)ctaocrypt\
+
+
+ $(IntDir)ctaocrypt\
+
+
+ $(IntDir)ctaocrypt\
+
+
+ $(IntDir)ctaocrypt\
+
+
+ $(IntDir)ctaocrypt\
+
+
+ $(IntDir)ctaocrypt\
+
+
+ $(IntDir)ctaocrypt\
+ false
+ false
+ false
+ false
+
+
+ $(IntDir)ctaocrypt\
+
+
+ $(IntDir)ctaocrypt\
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ false
+ false
+ ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)
+ ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)
+ $(IntDir)%(Filename).obj
+ $(IntDir)%(Filename).obj
+ false
+ false
+ ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)
+ ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)
+ $(IntDir)%(Filename).obj
+ $(IntDir)%(Filename).obj
+
+
+
+
+
+
\ No newline at end of file
diff --git a/IDE/iOS/README.md b/IDE/iOS/README.md
index 0c20d3fa7..f4525176c 100644
--- a/IDE/iOS/README.md
+++ b/IDE/iOS/README.md
@@ -28,13 +28,10 @@ order.
# Building libwolfssl.a
-## Debug build
-
-## Release build
-
-A release build requires an Apple Developer account, as far as I can tell. I
-have not tried this yet.
+There are several options of builds. You can make a simulator build, or a
+device build. Both are debug builds.
+You can make an archive for a device, as well. That is a release build.
# Installing libwolfssl.a
@@ -66,8 +63,15 @@ for "Preprocessor Macros" and add the following under both `Release` and
* `HAVE_AESGCM`
* `WOLFSSL_SHA512`
* `WOLFSSL_SHA384`
-* `NO_PWDBASED` -- for now, can drop later
+* `NO_MD4`
+* `NO_HC128`
+* `NO_RABBIT`
+* `NO_DSA`
+* `NO_PWDBASED`
+The approved FIPS source files are from the CyaSSL project tag v3.4.8.fips. The
+files fips.c and fips_test.c, and the wolfCAVP test app are from the FIPS
+project tag v3.4.8a. The wolfSSL/wolfCrypt files are from tag v3.4.8.
# Using the FIPS library
@@ -80,3 +84,8 @@ libraries like this, so static builds are required. This creates a problem.
Every time the application is changed, the FIPS checksum will change, because
the FIPS library's position in the executable may change.
+You need to add something to your application that will output the verifyCore
+value to be used. The verifyCore in fips_test.c will need to be updated with
+this value, the library rebuilt, and relinked into your application. The
+application should not be changed during this process or the verifyCore check
+will fail again.
diff --git a/IDE/iOS/include.am b/IDE/iOS/include.am
new file mode 100644
index 000000000..504b4d19c
--- /dev/null
+++ b/IDE/iOS/include.am
@@ -0,0 +1,7 @@
+# vim:ft=automake
+# included from Top Level Makefile.am
+# All paths should be given relative to the root
+
+EXTRA_DIST+= IDE/iOS/README.md
+EXTRA_DIST+= IDE/iOS/wolfssl-FIPS.xcodeproj/project.pbxproj
+EXTRA_DIST+= IDE/iOS/wolfssl.xcodeproj/project.pbxproj
diff --git a/IDE/iOS/wolfssl-FIPS.xcodeproj/project.pbxproj b/IDE/iOS/wolfssl-FIPS.xcodeproj/project.pbxproj
index 001bdf155..e2ae6f02b 100644
--- a/IDE/iOS/wolfssl-FIPS.xcodeproj/project.pbxproj
+++ b/IDE/iOS/wolfssl-FIPS.xcodeproj/project.pbxproj
@@ -165,6 +165,10 @@
521648271A8AC2990062516A /* sha512.c in Sources */ = {isa = PBXBuildFile; fileRef = 5216481A1A8AC2990062516A /* sha512.c */; };
521648281A8AC2990062516A /* wolfcrypt_first.c in Sources */ = {isa = PBXBuildFile; fileRef = 5216481B1A8AC2990062516A /* wolfcrypt_first.c */; };
521648291A8AC2990062516A /* wolfcrypt_last.c in Sources */ = {isa = PBXBuildFile; fileRef = 5216481C1A8AC2990062516A /* wolfcrypt_last.c */; };
+ 522DBE111B7929C80031F454 /* wc_encrypt.c in Sources */ = {isa = PBXBuildFile; fileRef = 522DBE101B7929C80031F454 /* wc_encrypt.c */; };
+ 522DBE131B792A190031F454 /* wc_encrypt.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 522DBE121B7929E70031F454 /* wc_encrypt.h */; };
+ 525BE5BA1B38853E0054BBCD /* hash.c in Sources */ = {isa = PBXBuildFile; fileRef = 525BE5B91B38853E0054BBCD /* hash.c */; };
+ 525BE5BC1B3885750054BBCD /* hash.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 525BE5BB1B3885580054BBCD /* hash.h */; };
/* End PBXBuildFile section */
/* Begin PBXCopyFilesBuildPhase section */
@@ -174,6 +178,8 @@
dstPath = include/wolfssl/wolfcrypt;
dstSubfolderSpec = 7;
files = (
+ 522DBE131B792A190031F454 /* wc_encrypt.h in CopyFiles */,
+ 525BE5BC1B3885750054BBCD /* hash.h in CopyFiles */,
521646CD1A8A7FF30062516A /* aes.h in CopyFiles */,
521646CE1A8A7FF30062516A /* arc4.h in CopyFiles */,
521646CF1A8A7FF30062516A /* asn_public.h in CopyFiles */,
@@ -295,7 +301,7 @@
isa = PBXCopyFilesBuildPhase;
buildActionMask = 2147483647;
dstPath = include/wolfssl;
- dstSubfolderSpec = 16;
+ dstSubfolderSpec = 7;
files = (
521646C41A8A7FE10062516A /* callbacks.h in CopyFiles */,
521646C51A8A7FE10062516A /* certs_test.h in CopyFiles */,
@@ -470,6 +476,10 @@
5216481A1A8AC2990062516A /* sha512.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = sha512.c; path = ../../ctaocrypt/src/sha512.c; sourceTree = ""; };
5216481B1A8AC2990062516A /* wolfcrypt_first.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = wolfcrypt_first.c; path = ../../ctaocrypt/src/wolfcrypt_first.c; sourceTree = ""; };
5216481C1A8AC2990062516A /* wolfcrypt_last.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = wolfcrypt_last.c; path = ../../ctaocrypt/src/wolfcrypt_last.c; sourceTree = ""; };
+ 522DBE101B7929C80031F454 /* wc_encrypt.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = wc_encrypt.c; path = ../../wolfcrypt/src/wc_encrypt.c; sourceTree = SOURCE_ROOT; };
+ 522DBE121B7929E70031F454 /* wc_encrypt.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = wc_encrypt.h; path = ../../wolfssl/wolfcrypt/wc_encrypt.h; sourceTree = ""; };
+ 525BE5B91B38853E0054BBCD /* hash.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = hash.c; path = ../../wolfcrypt/src/hash.c; sourceTree = ""; };
+ 525BE5BB1B3885580054BBCD /* hash.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = hash.h; path = ../../wolfssl/wolfcrypt/hash.h; sourceTree = ""; };
52B1344D16F3C9E800C07B32 /* libwolfssl.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libwolfssl.a; sourceTree = BUILT_PRODUCTS_DIR; };
/* End PBXFileReference section */
@@ -582,6 +592,7 @@
5216466C1A8993770062516A /* ecc.h */,
5216466D1A8993770062516A /* error-crypt.h */,
5216466E1A8993770062516A /* fips_test.h */,
+ 525BE5BB1B3885580054BBCD /* hash.h */,
5216466F1A8993770062516A /* hc128.h */,
521646701A8993770062516A /* hmac.h */,
521646721A8993770062516A /* integer.h */,
@@ -607,6 +618,7 @@
521646861A8993770062516A /* tfm.h */,
521646871A8993770062516A /* types.h */,
521646881A8993770062516A /* visibility.h */,
+ 522DBE121B7929E70031F454 /* wc_encrypt.h */,
521646891A8993770062516A /* wc_port.h */,
);
name = wolfCrypt;
@@ -653,6 +665,7 @@
5216461A1A8992CC0062516A /* dsa.c */,
5216461B1A8992CC0062516A /* ecc.c */,
5216461C1A8992CC0062516A /* error.c */,
+ 525BE5B91B38853E0054BBCD /* hash.c */,
5216461D1A8992CC0062516A /* hc128.c */,
5216461E1A8992CC0062516A /* hmac.c */,
5216461F1A8992CC0062516A /* integer.c */,
@@ -673,6 +686,7 @@
5216462E1A8992CC0062516A /* sha256.c */,
5216462F1A8992CC0062516A /* sha512.c */,
521646301A8992CC0062516A /* tfm.c */,
+ 522DBE101B7929C80031F454 /* wc_encrypt.c */,
521646311A8992CC0062516A /* wc_port.c */,
);
name = wolfCrypt;
@@ -790,6 +804,7 @@
521648241A8AC2990062516A /* rsa.c in Sources */,
5216481D1A8AC2990062516A /* aes.c in Sources */,
5216481E1A8AC2990062516A /* des3.c in Sources */,
+ 525BE5BA1B38853E0054BBCD /* hash.c in Sources */,
521648251A8AC2990062516A /* sha.c in Sources */,
521648271A8AC2990062516A /* sha512.c in Sources */,
521648201A8AC2990062516A /* fips.c in Sources */,
@@ -820,6 +835,7 @@
521646351A8992CC0062516A /* blake2b.c in Sources */,
5216464C1A8992CC0062516A /* ripemd.c in Sources */,
521646451A8992CC0062516A /* memory.c in Sources */,
+ 522DBE111B7929C80031F454 /* wc_encrypt.c in Sources */,
5216463C1A8992CC0062516A /* ecc.c in Sources */,
5216464F1A8992CC0062516A /* sha256.c in Sources */,
521646371A8992CC0062516A /* chacha.c in Sources */,
@@ -865,7 +881,7 @@
GCC_WARN_ABOUT_RETURN_TYPE = YES;
GCC_WARN_UNINITIALIZED_AUTOS = YES;
GCC_WARN_UNUSED_VARIABLE = YES;
- IPHONEOS_DEPLOYMENT_TARGET = 6.1;
+ IPHONEOS_DEPLOYMENT_TARGET = 8.1;
ONLY_ACTIVE_ARCH = YES;
SDKROOT = iphoneos;
USER_HEADER_SEARCH_PATHS = "wolfssl/wolfcrypt wolfssl include";
@@ -888,7 +904,7 @@
GCC_WARN_ABOUT_RETURN_TYPE = YES;
GCC_WARN_UNINITIALIZED_AUTOS = YES;
GCC_WARN_UNUSED_VARIABLE = YES;
- IPHONEOS_DEPLOYMENT_TARGET = 6.1;
+ IPHONEOS_DEPLOYMENT_TARGET = 8.1;
SDKROOT = iphoneos;
USER_HEADER_SEARCH_PATHS = "wolfssl/wolfcrypt wolfssl include";
VALIDATE_PRODUCT = NO;
@@ -911,12 +927,17 @@
HAVE_AESGCM,
WOLFSSL_SHA512,
WOLFSSL_SHA384,
+ NO_MD4,
+ NO_HC128,
+ NO_RABBIT,
+ NO_DSA,
NO_PWDBASED,
);
HEADER_SEARCH_PATHS = (
$SRCROOT,
$PROJECT_DIR/../..,
);
+ IPHONEOS_DEPLOYMENT_TARGET = 8.1;
OTHER_CFLAGS = "";
OTHER_LDFLAGS = "";
PRODUCT_NAME = wolfssl;
@@ -941,12 +962,17 @@
HAVE_AESGCM,
WOLFSSL_SHA512,
WOLFSSL_SHA384,
+ NO_MD4,
+ NO_HC128,
+ NO_RABBIT,
+ NO_DSA,
NO_PWDBASED,
);
HEADER_SEARCH_PATHS = (
$SRCROOT,
$PROJECT_DIR/../..,
);
+ IPHONEOS_DEPLOYMENT_TARGET = 8.1;
OTHER_CFLAGS = "";
OTHER_LDFLAGS = "";
PRODUCT_NAME = wolfssl;
diff --git a/IDE/iOS/wolfssl.xcodeproj/project.pbxproj b/IDE/iOS/wolfssl.xcodeproj/project.pbxproj
index 14fd4e4d6..9b6943fda 100644
--- a/IDE/iOS/wolfssl.xcodeproj/project.pbxproj
+++ b/IDE/iOS/wolfssl.xcodeproj/project.pbxproj
@@ -153,6 +153,10 @@
5216472A1A8A80100062516A /* types.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 521646BE1A8993F50062516A /* types.h */; };
5216472B1A8A80100062516A /* visibility.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 521646BF1A8993F50062516A /* visibility.h */; };
5216472C1A8A80100062516A /* wc_port.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 521646C01A8993F50062516A /* wc_port.h */; };
+ 522DBE0D1B7926FB0031F454 /* wc_encrypt.c in Sources */ = {isa = PBXBuildFile; fileRef = 522DBE0C1B7926FB0031F454 /* wc_encrypt.c */; };
+ 522DBE0F1B7927A50031F454 /* wc_encrypt.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 522DBE0E1B7927290031F454 /* wc_encrypt.h */; };
+ 525BE5341B3869110054BBCD /* hash.c in Sources */ = {isa = PBXBuildFile; fileRef = 525BE5331B3869110054BBCD /* hash.c */; };
+ 525BE5361B3869780054BBCD /* hash.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 525BE5351B3869430054BBCD /* hash.h */; };
/* End PBXBuildFile section */
/* Begin PBXCopyFilesBuildPhase section */
@@ -162,6 +166,8 @@
dstPath = include/wolfssl/wolfcrypt;
dstSubfolderSpec = 7;
files = (
+ 522DBE0F1B7927A50031F454 /* wc_encrypt.h in CopyFiles */,
+ 525BE5361B3869780054BBCD /* hash.h in CopyFiles */,
521646CD1A8A7FF30062516A /* aes.h in CopyFiles */,
521646CE1A8A7FF30062516A /* arc4.h in CopyFiles */,
521646CF1A8A7FF30062516A /* asn_public.h in CopyFiles */,
@@ -283,7 +289,7 @@
isa = PBXCopyFilesBuildPhase;
buildActionMask = 2147483647;
dstPath = include/wolfssl;
- dstSubfolderSpec = 16;
+ dstSubfolderSpec = 7;
files = (
521646C41A8A7FE10062516A /* callbacks.h in CopyFiles */,
521646C51A8A7FE10062516A /* certs_test.h in CopyFiles */,
@@ -446,6 +452,10 @@
521646BE1A8993F50062516A /* types.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = types.h; path = ../../cyassl/ctaocrypt/types.h; sourceTree = ""; };
521646BF1A8993F50062516A /* visibility.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = visibility.h; path = ../../cyassl/ctaocrypt/visibility.h; sourceTree = ""; };
521646C01A8993F50062516A /* wc_port.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = wc_port.h; path = ../../cyassl/ctaocrypt/wc_port.h; sourceTree = ""; };
+ 522DBE0C1B7926FB0031F454 /* wc_encrypt.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = wc_encrypt.c; path = ../../wolfcrypt/src/wc_encrypt.c; sourceTree = SOURCE_ROOT; };
+ 522DBE0E1B7927290031F454 /* wc_encrypt.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = wc_encrypt.h; path = ../../wolfssl/wolfcrypt/wc_encrypt.h; sourceTree = ""; };
+ 525BE5331B3869110054BBCD /* hash.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = hash.c; path = ../../wolfcrypt/src/hash.c; sourceTree = ""; };
+ 525BE5351B3869430054BBCD /* hash.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = hash.h; path = ../../wolfssl/wolfcrypt/hash.h; sourceTree = ""; };
52B1344D16F3C9E800C07B32 /* libwolfssl.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libwolfssl.a; sourceTree = BUILT_PRODUCTS_DIR; };
/* End PBXFileReference section */
@@ -558,6 +568,7 @@
5216466C1A8993770062516A /* ecc.h */,
5216466D1A8993770062516A /* error-crypt.h */,
5216466E1A8993770062516A /* fips_test.h */,
+ 525BE5351B3869430054BBCD /* hash.h */,
5216466F1A8993770062516A /* hc128.h */,
521646701A8993770062516A /* hmac.h */,
521646721A8993770062516A /* integer.h */,
@@ -583,6 +594,7 @@
521646861A8993770062516A /* tfm.h */,
521646871A8993770062516A /* types.h */,
521646881A8993770062516A /* visibility.h */,
+ 522DBE0E1B7927290031F454 /* wc_encrypt.h */,
521646891A8993770062516A /* wc_port.h */,
);
name = wolfCrypt;
@@ -628,6 +640,7 @@
5216461A1A8992CC0062516A /* dsa.c */,
5216461B1A8992CC0062516A /* ecc.c */,
5216461C1A8992CC0062516A /* error.c */,
+ 525BE5331B3869110054BBCD /* hash.c */,
5216461D1A8992CC0062516A /* hc128.c */,
5216461E1A8992CC0062516A /* hmac.c */,
5216461F1A8992CC0062516A /* integer.c */,
@@ -648,6 +661,7 @@
5216462E1A8992CC0062516A /* sha256.c */,
5216462F1A8992CC0062516A /* sha512.c */,
521646301A8992CC0062516A /* tfm.c */,
+ 522DBE0C1B7926FB0031F454 /* wc_encrypt.c */,
521646311A8992CC0062516A /* wc_port.c */,
);
name = wolfCrypt;
@@ -752,10 +766,12 @@
521646341A8992CC0062516A /* asn.c in Sources */,
521646501A8992CC0062516A /* sha512.c in Sources */,
5216464A1A8992CC0062516A /* rabbit.c in Sources */,
+ 525BE5341B3869110054BBCD /* hash.c in Sources */,
521646441A8992CC0062516A /* md5.c in Sources */,
5216460F1A89928E0062516A /* ssl.c in Sources */,
5216464D1A8992CC0062516A /* rsa.c in Sources */,
5216464B1A8992CC0062516A /* random.c in Sources */,
+ 522DBE0D1B7926FB0031F454 /* wc_encrypt.c in Sources */,
521646101A89928E0062516A /* tls.c in Sources */,
5216460D1A89928E0062516A /* ocsp.c in Sources */,
521646431A8992CC0062516A /* md4.c in Sources */,
@@ -847,6 +863,17 @@
DSTROOT = /tmp/wolfssl_ios.dst;
GCC_PRECOMPILE_PREFIX_HEADER = NO;
GCC_PREFIX_HEADER = "";
+ GCC_PREPROCESSOR_DEFINITIONS = (
+ "DEBUG=1",
+ "$(inherited)",
+ IPHONE,
+ HAVE_HASHDRBG,
+ USE_FAST_MATH,
+ HAVE_HASHDRBG,
+ HAVE_AESGCM,
+ WOLFSSL_SHA512,
+ WOLFSSL_SHA384,
+ );
HEADER_SEARCH_PATHS = (
$SRCROOT,
$PROJECT_DIR/../..,
@@ -867,6 +894,15 @@
DSTROOT = /tmp/wolfssl_ios.dst;
GCC_PRECOMPILE_PREFIX_HEADER = NO;
GCC_PREFIX_HEADER = "";
+ GCC_PREPROCESSOR_DEFINITIONS = (
+ IPHONE,
+ HAVE_HASHDRBG,
+ USE_FAST_MATH,
+ HAVE_HASHDRBG,
+ HAVE_AESGCM,
+ WOLFSSL_SHA512,
+ WOLFSSL_SHA384,
+ );
HEADER_SEARCH_PATHS = (
$SRCROOT,
$PROJECT_DIR/../..,
diff --git a/IDE/include.am b/IDE/include.am
new file mode 100644
index 000000000..7fe6e6a60
--- /dev/null
+++ b/IDE/include.am
@@ -0,0 +1,8 @@
+# vim:ft=automake
+# included from Top Level Makefile.am
+# All paths should be given relative to the root
+
+include IDE/WIN/include.am
+include IDE/iOS/include.am
+
+EXTRA_DIST+= IDE/IAR-EWARM IDE/MDK-ARM IDE/MDK5-ARM IDE/MYSQL
diff --git a/LICENSING b/LICENSING
index e43bb9f39..9f50165fd 100644
--- a/LICENSING
+++ b/LICENSING
@@ -1,7 +1,7 @@
-CyaSSL and wolfCrypt are either licensed for use under the GPLv2 or a
-standard commercial license. For our users who cannot use CyaSSL under
-GPLv2, a commercial license to CyaSSL and wolfCrypt is available.
+wolfSSL (formerly known as CyaSSL) and wolfCrypt are either licensed for use
+under the GPLv2 or a standard commercial license. For our users who cannot use
+wolfSSL under GPLv2, a commercial license to wolfSSL and wolfCrypt is available.
Please contact wolfSSL Inc. directly at:
Email: licensing@wolfssl.com
diff --git a/Makefile.am b/Makefile.am
index 2cbb27616..65b4d3d82 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -16,6 +16,8 @@ EXTRA_HEADERS =
BUILT_SOURCES=
EXTRA_DIST=
dist_doc_DATA=
+dist_noinst_SCRIPTS =
+check_SCRIPTS =
#includes additional rules from aminclude.am
@INC_AMINCLUDE@
@@ -53,7 +55,6 @@ EXTRA_DIST+= wolfssl.sln
EXTRA_DIST+= wolfssl64.sln
EXTRA_DIST+= valgrind-error.sh
EXTRA_DIST+= gencertbuf.pl
-EXTRA_DIST+= IDE
EXTRA_DIST+= README.md
EXTRA_DIST+= LICENSING
EXTRA_DIST+= INSTALL
@@ -94,6 +95,8 @@ include mcapi/wolfcrypt_test.X/nbproject/include.am
include mcapi/wolfssl.X/nbproject/include.am
include mcapi/zlib.X/nbproject/include.am
include tirtos/include.am
+include scripts/include.am
+include IDE/include.am
if USE_VALGRIND
TESTS_ENVIRONMENT=./valgrind-error.sh
@@ -101,6 +104,10 @@ endif
TEST_EXTENSIONS=.test
TESTS += $(check_PROGRAMS)
+
+check_SCRIPTS+= $(dist_noinst_SCRIPTS)
+TESTS += $(check_SCRIPTS)
+
test: check
tests/unit.log: testsuite/testsuite.log
diff --git a/README b/README
index 0696f7f39..cb6981bc9 100644
--- a/README
+++ b/README
@@ -1,24 +1,22 @@
*** Notes, Please read ***
Note 1)
-wolfSSL now needs all examples and tests to be run from the wolfSSL home
-directory. This is because it finds certs and keys from ./certs/. Trying to
-maintain the ability to run each program from its own directory, the testsuite
-directory, the main directory (for make check/test), and for the various
-different project layouts (with or without config) was becoming harder and
-harder. Now to run testsuite just do:
+wolfSSL as of 3.6.6 no longer enables SSLv3 by default. wolfSSL also no
+longer supports static key cipher suites with PSK, RSA, or ECDH. This means
+if you plan to use TLS cipher suites you must enable DH (DH is on by default),
+or enable ECC (ECC is on by default on 64bit systems), or you must enable static
+key cipher suites with
+ WOLFSSL_STATI_DH
+ WOLFSSL_STATIC_RSA
+ or
+ WOLFSSL_STATIC_PSK
-./testsuite/testsuite
-
-or
-
-make check (when using autoconf)
-
-On *nix or Windows the examples and testsuite will check to see if the current
-directory is the source directory and if so, attempt to change to the wolfSSL
-home directory. This should work in most setup cases, if not, just follow the
-beginning of the note and specify the full path.
+though static key cipher suites are deprecated and will be removed from future
+versions of TLS. They also lower your security by removing PFS.
+When compiling ssl.c wolfSSL will now issue a comipler error if no cipher suites
+are available. You can remove this error by defining WOLFSSL_ALLOW_NO_SUITES
+in the event that you desire that, i.e., you're not using TLS cipher suites.
Note 2)
wolfSSL takes a different approach to certificate verification than OpenSSL
@@ -34,7 +32,66 @@ before calling wolfSSL_new(); Though it's not recommended.
*** end Notes ***
-wolfSSL (Formerly CyaSSL) Release 3.4.6 (03/30/2015)
+wolfSSL (Formerly CyaSSL) Release 3.6.6 (08/20/2015)
+
+Release 3.6.6 of wolfSSL has bug fixes and new features including:
+
+- OpenSSH compatibility with --enable-openssh
+- stunnel compatibility with --enable-stunnel
+- lighttpd compatibility with --enable-lighty
+- SSLv3 is now disabled by default, can be enabled with --enable-sslv3
+- Ephemeral key cipher suites only are now supported by default
+ To enable static ECDH cipher suites define WOLFSSL_STATIC_DH
+ To enable static RSA cipher suites define WOLFSSL_STATIC_RSA
+ To enable static PSK cipher suites define WOLFSSL_STATIC_PSK
+- Added QSH (quantum-safe handshake) extension with --enable-ntru
+- SRP is now part of wolfCrypt, enable with --enabe-srp
+- Certificate handshake messages can now be sent fragmented if the record
+ size is smaller than the total message size, no user action required.
+- DTLS duplicate message fixes
+- Visual Studio project files now support DLL and static builds for 32/64bit.
+- Support for new Freesacle I/O
+- FreeRTOS FIPS support
+
+- No high level security fixes that requires an update though we always
+ recommend updating to the latest
+
+See INSTALL file for build instructions.
+More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html
+
+ **************** wolfSSL (Formerly CyaSSL) Release 3.6.0 (06/19/2015)
+
+Release 3.6.0 of wolfSSL has bug fixes and new features including:
+
+- Max Strength build that only allows TLSv1.2, AEAD ciphers, and PFS (Perfect
+ Forward Secrecy). With --enable-maxstrength
+- Server side session ticket support, the example server and echoserver use the
+ example callback myTicketEncCb(), see wolfSSL_CTX_set_TicketEncCb()
+- FIPS version submitted for iOS.
+- TI Crypto Hardware Acceleration
+- DTLS fragmentation fixes
+- ECC key check validation with wc_ecc_check_key()
+- 32bit code options to reduce memory for Curve25519 and Ed25519
+- wolfSSL JNI build switch with --enable-jni
+- PicoTCP support improvements
+- DH min ephemeral key size enforcement with wolfSSL_CTX_SetMinDhKey_Sz()
+- KEEP_PEER_CERT and AltNames can now be used together
+- ChaCha20 big endian fix
+- SHA-512 signature algorithm support for key exchange and verify messages
+- ECC make key crash fix on RNG failure, ECC users must update.
+- Improvements to usage of time code.
+- Improvements to VS solution files.
+- GNU Binutils 2.24 ld has problems with some debug builds, to fix an ld error
+ add -fdebug-types-section to C_EXTRA_FLAGS
+
+- No high level security fixes that requires an update though we always
+ recommend updating to the latest (except note 14, ecc RNG failure)
+
+See INSTALL file for build instructions.
+More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html
+
+
+ *****************wolfSSL (Formerly CyaSSL) Release 3.4.6 (03/30/2015)
Release 3.4.6 of wolfSSL has bug fixes and new features including:
diff --git a/README.md b/README.md
index 65be1b0f2..87874f2e6 100644
--- a/README.md
+++ b/README.md
@@ -2,27 +2,27 @@
## Note 1
```
-wolfSSL now needs all examples and tests to be run from the wolfSSL home
-directory. This is because it finds certs and keys from ./certs/. Trying to
-maintain the ability to run each program from its own directory, the testsuite
-directory, the main directory (for make check/test), and for the various
-different project layouts (with or without config) was becoming harder and
-harder. Now to run testsuite just do:
+wolfSSL as of 3.6.6 no longer enables SSLv3 by default. wolfSSL also no
+longer supports static key cipher suites with PSK, RSA, or ECDH. This means
+if you plan to use TLS cipher suites you must enable DH (DH is on by default),
+or enable ECC (ECC is on by default on 64bit systems), or you must enable static
+key cipher suites with
+ WOLFSSL_STATI_DH
+ WOLFSSL_STATIC_RSA
+ or
+ WOLFSSL_STATIC_PSK
-./testsuite/testsuite
+though static key cipher suites are deprecated and will be removed from future
+versions of TLS. They also lower your security by removing PFS.
-or
-
-make check (when using autoconf)
-
-On *nix or Windows the examples and testsuite will check to see if the current
-directory is the source directory and if so, attempt to change to the wolfSSL
-home directory. This should work in most setup cases, if not, just follow the
-beginning of the note and specify the full path.
+When compiling ssl.c wolfSSL will now issue a comipler error if no cipher suites
+are available. You can remove this error by defining WOLFSSL_ALLOW_NO_SUITES
+in the event that you desire that, i.e., you're not using TLS cipher suites.
```
## Note 2
```
+
wolfSSL takes a different approach to certificate verification than OpenSSL
does. The default policy for the client is to verify the server, this means
that if you don't load CAs to verify the server you'll get a connect error,
@@ -35,6 +35,79 @@ wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
before calling wolfSSL_new(); Though it's not recommended.
```
+#wolfSSL (Formerly CyaSSL) Release 3.6.6 (08/20/2015)
+
+##Release 3.6.6 of wolfSSL has bug fixes and new features including:
+
+- OpenSSH compatibility with --enable-openssh
+- stunnel compatibility with --enable-stunnel
+- lighttpd compatibility with --enable-lighty
+- SSLv3 is now disabled by default, can be enabled with --enable-sslv3
+- Ephemeral key cipher suites only are now supported by default
+ To enable static ECDH cipher suites define WOLFSSL_STATIC_DH
+ To enable static RSA cipher suites define WOLFSSL_STATIC_RSA
+ To enable static PSK cipher suites define WOLFSSL_STATIC_PSK
+- Added QSH (quantum-safe handshake) extension with --enable-ntru
+- SRP is now part of wolfCrypt, enable with --enabe-srp
+- Certificate handshake messages can now be sent fragmented if the record
+ size is smaller than the total message size, no user action required.
+- DTLS duplicate message fixes
+- Visual Studio project files now support DLL and static builds for 32/64bit.
+- Support for new Freesacle I/O
+- FreeRTOS FIPS support
+
+- No high level security fixes that requires an update though we always
+ recommend updating to the latest
+
+See INSTALL file for build instructions.
+More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html
+
+
+#wolfSSL (Formerly CyaSSL) Release 3.6.0 (06/19/2015)
+
+##Release 3.6.0 of wolfSSL has bug fixes and new features including:
+
+- Max Strength build that only allows TLSv1.2, AEAD ciphers, and PFS (Perfect
+ Forward Secrecy). With --enable-maxstrength
+- Server side session ticket support, the example server and echosever use the
+ example callback myTicketEncCb(), see wolfSSL_CTX_set_TicketEncCb()
+- FIPS version submitted for iOS.
+- TI Crypto Hardware Acceleration
+- DTLS fragmentation fixes
+- ECC key check validation with wc_ecc_check_key()
+- 32bit code options to reduce memory for Curve25519 and Ed25519
+- wolfSSL JNI build switch with --enable-jni
+- PicoTCP support improvements
+- DH min ephemeral key size enforcement with wolfSSL_CTX_SetMinDhKey_Sz()
+- KEEP_PEER_CERT and AltNames can now be used together
+- ChaCha20 big endian fix
+- SHA-512 signature algorithm support for key exchange and verify messages
+- ECC make key crash fix on RNG failure, ECC users must update.
+- Improvements to usage of time code.
+- Improvements to VS solution files.
+- GNU Binutils 2.24 ld has problems with some debug builds, to fix an ld error
+ add -fdebug-types-section to C_EXTRA_FLAGS
+
+- No high level security fixes that requires an update though we always
+ recommend updating to the latest (except note 14, ecc RNG failure)
+
+See INSTALL file for build instructions.
+More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html
+
+
+#wolfSSL (Formerly CyaSSL) Release 3.4.8 (04/06/2015)
+
+##Release 3.4.8 of wolfSSL has bug fixes and new features including:
+
+- FIPS version submitted for iOS.
+- Max Strength build that only allows TLSv1.2, AEAD ciphers, and PFS.
+- Improvements to usage of time code.
+- Improvements to VS solution files.
+
+See INSTALL file for build instructions.
+More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html
+
+
#wolfSSL (Formerly CyaSSL) Release 3.4.6 (03/30/2015)
##Release 3.4.6 of wolfSSL has bug fixes and new features including:
diff --git a/SCRIPTS-LIST b/SCRIPTS-LIST
new file mode 100644
index 000000000..2f2306590
--- /dev/null
+++ b/SCRIPTS-LIST
@@ -0,0 +1,33 @@
+autogen.sh - creates ./configure from source checkout, sets up git hooks
+
+pre-commit.sh - our pre commit hook, saves current state before running commit
+ tests to allow a resotre back to current state
+
+commit-tests.sh - our commit tests, must pass before a commit is accepted, use
+ -n (--no-verify) to disable
+
+
+fips-check.sh - checks if current wolfSSL version works against FIPS wolfCrypt
+ comment out last line to leave working directory
+
+gencertbuf.pl - creates certs_test.h, our certs / keys C array for easy non
+ filesystem testing
+
+pull_to_vagrant.sh - synchronize to a vm without using git
+
+certs/
+ renewcerts.sh - renews test certs and crls
+ crl/
+ gencrls.sh - generates crls, used by renewcerts.sh
+
+scripts/
+ external.test - example client test against our website, part of tests
+ google.test - example client test against google, part of tests
+ resume.test - example sessoin resume test, part of tests
+ sniffer-testsuite.test - runs snifftest on a pcap of testsuite, part of tests
+ in sniffer mode
+swig/
+ PythonBuild.sh - builds and runs simple python example
+
+valgrind-error.sh - deprecated, was used to detect valgrind errors before
+ automake switched to concurrent tests
diff --git a/Vagrantfile b/Vagrantfile
index 58d4212c3..aef42caf7 100644
--- a/Vagrantfile
+++ b/Vagrantfile
@@ -45,4 +45,6 @@ VAGRANTFILE_API_VERSION = "2"
Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
config.vm.box = "hashicorp/precise64"
config.vm.provision "shell", inline: $setup
+ config.vm.network "forwarded_port", guest: 11111, host: 33333
+
end
diff --git a/autogen.sh b/autogen.sh
index f0042765d..89e475c0b 100755
--- a/autogen.sh
+++ b/autogen.sh
@@ -9,17 +9,7 @@ if test -d .git; then
mkdir .git/hooks
fi
ln -s -f ../../pre-commit.sh .git/hooks/pre-commit
-fi
-
-# Set HAVE_FIPS_SOURCE to 1 in your .profile if you have access to the FIPS
-# repository. (Hint: If you don't work for us, you don't. This will fail.)
-if test -n "$HAVE_FIPS_SOURCE" -a ! -d ./fips; then
- git clone git@github.com:wolfSSL/fips.git
- SAVEDIR=`pwd`
- cd ./ctaocrypt/src
- ln -sf ../../fips/fips.c
- ln -sf ../../fips/fips_test.c
- cd $SAVEDIR
+ ln -s -f ../../pre-push.sh .git/hooks/pre-push
fi
# If this is a source checkout then call autoreconf with error as well
diff --git a/certs/1024/client-cert.der b/certs/1024/client-cert.der
index d7bf4ed87..c2bd6df8f 100644
Binary files a/certs/1024/client-cert.der and b/certs/1024/client-cert.der differ
diff --git a/certs/1024/client-cert.pem b/certs/1024/client-cert.pem
index fc5f15a4a..2f13e8e25 100644
--- a/certs/1024/client-cert.pem
+++ b/certs/1024/client-cert.pem
@@ -1,13 +1,13 @@
Certificate:
Data:
Version: 3 (0x2)
- Serial Number: 16789358970865666130 (0xe8ffc907b8f74852)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=US, ST=Montana, L=Bozeman, O=wolfSSL, OU=Programming, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+ Serial Number: 16417767964199037690 (0xe3d7a0fa76df2afa)
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C=US, ST=Montana, L=Bozeman, O=wolfSSL_1024, OU=Programming-1024, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Validity
- Not Before: Feb 5 06:33:30 2015 GMT
- Not After : Nov 1 06:33:30 2017 GMT
- Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL, OU=Programming, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+ Not Before: May 7 18:21:01 2015 GMT
+ Not After : Jan 31 18:21:01 2018 GMT
+ Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL_1024, OU=Programming-1024, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
@@ -27,39 +27,40 @@ Certificate:
81:69:0F:F8:DF:DD:CF:34:29:D5:67:75:71:85:C7:75:10:69:59:EC
X509v3 Authority Key Identifier:
keyid:81:69:0F:F8:DF:DD:CF:34:29:D5:67:75:71:85:C7:75:10:69:59:EC
- DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL/OU=Programming/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
- serial:E8:FF:C9:07:B8:F7:48:52
+ DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL_1024/OU=Programming-1024/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+ serial:E3:D7:A0:FA:76:DF:2A:FA
X509v3 Basic Constraints:
CA:TRUE
- Signature Algorithm: sha1WithRSAEncryption
- 70:be:fb:3c:29:5d:53:ba:96:bc:cb:7e:82:a9:2c:ef:ee:3b:
- f0:e8:f4:01:78:50:51:55:1b:47:9b:dc:5a:10:e6:39:84:9a:
- a1:2d:03:cc:b3:16:e9:32:26:97:3d:0f:ec:c9:4f:11:08:31:
- a3:1c:1f:37:d3:00:04:42:cc:c9:34:14:3a:e1:f2:f9:be:2e:
- bf:64:47:3e:46:95:09:a5:3b:4c:4a:7b:23:0e:3c:54:01:d4:
- 55:fa:53:f0:65:6e:68:4b:cc:e3:83:5f:fe:9e:c8:e7:f6:e1:
- c8:88:bb:b9:24:f6:0a:18:20:44:cb:78:2e:77:3f:bf:22:ef:
- bc:b4
+ Signature Algorithm: sha256WithRSAEncryption
+ 1d:b7:d5:7c:e1:b1:d8:c0:67:5d:b5:d3:88:e7:50:29:71:63:
+ 8f:cc:26:1f:33:09:55:43:9b:ab:c6:1b:bc:c7:01:95:1a:fa:
+ 65:e0:fd:9c:eb:6f:0a:0f:14:ec:b5:2f:dc:1c:30:dd:52:97:
+ d4:1c:09:00:33:38:5f:cb:a8:16:8f:11:b7:b8:d0:66:e1:54:
+ 28:f3:3f:bf:6a:6f:76:48:2a:5e:56:a7:ce:1c:f0:04:dd:17:
+ bd:06:78:21:6d:d6:b1:9b:75:31:92:c1:fe:d4:8d:d4:67:2f:
+ 03:1b:27:8d:ab:ff:30:3b:c3:7f:23:e4:ab:5b:91:e1:1b:66:
+ e6:ed
-----BEGIN CERTIFICATE-----
-MIIDpTCCAw6gAwIBAgIJAOj/yQe490hSMA0GCSqGSIb3DQEBBQUAMIGUMQswCQYD
-VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEQMA4G
-A1UECgwHd29sZlNTTDEUMBIGA1UECwwLUHJvZ3JhbW1pbmcxGDAWBgNVBAMMD3d3
-dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAe
-Fw0xNTAyMDUwNjMzMzBaFw0xNzExMDEwNjMzMzBaMIGUMQswCQYDVQQGEwJVUzEQ
-MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEQMA4GA1UECgwHd29s
-ZlNTTDEUMBIGA1UECwwLUHJvZ3JhbW1pbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns
-LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCBnzANBgkqhkiG
-9w0BAQEFAAOBjQAwgYkCgYEAvHMOqEnzdKKp7xil2lWZIfnI7LNtSOU1NXV3N+zR
-YZBfPtnk1d+UysGp1xnahsnoTcRhNoL+q61+dyW7jRGlvGI6qDjMOaIEZrT39/Oq
-2k0CDrtejWlI3HfJKA4i6WukJrpM6MH9Sm8rH++KrvaQYuVkHusrPGfI3CcA9pFo
-ZakCAwEAAaOB/DCB+TAdBgNVHQ4EFgQUgWkP+N/dzzQp1Wd1cYXHdRBpWewwgckG
-A1UdIwSBwTCBvoAUgWkP+N/dzzQp1Wd1cYXHdRBpWeyhgZqkgZcwgZQxCzAJBgNV
-BAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRAwDgYD
-VQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtQcm9ncmFtbWluZzEYMBYGA1UEAwwPd3d3
-LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkA
-6P/JB7j3SFIwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBwvvs8KV1T
-upa8y36CqSzv7jvw6PQBeFBRVRtHm9xaEOY5hJqhLQPMsxbpMiaXPQ/syU8RCDGj
-HB830wAEQszJNBQ64fL5vi6/ZEc+RpUJpTtMSnsjDjxUAdRV+lPwZW5oS8zjg1/+
-nsjn9uHIiLu5JPYKGCBEy3gudz+/Iu+8tA==
+MIIDxTCCAy6gAwIBAgIJAOPXoPp23yr6MA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD
+VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEVMBMG
+A1UECgwMd29sZlNTTF8xMDI0MRkwFwYDVQQLDBBQcm9ncmFtbWluZy0xMDI0MRgw
+FgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29s
+ZnNzbC5jb20wHhcNMTUwNTA3MTgyMTAxWhcNMTgwMTMxMTgyMTAxWjCBnjELMAkG
+A1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFTAT
+BgNVBAoMDHdvbGZTU0xfMTAyNDEZMBcGA1UECwwQUHJvZ3JhbW1pbmctMTAyNDEY
+MBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv
+bGZzc2wuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8cw6oSfN0oqnv
+GKXaVZkh+cjss21I5TU1dXc37NFhkF8+2eTV35TKwanXGdqGyehNxGE2gv6rrX53
+JbuNEaW8YjqoOMw5ogRmtPf386raTQIOu16NaUjcd8koDiLpa6Qmukzowf1Kbysf
+74qu9pBi5WQe6ys8Z8jcJwD2kWhlqQIDAQABo4IBBzCCAQMwHQYDVR0OBBYEFIFp
+D/jf3c80KdVndXGFx3UQaVnsMIHTBgNVHSMEgcswgciAFIFpD/jf3c80KdVndXGF
+x3UQaVnsoYGkpIGhMIGeMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQ
+MA4GA1UEBwwHQm96ZW1hbjEVMBMGA1UECgwMd29sZlNTTF8xMDI0MRkwFwYDVQQL
+DBBQcm9ncmFtbWluZy0xMDI0MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAd
+BgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CCQDj16D6dt8q+jAMBgNVHRME
+BTADAQH/MA0GCSqGSIb3DQEBCwUAA4GBAB231XzhsdjAZ12104jnUClxY4/MJh8z
+CVVDm6vGG7zHAZUa+mXg/ZzrbwoPFOy1L9wcMN1Sl9QcCQAzOF/LqBaPEbe40Gbh
+VCjzP79qb3ZIKl5Wp84c8ATdF70GeCFt1rGbdTGSwf7UjdRnLwMbJ42r/zA7w38j
+5KtbkeEbZubt
-----END CERTIFICATE-----
diff --git a/certs/ca-cert.der b/certs/ca-cert.der
index 162680984..d0eab7a3c 100644
Binary files a/certs/ca-cert.der and b/certs/ca-cert.der differ
diff --git a/certs/ca-cert.pem b/certs/ca-cert.pem
index d98a51a5b..6eacbebd0 100644
--- a/certs/ca-cert.pem
+++ b/certs/ca-cert.pem
@@ -1,12 +1,12 @@
Certificate:
Data:
Version: 3 (0x2)
- Serial Number: 18049645117592769049 (0xfa7d389a73fb1219)
- Signature Algorithm: sha1WithRSAEncryption
+ Serial Number: 15672591315981621815 (0xd9803ac3d2f4da37)
+ Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Validity
- Not Before: Feb 5 06:33:30 2015 GMT
- Not After : Nov 1 06:33:30 2017 GMT
+ Not Before: May 7 18:21:01 2015 GMT
+ Not After : Jan 31 18:21:01 2018 GMT
Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
@@ -37,32 +37,32 @@ Certificate:
X509v3 Authority Key Identifier:
keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
- serial:FA:7D:38:9A:73:FB:12:19
+ serial:D9:80:3A:C3:D2:F4:DA:37
X509v3 Basic Constraints:
CA:TRUE
- Signature Algorithm: sha1WithRSAEncryption
- 2c:02:0c:de:b2:46:a1:d8:59:0f:08:69:ad:d2:52:2e:ee:55:
- 78:bd:bb:71:d2:d7:b7:fe:7b:0f:8a:bc:6a:25:fd:d4:6d:1d:
- ab:00:e2:9d:d6:98:21:11:a4:41:e0:0d:4b:a4:38:7f:2e:0c:
- d6:80:dc:30:d7:cf:19:1b:43:2f:e7:b3:99:74:9c:b4:01:69:
- b1:c3:9b:9f:4a:89:2f:60:38:cb:7c:a1:78:93:38:5c:a8:ca:
- 46:0d:23:2d:99:a3:cf:0a:49:38:eb:07:06:57:cd:4a:55:35:
- 04:08:36:30:ca:75:69:4b:9a:84:08:c9:23:78:a9:f0:80:ce:
- 8a:25:bb:31:07:0e:11:e6:4a:95:8c:53:df:85:d9:48:45:cb:
- 5a:ef:de:92:c2:88:0e:da:ff:31:6b:4e:52:53:5f:f3:a8:3a:
- 42:f8:e1:0d:0a:c0:84:af:ec:21:b3:a7:98:b0:c8:6b:77:04:
- ef:f5:06:a5:51:3b:20:6f:bf:55:80:8c:cf:d4:78:ee:a2:d9:
- e3:52:34:9a:17:3d:87:10:4d:23:21:38:9b:35:f7:18:ac:34:
- bd:18:ae:a4:e2:32:2f:5d:a4:41:4c:bc:aa:88:b7:9e:45:14:
- 92:e9:e8:ee:fc:1d:28:f5:59:fd:de:bd:3d:73:dd:b4:9f:2e:
- 77:c0:75:41
+ Signature Algorithm: sha256WithRSAEncryption
+ 7a:af:44:3b:aa:6f:53:42:b2:33:aa:43:5f:56:30:d3:b9:96:
+ 0b:9a:55:5a:39:2a:0b:4e:e4:2e:f1:95:66:c9:86:36:82:8d:
+ 63:7c:4d:a2:ee:48:ba:03:c7:90:d7:a7:c6:74:60:48:5f:31:
+ a2:f9:5e:3e:c3:82:e1:e5:2f:41:81:83:29:25:79:d1:53:00:
+ 69:3c:ed:0a:30:3b:41:1d:92:a1:2c:a8:9d:2c:e3:23:87:79:
+ e0:55:6e:91:a8:50:da:46:2f:c2:20:50:3e:2b:47:97:14:b0:
+ 7d:04:ba:45:51:d0:6e:e1:5a:a2:4b:84:9c:4d:cd:85:04:f9:
+ 28:31:82:93:bc:c7:59:49:91:03:e8:df:6a:e4:56:ad:6a:cb:
+ 1f:0d:37:e4:5e:bd:e7:9f:d5:ec:9d:3c:18:25:9b:f1:2f:50:
+ 7d:eb:31:cb:f1:63:22:9d:57:fc:f3:84:20:1a:c6:07:87:92:
+ 26:9e:15:18:59:33:06:dc:fb:b0:b6:76:5d:f1:c1:2f:c8:2f:
+ 62:9c:c0:d6:de:eb:65:77:f3:5c:a6:c3:88:27:96:75:b4:f4:
+ 54:cd:ff:2d:21:2e:96:f0:07:73:4b:e9:93:92:90:de:62:d9:
+ a3:3b:ac:6e:24:5f:27:4a:b3:94:70:ff:30:17:e7:7e:32:8f:
+ 65:b7:75:58
-----BEGIN CERTIFICATE-----
-MIIEqjCCA5KgAwIBAgIJAPp9OJpz+xIZMA0GCSqGSIb3DQEBBQUAMIGUMQswCQYD
+MIIEqjCCA5KgAwIBAgIJANmAOsPS9No3MA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD
VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G
A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3
dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAe
-Fw0xNTAyMDUwNjMzMzBaFw0xNzExMDEwNjMzMzBaMIGUMQswCQYDVQQGEwJVUzEQ
+Fw0xNTA1MDcxODIxMDFaFw0xODAxMzExODIxMDFaMIGUMQswCQYDVQQGEwJVUzEQ
MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3
dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns
LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZI
@@ -76,11 +76,11 @@ XDjNdyXvvYB1U5Q8PcpjW58VtdMdEy8Z0TzbdjrMuH3J5cLX2kBv2CHccxtCLVOc
J45nEXTDJh0/7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYD
VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290
aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t
-MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkA+n04mnP7EhkwDAYD
-VR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEALAIM3rJGodhZDwhprdJSLu5V
-eL27cdLXt/57D4q8aiX91G0dqwDindaYIRGkQeANS6Q4fy4M1oDcMNfPGRtDL+ez
-mXSctAFpscObn0qJL2A4y3yheJM4XKjKRg0jLZmjzwpJOOsHBlfNSlU1BAg2MMp1
-aUuahAjJI3ip8IDOiiW7MQcOEeZKlYxT34XZSEXLWu/eksKIDtr/MWtOUlNf86g6
-QvjhDQrAhK/sIbOnmLDIa3cE7/UGpVE7IG+/VYCMz9R47qLZ41I0mhc9hxBNIyE4
-mzX3GKw0vRiupOIyL12kQUy8qoi3nkUUkuno7vwdKPVZ/d69PXPdtJ8ud8B1QQ==
+MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkA2YA6w9L02jcwDAYD
+VR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAeq9EO6pvU0KyM6pDX1Yw07mW
+C5pVWjkqC07kLvGVZsmGNoKNY3xNou5IugPHkNenxnRgSF8xovlePsOC4eUvQYGD
+KSV50VMAaTztCjA7QR2SoSyonSzjI4d54FVukahQ2kYvwiBQPitHlxSwfQS6RVHQ
+buFaokuEnE3NhQT5KDGCk7zHWUmRA+jfauRWrWrLHw035F6955/V7J08GCWb8S9Q
+fesxy/FjIp1X/POEIBrGB4eSJp4VGFkzBtz7sLZ2XfHBL8gvYpzA1t7rZXfzXKbD
+iCeWdbT0VM3/LSEulvAHc0vpk5KQ3mLZozusbiRfJ0qzlHD/MBfnfjKPZbd1WA==
-----END CERTIFICATE-----
diff --git a/certs/client-cert.der b/certs/client-cert.der
index ea1f65e40..9a7e0bf9b 100644
Binary files a/certs/client-cert.der and b/certs/client-cert.der differ
diff --git a/certs/client-cert.pem b/certs/client-cert.pem
index 37bc42fcb..569cdddac 100644
--- a/certs/client-cert.pem
+++ b/certs/client-cert.pem
@@ -1,13 +1,13 @@
Certificate:
Data:
Version: 3 (0x2)
- Serial Number: 14802441915251815387 (0xcd6cd67ec6eff3db)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=US, ST=Montana, L=Bozeman, O=wolfSSL, OU=Programming, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+ Serial Number: 12260966172072242701 (0xaa27b3c5a9726e0d)
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C=US, ST=Montana, L=Bozeman, O=wolfSSL_2048, OU=Programming-2048, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Validity
- Not Before: Feb 5 06:33:30 2015 GMT
- Not After : Nov 1 06:33:30 2017 GMT
- Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL, OU=Programming, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+ Not Before: May 7 18:21:01 2015 GMT
+ Not After : Jan 31 18:21:01 2018 GMT
+ Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL_2048, OU=Programming-2048, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
@@ -36,51 +36,52 @@ Certificate:
33:D8:45:66:D7:68:87:18:7E:54:0D:70:27:91:C7:26:D7:85:65:C0
X509v3 Authority Key Identifier:
keyid:33:D8:45:66:D7:68:87:18:7E:54:0D:70:27:91:C7:26:D7:85:65:C0
- DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL/OU=Programming/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
- serial:CD:6C:D6:7E:C6:EF:F3:DB
+ DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL_2048/OU=Programming-2048/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+ serial:AA:27:B3:C5:A9:72:6E:0D
X509v3 Basic Constraints:
CA:TRUE
- Signature Algorithm: sha1WithRSAEncryption
- 7e:41:65:73:cd:18:5a:2f:4d:ab:fe:5a:3c:37:63:82:3d:2e:
- 8a:a2:02:c9:bd:ee:cd:a7:f7:c4:3b:47:33:1b:10:41:7f:27:
- 75:ff:76:79:a6:08:15:00:f9:86:df:91:b2:cc:99:fa:fe:b9:
- eb:93:55:e9:01:d0:77:e0:d8:6e:b3:d9:a3:26:06:25:e1:e9:
- 8b:7c:fe:5d:d7:39:5a:c2:f7:e2:f6:de:6a:76:02:18:7e:16:
- d0:d0:d3:09:8c:92:38:a2:ca:7e:a8:b9:cc:08:4c:f0:59:aa:
- 25:35:b9:d3:aa:1c:10:1c:dc:0b:d5:61:fc:9c:f1:95:f1:ce:
- 47:fd:56:a0:3c:c1:4d:ca:54:cc:00:2f:3e:75:8e:17:40:14:
- 49:01:bb:a5:fb:52:0a:bf:bb:09:21:d4:a6:33:58:28:ee:33:
- dc:fe:f8:76:c4:f4:8e:bb:67:68:97:5b:c6:7a:23:85:dd:6a:
- 8e:8c:02:05:1d:ee:e2:3d:b4:9c:bb:63:6e:31:5d:5b:8d:bd:
- 3c:17:da:c9:3a:a0:39:1f:de:8a:cc:1e:7d:72:25:3b:56:ff:
- 8b:bb:af:5a:a7:64:2c:f8:a0:c4:f2:70:57:f0:cf:38:48:7c:
- 6c:a2:6a:e2:55:f4:cf:a9:21:b7:3e:42:e1:d8:11:57:e5:40:
- f1:66:95:df
+ Signature Algorithm: sha256WithRSAEncryption
+ 51:96:a7:1c:26:5d:1c:90:c6:32:9f:96:15:f2:1d:e7:93:9c:
+ ac:75:56:95:fd:20:70:ab:45:6a:09:b0:f3:f2:03:a8:db:dc:
+ 2f:bc:1f:87:7a:a3:d4:8f:d5:49:97:7e:3c:54:ac:b1:e3:f0:
+ 39:0d:fe:09:9a:23:f6:32:a6:41:59:bd:60:e8:bd:de:00:36:
+ 6f:3e:e9:41:6f:a9:63:c7:aa:d5:7b:f3:e4:39:48:9e:f6:60:
+ c6:c6:86:d5:72:86:23:cd:f5:6a:63:53:a4:f8:fc:51:6a:cd:
+ 60:74:8e:a3:86:61:01:34:78:f7:29:97:b3:a7:34:b6:0a:de:
+ b5:71:7a:09:a6:3e:d6:82:58:89:67:9c:c5:68:62:ba:06:d6:
+ 39:bb:cb:3a:c0:e0:63:1f:c7:0c:9c:12:86:ec:f7:39:6a:61:
+ 93:d0:33:14:c6:55:3b:b6:cf:80:5b:8c:43:ef:43:44:0b:3c:
+ 93:39:a3:4e:15:d1:0b:5f:84:98:1d:cd:9f:a9:47:eb:3b:56:
+ 30:b6:76:92:c1:48:5f:bc:95:b0:50:1a:55:c8:4e:62:47:87:
+ 54:64:0c:9b:91:fa:43:b3:29:48:be:e6:12:eb:e3:44:c6:52:
+ e4:40:c6:83:95:1b:a7:65:27:69:73:2f:c8:a0:4d:7f:be:ea:
+ 9b:67:b2:7b
-----BEGIN CERTIFICATE-----
-MIIEqjCCA5KgAwIBAgIJAM1s1n7G7/PbMA0GCSqGSIb3DQEBBQUAMIGUMQswCQYD
-VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEQMA4G
-A1UECgwHd29sZlNTTDEUMBIGA1UECwwLUHJvZ3JhbW1pbmcxGDAWBgNVBAMMD3d3
-dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAe
-Fw0xNTAyMDUwNjMzMzBaFw0xNzExMDEwNjMzMzBaMIGUMQswCQYDVQQGEwJVUzEQ
-MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEQMA4GA1UECgwHd29s
-ZlNTTDEUMBIGA1UECwwLUHJvZ3JhbW1pbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns
-LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZI
-hvcNAQEBBQADggEPADCCAQoCggEBAMMD0Sv+OaQyRTtTyIQrKnx0mr2qKlIHR9am
-NrIHMo7Quml7xsNEntSBSP0taKKLZ7uhdcg2LErSG/eLus8N+e/s8YEee5sDR5q/
-Zcx/ZSRppugUiVvkNPfFsBST9Wd7Onp44QFWVpGmE0KN0jxAnEzv0YbfN1EbDKE7
-9fGjSjXk4c6W3xt+v06X0BDoqAgwga8gC0MUxXRntDKCb42GwohAmTaDuh5AciIX
-11JlJHOwzu8Zza7/eGx7wBID1E5yDVBtO6M7o5lencjZDIWz2YrZVCbbbfqsu/8l
-TMTRefRx04ZAGBOwY7VyTjDEl4SGLVYv1xX3f8Cu9fxb5fuhutMCAwEAAaOB/DCB
-+TAdBgNVHQ4EFgQUM9hFZtdohxh+VA1wJ5HHJteFZcAwgckGA1UdIwSBwTCBvoAU
-M9hFZtdohxh+VA1wJ5HHJteFZcChgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYD
-VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRAwDgYDVQQKDAd3b2xmU1NM
-MRQwEgYDVQQLDAtQcm9ncmFtbWluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t
-MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkAzWzWfsbv89swDAYD
-VR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAfkFlc80YWi9Nq/5aPDdjgj0u
-iqICyb3uzaf3xDtHMxsQQX8ndf92eaYIFQD5ht+RssyZ+v6565NV6QHQd+DYbrPZ
-oyYGJeHpi3z+Xdc5WsL34vbeanYCGH4W0NDTCYySOKLKfqi5zAhM8FmqJTW506oc
-EBzcC9Vh/JzxlfHOR/1WoDzBTcpUzAAvPnWOF0AUSQG7pftSCr+7CSHUpjNYKO4z
-3P74dsT0jrtnaJdbxnojhd1qjowCBR3u4j20nLtjbjFdW429PBfayTqgOR/eiswe
-fXIlO1b/i7uvWqdkLPigxPJwV/DPOEh8bKJq4lX0z6khtz5C4dgRV+VA8WaV3w==
+MIIEyjCCA7KgAwIBAgIJAKons8Wpcm4NMA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD
+VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEVMBMG
+A1UECgwMd29sZlNTTF8yMDQ4MRkwFwYDVQQLDBBQcm9ncmFtbWluZy0yMDQ4MRgw
+FgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29s
+ZnNzbC5jb20wHhcNMTUwNTA3MTgyMTAxWhcNMTgwMTMxMTgyMTAxWjCBnjELMAkG
+A1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFTAT
+BgNVBAoMDHdvbGZTU0xfMjA0ODEZMBcGA1UECwwQUHJvZ3JhbW1pbmctMjA0ODEY
+MBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv
+bGZzc2wuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwwPRK/45
+pDJFO1PIhCsqfHSavaoqUgdH1qY2sgcyjtC6aXvGw0Se1IFI/S1oootnu6F1yDYs
+StIb94u6zw357+zxgR57mwNHmr9lzH9lJGmm6BSJW+Q098WwFJP1Z3s6enjhAVZW
+kaYTQo3SPECcTO/Rht83URsMoTv18aNKNeThzpbfG36/TpfQEOioCDCBryALQxTF
+dGe0MoJvjYbCiECZNoO6HkByIhfXUmUkc7DO7xnNrv94bHvAEgPUTnINUG07ozuj
+mV6dyNkMhbPZitlUJttt+qy7/yVMxNF59HHThkAYE7BjtXJOMMSXhIYtVi/XFfd/
+wK71/Fvl+6G60wIDAQABo4IBBzCCAQMwHQYDVR0OBBYEFDPYRWbXaIcYflQNcCeR
+xybXhWXAMIHTBgNVHSMEgcswgciAFDPYRWbXaIcYflQNcCeRxybXhWXAoYGkpIGh
+MIGeMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96
+ZW1hbjEVMBMGA1UECgwMd29sZlNTTF8yMDQ4MRkwFwYDVQQLDBBQcm9ncmFtbWlu
+Zy0yMDQ4MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEW
+EGluZm9Ad29sZnNzbC5jb22CCQCqJ7PFqXJuDTAMBgNVHRMEBTADAQH/MA0GCSqG
+SIb3DQEBCwUAA4IBAQBRlqccJl0ckMYyn5YV8h3nk5ysdVaV/SBwq0VqCbDz8gOo
+29wvvB+HeqPUj9VJl348VKyx4/A5Df4JmiP2MqZBWb1g6L3eADZvPulBb6ljx6rV
+e/PkOUie9mDGxobVcoYjzfVqY1Ok+PxRas1gdI6jhmEBNHj3KZezpzS2Ct61cXoJ
+pj7WgliJZ5zFaGK6BtY5u8s6wOBjH8cMnBKG7Pc5amGT0DMUxlU7ts+AW4xD70NE
+CzyTOaNOFdELX4SYHc2fqUfrO1YwtnaSwUhfvJWwUBpVyE5iR4dUZAybkfpDsylI
+vuYS6+NExlLkQMaDlRunZSdpcy/IoE1/vuqbZ7J7
-----END CERTIFICATE-----
diff --git a/certs/client-ecc-cert.der b/certs/client-ecc-cert.der
index d5231ba29..fa9a24839 100644
Binary files a/certs/client-ecc-cert.der and b/certs/client-ecc-cert.der differ
diff --git a/certs/client-ecc-cert.pem b/certs/client-ecc-cert.pem
index cca49cfd7..20905154c 100644
--- a/certs/client-ecc-cert.pem
+++ b/certs/client-ecc-cert.pem
@@ -1,13 +1,13 @@
Certificate:
Data:
Version: 3 (0x2)
- Serial Number: 16416369391847057450 (0xe3d2a8fbf6a3a82a)
- Signature Algorithm: ecdsa-with-SHA1
- Issuer: C=US, ST=Montana, L=Bozeman, O=wolfSSL, OU=Programming, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+ Serial Number: 16108595702940209934 (0xdf8d3a71e022930e)
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: C=US, ST=Oregon, L=Salem, O=Client ECC, OU=Fast, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Validity
- Not Before: Feb 5 06:33:30 2015 GMT
- Not After : Nov 1 06:33:30 2017 GMT
- Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL, OU=Programming, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+ Not Before: May 7 18:21:01 2015 GMT
+ Not After : Jan 31 18:21:01 2018 GMT
+ Subject: C=US, ST=Oregon, L=Salem, O=Client ECC, OU=Fast, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
@@ -23,32 +23,32 @@ Certificate:
EB:D4:4B:59:6B:95:61:3F:51:57:B6:04:4D:89:41:88:44:5C:AB:F2
X509v3 Authority Key Identifier:
keyid:EB:D4:4B:59:6B:95:61:3F:51:57:B6:04:4D:89:41:88:44:5C:AB:F2
- DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL/OU=Programming/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
- serial:E3:D2:A8:FB:F6:A3:A8:2A
+ DirName:/C=US/ST=Oregon/L=Salem/O=Client ECC/OU=Fast/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+ serial:DF:8D:3A:71:E0:22:93:0E
X509v3 Basic Constraints:
CA:TRUE
- Signature Algorithm: ecdsa-with-SHA1
- 30:45:02:20:53:ef:f2:14:43:34:cd:80:bd:e8:ca:7b:2d:da:
- f6:8c:88:23:4d:4c:d9:c7:16:3d:1f:42:75:ca:b6:eb:f5:88:
- 02:21:00:d7:73:f2:14:8e:09:1e:80:bd:c1:43:11:dd:a7:5d:
- 51:a7:4b:e1:0d:28:2f:38:41:5b:3a:e1:de:44:3a:84:2f
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:44:02:20:74:7b:ae:7e:9c:c8:69:95:8a:0b:ad:7f:c9:37:
+ 3d:3c:7f:b7:ef:f3:da:9b:ea:d0:a7:76:0a:a4:77:12:f7:a8:
+ 02:20:71:95:87:89:b7:a8:8b:bb:fa:9f:84:dc:2b:71:dc:4a:
+ c5:5a:65:b2:fc:33:c4:ce:36:4f:ab:c6:38:36:6c:88
-----BEGIN CERTIFICATE-----
-MIIDHDCCAsOgAwIBAgIJAOPSqPv2o6gqMAkGByqGSM49BAEwgZQxCzAJBgNVBAYT
-AlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRAwDgYDVQQK
-DAd3b2xmU1NMMRQwEgYDVQQLDAtQcm9ncmFtbWluZzEYMBYGA1UEAwwPd3d3Lndv
-bGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE1
-MDIwNTA2MzMzMFoXDTE3MTEwMTA2MzMzMFowgZQxCzAJBgNVBAYTAlVTMRAwDgYD
-VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRAwDgYDVQQKDAd3b2xmU1NM
-MRQwEgYDVQQLDAtQcm9ncmFtbWluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t
-MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMFkwEwYHKoZIzj0CAQYI
-KoZIzj0DAQcDQgAEVb/0D0RQmj3Om7fwxU31cHvU7CSOGYDsWkyiJANiLJva76I1
-EkOEdhbGVpUGzAGpvfZ1GkL3vamyNiJfx11/tKOB/DCB+TAdBgNVHQ4EFgQU69RL
-WWuVYT9RV7YETYlBiERcq/IwgckGA1UdIwSBwTCBvoAU69RLWWuVYT9RV7YETYlB
-iERcq/KhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAw
-DgYDVQQHDAdCb3plbWFuMRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtQcm9n
-cmFtbWluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkB
-FhBpbmZvQHdvbGZzc2wuY29tggkA49Ko+/ajqCowDAYDVR0TBAUwAwEB/zAJBgcq
-hkjOPQQBA0gAMEUCIFPv8hRDNM2AvejKey3a9oyII01M2ccWPR9Cdcq26/WIAiEA
-13PyFI4JHoC9wUMR3addUadL4Q0oLzhBWzrh3kQ6hC8=
+MIIDCDCCAq+gAwIBAgIJAN+NOnHgIpMOMAoGCCqGSM49BAMCMIGNMQswCQYDVQQG
+EwJVUzEPMA0GA1UECAwGT3JlZ29uMQ4wDAYDVQQHDAVTYWxlbTETMBEGA1UECgwK
+Q2xpZW50IEVDQzENMAsGA1UECwwERmFzdDEYMBYGA1UEAwwPd3d3LndvbGZzc2wu
+Y29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE1MDUwNzE4
+MjEwMVoXDTE4MDEzMTE4MjEwMVowgY0xCzAJBgNVBAYTAlVTMQ8wDQYDVQQIDAZP
+cmVnb24xDjAMBgNVBAcMBVNhbGVtMRMwEQYDVQQKDApDbGllbnQgRUNDMQ0wCwYD
+VQQLDARGYXN0MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0B
+CQEWEGluZm9Ad29sZnNzbC5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARV
+v/QPRFCaPc6bt/DFTfVwe9TsJI4ZgOxaTKIkA2Ism9rvojUSQ4R2FsZWlQbMAam9
+9nUaQve9qbI2Il/HXX+0o4H1MIHyMB0GA1UdDgQWBBTr1EtZa5VhP1FXtgRNiUGI
+RFyr8jCBwgYDVR0jBIG6MIG3gBTr1EtZa5VhP1FXtgRNiUGIRFyr8qGBk6SBkDCB
+jTELMAkGA1UEBhMCVVMxDzANBgNVBAgMBk9yZWdvbjEOMAwGA1UEBwwFU2FsZW0x
+EzARBgNVBAoMCkNsaWVudCBFQ0MxDTALBgNVBAsMBEZhc3QxGDAWBgNVBAMMD3d3
+dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIJ
+AN+NOnHgIpMOMAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgdHuufpzI
+aZWKC61/yTc9PH+37/Pam+rQp3YKpHcS96gCIHGVh4m3qIu7+p+E3Ctx3ErFWmWy
+/DPEzjZPq8Y4NmyI
-----END CERTIFICATE-----
diff --git a/certs/crl/cliCrl.pem b/certs/crl/cliCrl.pem
index 91d67ca73..da4e61795 100644
--- a/certs/crl/cliCrl.pem
+++ b/certs/crl/cliCrl.pem
@@ -1,39 +1,39 @@
Certificate Revocation List (CRL):
Version 2 (0x1)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: /C=US/ST=Montana/L=Bozeman/O=wolfSSL/OU=Programming/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
- Last Update: Feb 5 06:33:30 2015 GMT
- Next Update: Nov 1 06:33:30 2017 GMT
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: /C=US/ST=Montana/L=Bozeman/O=wolfSSL_2048/OU=Programming-2048/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+ Last Update: May 7 18:21:01 2015 GMT
+ Next Update: Jan 31 18:21:01 2018 GMT
CRL extensions:
X509v3 CRL Number:
3
No Revoked Certificates.
- Signature Algorithm: sha1WithRSAEncryption
- 26:e3:36:93:9d:42:98:41:89:d5:9d:d7:e9:9f:e9:36:f7:93:
- f9:c8:52:ab:d7:9d:a7:61:e6:81:63:d3:6f:d1:40:de:aa:ee:
- 71:13:da:32:a8:2f:a2:f4:54:7e:27:1e:19:11:03:82:91:f6:
- 73:e8:82:6c:89:b3:d4:41:39:84:dd:71:2d:45:a5:b9:1f:7e:
- 3d:82:1f:f6:a9:1a:7f:98:2d:1b:86:62:1c:46:20:9c:4b:e3:
- 79:ef:d9:65:50:47:51:ad:40:89:1c:2b:a9:1e:5d:57:04:ec:
- 4d:82:2a:bd:e1:10:fd:26:f2:48:5d:b5:95:ab:d1:65:a2:3a:
- 12:60:2c:d0:4e:2f:08:83:1d:8e:c2:c1:05:5e:6c:fb:b5:7b:
- 5b:6c:f2:14:4d:2e:fd:a4:e8:3d:9f:15:bf:b0:d4:00:31:49:
- 3e:ce:1d:1f:f7:7e:66:09:c5:a5:d4:13:a1:a1:2b:2d:b2:fa:
- 62:16:11:8f:5c:eb:ec:6f:5a:ad:55:bb:bd:65:75:0c:ea:5c:
- a5:3c:8c:8a:61:ae:94:68:11:53:d8:36:f1:96:aa:7e:b9:b3:
- 90:b2:5b:50:d1:18:55:59:5a:89:7e:2e:3d:47:0f:67:08:f3:
- be:14:72:24:6f:a9:ef:4b:a1:0a:bb:89:7b:14:11:8d:1a:f2:
- 91:46:8f:b5
+ Signature Algorithm: sha256WithRSAEncryption
+ a2:15:f0:cf:70:85:49:b9:5b:c1:af:2b:22:14:9d:ee:11:8d:
+ 93:2d:58:17:d8:f6:b6:1a:1a:25:a2:27:c9:6b:4f:b3:31:c7:
+ 2c:52:c4:53:59:19:ef:cf:91:ee:b5:19:28:37:49:9e:b6:e0:
+ 41:62:4c:9f:f1:34:bf:88:aa:ae:24:38:8d:29:0a:64:08:a8:
+ 68:f4:b5:28:73:d6:94:b9:0a:3f:7c:c1:22:72:be:14:ba:c9:
+ 1b:9d:26:af:78:c2:cf:5f:ff:1e:cc:25:c0:63:f1:9b:97:85:
+ 5c:c0:4d:14:ed:f9:ad:cb:02:7d:05:c7:5c:c1:7c:89:72:35:
+ 49:70:a8:b1:ae:91:96:77:9a:c6:cb:38:27:88:3f:f4:c8:ba:
+ c9:08:7f:dd:a6:41:82:62:65:a0:f2:0c:36:5a:d9:15:57:5e:
+ 66:c3:a2:ff:5e:4d:7c:bc:4b:7c:30:84:44:e3:06:34:a8:42:
+ 3b:d9:6a:04:4a:0b:e5:59:66:63:b9:7a:80:48:68:31:1c:aa:
+ 98:bc:09:0e:a7:83:5f:a7:00:f1:fb:78:bc:08:86:73:ef:53:
+ 25:b8:1b:5e:7c:77:a8:12:7b:52:7f:1e:63:bc:db:60:99:46:
+ ab:e1:2e:48:d1:28:40:68:1e:9e:a0:2f:14:04:66:b3:b1:b1:
+ 3b:d0:46:64
-----BEGIN X509 CRL-----
-MIIB7jCB1wIBATANBgkqhkiG9w0BAQUFADCBlDELMAkGA1UEBhMCVVMxEDAOBgNV
-BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xEDAOBgNVBAoMB3dvbGZTU0wx
-FDASBgNVBAsMC1Byb2dyYW1taW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20x
-HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTE1MDIwNTA2MzMzMFoX
-DTE3MTEwMTA2MzMzMFqgDjAMMAoGA1UdFAQDAgEDMA0GCSqGSIb3DQEBBQUAA4IB
-AQAm4zaTnUKYQYnVndfpn+k295P5yFKr152nYeaBY9Nv0UDequ5xE9oyqC+i9FR+
-Jx4ZEQOCkfZz6IJsibPUQTmE3XEtRaW5H349gh/2qRp/mC0bhmIcRiCcS+N579ll
-UEdRrUCJHCupHl1XBOxNgiq94RD9JvJIXbWVq9FlojoSYCzQTi8Igx2OwsEFXmz7
-tXtbbPIUTS79pOg9nxW/sNQAMUk+zh0f935mCcWl1BOhoSstsvpiFhGPXOvsb1qt
-Vbu9ZXUM6lylPIyKYa6UaBFT2Dbxlqp+ubOQsltQ0RhVWVqJfi49Rw9nCPO+FHIk
-b6nvS6EKu4l7FBGNGvKRRo+1
+MIIB+DCB4QIBATANBgkqhkiG9w0BAQsFADCBnjELMAkGA1UEBhMCVVMxEDAOBgNV
+BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFTATBgNVBAoMDHdvbGZTU0xf
+MjA0ODEZMBcGA1UECwwQUHJvZ3JhbW1pbmctMjA0ODEYMBYGA1UEAwwPd3d3Lndv
+bGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0xNTA1
+MDcxODIxMDFaFw0xODAxMzExODIxMDFaoA4wDDAKBgNVHRQEAwIBAzANBgkqhkiG
+9w0BAQsFAAOCAQEAohXwz3CFSblbwa8rIhSd7hGNky1YF9j2thoaJaInyWtPszHH
+LFLEU1kZ78+R7rUZKDdJnrbgQWJMn/E0v4iqriQ4jSkKZAioaPS1KHPWlLkKP3zB
+InK+FLrJG50mr3jCz1//HswlwGPxm5eFXMBNFO35rcsCfQXHXMF8iXI1SXCosa6R
+lneaxss4J4g/9Mi6yQh/3aZBgmJloPIMNlrZFVdeZsOi/15NfLxLfDCEROMGNKhC
+O9lqBEoL5VlmY7l6gEhoMRyqmLwJDqeDX6cA8ft4vAiGc+9TJbgbXnx3qBJ7Un8e
+Y7zbYJlGq+EuSNEoQGgenqAvFARms7GxO9BGZA==
-----END X509 CRL-----
diff --git a/certs/crl/crl.pem b/certs/crl/crl.pem
index 9924f6609..20610ef60 100644
--- a/certs/crl/crl.pem
+++ b/certs/crl/crl.pem
@@ -1,39 +1,41 @@
Certificate Revocation List (CRL):
Version 2 (0x1)
- Signature Algorithm: sha1WithRSAEncryption
+ Signature Algorithm: sha256WithRSAEncryption
Issuer: /C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
- Last Update: Feb 5 06:33:30 2015 GMT
- Next Update: Nov 1 06:33:30 2017 GMT
+ Last Update: Jul 23 22:05:10 2015 GMT
+ Next Update: Apr 18 22:05:10 2018 GMT
CRL extensions:
X509v3 CRL Number:
1
-No Revoked Certificates.
- Signature Algorithm: sha1WithRSAEncryption
- 1e:a6:74:ca:6e:14:eb:4f:e7:94:fb:0f:36:4c:55:39:e1:29:
- af:33:f1:83:fa:8c:64:ef:4d:8a:f4:90:a1:dd:8d:c4:c7:13:
- 35:7e:a9:1c:ea:29:ef:5e:89:4a:38:b1:22:b4:c3:13:8a:41:
- ed:a1:16:08:2f:17:69:b2:88:ca:21:c6:20:a3:d2:e1:33:b9:
- 68:4a:11:7f:50:58:53:18:7b:90:86:dc:2d:9a:36:5b:d2:0d:
- 28:dc:8e:8f:82:a1:6d:c9:e2:e4:a3:bb:f4:8d:12:c3:15:72:
- d9:bd:74:98:4b:82:00:ed:96:9c:85:b1:36:45:28:48:e7:c2:
- d0:9e:31:27:51:8b:ae:96:f3:bf:3f:4d:6c:31:6c:4b:7d:a2:
- 63:47:d7:29:80:c0:17:1d:3e:48:3e:62:ad:a0:dc:50:e7:07:
- f1:85:b4:b4:f9:85:77:d4:60:50:9a:7c:89:8b:c2:02:1f:ec:
- 6a:ea:83:46:7d:66:c1:6d:aa:bc:a2:f9:6b:8e:74:2a:9d:96:
- 16:3a:a3:66:d6:11:7e:83:2a:99:90:9c:54:a7:d6:b4:79:57:
- 87:60:bc:6c:12:09:58:4e:89:1f:0a:82:52:67:aa:5e:f8:10:
- 0f:37:d0:75:19:10:b5:5a:36:9d:89:ce:8d:ba:c2:b7:13:b0:
- df:43:32:97
+Revoked Certificates:
+ Serial Number: 02
+ Revocation Date: Jul 23 22:05:10 2015 GMT
+ Signature Algorithm: sha256WithRSAEncryption
+ 68:55:84:c7:53:54:06:ea:3e:f2:d0:3d:e6:30:84:d5:12:82:
+ 55:5b:4c:74:60:49:5d:4f:73:cd:cc:5f:42:bf:0d:93:93:a6:
+ 81:60:9d:0c:7f:c6:75:f0:77:77:1f:81:cf:02:4a:7f:2e:e3:
+ 1b:c4:b0:eb:0f:25:53:3d:78:7b:3e:8f:16:5e:37:c6:fd:f5:
+ 93:bb:9a:d7:f1:78:eb:78:9f:5d:44:85:e0:5e:14:8b:b5:2b:
+ c5:af:23:43:82:27:0b:db:de:12:4a:1a:23:a7:f3:d9:3a:3f:
+ 6f:23:e2:53:a0:ef:1e:b5:f2:da:c8:00:d2:f0:57:78:af:5d:
+ e3:8e:c4:06:27:7d:3d:ee:04:06:96:7a:9b:34:d9:e9:bc:a3:
+ 2d:6c:01:36:c4:5d:bf:c5:7f:74:f3:bb:55:75:ff:a1:a9:66:
+ cc:b2:e0:a0:f6:0b:05:e1:ac:69:42:3f:df:b4:dd:8f:37:5c:
+ f5:09:4f:a7:c3:d6:ae:a2:c6:63:f3:ed:03:df:3c:ee:58:c1:
+ 45:e8:85:7b:99:aa:fc:7d:ae:69:94:b9:50:0a:76:7d:b9:fd:
+ 74:55:b8:b1:37:75:7d:f7:e6:1a:91:cd:68:b6:49:37:cb:c8:
+ e1:69:57:1b:c6:ef:ec:0a:fa:d3:72:92:95:ec:f1:c1:c3:53:
+ 7d:fb:d0:66
-----BEGIN X509 CRL-----
-MIIB7jCB1wIBATANBgkqhkiG9w0BAQUFADCBlDELMAkGA1UEBhMCVVMxEDAOBgNV
+MIICBDCB7QIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMxEDAOBgNV
BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3Ro
MRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20x
-HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTE1MDIwNTA2MzMzMFoX
-DTE3MTEwMTA2MzMzMFqgDjAMMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4IB
-AQAepnTKbhTrT+eU+w82TFU54SmvM/GD+oxk702K9JCh3Y3ExxM1fqkc6invXolK
-OLEitMMTikHtoRYILxdpsojKIcYgo9LhM7loShF/UFhTGHuQhtwtmjZb0g0o3I6P
-gqFtyeLko7v0jRLDFXLZvXSYS4IA7ZachbE2RShI58LQnjEnUYuulvO/P01sMWxL
-faJjR9cpgMAXHT5IPmKtoNxQ5wfxhbS0+YV31GBQmnyJi8ICH+xq6oNGfWbBbaq8
-ovlrjnQqnZYWOqNm1hF+gyqZkJxUp9a0eVeHYLxsEglYTokfCoJSZ6pe+BAPN9B1
-GRC1Wjadic6NusK3E7DfQzKX
+HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTE1MDcyMzIyMDUxMFoX
+DTE4MDQxODIyMDUxMFowFDASAgECFw0xNTA3MjMyMjA1MTBaoA4wDDAKBgNVHRQE
+AwIBATANBgkqhkiG9w0BAQsFAAOCAQEAaFWEx1NUBuo+8tA95jCE1RKCVVtMdGBJ
+XU9zzcxfQr8Nk5OmgWCdDH/GdfB3dx+BzwJKfy7jG8Sw6w8lUz14ez6PFl43xv31
+k7ua1/F463ifXUSF4F4Ui7Urxa8jQ4InC9veEkoaI6fz2To/byPiU6DvHrXy2sgA
+0vBXeK9d447EBid9Pe4EBpZ6mzTZ6byjLWwBNsRdv8V/dPO7VXX/oalmzLLgoPYL
+BeGsaUI/37Tdjzdc9QlPp8PWrqLGY/PtA9887ljBReiFe5mq/H2uaZS5UAp2fbn9
+dFW4sTd1fffmGpHNaLZJN8vI4WlXG8bv7Ar603KSlezxwcNTffvQZg==
-----END X509 CRL-----
diff --git a/certs/crl/crl.revoked b/certs/crl/crl.revoked
index a6d3dedb8..6bef57e6b 100644
--- a/certs/crl/crl.revoked
+++ b/certs/crl/crl.revoked
@@ -1,41 +1,44 @@
Certificate Revocation List (CRL):
Version 2 (0x1)
- Signature Algorithm: sha1WithRSAEncryption
+ Signature Algorithm: sha256WithRSAEncryption
Issuer: /C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
- Last Update: Feb 5 06:33:30 2015 GMT
- Next Update: Nov 1 06:33:30 2017 GMT
+ Last Update: Jul 22 16:17:45 2015 GMT
+ Next Update: Apr 17 16:17:45 2018 GMT
CRL extensions:
X509v3 CRL Number:
- 2
+ 7
Revoked Certificates:
Serial Number: 01
- Revocation Date: Feb 5 06:33:30 2015 GMT
- Signature Algorithm: sha1WithRSAEncryption
- ae:3b:8e:88:bb:a6:9b:93:1a:41:91:73:b9:97:1c:f8:f4:a0:
- a6:1c:58:24:52:15:d9:b5:14:35:8d:b6:e9:be:1c:01:e0:24:
- ff:ec:2c:71:cc:a4:78:60:a6:eb:e2:5d:41:67:e1:21:d4:e8:
- a8:f5:26:c6:69:25:38:c7:87:3f:6a:78:b5:16:14:d2:3f:17:
- f1:aa:8d:41:5b:ba:8e:f5:49:e9:e9:d8:93:6f:0a:d2:fe:f6:
- 7e:20:f4:76:8c:db:54:ef:42:16:91:75:27:2a:2d:0b:5e:aa:
- f7:97:6c:6a:7d:37:e5:c8:31:aa:6b:bf:77:45:2a:01:67:91:
- 73:e0:7a:d8:b4:a1:e6:08:e0:2c:4a:8d:a6:b3:eb:c6:24:2a:
- 1f:d2:e2:1b:03:d4:0a:19:07:c0:dc:e3:c3:13:a7:48:66:fc:
- da:09:ea:40:29:11:9e:e1:48:46:46:2f:05:87:d2:cb:ac:8d:
- a5:43:1a:ef:2d:56:de:da:1e:34:9a:09:13:79:f7:95:ec:5b:
- aa:28:ad:1e:b1:0e:e7:71:d9:12:45:a3:2c:df:17:52:37:34:
- 5d:0b:c0:d5:df:2c:40:d6:e4:4f:a7:07:bd:a4:9c:f9:a7:f8:
- bb:1e:bb:93:57:fc:20:57:0c:cc:99:5a:75:8c:83:3f:ba:97:
- 96:1c:0e:67
+ Revocation Date: Jul 22 16:17:45 2015 GMT
+ Serial Number: 02
+ Revocation Date: Jul 22 16:17:45 2015 GMT
+ Signature Algorithm: sha256WithRSAEncryption
+ 7f:61:91:8a:8c:c1:23:f1:d4:98:d9:67:67:1e:d2:54:2a:ce:
+ b8:41:d1:f7:c4:88:84:01:a5:52:d6:42:d1:af:e6:c8:fb:13:
+ 51:9e:2e:18:c1:e7:9d:83:81:79:d3:34:a3:14:a8:1c:7b:9e:
+ 07:2b:fb:73:31:ce:17:52:69:80:cc:f7:fd:42:e3:1c:e0:63:
+ 66:70:52:81:09:cc:be:51:02:2c:33:9a:ec:21:15:81:9f:7a:
+ 10:d0:9c:23:f4:e6:b3:2b:e2:36:0e:fb:79:da:52:2c:bc:fa:
+ dd:9c:53:6b:48:b0:6a:56:5c:7b:87:53:18:94:c4:37:03:bf:
+ 13:18:e3:a4:26:e0:66:0c:dc:e5:99:84:5d:36:69:01:f4:69:
+ d4:06:eb:43:ff:4f:f5:17:46:9d:b7:cb:45:ec:0d:9e:9c:4a:
+ 96:3c:0b:92:c5:fb:de:d4:3f:af:a9:5e:b1:6f:9d:d7:8b:b5:
+ ab:86:b6:eb:00:da:b1:f4:6d:72:2d:9b:ec:f3:1b:2f:24:99:
+ d5:04:7b:4f:f8:7a:2e:4e:b6:ee:be:f8:50:d2:96:96:6f:f6:
+ 3a:c2:7f:35:48:82:1a:84:64:03:e8:58:8e:0c:dc:62:97:cd:
+ 82:ff:16:93:ac:44:14:e1:ae:fc:fb:52:25:b6:0d:70:ec:c4:
+ 93:42:37:af
-----BEGIN X509 CRL-----
-MIICBDCB7QIBATANBgkqhkiG9w0BAQUFADCBlDELMAkGA1UEBhMCVVMxEDAOBgNV
-BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3Ro
-MRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20x
-HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTE1MDIwNTA2MzMzMFoX
-DTE3MTEwMTA2MzMzMFowFDASAgEBFw0xNTAyMDUwNjMzMzBaoA4wDDAKBgNVHRQE
-AwIBAjANBgkqhkiG9w0BAQUFAAOCAQEArjuOiLumm5MaQZFzuZcc+PSgphxYJFIV
-2bUUNY226b4cAeAk/+wsccykeGCm6+JdQWfhIdToqPUmxmklOMeHP2p4tRYU0j8X
-8aqNQVu6jvVJ6enYk28K0v72fiD0dozbVO9CFpF1JyotC16q95dsan035cgxqmu/
-d0UqAWeRc+B62LSh5gjgLEqNprPrxiQqH9LiGwPUChkHwNzjwxOnSGb82gnqQCkR
-nuFIRkYvBYfSy6yNpUMa7y1W3toeNJoJE3n3lexbqiitHrEO53HZEkWjLN8XUjc0
-XQvA1d8sQNbkT6cHvaSc+af4ux67k1f8IFcMzJladYyDP7qXlhwOZw==
+MIICGTCCAQECAQEwDQYJKoZIhvcNAQELBQAwgZQxCzAJBgNVBAYTAlVTMRAwDgYD
+VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290
+aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t
+MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0xNTA3MjIxNjE3NDVa
+Fw0xODA0MTcxNjE3NDVaMCgwEgIBARcNMTUwNzIyMTYxNzQ1WjASAgECFw0xNTA3
+MjIxNjE3NDVaoA4wDDAKBgNVHRQEAwIBBzANBgkqhkiG9w0BAQsFAAOCAQEAf2GR
+iozBI/HUmNlnZx7SVCrOuEHR98SIhAGlUtZC0a/myPsTUZ4uGMHnnYOBedM0oxSo
+HHueByv7czHOF1JpgMz3/ULjHOBjZnBSgQnMvlECLDOa7CEVgZ96ENCcI/Tmsyvi
+Ng77edpSLLz63ZxTa0iwalZce4dTGJTENwO/ExjjpCbgZgzc5ZmEXTZpAfRp1Abr
+Q/9P9RdGnbfLRewNnpxKljwLksX73tQ/r6lesW+d14u1q4a26wDasfRtci2b7PMb
+LySZ1QR7T/h6Lk627r74UNKWlm/2OsJ/NUiCGoRkA+hYjgzcYpfNgv8Wk6xEFOGu
+/PtSJbYNcOzEk0I3rw==
-----END X509 CRL-----
diff --git a/certs/crl/eccCliCRL.pem b/certs/crl/eccCliCRL.pem
index 5f8c3ef08..2e00a3729 100644
--- a/certs/crl/eccCliCRL.pem
+++ b/certs/crl/eccCliCRL.pem
@@ -1,24 +1,24 @@
Certificate Revocation List (CRL):
Version 2 (0x1)
- Signature Algorithm: ecdsa-with-SHA1
- Issuer: /C=US/ST=Montana/L=Bozeman/O=wolfSSL/OU=Programming/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
- Last Update: Feb 5 06:33:30 2015 GMT
- Next Update: Nov 1 06:33:30 2017 GMT
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: /C=US/ST=Oregon/L=Salem/O=Client ECC/OU=Fast/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+ Last Update: May 7 18:21:01 2015 GMT
+ Next Update: Jan 31 18:21:01 2018 GMT
CRL extensions:
X509v3 CRL Number:
4
No Revoked Certificates.
- Signature Algorithm: ecdsa-with-SHA1
- 30:45:02:20:4d:27:ef:a6:92:28:ad:20:13:b2:ad:67:78:bc:
- 04:b2:e6:35:0e:a5:33:64:14:a6:09:6d:06:4c:35:6c:96:a5:
- 02:21:00:c5:d1:ab:c2:d2:2d:be:26:24:9f:c4:66:67:ca:00:
- 68:3c:33:31:52:77:ee:36:d9:82:90:e5:2c:8d:e7:b0:e1
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:44:02:20:62:9b:53:ee:21:52:bc:61:e8:ec:7b:f8:28:35:
+ 43:98:b8:57:9c:c7:73:cc:a0:45:e8:b9:96:2e:1c:c6:62:ff:
+ 02:20:2b:64:b8:3a:30:2c:15:7f:cf:57:99:60:9d:51:82:82:
+ ef:b6:13:cc:86:93:a2:19:41:12:a0:ec:7e:1e:07:09
-----BEGIN X509 CRL-----
-MIIBKzCB0wIBATAJBgcqhkjOPQQBMIGUMQswCQYDVQQGEwJVUzEQMA4GA1UECAwH
-TW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEQMA4GA1UECgwHd29sZlNTTDEUMBIG
-A1UECwwLUHJvZ3JhbW1pbmcxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0G
-CSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbRcNMTUwMjA1MDYzMzMwWhcNMTcx
-MTAxMDYzMzMwWqAOMAwwCgYDVR0UBAMCAQQwCQYHKoZIzj0EAQNIADBFAiBNJ++m
-kiitIBOyrWd4vASy5jUOpTNkFKYJbQZMNWyWpQIhAMXRq8LSLb4mJJ/EZmfKAGg8
-MzFSd+422YKQ5SyN57Dh
+MIIBJTCBzQIBATAKBggqhkjOPQQDAjCBjTELMAkGA1UEBhMCVVMxDzANBgNVBAgM
+Bk9yZWdvbjEOMAwGA1UEBwwFU2FsZW0xEzARBgNVBAoMCkNsaWVudCBFQ0MxDTAL
+BgNVBAsMBEZhc3QxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3
+DQEJARYQaW5mb0B3b2xmc3NsLmNvbRcNMTUwNTA3MTgyMTAxWhcNMTgwMTMxMTgy
+MTAxWqAOMAwwCgYDVR0UBAMCAQQwCgYIKoZIzj0EAwIDRwAwRAIgYptT7iFSvGHo
+7Hv4KDVDmLhXnMdzzKBF6LmWLhzGYv8CICtkuDowLBV/z1eZYJ1RgoLvthPMhpOi
+GUESoOx+HgcJ
-----END X509 CRL-----
diff --git a/certs/crl/eccSrvCRL.pem b/certs/crl/eccSrvCRL.pem
index f573d35a3..0746599f3 100644
--- a/certs/crl/eccSrvCRL.pem
+++ b/certs/crl/eccSrvCRL.pem
@@ -1,24 +1,24 @@
Certificate Revocation List (CRL):
Version 2 (0x1)
- Signature Algorithm: ecdsa-with-SHA1
- Issuer: /C=US/ST=Montana/L=Bozeman/O=wolfSSL/OU=Programming/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
- Last Update: Feb 5 06:33:30 2015 GMT
- Next Update: Nov 1 06:33:30 2017 GMT
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: /C=US/ST=Washington/L=Seattle/O=Eliptic/OU=ECC/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+ Last Update: May 7 18:21:01 2015 GMT
+ Next Update: Jan 31 18:21:01 2018 GMT
CRL extensions:
X509v3 CRL Number:
5
No Revoked Certificates.
- Signature Algorithm: ecdsa-with-SHA1
- 30:44:02:20:01:00:6d:c3:b8:f8:2c:bb:84:4e:76:22:4e:af:
- 51:d5:b3:21:6f:0f:d1:df:a7:6a:ee:7d:6d:f2:9c:23:ef:7f:
- 02:20:13:79:14:7f:e3:c2:49:55:83:66:61:25:83:35:3a:a4:
- 05:92:26:be:6d:81:29:3a:54:63:60:f0:82:2d:36:e7
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:45:02:20:0d:fe:b7:79:fb:66:6c:cb:36:0a:1a:f3:6d:73:
+ ea:68:ab:fc:46:7e:49:bd:15:2a:9f:a1:17:50:56:82:cf:1f:
+ 02:21:00:ff:13:85:80:29:a4:60:54:10:93:fb:20:13:b8:9c:
+ 25:48:53:5e:4b:33:ef:5c:aa:9e:98:74:e0:c8:c3:ef:df
-----BEGIN X509 CRL-----
-MIIBKjCB0wIBATAJBgcqhkjOPQQBMIGUMQswCQYDVQQGEwJVUzEQMA4GA1UECAwH
-TW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEQMA4GA1UECgwHd29sZlNTTDEUMBIG
-A1UECwwLUHJvZ3JhbW1pbmcxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0G
-CSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbRcNMTUwMjA1MDYzMzMwWhcNMTcx
-MTAxMDYzMzMwWqAOMAwwCgYDVR0UBAMCAQUwCQYHKoZIzj0EAQNHADBEAiABAG3D
-uPgsu4ROdiJOr1HVsyFvD9Hfp2rufW3ynCPvfwIgE3kUf+PCSVWDZmElgzU6pAWS
-Jr5tgSk6VGNg8IItNuc=
+MIIBKDCBzwIBATAKBggqhkjOPQQDAjCBjzELMAkGA1UEBhMCVVMxEzARBgNVBAgM
+Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB0VsaXB0aWMx
+DDAKBgNVBAsMA0VDQzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZI
+hvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0xNTA1MDcxODIxMDFaFw0xODAxMzEx
+ODIxMDFaoA4wDDAKBgNVHRQEAwIBBTAKBggqhkjOPQQDAgNIADBFAiAN/rd5+2Zs
+yzYKGvNtc+poq/xGfkm9FSqfoRdQVoLPHwIhAP8ThYAppGBUEJP7IBO4nCVIU15L
+M+9cqp6YdODIw+/f
-----END X509 CRL-----
diff --git a/certs/crl/gencrls.sh b/certs/crl/gencrls.sh
index a18ecf3f7..3e500ff84 100755
--- a/certs/crl/gencrls.sh
+++ b/certs/crl/gencrls.sh
@@ -2,9 +2,36 @@
# gencrls, crl config already done, see taoCerts.txt for setup
+function setup_files() {
+ #set up the file system for updating the crls
+ echo "setting up the file system for generating the crls..."
+ echo ""
+ touch ./index.txt
+ touch ./crlnumber
+ echo "01" >> crlnumber
+ touch ./blank.index.txt
+ mkdir demoCA
+ touch ./demoCA/index.txt
+}
+function cleanup_files() {
+ rm blank.index.txt
+ rm index.*
+ rm crlnumber*
+ rm -r demoCA
+ echo "Removed ../wolfssl.cnf, blank.index.txt, index.*, crlnumber*, demoCA/"
+ echo ""
+ exit 0
+}
+trap cleanup_files EXIT
+
+#setup the files
+setup_files
# caCrl
+# revoke server-revoked-cert.pem
+openssl ca -config ../renewcerts/wolfssl.cnf -revoke ../server-revoked-cert.pem -keyfile ../ca-key.pem -cert ../ca-cert.pem
+
openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out crl.pem -keyfile ../ca-key.pem -cert ../ca-cert.pem
# metadata
@@ -55,3 +82,4 @@ mv tmp eccSrvCRL.pem
# install (only needed if working outside wolfssl)
#cp eccSrvCRL.pem ~/wolfssl/certs/crl/eccSrvCRL.pem
+exit 0
diff --git a/certs/gen_revoked.sh b/certs/gen_revoked.sh
new file mode 100755
index 000000000..143f2bc6a
--- /dev/null
+++ b/certs/gen_revoked.sh
@@ -0,0 +1,18 @@
+ ###########################################################
+ ########## update and sign server-revoked-key.pem ################
+ ###########################################################
+ echo "Updating server-revoked-cert.pem"
+ echo ""
+ #pipe the following arguments to openssl req...
+ echo -e "US\nMontana\nBozeman\nwolfSSL_revoked\nSupport_revoked\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key server-revoked-key.pem -nodes > server-revoked-req.pem
+
+ openssl x509 -req -in server-revoked-req.pem -extfile renewcerts/wolfssl.cnf -extensions wolfssl_opts -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 02 > server-revoked-cert.pem
+
+ rm server-revoked-req.pem
+
+ openssl x509 -in ca-cert.pem -text > ca_tmp.pem
+ openssl x509 -in server-revoked-cert.pem -text > srv_tmp.pem
+ mv srv_tmp.pem server-revoked-cert.pem
+ cat ca_tmp.pem >> server-revoked-cert.pem
+ rm ca_tmp.pem
+
diff --git a/certs/include.am b/certs/include.am
index 42a936435..a5e1ae2cc 100644
--- a/certs/include.am
+++ b/certs/include.am
@@ -24,8 +24,10 @@ EXTRA_DIST += \
certs/server-keyPkcs8Enc12.pem \
certs/server-keyPkcs8Enc2.pem \
certs/server-keyPkcs8Enc.pem \
- certs/server-keyPkcs8.pem
-
+ certs/server-keyPkcs8.pem \
+ certs/server-revoked-cert.pem \
+ certs/server-revoked-key.pem \
+ certs/wolfssl-website-ca.pem
EXTRA_DIST += \
certs/ca-key.der \
certs/ca-cert.der \
diff --git a/certs/renewcerts.sh b/certs/renewcerts.sh
index 33fcfcb2e..d021258f3 100755
--- a/certs/renewcerts.sh
+++ b/certs/renewcerts.sh
@@ -46,7 +46,7 @@ function run_renewcerts(){
echo "Updating 2048-bit client-cert.pem"
echo ""
#pipe the following arguments to openssl req...
- echo -e "US\nMontana\nBozeman\nwolfSSL\nProgramming\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key client-key.pem -nodes -out client-cert.csr
+ echo -e "US\nMontana\nBozeman\nwolfSSL_2048\nProgramming-2048\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key client-key.pem -nodes -out client-cert.csr
openssl x509 -req -in client-cert.csr -days 1000 -extfile wolfssl.cnf -extensions wolfssl_opts -signkey client-key.pem -out client-cert.pem
@@ -60,7 +60,7 @@ function run_renewcerts(){
echo "Updating 1024-bit client-cert.pem"
echo ""
#pipe the following arguments to openssl req...
- echo -e "US\nMontana\nBozeman\nwolfSSL\nProgramming\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key \1024/client-key.pem -nodes -out \1024/client-cert.csr
+ echo -e "US\nMontana\nBozeman\nwolfSSL_1024\nProgramming-1024\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key \1024/client-key.pem -nodes -out \1024/client-cert.csr
openssl x509 -req -in \1024/client-cert.csr -days 1000 -extfile wolfssl.cnf -extensions wolfssl_opts -signkey \1024/client-key.pem -out \1024/client-cert.pem
@@ -98,6 +98,23 @@ function run_renewcerts(){
mv srv_tmp.pem server-cert.pem
cat ca_tmp.pem >> server-cert.pem
rm ca_tmp.pem
+ ###########################################################
+ ########## update and sign server-revoked-key.pem #########
+ ###########################################################
+ echo "Updating server-revoked-cert.pem"
+ echo ""
+ #pipe the following arguments to openssl req...
+ echo -e "US\nMontana\nBozeman\nwolfSSL_revoked\nSupport_revoked\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key server-revoked-key.pem -nodes > server-revoked-req.pem
+
+ openssl x509 -req -in server-revoked-req.pem -extfile wolfssl.cnf -extensions wolfssl_opts -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 02 > server-revoked-cert.pem
+
+ rm server-revoked-req.pem
+
+ openssl x509 -in ca-cert.pem -text > ca_tmp.pem
+ openssl x509 -in server-revoked-cert.pem -text > srv_tmp.pem
+ mv srv_tmp.pem server-revoked-cert.pem
+ cat ca_tmp.pem >> server-revoked-cert.pem
+ rm ca_tmp.pem
############################################################
########## update and sign the server-ecc-rsa.pem ##########
############################################################
@@ -117,7 +134,7 @@ function run_renewcerts(){
echo "Updating client-ecc-cert.pem"
echo ""
#pipe the following arguments to openssl req...
- echo -e "US\nMontana\nBozeman\nwolfSSL\nProgramming\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ecc-client-key.pem -nodes -out client-ecc-cert.csr
+ echo -e "US\nOregon\nSalem\nClient ECC\nFast\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ecc-client-key.pem -nodes -out client-ecc-cert.csr
openssl x509 -req -in client-ecc-cert.csr -days 1000 -extfile wolfssl.cnf -extensions wolfssl_opts -signkey ecc-client-key.pem -out client-ecc-cert.pem
@@ -132,7 +149,7 @@ function run_renewcerts(){
echo "Updating server-ecc.pem"
echo ""
#pipe the following arguments to openssl req...
- echo -e "US\nMontana\nBozeman\nwolfSSL\nProgramming\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ecc-key.pem -nodes -out server-ecc.csr
+ echo -e "US\nWashington\nSeattle\nEliptic\nECC\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ecc-key.pem -nodes -out server-ecc.csr
openssl x509 -req -in server-ecc.csr -days 1000 -extfile wolfssl.cnf -extensions wolfssl_opts -signkey ecc-key.pem -out server-ecc.pem
@@ -146,7 +163,7 @@ function run_renewcerts(){
echo "Updating server-ecc-comp.pem"
echo ""
#pipe the following arguments to openssl req...
- echo -e "US\nMontana\nBozeman\nwolfSSL\nProgramming\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ecc-key-comp.pem -nodes -out server-ecc-comp.csr
+ echo -e "US\nMontana\nBozeman\nElliptic - comp\nServer ECC-comp\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ecc-key-comp.pem -nodes -out server-ecc-comp.csr
openssl x509 -req -in server-ecc-comp.csr -days 1000 -extfile wolfssl.cnf -extensions wolfssl_opts -signkey ecc-key-comp.pem -out server-ecc-comp.pem
@@ -181,16 +198,6 @@ function run_renewcerts(){
echo "We are back in the certs directory"
echo ""
- #set up the file system for updating the crls
- echo "setting up the file system for generating the crls..."
- echo ""
- touch crl/index.txt
- touch crl/crlnumber
- echo "01" >> crl/crlnumber
- touch crl/blank.index.txt
- mkdir crl/demoCA
- touch crl/demoCA/index.txt
-
echo "Updating the crls..."
echo ""
cd crl
@@ -205,12 +212,6 @@ function run_renewcerts(){
echo ""
rm ../wolfssl.cnf
- rm blank.index.txt
- rm index.*
- rm crlnumber*
- rm -r demoCA
- echo "Removed ../wolfssl.cnf, blank.index.txt, index.*, crlnumber*, demoCA/"
- echo ""
}
diff --git a/certs/server-cert.der b/certs/server-cert.der
index 6d18c29b8..0c936a241 100644
Binary files a/certs/server-cert.der and b/certs/server-cert.der differ
diff --git a/certs/server-cert.pem b/certs/server-cert.pem
index 2f0e93d4d..95df724e7 100644
--- a/certs/server-cert.pem
+++ b/certs/server-cert.pem
@@ -2,11 +2,11 @@ Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
- Signature Algorithm: sha1WithRSAEncryption
+ Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Validity
- Not Before: Feb 5 06:33:30 2015 GMT
- Not After : Nov 1 06:33:30 2017 GMT
+ Not Before: May 7 18:21:01 2015 GMT
+ Not After : Jan 31 18:21:01 2018 GMT
Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL, OU=Support, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
@@ -37,32 +37,32 @@ Certificate:
X509v3 Authority Key Identifier:
keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
- serial:FA:7D:38:9A:73:FB:12:19
+ serial:D9:80:3A:C3:D2:F4:DA:37
X509v3 Basic Constraints:
CA:TRUE
- Signature Algorithm: sha1WithRSAEncryption
- 4e:0e:2c:de:ab:bb:e9:9e:ab:65:0f:c8:9a:da:ca:ae:a7:87:
- 3f:15:06:ee:7d:22:88:8e:b0:88:fc:b8:b4:69:39:bf:ca:49:
- 65:75:01:90:85:8b:af:08:f1:ce:ac:2e:ad:30:34:80:58:77:
- ee:bc:bb:9b:74:c2:9c:91:b5:93:e2:f1:33:83:b8:0b:7e:0c:
- 58:0f:2e:91:d0:fb:53:f4:68:d7:36:24:85:ec:d6:23:5b:8e:
- 7e:3b:76:6a:a1:60:c0:29:a5:2e:bb:e9:02:bd:bc:a5:6b:cb:
- 3d:fd:a5:d3:66:84:76:58:46:7a:09:31:b5:b9:43:bb:35:13:
- 1f:32:21:94:c4:08:e7:16:ab:29:da:bf:8d:d1:30:a9:a0:ef:
- a6:da:fa:f0:50:21:6f:e9:37:a6:87:63:8a:7c:68:74:ab:33:
- 39:1f:ea:d1:ce:2c:7f:b5:eb:4a:51:9c:ba:b5:c2:20:e5:5f:
- d4:70:28:a9:80:08:eb:8d:3e:ee:fb:71:47:96:2a:2d:c7:79:
- 0e:a7:f9:ba:24:79:fb:a5:2f:c5:eb:91:b2:18:5f:6d:c1:18:
- d8:68:95:12:cc:68:f9:d1:06:86:b1:48:b0:5a:00:b5:04:2e:
- 50:37:bc:2f:f5:57:d2:49:17:43:5d:2f:64:01:3b:6a:09:44:
- a6:e2:1e:04
+ Signature Algorithm: sha256WithRSAEncryption
+ 67:c0:2c:a9:43:47:e7:11:14:77:ae:cc:d8:e0:6b:23:82:91:
+ 63:e8:a8:0d:21:c5:c8:47:97:2f:d5:f3:86:fb:6c:ce:25:f9:
+ 7c:78:c8:3a:22:68:f2:16:1e:d2:d2:3f:24:04:87:f2:b7:c1:
+ 62:63:ba:c5:fa:ae:d2:20:81:1a:d2:0c:ae:26:6b:1b:2b:10:
+ d3:e1:9a:4e:64:6c:97:db:36:a8:8f:f8:05:63:bf:ba:0d:88:
+ 0b:87:46:c9:e4:64:e3:d7:bd:b8:2d:d5:c1:c3:c4:db:55:68:
+ dc:a3:7a:40:b9:a9:f6:04:4a:22:cf:98:76:1c:e4:a3:ff:79:
+ 19:96:57:63:07:6f:f6:32:77:16:50:9b:e3:34:18:d4:eb:be:
+ fd:b6:6f:e3:c7:f6:85:bf:ac:32:ad:98:57:be:13:92:44:10:
+ a5:f3:ae:e2:66:da:44:a9:94:71:3f:d0:2f:20:59:87:e4:5a:
+ 40:ee:d2:e4:0c:ce:25:94:dc:0f:fe:38:e0:41:52:34:5c:bb:
+ c3:db:c1:5f:76:c3:5d:0e:32:69:2b:9d:01:ed:50:1b:4f:77:
+ a9:a9:d8:71:30:cb:2e:2c:70:00:ab:78:4b:d7:15:d9:17:f8:
+ 64:b2:f7:3a:da:e1:0b:8b:0a:e1:4e:b1:03:46:14:ca:94:e3:
+ 44:77:d7:59
-----BEGIN CERTIFICATE-----
-MIIEnjCCA4agAwIBAgIBATANBgkqhkiG9w0BAQUFADCBlDELMAkGA1UEBhMCVVMx
+MIIEnjCCA4agAwIBAgIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx
EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
-bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUwMjA1
-MDYzMzMwWhcNMTcxMTAxMDYzMzMwWjCBkDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM
+bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUwNTA3
+MTgyMTAxWhcNMTgwMTMxMTgyMTAxWjCBkDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM
B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xEDAOBgNVBAoMB3dvbGZTU0wxEDAO
BgNVBAsMB1N1cHBvcnQxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG
SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
@@ -76,23 +76,23 @@ sxEyyZKYhOLJ+NA7bgNCyh8OjjwwgckGA1UdIwSBwTCBvoAUJ45nEXTDJh0/7TNj
s6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5h
MRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwK
Q29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcN
-AQkBFhBpbmZvQHdvbGZzc2wuY29tggkA+n04mnP7EhkwDAYDVR0TBAUwAwEB/zAN
-BgkqhkiG9w0BAQUFAAOCAQEATg4s3qu76Z6rZQ/ImtrKrqeHPxUG7n0iiI6wiPy4
-tGk5v8pJZXUBkIWLrwjxzqwurTA0gFh37ry7m3TCnJG1k+LxM4O4C34MWA8ukdD7
-U/Ro1zYkhezWI1uOfjt2aqFgwCmlLrvpAr28pWvLPf2l02aEdlhGegkxtblDuzUT
-HzIhlMQI5xarKdq/jdEwqaDvptr68FAhb+k3podjinxodKszOR/q0c4sf7XrSlGc
-urXCIOVf1HAoqYAI640+7vtxR5YqLcd5Dqf5uiR5+6UvxeuRshhfbcEY2GiVEsxo
-+dEGhrFIsFoAtQQuUDe8L/VX0kkXQ10vZAE7aglEpuIeBA==
+AQkBFhBpbmZvQHdvbGZzc2wuY29tggkA2YA6w9L02jcwDAYDVR0TBAUwAwEB/zAN
+BgkqhkiG9w0BAQsFAAOCAQEAZ8AsqUNH5xEUd67M2OBrI4KRY+ioDSHFyEeXL9Xz
+hvtsziX5fHjIOiJo8hYe0tI/JASH8rfBYmO6xfqu0iCBGtIMriZrGysQ0+GaTmRs
+l9s2qI/4BWO/ug2IC4dGyeRk49e9uC3VwcPE21Vo3KN6QLmp9gRKIs+Ydhzko/95
+GZZXYwdv9jJ3FlCb4zQY1Ou+/bZv48f2hb+sMq2YV74TkkQQpfOu4mbaRKmUcT/Q
+LyBZh+RaQO7S5AzOJZTcD/444EFSNFy7w9vBX3bDXQ4yaSudAe1QG093qanYcTDL
+LixwAKt4S9cV2Rf4ZLL3OtrhC4sK4U6xA0YUypTjRHfXWQ==
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
- Serial Number: 18049645117592769049 (0xfa7d389a73fb1219)
- Signature Algorithm: sha1WithRSAEncryption
+ Serial Number: 15672591315981621815 (0xd9803ac3d2f4da37)
+ Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Validity
- Not Before: Feb 5 06:33:30 2015 GMT
- Not After : Nov 1 06:33:30 2017 GMT
+ Not Before: May 7 18:21:01 2015 GMT
+ Not After : Jan 31 18:21:01 2018 GMT
Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
@@ -123,32 +123,32 @@ Certificate:
X509v3 Authority Key Identifier:
keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
- serial:FA:7D:38:9A:73:FB:12:19
+ serial:D9:80:3A:C3:D2:F4:DA:37
X509v3 Basic Constraints:
CA:TRUE
- Signature Algorithm: sha1WithRSAEncryption
- 2c:02:0c:de:b2:46:a1:d8:59:0f:08:69:ad:d2:52:2e:ee:55:
- 78:bd:bb:71:d2:d7:b7:fe:7b:0f:8a:bc:6a:25:fd:d4:6d:1d:
- ab:00:e2:9d:d6:98:21:11:a4:41:e0:0d:4b:a4:38:7f:2e:0c:
- d6:80:dc:30:d7:cf:19:1b:43:2f:e7:b3:99:74:9c:b4:01:69:
- b1:c3:9b:9f:4a:89:2f:60:38:cb:7c:a1:78:93:38:5c:a8:ca:
- 46:0d:23:2d:99:a3:cf:0a:49:38:eb:07:06:57:cd:4a:55:35:
- 04:08:36:30:ca:75:69:4b:9a:84:08:c9:23:78:a9:f0:80:ce:
- 8a:25:bb:31:07:0e:11:e6:4a:95:8c:53:df:85:d9:48:45:cb:
- 5a:ef:de:92:c2:88:0e:da:ff:31:6b:4e:52:53:5f:f3:a8:3a:
- 42:f8:e1:0d:0a:c0:84:af:ec:21:b3:a7:98:b0:c8:6b:77:04:
- ef:f5:06:a5:51:3b:20:6f:bf:55:80:8c:cf:d4:78:ee:a2:d9:
- e3:52:34:9a:17:3d:87:10:4d:23:21:38:9b:35:f7:18:ac:34:
- bd:18:ae:a4:e2:32:2f:5d:a4:41:4c:bc:aa:88:b7:9e:45:14:
- 92:e9:e8:ee:fc:1d:28:f5:59:fd:de:bd:3d:73:dd:b4:9f:2e:
- 77:c0:75:41
+ Signature Algorithm: sha256WithRSAEncryption
+ 7a:af:44:3b:aa:6f:53:42:b2:33:aa:43:5f:56:30:d3:b9:96:
+ 0b:9a:55:5a:39:2a:0b:4e:e4:2e:f1:95:66:c9:86:36:82:8d:
+ 63:7c:4d:a2:ee:48:ba:03:c7:90:d7:a7:c6:74:60:48:5f:31:
+ a2:f9:5e:3e:c3:82:e1:e5:2f:41:81:83:29:25:79:d1:53:00:
+ 69:3c:ed:0a:30:3b:41:1d:92:a1:2c:a8:9d:2c:e3:23:87:79:
+ e0:55:6e:91:a8:50:da:46:2f:c2:20:50:3e:2b:47:97:14:b0:
+ 7d:04:ba:45:51:d0:6e:e1:5a:a2:4b:84:9c:4d:cd:85:04:f9:
+ 28:31:82:93:bc:c7:59:49:91:03:e8:df:6a:e4:56:ad:6a:cb:
+ 1f:0d:37:e4:5e:bd:e7:9f:d5:ec:9d:3c:18:25:9b:f1:2f:50:
+ 7d:eb:31:cb:f1:63:22:9d:57:fc:f3:84:20:1a:c6:07:87:92:
+ 26:9e:15:18:59:33:06:dc:fb:b0:b6:76:5d:f1:c1:2f:c8:2f:
+ 62:9c:c0:d6:de:eb:65:77:f3:5c:a6:c3:88:27:96:75:b4:f4:
+ 54:cd:ff:2d:21:2e:96:f0:07:73:4b:e9:93:92:90:de:62:d9:
+ a3:3b:ac:6e:24:5f:27:4a:b3:94:70:ff:30:17:e7:7e:32:8f:
+ 65:b7:75:58
-----BEGIN CERTIFICATE-----
-MIIEqjCCA5KgAwIBAgIJAPp9OJpz+xIZMA0GCSqGSIb3DQEBBQUAMIGUMQswCQYD
+MIIEqjCCA5KgAwIBAgIJANmAOsPS9No3MA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD
VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G
A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3
dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAe
-Fw0xNTAyMDUwNjMzMzBaFw0xNzExMDEwNjMzMzBaMIGUMQswCQYDVQQGEwJVUzEQ
+Fw0xNTA1MDcxODIxMDFaFw0xODAxMzExODIxMDFaMIGUMQswCQYDVQQGEwJVUzEQ
MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3
dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns
LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZI
@@ -162,11 +162,11 @@ XDjNdyXvvYB1U5Q8PcpjW58VtdMdEy8Z0TzbdjrMuH3J5cLX2kBv2CHccxtCLVOc
J45nEXTDJh0/7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYD
VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290
aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t
-MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkA+n04mnP7EhkwDAYD
-VR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEALAIM3rJGodhZDwhprdJSLu5V
-eL27cdLXt/57D4q8aiX91G0dqwDindaYIRGkQeANS6Q4fy4M1oDcMNfPGRtDL+ez
-mXSctAFpscObn0qJL2A4y3yheJM4XKjKRg0jLZmjzwpJOOsHBlfNSlU1BAg2MMp1
-aUuahAjJI3ip8IDOiiW7MQcOEeZKlYxT34XZSEXLWu/eksKIDtr/MWtOUlNf86g6
-QvjhDQrAhK/sIbOnmLDIa3cE7/UGpVE7IG+/VYCMz9R47qLZ41I0mhc9hxBNIyE4
-mzX3GKw0vRiupOIyL12kQUy8qoi3nkUUkuno7vwdKPVZ/d69PXPdtJ8ud8B1QQ==
+MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkA2YA6w9L02jcwDAYD
+VR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAeq9EO6pvU0KyM6pDX1Yw07mW
+C5pVWjkqC07kLvGVZsmGNoKNY3xNou5IugPHkNenxnRgSF8xovlePsOC4eUvQYGD
+KSV50VMAaTztCjA7QR2SoSyonSzjI4d54FVukahQ2kYvwiBQPitHlxSwfQS6RVHQ
+buFaokuEnE3NhQT5KDGCk7zHWUmRA+jfauRWrWrLHw035F6955/V7J08GCWb8S9Q
+fesxy/FjIp1X/POEIBrGB4eSJp4VGFkzBtz7sLZ2XfHBL8gvYpzA1t7rZXfzXKbD
+iCeWdbT0VM3/LSEulvAHc0vpk5KQ3mLZozusbiRfJ0qzlHD/MBfnfjKPZbd1WA==
-----END CERTIFICATE-----
diff --git a/certs/server-ecc-comp.pem b/certs/server-ecc-comp.pem
index a00126466..50b74f85b 100644
--- a/certs/server-ecc-comp.pem
+++ b/certs/server-ecc-comp.pem
@@ -1,13 +1,13 @@
Certificate:
Data:
Version: 3 (0x2)
- Serial Number: 16258826233447050485 (0xe1a2f450fd69ecf5)
- Signature Algorithm: ecdsa-with-SHA1
- Issuer: C=US, ST=Montana, L=Bozeman, O=wolfSSL, OU=Programming, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+ Serial Number: 17764616133298603308 (0xf6889840946fc52c)
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: C=US, ST=Montana, L=Bozeman, O=Elliptic - comp, OU=Server ECC-comp, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Validity
- Not Before: Feb 5 06:33:30 2015 GMT
- Not After : Nov 1 06:33:30 2017 GMT
- Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL, OU=Programming, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+ Not Before: May 7 18:21:01 2015 GMT
+ Not After : Jan 31 18:21:01 2018 GMT
+ Subject: C=US, ST=Montana, L=Bozeman, O=Elliptic - comp, OU=Server ECC-comp, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
@@ -21,31 +21,32 @@ Certificate:
8C:38:3A:6B:B8:24:B7:DF:6E:F4:59:AC:56:4E:AA:E2:58:A6:5A:18
X509v3 Authority Key Identifier:
keyid:8C:38:3A:6B:B8:24:B7:DF:6E:F4:59:AC:56:4E:AA:E2:58:A6:5A:18
- DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL/OU=Programming/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
- serial:E1:A2:F4:50:FD:69:EC:F5
+ DirName:/C=US/ST=Montana/L=Bozeman/O=Elliptic - comp/OU=Server ECC-comp/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+ serial:F6:88:98:40:94:6F:C5:2C
X509v3 Basic Constraints:
CA:TRUE
- Signature Algorithm: ecdsa-with-SHA1
- 30:44:02:20:72:05:71:ab:5b:4b:64:03:ff:77:0e:f7:a7:8b:
- 70:85:52:5a:45:a7:85:90:3d:54:a4:49:23:98:23:2c:f6:db:
- 02:20:76:f5:ad:98:20:b7:00:e2:b9:a2:97:5e:cd:18:16:90:
- a7:cc:e5:eb:34:60:83:01:49:0a:0e:e7:62:ef:85:ca
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:46:02:21:00:9c:f8:3e:f6:5e:cd:da:b1:08:fe:e2:bd:78:
+ 14:b5:33:b3:29:69:d0:a0:de:19:05:ec:c3:46:29:01:8c:4c:
+ 56:02:21:00:e2:e7:ea:37:c1:08:f6:15:73:0c:92:4f:25:63:
+ f6:53:96:31:4c:9f:1d:1a:1f:c0:a0:a3:48:bd:71:ce:13:11
-----BEGIN CERTIFICATE-----
-MIIC+zCCAqOgAwIBAgIJAOGi9FD9aez1MAkGByqGSM49BAEwgZQxCzAJBgNVBAYT
-AlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRAwDgYDVQQK
-DAd3b2xmU1NMMRQwEgYDVQQLDAtQcm9ncmFtbWluZzEYMBYGA1UEAwwPd3d3Lndv
-bGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE1
-MDIwNTA2MzMzMFoXDTE3MTEwMTA2MzMzMFowgZQxCzAJBgNVBAYTAlVTMRAwDgYD
-VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRAwDgYDVQQKDAd3b2xmU1NM
-MRQwEgYDVQQLDAtQcm9ncmFtbWluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t
-MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMDkwEwYHKoZIzj0CAQYI
-KoZIzj0DAQcDIgACuzOsTCdQSsZKpQTDPN6fNttyLc6U6iv6yyAJOSwW6GGjgfww
-gfkwHQYDVR0OBBYEFIw4Omu4JLffbvRZrFZOquJYploYMIHJBgNVHSMEgcEwgb6A
-FIw4Omu4JLffbvRZrFZOquJYploYoYGapIGXMIGUMQswCQYDVQQGEwJVUzEQMA4G
-A1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEQMA4GA1UECgwHd29sZlNT
-TDEUMBIGA1UECwwLUHJvZ3JhbW1pbmcxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNv
-bTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIJAOGi9FD9aez1MAwG
-A1UdEwQFMAMBAf8wCQYHKoZIzj0EAQNHADBEAiByBXGrW0tkA/93Dveni3CFUlpF
-p4WQPVSkSSOYIyz22wIgdvWtmCC3AOK5opdezRgWkKfM5es0YIMBSQoO52Lvhco=
+MIIDJTCCAsqgAwIBAgIJAPaImECUb8UsMAoGCCqGSM49BAMCMIGgMQswCQYDVQQG
+EwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEYMBYGA1UE
+CgwPRWxsaXB0aWMgLSBjb21wMRgwFgYDVQQLDA9TZXJ2ZXIgRUNDLWNvbXAxGDAW
+BgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xm
+c3NsLmNvbTAeFw0xNTA1MDcxODIxMDFaFw0xODAxMzExODIxMDFaMIGgMQswCQYD
+VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEYMBYG
+A1UECgwPRWxsaXB0aWMgLSBjb21wMRgwFgYDVQQLDA9TZXJ2ZXIgRUNDLWNvbXAx
+GDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3
+b2xmc3NsLmNvbTA5MBMGByqGSM49AgEGCCqGSM49AwEHAyIAArszrEwnUErGSqUE
+wzzenzbbci3OlOor+ssgCTksFuhho4IBCTCCAQUwHQYDVR0OBBYEFIw4Omu4JLff
+bvRZrFZOquJYploYMIHVBgNVHSMEgc0wgcqAFIw4Omu4JLffbvRZrFZOquJYploY
+oYGmpIGjMIGgMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UE
+BwwHQm96ZW1hbjEYMBYGA1UECgwPRWxsaXB0aWMgLSBjb21wMRgwFgYDVQQLDA9T
+ZXJ2ZXIgRUNDLWNvbXAxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG
+SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIJAPaImECUb8UsMAwGA1UdEwQFMAMB
+Af8wCgYIKoZIzj0EAwIDSQAwRgIhAJz4PvZezdqxCP7ivXgUtTOzKWnQoN4ZBezD
+RikBjExWAiEA4ufqN8EI9hVzDJJPJWP2U5YxTJ8dGh/AoKNIvXHOExE=
-----END CERTIFICATE-----
diff --git a/certs/server-ecc-rsa.pem b/certs/server-ecc-rsa.pem
index c34962130..4c90d1dd4 100644
--- a/certs/server-ecc-rsa.pem
+++ b/certs/server-ecc-rsa.pem
@@ -2,11 +2,11 @@ Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
- Signature Algorithm: sha1WithRSAEncryption
+ Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Validity
- Not Before: Feb 5 06:33:30 2015 GMT
- Not After : Nov 1 06:33:30 2017 GMT
+ Not Before: May 7 18:21:01 2015 GMT
+ Not After : Jan 31 18:21:01 2018 GMT
Subject: C=US, ST=Montana, L=Bozeman, O=Elliptic - RSAsig, OU=ECC-RSAsig, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
@@ -24,32 +24,32 @@ Certificate:
X509v3 Authority Key Identifier:
keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
- serial:FA:7D:38:9A:73:FB:12:19
+ serial:D9:80:3A:C3:D2:F4:DA:37
X509v3 Basic Constraints:
CA:TRUE
- Signature Algorithm: sha1WithRSAEncryption
- 18:f4:db:2f:82:5d:c3:07:31:1f:e6:af:4e:ea:dd:00:37:8c:
- 79:2f:33:37:0c:c9:fc:78:ad:77:31:24:32:09:0b:e6:43:d5:
- 94:c1:b3:d9:a7:09:14:4e:fa:5f:19:52:97:eb:b2:4c:7d:c0:
- 08:d1:2e:ea:74:11:ee:a8:e7:bc:82:a4:18:b1:44:e8:5e:a8:
- 1f:b9:10:d2:74:09:a7:2d:fc:42:88:3e:ff:79:ef:93:4f:7e:
- 5e:d8:5c:2e:07:13:4a:1b:fc:fd:31:70:e3:ab:b5:8a:6e:bb:
- cf:03:e3:60:3e:89:7f:40:09:a4:41:ad:57:58:5a:15:0f:a9:
- ae:d0:58:06:de:44:6b:fd:fb:d1:52:42:9b:29:3c:2a:98:f6:
- e9:bc:c1:a5:05:38:a0:42:aa:63:b0:de:97:22:ab:99:0e:30:
- 4d:d0:bc:34:5d:dc:81:ff:0b:e9:33:3e:91:ad:d9:96:90:76:
- 65:37:35:fb:b5:85:01:b2:b6:70:fe:a8:6e:00:cb:4b:d6:83:
- 42:6c:96:88:28:d4:26:e9:09:82:d6:d3:67:65:2d:c2:8e:c7:
- dc:d5:3b:39:7b:d2:f5:9b:85:25:a6:f2:16:d1:05:31:27:fb:
- 6b:20:c4:ae:b9:85:46:bb:e3:06:89:96:c8:95:bd:34:5d:dc:
- b1:16:bc:77
+ Signature Algorithm: sha256WithRSAEncryption
+ ac:2b:a9:d9:15:3b:9a:42:fb:86:2b:c1:f2:18:7c:a6:ca:27:
+ 0b:48:81:64:20:3b:d3:4f:ee:95:d4:c5:fd:5f:c7:d6:ab:a1:
+ 41:85:cc:e1:16:e1:fd:ce:8a:af:95:27:f2:f0:7a:3d:59:5d:
+ 3a:5d:03:99:cb:4c:5c:19:35:9c:b2:6e:7e:2b:10:e2:7f:ef:
+ 14:35:79:ca:67:eb:51:a9:e9:bb:5f:52:af:9d:79:80:b5:31:
+ 5c:f0:20:ca:c7:e9:9b:29:82:c4:a4:74:0a:2a:76:ea:ad:59:
+ a2:f9:a2:cf:53:40:11:ac:1a:de:fc:ab:28:96:9f:cf:ff:b9:
+ 74:31:95:c4:6d:d2:76:c1:93:97:75:a6:9f:69:a3:7d:92:75:
+ b8:27:a2:bd:4d:4b:54:11:b4:8a:43:f2:fc:10:a5:82:fb:51:
+ 45:57:86:00:85:71:91:21:37:5c:9f:f3:68:06:ae:9e:86:46:
+ 8d:4b:e3:d0:42:a4:cf:c1:5d:95:bc:1a:92:f8:44:1e:a0:1b:
+ c8:98:41:af:8e:94:41:60:69:b1:7c:8e:70:ce:88:42:44:3a:
+ 2d:3f:de:6e:3a:aa:d1:64:be:03:68:60:b6:ac:e5:44:c1:bb:
+ f1:c9:40:90:c2:c9:8f:ec:32:9d:e0:b4:4b:1a:e7:da:99:94:
+ fe:e2:b6:2a
-----BEGIN CERTIFICATE-----
-MIID4DCCAsigAwIBAgIBATANBgkqhkiG9w0BAQUFADCBlDELMAkGA1UEBhMCVVMx
+MIID4DCCAsigAwIBAgIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx
EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
-bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUwMjA1
-MDYzMzMwWhcNMTcxMTAxMDYzMzMwWjCBnTELMAkGA1UEBhMCVVMxEDAOBgNVBAgM
+bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUwNTA3
+MTgyMTAxWhcNMTgwMTMxMTgyMTAxWjCBnTELMAkGA1UEBhMCVVMxEDAOBgNVBAgM
B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xGjAYBgNVBAoMEUVsbGlwdGljIC0g
UlNBc2lnMRMwEQYDVQQLDApFQ0MtUlNBc2lnMRgwFgYDVQQDDA93d3cud29sZnNz
bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wWTATBgcqhkjO
@@ -59,11 +59,11 @@ BBRdXSbvrH42+Zt2FStKJQIj77KJMDCByQYDVR0jBIHBMIG+gBQnjmcRdMMmHT/t
M2OzpNgdMOXo1aGBmqSBlzCBlDELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRh
bmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3RoMRMwEQYDVQQL
DApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG
-9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CCQD6fTiac/sSGTAMBgNVHRMEBTADAQH/
-MA0GCSqGSIb3DQEBBQUAA4IBAQAY9Nsvgl3DBzEf5q9O6t0AN4x5LzM3DMn8eK13
-MSQyCQvmQ9WUwbPZpwkUTvpfGVKX67JMfcAI0S7qdBHuqOe8gqQYsUToXqgfuRDS
-dAmnLfxCiD7/ee+TT35e2FwuBxNKG/z9MXDjq7WKbrvPA+NgPol/QAmkQa1XWFoV
-D6mu0FgG3kRr/fvRUkKbKTwqmPbpvMGlBTigQqpjsN6XIquZDjBN0Lw0XdyB/wvp
-Mz6RrdmWkHZlNzX7tYUBsrZw/qhuAMtL1oNCbJaIKNQm6QmC1tNnZS3Cjsfc1Ts5
-e9L1m4UlpvIW0QUxJ/trIMSuuYVGu+MGiZbIlb00XdyxFrx3
+9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CCQDZgDrD0vTaNzAMBgNVHRMEBTADAQH/
+MA0GCSqGSIb3DQEBCwUAA4IBAQCsK6nZFTuaQvuGK8HyGHymyicLSIFkIDvTT+6V
+1MX9X8fWq6FBhczhFuH9zoqvlSfy8Ho9WV06XQOZy0xcGTWcsm5+KxDif+8UNXnK
+Z+tRqem7X1KvnXmAtTFc8CDKx+mbKYLEpHQKKnbqrVmi+aLPU0ARrBre/Ksolp/P
+/7l0MZXEbdJ2wZOXdaafaaN9knW4J6K9TUtUEbSKQ/L8EKWC+1FFV4YAhXGRITdc
+n/NoBq6ehkaNS+PQQqTPwV2VvBqS+EQeoBvImEGvjpRBYGmxfI5wzohCRDotP95u
+OqrRZL4DaGC2rOVEwbvxyUCQwsmP7DKd4LRLGufamZT+4rYq
-----END CERTIFICATE-----
diff --git a/certs/server-ecc.pem b/certs/server-ecc.pem
index 26beb0be9..1957e0eab 100644
--- a/certs/server-ecc.pem
+++ b/certs/server-ecc.pem
@@ -1,13 +1,13 @@
Certificate:
Data:
Version: 3 (0x2)
- Serial Number: 9356926451288716285 (0x81da7b08468533fd)
- Signature Algorithm: ecdsa-with-SHA1
- Issuer: C=US, ST=Montana, L=Bozeman, O=wolfSSL, OU=Programming, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+ Serial Number: 12841786837162396166 (0xb2373116f65a0a06)
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: C=US, ST=Washington, L=Seattle, O=Eliptic, OU=ECC, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Validity
- Not Before: Feb 5 06:33:30 2015 GMT
- Not After : Nov 1 06:33:30 2017 GMT
- Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL, OU=Programming, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+ Not Before: May 7 18:21:01 2015 GMT
+ Not After : Jan 31 18:21:01 2018 GMT
+ Subject: C=US, ST=Washington, L=Seattle, O=Eliptic, OU=ECC, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
@@ -23,32 +23,32 @@ Certificate:
5D:5D:26:EF:AC:7E:36:F9:9B:76:15:2B:4A:25:02:23:EF:B2:89:30
X509v3 Authority Key Identifier:
keyid:5D:5D:26:EF:AC:7E:36:F9:9B:76:15:2B:4A:25:02:23:EF:B2:89:30
- DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL/OU=Programming/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
- serial:81:DA:7B:08:46:85:33:FD
+ DirName:/C=US/ST=Washington/L=Seattle/O=Eliptic/OU=ECC/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+ serial:B2:37:31:16:F6:5A:0A:06
X509v3 Basic Constraints:
CA:TRUE
- Signature Algorithm: ecdsa-with-SHA1
- 30:45:02:21:00:a0:70:22:57:ad:97:06:b5:9b:fa:5a:1c:b2:
- 77:ed:54:09:7d:9a:5c:ca:02:56:d7:32:1d:41:e6:d5:5a:09:
- 29:02:20:4e:95:75:27:3d:3c:93:ba:97:3f:f4:2d:35:3e:c8:
- 57:75:e1:81:3d:5e:09:bf:86:a2:8b:ef:0b:d1:77:4f:b5
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:45:02:20:35:25:33:ea:7c:3b:e2:2e:ed:e4:2e:9a:91:f1:
+ c3:86:ff:a7:27:35:a9:f6:29:d6:f8:d5:9a:0b:35:f1:21:c7:
+ 02:21:00:bc:79:f7:fd:66:d4:d3:46:61:e4:19:e5:f7:74:03:
+ 83:27:f8:26:c0:86:15:a9:e2:10:e3:ad:6b:b9:1c:1d:eb
-----BEGIN CERTIFICATE-----
-MIIDHDCCAsOgAwIBAgIJAIHaewhGhTP9MAkGByqGSM49BAEwgZQxCzAJBgNVBAYT
-AlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRAwDgYDVQQK
-DAd3b2xmU1NMMRQwEgYDVQQLDAtQcm9ncmFtbWluZzEYMBYGA1UEAwwPd3d3Lndv
-bGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE1
-MDIwNTA2MzMzMFoXDTE3MTEwMTA2MzMzMFowgZQxCzAJBgNVBAYTAlVTMRAwDgYD
-VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRAwDgYDVQQKDAd3b2xmU1NM
-MRQwEgYDVQQLDAtQcm9ncmFtbWluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t
-MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMFkwEwYHKoZIzj0CAQYI
-KoZIzj0DAQcDQgAEuzOsTCdQSsZKpQTDPN6fNttyLc6U6iv6yyAJOSwW6GEC6a9N
-0wKTmjFbl5Ihf/DPGNqREQI0huggWDMLgDSJ2KOB/DCB+TAdBgNVHQ4EFgQUXV0m
-76x+NvmbdhUrSiUCI++yiTAwgckGA1UdIwSBwTCBvoAUXV0m76x+NvmbdhUrSiUC
-I++yiTChgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAw
-DgYDVQQHDAdCb3plbWFuMRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtQcm9n
-cmFtbWluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkB
-FhBpbmZvQHdvbGZzc2wuY29tggkAgdp7CEaFM/0wDAYDVR0TBAUwAwEB/zAJBgcq
-hkjOPQQBA0gAMEUCIQCgcCJXrZcGtZv6Whyyd+1UCX2aXMoCVtcyHUHm1VoJKQIg
-TpV1Jz08k7qXP/QtNT7IV3XhgT1eCb+GoovvC9F3T7U=
+MIIDDzCCArWgAwIBAgIJALI3MRb2WgoGMAoGCCqGSM49BAMCMIGPMQswCQYDVQQG
+EwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEQMA4G
+A1UECgwHRWxpcHRpYzEMMAoGA1UECwwDRUNDMRgwFgYDVQQDDA93d3cud29sZnNz
+bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUwNTA3
+MTgyMTAxWhcNMTgwMTMxMTgyMTAxWjCBjzELMAkGA1UEBhMCVVMxEzARBgNVBAgM
+Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB0VsaXB0aWMx
+DDAKBgNVBAsMA0VDQzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZI
+hvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD
+QgAEuzOsTCdQSsZKpQTDPN6fNttyLc6U6iv6yyAJOSwW6GEC6a9N0wKTmjFbl5Ih
+f/DPGNqREQI0huggWDMLgDSJ2KOB9zCB9DAdBgNVHQ4EFgQUXV0m76x+NvmbdhUr
+SiUCI++yiTAwgcQGA1UdIwSBvDCBuYAUXV0m76x+NvmbdhUrSiUCI++yiTChgZWk
+gZIwgY8xCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQH
+DAdTZWF0dGxlMRAwDgYDVQQKDAdFbGlwdGljMQwwCgYDVQQLDANFQ0MxGDAWBgNV
+BAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3Ns
+LmNvbYIJALI3MRb2WgoGMAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIg
+NSUz6nw74i7t5C6akfHDhv+nJzWp9inW+NWaCzXxIccCIQC8eff9ZtTTRmHkGeX3
+dAODJ/gmwIYVqeIQ461ruRwd6w==
-----END CERTIFICATE-----
diff --git a/certs/server-revoked-cert.pem b/certs/server-revoked-cert.pem
new file mode 100644
index 000000000..65028f3b0
--- /dev/null
+++ b/certs/server-revoked-cert.pem
@@ -0,0 +1,173 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 2 (0x2)
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+ Validity
+ Not Before: Jul 23 22:04:57 2015 GMT
+ Not After : Apr 18 22:04:57 2018 GMT
+ Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL_revoked, OU=Support_revoked, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:b0:14:16:3a:43:dd:e1:50:45:4f:cf:80:b3:dd:
+ 66:96:c7:e9:f4:dc:de:b6:6b:24:1b:76:48:ac:c6:
+ 23:a5:a7:e4:05:19:bd:b7:f6:de:fa:ff:ed:5b:3c:
+ 79:8a:a9:d5:f1:fb:eb:c8:b1:e4:b2:ab:52:72:89:
+ 93:22:5c:ba:cd:8a:36:2a:2c:d1:40:ec:a8:66:0e:
+ c3:76:cd:e7:b3:a3:0a:1e:dd:4a:07:82:17:81:ba:
+ de:57:ce:b6:32:81:c7:bd:11:bb:e9:15:22:4e:e2:
+ 16:ac:e3:d4:c0:68:88:6c:11:fc:c2:bd:1b:db:1d:
+ fd:e6:43:c7:1b:33:b8:f4:e5:1b:59:39:12:38:4d:
+ 2d:9b:64:68:98:fc:8d:72:12:91:f2:24:25:6c:4c:
+ 4a:48:57:92:00:cc:7e:d8:d4:3d:b8:1d:f2:9e:ea:
+ b2:23:0f:51:0f:11:41:1c:f5:27:00:1b:08:7a:12:
+ 3a:05:5b:03:24:fe:b1:7b:20:fa:e4:a8:58:c6:ca:
+ ce:7f:be:95:01:12:9d:05:e6:39:13:1b:c0:3e:56:
+ 2e:2b:9f:76:37:de:de:9b:e0:0d:7a:63:0d:a7:22:
+ 58:db:31:c7:f7:b4:46:5c:ba:b6:4b:48:b1:18:9a:
+ 68:b3:63:47:fd:af:12:5f:2f:fe:10:cb:58:2b:33:
+ 68:85
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Key Identifier:
+ D8:09:2B:59:E1:2A:EE:D9:EE:40:AA:9C:AB:F0:5D:28:09:4F:22:BB
+ X509v3 Authority Key Identifier:
+ keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
+ DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+ serial:D9:80:3A:C3:D2:F4:DA:37
+
+ X509v3 Basic Constraints:
+ CA:TRUE
+ Signature Algorithm: sha256WithRSAEncryption
+ 34:66:48:5b:30:5c:6e:fa:76:c9:6a:ce:07:79:d9:99:fa:7a:
+ 9d:80:2d:fc:51:78:71:c4:31:2c:40:28:c8:63:26:6f:d2:39:
+ 63:97:3f:00:d3:d0:69:10:3f:a9:00:07:7b:59:44:85:29:03:
+ 31:0a:d8:ed:88:e5:1e:fa:e0:8c:9b:e0:7e:6e:d6:fb:7c:cc:
+ cf:bd:43:0a:df:15:bd:8f:2a:6f:b2:51:19:b8:2a:64:0e:25:
+ 68:75:af:43:5a:bf:40:2b:69:9c:27:81:0c:5d:78:a1:55:a4:
+ 21:a0:87:9e:a2:aa:60:ac:da:2f:30:f5:d5:c9:c1:22:6b:c1:
+ 06:c2:42:c7:56:35:13:cd:af:5f:c9:89:bf:e9:30:b3:92:bc:
+ 21:6d:b8:23:85:46:44:3f:52:72:a4:7b:95:41:1a:b1:03:92:
+ aa:0c:5c:2e:16:95:c5:60:7a:6c:6b:f8:ae:9b:b7:08:c9:1f:
+ 0d:85:91:e0:7f:bc:0d:0d:c7:69:2d:5f:99:b7:88:06:be:c5:
+ d3:84:1a:46:b6:cb:53:04:27:e9:71:36:72:41:f6:63:9b:cb:
+ 25:6f:16:8b:0e:ef:42:db:b5:27:45:cf:a7:3e:3e:ae:78:7c:
+ d8:6b:a8:f6:52:e4:a7:93:b7:8c:94:d2:4a:93:04:20:67:aa:
+ c3:ea:24:f9
+-----BEGIN CERTIFICATE-----
+MIIErjCCA5agAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx
+EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
+d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
+bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUwNzIz
+MjIwNDU3WhcNMTgwNDE4MjIwNDU3WjCBoDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM
+B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xGDAWBgNVBAoMD3dvbGZTU0xfcmV2
+b2tlZDEYMBYGA1UECwwPU3VwcG9ydF9yZXZva2VkMRgwFgYDVQQDDA93d3cud29s
+ZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwFBY6Q93hUEVPz4Cz3WaWx+n03N62
+ayQbdkisxiOlp+QFGb239t76/+1bPHmKqdXx++vIseSyq1JyiZMiXLrNijYqLNFA
+7KhmDsN2zeezowoe3UoHgheBut5XzrYygce9EbvpFSJO4has49TAaIhsEfzCvRvb
+Hf3mQ8cbM7j05RtZORI4TS2bZGiY/I1yEpHyJCVsTEpIV5IAzH7Y1D24HfKe6rIj
+D1EPEUEc9ScAGwh6EjoFWwMk/rF7IPrkqFjGys5/vpUBEp0F5jkTG8A+Vi4rn3Y3
+3t6b4A16Yw2nIljbMcf3tEZcurZLSLEYmmizY0f9rxJfL/4Qy1grM2iFAgMBAAGj
+gfwwgfkwHQYDVR0OBBYEFNgJK1nhKu7Z7kCqnKvwXSgJTyK7MIHJBgNVHSMEgcEw
+gb6AFCeOZxF0wyYdP+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYDVQQGEwJVUzEQ
+MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3
+dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns
+LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIJANmAOsPS9No3
+MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBADRmSFswXG76dslqzgd5
+2Zn6ep2ALfxReHHEMSxAKMhjJm/SOWOXPwDT0GkQP6kAB3tZRIUpAzEK2O2I5R76
+4Iyb4H5u1vt8zM+9QwrfFb2PKm+yURm4KmQOJWh1r0Nav0AraZwngQxdeKFVpCGg
+h56iqmCs2i8w9dXJwSJrwQbCQsdWNRPNr1/Jib/pMLOSvCFtuCOFRkQ/UnKke5VB
+GrEDkqoMXC4WlcVgemxr+K6btwjJHw2FkeB/vA0Nx2ktX5m3iAa+xdOEGka2y1ME
+J+lxNnJB9mObyyVvFosO70LbtSdFz6c+Pq54fNhrqPZS5KeTt4yU0kqTBCBnqsPq
+JPk=
+-----END CERTIFICATE-----
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 15672591315981621815 (0xd9803ac3d2f4da37)
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+ Validity
+ Not Before: May 7 18:21:01 2015 GMT
+ Not After : Jan 31 18:21:01 2018 GMT
+ Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:bf:0c:ca:2d:14:b2:1e:84:42:5b:cd:38:1f:4a:
+ f2:4d:75:10:f1:b6:35:9f:df:ca:7d:03:98:d3:ac:
+ de:03:66:ee:2a:f1:d8:b0:7d:6e:07:54:0b:10:98:
+ 21:4d:80:cb:12:20:e7:cc:4f:de:45:7d:c9:72:77:
+ 32:ea:ca:90:bb:69:52:10:03:2f:a8:f3:95:c5:f1:
+ 8b:62:56:1b:ef:67:6f:a4:10:41:95:ad:0a:9b:e3:
+ a5:c0:b0:d2:70:76:50:30:5b:a8:e8:08:2c:7c:ed:
+ a7:a2:7a:8d:38:29:1c:ac:c7:ed:f2:7c:95:b0:95:
+ 82:7d:49:5c:38:cd:77:25:ef:bd:80:75:53:94:3c:
+ 3d:ca:63:5b:9f:15:b5:d3:1d:13:2f:19:d1:3c:db:
+ 76:3a:cc:b8:7d:c9:e5:c2:d7:da:40:6f:d8:21:dc:
+ 73:1b:42:2d:53:9c:fe:1a:fc:7d:ab:7a:36:3f:98:
+ de:84:7c:05:67:ce:6a:14:38:87:a9:f1:8c:b5:68:
+ cb:68:7f:71:20:2b:f5:a0:63:f5:56:2f:a3:26:d2:
+ b7:6f:b1:5a:17:d7:38:99:08:fe:93:58:6f:fe:c3:
+ 13:49:08:16:0b:a7:4d:67:00:52:31:67:23:4e:98:
+ ed:51:45:1d:b9:04:d9:0b:ec:d8:28:b3:4b:bd:ed:
+ 36:79
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Key Identifier:
+ 27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
+ X509v3 Authority Key Identifier:
+ keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
+ DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+ serial:D9:80:3A:C3:D2:F4:DA:37
+
+ X509v3 Basic Constraints:
+ CA:TRUE
+ Signature Algorithm: sha256WithRSAEncryption
+ 7a:af:44:3b:aa:6f:53:42:b2:33:aa:43:5f:56:30:d3:b9:96:
+ 0b:9a:55:5a:39:2a:0b:4e:e4:2e:f1:95:66:c9:86:36:82:8d:
+ 63:7c:4d:a2:ee:48:ba:03:c7:90:d7:a7:c6:74:60:48:5f:31:
+ a2:f9:5e:3e:c3:82:e1:e5:2f:41:81:83:29:25:79:d1:53:00:
+ 69:3c:ed:0a:30:3b:41:1d:92:a1:2c:a8:9d:2c:e3:23:87:79:
+ e0:55:6e:91:a8:50:da:46:2f:c2:20:50:3e:2b:47:97:14:b0:
+ 7d:04:ba:45:51:d0:6e:e1:5a:a2:4b:84:9c:4d:cd:85:04:f9:
+ 28:31:82:93:bc:c7:59:49:91:03:e8:df:6a:e4:56:ad:6a:cb:
+ 1f:0d:37:e4:5e:bd:e7:9f:d5:ec:9d:3c:18:25:9b:f1:2f:50:
+ 7d:eb:31:cb:f1:63:22:9d:57:fc:f3:84:20:1a:c6:07:87:92:
+ 26:9e:15:18:59:33:06:dc:fb:b0:b6:76:5d:f1:c1:2f:c8:2f:
+ 62:9c:c0:d6:de:eb:65:77:f3:5c:a6:c3:88:27:96:75:b4:f4:
+ 54:cd:ff:2d:21:2e:96:f0:07:73:4b:e9:93:92:90:de:62:d9:
+ a3:3b:ac:6e:24:5f:27:4a:b3:94:70:ff:30:17:e7:7e:32:8f:
+ 65:b7:75:58
+-----BEGIN CERTIFICATE-----
+MIIEqjCCA5KgAwIBAgIJANmAOsPS9No3MA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD
+VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G
+A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3
+dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAe
+Fw0xNTA1MDcxODIxMDFaFw0xODAxMzExODIxMDFaMIGUMQswCQYDVQQGEwJVUzEQ
+MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3
+dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns
+LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAL8Myi0Ush6EQlvNOB9K8k11EPG2NZ/fyn0D
+mNOs3gNm7irx2LB9bgdUCxCYIU2AyxIg58xP3kV9yXJ3MurKkLtpUhADL6jzlcXx
+i2JWG+9nb6QQQZWtCpvjpcCw0nB2UDBbqOgILHztp6J6jTgpHKzH7fJ8lbCVgn1J
+XDjNdyXvvYB1U5Q8PcpjW58VtdMdEy8Z0TzbdjrMuH3J5cLX2kBv2CHccxtCLVOc
+/hr8fat6Nj+Y3oR8BWfOahQ4h6nxjLVoy2h/cSAr9aBj9VYvoybSt2+xWhfXOJkI
+/pNYb/7DE0kIFgunTWcAUjFnI06Y7VFFHbkE2Qvs2CizS73tNnkCAwEAAaOB/DCB
++TAdBgNVHQ4EFgQUJ45nEXTDJh0/7TNjs6TYHTDl6NUwgckGA1UdIwSBwTCBvoAU
+J45nEXTDJh0/7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYD
+VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290
+aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t
+MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkA2YA6w9L02jcwDAYD
+VR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAeq9EO6pvU0KyM6pDX1Yw07mW
+C5pVWjkqC07kLvGVZsmGNoKNY3xNou5IugPHkNenxnRgSF8xovlePsOC4eUvQYGD
+KSV50VMAaTztCjA7QR2SoSyonSzjI4d54FVukahQ2kYvwiBQPitHlxSwfQS6RVHQ
+buFaokuEnE3NhQT5KDGCk7zHWUmRA+jfauRWrWrLHw035F6955/V7J08GCWb8S9Q
+fesxy/FjIp1X/POEIBrGB4eSJp4VGFkzBtz7sLZ2XfHBL8gvYpzA1t7rZXfzXKbD
+iCeWdbT0VM3/LSEulvAHc0vpk5KQ3mLZozusbiRfJ0qzlHD/MBfnfjKPZbd1WA==
+-----END CERTIFICATE-----
diff --git a/certs/server-revoked-key.pem b/certs/server-revoked-key.pem
new file mode 100644
index 000000000..3cf5640ec
--- /dev/null
+++ b/certs/server-revoked-key.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpQIBAAKCAQEAsBQWOkPd4VBFT8+As91mlsfp9NzetmskG3ZIrMYjpafkBRm9
+t/be+v/tWzx5iqnV8fvryLHksqtScomTIly6zYo2KizRQOyoZg7Dds3ns6MKHt1K
+B4IXgbreV862MoHHvRG76RUiTuIWrOPUwGiIbBH8wr0b2x395kPHGzO49OUbWTkS
+OE0tm2RomPyNchKR8iQlbExKSFeSAMx+2NQ9uB3ynuqyIw9RDxFBHPUnABsIehI6
+BVsDJP6xeyD65KhYxsrOf76VARKdBeY5ExvAPlYuK592N97em+ANemMNpyJY2zHH
+97RGXLq2S0ixGJpos2NH/a8SXy/+EMtYKzNohQIDAQABAoIBAQCfamBBekZ9gxZt
+ztmgfvgt1WutZPdCwzgaoPnlazLE/X9FWuvYjeuN5n44V0VXVLK99q6fsufzF4d6
+6bHLr5b1Fog5oQAHPvysAfvYKU345sj37rPinla3/r7lUuLEUZnMRS0TNy4rqyiK
+eW+akEnLRnHIwjxhIwNIId83cpmnJfE7ZV7svZvk6Ctc//prFa/Y2AwkZcM2j2iG
+xc4kOXr0Y8DE4FYQEZgdJCoYfVDihcwtVXUGm+ZMBNhLzK/KuSxdjL6ySzdCSE9M
+mS4ZJPManR9LOIGsKlFsJrGWnFOm/GOMkzdBSLoEqRogHhYsvn7oDnLMHqPA/gE0
+M85ytBkVAoGBAOO/tTCd94kDfkXar+5+KvcYwQbwnMIbrN0TiIudpaSnE0dBFqU3
+oNC2K+PoGBgwEsEr2ThZCMAbz7NQJYmmNlNlSMNBzeud59F3BqMk3J6k62E0+Fnt
+C8OFfZ8V0vbdGehmeArEqHDcRJZBFsrUWb2/9/j4OYpnsozkp6H1pWQrAoGBAMXr
+jouX1qXLfKvYEpOKaSf+yjfULjT33ib885Nw2xlRzI6wkjHFsb8DERK36PA3CakU
+cdXb923tMMlLoCvSdDd6Qnx1TLRbYaJSFaOLt2we94AvjHtijM6vO7ftd1XvRWer
+/Ip9NT9X1NZxP/NTyUL3DgRmXE4L32fr2FFQEJ4PAoGBAKr2QeFY83RatvNhEigJ
+dd8/Kcc337SmacEa5KlJkgpjkMkwRvuHIqUJ2zCeDVg63hk7/TebPkJXnjaQt1z4
+9Fbt9Qz93MI+KsLGgqj9Bs/gJQE3biazFt2S25YMH+1IVCZspTgQIBF4h9Py0FU5
+ypPyAwdV7nvDE/lHu76MU7c5AoGBALUxR5ioc0vplMNF1wvXpRmGet7Nk1fOrESJ
+QvzyTsNJTbo8EDscv/Mc/Z5jXA++c0uleenNrSGoCgffAk3cJ6U6em+ye3yKREH0
+X/cPy+ZiGzfxT+0NddcqOcPS1HOJz8Jvg43Nvte0sxd3KpK7W//AacbBZzPUTry2
+/5zBbdUlAoGAYglAtoHIC0mQxAe6PXy/QRmgj87fPGsbVFOUwBf8Il2UKpfX9blv
+0rHb0kenc/DP7ZHZTgdc5qGgRyg0d3+O7W2rWTv1MiX85rUE03TCcyC2l1+M+iyx
+6IdHDjYwa4Kt0nT1JxEMjJxe1uhzJfgYJlcz5Iy4ff0xb8/aH0veedc=
+-----END RSA PRIVATE KEY-----
diff --git a/certs/test/catalog.txt b/certs/test/catalog.txt
index dcc1393d4..da7c211ec 100644
--- a/certs/test/catalog.txt
+++ b/certs/test/catalog.txt
@@ -1,3 +1,12 @@
crit-cert.pem:
Simple self-signed certificate with critical Basic Constraints and Key Usage
extensions.
+dh512.pem, dh512.der:
+ 512-bit DH parameters. Used for testing the rejection of lower-bit sized DH
+ keys.
+dh1024.pem, dh1024.der:
+ 1024-bit DH parameters. Used for testing the rejection of lower-bit sized DH
+ keys.
+digsigku.pem:
+ ECC certificate with a KeyUsage extension without the digitalSignature bit
+ set.
diff --git a/certs/test/dh1024.der b/certs/test/dh1024.der
new file mode 100644
index 000000000..1a3ff399f
Binary files /dev/null and b/certs/test/dh1024.der differ
diff --git a/certs/test/dh1024.pem b/certs/test/dh1024.pem
new file mode 100644
index 000000000..82d14e766
--- /dev/null
+++ b/certs/test/dh1024.pem
@@ -0,0 +1,17 @@
+ DH Parameters: (1024 bit)
+ prime:
+ 00:ee:73:a6:93:be:a9:b8:5f:52:b9:9c:d4:a8:0f:
+ 8d:f9:b0:53:29:a9:25:06:0e:95:dd:f5:89:c8:6b:
+ 09:ae:94:1c:62:35:05:39:ab:6d:46:c5:b2:a2:fd:
+ a0:e1:ba:01:a5:00:4f:7f:44:e5:74:81:8b:3a:2e:
+ fa:ea:fe:f6:c3:18:11:ca:fd:ee:8b:9c:9e:0d:1a:
+ 5a:57:77:74:63:91:e7:51:bb:6d:79:93:e2:b4:5c:
+ fa:21:21:ff:5d:b3:e7:5c:92:08:ca:cb:4e:e7:8c:
+ f3:1c:21:8c:44:8c:6d:31:60:7a:e6:37:15:79:1b:
+ 1d:5d:c3:56:c3:a0:4a:8d:03
+ generator: 2 (0x2)
+-----BEGIN DH PARAMETERS-----
+MIGHAoGBAO5zppO+qbhfUrmc1KgPjfmwUympJQYOld31ichrCa6UHGI1BTmrbUbF
+sqL9oOG6AaUAT39E5XSBizou+ur+9sMYEcr97oucng0aWld3dGOR51G7bXmT4rRc
++iEh/12z51ySCMrLTueM8xwhjESMbTFgeuY3FXkbHV3DVsOgSo0DAgEC
+-----END DH PARAMETERS-----
diff --git a/certs/test/dh512.der b/certs/test/dh512.der
new file mode 100644
index 000000000..f743db421
Binary files /dev/null and b/certs/test/dh512.der differ
diff --git a/certs/test/dh512.pem b/certs/test/dh512.pem
new file mode 100644
index 000000000..d1fef9243
--- /dev/null
+++ b/certs/test/dh512.pem
@@ -0,0 +1,12 @@
+ DH Parameters: (512 bit)
+ prime:
+ 00:87:76:23:99:e1:df:db:6a:43:8e:30:2b:4f:63:
+ 53:05:77:ce:80:02:8e:b1:a8:44:4f:30:d8:c9:45:
+ d9:cd:65:e3:4b:2d:b6:eb:77:a3:26:ea:4d:03:84:
+ d9:d7:b6:6a:b6:dd:51:97:66:c1:77:e6:6b:ed:19:
+ 91:45:c5:27:b3
+ generator: 2 (0x2)
+-----BEGIN DH PARAMETERS-----
+MEYCQQCHdiOZ4d/bakOOMCtPY1MFd86AAo6xqERPMNjJRdnNZeNLLbbrd6Mm6k0D
+hNnXtmq23VGXZsF35mvtGZFFxSezAgEC
+-----END DH PARAMETERS-----
diff --git a/certs/test/digsigku.pem b/certs/test/digsigku.pem
new file mode 100644
index 000000000..edc30ba3d
--- /dev/null
+++ b/certs/test/digsigku.pem
@@ -0,0 +1,52 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ e3:81:4b:48:a5:70:61:70
+ Signature Algorithm: ecdsa-with-SHA1
+ Issuer: C=US, ST=Washington, L=Seattle, O=Foofarah, OU=Arglebargle, CN=foobarbaz/emailAddress=info@worlss.com
+ Validity
+ Not Before: Sep 10 00:45:36 2014 GMT
+ Not After : Jun 6 00:45:36 2017 GMT
+ Subject: C=US, ST=Washington, L=Seattle, O=Foofarah, OU=Arglebargle, CN=foobarbaz/emailAddress=info@worlss.com
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ EC Public Key:
+ pub:
+ 04:bb:33:ac:4c:27:50:4a:c6:4a:a5:04:c3:3c:de:
+ 9f:36:db:72:2d:ce:94:ea:2b:fa:cb:20:09:39:2c:
+ 16:e8:61:02:e9:af:4d:d3:02:93:9a:31:5b:97:92:
+ 21:7f:f0:cf:18:da:91:11:02:34:86:e8:20:58:33:
+ 0b:80:34:89:d8
+ ASN1 OID: prime256v1
+ X509v3 extensions:
+ X509v3 Subject Key Identifier:
+ 5D:5D:26:EF:AC:7E:36:F9:9B:76:15:2B:4A:25:02:23:EF:B2:89:30
+ X509v3 Authority Key Identifier:
+ keyid:5D:5D:26:EF:AC:7E:36:F9:9B:76:15:2B:4A:25:02:23:EF:B2:89:30
+
+ X509v3 Basic Constraints: critical
+ CA:TRUE
+ X509v3 Key Usage: critical
+ Non Repudiation, Key Encipherment
+ Signature Algorithm: ecdsa-with-SHA1
+ 30:46:02:21:00:f4:36:ee:86:21:d5:c7:1f:2d:0d:bb:29:ae:
+ c1:74:ff:a3:ce:41:fe:cb:93:eb:ff:ef:fe:e3:4d:20:e5:18:
+ 65:02:21:00:b1:39:13:12:e2:b5:19:f2:8f:5b:40:ac:7a:5c:
+ e2:a6:e3:d3:e6:9f:79:3c:29:d8:c6:7d:88:f4:60:0c:48:00
+-----BEGIN CERTIFICATE-----
+MIICfTCCAiOgAwIBAgIJAOOBS0ilcGFwMAkGByqGSM49BAEwgZExCzAJBgNVBAYT
+AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMREwDwYD
+VQQKDAhGb29mYXJhaDEUMBIGA1UECwwLQXJnbGViYXJnbGUxEjAQBgNVBAMMCWZv
+b2JhcmJhejEeMBwGCSqGSIb3DQEJARYPaW5mb0B3b3Jsc3MuY29tMB4XDTE0MDkx
+MDAwNDUzNloXDTE3MDYwNjAwNDUzNlowgZExCzAJBgNVBAYTAlVTMRMwEQYDVQQI
+DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMREwDwYDVQQKDAhGb29mYXJh
+aDEUMBIGA1UECwwLQXJnbGViYXJnbGUxEjAQBgNVBAMMCWZvb2JhcmJhejEeMBwG
+CSqGSIb3DQEJARYPaW5mb0B3b3Jsc3MuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0D
+AQcDQgAEuzOsTCdQSsZKpQTDPN6fNttyLc6U6iv6yyAJOSwW6GEC6a9N0wKTmjFb
+l5Ihf/DPGNqREQI0huggWDMLgDSJ2KNjMGEwHQYDVR0OBBYEFF1dJu+sfjb5m3YV
+K0olAiPvsokwMB8GA1UdIwQYMBaAFF1dJu+sfjb5m3YVK0olAiPvsokwMA8GA1Ud
+EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgVgMAkGByqGSM49BAEDSQAwRgIhAPQ2
+7oYh1ccfLQ27Ka7BdP+jzkH+y5Pr/+/+400g5RhlAiEAsTkTEuK1GfKPW0Cselzi
+puPT5p95PCnYxn2I9GAMSAA=
+-----END CERTIFICATE-----
diff --git a/certs/wolfssl-website-ca.pem b/certs/wolfssl-website-ca.pem
new file mode 100644
index 000000000..704a29fb3
--- /dev/null
+++ b/certs/wolfssl-website-ca.pem
@@ -0,0 +1,83 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 0 (0x0)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
+ Validity
+ Not Before: Jun 29 17:06:20 2004 GMT
+ Not After : Jun 29 17:06:20 2034 GMT
+ Subject: C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:de:9d:d7:ea:57:18:49:a1:5b:eb:d7:5f:48:86:
+ ea:be:dd:ff:e4:ef:67:1c:f4:65:68:b3:57:71:a0:
+ 5e:77:bb:ed:9b:49:e9:70:80:3d:56:18:63:08:6f:
+ da:f2:cc:d0:3f:7f:02:54:22:54:10:d8:b2:81:d4:
+ c0:75:3d:4b:7f:c7:77:c3:3e:78:ab:1a:03:b5:20:
+ 6b:2f:6a:2b:b1:c5:88:7e:c4:bb:1e:b0:c1:d8:45:
+ 27:6f:aa:37:58:f7:87:26:d7:d8:2d:f6:a9:17:b7:
+ 1f:72:36:4e:a6:17:3f:65:98:92:db:2a:6e:5d:a2:
+ fe:88:e0:0b:de:7f:e5:8d:15:e1:eb:cb:3a:d5:e2:
+ 12:a2:13:2d:d8:8e:af:5f:12:3d:a0:08:05:08:b6:
+ 5c:a5:65:38:04:45:99:1e:a3:60:60:74:c5:41:a5:
+ 72:62:1b:62:c5:1f:6f:5f:1a:42:be:02:51:65:a8:
+ ae:23:18:6a:fc:78:03:a9:4d:7f:80:c3:fa:ab:5a:
+ fc:a1:40:a4:ca:19:16:fe:b2:c8:ef:5e:73:0d:ee:
+ 77:bd:9a:f6:79:98:bc:b1:07:67:a2:15:0d:dd:a0:
+ 58:c6:44:7b:0a:3e:62:28:5f:ba:41:07:53:58:cf:
+ 11:7e:38:74:c5:f8:ff:b5:69:90:8f:84:74:ea:97:
+ 1b:af
+ Exponent: 3 (0x3)
+ X509v3 extensions:
+ X509v3 Subject Key Identifier:
+ D2:C4:B0:D2:91:D4:4C:11:71:B3:61:CB:3D:A1:FE:DD:A8:6A:D4:E3
+ X509v3 Authority Key Identifier:
+ keyid:D2:C4:B0:D2:91:D4:4C:11:71:B3:61:CB:3D:A1:FE:DD:A8:6A:D4:E3
+ DirName:/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
+ serial:00
+
+ X509v3 Basic Constraints:
+ CA:TRUE
+ Signature Algorithm: sha1WithRSAEncryption
+ 32:4b:f3:b2:ca:3e:91:fc:12:c6:a1:07:8c:8e:77:a0:33:06:
+ 14:5c:90:1e:18:f7:08:a6:3d:0a:19:f9:87:80:11:6e:69:e4:
+ 96:17:30:ff:34:91:63:72:38:ee:cc:1c:01:a3:1d:94:28:a4:
+ 31:f6:7a:c4:54:d7:f6:e5:31:58:03:a2:cc:ce:62:db:94:45:
+ 73:b5:bf:45:c9:24:b5:d5:82:02:ad:23:79:69:8d:b8:b6:4d:
+ ce:cf:4c:ca:33:23:e8:1c:88:aa:9d:8b:41:6e:16:c9:20:e5:
+ 89:9e:cd:3b:da:70:f7:7e:99:26:20:14:54:25:ab:6e:73:85:
+ e6:9b:21:9d:0a:6c:82:0e:a8:f8:c2:0c:fa:10:1e:6c:96:ef:
+ 87:0d:c4:0f:61:8b:ad:ee:83:2b:95:f8:8e:92:84:72:39:eb:
+ 20:ea:83:ed:83:cd:97:6e:08:bc:eb:4e:26:b6:73:2b:e4:d3:
+ f6:4c:fe:26:71:e2:61:11:74:4a:ff:57:1a:87:0f:75:48:2e:
+ cf:51:69:17:a0:02:12:61:95:d5:d1:40:b2:10:4c:ee:c4:ac:
+ 10:43:a6:a5:9e:0a:d5:95:62:9a:0d:cf:88:82:c5:32:0c:e4:
+ 2b:9f:45:e6:0d:9f:28:9c:b1:b9:2a:5a:57:ad:37:0f:af:1d:
+ 7f:db:bd:9f
+-----BEGIN CERTIFICATE-----
+MIIEADCCAuigAwIBAgIBADANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEh
+MB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBE
+YWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA0MDYyOTE3
+MDYyMFoXDTM0MDYyOTE3MDYyMFowYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRo
+ZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3Mg
+MiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASAwDQYJKoZIhvcNAQEBBQADggEN
+ADCCAQgCggEBAN6d1+pXGEmhW+vXX0iG6r7d/+TvZxz0ZWizV3GgXne77ZtJ6XCA
+PVYYYwhv2vLM0D9/AlQiVBDYsoHUwHU9S3/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6w
+wdhFJ2+qN1j3hybX2C32qRe3H3I2TqYXP2WYktsqbl2i/ojgC95/5Y0V4evLOtXi
+EqITLdiOr18SPaAIBQi2XKVlOARFmR6jYGB0xUGlcmIbYsUfb18aQr4CUWWoriMY
+avx4A6lNf4DD+qta/KFApMoZFv6yyO9ecw3ud72a9nmYvLEHZ6IVDd2gWMZEewo+
+YihfukEHU1jPEX44dMX4/7VpkI+EdOqXG68CAQOjgcAwgb0wHQYDVR0OBBYEFNLE
+sNKR1EwRcbNhyz2h/t2oatTjMIGNBgNVHSMEgYUwgYKAFNLEsNKR1EwRcbNhyz2h
+/t2oatTjoWekZTBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5
+IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmlj
+YXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD
+ggEBADJL87LKPpH8EsahB4yOd6AzBhRckB4Y9wimPQoZ+YeAEW5p5JYXMP80kWNy
+OO7MHAGjHZQopDH2esRU1/blMVgDoszOYtuURXO1v0XJJLXVggKtI3lpjbi2Tc7P
+TMozI+gciKqdi0FuFskg5YmezTvacPd+mSYgFFQlq25zheabIZ0KbIIOqPjCDPoQ
+HmyW74cNxA9hi63ugyuV+I6ShHI56yDqg+2DzZduCLzrTia2cyvk0/ZM/iZx4mER
+dEr/VxqHD3VILs9RaRegAhJhldXRQLIQTO7ErBBDpqWeCtWVYpoNz4iCxTIM5Cuf
+ReYNnyicsbkqWletNw+vHX/bvZ8=
+-----END CERTIFICATE-----
diff --git a/commit-tests.sh b/commit-tests.sh
index 995824398..d7a95af48 100755
--- a/commit-tests.sh
+++ b/commit-tests.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
#commit-tests.sh
@@ -31,12 +31,4 @@ make -j 8 test;
RESULT=$?
[ $RESULT -ne 0 ] && echo -e "\n\nFull config make test failed" && exit 1
-if [ -n "$HAVE_FIPS_SOURCE" ];
-then
- echo -e "\n\nTesting with FIPS release code...\n\n"
- ./fips-check.sh
- RESULT=$?
- [ $RESULT -ne 0 ] && echo -e "\n\nFIPS build test failed" && exit 1
-fi
-
exit 0
diff --git a/configure.ac b/configure.ac
index 36d1794df..57d6eb83d 100644
--- a/configure.ac
+++ b/configure.ac
@@ -6,7 +6,7 @@
#
#
-AC_INIT([wolfssl],[3.4.6],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com])
+AC_INIT([wolfssl],[3.6.6],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com])
AC_CONFIG_AUX_DIR([build-aux])
@@ -31,7 +31,7 @@ AC_CONFIG_MACRO_DIR([m4])
AC_CONFIG_HEADERS([config.h:config.in])dnl Keep filename to 8.3 for MS-DOS.
#shared library versioning
-WOLFSSL_LIBRARY_VERSION=0:1:0
+WOLFSSL_LIBRARY_VERSION=0:3:0
# | | |
# +------+ | +---+
# | | |
@@ -85,7 +85,7 @@ AC_CHECK_TYPES(__uint128_t)
AC_C_BIGENDIAN
# mktime check takes forever on some systems, if time supported it would be
# highly unusual for mktime to be missing
-#AC_FUNC_MKTIME
+#AC_FUNC_MKTIME
AC_PROG_CC
AC_PROG_CC_C_O
@@ -148,12 +148,24 @@ then
fi
+# OpenSSH compatibility Build
+AC_ARG_ENABLE([openssh],
+ [AS_HELP_STRING([--enable-openssh],[Enable OpenSSH compatibility build (default: disabled)])],
+ [ENABLED_OPENSSH=$enableval],
+ [ENABLED_OPENSSH=no])
+
+
# OPENSSL Extra Compatibility
AC_ARG_ENABLE([opensslextra],
[ --enable-opensslextra Enable extra OpenSSL API, size+ (default: disabled)],
[ ENABLED_OPENSSLEXTRA=$enableval ],
[ ENABLED_OPENSSLEXTRA=no ]
)
+if test "$ENABLED_OPENSSH" = "yes"
+then
+ ENABLED_OPENSSLEXTRA="yes"
+fi
+
if test "$ENABLED_OPENSSLEXTRA" = "yes"
then
AM_CFLAGS="-DOPENSSL_EXTRA $AM_CFLAGS"
@@ -184,21 +196,28 @@ then
AM_CFLAGS="$AM_CFLAGS -DTEST_IPV6"
fi
+AM_CONDITIONAL([BUILD_IPV6], [test "x$ENABLED_IPV6" = "xyes"])
-# Fortress build
+
+# Fortress build
AC_ARG_ENABLE([fortress],
[ --enable-fortress Enable SSL fortress build (default: disabled)],
[ ENABLED_FORTRESS=$enableval ],
[ ENABLED_FORTRESS=no ]
)
+if test "$ENABLED_OPENSSH" = "yes"
+then
+ ENABLED_FORTRESS="yes"
+fi
+
if test "$ENABLED_FORTRESS" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DFORTRESS -DWOLFSSL_ALWAYS_VERIFY_CB -DOPENSSL_EXTRA -DWOLFSSL_DES_ECB -DWOLFSSL_AES_COUNTER -DWOLFSSL_AES_DIRECT -DWOLFSSL_DER_LOAD -DWOLFSSL_SHA512 -DWOLFSSL_SHA384 -DWOLFSSL_KEY_GEN"
fi
-# ssl bump build
+# ssl bump build
AC_ARG_ENABLE([bump],
[ --enable-bump Enable SSL Bump build (default: disabled)],
[ ENABLED_BUMP=$enableval ],
@@ -212,7 +231,7 @@ fi
ENABLED_SLOWMATH="yes"
-# lean psk build
+# lean psk build
AC_ARG_ENABLE([leanpsk],
[ --enable-leanpsk Enable Lean PSK build (default: disabled)],
[ ENABLED_LEANPSK=$enableval ],
@@ -268,7 +287,7 @@ then
fi
-# Persistent session cache
+# Persistent session cache
AC_ARG_ENABLE([savesession],
[ --enable-savesession Enable persistent session cache (default: disabled)],
[ ENABLED_SAVESESSION=$enableval ],
@@ -281,7 +300,7 @@ then
fi
-# Persistent cert cache
+# Persistent cert cache
AC_ARG_ENABLE([savecert],
[ --enable-savecert Enable persistent cert cache (default: disabled)],
[ ENABLED_SAVECERT=$enableval ],
@@ -294,7 +313,7 @@ then
fi
-# Atomic User Record Layer
+# Atomic User Record Layer
AC_ARG_ENABLE([atomicuser],
[ --enable-atomicuser Enable Atomic User Record Layer (default: disabled)],
[ ENABLED_ATOMICUSER=$enableval ],
@@ -307,7 +326,7 @@ then
fi
-# Public Key Callbacks
+# Public Key Callbacks
AC_ARG_ENABLE([pkcallbacks],
[ --enable-pkcallbacks Enable Public Key Callbacks (default: disabled)],
[ ENABLED_PKCALLBACKS=$enableval ],
@@ -437,27 +456,6 @@ fi
AM_CONDITIONAL([BUILD_AESNI], [test "x$ENABLED_AESNI" = "xyes"])
-# POLY1305
-AC_ARG_ENABLE([poly1305],
- [AS_HELP_STRING([--enable-poly1305],[Enable wolfSSL POLY1305 support (default: enabled)])],
- [ ENABLED_POLY1305=$enableval ],
- [ ENABLED_POLY1305=yes ]
- )
-
-# lean psk does't need poly1305
-if test "$ENABLED_LEANPSK" = "yes"
-then
- ENABLED_POLY1305=no
-fi
-
-if test "$ENABLED_POLY1305" = "yes"
-then
- AM_CFLAGS="$AM_CFLAGS -DHAVE_POLY1305 -DHAVE_ONE_TIME_AUTH"
-fi
-
-AM_CONDITIONAL([BUILD_POLY1305], [test "x$ENABLED_POLY1305" = "xyes"])
-
-
# Camellia
AC_ARG_ENABLE([camellia],
[ --enable-camellia Enable wolfSSL Camellia support (default: disabled)],
@@ -493,13 +491,18 @@ fi
AM_CONDITIONAL([BUILD_MD2], [test "x$ENABLED_MD2" = "xyes"])
-# NULL CIPHER
+# NULL CIPHER
AC_ARG_ENABLE([nullcipher],
[ --enable-nullcipher Enable wolfSSL NULL cipher support (default: disabled)],
[ ENABLED_NULL_CIPHER=$enableval ],
[ ENABLED_NULL_CIPHER=no ]
)
+if test "$ENABLED_OPENSSH" = "yes"
+then
+ ENABLED_NULL_CIPHER="yes"
+fi
+
if test "$ENABLED_NULL_CIPHER" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_NULL_CIPHER"
@@ -512,6 +515,11 @@ AC_ARG_ENABLE([ripemd],
[ ENABLED_RIPEMD=no ]
)
+if test "$ENABLED_OPENSSH" = "yes"
+then
+ ENABLED_RIPEMD="yes"
+fi
+
if test "$ENABLED_RIPEMD" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RIPEMD"
@@ -555,6 +563,11 @@ then
ENABLED_SHA512=no
fi
+if test "$ENABLED_OPENSSH" = "yes"
+then
+ ENABLED_SHA512="yes"
+fi
+
if test "$ENABLED_SHA512" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA512 -DWOLFSSL_SHA384"
@@ -637,7 +650,7 @@ then
fi
-# HKDF
+# HKDF
AC_ARG_ENABLE([hkdf],
[ --enable-hkdf Enable HKDF (HMAC-KDF) support (default: disabled)],
[ ENABLED_HKDF=$enableval ],
@@ -656,6 +669,11 @@ AC_ARG_ENABLE([dsa],
[ ENABLED_DSA=no ]
)
+if test "$ENABLED_OPENSSH" = "yes"
+then
+ ENABLED_DSA="yes"
+fi
+
if test "$ENABLED_DSA" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_DSA"
@@ -685,6 +703,11 @@ then
ENABLED_ECC=no
fi
+if test "$ENABLED_OPENSSH" = "yes"
+then
+ ENABLED_ECC="yes"
+fi
+
if test "$ENABLED_ECC" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256 -DECC_SHAMIR"
@@ -699,6 +722,9 @@ then
fi
+# for using memory optimization setting on both curve25519 and ed25519
+ENABLED_CURVED25519_SMALL=no
+
# CURVE25519
AC_ARG_ENABLE([curve25519],
[AS_HELP_STRING([--enable-curve25519],[Enable Curve25519 (default: disabled)])],
@@ -706,10 +732,23 @@ AC_ARG_ENABLE([curve25519],
[ ENABLED_CURVE25519=no ]
)
+
+if test "$ENABLED_OPENSSH" = "yes"
+then
+ ENABLED_CURVE25519="yes"
+fi
+
+if test "$ENABLED_CURVE25519" = "small"
+then
+ AM_CFLAGS="$AM_CFLAGS -DCURVED25519_SMALL"
+ ENABLED_CURVED25519_SMALL=yes
+ ENABLED_CURVE25519=yes
+fi
+
if test "$ENABLED_CURVE25519" = "yes"
then
- ENABLED_FEMATH=yes
AM_CFLAGS="$AM_CFLAGS -DHAVE_CURVE25519"
+ ENABLED_FEMATH=yes
fi
@@ -724,6 +763,18 @@ AC_ARG_ENABLE([ed25519],
)
+if test "$ENABLED_OPENSSH" = "yes"
+then
+ ENABLED_ED25519="yes"
+fi
+
+if test "$ENABLED_ED25519" = "small"
+then
+ AM_CFLAGS="$AM_CFLAGS -DCURVED25519_SMALL"
+ ENABLED_CURVED25519_SMALL=yes
+ ENABLED_ED25519=yes
+fi
+
if test "$ENABLED_ED25519" = "yes"
then
if test "$ENABLED_SHA512" = "no"
@@ -735,8 +786,8 @@ then
AM_CFLAGS="$AM_CFLAGS -DHAVE_ED25519"
fi
-
AM_CONDITIONAL([BUILD_ED25519], [test "x$ENABLED_ED25519" = "xyes"])
+AM_CONDITIONAL([BUILD_CURVED25519_SMALL], [test "x$ENABLED_CURVED25519_SMALL" = "xyes"])
AM_CONDITIONAL([BUILD_FEMATH], [test "x$ENABLED_FEMATH" = "xyes"])
AM_CONDITIONAL([BUILD_GEMATH], [test "x$ENABLED_GEMATH" = "xyes"])
@@ -751,7 +802,7 @@ if test "$ENABLED_FPECC" = "yes"
then
if test "$ENABLED_ECC" = "no"
then
- AC_MSG_ERROR([cannot enable fpecc without enabling ecc.])
+ AC_MSG_ERROR([cannot enable fpecc without enabling ecc.])
fi
AM_CFLAGS="$AM_CFLAGS -DFP_ECC"
fi
@@ -768,17 +819,17 @@ if test "$ENABLED_ECC_ENCRYPT" = "yes"
then
if test "$ENABLED_ECC" = "no"
then
- AC_MSG_ERROR([cannot enable eccencrypt without enabling ecc.])
+ AC_MSG_ERROR([cannot enable eccencrypt without enabling ecc.])
fi
if test "$ENABLED_HKDF" = "no"
then
- AC_MSG_ERROR([cannot enable eccencrypt without enabling hkdf.])
+ AC_MSG_ERROR([cannot enable eccencrypt without enabling hkdf.])
fi
AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC_ENCRYPT"
fi
-# PSK
+# PSK
AC_ARG_ENABLE([psk],
[ --enable-psk Enable PSK (default: disabled)],
[ ENABLED_PSK=$enableval ],
@@ -816,7 +867,7 @@ else
fi
-# OLD TLS
+# OLD TLS
AC_ARG_ENABLE([oldtls],
[ --enable-oldtls Enable old TLS versions < 1.2 (default: enabled)],
[ ENABLED_OLD_TLS=$enableval ],
@@ -836,7 +887,20 @@ else
fi
-# STACK SIZE info for examples
+# SSLv3
+AC_ARG_ENABLE([sslv3],
+ [AS_HELP_STRING([--enable-sslv3],[Enable SSL version 3.0 (default: disabled)])],
+ [ ENABLED_SSLV3=$enableval ],
+ [ ENABLED_SSLV3=no]
+ )
+
+if test "$ENABLED_SSLV3" = "yes"
+then
+ AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALLOW_SSLV3"
+fi
+
+
+# STACK SIZE info for examples
AC_ARG_ENABLE([stacksize],
[ --enable-stacksize Enable stack size info on examples (default: disabled)],
[ ENABLED_STACKSIZE=$enableval ],
@@ -851,7 +915,7 @@ then
fi
-# MEMORY
+# MEMORY
AC_ARG_ENABLE([memory],
[ --enable-memory Enable memory callbacks (default: enabled)],
[ ENABLED_MEMORY=$enableval ],
@@ -873,7 +937,7 @@ fi
AM_CONDITIONAL([BUILD_MEMORY], [test "x$ENABLED_MEMORY" = "xyes"])
-# RSA
+# RSA
AC_ARG_ENABLE([rsa],
[ --enable-rsa Enable RSA (default: enabled)],
[ ENABLED_RSA=$enableval ],
@@ -902,6 +966,11 @@ AC_ARG_ENABLE([dh],
[ ENABLED_DH=yes ]
)
+if test "$ENABLED_OPENSSH" = "yes"
+then
+ ENABLED_DH="yes"
+fi
+
if test "$ENABLED_DH" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_DH"
@@ -1001,6 +1070,14 @@ AC_ARG_ENABLE([aes],
if test "$ENABLED_AES" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_AES"
+ if test "$ENABLED_FORTRESS" = "yes"
+ then
+ AC_MSG_ERROR([fortress requires aes])
+ fi
+ if test "$ENABLED_ECC_ENCRYPT" = "yes"
+ then
+ AC_MSG_ERROR([cannot enable eccencrypt and hkdf without aes.])
+ fi
if test "$ENABLED_AESGCM" = "yes"
then
AC_MSG_ERROR([AESGCM requires AES.])
@@ -1065,13 +1142,18 @@ fi
AM_CONDITIONAL([BUILD_DES3], [test "x$ENABLED_DES3" = "xyes"])
-# ARC4
+# ARC4
AC_ARG_ENABLE([arc4],
[ --enable-arc4 Enable ARC4 (default: disabled)],
[ ENABLED_ARC4=$enableval ],
[ ENABLED_ARC4=no ]
)
+if test "$ENABLED_OPENSSH" = "yes"
+then
+ ENABLED_ARC4="yes"
+fi
+
if test "$ENABLED_ARC4" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_RC4"
@@ -1087,7 +1169,7 @@ fi
AM_CONDITIONAL([BUILD_RC4], [test "x$ENABLED_ARC4" = "xyes"])
-# MD5
+# MD5
AC_ARG_ENABLE([md5],
[ --enable-md5 Enable MD5 (default: enabled)],
[ ENABLED_MD5=$enableval ],
@@ -1109,7 +1191,7 @@ fi
AM_CONDITIONAL([BUILD_MD5], [test "x$ENABLED_MD5" = "xyes"])
-# SHA
+# SHA
AC_ARG_ENABLE([sha],
[ --enable-sha Enable SHA (default: enabled)],
[ ENABLED_SHA=$enableval ],
@@ -1131,22 +1213,7 @@ fi
AM_CONDITIONAL([BUILD_SHA], [test "x$ENABLED_SHA" = "xyes"])
-# MD4
-AC_ARG_ENABLE([md4],
- [ --enable-md4 Enable MD4 (default: disabled)],
- [ ENABLED_MD4=$enableval ],
- [ ENABLED_MD4=no ]
- )
-
-if test "$ENABLED_MD4" = "no"
-then
- AM_CFLAGS="$AM_CFLAGS -DNO_MD4"
-fi
-
-AM_CONDITIONAL([BUILD_MD4], [test "x$ENABLED_MD4" = "xyes"])
-
-
-# Web Server Build
+# Web Server Build
AC_ARG_ENABLE([webserver],
[ --enable-webserver Enable Web Server (default: disabled)],
[ ENABLED_WEBSERVER=$enableval ],
@@ -1160,7 +1227,7 @@ fi
-# HC128
+# HC128
AC_ARG_ENABLE([hc128],
[ --enable-hc128 Enable HC-128 (default: disabled)],
[ ENABLED_HC128=$enableval ],
@@ -1194,27 +1261,6 @@ fi
AM_CONDITIONAL([BUILD_RABBIT], [test "x$ENABLED_RABBIT" = "xyes"])
-# CHACHA
-AC_ARG_ENABLE([chacha],
- [ --enable-chacha Enable CHACHA (default: enabled)],
- [ ENABLED_CHACHA=$enableval ],
- [ ENABLED_CHACHA=yes ]
- )
-
-# lean psk does't need chacha
-if test "$ENABLED_LEANPSK" = "yes"
-then
- ENABLED_CHACHA=no
-fi
-
-if test "$ENABLED_CHACHA" = "yes"
-then
- AM_CFLAGS="$AM_CFLAGS -DHAVE_CHACHA"
-fi
-
-AM_CONDITIONAL([BUILD_CHACHA], [test "x$ENABLED_CHACHA" = "xyes"])
-
-
# FIPS
AC_ARG_ENABLE([fips],
[AS_HELP_STRING([--enable-fips],[Enable FIPS 140-2, Will NOT work w/o FIPS license (default: disabled)])],
@@ -1249,6 +1295,64 @@ fi
AM_CONDITIONAL([BUILD_FIPS], [test "x$ENABLED_FIPS" = "xyes"])
+# set POLY1305 default
+POLY1305_DEFAULT=yes
+
+if test "x$ENABLED_FIPS" = "xyes"
+then
+POLY1305_DEFAULT=no
+fi
+
+# POLY1305
+AC_ARG_ENABLE([poly1305],
+ [AS_HELP_STRING([--enable-poly1305],[Enable wolfSSL POLY1305 support (default: enabled)])],
+ [ ENABLED_POLY1305=$enableval ],
+ [ ENABLED_POLY1305=$POLY1305_DEFAULT]
+ )
+
+# lean psk does't need poly1305
+if test "$ENABLED_LEANPSK" = "yes"
+then
+ ENABLED_POLY1305=no
+fi
+
+if test "$ENABLED_POLY1305" = "yes"
+then
+ AM_CFLAGS="$AM_CFLAGS -DHAVE_POLY1305 -DHAVE_ONE_TIME_AUTH"
+fi
+
+AM_CONDITIONAL([BUILD_POLY1305], [test "x$ENABLED_POLY1305" = "xyes"])
+
+
+# set CHACHA default
+CHACHA_DEFAULT=yes
+
+if test "x$ENABLED_FIPS" = "xyes"
+then
+CHACHA_DEFAULT=no
+fi
+
+# CHACHA
+AC_ARG_ENABLE([chacha],
+ [ --enable-chacha Enable CHACHA (default: enabled)],
+ [ ENABLED_CHACHA=$enableval ],
+ [ ENABLED_CHACHA=$CHACHA_DEFAULT]
+ )
+
+# lean psk does't need chacha
+if test "$ENABLED_LEANPSK" = "yes"
+then
+ ENABLED_CHACHA=no
+fi
+
+if test "$ENABLED_CHACHA" = "yes"
+then
+ AM_CFLAGS="$AM_CFLAGS -DHAVE_CHACHA"
+fi
+
+AM_CONDITIONAL([BUILD_CHACHA], [test "x$ENABLED_CHACHA" = "xyes"])
+
+
# Hash DRBG
AC_ARG_ENABLE([hashdrbg],
[ --enable-hashdrbg Enable Hash DRBG support (default: enabled)],
@@ -1269,7 +1373,7 @@ else
fi
-# Filesystem Build
+# Filesystem Build
AC_ARG_ENABLE([filesystem],
[ --enable-filesystem Enable Filesystem support (default: enabled)],
[ ENABLED_FILESYSTEM=$enableval ],
@@ -1289,7 +1393,7 @@ else
fi
-# inline Build
+# inline Build
AC_ARG_ENABLE([inline],
[ --enable-inline Enable inline functions (default: enabled)],
[ ENABLED_INLINE=$enableval ],
@@ -1333,7 +1437,7 @@ then
fi
-# CRL
+# CRL
AC_ARG_ENABLE([crl],
[ --enable-crl Enable CRL (default: disabled)],
[ ENABLED_CRL=$enableval ],
@@ -1347,7 +1451,6 @@ fi
AM_CONDITIONAL([BUILD_CRL], [test "x$ENABLED_CRL" = "xyes"])
-
# CRL Monitor
AC_ARG_ENABLE([crl-monitor],
[ --enable-crl-monitor Enable CRL Monitor (default: disabled)],
@@ -1375,10 +1478,10 @@ AC_ARG_WITH([ntru],
[ --with-ntru=PATH Path to NTRU install (default /usr/) ],
[
AC_MSG_CHECKING([for NTRU])
- CPPFLAGS="$CPPFLAGS -DHAVE_NTRU"
- LIBS="$LIBS -lNTRUEncrypt"
+ CPPFLAGS="$CPPFLAGS -DHAVE_NTRU -DHAVE_QSH -DHAVE_TLS_EXTENSIONS"
+ LIBS="$LIBS -lntruencrypt"
- AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include ]], [[ ntru_crypto_drbg_instantiate(0, 0, 0, 0, 0); ]])], [ ntru_linked=yes ],[ ntru_linked=no ])
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include ]], [[ ntru_crypto_drbg_instantiate(0, 0, 0, 0, 0); ]])], [ ntru_linked=yes ],[ ntru_linked=no ])
if test "x$ntru_linked" == "xno" ; then
if test "x$withval" != "xno" ; then
@@ -1391,7 +1494,7 @@ AC_ARG_WITH([ntru],
LDFLAGS="$AM_LDFLAGS -L$tryntrudir/lib"
CPPFLAGS="$CPPFLAGS -I$tryntrudir/include"
- AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include ]], [[ ntru_crypto_drbg_instantiate(0, 0, 0, 0, 0); ]])], [ ntru_linked=yes ],[ ntru_linked=no ])
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include ]], [[ ntru_crypto_drbg_instantiate(0, 0, 0, 0, 0); ]])], [ ntru_linked=yes ],[ ntru_linked=no ])
if test "x$ntru_linked" == "xno" ; then
AC_MSG_ERROR([NTRU isn't found.
@@ -1403,7 +1506,7 @@ AC_ARG_WITH([ntru],
AC_MSG_RESULT([yes])
fi
- AM_CFLAGS="$AM_CFLAGS -DHAVE_NTRU"
+ AM_CFLAGS="$AM_CFLAGS -DHAVE_NTRU -DHAVE_QSH -DHAVE_TLS_EXTENSIONS"
ENABLED_NTRU="yes"
]
)
@@ -1412,7 +1515,7 @@ AM_CONDITIONAL([BUILD_NTRU], [test "x$ENABLED_NTRU" = "xyes"])
if test "$ENABLED_NTRU" = "yes" && test "$ENABLED_SMALL" = "yes"
then
- AC_MSG_ERROR([cannot enable ntru and small, ntru requires TLS which small turns off.])
+ AC_MSG_ERROR([cannot enable ntru and small, ntru requires TLS which small turns off.])
fi
# SNI
@@ -1568,6 +1671,22 @@ then
fi
+# Secure Remote Password
+AC_ARG_ENABLE([srp],
+ [ --enable-srp Enable Secure Remote Password (default: disabled)],
+ [ ENABLED_SRP=$enableval ],
+ [ ENABLED_SRP=no ]
+ )
+
+if test "x$ENABLED_SRP" = "xyes"
+then
+ AM_CFLAGS="$AM_CFLAGS -DWOLFCRYPT_HAVE_SRP"
+fi
+
+AM_CONDITIONAL([BUILD_SRP], [test "x$ENABLED_SRP" = "xyes"])
+
+
+
# Small Stack
AC_ARG_ENABLE([smallstack],
[ --enable-smallstack Enable Small Stack Usage (default: disabled)],
@@ -1604,7 +1723,7 @@ fi
AM_CONDITIONAL([USE_VALGRIND], [test "x$ENABLED_VALGRIND" = "xyes"])
-# Test certs, use internal cert functions for extra testing
+# Test certs, use internal cert functions for extra testing
AC_ARG_ENABLE([testcert],
[ --enable-testcert Enable Test Cert (default: disabled)],
[ ENABLED_TESTCERT=$enableval ],
@@ -1635,7 +1754,7 @@ then
fi
-# Certificate Service Support
+# Certificate Service Support
AC_ARG_ENABLE([certservice],
[ --enable-certservice Enable cert service (default: disabled)],
[ ENABLED_CERT_SERVICE=$enableval ],
@@ -1664,6 +1783,84 @@ then
fi
+# lighty Support
+AC_ARG_ENABLE([lighty],
+ [ --enable-lighty Enable lighttpd/lighty (default: disabled)],
+ [ ENABLED_LIGHTY=$enableval ],
+ [ ENABLED_LIGHTY=no ]
+ )
+if test "$ENABLED_LIGHTY" = "yes"
+then
+ # Requires opensslextra make sure on
+ if test "x$ENABLED_OPENSSLEXTRA" = "xno"
+ then
+ ENABLED_OPENSSLEXTRA="yes"
+ AM_CFLAGS="-DOPENSSL_EXTRA $AM_CFLAGS"
+ fi
+ AM_CFLAGS="$AM_CFLAGS -DHAVE_LIGHTY -DHAVE_WOLFSSL_SSL_H=1"
+fi
+
+# stunnel Support
+AC_ARG_ENABLE([stunnel],
+ [ --enable-stunnel Enable stunnel (default: disabled)],
+ [ ENABLED_STUNNEL=$enableval ],
+ [ ENABLED_STUNNEL=no ]
+ )
+if test "$ENABLED_STUNNEL" = "yes"
+then
+ # Requires opensslextra make sure on
+ if test "x$ENABLED_OPENSSLEXTRA" = "xno"
+ then
+ ENABLED_OPENSSLEXTRA="yes"
+ AM_CFLAGS="-DOPENSSL_EXTRA $AM_CFLAGS"
+ fi
+
+ # Requires coding make sure on
+ if test "x$ENABLED_CODING" = "xno"
+ then
+ ENABLED_CODING="yes"
+ fi
+
+ # Requires sessioncerts make sure on
+ if test "x$ENABLED_SESSIONCERTS" = "xno"
+ then
+ ENABLED_SESSIONCERTS="yes"
+ AM_CFLAGS="$AM_CFLAGS -DSESSION_CERTS"
+ fi
+
+ # Requires crls, make sure on
+ if test "x$ENABLED_CRL" = "xno"
+ then
+ ENABLED_CRL="yes"
+ AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL"
+ AM_CONDITIONAL([BUILD_CRL], [test "x$ENABLED_CRL" = "xyes"])
+ fi
+ AM_CFLAGS="$AM_CFLAGS -DHAVE_STUNNEL"
+fi
+
+
+# MD4
+AC_ARG_ENABLE([md4],
+ [ --enable-md4 Enable MD4 (default: disabled)],
+ [ ENABLED_MD4=$enableval ],
+ [ ENABLED_MD4=no ]
+ )
+
+
+if test "$ENABLED_MD4" = "no"
+then
+ #turn on MD4 if using stunnel
+ if test "x$ENABLED_STUNNEL" = "xyes"
+ then
+ ENABLED_MD4="yes"
+ else
+ AM_CFLAGS="$AM_CFLAGS -DNO_MD4"
+ fi
+fi
+
+AM_CONDITIONAL([BUILD_MD4], [test "x$ENABLED_MD4" = "xyes"])
+
+
# PWDBASED has to come after certservice since we want it on w/o explicit on
# PWDBASED
AC_ARG_ENABLE([pwdbased],
@@ -1691,7 +1888,7 @@ FASTMATH_DEFAULT=no
if test "$host_cpu" = "x86_64"
then
-FASTMATH_DEFAULT=yes
+ FASTMATH_DEFAULT=yes
fi
# fastmath
@@ -1757,8 +1954,6 @@ AC_ARG_ENABLE([examples],
AS_IF([test "x$ENABLED_FILESYSTEM" = "xno"], [ENABLED_EXAMPLES="no"])
AS_IF([test "x$ENABLED_INLINE" = "xno"], [ENABLED_EXAMPLES="no"])
-# certs still have sha signatures for now
-AS_IF([test "x$ENABLED_SHA" = "xno" && test "x$ENABLED_PSK" = "xno"], [ENABLED_EXAMPLES="no"])
AM_CONDITIONAL([BUILD_EXAMPLES], [test "x$ENABLED_EXAMPLES" = "xyes"])
@@ -1801,7 +1996,7 @@ AC_ARG_WITH([libz],
AM_CONDITIONAL([BUILD_LIBZ], [test "x$ENABLED_LIBZ" = "xyes"])
-# cavium
+# cavium
trycaviumdir=""
AC_ARG_WITH([cavium],
[ --with-cavium=PATH PATH to cavium/software dir ],
@@ -1862,6 +2057,75 @@ fi
AM_CONDITIONAL([BUILD_MCAPI], [test "x$ENABLED_MCAPI" = "xyes"])
+# wolfSSL JNI
+AC_ARG_ENABLE([jni],
+ [ --enable-jni Enable wolfSSL JNI (default: disabled)],
+ [ ENABLED_JNI=$enableval ],
+ [ ENABLED_JNI=no ]
+ )
+if test "$ENABLED_JNI" = "yes"
+then
+ # Enable prereqs if not already enabled
+ if test "x$ENABLED_DTLS" = "xno"
+ then
+ ENABLED_DTLS="yes"
+ AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DTLS"
+ fi
+ if test "x$ENABLED_OPENSSLEXTRA" = "xno"
+ then
+ ENABLED_OPENSSLEXTRA="yes"
+ AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA"
+ fi
+ if test "x$ENABLED_CRL" = "xno"
+ then
+ ENABLED_CRL="yes"
+ AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL"
+ AM_CONDITIONAL([BUILD_CRL], [test "x$ENABLED_CRL" = "xyes"])
+ fi
+ if test "x$ENABLED_OCSP" = "xno"
+ then
+ ENABLED_OCSP="yes"
+ AM_CFLAGS="$AM_CFLAGS -DHAVE_OCSP"
+ AM_CONDITIONAL([BUILD_OCSP], [test "x$ENABLED_OCSP" = "xyes"])
+ fi
+ if test "x$ENABLED_CRL_MONITOR" = "xno"
+ then
+ ENABLED_CRL_MONITOR="yes"
+ AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL_MONITOR"
+ fi
+ if test "x$ENABLED_SAVESESSION" = "xno"
+ then
+ ENABLED_SAVESESSION="yes"
+ AM_CFLAGS="$AM_CFLAGS -DPERSIST_SESSION_CACHE"
+ fi
+ if test "x$ENABLED_SAVECERT" = "xno"
+ then
+ ENABLED_SAVECERT="yes"
+ AM_CFLAGS="$AM_CFLAGS -DPERSIST_CERT_CACHE"
+ fi
+ if test "x$ENABLED_ATOMICUSER" = "xno"
+ then
+ ENABLED_ATOMICUSER="yes"
+ AM_CFLAGS="$AM_CFLAGS -DATOMIC_USER"
+ fi
+ if test "x$ENABLED_ECC" = "xno"
+ then
+ ENABLED_ECC="yes"
+ AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC"
+ fi
+ if test "x$ENABLED_PKCALLBACKS" = "xno"
+ then
+ ENABLED_PKCALLBACKS="yes"
+ AM_CFLAGS="$AM_CFLAGS -DHAVE_PK_CALLBACKS"
+ fi
+ if test "x$ENABLED_DH" = "xno"
+ then
+ ENABLED_DH="yes"
+ AM_CFLAGS="$AM_CFLAGS -DHAVE_DH"
+ fi
+fi
+
+
# Check for build-type conflicts
AS_IF([test "x$ENABLED_MAXSTRENGTH" = "xyes" && \
test "x$ENABLED_LEANPSK" = "xyes"],
@@ -1877,6 +2141,10 @@ AS_IF([test "x$ENABLED_MAXSTRENGTH" = "xyes" && \
[AM_CFLAGS="$AM_CFLAGS -DNO_OLD_TLS"
ENABLED_OLD_TLS=no])
+AS_IF([test "x$ENABLED_MAXSTRENGTH" = "xyes" && \
+ test "x$ENABLED_SSLV3" = "xyes"],
+ [AC_MSG_ERROR([Cannot use Max Strength and SSLv3 at the same time.])])
+
# OPTIMIZE FLAGS
if test "$GCC" = "yes"
@@ -1903,6 +2171,12 @@ then
AM_CFLAGS="$AM_CFLAGS -wd10006"
fi
+# Expose HAVE___UINT128_T to options flags"
+if test "$ac_cv_type___uint128_t" = "yes"
+then
+ AM_CFLAGS="$AM_CFLAGS -DHAVE___UINT128_T"
+fi
+
LIB_SOCKET_NSL
AX_HARDEN_CC_COMPILER_FLAGS
@@ -1952,7 +2226,7 @@ touch ctaocrypt/src/fips.c
touch ctaocrypt/src/fips_test.c
echo
-# generate user options header
+# generate user options header
echo "---"
echo "Generating user options header..."
@@ -1962,7 +2236,7 @@ OPTION_FILE="wolfssl/options.h"
#fi
rm -f $OPTION_FILE
-echo "/* wolfssl options.h" > $OPTION_FILE
+echo "/* wolfssl options.h" > $OPTION_FILE
echo " * generated from configure options" >> $OPTION_FILE
echo " *" >> $OPTION_FILE
echo " * Copyright (C) 2006-2015 wolfSSL Inc." >> $OPTION_FILE
@@ -1971,32 +2245,53 @@ echo " * This file is part of wolfSSL. (formerly known as CyaSSL)" >> $OPTION_FI
echo " *" >> $OPTION_FILE
echo " */" >> $OPTION_FILE
-echo "" >> $OPTION_FILE
-echo "#pragma once" >> $OPTION_FILE
-echo "" >> $OPTION_FILE
-echo "#ifdef __cplusplus" >> $OPTION_FILE
-echo "extern \"C\" {" >> $OPTION_FILE
-echo "#endif" >> $OPTION_FILE
-echo "" >> $OPTION_FILE
+echo "" >> $OPTION_FILE
+echo "#pragma once" >> $OPTION_FILE
+echo "" >> $OPTION_FILE
+echo "#ifdef __cplusplus" >> $OPTION_FILE
+echo "extern \"C\" {" >> $OPTION_FILE
+echo "#endif" >> $OPTION_FILE
+echo "" >> $OPTION_FILE
for option in $OPTION_FLAGS; do
defonly=`echo $option | sed 's/-D//'`
if test "$defonly" != "$option"
then
noequalsign=`echo $defonly | sed 's/=/ /'`
- echo "#undef $noequalsign" >> $OPTION_FILE
- echo "#define $noequalsign" >> $OPTION_FILE
- echo "" >> $OPTION_FILE
+ if test "$noequalsign" = "NDEBUG" || test "$noequalsign" = "DEBUG"
+ then
+ echo "not outputing (N)DEBUG to $OPTION_FILE"
+ continue
+ fi
+
+ # allow user to igonore system options
+ ignoresys=no
+ if [[[ $noequalsign == _* ]]] ;
+ then
+ ignoresys=yes
+ echo "#ifndef WOLFSSL_OPTIONS_IGNORE_SYS" >> $OPTION_FILE
+ fi
+
+ noarg=`echo $defonly | sed 's/=.*//'`
+ echo "#undef $noarg" >> $OPTION_FILE
+ echo "#define $noequalsign" >> $OPTION_FILE
+
+ if test "$ignoresys" = "yes"
+ then
+ echo "#endif" >> $OPTION_FILE
+ fi
+
+ echo "" >> $OPTION_FILE
else
echo "option w/o begin -D is $option, not saving to $OPTION_FILE"
fi
done
-echo "" >> $OPTION_FILE
-echo "#ifdef __cplusplus" >> $OPTION_FILE
-echo "}" >> $OPTION_FILE
-echo "#endif" >> $OPTION_FILE
-echo "" >> $OPTION_FILE
+echo "" >> $OPTION_FILE
+echo "#ifdef __cplusplus" >> $OPTION_FILE
+echo "}" >> $OPTION_FILE
+echo "#endif" >> $OPTION_FILE
+echo "" >> $OPTION_FILE
echo
#backwards compatability for those who have included options or version
@@ -2027,10 +2322,11 @@ echo " * Debug enabled: $ax_enable_debug"
echo " * Warnings as failure: $ac_cv_warnings_as_errors"
echo " * make -j: $enable_jobserver"
echo " * VCS checkout: $ac_cv_vcs_checkout"
-echo
+echo
echo " Features "
echo " * Single threaded: $ENABLED_SINGLETHREADED"
echo " * Filesystem: $ENABLED_FILESYSTEM"
+echo " * OpenSSH Build: $ENABLED_OPENSSH"
echo " * OpenSSL Extra API: $ENABLED_OPENSSLEXTRA"
echo " * Max Strength Build: $ENABLED_MAXSTRENGTH"
echo " * fastmath: $ENABLED_FASTMATH"
@@ -2075,9 +2371,12 @@ echo " * Anonymous cipher: $ENABLED_ANON"
echo " * CODING: $ENABLED_CODING"
echo " * MEMORY: $ENABLED_MEMORY"
echo " * I/O POOL: $ENABLED_IOPOOL"
+echo " * LIGHTY: $ENABLED_LIGHTY"
+echo " * STUNNEL: $ENABLED_STUNNEL"
echo " * ERROR_STRINGS: $ENABLED_ERROR_STRINGS"
echo " * DTLS: $ENABLED_DTLS"
echo " * Old TLS Versions: $ENABLED_OLD_TLS"
+echo " * SSL version 3.0: $ENABLED_SSLV3"
echo " * OCSP: $ENABLED_OCSP"
echo " * CRL: $ENABLED_CRL"
echo " * CRL-MONITOR: $ENABLED_CRL_MONITOR"
@@ -2096,10 +2395,10 @@ echo " * Session Ticket: $ENABLED_SESSION_TICKET"
echo " * All TLS Extensions: $ENABLED_TLSX"
echo " * PKCS#7 $ENABLED_PKCS7"
echo " * wolfSCEP $ENABLED_WOLFSCEP"
+echo " * Secure Remote Password $ENABLED_SRP"
echo " * Small Stack: $ENABLED_SMALL_STACK"
echo " * valgrind unit tests: $ENABLED_VALGRIND"
echo " * LIBZ: $ENABLED_LIBZ"
echo " * Examples: $ENABLED_EXAMPLES"
echo ""
echo "---"
-
diff --git a/cyassl/ctaocrypt/blake2-impl.h b/cyassl/ctaocrypt/blake2-impl.h
index fc5ec3a49..de6ed273b 100644
--- a/cyassl/ctaocrypt/blake2-impl.h
+++ b/cyassl/ctaocrypt/blake2-impl.h
@@ -36,7 +36,7 @@
#define CTAOCRYPT_BLAKE2_IMPL_H
#include
-#include
+#include
#endif /* CTAOCRYPT_BLAKE2_IMPL_H */
diff --git a/cyassl/ctaocrypt/blake2-int.h b/cyassl/ctaocrypt/blake2-int.h
index 07ea8e745..9dadaadcb 100644
--- a/cyassl/ctaocrypt/blake2-int.h
+++ b/cyassl/ctaocrypt/blake2-int.h
@@ -37,7 +37,7 @@
#define CTAOCRYPT_BLAKE2_INT_H
#include
-#include
+#include
#endif /* CTAOCRYPT_BLAKE2_INT_H */
diff --git a/cyassl/ctaocrypt/include.am b/cyassl/ctaocrypt/include.am
index 23d393db8..c30b26fa7 100644
--- a/cyassl/ctaocrypt/include.am
+++ b/cyassl/ctaocrypt/include.am
@@ -1,6 +1,8 @@
# vim:ft=automake
# All paths should be given relative to the root
+EXTRA_DIST+= ctaocrypt/src/misc.c
+
nobase_include_HEADERS+= \
cyassl/ctaocrypt/aes.h \
cyassl/ctaocrypt/arc4.h \
diff --git a/cyassl/openssl/ec25519.h b/cyassl/openssl/ec25519.h
new file mode 100644
index 000000000..6ee894506
--- /dev/null
+++ b/cyassl/openssl/ec25519.h
@@ -0,0 +1,3 @@
+/* ec25519.h */
+
+#include
diff --git a/cyassl/openssl/ecdh.h b/cyassl/openssl/ecdh.h
new file mode 100644
index 000000000..b774bf0da
--- /dev/null
+++ b/cyassl/openssl/ecdh.h
@@ -0,0 +1,3 @@
+/* ecdh.h for openssl */
+
+#include
diff --git a/cyassl/openssl/ed25519.h b/cyassl/openssl/ed25519.h
new file mode 100644
index 000000000..240cbcaaf
--- /dev/null
+++ b/cyassl/openssl/ed25519.h
@@ -0,0 +1,3 @@
+/* ed25519.h */
+
+#include
diff --git a/cyassl/openssl/include.am b/cyassl/openssl/include.am
index e531f767a..f5c3c56e9 100644
--- a/cyassl/openssl/include.am
+++ b/cyassl/openssl/include.am
@@ -11,7 +11,10 @@ nobase_include_HEADERS+= \
cyassl/openssl/dh.h \
cyassl/openssl/dsa.h \
cyassl/openssl/ecdsa.h \
+ cyassl/openssl/ecdh.h \
cyassl/openssl/ec.h \
+ cyassl/openssl/ec25519.h \
+ cyassl/openssl/ed25519.h \
cyassl/openssl/engine.h \
cyassl/openssl/err.h \
cyassl/openssl/evp.h \
diff --git a/cyassl/ssl.h b/cyassl/ssl.h
index 2fced9224..eadf29681 100644
--- a/cyassl/ssl.h
+++ b/cyassl/ssl.h
@@ -615,6 +615,7 @@
#define CyaSSL_connect_cert wolfSSL_connect_cert
#define CyaSSL_flush_sessions wolfSSL_flush_sessions
#define CyaSSL_get_using_nonblock wolfSSL_get_using_nonblock
+#define CyaSSL_PrintSessionStats wolfSSL_PrintSessionStats
/* DTLS Specific */
#define CyaSSL_dtls wolfSSL_dtls
diff --git a/examples/client/client.c b/examples/client/client.c
index d7a5e82e9..1dedf320f 100644
--- a/examples/client/client.c
+++ b/examples/client/client.c
@@ -130,6 +130,10 @@ static void Usage(void)
printf("-c Certificate file, default %s\n", cliCert);
printf("-k Key file, default %s\n", cliKey);
printf("-A Certificate Authority file, default %s\n", caCert);
+#ifndef NO_DH
+ printf("-Z Minimum DH key bits, default %d\n",
+ DEFAULT_MIN_DHKEY_BITS);
+#endif
printf("-b Benchmark connections and print stats\n");
printf("-s Use pre Shared keys\n");
printf("-t Track wolfSSL memory use\n");
@@ -148,6 +152,7 @@ static void Usage(void)
#endif
printf("-f Fewer packets/group messages\n");
printf("-x Disable client cert/key loading\n");
+ printf("-X Driven by eXternal test case\n");
#ifdef SHOW_SIZES
printf("-z Print structure sizes\n");
#endif
@@ -173,6 +178,9 @@ static void Usage(void)
#ifdef HAVE_ANON
printf("-a Anonymous client\n");
#endif
+#ifdef HAVE_CRL
+ printf("-C Disable CRL\n");
+#endif
}
THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
@@ -208,7 +216,9 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
int doPeerCheck = 1;
int nonBlocking = 0;
int resumeSession = 0;
- int wc_shutdown = 0;
+ int wc_shutdown = 0;
+ int disableCRL = 0;
+ int externalTest = 0;
int ret;
int scr = 0; /* allow secure renegotiation */
int forceScr = 0; /* force client initiaed scr */
@@ -218,6 +228,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
int atomicUser = 0;
int pkCallbacks = 0;
int overrideDateErrors = 0;
+ int minDhKeyBits = DEFAULT_MIN_DHKEY_BITS;
char* cipherList = NULL;
const char* verifyCert = caCert;
const char* ourCert = cliCert;
@@ -262,11 +273,14 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
(void)verifyCert;
(void)useClientCert;
(void)overrideDateErrors;
+ (void)disableCRL;
+ (void)minDhKeyBits;
StackTrap();
while ((ch = mygetopt(argc, argv,
- "?gdDusmNrwRitfxUPh:p:v:l:A:c:k:b:zS:L:ToO:a")) != -1) {
+ "?gdDusmNrwRitfxXUPCh:p:v:l:A:c:k:Z:b:zS:L:ToO:a"))
+ != -1) {
switch (ch) {
case '?' :
Usage();
@@ -284,6 +298,12 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
overrideDateErrors = 1;
break;
+ case 'C' :
+ #ifdef HAVE_CRL
+ disableCRL = 1;
+ #endif
+ break;
+
case 'u' :
doDTLS = 1;
break;
@@ -306,6 +326,10 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
useClientCert = 0;
break;
+ case 'X' :
+ externalTest = 1;
+ break;
+
case 'f' :
fewerPackets = 1;
break;
@@ -359,6 +383,16 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
ourKey = myoptarg;
break;
+ case 'Z' :
+ #ifndef NO_DH
+ minDhKeyBits = atoi(myoptarg);
+ if (minDhKeyBits <= 0 || minDhKeyBits > 16000) {
+ Usage();
+ exit(MY_EX_USAGE);
+ }
+ #endif
+ break;
+
case 'b' :
benchmark = atoi(myoptarg);
if (benchmark < 0 || benchmark > 1000000) {
@@ -448,6 +482,37 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
myoptind = 0; /* reset for test cases */
+ if (externalTest) {
+ /* detect build cases that wouldn't allow test against wolfssl.com */
+ int done = 0;
+ (void)done;
+
+ #ifdef NO_RSA
+ done = 1;
+ #endif
+
+ #ifndef NO_PSK
+ done = 1;
+ #endif
+
+ #ifdef NO_SHA
+ done = 1; /* external cert chain most likely has SHA */
+ #endif
+
+ #if !defined(HAVE_ECC) && !defined(WOLFSSL_STATIC_RSA)
+ if (!XSTRNCMP(domain, "www.google.com", 14)) {
+ done = 1; /* google needs ECDHE or static RSA */
+ }
+ #endif
+
+ if (done) {
+ printf("external test can't be run in this mode");
+
+ ((func_args*)args)->return_code = 0;
+ exit(EXIT_SUCCESS);
+ }
+ }
+
/* sort out DTLS versus TLS versions */
if (version == CLIENT_INVALID_VERSION) {
if (doDTLS)
@@ -466,16 +531,17 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
#ifdef USE_WOLFSSL_MEMORY
if (trackMemory)
- InitMemoryTracker();
+ InitMemoryTracker();
#endif
switch (version) {
#ifndef NO_OLD_TLS
+ #ifdef WOLFSSL_ALLOW_SSLV3
case 0:
method = wolfSSLv3_client_method();
break;
-
-
+ #endif
+
#ifndef NO_TLS
case 1:
method = wolfTLSv1_client_method();
@@ -485,9 +551,9 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
method = wolfTLSv1_1_client_method();
break;
#endif /* NO_TLS */
-
+
#endif /* NO_OLD_TLS */
-
+
#ifndef NO_TLS
case 3:
method = wolfTLSv1_2_client_method();
@@ -495,9 +561,11 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
#endif
#ifdef WOLFSSL_DTLS
+ #ifndef NO_OLD_TLS
case -1:
method = wolfDTLSv1_client_method();
break;
+ #endif
case -2:
method = wolfDTLSv1_2_client_method();
@@ -531,6 +599,10 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
if (fewerPackets)
wolfSSL_CTX_set_group_messages(ctx);
+#ifndef NO_DH
+ wolfSSL_CTX_SetMinDhKey_Sz(ctx, (word16)minDhKeyBits);
+#endif
+
if (usePsk) {
#ifndef NO_PSK
wolfSSL_CTX_set_psk_client_callback(ctx, my_psk_client_cb);
@@ -651,26 +723,39 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
if (benchmark) {
/* time passed in number of connects give average */
int times = benchmark;
+ int loops = resumeSession ? 2 : 1;
int i = 0;
+ WOLFSSL_SESSION* benchSession = NULL;
- double start = current_time(), avg;
+ while (loops--) {
+ int benchResume = resumeSession && loops == 0;
+ double start = current_time(), avg;
- for (i = 0; i < times; i++) {
- tcp_connect(&sockfd, host, port, doDTLS);
+ for (i = 0; i < times; i++) {
+ tcp_connect(&sockfd, host, port, doDTLS);
- ssl = wolfSSL_new(ctx);
- wolfSSL_set_fd(ssl, sockfd);
- if (wolfSSL_connect(ssl) != SSL_SUCCESS)
- err_sys("SSL_connect failed");
+ ssl = wolfSSL_new(ctx);
+ if (benchResume)
+ wolfSSL_set_session(ssl, benchSession);
+ wolfSSL_set_fd(ssl, sockfd);
+ if (wolfSSL_connect(ssl) != SSL_SUCCESS)
+ err_sys("SSL_connect failed");
- wolfSSL_shutdown(ssl);
- wolfSSL_free(ssl);
- CloseSocket(sockfd);
+ wolfSSL_shutdown(ssl);
+ if (i == (times-1) && resumeSession) {
+ benchSession = wolfSSL_get_session(ssl);
+ }
+ wolfSSL_free(ssl);
+ CloseSocket(sockfd);
+ }
+ avg = current_time() - start;
+ avg /= times;
+ avg *= 1000; /* milliseconds */
+ if (benchResume)
+ printf("wolfSSL_resume avg took: %8.3f milliseconds\n", avg);
+ else
+ printf("wolfSSL_connect avg took: %8.3f milliseconds\n", avg);
}
- avg = current_time() - start;
- avg /= times;
- avg *= 1000; /* milliseconds */
- printf("wolfSSL_connect avg took: %8.3f milliseconds\n", avg);
wolfSSL_CTX_free(ctx);
((func_args*)args)->return_code = 0;
@@ -708,12 +793,14 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
wolfSSL_set_fd(ssl, sockfd);
#ifdef HAVE_CRL
- if (wolfSSL_EnableCRL(ssl, WOLFSSL_CRL_CHECKALL) != SSL_SUCCESS)
- err_sys("can't enable crl check");
- if (wolfSSL_LoadCRL(ssl, crlPemDir, SSL_FILETYPE_PEM, 0) != SSL_SUCCESS)
- err_sys("can't load crl, check crlfile and date validity");
- if (wolfSSL_SetCRL_Cb(ssl, CRL_CallBack) != SSL_SUCCESS)
- err_sys("can't set crl callback");
+ if (disableCRL == 0) {
+ if (wolfSSL_EnableCRL(ssl, WOLFSSL_CRL_CHECKALL) != SSL_SUCCESS)
+ err_sys("can't enable crl check");
+ if (wolfSSL_LoadCRL(ssl, crlPemDir, SSL_FILETYPE_PEM, 0) != SSL_SUCCESS)
+ err_sys("can't load crl, check crlfile and date validity");
+ if (wolfSSL_SetCRL_Cb(ssl, CRL_CallBack) != SSL_SUCCESS)
+ err_sys("can't set crl callback");
+ }
#endif
#ifdef HAVE_SECURE_RENEGOTIATION
if (scr) {
@@ -759,13 +846,6 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
printf("not doing secure renegotiation on example with"
" nonblocking yet");
} else {
- #ifndef NO_SESSION_CACHE
- if (resumeSession) {
- session = wolfSSL_get_session(ssl);
- wolfSSL_set_session(ssl, session);
- resumeSession = 0; /* only resume once */
- }
- #endif
if (wolfSSL_Rehandshake(ssl) != SSL_SUCCESS) {
int err = wolfSSL_get_error(ssl, 0);
char buffer[WOLFSSL_MAX_ERROR_SZ];
@@ -811,12 +891,6 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
#ifndef NO_SESSION_CACHE
if (resumeSession) {
- if (doDTLS) {
- strncpy(msg, "break", 6);
- msgSz = (int)strlen(msg);
- /* try to send session close */
- wolfSSL_write(ssl, msg, msgSz);
- }
session = wolfSSL_get_session(ssl);
sslResume = wolfSSL_new(ctx);
}
@@ -853,6 +927,12 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
tcp_connect(&sockfd, host, port, 0);
}
wolfSSL_set_fd(sslResume, sockfd);
+#ifdef HAVE_SECURE_RENEGOTIATION
+ if (scr) {
+ if (wolfSSL_UseSecureRenegotiation(sslResume) != SSL_SUCCESS)
+ err_sys("can't enable secure renegotiation");
+ }
+#endif
wolfSSL_set_session(sslResume, session);
#ifdef HAVE_SESSION_TICKET
wolfSSL_set_SessionTicket_cb(sslResume, sessionTicketCB,
@@ -948,7 +1028,9 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
#if defined(DEBUG_WOLFSSL) && !defined(WOLFSSL_MDK_SHELL) && !defined(STACK_TRAP)
wolfSSL_Debugging_ON();
#endif
- if (CurrentDir("client"))
+ if (CurrentDir("_build"))
+ ChangeDirBack(1);
+ else if (CurrentDir("client"))
ChangeDirBack(2);
else if (CurrentDir("Debug") || CurrentDir("Release"))
ChangeDirBack(3);
diff --git a/examples/client/client.vcxproj b/examples/client/client.vcxproj
index 4442c56fd..dec191d7a 100644
--- a/examples/client/client.vcxproj
+++ b/examples/client/client.vcxproj
@@ -9,6 +9,22 @@
Debug
x64
+
+ DLL Debug
+ Win32
+
+
+ DLL Debug
+ x64
+
+
+ DLL Release
+ Win32
+
+
+ DLL Release
+ x64
+
Release
Win32
@@ -30,56 +46,114 @@
Unicode
true
+
+ Application
+ v110
+ Unicode
+ true
+
Application
v110
Unicode
true
+
+ Application
+ v110
+ Unicode
+ true
+
Application
v110
Unicode
+
+ Application
+ v110
+ Unicode
+
Application
v110
Unicode
+
+ Application
+ v110
+ Unicode
+
+
+
+
+
+
+
+
+
+
+
+
+
<_ProjectFileVersion>11.0.61030.0
$(SolutionDir)$(Configuration)\
- $(Configuration)\
+ $(Configuration)\obj\
+ true
+
+
+ $(SolutionDir)$(Configuration)\
+ $(Configuration)\obj\
true
true
+ $(SolutionDir)$(Platform)\$(Configuration)\
+ $(Platform)\$(Configuration)\obj\
+
+
+ true
+ $(SolutionDir)$(Platform)\$(Configuration)\
+ $(Platform)\$(Configuration)\obj\
$(SolutionDir)$(Configuration)\
- $(Configuration)\
+ $(Configuration)\obj\
+ false
+
+
+ $(SolutionDir)$(Configuration)\
+ $(Configuration)\obj\
false
false
+ $(SolutionDir)$(Platform)\$(Configuration)\
+ $(Platform)\$(Configuration)\obj\
+
+
+ false
+ $(SolutionDir)$(Platform)\$(Configuration)\
+ $(Platform)\$(Configuration)\obj\
@@ -101,6 +175,26 @@
false
+
+
+ Disabled
+ ../../;%(AdditionalIncludeDirectories)
+ WIN32;_DEBUG;_CONSOLE;OPENSSL_EXTRA;NO_PSK;WOLFSSL_DLL;%(PreprocessorDefinitions)
+ true
+ EnableFastChecks
+ MultiThreadedDebugDLL
+
+
+ Level3
+ EditAndContinue
+
+
+ Ws2_32.lib;%(AdditionalDependencies)
+ true
+ Console
+ MachineX86
+
+
Disabled
@@ -119,6 +213,24 @@
Console
+
+
+ Disabled
+ ../../;%(AdditionalIncludeDirectories)
+ WIN32;_DEBUG;_CONSOLE;OPENSSL_EXTRA;NO_PSK;WOLFSSL_DLL;%(PreprocessorDefinitions)
+ EnableFastChecks
+ MultiThreadedDebugDLL
+
+
+ Level3
+ ProgramDatabase
+
+
+ Ws2_32.lib;%(AdditionalDependencies)
+ true
+ Console
+
+
MaxSpeed
@@ -141,6 +253,28 @@
false
+
+
+ MaxSpeed
+ true
+ ../../;%(AdditionalIncludeDirectories)
+ WIN32;NDEBUG;_CONSOLE;OPENSSL_EXTRA;NO_PSK;WOLFSSL_DLL;%(PreprocessorDefinitions)
+ MultiThreadedDLL
+ true
+
+
+ Level3
+ ProgramDatabase
+
+
+ Ws2_32.lib;%(AdditionalDependencies)
+ true
+ Console
+ true
+ true
+ MachineX86
+
+
MaxSpeed
@@ -162,6 +296,27 @@
true
+
+
+ MaxSpeed
+ true
+ ../../;%(AdditionalIncludeDirectories)
+ WIN32;NDEBUG;_CONSOLE;OPENSSL_EXTRA;NO_PSK;WOLFSSL_DLL;%(PreprocessorDefinitions)
+ MultiThreadedDLL
+ true
+
+
+ Level3
+ ProgramDatabase
+
+
+ Ws2_32.lib;%(AdditionalDependencies)
+ true
+ Console
+ true
+ true
+
+
diff --git a/examples/echoclient/echoclient.c b/examples/echoclient/echoclient.c
index ff754b7e8..5757fb18d 100644
--- a/examples/echoclient/echoclient.c
+++ b/examples/echoclient/echoclient.c
@@ -29,11 +29,11 @@
#include
#include
-#if defined(CYASSL_MDK_ARM)
+#if defined(WOLFSSL_MDK_ARM)
#include
#include
- #if defined(CYASSL_MDK5)
+ #if defined(WOLFSSL_MDK5)
#include "cmsis_os.h"
#include "rl_fs.h"
#include "rl_net.h"
@@ -41,7 +41,7 @@
#include "rtl.h"
#endif
- #include "cyassl_MDK_ARM.h"
+ #include "wolfssl_MDK_ARM.h"
#endif
#include
@@ -74,7 +74,7 @@ void echoclient_test(void* args)
((func_args*)args)->return_code = -1; /* error state */
-#ifndef CYASSL_MDK_SHELL
+#ifndef WOLFSSL_MDK_SHELL
argc = ((func_args*)args)->argc;
argv = ((func_args*)args)->argv;
#endif
@@ -103,16 +103,18 @@ void echoclient_test(void* args)
doPSK = 1;
#endif
-#if defined(NO_MAIN_DRIVER) && !defined(USE_WINDOWS_API) && !defined(CYASSL_MDK_SHELL)
+#if defined(NO_MAIN_DRIVER) && !defined(USE_WINDOWS_API) && !defined(WOLFSSL_MDK_SHELL)
port = ((func_args*)args)->signal->port;
#endif
#if defined(CYASSL_DTLS)
- method = DTLSv1_client_method();
+ method = DTLSv1_2_client_method();
#elif !defined(NO_TLS)
method = CyaSSLv23_client_method();
-#else
+#elif defined(WOLFSSL_ALLOW_SSLV3)
method = SSLv3_client_method();
+#else
+ #error "no valid client method type"
#endif
ctx = SSL_CTX_new(method);
@@ -141,6 +143,8 @@ void echoclient_test(void* args)
CyaSSL_CTX_set_psk_client_callback(ctx, my_psk_client_cb);
#ifdef HAVE_NULL_CIPHER
defaultCipherList = "PSK-NULL-SHA256";
+ #elif defined(HAVE_AESGCM) && !defined(NO_DH)
+ defaultCipherList = "DHE-PSK-AES128-GCM-SHA256";
#else
defaultCipherList = "PSK-AES128-CBC-SHA256";
#endif
@@ -153,7 +157,7 @@ void echoclient_test(void* args)
SSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
#endif
- #if defined(CYASSL_MDK_ARM)
+ #if defined(WOLFSSL_MDK_ARM)
CyaSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
#endif
@@ -194,7 +198,7 @@ void echoclient_test(void* args)
break;
}
- #ifndef CYASSL_MDK_SHELL
+ #ifndef WOLFSSL_MDK_SHELL
while (sendSz) {
int got;
if ( (got = SSL_read(ssl, reply, sizeof(reply)-1)) > 0) {
@@ -260,7 +264,7 @@ void echoclient_test(void* args)
args.argv = argv;
CyaSSL_Init();
-#if defined(DEBUG_CYASSL) && !defined(CYASSL_MDK_SHELL)
+#if defined(DEBUG_CYASSL) && !defined(WOLFSSL_MDK_SHELL)
CyaSSL_Debugging_ON();
#endif
#ifndef CYASSL_TIRTOS
diff --git a/examples/echoclient/echoclient.vcxproj b/examples/echoclient/echoclient.vcxproj
index 342bb9ca5..a3a60545a 100644
--- a/examples/echoclient/echoclient.vcxproj
+++ b/examples/echoclient/echoclient.vcxproj
@@ -9,6 +9,22 @@
Debug
x64
+
+ DLL Debug
+ Win32
+
+
+ DLL Debug
+ x64
+
+
+ DLL Release
+ Win32
+
+
+ DLL Release
+ x64
+
Release
Win32
@@ -30,56 +46,114 @@
Unicode
true
+
+ Application
+ v110
+ Unicode
+ true
+
Application
v110
Unicode
true
+
+ Application
+ v110
+ Unicode
+ true
+
Application
v110
Unicode
+
+ Application
+ v110
+ Unicode
+
Application
v110
Unicode
+
+ Application
+ v110
+ Unicode
+
+
+
+
+
+
+
+
+
+
+
+
+
<_ProjectFileVersion>11.0.61030.0
$(SolutionDir)$(Configuration)\
- $(Configuration)\
+ $(Configuration)\obj\
+ true
+
+
+ $(SolutionDir)$(Configuration)\
+ $(Configuration)\obj\
true
true
+ $(SolutionDir)$(Platform)\$(Configuration)\
+ $(Platform)\$(Configuration)\obj\
+
+
+ true
+ $(SolutionDir)$(Platform)\$(Configuration)\
+ $(Platform)\$(Configuration)\obj\
$(SolutionDir)$(Configuration)\
- $(Configuration)\
+ $(Configuration)\obj\
+ false
+
+
+ $(SolutionDir)$(Configuration)\
+ $(Configuration)\obj\
false
false
+ $(SolutionDir)$(Platform)\$(Configuration)\
+ $(Platform)\$(Configuration)\obj\
+
+
+ false
+ $(SolutionDir)$(Platform)\$(Configuration)\
+ $(Platform)\$(Configuration)\obj\
@@ -102,6 +176,26 @@
+
+
+ Disabled
+ ../../;%(AdditionalIncludeDirectories)
+ WIN32;_DEBUG;_CONSOLE;OPENSSL_EXTRA;NO_PSK;WOLFSSL_DLL;%(PreprocessorDefinitions)
+ true
+ EnableFastChecks
+ MultiThreadedDebugDLL
+
+
+ Level3
+ EditAndContinue
+
+
+ Ws2_32.lib;%(AdditionalDependencies)
+ true
+ Console
+ MachineX86
+
+
Disabled
@@ -120,6 +214,24 @@
Console
+
+
+ Disabled
+ ../../;%(AdditionalIncludeDirectories)
+ WIN32;_DEBUG;_CONSOLE;OPENSSL_EXTRA;NO_PSK;WOLFSSL_DLL;%(PreprocessorDefinitions)
+ EnableFastChecks
+ MultiThreadedDebugDLL
+
+
+ Level3
+ ProgramDatabase
+
+
+ Ws2_32.lib;%(AdditionalDependencies)
+ true
+ Console
+
+
MaxSpeed
@@ -143,6 +255,28 @@
+
+
+ MaxSpeed
+ true
+ ../../;%(AdditionalIncludeDirectories)
+ WIN32;NDEBUG;_CONSOLE;OPENSSL_EXTRA;NO_PSK;WOLFSSL_DLL;%(PreprocessorDefinitions)
+ MultiThreadedDLL
+ true
+
+
+ Level3
+ ProgramDatabase
+
+
+ Ws2_32.lib;%(AdditionalDependencies)
+ true
+ Console
+ true
+ true
+ MachineX86
+
+
MaxSpeed
@@ -164,6 +298,27 @@
true
+
+
+ MaxSpeed
+ true
+ ../../;%(AdditionalIncludeDirectories)
+ WIN32;NDEBUG;_CONSOLE;OPENSSL_EXTRA;NO_PSK;WOLFSSL_DLL;%(PreprocessorDefinitions)
+ MultiThreadedDLL
+ true
+
+
+ Level3
+ ProgramDatabase
+
+
+ Ws2_32.lib;%(AdditionalDependencies)
+ true
+ Console
+ true
+ true
+
+
diff --git a/examples/echoserver/echoserver.c b/examples/echoserver/echoserver.c
index 49b3933d2..83f181e5a 100644
--- a/examples/echoserver/echoserver.c
+++ b/examples/echoserver/echoserver.c
@@ -29,11 +29,11 @@
#include /* ecc_fp_free */
#endif
-#if defined(CYASSL_MDK_ARM)
+#if defined(WOLFSSL_MDK_ARM)
#include
#include
- #if defined(CYASSL_MDK5)
+ #if defined(WOLFSSL_MDK5)
#include "cmsis_os.h"
#include "rl_fs.h"
#include "rl_net.h"
@@ -41,7 +41,7 @@
#include "rtl.h"
#endif
- #include "cyassl_MDK_ARM.h"
+ #include "wolfssl_MDK_ARM.h"
#endif
#include
@@ -53,11 +53,6 @@
#include "examples/echoserver/echoserver.h"
-
-#ifdef SESSION_STATS
- CYASSL_API void PrintSessionStats(void);
-#endif
-
#define SVR_COMMAND_SIZE 256
static void SignalReady(void* args, word16 port)
@@ -88,7 +83,7 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
int outCreated = 0;
int shutDown = 0;
int useAnyAddr = 0;
- word16 port = yasslPort;
+ word16 port = wolfSSLPort;
int argc = ((func_args*)args)->argc;
char** argv = ((func_args*)args)->argv;
@@ -119,7 +114,7 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
#endif
#if defined(NO_MAIN_DRIVER) && !defined(USE_WINDOWS_API) && \
- !defined(CYASSL_SNIFFER) && !defined(CYASSL_MDK_SHELL) && \
+ !defined(CYASSL_SNIFFER) && !defined(WOLFSSL_MDK_SHELL) && \
!defined(CYASSL_TIRTOS)
port = 0;
#endif
@@ -134,11 +129,13 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
tcp_listen(&sockfd, &port, useAnyAddr, doDTLS);
#if defined(CYASSL_DTLS)
- method = CyaDTLSv1_server_method();
+ method = CyaDTLSv1_2_server_method();
#elif !defined(NO_TLS)
method = CyaSSLv23_server_method();
-#else
+#elif defined(WOLFSSL_ALLOW_SSLV3)
method = CyaSSLv3_server_method();
+#else
+ #error "no valid server method built in"
#endif
ctx = CyaSSL_CTX_new(method);
/* CyaSSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF); */
@@ -147,6 +144,13 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
CyaSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
#endif
+#if defined(HAVE_SESSION_TICKET) && defined(HAVE_CHACHA) && \
+ defined(HAVE_POLY1305)
+ if (TicketInit() != 0)
+ err_sys("unable to setup Session Ticket Key context");
+ wolfSSL_CTX_set_TicketEncCb(ctx, myTicketEncCb);
+#endif
+
#ifndef NO_FILESYSTEM
if (doPSK == 0) {
#ifdef HAVE_NTRU
@@ -206,6 +210,8 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
CyaSSL_CTX_use_psk_identity_hint(ctx, "cyassl server");
#ifdef HAVE_NULL_CIPHER
defaultCipherList = "PSK-NULL-SHA256";
+ #elif defined(HAVE_AESGCM) && !defined(NO_DH)
+ defaultCipherList = "DHE-PSK-AES128-GCM-SHA256";
#else
defaultCipherList = "PSK-AES128-CBC-SHA256";
#endif
@@ -223,8 +229,8 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
int clientfd;
int firstRead = 1;
int gotFirstG = 0;
-
-#ifndef CYASSL_DTLS
+
+#ifndef CYASSL_DTLS
SOCKADDR_IN_T client;
socklen_t client_len = sizeof(client);
clientfd = accept(sockfd, (struct sockaddr*)&client,
@@ -275,9 +281,9 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
printf("client sent break command: closing session!\n");
break;
}
-#ifdef SESSION_STATS
+#ifdef PRINT_SESSION_STATS
if ( strncmp(command, "printstats", 10) == 0) {
- PrintSessionStats();
+ CyaSSL_PrintSessionStats();
break;
}
#endif
@@ -341,6 +347,11 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
fdCloseSession(Task_self());
#endif
+#if defined(HAVE_SESSION_TICKET) && defined(HAVE_CHACHA) && \
+ defined(HAVE_POLY1305)
+ TicketCleanup();
+#endif
+
#ifndef CYASSL_TIRTOS
return 0;
#endif
@@ -386,5 +397,3 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
#endif /* NO_MAIN_DRIVER */
-
-
diff --git a/examples/echoserver/echoserver.vcxproj b/examples/echoserver/echoserver.vcxproj
index a9c210cbd..096ba75c6 100644
--- a/examples/echoserver/echoserver.vcxproj
+++ b/examples/echoserver/echoserver.vcxproj
@@ -9,6 +9,22 @@
Debug
x64
+
+ DLL Debug
+ Win32
+
+
+ DLL Debug
+ x64
+
+
+ DLL Release
+ Win32
+
+
+ DLL Release
+ x64
+
Release
Win32
@@ -30,56 +46,114 @@
Unicode
true
+
+ Application
+ v110
+ Unicode
+ true
+
Application
v110
Unicode
true
+
+ Application
+ v110
+ Unicode
+ true
+
Application
v110
Unicode
+
+ Application
+ v110
+ Unicode
+
Application
v110
Unicode
+
+ Application
+ v110
+ Unicode
+
+
+
+
+
+
+
+
+
+
+
+
+
<_ProjectFileVersion>11.0.61030.0
$(SolutionDir)$(Configuration)\
- $(Configuration)\
+ $(Configuration)\obj\
+ true
+
+
+ $(SolutionDir)$(Configuration)\
+ $(Configuration)\obj\
true
true
+ $(SolutionDir)$(Platform)\$(Configuration)\
+ $(Platform)\$(Configuration)\obj\
+
+
+ true
+ $(SolutionDir)$(Platform)\$(Configuration)\
+ $(Platform)\$(Configuration)\obj\
$(SolutionDir)$(Configuration)\
- $(Configuration)\
+ $(Configuration)\obj\
+ false
+
+
+ $(SolutionDir)$(Configuration)\
+ $(Configuration)\obj\
false
false
+ $(SolutionDir)$(Platform)\$(Configuration)\
+ $(Platform)\$(Configuration)\obj\
+
+
+ false
+ $(SolutionDir)$(Platform)\$(Configuration)\
+ $(Platform)\$(Configuration)\obj\
@@ -102,6 +176,26 @@
+
+
+ Disabled
+ ../../;%(AdditionalIncludeDirectories)
+ USE_ANY_ADDR;OPENSSL_EXTRA;NO_PSK;WOLFSSL_DLL;%(PreprocessorDefinitions)
+ true
+ EnableFastChecks
+ MultiThreadedDebugDLL
+
+
+ Level3
+ EditAndContinue
+
+
+ Ws2_32.lib;%(AdditionalDependencies)
+ true
+ Console
+ MachineX86
+
+
Disabled
@@ -120,6 +214,24 @@
Console
+
+
+ Disabled
+ ../../;%(AdditionalIncludeDirectories)
+ USE_ANY_ADDR;OPENSSL_EXTRA;NO_PSK;WOLFSSL_DLL;%(PreprocessorDefinitions)
+ EnableFastChecks
+ MultiThreadedDebugDLL
+
+
+ Level3
+ ProgramDatabase
+
+
+ Ws2_32.lib;%(AdditionalDependencies)
+ true
+ Console
+
+
MaxSpeed
@@ -142,6 +254,28 @@
false
+
+
+ MaxSpeed
+ true
+ ../../;%(AdditionalIncludeDirectories)
+ USE_ANY_ADDR;OPENSSL_EXTRA;NO_PSK;WOLFSSL_DLL;%(PreprocessorDefinitions)
+ MultiThreadedDLL
+ true
+
+
+ Level3
+ ProgramDatabase
+
+
+ Ws2_32.lib;%(AdditionalDependencies)
+ true
+ Console
+ true
+ true
+ MachineX86
+
+
MaxSpeed
@@ -163,6 +297,27 @@
true
+
+
+ MaxSpeed
+ true
+ ../../;%(AdditionalIncludeDirectories)
+ USE_ANY_ADDR;OPENSSL_EXTRA;NO_PSK;WOLFSSL_DLL;%(PreprocessorDefinitions)
+ MultiThreadedDLL
+ true
+
+
+ Level3
+ ProgramDatabase
+
+
+ Ws2_32.lib;%(AdditionalDependencies)
+ true
+ Console
+ true
+ true
+
+
diff --git a/examples/server/server.c b/examples/server/server.c
index df248dd6e..80295d3f4 100644
--- a/examples/server/server.c
+++ b/examples/server/server.c
@@ -34,11 +34,11 @@
#define WOLFSSL_TRACK_MEMORY
#endif
-#if defined(CYASSL_MDK_ARM)
+#if defined(WOLFSSL_MDK_ARM)
#include
#include
- #if defined(CYASSL_MDK5)
+ #if defined(WOLFSSL_MDK5)
#include "cmsis_os.h"
#include "rl_fs.h"
#include "rl_net.h"
@@ -46,7 +46,7 @@
#include "rtl.h"
#endif
- #include "cyassl_MDK_ARM.h"
+ #include "wolfssl_MDK_ARM.h"
#endif
#include
#include
@@ -60,6 +60,12 @@
Timeval srvTo;
#endif
+#ifndef NO_HANDSHAKE_DONE_CB
+ int myHsDoneCb(WOLFSSL* ssl, void* user_ctx);
+#endif
+
+
+
static void NonBlockingSSL_Accept(SSL* ssl)
{
#ifndef CYASSL_CALLBACKS
@@ -125,6 +131,11 @@ static void Usage(void)
printf("-c Certificate file, default %s\n", svrCert);
printf("-k Key file, default %s\n", svrKey);
printf("-A Certificate Authority file, default %s\n", cliCert);
+#ifndef NO_DH
+ printf("-D Diffie-Hellman Params file, default %s\n", dhParam);
+ printf("-Z Minimum DH key bits, default %d\n",
+ DEFAULT_MIN_DHKEY_BITS);
+#endif
printf("-d Disable client cert check\n");
printf("-b Bind to any interface instead of localhost only\n");
printf("-s Use pre Shared keys\n");
@@ -132,7 +143,8 @@ static void Usage(void)
printf("-u Use UDP DTLS,"
" add -v 2 for DTLSv1 (default), -v 3 for DTLSv1.2\n");
printf("-f Fewer packets/group messages\n");
- printf("-r Create server ready file, for external monitor\n");
+ printf("-R Create server ready file, for external monitor\n");
+ printf("-r Allow one client Resumption\n");
printf("-N Use Non-blocking sockets\n");
printf("-S Use Host Name Indication\n");
printf("-w Wait for bidirectional shutdown\n");
@@ -146,6 +158,9 @@ static void Usage(void)
#ifdef HAVE_ANON
printf("-a Anonymous server\n");
#endif
+#ifndef NO_PSK
+ printf("-I Do not send PSK identity hint\n");
+#endif
}
THREAD_RETURN CYASSL_THREAD server_test(void* args)
@@ -164,7 +179,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
int version = SERVER_DEFAULT_VERSION;
int doCliCertCheck = 1;
int useAnyAddr = 0;
- word16 port = yasslPort;
+ word16 port = wolfSSLPort;
int usePsk = 0;
int useAnon = 0;
int doDTLS = 0;
@@ -175,15 +190,22 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
int fewerPackets = 0;
int pkCallbacks = 0;
int serverReadyFile = 0;
- int wc_shutdown = 0;
+ int wc_shutdown = 0;
+ int resume = 0; /* do resume, and resume count */
+ int minDhKeyBits = DEFAULT_MIN_DHKEY_BITS;
int ret;
char* cipherList = NULL;
const char* verifyCert = cliCert;
const char* ourCert = svrCert;
const char* ourKey = svrKey;
+ const char* ourDhParam = dhParam;
int argc = ((func_args*)args)->argc;
char** argv = ((func_args*)args)->argv;
+#ifndef NO_PSK
+ int sendPskIdentityHint = 1;
+#endif
+
#ifdef HAVE_SNI
char* sniHostName = NULL;
#endif
@@ -205,15 +227,18 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
(void)needDH;
(void)ourKey;
(void)ourCert;
+ (void)ourDhParam;
(void)verifyCert;
(void)useNtruKey;
(void)doCliCertCheck;
+ (void)minDhKeyBits;
#ifdef CYASSL_TIRTOS
fdOpenSession(Task_self());
#endif
- while ((ch = mygetopt(argc, argv, "?dbstnNufrawPp:v:l:A:c:k:S:oO:")) != -1) {
+ while ((ch = mygetopt(argc, argv, "?dbstnNufrRawPIp:v:l:A:c:k:Z:S:oO:D:"))
+ != -1) {
switch (ch) {
case '?' :
Usage();
@@ -249,10 +274,16 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
fewerPackets = 1;
break;
- case 'r' :
+ case 'R' :
serverReadyFile = 1;
break;
+ case 'r' :
+ #ifndef NO_SESSION_CACHE
+ resume = 1;
+ #endif
+ break;
+
case 'P' :
#ifdef HAVE_PK_CALLBACKS
pkCallbacks = 1;
@@ -295,6 +326,22 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
ourKey = myoptarg;
break;
+ case 'D' :
+ #ifndef NO_DH
+ ourDhParam = myoptarg;
+ #endif
+ break;
+
+ case 'Z' :
+ #ifndef NO_DH
+ minDhKeyBits = atoi(myoptarg);
+ if (minDhKeyBits <= 0 || minDhKeyBits > 16000) {
+ Usage();
+ exit(MY_EX_USAGE);
+ }
+ #endif
+ break;
+
case 'N':
nonBlocking = 1;
break;
@@ -323,6 +370,11 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
useAnon = 1;
#endif
break;
+ case 'I':
+ #ifndef NO_PSK
+ sendPskIdentityHint = 0;
+ #endif
+ break;
default:
Usage();
@@ -350,14 +402,16 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
#ifdef USE_CYASSL_MEMORY
if (trackMemory)
- InitMemoryTracker();
+ InitMemoryTracker();
#endif
switch (version) {
#ifndef NO_OLD_TLS
+ #ifdef WOLFSSL_ALLOW_SSLV3
case 0:
method = SSLv3_server_method();
break;
+ #endif
#ifndef NO_TLS
case 1:
@@ -377,11 +431,13 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
method = TLSv1_2_server_method();
break;
#endif
-
+
#ifdef CYASSL_DTLS
+ #ifndef NO_OLD_TLS
case -1:
method = DTLSv1_server_method();
break;
+ #endif
case -2:
method = DTLSv1_2_server_method();
@@ -399,6 +455,13 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
if (ctx == NULL)
err_sys("unable to get ctx");
+#if defined(HAVE_SESSION_TICKET) && defined(HAVE_CHACHA) && \
+ defined(HAVE_POLY1305)
+ if (TicketInit() != 0)
+ err_sys("unable to setup Session Ticket Key context");
+ wolfSSL_CTX_set_TicketEncCb(ctx, myTicketEncCb);
+#endif
+
if (cipherList)
if (SSL_CTX_set_cipher_list(ctx, cipherList) != SSL_SUCCESS)
err_sys("server can't set cipher list 1");
@@ -427,15 +490,18 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
}
#endif
+#ifndef NO_DH
+ wolfSSL_CTX_SetMinDhKey_Sz(ctx, (word16)minDhKeyBits);
+#endif
+
#ifdef HAVE_NTRU
if (useNtruKey) {
if (CyaSSL_CTX_use_NTRUPrivateKey_file(ctx, ourKey)
- != SSL_SUCCESS)
+ != SSL_SUCCESS)
err_sys("can't load ntru key file, "
"Please run from wolfSSL home dir");
}
#endif
-
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
if (!useNtruKey && !usePsk && !useAnon) {
if (SSL_CTX_use_PrivateKey_file(ctx, ourKey, SSL_FILETYPE_PEM)
@@ -448,7 +514,10 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
if (usePsk) {
#ifndef NO_PSK
SSL_CTX_set_psk_server_callback(ctx, my_psk_server_cb);
- SSL_CTX_use_psk_identity_hint(ctx, "cyassl server");
+
+ if (sendPskIdentityHint == 1)
+ SSL_CTX_use_psk_identity_hint(ctx, "cyassl server");
+
if (cipherList == NULL) {
const char *defaultCipherList;
#if defined(HAVE_AESGCM) && !defined(NO_DH)
@@ -500,10 +569,31 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
err_sys("UseSNI failed");
#endif
+while (1) { /* allow resume option */
+ if (resume > 1) { /* already did listen, just do accept */
+ if (doDTLS == 0) {
+ SOCKADDR_IN_T client;
+ socklen_t client_len = sizeof(client);
+ clientfd = accept(sockfd, (struct sockaddr*)&client,
+ (ACCEPT_THIRD_T)&client_len);
+ } else {
+ tcp_listen(&sockfd, &port, useAnyAddr, doDTLS);
+ clientfd = udp_read_connect(sockfd);
+ }
+ #ifdef USE_WINDOWS_API
+ if (clientfd == INVALID_SOCKET) err_sys("tcp accept failed");
+ #else
+ if (clientfd == -1) err_sys("tcp accept failed");
+ #endif
+ }
+
ssl = SSL_new(ctx);
if (ssl == NULL)
err_sys("unable to get SSL");
+#ifndef NO_HANDSHAKE_DONE_CB
+ wolfSSL_SetHsDoneCb(ssl, myHsDoneCb, NULL);
+#endif
#ifdef HAVE_CRL
CyaSSL_EnableCRL(ssl, 0);
CyaSSL_LoadCRL(ssl, crlPemDir, SSL_FILETYPE_PEM, CYASSL_CRL_MONITOR |
@@ -526,15 +616,15 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
SetupPkCallbacks(ctx, ssl);
#endif
- tcp_accept(&sockfd, &clientfd, (func_args*)args, port, useAnyAddr, doDTLS,
- serverReadyFile);
- if (!doDTLS)
- CloseSocket(sockfd);
+ if (resume < 2) { /* do listen and accept */
+ tcp_accept(&sockfd, &clientfd, (func_args*)args, port, useAnyAddr,
+ doDTLS, serverReadyFile);
+ }
SSL_set_fd(ssl, clientfd);
if (usePsk == 0 || useAnon == 1 || cipherList != NULL || needDH == 1) {
#if !defined(NO_FILESYSTEM) && !defined(NO_DH) && !defined(NO_ASN)
- CyaSSL_SetTmpDH_file(ssl, dhParam, SSL_FILETYPE_PEM);
+ CyaSSL_SetTmpDH_file(ssl, ourDhParam, SSL_FILETYPE_PEM);
#elif !defined(NO_DH)
SetDH(ssl); /* repick suites with DHE, higher priority than PSK */
#endif
@@ -571,19 +661,29 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
if (SSL_write(ssl, msg, sizeof(msg)) != sizeof(msg))
err_sys("SSL_write failed");
- #if defined(CYASSL_MDK_SHELL) && defined(HAVE_MDK_RTX)
+ #if defined(WOLFSSL_MDK_SHELL) && defined(HAVE_MDK_RTX)
os_dly_wait(500) ;
#elif defined (CYASSL_TIRTOS)
Task_yield();
#endif
- ret = SSL_shutdown(ssl);
- if (wc_shutdown && ret == SSL_SHUTDOWN_NOT_DONE)
- SSL_shutdown(ssl); /* bidirectional shutdown */
+ if (doDTLS == 0) {
+ ret = SSL_shutdown(ssl);
+ if (wc_shutdown && ret == SSL_SHUTDOWN_NOT_DONE)
+ SSL_shutdown(ssl); /* bidirectional shutdown */
+ }
SSL_free(ssl);
+ if (resume == 1) {
+ CloseSocket(clientfd);
+ resume++; /* only do one resume for testing */
+ continue;
+ }
+ break; /* out of while loop, done with normal and resume option */
+}
SSL_CTX_free(ctx);
-
+
CloseSocket(clientfd);
+ CloseSocket(sockfd);
((func_args*)args)->return_code = 0;
@@ -601,6 +701,11 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
fdCloseSession(Task_self());
#endif
+#if defined(HAVE_SESSION_TICKET) && defined(HAVE_CHACHA) && \
+ defined(HAVE_POLY1305)
+ TicketCleanup();
+#endif
+
#ifndef CYASSL_TIRTOS
return 0;
#endif
@@ -626,10 +731,12 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
args.argv = argv;
CyaSSL_Init();
-#if defined(DEBUG_CYASSL) && !defined(CYASSL_MDK_SHELL)
+#if defined(DEBUG_CYASSL) && !defined(WOLFSSL_MDK_SHELL)
CyaSSL_Debugging_ON();
#endif
- if (CurrentDir("server"))
+ if (CurrentDir("_build"))
+ ChangeDirBack(1);
+ else if (CurrentDir("server"))
ChangeDirBack(2);
else if (CurrentDir("Debug") || CurrentDir("Release"))
ChangeDirBack(3);
@@ -670,3 +777,17 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
#endif
+#ifndef NO_HANDSHAKE_DONE_CB
+ int myHsDoneCb(WOLFSSL* ssl, void* user_ctx)
+ {
+ (void)user_ctx;
+ (void)ssl;
+
+ /* printf("Notified HandShake done\n"); */
+
+ /* return negative number to end TLS connection now */
+ return 0;
+ }
+#endif
+
+
diff --git a/examples/server/server.vcxproj b/examples/server/server.vcxproj
index dc31fd672..f6b53fc57 100644
--- a/examples/server/server.vcxproj
+++ b/examples/server/server.vcxproj
@@ -9,6 +9,22 @@
Debug
x64
+
+ DLL Debug
+ Win32
+
+
+ DLL Debug
+ x64
+
+
+ DLL Release
+ Win32
+
+
+ DLL Release
+ x64
+
Release
Win32
@@ -30,56 +46,114 @@
Unicode
true
+
+ Application
+ v110
+ Unicode
+ true
+
Application
v110
Unicode
true
+
+ Application
+ v110
+ Unicode
+ true
+
Application
v110
Unicode
+
+ Application
+ v110
+ Unicode
+
Application
v110
Unicode
+
+ Application
+ v110
+ Unicode
+
+
+
+
+
+
+
+
+
+
+
+
+
<_ProjectFileVersion>11.0.61030.0
$(SolutionDir)$(Configuration)\
- $(Configuration)\
+ $(Configuration)\obj\
+ true
+
+
+ $(SolutionDir)$(Configuration)\
+ $(Configuration)\obj\
true
true
+ $(SolutionDir)$(Platform)\$(Configuration)\
+ $(Platform)\$(Configuration)\obj\
+
+
+ true
+ $(SolutionDir)$(Platform)\$(Configuration)\
+ $(Platform)\$(Configuration)\obj\
$(SolutionDir)$(Configuration)\
- $(Configuration)\
+ $(Configuration)\obj\
+ false
+
+
+ $(SolutionDir)$(Configuration)\
+ $(Configuration)\obj\
false
false
+ $(SolutionDir)$(Platform)\$(Configuration)\
+ $(Platform)\$(Configuration)\obj\
+
+
+ false
+ $(SolutionDir)$(Platform)\$(Configuration)\
+ $(Platform)\$(Configuration)\obj\
@@ -102,6 +176,26 @@
+
+
+ Disabled
+ ../../;%(AdditionalIncludeDirectories)
+ WIN32;_DEBUG;_CONSOLE;OPENSSL_EXTRA;NO_PSK;WOLFSSL_DLL;%(PreprocessorDefinitions)
+ true
+ EnableFastChecks
+ MultiThreadedDebugDLL
+
+
+ Level3
+ EditAndContinue
+
+
+ Ws2_32.lib;%(AdditionalDependencies)
+ true
+ Console
+ MachineX86
+
+
Disabled
@@ -120,6 +214,24 @@
Console
+
+
+ Disabled
+ ../../;%(AdditionalIncludeDirectories)
+ WIN32;_DEBUG;_CONSOLE;OPENSSL_EXTRA;NO_PSK;WOLFSSL_DLL;%(PreprocessorDefinitions)
+ EnableFastChecks
+ MultiThreadedDebugDLL
+
+
+ Level3
+ ProgramDatabase
+
+
+ Ws2_32.lib;%(AdditionalDependencies)
+ true
+ Console
+
+
MaxSpeed
@@ -143,6 +255,28 @@
+
+
+ MaxSpeed
+ true
+ ../../;%(AdditionalIncludeDirectories)
+ WIN32;NDEBUG;_CONSOLE;OPENSSL_EXTRA;NO_PSK;WOLFSSL_DLL;%(PreprocessorDefinitions)
+ MultiThreadedDLL
+ true
+
+
+ Level3
+ ProgramDatabase
+
+
+ Ws2_32.lib;%(AdditionalDependencies)
+ true
+ Console
+ true
+ true
+ MachineX86
+
+
MaxSpeed
@@ -164,6 +298,27 @@
true
+
+
+ MaxSpeed
+ true
+ ../../;%(AdditionalIncludeDirectories)
+ WIN32;NDEBUG;_CONSOLE;OPENSSL_EXTRA;NO_PSK;WOLFSSL_DLL;%(PreprocessorDefinitions)
+ MultiThreadedDLL
+ true
+
+
+ Level3
+ ProgramDatabase
+
+
+ Ws2_32.lib;%(AdditionalDependencies)
+ true
+ Console
+ true
+ true
+
+
diff --git a/fips-check.sh b/fips-check.sh
index c2d6e98dd..a60050fe7 100755
--- a/fips-check.sh
+++ b/fips-check.sh
@@ -5,23 +5,87 @@
# previous release of the FIPS code. While wolfSSL and wolfCrypt
# may be advancing, they must work correctly with the last tested
# copy of our FIPS approved code.
+#
+# This should check out all the approved versions. The command line
+# option selects the version.
+#
+# $ ./fips-check [version]
+#
+# - version: linux (default), ios, android, windows
+#
+
+function Usage() {
+ echo "Usage: $0 [platform]"
+ echo "Where \"platform\" is one of linux (default), ios, android, windows"
+}
+
+LINUX_FIPS_VERSION=v3.2.6
+LINUX_FIPS_REPO=git@github.com:wolfSSL/fips.git
+LINUX_CTAO_VERSION=v3.2.6
+LINUX_CTAO_REPO=git@github.com:cyassl/cyassl.git
+
+IOS_FIPS_VERSION=v3.4.8a
+IOS_FIPS_REPO=git@github.com:wolfSSL/fips.git
+IOS_CTAO_VERSION=v3.4.8.fips
+IOS_CTAO_REPO=git@github.com:cyassl/cyassl.git
+
+ANDROID_FIPS_VERSION=v3.5.0
+ANDROID_FIPS_REPO=git@github.com:wolfSSL/fips.git
+ANDROID_CTAO_VERSION=v3.5.0
+ANDROID_CTAO_REPO=git@github.com:cyassl/cyassl.git
+
+#WINDOWS_FIPS_VERSION=v3.6.0
+WINDOWS_FIPS_VERSION=master
+WINDOWS_FIPS_REPO=git@github.com:wolfSSL/fips.git
+WINDOWS_CTAO_VERSION=v3.6.0
+WINDOWS_CTAO_REPO=git@github.com:cyassl/cyassl.git
-FIPS_VERSION=v3.2.6
-FIPS_REPO=git@github.com:wolfSSL/fips.git
FIPS_SRCS=( fips.c fips_test.c )
WC_MODS=( aes des3 sha sha256 sha512 rsa hmac random )
TEST_DIR=XXX-fips-test
WC_INC_PATH=cyassl/ctaocrypt
WC_SRC_PATH=ctaocrypt/src
+if [ "x$1" == "x" ]; then PLATFORM="linux"; else PLATFORM=$1; fi
+
+case $PLATFORM in
+ios)
+ FIPS_VERSION=$IOS_FIPS_VERSION
+ FIPS_REPO=$IOS_FIPS_REPO
+ CTAO_VERSION=$IOS_CTAO_VERSION
+ CTAO_REPO=$IOS_CTAO_REPO
+ ;;
+android)
+ FIPS_VERSION=$ANDROID_FIPS_VERSION
+ FIPS_REPO=$ANDROID_FIPS_REPO
+ CTAO_VERSION=$ANDROID_CTAO_VERSION
+ CTAO_REPO=$ANDROID_CTAO_REPO
+ ;;
+windows)
+ FIPS_VERSION=$WINDOWS_FIPS_VERSION
+ FIPS_REPO=$WINDOWS_FIPS_REPO
+ CTAO_VERSION=$WINDOWS_CTAO_VERSION
+ CTAO_REPO=$WINDOWS_CTAO_REPO
+ ;;
+linux)
+ FIPS_VERSION=$LINUX_FIPS_VERSION
+ FIPS_REPO=$LINUX_FIPS_REPO
+ CTAO_VERSION=$LINUX_CTAO_VERSION
+ CTAO_REPO=$LINUX_CTAO_REPO
+ ;;
+*)
+ Usage
+ exit 1
+esac
+
git clone . $TEST_DIR
-[ $? -ne 0 ] && echo -e "\n\nCouldn't duplicate current working directory.\n\n" && exit 1
+[ $? -ne 0 ] && echo "\n\nCouldn't duplicate current working directory.\n\n" && exit 1
pushd $TEST_DIR
# make a clone of the last FIPS release tag
-git clone -b $FIPS_VERSION . old-tree
-[ $? -ne 0 ] && echo -e "\n\nCouldn't checkout the FIPS release.\n\n" && exit 1
+git clone -b $CTAO_VERSION $CTAO_REPO old-tree
+[ $? -ne 0 ] && echo "\n\nCouldn't checkout the FIPS release.\n\n" && exit 1
for MOD in ${WC_MODS[@]}
do
@@ -29,9 +93,16 @@ do
cp old-tree/$WC_INC_PATH/${MOD}.h $WC_INC_PATH
done
+# The following is temporary. We are using random.c from a separate release
+pushd old-tree
+git checkout v3.6.0
+popd
+cp old-tree/$WC_SRC_PATH/random.c $WC_SRC_PATH
+cp old-tree/$WC_INC_PATH/random.h $WC_INC_PATH
+
# clone the FIPS repository
git clone -b $FIPS_VERSION $FIPS_REPO fips
-[ $? -ne 0 ] && echo -e "\n\nCouldn't checkout the FIPS repository.\n\n" && exit 1
+[ $? -ne 0 ] && echo "\n\nCouldn't checkout the FIPS repository.\n\n" && exit 1
for SRC in ${FIPS_SRCS[@]}
do
@@ -42,7 +113,7 @@ done
./autogen.sh
./configure --enable-fips
make
-[ $? -ne 0 ] && echo -e "\n\nMake failed. Debris left for analysis." && exit 1
+[ $? -ne 0 ] && echo "\n\nMake failed. Debris left for analysis." && exit 1
NEWHASH=`./wolfcrypt/test/testwolfcrypt | sed -n 's/hash = \(.*\)/\1/p'`
if [ -n "$NEWHASH" ]; then
@@ -51,7 +122,7 @@ if [ -n "$NEWHASH" ]; then
fi
make test
-[ $? -ne 0 ] && echo -e "\n\nTest failed. Debris left for analysis." && exit 1
+[ $? -ne 0 ] && echo "\n\nTest failed. Debris left for analysis." && exit 1
# Clean up
popd
diff --git a/gencertbuf.pl b/gencertbuf.pl
index 257b17b0b..d3d116695 100755
--- a/gencertbuf.pl
+++ b/gencertbuf.pl
@@ -60,11 +60,11 @@ for (my $i = 0; $i < $num_1024; $i++) {
my $sname = $fileList_1024[$i][1];
print OUT_FILE "/* $fname, 1024-bit */\n";
- print OUT_FILE "const unsigned char $sname\[] =\n";
+ print OUT_FILE "static const unsigned char $sname\[] =\n";
print OUT_FILE "{\n";
file_to_hex($fname);
print OUT_FILE "};\n";
- print OUT_FILE "const int sizeof_$sname = sizeof($sname);\n\n";
+ print OUT_FILE "static const int sizeof_$sname = sizeof($sname);\n\n";
}
# convert and print 2048-bit certs/keys
@@ -75,15 +75,36 @@ for (my $i = 0; $i < $num_2048; $i++) {
my $sname = $fileList_2048[$i][1];
print OUT_FILE "/* $fname, 2048-bit */\n";
- print OUT_FILE "const unsigned char $sname\[] =\n";
+ print OUT_FILE "static const unsigned char $sname\[] =\n";
print OUT_FILE "{\n";
file_to_hex($fname);
print OUT_FILE "};\n";
- print OUT_FILE "const int sizeof_$sname = sizeof($sname);\n\n";
+ print OUT_FILE "static const int sizeof_$sname = sizeof($sname);\n\n";
}
print OUT_FILE "#endif /* USE_CERT_BUFFERS_1024 */\n\n";
-print OUT_FILE "#endif /* CYASSL_CERTS_TEST_H */\n\n";
+print OUT_FILE "/* dh1024 p */
+static const unsigned char dh_p[] =
+{
+ 0xE6, 0x96, 0x9D, 0x3D, 0x49, 0x5B, 0xE3, 0x2C, 0x7C, 0xF1, 0x80, 0xC3,
+ 0xBD, 0xD4, 0x79, 0x8E, 0x91, 0xB7, 0x81, 0x82, 0x51, 0xBB, 0x05, 0x5E,
+ 0x2A, 0x20, 0x64, 0x90, 0x4A, 0x79, 0xA7, 0x70, 0xFA, 0x15, 0xA2, 0x59,
+ 0xCB, 0xD5, 0x23, 0xA6, 0xA6, 0xEF, 0x09, 0xC4, 0x30, 0x48, 0xD5, 0xA2,
+ 0x2F, 0x97, 0x1F, 0x3C, 0x20, 0x12, 0x9B, 0x48, 0x00, 0x0E, 0x6E, 0xDD,
+ 0x06, 0x1C, 0xBC, 0x05, 0x3E, 0x37, 0x1D, 0x79, 0x4E, 0x53, 0x27, 0xDF,
+ 0x61, 0x1E, 0xBB, 0xBE, 0x1B, 0xAC, 0x9B, 0x5C, 0x60, 0x44, 0xCF, 0x02,
+ 0x3D, 0x76, 0xE0, 0x5E, 0xEA, 0x9B, 0xAD, 0x99, 0x1B, 0x13, 0xA6, 0x3C,
+ 0x97, 0x4E, 0x9E, 0xF1, 0x83, 0x9E, 0xB5, 0xDB, 0x12, 0x51, 0x36, 0xF7,
+ 0x26, 0x2E, 0x56, 0xA8, 0x87, 0x15, 0x38, 0xDF, 0xD8, 0x23, 0xC6, 0x50,
+ 0x50, 0x85, 0xE2, 0x1F, 0x0D, 0xD5, 0xC8, 0x6B,
+};
+
+/* dh1024 g */
+static const unsigned char dh_g[] =
+{
+ 0x02,
+};\n\n\n";
+print OUT_FILE "#endif /* WOLFSSL_CERTS_TEST_H */\n\n";
# close certs_test.h file
close OUT_FILE or die $!;
diff --git a/mcapi/crypto.c b/mcapi/crypto.c
index ef947567b..4cb890c48 100644
--- a/mcapi/crypto.c
+++ b/mcapi/crypto.c
@@ -285,13 +285,13 @@ int CRYPT_HUFFMAN_DeCompress(unsigned char* out, unsigned int outSz,
/* RNG Initialize, < 0 on error */
int CRYPT_RNG_Initialize(CRYPT_RNG_CTX* rng)
{
- typedef char rng_test[sizeof(CRYPT_RNG_CTX) >= sizeof(RNG) ? 1 : -1];
+ typedef char rng_test[sizeof(CRYPT_RNG_CTX) >= sizeof(WC_RNG) ? 1 : -1];
(void)sizeof(rng_test);
if (rng == NULL)
return BAD_FUNC_ARG;
- return InitRng((RNG*)rng);
+ return InitRng((WC_RNG*)rng);
}
@@ -301,7 +301,7 @@ int CRYPT_RNG_Get(CRYPT_RNG_CTX* rng, unsigned char* b)
if (rng == NULL || b == NULL)
return BAD_FUNC_ARG;
- return RNG_GenerateByte((RNG*)rng, (byte*)b);
+ return RNG_GenerateByte((WC_RNG*)rng, (byte*)b);
}
@@ -312,7 +312,7 @@ int CRYPT_RNG_BlockGenerate(CRYPT_RNG_CTX* rng, unsigned char* b,
if (rng == NULL || b == NULL)
return BAD_FUNC_ARG;
- return RNG_GenerateBlock((RNG*)rng, b, sz);
+ return RNG_GenerateBlock((WC_RNG*)rng, b, sz);
}
@@ -512,7 +512,7 @@ int CRYPT_RSA_PublicEncrypt(CRYPT_RSA_CTX* rsa, unsigned char* out,
return BAD_FUNC_ARG;
return RsaPublicEncrypt(in, inSz, out, outSz, (RsaKey*)rsa->holder,
- (RNG*)rng);
+ (WC_RNG*)rng);
}
@@ -614,7 +614,7 @@ int CRYPT_ECC_DHE_KeyMake(CRYPT_ECC_CTX* ecc, CRYPT_RNG_CTX* rng, int keySz)
if (ecc == NULL || rng == NULL)
return BAD_FUNC_ARG;
- return wc_ecc_make_key((RNG*)rng, keySz, (ecc_key*)ecc->holder);
+ return wc_ecc_make_key((WC_RNG*)rng, keySz, (ecc_key*)ecc->holder);
}
@@ -649,7 +649,7 @@ int CRYPT_ECC_DSA_HashSign(CRYPT_ECC_CTX* ecc, CRYPT_RNG_CTX* rng,
in == NULL)
return BAD_FUNC_ARG;
- ret = wc_ecc_sign_hash(in, inSz, sig, &inOut, (RNG*)rng,
+ ret = wc_ecc_sign_hash(in, inSz, sig, &inOut, (WC_RNG*)rng,
(ecc_key*)ecc->holder);
*usedSz = inOut;
diff --git a/mcapi/crypto.h b/mcapi/crypto.h
index 7a960d855..82b4d0249 100644
--- a/mcapi/crypto.h
+++ b/mcapi/crypto.h
@@ -163,7 +163,7 @@ enum {
/* AES */
typedef struct CRYPT_AES_CTX {
- int holder[70]; /* big enough to hold internal, but check on init */
+ int holder[74]; /* big enough to hold internal, but check on init */
} CRYPT_AES_CTX;
/* key */
diff --git a/mcapi/mcapi_test.c b/mcapi/mcapi_test.c
index e7d9665ed..b7bf06292 100644
--- a/mcapi/mcapi_test.c
+++ b/mcapi/mcapi_test.c
@@ -69,7 +69,7 @@ static byte ourData[OUR_DATA_SIZE];
static byte* key = NULL;
static byte* iv = NULL;
static CRYPT_RNG_CTX mcRng;
-static RNG defRng;
+static WC_RNG defRng;
static int check_md5(void);
static int check_sha(void);
diff --git a/mplabx/README b/mplabx/README
index fcc6c00c1..a78955cde 100644
--- a/mplabx/README
+++ b/mplabx/README
@@ -25,13 +25,13 @@ Included Project Files
/mplabx/wolfssl.X/dist/default/production/wolfssl.X.a
2. wolfCrypt Test App (wolfcrypt_test.X)
-
+
This project tests the wolfCrypt cryptography modules. It is generally
a good idea to run this first on an embedded system after compiling
wolfSSL in order to verify all underlying crypto is working correctly.
3. wolfCrypt Benchmark App (wolfcrypt_benchmark.X)
-
+
This project builds the wolfCrypt benchmark application.
For the benchmark timer, adjust CLOCK value under
"#elif defined MICROCHIP_PIC32" in wolfcrypt/benchmark/benchmark.c
@@ -40,7 +40,7 @@ PIC32MX/PIC32MZ
---------------
The projects are set for PIC32MX by default. For PIC32MZ, change project
-properties->Devices and add "CYASSL_MICROCHIP_PIC32M" to
+properties->Devices and add "WOLFSSL_MICROCHIP_PIC32MZ" to
XC32-gcc->Preprocessing and messages-> Preprocessor macros.
diff --git a/mplabx/wolfssl.X/nbproject/configurations.xml b/mplabx/wolfssl.X/nbproject/configurations.xml
index 3eab93236..043adc04e 100755
--- a/mplabx/wolfssl.X/nbproject/configurations.xml
+++ b/mplabx/wolfssl.X/nbproject/configurations.xml
@@ -50,6 +50,15 @@
../../wolfcrypt/src/tfm.c
../../wolfcrypt/src/wc_port.c
../../wolfcrypt/src/port/pic32/pic32mz-hash.c
+ ../../wolfcrypt/src/hash.c
+ ../../wolfcrypt/src/chacha20_poly1305.c
+ ../../wolfcrypt/src/curve25519.c
+ ../../wolfcrypt/src/ed25519.c
+ ../../wolfcrypt/src/fe_low_mem.c
+ ../../wolfcrypt/src/fe_operations.c
+ ../../wolfcrypt/src/ge_low_mem.c
+ ../../wolfcrypt/src/ge_operations.c
+ ../../wolfcrypt/src/wc_encrypt.c
../../src/crl.c
@@ -85,7 +94,7 @@
PKOBSKDEPlatformTool
XC32
-
+ 1.33
4
diff --git a/pre-push.sh b/pre-push.sh
new file mode 100755
index 000000000..f53b27c23
--- /dev/null
+++ b/pre-push.sh
@@ -0,0 +1,19 @@
+#!/bin/sh
+#
+#
+# Our "pre-push" hook.
+
+RESULT=0
+
+if [ -d ./fips ];
+then
+ echo "\n\nTesting with FIPS release code...\n\n"
+ ./fips-check.sh
+ RESULT=$?
+ [ $RESULT -ne 0 ] && echo -e "\n\nFIPS build test failed" && exit 1
+fi
+
+[ $RESULT -ne 0 ] && echo "\nOops, your push failed\n" && exit 1
+
+echo "\nPush tests passed!\n"
+exit 0
diff --git a/rpm/spec.in b/rpm/spec.in
index a68ab9c39..b9d4b21c7 100644
--- a/rpm/spec.in
+++ b/rpm/spec.in
@@ -69,7 +69,7 @@ mkdir -p $RPM_BUILD_ROOT/
%{_libdir}/libwolfssl.la
%{_libdir}/libwolfssl.so
%{_libdir}/libwolfssl.so.0
-%{_libdir}/libwolfssl.so.0.0.1
+%{_libdir}/libwolfssl.so.0.0.3
%files devel
%defattr(-,root,root,-)
@@ -134,6 +134,7 @@ mkdir -p $RPM_BUILD_ROOT/
%{_includedir}/cyassl/openssl/dsa.h
%{_includedir}/cyassl/openssl/ec.h
%{_includedir}/cyassl/openssl/ecdsa.h
+%{_includedir}/cyassl/openssl/ecdh.h
%{_includedir}/cyassl/openssl/engine.h
%{_includedir}/cyassl/openssl/err.h
%{_includedir}/cyassl/openssl/evp.h
@@ -187,6 +188,7 @@ mkdir -p $RPM_BUILD_ROOT/
%{_includedir}/wolfssl/wolfcrypt/fe_operations.h
%{_includedir}/wolfssl/wolfcrypt/fips_test.h
%{_includedir}/wolfssl/wolfcrypt/ge_operations.h
+%{_includedir}/wolfssl/wolfcrypt/hash.h
%{_includedir}/wolfssl/wolfcrypt/hc128.h
%{_includedir}/wolfssl/wolfcrypt/hmac.h
%{_includedir}/wolfssl/wolfcrypt/integer.h
@@ -225,6 +227,7 @@ mkdir -p $RPM_BUILD_ROOT/
%{_includedir}/wolfssl/openssl/dsa.h
%{_includedir}/wolfssl/openssl/ec.h
%{_includedir}/wolfssl/openssl/ecdsa.h
+%{_includedir}/wolfssl/openssl/ecdh.h
%{_includedir}/wolfssl/openssl/engine.h
%{_includedir}/wolfssl/openssl/err.h
%{_includedir}/wolfssl/openssl/evp.h
diff --git a/scripts/crl-revoked.test b/scripts/crl-revoked.test
new file mode 100755
index 000000000..ee9c89447
--- /dev/null
+++ b/scripts/crl-revoked.test
@@ -0,0 +1,102 @@
+#!/bin/sh
+
+#crl.test
+
+revocation_code="-361"
+exit_code=1
+counter=0
+crl_port=11113
+#no_pid tells us process was never started if -1
+no_pid=-1
+#server_pid captured on startup, stores the id of the server process
+server_pid=$no_pid
+
+remove_ready_file() {
+ if test -e /tmp/wolfssl_server_ready; then
+ echo -e "removing exisitng server_ready file"
+ rm /tmp/wolfssl_server_ready
+ fi
+}
+
+# trap this function so if user aborts with ^C or other kill signal we still
+# get an exit that will in turn clean up the file system
+abort_trap() {
+ echo "script aborted"
+
+ if [ $server_pid != $no_pid ]
+ then
+ echo "killing server"
+ kill -9 $server_pid
+ fi
+
+ exit_code=2 #different exit code in case of user interrupt
+
+ echo "got abort signal, exiting with $exit_code"
+ exit $exit_code
+}
+trap abort_trap INT TERM
+
+
+# trap this function so that if we exit on an error the file system will still
+# be restored and the other tests may still pass. Never call this function
+# instead use "exit " and this function will run automatically
+restore_file_system() {
+ remove_ready_file
+}
+trap restore_file_system EXIT
+
+run_test() {
+ echo -e "\nStarting example server for crl test...\n"
+
+ remove_ready_file
+
+ # starts the server on crl_port, -R generates ready file to be used as a
+ # mutex lock, -c loads the revoked certificate. We capture the processid
+ # into the variable server_pid
+ ./examples/server/server -R -p $crl_port -c certs/server-revoked-cert.pem \
+ -k certs/server-revoked-key.pem &
+ server_pid=$!
+
+ while [ ! -s /tmp/wolfssl_server_ready -a "$counter" -lt 20 ]; do
+ echo -e "waiting for server_ready file..."
+ sleep 0.1
+ counter=$((counter+ 1))
+ done
+
+ # starts client on crl_port and captures the output from client
+ capture_out=$(./examples/client/client -p $crl_port 2>&1)
+ client_result=$?
+
+ wait $server_pid
+ server_result=$?
+
+ case "$capture_out" in
+ *$revocation_code*)
+ # only exit with zero on detection of the expected error code
+ echo ""
+ echo "Successful Revocation!!!!"
+ echo ""
+ exit_code=0
+ echo "exiting with $exit_code"
+ exit $exit_code
+ ;;
+ *)
+ echo ""
+ echo "Certificate was not revoked saw this instead: $capture_out"
+ echo ""
+ echo "configure with --enable-crl and run this script again"
+ echo ""
+ esac
+}
+
+
+######### begin program #########
+
+# run the test
+run_test
+
+# If we get to this exit, exit_code will be a 1 signaling failure
+echo "exiting with $exit_code certificate was not revoked"
+exit $exit_code
+########## end program ##########
+
diff --git a/scripts/external.test b/scripts/external.test
new file mode 100755
index 000000000..0438b0ea4
--- /dev/null
+++ b/scripts/external.test
@@ -0,0 +1,20 @@
+#!/bin/sh
+
+# external.test
+
+server=www.wolfssl.com
+ca=./certs/wolfssl-website-ca.pem
+
+[ ! -x ./examples/client/client ] && echo -e "\n\nClient doesn't exist" && exit 1
+
+# is our desired server there?
+ping -c 2 $server
+RESULT=$?
+[ $RESULT -ne 0 ] && echo -e "\n\nCouldn't find $server, skipping" && exit 0
+
+# client test against the server
+./examples/client/client -X -C -h $server -p 443 -g -A $ca
+RESULT=$?
+[ $RESULT -ne 0 ] && echo -e "\n\nClient connection failed" && exit 1
+
+exit 0
diff --git a/client-test.sh b/scripts/google.test
similarity index 55%
rename from client-test.sh
rename to scripts/google.test
index 7ff918135..8a3ca3750 100755
--- a/client-test.sh
+++ b/scripts/google.test
@@ -1,16 +1,18 @@
-#!/bin/bash
+#!/bin/sh
-# client-test.sh
+# google.test
+
+server=www.google.com
[ ! -x ./examples/client/client ] && echo -e "\n\nClient doesn't exist" && exit 1
# is our desired server there?
-ping -c 2 -i 0.2 www.google.com
+ping -c 2 $server
RESULT=$?
-[ $RESULT -ne 0 ] && echo -e "\n\nCouldn't find server, skipping" && exit 0
+[ $RESULT -ne 0 ] && echo -e "\n\nCouldn't find $server, skipping" && exit 0
# client test against the server
-./examples/client/client -h www.google.com -p 443 -g -d
+./examples/client/client -X -C -h $server -p 443 -g -d
RESULT=$?
[ $RESULT -ne 0 ] && echo -e "\n\nClient connection failed" && exit 1
diff --git a/scripts/include.am b/scripts/include.am
new file mode 100644
index 000000000..4b1b105c5
--- /dev/null
+++ b/scripts/include.am
@@ -0,0 +1,27 @@
+# vim:ft=automake
+# included from Top Level Makefile.am
+# All paths should be given relative to the root
+
+
+
+if BUILD_SNIFFTEST
+dist_noinst_SCRIPTS+= scripts/sniffer-testsuite.test
+endif
+
+if BUILD_EXAMPLES
+dist_noinst_SCRIPTS+= scripts/resume.test
+
+if BUILD_CRL
+# make revoked test rely on completion of resume test
+dist_noinst_SCRIPTS+= scripts/crl-revoked.test
+scripts/crl-revoked.log: scripts/resume.log
+endif
+
+if !BUILD_IPV6
+dist_noinst_SCRIPTS+= scripts/external.test
+dist_noinst_SCRIPTS+= scripts/google.test
+endif
+endif
+
+
+EXTRA_DIST += scripts/testsuite.pcap
diff --git a/scripts/resume.test b/scripts/resume.test
new file mode 100755
index 000000000..b0592af90
--- /dev/null
+++ b/scripts/resume.test
@@ -0,0 +1,73 @@
+#!/bin/sh
+
+#reusme.test
+
+# need a unique resume port since may run the same time as testsuite
+resume_port=11112
+no_pid=-1
+server_pid=$no_pid
+counter=0
+
+
+remove_ready_file() {
+ if test -e /tmp/wolfssl_server_ready; then
+ echo -e "removing exisitng server_ready file"
+ rm /tmp/wolfssl_server_ready
+ fi
+}
+
+
+do_cleanup() {
+ echo "in cleanup"
+
+ if [ $server_pid != $no_pid ]
+ then
+ echo "killing server"
+ kill -9 $server_pid
+ fi
+ remove_ready_file
+}
+
+do_trap() {
+ echo "got trap"
+ do_cleanup
+ exit -1
+}
+
+trap do_trap INT TERM
+
+echo -e "\nStarting example server for resume test...\n"
+
+remove_ready_file
+./examples/server/server -r -R -p $resume_port &
+server_pid=$!
+
+while [ ! -s /tmp/wolfssl_server_ready -a "$counter" -lt 20 ]; do
+ echo -e "waiting for server_ready file..."
+ sleep 0.1
+ counter=$((counter+ 1))
+done
+
+./examples/client/client -r -p $resume_port
+client_result=$?
+
+if [ $client_result != 0 ]
+then
+ echo -e "client failed!"
+ do_cleanup
+ exit 1
+fi
+
+wait $server_pid
+server_result=$?
+remove_ready_file
+
+if [ $server_result != 0 ]
+then
+ echo -e "client failed!"
+ exit 1
+fi
+
+echo -e "\nSuccess!\n"
+
+exit 0
diff --git a/scripts/sniffer-testsuite.test b/scripts/sniffer-testsuite.test
new file mode 100755
index 000000000..c68040301
--- /dev/null
+++ b/scripts/sniffer-testsuite.test
@@ -0,0 +1,13 @@
+#!/bin/sh
+
+#sniffer-testsuite.test
+
+echo -e "\nStaring snifftest on testsuite.pcap...\n"
+./sslSniffer/sslSnifferTest/snifftest ./scripts/testsuite.pcap ./certs/server-key.pem 127.0.0.1 11111
+
+RESULT=$?
+[ $RESULT -ne 0 ] && echo -e "\nsnifftest failed\n" && exit 1
+
+echo -e "\nSuccess!\n"
+
+exit 0
diff --git a/scripts/testsuite.pcap b/scripts/testsuite.pcap
new file mode 100644
index 000000000..a39ad3916
Binary files /dev/null and b/scripts/testsuite.pcap differ
diff --git a/src/crl.c b/src/crl.c
index 39bfa1284..0f47ee1a4 100644
--- a/src/crl.c
+++ b/src/crl.c
@@ -66,8 +66,8 @@ static int InitCRL_Entry(CRL_Entry* crle, DecodedCRL* dcrl)
{
WOLFSSL_ENTER("InitCRL_Entry");
- XMEMCPY(crle->issuerHash, dcrl->issuerHash, SHA_DIGEST_SIZE);
- /* XMEMCPY(crle->crlHash, dcrl->crlHash, SHA_DIGEST_SIZE);
+ XMEMCPY(crle->issuerHash, dcrl->issuerHash, CRL_DIGEST_SIZE);
+ /* XMEMCPY(crle->crlHash, dcrl->crlHash, CRL_DIGEST_SIZE);
* copy the hash here if needed for optimized comparisons */
XMEMCPY(crle->lastDate, dcrl->lastDate, MAX_DATE_SIZE);
XMEMCPY(crle->nextDate, dcrl->nextDate, MAX_DATE_SIZE);
@@ -152,7 +152,7 @@ int CheckCertCRL(WOLFSSL_CRL* crl, DecodedCert* cert)
crle = crl->crlList;
while (crle) {
- if (XMEMCMP(crle->issuerHash, cert->issuerHash, SHA_DIGEST_SIZE) == 0) {
+ if (XMEMCMP(crle->issuerHash, cert->issuerHash, CRL_DIGEST_SIZE) == 0) {
WOLFSSL_MSG("Found CRL Entry on list");
WOLFSSL_MSG("Checking next date validity");
diff --git a/src/include.am b/src/include.am
index a89d7d472..6c2629bc0 100644
--- a/src/include.am
+++ b/src/include.am
@@ -49,7 +49,8 @@ endif
src_libwolfssl_la_SOURCES += \
wolfcrypt/src/hmac.c \
wolfcrypt/src/random.c \
- wolfcrypt/src/sha256.c
+ wolfcrypt/src/sha256.c \
+ wolfcrypt/src/hash.c
if BUILD_RSA
src_libwolfssl_la_SOURCES += wolfcrypt/src/rsa.c
@@ -73,6 +74,7 @@ endif
src_libwolfssl_la_SOURCES += \
wolfcrypt/src/logging.c \
+ wolfcrypt/src/wc_encrypt.c \
wolfcrypt/src/wc_port.c \
wolfcrypt/src/error.c
@@ -176,12 +178,20 @@ src_libwolfssl_la_SOURCES += wolfcrypt/src/ed25519.c
endif
if BUILD_FEMATH
+if BUILD_CURVED25519_SMALL
+src_libwolfssl_la_SOURCES += wolfcrypt/src/fe_low_mem.c
+else
src_libwolfssl_la_SOURCES += wolfcrypt/src/fe_operations.c
endif
+endif
if BUILD_GEMATH
+if BUILD_CURVED25519_SMALL
+src_libwolfssl_la_SOURCES += wolfcrypt/src/ge_low_mem.c
+else
src_libwolfssl_la_SOURCES += wolfcrypt/src/ge_operations.c
endif
+endif
if BUILD_LIBZ
src_libwolfssl_la_SOURCES += wolfcrypt/src/compress.c
@@ -191,6 +201,10 @@ if BUILD_PKCS7
src_libwolfssl_la_SOURCES += wolfcrypt/src/pkcs7.c
endif
+if BUILD_SRP
+src_libwolfssl_la_SOURCES += wolfcrypt/src/srp.c
+endif
+
# ssl files
src_libwolfssl_la_SOURCES += \
src/internal.c \
@@ -210,4 +224,3 @@ endif
if BUILD_SNIFFER
src_libwolfssl_la_SOURCES += src/sniffer.c
endif
-
diff --git a/src/internal.c b/src/internal.c
index 89dc78db4..73d837847 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -41,12 +41,16 @@
#endif
#ifdef HAVE_NTRU
- #include "ntru_crypto.h"
+ #include "libntruencrypt/ntru_crypto.h"
#endif
#if defined(DEBUG_WOLFSSL) || defined(SHOW_SECRETS) || defined(CHACHA_AEAD_TEST)
- #ifdef FREESCALE_MQX
- #include
+ #if defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX)
+ #if MQX_USE_IO_OLD
+ #include
+ #else
+ #include
+ #endif
#else
#include
#endif
@@ -135,14 +139,19 @@ static int BuildCertHashes(WOLFSSL* ssl, Hashes* hashes);
static void PickHashSigAlgo(WOLFSSL* ssl,
const byte* hashSigAlgo, word32 hashSigAlgoSz);
-#ifndef min
+#ifdef HAVE_QSH
+ int QSH_Init(WOLFSSL* ssl);
+#endif
+
+#ifndef WOLFSSL_HAVE_MIN
+#define WOLFSSL_HAVE_MIN
static INLINE word32 min(word32 a, word32 b)
{
return a > b ? b : a;
}
-#endif /* min */
+#endif /* WOLFSSL_HAVE_MIN */
int IsTLS(const WOLFSSL* ssl)
@@ -165,30 +174,109 @@ int IsAtLeastTLSv1_2(const WOLFSSL* ssl)
}
-#ifdef HAVE_NTRU
-
-static byte GetEntropy(ENTROPY_CMD cmd, byte* out)
+#ifdef HAVE_QSH
+/* free all structs that where used with QSH */
+static int QSH_FreeAll(WOLFSSL* ssl)
{
- /* TODO: add locking? */
- static RNG rng;
+ QSHKey* key = ssl->QSH_Key;
+ QSHKey* preKey = NULL;
+ QSHSecret* secret = ssl->QSH_secret;
+ QSHScheme* list = NULL;
+ QSHScheme* preList = NULL;
- if (cmd == INIT)
- return (wc_InitRng(&rng) == 0) ? 1 : 0;
+ /* free elements in struct */
+ while (key) {
+ preKey = key;
+ if (key->pri.buffer)
+ XFREE(key->pri.buffer, ssl->heap, DYNAMIC_TYPE_TMP_ARRAY);
+ if (key->pub.buffer)
+ XFREE(key->pub.buffer, ssl->heap, DYNAMIC_TYPE_TMP_ARRAY);
+ key = (QSHKey*)key->next;
- if (out == NULL)
- return 0;
-
- if (cmd == GET_BYTE_OF_ENTROPY)
- return (wc_RNG_GenerateBlock(&rng, out, 1) == 0) ? 1 : 0;
-
- if (cmd == GET_NUM_BYTES_PER_BYTE_OF_ENTROPY) {
- *out = 1;
- return 1;
+ /* free struct */
+ XFREE(preKey, ssl->heap, DYNAMIC_TYPE_TMP_ARRAY);
}
+ key = NULL;
+
+
+ /* free all of peers QSH keys */
+ key = ssl->peerQSHKey;
+ while (key) {
+ preKey = key;
+ if (key->pri.buffer)
+ XFREE(key->pri.buffer, ssl->heap, DYNAMIC_TYPE_TMP_ARRAY);
+ if (key->pub.buffer)
+ XFREE(key->pub.buffer, ssl->heap, DYNAMIC_TYPE_TMP_ARRAY);
+ key = (QSHKey*)key->next;
+
+ /* free struct */
+ XFREE(preKey, ssl->heap, DYNAMIC_TYPE_TMP_ARRAY);
+ }
+ key = NULL;
+
+ /* free secret information */
+ if (secret) {
+ /* free up the QSHScheme list in QSHSecret */
+ if (secret->list)
+ list = secret->list;
+ while (list) {
+ preList = list;
+ if (list->PK)
+ XFREE(list->PK, ssl->heap, DYNAMIC_TYPE_TMP_ARRAY);
+ list = (QSHScheme*)list->next;
+ XFREE(preList, ssl->heap, DYNAMIC_TYPE_TMP_ARRAY);
+ }
+
+ /* free secret buffers */
+ if (secret->SerSi) {
+ if (secret->SerSi->buffer)
+ XFREE(secret->SerSi->buffer, ssl->heap, DYNAMIC_TYPE_TMP_ARRAY);
+ XFREE(secret->SerSi, ssl->heap, DYNAMIC_TYPE_TMP_ARRAY);
+ }
+ if (secret->CliSi) {
+ if (secret->CliSi->buffer)
+ XFREE(secret->CliSi->buffer, ssl->heap, DYNAMIC_TYPE_TMP_ARRAY);
+ XFREE(secret->CliSi, ssl->heap, DYNAMIC_TYPE_TMP_ARRAY);
+ }
+ }
+ XFREE(secret, ssl->heap, DYNAMIC_TYPE_TMP_ARRAY);
+ secret = NULL;
return 0;
}
+#endif
+
+#ifdef HAVE_NTRU
+static WC_RNG* rng;
+static wolfSSL_Mutex* rngMutex;
+
+static word32 GetEntropy(unsigned char* out, word32 num_bytes)
+{
+ int ret = 0;
+
+ if (rng == NULL) {
+ if ((rng = XMALLOC(sizeof(WC_RNG), 0, DYNAMIC_TYPE_TLSX)) == NULL)
+ return DRBG_OUT_OF_MEMORY;
+ wc_InitRng(rng);
+ }
+
+ if (rngMutex == NULL) {
+ if ((rngMutex = XMALLOC(sizeof(wolfSSL_Mutex), 0,
+ DYNAMIC_TYPE_TLSX)) == NULL)
+ return DRBG_OUT_OF_MEMORY;
+ InitMutex(rngMutex);
+ }
+
+ ret |= LockMutex(rngMutex);
+ ret |= wc_RNG_GenerateBlock(rng, out, num_bytes);
+ ret |= UnLockMutex(rngMutex);
+
+ if (ret != 0)
+ return DRBG_ENTROPY_FAIL;
+
+ return DRBG_OK;
+}
#endif /* HAVE_NTRU */
/* used by ssl.c too */
@@ -371,6 +459,10 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method)
return BAD_MUTEX_E;
}
+#ifndef NO_DH
+ ctx->minDhKeySz = MIN_DHKEY_SZ;
+#endif
+
#ifdef HAVE_ECC
ctx->eccTempKeySz = ECDHE_SIZE;
#endif
@@ -416,6 +508,10 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method)
}
#endif
+#if defined(HAVE_SESSION_TICKET) && !defined(NO_WOLFSSL_SERVER)
+ ctx->ticketHint = SESSION_TICKET_HINT_DEFAULT;
+#endif
+
return 0;
}
@@ -588,6 +684,10 @@ static void InitSuitesHashSigAlgo(Suites* suites, int haveECDSAsig,
int idx = 0;
if (haveECDSAsig) {
+ #ifdef WOLFSSL_SHA512
+ suites->hashSigAlgo[idx++] = sha512_mac;
+ suites->hashSigAlgo[idx++] = ecc_dsa_sa_algo;
+ #endif
#ifdef WOLFSSL_SHA384
suites->hashSigAlgo[idx++] = sha384_mac;
suites->hashSigAlgo[idx++] = ecc_dsa_sa_algo;
@@ -603,6 +703,10 @@ static void InitSuitesHashSigAlgo(Suites* suites, int haveECDSAsig,
}
if (haveRSAsig) {
+ #ifdef WOLFSSL_SHA512
+ suites->hashSigAlgo[idx++] = sha512_mac;
+ suites->hashSigAlgo[idx++] = rsa_sa_algo;
+ #endif
#ifdef WOLFSSL_SHA384
suites->hashSigAlgo[idx++] = sha384_mac;
suites->hashSigAlgo[idx++] = rsa_sa_algo;
@@ -675,11 +779,18 @@ void InitSuites(Suites* suites, ProtocolVersion pv, word16 haveRSA,
}
#endif
+#ifdef BUILD_TLS_QSH
+ if (tls) {
+ suites->suites[idx++] = QSH_BYTE;
+ suites->suites[idx++] = TLS_QSH;
+ }
+#endif
+
#ifdef BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA
- if (tls && haveNTRU && haveRSA) {
+ if (tls && haveNTRU && haveRSA) {
suites->suites[idx++] = 0;
suites->suites[idx++] = TLS_NTRU_RSA_WITH_AES_256_CBC_SHA;
- }
+ }
#endif
#ifdef BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA
@@ -1524,6 +1635,10 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
ssl->options.handShakeState = NULL_STATE;
ssl->options.processReply = doProcessInit;
+#ifndef NO_DH
+ ssl->options.minDhKeySz = ctx->minDhKeySz;
+#endif
+
#ifdef WOLFSSL_DTLS
ssl->dtls_timeout_init = DTLS_TIMEOUT_INIT;
ssl->dtls_timeout_max = DTLS_TIMEOUT_MAX;
@@ -1622,6 +1737,12 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
return ret;
}
#endif
+#ifdef WOLFSSL_SHA512
+ ret = wc_InitSha512(&ssl->hsHashes->hashSha512);
+ if (ret != 0) {
+ return ret;
+ }
+#endif
/* increment CTX reference count */
if (LockMutex(&ctx->countMutex) != 0) {
@@ -1648,7 +1769,7 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
#endif /* NO_PSK */
/* RNG */
- ssl->rng = (RNG*)XMALLOC(sizeof(RNG), ssl->heap, DYNAMIC_TYPE_RNG);
+ ssl->rng = (WC_RNG*)XMALLOC(sizeof(WC_RNG), ssl->heap, DYNAMIC_TYPE_RNG);
if (ssl->rng == NULL) {
WOLFSSL_MSG("RNG Memory error");
return MEMORY_E;
@@ -1814,11 +1935,30 @@ void SSL_ResourceFree(WOLFSSL* ssl)
#endif
}
+#ifdef WOLFSSL_TI_HASH
+static void HashFinal(WOLFSSL * ssl) {
+ byte dummyHash[32] ;
+#ifndef NO_MD5
+ wc_Md5Final(&(ssl->hsHashes->hashMd5), dummyHash) ;
+#endif
+#ifndef NO_SHA
+ wc_ShaFinal(&(ssl->hsHashes->hashSha), dummyHash) ;
+#endif
+#ifndef NO_SHA256
+ wc_Sha256Final(&(ssl->hsHashes->hashSha256), dummyHash) ;
+#endif
+}
+#else
+
+ #define HashFinal(ssl)
+
+#endif
/* Free any handshake resources no longer needed */
void FreeHandshakeResources(WOLFSSL* ssl)
{
+ HashFinal(ssl) ;
#ifdef HAVE_SECURE_RENEGOTIATION
if (ssl->secure_renegotiation && ssl->secure_renegotiation->enabled) {
WOLFSSL_MSG("Secure Renegotiation needs to retain handshake resources");
@@ -1933,6 +2073,10 @@ void FreeHandshakeResources(WOLFSSL* ssl)
ssl->buffers.peerRsaKey.buffer = NULL;
#endif /* NO_RSA */
#endif /* HAVE_PK_CALLBACKS */
+
+#ifdef HAVE_QSH
+ QSH_FreeAll(ssl);
+#endif
}
@@ -2120,26 +2264,27 @@ void DtlsMsgSet(DtlsMsg* msg, word32 seq, const byte* data, byte type,
word32 fragOffset, word32 fragSz)
{
if (msg != NULL && data != NULL && msg->fragSz <= msg->sz &&
- fragOffset < msg->sz && (fragOffset + fragSz) <= msg->sz) {
+ fragOffset <= msg->sz && (fragOffset + fragSz) <= msg->sz) {
msg->seq = seq;
msg->type = type;
msg->fragSz += fragSz;
/* If fragOffset is zero, this is either a full message that is out
* of order, or the first fragment of a fragmented message. Copy the
- * handshake message header as well as the message data. */
+ * handshake message header with the message data. Zero length messages
+ * like Server Hello Done should be saved as well. */
if (fragOffset == 0)
XMEMCPY(msg->buf, data - DTLS_HANDSHAKE_HEADER_SZ,
fragSz + DTLS_HANDSHAKE_HEADER_SZ);
else {
- /* If fragOffet is non-zero, this is an additional fragment that
+ /* If fragOffset is non-zero, this is an additional fragment that
* needs to be copied to its location in the message buffer. Also
* copy the total size of the message over the fragment size. The
* hash routines look at a defragmented message if it had actually
* come across as a single handshake message. */
XMEMCPY(msg->msg + fragOffset, data, fragSz);
- c32to24(msg->sz, msg->msg - DTLS_HANDSHAKE_FRAG_SZ);
}
+ c32to24(msg->sz, msg->msg - DTLS_HANDSHAKE_FRAG_SZ);
}
}
@@ -2226,7 +2371,7 @@ DtlsMsg* DtlsMsgInsert(DtlsMsg* head, DtlsMsg* item)
#endif /* WOLFSSL_DTLS */
-#ifndef NO_OLD_TLS
+#if defined(WOLFSSL_ALLOW_SSLV3) && !defined(NO_OLD_TLS)
ProtocolVersion MakeSSLv3(void)
{
@@ -2237,7 +2382,7 @@ ProtocolVersion MakeSSLv3(void)
return pv;
}
-#endif /* NO_OLD_TLS */
+#endif /* WOLFSSL_ALLOW_SSLV3 && !NO_OLD_TLS */
#ifdef WOLFSSL_DTLS
@@ -2334,7 +2479,7 @@ ProtocolVersion MakeDTLSv1_2(void)
#endif
-#elif defined(FREESCALE_MQX)
+#elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX)
word32 LowResTimer(void)
{
@@ -2349,7 +2494,7 @@ ProtocolVersion MakeDTLSv1_2(void)
word32 LowResTimer(void)
{
- return (word32) MYTIME_gettime();
+ return (word32) Seconds_get();
}
#elif defined(USER_TICKS)
@@ -2390,6 +2535,45 @@ ProtocolVersion MakeDTLSv1_2(void)
#endif /* USE_WINDOWS_API */
+static int HashOutputRaw(WOLFSSL* ssl, const byte* output, int sz)
+{
+#ifdef HAVE_FUZZER
+ if (ssl->fuzzerCb)
+ ssl->fuzzerCb(ssl, output, sz, FUZZ_HASH, ssl->fuzzerCtx);
+#endif
+#ifndef NO_OLD_TLS
+#ifndef NO_SHA
+ wc_ShaUpdate(&ssl->hsHashes->hashSha, output, sz);
+#endif
+#ifndef NO_MD5
+ wc_Md5Update(&ssl->hsHashes->hashMd5, output, sz);
+#endif
+#endif
+
+ if (IsAtLeastTLSv1_2(ssl)) {
+ int ret;
+
+#ifndef NO_SHA256
+ ret = wc_Sha256Update(&ssl->hsHashes->hashSha256, output, sz);
+ if (ret != 0)
+ return ret;
+#endif
+#ifdef WOLFSSL_SHA384
+ ret = wc_Sha384Update(&ssl->hsHashes->hashSha384, output, sz);
+ if (ret != 0)
+ return ret;
+#endif
+#ifdef WOLFSSL_SHA512
+ ret = wc_Sha512Update(&ssl->hsHashes->hashSha512, output, sz);
+ if (ret != 0)
+ return ret;
+#endif
+ }
+
+ return 0;
+}
+
+
/* add output to md5 and sha handshake hashes, exclude record header */
static int HashOutput(WOLFSSL* ssl, const byte* output, int sz, int ivSz)
{
@@ -2427,6 +2611,11 @@ static int HashOutput(WOLFSSL* ssl, const byte* output, int sz, int ivSz)
ret = wc_Sha384Update(&ssl->hsHashes->hashSha384, adj, sz);
if (ret != 0)
return ret;
+#endif
+#ifdef WOLFSSL_SHA512
+ ret = wc_Sha512Update(&ssl->hsHashes->hashSha512, adj, sz);
+ if (ret != 0)
+ return ret;
#endif
}
@@ -2468,6 +2657,11 @@ static int HashInput(WOLFSSL* ssl, const byte* input, int sz)
ret = wc_Sha384Update(&ssl->hsHashes->hashSha384, adj, sz);
if (ret != 0)
return ret;
+#endif
+#ifdef WOLFSSL_SHA512
+ ret = wc_Sha512Update(&ssl->hsHashes->hashSha512, adj, sz);
+ if (ret != 0)
+ return ret;
#endif
}
@@ -2503,10 +2697,13 @@ static void AddRecordHeader(byte* output, word32 length, byte type, WOLFSSL* ssl
/* add handshake header for message */
-static void AddHandShakeHeader(byte* output, word32 length, byte type,
- WOLFSSL* ssl)
+static void AddHandShakeHeader(byte* output, word32 length,
+ word32 fragOffset, word32 fragLength,
+ byte type, WOLFSSL* ssl)
{
HandShakeHeader* hs;
+ (void)fragOffset;
+ (void)fragLength;
(void)ssl;
/* handshake header */
@@ -2520,8 +2717,8 @@ static void AddHandShakeHeader(byte* output, word32 length, byte type,
/* dtls handshake header extensions */
dtls = (DtlsHandShakeHeader*)output;
c16toa(ssl->keys.dtls_handshake_number++, dtls->message_seq);
- c32to24(0, dtls->fragment_offset);
- c32to24(length, dtls->fragment_length);
+ c32to24(fragOffset, dtls->fragment_offset);
+ c32to24(fragLength, dtls->fragment_length);
}
#endif
}
@@ -2530,16 +2727,37 @@ static void AddHandShakeHeader(byte* output, word32 length, byte type,
/* add both headers for handshake message */
static void AddHeaders(byte* output, word32 length, byte type, WOLFSSL* ssl)
{
- if (!ssl->options.dtls) {
- AddRecordHeader(output, length + HANDSHAKE_HEADER_SZ, handshake, ssl);
- AddHandShakeHeader(output + RECORD_HEADER_SZ, length, type, ssl);
- }
+ word32 lengthAdj = HANDSHAKE_HEADER_SZ;
+ word32 outputAdj = RECORD_HEADER_SZ;
+
#ifdef WOLFSSL_DTLS
- else {
- AddRecordHeader(output, length+DTLS_HANDSHAKE_HEADER_SZ, handshake,ssl);
- AddHandShakeHeader(output + DTLS_RECORD_HEADER_SZ, length, type, ssl);
+ if (ssl->options.dtls) {
+ lengthAdj += DTLS_HANDSHAKE_EXTRA;
+ outputAdj += DTLS_RECORD_EXTRA;
}
#endif
+
+ AddRecordHeader(output, length + lengthAdj, handshake, ssl);
+ AddHandShakeHeader(output + outputAdj, length, 0, length, type, ssl);
+}
+
+
+static void AddFragHeaders(byte* output, word32 fragSz, word32 fragOffset,
+ word32 length, byte type, WOLFSSL* ssl)
+{
+ word32 lengthAdj = HANDSHAKE_HEADER_SZ;
+ word32 outputAdj = RECORD_HEADER_SZ;
+ (void)fragSz;
+
+#ifdef WOLFSSL_DTLS
+ if (ssl->options.dtls) {
+ lengthAdj += DTLS_HANDSHAKE_EXTRA;
+ outputAdj += DTLS_RECORD_EXTRA;
+ }
+#endif
+
+ AddRecordHeader(output, fragSz + lengthAdj, handshake, ssl);
+ AddHandShakeHeader(output + outputAdj, length, fragOffset, fragSz, type, ssl);
}
@@ -2648,7 +2866,6 @@ void ShrinkInputBuffer(WOLFSSL* ssl, int forcedFree)
ssl->buffers.inputBuffer.length = usedLength;
}
-
int SendBuffered(WOLFSSL* ssl)
{
if (ssl->ctx->CBIOSend == NULL) {
@@ -2978,22 +3195,44 @@ static const byte PAD2[PAD_MD5] =
};
/* calculate MD5 hash for finished */
+#ifdef WOLFSSL_TI_HASH
+#include
+#endif
+
static void BuildMD5(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
{
+
byte md5_result[MD5_DIGEST_SIZE];
+#ifdef WOLFSSL_SMALL_STACK
+ Md5* md5 = (Md5*)XMALLOC(sizeof(Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ Md5* md5_2 = (Md5*)XMALLOC(sizeof(Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#else
+ Md5 md5[1];
+ Md5 md5_2[1];
+#endif
+
/* make md5 inner */
+ md5[0] = ssl->hsHashes->hashMd5 ; /* Save current position */
+
wc_Md5Update(&ssl->hsHashes->hashMd5, sender, SIZEOF_SENDER);
wc_Md5Update(&ssl->hsHashes->hashMd5, ssl->arrays->masterSecret,SECRET_LEN);
wc_Md5Update(&ssl->hsHashes->hashMd5, PAD1, PAD_MD5);
- wc_Md5Final(&ssl->hsHashes->hashMd5, md5_result);
+ wc_Md5GetHash(&ssl->hsHashes->hashMd5, md5_result);
+ wc_Md5RestorePos(&ssl->hsHashes->hashMd5, md5) ; /* Restore current position */
/* make md5 outer */
- wc_Md5Update(&ssl->hsHashes->hashMd5, ssl->arrays->masterSecret,SECRET_LEN);
- wc_Md5Update(&ssl->hsHashes->hashMd5, PAD2, PAD_MD5);
- wc_Md5Update(&ssl->hsHashes->hashMd5, md5_result, MD5_DIGEST_SIZE);
+ wc_InitMd5(md5_2) ;
+ wc_Md5Update(md5_2, ssl->arrays->masterSecret,SECRET_LEN);
+ wc_Md5Update(md5_2, PAD2, PAD_MD5);
+ wc_Md5Update(md5_2, md5_result, MD5_DIGEST_SIZE);
+ wc_Md5Final(md5_2, hashes->md5);
+
+#ifdef WOLFSSL_SMALL_STACK
+ XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ XFREE(md5_2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
- wc_Md5Final(&ssl->hsHashes->hashMd5, hashes->md5);
}
@@ -3002,53 +3241,46 @@ static void BuildSHA(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
{
byte sha_result[SHA_DIGEST_SIZE];
+#ifdef WOLFSSL_SMALL_STACK
+ Sha* sha = (Sha*)XMALLOC(sizeof(Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ Sha* sha2 = (Sha*)XMALLOC(sizeof(Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#else
+ Sha sha[1];
+ Sha sha2[1] ;
+#endif
/* make sha inner */
+ sha[0] = ssl->hsHashes->hashSha ; /* Save current position */
+
wc_ShaUpdate(&ssl->hsHashes->hashSha, sender, SIZEOF_SENDER);
wc_ShaUpdate(&ssl->hsHashes->hashSha, ssl->arrays->masterSecret,SECRET_LEN);
wc_ShaUpdate(&ssl->hsHashes->hashSha, PAD1, PAD_SHA);
- wc_ShaFinal(&ssl->hsHashes->hashSha, sha_result);
+ wc_ShaGetHash(&ssl->hsHashes->hashSha, sha_result);
+ wc_ShaRestorePos(&ssl->hsHashes->hashSha, sha) ; /* Restore current position */
/* make sha outer */
- wc_ShaUpdate(&ssl->hsHashes->hashSha, ssl->arrays->masterSecret,SECRET_LEN);
- wc_ShaUpdate(&ssl->hsHashes->hashSha, PAD2, PAD_SHA);
- wc_ShaUpdate(&ssl->hsHashes->hashSha, sha_result, SHA_DIGEST_SIZE);
+ wc_InitSha(sha2) ;
+ wc_ShaUpdate(sha2, ssl->arrays->masterSecret,SECRET_LEN);
+ wc_ShaUpdate(sha2, PAD2, PAD_SHA);
+ wc_ShaUpdate(sha2, sha_result, SHA_DIGEST_SIZE);
+ wc_ShaFinal(sha2, hashes->sha);
+
+#ifdef WOLFSSL_SMALL_STACK
+ XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ XFREE(sha2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
- wc_ShaFinal(&ssl->hsHashes->hashSha, hashes->sha);
}
#endif
-
+/* Finished doesn't support SHA512, not SHA512 cipher suites yet */
static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
{
int ret = 0;
#ifdef WOLFSSL_SMALL_STACK
- #ifndef NO_OLD_TLS
- #ifndef NO_MD5
- Md5* md5 = (Md5*)XMALLOC(sizeof(Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- #ifndef NO_SHA
- Sha* sha = (Sha*)XMALLOC(sizeof(Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- #endif
- #ifndef NO_SHA256
- Sha256* sha256 = (Sha256*)XMALLOC(sizeof(Sha256), NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- #endif
#ifdef WOLFSSL_SHA384
Sha384* sha384 = (Sha384*)XMALLOC(sizeof(Sha384), NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
#else
- #ifndef NO_OLD_TLS
- #ifndef NO_MD5
- Md5 md5[1];
- #endif
- #ifndef NO_SHA
- Sha sha[1];
- #endif
- #endif
- #ifndef NO_SHA256
- Sha256 sha256[1];
- #endif
#ifdef WOLFSSL_SHA384
Sha384 sha384[1];
#endif
@@ -3056,32 +3288,10 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
#ifdef WOLFSSL_SMALL_STACK
if (ssl == NULL
- #ifndef NO_OLD_TLS
- #ifndef NO_MD5
- || md5 == NULL
- #endif
- #ifndef NO_SHA
- || sha == NULL
- #endif
- #endif
- #ifndef NO_SHA256
- || sha256 == NULL
- #endif
#ifdef WOLFSSL_SHA384
|| sha384 == NULL
#endif
) {
- #ifndef NO_OLD_TLS
- #ifndef NO_MD5
- XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- #ifndef NO_SHA
- XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- #endif
- #ifndef NO_SHA256
- XFREE(sha256, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
#ifdef WOLFSSL_SHA384
XFREE(sha384, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
@@ -3090,17 +3300,6 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
#endif
/* store current states, building requires get_digest which resets state */
-#ifndef NO_OLD_TLS
-#ifndef NO_MD5
- md5[0] = ssl->hsHashes->hashMd5;
-#endif
-#ifndef NO_SHA
- sha[0] = ssl->hsHashes->hashSha;
- #endif
-#endif
-#ifndef NO_SHA256
- sha256[0] = ssl->hsHashes->hashSha256;
-#endif
#ifdef WOLFSSL_SHA384
sha384[0] = ssl->hsHashes->hashSha384;
#endif
@@ -3118,35 +3317,13 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
#endif
/* restore */
-#ifndef NO_OLD_TLS
- #ifndef NO_MD5
- ssl->hsHashes->hashMd5 = md5[0];
- #endif
- #ifndef NO_SHA
- ssl->hsHashes->hashSha = sha[0];
- #endif
-#endif
if (IsAtLeastTLSv1_2(ssl)) {
- #ifndef NO_SHA256
- ssl->hsHashes->hashSha256 = sha256[0];
- #endif
#ifdef WOLFSSL_SHA384
ssl->hsHashes->hashSha384 = sha384[0];
#endif
}
#ifdef WOLFSSL_SMALL_STACK
-#ifndef NO_OLD_TLS
-#ifndef NO_MD5
- XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-#ifndef NO_SHA
- XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-#endif
-#ifndef NO_SHA256
- XFREE(sha256, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
#ifdef WOLFSSL_SHA384
XFREE(sha384, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
@@ -3421,11 +3598,6 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
return 1;
break;
- case TLS_NTRU_RSA_WITH_RC4_128_SHA :
- if (requirement == REQUIRES_NTRU)
- return 1;
- break;
-
case SSL_RSA_WITH_RC4_128_MD5 :
if (requirement == REQUIRES_RSA)
return 1;
@@ -3436,7 +3608,7 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
return 1;
break;
- case TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA :
+ case TLS_NTRU_RSA_WITH_RC4_128_SHA :
if (requirement == REQUIRES_NTRU)
return 1;
break;
@@ -3451,7 +3623,7 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
return 1;
break;
- case TLS_NTRU_RSA_WITH_AES_128_CBC_SHA :
+ case TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA :
if (requirement == REQUIRES_NTRU)
return 1;
break;
@@ -3461,6 +3633,11 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
return 1;
break;
+ case TLS_NTRU_RSA_WITH_AES_128_CBC_SHA :
+ if (requirement == REQUIRES_NTRU)
+ return 1;
+ break;
+
case TLS_RSA_WITH_AES_256_CBC_SHA256 :
if (requirement == REQUIRES_RSA)
return 1;
@@ -3631,7 +3808,7 @@ static int MatchDomainName(const char* pattern, int len, const char* str)
break;
if (p == '*') {
- while (--len > 0 &&
+ while (--len > 0 &&
(p = (char)XTOLOWER((unsigned char)*pattern++)) == '*')
;
@@ -3817,9 +3994,9 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
x509->derCert.length = dCert->maxIdx;
}
- x509->altNames = dCert->altNames;
- dCert->altNames = NULL; /* takes ownership */
- x509->altNamesNext = x509->altNames; /* index hint */
+ x509->altNames = dCert->altNames;
+ dCert->weOwnAltNames = 0;
+ x509->altNamesNext = x509->altNames; /* index hint */
x509->isCa = dCert->isCA;
#ifdef OPENSSL_EXTRA
@@ -3904,15 +4081,8 @@ static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx,
c24to32(input + *inOutIdx, &listSz);
*inOutIdx += OPAQUE24_LEN;
-#ifdef HAVE_MAX_FRAGMENT
- if (listSz > ssl->max_fragment) {
- SendAlert(ssl, alert_fatal, record_overflow);
- return BUFFER_E;
- }
-#else
if (listSz > MAX_RECORD_SIZE)
return BUFFER_E;
-#endif
if ((*inOutIdx - begin) + listSz != size)
return BUFFER_ERROR;
@@ -4354,7 +4524,7 @@ static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx,
#else
store->current_cert = NULL;
#endif
-#ifdef FORTRESS
+#if defined(HAVE_FORTRESS) || defined(HAVE_STUNNEL)
store->ex_data = ssl;
#endif
ok = ssl->verifyCallback(0, store);
@@ -4670,9 +4840,17 @@ static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type)
}
}
if (ssl->msgsReceived.got_server_key_exchange == 0) {
+ int pskNoServerHint = 0; /* not required in this case */
+
+ #ifndef NO_PSK
+ if (ssl->specs.kea == psk_kea &&
+ ssl->arrays->server_hint[0] == 0)
+ pskNoServerHint = 1;
+ #endif
if (ssl->specs.static_ecdh == 1 ||
ssl->specs.kea == rsa_kea ||
- ssl->specs.kea == ntru_kea) {
+ ssl->specs.kea == ntru_kea ||
+ pskNoServerHint) {
WOLFSSL_MSG("No KeyExchange required");
} else {
WOLFSSL_MSG("No ServerKeyExchange before ServerDone");
@@ -4883,6 +5061,10 @@ static int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
if (ssl->keys.encryptionOn) {
*inOutIdx += ssl->keys.padSz;
}
+ if (ssl->options.resuming) {
+ WOLFSSL_MSG("Not resuming as thought");
+ ssl->options.resuming = 0;
+ }
break;
case finished:
@@ -5067,6 +5249,8 @@ static int DoDtlsHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx,
ssl->keys.dtls_expected_peer_handshake_number) {
/* Already saw this message and processed it. It can be ignored. */
*inOutIdx += fragSz;
+ if(type == finished )
+ *inOutIdx += ssl->keys.padSz;
ret = 0;
}
else if (fragSz < size) {
@@ -5146,7 +5330,7 @@ static int Poly1305Tag(WOLFSSL* ssl, byte* additional, const byte* out,
if ((ret = wc_Poly1305SetKey(ssl->auth.poly1305, cipher, keySz)) != 0)
return ret;
- /* additional input to poly1305 */
+ /* additional input to poly1305 */
if ((ret = wc_Poly1305Update(ssl->auth.poly1305, additional, blockSz)) != 0)
return ret;
@@ -5205,7 +5389,7 @@ static int Poly1305TagOld(WOLFSSL* ssl, byte* additional, const byte* out,
if ((ret = wc_Poly1305SetKey(ssl->auth.poly1305, cipher, keySz)) != 0)
return ret;
- /* add TLS compressed length and additional input to poly1305 */
+ /* add TLS compressed length and additional input to poly1305 */
additional[AEAD_AUTH_DATA_SZ - 2] = (msglen >> 8) & 0xff;
additional[AEAD_AUTH_DATA_SZ - 1] = msglen & 0xff;
if ((ret = wc_Poly1305Update(ssl->auth.poly1305, additional,
@@ -5245,201 +5429,201 @@ static int Poly1305TagOld(WOLFSSL* ssl, byte* additional, const byte* out,
static int ChachaAEADEncrypt(WOLFSSL* ssl, byte* out, const byte* input,
word16 sz)
{
- const byte* additionalSrc = input - RECORD_HEADER_SZ;
- int ret = 0;
- byte tag[POLY1305_AUTH_SZ];
- byte additional[CHACHA20_BLOCK_SIZE];
- byte nonce[AEAD_NONCE_SZ];
- byte cipher[CHACHA20_256_KEY_SIZE]; /* generated key for poly1305 */
+ const byte* additionalSrc = input - RECORD_HEADER_SZ;
+ int ret = 0;
+ byte tag[POLY1305_AUTH_SZ];
+ byte additional[CHACHA20_BLOCK_SIZE];
+ byte nonce[AEAD_NONCE_SZ];
+ byte cipher[CHACHA20_256_KEY_SIZE]; /* generated key for poly1305 */
#ifdef CHACHA_AEAD_TEST
int i;
#endif
- XMEMSET(tag, 0, sizeof(tag));
- XMEMSET(nonce, 0, AEAD_NONCE_SZ);
- XMEMSET(cipher, 0, sizeof(cipher));
- XMEMSET(additional, 0, CHACHA20_BLOCK_SIZE);
+ XMEMSET(tag, 0, sizeof(tag));
+ XMEMSET(nonce, 0, AEAD_NONCE_SZ);
+ XMEMSET(cipher, 0, sizeof(cipher));
+ XMEMSET(additional, 0, CHACHA20_BLOCK_SIZE);
- /* get nonce */
- c32toa(ssl->keys.sequence_number, nonce + AEAD_IMP_IV_SZ
- + AEAD_SEQ_OFFSET);
+ /* get nonce */
+ c32toa(ssl->keys.sequence_number, nonce + AEAD_IMP_IV_SZ
+ + AEAD_SEQ_OFFSET);
- /* opaque SEQ number stored for AD */
- c32toa(GetSEQIncrement(ssl, 0), additional + AEAD_SEQ_OFFSET);
+ /* opaque SEQ number stored for AD */
+ c32toa(GetSEQIncrement(ssl, 0), additional + AEAD_SEQ_OFFSET);
- /* Store the type, version. Unfortunately, they are in
- * the input buffer ahead of the plaintext. */
- #ifdef WOLFSSL_DTLS
- if (ssl->options.dtls) {
- c16toa(ssl->keys.dtls_epoch, additional);
- additionalSrc -= DTLS_HANDSHAKE_EXTRA;
- }
- #endif
+ /* Store the type, version. Unfortunately, they are in
+ * the input buffer ahead of the plaintext. */
+ #ifdef WOLFSSL_DTLS
+ if (ssl->options.dtls) {
+ c16toa(ssl->keys.dtls_epoch, additional);
+ additionalSrc -= DTLS_HANDSHAKE_EXTRA;
+ }
+ #endif
- XMEMCPY(additional + AEAD_TYPE_OFFSET, additionalSrc, 3);
+ XMEMCPY(additional + AEAD_TYPE_OFFSET, additionalSrc, 3);
- #ifdef CHACHA_AEAD_TEST
- printf("Encrypt Additional : ");
- for (i = 0; i < CHACHA20_BLOCK_SIZE; i++) {
- printf("%02x", additional[i]);
- }
- printf("\n\n");
- printf("input before encryption :\n");
- for (i = 0; i < sz; i++) {
- printf("%02x", input[i]);
- if ((i + 1) % 16 == 0)
- printf("\n");
- }
- printf("\n");
- #endif
+ #ifdef CHACHA_AEAD_TEST
+ printf("Encrypt Additional : ");
+ for (i = 0; i < CHACHA20_BLOCK_SIZE; i++) {
+ printf("%02x", additional[i]);
+ }
+ printf("\n\n");
+ printf("input before encryption :\n");
+ for (i = 0; i < sz; i++) {
+ printf("%02x", input[i]);
+ if ((i + 1) % 16 == 0)
+ printf("\n");
+ }
+ printf("\n");
+ #endif
- /* set the nonce for chacha and get poly1305 key */
- if ((ret = wc_Chacha_SetIV(ssl->encrypt.chacha, nonce, 0)) != 0)
- return ret;
+ /* set the nonce for chacha and get poly1305 key */
+ if ((ret = wc_Chacha_SetIV(ssl->encrypt.chacha, nonce, 0)) != 0)
+ return ret;
- if ((ret = wc_Chacha_Process(ssl->encrypt.chacha, cipher,
- cipher, sizeof(cipher))) != 0)
- return ret;
+ if ((ret = wc_Chacha_Process(ssl->encrypt.chacha, cipher,
+ cipher, sizeof(cipher))) != 0)
+ return ret;
- /* encrypt the plain text */
- if ((ret = wc_Chacha_Process(ssl->encrypt.chacha, out, input,
- sz - ssl->specs.aead_mac_size)) != 0)
- return ret;
+ /* encrypt the plain text */
+ if ((ret = wc_Chacha_Process(ssl->encrypt.chacha, out, input,
+ sz - ssl->specs.aead_mac_size)) != 0)
+ return ret;
- /* get the tag : future use of hmac could go here*/
- if (ssl->options.oldPoly == 1) {
- if ((ret = Poly1305TagOld(ssl, additional, (const byte* )out,
- cipher, sz, tag)) != 0)
- return ret;
- }
- else {
- if ((ret = Poly1305Tag(ssl, additional, (const byte* )out,
- cipher, sz, tag)) != 0)
- return ret;
- }
+ /* get the tag : future use of hmac could go here*/
+ if (ssl->options.oldPoly == 1) {
+ if ((ret = Poly1305TagOld(ssl, additional, (const byte* )out,
+ cipher, sz, tag)) != 0)
+ return ret;
+ }
+ else {
+ if ((ret = Poly1305Tag(ssl, additional, (const byte* )out,
+ cipher, sz, tag)) != 0)
+ return ret;
+ }
- /* append tag to ciphertext */
- XMEMCPY(out + sz - ssl->specs.aead_mac_size, tag, sizeof(tag));
+ /* append tag to ciphertext */
+ XMEMCPY(out + sz - ssl->specs.aead_mac_size, tag, sizeof(tag));
- AeadIncrementExpIV(ssl);
- ForceZero(nonce, AEAD_NONCE_SZ);
+ AeadIncrementExpIV(ssl);
+ ForceZero(nonce, AEAD_NONCE_SZ);
- #ifdef CHACHA_AEAD_TEST
- printf("mac tag :\n");
- for (i = 0; i < 16; i++) {
- printf("%02x", tag[i]);
- if ((i + 1) % 16 == 0)
- printf("\n");
- }
- printf("\n\noutput after encrypt :\n");
- for (i = 0; i < sz; i++) {
- printf("%02x", out[i]);
- if ((i + 1) % 16 == 0)
- printf("\n");
- }
- printf("\n");
- #endif
+ #ifdef CHACHA_AEAD_TEST
+ printf("mac tag :\n");
+ for (i = 0; i < 16; i++) {
+ printf("%02x", tag[i]);
+ if ((i + 1) % 16 == 0)
+ printf("\n");
+ }
+ printf("\n\noutput after encrypt :\n");
+ for (i = 0; i < sz; i++) {
+ printf("%02x", out[i]);
+ if ((i + 1) % 16 == 0)
+ printf("\n");
+ }
+ printf("\n");
+ #endif
- return ret;
+ return ret;
}
static int ChachaAEADDecrypt(WOLFSSL* ssl, byte* plain, const byte* input,
word16 sz)
{
- byte additional[CHACHA20_BLOCK_SIZE];
- byte nonce[AEAD_NONCE_SZ];
- byte tag[POLY1305_AUTH_SZ];
- byte cipher[CHACHA20_256_KEY_SIZE]; /* generated key for mac */
- int ret = 0;
+ byte additional[CHACHA20_BLOCK_SIZE];
+ byte nonce[AEAD_NONCE_SZ];
+ byte tag[POLY1305_AUTH_SZ];
+ byte cipher[CHACHA20_256_KEY_SIZE]; /* generated key for mac */
+ int ret = 0;
- XMEMSET(tag, 0, sizeof(tag));
- XMEMSET(cipher, 0, sizeof(cipher));
- XMEMSET(nonce, 0, AEAD_NONCE_SZ);
- XMEMSET(additional, 0, CHACHA20_BLOCK_SIZE);
+ XMEMSET(tag, 0, sizeof(tag));
+ XMEMSET(cipher, 0, sizeof(cipher));
+ XMEMSET(nonce, 0, AEAD_NONCE_SZ);
+ XMEMSET(additional, 0, CHACHA20_BLOCK_SIZE);
#ifdef CHACHA_AEAD_TEST
int i;
- printf("input before decrypt :\n");
- for (i = 0; i < sz; i++) {
- printf("%02x", input[i]);
- if ((i + 1) % 16 == 0)
- printf("\n");
- }
- printf("\n");
- #endif
+ printf("input before decrypt :\n");
+ for (i = 0; i < sz; i++) {
+ printf("%02x", input[i]);
+ if ((i + 1) % 16 == 0)
+ printf("\n");
+ }
+ printf("\n");
+ #endif
- /* get nonce */
- c32toa(ssl->keys.peer_sequence_number, nonce + AEAD_IMP_IV_SZ
- + AEAD_SEQ_OFFSET);
+ /* get nonce */
+ c32toa(ssl->keys.peer_sequence_number, nonce + AEAD_IMP_IV_SZ
+ + AEAD_SEQ_OFFSET);
- /* sequence number field is 64-bits, we only use 32-bits */
- c32toa(GetSEQIncrement(ssl, 1), additional + AEAD_SEQ_OFFSET);
+ /* sequence number field is 64-bits, we only use 32-bits */
+ c32toa(GetSEQIncrement(ssl, 1), additional + AEAD_SEQ_OFFSET);
- /* get AD info */
- additional[AEAD_TYPE_OFFSET] = ssl->curRL.type;
- additional[AEAD_VMAJ_OFFSET] = ssl->curRL.pvMajor;
- additional[AEAD_VMIN_OFFSET] = ssl->curRL.pvMinor;
+ /* get AD info */
+ additional[AEAD_TYPE_OFFSET] = ssl->curRL.type;
+ additional[AEAD_VMAJ_OFFSET] = ssl->curRL.pvMajor;
+ additional[AEAD_VMIN_OFFSET] = ssl->curRL.pvMinor;
- /* Store the type, version. */
- #ifdef WOLFSSL_DTLS
- if (ssl->options.dtls)
- c16toa(ssl->keys.dtls_state.curEpoch, additional);
- #endif
+ /* Store the type, version. */
+ #ifdef WOLFSSL_DTLS
+ if (ssl->options.dtls)
+ c16toa(ssl->keys.dtls_state.curEpoch, additional);
+ #endif
- #ifdef CHACHA_AEAD_TEST
- printf("Decrypt Additional : ");
- for (i = 0; i < CHACHA20_BLOCK_SIZE; i++) {
- printf("%02x", additional[i]);
- }
- printf("\n\n");
- #endif
+ #ifdef CHACHA_AEAD_TEST
+ printf("Decrypt Additional : ");
+ for (i = 0; i < CHACHA20_BLOCK_SIZE; i++) {
+ printf("%02x", additional[i]);
+ }
+ printf("\n\n");
+ #endif
- /* set nonce and get poly1305 key */
- if ((ret = wc_Chacha_SetIV(ssl->decrypt.chacha, nonce, 0)) != 0)
- return ret;
+ /* set nonce and get poly1305 key */
+ if ((ret = wc_Chacha_SetIV(ssl->decrypt.chacha, nonce, 0)) != 0)
+ return ret;
- if ((ret = wc_Chacha_Process(ssl->decrypt.chacha, cipher,
- cipher, sizeof(cipher))) != 0)
- return ret;
+ if ((ret = wc_Chacha_Process(ssl->decrypt.chacha, cipher,
+ cipher, sizeof(cipher))) != 0)
+ return ret;
- /* get the tag : future use of hmac could go here*/
- if (ssl->options.oldPoly == 1) {
- if ((ret = Poly1305TagOld(ssl, additional, input, cipher,
- sz, tag)) != 0)
- return ret;
- }
- else {
- if ((ret = Poly1305Tag(ssl, additional, input, cipher,
- sz, tag)) != 0)
- return ret;
- }
+ /* get the tag : future use of hmac could go here*/
+ if (ssl->options.oldPoly == 1) {
+ if ((ret = Poly1305TagOld(ssl, additional, input, cipher,
+ sz, tag)) != 0)
+ return ret;
+ }
+ else {
+ if ((ret = Poly1305Tag(ssl, additional, input, cipher,
+ sz, tag)) != 0)
+ return ret;
+ }
- /* check mac sent along with packet */
+ /* check mac sent along with packet */
if (ConstantCompare(input + sz - ssl->specs.aead_mac_size, tag,
ssl->specs.aead_mac_size) != 0) {
- WOLFSSL_MSG("Mac did not match");
- SendAlert(ssl, alert_fatal, bad_record_mac);
- ForceZero(nonce, AEAD_NONCE_SZ);
- return VERIFY_MAC_ERROR;
- }
+ WOLFSSL_MSG("Mac did not match");
+ SendAlert(ssl, alert_fatal, bad_record_mac);
+ ForceZero(nonce, AEAD_NONCE_SZ);
+ return VERIFY_MAC_ERROR;
+ }
- /* if mac was good decrypt message */
- if ((ret = wc_Chacha_Process(ssl->decrypt.chacha, plain, input,
- sz - ssl->specs.aead_mac_size)) != 0)
- return ret;
+ /* if mac was good decrypt message */
+ if ((ret = wc_Chacha_Process(ssl->decrypt.chacha, plain, input,
+ sz - ssl->specs.aead_mac_size)) != 0)
+ return ret;
- #ifdef CHACHA_AEAD_TEST
- printf("plain after decrypt :\n");
- for (i = 0; i < sz; i++) {
- printf("%02x", plain[i]);
- if ((i + 1) % 16 == 0)
- printf("\n");
- }
- printf("\n");
- #endif
+ #ifdef CHACHA_AEAD_TEST
+ printf("plain after decrypt :\n");
+ for (i = 0; i < sz; i++) {
+ printf("%02x", plain[i]);
+ if ((i + 1) % 16 == 0)
+ printf("\n");
+ }
+ printf("\n");
+ #endif
- return ret;
+ return ret;
}
#endif /* HAVE_CHACHA && HAVE_POLY1305 */
#endif /* HAVE_AEAD */
@@ -5447,6 +5631,8 @@ static int ChachaAEADDecrypt(WOLFSSL* ssl, byte* plain, const byte* input,
static INLINE int Encrypt(WOLFSSL* ssl, byte* out, const byte* input, word16 sz)
{
+ int ret = 0;
+
(void)out;
(void)input;
(void)sz;
@@ -5470,18 +5656,19 @@ static INLINE int Encrypt(WOLFSSL* ssl, byte* out, const byte* input, word16 sz)
#ifdef BUILD_DES3
case wolfssl_triple_des:
- return wc_Des3_CbcEncrypt(ssl->encrypt.des3, out, input, sz);
+ ret = wc_Des3_CbcEncrypt(ssl->encrypt.des3, out, input, sz);
+ break;
#endif
#ifdef BUILD_AES
case wolfssl_aes:
- return wc_AesCbcEncrypt(ssl->encrypt.aes, out, input, sz);
+ ret = wc_AesCbcEncrypt(ssl->encrypt.aes, out, input, sz);
+ break;
#endif
#ifdef BUILD_AESGCM
case wolfssl_aes_gcm:
{
- int gcmRet;
byte additional[AEAD_AUTH_DATA_SZ];
byte nonce[AEAD_NONCE_SZ];
const byte* additionalSrc = input - 5;
@@ -5510,17 +5697,16 @@ static INLINE int Encrypt(WOLFSSL* ssl, byte* out, const byte* input, word16 sz)
ssl->keys.aead_enc_imp_IV, AEAD_IMP_IV_SZ);
XMEMCPY(nonce + AEAD_IMP_IV_SZ,
ssl->keys.aead_exp_IV, AEAD_EXP_IV_SZ);
- gcmRet = wc_AesGcmEncrypt(ssl->encrypt.aes,
+ ret = wc_AesGcmEncrypt(ssl->encrypt.aes,
out + AEAD_EXP_IV_SZ, input + AEAD_EXP_IV_SZ,
sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size,
nonce, AEAD_NONCE_SZ,
out + sz - ssl->specs.aead_mac_size,
ssl->specs.aead_mac_size,
additional, AEAD_AUTH_DATA_SZ);
- if (gcmRet == 0)
+ if (ret == 0)
AeadIncrementExpIV(ssl);
ForceZero(nonce, AEAD_NONCE_SZ);
- return gcmRet;
}
break;
#endif
@@ -5577,17 +5763,20 @@ static INLINE int Encrypt(WOLFSSL* ssl, byte* out, const byte* input, word16 sz)
#ifdef HAVE_HC128
case wolfssl_hc128:
- return wc_Hc128_Process(ssl->encrypt.hc128, out, input, sz);
+ ret = wc_Hc128_Process(ssl->encrypt.hc128, out, input, sz);
+ break;
#endif
#ifdef BUILD_RABBIT
case wolfssl_rabbit:
- return wc_RabbitProcess(ssl->encrypt.rabbit, out, input, sz);
+ ret = wc_RabbitProcess(ssl->encrypt.rabbit, out, input, sz);
+ break;
#endif
#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
case wolfssl_chacha:
- return ChachaAEADEncrypt(ssl, out, input, sz);
+ ret = ChachaAEADEncrypt(ssl, out, input, sz);
+ break;
#endif
#ifdef HAVE_NULL_CIPHER
@@ -5600,10 +5789,10 @@ static INLINE int Encrypt(WOLFSSL* ssl, byte* out, const byte* input, word16 sz)
default:
WOLFSSL_MSG("wolfSSL Encrypt programming error");
- return ENCRYPT_ERROR;
+ ret = ENCRYPT_ERROR;
}
- return 0;
+ return ret;
}
@@ -5611,6 +5800,8 @@ static INLINE int Encrypt(WOLFSSL* ssl, byte* out, const byte* input, word16 sz)
static INLINE int Decrypt(WOLFSSL* ssl, byte* plain, const byte* input,
word16 sz)
{
+ int ret = 0;
+
(void)plain;
(void)input;
(void)sz;
@@ -5629,12 +5820,14 @@ static INLINE int Decrypt(WOLFSSL* ssl, byte* plain, const byte* input,
#ifdef BUILD_DES3
case wolfssl_triple_des:
- return wc_Des3_CbcDecrypt(ssl->decrypt.des3, plain, input, sz);
+ ret = wc_Des3_CbcDecrypt(ssl->decrypt.des3, plain, input, sz);
+ break;
#endif
#ifdef BUILD_AES
case wolfssl_aes:
- return wc_AesCbcDecrypt(ssl->decrypt.aes, plain, input, sz);
+ ret = wc_AesCbcDecrypt(ssl->decrypt.aes, plain, input, sz);
+ break;
#endif
#ifdef BUILD_AESGCM
@@ -5670,8 +5863,7 @@ static INLINE int Decrypt(WOLFSSL* ssl, byte* plain, const byte* input,
ssl->specs.aead_mac_size,
additional, AEAD_AUTH_DATA_SZ) < 0) {
SendAlert(ssl, alert_fatal, bad_record_mac);
- ForceZero(nonce, AEAD_NONCE_SZ);
- return VERIFY_MAC_ERROR;
+ ret = VERIFY_MAC_ERROR;
}
ForceZero(nonce, AEAD_NONCE_SZ);
}
@@ -5711,8 +5903,7 @@ static INLINE int Decrypt(WOLFSSL* ssl, byte* plain, const byte* input,
ssl->specs.aead_mac_size,
additional, AEAD_AUTH_DATA_SZ) < 0) {
SendAlert(ssl, alert_fatal, bad_record_mac);
- ForceZero(nonce, AEAD_NONCE_SZ);
- return VERIFY_MAC_ERROR;
+ ret = VERIFY_MAC_ERROR;
}
ForceZero(nonce, AEAD_NONCE_SZ);
}
@@ -5727,17 +5918,20 @@ static INLINE int Decrypt(WOLFSSL* ssl, byte* plain, const byte* input,
#ifdef HAVE_HC128
case wolfssl_hc128:
- return wc_Hc128_Process(ssl->decrypt.hc128, plain, input, sz);
+ ret = wc_Hc128_Process(ssl->decrypt.hc128, plain, input, sz);
+ break;
#endif
#ifdef BUILD_RABBIT
case wolfssl_rabbit:
- return wc_RabbitProcess(ssl->decrypt.rabbit, plain, input, sz);
+ ret = wc_RabbitProcess(ssl->decrypt.rabbit, plain, input, sz);
+ break;
#endif
#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
case wolfssl_chacha:
- return ChachaAEADDecrypt(ssl, plain, input, sz);
+ ret = ChachaAEADDecrypt(ssl, plain, input, sz);
+ break;
#endif
#ifdef HAVE_NULL_CIPHER
@@ -5750,9 +5944,10 @@ static INLINE int Decrypt(WOLFSSL* ssl, byte* plain, const byte* input,
default:
WOLFSSL_MSG("wolfSSL Decrypt programming error");
- return DECRYPT_ERROR;
+ ret = DECRYPT_ERROR;
}
- return 0;
+
+ return ret;
}
@@ -5806,6 +6001,7 @@ static INLINE void Md5Rounds(int rounds, const byte* data, int sz)
for (i = 0; i < rounds; i++)
wc_Md5Update(&md5, data, sz);
+ wc_Md5Free(&md5) ; /* in case needed to release resources */
}
@@ -5820,6 +6016,7 @@ static INLINE void ShaRounds(int rounds, const byte* data, int sz)
for (i = 0; i < rounds; i++)
wc_ShaUpdate(&sha, data, sz);
+ wc_ShaFree(&sha) ; /* in case needed to release resources */
}
#endif
@@ -5837,7 +6034,7 @@ static INLINE void Sha256Rounds(int rounds, const byte* data, int sz)
wc_Sha256Update(&sha256, data, sz);
/* no error check on purpose, dummy round */
}
-
+ wc_Sha256Free(&sha256) ; /* in case needed to release resources */
}
#endif
@@ -5856,6 +6053,7 @@ static INLINE void Sha384Rounds(int rounds, const byte* data, int sz)
wc_Sha384Update(&sha384, data, sz);
/* no error check on purpose, dummy round */
}
+ wc_Sha384Free(&sha384) ; /* in case needed to release resources */
}
#endif
@@ -5874,6 +6072,7 @@ static INLINE void Sha512Rounds(int rounds, const byte* data, int sz)
wc_Sha512Update(&sha512, data, sz);
/* no error check on purpose, dummy round */
}
+ wc_Sha512Free(&sha512) ; /* in case needed to release resources */
}
#endif
@@ -5957,23 +6156,16 @@ static INLINE void CompressRounds(WOLFSSL* ssl, int rounds, const byte* dummy)
/* check all length bytes for the pad value, return 0 on success */
-static int PadCheck(const byte* input, byte pad, int length)
+static int PadCheck(const byte* a, byte pad, int length)
{
int i;
- int good = 0;
- int bad = 0;
+ int compareSum = 0;
for (i = 0; i < length; i++) {
- if (input[i] == pad)
- good++;
- else
- bad++;
+ compareSum |= a[i] ^ pad;
}
- if (good == length)
- return 0;
- else
- return 0 - bad; /* pad check failed */
+ return compareSum;
}
@@ -6009,10 +6201,11 @@ static int TimingPadVerify(WOLFSSL* ssl, const byte* input, int padLen, int t,
int pLen, int content)
{
byte verify[MAX_DIGEST_SIZE];
- byte dummy[MAX_PAD_SIZE];
+ byte dmy[sizeof(WOLFSSL) >= MAX_PAD_SIZE ? 1 : MAX_PAD_SIZE] = {0};
+ byte* dummy = sizeof(dmy) < MAX_PAD_SIZE ? (byte*) ssl : dmy;
int ret = 0;
- XMEMSET(dummy, 1, sizeof(dummy));
+ (void)dmy;
if ( (t + padLen + 1) > pLen) {
WOLFSSL_MSG("Plain Len not long enough for pad/mac");
@@ -6247,9 +6440,10 @@ static INLINE int VerifyMac(WOLFSSL* ssl, const byte* input, word32 msgSz,
else { /* sslv3, some implementations have bad padding, but don't
* allow bad read */
int badPadLen = 0;
- byte dummy[MAX_PAD_SIZE];
+ byte dmy[sizeof(WOLFSSL) >= MAX_PAD_SIZE ? 1 : MAX_PAD_SIZE] = {0};
+ byte* dummy = sizeof(dmy) < MAX_PAD_SIZE ? (byte*) ssl : dmy;
- XMEMSET(dummy, 1, sizeof(dummy));
+ (void)dmy;
if (pad > (msgSz - digestSz - 1)) {
WOLFSSL_MSG("Plain Len not long enough for pad/mac");
@@ -6554,6 +6748,22 @@ int ProcessReply(WOLFSSL* ssl)
}
#endif
+ /* Check for duplicate CCS message in DTLS mode.
+ * DTLS allows for duplicate messages, and it should be
+ * skipped. */
+ if (ssl->options.dtls &&
+ ssl->msgsReceived.got_change_cipher) {
+
+ WOLFSSL_MSG("Duplicate ChangeCipher msg");
+ if (ssl->curSize != 1) {
+ WOLFSSL_MSG("Malicious or corrupted"
+ " duplicate ChangeCipher msg");
+ return LENGTH_ERROR;
+ }
+ ssl->buffers.inputBuffer.idx++;
+ break;
+ }
+
ret = SanityCheckMsgReceived(ssl, change_cipher_hs);
if (ret != 0)
return ret;
@@ -6606,16 +6816,9 @@ int ProcessReply(WOLFSSL* ssl)
if ( (ret = InitStreams(ssl)) != 0)
return ret;
#endif
- if (ssl->options.resuming &&
- ssl->options.side == WOLFSSL_CLIENT_END) {
- ret = BuildFinished(ssl, &ssl->hsHashes->verifyHashes,
- server);
- }
- else if (!ssl->options.resuming &&
- ssl->options.side == WOLFSSL_SERVER_END) {
- ret = BuildFinished(ssl, &ssl->hsHashes->verifyHashes,
- client);
- }
+ ret = BuildFinished(ssl, &ssl->hsHashes->verifyHashes,
+ ssl->options.side == WOLFSSL_CLIENT_END ?
+ server : client);
if (ret != 0)
return ret;
break;
@@ -6659,6 +6862,7 @@ int ProcessReply(WOLFSSL* ssl)
/* input exhausted? */
if (ssl->buffers.inputBuffer.idx == ssl->buffers.inputBuffer.length)
return 0;
+
/* more messages per record */
else if ((ssl->buffers.inputBuffer.idx - startIdx) < ssl->curSize) {
WOLFSSL_MSG("More messages in record");
@@ -6832,17 +7036,33 @@ static void BuildMD5_CertVerify(WOLFSSL* ssl, byte* digest)
{
byte md5_result[MD5_DIGEST_SIZE];
+#ifdef WOLFSSL_SMALL_STACK
+ Md5* md5 = (Md5*)XMALLOC(sizeof(Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ Md5* md5_2 = (Md5*)XMALLOC(sizeof(Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#else
+ Md5 md5[1];
+ Md5 md5_2[1];
+#endif
+
/* make md5 inner */
+ md5[0] = ssl->hsHashes->hashMd5 ; /* Save current position */
wc_Md5Update(&ssl->hsHashes->hashMd5, ssl->arrays->masterSecret,SECRET_LEN);
wc_Md5Update(&ssl->hsHashes->hashMd5, PAD1, PAD_MD5);
- wc_Md5Final(&ssl->hsHashes->hashMd5, md5_result);
+ wc_Md5GetHash(&ssl->hsHashes->hashMd5, md5_result);
+ wc_Md5RestorePos(&ssl->hsHashes->hashMd5, md5) ; /* Restore current position */
/* make md5 outer */
- wc_Md5Update(&ssl->hsHashes->hashMd5, ssl->arrays->masterSecret, SECRET_LEN);
- wc_Md5Update(&ssl->hsHashes->hashMd5, PAD2, PAD_MD5);
- wc_Md5Update(&ssl->hsHashes->hashMd5, md5_result, MD5_DIGEST_SIZE);
+ wc_InitMd5(md5_2) ;
+ wc_Md5Update(md5_2, ssl->arrays->masterSecret, SECRET_LEN);
+ wc_Md5Update(md5_2, PAD2, PAD_MD5);
+ wc_Md5Update(md5_2, md5_result, MD5_DIGEST_SIZE);
- wc_Md5Final(&ssl->hsHashes->hashMd5, digest);
+ wc_Md5Final(md5_2, digest);
+
+#ifdef WOLFSSL_SMALL_STACK
+ XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ XFREE(md5_2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
}
@@ -6850,17 +7070,34 @@ static void BuildSHA_CertVerify(WOLFSSL* ssl, byte* digest)
{
byte sha_result[SHA_DIGEST_SIZE];
+#ifdef WOLFSSL_SMALL_STACK
+ Sha* sha = (Sha*)XMALLOC(sizeof(Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ Sha* sha2 = (Sha*)XMALLOC(sizeof(Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#else
+ Sha sha[1];
+ Sha sha2[1];
+#endif
+
/* make sha inner */
+ sha[0] = ssl->hsHashes->hashSha ; /* Save current position */
wc_ShaUpdate(&ssl->hsHashes->hashSha, ssl->arrays->masterSecret,SECRET_LEN);
wc_ShaUpdate(&ssl->hsHashes->hashSha, PAD1, PAD_SHA);
- wc_ShaFinal(&ssl->hsHashes->hashSha, sha_result);
+ wc_ShaGetHash(&ssl->hsHashes->hashSha, sha_result);
+ wc_ShaRestorePos(&ssl->hsHashes->hashSha, sha) ; /* Restore current position */
/* make sha outer */
- wc_ShaUpdate(&ssl->hsHashes->hashSha, ssl->arrays->masterSecret,SECRET_LEN);
- wc_ShaUpdate(&ssl->hsHashes->hashSha, PAD2, PAD_SHA);
- wc_ShaUpdate(&ssl->hsHashes->hashSha, sha_result, SHA_DIGEST_SIZE);
+ wc_InitSha(sha2) ;
+ wc_ShaUpdate(sha2, ssl->arrays->masterSecret,SECRET_LEN);
+ wc_ShaUpdate(sha2, PAD2, PAD_SHA);
+ wc_ShaUpdate(sha2, sha_result, SHA_DIGEST_SIZE);
+
+ wc_ShaFinal(sha2, digest);
+
+#ifdef WOLFSSL_SMALL_STACK
+ XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ XFREE(sha2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
- wc_ShaFinal(&ssl->hsHashes->hashSha, digest);
}
#endif /* NO_CERTS */
#endif /* NO_OLD_TLS */
@@ -6871,27 +7108,23 @@ static void BuildSHA_CertVerify(WOLFSSL* ssl, byte* digest)
static int BuildCertHashes(WOLFSSL* ssl, Hashes* hashes)
{
/* store current states, building requires get_digest which resets state */
- #ifndef NO_OLD_TLS
- Md5 md5 = ssl->hsHashes->hashMd5;
- Sha sha = ssl->hsHashes->hashSha;
- #endif
- #ifndef NO_SHA256
- Sha256 sha256 = ssl->hsHashes->hashSha256;
- #endif
#ifdef WOLFSSL_SHA384
Sha384 sha384 = ssl->hsHashes->hashSha384;
#endif
+ #ifdef WOLFSSL_SHA512
+ Sha512 sha512 = ssl->hsHashes->hashSha512;
+ #endif
if (ssl->options.tls) {
#if ! defined( NO_OLD_TLS )
- wc_Md5Final(&ssl->hsHashes->hashMd5, hashes->md5);
- wc_ShaFinal(&ssl->hsHashes->hashSha, hashes->sha);
+ wc_Md5GetHash(&ssl->hsHashes->hashMd5, hashes->md5);
+ wc_ShaGetHash(&ssl->hsHashes->hashSha, hashes->sha);
#endif
if (IsAtLeastTLSv1_2(ssl)) {
int ret;
#ifndef NO_SHA256
- ret = wc_Sha256Final(&ssl->hsHashes->hashSha256,hashes->sha256);
+ ret = wc_Sha256GetHash(&ssl->hsHashes->hashSha256,hashes->sha256);
if (ret != 0)
return ret;
#endif
@@ -6900,6 +7133,11 @@ static int BuildCertHashes(WOLFSSL* ssl, Hashes* hashes)
if (ret != 0)
return ret;
#endif
+ #ifdef WOLFSSL_SHA512
+ ret = wc_Sha512Final(&ssl->hsHashes->hashSha512,hashes->sha512);
+ if (ret != 0)
+ return ret;
+ #endif
}
}
#if ! defined( NO_OLD_TLS )
@@ -6909,16 +7147,14 @@ static int BuildCertHashes(WOLFSSL* ssl, Hashes* hashes)
}
/* restore */
- ssl->hsHashes->hashMd5 = md5;
- ssl->hsHashes->hashSha = sha;
#endif
if (IsAtLeastTLSv1_2(ssl)) {
- #ifndef NO_SHA256
- ssl->hsHashes->hashSha256 = sha256;
- #endif
#ifdef WOLFSSL_SHA384
ssl->hsHashes->hashSha384 = sha384;
#endif
+ #ifdef WOLFSSL_SHA512
+ ssl->hsHashes->hashSha512 = sha512;
+ #endif
}
return 0;
@@ -7105,12 +7341,12 @@ int SendFinished(WOLFSSL* ssl)
output = ssl->buffers.outputBuffer.buffer +
ssl->buffers.outputBuffer.length;
- AddHandShakeHeader(input, finishedSz, finished, ssl);
+ AddHandShakeHeader(input, finishedSz, 0, finishedSz, finished, ssl);
/* make finished hashes */
hashes = (Hashes*)&input[headerSz];
ret = BuildFinished(ssl, hashes,
- ssl->options.side == WOLFSSL_CLIENT_END ? client : server);
+ ssl->options.side == WOLFSSL_CLIENT_END ? client : server);
if (ret != 0) return ret;
#ifdef HAVE_SECURE_RENEGOTIATION
@@ -7140,11 +7376,7 @@ int SendFinished(WOLFSSL* ssl)
#ifndef NO_SESSION_CACHE
AddSession(ssl); /* just try */
#endif
- if (ssl->options.side == WOLFSSL_CLIENT_END) {
- ret = BuildFinished(ssl, &ssl->hsHashes->verifyHashes, server);
- if (ret != 0) return ret;
- }
- else {
+ if (ssl->options.side == WOLFSSL_SERVER_END) {
ssl->options.handShakeState = HANDSHAKE_DONE;
ssl->options.handShakeDone = 1;
#ifdef WOLFSSL_DTLS
@@ -7170,10 +7402,6 @@ int SendFinished(WOLFSSL* ssl)
}
#endif
}
- else {
- ret = BuildFinished(ssl, &ssl->hsHashes->verifyHashes, client);
- if (ret != 0) return ret;
- }
}
#ifdef WOLFSSL_DTLS
if (ssl->options.dtls) {
@@ -7194,117 +7422,231 @@ int SendFinished(WOLFSSL* ssl)
return SendBuffered(ssl);
}
+
#ifndef NO_CERTS
int SendCertificate(WOLFSSL* ssl)
{
- int sendSz, length, ret = 0;
- word32 i = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
- word32 certSz, listSz;
- byte* output = 0;
+ int ret = 0;
+ word32 certSz, certChainSz, headerSz, listSz, payloadSz;
+ word32 length, maxFragment;
if (ssl->options.usingPSK_cipher || ssl->options.usingAnon_cipher)
return 0; /* not needed */
if (ssl->options.sendVerify == SEND_BLANK_CERT) {
certSz = 0;
+ certChainSz = 0;
+ headerSz = CERT_HEADER_SZ;
length = CERT_HEADER_SZ;
listSz = 0;
}
else {
certSz = ssl->buffers.certificate.length;
+ headerSz = 2 * CERT_HEADER_SZ;
/* list + cert size */
- length = certSz + 2 * CERT_HEADER_SZ;
+ length = certSz + headerSz;
listSz = certSz + CERT_HEADER_SZ;
/* may need to send rest of chain, already has leading size(s) */
- if (ssl->buffers.certChain.buffer) {
- length += ssl->buffers.certChain.length;
- listSz += ssl->buffers.certChain.length;
+ if (certSz) {
+ certChainSz = ssl->buffers.certChain.length;
+ length += certChainSz;
+ listSz += certChainSz;
}
+ else
+ certChainSz = 0;
}
- sendSz = length + RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
+ payloadSz = length;
+
+ if (ssl->fragOffset != 0)
+ length -= (ssl->fragOffset + headerSz);
+
+ maxFragment = MAX_RECORD_SIZE;
+ if (ssl->options.dtls) {
#ifdef WOLFSSL_DTLS
- if (ssl->options.dtls) {
- sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
- i += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
- }
- #endif
-
- if (ssl->keys.encryptionOn)
- sendSz += MAX_MSG_EXTRA;
-
- /* check for available size */
- if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
- return ret;
-
- /* get ouput buffer */
- output = ssl->buffers.outputBuffer.buffer +
- ssl->buffers.outputBuffer.length;
-
- AddHeaders(output, length, certificate, ssl);
-
- /* list total */
- c32to24(listSz, output + i);
- i += CERT_HEADER_SZ;
-
- /* member */
- if (certSz) {
- c32to24(certSz, output + i);
- i += CERT_HEADER_SZ;
- XMEMCPY(output + i, ssl->buffers.certificate.buffer, certSz);
- i += certSz;
-
- /* send rest of chain? */
- if (ssl->buffers.certChain.buffer) {
- XMEMCPY(output + i, ssl->buffers.certChain.buffer,
- ssl->buffers.certChain.length);
- i += ssl->buffers.certChain.length;
- }
+ maxFragment = MAX_MTU - DTLS_RECORD_HEADER_SZ
+ - DTLS_HANDSHAKE_HEADER_SZ - 100;
+ #endif /* WOLFSSL_DTLS */
}
- if (ssl->keys.encryptionOn) {
- byte* input;
- int inputSz = i - RECORD_HEADER_SZ; /* build msg adds rec hdr */
+ #ifdef HAVE_MAX_FRAGMENT
+ if (ssl->max_fragment != 0 && maxFragment >= ssl->max_fragment)
+ maxFragment = ssl->max_fragment;
+ #endif /* HAVE_MAX_FRAGMENT */
- input = (byte*)XMALLOC(inputSz, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
- if (input == NULL)
- return MEMORY_E;
+ while (length > 0 && ret == 0) {
+ byte* output = NULL;
+ word32 fragSz = 0;
+ word32 i = RECORD_HEADER_SZ;
+ int sendSz = RECORD_HEADER_SZ;
- XMEMCPY(input, output + RECORD_HEADER_SZ, inputSz);
- sendSz = BuildMessage(ssl, output, sendSz, input,inputSz,handshake);
- XFREE(input, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
+ if (!ssl->options.dtls) {
+ if (ssl->fragOffset == 0) {
+ if (headerSz + certSz + certChainSz <=
+ maxFragment - HANDSHAKE_HEADER_SZ) {
- if (sendSz < 0)
- return sendSz;
- } else {
- ret = HashOutput(ssl, output, sendSz, 0);
- if (ret != 0)
+ fragSz = headerSz + certSz + certChainSz;
+ }
+ else {
+ fragSz = maxFragment - HANDSHAKE_HEADER_SZ;
+ }
+ sendSz += fragSz + HANDSHAKE_HEADER_SZ;
+ i += HANDSHAKE_HEADER_SZ;
+ }
+ else {
+ fragSz = min(length, maxFragment);
+ sendSz += fragSz;
+ }
+
+ if (ssl->keys.encryptionOn)
+ sendSz += MAX_MSG_EXTRA;
+ }
+ else {
+ #ifdef WOLFSSL_DTLS
+ fragSz = min(length, maxFragment);
+ sendSz += fragSz + DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA
+ + HANDSHAKE_HEADER_SZ;
+ i += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA
+ + HANDSHAKE_HEADER_SZ;
+ #endif
+ }
+
+ /* check for available size */
+ if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
return ret;
+
+ /* get ouput buffer */
+ output = ssl->buffers.outputBuffer.buffer +
+ ssl->buffers.outputBuffer.length;
+
+ if (ssl->fragOffset == 0) {
+ if (!ssl->options.dtls) {
+ AddFragHeaders(output, fragSz, 0, payloadSz, certificate, ssl);
+ if (!ssl->keys.encryptionOn)
+ HashOutputRaw(ssl, output + RECORD_HEADER_SZ,
+ HANDSHAKE_HEADER_SZ);
+ }
+ else {
+ #ifdef WOLFSSL_DTLS
+ AddHeaders(output, payloadSz, certificate, ssl);
+ if (!ssl->keys.encryptionOn)
+ HashOutputRaw(ssl,
+ output + RECORD_HEADER_SZ + DTLS_RECORD_EXTRA,
+ HANDSHAKE_HEADER_SZ + DTLS_HANDSHAKE_EXTRA);
+ /* Adding the headers increments these, decrement them for
+ * actual message header. */
+ ssl->keys.dtls_sequence_number--;
+ ssl->keys.dtls_handshake_number--;
+ AddFragHeaders(output, fragSz, 0, payloadSz, certificate, ssl);
+ ssl->keys.dtls_handshake_number--;
+ #endif /* WOLFSSL_DTLS */
+ }
+
+ /* list total */
+ c32to24(listSz, output + i);
+ if (!ssl->keys.encryptionOn)
+ HashOutputRaw(ssl, output + i, CERT_HEADER_SZ);
+ i += CERT_HEADER_SZ;
+ length -= CERT_HEADER_SZ;
+ fragSz -= CERT_HEADER_SZ;
+ if (certSz) {
+ c32to24(certSz, output + i);
+ if (!ssl->keys.encryptionOn)
+ HashOutputRaw(ssl, output + i, CERT_HEADER_SZ);
+ i += CERT_HEADER_SZ;
+ length -= CERT_HEADER_SZ;
+ fragSz -= CERT_HEADER_SZ;
+
+ if (!ssl->keys.encryptionOn) {
+ HashOutputRaw(ssl, ssl->buffers.certificate.buffer, certSz);
+ if (certChainSz)
+ HashOutputRaw(ssl, ssl->buffers.certChain.buffer,
+ certChainSz);
+ }
+ }
+ }
+ else {
+ if (!ssl->options.dtls) {
+ AddRecordHeader(output, fragSz, handshake, ssl);
+ }
+ else {
+ #ifdef WOLFSSL_DTLS
+ AddFragHeaders(output, fragSz, ssl->fragOffset + headerSz,
+ payloadSz, certificate, ssl);
+ ssl->keys.dtls_handshake_number--;
+ #endif /* WOLFSSL_DTLS */
+ }
+ }
+
+ /* member */
+ if (certSz && ssl->fragOffset < certSz) {
+ word32 copySz = min(certSz - ssl->fragOffset, fragSz);
+ XMEMCPY(output + i,
+ ssl->buffers.certificate.buffer + ssl->fragOffset, copySz);
+ i += copySz;
+ ssl->fragOffset += copySz;
+ length -= copySz;
+ fragSz -= copySz;
+ }
+ if (certChainSz && fragSz) {
+ word32 copySz = min(certChainSz + certSz - ssl->fragOffset, fragSz);
+ XMEMCPY(output + i,
+ ssl->buffers.certChain.buffer + ssl->fragOffset - certSz,
+ copySz);
+ i += copySz;
+ ssl->fragOffset += copySz;
+ length -= copySz;
+ }
+
+ if (ssl->keys.encryptionOn) {
+ byte* input;
+ int inputSz = i - RECORD_HEADER_SZ; /* build msg adds rec hdr */
+
+ input = (byte*)XMALLOC(inputSz, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
+ if (input == NULL)
+ return MEMORY_E;
+
+ XMEMCPY(input, output + RECORD_HEADER_SZ, inputSz);
+ sendSz = BuildMessage(ssl, output, sendSz, input,inputSz,handshake);
+ XFREE(input, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
+
+ if (sendSz < 0)
+ return sendSz;
+ }
+
+ #ifdef WOLFSSL_DTLS
+ if (ssl->options.dtls) {
+ if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0)
+ return ret;
+ }
+ #endif
+
+ #ifdef WOLFSSL_CALLBACKS
+ if (ssl->hsInfoOn)
+ AddPacketName("Certificate", &ssl->handShakeInfo);
+ if (ssl->toInfoOn)
+ AddPacketInfo("Certificate", &ssl->timeoutInfo, output, sendSz,
+ ssl->heap);
+ #endif
+
+ ssl->buffers.outputBuffer.length += sendSz;
+ if (!ssl->options.groupMessages)
+ ret = SendBuffered(ssl);
}
- #ifdef WOLFSSL_DTLS
- if (ssl->options.dtls) {
- if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0)
- return ret;
- }
- #endif
+ if (ret != WANT_WRITE) {
+ /* Clean up the fragment offset. */
+ ssl->fragOffset = 0;
+ #ifdef WOLFSSL_DTLS
+ if (ssl->options.dtls)
+ ssl->keys.dtls_handshake_number++;
+ #endif
+ if (ssl->options.side == WOLFSSL_SERVER_END)
+ ssl->options.serverState = SERVER_CERT_COMPLETE;
+ }
- #ifdef WOLFSSL_CALLBACKS
- if (ssl->hsInfoOn) AddPacketName("Certificate", &ssl->handShakeInfo);
- if (ssl->toInfoOn)
- AddPacketInfo("Certificate", &ssl->timeoutInfo, output, sendSz,
- ssl->heap);
- #endif
-
- if (ssl->options.side == WOLFSSL_SERVER_END)
- ssl->options.serverState = SERVER_CERT_COMPLETE;
-
- ssl->buffers.outputBuffer.length += sendSz;
- if (ssl->options.groupMessages)
- return 0;
- else
- return SendBuffered(ssl);
+ return ret;
}
@@ -7553,6 +7895,8 @@ startScr:
if (ssl->error == SOCKET_ERROR_E) {
if (ssl->options.connReset || ssl->options.isClosed) {
WOLFSSL_MSG("Peer reset or closed, connection done");
+ ssl->error = SOCKET_PEER_CLOSED_E;
+ WOLFSSL_ERROR(ssl->error);
return 0; /* peer reset or closed */
}
}
@@ -7966,6 +8310,27 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e)
case DUPLICATE_MSG_E:
return "Duplicate HandShake message Error";
+ case SNI_UNSUPPORTED:
+ return "Protocol version does not support SNI Error";
+
+ case SOCKET_PEER_CLOSED_E:
+ return "Peer closed underlying transport Error";
+
+ case BAD_TICKET_KEY_CB_SZ:
+ return "Bad user session ticket key callback Size Error";
+
+ case BAD_TICKET_MSG_SZ:
+ return "Bad session ticket message Size Error";
+
+ case BAD_TICKET_ENCRYPT:
+ return "Bad user ticket callback encrypt Error";
+
+ case DH_KEY_SIZE_E:
+ return "DH key too small Error";
+
+ case SNI_ABSENT_ERROR:
+ return "No Server Name Indication extension Error";
+
default :
return "unknown error number";
}
@@ -8366,6 +8731,10 @@ static const char* const cipher_names[] =
"ADH-AES128-SHA",
#endif
+#ifdef BUILD_TLS_QSH
+ "QSH",
+#endif
+
#ifdef HAVE_RENEGOTIATION_INDICATION
"RENEGOTIATION-INFO",
#endif
@@ -8760,6 +9129,10 @@ static int cipher_name_idx[] =
TLS_DH_anon_WITH_AES_128_CBC_SHA,
#endif
+#ifdef BUILD_TLS_QSH
+ TLS_QSH,
+#endif
+
#ifdef HAVE_RENEGOTIATION_INDICATION
TLS_EMPTY_RENEGOTIATION_INFO_SCSV,
#endif
@@ -8823,6 +9196,7 @@ int SetCipherList(Suites* suites, const char* list)
for (i = 0; i < suiteSz; i++) {
if (XSTRNCMP(name, cipher_names[i], sizeof(name)) == 0) {
suites->suites[idx++] = (XSTRSTR(name, "CHACHA")) ? CHACHA_BYTE
+ : (XSTRSTR(name, "QSH")) ? QSH_BYTE
: (XSTRSTR(name, "EC")) ? ECC_BYTE
: (XSTRSTR(name, "CCM")) ? ECC_BYTE
: 0x00; /* normal */
@@ -8881,6 +9255,12 @@ static void PickHashSigAlgo(WOLFSSL* ssl,
break;
}
#endif
+ #ifdef WOLFSSL_SHA512
+ else if (hashSigAlgo[i] == sha512_mac) {
+ ssl->suites->hashAlgo = sha512_mac;
+ break;
+ }
+ #endif
}
}
}
@@ -9063,13 +9443,19 @@ static void PickHashSigAlgo(WOLFSSL* ssl,
idSz = 0;
}
#endif
-
length = VERSION_SZ + RAN_LEN
+ idSz + ENUM_LEN
+ ssl->suites->suiteSz + SUITE_LEN
+ COMP_LEN + ENUM_LEN;
#ifdef HAVE_TLS_EXTENSIONS
+ /* auto populate extensions supported unless user defined */
+ if ((ret = TLSX_PopulateExtensions(ssl, 0)) != 0)
+ return ret;
+ #ifdef HAVE_QSH
+ if (QSH_Init(ssl) != 0)
+ return MEMORY_E;
+ #endif
length += TLSX_GetRequestSize(ssl);
#else
if (IsAtLeastTLSv1_2(ssl) && ssl->suites->hashSigAlgoSz) {
@@ -9276,8 +9662,9 @@ static void PickHashSigAlgo(WOLFSSL* ssl,
#endif
#ifdef HAVE_SESSION_TICKET
- ret = ret ||
- (!ssl->expect_session_ticket && ssl->session.ticketLen > 0);
+ /* server may send blank ticket which may not be expected to indicate
+ * exisiting one ok but will also be sending a new one */
+ ret = ret || (ssl->session.ticketLen > 0);
#endif
ret = ret ||
@@ -9406,7 +9793,7 @@ static void PickHashSigAlgo(WOLFSSL* ssl,
*inOutIdx = i;
- /* tls extensions */
+
if ( (i - begin) < helloSz) {
#ifdef HAVE_TLS_EXTENSIONS
if (TLSX_SupportExtensions(ssl)) {
@@ -9637,6 +10024,9 @@ static void PickHashSigAlgo(WOLFSSL* ssl,
static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
word32* inOutIdx, word32 size)
{
+ #ifdef HAVE_QSH
+ word16 name;
+ #endif
word16 length = 0;
word32 begin = *inOutIdx;
int ret = 0;
@@ -9649,6 +10039,7 @@ static void PickHashSigAlgo(WOLFSSL* ssl,
(void)size;
(void)ret;
+
#ifdef WOLFSSL_CALLBACKS
if (ssl->hsInfoOn)
AddPacketName("ServerKeyExchange", &ssl->handShakeInfo);
@@ -9674,6 +10065,25 @@ static void PickHashSigAlgo(WOLFSSL* ssl,
ssl->arrays->server_hint[min(length, MAX_PSK_ID_LEN - 1)] = 0;
*inOutIdx += length;
+ /* QSH extensions */
+ #ifdef HAVE_QSH
+ if (ssl->peerQSHKeyPresent) {
+ /* extension name */
+ ato16(input + *inOutIdx, &name);
+ *inOutIdx += OPAQUE16_LEN;
+
+ if (name == WOLFSSL_QSH) {
+ *inOutIdx += TLSX_QSHCipher_Parse(ssl, input + *inOutIdx,
+ size, 0);
+ }
+ else {
+ /* unknown extension sent server ignored
+ handshake */
+ return BUFFER_ERROR;
+ }
+ }
+ #endif
+
return 0;
}
#endif
@@ -9690,6 +10100,12 @@ static void PickHashSigAlgo(WOLFSSL* ssl,
if ((*inOutIdx - begin) + length > size)
return BUFFER_ERROR;
+ if (length < ssl->options.minDhKeySz) {
+ WOLFSSL_MSG("Server using a DH key that is too small");
+ SendAlert(ssl, alert_fatal, handshake_failure);
+ return DH_KEY_SIZE_E;
+ }
+
ssl->buffers.serverDH_P.buffer = (byte*) XMALLOC(length, ssl->heap,
DYNAMIC_TYPE_DH);
@@ -9701,6 +10117,8 @@ static void PickHashSigAlgo(WOLFSSL* ssl,
XMEMCPY(ssl->buffers.serverDH_P.buffer, input + *inOutIdx, length);
*inOutIdx += length;
+ ssl->options.dhKeySz = length;
+
/* g */
if ((*inOutIdx - begin) + OPAQUE16_LEN > size)
return BUFFER_ERROR;
@@ -9820,6 +10238,12 @@ static void PickHashSigAlgo(WOLFSSL* ssl,
if ((*inOutIdx - begin) + length > size)
return BUFFER_ERROR;
+ if (length < ssl->options.minDhKeySz) {
+ WOLFSSL_MSG("Server using a DH key that is too small");
+ SendAlert(ssl, alert_fatal, handshake_failure);
+ return DH_KEY_SIZE_E;
+ }
+
ssl->buffers.serverDH_P.buffer = (byte*) XMALLOC(length, ssl->heap,
DYNAMIC_TYPE_DH);
@@ -9831,6 +10255,8 @@ static void PickHashSigAlgo(WOLFSSL* ssl,
XMEMCPY(ssl->buffers.serverDH_P.buffer, input + *inOutIdx, length);
*inOutIdx += length;
+ ssl->options.dhKeySz = length;
+
/* g */
if ((*inOutIdx - begin) + OPAQUE16_LEN > size)
return BUFFER_ERROR;
@@ -9907,6 +10333,15 @@ static void PickHashSigAlgo(WOLFSSL* ssl,
byte hash384[SHA384_DIGEST_SIZE];
#endif
#endif
+#ifdef WOLFSSL_SHA512
+#ifdef WOLFSSL_SMALL_STACK
+ Sha512* sha512 = NULL;
+ byte* hash512 = NULL;
+#else
+ Sha512 sha512[1];
+ byte hash512[SHA512_DIGEST_SIZE];
+#endif
+#endif
#ifdef WOLFSSL_SMALL_STACK
byte* hash = NULL;
byte* messageVerify = NULL;
@@ -9918,6 +10353,20 @@ static void PickHashSigAlgo(WOLFSSL* ssl,
byte sigAlgo = ssl->specs.sig_algo;
word16 verifySz = (word16) (*inOutIdx - begin);
+#ifndef NO_OLD_TLS
+ byte doMd5 = 0;
+ byte doSha = 0;
+#endif
+#ifndef NO_SHA256
+ byte doSha256 = 0;
+#endif
+#ifdef WOLFSSL_SHA384
+ byte doSha384 = 0;
+#endif
+#ifdef WOLFSSL_SHA512
+ byte doSha512 = 0;
+#endif
+
(void)hash;
(void)sigAlgo;
(void)hashAlgo;
@@ -9936,11 +10385,60 @@ static void PickHashSigAlgo(WOLFSSL* ssl,
XMEMCPY(messageVerify, input + begin, verifySz);
if (IsAtLeastTLSv1_2(ssl)) {
+ byte setHash = 0;
if ((*inOutIdx - begin) + ENUM_LEN + ENUM_LEN > size)
ERROR_OUT(BUFFER_ERROR, done);
hashAlgo = input[(*inOutIdx)++];
sigAlgo = input[(*inOutIdx)++];
+
+ switch (hashAlgo) {
+ case sha512_mac:
+ #ifdef WOLFSSL_SHA512
+ doSha512 = 1;
+ setHash = 1;
+ #endif
+ break;
+
+ case sha384_mac:
+ #ifdef WOLFSSL_SHA384
+ doSha384 = 1;
+ setHash = 1;
+ #endif
+ break;
+
+ case sha256_mac:
+ #ifndef NO_SHA256
+ doSha256 = 1;
+ setHash = 1;
+ #endif
+ break;
+
+ case sha_mac:
+ #ifndef NO_OLD_TLS
+ doSha = 1;
+ setHash = 1;
+ #endif
+ break;
+
+ default:
+ ERROR_OUT(ALGO_ID_E, done);
+ }
+
+ if (setHash == 0) {
+ ERROR_OUT(ALGO_ID_E, done);
+ }
+
+ } else {
+ /* only using sha and md5 for rsa */
+ #ifndef NO_OLD_TLS
+ doSha = 1;
+ if (sigAlgo == rsa_sa_algo) {
+ doMd5 = 1;
+ }
+ #else
+ ERROR_OUT(ALGO_ID_E, done);
+ #endif
}
/* signature */
@@ -9965,65 +10463,104 @@ static void PickHashSigAlgo(WOLFSSL* ssl,
#ifndef NO_OLD_TLS
/* md5 */
#ifdef WOLFSSL_SMALL_STACK
- md5 = (Md5*)XMALLOC(sizeof(Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (md5 == NULL)
- ERROR_OUT(MEMORY_E, done);
+ if (doMd5) {
+ md5 = (Md5*)XMALLOC(sizeof(Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ if (md5 == NULL)
+ ERROR_OUT(MEMORY_E, done);
+ }
#endif
- wc_InitMd5(md5);
- wc_Md5Update(md5, ssl->arrays->clientRandom, RAN_LEN);
- wc_Md5Update(md5, ssl->arrays->serverRandom, RAN_LEN);
- wc_Md5Update(md5, messageVerify, verifySz);
- wc_Md5Final(md5, hash);
-
+ if (doMd5) {
+ wc_InitMd5(md5);
+ wc_Md5Update(md5, ssl->arrays->clientRandom, RAN_LEN);
+ wc_Md5Update(md5, ssl->arrays->serverRandom, RAN_LEN);
+ wc_Md5Update(md5, messageVerify, verifySz);
+ wc_Md5Final(md5, hash);
+ }
/* sha */
#ifdef WOLFSSL_SMALL_STACK
- sha = (Sha*)XMALLOC(sizeof(Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (sha == NULL)
- ERROR_OUT(MEMORY_E, done);
+ if (doSha) {
+ sha = (Sha*)XMALLOC(sizeof(Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ if (sha == NULL)
+ ERROR_OUT(MEMORY_E, done);
+ }
#endif
- ret = wc_InitSha(sha);
- if (ret != 0)
- goto done;
- wc_ShaUpdate(sha, ssl->arrays->clientRandom, RAN_LEN);
- wc_ShaUpdate(sha, ssl->arrays->serverRandom, RAN_LEN);
- wc_ShaUpdate(sha, messageVerify, verifySz);
- wc_ShaFinal(sha, hash + MD5_DIGEST_SIZE);
+ if (doSha) {
+ ret = wc_InitSha(sha);
+ if (ret != 0) goto done;
+ wc_ShaUpdate(sha, ssl->arrays->clientRandom, RAN_LEN);
+ wc_ShaUpdate(sha, ssl->arrays->serverRandom, RAN_LEN);
+ wc_ShaUpdate(sha, messageVerify, verifySz);
+ wc_ShaFinal(sha, hash + MD5_DIGEST_SIZE);
+ }
#endif
#ifndef NO_SHA256
#ifdef WOLFSSL_SMALL_STACK
- sha256 = (Sha256*)XMALLOC(sizeof(Sha256), NULL,
+ if (doSha256) {
+ sha256 = (Sha256*)XMALLOC(sizeof(Sha256), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- hash256 = (byte*)XMALLOC(SHA256_DIGEST_SIZE, NULL,
+ hash256 = (byte*)XMALLOC(SHA256_DIGEST_SIZE, NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (sha256 == NULL || hash256 == NULL)
- ERROR_OUT(MEMORY_E, done);
+ if (sha256 == NULL || hash256 == NULL)
+ ERROR_OUT(MEMORY_E, done);
+ }
#endif
- if (!(ret = wc_InitSha256(sha256))
- && !(ret = wc_Sha256Update(sha256, ssl->arrays->clientRandom, RAN_LEN))
- && !(ret = wc_Sha256Update(sha256, ssl->arrays->serverRandom, RAN_LEN))
- && !(ret = wc_Sha256Update(sha256, messageVerify, verifySz)))
- ret = wc_Sha256Final(sha256, hash256);
- if (ret != 0)
- goto done;
+ if (doSha256) {
+ if (!(ret = wc_InitSha256(sha256))
+ && !(ret = wc_Sha256Update(sha256, ssl->arrays->clientRandom,
+ RAN_LEN))
+ && !(ret = wc_Sha256Update(sha256, ssl->arrays->serverRandom,
+ RAN_LEN))
+ && !(ret = wc_Sha256Update(sha256, messageVerify, verifySz)))
+ ret = wc_Sha256Final(sha256, hash256);
+ if (ret != 0) goto done;
+ }
#endif
#ifdef WOLFSSL_SHA384
#ifdef WOLFSSL_SMALL_STACK
- sha384 = (Sha384*)XMALLOC(sizeof(Sha384), NULL,
+ if (doSha384) {
+ sha384 = (Sha384*)XMALLOC(sizeof(Sha384), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- hash384 = (byte*)XMALLOC(SHA384_DIGEST_SIZE, NULL,
+ hash384 = (byte*)XMALLOC(SHA384_DIGEST_SIZE, NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (sha384 == NULL || hash384 == NULL)
- ERROR_OUT(MEMORY_E, done);
+ if (sha384 == NULL || hash384 == NULL)
+ ERROR_OUT(MEMORY_E, done);
+ }
#endif
- if (!(ret = wc_InitSha384(sha384))
- && !(ret = wc_Sha384Update(sha384, ssl->arrays->clientRandom, RAN_LEN))
- && !(ret = wc_Sha384Update(sha384, ssl->arrays->serverRandom, RAN_LEN))
- && !(ret = wc_Sha384Update(sha384, messageVerify, verifySz)))
- ret = wc_Sha384Final(sha384, hash384);
- if (ret != 0)
- goto done;
+ if (doSha384) {
+ if (!(ret = wc_InitSha384(sha384))
+ && !(ret = wc_Sha384Update(sha384, ssl->arrays->clientRandom,
+ RAN_LEN))
+ && !(ret = wc_Sha384Update(sha384, ssl->arrays->serverRandom,
+ RAN_LEN))
+ && !(ret = wc_Sha384Update(sha384, messageVerify, verifySz)))
+ ret = wc_Sha384Final(sha384, hash384);
+ if (ret != 0) goto done;
+ }
+#endif
+
+#ifdef WOLFSSL_SHA512
+ #ifdef WOLFSSL_SMALL_STACK
+ if (doSha512) {
+ sha512 = (Sha512*)XMALLOC(sizeof(Sha512), NULL,
+ DYNAMIC_TYPE_TMP_BUFFER);
+ hash512 = (byte*)XMALLOC(SHA512_DIGEST_SIZE, NULL,
+ DYNAMIC_TYPE_TMP_BUFFER);
+ if (sha512 == NULL || hash512 == NULL)
+ ERROR_OUT(MEMORY_E, done);
+ }
+ #endif
+ if (doSha512) {
+ if (!(ret = wc_InitSha512(sha512))
+ && !(ret = wc_Sha512Update(sha512, ssl->arrays->clientRandom,
+ RAN_LEN))
+ && !(ret = wc_Sha512Update(sha512, ssl->arrays->serverRandom,
+ RAN_LEN))
+ && !(ret = wc_Sha512Update(sha512, messageVerify, verifySz)))
+ ret = wc_Sha512Final(sha512, hash512);
+ if (ret != 0) goto done;
+ }
#endif
#ifndef NO_RSA
@@ -10094,6 +10631,13 @@ static void PickHashSigAlgo(WOLFSSL* ssl,
digestSz = SHA384_DIGEST_SIZE;
#endif
}
+ else if (hashAlgo == sha512_mac) {
+ #ifdef WOLFSSL_SHA512
+ digest = hash512;
+ typeH = SHA512h;
+ digestSz = SHA512_DIGEST_SIZE;
+ #endif
+ }
#ifdef WOLFSSL_SMALL_STACK
encodedSig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ, NULL,
@@ -10102,12 +10646,13 @@ static void PickHashSigAlgo(WOLFSSL* ssl,
ERROR_OUT(MEMORY_E, done);
#endif
- encSigSz = wc_EncodeSignature(encodedSig, digest, digestSz, typeH);
-
+ if (digest == NULL)
+ ERROR_OUT(ALGO_ID_E, done);
+ encSigSz = wc_EncodeSignature(encodedSig, digest, digestSz,
+ typeH);
if (encSigSz != verifiedSz || !out || XMEMCMP(out, encodedSig,
min(encSigSz, MAX_ENCODED_SIG_SZ)) != 0)
ret = VERIFY_SIGN_ERROR;
-
#ifdef WOLFSSL_SMALL_STACK
XFREE(encodedSig, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
@@ -10159,6 +10704,12 @@ static void PickHashSigAlgo(WOLFSSL* ssl,
digestSz = SHA384_DIGEST_SIZE;
#endif
}
+ else if (hashAlgo == sha512_mac) {
+ #ifdef WOLFSSL_SHA512
+ digest = hash512;
+ digestSz = SHA512_DIGEST_SIZE;
+ #endif
+ }
}
if (doUserEcc) {
#ifdef HAVE_PK_CALLBACKS
@@ -10198,6 +10749,10 @@ static void PickHashSigAlgo(WOLFSSL* ssl,
#ifdef WOLFSSL_SHA384
XFREE(sha384, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(hash384, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ #endif
+ #ifdef WOLFSSL_SHA512
+ XFREE(sha512, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ XFREE(hash512, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
XFREE(hash, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(messageVerify, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -10210,6 +10765,25 @@ static void PickHashSigAlgo(WOLFSSL* ssl,
*inOutIdx += ssl->keys.padSz;
}
+
+ /* QSH extensions */
+#ifdef HAVE_QSH
+ if (ssl->peerQSHKeyPresent) {
+ /* extension name */
+ ato16(input + *inOutIdx, &name);
+ *inOutIdx += OPAQUE16_LEN;
+
+ if (name == WOLFSSL_QSH) {
+ *inOutIdx += TLSX_QSHCipher_Parse(ssl, input + *inOutIdx, size, 0);
+ }
+ else {
+ /* unknown extension sent server ignored
+ handshake */
+ return BUFFER_ERROR;
+ }
+ }
+#endif
+
return 0;
#else /* !NO_DH or HAVE_ECC */
return NOT_COMPILED_IN; /* not supported by build */
@@ -10219,6 +10793,373 @@ static void PickHashSigAlgo(WOLFSSL* ssl,
}
+#ifdef HAVE_QSH
+
+#ifdef HAVE_NTRU
+/* Encrypt a byte array using ntru
+ key a struct containing the public key to use
+ bufIn array to be encrypted
+ inSz size of bufIn array
+ bufOut cipher text out
+ outSz will be set to the new size of cipher text
+ */
+static int NtruSecretEncrypt(QSHKey* key, byte* bufIn, word32 inSz,
+ byte* bufOut, word16* outSz)
+{
+ int ret;
+ DRBG_HANDLE drbg;
+
+ /* sanity checks on input arguments */
+ if (key == NULL || bufIn == NULL || bufOut == NULL || outSz == NULL)
+ return BAD_FUNC_ARG;
+
+ if (key->pub.buffer == NULL)
+ return BAD_FUNC_ARG;
+
+ switch (key->name) {
+ case WOLFSSL_NTRU_EESS439:
+ case WOLFSSL_NTRU_EESS593:
+ case WOLFSSL_NTRU_EESS743:
+ break;
+ default:
+ WOLFSSL_MSG("Unknown QSH encryption key!");
+ return -1;
+ }
+
+ /* set up ntru drbg */
+ ret = ntru_crypto_drbg_external_instantiate(GetEntropy, &drbg);
+ if (ret != DRBG_OK)
+ return NTRU_DRBG_ERROR;
+
+ /* encrypt the byte array */
+ ret = ntru_crypto_ntru_encrypt(drbg, key->pub.length, key->pub.buffer,
+ inSz, bufIn, outSz, bufOut);
+ ntru_crypto_drbg_uninstantiate(drbg);
+ if (ret != NTRU_OK)
+ return NTRU_ENCRYPT_ERROR;
+
+ return ret;
+}
+
+/* Decrypt a byte array using ntru
+ key a struct containing the private key to use
+ bufIn array to be decrypted
+ inSz size of bufIn array
+ bufOut plain text out
+ outSz will be set to the new size of plain text
+ */
+
+static int NtruSecretDecrypt(QSHKey* key, byte* bufIn, word32 inSz,
+ byte* bufOut, word16* outSz)
+{
+ int ret;
+ DRBG_HANDLE drbg;
+
+ /* sanity checks on input arguments */
+ if (key == NULL || bufIn == NULL || bufOut == NULL || outSz == NULL)
+ return BAD_FUNC_ARG;
+
+ if (key->pri.buffer == NULL)
+ return BAD_FUNC_ARG;
+
+ switch (key->name) {
+ case WOLFSSL_NTRU_EESS439:
+ case WOLFSSL_NTRU_EESS593:
+ case WOLFSSL_NTRU_EESS743:
+ break;
+ default:
+ WOLFSSL_MSG("Unknown QSH decryption key!");
+ return -1;
+ }
+
+
+ /* set up drbg */
+ ret = ntru_crypto_drbg_external_instantiate(GetEntropy, &drbg);
+ if (ret != DRBG_OK)
+ return NTRU_DRBG_ERROR;
+
+ /* decrypt cipher text */
+ ret = ntru_crypto_ntru_decrypt(key->pri.length, key->pri.buffer,
+ inSz, bufIn, outSz, bufOut);
+ ntru_crypto_drbg_uninstantiate(drbg);
+ if (ret != NTRU_OK)
+ return NTRU_ENCRYPT_ERROR;
+
+ return ret;
+}
+#endif /* HAVE_NTRU */
+
+int QSH_Init(WOLFSSL* ssl)
+{
+ /* check so not initialising twice when running DTLS */
+ if (ssl->QSH_secret != NULL)
+ return 0;
+
+ /* malloc memory for holding generated secret information */
+ if ((ssl->QSH_secret =
+ XMALLOC(sizeof(QSHSecret), NULL, DYNAMIC_TYPE_TMP_BUFFER)) == NULL)
+ return MEMORY_E;
+
+ ssl->QSH_secret->CliSi = (buffer*)XMALLOC(sizeof(buffer), NULL,
+ DYNAMIC_TYPE_TMP_BUFFER);
+ if (ssl->QSH_secret->CliSi == NULL)
+ return MEMORY_E;
+
+ ssl->QSH_secret->SerSi = (buffer*)XMALLOC(sizeof(buffer), NULL,
+ DYNAMIC_TYPE_TMP_BUFFER);
+ if (ssl->QSH_secret->SerSi == NULL)
+ return MEMORY_E;
+
+ /* initialize variables */
+ ssl->QSH_secret->list = NULL;
+ ssl->QSH_secret->CliSi->length = 0;
+ ssl->QSH_secret->CliSi->buffer = NULL;
+ ssl->QSH_secret->SerSi->length = 0;
+ ssl->QSH_secret->SerSi->buffer = NULL;
+
+ return 0;
+}
+
+
+static int QSH_Encrypt(QSHKey* key, byte* in, word32 szIn,
+ byte* out, word32* szOut)
+{
+ int ret = 0;
+ word16 size = *szOut;
+
+ WOLFSSL_MSG("Encrypting QSH key material");
+
+ switch (key->name) {
+ #ifdef HAVE_NTRU
+ case WOLFSSL_NTRU_EESS439:
+ case WOLFSSL_NTRU_EESS593:
+ case WOLFSSL_NTRU_EESS743:
+ ret = NtruSecretEncrypt(key, in, szIn, out, &size);
+ break;
+ #endif
+ default:
+ WOLFSSL_MSG("Unknown QSH encryption key!");
+ return -1;
+ }
+
+ *szOut = size;
+
+ return ret;
+}
+
+
+/* Decrypt using Quantum Safe Handshake algorithms */
+int QSH_Decrypt(QSHKey* key, byte* in, word32 szIn,
+ byte* out, word16* szOut)
+{
+ int ret = 0;
+ word16 size = *szOut;
+
+ WOLFSSL_MSG("Decrypting QSH key material");
+
+ switch (key->name) {
+ #ifdef HAVE_NTRU
+ case WOLFSSL_NTRU_EESS439:
+ case WOLFSSL_NTRU_EESS593:
+ case WOLFSSL_NTRU_EESS743:
+ ret = NtruSecretDecrypt(key, in, szIn, out, &size);
+ break;
+ #endif
+ default:
+ WOLFSSL_MSG("Unknown QSH decryption key!");
+ return -1;
+ }
+
+ *szOut = size;
+
+ return ret;
+}
+
+
+/* Get the max cipher text for corresponding encryption scheme
+ (encrypting 48 or max plain text whichever is smaller)
+ */
+static word32 QSH_MaxSecret(QSHKey* key)
+{
+ byte isNtru = 0;
+ word16 inSz = 48;
+ word16 outSz;
+ DRBG_HANDLE drbg = 0;
+ byte bufIn[48];
+ int ret = 0;
+
+ if (key == NULL || key->pub.length == 0)
+ return 0;
+
+ switch(key->name) {
+#ifdef HAVE_NTRU
+ case WOLFSSL_NTRU_EESS439:
+ isNtru = 1;
+ break;
+ case WOLFSSL_NTRU_EESS593:
+ isNtru = 1;
+ break;
+ case WOLFSSL_NTRU_EESS743:
+ isNtru = 1;
+ break;
+#endif
+ default:
+ WOLFSSL_MSG("Unknown QSH encryption scheme size!");
+ return 0;
+ }
+
+ if (isNtru) {
+ ret = ntru_crypto_drbg_external_instantiate(GetEntropy, &drbg);
+ if (ret != DRBG_OK)
+ return NTRU_DRBG_ERROR;
+ ret = ntru_crypto_ntru_encrypt(drbg, key->pub.length,
+ key->pub.buffer, inSz, bufIn, &outSz, NULL);
+ if (ret != NTRU_OK) {
+ return NTRU_ENCRYPT_ERROR;
+ }
+ ntru_crypto_drbg_uninstantiate(drbg);
+ return outSz;
+ }
+
+ return 0;
+}
+
+/* Generate the secret byte material for pms
+ returns length on success and -1 on fail
+ */
+static int QSH_GenerateSerCliSecret(WOLFSSL* ssl, byte isServer)
+{
+ int sz = 0;
+ int plainSz = 48; /* lesser of 48 and max plain text able to encrypt */
+ int offset = 0;
+ word32 tmpSz = 0;
+ buffer* buf;
+ QSHKey* current = ssl->peerQSHKey;
+ QSHScheme* schmPre = NULL;
+ QSHScheme* schm = NULL;
+
+ if (ssl == NULL)
+ return -1;
+
+ WOLFSSL_MSG("Generating QSH secret key material");
+
+ /* get size of buffer needed */
+ while (current) {
+ if (current->pub.length != 0) {
+ sz += plainSz;
+ }
+ current = (QSHKey*)current->next;
+ }
+
+ /* allocate memory for buffer */
+ if (isServer) {
+ buf = ssl->QSH_secret->SerSi;
+ }
+ else {
+ buf = ssl->QSH_secret->CliSi;
+ }
+ buf->length = sz;
+ buf->buffer = XMALLOC(sz, buf->buffer, DYNAMIC_TYPE_TMP_BUFFER);
+ if (buf->buffer == NULL) {
+ WOLFSSL_ERROR(MEMORY_E);
+ }
+
+ /* create secret information */
+ sz = 0;
+ current = ssl->peerQSHKey;
+ while (current) {
+ schm = XMALLOC(sizeof(QSHScheme), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ if (schm == NULL)
+ return MEMORY_E;
+
+ /* initialize variables */
+ schm->name = 0;
+ schm->PK = NULL;
+ schm->PKLen = 0;
+ schm->next = NULL;
+ if (ssl->QSH_secret->list == NULL) {
+ ssl->QSH_secret->list = schm;
+ }
+ else {
+ if (schmPre)
+ schmPre->next = schm;
+ }
+
+ tmpSz = QSH_MaxSecret(current);
+
+ if ((schm->PK = XMALLOC(tmpSz, 0, DYNAMIC_TYPE_TMP_BUFFER)) == NULL)
+ return -1;
+
+ /* store info for writing extension */
+ schm->name = current->name;
+
+ /* no key to use for encryption */
+ if (tmpSz == 0) {
+ current = (QSHKey*)current->next;
+ continue;
+ }
+
+ if (wc_RNG_GenerateBlock(ssl->rng, buf->buffer + offset, plainSz)
+ != 0) {
+ return -1;
+ }
+ if (QSH_Encrypt(current, buf->buffer + offset, plainSz, schm->PK,
+ &tmpSz) != 0) {
+ return -1;
+ }
+ schm->PKLen = tmpSz;
+
+ sz += tmpSz;
+ offset += plainSz;
+ schmPre = schm;
+ current = (QSHKey*)current->next;
+ }
+
+ return sz;
+}
+
+
+static word32 QSH_KeyGetSize(WOLFSSL* ssl)
+{
+ word32 sz = 0;
+ QSHKey* current = ssl->peerQSHKey;
+
+ if (ssl == NULL)
+ return -1;
+
+ sz += OPAQUE16_LEN; /* type of extension ie 0x00 0x18 */
+ sz += OPAQUE24_LEN;
+ /* get size of buffer needed */
+ while (current) {
+ sz += OPAQUE16_LEN; /* scheme id */
+ sz += OPAQUE16_LEN; /* encrypted key len*/
+ sz += QSH_MaxSecret(current);
+ current = (QSHKey*)current->next;
+ }
+
+ return sz;
+}
+
+
+/* handle QSH key Exchange
+ return 0 on success
+ */
+static word32 QSH_KeyExchangeWrite(WOLFSSL* ssl, byte isServer)
+{
+ int ret = 0;
+
+ WOLFSSL_ENTER("QSH KeyExchange");
+
+ ret = QSH_GenerateSerCliSecret(ssl, isServer);
+ if (ret < 0)
+ return MEMORY_E;
+
+ return 0;
+}
+
+#endif /* HAVE_QSH */
+
+
int SendClientKeyExchange(WOLFSSL* ssl)
{
#ifdef WOLFSSL_SMALL_STACK
@@ -10231,6 +11172,13 @@ static void PickHashSigAlgo(WOLFSSL* ssl,
int ret = 0;
byte doUserRsa = 0;
+ #ifdef HAVE_QSH
+ word32 qshSz = 0;
+ if (ssl->peerQSHKeyPresent) {
+ qshSz = QSH_KeyGetSize(ssl);
+ }
+ #endif
+
(void)doUserRsa;
#ifdef HAVE_PK_CALLBACKS
@@ -10488,9 +11436,6 @@ static void PickHashSigAlgo(WOLFSSL* ssl,
word32 rc;
word16 cipherLen = MAX_ENCRYPT_SZ;
DRBG_HANDLE drbg;
- static uint8_t const wolfsslStr[] = {
- 'C', 'y', 'a', 'S', 'S', 'L', ' ', 'N', 'T', 'R', 'U'
- };
ret = wc_RNG_GenerateBlock(ssl->rng,
ssl->arrays->preMasterSecret, SECRET_LEN);
@@ -10510,9 +11455,7 @@ static void PickHashSigAlgo(WOLFSSL* ssl,
return NO_PEER_KEY;
}
- rc = ntru_crypto_drbg_instantiate(MAX_NTRU_BITS, wolfsslStr,
- sizeof(wolfsslStr), GetEntropy,
- &drbg);
+ rc = ntru_crypto_drbg_external_instantiate(GetEntropy, &drbg);
if (rc != DRBG_OK) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -10635,6 +11578,11 @@ static void PickHashSigAlgo(WOLFSSL* ssl,
if (ssl->keys.encryptionOn)
sendSz += MAX_MSG_EXTRA;
+ #ifdef HAVE_QSH
+ encSz += qshSz;
+ sendSz += qshSz;
+ #endif
+
/* check for available size */
if ((ret = CheckAvailableSize(ssl, sendSz)) != 0) {
#ifdef WOLFSSL_SMALL_STACK
@@ -10647,8 +11595,35 @@ static void PickHashSigAlgo(WOLFSSL* ssl,
output = ssl->buffers.outputBuffer.buffer +
ssl->buffers.outputBuffer.length;
+
+#ifdef HAVE_QSH
+ if (ssl->peerQSHKeyPresent) {
+ byte idxSave = idx;
+ idx = sendSz - qshSz;
+
+ if (QSH_KeyExchangeWrite(ssl, 0) != 0)
+ return MEMORY_E;
+
+ /* extension type */
+ c16toa(WOLFSSL_QSH, output + idx);
+ idx += OPAQUE16_LEN;
+
+ /* write to output and check amount written */
+ if (TLSX_QSHPK_Write(ssl->QSH_secret->list, output + idx)
+ > qshSz - OPAQUE16_LEN)
+ return MEMORY_E;
+
+ idx = idxSave;
+ }
+#endif
+
AddHeaders(output, encSz + tlsSz, client_key_exchange, ssl);
+#ifdef HAVE_QSH
+ if (ssl->peerQSHKeyPresent) {
+ encSz -= qshSz;
+ }
+#endif
if (tlsSz) {
c16toa((word16)encSz, &output[idx]);
idx += 2;
@@ -10887,6 +11862,12 @@ static void PickHashSigAlgo(WOLFSSL* ssl,
digestSz = SHA384_DIGEST_SIZE;
#endif
}
+ else if (ssl->suites->hashAlgo == sha512_mac) {
+ #ifdef WOLFSSL_SHA512
+ digest = ssl->hsHashes->certHashes.sha512;
+ digestSz = SHA512_DIGEST_SIZE;
+ #endif
+ }
}
if (doUserEcc) {
@@ -10955,6 +11936,14 @@ static void PickHashSigAlgo(WOLFSSL* ssl,
didSet = 1;
#endif
}
+ else if (ssl->suites->hashAlgo == sha512_mac) {
+ #ifdef WOLFSSL_SHA512
+ digest = ssl->hsHashes->certHashes.sha512;
+ typeH = SHA512h;
+ digestSz = SHA512_DIGEST_SIZE;
+ didSet = 1;
+ #endif
+ }
if (didSet == 0) {
/* defaults */
@@ -11133,7 +12122,7 @@ int DoSessionTicket(WOLFSSL* ssl,
ssl->expect_session_ticket = 0;
- return BuildFinished(ssl, &ssl->hsHashes->verifyHashes, server);
+ return 0;
}
#endif /* HAVE_SESSION_TICKET */
@@ -11148,6 +12137,7 @@ int DoSessionTicket(WOLFSSL* ssl,
word32 length, idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
int sendSz;
int ret;
+ byte sessIdSz = ID_LEN;
length = VERSION_SZ + RAN_LEN
+ ID_LEN + ENUM_LEN
@@ -11156,6 +12146,13 @@ int DoSessionTicket(WOLFSSL* ssl,
#ifdef HAVE_TLS_EXTENSIONS
length += TLSX_GetResponseSize(ssl);
+ #ifdef HAVE_SESSION_TICKET
+ if (ssl->options.useTicket && ssl->arrays->sessionIDSz == 0) {
+ /* no session id */
+ length -= ID_LEN;
+ sessIdSz = 0;
+ }
+ #endif /* HAVE_SESSION_TICKET */
#endif
/* check for avalaible size */
@@ -11201,17 +12198,19 @@ int DoSessionTicket(WOLFSSL* ssl,
}
#endif
/* then session id */
- output[idx++] = ID_LEN;
+ output[idx++] = sessIdSz;
+ if (sessIdSz) {
- if (!ssl->options.resuming) {
- ret = wc_RNG_GenerateBlock(ssl->rng, ssl->arrays->sessionID, ID_LEN);
- if (ret != 0)
- return ret;
+ if (!ssl->options.resuming) {
+ ret = wc_RNG_GenerateBlock(ssl->rng, ssl->arrays->sessionID,
+ sessIdSz);
+ if (ret != 0) return ret;
+ }
+
+ XMEMCPY(output + idx, ssl->arrays->sessionID, sessIdSz);
+ idx += sessIdSz;
}
- XMEMCPY(output + idx, ssl->arrays->sessionID, ID_LEN);
- idx += ID_LEN;
-
/* then cipher suite */
output[idx++] = ssl->options.cipherSuite0;
output[idx++] = ssl->options.cipherSuite;
@@ -11299,6 +12298,14 @@ int DoSessionTicket(WOLFSSL* ssl,
(void)ssl;
#define ERROR_OUT(err, eLabel) do { ret = err; goto eLabel; } while(0)
+ #ifdef HAVE_QSH
+ word32 qshSz = 0;
+ if (ssl->peerQSHKeyPresent && ssl->options.haveQSH) {
+ qshSz = QSH_KeyGetSize(ssl);
+ }
+ #endif
+
+
#ifndef NO_PSK
if (ssl->specs.kea == psk_kea)
{
@@ -11315,6 +12322,11 @@ int DoSessionTicket(WOLFSSL* ssl,
length += HINT_LEN_SZ;
sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ;
+ #ifdef HAVE_QSH
+ length += qshSz;
+ sendSz += qshSz;
+ #endif
+
#ifdef WOLFSSL_DTLS
if (ssl->options.dtls) {
sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
@@ -11332,10 +12344,33 @@ int DoSessionTicket(WOLFSSL* ssl,
AddHeaders(output, length, server_key_exchange, ssl);
/* key data */
+ #ifdef HAVE_QSH
+ c16toa((word16)(length - qshSz - HINT_LEN_SZ), output + idx);
+ #else
c16toa((word16)(length - HINT_LEN_SZ), output + idx);
+ #endif
idx += HINT_LEN_SZ;
XMEMCPY(output + idx, ssl->arrays->server_hint,length -HINT_LEN_SZ);
+ #ifdef HAVE_QSH
+ if (ssl->peerQSHKeyPresent) {
+ if (qshSz > 0) {
+ idx = sendSz - qshSz;
+ if (QSH_KeyExchangeWrite(ssl, 1) != 0)
+ return MEMORY_E;
+
+ /* extension type */
+ c16toa(WOLFSSL_QSH, output + idx);
+ idx += OPAQUE16_LEN;
+
+ /* write to output and check amount written */
+ if (TLSX_QSHPK_Write(ssl->QSH_secret->list, output + idx)
+ > qshSz - OPAQUE16_LEN)
+ return MEMORY_E;
+ }
+ }
+ #endif
+
#ifdef WOLFSSL_DTLS
if (ssl->options.dtls)
if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0)
@@ -11418,6 +12453,10 @@ int DoSessionTicket(WOLFSSL* ssl,
length += hintLen + HINT_LEN_SZ;
sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ;
+ #ifdef HAVE_QSH
+ length += qshSz;
+ sendSz += qshSz;
+ #endif
#ifdef WOLFSSL_DTLS
if (ssl->options.dtls) {
sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
@@ -11463,6 +12502,24 @@ int DoSessionTicket(WOLFSSL* ssl,
idx += ssl->buffers.serverDH_Pub.length;
(void)idx; /* suppress analyzer warning, and keep idx current */
+ #ifdef HAVE_QSH
+ if (ssl->peerQSHKeyPresent) {
+ if (qshSz > 0) {
+ idx = sendSz - qshSz;
+ QSH_KeyExchangeWrite(ssl, 1);
+
+ /* extension type */
+ c16toa(WOLFSSL_QSH, output + idx);
+ idx += OPAQUE16_LEN;
+
+ /* write to output and check amount written */
+ if (TLSX_QSHPK_Write(ssl->QSH_secret->list, output + idx)
+ > qshSz - OPAQUE16_LEN)
+ return MEMORY_E;
+ }
+ }
+ #endif
+
#ifdef WOLFSSL_DTLS
if (ssl->options.dtls)
if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0)
@@ -11510,6 +12567,20 @@ int DoSessionTicket(WOLFSSL* ssl,
#endif
word32 expSz = MAX_EXPORT_ECC_SZ;
+ #ifndef NO_OLD_TLS
+ byte doMd5 = 0;
+ byte doSha = 0;
+ #endif
+ #ifndef NO_SHA256
+ byte doSha256 = 0;
+ #endif
+ #ifdef WOLFSSL_SHA384
+ byte doSha384 = 0;
+ #endif
+ #ifdef WOLFSSL_SHA512
+ byte doSha512 = 0;
+ #endif
+
if (ssl->specs.static_ecdh) {
WOLFSSL_MSG("Using Static ECDH, not sending ServerKeyExchagne");
return 0;
@@ -11607,6 +12678,10 @@ int DoSessionTicket(WOLFSSL* ssl,
sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ;
+ #ifdef HAVE_QSH
+ length += qshSz;
+ sendSz += qshSz;
+ #endif
#ifdef WOLFSSL_DTLS
if (ssl->options.dtls) {
sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
@@ -11638,8 +12713,66 @@ int DoSessionTicket(WOLFSSL* ssl,
XMEMCPY(output + idx, exportBuf, expSz);
idx += expSz;
if (IsAtLeastTLSv1_2(ssl)) {
+ byte setHash = 0;
+
output[idx++] = ssl->suites->hashAlgo;
output[idx++] = ssl->suites->sigAlgo;
+
+ switch (ssl->suites->hashAlgo) {
+ case sha512_mac:
+ #ifdef WOLFSSL_SHA512
+ doSha512 = 1;
+ setHash = 1;
+ #endif
+ break;
+
+ case sha384_mac:
+ #ifdef WOLFSSL_SHA384
+ doSha384 = 1;
+ setHash = 1;
+ #endif
+ break;
+
+ case sha256_mac:
+ #ifndef NO_SHA256
+ doSha256 = 1;
+ setHash = 1;
+ #endif
+ break;
+
+ case sha_mac:
+ #ifndef NO_OLD_TLS
+ doSha = 1;
+ setHash = 1;
+ #endif
+ break;
+
+ default:
+ WOLFSSL_MSG("Bad hash sig algo");
+ break;
+ }
+
+ if (setHash == 0) {
+ #ifndef NO_RSA
+ wc_FreeRsaKey(&rsaKey);
+ #endif
+ wc_ecc_free(&dsaKey);
+ ERROR_OUT(ALGO_ID_E, done_a);
+ }
+ } else {
+ /* only using sha and md5 for rsa */
+ #ifndef NO_OLD_TLS
+ doSha = 1;
+ if (ssl->suites->sigAlgo == rsa_sa_algo) {
+ doMd5 = 1;
+ }
+ #else
+ #ifndef NO_RSA
+ wc_FreeRsaKey(&rsaKey);
+ #endif
+ wc_ecc_free(&dsaKey);
+ ERROR_OUT(ALGO_ID_E, done_a);
+ #endif
}
/* Signtaure length will be written later, when we're sure what it
@@ -11685,6 +12818,15 @@ int DoSessionTicket(WOLFSSL* ssl,
byte hash384[SHA384_DIGEST_SIZE];
#endif
#endif
+ #ifdef WOLFSSL_SHA512
+ #ifdef WOLFSSL_SMALL_STACK
+ Sha512* sha512 = NULL;
+ byte* hash512 = NULL;
+ #else
+ Sha512 sha512[1];
+ byte hash512[SHA512_DIGEST_SIZE];
+ #endif
+ #endif
#ifdef WOLFSSL_SMALL_STACK
hash = (byte*)XMALLOC(FINISHED_SZ, NULL,
@@ -11696,73 +12838,115 @@ int DoSessionTicket(WOLFSSL* ssl,
#ifndef NO_OLD_TLS
/* md5 */
#ifdef WOLFSSL_SMALL_STACK
- md5 = (Md5*)XMALLOC(sizeof(Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (md5 == NULL)
- ERROR_OUT(MEMORY_E, done_a2);
+ if (doMd5) {
+ md5 = (Md5*)XMALLOC(sizeof(Md5), NULL,
+ DYNAMIC_TYPE_TMP_BUFFER);
+ if (md5 == NULL)
+ ERROR_OUT(MEMORY_E, done_a2);
+ }
#endif
- wc_InitMd5(md5);
- wc_Md5Update(md5, ssl->arrays->clientRandom, RAN_LEN);
- wc_Md5Update(md5, ssl->arrays->serverRandom, RAN_LEN);
- wc_Md5Update(md5, output + preSigIdx, preSigSz);
- wc_Md5Final(md5, hash);
-
+ if (doMd5) {
+ wc_InitMd5(md5);
+ wc_Md5Update(md5, ssl->arrays->clientRandom, RAN_LEN);
+ wc_Md5Update(md5, ssl->arrays->serverRandom, RAN_LEN);
+ wc_Md5Update(md5, output + preSigIdx, preSigSz);
+ wc_Md5Final(md5, hash);
+ }
/* sha */
#ifdef WOLFSSL_SMALL_STACK
- sha = (Sha*)XMALLOC(sizeof(Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (sha == NULL)
- ERROR_OUT(MEMORY_E, done_a2);
+ if (doSha) {
+ sha = (Sha*)XMALLOC(sizeof(Sha), NULL,
+ DYNAMIC_TYPE_TMP_BUFFER);
+ if (sha == NULL)
+ ERROR_OUT(MEMORY_E, done_a2);
+ }
#endif
- ret = wc_InitSha(sha);
- if (ret != 0)
- goto done_a2;
- wc_ShaUpdate(sha, ssl->arrays->clientRandom, RAN_LEN);
- wc_ShaUpdate(sha, ssl->arrays->serverRandom, RAN_LEN);
- wc_ShaUpdate(sha, output + preSigIdx, preSigSz);
- wc_ShaFinal(sha, &hash[MD5_DIGEST_SIZE]);
+ if (doSha) {
+ ret = wc_InitSha(sha);
+ if (ret != 0) goto done_a2;
+ wc_ShaUpdate(sha, ssl->arrays->clientRandom, RAN_LEN);
+ wc_ShaUpdate(sha, ssl->arrays->serverRandom, RAN_LEN);
+ wc_ShaUpdate(sha, output + preSigIdx, preSigSz);
+ wc_ShaFinal(sha, &hash[MD5_DIGEST_SIZE]);
+ }
#endif
#ifndef NO_SHA256
#ifdef WOLFSSL_SMALL_STACK
- sha256 = (Sha256*)XMALLOC(sizeof(Sha256), NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- hash256 = (byte*)XMALLOC(SHA256_DIGEST_SIZE, NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (sha256 == NULL || hash256 == NULL)
- ERROR_OUT(MEMORY_E, done_a2);
+ if (doSha256) {
+ sha256 = (Sha256*)XMALLOC(sizeof(Sha256), NULL,
+ DYNAMIC_TYPE_TMP_BUFFER);
+ hash256 = (byte*)XMALLOC(SHA256_DIGEST_SIZE, NULL,
+ DYNAMIC_TYPE_TMP_BUFFER);
+ if (sha256 == NULL || hash256 == NULL)
+ ERROR_OUT(MEMORY_E, done_a2);
+ }
#endif
- if (!(ret = wc_InitSha256(sha256))
- && !(ret = wc_Sha256Update(sha256, ssl->arrays->clientRandom,
- RAN_LEN))
- && !(ret = wc_Sha256Update(sha256, ssl->arrays->serverRandom,
- RAN_LEN))
- && !(ret = wc_Sha256Update(sha256, output + preSigIdx, preSigSz)))
- ret = wc_Sha256Final(sha256, hash256);
+ if (doSha256) {
+ if (!(ret = wc_InitSha256(sha256))
+ && !(ret = wc_Sha256Update(sha256,
+ ssl->arrays->clientRandom, RAN_LEN))
+ && !(ret = wc_Sha256Update(sha256,
+ ssl->arrays->serverRandom, RAN_LEN))
+ && !(ret = wc_Sha256Update(sha256,
+ output + preSigIdx, preSigSz)))
+ ret = wc_Sha256Final(sha256, hash256);
- if (ret != 0)
- goto done_a2;
+ if (ret != 0) goto done_a2;
+ }
#endif
#ifdef WOLFSSL_SHA384
#ifdef WOLFSSL_SMALL_STACK
- sha384 = (Sha384*)XMALLOC(sizeof(Sha384), NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- hash384 = (byte*)XMALLOC(SHA384_DIGEST_SIZE, NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (sha384 == NULL || hash384 == NULL)
- ERROR_OUT(MEMORY_E, done_a2);
+ if (doSha384) {
+ sha384 = (Sha384*)XMALLOC(sizeof(Sha384), NULL,
+ DYNAMIC_TYPE_TMP_BUFFER);
+ hash384 = (byte*)XMALLOC(SHA384_DIGEST_SIZE, NULL,
+ DYNAMIC_TYPE_TMP_BUFFER);
+ if (sha384 == NULL || hash384 == NULL)
+ ERROR_OUT(MEMORY_E, done_a2);
+ }
#endif
- if (!(ret = wc_InitSha384(sha384))
- && !(ret = wc_Sha384Update(sha384, ssl->arrays->clientRandom,
- RAN_LEN))
- && !(ret = wc_Sha384Update(sha384, ssl->arrays->serverRandom,
- RAN_LEN))
- && !(ret = wc_Sha384Update(sha384, output + preSigIdx, preSigSz)))
- ret = wc_Sha384Final(sha384, hash384);
+ if (doSha384) {
+ if (!(ret = wc_InitSha384(sha384))
+ && !(ret = wc_Sha384Update(sha384,
+ ssl->arrays->clientRandom, RAN_LEN))
+ && !(ret = wc_Sha384Update(sha384,
+ ssl->arrays->serverRandom, RAN_LEN))
+ && !(ret = wc_Sha384Update(sha384,
+ output + preSigIdx, preSigSz)))
+ ret = wc_Sha384Final(sha384, hash384);
- if (ret != 0)
- goto done_a2;
+ if (ret != 0) goto done_a2;
+ }
+ #endif
+
+ #ifdef WOLFSSL_SHA512
+ #ifdef WOLFSSL_SMALL_STACK
+ if (doSha512) {
+ sha512 = (Sha512*)XMALLOC(sizeof(Sha512), NULL,
+ DYNAMIC_TYPE_TMP_BUFFER);
+ hash512 = (byte*)XMALLOC(SHA512_DIGEST_SIZE, NULL,
+ DYNAMIC_TYPE_TMP_BUFFER);
+ if (sha512 == NULL || hash512 == NULL)
+ ERROR_OUT(MEMORY_E, done_a2);
+ }
+ #endif
+
+ if (doSha512) {
+ if (!(ret = wc_InitSha512(sha512))
+ && !(ret = wc_Sha512Update(sha512,
+ ssl->arrays->clientRandom, RAN_LEN))
+ && !(ret = wc_Sha512Update(sha512,
+ ssl->arrays->serverRandom, RAN_LEN))
+ && !(ret = wc_Sha512Update(sha512,
+ output + preSigIdx, preSigSz)))
+ ret = wc_Sha512Final(sha512, hash512);
+
+ if (ret != 0) goto done_a2;
+ }
#endif
#ifndef NO_RSA
@@ -11807,9 +12991,23 @@ int DoSessionTicket(WOLFSSL* ssl,
digestSz = SHA384_DIGEST_SIZE;
#endif
}
+ else if (ssl->suites->hashAlgo == sha512_mac) {
+ #ifdef WOLFSSL_SHA512
+ digest = hash512;
+ typeH = SHA512h;
+ digestSz = SHA512_DIGEST_SIZE;
+ #endif
+ }
- signSz = wc_EncodeSignature(encodedSig, digest, digestSz,
- typeH);
+ if (digest == NULL) {
+ #ifndef NO_RSA
+ wc_FreeRsaKey(&rsaKey);
+ #endif
+ wc_ecc_free(&dsaKey);
+ ERROR_OUT(ALGO_ID_E, done_a2);
+ }
+ signSz = wc_EncodeSignature(encodedSig, digest,
+ digestSz, typeH);
signBuffer = encodedSig;
}
/* write sig size here */
@@ -11877,6 +13075,12 @@ int DoSessionTicket(WOLFSSL* ssl,
digestSz = SHA384_DIGEST_SIZE;
#endif
}
+ else if (ssl->suites->hashAlgo == sha512_mac) {
+ #ifdef WOLFSSL_SHA512
+ digest = hash512;
+ digestSz = SHA512_DIGEST_SIZE;
+ #endif
+ }
}
if (doUserEcc) {
@@ -11923,12 +13127,35 @@ int DoSessionTicket(WOLFSSL* ssl,
XFREE(sha384, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(hash384, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
+ #ifdef WOLFSSL_SHA512
+ XFREE(sha512, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ XFREE(hash512, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ #endif
#endif
if (ret < 0)
goto done_a;
}
+#ifdef HAVE_QSH
+ if (ssl->peerQSHKeyPresent) {
+ if (qshSz > 0) {
+ idx = sendSz - qshSz;
+ QSH_KeyExchangeWrite(ssl, 1);
+
+ /* extension type */
+ c16toa(WOLFSSL_QSH, output + idx);
+ idx += OPAQUE16_LEN;
+
+ /* write to output and check amount written */
+ if (TLSX_QSHPK_Write(ssl->QSH_secret->list, output + idx)
+ > qshSz - OPAQUE16_LEN)
+ return MEMORY_E;
+ }
+ }
+#endif
+
+
AddHeaders(output, length, server_key_exchange, ssl);
#ifdef WOLFSSL_DTLS
@@ -12044,6 +13271,10 @@ int DoSessionTicket(WOLFSSL* ssl,
sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ;
+ #ifdef HAVE_QSH
+ length += qshSz;
+ sendSz += qshSz;
+ #endif
#ifdef WOLFSSL_DTLS
if (ssl->options.dtls) {
sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
@@ -12126,11 +13357,86 @@ int DoSessionTicket(WOLFSSL* ssl,
byte hash384[SHA384_DIGEST_SIZE];
#endif
#endif
+ #ifdef WOLFSSL_SHA512
+ #ifdef WOLFSSL_SMALL_STACK
+ Sha512* sha512 = NULL;
+ byte* hash512 = NULL;
+ #else
+ Sha512 sha512[1];
+ byte hash512[SHA512_DIGEST_SIZE];
+ #endif
+ #endif
+
+ #ifndef NO_OLD_TLS
+ byte doMd5 = 0;
+ byte doSha = 0;
+ #endif
+ #ifndef NO_SHA256
+ byte doSha256 = 0;
+ #endif
+ #ifdef WOLFSSL_SHA384
+ byte doSha384 = 0;
+ #endif
+ #ifdef WOLFSSL_SHA512
+ byte doSha512 = 0;
+ #endif
/* Add hash/signature algo ID */
if (IsAtLeastTLSv1_2(ssl)) {
+ byte setHash = 0;
+
output[idx++] = ssl->suites->hashAlgo;
output[idx++] = ssl->suites->sigAlgo;
+
+ switch (ssl->suites->hashAlgo) {
+ case sha512_mac:
+ #ifdef WOLFSSL_SHA512
+ doSha512 = 1;
+ setHash = 1;
+ #endif
+ break;
+
+ case sha384_mac:
+ #ifdef WOLFSSL_SHA384
+ doSha384 = 1;
+ setHash = 1;
+ #endif
+ break;
+
+ case sha256_mac:
+ #ifndef NO_SHA256
+ doSha256 = 1;
+ setHash = 1;
+ #endif
+ break;
+
+ case sha_mac:
+ #ifndef NO_OLD_TLS
+ doSha = 1;
+ setHash = 1;
+ #endif
+ break;
+
+ default:
+ WOLFSSL_MSG("Bad hash sig algo");
+ break;
+ }
+
+ if (setHash == 0) {
+ wc_FreeRsaKey(&rsaKey);
+ return ALGO_ID_E;
+ }
+ } else {
+ /* only using sha and md5 for rsa */
+ #ifndef NO_OLD_TLS
+ doSha = 1;
+ if (ssl->suites->sigAlgo == rsa_sa_algo) {
+ doMd5 = 1;
+ }
+ #else
+ wc_FreeRsaKey(&rsaKey);
+ return ALGO_ID_E;
+ #endif
}
/* signature size */
@@ -12150,74 +13456,117 @@ int DoSessionTicket(WOLFSSL* ssl,
#ifndef NO_OLD_TLS
/* md5 */
#ifdef WOLFSSL_SMALL_STACK
- md5 = (Md5*)XMALLOC(sizeof(Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (md5 == NULL)
- ERROR_OUT(MEMORY_E, done_b);
+ if (doMd5) {
+ md5 = (Md5*)XMALLOC(sizeof(Md5), NULL,
+ DYNAMIC_TYPE_TMP_BUFFER);
+ if (md5 == NULL)
+ ERROR_OUT(MEMORY_E, done_b);
+ }
#endif
- wc_InitMd5(md5);
- wc_Md5Update(md5, ssl->arrays->clientRandom, RAN_LEN);
- wc_Md5Update(md5, ssl->arrays->serverRandom, RAN_LEN);
- wc_Md5Update(md5, output + preSigIdx, preSigSz);
- wc_Md5Final(md5, hash);
+ if (doMd5) {
+ wc_InitMd5(md5);
+ wc_Md5Update(md5, ssl->arrays->clientRandom, RAN_LEN);
+ wc_Md5Update(md5, ssl->arrays->serverRandom, RAN_LEN);
+ wc_Md5Update(md5, output + preSigIdx, preSigSz);
+ wc_Md5Final(md5, hash);
+ }
/* sha */
#ifdef WOLFSSL_SMALL_STACK
- sha = (Sha*)XMALLOC(sizeof(Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (sha == NULL)
- ERROR_OUT(MEMORY_E, done_b);
+ if (doSha) {
+ sha = (Sha*)XMALLOC(sizeof(Sha), NULL,
+ DYNAMIC_TYPE_TMP_BUFFER);
+ if (sha == NULL)
+ ERROR_OUT(MEMORY_E, done_b);
+ }
#endif
- if ((ret = wc_InitSha(sha)) != 0)
- goto done_b;
-
- wc_ShaUpdate(sha, ssl->arrays->clientRandom, RAN_LEN);
- wc_ShaUpdate(sha, ssl->arrays->serverRandom, RAN_LEN);
- wc_ShaUpdate(sha, output + preSigIdx, preSigSz);
- wc_ShaFinal(sha, &hash[MD5_DIGEST_SIZE]);
+ if (doSha) {
+ if ((ret = wc_InitSha(sha)) != 0)
+ goto done_b;
+ wc_ShaUpdate(sha, ssl->arrays->clientRandom, RAN_LEN);
+ wc_ShaUpdate(sha, ssl->arrays->serverRandom, RAN_LEN);
+ wc_ShaUpdate(sha, output + preSigIdx, preSigSz);
+ wc_ShaFinal(sha, &hash[MD5_DIGEST_SIZE]);
+ }
#endif
#ifndef NO_SHA256
#ifdef WOLFSSL_SMALL_STACK
- sha256 = (Sha256*)XMALLOC(sizeof(Sha256), NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- hash256 = (byte*)XMALLOC(SHA256_DIGEST_SIZE, NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (sha256 == NULL || hash256 == NULL)
- ERROR_OUT(MEMORY_E, done_b);
+ if (doSha256) {
+ sha256 = (Sha256*)XMALLOC(sizeof(Sha256), NULL,
+ DYNAMIC_TYPE_TMP_BUFFER);
+ hash256 = (byte*)XMALLOC(SHA256_DIGEST_SIZE, NULL,
+ DYNAMIC_TYPE_TMP_BUFFER);
+ if (sha256 == NULL || hash256 == NULL)
+ ERROR_OUT(MEMORY_E, done_b);
+ }
#endif
- if (!(ret = wc_InitSha256(sha256))
- && !(ret = wc_Sha256Update(sha256, ssl->arrays->clientRandom,
- RAN_LEN))
- && !(ret = wc_Sha256Update(sha256, ssl->arrays->serverRandom,
- RAN_LEN))
- && !(ret = wc_Sha256Update(sha256, output + preSigIdx, preSigSz)))
- ret = wc_Sha256Final(sha256, hash256);
+ if (doSha256) {
+ if (!(ret = wc_InitSha256(sha256))
+ && !(ret = wc_Sha256Update(sha256,
+ ssl->arrays->clientRandom, RAN_LEN))
+ && !(ret = wc_Sha256Update(sha256,
+ ssl->arrays->serverRandom, RAN_LEN))
+ && !(ret = wc_Sha256Update(sha256,
+ output + preSigIdx, preSigSz)))
+ ret = wc_Sha256Final(sha256, hash256);
- if (ret != 0)
- goto done_b;
+ if (ret != 0) goto done_b;
+ }
#endif
#ifdef WOLFSSL_SHA384
#ifdef WOLFSSL_SMALL_STACK
- sha384 = (Sha384*)XMALLOC(sizeof(Sha384), NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- hash384 = (byte*)XMALLOC(SHA384_DIGEST_SIZE, NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (sha384 == NULL || hash384 == NULL)
- ERROR_OUT(MEMORY_E, done_b);
+ if (doSha384) {
+ sha384 = (Sha384*)XMALLOC(sizeof(Sha384), NULL,
+ DYNAMIC_TYPE_TMP_BUFFER);
+ hash384 = (byte*)XMALLOC(SHA384_DIGEST_SIZE, NULL,
+ DYNAMIC_TYPE_TMP_BUFFER);
+ if (sha384 == NULL || hash384 == NULL)
+ ERROR_OUT(MEMORY_E, done_b);
+ }
#endif
- if (!(ret = wc_InitSha384(sha384))
- && !(ret = wc_Sha384Update(sha384, ssl->arrays->clientRandom,
- RAN_LEN))
- && !(ret = wc_Sha384Update(sha384, ssl->arrays->serverRandom,
- RAN_LEN))
- && !(ret = wc_Sha384Update(sha384, output + preSigIdx, preSigSz)))
- ret = wc_Sha384Final(sha384, hash384);
+ if (doSha384) {
+ if (!(ret = wc_InitSha384(sha384))
+ && !(ret = wc_Sha384Update(sha384,
+ ssl->arrays->clientRandom, RAN_LEN))
+ && !(ret = wc_Sha384Update(sha384,
+ ssl->arrays->serverRandom, RAN_LEN))
+ && !(ret = wc_Sha384Update(sha384,
+ output + preSigIdx, preSigSz)))
+ ret = wc_Sha384Final(sha384, hash384);
- if (ret != 0)
- goto done_b;
+ if (ret != 0) goto done_b;
+ }
+ #endif
+
+ #ifdef WOLFSSL_SHA512
+ #ifdef WOLFSSL_SMALL_STACK
+ if (doSha512) {
+ sha512 = (Sha512*)XMALLOC(sizeof(Sha512), NULL,
+ DYNAMIC_TYPE_TMP_BUFFER);
+ hash512 = (byte*)XMALLOC(SHA512_DIGEST_SIZE, NULL,
+ DYNAMIC_TYPE_TMP_BUFFER);
+ if (sha512 == NULL || hash512 == NULL)
+ ERROR_OUT(MEMORY_E, done_b);
+ }
+ #endif
+
+ if (doSha512) {
+ if (!(ret = wc_InitSha512(sha512))
+ && !(ret = wc_Sha512Update(sha512,
+ ssl->arrays->clientRandom, RAN_LEN))
+ && !(ret = wc_Sha512Update(sha512,
+ ssl->arrays->serverRandom, RAN_LEN))
+ && !(ret = wc_Sha512Update(sha512,
+ output + preSigIdx, preSigSz)))
+ ret = wc_Sha512Final(sha512, hash512);
+
+ if (ret != 0) goto done_b;
+ }
#endif
#ifndef NO_RSA
@@ -12262,12 +13611,23 @@ int DoSessionTicket(WOLFSSL* ssl,
digestSz = SHA384_DIGEST_SIZE;
#endif
}
+ else if (ssl->suites->hashAlgo == sha512_mac) {
+ #ifdef WOLFSSL_SHA512
+ digest = hash512;
+ typeH = SHA512h;
+ digestSz = SHA512_DIGEST_SIZE;
+ #endif
+ }
- signSz = wc_EncodeSignature(encodedSig, digest, digestSz,
- typeH);
- signBuffer = encodedSig;
+ if (digest == NULL) {
+ ret = ALGO_ID_E;
+ } else {
+ signSz = wc_EncodeSignature(encodedSig, digest,
+ digestSz, typeH);
+ signBuffer = encodedSig;
+ }
}
- if (doUserRsa) {
+ if (doUserRsa && ret == 0) {
#ifdef HAVE_PK_CALLBACKS
word32 ioLen = sigSz;
ret = ssl->ctx->RsaSignCb(ssl, signBuffer, signSz,
@@ -12276,10 +13636,10 @@ int DoSessionTicket(WOLFSSL* ssl,
ssl->buffers.key.length,
ssl->RsaSignCtx);
#endif
- }
- else
+ } else if (ret == 0) {
ret = wc_RsaSSL_Sign(signBuffer, signSz, output + idx,
sigSz, &rsaKey, ssl->rng);
+ }
wc_FreeRsaKey(&rsaKey);
@@ -12304,11 +13664,33 @@ int DoSessionTicket(WOLFSSL* ssl,
XFREE(sha384, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(hash384, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
+ #ifdef WOLFSSL_SHA512
+ XFREE(sha512, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ XFREE(hash512, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ #endif
#endif
if (ret < 0) return ret;
}
+ #ifdef HAVE_QSH
+ if (ssl->peerQSHKeyPresent) {
+ if (qshSz > 0) {
+ idx = sendSz - qshSz;
+ QSH_KeyExchangeWrite(ssl, 1);
+
+ /* extension type */
+ c16toa(WOLFSSL_QSH, output + idx);
+ idx += OPAQUE16_LEN;
+
+ /* write to output and check amount written */
+ if (TLSX_QSHPK_Write(ssl->QSH_secret->list, output + idx)
+ > qshSz - OPAQUE16_LEN)
+ return MEMORY_E;
+ }
+ }
+ #endif
+
#ifdef WOLFSSL_DTLS
if (ssl->options.dtls)
if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0)
@@ -12431,10 +13813,22 @@ int DoSessionTicket(WOLFSSL* ssl,
/* ECCDHE is always supported if ECC on */
+#ifdef HAVE_QSH
+ /* need to negotiate a classic suite in addition to TLS_QSH */
+ if (first == QSH_BYTE && second == TLS_QSH) {
+ if (TLSX_SupportExtensions(ssl)) {
+ ssl->options.haveQSH = 1; /* matched TLS_QSH */
+ }
+ else {
+ WOLFSSL_MSG("Version of SSL connection does not support TLS_QSH");
+ }
+ return 0;
+ }
+#endif
+
return 1;
}
-
static int MatchSuite(WOLFSSL* ssl, Suites* peerSuites)
{
word16 i, j;
@@ -12598,6 +13992,7 @@ int DoSessionTicket(WOLFSSL* ssl,
/* session id */
if (sessionSz) {
XMEMCPY(ssl->arrays->sessionID, input + idx, sessionSz);
+ ssl->arrays->sessionIDSz = (byte)sessionSz;
idx += sessionSz;
ssl->options.resuming = 1;
}
@@ -12619,7 +14014,14 @@ int DoSessionTicket(WOLFSSL* ssl,
/* DoClientHello uses same resume code */
if (ssl->options.resuming) { /* let's try */
int ret = -1;
- WOLFSSL_SESSION* session = GetSession(ssl,ssl->arrays->masterSecret);
+ WOLFSSL_SESSION* session = GetSession(ssl,
+ ssl->arrays->masterSecret);
+ #ifdef HAVE_SESSION_TICKET
+ if (ssl->options.useTicket == 1) {
+ session = &ssl->session;
+ }
+ #endif
+
if (!session) {
WOLFSSL_MSG("Session lookup for resume failed");
ssl->options.resuming = 0;
@@ -12746,6 +14148,7 @@ int DoSessionTicket(WOLFSSL* ssl,
return BUFFER_ERROR;
XMEMCPY(ssl->arrays->sessionID, input + i, ID_LEN);
+ ssl->arrays->sessionIDSz = ID_LEN;
i += ID_LEN;
ssl->options.resuming = 1; /* client wants to resume */
WOLFSSL_MSG("Client wants to resume session");
@@ -12837,6 +14240,9 @@ int DoSessionTicket(WOLFSSL* ssl,
/* tls extensions */
if ((i - begin) < helloSz) {
#ifdef HAVE_TLS_EXTENSIONS
+ #ifdef HAVE_QSH
+ QSH_Init(ssl);
+ #endif
if (TLSX_SupportExtensions(ssl)) {
int ret = 0;
#else
@@ -12845,6 +14251,12 @@ int DoSessionTicket(WOLFSSL* ssl,
/* Process the hello extension. Skip unsupported. */
word16 totalExtSz;
+#ifdef HAVE_TLS_EXTENSIONS
+ /* auto populate extensions supported unless user defined */
+ if ((ret = TLSX_PopulateExtensions(ssl, 1)) != 0)
+ return ret;
+#endif
+
if ((i - begin) + OPAQUE16_LEN > helloSz)
return BUFFER_ERROR;
@@ -12855,6 +14267,7 @@ int DoSessionTicket(WOLFSSL* ssl,
return BUFFER_ERROR;
#ifdef HAVE_TLS_EXTENSIONS
+ /* tls extensions */
if ((ret = TLSX_Parse(ssl, (byte *) input + i,
totalExtSz, 1, &clSuites)))
return ret;
@@ -12908,7 +14321,13 @@ int DoSessionTicket(WOLFSSL* ssl,
if (ssl->options.resuming && (!ssl->options.dtls ||
ssl->options.acceptState == HELLO_VERIFY_SENT)) { /* let's try */
int ret = -1;
- WOLFSSL_SESSION* session = GetSession(ssl,ssl->arrays->masterSecret);
+ WOLFSSL_SESSION* session = GetSession(ssl,
+ ssl->arrays->masterSecret);
+ #ifdef HAVE_SESSION_TICKET
+ if (ssl->options.useTicket == 1) {
+ session = &ssl->session;
+ }
+ #endif
if (!session) {
WOLFSSL_MSG("Session lookup for resume failed");
@@ -13045,6 +14464,13 @@ int DoSessionTicket(WOLFSSL* ssl,
digestSz = SHA384_DIGEST_SIZE;
#endif
}
+ else if (hashAlgo == sha512_mac) {
+ #ifdef WOLFSSL_SHA512
+ digest = ssl->hsHashes->certHashes.sha512;
+ typeH = SHA512h;
+ digestSz = SHA512_DIGEST_SIZE;
+ #endif
+ }
sigSz = wc_EncodeSignature(encodedSig, digest, digestSz, typeH);
@@ -13097,6 +14523,12 @@ int DoSessionTicket(WOLFSSL* ssl,
digestSz = SHA384_DIGEST_SIZE;
#endif
}
+ else if (hashAlgo == sha512_mac) {
+ #ifdef WOLFSSL_SHA512
+ digest = ssl->hsHashes->certHashes.sha512;
+ digestSz = SHA512_DIGEST_SIZE;
+ #endif
+ }
}
if (doUserEcc) {
@@ -13171,6 +14603,203 @@ int DoSessionTicket(WOLFSSL* ssl,
return SendBuffered(ssl);
}
+
+#ifdef HAVE_SESSION_TICKET
+
+#define WOLFSSL_TICKET_FIXED_SZ (WOLFSSL_TICKET_NAME_SZ + \
+ WOLFSSL_TICKET_IV_SZ + WOLFSSL_TICKET_MAC_SZ + LENGTH_SZ)
+#define WOLFSSL_TICKET_ENC_SZ (SESSION_TICKET_LEN - WOLFSSL_TICKET_FIXED_SZ)
+
+ /* our ticket format */
+ typedef struct InternalTicket {
+ ProtocolVersion pv; /* version when ticket created */
+ byte suite[SUITE_LEN]; /* cipher suite when created */
+ byte msecret[SECRET_LEN]; /* master secret */
+ word32 timestamp; /* born on */
+ } InternalTicket;
+
+ /* fit within SESSION_TICKET_LEN */
+ typedef struct ExternalTicket {
+ byte key_name[WOLFSSL_TICKET_NAME_SZ]; /* key context name */
+ byte iv[WOLFSSL_TICKET_IV_SZ]; /* this ticket's iv */
+ byte enc_len[LENGTH_SZ]; /* encrypted length */
+ byte enc_ticket[WOLFSSL_TICKET_ENC_SZ]; /* encrypted internal ticket */
+ byte mac[WOLFSSL_TICKET_MAC_SZ]; /* total mac */
+ /* !! if add to structure, add to TICKET_FIXED_SZ !! */
+ } ExternalTicket;
+
+ /* create a new session ticket, 0 on success */
+ static int CreateTicket(WOLFSSL* ssl)
+ {
+ InternalTicket it;
+ ExternalTicket* et = (ExternalTicket*)ssl->session.ticket;
+ int encLen;
+ int ret;
+ byte zeros[WOLFSSL_TICKET_MAC_SZ]; /* biggest cmp size */
+
+ /* build internal */
+ it.pv.major = ssl->version.major;
+ it.pv.minor = ssl->version.minor;
+
+ it.suite[0] = ssl->options.cipherSuite0;
+ it.suite[1] = ssl->options.cipherSuite;
+
+ XMEMCPY(it.msecret, ssl->arrays->masterSecret, SECRET_LEN);
+ c32toa(LowResTimer(), (byte*)&it.timestamp);
+
+ /* build external */
+ XMEMCPY(et->enc_ticket, &it, sizeof(InternalTicket));
+
+ /* encrypt */
+ encLen = WOLFSSL_TICKET_ENC_SZ; /* max size user can use */
+ ret = ssl->ctx->ticketEncCb(ssl, et->key_name, et->iv, et->mac, 1,
+ et->enc_ticket, sizeof(InternalTicket),
+ &encLen, ssl->ctx->ticketEncCtx);
+ if (ret == WOLFSSL_TICKET_RET_OK) {
+ if (encLen < (int)sizeof(InternalTicket) ||
+ encLen > WOLFSSL_TICKET_ENC_SZ) {
+ WOLFSSL_MSG("Bad user ticket encrypt size");
+ return BAD_TICKET_KEY_CB_SZ;
+ }
+
+ /* sanity checks on encrypt callback */
+
+ /* internal ticket can't be the same if encrypted */
+ if (XMEMCMP(et->enc_ticket, &it, sizeof(InternalTicket)) == 0) {
+ WOLFSSL_MSG("User ticket encrypt didn't encrypt");
+ return BAD_TICKET_ENCRYPT;
+ }
+
+ XMEMSET(zeros, 0, sizeof(zeros));
+
+ /* name */
+ if (XMEMCMP(et->key_name, zeros, WOLFSSL_TICKET_NAME_SZ) == 0) {
+ WOLFSSL_MSG("User ticket encrypt didn't set name");
+ return BAD_TICKET_ENCRYPT;
+ }
+
+ /* iv */
+ if (XMEMCMP(et->iv, zeros, WOLFSSL_TICKET_IV_SZ) == 0) {
+ WOLFSSL_MSG("User ticket encrypt didn't set iv");
+ return BAD_TICKET_ENCRYPT;
+ }
+
+ /* mac */
+ if (XMEMCMP(et->mac, zeros, WOLFSSL_TICKET_MAC_SZ) == 0) {
+ WOLFSSL_MSG("User ticket encrypt didn't set mac");
+ return BAD_TICKET_ENCRYPT;
+ }
+
+ /* set size */
+ c16toa((word16)encLen, et->enc_len);
+ ssl->session.ticketLen = (word16)(encLen + WOLFSSL_TICKET_FIXED_SZ);
+ if (encLen < WOLFSSL_TICKET_ENC_SZ) {
+ /* move mac up since whole enc buffer not used */
+ XMEMMOVE(et->enc_ticket +encLen, et->mac,WOLFSSL_TICKET_MAC_SZ);
+ }
+ }
+
+ return ret;
+ }
+
+
+ /* Parse ticket sent by client, returns callback return value */
+ int DoClientTicket(WOLFSSL* ssl, const byte* input, word32 len)
+ {
+ ExternalTicket* et;
+ InternalTicket* it;
+ int ret;
+ int outLen;
+ word16 inLen;
+
+ if (len > SESSION_TICKET_LEN ||
+ len < (word32)(sizeof(InternalTicket) + WOLFSSL_TICKET_FIXED_SZ)) {
+ return BAD_TICKET_MSG_SZ;
+ }
+
+ et = (ExternalTicket*)input;
+ it = (InternalTicket*)et->enc_ticket;
+
+ /* decrypt */
+ ato16(et->enc_len, &inLen);
+ if (inLen > (word16)(len - WOLFSSL_TICKET_FIXED_SZ)) {
+ return BAD_TICKET_MSG_SZ;
+ }
+ outLen = inLen; /* may be reduced by user padding */
+ ret = ssl->ctx->ticketEncCb(ssl, et->key_name, et->iv,
+ et->enc_ticket + inLen, 0,
+ et->enc_ticket, inLen, &outLen,
+ ssl->ctx->ticketEncCtx);
+ if (ret == WOLFSSL_TICKET_RET_FATAL || ret < 0) return ret;
+ if (outLen > inLen || outLen < (int)sizeof(InternalTicket)) {
+ WOLFSSL_MSG("Bad user ticket decrypt len");
+ return BAD_TICKET_KEY_CB_SZ;
+ }
+
+ /* get master secret */
+ if (ret == WOLFSSL_TICKET_RET_OK || ret == WOLFSSL_TICKET_RET_CREATE)
+ XMEMCPY(ssl->arrays->masterSecret, it->msecret, SECRET_LEN);
+
+ return ret;
+ }
+
+
+ /* send Session Ticket */
+ int SendTicket(WOLFSSL* ssl)
+ {
+ byte* output;
+ int ret;
+ int sendSz;
+ word32 length = SESSION_HINT_SZ + LENGTH_SZ;
+ word32 idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
+
+ #ifdef WOLFSSL_DTLS
+ if (ssl->options.dtls) {
+ length += DTLS_RECORD_EXTRA;
+ idx += DTLS_RECORD_EXTRA;
+ }
+ #endif
+
+ if (ssl->options.createTicket) {
+ ret = CreateTicket(ssl);
+ if (ret != 0) return ret;
+ }
+
+ length += ssl->session.ticketLen;
+ sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ;
+
+ /* check for available size */
+ if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
+ return ret;
+
+ /* get ouput buffer */
+ output = ssl->buffers.outputBuffer.buffer +
+ ssl->buffers.outputBuffer.length;
+
+ AddHeaders(output, length, session_ticket, ssl);
+
+ /* hint */
+ c32toa(ssl->ctx->ticketHint, output + idx);
+ idx += SESSION_HINT_SZ;
+
+ /* length */
+ c16toa(ssl->session.ticketLen, output + idx);
+ idx += LENGTH_SZ;
+
+ /* ticket */
+ XMEMCPY(output + idx, ssl->session.ticket, ssl->session.ticketLen);
+ /* idx += ssl->session.ticketLen; */
+
+ ret = HashOutput(ssl, output, sendSz, 0);
+ if (ret != 0) return ret;
+ ssl->buffers.outputBuffer.length += sendSz;
+
+ return SendBuffered(ssl);
+ }
+
+#endif /* HAVE_SESSION_TICKET */
+
+
#ifdef WOLFSSL_DTLS
int SendHelloVerifyRequest(WOLFSSL* ssl)
{
@@ -13225,6 +14854,9 @@ int DoSessionTicket(WOLFSSL* ssl,
static int DoClientKeyExchange(WOLFSSL* ssl, byte* input, word32* inOutIdx,
word32 size)
{
+ #ifdef HAVE_QSH
+ word16 name;
+ #endif
int ret = 0;
word32 length = 0;
byte* out = NULL;
@@ -13335,7 +14967,26 @@ int DoSessionTicket(WOLFSSL* ssl,
ssl->chVersion.minor)
ret = PMS_VERSION_ERROR;
else
+ {
+ #ifdef HAVE_QSH
+ if (ssl->options.haveQSH) {
+ /* extension name */
+ ato16(input + *inOutIdx, &name);
+ *inOutIdx += OPAQUE16_LEN;
+
+ if (name == WOLFSSL_QSH) {
+ *inOutIdx += TLSX_QSHCipher_Parse(ssl, input
+ + *inOutIdx, size - *inOutIdx + begin, 1);
+ }
+ else {
+ /* unknown extension sent client ignored
+ handshake */
+ return BUFFER_ERROR;
+ }
+ }
+ #endif
ret = MakeMasterSecret(ssl);
+ }
}
else {
ret = RSA_PRIVATE_ERROR;
@@ -13390,6 +15041,23 @@ int DoSessionTicket(WOLFSSL* ssl,
XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz);
ssl->arrays->preMasterSz = ssl->arrays->psk_keySz * 2 + 4;
+ #ifdef HAVE_QSH
+ if (ssl->options.haveQSH) {
+ /* extension name */
+ ato16(input + *inOutIdx, &name);
+ *inOutIdx += OPAQUE16_LEN;
+
+ if (name == WOLFSSL_QSH) {
+ *inOutIdx += TLSX_QSHCipher_Parse(ssl, input +
+ *inOutIdx, size - *inOutIdx + begin, 1);
+ }
+ else {
+ /* unknown extension sent client ignored
+ handshake */
+ return BUFFER_ERROR;
+ }
+ }
+ #endif
ret = MakeMasterSecret(ssl);
/* No further need for PSK */
@@ -13431,6 +15099,23 @@ int DoSessionTicket(WOLFSSL* ssl,
*inOutIdx += cipherLen;
+ #ifdef HAVE_QSH
+ if (ssl->options.haveQSH) {
+ /* extension name */
+ ato16(input + *inOutIdx, &name);
+ *inOutIdx += OPAQUE16_LEN;
+
+ if (name == WOLFSSL_QSH) {
+ *inOutIdx += TLSX_QSHCipher_Parse(ssl, input +
+ *inOutIdx, size - *inOutIdx + begin, 1);
+ }
+ else {
+ /* unknown extension sent client ignored
+ handshake */
+ return BUFFER_ERROR;
+ }
+ }
+ #endif
ssl->arrays->preMasterSz = plainLen;
ret = MakeMasterSecret(ssl);
}
@@ -13498,6 +15183,23 @@ int DoSessionTicket(WOLFSSL* ssl,
return ECC_SHARED_ERROR;
ssl->arrays->preMasterSz = length;
+ #ifdef HAVE_QSH
+ if (ssl->options.haveQSH) {
+ /* extension name */
+ ato16(input + *inOutIdx, &name);
+ *inOutIdx += OPAQUE16_LEN;
+
+ if (name == WOLFSSL_QSH) {
+ *inOutIdx += TLSX_QSHCipher_Parse(ssl, input +
+ *inOutIdx, size - *inOutIdx + begin, 1);
+ }
+ else {
+ /* unknown extension sent client ignored
+ handshake */
+ return BUFFER_ERROR;
+ }
+ }
+ #endif
ret = MakeMasterSecret(ssl);
}
break;
@@ -13532,6 +15234,23 @@ int DoSessionTicket(WOLFSSL* ssl,
*inOutIdx += clientPubSz;
+ #ifdef HAVE_QSH
+ if (ssl->options.haveQSH) {
+ /* extension name */
+ ato16(input + *inOutIdx, &name);
+ *inOutIdx += OPAQUE16_LEN;
+
+ if (name == WOLFSSL_QSH) {
+ *inOutIdx += TLSX_QSHCipher_Parse(ssl, input +
+ *inOutIdx, size - *inOutIdx + begin, 1);
+ }
+ else {
+ /* unknown extension sent client ignored
+ handshake */
+ return BUFFER_ERROR;
+ }
+ }
+ #endif
if (ret == 0)
ret = MakeMasterSecret(ssl);
}
@@ -13606,6 +15325,23 @@ int DoSessionTicket(WOLFSSL* ssl,
XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz);
ssl->arrays->preMasterSz +=
ssl->arrays->psk_keySz + OPAQUE16_LEN;
+ #ifdef HAVE_QSH
+ if (ssl->options.haveQSH) {
+ /* extension name */
+ ato16(input + *inOutIdx, &name);
+ *inOutIdx += OPAQUE16_LEN;
+
+ if (name == WOLFSSL_QSH) {
+ *inOutIdx += TLSX_QSHCipher_Parse(ssl, input +
+ *inOutIdx, size - *inOutIdx + begin, 1);
+ }
+ else {
+ /* unknown extension sent client ignored
+ handshake */
+ return BUFFER_ERROR;
+ }
+ }
+ #endif
if (ret == 0)
ret = MakeMasterSecret(ssl);
diff --git a/src/io.c b/src/io.c
index c5fdcd815..5bd24273f 100644
--- a/src/io.c
+++ b/src/io.c
@@ -57,6 +57,8 @@
#elif defined(FREESCALE_MQX)
#include
#include
+ #elif defined(FREESCALE_KSDK_MQX)
+ #include
#elif defined(WOLFSSL_MDK_ARM)
#if defined(WOLFSSL_MDK5)
#include "cmsis_os.h"
@@ -83,7 +85,7 @@
#endif
#include
#if !(defined(DEVKITPRO) || defined(HAVE_RTP_SYS) || defined(EBSNET)) \
- || defined(WOLFSSL_PICOTCP)
+ && !(defined(WOLFSSL_PICOTCP))
#include
#include
#include
@@ -129,15 +131,25 @@
#define SOCKET_EPIPE SYS_NET_EPIPE
#define SOCKET_ECONNREFUSED SYS_NET_ECONNREFUSED
#define SOCKET_ECONNABORTED SYS_NET_ECONNABORTED
-#elif defined(FREESCALE_MQX)
- /* RTCS doesn't have an EWOULDBLOCK error */
- #define SOCKET_EWOULDBLOCK EAGAIN
- #define SOCKET_EAGAIN EAGAIN
- #define SOCKET_ECONNRESET RTCSERR_TCP_CONN_RESET
- #define SOCKET_EINTR EINTR
- #define SOCKET_EPIPE EPIPE
- #define SOCKET_ECONNREFUSED RTCSERR_TCP_CONN_REFUSED
- #define SOCKET_ECONNABORTED RTCSERR_TCP_CONN_ABORTED
+#elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX)
+ #if MQX_USE_IO_OLD
+ /* RTCS old I/O doesn't have an EWOULDBLOCK */
+ #define SOCKET_EWOULDBLOCK EAGAIN
+ #define SOCKET_EAGAIN EAGAIN
+ #define SOCKET_ECONNRESET RTCSERR_TCP_CONN_RESET
+ #define SOCKET_EINTR EINTR
+ #define SOCKET_EPIPE EPIPE
+ #define SOCKET_ECONNREFUSED RTCSERR_TCP_CONN_REFUSED
+ #define SOCKET_ECONNABORTED RTCSERR_TCP_CONN_ABORTED
+ #else
+ #define SOCKET_EWOULDBLOCK NIO_EWOULDBLOCK
+ #define SOCKET_EAGAIN NIO_EAGAIN
+ #define SOCKET_ECONNRESET NIO_ECONNRESET
+ #define SOCKET_EINTR NIO_EINTR
+ #define SOCKET_EPIPE NIO_EPIPE
+ #define SOCKET_ECONNREFUSED NIO_ECONNREFUSED
+ #define SOCKET_ECONNABORTED NIO_ECONNABORTED
+ #endif
#elif defined(WOLFSSL_MDK_ARM)
#if defined(WOLFSSL_MDK5)
#define SOCKET_EWOULDBLOCK BSD_ERROR_WOULDBLOCK
@@ -200,7 +212,7 @@ static INLINE int TranslateReturnCode(int old, int sd)
{
(void)sd;
-#ifdef FREESCALE_MQX
+#if defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX)
if (old == 0) {
errno = SOCKET_EWOULDBLOCK;
return -1; /* convert to BSD style wouldblock as error */
@@ -210,6 +222,10 @@ static INLINE int TranslateReturnCode(int old, int sd)
errno = RTCS_geterror(sd);
if (errno == RTCSERR_TCP_CONN_CLOSING)
return 0; /* convert to BSD style closing */
+ if (errno == RTCSERR_TCP_CONN_RLSD)
+ errno = SOCKET_ECONNRESET;
+ if (errno == RTCSERR_TCP_TIMED_OUT)
+ errno = SOCKET_EAGAIN;
}
#endif
@@ -316,6 +332,8 @@ int EmbedSend(WOLFSSL* ssl, char *buf, int sz, void *ctx)
sent = (int)SEND_FUNCTION(sd, &buf[sz - len], len, ssl->wflags);
+ sent = TranslateReturnCode(sent, sd);
+
if (sent < 0) {
err = LastError();
WOLFSSL_MSG("Embed Send error");
@@ -454,6 +472,9 @@ int EmbedSendTo(WOLFSSL* ssl, char *buf, int sz, void *ctx)
sent = (int)SENDTO_FUNCTION(sd, &buf[sz - len], len, ssl->wflags,
(const struct sockaddr*)dtlsCtx->peer.sa,
dtlsCtx->peer.sz);
+
+ sent = TranslateReturnCode(sent, sd);
+
if (sent < 0) {
err = LastError();
WOLFSSL_MSG("Embed Send To error");
@@ -518,6 +539,8 @@ int EmbedGenerateCookie(WOLFSSL* ssl, byte *buf, int sz, void *ctx)
#ifdef HAVE_OCSP
+#include /* atoi() */
+
static int Word16ToString(char* d, word16 number)
{
diff --git a/src/keys.c b/src/keys.c
index d83619681..2c232a762 100644
--- a/src/keys.c
+++ b/src/keys.c
@@ -31,7 +31,11 @@
#include
#if defined(SHOW_SECRETS) || defined(CHACHA_AEAD_TEST)
#ifdef FREESCALE_MQX
- #include
+ #if MQX_USE_IO_OLD
+ #include
+ #else
+ #include
+ #endif
#else
#include
#endif
@@ -2407,11 +2411,33 @@ int SetKeysSide(WOLFSSL* ssl, enum encrypt_side side)
/* Initialize the AES-GCM/CCM explicit IV to a zero. */
XMEMCPY(ssl->keys.aead_exp_IV, keys->aead_exp_IV,
AEAD_EXP_IV_SZ);
+
+ /* Initialize encrypt implicit IV by encrypt side */
+ if (ssl->options.side == WOLFSSL_CLIENT_END) {
+ XMEMCPY(ssl->keys.aead_enc_imp_IV,
+ keys->client_write_IV, AEAD_IMP_IV_SZ);
+ } else {
+ XMEMCPY(ssl->keys.aead_enc_imp_IV,
+ keys->server_write_IV, AEAD_IMP_IV_SZ);
+ }
}
#endif
}
- if (wc_decrypt)
+ if (wc_decrypt) {
ssl->keys.peer_sequence_number = keys->peer_sequence_number;
+ #ifdef HAVE_AEAD
+ if (ssl->specs.cipher_type == aead) {
+ /* Initialize decrypt implicit IV by decrypt side */
+ if (ssl->options.side == WOLFSSL_SERVER_END) {
+ XMEMCPY(ssl->keys.aead_dec_imp_IV,
+ keys->client_write_IV, AEAD_IMP_IV_SZ);
+ } else {
+ XMEMCPY(ssl->keys.aead_dec_imp_IV,
+ keys->server_write_IV, AEAD_IMP_IV_SZ);
+ }
+ }
+ #endif
+ }
ssl->secure_renegotiation->cache_status++;
}
#endif /* HAVE_SECURE_RENEGOTIATION */
@@ -2608,9 +2634,9 @@ static int MakeSslMasterSecret(WOLFSSL* ssl)
printf("\n");
}
#endif
-
+
#ifdef WOLFSSL_SMALL_STACK
- shaOutput = (byte*)XMALLOC(SHA_DIGEST_SIZE,
+ shaOutput = (byte*)XMALLOC(SHA_DIGEST_SIZE,
NULL, DYNAMIC_TYPE_TMP_BUFFER);
md5Input = (byte*)XMALLOC(ENCRYPT_LEN + SHA_DIGEST_SIZE,
NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -2686,7 +2712,7 @@ static int MakeSslMasterSecret(WOLFSSL* ssl)
XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
-
+
if (ret == 0)
ret = CleanPreMaster(ssl);
else
@@ -2700,6 +2726,48 @@ static int MakeSslMasterSecret(WOLFSSL* ssl)
/* Master wrapper, doesn't use SSL stack space in TLS mode */
int MakeMasterSecret(WOLFSSL* ssl)
{
+ /* append secret to premaster : premaster | SerSi | CliSi */
+#ifdef HAVE_QSH
+ word32 offset = 0;
+
+ if (ssl->peerQSHKeyPresent) {
+ offset += ssl->arrays->preMasterSz;
+ ssl->arrays->preMasterSz += ssl->QSH_secret->CliSi->length +
+ ssl->QSH_secret->SerSi->length;
+ /* test and set flag if QSH has been used */
+ if (ssl->QSH_secret->CliSi->length > 0 ||
+ ssl->QSH_secret->SerSi->length > 0)
+ ssl->isQSH = 1;
+
+ /* append secrets to the premaster */
+ if (ssl->QSH_secret->SerSi != NULL) {
+ XMEMCPY(ssl->arrays->preMasterSecret + offset,
+ ssl->QSH_secret->SerSi->buffer, ssl->QSH_secret->SerSi->length);
+ }
+ offset += ssl->QSH_secret->SerSi->length;
+ if (ssl->QSH_secret->CliSi != NULL) {
+ XMEMCPY(ssl->arrays->preMasterSecret + offset,
+ ssl->QSH_secret->CliSi->buffer, ssl->QSH_secret->CliSi->length);
+ }
+
+ /* show secret SerSi and CliSi */
+ #ifdef SHOW_SECRETS
+ word32 j;
+ printf("QSH generated secret material\n");
+ printf("SerSi : ");
+ for (j = 0; j < ssl->QSH_secret->SerSi->length; j++) {
+ printf("%02x", ssl->QSH_secret->SerSi->buffer[j]);
+ }
+ printf("\n");
+ printf("CliSi : ");
+ for (j = 0; j < ssl->QSH_secret->CliSi->length; j++) {
+ printf("%02x", ssl->QSH_secret->CliSi->buffer[j]);
+ }
+ printf("\n");
+ #endif
+ }
+#endif
+
#ifdef NO_OLD_TLS
return MakeTlsMasterSecret(ssl);
#elif !defined(NO_TLS)
diff --git a/src/sniffer.c b/src/sniffer.c
index 58dfa4b0b..25a46ef09 100644
--- a/src/sniffer.c
+++ b/src/sniffer.c
@@ -52,14 +52,15 @@
#endif
-#ifndef min
+#ifndef WOLFSSL_HAVE_MIN
+#define WOLFSSL_HAVE_MIN
static INLINE word32 min(word32 a, word32 b)
{
return a > b ? b : a;
}
-#endif
+#endif /* WOLFSSL_HAVE_MIN */
#ifndef WOLFSSL_SNIFFER_TIMEOUT
#define WOLFSSL_SNIFFER_TIMEOUT 900
@@ -238,7 +239,8 @@ static const char* const msgTable[] =
"Decrypt Keys Not Set Up",
"Late Key Load Error",
"Got Certificate Status msg",
- "RSA Key Missing Error"
+ "RSA Key Missing Error",
+ "Secure Renegotiation Not Supported"
};
@@ -1116,7 +1118,7 @@ static int SetNamedPrivateKey(const char* name, const char* address, int port,
sniffer->server = serverIp;
sniffer->port = port;
- sniffer->ctx = SSL_CTX_new(SSLv3_client_method());
+ sniffer->ctx = SSL_CTX_new(TLSv1_client_method());
if (!sniffer->ctx) {
SetError(MEMORY_STR, error, NULL, 0);
#ifdef HAVE_SNI
@@ -1321,7 +1323,6 @@ static int ProcessClientKeyExchange(const byte* input, int* sslBytes,
wc_FreeRsaKey(&key);
return -1;
}
- ret = 0; /* not in error state */
session->sslServer->arrays->preMasterSz = SECRET_LEN;
/* store for client side as well */
@@ -1780,7 +1781,12 @@ static int ProcessFinished(const byte* input, int size, int* sslBytes,
}
}
- FreeHandshakeResources(ssl);
+ /* If receiving a finished message from one side, free the resources
+ * from the other side's tracker. */
+ if (session->flags.side == WOLFSSL_SERVER_END)
+ FreeHandshakeResources(session->sslClient);
+ else
+ FreeHandshakeResources(session->sslServer);
return ret;
}
@@ -1810,6 +1816,14 @@ static int DoHandShake(const byte* input, int* sslBytes,
SetError(HANDSHAKE_INPUT_STR, error, session, FATAL_ERROR_STATE);
return -1;
}
+
+ /* A session's arrays are released when the handshake is completed. */
+ if (session->sslServer->arrays == NULL &&
+ session->sslClient->arrays == NULL) {
+
+ SetError(NO_SECURE_RENEGOTIATION, error, session, FATAL_ERROR_STATE);
+ return -1;
+ }
switch (type) {
case hello_verify_request:
@@ -2415,7 +2429,10 @@ static int AdjustSequence(TcpInfo* tcpInfo, SnifferSession* session,
/* adjust to expected, remove duplicate */
*sslFrame += overlap;
*sslBytes -= overlap;
-
+
+ /* The following conditional block is duplicated below. It is the
+ * same action but for a different setup case. If changing this
+ * block be sure to also update the block below. */
if (reassemblyList) {
word32 newEnd = *expected + *sslBytes;
@@ -2447,6 +2464,30 @@ static int AdjustSequence(TcpInfo* tcpInfo, SnifferSession* session,
else if (tcpInfo->fin)
return AddFinCapture(session, real);
}
+ else {
+ /* The following conditional block is duplicated above. It is the
+ * same action but for a different setup case. If changing this
+ * block be sure to also update the block above. */
+ if (reassemblyList) {
+ word32 newEnd = *expected + *sslBytes;
+
+ if (newEnd > reassemblyList->begin) {
+ Trace(OVERLAP_REASSEMBLY_BEGIN_STR);
+
+ /* remove bytes already on reassembly list */
+ *sslBytes -= newEnd - reassemblyList->begin;
+ }
+ if (newEnd > reassemblyList->end) {
+ Trace(OVERLAP_REASSEMBLY_END_STR);
+
+ /* may be past reassembly list end (could have more on list)
+ so try to add what's past the front->end */
+ AddToReassembly(session->flags.side, reassemblyList->end +1,
+ *sslFrame + reassemblyList->end - *expected + 1,
+ newEnd - reassemblyList->end, session, error);
+ }
+ }
+ }
/* got expected sequence */
*expected += *sslBytes;
if (tcpInfo->fin)
@@ -2603,30 +2644,32 @@ static int HaveMoreInput(SnifferSession* session, const byte** sslFrame,
word32* length = (session->flags.side == WOLFSSL_SERVER_END) ?
&session->sslServer->buffers.inputBuffer.length :
&session->sslClient->buffers.inputBuffer.length;
- byte* myBuffer = (session->flags.side == WOLFSSL_SERVER_END) ?
- session->sslServer->buffers.inputBuffer.buffer :
- session->sslClient->buffers.inputBuffer.buffer;
- word32 bufferSize = (session->flags.side == WOLFSSL_SERVER_END) ?
- session->sslServer->buffers.inputBuffer.bufferSize :
- session->sslClient->buffers.inputBuffer.bufferSize;
+ byte** myBuffer = (session->flags.side == WOLFSSL_SERVER_END) ?
+ &session->sslServer->buffers.inputBuffer.buffer :
+ &session->sslClient->buffers.inputBuffer.buffer;
+ word32* bufferSize = (session->flags.side == WOLFSSL_SERVER_END) ?
+ &session->sslServer->buffers.inputBuffer.bufferSize :
+ &session->sslClient->buffers.inputBuffer.bufferSize;
SSL* ssl = (session->flags.side == WOLFSSL_SERVER_END) ?
session->sslServer : session->sslClient;
while (*front && ((*front)->begin == *expected) ) {
- word32 room = bufferSize - *length;
+ word32 room = *bufferSize - *length;
word32 packetLen = (*front)->end - (*front)->begin + 1;
- if (packetLen > room && bufferSize < MAX_INPUT_SZ) {
+ if (packetLen > room && *bufferSize < MAX_INPUT_SZ) {
if (GrowInputBuffer(ssl, packetLen, *length) < 0) {
SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE);
return 0;
}
+ room = *bufferSize - *length; /* bufferSize is now bigger */
}
if (packetLen <= room) {
PacketBuffer* del = *front;
+ byte* buf = *myBuffer;
- XMEMCPY(&myBuffer[*length], (*front)->data, packetLen);
+ XMEMCPY(&buf[*length], (*front)->data, packetLen);
*length += packetLen;
*expected += packetLen;
@@ -2640,9 +2683,9 @@ static int HaveMoreInput(SnifferSession* session, const byte** sslFrame,
break;
}
if (moreInput) {
- *sslFrame = myBuffer;
+ *sslFrame = *myBuffer;
*sslBytes = *length;
- *end = myBuffer + *length;
+ *end = *myBuffer + *length;
}
return moreInput;
}
diff --git a/src/ssl.c b/src/ssl.c
index ff137967a..74194b2ca 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -33,8 +33,18 @@
#include
#include
-#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
+#ifndef WOLFSSL_ALLOW_NO_SUITES
+ #if defined(NO_DH) && !defined(HAVE_ECC) && !defined(WOLFSSL_STATIC_RSA) \
+ && !defined(WOLFSSL_STATIC_DH) && !defined(WOLFSSL_STATIC_PSK)
+ #error "No cipher suites defined becuase DH disabled, ECC disabled, and no static suites defined. Please see top of README"
+ #endif
+#endif
+
+#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || \
+ defined(WOLFSSL_KEY_GEN)
#include
+ /* openssl headers end, wolfssl internal headers next */
+ #include
#endif
#ifdef OPENSSL_EXTRA
@@ -46,6 +56,11 @@
#include
#include
#include
+ #include
+ #include
+ #include
+ #include
+ #include
/* openssl headers end, wolfssl internal headers next */
#include
#include
@@ -53,6 +68,8 @@
#include
#include
#include
+ #include
+ #include
#ifdef WOLFSSL_SHA512
#include
#endif
@@ -77,23 +94,25 @@
#define FALSE 0
#endif
-#ifndef min
+#ifndef WOLFSSL_HAVE_MIN
+#define WOLFSSL_HAVE_MIN
static INLINE word32 min(word32 a, word32 b)
{
return a > b ? b : a;
}
-#endif /* min */
+#endif /* WOLFSSSL_HAVE_MIN */
+
+#if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_HAVE_MAX)
+#define WOLFSSL_HAVE_MAX
-#ifndef max
-#ifdef WOLFSSL_DTLS
static INLINE word32 max(word32 a, word32 b)
{
return a > b ? a : b;
}
-#endif
-#endif /* min */
+
+#endif /* WOLFSSL_DTLS && !WOLFSSL_HAVE_MAX */
#ifndef WOLFSSL_LEANPSK
@@ -434,6 +453,9 @@ int wolfSSL_SetTmpDH(WOLFSSL* ssl, const unsigned char* p, int pSz,
WOLFSSL_ENTER("wolfSSL_SetTmpDH");
if (ssl == NULL || p == NULL || g == NULL) return BAD_FUNC_ARG;
+ if (pSz < ssl->options.minDhKeySz)
+ return DH_KEY_SIZE_E;
+
if (ssl->options.side != WOLFSSL_SERVER_END)
return SIDE_ERROR;
@@ -475,6 +497,71 @@ int wolfSSL_SetTmpDH(WOLFSSL* ssl, const unsigned char* p, int pSz,
WOLFSSL_LEAVE("wolfSSL_SetTmpDH", 0);
return SSL_SUCCESS;
}
+
+/* server ctx Diffie-Hellman parameters, SSL_SUCCESS on ok */
+int wolfSSL_CTX_SetTmpDH(WOLFSSL_CTX* ctx, const unsigned char* p, int pSz,
+ const unsigned char* g, int gSz)
+{
+ WOLFSSL_ENTER("wolfSSL_CTX_SetTmpDH");
+ if (ctx == NULL || p == NULL || g == NULL) return BAD_FUNC_ARG;
+
+ if (pSz < ctx->minDhKeySz)
+ return DH_KEY_SIZE_E;
+
+ XFREE(ctx->serverDH_P.buffer, ctx->heap, DYNAMIC_TYPE_DH);
+ XFREE(ctx->serverDH_G.buffer, ctx->heap, DYNAMIC_TYPE_DH);
+
+ ctx->serverDH_P.buffer = (byte*)XMALLOC(pSz, ctx->heap,DYNAMIC_TYPE_DH);
+ if (ctx->serverDH_P.buffer == NULL)
+ return MEMORY_E;
+
+ ctx->serverDH_G.buffer = (byte*)XMALLOC(gSz, ctx->heap,DYNAMIC_TYPE_DH);
+ if (ctx->serverDH_G.buffer == NULL) {
+ XFREE(ctx->serverDH_P.buffer, ctx->heap, DYNAMIC_TYPE_DH);
+ return MEMORY_E;
+ }
+
+ ctx->serverDH_P.length = pSz;
+ ctx->serverDH_G.length = gSz;
+
+ XMEMCPY(ctx->serverDH_P.buffer, p, pSz);
+ XMEMCPY(ctx->serverDH_G.buffer, g, gSz);
+
+ ctx->haveDH = 1;
+
+ WOLFSSL_LEAVE("wolfSSL_CTX_SetTmpDH", 0);
+ return SSL_SUCCESS;
+}
+
+
+int wolfSSL_CTX_SetMinDhKey_Sz(WOLFSSL_CTX* ctx, word16 keySz)
+{
+ if (ctx == NULL || keySz > 16000 || keySz % 8 != 0)
+ return BAD_FUNC_ARG;
+
+ ctx->minDhKeySz = keySz / 8;
+ return SSL_SUCCESS;
+}
+
+
+int wolfSSL_SetMinDhKey_Sz(WOLFSSL* ssl, word16 keySz)
+{
+ if (ssl == NULL || keySz > 16000 || keySz % 8 != 0)
+ return BAD_FUNC_ARG;
+
+ ssl->options.minDhKeySz = keySz / 8;
+ return SSL_SUCCESS;
+}
+
+
+int wolfSSL_GetDhKey_Sz(WOLFSSL* ssl)
+{
+ if (ssl == NULL)
+ return BAD_FUNC_ARG;
+
+ return (ssl->options.dhKeySz * 8);
+}
+
#endif /* !NO_DH */
@@ -521,7 +608,7 @@ static int wolfSSL_read_internal(WOLFSSL* ssl, void* data, int sz, int peek)
#ifdef HAVE_MAX_FRAGMENT
ret = ReceiveData(ssl, (byte*)data,
- min(sz, min(ssl->max_fragment, OUTPUT_RECORD_SIZE)), peek);
+ min(sz, min(ssl->max_fragment, OUTPUT_RECORD_SIZE)),peek);
#else
ret = ReceiveData(ssl, (byte*)data, min(sz, OUTPUT_RECORD_SIZE), peek);
#endif
@@ -589,7 +676,8 @@ int wolfSSL_UseSNI(WOLFSSL* ssl, byte type, const void* data, word16 size)
return TLSX_UseSNI(&ssl->extensions, type, data, size);
}
-int wolfSSL_CTX_UseSNI(WOLFSSL_CTX* ctx, byte type, const void* data, word16 size)
+int wolfSSL_CTX_UseSNI(WOLFSSL_CTX* ctx, byte type,
+ const void* data, word16 size)
{
if (ctx == NULL)
return BAD_FUNC_ARG;
@@ -627,8 +715,8 @@ word16 wolfSSL_SNI_GetRequest(WOLFSSL* ssl, byte type, void** data)
return 0;
}
-int wolfSSL_SNI_GetFromBuffer(const byte* clientHello, word32 helloSz, byte type,
- byte* sni, word32* inOutSz)
+int wolfSSL_SNI_GetFromBuffer(const byte* clientHello, word32 helloSz,
+ byte type, byte* sni, word32* inOutSz)
{
if (clientHello && helloSz > 0 && sni && inOutSz && *inOutSz > 0)
return TLSX_SNI_GetFromBuffer(clientHello, helloSz, type, sni, inOutSz);
@@ -730,6 +818,58 @@ int wolfSSL_CTX_UseSupportedCurve(WOLFSSL_CTX* ctx, word16 name)
#endif /* NO_WOLFSSL_CLIENT */
#endif /* HAVE_SUPPORTED_CURVES */
+/* QSH quantum safe handshake */
+#ifdef HAVE_QSH
+/* returns 1 if QSH has been used 0 otherwise */
+int wolfSSL_isQSH(WOLFSSL* ssl)
+{
+ /* if no ssl struct than QSH was not used */
+ if (ssl == NULL)
+ return 0;
+
+ return ssl->isQSH;
+}
+
+
+int wolfSSL_UseSupportedQSH(WOLFSSL* ssl, word16 name)
+{
+ if (ssl == NULL)
+ return BAD_FUNC_ARG;
+
+ switch (name) {
+ #ifdef HAVE_NTRU
+ case WOLFSSL_NTRU_EESS439:
+ case WOLFSSL_NTRU_EESS593:
+ case WOLFSSL_NTRU_EESS743:
+ break;
+ #endif
+ default:
+ return BAD_FUNC_ARG;
+ }
+
+ ssl->user_set_QSHSchemes = 1;
+
+ return TLSX_UseQSHScheme(&ssl->extensions, name, NULL, 0);
+}
+
+#ifndef NO_WOLFSSL_CLIENT
+ /* user control over sending client public key in hello
+ when flag = 1 will send keys if flag is 0 or function is not called
+ then will not send keys in the hello extension
+ return 0 on success
+ */
+ int wolfSSL_UseClientQSHKeys(WOLFSSL* ssl, unsigned char flag)
+ {
+ if (ssl == NULL)
+ return BAD_FUNC_ARG;
+
+ ssl->sendQSHKeys = flag;
+
+ return 0;
+ }
+#endif /* NO_WOLFSSL_CLIENT */
+#endif /* HAVE_QSH */
+
/* Secure Renegotiation */
#ifdef HAVE_SECURE_RENEGOTIATION
@@ -743,7 +883,7 @@ int wolfSSL_UseSecureRenegotiation(WOLFSSL* ssl)
if (ret == SSL_SUCCESS) {
TLSX* extension = TLSX_Find(ssl->extensions, SECURE_RENEGOTIATION);
-
+
if (extension)
ssl->secure_renegotiation = (SecureRenegotiation*)extension->data;
}
@@ -816,6 +956,11 @@ int wolfSSL_Rehandshake(WOLFSSL* ssl)
if (ret !=0)
return ret;
#endif
+#ifdef WOLFSSL_SHA512
+ ret = wc_InitSha512(&ssl->hsHashes->hashSha512);
+ if (ret !=0)
+ return ret;
+#endif
ret = wolfSSL_negotiate(ssl);
return ret;
@@ -823,6 +968,43 @@ int wolfSSL_Rehandshake(WOLFSSL* ssl)
#endif /* HAVE_SECURE_RENEGOTIATION */
+/* Session Ticket */
+#if !defined(NO_WOLFSSL_SERVER) && defined(HAVE_SESSION_TICKET)
+/* SSL_SUCCESS on ok */
+int wolfSSL_CTX_set_TicketEncCb(WOLFSSL_CTX* ctx, SessionTicketEncCb cb)
+{
+ if (ctx == NULL)
+ return BAD_FUNC_ARG;
+
+ ctx->ticketEncCb = cb;
+
+ return SSL_SUCCESS;
+}
+
+/* set hint interval, SSL_SUCCESS on ok */
+int wolfSSL_CTX_set_TicketHint(WOLFSSL_CTX* ctx, int hint)
+{
+ if (ctx == NULL)
+ return BAD_FUNC_ARG;
+
+ ctx->ticketHint = hint;
+
+ return SSL_SUCCESS;
+}
+
+/* set user context, SSL_SUCCESS on ok */
+int wolfSSL_CTX_set_TicketEncCtx(WOLFSSL_CTX* ctx, void* userCtx)
+{
+ if (ctx == NULL)
+ return BAD_FUNC_ARG;
+
+ ctx->ticketEncCtx = userCtx;
+
+ return SSL_SUCCESS;
+}
+
+#endif /* !defined(NO_WOLFSSL_CLIENT) && defined(HAVE_SESSION_TICKET) */
+
/* Session Ticket */
#if !defined(NO_WOLFSSL_CLIENT) && defined(HAVE_SESSION_TICKET)
int wolfSSL_UseSessionTicket(WOLFSSL* ssl)
@@ -841,7 +1023,8 @@ int wolfSSL_CTX_UseSessionTicket(WOLFSSL_CTX* ctx)
return TLSX_UseSessionTicket(&ctx->extensions, NULL);
}
-WOLFSSL_API int wolfSSL_get_SessionTicket(WOLFSSL* ssl, byte* buf, word32* bufSz)
+WOLFSSL_API int wolfSSL_get_SessionTicket(WOLFSSL* ssl,
+ byte* buf, word32* bufSz)
{
if (ssl == NULL || buf == NULL || bufSz == NULL || *bufSz == 0)
return BAD_FUNC_ARG;
@@ -863,7 +1046,7 @@ WOLFSSL_API int wolfSSL_set_SessionTicket(WOLFSSL* ssl, byte* buf, word32 bufSz)
if (bufSz > 0)
XMEMCPY(ssl->session.ticket, buf, bufSz);
- ssl->session.ticketLen = bufSz;
+ ssl->session.ticketLen = (word16)bufSz;
return SSL_SUCCESS;
}
@@ -1283,7 +1466,7 @@ WOLFSSL_CERT_MANAGER* wolfSSL_CertManagerNew(void)
WOLFSSL_ENTER("wolfSSL_CertManagerNew");
cm = (WOLFSSL_CERT_MANAGER*) XMALLOC(sizeof(WOLFSSL_CERT_MANAGER), 0,
- DYNAMIC_TYPE_CERT_MANAGER);
+ DYNAMIC_TYPE_CERT_MANAGER);
if (cm) {
XMEMSET(cm, 0, sizeof(WOLFSSL_CERT_MANAGER));
@@ -1341,8 +1524,7 @@ int wolfSSL_CertManagerUnloadCAs(WOLFSSL_CERT_MANAGER* cm)
/* Return bytes written to buff or < 0 for error */
int wolfSSL_CertPemToDer(const unsigned char* pem, int pemSz,
- unsigned char* buff, int buffSz,
- int type)
+ unsigned char* buff, int buffSz, int type)
{
int eccKey = 0;
int ret;
@@ -1367,7 +1549,7 @@ int wolfSSL_CertPemToDer(const unsigned char* pem, int pemSz,
#ifdef WOLFSSL_SMALL_STACK
info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
+ DYNAMIC_TYPE_TMP_BUFFER);
if (info == NULL)
return MEMORY_E;
#endif
@@ -1405,6 +1587,23 @@ int wolfSSL_CertPemToDer(const unsigned char* pem, int pemSz,
#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
+static const char *EVP_AES_128_CBC = "AES-128-CBC";
+static const char *EVP_AES_192_CBC = "AES-192-CBC";
+static const char *EVP_AES_256_CBC = "AES-256-CBC";
+#if defined(OPENSSL_EXTRA)
+ static const char *EVP_AES_128_CTR = "AES-128-CTR";
+ static const char *EVP_AES_192_CTR = "AES-192-CTR";
+ static const char *EVP_AES_256_CTR = "AES-256-CTR";
+#endif
+static const int EVP_AES_SIZE = 11;
+
+static const char *EVP_DES_CBC = "DES-CBC";
+static const int EVP_DES_SIZE = 7;
+
+static const char *EVP_DES_EDE3_CBC = "DES-EDE3-CBC";
+static const int EVP_DES_EDE3_SIZE = 12;
+
+
/* our KeyPemToDer password callback, password in userData */
static INLINE int OurPasswordCb(char* passwd, int sz, int rw, void* userdata)
{
@@ -1421,8 +1620,8 @@ static INLINE int OurPasswordCb(char* passwd, int sz, int rw, void* userdata)
/* Return bytes written to buff or < 0 for error */
-int wolfSSL_KeyPemToDer(const unsigned char* pem, int pemSz, unsigned char* buff,
- int buffSz, const char* pass)
+int wolfSSL_KeyPemToDer(const unsigned char* pem, int pemSz,
+ unsigned char* buff, int buffSz, const char* pass)
{
int eccKey = 0;
int ret;
@@ -1433,8 +1632,6 @@ int wolfSSL_KeyPemToDer(const unsigned char* pem, int pemSz, unsigned char* buff
EncryptedInfo info[1];
#endif
- (void)pass;
-
WOLFSSL_ENTER("wolfSSL_KeyPemToDer");
if (pem == NULL || buff == NULL || buffSz <= 0) {
@@ -1444,7 +1641,7 @@ int wolfSSL_KeyPemToDer(const unsigned char* pem, int pemSz, unsigned char* buff
#ifdef WOLFSSL_SMALL_STACK
info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
+ DYNAMIC_TYPE_TMP_BUFFER);
if (info == NULL)
return MEMORY_E;
#endif
@@ -1467,6 +1664,8 @@ int wolfSSL_KeyPemToDer(const unsigned char* pem, int pemSz, unsigned char* buff
wolfSSL_CTX_set_default_passwd_cb(info->ctx, OurPasswordCb);
wolfSSL_CTX_set_default_passwd_cb_userdata(info->ctx, (void*)pass);
}
+#else
+ (void)pass;
#endif
ret = PemToDer(pem, pemSz, PRIVATEKEY_TYPE, &der, NULL, info, &eccKey);
@@ -1493,7 +1692,6 @@ int wolfSSL_KeyPemToDer(const unsigned char* pem, int pemSz, unsigned char* buff
}
XFREE(der.buffer, NULL, DYNAMIC_TYPE_KEY);
-
return ret;
}
@@ -1572,7 +1770,7 @@ int wolfSSL_set_group_messages(WOLFSSL* ssl)
static int SetMinVersionHelper(byte* minVersion, int version)
{
switch (version) {
-#ifndef NO_OLD_TLS
+#if defined(WOLFSSL_ALLOW_SSLV3) && !defined(NO_OLD_TLS)
case WOLFSSL_SSLV3:
*minVersion = SSLv3_MINOR;
break;
@@ -1643,7 +1841,7 @@ int wolfSSL_SetVersion(WOLFSSL* ssl, int version)
}
switch (version) {
-#ifndef NO_OLD_TLS
+#if defined(WOLFSSL_ALLOW_SSLV3) && !defined(NO_OLD_TLS)
case WOLFSSL_SSLV3:
ssl->version = MakeSSLv3();
break;
@@ -1723,7 +1921,7 @@ int AlreadySigner(WOLFSSL_CERT_MANAGER* cm, byte* hash)
#else
subjectHash = signers->subjectNameHash;
#endif
- if (XMEMCMP(hash, subjectHash, SHA_DIGEST_SIZE) == 0) {
+ if (XMEMCMP(hash, subjectHash, SIGNER_DIGEST_SIZE) == 0) {
ret = 1;
break;
}
@@ -1757,7 +1955,7 @@ Signer* GetCA(void* vp, byte* hash)
#else
subjectHash = signers->subjectNameHash;
#endif
- if (XMEMCMP(hash, subjectHash, SHA_DIGEST_SIZE) == 0) {
+ if (XMEMCMP(hash, subjectHash, SIGNER_DIGEST_SIZE) == 0) {
ret = signers;
break;
}
@@ -1787,7 +1985,8 @@ Signer* GetCAByName(void* vp, byte* hash)
for (row = 0; row < CA_TABLE_SIZE && ret == NULL; row++) {
signers = cm->caTable[row];
while (signers && ret == NULL) {
- if (XMEMCMP(hash, signers->subjectNameHash, SHA_DIGEST_SIZE) == 0) {
+ if (XMEMCMP(hash, signers->subjectNameHash,
+ SIGNER_DIGEST_SIZE) == 0) {
ret = signers;
}
signers = signers->next;
@@ -1819,7 +2018,7 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, buffer der, int type, int verify)
#ifdef WOLFSSL_SMALL_STACK
cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
+ DYNAMIC_TYPE_TMP_BUFFER);
if (cert == NULL)
return MEMORY_E;
#endif
@@ -1840,7 +2039,7 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, buffer der, int type, int verify)
}
#ifndef ALLOW_INVALID_CERTSIGN
else if (ret == 0 && cert->isCA == 1 && type != WOLFSSL_USER_CA &&
- (cert->extKeyUsage & KEYUSE_KEY_CERT_SIGN) == 0) {
+ (cert->extKeyUsage & KEYUSE_KEY_CERT_SIGN) == 0) {
/* Intermediate CA certs are required to have the keyCertSign
* extension set. User loaded root certs are not. */
WOLFSSL_MSG(" Doesn't have key usage certificate signing");
@@ -1868,10 +2067,10 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, buffer der, int type, int verify)
#endif
#ifndef NO_SKID
XMEMCPY(signer->subjectKeyIdHash, cert->extSubjKeyId,
- SHA_DIGEST_SIZE);
+ SIGNER_DIGEST_SIZE);
#endif
XMEMCPY(signer->subjectNameHash, cert->subjectHash,
- SHA_DIGEST_SIZE);
+ SIGNER_DIGEST_SIZE);
signer->keyUsage = cert->extKeyUsageSet ? cert->extKeyUsage
: 0xFFFF;
signer->next = NULL; /* If Key Usage not set, all uses valid. */
@@ -1965,6 +2164,10 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, buffer der, int type, int verify)
static SessionRow SessionCache[SESSION_ROWS];
+ #if defined(WOLFSSL_SESSION_STATS) && defined(WOLFSSL_PEAK_SESSIONS)
+ static word32 PeakSessions;
+ #endif
+
static wolfSSL_Mutex session_mutex; /* SessionCache mutex */
#ifndef NO_CLIENT_CACHE
@@ -2014,26 +2217,165 @@ int wolfSSL_Init(void)
}
-#ifndef NO_CERTS
+#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
-static const char* BEGIN_CERT = "-----BEGIN CERTIFICATE-----";
-static const char* END_CERT = "-----END CERTIFICATE-----";
-static const char* BEGIN_CERT_REQ = "-----BEGIN CERTIFICATE REQUEST-----";
-static const char* END_CERT_REQ = "-----END CERTIFICATE REQUEST-----";
-static const char* BEGIN_DH_PARAM = "-----BEGIN DH PARAMETERS-----";
-static const char* END_DH_PARAM = "-----END DH PARAMETERS-----";
-static const char* BEGIN_X509_CRL = "-----BEGIN X509 CRL-----";
-static const char* END_X509_CRL = "-----END X509 CRL-----";
-static const char* BEGIN_RSA_PRIV = "-----BEGIN RSA PRIVATE KEY-----";
-static const char* END_RSA_PRIV = "-----END RSA PRIVATE KEY-----";
-static const char* BEGIN_PRIV_KEY = "-----BEGIN PRIVATE KEY-----";
-static const char* END_PRIV_KEY = "-----END PRIVATE KEY-----";
-static const char* BEGIN_ENC_PRIV_KEY = "-----BEGIN ENCRYPTED PRIVATE KEY-----";
-static const char* END_ENC_PRIV_KEY = "-----END ENCRYPTED PRIVATE KEY-----";
-static const char* BEGIN_EC_PRIV = "-----BEGIN EC PRIVATE KEY-----";
-static const char* END_EC_PRIV = "-----END EC PRIVATE KEY-----";
-static const char* BEGIN_DSA_PRIV = "-----BEGIN DSA PRIVATE KEY-----";
-static const char* END_DSA_PRIV = "-----END DSA PRIVATE KEY-----";
+/* SSL_SUCCESS if ok, <= 0 else */
+static int wolfssl_decrypt_buffer_key(buffer* der, byte* password,
+ int passwordSz, EncryptedInfo* info)
+{
+ int ret;
+
+#ifdef WOLFSSL_SMALL_STACK
+ byte* key = NULL;
+#else
+ byte key[AES_256_KEY_SIZE];
+#endif
+
+ WOLFSSL_ENTER("wolfssl_decrypt_buffer_key");
+
+ if (der == NULL || password == NULL || info == NULL) {
+ WOLFSSL_MSG("bad arguments");
+ return SSL_FATAL_ERROR;
+ }
+
+ /* use file's salt for key derivation, hex decode first */
+ if (Base16_Decode(info->iv, info->ivSz, info->iv, &info->ivSz) != 0) {
+ WOLFSSL_MSG("base16 decode failed");
+ return SSL_FATAL_ERROR;
+ }
+
+#ifndef NO_MD5
+
+#ifdef WOLFSSL_SMALL_STACK
+ key = (byte*)XMALLOC(AES_256_KEY_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ if (key == NULL) {
+ WOLFSSL_MSG("memory failure");
+ return SSL_FATAL_ERROR;
+ }
+#endif /* WOLFSSL_SMALL_STACK */
+
+ if ((ret = wolfSSL_EVP_BytesToKey(info->name, "MD5", info->iv,
+ password, passwordSz, 1, key, NULL)) <= 0) {
+ WOLFSSL_MSG("bytes to key failure");
+#ifdef WOLFSSL_SMALL_STACK
+ XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+ return SSL_FATAL_ERROR;
+ }
+
+#endif /* NO_MD5 */
+
+#ifndef NO_DES3
+ if (XSTRNCMP(info->name, EVP_DES_CBC, EVP_DES_SIZE) == 0)
+ ret = wc_Des_CbcDecryptWithKey(der->buffer, der->buffer, der->length,
+ key, info->iv);
+ else if (XSTRNCMP(info->name, EVP_DES_EDE3_CBC, EVP_DES_EDE3_SIZE) == 0)
+ ret = wc_Des3_CbcDecryptWithKey(der->buffer, der->buffer, der->length,
+ key, info->iv);
+#endif /* NO_DES3 */
+#ifndef NO_AES
+ else if (XSTRNCMP(info->name, EVP_AES_128_CBC, EVP_AES_SIZE) == 0)
+ ret = wc_AesCbcDecryptWithKey(der->buffer, der->buffer, der->length,
+ key, AES_128_KEY_SIZE, info->iv);
+ else if (XSTRNCMP(info->name, EVP_AES_192_CBC, EVP_AES_SIZE) == 0)
+ ret = wc_AesCbcDecryptWithKey(der->buffer, der->buffer, der->length,
+ key, AES_192_KEY_SIZE, info->iv);
+ else if (XSTRNCMP(info->name, EVP_AES_256_CBC, EVP_AES_SIZE) == 0)
+ ret = wc_AesCbcDecryptWithKey(der->buffer, der->buffer, der->length,
+ key, AES_256_KEY_SIZE, info->iv);
+#endif /* NO_AES */
+ else
+ ret = SSL_BAD_FILE;
+
+#ifdef WOLFSSL_SMALL_STACK
+ XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
+ if (ret == MP_OKAY)
+ return SSL_SUCCESS;
+ else if (ret == SSL_BAD_FILE)
+ return SSL_BAD_FILE;
+
+ return SSL_FATAL_ERROR;
+}
+#endif /* defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) */
+
+
+#if defined(WOLFSSL_KEY_GEN) && defined(OPENSSL_EXTRA)
+static int wolfssl_encrypt_buffer_key(byte* der, word32 derSz, byte* password,
+ int passwordSz, EncryptedInfo* info)
+{
+ int ret;
+
+#ifdef WOLFSSL_SMALL_STACK
+ byte* key = NULL;
+#else
+ byte key[AES_256_KEY_SIZE];
+#endif
+
+ WOLFSSL_ENTER("wolfssl_encrypt_buffer_key");
+
+ if (der == NULL || password == NULL || info == NULL || info->ivSz == 0) {
+ WOLFSSL_MSG("bad arguments");
+ return SSL_FATAL_ERROR;
+ }
+
+#ifndef NO_MD5
+
+#ifdef WOLFSSL_SMALL_STACK
+ key = (byte*)XMALLOC(AES_256_KEY_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ if (key == NULL) {
+ WOLFSSL_MSG("memory failure");
+ return SSL_FATAL_ERROR;
+ }
+#endif /* WOLFSSL_SMALL_STACK */
+
+ if ((ret = wolfSSL_EVP_BytesToKey(info->name, "MD5", info->iv,
+ password, passwordSz, 1, key, NULL)) <= 0) {
+ WOLFSSL_MSG("bytes to key failure");
+#ifdef WOLFSSL_SMALL_STACK
+ XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+ return SSL_FATAL_ERROR;
+ }
+
+#endif /* NO_MD5 */
+
+#ifndef NO_DES3
+ if (XSTRNCMP(info->name, EVP_DES_CBC, EVP_DES_SIZE) == 0)
+ ret = wc_Des_CbcEncryptWithKey(der, der, derSz, key, info->iv);
+ else if (XSTRNCMP(info->name, EVP_DES_EDE3_CBC, EVP_DES_EDE3_SIZE) == 0)
+ ret = wc_Des3_CbcEncryptWithKey(der, der, derSz, key, info->iv);
+#endif /* NO_DES3 */
+#ifndef NO_AES
+ else if (XSTRNCMP(info->name, EVP_AES_128_CBC, EVP_AES_SIZE) == 0)
+ ret = wc_AesCbcEncryptWithKey(der, der, derSz,
+ key, AES_128_KEY_SIZE, info->iv);
+ else if (XSTRNCMP(info->name, EVP_AES_192_CBC, EVP_AES_SIZE) == 0)
+ ret = wc_AesCbcEncryptWithKey(der, der, derSz,
+ key, AES_192_KEY_SIZE, info->iv);
+ else if (XSTRNCMP(info->name, EVP_AES_256_CBC, EVP_AES_SIZE) == 0)
+ ret = wc_AesCbcEncryptWithKey(der, der, derSz,
+ key, AES_256_KEY_SIZE, info->iv);
+#endif /* NO_AES */
+ else
+ ret = SSL_BAD_FILE;
+
+#ifdef WOLFSSL_SMALL_STACK
+ XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
+ if (ret == MP_OKAY)
+ return SSL_SUCCESS;
+ else if (ret == SSL_BAD_FILE)
+ return SSL_BAD_FILE;
+
+ return SSL_FATAL_ERROR;
+}
+#endif /* defined(WOLFSSL_KEY_GEN) */
+
+
+#ifndef NO_CERTS
/* Remove PEM header/footer, convert to ASN1, store any encrypted data
info->consumed tracks of PEM bytes consumed in case multiple parts */
@@ -2050,27 +2392,36 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
int ret = 0;
int dynamicType = 0;
int sz = (int)longSz;
+ int encrypted_key = 0;
+
+ WOLFSSL_ENTER("PemToDer");
switch (type) {
case CA_TYPE: /* same as below */
- case CERT_TYPE: header= BEGIN_CERT; footer= END_CERT; break;
- case CRL_TYPE: header= BEGIN_X509_CRL; footer= END_X509_CRL; break;
- case DH_PARAM_TYPE: header= BEGIN_DH_PARAM; footer= END_DH_PARAM; break;
- case CERTREQ_TYPE: header= BEGIN_CERT_REQ; footer= END_CERT_REQ; break;
- default: header= BEGIN_RSA_PRIV; footer= END_RSA_PRIV; break;
+ case CERT_TYPE: header=BEGIN_CERT; footer=END_CERT; break;
+ case CRL_TYPE: header=BEGIN_X509_CRL; footer=END_X509_CRL; break;
+ case DH_PARAM_TYPE: header=BEGIN_DH_PARAM; footer=END_DH_PARAM; break;
+ case CERTREQ_TYPE: header=BEGIN_CERT_REQ; footer=END_CERT_REQ; break;
+ case DSA_TYPE: header=BEGIN_DSA_PRIV; footer=END_DSA_PRIV; break;
+ case ECC_TYPE: header=BEGIN_EC_PRIV; footer=END_EC_PRIV; break;
+ case RSA_TYPE: header=BEGIN_RSA_PRIV; footer=END_RSA_PRIV; break;
+ default: header=BEGIN_RSA_PRIV; footer=END_RSA_PRIV; break;
}
-
+
switch (type) {
case CA_TYPE: dynamicType = DYNAMIC_TYPE_CA; break;
case CERT_TYPE: dynamicType = DYNAMIC_TYPE_CERT; break;
case CRL_TYPE: dynamicType = DYNAMIC_TYPE_CRL; break;
+ case DSA_TYPE: dynamicType = DYNAMIC_TYPE_DSA; break;
+ case ECC_TYPE: dynamicType = DYNAMIC_TYPE_ECC; break;
+ case RSA_TYPE: dynamicType = DYNAMIC_TYPE_RSA; break;
default: dynamicType = DYNAMIC_TYPE_KEY; break;
}
/* find header */
for (;;) {
headerEnd = XSTRNSTR((char*)buff, header, sz);
-
+
if (headerEnd || type != PRIVATEKEY_TYPE) {
break;
} else if (header == BEGIN_RSA_PRIV) {
@@ -2102,7 +2453,7 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
if (type == PRIVATEKEY_TYPE) {
if (eccKey)
- *eccKey = header == BEGIN_EC_PRIV;
+ *eccKey = header == BEGIN_EC_PRIV;
}
#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
@@ -2126,9 +2477,11 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
if (start && finish && (start < finish)) {
newline = XSTRNSTR(finish, "\r", PEM_LINE_LEN);
- XMEMCPY(info->name, start, finish - start);
+ if (XMEMCPY(info->name, start, finish - start) == NULL)
+ return SSL_FATAL_ERROR;
info->name[finish - start] = 0;
- XMEMCPY(info->iv, finish + 1, sizeof(info->iv));
+ if (XMEMCPY(info->iv, finish + 1, sizeof(info->iv)) == NULL)
+ return SSL_FATAL_ERROR;
if (!newline) newline = XSTRNSTR(finish, "\n", PEM_LINE_LEN);
if (newline && (newline > finish)) {
@@ -2145,6 +2498,8 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
while (*newline == '\r' || *newline == '\n')
newline++;
headerEnd = newline;
+
+ encrypted_key = 1;
}
}
#endif /* OPENSSL_EXTRA || HAVE_WEBSERVER */
@@ -2180,11 +2535,11 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
der->length = (word32)neededSz;
- if (Base64_Decode((byte*)headerEnd, (word32)neededSz, der->buffer,
- &der->length) < 0)
+ if (Base64_Decode((byte*)headerEnd, (word32)neededSz,
+ der->buffer, &der->length) < 0)
return SSL_BAD_FILE;
- if (header == BEGIN_PRIV_KEY) {
+ if (header == BEGIN_PRIV_KEY && !encrypted_key) {
/* pkcs8 key, convert and adjust length */
if ((ret = ToTraditional(der->buffer, der->length)) < 0)
return ret;
@@ -2194,7 +2549,7 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
}
#if (defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)) && !defined(NO_PWDBASED)
- if (header == BEGIN_ENC_PRIV_KEY) {
+ if (encrypted_key || header == BEGIN_ENC_PRIV_KEY) {
int passwordSz;
#ifdef WOLFSSL_SMALL_STACK
char* password = NULL;
@@ -2211,21 +2566,35 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
return MEMORY_E;
#endif
passwordSz = info->ctx->passwd_cb(password, sizeof(password), 0,
- info->ctx->userdata);
+ info->ctx->userdata);
/* convert and adjust length */
- ret = ToTraditionalEnc(der->buffer, der->length, password, passwordSz);
-
+ if (header == BEGIN_ENC_PRIV_KEY) {
+ ret = ToTraditionalEnc(der->buffer, der->length,
+ password, passwordSz);
#ifdef WOLFSSL_SMALL_STACK
- XFREE(password, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ XFREE(password, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
+ if (ret < 0) {
+ XFREE(der->buffer, heap, dynamicType);
+ return ret;
+ }
- if (ret < 0)
- return ret;
-
- der->length = ret;
- return 0;
+ der->length = ret;
+ }
+ /* decrypt the key */
+ else {
+ ret = wolfssl_decrypt_buffer_key(der, (byte*)password,
+ passwordSz, info);
+ #ifdef WOLFSSL_SMALL_STACK
+ XFREE(password, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ #endif
+ if (ret != SSL_SUCCESS) {
+ XFREE(der->buffer, heap, dynamicType);
+ return ret;
+ }
+ }
}
-#endif
+#endif /* OPENSSL_EXTRA || HAVE_WEBSERVER || NO_PWDBASED */
return 0;
}
@@ -2272,7 +2641,7 @@ static int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
#ifdef WOLFSSL_SMALL_STACK
info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
+ DYNAMIC_TYPE_TMP_BUFFER);
if (info == NULL)
return MEMORY_E;
#endif
@@ -2333,7 +2702,7 @@ static int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
part.buffer = 0;
ret = PemToDer(buff + consumed, sz - consumed, type, &part,
- heap, info, &eccKey);
+ heap, info, &eccKey);
if (ret == 0) {
gotOne = 1;
if ( (idx + part.length) > bufferSz) {
@@ -2377,9 +2746,8 @@ static int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
if (shrinked) {
if (ssl) {
if (ssl->buffers.certChain.buffer &&
- ssl->buffers.weOwnCertChain) {
- XFREE(ssl->buffers.certChain.buffer, heap,
- dynamicType);
+ ssl->buffers.weOwnCertChain) {
+ XFREE(ssl->buffers.certChain.buffer, heap, dynamicType);
}
ssl->buffers.certChain.buffer = shrinked;
ssl->buffers.certChain.length = idx;
@@ -2420,90 +2788,39 @@ static int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
}
#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
- if (info->set) {
+ /* for SSL_FILETYPE_PEM, PemToDer manage the decryption if required */
+ if (info->set && (format != SSL_FILETYPE_PEM)) {
/* decrypt */
int passwordSz;
#ifdef WOLFSSL_SMALL_STACK
char* password = NULL;
- byte* key = NULL;
- byte* iv = NULL;
#else
char password[80];
- byte key[AES_256_KEY_SIZE];
- #ifndef NO_MD5
- byte iv[AES_IV_SIZE];
- #endif
#endif
#ifdef WOLFSSL_SMALL_STACK
password = (char*)XMALLOC(80, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- key = (byte*)XMALLOC(AES_256_KEY_SIZE, NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- iv = (byte*)XMALLOC(AES_IV_SIZE, NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
-
- if (password == NULL || key == NULL || iv == NULL) {
- XFREE(password, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(iv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ if (password == NULL)
ret = MEMORY_E;
- }
else
#endif
if (!ctx || !ctx->passwd_cb) {
ret = NO_PASSWORD;
}
else {
- passwordSz = ctx->passwd_cb(password, sizeof(password), 0,
- ctx->userdata);
+ passwordSz = ctx->passwd_cb(password, sizeof(password),
+ 0, ctx->userdata);
- /* use file's salt for key derivation, hex decode first */
- if (Base16_Decode(info->iv, info->ivSz, info->iv, &info->ivSz)
- != 0) {
- ret = ASN_INPUT_E;
- }
-#ifndef NO_MD5
- else if ((ret = EVP_BytesToKey(info->name, "MD5", info->iv,
- (byte*)password, passwordSz, 1, key, iv)) <= 0) {
- /* empty */
- }
-#endif
-#ifndef NO_DES3
- else if (XSTRNCMP(info->name, "DES-CBC", 7) == 0) {
- ret = wc_Des_CbcDecryptWithKey(der.buffer, der.buffer, der.length,
- key, info->iv);
- }
- else if (XSTRNCMP(info->name, "DES-EDE3-CBC", 13) == 0) {
- ret = wc_Des3_CbcDecryptWithKey(der.buffer, der.buffer, der.length,
- key, info->iv);
- }
-#endif
-#ifndef NO_AES
- else if (XSTRNCMP(info->name, "AES-128-CBC", 13) == 0) {
- ret = wc_AesCbcDecryptWithKey(der.buffer, der.buffer, der.length,
- key, AES_128_KEY_SIZE, info->iv);
- }
- else if (XSTRNCMP(info->name, "AES-192-CBC", 13) == 0) {
- ret = wc_AesCbcDecryptWithKey(der.buffer, der.buffer, der.length,
- key, AES_192_KEY_SIZE, info->iv);
- }
- else if (XSTRNCMP(info->name, "AES-256-CBC", 13) == 0) {
- ret = wc_AesCbcDecryptWithKey(der.buffer, der.buffer, der.length,
- key, AES_256_KEY_SIZE, info->iv);
- }
-#endif
- else {
- ret = SSL_BAD_FILE;
- }
+ /* decrypt the key */
+ ret = wolfssl_decrypt_buffer_key(&der, (byte*)password,
+ passwordSz, info);
}
#ifdef WOLFSSL_SMALL_STACK
XFREE(password, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(iv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
- if (ret != 0) {
+ if (ret != SSL_SUCCESS) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
@@ -2570,15 +2887,15 @@ static int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
#ifdef WOLFSSL_SMALL_STACK
key = (RsaKey*)XMALLOC(sizeof(RsaKey), NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
+ DYNAMIC_TYPE_TMP_BUFFER);
if (key == NULL)
return MEMORY_E;
#endif
ret = wc_InitRsaKey(key, 0);
if (ret == 0) {
- if (wc_RsaPrivateKeyDecode(der.buffer, &idx, key, der.length) !=
- 0) {
+ if (wc_RsaPrivateKeyDecode(der.buffer, &idx, key, der.length)
+ != 0) {
#ifdef HAVE_ECC
/* could have DER ECC (or pkcs8 ecc), no easy way to tell */
eccKey = 1; /* so try it out */
@@ -2630,7 +2947,7 @@ static int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
#ifdef WOLFSSL_SMALL_STACK
cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
+ DYNAMIC_TYPE_TMP_BUFFER);
if (cert == NULL)
return MEMORY_E;
#endif
@@ -2711,9 +3028,63 @@ static int ProcessChainBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
}
+static INLINE WOLFSSL_METHOD* cm_pick_method(void)
+{
+ #ifndef NO_WOLFSSL_CLIENT
+ #if defined(WOLFSSL_ALLOW_SSLV3) && !defined(NO_OLD_TLS)
+ return wolfSSLv3_client_method();
+ #else
+ return wolfTLSv1_2_client_method();
+ #endif
+ #elif !defined(NO_WOLFSSL_SERVER)
+ #if defined(WOLFSSL_ALLOW_SSLV3) && !defined(NO_OLD_TLS)
+ return wolfSSLv3_server_method();
+ #else
+ return wolfTLSv1_2_server_method();
+ #endif
+ #else
+ return NULL;
+ #endif
+}
+
+
+/* like load verify locations, 1 for success, < 0 for error */
+int wolfSSL_CertManagerLoadCABuffer(WOLFSSL_CERT_MANAGER* cm,
+ const unsigned char* in, long sz, int format)
+{
+ int ret = SSL_FATAL_ERROR;
+ WOLFSSL_CTX* tmp;
+
+ WOLFSSL_ENTER("wolfSSL_CertManagerLoadCABuffer");
+
+ if (cm == NULL) {
+ WOLFSSL_MSG("No CertManager error");
+ return ret;
+ }
+ tmp = wolfSSL_CTX_new(cm_pick_method());
+
+ if (tmp == NULL) {
+ WOLFSSL_MSG("CTX new failed");
+ return ret;
+ }
+
+ /* for tmp use */
+ wolfSSL_CertManagerFree(tmp->cm);
+ tmp->cm = cm;
+
+ ret = wolfSSL_CTX_load_verify_buffer(tmp, in, sz, format);
+
+ /* don't loose our good one */
+ tmp->cm = NULL;
+ wolfSSL_CTX_free(tmp);
+
+ return ret;
+}
+
+
/* Verify the ceritficate, SSL_SUCCESS for ok, < 0 for error */
int wolfSSL_CertManagerVerifyBuffer(WOLFSSL_CERT_MANAGER* cm, const byte* buff,
- long sz, int format)
+ long sz, int format)
{
int ret = 0;
buffer der;
@@ -2727,7 +3098,7 @@ int wolfSSL_CertManagerVerifyBuffer(WOLFSSL_CERT_MANAGER* cm, const byte* buff,
#ifdef WOLFSSL_SMALL_STACK
cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
+ DYNAMIC_TYPE_TMP_BUFFER);
if (cert == NULL)
return MEMORY_E;
#endif
@@ -2745,7 +3116,7 @@ int wolfSSL_CertManagerVerifyBuffer(WOLFSSL_CERT_MANAGER* cm, const byte* buff,
#ifdef WOLFSSL_SMALL_STACK
info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
+ DYNAMIC_TYPE_TMP_BUFFER);
if (info == NULL) {
XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER);
return MEMORY_E;
@@ -2757,9 +3128,7 @@ int wolfSSL_CertManagerVerifyBuffer(WOLFSSL_CERT_MANAGER* cm, const byte* buff,
info->consumed = 0;
ret = PemToDer(buff, sz, CERT_TYPE, &der, cm->heap, info, &eccKey);
-
- if (ret == 0)
- InitDecodedCert(cert, der.buffer, der.length, cm->heap);
+ InitDecodedCert(cert, der.buffer, der.length, cm->heap);
#ifdef WOLFSSL_SMALL_STACK
XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -2801,7 +3170,7 @@ int wolfSSL_CertManagerEnableOCSP(WOLFSSL_CERT_MANAGER* cm, int options)
#ifdef HAVE_OCSP
if (cm->ocsp == NULL) {
cm->ocsp = (WOLFSSL_OCSP*)XMALLOC(sizeof(WOLFSSL_OCSP), cm->heap,
- DYNAMIC_TYPE_OCSP);
+ DYNAMIC_TYPE_OCSP);
if (cm->ocsp == NULL)
return MEMORY_E;
@@ -2868,7 +3237,7 @@ int wolfSSL_CertManagerCheckOCSP(WOLFSSL_CERT_MANAGER* cm, byte* der, int sz)
#ifdef WOLFSSL_SMALL_STACK
cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
+ DYNAMIC_TYPE_TMP_BUFFER);
if (cert == NULL)
return MEMORY_E;
#endif
@@ -2892,7 +3261,7 @@ int wolfSSL_CertManagerCheckOCSP(WOLFSSL_CERT_MANAGER* cm, byte* der, int sz)
int wolfSSL_CertManagerSetOCSPOverrideURL(WOLFSSL_CERT_MANAGER* cm,
- const char* url)
+ const char* url)
{
WOLFSSL_ENTER("wolfSSL_CertManagerSetOCSPOverrideURL");
if (cm == NULL)
@@ -2966,7 +3335,7 @@ int wolfSSL_SetOCSP_Cb(WOLFSSL* ssl,
WOLFSSL_ENTER("wolfSSL_SetOCSP_Cb");
if (ssl)
return wolfSSL_CertManagerSetOCSP_Cb(ssl->ctx->cm,
- ioCb, respFreeCb, ioCbCtx);
+ ioCb, respFreeCb, ioCbCtx);
else
return BAD_FUNC_ARG;
}
@@ -3002,12 +3371,13 @@ int wolfSSL_CTX_SetOCSP_OverrideURL(WOLFSSL_CTX* ctx, const char* url)
}
-int wolfSSL_CTX_SetOCSP_Cb(WOLFSSL_CTX* ctx,
- CbOCSPIO ioCb, CbOCSPRespFree respFreeCb, void* ioCbCtx)
+int wolfSSL_CTX_SetOCSP_Cb(WOLFSSL_CTX* ctx, CbOCSPIO ioCb,
+ CbOCSPRespFree respFreeCb, void* ioCbCtx)
{
WOLFSSL_ENTER("wolfSSL_CTX_SetOCSP_Cb");
if (ctx)
- return wolfSSL_CertManagerSetOCSP_Cb(ctx->cm, ioCb, respFreeCb, ioCbCtx);
+ return wolfSSL_CertManagerSetOCSP_Cb(ctx->cm, ioCb,
+ respFreeCb, ioCbCtx);
else
return BAD_FUNC_ARG;
}
@@ -3140,8 +3510,8 @@ int wolfSSL_CTX_load_verify_locations(WOLFSSL_CTX* ctx, const char* file,
XSTRNCAT(name, "\\", 2);
XSTRNCAT(name, FindFileData.cFileName, MAX_FILENAME_SZ/2);
- ret = ProcessFile(ctx, name, SSL_FILETYPE_PEM, CA_TYPE, NULL,0,
- NULL);
+ ret = ProcessFile(ctx, name, SSL_FILETYPE_PEM, CA_TYPE,
+ NULL, 0, NULL);
}
} while (ret == SSL_SUCCESS && FindNextFileA(hFind, &FindFileData));
@@ -3166,8 +3536,10 @@ int wolfSSL_CTX_load_verify_locations(WOLFSSL_CTX* ctx, const char* file,
#ifdef WOLFSSL_SMALL_STACK
name = (char*)XMALLOC(MAX_FILENAME_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (name == NULL)
+ if (name == NULL) {
+ closedir(dir);
return MEMORY_E;
+ }
#endif
while ( ret == SSL_SUCCESS && (entry = readdir(dir)) != NULL) {
@@ -3182,8 +3554,8 @@ int wolfSSL_CTX_load_verify_locations(WOLFSSL_CTX* ctx, const char* file,
WOLFSSL_MSG("stat on name failed");
ret = BAD_PATH_ERROR;
} else if (s.st_mode & S_IFREG)
- ret = ProcessFile(ctx, name, SSL_FILETYPE_PEM, CA_TYPE, NULL,0,
- NULL);
+ ret = ProcessFile(ctx, name, SSL_FILETYPE_PEM, CA_TYPE,
+ NULL, 0, NULL);
}
#ifdef WOLFSSL_SMALL_STACK
@@ -3249,26 +3621,6 @@ int wolfSSL_CertManagerVerify(WOLFSSL_CERT_MANAGER* cm, const char* fname,
}
-static INLINE WOLFSSL_METHOD* cm_pick_method(void)
-{
- #ifndef NO_WOLFSSL_CLIENT
- #ifdef NO_OLD_TLS
- return wolfTLSv1_2_client_method();
- #else
- return wolfSSLv3_client_method();
- #endif
- #elif !defined(NO_WOLFSSL_SERVER)
- #ifdef NO_OLD_TLS
- return wolfTLSv1_2_server_method();
- #else
- return wolfSSLv3_server_method();
- #endif
- #else
- return NULL;
- #endif
-}
-
-
/* like load verify locations, 1 for success, < 0 for error */
int wolfSSL_CertManagerLoadCA(WOLFSSL_CERT_MANAGER* cm, const char* file,
const char* path)
@@ -3303,7 +3655,6 @@ int wolfSSL_CertManagerLoadCA(WOLFSSL_CERT_MANAGER* cm, const char* file,
}
-
/* turn on CRL if off and compiled in, set options */
int wolfSSL_CertManagerEnableCRL(WOLFSSL_CERT_MANAGER* cm, int options)
{
@@ -3384,7 +3735,7 @@ int wolfSSL_CertManagerCheckCRL(WOLFSSL_CERT_MANAGER* cm, byte* der, int sz)
#ifdef WOLFSSL_SMALL_STACK
cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
+ DYNAMIC_TYPE_TMP_BUFFER);
if (cert == NULL)
return MEMORY_E;
#endif
@@ -3497,7 +3848,8 @@ int wolfSSL_CTX_DisableCRL(WOLFSSL_CTX* ctx)
}
-int wolfSSL_CTX_LoadCRL(WOLFSSL_CTX* ctx, const char* path, int type, int monitor)
+int wolfSSL_CTX_LoadCRL(WOLFSSL_CTX* ctx, const char* path,
+ int type, int monitor)
{
WOLFSSL_ENTER("wolfSSL_CTX_LoadCRL");
if (ctx)
@@ -3524,7 +3876,7 @@ int wolfSSL_CTX_SetCRL_Cb(WOLFSSL_CTX* ctx, CbMissingCRL cb)
/* Add format parameter to allow DER load of CA files */
int wolfSSL_CTX_der_load_verify_locations(WOLFSSL_CTX* ctx, const char* file,
- int format)
+ int format)
{
WOLFSSL_ENTER("wolfSSL_CTX_der_load_verify_locations");
if (ctx == NULL || file == NULL)
@@ -3587,14 +3939,14 @@ int wolfSSL_PemCertToDer(const char* fileName, unsigned char* derBuf, int derSz)
else {
#ifdef WOLFSSL_SMALL_STACK
info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
+ DYNAMIC_TYPE_TMP_BUFFER);
if (info == NULL)
ret = MEMORY_E;
else
#endif
{
- ret = PemToDer(fileBuf, sz, CA_TYPE, &converted, 0, info,
- &ecc);
+ ret = PemToDer(fileBuf, sz, CA_TYPE, &converted,
+ 0, info, &ecc);
#ifdef WOLFSSL_SMALL_STACK
XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
@@ -3625,7 +3977,7 @@ int wolfSSL_PemCertToDer(const char* fileName, unsigned char* derBuf, int derSz)
int wolfSSL_CTX_use_certificate_file(WOLFSSL_CTX* ctx, const char* file,
- int format)
+ int format)
{
WOLFSSL_ENTER("wolfSSL_CTX_use_certificate_file");
if (ProcessFile(ctx, file, format, CERT_TYPE, NULL, 0, NULL) == SSL_SUCCESS)
@@ -3635,7 +3987,8 @@ int wolfSSL_CTX_use_certificate_file(WOLFSSL_CTX* ctx, const char* file,
}
-int wolfSSL_CTX_use_PrivateKey_file(WOLFSSL_CTX* ctx, const char* file,int format)
+int wolfSSL_CTX_use_PrivateKey_file(WOLFSSL_CTX* ctx, const char* file,
+ int format)
{
WOLFSSL_ENTER("wolfSSL_CTX_use_PrivateKey_file");
if (ProcessFile(ctx, file, format, PRIVATEKEY_TYPE, NULL, 0, NULL)
@@ -3682,7 +4035,8 @@ int wolfSSL_CTX_use_certificate_chain_file(WOLFSSL_CTX* ctx, const char* file)
/* server wrapper for ctx or ssl Diffie-Hellman parameters */
static int wolfSSL_SetTmpDH_buffer_wrapper(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
- const unsigned char* buf, long sz, int format)
+ const unsigned char* buf,
+ long sz, int format)
{
buffer der;
int ret = 0;
@@ -3719,7 +4073,7 @@ static int wolfSSL_SetTmpDH_buffer_wrapper(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
ret = PemToDer(buf, sz, DH_PARAM_TYPE, &der, ctx->heap, NULL,NULL);
weOwnDer = 1;
}
-
+
if (ret == 0) {
if (wc_DhParamsLoad(der.buffer, der.length, p, &pSz, g, &gSz) < 0)
ret = SSL_BAD_FILETYPE;
@@ -3821,38 +4175,6 @@ int wolfSSL_CTX_SetTmpDH_file(WOLFSSL_CTX* ctx, const char* fname, int format)
return wolfSSL_SetTmpDH_file_wrapper(ctx, NULL, fname, format);
}
-
- /* server ctx Diffie-Hellman parameters, SSL_SUCCESS on ok */
- int wolfSSL_CTX_SetTmpDH(WOLFSSL_CTX* ctx, const unsigned char* p, int pSz,
- const unsigned char* g, int gSz)
- {
- WOLFSSL_ENTER("wolfSSL_CTX_SetTmpDH");
- if (ctx == NULL || p == NULL || g == NULL) return BAD_FUNC_ARG;
-
- XFREE(ctx->serverDH_P.buffer, ctx->heap, DYNAMIC_TYPE_DH);
- XFREE(ctx->serverDH_G.buffer, ctx->heap, DYNAMIC_TYPE_DH);
-
- ctx->serverDH_P.buffer = (byte*)XMALLOC(pSz, ctx->heap,DYNAMIC_TYPE_DH);
- if (ctx->serverDH_P.buffer == NULL)
- return MEMORY_E;
-
- ctx->serverDH_G.buffer = (byte*)XMALLOC(gSz, ctx->heap,DYNAMIC_TYPE_DH);
- if (ctx->serverDH_G.buffer == NULL) {
- XFREE(ctx->serverDH_P.buffer, ctx->heap, DYNAMIC_TYPE_DH);
- return MEMORY_E;
- }
-
- ctx->serverDH_P.length = pSz;
- ctx->serverDH_G.length = gSz;
-
- XMEMCPY(ctx->serverDH_P.buffer, p, pSz);
- XMEMCPY(ctx->serverDH_G.buffer, g, gSz);
-
- ctx->haveDH = 1;
-
- WOLFSSL_LEAVE("wolfSSL_CTX_SetTmpDH", 0);
- return SSL_SUCCESS;
- }
#endif /* NO_DH */
@@ -3862,8 +4184,8 @@ int wolfSSL_CTX_SetTmpDH_file(WOLFSSL_CTX* ctx, const char* fname, int format)
int wolfSSL_use_certificate_file(WOLFSSL* ssl, const char* file, int format)
{
WOLFSSL_ENTER("wolfSSL_use_certificate_file");
- if (ProcessFile(ssl->ctx, file, format, CERT_TYPE, ssl, 0, NULL)
- == SSL_SUCCESS)
+ if (ProcessFile(ssl->ctx, file, format, CERT_TYPE,
+ ssl, 0, NULL) == SSL_SUCCESS)
return SSL_SUCCESS;
return SSL_FAILURE;
@@ -3873,8 +4195,8 @@ int wolfSSL_use_certificate_file(WOLFSSL* ssl, const char* file, int format)
int wolfSSL_use_PrivateKey_file(WOLFSSL* ssl, const char* file, int format)
{
WOLFSSL_ENTER("wolfSSL_use_PrivateKey_file");
- if (ProcessFile(ssl->ctx, file, format, PRIVATEKEY_TYPE, ssl, 0, NULL)
- == SSL_SUCCESS)
+ if (ProcessFile(ssl->ctx, file, format, PRIVATEKEY_TYPE,
+ ssl, 0, NULL) == SSL_SUCCESS)
return SSL_SUCCESS;
return SSL_FAILURE;
@@ -3885,8 +4207,8 @@ int wolfSSL_use_certificate_chain_file(WOLFSSL* ssl, const char* file)
{
/* procces up to MAX_CHAIN_DEPTH plus subject cert */
WOLFSSL_ENTER("wolfSSL_use_certificate_chain_file");
- if (ProcessFile(ssl->ctx, file, SSL_FILETYPE_PEM, CERT_TYPE, ssl, 1, NULL)
- == SSL_SUCCESS)
+ if (ProcessFile(ssl->ctx, file, SSL_FILETYPE_PEM, CERT_TYPE,
+ ssl, 1, NULL) == SSL_SUCCESS)
return SSL_SUCCESS;
return SSL_FAILURE;
@@ -4052,7 +4374,8 @@ int wolfSSL_CTX_restore_cert_cache(WOLFSSL_CTX* ctx, const char* fname)
#endif /* NO_FILESYSTEM */
/* Persist cert cache to memory */
-int wolfSSL_CTX_memsave_cert_cache(WOLFSSL_CTX* ctx, void* mem, int sz, int* used)
+int wolfSSL_CTX_memsave_cert_cache(WOLFSSL_CTX* ctx, void* mem,
+ int sz, int* used)
{
WOLFSSL_ENTER("wolfSSL_CTX_memsave_cert_cache");
@@ -4698,7 +5021,8 @@ static INLINE int StoreCertRow(WOLFSSL_CERT_MANAGER* cm, byte* current, int row)
/* Persist cert cache to memory, have lock */
-static INLINE int DoMemSaveCertCache(WOLFSSL_CERT_MANAGER* cm, void* mem, int sz)
+static INLINE int DoMemSaveCertCache(WOLFSSL_CERT_MANAGER* cm,
+ void* mem, int sz)
{
int realSz;
int ret = SSL_SUCCESS;
@@ -5016,12 +5340,12 @@ int wolfSSL_dtls_got_timeout(WOLFSSL* ssl)
/* client only parts */
#ifndef NO_WOLFSSL_CLIENT
- #ifndef NO_OLD_TLS
+ #if defined(WOLFSSL_ALLOW_SSLV3) && !defined(NO_OLD_TLS)
WOLFSSL_METHOD* wolfSSLv3_client_method(void)
{
WOLFSSL_METHOD* method =
- (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), 0,
- DYNAMIC_TYPE_METHOD);
+ (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD),
+ 0, DYNAMIC_TYPE_METHOD);
WOLFSSL_ENTER("SSLv3_client_method");
if (method)
InitSSL_Method(method, MakeSSLv3());
@@ -5030,22 +5354,25 @@ int wolfSSL_dtls_got_timeout(WOLFSSL* ssl)
#endif
#ifdef WOLFSSL_DTLS
+
+ #ifndef NO_OLD_TLS
WOLFSSL_METHOD* wolfDTLSv1_client_method(void)
{
WOLFSSL_METHOD* method =
- (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), 0,
- DYNAMIC_TYPE_METHOD);
+ (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD),
+ 0, DYNAMIC_TYPE_METHOD);
WOLFSSL_ENTER("DTLSv1_client_method");
if (method)
InitSSL_Method(method, MakeDTLSv1());
return method;
}
+ #endif /* NO_OLD_TLS */
WOLFSSL_METHOD* wolfDTLSv1_2_client_method(void)
{
WOLFSSL_METHOD* method =
- (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), 0,
- DYNAMIC_TYPE_METHOD);
+ (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD),
+ 0, DYNAMIC_TYPE_METHOD);
WOLFSSL_ENTER("DTLSv1_2_client_method");
if (method)
InitSSL_Method(method, MakeDTLSv1_2());
@@ -5086,8 +5413,10 @@ int wolfSSL_dtls_got_timeout(WOLFSSL* ssl)
if (ssl->buffers.outputBuffer.length > 0) {
if ( (ssl->error = SendBuffered(ssl)) == 0) {
- ssl->options.connectState++;
- WOLFSSL_MSG("connect state: Advanced from buffered send");
+ if (ssl->fragOffset == 0) {
+ ssl->options.connectState++;
+ WOLFSSL_MSG("connect state: Advanced from buffered send");
+ }
}
else {
WOLFSSL_ERROR(ssl->error);
@@ -5165,6 +5494,13 @@ int wolfSSL_dtls_got_timeout(WOLFSSL* ssl)
return SSL_FATAL_ERROR;
}
#endif
+ #ifdef WOLFSSL_SHA512
+ if ( (ssl->error = wc_InitSha512(
+ &ssl->hsHashes->hashSha512)) != 0) {
+ WOLFSSL_ERROR(ssl->error);
+ return SSL_FATAL_ERROR;
+ }
+ #endif
}
if ( (ssl->error = SendClientHello(ssl)) != 0) {
WOLFSSL_ERROR(ssl->error);
@@ -5268,6 +5604,16 @@ int wolfSSL_dtls_got_timeout(WOLFSSL* ssl)
WOLFSSL_MSG("connect state: SECOND_REPLY_DONE");
case SECOND_REPLY_DONE:
+#ifndef NO_HANDSHAKE_DONE_CB
+ if (ssl->hsDoneCb) {
+ int cbret = ssl->hsDoneCb(ssl, ssl->hsDoneCtx);
+ if (cbret < 0) {
+ ssl->error = cbret;
+ WOLFSSL_MSG("HandShake Done Cb don't continue error");
+ return SSL_FATAL_ERROR;
+ }
+ }
+#endif /* NO_HANDSHAKE_DONE_CB */
FreeHandshakeResources(ssl);
WOLFSSL_LEAVE("SSL_connect()", SSL_SUCCESS);
return SSL_SUCCESS;
@@ -5284,12 +5630,12 @@ int wolfSSL_dtls_got_timeout(WOLFSSL* ssl)
/* server only parts */
#ifndef NO_WOLFSSL_SERVER
- #ifndef NO_OLD_TLS
+ #if defined(WOLFSSL_ALLOW_SSLV3) && !defined(NO_OLD_TLS)
WOLFSSL_METHOD* wolfSSLv3_server_method(void)
{
WOLFSSL_METHOD* method =
- (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), 0,
- DYNAMIC_TYPE_METHOD);
+ (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD),
+ 0, DYNAMIC_TYPE_METHOD);
WOLFSSL_ENTER("SSLv3_server_method");
if (method) {
InitSSL_Method(method, MakeSSLv3());
@@ -5301,11 +5647,13 @@ int wolfSSL_dtls_got_timeout(WOLFSSL* ssl)
#ifdef WOLFSSL_DTLS
+
+ #ifndef NO_OLD_TLS
WOLFSSL_METHOD* wolfDTLSv1_server_method(void)
{
WOLFSSL_METHOD* method =
- (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), 0,
- DYNAMIC_TYPE_METHOD);
+ (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD),
+ 0, DYNAMIC_TYPE_METHOD);
WOLFSSL_ENTER("DTLSv1_server_method");
if (method) {
InitSSL_Method(method, MakeDTLSv1());
@@ -5313,12 +5661,13 @@ int wolfSSL_dtls_got_timeout(WOLFSSL* ssl)
}
return method;
}
+ #endif /* NO_OLD_TLS */
WOLFSSL_METHOD* wolfDTLSv1_2_server_method(void)
{
WOLFSSL_METHOD* method =
- (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), 0,
- DYNAMIC_TYPE_METHOD);
+ (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD),
+ 0, DYNAMIC_TYPE_METHOD);
WOLFSSL_ENTER("DTLSv1_2_server_method");
if (method) {
InitSSL_Method(method, MakeDTLSv1_2());
@@ -5382,8 +5731,10 @@ int wolfSSL_dtls_got_timeout(WOLFSSL* ssl)
if (ssl->buffers.outputBuffer.length > 0) {
if ( (ssl->error = SendBuffered(ssl)) == 0) {
- ssl->options.acceptState++;
- WOLFSSL_MSG("accept state: Advanced from buffered send");
+ if (ssl->fragOffset == 0) {
+ ssl->options.acceptState++;
+ WOLFSSL_MSG("accept state: Advanced from buffered send");
+ }
}
else {
WOLFSSL_ERROR(ssl->error);
@@ -5444,6 +5795,13 @@ int wolfSSL_dtls_got_timeout(WOLFSSL* ssl)
return SSL_FATAL_ERROR;
}
#endif
+ #ifdef WOLFSSL_SHA512
+ if ( (ssl->error = wc_InitSha512(
+ &ssl->hsHashes->hashSha512)) != 0) {
+ WOLFSSL_ERROR(ssl->error);
+ return SSL_FATAL_ERROR;
+ }
+ #endif
}
while (ssl->options.clientState < CLIENT_HELLO_COMPLETE)
@@ -5517,6 +5875,18 @@ int wolfSSL_dtls_got_timeout(WOLFSSL* ssl)
WOLFSSL_MSG("accept state ACCEPT_SECOND_REPLY_DONE");
case ACCEPT_SECOND_REPLY_DONE :
+#ifdef HAVE_SESSION_TICKET
+ if (ssl->options.createTicket) {
+ if ( (ssl->error = SendTicket(ssl)) != 0) {
+ WOLFSSL_ERROR(ssl->error);
+ return SSL_FATAL_ERROR;
+ }
+ }
+#endif /* HAVE_SESSION_TICKET */
+ ssl->options.acceptState = TICKET_SENT;
+ WOLFSSL_MSG("accept state TICKET_SENT");
+
+ case TICKET_SENT:
if ( (ssl->error = SendChangeCipher(ssl)) != 0) {
WOLFSSL_ERROR(ssl->error);
return SSL_FATAL_ERROR;
@@ -5545,6 +5915,16 @@ int wolfSSL_dtls_got_timeout(WOLFSSL* ssl)
WOLFSSL_MSG("accept state ACCEPT_THIRD_REPLY_DONE");
case ACCEPT_THIRD_REPLY_DONE :
+#ifndef NO_HANDSHAKE_DONE_CB
+ if (ssl->hsDoneCb) {
+ int cbret = ssl->hsDoneCb(ssl, ssl->hsDoneCtx);
+ if (cbret < 0) {
+ ssl->error = cbret;
+ WOLFSSL_MSG("HandShake Done Cb don't continue error");
+ return SSL_FATAL_ERROR;
+ }
+ }
+#endif /* NO_HANDSHAKE_DONE_CB */
FreeHandshakeResources(ssl);
WOLFSSL_LEAVE("SSL_accept()", SSL_SUCCESS);
return SSL_SUCCESS;
@@ -5558,6 +5938,25 @@ int wolfSSL_dtls_got_timeout(WOLFSSL* ssl)
#endif /* NO_WOLFSSL_SERVER */
+#ifndef NO_HANDSHAKE_DONE_CB
+
+int wolfSSL_SetHsDoneCb(WOLFSSL* ssl, HandShakeDoneCb cb, void* user_ctx)
+{
+ WOLFSSL_ENTER("wolfSSL_SetHsDoneCb");
+
+ if (ssl == NULL)
+ return BAD_FUNC_ARG;
+
+ ssl->hsDoneCb = cb;
+ ssl->hsDoneCtx = user_ctx;
+
+
+ return SSL_SUCCESS;
+}
+
+#endif /* NO_HANDSHAKE_DONE_CB */
+
+
int wolfSSL_Cleanup(void)
{
int ret = SSL_SUCCESS;
@@ -5734,6 +6133,11 @@ WOLFSSL_SESSION* GetSession(WOLFSSL* ssl, byte* masterSecret)
if (ssl->options.haveSessionId == 0)
return NULL;
+#ifdef HAVE_SESSION_TICKET
+ if (ssl->options.side == WOLFSSL_SERVER_END && ssl->options.useTicket == 1)
+ return NULL;
+#endif
+
if (ssl->arrays)
id = ssl->arrays->sessionID;
else
@@ -5806,6 +6210,11 @@ int SetSession(WOLFSSL* ssl, WOLFSSL_SESSION* session)
}
+#ifdef WOLFSSL_SESSION_STATS
+static int get_locked_session_stats(word32* active, word32* total,
+ word32* peak);
+#endif
+
int AddSession(WOLFSSL* ssl)
{
word32 row, idx;
@@ -5817,6 +6226,11 @@ int AddSession(WOLFSSL* ssl)
if (ssl->options.haveSessionId == 0)
return 0;
+#ifdef HAVE_SESSION_TICKET
+ if (ssl->options.side == WOLFSSL_SERVER_END && ssl->options.useTicket == 1)
+ return 0;
+#endif
+
row = HashSession(ssl->arrays->sessionID, ID_LEN, &error) % SESSION_ROWS;
if (error != 0) {
WOLFSSL_MSG("Hash session failed");
@@ -5889,6 +6303,20 @@ int AddSession(WOLFSSL* ssl)
SessionCache[row].Sessions[idx].idLen = 0;
#endif /* NO_CLIENT_CACHE */
+#if defined(WOLFSSL_SESSION_STATS) && defined(WOLFSSL_PEAK_SESSIONS)
+ if (error == 0) {
+ word32 active = 0;
+
+ error = get_locked_session_stats(&active, NULL, NULL);
+ if (error == SSL_SUCCESS) {
+ error = 0; /* back to this function ok */
+
+ if (active > PeakSessions)
+ PeakSessions = active;
+ }
+ }
+#endif /* defined(WOLFSSL_SESSION_STATS) && defined(WOLFSSL_PEAK_SESSIONS) */
+
if (UnLockMutex(&session_mutex) != 0)
return BAD_MUTEX_E;
@@ -5952,33 +6380,125 @@ WOLFSSL_X509_CHAIN* wolfSSL_SESSION_get_peer_chain(WOLFSSL_SESSION* session)
#endif /* SESSION_INDEX && SESSION_CERTS */
- #ifdef SESSION_STATS
+#ifdef WOLFSSL_SESSION_STATS
- WOLFSSL_API
- void PrintSessionStats(void)
+/* requires session_mutex lock held, SSL_SUCCESS on ok */
+static int get_locked_session_stats(word32* active, word32* total, word32* peak)
+{
+ int result = SSL_SUCCESS;
+ int i;
+ int count;
+ int idx;
+ word32 now = 0;
+ word32 seen = 0;
+ word32 ticks = LowResTimer();
+
+ (void)peak;
+
+ WOLFSSL_ENTER("get_locked_session_stats");
+
+ for (i = 0; i < SESSION_ROWS; i++) {
+ seen += SessionCache[i].totalCount;
+
+ if (active == NULL)
+ continue; /* no need to calculate what we can't set */
+
+ count = min((word32)SessionCache[i].totalCount, SESSIONS_PER_ROW);
+ idx = SessionCache[i].nextIdx - 1;
+ if (idx < 0)
+ idx = SESSIONS_PER_ROW - 1; /* if back to front previous was end */
+
+ for (; count > 0; --count, idx = idx ? idx - 1 : SESSIONS_PER_ROW - 1) {
+ if (idx >= SESSIONS_PER_ROW || idx < 0) { /* sanity check */
+ WOLFSSL_MSG("Bad idx");
+ break;
+ }
+
+ /* if not expried then good */
+ if (ticks < (SessionCache[i].Sessions[idx].bornOn +
+ SessionCache[i].Sessions[idx].timeout) ) {
+ now++;
+ }
+ }
+ }
+
+ if (active)
+ *active = now;
+
+ if (total)
+ *total = seen;
+
+#ifdef WOLFSSL_PEAK_SESSIONS
+ if (peak)
+ *peak = PeakSessions;
+#endif
+
+ WOLFSSL_LEAVE("get_locked_session_stats", result);
+
+ return result;
+}
+
+
+/* return SSL_SUCCESS on ok */
+int wolfSSL_get_session_stats(word32* active, word32* total, word32* peak,
+ word32* maxSessions)
+{
+ int result = SSL_SUCCESS;
+
+ WOLFSSL_ENTER("wolfSSL_get_session_stats");
+
+ if (maxSessions) {
+ *maxSessions = SESSIONS_PER_ROW * SESSION_ROWS;
+
+ if (active == NULL && total == NULL && peak == NULL)
+ return result; /* we're done */
+ }
+
+ /* user must provide at least one query value */
+ if (active == NULL && total == NULL && peak == NULL)
+ return BAD_FUNC_ARG;
+
+ if (LockMutex(&session_mutex) != 0) {
+ return BAD_MUTEX_E;
+ }
+
+ result = get_locked_session_stats(active, total, peak);
+
+ if (UnLockMutex(&session_mutex) != 0)
+ result = BAD_MUTEX_E;
+
+ WOLFSSL_LEAVE("wolfSSL_get_session_stats", result);
+
+ return result;
+}
+
+#endif /* WOLFSSL_SESSION_STATS */
+
+
+ #ifdef PRINT_SESSION_STATS
+
+ /* SSL_SUCCESS on ok */
+ int wolfSSL_PrintSessionStats(void)
{
word32 totalSessionsSeen = 0;
word32 totalSessionsNow = 0;
- word32 rowNow;
+ word32 peak = 0;
+ word32 maxSessions = 0;
int i;
+ int ret;
double E; /* expected freq */
double chiSquare = 0;
- for (i = 0; i < SESSION_ROWS; i++) {
- totalSessionsSeen += SessionCache[i].totalCount;
-
- if (SessionCache[i].totalCount >= SESSIONS_PER_ROW)
- rowNow = SESSIONS_PER_ROW;
- else if (SessionCache[i].nextIdx == 0)
- rowNow = 0;
- else
- rowNow = SessionCache[i].nextIdx;
-
- totalSessionsNow += rowNow;
- }
-
+ ret = wolfSSL_get_session_stats(&totalSessionsNow, &totalSessionsSeen,
+ &peak, &maxSessions);
+ if (ret != SSL_SUCCESS)
+ return ret;
printf("Total Sessions Seen = %d\n", totalSessionsSeen);
printf("Total Sessions Now = %d\n", totalSessionsNow);
+#ifdef WOLFSSL_PEAK_SESSIONS
+ printf("Peak Sessions = %d\n", peak);
+#endif
+ printf("Max Sessions = %d\n", maxSessions);
E = (double)totalSessionsSeen / SESSION_ROWS;
@@ -5991,17 +6511,20 @@ WOLFSSL_X509_CHAIN* wolfSSL_SESSION_get_peer_chain(WOLFSSL_SESSION* session)
}
printf(" chi-square = %5.1f, d.f. = %d\n", chiSquare,
SESSION_ROWS - 1);
- if (SESSION_ROWS == 11)
+ #if (SESSION_ROWS == 11)
printf(" .05 p value = 18.3, chi-square should be less\n");
- else if (SESSION_ROWS == 211)
+ #elif (SESSION_ROWS == 211)
printf(".05 p value = 244.8, chi-square should be less\n");
- else if (SESSION_ROWS == 5981)
+ #elif (SESSION_ROWS == 5981)
printf(".05 p value = 6161.0, chi-square should be less\n");
- else if (SESSION_ROWS == 3)
+ #elif (SESSION_ROWS == 3)
printf(".05 p value = 6.0, chi-square should be less\n");
- else if (SESSION_ROWS == 2861)
+ #elif (SESSION_ROWS == 2861)
printf(".05 p value = 2985.5, chi-square should be less\n");
+ #endif
printf("\n");
+
+ return ret;
}
#endif /* SESSION_STATS */
@@ -6420,8 +6943,9 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
/* used to be defined on NO_FILESYSTEM only, but are generally useful */
/* wolfSSL extension allows DER files to be loaded from buffers as well */
- int wolfSSL_CTX_load_verify_buffer(WOLFSSL_CTX* ctx, const unsigned char* in,
- long sz, int format)
+ int wolfSSL_CTX_load_verify_buffer(WOLFSSL_CTX* ctx,
+ const unsigned char* in,
+ long sz, int format)
{
WOLFSSL_ENTER("wolfSSL_CTX_load_verify_buffer");
if (format == SSL_FILETYPE_PEM)
@@ -6679,8 +7203,14 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
void wolfSSL_set_shutdown(WOLFSSL* ssl, int opt)
{
- (void)ssl;
- (void)opt;
+ WOLFSSL_ENTER("wolfSSL_set_shutdown");
+ if(ssl==NULL) {
+ WOLFSSL_MSG("Shutdown not set. ssl is null");
+ return;
+ }
+
+ ssl->options.sentNotify = (opt&SSL_SENT_SHUTDOWN) > 0;
+ ssl->options.closeNotify = (opt&SSL_RECEIVED_SHUTDOWN) > 0;
}
@@ -6730,15 +7260,18 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
WOLFSSL_X509* wolfSSL_X509_STORE_CTX_get_current_cert(
- WOLFSSL_X509_STORE_CTX* ctx)
+ WOLFSSL_X509_STORE_CTX* ctx)
{
- (void)ctx;
- return 0;
+ WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_get_current_cert");
+ if(ctx)
+ return ctx->current_cert;
+ return NULL;
}
int wolfSSL_X509_STORE_CTX_get_error(WOLFSSL_X509_STORE_CTX* ctx)
{
+ WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_get_error");
if (ctx != NULL)
return ctx->error;
return 0;
@@ -6747,8 +7280,10 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
int wolfSSL_X509_STORE_CTX_get_error_depth(WOLFSSL_X509_STORE_CTX* ctx)
{
- (void)ctx;
- return 0;
+ WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_get_error_depth");
+ if(ctx)
+ return ctx->error_depth;
+ return SSL_FATAL_ERROR;
}
@@ -7060,30 +7595,30 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
return 0;
#endif
- WOLFSSL_ENTER("EVP_BytesToKey");
+ WOLFSSL_ENTER("wolfSSL_EVP_BytesToKey");
wc_InitMd5(md5);
/* only support MD5 for now */
if (XSTRNCMP(md, "MD5", 3) != 0) return 0;
/* only support CBC DES and AES for now */
- if (XSTRNCMP(type, "DES-CBC", 7) == 0) {
+ if (XSTRNCMP(type, EVP_DES_CBC, EVP_DES_SIZE) == 0) {
keyLen = DES_KEY_SIZE;
ivLen = DES_IV_SIZE;
}
- else if (XSTRNCMP(type, "DES-EDE3-CBC", 12) == 0) {
+ else if (XSTRNCMP(type, EVP_DES_EDE3_CBC, EVP_DES_EDE3_SIZE) == 0) {
keyLen = DES3_KEY_SIZE;
ivLen = DES_IV_SIZE;
}
- else if (XSTRNCMP(type, "AES-128-CBC", 11) == 0) {
+ else if (XSTRNCMP(type, EVP_AES_128_CBC, EVP_AES_SIZE) == 0) {
keyLen = AES_128_KEY_SIZE;
ivLen = AES_IV_SIZE;
}
- else if (XSTRNCMP(type, "AES-192-CBC", 11) == 0) {
+ else if (XSTRNCMP(type, EVP_AES_192_CBC, EVP_AES_SIZE) == 0) {
keyLen = AES_192_KEY_SIZE;
ivLen = AES_IV_SIZE;
}
- else if (XSTRNCMP(type, "AES-256-CBC", 11) == 0) {
+ else if (XSTRNCMP(type, EVP_AES_256_CBC, EVP_AES_SIZE) == 0) {
keyLen = AES_256_KEY_SIZE;
ivLen = AES_IV_SIZE;
}
@@ -7125,8 +7660,9 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
if (ivLeft && digestLeft) {
int store = min(ivLeft, digestLeft);
- XMEMCPY(&iv[ivLen - ivLeft], &digest[MD5_DIGEST_SIZE -
- digestLeft], store);
+ if (iv != NULL)
+ XMEMCPY(&iv[ivLen - ivLeft],
+ &digest[MD5_DIGEST_SIZE - digestLeft], store);
keyOutput += store;
ivLeft -= store;
}
@@ -7187,6 +7723,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
#endif /* NO_MD5 */
+#ifndef NO_SHA
void wolfSSL_SHA_Init(WOLFSSL_SHA_CTX* sha)
{
typedef char sha_test[sizeof(SHA_CTX) >= sizeof(Sha) ? 1 : -1];
@@ -7232,6 +7769,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
WOLFSSL_ENTER("SHA1_Final");
SHA_Final(input, sha);
}
+#endif /* NO_SHA */
void wolfSSL_SHA256_Init(WOLFSSL_SHA256_CTX* sha256)
@@ -7335,12 +7873,14 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
#endif /* NO_MD5 */
+#ifndef NO_SHA
const WOLFSSL_EVP_MD* wolfSSL_EVP_sha1(void)
{
static const char* type = "SHA";
WOLFSSL_ENTER("EVP_sha1");
return type;
}
+#endif /* NO_SHA */
const WOLFSSL_EVP_MD* wolfSSL_EVP_sha256(void)
@@ -7380,68 +7920,59 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
/* do nothing */
}
-
const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_cbc(void)
{
- static const char* type = "AES128-CBC";
WOLFSSL_ENTER("wolfSSL_EVP_aes_128_cbc");
- return type;
+ return EVP_AES_128_CBC;
}
const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_cbc(void)
{
- static const char* type = "AES192-CBC";
WOLFSSL_ENTER("wolfSSL_EVP_aes_192_cbc");
- return type;
+ return EVP_AES_192_CBC;
}
const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_cbc(void)
{
- static const char* type = "AES256-CBC";
WOLFSSL_ENTER("wolfSSL_EVP_aes_256_cbc");
- return type;
+ return EVP_AES_256_CBC;
}
const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_ctr(void)
{
- static const char* type = "AES128-CTR";
WOLFSSL_ENTER("wolfSSL_EVP_aes_128_ctr");
- return type;
+ return EVP_AES_128_CTR;
}
const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_ctr(void)
{
- static const char* type = "AES192-CTR";
WOLFSSL_ENTER("wolfSSL_EVP_aes_192_ctr");
- return type;
+ return EVP_AES_192_CTR;
}
const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_ctr(void)
{
- static const char* type = "AES256-CTR";
WOLFSSL_ENTER("wolfSSL_EVP_aes_256_ctr");
- return type;
+ return EVP_AES_256_CTR;
}
const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_des_cbc(void)
{
- static const char* type = "DES-CBC";
WOLFSSL_ENTER("wolfSSL_EVP_des_cbc");
- return type;
+ return EVP_DES_CBC;
}
const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_des_ede3_cbc(void)
{
- static const char* type = "DES-EDE3-CBC";
WOLFSSL_ENTER("wolfSSL_EVP_des_ede3_cbc");
- return type;
+ return EVP_DES_EDE3_CBC;
}
@@ -7518,9 +8049,9 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
}
#ifndef NO_AES
- if (ctx->cipherType == AES_128_CBC_TYPE || (type &&
- XSTRNCMP(type, "AES128-CBC", 10) == 0)) {
- WOLFSSL_MSG("AES-128-CBC");
+ if (ctx->cipherType == AES_128_CBC_TYPE ||
+ (type && XSTRNCMP(type, EVP_AES_128_CBC, EVP_AES_SIZE) == 0)) {
+ WOLFSSL_MSG(EVP_AES_128_CBC);
ctx->cipherType = AES_128_CBC_TYPE;
ctx->keyLen = 16;
if (enc == 0 || enc == 1)
@@ -7537,9 +8068,9 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
return ret;
}
}
- else if (ctx->cipherType == AES_192_CBC_TYPE || (type &&
- XSTRNCMP(type, "AES192-CBC", 10) == 0)) {
- WOLFSSL_MSG("AES-192-CBC");
+ else if (ctx->cipherType == AES_192_CBC_TYPE ||
+ (type && XSTRNCMP(type, EVP_AES_192_CBC, EVP_AES_SIZE) == 0)) {
+ WOLFSSL_MSG(EVP_AES_192_CBC);
ctx->cipherType = AES_192_CBC_TYPE;
ctx->keyLen = 24;
if (enc == 0 || enc == 1)
@@ -7556,9 +8087,9 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
return ret;
}
}
- else if (ctx->cipherType == AES_256_CBC_TYPE || (type &&
- XSTRNCMP(type, "AES256-CBC", 10) == 0)) {
- WOLFSSL_MSG("AES-256-CBC");
+ else if (ctx->cipherType == AES_256_CBC_TYPE ||
+ (type && XSTRNCMP(type, EVP_AES_256_CBC, EVP_AES_SIZE) == 0)) {
+ WOLFSSL_MSG(EVP_AES_256_CBC);
ctx->cipherType = AES_256_CBC_TYPE;
ctx->keyLen = 32;
if (enc == 0 || enc == 1)
@@ -7576,9 +8107,9 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
}
}
#ifdef WOLFSSL_AES_COUNTER
- else if (ctx->cipherType == AES_128_CTR_TYPE || (type &&
- XSTRNCMP(type, "AES128-CTR", 10) == 0)) {
- WOLFSSL_MSG("AES-128-CTR");
+ else if (ctx->cipherType == AES_128_CTR_TYPE ||
+ (type && XSTRNCMP(type, EVP_AES_128_CTR, EVP_AES_SIZE) == 0)) {
+ WOLFSSL_MSG(EVP_AES_128_CTR);
ctx->cipherType = AES_128_CTR_TYPE;
ctx->keyLen = 16;
if (enc == 0 || enc == 1)
@@ -7595,9 +8126,9 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
return ret;
}
}
- else if (ctx->cipherType == AES_192_CTR_TYPE || (type &&
- XSTRNCMP(type, "AES192-CTR", 10) == 0)) {
- WOLFSSL_MSG("AES-192-CTR");
+ else if (ctx->cipherType == AES_192_CTR_TYPE ||
+ (type && XSTRNCMP(type, EVP_AES_192_CTR, EVP_AES_SIZE) == 0)) {
+ WOLFSSL_MSG(EVP_AES_192_CTR);
ctx->cipherType = AES_192_CTR_TYPE;
ctx->keyLen = 24;
if (enc == 0 || enc == 1)
@@ -7614,9 +8145,9 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
return ret;
}
}
- else if (ctx->cipherType == AES_256_CTR_TYPE || (type &&
- XSTRNCMP(type, "AES256-CTR", 10) == 0)) {
- WOLFSSL_MSG("AES-256-CTR");
+ else if (ctx->cipherType == AES_256_CTR_TYPE ||
+ (type && XSTRNCMP(type, EVP_AES_256_CTR, EVP_AES_SIZE) == 0)) {
+ WOLFSSL_MSG(EVP_AES_256_CTR);
ctx->cipherType = AES_256_CTR_TYPE;
ctx->keyLen = 32;
if (enc == 0 || enc == 1)
@@ -7637,9 +8168,9 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
#endif /* NO_AES */
#ifndef NO_DES3
- else if (ctx->cipherType == DES_CBC_TYPE || (type &&
- XSTRNCMP(type, "DES-CBC", 7) == 0)) {
- WOLFSSL_MSG("DES-CBC");
+ else if (ctx->cipherType == DES_CBC_TYPE ||
+ (type && XSTRNCMP(type, EVP_DES_CBC, EVP_DES_SIZE) == 0)) {
+ WOLFSSL_MSG(EVP_DES_CBC);
ctx->cipherType = DES_CBC_TYPE;
ctx->keyLen = 8;
if (enc == 0 || enc == 1)
@@ -7654,9 +8185,10 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
if (iv && key == NULL)
wc_Des_SetIV(&ctx->cipher.des, iv);
}
- else if (ctx->cipherType == DES_EDE3_CBC_TYPE || (type &&
- XSTRNCMP(type, "DES-EDE3-CBC", 11) == 0)) {
- WOLFSSL_MSG("DES-EDE3-CBC");
+ else if (ctx->cipherType == DES_EDE3_CBC_TYPE ||
+ (type &&
+ XSTRNCMP(type, EVP_DES_EDE3_CBC, EVP_DES_EDE3_SIZE) == 0)) {
+ WOLFSSL_MSG(EVP_DES_EDE3_CBC);
ctx->cipherType = DES_EDE3_CBC_TYPE;
ctx->keyLen = 24;
if (enc == 0 || enc == 1)
@@ -7929,7 +8461,8 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
/* SSL_SUCCESS on ok */
- int wolfSSL_EVP_DigestInit(WOLFSSL_EVP_MD_CTX* ctx, const WOLFSSL_EVP_MD* type)
+ int wolfSSL_EVP_DigestInit(WOLFSSL_EVP_MD_CTX* ctx,
+ const WOLFSSL_EVP_MD* type)
{
WOLFSSL_ENTER("EVP_DigestInit");
if (XSTRNCMP(type, "SHA256", 6) == 0) {
@@ -7954,11 +8487,13 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
wolfSSL_MD5_Init((MD5_CTX*)&ctx->hash);
}
#endif
+ #ifndef NO_SHA
/* has to be last since would pick or 256, 384, or 512 too */
else if (XSTRNCMP(type, "SHA", 3) == 0) {
ctx->macType = SHA;
wolfSSL_SHA_Init((SHA_CTX*)&ctx->hash);
}
+ #endif /* NO_SHA */
else
return BAD_FUNC_ARG;
@@ -8057,7 +8592,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
/* SSL_SUCCESS on ok */
int wolfSSL_EVP_DigestFinal_ex(WOLFSSL_EVP_MD_CTX* ctx, unsigned char* md,
- unsigned int* s)
+ unsigned int* s)
{
WOLFSSL_ENTER("EVP_DigestFinal_ex");
return EVP_DigestFinal(ctx, md, s);
@@ -8065,8 +8600,8 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
unsigned char* wolfSSL_HMAC(const WOLFSSL_EVP_MD* evp_md, const void* key,
- int key_len, const unsigned char* d, int n,
- unsigned char* md, unsigned int* md_len)
+ int key_len, const unsigned char* d, int n,
+ unsigned char* md, unsigned int* md_len)
{
int type;
unsigned char* ret = NULL;
@@ -8136,7 +8671,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
#ifndef NO_DES3
/* SSL_SUCCESS on ok */
int wolfSSL_DES_key_sched(WOLFSSL_const_DES_cblock* key,
- WOLFSSL_DES_key_schedule* schedule)
+ WOLFSSL_DES_key_schedule* schedule)
{
WOLFSSL_ENTER("DES_key_sched");
XMEMCPY(schedule, key, sizeof(const_DES_cblock));
@@ -8145,9 +8680,9 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
void wolfSSL_DES_cbc_encrypt(const unsigned char* input,
- unsigned char* output, long length,
- WOLFSSL_DES_key_schedule* schedule, WOLFSSL_DES_cblock* ivec,
- int enc)
+ unsigned char* output, long length,
+ WOLFSSL_DES_key_schedule* schedule,
+ WOLFSSL_DES_cblock* ivec, int enc)
{
Des myDes;
@@ -8271,8 +8806,8 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
int wolfSSL_CTX_set_session_id_context(WOLFSSL_CTX* ctx,
- const unsigned char* sid_ctx,
- unsigned int sid_ctx_len)
+ const unsigned char* sid_ctx,
+ unsigned int sid_ctx_len)
{
/* No application specific context needed for wolfSSL */
(void)ctx;
@@ -8290,7 +8825,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
}
unsigned long wolfSSL_ERR_get_error_line_data(const char** file, int* line,
- const char** data, int *flags)
+ const char** data, int *flags)
{
/* Not implemented */
(void)file;
@@ -8350,14 +8885,18 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
WOLFSSL_X509_NAME* wolfSSL_X509_get_issuer_name(WOLFSSL_X509* cert)
{
WOLFSSL_ENTER("X509_get_issuer_name");
- return &cert->issuer;
+ if(cert)
+ return &cert->issuer;
+ return NULL;
}
WOLFSSL_X509_NAME* wolfSSL_X509_get_subject_name(WOLFSSL_X509* cert)
{
- WOLFSSL_ENTER("X509_get_subject_name");
- return &cert->subject;
+ WOLFSSL_ENTER("wolfSSL_X509_get_subject_name");
+ if(cert)
+ return &cert->subject;
+ return NULL;
}
@@ -8472,8 +9011,8 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
}
- byte* wolfSSL_X509_get_authorityKeyID(
- WOLFSSL_X509* x509, byte* dst, int* dstLen)
+ byte* wolfSSL_X509_get_authorityKeyID(WOLFSSL_X509* x509,
+ byte* dst, int* dstLen)
{
byte *id = NULL;
int copySz = 0;
@@ -8483,7 +9022,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
if (x509 != NULL) {
if (x509->authKeyIdSet) {
copySz = min(dstLen != NULL ? *dstLen : 0,
- (int)x509->authKeyIdSz);
+ (int)x509->authKeyIdSz);
id = x509->authKeyId;
}
@@ -8500,8 +9039,8 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
}
- byte* wolfSSL_X509_get_subjectKeyID(
- WOLFSSL_X509* x509, byte* dst, int* dstLen)
+ byte* wolfSSL_X509_get_subjectKeyID(WOLFSSL_X509* x509,
+ byte* dst, int* dstLen)
{
byte *id = NULL;
int copySz = 0;
@@ -8543,7 +9082,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
int wolfSSL_X509_NAME_get_text_by_NID(WOLFSSL_X509_NAME* name,
- int nid, char* buf, int len)
+ int nid, char* buf, int len)
{
char *text = NULL;
int textSz = 0;
@@ -8655,7 +9194,8 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
/* write X509 serial number in unsigned binary to buffer
buffer needs to be at least EXTERNAL_SERIAL_SIZE (32) for all cases
return SSL_SUCCESS on success */
- int wolfSSL_X509_get_serial_number(WOLFSSL_X509* x509, byte* in, int* inOutSz)
+ int wolfSSL_X509_get_serial_number(WOLFSSL_X509* x509,
+ byte* in, int* inOutSz)
{
WOLFSSL_ENTER("wolfSSL_X509_get_serial_number");
if (x509 == NULL || in == NULL ||
@@ -8765,7 +9305,8 @@ byte* wolfSSL_X509_get_hw_type(WOLFSSL_X509* x509, byte* in, int* inOutSz)
}
-byte* wolfSSL_X509_get_hw_serial_number(WOLFSSL_X509* x509,byte* in,int* inOutSz)
+byte* wolfSSL_X509_get_hw_serial_number(WOLFSSL_X509* x509,byte* in,
+ int* inOutSz)
{
int copySz;
@@ -8805,15 +9346,15 @@ WOLFSSL_X509* wolfSSL_X509_d2i(WOLFSSL_X509** x509, const byte* in, int len)
#ifdef WOLFSSL_SMALL_STACK
cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
+ DYNAMIC_TYPE_TMP_BUFFER);
if (cert == NULL)
return NULL;
#endif
InitDecodedCert(cert, (byte*)in, len, NULL);
if (ParseCertRelative(cert, CERT_TYPE, 0, NULL) == 0) {
- newX509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509),
- NULL, DYNAMIC_TYPE_X509);
+ newX509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), NULL,
+ DYNAMIC_TYPE_X509);
if (newX509 != NULL) {
InitX509(newX509, 1);
if (CopyDecodedToX509(newX509, cert) != 0) {
@@ -9028,23 +9569,6 @@ WOLFSSL_X509* wolfSSL_X509_load_certificate_file(const char* fname, int format)
#ifdef OPENSSL_EXTRA
-int wolfSSL_set_ex_data(WOLFSSL* ssl, int idx, void* data)
-{
-#ifdef FORTRESS
- if (ssl != NULL && idx < MAX_EX_DATA)
- {
- ssl->ex_data[idx] = data;
- return SSL_SUCCESS;
- }
-#else
- (void)ssl;
- (void)idx;
- (void)data;
-#endif
- return SSL_FAILURE;
-}
-
-
int wolfSSL_set_session_id_context(WOLFSSL* ssl, const unsigned char* id,
unsigned int len)
{
@@ -9064,9 +9588,14 @@ void wolfSSL_set_connect_state(WOLFSSL* ssl)
int wolfSSL_get_shutdown(const WOLFSSL* ssl)
{
+ WOLFSSL_ENTER("wolfSSL_get_shutdown");
+#ifdef HAVE_STUNNEL
+ return (ssl->options.sentNotify << 1) | (ssl->options.closeNotify);
+#else
return (ssl->options.isClosed ||
ssl->options.connReset ||
ssl->options.sentNotify);
+#endif
}
@@ -9112,6 +9641,21 @@ const char* wolfSSL_get_version(WOLFSSL* ssl)
return "unknown";
}
+
+/* current library version */
+const char* wolfSSL_lib_version(void)
+{
+ return LIBWOLFSSL_VERSION_STRING;
+}
+
+
+/* current library version in hex */
+word32 wolfSSL_lib_version_hex(void)
+{
+ return LIBWOLFSSL_VERSION_HEX;
+}
+
+
int wolfSSL_get_current_cipher_suite(WOLFSSL* ssl)
{
WOLFSSL_ENTER("SSL_get_current_cipher_suite");
@@ -9433,6 +9977,10 @@ const char* wolfSSL_CIPHER_get_name(const WOLFSSL_CIPHER* cipher)
case TLS_NTRU_RSA_WITH_AES_256_CBC_SHA :
return "TLS_NTRU_RSA_WITH_AES_256_CBC_SHA";
#endif /* HAVE_NTRU */
+ #ifdef HAVE_QSH
+ case TLS_QSH :
+ return "TLS_QSH";
+ #endif /* HAVE_QSH*/
#endif /* NO_SHA */
case TLS_RSA_WITH_AES_128_GCM_SHA256 :
return "TLS_RSA_WITH_AES_128_GCM_SHA256";
@@ -9672,19 +10220,6 @@ int wolfSSL_COMP_add_compression_method(int method, void* data)
}
-
-int wolfSSL_get_ex_new_index(long idx, void* data, void* cb1, void* cb2,
- void* cb3)
-{
- (void)idx;
- (void)data;
- (void)cb1;
- (void)cb2;
- (void)cb3;
- return 0;
-}
-
-
void wolfSSL_set_dynlock_create_callback(WOLFSSL_dynlock_value* (*f)(
const char*, int))
{
@@ -9709,8 +10244,7 @@ void wolfSSL_set_dynlock_destroy_callback(
const char* wolfSSL_X509_verify_cert_error_string(long err)
{
- (void)err;
- return 0;
+ return wolfSSL_ERR_reason_error_string(err);
}
@@ -9842,6 +10376,7 @@ int wolfSSL_X509_STORE_CTX_init(WOLFSSL_X509_STORE_CTX* ctx,
WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509, STACK_OF(WOLFSSL_X509)* sk)
{
(void)sk;
+ WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_init");
if (ctx != NULL) {
ctx->store = store;
ctx->current_cert = x509;
@@ -10028,7 +10563,8 @@ long wolfSSL_ASN1_INTEGER_get(const WOLFSSL_ASN1_INTEGER* i)
void* wolfSSL_X509_STORE_CTX_get_ex_data(WOLFSSL_X509_STORE_CTX* ctx, int idx)
{
-#ifdef FORTRESS
+ WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_get_ex_data");
+#if defined(FORTRESS) || defined(HAVE_STUNNEL)
if (ctx != NULL && idx == 0)
return ctx->ex_data;
#else
@@ -10041,24 +10577,13 @@ void* wolfSSL_X509_STORE_CTX_get_ex_data(WOLFSSL_X509_STORE_CTX* ctx, int idx)
int wolfSSL_get_ex_data_X509_STORE_CTX_idx(void)
{
+ WOLFSSL_ENTER("wolfSSL_get_ex_data_X509_STORE_CTX_idx");
return 0;
}
-void* wolfSSL_get_ex_data(const WOLFSSL* ssl, int idx)
-{
-#ifdef FORTRESS
- if (ssl != NULL && idx < MAX_EX_DATA)
- return ssl->ex_data[idx];
-#else
- (void)ssl;
- (void)idx;
-#endif
- return 0;
-}
-
-
-void wolfSSL_CTX_set_info_callback(WOLFSSL_CTX* ctx, void (*f)(void))
+void wolfSSL_CTX_set_info_callback(WOLFSSL_CTX* ctx,
+ void (*f)(const WOLFSSL* ssl, int type, int val))
{
(void)ctx;
(void)f;
@@ -10071,7 +10596,7 @@ unsigned long wolfSSL_ERR_peek_error(void)
}
-int wolfSSL_ERR_GET_REASON(int err)
+int wolfSSL_ERR_GET_REASON(unsigned long err)
{
(void)err;
return 0;
@@ -10092,7 +10617,7 @@ char* wolfSSL_alert_desc_string_long(int alertID)
}
-char* wolfSSL_state_string_long(WOLFSSL* ssl)
+char* wolfSSL_state_string_long(const WOLFSSL* ssl)
{
(void)ssl;
return 0;
@@ -10251,23 +10776,6 @@ void* wolfSSL_sk_value(WOLFSSL_X509_REVOKED* rev, int i)
/* stunnel 4.28 needs */
-void* wolfSSL_CTX_get_ex_data(const WOLFSSL_CTX* ctx, int d)
-{
- (void)ctx;
- (void)d;
- return 0;
-}
-
-
-int wolfSSL_CTX_set_ex_data(WOLFSSL_CTX* ctx, int d, void* p)
-{
- (void)ctx;
- (void)d;
- (void)p;
- return SSL_SUCCESS;
-}
-
-
void wolfSSL_CTX_sess_set_get_cb(WOLFSSL_CTX* ctx,
WOLFSSL_SESSION*(*f)(WOLFSSL*, unsigned char*, int, int*))
{
@@ -10325,17 +10833,6 @@ long wolfSSL_SESSION_get_time(const WOLFSSL_SESSION* sess)
}
-int wolfSSL_CTX_get_ex_new_index(long idx, void* arg, void* a, void* b,
- void* c)
-{
- (void)idx;
- (void)arg;
- (void)a;
- (void)b;
- (void)c;
- return 0;
-}
-
#endif /* OPENSSL_EXTRA */
@@ -10375,6 +10872,7 @@ int wolfSSL_cmp_peer_cert_to_file(WOLFSSL* ssl, const char *fname)
WOLFSSL_X509* peer_cert = &ssl->peerCert;
buffer fileDer;
+ fileDer.buffer = 0;
file = XFOPEN(fname, "rb");
if (file == XBADFILE)
return SSL_BAD_FILE;
@@ -10400,7 +10898,6 @@ int wolfSSL_cmp_peer_cert_to_file(WOLFSSL* ssl, const char *fname)
info->set = 0;
info->ctx = ctx;
info->consumed = 0;
- fileDer.buffer = 0;
if ((myBuffer != NULL) &&
(sz > 0) &&
@@ -10432,7 +10929,7 @@ int wolfSSL_cmp_peer_cert_to_file(WOLFSSL* ssl, const char *fname)
#endif
-static RNG globalRNG;
+static WC_RNG globalRNG;
static int initGlobalRNG = 0;
/* SSL_SUCCESS on ok */
@@ -10459,19 +10956,19 @@ int wolfSSL_RAND_seed(const void* seed, int len)
/* SSL_SUCCESS on ok */
int wolfSSL_RAND_bytes(unsigned char* buf, int num)
{
- int ret = 0;
- int initTmpRng = 0;
- RNG* rng = NULL;
+ int ret = 0;
+ int initTmpRng = 0;
+ WC_RNG* rng = NULL;
#ifdef WOLFSSL_SMALL_STACK
- RNG* tmpRNG = NULL;
+ WC_RNG* tmpRNG = NULL;
#else
- RNG tmpRNG[1];
+ WC_RNG tmpRNG[1];
#endif
- WOLFSSL_ENTER("RAND_bytes");
+ WOLFSSL_ENTER("wolfSSL_RAND_bytes");
#ifdef WOLFSSL_SMALL_STACK
- tmpRNG = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (tmpRNG == NULL)
return ret;
#endif
@@ -10577,6 +11074,7 @@ void wolfSSL_BN_free(WOLFSSL_BIGNUM* bn)
bn->internal = NULL;
}
XFREE(bn, NULL, DYNAMIC_TYPE_BIGINT);
+ bn = NULL;
}
}
@@ -10641,76 +11139,94 @@ const WOLFSSL_BIGNUM* wolfSSL_BN_value_one(void)
return bn_one;
}
-
+/* return compliant with OpenSSL
+ * size of BIGNUM in bytes, 0 if error */
int wolfSSL_BN_num_bytes(const WOLFSSL_BIGNUM* bn)
{
WOLFSSL_MSG("wolfSSL_BN_num_bytes");
if (bn == NULL || bn->internal == NULL)
- return 0;
+ return SSL_FAILURE;
return mp_unsigned_bin_size((mp_int*)bn->internal);
}
-
+/* return compliant with OpenSSL
+ * size of BIGNUM in bits, 0 if error */
int wolfSSL_BN_num_bits(const WOLFSSL_BIGNUM* bn)
{
WOLFSSL_MSG("wolfSSL_BN_num_bits");
if (bn == NULL || bn->internal == NULL)
- return 0;
+ return SSL_FAILURE;
return mp_count_bits((mp_int*)bn->internal);
}
-
+/* return compliant with OpenSSL
+ * 1 if BIGNUM is zero, 0 else */
int wolfSSL_BN_is_zero(const WOLFSSL_BIGNUM* bn)
{
WOLFSSL_MSG("wolfSSL_BN_is_zero");
if (bn == NULL || bn->internal == NULL)
- return 0;
+ return SSL_FAILURE;
- return mp_iszero((mp_int*)bn->internal);
+ if (mp_iszero((mp_int*)bn->internal) == MP_YES)
+ return SSL_SUCCESS;
+
+ return SSL_FAILURE;
}
-
+/* return compliant with OpenSSL
+ * 1 if BIGNUM is one, 0 else */
int wolfSSL_BN_is_one(const WOLFSSL_BIGNUM* bn)
{
WOLFSSL_MSG("wolfSSL_BN_is_one");
if (bn == NULL || bn->internal == NULL)
- return 0;
+ return SSL_FAILURE;
- if (mp_cmp_d((mp_int*)bn->internal, 1) == 0)
- return 1;
+ if (mp_cmp_d((mp_int*)bn->internal, 1) == MP_EQ)
+ return SSL_SUCCESS;
- return 0;
+ return SSL_FAILURE;
}
-
+/* return compliant with OpenSSL
+ * 1 if BIGNUM is odd, 0 else */
int wolfSSL_BN_is_odd(const WOLFSSL_BIGNUM* bn)
{
WOLFSSL_MSG("wolfSSL_BN_is_odd");
if (bn == NULL || bn->internal == NULL)
- return 0;
+ return SSL_FAILURE;
- return mp_isodd((mp_int*)bn->internal);
+ if (mp_isodd((mp_int*)bn->internal) == MP_YES)
+ return SSL_SUCCESS;
+
+ return SSL_FAILURE;
}
-
+/* return compliant with OpenSSL
+ * -1 if a < b, 0 if a == b and 1 if a > b
+ */
int wolfSSL_BN_cmp(const WOLFSSL_BIGNUM* a, const WOLFSSL_BIGNUM* b)
{
+ int ret;
+
WOLFSSL_MSG("wolfSSL_BN_cmp");
- if (a == NULL || a->internal == NULL || b == NULL || b->internal ==NULL)
- return 0;
+ if (a == NULL || a->internal == NULL || b == NULL || b->internal == NULL)
+ return SSL_FATAL_ERROR;
- return mp_cmp((mp_int*)a->internal, (mp_int*)b->internal);
+ ret = mp_cmp((mp_int*)a->internal, (mp_int*)b->internal);
+
+ return (ret == MP_EQ ? 0 : (ret == MP_GT ? 1 : -1));
}
-
+/* return compliant with OpenSSL
+ * length of BIGNUM in bytes, -1 if error */
int wolfSSL_BN_bn2bin(const WOLFSSL_BIGNUM* bn, unsigned char* r)
{
WOLFSSL_MSG("wolfSSL_BN_bn2bin");
@@ -10735,29 +11251,40 @@ int wolfSSL_BN_bn2bin(const WOLFSSL_BIGNUM* bn, unsigned char* r)
WOLFSSL_BIGNUM* wolfSSL_BN_bin2bn(const unsigned char* str, int len,
WOLFSSL_BIGNUM* ret)
{
+ int weOwn = 0;
+
WOLFSSL_MSG("wolfSSL_BN_bin2bn");
+ /* if ret is null create a BN */
+ if (ret == NULL) {
+ ret = wolfSSL_BN_new();
+ weOwn = 1;
+ if (ret == NULL)
+ return NULL;
+ }
+
+ /* check ret and ret->internal then read in value */
if (ret && ret->internal) {
if (mp_read_unsigned_bin((mp_int*)ret->internal, str, len) != 0) {
WOLFSSL_MSG("mp_read_unsigned_bin failure");
+ if (weOwn)
+ wolfSSL_BN_free(ret);
return NULL;
}
}
- else {
- WOLFSSL_MSG("wolfSSL_BN_bin2bn wants return bignum");
- }
return ret;
}
-
+/* return compliant with OpenSSL
+ * 1 if success, 0 if error */
int wolfSSL_mask_bits(WOLFSSL_BIGNUM* bn, int n)
{
(void)bn;
(void)n;
WOLFSSL_MSG("wolfSSL_BN_mask_bits");
- return SSL_FATAL_ERROR;
+ return SSL_FAILURE;
}
@@ -10767,12 +11294,12 @@ int wolfSSL_BN_rand(WOLFSSL_BIGNUM* bn, int bits, int top, int bottom)
int ret = 0;
int len = bits / 8;
int initTmpRng = 0;
- RNG* rng = NULL;
+ WC_RNG* rng = NULL;
#ifdef WOLFSSL_SMALL_STACK
- RNG* tmpRNG = NULL;
+ WC_RNG* tmpRNG = NULL;
byte* buff = NULL;
#else
- RNG tmpRNG[1];
+ WC_RNG tmpRNG[1];
byte buff[1024];
#endif
@@ -10785,7 +11312,7 @@ int wolfSSL_BN_rand(WOLFSSL_BIGNUM* bn, int bits, int top, int bottom)
#ifdef WOLFSSL_SMALL_STACK
buff = (byte*)XMALLOC(1024, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- tmpRNG = (RNG*) XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ tmpRNG = (WC_RNG*) XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (buff == NULL || tmpRNG == NULL) {
XFREE(buff, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -10827,15 +11354,35 @@ int wolfSSL_BN_rand(WOLFSSL_BIGNUM* bn, int bits, int top, int bottom)
return ret;
}
-
+/* return code compliant with OpenSSL :
+ * 1 if bit set, 0 else
+ */
int wolfSSL_BN_is_bit_set(const WOLFSSL_BIGNUM* bn, int n)
{
- (void)bn;
- (void)n;
+ if (bn == NULL || bn->internal == NULL) {
+ WOLFSSL_MSG("bn NULL error");
+ return SSL_FAILURE;
+ }
- WOLFSSL_MSG("wolfSSL_BN_is_bit_set");
+ return mp_is_bit_set((mp_int*)bn->internal, n);
+}
- return 0;
+/* return code compliant with OpenSSL :
+ * 1 if success, 0 else
+ */
+int wolfSSL_BN_set_bit(WOLFSSL_BIGNUM* bn, int n)
+{
+ if (bn == NULL || bn->internal == NULL) {
+ WOLFSSL_MSG("bn NULL error");
+ return SSL_FAILURE;
+ }
+
+ if (mp_set_bit((mp_int*)bn->internal, n) != MP_OKAY) {
+ WOLFSSL_MSG("mp_set_int error");
+ return SSL_FAILURE;
+ }
+
+ return SSL_SUCCESS;
}
@@ -10907,32 +11454,44 @@ WOLFSSL_BIGNUM* wolfSSL_BN_dup(const WOLFSSL_BIGNUM* bn)
return NULL;
}
+ ret->neg = bn->neg;
+
return ret;
}
WOLFSSL_BIGNUM* wolfSSL_BN_copy(WOLFSSL_BIGNUM* r, const WOLFSSL_BIGNUM* bn)
{
- (void)r;
- (void)bn;
-
WOLFSSL_MSG("wolfSSL_BN_copy");
- return NULL;
+ if (mp_copy((mp_int*)bn->internal, (mp_int*)r->internal) != MP_OKAY) {
+ WOLFSSL_MSG("mp_copy error");
+ return NULL;
+ }
+
+ r->neg = bn->neg;
+
+ return r;
}
-
-int wolfSSL_BN_set_word(WOLFSSL_BIGNUM* bn, unsigned long w)
+/* return code compliant with OpenSSL :
+ * 1 if success, 0 else
+ */
+int wolfSSL_BN_set_word(WOLFSSL_BIGNUM* bn, WOLFSSL_BN_ULONG w)
{
- (void)bn;
- (void)w;
-
WOLFSSL_MSG("wolfSSL_BN_set_word");
- return SSL_FATAL_ERROR;
+ if (mp_set_int((mp_int*)bn->internal, w) != MP_OKAY) {
+ WOLFSSL_MSG("mp_init_set_int error");
+ return SSL_FAILURE;
+ }
+
+ return SSL_SUCCESS;
}
-
+/* return code compliant with OpenSSL :
+ * number length in decimal if success, 0 if error
+ */
int wolfSSL_BN_dec2bn(WOLFSSL_BIGNUM** bn, const char* str)
{
(void)bn;
@@ -10940,10 +11499,42 @@ int wolfSSL_BN_dec2bn(WOLFSSL_BIGNUM** bn, const char* str)
WOLFSSL_MSG("wolfSSL_BN_dec2bn");
- return SSL_FATAL_ERROR;
+ return SSL_FAILURE;
}
+#if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)
+char *wolfSSL_BN_bn2dec(const WOLFSSL_BIGNUM *bn)
+{
+ int len = 0;
+ char *buf;
+
+ WOLFSSL_MSG("wolfSSL_BN_bn2dec");
+
+ if (bn == NULL || bn->internal == NULL) {
+ WOLFSSL_MSG("bn NULL error");
+ return NULL;
+ }
+
+ if (mp_radix_size((mp_int*)bn->internal, 10, &len) != MP_OKAY) {
+ WOLFSSL_MSG("mp_radix_size failure");
+ return NULL;
+ }
+
+ buf = (char*) XMALLOC(len, NULL, DYNAMIC_TYPE_ECC);
+ if (buf == NULL) {
+ WOLFSSL_MSG("wolfSSL_BN_bn2hex malloc buffer failure");
+ return NULL;
+ }
+
+ if (mp_toradix((mp_int*)bn->internal, buf, 10) != MP_OKAY) {
+ XFREE(buf, NULL, DYNAMIC_TYPE_ECC);
+ return NULL;
+ }
+
+ return buf;
+}
+#else
char* wolfSSL_BN_bn2dec(const WOLFSSL_BIGNUM* bn)
{
(void)bn;
@@ -10952,7 +11543,253 @@ char* wolfSSL_BN_bn2dec(const WOLFSSL_BIGNUM* bn)
return NULL;
}
+#endif /* defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) */
+/* return code compliant with OpenSSL :
+ * 1 if success, 0 else
+ */
+int wolfSSL_BN_lshift(WOLFSSL_BIGNUM *r, const WOLFSSL_BIGNUM *bn, int n)
+{
+ WOLFSSL_MSG("wolfSSL_BN_lshift");
+
+ if (r == NULL || r->internal == NULL || bn == NULL || bn->internal == NULL){
+ WOLFSSL_MSG("bn NULL error");
+ return SSL_FAILURE;
+ }
+
+ if (mp_mul_2d((mp_int*)bn->internal, n, (mp_int*)r->internal) != MP_OKAY) {
+ WOLFSSL_MSG("mp_mul_2d error");
+ return SSL_FAILURE;
+ }
+
+ return SSL_SUCCESS;
+}
+
+/* return code compliant with OpenSSL :
+ * 1 if success, 0 else
+ */
+int wolfSSL_BN_rshift(WOLFSSL_BIGNUM *r, const WOLFSSL_BIGNUM *bn, int n)
+{
+ WOLFSSL_MSG("wolfSSL_BN_rshift");
+
+ if (r == NULL || r->internal == NULL || bn == NULL || bn->internal == NULL){
+ WOLFSSL_MSG("bn NULL error");
+ return SSL_FAILURE;
+ }
+
+ if (mp_div_2d((mp_int*)bn->internal, n,
+ (mp_int*)r->internal, NULL) != MP_OKAY) {
+ WOLFSSL_MSG("mp_mul_2d error");
+ return SSL_FAILURE;
+ }
+
+ return SSL_SUCCESS;
+}
+
+/* return code compliant with OpenSSL :
+ * 1 if success, 0 else
+ */
+int wolfSSL_BN_add_word(WOLFSSL_BIGNUM *bn, WOLFSSL_BN_ULONG w)
+{
+ WOLFSSL_MSG("wolfSSL_BN_add_word");
+
+ if (bn == NULL || bn->internal == NULL) {
+ WOLFSSL_MSG("bn NULL error");
+ return SSL_FAILURE;
+ }
+
+ if (mp_add_d((mp_int*)bn->internal, w, (mp_int*)bn->internal) != MP_OKAY) {
+ WOLFSSL_MSG("mp_add_d error");
+ return SSL_FAILURE;
+ }
+
+ return SSL_SUCCESS;
+}
+
+/* return code compliant with OpenSSL :
+ * 1 if success, 0 else
+ */
+int wolfSSL_BN_add(WOLFSSL_BIGNUM *r, WOLFSSL_BIGNUM *a, WOLFSSL_BIGNUM *b)
+{
+ WOLFSSL_MSG("wolfSSL_BN_add");
+
+ if (r == NULL || r->internal == NULL || a == NULL || a->internal == NULL ||
+ b == NULL || b->internal == NULL) {
+ WOLFSSL_MSG("bn NULL error");
+ return SSL_FAILURE;
+ }
+
+ if (mp_add((mp_int*)a->internal, (mp_int*)b->internal,
+ (mp_int*)r->internal) != MP_OKAY) {
+ WOLFSSL_MSG("mp_add_d error");
+ return SSL_FAILURE;
+ }
+
+ return SSL_SUCCESS;
+}
+
+#ifdef WOLFSSL_KEY_GEN
+
+/* return code compliant with OpenSSL :
+ * 1 if prime, 0 if not, -1 if error
+ */
+int wolfSSL_BN_is_prime_ex(const WOLFSSL_BIGNUM *bn, int nbchecks,
+ WOLFSSL_BN_CTX *ctx, WOLFSSL_BN_GENCB *cb)
+{
+ int res;
+
+ (void)ctx;
+ (void)cb;
+
+ WOLFSSL_MSG("wolfSSL_BN_is_prime_ex");
+
+ if (bn == NULL || bn->internal == NULL) {
+ WOLFSSL_MSG("bn NULL error");
+ return SSL_FATAL_ERROR;
+ }
+
+ if (mp_prime_is_prime((mp_int*)bn->internal, nbchecks, &res) != MP_OKAY) {
+ WOLFSSL_MSG("mp_prime_is_prime error");
+ return SSL_FATAL_ERROR;
+ }
+
+ if (res != MP_YES) {
+ WOLFSSL_MSG("mp_prime_is_prime not prime");
+ return SSL_FAILURE;
+ }
+
+ return SSL_SUCCESS;
+}
+
+/* return code compliant with OpenSSL :
+ * (bn mod w) if success, -1 if error
+ */
+WOLFSSL_BN_ULONG wolfSSL_BN_mod_word(const WOLFSSL_BIGNUM *bn,
+ WOLFSSL_BN_ULONG w)
+{
+ WOLFSSL_BN_ULONG ret = 0;
+
+ WOLFSSL_MSG("wolfSSL_BN_mod_word");
+
+ if (bn == NULL || bn->internal == NULL) {
+ WOLFSSL_MSG("bn NULL error");
+ return (WOLFSSL_BN_ULONG)SSL_FATAL_ERROR;
+ }
+
+ if (mp_mod_d((mp_int*)bn->internal, w, &ret) != MP_OKAY) {
+ WOLFSSL_MSG("mp_add_d error");
+ return (WOLFSSL_BN_ULONG)SSL_FATAL_ERROR;
+ }
+
+ return ret;
+}
+#endif /* #ifdef WOLFSSL_KEY_GEN */
+
+#if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)
+char *wolfSSL_BN_bn2hex(const WOLFSSL_BIGNUM *bn)
+{
+ int len = 0;
+ char *buf;
+
+ WOLFSSL_MSG("wolfSSL_BN_bn2hex");
+
+ if (bn == NULL || bn->internal == NULL) {
+ WOLFSSL_MSG("bn NULL error");
+ return NULL;
+ }
+
+ if (mp_radix_size((mp_int*)bn->internal, 16, &len) != MP_OKAY) {
+ WOLFSSL_MSG("mp_radix_size failure");
+ return NULL;
+ }
+
+ buf = (char*) XMALLOC(len, NULL, DYNAMIC_TYPE_ECC);
+ if (buf == NULL) {
+ WOLFSSL_MSG("wolfSSL_BN_bn2hex malloc buffer failure");
+ return NULL;
+ }
+
+ if (mp_toradix((mp_int*)bn->internal, buf, 16) != MP_OKAY) {
+ XFREE(buf, NULL, DYNAMIC_TYPE_ECC);
+ return NULL;
+ }
+
+ return buf;
+}
+
+#ifndef NO_FILESYSTEM
+/* return code compliant with OpenSSL :
+ * 1 if success, 0 if error
+ */
+int wolfSSL_BN_print_fp(FILE *fp, const WOLFSSL_BIGNUM *bn)
+{
+ char *buf;
+
+ WOLFSSL_MSG("wolfSSL_BN_print_fp");
+
+ if (fp == NULL || bn == NULL || bn->internal == NULL) {
+ WOLFSSL_MSG("bn NULL error");
+ return SSL_FAILURE;
+ }
+
+ buf = wolfSSL_BN_bn2hex(bn);
+ if (buf == NULL) {
+ WOLFSSL_MSG("wolfSSL_BN_bn2hex failure");
+ return SSL_FAILURE;
+ }
+
+ fprintf(fp, "%s", buf);
+ XFREE(buf, NULL, DYNAMIC_TYPE_ECC);
+
+ return SSL_SUCCESS;
+}
+#endif /* !defined(NO_FILESYSTEM) */
+
+#else /* defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) */
+
+char *wolfSSL_BN_bn2hex(const WOLFSSL_BIGNUM *bn)
+{
+ (void)bn;
+
+ WOLFSSL_MSG("wolfSSL_BN_bn2hex not implemented");
+
+ return (char*)"";
+}
+
+#ifndef NO_FILESYSTEM
+/* return code compliant with OpenSSL :
+ * 1 if success, 0 if error
+ */
+int wolfSSL_BN_print_fp(FILE *fp, const WOLFSSL_BIGNUM *bn)
+{
+ (void)fp;
+ (void)bn;
+
+ WOLFSSL_MSG("wolfSSL_BN_print_fp not implemented");
+
+ return SSL_SUCCESS;
+}
+#endif /* !defined(NO_FILESYSTEM) */
+
+#endif /* defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) */
+
+WOLFSSL_BIGNUM *wolfSSL_BN_CTX_get(WOLFSSL_BN_CTX *ctx)
+{
+ /* ctx is not used, return new Bignum */
+ (void)ctx;
+
+ WOLFSSL_ENTER("wolfSSL_BN_CTX_get");
+
+ return wolfSSL_BN_new();
+}
+
+void wolfSSL_BN_CTX_start(WOLFSSL_BN_CTX *ctx)
+{
+ (void)ctx;
+
+ WOLFSSL_ENTER("wolfSSL_BN_CTX_start");
+ WOLFSSL_MSG("wolfSSL_BN_CTX_start TBD");
+}
#ifndef NO_DH
@@ -11062,7 +11899,7 @@ static int SetDhInternal(WOLFSSL_DH* dh)
WOLFSSL_MSG("Bad DH SetKey");
else {
dh->inSet = 1;
- ret = 0;
+ ret = SSL_SUCCESS;
}
#ifdef WOLFSSL_SMALL_STACK
@@ -11075,42 +11912,46 @@ static int SetDhInternal(WOLFSSL_DH* dh)
return ret;
}
-
+/* return code compliant with OpenSSL :
+ * DH prime size in bytes if success, 0 if error
+ */
int wolfSSL_DH_size(WOLFSSL_DH* dh)
{
WOLFSSL_MSG("wolfSSL_DH_size");
if (dh == NULL)
- return 0;
+ return SSL_FATAL_ERROR;
return wolfSSL_BN_num_bytes(dh->p);
}
-/* return SSL_SUCCESS on ok, else 0 */
+/* return code compliant with OpenSSL :
+ * 1 if success, 0 if error
+ */
int wolfSSL_DH_generate_key(WOLFSSL_DH* dh)
{
- int ret = 0;
+ int ret = SSL_FAILURE;
word32 pubSz = 768;
word32 privSz = 768;
int initTmpRng = 0;
- RNG* rng = NULL;
+ WC_RNG* rng = NULL;
#ifdef WOLFSSL_SMALL_STACK
unsigned char* pub = NULL;
unsigned char* priv = NULL;
- RNG* tmpRNG = NULL;
+ WC_RNG* tmpRNG = NULL;
#else
unsigned char pub [768];
unsigned char priv[768];
- RNG tmpRNG[1];
+ WC_RNG tmpRNG[1];
#endif
WOLFSSL_MSG("wolfSSL_DH_generate_key");
#ifdef WOLFSSL_SMALL_STACK
- tmpRNG = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
- pub = (unsigned char*)XMALLOC(pubSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- priv = (unsigned char*)XMALLOC(privSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ pub = (unsigned char*)XMALLOC(pubSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ priv = (unsigned char*)XMALLOC(privSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (tmpRNG == NULL || pub == NULL || priv == NULL) {
XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -11122,7 +11963,7 @@ int wolfSSL_DH_generate_key(WOLFSSL_DH* dh)
if (dh == NULL || dh->p == NULL || dh->g == NULL)
WOLFSSL_MSG("Bad function arguments");
- else if (dh->inSet == 0 && SetDhInternal(dh) < 0)
+ else if (dh->inSet == 0 && SetDhInternal(dh) != SSL_SUCCESS)
WOLFSSL_MSG("Bad DH set internal");
else if (wc_InitRng(tmpRNG) == 0) {
rng = tmpRNG;
@@ -11143,7 +11984,7 @@ int wolfSSL_DH_generate_key(WOLFSSL_DH* dh)
else {
if (dh->pub_key)
wolfSSL_BN_free(dh->pub_key);
-
+
dh->pub_key = wolfSSL_BN_new();
if (dh->pub_key == NULL) {
WOLFSSL_MSG("Bad DH new pub");
@@ -11181,11 +12022,13 @@ int wolfSSL_DH_generate_key(WOLFSSL_DH* dh)
}
-/* return key size on ok, 0 otherwise */
+/* return code compliant with OpenSSL :
+ * size of shared secret if success, -1 if error
+ */
int wolfSSL_DH_compute_key(unsigned char* key, WOLFSSL_BIGNUM* otherPub,
WOLFSSL_DH* dh)
{
- int ret = 0;
+ int ret = SSL_FATAL_ERROR;
word32 keySz = 0;
word32 pubSz = 1024;
word32 privSz = 1024;
@@ -11207,7 +12050,7 @@ int wolfSSL_DH_compute_key(unsigned char* key, WOLFSSL_BIGNUM* otherPub,
priv = (unsigned char*)XMALLOC(privSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (priv == NULL) {
XFREE(pub, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- return 0;
+ return ret;
}
#endif
@@ -11225,8 +12068,8 @@ int wolfSSL_DH_compute_key(unsigned char* key, WOLFSSL_BIGNUM* otherPub,
if (privSz <= 0 || pubSz <= 0)
WOLFSSL_MSG("Bad BN2bin set");
- else if (wc_DhAgree((DhKey*)dh->internal, key, &keySz, priv, privSz, pub,
- pubSz) < 0)
+ else if (wc_DhAgree((DhKey*)dh->internal, key, &keySz,
+ priv, privSz, pub, pubSz) < 0)
WOLFSSL_MSG("wc_DhAgree failed");
else
ret = (int)keySz;
@@ -11305,36 +12148,9 @@ void wolfSSL_DSA_free(WOLFSSL_DSA* dsa)
InitwolfSSL_DSA(dsa); /* set back to NULLs for safety */
XFREE(dsa, NULL, DYNAMIC_TYPE_DSA);
+ dsa = NULL;
}
}
-
-
-int wolfSSL_DSA_generate_key(WOLFSSL_DSA* dsa)
-{
- (void)dsa;
-
- WOLFSSL_MSG("wolfSSL_DSA_generate_key");
-
- return 0; /* key gen not needed by server */
-}
-
-
-int wolfSSL_DSA_generate_parameters_ex(WOLFSSL_DSA* dsa, int bits,
- unsigned char* seed, int seedLen, int* counterRet,
- unsigned long* hRet, void* cb)
-{
- (void)dsa;
- (void)bits;
- (void)seed;
- (void)seedLen;
- (void)counterRet;
- (void)hRet;
- (void)cb;
-
- WOLFSSL_MSG("wolfSSL_DSA_generate_parameters_ex");
-
- return 0; /* key gen not needed by server */
-}
#endif /* NO_DSA */
#ifndef NO_RSA
@@ -11411,6 +12227,7 @@ void wolfSSL_RSA_free(WOLFSSL_RSA* rsa)
InitwolfSSL_Rsa(rsa); /* set back to NULLs for safety */
XFREE(rsa, NULL, DYNAMIC_TYPE_RSA);
+ rsa = NULL;
}
}
#endif /* NO_RSA */
@@ -11421,7 +12238,7 @@ static int SetIndividualExternal(WOLFSSL_BIGNUM** bn, mp_int* mpi)
{
WOLFSSL_MSG("Entering SetIndividualExternal");
- if (mpi == NULL) {
+ if (mpi == NULL || bn == NULL) {
WOLFSSL_MSG("mpi NULL error");
return SSL_FATAL_ERROR;
}
@@ -11439,12 +12256,35 @@ static int SetIndividualExternal(WOLFSSL_BIGNUM** bn, mp_int* mpi)
return SSL_FATAL_ERROR;
}
- return 0;
+ return SSL_SUCCESS;
+}
+
+static int SetIndividualInternal(WOLFSSL_BIGNUM* bn, mp_int* mpi)
+{
+ WOLFSSL_MSG("Entering SetIndividualInternal");
+
+ if (bn == NULL || bn->internal == NULL) {
+ WOLFSSL_MSG("bn NULL error");
+ return SSL_FATAL_ERROR;
+ }
+
+ if (mpi == NULL || (mp_init(mpi) != MP_OKAY)) {
+ WOLFSSL_MSG("mpi NULL error");
+ return SSL_FATAL_ERROR;
+ }
+
+ if (mp_copy((mp_int*)bn->internal, mpi) != MP_OKAY) {
+ WOLFSSL_MSG("mp_copy error");
+ return SSL_FATAL_ERROR;
+ }
+
+ return SSL_SUCCESS;
}
#endif /* !NO_RSA && !NO_DSA */
#ifndef NO_DSA
+/* wolfSSL -> OpenSSL */
static int SetDsaExternal(WOLFSSL_DSA* dsa)
{
DsaKey* key;
@@ -11457,39 +12297,96 @@ static int SetDsaExternal(WOLFSSL_DSA* dsa)
key = (DsaKey*)dsa->internal;
- if (SetIndividualExternal(&dsa->p, &key->p) < 0) {
+ if (SetIndividualExternal(&dsa->p, &key->p) != SSL_SUCCESS) {
WOLFSSL_MSG("dsa p key error");
return SSL_FATAL_ERROR;
}
- if (SetIndividualExternal(&dsa->q, &key->q) < 0) {
+ if (SetIndividualExternal(&dsa->q, &key->q) != SSL_SUCCESS) {
WOLFSSL_MSG("dsa q key error");
return SSL_FATAL_ERROR;
}
- if (SetIndividualExternal(&dsa->g, &key->g) < 0) {
+ if (SetIndividualExternal(&dsa->g, &key->g) != SSL_SUCCESS) {
WOLFSSL_MSG("dsa g key error");
return SSL_FATAL_ERROR;
}
- if (SetIndividualExternal(&dsa->pub_key, &key->y) < 0) {
+ if (SetIndividualExternal(&dsa->pub_key, &key->y) != SSL_SUCCESS) {
WOLFSSL_MSG("dsa y key error");
return SSL_FATAL_ERROR;
}
- if (SetIndividualExternal(&dsa->priv_key, &key->x) < 0) {
+ if (SetIndividualExternal(&dsa->priv_key, &key->x) != SSL_SUCCESS) {
WOLFSSL_MSG("dsa x key error");
return SSL_FATAL_ERROR;
}
dsa->exSet = 1;
- return 0;
+ return SSL_SUCCESS;
+}
+
+/* Openssl -> WolfSSL */
+static int SetDsaInternal(WOLFSSL_DSA* dsa)
+{
+ DsaKey* key;
+ WOLFSSL_MSG("Entering SetDsaInternal");
+
+ if (dsa == NULL || dsa->internal == NULL) {
+ WOLFSSL_MSG("dsa key NULL error");
+ return SSL_FATAL_ERROR;
+ }
+
+ key = (DsaKey*)dsa->internal;
+
+ if (dsa->p != NULL &&
+ SetIndividualInternal(dsa->p, &key->p) != SSL_SUCCESS) {
+ WOLFSSL_MSG("rsa p key error");
+ return SSL_FATAL_ERROR;
+ }
+
+ if (dsa->q != NULL &&
+ SetIndividualInternal(dsa->q, &key->q) != SSL_SUCCESS) {
+ WOLFSSL_MSG("rsa q key error");
+ return SSL_FATAL_ERROR;
+ }
+
+ if (dsa->g != NULL &&
+ SetIndividualInternal(dsa->g, &key->g) != SSL_SUCCESS) {
+ WOLFSSL_MSG("rsa g key error");
+ return SSL_FATAL_ERROR;
+ }
+
+ if (dsa->pub_key != NULL) {
+ if (SetIndividualInternal(dsa->pub_key, &key->y) != SSL_SUCCESS) {
+ WOLFSSL_MSG("rsa pub_key error");
+ return SSL_FATAL_ERROR;
+ }
+
+ /* public key */
+ key->type = DSA_PUBLIC;
+ }
+
+ if (dsa->priv_key != NULL) {
+ if (SetIndividualInternal(dsa->priv_key, &key->x) != SSL_SUCCESS) {
+ WOLFSSL_MSG("rsa priv_key error");
+ return SSL_FATAL_ERROR;
+ }
+
+ /* private key */
+ key->type = DSA_PRIVATE;
+ }
+
+ dsa->inSet = 1;
+
+ return SSL_SUCCESS;
}
#endif /* NO_DSA */
#ifndef NO_RSA
+/* WolfSSL -> OpenSSL */
static int SetRsaExternal(WOLFSSL_RSA* rsa)
{
RsaKey* key;
@@ -11502,84 +12399,163 @@ static int SetRsaExternal(WOLFSSL_RSA* rsa)
key = (RsaKey*)rsa->internal;
- if (SetIndividualExternal(&rsa->n, &key->n) < 0) {
+ if (SetIndividualExternal(&rsa->n, &key->n) != SSL_SUCCESS) {
WOLFSSL_MSG("rsa n key error");
return SSL_FATAL_ERROR;
}
- if (SetIndividualExternal(&rsa->e, &key->e) < 0) {
+ if (SetIndividualExternal(&rsa->e, &key->e) != SSL_SUCCESS) {
WOLFSSL_MSG("rsa e key error");
return SSL_FATAL_ERROR;
}
- if (SetIndividualExternal(&rsa->d, &key->d) < 0) {
+ if (SetIndividualExternal(&rsa->d, &key->d) != SSL_SUCCESS) {
WOLFSSL_MSG("rsa d key error");
return SSL_FATAL_ERROR;
}
- if (SetIndividualExternal(&rsa->p, &key->p) < 0) {
+ if (SetIndividualExternal(&rsa->p, &key->p) != SSL_SUCCESS) {
WOLFSSL_MSG("rsa p key error");
return SSL_FATAL_ERROR;
}
- if (SetIndividualExternal(&rsa->q, &key->q) < 0) {
+ if (SetIndividualExternal(&rsa->q, &key->q) != SSL_SUCCESS) {
WOLFSSL_MSG("rsa q key error");
return SSL_FATAL_ERROR;
}
- if (SetIndividualExternal(&rsa->dmp1, &key->dP) < 0) {
+ if (SetIndividualExternal(&rsa->dmp1, &key->dP) != SSL_SUCCESS) {
WOLFSSL_MSG("rsa dP key error");
return SSL_FATAL_ERROR;
}
- if (SetIndividualExternal(&rsa->dmq1, &key->dQ) < 0) {
+ if (SetIndividualExternal(&rsa->dmq1, &key->dQ) != SSL_SUCCESS) {
WOLFSSL_MSG("rsa dQ key error");
return SSL_FATAL_ERROR;
}
- if (SetIndividualExternal(&rsa->iqmp, &key->u) < 0) {
+ if (SetIndividualExternal(&rsa->iqmp, &key->u) != SSL_SUCCESS) {
WOLFSSL_MSG("rsa u key error");
return SSL_FATAL_ERROR;
}
rsa->exSet = 1;
- return 0;
+ return SSL_SUCCESS;
+}
+
+/* Openssl -> WolfSSL */
+static int SetRsaInternal(WOLFSSL_RSA* rsa)
+{
+ RsaKey* key;
+ WOLFSSL_MSG("Entering SetRsaInternal");
+
+ if (rsa == NULL || rsa->internal == NULL) {
+ WOLFSSL_MSG("rsa key NULL error");
+ return SSL_FATAL_ERROR;
+ }
+
+ key = (RsaKey*)rsa->internal;
+
+ if (SetIndividualInternal(rsa->n, &key->n) != SSL_SUCCESS) {
+ WOLFSSL_MSG("rsa n key error");
+ return SSL_FATAL_ERROR;
+ }
+
+ if (SetIndividualInternal(rsa->e, &key->e) != SSL_SUCCESS) {
+ WOLFSSL_MSG("rsa e key error");
+ return SSL_FATAL_ERROR;
+ }
+
+ /* public key */
+ key->type = RSA_PUBLIC;
+
+ if (rsa->d != NULL) {
+ if (SetIndividualInternal(rsa->d, &key->d) != SSL_SUCCESS) {
+ WOLFSSL_MSG("rsa d key error");
+ return SSL_FATAL_ERROR;
+ }
+
+ /* private key */
+ key->type = RSA_PRIVATE;
+ }
+
+ if (rsa->p != NULL &&
+ SetIndividualInternal(rsa->p, &key->p) != SSL_SUCCESS) {
+ WOLFSSL_MSG("rsa p key error");
+ return SSL_FATAL_ERROR;
+ }
+
+ if (rsa->q != NULL &&
+ SetIndividualInternal(rsa->q, &key->q) != SSL_SUCCESS) {
+ WOLFSSL_MSG("rsa q key error");
+ return SSL_FATAL_ERROR;
+ }
+
+ if (rsa->dmp1 != NULL &&
+ SetIndividualInternal(rsa->dmp1, &key->dP) != SSL_SUCCESS) {
+ WOLFSSL_MSG("rsa dP key error");
+ return SSL_FATAL_ERROR;
+ }
+
+ if (rsa->dmq1 != NULL &&
+ SetIndividualInternal(rsa->dmq1, &key->dQ) != SSL_SUCCESS) {
+ WOLFSSL_MSG("rsa dQ key error");
+ return SSL_FATAL_ERROR;
+ }
+
+ if (rsa->iqmp != NULL &&
+ SetIndividualInternal(rsa->iqmp, &key->u) != SSL_SUCCESS) {
+ WOLFSSL_MSG("rsa u key error");
+ return SSL_FATAL_ERROR;
+ }
+
+ rsa->inSet = 1;
+
+ return SSL_SUCCESS;
}
-/* SSL_SUCCESS on ok */
+/* return compliant with OpenSSL
+ * 1 if success, 0 if error
+ */
int wolfSSL_RSA_generate_key_ex(WOLFSSL_RSA* rsa, int bits, WOLFSSL_BIGNUM* bn,
- void* cb)
+ void* cb)
{
- int ret = SSL_FATAL_ERROR;
+ int ret = SSL_FAILURE;
- WOLFSSL_MSG("wolfSSL_RSA_generate_key_ex");
-
- (void)rsa;
- (void)bits;
(void)cb;
(void)bn;
+ (void)bits;
+
+ WOLFSSL_ENTER("wolfSSL_RSA_generate_key_ex");
+
+ if (rsa == NULL || rsa->internal == NULL) {
+ /* bit size checked during make key call */
+ WOLFSSL_MSG("bad arguments");
+ return SSL_FAILURE;
+ }
#ifdef WOLFSSL_KEY_GEN
{
#ifdef WOLFSSL_SMALL_STACK
- RNG* rng = NULL;
+ WC_RNG* rng = NULL;
#else
- RNG rng[1];
+ WC_RNG rng[1];
#endif
#ifdef WOLFSSL_SMALL_STACK
- rng = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ rng = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (rng == NULL)
- return SSL_FATAL_ERROR;
+ return SSL_FAILURE;
#endif
if (wc_InitRng(rng) < 0)
WOLFSSL_MSG("RNG init failed");
- else if (wc_MakeRsaKey((RsaKey*)rsa->internal, bits, 65537, rng) < 0)
+ else if (wc_MakeRsaKey((RsaKey*)rsa->internal,
+ bits, 65537, rng) != MP_OKAY)
WOLFSSL_MSG("wc_MakeRsaKey failed");
- else if (SetRsaExternal(rsa) < 0)
+ else if (SetRsaExternal(rsa) != SSL_SUCCESS)
WOLFSSL_MSG("SetRsaExternal failed");
else {
rsa->inSet = 1;
@@ -11609,7 +12585,9 @@ int wolfSSL_RSA_blinding_on(WOLFSSL_RSA* rsa, WOLFSSL_BN_CTX* bn)
return SSL_SUCCESS; /* on by default */
}
-
+/* return compliant with OpenSSL
+ * size of encrypted data if success , -1 if error
+ */
int wolfSSL_RSA_public_encrypt(int len, unsigned char* fr,
unsigned char* to, WOLFSSL_RSA* rsa, int padding)
{
@@ -11624,7 +12602,9 @@ int wolfSSL_RSA_public_encrypt(int len, unsigned char* fr,
return SSL_FATAL_ERROR;
}
-
+/* return compliant with OpenSSL
+ * size of plain recovered data if success , -1 if error
+ */
int wolfSSL_RSA_private_decrypt(int len, unsigned char* fr,
unsigned char* to, WOLFSSL_RSA* rsa, int padding)
{
@@ -11639,46 +12619,59 @@ int wolfSSL_RSA_private_decrypt(int len, unsigned char* fr,
return SSL_FATAL_ERROR;
}
-
+/* return compliant with OpenSSL
+ * RSA modulus size in bytes, -1 if error
+ */
int wolfSSL_RSA_size(const WOLFSSL_RSA* rsa)
{
WOLFSSL_MSG("wolfSSL_RSA_size");
if (rsa == NULL)
- return 0;
+ return SSL_FATAL_ERROR;
return wolfSSL_BN_num_bytes(rsa->n);
}
#endif /* NO_RSA */
-
#ifndef NO_DSA
-/* return SSL_SUCCESS on success, < 0 otherwise */
-int wolfSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet,
- WOLFSSL_DSA* dsa)
+/* return code compliant with OpenSSL :
+ * 1 if success, 0 if error
+ */
+int wolfSSL_DSA_generate_key(WOLFSSL_DSA* dsa)
{
- int ret = SSL_FATAL_ERROR;
- int initTmpRng = 0;
- RNG* rng = NULL;
+ int ret = SSL_FAILURE;
+
+ WOLFSSL_ENTER("wolfSSL_DSA_generate_key");
+
+ if (dsa == NULL || dsa->internal == NULL) {
+ WOLFSSL_MSG("Bad arguments");
+ return SSL_FAILURE;
+ }
+
+ if (dsa->inSet == 0) {
+ WOLFSSL_MSG("No DSA internal set, do it");
+
+ if (SetDsaInternal(dsa) != SSL_SUCCESS) {
+ WOLFSSL_MSG("SetDsaInternal failed");
+ return ret;
+ }
+ }
+
+#ifdef WOLFSSL_KEY_GEN
+ {
+ int initTmpRng = 0;
+ WC_RNG *rng = NULL;
#ifdef WOLFSSL_SMALL_STACK
- RNG* tmpRNG = NULL;
+ WC_RNG *tmpRNG = NULL;
#else
- RNG tmpRNG[1];
+ WC_RNG tmpRNG[1];
#endif
- WOLFSSL_MSG("wolfSSL_DSA_do_sign");
-
- if (d == NULL || sigRet == NULL || dsa == NULL)
- WOLFSSL_MSG("Bad function arguments");
- else if (dsa->inSet == 0)
- WOLFSSL_MSG("No DSA internal set");
- else {
- #ifdef WOLFSSL_SMALL_STACK
- tmpRNG = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#ifdef WOLFSSL_SMALL_STACK
+ tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (tmpRNG == NULL)
return SSL_FATAL_ERROR;
- #endif
-
+#endif
if (wc_InitRng(tmpRNG) == 0) {
rng = tmpRNG;
initTmpRng = 1;
@@ -11692,21 +12685,196 @@ int wolfSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet,
}
if (rng) {
- if (DsaSign(d, sigRet, (DsaKey*)dsa->internal, rng) < 0)
- WOLFSSL_MSG("DsaSign failed");
+ if (wc_MakeDsaKey(rng, (DsaKey*)dsa->internal) != MP_OKAY)
+ WOLFSSL_MSG("wc_MakeDsaKey failed");
+ else if (SetDsaExternal(dsa) != SSL_SUCCESS)
+ WOLFSSL_MSG("SetDsaExternal failed");
else
ret = SSL_SUCCESS;
}
if (initTmpRng)
wc_FreeRng(tmpRNG);
- #ifdef WOLFSSL_SMALL_STACK
+
+#ifdef WOLFSSL_SMALL_STACK
XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
+#endif
+ }
+#else /* WOLFSSL_KEY_GEN */
+ WOLFSSL_MSG("No Key Gen built in");
+#endif
+ return ret;
+}
+
+/* return code compliant with OpenSSL :
+ * 1 if success, 0 if error
+ */
+int wolfSSL_DSA_generate_parameters_ex(WOLFSSL_DSA* dsa, int bits,
+ unsigned char* seed, int seedLen,
+ int* counterRet,
+ unsigned long* hRet, void* cb)
+{
+ int ret = SSL_FAILURE;
+
+ (void)bits;
+ (void)seed;
+ (void)seedLen;
+ (void)counterRet;
+ (void)hRet;
+ (void)cb;
+
+ WOLFSSL_ENTER("wolfSSL_DSA_generate_parameters_ex");
+
+ if (dsa == NULL || dsa->internal == NULL) {
+ WOLFSSL_MSG("Bad arguments");
+ return SSL_FAILURE;
}
+#ifdef WOLFSSL_KEY_GEN
+ {
+ int initTmpRng = 0;
+ WC_RNG *rng = NULL;
+#ifdef WOLFSSL_SMALL_STACK
+ WC_RNG *tmpRNG = NULL;
+#else
+ WC_RNG tmpRNG[1];
+#endif
+
+#ifdef WOLFSSL_SMALL_STACK
+ tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ if (tmpRNG == NULL)
+ return SSL_FATAL_ERROR;
+#endif
+ if (wc_InitRng(tmpRNG) == 0) {
+ rng = tmpRNG;
+ initTmpRng = 1;
+ }
+ else {
+ WOLFSSL_MSG("Bad RNG Init, trying global");
+ if (initGlobalRNG == 0)
+ WOLFSSL_MSG("Global RNG no Init");
+ else
+ rng = &globalRNG;
+ }
+
+ if (rng) {
+ if (wc_MakeDsaParameters(rng, bits,
+ (DsaKey*)dsa->internal) != MP_OKAY)
+ WOLFSSL_MSG("wc_MakeDsaParameters failed");
+ else if (SetDsaExternal(dsa) != SSL_SUCCESS)
+ WOLFSSL_MSG("SetDsaExternal failed");
+ else
+ ret = SSL_SUCCESS;
+ }
+
+ if (initTmpRng)
+ wc_FreeRng(tmpRNG);
+
+#ifdef WOLFSSL_SMALL_STACK
+ XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+ }
+#else /* WOLFSSL_KEY_GEN */
+ WOLFSSL_MSG("No Key Gen built in");
+#endif
+
return ret;
}
+
+/* return SSL_SUCCESS on success, < 0 otherwise */
+int wolfSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet,
+ WOLFSSL_DSA* dsa)
+{
+ int ret = SSL_FATAL_ERROR;
+ int initTmpRng = 0;
+ WC_RNG* rng = NULL;
+#ifdef WOLFSSL_SMALL_STACK
+ WC_RNG* tmpRNG = NULL;
+#else
+ WC_RNG tmpRNG[1];
+#endif
+
+ WOLFSSL_ENTER("wolfSSL_DSA_do_sign");
+
+ if (d == NULL || sigRet == NULL || dsa == NULL) {
+ WOLFSSL_MSG("Bad function arguments");
+ return ret;
+ }
+
+ if (dsa->inSet == 0)
+ {
+ WOLFSSL_MSG("No DSA internal set, do it");
+
+ if (SetDsaInternal(dsa) != SSL_SUCCESS) {
+ WOLFSSL_MSG("SetDsaInternal failed");
+ return ret;
+ }
+ }
+
+#ifdef WOLFSSL_SMALL_STACK
+ tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ if (tmpRNG == NULL)
+ return SSL_FATAL_ERROR;
+#endif
+
+ if (wc_InitRng(tmpRNG) == 0) {
+ rng = tmpRNG;
+ initTmpRng = 1;
+ }
+ else {
+ WOLFSSL_MSG("Bad RNG Init, trying global");
+ if (initGlobalRNG == 0)
+ WOLFSSL_MSG("Global RNG no Init");
+ else
+ rng = &globalRNG;
+ }
+
+ if (rng) {
+ if (DsaSign(d, sigRet, (DsaKey*)dsa->internal, rng) < 0)
+ WOLFSSL_MSG("DsaSign failed");
+ else
+ ret = SSL_SUCCESS;
+ }
+
+ if (initTmpRng)
+ wc_FreeRng(tmpRNG);
+#ifdef WOLFSSL_SMALL_STACK
+ XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
+ return ret;
+}
+
+
+int wolfSSL_DSA_do_verify(const unsigned char* d, unsigned char* sig,
+ WOLFSSL_DSA* dsa, int *dsacheck)
+{
+ int ret = SSL_FATAL_ERROR;
+
+ WOLFSSL_ENTER("wolfSSL_DSA_do_verify");
+
+ if (d == NULL || sig == NULL || dsa == NULL) {
+ WOLFSSL_MSG("Bad function arguments");
+ return SSL_FATAL_ERROR;
+ }
+ if (dsa->inSet == 0)
+ {
+ WOLFSSL_MSG("No DSA internal set, do it");
+
+ if (SetDsaInternal(dsa) != SSL_SUCCESS) {
+ WOLFSSL_MSG("SetDsaInternal failed");
+ return SSL_FATAL_ERROR;
+ }
+ }
+
+ ret = DsaVerify(d, sig, (DsaKey*)dsa->internal, dsacheck);
+ if (ret != 0 || *dsacheck != 1) {
+ WOLFSSL_MSG("DsaVerify failed");
+ return ret;
+ }
+
+ return SSL_SUCCESS;
+}
#endif /* NO_DSA */
@@ -11716,57 +12884,69 @@ int wolfSSL_RSA_sign(int type, const unsigned char* m,
unsigned int mLen, unsigned char* sigRet,
unsigned int* sigLen, WOLFSSL_RSA* rsa)
{
- word32 outLen;
- word32 signSz;
- int initTmpRng = 0;
- RNG* rng = NULL;
- int ret = 0;
+ word32 outLen;
+ word32 signSz;
+ int initTmpRng = 0;
+ WC_RNG* rng = NULL;
+ int ret = 0;
#ifdef WOLFSSL_SMALL_STACK
- RNG* tmpRNG = NULL;
- byte* encodedSig = NULL;
+ WC_RNG* tmpRNG = NULL;
+ byte* encodedSig = NULL;
#else
- RNG tmpRNG[1];
- byte encodedSig[MAX_ENCODED_SIG_SZ];
+ WC_RNG tmpRNG[1];
+ byte encodedSig[MAX_ENCODED_SIG_SZ];
#endif
WOLFSSL_MSG("wolfSSL_RSA_sign");
- if (m == NULL || sigRet == NULL || sigLen == NULL || rsa == NULL)
+ if (m == NULL || sigRet == NULL || sigLen == NULL || rsa == NULL) {
WOLFSSL_MSG("Bad function arguments");
- else if (rsa->inSet == 0)
- WOLFSSL_MSG("No RSA internal set");
- else if (type != NID_md5 && type != NID_sha1)
+ return 0;
+ }
+
+ if (type != NID_md5 && type != NID_sha1) {
WOLFSSL_MSG("Bad md type");
+ return 0;
+ }
+
+ if (rsa->inSet == 0)
+ {
+ WOLFSSL_MSG("No RSA internal set, do it");
+
+ if (SetRsaInternal(rsa) != SSL_SUCCESS) {
+ WOLFSSL_MSG("SetRsaInternal failed");
+ return 0;
+ }
+ }
+
+ outLen = (word32)wolfSSL_BN_num_bytes(rsa->n);
+
+#ifdef WOLFSSL_SMALL_STACK
+ tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ if (tmpRNG == NULL)
+ return 0;
+
+ encodedSig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ, NULL,
+ DYNAMIC_TYPE_TMP_BUFFER);
+ if (encodedSig == NULL) {
+ XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ return 0;
+ }
+#endif
+
+ if (outLen == 0)
+ WOLFSSL_MSG("Bad RSA size");
+ else if (wc_InitRng(tmpRNG) == 0) {
+ rng = tmpRNG;
+ initTmpRng = 1;
+ }
else {
- outLen = (word32)wolfSSL_BN_num_bytes(rsa->n);
+ WOLFSSL_MSG("Bad RNG Init, trying global");
- #ifdef WOLFSSL_SMALL_STACK
- tmpRNG = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (tmpRNG == NULL)
- return 0;
-
- encodedSig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ, NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (encodedSig == NULL) {
- XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- return 0;
- }
- #endif
-
- if (outLen == 0)
- WOLFSSL_MSG("Bad RSA size");
- else if (wc_InitRng(tmpRNG) == 0) {
- rng = tmpRNG;
- initTmpRng = 1;
- }
- else {
- WOLFSSL_MSG("Bad RNG Init, trying global");
-
- if (initGlobalRNG == 0)
- WOLFSSL_MSG("Global RNG no Init");
- else
- rng = &globalRNG;
- }
+ if (initGlobalRNG == 0)
+ WOLFSSL_MSG("Global RNG no Init");
+ else
+ rng = &globalRNG;
}
if (rng) {
@@ -11795,7 +12975,11 @@ int wolfSSL_RSA_sign(int type, const unsigned char* m,
XFREE(encodedSig, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
- WOLFSSL_MSG("wolfSSL_RSA_sign success");
+ if (ret == SSL_SUCCESS)
+ WOLFSSL_MSG("wolfSSL_RSA_sign success");
+ else {
+ WOLFSSL_MSG("wolfSSL_RSA_sign failed");
+ }
return ret;
}
@@ -11803,15 +12987,39 @@ int wolfSSL_RSA_sign(int type, const unsigned char* m,
int wolfSSL_RSA_public_decrypt(int flen, unsigned char* from,
unsigned char* to, WOLFSSL_RSA* rsa, int padding)
{
- (void)flen;
- (void)from;
- (void)to;
- (void)rsa;
- (void)padding;
+ int tlen = 0;
WOLFSSL_MSG("wolfSSL_RSA_public_decrypt");
- return SSL_FATAL_ERROR;
+ if (rsa == NULL || rsa->internal == NULL || from == NULL) {
+ WOLFSSL_MSG("Bad function arguments");
+ return 0;
+ }
+
+ if (padding != RSA_PKCS1_PADDING) {
+ WOLFSSL_MSG("wolfSSL_RSA_public_decrypt unsupported padding");
+ return 0;
+ }
+
+ if (rsa->inSet == 0)
+ {
+ WOLFSSL_MSG("No RSA internal set, do it");
+
+ if (SetRsaInternal(rsa) != SSL_SUCCESS) {
+ WOLFSSL_MSG("SetRsaInternal failed");
+ return 0;
+ }
+ }
+
+ /* size of 'to' buffer must be size of RSA key */
+ tlen = wc_RsaSSL_Verify(from, flen, to, wolfSSL_RSA_size(rsa),
+ (RsaKey*)rsa->internal);
+ if (tlen <= 0)
+ WOLFSSL_MSG("wolfSSL_RSA_public_decrypt failed");
+ else {
+ WOLFSSL_MSG("wolfSSL_RSA_public_decrypt success");
+ }
+ return tlen;
}
@@ -11982,7 +13190,7 @@ const WOLFSSL_EVP_MD* wolfSSL_EVP_get_digestbynid(int id)
WOLFSSL_RSA* wolfSSL_EVP_PKEY_get1_RSA(WOLFSSL_EVP_PKEY* key)
{
(void)key;
- WOLFSSL_MSG("wolfSSL_EVP_PKEY_get1_RSA");
+ WOLFSSL_MSG("wolfSSL_EVP_PKEY_get1_RSA not implemented");
return NULL;
}
@@ -11991,7 +13199,16 @@ WOLFSSL_RSA* wolfSSL_EVP_PKEY_get1_RSA(WOLFSSL_EVP_PKEY* key)
WOLFSSL_DSA* wolfSSL_EVP_PKEY_get1_DSA(WOLFSSL_EVP_PKEY* key)
{
(void)key;
- WOLFSSL_MSG("wolfSSL_EVP_PKEY_get1_DSA");
+ WOLFSSL_MSG("wolfSSL_EVP_PKEY_get1_DSA not implemented");
+
+ return NULL;
+}
+
+
+WOLFSSL_EC_KEY* wolfSSL_EVP_PKEY_get1_EC_KEY(WOLFSSL_EVP_PKEY* key)
+{
+ (void)key;
+ WOLFSSL_MSG("wolfSSL_EVP_PKEY_get1_EC_KEY not implemented");
return NULL;
}
@@ -12100,12 +13317,14 @@ int wolfSSL_EVP_MD_size(const WOLFSSL_EVP_MD* type)
return BAD_FUNC_ARG;
}
- if (XSTRNCMP(type, "MD5", 3) == 0) {
- return MD5_DIGEST_SIZE;
- }
- else if (XSTRNCMP(type, "SHA256", 6) == 0) {
+ if (XSTRNCMP(type, "SHA256", 6) == 0) {
return SHA256_DIGEST_SIZE;
}
+#ifndef NO_MD5
+ else if (XSTRNCMP(type, "MD5", 3) == 0) {
+ return MD5_DIGEST_SIZE;
+ }
+#endif
#ifdef WOLFSSL_SHA384
else if (XSTRNCMP(type, "SHA384", 6) == 0) {
return SHA384_DIGEST_SIZE;
@@ -12116,10 +13335,12 @@ int wolfSSL_EVP_MD_size(const WOLFSSL_EVP_MD* type)
return SHA512_DIGEST_SIZE;
}
#endif
+#ifndef NO_SHA
/* has to be last since would pick or 256, 384, or 512 too */
else if (XSTRNCMP(type, "SHA", 3) == 0) {
return SHA_DIGEST_SIZE;
}
+#endif
return BAD_FUNC_ARG;
}
@@ -12176,11 +13397,259 @@ void wolfSSL_OPENSSL_free(void* p)
XFREE(p, NULL, 0);
}
+#if defined(WOLFSSL_KEY_GEN)
+
+static int EncryptDerKey(byte *der, int *derSz, const EVP_CIPHER* cipher,
+ unsigned char* passwd, int passwdSz, byte **cipherInfo)
+{
+ int ret, paddingSz;
+ word32 idx, cipherInfoSz;
+#ifdef WOLFSSL_SMALL_STACK
+ EncryptedInfo* info = NULL;
+#else
+ EncryptedInfo info[1];
+#endif
+
+ WOLFSSL_ENTER("EncryptDerKey");
+
+ if (der == NULL || derSz == NULL || cipher == NULL ||
+ passwd == NULL || cipherInfo == NULL)
+ return BAD_FUNC_ARG;
+
+#ifdef WOLFSSL_SMALL_STACK
+ info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL,
+ DYNAMIC_TYPE_TMP_BUFFER);
+ if (info == NULL) {
+ WOLFSSL_MSG("malloc failed");
+ return SSL_FAILURE;
+ }
+#endif
+ info->set = 0;
+ info->ctx = NULL;
+ info->consumed = 0;
+
+ /* set iv size */
+ if (XSTRNCMP(cipher, "DES", 3) == 0)
+ info->ivSz = DES_IV_SIZE;
+ else if (XSTRNCMP(cipher, "AES", 3) == 0)
+ info->ivSz = AES_IV_SIZE;
+ else {
+ WOLFSSL_MSG("unsupported cipher");
+#ifdef WOLFSSL_SMALL_STACK
+ XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+ return SSL_FAILURE;
+ }
+
+ /* set the cipher name on info */
+ XSTRNCPY(info->name, cipher, NAME_SZ);
+
+ /* Generate a random salt */
+ if (wolfSSL_RAND_bytes(info->iv, info->ivSz) != SSL_SUCCESS) {
+ WOLFSSL_MSG("generate iv failed");
+#ifdef WOLFSSL_SMALL_STACK
+ XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+ return SSL_FAILURE;
+ }
+
+ /* add the padding before encryption */
+ paddingSz = ((*derSz)/info->ivSz + 1) * info->ivSz - (*derSz);
+ if (paddingSz == 0)
+ paddingSz = info->ivSz;
+ XMEMSET(der+(*derSz), (byte)paddingSz, paddingSz);
+ (*derSz) += paddingSz;
+
+ /* encrypt buffer */
+ if (wolfssl_encrypt_buffer_key(der, *derSz,
+ passwd, passwdSz, info) != SSL_SUCCESS) {
+ WOLFSSL_MSG("encrypt key failed");
+#ifdef WOLFSSL_SMALL_STACK
+ XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+ return SSL_FAILURE;
+ }
+
+ /* create cipher info : 'cipher_name,Salt(hex)' */
+ cipherInfoSz = (word32)(2*info->ivSz + XSTRLEN(info->name) + 2);
+ *cipherInfo = (byte*)XMALLOC(cipherInfoSz, NULL,
+ DYNAMIC_TYPE_TMP_BUFFER);
+ if (*cipherInfo == NULL) {
+ WOLFSSL_MSG("malloc failed");
+#ifdef WOLFSSL_SMALL_STACK
+ XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+ return SSL_FAILURE;
+ }
+ XSTRNCPY((char*)*cipherInfo, info->name, cipherInfoSz);
+ XSTRNCAT((char*)*cipherInfo, ",", 1);
+
+ idx = (word32)XSTRLEN((char*)*cipherInfo);
+ cipherInfoSz -= idx;
+ ret = Base16_Encode(info->iv, info->ivSz, *cipherInfo+idx, &cipherInfoSz);
+
+#ifdef WOLFSSL_SMALL_STACK
+ XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+ if (ret != 0) {
+ WOLFSSL_MSG("Base16_Encode failed");
+ XFREE(*cipherInfo, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ return SSL_FAILURE;
+ }
+
+ return SSL_SUCCESS;
+}
+#endif /* defined(WOLFSSL_KEY_GEN) */
+
+#if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA)
+
+/* return code compliant with OpenSSL :
+ * 1 if success, 0 if error
+ */
+int wolfSSL_PEM_write_mem_RSAPrivateKey(RSA* rsa, const EVP_CIPHER* cipher,
+ unsigned char* passwd, int passwdSz,
+ unsigned char **pem, int *plen)
+{
+ byte *der, *tmp, *cipherInfo = NULL;
+ int der_max_len = 0, derSz = 0;
+
+ WOLFSSL_ENTER("wolfSSL_PEM_write_mem_RSAPrivateKey");
+
+ if (pem == NULL || plen == NULL || rsa == NULL || rsa->internal == NULL) {
+ WOLFSSL_MSG("Bad function arguments");
+ return SSL_FAILURE;
+ }
+
+ if (rsa->inSet == 0) {
+ WOLFSSL_MSG("No RSA internal set, do it");
+
+ if (SetRsaInternal(rsa) != SSL_SUCCESS) {
+ WOLFSSL_MSG("SetRsaInternal failed");
+ return SSL_FAILURE;
+ }
+ }
+
+ /* 5 > size of n, d, p, q, d%(p-1), d(q-1), 1/q%p, e + ASN.1 additionnal
+ * informations
+ */
+ der_max_len = 5 * wolfSSL_RSA_size(rsa) + AES_BLOCK_SIZE;
+
+ der = (byte*)XMALLOC(der_max_len, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ if (der == NULL) {
+ WOLFSSL_MSG("malloc failed");
+ return SSL_FAILURE;
+ }
+
+ /* Key to DER */
+ derSz = wc_RsaKeyToDer((RsaKey*)rsa->internal, der, der_max_len);
+ if (derSz < 0) {
+ WOLFSSL_MSG("wc_RsaKeyToDer failed");
+ XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ return SSL_FAILURE;
+ }
+
+ /* encrypt DER buffer if required */
+ if (passwd != NULL && passwdSz > 0 && cipher != NULL) {
+ int ret;
+
+ ret = EncryptDerKey(der, &derSz, cipher,
+ passwd, passwdSz, &cipherInfo);
+ if (ret != SSL_SUCCESS) {
+ WOLFSSL_MSG("EncryptDerKey failed");
+ XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ return ret;
+ }
+
+ /* tmp buffer with a max size */
+ *plen = (derSz * 2) + sizeof(BEGIN_RSA_PRIV) +
+ sizeof(END_RSA_PRIV) + HEADER_ENCRYPTED_KEY_SIZE;
+ }
+ else /* tmp buffer with a max size */
+ *plen = (derSz * 2) + sizeof(BEGIN_RSA_PRIV) + sizeof(END_RSA_PRIV);
+
+ tmp = (byte*)XMALLOC(*plen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ if (tmp == NULL) {
+ WOLFSSL_MSG("malloc failed");
+ XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ if (cipherInfo != NULL)
+ XFREE(cipherInfo, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ return SSL_FAILURE;
+ }
+
+ /* DER to PEM */
+ *plen = wc_DerToPemEx(der, derSz, tmp, *plen, cipherInfo, PRIVATEKEY_TYPE);
+ if (*plen <= 0) {
+ WOLFSSL_MSG("wc_DerToPemEx failed");
+ XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ if (cipherInfo != NULL)
+ XFREE(cipherInfo, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ return SSL_FAILURE;
+ }
+ XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ if (cipherInfo != NULL)
+ XFREE(cipherInfo, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+
+ *pem = (byte*)XMALLOC((*plen)+1, NULL, DYNAMIC_TYPE_OUT_BUFFER);
+ if (*pem == NULL) {
+ WOLFSSL_MSG("malloc failed");
+ XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ return SSL_FAILURE;
+ }
+ XMEMSET(*pem, 0, (*plen)+1);
+
+ if (XMEMCPY(*pem, tmp, *plen) == NULL) {
+ WOLFSSL_MSG("memcpy failed");
+ XFREE(pem, NULL, DYNAMIC_TYPE_OUT_BUFFER);
+ XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ return SSL_FAILURE;
+ }
+ XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+
+ return SSL_SUCCESS;
+}
+
+/* return code compliant with OpenSSL :
+ * 1 if success, 0 if error
+ */
+int wolfSSL_PEM_write_RSAPrivateKey(FILE *fp, WOLFSSL_RSA *rsa,
+ const EVP_CIPHER *enc,
+ unsigned char *kstr, int klen,
+ pem_password_cb *cb, void *u)
+{
+ byte *pem;
+ int plen, ret;
+
+ (void)cb;
+ (void)u;
+
+ WOLFSSL_MSG("wolfSSL_PEM_write_RSAPrivateKey");
+
+ if (fp == NULL || rsa == NULL || rsa->internal == NULL) {
+ WOLFSSL_MSG("Bad function arguments");
+ return SSL_FAILURE;
+ }
+
+ ret = wolfSSL_PEM_write_mem_RSAPrivateKey(rsa, enc, kstr, klen, &pem, &plen);
+ if (ret != SSL_SUCCESS) {
+ WOLFSSL_MSG("wolfSSL_PEM_write_mem_RSAPrivateKey failed");
+ return SSL_FAILURE;
+ }
+
+ ret = (int)XFWRITE(pem, plen, 1, fp);
+ if (ret != 1) {
+ WOLFSSL_MSG("RSA private key file write failed");
+ return SSL_FAILURE;
+ }
+
+ XFREE(pem, NULL, DYNAMIC_TYPE_OUT_BUFFER);
+ return SSL_SUCCESS;
+}
int wolfSSL_PEM_write_bio_RSAPrivateKey(WOLFSSL_BIO* bio, RSA* rsa,
- const EVP_CIPHER* cipher,
- unsigned char* passwd, int len,
- pem_password_cb cb, void* arg)
+ const EVP_CIPHER* cipher,
+ unsigned char* passwd, int len,
+ pem_password_cb cb, void* arg)
{
(void)bio;
(void)rsa;
@@ -12190,32 +13659,1554 @@ int wolfSSL_PEM_write_bio_RSAPrivateKey(WOLFSSL_BIO* bio, RSA* rsa,
(void)cb;
(void)arg;
- WOLFSSL_MSG("wolfSSL_PEM_write_bio_RSAPrivateKey");
+ WOLFSSL_MSG("wolfSSL_PEM_write_bio_RSAPrivateKey not implemented");
+
+ return SSL_FAILURE;
+}
+#endif /* defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) */
+
+#ifdef HAVE_ECC
+
+/* EC_POINT Openssl -> WolfSSL */
+static int SetECPointInternal(WOLFSSL_EC_POINT *p)
+{
+ ecc_point* point;
+ WOLFSSL_ENTER("SetECPointInternal");
+
+ if (p == NULL || p->internal == NULL) {
+ WOLFSSL_MSG("ECPoint NULL error");
+ return SSL_FATAL_ERROR;
+ }
+
+ point = (ecc_point*)p->internal;
+
+ if (p->X != NULL && SetIndividualInternal(p->X, point->x) != SSL_SUCCESS) {
+ WOLFSSL_MSG("ecc point X error");
+ return SSL_FATAL_ERROR;
+ }
+
+ if (p->Y != NULL && SetIndividualInternal(p->Y, point->y) != SSL_SUCCESS) {
+ WOLFSSL_MSG("ecc point Y error");
+ return SSL_FATAL_ERROR;
+ }
+
+ if (p->Z != NULL && SetIndividualInternal(p->Z, point->z) != SSL_SUCCESS) {
+ WOLFSSL_MSG("ecc point Z error");
+ return SSL_FATAL_ERROR;
+ }
+
+ p->inSet = 1;
+
+ return SSL_SUCCESS;
+}
+
+/* EC_POINT WolfSSL -> OpenSSL */
+static int SetECPointExternal(WOLFSSL_EC_POINT *p)
+{
+ ecc_point* point;
+
+ WOLFSSL_ENTER("SetECPointExternal");
+
+ if (p == NULL || p->internal == NULL) {
+ WOLFSSL_MSG("ECPoint NULL error");
+ return SSL_FATAL_ERROR;
+ }
+
+ point = (ecc_point*)p->internal;
+
+ if (SetIndividualExternal(&p->X, point->x) != SSL_SUCCESS) {
+ WOLFSSL_MSG("ecc point X error");
+ return SSL_FATAL_ERROR;
+ }
+
+ if (SetIndividualExternal(&p->Y, point->y) != SSL_SUCCESS) {
+ WOLFSSL_MSG("ecc point Y error");
+ return SSL_FATAL_ERROR;
+ }
+
+ if (SetIndividualExternal(&p->Z, point->z) != SSL_SUCCESS) {
+ WOLFSSL_MSG("ecc point Z error");
+ return SSL_FATAL_ERROR;
+ }
+
+ p->exSet = 1;
+
+ return SSL_SUCCESS;
+}
+
+/* EC_KEY wolfSSL -> OpenSSL */
+static int SetECKeyExternal(WOLFSSL_EC_KEY* eckey)
+{
+ ecc_key* key;
+
+ WOLFSSL_ENTER("SetECKeyExternal");
+
+ if (eckey == NULL || eckey->internal == NULL) {
+ WOLFSSL_MSG("ec key NULL error");
+ return SSL_FATAL_ERROR;
+ }
+
+ key = (ecc_key*)eckey->internal;
+
+ /* set group (nid and idx) */
+ eckey->group->curve_nid = ecc_sets[key->idx].nid;
+ eckey->group->curve_idx = key->idx;
+
+ if (eckey->pub_key->internal != NULL) {
+ /* set the internal public key */
+ if (wc_ecc_copy_point(&key->pubkey,
+ (ecc_point*)eckey->pub_key->internal) != MP_OKAY) {
+ WOLFSSL_MSG("SetECKeyExternal ecc_copy_point failed");
+ return SSL_FATAL_ERROR;
+ }
+
+ /* set the external pubkey (point) */
+ if (SetECPointExternal(eckey->pub_key) != SSL_SUCCESS) {
+ WOLFSSL_MSG("SetECKeyExternal SetECPointExternal failed");
+ return SSL_FATAL_ERROR;
+ }
+ }
+
+ /* set the external privkey */
+ if (key->type == ECC_PRIVATEKEY) {
+ if (SetIndividualExternal(&eckey->priv_key, &key->k) != SSL_SUCCESS) {
+ WOLFSSL_MSG("ec priv key error");
+ return SSL_FATAL_ERROR;
+ }
+ }
+
+ eckey->exSet = 1;
+
+ return SSL_SUCCESS;
+}
+
+/* EC_KEY Openssl -> WolfSSL */
+static int SetECKeyInternal(WOLFSSL_EC_KEY* eckey)
+{
+ ecc_key* key;
+
+ WOLFSSL_ENTER("SetECKeyInternal");
+
+ if (eckey == NULL || eckey->internal == NULL) {
+ WOLFSSL_MSG("ec key NULL error");
+ return SSL_FATAL_ERROR;
+ }
+
+ key = (ecc_key*)eckey->internal;
+
+ /* validate group */
+ if ((eckey->group->curve_idx < 0) ||
+ (wc_ecc_is_valid_idx(eckey->group->curve_idx) == 0)) {
+ WOLFSSL_MSG("invalid curve idx");
+ return SSL_FATAL_ERROR;
+ }
+
+ /* set group (idx of curve and corresponding domain parameters) */
+ key->idx = eckey->group->curve_idx;
+ key->dp = &ecc_sets[key->idx];
+
+ /* set pubkey (point) */
+ if (eckey->pub_key != NULL) {
+ if (SetECPointInternal(eckey->pub_key) != SSL_SUCCESS) {
+ WOLFSSL_MSG("ec key pub error");
+ return SSL_FATAL_ERROR;
+ }
+
+ /* public key */
+ key->type = ECC_PUBLICKEY;
+ }
+
+ /* set privkey */
+ if (eckey->priv_key != NULL) {
+ if (SetIndividualInternal(eckey->priv_key, &key->k) != SSL_SUCCESS) {
+ WOLFSSL_MSG("ec key priv error");
+ return SSL_FATAL_ERROR;
+ }
+
+ /* private key */
+ key->type = ECC_PRIVATEKEY;
+ }
+
+ eckey->inSet = 1;
+
+ return SSL_SUCCESS;
+}
+
+WOLFSSL_EC_POINT *wolfSSL_EC_KEY_get0_public_key(const WOLFSSL_EC_KEY *key)
+{
+ WOLFSSL_ENTER("wolfSSL_EC_KEY_get0_public_key");
+
+ if (key == NULL) {
+ WOLFSSL_MSG("wolfSSL_EC_KEY_get0_group Bad arguments");
+ return NULL;
+ }
+
+ return key->pub_key;
+}
+
+const WOLFSSL_EC_GROUP *wolfSSL_EC_KEY_get0_group(const WOLFSSL_EC_KEY *key)
+{
+ WOLFSSL_ENTER("wolfSSL_EC_KEY_get0_group");
+
+ if (key == NULL) {
+ WOLFSSL_MSG("wolfSSL_EC_KEY_get0_group Bad arguments");
+ return NULL;
+ }
+
+ return key->group;
+}
+
+
+/* return code compliant with OpenSSL :
+ * 1 if success, 0 if error
+ */
+int wolfSSL_EC_KEY_set_private_key(WOLFSSL_EC_KEY *key,
+ const WOLFSSL_BIGNUM *priv_key)
+{
+ WOLFSSL_ENTER("wolfSSL_EC_KEY_set_private_key");
+
+ if (key == NULL || priv_key == NULL) {
+ WOLFSSL_MSG("Bad arguments");
+ return SSL_FAILURE;
+ }
+
+ /* free key if previously set */
+ if (key->priv_key != NULL)
+ wolfSSL_BN_free(key->priv_key);
+
+ key->priv_key = wolfSSL_BN_dup(priv_key);
+ if (key->priv_key == NULL) {
+ WOLFSSL_MSG("key ecc priv key NULL");
+ return SSL_FAILURE;
+ }
+
+ if (SetECKeyInternal(key) != SSL_SUCCESS) {
+ WOLFSSL_MSG("SetECKeyInternal failed");
+ wolfSSL_BN_free(key->priv_key);
+ return SSL_FAILURE;
+ }
+
+ return SSL_SUCCESS;
+}
+
+
+WOLFSSL_BIGNUM *wolfSSL_EC_KEY_get0_private_key(const WOLFSSL_EC_KEY *key)
+{
+ WOLFSSL_ENTER("wolfSSL_EC_KEY_get0_private_key");
+
+ if (key == NULL) {
+ WOLFSSL_MSG("wolfSSL_EC_KEY_get0_private_key Bad arguments");
+ return NULL;
+ }
+
+ return key->priv_key;
+}
+
+WOLFSSL_EC_KEY *wolfSSL_EC_KEY_new_by_curve_name(int nid)
+{
+ WOLFSSL_EC_KEY *key;
+ int x;
+
+ WOLFSSL_ENTER("wolfSSL_EC_KEY_new_by_curve_name");
+
+ key = wolfSSL_EC_KEY_new();
+ if (key == NULL) {
+ WOLFSSL_MSG("wolfSSL_EC_KEY_new failure");
+ return NULL;
+ }
+
+ /* set the nid of the curve */
+ key->group->curve_nid = nid;
+
+ /* search and set the corresponding internal curve idx */
+ for (x = 0; ecc_sets[x].size != 0; x++)
+ if (ecc_sets[x].nid == key->group->curve_nid) {
+ key->group->curve_idx = x;
+ break;
+ }
+
+ return key;
+}
+
+static void InitwolfSSL_ECKey(WOLFSSL_EC_KEY* key)
+{
+ if (key) {
+ key->group = NULL;
+ key->pub_key = NULL;
+ key->priv_key = NULL;
+ key->internal = NULL;
+ key->inSet = 0;
+ key->exSet = 0;
+ }
+}
+
+WOLFSSL_EC_KEY *wolfSSL_EC_KEY_new(void)
+{
+ WOLFSSL_EC_KEY *external;
+ ecc_key* key;
+
+ WOLFSSL_ENTER("wolfSSL_EC_KEY_new");
+
+ external = (WOLFSSL_EC_KEY*)XMALLOC(sizeof(WOLFSSL_EC_KEY), NULL,
+ DYNAMIC_TYPE_ECC);
+ if (external == NULL) {
+ WOLFSSL_MSG("wolfSSL_EC_KEY_new malloc WOLFSSL_EC_KEY failure");
+ return NULL;
+ }
+ XMEMSET(external, 0, sizeof(WOLFSSL_EC_KEY));
+
+ InitwolfSSL_ECKey(external);
+
+ external->internal = (ecc_key*)XMALLOC(sizeof(ecc_key), NULL,
+ DYNAMIC_TYPE_ECC);
+ if (external->internal == NULL) {
+ WOLFSSL_MSG("wolfSSL_EC_KEY_new malloc ecc key failure");
+ wolfSSL_EC_KEY_free(external);
+ return NULL;
+ }
+ XMEMSET(external->internal, 0, sizeof(ecc_key));
+
+ wc_ecc_init((ecc_key*)external->internal);
+
+ /* public key */
+ external->pub_key = (WOLFSSL_EC_POINT*)XMALLOC(sizeof(WOLFSSL_EC_POINT),
+ NULL, DYNAMIC_TYPE_ECC);
+ if (external->pub_key == NULL) {
+ WOLFSSL_MSG("wolfSSL_EC_KEY_new malloc WOLFSSL_EC_POINT failure");
+ wolfSSL_EC_KEY_free(external);
+ return NULL;
+ }
+ XMEMSET(external->pub_key, 0, sizeof(WOLFSSL_EC_POINT));
+
+ key = (ecc_key*)external->internal;
+ external->pub_key->internal = (ecc_point*)&key->pubkey;
+
+ /* curve group */
+ external->group = (WOLFSSL_EC_GROUP*)XMALLOC(sizeof(WOLFSSL_EC_GROUP), NULL,
+ DYNAMIC_TYPE_ECC);
+ if (external->group == NULL) {
+ WOLFSSL_MSG("wolfSSL_EC_KEY_new malloc WOLFSSL_EC_GROUP failure");
+ wolfSSL_EC_KEY_free(external);
+ return NULL;
+ }
+ XMEMSET(external->group, 0, sizeof(WOLFSSL_EC_GROUP));
+
+ /* private key */
+ external->priv_key = wolfSSL_BN_new();
+ if (external->priv_key == NULL) {
+ WOLFSSL_MSG("wolfSSL_BN_new failure");
+ wolfSSL_EC_KEY_free(external);
+ return NULL;
+ }
+
+ return external;
+}
+
+void wolfSSL_EC_KEY_free(WOLFSSL_EC_KEY *key)
+{
+ WOLFSSL_ENTER("wolfSSL_EC_KEY_free");
+
+ if (key != NULL) {
+ if (key->internal != NULL) {
+ wc_ecc_free((ecc_key*)key->internal);
+ XFREE(key->internal, NULL, DYNAMIC_TYPE_ECC);
+ }
+ wolfSSL_BN_free(key->priv_key);
+ wolfSSL_EC_POINT_free(key->pub_key);
+ wolfSSL_EC_GROUP_free(key->group);
+ InitwolfSSL_ECKey(key); /* set back to NULLs for safety */
+
+ XFREE(key, NULL, DYNAMIC_TYPE_ECC);
+ key = NULL;
+ }
+}
+
+int wolfSSL_EC_KEY_set_group(WOLFSSL_EC_KEY *key, WOLFSSL_EC_GROUP *group)
+{
+ (void)key;
+ (void)group;
+
+ WOLFSSL_ENTER("wolfSSL_EC_KEY_set_group");
+ WOLFSSL_MSG("wolfSSL_EC_KEY_set_group TBD");
+
+ return -1;
+}
+
+int wolfSSL_EC_KEY_generate_key(WOLFSSL_EC_KEY *key)
+{
+ int initTmpRng = 0;
+ WC_RNG* rng = NULL;
+#ifdef WOLFSSL_SMALL_STACK
+ WC_RNG* tmpRNG = NULL;
+#else
+ WC_RNG tmpRNG[1];
+#endif
+
+ WOLFSSL_ENTER("wolfSSL_EC_KEY_generate_key");
+
+ if (key == NULL || key->internal == NULL ||
+ key->group == NULL || key->group->curve_idx < 0) {
+ WOLFSSL_MSG("wolfSSL_EC_KEY_generate_key Bad arguments");
+ return 0;
+ }
+
+#ifdef WOLFSSL_SMALL_STACK
+ tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ if (tmpRNG == NULL)
+ return 0;
+#endif
+
+ if (wc_InitRng(tmpRNG) == 0) {
+ rng = tmpRNG;
+ initTmpRng = 1;
+ }
+ else {
+ WOLFSSL_MSG("Bad RNG Init, trying global");
+ if (initGlobalRNG == 0)
+ WOLFSSL_MSG("Global RNG no Init");
+ else
+ rng = &globalRNG;
+ }
+
+ if (rng == NULL) {
+ WOLFSSL_MSG("wolfSSL_EC_KEY_generate_key failed to set RNG");
+#ifdef WOLFSSL_SMALL_STACK
+ XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+ return 0;
+ }
+
+ if (wc_ecc_make_key(rng, ecc_sets[key->group->curve_idx].size,
+ (ecc_key*)key->internal) != MP_OKAY) {
+ WOLFSSL_MSG("wolfSSL_EC_KEY_generate_key wc_ecc_make_key failed");
+#ifdef WOLFSSL_SMALL_STACK
+ XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+ return 0;
+ }
+
+ if (initTmpRng)
+ wc_FreeRng(tmpRNG);
+#ifdef WOLFSSL_SMALL_STACK
+ XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
+ if (SetECKeyExternal(key) != SSL_SUCCESS) {
+ WOLFSSL_MSG("wolfSSL_EC_KEY_generate_key SetECKeyExternal failed");
+ return 0;
+ }
+
+ return 1;
+}
+
+void wolfSSL_EC_KEY_set_asn1_flag(WOLFSSL_EC_KEY *key, int asn1_flag)
+{
+ (void)key;
+ (void)asn1_flag;
+
+ WOLFSSL_ENTER("wolfSSL_EC_KEY_set_asn1_flag");
+ WOLFSSL_MSG("wolfSSL_EC_KEY_set_asn1_flag TBD");
+}
+
+/* return code compliant with OpenSSL :
+ * 1 if success, 0 if error
+ */
+int wolfSSL_EC_KEY_set_public_key(WOLFSSL_EC_KEY *key,
+ const WOLFSSL_EC_POINT *pub)
+{
+ ecc_point *pub_p, *key_p;
+
+ WOLFSSL_ENTER("wolfSSL_EC_KEY_set_public_key");
+
+ if (key == NULL || key->internal == NULL ||
+ pub == NULL || pub->internal == NULL) {
+ WOLFSSL_MSG("wolfSSL_EC_GROUP_get_order Bad arguments");
+ return SSL_FAILURE;
+ }
+
+ if (key->inSet == 0) {
+ if (SetECKeyInternal(key) != SSL_SUCCESS) {
+ WOLFSSL_MSG("SetECKeyInternal failed");
+ return SSL_FAILURE;
+ }
+ }
+
+ if (pub->inSet == 0) {
+ if (SetECPointInternal((WOLFSSL_EC_POINT *)pub) != SSL_SUCCESS) {
+ WOLFSSL_MSG("SetECPointInternal failed");
+ return SSL_FAILURE;
+ }
+ }
+
+ pub_p = (ecc_point*)pub->internal;
+ key_p = (ecc_point*)key->pub_key->internal;
+
+ /* create new point if required */
+ if (key_p == NULL)
+ key_p = wc_ecc_new_point();
+
+ if (key_p == NULL) {
+ WOLFSSL_MSG("key ecc point NULL");
+ return SSL_FAILURE;
+ }
+
+ if (wc_ecc_copy_point(pub_p, key_p) != MP_OKAY) {
+ WOLFSSL_MSG("ecc_copy_point failure");
+ return SSL_FAILURE;
+ }
+
+ if (SetECKeyExternal(key) != SSL_SUCCESS) {
+ WOLFSSL_MSG("SetECKeyInternal failed");
+ return SSL_FAILURE;
+ }
+
+#ifdef DEBUG_WOLFSSL
+ wolfssl_EC_POINT_dump("pub", pub);
+ wolfssl_EC_POINT_dump("key->pub_key", key->pub_key);
+#endif
+ return SSL_SUCCESS;
+}
+/* End EC_KEY */
+
+#ifdef DEBUG_WOLFSSL
+void wolfssl_EC_POINT_dump(const char *msg, const WOLFSSL_EC_POINT *p)
+{
+ char *num;
+
+ WOLFSSL_ENTER("wolfssl_EC_POINT_dump");
+
+ if (p == NULL) {
+ fprintf(stderr, "%s = NULL", msg);
+ return ;
+ }
+
+ fprintf(stderr, "%s:\n\tinSet=%d, exSet=%d\n", msg, p->inSet, p->exSet);
+ num = wolfSSL_BN_bn2hex(p->X);
+ fprintf(stderr, "\tX = %s\n", num);
+ XFREE(num, NULL, DYNAMIC_TYPE_ECC);
+ num = wolfSSL_BN_bn2hex(p->Y);
+ fprintf(stderr, "\tY = %s\n", num);
+ XFREE(num, NULL, DYNAMIC_TYPE_ECC);
+}
+#endif
+
+/* Start EC_GROUP */
+
+/* return code compliant with OpenSSL :
+ * 0 if equal, 1 if not and -1 in case of error
+ */
+int wolfSSL_EC_GROUP_cmp(const WOLFSSL_EC_GROUP *a, const WOLFSSL_EC_GROUP *b,
+ WOLFSSL_BN_CTX *ctx)
+{
+ (void)ctx;
+
+ WOLFSSL_ENTER("wolfSSL_EC_GROUP_cmp");
+
+ if (a == NULL || b == NULL) {
+ WOLFSSL_MSG("wolfSSL_EC_GROUP_cmp Bad arguments");
+ return SSL_FATAL_ERROR;
+ }
+
+ /* ok */
+ if ((a->curve_idx == b->curve_idx) && (a->curve_nid == b->curve_nid))
+ return 0;
+
+ /* ko */
+ return 1;
+}
+
+void wolfSSL_EC_GROUP_free(WOLFSSL_EC_GROUP *group)
+{
+ WOLFSSL_ENTER("wolfSSL_EC_GROUP_free");
+
+ XFREE(group, NULL, DYNAMIC_TYPE_ECC);
+ group = NULL;
+}
+
+void wolfSSL_EC_GROUP_set_asn1_flag(WOLFSSL_EC_GROUP *group, int flag)
+{
+ (void)group;
+ (void)flag;
+
+ WOLFSSL_ENTER("wolfSSL_EC_GROUP_set_asn1_flag");
+ WOLFSSL_MSG("wolfSSL_EC_GROUP_set_asn1_flag TBD");
+}
+
+WOLFSSL_EC_GROUP *wolfSSL_EC_GROUP_new_by_curve_name(int nid)
+{
+ WOLFSSL_EC_GROUP *g;
+ int x;
+
+ WOLFSSL_ENTER("wolfSSL_EC_GROUP_new_by_curve_name");
+
+ /* curve group */
+ g = (WOLFSSL_EC_GROUP*) XMALLOC(sizeof(WOLFSSL_EC_GROUP), NULL,
+ DYNAMIC_TYPE_ECC);
+ if (g == NULL) {
+ WOLFSSL_MSG("wolfSSL_EC_GROUP_new_by_curve_name malloc failure");
+ return NULL;
+ }
+ XMEMSET(g, 0, sizeof(WOLFSSL_EC_GROUP));
+
+ /* set the nid of the curve */
+ g->curve_nid = nid;
+
+ /* search and set the corresponding internal curve idx */
+ for (x = 0; ecc_sets[x].size != 0; x++)
+ if (ecc_sets[x].nid == g->curve_nid) {
+ g->curve_idx = x;
+ break;
+ }
+
+ return g;
+}
+
+/* return code compliant with OpenSSL :
+ * the curve nid if success, 0 if error
+ */
+int wolfSSL_EC_GROUP_get_curve_name(const WOLFSSL_EC_GROUP *group)
+{
+ WOLFSSL_ENTER("wolfSSL_EC_GROUP_get_curve_name");
+
+ if (group == NULL) {
+ WOLFSSL_MSG("wolfSSL_EC_GROUP_get_curve_name Bad arguments");
+ return SSL_FAILURE;
+ }
+
+ return group->curve_nid;
+}
+
+/* return code compliant with OpenSSL :
+ * the degree of the curve if success, 0 if error
+ */
+int wolfSSL_EC_GROUP_get_degree(const WOLFSSL_EC_GROUP *group)
+{
+ WOLFSSL_ENTER("wolfSSL_EC_GROUP_get_degree");
+
+ if (group == NULL || group->curve_idx < 0) {
+ WOLFSSL_MSG("wolfSSL_EC_GROUP_get_degree Bad arguments");
+ return SSL_FAILURE;
+ }
+
+ switch(group->curve_nid) {
+ case NID_X9_62_prime256v1:
+ return 256;
+ break;
+ case NID_secp384r1:
+ return 384;
+ break;
+ case NID_secp521r1:
+ return 521;
+ break;
+ default :
+ return SSL_FAILURE;
+ break;
+ }
+}
+
+/* return code compliant with OpenSSL :
+ * 1 if success, 0 if error
+ */
+int wolfSSL_EC_GROUP_get_order(const WOLFSSL_EC_GROUP *group,
+ WOLFSSL_BIGNUM *order, WOLFSSL_BN_CTX *ctx)
+{
+ (void)ctx;
+
+ if (group == NULL || order == NULL || order->internal == NULL) {
+ WOLFSSL_MSG("wolfSSL_EC_GROUP_get_order NULL error");
+ return SSL_FAILURE;
+ }
+
+ if (mp_init((mp_int*)order->internal) != MP_OKAY) {
+ WOLFSSL_MSG("wolfSSL_EC_GROUP_get_order mp_init failure");
+ return SSL_FAILURE;
+ }
+
+ if (mp_read_radix((mp_int*)order->internal,
+ ecc_sets[group->curve_idx].order, 16) != MP_OKAY) {
+ WOLFSSL_MSG("wolfSSL_EC_GROUP_get_order mp_read order failure");
+ mp_clear((mp_int*)order->internal);
+ return SSL_FAILURE;
+ }
+
+ return SSL_SUCCESS;
+}
+/* End EC_GROUP */
+
+/* Start EC_POINT */
+
+/* return code compliant with OpenSSL :
+ * 1 if success, 0 if error
+ */
+int wolfSSL_ECPoint_i2d(const WOLFSSL_EC_GROUP *group,
+ const WOLFSSL_EC_POINT *p,
+ unsigned char *out, unsigned int *len)
+{
+ int err;
+
+ WOLFSSL_ENTER("wolfSSL_ECPoint_i2d");
+
+ if (group == NULL || p == NULL || len == NULL) {
+ WOLFSSL_MSG("wolfSSL_ECPoint_i2d NULL error");
+ return SSL_FAILURE;
+ }
+
+ if (p->inSet == 0) {
+ WOLFSSL_MSG("No ECPoint internal set, do it");
+
+ if (SetECPointInternal((WOLFSSL_EC_POINT *)p) != SSL_SUCCESS) {
+ WOLFSSL_MSG("SetECPointInternal SetECPointInternal failed");
+ return SSL_FAILURE;
+ }
+ }
+
+#ifdef DEBUG_WOLFSSL
+ if (out != NULL)
+ wolfssl_EC_POINT_dump("i2d p", p);
+#endif
+ err = wc_ecc_export_point_der(group->curve_idx, (ecc_point*)p->internal,
+ out, len);
+ if (err != MP_OKAY && !(out == NULL && err == LENGTH_ONLY_E)) {
+ WOLFSSL_MSG("wolfSSL_ECPoint_i2d wc_ecc_export_point_der failed");
+ return SSL_FAILURE;
+ }
+
+ return SSL_SUCCESS;
+}
+
+/* return code compliant with OpenSSL :
+ * 1 if success, 0 if error
+ */
+int wolfSSL_ECPoint_d2i(unsigned char *in, unsigned int len,
+ const WOLFSSL_EC_GROUP *group, WOLFSSL_EC_POINT *p)
+{
+ WOLFSSL_ENTER("wolfSSL_ECPoint_d2i");
+
+ if (group == NULL || p == NULL || p->internal == NULL || in == NULL) {
+ WOLFSSL_MSG("wolfSSL_ECPoint_d2i NULL error");
+ return SSL_FAILURE;
+ }
+
+ if (wc_ecc_import_point_der(in, len, group->curve_idx,
+ (ecc_point*)p->internal) != MP_OKAY) {
+ WOLFSSL_MSG("wc_ecc_import_point_der failed");
+ return SSL_FAILURE;
+ }
+
+ if (p->exSet == 0) {
+ WOLFSSL_MSG("No ECPoint external set, do it");
+
+ if (SetECPointExternal(p) != SSL_SUCCESS) {
+ WOLFSSL_MSG("SetECPointExternal failed");
+ return SSL_FAILURE;
+ }
+ }
+
+#ifdef DEBUG_WOLFSSL
+ wolfssl_EC_POINT_dump("d2i p", p);
+#endif
+ return SSL_SUCCESS;
+}
+
+WOLFSSL_EC_POINT *wolfSSL_EC_POINT_new(const WOLFSSL_EC_GROUP *group)
+{
+ WOLFSSL_EC_POINT *p;
+
+ WOLFSSL_ENTER("wolfSSL_EC_POINT_new");
+
+ if (group == NULL) {
+ WOLFSSL_MSG("wolfSSL_EC_POINT_new NULL error");
+ return NULL;
+ }
+
+ p = (WOLFSSL_EC_POINT *)XMALLOC(sizeof(WOLFSSL_EC_POINT), NULL,
+ DYNAMIC_TYPE_ECC);
+ if (p == NULL) {
+ WOLFSSL_MSG("wolfSSL_EC_POINT_new malloc ecc point failure");
+ return NULL;
+ }
+ XMEMSET(p, 0, sizeof(WOLFSSL_EC_POINT));
+
+ p->internal = wc_ecc_new_point();
+ if (p->internal == NULL) {
+ WOLFSSL_MSG("ecc_new_point failure");
+ return NULL;
+ }
+
+ return p;
+}
+
+/* return code compliant with OpenSSL :
+ * 1 if success, 0 if error
+ */
+int wolfSSL_EC_POINT_get_affine_coordinates_GFp(const WOLFSSL_EC_GROUP *group,
+ const WOLFSSL_EC_POINT *point,
+ WOLFSSL_BIGNUM *x,
+ WOLFSSL_BIGNUM *y,
+ WOLFSSL_BN_CTX *ctx)
+{
+ (void)ctx;
+
+ WOLFSSL_ENTER("wolfSSL_EC_POINT_get_affine_coordinates_GFp");
+
+ if (group == NULL || point == NULL || point->internal == NULL ||
+ x == NULL || y == NULL) {
+ WOLFSSL_MSG("wolfSSL_EC_POINT_get_affine_coordinates_GFp NULL error");
+ return SSL_FAILURE;
+ }
+
+ if (point->inSet == 0) {
+ WOLFSSL_MSG("No ECPoint internal set, do it");
+
+ if (SetECPointInternal((WOLFSSL_EC_POINT *)point) != SSL_SUCCESS) {
+ WOLFSSL_MSG("SetECPointInternal failed");
+ return SSL_FAILURE;
+ }
+ }
+
+ BN_copy(x, point->X);
+ BN_copy(y, point->Y);
+
+ return SSL_SUCCESS;
+}
+
+/* return code compliant with OpenSSL :
+ * 1 if success, 0 if error
+ */
+int wolfSSL_EC_POINT_mul(const WOLFSSL_EC_GROUP *group, WOLFSSL_EC_POINT *r,
+ const WOLFSSL_BIGNUM *n, const WOLFSSL_EC_POINT *q,
+ const WOLFSSL_BIGNUM *m, WOLFSSL_BN_CTX *ctx)
+{
+ mp_int prime;
+
+ (void)ctx;
+ (void)n;
+
+ WOLFSSL_ENTER("wolfSSL_EC_POINT_mul");
+
+ if (group == NULL || r == NULL || r->internal == NULL ||
+ q == NULL || q->internal == NULL || m == NULL) {
+ WOLFSSL_MSG("wolfSSL_EC_POINT_mul NULL error");
+ return SSL_FAILURE;
+ }
+
+ if (q->inSet == 0) {
+ WOLFSSL_MSG("No ECPoint internal set, do it");
+
+ if (SetECPointInternal((WOLFSSL_EC_POINT *)q) != SSL_SUCCESS) {
+ WOLFSSL_MSG("SetECPointInternal failed");
+ return SSL_FAILURE;
+ }
+ }
+
+ /* compute the prime value of the curve */
+ if (mp_init(&prime) != MP_OKAY) {
+ WOLFSSL_MSG("wolfSSL_EC_POINT_mul init BN failed");
+ return SSL_FAILURE;
+ }
+
+ if (mp_read_radix(&prime, ecc_sets[group->curve_idx].prime, 16) != MP_OKAY){
+ WOLFSSL_MSG("wolfSSL_EC_POINT_mul read prime curve value failed");
+ return SSL_FAILURE;
+ }
+
+ /* r = q * m % prime */
+ if (wc_ecc_mulmod((mp_int*)m->internal, (ecc_point*)q->internal,
+ (ecc_point*)r->internal, &prime, 1) != MP_OKAY) {
+ WOLFSSL_MSG("ecc_mulmod failure");
+ mp_clear(&prime);
+ return SSL_FAILURE;
+ }
+
+ mp_clear(&prime);
+
+ /* set the external value for the computed point */
+ if (SetECPointInternal(r) != SSL_SUCCESS) {
+ WOLFSSL_MSG("SetECPointInternal failed");
+ return SSL_FAILURE;
+ }
+
+ return SSL_SUCCESS;
+}
+
+void wolfSSL_EC_POINT_clear_free(WOLFSSL_EC_POINT *p)
+{
+ WOLFSSL_ENTER("wolfSSL_EC_POINT_clear_free");
+
+ wolfSSL_EC_POINT_free(p);
+}
+
+/* return code compliant with OpenSSL :
+ * 0 if equal, 1 if not and -1 in case of error
+ */
+int wolfSSL_EC_POINT_cmp(const WOLFSSL_EC_GROUP *group,
+ const WOLFSSL_EC_POINT *a, const WOLFSSL_EC_POINT *b,
+ WOLFSSL_BN_CTX *ctx)
+{
+ int ret;
+
+ (void)ctx;
+
+ WOLFSSL_ENTER("wolfSSL_EC_POINT_cmp");
+
+ if (group == NULL || a == NULL || a->internal == NULL || b == NULL ||
+ b->internal == NULL) {
+ WOLFSSL_MSG("wolfSSL_EC_POINT_cmp Bad arguments");
+ return SSL_FATAL_ERROR;
+ }
+
+ ret = wc_ecc_cmp_point((ecc_point*)a->internal, (ecc_point*)b->internal);
+ if (ret == MP_EQ)
+ return 0;
+ else if (ret == MP_LT || ret == MP_GT)
+ return 1;
return SSL_FATAL_ERROR;
}
+void wolfSSL_EC_POINT_free(WOLFSSL_EC_POINT *p)
+{
+ WOLFSSL_ENTER("wolfSSL_EC_POINT_free");
+ if (p != NULL) {
+ if (p->internal == NULL) {
+ wc_ecc_del_point((ecc_point*)p->internal);
+ XFREE(p->internal, NULL, DYNAMIC_TYPE_ECC);
+ p->internal = NULL;
+ }
-int wolfSSL_PEM_write_bio_DSAPrivateKey(WOLFSSL_BIO* bio, DSA* rsa,
- const EVP_CIPHER* cipher,
- unsigned char* passwd, int len,
- pem_password_cb cb, void* arg)
+ wolfSSL_BN_free(p->X);
+ wolfSSL_BN_free(p->Y);
+ wolfSSL_BN_free(p->Z);
+ p->X = NULL;
+ p->Y = NULL;
+ p->Z = NULL;
+ p->inSet = p->exSet = 0;
+
+ XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+ p = NULL;
+ }
+}
+
+/* return code compliant with OpenSSL :
+ * 1 if point at infinity, 0 else
+ */
+int wolfSSL_EC_POINT_is_at_infinity(const WOLFSSL_EC_GROUP *group,
+ const WOLFSSL_EC_POINT *point)
+{
+ int ret;
+
+ WOLFSSL_ENTER("wolfSSL_EC_POINT_is_at_infinity");
+
+ if (group == NULL || point == NULL || point->internal == NULL) {
+ WOLFSSL_MSG("wolfSSL_EC_POINT_is_at_infinity NULL error");
+ return SSL_FAILURE;
+ }
+ if (point->inSet == 0) {
+ WOLFSSL_MSG("No ECPoint internal set, do it");
+
+ if (SetECPointInternal((WOLFSSL_EC_POINT *)point) != SSL_SUCCESS) {
+ WOLFSSL_MSG("SetECPointInternal failed");
+ return SSL_FAILURE;
+ }
+ }
+
+ ret = wc_ecc_point_is_at_infinity((ecc_point*)point->internal);
+ if (ret <= 0) {
+ WOLFSSL_MSG("ecc_point_is_at_infinity failure");
+ return SSL_FAILURE;
+ }
+
+ return SSL_SUCCESS;
+}
+
+/* End EC_POINT */
+
+/* Start ECDSA_SIG */
+void wolfSSL_ECDSA_SIG_free(WOLFSSL_ECDSA_SIG *sig)
+{
+ WOLFSSL_ENTER("wolfSSL_ECDSA_SIG_free");
+
+ if (sig) {
+ wolfSSL_BN_free(sig->r);
+ wolfSSL_BN_free(sig->s);
+
+ XFREE(sig, NULL, DYNAMIC_TYPE_ECC);
+ }
+}
+
+WOLFSSL_ECDSA_SIG *wolfSSL_ECDSA_SIG_new(void)
+{
+ WOLFSSL_ECDSA_SIG *sig;
+
+ WOLFSSL_ENTER("wolfSSL_ECDSA_SIG_new");
+
+ sig = (WOLFSSL_ECDSA_SIG*) XMALLOC(sizeof(WOLFSSL_ECDSA_SIG), NULL,
+ DYNAMIC_TYPE_ECC);
+ if (sig == NULL) {
+ WOLFSSL_MSG("wolfSSL_ECDSA_SIG_new malloc ECDSA signature failure");
+ return NULL;
+ }
+
+ sig->r = wolfSSL_BN_new();
+ if (sig->r == NULL) {
+ WOLFSSL_MSG("wolfSSL_ECDSA_SIG_new malloc ECDSA r failure");
+ wolfSSL_ECDSA_SIG_free(sig);
+ return NULL;
+ }
+
+ sig->s = wolfSSL_BN_new();
+ if (sig->s == NULL) {
+ WOLFSSL_MSG("wolfSSL_ECDSA_SIG_new malloc ECDSA s failure");
+ wolfSSL_ECDSA_SIG_free(sig);
+ return NULL;
+ }
+
+ return sig;
+}
+
+/* return signature structure on success, NULL otherwise */
+WOLFSSL_ECDSA_SIG *wolfSSL_ECDSA_do_sign(const unsigned char *d, int dlen,
+ WOLFSSL_EC_KEY *key)
+{
+ WOLFSSL_ECDSA_SIG *sig = NULL;
+ int initTmpRng = 0;
+ WC_RNG* rng = NULL;
+#ifdef WOLFSSL_SMALL_STACK
+ WC_RNG* tmpRNG = NULL;
+#else
+ WC_RNG tmpRNG[1];
+#endif
+
+ WOLFSSL_ENTER("wolfSSL_ECDSA_do_sign");
+
+ if (d == NULL || key == NULL || key->internal == NULL) {
+ WOLFSSL_MSG("wolfSSL_ECDSA_do_sign Bad arguments");
+ return NULL;
+ }
+
+ /* set internal key if not done */
+ if (key->inSet == 0)
+ {
+ WOLFSSL_MSG("wolfSSL_ECDSA_do_sign No EC key internal set, do it");
+
+ if (SetECKeyInternal(key) != SSL_SUCCESS) {
+ WOLFSSL_MSG("wolfSSL_ECDSA_do_sign SetECKeyInternal failed");
+ return NULL;
+ }
+ }
+
+#ifdef WOLFSSL_SMALL_STACK
+ tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ if (tmpRNG == NULL)
+ return NULL;
+#endif
+
+ if (wc_InitRng(tmpRNG) == 0) {
+ rng = tmpRNG;
+ initTmpRng = 1;
+ }
+ else {
+ WOLFSSL_MSG("wolfSSL_ECDSA_do_sign Bad RNG Init, trying global");
+ if (initGlobalRNG == 0)
+ WOLFSSL_MSG("wolfSSL_ECDSA_do_sign Global RNG no Init");
+ else
+ rng = &globalRNG;
+ }
+
+ if (rng) {
+ mp_int sig_r, sig_s;
+
+ if (mp_init_multi(&sig_r, &sig_s, NULL, NULL, NULL, NULL) == MP_OKAY) {
+ if (wc_ecc_sign_hash_ex(d, dlen, rng, (ecc_key*)key->internal,
+ &sig_r, &sig_s) != MP_OKAY) {
+ WOLFSSL_MSG("wc_ecc_sign_hash_ex failed");
+ }
+ else {
+ /* put signature blob in ECDSA structure */
+ sig = wolfSSL_ECDSA_SIG_new();
+ if (sig == NULL)
+ WOLFSSL_MSG("wolfSSL_ECDSA_SIG_new failed");
+ else if (SetIndividualExternal(&(sig->r), &sig_r)!=SSL_SUCCESS){
+ WOLFSSL_MSG("ecdsa r key error");
+ wolfSSL_ECDSA_SIG_free(sig);
+ }
+ else if (SetIndividualExternal(&(sig->s), &sig_s)!=SSL_SUCCESS){
+ WOLFSSL_MSG("ecdsa s key error");
+ wolfSSL_ECDSA_SIG_free(sig);
+ }
+
+ mp_clear(&sig_r);
+ mp_clear(&sig_s);
+ }
+ }
+ }
+
+ if (initTmpRng)
+ wc_FreeRng(tmpRNG);
+#ifdef WOLFSSL_SMALL_STACK
+ XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
+ return sig;
+}
+
+/* return code compliant with OpenSSL :
+ * 1 for a valid signature, 0 for an invalid signature and -1 on error
+ */
+int wolfSSL_ECDSA_do_verify(const unsigned char *d, int dlen,
+ const WOLFSSL_ECDSA_SIG *sig, WOLFSSL_EC_KEY *key)
+{
+ int check_sign = 0;
+
+ WOLFSSL_ENTER("wolfSSL_ECDSA_do_verify");
+
+ if (d == NULL || sig == NULL || key == NULL || key->internal == NULL) {
+ WOLFSSL_MSG("wolfSSL_ECDSA_do_verify Bad arguments");
+ return SSL_FATAL_ERROR;
+ }
+
+ /* set internal key if not done */
+ if (key->inSet == 0)
+ {
+ WOLFSSL_MSG("No EC key internal set, do it");
+
+ if (SetECKeyInternal(key) != SSL_SUCCESS) {
+ WOLFSSL_MSG("SetECKeyInternal failed");
+ return SSL_FATAL_ERROR;
+ }
+ }
+
+ if (wc_ecc_verify_hash_ex((mp_int*)sig->r->internal,
+ (mp_int*)sig->s->internal, d, dlen, &check_sign,
+ (ecc_key *)key->internal) != MP_OKAY) {
+ WOLFSSL_MSG("wc_ecc_verify_hash failed");
+ return SSL_FATAL_ERROR;
+ }
+ else if (check_sign == 0) {
+ WOLFSSL_MSG("wc_ecc_verify_hash incorrect signature detected");
+ return SSL_FAILURE;
+ }
+
+ return SSL_SUCCESS;
+}
+/* End ECDSA_SIG */
+
+/* Start ECDH */
+/* return code compliant with OpenSSL :
+ * length of computed key if success, -1 if error
+ */
+int wolfSSL_ECDH_compute_key(void *out, size_t outlen,
+ const WOLFSSL_EC_POINT *pub_key,
+ WOLFSSL_EC_KEY *ecdh,
+ void *(*KDF) (const void *in, size_t inlen,
+ void *out, size_t *outlen))
+{
+ word32 len;
+ (void)KDF;
+
+ (void)KDF;
+
+ WOLFSSL_ENTER("wolfSSL_ECDH_compute_key");
+
+ if (out == NULL || pub_key == NULL || pub_key->internal == NULL ||
+ ecdh == NULL || ecdh->internal == NULL) {
+ WOLFSSL_MSG("Bad function arguments");
+ return SSL_FATAL_ERROR;
+ }
+
+ /* set internal key if not done */
+ if (ecdh->inSet == 0)
+ {
+ WOLFSSL_MSG("No EC key internal set, do it");
+
+ if (SetECKeyInternal(ecdh) != SSL_SUCCESS) {
+ WOLFSSL_MSG("SetECKeyInternal failed");
+ return SSL_FATAL_ERROR;
+ }
+ }
+
+ len = (word32)outlen;
+
+ if (wc_ecc_shared_secret_ssh((ecc_key*)ecdh->internal,
+ (ecc_point*)pub_key->internal,
+ (byte *)out, &len) != MP_OKAY) {
+ WOLFSSL_MSG("wc_ecc_shared_secret failed");
+ return SSL_FATAL_ERROR;
+ }
+
+ return len;
+}
+/* End ECDH */
+
+/* return code compliant with OpenSSL :
+ * 1 if success, 0 if error
+ */
+int wolfSSL_PEM_write_EC_PUBKEY(FILE *fp, WOLFSSL_EC_KEY *x)
+{
+ (void)fp;
+ (void)x;
+
+ WOLFSSL_MSG("wolfSSL_PEM_write_EC_PUBKEY not implemented");
+
+ return SSL_FAILURE;
+}
+
+#if defined(WOLFSSL_KEY_GEN)
+
+/* return code compliant with OpenSSL :
+ * 1 if success, 0 if error
+ */
+int wolfSSL_PEM_write_bio_ECPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EC_KEY* ecc,
+ const EVP_CIPHER* cipher,
+ unsigned char* passwd, int len,
+ pem_password_cb cb, void* arg)
{
(void)bio;
- (void)rsa;
+ (void)ecc;
(void)cipher;
(void)passwd;
(void)len;
(void)cb;
(void)arg;
- WOLFSSL_MSG("wolfSSL_PEM_write_bio_DSAPrivateKey");
+ WOLFSSL_MSG("wolfSSL_PEM_write_bio_ECPrivateKey not implemented");
- return SSL_FATAL_ERROR;
+ return SSL_FAILURE;
}
+/* return code compliant with OpenSSL :
+ * 1 if success, 0 if error
+ */
+int wolfSSL_PEM_write_mem_ECPrivateKey(WOLFSSL_EC_KEY* ecc,
+ const EVP_CIPHER* cipher,
+ unsigned char* passwd, int passwdSz,
+ unsigned char **pem, int *plen)
+{
+ byte *der, *tmp, *cipherInfo = NULL;
+ int der_max_len = 0, derSz = 0;
+ WOLFSSL_MSG("wolfSSL_PEM_write_mem_ECPrivateKey");
+
+ if (pem == NULL || plen == NULL || ecc == NULL || ecc->internal == NULL) {
+ WOLFSSL_MSG("Bad function arguments");
+ return SSL_FAILURE;
+ }
+
+ if (ecc->inSet == 0) {
+ WOLFSSL_MSG("No ECC internal set, do it");
+
+ if (SetECKeyInternal(ecc) != SSL_SUCCESS) {
+ WOLFSSL_MSG("SetDsaInternal failed");
+ return SSL_FAILURE;
+ }
+ }
+
+ /* 4 > size of pub, priv + ASN.1 additionnal informations
+ */
+ der_max_len = 4 * wc_ecc_size((ecc_key*)ecc->internal) + AES_BLOCK_SIZE;
+
+ der = (byte*)XMALLOC(der_max_len, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ if (der == NULL) {
+ WOLFSSL_MSG("malloc failed");
+ return SSL_FAILURE;
+ }
+
+ /* Key to DER */
+ derSz = wc_EccKeyToDer((ecc_key*)ecc->internal, der, der_max_len);
+ if (derSz < 0) {
+ WOLFSSL_MSG("wc_DsaKeyToDer failed");
+ XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ return SSL_FAILURE;
+ }
+
+ /* encrypt DER buffer if required */
+ if (passwd != NULL && passwdSz > 0 && cipher != NULL) {
+ int ret;
+
+ ret = EncryptDerKey(der, &derSz, cipher,
+ passwd, passwdSz, &cipherInfo);
+ if (ret != SSL_SUCCESS) {
+ WOLFSSL_MSG("EncryptDerKey failed");
+ XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ return ret;
+ }
+
+ /* tmp buffer with a max size */
+ *plen = (derSz * 2) + sizeof(BEGIN_EC_PRIV) +
+ sizeof(END_EC_PRIV) + HEADER_ENCRYPTED_KEY_SIZE;
+ }
+ else /* tmp buffer with a max size */
+ *plen = (derSz * 2) + sizeof(BEGIN_EC_PRIV) + sizeof(END_EC_PRIV);
+
+ tmp = (byte*)XMALLOC(*plen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ if (tmp == NULL) {
+ WOLFSSL_MSG("malloc failed");
+ XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ if (cipherInfo != NULL)
+ XFREE(cipherInfo, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ return SSL_FAILURE;
+ }
+
+ /* DER to PEM */
+ *plen = wc_DerToPemEx(der, derSz, tmp, *plen, cipherInfo, ECC_PRIVATEKEY_TYPE);
+ if (*plen <= 0) {
+ WOLFSSL_MSG("wc_DerToPemEx failed");
+ XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ if (cipherInfo != NULL)
+ XFREE(cipherInfo, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ return SSL_FAILURE;
+ }
+ XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ if (cipherInfo != NULL)
+ XFREE(cipherInfo, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+
+ *pem = (byte*)XMALLOC((*plen)+1, NULL, DYNAMIC_TYPE_OUT_BUFFER);
+ if (*pem == NULL) {
+ WOLFSSL_MSG("malloc failed");
+ XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ return SSL_FAILURE;
+ }
+ XMEMSET(*pem, 0, (*plen)+1);
+
+ if (XMEMCPY(*pem, tmp, *plen) == NULL) {
+ WOLFSSL_MSG("memcpy failed");
+ XFREE(pem, NULL, DYNAMIC_TYPE_OUT_BUFFER);
+ XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ return SSL_FAILURE;
+ }
+ XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+
+ return SSL_SUCCESS;
+}
+
+/* return code compliant with OpenSSL :
+ * 1 if success, 0 if error
+ */
+int wolfSSL_PEM_write_ECPrivateKey(FILE *fp, WOLFSSL_EC_KEY *ecc,
+ const EVP_CIPHER *enc,
+ unsigned char *kstr, int klen,
+ pem_password_cb *cb, void *u)
+{
+ byte *pem;
+ int plen, ret;
+
+ (void)cb;
+ (void)u;
+
+ WOLFSSL_MSG("wolfSSL_PEM_write_ECPrivateKey");
+
+ if (fp == NULL || ecc == NULL || ecc->internal == NULL) {
+ WOLFSSL_MSG("Bad function arguments");
+ return SSL_FAILURE;
+ }
+
+ ret = wolfSSL_PEM_write_mem_ECPrivateKey(ecc, enc, kstr, klen, &pem, &plen);
+ if (ret != SSL_SUCCESS) {
+ WOLFSSL_MSG("wolfSSL_PEM_write_mem_ECPrivateKey failed");
+ return SSL_FAILURE;
+ }
+
+ ret = (int)XFWRITE(pem, plen, 1, fp);
+ if (ret != 1) {
+ WOLFSSL_MSG("ECC private key file write failed");
+ return SSL_FAILURE;
+ }
+
+ XFREE(pem, NULL, DYNAMIC_TYPE_OUT_BUFFER);
+ return SSL_SUCCESS;
+}
+
+#endif /* defined(WOLFSSL_KEY_GEN) */
+
+#endif /* HAVE_ECC */
+
+
+#ifndef NO_DSA
+
+#if defined(WOLFSSL_KEY_GEN)
+
+/* return code compliant with OpenSSL :
+ * 1 if success, 0 if error
+ */
+int wolfSSL_PEM_write_bio_DSAPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_DSA* dsa,
+ const EVP_CIPHER* cipher,
+ unsigned char* passwd, int len,
+ pem_password_cb cb, void* arg)
+{
+ (void)bio;
+ (void)dsa;
+ (void)cipher;
+ (void)passwd;
+ (void)len;
+ (void)cb;
+ (void)arg;
+
+ WOLFSSL_MSG("wolfSSL_PEM_write_bio_DSAPrivateKey not implemented");
+
+ return SSL_FAILURE;
+}
+
+/* return code compliant with OpenSSL :
+ * 1 if success, 0 if error
+ */
+int wolfSSL_PEM_write_mem_DSAPrivateKey(WOLFSSL_DSA* dsa,
+ const EVP_CIPHER* cipher,
+ unsigned char* passwd, int passwdSz,
+ unsigned char **pem, int *plen)
+{
+ byte *der, *tmp, *cipherInfo = NULL;
+ int der_max_len = 0, derSz = 0;
+
+ WOLFSSL_MSG("wolfSSL_PEM_write_mem_DSAPrivateKey");
+
+ if (pem == NULL || plen == NULL || dsa == NULL || dsa->internal == NULL) {
+ WOLFSSL_MSG("Bad function arguments");
+ return SSL_FAILURE;
+ }
+
+ if (dsa->inSet == 0) {
+ WOLFSSL_MSG("No DSA internal set, do it");
+
+ if (SetDsaInternal(dsa) != SSL_SUCCESS) {
+ WOLFSSL_MSG("SetDsaInternal failed");
+ return SSL_FAILURE;
+ }
+ }
+
+ /* 4 > size of pub, priv, p, q, g + ASN.1 additionnal informations
+ */
+ der_max_len = 4 * wolfSSL_BN_num_bytes(dsa->g) + AES_BLOCK_SIZE;
+
+ der = (byte*)XMALLOC(der_max_len, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ if (der == NULL) {
+ WOLFSSL_MSG("malloc failed");
+ return SSL_FAILURE;
+ }
+
+ /* Key to DER */
+ derSz = wc_DsaKeyToDer((DsaKey*)dsa->internal, der, der_max_len);
+ if (derSz < 0) {
+ WOLFSSL_MSG("wc_DsaKeyToDer failed");
+ XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ return SSL_FAILURE;
+ }
+
+ /* encrypt DER buffer if required */
+ if (passwd != NULL && passwdSz > 0 && cipher != NULL) {
+ int ret;
+
+ ret = EncryptDerKey(der, &derSz, cipher,
+ passwd, passwdSz, &cipherInfo);
+ if (ret != SSL_SUCCESS) {
+ WOLFSSL_MSG("EncryptDerKey failed");
+ XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ return ret;
+ }
+
+ /* tmp buffer with a max size */
+ *plen = (derSz * 2) + sizeof(BEGIN_DSA_PRIV) +
+ sizeof(END_DSA_PRIV) + HEADER_ENCRYPTED_KEY_SIZE;
+ }
+ else /* tmp buffer with a max size */
+ *plen = (derSz * 2) + sizeof(BEGIN_DSA_PRIV) + sizeof(END_DSA_PRIV);
+
+ tmp = (byte*)XMALLOC(*plen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ if (tmp == NULL) {
+ WOLFSSL_MSG("malloc failed");
+ XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ if (cipherInfo != NULL)
+ XFREE(cipherInfo, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ return SSL_FAILURE;
+ }
+
+ /* DER to PEM */
+ *plen = wc_DerToPemEx(der, derSz, tmp, *plen, cipherInfo, DSA_PRIVATEKEY_TYPE);
+ if (*plen <= 0) {
+ WOLFSSL_MSG("wc_DerToPemEx failed");
+ XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ if (cipherInfo != NULL)
+ XFREE(cipherInfo, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ return SSL_FAILURE;
+ }
+ XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ if (cipherInfo != NULL)
+ XFREE(cipherInfo, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+
+ *pem = (byte*)XMALLOC((*plen)+1, NULL, DYNAMIC_TYPE_OUT_BUFFER);
+ if (*pem == NULL) {
+ WOLFSSL_MSG("malloc failed");
+ XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ return SSL_FAILURE;
+ }
+ XMEMSET(*pem, 0, (*plen)+1);
+
+ if (XMEMCPY(*pem, tmp, *plen) == NULL) {
+ WOLFSSL_MSG("memcpy failed");
+ XFREE(pem, NULL, DYNAMIC_TYPE_OUT_BUFFER);
+ XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ return SSL_FAILURE;
+ }
+ XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+
+ return SSL_SUCCESS;
+}
+
+/* return code compliant with OpenSSL :
+ * 1 if success, 0 if error
+ */
+int wolfSSL_PEM_write_DSAPrivateKey(FILE *fp, WOLFSSL_DSA *dsa,
+ const EVP_CIPHER *enc,
+ unsigned char *kstr, int klen,
+ pem_password_cb *cb, void *u)
+{
+ byte *pem;
+ int plen, ret;
+
+ (void)cb;
+ (void)u;
+
+ WOLFSSL_MSG("wolfSSL_PEM_write_DSAPrivateKey");
+
+ if (fp == NULL || dsa == NULL || dsa->internal == NULL) {
+ WOLFSSL_MSG("Bad function arguments");
+ return SSL_FAILURE;
+ }
+
+ ret = wolfSSL_PEM_write_mem_DSAPrivateKey(dsa, enc, kstr, klen, &pem, &plen);
+ if (ret != SSL_SUCCESS) {
+ WOLFSSL_MSG("wolfSSL_PEM_write_mem_DSAPrivateKey failed");
+ return SSL_FAILURE;
+ }
+
+ ret = (int)XFWRITE(pem, plen, 1, fp);
+ if (ret != 1) {
+ WOLFSSL_MSG("DSA private key file write failed");
+ return SSL_FAILURE;
+ }
+
+ XFREE(pem, NULL, DYNAMIC_TYPE_OUT_BUFFER);
+ return SSL_SUCCESS;
+}
+
+#endif /* defined(WOLFSSL_KEY_GEN) */
+
+/* return code compliant with OpenSSL :
+ * 1 if success, 0 if error
+ */
+int wolfSSL_PEM_write_DSA_PUBKEY(FILE *fp, WOLFSSL_DSA *x)
+{
+ (void)fp;
+ (void)x;
+
+ WOLFSSL_MSG("wolfSSL_PEM_write_DSA_PUBKEY not implemented");
+
+ return SSL_FAILURE;
+}
+
+#endif /* #ifndef NO_DSA */
WOLFSSL_EVP_PKEY* wolfSSL_PEM_read_bio_PrivateKey(WOLFSSL_BIO* bio,
WOLFSSL_EVP_PKEY** key, pem_password_cb cb, void* arg)
@@ -12225,16 +15216,78 @@ WOLFSSL_EVP_PKEY* wolfSSL_PEM_read_bio_PrivateKey(WOLFSSL_BIO* bio,
(void)cb;
(void)arg;
- WOLFSSL_MSG("wolfSSL_PEM_read_bio_PrivateKey");
+ WOLFSSL_MSG("wolfSSL_PEM_read_bio_PrivateKey not implemented");
return NULL;
}
+int wolfSSL_EVP_PKEY_type(int type)
+{
+ (void)type;
+
+ WOLFSSL_MSG("wolfSSL_EVP_PKEY_type not implemented");
+
+ return SSL_FATAL_ERROR;
+}
+
+
+WOLFSSL_EVP_PKEY *wolfSSL_PEM_read_PUBKEY(FILE *fp, EVP_PKEY **x,
+ pem_password_cb *cb, void *u)
+{
+ (void)fp;
+ (void)x;
+ (void)cb;
+ (void)u;
+
+ WOLFSSL_MSG("wolfSSL_PEM_read_PUBKEY not implemented");
+
+ return NULL;
+}
#ifndef NO_RSA
-/* Load RSA from Der, SSL_SUCCESS on success < 0 on error */
-int wolfSSL_RSA_LoadDer(WOLFSSL_RSA* rsa, const unsigned char* der, int derSz)
+
+WOLFSSL_RSA *wolfSSL_PEM_read_RSAPublicKey(FILE *fp, WOLFSSL_RSA **x,
+ pem_password_cb *cb, void *u)
+{
+ (void)fp;
+ (void)x;
+ (void)cb;
+ (void)u;
+
+ WOLFSSL_MSG("wolfSSL_PEM_read_RSAPublicKey not implemented");
+
+ return NULL;
+}
+
+/* return code compliant with OpenSSL :
+ * 1 if success, 0 if error
+ */
+int wolfSSL_PEM_write_RSAPublicKey(FILE *fp, WOLFSSL_RSA *x)
+{
+ (void)fp;
+ (void)x;
+
+ WOLFSSL_MSG("wolfSSL_PEM_write_RSAPublicKey not implemented");
+
+ return SSL_FAILURE;
+}
+
+/* return code compliant with OpenSSL :
+ * 1 if success, 0 if error
+ */
+int wolfSSL_PEM_write_RSA_PUBKEY(FILE *fp, WOLFSSL_RSA *x)
+{
+ (void)fp;
+ (void)x;
+
+ WOLFSSL_MSG("wolfSSL_PEM_write_RSA_PUBKEY not implemented");
+
+ return SSL_FAILURE;
+}
+
+/* return SSL_SUCCESS if success, SSL_FATAL_ERROR if error */
+int wolfSSL_RSA_LoadDer(WOLFSSL_RSA* rsa, const unsigned char* der, int derSz)
{
word32 idx = 0;
int ret;
@@ -12243,16 +15296,16 @@ int wolfSSL_RSA_LoadDer(WOLFSSL_RSA* rsa, const unsigned char* der, int derSz)
if (rsa == NULL || rsa->internal == NULL || der == NULL || derSz <= 0) {
WOLFSSL_MSG("Bad function arguments");
- return BAD_FUNC_ARG;
+ return SSL_FATAL_ERROR;
}
ret = wc_RsaPrivateKeyDecode(der, &idx, (RsaKey*)rsa->internal, derSz);
if (ret < 0) {
WOLFSSL_MSG("RsaPrivateKeyDecode failed");
- return ret;
+ return SSL_FATAL_ERROR;
}
- if (SetRsaExternal(rsa) < 0) {
+ if (SetRsaExternal(rsa) != SSL_SUCCESS) {
WOLFSSL_MSG("SetRsaExternal failed");
return SSL_FATAL_ERROR;
}
@@ -12265,8 +15318,8 @@ int wolfSSL_RSA_LoadDer(WOLFSSL_RSA* rsa, const unsigned char* der, int derSz)
#ifndef NO_DSA
-/* Load DSA from Der, SSL_SUCCESS on success < 0 on error */
-int wolfSSL_DSA_LoadDer(WOLFSSL_DSA* dsa, const unsigned char* der, int derSz)
+/* return SSL_SUCCESS if success, SSL_FATAL_ERROR if error */
+int wolfSSL_DSA_LoadDer(WOLFSSL_DSA* dsa, const unsigned char* der, int derSz)
{
word32 idx = 0;
int ret;
@@ -12275,16 +15328,16 @@ int wolfSSL_DSA_LoadDer(WOLFSSL_DSA* dsa, const unsigned char* der, int derSz)
if (dsa == NULL || dsa->internal == NULL || der == NULL || derSz <= 0) {
WOLFSSL_MSG("Bad function arguments");
- return BAD_FUNC_ARG;
+ return SSL_FATAL_ERROR;
}
ret = DsaPrivateKeyDecode(der, &idx, (DsaKey*)dsa->internal, derSz);
if (ret < 0) {
WOLFSSL_MSG("DsaPrivateKeyDecode failed");
- return ret;
+ return SSL_FATAL_ERROR;
}
- if (SetDsaExternal(dsa) < 0) {
+ if (SetDsaExternal(dsa) != SSL_SUCCESS) {
WOLFSSL_MSG("SetDsaExternal failed");
return SSL_FATAL_ERROR;
}
@@ -12295,8 +15348,37 @@ int wolfSSL_DSA_LoadDer(WOLFSSL_DSA* dsa, const unsigned char* der, int derSz)
}
#endif /* NO_DSA */
+#ifdef HAVE_ECC
+/* return SSL_SUCCESS if success, SSL_FATAL_ERROR if error */
+int wolfSSL_EC_KEY_LoadDer(WOLFSSL_EC_KEY* key,
+ const unsigned char* der, int derSz)
+{
+ word32 idx = 0;
+ int ret;
+ WOLFSSL_ENTER("wolfSSL_EC_KEY_LoadDer");
+ if (key == NULL || key->internal == NULL || der == NULL || derSz <= 0) {
+ WOLFSSL_MSG("Bad function arguments");
+ return SSL_FATAL_ERROR;
+ }
+
+ ret = wc_EccPrivateKeyDecode(der, &idx, (ecc_key*)key->internal, derSz);
+ if (ret < 0) {
+ WOLFSSL_MSG("wc_EccPrivateKeyDecode failed");
+ return SSL_FATAL_ERROR;
+ }
+
+ if (SetECKeyExternal(key) != SSL_SUCCESS) {
+ WOLFSSL_MSG("SetECKeyExternal failed");
+ return SSL_FATAL_ERROR;
+ }
+
+ key->inSet = 1;
+
+ return SSL_SUCCESS;
+}
+#endif /* HAVE_ECC */
#endif /* OPENSSL_EXTRA */
@@ -12401,8 +15483,8 @@ WOLFSSL_X509* wolfSSL_get_chain_X509(WOLFSSL_X509_CHAIN* chain, int idx)
/* Get peer's PEM ceritifcate at index (idx), output to buffer if inLen big
- enough else return error (-1), output length is in *outLen
- SSL_SUCCESS on ok */
+ enough else return error (-1). If buffer is NULL only calculate
+ outLen. Output length is in *outLen SSL_SUCCESS on ok */
int wolfSSL_get_chain_cert_pem(WOLFSSL_X509_CHAIN* chain, int idx,
unsigned char* buf, int inLen, int* outLen)
{
@@ -12413,17 +15495,29 @@ int wolfSSL_get_chain_cert_pem(WOLFSSL_X509_CHAIN* chain, int idx,
int footerLen = sizeof(footer) - 1;
int i;
int err;
+ word32 szNeeded = 0;
WOLFSSL_ENTER("wolfSSL_get_chain_cert_pem");
- if (!chain || !outLen || !buf)
+ if (!chain || !outLen || idx < 0 || idx >= wolfSSL_get_chain_count(chain))
return BAD_FUNC_ARG;
+ /* Null output buffer return size needed in outLen */
+ if(!buf) {
+ if(Base64_Encode(chain->certs[idx].buffer, chain->certs[idx].length,
+ NULL, &szNeeded) != LENGTH_ONLY_E)
+ return SSL_FAILURE;
+ *outLen = szNeeded + headerLen + footerLen;
+ return LENGTH_ONLY_E;
+ }
+
/* don't even try if inLen too short */
if (inLen < headerLen + footerLen + chain->certs[idx].length)
return BAD_FUNC_ARG;
/* header */
- XMEMCPY(buf, header, headerLen);
+ if (XMEMCPY(buf, header, headerLen) == NULL)
+ return SSL_FATAL_ERROR;
+
i = headerLen;
/* body */
@@ -12436,7 +15530,8 @@ int wolfSSL_get_chain_cert_pem(WOLFSSL_X509_CHAIN* chain, int idx,
/* footer */
if ( (i + footerLen) > inLen)
return BAD_FUNC_ARG;
- XMEMCPY(buf + i, footer, footerLen);
+ if (XMEMCPY(buf + i, footer, footerLen) == NULL)
+ return SSL_FATAL_ERROR;
*outLen += headerLen + footerLen;
return SSL_SUCCESS;
@@ -12627,3 +15722,935 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl)
void wolfSSL_cert_service(void) {}
#endif
+
+#ifdef OPENSSL_EXTRA /*Lighttp compatibility*/
+#ifdef HAVE_LIGHTY
+
+ unsigned char *wolfSSL_SHA1(const unsigned char *d, size_t n, unsigned char *md)
+ {
+ (void) *d; (void) n; (void) *md;
+ WOLFSSL_ENTER("wolfSSL_SHA1");
+ WOLFSSL_STUB("wolfssl_SHA1");
+
+ return NULL;
+ }
+
+ char wolfSSL_CTX_use_certificate(WOLFSSL_CTX *ctx, WOLFSSL_X509 *x) {
+ (void)ctx;
+ (void)x;
+ WOLFSSL_ENTER("wolfSSL_CTX_use_certificate");
+ WOLFSSL_STUB("wolfSSL_CTX_use_certificate");
+
+ return 0;
+ }
+
+ int wolfSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *pkey) {
+ (void)ctx;
+ (void)pkey;
+ WOLFSSL_ENTER("wolfSSL_CTX_use_PrivateKey");
+ WOLFSSL_STUB("wolfSSL_CTX_use_PrivateKey");
+
+ return 0;
+ }
+
+
+ int wolfSSL_BIO_read_filename(WOLFSSL_BIO *b, const char *name) {
+ (void)b;
+ (void)name;
+ WOLFSSL_ENTER("wolfSSL_BIO_read_filename");
+ WOLFSSL_STUB("wolfSSL_BIO_read_filename");
+
+ return 0;
+ }
+
+ WOLFSSL_BIO_METHOD* wolfSSL_BIO_s_file(void) {
+ WOLFSSL_ENTER("wolfSSL_BIO_s_file");
+ WOLFSSL_STUB("wolfSSL_BIO_s_file");
+
+ return NULL;
+ }
+
+ const char * wolf_OBJ_nid2sn(int n) {
+ (void)n;
+ WOLFSSL_ENTER("wolf_OBJ_nid2sn");
+ WOLFSSL_STUB("wolf_OBJ_nid2sn");
+
+ return 0;
+ }
+
+ int wolf_OBJ_obj2nid(const WOLFSSL_ASN1_OBJECT *o) {
+ (void)o;
+ WOLFSSL_ENTER("wolf_OBJ_obj2nid");
+ WOLFSSL_STUB("wolf_OBJ_obj2nid");
+
+ return 0;
+ }
+
+ int wolf_OBJ_sn2nid(const char *sn) {
+ (void)sn;
+ WOLFSSL_ENTER("wolf_OBJ_osn2nid");
+ WOLFSSL_STUB("wolf_OBJ_osn2nid");
+
+ return 0;
+ }
+
+
+ WOLFSSL_X509 *PEM_read_bio_WOLFSSL_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u) {
+ (void)bp;
+ (void)x;
+ (void)cb;
+ (void)u;
+ WOLFSSL_ENTER("PEM_read_bio_WOLFSSL_X509");
+ WOLFSSL_STUB("PEM_read_bio_WOLFSSL_X509");
+
+ return NULL;
+ }
+
+ void wolfSSL_CTX_set_verify_depth(WOLFSSL_CTX *ctx, int depth) {
+ (void)ctx;
+ (void)depth;
+ WOLFSSL_ENTER("wolfSSL_CTX_set_verify_depth");
+ WOLFSSL_STUB("wolfSSL_CTX_set_verify_depth");
+
+ }
+
+ void* wolfSSL_get_app_data( const WOLFSSL *ssl)
+ {
+ /* checkout exdata stuff... */
+ (void)ssl;
+ WOLFSSL_ENTER("wolfSSL_get_app_data");
+ WOLFSSL_STUB("wolfSSL_get_app_data");
+
+ return 0;
+ }
+
+ void wolfSSL_set_app_data(WOLFSSL *ssl, void *arg) {
+ (void)ssl;
+ (void)arg;
+ WOLFSSL_ENTER("wolfSSL_set_app_data");
+ WOLFSSL_STUB("wolfSSL_set_app_data");
+ }
+
+ WOLFSSL_ASN1_OBJECT * wolfSSL_X509_NAME_ENTRY_get_object(WOLFSSL_X509_NAME_ENTRY *ne) {
+ (void)ne;
+ WOLFSSL_ENTER("wolfSSL_X509_NAME_ENTRY_get_object");
+ WOLFSSL_STUB("wolfSSL_X509_NAME_ENTRY_get_object");
+
+ return NULL;
+ }
+
+ WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_get_entry(WOLFSSL_X509_NAME *name, int loc) {
+ (void)name;
+ (void)loc;
+ WOLFSSL_ENTER("wolfSSL_X509_NAME_get_entry");
+ WOLFSSL_STUB("wolfSSL_X509_NAME_get_entry");
+
+ return NULL;
+ }
+
+ void wolfSSL_X509_NAME_free(WOLFSSL_X509_NAME *name){
+ FreeX509Name(name);
+ WOLFSSL_ENTER("wolfSSL_X509_NAME_free");
+ WOLFSSL_STUB("wolfSSL_X509_NAME_free");
+ }
+
+ void wolfSSL_sk_X509_NAME_pop_free(STACK_OF(WOLFSSL_X509_NAME)* sk, void f (WOLFSSL_X509_NAME*)){
+ (void) sk;
+ (void) f;
+ WOLFSSL_ENTER("wolfSSL_sk_X509_NAME_pop_free");
+ WOLFSSL_STUB("wolfSSL_sk_X509_NAME_pop_free");
+ }
+
+ int wolfSSL_X509_check_private_key(WOLFSSL_X509 *x509, WOLFSSL_EVP_PKEY *key){
+ (void) x509;
+ (void) key;
+ WOLFSSL_ENTER("wolfSSL_X509_check_private_key");
+ WOLFSSL_STUB("wolfSSL_X509_check_private_key");
+
+ return SSL_SUCCESS;
+ }
+
+ STACK_OF(WOLFSSL_X509_NAME) *wolfSSL_dup_CA_list( STACK_OF(WOLFSSL_X509_NAME) *sk ){
+ (void) sk;
+ WOLFSSL_ENTER("wolfSSL_dup_CA_list");
+ WOLFSSL_STUB("wolfSSL_dup_CA_list");
+
+ return NULL;
+ }
+
+#endif
+#endif
+
+
+#ifdef OPENSSL_EXTRA
+void* wolfSSL_CTX_get_ex_data(const WOLFSSL_CTX* ctx, int idx)
+{
+ WOLFSSL_ENTER("wolfSSL_CTX_get_ex_data");
+ #ifdef HAVE_STUNNEL
+ if(ctx != NULL && idx < MAX_EX_DATA && idx >= 0) {
+ return ctx->ex_data[idx];
+ }
+ #else
+ (void)ctx;
+ (void)idx;
+ #endif
+ return NULL;
+}
+
+
+int wolfSSL_CTX_get_ex_new_index(long idx, void* arg, void* a, void* b,
+ void* c)
+{
+ WOLFSSL_ENTER("wolfSSL_CTX_get_ex_new_index");
+ (void)idx;
+ (void)arg;
+ (void)a;
+ (void)b;
+ (void)c;
+ return 0;
+}
+
+
+int wolfSSL_CTX_set_ex_data(WOLFSSL_CTX* ctx, int idx, void* data)
+{
+ WOLFSSL_ENTER("wolfSSL_CTX_set_ex_data");
+ #ifdef HAVE_STUNNEL
+ if (ctx != NULL && idx < MAX_EX_DATA)
+ {
+ ctx->ex_data[idx] = data;
+ return SSL_SUCCESS;
+ }
+ #else
+ (void)ctx;
+ (void)idx;
+ (void)data;
+ #endif
+ return SSL_FAILURE;
+}
+
+
+int wolfSSL_set_ex_data(WOLFSSL* ssl, int idx, void* data)
+{
+ WOLFSSL_ENTER("wolfSSL_set_ex_data");
+#if defined(FORTRESS) || defined(HAVE_STUNNEL)
+ if (ssl != NULL && idx < MAX_EX_DATA)
+ {
+ ssl->ex_data[idx] = data;
+ return SSL_SUCCESS;
+ }
+#else
+ (void)ssl;
+ (void)idx;
+ (void)data;
+#endif
+ return SSL_FAILURE;
+}
+
+
+int wolfSSL_get_ex_new_index(long idx, void* data, void* cb1, void* cb2,
+ void* cb3)
+{
+ WOLFSSL_ENTER("wolfSSL_get_ex_new_index");
+ (void)idx;
+ (void)data;
+ (void)cb1;
+ (void)cb2;
+ (void)cb3;
+ return 0;
+}
+
+
+void* wolfSSL_get_ex_data(const WOLFSSL* ssl, int idx)
+{
+ WOLFSSL_ENTER("wolfSSL_get_ex_data");
+#if defined(FORTRESS) || defined(HAVE_STUNNEL)
+ if (ssl != NULL && idx < MAX_EX_DATA && idx >= 0)
+ return ssl->ex_data[idx];
+#else
+ (void)ssl;
+ (void)idx;
+#endif
+ return 0;
+}
+#endif /* OPENSSL_EXTRA */
+
+
+#if defined(HAVE_LIGHTY) || defined(HAVE_STUNNEL)
+WOLFSSL_BIO *wolfSSL_BIO_new_file(const char *filename, const char *mode) {
+ (void)filename;
+ (void)mode;
+ WOLFSSL_ENTER("wolfSSL_BIO_new_file");
+ WOLFSSL_STUB("wolfSSL_BIO_new_file");
+
+ return NULL;
+}
+
+
+WOLFSSL_DH *wolfSSL_PEM_read_bio_DHparams(WOLFSSL_BIO *bp, WOLFSSL_DH **x, pem_password_cb *cb, void *u)
+{
+ (void) bp;
+ (void) x;
+ (void) cb;
+ (void) u;
+
+ WOLFSSL_ENTER("wolfSSL_PEM_read_bio_DHparams");
+ WOLFSSL_STUB("wolfSSL_PEM_read_bio_DHparams");
+
+ return NULL;
+}
+
+int PEM_write_bio_WOLFSSL_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 *x) {
+ (void)bp;
+ (void)x;
+ WOLFSSL_ENTER("PEM_write_bio_WOLFSSL_X509");
+ WOLFSSL_STUB("PEM_write_bio_WOLFSSL_X509");
+
+ return 0;
+}
+
+
+#ifndef NO_DH
+/* Intialize ctx->dh with dh's params. Return SSL_SUCCESS on ok */
+long wolfSSL_CTX_set_tmp_dh(WOLFSSL_CTX* ctx, WOLFSSL_DH* dh)
+{
+ int pSz, gSz;
+ byte *p, *g;
+ int ret=0;
+
+ WOLFSSL_ENTER("wolfSSL_CTX_set_tmp_dh");
+
+ if(!ctx || !dh)
+ return BAD_FUNC_ARG;
+
+ /* Get needed size for p and g */
+ pSz = wolfSSL_BN_bn2bin(dh->p, NULL);
+ gSz = wolfSSL_BN_bn2bin(dh->g, NULL);
+
+ if(pSz <= 0 || gSz <= 0)
+ return SSL_FATAL_ERROR;
+
+ p = (byte*)XMALLOC(pSz, ctx->heap, DYNAMIC_TYPE_DH);
+ if(!p)
+ return MEMORY_E;
+
+ g = (byte*)XMALLOC(gSz, ctx->heap, DYNAMIC_TYPE_DH);
+ if(!g) {
+ XFREE(p, ctx->heap, DYNAMIC_TYPE_DH);
+ return MEMORY_E;
+ }
+
+ pSz = wolfSSL_BN_bn2bin(dh->p, p);
+ gSz = wolfSSL_BN_bn2bin(dh->g, g);
+
+ if(pSz >= 0 && gSz >= 0) /* Conversion successful */
+ ret = wolfSSL_CTX_SetTmpDH(ctx, p, pSz, g, gSz);
+
+ XFREE(p, ctx->heap, DYNAMIC_TYPE_DH);
+ XFREE(g, ctx->heap, DYNAMIC_TYPE_DH);
+
+ return pSz > 0 && gSz > 0 ? ret : SSL_FATAL_ERROR;
+}
+#endif /* NO_DH */
+#endif /* HAVE_LIGHTY || HAVE_STUNNEL */
+
+
+/* stunnel compatability functions*/
+#if defined(OPENSSL_EXTRA) && defined(HAVE_STUNNEL)
+int wolfSSL_SESSION_set_ex_data(WOLFSSL_SESSION* session, int idx, void* data)
+{
+ WOLFSSL_ENTER("wolfSSL_SESSION_set_ex_data");
+ if(session != NULL && idx < MAX_EX_DATA) {
+ session->ex_data[idx] = data;
+ return SSL_SUCCESS;
+ }
+ return SSL_FAILURE;
+}
+
+
+int wolfSSL_SESSION_get_ex_new_index(long idx, void* data, void* cb1,
+ void* cb2, CRYPTO_free_func* cb3)
+{
+ WOLFSSL_ENTER("wolfSSL_SESSION_get_ex_new_index");
+ (void)idx;
+ (void)cb1;
+ (void)cb2;
+ (void)cb3;
+ if(XSTRNCMP((const char*)data, "redirect index", 14) == 0) {
+ return 0;
+ }
+ else if(XSTRNCMP((const char*)data, "addr index", 10) == 0) {
+ return 1;
+ }
+ return SSL_FAILURE;
+}
+
+
+void* wolfSSL_SESSION_get_ex_data(const WOLFSSL_SESSION* session, int idx)
+{
+ WOLFSSL_ENTER("wolfSSL_SESSION_get_ex_data");
+ if (session != NULL && idx < MAX_EX_DATA && idx >= 0)
+ return session->ex_data[idx];
+ return NULL;
+}
+
+
+int wolfSSL_CRYPTO_set_mem_ex_functions(void *(*m) (size_t, const char *, int),
+ void *(*r) (void *, size_t, const char *,
+ int), void (*f) (void *))
+{
+ (void) m;
+ (void) r;
+ (void) f;
+ WOLFSSL_ENTER("wolfSSL_CRYPTO_set_mem_ex_functions");
+ WOLFSSL_STUB("wolfSSL_CRYPTO_set_mem_ex_functions");
+
+ return SSL_FAILURE;
+}
+
+
+WOLFSSL_DH *wolfSSL_DH_generate_parameters(int prime_len, int generator,
+ void (*callback) (int, int, void *), void *cb_arg)
+{
+ (void)prime_len;
+ (void)generator;
+ (void)callback;
+ (void)cb_arg;
+ WOLFSSL_ENTER("wolfSSL_DH_generate_parameters");
+ WOLFSSL_STUB("wolfSSL_DH_generate_parameters");
+
+ return NULL;
+}
+
+
+void wolfSSL_ERR_load_crypto_strings(void)
+{
+ WOLFSSL_ENTER("wolfSSL_ERR_load_crypto_strings");
+ WOLFSSL_ENTER("wolfSSL_ERR_load_crypto_strings");
+ return;
+}
+
+
+unsigned long wolfSSL_ERR_peek_last_error(void)
+{
+ unsigned long l = 0UL;
+ WOLFSSL_ENTER("wolfSSL_ERR_peek_last_error");
+ WOLFSSL_STUB("wolfSSL_ERR_peek_last_error");
+
+ return l;
+}
+
+
+int wolfSSL_FIPS_mode(void)
+{
+ WOLFSSL_ENTER("wolfSSL_FIPS_mode");
+ WOLFSSL_STUB("wolfSSL_FIPS_mode");
+
+ return SSL_FAILURE;
+}
+
+int wolfSSL_FIPS_mode_set(int r)
+{
+ (void)r;
+ WOLFSSL_ENTER("wolfSSL_FIPS_mode_set");
+ WOLFSSL_STUB("wolfSSL_FIPS_mode_set");
+
+ return SSL_FAILURE;
+}
+
+
+int wolfSSL_RAND_set_rand_method(const void *meth)
+{
+ (void) meth;
+ WOLFSSL_ENTER("wolfSSL_RAND_set_rand_method");
+ WOLFSSL_STUB("wolfSSL_RAND_set_rand_method");
+
+ return SSL_FAILURE;
+}
+
+
+int wolfSSL_CIPHER_get_bits(const WOLFSSL_CIPHER *c, int *alg_bits)
+{
+ int ret = SSL_FAILURE;
+ WOLFSSL_ENTER("wolfSSL_CIPHER_get_bits");
+ if(c != NULL && c->ssl != NULL) {
+ ret = 8 * c->ssl->specs.key_size;
+ if(alg_bits != NULL) {
+ *alg_bits = ret;
+ }
+ }
+ return ret;
+}
+
+
+int wolfSSL_sk_X509_NAME_num(const STACK_OF(WOLFSSL_X509_NAME) *s)
+{
+ (void) s;
+ WOLFSSL_ENTER("wolfSSL_sk_X509_NAME_num");
+ WOLFSSL_STUB("wolfSSL_sk_X509_NAME_num");
+
+ return SSL_FAILURE;
+}
+
+
+int wolfSSL_sk_X509_num(const STACK_OF(WOLFSSL_X509) *s)
+{
+ (void) s;
+ WOLFSSL_ENTER("wolfSSL_sk_X509_num");
+ WOLFSSL_STUB("wolfSSL_sk_X509_num");
+
+ return SSL_FAILURE;
+}
+
+
+int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO* bio, WOLFSSL_X509_NAME* nm,
+ int indent, unsigned long flags)
+{
+ (void)bio;
+ (void)nm;
+ (void)indent;
+ (void)flags;
+ WOLFSSL_ENTER("wolfSSL_X509_NAME_print_ex");
+ WOLFSSL_STUB("wolfSSL_X509_NAME_print_ex");
+
+ return SSL_FAILURE;
+}
+
+
+WOLFSSL_ASN1_BIT_STRING* wolfSSL_X509_get0_pubkey_bitstr(const WOLFSSL_X509* x)
+{
+ (void)x;
+ WOLFSSL_ENTER("wolfSSL_X509_get0_pubkey_bitstr");
+ WOLFSSL_STUB("wolfSSL_X509_get0_pubkey_bitstr");
+
+ return NULL;
+}
+
+
+int wolfSSL_CTX_add_session(WOLFSSL_CTX* ctx, WOLFSSL_SESSION* session)
+{
+ (void)ctx;
+ (void)session;
+ WOLFSSL_ENTER("wolfSSL_CTX_add_session");
+ WOLFSSL_STUB("wolfSSL_CTX_add_session");
+
+ return SSL_SUCCESS;
+}
+
+
+int wolfSSL_get_state(const WOLFSSL* ssl)
+{
+ (void)ssl;
+ WOLFSSL_ENTER("wolfSSL_get_state");
+ WOLFSSL_STUB("wolfSSL_get_state");
+
+ return SSL_FAILURE;
+}
+
+
+void* wolfSSL_sk_X509_NAME_value(STACK_OF(WOLFSSL_X509_NAME)* sk, int i)
+{
+ (void)sk;
+ (void)i;
+ WOLFSSL_ENTER("wolfSSL_sk_X509_NAME_value");
+ WOLFSSL_STUB("wolfSSL_sk_X509_NAME_value");
+
+ return NULL;
+}
+
+
+void* wolfSSL_sk_X509_value(STACK_OF(WOLFSSL_X509)* sk, int i)
+{
+ (void)sk;
+ (void)i;
+ WOLFSSL_ENTER("wolfSSL_sk_X509_value");
+ WOLFSSL_STUB("wolfSSL_sk_X509_value");
+
+ return NULL;
+}
+
+
+int wolfSSL_version(WOLFSSL* ssl)
+{
+ WOLFSSL_ENTER("wolfSSL_version");
+ if (ssl->version.major == SSLv3_MAJOR) {
+ switch (ssl->version.minor) {
+ case SSLv3_MINOR :
+ return SSL3_VERSION;
+ case TLSv1_MINOR :
+ case TLSv1_1_MINOR :
+ case TLSv1_2_MINOR :
+ return TLS1_VERSION;
+ default:
+ return SSL_FAILURE;
+ }
+ }
+ else if (ssl->version.major == DTLS_MAJOR) {
+ switch (ssl->version.minor) {
+ case DTLS_MINOR :
+ case DTLSv1_2_MINOR :
+ return DTLS1_VERSION;
+ default:
+ return SSL_FAILURE;
+ }
+ }
+ return SSL_FAILURE;
+}
+
+
+STACK_OF(WOLFSSL_X509)* wolfSSL_get_peer_cert_chain(const WOLFSSL* ssl)
+{
+ (void)ssl;
+ WOLFSSL_ENTER("wolfSSL_get_peer_cert_chain");
+ WOLFSSL_STUB("wolfSSL_get_peer_cert_chain");
+
+ return NULL;
+}
+
+
+long wolfSSL_CTX_get_options(WOLFSSL_CTX* ctx)
+{
+ (void)ctx;
+ WOLFSSL_ENTER("wolfSSL_CTX_get_options");
+ WOLFSSL_STUB("wolfSSL_CTX_get_options");
+
+ return 0;
+}
+
+
+WOLFSSL_CTX* wolfSSL_get_SSL_CTX(WOLFSSL* ssl)
+{
+ WOLFSSL_ENTER("wolfSSL_get_SSL_CTX");
+ return ssl->ctx;
+}
+
+int wolfSSL_X509_NAME_get_sz(WOLFSSL_X509_NAME* name)
+{
+ WOLFSSL_ENTER("wolfSSL_X509_NAME_get_sz");
+ if(!name)
+ return -1;
+ return name->sz;
+}
+
+
+const byte* wolfSSL_SESSION_get_id(WOLFSSL_SESSION* sess, unsigned int* idLen)
+{
+ WOLFSSL_ENTER("wolfSSL_SESSION_get_id");
+ WOLFSSL_STUB("wolfSSL_SESSION_get_id");
+ if(!sess || !idLen) {
+ WOLFSSL_MSG("Bad func args. Please provide idLen");
+ return NULL;
+ }
+ *idLen = sess->sessionIDSz;
+ return sess->sessionID;
+}
+#endif /* OPENSSL_EXTRA and HAVE_STUNNEL */
+
+#if defined(OPENSSL_EXTRA) && defined(HAVE_CURVE25519)
+/* return 1 if success, 0 if error
+ * output keys are little endian format
+ */
+int wolfSSL_EC25519_generate_key(unsigned char *priv, unsigned int *privSz,
+ unsigned char *pub, unsigned int *pubSz)
+{
+#ifndef WOLFSSL_KEY_GEN
+ WOLFSSL_MSG("No Key Gen built in");
+ return SSL_FAILURE;
+#else /* WOLFSSL_KEY_GEN */
+ int ret = SSL_FAILURE;
+ int initTmpRng = 0;
+ WC_RNG *rng = NULL;
+#ifdef WOLFSSL_SMALL_STACK
+ WC_RNG *tmpRNG = NULL;
+#else
+ WC_RNG tmpRNG[1];
+#endif
+
+ WOLFSSL_ENTER("wolfSSL_EC25519_generate_key");
+
+ if (priv == NULL || privSz == NULL || *privSz < CURVE25519_KEYSIZE ||
+ pub == NULL || pubSz == NULL || *pubSz < CURVE25519_KEYSIZE) {
+ WOLFSSL_MSG("Bad arguments");
+ return SSL_FAILURE;
+ }
+
+#ifdef WOLFSSL_SMALL_STACK
+ tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ if (tmpRNG == NULL)
+ return SSL_FAILURE;
+#endif
+ if (wc_InitRng(tmpRNG) == 0) {
+ rng = tmpRNG;
+ initTmpRng = 1;
+ }
+ else {
+ WOLFSSL_MSG("Bad RNG Init, trying global");
+ if (initGlobalRNG == 0)
+ WOLFSSL_MSG("Global RNG no Init");
+ else
+ rng = &globalRNG;
+ }
+
+ if (rng) {
+ curve25519_key key;
+
+ if (wc_curve25519_init(&key) != MP_OKAY)
+ WOLFSSL_MSG("wc_curve25519_init failed");
+ else if (wc_curve25519_make_key(rng, CURVE25519_KEYSIZE, &key)!=MP_OKAY)
+ WOLFSSL_MSG("wc_curve25519_make_key failed");
+ /* export key pair */
+ else if (wc_curve25519_export_key_raw_ex(&key, priv, privSz, pub,
+ pubSz, EC25519_LITTLE_ENDIAN)
+ != MP_OKAY)
+ WOLFSSL_MSG("wc_curve25519_export_key_raw_ex failed");
+ else
+ ret = SSL_SUCCESS;
+
+ wc_curve25519_free(&key);
+ }
+
+ if (initTmpRng)
+ wc_FreeRng(tmpRNG);
+
+#ifdef WOLFSSL_SMALL_STACK
+ XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
+ return ret;
+#endif /* WOLFSSL_KEY_GEN */
+}
+
+/* return 1 if success, 0 if error
+ * input and output keys are little endian format
+ */
+int wolfSSL_EC25519_shared_key(unsigned char *shared, unsigned int *sharedSz,
+ const unsigned char *priv, unsigned int privSz,
+ const unsigned char *pub, unsigned int pubSz)
+{
+#ifndef WOLFSSL_KEY_GEN
+ WOLFSSL_MSG("No Key Gen built in");
+ return SSL_FAILURE;
+#else /* WOLFSSL_KEY_GEN */
+ int ret = SSL_FAILURE;
+ curve25519_key privkey, pubkey;
+
+ WOLFSSL_ENTER("wolfSSL_EC25519_shared_key");
+
+ if (shared == NULL || sharedSz == NULL || *sharedSz < CURVE25519_KEYSIZE ||
+ priv == NULL || privSz < CURVE25519_KEYSIZE ||
+ pub == NULL || pubSz < CURVE25519_KEYSIZE) {
+ WOLFSSL_MSG("Bad arguments");
+ return SSL_FAILURE;
+ }
+
+ /* import private key */
+ if (wc_curve25519_init(&privkey) != MP_OKAY) {
+ WOLFSSL_MSG("wc_curve25519_init privkey failed");
+ return ret;
+ }
+ if (wc_curve25519_import_private_ex(priv, privSz, &privkey,
+ EC25519_LITTLE_ENDIAN) != MP_OKAY) {
+ WOLFSSL_MSG("wc_curve25519_import_private_ex failed");
+ wc_curve25519_free(&privkey);
+ return ret;
+ }
+
+ /* import public key */
+ if (wc_curve25519_init(&pubkey) != MP_OKAY) {
+ WOLFSSL_MSG("wc_curve25519_init pubkey failed");
+ wc_curve25519_free(&privkey);
+ return ret;
+ }
+ if (wc_curve25519_import_public_ex(pub, pubSz, &pubkey,
+ EC25519_LITTLE_ENDIAN) != MP_OKAY) {
+ WOLFSSL_MSG("wc_curve25519_import_public_ex failed");
+ wc_curve25519_free(&privkey);
+ wc_curve25519_free(&pubkey);
+ return ret;
+ }
+
+ if (wc_curve25519_shared_secret_ex(&privkey, &pubkey,
+ shared, sharedSz,
+ EC25519_LITTLE_ENDIAN) != MP_OKAY)
+ WOLFSSL_MSG("wc_curve25519_shared_secret_ex failed");
+ else
+ ret = SSL_SUCCESS;
+
+ wc_curve25519_free(&privkey);
+ wc_curve25519_free(&pubkey);
+
+ return ret;
+#endif /* WOLFSSL_KEY_GEN */
+}
+#endif /* OPENSSL_EXTRA && HAVE_CURVE25519 */
+
+#if defined(OPENSSL_EXTRA) && defined(HAVE_ED25519)
+/* return 1 if success, 0 if error
+ * output keys are little endian format
+ */
+int wolfSSL_ED25519_generate_key(unsigned char *priv, unsigned int *privSz,
+ unsigned char *pub, unsigned int *pubSz)
+{
+#ifndef WOLFSSL_KEY_GEN
+ WOLFSSL_MSG("No Key Gen built in");
+ return SSL_FAILURE;
+#else /* WOLFSSL_KEY_GEN */
+ int ret = SSL_FAILURE;
+ int initTmpRng = 0;
+ WC_RNG *rng = NULL;
+#ifdef WOLFSSL_SMALL_STACK
+ WC_RNG *tmpRNG = NULL;
+#else
+ WC_RNG tmpRNG[1];
+#endif
+
+ WOLFSSL_ENTER("wolfSSL_ED25519_generate_key");
+
+ if (priv == NULL || privSz == NULL || *privSz < ED25519_PRV_KEY_SIZE ||
+ pub == NULL || pubSz == NULL || *pubSz < ED25519_PUB_KEY_SIZE) {
+ WOLFSSL_MSG("Bad arguments");
+ return SSL_FAILURE;
+ }
+
+#ifdef WOLFSSL_SMALL_STACK
+ tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ if (tmpRNG == NULL)
+ return SSL_FATAL_ERROR;
+#endif
+ if (wc_InitRng(tmpRNG) == 0) {
+ rng = tmpRNG;
+ initTmpRng = 1;
+ }
+ else {
+ WOLFSSL_MSG("Bad RNG Init, trying global");
+ if (initGlobalRNG == 0)
+ WOLFSSL_MSG("Global RNG no Init");
+ else
+ rng = &globalRNG;
+ }
+
+ if (rng) {
+ ed25519_key key;
+
+ if (wc_ed25519_init(&key) != MP_OKAY)
+ WOLFSSL_MSG("wc_ed25519_init failed");
+ else if (wc_ed25519_make_key(rng, ED25519_KEY_SIZE, &key)!=MP_OKAY)
+ WOLFSSL_MSG("wc_ed25519_make_key failed");
+ /* export private key */
+ else if (wc_ed25519_export_key(&key, priv, privSz, pub, pubSz)!=MP_OKAY)
+ WOLFSSL_MSG("wc_ed25519_export_key failed");
+ else
+ ret = SSL_SUCCESS;
+
+ wc_ed25519_free(&key);
+ }
+
+ if (initTmpRng)
+ wc_FreeRng(tmpRNG);
+
+#ifdef WOLFSSL_SMALL_STACK
+ XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
+ return ret;
+#endif /* WOLFSSL_KEY_GEN */
+}
+
+/* return 1 if success, 0 if error
+ * input and output keys are little endian format
+ * priv is a buffer containing private and public part of key
+ */
+int wolfSSL_ED25519_sign(const unsigned char *msg, unsigned int msgSz,
+ const unsigned char *priv, unsigned int privSz,
+ unsigned char *sig, unsigned int *sigSz)
+{
+#ifndef WOLFSSL_KEY_GEN
+ WOLFSSL_MSG("No Key Gen built in");
+ return SSL_FAILURE;
+#else /* WOLFSSL_KEY_GEN */
+ ed25519_key key;
+ int ret = SSL_FAILURE;
+
+ WOLFSSL_ENTER("wolfSSL_ED25519_sign");
+
+ if (priv == NULL || privSz != ED25519_PRV_KEY_SIZE ||
+ msg == NULL || sig == NULL || *sigSz < ED25519_SIG_SIZE) {
+ WOLFSSL_MSG("Bad arguments");
+ return SSL_FAILURE;
+ }
+
+ /* import key */
+ if (wc_ed25519_init(&key) != MP_OKAY) {
+ WOLFSSL_MSG("wc_curve25519_init failed");
+ return ret;
+ }
+ if (wc_ed25519_import_private_key(priv, privSz/2,
+ priv+(privSz/2), ED25519_PUB_KEY_SIZE,
+ &key) != MP_OKAY){
+ WOLFSSL_MSG("wc_ed25519_import_private failed");
+ wc_ed25519_free(&key);
+ return ret;
+ }
+
+ if (wc_ed25519_sign_msg(msg, msgSz, sig, sigSz, &key) != MP_OKAY)
+ WOLFSSL_MSG("wc_curve25519_shared_secret_ex failed");
+ else
+ ret = SSL_SUCCESS;
+
+ wc_ed25519_free(&key);
+
+ return ret;
+#endif /* WOLFSSL_KEY_GEN */
+}
+
+/* return 1 if success, 0 if error
+ * input and output keys are little endian format
+ * pub is a buffer containing public part of key
+ */
+int wolfSSL_ED25519_verify(const unsigned char *msg, unsigned int msgSz,
+ const unsigned char *pub, unsigned int pubSz,
+ const unsigned char *sig, unsigned int sigSz)
+{
+#ifndef WOLFSSL_KEY_GEN
+ WOLFSSL_MSG("No Key Gen built in");
+ return SSL_FAILURE;
+#else /* WOLFSSL_KEY_GEN */
+ ed25519_key key;
+ int ret = SSL_FAILURE, check = 0;
+
+ WOLFSSL_ENTER("wolfSSL_ED25519_verify");
+
+ if (pub == NULL || pubSz != ED25519_PUB_KEY_SIZE ||
+ msg == NULL || sig == NULL || sigSz != ED25519_SIG_SIZE) {
+ WOLFSSL_MSG("Bad arguments");
+ return SSL_FAILURE;
+ }
+
+ /* import key */
+ if (wc_ed25519_init(&key) != MP_OKAY) {
+ WOLFSSL_MSG("wc_curve25519_init failed");
+ return ret;
+ }
+ if (wc_ed25519_import_public(pub, pubSz, &key) != MP_OKAY){
+ WOLFSSL_MSG("wc_ed25519_import_public failed");
+ wc_ed25519_free(&key);
+ return ret;
+ }
+
+ if ((ret = wc_ed25519_verify_msg((byte*)sig, sigSz, msg, msgSz,
+ &check, &key)) != MP_OKAY) {
+ WOLFSSL_MSG("wc_ed25519_verify_msg failed");
+ fprintf(stderr, "err code = %d, sigSz=%d, msgSz=%d\n", ret, sigSz, msgSz);
+ }
+ else if (!check)
+ WOLFSSL_MSG("wc_ed25519_verify_msg failed (signature invalid)");
+ else
+ ret = SSL_SUCCESS;
+
+ wc_ed25519_free(&key);
+
+ return ret;
+#endif /* WOLFSSL_KEY_GEN */
+}
+
+#endif /* OPENSSL_EXTRA && HAVE_ED25519 */
+
diff --git a/src/tls.c b/src/tls.c
index b475b7c78..59bafa0ed 100644
--- a/src/tls.c
+++ b/src/tls.c
@@ -36,19 +36,29 @@
#include
#endif
+#ifdef HAVE_NTRU
+ #include "libntruencrypt/ntru_crypto.h"
+ #include
+#endif
+#ifdef HAVE_QSH
+ static int TLSX_AddQSHKey(QSHKey** list, QSHKey* key);
+ static byte* TLSX_QSHKeyFind_Pub(QSHKey* qsh, word16* pubLen, word16 name);
+ static int TLSX_CreateNtruKey(WOLFSSL* ssl, int type);
+#endif
#ifndef NO_TLS
-#ifndef min
+#ifndef WOLFSSL_HAVE_MIN
+#define WOLFSSL_HAVE_MIN
static INLINE word32 min(word32 a, word32 b)
{
return a > b ? b : a;
}
-#endif /* min */
+#endif /* WOLFSSL_HAVE_MIN */
#ifdef WOLFSSL_SHA384
@@ -71,7 +81,7 @@ static int p_hash(byte* result, word32 resLen, const byte* secret,
#ifdef WOLFSSL_SMALL_STACK
byte* previous;
byte* current;
- Hmac* hmac;
+ Hmac* hmac;
#else
byte previous[P_HASH_MAX_SIZE]; /* max size */
byte current[P_HASH_MAX_SIZE]; /* max size */
@@ -146,7 +156,7 @@ static int p_hash(byte* result, word32 resLen, const byte* secret,
break;
if ((i == lastTime) && lastLen)
- XMEMCPY(&result[idx], current,
+ XMEMCPY(&result[idx], current,
min(lastLen, P_HASH_MAX_SIZE));
else {
XMEMCPY(&result[idx], current, len);
@@ -186,7 +196,7 @@ static INLINE void get_xor(byte *digest, word32 digLen, byte* md5, byte* sha)
{
word32 i;
- for (i = 0; i < digLen; i++)
+ for (i = 0; i < digLen; i++)
digest[i] = md5[i] ^ sha[i];
}
@@ -287,7 +297,7 @@ static int PRF(byte* digest, word32 digLen, const byte* secret, word32 secLen,
if (labLen + seedLen > MAX_PRF_LABSEED)
return BUFFER_E;
-
+
#ifdef WOLFSSL_SMALL_STACK
labelSeed = (byte*)XMALLOC(MAX_PRF_LABSEED, NULL,
DYNAMIC_TYPE_TMP_BUFFER);
@@ -300,7 +310,7 @@ static int PRF(byte* digest, word32 digLen, const byte* secret, word32 secLen,
/* If a cipher suite wants an algorithm better than sha256, it
* should use better. */
- if (hash_type < sha256_mac)
+ if (hash_type < sha256_mac || hash_type == blake2b_mac)
hash_type = sha256_mac;
ret = p_hash(digest, digLen, secret, secLen, labelSeed,
labLen + seedLen, hash_type);
@@ -334,14 +344,14 @@ int BuildTlsFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
word32 hashSz = FINISHED_SZ;
#ifndef NO_OLD_TLS
- wc_Md5Final(&ssl->hsHashes->hashMd5, handshake_hash);
- wc_ShaFinal(&ssl->hsHashes->hashSha, &handshake_hash[MD5_DIGEST_SIZE]);
+ wc_Md5GetHash(&ssl->hsHashes->hashMd5, handshake_hash);
+ wc_ShaGetHash(&ssl->hsHashes->hashSha, &handshake_hash[MD5_DIGEST_SIZE]);
#endif
if (IsAtLeastTLSv1_2(ssl)) {
#ifndef NO_SHA256
- if (ssl->specs.mac_algorithm <= sha256_mac) {
- int ret = wc_Sha256Final(&ssl->hsHashes->hashSha256,handshake_hash);
+ if (ssl->specs.mac_algorithm <= sha256_mac || ssl->specs.mac_algorithm == blake2b_mac) {
+ int ret = wc_Sha256GetHash(&ssl->hsHashes->hashSha256,handshake_hash);
if (ret != 0)
return ret;
@@ -429,7 +439,7 @@ int wolfSSL_DeriveTlsKeys(byte* key_data, word32 keyLen,
int DeriveTlsKeys(WOLFSSL* ssl)
{
int ret;
- int length = 2 * ssl->specs.hash_size +
+ int length = 2 * ssl->specs.hash_size +
2 * ssl->specs.key_size +
2 * ssl->specs.iv_size;
#ifdef WOLFSSL_SMALL_STACK
@@ -585,9 +595,9 @@ static INLINE word32 GetSEQIncrement(WOLFSSL* ssl, int verify)
}
#endif
if (verify)
- return ssl->keys.peer_sequence_number++;
+ return ssl->keys.peer_sequence_number++;
else
- return ssl->keys.sequence_number++;
+ return ssl->keys.sequence_number++;
}
@@ -639,10 +649,10 @@ int wolfSSL_GetHmacType(WOLFSSL* ssl)
return SHA;
}
#endif
- #ifdef HAVE_BLAKE2
+ #ifdef HAVE_BLAKE2
case blake2b_mac:
{
- return BLAKE2B_ID;
+ return BLAKE2B_ID;
}
#endif
default:
@@ -666,7 +676,7 @@ int wolfSSL_SetTlsHmacInner(WOLFSSL* ssl, byte* inner, word32 sz, int content,
c16toa((word16)GetEpoch(ssl, verify), inner);
#endif
c32toa(GetSEQIncrement(ssl, verify), &inner[sizeof(word32)]);
- inner[SEQ_SZ] = (byte)content;
+ inner[SEQ_SZ] = (byte)content;
inner[SEQ_SZ + ENUM_LEN] = ssl->version.major;
inner[SEQ_SZ + ENUM_LEN + ENUM_LEN] = ssl->version.minor;
c16toa((word16)sz, inner + SEQ_SZ + ENUM_LEN + VERSION_SZ);
@@ -685,7 +695,7 @@ int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz,
if (ssl == NULL)
return BAD_FUNC_ARG;
-
+
#ifdef HAVE_FUZZER
if (ssl->fuzzerCb)
ssl->fuzzerCb(ssl, in, sz, FUZZ_HMAC, ssl->fuzzerCtx);
@@ -712,15 +722,38 @@ int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz,
#ifdef HAVE_TLS_EXTENSIONS
+/**
+ * The TLSX semaphore is used to calculate the size of the extensions to be sent
+ * from one peer to another.
+ */
-/** Supports up to 64 flags. Update as needed. */
+/** Supports up to 64 flags. Increase as needed. */
#define SEMAPHORE_SIZE 8
-
+/**
+ * Converts the extension type (id) to an index in the semaphore.
+ *
+ * Oficial reference for TLS extension types:
+ * http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xml
+ *
+ * Motivation:
+ * Previously, we used the extension type itself as the index of that
+ * extension in the semaphore as the extension types were declared
+ * sequentially, but maintain a semaphore as big as the number of available
+ * extensions is no longer an option since the release of renegotiation_info.
+ *
+ * How to update:
+ * Assign extension types that extrapolate the number of available semaphores
+ * to the first available index going backwards in the semaphore array.
+ * When adding a new extension type that don't extrapolate the number of
+ * available semaphores, check for a possible collision with with a
+ * 'remapped' extension type.
+ */
static INLINE word16 TLSX_ToSemaphore(word16 type)
{
switch (type) {
- case SECURE_RENEGOTIATION:
+
+ case SECURE_RENEGOTIATION: /* 0xFF01 */
return 63;
default:
@@ -734,34 +767,49 @@ static INLINE word16 TLSX_ToSemaphore(word16 type)
WOLFSSL_MSG("### TLSX semaphore colision or overflow detected!");
}
}
-
+
return type;
}
-
+/** Checks if a specific light (tls extension) is not set in the semaphore. */
#define IS_OFF(semaphore, light) \
((semaphore)[(light) / 8] ^ (byte) (0x01 << ((light) % 8)))
-
+/** Turn on a specific light (tls extension) in the semaphore. */
#define TURN_ON(semaphore, light) \
((semaphore)[(light) / 8] |= (byte) (0x01 << ((light) % 8)))
+/** Creates a new extension. */
+static TLSX* TLSX_New(TLSX_Type type, void* data)
+{
+ TLSX* extension = (TLSX*)XMALLOC(sizeof(TLSX), 0, DYNAMIC_TYPE_TLSX);
+ if (extension) {
+ extension->type = type;
+ extension->data = data;
+ extension->resp = 0;
+ extension->next = NULL;
+ }
+
+ return extension;
+}
+
+/**
+ * Creates a new extension and pushes it to the provided list.
+ * Checks for duplicate extensions, keeps the newest.
+ */
static int TLSX_Push(TLSX** list, TLSX_Type type, void* data)
{
- TLSX* extension;
+ TLSX* extension = TLSX_New(type, data);
- extension = (TLSX*)XMALLOC(sizeof(TLSX), 0, DYNAMIC_TYPE_TLSX);
if (extension == NULL)
return MEMORY_E;
- extension->type = type;
- extension->data = data;
- extension->resp = 0;
+ /* pushes the new extension on the list. */
extension->next = *list;
*list = extension;
- /* remove duplicated extensions, there should be only one of each type. */
+ /* remove duplicate extensions, there should be only one of each type. */
do {
if (extension->next && extension->next->type == type) {
TLSX *next = extension->next;
@@ -780,9 +828,9 @@ static int TLSX_Push(TLSX** list, TLSX_Type type, void* data)
return 0;
}
-
#ifndef NO_WOLFSSL_SERVER
+/** Mark an extension to be sent back to the client. */
void TLSX_SetResponse(WOLFSSL* ssl, TLSX_Type type);
void TLSX_SetResponse(WOLFSSL* ssl, TLSX_Type type)
@@ -795,10 +843,46 @@ void TLSX_SetResponse(WOLFSSL* ssl, TLSX_Type type)
#endif
-/* SNI - Server Name Indication */
-
+/* Server Name Indication */
#ifdef HAVE_SNI
+/** Creates a new SNI object. */
+static SNI* TLSX_SNI_New(byte type, const void* data, word16 size)
+{
+ SNI* sni = (SNI*)XMALLOC(sizeof(SNI), 0, DYNAMIC_TYPE_TLSX);
+
+ if (sni) {
+ sni->type = type;
+ sni->next = NULL;
+
+ #ifndef NO_WOLFSSL_SERVER
+ sni->options = 0;
+ sni->status = WOLFSSL_SNI_NO_MATCH;
+ #endif
+
+ switch (sni->type) {
+ case WOLFSSL_SNI_HOST_NAME:
+ sni->data.host_name = XMALLOC(size + 1, 0, DYNAMIC_TYPE_TLSX);
+
+ if (sni->data.host_name) {
+ XSTRNCPY(sni->data.host_name, (const char*)data, size);
+ sni->data.host_name[size] = 0;
+ } else {
+ XFREE(sni, 0, DYNAMIC_TYPE_TLSX);
+ sni = NULL;
+ }
+ break;
+
+ default: /* invalid type */
+ XFREE(sni, 0, DYNAMIC_TYPE_TLSX);
+ sni = NULL;
+ }
+ }
+
+ return sni;
+}
+
+/** Releases a SNI object. */
static void TLSX_SNI_Free(SNI* sni)
{
if (sni) {
@@ -812,6 +896,7 @@ static void TLSX_SNI_Free(SNI* sni)
}
}
+/** Releases all SNI objects in the provided list. */
static void TLSX_SNI_FreeAll(SNI* list)
{
SNI* sni;
@@ -822,48 +907,7 @@ static void TLSX_SNI_FreeAll(SNI* list)
}
}
-static int TLSX_SNI_Append(SNI** list, byte type, const void* data, word16 size)
-{
- SNI* sni;
-
- if (list == NULL)
- return BAD_FUNC_ARG;
-
- if ((sni = XMALLOC(sizeof(SNI), 0, DYNAMIC_TYPE_TLSX)) == NULL)
- return MEMORY_E;
-
- switch (type) {
- case WOLFSSL_SNI_HOST_NAME: {
- sni->data.host_name = XMALLOC(size + 1, 0, DYNAMIC_TYPE_TLSX);
-
- if (sni->data.host_name) {
- XSTRNCPY(sni->data.host_name, (const char*)data, size);
- sni->data.host_name[size] = 0;
- } else {
- XFREE(sni, 0, DYNAMIC_TYPE_TLSX);
- return MEMORY_E;
- }
- }
- break;
-
- default: /* invalid type */
- XFREE(sni, 0, DYNAMIC_TYPE_TLSX);
- return BAD_FUNC_ARG;
- }
-
- sni->type = type;
- sni->next = *list;
-
-#ifndef NO_WOLFSSL_SERVER
- sni->options = 0;
- sni->status = WOLFSSL_SNI_NO_MATCH;
-#endif
-
- *list = sni;
-
- return 0;
-}
-
+/** Tells the buffered size of the SNI objects in a list. */
static word16 TLSX_SNI_GetSize(SNI* list)
{
SNI* sni;
@@ -884,6 +928,7 @@ static word16 TLSX_SNI_GetSize(SNI* list)
return length;
}
+/** Writes the SNI objects of a list in a buffer. */
static word16 TLSX_SNI_Write(SNI* list, byte* output)
{
SNI* sni;
@@ -914,6 +959,7 @@ static word16 TLSX_SNI_Write(SNI* list, byte* output)
return offset;
}
+/** Finds a SNI object in the provided list. */
static SNI* TLSX_SNI_Find(SNI *list, byte type)
{
SNI *sni = list;
@@ -925,17 +971,18 @@ static SNI* TLSX_SNI_Find(SNI *list, byte type)
}
#ifndef NO_WOLFSSL_SERVER
+
+/** Sets the status of a SNI object. */
static void TLSX_SNI_SetStatus(TLSX* extensions, byte type, byte status)
{
TLSX* extension = TLSX_Find(extensions, SERVER_NAME_INDICATION);
SNI* sni = TLSX_SNI_Find(extension ? extension->data : NULL, type);
- if (sni) {
+ if (sni)
sni->status = status;
- WOLFSSL_MSG("SNI did match!");
- }
}
+/** Gets the status of a SNI object. */
byte TLSX_SNI_Status(TLSX* extensions, byte type)
{
TLSX* extension = TLSX_Find(extensions, SERVER_NAME_INDICATION);
@@ -946,8 +993,10 @@ byte TLSX_SNI_Status(TLSX* extensions, byte type)
return 0;
}
-#endif
+#endif /* NO_WOLFSSL_SERVER */
+
+/** Parses a buffer of SNI extensions. */
static int TLSX_SNI_Parse(WOLFSSL* ssl, byte* input, word16 length,
byte isRequest)
{
@@ -962,12 +1011,12 @@ static int TLSX_SNI_Parse(WOLFSSL* ssl, byte* input, word16 length,
extension = TLSX_Find(ssl->ctx->extensions, SERVER_NAME_INDICATION);
if (!extension || !extension->data)
- return isRequest ? 0 : BUFFER_ERROR; /* not using SNI OR unexpected
- SNI response from server. */
+ return isRequest ? 0 /* not using SNI. */
+ : BUFFER_ERROR; /* unexpected SNI response. */
if (!isRequest)
- return length ? BUFFER_ERROR : 0; /* SNI response must be empty!
- Nothing else to do. */
+ return length ? BUFFER_ERROR /* SNI response MUST be empty. */
+ : 0; /* nothing else to do. */
#ifndef NO_WOLFSSL_SERVER
@@ -994,9 +1043,8 @@ static int TLSX_SNI_Parse(WOLFSSL* ssl, byte* input, word16 length,
if (offset + size > length)
return BUFFER_ERROR;
- if (!(sni = TLSX_SNI_Find((SNI*)extension->data, type))) {
- continue; /* not using this SNI type */
- }
+ if (!(sni = TLSX_SNI_Find((SNI*)extension->data, type)))
+ continue; /* not using this type of SNI. */
switch(type) {
case WOLFSSL_SNI_HOST_NAME: {
@@ -1008,10 +1056,15 @@ static int TLSX_SNI_Parse(WOLFSSL* ssl, byte* input, word16 length,
int r = TLSX_UseSNI(&ssl->extensions,
type, input + offset, size);
- if (r != SSL_SUCCESS) return r; /* throw error */
+ if (r != SSL_SUCCESS)
+ return r; /* throws error. */
TLSX_SNI_SetStatus(ssl->extensions, type,
- matched ? WOLFSSL_SNI_REAL_MATCH : WOLFSSL_SNI_FAKE_MATCH);
+ matched ? WOLFSSL_SNI_REAL_MATCH
+ : WOLFSSL_SNI_FAKE_MATCH);
+
+ TLSX_SetResponse(ssl, SERVER_NAME_INDICATION);
+ WOLFSSL_MSG("SNI did match!");
} else if (!(sni->options & WOLFSSL_SNI_CONTINUE_ON_MISMATCH)) {
SendAlert(ssl, alert_fatal, unrecognized_name);
@@ -1021,8 +1074,6 @@ static int TLSX_SNI_Parse(WOLFSSL* ssl, byte* input, word16 length,
break;
}
}
-
- TLSX_SetResponse(ssl, SERVER_NAME_INDICATION);
}
#endif
@@ -1030,21 +1081,63 @@ static int TLSX_SNI_Parse(WOLFSSL* ssl, byte* input, word16 length,
return 0;
}
+static int TLSX_SNI_VerifyParse(WOLFSSL* ssl, byte isRequest)
+{
+ if (isRequest) {
+ #ifndef NO_WOLFSSL_SERVER
+ TLSX* ctx_ext = TLSX_Find(ssl->ctx->extensions, SERVER_NAME_INDICATION);
+ TLSX* ssl_ext = TLSX_Find(ssl->extensions, SERVER_NAME_INDICATION);
+ SNI* ctx_sni = ctx_ext ? ctx_ext->data : NULL;
+ SNI* ssl_sni = ssl_ext ? ssl_ext->data : NULL;
+ SNI* sni = NULL;
+
+ for (; ctx_sni; ctx_sni = ctx_sni->next) {
+ if (ctx_sni->options & WOLFSSL_SNI_ABORT_ON_ABSENCE) {
+ sni = TLSX_SNI_Find(ssl_sni, ctx_sni->type);
+
+ if (sni) {
+ if (sni->status != WOLFSSL_SNI_NO_MATCH)
+ continue;
+
+ /* if ssl level overrides ctx level, it is ok. */
+ if ((sni->options & WOLFSSL_SNI_ABORT_ON_ABSENCE) == 0)
+ continue;
+ }
+
+ SendAlert(ssl, alert_fatal, handshake_failure);
+ return SNI_ABSENT_ERROR;
+ }
+ }
+
+ for (; ssl_sni; ssl_sni = ssl_sni->next) {
+ if (ssl_sni->options & WOLFSSL_SNI_ABORT_ON_ABSENCE) {
+ if (ssl_sni->status != WOLFSSL_SNI_NO_MATCH)
+ continue;
+
+ SendAlert(ssl, alert_fatal, handshake_failure);
+ return SNI_ABSENT_ERROR;
+ }
+ }
+ #endif /* NO_WOLFSSL_SERVER */
+ }
+
+ return 0;
+}
+
int TLSX_UseSNI(TLSX** extensions, byte type, const void* data, word16 size)
{
TLSX* extension = TLSX_Find(*extensions, SERVER_NAME_INDICATION);
SNI* sni = NULL;
- int ret = 0;
if (extensions == NULL || data == NULL)
return BAD_FUNC_ARG;
- if ((ret = TLSX_SNI_Append(&sni, type, data, size)) != 0)
- return ret;
+ if ((sni = TLSX_SNI_New(type, data, size)) == NULL)
+ return MEMORY_E;
if (!extension) {
- if ((ret = TLSX_Push(extensions, SERVER_NAME_INDICATION, (void*)sni))
- != 0) {
+ int ret = TLSX_Push(extensions, SERVER_NAME_INDICATION, (void*)sni);
+ if (ret != 0) {
TLSX_SNI_Free(sni);
return ret;
}
@@ -1052,9 +1145,9 @@ int TLSX_UseSNI(TLSX** extensions, byte type, const void* data, word16 size)
else {
/* push new SNI object to extension data. */
sni->next = (SNI*)extension->data;
- extension->data = (void*)sni;
+ extension->data = (void*)sni;
- /* look for another server name of the same type to remove */
+ /* remove duplicate SNI, there should be only one of each type. */
do {
if (sni->next && sni->next->type == type) {
SNI *next = sni->next;
@@ -1062,6 +1155,8 @@ int TLSX_UseSNI(TLSX** extensions, byte type, const void* data, word16 size)
sni->next = next->next;
TLSX_SNI_Free(next);
+ /* there is no way to occur more than */
+ /* two SNIs of the same type. */
break;
}
} while ((sni = sni->next));
@@ -1071,6 +1166,8 @@ int TLSX_UseSNI(TLSX** extensions, byte type, const void* data, word16 size)
}
#ifndef NO_WOLFSSL_SERVER
+
+/** Tells the SNI requested by the client. */
word16 TLSX_SNI_GetRequest(TLSX* extensions, byte type, void** data)
{
TLSX* extension = TLSX_Find(extensions, SERVER_NAME_INDICATION);
@@ -1087,6 +1184,7 @@ word16 TLSX_SNI_GetRequest(TLSX* extensions, byte type, void** data)
return 0;
}
+/** Sets the options for a SNI object. */
void TLSX_SNI_SetOptions(TLSX* extensions, byte type, byte options)
{
TLSX* extension = TLSX_Find(extensions, SERVER_NAME_INDICATION);
@@ -1096,6 +1194,7 @@ void TLSX_SNI_SetOptions(TLSX* extensions, byte type, byte options)
sni->options = options;
}
+/** Retrieves a SNI request from a client hello buffer. */
int TLSX_SNI_GetFromBuffer(const byte* clientHello, word32 helloSz,
byte type, byte* sni, word32* inOutSz)
{
@@ -1107,8 +1206,30 @@ int TLSX_SNI_GetFromBuffer(const byte* clientHello, word32 helloSz,
return INCOMPLETE_DATA;
/* TLS record header */
- if ((enum ContentType) clientHello[offset++] != handshake)
+ if ((enum ContentType) clientHello[offset++] != handshake) {
+
+ /* checking for SSLv2.0 client hello according to: */
+ /* http://tools.ietf.org/html/rfc4346#appendix-E.1 */
+ if ((enum HandShakeType) clientHello[++offset] == client_hello) {
+ offset += ENUM_LEN + VERSION_SZ; /* skip version */
+
+ ato16(clientHello + offset, &len16);
+ offset += OPAQUE16_LEN;
+
+ if (len16 % 3) /* cipher_spec_length must be multiple of 3 */
+ return BUFFER_ERROR;
+
+ ato16(clientHello + offset, &len16);
+ offset += OPAQUE16_LEN;
+
+ if (len16 != 0) /* session_id_length must be 0 */
+ return BUFFER_ERROR;
+
+ return SNI_UNSUPPORTED;
+ }
+
return BUFFER_ERROR;
+ }
if (clientHello[offset++] != SSLv3_MAJOR)
return BUFFER_ERROR;
@@ -1226,17 +1347,19 @@ int TLSX_SNI_GetFromBuffer(const byte* clientHello, word32 helloSz,
#endif
-#define SNI_FREE_ALL TLSX_SNI_FreeAll
-#define SNI_GET_SIZE TLSX_SNI_GetSize
-#define SNI_WRITE TLSX_SNI_Write
-#define SNI_PARSE TLSX_SNI_Parse
+#define SNI_FREE_ALL TLSX_SNI_FreeAll
+#define SNI_GET_SIZE TLSX_SNI_GetSize
+#define SNI_WRITE TLSX_SNI_Write
+#define SNI_PARSE TLSX_SNI_Parse
+#define SNI_VERIFY_PARSE TLSX_SNI_VerifyParse
#else
#define SNI_FREE_ALL(list)
-#define SNI_GET_SIZE(list) 0
-#define SNI_WRITE(a, b) 0
-#define SNI_PARSE(a, b, c, d) 0
+#define SNI_GET_SIZE(list) 0
+#define SNI_WRITE(a, b) 0
+#define SNI_PARSE(a, b, c, d) 0
+#define SNI_VERIFY_PARSE(a, b) 0
#endif /* HAVE_SNI */
@@ -1410,7 +1533,7 @@ static void TLSX_EllipticCurve_ValidateRequest(WOLFSSL* ssl, byte* semaphore)
if (ssl->suites->suites[i] == ECC_BYTE)
return;
- /* No elliptic curve suite found */
+ /* turns semaphore on to avoid sending this extension. */
TURN_ON(semaphore, TLSX_ToSemaphore(ELLIPTIC_CURVES));
}
@@ -1625,7 +1748,7 @@ int TLSX_UseSupportedCurve(TLSX** extensions, word16 name)
break;
}
- } while ((curve = curve->next));
+ } while ((curve = curve->next));
}
return SSL_SUCCESS;
@@ -1679,7 +1802,7 @@ static byte TLSX_SecureRenegotiation_GetSize(SecureRenegotiation* data,
static word16 TLSX_SecureRenegotiation_Write(SecureRenegotiation* data,
byte* output, int isRequest)
-{
+{
word16 offset = OPAQUE8_LEN; /* RenegotiationInfo length */
if (data->enabled) {
@@ -1695,11 +1818,11 @@ static word16 TLSX_SecureRenegotiation_Write(SecureRenegotiation* data,
}
output[0] = offset - 1; /* info length - self */
-
+
return offset;
-}
-
-static int TLSX_SecureRenegotiation_Parse(WOLFSSL* ssl, byte* input,
+}
+
+static int TLSX_SecureRenegotiation_Parse(WOLFSSL* ssl, byte* input,
word16 length, byte isRequest)
{
int ret = SECURE_RENEGOTIATION_E;
@@ -1725,7 +1848,7 @@ static int TLSX_SecureRenegotiation_Parse(WOLFSSL* ssl, byte* input,
if (!ssl->secure_renegotiation->enabled) {
if (*input == 0) {
ssl->secure_renegotiation->enabled = 1;
- ret = 0;
+ ret = 0;
}
}
else if (*input == 2 * TLS_FINISHED_SZ) {
@@ -1748,7 +1871,7 @@ int TLSX_UseSecureRenegotiation(TLSX** extensions)
{
int ret = 0;
SecureRenegotiation* data = NULL;
-
+
data = (SecureRenegotiation*)XMALLOC(sizeof(SecureRenegotiation), NULL,
DYNAMIC_TYPE_TLSX);
if (data == NULL)
@@ -1799,14 +1922,15 @@ static void TLSX_SessionTicket_ValidateRequest(WOLFSSL* ssl)
static word16 TLSX_SessionTicket_GetSize(SessionTicket* ticket, int isRequest)
{
- return isRequest && ticket ? ticket->size : 0;
+ (void)isRequest;
+ return ticket ? ticket->size : 0;
}
static word16 TLSX_SessionTicket_Write(SessionTicket* ticket, byte* output,
int isRequest)
{
- int offset = 0; /* empty ticket */
-
+ word16 offset = 0; /* empty ticket */
+
if (isRequest && ticket) {
XMEMCPY(output + offset, ticket->data, ticket->size);
offset += ticket->size;
@@ -1819,18 +1943,61 @@ static word16 TLSX_SessionTicket_Write(SessionTicket* ticket, byte* output,
static int TLSX_SessionTicket_Parse(WOLFSSL* ssl, byte* input, word16 length,
byte isRequest)
{
+ int ret = 0;
+
if (!isRequest) {
+ /* client side */
if (length != 0)
return BUFFER_ERROR;
-
+
ssl->expect_session_ticket = 1;
}
+#ifndef NO_WOLFSSL_SERVER
else {
- /* TODO server side */
- (void)input;
- }
+ /* server side */
+ if (ssl->ctx->ticketEncCb == NULL) {
+ WOLFSSL_MSG("Client sent session ticket, server has no callback");
+ return 0;
+ }
- return 0;
+ if (length == 0) {
+ /* blank ticket */
+ ret = TLSX_UseSessionTicket(&ssl->extensions, NULL);
+ if (ret == SSL_SUCCESS) {
+ ret = 0;
+ TLSX_SetResponse(ssl, SESSION_TICKET); /* send blank ticket */
+ ssl->options.createTicket = 1; /* will send ticket msg */
+ ssl->options.useTicket = 1;
+ }
+ } else {
+ /* got actual ticket from client */
+ ret = DoClientTicket(ssl, input, length);
+ if (ret == WOLFSSL_TICKET_RET_OK) { /* use ticket to resume */
+ WOLFSSL_MSG("Using exisitng client ticket");
+ ssl->options.useTicket = 1;
+ ssl->options.resuming = 1;
+ } else if (ret == WOLFSSL_TICKET_RET_CREATE) {
+ WOLFSSL_MSG("Using existing client ticket, creating new one");
+ ret = TLSX_UseSessionTicket(&ssl->extensions, NULL);
+ if (ret == SSL_SUCCESS) {
+ ret = 0;
+ TLSX_SetResponse(ssl, SESSION_TICKET);
+ /* send blank ticket */
+ ssl->options.createTicket = 1; /* will send ticket msg */
+ ssl->options.useTicket = 1;
+ ssl->options.resuming = 1;
+ }
+ } else if (ret == WOLFSSL_TICKET_RET_REJECT) {
+ WOLFSSL_MSG("Process client ticket rejected, not using");
+ ret = 0; /* not fatal */
+ } else if (ret == WOLFSSL_TICKET_RET_FATAL || ret < 0) {
+ WOLFSSL_MSG("Process client ticket fatal error, not using");
+ }
+ }
+ }
+#endif /* NO_WOLFSSL_SERVER */
+
+ return ret;
}
WOLFSSL_LOCAL SessionTicket* TLSX_SessionTicket_Create(word32 lifetime,
@@ -1890,6 +2057,589 @@ int TLSX_UseSessionTicket(TLSX** extensions, SessionTicket* ticket)
#endif /* HAVE_SESSION_TICKET */
+#ifdef HAVE_QSH
+static WC_RNG* rng;
+static wolfSSL_Mutex* rngMutex;
+
+static void TLSX_QSH_FreeAll(QSHScheme* list)
+{
+ QSHScheme* current;
+
+ while ((current = list)) {
+ list = current->next;
+ XFREE(current, 0, DYNAMIC_TYPE_TLSX);
+ }
+}
+
+static int TLSX_QSH_Append(QSHScheme** list, word16 name, byte* pub,
+ word16 pubLen)
+{
+ QSHScheme* temp;
+
+ if (list == NULL)
+ return BAD_FUNC_ARG;
+
+ if ((temp = XMALLOC(sizeof(QSHScheme), 0, DYNAMIC_TYPE_TLSX)) == NULL)
+ return MEMORY_E;
+
+ temp->name = name;
+ temp->PK = pub;
+ temp->PKLen = pubLen;
+ temp->next = *list;
+
+ *list = temp;
+
+ return 0;
+}
+
+
+/* request for server's public key : 02 indicates 0-2 requested */
+static byte TLSX_QSH_SerPKReq(byte* output, byte isRequest)
+{
+ if (isRequest) {
+ /* only request one public key from the server */
+ output[0] = 0x01;
+
+ return OPAQUE8_LEN;
+ }
+ else {
+ return 0;
+ }
+}
+
+#ifndef NO_WOLFSSL_CLIENT
+
+/* check for TLS_QSH suite */
+static void TLSX_QSH_ValidateRequest(WOLFSSL* ssl, byte* semaphore)
+{
+ int i;
+
+ for (i = 0; i < ssl->suites->suiteSz; i+= 2)
+ if (ssl->suites->suites[i] == QSH_BYTE)
+ return;
+
+ /* No QSH suite found */
+ TURN_ON(semaphore, TLSX_ToSemaphore(WOLFSSL_QSH));
+}
+
+
+/* return the size of the QSH hello extension
+ list the list of QSHScheme structs containing id and key
+ isRequest if 1 then is being sent to the server
+ */
+word16 TLSX_QSH_GetSize(QSHScheme* list, byte isRequest)
+{
+ QSHScheme* temp = list;
+ word16 length = 0;
+
+ /* account for size of scheme list and public key list */
+ if (isRequest)
+ length = OPAQUE16_LEN;
+ length += OPAQUE24_LEN;
+
+ /* for each non null element in list add size */
+ while ((temp)) {
+ /* add public key info Scheme | Key Length | Key */
+ length += OPAQUE16_LEN;
+ length += OPAQUE16_LEN;
+ length += temp->PKLen;
+
+ /* if client add name size for scheme list
+ advance to next QSHScheme struct in list */
+ if (isRequest)
+ length += OPAQUE16_LEN;
+ temp = temp->next;
+ }
+
+ /* add length for request server public keys */
+ if (isRequest)
+ length += OPAQUE8_LEN;
+
+ return length;
+}
+
+
+/* write out a list of QSHScheme IDs */
+static word16 TLSX_QSH_Write(QSHScheme* list, byte* output)
+{
+ QSHScheme* current = list;
+ word16 length = 0;
+
+ length += OPAQUE16_LEN;
+
+ while (current) {
+ c16toa(current->name, output + length);
+ length += OPAQUE16_LEN;
+ current = (QSHScheme*)current->next;
+ }
+
+ c16toa(length - OPAQUE16_LEN, output); /* writing list length */
+
+ return length;
+}
+
+
+/* write public key list in extension */
+static word16 TLSX_QSHPK_WriteR(QSHScheme* format, byte* output);
+static word16 TLSX_QSHPK_WriteR(QSHScheme* format, byte* output)
+{
+ word32 offset = 0;
+ word16 public_len = 0;
+
+ if (!format)
+ return offset;
+
+ /* write scheme ID */
+ c16toa(format->name, output + offset);
+ offset += OPAQUE16_LEN;
+
+ /* write public key matching scheme */
+ public_len = format->PKLen;
+ c16toa(public_len, output + offset);
+ offset += OPAQUE16_LEN;
+ if (format->PK) {
+ XMEMCPY(output+offset, format->PK, public_len);
+ }
+
+ return public_len + offset;
+}
+
+word16 TLSX_QSHPK_Write(QSHScheme* list, byte* output)
+{
+ QSHScheme* current = list;
+ word32 length = 0;
+ word24 toWire;
+
+ length += OPAQUE24_LEN;
+
+ while (current) {
+ length += TLSX_QSHPK_WriteR(current, output + length);
+ current = (QSHScheme*)current->next;
+ }
+ /* length of public keys sent */
+ c32to24(length - OPAQUE24_LEN, toWire);
+ output[0] = toWire[0];
+ output[1] = toWire[1];
+ output[2] = toWire[2];
+
+ return length;
+}
+
+#endif /* NO_WOLFSSL_CLIENT */
+#ifndef NO_WOLFSSL_SERVER
+
+static void TLSX_QSHAgreement(TLSX** extensions)
+{
+ TLSX* extension = TLSX_Find(*extensions, WOLFSSL_QSH);
+ QSHScheme* format = NULL;
+ QSHScheme* delete = NULL;
+ QSHScheme* prev = NULL;
+
+ if (extension == NULL)
+ return;
+
+ format = extension->data;
+ while (format) {
+ if (format->PKLen == 0) {
+ /* case of head */
+ if (format == extension->data) {
+ extension->data = format->next;
+ }
+ if (prev)
+ prev->next = format->next;
+ delete = format;
+ format = format->next;
+ XFREE(delete, 0, DYNAMIC_TYPE_TMP_ARRAY);
+ delete = NULL;
+ } else {
+ prev = format;
+ format = format->next;
+ }
+ }
+}
+
+
+/* Parse in hello extension
+ input the byte stream to process
+ length length of total extension found
+ isRequest set to 1 if being sent to the server
+ */
+static int TLSX_QSH_Parse(WOLFSSL* ssl, byte* input, word16 length,
+ byte isRequest)
+{
+ byte numKeys = 0;
+ word16 offset = 0;
+ word16 schemSz = 0;
+ word16 offset_len = 0;
+ word32 offset_pk = 0;
+ word16 name = 0;
+ word16 PKLen = 0;
+ byte* PK = NULL;
+ int r;
+
+
+ if (OPAQUE16_LEN > length)
+ return BUFFER_ERROR;
+
+ if (isRequest) {
+ ato16(input, &schemSz);
+
+ /* list of public keys avialable for QSH schemes */
+ offset_len = schemSz + OPAQUE16_LEN;
+ }
+
+ offset_pk = ((input[offset_len] << 16) & 0xFF00000) |
+ (((input[offset_len + 1]) << 8) & 0xFF00) |
+ (input[offset_len + 2] & 0xFF);
+ offset_len += OPAQUE24_LEN;
+
+ /* check buffer size */
+ if (offset_pk > length)
+ return BUFFER_ERROR;
+
+ /* set maximum number of keys the client will accept */
+ if (!isRequest)
+ numKeys = (ssl->maxRequest < 1)? 1 : ssl->maxRequest;
+
+ /* hello extension read list of scheme ids */
+ if (isRequest) {
+
+ /* read in request for public keys */
+ ssl->minRequest = (input[length -1] >> 4) & 0xFF;
+ ssl->maxRequest = input[length -1] & 0x0F;
+
+ /* choose the min between min requested by client and 1 */
+ numKeys = (ssl->minRequest > 1) ? ssl->minRequest : 1;
+
+ if (ssl->minRequest > ssl->maxRequest)
+ return BAD_FUNC_ARG;
+
+ offset += OPAQUE16_LEN;
+ schemSz += offset;
+
+ /* check buffer size */
+ if (schemSz > length)
+ return BUFFER_ERROR;
+
+ while ((offset < schemSz) && numKeys) {
+ /* Scheme ID list */
+ ato16(input + offset, &name);
+ offset += OPAQUE16_LEN;
+
+ /* validate we have scheme id */
+ if (ssl->user_set_QSHSchemes &&
+ !TLSX_ValidateQSHScheme(&ssl->extensions, name)) {
+ continue;
+ }
+
+ /* server create keys on demand */
+ if ((r = TLSX_CreateNtruKey(ssl, name)) != 0) {
+ WOLFSSL_MSG("Error creating ntru keys");
+ return r;
+ }
+
+ /* peer sent an agreed upon scheme */
+ r = TLSX_UseQSHScheme(&ssl->extensions, name, NULL, 0);
+
+ if (r != SSL_SUCCESS) return r; /* throw error */
+
+ numKeys--;
+ }
+
+ /* choose the min between min requested by client and 1 */
+ numKeys = (ssl->minRequest > 1) ? ssl->minRequest : 1;
+ }
+
+ /* QSHPK struct */
+ offset_pk += offset_len;
+ while ((offset_len < offset_pk) && numKeys) {
+ QSHKey * temp;
+
+ if ((temp = XMALLOC(sizeof(QSHKey), 0, DYNAMIC_TYPE_TLSX)) == NULL)
+ return MEMORY_E;
+
+ /* initialize */
+ temp->next = NULL;
+ temp->pub.buffer = NULL;
+ temp->pub.length = 0;
+ temp->pri.buffer = NULL;
+ temp->pri.length = 0;
+
+ /* scheme id */
+ ato16(input + offset_len, &(temp->name));
+ offset_len += OPAQUE16_LEN;
+
+ /* public key length */
+ ato16(input + offset_len, &PKLen);
+ temp->pub.length = PKLen;
+ offset_len += OPAQUE16_LEN;
+
+
+ if (isRequest) {
+ /* validate we have scheme id */
+ if (ssl->user_set_QSHSchemes &&
+ (!TLSX_ValidateQSHScheme(&ssl->extensions, temp->name))) {
+ offset_len += PKLen;
+ XFREE(temp, 0, DYNAMIC_TYPE_TLSX);
+ continue;
+ }
+ }
+
+ /* read in public key */
+ if (PKLen > 0) {
+ temp->pub.buffer = (byte*)XMALLOC(temp->pub.length,
+ 0, DYNAMIC_TYPE_PUBLIC_KEY);
+ XMEMCPY(temp->pub.buffer, input + offset_len, temp->pub.length);
+ offset_len += PKLen;
+ }
+ else {
+ PK = NULL;
+ }
+
+ /* use own key when adding to extensions list for sending reply */
+ PKLen = 0;
+ PK = TLSX_QSHKeyFind_Pub(ssl->QSH_Key, &PKLen, temp->name);
+ r = TLSX_UseQSHScheme(&ssl->extensions, temp->name, PK, PKLen);
+
+ /* store peers key */
+ ssl->peerQSHKeyPresent = 1;
+ if (TLSX_AddQSHKey(&ssl->peerQSHKey, temp) != 0)
+ return MEMORY_E;
+
+ if (temp->pub.length == 0) {
+ XFREE(temp, 0, DYNAMIC_TYPE_TLSX);
+ }
+
+ if (r != SSL_SUCCESS) {return r;} /* throw error */
+
+ numKeys--;
+ }
+
+ /* reply to a QSH extension sent from client */
+ if (isRequest) {
+ TLSX_SetResponse(ssl, WOLFSSL_QSH);
+ /* only use schemes we have key generated for -- free the rest */
+ TLSX_QSHAgreement(&ssl->extensions);
+ }
+
+ return 0;
+}
+
+
+/* Used for parsing in QSHCipher structs on Key Exchange */
+int TLSX_QSHCipher_Parse(WOLFSSL* ssl, const byte* input, word16 length,
+ byte isServer)
+{
+ QSHKey* key;
+ word16 Max_Secret_Len = 48;
+ word16 offset = 0;
+ word16 offset_len = 0;
+ word32 offset_pk = 0;
+ word16 name = 0;
+ word16 secretLen = 0;
+ byte* secret = NULL;
+ word16 buffLen = 0;
+ byte buff[145]; /* size enough for 3 secrets */
+ buffer* buf;
+
+ /* pointer to location where secret should be stored */
+ if (isServer) {
+ buf = ssl->QSH_secret->CliSi;
+ }
+ else {
+ buf = ssl->QSH_secret->SerSi;
+ }
+
+ offset_pk = ((input[offset_len] << 16) & 0xFF0000) |
+ (((input[offset_len + 1]) << 8) & 0xFF00) |
+ (input[offset_len + 2] & 0xFF);
+ offset_len += OPAQUE24_LEN;
+
+ /* validating extension list length -- check if trying to read over edge
+ of buffer */
+ if (length < (offset_pk + OPAQUE24_LEN)) {
+ return BUFFER_ERROR;
+ }
+
+ /* QSHCipherList struct */
+ offset_pk += offset_len;
+ while (offset_len < offset_pk) {
+
+ /* scheme id */
+ ato16(input + offset_len, &name);
+ offset_len += OPAQUE16_LEN;
+
+ /* public key length */
+ ato16(input + offset_len, &secretLen);
+ offset_len += OPAQUE16_LEN;
+
+ /* read in public key */
+ if (secretLen > 0) {
+ secret = (byte*)(input + offset_len);
+ offset_len += secretLen;
+ }
+ else {
+ secret = NULL;
+ }
+
+ /* no secret sent */
+ if (secret == NULL)
+ continue;
+
+ /* find coresponding key */
+ key = ssl->QSH_Key;
+ while (key) {
+ if (key->name == name)
+ break;
+ else
+ key = (QSHKey*)key->next;
+ }
+
+ /* if we do not have the key than there was a big issue negotiation */
+ if (key == NULL) {
+ WOLFSSL_MSG("key was null for decryption!!!\n");
+ return MEMORY_E;
+ }
+
+ /* Decrypt sent secret */
+ buffLen = Max_Secret_Len;
+ QSH_Decrypt(key, secret, secretLen, buff + offset, &buffLen);
+ offset += buffLen;
+ }
+
+ /* allocate memory for buffer */
+ buf->length = offset;
+ buf->buffer = (byte*)XMALLOC(offset, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ if (buf->buffer == NULL)
+ return MEMORY_E;
+
+ /* store secrets */
+ XMEMCPY(buf->buffer, buff, offset);
+ ForceZero(buff, offset);
+
+ return offset_len;
+}
+
+
+/* return 1 on success */
+int TLSX_ValidateQSHScheme(TLSX** extensions, word16 theirs) {
+ TLSX* extension = TLSX_Find(*extensions, WOLFSSL_QSH);
+ QSHScheme* format = NULL;
+
+ /* if no extension is sent then do not use QSH */
+ if (!extension) {
+ WOLFSSL_MSG("No QSH Extension");
+ return 0;
+ }
+
+ for (format = (QSHScheme*)extension->data; format; format = format->next) {
+ if (format->name == theirs) {
+ WOLFSSL_MSG("Found Matching QSH Scheme");
+ return 1; /* have QSH */
+ }
+ }
+
+ return 0;
+}
+#endif /* NO_WOLFSSL_SERVER */
+
+/* test if the QSH Scheme is implemented
+ return 1 if yes 0 if no */
+static int TLSX_HaveQSHScheme(word16 name)
+{
+ switch(name) {
+ #ifdef HAVE_NTRU
+ case WOLFSSL_NTRU_EESS439:
+ case WOLFSSL_NTRU_EESS593:
+ case WOLFSSL_NTRU_EESS743:
+ return 1;
+ #endif
+ case WOLFSSL_LWE_XXX:
+ case WOLFSSL_HFE_XXX:
+ return 0; /* not supported yet */
+
+ default:
+ return 0;
+ }
+}
+
+
+/* Add a QSHScheme struct to list of usable ones */
+int TLSX_UseQSHScheme(TLSX** extensions, word16 name, byte* pKey, word16 pkeySz)
+{
+ TLSX* extension = TLSX_Find(*extensions, WOLFSSL_QSH);
+ QSHScheme* format = NULL;
+ int ret = 0;
+
+ /* sanity check */
+ if (extensions == NULL || (pKey == NULL && pkeySz != 0))
+ return BAD_FUNC_ARG;
+
+ /* if scheme is implemented than add */
+ if (TLSX_HaveQSHScheme(name)) {
+ if ((ret = TLSX_QSH_Append(&format, name, pKey, pkeySz)) != 0)
+ return ret;
+
+ if (!extension) {
+ if ((ret = TLSX_Push(extensions, WOLFSSL_QSH, format)) != 0) {
+ XFREE(format, 0, DYNAMIC_TYPE_TLSX);
+ return ret;
+ }
+ }
+ else {
+ /* push new QSH object to extension data. */
+ format->next = (QSHScheme*)extension->data;
+ extension->data = (void*)format;
+
+ /* look for another format of the same name to remove (replacement) */
+ do {
+ if (format->next && (format->next->name == name)) {
+ QSHScheme* next = format->next;
+
+ format->next = next->next;
+ XFREE(next, 0, DYNAMIC_TYPE_TLSX);
+
+ break;
+ }
+ } while ((format = format->next));
+ }
+ }
+ return SSL_SUCCESS;
+}
+
+#define QSH_FREE_ALL TLSX_QSH_FreeAll
+#define QSH_VALIDATE_REQUEST TLSX_QSH_ValidateRequest
+
+#ifndef NO_WOLFSSL_CLIENT
+#define QSH_GET_SIZE TLSX_QSH_GetSize
+#define QSH_WRITE TLSX_QSH_Write
+#else
+#define QSH_GET_SIZE(list) 0
+#define QSH_WRITE(a, b) 0
+#endif
+
+#ifndef NO_WOLFSSL_SERVER
+#define QSH_PARSE TLSX_QSH_Parse
+#else
+#define QSH_PARSE(a, b, c, d) 0
+#endif
+
+#define QSHPK_WRITE TLSX_QSHPK_Write
+#define QSH_SERREQ TLSX_QSH_SerPKReq
+#else
+
+#define QSH_FREE_ALL(list)
+#define QSH_GET_SIZE(list, a) 0
+#define QSH_WRITE(a, b) 0
+#define QSH_PARSE(a, b, c, d) 0
+#define QSHPK_WRITE(a, b) 0
+#define QSH_SERREQ(a, b) 0
+#define QSH_VALIDATE_REQUEST(a, b)
+
+#endif /* HAVE_QSH */
+
+
+/** Finds an extension in the provided list. */
TLSX* TLSX_Find(TLSX* list, TLSX_Type type)
{
TLSX* extension = list;
@@ -1900,6 +2650,7 @@ TLSX* TLSX_Find(TLSX* list, TLSX_Type type)
return extension;
}
+/** Releases all extensions in the provided list. */
void TLSX_FreeAll(TLSX* list)
{
TLSX* extension;
@@ -1908,6 +2659,7 @@ void TLSX_FreeAll(TLSX* list)
list = extension->next;
switch (extension->type) {
+
case SERVER_NAME_INDICATION:
SNI_FREE_ALL((SNI*)extension->data);
break;
@@ -1931,16 +2683,22 @@ void TLSX_FreeAll(TLSX* list)
case SESSION_TICKET:
/* Nothing to do. */
break;
+
+ case WOLFSSL_QSH:
+ QSH_FREE_ALL(extension->data);
+ break;
}
XFREE(extension, 0, DYNAMIC_TYPE_TLSX);
}
}
+/** Checks if the tls extensions are supported based on the protocol version. */
int TLSX_SupportExtensions(WOLFSSL* ssl) {
return ssl && (IsTLS(ssl) || ssl->version.major == DTLS_MAJOR);
}
+/** Tells the buffered size of the extensions in a list. */
static word16 TLSX_GetSize(TLSX* list, byte* semaphore, byte isRequest)
{
TLSX* extension;
@@ -1949,26 +2707,32 @@ static word16 TLSX_GetSize(TLSX* list, byte* semaphore, byte isRequest)
while ((extension = list)) {
list = extension->next;
+ /* only extensions marked as response are sent back to the client. */
if (!isRequest && !extension->resp)
continue; /* skip! */
+ /* ssl level extensions are expected to override ctx level ones. */
if (!IS_OFF(semaphore, TLSX_ToSemaphore(extension->type)))
continue; /* skip! */
- /* type + data length */
+ /* extension type + extension data length. */
length += HELLO_EXT_TYPE_SZ + OPAQUE16_LEN;
+
switch (extension->type) {
+
case SERVER_NAME_INDICATION:
+ /* SNI only sends the name on the request. */
if (isRequest)
length += SNI_GET_SIZE(extension->data);
break;
+
case MAX_FRAGMENT_LENGTH:
length += MFL_GET_SIZE(extension->data);
break;
case TRUNCATED_HMAC:
- /* empty extension. */
+ /* always empty. */
break;
case ELLIPTIC_CURVES:
@@ -1982,14 +2746,21 @@ static word16 TLSX_GetSize(TLSX* list, byte* semaphore, byte isRequest)
case SESSION_TICKET:
length += STK_GET_SIZE(extension->data, isRequest);
break;
+
+ case WOLFSSL_QSH:
+ length += QSH_GET_SIZE(extension->data, isRequest);
+ break;
}
+ /* marks the extension as processed so ctx level */
+ /* extensions don't overlap with ssl level ones. */
TURN_ON(semaphore, TLSX_ToSemaphore(extension->type));
}
return length;
}
+/** Writes the extensions of a list in a buffer. */
static word16 TLSX_Write(TLSX* list, byte* output, byte* semaphore,
byte isRequest)
{
@@ -2000,18 +2771,20 @@ static word16 TLSX_Write(TLSX* list, byte* output, byte* semaphore,
while ((extension = list)) {
list = extension->next;
+ /* only extensions marked as response are written in a response. */
if (!isRequest && !extension->resp)
continue; /* skip! */
+ /* ssl level extensions are expected to override ctx level ones. */
if (!IS_OFF(semaphore, TLSX_ToSemaphore(extension->type)))
continue; /* skip! */
- /* extension type */
+ /* writes extension type. */
c16toa(extension->type, output + offset);
offset += HELLO_EXT_TYPE_SZ + OPAQUE16_LEN;
length_offset = offset;
- /* extension data should be written internally */
+ /* extension data should be written internally. */
switch (extension->type) {
case SERVER_NAME_INDICATION:
if (isRequest)
@@ -2023,7 +2796,7 @@ static word16 TLSX_Write(TLSX* list, byte* output, byte* semaphore,
break;
case TRUNCATED_HMAC:
- /* empty extension. */
+ /* always empty. */
break;
case ELLIPTIC_CURVES:
@@ -2039,19 +2812,308 @@ static word16 TLSX_Write(TLSX* list, byte* output, byte* semaphore,
offset += STK_WRITE(extension->data, output + offset,
isRequest);
break;
+
+ case WOLFSSL_QSH:
+ if (isRequest) {
+ offset += QSH_WRITE(extension->data, output + offset);
+ }
+ offset += QSHPK_WRITE(extension->data, output + offset);
+ offset += QSH_SERREQ(output + offset, isRequest);
+ break;
}
- /* writing extension data length */
+ /* writes extension data length. */
c16toa(offset - length_offset, output + length_offset - OPAQUE16_LEN);
+ /* marks the extension as processed so ctx level */
+ /* extensions don't overlap with ssl level ones. */
TURN_ON(semaphore, TLSX_ToSemaphore(extension->type));
}
return offset;
}
+
+#ifdef HAVE_NTRU
+
+static word32 GetEntropy(unsigned char* out, word32 num_bytes)
+{
+ int ret = 0;
+
+ if (rng == NULL) {
+ if ((rng = XMALLOC(sizeof(WC_RNG), 0, DYNAMIC_TYPE_TLSX)) == NULL)
+ return DRBG_OUT_OF_MEMORY;
+ wc_InitRng(rng);
+ }
+
+ if (rngMutex == NULL) {
+ if ((rngMutex = XMALLOC(sizeof(wolfSSL_Mutex), 0,
+ DYNAMIC_TYPE_TLSX)) == NULL)
+ return DRBG_OUT_OF_MEMORY;
+ InitMutex(rngMutex);
+ }
+
+ ret |= LockMutex(rngMutex);
+ ret |= wc_RNG_GenerateBlock(rng, out, num_bytes);
+ ret |= UnLockMutex(rngMutex);
+
+ if (ret != 0)
+ return DRBG_ENTROPY_FAIL;
+
+ return DRBG_OK;
+}
+#endif
+
+
+#ifdef HAVE_QSH
+static int TLSX_CreateQSHKey(WOLFSSL* ssl, int type)
+{
+ int ret;
+
+ switch (type) {
+#ifdef HAVE_NTRU
+ case WOLFSSL_NTRU_EESS439:
+ case WOLFSSL_NTRU_EESS593:
+ case WOLFSSL_NTRU_EESS743:
+ ret = TLSX_CreateNtruKey(ssl, type);
+ break;
+#endif
+ default:
+ WOLFSSL_MSG("Unknown type for creating NTRU key");
+ return -1;
+ }
+
+ return ret;
+}
+
+
+static int TLSX_AddQSHKey(QSHKey** list, QSHKey* key)
+{
+ if (key == NULL)
+ return BAD_FUNC_ARG;
+
+ /* if no public key stored in key then do not add */
+ if (key->pub.length == 0 || key->pub.buffer == NULL)
+ return 0;
+
+ /* first element to be added to the list */
+ QSHKey* current = *list;
+ if (current == NULL) {
+ *list = key;
+ return 0;
+ }
+
+ while (current->next) {
+ /* can only have one of the key in the list */
+ if (current->name == key->name)
+ return -1;
+ current = (QSHKey*)current->next;
+ }
+
+ current->next = (struct QSHKey*)key;
+
+ return 0;
+}
+
+
+#ifdef HAVE_NTRU
+int TLSX_CreateNtruKey(WOLFSSL* ssl, int type)
+{
+ int ret;
+ int ntruType;
+
+ /* variable declarations for NTRU*/
+ QSHKey* temp = NULL;
+ byte public_key[1027];
+ word16 public_key_len = sizeof(public_key);
+ byte private_key[1120];
+ word16 private_key_len = sizeof(private_key);
+ DRBG_HANDLE drbg;
+
+ if (ssl == NULL)
+ return BAD_FUNC_ARG;
+
+ switch (type) {
+ case WOLFSSL_NTRU_EESS439:
+ ntruType = NTRU_EES439EP1;
+ break;
+ case WOLFSSL_NTRU_EESS593:
+ ntruType = NTRU_EES593EP1;
+ break;
+ case WOLFSSL_NTRU_EESS743:
+ ntruType = NTRU_EES743EP1;
+ break;
+ default:
+ WOLFSSL_MSG("Unknown type for creating NTRU key");
+ return -1;
+ }
+ ret = ntru_crypto_drbg_external_instantiate(GetEntropy, &drbg);
+ if (ret != DRBG_OK) {
+ WOLFSSL_MSG("NTRU drbg instantiate failed\n");
+ return ret;
+ }
+
+ if ((ret = ntru_crypto_ntru_encrypt_keygen(drbg, ntruType,
+ &public_key_len, NULL, &private_key_len, NULL)) != NTRU_OK)
+ return ret;
+
+ if ((ret = ntru_crypto_ntru_encrypt_keygen(drbg, ntruType,
+ &public_key_len, public_key, &private_key_len, private_key)) != NTRU_OK)
+ return ret;
+
+ ret = ntru_crypto_drbg_uninstantiate(drbg);
+ if (ret != NTRU_OK) {
+ WOLFSSL_MSG("NTRU drbg uninstantiate failed\n");
+ return ret;
+ }
+
+ if ((temp = XMALLOC(sizeof(QSHKey), 0, DYNAMIC_TYPE_TLSX)) == NULL)
+ return MEMORY_E;
+ temp->name = type;
+ temp->pub.length = public_key_len;
+ temp->pub.buffer = XMALLOC(public_key_len, public_key,
+ DYNAMIC_TYPE_PUBLIC_KEY);
+ XMEMCPY(temp->pub.buffer, public_key, public_key_len);
+ temp->pri.length = private_key_len;
+ temp->pri.buffer = XMALLOC(private_key_len, private_key,
+ DYNAMIC_TYPE_ARRAYS);
+ XMEMCPY(temp->pri.buffer, private_key, private_key_len);
+ temp->next = NULL;
+
+ TLSX_AddQSHKey(&ssl->QSH_Key, temp);
+
+ return ret;
+}
+#endif
+
+
+/*
+ Used to find a public key from the list of keys
+ pubLen length of array
+ name input the name of the scheme looking for ie WOLFSSL_NTRU_ESSXXX
+
+ returns a pointer to public key byte* or NULL if not found
+ */
+static byte* TLSX_QSHKeyFind_Pub(QSHKey* qsh, word16* pubLen, word16 name)
+{
+ QSHKey* current = qsh;
+
+ if (qsh == NULL || pubLen == NULL)
+ return NULL;
+
+ *pubLen = 0;
+
+ while(current) {
+ if (current->name == name) {
+ *pubLen = current->pub.length;
+ return current->pub.buffer;
+ }
+ current = (QSHKey*)current->next;
+ }
+
+ return NULL;
+}
+#endif /* HAVE_QSH */
+
+
+int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
+{
+ byte* public_key = NULL;
+ word16 public_key_len = 0;
+ #ifdef HAVE_QSH
+ TLSX* extension;
+ QSHScheme* qsh;
+ QSHScheme* next;
+ #endif
+ int ret = 0;
+
+ #ifdef HAVE_QSH
+ /* add supported QSHSchemes */
+ WOLFSSL_MSG("Adding supported QSH Schemes");
+
+ /* server will add extension depending on whats parsed from client */
+ if (!isServer) {
+
+ /* test if user has set a specific scheme already */
+ if (!ssl->user_set_QSHSchemes) {
+ if (ssl->sendQSHKeys && ssl->QSH_Key == NULL) {
+ if ((ret = TLSX_CreateQSHKey(ssl, WOLFSSL_NTRU_EESS743)) != 0) {
+ WOLFSSL_MSG("Error creating ntru keys");
+ return ret;
+ }
+ if ((ret = TLSX_CreateQSHKey(ssl, WOLFSSL_NTRU_EESS593)) != 0) {
+ WOLFSSL_MSG("Error creating ntru keys");
+ return ret;
+ }
+ if ((ret = TLSX_CreateQSHKey(ssl, WOLFSSL_NTRU_EESS439)) != 0) {
+ WOLFSSL_MSG("Error creating ntru keys");
+ return ret;
+ }
+
+ /* add NTRU 256 */
+ public_key = TLSX_QSHKeyFind_Pub(ssl->QSH_Key,
+ &public_key_len, WOLFSSL_NTRU_EESS743);
+ }
+ if (TLSX_UseQSHScheme(&ssl->extensions, WOLFSSL_NTRU_EESS743,
+ public_key, public_key_len) != SSL_SUCCESS)
+ ret = -1;
+
+ /* add NTRU 196 */
+ if (ssl->sendQSHKeys) {
+ public_key = TLSX_QSHKeyFind_Pub(ssl->QSH_Key,
+ &public_key_len, WOLFSSL_NTRU_EESS593);
+ }
+ if (TLSX_UseQSHScheme(&ssl->extensions, WOLFSSL_NTRU_EESS593,
+ public_key, public_key_len) != SSL_SUCCESS)
+ ret = -1;
+
+ /* add NTRU 128 */
+ if (ssl->sendQSHKeys) {
+ public_key = TLSX_QSHKeyFind_Pub(ssl->QSH_Key,
+ &public_key_len, WOLFSSL_NTRU_EESS439);
+ }
+ if (TLSX_UseQSHScheme(&ssl->extensions, WOLFSSL_NTRU_EESS439,
+ public_key, public_key_len) != SSL_SUCCESS)
+ ret = -1;
+ }
+ else if (ssl->sendQSHKeys && ssl->QSH_Key == NULL) {
+ /* for each scheme make a client key */
+ extension = TLSX_Find(ssl->extensions, WOLFSSL_QSH);
+ if (extension) {
+ qsh = (QSHScheme*)extension->data;
+
+ while (qsh) {
+ if ((ret = TLSX_CreateQSHKey(ssl, qsh->name)) != 0)
+ return ret;
+
+ /* get next now because qsh could be freed */
+ next = qsh->next;
+
+ /* find the public key created and add to extension*/
+ public_key = TLSX_QSHKeyFind_Pub(ssl->QSH_Key,
+ &public_key_len, qsh->name);
+ if (TLSX_UseQSHScheme(&ssl->extensions, qsh->name,
+ public_key, public_key_len) != SSL_SUCCESS)
+ ret = -1;
+ qsh = next;
+ }
+ }
+ }
+ } /* is not server */
+ #endif
+
+ (void)isServer;
+ (void)public_key;
+ (void)public_key_len;
+ (void)ssl;
+
+ return ret;
+}
+
+
#ifndef NO_WOLFSSL_CLIENT
+/** Tells the buffered size of extensions to be sent into the client hello. */
word16 TLSX_GetRequestSize(WOLFSSL* ssl)
{
word16 length = 0;
@@ -2060,6 +3122,7 @@ word16 TLSX_GetRequestSize(WOLFSSL* ssl)
byte semaphore[SEMAPHORE_SIZE] = {0};
EC_VALIDATE_REQUEST(ssl, semaphore);
+ QSH_VALIDATE_REQUEST(ssl, semaphore);
STK_VALIDATE_REQUEST(ssl);
if (ssl->extensions)
@@ -2073,11 +3136,12 @@ word16 TLSX_GetRequestSize(WOLFSSL* ssl)
}
if (length)
- length += OPAQUE16_LEN; /* for total length storage */
+ length += OPAQUE16_LEN; /* for total length storage. */
return length;
}
+/** Writes the extensions to be sent into the client hello. */
word16 TLSX_WriteRequest(WOLFSSL* ssl, byte* output)
{
word16 offset = 0;
@@ -2088,6 +3152,8 @@ word16 TLSX_WriteRequest(WOLFSSL* ssl, byte* output)
offset += OPAQUE16_LEN; /* extensions length */
EC_VALIDATE_REQUEST(ssl, semaphore);
+ STK_VALIDATE_REQUEST(ssl);
+ QSH_VALIDATE_REQUEST(ssl, semaphore);
if (ssl->extensions)
offset += TLSX_Write(ssl->extensions, output + offset,
@@ -2128,11 +3194,21 @@ word16 TLSX_WriteRequest(WOLFSSL* ssl, byte* output)
#ifndef NO_WOLFSSL_SERVER
+/** Tells the buffered size of extensions to be sent into the server hello. */
word16 TLSX_GetResponseSize(WOLFSSL* ssl)
{
word16 length = 0;
byte semaphore[SEMAPHORE_SIZE] = {0};
+ #ifdef HAVE_QSH
+ /* change response if not using TLS_QSH */
+ if (!ssl->options.haveQSH) {
+ TLSX* ext = TLSX_Find(ssl->extensions, WOLFSSL_QSH);
+ if (ext)
+ ext->resp = 0;
+ }
+ #endif
+
if (TLSX_SupportExtensions(ssl))
length += TLSX_GetSize(ssl->extensions, semaphore, 0);
@@ -2144,6 +3220,7 @@ word16 TLSX_GetResponseSize(WOLFSSL* ssl)
return length;
}
+/** Writes the server hello extensions into a buffer. */
word16 TLSX_WriteResponse(WOLFSSL *ssl, byte* output)
{
word16 offset = 0;
@@ -2164,6 +3241,7 @@ word16 TLSX_WriteResponse(WOLFSSL *ssl, byte* output)
#endif /* NO_WOLFSSL_SERVER */
+/** Parses a buffer of TLS extensions. */
int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte isRequest,
Suites *suites)
{
@@ -2226,6 +3304,12 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte isRequest,
ret = STK_PARSE(ssl, input + offset, size, isRequest);
break;
+ case WOLFSSL_QSH:
+ WOLFSSL_MSG("Quantum-Safe-Hybrid extension received");
+
+ ret = QSH_PARSE(ssl, input + offset, size, isRequest);
+ break;
+
case HELLO_EXT_SIG_ALGO:
if (isRequest) {
/* do not mess with offset inside the switch! */
@@ -2251,6 +3335,9 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte isRequest,
offset += size;
}
+ if (ret == 0)
+ ret = SNI_VERIFY_PARSE(ssl, isRequest);
+
return ret;
}
@@ -2259,8 +3346,7 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte isRequest,
#undef TURN_ON
#undef SEMAPHORE_SIZE
-#endif
-
+#endif /* HAVE_TLS_EXTENSIONS */
#ifndef NO_WOLFSSL_CLIENT
@@ -2317,7 +3403,7 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte isRequest,
#endif
#ifndef NO_OLD_TLS
method->downgrade = 1;
-#endif
+#endif
}
return method;
}
@@ -2398,4 +3484,3 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte isRequest,
#endif /* NO_WOLFSSL_SERVER */
#endif /* NO_TLS */
-
diff --git a/sslSniffer/sslSniffer.vcxproj b/sslSniffer/sslSniffer.vcxproj
index 7419737c1..56404e997 100644
--- a/sslSniffer/sslSniffer.vcxproj
+++ b/sslSniffer/sslSniffer.vcxproj
@@ -67,19 +67,23 @@
$(SolutionDir)$(Configuration)\
- $(Configuration)\
+ $(Configuration)\obj\
true
true
+ $(SolutionDir)$(Platform)\$(Configuration)\
+ $(Platform)\$(Configuration)\obj\
$(SolutionDir)$(Configuration)\
- $(Configuration)\
+ $(Configuration)\obj\
false
false
+ $(SolutionDir)$(Platform)\$(Configuration)\
+ $(Platform)\$(Configuration)\obj\
@@ -166,7 +170,7 @@
-
+
diff --git a/sslSniffer/sslSnifferTest/snifftest.c b/sslSniffer/sslSnifferTest/snifftest.c
index 724b1d895..155a14954 100755
--- a/sslSniffer/sslSnifferTest/snifftest.c
+++ b/sslSniffer/sslSnifferTest/snifftest.c
@@ -60,6 +60,7 @@ int main(void)
#ifndef _WIN32
#include /* AF_INET */
#include
+ #include
#endif
typedef unsigned char byte;
@@ -123,6 +124,7 @@ static char* iptos(unsigned int addr)
int main(int argc, char** argv)
{
int ret = 0;
+ int hadBadPacket = 0;
int inum;
int port;
int saveFile = 0;
@@ -303,8 +305,10 @@ int main(int argc, char** argv)
continue;
ret = ssl_DecodePacket(packet, header.caplen, data, err);
- if (ret < 0)
+ if (ret < 0) {
printf("ssl_Decode ret = %d, %s\n", ret, err);
+ hadBadPacket = 1;
+ }
if (ret > 0) {
data[ret] = 0;
printf("SSL App Data(%d:%d):%s\n", packetNumber, ret, data);
@@ -315,7 +319,7 @@ int main(int argc, char** argv)
}
FreeAll();
- return EXIT_SUCCESS;
+ return hadBadPacket ? EXIT_FAILURE : EXIT_SUCCESS;
}
#endif /* full build */
diff --git a/support/wolfssl.pc b/support/wolfssl.pc
index 7b18d95e5..a461151f9 100644
--- a/support/wolfssl.pc
+++ b/support/wolfssl.pc
@@ -5,6 +5,6 @@ includedir=${prefix}/include
Name: wolfssl
Description: wolfssl C library.
-Version: 3.4.6
+Version: 3.6.6
Libs: -L${libdir} -lwolfssl
Cflags: -I${includedir}
diff --git a/swig/README b/swig/README
index bd4f7f7cf..d71cdb2b5 100644
--- a/swig/README
+++ b/swig/README
@@ -16,14 +16,14 @@ Please send questions to support@wolfssl.com
sudo make install
-2) start the example echoserver from the root directory
- ./examples/echoserver/echoserver
+2) start the example server from the root directory
+ ./examples/server/server -d
3) run ./PythonBuild.sh from this directory it will
a) build the swig wrapper file
b) compile the swig wrapper and wolfssl wrapper files
c) place them into a wolfssl shared library for python
- d) run runme.py which will connect to the wolfSSL echo server, write a
+ d) run runme.py which will connect to the wolfSSL server, write a
string, then read the result and output it
diff --git a/swig/runme.py b/swig/runme.py
index cb2ddf11f..90fc43159 100644
--- a/swig/runme.py
+++ b/swig/runme.py
@@ -3,13 +3,13 @@
import wolfssl
print ""
-print "Trying to connect to the echo server..."
+print "Trying to connect to the example server -d..."
wolfssl.wolfSSL_Init()
#wolfssl.wolfSSL_Debugging_ON()
-ctx = wolfssl.wolfSSL_CTX_new(wolfssl.wolfTLSv1_client_method())
+ctx = wolfssl.wolfSSL_CTX_new(wolfssl.wolfTLSv1_2_client_method())
if ctx == None:
- print "Couldn't get SSL CTX for TLSv1"
+ print "Couldn't get SSL CTX for TLSv1.2"
exit(-1)
ret = wolfssl.wolfSSL_CTX_load_verify_locations(ctx, "../certs/ca-cert.pem", None)
@@ -24,7 +24,10 @@ ret = wolfssl.wolfSSL_swig_connect(ssl, "localhost", 11111)
if ret != wolfssl.SSL_SUCCESS:
print "Couldn't do SSL connect"
err = wolfssl.wolfSSL_get_error(ssl, 0)
- print "error string = ", wolfssl.wolfSSL_error_string(err)
+ if ret == -2:
+ print "tcp error, is example server running?"
+ else:
+ print "error string = ", wolfssl.wolfSSL_error_string(err)
exit(-1)
print "...Connected"
diff --git a/swig/wolfssl.i b/swig/wolfssl.i
index 45dc693d3..286e263e4 100644
--- a/swig/wolfssl.i
+++ b/swig/wolfssl.i
@@ -27,13 +27,13 @@
/* defn adds */
char* wolfSSL_error_string(int err);
int wolfSSL_swig_connect(WOLFSSL*, const char* server, int port);
- RNG* GetRng(void);
+ WC_RNG* GetRng(void);
RsaKey* GetRsaPrivateKey(const char* file);
void FillSignStr(unsigned char*, const char*, int);
%}
-WOLFSSL_METHOD* wolfTLSv1_client_method(void);
+WOLFSSL_METHOD* wolfTLSv1_2_client_method(void);
WOLFSSL_CTX* wolfSSL_CTX_new(WOLFSSL_METHOD*);
int wolfSSL_CTX_load_verify_locations(WOLFSSL_CTX*, const char*, const char*);
WOLFSSL* wolfSSL_new(WOLFSSL_CTX*);
@@ -44,11 +44,11 @@ int wolfSSL_Init(void);
char* wolfSSL_error_string(int);
int wolfSSL_swig_connect(WOLFSSL*, const char* server, int port);
-int wc_RsaSSL_Sign(const unsigned char* in, int inLen, unsigned char* out, int outLen, RsaKey* key, RNG* rng);
+int wc_RsaSSL_Sign(const unsigned char* in, int inLen, unsigned char* out, int outLen, RsaKey* key, WC_RNG* rng);
int wc_RsaSSL_Verify(const unsigned char* in, int inLen, unsigned char* out, int outLen, RsaKey* key);
-RNG* GetRng(void);
+WC_RNG* GetRng(void);
RsaKey* GetRsaPrivateKey(const char* file);
void FillSignStr(unsigned char*, const char*, int);
diff --git a/swig/wolfssl_adds.c b/swig/wolfssl_adds.c
index e12ccac74..00267c926 100644
--- a/swig/wolfssl_adds.c
+++ b/swig/wolfssl_adds.c
@@ -182,9 +182,9 @@ char* wolfSSL_error_string(int err)
}
-RNG* GetRng(void)
+WC_RNG* GetRng(void)
{
- RNG* rng = (RNG*)malloc(sizeof(RNG));
+ WC_RNG* rng = (WC_RNG*)malloc(sizeof(WC_RNG));
if (rng)
if (wc_InitRng(rng) != 0) {
diff --git a/tests/CONF_FILES_README.md b/tests/CONF_FILES_README.md
new file mode 100644
index 000000000..ab260c25d
--- /dev/null
+++ b/tests/CONF_FILES_README.md
@@ -0,0 +1,4 @@
+suites.c is a dynamicically written program where new test cases can be written
+and added to as needed. When creating a new configure file for a test be sure
+to use the exact formatting as the existing configure files. Reference test.conf
+for an example.
diff --git a/tests/README b/tests/README
new file mode 100644
index 000000000..669d024ff
--- /dev/null
+++ b/tests/README
@@ -0,0 +1 @@
+Before creating any new configure files (.conf) read the CONF_FILES_README.md
diff --git a/tests/api.c b/tests/api.c
index 6ccd80b7d..a34ecebbc 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -101,8 +101,10 @@ static void test_wolfSSL_Method_Allocators(void)
TEST_METHOD_ALLOCATOR(a, AssertNull)
#ifndef NO_OLD_TLS
- TEST_VALID_METHOD_ALLOCATOR(wolfSSLv3_server_method);
- TEST_VALID_METHOD_ALLOCATOR(wolfSSLv3_client_method);
+ #ifdef WOLFSSL_ALLOW_SSLV3
+ TEST_VALID_METHOD_ALLOCATOR(wolfSSLv3_server_method);
+ TEST_VALID_METHOD_ALLOCATOR(wolfSSLv3_client_method);
+ #endif
TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_server_method);
TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_client_method);
TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_1_server_method);
@@ -113,8 +115,10 @@ static void test_wolfSSL_Method_Allocators(void)
TEST_VALID_METHOD_ALLOCATOR(wolfSSLv23_client_method);
#ifdef WOLFSSL_DTLS
- TEST_VALID_METHOD_ALLOCATOR(wolfDTLSv1_server_method);
- TEST_VALID_METHOD_ALLOCATOR(wolfDTLSv1_client_method);
+ #ifndef NO_OLD_TLS
+ TEST_VALID_METHOD_ALLOCATOR(wolfDTLSv1_server_method);
+ TEST_VALID_METHOD_ALLOCATOR(wolfDTLSv1_client_method);
+ #endif
TEST_VALID_METHOD_ALLOCATOR(wolfDTLSv1_2_server_method);
TEST_VALID_METHOD_ALLOCATOR(wolfDTLSv1_2_client_method);
#endif
@@ -132,9 +136,9 @@ static void test_wolfSSL_Method_Allocators(void)
static void test_wolfSSL_CTX_new(WOLFSSL_METHOD *method)
{
WOLFSSL_CTX *ctx;
-
+
AssertNull(ctx = wolfSSL_CTX_new(NULL));
-
+
AssertNotNull(method);
AssertNotNull(ctx = wolfSSL_CTX_new(method));
@@ -150,10 +154,10 @@ static void test_wolfSSL_CTX_use_certificate_file(void)
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
/* invalid context */
- AssertFalse(wolfSSL_CTX_use_certificate_file(NULL, svrCert,
+ AssertFalse(wolfSSL_CTX_use_certificate_file(NULL, svrCert,
SSL_FILETYPE_PEM));
/* invalid cert file */
- AssertFalse(wolfSSL_CTX_use_certificate_file(ctx, bogusFile,
+ AssertFalse(wolfSSL_CTX_use_certificate_file(ctx, bogusFile,
SSL_FILETYPE_PEM));
/* invalid cert type */
AssertFalse(wolfSSL_CTX_use_certificate_file(ctx, svrCert, 9999));
@@ -179,10 +183,10 @@ static void test_wolfSSL_CTX_use_PrivateKey_file(void)
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
/* invalid context */
- AssertFalse(wolfSSL_CTX_use_PrivateKey_file(NULL, svrKey,
+ AssertFalse(wolfSSL_CTX_use_PrivateKey_file(NULL, svrKey,
SSL_FILETYPE_PEM));
/* invalid key file */
- AssertFalse(wolfSSL_CTX_use_PrivateKey_file(ctx, bogusFile,
+ AssertFalse(wolfSSL_CTX_use_PrivateKey_file(ctx, bogusFile,
SSL_FILETYPE_PEM));
/* invalid key type */
AssertFalse(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKey, 9999));
@@ -207,7 +211,7 @@ static void test_wolfSSL_CTX_load_verify_locations(void)
WOLFSSL_CTX *ctx;
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
-
+
/* invalid context */
AssertFalse(wolfSSL_CTX_load_verify_locations(NULL, caCert, 0));
@@ -270,18 +274,18 @@ static void test_client_wolfSSL_new(void)
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
AssertTrue(wolfSSL_CTX_load_verify_locations(ctx, caCert, 0));
-
+
/* invalid context */
AssertNull(ssl = wolfSSL_new(NULL));
/* success */
AssertNotNull(ssl = wolfSSL_new(ctx_nocert));
wolfSSL_free(ssl);
-
+
/* success */
AssertNotNull(ssl = wolfSSL_new(ctx));
wolfSSL_free(ssl);
-
+
wolfSSL_CTX_free(ctx);
wolfSSL_CTX_free(ctx_nocert);
#endif
@@ -351,7 +355,7 @@ static THREAD_RETURN WOLFSSL_THREAD test_server_nofail(void* args)
"Please run from wolfSSL home dir");*/
goto done;
}
-
+
ssl = wolfSSL_new(ctx);
tcp_accept(&sockfd, &clientfd, (func_args*)args, port, 0, 0, 0);
CloseSocket(sockfd);
@@ -380,7 +384,7 @@ static THREAD_RETURN WOLFSSL_THREAD test_server_nofail(void* args)
input[idx] = 0;
printf("Client message: %s\n", input);
}
-
+
if (wolfSSL_write(ssl, msg, sizeof(msg)) != sizeof(msg))
{
/*err_sys("SSL_write failed");*/
@@ -399,7 +403,7 @@ done:
wolfSSL_shutdown(ssl);
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
-
+
CloseSocket(clientfd);
((func_args*)args)->return_code = TEST_SUCCESS;
@@ -492,7 +496,7 @@ static void test_client_nofail(void* args)
done2:
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
-
+
CloseSocket(sockfd);
((func_args*)args)->return_code = TEST_SUCCESS;
@@ -718,10 +722,10 @@ static void test_wolfSSL_read_write(void)
StartTCP();
InitTcpReady(&ready);
-
+
server_args.signal = &ready;
client_args.signal = &ready;
-
+
start_thread(test_server_nofail, &server_args, &serverThread);
wait_tcp_ready(&server_args);
test_client_nofail(&client_args);
@@ -744,68 +748,106 @@ static void test_wolfSSL_read_write(void)
*----------------------------------------------------------------------------*/
#ifdef HAVE_SNI
+static void test_wolfSSL_UseSNI_params(void)
+{
+ WOLFSSL_CTX *ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
+ WOLFSSL *ssl = wolfSSL_new(ctx);
+
+ AssertNotNull(ctx);
+ AssertNotNull(ssl);
+
+ /* invalid [ctx|ssl] */
+ AssertIntNE(SSL_SUCCESS, wolfSSL_CTX_UseSNI(NULL, 0, "ctx", 3));
+ AssertIntNE(SSL_SUCCESS, wolfSSL_UseSNI( NULL, 0, "ssl", 3));
+ /* invalid type */
+ AssertIntNE(SSL_SUCCESS, wolfSSL_CTX_UseSNI(ctx, -1, "ctx", 3));
+ AssertIntNE(SSL_SUCCESS, wolfSSL_UseSNI( ssl, -1, "ssl", 3));
+ /* invalid data */
+ AssertIntNE(SSL_SUCCESS, wolfSSL_CTX_UseSNI(ctx, 0, NULL, 3));
+ AssertIntNE(SSL_SUCCESS, wolfSSL_UseSNI( ssl, 0, NULL, 3));
+ /* success case */
+ AssertIntEQ(SSL_SUCCESS, wolfSSL_CTX_UseSNI(ctx, 0, "ctx", 3));
+ AssertIntEQ(SSL_SUCCESS, wolfSSL_UseSNI( ssl, 0, "ssl", 3));
+
+ wolfSSL_free(ssl);
+ wolfSSL_CTX_free(ctx);
+}
+
+/* BEGIN of connection tests callbacks */
static void use_SNI_at_ctx(WOLFSSL_CTX* ctx)
{
- byte type = WOLFSSL_SNI_HOST_NAME;
- char name[] = "www.yassl.com";
-
AssertIntEQ(SSL_SUCCESS,
- wolfSSL_CTX_UseSNI(ctx, type, (void *) name, XSTRLEN(name)));
+ wolfSSL_CTX_UseSNI(ctx, WOLFSSL_SNI_HOST_NAME, "www.wolfssl.com", 15));
}
static void use_SNI_at_ssl(WOLFSSL* ssl)
{
- byte type = WOLFSSL_SNI_HOST_NAME;
- char name[] = "www.yassl.com";
-
AssertIntEQ(SSL_SUCCESS,
- wolfSSL_UseSNI(ssl, type, (void *) name, XSTRLEN(name)));
+ wolfSSL_UseSNI(ssl, WOLFSSL_SNI_HOST_NAME, "www.wolfssl.com", 15));
}
static void different_SNI_at_ssl(WOLFSSL* ssl)
{
- byte type = WOLFSSL_SNI_HOST_NAME;
- char name[] = "ww2.yassl.com";
-
AssertIntEQ(SSL_SUCCESS,
- wolfSSL_UseSNI(ssl, type, (void *) name, XSTRLEN(name)));
+ wolfSSL_UseSNI(ssl, WOLFSSL_SNI_HOST_NAME, "ww2.wolfssl.com", 15));
}
static void use_SNI_WITH_CONTINUE_at_ssl(WOLFSSL* ssl)
{
- byte type = WOLFSSL_SNI_HOST_NAME;
-
use_SNI_at_ssl(ssl);
-
- wolfSSL_SNI_SetOptions(ssl, type, WOLFSSL_SNI_CONTINUE_ON_MISMATCH);
+ wolfSSL_SNI_SetOptions(ssl, WOLFSSL_SNI_HOST_NAME,
+ WOLFSSL_SNI_CONTINUE_ON_MISMATCH);
}
static void use_SNI_WITH_FAKE_ANSWER_at_ssl(WOLFSSL* ssl)
{
- byte type = WOLFSSL_SNI_HOST_NAME;
-
use_SNI_at_ssl(ssl);
-
- wolfSSL_SNI_SetOptions(ssl, type, WOLFSSL_SNI_ANSWER_ON_MISMATCH);
+ wolfSSL_SNI_SetOptions(ssl, WOLFSSL_SNI_HOST_NAME,
+ WOLFSSL_SNI_ANSWER_ON_MISMATCH);
}
-static void verify_SNI_abort_on_client(WOLFSSL* ssl)
+static void use_MANDATORY_SNI_at_ctx(WOLFSSL_CTX* ctx)
+{
+ use_SNI_at_ctx(ctx);
+ wolfSSL_CTX_SNI_SetOptions(ctx, WOLFSSL_SNI_HOST_NAME,
+ WOLFSSL_SNI_ABORT_ON_ABSENCE);
+}
+
+static void use_MANDATORY_SNI_at_ssl(WOLFSSL* ssl)
+{
+ use_SNI_at_ssl(ssl);
+ wolfSSL_SNI_SetOptions(ssl, WOLFSSL_SNI_HOST_NAME,
+ WOLFSSL_SNI_ABORT_ON_ABSENCE);
+}
+
+static void use_PSEUDO_MANDATORY_SNI_at_ctx(WOLFSSL_CTX* ctx)
+{
+ use_SNI_at_ctx(ctx);
+ wolfSSL_CTX_SNI_SetOptions(ctx, WOLFSSL_SNI_HOST_NAME,
+ WOLFSSL_SNI_ANSWER_ON_MISMATCH | WOLFSSL_SNI_ABORT_ON_ABSENCE);
+}
+
+static void verify_FATAL_ERROR_on_client(WOLFSSL* ssl)
{
AssertIntEQ(FATAL_ERROR, wolfSSL_get_error(ssl, 0));
}
-static void verify_SNI_abort_on_server(WOLFSSL* ssl)
+static void verify_UNKNOWN_SNI_on_server(WOLFSSL* ssl)
{
AssertIntEQ(UNKNOWN_SNI_HOST_NAME_E, wolfSSL_get_error(ssl, 0));
}
+static void verify_SNI_ABSENT_on_server(WOLFSSL* ssl)
+{
+ AssertIntEQ(SNI_ABSENT_ERROR, wolfSSL_get_error(ssl, 0));
+}
+
static void verify_SNI_no_matching(WOLFSSL* ssl)
{
- byte type = WOLFSSL_SNI_HOST_NAME;
+ byte type = WOLFSSL_SNI_HOST_NAME;
char* request = (char*) &type; /* to be overwriten */
AssertIntEQ(WOLFSSL_SNI_NO_MATCH, wolfSSL_SNI_Status(ssl, type));
-
AssertNotNull(request);
AssertIntEQ(0, wolfSSL_SNI_GetRequest(ssl, type, (void**) &request));
AssertNull(request);
@@ -813,30 +855,118 @@ static void verify_SNI_no_matching(WOLFSSL* ssl)
static void verify_SNI_real_matching(WOLFSSL* ssl)
{
- byte type = WOLFSSL_SNI_HOST_NAME;
- char* request = NULL;
- char name[] = "www.yassl.com";
- word16 length = XSTRLEN(name);
+ byte type = WOLFSSL_SNI_HOST_NAME;
+ char* request = NULL;
AssertIntEQ(WOLFSSL_SNI_REAL_MATCH, wolfSSL_SNI_Status(ssl, type));
-
- AssertIntEQ(length, wolfSSL_SNI_GetRequest(ssl, type, (void**) &request));
+ AssertIntEQ(15, wolfSSL_SNI_GetRequest(ssl, type, (void**) &request));
AssertNotNull(request);
- AssertStrEQ(name, request);
+ AssertStrEQ("www.wolfssl.com", request);
}
static void verify_SNI_fake_matching(WOLFSSL* ssl)
{
- byte type = WOLFSSL_SNI_HOST_NAME;
- char* request = NULL;
- char name[] = "ww2.yassl.com";
- word16 length = XSTRLEN(name);
+ byte type = WOLFSSL_SNI_HOST_NAME;
+ char* request = NULL;
AssertIntEQ(WOLFSSL_SNI_FAKE_MATCH, wolfSSL_SNI_Status(ssl, type));
-
- AssertIntEQ(length, wolfSSL_SNI_GetRequest(ssl, type, (void**) &request));
+ AssertIntEQ(15, wolfSSL_SNI_GetRequest(ssl, type, (void**) &request));
AssertNotNull(request);
- AssertStrEQ(name, request);
+ AssertStrEQ("ww2.wolfssl.com", request);
+}
+/* END of connection tests callbacks */
+
+/* connection test runner */
+static void test_wolfSSL_client_server(callback_functions* client_callbacks,
+ callback_functions* server_callbacks)
+{
+#ifdef HAVE_IO_TESTS_DEPENDENCIES
+ tcp_ready ready;
+ func_args client_args;
+ func_args server_args;
+ THREAD_TYPE serverThread;
+
+ StartTCP();
+
+ client_args.callbacks = client_callbacks;
+ server_args.callbacks = server_callbacks;
+
+#ifdef WOLFSSL_TIRTOS
+ fdOpenSession(Task_self());
+#endif
+
+ /* RUN Server side */
+ InitTcpReady(&ready);
+ server_args.signal = &ready;
+ client_args.signal = &ready;
+ start_thread(run_wolfssl_server, &server_args, &serverThread);
+ wait_tcp_ready(&server_args);
+
+ /* RUN Client side */
+ run_wolfssl_client(&client_args);
+ join_thread(serverThread);
+
+ FreeTcpReady(&ready);
+#ifdef WOLFSSL_TIRTOS
+ fdCloseSession(Task_self());
+#endif
+
+#else
+ (void)client_callbacks;
+ (void)server_callbacks;
+#endif
+}
+
+static void test_wolfSSL_UseSNI_connection(void)
+{
+ unsigned long i;
+ callback_functions callbacks[] = {
+ /* success case at ctx */
+ {0, use_SNI_at_ctx, 0, 0},
+ {0, use_SNI_at_ctx, 0, verify_SNI_real_matching},
+
+ /* success case at ssl */
+ {0, 0, use_SNI_at_ssl, 0},
+ {0, 0, use_SNI_at_ssl, verify_SNI_real_matching},
+
+ /* default missmatch behavior */
+ {0, 0, different_SNI_at_ssl, verify_FATAL_ERROR_on_client},
+ {0, 0, use_SNI_at_ssl, verify_UNKNOWN_SNI_on_server},
+
+ /* continue on missmatch */
+ {0, 0, different_SNI_at_ssl, 0},
+ {0, 0, use_SNI_WITH_CONTINUE_at_ssl, verify_SNI_no_matching},
+
+ /* fake answer on missmatch */
+ {0, 0, different_SNI_at_ssl, 0},
+ {0, 0, use_SNI_WITH_FAKE_ANSWER_at_ssl, verify_SNI_fake_matching},
+
+ /* sni abort - success */
+ {0, use_SNI_at_ctx, 0, 0},
+ {0, use_MANDATORY_SNI_at_ctx, 0, verify_SNI_real_matching},
+
+ /* sni abort - abort when absent (ctx) */
+ {0, 0, 0, verify_FATAL_ERROR_on_client},
+ {0, use_MANDATORY_SNI_at_ctx, 0, verify_SNI_ABSENT_on_server},
+
+ /* sni abort - abort when absent (ssl) */
+ {0, 0, 0, verify_FATAL_ERROR_on_client},
+ {0, 0, use_MANDATORY_SNI_at_ssl, verify_SNI_ABSENT_on_server},
+
+ /* sni abort - success when overwriten */
+ {0, 0, 0, 0},
+ {0, use_MANDATORY_SNI_at_ctx, use_SNI_at_ssl, verify_SNI_no_matching},
+
+ /* sni abort - success when allowing missmatches */
+ {0, 0, different_SNI_at_ssl, 0},
+ {0, use_PSEUDO_MANDATORY_SNI_at_ctx, 0, verify_SNI_fake_matching},
+ };
+
+ for (i = 0; i < sizeof(callbacks) / sizeof(callback_functions); i += 2) {
+ callbacks[i ].method = wolfSSLv23_client_method;
+ callbacks[i + 1].method = wolfSSLv23_server_method;
+ test_wolfSSL_client_server(&callbacks[i], &callbacks[i + 1]);
+ }
}
static void test_wolfSSL_SNI_GetFromBuffer(void)
@@ -903,6 +1033,14 @@ static void test_wolfSSL_SNI_GetFromBuffer(void)
0x12, 0x00, 0x00
};
+ byte buffer5[] = { /* SSL v2.0 client hello */
+ 0x00, 0x2b, 0x01, 0x03, 0x01, 0x00, 0x09, 0x00, 0x00,
+ /* dummy bytes bellow, just to pass size check */
+ 0xb6, 0x03, 0x03, 0x83, 0xa3, 0xe6, 0xdc, 0x16, 0xa1, 0x43, 0xe9, 0x45,
+ 0x15, 0xbd, 0x64, 0xa9, 0xb6, 0x07, 0xb4, 0x50, 0xc6, 0xdd, 0xff, 0xc2,
+ 0xd3, 0x0d, 0x4f, 0x36, 0xb4, 0x41, 0x51, 0x61, 0xc1, 0xa5, 0x9e, 0x00,
+ };
+
byte result[32] = {0};
word32 length = 32;
@@ -923,7 +1061,7 @@ static void test_wolfSSL_SNI_GetFromBuffer(void)
0, result, &length));
buffer[1] = 0x03;
- AssertIntEQ(SNI_UNSUPPORTED, wolfSSL_SNI_GetFromBuffer(buffer,
+ AssertIntEQ(SNI_UNSUPPORTED, wolfSSL_SNI_GetFromBuffer(buffer,
sizeof(buffer), 0, result, &length));
buffer[2] = 0x03;
@@ -942,46 +1080,22 @@ static void test_wolfSSL_SNI_GetFromBuffer(void)
0, result, &length));
result[length] = 0;
AssertStrEQ("api.textmate.org", (const char*) result);
-}
-static void test_wolfSSL_client_server(callback_functions* client_callbacks,
- callback_functions* server_callbacks)
-{
-#ifdef HAVE_IO_TESTS_DEPENDENCIES
- tcp_ready ready;
- func_args client_args;
- func_args server_args;
- THREAD_TYPE serverThread;
+ /* SSL v2.0 tests */
+ AssertIntEQ(SNI_UNSUPPORTED, wolfSSL_SNI_GetFromBuffer(buffer5,
+ sizeof(buffer5), 0, result, &length));
- StartTCP();
+ buffer5[2] = 0x02;
+ AssertIntEQ(BUFFER_ERROR, wolfSSL_SNI_GetFromBuffer(buffer5,
+ sizeof(buffer5), 0, result, &length));
- client_args.callbacks = client_callbacks;
- server_args.callbacks = server_callbacks;
+ buffer5[2] = 0x01; buffer5[6] = 0x08;
+ AssertIntEQ(BUFFER_ERROR, wolfSSL_SNI_GetFromBuffer(buffer5,
+ sizeof(buffer5), 0, result, &length));
-#ifdef WOLFSSL_TIRTOS
- fdOpenSession(Task_self());
-#endif
-
- /* RUN Server side */
- InitTcpReady(&ready);
- server_args.signal = &ready;
- client_args.signal = &ready;
- start_thread(run_wolfssl_server, &server_args, &serverThread);
- wait_tcp_ready(&server_args);
-
- /* RUN Client side */
- run_wolfssl_client(&client_args);
- join_thread(serverThread);
-
- FreeTcpReady(&ready);
-#ifdef WOLFSSL_TIRTOS
- fdCloseSession(Task_self());
-#endif
-
-#else
- (void)client_callbacks;
- (void)server_callbacks;
-#endif
+ buffer5[6] = 0x09; buffer5[8] = 0x01;
+ AssertIntEQ(BUFFER_ERROR, wolfSSL_SNI_GetFromBuffer(buffer5,
+ sizeof(buffer5), 0, result, &length));
}
#endif /* HAVE_SNI */
@@ -989,70 +1103,8 @@ static void test_wolfSSL_client_server(callback_functions* client_callbacks,
static void test_wolfSSL_UseSNI(void)
{
#ifdef HAVE_SNI
- callback_functions client_callbacks = {wolfSSLv23_client_method, 0, 0, 0};
- callback_functions server_callbacks = {wolfSSLv23_server_method, 0, 0, 0};
-
- WOLFSSL_CTX *ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
- WOLFSSL *ssl = wolfSSL_new(ctx);
-
- AssertNotNull(ctx);
- AssertNotNull(ssl);
-
- /* error cases */
- AssertIntNE(SSL_SUCCESS,
- wolfSSL_CTX_UseSNI(NULL, 0, (void *) "ctx", XSTRLEN("ctx")));
- AssertIntNE(SSL_SUCCESS,
- wolfSSL_UseSNI( NULL, 0, (void *) "ssl", XSTRLEN("ssl")));
- AssertIntNE(SSL_SUCCESS,
- wolfSSL_CTX_UseSNI(ctx, -1, (void *) "ctx", XSTRLEN("ctx")));
- AssertIntNE(SSL_SUCCESS,
- wolfSSL_UseSNI( ssl, -1, (void *) "ssl", XSTRLEN("ssl")));
- AssertIntNE(SSL_SUCCESS,
- wolfSSL_CTX_UseSNI(ctx, 0, (void *) NULL, XSTRLEN("ctx")));
- AssertIntNE(SSL_SUCCESS,
- wolfSSL_UseSNI( ssl, 0, (void *) NULL, XSTRLEN("ssl")));
-
- /* success case */
- AssertIntEQ(SSL_SUCCESS,
- wolfSSL_CTX_UseSNI(ctx, 0, (void *) "ctx", XSTRLEN("ctx")));
- AssertIntEQ(SSL_SUCCESS,
- wolfSSL_UseSNI( ssl, 0, (void *) "ssl", XSTRLEN("ssl")));
-
- wolfSSL_free(ssl);
- wolfSSL_CTX_free(ctx);
-
- /* Testing success case at ctx */
- client_callbacks.ctx_ready = server_callbacks.ctx_ready = use_SNI_at_ctx;
- server_callbacks.on_result = verify_SNI_real_matching;
-
- test_wolfSSL_client_server(&client_callbacks, &server_callbacks);
-
- /* Testing success case at ssl */
- client_callbacks.ctx_ready = server_callbacks.ctx_ready = NULL;
- client_callbacks.ssl_ready = server_callbacks.ssl_ready = use_SNI_at_ssl;
-
- test_wolfSSL_client_server(&client_callbacks, &server_callbacks);
-
- /* Testing default mismatch behaviour */
- client_callbacks.ssl_ready = different_SNI_at_ssl;
- client_callbacks.on_result = verify_SNI_abort_on_client;
- server_callbacks.on_result = verify_SNI_abort_on_server;
-
- test_wolfSSL_client_server(&client_callbacks, &server_callbacks);
- client_callbacks.on_result = NULL;
-
- /* Testing continue on mismatch */
- client_callbacks.ssl_ready = different_SNI_at_ssl;
- server_callbacks.ssl_ready = use_SNI_WITH_CONTINUE_at_ssl;
- server_callbacks.on_result = verify_SNI_no_matching;
-
- test_wolfSSL_client_server(&client_callbacks, &server_callbacks);
-
- /* Testing fake answer on mismatch */
- server_callbacks.ssl_ready = use_SNI_WITH_FAKE_ANSWER_at_ssl;
- server_callbacks.on_result = verify_SNI_fake_matching;
-
- test_wolfSSL_client_server(&client_callbacks, &server_callbacks);
+ test_wolfSSL_UseSNI_params();
+ test_wolfSSL_UseSNI_connection();
test_wolfSSL_SNI_GetFromBuffer();
#endif
diff --git a/tests/include.am b/tests/include.am
index 006458523..802ec5ad1 100644
--- a/tests/include.am
+++ b/tests/include.am
@@ -11,6 +11,7 @@ tests_unit_test_SOURCES = \
tests/api.c \
tests/suites.c \
tests/hash.c \
+ tests/srp.c \
examples/client/client.c \
examples/server/server.c
tests_unit_test_CFLAGS = -DNO_MAIN_DRIVER $(AM_CFLAGS)
@@ -19,5 +20,7 @@ tests_unit_test_DEPENDENCIES = src/libwolfssl.la
endif
EXTRA_DIST += tests/unit.h
EXTRA_DIST += tests/test.conf \
+ tests/test-qsh.conf \
+ tests/test-psk-no-id.conf \
tests/test-dtls.conf
DISTCLEANFILES+= tests/.libs/unit.test
diff --git a/tests/srp.c b/tests/srp.c
new file mode 100644
index 000000000..691bbdabe
--- /dev/null
+++ b/tests/srp.c
@@ -0,0 +1,696 @@
+/* srp.c SRP unit tests
+ *
+ * Copyright (C) 2006-2015 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL. (formerly known as CyaSSL)
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Geteral Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Geteral Public License for more details.
+ *
+ * You should have received a copy of the GNU Geteral Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+ #include
+#endif
+
+#include
+
+#include
+#include
+#include
+
+#ifdef WOLFCRYPT_HAVE_SRP
+
+static byte username[] = "user";
+static word32 usernameSz = 4;
+
+static byte password[] = "password";
+static word32 passwordSz = 8;
+
+static byte N[] = {
+ 0xD4, 0xC7, 0xF8, 0xA2, 0xB3, 0x2C, 0x11, 0xB8, 0xFB, 0xA9, 0x58, 0x1E,
+ 0xC4, 0xBA, 0x4F, 0x1B, 0x04, 0x21, 0x56, 0x42, 0xEF, 0x73, 0x55, 0xE3,
+ 0x7C, 0x0F, 0xC0, 0x44, 0x3E, 0xF7, 0x56, 0xEA, 0x2C, 0x6B, 0x8E, 0xEB,
+ 0x75, 0x5A, 0x1C, 0x72, 0x30, 0x27, 0x66, 0x3C, 0xAA, 0x26, 0x5E, 0xF7,
+ 0x85, 0xB8, 0xFF, 0x6A, 0x9B, 0x35, 0x22, 0x7A, 0x52, 0xD8, 0x66, 0x33,
+ 0xDB, 0xDF, 0xCA, 0x43
+};
+
+static byte g[] = {
+ 0x02
+};
+
+static byte salt[] = {
+ 0x80, 0x66, 0x61, 0x5B, 0x7D, 0x33, 0xA2, 0x2E, 0x79, 0x18
+};
+
+static byte verifier[] = {
+ 0x24, 0x5F, 0xA5, 0x1B, 0x2A, 0x28, 0xF8, 0xFF, 0xE2, 0xA0, 0xF8, 0x61,
+ 0x7B, 0x0F, 0x3C, 0x05, 0xD6, 0x4A, 0x55, 0xDF, 0x74, 0x31, 0x54, 0x47,
+ 0xA1, 0xFA, 0x9D, 0x25, 0x7B, 0x02, 0x88, 0x0A, 0xE8, 0x5A, 0xBA, 0x8B,
+ 0xA2, 0xD3, 0x8A, 0x62, 0x46, 0x8C, 0xEC, 0x52, 0xBE, 0xDE, 0xFC, 0x75,
+ 0xF5, 0xDB, 0x9C, 0x8C, 0x9B, 0x34, 0x7A, 0xE7, 0x4A, 0x5F, 0xBB, 0x96,
+ 0x38, 0x19, 0xAB, 0x24
+};
+
+static byte a[] = {
+ 0x37, 0x95, 0xF2, 0xA6, 0xF1, 0x6F, 0x0D, 0x58, 0xBF, 0xED, 0x44, 0x87,
+ 0xE0, 0xB6, 0xCC, 0x1C, 0xA0, 0x50, 0xC6, 0x61, 0xBB, 0x36, 0xE0, 0x9A,
+ 0xF3, 0xF7, 0x1E, 0x7A, 0x61, 0x86, 0x5A, 0xF5
+};
+
+static byte A[] = {
+ 0x8D, 0x28, 0xC5, 0x6A, 0x46, 0x5C, 0x82, 0xDB, 0xC7, 0xF6, 0x8B, 0x62,
+ 0x1A, 0xAD, 0xA1, 0x76, 0x1B, 0x55, 0xFF, 0xAB, 0x10, 0x2F, 0xFF, 0x4A,
+ 0xAA, 0x46, 0xAD, 0x33, 0x64, 0xDE, 0x28, 0x2E, 0x82, 0x7A, 0xBE, 0xEA,
+ 0x32, 0xFC, 0xD6, 0x14, 0x01, 0x71, 0xE6, 0xC8, 0xC9, 0x53, 0x69, 0x55,
+ 0xE1, 0xF8, 0x3D, 0xDD, 0xC7, 0xD5, 0x21, 0xCE, 0xFF, 0x17, 0xFC, 0x23,
+ 0xBF, 0xCF, 0x2D, 0xB0
+};
+
+static byte b[] = {
+ 0x2B, 0xDD, 0x30, 0x30, 0x53, 0xAF, 0xD8, 0x3A, 0xE7, 0xE0, 0x17, 0x82,
+ 0x39, 0x44, 0x2C, 0xDB, 0x30, 0x88, 0x0F, 0xC8, 0x88, 0xC2, 0xB2, 0xC1,
+ 0x78, 0x43, 0x2F, 0xD5, 0x60, 0xD4, 0xDA, 0x43
+};
+
+static byte B[] = {
+ 0xB5, 0x80, 0x36, 0x7F, 0x50, 0x89, 0xC1, 0x04, 0x42, 0x98, 0xD7, 0x6A,
+ 0x37, 0x8E, 0xF1, 0x81, 0x52, 0xC5, 0x7A, 0xA1, 0xD5, 0xB7, 0x66, 0x84,
+ 0xA1, 0x3E, 0x32, 0x82, 0x2B, 0x3A, 0xB5, 0xD7, 0x3D, 0x50, 0xF1, 0x58,
+ 0xBD, 0x89, 0x75, 0xC7, 0x51, 0xCF, 0x6C, 0x03, 0xD4, 0xCA, 0xD5, 0x6E,
+ 0x97, 0x4D, 0xA3, 0x1E, 0x19, 0x0B, 0xF0, 0xAA, 0x7D, 0x14, 0x90, 0x80,
+ 0x0E, 0xC7, 0x92, 0xAD
+};
+
+static byte key[] = {
+ 0x66, 0x00, 0x9D, 0x58, 0xB3, 0xD2, 0x0D, 0x4B, 0x69, 0x7F, 0xCF, 0x48,
+ 0xFF, 0x8F, 0x15, 0x81, 0x4C, 0x4B, 0xFE, 0x9D, 0x85, 0x77, 0x88, 0x60,
+ 0x1D, 0x1E, 0x51, 0xCF, 0x75, 0xCC, 0x58, 0x00, 0xE7, 0x8D, 0x22, 0x87,
+ 0x13, 0x6C, 0x88, 0x55
+};
+
+static byte client_proof[] = {
+ 0x0D, 0x49, 0xE1, 0x9C, 0x3A, 0x88, 0x43, 0x15, 0x45, 0xA8, 0xAC, 0xAB,
+ 0xEA, 0x15, 0x1A, 0xEE, 0xF9, 0x38, 0x4D, 0x21
+};
+
+static byte server_proof[] = {
+ 0xBD, 0xB1, 0x20, 0x70, 0x46, 0xC9, 0xD6, 0xCC, 0xE2, 0x1D, 0x75, 0xA2,
+ 0xD0, 0xAF, 0xC5, 0xBC, 0xAE, 0x12, 0xFC, 0x75
+};
+
+static void test_SrpInit(void)
+{
+ Srp srp;
+
+ /* invalid params */
+ AssertIntEQ(BAD_FUNC_ARG, wc_SrpInit(NULL, SRP_TYPE_SHA, SRP_CLIENT_SIDE));
+ AssertIntEQ(BAD_FUNC_ARG, wc_SrpInit(&srp, 255, SRP_CLIENT_SIDE));
+ AssertIntEQ(BAD_FUNC_ARG, wc_SrpInit(&srp, SRP_TYPE_SHA, 255 ));
+
+ /* success */
+ AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_CLIENT_SIDE));
+
+ wc_SrpTerm(&srp);
+}
+
+static void test_SrpSetUsername(void)
+{
+ Srp srp;
+
+ AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_CLIENT_SIDE));
+
+ /* invalid params */
+ AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetUsername(NULL, username, usernameSz));
+ AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetUsername(&srp, NULL, usernameSz));
+
+ /* success */
+ AssertIntEQ(0, wc_SrpSetUsername(&srp, username, usernameSz));
+ AssertIntEQ((int) usernameSz, srp.userSz);
+ AssertIntEQ(0, XMEMCMP(srp.user, username, usernameSz));
+
+ wc_SrpTerm(&srp);
+}
+
+static void test_SrpSetParams(void)
+{
+ Srp srp;
+
+ AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_CLIENT_SIDE));
+
+ /* invalid call order */
+ AssertIntEQ(SRP_CALL_ORDER_E, wc_SrpSetParams(&srp, N, sizeof(N),
+ g, sizeof(g),
+ salt, sizeof(salt)));
+
+ /* fix call order */
+ AssertIntEQ(0, wc_SrpSetUsername(&srp, username, usernameSz));
+
+ /* invalid params */
+ AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetParams(NULL, N, sizeof(N),
+ g, sizeof(g),
+ salt, sizeof(salt)));
+ AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetParams(&srp, NULL, sizeof(N),
+ g, sizeof(g),
+ salt, sizeof(salt)));
+ AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetParams(&srp, N, sizeof(N),
+ NULL, sizeof(g),
+ salt, sizeof(salt)));
+ AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetParams(&srp, N, sizeof(N),
+ g, sizeof(g),
+ NULL, sizeof(salt)));
+
+ /* success */
+ AssertIntEQ(0, wc_SrpSetParams(&srp, N, sizeof(N),
+ g, sizeof(g),
+ salt, sizeof(salt)));
+
+ AssertIntEQ(sizeof(salt), srp.saltSz);
+ AssertIntEQ(0, XMEMCMP(srp.salt, salt, srp.saltSz));
+
+ wc_SrpTerm(&srp);
+}
+
+static void test_SrpSetPassword(void)
+{
+ Srp srp;
+ byte v[64];
+ word32 vSz = 0;
+
+ AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_CLIENT_SIDE));
+ AssertIntEQ(0, wc_SrpSetUsername(&srp, username, usernameSz));
+
+ /* invalid call order */
+ AssertIntEQ(SRP_CALL_ORDER_E,
+ wc_SrpSetPassword(&srp, password, passwordSz));
+ AssertIntEQ(SRP_CALL_ORDER_E,
+ wc_SrpGetVerifier(&srp, v, &vSz));
+
+ /* fix call order */
+ AssertIntEQ(0, wc_SrpSetParams(&srp, N, sizeof(N),
+ g, sizeof(g),
+ salt, sizeof(salt)));
+
+ /* invalid params */
+ AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetPassword(NULL, password, passwordSz));
+ AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetPassword(&srp, NULL, passwordSz));
+
+ /* success */
+ AssertIntEQ(0, wc_SrpSetPassword(&srp, password, passwordSz));
+
+ /* invalid params */
+ AssertIntEQ(BAD_FUNC_ARG, wc_SrpGetVerifier(NULL, v, &vSz));
+ AssertIntEQ(BAD_FUNC_ARG, wc_SrpGetVerifier(&srp, NULL, &vSz));
+ AssertIntEQ(BUFFER_E, wc_SrpGetVerifier(&srp, v, &vSz));
+
+ /* success */
+ vSz = sizeof(v);
+ AssertIntEQ(0, wc_SrpGetVerifier(&srp, v, &vSz));
+ AssertIntEQ(vSz, sizeof(verifier));
+ AssertIntEQ(0, XMEMCMP(verifier, v, vSz));
+
+ /* invalid params - client side srp */
+ AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetVerifier(&srp, v, vSz));
+
+ wc_SrpTerm(&srp);
+ AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_SERVER_SIDE));
+
+ /* invalid params */
+ AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetVerifier(NULL, v, vSz));
+ AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetVerifier(&srp, NULL, vSz));
+
+ /* success */
+ AssertIntEQ(0, wc_SrpSetVerifier(&srp, v, vSz));
+
+ wc_SrpTerm(&srp);
+}
+
+static void test_SrpGetPublic(void)
+{
+ Srp srp;
+ byte public[64];
+ word32 publicSz = 0;
+
+ AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_CLIENT_SIDE));
+ AssertIntEQ(0, wc_SrpSetUsername(&srp, username, usernameSz));
+ AssertIntEQ(0, wc_SrpSetParams(&srp, N, sizeof(N),
+ g, sizeof(g),
+ salt, sizeof(salt)));
+
+ /* invalid call order */
+ AssertIntEQ(SRP_CALL_ORDER_E, wc_SrpGetPublic(&srp, public, &publicSz));
+
+ /* fix call order */
+ AssertIntEQ(0, wc_SrpSetPassword(&srp, password, passwordSz));
+
+ /* invalid params */
+ AssertIntEQ(BAD_FUNC_ARG, wc_SrpGetPublic(NULL, public, &publicSz));
+ AssertIntEQ(BAD_FUNC_ARG, wc_SrpGetPublic(&srp, NULL, &publicSz));
+ AssertIntEQ(BAD_FUNC_ARG, wc_SrpGetPublic(&srp, public, NULL));
+ AssertIntEQ(BUFFER_E, wc_SrpGetPublic(&srp, public, &publicSz));
+
+ /* success */
+ publicSz = sizeof(public);
+ AssertIntEQ(0, wc_SrpSetPrivate(&srp, a, sizeof(a)));
+ AssertIntEQ(0, wc_SrpGetPublic(&srp, public, &publicSz));
+ AssertIntEQ(publicSz, sizeof(A));
+ AssertIntEQ(0, XMEMCMP(public, A, publicSz));
+
+ wc_SrpTerm(&srp);
+
+ AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_SERVER_SIDE));
+ AssertIntEQ(0, wc_SrpSetUsername(&srp, username, usernameSz));
+ AssertIntEQ(0, wc_SrpSetParams(&srp, N, sizeof(N),
+ g, sizeof(g),
+ salt, sizeof(salt)));
+
+ /* invalid call order */
+ AssertIntEQ(SRP_CALL_ORDER_E, wc_SrpGetPublic(&srp, public, &publicSz));
+
+ /* fix call order */
+ AssertIntEQ(0, wc_SrpSetVerifier(&srp, verifier, sizeof(verifier)));
+
+ /* success */
+ AssertIntEQ(0, wc_SrpSetPrivate(&srp, b, sizeof(b)));
+ AssertIntEQ(0, wc_SrpGetPublic(&srp, public, &publicSz));
+ AssertIntEQ(publicSz, sizeof(B));
+ AssertIntEQ(0, XMEMCMP(public, B, publicSz));
+
+ wc_SrpTerm(&srp);
+}
+
+static void test_SrpComputeKey(void)
+{
+ Srp cli, srv;
+ byte clientPubKey[64];
+ byte serverPubKey[64];
+ word32 clientPubKeySz = 64;
+ word32 serverPubKeySz = 64;
+
+ AssertIntEQ(0, wc_SrpInit(&cli, SRP_TYPE_SHA, SRP_CLIENT_SIDE));
+ AssertIntEQ(0, wc_SrpInit(&srv, SRP_TYPE_SHA, SRP_SERVER_SIDE));
+
+ /* invalid call order */
+ AssertIntEQ(SRP_CALL_ORDER_E, wc_SrpComputeKey(&cli,
+ clientPubKey, clientPubKeySz,
+ serverPubKey, serverPubKeySz));
+
+ /* fix call order */
+ AssertIntEQ(0, wc_SrpSetUsername(&cli, username, usernameSz));
+ AssertIntEQ(0, wc_SrpSetUsername(&srv, username, usernameSz));
+
+ AssertIntEQ(0, wc_SrpSetParams(&cli, N, sizeof(N),
+ g, sizeof(g),
+ salt, sizeof(salt)));
+ AssertIntEQ(0, wc_SrpSetParams(&srv, N, sizeof(N),
+ g, sizeof(g),
+ salt, sizeof(salt)));
+
+ AssertIntEQ(0, wc_SrpSetPassword(&cli, password, passwordSz));
+ AssertIntEQ(0, wc_SrpSetVerifier(&srv, verifier, sizeof(verifier)));
+
+ AssertIntEQ(0, wc_SrpSetPrivate(&cli, a, sizeof(a)));
+ AssertIntEQ(0, wc_SrpGetPublic(&cli, clientPubKey, &clientPubKeySz));
+ AssertIntEQ(0, XMEMCMP(clientPubKey, A, clientPubKeySz));
+ AssertIntEQ(0, wc_SrpSetPrivate(&srv, b, sizeof(b)));
+ AssertIntEQ(0, wc_SrpGetPublic(&srv, serverPubKey, &serverPubKeySz));
+ AssertIntEQ(0, XMEMCMP(serverPubKey, B, serverPubKeySz));
+
+ /* invalid params */
+ AssertIntEQ(BAD_FUNC_ARG, wc_SrpComputeKey(NULL,
+ clientPubKey, clientPubKeySz,
+ serverPubKey, serverPubKeySz));
+ AssertIntEQ(BAD_FUNC_ARG, wc_SrpComputeKey(&cli,
+ NULL, clientPubKeySz,
+ serverPubKey, serverPubKeySz));
+ AssertIntEQ(BAD_FUNC_ARG, wc_SrpComputeKey(&cli,
+ clientPubKey, 0,
+ serverPubKey, serverPubKeySz));
+ AssertIntEQ(BAD_FUNC_ARG, wc_SrpComputeKey(&cli,
+ clientPubKey, clientPubKeySz,
+ NULL, serverPubKeySz));
+ AssertIntEQ(BAD_FUNC_ARG, wc_SrpComputeKey(&cli,
+ clientPubKey, clientPubKeySz,
+ serverPubKey, 0));
+
+ /* success */
+ AssertIntEQ(0, wc_SrpComputeKey(&cli, clientPubKey, clientPubKeySz,
+ serverPubKey, serverPubKeySz));
+ AssertIntEQ(0, wc_SrpComputeKey(&srv, clientPubKey, clientPubKeySz,
+ serverPubKey, serverPubKeySz));
+ AssertIntEQ(0, XMEMCMP(cli.key, key, sizeof(key)));
+ AssertIntEQ(0, XMEMCMP(srv.key, key, sizeof(key)));
+
+ wc_SrpTerm(&cli);
+ wc_SrpTerm(&srv);
+}
+
+static void test_SrpGetProofAndVerify(void)
+{
+ Srp cli, srv;
+ byte clientPubKey[64];
+ byte serverPubKey[64];
+ word32 clientPubKeySz = 64;
+ word32 serverPubKeySz = 64;
+ byte clientProof[SRP_MAX_DIGEST_SIZE];
+ byte serverProof[SRP_MAX_DIGEST_SIZE];
+ word32 clientProofSz = SRP_MAX_DIGEST_SIZE;
+ word32 serverProofSz = SRP_MAX_DIGEST_SIZE;
+
+ AssertIntEQ(0, wc_SrpInit(&cli, SRP_TYPE_SHA, SRP_CLIENT_SIDE));
+ AssertIntEQ(0, wc_SrpInit(&srv, SRP_TYPE_SHA, SRP_SERVER_SIDE));
+
+ AssertIntEQ(0, wc_SrpSetUsername(&cli, username, usernameSz));
+ AssertIntEQ(0, wc_SrpSetUsername(&srv, username, usernameSz));
+
+ AssertIntEQ(0, wc_SrpSetParams(&cli, N, sizeof(N),
+ g, sizeof(g),
+ salt, sizeof(salt)));
+ AssertIntEQ(0, wc_SrpSetParams(&srv, N, sizeof(N),
+ g, sizeof(g),
+ salt, sizeof(salt)));
+
+ AssertIntEQ(0, wc_SrpSetPassword(&cli, password, passwordSz));
+ AssertIntEQ(0, wc_SrpSetVerifier(&srv, verifier, sizeof(verifier)));
+
+ AssertIntEQ(0, wc_SrpSetPrivate(&cli, a, sizeof(a)));
+ AssertIntEQ(0, wc_SrpGetPublic(&cli, clientPubKey, &clientPubKeySz));
+ AssertIntEQ(0, XMEMCMP(clientPubKey, A, clientPubKeySz));
+
+ AssertIntEQ(0, wc_SrpSetPrivate(&srv, b, sizeof(b)));
+ AssertIntEQ(0, wc_SrpGetPublic(&srv, serverPubKey, &serverPubKeySz));
+ AssertIntEQ(0, XMEMCMP(serverPubKey, B, serverPubKeySz));
+
+ AssertIntEQ(0, wc_SrpComputeKey(&cli, clientPubKey, clientPubKeySz,
+ serverPubKey, serverPubKeySz));
+ AssertIntEQ(0, XMEMCMP(cli.key, key, sizeof(key)));
+
+ AssertIntEQ(0, wc_SrpComputeKey(&srv, clientPubKey, clientPubKeySz,
+ serverPubKey, serverPubKeySz));
+ AssertIntEQ(0, XMEMCMP(srv.key, key, sizeof(key)));
+
+ /* invalid params */
+ serverProofSz = 0;
+ AssertIntEQ(BAD_FUNC_ARG, wc_SrpGetProof(NULL, clientProof,&clientProofSz));
+ AssertIntEQ(BAD_FUNC_ARG, wc_SrpGetProof(&cli, NULL, &clientProofSz));
+ AssertIntEQ(BAD_FUNC_ARG, wc_SrpGetProof(&cli, clientProof,NULL));
+ AssertIntEQ(BUFFER_E, wc_SrpGetProof(&srv, serverProof,&serverProofSz));
+
+ AssertIntEQ(BAD_FUNC_ARG,
+ wc_SrpVerifyPeersProof(NULL, clientProof, clientProofSz));
+ AssertIntEQ(BAD_FUNC_ARG,
+ wc_SrpVerifyPeersProof(&cli, NULL, clientProofSz));
+ AssertIntEQ(BUFFER_E,
+ wc_SrpVerifyPeersProof(&srv, serverProof, serverProofSz));
+ serverProofSz = SRP_MAX_DIGEST_SIZE;
+
+ /* success */
+ AssertIntEQ(0, wc_SrpGetProof(&cli, clientProof, &clientProofSz));
+ AssertIntEQ(0, XMEMCMP(clientProof, client_proof, sizeof(client_proof)));
+ AssertIntEQ(0, wc_SrpVerifyPeersProof(&srv, clientProof, clientProofSz));
+ AssertIntEQ(0, wc_SrpGetProof(&srv, serverProof, &serverProofSz));
+ AssertIntEQ(0, XMEMCMP(serverProof, server_proof, sizeof(server_proof)));
+ AssertIntEQ(0, wc_SrpVerifyPeersProof(&cli, serverProof, serverProofSz));
+
+ wc_SrpTerm(&cli);
+ wc_SrpTerm(&srv);
+}
+
+static int sha512_key_gen(Srp* srp, byte* secret, word32 size)
+{
+ Sha512 hash;
+ int r;
+
+ srp->key = (byte*)XMALLOC(SHA512_DIGEST_SIZE, NULL, DYNAMIC_TYPE_SRP);
+ if (srp->key == NULL)
+ return MEMORY_E;
+
+ srp->keySz = SHA512_DIGEST_SIZE;
+
+ r = wc_InitSha512(&hash);
+ if (!r) r = wc_Sha512Update(&hash, secret, size);
+ if (!r) r = wc_Sha512Final(&hash, srp->key);
+
+ XMEMSET(&hash, 0, sizeof(Sha512));
+
+ return r;
+}
+
+static void test_SrpKeyGenFunc_cb(void)
+{
+ Srp cli, srv;
+ byte clientPubKey[1024];
+ byte serverPubKey[1024];
+ word32 clientPubKeySz = 1024;
+ word32 serverPubKeySz = 1024;
+ byte clientProof[SRP_MAX_DIGEST_SIZE];
+ byte serverProof[SRP_MAX_DIGEST_SIZE];
+ word32 clientProofSz = SRP_MAX_DIGEST_SIZE;
+ word32 serverProofSz = SRP_MAX_DIGEST_SIZE;
+
+ byte username_[] = "alice";
+ word32 usernameSz_ = 5;
+
+ byte password_[] = "password123";
+ word32 passwordSz_ = 11;
+
+ byte N_[] = {
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2,
+ 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
+ 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6,
+ 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
+ 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D,
+ 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
+ 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9,
+ 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
+ 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11,
+ 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
+ 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36,
+ 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
+ 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56,
+ 0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
+ 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08,
+ 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
+ 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2,
+ 0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
+ 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7C,
+ 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
+ 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, 0x0D,
+ 0x04, 0x50, 0x7A, 0x33, 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64,
+ 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, 0x8A, 0xEA, 0x71, 0x57,
+ 0x5D, 0x06, 0x0C, 0x7D, 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7,
+ 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, 0x1E, 0x8C, 0x94, 0xE0,
+ 0x4A, 0x25, 0x61, 0x9D, 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B,
+ 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, 0xD8, 0x76, 0x02, 0x73,
+ 0x3E, 0xC8, 0x6A, 0x64, 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C,
+ 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, 0x77, 0x09, 0x88, 0xC0,
+ 0xBA, 0xD9, 0x46, 0xE2, 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31,
+ 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, 0x4B, 0x82, 0xD1, 0x20,
+ 0xA9, 0x3A, 0xD2, 0xCA, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
+ };
+
+ byte g_[] = {
+ 0x05
+ };
+
+ byte salt_[] = {
+ 0xBE, 0xB2, 0x53, 0x79, 0xD1, 0xA8, 0x58, 0x1E, 0xB5, 0xA7, 0x27, 0x67,
+ 0x3A, 0x24, 0x41, 0xEE
+ };
+
+ byte verifier_[] = {
+ 0x9B, 0x5E, 0x06, 0x17, 0x01, 0xEA, 0x7A, 0xEB, 0x39, 0xCF, 0x6E, 0x35,
+ 0x19, 0x65, 0x5A, 0x85, 0x3C, 0xF9, 0x4C, 0x75, 0xCA, 0xF2, 0x55, 0x5E,
+ 0xF1, 0xFA, 0xF7, 0x59, 0xBB, 0x79, 0xCB, 0x47, 0x70, 0x14, 0xE0, 0x4A,
+ 0x88, 0xD6, 0x8F, 0xFC, 0x05, 0x32, 0x38, 0x91, 0xD4, 0xC2, 0x05, 0xB8,
+ 0xDE, 0x81, 0xC2, 0xF2, 0x03, 0xD8, 0xFA, 0xD1, 0xB2, 0x4D, 0x2C, 0x10,
+ 0x97, 0x37, 0xF1, 0xBE, 0xBB, 0xD7, 0x1F, 0x91, 0x24, 0x47, 0xC4, 0xA0,
+ 0x3C, 0x26, 0xB9, 0xFA, 0xD8, 0xED, 0xB3, 0xE7, 0x80, 0x77, 0x8E, 0x30,
+ 0x25, 0x29, 0xED, 0x1E, 0xE1, 0x38, 0xCC, 0xFC, 0x36, 0xD4, 0xBA, 0x31,
+ 0x3C, 0xC4, 0x8B, 0x14, 0xEA, 0x8C, 0x22, 0xA0, 0x18, 0x6B, 0x22, 0x2E,
+ 0x65, 0x5F, 0x2D, 0xF5, 0x60, 0x3F, 0xD7, 0x5D, 0xF7, 0x6B, 0x3B, 0x08,
+ 0xFF, 0x89, 0x50, 0x06, 0x9A, 0xDD, 0x03, 0xA7, 0x54, 0xEE, 0x4A, 0xE8,
+ 0x85, 0x87, 0xCC, 0xE1, 0xBF, 0xDE, 0x36, 0x79, 0x4D, 0xBA, 0xE4, 0x59,
+ 0x2B, 0x7B, 0x90, 0x4F, 0x44, 0x2B, 0x04, 0x1C, 0xB1, 0x7A, 0xEB, 0xAD,
+ 0x1E, 0x3A, 0xEB, 0xE3, 0xCB, 0xE9, 0x9D, 0xE6, 0x5F, 0x4B, 0xB1, 0xFA,
+ 0x00, 0xB0, 0xE7, 0xAF, 0x06, 0x86, 0x3D, 0xB5, 0x3B, 0x02, 0x25, 0x4E,
+ 0xC6, 0x6E, 0x78, 0x1E, 0x3B, 0x62, 0xA8, 0x21, 0x2C, 0x86, 0xBE, 0xB0,
+ 0xD5, 0x0B, 0x5B, 0xA6, 0xD0, 0xB4, 0x78, 0xD8, 0xC4, 0xE9, 0xBB, 0xCE,
+ 0xC2, 0x17, 0x65, 0x32, 0x6F, 0xBD, 0x14, 0x05, 0x8D, 0x2B, 0xBD, 0xE2,
+ 0xC3, 0x30, 0x45, 0xF0, 0x38, 0x73, 0xE5, 0x39, 0x48, 0xD7, 0x8B, 0x79,
+ 0x4F, 0x07, 0x90, 0xE4, 0x8C, 0x36, 0xAE, 0xD6, 0xE8, 0x80, 0xF5, 0x57,
+ 0x42, 0x7B, 0x2F, 0xC0, 0x6D, 0xB5, 0xE1, 0xE2, 0xE1, 0xD7, 0xE6, 0x61,
+ 0xAC, 0x48, 0x2D, 0x18, 0xE5, 0x28, 0xD7, 0x29, 0x5E, 0xF7, 0x43, 0x72,
+ 0x95, 0xFF, 0x1A, 0x72, 0xD4, 0x02, 0x77, 0x17, 0x13, 0xF1, 0x68, 0x76,
+ 0xDD, 0x05, 0x0A, 0xE5, 0xB7, 0xAD, 0x53, 0xCC, 0xB9, 0x08, 0x55, 0xC9,
+ 0x39, 0x56, 0x64, 0x83, 0x58, 0xAD, 0xFD, 0x96, 0x64, 0x22, 0xF5, 0x24,
+ 0x98, 0x73, 0x2D, 0x68, 0xD1, 0xD7, 0xFB, 0xEF, 0x10, 0xD7, 0x80, 0x34,
+ 0xAB, 0x8D, 0xCB, 0x6F, 0x0F, 0xCF, 0x88, 0x5C, 0xC2, 0xB2, 0xEA, 0x2C,
+ 0x3E, 0x6A, 0xC8, 0x66, 0x09, 0xEA, 0x05, 0x8A, 0x9D, 0xA8, 0xCC, 0x63,
+ 0x53, 0x1D, 0xC9, 0x15, 0x41, 0x4D, 0xF5, 0x68, 0xB0, 0x94, 0x82, 0xDD,
+ 0xAC, 0x19, 0x54, 0xDE, 0xC7, 0xEB, 0x71, 0x4F, 0x6F, 0xF7, 0xD4, 0x4C,
+ 0xD5, 0xB8, 0x6F, 0x6B, 0xD1, 0x15, 0x81, 0x09, 0x30, 0x63, 0x7C, 0x01,
+ 0xD0, 0xF6, 0x01, 0x3B, 0xC9, 0x74, 0x0F, 0xA2, 0xC6, 0x33, 0xBA, 0x89
+ };
+
+ byte a_[] = {
+ 0x60, 0x97, 0x55, 0x27, 0x03, 0x5C, 0xF2, 0xAD, 0x19, 0x89, 0x80, 0x6F,
+ 0x04, 0x07, 0x21, 0x0B, 0xC8, 0x1E, 0xDC, 0x04, 0xE2, 0x76, 0x2A, 0x56,
+ 0xAF, 0xD5, 0x29, 0xDD, 0xDA, 0x2D, 0x43, 0x93
+ };
+
+ byte A_[] = {
+ 0xFA, 0xB6, 0xF5, 0xD2, 0x61, 0x5D, 0x1E, 0x32, 0x35, 0x12, 0xE7, 0x99,
+ 0x1C, 0xC3, 0x74, 0x43, 0xF4, 0x87, 0xDA, 0x60, 0x4C, 0xA8, 0xC9, 0x23,
+ 0x0F, 0xCB, 0x04, 0xE5, 0x41, 0xDC, 0xE6, 0x28, 0x0B, 0x27, 0xCA, 0x46,
+ 0x80, 0xB0, 0x37, 0x4F, 0x17, 0x9D, 0xC3, 0xBD, 0xC7, 0x55, 0x3F, 0xE6,
+ 0x24, 0x59, 0x79, 0x8C, 0x70, 0x1A, 0xD8, 0x64, 0xA9, 0x13, 0x90, 0xA2,
+ 0x8C, 0x93, 0xB6, 0x44, 0xAD, 0xBF, 0x9C, 0x00, 0x74, 0x5B, 0x94, 0x2B,
+ 0x79, 0xF9, 0x01, 0x2A, 0x21, 0xB9, 0xB7, 0x87, 0x82, 0x31, 0x9D, 0x83,
+ 0xA1, 0xF8, 0x36, 0x28, 0x66, 0xFB, 0xD6, 0xF4, 0x6B, 0xFC, 0x0D, 0xDB,
+ 0x2E, 0x1A, 0xB6, 0xE4, 0xB4, 0x5A, 0x99, 0x06, 0xB8, 0x2E, 0x37, 0xF0,
+ 0x5D, 0x6F, 0x97, 0xF6, 0xA3, 0xEB, 0x6E, 0x18, 0x20, 0x79, 0x75, 0x9C,
+ 0x4F, 0x68, 0x47, 0x83, 0x7B, 0x62, 0x32, 0x1A, 0xC1, 0xB4, 0xFA, 0x68,
+ 0x64, 0x1F, 0xCB, 0x4B, 0xB9, 0x8D, 0xD6, 0x97, 0xA0, 0xC7, 0x36, 0x41,
+ 0x38, 0x5F, 0x4B, 0xAB, 0x25, 0xB7, 0x93, 0x58, 0x4C, 0xC3, 0x9F, 0xC8,
+ 0xD4, 0x8D, 0x4B, 0xD8, 0x67, 0xA9, 0xA3, 0xC1, 0x0F, 0x8E, 0xA1, 0x21,
+ 0x70, 0x26, 0x8E, 0x34, 0xFE, 0x3B, 0xBE, 0x6F, 0xF8, 0x99, 0x98, 0xD6,
+ 0x0D, 0xA2, 0xF3, 0xE4, 0x28, 0x3C, 0xBE, 0xC1, 0x39, 0x3D, 0x52, 0xAF,
+ 0x72, 0x4A, 0x57, 0x23, 0x0C, 0x60, 0x4E, 0x9F, 0xBC, 0xE5, 0x83, 0xD7,
+ 0x61, 0x3E, 0x6B, 0xFF, 0xD6, 0x75, 0x96, 0xAD, 0x12, 0x1A, 0x87, 0x07,
+ 0xEE, 0xC4, 0x69, 0x44, 0x95, 0x70, 0x33, 0x68, 0x6A, 0x15, 0x5F, 0x64,
+ 0x4D, 0x5C, 0x58, 0x63, 0xB4, 0x8F, 0x61, 0xBD, 0xBF, 0x19, 0xA5, 0x3E,
+ 0xAB, 0x6D, 0xAD, 0x0A, 0x18, 0x6B, 0x8C, 0x15, 0x2E, 0x5F, 0x5D, 0x8C,
+ 0xAD, 0x4B, 0x0E, 0xF8, 0xAA, 0x4E, 0xA5, 0x00, 0x88, 0x34, 0xC3, 0xCD,
+ 0x34, 0x2E, 0x5E, 0x0F, 0x16, 0x7A, 0xD0, 0x45, 0x92, 0xCD, 0x8B, 0xD2,
+ 0x79, 0x63, 0x93, 0x98, 0xEF, 0x9E, 0x11, 0x4D, 0xFA, 0xAA, 0xB9, 0x19,
+ 0xE1, 0x4E, 0x85, 0x09, 0x89, 0x22, 0x4D, 0xDD, 0x98, 0x57, 0x6D, 0x79,
+ 0x38, 0x5D, 0x22, 0x10, 0x90, 0x2E, 0x9F, 0x9B, 0x1F, 0x2D, 0x86, 0xCF,
+ 0xA4, 0x7E, 0xE2, 0x44, 0x63, 0x54, 0x65, 0xF7, 0x10, 0x58, 0x42, 0x1A,
+ 0x01, 0x84, 0xBE, 0x51, 0xDD, 0x10, 0xCC, 0x9D, 0x07, 0x9E, 0x6F, 0x16,
+ 0x04, 0xE7, 0xAA, 0x9B, 0x7C, 0xF7, 0x88, 0x3C, 0x7D, 0x4C, 0xE1, 0x2B,
+ 0x06, 0xEB, 0xE1, 0x60, 0x81, 0xE2, 0x3F, 0x27, 0xA2, 0x31, 0xD1, 0x84,
+ 0x32, 0xD7, 0xD1, 0xBB, 0x55, 0xC2, 0x8A, 0xE2, 0x1F, 0xFC, 0xF0, 0x05,
+ 0xF5, 0x75, 0x28, 0xD1, 0x5A, 0x88, 0x88, 0x1B, 0xB3, 0xBB, 0xB7, 0xFE
+ };
+
+ byte b_[] = {
+ 0xE4, 0x87, 0xCB, 0x59, 0xD3, 0x1A, 0xC5, 0x50, 0x47, 0x1E, 0x81, 0xF0,
+ 0x0F, 0x69, 0x28, 0xE0, 0x1D, 0xDA, 0x08, 0xE9, 0x74, 0xA0, 0x04, 0xF4,
+ 0x9E, 0x61, 0xF5, 0xD1, 0x05, 0x28, 0x4D, 0x20
+ };
+
+ byte B_[] = {
+ 0x40, 0xF5, 0x70, 0x88, 0xA4, 0x82, 0xD4, 0xC7, 0x73, 0x33, 0x84, 0xFE,
+ 0x0D, 0x30, 0x1F, 0xDD, 0xCA, 0x90, 0x80, 0xAD, 0x7D, 0x4F, 0x6F, 0xDF,
+ 0x09, 0xA0, 0x10, 0x06, 0xC3, 0xCB, 0x6D, 0x56, 0x2E, 0x41, 0x63, 0x9A,
+ 0xE8, 0xFA, 0x21, 0xDE, 0x3B, 0x5D, 0xBA, 0x75, 0x85, 0xB2, 0x75, 0x58,
+ 0x9B, 0xDB, 0x27, 0x98, 0x63, 0xC5, 0x62, 0x80, 0x7B, 0x2B, 0x99, 0x08,
+ 0x3C, 0xD1, 0x42, 0x9C, 0xDB, 0xE8, 0x9E, 0x25, 0xBF, 0xBD, 0x7E, 0x3C,
+ 0xAD, 0x31, 0x73, 0xB2, 0xE3, 0xC5, 0xA0, 0xB1, 0x74, 0xDA, 0x6D, 0x53,
+ 0x91, 0xE6, 0xA0, 0x6E, 0x46, 0x5F, 0x03, 0x7A, 0x40, 0x06, 0x25, 0x48,
+ 0x39, 0xA5, 0x6B, 0xF7, 0x6D, 0xA8, 0x4B, 0x1C, 0x94, 0xE0, 0xAE, 0x20,
+ 0x85, 0x76, 0x15, 0x6F, 0xE5, 0xC1, 0x40, 0xA4, 0xBA, 0x4F, 0xFC, 0x9E,
+ 0x38, 0xC3, 0xB0, 0x7B, 0x88, 0x84, 0x5F, 0xC6, 0xF7, 0xDD, 0xDA, 0x93,
+ 0x38, 0x1F, 0xE0, 0xCA, 0x60, 0x84, 0xC4, 0xCD, 0x2D, 0x33, 0x6E, 0x54,
+ 0x51, 0xC4, 0x64, 0xCC, 0xB6, 0xEC, 0x65, 0xE7, 0xD1, 0x6E, 0x54, 0x8A,
+ 0x27, 0x3E, 0x82, 0x62, 0x84, 0xAF, 0x25, 0x59, 0xB6, 0x26, 0x42, 0x74,
+ 0x21, 0x59, 0x60, 0xFF, 0xF4, 0x7B, 0xDD, 0x63, 0xD3, 0xAF, 0xF0, 0x64,
+ 0xD6, 0x13, 0x7A, 0xF7, 0x69, 0x66, 0x1C, 0x9D, 0x4F, 0xEE, 0x47, 0x38,
+ 0x26, 0x03, 0xC8, 0x8E, 0xAA, 0x09, 0x80, 0x58, 0x1D, 0x07, 0x75, 0x84,
+ 0x61, 0xB7, 0x77, 0xE4, 0x35, 0x6D, 0xDA, 0x58, 0x35, 0x19, 0x8B, 0x51,
+ 0xFE, 0xEA, 0x30, 0x8D, 0x70, 0xF7, 0x54, 0x50, 0xB7, 0x16, 0x75, 0xC0,
+ 0x8C, 0x7D, 0x83, 0x02, 0xFD, 0x75, 0x39, 0xDD, 0x1F, 0xF2, 0xA1, 0x1C,
+ 0xB4, 0x25, 0x8A, 0xA7, 0x0D, 0x23, 0x44, 0x36, 0xAA, 0x42, 0xB6, 0xA0,
+ 0x61, 0x5F, 0x3F, 0x91, 0x5D, 0x55, 0xCC, 0x3B, 0x96, 0x6B, 0x27, 0x16,
+ 0xB3, 0x6E, 0x4D, 0x1A, 0x06, 0xCE, 0x5E, 0x5D, 0x2E, 0xA3, 0xBE, 0xE5,
+ 0xA1, 0x27, 0x0E, 0x87, 0x51, 0xDA, 0x45, 0xB6, 0x0B, 0x99, 0x7B, 0x0F,
+ 0xFD, 0xB0, 0xF9, 0x96, 0x2F, 0xEE, 0x4F, 0x03, 0xBE, 0xE7, 0x80, 0xBA,
+ 0x0A, 0x84, 0x5B, 0x1D, 0x92, 0x71, 0x42, 0x17, 0x83, 0xAE, 0x66, 0x01,
+ 0xA6, 0x1E, 0xA2, 0xE3, 0x42, 0xE4, 0xF2, 0xE8, 0xBC, 0x93, 0x5A, 0x40,
+ 0x9E, 0xAD, 0x19, 0xF2, 0x21, 0xBD, 0x1B, 0x74, 0xE2, 0x96, 0x4D, 0xD1,
+ 0x9F, 0xC8, 0x45, 0xF6, 0x0E, 0xFC, 0x09, 0x33, 0x8B, 0x60, 0xB6, 0xB2,
+ 0x56, 0xD8, 0xCA, 0xC8, 0x89, 0xCC, 0xA3, 0x06, 0xCC, 0x37, 0x0A, 0x0B,
+ 0x18, 0xC8, 0xB8, 0x86, 0xE9, 0x5D, 0xA0, 0xAF, 0x52, 0x35, 0xFE, 0xF4,
+ 0x39, 0x30, 0x20, 0xD2, 0xB7, 0xF3, 0x05, 0x69, 0x04, 0x75, 0x90, 0x42
+ };
+
+ byte key_[] = {
+ 0x5C, 0xBC, 0x21, 0x9D, 0xB0, 0x52, 0x13, 0x8E, 0xE1, 0x14, 0x8C, 0x71,
+ 0xCD, 0x44, 0x98, 0x96, 0x3D, 0x68, 0x25, 0x49, 0xCE, 0x91, 0xCA, 0x24,
+ 0xF0, 0x98, 0x46, 0x8F, 0x06, 0x01, 0x5B, 0xEB, 0x6A, 0xF2, 0x45, 0xC2,
+ 0x09, 0x3F, 0x98, 0xC3, 0x65, 0x1B, 0xCA, 0x83, 0xAB, 0x8C, 0xAB, 0x2B,
+ 0x58, 0x0B, 0xBF, 0x02, 0x18, 0x4F, 0xEF, 0xDF, 0x26, 0x14, 0x2F, 0x73,
+ 0xDF, 0x95, 0xAC, 0x50
+ };
+
+ AssertIntEQ(0, wc_SrpInit(&cli, SRP_TYPE_SHA512, SRP_CLIENT_SIDE));
+ AssertIntEQ(0, wc_SrpInit(&srv, SRP_TYPE_SHA512, SRP_SERVER_SIDE));
+
+ AssertIntEQ(0, wc_SrpSetUsername(&cli, username_, usernameSz_));
+ AssertIntEQ(0, wc_SrpSetUsername(&srv, username_, usernameSz_));
+
+ AssertIntEQ(0, wc_SrpSetParams(&cli, N_, sizeof(N_),
+ g_, sizeof(g_),
+ salt_, sizeof(salt_)));
+ AssertIntEQ(0, wc_SrpSetParams(&srv, N_, sizeof(N_),
+ g_, sizeof(g_),
+ salt_, sizeof(salt_)));
+
+ AssertIntEQ(0, wc_SrpSetPassword(&cli, password_, passwordSz_));
+ AssertIntEQ(0, wc_SrpSetVerifier(&srv, verifier_, sizeof(verifier_)));
+
+ AssertIntEQ(0, wc_SrpSetPrivate(&cli, a_, sizeof(a_)));
+ AssertIntEQ(0, wc_SrpGetPublic(&cli, clientPubKey, &clientPubKeySz));
+ AssertIntEQ(0, XMEMCMP(clientPubKey, A_, clientPubKeySz));
+
+ AssertIntEQ(0, wc_SrpSetPrivate(&srv, b_, sizeof(b_)));
+ AssertIntEQ(0, wc_SrpGetPublic(&srv, serverPubKey, &serverPubKeySz));
+ AssertIntEQ(0, XMEMCMP(serverPubKey, B_, serverPubKeySz));
+
+ cli.keyGenFunc_cb = sha512_key_gen;
+ AssertIntEQ(0, wc_SrpComputeKey(&cli, clientPubKey, clientPubKeySz,
+ serverPubKey, serverPubKeySz));
+ AssertIntEQ(0, XMEMCMP(cli.key, key_, sizeof(key_)));
+
+ srv.keyGenFunc_cb = sha512_key_gen;
+ AssertIntEQ(0, wc_SrpComputeKey(&srv, clientPubKey, clientPubKeySz,
+ serverPubKey, serverPubKeySz));
+ AssertIntEQ(0, XMEMCMP(srv.key, key_, sizeof(key_)));
+
+ AssertIntEQ(0, wc_SrpGetProof(&cli, clientProof, &clientProofSz));
+ AssertIntEQ(0, wc_SrpVerifyPeersProof(&srv, clientProof, clientProofSz));
+
+ AssertIntEQ(0, wc_SrpGetProof(&srv, serverProof, &serverProofSz));
+ AssertIntEQ(0, wc_SrpVerifyPeersProof(&cli, serverProof, serverProofSz));
+
+ wc_SrpTerm(&cli);
+ wc_SrpTerm(&srv);
+}
+
+#endif
+
+void SrpTest(void)
+{
+#ifdef WOLFCRYPT_HAVE_SRP
+ test_SrpInit();
+ test_SrpSetUsername();
+ test_SrpSetParams();
+ test_SrpSetPassword();
+ test_SrpGetPublic();
+ test_SrpComputeKey();
+ test_SrpGetProofAndVerify();
+ test_SrpKeyGenFunc_cb();
+#endif
+}
diff --git a/tests/suites.c b/tests/suites.c
index d1abc19c9..4ffe25398 100644
--- a/tests/suites.c
+++ b/tests/suites.c
@@ -36,7 +36,7 @@
#define MAX_COMMAND_SZ 240
#define MAX_SUITE_SZ 80
#define NOT_BUILT_IN -123
-#ifdef NO_OLD_TLS
+#if defined(NO_OLD_TLS) || !defined(WOLFSSL_ALLOW_SSLV3)
#define VERSION_TOO_OLD -124
#endif
@@ -52,12 +52,34 @@ static char flagSep[] = " ";
static char svrPort[] = "0";
+#ifndef WOLFSSL_ALLOW_SSLV3
+/* if the protocol version is sslv3 return 1, else 0 */
+static int IsSslVersion(const char* line)
+{
+ const char* find = "-v ";
+ const char* begin = strstr(line, find);
+
+ if (begin) {
+ int version = -1;
+
+ begin += 3;
+
+ version = atoi(begin);
+
+ if (version == 0)
+ return 1;
+ }
+
+ return 0;
+}
+#endif /* !WOLFSSL_ALLOW_SSLV3 */
+
#ifdef NO_OLD_TLS
/* if the protocol version is less than tls 1.2 return 1, else 0 */
static int IsOldTlsVersion(const char* line)
{
const char* find = "-v ";
- char* begin = strstr(line, find);
+ const char* begin = strstr(line, find);
if (begin) {
int version = -1;
@@ -71,7 +93,7 @@ static int IsOldTlsVersion(const char* line)
}
return 0;
-}
+}
#endif /* NO_OLD_TLS */
@@ -108,6 +130,15 @@ static int IsValidCipherSuite(const char* line, char* suite)
found = 1;
}
+ /* if QSH not enabled then do not use QSH suite */
+ #ifdef HAVE_QSH
+ if (strncmp(suite, "QSH", 3) == 0) {
+ if (wolfSSL_CTX_set_cipher_list(cipherSuiteCtx, suite + 4)
+ != SSL_SUCCESS)
+ return 0;
+ }
+ #endif
+
if (found) {
if (wolfSSL_CTX_set_cipher_list(cipherSuiteCtx, suite) == SSL_SUCCESS)
valid = 1;
@@ -159,6 +190,15 @@ static int execute_test_case(int svr_argc, char** svr_argv,
return NOT_BUILT_IN;
}
+#ifndef WOLFSSL_ALLOW_SSLV3
+ if (IsSslVersion(commandLine) == 1) {
+ #ifdef DEBUG_SUITE_TESTS
+ printf("protocol version on line %s is too old\n", commandLine);
+ #endif
+ return VERSION_TOO_OLD;
+ }
+#endif
+
#ifdef NO_OLD_TLS
if (IsOldTlsVersion(commandLine) == 1) {
#ifdef DEBUG_SUITE_TESTS
@@ -446,14 +486,35 @@ int SuiteTest(void)
/* any extra cases will need another argument */
args.argc = 2;
-#ifdef WOLFSSL_DTLS
+#ifdef WOLFSSL_DTLS
/* add dtls extra suites */
strcpy(argv0[1], "tests/test-dtls.conf");
printf("starting dtls extra cipher suite tests\n");
test_harness(&args);
if (args.return_code != 0) {
printf("error from script %d\n", args.return_code);
- exit(EXIT_FAILURE);
+ exit(EXIT_FAILURE);
+ }
+#endif
+#ifdef HAVE_QSH
+ /* add dtls extra suites */
+ strcpy(argv0[1], "tests/test-qsh.conf");
+ printf("starting qsh extra cipher suite tests\n");
+ test_harness(&args);
+ if (args.return_code != 0) {
+ printf("error from script %d\n", args.return_code);
+ exit(EXIT_FAILURE);
+ }
+#endif
+
+#ifndef NO_PSK
+ /* add psk extra suites */
+ strcpy(argv0[1], "tests/test-psk-no-id.conf");
+ printf("starting psk no identity extra cipher suite tests\n");
+ test_harness(&args);
+ if (args.return_code != 0) {
+ printf("error from script %d\n", args.return_code);
+ exit(EXIT_FAILURE);
}
#endif
diff --git a/tests/test-psk-no-id.conf b/tests/test-psk-no-id.conf
new file mode 100644
index 000000000..9669dc5bc
--- /dev/null
+++ b/tests/test-psk-no-id.conf
@@ -0,0 +1,154 @@
+# No Hint server TLSv1 PSK-AES128
+-s
+-I
+-v 1
+-l PSK-AES128-CBC-SHA
+
+# No Hint client TLSv1 PSK-AES128
+-s
+-v 1
+-l PSK-AES128-CBC-SHA
+
+# No Hint server TLSv1 PSK-AES256
+-s
+-I
+-v 1
+-l PSK-AES256-CBC-SHA
+
+# No Hint client TLSv1 PSK-AES256
+-s
+-v 1
+-l PSK-AES256-CBC-SHA
+
+# No Hint server TLSv1.1 PSK-AES128
+-s
+-I
+-v 2
+-l PSK-AES128-CBC-SHA
+
+# No Hint client TLSv1.1 PSK-AES128
+-s
+-v 2
+-l PSK-AES128-CBC-SHA
+
+# No Hint server TLSv1.1 PSK-AES256
+-s
+-I
+-v 2
+-l PSK-AES256-CBC-SHA
+
+# No Hint client TLSv1.1 PSK-AES256
+-s
+-v 2
+-l PSK-AES256-CBC-SHA
+
+# No Hint server TLSv1.2 PSK-AES128
+-s
+-I
+-v 3
+-l PSK-AES128-CBC-SHA
+
+# No Hint client TLSv1.2 PSK-AES128
+-s
+-v 3
+-l PSK-AES128-CBC-SHA
+
+# No Hint server TLSv1.2 PSK-AES256
+-s
+-I
+-v 3
+-l PSK-AES256-CBC-SHA
+
+# No Hint client TLSv1.2 PSK-AES256
+-s
+-v 3
+-l PSK-AES256-CBC-SHA
+
+# No Hint server TLSv1.0 PSK-AES128-SHA256
+-s
+-I
+-v 1
+-l PSK-AES128-CBC-SHA256
+
+# No Hint client TLSv1.0 PSK-AES128-SHA256
+-s
+-v 1
+-l PSK-AES128-CBC-SHA256
+
+# No Hint server TLSv1.1 PSK-AES128-SHA256
+-s
+-I
+-v 2
+-l PSK-AES128-CBC-SHA256
+
+# No Hint client TLSv1.1 PSK-AES128-SHA256
+-s
+-v 2
+-l PSK-AES128-CBC-SHA256
+
+# No Hint server TLSv1.2 PSK-AES128-SHA256
+-s
+-I
+-v 3
+-l PSK-AES128-CBC-SHA256
+
+# No Hint client TLSv1.2 PSK-AES128-SHA256
+-s
+-v 3
+-l PSK-AES128-CBC-SHA256
+
+# No Hint server TLSv1.0 PSK-AES256-SHA384
+-s
+-I
+-v 1
+-l PSK-AES256-CBC-SHA384
+
+# No Hint client TLSv1.0 PSK-AES256-SHA384
+-s
+-v 1
+-l PSK-AES256-CBC-SHA384
+
+# No Hint server TLSv1.1 PSK-AES256-SHA384
+-s
+-I
+-v 2
+-l PSK-AES256-CBC-SHA384
+
+# No Hint client TLSv1.1 PSK-AES256-SHA384
+-s
+-v 2
+-l PSK-AES256-CBC-SHA384
+
+# No Hint server TLSv1.2 PSK-AES256-SHA384
+-s
+-I
+-v 3
+-l PSK-AES256-CBC-SHA384
+
+# No Hint client TLSv1.2 PSK-AES256-SHA384
+-s
+-v 3
+-l PSK-AES256-CBC-SHA384
+
+# server TLSv1.2 PSK-AES128-GCM-SHA256
+-s
+-I
+-v 3
+-l PSK-AES128-GCM-SHA256
+
+# client TLSv1.2 PSK-AES128-GCM-SHA256
+-s
+-v 3
+-l PSK-AES128-GCM-SHA256
+
+# server TLSv1.2 PSK-AES256-GCM-SHA384
+-s
+-I
+-v 3
+-l PSK-AES256-GCM-SHA384
+
+# client TLSv1.2 PSK-AES256-GCM-SHA384
+-s
+-v 3
+-l PSK-AES256-GCM-SHA384
+
diff --git a/tests/test-qsh.conf b/tests/test-qsh.conf
new file mode 100644
index 000000000..0f59c428f
--- /dev/null
+++ b/tests/test-qsh.conf
@@ -0,0 +1,2024 @@
+# server TLSv1 DHE-RSA-CHACHA20-POLY1305
+-v 1
+-l QSH:DHE-RSA-CHACHA20-POLY1305
+
+# client TLSv1 DHE-RSA-CHACHA20-POLY1305
+-v 1
+-l QSH:DHE-RSA-CHACHA20-POLY1305
+
+# server TLSv1 ECDHE-EDCSA-CHACHA20-POLY1305
+-v 1
+-l QSH:ECDHE-ECDSA-CHACHA20-POLY1305
+-c ./certs/server-ecc.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1 ECDHE-ECDSA-CHACHA20-POLY1305
+-v 1
+-l QSH:ECDHE-ECDSA-CHACHA20-POLY1305
+-A ./certs/server-ecc.pem
+
+# server TLSv1 ECDHE-RSA-CHACHA20-POLY1305
+-v 1
+-l QSH:ECDHE-RSA-CHACHA20-POLY1305
+
+# client TLSv1 ECDHE-RSA-CHACHA20-POLY1305
+-v 1
+-l QSH:ECDHE-RSA-CHACHA20-POLY1305
+
+# server TLSv1.1 DHE-RSA-CHACHA20-POLY1305
+-v 2
+-l QSH:DHE-RSA-CHACHA20-POLY1305
+
+# client TLSv1.1 DHE-RSA-CHACHA20-POLY1305
+-v 2
+-l QSH:DHE-RSA-CHACHA20-POLY1305
+
+# server TLSv1.1 ECDHE-RSA-CHACHA20-POLY1305
+-v 2
+-l QSH:ECDHE-RSA-CHACHA20-POLY1305
+
+# client TLSv1.1 ECDHE-RSA-CHACHA20-POLY1305
+-v 2
+-l QSH:ECDHE-RSA-CHACHA20-POLY1305
+
+# server TLSv1.1 ECDHE-EDCSA-CHACHA20-POLY1305
+-v 2
+-l QSH:ECDHE-ECDSA-CHACHA20-POLY1305
+-c ./certs/server-ecc.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1.1 ECDHE-ECDSA-CHACHA20-POLY1305
+-v 2
+-l QSH:ECDHE-ECDSA-CHACHA20-POLY1305
+-A ./certs/server-ecc.pem
+
+# server TLSv1.2 DHE-RSA-CHACHA20-POLY1305
+-v 3
+-l QSH:DHE-RSA-CHACHA20-POLY1305
+
+# client TLSv1.2 DHE-RSA-CHACHA20-POLY1305
+-v 3
+-l QSH:DHE-RSA-CHACHA20-POLY1305
+
+# server TLSv1.2 ECDHE-RSA-CHACHA20-POLY1305
+-v 3
+-l QSH:ECDHE-RSA-CHACHA20-POLY1305
+
+# client TLSv1.2 ECDHE-RSA-CHACHA20-POLY1305
+-v 3
+-l QSH:ECDHE-RSA-CHACHA20-POLY1305
+
+# server TLSv1.2 ECDHE-EDCSA-CHACHA20-POLY1305
+-v 3
+-l QSH:ECDHE-ECDSA-CHACHA20-POLY1305
+-c ./certs/server-ecc.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305
+-v 3
+-l QSH:ECDHE-ECDSA-CHACHA20-POLY1305
+-A ./certs/server-ecc.pem
+
+# server SSLv3 RC4-SHA
+-v 0
+-l QSH:RC4-SHA
+
+# client SSLv3 RC4-SHA
+-v 0
+-l QSH:RC4-SHA
+
+# server SSLv3 RC4-MD5
+-v 0
+-l QSH:RC4-MD5
+
+# client SSLv3 RC4-MD5
+-v 0
+-l QSH:RC4-MD5
+
+# server SSLv3 DES-CBC3-SHA
+-v 0
+-l QSH:DES-CBC3-SHA
+
+# client SSLv3 DES-CBC3-SHA
+-v 0
+-l QSH:DES-CBC3-SHA
+
+# server TLSv1 RC4-SHA
+-v 1
+-l QSH:RC4-SHA
+
+# client TLSv1 RC4-SHA
+-v 1
+-l QSH:RC4-SHA
+
+# server TLSv1 RC4-MD5
+-v 1
+-l QSH:RC4-MD5
+
+# client TLSv1 RC4-MD5
+-v 1
+-l QSH:RC4-MD5
+
+# server TLSv1 DES-CBC3-SHA
+-v 1
+-l QSH:DES-CBC3-SHA
+
+# client TLSv1 DES-CBC3-SHA
+-v 1
+-l QSH:DES-CBC3-SHA
+
+# server TLSv1 AES128-SHA
+-v 1
+-l QSH:AES128-SHA
+
+# client TLSv1 AES128-SHA
+-v 1
+-l QSH:AES128-SHA
+
+# server TLSv1 AES256-SHA
+-v 1
+-l QSH:AES256-SHA
+
+# client TLSv1 AES256-SHA
+-v 1
+-l QSH:AES256-SHA
+
+# server TLSv1 AES128-SHA256
+-v 1
+-l QSH:AES128-SHA256
+
+# client TLSv1 AES128-SHA256
+-v 1
+-l QSH:AES128-SHA256
+
+# server TLSv1 AES256-SHA256
+-v 1
+-l QSH:AES256-SHA256
+
+# client TLSv1 AES256-SHA256
+-v 1
+-l QSH:AES256-SHA256
+
+# server TLSv1.1 RC4-SHA
+-v 2
+-l QSH:RC4-SHA
+
+# client TLSv1.1 RC4-SHA
+-v 2
+-l QSH:RC4-SHA
+
+# server TLSv1.1 RC4-MD5
+-v 2
+-l QSH:RC4-MD5
+
+# client TLSv1.1 RC4-MD5
+-v 2
+-l QSH:RC4-MD5
+
+# server TLSv1.1 DES-CBC3-SHA
+-v 2
+-l QSH:DES-CBC3-SHA
+
+# client TLSv1.1 DES-CBC3-SHA
+-v 2
+-l QSH:DES-CBC3-SHA
+
+# server TLSv1.1 AES128-SHA
+-v 2
+-l QSH:AES128-SHA
+
+# client TLSv1.1 AES128-SHA
+-v 2
+-l QSH:AES128-SHA
+
+# server TLSv1.1 AES256-SHA
+-v 2
+-l QSH:AES256-SHA
+
+# client TLSv1.1 AES256-SHA
+-v 2
+-l QSH:AES256-SHA
+
+# server TLSv1.1 AES128-SHA256
+-v 2
+-l QSH:AES128-SHA256
+
+# client TLSv1.1 AES128-SHA256
+-v 2
+-l QSH:AES128-SHA256
+
+# server TLSv1.1 AES256-SHA256
+-v 2
+-l QSH:AES256-SHA256
+
+# client TLSv1.1 AES256-SHA256
+-v 2
+-l QSH:AES256-SHA256
+
+# server TLSv1.2 RC4-SHA
+-v 3
+-l QSH:RC4-SHA
+
+# client TLSv1.2 RC4-SHA
+-v 3
+-l QSH:RC4-SHA
+
+# server TLSv1.2 RC4-MD5
+-v 3
+-l QSH:RC4-MD5
+
+# client TLSv1.2 RC4-MD5
+-v 3
+-l QSH:RC4-MD5
+
+# server TLSv1.2 DES-CBC3-SHA
+-v 3
+-l QSH:DES-CBC3-SHA
+
+# client TLSv1.2 DES-CBC3-SHA
+-v 3
+-l QSH:DES-CBC3-SHA
+
+# server TLSv1.2 AES128-SHA
+-v 3
+-l QSH:AES128-SHA
+
+# client TLSv1.2 AES128-SHA
+-v 3
+-l QSH:AES128-SHA
+
+# server TLSv1.2 AES256-SHA
+-v 3
+-l QSH:AES256-SHA
+
+# client TLSv1.2 AES256-SHA
+-v 3
+-l QSH:AES256-SHA
+
+# server TLSv1.2 AES128-SHA256
+-v 3
+-l QSH:AES128-SHA256
+
+# client TLSv1.2 AES128-SHA256
+-v 3
+-l QSH:AES128-SHA256
+
+# server TLSv1.2 AES256-SHA256
+-v 3
+-l QSH:AES256-SHA256
+
+# client TLSv1.2 AES256-SHA256
+-v 3
+-l QSH:AES256-SHA256
+
+# server TLSv1 ECDHE-RSA-RC4
+-v 1
+-l QSH:ECDHE-RSA-RC4-SHA
+
+# client TLSv1 ECDHE-RSA-RC4
+-v 1
+-l QSH:ECDHE-RSA-RC4-SHA
+
+# server TLSv1 ECDHE-RSA-DES3
+-v 1
+-l QSH:ECDHE-RSA-DES-CBC3-SHA
+
+# client TLSv1 ECDHE-RSA-DES3
+-v 1
+-l QSH:ECDHE-RSA-DES-CBC3-SHA
+
+# server TLSv1 ECDHE-RSA-AES128
+-v 1
+-l QSH:ECDHE-RSA-AES128-SHA
+
+# client TLSv1 ECDHE-RSA-AES128
+-v 1
+-l QSH:ECDHE-RSA-AES128-SHA
+
+# server TLSv1 ECDHE-RSA-AES256
+-v 1
+-l QSH:ECDHE-RSA-AES256-SHA
+
+# client TLSv1 ECDHE-RSA-AES256
+-v 1
+-l QSH:ECDHE-RSA-AES256-SHA
+
+# server TLSv1.1 ECDHE-RSA-RC4
+-v 2
+-l QSH:ECDHE-RSA-RC4-SHA
+
+# client TLSv1.1 ECDHE-RSA-RC4
+-v 2
+-l QSH:ECDHE-RSA-RC4-SHA
+
+# server TLSv1.1 ECDHE-RSA-DES3
+-v 2
+-l QSH:ECDHE-RSA-DES-CBC3-SHA
+
+# client TLSv1.1 ECDHE-RSA-DES3
+-v 2
+-l QSH:ECDHE-RSA-DES-CBC3-SHA
+
+# server TLSv1.1 ECDHE-RSA-AES128
+-v 2
+-l QSH:ECDHE-RSA-AES128-SHA
+
+# client TLSv1.1 ECDHE-RSA-AES128
+-v 2
+-l QSH:ECDHE-RSA-AES128-SHA
+
+# server TLSv1.1 ECDHE-RSA-AES256
+-v 2
+-l QSH:ECDHE-RSA-AES256-SHA
+
+# client TLSv1.1 ECDHE-RSA-AES256
+-v 2
+-l QSH:ECDHE-RSA-AES256-SHA
+
+# server TLSv1.2 ECDHE-RSA-RC4
+-v 3
+-l QSH:ECDHE-RSA-RC4-SHA
+
+# client TLSv1.2 ECDHE-RSA-RC4
+-v 3
+-l QSH:ECDHE-RSA-RC4-SHA
+
+# server TLSv1.2 ECDHE-RSA-DES3
+-v 3
+-l QSH:ECDHE-RSA-DES-CBC3-SHA
+
+# client TLSv1.2 ECDHE-RSA-DES3
+-v 3
+-l QSH:ECDHE-RSA-DES-CBC3-SHA
+
+# server TLSv1.2 ECDHE-RSA-AES128
+-v 3
+-l QSH:ECDHE-RSA-AES128-SHA
+
+# client TLSv1.2 ECDHE-RSA-AES128
+-v 3
+-l QSH:ECDHE-RSA-AES128-SHA
+
+# server TLSv1.2 ECDHE-RSA-AES128-SHA256
+-v 3
+-l QSH:ECDHE-RSA-AES128-SHA256
+
+# client TLSv1.2 ECDHE-RSA-AES128-SHA256
+-v 3
+-l QSH:ECDHE-RSA-AES128-SHA256
+
+# server TLSv1.2 ECDHE-RSA-AES256
+-v 3
+-l QSH:ECDHE-RSA-AES256-SHA
+
+# client TLSv1.2 ECDHE-RSA-AES256
+-v 3
+-l QSH:ECDHE-RSA-AES256-SHA
+
+# server TLSv1 ECDHE-ECDSA-RC4
+-v 1
+-l QSH:ECDHE-ECDSA-RC4-SHA
+-c ./certs/server-ecc.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1 ECDHE-ECDSA-RC4
+-v 1
+-l QSH:ECDHE-ECDSA-RC4-SHA
+-A ./certs/server-ecc.pem
+
+# server TLSv1 ECDHE-ECDSA-DES3
+-v 1
+-l QSH:ECDHE-ECDSA-DES-CBC3-SHA
+-c ./certs/server-ecc.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1 ECDHE-ECDSA-DES3
+-v 1
+-l QSH:ECDHE-ECDSA-DES-CBC3-SHA
+-A ./certs/server-ecc.pem
+
+# server TLSv1 ECDHE-ECDSA-AES128
+-v 1
+-l QSH:ECDHE-ECDSA-AES128-SHA
+-c ./certs/server-ecc.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1 ECDHE-ECDSA-AES128
+-v 1
+-l QSH:ECDHE-ECDSA-AES128-SHA
+-A ./certs/server-ecc.pem
+
+# server TLSv1 ECDHE-ECDSA-AES256
+-v 1
+-l QSH:ECDHE-ECDSA-AES256-SHA
+-c ./certs/server-ecc.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1 ECDHE-ECDSA-AES256
+-v 1
+-l QSH:ECDHE-ECDSA-AES256-SHA
+-A ./certs/server-ecc.pem
+
+# server TLSv1.1 ECDHE-EDCSA-RC4
+-v 2
+-l QSH:ECDHE-ECDSA-RC4-SHA
+-c ./certs/server-ecc.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1.1 ECDHE-ECDSA-RC4
+-v 2
+-l QSH:ECDHE-ECDSA-RC4-SHA
+-A ./certs/server-ecc.pem
+
+# server TLSv1.1 ECDHE-ECDSA-DES3
+-v 2
+-l QSH:ECDHE-ECDSA-DES-CBC3-SHA
+-c ./certs/server-ecc.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1.1 ECDHE-ECDSA-DES3
+-v 2
+-l QSH:ECDHE-ECDSA-DES-CBC3-SHA
+-A ./certs/server-ecc.pem
+
+# server TLSv1.1 ECDHE-ECDSA-AES128
+-v 2
+-l QSH:ECDHE-ECDSA-AES128-SHA
+-c ./certs/server-ecc.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1.1 ECDHE-ECDSA-AES128
+-v 2
+-l QSH:ECDHE-ECDSA-AES128-SHA
+-A ./certs/server-ecc.pem
+
+# server TLSv1.1 ECDHE-ECDSA-AES256
+-v 2
+-l QSH:ECDHE-ECDSA-AES256-SHA
+-c ./certs/server-ecc.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1.1 ECDHE-ECDSA-AES256
+-v 2
+-l QSH:ECDHE-ECDSA-AES256-SHA
+-A ./certs/server-ecc.pem
+
+# server TLSv1.2 ECDHE-ECDSA-RC4
+-v 3
+-l QSH:ECDHE-ECDSA-RC4-SHA
+-c ./certs/server-ecc.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1.2 ECDHE-ECDSA-RC4
+-v 3
+-l QSH:ECDHE-ECDSA-RC4-SHA
+-A ./certs/server-ecc.pem
+
+# server TLSv1.2 ECDHE-ECDSA-DES3
+-v 3
+-l QSH:ECDHE-ECDSA-DES-CBC3-SHA
+-c ./certs/server-ecc.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1.2 ECDHE-ECDSA-DES3
+-v 3
+-l QSH:ECDHE-ECDSA-DES-CBC3-SHA
+-A ./certs/server-ecc.pem
+
+# server TLSv1.2 ECDHE-ECDSA-AES128
+-v 3
+-l QSH:ECDHE-ECDSA-AES128-SHA
+-c ./certs/server-ecc.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1.2 ECDHE-ECDSA-AES128
+-v 3
+-l QSH:ECDHE-ECDSA-AES128-SHA
+-A ./certs/server-ecc.pem
+
+# server TLSv1.2 ECDHE-ECDSA-AES128-SHA256
+-v 3
+-l QSH:ECDHE-ECDSA-AES128-SHA256
+-c ./certs/server-ecc.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1.2 ECDHE-ECDSA-AES128-SHA256
+-v 3
+-l QSH:ECDHE-ECDSA-AES128-SHA256
+-A ./certs/server-ecc.pem
+
+# server TLSv1.2 ECDHE-ECDSA-AES256
+-v 3
+-l QSH:ECDHE-ECDSA-AES256-SHA
+-c ./certs/server-ecc.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1.2 ECDHE-ECDSA-AES256
+-v 3
+-l QSH:ECDHE-ECDSA-AES256-SHA
+-A ./certs/server-ecc.pem
+
+# server TLSv1 ECDH-RSA-RC4
+-v 1
+-l QSH:ECDH-RSA-RC4-SHA
+-c ./certs/server-ecc-rsa.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1 ECDH-RSA-RC4
+-v 1
+-l QSH:ECDH-RSA-RC4-SHA
+
+# server TLSv1 ECDH-RSA-DES3
+-v 1
+-l QSH:ECDH-RSA-DES-CBC3-SHA
+-c ./certs/server-ecc-rsa.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1 ECDH-RSA-DES3
+-v 1
+-l QSH:ECDH-RSA-DES-CBC3-SHA
+
+# server TLSv1 ECDH-RSA-AES128
+-v 1
+-l QSH:ECDH-RSA-AES128-SHA
+-c ./certs/server-ecc-rsa.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1 ECDH-RSA-AES128
+-v 1
+-l QSH:ECDH-RSA-AES128-SHA
+
+# server TLSv1 ECDH-RSA-AES256
+-v 1
+-l QSH:ECDH-RSA-AES256-SHA
+-c ./certs/server-ecc-rsa.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1 ECDH-RSA-AES256
+-v 1
+-l QSH:ECDH-RSA-AES256-SHA
+
+# server TLSv1.1 ECDH-RSA-RC4
+-v 2
+-l QSH:ECDH-RSA-RC4-SHA
+-c ./certs/server-ecc-rsa.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1.1 ECDH-RSA-RC4
+-v 2
+-l QSH:ECDH-RSA-RC4-SHA
+
+# server TLSv1.1 ECDH-RSA-DES3
+-v 2
+-l QSH:ECDH-RSA-DES-CBC3-SHA
+-c ./certs/server-ecc-rsa.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1.1 ECDH-RSA-DES3
+-v 2
+-l QSH:ECDH-RSA-DES-CBC3-SHA
+
+# server TLSv1.1 ECDH-RSA-AES128
+-v 2
+-l QSH:ECDH-RSA-AES128-SHA
+-c ./certs/server-ecc-rsa.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1.1 ECDH-RSA-AES128
+-v 2
+-l QSH:ECDH-RSA-AES128-SHA
+
+# server TLSv1.1 ECDH-RSA-AES256
+-v 2
+-l QSH:ECDH-RSA-AES256-SHA
+-c ./certs/server-ecc-rsa.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1.1 ECDH-RSA-AES256
+-v 2
+-l QSH:ECDH-RSA-AES256-SHA
+
+# server TLSv1.2 ECDH-RSA-RC4
+-v 3
+-l QSH:ECDH-RSA-RC4-SHA
+-c ./certs/server-ecc-rsa.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1.2 ECDH-RSA-RC4
+-v 3
+-l QSH:ECDH-RSA-RC4-SHA
+
+# server TLSv1.2 ECDH-RSA-DES3
+-v 3
+-l QSH:ECDH-RSA-DES-CBC3-SHA
+-c ./certs/server-ecc-rsa.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1.2 ECDH-RSA-DES3
+-v 3
+-l QSH:ECDH-RSA-DES-CBC3-SHA
+
+# server TLSv1.2 ECDH-RSA-AES128
+-v 3
+-l QSH:ECDH-RSA-AES128-SHA
+-c ./certs/server-ecc-rsa.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1.2 ECDH-RSA-AES128
+-v 3
+-l QSH:ECDH-RSA-AES128-SHA
+
+# server TLSv1.2 ECDH-RSA-AES128-SHA256
+-v 3
+-l QSH:ECDH-RSA-AES128-SHA256
+-c ./certs/server-ecc-rsa.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1.2 ECDH-RSA-AES128-SHA256
+-v 3
+-l QSH:ECDH-RSA-AES128-SHA256
+
+# server TLSv1.2 ECDH-RSA-AES256
+-v 3
+-l QSH:ECDH-RSA-AES256-SHA
+-c ./certs/server-ecc-rsa.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1.2 ECDH-RSA-AES256
+-v 3
+-l QSH:ECDH-RSA-AES256-SHA
+
+# server TLSv1 ECDH-ECDSA-RC4
+-v 1
+-l QSH:ECDH-ECDSA-RC4-SHA
+-c ./certs/server-ecc.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1 ECDH-ECDSA-RC4
+-v 1
+-l QSH:ECDH-ECDSA-RC4-SHA
+-A ./certs/server-ecc.pem
+
+# server TLSv1 ECDH-ECDSA-DES3
+-v 1
+-l QSH:ECDH-ECDSA-DES-CBC3-SHA
+-c ./certs/server-ecc.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1 ECDH-ECDSA-DES3
+-v 1
+-l QSH:ECDH-ECDSA-DES-CBC3-SHA
+-A ./certs/server-ecc.pem
+
+# server TLSv1 ECDH-ECDSA-AES128
+-v 1
+-l QSH:ECDH-ECDSA-AES128-SHA
+-c ./certs/server-ecc.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1 ECDH-ECDSA-AES128
+-v 1
+-l QSH:ECDH-ECDSA-AES128-SHA
+-A ./certs/server-ecc.pem
+
+# server TLSv1 ECDH-ECDSA-AES256
+-v 1
+-l QSH:ECDH-ECDSA-AES256-SHA
+-c ./certs/server-ecc.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1 ECDH-ECDSA-AES256
+-v 1
+-l QSH:ECDH-ECDSA-AES256-SHA
+-A ./certs/server-ecc.pem
+
+# server TLSv1.1 ECDH-EDCSA-RC4
+-v 2
+-l QSH:ECDH-ECDSA-RC4-SHA
+-c ./certs/server-ecc.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1.1 ECDH-ECDSA-RC4
+-v 2
+-l QSH:ECDH-ECDSA-RC4-SHA
+-A ./certs/server-ecc.pem
+
+# server TLSv1.1 ECDH-ECDSA-DES3
+-v 2
+-l QSH:ECDH-ECDSA-DES-CBC3-SHA
+-c ./certs/server-ecc.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1.1 ECDH-ECDSA-DES3
+-v 2
+-l QSH:ECDH-ECDSA-DES-CBC3-SHA
+-A ./certs/server-ecc.pem
+
+# server TLSv1.1 ECDH-ECDSA-AES128
+-v 2
+-l QSH:ECDH-ECDSA-AES128-SHA
+-c ./certs/server-ecc.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1.1 ECDH-ECDSA-AES128
+-v 2
+-l QSH:ECDH-ECDSA-AES128-SHA
+-A ./certs/server-ecc.pem
+
+# server TLSv1.1 ECDH-ECDSA-AES256
+-v 2
+-l QSH:ECDH-ECDSA-AES256-SHA
+-c ./certs/server-ecc.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1.1 ECDH-ECDSA-AES256
+-v 2
+-l QSH:ECDH-ECDSA-AES256-SHA
+-A ./certs/server-ecc.pem
+
+# server TLSv1.2 ECDHE-ECDSA-RC4
+-v 3
+-l QSH:ECDH-ECDSA-RC4-SHA
+-c ./certs/server-ecc.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1.2 ECDH-ECDSA-RC4
+-v 3
+-l QSH:ECDH-ECDSA-RC4-SHA
+-A ./certs/server-ecc.pem
+
+# server TLSv1.2 ECDH-ECDSA-DES3
+-v 3
+-l QSH:ECDH-ECDSA-DES-CBC3-SHA
+-c ./certs/server-ecc.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1.2 ECDH-ECDSA-DES3
+-v 3
+-l QSH:ECDH-ECDSA-DES-CBC3-SHA
+-A ./certs/server-ecc.pem
+
+# server TLSv1.2 ECDH-ECDSA-AES128
+-v 3
+-l QSH:ECDH-ECDSA-AES128-SHA
+-c ./certs/server-ecc.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1.2 ECDH-ECDSA-AES128
+-v 3
+-l QSH:ECDH-ECDSA-AES128-SHA
+-A ./certs/server-ecc.pem
+
+# server TLSv1.2 ECDH-ECDSA-AES128-SHA256
+-v 3
+-l QSH:ECDH-ECDSA-AES128-SHA256
+-c ./certs/server-ecc.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1.2 ECDH-ECDSA-AES128-SHA256
+-v 3
+-l QSH:ECDH-ECDSA-AES128-SHA256
+-A ./certs/server-ecc.pem
+
+# server TLSv1.2 ECDH-ECDSA-AES256
+-v 3
+-l QSH:ECDH-ECDSA-AES256-SHA
+-c ./certs/server-ecc.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1.2 ECDH-ECDSA-AES256
+-v 3
+-l QSH:ECDH-ECDSA-AES256-SHA
+-A ./certs/server-ecc.pem
+
+# server TLSv1.2 ECDHE-RSA-AES256-SHA384
+-v 3
+-l QSH:ECDHE-RSA-AES256-SHA384
+
+# client TLSv1.2 ECDHE-RSA-AES256-SHA384
+-v 3
+-l QSH:ECDHE-RSA-AES256-SHA384
+
+# server TLSv1.2 ECDHE-ECDSA-AES256-SHA384
+-v 3
+-l QSH:ECDHE-ECDSA-AES256-SHA384
+-c ./certs/server-ecc.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1.2 ECDHE-ECDSA-AES256-SHA384
+-v 3
+-l QSH:ECDHE-ECDSA-AES256-SHA384
+-A ./certs/server-ecc.pem
+
+# server TLSv1.2 ECDH-RSA-AES256-SHA384
+-v 3
+-l QSH:ECDH-RSA-AES256-SHA384
+-c ./certs/server-ecc-rsa.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1.2 ECDH-RSA-AES256-SHA384
+-v 3
+-l QSH:ECDH-RSA-AES256-SHA384
+
+# server TLSv1.2 ECDH-ECDSA-AES256-SHA384
+-v 3
+-l QSH:ECDH-ECDSA-AES256-SHA384
+-c ./certs/server-ecc.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1.2 ECDH-ECDSA-AES256-SHA384
+-v 3
+-l QSH:ECDH-ECDSA-AES256-SHA384
+-A ./certs/server-ecc.pem
+
+# server TLSv1 HC128-SHA
+-v 1
+-l QSH:HC128-SHA
+
+# client TLSv1 HC128-SHA
+-v 1
+-l QSH:HC128-SHA
+
+# server TLSv1 HC128-MD5
+-v 1
+-l QSH:HC128-MD5
+
+# client TLSv1 HC128-MD5
+-v 1
+-l QSH:HC128-MD5
+
+# server TLSv1 HC128-B2B256
+-v 1
+-l QSH:HC128-B2B256
+
+# client TLSv1 HC128-B2B256
+-v 1
+-l QSH:HC128-B2B256
+
+# server TLSv1 AES128-B2B256
+-v 1
+-l QSH:AES128-B2B256
+
+# client TLSv1 AES128-B2B256
+-v 1
+-l QSH:AES128-B2B256
+
+# server TLSv1 AES256-B2B256
+-v 1
+-l QSH:AES256-B2B256
+
+# client TLSv1 AES256-B2B256
+-v 1
+-l QSH:AES256-B2B256
+
+# server TLSv1.1 HC128-SHA
+-v 2
+-l QSH:HC128-SHA
+
+# client TLSv1.1 HC128-SHA
+-v 2
+-l QSH:HC128-SHA
+
+# server TLSv1.1 HC128-MD5
+-v 2
+-l QSH:HC128-MD5
+
+# client TLSv1.1 HC128-MD5
+-v 2
+-l QSH:HC128-MD5
+
+# server TLSv1.1 HC128-B2B256
+-v 2
+-l QSH:HC128-B2B256
+
+# client TLSv1.1 HC128-B2B256
+-v 2
+-l QSH:HC128-B2B256
+
+# server TLSv1.1 AES128-B2B256
+-v 2
+-l QSH:AES128-B2B256
+
+# client TLSv1.1 AES128-B2B256
+-v 2
+-l QSH:AES128-B2B256
+
+# server TLSv1.1 AES256-B2B256
+-v 2
+-l QSH:AES256-B2B256
+
+# client TLSv1.1 AES256-B2B256
+-v 2
+-l QSH:AES256-B2B256
+
+# server TLSv1.2 HC128-SHA
+-v 3
+-l QSH:HC128-SHA
+
+# client TLSv1.2 HC128-SHA
+-v 3
+-l QSH:HC128-SHA
+
+# server TLSv1.2 HC128-MD5
+-v 3
+-l QSH:HC128-MD5
+
+# client TLSv1.2 HC128-MD5
+-v 3
+-l QSH:HC128-MD5
+
+# server TLSv1.2 HC128-B2B256
+-v 3
+-l QSH:HC128-B2B256
+
+# client TLSv1.2 HC128-B2B256
+-v 3
+-l QSH:HC128-B2B256
+
+# server TLSv1.2 AES128-B2B256
+-v 3
+-l QSH:AES128-B2B256
+
+# client TLSv1.2 AES128-B2B256
+-v 3
+-l QSH:AES128-B2B256
+
+# server TLSv1.2 AES256-B2B256
+-v 3
+-l QSH:AES256-B2B256
+
+# client TLSv1.2 AES256-B2B256
+-v 3
+-l QSH:AES256-B2B256
+
+# server TLSv1 RABBIT-SHA
+-v 1
+-l QSH:RABBIT-SHA
+
+# client TLSv1 RABBIT-SHA
+-v 1
+-l QSH:RABBIT-SHA
+
+# server TLSv1.1 RABBIT-SHA
+-v 2
+-l QSH:RABBIT-SHA
+
+# client TLSv1.1 RABBIT-SHA
+-v 2
+-l QSH:RABBIT-SHA
+
+# server TLSv1.2 RABBIT-SHA
+-v 3
+-l QSH:RABBIT-SHA
+
+# client TLSv1.2 RABBIT-SHA
+-v 3
+-l QSH:RABBIT-SHA
+
+# server TLSv1 DHE AES128
+-v 1
+-l QSH:DHE-RSA-AES128-SHA
+
+# client TLSv1 DHE AES128
+-v 1
+-l QSH:DHE-RSA-AES128-SHA
+
+# server TLSv1 DHE AES256
+-v 1
+-l QSH:DHE-RSA-AES256-SHA
+
+# client TLSv1 DHE AES256
+-v 1
+-l QSH:DHE-RSA-AES256-SHA
+
+# server TLSv1 DHE AES128-SHA256
+-v 1
+-l QSH:DHE-RSA-AES128-SHA256
+
+# client TLSv1 DHE AES128-SHA256
+-v 1
+-l QSH:DHE-RSA-AES128-SHA256
+
+# server TLSv1 DHE AES256-SHA256
+-v 1
+-l QSH:DHE-RSA-AES256-SHA256
+
+# client TLSv1 DHE AES256-SHA256
+-v 1
+-l QSH:DHE-RSA-AES256-SHA256
+
+# server TLSv1.1 DHE AES128
+-v 2
+-l QSH:DHE-RSA-AES128-SHA
+
+# client TLSv1.1 DHE AES128
+-v 2
+-l QSH:DHE-RSA-AES128-SHA
+
+# server TLSv1.1 DHE AES256
+-v 2
+-l QSH:DHE-RSA-AES256-SHA
+
+# client TLSv1.1 DHE AES256
+-v 2
+-l QSH:DHE-RSA-AES256-SHA
+
+# server TLSv1.1 DHE AES128-SHA256
+-v 2
+-l QSH:DHE-RSA-AES128-SHA256
+
+# client TLSv1.1 DHE AES128-SHA256
+-v 2
+-l QSH:DHE-RSA-AES128-SHA256
+
+# server TLSv1.1 DHE AES256-SHA256
+-v 2
+-l QSH:DHE-RSA-AES256-SHA256
+
+# client TLSv1.1 DHE AES256-SHA256
+-v 2
+-l QSH:DHE-RSA-AES256-SHA256
+
+# server TLSv1.2 DHE AES128
+-v 3
+-l QSH:DHE-RSA-AES128-SHA
+
+# client TLSv1.2 DHE AES128
+-v 3
+-l QSH:DHE-RSA-AES128-SHA
+
+# server TLSv1.2 DHE AES256
+-v 3
+-l QSH:DHE-RSA-AES256-SHA
+
+# client TLSv1.2 DHE AES256
+-v 3
+-l QSH:DHE-RSA-AES256-SHA
+
+# server TLSv1.2 DHE AES128-SHA256
+-v 3
+-l QSH:DHE-RSA-AES128-SHA256
+
+# client TLSv1.2 DHE AES128-SHA256
+-v 3
+-l QSH:DHE-RSA-AES128-SHA256
+
+# server TLSv1.2 DHE AES256-SHA256
+-v 3
+-l QSH:DHE-RSA-AES256-SHA256
+
+# client TLSv1.2 DHE AES256-SHA256
+-v 3
+-l QSH:DHE-RSA-AES256-SHA256
+
+# server TLSv1 PSK-AES128
+-s
+-v 1
+-l QSH:PSK-AES128-CBC-SHA
+
+# client TLSv1 PSK-AES128
+-s
+-v 1
+-l QSH:PSK-AES128-CBC-SHA
+
+# server TLSv1 PSK-AES256
+-s
+-v 1
+-l QSH:PSK-AES256-CBC-SHA
+
+# client TLSv1 PSK-AES256
+-s
+-v 1
+-l QSH:PSK-AES256-CBC-SHA
+
+# server TLSv1.1 PSK-AES128
+-s
+-v 2
+-l QSH:PSK-AES128-CBC-SHA
+
+# client TLSv1.1 PSK-AES128
+-s
+-v 2
+-l QSH:PSK-AES128-CBC-SHA
+
+# server TLSv1.1 PSK-AES256
+-s
+-v 2
+-l QSH:PSK-AES256-CBC-SHA
+
+# client TLSv1.1 PSK-AES256
+-s
+-v 2
+-l QSH:PSK-AES256-CBC-SHA
+
+# server TLSv1.2 PSK-AES128
+-s
+-v 3
+-l QSH:PSK-AES128-CBC-SHA
+
+# client TLSv1.2 PSK-AES128
+-s
+-v 3
+-l QSH:PSK-AES128-CBC-SHA
+
+# server TLSv1.2 PSK-AES256
+-s
+-v 3
+-l QSH:PSK-AES256-CBC-SHA
+
+# client TLSv1.2 PSK-AES256
+-s
+-v 3
+-l QSH:PSK-AES256-CBC-SHA
+
+# server TLSv1.0 PSK-AES128-SHA256
+-s
+-v 1
+-l QSH:PSK-AES128-CBC-SHA256
+
+# client TLSv1.0 PSK-AES128-SHA256
+-s
+-v 1
+-l QSH:PSK-AES128-CBC-SHA256
+
+# server TLSv1.1 PSK-AES128-SHA256
+-s
+-v 2
+-l QSH:PSK-AES128-CBC-SHA256
+
+# client TLSv1.1 PSK-AES128-SHA256
+-s
+-v 2
+-l QSH:PSK-AES128-CBC-SHA256
+
+# server TLSv1.2 PSK-AES128-SHA256
+-s
+-v 3
+-l QSH:PSK-AES128-CBC-SHA256
+
+# client TLSv1.2 PSK-AES128-SHA256
+-s
+-v 3
+-l QSH:PSK-AES128-CBC-SHA256
+
+# server TLSv1.0 PSK-AES256-SHA384
+-s
+-v 1
+-l QSH:PSK-AES256-CBC-SHA384
+
+# client TLSv1.0 PSK-AES256-SHA384
+-s
+-v 1
+-l QSH:PSK-AES256-CBC-SHA384
+
+# server TLSv1.1 PSK-AES256-SHA384
+-s
+-v 2
+-l QSH:PSK-AES256-CBC-SHA384
+
+# client TLSv1.1 PSK-AES256-SHA384
+-s
+-v 2
+-l QSH:PSK-AES256-CBC-SHA384
+
+# server TLSv1.2 PSK-AES256-SHA384
+-s
+-v 3
+-l QSH:PSK-AES256-CBC-SHA384
+
+# client TLSv1.2 PSK-AES256-SHA384
+-s
+-v 3
+-l QSH:PSK-AES256-CBC-SHA384
+
+# server TLSv1.0 PSK-NULL
+-s
+-v 1
+-l QSH:PSK-NULL-SHA
+
+# client TLSv1.0 PSK-NULL
+-s
+-v 1
+-l QSH:PSK-NULL-SHA
+
+# server TLSv1.1 PSK-NULL
+-s
+-v 2
+-l QSH:PSK-NULL-SHA
+
+# client TLSv1.1 PSK-NULL
+-s
+-v 2
+-l QSH:PSK-NULL-SHA
+
+# server TLSv1.2 PSK-NULL
+-s
+-v 3
+-l QSH:PSK-NULL-SHA
+
+# client TLSv1.2 PSK-NULL
+-s
+-v 3
+-l QSH:PSK-NULL-SHA
+
+# server TLSv1.2 PSK-NULL-SHA256
+-s
+-v 3
+-l QSH:PSK-NULL-SHA256
+
+# client TLSv1.2 PSK-NULL-SHA256
+-s
+-v 3
+-l QSH:PSK-NULL-SHA256
+
+# server TLSv1.2 PSK-NULL-SHA384
+-s
+-v 3
+-l QSH:PSK-NULL-SHA384
+
+# client TLSv1.2 PSK-NULL-SHA384
+-s
+-v 3
+-l QSH:PSK-NULL-SHA384
+
+# server TLSv1.2 PSK-NULL
+-s
+-v 3
+-l QSH:PSK-NULL-SHA
+
+# client TLSv1.2 PSK-NULL
+-s
+-v 3
+-l QSH:PSK-NULL-SHA
+
+# server TLSv1.2 PSK-NULL-SHA256
+-s
+-v 3
+-l QSH:PSK-NULL-SHA256
+
+# client TLSv1.2 PSK-NULL-SHA256
+-s
+-v 3
+-l QSH:PSK-NULL-SHA256
+
+# server TLSv1.0 RSA-NULL-SHA
+-v 1
+-l QSH:NULL-SHA
+
+# client TLSv1.0 RSA-NULL-SHA
+-v 1
+-l QSH:NULL-SHA
+
+# server TLSv1.1 RSA-NULL-SHA
+-v 2
+-l QSH:NULL-SHA
+
+# client TLSv1.1 RSA-NULL-SHA
+-v 2
+-l QSH:NULL-SHA
+
+# server TLSv1.2 RSA-NULL-SHA
+-v 3
+-l QSH:NULL-SHA
+
+# client TLSv1.2 RSA-NULL-SHA
+-v 3
+-l QSH:NULL-SHA
+
+# server TLSv1.0 RSA-NULL-SHA256
+-v 1
+-l QSH:NULL-SHA256
+
+# client TLSv1.0 RSA-NULL-SHA256
+-v 1
+-l QSH:NULL-SHA256
+
+# server TLSv1.1 RSA-NULL-SHA256
+-v 2
+-l QSH:NULL-SHA256
+
+# client TLSv1.1 RSA-NULL-SHA256
+-v 2
+-l QSH:NULL-SHA256
+
+# server TLSv1.2 RSA-NULL-SHA256
+-v 3
+-l QSH:NULL-SHA256
+
+# client TLSv1.2 RSA-NULL-SHA256
+-v 3
+-l QSH:NULL-SHA256
+
+# server TLSv1 CAMELLIA128-SHA
+-v 1
+-l QSH:CAMELLIA128-SHA
+
+# client TLSv1 CAMELLIA128-SHA
+-v 1
+-l QSH:CAMELLIA128-SHA
+
+# server TLSv1 CAMELLIA256-SHA
+-v 1
+-l QSH:CAMELLIA256-SHA
+
+# client TLSv1 CAMELLIA256-SHA
+-v 1
+-l QSH:CAMELLIA256-SHA
+
+# server TLSv1 CAMELLIA128-SHA256
+-v 1
+-l QSH:CAMELLIA128-SHA256
+
+# client TLSv1 CAMELLIA128-SHA256
+-v 1
+-l QSH:CAMELLIA128-SHA256
+
+# server TLSv1 CAMELLIA256-SHA256
+-v 1
+-l QSH:CAMELLIA256-SHA256
+
+# client TLSv1 CAMELLIA256-SHA256
+-v 1
+-l QSH:CAMELLIA256-SHA256
+
+# server TLSv1.1 CAMELLIA128-SHA
+-v 2
+-l QSH:CAMELLIA128-SHA
+
+# client TLSv1.1 CAMELLIA128-SHA
+-v 2
+-l QSH:CAMELLIA128-SHA
+
+# server TLSv1.1 CAMELLIA256-SHA
+-v 2
+-l QSH:CAMELLIA256-SHA
+
+# client TLSv1.1 CAMELLIA256-SHA
+-v 2
+-l QSH:CAMELLIA256-SHA
+
+# server TLSv1.1 CAMELLIA128-SHA256
+-v 2
+-l QSH:CAMELLIA128-SHA256
+
+# client TLSv1.1 CAMELLIA128-SHA256
+-v 2
+-l QSH:CAMELLIA128-SHA256
+
+# server TLSv1.1 CAMELLIA256-SHA256
+-v 2
+-l QSH:CAMELLIA256-SHA256
+
+# client TLSv1.1 CAMELLIA256-SHA256
+-v 2
+-l QSH:CAMELLIA256-SHA256
+
+# server TLSv1.2 CAMELLIA128-SHA
+-v 3
+-l QSH:CAMELLIA128-SHA
+
+# client TLSv1.2 CAMELLIA128-SHA
+-v 3
+-l QSH:CAMELLIA128-SHA
+
+# server TLSv1.2 CAMELLIA256-SHA
+-v 3
+-l QSH:CAMELLIA256-SHA
+
+# client TLSv1.2 CAMELLIA256-SHA
+-v 3
+-l QSH:CAMELLIA256-SHA
+
+# server TLSv1.2 CAMELLIA128-SHA256
+-v 3
+-l QSH:CAMELLIA128-SHA256
+
+# client TLSv1.2 CAMELLIA128-SHA256
+-v 3
+-l QSH:CAMELLIA128-SHA256
+
+# server TLSv1.2 CAMELLIA256-SHA256
+-v 3
+-l QSH:CAMELLIA256-SHA256
+
+# client TLSv1.2 CAMELLIA256-SHA256
+-v 3
+-l QSH:CAMELLIA256-SHA256
+
+# server TLSv1 DHE-RSA-CAMELLIA128-SHA
+-v 1
+-l QSH:DHE-RSA-CAMELLIA128-SHA
+
+# client TLSv1 DHE-RSA-CAMELLIA128-SHA
+-v 1
+-l QSH:DHE-RSA-CAMELLIA128-SHA
+
+# server TLSv1 DHE-RSA-CAMELLIA256-SHA
+-v 1
+-l QSH:DHE-RSA-CAMELLIA256-SHA
+
+# client TLSv1 DHE-RSA-CAMELLIA256-SHA
+-v 1
+-l QSH:DHE-RSA-CAMELLIA256-SHA
+
+# server TLSv1 DHE-RSA-CAMELLIA128-SHA256
+-v 1
+-l QSH:DHE-RSA-CAMELLIA128-SHA256
+
+# client TLSv1 DHE-RSA-CAMELLIA128-SHA256
+-v 1
+-l QSH:DHE-RSA-CAMELLIA128-SHA256
+
+# server TLSv1 DHE-RSA-CAMELLIA256-SHA256
+-v 1
+-l QSH:DHE-RSA-CAMELLIA256-SHA256
+
+# client TLSv1 DHE-RSA-CAMELLIA256-SHA256
+-v 1
+-l QSH:DHE-RSA-CAMELLIA256-SHA256
+
+# server TLSv1.1 DHE-RSA-CAMELLIA128-SHA
+-v 2
+-l QSH:DHE-RSA-CAMELLIA128-SHA
+
+# client TLSv1.1 DHE-RSA-CAMELLIA128-SHA
+-v 2
+-l QSH:DHE-RSA-CAMELLIA128-SHA
+
+# server TLSv1.1 DHE-RSA-CAMELLIA256-SHA
+-v 2
+-l QSH:DHE-RSA-CAMELLIA256-SHA
+
+# client TLSv1.1 DHE-RSA-CAMELLIA256-SHA
+-v 2
+-l QSH:DHE-RSA-CAMELLIA256-SHA
+
+# server TLSv1.1 DHE-RSA-CAMELLIA128-SHA256
+-v 2
+-l QSH:DHE-RSA-CAMELLIA128-SHA256
+
+# client TLSv1.1 DHE-RSA-CAMELLIA128-SHA256
+-v 2
+-l QSH:DHE-RSA-CAMELLIA128-SHA256
+
+# server TLSv1.1 DHE-RSA-CAMELLIA256-SHA256
+-v 2
+-l QSH:DHE-RSA-CAMELLIA256-SHA256
+
+# client TLSv1.1 DHE-RSA-CAMELLIA256-SHA256
+-v 2
+-l QSH:DHE-RSA-CAMELLIA256-SHA256
+
+# server TLSv1.2 DHE-RSA-CAMELLIA128-SHA
+-v 3
+-l QSH:DHE-RSA-CAMELLIA128-SHA
+
+# client TLSv1.2 DHE-RSA-CAMELLIA128-SHA
+-v 3
+-l QSH:DHE-RSA-CAMELLIA128-SHA
+
+# server TLSv1.2 DHE-RSA-CAMELLIA256-SHA
+-v 3
+-l QSH:DHE-RSA-CAMELLIA256-SHA
+
+# client TLSv1.2 DHE-RSA-CAMELLIA256-SHA
+-v 3
+-l QSH:DHE-RSA-CAMELLIA256-SHA
+
+# server TLSv1.2 DHE-RSA-CAMELLIA128-SHA256
+-v 3
+-l QSH:DHE-RSA-CAMELLIA128-SHA256
+
+# client TLSv1.2 DHE-RSA-CAMELLIA128-SHA256
+-v 3
+-l QSH:DHE-RSA-CAMELLIA128-SHA256
+
+# server TLSv1.2 DHE-RSA-CAMELLIA256-SHA256
+-v 3
+-l QSH:DHE-RSA-CAMELLIA256-SHA256
+
+# client TLSv1.2 DHE-RSA-CAMELLIA256-SHA256
+-v 3
+-l QSH:DHE-RSA-CAMELLIA256-SHA256
+
+# server TLSv1.2 RSA-AES128-GCM-SHA256
+-v 3
+-l QSH:AES128-GCM-SHA256
+
+# client TLSv1.2 RSA-AES128-GCM-SHA256
+-v 3
+-l QSH:AES128-GCM-SHA256
+
+# server TLSv1.2 RSA-AES256-GCM-SHA384
+-v 3
+-l QSH:AES256-GCM-SHA384
+
+# client TLSv1.2 RSA-AES256-GCM-SHA384
+-v 3
+-l QSH:AES256-GCM-SHA384
+
+# server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
+-v 3
+-l QSH:ECDHE-ECDSA-AES128-GCM-SHA256
+-c ./certs/server-ecc.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
+-v 3
+-l QSH:ECDHE-ECDSA-AES128-GCM-SHA256
+-A ./certs/server-ecc.pem
+
+# server TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
+-v 3
+-l QSH:ECDHE-ECDSA-AES256-GCM-SHA384
+-c ./certs/server-ecc.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
+-v 3
+-l QSH:ECDHE-ECDSA-AES256-GCM-SHA384
+-A ./certs/server-ecc.pem
+
+# server TLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256
+-v 3
+-l QSH:ECDH-ECDSA-AES128-GCM-SHA256
+-c ./certs/server-ecc.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256
+-v 3
+-l QSH:ECDH-ECDSA-AES128-GCM-SHA256
+-A ./certs/server-ecc.pem
+
+# server TLSv1.2 ECDH-ECDSA-AES256-GCM-SHA384
+-v 3
+-l QSH:ECDH-ECDSA-AES256-GCM-SHA384
+-c ./certs/server-ecc.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1.2 ECDH-ECDSA-AES256-GCM-SHA384
+-v 3
+-l QSH:ECDH-ECDSA-AES256-GCM-SHA384
+-A ./certs/server-ecc.pem
+
+# server TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
+-v 3
+-l QSH:ECDHE-RSA-AES128-GCM-SHA256
+
+# client TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
+-v 3
+-l QSH:ECDHE-RSA-AES128-GCM-SHA256
+
+# server TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
+-v 3
+-l QSH:ECDHE-RSA-AES256-GCM-SHA384
+
+# client TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
+-v 3
+-l QSH:ECDHE-RSA-AES256-GCM-SHA384
+
+# server TLSv1.2 ECDH-RSA-AES128-GCM-SHA256
+-v 3
+-l QSH:ECDH-RSA-AES128-GCM-SHA256
+-c ./certs/server-ecc-rsa.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1.2 ECDH-RSA-AES128-GCM-SHA256
+-v 3
+-l QSH:ECDH-RSA-AES128-GCM-SHA256
+
+# server TLSv1.2 ECDH-RSA-AES256-GCM-SHA384
+-v 3
+-l QSH:ECDH-RSA-AES256-GCM-SHA384
+-c ./certs/server-ecc-rsa.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1.2 ECDH-RSA-AES256-GCM-SHA384
+-v 3
+-l QSH:ECDH-RSA-AES256-GCM-SHA384
+
+# server TLSv1.2 DHE-RSA-AES128-GCM-SHA256
+-v 3
+-l QSH:DHE-RSA-AES128-GCM-SHA256
+
+# client TLSv1.2 DHE-RSA-AES128-GCM-SHA256
+-v 3
+-l QSH:DHE-RSA-AES128-GCM-SHA256
+
+# server TLSv1.2 DHE-RSA-AES256-GCM-SHA384
+-v 3
+-l QSH:DHE-RSA-AES256-GCM-SHA384
+
+# client TLSv1.2 DHE-RSA-AES256-GCM-SHA384
+-v 3
+-l QSH:DHE-RSA-AES256-GCM-SHA384
+
+# server TLSv1.2 PSK-AES128-GCM-SHA256
+-s
+-v 3
+-l QSH:PSK-AES128-GCM-SHA256
+
+# client TLSv1.2 PSK-AES128-GCM-SHA256
+-s
+-v 3
+-l QSH:PSK-AES128-GCM-SHA256
+
+# server TLSv1.2 PSK-AES256-GCM-SHA384
+-s
+-v 3
+-l QSH:PSK-AES256-GCM-SHA384
+
+# client TLSv1.2 PSK-AES256-GCM-SHA384
+-s
+-v 3
+-l QSH:PSK-AES256-GCM-SHA384
+
+# server TLSv1.2 AES128-CCM-8
+-v 3
+-l QSH:AES128-CCM-8
+
+# client TLSv1.2 AES128-CCM-8
+-v 3
+-l QSH:AES128-CCM-8
+
+# server TLSv1.2 AES256-CCM-8
+-v 3
+-l QSH:AES256-CCM-8
+
+# client TLSv1.2 AES256-CCM-8
+-v 3
+-l QSH:AES256-CCM-8
+
+# server TLSv1.2 ECDHE-ECDSA-AES128-CCM-8
+-v 3
+-l QSH:ECDHE-ECDSA-AES128-CCM-8
+-c ./certs/server-ecc.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1.2 ECDHE-ECDSA-AES128-CCM-8
+-v 3
+-l QSH:ECDHE-ECDSA-AES128-CCM-8
+-A ./certs/server-ecc.pem
+
+# server TLSv1.2 ECDHE-ECDSA-AES256-CCM-8
+-v 3
+-l QSH:ECDHE-ECDSA-AES256-CCM-8
+-c ./certs/server-ecc.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1.2 ECDHE-ECDSA-AES256-CCM-8
+-v 3
+-l QSH:ECDHE-ECDSA-AES256-CCM-8
+-A ./certs/server-ecc.pem
+
+# server TLSv1.2 PSK-AES128-CCM
+-s
+-v 3
+-l QSH:PSK-AES128-CCM
+
+# client TLSv1.2 PSK-AES128-CCM
+-s
+-v 3
+-l QSH:PSK-AES128-CCM
+
+# server TLSv1.2 PSK-AES256-CCM
+-s
+-v 3
+-l QSH:PSK-AES256-CCM
+
+# client TLSv1.2 PSK-AES256-CCM
+-s
+-v 3
+-l QSH:PSK-AES256-CCM
+
+# server TLSv1.2 PSK-AES128-CCM-8
+-s
+-v 3
+-l QSH:PSK-AES128-CCM-8
+
+# client TLSv1.2 PSK-AES128-CCM-8
+-s
+-v 3
+-l QSH:PSK-AES128-CCM-8
+
+# server TLSv1.2 PSK-AES256-CCM-8
+-s
+-v 3
+-l QSH:PSK-AES256-CCM-8
+
+# client TLSv1.2 PSK-AES256-CCM-8
+-s
+-v 3
+-l QSH:PSK-AES256-CCM-8
+
+# server TLSv1.0 DHE-PSK-AES128-CBC-SHA256
+-s
+-v 1
+-l QSH:DHE-PSK-AES128-CBC-SHA256
+
+# client TLSv1.0 DHE-PSK-AES128-CBC-SHA256
+-s
+-v 1
+-l QSH:DHE-PSK-AES128-CBC-SHA256
+
+# server TLSv1.1 DHE-PSK-AES128-CBC-SHA256
+-s
+-v 2
+-l QSH:DHE-PSK-AES128-CBC-SHA256
+
+# client TLSv1.1 DHE-PSK-AES128-CBC-SHA256
+-s
+-v 2
+-l QSH:DHE-PSK-AES128-CBC-SHA256
+
+# server TLSv1.2 DHE-PSK-AES128-CBC-SHA256
+-s
+-v 3
+-l QSH:DHE-PSK-AES128-CBC-SHA256
+
+# client TLSv1.2 DHE-PSK-AES128-CBC-SHA256
+-s
+-v 3
+-l QSH:DHE-PSK-AES128-CBC-SHA256
+
+# server TLSv1.0 DHE-PSK-AES256-CBC-SHA384
+-s
+-v 1
+-l QSH:DHE-PSK-AES256-CBC-SHA384
+
+# client TLSv1.0 DHE-PSK-AES256-CBC-SHA384
+-s
+-v 1
+-l QSH:DHE-PSK-AES256-CBC-SHA384
+
+# server TLSv1.1 DHE-PSK-AES256-CBC-SHA384
+-s
+-v 2
+-l QSH:DHE-PSK-AES256-CBC-SHA384
+
+# client TLSv1.1 DHE-PSK-AES256-CBC-SHA384
+-s
+-v 2
+-l QSH:DHE-PSK-AES256-CBC-SHA384
+
+# server TLSv1.2 DHE-PSK-AES256-CBC-SHA384
+-s
+-v 3
+-l QSH:DHE-PSK-AES256-CBC-SHA384
+
+# client TLSv1.2 DHE-PSK-AES256-CBC-SHA384
+-s
+-v 3
+-l QSH:DHE-PSK-AES256-CBC-SHA384
+
+# server TLSv1.0 DHE-PSK-NULL-SHA256
+-s
+-v 1
+-l QSH:DHE-PSK-NULL-SHA256
+
+# client TLSv1.0 DHE-PSK-NULL-SHA256
+-s
+-v 1
+-l QSH:DHE-PSK-NULL-SHA256
+
+# server TLSv1.1 DHE-PSK-NULL-SHA256
+-s
+-v 2
+-l QSH:DHE-PSK-NULL-SHA256
+
+# client TLSv1.1 DHE-PSK-NULL-SHA256
+-s
+-v 2
+-l QSH:DHE-PSK-NULL-SHA256
+
+# server TLSv1.2 DHE-PSK-NULL-SHA256
+-s
+-v 3
+-l QSH:DHE-PSK-NULL-SHA256
+
+# client TLSv1.2 DHE-PSK-NULL-SHA256
+-s
+-v 3
+-l QSH:DHE-PSK-NULL-SHA256
+
+# server TLSv1.0 DHE-PSK-NULL-SHA384
+-s
+-v 1
+-l QSH:DHE-PSK-NULL-SHA384
+
+# client TLSv1.0 DHE-PSK-NULL-SHA384
+-s
+-v 1
+-l QSH:DHE-PSK-NULL-SHA384
+
+# server TLSv1.1 DHE-PSK-NULL-SHA384
+-s
+-v 2
+-l QSH:DHE-PSK-NULL-SHA384
+
+# client TLSv1.1 DHE-PSK-NULL-SHA384
+-s
+-v 2
+-l QSH:DHE-PSK-NULL-SHA384
+
+# server TLSv1.2 DHE-PSK-NULL-SHA384
+-s
+-v 3
+-l QSH:DHE-PSK-NULL-SHA384
+
+# client TLSv1.2 DHE-PSK-NULL-SHA384
+-s
+-v 3
+-l QSH:DHE-PSK-NULL-SHA384
+
+# server TLSv1.2 DHE-PSK-AES128-GCM-SHA256
+-s
+-v 3
+-l QSH:DHE-PSK-AES128-GCM-SHA256
+
+# client TLSv1.2 DHE-PSK-AES128-GCM-SHA256
+-s
+-v 3
+-l QSH:DHE-PSK-AES128-GCM-SHA256
+
+# server TLSv1.2 DHE-PSK-AES256-GCM-SHA384
+-s
+-v 3
+-l QSH:DHE-PSK-AES256-GCM-SHA384
+
+# client TLSv1.2 DHE-PSK-AES256-GCM-SHA384
+-s
+-v 3
+-l QSH:DHE-PSK-AES256-GCM-SHA384
+
+# server TLSv1.2 DHE-PSK-AES128-CCM
+-s
+-v 3
+-l QSH:DHE-PSK-AES128-CCM
+
+# client TLSv1.2 DHE-PSK-AES128-CCM
+-s
+-v 3
+-l QSH:DHE-PSK-AES128-CCM
+
+# server TLSv1.2 DHE-PSK-AES256-CCM
+-s
+-v 3
+-l QSH:DHE-PSK-AES256-CCM
+
+# client TLSv1.2 DHE-PSK-AES256-CCM
+-s
+-v 3
+-l QSH:DHE-PSK-AES256-CCM
+
+# server TLSv1.2 ADH-AES128-SHA
+-a
+-v 3
+-l QSH:ADH-AES128-SHA
+
+# client TLSv1.2 ADH-AES128-SHA
+-a
+-v 3
+-l QSH:ADH-AES128-SHA
+
+# server TLSv1.1 ADH-AES128-SHA
+-a
+-v 2
+-l QSH:ADH-AES128-SHA
+
+# client TLSv1.1 ADH-AES128-SHA
+-a
+-v 2
+-l QSH:ADH-AES128-SHA
+
+# server TLSv1.0 ADH-AES128-SHA
+-a
+-v 1
+-l QSH:ADH-AES128-SHA
+
+# client TLSv1.0 ADH-AES128-SHA
+-a
+-v 1
+-l QSH:ADH-AES128-SHA
+
+# server TLSv1 NTRU_RC4
+-v 1
+-l QSH:NTRU-RC4-SHA
+-n
+-c ./certs/ntru-cert.pem
+-k ./certs/ntru-key.raw
+
+# client TLSv1 NTRU_RC4
+-v 1
+-l QSH:NTRU-RC4-SHA
+
+# server TLSv1 NTRU_DES3
+-v 1
+-l QSH:NTRU-DES-CBC3-SHA
+-n
+-c ./certs/ntru-cert.pem
+-k ./certs/ntru-key.raw
+
+# client TLSv1 NTRU_DES3
+-v 1
+-l QSH:NTRU-DES-CBC3-SHA
+
+# server TLSv1 NTRU_AES128
+-v 1
+-l QSH:NTRU-AES128-SHA
+-n
+-c ./certs/ntru-cert.pem
+-k ./certs/ntru-key.raw
+
+# client TLSv1 NTRU_AES128
+-v 1
+-l QSH:NTRU-AES128-SHA
+
+# server TLSv1 NTRU_AES256
+-v 1
+-l QSH:NTRU-AES256-SHA
+-n
+-c ./certs/ntru-cert.pem
+-k ./certs/ntru-key.raw
+
+# client TLSv1 NTRU_AES256
+-v 1
+-l QSH:NTRU-AES256-SHA
+
+# server TLSv1.1 NTRU_RC4
+-v 2
+-l QSH:NTRU-RC4-SHA
+-n
+-c ./certs/ntru-cert.pem
+-k ./certs/ntru-key.raw
+
+# client TLSv1.1 NTRU_RC4
+-v 2
+-l QSH:NTRU-RC4-SHA
+
+# server TLSv1.1 NTRU_DES3
+-v 2
+-l QSH:NTRU-DES-CBC3-SHA
+-n
+-c ./certs/ntru-cert.pem
+-k ./certs/ntru-key.raw
+
+# client TLSv1.1 NTRU_DES3
+-v 2
+-l QSH:NTRU-DES-CBC3-SHA
+
+# server TLSv1.1 NTRU_AES128
+-v 2
+-l QSH:NTRU-AES128-SHA
+-n
+-c ./certs/ntru-cert.pem
+-k ./certs/ntru-key.raw
+
+# client TLSv1.1 NTRU_AES128
+-v 2
+-l QSH:NTRU-AES128-SHA
+
+# server TLSv1.1 NTRU_AES256
+-v 2
+-l QSH:NTRU-AES256-SHA
+-n
+-c ./certs/ntru-cert.pem
+-k ./certs/ntru-key.raw
+
+# client TLSv1.1 NTRU_AES256
+-v 2
+-l QSH:NTRU-AES256-SHA
+
+# server TLSv1.2 NTRU_RC4
+-v 3
+-l QSH:NTRU-RC4-SHA
+-n
+-c ./certs/ntru-cert.pem
+-k ./certs/ntru-key.raw
+
+# client TLSv1.2 NTRU_RC4
+-v 3
+-l QSH:NTRU-RC4-SHA
+
+# server TLSv1.2 NTRU_DES3
+-v 3
+-l QSH:NTRU-DES-CBC3-SHA
+-n
+-c ./certs/ntru-cert.pem
+-k ./certs/ntru-key.raw
+
+# client TLSv1.2 NTRU_DES3
+-v 3
+-l QSH:NTRU-DES-CBC3-SHA
+
+# server TLSv1.2 NTRU_AES128
+-v 3
+-l QSH:NTRU-AES128-SHA
+-n
+-c ./certs/ntru-cert.pem
+-k ./certs/ntru-key.raw
+
+# client TLSv1.2 NTRU_AES128
+-v 3
+-l QSH:NTRU-AES128-SHA
+
diff --git a/tests/test.conf b/tests/test.conf
index c949c2024..9e6d0674a 100644
--- a/tests/test.conf
+++ b/tests/test.conf
@@ -975,138 +975,6 @@
-v 3
-l RABBIT-SHA
-# server TLSv1 NTRU_RC4
--v 1
--l NTRU-RC4-SHA
--n
--c ./certs/ntru-cert.pem
--k ./certs/ntru-key.raw
-
-# client TLSv1 NTRU_RC4
--v 1
--l NTRU-RC4-SHA
-
-# server TLSv1 NTRU_DES3
--v 1
--l NTRU-DES-CBC3-SHA
--n
--c ./certs/ntru-cert.pem
--k ./certs/ntru-key.raw
-
-# client TLSv1 NTRU_DES3
--v 1
--l NTRU-DES-CBC3-SHA
-
-# server TLSv1 NTRU_AES128
--v 1
--l NTRU-AES128-SHA
--n
--c ./certs/ntru-cert.pem
--k ./certs/ntru-key.raw
-
-# client TLSv1 NTRU_AES128
--v 1
--l NTRU-AES128-SHA
-
-# server TLSv1 NTRU_AES256
--v 1
--l NTRU-AES256-SHA
--n
--c ./certs/ntru-cert.pem
--k ./certs/ntru-key.raw
-
-# client TLSv1 NTRU_AES256
--v 1
--l NTRU-AES256-SHA
-
-# server TLSv1.1 NTRU_RC4
--v 2
--l NTRU-RC4-SHA
--n
--c ./certs/ntru-cert.pem
--k ./certs/ntru-key.raw
-
-# client TLSv1.1 NTRU_RC4
--v 2
--l NTRU-RC4-SHA
-
-# server TLSv1.1 NTRU_DES3
--v 2
--l NTRU-DES-CBC3-SHA
--n
--c ./certs/ntru-cert.pem
--k ./certs/ntru-key.raw
-
-# client TLSv1.1 NTRU_DES3
--v 2
--l NTRU-DES-CBC3-SHA
-
-# server TLSv1.1 NTRU_AES128
--v 2
--l NTRU-AES128-SHA
--n
--c ./certs/ntru-cert.pem
--k ./certs/ntru-key.raw
-
-# client TLSv1.1 NTRU_AES128
--v 2
--l NTRU-AES128-SHA
-
-# server TLSv1.1 NTRU_AES256
--v 2
--l NTRU-AES256-SHA
--n
--c ./certs/ntru-cert.pem
--k ./certs/ntru-key.raw
-
-# client TLSv1.1 NTRU_AES256
--v 2
--l NTRU-AES256-SHA
-
-# server TLSv1.2 NTRU_RC4
--v 3
--l NTRU-RC4-SHA
--n
--c ./certs/ntru-cert.pem
--k ./certs/ntru-key.raw
-
-# client TLSv1.2 NTRU_RC4
--v 3
--l NTRU-RC4-SHA
-
-# server TLSv1.2 NTRU_DES3
--v 3
--l NTRU-DES-CBC3-SHA
--n
--c ./certs/ntru-cert.pem
--k ./certs/ntru-key.raw
-
-# client TLSv1.2 NTRU_DES3
--v 3
--l NTRU-DES-CBC3-SHA
-
-# server TLSv1.2 NTRU_AES128
--v 3
--l NTRU-AES128-SHA
--n
--c ./certs/ntru-cert.pem
--k ./certs/ntru-key.raw
-
-# client TLSv1.2 NTRU_AES128
--v 3
--l NTRU-AES128-SHA
-
-# server TLSv1.2 NTRU_AES256
--v 3
--l NTRU-AES256-SHA
--n
--c ./certs/ntru-cert.pem
--k ./certs/ntru-key.raw
-
-# client TLSv1.2 NTRU_AES256
--v 3
--l NTRU-AES256-SHA
-
# server TLSv1 DHE AES128
-v 1
-l DHE-RSA-AES128-SHA
@@ -2033,3 +1901,124 @@
-v 1
-l ADH-AES128-SHA
+# server TLSv1 NTRU_RC4
+-v 1
+-l NTRU-RC4-SHA
+-n
+-c ./certs/ntru-cert.pem
+-k ./certs/ntru-key.raw
+
+# client TLSv1 NTRU_RC4
+-v 1
+-l NTRU-RC4-SHA
+
+# server TLSv1 NTRU_DES3
+-v 1
+-l NTRU-DES-CBC3-SHA
+-n
+-c ./certs/ntru-cert.pem
+-k ./certs/ntru-key.raw
+
+# client TLSv1 NTRU_DES3
+-v 1
+-l NTRU-DES-CBC3-SHA
+
+# server TLSv1 NTRU_AES128
+-v 1
+-l NTRU-AES128-SHA
+-n
+-c ./certs/ntru-cert.pem
+-k ./certs/ntru-key.raw
+
+# client TLSv1 NTRU_AES128
+-v 1
+-l NTRU-AES128-SHA
+
+# server TLSv1 NTRU_AES256
+-v 1
+-l NTRU-AES256-SHA
+-n
+-c ./certs/ntru-cert.pem
+-k ./certs/ntru-key.raw
+
+# client TLSv1 NTRU_AES256
+-v 1
+-l NTRU-AES256-SHA
+
+# server TLSv1.1 NTRU_RC4
+-v 2
+-l NTRU-RC4-SHA
+-n
+-c ./certs/ntru-cert.pem
+-k ./certs/ntru-key.raw
+
+# client TLSv1.1 NTRU_RC4
+-v 2
+-l NTRU-RC4-SHA
+
+# server TLSv1.1 NTRU_DES3
+-v 2
+-l NTRU-DES-CBC3-SHA
+-n
+-c ./certs/ntru-cert.pem
+-k ./certs/ntru-key.raw
+
+# client TLSv1.1 NTRU_DES3
+-v 2
+-l NTRU-DES-CBC3-SHA
+
+# server TLSv1.1 NTRU_AES128
+-v 2
+-l NTRU-AES128-SHA
+-n
+-c ./certs/ntru-cert.pem
+-k ./certs/ntru-key.raw
+
+# client TLSv1.1 NTRU_AES128
+-v 2
+-l NTRU-AES128-SHA
+
+# server TLSv1.1 NTRU_AES256
+-v 2
+-l NTRU-AES256-SHA
+-n
+-c ./certs/ntru-cert.pem
+-k ./certs/ntru-key.raw
+
+# client TLSv1.1 NTRU_AES256
+-v 2
+-l NTRU-AES256-SHA
+
+# server TLSv1.2 NTRU_RC4
+-v 3
+-l NTRU-RC4-SHA
+-n
+-c ./certs/ntru-cert.pem
+-k ./certs/ntru-key.raw
+
+# client TLSv1.2 NTRU_RC4
+-v 3
+-l NTRU-RC4-SHA
+
+# server TLSv1.2 NTRU_DES3
+-v 3
+-l NTRU-DES-CBC3-SHA
+-n
+-c ./certs/ntru-cert.pem
+-k ./certs/ntru-key.raw
+
+# client TLSv1.2 NTRU_DES3
+-v 3
+-l NTRU-DES-CBC3-SHA
+
+# server TLSv1.2 NTRU_AES128
+-v 3
+-l NTRU-AES128-SHA
+-n
+-c ./certs/ntru-cert.pem
+-k ./certs/ntru-key.raw
+
+# client TLSv1.2 NTRU_AES128
+-v 3
+-l NTRU-AES128-SHA
+
diff --git a/tests/unit.c b/tests/unit.c
index d66f84cf7..3a7f2452c 100644
--- a/tests/unit.c
+++ b/tests/unit.c
@@ -1,4 +1,23 @@
-/* unit.c unit tests driver */
+/* unit.c API unit tests driver
+ *
+ * Copyright (C) 2006-2015 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL. (formerly known as CyaSSL)
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
/* Name change compatibility layer no longer need to be included here */
@@ -58,6 +77,8 @@ int unit_test(int argc, char** argv)
}
#endif
+ SrpTest();
+
#ifdef HAVE_CAVIUM
CspShutdown(CAVIUM_DEV_ID);
#endif
@@ -73,7 +94,7 @@ void wait_tcp_ready(func_args* args)
(void)args;
#elif defined(_POSIX_THREADS) && !defined(__MINGW32__)
pthread_mutex_lock(&args->signal->mutex);
-
+
if (!args->signal->ready)
pthread_cond_wait(&args->signal->cond, &args->signal->mutex);
args->signal->ready = 0; /* reset */
@@ -157,4 +178,3 @@ void FreeTcpReady(tcp_ready* ready)
(void)ready;
#endif
}
-
diff --git a/tests/unit.h b/tests/unit.h
index ab8fbc2ff..1a038a21f 100644
--- a/tests/unit.h
+++ b/tests/unit.h
@@ -1,4 +1,23 @@
-/* unit.h unit tests driver */
+/* unit.c API unit tests driver
+ *
+ * Copyright (C) 2006-2015 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL. (formerly known as CyaSSL)
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
#ifndef CyaSSL_UNIT_H
#define CyaSSL_UNIT_H
@@ -8,8 +27,8 @@
#define Fail(description, result) do { \
printf("\nERROR - %s line %d failed with:", __FILE__, __LINE__); \
- printf("\n\n test: "); printf description; \
- printf("\n\n result: "); printf result; \
+ printf("\n expected: "); printf description; \
+ printf("\n result: "); printf result; printf("\n\n"); \
abort(); \
} while(0)
@@ -57,9 +76,9 @@
void ApiTest(void);
-int SuiteTest(void);
-int HashTest(void);
+int SuiteTest(void);
+int HashTest(void);
+void SrpTest(void);
#endif /* CyaSSL_UNIT_H */
-
diff --git a/testsuite/testsuite.c b/testsuite/testsuite.c
index 4146878de..dc756377c 100644
--- a/testsuite/testsuite.c
+++ b/testsuite/testsuite.c
@@ -255,14 +255,6 @@ void simple_test(func_args* args)
strcpy(svrArgs.argv[svrArgs.argc++], "-p");
strcpy(svrArgs.argv[svrArgs.argc++], "0");
#endif
- #ifdef HAVE_NTRU
- strcpy(svrArgs.argv[svrArgs.argc++], "-d");
- strcpy(svrArgs.argv[svrArgs.argc++], "-n");
- strcpy(svrArgs.argv[svrArgs.argc++], "-c");
- strcpy(svrArgs.argv[svrArgs.argc++], "./certs/ntru-cert.pem");
- strcpy(svrArgs.argv[svrArgs.argc++], "-k");
- strcpy(svrArgs.argv[svrArgs.argc++], "./certs/ntru-key.raw");
- #endif
/* Set the last arg later, when it is known. */
args->return_code = 0;
diff --git a/testsuite/testsuite.vcxproj b/testsuite/testsuite.vcxproj
index f7d5f16b5..484a87584 100644
--- a/testsuite/testsuite.vcxproj
+++ b/testsuite/testsuite.vcxproj
@@ -9,6 +9,22 @@
Debug
x64
+
+ DLL Debug
+ Win32
+
+
+ DLL Debug
+ x64
+
+
+ DLL Release
+ Win32
+
+
+ DLL Release
+ x64
+
Release
Win32
@@ -30,56 +46,114 @@
Unicode
true
+
+ Application
+ v110
+ Unicode
+ true
+
Application
v110
Unicode
true
+
+ Application
+ v110
+ Unicode
+ true
+
Application
v110
Unicode
+
+ Application
+ v110
+ Unicode
+
Application
v110
Unicode
+
+ Application
+ v110
+ Unicode
+
+
+
+
+
+
+
+
+
+
+
+
+
<_ProjectFileVersion>11.0.61030.0
$(SolutionDir)$(Configuration)\
- $(Configuration)\
+ $(Configuration)\obj\
+ true
+
+
+ $(SolutionDir)$(Configuration)\
+ $(Configuration)\obj\
true
true
+ $(SolutionDir)$(Platform)\$(Configuration)\
+ $(Platform)\$(Configuration)\obj\
+
+
+ true
+ $(SolutionDir)$(Platform)\$(Configuration)\
+ $(Platform)\$(Configuration)\obj\
$(SolutionDir)$(Configuration)\
- $(Configuration)\
+ $(Configuration)\obj\
+ false
+
+
+ $(SolutionDir)$(Configuration)\
+ $(Configuration)\obj\
false
false
+ $(SolutionDir)$(Platform)\$(Configuration)\
+ $(Platform)\$(Configuration)\obj\
+
+
+ false
+ $(SolutionDir)$(Platform)\$(Configuration)\
+ $(Platform)\$(Configuration)\obj\
@@ -101,6 +175,26 @@
false
+
+
+ Disabled
+ ../;%(AdditionalIncludeDirectories)
+ NO_MAIN_DRIVER;WOLFSSL_RIPEMD;WOLFSSL_SHA512;OPENSSL_EXTRA;NO_PSK;WOLFSSL_DLL;%(PreprocessorDefinitions)
+ true
+ EnableFastChecks
+ MultiThreadedDebugDLL
+
+
+ Level3
+ EditAndContinue
+
+
+ Ws2_32.lib;%(AdditionalDependencies)
+ true
+ Console
+ MachineX86
+
+
Disabled
@@ -119,6 +213,24 @@
Console
+
+
+ Disabled
+ ../;%(AdditionalIncludeDirectories)
+ NO_MAIN_DRIVER;WOLFSSL_RIPEMD;WOLFSSL_SHA512;OPENSSL_EXTRA;NO_PSK;WOLFSSL_DLL;%(PreprocessorDefinitions)
+ EnableFastChecks
+ MultiThreadedDebugDLL
+
+
+ Level3
+ ProgramDatabase
+
+
+ Ws2_32.lib;%(AdditionalDependencies)
+ true
+ Console
+
+
MaxSpeed
@@ -141,6 +253,28 @@
false
+
+
+ MaxSpeed
+ true
+ ../;%(AdditionalIncludeDirectories)
+ NO_MAIN_DRIVER;WOLFSSL_RIPEMD;WOLFSSL_SHA512;OPENSSL_EXTRA;NO_PSK;WOLFSSL_DLL;%(PreprocessorDefinitions)
+ MultiThreadedDLL
+ true
+
+
+ Level3
+ ProgramDatabase
+
+
+ Ws2_32.lib;%(AdditionalDependencies)
+ true
+ Console
+ true
+ true
+ MachineX86
+
+
MaxSpeed
@@ -162,6 +296,27 @@
true
+
+
+ MaxSpeed
+ true
+ ../;%(AdditionalIncludeDirectories)
+ NO_MAIN_DRIVER;WOLFSSL_RIPEMD;WOLFSSL_SHA512;OPENSSL_EXTRA;NO_PSK;WOLFSSL_DLL;%(PreprocessorDefinitions)
+ MultiThreadedDLL
+ true
+
+
+ Level3
+ ProgramDatabase
+
+
+ Ws2_32.lib;%(AdditionalDependencies)
+ true
+ Console
+ true
+ true
+
+
diff --git a/tirtos/README b/tirtos/README
index c933e662c..6001f5664 100644
--- a/tirtos/README
+++ b/tirtos/README
@@ -1,36 +1,14 @@
-wolfSSL library for TI-RTOS
+# wolfSSL library for TI-RTOS
-This directory contains the files that build wolfSSL library for TI-RTOS.
-Please follow the instructions in TI-RTOS user guide (www.ti.com/tool/ti-rtos)
-to build the wolfSSL library and the example applications.
+This directory contains the files that build wolfSSL library for TI-RTOS.
+Please follow the instructions in "Using wolfSSL with TI-RTOS" (http://processors.wiki.ti.com/index.php/Using_wolfSSL_with_TI-RTOS) to build the wolfSSL
+library and the example applications.
-Included Files
----------------
+Also read TI-RTOS Getting Started Guide and TI-RTOS User Guide to learn more
+about TI-RTOS (http://www.ti.com/tool/ti-rtos).
-1. wolfSSL library build files (packages/ti/net/wolfssl)
+## Example Application
- Build instructions provided in TI-RTOS user guide (www.ti.com/tool/ti-rtos)
-
-2. wc_ test application (packages/ti/net/wolfssl/tests/wolfcrypt/test)
-
- This application is the standard wc_ test application provided with
- wolfSSL.
-
- It will be built along with the wolfSSL library. Load the built executable
- on the target and make sure the wolfSSL library works as expected.
-
-3. wc_ benchmark application
- (packages/ti/net/wolfssl/tests/wolfcrypt/benchmark)
-
- This application is the standard wc_ benchmark application provided
- with wolfSSL.
-
- It will be built along with the wolfSSL library. Load the built executable
- on the target and run to get the benchmark results for the configured
- wolfSSL library.
-
-Examples Application
---------------------
-
-A simple 'TCP echo server with TLS' example application is provided with TI-RTOS
-product. Look in the TI-RTOS user guide for instructions to build examples.
+A simple "TCP echo server with TLS" example application is provided with TI-RTOS
+product. Look in the TI-RTOS Getting Started Guide for instructions to build
+examples.
diff --git a/tirtos/include.am b/tirtos/include.am
index 46bdd4323..0e2f7a902 100644
--- a/tirtos/include.am
+++ b/tirtos/include.am
@@ -9,14 +9,14 @@ EXTRA_DIST += \
tirtos/packages/ti/net/wolfssl/package.bld \
tirtos/packages/ti/net/wolfssl/package.xdc \
tirtos/packages/ti/net/wolfssl/package.xs \
- tirtos/packages/ti/net/wolfssl/tests/wolfcrypt/test/package.bld \
- tirtos/packages/ti/net/wolfssl/tests/wolfcrypt/test/package.xdc \
- tirtos/packages/ti/net/wolfssl/tests/wolfcrypt/test/test.cfg \
- tirtos/packages/ti/net/wolfssl/tests/wolfcrypt/test/TM4C1294NC.icf \
- tirtos/packages/ti/net/wolfssl/tests/wolfcrypt/test/main.c \
- tirtos/packages/ti/net/wolfssl/tests/wolfcrypt/benchmark/package.bld \
- tirtos/packages/ti/net/wolfssl/tests/wolfcrypt/benchmark/package.xdc \
- tirtos/packages/ti/net/wolfssl/tests/wolfcrypt/benchmark/benchmark.cfg \
- tirtos/packages/ti/net/wolfssl/tests/wolfcrypt/benchmark/TM4C1294NC.icf \
- tirtos/packages/ti/net/wolfssl/tests/wolfcrypt/benchmark/main.c
+ tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/test/package.bld.hide \
+ tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/test/package.xdc \
+ tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/test/test.cfg \
+ tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/test/TM4C1294NC.icf \
+ tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/test/main.c \
+ tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/benchmark/package.bld.hide \
+ tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/benchmark/package.xdc \
+ tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/benchmark/benchmark.cfg \
+ tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/benchmark/TM4C1294NC.icf \
+ tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/benchmark/main.c
diff --git a/tirtos/packages/ti/net/wolfssl/package.bld b/tirtos/packages/ti/net/wolfssl/package.bld
index 95d0811ac..1d506f13f 100644
--- a/tirtos/packages/ti/net/wolfssl/package.bld
+++ b/tirtos/packages/ti/net/wolfssl/package.bld
@@ -5,7 +5,7 @@
var Build = xdc.useModule('xdc.bld.BuildEnvironment');
var Pkg = xdc.useModule('xdc.bld.PackageContents');
-/* make command to search for the srcs */
+/* make command to search for the srcs */
Pkg.makePrologue = "vpath %.c $(subst ;, ,$(XPKGPATH))";
/* WOLFSSL sources */
@@ -17,7 +17,7 @@ var wolfSSLObjList = [
"wolfcrypt/src/blake2b.c",
"wolfcrypt/src/camellia.c",
"wolfcrypt/src/chacha.c",
- "wolfcrypt/src/coding.c",
+ "wolfcrypt/src/coding.c",
"wolfcrypt/src/des3.c",
"wolfcrypt/src/dh.c",
"wolfcrypt/src/dsa.c",
@@ -25,6 +25,7 @@ var wolfSSLObjList = [
"wolfcrypt/src/error.c",
"wolfcrypt/src/hc128.c",
"wolfcrypt/src/hmac.c",
+ "wolfcrypt/src/hash.c",
"wolfcrypt/src/integer.c",
"wolfcrypt/src/logging.c",
"wolfcrypt/src/md4.c",
@@ -46,11 +47,17 @@ var wolfSSLObjList = [
"src/keys.c",
"src/ssl.c",
"src/tls.c",
- ];
+];
for each (var targ in Build.targets) {
var libOptions = {incs: wolfsslPathInclude};
- var lib = Pkg.addLibrary("lib/" + Pkg.name, targ, libOptions);
+ var lib = Pkg.addLibrary("lib/wolfssl", targ, libOptions);
lib.addObjects(wolfSSLObjList);
+
+ var hwLibptions = {incs: wolfsslPathInclude, defs: " -DWOLFSSL_TI_HASH "
+ + "-DWOLFSSL_TI_CRYPT -DTARGET_IS_SNOWFLAKE_RA2"};
+
+ var hwLib = Pkg.addLibrary("lib/wolfssl_tm4c_hw", targ, hwLibptions);
+ hwLib.addObjects(wolfSSLObjList);
}
diff --git a/tirtos/packages/ti/net/wolfssl/package.xdc b/tirtos/packages/ti/net/wolfssl/package.xdc
index f0c4b9f83..5fe467d45 100644
--- a/tirtos/packages/ti/net/wolfssl/package.xdc
+++ b/tirtos/packages/ti/net/wolfssl/package.xdc
@@ -1,7 +1,6 @@
/*!
* ======== ti.net.wolfssl ========
* wolfSSL library for TI-RTOS
- *
*/
-package ti.net.wolfssl {
+package ti.net.wolfssl [1, 0, 0] {
}
diff --git a/tirtos/packages/ti/net/wolfssl/package.xs b/tirtos/packages/ti/net/wolfssl/package.xs
index 9ecf38e5b..7f5215d36 100644
--- a/tirtos/packages/ti/net/wolfssl/package.xs
+++ b/tirtos/packages/ti/net/wolfssl/package.xs
@@ -8,5 +8,5 @@
*/
function getLibs(prog)
{
- return ("lib/" + this.$name + ".a" + prog.build.target.suffix);
+ return ("lib/wolfssl.a" + prog.build.target.suffix);
}
diff --git a/tirtos/packages/ti/net/wolfssl/tests/wolfcrypt/benchmark/TM4C1294NC.icf b/tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/benchmark/TM4C1294NC.icf
similarity index 100%
rename from tirtos/packages/ti/net/wolfssl/tests/wolfcrypt/benchmark/TM4C1294NC.icf
rename to tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/benchmark/TM4C1294NC.icf
diff --git a/tirtos/packages/ti/net/wolfssl/tests/wolfcrypt/benchmark/benchmark.cfg b/tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/benchmark/benchmark.cfg
similarity index 100%
rename from tirtos/packages/ti/net/wolfssl/tests/wolfcrypt/benchmark/benchmark.cfg
rename to tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/benchmark/benchmark.cfg
diff --git a/tirtos/packages/ti/net/wolfssl/tests/wolfcrypt/benchmark/main.c b/tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/benchmark/main.c
similarity index 97%
rename from tirtos/packages/ti/net/wolfssl/tests/wolfcrypt/benchmark/main.c
rename to tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/benchmark/main.c
index 15ee1fb98..eddd432f7 100644
--- a/tirtos/packages/ti/net/wolfssl/tests/wolfcrypt/benchmark/main.c
+++ b/tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/benchmark/main.c
@@ -1,6 +1,6 @@
/*
* ======== main.c ========
- * Entry point for Benchmark application
+ * Entry point for Benchmark application
*/
/* BIOS Header files */
#include
@@ -27,7 +27,7 @@ void runBenchmarks(UArg arg0, UArg arg1)
{
void *args = NULL;
msTimer_init();
-
+
System_printf("Running benchmarks...\n");
System_flush();
benchmark_test(args);
diff --git a/tirtos/packages/ti/net/wolfssl/tests/wolfcrypt/benchmark/package.bld b/tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/benchmark/package.bld.hide
similarity index 93%
rename from tirtos/packages/ti/net/wolfssl/tests/wolfcrypt/benchmark/package.bld
rename to tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/benchmark/package.bld.hide
index cff396855..453fee738 100644
--- a/tirtos/packages/ti/net/wolfssl/tests/wolfcrypt/benchmark/package.bld
+++ b/tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/benchmark/package.bld.hide
@@ -10,7 +10,7 @@ if ((typeof(TivaWareDir) == undefined) || (TivaWareDir == "")) {
var Build = xdc.useModule('xdc.bld.BuildEnvironment');
var Pkg = xdc.useModule('xdc.bld.PackageContents');
-/* make command to search for the srcs */
+/* make command to search for the srcs */
Pkg.makePrologue = "vpath %.c $(subst ;, ,$(XPKGPATH))";
var srcs = [
@@ -37,16 +37,16 @@ for each (var targ in Build.targets) {
targ.$orig.lnkOpts.suffix = suffix.replace(/PrintfSmall/, "PrintfFull");
}
else if (targ.$name.match(/^gnu/)) {
- targ.$orig.lnkOpts.suffix += " -L" + TivaWareDir + "/driverlib/gcc "
+ targ.$orig.lnkOpts.suffix += " -L" + TivaWareDir + "/driverlib/gcc "
+ " -Wl,--start-group -ldriver -Wl,--end-group ";
targ.$orig.bspLib = "rdimon";
}
-
- var exeOptions = { incs: wolfsslPathInclude
+
+ var exeOptions = { incs: wolfsslPathInclude
+ " -DNO_MAIN_DRIVER -D_INCLUDE_NIMU_CODE -DBENCH_EMBEDDED "
+ " -DTIVAWARE -DPART_TM4C1294NCPDT",
lopts: lnkOpts
- };
+ };
var exe = Pkg.addExecutable("benchmark", targ, platform, exeOptions);
exe.addObjects(srcs);
diff --git a/tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/benchmark/package.xdc b/tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/benchmark/package.xdc
new file mode 100644
index 000000000..6a93cc333
--- /dev/null
+++ b/tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/benchmark/package.xdc
@@ -0,0 +1,6 @@
+/*
+ * ======== ti.net.wolfssl.tests.EK_TM4C1294XL.wolfcrypt.benchmark ========
+ * wc_ Benchmark Application
+ */
+package ti.net.wolfssl.tests.EK_TM4C1294XL.wolfcrypt.benchmark [1, 0, 0] {
+}
diff --git a/tirtos/packages/ti/net/wolfssl/tests/wolfcrypt/test/TM4C1294NC.icf b/tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/test/TM4C1294NC.icf
similarity index 100%
rename from tirtos/packages/ti/net/wolfssl/tests/wolfcrypt/test/TM4C1294NC.icf
rename to tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/test/TM4C1294NC.icf
diff --git a/tirtos/packages/ti/net/wolfssl/tests/wolfcrypt/test/main.c b/tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/test/main.c
similarity index 95%
rename from tirtos/packages/ti/net/wolfssl/tests/wolfcrypt/test/main.c
rename to tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/test/main.c
index 41378767a..88023e4e1 100644
--- a/tirtos/packages/ti/net/wolfssl/tests/wolfcrypt/test/main.c
+++ b/tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/test/main.c
@@ -1,6 +1,6 @@
/*
* ======== main.c ========
- * Entry point to wolfcrypt Test Application
+ * Entry point to wolfcrypt Test Application
*/
/* XDCtools Header files */
@@ -53,4 +53,3 @@ int main(int argc, char** argv)
BIOS_start();
}
-
diff --git a/tirtos/packages/ti/net/wolfssl/tests/wolfcrypt/test/package.bld b/tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/test/package.bld.hide
similarity index 92%
rename from tirtos/packages/ti/net/wolfssl/tests/wolfcrypt/test/package.bld
rename to tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/test/package.bld.hide
index a76add170..adfca1c9c 100644
--- a/tirtos/packages/ti/net/wolfssl/tests/wolfcrypt/test/package.bld
+++ b/tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/test/package.bld.hide
@@ -10,7 +10,7 @@ if ((typeof(TivaWareDir) == undefined) || (TivaWareDir == "")) {
var Build = xdc.useModule('xdc.bld.BuildEnvironment');
var Pkg = xdc.useModule('xdc.bld.PackageContents');
-/* make command to search for the srcs */
+/* make command to search for the srcs */
Pkg.makePrologue = "vpath %.c $(subst ;, ,$(XPKGPATH))";
var srcs = [
@@ -33,16 +33,16 @@ for each (var targ in Build.targets) {
platform = "ti.platforms.tiva:TM4C1294NCPDT";
}
else if (targ.$name.match(/^gnu/)) {
- targ.$orig.lnkOpts.suffix += " -L" + TivaWareDir + "/driverlib/gcc "
+ targ.$orig.lnkOpts.suffix += " -L" + TivaWareDir + "/driverlib/gcc "
+ " -Wl,--start-group -ldriver -Wl,--end-group ";
targ.$orig.bspLib = "rdimon";
}
-
- var exeOptions = { incs: wolfsslPathInclude
+
+ var exeOptions = { incs: wolfsslPathInclude
+ " -DNO_MAIN_DRIVER -D_INCLUDE_NIMU_CODE -DBENCH_EMBEDDED "
+ " -DTIVAWARE -DPART_TM4C1294NCPDT",
lopts: lnkOpts,
- };
+ };
var exe = Pkg.addExecutable("test", targ, platform, exeOptions);
exe.addObjects(srcs);
diff --git a/tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/test/package.xdc b/tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/test/package.xdc
new file mode 100644
index 000000000..0b85d5786
--- /dev/null
+++ b/tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/test/package.xdc
@@ -0,0 +1,6 @@
+/*
+ * ======== ti.net.wolfssl.tests.EK_TM4C1294XL.wolfcrypt.test ========
+ * wolfcrypt Test Application
+ */
+package ti.net.wolfssl.tests.EK_TM4C1294XL.wolfcrypt.test [1, 0, 0] {
+}
diff --git a/tirtos/packages/ti/net/wolfssl/tests/wolfcrypt/test/test.cfg b/tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/test/test.cfg
similarity index 100%
rename from tirtos/packages/ti/net/wolfssl/tests/wolfcrypt/test/test.cfg
rename to tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/test/test.cfg
diff --git a/tirtos/packages/ti/net/wolfssl/tests/wolfcrypt/benchmark/package.xdc b/tirtos/packages/ti/net/wolfssl/tests/wolfcrypt/benchmark/package.xdc
deleted file mode 100644
index c027f3203..000000000
--- a/tirtos/packages/ti/net/wolfssl/tests/wolfcrypt/benchmark/package.xdc
+++ /dev/null
@@ -1,6 +0,0 @@
-/*
- * ======== ti.net.wolfssl.tests.wolfcrypt.benchmark ========
- * wc_ Benchmark Application
- */
-package ti.net.wolfssl.tests.wolfcrypt.benchmark {
-}
diff --git a/tirtos/packages/ti/net/wolfssl/tests/wolfcrypt/test/package.xdc b/tirtos/packages/ti/net/wolfssl/tests/wolfcrypt/test/package.xdc
deleted file mode 100644
index 8b5cc1db6..000000000
--- a/tirtos/packages/ti/net/wolfssl/tests/wolfcrypt/test/package.xdc
+++ /dev/null
@@ -1,6 +0,0 @@
-/*
- * ======== ti.net.wolfssl.tests.wolfcrypt.test ========
- * wolfcrypt Test Application
- */
-package ti.net.wolfssl.tests.wolfcrypt.test {
-}
diff --git a/tirtos/wolfssl.bld b/tirtos/wolfssl.bld
index 5702b8340..1c1e55ef5 100644
--- a/tirtos/wolfssl.bld
+++ b/tirtos/wolfssl.bld
@@ -32,21 +32,25 @@
*/
var armOpts = " -ms ";
-var gnuOpts = "";
-var iarOpts = "";
+var gnuOpts = " -D_POSIX_SOURCE ";
+var iarOpts = " --diag_suppress=Pa134 ";
+var TivaWareDir = "";
/* Uncomment the following lines to build libraries for debug mode: */
// Pkg.attrs.profile = "debug";
// armOpts += " -g -o0 ";
-// gnuOpts += " -g ";
+// gnuOpts += " -g -D_POSIX_SOURCE ";
// iarOpts += " --debug ";
var ccOpts = {
- "ti.targets.arm.elf.M4F" : armOpts,
+ "ti.targets.arm.elf.M4" : armOpts,
+ "ti.targets.arm.elf.M4F" : armOpts,
- "gnu.targets.arm.M4F" : gnuOpts,
+ "gnu.targets.arm.M4" : gnuOpts,
+ "gnu.targets.arm.M4F" : gnuOpts,
- "iar.targets.arm.M4F" : iarOpts,
+ "iar.targets.arm.M4" : iarOpts,
+ "iar.targets.arm.M4F" : iarOpts,
};
/* initialize local vars with those set in xdcpaths.mak (via XDCARGS) */
@@ -64,7 +68,7 @@ for (arg = 0; arg < arguments.length; arg++) {
continue;
}
- if (targetName.match(/^TivaWareDir/) ) {
+ if (targetName.match(/^TIVAWARE/) ) {
TivaWareDir = rootDir;
continue;
}
diff --git a/tirtos/wolfssl.mak b/tirtos/wolfssl.mak
index 450e10aa7..5ab82c065 100644
--- a/tirtos/wolfssl.mak
+++ b/tirtos/wolfssl.mak
@@ -9,7 +9,7 @@ XDC_INSTALL_DIR ?= C:/ti/xdctools_3_24_02_30
SYSBIOS_INSTALL_DIR ?= C:/ti/bios_6_34_01_14
NDK_INSTALL_DIR ?= C:/ti/ndk_2_24_00_02
TIRTOS_INSTALLATION_DIR ?= C:/ti/tirtos_tivac_2_00_00_22
-TivaWareDir ?= C:/ti/tivaware
+TIVAWARE ?= C:/ti/tivaware
WOLFSSL_INSTALL_DIR ?= C:/wolfssl/wolfssl-2.9.4
#
@@ -40,12 +40,12 @@ XDCARGS= \
ti.targets.arm.elf.M4F=\"$(ti.targets.arm.elf.M4F)\" \
gnu.targets.arm.M4F=\"$(gnu.targets.arm.M4F)\" \
iar.targets.arm.M4F=\"$(iar.targets.arm.M4F)\" \
- TivaWareDir=\"$(TivaWareDir)\"
+ TIVAWARE=\"$(TIVAWARE)\"
#
# Set XDCPATH to contain necessary repositories.
#
-XDCPATH = $(SYSBIOS_INSTALL_DIR)/packages;$(NDK_INSTALL_DIR)/packages;$(WOLFSSL_INSTALL_DIR);$(TIRTOS_INSTALLATION_DIR)/packages;$(TivaWareDir);
+XDCPATH = $(SYSBIOS_INSTALL_DIR)/packages;$(NDK_INSTALL_DIR)/packages;$(WOLFSSL_INSTALL_DIR);$(TIRTOS_INSTALLATION_DIR)/packages;$(TIVAWARE);
export XDCPATH
#
diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c
index 5295e2470..938a4a641 100644
--- a/wolfcrypt/benchmark/benchmark.c
+++ b/wolfcrypt/benchmark/benchmark.c
@@ -32,7 +32,11 @@
#ifdef FREESCALE_MQX
#include
- #include
+ #if MQX_USE_IO_OLD
+ #include
+ #else
+ #include
+ #endif
#else
#include
#endif
@@ -71,7 +75,7 @@
#include "cavium_ioctl.h"
#endif
#ifdef HAVE_NTRU
- #include "ntru_crypto.h"
+ #include "libntruencrypt/ntru_crypto.h"
#endif
#if defined(WOLFSSL_MDK_ARM)
@@ -93,22 +97,22 @@
#define SHOW_INTEL_CYCLES
#endif
+/* let's use buffers, we have them */
+#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)
+ #define USE_CERT_BUFFERS_2048
+#endif
+
#if defined(USE_CERT_BUFFERS_1024) || defined(USE_CERT_BUFFERS_2048) \
|| !defined(NO_DH)
/* include test cert and key buffers for use with NO_FILESYSTEM */
- #if defined(WOLFSSL_MDK_ARM)
- #include "cert_data.h" /* use certs_test.c for initial data,
- so other commands can share the data. */
- #else
#include
- #endif
#endif
#ifdef HAVE_BLAKE2
#include
void bench_blake2(void);
-#endif
+#endif
#ifdef _MSC_VER
/* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */
@@ -189,7 +193,7 @@ static int OpenNitroxDevice(int dma_mode,int dev_id)
#if !defined(NO_RSA) || !defined(NO_DH) \
|| defined(WOLFSSL_KEYGEN) || defined(HAVE_ECC)
#define HAVE_LOCAL_RNG
- static RNG rng;
+ static WC_RNG rng;
#endif
/* use kB instead of mB for embedded benchmarking */
@@ -208,14 +212,14 @@ static int OpenNitroxDevice(int dma_mode,int dev_id)
#endif
-static const byte key[] =
+static const XGEN_ALIGN byte key[] =
{
0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10,
0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67
};
-static const byte iv[] =
+static const XGEN_ALIGN byte iv[] =
{
0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef,
0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
@@ -333,10 +337,6 @@ int benchmark_test(void *args)
bench_rsa();
#endif
-#ifdef HAVE_NTRU
- bench_ntru();
-#endif
-
#ifndef NO_DH
bench_dh();
#endif
@@ -346,6 +346,7 @@ int benchmark_test(void *args)
#endif
#ifdef HAVE_NTRU
+ bench_ntru();
bench_ntruKeyGen();
#endif
@@ -1127,38 +1128,30 @@ void bench_rsa(void)
{
int i;
int ret;
- byte tmp[3072];
size_t bytes;
word32 idx = 0;
+ const byte* tmp;
byte message[] = "Everyone gets Friday off.";
- byte enc[512]; /* for up to 4096 bit */
+ byte enc[256]; /* for up to 2048 bit */
const int len = (int)strlen((char*)message);
double start, total, each, milliEach;
-
+
RsaKey rsaKey;
int rsaKeySz = 2048; /* used in printf */
#ifdef USE_CERT_BUFFERS_1024
- XMEMCPY(tmp, rsa_key_der_1024, sizeof_rsa_key_der_1024);
+ tmp = rsa_key_der_1024;
bytes = sizeof_rsa_key_der_1024;
rsaKeySz = 1024;
#elif defined(USE_CERT_BUFFERS_2048)
- XMEMCPY(tmp, rsa_key_der_2048, sizeof_rsa_key_der_2048);
+ tmp = rsa_key_der_2048;
bytes = sizeof_rsa_key_der_2048;
#else
- FILE* file = fopen(certRSAname, "rb");
-
- if (!file) {
- printf("can't find %s, Please run from wolfSSL home dir\n", certRSAname);
- return;
- }
-
- bytes = fread(tmp, 1, sizeof(tmp), file);
- fclose(file);
+ #error "need a cert buffer size"
#endif /* USE_CERT_BUFFERS */
-
+
#ifdef HAVE_CAVIUM
if (wc_RsaInitCavium(&rsaKey, CAVIUM_DEV_ID) != 0)
printf("RSA init cavium failed\n");
@@ -1169,7 +1162,7 @@ void bench_rsa(void)
return;
}
ret = wc_RsaPrivateKeyDecode(tmp, &idx, &rsaKey, (word32)bytes);
-
+
start = current_time(1);
for (i = 0; i < ntimes; i++)
@@ -1190,7 +1183,7 @@ void bench_rsa(void)
start = current_time(1);
for (i = 0; i < ntimes; i++) {
- byte out[512]; /* for up to 4096 bit */
+ byte out[256]; /* for up to 2048 bit */
wc_RsaPrivateDecrypt(enc, (word32)ret, out, sizeof(out), &rsaKey);
}
@@ -1229,16 +1222,16 @@ void bench_rsa(void)
void bench_dh(void)
{
int i ;
- byte tmp[1024];
size_t bytes;
word32 idx = 0, pubSz, privSz = 0, pubSz2, privSz2, agreeSz;
+ const byte* tmp;
byte pub[256]; /* for 2048 bit */
- byte priv[256]; /* for 2048 bit */
byte pub2[256]; /* for 2048 bit */
- byte priv2[256]; /* for 2048 bit */
byte agree[256]; /* for 2048 bit */
-
+ byte priv[32]; /* for 2048 bit */
+ byte priv2[32]; /* for 2048 bit */
+
double start, total, each, milliEach;
DhKey dhKey;
int dhKeySz = 2048; /* used in printf */
@@ -1246,26 +1239,19 @@ void bench_dh(void)
(void)idx;
(void)tmp;
-
+
#ifdef USE_CERT_BUFFERS_1024
- XMEMCPY(tmp, dh_key_der_1024, sizeof_dh_key_der_1024);
+ tmp = dh_key_der_1024;
bytes = sizeof_dh_key_der_1024;
dhKeySz = 1024;
#elif defined(USE_CERT_BUFFERS_2048)
- XMEMCPY(tmp, dh_key_der_2048, sizeof_dh_key_der_2048);
+ tmp = dh_key_der_2048;
bytes = sizeof_dh_key_der_2048;
#elif defined(NO_ASN)
dhKeySz = 1024;
/* do nothing, but don't use default FILE */
#else
- FILE* file = fopen(certDHname, "rb");
-
- if (!file) {
- printf("can't find %s, Please run from wolfSSL home dir\n", certDHname);
- return;
- }
-
- bytes = fread(tmp, 1, sizeof(tmp), file);
+ #error "need to define a cert buffer size"
#endif /* USE_CERT_BUFFERS */
@@ -1274,9 +1260,6 @@ void bench_dh(void)
bytes = wc_DhSetKey(&dhKey, dh_p, sizeof(dh_p), dh_g, sizeof(dh_g));
#else
bytes = wc_DhKeyDecode(tmp, &idx, &dhKey, (word32)bytes);
- #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)
- fclose(file);
- #endif
#endif
if (bytes != 0) {
printf("dhekydecode failed, can't benchmark\n");
@@ -1357,7 +1340,7 @@ byte GetEntropy(ENTROPY_CMD cmd, byte* out);
byte GetEntropy(ENTROPY_CMD cmd, byte* out)
{
if (cmd == INIT)
- return (wc_InitRng(&rng) == 0) ? 1 : 0;
+ return 1; /* using local rng */
if (out == NULL)
return 0;
@@ -1378,12 +1361,15 @@ void bench_ntru(void)
int i;
double start, total, each, milliEach;
- byte public_key[557];
+ byte public_key[1027];
word16 public_key_len = sizeof(public_key);
- byte private_key[607];
+ byte private_key[1120];
word16 private_key_len = sizeof(private_key);
+ word16 ntruBits = 128;
+ word16 type = 0;
+ word32 ret;
- byte ciphertext[552];
+ byte ciphertext[1022];
word16 ciphertext_len;
byte plaintext[16];
word16 plaintext_len;
@@ -1394,107 +1380,120 @@ void bench_ntru(void)
0x7b, 0x12, 0x49, 0x88, 0xaf, 0xb3, 0x22, 0xd8
};
- static byte const cyasslStr[] = {
- 'C', 'y', 'a', 'S', 'S', 'L', ' ', 'N', 'T', 'R', 'U'
+ static byte const wolfsslStr[] = {
+ 'w', 'o', 'l', 'f', 'S', 'S', 'L', ' ', 'N', 'T', 'R', 'U'
};
- word32 rc = ntru_crypto_drbg_instantiate(112, cyasslStr, sizeof(cyasslStr),
- (ENTROPY_FN) GetEntropy, &drbg);
- if(rc != DRBG_OK) {
- printf("NTRU drbg instantiate failed\n");
- return;
- }
+ printf("\n");
+ for (ntruBits = 128; ntruBits < 257; ntruBits += 64) {
+ switch (ntruBits) {
+ case 128:
+ type = NTRU_EES439EP1;
+ break;
+ case 192:
+ type = NTRU_EES593EP1;
+ break;
+ case 256:
+ type = NTRU_EES743EP1;
+ break;
+ }
- rc = ntru_crypto_ntru_encrypt_keygen(drbg, NTRU_EES401EP2,
- &public_key_len, NULL, &private_key_len, NULL);
- if (rc != NTRU_OK) {
- ntru_crypto_drbg_uninstantiate(drbg);
- printf("NTRU failed to get key lengths\n");
- return;
- }
-
- rc = ntru_crypto_ntru_encrypt_keygen(drbg, NTRU_EES401EP2, &public_key_len,
- public_key, &private_key_len,
- private_key);
-
- ntru_crypto_drbg_uninstantiate(drbg);
-
- if (rc != NTRU_OK) {
- ntru_crypto_drbg_uninstantiate(drbg);
- printf("NTRU keygen failed\n");
- return;
- }
-
- rc = ntru_crypto_drbg_instantiate(112, NULL, 0, (ENTROPY_FN)GetEntropy,
- &drbg);
- if (rc != DRBG_OK) {
- printf("NTRU error occurred during DRBG instantiation\n");
- return;
- }
-
- rc = ntru_crypto_ntru_encrypt(drbg, public_key_len, public_key, sizeof(
- aes_key), aes_key, &ciphertext_len, NULL);
-
- if (rc != NTRU_OK) {
- printf("NTRU error occurred requesting the buffer size needed\n");
- return;
- }
- start = current_time(1);
-
- for (i = 0; i < ntimes; i++) {
-
- rc = ntru_crypto_ntru_encrypt(drbg, public_key_len, public_key, sizeof(
- aes_key), aes_key, &ciphertext_len, ciphertext);
-
- if (rc != NTRU_OK) {
- printf("NTRU encrypt error\n");
+ ret = ntru_crypto_drbg_instantiate(ntruBits, wolfsslStr,
+ sizeof(wolfsslStr), (ENTROPY_FN) GetEntropy, &drbg);
+ if(ret != DRBG_OK) {
+ printf("NTRU drbg instantiate failed\n");
return;
}
- }
- rc = ntru_crypto_drbg_uninstantiate(drbg);
+ /* set key sizes */
+ ret = ntru_crypto_ntru_encrypt_keygen(drbg, type, &public_key_len,
+ NULL, &private_key_len, NULL);
+ if (ret != NTRU_OK) {
+ ntru_crypto_drbg_uninstantiate(drbg);
+ printf("NTRU failed to get key lengths\n");
+ return;
+ }
- if (rc != DRBG_OK) {
- printf("NTRU error occurred uninstantiating the DRBG\n");
- return;
- }
+ ret = ntru_crypto_ntru_encrypt_keygen(drbg, type, &public_key_len,
+ public_key, &private_key_len,
+ private_key);
- total = current_time(0) - start;
- each = total / ntimes; /* per second */
- milliEach = each * 1000; /* milliseconds */
+ ntru_crypto_drbg_uninstantiate(drbg);
- printf("NTRU 112 encryption took %6.3f milliseconds, avg over %d"
- " iterations\n", milliEach, ntimes);
+ if (ret != NTRU_OK) {
+ printf("NTRU keygen failed\n");
+ return;
+ }
+
+ ret = ntru_crypto_drbg_instantiate(ntruBits, NULL, 0,
+ (ENTROPY_FN)GetEntropy, &drbg);
+ if (ret != DRBG_OK) {
+ printf("NTRU error occurred during DRBG instantiation\n");
+ return;
+ }
+
+ ret = ntru_crypto_ntru_encrypt(drbg, public_key_len, public_key,
+ sizeof(aes_key), aes_key, &ciphertext_len, NULL);
+
+ if (ret != NTRU_OK) {
+ printf("NTRU error occurred requesting the buffer size needed\n");
+ return;
+ }
+ start = current_time(1);
+
+ for (i = 0; i < ntimes; i++) {
+ ret = ntru_crypto_ntru_encrypt(drbg, public_key_len, public_key,
+ sizeof(aes_key), aes_key, &ciphertext_len, ciphertext);
+ if (ret != NTRU_OK) {
+ printf("NTRU encrypt error\n");
+ return;
+ }
+ }
+ ret = ntru_crypto_drbg_uninstantiate(drbg);
+
+ if (ret != DRBG_OK) {
+ printf("NTRU error occurred uninstantiating the DRBG\n");
+ return;
+ }
+
+ total = current_time(0) - start;
+ each = total / ntimes; /* per second */
+ milliEach = each * 1000; /* milliseconds */
+
+ printf("NTRU %d encryption took %6.3f milliseconds, avg over %d"
+ " iterations\n", ntruBits, milliEach, ntimes);
- rc = ntru_crypto_ntru_decrypt(private_key_len, private_key, ciphertext_len,
- ciphertext, &plaintext_len, NULL);
+ ret = ntru_crypto_ntru_decrypt(private_key_len, private_key,
+ ciphertext_len, ciphertext, &plaintext_len, NULL);
- if (rc != NTRU_OK) {
- printf("NTRU decrypt error occurred getting the buffer size needed\n");
- return;
- }
+ if (ret != NTRU_OK) {
+ printf("NTRU decrypt error occurred getting the buffer size needed\n");
+ return;
+ }
- plaintext_len = sizeof(plaintext);
- start = current_time(1);
+ plaintext_len = sizeof(plaintext);
+ start = current_time(1);
- for (i = 0; i < ntimes; i++) {
- rc = ntru_crypto_ntru_decrypt(private_key_len, private_key,
+ for (i = 0; i < ntimes; i++) {
+ ret = ntru_crypto_ntru_decrypt(private_key_len, private_key,
ciphertext_len, ciphertext,
&plaintext_len, plaintext);
- if (rc != NTRU_OK) {
- printf("NTRU error occurred decrypting the key\n");
- return;
+ if (ret != NTRU_OK) {
+ printf("NTRU error occurred decrypting the key\n");
+ return;
+ }
}
+
+ total = current_time(0) - start;
+ each = total / ntimes; /* per second */
+ milliEach = each * 1000; /* milliseconds */
+
+ printf("NTRU %d decryption took %6.3f milliseconds, avg over %d"
+ " iterations\n", ntruBits, milliEach, ntimes);
}
- total = current_time(0) - start;
- each = total / ntimes; /* per second */
- milliEach = each * 1000; /* milliseconds */
-
- printf("NTRU 112 decryption took %6.3f milliseconds, avg over %d"
- " iterations\n", milliEach, ntimes);
}
void bench_ntruKeyGen(void)
@@ -1502,51 +1501,74 @@ void bench_ntruKeyGen(void)
double start, total, each, milliEach;
int i;
- byte public_key[557]; /* 2048 key equivalent to rsa */
+ byte public_key[1027];
word16 public_key_len = sizeof(public_key);
- byte private_key[607];
+ byte private_key[1120];
word16 private_key_len = sizeof(private_key);
+ word16 ntruBits = 128;
+ word16 type = 0;
+ word32 ret;
DRBG_HANDLE drbg;
static uint8_t const pers_str[] = {
- 'C', 'y', 'a', 'S', 'S', 'L', ' ', 't', 'e', 's', 't'
+ 'w', 'o', 'l', 'f', 'S', 'S', 'L', ' ', 't', 'e', 's', 't'
};
- word32 rc = ntru_crypto_drbg_instantiate(112, pers_str, sizeof(pers_str),
- GetEntropy, &drbg);
- if(rc != DRBG_OK) {
- printf("NTRU drbg instantiate failed\n");
- return;
+ for (ntruBits = 128; ntruBits < 257; ntruBits += 64) {
+ ret = ntru_crypto_drbg_instantiate(ntruBits, pers_str,
+ sizeof(pers_str), GetEntropy, &drbg);
+ if (ret != DRBG_OK) {
+ printf("NTRU drbg instantiate failed\n");
+ return;
+ }
+
+ switch (ntruBits) {
+ case 128:
+ type = NTRU_EES439EP1;
+ break;
+ case 192:
+ type = NTRU_EES593EP1;
+ break;
+ case 256:
+ type = NTRU_EES743EP1;
+ break;
+ }
+
+ /* set key sizes */
+ ret = ntru_crypto_ntru_encrypt_keygen(drbg, type, &public_key_len,
+ NULL, &private_key_len, NULL);
+ start = current_time(1);
+
+ for(i = 0; i < genTimes; i++) {
+ ret = ntru_crypto_ntru_encrypt_keygen(drbg, type, &public_key_len,
+ public_key, &private_key_len,
+ private_key);
+ }
+
+ total = current_time(0) - start;
+
+ if (ret != NTRU_OK) {
+ printf("keygen failed\n");
+ return;
+ }
+
+ ret = ntru_crypto_drbg_uninstantiate(drbg);
+
+ if (ret != NTRU_OK) {
+ printf("NTRU drbg uninstantiate failed\n");
+ return;
+ }
+
+ each = total / genTimes;
+ milliEach = each * 1000;
+
+ printf("NTRU %d key generation %6.3f milliseconds, avg over %d"
+ " iterations\n", ntruBits, milliEach, genTimes);
}
-
- start = current_time(1);
-
- for(i = 0; i < genTimes; i++) {
- ntru_crypto_ntru_encrypt_keygen(drbg, NTRU_EES401EP2, &public_key_len,
- public_key, &private_key_len,
- private_key);
- }
-
- total = current_time(0) - start;
-
- rc = ntru_crypto_drbg_uninstantiate(drbg);
-
- if (rc != NTRU_OK) {
- printf("NTRU drbg uninstantiate failed\n");
- return;
- }
-
- each = total / genTimes;
- milliEach = each * 1000;
-
- printf("\n");
- printf("NTRU 112 key generation %6.3f milliseconds, avg over %d"
- " iterations\n", milliEach, genTimes);
-
}
#endif
-#ifdef HAVE_ECC
+#ifdef HAVE_ECC
void bench_eccKeyGen(void)
{
ecc_key genKey;
@@ -1576,11 +1598,11 @@ void bench_eccKeyAgree(void)
ecc_key genKey, genKey2;
double start, total, each, milliEach;
int i, ret;
- byte shared[1024];
- byte sig[1024];
+ byte shared[32];
+ byte sig[64+16]; /* der encoding too */
byte digest[32];
word32 x = 0;
-
+
wc_ecc_init(&genKey);
wc_ecc_init(&genKey2);
@@ -1595,7 +1617,7 @@ void bench_eccKeyAgree(void)
return;
}
- /* 256 bit */
+ /* 256 bit */
start = current_time(1);
for(i = 0; i < agreeTimes; i++) {
@@ -1603,7 +1625,7 @@ void bench_eccKeyAgree(void)
ret = wc_ecc_shared_secret(&genKey, &genKey2, shared, &x);
if (ret != 0) {
printf("ecc_shared_secret failed\n");
- return;
+ return;
}
}
@@ -1686,7 +1708,7 @@ void bench_curve25519KeyAgree(void)
curve25519_key genKey, genKey2;
double start, total, each, milliEach;
int i, ret;
- byte shared[1024];
+ byte shared[32];
word32 x = 0;
wc_curve25519_init(&genKey);
@@ -1859,9 +1881,8 @@ void bench_ed25519KeySign(void)
return ( ns / CLOCK * 2.0);
}
-#elif defined(WOLFSSL_IAR_ARM) || defined (WOLFSSL_MDK_ARM)
- #warning "Write your current_time()"
- double current_time(int reset) { return 0.0 ; }
+#elif defined(WOLFSSL_IAR_ARM_TIME) || defined (WOLFSSL_MDK_ARM) || defined(WOLFSSL_USER_CURRTIME)
+ extern double current_time(int reset);
#elif defined FREERTOS
diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c
index 896ee147d..9382edaf9 100644
--- a/wolfcrypt/src/aes.c
+++ b/wolfcrypt/src/aes.c
@@ -55,13 +55,6 @@ int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
}
-int wc_AesCbcDecryptWithKey(byte* out, const byte* in, word32 inSz,
- const byte* key, word32 keySz, const byte* iv)
-{
- return AesCbcDecryptWithKey(out, in, inSz, key, keySz, iv);
-}
-
-
/* AES-CTR */
#ifdef WOLFSSL_AES_COUNTER
void wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
@@ -174,6 +167,11 @@ void wc_AesFreeCavium(Aes* aes)
}
#endif
#else /* HAVE_FIPS */
+
+#ifdef WOLFSSL_TI_CRYPT
+#include
+#else
+
#include
#include
#ifdef NO_INLINE
@@ -1716,32 +1714,6 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
}
-int wc_AesCbcDecryptWithKey(byte* out, const byte* in, word32 inSz,
- const byte* key, word32 keySz, const byte* iv)
-{
- int ret = 0;
-#ifdef WOLFSSL_SMALL_STACK
- Aes* aes = NULL;
-#else
- Aes aes[1];
-#endif
-
-#ifdef WOLFSSL_SMALL_STACK
- aes = (Aes*)XMALLOC(sizeof(Aes), NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (aes == NULL)
- return MEMORY_E;
-#endif
-
- ret = wc_AesSetKey(aes, key, keySz, iv, AES_DECRYPTION);
- if (ret == 0)
- ret = wc_AesCbcDecrypt(aes, out, in, inSz);
-
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(aes, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
- return ret;
-}
/* AES-DIRECT */
@@ -1779,13 +1751,13 @@ int wc_AesCbcDecryptWithKey(byte* out, const byte* in, word32 inSz,
/* Allow direct access to one block encrypt */
void wc_AesEncryptDirect(Aes* aes, byte* out, const byte* in)
{
- return wc_AesEncrypt(aes, in, out);
+ wc_AesEncrypt(aes, in, out);
}
/* Allow direct access to one block decrypt */
void wc_AesDecryptDirect(Aes* aes, byte* out, const byte* in)
{
- return wc_AesDecrypt(aes, in, out);
+ wc_AesDecrypt(aes, in, out);
}
#endif /* FREESCALE_MMCAU, AES direct block */
@@ -3885,6 +3857,8 @@ static int AesCaviumCbcDecrypt(Aes* aes, byte* out, const byte* in,
#endif /* HAVE_CAVIUM */
+#endif /* WOLFSSL_TI_CRYPT */
+
#endif /* HAVE_FIPS */
#endif /* NO_AES */
diff --git a/wolfcrypt/src/asm.c b/wolfcrypt/src/asm.c
index fef35cd1c..9f8458588 100755
--- a/wolfcrypt/src/asm.c
+++ b/wolfcrypt/src/asm.c
@@ -33,6 +33,89 @@
/******************************************************************/
/* fp_montgomery_reduce.c asm or generic */
+
+
+/* Each platform needs to query info type 1 from cpuid to see if aesni is
+ * supported. Also, let's setup a macro for proper linkage w/o ABI conflicts
+ */
+
+#if defined(HAVE_INTEL_MULX)
+#ifndef _MSC_VER
+ #define cpuid(reg, leaf, sub)\
+ __asm__ __volatile__ ("cpuid":\
+ "=a" (reg[0]), "=b" (reg[1]), "=c" (reg[2]), "=d" (reg[3]) :\
+ "a" (leaf), "c"(sub));
+
+ #define XASM_LINK(f) asm(f)
+#else
+
+ #include
+ #define cpuid(a,b) __cpuid((int*)a,b)
+
+ #define XASM_LINK(f)
+
+#endif /* _MSC_VER */
+
+#define EAX 0
+#define EBX 1
+#define ECX 2
+#define EDX 3
+
+#define CPUID_AVX1 0x1
+#define CPUID_AVX2 0x2
+#define CPUID_RDRAND 0x4
+#define CPUID_RDSEED 0x8
+#define CPUID_BMI2 0x10 /* MULX, RORX */
+#define CPUID_ADX 0x20 /* ADCX, ADOX */
+
+#define IS_INTEL_AVX1 (cpuid_flags&CPUID_AVX1)
+#define IS_INTEL_AVX2 (cpuid_flags&CPUID_AVX2)
+#define IS_INTEL_BMI2 (cpuid_flags&CPUID_BMI2)
+#define IS_INTEL_ADX (cpuid_flags&CPUID_ADX)
+#define IS_INTEL_RDRAND (cpuid_flags&CPUID_RDRAND)
+#define IS_INTEL_RDSEED (cpuid_flags&CPUID_RDSEED)
+#define SET_FLAGS
+
+static word32 cpuid_check = 0 ;
+static word32 cpuid_flags = 0 ;
+
+static word32 cpuid_flag(word32 leaf, word32 sub, word32 num, word32 bit) {
+ int got_intel_cpu=0;
+ unsigned int reg[5];
+
+ reg[4] = '\0' ;
+ cpuid(reg, 0, 0);
+ if(memcmp((char *)&(reg[EBX]), "Genu", 4) == 0 &&
+ memcmp((char *)&(reg[EDX]), "ineI", 4) == 0 &&
+ memcmp((char *)&(reg[ECX]), "ntel", 4) == 0) {
+ got_intel_cpu = 1;
+ }
+ if (got_intel_cpu) {
+ cpuid(reg, leaf, sub);
+ return((reg[num]>>bit)&0x1) ;
+ }
+ return 0 ;
+}
+
+INLINE static int set_cpuid_flags(void) {
+ if(cpuid_check == 0) {
+ if(cpuid_flag(7, 0, EBX, 8)){ cpuid_flags |= CPUID_BMI2 ; }
+ if(cpuid_flag(7, 0, EBX,19)){ cpuid_flags |= CPUID_ADX ; }
+ cpuid_check = 1 ;
+ return 0 ;
+ }
+ return 1 ;
+}
+
+#define RETURN return
+#define IF_HAVE_INTEL_MULX(func, ret) \
+ if(cpuid_check==0)set_cpuid_flags() ; \
+ if(IS_INTEL_BMI2 && IS_INTEL_ADX){ func; ret ; }
+
+#else
+ #define IF_HAVE_INTEL_MULX(func, ret)
+#endif
+
#if defined(TFM_X86) && !defined(TFM_SSE2)
/* x86-32 code */
@@ -87,7 +170,7 @@ __asm__( \
:"0"(_c[LO]), "1"(cy), "r"(mu), "r"(*tmpm++) \
: "%rax", "%rdx", "cc")
-#ifdef HAVE_INTEL_MULX
+#if defined(HAVE_INTEL_MULX)
#define MULX_INIT(a0, c0, cy)\
__asm__ volatile( \
"xorq %%r10, %%r10\n\t" \
@@ -1208,80 +1291,6 @@ __asm__( \
"adcl $0,%2 \n\t" \
:"=r"(c0), "=r"(c1), "=r"(c2): "0"(c0), "1"(c1), "2"(c2), "m"(i), "m"(j) :"%eax","%edx","cc");
-#elif defined(HAVE_INTEL_MULX)
-
-/* anything you need at the start */
-#define COMBA_START
-
-/* clear the chaining variables */
-#define COMBA_CLEAR \
- c0 = c1 = c2 = 0;
-
-/* forward the carry to the next digit */
-#define COMBA_FORWARD \
- do { c0 = c1; c1 = c2; c2 = 0; } while (0);
-
-/* store the first sum */
-#define COMBA_STORE(x) \
- x = c0;
-
-/* store the second sum [carry] */
-#define COMBA_STORE2(x) \
- x = c1;
-
-/* anything you need at the end */
-#define COMBA_FINI
-
-#define MULADD_MULX(b0, c0, c1)\
- __asm__ volatile ( \
- "mulx %2,%%r9, %%r8 \n\t" \
- "adoxq %%r9,%0 \n\t" \
- "adcxq %%r8,%1 \n\t" \
- :"+r"(c0),"+r"(c1):"r"(b0):"%r8","%r9","%r10","%rdx"\
- )
-
-
-#define MULADD_MULX_ADD_CARRY(c0, c1)\
- __asm__ volatile(\
- "mov $0, %%r10\n\t"\
- "movq %1, %%r8\n\t" \
- "adox %%r10, %0\n\t"\
- "adcx %%r10, %1\n\t"\
- :"+r"(c0),"+r"(c1)::"%r8","%r9","%r10","%rdx") ;
-
-#define MULADD_SET_A(a0)\
- __asm__ volatile("add $0, %%r8\n\t" \
- "movq %0,%%rdx\n\t"::"r"(a0):"%r8","%r9","%r10","%rdx") ; \
-
-#define MULADD_BODY(a,b,c)\
- cp = &(c->dp[iz]) ;\
- c0 = cp[0] ; c1 = cp[1];\
- MULADD_SET_A(a->dp[ix]) ;\
- MULADD_MULX(b0, c0, c1) ;\
- cp[0]=c0; c0=cp[2]; cp++ ;\
- MULADD_MULX(b1, c1, c0) ;\
- cp[0]=c1; c1=cp[2]; cp++ ; \
- MULADD_MULX(b2, c0, c1) ;\
- cp[0]=c0; c0=cp[2]; cp++ ; \
- MULADD_MULX(b3, c1, c0) ;\
- cp[0]=c1; c1=cp[2]; cp++ ; \
- MULADD_MULX_ADD_CARRY(c0, c1) ;\
- cp[0]=c0; cp[1]=c1;
-
-#define TFM_INTEL_MUL_COMBA(a, b, c)\
- for(ix=0; ixdp[ix]=0 ;\
- for(iy=0; (iyused); iy+=4) {\
- fp_digit *bp ;\
- bp = &(b->dp[iy+0]) ; \
- fp_digit b0 = bp[0] , b1= bp[1], b2= bp[2], b3= bp[3];\
- ix=0, iz=iy;\
- while(ixused) {\
- fp_digit c0, c1; \
- fp_digit *cp ;\
- MULADD_BODY(a,b,c); ix++ ; iz++ ; \
- }\
-};
-
#elif defined(TFM_X86_64)
/* x86-64 optimized */
@@ -1317,6 +1326,65 @@ __asm__ ( \
"adcq $0,%2 \n\t" \
:"=r"(c0), "=r"(c1), "=r"(c2): "0"(c0), "1"(c1), "2"(c2), "g"(i), "g"(j) :"%rax","%rdx","cc");
+
+#if defined(HAVE_INTEL_MULX)
+#define MULADD_MULX(b0, c0, c1, rdx)\
+ __asm__ volatile ( \
+ "movq %3, %%rdx\n\t" \
+ "mulx %2,%%r9, %%r8 \n\t" \
+ "adoxq %%r9,%0 \n\t" \
+ "adcxq %%r8,%1 \n\t" \
+ :"+r"(c0),"+r"(c1):"r"(b0), "r"(rdx):"%r8","%r9","%r10","%rdx"\
+ )
+
+
+#define MULADD_MULX_ADD_CARRY(c0, c1)\
+ __asm__ volatile(\
+ "mov $0, %%r10\n\t"\
+ "movq %1, %%r8\n\t"\
+ "adox %%r10, %0\n\t"\
+ "adcx %%r10, %1\n\t"\
+ :"+r"(c0),"+r"(c1)::"%r8","%r9","%r10","%rdx") ;
+
+#define MULADD_SET_A(a0)\
+ __asm__ volatile("add $0, %%r8\n\t" \
+ "movq %0,%%rdx\n\t" \
+ ::"r"(a0):"%r8","%r9","%r10","%rdx") ;
+
+#define MULADD_BODY(a,b,c)\
+ { word64 rdx = a->dp[ix] ; \
+ cp = &(c->dp[iz]) ; \
+ c0 = cp[0] ; c1 = cp[1]; \
+ MULADD_SET_A(rdx) ; \
+ MULADD_MULX(b0, c0, c1, rdx) ;\
+ cp[0]=c0; c0=cp[2]; \
+ MULADD_MULX(b1, c1, c0, rdx) ;\
+ cp[1]=c1; c1=cp[3]; \
+ MULADD_MULX(b2, c0, c1, rdx) ;\
+ cp[2]=c0; c0=cp[4]; \
+ MULADD_MULX(b3, c1, c0, rdx) ;\
+ cp[3]=c1; c1=cp[5]; \
+ MULADD_MULX_ADD_CARRY(c0, c1);\
+ cp[4]=c0; cp[5]=c1; \
+ }
+
+#define TFM_INTEL_MUL_COMBA(a, b, c)\
+ for(ix=0; ixdp[ix]=0 ; \
+ for(iy=0; (iyused); iy+=4) { \
+ fp_digit *bp ; \
+ bp = &(b->dp[iy+0]) ; \
+ fp_digit b0 = bp[0] , b1= bp[1], \
+ b2= bp[2], b3= bp[3]; \
+ ix=0, iz=iy; \
+ while(ixused) { \
+ fp_digit c0, c1; \
+ fp_digit *cp ; \
+ MULADD_BODY(a,b,c); \
+ ix++ ; iz++ ; \
+ } \
+};
+#endif
+
#elif defined(TFM_SSE2)
/* use SSE2 optimizations */
diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index 6c61fbf2a..1640072a4 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -42,6 +42,7 @@
#include
#include
+#include
#ifndef NO_RC4
@@ -49,7 +50,7 @@
#endif
#ifdef HAVE_NTRU
- #include "ntru_crypto.h"
+ #include "libntruencrypt/ntru_crypto.h"
#endif
#if defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384)
@@ -65,8 +66,12 @@
#endif
#ifdef WOLFSSL_DEBUG_ENCODING
- #ifdef FREESCALE_MQX
- #include
+ #if defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX)
+ #if MQX_USE_IO_OLD
+ #include
+ #else
+ #include
+ #endif
#else
#include
#endif
@@ -104,23 +109,11 @@
#define XTIME(t1) pic32_time((t1))
#define XGMTIME(c, t) gmtime((c))
#define XVALIDATE_DATE(d, f, t) ValidateDate((d), (f), (t))
-#elif defined(FREESCALE_MQX)
+#elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX)
#define XTIME(t1) mqx_time((t1))
#define XGMTIME(c, t) mqx_gmtime((c), (t))
#define XVALIDATE_DATE(d, f, t) ValidateDate((d), (f), (t))
-#elif defined(WOLFSSL_MDK_ARM)
- #if defined(WOLFSSL_MDK5)
- #include "cmsis_os.h"
- #else
- #include
- #endif
- #undef RNG
- #include "wolfssl_MDK_ARM.h"
- #undef RNG
- #define RNG wolfSSL_RNG /*for avoiding name conflict in "stm32f2xx.h" */
- #define XTIME(tl) (0)
- #define XGMTIME(c, t) wolfssl_MDK_gmtime((c))
- #define XVALIDATE_DATE(d, f, t) ValidateDate((d), (f), (t))
+
#elif defined(USER_TIME)
/* user time, and gmtime compatible functions, there is a gmtime
implementation here that WINCE uses, so really just need some ticks
@@ -333,7 +326,7 @@ time_t pic32_time(time_t* timer)
#endif /* MICROCHIP_TCPIP */
-#ifdef FREESCALE_MQX
+#if defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX)
time_t mqx_time(time_t* timer)
{
@@ -363,7 +356,7 @@ time_t XTIME(time_t * timer)
{
time_t sec = 0;
- sec = (time_t) MYTIME_gettime();
+ sec = (time_t) Seconds_get();
if (timer != NULL)
*timer = sec;
@@ -529,7 +522,8 @@ WOLFSSL_LOCAL int GetSet(const byte* input, word32* inOutIdx, int* len,
/* winodws header clash for WinCE using GetVersion */
-WOLFSSL_LOCAL int GetMyVersion(const byte* input, word32* inOutIdx, int* version)
+WOLFSSL_LOCAL int GetMyVersion(const byte* input, word32* inOutIdx,
+ int* version)
{
word32 idx = *inOutIdx;
@@ -903,6 +897,9 @@ static int DecryptKey(const char* password, int passwordSz, byte* salt,
byte key[MAX_KEY_SIZE];
#endif
+ (void)input;
+ (void)length;
+
switch (id) {
case PBE_MD5_DES:
typeH = MD5;
@@ -939,11 +936,13 @@ static int DecryptKey(const char* password, int passwordSz, byte* salt,
#endif
if (version == PKCS5v2)
- ret = wc_PBKDF2(key, (byte*)password, passwordSz, salt, saltSz, iterations,
- derivedLen, typeH);
+ ret = wc_PBKDF2(key, (byte*)password, passwordSz,
+ salt, saltSz, iterations, derivedLen, typeH);
+#ifndef NO_SHA
else if (version == PKCS5)
- ret = wc_PBKDF1(key, (byte*)password, passwordSz, salt, saltSz, iterations,
- derivedLen, typeH);
+ ret = wc_PBKDF1(key, (byte*)password, passwordSz,
+ salt, saltSz, iterations, derivedLen, typeH);
+#endif
else if (version == PKCS12) {
int i, idx = 0;
byte unicodePasswd[MAX_UNICODE_SZ];
@@ -1383,7 +1382,8 @@ int DsaPublicKeyDecode(const byte* input, word32* inOutIdx, DsaKey* key,
if (GetInt(&key->p, input, inOutIdx, inSz) < 0 ||
GetInt(&key->q, input, inOutIdx, inSz) < 0 ||
GetInt(&key->g, input, inOutIdx, inSz) < 0 ||
- GetInt(&key->y, input, inOutIdx, inSz) < 0 ) return ASN_DH_KEY_E;
+ GetInt(&key->y, input, inOutIdx, inSz) < 0 )
+ return ASN_DH_KEY_E;
key->type = DSA_PUBLIC;
return 0;
@@ -1405,12 +1405,130 @@ int DsaPrivateKeyDecode(const byte* input, word32* inOutIdx, DsaKey* key,
GetInt(&key->q, input, inOutIdx, inSz) < 0 ||
GetInt(&key->g, input, inOutIdx, inSz) < 0 ||
GetInt(&key->y, input, inOutIdx, inSz) < 0 ||
- GetInt(&key->x, input, inOutIdx, inSz) < 0 ) return ASN_DH_KEY_E;
+ GetInt(&key->x, input, inOutIdx, inSz) < 0 )
+ return ASN_DH_KEY_E;
key->type = DSA_PRIVATE;
return 0;
}
+static mp_int* GetDsaInt(DsaKey* key, int idx)
+{
+ if (idx == 0)
+ return &key->p;
+ if (idx == 1)
+ return &key->q;
+ if (idx == 2)
+ return &key->g;
+ if (idx == 3)
+ return &key->y;
+ if (idx == 4)
+ return &key->x;
+
+ return NULL;
+}
+
+/* Release Tmp DSA resources */
+static INLINE void FreeTmpDsas(byte** tmps)
+{
+ int i;
+
+ for (i = 0; i < DSA_INTS; i++)
+ XFREE(tmps[i], NULL, DYNAMIC_TYPE_DSA);
+}
+
+/* Convert DsaKey key to DER format, write to output (inLen), return bytes
+ written */
+int wc_DsaKeyToDer(DsaKey* key, byte* output, word32 inLen)
+{
+ word32 seqSz, verSz, rawLen, intTotalLen = 0;
+ word32 sizes[DSA_INTS];
+ int i, j, outLen, ret = 0, lbit;
+ int err;
+
+ byte seq[MAX_SEQ_SZ];
+ byte ver[MAX_VERSION_SZ];
+ byte* tmps[DSA_INTS];
+
+ if (!key || !output)
+ return BAD_FUNC_ARG;
+
+ if (key->type != DSA_PRIVATE)
+ return BAD_FUNC_ARG;
+
+ for (i = 0; i < DSA_INTS; i++)
+ tmps[i] = NULL;
+
+ /* write all big ints from key to DER tmps */
+ for (i = 0; i < DSA_INTS; i++) {
+ mp_int* keyInt = GetDsaInt(key, i);
+
+ /* leading zero */
+ if ((mp_count_bits(keyInt) & 7) == 0 || mp_iszero(keyInt) == MP_YES)
+ lbit = 1;
+ else
+ lbit = 0;
+
+ rawLen = mp_unsigned_bin_size(keyInt) + lbit;
+
+ tmps[i] = (byte*)XMALLOC(rawLen + MAX_SEQ_SZ, NULL, DYNAMIC_TYPE_DSA);
+ if (tmps[i] == NULL) {
+ ret = MEMORY_E;
+ break;
+ }
+
+ tmps[i][0] = ASN_INTEGER;
+ sizes[i] = SetLength(rawLen, tmps[i] + 1) + 1 + lbit; /* tag & lbit */
+
+ if (sizes[i] <= MAX_SEQ_SZ) {
+ /* leading zero */
+ if (lbit)
+ tmps[i][sizes[i]-1] = 0x00;
+
+ err = mp_to_unsigned_bin(keyInt, tmps[i] + sizes[i]);
+ if (err == MP_OKAY) {
+ sizes[i] += (rawLen-lbit); /* lbit included in rawLen */
+ intTotalLen += sizes[i];
+ }
+ else {
+ ret = err;
+ break;
+ }
+ }
+ else {
+ ret = ASN_INPUT_E;
+ break;
+ }
+ }
+
+ if (ret != 0) {
+ FreeTmpDsas(tmps);
+ return ret;
+ }
+
+ /* make headers */
+ verSz = SetMyVersion(0, ver, FALSE);
+ seqSz = SetSequence(verSz + intTotalLen, seq);
+
+ outLen = seqSz + verSz + intTotalLen;
+ if (outLen > (int)inLen)
+ return BAD_FUNC_ARG;
+
+ /* write to output */
+ XMEMCPY(output, seq, seqSz);
+ j = seqSz;
+ XMEMCPY(output + j, ver, verSz);
+ j += verSz;
+
+ for (i = 0; i < DSA_INTS; i++) {
+ XMEMCPY(output + j, tmps[i], sizes[i]);
+ j += sizes[i];
+ }
+ FreeTmpDsas(tmps);
+
+ return outLen;
+}
+
#endif /* NO_DSA */
@@ -1425,6 +1543,7 @@ void InitDecodedCert(DecodedCert* cert, byte* source, word32 inSz, void* heap)
cert->subjectCNLen = 0;
cert->subjectCNEnc = CTC_UTF8;
cert->subjectCNStored = 0;
+ cert->weOwnAltNames = 0;
cert->altNames = NULL;
#ifndef IGNORE_NAME_CONSTRAINTS
cert->altEmailNames = NULL;
@@ -1446,9 +1565,9 @@ void InitDecodedCert(DecodedCert* cert, byte* source, word32 inSz, void* heap)
cert->extAuthInfoSz = 0;
cert->extCrlInfo = NULL;
cert->extCrlInfoSz = 0;
- XMEMSET(cert->extSubjKeyId, 0, SHA_SIZE);
+ XMEMSET(cert->extSubjKeyId, 0, KEYID_SIZE);
cert->extSubjKeyIdSet = 0;
- XMEMSET(cert->extAuthKeyId, 0, SHA_SIZE);
+ XMEMSET(cert->extAuthKeyId, 0, KEYID_SIZE);
cert->extAuthKeyIdSet = 0;
cert->extKeyUsageSet = 0;
cert->extKeyUsage = 0;
@@ -1563,7 +1682,7 @@ void FreeDecodedCert(DecodedCert* cert)
XFREE(cert->subjectCN, cert->heap, DYNAMIC_TYPE_SUBJECT_CN);
if (cert->pubKeyStored == 1)
XFREE(cert->publicKey, cert->heap, DYNAMIC_TYPE_PUBLIC_KEY);
- if (cert->altNames)
+ if (cert->weOwnAltNames && cert->altNames)
FreeAltNames(cert->altNames, cert->heap);
#ifndef IGNORE_NAME_CONSTRAINTS
if (cert->altEmailNames)
@@ -1755,7 +1874,7 @@ static int GetKey(DecodedCert* cert)
#ifdef WOLFSSL_SMALL_STACK
keyBlob = (byte*)XMALLOC(MAX_NTRU_KEY_SZ, NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
+ DYNAMIC_TYPE_TMP_BUFFER);
if (keyBlob == NULL)
return MEMORY_E;
#endif
@@ -1851,11 +1970,11 @@ static int GetKey(DecodedCert* cert)
/* process NAME, either issuer or subject */
static int GetName(DecodedCert* cert, int nameType)
{
- Sha sha; /* MUST have SHA-1 hash for cert names */
int length; /* length of all distinguished names */
int dummy;
int ret;
- char* full = (nameType == ISSUER) ? cert->issuer : cert->subject;
+ char* full;
+ byte* hash;
word32 idx;
#ifdef OPENSSL_EXTRA
DecodedName* dName =
@@ -1864,6 +1983,15 @@ static int GetName(DecodedCert* cert, int nameType)
WOLFSSL_MSG("Getting Cert Name");
+ if (nameType == ISSUER) {
+ full = cert->issuer;
+ hash = cert->issuerHash;
+ }
+ else {
+ full = cert->subject;
+ hash = cert->subjectHash;
+ }
+
if (cert->source[cert->srcIdx] == ASN_OBJECT_ID) {
WOLFSSL_MSG("Trying optional prefix...");
@@ -1881,14 +2009,13 @@ static int GetName(DecodedCert* cert, int nameType)
if (GetSequence(cert->source, &cert->srcIdx, &length, cert->maxIdx) < 0)
return ASN_PARSE_E;
- ret = wc_InitSha(&sha);
+#ifdef NO_SHA
+ ret = wc_Sha256Hash(&cert->source[idx], length + cert->srcIdx - idx, hash);
+#else
+ ret = wc_ShaHash(&cert->source[idx], length + cert->srcIdx - idx, hash);
+#endif
if (ret != 0)
return ret;
- wc_ShaUpdate(&sha, &cert->source[idx], length + cert->srcIdx - idx);
- if (nameType == ISSUER)
- wc_ShaFinal(&sha, cert->issuerHash);
- else
- wc_ShaFinal(&sha, cert->subjectHash);
length += cert->srcIdx;
idx = 0;
@@ -2619,7 +2746,7 @@ WOLFSSL_LOCAL word32 SetExplicit(byte number, word32 len, byte* output)
#if defined(HAVE_ECC) && (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN))
-static word32 SetCurve(ecc_key* key, byte* output)
+static int SetCurve(ecc_key* key, byte* output)
{
/* curve types */
@@ -2930,12 +3057,13 @@ WOLFSSL_LOCAL word32 SetAlgoID(int algoOID, byte* output, int type, int curveSz)
}
-word32 wc_EncodeSignature(byte* out, const byte* digest, word32 digSz, int hashOID)
+word32 wc_EncodeSignature(byte* out, const byte* digest, word32 digSz,
+ int hashOID)
{
byte digArray[MAX_ENCODED_DIG_SZ];
byte algoArray[MAX_ALGO_SZ];
byte seqArray[MAX_SEQ_SZ];
- word32 encDigSz, algoSz, seqSz;
+ word32 encDigSz, algoSz, seqSz;
encDigSz = SetDigest(digest, digSz, digArray);
algoSz = SetAlgoID(hashOID, algoArray, hashType, 0);
@@ -3238,7 +3366,7 @@ static int ConfirmSignature(const byte* buf, word32 bufSz,
#ifndef IGNORE_NAME_CONSTRAINTS
static int MatchBaseName(int type, const char* name, int nameSz,
- const char* base, int baseSz)
+ const char* base, int baseSz)
{
if (base == NULL || baseSz <= 0 || name == NULL || nameSz <= 0 ||
name[0] == '.' || nameSz < baseSz ||
@@ -3416,6 +3544,8 @@ static int DecodeAltNames(byte* input, int sz, DecodedCert* cert)
return ASN_PARSE_E;
}
+ cert->weOwnAltNames = 1;
+
while (length > 0) {
byte b = input[idx++];
@@ -3807,19 +3937,18 @@ static int DecodeAuthKeyId(byte* input, int sz, DecodedCert* cert)
cert->extAuthKeyIdSz = length;
#endif /* OPENSSL_EXTRA */
- if (length == SHA_SIZE) {
+ if (length == KEYID_SIZE) {
XMEMCPY(cert->extAuthKeyId, input + idx, length);
}
else {
- Sha sha;
- ret = wc_InitSha(&sha);
- if (ret != 0)
- return ret;
- wc_ShaUpdate(&sha, input + idx, length);
- wc_ShaFinal(&sha, cert->extAuthKeyId);
+ #ifdef NO_SHA
+ ret = wc_Sha256Hash(input + idx, length, cert->extAuthKeyId);
+ #else
+ ret = wc_ShaHash(input + idx, length, cert->extAuthKeyId);
+ #endif
}
- return 0;
+ return ret;
}
@@ -3849,12 +3978,11 @@ static int DecodeSubjKeyId(byte* input, int sz, DecodedCert* cert)
XMEMCPY(cert->extSubjKeyId, input + idx, length);
}
else {
- Sha sha;
- ret = wc_InitSha(&sha);
- if (ret != 0)
- return ret;
- wc_ShaUpdate(&sha, input + idx, length);
- wc_ShaFinal(&sha, cert->extSubjKeyId);
+ #ifdef NO_SHA
+ ret = wc_Sha256Hash(input + idx, length, cert->extSubjKeyId);
+ #else
+ ret = wc_ShaHash(input + idx, length, cert->extSubjKeyId);
+ #endif
}
return ret;
@@ -4351,12 +4479,15 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm)
#ifndef NO_SKID
if (cert->extSubjKeyIdSet == 0
&& cert->publicKey != NULL && cert->pubKeySize > 0) {
- Sha sha;
- ret = wc_InitSha(&sha);
+ #ifdef NO_SHA
+ ret = wc_Sha256Hash(cert->publicKey, cert->pubKeySize,
+ cert->extSubjKeyId);
+ #else
+ ret = wc_ShaHash(cert->publicKey, cert->pubKeySize,
+ cert->extSubjKeyId);
+ #endif
if (ret != 0)
return ret;
- wc_ShaUpdate(&sha, cert->publicKey, cert->pubKeySize);
- wc_ShaFinal(&sha, cert->extSubjKeyId);
}
#endif
@@ -4375,14 +4506,15 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm)
if (ca) {
#ifdef HAVE_OCSP
/* Need the ca's public key hash for OCSP */
- {
- Sha sha;
- ret = wc_InitSha(&sha);
- if (ret != 0)
- return ret;
- wc_ShaUpdate(&sha, ca->publicKey, ca->pubKeySize);
- wc_ShaFinal(&sha, cert->issuerKeyHash);
- }
+ #ifdef NO_SHA
+ ret = wc_Sha256Hash(ca->publicKey, ca->pubKeySize,
+ cert->issuerKeyHash);
+ #else /* NO_SHA */
+ ret = wc_ShaHash(ca->publicKey, ca->pubKeySize,
+ cert->issuerKeyHash);
+ #endif /* NO_SHA */
+ if (ret != 0)
+ return ret;
#endif /* HAVE_OCSP */
/* try to confirm/verify signature */
if (!ConfirmSignature(cert->source + cert->certBegin,
@@ -4520,24 +4652,49 @@ WOLFSSL_LOCAL int SetSerialNumber(const byte* sn, word32 snSz, byte* output)
+const char* BEGIN_CERT = "-----BEGIN CERTIFICATE-----";
+const char* END_CERT = "-----END CERTIFICATE-----";
+const char* BEGIN_CERT_REQ = "-----BEGIN CERTIFICATE REQUEST-----";
+const char* END_CERT_REQ = "-----END CERTIFICATE REQUEST-----";
+const char* BEGIN_DH_PARAM = "-----BEGIN DH PARAMETERS-----";
+const char* END_DH_PARAM = "-----END DH PARAMETERS-----";
+const char* BEGIN_X509_CRL = "-----BEGIN X509 CRL-----";
+const char* END_X509_CRL = "-----END X509 CRL-----";
+const char* BEGIN_RSA_PRIV = "-----BEGIN RSA PRIVATE KEY-----";
+const char* END_RSA_PRIV = "-----END RSA PRIVATE KEY-----";
+const char* BEGIN_PRIV_KEY = "-----BEGIN PRIVATE KEY-----";
+const char* END_PRIV_KEY = "-----END PRIVATE KEY-----";
+const char* BEGIN_ENC_PRIV_KEY = "-----BEGIN ENCRYPTED PRIVATE KEY-----";
+const char* END_ENC_PRIV_KEY = "-----END ENCRYPTED PRIVATE KEY-----";
+const char* BEGIN_EC_PRIV = "-----BEGIN EC PRIVATE KEY-----";
+const char* END_EC_PRIV = "-----END EC PRIVATE KEY-----";
+const char* BEGIN_DSA_PRIV = "-----BEGIN DSA PRIVATE KEY-----";
+const char* END_DSA_PRIV = "-----END DSA PRIVATE KEY-----";
#if defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN)
+/* Used for compatibility API */
+int wc_DerToPem(const byte* der, word32 derSz,
+ byte* output, word32 outSz, int type)
+{
+ return wc_DerToPemEx(der, derSz, output, outSz, NULL, type);
+}
+
/* convert der buffer to pem into output, can't do inplace, der and output
need to be different */
-int wc_DerToPem(const byte* der, word32 derSz, byte* output, word32 outSz,
- int type)
+int wc_DerToPemEx(const byte* der, word32 derSz, byte* output, word32 outSz,
+ byte *cipher_info, int type)
{
#ifdef WOLFSSL_SMALL_STACK
char* header = NULL;
char* footer = NULL;
#else
- char header[80];
- char footer[80];
+ char header[40 + HEADER_ENCRYPTED_KEY_SIZE];
+ char footer[40];
#endif
- int headerLen = 80;
- int footerLen = 80;
+ int headerLen = 40 + HEADER_ENCRYPTED_KEY_SIZE;
+ int footerLen = 40;
int i;
int err;
int outLen; /* return length or error */
@@ -4549,36 +4706,55 @@ int wc_DerToPem(const byte* der, word32 derSz, byte* output, word32 outSz,
header = (char*)XMALLOC(headerLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (header == NULL)
return MEMORY_E;
-
+
footer = (char*)XMALLOC(footerLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (footer == NULL) {
XFREE(header, NULL, DYNAMIC_TYPE_TMP_BUFFER);
return MEMORY_E;
}
#endif
-
if (type == CERT_TYPE) {
- XSTRNCPY(header, "-----BEGIN CERTIFICATE-----\n", headerLen);
- XSTRNCPY(footer, "-----END CERTIFICATE-----\n", footerLen);
+ XSTRNCPY(header, BEGIN_CERT, headerLen);
+ XSTRNCAT(header, "\n", 1);
+
+ XSTRNCPY(footer, END_CERT, footerLen);
+ XSTRNCAT(footer, "\n", 1);
}
else if (type == PRIVATEKEY_TYPE) {
- XSTRNCPY(header, "-----BEGIN RSA PRIVATE KEY-----\n", headerLen);
- XSTRNCPY(footer, "-----END RSA PRIVATE KEY-----\n", footerLen);
+ XSTRNCPY(header, BEGIN_RSA_PRIV, headerLen);
+ XSTRNCAT(header, "\n", 1);
+
+ XSTRNCPY(footer, END_RSA_PRIV, footerLen);
+ XSTRNCAT(footer, "\n", 1);
}
- #ifdef HAVE_ECC
+#ifndef NO_DSA
+ else if (type == DSA_PRIVATEKEY_TYPE) {
+ XSTRNCPY(header, BEGIN_DSA_PRIV, headerLen);
+ XSTRNCAT(header, "\n", 1);
+
+ XSTRNCPY(footer, END_DSA_PRIV, footerLen);
+ XSTRNCAT(footer, "\n", 1);
+ }
+#endif
+#ifdef HAVE_ECC
else if (type == ECC_PRIVATEKEY_TYPE) {
- XSTRNCPY(header, "-----BEGIN EC PRIVATE KEY-----\n", headerLen);
- XSTRNCPY(footer, "-----END EC PRIVATE KEY-----\n", footerLen);
+ XSTRNCPY(header, BEGIN_EC_PRIV, headerLen);
+ XSTRNCAT(header, "\n", 1);
+
+ XSTRNCPY(footer, END_EC_PRIV, footerLen);
+ XSTRNCAT(footer, "\n", 1);
}
- #endif
- #ifdef WOLFSSL_CERT_REQ
+#endif
+#ifdef WOLFSSL_CERT_REQ
else if (type == CERTREQ_TYPE)
{
- XSTRNCPY(header,
- "-----BEGIN CERTIFICATE REQUEST-----\n", headerLen);
- XSTRNCPY(footer, "-----END CERTIFICATE REQUEST-----\n", footerLen);
+ XSTRNCPY(header, BEGIN_CERT_REQ, headerLen);
+ XSTRNCAT(header, "\n", 1);
+
+ XSTRNCPY(footer, END_CERT_REQ, footerLen);
+ XSTRNCAT(footer, "\n", 1);
}
- #endif
+#endif
else {
#ifdef WOLFSSL_SMALL_STACK
XFREE(header, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -4587,6 +4763,14 @@ int wc_DerToPem(const byte* der, word32 derSz, byte* output, word32 outSz,
return BAD_FUNC_ARG;
}
+ /* extra header information for encrypted key */
+ if (cipher_info != NULL) {
+ XSTRNCAT(header, "Proc-Type: 4,ENCRYPTED\n", 23);
+ XSTRNCAT(header, "DEK-Info: ", 10);
+ XSTRNCAT(header, (char*)cipher_info, XSTRLEN((char*)cipher_info));
+ XSTRNCAT(header, "\n\n", 2);
+ }
+
headerLen = (int)XSTRLEN(header);
footerLen = (int)XSTRLEN(footer);
@@ -4641,7 +4825,6 @@ int wc_DerToPem(const byte* der, word32 derSz, byte* output, word32 outSz,
return outLen + headerLen + footerLen;
}
-
#endif /* WOLFSSL_KEY_GEN || WOLFSSL_CERT_GEN */
@@ -4689,7 +4872,7 @@ int wc_RsaKeyToDer(RsaKey* key, byte* output, word32 inLen)
{
word32 seqSz, verSz, rawLen, intTotalLen = 0;
word32 sizes[RSA_INTS];
- int i, j, outLen, ret = 0;
+ int i, j, outLen, ret = 0, lbit;
byte seq[MAX_SEQ_SZ];
byte ver[MAX_VERSION_SZ];
@@ -4707,7 +4890,15 @@ int wc_RsaKeyToDer(RsaKey* key, byte* output, word32 inLen)
/* write all big ints from key to DER tmps */
for (i = 0; i < RSA_INTS; i++) {
mp_int* keyInt = GetRsaInt(key, i);
- rawLen = mp_unsigned_bin_size(keyInt);
+
+ /* leading zero */
+ if ((mp_count_bits(keyInt) & 7) == 0 || mp_iszero(keyInt) == MP_YES)
+ lbit = 1;
+ else
+ lbit = 0;
+
+ rawLen = mp_unsigned_bin_size(keyInt) + lbit;
+
tmps[i] = (byte*)XMALLOC(rawLen + MAX_SEQ_SZ, key->heap,
DYNAMIC_TYPE_RSA);
if (tmps[i] == NULL) {
@@ -4716,12 +4907,18 @@ int wc_RsaKeyToDer(RsaKey* key, byte* output, word32 inLen)
}
tmps[i][0] = ASN_INTEGER;
- sizes[i] = SetLength(rawLen, tmps[i] + 1) + 1; /* int tag */
+ sizes[i] = SetLength(rawLen, tmps[i] + 1) + 1 + lbit; /* tag & lbit */
if (sizes[i] <= MAX_SEQ_SZ) {
- int err = mp_to_unsigned_bin(keyInt, tmps[i] + sizes[i]);
+ int err;
+
+ /* leading zero */
+ if (lbit)
+ tmps[i][sizes[i]-1] = 0x00;
+
+ err = mp_to_unsigned_bin(keyInt, tmps[i] + sizes[i]);
if (err == MP_OKAY) {
- sizes[i] += rawLen;
+ sizes[i] += (rawLen-lbit); /* lbit included in rawLen */
intTotalLen += sizes[i];
}
else {
@@ -4769,14 +4966,15 @@ int wc_RsaKeyToDer(RsaKey* key, byte* output, word32 inLen)
#if defined(WOLFSSL_CERT_GEN) && !defined(NO_RSA)
-#ifndef min
+#ifndef WOLFSSL_HAVE_MIN
+#define WOLFSSL_HAVE_MIN
static INLINE word32 min(word32 a, word32 b)
{
return a > b ? b : a;
}
-#endif /* min */
+#endif /* WOLFSSL_HAVE_MIN */
/* Initialize and Set Certficate defaults:
@@ -5556,7 +5754,7 @@ static int SetName(byte* output, CertName* name)
/* encode info from cert into DER encoded format */
static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
- RNG* rng, const byte* ntruKey, word16 ntruSz)
+ WC_RNG* rng, const byte* ntruKey, word16 ntruSz)
{
int ret;
@@ -5728,7 +5926,7 @@ static int WriteCertBody(DerCert* der, byte* buffer)
/* Make RSA signature from buffer (sz), write to sig (sigSz) */
static int MakeSignature(const byte* buffer, int sz, byte* sig, int sigSz,
- RsaKey* rsaKey, ecc_key* eccKey, RNG* rng,
+ RsaKey* rsaKey, ecc_key* eccKey, WC_RNG* rng,
int sigAlgoType)
{
int encSigSz, digestSz, typeH = 0, ret = 0;
@@ -5853,7 +6051,7 @@ static int AddSignature(byte* buffer, int bodySz, const byte* sig, int sigSz,
/* Make an x509 Certificate v3 any key type from cert input, write to buffer */
static int MakeAnyCert(Cert* cert, byte* derBuffer, word32 derSz,
- RsaKey* rsaKey, ecc_key* eccKey, RNG* rng,
+ RsaKey* rsaKey, ecc_key* eccKey, WC_RNG* rng,
const byte* ntruKey, word16 ntruSz)
{
int ret;
@@ -5890,7 +6088,7 @@ static int MakeAnyCert(Cert* cert, byte* derBuffer, word32 derSz,
/* Make an x509 Certificate v3 RSA or ECC from cert input, write to buffer */
int wc_MakeCert(Cert* cert, byte* derBuffer, word32 derSz, RsaKey* rsaKey,
- ecc_key* eccKey, RNG* rng)
+ ecc_key* eccKey, WC_RNG* rng)
{
return MakeAnyCert(cert, derBuffer, derSz, rsaKey, eccKey, rng, NULL, 0);
}
@@ -5899,7 +6097,7 @@ int wc_MakeCert(Cert* cert, byte* derBuffer, word32 derSz, RsaKey* rsaKey,
#ifdef HAVE_NTRU
int wc_MakeNtruCert(Cert* cert, byte* derBuffer, word32 derSz,
- const byte* ntruKey, word16 keySz, RNG* rng)
+ const byte* ntruKey, word16 keySz, WC_RNG* rng)
{
return MakeAnyCert(cert, derBuffer, derSz, NULL, NULL, rng, ntruKey, keySz);
}
@@ -6115,7 +6313,7 @@ int wc_MakeCertReq(Cert* cert, byte* derBuffer, word32 derSz,
int wc_SignCert(int requestSz, int sType, byte* buffer, word32 buffSz,
- RsaKey* rsaKey, ecc_key* eccKey, RNG* rng)
+ RsaKey* rsaKey, ecc_key* eccKey, WC_RNG* rng)
{
int sigSz;
#ifdef WOLFSSL_SMALL_STACK
@@ -6151,14 +6349,16 @@ int wc_SignCert(int requestSz, int sType, byte* buffer, word32 buffSz,
}
-int wc_MakeSelfCert(Cert* cert, byte* buffer, word32 buffSz, RsaKey* key, RNG* rng)
+int wc_MakeSelfCert(Cert* cert, byte* buffer, word32 buffSz,
+ RsaKey* key, WC_RNG* rng)
{
int ret = wc_MakeCert(cert, buffer, buffSz, key, NULL, rng);
if (ret < 0)
return ret;
- return wc_SignCert(cert->bodySz, cert->sigType, buffer, buffSz, key, NULL,rng);
+ return wc_SignCert(cert->bodySz, cert->sigType,
+ buffer, buffSz, key, NULL, rng);
}
@@ -6592,8 +6792,8 @@ int wc_EccPrivateKeyDecode(const byte* input, word32* inOutIdx, ecc_key* key,
byte* priv;
byte* pub;
#else
- byte priv[ECC_MAXSIZE];
- byte pub[ECC_MAXSIZE * 2 + 1]; /* public key has two parts plus header */
+ byte priv[ECC_MAXSIZE+1];
+ byte pub[2*(ECC_MAXSIZE+1)]; /* public key has two parts plus header */
#endif
if (input == NULL || inOutIdx == NULL || key == NULL || inSz == 0)
@@ -6619,11 +6819,11 @@ int wc_EccPrivateKeyDecode(const byte* input, word32* inOutIdx, ecc_key* key,
return BUFFER_E;
#ifdef WOLFSSL_SMALL_STACK
- priv = (byte*)XMALLOC(ECC_MAXSIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ priv = (byte*)XMALLOC(ECC_MAXSIZE+1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (priv == NULL)
return MEMORY_E;
- pub = (byte*)XMALLOC(ECC_MAXSIZE * 2 + 1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ pub = (byte*)XMALLOC(2*(ECC_MAXSIZE+1), NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (pub == NULL) {
XFREE(priv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
return MEMORY_E;
@@ -6696,7 +6896,7 @@ int wc_EccPrivateKeyDecode(const byte* input, word32* inOutIdx, ecc_key* key,
else {
/* pub key */
pubSz = length - 1; /* null prefix */
- if (pubSz < (ECC_MAXSIZE*2 + 1)) {
+ if (pubSz < 2*(ECC_MAXSIZE+1)) {
XMEMCPY(pub, &input[*inOutIdx], pubSz);
*inOutIdx += length;
ret = wc_ecc_import_private_key(priv, privSz, pub, pubSz,
@@ -6722,84 +6922,109 @@ int wc_EccPrivateKeyDecode(const byte* input, word32* inOutIdx, ecc_key* key,
/* Write a Private ecc key to DER format, length on success else < 0 */
int wc_EccKeyToDer(ecc_key* key, byte* output, word32 inLen)
{
- byte curve[MAX_ALGO_SZ];
+ byte curve[MAX_ALGO_SZ+2];
byte ver[MAX_VERSION_SZ];
byte seq[MAX_SEQ_SZ];
- int ret;
- int curveSz;
- int verSz;
+ byte *prv, *pub;
+ int ret, totalSz, curveSz, verSz;
int privHdrSz = ASN_ECC_HEADER_SZ;
int pubHdrSz = ASN_ECC_CONTEXT_SZ + ASN_ECC_HEADER_SZ;
- int curveHdrSz = ASN_ECC_CONTEXT_SZ;
- word32 seqSz;
- word32 idx = 0;
- word32 pubSz = ECC_BUFSIZE;
- word32 privSz;
- word32 totalSz;
+
+ word32 idx = 0, prvidx = 0, pubidx = 0, curveidx = 0;
+ word32 seqSz, privSz, pubSz = ECC_BUFSIZE;
if (key == NULL || output == NULL || inLen == 0)
return BAD_FUNC_ARG;
- ret = wc_ecc_export_x963(key, NULL, &pubSz);
- if (ret != LENGTH_ONLY_E) {
+ /* curve */
+ curve[curveidx++] = ECC_PREFIX_0;
+ curveidx++ /* to put the size after computation */;
+ curveSz = SetCurve(key, curve+curveidx);
+ if (curveSz < 0)
+ return curveSz;
+ /* set computed size */
+ curve[1] = (byte)curveSz;
+ curveidx += curveSz;
+
+ /* private */
+ privSz = key->dp->size;
+ prv = (byte*)XMALLOC(privSz + privHdrSz + MAX_SEQ_SZ,
+ NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ if (prv == NULL) {
+ return MEMORY_E;
+ }
+ prv[prvidx++] = ASN_OCTET_STRING;
+ prv[prvidx++] = (byte)key->dp->size;
+ ret = wc_ecc_export_private_only(key, prv + prvidx, &privSz);
+ if (ret < 0) {
+ XFREE(prv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
return ret;
}
- curveSz = SetCurve(key, curve);
- if (curveSz < 0) {
- return curveSz;
+ prvidx += privSz;
+
+ /* public */
+ ret = wc_ecc_export_x963(key, NULL, &pubSz);
+ if (ret != LENGTH_ONLY_E) {
+ XFREE(prv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ return ret;
}
- privSz = key->dp->size;
+ pub = (byte*)XMALLOC(pubSz + pubHdrSz + MAX_SEQ_SZ,
+ NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ if (pub == NULL) {
+ XFREE(prv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ return MEMORY_E;
+ }
+ pub[pubidx++] = ECC_PREFIX_1;
+ if (pubSz > 128) /* leading zero + extra size byte */
+ pubidx += SetLength(pubSz + ASN_ECC_CONTEXT_SZ + 2, pub+pubidx);
+ else /* leading zero */
+ pubidx += SetLength(pubSz + ASN_ECC_CONTEXT_SZ + 1, pub+pubidx);
+ pub[pubidx++] = ASN_BIT_STRING;
+ pubidx += SetLength(pubSz + 1, pub+pubidx);
+ pub[pubidx++] = (byte)0; /* leading zero */
+ ret = wc_ecc_export_x963(key, pub + pubidx, &pubSz);
+ if (ret != 0) {
+ XFREE(prv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ XFREE(pub, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ return ret;
+ }
+ pubidx += pubSz;
+
+ /* make headers */
verSz = SetMyVersion(1, ver, FALSE);
- if (verSz < 0) {
- return verSz;
+ seqSz = SetSequence(verSz + prvidx + pubidx + curveidx, seq);
+
+ totalSz = prvidx + pubidx + curveidx + verSz + seqSz;
+ if (totalSz > (int)inLen) {
+ XFREE(prv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ XFREE(pub, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ return BAD_FUNC_ARG;
}
- totalSz = verSz + privSz + privHdrSz + curveSz + curveHdrSz +
- pubSz + pubHdrSz + 1; /* plus null byte b4 public */
- seqSz = SetSequence(totalSz, seq);
- totalSz += seqSz;
-
- if (totalSz > inLen) {
- return BUFFER_E;
- }
-
- /* write it out */
+ /* write out */
/* seq */
XMEMCPY(output + idx, seq, seqSz);
- idx += seqSz;
+ idx = seqSz;
- /* ver */
+ /* ver */
XMEMCPY(output + idx, ver, verSz);
idx += verSz;
/* private */
- output[idx++] = ASN_OCTET_STRING;
- output[idx++] = (byte)privSz;
- ret = wc_ecc_export_private_only(key, output + idx, &privSz);
- if (ret < 0) {
- return ret;
- }
- idx += privSz;
+ XMEMCPY(output + idx, prv, prvidx);
+ idx += prvidx;
+ XFREE(prv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
/* curve */
- output[idx++] = ECC_PREFIX_0;
- output[idx++] = (byte)curveSz;
- XMEMCPY(output + idx, curve, curveSz);
- idx += curveSz;
+ XMEMCPY(output + idx, curve, curveidx);
+ idx += curveidx;
/* public */
- output[idx++] = ECC_PREFIX_1;
- output[idx++] = (byte)pubSz + ASN_ECC_CONTEXT_SZ + 1; /* plus null byte */
- output[idx++] = ASN_BIT_STRING;
- output[idx++] = (byte)pubSz + 1; /* plus null byte */
- output[idx++] = (byte)0; /* null byte */
- ret = wc_ecc_export_x963(key, output + idx, &pubSz);
- if (ret != 0) {
- return ret;
- }
- /* idx += pubSz if do more later */
+ XMEMCPY(output + idx, pub, pubidx);
+ /* idx += pubidx; not used after write, if more data remove comment */
+ XFREE(pub, NULL, DYNAMIC_TYPE_TMP_BUFFER);
return totalSz;
}
@@ -7338,13 +7563,18 @@ int EncodeOcspRequest(OcspRequest* req)
WOLFSSL_ENTER("EncodeOcspRequest");
+#ifdef NO_SHA
+ algoSz = SetAlgoID(SHA256h, algoArray, hashType, 0);
+#else
algoSz = SetAlgoID(SHAh, algoArray, hashType, 0);
+#endif
req->issuerHash = req->cert->issuerHash;
- issuerSz = SetDigest(req->cert->issuerHash, SHA_SIZE, issuerArray);
-
+ issuerSz = SetDigest(req->cert->issuerHash, KEYID_SIZE, issuerArray);
+
req->issuerKeyHash = req->cert->issuerKeyHash;
- issuerKeySz = SetDigest(req->cert->issuerKeyHash, SHA_SIZE, issuerKeyArray);
+ issuerKeySz = SetDigest(req->cert->issuerKeyHash,
+ KEYID_SIZE, issuerKeyArray);
req->serial = req->cert->serial;
req->serialSz = req->cert->serialSz;
@@ -7352,7 +7582,7 @@ int EncodeOcspRequest(OcspRequest* req)
extSz = 0;
if (req->useNonce) {
- RNG rng;
+ WC_RNG rng;
if (wc_InitRng(&rng) != 0) {
WOLFSSL_MSG("\tCannot initialize RNG. Skipping the OSCP Nonce.");
} else {
@@ -7448,14 +7678,14 @@ int CompareOcspReqResp(OcspRequest* req, OcspResponse* resp)
}
}
- cmp = XMEMCMP(req->issuerHash, resp->issuerHash, SHA_DIGEST_SIZE);
+ cmp = XMEMCMP(req->issuerHash, resp->issuerHash, KEYID_SIZE);
if (cmp != 0)
{
WOLFSSL_MSG("\tissuerHash mismatch");
return cmp;
}
- cmp = XMEMCMP(req->issuerKeyHash, resp->issuerKeyHash, SHA_DIGEST_SIZE);
+ cmp = XMEMCMP(req->issuerKeyHash, resp->issuerKeyHash, KEYID_SIZE);
if (cmp != 0)
{
WOLFSSL_MSG("\tissuerKeyHash mismatch");
@@ -7482,13 +7712,12 @@ int CompareOcspReqResp(OcspRequest* req, OcspResponse* resp)
#endif
-/* store SHA1 hash of NAME */
+/* store SHA hash of NAME */
WOLFSSL_LOCAL int GetNameHash(const byte* source, word32* idx, byte* hash,
int maxIdx)
{
- Sha sha;
int length; /* length of all distinguished names */
- int ret = 0;
+ int ret;
word32 dummy;
WOLFSSL_ENTER("GetNameHash");
@@ -7510,15 +7739,15 @@ WOLFSSL_LOCAL int GetNameHash(const byte* source, word32* idx, byte* hash,
if (GetSequence(source, idx, &length, maxIdx) < 0)
return ASN_PARSE_E;
- ret = wc_InitSha(&sha);
- if (ret != 0)
- return ret;
- wc_ShaUpdate(&sha, source + dummy, length + *idx - dummy);
- wc_ShaFinal(&sha, hash);
+#ifdef NO_SHA
+ ret = wc_Sha256Hash(source + dummy, length + *idx - dummy, hash);
+#else
+ ret = wc_ShaHash(source + dummy, length + *idx - dummy, hash);
+#endif
*idx += length;
- return 0;
+ return ret;
}
diff --git a/wolfcrypt/src/chacha.c b/wolfcrypt/src/chacha.c
index 25e42a1d4..26972906b 100644
--- a/wolfcrypt/src/chacha.c
+++ b/wolfcrypt/src/chacha.c
@@ -78,10 +78,6 @@
int wc_Chacha_SetIV(ChaCha* ctx, const byte* inIv, word32 counter)
{
word32 temp[3]; /* used for alignment of memory */
- XMEMSET(temp, 0, 12);
-
- if (ctx == NULL)
- return BAD_FUNC_ARG;
#ifdef CHACHA_AEAD_TEST
word32 i;
@@ -92,12 +88,15 @@ int wc_Chacha_SetIV(ChaCha* ctx, const byte* inIv, word32 counter)
printf("\n\n");
#endif
+ if (ctx == NULL)
+ return BAD_FUNC_ARG;
+
XMEMCPY(temp, inIv, 12);
- ctx->X[12] = counter; /* block counter */
- ctx->X[13] = temp[0]; /* fixed variable from nonce */
- ctx->X[14] = temp[1]; /* counter from nonce */
- ctx->X[15] = temp[2]; /* counter from nonce */
+ ctx->X[12] = counter; /* block counter */
+ ctx->X[13] = LITTLE32(temp[0]); /* fixed variable from nonce */
+ ctx->X[14] = LITTLE32(temp[1]); /* counter from nonce */
+ ctx->X[15] = LITTLE32(temp[2]); /* counter from nonce */
return 0;
}
@@ -115,14 +114,20 @@ int wc_Chacha_SetKey(ChaCha* ctx, const byte* key, word32 keySz)
const word32* constants;
const byte* k;
+#ifdef XSTREAM_ALIGN
+ word32 alignKey[8];
+#endif
+
if (ctx == NULL)
return BAD_FUNC_ARG;
+ if (keySz != 16 && keySz != 32)
+ return BAD_FUNC_ARG;
+
#ifdef XSTREAM_ALIGN
- word32 alignKey[keySz / 4];
if ((wolfssl_word)key % 4) {
WOLFSSL_MSG("wc_ChachaSetKey unaligned key");
- XMEMCPY(alignKey, key, sizeof(alignKey));
+ XMEMCPY(alignKey, key, keySz);
k = (byte*)alignKey;
}
else {
@@ -152,20 +157,16 @@ int wc_Chacha_SetKey(ChaCha* ctx, const byte* key, word32 keySz)
constants = sigma;
}
else {
- /* key size of 128 */
- if (keySz != 16)
- return BAD_FUNC_ARG;
-
constants = tau;
}
ctx->X[ 8] = U8TO32_LITTLE(k + 0);
ctx->X[ 9] = U8TO32_LITTLE(k + 4);
ctx->X[10] = U8TO32_LITTLE(k + 8);
ctx->X[11] = U8TO32_LITTLE(k + 12);
- ctx->X[ 0] = U8TO32_LITTLE(constants + 0);
- ctx->X[ 1] = U8TO32_LITTLE(constants + 1);
- ctx->X[ 2] = U8TO32_LITTLE(constants + 2);
- ctx->X[ 3] = U8TO32_LITTLE(constants + 3);
+ ctx->X[ 0] = constants[0];
+ ctx->X[ 1] = constants[1];
+ ctx->X[ 2] = constants[2];
+ ctx->X[ 3] = constants[3];
return 0;
}
diff --git a/wolfcrypt/src/coding.c b/wolfcrypt/src/coding.c
index 6ead79caf..c631d2960 100644
--- a/wolfcrypt/src/coding.c
+++ b/wolfcrypt/src/coding.c
@@ -150,7 +150,7 @@ const byte base64Encode[] = { 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J',
/* make sure *i (idx) won't exceed max, store and possibly escape to out,
* raw means use e w/o decode, 0 on success */
static int CEscape(int escaped, byte e, byte* out, word32* i, word32 max,
- int raw)
+ int raw, int getSzOnly)
{
int doEscape = 0;
word32 needed = 1;
@@ -166,8 +166,8 @@ static int CEscape(int escaped, byte e, byte* out, word32* i, word32 max,
else
basic = base64Encode[e];
- /* check whether to escape */
- if (escaped) {
+ /* check whether to escape. Only escape for EncodeEsc */
+ if (escaped == WC_ESC_NL_ENC) {
switch ((char)basic) {
case '+' :
plus = 1;
@@ -191,31 +191,37 @@ static int CEscape(int escaped, byte e, byte* out, word32* i, word32 max,
}
/* check size */
- if ( (idx+needed) > max) {
+ if ( (idx+needed) > max && !getSzOnly) {
WOLFSSL_MSG("Escape buffer max too small");
return BUFFER_E;
}
/* store it */
if (doEscape == 0) {
- out[idx++] = basic;
+ if(getSzOnly)
+ idx++;
+ else
+ out[idx++] = basic;
}
else {
- out[idx++] = '%'; /* start escape */
+ if(getSzOnly)
+ idx+=3;
+ else {
+ out[idx++] = '%'; /* start escape */
- if (plus) {
- out[idx++] = '2';
- out[idx++] = 'B';
+ if (plus) {
+ out[idx++] = '2';
+ out[idx++] = 'B';
+ }
+ else if (equals) {
+ out[idx++] = '3';
+ out[idx++] = 'D';
+ }
+ else if (newline) {
+ out[idx++] = '0';
+ out[idx++] = 'A';
+ }
}
- else if (equals) {
- out[idx++] = '3';
- out[idx++] = 'D';
- }
- else if (newline) {
- out[idx++] = '0';
- out[idx++] = 'A';
- }
-
}
*i = idx;
@@ -223,7 +229,8 @@ static int CEscape(int escaped, byte e, byte* out, word32* i, word32 max,
}
-/* internal worker, handles both escaped and normal line endings */
+/* internal worker, handles both escaped and normal line endings.
+ If out buffer is NULL, will return sz needed in outLen */
static int DoBase64_Encode(const byte* in, word32 inLen, byte* out,
word32* outLen, int escaped)
{
@@ -232,18 +239,23 @@ static int DoBase64_Encode(const byte* in, word32 inLen, byte* out,
j = 0,
n = 0; /* new line counter */
+ int getSzOnly = (out == NULL);
+
word32 outSz = (inLen + 3 - 1) / 3 * 4;
word32 addSz = (outSz + PEM_LINE_SZ - 1) / PEM_LINE_SZ; /* new lines */
- if (escaped)
+ if (escaped == WC_ESC_NL_ENC)
addSz *= 3; /* instead of just \n, we're doing %0A triplet */
+ else if (escaped == WC_NO_NL_ENC)
+ addSz = 0; /* encode without \n */
outSz += addSz;
/* if escaped we can't predetermine size for one pass encoding, but
- * make sure we have enough if no escapes are in input */
- if (outSz > *outLen) return BAD_FUNC_ARG;
-
+ * make sure we have enough if no escapes are in input
+ * Also need to ensure outLen valid before dereference */
+ if (!outLen || (outSz > *outLen && !getSzOnly)) return BAD_FUNC_ARG;
+
while (inLen > 2) {
byte b1 = in[j++];
byte b2 = in[j++];
@@ -256,19 +268,20 @@ static int DoBase64_Encode(const byte* in, word32 inLen, byte* out,
byte e4 = b3 & 0x3F;
/* store */
- ret = CEscape(escaped, e1, out, &i, *outLen, 0);
+ ret = CEscape(escaped, e1, out, &i, *outLen, 0, getSzOnly);
if (ret != 0) break;
- ret = CEscape(escaped, e2, out, &i, *outLen, 0);
+ ret = CEscape(escaped, e2, out, &i, *outLen, 0, getSzOnly);
if (ret != 0) break;
- ret = CEscape(escaped, e3, out, &i, *outLen, 0);
+ ret = CEscape(escaped, e3, out, &i, *outLen, 0, getSzOnly);
if (ret != 0) break;
- ret = CEscape(escaped, e4, out, &i, *outLen, 0);
+ ret = CEscape(escaped, e4, out, &i, *outLen, 0, getSzOnly);
if (ret != 0) break;
inLen -= 3;
- if ((++n % (PEM_LINE_SZ / 4)) == 0 && inLen) {
- ret = CEscape(escaped, '\n', out, &i, *outLen, 1);
+ /* Insert newline after PEM_LINE_SZ, unless no \n requested */
+ if (escaped != WC_NO_NL_ENC && (++n % (PEM_LINE_SZ/4)) == 0 && inLen){
+ ret = CEscape(escaped, '\n', out, &i, *outLen, 1, getSzOnly);
if (ret != 0) break;
}
}
@@ -284,45 +297,51 @@ static int DoBase64_Encode(const byte* in, word32 inLen, byte* out,
byte e2 = (byte)(((b1 & 0x3) << 4) | (b2 >> 4));
byte e3 = (byte)((b2 & 0xF) << 2);
- ret = CEscape(escaped, e1, out, &i, *outLen, 0);
- if (ret == 0)
- ret = CEscape(escaped, e2, out, &i, *outLen, 0);
+ ret = CEscape(escaped, e1, out, &i, *outLen, 0, getSzOnly);
+ if (ret == 0)
+ ret = CEscape(escaped, e2, out, &i, *outLen, 0, getSzOnly);
if (ret == 0) {
/* third */
if (twoBytes)
- ret = CEscape(escaped, e3, out, &i, *outLen, 0);
- else
- ret = CEscape(escaped, '=', out, &i, *outLen, 1);
+ ret = CEscape(escaped, e3, out, &i, *outLen, 0, getSzOnly);
+ else
+ ret = CEscape(escaped, '=', out, &i, *outLen, 1, getSzOnly);
}
/* fourth always pad */
if (ret == 0)
- ret = CEscape(escaped, '=', out, &i, *outLen, 1);
- }
+ ret = CEscape(escaped, '=', out, &i, *outLen, 1, getSzOnly);
+ }
- if (ret == 0)
- ret = CEscape(escaped, '\n', out, &i, *outLen, 1);
+ if (ret == 0 && escaped != WC_NO_NL_ENC)
+ ret = CEscape(escaped, '\n', out, &i, *outLen, 1, getSzOnly);
- if (i != outSz && escaped == 0 && ret == 0)
- return ASN_INPUT_E;
+ if (i != outSz && escaped != 1 && ret == 0)
+ return ASN_INPUT_E;
*outLen = i;
- return ret;
+ if(ret == 0)
+ return getSzOnly ? LENGTH_ONLY_E : 0;
+ return ret;
}
/* Base64 Encode, PEM style, with \n line endings */
int Base64_Encode(const byte* in, word32 inLen, byte* out, word32* outLen)
{
- return DoBase64_Encode(in, inLen, out, outLen, 0);
+ return DoBase64_Encode(in, inLen, out, outLen, WC_STD_ENC);
}
/* Base64 Encode, with %0A esacped line endings instead of \n */
int Base64_EncodeEsc(const byte* in, word32 inLen, byte* out, word32* outLen)
{
- return DoBase64_Encode(in, inLen, out, outLen, 1);
+ return DoBase64_Encode(in, inLen, out, outLen, WC_ESC_NL_ENC);
}
+int Base64_Encode_NoNl(const byte* in, word32 inLen, byte* out, word32* outLen)
+{
+ return DoBase64_Encode(in, inLen, out, outLen, WC_NO_NL_ENC);
+}
#endif /* defined(WOLFSSL_BASE64_ENCODE) */
@@ -393,6 +412,39 @@ int Base16_Decode(const byte* in, word32 inLen, byte* out, word32* outLen)
return 0;
}
+int Base16_Encode(const byte* in, word32 inLen, byte* out, word32* outLen)
+{
+ word32 outIdx = 0;
+ word32 i;
+ byte hb, lb;
+
+ if (*outLen < (2 * inLen + 1))
+ return BAD_FUNC_ARG;
+
+ for (i = 0; i < inLen; i++) {
+ hb = in[i] >> 4;
+ lb = in[i] & 0x0f;
+
+ /* ASCII value */
+ hb += '0';
+ if (hb > '9')
+ hb += 7;
+
+ /* ASCII value */
+ lb += '0';
+ if (lb>'9')
+ lb += 7;
+
+ out[outIdx++] = hb;
+ out[outIdx++] = lb;
+ }
+
+ /* force 0 at this end */
+ out[outIdx++] = 0;
+
+ *outLen = outIdx;
+ return 0;
+}
#endif /* (OPENSSL_EXTRA) || (HAVE_WEBSERVER) || (HAVE_FIPS) */
diff --git a/wolfcrypt/src/curve25519.c b/wolfcrypt/src/curve25519.c
index 74fb53c83..56c5f04e0 100644
--- a/wolfcrypt/src/curve25519.c
+++ b/wolfcrypt/src/curve25519.c
@@ -46,160 +46,96 @@ const curve25519_set_type curve25519_sets[] = {
};
-/* internal function */
-static int curve25519(unsigned char* q, unsigned char* n, unsigned char* p)
+int wc_curve25519_make_key(WC_RNG* rng, int keysize, curve25519_key* key)
{
- unsigned char e[32];
- unsigned int i;
- fe x1;
- fe x2;
- fe z2;
- fe x3;
- fe z3;
- fe tmp0;
- fe tmp1;
- int pos;
- unsigned int swap;
- unsigned int b;
+ unsigned char basepoint[CURVE25519_KEYSIZE] = {9};
+ int ret;
- for (i = 0;i < 32;++i) e[i] = n[i];
- e[0] &= 248;
- e[31] &= 127;
- e[31] |= 64;
+ if (key == NULL || rng == NULL)
+ return BAD_FUNC_ARG;
- fe_frombytes(x1,p);
- fe_1(x2);
- fe_0(z2);
- fe_copy(x3,x1);
- fe_1(z3);
+ /* currently only a key size of 32 bytes is used */
+ if (keysize != CURVE25519_KEYSIZE)
+ return ECC_BAD_ARG_E;
- swap = 0;
- for (pos = 254;pos >= 0;--pos) {
- b = e[pos / 8] >> (pos & 7);
- b &= 1;
- swap ^= b;
- fe_cswap(x2,x3,swap);
- fe_cswap(z2,z3,swap);
- swap = b;
+ /* random number for private key */
+ ret = wc_RNG_GenerateBlock(rng, key->k.point, keysize);
+ if (ret != 0)
+ return ret;
- /* montgomery */
- fe_sub(tmp0,x3,z3);
- fe_sub(tmp1,x2,z2);
- fe_add(x2,x2,z2);
- fe_add(z2,x3,z3);
- fe_mul(z3,tmp0,x2);
- fe_mul(z2,z2,tmp1);
- fe_sq(tmp0,tmp1);
- fe_sq(tmp1,x2);
- fe_add(x3,z3,z2);
- fe_sub(z2,z3,z2);
- fe_mul(x2,tmp1,tmp0);
- fe_sub(tmp1,tmp1,tmp0);
- fe_sq(z2,z2);
- fe_mul121666(z3,tmp1);
- fe_sq(x3,x3);
- fe_add(tmp0,tmp0,z3);
- fe_mul(z3,x1,z2);
- fe_mul(z2,tmp1,tmp0);
- }
- fe_cswap(x2,x3,swap);
- fe_cswap(z2,z3,swap);
+ /* Clamp the private key */
+ key->k.point[0] &= 248;
+ key->k.point[CURVE25519_KEYSIZE-1] &= 63; /* same &=127 because |=64 after */
+ key->k.point[CURVE25519_KEYSIZE-1] |= 64;
- fe_invert(z2,z2);
- fe_mul(x2,x2,z2);
- fe_tobytes(q,x2);
+ /* compute public key */
+ ret = curve25519(key->p.point, key->k.point, basepoint);
+ if (ret != 0) {
+ ForceZero(key->k.point, keysize);
+ ForceZero(key->p.point, keysize);
+ return ret;
+ }
- return 0;
+ return ret;
}
-
-int wc_curve25519_make_key(RNG* rng, int keysize, curve25519_key* key)
-{
- unsigned char basepoint[CURVE25519_KEYSIZE] = {9};
- unsigned char n[CURVE25519_KEYSIZE];
- unsigned char p[CURVE25519_KEYSIZE];
- int i;
- int ret;
-
- if (key == NULL || rng == NULL)
- return ECC_BAD_ARG_E;
-
- /* currently only a key size of 32 bytes is used */
- if (keysize != CURVE25519_KEYSIZE)
- return ECC_BAD_ARG_E;
-
- /* get random number from RNG */
- ret = wc_RNG_GenerateBlock(rng, n, keysize);
- if (ret != 0)
- return ret;
-
- for (i = 0; i < keysize; ++i) key->k.point[i] = n[i];
- key->k.point[ 0] &= 248;
- key->k.point[31] &= 127;
- key->k.point[31] |= 64;
-
- /*compute public key*/
- ret = curve25519(p, key->k.point, basepoint);
-
- /* store keys in big endian format */
- for (i = 0; i < keysize; ++i) n[i] = key->k.point[i];
- for (i = 0; i < keysize; ++i) {
- key->p.point[keysize - i - 1] = p[i];
- key->k.point[keysize - i - 1] = n[i];
- }
-
- ForceZero(n, keysize);
- ForceZero(p, keysize);
-
- return ret;
-}
-
-
int wc_curve25519_shared_secret(curve25519_key* private_key,
curve25519_key* public_key,
byte* out, word32* outlen)
{
- unsigned char k[CURVE25519_KEYSIZE];
- unsigned char p[CURVE25519_KEYSIZE];
+ return wc_curve25519_shared_secret_ex(private_key, public_key,
+ out, outlen, EC25519_BIG_ENDIAN);
+}
+
+int wc_curve25519_shared_secret_ex(curve25519_key* private_key,
+ curve25519_key* public_key,
+ byte* out, word32* outlen, int endian)
+{
unsigned char o[CURVE25519_KEYSIZE];
int ret = 0;
- int i;
/* sanity check */
- if (private_key == NULL || public_key == NULL || out == NULL ||
- outlen == NULL)
+ if (private_key == NULL || public_key == NULL ||
+ out == NULL || outlen == NULL || *outlen < CURVE25519_KEYSIZE)
return BAD_FUNC_ARG;
/* avoid implementation fingerprinting */
- if (public_key->p.point[0] > 0x7F)
+ if (public_key->p.point[CURVE25519_KEYSIZE-1] > 0x7F)
return ECC_BAD_ARG_E;
- XMEMSET(p, 0, sizeof(p));
- XMEMSET(k, 0, sizeof(k));
- XMEMSET(out, 0, CURVE25519_KEYSIZE);
-
- for (i = 0; i < CURVE25519_KEYSIZE; ++i) {
- p[i] = public_key->p.point [CURVE25519_KEYSIZE - i - 1];
- k[i] = private_key->k.point[CURVE25519_KEYSIZE - i - 1];
+ ret = curve25519(o, private_key->k.point, public_key->p.point);
+ if (ret != 0) {
+ ForceZero(o, CURVE25519_KEYSIZE);
+ return ret;
}
- ret = curve25519(o , k, p);
+ if (endian == EC25519_BIG_ENDIAN) {
+ int i;
+ /* put shared secret key in Big Endian format */
+ for (i = 0; i < CURVE25519_KEYSIZE; i++)
+ out[i] = o[CURVE25519_KEYSIZE - i -1];
+ }
+ else /* put shared secret key in Little Endian format */
+ XMEMCPY(out, o, CURVE25519_KEYSIZE);
+
*outlen = CURVE25519_KEYSIZE;
- for (i = 0; i < CURVE25519_KEYSIZE; ++i) {
- out[i] = o[CURVE25519_KEYSIZE - i -1];
- }
-
- ForceZero(p, sizeof(p));
- ForceZero(k, sizeof(k));
ForceZero(o, sizeof(o));
return ret;
}
-
-/* curve25519 uses a serialized string for key representation */
+/* export curve25519 public key (Big endian)
+ * return 0 on success */
int wc_curve25519_export_public(curve25519_key* key, byte* out, word32* outLen)
+{
+ return wc_curve25519_export_public_ex(key, out, outLen, EC25519_BIG_ENDIAN);
+}
+
+/* export curve25519 public key (Big or Little endian)
+ * return 0 on success */
+int wc_curve25519_export_public_ex(curve25519_key* key, byte* out,
+ word32* outLen, int endian)
{
word32 keySz;
@@ -209,30 +145,59 @@ int wc_curve25519_export_public(curve25519_key* key, byte* out, word32* outLen)
/* check size of outgoing key */
keySz = wc_curve25519_size(key);
- /* copy in public key */
- XMEMCPY(out, key->p.point, keySz);
+ /* check and set outgoing key size */
+ if (*outLen < keySz) {
+ *outLen = keySz;
+ return ECC_BAD_ARG_E;
+ }
*outLen = keySz;
+ if (endian == EC25519_BIG_ENDIAN) {
+ int i;
+
+ /* read keys in Big Endian format */
+ for (i = 0; i < CURVE25519_KEYSIZE; i++)
+ out[i] = key->p.point[CURVE25519_KEYSIZE - i - 1];
+ }
+ else
+ XMEMCPY(out, key->p.point, keySz);
+
return 0;
}
-/* import curve25519 public key
- return 0 on success */
+/* import curve25519 public key (Big endian)
+ * return 0 on success */
int wc_curve25519_import_public(const byte* in, word32 inLen,
curve25519_key* key)
+{
+ return wc_curve25519_import_public_ex(in, inLen, key, EC25519_BIG_ENDIAN);
+}
+
+/* import curve25519 public key (Big or Little endian)
+ * return 0 on success */
+int wc_curve25519_import_public_ex(const byte* in, word32 inLen,
+ curve25519_key* key, int endian)
{
word32 keySz;
/* sanity check */
if (key == NULL || in == NULL)
- return ECC_BAD_ARG_E;
+ return BAD_FUNC_ARG;
/* check size of incoming keys */
keySz = wc_curve25519_size(key);
if (inLen != keySz)
return ECC_BAD_ARG_E;
- XMEMCPY(key->p.point, in, inLen);
+ if (endian == EC25519_BIG_ENDIAN) {
+ int i;
+
+ /* read keys in Big Endian format */
+ for (i = 0; i < CURVE25519_KEYSIZE; i++)
+ key->p.point[i] = in[CURVE25519_KEYSIZE - i - 1];
+ }
+ else
+ XMEMCPY(key->p.point, in, inLen);
key->dp = &curve25519_sets[0];
@@ -240,63 +205,159 @@ int wc_curve25519_import_public(const byte* in, word32 inLen,
}
-/* export curve25519 private key only raw, outLen is in/out size
- return 0 on success */
+/* export curve25519 private key only raw (Big endian)
+ * outLen is in/out size
+ * return 0 on success */
int wc_curve25519_export_private_raw(curve25519_key* key, byte* out,
word32* outLen)
+{
+ return wc_curve25519_export_private_raw_ex(key, out, outLen,
+ EC25519_BIG_ENDIAN);
+}
+
+/* export curve25519 private key only raw (Big or Little endian)
+ * outLen is in/out size
+ * return 0 on success */
+int wc_curve25519_export_private_raw_ex(curve25519_key* key, byte* out,
+ word32* outLen, int endian)
{
word32 keySz;
/* sanity check */
if (key == NULL || out == NULL || outLen == NULL)
- return ECC_BAD_ARG_E;
+ return BAD_FUNC_ARG;
+ /* check size of outgoing buffer */
keySz = wc_curve25519_size(key);
+ if (*outLen < keySz) {
+ *outLen = keySz;
+ return ECC_BAD_ARG_E;
+ }
*outLen = keySz;
- XMEMSET(out, 0, keySz);
- XMEMCPY(out, key->k.point, keySz);
+
+ if (endian == EC25519_BIG_ENDIAN) {
+ int i;
+
+ /* put the key in Big Endian format */
+ for (i = 0; i < CURVE25519_KEYSIZE; i++)
+ out[i] = key->k.point[CURVE25519_KEYSIZE - i - 1];
+ }
+ else
+ XMEMCPY(out, key->k.point, keySz);
return 0;
}
-
-/* curve25519 private key import.
- Public key to match private key needs to be imported too */
-int wc_curve25519_import_private_raw(const byte* priv, word32 privSz,
- const byte* pub, word32 pubSz, curve25519_key* key)
+/* curve25519 key pair export (Big or Little endian)
+ * return 0 on success */
+int wc_curve25519_export_key_raw(curve25519_key* key,
+ byte* priv, word32 *privSz,
+ byte* pub, word32 *pubSz)
{
- int ret = 0;
- word32 keySz;
+ return wc_curve25519_export_key_raw_ex(key, priv, privSz,
+ pub, pubSz, EC25519_BIG_ENDIAN);
+}
- /* sanity check */
- if (key == NULL || priv == NULL || pub == NULL)
- return ECC_BAD_ARG_E;
+/* curve25519 key pair export (Big or Little endian)
+ * return 0 on success */
+int wc_curve25519_export_key_raw_ex(curve25519_key* key,
+ byte* priv, word32 *privSz,
+ byte* pub, word32 *pubSz,
+ int endian)
+{
+ int ret;
- /* check size of incoming keys */
- keySz = wc_curve25519_size(key);
- if (privSz != keySz || pubSz != keySz)
- return ECC_BAD_ARG_E;
+ /* export private part */
+ ret = wc_curve25519_export_private_raw_ex(key, priv, privSz, endian);
+ if (ret != 0)
+ return ret;
- XMEMCPY(key->k.point, priv, privSz);
- XMEMCPY(key->p.point, pub, pubSz);
-
- return ret;
+ /* export public part */
+ return wc_curve25519_export_public_ex(key, pub, pubSz, endian);
}
+/* curve25519 private key import (Big endian)
+ * Public key to match private key needs to be imported too
+ * return 0 on success */
+int wc_curve25519_import_private_raw(const byte* priv, word32 privSz,
+ const byte* pub, word32 pubSz,
+ curve25519_key* key)
+{
+ return wc_curve25519_import_private_raw_ex(priv, privSz, pub, pubSz,
+ key, EC25519_BIG_ENDIAN);
+}
+
+/* curve25519 private key import (Big or Little endian)
+ * Public key to match private key needs to be imported too
+ * return 0 on success */
+int wc_curve25519_import_private_raw_ex(const byte* priv, word32 privSz,
+ const byte* pub, word32 pubSz,
+ curve25519_key* key, int endian)
+{
+ int ret;
+
+ /* import private part */
+ ret = wc_curve25519_import_private_ex(priv, privSz, key, endian);
+ if (ret != 0)
+ return ret;
+
+ /* import public part */
+ return wc_curve25519_import_public_ex(pub, pubSz, key, endian);
+}
+
+/* curve25519 private key import only. (Big endian)
+ * return 0 on success */
+int wc_curve25519_import_private(const byte* priv, word32 privSz,
+ curve25519_key* key)
+{
+ return wc_curve25519_import_private_ex(priv, privSz,
+ key, EC25519_BIG_ENDIAN);
+}
+
+/* curve25519 private key import only. (Big or Little endian)
+ * return 0 on success */
+int wc_curve25519_import_private_ex(const byte* priv, word32 privSz,
+ curve25519_key* key, int endian)
+{
+ /* sanity check */
+ if (key == NULL || priv == NULL)
+ return BAD_FUNC_ARG;
+
+ /* check size of incoming keys */
+ if ((int)privSz != wc_curve25519_size(key))
+ return ECC_BAD_ARG_E;
+
+ if (endian == EC25519_BIG_ENDIAN) {
+ int i;
+
+ /* read the key in Big Endian format */
+ for (i = 0; i < CURVE25519_KEYSIZE; i++)
+ key->k.point[i] = priv[CURVE25519_KEYSIZE - i - 1];
+ }
+ else
+ XMEMCPY(key->k.point, priv, privSz);
+
+ key->dp = &curve25519_sets[0];
+
+ /* Clamp the key */
+ key->k.point[0] &= 248;
+ key->k.point[privSz-1] &= 63; /* same &=127 because |=64 after */
+ key->k.point[privSz-1] |= 64;
+
+ return 0;
+}
+
int wc_curve25519_init(curve25519_key* key)
{
- word32 keySz;
-
if (key == NULL)
- return ECC_BAD_ARG_E;
+ return BAD_FUNC_ARG;
/* currently the format for curve25519 */
key->dp = &curve25519_sets[0];
- keySz = key->dp->size;
- XMEMSET(key->k.point, 0, keySz);
- XMEMSET(key->p.point, 0, keySz);
+ XMEMSET(key->k.point, 0, key->dp->size);
+ XMEMSET(key->p.point, 0, key->dp->size);
return 0;
}
@@ -317,7 +378,8 @@ void wc_curve25519_free(curve25519_key* key)
/* get key size */
int wc_curve25519_size(curve25519_key* key)
{
- if (key == NULL) return 0;
+ if (key == NULL)
+ return 0;
return key->dp->size;
}
diff --git a/wolfcrypt/src/des3.c b/wolfcrypt/src/des3.c
index 5edb7f79e..a26f109c2 100644
--- a/wolfcrypt/src/des3.c
+++ b/wolfcrypt/src/des3.c
@@ -91,26 +91,12 @@ void wc_Des_SetIV(Des* des, const byte* iv)
}
-int wc_Des_CbcDecryptWithKey(byte* out, const byte* in, word32 sz,
- const byte* key, const byte* iv)
-{
- return Des_CbcDecryptWithKey(out, in, sz, key, iv);
-}
-
-
int wc_Des3_SetIV(Des3* des, const byte* iv)
{
return Des3_SetIV_fips(des, iv);
}
-int wc_Des3_CbcDecryptWithKey(byte* out, const byte* in, word32 sz,
- const byte* key, const byte* iv)
-{
- return Des3_CbcDecryptWithKey(out, in, sz, key, iv);
-}
-
-
#ifdef HAVE_CAVIUM
/* Initiliaze Des3 for use with Nitrox device */
@@ -129,6 +115,11 @@ void wc_Des3_FreeCavium(Des3* des3)
#endif /* HAVE_CAVIUM */
#else /* build without fips */
+
+#if defined(WOLFSSL_TI_CRYPT)
+ #include
+#else
+
#include
#include
@@ -943,7 +934,7 @@ int wc_Des3_SetIV(Des3* des, const byte* iv);
PIC32_DECRYPTION, PIC32_ALGO_TDES, PIC32_CRYPTOALGO_TCBC);
return 0;
}
-
+
#else /* CTaoCrypt software implementation */
/* permuted choice table (key) */
@@ -1485,34 +1476,6 @@ void wc_Des_SetIV(Des* des, const byte* iv)
}
-int wc_Des_CbcDecryptWithKey(byte* out, const byte* in, word32 sz,
- const byte* key, const byte* iv)
-{
- int ret = 0;
-#ifdef WOLFSSL_SMALL_STACK
- Des* des = NULL;
-#else
- Des des[1];
-#endif
-
-#ifdef WOLFSSL_SMALL_STACK
- des = (Des*)XMALLOC(sizeof(Des), NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (des == NULL)
- return MEMORY_E;
-#endif
-
- ret = wc_Des_SetKey(des, key, iv, DES_DECRYPTION);
- if (ret == 0)
- ret = wc_Des_CbcDecrypt(des, out, in, sz);
-
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(des, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
- return ret;
-}
-
-
int wc_Des3_SetIV(Des3* des, const byte* iv)
{
if (des && iv)
@@ -1524,34 +1487,6 @@ int wc_Des3_SetIV(Des3* des, const byte* iv)
}
-int wc_Des3_CbcDecryptWithKey(byte* out, const byte* in, word32 sz,
- const byte* key, const byte* iv)
-{
- int ret = 0;
-#ifdef WOLFSSL_SMALL_STACK
- Des3* des3 = NULL;
-#else
- Des3 des3[1];
-#endif
-
-#ifdef WOLFSSL_SMALL_STACK
- des3 = (Des3*)XMALLOC(sizeof(Des3), NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (des3 == NULL)
- return MEMORY_E;
-#endif
-
- ret = wc_Des3_SetKey(des3, key, iv, DES_DECRYPTION);
- if (ret == 0)
- ret = wc_Des3_CbcDecrypt(des3, out, in, sz);
-
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(des3, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
- return ret;
-}
-
-
#ifdef HAVE_CAVIUM
#include "cavium_common.h"
@@ -1668,5 +1603,6 @@ static int wc_Des3_CaviumCbcDecrypt(Des3* des3, byte* out, const byte* in,
}
#endif /* HAVE_CAVIUM */
+#endif /* WOLFSSL_TI_CRYPT */
#endif /* HAVE_FIPS */
#endif /* NO_DES3 */
diff --git a/wolfcrypt/src/dh.c b/wolfcrypt/src/dh.c
index 8bbaeab20..22db2298b 100644
--- a/wolfcrypt/src/dh.c
+++ b/wolfcrypt/src/dh.c
@@ -39,14 +39,15 @@
#endif
-#ifndef min
+#ifndef WOLFSSL_HAVE_MIN
+#define WOLFSSL_HAVE_MIN
static INLINE word32 min(word32 a, word32 b)
{
return a > b ? b : a;
}
-#endif /* min */
+#endif /* WOLFSSL_HAVE_MIN */
void wc_InitDhKey(DhKey* key)
@@ -82,7 +83,7 @@ static word32 DiscreteLogWorkFactor(word32 n)
}
-static int GeneratePrivate(DhKey* key, RNG* rng, byte* priv, word32* privSz)
+static int GeneratePrivate(DhKey* key, WC_RNG* rng, byte* priv, word32* privSz)
{
int ret;
word32 sz = mp_unsigned_bin_size(&key->p);
@@ -131,7 +132,7 @@ static int GeneratePublic(DhKey* key, const byte* priv, word32 privSz,
}
-int wc_DhGenerateKeyPair(DhKey* key, RNG* rng, byte* priv, word32* privSz,
+int wc_DhGenerateKeyPair(DhKey* key, WC_RNG* rng, byte* priv, word32* privSz,
byte* pub, word32* pubSz)
{
int ret = GeneratePrivate(key, rng, priv, privSz);
diff --git a/wolfcrypt/src/dsa.c b/wolfcrypt/src/dsa.c
index ac0d3b75b..13d4c9bb9 100644
--- a/wolfcrypt/src/dsa.c
+++ b/wolfcrypt/src/dsa.c
@@ -27,10 +27,12 @@
#ifndef NO_DSA
-#include
-#include
#include
+#include
#include
+#include
+#include
+#include
enum {
@@ -39,14 +41,15 @@ enum {
};
-#ifndef min
+#ifndef WOLFSSL_HAVE_MIN
+#define WOLFSSL_HAVE_MIN
static INLINE word32 min(word32 a, word32 b)
{
return a > b ? b : a;
}
-#endif /* min */
+#endif /* WOLFSSL_HAVE_MIN */
void wc_InitDsaKey(DsaKey* key)
@@ -79,8 +82,265 @@ void wc_FreeDsaKey(DsaKey* key)
#endif
}
+#ifdef WOLFSSL_KEY_GEN
-int wc_DsaSign(const byte* digest, byte* out, DsaKey* key, RNG* rng)
+int wc_MakeDsaKey(WC_RNG *rng, DsaKey *dsa)
+{
+ unsigned char *buf;
+ int qsize, err;
+
+ if (rng == NULL || dsa == NULL)
+ return BAD_FUNC_ARG;
+
+ qsize = mp_unsigned_bin_size(&dsa->q);
+ if (qsize == 0)
+ return BAD_FUNC_ARG;
+
+ /* allocate ram */
+ buf = (unsigned char *)XMALLOC(qsize, NULL,
+ DYNAMIC_TYPE_TMP_BUFFER);
+ if (buf == NULL)
+ return MEMORY_E;
+
+ if (mp_init(&dsa->x) != MP_OKAY) {
+ XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ return MP_INIT_E;
+ }
+
+ do {
+ /* make a random exponent mod q */
+ err = wc_RNG_GenerateBlock(rng, buf, qsize);
+ if (err != MP_OKAY) {
+ mp_clear(&dsa->x);
+ XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ return err;
+ }
+
+ err = mp_read_unsigned_bin(&dsa->x, buf, qsize);
+ if (err != MP_OKAY) {
+ mp_clear(&dsa->x);
+ XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ return err;
+ }
+ } while (mp_cmp_d(&dsa->x, 1) != MP_GT);
+
+ XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+
+ if (mp_init(&dsa->y) != MP_OKAY) {
+ mp_clear(&dsa->x);
+ return MP_INIT_E;
+ }
+
+ /* public key : y = g^x mod p */
+ err = mp_exptmod(&dsa->g, &dsa->x, &dsa->p, &dsa->y);
+ if (err != MP_OKAY) {
+ mp_clear(&dsa->x);
+ mp_clear(&dsa->y);
+ return err;
+ }
+
+ dsa->type = DSA_PRIVATE;
+
+ return MP_OKAY;
+}
+
+/* modulus_size in bits */
+int wc_MakeDsaParameters(WC_RNG *rng, int modulus_size, DsaKey *dsa)
+{
+ mp_int tmp, tmp2;
+ int err, msize, qsize,
+ loop_check_prime = 0,
+ check_prime = MP_NO;
+ unsigned char *buf;
+
+ if (rng == NULL || dsa == NULL)
+ return BAD_FUNC_ARG;
+
+ /* set group size in bytes from modulus size
+ * FIPS 186-4 defines valid values (1024, 160) (2048, 256) (3072, 256)
+ */
+ switch (modulus_size) {
+ case 1024:
+ qsize = 20;
+ break;
+ case 2048:
+ case 3072:
+ qsize = 32;
+ break;
+ default:
+ return BAD_FUNC_ARG;
+ break;
+ }
+
+ /* modulus size in bytes */
+ msize = modulus_size / 8;
+
+ /* allocate ram */
+ buf = (unsigned char *)XMALLOC(msize - qsize,
+ NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ if (buf == NULL) {
+ return MEMORY_E;
+ }
+
+ /* make a random string that will be multplied against q */
+ err = wc_RNG_GenerateBlock(rng, buf, msize - qsize);
+ if (err != MP_OKAY) {
+ XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ return err;
+ }
+
+ /* force magnitude */
+ buf[0] |= 0xC0;
+
+ /* force even */
+ buf[msize - qsize - 1] &= ~1;
+
+ if (mp_init_multi(&tmp2, &dsa->p, &dsa->q, 0, 0, 0) != MP_OKAY) {
+ mp_clear(&dsa->q);
+ XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ return MP_INIT_E;
+ }
+
+ err = mp_read_unsigned_bin(&tmp2, buf, msize - qsize);
+ if (err != MP_OKAY) {
+ mp_clear(&dsa->q);
+ mp_clear(&dsa->p);
+ mp_clear(&tmp2);
+ XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ return err;
+ }
+ XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+
+ /* make our prime q */
+ err = mp_rand_prime(&dsa->q, qsize, rng, NULL);
+ if (err != MP_OKAY) {
+ mp_clear(&dsa->q);
+ mp_clear(&dsa->p);
+ mp_clear(&tmp2);
+ return err;
+ }
+
+ /* p = random * q */
+ err = mp_mul(&dsa->q, &tmp2, &dsa->p);
+ if (err != MP_OKAY) {
+ mp_clear(&dsa->q);
+ mp_clear(&dsa->p);
+ mp_clear(&tmp2);
+ return err;
+ }
+
+ /* p = random * q + 1, so q is a prime divisor of p-1 */
+ err = mp_add_d(&dsa->p, 1, &dsa->p);
+ if (err != MP_OKAY) {
+ mp_clear(&dsa->q);
+ mp_clear(&dsa->p);
+ mp_clear(&tmp2);
+ return err;
+ }
+
+ if (mp_init(&tmp) != MP_OKAY) {
+ mp_clear(&dsa->q);
+ mp_clear(&dsa->p);
+ mp_clear(&tmp2);
+ return MP_INIT_E;
+ }
+
+ /* tmp = 2q */
+ err = mp_add(&dsa->q, &dsa->q, &tmp);
+ if (err != MP_OKAY) {
+ mp_clear(&dsa->q);
+ mp_clear(&dsa->p);
+ mp_clear(&tmp);
+ mp_clear(&tmp2);
+ return err;
+ }
+
+ /* loop until p is prime */
+ while (check_prime == MP_NO) {
+ err = mp_prime_is_prime(&dsa->p, 8, &check_prime);
+ if (err != MP_OKAY) {
+ mp_clear(&dsa->q);
+ mp_clear(&dsa->p);
+ mp_clear(&tmp);
+ mp_clear(&tmp2);
+ return err;
+ }
+
+ if (check_prime != MP_YES) {
+ /* p += 2q */
+ err = mp_add(&tmp, &dsa->p, &dsa->p);
+ if (err != MP_OKAY) {
+ mp_clear(&dsa->q);
+ mp_clear(&dsa->p);
+ mp_clear(&tmp);
+ mp_clear(&tmp2);
+ return err;
+ }
+
+ loop_check_prime++;
+ }
+ }
+
+ /* tmp2 += (2*loop_check_prime)
+ * to have p = (q * tmp2) + 1 prime
+ */
+ if (loop_check_prime) {
+ err = mp_add_d(&tmp2, 2*loop_check_prime, &tmp2);
+ if (err != MP_OKAY) {
+ mp_clear(&dsa->q);
+ mp_clear(&dsa->p);
+ mp_clear(&tmp);
+ mp_clear(&tmp2);
+ return err;
+ }
+ }
+
+ if (mp_init(&dsa->g) != MP_OKAY) {
+ mp_clear(&dsa->q);
+ mp_clear(&dsa->p);
+ mp_clear(&tmp);
+ mp_clear(&tmp2);
+ return MP_INIT_E;
+ }
+
+ /* find a value g for which g^tmp2 != 1 */
+ mp_set(&dsa->g, 1);
+
+ do {
+ err = mp_add_d(&dsa->g, 1, &dsa->g);
+ if (err != MP_OKAY) {
+ mp_clear(&dsa->q);
+ mp_clear(&dsa->p);
+ mp_clear(&dsa->g);
+ mp_clear(&tmp);
+ mp_clear(&tmp2);
+ return err;
+ }
+
+ err = mp_exptmod(&dsa->g, &tmp2, &dsa->p, &tmp);
+ if (err != MP_OKAY) {
+ mp_clear(&dsa->q);
+ mp_clear(&dsa->p);
+ mp_clear(&dsa->g);
+ mp_clear(&tmp);
+ mp_clear(&tmp2);
+ return err;
+ }
+
+ } while (mp_cmp_d(&tmp, 1) == MP_EQ);
+
+ /* at this point tmp generates a group of order q mod p */
+ mp_exch(&tmp, &dsa->g);
+
+ mp_clear(&tmp);
+ mp_clear(&tmp2);
+
+ return MP_OKAY;
+}
+#endif /* WOLFSSL_KEY_GEN */
+
+
+int wc_DsaSign(const byte* digest, byte* out, DsaKey* key, WC_RNG* rng)
{
mp_int k, kInv, r, s, H;
int ret, sz;
@@ -174,7 +434,12 @@ int wc_DsaVerify(const byte* digest, const byte* sig, DsaKey* key, int* answer)
ret = MP_READ_E;
/* sanity checks */
-
+ if (ret == 0) {
+ if (mp_iszero(&r) == MP_YES || mp_iszero(&s) == MP_YES ||
+ mp_cmp(&r, &key->q) != MP_LT || mp_cmp(&s, &key->q) != MP_LT) {
+ ret = MP_ZERO_E;
+ }
+ }
/* put H into u1 from sha digest */
if (ret == 0 && mp_read_unsigned_bin(&u1,digest,SHA_DIGEST_SIZE) != MP_OKAY)
diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c
old mode 100644
new mode 100755
index d98479060..c8a8f87e6
--- a/wolfcrypt/src/ecc.c
+++ b/wolfcrypt/src/ecc.c
@@ -30,6 +30,7 @@
#ifdef HAVE_ECC
#include
+#include
#include
#include
@@ -86,6 +87,7 @@ const ecc_set_type ecc_sets[] = {
#ifdef ECC112
{
14,
+ NID_secp111r1,
"SECP112R1",
"DB7C2ABF62E35E668076BEAD208B",
"DB7C2ABF62E35E668076BEAD2088",
@@ -98,6 +100,7 @@ const ecc_set_type ecc_sets[] = {
#ifdef ECC128
{
16,
+ NID_secp128r1,
"SECP128R1",
"FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF",
"FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFC",
@@ -110,6 +113,7 @@ const ecc_set_type ecc_sets[] = {
#ifdef ECC160
{
20,
+ NID_secp160r1,
"SECP160R1",
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF",
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC",
@@ -122,6 +126,7 @@ const ecc_set_type ecc_sets[] = {
#ifdef ECC192
{
24,
+ NID_cert192,
"ECC-192",
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",
@@ -134,6 +139,7 @@ const ecc_set_type ecc_sets[] = {
#ifdef ECC224
{
28,
+ NID_cert224,
"ECC-224",
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001",
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE",
@@ -146,7 +152,8 @@ const ecc_set_type ecc_sets[] = {
#ifdef ECC256
{
32,
- "ECC-256",
+ NID_X9_62_prime256v1,
+ "nistp256",
"FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF",
"FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC",
"5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B",
@@ -158,7 +165,8 @@ const ecc_set_type ecc_sets[] = {
#ifdef ECC384
{
48,
- "ECC-384",
+ NID_secp384r1,
+ "nistp384",
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF",
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC",
"B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF",
@@ -170,7 +178,8 @@ const ecc_set_type ecc_sets[] = {
#ifdef ECC521
{
66,
- "ECC-521",
+ NID_secp521r1,
+ "nistp521",
"1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF",
"1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC",
"51953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00",
@@ -180,21 +189,18 @@ const ecc_set_type ecc_sets[] = {
},
#endif
{
- 0,
+ 0, -1,
NULL, NULL, NULL, NULL, NULL, NULL, NULL
}
};
-ecc_point* ecc_new_point(void);
-void ecc_del_point(ecc_point* p);
int ecc_map(ecc_point*, mp_int*, mp_digit*);
int ecc_projective_add_point(ecc_point* P, ecc_point* Q, ecc_point* R,
mp_int* modulus, mp_digit* mp);
int ecc_projective_dbl_point(ecc_point* P, ecc_point* R, mp_int* modulus,
mp_digit* mp);
-static int ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, mp_int* modulus,
- int map);
+static int ecc_check_pubkey_order(ecc_key* key, mp_int* prime, mp_int* order);
#ifdef ECC_SHAMIR
static int ecc_mul2add(ecc_point* A, mp_int* kA, ecc_point* B, mp_int* kB,
ecc_point* C, mp_int* modulus);
@@ -255,7 +261,7 @@ int ecc_projective_add_point(ecc_point *P, ecc_point *Q, ecc_point *R,
/* should we dbl instead? */
fp_sub(modulus, Q->y, &t1);
- if ( (fp_cmp(P->x, Q->x) == FP_EQ) &&
+ if ( (fp_cmp(P->x, Q->x) == FP_EQ) &&
(get_digit_count(Q->z) && fp_cmp(P->z, Q->z) == FP_EQ) &&
(fp_cmp(P->y, Q->y) == FP_EQ || fp_cmp(P->y, &t1) == FP_EQ)) {
return ecc_projective_dbl_point(P, R, modulus, mp);
@@ -348,7 +354,7 @@ int ecc_projective_add_point(ecc_point *P, ecc_point *Q, ecc_point *R,
/* T1 = T1 * X */
fp_mul(&t1, &x, &t1);
fp_montgomery_reduce(&t1, modulus, *mp);
-
+
/* X = Y*Y */
fp_sqr(&y, &x);
fp_montgomery_reduce(&x, modulus, *mp);
@@ -362,7 +368,7 @@ int ecc_projective_add_point(ecc_point *P, ecc_point *Q, ecc_point *R,
fp_sub(&t2, &x, &t2);
if (fp_cmp_d(&t2, 0) == FP_LT) {
fp_add(&t2, modulus, &t2);
- }
+ }
/* T2 = T2 - X */
fp_sub(&t2, &x, &t2);
if (fp_cmp_d(&t2, 0) == FP_LT) {
@@ -385,7 +391,7 @@ int ecc_projective_add_point(ecc_point *P, ecc_point *Q, ecc_point *R,
fp_copy(&x, R->x);
fp_copy(&y, R->y);
fp_copy(&z, R->z);
-
+
return MP_OKAY;
}
@@ -428,7 +434,7 @@ int ecc_projective_dbl_point(ecc_point *P, ecc_point *R, mp_int* modulus,
if (fp_cmp(R->z, modulus) != FP_LT) {
fp_sub(R->z, modulus, R->z);
}
-
+
/* &t2 = X - T1 */
fp_sub(R->x, &t1, &t2);
if (fp_cmp_d(&t2, 0) == FP_LT) {
@@ -487,7 +493,7 @@ int ecc_projective_dbl_point(ecc_point *P, ecc_point *R, mp_int* modulus,
fp_add(R->x, modulus, R->x);
}
- /* Y = Y - X */
+ /* Y = Y - X */
fp_sub(R->y, R->x, R->y);
if (fp_cmp_d(R->y, 0) == FP_LT) {
fp_add(R->y, modulus, R->y);
@@ -500,7 +506,7 @@ int ecc_projective_dbl_point(ecc_point *P, ecc_point *R, mp_int* modulus,
if (fp_cmp_d(R->y, 0) == FP_LT) {
fp_add(R->y, modulus, R->y);
}
-
+
return MP_OKAY;
}
@@ -531,12 +537,12 @@ int ecc_projective_add_point(ecc_point* P, ecc_point* Q, ecc_point* R,
if ((err = mp_init_multi(&t1, &t2, &x, &y, &z, NULL)) != MP_OKAY) {
return err;
}
-
+
/* should we dbl instead? */
err = mp_sub(modulus, Q->y, &t1);
if (err == MP_OKAY) {
- if ( (mp_cmp(P->x, Q->x) == MP_EQ) &&
+ if ( (mp_cmp(P->x, Q->x) == MP_EQ) &&
(get_digit_count(Q->z) && mp_cmp(P->z, Q->z) == MP_EQ) &&
(mp_cmp(P->y, Q->y) == MP_EQ || mp_cmp(P->y, &t1) == MP_EQ)) {
mp_clear(&t1);
@@ -677,7 +683,7 @@ int ecc_projective_add_point(ecc_point* P, ecc_point* Q, ecc_point* R,
err = mp_sqr(&x, &x);
if (err == MP_OKAY)
err = mp_montgomery_reduce(&x, modulus, *mp);
-
+
/* T2 = T2 * x */
if (err == MP_OKAY)
err = mp_mul(&t2, &x, &t2);
@@ -689,7 +695,7 @@ int ecc_projective_add_point(ecc_point* P, ecc_point* Q, ecc_point* R,
err = mp_mul(&t1, &x, &t1);
if (err == MP_OKAY)
err = mp_montgomery_reduce(&t1, modulus, *mp);
-
+
/* X = Y*Y */
if (err == MP_OKAY)
err = mp_sqr(&y, &x);
@@ -709,7 +715,7 @@ int ecc_projective_add_point(ecc_point* P, ecc_point* Q, ecc_point* R,
if (err == MP_OKAY) {
if (mp_cmp_d(&t2, 0) == MP_LT)
err = mp_add(&t2, modulus, &t2);
- }
+ }
/* T2 = T2 - X */
if (err == MP_OKAY)
err = mp_sub(&t2, &x, &t2);
@@ -852,7 +858,7 @@ int ecc_projective_dbl_point(ecc_point *P, ecc_point *R, mp_int* modulus,
err = mp_sqr(R->y, R->y);
if (err == MP_OKAY)
err = mp_montgomery_reduce(R->y, modulus, *mp);
-
+
/* T2 = Y * Y */
if (err == MP_OKAY)
err = mp_sqr(R->y, &t2);
@@ -866,7 +872,7 @@ int ecc_projective_dbl_point(ecc_point *P, ecc_point *R, mp_int* modulus,
}
if (err == MP_OKAY)
err = mp_div_2(&t2, &t2);
-
+
/* Y = Y * X */
if (err == MP_OKAY)
err = mp_mul(R->y, R->x, R->y);
@@ -893,7 +899,7 @@ int ecc_projective_dbl_point(ecc_point *P, ecc_point *R, mp_int* modulus,
if (mp_cmp_d(R->x, 0) == MP_LT)
err = mp_add(R->x, modulus, R->x);
}
- /* Y = Y - X */
+ /* Y = Y - X */
if (err == MP_OKAY)
err = mp_sub(R->y, R->x, R->y);
if (err == MP_OKAY) {
@@ -914,7 +920,7 @@ int ecc_projective_dbl_point(ecc_point *P, ecc_point *R, mp_int* modulus,
err = mp_add(R->y, modulus, R->y);
}
- /* clean up */
+ /* clean up */
mp_clear(&t1);
mp_clear(&t2);
@@ -939,6 +945,14 @@ int ecc_map(ecc_point* P, mp_int* modulus, mp_digit* mp)
if (P == NULL || mp == NULL || modulus == NULL)
return ECC_BAD_ARG_E;
+ /* special case for point at infinity */
+ if (mp_cmp_d(P->z, 0) == MP_EQ) {
+ mp_set(P->x, 0);
+ mp_set(P->y, 0);
+ mp_set(P->z, 1);
+ return MP_OKAY;
+ }
+
if ((err = mp_init_multi(&t1, &t2, NULL, NULL, NULL, NULL)) != MP_OKAY) {
return MEMORY_E;
}
@@ -949,7 +963,7 @@ int ecc_map(ecc_point* P, mp_int* modulus, mp_digit* mp)
/* get 1/z */
if (err == MP_OKAY)
err = mp_invmod(P->z, modulus, &t1);
-
+
/* get 1/z^2 and 1/z^3 */
if (err == MP_OKAY)
err = mp_sqr(&t1, &t2);
@@ -969,7 +983,7 @@ int ecc_map(ecc_point* P, mp_int* modulus, mp_digit* mp)
err = mp_mul(P->y, &t1, P->y);
if (err == MP_OKAY)
err = mp_montgomery_reduce(P->y, modulus, *mp);
-
+
if (err == MP_OKAY)
mp_set(P->z, 1);
@@ -987,7 +1001,7 @@ int ecc_map(ecc_point* P, mp_int* modulus, mp_digit* mp)
#define WINSIZE 4
/**
- Perform a point multiplication
+ Perform a point multiplication
k The scalar to multiply by
G The base point
R [out] Destination for kG
@@ -998,10 +1012,10 @@ int ecc_map(ecc_point* P, mp_int* modulus, mp_digit* mp)
*/
#ifdef FP_ECC
static int normal_ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R,
- mp_int* modulus, int map)
+ mp_int* modulus, int map)
#else
-static int ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, mp_int* modulus,
- int map)
+int wc_ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, mp_int* modulus,
+ int map)
#endif
{
ecc_point *tG, *M[8];
@@ -1026,13 +1040,13 @@ static int ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, mp_int* modulus,
mp_clear(&mu);
return err;
}
-
+
/* alloc ram for window temps */
for (i = 0; i < 8; i++) {
- M[i] = ecc_new_point();
+ M[i] = wc_ecc_new_point();
if (M[i] == NULL) {
for (j = 0; j < i; j++) {
- ecc_del_point(M[j]);
+ wc_ecc_del_point(M[j]);
}
mp_clear(&mu);
return MEMORY_E;
@@ -1040,7 +1054,7 @@ static int ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, mp_int* modulus,
}
/* make a copy of G incase R==G */
- tG = ecc_new_point();
+ tG = wc_ecc_new_point();
if (tG == NULL)
err = MEMORY_E;
@@ -1061,7 +1075,7 @@ static int ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, mp_int* modulus,
}
}
mp_clear(&mu);
-
+
/* calc the M tab, which holds kG for k==8..15 */
/* M[0] == 8G */
if (err == MP_OKAY)
@@ -1095,7 +1109,7 @@ static int ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, mp_int* modulus,
break;
}
buf = get_digit(k, digidx);
- bitcnt = (int) DIGIT_BIT;
+ bitcnt = (int) DIGIT_BIT;
--digidx;
}
@@ -1190,9 +1204,9 @@ static int ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, mp_int* modulus,
err = ecc_map(R, modulus, &mp);
mp_clear(&mu);
- ecc_del_point(tG);
+ wc_ecc_del_point(tG);
for (i = 0; i < 8; i++) {
- ecc_del_point(M[i]);
+ wc_ecc_del_point(M[i]);
}
return err;
}
@@ -1213,10 +1227,10 @@ static int ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, mp_int* modulus,
*/
#ifdef FP_ECC
static int normal_ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R,
- mp_int* modulus, int map)
+ mp_int* modulus, int map)
#else
-static int ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, mp_int* modulus,
- int map)
+int wc_ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, mp_int* modulus,
+ int map)
#endif
{
ecc_point *tG, *M[3];
@@ -1243,10 +1257,10 @@ static int ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, mp_int* modulus,
/* alloc ram for window temps */
for (i = 0; i < 3; i++) {
- M[i] = ecc_new_point();
+ M[i] = wc_ecc_new_point();
if (M[i] == NULL) {
for (j = 0; j < i; j++) {
- ecc_del_point(M[j]);
+ wc_ecc_del_point(M[j]);
}
mp_clear(&mu);
return MEMORY_E;
@@ -1254,7 +1268,7 @@ static int ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, mp_int* modulus,
}
/* make a copy of G incase R==G */
- tG = ecc_new_point();
+ tG = wc_ecc_new_point();
if (tG == NULL)
err = MEMORY_E;
@@ -1350,9 +1364,9 @@ static int ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, mp_int* modulus,
/* done */
mp_clear(&mu);
- ecc_del_point(tG);
+ wc_ecc_del_point(tG);
for (i = 0; i < 3; i++) {
- ecc_del_point(M[i]);
+ wc_ecc_del_point(M[i]);
}
return err;
}
@@ -1373,9 +1387,9 @@ static void alt_fp_init(fp_int* a)
/**
Allocate a new ECC point
- return A newly allocated point or NULL on error
+ return A newly allocated point or NULL on error
*/
-ecc_point* ecc_new_point(void)
+ecc_point* wc_ecc_new_point(void)
{
ecc_point* p;
@@ -1411,7 +1425,7 @@ ecc_point* ecc_new_point(void)
/** Free an ECC point from memory
p The point to free
*/
-void ecc_del_point(ecc_point* p)
+void wc_ecc_del_point(ecc_point* p)
{
/* prevents free'ing null arguments */
if (p != NULL) {
@@ -1422,12 +1436,63 @@ void ecc_del_point(ecc_point* p)
}
}
+/** Copy the value of a point to an other one
+ p The point to copy
+ r The created point
+*/
+int wc_ecc_copy_point(ecc_point* p, ecc_point *r)
+{
+ int ret;
+
+ /* prevents null arguments */
+ if (p == NULL || r == NULL)
+ return ECC_BAD_ARG_E;
+
+ ret = mp_copy(p->x, r->x);
+ if (ret != MP_OKAY)
+ return ret;
+ ret = mp_copy(p->y, r->y);
+ if (ret != MP_OKAY)
+ return ret;
+ ret = mp_copy(p->z, r->z);
+ if (ret != MP_OKAY)
+ return ret;
+
+ return MP_OKAY;
+}
+
+/** Compare the value of a point with an other one
+ a The point to compare
+ b The othe point to compare
+
+ return MP_EQ if equal, MP_LT/MP_GT if not, < 0 in case of error
+ */
+int wc_ecc_cmp_point(ecc_point* a, ecc_point *b)
+{
+ int ret;
+
+ /* prevents null arguments */
+ if (a == NULL || b == NULL)
+ return BAD_FUNC_ARG;
+
+ ret = mp_cmp(a->x, b->x);
+ if (ret != MP_EQ)
+ return ret;
+ ret = mp_cmp(a->y, b->y);
+ if (ret != MP_EQ)
+ return ret;
+ ret = mp_cmp(a->z, b->z);
+ if (ret != MP_EQ)
+ return ret;
+
+ return MP_EQ;
+}
/** Returns whether an ECC idx is valid or not
n The idx number to check
return 1 if valid, 0 if not
-*/
-static int ecc_is_valid_idx(int n)
+*/
+int wc_ecc_is_valid_idx(int n)
{
int x;
@@ -1468,28 +1533,28 @@ int wc_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out,
return ECC_BAD_ARG_E;
}
- if (ecc_is_valid_idx(private_key->idx) == 0 ||
- ecc_is_valid_idx(public_key->idx) == 0)
+ if (wc_ecc_is_valid_idx(private_key->idx) == 0 ||
+ wc_ecc_is_valid_idx(public_key->idx) == 0)
return ECC_BAD_ARG_E;
if (XSTRNCMP(private_key->dp->name, public_key->dp->name, ECC_MAXNAME) != 0)
return ECC_BAD_ARG_E;
/* make new point */
- result = ecc_new_point();
+ result = wc_ecc_new_point();
if (result == NULL) {
return MEMORY_E;
}
if ((err = mp_init(&prime)) != MP_OKAY) {
- ecc_del_point(result);
+ wc_ecc_del_point(result);
return err;
}
err = mp_read_radix(&prime, (char *)private_key->dp->prime, 16);
if (err == MP_OKAY)
- err = ecc_mulmod(&private_key->k, &public_key->pubkey, result, &prime,1);
+ err = wc_ecc_mulmod(&private_key->k, &public_key->pubkey, result, &prime,1);
if (err == MP_OKAY) {
x = mp_unsigned_bin_size(&prime);
@@ -1505,44 +1570,89 @@ int wc_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out,
}
mp_clear(&prime);
- ecc_del_point(result);
+ wc_ecc_del_point(result);
return err;
}
-
-int wc_ecc_make_key_ex(RNG* rng, ecc_key* key, const ecc_set_type* dp);
-
/**
- Make a new ECC key
- rng An active RNG state
- keysize The keysize for the new key (in octets from 20 to 65 bytes)
- key [out] Destination of the newly created key
- return MP_OKAY if successful,
- upon error all allocated memory will be freed
-*/
-int wc_ecc_make_key(RNG* rng, int keysize, ecc_key* key)
+ Create an ECC shared secret between two keys
+ private_key The private ECC key
+ point The point to use (public key)
+ out [out] Destination of the shared secret
+ Conforms to EC-DH from ANSI X9.63
+ outlen [in/out] The max size and resulting size of the shared secret
+ return MP_OKAY if successful
+ */
+int wc_ecc_shared_secret_ssh(ecc_key* private_key, ecc_point* point,
+ byte* out, word32 *outlen)
{
- int x, err;
+ word32 x = 0;
+ ecc_point* result;
+ mp_int prime;
+ int err;
- if (key == NULL || rng == NULL)
- return ECC_BAD_ARG_E;
+ if (private_key == NULL || point == NULL || out == NULL || outlen == NULL)
+ return BAD_FUNC_ARG;
- /* find key size */
- for (x = 0; (keysize > ecc_sets[x].size) && (ecc_sets[x].size != 0); x++)
- ;
- keysize = ecc_sets[x].size;
+ /* type valid? */
+ if (private_key->type != ECC_PRIVATEKEY) {
+ return ECC_BAD_ARG_E;
+ }
- if (keysize > ECC_MAXSIZE || ecc_sets[x].size == 0) {
- return BAD_FUNC_ARG;
- }
- err = wc_ecc_make_key_ex(rng, key, &ecc_sets[x]);
- key->idx = x;
+ if (wc_ecc_is_valid_idx(private_key->idx) == 0)
+ return ECC_BAD_ARG_E;
- return err;
+ /* make new point */
+ result = wc_ecc_new_point();
+ if (result == NULL) {
+ return MEMORY_E;
+ }
+
+ if ((err = mp_init(&prime)) != MP_OKAY) {
+ wc_ecc_del_point(result);
+ return err;
+ }
+
+ err = mp_read_radix(&prime, (char *)private_key->dp->prime, 16);
+
+ if (err == MP_OKAY)
+ err = wc_ecc_mulmod(&private_key->k, point, result, &prime, 1);
+
+ if (err == MP_OKAY) {
+ x = mp_unsigned_bin_size(&prime);
+ if (*outlen < x)
+ err = BUFFER_E;
+ }
+
+ if (err == MP_OKAY) {
+ XMEMSET(out, 0, x);
+ err = mp_to_unsigned_bin(result->x,out +
+ (x - mp_unsigned_bin_size(result->x)));
+ *outlen = x;
+ }
+
+ mp_clear(&prime);
+ wc_ecc_del_point(result);
+
+ return err;
}
-int wc_ecc_make_key_ex(RNG* rng, ecc_key* key, const ecc_set_type* dp)
+
+/* return 1 if point is at infinity, 0 if not, < 0 on error */
+int wc_ecc_point_is_at_infinity(ecc_point* p)
+{
+ if (p == NULL)
+ return BAD_FUNC_ARG;
+
+ if (get_digit_count(p->x) == 0 && get_digit_count(p->y) == 0)
+ return 1;
+
+ return 0;
+}
+
+
+static int wc_ecc_make_key_ex(WC_RNG* rng, ecc_key* key, const ecc_set_type* dp)
{
int err;
ecc_point* base;
@@ -1554,6 +1664,7 @@ int wc_ecc_make_key_ex(RNG* rng, ecc_key* key, const ecc_set_type* dp)
byte buf[ECC_MAXSIZE];
#endif
int keysize;
+ int po_init = 0; /* prime order Init flag for clear */
if (key == NULL || rng == NULL || dp == NULL)
return ECC_BAD_ARG_E;
@@ -1592,37 +1703,46 @@ int wc_ecc_make_key_ex(RNG* rng, ecc_key* key, const ecc_set_type* dp)
#endif
if (err != MP_OKAY)
err = MEMORY_E;
+ else
+ po_init = 1;
}
if (err == MP_OKAY) {
- base = ecc_new_point();
+ base = wc_ecc_new_point();
if (base == NULL)
err = MEMORY_E;
}
/* read in the specs for this key */
- if (err == MP_OKAY)
+ if (err == MP_OKAY)
err = mp_read_radix(&prime, (char *)key->dp->prime, 16);
- if (err == MP_OKAY)
+ if (err == MP_OKAY)
err = mp_read_radix(&order, (char *)key->dp->order, 16);
- if (err == MP_OKAY)
+ if (err == MP_OKAY)
err = mp_read_radix(base->x, (char *)key->dp->Gx, 16);
- if (err == MP_OKAY)
+ if (err == MP_OKAY)
err = mp_read_radix(base->y, (char *)key->dp->Gy, 16);
-
- if (err == MP_OKAY)
+
+ if (err == MP_OKAY)
mp_set(base->z, 1);
- if (err == MP_OKAY)
+ if (err == MP_OKAY)
err = mp_read_unsigned_bin(&key->k, (byte*)buf, keysize);
/* the key should be smaller than the order of base point */
- if (err == MP_OKAY) {
+ if (err == MP_OKAY) {
if (mp_cmp(&key->k, &order) != MP_LT)
err = mp_mod(&key->k, &order, &key->k);
}
/* make the public key */
if (err == MP_OKAY)
- err = ecc_mulmod(&key->k, base, &key->pubkey, &prime, 1);
+ err = wc_ecc_mulmod(&key->k, base, &key->pubkey, &prime, 1);
+
+#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
+ /* validate the public key, order * pubkey = point at infinity */
+ if (err == MP_OKAY)
+ err = ecc_check_pubkey_order(key, &prime, &order);
+#endif /* WOLFSSL_VALIDATE_KEYGEN */
+
if (err == MP_OKAY)
key->type = ECC_PRIVATEKEY;
@@ -1633,9 +1753,11 @@ int wc_ecc_make_key_ex(RNG* rng, ecc_key* key, const ecc_set_type* dp)
mp_clear(key->pubkey.z);
mp_clear(&key->k);
}
- ecc_del_point(base);
- mp_clear(&prime);
- mp_clear(&order);
+ wc_ecc_del_point(base);
+ if (po_init) {
+ mp_clear(&prime);
+ mp_clear(&order);
+ }
ForceZero(buf, ECC_MAXSIZE);
#ifdef WOLFSSL_SMALL_STACK
@@ -1645,6 +1767,34 @@ int wc_ecc_make_key_ex(RNG* rng, ecc_key* key, const ecc_set_type* dp)
return err;
}
+/**
+ Make a new ECC key
+ rng An active RNG state
+ keysize The keysize for the new key (in octets from 20 to 65 bytes)
+ key [out] Destination of the newly created key
+ return MP_OKAY if successful,
+ upon error all allocated memory will be freed
+ */
+int wc_ecc_make_key(WC_RNG* rng, int keysize, ecc_key* key)
+{
+ int x, err;
+
+ if (key == NULL || rng == NULL)
+ return ECC_BAD_ARG_E;
+
+ /* find key size */
+ for (x = 0; (keysize > ecc_sets[x].size) && (ecc_sets[x].size != 0); x++)
+ ;
+ keysize = ecc_sets[x].size;
+
+ if (keysize > ECC_MAXSIZE || ecc_sets[x].size == 0) {
+ return BAD_FUNC_ARG;
+ }
+ err = wc_ecc_make_key_ex(rng, key, &ecc_sets[x]);
+ key->idx = x;
+
+ return err;
+}
/* Setup dynamic pointers is using normal math for proper freeing */
int wc_ecc_init(ecc_key* key)
@@ -1671,10 +1821,44 @@ int wc_ecc_init(ecc_key* key)
alt_fp_init(key->pubkey.z);
#endif
- return 0;
+ return MP_OKAY;
}
+/**
+ Sign a message digest
+ in The message digest to sign
+ inlen The length of the digest
+ out [out] The destination for the signature
+ outlen [in/out] The max size and resulting size of the signature
+ key A private ECC key
+ return MP_OKAY if successful
+ */
+int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen,
+ WC_RNG* rng, ecc_key* key)
+{
+ mp_int r;
+ mp_int s;
+ int err;
+
+ if (in == NULL || out == NULL || outlen == NULL ||
+ key == NULL || rng == NULL)
+ return ECC_BAD_ARG_E;
+
+ if ((err = mp_init_multi(&r, &s, NULL, NULL, NULL, NULL)) != MP_OKAY) {
+ return err;
+ }
+
+ err = wc_ecc_sign_hash_ex(in, inlen, rng, key, &r, &s);
+ if (err == MP_OKAY)
+ err = StoreECC_DSA_Sig(out, outlen, &r, &s);
+
+ mp_clear(&r);
+ mp_clear(&s);
+
+ return err;
+}
+
/**
Sign a message digest
in The message digest to sign
@@ -1682,33 +1866,33 @@ int wc_ecc_init(ecc_key* key)
out [out] The destination for the signature
outlen [in/out] The max size and resulting size of the signature
key A private ECC key
+ r [out] The destination for r component of the signature
+ s [out] The destination for s component of the signature
return MP_OKAY if successful
*/
-int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen,
- RNG* rng, ecc_key* key)
+int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, WC_RNG* rng,
+ ecc_key* key, mp_int *r, mp_int *s)
{
- mp_int r;
- mp_int s;
mp_int e;
mp_int p;
int err;
- if (in == NULL || out == NULL || outlen == NULL || key == NULL || rng ==NULL)
+ if (in == NULL || r == NULL || s == NULL || key == NULL || rng == NULL)
return ECC_BAD_ARG_E;
/* is this a private key? */
if (key->type != ECC_PRIVATEKEY) {
return ECC_BAD_ARG_E;
}
-
+
/* is the IDX valid ? */
- if (ecc_is_valid_idx(key->idx) != 1) {
+ if (wc_ecc_is_valid_idx(key->idx) != 1) {
return ECC_BAD_ARG_E;
}
/* get the hash and load it as a bignum into 'e' */
/* init the bignums */
- if ((err = mp_init_multi(&r, &s, &p, &e, NULL, NULL)) != MP_OKAY) {
+ if ((err = mp_init_multi(&p, &e, NULL, NULL, NULL, NULL)) != MP_OKAY) {
return err;
}
err = mp_read_radix(&p, (char *)key->dp->order, 16);
@@ -1729,52 +1913,52 @@ int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen,
/* make up a key and export the public copy */
if (err == MP_OKAY) {
+ int loop_check = 0;
ecc_key pubkey;
- wc_ecc_init(&pubkey);
- for (;;) {
- err = wc_ecc_make_key_ex(rng, &pubkey, key->dp);
- if (err != MP_OKAY) break;
+ if (wc_ecc_init(&pubkey) == MP_OKAY) {
+ for (;;) {
+ if (++loop_check > 64) {
+ err = RNG_FAILURE_E;
+ break;
+ }
+ err = wc_ecc_make_key_ex(rng, &pubkey, key->dp);
+ if (err != MP_OKAY) break;
- /* find r = x1 mod n */
- err = mp_mod(pubkey.pubkey.x, &p, &r);
- if (err != MP_OKAY) break;
+ /* find r = x1 mod n */
+ err = mp_mod(pubkey.pubkey.x, &p, r);
+ if (err != MP_OKAY) break;
- if (mp_iszero(&r) == MP_YES) {
- mp_clear(pubkey.pubkey.x);
- mp_clear(pubkey.pubkey.y);
- mp_clear(pubkey.pubkey.z);
- mp_clear(&pubkey.k);
+ if (mp_iszero(r) == MP_YES) {
+ mp_clear(pubkey.pubkey.x);
+ mp_clear(pubkey.pubkey.y);
+ mp_clear(pubkey.pubkey.z);
+ mp_clear(&pubkey.k);
+ }
+ else {
+ /* find s = (e + xr)/k */
+ err = mp_invmod(&pubkey.k, &p, &pubkey.k);
+ if (err != MP_OKAY) break;
+
+ err = mp_mulmod(&key->k, r, &p, s); /* s = xr */
+ if (err != MP_OKAY) break;
+
+ err = mp_add(&e, s, s); /* s = e + xr */
+ if (err != MP_OKAY) break;
+
+ err = mp_mod(s, &p, s); /* s = e + xr */
+ if (err != MP_OKAY) break;
+
+ err = mp_mulmod(s, &pubkey.k, &p, s); /* s = (e + xr)/k */
+ if (err != MP_OKAY) break;
+
+ if (mp_iszero(s) == MP_NO)
+ break;
+ }
}
- else {
- /* find s = (e + xr)/k */
- err = mp_invmod(&pubkey.k, &p, &pubkey.k);
- if (err != MP_OKAY) break;
-
- err = mp_mulmod(&key->k, &r, &p, &s); /* s = xr */
- if (err != MP_OKAY) break;
-
- err = mp_add(&e, &s, &s); /* s = e + xr */
- if (err != MP_OKAY) break;
-
- err = mp_mod(&s, &p, &s); /* s = e + xr */
- if (err != MP_OKAY) break;
-
- err = mp_mulmod(&s, &pubkey.k, &p, &s); /* s = (e + xr)/k */
- if (err != MP_OKAY) break;
-
- if (mp_iszero(&s) == MP_NO)
- break;
- }
+ wc_ecc_free(&pubkey);
}
- wc_ecc_free(&pubkey);
}
- /* store as SEQUENCE { r, s -- integer } */
- if (err == MP_OKAY)
- err = StoreECC_DSA_Sig(out, outlen, &r, &s);
-
- mp_clear(&r);
- mp_clear(&s);
mp_clear(&p);
mp_clear(&e);
@@ -1812,7 +1996,7 @@ void wc_ecc_free(ecc_key* key)
B Second point to multiply
kB What to multiple B by
C [out] Destination point (can overlap with A or B)
- modulus Modulus for curve
+ modulus Modulus for curve
return MP_OKAY on success
*/
#ifdef FP_ECC
@@ -1834,9 +2018,9 @@ static int ecc_mul2add(ecc_point* A, mp_int* kA,
int tableInit = 0;
mp_digit mp;
mp_int mu;
-
+
/* argchks */
- if (A == NULL || kA == NULL || B == NULL || kB == NULL || C == NULL ||
+ if (A == NULL || kA == NULL || B == NULL || kB == NULL || C == NULL ||
modulus == NULL)
return ECC_BAD_ARG_E;
@@ -1875,10 +2059,10 @@ static int ecc_mul2add(ecc_point* A, mp_int* kA,
/* allocate the table */
if (err == MP_OKAY) {
for (x = 0; x < 16; x++) {
- precomp[x] = ecc_new_point();
+ precomp[x] = wc_ecc_new_point();
if (precomp[x] == NULL) {
for (y = 0; y < x; ++y) {
- ecc_del_point(precomp[y]);
+ wc_ecc_del_point(precomp[y]);
}
err = GEN_MEM_ERR;
break;
@@ -1941,8 +2125,8 @@ static int ecc_mul2add(ecc_point* A, mp_int* kA,
err = ecc_projective_add_point(precomp[x], precomp[(y<<2)],
precomp[x+(y<<2)], modulus, &mp);
}
- }
- }
+ }
+ }
if (err == MP_OKAY) {
nibble = 3;
@@ -1963,8 +2147,8 @@ static int ecc_mul2add(ecc_point* A, mp_int* kA,
/* extract two bits from both, shift/update */
nA = (bitbufA >> 6) & 0x03;
nB = (bitbufB >> 6) & 0x03;
- bitbufA = (bitbufA << 2) & 0xFF;
- bitbufB = (bitbufB << 2) & 0xFF;
+ bitbufA = (bitbufA << 2) & 0xFF;
+ bitbufB = (bitbufB << 2) & 0xFF;
/* if both zero, if first, continue */
if ((nA == 0) && (nB == 0) && (first == 1)) {
@@ -2019,7 +2203,7 @@ static int ecc_mul2add(ecc_point* A, mp_int* kA,
if (tableInit) {
for (x = 0; x < 16; x++) {
- ecc_del_point(precomp[x]);
+ wc_ecc_del_point(precomp[x]);
}
}
ForceZero(tA, ECC_BUFSIZE);
@@ -2035,32 +2219,71 @@ static int ecc_mul2add(ecc_point* A, mp_int* kA,
-/* verify
+/* verify
*
* w = s^-1 mod n
- * u1 = xw
+ * u1 = xw
* u2 = rw
* X = u1*G + u2*Q
* v = X_x1 mod n
* accept if v == r
*/
+/**
+ Verify an ECC signature
+ sig The signature to verify
+ siglen The length of the signature (octets)
+ hash The hash (message digest) that was signed
+ hashlen The length of the hash (octets)
+ stat Result of signature, 1==valid, 0==invalid
+ key The corresponding public ECC key
+ return MP_OKAY if successful (even if the signature is not valid)
+ */
+int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
+ word32 hashlen, int* stat, ecc_key* key)
+{
+ mp_int r;
+ mp_int s;
+ int err;
+
+ if (sig == NULL || hash == NULL || stat == NULL || key == NULL)
+ return ECC_BAD_ARG_E;
+
+ /* default to invalid signature */
+ *stat = 0;
+
+ /* Note, DecodeECC_DSA_Sig() calls mp_init() on r and s.
+ * If either of those don't allocate correctly, none of
+ * the rest of this function will execute, and everything
+ * gets cleaned up at the end. */
+ XMEMSET(&r, 0, sizeof(r));
+ XMEMSET(&s, 0, sizeof(s));
+
+ err = DecodeECC_DSA_Sig(sig, siglen, &r, &s);
+
+ if (err == MP_OKAY)
+ err = wc_ecc_verify_hash_ex(&r, &s, hash, hashlen, stat, key);
+
+ mp_clear(&r);
+ mp_clear(&s);
+
+ return err;
+}
+
/**
Verify an ECC signature
- sig The signature to verify
- siglen The length of the signature (octets)
+ r The signature R component to verify
+ s The signature S component to verify
hash The hash (message digest) that was signed
hashlen The length of the hash (octets)
stat Result of signature, 1==valid, 0==invalid
key The corresponding public ECC key
return MP_OKAY if successful (even if the signature is not valid)
*/
-int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
+int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
word32 hashlen, int* stat, ecc_key* key)
{
ecc_point *mG, *mQ;
- mp_int r;
- mp_int s;
mp_int v;
mp_int w;
mp_int u1;
@@ -2070,14 +2293,14 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
mp_int m;
int err;
- if (sig == NULL || hash == NULL || stat == NULL || key == NULL)
- return ECC_BAD_ARG_E;
+ if (r == NULL || s == NULL || hash == NULL || stat == NULL || key == NULL)
+ return ECC_BAD_ARG_E;
/* default to invalid signature */
*stat = 0;
/* is the IDX valid ? */
- if (ecc_is_valid_idx(key->idx) != 1) {
+ if (wc_ecc_is_valid_idx(key->idx) != 1) {
return ECC_BAD_ARG_E;
}
@@ -2097,20 +2320,11 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
}
/* allocate points */
- mG = ecc_new_point();
- mQ = ecc_new_point();
+ mG = wc_ecc_new_point();
+ mQ = wc_ecc_new_point();
if (mQ == NULL || mG == NULL)
err = MEMORY_E;
- /* Note, DecodeECC_DSA_Sig() calls mp_init() on r and s.
- * If either of those don't allocate correctly, none of
- * the rest of this function will execute, and everything
- * gets cleaned up at the end. */
- XMEMSET(&r, 0, sizeof(r));
- XMEMSET(&s, 0, sizeof(s));
- if (err == MP_OKAY)
- err = DecodeECC_DSA_Sig(sig, siglen, &r, &s);
-
/* get the order */
if (err == MP_OKAY)
err = mp_read_radix(&p, (char *)key->dp->order, 16);
@@ -2121,9 +2335,9 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
/* check for zero */
if (err == MP_OKAY) {
- if (mp_iszero(&r) || mp_iszero(&s) || mp_cmp(&r, &p) != MP_LT ||
- mp_cmp(&s, &p) != MP_LT)
- err = MP_ZERO_E;
+ if (mp_iszero(r) || mp_iszero(s) || mp_cmp(r, &p) != MP_LT ||
+ mp_cmp(s, &p) != MP_LT)
+ err = MP_ZERO_E;
}
/* read hash */
if (err == MP_OKAY) {
@@ -2142,7 +2356,7 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
/* w = s^-1 mod n */
if (err == MP_OKAY)
- err = mp_invmod(&s, &p, &w);
+ err = mp_invmod(s, &p, &w);
/* u1 = ew */
if (err == MP_OKAY)
@@ -2150,7 +2364,7 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
/* u2 = rw */
if (err == MP_OKAY)
- err = mp_mulmod(&r, &w, &p, &u2);
+ err = mp_mulmod(r, &w, &p, &u2);
/* find mG and mQ */
if (err == MP_OKAY)
@@ -2174,10 +2388,10 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
/* compute u1*mG + u2*mQ = mG */
if (err == MP_OKAY)
- err = ecc_mulmod(&u1, mG, mG, &m, 0);
+ err = wc_ecc_mulmod(&u1, mG, mG, &m, 0);
if (err == MP_OKAY)
- err = ecc_mulmod(&u2, mQ, mQ, &m, 0);
-
+ err = wc_ecc_mulmod(&u2, mQ, mQ, &m, 0);
+
/* find the montgomery mp */
if (err == MP_OKAY)
err = mp_montgomery_setup(&m, &mp);
@@ -2185,7 +2399,7 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
/* add them */
if (err == MP_OKAY)
err = ecc_projective_add_point(mQ, mG, mG, &m, &mp);
-
+
/* reduce */
if (err == MP_OKAY)
err = ecc_map(mG, &m, &mp);
@@ -2194,7 +2408,7 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
/* use Shamir's trick to compute u1*mG + u2*mQ using half the doubles */
if (err == MP_OKAY)
err = ecc_mul2add(mG, &u1, mQ, &u2, mG, &m);
-#endif /* ECC_SHAMIR */
+#endif /* ECC_SHAMIR */
/* v = X_x1 mod n */
if (err == MP_OKAY)
@@ -2202,15 +2416,13 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
/* does v == r */
if (err == MP_OKAY) {
- if (mp_cmp(&v, &r) == MP_EQ)
+ if (mp_cmp(&v, r) == MP_EQ)
*stat = 1;
}
- ecc_del_point(mG);
- ecc_del_point(mQ);
+ wc_ecc_del_point(mG);
+ wc_ecc_del_point(mQ);
- mp_clear(&r);
- mp_clear(&s);
mp_clear(&v);
mp_clear(&w);
mp_clear(&u1);
@@ -2222,6 +2434,195 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
return err;
}
+/* import point from der */
+int wc_ecc_import_point_der(byte* in, word32 inLen, const int curve_idx,
+ ecc_point* point)
+{
+ int err = 0;
+ int compressed = 0;
+
+ if (in == NULL || point == NULL || (curve_idx < 0) ||
+ (wc_ecc_is_valid_idx(curve_idx) == 0))
+ return ECC_BAD_ARG_E;
+
+ /* must be odd */
+ if ((inLen & 1) == 0) {
+ return ECC_BAD_ARG_E;
+ }
+
+ /* init point */
+#ifdef ALT_ECC_SIZE
+ point->x = (mp_int*)&point->xyz[0];
+ point->y = (mp_int*)&point->xyz[1];
+ point->z = (mp_int*)&point->xyz[2];
+ alt_fp_init(point->x);
+ alt_fp_init(point->y);
+ alt_fp_init(point->z);
+#else
+ err = mp_init_multi(point->x, point->y, point->z, NULL, NULL, NULL);
+#endif
+ if (err != MP_OKAY)
+ return MEMORY_E;
+
+ /* check for 4, 2, or 3 */
+ if (in[0] != 0x04 && in[0] != 0x02 && in[0] != 0x03) {
+ err = ASN_PARSE_E;
+ }
+
+ if (in[0] == 0x02 || in[0] == 0x03) {
+#ifdef HAVE_COMP_KEY
+ compressed = 1;
+#else
+ err = NOT_COMPILED_IN;
+#endif
+ }
+
+ /* read data */
+ if (err == MP_OKAY)
+ err = mp_read_unsigned_bin(point->x, (byte*)in+1, (inLen-1)>>1);
+
+#ifdef HAVE_COMP_KEY
+ if (err == MP_OKAY && compressed == 1) { /* build y */
+ mp_int t1, t2, prime, a, b;
+
+ if (mp_init_multi(&t1, &t2, &prime, &a, &b, NULL) != MP_OKAY)
+ err = MEMORY_E;
+
+ /* load prime */
+ if (err == MP_OKAY)
+ err = mp_read_radix(&prime, (char *)ecc_sets[curve_idx].prime, 16);
+
+ /* load a */
+ if (err == MP_OKAY)
+ err = mp_read_radix(&a, (char *)ecc_sets[curve_idx].Af, 16);
+
+ /* load b */
+ if (err == MP_OKAY)
+ err = mp_read_radix(&b, (char *)ecc_sets[curve_idx].Bf, 16);
+
+ /* compute x^3 */
+ if (err == MP_OKAY)
+ err = mp_sqr(point->x, &t1);
+
+ if (err == MP_OKAY)
+ err = mp_mulmod(&t1, point->x, &prime, &t1);
+
+ /* compute x^3 + a*x */
+ if (err == MP_OKAY)
+ err = mp_mulmod(&a, point->x, &prime, &t2);
+
+ if (err == MP_OKAY)
+ err = mp_add(&t1, &t2, &t1);
+
+ /* compute x^3 + a*x + b */
+ if (err == MP_OKAY)
+ err = mp_add(&t1, &b, &t1);
+
+ /* compute sqrt(x^3 + a*x + b) */
+ if (err == MP_OKAY)
+ err = mp_sqrtmod_prime(&t1, &prime, &t2);
+
+ /* adjust y */
+ if (err == MP_OKAY) {
+ if ((mp_isodd(&t2) && in[0] == 0x03) ||
+ (!mp_isodd(&t2) && in[0] == 0x02)) {
+ err = mp_mod(&t2, &prime, point->y);
+ }
+ else {
+ err = mp_submod(&prime, &t2, &prime, point->y);
+ }
+ }
+
+ mp_clear(&a);
+ mp_clear(&b);
+ mp_clear(&prime);
+ mp_clear(&t2);
+ mp_clear(&t1);
+ }
+#endif
+
+ if (err == MP_OKAY && compressed == 0)
+ err = mp_read_unsigned_bin(point->y,
+ (byte*)in+1+((inLen-1)>>1), (inLen-1)>>1);
+ if (err == MP_OKAY)
+ mp_set(point->z, 1);
+
+ if (err != MP_OKAY) {
+ mp_clear(point->x);
+ mp_clear(point->y);
+ mp_clear(point->z);
+ }
+
+ return err;
+}
+
+/* export point to der */
+int wc_ecc_export_point_der(const int curve_idx, ecc_point* point, byte* out,
+ word32* outLen)
+{
+#ifdef WOLFSSL_SMALL_STACK
+ byte* buf;
+#else
+ byte buf[ECC_BUFSIZE];
+#endif
+ word32 numlen;
+ int ret = MP_OKAY;
+
+ if ((curve_idx < 0) || (wc_ecc_is_valid_idx(curve_idx) == 0))
+ return ECC_BAD_ARG_E;
+
+ /* return length needed only */
+ if (point != NULL && out == NULL && outLen != NULL) {
+ numlen = ecc_sets[curve_idx].size;
+ *outLen = 1 + 2*numlen;
+ return LENGTH_ONLY_E;
+ }
+
+ if (point == NULL || out == NULL || outLen == NULL)
+ return ECC_BAD_ARG_E;
+
+ numlen = ecc_sets[curve_idx].size;
+
+ if (*outLen < (1 + 2*numlen)) {
+ *outLen = 1 + 2*numlen;
+ return BUFFER_E;
+ }
+
+ /* store byte 0x04 */
+ out[0] = 0x04;
+
+#ifdef WOLFSSL_SMALL_STACK
+ buf = (byte*)XMALLOC(ECC_BUFSIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ if (buf == NULL)
+ return MEMORY_E;
+#endif
+
+ /* pad and store x */
+ XMEMSET(buf, 0, ECC_BUFSIZE);
+ ret = mp_to_unsigned_bin(point->x, buf +
+ (numlen - mp_unsigned_bin_size(point->x)));
+ if (ret != MP_OKAY)
+ goto done;
+ XMEMCPY(out+1, buf, numlen);
+
+ /* pad and store y */
+ XMEMSET(buf, 0, ECC_BUFSIZE);
+ ret = mp_to_unsigned_bin(point->y, buf +
+ (numlen - mp_unsigned_bin_size(point->y)));
+ if (ret != MP_OKAY)
+ goto done;
+ XMEMCPY(out+1+numlen, buf, numlen);
+
+ *outLen = 1 + 2*numlen;
+
+done:
+#ifdef WOLFSSL_SMALL_STACK
+ XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
+ return ret;
+}
+
/* export public ECC key in ANSI X9.63 format */
int wc_ecc_export_x963(ecc_key* key, byte* out, word32* outLen)
@@ -2244,7 +2645,7 @@ int wc_ecc_export_x963(ecc_key* key, byte* out, word32* outLen)
if (key == NULL || out == NULL || outLen == NULL)
return ECC_BAD_ARG_E;
- if (ecc_is_valid_idx(key->idx) == 0) {
+ if (wc_ecc_is_valid_idx(key->idx) == 0) {
return ECC_BAD_ARG_E;
}
numlen = key->dp->size;
@@ -2263,26 +2664,25 @@ int wc_ecc_export_x963(ecc_key* key, byte* out, word32* outLen)
return MEMORY_E;
#endif
- do {
- /* pad and store x */
- XMEMSET(buf, 0, ECC_BUFSIZE);
- ret = mp_to_unsigned_bin(key->pubkey.x,
+ /* pad and store x */
+ XMEMSET(buf, 0, ECC_BUFSIZE);
+ ret = mp_to_unsigned_bin(key->pubkey.x,
buf + (numlen - mp_unsigned_bin_size(key->pubkey.x)));
- if (ret != MP_OKAY)
- break;
- XMEMCPY(out+1, buf, numlen);
+ if (ret != MP_OKAY)
+ goto done;
+ XMEMCPY(out+1, buf, numlen);
- /* pad and store y */
- XMEMSET(buf, 0, ECC_BUFSIZE);
- ret = mp_to_unsigned_bin(key->pubkey.y,
+ /* pad and store y */
+ XMEMSET(buf, 0, ECC_BUFSIZE);
+ ret = mp_to_unsigned_bin(key->pubkey.y,
buf + (numlen - mp_unsigned_bin_size(key->pubkey.y)));
- if (ret != MP_OKAY)
- break;
- XMEMCPY(out+1+numlen, buf, numlen);
+ if (ret != MP_OKAY)
+ goto done;
+ XMEMCPY(out+1+numlen, buf, numlen);
- *outLen = 1 + 2*numlen;
- } while (0);
+ *outLen = 1 + 2*numlen;
+done:
#ifdef WOLFSSL_SMALL_STACK
XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
@@ -2293,7 +2693,8 @@ int wc_ecc_export_x963(ecc_key* key, byte* out, word32* outLen)
/* export public ECC key in ANSI X9.63 format, extended with
* compression option */
-int wc_ecc_export_x963_ex(ecc_key* key, byte* out, word32* outLen, int compressed)
+int wc_ecc_export_x963_ex(ecc_key* key, byte* out, word32* outLen,
+ int compressed)
{
if (compressed == 0)
return wc_ecc_export_x963(key, out, outLen);
@@ -2306,12 +2707,215 @@ int wc_ecc_export_x963_ex(ecc_key* key, byte* out, word32* outLen, int compresse
}
+/* is ec point on curve descriped by dp ? */
+static int ecc_is_point(const ecc_set_type* dp, ecc_point* ecp, mp_int* prime)
+{
+ mp_int b, t1, t2;
+ int err;
+
+ if ((err = mp_init_multi(&b, &t1, &t2, NULL, NULL, NULL)) != MP_OKAY) {
+ return err;
+ }
+
+ /* load b */
+ err = mp_read_radix(&b, dp->Bf, 16);
+
+ /* compute y^2 */
+ if (err == MP_OKAY)
+ err = mp_sqr(ecp->y, &t1);
+
+ /* compute x^3 */
+ if (err == MP_OKAY)
+ err = mp_sqr(ecp->x, &t2);
+ if (err == MP_OKAY)
+ err = mp_mod(&t2, prime, &t2);
+ if (err == MP_OKAY)
+ err = mp_mul(ecp->x, &t2, &t2);
+
+ /* compute y^2 - x^3 */
+ if (err == MP_OKAY)
+ err = mp_sub(&t1, &t2, &t1);
+
+ /* compute y^2 - x^3 + 3x */
+ if (err == MP_OKAY)
+ err = mp_add(&t1, ecp->x, &t1);
+ if (err == MP_OKAY)
+ err = mp_add(&t1, ecp->x, &t1);
+ if (err == MP_OKAY)
+ err = mp_add(&t1, ecp->x, &t1);
+ if (err == MP_OKAY)
+ err = mp_mod(&t1, prime, &t1);
+
+ while (err == MP_OKAY && mp_cmp_d(&t1, 0) == MP_LT) {
+ err = mp_add(&t1, prime, &t1);
+ }
+ while (err == MP_OKAY && mp_cmp(&t1, prime) != MP_LT) {
+ err = mp_sub(&t1, prime, &t1);
+ }
+
+ /* compare to b */
+ if (err == MP_OKAY) {
+ if (mp_cmp(&t1, &b) != MP_EQ) {
+ err = MP_VAL;
+ } else {
+ err = MP_OKAY;
+ }
+ }
+
+ mp_clear(&b);
+ mp_clear(&t1);
+ mp_clear(&t2);
+
+ return err;
+}
+
+
+/* validate privkey * generator == pubkey, 0 on success */
+static int ecc_check_privkey_gen(ecc_key* key, mp_int* prime)
+{
+ ecc_point* base = NULL;
+ ecc_point* res = NULL;
+ int err;
+
+ if (key == NULL)
+ return BAD_FUNC_ARG;
+
+ base = wc_ecc_new_point();
+ if (base == NULL)
+ return MEMORY_E;
+
+ /* set up base generator */
+ err = mp_read_radix(base->x, (char*)key->dp->Gx, 16);
+ if (err == MP_OKAY)
+ err = mp_read_radix(base->y, (char*)key->dp->Gy, 16);
+ if (err == MP_OKAY)
+ mp_set(base->z, 1);
+
+ if (err == MP_OKAY) {
+ res = wc_ecc_new_point();
+ if (res == NULL)
+ err = MEMORY_E;
+ else {
+ err = wc_ecc_mulmod(&key->k, base, res, prime, 1);
+ if (err == MP_OKAY) {
+ /* compare result to public key */
+ if (mp_cmp(res->x, key->pubkey.x) != MP_EQ ||
+ mp_cmp(res->y, key->pubkey.y) != MP_EQ ||
+ mp_cmp(res->z, key->pubkey.z) != MP_EQ) {
+ /* didn't match */
+ err = ECC_PRIV_KEY_E;
+ }
+ }
+ }
+ }
+
+ wc_ecc_del_point(res);
+ wc_ecc_del_point(base);
+
+ return err;
+}
+
+
+#ifdef WOLFSSL_VALIDATE_ECC_IMPORT
+
+/* check privkey generator helper, creates prime needed */
+static int ecc_check_privkey_gen_helper(ecc_key* key)
+{
+ mp_int prime;
+ int err;
+
+ if (key == NULL)
+ return BAD_FUNC_ARG;
+
+ err = mp_init(&prime);
+ if (err != MP_OKAY)
+ return err;
+
+ err = mp_read_radix(&prime, (char*)key->dp->prime, 16);
+
+ if (err == MP_OKAY);
+ err = ecc_check_privkey_gen(key, &prime);
+
+ mp_clear(&prime);
+
+ return err;
+}
+
+#endif /* WOLFSSL_VALIDATE_ECC_IMPORT */
+
+
+/* validate order * pubkey = point at infinity, 0 on success */
+static int ecc_check_pubkey_order(ecc_key* key, mp_int* prime, mp_int* order)
+{
+ ecc_point* inf = NULL;
+ int err;
+
+ if (key == NULL)
+ return BAD_FUNC_ARG;
+
+ inf = wc_ecc_new_point();
+ if (inf == NULL)
+ err = MEMORY_E;
+ else {
+ err = wc_ecc_mulmod(order, &key->pubkey, inf, prime, 1);
+ if (err == MP_OKAY && !wc_ecc_point_is_at_infinity(inf))
+ err = ECC_INF_E;
+ }
+
+ wc_ecc_del_point(inf);
+
+ return err;
+}
+
+
+/* perform sanity checks on ec key validity, 0 on success */
+int wc_ecc_check_key(ecc_key* key)
+{
+ mp_int prime; /* used by multiple calls so let's cache */
+ mp_int order; /* other callers have, so let's gen here */
+ int err;
+
+ if (key == NULL)
+ return BAD_FUNC_ARG;
+
+ /* pubkey point cannot be at inifinity */
+ if (wc_ecc_point_is_at_infinity(&key->pubkey))
+ return ECC_INF_E;
+
+ err = mp_init_multi(&prime, &order, NULL, NULL, NULL, NULL);
+ if (err != MP_OKAY)
+ return err;
+
+ err = mp_read_radix(&prime, (char*)key->dp->prime, 16);
+
+ /* make sure point is actually on curve */
+ if (err == MP_OKAY)
+ err = ecc_is_point(key->dp, &key->pubkey, &prime);
+
+ if (err == MP_OKAY)
+ err = mp_read_radix(&order, (char*)key->dp->order, 16);
+
+ /* pubkey * order must be at infinity */
+ if (err == MP_OKAY)
+ err = ecc_check_pubkey_order(key, &prime, &order);
+
+ /* private * base generator must equal pubkey */
+ if (err == MP_OKAY && key->type == ECC_PRIVATEKEY)
+ err = ecc_check_privkey_gen(key, &prime);
+
+ mp_clear(&order);
+ mp_clear(&prime);
+
+ return err;
+}
+
+
/* import public ECC key in ANSI X9.63 format */
int wc_ecc_import_x963(const byte* in, word32 inLen, ecc_key* key)
{
int x, err;
int compressed = 0;
-
+
if (in == NULL || key == NULL)
return ECC_BAD_ARG_E;
@@ -2440,6 +3044,11 @@ int wc_ecc_import_x963(const byte* in, word32 inLen, ecc_key* key)
if (err == MP_OKAY)
mp_set(key->pubkey.z, 1);
+#ifdef WOLFSSL_VALIDATE_ECC_IMPORT
+ if (err == MP_OKAY)
+ err = wc_ecc_check_key(key);
+#endif
+
if (err != MP_OKAY) {
mp_clear(key->pubkey.x);
mp_clear(key->pubkey.y);
@@ -2451,7 +3060,7 @@ int wc_ecc_import_x963(const byte* in, word32 inLen, ecc_key* key)
}
-/* export ecc private key only raw, outLen is in/out size
+/* export ecc private key only raw, outLen is in/out size
return MP_OKAY on success */
int wc_ecc_export_private_only(ecc_key* key, byte* out, word32* outLen)
{
@@ -2460,7 +3069,7 @@ int wc_ecc_export_private_only(ecc_key* key, byte* out, word32* outLen)
if (key == NULL || out == NULL || outLen == NULL)
return ECC_BAD_ARG_E;
- if (ecc_is_valid_idx(key->idx) == 0) {
+ if (wc_ecc_is_valid_idx(key->idx) == 0) {
return ECC_BAD_ARG_E;
}
numlen = key->dp->size;
@@ -2469,7 +3078,7 @@ int wc_ecc_export_private_only(ecc_key* key, byte* out, word32* outLen)
*outLen = numlen;
return BUFFER_E;
}
- *outLen = numlen;
+ *outLen = numlen;
XMEMSET(out, 0, *outLen);
return mp_to_unsigned_bin(&key->k, out + (numlen -
mp_unsigned_bin_size(&key->k)));
@@ -2486,7 +3095,14 @@ int wc_ecc_import_private_key(const byte* priv, word32 privSz, const byte* pub,
key->type = ECC_PRIVATEKEY;
- return mp_read_unsigned_bin(&key->k, priv, privSz);
+ ret = mp_read_unsigned_bin(&key->k, priv, privSz);
+
+#ifdef WOLFSSL_VALIDATE_ECC_IMPORT
+ if (ret == MP_OKAY)
+ ret = ecc_check_privkey_gen_helper(key);
+#endif
+
+ return ret;
}
/**
@@ -2598,6 +3214,11 @@ int wc_ecc_import_raw(ecc_key* key, const char* qx, const char* qy,
err = mp_read_radix(&key->k, d, 16);
}
+#ifdef WOLFSSL_VALIDATE_ECC_IMPORT
+ if (err == MP_OKAY)
+ err = wc_ecc_check_key(key);
+#endif
+
if (err != MP_OKAY) {
mp_clear(key->pubkey.x);
mp_clear(key->pubkey.y);
@@ -2618,12 +3239,12 @@ int wc_ecc_size(ecc_key* key)
}
-/* worst case estimate, check actual return from wc_ecc_sign_hash for actual value
- of signature size in octets */
+/* worst case estimate, check actual return from wc_ecc_sign_hash for actual
+ value of signature size in octets */
int wc_ecc_sig_size(ecc_key* key)
{
int sz = wc_ecc_size(key);
- if (sz < 0)
+ if (sz <= 0)
return sz;
return sz * 2 + SIG_HEADER_SZ + 4; /* (4) worst case estimate */
@@ -2658,7 +3279,7 @@ int wc_ecc_sig_size(ecc_key* key)
/** Our FP cache */
typedef struct {
ecc_point* g; /* cached COPY of base point */
- ecc_point* LUT[1U< 6
- { 1, 0, 0 }, { 2, 1, 64 }, { 2, 2, 64 }, { 3, 3, 64 }, { 2, 4, 64 }, { 3, 5, 64 }, { 3, 6, 64 }, { 4, 7, 64 },
- { 2, 8, 64 }, { 3, 9, 64 }, { 3, 10, 64 }, { 4, 11, 64 }, { 3, 12, 64 }, { 4, 13, 64 }, { 4, 14, 64 }, { 5, 15, 64 },
- { 2, 16, 64 }, { 3, 17, 64 }, { 3, 18, 64 }, { 4, 19, 64 }, { 3, 20, 64 }, { 4, 21, 64 }, { 4, 22, 64 }, { 5, 23, 64 },
- { 3, 24, 64 }, { 4, 25, 64 }, { 4, 26, 64 }, { 5, 27, 64 }, { 4, 28, 64 }, { 5, 29, 64 }, { 5, 30, 64 }, { 6, 31, 64 },
- { 2, 32, 64 }, { 3, 33, 64 }, { 3, 34, 64 }, { 4, 35, 64 }, { 3, 36, 64 }, { 4, 37, 64 }, { 4, 38, 64 }, { 5, 39, 64 },
- { 3, 40, 64 }, { 4, 41, 64 }, { 4, 42, 64 }, { 5, 43, 64 }, { 4, 44, 64 }, { 5, 45, 64 }, { 5, 46, 64 }, { 6, 47, 64 },
- { 3, 48, 64 }, { 4, 49, 64 }, { 4, 50, 64 }, { 5, 51, 64 }, { 4, 52, 64 }, { 5, 53, 64 }, { 5, 54, 64 }, { 6, 55, 64 },
- { 4, 56, 64 }, { 5, 57, 64 }, { 5, 58, 64 }, { 6, 59, 64 }, { 5, 60, 64 }, { 6, 61, 64 }, { 6, 62, 64 }, { 7, 63, 64 },
+ { 1, 0, 0 }, { 2, 1, 64 }, { 2, 2, 64 }, { 3, 3, 64 }, { 2, 4, 64 }, { 3, 5, 64 }, { 3, 6, 64 }, { 4, 7, 64 },
+ { 2, 8, 64 }, { 3, 9, 64 }, { 3, 10, 64 }, { 4, 11, 64 }, { 3, 12, 64 }, { 4, 13, 64 }, { 4, 14, 64 }, { 5, 15, 64 },
+ { 2, 16, 64 }, { 3, 17, 64 }, { 3, 18, 64 }, { 4, 19, 64 }, { 3, 20, 64 }, { 4, 21, 64 }, { 4, 22, 64 }, { 5, 23, 64 },
+ { 3, 24, 64 }, { 4, 25, 64 }, { 4, 26, 64 }, { 5, 27, 64 }, { 4, 28, 64 }, { 5, 29, 64 }, { 5, 30, 64 }, { 6, 31, 64 },
+ { 2, 32, 64 }, { 3, 33, 64 }, { 3, 34, 64 }, { 4, 35, 64 }, { 3, 36, 64 }, { 4, 37, 64 }, { 4, 38, 64 }, { 5, 39, 64 },
+ { 3, 40, 64 }, { 4, 41, 64 }, { 4, 42, 64 }, { 5, 43, 64 }, { 4, 44, 64 }, { 5, 45, 64 }, { 5, 46, 64 }, { 6, 47, 64 },
+ { 3, 48, 64 }, { 4, 49, 64 }, { 4, 50, 64 }, { 5, 51, 64 }, { 4, 52, 64 }, { 5, 53, 64 }, { 5, 54, 64 }, { 6, 55, 64 },
+ { 4, 56, 64 }, { 5, 57, 64 }, { 5, 58, 64 }, { 6, 59, 64 }, { 5, 60, 64 }, { 6, 61, 64 }, { 6, 62, 64 }, { 7, 63, 64 },
#if FP_LUT > 7
- { 1, 0, 0 }, { 2, 1, 128 }, { 2, 2, 128 }, { 3, 3, 128 }, { 2, 4, 128 }, { 3, 5, 128 }, { 3, 6, 128 }, { 4, 7, 128 },
- { 2, 8, 128 }, { 3, 9, 128 }, { 3, 10, 128 }, { 4, 11, 128 }, { 3, 12, 128 }, { 4, 13, 128 }, { 4, 14, 128 }, { 5, 15, 128 },
- { 2, 16, 128 }, { 3, 17, 128 }, { 3, 18, 128 }, { 4, 19, 128 }, { 3, 20, 128 }, { 4, 21, 128 }, { 4, 22, 128 }, { 5, 23, 128 },
- { 3, 24, 128 }, { 4, 25, 128 }, { 4, 26, 128 }, { 5, 27, 128 }, { 4, 28, 128 }, { 5, 29, 128 }, { 5, 30, 128 }, { 6, 31, 128 },
- { 2, 32, 128 }, { 3, 33, 128 }, { 3, 34, 128 }, { 4, 35, 128 }, { 3, 36, 128 }, { 4, 37, 128 }, { 4, 38, 128 }, { 5, 39, 128 },
- { 3, 40, 128 }, { 4, 41, 128 }, { 4, 42, 128 }, { 5, 43, 128 }, { 4, 44, 128 }, { 5, 45, 128 }, { 5, 46, 128 }, { 6, 47, 128 },
- { 3, 48, 128 }, { 4, 49, 128 }, { 4, 50, 128 }, { 5, 51, 128 }, { 4, 52, 128 }, { 5, 53, 128 }, { 5, 54, 128 }, { 6, 55, 128 },
- { 4, 56, 128 }, { 5, 57, 128 }, { 5, 58, 128 }, { 6, 59, 128 }, { 5, 60, 128 }, { 6, 61, 128 }, { 6, 62, 128 }, { 7, 63, 128 },
- { 2, 64, 128 }, { 3, 65, 128 }, { 3, 66, 128 }, { 4, 67, 128 }, { 3, 68, 128 }, { 4, 69, 128 }, { 4, 70, 128 }, { 5, 71, 128 },
- { 3, 72, 128 }, { 4, 73, 128 }, { 4, 74, 128 }, { 5, 75, 128 }, { 4, 76, 128 }, { 5, 77, 128 }, { 5, 78, 128 }, { 6, 79, 128 },
- { 3, 80, 128 }, { 4, 81, 128 }, { 4, 82, 128 }, { 5, 83, 128 }, { 4, 84, 128 }, { 5, 85, 128 }, { 5, 86, 128 }, { 6, 87, 128 },
- { 4, 88, 128 }, { 5, 89, 128 }, { 5, 90, 128 }, { 6, 91, 128 }, { 5, 92, 128 }, { 6, 93, 128 }, { 6, 94, 128 }, { 7, 95, 128 },
- { 3, 96, 128 }, { 4, 97, 128 }, { 4, 98, 128 }, { 5, 99, 128 }, { 4, 100, 128 }, { 5, 101, 128 }, { 5, 102, 128 }, { 6, 103, 128 },
- { 4, 104, 128 }, { 5, 105, 128 }, { 5, 106, 128 }, { 6, 107, 128 }, { 5, 108, 128 }, { 6, 109, 128 }, { 6, 110, 128 }, { 7, 111, 128 },
- { 4, 112, 128 }, { 5, 113, 128 }, { 5, 114, 128 }, { 6, 115, 128 }, { 5, 116, 128 }, { 6, 117, 128 }, { 6, 118, 128 }, { 7, 119, 128 },
- { 5, 120, 128 }, { 6, 121, 128 }, { 6, 122, 128 }, { 7, 123, 128 }, { 6, 124, 128 }, { 7, 125, 128 }, { 7, 126, 128 }, { 8, 127, 128 },
+ { 1, 0, 0 }, { 2, 1, 128 }, { 2, 2, 128 }, { 3, 3, 128 }, { 2, 4, 128 }, { 3, 5, 128 }, { 3, 6, 128 }, { 4, 7, 128 },
+ { 2, 8, 128 }, { 3, 9, 128 }, { 3, 10, 128 }, { 4, 11, 128 }, { 3, 12, 128 }, { 4, 13, 128 }, { 4, 14, 128 }, { 5, 15, 128 },
+ { 2, 16, 128 }, { 3, 17, 128 }, { 3, 18, 128 }, { 4, 19, 128 }, { 3, 20, 128 }, { 4, 21, 128 }, { 4, 22, 128 }, { 5, 23, 128 },
+ { 3, 24, 128 }, { 4, 25, 128 }, { 4, 26, 128 }, { 5, 27, 128 }, { 4, 28, 128 }, { 5, 29, 128 }, { 5, 30, 128 }, { 6, 31, 128 },
+ { 2, 32, 128 }, { 3, 33, 128 }, { 3, 34, 128 }, { 4, 35, 128 }, { 3, 36, 128 }, { 4, 37, 128 }, { 4, 38, 128 }, { 5, 39, 128 },
+ { 3, 40, 128 }, { 4, 41, 128 }, { 4, 42, 128 }, { 5, 43, 128 }, { 4, 44, 128 }, { 5, 45, 128 }, { 5, 46, 128 }, { 6, 47, 128 },
+ { 3, 48, 128 }, { 4, 49, 128 }, { 4, 50, 128 }, { 5, 51, 128 }, { 4, 52, 128 }, { 5, 53, 128 }, { 5, 54, 128 }, { 6, 55, 128 },
+ { 4, 56, 128 }, { 5, 57, 128 }, { 5, 58, 128 }, { 6, 59, 128 }, { 5, 60, 128 }, { 6, 61, 128 }, { 6, 62, 128 }, { 7, 63, 128 },
+ { 2, 64, 128 }, { 3, 65, 128 }, { 3, 66, 128 }, { 4, 67, 128 }, { 3, 68, 128 }, { 4, 69, 128 }, { 4, 70, 128 }, { 5, 71, 128 },
+ { 3, 72, 128 }, { 4, 73, 128 }, { 4, 74, 128 }, { 5, 75, 128 }, { 4, 76, 128 }, { 5, 77, 128 }, { 5, 78, 128 }, { 6, 79, 128 },
+ { 3, 80, 128 }, { 4, 81, 128 }, { 4, 82, 128 }, { 5, 83, 128 }, { 4, 84, 128 }, { 5, 85, 128 }, { 5, 86, 128 }, { 6, 87, 128 },
+ { 4, 88, 128 }, { 5, 89, 128 }, { 5, 90, 128 }, { 6, 91, 128 }, { 5, 92, 128 }, { 6, 93, 128 }, { 6, 94, 128 }, { 7, 95, 128 },
+ { 3, 96, 128 }, { 4, 97, 128 }, { 4, 98, 128 }, { 5, 99, 128 }, { 4, 100, 128 }, { 5, 101, 128 }, { 5, 102, 128 }, { 6, 103, 128 },
+ { 4, 104, 128 }, { 5, 105, 128 }, { 5, 106, 128 }, { 6, 107, 128 }, { 5, 108, 128 }, { 6, 109, 128 }, { 6, 110, 128 }, { 7, 111, 128 },
+ { 4, 112, 128 }, { 5, 113, 128 }, { 5, 114, 128 }, { 6, 115, 128 }, { 5, 116, 128 }, { 6, 117, 128 }, { 6, 118, 128 }, { 7, 119, 128 },
+ { 5, 120, 128 }, { 6, 121, 128 }, { 6, 122, 128 }, { 7, 123, 128 }, { 6, 124, 128 }, { 7, 125, 128 }, { 7, 126, 128 }, { 8, 127, 128 },
#if FP_LUT > 8
- { 1, 0, 0 }, { 2, 1, 256 }, { 2, 2, 256 }, { 3, 3, 256 }, { 2, 4, 256 }, { 3, 5, 256 }, { 3, 6, 256 }, { 4, 7, 256 },
- { 2, 8, 256 }, { 3, 9, 256 }, { 3, 10, 256 }, { 4, 11, 256 }, { 3, 12, 256 }, { 4, 13, 256 }, { 4, 14, 256 }, { 5, 15, 256 },
- { 2, 16, 256 }, { 3, 17, 256 }, { 3, 18, 256 }, { 4, 19, 256 }, { 3, 20, 256 }, { 4, 21, 256 }, { 4, 22, 256 }, { 5, 23, 256 },
- { 3, 24, 256 }, { 4, 25, 256 }, { 4, 26, 256 }, { 5, 27, 256 }, { 4, 28, 256 }, { 5, 29, 256 }, { 5, 30, 256 }, { 6, 31, 256 },
- { 2, 32, 256 }, { 3, 33, 256 }, { 3, 34, 256 }, { 4, 35, 256 }, { 3, 36, 256 }, { 4, 37, 256 }, { 4, 38, 256 }, { 5, 39, 256 },
- { 3, 40, 256 }, { 4, 41, 256 }, { 4, 42, 256 }, { 5, 43, 256 }, { 4, 44, 256 }, { 5, 45, 256 }, { 5, 46, 256 }, { 6, 47, 256 },
- { 3, 48, 256 }, { 4, 49, 256 }, { 4, 50, 256 }, { 5, 51, 256 }, { 4, 52, 256 }, { 5, 53, 256 }, { 5, 54, 256 }, { 6, 55, 256 },
- { 4, 56, 256 }, { 5, 57, 256 }, { 5, 58, 256 }, { 6, 59, 256 }, { 5, 60, 256 }, { 6, 61, 256 }, { 6, 62, 256 }, { 7, 63, 256 },
- { 2, 64, 256 }, { 3, 65, 256 }, { 3, 66, 256 }, { 4, 67, 256 }, { 3, 68, 256 }, { 4, 69, 256 }, { 4, 70, 256 }, { 5, 71, 256 },
- { 3, 72, 256 }, { 4, 73, 256 }, { 4, 74, 256 }, { 5, 75, 256 }, { 4, 76, 256 }, { 5, 77, 256 }, { 5, 78, 256 }, { 6, 79, 256 },
- { 3, 80, 256 }, { 4, 81, 256 }, { 4, 82, 256 }, { 5, 83, 256 }, { 4, 84, 256 }, { 5, 85, 256 }, { 5, 86, 256 }, { 6, 87, 256 },
- { 4, 88, 256 }, { 5, 89, 256 }, { 5, 90, 256 }, { 6, 91, 256 }, { 5, 92, 256 }, { 6, 93, 256 }, { 6, 94, 256 }, { 7, 95, 256 },
- { 3, 96, 256 }, { 4, 97, 256 }, { 4, 98, 256 }, { 5, 99, 256 }, { 4, 100, 256 }, { 5, 101, 256 }, { 5, 102, 256 }, { 6, 103, 256 },
- { 4, 104, 256 }, { 5, 105, 256 }, { 5, 106, 256 }, { 6, 107, 256 }, { 5, 108, 256 }, { 6, 109, 256 }, { 6, 110, 256 }, { 7, 111, 256 },
- { 4, 112, 256 }, { 5, 113, 256 }, { 5, 114, 256 }, { 6, 115, 256 }, { 5, 116, 256 }, { 6, 117, 256 }, { 6, 118, 256 }, { 7, 119, 256 },
- { 5, 120, 256 }, { 6, 121, 256 }, { 6, 122, 256 }, { 7, 123, 256 }, { 6, 124, 256 }, { 7, 125, 256 }, { 7, 126, 256 }, { 8, 127, 256 },
- { 2, 128, 256 }, { 3, 129, 256 }, { 3, 130, 256 }, { 4, 131, 256 }, { 3, 132, 256 }, { 4, 133, 256 }, { 4, 134, 256 }, { 5, 135, 256 },
- { 3, 136, 256 }, { 4, 137, 256 }, { 4, 138, 256 }, { 5, 139, 256 }, { 4, 140, 256 }, { 5, 141, 256 }, { 5, 142, 256 }, { 6, 143, 256 },
- { 3, 144, 256 }, { 4, 145, 256 }, { 4, 146, 256 }, { 5, 147, 256 }, { 4, 148, 256 }, { 5, 149, 256 }, { 5, 150, 256 }, { 6, 151, 256 },
- { 4, 152, 256 }, { 5, 153, 256 }, { 5, 154, 256 }, { 6, 155, 256 }, { 5, 156, 256 }, { 6, 157, 256 }, { 6, 158, 256 }, { 7, 159, 256 },
- { 3, 160, 256 }, { 4, 161, 256 }, { 4, 162, 256 }, { 5, 163, 256 }, { 4, 164, 256 }, { 5, 165, 256 }, { 5, 166, 256 }, { 6, 167, 256 },
- { 4, 168, 256 }, { 5, 169, 256 }, { 5, 170, 256 }, { 6, 171, 256 }, { 5, 172, 256 }, { 6, 173, 256 }, { 6, 174, 256 }, { 7, 175, 256 },
- { 4, 176, 256 }, { 5, 177, 256 }, { 5, 178, 256 }, { 6, 179, 256 }, { 5, 180, 256 }, { 6, 181, 256 }, { 6, 182, 256 }, { 7, 183, 256 },
- { 5, 184, 256 }, { 6, 185, 256 }, { 6, 186, 256 }, { 7, 187, 256 }, { 6, 188, 256 }, { 7, 189, 256 }, { 7, 190, 256 }, { 8, 191, 256 },
- { 3, 192, 256 }, { 4, 193, 256 }, { 4, 194, 256 }, { 5, 195, 256 }, { 4, 196, 256 }, { 5, 197, 256 }, { 5, 198, 256 }, { 6, 199, 256 },
- { 4, 200, 256 }, { 5, 201, 256 }, { 5, 202, 256 }, { 6, 203, 256 }, { 5, 204, 256 }, { 6, 205, 256 }, { 6, 206, 256 }, { 7, 207, 256 },
- { 4, 208, 256 }, { 5, 209, 256 }, { 5, 210, 256 }, { 6, 211, 256 }, { 5, 212, 256 }, { 6, 213, 256 }, { 6, 214, 256 }, { 7, 215, 256 },
- { 5, 216, 256 }, { 6, 217, 256 }, { 6, 218, 256 }, { 7, 219, 256 }, { 6, 220, 256 }, { 7, 221, 256 }, { 7, 222, 256 }, { 8, 223, 256 },
- { 4, 224, 256 }, { 5, 225, 256 }, { 5, 226, 256 }, { 6, 227, 256 }, { 5, 228, 256 }, { 6, 229, 256 }, { 6, 230, 256 }, { 7, 231, 256 },
- { 5, 232, 256 }, { 6, 233, 256 }, { 6, 234, 256 }, { 7, 235, 256 }, { 6, 236, 256 }, { 7, 237, 256 }, { 7, 238, 256 }, { 8, 239, 256 },
- { 5, 240, 256 }, { 6, 241, 256 }, { 6, 242, 256 }, { 7, 243, 256 }, { 6, 244, 256 }, { 7, 245, 256 }, { 7, 246, 256 }, { 8, 247, 256 },
- { 6, 248, 256 }, { 7, 249, 256 }, { 7, 250, 256 }, { 8, 251, 256 }, { 7, 252, 256 }, { 8, 253, 256 }, { 8, 254, 256 }, { 9, 255, 256 },
+ { 1, 0, 0 }, { 2, 1, 256 }, { 2, 2, 256 }, { 3, 3, 256 }, { 2, 4, 256 }, { 3, 5, 256 }, { 3, 6, 256 }, { 4, 7, 256 },
+ { 2, 8, 256 }, { 3, 9, 256 }, { 3, 10, 256 }, { 4, 11, 256 }, { 3, 12, 256 }, { 4, 13, 256 }, { 4, 14, 256 }, { 5, 15, 256 },
+ { 2, 16, 256 }, { 3, 17, 256 }, { 3, 18, 256 }, { 4, 19, 256 }, { 3, 20, 256 }, { 4, 21, 256 }, { 4, 22, 256 }, { 5, 23, 256 },
+ { 3, 24, 256 }, { 4, 25, 256 }, { 4, 26, 256 }, { 5, 27, 256 }, { 4, 28, 256 }, { 5, 29, 256 }, { 5, 30, 256 }, { 6, 31, 256 },
+ { 2, 32, 256 }, { 3, 33, 256 }, { 3, 34, 256 }, { 4, 35, 256 }, { 3, 36, 256 }, { 4, 37, 256 }, { 4, 38, 256 }, { 5, 39, 256 },
+ { 3, 40, 256 }, { 4, 41, 256 }, { 4, 42, 256 }, { 5, 43, 256 }, { 4, 44, 256 }, { 5, 45, 256 }, { 5, 46, 256 }, { 6, 47, 256 },
+ { 3, 48, 256 }, { 4, 49, 256 }, { 4, 50, 256 }, { 5, 51, 256 }, { 4, 52, 256 }, { 5, 53, 256 }, { 5, 54, 256 }, { 6, 55, 256 },
+ { 4, 56, 256 }, { 5, 57, 256 }, { 5, 58, 256 }, { 6, 59, 256 }, { 5, 60, 256 }, { 6, 61, 256 }, { 6, 62, 256 }, { 7, 63, 256 },
+ { 2, 64, 256 }, { 3, 65, 256 }, { 3, 66, 256 }, { 4, 67, 256 }, { 3, 68, 256 }, { 4, 69, 256 }, { 4, 70, 256 }, { 5, 71, 256 },
+ { 3, 72, 256 }, { 4, 73, 256 }, { 4, 74, 256 }, { 5, 75, 256 }, { 4, 76, 256 }, { 5, 77, 256 }, { 5, 78, 256 }, { 6, 79, 256 },
+ { 3, 80, 256 }, { 4, 81, 256 }, { 4, 82, 256 }, { 5, 83, 256 }, { 4, 84, 256 }, { 5, 85, 256 }, { 5, 86, 256 }, { 6, 87, 256 },
+ { 4, 88, 256 }, { 5, 89, 256 }, { 5, 90, 256 }, { 6, 91, 256 }, { 5, 92, 256 }, { 6, 93, 256 }, { 6, 94, 256 }, { 7, 95, 256 },
+ { 3, 96, 256 }, { 4, 97, 256 }, { 4, 98, 256 }, { 5, 99, 256 }, { 4, 100, 256 }, { 5, 101, 256 }, { 5, 102, 256 }, { 6, 103, 256 },
+ { 4, 104, 256 }, { 5, 105, 256 }, { 5, 106, 256 }, { 6, 107, 256 }, { 5, 108, 256 }, { 6, 109, 256 }, { 6, 110, 256 }, { 7, 111, 256 },
+ { 4, 112, 256 }, { 5, 113, 256 }, { 5, 114, 256 }, { 6, 115, 256 }, { 5, 116, 256 }, { 6, 117, 256 }, { 6, 118, 256 }, { 7, 119, 256 },
+ { 5, 120, 256 }, { 6, 121, 256 }, { 6, 122, 256 }, { 7, 123, 256 }, { 6, 124, 256 }, { 7, 125, 256 }, { 7, 126, 256 }, { 8, 127, 256 },
+ { 2, 128, 256 }, { 3, 129, 256 }, { 3, 130, 256 }, { 4, 131, 256 }, { 3, 132, 256 }, { 4, 133, 256 }, { 4, 134, 256 }, { 5, 135, 256 },
+ { 3, 136, 256 }, { 4, 137, 256 }, { 4, 138, 256 }, { 5, 139, 256 }, { 4, 140, 256 }, { 5, 141, 256 }, { 5, 142, 256 }, { 6, 143, 256 },
+ { 3, 144, 256 }, { 4, 145, 256 }, { 4, 146, 256 }, { 5, 147, 256 }, { 4, 148, 256 }, { 5, 149, 256 }, { 5, 150, 256 }, { 6, 151, 256 },
+ { 4, 152, 256 }, { 5, 153, 256 }, { 5, 154, 256 }, { 6, 155, 256 }, { 5, 156, 256 }, { 6, 157, 256 }, { 6, 158, 256 }, { 7, 159, 256 },
+ { 3, 160, 256 }, { 4, 161, 256 }, { 4, 162, 256 }, { 5, 163, 256 }, { 4, 164, 256 }, { 5, 165, 256 }, { 5, 166, 256 }, { 6, 167, 256 },
+ { 4, 168, 256 }, { 5, 169, 256 }, { 5, 170, 256 }, { 6, 171, 256 }, { 5, 172, 256 }, { 6, 173, 256 }, { 6, 174, 256 }, { 7, 175, 256 },
+ { 4, 176, 256 }, { 5, 177, 256 }, { 5, 178, 256 }, { 6, 179, 256 }, { 5, 180, 256 }, { 6, 181, 256 }, { 6, 182, 256 }, { 7, 183, 256 },
+ { 5, 184, 256 }, { 6, 185, 256 }, { 6, 186, 256 }, { 7, 187, 256 }, { 6, 188, 256 }, { 7, 189, 256 }, { 7, 190, 256 }, { 8, 191, 256 },
+ { 3, 192, 256 }, { 4, 193, 256 }, { 4, 194, 256 }, { 5, 195, 256 }, { 4, 196, 256 }, { 5, 197, 256 }, { 5, 198, 256 }, { 6, 199, 256 },
+ { 4, 200, 256 }, { 5, 201, 256 }, { 5, 202, 256 }, { 6, 203, 256 }, { 5, 204, 256 }, { 6, 205, 256 }, { 6, 206, 256 }, { 7, 207, 256 },
+ { 4, 208, 256 }, { 5, 209, 256 }, { 5, 210, 256 }, { 6, 211, 256 }, { 5, 212, 256 }, { 6, 213, 256 }, { 6, 214, 256 }, { 7, 215, 256 },
+ { 5, 216, 256 }, { 6, 217, 256 }, { 6, 218, 256 }, { 7, 219, 256 }, { 6, 220, 256 }, { 7, 221, 256 }, { 7, 222, 256 }, { 8, 223, 256 },
+ { 4, 224, 256 }, { 5, 225, 256 }, { 5, 226, 256 }, { 6, 227, 256 }, { 5, 228, 256 }, { 6, 229, 256 }, { 6, 230, 256 }, { 7, 231, 256 },
+ { 5, 232, 256 }, { 6, 233, 256 }, { 6, 234, 256 }, { 7, 235, 256 }, { 6, 236, 256 }, { 7, 237, 256 }, { 7, 238, 256 }, { 8, 239, 256 },
+ { 5, 240, 256 }, { 6, 241, 256 }, { 6, 242, 256 }, { 7, 243, 256 }, { 6, 244, 256 }, { 7, 245, 256 }, { 7, 246, 256 }, { 8, 247, 256 },
+ { 6, 248, 256 }, { 7, 249, 256 }, { 7, 250, 256 }, { 8, 251, 256 }, { 7, 252, 256 }, { 8, 253, 256 }, { 8, 254, 256 }, { 9, 255, 256 },
#if FP_LUT > 9
- { 1, 0, 0 }, { 2, 1, 512 }, { 2, 2, 512 }, { 3, 3, 512 }, { 2, 4, 512 }, { 3, 5, 512 }, { 3, 6, 512 }, { 4, 7, 512 },
- { 2, 8, 512 }, { 3, 9, 512 }, { 3, 10, 512 }, { 4, 11, 512 }, { 3, 12, 512 }, { 4, 13, 512 }, { 4, 14, 512 }, { 5, 15, 512 },
- { 2, 16, 512 }, { 3, 17, 512 }, { 3, 18, 512 }, { 4, 19, 512 }, { 3, 20, 512 }, { 4, 21, 512 }, { 4, 22, 512 }, { 5, 23, 512 },
- { 3, 24, 512 }, { 4, 25, 512 }, { 4, 26, 512 }, { 5, 27, 512 }, { 4, 28, 512 }, { 5, 29, 512 }, { 5, 30, 512 }, { 6, 31, 512 },
- { 2, 32, 512 }, { 3, 33, 512 }, { 3, 34, 512 }, { 4, 35, 512 }, { 3, 36, 512 }, { 4, 37, 512 }, { 4, 38, 512 }, { 5, 39, 512 },
- { 3, 40, 512 }, { 4, 41, 512 }, { 4, 42, 512 }, { 5, 43, 512 }, { 4, 44, 512 }, { 5, 45, 512 }, { 5, 46, 512 }, { 6, 47, 512 },
- { 3, 48, 512 }, { 4, 49, 512 }, { 4, 50, 512 }, { 5, 51, 512 }, { 4, 52, 512 }, { 5, 53, 512 }, { 5, 54, 512 }, { 6, 55, 512 },
- { 4, 56, 512 }, { 5, 57, 512 }, { 5, 58, 512 }, { 6, 59, 512 }, { 5, 60, 512 }, { 6, 61, 512 }, { 6, 62, 512 }, { 7, 63, 512 },
- { 2, 64, 512 }, { 3, 65, 512 }, { 3, 66, 512 }, { 4, 67, 512 }, { 3, 68, 512 }, { 4, 69, 512 }, { 4, 70, 512 }, { 5, 71, 512 },
- { 3, 72, 512 }, { 4, 73, 512 }, { 4, 74, 512 }, { 5, 75, 512 }, { 4, 76, 512 }, { 5, 77, 512 }, { 5, 78, 512 }, { 6, 79, 512 },
- { 3, 80, 512 }, { 4, 81, 512 }, { 4, 82, 512 }, { 5, 83, 512 }, { 4, 84, 512 }, { 5, 85, 512 }, { 5, 86, 512 }, { 6, 87, 512 },
- { 4, 88, 512 }, { 5, 89, 512 }, { 5, 90, 512 }, { 6, 91, 512 }, { 5, 92, 512 }, { 6, 93, 512 }, { 6, 94, 512 }, { 7, 95, 512 },
- { 3, 96, 512 }, { 4, 97, 512 }, { 4, 98, 512 }, { 5, 99, 512 }, { 4, 100, 512 }, { 5, 101, 512 }, { 5, 102, 512 }, { 6, 103, 512 },
- { 4, 104, 512 }, { 5, 105, 512 }, { 5, 106, 512 }, { 6, 107, 512 }, { 5, 108, 512 }, { 6, 109, 512 }, { 6, 110, 512 }, { 7, 111, 512 },
- { 4, 112, 512 }, { 5, 113, 512 }, { 5, 114, 512 }, { 6, 115, 512 }, { 5, 116, 512 }, { 6, 117, 512 }, { 6, 118, 512 }, { 7, 119, 512 },
- { 5, 120, 512 }, { 6, 121, 512 }, { 6, 122, 512 }, { 7, 123, 512 }, { 6, 124, 512 }, { 7, 125, 512 }, { 7, 126, 512 }, { 8, 127, 512 },
- { 2, 128, 512 }, { 3, 129, 512 }, { 3, 130, 512 }, { 4, 131, 512 }, { 3, 132, 512 }, { 4, 133, 512 }, { 4, 134, 512 }, { 5, 135, 512 },
- { 3, 136, 512 }, { 4, 137, 512 }, { 4, 138, 512 }, { 5, 139, 512 }, { 4, 140, 512 }, { 5, 141, 512 }, { 5, 142, 512 }, { 6, 143, 512 },
- { 3, 144, 512 }, { 4, 145, 512 }, { 4, 146, 512 }, { 5, 147, 512 }, { 4, 148, 512 }, { 5, 149, 512 }, { 5, 150, 512 }, { 6, 151, 512 },
- { 4, 152, 512 }, { 5, 153, 512 }, { 5, 154, 512 }, { 6, 155, 512 }, { 5, 156, 512 }, { 6, 157, 512 }, { 6, 158, 512 }, { 7, 159, 512 },
- { 3, 160, 512 }, { 4, 161, 512 }, { 4, 162, 512 }, { 5, 163, 512 }, { 4, 164, 512 }, { 5, 165, 512 }, { 5, 166, 512 }, { 6, 167, 512 },
- { 4, 168, 512 }, { 5, 169, 512 }, { 5, 170, 512 }, { 6, 171, 512 }, { 5, 172, 512 }, { 6, 173, 512 }, { 6, 174, 512 }, { 7, 175, 512 },
- { 4, 176, 512 }, { 5, 177, 512 }, { 5, 178, 512 }, { 6, 179, 512 }, { 5, 180, 512 }, { 6, 181, 512 }, { 6, 182, 512 }, { 7, 183, 512 },
- { 5, 184, 512 }, { 6, 185, 512 }, { 6, 186, 512 }, { 7, 187, 512 }, { 6, 188, 512 }, { 7, 189, 512 }, { 7, 190, 512 }, { 8, 191, 512 },
- { 3, 192, 512 }, { 4, 193, 512 }, { 4, 194, 512 }, { 5, 195, 512 }, { 4, 196, 512 }, { 5, 197, 512 }, { 5, 198, 512 }, { 6, 199, 512 },
- { 4, 200, 512 }, { 5, 201, 512 }, { 5, 202, 512 }, { 6, 203, 512 }, { 5, 204, 512 }, { 6, 205, 512 }, { 6, 206, 512 }, { 7, 207, 512 },
- { 4, 208, 512 }, { 5, 209, 512 }, { 5, 210, 512 }, { 6, 211, 512 }, { 5, 212, 512 }, { 6, 213, 512 }, { 6, 214, 512 }, { 7, 215, 512 },
- { 5, 216, 512 }, { 6, 217, 512 }, { 6, 218, 512 }, { 7, 219, 512 }, { 6, 220, 512 }, { 7, 221, 512 }, { 7, 222, 512 }, { 8, 223, 512 },
- { 4, 224, 512 }, { 5, 225, 512 }, { 5, 226, 512 }, { 6, 227, 512 }, { 5, 228, 512 }, { 6, 229, 512 }, { 6, 230, 512 }, { 7, 231, 512 },
- { 5, 232, 512 }, { 6, 233, 512 }, { 6, 234, 512 }, { 7, 235, 512 }, { 6, 236, 512 }, { 7, 237, 512 }, { 7, 238, 512 }, { 8, 239, 512 },
- { 5, 240, 512 }, { 6, 241, 512 }, { 6, 242, 512 }, { 7, 243, 512 }, { 6, 244, 512 }, { 7, 245, 512 }, { 7, 246, 512 }, { 8, 247, 512 },
- { 6, 248, 512 }, { 7, 249, 512 }, { 7, 250, 512 }, { 8, 251, 512 }, { 7, 252, 512 }, { 8, 253, 512 }, { 8, 254, 512 }, { 9, 255, 512 },
- { 2, 256, 512 }, { 3, 257, 512 }, { 3, 258, 512 }, { 4, 259, 512 }, { 3, 260, 512 }, { 4, 261, 512 }, { 4, 262, 512 }, { 5, 263, 512 },
- { 3, 264, 512 }, { 4, 265, 512 }, { 4, 266, 512 }, { 5, 267, 512 }, { 4, 268, 512 }, { 5, 269, 512 }, { 5, 270, 512 }, { 6, 271, 512 },
- { 3, 272, 512 }, { 4, 273, 512 }, { 4, 274, 512 }, { 5, 275, 512 }, { 4, 276, 512 }, { 5, 277, 512 }, { 5, 278, 512 }, { 6, 279, 512 },
- { 4, 280, 512 }, { 5, 281, 512 }, { 5, 282, 512 }, { 6, 283, 512 }, { 5, 284, 512 }, { 6, 285, 512 }, { 6, 286, 512 }, { 7, 287, 512 },
- { 3, 288, 512 }, { 4, 289, 512 }, { 4, 290, 512 }, { 5, 291, 512 }, { 4, 292, 512 }, { 5, 293, 512 }, { 5, 294, 512 }, { 6, 295, 512 },
- { 4, 296, 512 }, { 5, 297, 512 }, { 5, 298, 512 }, { 6, 299, 512 }, { 5, 300, 512 }, { 6, 301, 512 }, { 6, 302, 512 }, { 7, 303, 512 },
- { 4, 304, 512 }, { 5, 305, 512 }, { 5, 306, 512 }, { 6, 307, 512 }, { 5, 308, 512 }, { 6, 309, 512 }, { 6, 310, 512 }, { 7, 311, 512 },
- { 5, 312, 512 }, { 6, 313, 512 }, { 6, 314, 512 }, { 7, 315, 512 }, { 6, 316, 512 }, { 7, 317, 512 }, { 7, 318, 512 }, { 8, 319, 512 },
- { 3, 320, 512 }, { 4, 321, 512 }, { 4, 322, 512 }, { 5, 323, 512 }, { 4, 324, 512 }, { 5, 325, 512 }, { 5, 326, 512 }, { 6, 327, 512 },
- { 4, 328, 512 }, { 5, 329, 512 }, { 5, 330, 512 }, { 6, 331, 512 }, { 5, 332, 512 }, { 6, 333, 512 }, { 6, 334, 512 }, { 7, 335, 512 },
- { 4, 336, 512 }, { 5, 337, 512 }, { 5, 338, 512 }, { 6, 339, 512 }, { 5, 340, 512 }, { 6, 341, 512 }, { 6, 342, 512 }, { 7, 343, 512 },
- { 5, 344, 512 }, { 6, 345, 512 }, { 6, 346, 512 }, { 7, 347, 512 }, { 6, 348, 512 }, { 7, 349, 512 }, { 7, 350, 512 }, { 8, 351, 512 },
- { 4, 352, 512 }, { 5, 353, 512 }, { 5, 354, 512 }, { 6, 355, 512 }, { 5, 356, 512 }, { 6, 357, 512 }, { 6, 358, 512 }, { 7, 359, 512 },
- { 5, 360, 512 }, { 6, 361, 512 }, { 6, 362, 512 }, { 7, 363, 512 }, { 6, 364, 512 }, { 7, 365, 512 }, { 7, 366, 512 }, { 8, 367, 512 },
- { 5, 368, 512 }, { 6, 369, 512 }, { 6, 370, 512 }, { 7, 371, 512 }, { 6, 372, 512 }, { 7, 373, 512 }, { 7, 374, 512 }, { 8, 375, 512 },
- { 6, 376, 512 }, { 7, 377, 512 }, { 7, 378, 512 }, { 8, 379, 512 }, { 7, 380, 512 }, { 8, 381, 512 }, { 8, 382, 512 }, { 9, 383, 512 },
- { 3, 384, 512 }, { 4, 385, 512 }, { 4, 386, 512 }, { 5, 387, 512 }, { 4, 388, 512 }, { 5, 389, 512 }, { 5, 390, 512 }, { 6, 391, 512 },
- { 4, 392, 512 }, { 5, 393, 512 }, { 5, 394, 512 }, { 6, 395, 512 }, { 5, 396, 512 }, { 6, 397, 512 }, { 6, 398, 512 }, { 7, 399, 512 },
- { 4, 400, 512 }, { 5, 401, 512 }, { 5, 402, 512 }, { 6, 403, 512 }, { 5, 404, 512 }, { 6, 405, 512 }, { 6, 406, 512 }, { 7, 407, 512 },
- { 5, 408, 512 }, { 6, 409, 512 }, { 6, 410, 512 }, { 7, 411, 512 }, { 6, 412, 512 }, { 7, 413, 512 }, { 7, 414, 512 }, { 8, 415, 512 },
- { 4, 416, 512 }, { 5, 417, 512 }, { 5, 418, 512 }, { 6, 419, 512 }, { 5, 420, 512 }, { 6, 421, 512 }, { 6, 422, 512 }, { 7, 423, 512 },
- { 5, 424, 512 }, { 6, 425, 512 }, { 6, 426, 512 }, { 7, 427, 512 }, { 6, 428, 512 }, { 7, 429, 512 }, { 7, 430, 512 }, { 8, 431, 512 },
- { 5, 432, 512 }, { 6, 433, 512 }, { 6, 434, 512 }, { 7, 435, 512 }, { 6, 436, 512 }, { 7, 437, 512 }, { 7, 438, 512 }, { 8, 439, 512 },
- { 6, 440, 512 }, { 7, 441, 512 }, { 7, 442, 512 }, { 8, 443, 512 }, { 7, 444, 512 }, { 8, 445, 512 }, { 8, 446, 512 }, { 9, 447, 512 },
- { 4, 448, 512 }, { 5, 449, 512 }, { 5, 450, 512 }, { 6, 451, 512 }, { 5, 452, 512 }, { 6, 453, 512 }, { 6, 454, 512 }, { 7, 455, 512 },
- { 5, 456, 512 }, { 6, 457, 512 }, { 6, 458, 512 }, { 7, 459, 512 }, { 6, 460, 512 }, { 7, 461, 512 }, { 7, 462, 512 }, { 8, 463, 512 },
- { 5, 464, 512 }, { 6, 465, 512 }, { 6, 466, 512 }, { 7, 467, 512 }, { 6, 468, 512 }, { 7, 469, 512 }, { 7, 470, 512 }, { 8, 471, 512 },
- { 6, 472, 512 }, { 7, 473, 512 }, { 7, 474, 512 }, { 8, 475, 512 }, { 7, 476, 512 }, { 8, 477, 512 }, { 8, 478, 512 }, { 9, 479, 512 },
- { 5, 480, 512 }, { 6, 481, 512 }, { 6, 482, 512 }, { 7, 483, 512 }, { 6, 484, 512 }, { 7, 485, 512 }, { 7, 486, 512 }, { 8, 487, 512 },
- { 6, 488, 512 }, { 7, 489, 512 }, { 7, 490, 512 }, { 8, 491, 512 }, { 7, 492, 512 }, { 8, 493, 512 }, { 8, 494, 512 }, { 9, 495, 512 },
- { 6, 496, 512 }, { 7, 497, 512 }, { 7, 498, 512 }, { 8, 499, 512 }, { 7, 500, 512 }, { 8, 501, 512 }, { 8, 502, 512 }, { 9, 503, 512 },
- { 7, 504, 512 }, { 8, 505, 512 }, { 8, 506, 512 }, { 9, 507, 512 }, { 8, 508, 512 }, { 9, 509, 512 }, { 9, 510, 512 }, { 10, 511, 512 },
+ { 1, 0, 0 }, { 2, 1, 512 }, { 2, 2, 512 }, { 3, 3, 512 }, { 2, 4, 512 }, { 3, 5, 512 }, { 3, 6, 512 }, { 4, 7, 512 },
+ { 2, 8, 512 }, { 3, 9, 512 }, { 3, 10, 512 }, { 4, 11, 512 }, { 3, 12, 512 }, { 4, 13, 512 }, { 4, 14, 512 }, { 5, 15, 512 },
+ { 2, 16, 512 }, { 3, 17, 512 }, { 3, 18, 512 }, { 4, 19, 512 }, { 3, 20, 512 }, { 4, 21, 512 }, { 4, 22, 512 }, { 5, 23, 512 },
+ { 3, 24, 512 }, { 4, 25, 512 }, { 4, 26, 512 }, { 5, 27, 512 }, { 4, 28, 512 }, { 5, 29, 512 }, { 5, 30, 512 }, { 6, 31, 512 },
+ { 2, 32, 512 }, { 3, 33, 512 }, { 3, 34, 512 }, { 4, 35, 512 }, { 3, 36, 512 }, { 4, 37, 512 }, { 4, 38, 512 }, { 5, 39, 512 },
+ { 3, 40, 512 }, { 4, 41, 512 }, { 4, 42, 512 }, { 5, 43, 512 }, { 4, 44, 512 }, { 5, 45, 512 }, { 5, 46, 512 }, { 6, 47, 512 },
+ { 3, 48, 512 }, { 4, 49, 512 }, { 4, 50, 512 }, { 5, 51, 512 }, { 4, 52, 512 }, { 5, 53, 512 }, { 5, 54, 512 }, { 6, 55, 512 },
+ { 4, 56, 512 }, { 5, 57, 512 }, { 5, 58, 512 }, { 6, 59, 512 }, { 5, 60, 512 }, { 6, 61, 512 }, { 6, 62, 512 }, { 7, 63, 512 },
+ { 2, 64, 512 }, { 3, 65, 512 }, { 3, 66, 512 }, { 4, 67, 512 }, { 3, 68, 512 }, { 4, 69, 512 }, { 4, 70, 512 }, { 5, 71, 512 },
+ { 3, 72, 512 }, { 4, 73, 512 }, { 4, 74, 512 }, { 5, 75, 512 }, { 4, 76, 512 }, { 5, 77, 512 }, { 5, 78, 512 }, { 6, 79, 512 },
+ { 3, 80, 512 }, { 4, 81, 512 }, { 4, 82, 512 }, { 5, 83, 512 }, { 4, 84, 512 }, { 5, 85, 512 }, { 5, 86, 512 }, { 6, 87, 512 },
+ { 4, 88, 512 }, { 5, 89, 512 }, { 5, 90, 512 }, { 6, 91, 512 }, { 5, 92, 512 }, { 6, 93, 512 }, { 6, 94, 512 }, { 7, 95, 512 },
+ { 3, 96, 512 }, { 4, 97, 512 }, { 4, 98, 512 }, { 5, 99, 512 }, { 4, 100, 512 }, { 5, 101, 512 }, { 5, 102, 512 }, { 6, 103, 512 },
+ { 4, 104, 512 }, { 5, 105, 512 }, { 5, 106, 512 }, { 6, 107, 512 }, { 5, 108, 512 }, { 6, 109, 512 }, { 6, 110, 512 }, { 7, 111, 512 },
+ { 4, 112, 512 }, { 5, 113, 512 }, { 5, 114, 512 }, { 6, 115, 512 }, { 5, 116, 512 }, { 6, 117, 512 }, { 6, 118, 512 }, { 7, 119, 512 },
+ { 5, 120, 512 }, { 6, 121, 512 }, { 6, 122, 512 }, { 7, 123, 512 }, { 6, 124, 512 }, { 7, 125, 512 }, { 7, 126, 512 }, { 8, 127, 512 },
+ { 2, 128, 512 }, { 3, 129, 512 }, { 3, 130, 512 }, { 4, 131, 512 }, { 3, 132, 512 }, { 4, 133, 512 }, { 4, 134, 512 }, { 5, 135, 512 },
+ { 3, 136, 512 }, { 4, 137, 512 }, { 4, 138, 512 }, { 5, 139, 512 }, { 4, 140, 512 }, { 5, 141, 512 }, { 5, 142, 512 }, { 6, 143, 512 },
+ { 3, 144, 512 }, { 4, 145, 512 }, { 4, 146, 512 }, { 5, 147, 512 }, { 4, 148, 512 }, { 5, 149, 512 }, { 5, 150, 512 }, { 6, 151, 512 },
+ { 4, 152, 512 }, { 5, 153, 512 }, { 5, 154, 512 }, { 6, 155, 512 }, { 5, 156, 512 }, { 6, 157, 512 }, { 6, 158, 512 }, { 7, 159, 512 },
+ { 3, 160, 512 }, { 4, 161, 512 }, { 4, 162, 512 }, { 5, 163, 512 }, { 4, 164, 512 }, { 5, 165, 512 }, { 5, 166, 512 }, { 6, 167, 512 },
+ { 4, 168, 512 }, { 5, 169, 512 }, { 5, 170, 512 }, { 6, 171, 512 }, { 5, 172, 512 }, { 6, 173, 512 }, { 6, 174, 512 }, { 7, 175, 512 },
+ { 4, 176, 512 }, { 5, 177, 512 }, { 5, 178, 512 }, { 6, 179, 512 }, { 5, 180, 512 }, { 6, 181, 512 }, { 6, 182, 512 }, { 7, 183, 512 },
+ { 5, 184, 512 }, { 6, 185, 512 }, { 6, 186, 512 }, { 7, 187, 512 }, { 6, 188, 512 }, { 7, 189, 512 }, { 7, 190, 512 }, { 8, 191, 512 },
+ { 3, 192, 512 }, { 4, 193, 512 }, { 4, 194, 512 }, { 5, 195, 512 }, { 4, 196, 512 }, { 5, 197, 512 }, { 5, 198, 512 }, { 6, 199, 512 },
+ { 4, 200, 512 }, { 5, 201, 512 }, { 5, 202, 512 }, { 6, 203, 512 }, { 5, 204, 512 }, { 6, 205, 512 }, { 6, 206, 512 }, { 7, 207, 512 },
+ { 4, 208, 512 }, { 5, 209, 512 }, { 5, 210, 512 }, { 6, 211, 512 }, { 5, 212, 512 }, { 6, 213, 512 }, { 6, 214, 512 }, { 7, 215, 512 },
+ { 5, 216, 512 }, { 6, 217, 512 }, { 6, 218, 512 }, { 7, 219, 512 }, { 6, 220, 512 }, { 7, 221, 512 }, { 7, 222, 512 }, { 8, 223, 512 },
+ { 4, 224, 512 }, { 5, 225, 512 }, { 5, 226, 512 }, { 6, 227, 512 }, { 5, 228, 512 }, { 6, 229, 512 }, { 6, 230, 512 }, { 7, 231, 512 },
+ { 5, 232, 512 }, { 6, 233, 512 }, { 6, 234, 512 }, { 7, 235, 512 }, { 6, 236, 512 }, { 7, 237, 512 }, { 7, 238, 512 }, { 8, 239, 512 },
+ { 5, 240, 512 }, { 6, 241, 512 }, { 6, 242, 512 }, { 7, 243, 512 }, { 6, 244, 512 }, { 7, 245, 512 }, { 7, 246, 512 }, { 8, 247, 512 },
+ { 6, 248, 512 }, { 7, 249, 512 }, { 7, 250, 512 }, { 8, 251, 512 }, { 7, 252, 512 }, { 8, 253, 512 }, { 8, 254, 512 }, { 9, 255, 512 },
+ { 2, 256, 512 }, { 3, 257, 512 }, { 3, 258, 512 }, { 4, 259, 512 }, { 3, 260, 512 }, { 4, 261, 512 }, { 4, 262, 512 }, { 5, 263, 512 },
+ { 3, 264, 512 }, { 4, 265, 512 }, { 4, 266, 512 }, { 5, 267, 512 }, { 4, 268, 512 }, { 5, 269, 512 }, { 5, 270, 512 }, { 6, 271, 512 },
+ { 3, 272, 512 }, { 4, 273, 512 }, { 4, 274, 512 }, { 5, 275, 512 }, { 4, 276, 512 }, { 5, 277, 512 }, { 5, 278, 512 }, { 6, 279, 512 },
+ { 4, 280, 512 }, { 5, 281, 512 }, { 5, 282, 512 }, { 6, 283, 512 }, { 5, 284, 512 }, { 6, 285, 512 }, { 6, 286, 512 }, { 7, 287, 512 },
+ { 3, 288, 512 }, { 4, 289, 512 }, { 4, 290, 512 }, { 5, 291, 512 }, { 4, 292, 512 }, { 5, 293, 512 }, { 5, 294, 512 }, { 6, 295, 512 },
+ { 4, 296, 512 }, { 5, 297, 512 }, { 5, 298, 512 }, { 6, 299, 512 }, { 5, 300, 512 }, { 6, 301, 512 }, { 6, 302, 512 }, { 7, 303, 512 },
+ { 4, 304, 512 }, { 5, 305, 512 }, { 5, 306, 512 }, { 6, 307, 512 }, { 5, 308, 512 }, { 6, 309, 512 }, { 6, 310, 512 }, { 7, 311, 512 },
+ { 5, 312, 512 }, { 6, 313, 512 }, { 6, 314, 512 }, { 7, 315, 512 }, { 6, 316, 512 }, { 7, 317, 512 }, { 7, 318, 512 }, { 8, 319, 512 },
+ { 3, 320, 512 }, { 4, 321, 512 }, { 4, 322, 512 }, { 5, 323, 512 }, { 4, 324, 512 }, { 5, 325, 512 }, { 5, 326, 512 }, { 6, 327, 512 },
+ { 4, 328, 512 }, { 5, 329, 512 }, { 5, 330, 512 }, { 6, 331, 512 }, { 5, 332, 512 }, { 6, 333, 512 }, { 6, 334, 512 }, { 7, 335, 512 },
+ { 4, 336, 512 }, { 5, 337, 512 }, { 5, 338, 512 }, { 6, 339, 512 }, { 5, 340, 512 }, { 6, 341, 512 }, { 6, 342, 512 }, { 7, 343, 512 },
+ { 5, 344, 512 }, { 6, 345, 512 }, { 6, 346, 512 }, { 7, 347, 512 }, { 6, 348, 512 }, { 7, 349, 512 }, { 7, 350, 512 }, { 8, 351, 512 },
+ { 4, 352, 512 }, { 5, 353, 512 }, { 5, 354, 512 }, { 6, 355, 512 }, { 5, 356, 512 }, { 6, 357, 512 }, { 6, 358, 512 }, { 7, 359, 512 },
+ { 5, 360, 512 }, { 6, 361, 512 }, { 6, 362, 512 }, { 7, 363, 512 }, { 6, 364, 512 }, { 7, 365, 512 }, { 7, 366, 512 }, { 8, 367, 512 },
+ { 5, 368, 512 }, { 6, 369, 512 }, { 6, 370, 512 }, { 7, 371, 512 }, { 6, 372, 512 }, { 7, 373, 512 }, { 7, 374, 512 }, { 8, 375, 512 },
+ { 6, 376, 512 }, { 7, 377, 512 }, { 7, 378, 512 }, { 8, 379, 512 }, { 7, 380, 512 }, { 8, 381, 512 }, { 8, 382, 512 }, { 9, 383, 512 },
+ { 3, 384, 512 }, { 4, 385, 512 }, { 4, 386, 512 }, { 5, 387, 512 }, { 4, 388, 512 }, { 5, 389, 512 }, { 5, 390, 512 }, { 6, 391, 512 },
+ { 4, 392, 512 }, { 5, 393, 512 }, { 5, 394, 512 }, { 6, 395, 512 }, { 5, 396, 512 }, { 6, 397, 512 }, { 6, 398, 512 }, { 7, 399, 512 },
+ { 4, 400, 512 }, { 5, 401, 512 }, { 5, 402, 512 }, { 6, 403, 512 }, { 5, 404, 512 }, { 6, 405, 512 }, { 6, 406, 512 }, { 7, 407, 512 },
+ { 5, 408, 512 }, { 6, 409, 512 }, { 6, 410, 512 }, { 7, 411, 512 }, { 6, 412, 512 }, { 7, 413, 512 }, { 7, 414, 512 }, { 8, 415, 512 },
+ { 4, 416, 512 }, { 5, 417, 512 }, { 5, 418, 512 }, { 6, 419, 512 }, { 5, 420, 512 }, { 6, 421, 512 }, { 6, 422, 512 }, { 7, 423, 512 },
+ { 5, 424, 512 }, { 6, 425, 512 }, { 6, 426, 512 }, { 7, 427, 512 }, { 6, 428, 512 }, { 7, 429, 512 }, { 7, 430, 512 }, { 8, 431, 512 },
+ { 5, 432, 512 }, { 6, 433, 512 }, { 6, 434, 512 }, { 7, 435, 512 }, { 6, 436, 512 }, { 7, 437, 512 }, { 7, 438, 512 }, { 8, 439, 512 },
+ { 6, 440, 512 }, { 7, 441, 512 }, { 7, 442, 512 }, { 8, 443, 512 }, { 7, 444, 512 }, { 8, 445, 512 }, { 8, 446, 512 }, { 9, 447, 512 },
+ { 4, 448, 512 }, { 5, 449, 512 }, { 5, 450, 512 }, { 6, 451, 512 }, { 5, 452, 512 }, { 6, 453, 512 }, { 6, 454, 512 }, { 7, 455, 512 },
+ { 5, 456, 512 }, { 6, 457, 512 }, { 6, 458, 512 }, { 7, 459, 512 }, { 6, 460, 512 }, { 7, 461, 512 }, { 7, 462, 512 }, { 8, 463, 512 },
+ { 5, 464, 512 }, { 6, 465, 512 }, { 6, 466, 512 }, { 7, 467, 512 }, { 6, 468, 512 }, { 7, 469, 512 }, { 7, 470, 512 }, { 8, 471, 512 },
+ { 6, 472, 512 }, { 7, 473, 512 }, { 7, 474, 512 }, { 8, 475, 512 }, { 7, 476, 512 }, { 8, 477, 512 }, { 8, 478, 512 }, { 9, 479, 512 },
+ { 5, 480, 512 }, { 6, 481, 512 }, { 6, 482, 512 }, { 7, 483, 512 }, { 6, 484, 512 }, { 7, 485, 512 }, { 7, 486, 512 }, { 8, 487, 512 },
+ { 6, 488, 512 }, { 7, 489, 512 }, { 7, 490, 512 }, { 8, 491, 512 }, { 7, 492, 512 }, { 8, 493, 512 }, { 8, 494, 512 }, { 9, 495, 512 },
+ { 6, 496, 512 }, { 7, 497, 512 }, { 7, 498, 512 }, { 8, 499, 512 }, { 7, 500, 512 }, { 8, 501, 512 }, { 8, 502, 512 }, { 9, 503, 512 },
+ { 7, 504, 512 }, { 8, 505, 512 }, { 8, 506, 512 }, { 9, 507, 512 }, { 8, 508, 512 }, { 9, 509, 512 }, { 9, 510, 512 }, { 10, 511, 512 },
#if FP_LUT > 10
- { 1, 0, 0 }, { 2, 1, 1024 }, { 2, 2, 1024 }, { 3, 3, 1024 }, { 2, 4, 1024 }, { 3, 5, 1024 }, { 3, 6, 1024 }, { 4, 7, 1024 },
- { 2, 8, 1024 }, { 3, 9, 1024 }, { 3, 10, 1024 }, { 4, 11, 1024 }, { 3, 12, 1024 }, { 4, 13, 1024 }, { 4, 14, 1024 }, { 5, 15, 1024 },
- { 2, 16, 1024 }, { 3, 17, 1024 }, { 3, 18, 1024 }, { 4, 19, 1024 }, { 3, 20, 1024 }, { 4, 21, 1024 }, { 4, 22, 1024 }, { 5, 23, 1024 },
- { 3, 24, 1024 }, { 4, 25, 1024 }, { 4, 26, 1024 }, { 5, 27, 1024 }, { 4, 28, 1024 }, { 5, 29, 1024 }, { 5, 30, 1024 }, { 6, 31, 1024 },
- { 2, 32, 1024 }, { 3, 33, 1024 }, { 3, 34, 1024 }, { 4, 35, 1024 }, { 3, 36, 1024 }, { 4, 37, 1024 }, { 4, 38, 1024 }, { 5, 39, 1024 },
- { 3, 40, 1024 }, { 4, 41, 1024 }, { 4, 42, 1024 }, { 5, 43, 1024 }, { 4, 44, 1024 }, { 5, 45, 1024 }, { 5, 46, 1024 }, { 6, 47, 1024 },
- { 3, 48, 1024 }, { 4, 49, 1024 }, { 4, 50, 1024 }, { 5, 51, 1024 }, { 4, 52, 1024 }, { 5, 53, 1024 }, { 5, 54, 1024 }, { 6, 55, 1024 },
- { 4, 56, 1024 }, { 5, 57, 1024 }, { 5, 58, 1024 }, { 6, 59, 1024 }, { 5, 60, 1024 }, { 6, 61, 1024 }, { 6, 62, 1024 }, { 7, 63, 1024 },
- { 2, 64, 1024 }, { 3, 65, 1024 }, { 3, 66, 1024 }, { 4, 67, 1024 }, { 3, 68, 1024 }, { 4, 69, 1024 }, { 4, 70, 1024 }, { 5, 71, 1024 },
- { 3, 72, 1024 }, { 4, 73, 1024 }, { 4, 74, 1024 }, { 5, 75, 1024 }, { 4, 76, 1024 }, { 5, 77, 1024 }, { 5, 78, 1024 }, { 6, 79, 1024 },
- { 3, 80, 1024 }, { 4, 81, 1024 }, { 4, 82, 1024 }, { 5, 83, 1024 }, { 4, 84, 1024 }, { 5, 85, 1024 }, { 5, 86, 1024 }, { 6, 87, 1024 },
- { 4, 88, 1024 }, { 5, 89, 1024 }, { 5, 90, 1024 }, { 6, 91, 1024 }, { 5, 92, 1024 }, { 6, 93, 1024 }, { 6, 94, 1024 }, { 7, 95, 1024 },
- { 3, 96, 1024 }, { 4, 97, 1024 }, { 4, 98, 1024 }, { 5, 99, 1024 }, { 4, 100, 1024 }, { 5, 101, 1024 }, { 5, 102, 1024 }, { 6, 103, 1024 },
- { 4, 104, 1024 }, { 5, 105, 1024 }, { 5, 106, 1024 }, { 6, 107, 1024 }, { 5, 108, 1024 }, { 6, 109, 1024 }, { 6, 110, 1024 }, { 7, 111, 1024 },
- { 4, 112, 1024 }, { 5, 113, 1024 }, { 5, 114, 1024 }, { 6, 115, 1024 }, { 5, 116, 1024 }, { 6, 117, 1024 }, { 6, 118, 1024 }, { 7, 119, 1024 },
- { 5, 120, 1024 }, { 6, 121, 1024 }, { 6, 122, 1024 }, { 7, 123, 1024 }, { 6, 124, 1024 }, { 7, 125, 1024 }, { 7, 126, 1024 }, { 8, 127, 1024 },
- { 2, 128, 1024 }, { 3, 129, 1024 }, { 3, 130, 1024 }, { 4, 131, 1024 }, { 3, 132, 1024 }, { 4, 133, 1024 }, { 4, 134, 1024 }, { 5, 135, 1024 },
- { 3, 136, 1024 }, { 4, 137, 1024 }, { 4, 138, 1024 }, { 5, 139, 1024 }, { 4, 140, 1024 }, { 5, 141, 1024 }, { 5, 142, 1024 }, { 6, 143, 1024 },
- { 3, 144, 1024 }, { 4, 145, 1024 }, { 4, 146, 1024 }, { 5, 147, 1024 }, { 4, 148, 1024 }, { 5, 149, 1024 }, { 5, 150, 1024 }, { 6, 151, 1024 },
- { 4, 152, 1024 }, { 5, 153, 1024 }, { 5, 154, 1024 }, { 6, 155, 1024 }, { 5, 156, 1024 }, { 6, 157, 1024 }, { 6, 158, 1024 }, { 7, 159, 1024 },
- { 3, 160, 1024 }, { 4, 161, 1024 }, { 4, 162, 1024 }, { 5, 163, 1024 }, { 4, 164, 1024 }, { 5, 165, 1024 }, { 5, 166, 1024 }, { 6, 167, 1024 },
- { 4, 168, 1024 }, { 5, 169, 1024 }, { 5, 170, 1024 }, { 6, 171, 1024 }, { 5, 172, 1024 }, { 6, 173, 1024 }, { 6, 174, 1024 }, { 7, 175, 1024 },
- { 4, 176, 1024 }, { 5, 177, 1024 }, { 5, 178, 1024 }, { 6, 179, 1024 }, { 5, 180, 1024 }, { 6, 181, 1024 }, { 6, 182, 1024 }, { 7, 183, 1024 },
- { 5, 184, 1024 }, { 6, 185, 1024 }, { 6, 186, 1024 }, { 7, 187, 1024 }, { 6, 188, 1024 }, { 7, 189, 1024 }, { 7, 190, 1024 }, { 8, 191, 1024 },
- { 3, 192, 1024 }, { 4, 193, 1024 }, { 4, 194, 1024 }, { 5, 195, 1024 }, { 4, 196, 1024 }, { 5, 197, 1024 }, { 5, 198, 1024 }, { 6, 199, 1024 },
- { 4, 200, 1024 }, { 5, 201, 1024 }, { 5, 202, 1024 }, { 6, 203, 1024 }, { 5, 204, 1024 }, { 6, 205, 1024 }, { 6, 206, 1024 }, { 7, 207, 1024 },
- { 4, 208, 1024 }, { 5, 209, 1024 }, { 5, 210, 1024 }, { 6, 211, 1024 }, { 5, 212, 1024 }, { 6, 213, 1024 }, { 6, 214, 1024 }, { 7, 215, 1024 },
- { 5, 216, 1024 }, { 6, 217, 1024 }, { 6, 218, 1024 }, { 7, 219, 1024 }, { 6, 220, 1024 }, { 7, 221, 1024 }, { 7, 222, 1024 }, { 8, 223, 1024 },
- { 4, 224, 1024 }, { 5, 225, 1024 }, { 5, 226, 1024 }, { 6, 227, 1024 }, { 5, 228, 1024 }, { 6, 229, 1024 }, { 6, 230, 1024 }, { 7, 231, 1024 },
- { 5, 232, 1024 }, { 6, 233, 1024 }, { 6, 234, 1024 }, { 7, 235, 1024 }, { 6, 236, 1024 }, { 7, 237, 1024 }, { 7, 238, 1024 }, { 8, 239, 1024 },
- { 5, 240, 1024 }, { 6, 241, 1024 }, { 6, 242, 1024 }, { 7, 243, 1024 }, { 6, 244, 1024 }, { 7, 245, 1024 }, { 7, 246, 1024 }, { 8, 247, 1024 },
- { 6, 248, 1024 }, { 7, 249, 1024 }, { 7, 250, 1024 }, { 8, 251, 1024 }, { 7, 252, 1024 }, { 8, 253, 1024 }, { 8, 254, 1024 }, { 9, 255, 1024 },
- { 2, 256, 1024 }, { 3, 257, 1024 }, { 3, 258, 1024 }, { 4, 259, 1024 }, { 3, 260, 1024 }, { 4, 261, 1024 }, { 4, 262, 1024 }, { 5, 263, 1024 },
- { 3, 264, 1024 }, { 4, 265, 1024 }, { 4, 266, 1024 }, { 5, 267, 1024 }, { 4, 268, 1024 }, { 5, 269, 1024 }, { 5, 270, 1024 }, { 6, 271, 1024 },
- { 3, 272, 1024 }, { 4, 273, 1024 }, { 4, 274, 1024 }, { 5, 275, 1024 }, { 4, 276, 1024 }, { 5, 277, 1024 }, { 5, 278, 1024 }, { 6, 279, 1024 },
- { 4, 280, 1024 }, { 5, 281, 1024 }, { 5, 282, 1024 }, { 6, 283, 1024 }, { 5, 284, 1024 }, { 6, 285, 1024 }, { 6, 286, 1024 }, { 7, 287, 1024 },
- { 3, 288, 1024 }, { 4, 289, 1024 }, { 4, 290, 1024 }, { 5, 291, 1024 }, { 4, 292, 1024 }, { 5, 293, 1024 }, { 5, 294, 1024 }, { 6, 295, 1024 },
- { 4, 296, 1024 }, { 5, 297, 1024 }, { 5, 298, 1024 }, { 6, 299, 1024 }, { 5, 300, 1024 }, { 6, 301, 1024 }, { 6, 302, 1024 }, { 7, 303, 1024 },
- { 4, 304, 1024 }, { 5, 305, 1024 }, { 5, 306, 1024 }, { 6, 307, 1024 }, { 5, 308, 1024 }, { 6, 309, 1024 }, { 6, 310, 1024 }, { 7, 311, 1024 },
- { 5, 312, 1024 }, { 6, 313, 1024 }, { 6, 314, 1024 }, { 7, 315, 1024 }, { 6, 316, 1024 }, { 7, 317, 1024 }, { 7, 318, 1024 }, { 8, 319, 1024 },
- { 3, 320, 1024 }, { 4, 321, 1024 }, { 4, 322, 1024 }, { 5, 323, 1024 }, { 4, 324, 1024 }, { 5, 325, 1024 }, { 5, 326, 1024 }, { 6, 327, 1024 },
- { 4, 328, 1024 }, { 5, 329, 1024 }, { 5, 330, 1024 }, { 6, 331, 1024 }, { 5, 332, 1024 }, { 6, 333, 1024 }, { 6, 334, 1024 }, { 7, 335, 1024 },
- { 4, 336, 1024 }, { 5, 337, 1024 }, { 5, 338, 1024 }, { 6, 339, 1024 }, { 5, 340, 1024 }, { 6, 341, 1024 }, { 6, 342, 1024 }, { 7, 343, 1024 },
- { 5, 344, 1024 }, { 6, 345, 1024 }, { 6, 346, 1024 }, { 7, 347, 1024 }, { 6, 348, 1024 }, { 7, 349, 1024 }, { 7, 350, 1024 }, { 8, 351, 1024 },
- { 4, 352, 1024 }, { 5, 353, 1024 }, { 5, 354, 1024 }, { 6, 355, 1024 }, { 5, 356, 1024 }, { 6, 357, 1024 }, { 6, 358, 1024 }, { 7, 359, 1024 },
- { 5, 360, 1024 }, { 6, 361, 1024 }, { 6, 362, 1024 }, { 7, 363, 1024 }, { 6, 364, 1024 }, { 7, 365, 1024 }, { 7, 366, 1024 }, { 8, 367, 1024 },
- { 5, 368, 1024 }, { 6, 369, 1024 }, { 6, 370, 1024 }, { 7, 371, 1024 }, { 6, 372, 1024 }, { 7, 373, 1024 }, { 7, 374, 1024 }, { 8, 375, 1024 },
- { 6, 376, 1024 }, { 7, 377, 1024 }, { 7, 378, 1024 }, { 8, 379, 1024 }, { 7, 380, 1024 }, { 8, 381, 1024 }, { 8, 382, 1024 }, { 9, 383, 1024 },
- { 3, 384, 1024 }, { 4, 385, 1024 }, { 4, 386, 1024 }, { 5, 387, 1024 }, { 4, 388, 1024 }, { 5, 389, 1024 }, { 5, 390, 1024 }, { 6, 391, 1024 },
- { 4, 392, 1024 }, { 5, 393, 1024 }, { 5, 394, 1024 }, { 6, 395, 1024 }, { 5, 396, 1024 }, { 6, 397, 1024 }, { 6, 398, 1024 }, { 7, 399, 1024 },
- { 4, 400, 1024 }, { 5, 401, 1024 }, { 5, 402, 1024 }, { 6, 403, 1024 }, { 5, 404, 1024 }, { 6, 405, 1024 }, { 6, 406, 1024 }, { 7, 407, 1024 },
- { 5, 408, 1024 }, { 6, 409, 1024 }, { 6, 410, 1024 }, { 7, 411, 1024 }, { 6, 412, 1024 }, { 7, 413, 1024 }, { 7, 414, 1024 }, { 8, 415, 1024 },
- { 4, 416, 1024 }, { 5, 417, 1024 }, { 5, 418, 1024 }, { 6, 419, 1024 }, { 5, 420, 1024 }, { 6, 421, 1024 }, { 6, 422, 1024 }, { 7, 423, 1024 },
- { 5, 424, 1024 }, { 6, 425, 1024 }, { 6, 426, 1024 }, { 7, 427, 1024 }, { 6, 428, 1024 }, { 7, 429, 1024 }, { 7, 430, 1024 }, { 8, 431, 1024 },
- { 5, 432, 1024 }, { 6, 433, 1024 }, { 6, 434, 1024 }, { 7, 435, 1024 }, { 6, 436, 1024 }, { 7, 437, 1024 }, { 7, 438, 1024 }, { 8, 439, 1024 },
- { 6, 440, 1024 }, { 7, 441, 1024 }, { 7, 442, 1024 }, { 8, 443, 1024 }, { 7, 444, 1024 }, { 8, 445, 1024 }, { 8, 446, 1024 }, { 9, 447, 1024 },
- { 4, 448, 1024 }, { 5, 449, 1024 }, { 5, 450, 1024 }, { 6, 451, 1024 }, { 5, 452, 1024 }, { 6, 453, 1024 }, { 6, 454, 1024 }, { 7, 455, 1024 },
- { 5, 456, 1024 }, { 6, 457, 1024 }, { 6, 458, 1024 }, { 7, 459, 1024 }, { 6, 460, 1024 }, { 7, 461, 1024 }, { 7, 462, 1024 }, { 8, 463, 1024 },
- { 5, 464, 1024 }, { 6, 465, 1024 }, { 6, 466, 1024 }, { 7, 467, 1024 }, { 6, 468, 1024 }, { 7, 469, 1024 }, { 7, 470, 1024 }, { 8, 471, 1024 },
- { 6, 472, 1024 }, { 7, 473, 1024 }, { 7, 474, 1024 }, { 8, 475, 1024 }, { 7, 476, 1024 }, { 8, 477, 1024 }, { 8, 478, 1024 }, { 9, 479, 1024 },
- { 5, 480, 1024 }, { 6, 481, 1024 }, { 6, 482, 1024 }, { 7, 483, 1024 }, { 6, 484, 1024 }, { 7, 485, 1024 }, { 7, 486, 1024 }, { 8, 487, 1024 },
- { 6, 488, 1024 }, { 7, 489, 1024 }, { 7, 490, 1024 }, { 8, 491, 1024 }, { 7, 492, 1024 }, { 8, 493, 1024 }, { 8, 494, 1024 }, { 9, 495, 1024 },
- { 6, 496, 1024 }, { 7, 497, 1024 }, { 7, 498, 1024 }, { 8, 499, 1024 }, { 7, 500, 1024 }, { 8, 501, 1024 }, { 8, 502, 1024 }, { 9, 503, 1024 },
- { 7, 504, 1024 }, { 8, 505, 1024 }, { 8, 506, 1024 }, { 9, 507, 1024 }, { 8, 508, 1024 }, { 9, 509, 1024 }, { 9, 510, 1024 }, { 10, 511, 1024 },
- { 2, 512, 1024 }, { 3, 513, 1024 }, { 3, 514, 1024 }, { 4, 515, 1024 }, { 3, 516, 1024 }, { 4, 517, 1024 }, { 4, 518, 1024 }, { 5, 519, 1024 },
- { 3, 520, 1024 }, { 4, 521, 1024 }, { 4, 522, 1024 }, { 5, 523, 1024 }, { 4, 524, 1024 }, { 5, 525, 1024 }, { 5, 526, 1024 }, { 6, 527, 1024 },
- { 3, 528, 1024 }, { 4, 529, 1024 }, { 4, 530, 1024 }, { 5, 531, 1024 }, { 4, 532, 1024 }, { 5, 533, 1024 }, { 5, 534, 1024 }, { 6, 535, 1024 },
- { 4, 536, 1024 }, { 5, 537, 1024 }, { 5, 538, 1024 }, { 6, 539, 1024 }, { 5, 540, 1024 }, { 6, 541, 1024 }, { 6, 542, 1024 }, { 7, 543, 1024 },
- { 3, 544, 1024 }, { 4, 545, 1024 }, { 4, 546, 1024 }, { 5, 547, 1024 }, { 4, 548, 1024 }, { 5, 549, 1024 }, { 5, 550, 1024 }, { 6, 551, 1024 },
- { 4, 552, 1024 }, { 5, 553, 1024 }, { 5, 554, 1024 }, { 6, 555, 1024 }, { 5, 556, 1024 }, { 6, 557, 1024 }, { 6, 558, 1024 }, { 7, 559, 1024 },
- { 4, 560, 1024 }, { 5, 561, 1024 }, { 5, 562, 1024 }, { 6, 563, 1024 }, { 5, 564, 1024 }, { 6, 565, 1024 }, { 6, 566, 1024 }, { 7, 567, 1024 },
- { 5, 568, 1024 }, { 6, 569, 1024 }, { 6, 570, 1024 }, { 7, 571, 1024 }, { 6, 572, 1024 }, { 7, 573, 1024 }, { 7, 574, 1024 }, { 8, 575, 1024 },
- { 3, 576, 1024 }, { 4, 577, 1024 }, { 4, 578, 1024 }, { 5, 579, 1024 }, { 4, 580, 1024 }, { 5, 581, 1024 }, { 5, 582, 1024 }, { 6, 583, 1024 },
- { 4, 584, 1024 }, { 5, 585, 1024 }, { 5, 586, 1024 }, { 6, 587, 1024 }, { 5, 588, 1024 }, { 6, 589, 1024 }, { 6, 590, 1024 }, { 7, 591, 1024 },
- { 4, 592, 1024 }, { 5, 593, 1024 }, { 5, 594, 1024 }, { 6, 595, 1024 }, { 5, 596, 1024 }, { 6, 597, 1024 }, { 6, 598, 1024 }, { 7, 599, 1024 },
- { 5, 600, 1024 }, { 6, 601, 1024 }, { 6, 602, 1024 }, { 7, 603, 1024 }, { 6, 604, 1024 }, { 7, 605, 1024 }, { 7, 606, 1024 }, { 8, 607, 1024 },
- { 4, 608, 1024 }, { 5, 609, 1024 }, { 5, 610, 1024 }, { 6, 611, 1024 }, { 5, 612, 1024 }, { 6, 613, 1024 }, { 6, 614, 1024 }, { 7, 615, 1024 },
- { 5, 616, 1024 }, { 6, 617, 1024 }, { 6, 618, 1024 }, { 7, 619, 1024 }, { 6, 620, 1024 }, { 7, 621, 1024 }, { 7, 622, 1024 }, { 8, 623, 1024 },
- { 5, 624, 1024 }, { 6, 625, 1024 }, { 6, 626, 1024 }, { 7, 627, 1024 }, { 6, 628, 1024 }, { 7, 629, 1024 }, { 7, 630, 1024 }, { 8, 631, 1024 },
- { 6, 632, 1024 }, { 7, 633, 1024 }, { 7, 634, 1024 }, { 8, 635, 1024 }, { 7, 636, 1024 }, { 8, 637, 1024 }, { 8, 638, 1024 }, { 9, 639, 1024 },
- { 3, 640, 1024 }, { 4, 641, 1024 }, { 4, 642, 1024 }, { 5, 643, 1024 }, { 4, 644, 1024 }, { 5, 645, 1024 }, { 5, 646, 1024 }, { 6, 647, 1024 },
- { 4, 648, 1024 }, { 5, 649, 1024 }, { 5, 650, 1024 }, { 6, 651, 1024 }, { 5, 652, 1024 }, { 6, 653, 1024 }, { 6, 654, 1024 }, { 7, 655, 1024 },
- { 4, 656, 1024 }, { 5, 657, 1024 }, { 5, 658, 1024 }, { 6, 659, 1024 }, { 5, 660, 1024 }, { 6, 661, 1024 }, { 6, 662, 1024 }, { 7, 663, 1024 },
- { 5, 664, 1024 }, { 6, 665, 1024 }, { 6, 666, 1024 }, { 7, 667, 1024 }, { 6, 668, 1024 }, { 7, 669, 1024 }, { 7, 670, 1024 }, { 8, 671, 1024 },
- { 4, 672, 1024 }, { 5, 673, 1024 }, { 5, 674, 1024 }, { 6, 675, 1024 }, { 5, 676, 1024 }, { 6, 677, 1024 }, { 6, 678, 1024 }, { 7, 679, 1024 },
- { 5, 680, 1024 }, { 6, 681, 1024 }, { 6, 682, 1024 }, { 7, 683, 1024 }, { 6, 684, 1024 }, { 7, 685, 1024 }, { 7, 686, 1024 }, { 8, 687, 1024 },
- { 5, 688, 1024 }, { 6, 689, 1024 }, { 6, 690, 1024 }, { 7, 691, 1024 }, { 6, 692, 1024 }, { 7, 693, 1024 }, { 7, 694, 1024 }, { 8, 695, 1024 },
- { 6, 696, 1024 }, { 7, 697, 1024 }, { 7, 698, 1024 }, { 8, 699, 1024 }, { 7, 700, 1024 }, { 8, 701, 1024 }, { 8, 702, 1024 }, { 9, 703, 1024 },
- { 4, 704, 1024 }, { 5, 705, 1024 }, { 5, 706, 1024 }, { 6, 707, 1024 }, { 5, 708, 1024 }, { 6, 709, 1024 }, { 6, 710, 1024 }, { 7, 711, 1024 },
- { 5, 712, 1024 }, { 6, 713, 1024 }, { 6, 714, 1024 }, { 7, 715, 1024 }, { 6, 716, 1024 }, { 7, 717, 1024 }, { 7, 718, 1024 }, { 8, 719, 1024 },
- { 5, 720, 1024 }, { 6, 721, 1024 }, { 6, 722, 1024 }, { 7, 723, 1024 }, { 6, 724, 1024 }, { 7, 725, 1024 }, { 7, 726, 1024 }, { 8, 727, 1024 },
- { 6, 728, 1024 }, { 7, 729, 1024 }, { 7, 730, 1024 }, { 8, 731, 1024 }, { 7, 732, 1024 }, { 8, 733, 1024 }, { 8, 734, 1024 }, { 9, 735, 1024 },
- { 5, 736, 1024 }, { 6, 737, 1024 }, { 6, 738, 1024 }, { 7, 739, 1024 }, { 6, 740, 1024 }, { 7, 741, 1024 }, { 7, 742, 1024 }, { 8, 743, 1024 },
- { 6, 744, 1024 }, { 7, 745, 1024 }, { 7, 746, 1024 }, { 8, 747, 1024 }, { 7, 748, 1024 }, { 8, 749, 1024 }, { 8, 750, 1024 }, { 9, 751, 1024 },
- { 6, 752, 1024 }, { 7, 753, 1024 }, { 7, 754, 1024 }, { 8, 755, 1024 }, { 7, 756, 1024 }, { 8, 757, 1024 }, { 8, 758, 1024 }, { 9, 759, 1024 },
- { 7, 760, 1024 }, { 8, 761, 1024 }, { 8, 762, 1024 }, { 9, 763, 1024 }, { 8, 764, 1024 }, { 9, 765, 1024 }, { 9, 766, 1024 }, { 10, 767, 1024 },
- { 3, 768, 1024 }, { 4, 769, 1024 }, { 4, 770, 1024 }, { 5, 771, 1024 }, { 4, 772, 1024 }, { 5, 773, 1024 }, { 5, 774, 1024 }, { 6, 775, 1024 },
- { 4, 776, 1024 }, { 5, 777, 1024 }, { 5, 778, 1024 }, { 6, 779, 1024 }, { 5, 780, 1024 }, { 6, 781, 1024 }, { 6, 782, 1024 }, { 7, 783, 1024 },
- { 4, 784, 1024 }, { 5, 785, 1024 }, { 5, 786, 1024 }, { 6, 787, 1024 }, { 5, 788, 1024 }, { 6, 789, 1024 }, { 6, 790, 1024 }, { 7, 791, 1024 },
- { 5, 792, 1024 }, { 6, 793, 1024 }, { 6, 794, 1024 }, { 7, 795, 1024 }, { 6, 796, 1024 }, { 7, 797, 1024 }, { 7, 798, 1024 }, { 8, 799, 1024 },
- { 4, 800, 1024 }, { 5, 801, 1024 }, { 5, 802, 1024 }, { 6, 803, 1024 }, { 5, 804, 1024 }, { 6, 805, 1024 }, { 6, 806, 1024 }, { 7, 807, 1024 },
- { 5, 808, 1024 }, { 6, 809, 1024 }, { 6, 810, 1024 }, { 7, 811, 1024 }, { 6, 812, 1024 }, { 7, 813, 1024 }, { 7, 814, 1024 }, { 8, 815, 1024 },
- { 5, 816, 1024 }, { 6, 817, 1024 }, { 6, 818, 1024 }, { 7, 819, 1024 }, { 6, 820, 1024 }, { 7, 821, 1024 }, { 7, 822, 1024 }, { 8, 823, 1024 },
- { 6, 824, 1024 }, { 7, 825, 1024 }, { 7, 826, 1024 }, { 8, 827, 1024 }, { 7, 828, 1024 }, { 8, 829, 1024 }, { 8, 830, 1024 }, { 9, 831, 1024 },
- { 4, 832, 1024 }, { 5, 833, 1024 }, { 5, 834, 1024 }, { 6, 835, 1024 }, { 5, 836, 1024 }, { 6, 837, 1024 }, { 6, 838, 1024 }, { 7, 839, 1024 },
- { 5, 840, 1024 }, { 6, 841, 1024 }, { 6, 842, 1024 }, { 7, 843, 1024 }, { 6, 844, 1024 }, { 7, 845, 1024 }, { 7, 846, 1024 }, { 8, 847, 1024 },
- { 5, 848, 1024 }, { 6, 849, 1024 }, { 6, 850, 1024 }, { 7, 851, 1024 }, { 6, 852, 1024 }, { 7, 853, 1024 }, { 7, 854, 1024 }, { 8, 855, 1024 },
- { 6, 856, 1024 }, { 7, 857, 1024 }, { 7, 858, 1024 }, { 8, 859, 1024 }, { 7, 860, 1024 }, { 8, 861, 1024 }, { 8, 862, 1024 }, { 9, 863, 1024 },
- { 5, 864, 1024 }, { 6, 865, 1024 }, { 6, 866, 1024 }, { 7, 867, 1024 }, { 6, 868, 1024 }, { 7, 869, 1024 }, { 7, 870, 1024 }, { 8, 871, 1024 },
- { 6, 872, 1024 }, { 7, 873, 1024 }, { 7, 874, 1024 }, { 8, 875, 1024 }, { 7, 876, 1024 }, { 8, 877, 1024 }, { 8, 878, 1024 }, { 9, 879, 1024 },
- { 6, 880, 1024 }, { 7, 881, 1024 }, { 7, 882, 1024 }, { 8, 883, 1024 }, { 7, 884, 1024 }, { 8, 885, 1024 }, { 8, 886, 1024 }, { 9, 887, 1024 },
- { 7, 888, 1024 }, { 8, 889, 1024 }, { 8, 890, 1024 }, { 9, 891, 1024 }, { 8, 892, 1024 }, { 9, 893, 1024 }, { 9, 894, 1024 }, { 10, 895, 1024 },
- { 4, 896, 1024 }, { 5, 897, 1024 }, { 5, 898, 1024 }, { 6, 899, 1024 }, { 5, 900, 1024 }, { 6, 901, 1024 }, { 6, 902, 1024 }, { 7, 903, 1024 },
- { 5, 904, 1024 }, { 6, 905, 1024 }, { 6, 906, 1024 }, { 7, 907, 1024 }, { 6, 908, 1024 }, { 7, 909, 1024 }, { 7, 910, 1024 }, { 8, 911, 1024 },
- { 5, 912, 1024 }, { 6, 913, 1024 }, { 6, 914, 1024 }, { 7, 915, 1024 }, { 6, 916, 1024 }, { 7, 917, 1024 }, { 7, 918, 1024 }, { 8, 919, 1024 },
- { 6, 920, 1024 }, { 7, 921, 1024 }, { 7, 922, 1024 }, { 8, 923, 1024 }, { 7, 924, 1024 }, { 8, 925, 1024 }, { 8, 926, 1024 }, { 9, 927, 1024 },
- { 5, 928, 1024 }, { 6, 929, 1024 }, { 6, 930, 1024 }, { 7, 931, 1024 }, { 6, 932, 1024 }, { 7, 933, 1024 }, { 7, 934, 1024 }, { 8, 935, 1024 },
- { 6, 936, 1024 }, { 7, 937, 1024 }, { 7, 938, 1024 }, { 8, 939, 1024 }, { 7, 940, 1024 }, { 8, 941, 1024 }, { 8, 942, 1024 }, { 9, 943, 1024 },
- { 6, 944, 1024 }, { 7, 945, 1024 }, { 7, 946, 1024 }, { 8, 947, 1024 }, { 7, 948, 1024 }, { 8, 949, 1024 }, { 8, 950, 1024 }, { 9, 951, 1024 },
- { 7, 952, 1024 }, { 8, 953, 1024 }, { 8, 954, 1024 }, { 9, 955, 1024 }, { 8, 956, 1024 }, { 9, 957, 1024 }, { 9, 958, 1024 }, { 10, 959, 1024 },
- { 5, 960, 1024 }, { 6, 961, 1024 }, { 6, 962, 1024 }, { 7, 963, 1024 }, { 6, 964, 1024 }, { 7, 965, 1024 }, { 7, 966, 1024 }, { 8, 967, 1024 },
- { 6, 968, 1024 }, { 7, 969, 1024 }, { 7, 970, 1024 }, { 8, 971, 1024 }, { 7, 972, 1024 }, { 8, 973, 1024 }, { 8, 974, 1024 }, { 9, 975, 1024 },
- { 6, 976, 1024 }, { 7, 977, 1024 }, { 7, 978, 1024 }, { 8, 979, 1024 }, { 7, 980, 1024 }, { 8, 981, 1024 }, { 8, 982, 1024 }, { 9, 983, 1024 },
- { 7, 984, 1024 }, { 8, 985, 1024 }, { 8, 986, 1024 }, { 9, 987, 1024 }, { 8, 988, 1024 }, { 9, 989, 1024 }, { 9, 990, 1024 }, { 10, 991, 1024 },
- { 6, 992, 1024 }, { 7, 993, 1024 }, { 7, 994, 1024 }, { 8, 995, 1024 }, { 7, 996, 1024 }, { 8, 997, 1024 }, { 8, 998, 1024 }, { 9, 999, 1024 },
- { 7, 1000, 1024 }, { 8, 1001, 1024 }, { 8, 1002, 1024 }, { 9, 1003, 1024 }, { 8, 1004, 1024 }, { 9, 1005, 1024 }, { 9, 1006, 1024 }, { 10, 1007, 1024 },
- { 7, 1008, 1024 }, { 8, 1009, 1024 }, { 8, 1010, 1024 }, { 9, 1011, 1024 }, { 8, 1012, 1024 }, { 9, 1013, 1024 }, { 9, 1014, 1024 }, { 10, 1015, 1024 },
- { 8, 1016, 1024 }, { 9, 1017, 1024 }, { 9, 1018, 1024 }, { 10, 1019, 1024 }, { 9, 1020, 1024 }, { 10, 1021, 1024 }, { 10, 1022, 1024 }, { 11, 1023, 1024 },
+ { 1, 0, 0 }, { 2, 1, 1024 }, { 2, 2, 1024 }, { 3, 3, 1024 }, { 2, 4, 1024 }, { 3, 5, 1024 }, { 3, 6, 1024 }, { 4, 7, 1024 },
+ { 2, 8, 1024 }, { 3, 9, 1024 }, { 3, 10, 1024 }, { 4, 11, 1024 }, { 3, 12, 1024 }, { 4, 13, 1024 }, { 4, 14, 1024 }, { 5, 15, 1024 },
+ { 2, 16, 1024 }, { 3, 17, 1024 }, { 3, 18, 1024 }, { 4, 19, 1024 }, { 3, 20, 1024 }, { 4, 21, 1024 }, { 4, 22, 1024 }, { 5, 23, 1024 },
+ { 3, 24, 1024 }, { 4, 25, 1024 }, { 4, 26, 1024 }, { 5, 27, 1024 }, { 4, 28, 1024 }, { 5, 29, 1024 }, { 5, 30, 1024 }, { 6, 31, 1024 },
+ { 2, 32, 1024 }, { 3, 33, 1024 }, { 3, 34, 1024 }, { 4, 35, 1024 }, { 3, 36, 1024 }, { 4, 37, 1024 }, { 4, 38, 1024 }, { 5, 39, 1024 },
+ { 3, 40, 1024 }, { 4, 41, 1024 }, { 4, 42, 1024 }, { 5, 43, 1024 }, { 4, 44, 1024 }, { 5, 45, 1024 }, { 5, 46, 1024 }, { 6, 47, 1024 },
+ { 3, 48, 1024 }, { 4, 49, 1024 }, { 4, 50, 1024 }, { 5, 51, 1024 }, { 4, 52, 1024 }, { 5, 53, 1024 }, { 5, 54, 1024 }, { 6, 55, 1024 },
+ { 4, 56, 1024 }, { 5, 57, 1024 }, { 5, 58, 1024 }, { 6, 59, 1024 }, { 5, 60, 1024 }, { 6, 61, 1024 }, { 6, 62, 1024 }, { 7, 63, 1024 },
+ { 2, 64, 1024 }, { 3, 65, 1024 }, { 3, 66, 1024 }, { 4, 67, 1024 }, { 3, 68, 1024 }, { 4, 69, 1024 }, { 4, 70, 1024 }, { 5, 71, 1024 },
+ { 3, 72, 1024 }, { 4, 73, 1024 }, { 4, 74, 1024 }, { 5, 75, 1024 }, { 4, 76, 1024 }, { 5, 77, 1024 }, { 5, 78, 1024 }, { 6, 79, 1024 },
+ { 3, 80, 1024 }, { 4, 81, 1024 }, { 4, 82, 1024 }, { 5, 83, 1024 }, { 4, 84, 1024 }, { 5, 85, 1024 }, { 5, 86, 1024 }, { 6, 87, 1024 },
+ { 4, 88, 1024 }, { 5, 89, 1024 }, { 5, 90, 1024 }, { 6, 91, 1024 }, { 5, 92, 1024 }, { 6, 93, 1024 }, { 6, 94, 1024 }, { 7, 95, 1024 },
+ { 3, 96, 1024 }, { 4, 97, 1024 }, { 4, 98, 1024 }, { 5, 99, 1024 }, { 4, 100, 1024 }, { 5, 101, 1024 }, { 5, 102, 1024 }, { 6, 103, 1024 },
+ { 4, 104, 1024 }, { 5, 105, 1024 }, { 5, 106, 1024 }, { 6, 107, 1024 }, { 5, 108, 1024 }, { 6, 109, 1024 }, { 6, 110, 1024 }, { 7, 111, 1024 },
+ { 4, 112, 1024 }, { 5, 113, 1024 }, { 5, 114, 1024 }, { 6, 115, 1024 }, { 5, 116, 1024 }, { 6, 117, 1024 }, { 6, 118, 1024 }, { 7, 119, 1024 },
+ { 5, 120, 1024 }, { 6, 121, 1024 }, { 6, 122, 1024 }, { 7, 123, 1024 }, { 6, 124, 1024 }, { 7, 125, 1024 }, { 7, 126, 1024 }, { 8, 127, 1024 },
+ { 2, 128, 1024 }, { 3, 129, 1024 }, { 3, 130, 1024 }, { 4, 131, 1024 }, { 3, 132, 1024 }, { 4, 133, 1024 }, { 4, 134, 1024 }, { 5, 135, 1024 },
+ { 3, 136, 1024 }, { 4, 137, 1024 }, { 4, 138, 1024 }, { 5, 139, 1024 }, { 4, 140, 1024 }, { 5, 141, 1024 }, { 5, 142, 1024 }, { 6, 143, 1024 },
+ { 3, 144, 1024 }, { 4, 145, 1024 }, { 4, 146, 1024 }, { 5, 147, 1024 }, { 4, 148, 1024 }, { 5, 149, 1024 }, { 5, 150, 1024 }, { 6, 151, 1024 },
+ { 4, 152, 1024 }, { 5, 153, 1024 }, { 5, 154, 1024 }, { 6, 155, 1024 }, { 5, 156, 1024 }, { 6, 157, 1024 }, { 6, 158, 1024 }, { 7, 159, 1024 },
+ { 3, 160, 1024 }, { 4, 161, 1024 }, { 4, 162, 1024 }, { 5, 163, 1024 }, { 4, 164, 1024 }, { 5, 165, 1024 }, { 5, 166, 1024 }, { 6, 167, 1024 },
+ { 4, 168, 1024 }, { 5, 169, 1024 }, { 5, 170, 1024 }, { 6, 171, 1024 }, { 5, 172, 1024 }, { 6, 173, 1024 }, { 6, 174, 1024 }, { 7, 175, 1024 },
+ { 4, 176, 1024 }, { 5, 177, 1024 }, { 5, 178, 1024 }, { 6, 179, 1024 }, { 5, 180, 1024 }, { 6, 181, 1024 }, { 6, 182, 1024 }, { 7, 183, 1024 },
+ { 5, 184, 1024 }, { 6, 185, 1024 }, { 6, 186, 1024 }, { 7, 187, 1024 }, { 6, 188, 1024 }, { 7, 189, 1024 }, { 7, 190, 1024 }, { 8, 191, 1024 },
+ { 3, 192, 1024 }, { 4, 193, 1024 }, { 4, 194, 1024 }, { 5, 195, 1024 }, { 4, 196, 1024 }, { 5, 197, 1024 }, { 5, 198, 1024 }, { 6, 199, 1024 },
+ { 4, 200, 1024 }, { 5, 201, 1024 }, { 5, 202, 1024 }, { 6, 203, 1024 }, { 5, 204, 1024 }, { 6, 205, 1024 }, { 6, 206, 1024 }, { 7, 207, 1024 },
+ { 4, 208, 1024 }, { 5, 209, 1024 }, { 5, 210, 1024 }, { 6, 211, 1024 }, { 5, 212, 1024 }, { 6, 213, 1024 }, { 6, 214, 1024 }, { 7, 215, 1024 },
+ { 5, 216, 1024 }, { 6, 217, 1024 }, { 6, 218, 1024 }, { 7, 219, 1024 }, { 6, 220, 1024 }, { 7, 221, 1024 }, { 7, 222, 1024 }, { 8, 223, 1024 },
+ { 4, 224, 1024 }, { 5, 225, 1024 }, { 5, 226, 1024 }, { 6, 227, 1024 }, { 5, 228, 1024 }, { 6, 229, 1024 }, { 6, 230, 1024 }, { 7, 231, 1024 },
+ { 5, 232, 1024 }, { 6, 233, 1024 }, { 6, 234, 1024 }, { 7, 235, 1024 }, { 6, 236, 1024 }, { 7, 237, 1024 }, { 7, 238, 1024 }, { 8, 239, 1024 },
+ { 5, 240, 1024 }, { 6, 241, 1024 }, { 6, 242, 1024 }, { 7, 243, 1024 }, { 6, 244, 1024 }, { 7, 245, 1024 }, { 7, 246, 1024 }, { 8, 247, 1024 },
+ { 6, 248, 1024 }, { 7, 249, 1024 }, { 7, 250, 1024 }, { 8, 251, 1024 }, { 7, 252, 1024 }, { 8, 253, 1024 }, { 8, 254, 1024 }, { 9, 255, 1024 },
+ { 2, 256, 1024 }, { 3, 257, 1024 }, { 3, 258, 1024 }, { 4, 259, 1024 }, { 3, 260, 1024 }, { 4, 261, 1024 }, { 4, 262, 1024 }, { 5, 263, 1024 },
+ { 3, 264, 1024 }, { 4, 265, 1024 }, { 4, 266, 1024 }, { 5, 267, 1024 }, { 4, 268, 1024 }, { 5, 269, 1024 }, { 5, 270, 1024 }, { 6, 271, 1024 },
+ { 3, 272, 1024 }, { 4, 273, 1024 }, { 4, 274, 1024 }, { 5, 275, 1024 }, { 4, 276, 1024 }, { 5, 277, 1024 }, { 5, 278, 1024 }, { 6, 279, 1024 },
+ { 4, 280, 1024 }, { 5, 281, 1024 }, { 5, 282, 1024 }, { 6, 283, 1024 }, { 5, 284, 1024 }, { 6, 285, 1024 }, { 6, 286, 1024 }, { 7, 287, 1024 },
+ { 3, 288, 1024 }, { 4, 289, 1024 }, { 4, 290, 1024 }, { 5, 291, 1024 }, { 4, 292, 1024 }, { 5, 293, 1024 }, { 5, 294, 1024 }, { 6, 295, 1024 },
+ { 4, 296, 1024 }, { 5, 297, 1024 }, { 5, 298, 1024 }, { 6, 299, 1024 }, { 5, 300, 1024 }, { 6, 301, 1024 }, { 6, 302, 1024 }, { 7, 303, 1024 },
+ { 4, 304, 1024 }, { 5, 305, 1024 }, { 5, 306, 1024 }, { 6, 307, 1024 }, { 5, 308, 1024 }, { 6, 309, 1024 }, { 6, 310, 1024 }, { 7, 311, 1024 },
+ { 5, 312, 1024 }, { 6, 313, 1024 }, { 6, 314, 1024 }, { 7, 315, 1024 }, { 6, 316, 1024 }, { 7, 317, 1024 }, { 7, 318, 1024 }, { 8, 319, 1024 },
+ { 3, 320, 1024 }, { 4, 321, 1024 }, { 4, 322, 1024 }, { 5, 323, 1024 }, { 4, 324, 1024 }, { 5, 325, 1024 }, { 5, 326, 1024 }, { 6, 327, 1024 },
+ { 4, 328, 1024 }, { 5, 329, 1024 }, { 5, 330, 1024 }, { 6, 331, 1024 }, { 5, 332, 1024 }, { 6, 333, 1024 }, { 6, 334, 1024 }, { 7, 335, 1024 },
+ { 4, 336, 1024 }, { 5, 337, 1024 }, { 5, 338, 1024 }, { 6, 339, 1024 }, { 5, 340, 1024 }, { 6, 341, 1024 }, { 6, 342, 1024 }, { 7, 343, 1024 },
+ { 5, 344, 1024 }, { 6, 345, 1024 }, { 6, 346, 1024 }, { 7, 347, 1024 }, { 6, 348, 1024 }, { 7, 349, 1024 }, { 7, 350, 1024 }, { 8, 351, 1024 },
+ { 4, 352, 1024 }, { 5, 353, 1024 }, { 5, 354, 1024 }, { 6, 355, 1024 }, { 5, 356, 1024 }, { 6, 357, 1024 }, { 6, 358, 1024 }, { 7, 359, 1024 },
+ { 5, 360, 1024 }, { 6, 361, 1024 }, { 6, 362, 1024 }, { 7, 363, 1024 }, { 6, 364, 1024 }, { 7, 365, 1024 }, { 7, 366, 1024 }, { 8, 367, 1024 },
+ { 5, 368, 1024 }, { 6, 369, 1024 }, { 6, 370, 1024 }, { 7, 371, 1024 }, { 6, 372, 1024 }, { 7, 373, 1024 }, { 7, 374, 1024 }, { 8, 375, 1024 },
+ { 6, 376, 1024 }, { 7, 377, 1024 }, { 7, 378, 1024 }, { 8, 379, 1024 }, { 7, 380, 1024 }, { 8, 381, 1024 }, { 8, 382, 1024 }, { 9, 383, 1024 },
+ { 3, 384, 1024 }, { 4, 385, 1024 }, { 4, 386, 1024 }, { 5, 387, 1024 }, { 4, 388, 1024 }, { 5, 389, 1024 }, { 5, 390, 1024 }, { 6, 391, 1024 },
+ { 4, 392, 1024 }, { 5, 393, 1024 }, { 5, 394, 1024 }, { 6, 395, 1024 }, { 5, 396, 1024 }, { 6, 397, 1024 }, { 6, 398, 1024 }, { 7, 399, 1024 },
+ { 4, 400, 1024 }, { 5, 401, 1024 }, { 5, 402, 1024 }, { 6, 403, 1024 }, { 5, 404, 1024 }, { 6, 405, 1024 }, { 6, 406, 1024 }, { 7, 407, 1024 },
+ { 5, 408, 1024 }, { 6, 409, 1024 }, { 6, 410, 1024 }, { 7, 411, 1024 }, { 6, 412, 1024 }, { 7, 413, 1024 }, { 7, 414, 1024 }, { 8, 415, 1024 },
+ { 4, 416, 1024 }, { 5, 417, 1024 }, { 5, 418, 1024 }, { 6, 419, 1024 }, { 5, 420, 1024 }, { 6, 421, 1024 }, { 6, 422, 1024 }, { 7, 423, 1024 },
+ { 5, 424, 1024 }, { 6, 425, 1024 }, { 6, 426, 1024 }, { 7, 427, 1024 }, { 6, 428, 1024 }, { 7, 429, 1024 }, { 7, 430, 1024 }, { 8, 431, 1024 },
+ { 5, 432, 1024 }, { 6, 433, 1024 }, { 6, 434, 1024 }, { 7, 435, 1024 }, { 6, 436, 1024 }, { 7, 437, 1024 }, { 7, 438, 1024 }, { 8, 439, 1024 },
+ { 6, 440, 1024 }, { 7, 441, 1024 }, { 7, 442, 1024 }, { 8, 443, 1024 }, { 7, 444, 1024 }, { 8, 445, 1024 }, { 8, 446, 1024 }, { 9, 447, 1024 },
+ { 4, 448, 1024 }, { 5, 449, 1024 }, { 5, 450, 1024 }, { 6, 451, 1024 }, { 5, 452, 1024 }, { 6, 453, 1024 }, { 6, 454, 1024 }, { 7, 455, 1024 },
+ { 5, 456, 1024 }, { 6, 457, 1024 }, { 6, 458, 1024 }, { 7, 459, 1024 }, { 6, 460, 1024 }, { 7, 461, 1024 }, { 7, 462, 1024 }, { 8, 463, 1024 },
+ { 5, 464, 1024 }, { 6, 465, 1024 }, { 6, 466, 1024 }, { 7, 467, 1024 }, { 6, 468, 1024 }, { 7, 469, 1024 }, { 7, 470, 1024 }, { 8, 471, 1024 },
+ { 6, 472, 1024 }, { 7, 473, 1024 }, { 7, 474, 1024 }, { 8, 475, 1024 }, { 7, 476, 1024 }, { 8, 477, 1024 }, { 8, 478, 1024 }, { 9, 479, 1024 },
+ { 5, 480, 1024 }, { 6, 481, 1024 }, { 6, 482, 1024 }, { 7, 483, 1024 }, { 6, 484, 1024 }, { 7, 485, 1024 }, { 7, 486, 1024 }, { 8, 487, 1024 },
+ { 6, 488, 1024 }, { 7, 489, 1024 }, { 7, 490, 1024 }, { 8, 491, 1024 }, { 7, 492, 1024 }, { 8, 493, 1024 }, { 8, 494, 1024 }, { 9, 495, 1024 },
+ { 6, 496, 1024 }, { 7, 497, 1024 }, { 7, 498, 1024 }, { 8, 499, 1024 }, { 7, 500, 1024 }, { 8, 501, 1024 }, { 8, 502, 1024 }, { 9, 503, 1024 },
+ { 7, 504, 1024 }, { 8, 505, 1024 }, { 8, 506, 1024 }, { 9, 507, 1024 }, { 8, 508, 1024 }, { 9, 509, 1024 }, { 9, 510, 1024 }, { 10, 511, 1024 },
+ { 2, 512, 1024 }, { 3, 513, 1024 }, { 3, 514, 1024 }, { 4, 515, 1024 }, { 3, 516, 1024 }, { 4, 517, 1024 }, { 4, 518, 1024 }, { 5, 519, 1024 },
+ { 3, 520, 1024 }, { 4, 521, 1024 }, { 4, 522, 1024 }, { 5, 523, 1024 }, { 4, 524, 1024 }, { 5, 525, 1024 }, { 5, 526, 1024 }, { 6, 527, 1024 },
+ { 3, 528, 1024 }, { 4, 529, 1024 }, { 4, 530, 1024 }, { 5, 531, 1024 }, { 4, 532, 1024 }, { 5, 533, 1024 }, { 5, 534, 1024 }, { 6, 535, 1024 },
+ { 4, 536, 1024 }, { 5, 537, 1024 }, { 5, 538, 1024 }, { 6, 539, 1024 }, { 5, 540, 1024 }, { 6, 541, 1024 }, { 6, 542, 1024 }, { 7, 543, 1024 },
+ { 3, 544, 1024 }, { 4, 545, 1024 }, { 4, 546, 1024 }, { 5, 547, 1024 }, { 4, 548, 1024 }, { 5, 549, 1024 }, { 5, 550, 1024 }, { 6, 551, 1024 },
+ { 4, 552, 1024 }, { 5, 553, 1024 }, { 5, 554, 1024 }, { 6, 555, 1024 }, { 5, 556, 1024 }, { 6, 557, 1024 }, { 6, 558, 1024 }, { 7, 559, 1024 },
+ { 4, 560, 1024 }, { 5, 561, 1024 }, { 5, 562, 1024 }, { 6, 563, 1024 }, { 5, 564, 1024 }, { 6, 565, 1024 }, { 6, 566, 1024 }, { 7, 567, 1024 },
+ { 5, 568, 1024 }, { 6, 569, 1024 }, { 6, 570, 1024 }, { 7, 571, 1024 }, { 6, 572, 1024 }, { 7, 573, 1024 }, { 7, 574, 1024 }, { 8, 575, 1024 },
+ { 3, 576, 1024 }, { 4, 577, 1024 }, { 4, 578, 1024 }, { 5, 579, 1024 }, { 4, 580, 1024 }, { 5, 581, 1024 }, { 5, 582, 1024 }, { 6, 583, 1024 },
+ { 4, 584, 1024 }, { 5, 585, 1024 }, { 5, 586, 1024 }, { 6, 587, 1024 }, { 5, 588, 1024 }, { 6, 589, 1024 }, { 6, 590, 1024 }, { 7, 591, 1024 },
+ { 4, 592, 1024 }, { 5, 593, 1024 }, { 5, 594, 1024 }, { 6, 595, 1024 }, { 5, 596, 1024 }, { 6, 597, 1024 }, { 6, 598, 1024 }, { 7, 599, 1024 },
+ { 5, 600, 1024 }, { 6, 601, 1024 }, { 6, 602, 1024 }, { 7, 603, 1024 }, { 6, 604, 1024 }, { 7, 605, 1024 }, { 7, 606, 1024 }, { 8, 607, 1024 },
+ { 4, 608, 1024 }, { 5, 609, 1024 }, { 5, 610, 1024 }, { 6, 611, 1024 }, { 5, 612, 1024 }, { 6, 613, 1024 }, { 6, 614, 1024 }, { 7, 615, 1024 },
+ { 5, 616, 1024 }, { 6, 617, 1024 }, { 6, 618, 1024 }, { 7, 619, 1024 }, { 6, 620, 1024 }, { 7, 621, 1024 }, { 7, 622, 1024 }, { 8, 623, 1024 },
+ { 5, 624, 1024 }, { 6, 625, 1024 }, { 6, 626, 1024 }, { 7, 627, 1024 }, { 6, 628, 1024 }, { 7, 629, 1024 }, { 7, 630, 1024 }, { 8, 631, 1024 },
+ { 6, 632, 1024 }, { 7, 633, 1024 }, { 7, 634, 1024 }, { 8, 635, 1024 }, { 7, 636, 1024 }, { 8, 637, 1024 }, { 8, 638, 1024 }, { 9, 639, 1024 },
+ { 3, 640, 1024 }, { 4, 641, 1024 }, { 4, 642, 1024 }, { 5, 643, 1024 }, { 4, 644, 1024 }, { 5, 645, 1024 }, { 5, 646, 1024 }, { 6, 647, 1024 },
+ { 4, 648, 1024 }, { 5, 649, 1024 }, { 5, 650, 1024 }, { 6, 651, 1024 }, { 5, 652, 1024 }, { 6, 653, 1024 }, { 6, 654, 1024 }, { 7, 655, 1024 },
+ { 4, 656, 1024 }, { 5, 657, 1024 }, { 5, 658, 1024 }, { 6, 659, 1024 }, { 5, 660, 1024 }, { 6, 661, 1024 }, { 6, 662, 1024 }, { 7, 663, 1024 },
+ { 5, 664, 1024 }, { 6, 665, 1024 }, { 6, 666, 1024 }, { 7, 667, 1024 }, { 6, 668, 1024 }, { 7, 669, 1024 }, { 7, 670, 1024 }, { 8, 671, 1024 },
+ { 4, 672, 1024 }, { 5, 673, 1024 }, { 5, 674, 1024 }, { 6, 675, 1024 }, { 5, 676, 1024 }, { 6, 677, 1024 }, { 6, 678, 1024 }, { 7, 679, 1024 },
+ { 5, 680, 1024 }, { 6, 681, 1024 }, { 6, 682, 1024 }, { 7, 683, 1024 }, { 6, 684, 1024 }, { 7, 685, 1024 }, { 7, 686, 1024 }, { 8, 687, 1024 },
+ { 5, 688, 1024 }, { 6, 689, 1024 }, { 6, 690, 1024 }, { 7, 691, 1024 }, { 6, 692, 1024 }, { 7, 693, 1024 }, { 7, 694, 1024 }, { 8, 695, 1024 },
+ { 6, 696, 1024 }, { 7, 697, 1024 }, { 7, 698, 1024 }, { 8, 699, 1024 }, { 7, 700, 1024 }, { 8, 701, 1024 }, { 8, 702, 1024 }, { 9, 703, 1024 },
+ { 4, 704, 1024 }, { 5, 705, 1024 }, { 5, 706, 1024 }, { 6, 707, 1024 }, { 5, 708, 1024 }, { 6, 709, 1024 }, { 6, 710, 1024 }, { 7, 711, 1024 },
+ { 5, 712, 1024 }, { 6, 713, 1024 }, { 6, 714, 1024 }, { 7, 715, 1024 }, { 6, 716, 1024 }, { 7, 717, 1024 }, { 7, 718, 1024 }, { 8, 719, 1024 },
+ { 5, 720, 1024 }, { 6, 721, 1024 }, { 6, 722, 1024 }, { 7, 723, 1024 }, { 6, 724, 1024 }, { 7, 725, 1024 }, { 7, 726, 1024 }, { 8, 727, 1024 },
+ { 6, 728, 1024 }, { 7, 729, 1024 }, { 7, 730, 1024 }, { 8, 731, 1024 }, { 7, 732, 1024 }, { 8, 733, 1024 }, { 8, 734, 1024 }, { 9, 735, 1024 },
+ { 5, 736, 1024 }, { 6, 737, 1024 }, { 6, 738, 1024 }, { 7, 739, 1024 }, { 6, 740, 1024 }, { 7, 741, 1024 }, { 7, 742, 1024 }, { 8, 743, 1024 },
+ { 6, 744, 1024 }, { 7, 745, 1024 }, { 7, 746, 1024 }, { 8, 747, 1024 }, { 7, 748, 1024 }, { 8, 749, 1024 }, { 8, 750, 1024 }, { 9, 751, 1024 },
+ { 6, 752, 1024 }, { 7, 753, 1024 }, { 7, 754, 1024 }, { 8, 755, 1024 }, { 7, 756, 1024 }, { 8, 757, 1024 }, { 8, 758, 1024 }, { 9, 759, 1024 },
+ { 7, 760, 1024 }, { 8, 761, 1024 }, { 8, 762, 1024 }, { 9, 763, 1024 }, { 8, 764, 1024 }, { 9, 765, 1024 }, { 9, 766, 1024 }, { 10, 767, 1024 },
+ { 3, 768, 1024 }, { 4, 769, 1024 }, { 4, 770, 1024 }, { 5, 771, 1024 }, { 4, 772, 1024 }, { 5, 773, 1024 }, { 5, 774, 1024 }, { 6, 775, 1024 },
+ { 4, 776, 1024 }, { 5, 777, 1024 }, { 5, 778, 1024 }, { 6, 779, 1024 }, { 5, 780, 1024 }, { 6, 781, 1024 }, { 6, 782, 1024 }, { 7, 783, 1024 },
+ { 4, 784, 1024 }, { 5, 785, 1024 }, { 5, 786, 1024 }, { 6, 787, 1024 }, { 5, 788, 1024 }, { 6, 789, 1024 }, { 6, 790, 1024 }, { 7, 791, 1024 },
+ { 5, 792, 1024 }, { 6, 793, 1024 }, { 6, 794, 1024 }, { 7, 795, 1024 }, { 6, 796, 1024 }, { 7, 797, 1024 }, { 7, 798, 1024 }, { 8, 799, 1024 },
+ { 4, 800, 1024 }, { 5, 801, 1024 }, { 5, 802, 1024 }, { 6, 803, 1024 }, { 5, 804, 1024 }, { 6, 805, 1024 }, { 6, 806, 1024 }, { 7, 807, 1024 },
+ { 5, 808, 1024 }, { 6, 809, 1024 }, { 6, 810, 1024 }, { 7, 811, 1024 }, { 6, 812, 1024 }, { 7, 813, 1024 }, { 7, 814, 1024 }, { 8, 815, 1024 },
+ { 5, 816, 1024 }, { 6, 817, 1024 }, { 6, 818, 1024 }, { 7, 819, 1024 }, { 6, 820, 1024 }, { 7, 821, 1024 }, { 7, 822, 1024 }, { 8, 823, 1024 },
+ { 6, 824, 1024 }, { 7, 825, 1024 }, { 7, 826, 1024 }, { 8, 827, 1024 }, { 7, 828, 1024 }, { 8, 829, 1024 }, { 8, 830, 1024 }, { 9, 831, 1024 },
+ { 4, 832, 1024 }, { 5, 833, 1024 }, { 5, 834, 1024 }, { 6, 835, 1024 }, { 5, 836, 1024 }, { 6, 837, 1024 }, { 6, 838, 1024 }, { 7, 839, 1024 },
+ { 5, 840, 1024 }, { 6, 841, 1024 }, { 6, 842, 1024 }, { 7, 843, 1024 }, { 6, 844, 1024 }, { 7, 845, 1024 }, { 7, 846, 1024 }, { 8, 847, 1024 },
+ { 5, 848, 1024 }, { 6, 849, 1024 }, { 6, 850, 1024 }, { 7, 851, 1024 }, { 6, 852, 1024 }, { 7, 853, 1024 }, { 7, 854, 1024 }, { 8, 855, 1024 },
+ { 6, 856, 1024 }, { 7, 857, 1024 }, { 7, 858, 1024 }, { 8, 859, 1024 }, { 7, 860, 1024 }, { 8, 861, 1024 }, { 8, 862, 1024 }, { 9, 863, 1024 },
+ { 5, 864, 1024 }, { 6, 865, 1024 }, { 6, 866, 1024 }, { 7, 867, 1024 }, { 6, 868, 1024 }, { 7, 869, 1024 }, { 7, 870, 1024 }, { 8, 871, 1024 },
+ { 6, 872, 1024 }, { 7, 873, 1024 }, { 7, 874, 1024 }, { 8, 875, 1024 }, { 7, 876, 1024 }, { 8, 877, 1024 }, { 8, 878, 1024 }, { 9, 879, 1024 },
+ { 6, 880, 1024 }, { 7, 881, 1024 }, { 7, 882, 1024 }, { 8, 883, 1024 }, { 7, 884, 1024 }, { 8, 885, 1024 }, { 8, 886, 1024 }, { 9, 887, 1024 },
+ { 7, 888, 1024 }, { 8, 889, 1024 }, { 8, 890, 1024 }, { 9, 891, 1024 }, { 8, 892, 1024 }, { 9, 893, 1024 }, { 9, 894, 1024 }, { 10, 895, 1024 },
+ { 4, 896, 1024 }, { 5, 897, 1024 }, { 5, 898, 1024 }, { 6, 899, 1024 }, { 5, 900, 1024 }, { 6, 901, 1024 }, { 6, 902, 1024 }, { 7, 903, 1024 },
+ { 5, 904, 1024 }, { 6, 905, 1024 }, { 6, 906, 1024 }, { 7, 907, 1024 }, { 6, 908, 1024 }, { 7, 909, 1024 }, { 7, 910, 1024 }, { 8, 911, 1024 },
+ { 5, 912, 1024 }, { 6, 913, 1024 }, { 6, 914, 1024 }, { 7, 915, 1024 }, { 6, 916, 1024 }, { 7, 917, 1024 }, { 7, 918, 1024 }, { 8, 919, 1024 },
+ { 6, 920, 1024 }, { 7, 921, 1024 }, { 7, 922, 1024 }, { 8, 923, 1024 }, { 7, 924, 1024 }, { 8, 925, 1024 }, { 8, 926, 1024 }, { 9, 927, 1024 },
+ { 5, 928, 1024 }, { 6, 929, 1024 }, { 6, 930, 1024 }, { 7, 931, 1024 }, { 6, 932, 1024 }, { 7, 933, 1024 }, { 7, 934, 1024 }, { 8, 935, 1024 },
+ { 6, 936, 1024 }, { 7, 937, 1024 }, { 7, 938, 1024 }, { 8, 939, 1024 }, { 7, 940, 1024 }, { 8, 941, 1024 }, { 8, 942, 1024 }, { 9, 943, 1024 },
+ { 6, 944, 1024 }, { 7, 945, 1024 }, { 7, 946, 1024 }, { 8, 947, 1024 }, { 7, 948, 1024 }, { 8, 949, 1024 }, { 8, 950, 1024 }, { 9, 951, 1024 },
+ { 7, 952, 1024 }, { 8, 953, 1024 }, { 8, 954, 1024 }, { 9, 955, 1024 }, { 8, 956, 1024 }, { 9, 957, 1024 }, { 9, 958, 1024 }, { 10, 959, 1024 },
+ { 5, 960, 1024 }, { 6, 961, 1024 }, { 6, 962, 1024 }, { 7, 963, 1024 }, { 6, 964, 1024 }, { 7, 965, 1024 }, { 7, 966, 1024 }, { 8, 967, 1024 },
+ { 6, 968, 1024 }, { 7, 969, 1024 }, { 7, 970, 1024 }, { 8, 971, 1024 }, { 7, 972, 1024 }, { 8, 973, 1024 }, { 8, 974, 1024 }, { 9, 975, 1024 },
+ { 6, 976, 1024 }, { 7, 977, 1024 }, { 7, 978, 1024 }, { 8, 979, 1024 }, { 7, 980, 1024 }, { 8, 981, 1024 }, { 8, 982, 1024 }, { 9, 983, 1024 },
+ { 7, 984, 1024 }, { 8, 985, 1024 }, { 8, 986, 1024 }, { 9, 987, 1024 }, { 8, 988, 1024 }, { 9, 989, 1024 }, { 9, 990, 1024 }, { 10, 991, 1024 },
+ { 6, 992, 1024 }, { 7, 993, 1024 }, { 7, 994, 1024 }, { 8, 995, 1024 }, { 7, 996, 1024 }, { 8, 997, 1024 }, { 8, 998, 1024 }, { 9, 999, 1024 },
+ { 7, 1000, 1024 }, { 8, 1001, 1024 }, { 8, 1002, 1024 }, { 9, 1003, 1024 }, { 8, 1004, 1024 }, { 9, 1005, 1024 }, { 9, 1006, 1024 }, { 10, 1007, 1024 },
+ { 7, 1008, 1024 }, { 8, 1009, 1024 }, { 8, 1010, 1024 }, { 9, 1011, 1024 }, { 8, 1012, 1024 }, { 9, 1013, 1024 }, { 9, 1014, 1024 }, { 10, 1015, 1024 },
+ { 8, 1016, 1024 }, { 9, 1017, 1024 }, { 9, 1018, 1024 }, { 10, 1019, 1024 }, { 9, 1020, 1024 }, { 10, 1021, 1024 }, { 10, 1022, 1024 }, { 11, 1023, 1024 },
#if FP_LUT > 11
- { 1, 0, 0 }, { 2, 1, 2048 }, { 2, 2, 2048 }, { 3, 3, 2048 }, { 2, 4, 2048 }, { 3, 5, 2048 }, { 3, 6, 2048 }, { 4, 7, 2048 },
- { 2, 8, 2048 }, { 3, 9, 2048 }, { 3, 10, 2048 }, { 4, 11, 2048 }, { 3, 12, 2048 }, { 4, 13, 2048 }, { 4, 14, 2048 }, { 5, 15, 2048 },
- { 2, 16, 2048 }, { 3, 17, 2048 }, { 3, 18, 2048 }, { 4, 19, 2048 }, { 3, 20, 2048 }, { 4, 21, 2048 }, { 4, 22, 2048 }, { 5, 23, 2048 },
- { 3, 24, 2048 }, { 4, 25, 2048 }, { 4, 26, 2048 }, { 5, 27, 2048 }, { 4, 28, 2048 }, { 5, 29, 2048 }, { 5, 30, 2048 }, { 6, 31, 2048 },
- { 2, 32, 2048 }, { 3, 33, 2048 }, { 3, 34, 2048 }, { 4, 35, 2048 }, { 3, 36, 2048 }, { 4, 37, 2048 }, { 4, 38, 2048 }, { 5, 39, 2048 },
- { 3, 40, 2048 }, { 4, 41, 2048 }, { 4, 42, 2048 }, { 5, 43, 2048 }, { 4, 44, 2048 }, { 5, 45, 2048 }, { 5, 46, 2048 }, { 6, 47, 2048 },
- { 3, 48, 2048 }, { 4, 49, 2048 }, { 4, 50, 2048 }, { 5, 51, 2048 }, { 4, 52, 2048 }, { 5, 53, 2048 }, { 5, 54, 2048 }, { 6, 55, 2048 },
- { 4, 56, 2048 }, { 5, 57, 2048 }, { 5, 58, 2048 }, { 6, 59, 2048 }, { 5, 60, 2048 }, { 6, 61, 2048 }, { 6, 62, 2048 }, { 7, 63, 2048 },
- { 2, 64, 2048 }, { 3, 65, 2048 }, { 3, 66, 2048 }, { 4, 67, 2048 }, { 3, 68, 2048 }, { 4, 69, 2048 }, { 4, 70, 2048 }, { 5, 71, 2048 },
- { 3, 72, 2048 }, { 4, 73, 2048 }, { 4, 74, 2048 }, { 5, 75, 2048 }, { 4, 76, 2048 }, { 5, 77, 2048 }, { 5, 78, 2048 }, { 6, 79, 2048 },
- { 3, 80, 2048 }, { 4, 81, 2048 }, { 4, 82, 2048 }, { 5, 83, 2048 }, { 4, 84, 2048 }, { 5, 85, 2048 }, { 5, 86, 2048 }, { 6, 87, 2048 },
- { 4, 88, 2048 }, { 5, 89, 2048 }, { 5, 90, 2048 }, { 6, 91, 2048 }, { 5, 92, 2048 }, { 6, 93, 2048 }, { 6, 94, 2048 }, { 7, 95, 2048 },
- { 3, 96, 2048 }, { 4, 97, 2048 }, { 4, 98, 2048 }, { 5, 99, 2048 }, { 4, 100, 2048 }, { 5, 101, 2048 }, { 5, 102, 2048 }, { 6, 103, 2048 },
- { 4, 104, 2048 }, { 5, 105, 2048 }, { 5, 106, 2048 }, { 6, 107, 2048 }, { 5, 108, 2048 }, { 6, 109, 2048 }, { 6, 110, 2048 }, { 7, 111, 2048 },
- { 4, 112, 2048 }, { 5, 113, 2048 }, { 5, 114, 2048 }, { 6, 115, 2048 }, { 5, 116, 2048 }, { 6, 117, 2048 }, { 6, 118, 2048 }, { 7, 119, 2048 },
- { 5, 120, 2048 }, { 6, 121, 2048 }, { 6, 122, 2048 }, { 7, 123, 2048 }, { 6, 124, 2048 }, { 7, 125, 2048 }, { 7, 126, 2048 }, { 8, 127, 2048 },
- { 2, 128, 2048 }, { 3, 129, 2048 }, { 3, 130, 2048 }, { 4, 131, 2048 }, { 3, 132, 2048 }, { 4, 133, 2048 }, { 4, 134, 2048 }, { 5, 135, 2048 },
- { 3, 136, 2048 }, { 4, 137, 2048 }, { 4, 138, 2048 }, { 5, 139, 2048 }, { 4, 140, 2048 }, { 5, 141, 2048 }, { 5, 142, 2048 }, { 6, 143, 2048 },
- { 3, 144, 2048 }, { 4, 145, 2048 }, { 4, 146, 2048 }, { 5, 147, 2048 }, { 4, 148, 2048 }, { 5, 149, 2048 }, { 5, 150, 2048 }, { 6, 151, 2048 },
- { 4, 152, 2048 }, { 5, 153, 2048 }, { 5, 154, 2048 }, { 6, 155, 2048 }, { 5, 156, 2048 }, { 6, 157, 2048 }, { 6, 158, 2048 }, { 7, 159, 2048 },
- { 3, 160, 2048 }, { 4, 161, 2048 }, { 4, 162, 2048 }, { 5, 163, 2048 }, { 4, 164, 2048 }, { 5, 165, 2048 }, { 5, 166, 2048 }, { 6, 167, 2048 },
- { 4, 168, 2048 }, { 5, 169, 2048 }, { 5, 170, 2048 }, { 6, 171, 2048 }, { 5, 172, 2048 }, { 6, 173, 2048 }, { 6, 174, 2048 }, { 7, 175, 2048 },
- { 4, 176, 2048 }, { 5, 177, 2048 }, { 5, 178, 2048 }, { 6, 179, 2048 }, { 5, 180, 2048 }, { 6, 181, 2048 }, { 6, 182, 2048 }, { 7, 183, 2048 },
- { 5, 184, 2048 }, { 6, 185, 2048 }, { 6, 186, 2048 }, { 7, 187, 2048 }, { 6, 188, 2048 }, { 7, 189, 2048 }, { 7, 190, 2048 }, { 8, 191, 2048 },
- { 3, 192, 2048 }, { 4, 193, 2048 }, { 4, 194, 2048 }, { 5, 195, 2048 }, { 4, 196, 2048 }, { 5, 197, 2048 }, { 5, 198, 2048 }, { 6, 199, 2048 },
- { 4, 200, 2048 }, { 5, 201, 2048 }, { 5, 202, 2048 }, { 6, 203, 2048 }, { 5, 204, 2048 }, { 6, 205, 2048 }, { 6, 206, 2048 }, { 7, 207, 2048 },
- { 4, 208, 2048 }, { 5, 209, 2048 }, { 5, 210, 2048 }, { 6, 211, 2048 }, { 5, 212, 2048 }, { 6, 213, 2048 }, { 6, 214, 2048 }, { 7, 215, 2048 },
- { 5, 216, 2048 }, { 6, 217, 2048 }, { 6, 218, 2048 }, { 7, 219, 2048 }, { 6, 220, 2048 }, { 7, 221, 2048 }, { 7, 222, 2048 }, { 8, 223, 2048 },
- { 4, 224, 2048 }, { 5, 225, 2048 }, { 5, 226, 2048 }, { 6, 227, 2048 }, { 5, 228, 2048 }, { 6, 229, 2048 }, { 6, 230, 2048 }, { 7, 231, 2048 },
- { 5, 232, 2048 }, { 6, 233, 2048 }, { 6, 234, 2048 }, { 7, 235, 2048 }, { 6, 236, 2048 }, { 7, 237, 2048 }, { 7, 238, 2048 }, { 8, 239, 2048 },
- { 5, 240, 2048 }, { 6, 241, 2048 }, { 6, 242, 2048 }, { 7, 243, 2048 }, { 6, 244, 2048 }, { 7, 245, 2048 }, { 7, 246, 2048 }, { 8, 247, 2048 },
- { 6, 248, 2048 }, { 7, 249, 2048 }, { 7, 250, 2048 }, { 8, 251, 2048 }, { 7, 252, 2048 }, { 8, 253, 2048 }, { 8, 254, 2048 }, { 9, 255, 2048 },
- { 2, 256, 2048 }, { 3, 257, 2048 }, { 3, 258, 2048 }, { 4, 259, 2048 }, { 3, 260, 2048 }, { 4, 261, 2048 }, { 4, 262, 2048 }, { 5, 263, 2048 },
- { 3, 264, 2048 }, { 4, 265, 2048 }, { 4, 266, 2048 }, { 5, 267, 2048 }, { 4, 268, 2048 }, { 5, 269, 2048 }, { 5, 270, 2048 }, { 6, 271, 2048 },
- { 3, 272, 2048 }, { 4, 273, 2048 }, { 4, 274, 2048 }, { 5, 275, 2048 }, { 4, 276, 2048 }, { 5, 277, 2048 }, { 5, 278, 2048 }, { 6, 279, 2048 },
- { 4, 280, 2048 }, { 5, 281, 2048 }, { 5, 282, 2048 }, { 6, 283, 2048 }, { 5, 284, 2048 }, { 6, 285, 2048 }, { 6, 286, 2048 }, { 7, 287, 2048 },
- { 3, 288, 2048 }, { 4, 289, 2048 }, { 4, 290, 2048 }, { 5, 291, 2048 }, { 4, 292, 2048 }, { 5, 293, 2048 }, { 5, 294, 2048 }, { 6, 295, 2048 },
- { 4, 296, 2048 }, { 5, 297, 2048 }, { 5, 298, 2048 }, { 6, 299, 2048 }, { 5, 300, 2048 }, { 6, 301, 2048 }, { 6, 302, 2048 }, { 7, 303, 2048 },
- { 4, 304, 2048 }, { 5, 305, 2048 }, { 5, 306, 2048 }, { 6, 307, 2048 }, { 5, 308, 2048 }, { 6, 309, 2048 }, { 6, 310, 2048 }, { 7, 311, 2048 },
- { 5, 312, 2048 }, { 6, 313, 2048 }, { 6, 314, 2048 }, { 7, 315, 2048 }, { 6, 316, 2048 }, { 7, 317, 2048 }, { 7, 318, 2048 }, { 8, 319, 2048 },
- { 3, 320, 2048 }, { 4, 321, 2048 }, { 4, 322, 2048 }, { 5, 323, 2048 }, { 4, 324, 2048 }, { 5, 325, 2048 }, { 5, 326, 2048 }, { 6, 327, 2048 },
- { 4, 328, 2048 }, { 5, 329, 2048 }, { 5, 330, 2048 }, { 6, 331, 2048 }, { 5, 332, 2048 }, { 6, 333, 2048 }, { 6, 334, 2048 }, { 7, 335, 2048 },
- { 4, 336, 2048 }, { 5, 337, 2048 }, { 5, 338, 2048 }, { 6, 339, 2048 }, { 5, 340, 2048 }, { 6, 341, 2048 }, { 6, 342, 2048 }, { 7, 343, 2048 },
- { 5, 344, 2048 }, { 6, 345, 2048 }, { 6, 346, 2048 }, { 7, 347, 2048 }, { 6, 348, 2048 }, { 7, 349, 2048 }, { 7, 350, 2048 }, { 8, 351, 2048 },
- { 4, 352, 2048 }, { 5, 353, 2048 }, { 5, 354, 2048 }, { 6, 355, 2048 }, { 5, 356, 2048 }, { 6, 357, 2048 }, { 6, 358, 2048 }, { 7, 359, 2048 },
- { 5, 360, 2048 }, { 6, 361, 2048 }, { 6, 362, 2048 }, { 7, 363, 2048 }, { 6, 364, 2048 }, { 7, 365, 2048 }, { 7, 366, 2048 }, { 8, 367, 2048 },
- { 5, 368, 2048 }, { 6, 369, 2048 }, { 6, 370, 2048 }, { 7, 371, 2048 }, { 6, 372, 2048 }, { 7, 373, 2048 }, { 7, 374, 2048 }, { 8, 375, 2048 },
- { 6, 376, 2048 }, { 7, 377, 2048 }, { 7, 378, 2048 }, { 8, 379, 2048 }, { 7, 380, 2048 }, { 8, 381, 2048 }, { 8, 382, 2048 }, { 9, 383, 2048 },
- { 3, 384, 2048 }, { 4, 385, 2048 }, { 4, 386, 2048 }, { 5, 387, 2048 }, { 4, 388, 2048 }, { 5, 389, 2048 }, { 5, 390, 2048 }, { 6, 391, 2048 },
- { 4, 392, 2048 }, { 5, 393, 2048 }, { 5, 394, 2048 }, { 6, 395, 2048 }, { 5, 396, 2048 }, { 6, 397, 2048 }, { 6, 398, 2048 }, { 7, 399, 2048 },
- { 4, 400, 2048 }, { 5, 401, 2048 }, { 5, 402, 2048 }, { 6, 403, 2048 }, { 5, 404, 2048 }, { 6, 405, 2048 }, { 6, 406, 2048 }, { 7, 407, 2048 },
- { 5, 408, 2048 }, { 6, 409, 2048 }, { 6, 410, 2048 }, { 7, 411, 2048 }, { 6, 412, 2048 }, { 7, 413, 2048 }, { 7, 414, 2048 }, { 8, 415, 2048 },
- { 4, 416, 2048 }, { 5, 417, 2048 }, { 5, 418, 2048 }, { 6, 419, 2048 }, { 5, 420, 2048 }, { 6, 421, 2048 }, { 6, 422, 2048 }, { 7, 423, 2048 },
- { 5, 424, 2048 }, { 6, 425, 2048 }, { 6, 426, 2048 }, { 7, 427, 2048 }, { 6, 428, 2048 }, { 7, 429, 2048 }, { 7, 430, 2048 }, { 8, 431, 2048 },
- { 5, 432, 2048 }, { 6, 433, 2048 }, { 6, 434, 2048 }, { 7, 435, 2048 }, { 6, 436, 2048 }, { 7, 437, 2048 }, { 7, 438, 2048 }, { 8, 439, 2048 },
- { 6, 440, 2048 }, { 7, 441, 2048 }, { 7, 442, 2048 }, { 8, 443, 2048 }, { 7, 444, 2048 }, { 8, 445, 2048 }, { 8, 446, 2048 }, { 9, 447, 2048 },
- { 4, 448, 2048 }, { 5, 449, 2048 }, { 5, 450, 2048 }, { 6, 451, 2048 }, { 5, 452, 2048 }, { 6, 453, 2048 }, { 6, 454, 2048 }, { 7, 455, 2048 },
- { 5, 456, 2048 }, { 6, 457, 2048 }, { 6, 458, 2048 }, { 7, 459, 2048 }, { 6, 460, 2048 }, { 7, 461, 2048 }, { 7, 462, 2048 }, { 8, 463, 2048 },
- { 5, 464, 2048 }, { 6, 465, 2048 }, { 6, 466, 2048 }, { 7, 467, 2048 }, { 6, 468, 2048 }, { 7, 469, 2048 }, { 7, 470, 2048 }, { 8, 471, 2048 },
- { 6, 472, 2048 }, { 7, 473, 2048 }, { 7, 474, 2048 }, { 8, 475, 2048 }, { 7, 476, 2048 }, { 8, 477, 2048 }, { 8, 478, 2048 }, { 9, 479, 2048 },
- { 5, 480, 2048 }, { 6, 481, 2048 }, { 6, 482, 2048 }, { 7, 483, 2048 }, { 6, 484, 2048 }, { 7, 485, 2048 }, { 7, 486, 2048 }, { 8, 487, 2048 },
- { 6, 488, 2048 }, { 7, 489, 2048 }, { 7, 490, 2048 }, { 8, 491, 2048 }, { 7, 492, 2048 }, { 8, 493, 2048 }, { 8, 494, 2048 }, { 9, 495, 2048 },
- { 6, 496, 2048 }, { 7, 497, 2048 }, { 7, 498, 2048 }, { 8, 499, 2048 }, { 7, 500, 2048 }, { 8, 501, 2048 }, { 8, 502, 2048 }, { 9, 503, 2048 },
- { 7, 504, 2048 }, { 8, 505, 2048 }, { 8, 506, 2048 }, { 9, 507, 2048 }, { 8, 508, 2048 }, { 9, 509, 2048 }, { 9, 510, 2048 }, { 10, 511, 2048 },
- { 2, 512, 2048 }, { 3, 513, 2048 }, { 3, 514, 2048 }, { 4, 515, 2048 }, { 3, 516, 2048 }, { 4, 517, 2048 }, { 4, 518, 2048 }, { 5, 519, 2048 },
- { 3, 520, 2048 }, { 4, 521, 2048 }, { 4, 522, 2048 }, { 5, 523, 2048 }, { 4, 524, 2048 }, { 5, 525, 2048 }, { 5, 526, 2048 }, { 6, 527, 2048 },
- { 3, 528, 2048 }, { 4, 529, 2048 }, { 4, 530, 2048 }, { 5, 531, 2048 }, { 4, 532, 2048 }, { 5, 533, 2048 }, { 5, 534, 2048 }, { 6, 535, 2048 },
- { 4, 536, 2048 }, { 5, 537, 2048 }, { 5, 538, 2048 }, { 6, 539, 2048 }, { 5, 540, 2048 }, { 6, 541, 2048 }, { 6, 542, 2048 }, { 7, 543, 2048 },
- { 3, 544, 2048 }, { 4, 545, 2048 }, { 4, 546, 2048 }, { 5, 547, 2048 }, { 4, 548, 2048 }, { 5, 549, 2048 }, { 5, 550, 2048 }, { 6, 551, 2048 },
- { 4, 552, 2048 }, { 5, 553, 2048 }, { 5, 554, 2048 }, { 6, 555, 2048 }, { 5, 556, 2048 }, { 6, 557, 2048 }, { 6, 558, 2048 }, { 7, 559, 2048 },
- { 4, 560, 2048 }, { 5, 561, 2048 }, { 5, 562, 2048 }, { 6, 563, 2048 }, { 5, 564, 2048 }, { 6, 565, 2048 }, { 6, 566, 2048 }, { 7, 567, 2048 },
- { 5, 568, 2048 }, { 6, 569, 2048 }, { 6, 570, 2048 }, { 7, 571, 2048 }, { 6, 572, 2048 }, { 7, 573, 2048 }, { 7, 574, 2048 }, { 8, 575, 2048 },
- { 3, 576, 2048 }, { 4, 577, 2048 }, { 4, 578, 2048 }, { 5, 579, 2048 }, { 4, 580, 2048 }, { 5, 581, 2048 }, { 5, 582, 2048 }, { 6, 583, 2048 },
- { 4, 584, 2048 }, { 5, 585, 2048 }, { 5, 586, 2048 }, { 6, 587, 2048 }, { 5, 588, 2048 }, { 6, 589, 2048 }, { 6, 590, 2048 }, { 7, 591, 2048 },
- { 4, 592, 2048 }, { 5, 593, 2048 }, { 5, 594, 2048 }, { 6, 595, 2048 }, { 5, 596, 2048 }, { 6, 597, 2048 }, { 6, 598, 2048 }, { 7, 599, 2048 },
- { 5, 600, 2048 }, { 6, 601, 2048 }, { 6, 602, 2048 }, { 7, 603, 2048 }, { 6, 604, 2048 }, { 7, 605, 2048 }, { 7, 606, 2048 }, { 8, 607, 2048 },
- { 4, 608, 2048 }, { 5, 609, 2048 }, { 5, 610, 2048 }, { 6, 611, 2048 }, { 5, 612, 2048 }, { 6, 613, 2048 }, { 6, 614, 2048 }, { 7, 615, 2048 },
- { 5, 616, 2048 }, { 6, 617, 2048 }, { 6, 618, 2048 }, { 7, 619, 2048 }, { 6, 620, 2048 }, { 7, 621, 2048 }, { 7, 622, 2048 }, { 8, 623, 2048 },
- { 5, 624, 2048 }, { 6, 625, 2048 }, { 6, 626, 2048 }, { 7, 627, 2048 }, { 6, 628, 2048 }, { 7, 629, 2048 }, { 7, 630, 2048 }, { 8, 631, 2048 },
- { 6, 632, 2048 }, { 7, 633, 2048 }, { 7, 634, 2048 }, { 8, 635, 2048 }, { 7, 636, 2048 }, { 8, 637, 2048 }, { 8, 638, 2048 }, { 9, 639, 2048 },
- { 3, 640, 2048 }, { 4, 641, 2048 }, { 4, 642, 2048 }, { 5, 643, 2048 }, { 4, 644, 2048 }, { 5, 645, 2048 }, { 5, 646, 2048 }, { 6, 647, 2048 },
- { 4, 648, 2048 }, { 5, 649, 2048 }, { 5, 650, 2048 }, { 6, 651, 2048 }, { 5, 652, 2048 }, { 6, 653, 2048 }, { 6, 654, 2048 }, { 7, 655, 2048 },
- { 4, 656, 2048 }, { 5, 657, 2048 }, { 5, 658, 2048 }, { 6, 659, 2048 }, { 5, 660, 2048 }, { 6, 661, 2048 }, { 6, 662, 2048 }, { 7, 663, 2048 },
- { 5, 664, 2048 }, { 6, 665, 2048 }, { 6, 666, 2048 }, { 7, 667, 2048 }, { 6, 668, 2048 }, { 7, 669, 2048 }, { 7, 670, 2048 }, { 8, 671, 2048 },
- { 4, 672, 2048 }, { 5, 673, 2048 }, { 5, 674, 2048 }, { 6, 675, 2048 }, { 5, 676, 2048 }, { 6, 677, 2048 }, { 6, 678, 2048 }, { 7, 679, 2048 },
- { 5, 680, 2048 }, { 6, 681, 2048 }, { 6, 682, 2048 }, { 7, 683, 2048 }, { 6, 684, 2048 }, { 7, 685, 2048 }, { 7, 686, 2048 }, { 8, 687, 2048 },
- { 5, 688, 2048 }, { 6, 689, 2048 }, { 6, 690, 2048 }, { 7, 691, 2048 }, { 6, 692, 2048 }, { 7, 693, 2048 }, { 7, 694, 2048 }, { 8, 695, 2048 },
- { 6, 696, 2048 }, { 7, 697, 2048 }, { 7, 698, 2048 }, { 8, 699, 2048 }, { 7, 700, 2048 }, { 8, 701, 2048 }, { 8, 702, 2048 }, { 9, 703, 2048 },
- { 4, 704, 2048 }, { 5, 705, 2048 }, { 5, 706, 2048 }, { 6, 707, 2048 }, { 5, 708, 2048 }, { 6, 709, 2048 }, { 6, 710, 2048 }, { 7, 711, 2048 },
- { 5, 712, 2048 }, { 6, 713, 2048 }, { 6, 714, 2048 }, { 7, 715, 2048 }, { 6, 716, 2048 }, { 7, 717, 2048 }, { 7, 718, 2048 }, { 8, 719, 2048 },
- { 5, 720, 2048 }, { 6, 721, 2048 }, { 6, 722, 2048 }, { 7, 723, 2048 }, { 6, 724, 2048 }, { 7, 725, 2048 }, { 7, 726, 2048 }, { 8, 727, 2048 },
- { 6, 728, 2048 }, { 7, 729, 2048 }, { 7, 730, 2048 }, { 8, 731, 2048 }, { 7, 732, 2048 }, { 8, 733, 2048 }, { 8, 734, 2048 }, { 9, 735, 2048 },
- { 5, 736, 2048 }, { 6, 737, 2048 }, { 6, 738, 2048 }, { 7, 739, 2048 }, { 6, 740, 2048 }, { 7, 741, 2048 }, { 7, 742, 2048 }, { 8, 743, 2048 },
- { 6, 744, 2048 }, { 7, 745, 2048 }, { 7, 746, 2048 }, { 8, 747, 2048 }, { 7, 748, 2048 }, { 8, 749, 2048 }, { 8, 750, 2048 }, { 9, 751, 2048 },
- { 6, 752, 2048 }, { 7, 753, 2048 }, { 7, 754, 2048 }, { 8, 755, 2048 }, { 7, 756, 2048 }, { 8, 757, 2048 }, { 8, 758, 2048 }, { 9, 759, 2048 },
- { 7, 760, 2048 }, { 8, 761, 2048 }, { 8, 762, 2048 }, { 9, 763, 2048 }, { 8, 764, 2048 }, { 9, 765, 2048 }, { 9, 766, 2048 }, { 10, 767, 2048 },
- { 3, 768, 2048 }, { 4, 769, 2048 }, { 4, 770, 2048 }, { 5, 771, 2048 }, { 4, 772, 2048 }, { 5, 773, 2048 }, { 5, 774, 2048 }, { 6, 775, 2048 },
- { 4, 776, 2048 }, { 5, 777, 2048 }, { 5, 778, 2048 }, { 6, 779, 2048 }, { 5, 780, 2048 }, { 6, 781, 2048 }, { 6, 782, 2048 }, { 7, 783, 2048 },
- { 4, 784, 2048 }, { 5, 785, 2048 }, { 5, 786, 2048 }, { 6, 787, 2048 }, { 5, 788, 2048 }, { 6, 789, 2048 }, { 6, 790, 2048 }, { 7, 791, 2048 },
- { 5, 792, 2048 }, { 6, 793, 2048 }, { 6, 794, 2048 }, { 7, 795, 2048 }, { 6, 796, 2048 }, { 7, 797, 2048 }, { 7, 798, 2048 }, { 8, 799, 2048 },
- { 4, 800, 2048 }, { 5, 801, 2048 }, { 5, 802, 2048 }, { 6, 803, 2048 }, { 5, 804, 2048 }, { 6, 805, 2048 }, { 6, 806, 2048 }, { 7, 807, 2048 },
- { 5, 808, 2048 }, { 6, 809, 2048 }, { 6, 810, 2048 }, { 7, 811, 2048 }, { 6, 812, 2048 }, { 7, 813, 2048 }, { 7, 814, 2048 }, { 8, 815, 2048 },
- { 5, 816, 2048 }, { 6, 817, 2048 }, { 6, 818, 2048 }, { 7, 819, 2048 }, { 6, 820, 2048 }, { 7, 821, 2048 }, { 7, 822, 2048 }, { 8, 823, 2048 },
- { 6, 824, 2048 }, { 7, 825, 2048 }, { 7, 826, 2048 }, { 8, 827, 2048 }, { 7, 828, 2048 }, { 8, 829, 2048 }, { 8, 830, 2048 }, { 9, 831, 2048 },
- { 4, 832, 2048 }, { 5, 833, 2048 }, { 5, 834, 2048 }, { 6, 835, 2048 }, { 5, 836, 2048 }, { 6, 837, 2048 }, { 6, 838, 2048 }, { 7, 839, 2048 },
- { 5, 840, 2048 }, { 6, 841, 2048 }, { 6, 842, 2048 }, { 7, 843, 2048 }, { 6, 844, 2048 }, { 7, 845, 2048 }, { 7, 846, 2048 }, { 8, 847, 2048 },
- { 5, 848, 2048 }, { 6, 849, 2048 }, { 6, 850, 2048 }, { 7, 851, 2048 }, { 6, 852, 2048 }, { 7, 853, 2048 }, { 7, 854, 2048 }, { 8, 855, 2048 },
- { 6, 856, 2048 }, { 7, 857, 2048 }, { 7, 858, 2048 }, { 8, 859, 2048 }, { 7, 860, 2048 }, { 8, 861, 2048 }, { 8, 862, 2048 }, { 9, 863, 2048 },
- { 5, 864, 2048 }, { 6, 865, 2048 }, { 6, 866, 2048 }, { 7, 867, 2048 }, { 6, 868, 2048 }, { 7, 869, 2048 }, { 7, 870, 2048 }, { 8, 871, 2048 },
- { 6, 872, 2048 }, { 7, 873, 2048 }, { 7, 874, 2048 }, { 8, 875, 2048 }, { 7, 876, 2048 }, { 8, 877, 2048 }, { 8, 878, 2048 }, { 9, 879, 2048 },
- { 6, 880, 2048 }, { 7, 881, 2048 }, { 7, 882, 2048 }, { 8, 883, 2048 }, { 7, 884, 2048 }, { 8, 885, 2048 }, { 8, 886, 2048 }, { 9, 887, 2048 },
- { 7, 888, 2048 }, { 8, 889, 2048 }, { 8, 890, 2048 }, { 9, 891, 2048 }, { 8, 892, 2048 }, { 9, 893, 2048 }, { 9, 894, 2048 }, { 10, 895, 2048 },
- { 4, 896, 2048 }, { 5, 897, 2048 }, { 5, 898, 2048 }, { 6, 899, 2048 }, { 5, 900, 2048 }, { 6, 901, 2048 }, { 6, 902, 2048 }, { 7, 903, 2048 },
- { 5, 904, 2048 }, { 6, 905, 2048 }, { 6, 906, 2048 }, { 7, 907, 2048 }, { 6, 908, 2048 }, { 7, 909, 2048 }, { 7, 910, 2048 }, { 8, 911, 2048 },
- { 5, 912, 2048 }, { 6, 913, 2048 }, { 6, 914, 2048 }, { 7, 915, 2048 }, { 6, 916, 2048 }, { 7, 917, 2048 }, { 7, 918, 2048 }, { 8, 919, 2048 },
- { 6, 920, 2048 }, { 7, 921, 2048 }, { 7, 922, 2048 }, { 8, 923, 2048 }, { 7, 924, 2048 }, { 8, 925, 2048 }, { 8, 926, 2048 }, { 9, 927, 2048 },
- { 5, 928, 2048 }, { 6, 929, 2048 }, { 6, 930, 2048 }, { 7, 931, 2048 }, { 6, 932, 2048 }, { 7, 933, 2048 }, { 7, 934, 2048 }, { 8, 935, 2048 },
- { 6, 936, 2048 }, { 7, 937, 2048 }, { 7, 938, 2048 }, { 8, 939, 2048 }, { 7, 940, 2048 }, { 8, 941, 2048 }, { 8, 942, 2048 }, { 9, 943, 2048 },
- { 6, 944, 2048 }, { 7, 945, 2048 }, { 7, 946, 2048 }, { 8, 947, 2048 }, { 7, 948, 2048 }, { 8, 949, 2048 }, { 8, 950, 2048 }, { 9, 951, 2048 },
- { 7, 952, 2048 }, { 8, 953, 2048 }, { 8, 954, 2048 }, { 9, 955, 2048 }, { 8, 956, 2048 }, { 9, 957, 2048 }, { 9, 958, 2048 }, { 10, 959, 2048 },
- { 5, 960, 2048 }, { 6, 961, 2048 }, { 6, 962, 2048 }, { 7, 963, 2048 }, { 6, 964, 2048 }, { 7, 965, 2048 }, { 7, 966, 2048 }, { 8, 967, 2048 },
- { 6, 968, 2048 }, { 7, 969, 2048 }, { 7, 970, 2048 }, { 8, 971, 2048 }, { 7, 972, 2048 }, { 8, 973, 2048 }, { 8, 974, 2048 }, { 9, 975, 2048 },
- { 6, 976, 2048 }, { 7, 977, 2048 }, { 7, 978, 2048 }, { 8, 979, 2048 }, { 7, 980, 2048 }, { 8, 981, 2048 }, { 8, 982, 2048 }, { 9, 983, 2048 },
- { 7, 984, 2048 }, { 8, 985, 2048 }, { 8, 986, 2048 }, { 9, 987, 2048 }, { 8, 988, 2048 }, { 9, 989, 2048 }, { 9, 990, 2048 }, { 10, 991, 2048 },
- { 6, 992, 2048 }, { 7, 993, 2048 }, { 7, 994, 2048 }, { 8, 995, 2048 }, { 7, 996, 2048 }, { 8, 997, 2048 }, { 8, 998, 2048 }, { 9, 999, 2048 },
- { 7, 1000, 2048 }, { 8, 1001, 2048 }, { 8, 1002, 2048 }, { 9, 1003, 2048 }, { 8, 1004, 2048 }, { 9, 1005, 2048 }, { 9, 1006, 2048 }, { 10, 1007, 2048 },
- { 7, 1008, 2048 }, { 8, 1009, 2048 }, { 8, 1010, 2048 }, { 9, 1011, 2048 }, { 8, 1012, 2048 }, { 9, 1013, 2048 }, { 9, 1014, 2048 }, { 10, 1015, 2048 },
- { 8, 1016, 2048 }, { 9, 1017, 2048 }, { 9, 1018, 2048 }, { 10, 1019, 2048 }, { 9, 1020, 2048 }, { 10, 1021, 2048 }, { 10, 1022, 2048 }, { 11, 1023, 2048 },
- { 2, 1024, 2048 }, { 3, 1025, 2048 }, { 3, 1026, 2048 }, { 4, 1027, 2048 }, { 3, 1028, 2048 }, { 4, 1029, 2048 }, { 4, 1030, 2048 }, { 5, 1031, 2048 },
- { 3, 1032, 2048 }, { 4, 1033, 2048 }, { 4, 1034, 2048 }, { 5, 1035, 2048 }, { 4, 1036, 2048 }, { 5, 1037, 2048 }, { 5, 1038, 2048 }, { 6, 1039, 2048 },
- { 3, 1040, 2048 }, { 4, 1041, 2048 }, { 4, 1042, 2048 }, { 5, 1043, 2048 }, { 4, 1044, 2048 }, { 5, 1045, 2048 }, { 5, 1046, 2048 }, { 6, 1047, 2048 },
- { 4, 1048, 2048 }, { 5, 1049, 2048 }, { 5, 1050, 2048 }, { 6, 1051, 2048 }, { 5, 1052, 2048 }, { 6, 1053, 2048 }, { 6, 1054, 2048 }, { 7, 1055, 2048 },
- { 3, 1056, 2048 }, { 4, 1057, 2048 }, { 4, 1058, 2048 }, { 5, 1059, 2048 }, { 4, 1060, 2048 }, { 5, 1061, 2048 }, { 5, 1062, 2048 }, { 6, 1063, 2048 },
- { 4, 1064, 2048 }, { 5, 1065, 2048 }, { 5, 1066, 2048 }, { 6, 1067, 2048 }, { 5, 1068, 2048 }, { 6, 1069, 2048 }, { 6, 1070, 2048 }, { 7, 1071, 2048 },
- { 4, 1072, 2048 }, { 5, 1073, 2048 }, { 5, 1074, 2048 }, { 6, 1075, 2048 }, { 5, 1076, 2048 }, { 6, 1077, 2048 }, { 6, 1078, 2048 }, { 7, 1079, 2048 },
- { 5, 1080, 2048 }, { 6, 1081, 2048 }, { 6, 1082, 2048 }, { 7, 1083, 2048 }, { 6, 1084, 2048 }, { 7, 1085, 2048 }, { 7, 1086, 2048 }, { 8, 1087, 2048 },
- { 3, 1088, 2048 }, { 4, 1089, 2048 }, { 4, 1090, 2048 }, { 5, 1091, 2048 }, { 4, 1092, 2048 }, { 5, 1093, 2048 }, { 5, 1094, 2048 }, { 6, 1095, 2048 },
- { 4, 1096, 2048 }, { 5, 1097, 2048 }, { 5, 1098, 2048 }, { 6, 1099, 2048 }, { 5, 1100, 2048 }, { 6, 1101, 2048 }, { 6, 1102, 2048 }, { 7, 1103, 2048 },
- { 4, 1104, 2048 }, { 5, 1105, 2048 }, { 5, 1106, 2048 }, { 6, 1107, 2048 }, { 5, 1108, 2048 }, { 6, 1109, 2048 }, { 6, 1110, 2048 }, { 7, 1111, 2048 },
- { 5, 1112, 2048 }, { 6, 1113, 2048 }, { 6, 1114, 2048 }, { 7, 1115, 2048 }, { 6, 1116, 2048 }, { 7, 1117, 2048 }, { 7, 1118, 2048 }, { 8, 1119, 2048 },
- { 4, 1120, 2048 }, { 5, 1121, 2048 }, { 5, 1122, 2048 }, { 6, 1123, 2048 }, { 5, 1124, 2048 }, { 6, 1125, 2048 }, { 6, 1126, 2048 }, { 7, 1127, 2048 },
- { 5, 1128, 2048 }, { 6, 1129, 2048 }, { 6, 1130, 2048 }, { 7, 1131, 2048 }, { 6, 1132, 2048 }, { 7, 1133, 2048 }, { 7, 1134, 2048 }, { 8, 1135, 2048 },
- { 5, 1136, 2048 }, { 6, 1137, 2048 }, { 6, 1138, 2048 }, { 7, 1139, 2048 }, { 6, 1140, 2048 }, { 7, 1141, 2048 }, { 7, 1142, 2048 }, { 8, 1143, 2048 },
- { 6, 1144, 2048 }, { 7, 1145, 2048 }, { 7, 1146, 2048 }, { 8, 1147, 2048 }, { 7, 1148, 2048 }, { 8, 1149, 2048 }, { 8, 1150, 2048 }, { 9, 1151, 2048 },
- { 3, 1152, 2048 }, { 4, 1153, 2048 }, { 4, 1154, 2048 }, { 5, 1155, 2048 }, { 4, 1156, 2048 }, { 5, 1157, 2048 }, { 5, 1158, 2048 }, { 6, 1159, 2048 },
- { 4, 1160, 2048 }, { 5, 1161, 2048 }, { 5, 1162, 2048 }, { 6, 1163, 2048 }, { 5, 1164, 2048 }, { 6, 1165, 2048 }, { 6, 1166, 2048 }, { 7, 1167, 2048 },
- { 4, 1168, 2048 }, { 5, 1169, 2048 }, { 5, 1170, 2048 }, { 6, 1171, 2048 }, { 5, 1172, 2048 }, { 6, 1173, 2048 }, { 6, 1174, 2048 }, { 7, 1175, 2048 },
- { 5, 1176, 2048 }, { 6, 1177, 2048 }, { 6, 1178, 2048 }, { 7, 1179, 2048 }, { 6, 1180, 2048 }, { 7, 1181, 2048 }, { 7, 1182, 2048 }, { 8, 1183, 2048 },
- { 4, 1184, 2048 }, { 5, 1185, 2048 }, { 5, 1186, 2048 }, { 6, 1187, 2048 }, { 5, 1188, 2048 }, { 6, 1189, 2048 }, { 6, 1190, 2048 }, { 7, 1191, 2048 },
- { 5, 1192, 2048 }, { 6, 1193, 2048 }, { 6, 1194, 2048 }, { 7, 1195, 2048 }, { 6, 1196, 2048 }, { 7, 1197, 2048 }, { 7, 1198, 2048 }, { 8, 1199, 2048 },
- { 5, 1200, 2048 }, { 6, 1201, 2048 }, { 6, 1202, 2048 }, { 7, 1203, 2048 }, { 6, 1204, 2048 }, { 7, 1205, 2048 }, { 7, 1206, 2048 }, { 8, 1207, 2048 },
- { 6, 1208, 2048 }, { 7, 1209, 2048 }, { 7, 1210, 2048 }, { 8, 1211, 2048 }, { 7, 1212, 2048 }, { 8, 1213, 2048 }, { 8, 1214, 2048 }, { 9, 1215, 2048 },
- { 4, 1216, 2048 }, { 5, 1217, 2048 }, { 5, 1218, 2048 }, { 6, 1219, 2048 }, { 5, 1220, 2048 }, { 6, 1221, 2048 }, { 6, 1222, 2048 }, { 7, 1223, 2048 },
- { 5, 1224, 2048 }, { 6, 1225, 2048 }, { 6, 1226, 2048 }, { 7, 1227, 2048 }, { 6, 1228, 2048 }, { 7, 1229, 2048 }, { 7, 1230, 2048 }, { 8, 1231, 2048 },
- { 5, 1232, 2048 }, { 6, 1233, 2048 }, { 6, 1234, 2048 }, { 7, 1235, 2048 }, { 6, 1236, 2048 }, { 7, 1237, 2048 }, { 7, 1238, 2048 }, { 8, 1239, 2048 },
- { 6, 1240, 2048 }, { 7, 1241, 2048 }, { 7, 1242, 2048 }, { 8, 1243, 2048 }, { 7, 1244, 2048 }, { 8, 1245, 2048 }, { 8, 1246, 2048 }, { 9, 1247, 2048 },
- { 5, 1248, 2048 }, { 6, 1249, 2048 }, { 6, 1250, 2048 }, { 7, 1251, 2048 }, { 6, 1252, 2048 }, { 7, 1253, 2048 }, { 7, 1254, 2048 }, { 8, 1255, 2048 },
- { 6, 1256, 2048 }, { 7, 1257, 2048 }, { 7, 1258, 2048 }, { 8, 1259, 2048 }, { 7, 1260, 2048 }, { 8, 1261, 2048 }, { 8, 1262, 2048 }, { 9, 1263, 2048 },
- { 6, 1264, 2048 }, { 7, 1265, 2048 }, { 7, 1266, 2048 }, { 8, 1267, 2048 }, { 7, 1268, 2048 }, { 8, 1269, 2048 }, { 8, 1270, 2048 }, { 9, 1271, 2048 },
- { 7, 1272, 2048 }, { 8, 1273, 2048 }, { 8, 1274, 2048 }, { 9, 1275, 2048 }, { 8, 1276, 2048 }, { 9, 1277, 2048 }, { 9, 1278, 2048 }, { 10, 1279, 2048 },
- { 3, 1280, 2048 }, { 4, 1281, 2048 }, { 4, 1282, 2048 }, { 5, 1283, 2048 }, { 4, 1284, 2048 }, { 5, 1285, 2048 }, { 5, 1286, 2048 }, { 6, 1287, 2048 },
- { 4, 1288, 2048 }, { 5, 1289, 2048 }, { 5, 1290, 2048 }, { 6, 1291, 2048 }, { 5, 1292, 2048 }, { 6, 1293, 2048 }, { 6, 1294, 2048 }, { 7, 1295, 2048 },
- { 4, 1296, 2048 }, { 5, 1297, 2048 }, { 5, 1298, 2048 }, { 6, 1299, 2048 }, { 5, 1300, 2048 }, { 6, 1301, 2048 }, { 6, 1302, 2048 }, { 7, 1303, 2048 },
- { 5, 1304, 2048 }, { 6, 1305, 2048 }, { 6, 1306, 2048 }, { 7, 1307, 2048 }, { 6, 1308, 2048 }, { 7, 1309, 2048 }, { 7, 1310, 2048 }, { 8, 1311, 2048 },
- { 4, 1312, 2048 }, { 5, 1313, 2048 }, { 5, 1314, 2048 }, { 6, 1315, 2048 }, { 5, 1316, 2048 }, { 6, 1317, 2048 }, { 6, 1318, 2048 }, { 7, 1319, 2048 },
- { 5, 1320, 2048 }, { 6, 1321, 2048 }, { 6, 1322, 2048 }, { 7, 1323, 2048 }, { 6, 1324, 2048 }, { 7, 1325, 2048 }, { 7, 1326, 2048 }, { 8, 1327, 2048 },
- { 5, 1328, 2048 }, { 6, 1329, 2048 }, { 6, 1330, 2048 }, { 7, 1331, 2048 }, { 6, 1332, 2048 }, { 7, 1333, 2048 }, { 7, 1334, 2048 }, { 8, 1335, 2048 },
- { 6, 1336, 2048 }, { 7, 1337, 2048 }, { 7, 1338, 2048 }, { 8, 1339, 2048 }, { 7, 1340, 2048 }, { 8, 1341, 2048 }, { 8, 1342, 2048 }, { 9, 1343, 2048 },
- { 4, 1344, 2048 }, { 5, 1345, 2048 }, { 5, 1346, 2048 }, { 6, 1347, 2048 }, { 5, 1348, 2048 }, { 6, 1349, 2048 }, { 6, 1350, 2048 }, { 7, 1351, 2048 },
- { 5, 1352, 2048 }, { 6, 1353, 2048 }, { 6, 1354, 2048 }, { 7, 1355, 2048 }, { 6, 1356, 2048 }, { 7, 1357, 2048 }, { 7, 1358, 2048 }, { 8, 1359, 2048 },
- { 5, 1360, 2048 }, { 6, 1361, 2048 }, { 6, 1362, 2048 }, { 7, 1363, 2048 }, { 6, 1364, 2048 }, { 7, 1365, 2048 }, { 7, 1366, 2048 }, { 8, 1367, 2048 },
- { 6, 1368, 2048 }, { 7, 1369, 2048 }, { 7, 1370, 2048 }, { 8, 1371, 2048 }, { 7, 1372, 2048 }, { 8, 1373, 2048 }, { 8, 1374, 2048 }, { 9, 1375, 2048 },
- { 5, 1376, 2048 }, { 6, 1377, 2048 }, { 6, 1378, 2048 }, { 7, 1379, 2048 }, { 6, 1380, 2048 }, { 7, 1381, 2048 }, { 7, 1382, 2048 }, { 8, 1383, 2048 },
- { 6, 1384, 2048 }, { 7, 1385, 2048 }, { 7, 1386, 2048 }, { 8, 1387, 2048 }, { 7, 1388, 2048 }, { 8, 1389, 2048 }, { 8, 1390, 2048 }, { 9, 1391, 2048 },
- { 6, 1392, 2048 }, { 7, 1393, 2048 }, { 7, 1394, 2048 }, { 8, 1395, 2048 }, { 7, 1396, 2048 }, { 8, 1397, 2048 }, { 8, 1398, 2048 }, { 9, 1399, 2048 },
- { 7, 1400, 2048 }, { 8, 1401, 2048 }, { 8, 1402, 2048 }, { 9, 1403, 2048 }, { 8, 1404, 2048 }, { 9, 1405, 2048 }, { 9, 1406, 2048 }, { 10, 1407, 2048 },
- { 4, 1408, 2048 }, { 5, 1409, 2048 }, { 5, 1410, 2048 }, { 6, 1411, 2048 }, { 5, 1412, 2048 }, { 6, 1413, 2048 }, { 6, 1414, 2048 }, { 7, 1415, 2048 },
- { 5, 1416, 2048 }, { 6, 1417, 2048 }, { 6, 1418, 2048 }, { 7, 1419, 2048 }, { 6, 1420, 2048 }, { 7, 1421, 2048 }, { 7, 1422, 2048 }, { 8, 1423, 2048 },
- { 5, 1424, 2048 }, { 6, 1425, 2048 }, { 6, 1426, 2048 }, { 7, 1427, 2048 }, { 6, 1428, 2048 }, { 7, 1429, 2048 }, { 7, 1430, 2048 }, { 8, 1431, 2048 },
- { 6, 1432, 2048 }, { 7, 1433, 2048 }, { 7, 1434, 2048 }, { 8, 1435, 2048 }, { 7, 1436, 2048 }, { 8, 1437, 2048 }, { 8, 1438, 2048 }, { 9, 1439, 2048 },
- { 5, 1440, 2048 }, { 6, 1441, 2048 }, { 6, 1442, 2048 }, { 7, 1443, 2048 }, { 6, 1444, 2048 }, { 7, 1445, 2048 }, { 7, 1446, 2048 }, { 8, 1447, 2048 },
- { 6, 1448, 2048 }, { 7, 1449, 2048 }, { 7, 1450, 2048 }, { 8, 1451, 2048 }, { 7, 1452, 2048 }, { 8, 1453, 2048 }, { 8, 1454, 2048 }, { 9, 1455, 2048 },
- { 6, 1456, 2048 }, { 7, 1457, 2048 }, { 7, 1458, 2048 }, { 8, 1459, 2048 }, { 7, 1460, 2048 }, { 8, 1461, 2048 }, { 8, 1462, 2048 }, { 9, 1463, 2048 },
- { 7, 1464, 2048 }, { 8, 1465, 2048 }, { 8, 1466, 2048 }, { 9, 1467, 2048 }, { 8, 1468, 2048 }, { 9, 1469, 2048 }, { 9, 1470, 2048 }, { 10, 1471, 2048 },
- { 5, 1472, 2048 }, { 6, 1473, 2048 }, { 6, 1474, 2048 }, { 7, 1475, 2048 }, { 6, 1476, 2048 }, { 7, 1477, 2048 }, { 7, 1478, 2048 }, { 8, 1479, 2048 },
- { 6, 1480, 2048 }, { 7, 1481, 2048 }, { 7, 1482, 2048 }, { 8, 1483, 2048 }, { 7, 1484, 2048 }, { 8, 1485, 2048 }, { 8, 1486, 2048 }, { 9, 1487, 2048 },
- { 6, 1488, 2048 }, { 7, 1489, 2048 }, { 7, 1490, 2048 }, { 8, 1491, 2048 }, { 7, 1492, 2048 }, { 8, 1493, 2048 }, { 8, 1494, 2048 }, { 9, 1495, 2048 },
- { 7, 1496, 2048 }, { 8, 1497, 2048 }, { 8, 1498, 2048 }, { 9, 1499, 2048 }, { 8, 1500, 2048 }, { 9, 1501, 2048 }, { 9, 1502, 2048 }, { 10, 1503, 2048 },
- { 6, 1504, 2048 }, { 7, 1505, 2048 }, { 7, 1506, 2048 }, { 8, 1507, 2048 }, { 7, 1508, 2048 }, { 8, 1509, 2048 }, { 8, 1510, 2048 }, { 9, 1511, 2048 },
- { 7, 1512, 2048 }, { 8, 1513, 2048 }, { 8, 1514, 2048 }, { 9, 1515, 2048 }, { 8, 1516, 2048 }, { 9, 1517, 2048 }, { 9, 1518, 2048 }, { 10, 1519, 2048 },
- { 7, 1520, 2048 }, { 8, 1521, 2048 }, { 8, 1522, 2048 }, { 9, 1523, 2048 }, { 8, 1524, 2048 }, { 9, 1525, 2048 }, { 9, 1526, 2048 }, { 10, 1527, 2048 },
- { 8, 1528, 2048 }, { 9, 1529, 2048 }, { 9, 1530, 2048 }, { 10, 1531, 2048 }, { 9, 1532, 2048 }, { 10, 1533, 2048 }, { 10, 1534, 2048 }, { 11, 1535, 2048 },
- { 3, 1536, 2048 }, { 4, 1537, 2048 }, { 4, 1538, 2048 }, { 5, 1539, 2048 }, { 4, 1540, 2048 }, { 5, 1541, 2048 }, { 5, 1542, 2048 }, { 6, 1543, 2048 },
- { 4, 1544, 2048 }, { 5, 1545, 2048 }, { 5, 1546, 2048 }, { 6, 1547, 2048 }, { 5, 1548, 2048 }, { 6, 1549, 2048 }, { 6, 1550, 2048 }, { 7, 1551, 2048 },
- { 4, 1552, 2048 }, { 5, 1553, 2048 }, { 5, 1554, 2048 }, { 6, 1555, 2048 }, { 5, 1556, 2048 }, { 6, 1557, 2048 }, { 6, 1558, 2048 }, { 7, 1559, 2048 },
- { 5, 1560, 2048 }, { 6, 1561, 2048 }, { 6, 1562, 2048 }, { 7, 1563, 2048 }, { 6, 1564, 2048 }, { 7, 1565, 2048 }, { 7, 1566, 2048 }, { 8, 1567, 2048 },
- { 4, 1568, 2048 }, { 5, 1569, 2048 }, { 5, 1570, 2048 }, { 6, 1571, 2048 }, { 5, 1572, 2048 }, { 6, 1573, 2048 }, { 6, 1574, 2048 }, { 7, 1575, 2048 },
- { 5, 1576, 2048 }, { 6, 1577, 2048 }, { 6, 1578, 2048 }, { 7, 1579, 2048 }, { 6, 1580, 2048 }, { 7, 1581, 2048 }, { 7, 1582, 2048 }, { 8, 1583, 2048 },
- { 5, 1584, 2048 }, { 6, 1585, 2048 }, { 6, 1586, 2048 }, { 7, 1587, 2048 }, { 6, 1588, 2048 }, { 7, 1589, 2048 }, { 7, 1590, 2048 }, { 8, 1591, 2048 },
- { 6, 1592, 2048 }, { 7, 1593, 2048 }, { 7, 1594, 2048 }, { 8, 1595, 2048 }, { 7, 1596, 2048 }, { 8, 1597, 2048 }, { 8, 1598, 2048 }, { 9, 1599, 2048 },
- { 4, 1600, 2048 }, { 5, 1601, 2048 }, { 5, 1602, 2048 }, { 6, 1603, 2048 }, { 5, 1604, 2048 }, { 6, 1605, 2048 }, { 6, 1606, 2048 }, { 7, 1607, 2048 },
- { 5, 1608, 2048 }, { 6, 1609, 2048 }, { 6, 1610, 2048 }, { 7, 1611, 2048 }, { 6, 1612, 2048 }, { 7, 1613, 2048 }, { 7, 1614, 2048 }, { 8, 1615, 2048 },
- { 5, 1616, 2048 }, { 6, 1617, 2048 }, { 6, 1618, 2048 }, { 7, 1619, 2048 }, { 6, 1620, 2048 }, { 7, 1621, 2048 }, { 7, 1622, 2048 }, { 8, 1623, 2048 },
- { 6, 1624, 2048 }, { 7, 1625, 2048 }, { 7, 1626, 2048 }, { 8, 1627, 2048 }, { 7, 1628, 2048 }, { 8, 1629, 2048 }, { 8, 1630, 2048 }, { 9, 1631, 2048 },
- { 5, 1632, 2048 }, { 6, 1633, 2048 }, { 6, 1634, 2048 }, { 7, 1635, 2048 }, { 6, 1636, 2048 }, { 7, 1637, 2048 }, { 7, 1638, 2048 }, { 8, 1639, 2048 },
- { 6, 1640, 2048 }, { 7, 1641, 2048 }, { 7, 1642, 2048 }, { 8, 1643, 2048 }, { 7, 1644, 2048 }, { 8, 1645, 2048 }, { 8, 1646, 2048 }, { 9, 1647, 2048 },
- { 6, 1648, 2048 }, { 7, 1649, 2048 }, { 7, 1650, 2048 }, { 8, 1651, 2048 }, { 7, 1652, 2048 }, { 8, 1653, 2048 }, { 8, 1654, 2048 }, { 9, 1655, 2048 },
- { 7, 1656, 2048 }, { 8, 1657, 2048 }, { 8, 1658, 2048 }, { 9, 1659, 2048 }, { 8, 1660, 2048 }, { 9, 1661, 2048 }, { 9, 1662, 2048 }, { 10, 1663, 2048 },
- { 4, 1664, 2048 }, { 5, 1665, 2048 }, { 5, 1666, 2048 }, { 6, 1667, 2048 }, { 5, 1668, 2048 }, { 6, 1669, 2048 }, { 6, 1670, 2048 }, { 7, 1671, 2048 },
- { 5, 1672, 2048 }, { 6, 1673, 2048 }, { 6, 1674, 2048 }, { 7, 1675, 2048 }, { 6, 1676, 2048 }, { 7, 1677, 2048 }, { 7, 1678, 2048 }, { 8, 1679, 2048 },
- { 5, 1680, 2048 }, { 6, 1681, 2048 }, { 6, 1682, 2048 }, { 7, 1683, 2048 }, { 6, 1684, 2048 }, { 7, 1685, 2048 }, { 7, 1686, 2048 }, { 8, 1687, 2048 },
- { 6, 1688, 2048 }, { 7, 1689, 2048 }, { 7, 1690, 2048 }, { 8, 1691, 2048 }, { 7, 1692, 2048 }, { 8, 1693, 2048 }, { 8, 1694, 2048 }, { 9, 1695, 2048 },
- { 5, 1696, 2048 }, { 6, 1697, 2048 }, { 6, 1698, 2048 }, { 7, 1699, 2048 }, { 6, 1700, 2048 }, { 7, 1701, 2048 }, { 7, 1702, 2048 }, { 8, 1703, 2048 },
- { 6, 1704, 2048 }, { 7, 1705, 2048 }, { 7, 1706, 2048 }, { 8, 1707, 2048 }, { 7, 1708, 2048 }, { 8, 1709, 2048 }, { 8, 1710, 2048 }, { 9, 1711, 2048 },
- { 6, 1712, 2048 }, { 7, 1713, 2048 }, { 7, 1714, 2048 }, { 8, 1715, 2048 }, { 7, 1716, 2048 }, { 8, 1717, 2048 }, { 8, 1718, 2048 }, { 9, 1719, 2048 },
- { 7, 1720, 2048 }, { 8, 1721, 2048 }, { 8, 1722, 2048 }, { 9, 1723, 2048 }, { 8, 1724, 2048 }, { 9, 1725, 2048 }, { 9, 1726, 2048 }, { 10, 1727, 2048 },
- { 5, 1728, 2048 }, { 6, 1729, 2048 }, { 6, 1730, 2048 }, { 7, 1731, 2048 }, { 6, 1732, 2048 }, { 7, 1733, 2048 }, { 7, 1734, 2048 }, { 8, 1735, 2048 },
- { 6, 1736, 2048 }, { 7, 1737, 2048 }, { 7, 1738, 2048 }, { 8, 1739, 2048 }, { 7, 1740, 2048 }, { 8, 1741, 2048 }, { 8, 1742, 2048 }, { 9, 1743, 2048 },
- { 6, 1744, 2048 }, { 7, 1745, 2048 }, { 7, 1746, 2048 }, { 8, 1747, 2048 }, { 7, 1748, 2048 }, { 8, 1749, 2048 }, { 8, 1750, 2048 }, { 9, 1751, 2048 },
- { 7, 1752, 2048 }, { 8, 1753, 2048 }, { 8, 1754, 2048 }, { 9, 1755, 2048 }, { 8, 1756, 2048 }, { 9, 1757, 2048 }, { 9, 1758, 2048 }, { 10, 1759, 2048 },
- { 6, 1760, 2048 }, { 7, 1761, 2048 }, { 7, 1762, 2048 }, { 8, 1763, 2048 }, { 7, 1764, 2048 }, { 8, 1765, 2048 }, { 8, 1766, 2048 }, { 9, 1767, 2048 },
- { 7, 1768, 2048 }, { 8, 1769, 2048 }, { 8, 1770, 2048 }, { 9, 1771, 2048 }, { 8, 1772, 2048 }, { 9, 1773, 2048 }, { 9, 1774, 2048 }, { 10, 1775, 2048 },
- { 7, 1776, 2048 }, { 8, 1777, 2048 }, { 8, 1778, 2048 }, { 9, 1779, 2048 }, { 8, 1780, 2048 }, { 9, 1781, 2048 }, { 9, 1782, 2048 }, { 10, 1783, 2048 },
- { 8, 1784, 2048 }, { 9, 1785, 2048 }, { 9, 1786, 2048 }, { 10, 1787, 2048 }, { 9, 1788, 2048 }, { 10, 1789, 2048 }, { 10, 1790, 2048 }, { 11, 1791, 2048 },
- { 4, 1792, 2048 }, { 5, 1793, 2048 }, { 5, 1794, 2048 }, { 6, 1795, 2048 }, { 5, 1796, 2048 }, { 6, 1797, 2048 }, { 6, 1798, 2048 }, { 7, 1799, 2048 },
- { 5, 1800, 2048 }, { 6, 1801, 2048 }, { 6, 1802, 2048 }, { 7, 1803, 2048 }, { 6, 1804, 2048 }, { 7, 1805, 2048 }, { 7, 1806, 2048 }, { 8, 1807, 2048 },
- { 5, 1808, 2048 }, { 6, 1809, 2048 }, { 6, 1810, 2048 }, { 7, 1811, 2048 }, { 6, 1812, 2048 }, { 7, 1813, 2048 }, { 7, 1814, 2048 }, { 8, 1815, 2048 },
- { 6, 1816, 2048 }, { 7, 1817, 2048 }, { 7, 1818, 2048 }, { 8, 1819, 2048 }, { 7, 1820, 2048 }, { 8, 1821, 2048 }, { 8, 1822, 2048 }, { 9, 1823, 2048 },
- { 5, 1824, 2048 }, { 6, 1825, 2048 }, { 6, 1826, 2048 }, { 7, 1827, 2048 }, { 6, 1828, 2048 }, { 7, 1829, 2048 }, { 7, 1830, 2048 }, { 8, 1831, 2048 },
- { 6, 1832, 2048 }, { 7, 1833, 2048 }, { 7, 1834, 2048 }, { 8, 1835, 2048 }, { 7, 1836, 2048 }, { 8, 1837, 2048 }, { 8, 1838, 2048 }, { 9, 1839, 2048 },
- { 6, 1840, 2048 }, { 7, 1841, 2048 }, { 7, 1842, 2048 }, { 8, 1843, 2048 }, { 7, 1844, 2048 }, { 8, 1845, 2048 }, { 8, 1846, 2048 }, { 9, 1847, 2048 },
- { 7, 1848, 2048 }, { 8, 1849, 2048 }, { 8, 1850, 2048 }, { 9, 1851, 2048 }, { 8, 1852, 2048 }, { 9, 1853, 2048 }, { 9, 1854, 2048 }, { 10, 1855, 2048 },
- { 5, 1856, 2048 }, { 6, 1857, 2048 }, { 6, 1858, 2048 }, { 7, 1859, 2048 }, { 6, 1860, 2048 }, { 7, 1861, 2048 }, { 7, 1862, 2048 }, { 8, 1863, 2048 },
- { 6, 1864, 2048 }, { 7, 1865, 2048 }, { 7, 1866, 2048 }, { 8, 1867, 2048 }, { 7, 1868, 2048 }, { 8, 1869, 2048 }, { 8, 1870, 2048 }, { 9, 1871, 2048 },
- { 6, 1872, 2048 }, { 7, 1873, 2048 }, { 7, 1874, 2048 }, { 8, 1875, 2048 }, { 7, 1876, 2048 }, { 8, 1877, 2048 }, { 8, 1878, 2048 }, { 9, 1879, 2048 },
- { 7, 1880, 2048 }, { 8, 1881, 2048 }, { 8, 1882, 2048 }, { 9, 1883, 2048 }, { 8, 1884, 2048 }, { 9, 1885, 2048 }, { 9, 1886, 2048 }, { 10, 1887, 2048 },
- { 6, 1888, 2048 }, { 7, 1889, 2048 }, { 7, 1890, 2048 }, { 8, 1891, 2048 }, { 7, 1892, 2048 }, { 8, 1893, 2048 }, { 8, 1894, 2048 }, { 9, 1895, 2048 },
- { 7, 1896, 2048 }, { 8, 1897, 2048 }, { 8, 1898, 2048 }, { 9, 1899, 2048 }, { 8, 1900, 2048 }, { 9, 1901, 2048 }, { 9, 1902, 2048 }, { 10, 1903, 2048 },
- { 7, 1904, 2048 }, { 8, 1905, 2048 }, { 8, 1906, 2048 }, { 9, 1907, 2048 }, { 8, 1908, 2048 }, { 9, 1909, 2048 }, { 9, 1910, 2048 }, { 10, 1911, 2048 },
- { 8, 1912, 2048 }, { 9, 1913, 2048 }, { 9, 1914, 2048 }, { 10, 1915, 2048 }, { 9, 1916, 2048 }, { 10, 1917, 2048 }, { 10, 1918, 2048 }, { 11, 1919, 2048 },
- { 5, 1920, 2048 }, { 6, 1921, 2048 }, { 6, 1922, 2048 }, { 7, 1923, 2048 }, { 6, 1924, 2048 }, { 7, 1925, 2048 }, { 7, 1926, 2048 }, { 8, 1927, 2048 },
- { 6, 1928, 2048 }, { 7, 1929, 2048 }, { 7, 1930, 2048 }, { 8, 1931, 2048 }, { 7, 1932, 2048 }, { 8, 1933, 2048 }, { 8, 1934, 2048 }, { 9, 1935, 2048 },
- { 6, 1936, 2048 }, { 7, 1937, 2048 }, { 7, 1938, 2048 }, { 8, 1939, 2048 }, { 7, 1940, 2048 }, { 8, 1941, 2048 }, { 8, 1942, 2048 }, { 9, 1943, 2048 },
- { 7, 1944, 2048 }, { 8, 1945, 2048 }, { 8, 1946, 2048 }, { 9, 1947, 2048 }, { 8, 1948, 2048 }, { 9, 1949, 2048 }, { 9, 1950, 2048 }, { 10, 1951, 2048 },
- { 6, 1952, 2048 }, { 7, 1953, 2048 }, { 7, 1954, 2048 }, { 8, 1955, 2048 }, { 7, 1956, 2048 }, { 8, 1957, 2048 }, { 8, 1958, 2048 }, { 9, 1959, 2048 },
- { 7, 1960, 2048 }, { 8, 1961, 2048 }, { 8, 1962, 2048 }, { 9, 1963, 2048 }, { 8, 1964, 2048 }, { 9, 1965, 2048 }, { 9, 1966, 2048 }, { 10, 1967, 2048 },
- { 7, 1968, 2048 }, { 8, 1969, 2048 }, { 8, 1970, 2048 }, { 9, 1971, 2048 }, { 8, 1972, 2048 }, { 9, 1973, 2048 }, { 9, 1974, 2048 }, { 10, 1975, 2048 },
- { 8, 1976, 2048 }, { 9, 1977, 2048 }, { 9, 1978, 2048 }, { 10, 1979, 2048 }, { 9, 1980, 2048 }, { 10, 1981, 2048 }, { 10, 1982, 2048 }, { 11, 1983, 2048 },
- { 6, 1984, 2048 }, { 7, 1985, 2048 }, { 7, 1986, 2048 }, { 8, 1987, 2048 }, { 7, 1988, 2048 }, { 8, 1989, 2048 }, { 8, 1990, 2048 }, { 9, 1991, 2048 },
- { 7, 1992, 2048 }, { 8, 1993, 2048 }, { 8, 1994, 2048 }, { 9, 1995, 2048 }, { 8, 1996, 2048 }, { 9, 1997, 2048 }, { 9, 1998, 2048 }, { 10, 1999, 2048 },
- { 7, 2000, 2048 }, { 8, 2001, 2048 }, { 8, 2002, 2048 }, { 9, 2003, 2048 }, { 8, 2004, 2048 }, { 9, 2005, 2048 }, { 9, 2006, 2048 }, { 10, 2007, 2048 },
- { 8, 2008, 2048 }, { 9, 2009, 2048 }, { 9, 2010, 2048 }, { 10, 2011, 2048 }, { 9, 2012, 2048 }, { 10, 2013, 2048 }, { 10, 2014, 2048 }, { 11, 2015, 2048 },
- { 7, 2016, 2048 }, { 8, 2017, 2048 }, { 8, 2018, 2048 }, { 9, 2019, 2048 }, { 8, 2020, 2048 }, { 9, 2021, 2048 }, { 9, 2022, 2048 }, { 10, 2023, 2048 },
- { 8, 2024, 2048 }, { 9, 2025, 2048 }, { 9, 2026, 2048 }, { 10, 2027, 2048 }, { 9, 2028, 2048 }, { 10, 2029, 2048 }, { 10, 2030, 2048 }, { 11, 2031, 2048 },
- { 8, 2032, 2048 }, { 9, 2033, 2048 }, { 9, 2034, 2048 }, { 10, 2035, 2048 }, { 9, 2036, 2048 }, { 10, 2037, 2048 }, { 10, 2038, 2048 }, { 11, 2039, 2048 },
- { 9, 2040, 2048 }, { 10, 2041, 2048 }, { 10, 2042, 2048 }, { 11, 2043, 2048 }, { 10, 2044, 2048 }, { 11, 2045, 2048 }, { 11, 2046, 2048 }, { 12, 2047, 2048 },
+ { 1, 0, 0 }, { 2, 1, 2048 }, { 2, 2, 2048 }, { 3, 3, 2048 }, { 2, 4, 2048 }, { 3, 5, 2048 }, { 3, 6, 2048 }, { 4, 7, 2048 },
+ { 2, 8, 2048 }, { 3, 9, 2048 }, { 3, 10, 2048 }, { 4, 11, 2048 }, { 3, 12, 2048 }, { 4, 13, 2048 }, { 4, 14, 2048 }, { 5, 15, 2048 },
+ { 2, 16, 2048 }, { 3, 17, 2048 }, { 3, 18, 2048 }, { 4, 19, 2048 }, { 3, 20, 2048 }, { 4, 21, 2048 }, { 4, 22, 2048 }, { 5, 23, 2048 },
+ { 3, 24, 2048 }, { 4, 25, 2048 }, { 4, 26, 2048 }, { 5, 27, 2048 }, { 4, 28, 2048 }, { 5, 29, 2048 }, { 5, 30, 2048 }, { 6, 31, 2048 },
+ { 2, 32, 2048 }, { 3, 33, 2048 }, { 3, 34, 2048 }, { 4, 35, 2048 }, { 3, 36, 2048 }, { 4, 37, 2048 }, { 4, 38, 2048 }, { 5, 39, 2048 },
+ { 3, 40, 2048 }, { 4, 41, 2048 }, { 4, 42, 2048 }, { 5, 43, 2048 }, { 4, 44, 2048 }, { 5, 45, 2048 }, { 5, 46, 2048 }, { 6, 47, 2048 },
+ { 3, 48, 2048 }, { 4, 49, 2048 }, { 4, 50, 2048 }, { 5, 51, 2048 }, { 4, 52, 2048 }, { 5, 53, 2048 }, { 5, 54, 2048 }, { 6, 55, 2048 },
+ { 4, 56, 2048 }, { 5, 57, 2048 }, { 5, 58, 2048 }, { 6, 59, 2048 }, { 5, 60, 2048 }, { 6, 61, 2048 }, { 6, 62, 2048 }, { 7, 63, 2048 },
+ { 2, 64, 2048 }, { 3, 65, 2048 }, { 3, 66, 2048 }, { 4, 67, 2048 }, { 3, 68, 2048 }, { 4, 69, 2048 }, { 4, 70, 2048 }, { 5, 71, 2048 },
+ { 3, 72, 2048 }, { 4, 73, 2048 }, { 4, 74, 2048 }, { 5, 75, 2048 }, { 4, 76, 2048 }, { 5, 77, 2048 }, { 5, 78, 2048 }, { 6, 79, 2048 },
+ { 3, 80, 2048 }, { 4, 81, 2048 }, { 4, 82, 2048 }, { 5, 83, 2048 }, { 4, 84, 2048 }, { 5, 85, 2048 }, { 5, 86, 2048 }, { 6, 87, 2048 },
+ { 4, 88, 2048 }, { 5, 89, 2048 }, { 5, 90, 2048 }, { 6, 91, 2048 }, { 5, 92, 2048 }, { 6, 93, 2048 }, { 6, 94, 2048 }, { 7, 95, 2048 },
+ { 3, 96, 2048 }, { 4, 97, 2048 }, { 4, 98, 2048 }, { 5, 99, 2048 }, { 4, 100, 2048 }, { 5, 101, 2048 }, { 5, 102, 2048 }, { 6, 103, 2048 },
+ { 4, 104, 2048 }, { 5, 105, 2048 }, { 5, 106, 2048 }, { 6, 107, 2048 }, { 5, 108, 2048 }, { 6, 109, 2048 }, { 6, 110, 2048 }, { 7, 111, 2048 },
+ { 4, 112, 2048 }, { 5, 113, 2048 }, { 5, 114, 2048 }, { 6, 115, 2048 }, { 5, 116, 2048 }, { 6, 117, 2048 }, { 6, 118, 2048 }, { 7, 119, 2048 },
+ { 5, 120, 2048 }, { 6, 121, 2048 }, { 6, 122, 2048 }, { 7, 123, 2048 }, { 6, 124, 2048 }, { 7, 125, 2048 }, { 7, 126, 2048 }, { 8, 127, 2048 },
+ { 2, 128, 2048 }, { 3, 129, 2048 }, { 3, 130, 2048 }, { 4, 131, 2048 }, { 3, 132, 2048 }, { 4, 133, 2048 }, { 4, 134, 2048 }, { 5, 135, 2048 },
+ { 3, 136, 2048 }, { 4, 137, 2048 }, { 4, 138, 2048 }, { 5, 139, 2048 }, { 4, 140, 2048 }, { 5, 141, 2048 }, { 5, 142, 2048 }, { 6, 143, 2048 },
+ { 3, 144, 2048 }, { 4, 145, 2048 }, { 4, 146, 2048 }, { 5, 147, 2048 }, { 4, 148, 2048 }, { 5, 149, 2048 }, { 5, 150, 2048 }, { 6, 151, 2048 },
+ { 4, 152, 2048 }, { 5, 153, 2048 }, { 5, 154, 2048 }, { 6, 155, 2048 }, { 5, 156, 2048 }, { 6, 157, 2048 }, { 6, 158, 2048 }, { 7, 159, 2048 },
+ { 3, 160, 2048 }, { 4, 161, 2048 }, { 4, 162, 2048 }, { 5, 163, 2048 }, { 4, 164, 2048 }, { 5, 165, 2048 }, { 5, 166, 2048 }, { 6, 167, 2048 },
+ { 4, 168, 2048 }, { 5, 169, 2048 }, { 5, 170, 2048 }, { 6, 171, 2048 }, { 5, 172, 2048 }, { 6, 173, 2048 }, { 6, 174, 2048 }, { 7, 175, 2048 },
+ { 4, 176, 2048 }, { 5, 177, 2048 }, { 5, 178, 2048 }, { 6, 179, 2048 }, { 5, 180, 2048 }, { 6, 181, 2048 }, { 6, 182, 2048 }, { 7, 183, 2048 },
+ { 5, 184, 2048 }, { 6, 185, 2048 }, { 6, 186, 2048 }, { 7, 187, 2048 }, { 6, 188, 2048 }, { 7, 189, 2048 }, { 7, 190, 2048 }, { 8, 191, 2048 },
+ { 3, 192, 2048 }, { 4, 193, 2048 }, { 4, 194, 2048 }, { 5, 195, 2048 }, { 4, 196, 2048 }, { 5, 197, 2048 }, { 5, 198, 2048 }, { 6, 199, 2048 },
+ { 4, 200, 2048 }, { 5, 201, 2048 }, { 5, 202, 2048 }, { 6, 203, 2048 }, { 5, 204, 2048 }, { 6, 205, 2048 }, { 6, 206, 2048 }, { 7, 207, 2048 },
+ { 4, 208, 2048 }, { 5, 209, 2048 }, { 5, 210, 2048 }, { 6, 211, 2048 }, { 5, 212, 2048 }, { 6, 213, 2048 }, { 6, 214, 2048 }, { 7, 215, 2048 },
+ { 5, 216, 2048 }, { 6, 217, 2048 }, { 6, 218, 2048 }, { 7, 219, 2048 }, { 6, 220, 2048 }, { 7, 221, 2048 }, { 7, 222, 2048 }, { 8, 223, 2048 },
+ { 4, 224, 2048 }, { 5, 225, 2048 }, { 5, 226, 2048 }, { 6, 227, 2048 }, { 5, 228, 2048 }, { 6, 229, 2048 }, { 6, 230, 2048 }, { 7, 231, 2048 },
+ { 5, 232, 2048 }, { 6, 233, 2048 }, { 6, 234, 2048 }, { 7, 235, 2048 }, { 6, 236, 2048 }, { 7, 237, 2048 }, { 7, 238, 2048 }, { 8, 239, 2048 },
+ { 5, 240, 2048 }, { 6, 241, 2048 }, { 6, 242, 2048 }, { 7, 243, 2048 }, { 6, 244, 2048 }, { 7, 245, 2048 }, { 7, 246, 2048 }, { 8, 247, 2048 },
+ { 6, 248, 2048 }, { 7, 249, 2048 }, { 7, 250, 2048 }, { 8, 251, 2048 }, { 7, 252, 2048 }, { 8, 253, 2048 }, { 8, 254, 2048 }, { 9, 255, 2048 },
+ { 2, 256, 2048 }, { 3, 257, 2048 }, { 3, 258, 2048 }, { 4, 259, 2048 }, { 3, 260, 2048 }, { 4, 261, 2048 }, { 4, 262, 2048 }, { 5, 263, 2048 },
+ { 3, 264, 2048 }, { 4, 265, 2048 }, { 4, 266, 2048 }, { 5, 267, 2048 }, { 4, 268, 2048 }, { 5, 269, 2048 }, { 5, 270, 2048 }, { 6, 271, 2048 },
+ { 3, 272, 2048 }, { 4, 273, 2048 }, { 4, 274, 2048 }, { 5, 275, 2048 }, { 4, 276, 2048 }, { 5, 277, 2048 }, { 5, 278, 2048 }, { 6, 279, 2048 },
+ { 4, 280, 2048 }, { 5, 281, 2048 }, { 5, 282, 2048 }, { 6, 283, 2048 }, { 5, 284, 2048 }, { 6, 285, 2048 }, { 6, 286, 2048 }, { 7, 287, 2048 },
+ { 3, 288, 2048 }, { 4, 289, 2048 }, { 4, 290, 2048 }, { 5, 291, 2048 }, { 4, 292, 2048 }, { 5, 293, 2048 }, { 5, 294, 2048 }, { 6, 295, 2048 },
+ { 4, 296, 2048 }, { 5, 297, 2048 }, { 5, 298, 2048 }, { 6, 299, 2048 }, { 5, 300, 2048 }, { 6, 301, 2048 }, { 6, 302, 2048 }, { 7, 303, 2048 },
+ { 4, 304, 2048 }, { 5, 305, 2048 }, { 5, 306, 2048 }, { 6, 307, 2048 }, { 5, 308, 2048 }, { 6, 309, 2048 }, { 6, 310, 2048 }, { 7, 311, 2048 },
+ { 5, 312, 2048 }, { 6, 313, 2048 }, { 6, 314, 2048 }, { 7, 315, 2048 }, { 6, 316, 2048 }, { 7, 317, 2048 }, { 7, 318, 2048 }, { 8, 319, 2048 },
+ { 3, 320, 2048 }, { 4, 321, 2048 }, { 4, 322, 2048 }, { 5, 323, 2048 }, { 4, 324, 2048 }, { 5, 325, 2048 }, { 5, 326, 2048 }, { 6, 327, 2048 },
+ { 4, 328, 2048 }, { 5, 329, 2048 }, { 5, 330, 2048 }, { 6, 331, 2048 }, { 5, 332, 2048 }, { 6, 333, 2048 }, { 6, 334, 2048 }, { 7, 335, 2048 },
+ { 4, 336, 2048 }, { 5, 337, 2048 }, { 5, 338, 2048 }, { 6, 339, 2048 }, { 5, 340, 2048 }, { 6, 341, 2048 }, { 6, 342, 2048 }, { 7, 343, 2048 },
+ { 5, 344, 2048 }, { 6, 345, 2048 }, { 6, 346, 2048 }, { 7, 347, 2048 }, { 6, 348, 2048 }, { 7, 349, 2048 }, { 7, 350, 2048 }, { 8, 351, 2048 },
+ { 4, 352, 2048 }, { 5, 353, 2048 }, { 5, 354, 2048 }, { 6, 355, 2048 }, { 5, 356, 2048 }, { 6, 357, 2048 }, { 6, 358, 2048 }, { 7, 359, 2048 },
+ { 5, 360, 2048 }, { 6, 361, 2048 }, { 6, 362, 2048 }, { 7, 363, 2048 }, { 6, 364, 2048 }, { 7, 365, 2048 }, { 7, 366, 2048 }, { 8, 367, 2048 },
+ { 5, 368, 2048 }, { 6, 369, 2048 }, { 6, 370, 2048 }, { 7, 371, 2048 }, { 6, 372, 2048 }, { 7, 373, 2048 }, { 7, 374, 2048 }, { 8, 375, 2048 },
+ { 6, 376, 2048 }, { 7, 377, 2048 }, { 7, 378, 2048 }, { 8, 379, 2048 }, { 7, 380, 2048 }, { 8, 381, 2048 }, { 8, 382, 2048 }, { 9, 383, 2048 },
+ { 3, 384, 2048 }, { 4, 385, 2048 }, { 4, 386, 2048 }, { 5, 387, 2048 }, { 4, 388, 2048 }, { 5, 389, 2048 }, { 5, 390, 2048 }, { 6, 391, 2048 },
+ { 4, 392, 2048 }, { 5, 393, 2048 }, { 5, 394, 2048 }, { 6, 395, 2048 }, { 5, 396, 2048 }, { 6, 397, 2048 }, { 6, 398, 2048 }, { 7, 399, 2048 },
+ { 4, 400, 2048 }, { 5, 401, 2048 }, { 5, 402, 2048 }, { 6, 403, 2048 }, { 5, 404, 2048 }, { 6, 405, 2048 }, { 6, 406, 2048 }, { 7, 407, 2048 },
+ { 5, 408, 2048 }, { 6, 409, 2048 }, { 6, 410, 2048 }, { 7, 411, 2048 }, { 6, 412, 2048 }, { 7, 413, 2048 }, { 7, 414, 2048 }, { 8, 415, 2048 },
+ { 4, 416, 2048 }, { 5, 417, 2048 }, { 5, 418, 2048 }, { 6, 419, 2048 }, { 5, 420, 2048 }, { 6, 421, 2048 }, { 6, 422, 2048 }, { 7, 423, 2048 },
+ { 5, 424, 2048 }, { 6, 425, 2048 }, { 6, 426, 2048 }, { 7, 427, 2048 }, { 6, 428, 2048 }, { 7, 429, 2048 }, { 7, 430, 2048 }, { 8, 431, 2048 },
+ { 5, 432, 2048 }, { 6, 433, 2048 }, { 6, 434, 2048 }, { 7, 435, 2048 }, { 6, 436, 2048 }, { 7, 437, 2048 }, { 7, 438, 2048 }, { 8, 439, 2048 },
+ { 6, 440, 2048 }, { 7, 441, 2048 }, { 7, 442, 2048 }, { 8, 443, 2048 }, { 7, 444, 2048 }, { 8, 445, 2048 }, { 8, 446, 2048 }, { 9, 447, 2048 },
+ { 4, 448, 2048 }, { 5, 449, 2048 }, { 5, 450, 2048 }, { 6, 451, 2048 }, { 5, 452, 2048 }, { 6, 453, 2048 }, { 6, 454, 2048 }, { 7, 455, 2048 },
+ { 5, 456, 2048 }, { 6, 457, 2048 }, { 6, 458, 2048 }, { 7, 459, 2048 }, { 6, 460, 2048 }, { 7, 461, 2048 }, { 7, 462, 2048 }, { 8, 463, 2048 },
+ { 5, 464, 2048 }, { 6, 465, 2048 }, { 6, 466, 2048 }, { 7, 467, 2048 }, { 6, 468, 2048 }, { 7, 469, 2048 }, { 7, 470, 2048 }, { 8, 471, 2048 },
+ { 6, 472, 2048 }, { 7, 473, 2048 }, { 7, 474, 2048 }, { 8, 475, 2048 }, { 7, 476, 2048 }, { 8, 477, 2048 }, { 8, 478, 2048 }, { 9, 479, 2048 },
+ { 5, 480, 2048 }, { 6, 481, 2048 }, { 6, 482, 2048 }, { 7, 483, 2048 }, { 6, 484, 2048 }, { 7, 485, 2048 }, { 7, 486, 2048 }, { 8, 487, 2048 },
+ { 6, 488, 2048 }, { 7, 489, 2048 }, { 7, 490, 2048 }, { 8, 491, 2048 }, { 7, 492, 2048 }, { 8, 493, 2048 }, { 8, 494, 2048 }, { 9, 495, 2048 },
+ { 6, 496, 2048 }, { 7, 497, 2048 }, { 7, 498, 2048 }, { 8, 499, 2048 }, { 7, 500, 2048 }, { 8, 501, 2048 }, { 8, 502, 2048 }, { 9, 503, 2048 },
+ { 7, 504, 2048 }, { 8, 505, 2048 }, { 8, 506, 2048 }, { 9, 507, 2048 }, { 8, 508, 2048 }, { 9, 509, 2048 }, { 9, 510, 2048 }, { 10, 511, 2048 },
+ { 2, 512, 2048 }, { 3, 513, 2048 }, { 3, 514, 2048 }, { 4, 515, 2048 }, { 3, 516, 2048 }, { 4, 517, 2048 }, { 4, 518, 2048 }, { 5, 519, 2048 },
+ { 3, 520, 2048 }, { 4, 521, 2048 }, { 4, 522, 2048 }, { 5, 523, 2048 }, { 4, 524, 2048 }, { 5, 525, 2048 }, { 5, 526, 2048 }, { 6, 527, 2048 },
+ { 3, 528, 2048 }, { 4, 529, 2048 }, { 4, 530, 2048 }, { 5, 531, 2048 }, { 4, 532, 2048 }, { 5, 533, 2048 }, { 5, 534, 2048 }, { 6, 535, 2048 },
+ { 4, 536, 2048 }, { 5, 537, 2048 }, { 5, 538, 2048 }, { 6, 539, 2048 }, { 5, 540, 2048 }, { 6, 541, 2048 }, { 6, 542, 2048 }, { 7, 543, 2048 },
+ { 3, 544, 2048 }, { 4, 545, 2048 }, { 4, 546, 2048 }, { 5, 547, 2048 }, { 4, 548, 2048 }, { 5, 549, 2048 }, { 5, 550, 2048 }, { 6, 551, 2048 },
+ { 4, 552, 2048 }, { 5, 553, 2048 }, { 5, 554, 2048 }, { 6, 555, 2048 }, { 5, 556, 2048 }, { 6, 557, 2048 }, { 6, 558, 2048 }, { 7, 559, 2048 },
+ { 4, 560, 2048 }, { 5, 561, 2048 }, { 5, 562, 2048 }, { 6, 563, 2048 }, { 5, 564, 2048 }, { 6, 565, 2048 }, { 6, 566, 2048 }, { 7, 567, 2048 },
+ { 5, 568, 2048 }, { 6, 569, 2048 }, { 6, 570, 2048 }, { 7, 571, 2048 }, { 6, 572, 2048 }, { 7, 573, 2048 }, { 7, 574, 2048 }, { 8, 575, 2048 },
+ { 3, 576, 2048 }, { 4, 577, 2048 }, { 4, 578, 2048 }, { 5, 579, 2048 }, { 4, 580, 2048 }, { 5, 581, 2048 }, { 5, 582, 2048 }, { 6, 583, 2048 },
+ { 4, 584, 2048 }, { 5, 585, 2048 }, { 5, 586, 2048 }, { 6, 587, 2048 }, { 5, 588, 2048 }, { 6, 589, 2048 }, { 6, 590, 2048 }, { 7, 591, 2048 },
+ { 4, 592, 2048 }, { 5, 593, 2048 }, { 5, 594, 2048 }, { 6, 595, 2048 }, { 5, 596, 2048 }, { 6, 597, 2048 }, { 6, 598, 2048 }, { 7, 599, 2048 },
+ { 5, 600, 2048 }, { 6, 601, 2048 }, { 6, 602, 2048 }, { 7, 603, 2048 }, { 6, 604, 2048 }, { 7, 605, 2048 }, { 7, 606, 2048 }, { 8, 607, 2048 },
+ { 4, 608, 2048 }, { 5, 609, 2048 }, { 5, 610, 2048 }, { 6, 611, 2048 }, { 5, 612, 2048 }, { 6, 613, 2048 }, { 6, 614, 2048 }, { 7, 615, 2048 },
+ { 5, 616, 2048 }, { 6, 617, 2048 }, { 6, 618, 2048 }, { 7, 619, 2048 }, { 6, 620, 2048 }, { 7, 621, 2048 }, { 7, 622, 2048 }, { 8, 623, 2048 },
+ { 5, 624, 2048 }, { 6, 625, 2048 }, { 6, 626, 2048 }, { 7, 627, 2048 }, { 6, 628, 2048 }, { 7, 629, 2048 }, { 7, 630, 2048 }, { 8, 631, 2048 },
+ { 6, 632, 2048 }, { 7, 633, 2048 }, { 7, 634, 2048 }, { 8, 635, 2048 }, { 7, 636, 2048 }, { 8, 637, 2048 }, { 8, 638, 2048 }, { 9, 639, 2048 },
+ { 3, 640, 2048 }, { 4, 641, 2048 }, { 4, 642, 2048 }, { 5, 643, 2048 }, { 4, 644, 2048 }, { 5, 645, 2048 }, { 5, 646, 2048 }, { 6, 647, 2048 },
+ { 4, 648, 2048 }, { 5, 649, 2048 }, { 5, 650, 2048 }, { 6, 651, 2048 }, { 5, 652, 2048 }, { 6, 653, 2048 }, { 6, 654, 2048 }, { 7, 655, 2048 },
+ { 4, 656, 2048 }, { 5, 657, 2048 }, { 5, 658, 2048 }, { 6, 659, 2048 }, { 5, 660, 2048 }, { 6, 661, 2048 }, { 6, 662, 2048 }, { 7, 663, 2048 },
+ { 5, 664, 2048 }, { 6, 665, 2048 }, { 6, 666, 2048 }, { 7, 667, 2048 }, { 6, 668, 2048 }, { 7, 669, 2048 }, { 7, 670, 2048 }, { 8, 671, 2048 },
+ { 4, 672, 2048 }, { 5, 673, 2048 }, { 5, 674, 2048 }, { 6, 675, 2048 }, { 5, 676, 2048 }, { 6, 677, 2048 }, { 6, 678, 2048 }, { 7, 679, 2048 },
+ { 5, 680, 2048 }, { 6, 681, 2048 }, { 6, 682, 2048 }, { 7, 683, 2048 }, { 6, 684, 2048 }, { 7, 685, 2048 }, { 7, 686, 2048 }, { 8, 687, 2048 },
+ { 5, 688, 2048 }, { 6, 689, 2048 }, { 6, 690, 2048 }, { 7, 691, 2048 }, { 6, 692, 2048 }, { 7, 693, 2048 }, { 7, 694, 2048 }, { 8, 695, 2048 },
+ { 6, 696, 2048 }, { 7, 697, 2048 }, { 7, 698, 2048 }, { 8, 699, 2048 }, { 7, 700, 2048 }, { 8, 701, 2048 }, { 8, 702, 2048 }, { 9, 703, 2048 },
+ { 4, 704, 2048 }, { 5, 705, 2048 }, { 5, 706, 2048 }, { 6, 707, 2048 }, { 5, 708, 2048 }, { 6, 709, 2048 }, { 6, 710, 2048 }, { 7, 711, 2048 },
+ { 5, 712, 2048 }, { 6, 713, 2048 }, { 6, 714, 2048 }, { 7, 715, 2048 }, { 6, 716, 2048 }, { 7, 717, 2048 }, { 7, 718, 2048 }, { 8, 719, 2048 },
+ { 5, 720, 2048 }, { 6, 721, 2048 }, { 6, 722, 2048 }, { 7, 723, 2048 }, { 6, 724, 2048 }, { 7, 725, 2048 }, { 7, 726, 2048 }, { 8, 727, 2048 },
+ { 6, 728, 2048 }, { 7, 729, 2048 }, { 7, 730, 2048 }, { 8, 731, 2048 }, { 7, 732, 2048 }, { 8, 733, 2048 }, { 8, 734, 2048 }, { 9, 735, 2048 },
+ { 5, 736, 2048 }, { 6, 737, 2048 }, { 6, 738, 2048 }, { 7, 739, 2048 }, { 6, 740, 2048 }, { 7, 741, 2048 }, { 7, 742, 2048 }, { 8, 743, 2048 },
+ { 6, 744, 2048 }, { 7, 745, 2048 }, { 7, 746, 2048 }, { 8, 747, 2048 }, { 7, 748, 2048 }, { 8, 749, 2048 }, { 8, 750, 2048 }, { 9, 751, 2048 },
+ { 6, 752, 2048 }, { 7, 753, 2048 }, { 7, 754, 2048 }, { 8, 755, 2048 }, { 7, 756, 2048 }, { 8, 757, 2048 }, { 8, 758, 2048 }, { 9, 759, 2048 },
+ { 7, 760, 2048 }, { 8, 761, 2048 }, { 8, 762, 2048 }, { 9, 763, 2048 }, { 8, 764, 2048 }, { 9, 765, 2048 }, { 9, 766, 2048 }, { 10, 767, 2048 },
+ { 3, 768, 2048 }, { 4, 769, 2048 }, { 4, 770, 2048 }, { 5, 771, 2048 }, { 4, 772, 2048 }, { 5, 773, 2048 }, { 5, 774, 2048 }, { 6, 775, 2048 },
+ { 4, 776, 2048 }, { 5, 777, 2048 }, { 5, 778, 2048 }, { 6, 779, 2048 }, { 5, 780, 2048 }, { 6, 781, 2048 }, { 6, 782, 2048 }, { 7, 783, 2048 },
+ { 4, 784, 2048 }, { 5, 785, 2048 }, { 5, 786, 2048 }, { 6, 787, 2048 }, { 5, 788, 2048 }, { 6, 789, 2048 }, { 6, 790, 2048 }, { 7, 791, 2048 },
+ { 5, 792, 2048 }, { 6, 793, 2048 }, { 6, 794, 2048 }, { 7, 795, 2048 }, { 6, 796, 2048 }, { 7, 797, 2048 }, { 7, 798, 2048 }, { 8, 799, 2048 },
+ { 4, 800, 2048 }, { 5, 801, 2048 }, { 5, 802, 2048 }, { 6, 803, 2048 }, { 5, 804, 2048 }, { 6, 805, 2048 }, { 6, 806, 2048 }, { 7, 807, 2048 },
+ { 5, 808, 2048 }, { 6, 809, 2048 }, { 6, 810, 2048 }, { 7, 811, 2048 }, { 6, 812, 2048 }, { 7, 813, 2048 }, { 7, 814, 2048 }, { 8, 815, 2048 },
+ { 5, 816, 2048 }, { 6, 817, 2048 }, { 6, 818, 2048 }, { 7, 819, 2048 }, { 6, 820, 2048 }, { 7, 821, 2048 }, { 7, 822, 2048 }, { 8, 823, 2048 },
+ { 6, 824, 2048 }, { 7, 825, 2048 }, { 7, 826, 2048 }, { 8, 827, 2048 }, { 7, 828, 2048 }, { 8, 829, 2048 }, { 8, 830, 2048 }, { 9, 831, 2048 },
+ { 4, 832, 2048 }, { 5, 833, 2048 }, { 5, 834, 2048 }, { 6, 835, 2048 }, { 5, 836, 2048 }, { 6, 837, 2048 }, { 6, 838, 2048 }, { 7, 839, 2048 },
+ { 5, 840, 2048 }, { 6, 841, 2048 }, { 6, 842, 2048 }, { 7, 843, 2048 }, { 6, 844, 2048 }, { 7, 845, 2048 }, { 7, 846, 2048 }, { 8, 847, 2048 },
+ { 5, 848, 2048 }, { 6, 849, 2048 }, { 6, 850, 2048 }, { 7, 851, 2048 }, { 6, 852, 2048 }, { 7, 853, 2048 }, { 7, 854, 2048 }, { 8, 855, 2048 },
+ { 6, 856, 2048 }, { 7, 857, 2048 }, { 7, 858, 2048 }, { 8, 859, 2048 }, { 7, 860, 2048 }, { 8, 861, 2048 }, { 8, 862, 2048 }, { 9, 863, 2048 },
+ { 5, 864, 2048 }, { 6, 865, 2048 }, { 6, 866, 2048 }, { 7, 867, 2048 }, { 6, 868, 2048 }, { 7, 869, 2048 }, { 7, 870, 2048 }, { 8, 871, 2048 },
+ { 6, 872, 2048 }, { 7, 873, 2048 }, { 7, 874, 2048 }, { 8, 875, 2048 }, { 7, 876, 2048 }, { 8, 877, 2048 }, { 8, 878, 2048 }, { 9, 879, 2048 },
+ { 6, 880, 2048 }, { 7, 881, 2048 }, { 7, 882, 2048 }, { 8, 883, 2048 }, { 7, 884, 2048 }, { 8, 885, 2048 }, { 8, 886, 2048 }, { 9, 887, 2048 },
+ { 7, 888, 2048 }, { 8, 889, 2048 }, { 8, 890, 2048 }, { 9, 891, 2048 }, { 8, 892, 2048 }, { 9, 893, 2048 }, { 9, 894, 2048 }, { 10, 895, 2048 },
+ { 4, 896, 2048 }, { 5, 897, 2048 }, { 5, 898, 2048 }, { 6, 899, 2048 }, { 5, 900, 2048 }, { 6, 901, 2048 }, { 6, 902, 2048 }, { 7, 903, 2048 },
+ { 5, 904, 2048 }, { 6, 905, 2048 }, { 6, 906, 2048 }, { 7, 907, 2048 }, { 6, 908, 2048 }, { 7, 909, 2048 }, { 7, 910, 2048 }, { 8, 911, 2048 },
+ { 5, 912, 2048 }, { 6, 913, 2048 }, { 6, 914, 2048 }, { 7, 915, 2048 }, { 6, 916, 2048 }, { 7, 917, 2048 }, { 7, 918, 2048 }, { 8, 919, 2048 },
+ { 6, 920, 2048 }, { 7, 921, 2048 }, { 7, 922, 2048 }, { 8, 923, 2048 }, { 7, 924, 2048 }, { 8, 925, 2048 }, { 8, 926, 2048 }, { 9, 927, 2048 },
+ { 5, 928, 2048 }, { 6, 929, 2048 }, { 6, 930, 2048 }, { 7, 931, 2048 }, { 6, 932, 2048 }, { 7, 933, 2048 }, { 7, 934, 2048 }, { 8, 935, 2048 },
+ { 6, 936, 2048 }, { 7, 937, 2048 }, { 7, 938, 2048 }, { 8, 939, 2048 }, { 7, 940, 2048 }, { 8, 941, 2048 }, { 8, 942, 2048 }, { 9, 943, 2048 },
+ { 6, 944, 2048 }, { 7, 945, 2048 }, { 7, 946, 2048 }, { 8, 947, 2048 }, { 7, 948, 2048 }, { 8, 949, 2048 }, { 8, 950, 2048 }, { 9, 951, 2048 },
+ { 7, 952, 2048 }, { 8, 953, 2048 }, { 8, 954, 2048 }, { 9, 955, 2048 }, { 8, 956, 2048 }, { 9, 957, 2048 }, { 9, 958, 2048 }, { 10, 959, 2048 },
+ { 5, 960, 2048 }, { 6, 961, 2048 }, { 6, 962, 2048 }, { 7, 963, 2048 }, { 6, 964, 2048 }, { 7, 965, 2048 }, { 7, 966, 2048 }, { 8, 967, 2048 },
+ { 6, 968, 2048 }, { 7, 969, 2048 }, { 7, 970, 2048 }, { 8, 971, 2048 }, { 7, 972, 2048 }, { 8, 973, 2048 }, { 8, 974, 2048 }, { 9, 975, 2048 },
+ { 6, 976, 2048 }, { 7, 977, 2048 }, { 7, 978, 2048 }, { 8, 979, 2048 }, { 7, 980, 2048 }, { 8, 981, 2048 }, { 8, 982, 2048 }, { 9, 983, 2048 },
+ { 7, 984, 2048 }, { 8, 985, 2048 }, { 8, 986, 2048 }, { 9, 987, 2048 }, { 8, 988, 2048 }, { 9, 989, 2048 }, { 9, 990, 2048 }, { 10, 991, 2048 },
+ { 6, 992, 2048 }, { 7, 993, 2048 }, { 7, 994, 2048 }, { 8, 995, 2048 }, { 7, 996, 2048 }, { 8, 997, 2048 }, { 8, 998, 2048 }, { 9, 999, 2048 },
+ { 7, 1000, 2048 }, { 8, 1001, 2048 }, { 8, 1002, 2048 }, { 9, 1003, 2048 }, { 8, 1004, 2048 }, { 9, 1005, 2048 }, { 9, 1006, 2048 }, { 10, 1007, 2048 },
+ { 7, 1008, 2048 }, { 8, 1009, 2048 }, { 8, 1010, 2048 }, { 9, 1011, 2048 }, { 8, 1012, 2048 }, { 9, 1013, 2048 }, { 9, 1014, 2048 }, { 10, 1015, 2048 },
+ { 8, 1016, 2048 }, { 9, 1017, 2048 }, { 9, 1018, 2048 }, { 10, 1019, 2048 }, { 9, 1020, 2048 }, { 10, 1021, 2048 }, { 10, 1022, 2048 }, { 11, 1023, 2048 },
+ { 2, 1024, 2048 }, { 3, 1025, 2048 }, { 3, 1026, 2048 }, { 4, 1027, 2048 }, { 3, 1028, 2048 }, { 4, 1029, 2048 }, { 4, 1030, 2048 }, { 5, 1031, 2048 },
+ { 3, 1032, 2048 }, { 4, 1033, 2048 }, { 4, 1034, 2048 }, { 5, 1035, 2048 }, { 4, 1036, 2048 }, { 5, 1037, 2048 }, { 5, 1038, 2048 }, { 6, 1039, 2048 },
+ { 3, 1040, 2048 }, { 4, 1041, 2048 }, { 4, 1042, 2048 }, { 5, 1043, 2048 }, { 4, 1044, 2048 }, { 5, 1045, 2048 }, { 5, 1046, 2048 }, { 6, 1047, 2048 },
+ { 4, 1048, 2048 }, { 5, 1049, 2048 }, { 5, 1050, 2048 }, { 6, 1051, 2048 }, { 5, 1052, 2048 }, { 6, 1053, 2048 }, { 6, 1054, 2048 }, { 7, 1055, 2048 },
+ { 3, 1056, 2048 }, { 4, 1057, 2048 }, { 4, 1058, 2048 }, { 5, 1059, 2048 }, { 4, 1060, 2048 }, { 5, 1061, 2048 }, { 5, 1062, 2048 }, { 6, 1063, 2048 },
+ { 4, 1064, 2048 }, { 5, 1065, 2048 }, { 5, 1066, 2048 }, { 6, 1067, 2048 }, { 5, 1068, 2048 }, { 6, 1069, 2048 }, { 6, 1070, 2048 }, { 7, 1071, 2048 },
+ { 4, 1072, 2048 }, { 5, 1073, 2048 }, { 5, 1074, 2048 }, { 6, 1075, 2048 }, { 5, 1076, 2048 }, { 6, 1077, 2048 }, { 6, 1078, 2048 }, { 7, 1079, 2048 },
+ { 5, 1080, 2048 }, { 6, 1081, 2048 }, { 6, 1082, 2048 }, { 7, 1083, 2048 }, { 6, 1084, 2048 }, { 7, 1085, 2048 }, { 7, 1086, 2048 }, { 8, 1087, 2048 },
+ { 3, 1088, 2048 }, { 4, 1089, 2048 }, { 4, 1090, 2048 }, { 5, 1091, 2048 }, { 4, 1092, 2048 }, { 5, 1093, 2048 }, { 5, 1094, 2048 }, { 6, 1095, 2048 },
+ { 4, 1096, 2048 }, { 5, 1097, 2048 }, { 5, 1098, 2048 }, { 6, 1099, 2048 }, { 5, 1100, 2048 }, { 6, 1101, 2048 }, { 6, 1102, 2048 }, { 7, 1103, 2048 },
+ { 4, 1104, 2048 }, { 5, 1105, 2048 }, { 5, 1106, 2048 }, { 6, 1107, 2048 }, { 5, 1108, 2048 }, { 6, 1109, 2048 }, { 6, 1110, 2048 }, { 7, 1111, 2048 },
+ { 5, 1112, 2048 }, { 6, 1113, 2048 }, { 6, 1114, 2048 }, { 7, 1115, 2048 }, { 6, 1116, 2048 }, { 7, 1117, 2048 }, { 7, 1118, 2048 }, { 8, 1119, 2048 },
+ { 4, 1120, 2048 }, { 5, 1121, 2048 }, { 5, 1122, 2048 }, { 6, 1123, 2048 }, { 5, 1124, 2048 }, { 6, 1125, 2048 }, { 6, 1126, 2048 }, { 7, 1127, 2048 },
+ { 5, 1128, 2048 }, { 6, 1129, 2048 }, { 6, 1130, 2048 }, { 7, 1131, 2048 }, { 6, 1132, 2048 }, { 7, 1133, 2048 }, { 7, 1134, 2048 }, { 8, 1135, 2048 },
+ { 5, 1136, 2048 }, { 6, 1137, 2048 }, { 6, 1138, 2048 }, { 7, 1139, 2048 }, { 6, 1140, 2048 }, { 7, 1141, 2048 }, { 7, 1142, 2048 }, { 8, 1143, 2048 },
+ { 6, 1144, 2048 }, { 7, 1145, 2048 }, { 7, 1146, 2048 }, { 8, 1147, 2048 }, { 7, 1148, 2048 }, { 8, 1149, 2048 }, { 8, 1150, 2048 }, { 9, 1151, 2048 },
+ { 3, 1152, 2048 }, { 4, 1153, 2048 }, { 4, 1154, 2048 }, { 5, 1155, 2048 }, { 4, 1156, 2048 }, { 5, 1157, 2048 }, { 5, 1158, 2048 }, { 6, 1159, 2048 },
+ { 4, 1160, 2048 }, { 5, 1161, 2048 }, { 5, 1162, 2048 }, { 6, 1163, 2048 }, { 5, 1164, 2048 }, { 6, 1165, 2048 }, { 6, 1166, 2048 }, { 7, 1167, 2048 },
+ { 4, 1168, 2048 }, { 5, 1169, 2048 }, { 5, 1170, 2048 }, { 6, 1171, 2048 }, { 5, 1172, 2048 }, { 6, 1173, 2048 }, { 6, 1174, 2048 }, { 7, 1175, 2048 },
+ { 5, 1176, 2048 }, { 6, 1177, 2048 }, { 6, 1178, 2048 }, { 7, 1179, 2048 }, { 6, 1180, 2048 }, { 7, 1181, 2048 }, { 7, 1182, 2048 }, { 8, 1183, 2048 },
+ { 4, 1184, 2048 }, { 5, 1185, 2048 }, { 5, 1186, 2048 }, { 6, 1187, 2048 }, { 5, 1188, 2048 }, { 6, 1189, 2048 }, { 6, 1190, 2048 }, { 7, 1191, 2048 },
+ { 5, 1192, 2048 }, { 6, 1193, 2048 }, { 6, 1194, 2048 }, { 7, 1195, 2048 }, { 6, 1196, 2048 }, { 7, 1197, 2048 }, { 7, 1198, 2048 }, { 8, 1199, 2048 },
+ { 5, 1200, 2048 }, { 6, 1201, 2048 }, { 6, 1202, 2048 }, { 7, 1203, 2048 }, { 6, 1204, 2048 }, { 7, 1205, 2048 }, { 7, 1206, 2048 }, { 8, 1207, 2048 },
+ { 6, 1208, 2048 }, { 7, 1209, 2048 }, { 7, 1210, 2048 }, { 8, 1211, 2048 }, { 7, 1212, 2048 }, { 8, 1213, 2048 }, { 8, 1214, 2048 }, { 9, 1215, 2048 },
+ { 4, 1216, 2048 }, { 5, 1217, 2048 }, { 5, 1218, 2048 }, { 6, 1219, 2048 }, { 5, 1220, 2048 }, { 6, 1221, 2048 }, { 6, 1222, 2048 }, { 7, 1223, 2048 },
+ { 5, 1224, 2048 }, { 6, 1225, 2048 }, { 6, 1226, 2048 }, { 7, 1227, 2048 }, { 6, 1228, 2048 }, { 7, 1229, 2048 }, { 7, 1230, 2048 }, { 8, 1231, 2048 },
+ { 5, 1232, 2048 }, { 6, 1233, 2048 }, { 6, 1234, 2048 }, { 7, 1235, 2048 }, { 6, 1236, 2048 }, { 7, 1237, 2048 }, { 7, 1238, 2048 }, { 8, 1239, 2048 },
+ { 6, 1240, 2048 }, { 7, 1241, 2048 }, { 7, 1242, 2048 }, { 8, 1243, 2048 }, { 7, 1244, 2048 }, { 8, 1245, 2048 }, { 8, 1246, 2048 }, { 9, 1247, 2048 },
+ { 5, 1248, 2048 }, { 6, 1249, 2048 }, { 6, 1250, 2048 }, { 7, 1251, 2048 }, { 6, 1252, 2048 }, { 7, 1253, 2048 }, { 7, 1254, 2048 }, { 8, 1255, 2048 },
+ { 6, 1256, 2048 }, { 7, 1257, 2048 }, { 7, 1258, 2048 }, { 8, 1259, 2048 }, { 7, 1260, 2048 }, { 8, 1261, 2048 }, { 8, 1262, 2048 }, { 9, 1263, 2048 },
+ { 6, 1264, 2048 }, { 7, 1265, 2048 }, { 7, 1266, 2048 }, { 8, 1267, 2048 }, { 7, 1268, 2048 }, { 8, 1269, 2048 }, { 8, 1270, 2048 }, { 9, 1271, 2048 },
+ { 7, 1272, 2048 }, { 8, 1273, 2048 }, { 8, 1274, 2048 }, { 9, 1275, 2048 }, { 8, 1276, 2048 }, { 9, 1277, 2048 }, { 9, 1278, 2048 }, { 10, 1279, 2048 },
+ { 3, 1280, 2048 }, { 4, 1281, 2048 }, { 4, 1282, 2048 }, { 5, 1283, 2048 }, { 4, 1284, 2048 }, { 5, 1285, 2048 }, { 5, 1286, 2048 }, { 6, 1287, 2048 },
+ { 4, 1288, 2048 }, { 5, 1289, 2048 }, { 5, 1290, 2048 }, { 6, 1291, 2048 }, { 5, 1292, 2048 }, { 6, 1293, 2048 }, { 6, 1294, 2048 }, { 7, 1295, 2048 },
+ { 4, 1296, 2048 }, { 5, 1297, 2048 }, { 5, 1298, 2048 }, { 6, 1299, 2048 }, { 5, 1300, 2048 }, { 6, 1301, 2048 }, { 6, 1302, 2048 }, { 7, 1303, 2048 },
+ { 5, 1304, 2048 }, { 6, 1305, 2048 }, { 6, 1306, 2048 }, { 7, 1307, 2048 }, { 6, 1308, 2048 }, { 7, 1309, 2048 }, { 7, 1310, 2048 }, { 8, 1311, 2048 },
+ { 4, 1312, 2048 }, { 5, 1313, 2048 }, { 5, 1314, 2048 }, { 6, 1315, 2048 }, { 5, 1316, 2048 }, { 6, 1317, 2048 }, { 6, 1318, 2048 }, { 7, 1319, 2048 },
+ { 5, 1320, 2048 }, { 6, 1321, 2048 }, { 6, 1322, 2048 }, { 7, 1323, 2048 }, { 6, 1324, 2048 }, { 7, 1325, 2048 }, { 7, 1326, 2048 }, { 8, 1327, 2048 },
+ { 5, 1328, 2048 }, { 6, 1329, 2048 }, { 6, 1330, 2048 }, { 7, 1331, 2048 }, { 6, 1332, 2048 }, { 7, 1333, 2048 }, { 7, 1334, 2048 }, { 8, 1335, 2048 },
+ { 6, 1336, 2048 }, { 7, 1337, 2048 }, { 7, 1338, 2048 }, { 8, 1339, 2048 }, { 7, 1340, 2048 }, { 8, 1341, 2048 }, { 8, 1342, 2048 }, { 9, 1343, 2048 },
+ { 4, 1344, 2048 }, { 5, 1345, 2048 }, { 5, 1346, 2048 }, { 6, 1347, 2048 }, { 5, 1348, 2048 }, { 6, 1349, 2048 }, { 6, 1350, 2048 }, { 7, 1351, 2048 },
+ { 5, 1352, 2048 }, { 6, 1353, 2048 }, { 6, 1354, 2048 }, { 7, 1355, 2048 }, { 6, 1356, 2048 }, { 7, 1357, 2048 }, { 7, 1358, 2048 }, { 8, 1359, 2048 },
+ { 5, 1360, 2048 }, { 6, 1361, 2048 }, { 6, 1362, 2048 }, { 7, 1363, 2048 }, { 6, 1364, 2048 }, { 7, 1365, 2048 }, { 7, 1366, 2048 }, { 8, 1367, 2048 },
+ { 6, 1368, 2048 }, { 7, 1369, 2048 }, { 7, 1370, 2048 }, { 8, 1371, 2048 }, { 7, 1372, 2048 }, { 8, 1373, 2048 }, { 8, 1374, 2048 }, { 9, 1375, 2048 },
+ { 5, 1376, 2048 }, { 6, 1377, 2048 }, { 6, 1378, 2048 }, { 7, 1379, 2048 }, { 6, 1380, 2048 }, { 7, 1381, 2048 }, { 7, 1382, 2048 }, { 8, 1383, 2048 },
+ { 6, 1384, 2048 }, { 7, 1385, 2048 }, { 7, 1386, 2048 }, { 8, 1387, 2048 }, { 7, 1388, 2048 }, { 8, 1389, 2048 }, { 8, 1390, 2048 }, { 9, 1391, 2048 },
+ { 6, 1392, 2048 }, { 7, 1393, 2048 }, { 7, 1394, 2048 }, { 8, 1395, 2048 }, { 7, 1396, 2048 }, { 8, 1397, 2048 }, { 8, 1398, 2048 }, { 9, 1399, 2048 },
+ { 7, 1400, 2048 }, { 8, 1401, 2048 }, { 8, 1402, 2048 }, { 9, 1403, 2048 }, { 8, 1404, 2048 }, { 9, 1405, 2048 }, { 9, 1406, 2048 }, { 10, 1407, 2048 },
+ { 4, 1408, 2048 }, { 5, 1409, 2048 }, { 5, 1410, 2048 }, { 6, 1411, 2048 }, { 5, 1412, 2048 }, { 6, 1413, 2048 }, { 6, 1414, 2048 }, { 7, 1415, 2048 },
+ { 5, 1416, 2048 }, { 6, 1417, 2048 }, { 6, 1418, 2048 }, { 7, 1419, 2048 }, { 6, 1420, 2048 }, { 7, 1421, 2048 }, { 7, 1422, 2048 }, { 8, 1423, 2048 },
+ { 5, 1424, 2048 }, { 6, 1425, 2048 }, { 6, 1426, 2048 }, { 7, 1427, 2048 }, { 6, 1428, 2048 }, { 7, 1429, 2048 }, { 7, 1430, 2048 }, { 8, 1431, 2048 },
+ { 6, 1432, 2048 }, { 7, 1433, 2048 }, { 7, 1434, 2048 }, { 8, 1435, 2048 }, { 7, 1436, 2048 }, { 8, 1437, 2048 }, { 8, 1438, 2048 }, { 9, 1439, 2048 },
+ { 5, 1440, 2048 }, { 6, 1441, 2048 }, { 6, 1442, 2048 }, { 7, 1443, 2048 }, { 6, 1444, 2048 }, { 7, 1445, 2048 }, { 7, 1446, 2048 }, { 8, 1447, 2048 },
+ { 6, 1448, 2048 }, { 7, 1449, 2048 }, { 7, 1450, 2048 }, { 8, 1451, 2048 }, { 7, 1452, 2048 }, { 8, 1453, 2048 }, { 8, 1454, 2048 }, { 9, 1455, 2048 },
+ { 6, 1456, 2048 }, { 7, 1457, 2048 }, { 7, 1458, 2048 }, { 8, 1459, 2048 }, { 7, 1460, 2048 }, { 8, 1461, 2048 }, { 8, 1462, 2048 }, { 9, 1463, 2048 },
+ { 7, 1464, 2048 }, { 8, 1465, 2048 }, { 8, 1466, 2048 }, { 9, 1467, 2048 }, { 8, 1468, 2048 }, { 9, 1469, 2048 }, { 9, 1470, 2048 }, { 10, 1471, 2048 },
+ { 5, 1472, 2048 }, { 6, 1473, 2048 }, { 6, 1474, 2048 }, { 7, 1475, 2048 }, { 6, 1476, 2048 }, { 7, 1477, 2048 }, { 7, 1478, 2048 }, { 8, 1479, 2048 },
+ { 6, 1480, 2048 }, { 7, 1481, 2048 }, { 7, 1482, 2048 }, { 8, 1483, 2048 }, { 7, 1484, 2048 }, { 8, 1485, 2048 }, { 8, 1486, 2048 }, { 9, 1487, 2048 },
+ { 6, 1488, 2048 }, { 7, 1489, 2048 }, { 7, 1490, 2048 }, { 8, 1491, 2048 }, { 7, 1492, 2048 }, { 8, 1493, 2048 }, { 8, 1494, 2048 }, { 9, 1495, 2048 },
+ { 7, 1496, 2048 }, { 8, 1497, 2048 }, { 8, 1498, 2048 }, { 9, 1499, 2048 }, { 8, 1500, 2048 }, { 9, 1501, 2048 }, { 9, 1502, 2048 }, { 10, 1503, 2048 },
+ { 6, 1504, 2048 }, { 7, 1505, 2048 }, { 7, 1506, 2048 }, { 8, 1507, 2048 }, { 7, 1508, 2048 }, { 8, 1509, 2048 }, { 8, 1510, 2048 }, { 9, 1511, 2048 },
+ { 7, 1512, 2048 }, { 8, 1513, 2048 }, { 8, 1514, 2048 }, { 9, 1515, 2048 }, { 8, 1516, 2048 }, { 9, 1517, 2048 }, { 9, 1518, 2048 }, { 10, 1519, 2048 },
+ { 7, 1520, 2048 }, { 8, 1521, 2048 }, { 8, 1522, 2048 }, { 9, 1523, 2048 }, { 8, 1524, 2048 }, { 9, 1525, 2048 }, { 9, 1526, 2048 }, { 10, 1527, 2048 },
+ { 8, 1528, 2048 }, { 9, 1529, 2048 }, { 9, 1530, 2048 }, { 10, 1531, 2048 }, { 9, 1532, 2048 }, { 10, 1533, 2048 }, { 10, 1534, 2048 }, { 11, 1535, 2048 },
+ { 3, 1536, 2048 }, { 4, 1537, 2048 }, { 4, 1538, 2048 }, { 5, 1539, 2048 }, { 4, 1540, 2048 }, { 5, 1541, 2048 }, { 5, 1542, 2048 }, { 6, 1543, 2048 },
+ { 4, 1544, 2048 }, { 5, 1545, 2048 }, { 5, 1546, 2048 }, { 6, 1547, 2048 }, { 5, 1548, 2048 }, { 6, 1549, 2048 }, { 6, 1550, 2048 }, { 7, 1551, 2048 },
+ { 4, 1552, 2048 }, { 5, 1553, 2048 }, { 5, 1554, 2048 }, { 6, 1555, 2048 }, { 5, 1556, 2048 }, { 6, 1557, 2048 }, { 6, 1558, 2048 }, { 7, 1559, 2048 },
+ { 5, 1560, 2048 }, { 6, 1561, 2048 }, { 6, 1562, 2048 }, { 7, 1563, 2048 }, { 6, 1564, 2048 }, { 7, 1565, 2048 }, { 7, 1566, 2048 }, { 8, 1567, 2048 },
+ { 4, 1568, 2048 }, { 5, 1569, 2048 }, { 5, 1570, 2048 }, { 6, 1571, 2048 }, { 5, 1572, 2048 }, { 6, 1573, 2048 }, { 6, 1574, 2048 }, { 7, 1575, 2048 },
+ { 5, 1576, 2048 }, { 6, 1577, 2048 }, { 6, 1578, 2048 }, { 7, 1579, 2048 }, { 6, 1580, 2048 }, { 7, 1581, 2048 }, { 7, 1582, 2048 }, { 8, 1583, 2048 },
+ { 5, 1584, 2048 }, { 6, 1585, 2048 }, { 6, 1586, 2048 }, { 7, 1587, 2048 }, { 6, 1588, 2048 }, { 7, 1589, 2048 }, { 7, 1590, 2048 }, { 8, 1591, 2048 },
+ { 6, 1592, 2048 }, { 7, 1593, 2048 }, { 7, 1594, 2048 }, { 8, 1595, 2048 }, { 7, 1596, 2048 }, { 8, 1597, 2048 }, { 8, 1598, 2048 }, { 9, 1599, 2048 },
+ { 4, 1600, 2048 }, { 5, 1601, 2048 }, { 5, 1602, 2048 }, { 6, 1603, 2048 }, { 5, 1604, 2048 }, { 6, 1605, 2048 }, { 6, 1606, 2048 }, { 7, 1607, 2048 },
+ { 5, 1608, 2048 }, { 6, 1609, 2048 }, { 6, 1610, 2048 }, { 7, 1611, 2048 }, { 6, 1612, 2048 }, { 7, 1613, 2048 }, { 7, 1614, 2048 }, { 8, 1615, 2048 },
+ { 5, 1616, 2048 }, { 6, 1617, 2048 }, { 6, 1618, 2048 }, { 7, 1619, 2048 }, { 6, 1620, 2048 }, { 7, 1621, 2048 }, { 7, 1622, 2048 }, { 8, 1623, 2048 },
+ { 6, 1624, 2048 }, { 7, 1625, 2048 }, { 7, 1626, 2048 }, { 8, 1627, 2048 }, { 7, 1628, 2048 }, { 8, 1629, 2048 }, { 8, 1630, 2048 }, { 9, 1631, 2048 },
+ { 5, 1632, 2048 }, { 6, 1633, 2048 }, { 6, 1634, 2048 }, { 7, 1635, 2048 }, { 6, 1636, 2048 }, { 7, 1637, 2048 }, { 7, 1638, 2048 }, { 8, 1639, 2048 },
+ { 6, 1640, 2048 }, { 7, 1641, 2048 }, { 7, 1642, 2048 }, { 8, 1643, 2048 }, { 7, 1644, 2048 }, { 8, 1645, 2048 }, { 8, 1646, 2048 }, { 9, 1647, 2048 },
+ { 6, 1648, 2048 }, { 7, 1649, 2048 }, { 7, 1650, 2048 }, { 8, 1651, 2048 }, { 7, 1652, 2048 }, { 8, 1653, 2048 }, { 8, 1654, 2048 }, { 9, 1655, 2048 },
+ { 7, 1656, 2048 }, { 8, 1657, 2048 }, { 8, 1658, 2048 }, { 9, 1659, 2048 }, { 8, 1660, 2048 }, { 9, 1661, 2048 }, { 9, 1662, 2048 }, { 10, 1663, 2048 },
+ { 4, 1664, 2048 }, { 5, 1665, 2048 }, { 5, 1666, 2048 }, { 6, 1667, 2048 }, { 5, 1668, 2048 }, { 6, 1669, 2048 }, { 6, 1670, 2048 }, { 7, 1671, 2048 },
+ { 5, 1672, 2048 }, { 6, 1673, 2048 }, { 6, 1674, 2048 }, { 7, 1675, 2048 }, { 6, 1676, 2048 }, { 7, 1677, 2048 }, { 7, 1678, 2048 }, { 8, 1679, 2048 },
+ { 5, 1680, 2048 }, { 6, 1681, 2048 }, { 6, 1682, 2048 }, { 7, 1683, 2048 }, { 6, 1684, 2048 }, { 7, 1685, 2048 }, { 7, 1686, 2048 }, { 8, 1687, 2048 },
+ { 6, 1688, 2048 }, { 7, 1689, 2048 }, { 7, 1690, 2048 }, { 8, 1691, 2048 }, { 7, 1692, 2048 }, { 8, 1693, 2048 }, { 8, 1694, 2048 }, { 9, 1695, 2048 },
+ { 5, 1696, 2048 }, { 6, 1697, 2048 }, { 6, 1698, 2048 }, { 7, 1699, 2048 }, { 6, 1700, 2048 }, { 7, 1701, 2048 }, { 7, 1702, 2048 }, { 8, 1703, 2048 },
+ { 6, 1704, 2048 }, { 7, 1705, 2048 }, { 7, 1706, 2048 }, { 8, 1707, 2048 }, { 7, 1708, 2048 }, { 8, 1709, 2048 }, { 8, 1710, 2048 }, { 9, 1711, 2048 },
+ { 6, 1712, 2048 }, { 7, 1713, 2048 }, { 7, 1714, 2048 }, { 8, 1715, 2048 }, { 7, 1716, 2048 }, { 8, 1717, 2048 }, { 8, 1718, 2048 }, { 9, 1719, 2048 },
+ { 7, 1720, 2048 }, { 8, 1721, 2048 }, { 8, 1722, 2048 }, { 9, 1723, 2048 }, { 8, 1724, 2048 }, { 9, 1725, 2048 }, { 9, 1726, 2048 }, { 10, 1727, 2048 },
+ { 5, 1728, 2048 }, { 6, 1729, 2048 }, { 6, 1730, 2048 }, { 7, 1731, 2048 }, { 6, 1732, 2048 }, { 7, 1733, 2048 }, { 7, 1734, 2048 }, { 8, 1735, 2048 },
+ { 6, 1736, 2048 }, { 7, 1737, 2048 }, { 7, 1738, 2048 }, { 8, 1739, 2048 }, { 7, 1740, 2048 }, { 8, 1741, 2048 }, { 8, 1742, 2048 }, { 9, 1743, 2048 },
+ { 6, 1744, 2048 }, { 7, 1745, 2048 }, { 7, 1746, 2048 }, { 8, 1747, 2048 }, { 7, 1748, 2048 }, { 8, 1749, 2048 }, { 8, 1750, 2048 }, { 9, 1751, 2048 },
+ { 7, 1752, 2048 }, { 8, 1753, 2048 }, { 8, 1754, 2048 }, { 9, 1755, 2048 }, { 8, 1756, 2048 }, { 9, 1757, 2048 }, { 9, 1758, 2048 }, { 10, 1759, 2048 },
+ { 6, 1760, 2048 }, { 7, 1761, 2048 }, { 7, 1762, 2048 }, { 8, 1763, 2048 }, { 7, 1764, 2048 }, { 8, 1765, 2048 }, { 8, 1766, 2048 }, { 9, 1767, 2048 },
+ { 7, 1768, 2048 }, { 8, 1769, 2048 }, { 8, 1770, 2048 }, { 9, 1771, 2048 }, { 8, 1772, 2048 }, { 9, 1773, 2048 }, { 9, 1774, 2048 }, { 10, 1775, 2048 },
+ { 7, 1776, 2048 }, { 8, 1777, 2048 }, { 8, 1778, 2048 }, { 9, 1779, 2048 }, { 8, 1780, 2048 }, { 9, 1781, 2048 }, { 9, 1782, 2048 }, { 10, 1783, 2048 },
+ { 8, 1784, 2048 }, { 9, 1785, 2048 }, { 9, 1786, 2048 }, { 10, 1787, 2048 }, { 9, 1788, 2048 }, { 10, 1789, 2048 }, { 10, 1790, 2048 }, { 11, 1791, 2048 },
+ { 4, 1792, 2048 }, { 5, 1793, 2048 }, { 5, 1794, 2048 }, { 6, 1795, 2048 }, { 5, 1796, 2048 }, { 6, 1797, 2048 }, { 6, 1798, 2048 }, { 7, 1799, 2048 },
+ { 5, 1800, 2048 }, { 6, 1801, 2048 }, { 6, 1802, 2048 }, { 7, 1803, 2048 }, { 6, 1804, 2048 }, { 7, 1805, 2048 }, { 7, 1806, 2048 }, { 8, 1807, 2048 },
+ { 5, 1808, 2048 }, { 6, 1809, 2048 }, { 6, 1810, 2048 }, { 7, 1811, 2048 }, { 6, 1812, 2048 }, { 7, 1813, 2048 }, { 7, 1814, 2048 }, { 8, 1815, 2048 },
+ { 6, 1816, 2048 }, { 7, 1817, 2048 }, { 7, 1818, 2048 }, { 8, 1819, 2048 }, { 7, 1820, 2048 }, { 8, 1821, 2048 }, { 8, 1822, 2048 }, { 9, 1823, 2048 },
+ { 5, 1824, 2048 }, { 6, 1825, 2048 }, { 6, 1826, 2048 }, { 7, 1827, 2048 }, { 6, 1828, 2048 }, { 7, 1829, 2048 }, { 7, 1830, 2048 }, { 8, 1831, 2048 },
+ { 6, 1832, 2048 }, { 7, 1833, 2048 }, { 7, 1834, 2048 }, { 8, 1835, 2048 }, { 7, 1836, 2048 }, { 8, 1837, 2048 }, { 8, 1838, 2048 }, { 9, 1839, 2048 },
+ { 6, 1840, 2048 }, { 7, 1841, 2048 }, { 7, 1842, 2048 }, { 8, 1843, 2048 }, { 7, 1844, 2048 }, { 8, 1845, 2048 }, { 8, 1846, 2048 }, { 9, 1847, 2048 },
+ { 7, 1848, 2048 }, { 8, 1849, 2048 }, { 8, 1850, 2048 }, { 9, 1851, 2048 }, { 8, 1852, 2048 }, { 9, 1853, 2048 }, { 9, 1854, 2048 }, { 10, 1855, 2048 },
+ { 5, 1856, 2048 }, { 6, 1857, 2048 }, { 6, 1858, 2048 }, { 7, 1859, 2048 }, { 6, 1860, 2048 }, { 7, 1861, 2048 }, { 7, 1862, 2048 }, { 8, 1863, 2048 },
+ { 6, 1864, 2048 }, { 7, 1865, 2048 }, { 7, 1866, 2048 }, { 8, 1867, 2048 }, { 7, 1868, 2048 }, { 8, 1869, 2048 }, { 8, 1870, 2048 }, { 9, 1871, 2048 },
+ { 6, 1872, 2048 }, { 7, 1873, 2048 }, { 7, 1874, 2048 }, { 8, 1875, 2048 }, { 7, 1876, 2048 }, { 8, 1877, 2048 }, { 8, 1878, 2048 }, { 9, 1879, 2048 },
+ { 7, 1880, 2048 }, { 8, 1881, 2048 }, { 8, 1882, 2048 }, { 9, 1883, 2048 }, { 8, 1884, 2048 }, { 9, 1885, 2048 }, { 9, 1886, 2048 }, { 10, 1887, 2048 },
+ { 6, 1888, 2048 }, { 7, 1889, 2048 }, { 7, 1890, 2048 }, { 8, 1891, 2048 }, { 7, 1892, 2048 }, { 8, 1893, 2048 }, { 8, 1894, 2048 }, { 9, 1895, 2048 },
+ { 7, 1896, 2048 }, { 8, 1897, 2048 }, { 8, 1898, 2048 }, { 9, 1899, 2048 }, { 8, 1900, 2048 }, { 9, 1901, 2048 }, { 9, 1902, 2048 }, { 10, 1903, 2048 },
+ { 7, 1904, 2048 }, { 8, 1905, 2048 }, { 8, 1906, 2048 }, { 9, 1907, 2048 }, { 8, 1908, 2048 }, { 9, 1909, 2048 }, { 9, 1910, 2048 }, { 10, 1911, 2048 },
+ { 8, 1912, 2048 }, { 9, 1913, 2048 }, { 9, 1914, 2048 }, { 10, 1915, 2048 }, { 9, 1916, 2048 }, { 10, 1917, 2048 }, { 10, 1918, 2048 }, { 11, 1919, 2048 },
+ { 5, 1920, 2048 }, { 6, 1921, 2048 }, { 6, 1922, 2048 }, { 7, 1923, 2048 }, { 6, 1924, 2048 }, { 7, 1925, 2048 }, { 7, 1926, 2048 }, { 8, 1927, 2048 },
+ { 6, 1928, 2048 }, { 7, 1929, 2048 }, { 7, 1930, 2048 }, { 8, 1931, 2048 }, { 7, 1932, 2048 }, { 8, 1933, 2048 }, { 8, 1934, 2048 }, { 9, 1935, 2048 },
+ { 6, 1936, 2048 }, { 7, 1937, 2048 }, { 7, 1938, 2048 }, { 8, 1939, 2048 }, { 7, 1940, 2048 }, { 8, 1941, 2048 }, { 8, 1942, 2048 }, { 9, 1943, 2048 },
+ { 7, 1944, 2048 }, { 8, 1945, 2048 }, { 8, 1946, 2048 }, { 9, 1947, 2048 }, { 8, 1948, 2048 }, { 9, 1949, 2048 }, { 9, 1950, 2048 }, { 10, 1951, 2048 },
+ { 6, 1952, 2048 }, { 7, 1953, 2048 }, { 7, 1954, 2048 }, { 8, 1955, 2048 }, { 7, 1956, 2048 }, { 8, 1957, 2048 }, { 8, 1958, 2048 }, { 9, 1959, 2048 },
+ { 7, 1960, 2048 }, { 8, 1961, 2048 }, { 8, 1962, 2048 }, { 9, 1963, 2048 }, { 8, 1964, 2048 }, { 9, 1965, 2048 }, { 9, 1966, 2048 }, { 10, 1967, 2048 },
+ { 7, 1968, 2048 }, { 8, 1969, 2048 }, { 8, 1970, 2048 }, { 9, 1971, 2048 }, { 8, 1972, 2048 }, { 9, 1973, 2048 }, { 9, 1974, 2048 }, { 10, 1975, 2048 },
+ { 8, 1976, 2048 }, { 9, 1977, 2048 }, { 9, 1978, 2048 }, { 10, 1979, 2048 }, { 9, 1980, 2048 }, { 10, 1981, 2048 }, { 10, 1982, 2048 }, { 11, 1983, 2048 },
+ { 6, 1984, 2048 }, { 7, 1985, 2048 }, { 7, 1986, 2048 }, { 8, 1987, 2048 }, { 7, 1988, 2048 }, { 8, 1989, 2048 }, { 8, 1990, 2048 }, { 9, 1991, 2048 },
+ { 7, 1992, 2048 }, { 8, 1993, 2048 }, { 8, 1994, 2048 }, { 9, 1995, 2048 }, { 8, 1996, 2048 }, { 9, 1997, 2048 }, { 9, 1998, 2048 }, { 10, 1999, 2048 },
+ { 7, 2000, 2048 }, { 8, 2001, 2048 }, { 8, 2002, 2048 }, { 9, 2003, 2048 }, { 8, 2004, 2048 }, { 9, 2005, 2048 }, { 9, 2006, 2048 }, { 10, 2007, 2048 },
+ { 8, 2008, 2048 }, { 9, 2009, 2048 }, { 9, 2010, 2048 }, { 10, 2011, 2048 }, { 9, 2012, 2048 }, { 10, 2013, 2048 }, { 10, 2014, 2048 }, { 11, 2015, 2048 },
+ { 7, 2016, 2048 }, { 8, 2017, 2048 }, { 8, 2018, 2048 }, { 9, 2019, 2048 }, { 8, 2020, 2048 }, { 9, 2021, 2048 }, { 9, 2022, 2048 }, { 10, 2023, 2048 },
+ { 8, 2024, 2048 }, { 9, 2025, 2048 }, { 9, 2026, 2048 }, { 10, 2027, 2048 }, { 9, 2028, 2048 }, { 10, 2029, 2048 }, { 10, 2030, 2048 }, { 11, 2031, 2048 },
+ { 8, 2032, 2048 }, { 9, 2033, 2048 }, { 9, 2034, 2048 }, { 10, 2035, 2048 }, { 9, 2036, 2048 }, { 10, 2037, 2048 }, { 10, 2038, 2048 }, { 11, 2039, 2048 },
+ { 9, 2040, 2048 }, { 10, 2041, 2048 }, { 10, 2042, 2048 }, { 11, 2043, 2048 }, { 10, 2044, 2048 }, { 11, 2045, 2048 }, { 11, 2046, 2048 }, { 12, 2047, 2048 },
#endif
#endif
#endif
@@ -3225,10 +3846,10 @@ static int find_hole(void)
/* free entry z */
if (z >= 0 && fp_cache[z].g) {
mp_clear(&fp_cache[z].mu);
- ecc_del_point(fp_cache[z].g);
+ wc_ecc_del_point(fp_cache[z].g);
fp_cache[z].g = NULL;
for (x = 0; x < (1U<x, g->x) == MP_EQ &&
- mp_cmp(fp_cache[x].g->y, g->y) == MP_EQ &&
+ if (fp_cache[x].g != NULL &&
+ mp_cmp(fp_cache[x].g->x, g->x) == MP_EQ &&
+ mp_cmp(fp_cache[x].g->y, g->y) == MP_EQ &&
mp_cmp(fp_cache[x].g->z, g->z) == MP_EQ) {
break;
}
@@ -3260,7 +3881,7 @@ static int add_entry(int idx, ecc_point *g)
unsigned x, y;
/* allocate base and LUT */
- fp_cache[idx].g = ecc_new_point();
+ fp_cache[idx].g = wc_ecc_new_point();
if (fp_cache[idx].g == NULL) {
return GEN_MEM_ERR;
}
@@ -3269,37 +3890,37 @@ static int add_entry(int idx, ecc_point *g)
if ((mp_copy(g->x, fp_cache[idx].g->x) != MP_OKAY) ||
(mp_copy(g->y, fp_cache[idx].g->y) != MP_OKAY) ||
(mp_copy(g->z, fp_cache[idx].g->z) != MP_OKAY)) {
- ecc_del_point(fp_cache[idx].g);
+ wc_ecc_del_point(fp_cache[idx].g);
fp_cache[idx].g = NULL;
return GEN_MEM_ERR;
- }
+ }
for (x = 0; x < (1U<x, mu, modulus,
- fp_cache[idx].LUT[1]->x) != MP_OKAY) ||
+ fp_cache[idx].LUT[1]->x) != MP_OKAY) ||
(mp_mulmod(fp_cache[idx].g->y, mu, modulus,
- fp_cache[idx].LUT[1]->y) != MP_OKAY) ||
+ fp_cache[idx].LUT[1]->y) != MP_OKAY) ||
(mp_mulmod(fp_cache[idx].g->z, mu, modulus,
fp_cache[idx].LUT[1]->z) != MP_OKAY)) {
- err = MP_MULMOD_E;
+ err = MP_MULMOD_E;
}
}
-
+
/* make all single bit entries */
for (x = 1; x < FP_LUT; x++) {
if (err != MP_OKAY)
break;
if ((mp_copy(fp_cache[idx].LUT[1<<(x-1)]->x,
- fp_cache[idx].LUT[1<x) != MP_OKAY) ||
+ fp_cache[idx].LUT[1<x) != MP_OKAY) ||
(mp_copy(fp_cache[idx].LUT[1<<(x-1)]->y,
- fp_cache[idx].LUT[1<y) != MP_OKAY) ||
+ fp_cache[idx].LUT[1<y) != MP_OKAY) ||
(mp_copy(fp_cache[idx].LUT[1<<(x-1)]->z,
fp_cache[idx].LUT[1<z) != MP_OKAY)){
err = MP_INIT_E;
break;
} else {
-
+
/* now double it bitlen/FP_LUT times */
for (y = 0; y < lut_gap; y++) {
if ((err = ecc_projective_dbl_point(fp_cache[idx].LUT[1<z, modulus, *mp);
-
+
/* invert it */
if (err == MP_OKAY)
err = mp_invmod(fp_cache[idx].LUT[x]->z, modulus,
@@ -3395,7 +4016,7 @@ static int build_lut(int idx, mp_int* modulus, mp_digit* mp, mp_int* mu)
if (err == MP_OKAY)
/* now square it */
err = mp_sqrmod(fp_cache[idx].LUT[x]->z, modulus, &tmp);
-
+
if (err == MP_OKAY)
/* fix x */
err = mp_mulmod(fp_cache[idx].LUT[x]->x, &tmp, modulus,
@@ -3421,10 +4042,10 @@ static int build_lut(int idx, mp_int* modulus, mp_digit* mp, mp_int* mu)
/* err cleanup */
for (y = 0; y < (1U< (int)(KB_SIZE - 2)) {
mp_clear(&tk);
return BUFFER_E;
}
-
+
/* store k */
#ifdef WOLFSSL_SMALL_STACK
kb = (unsigned char*)XMALLOC(KB_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -3585,7 +4206,7 @@ static int accel_fp_mul(int idx, mp_int* k, ecc_point *R, mp_int* modulus,
#ifdef ECC_SHAMIR
/* perform a fixed point ECC mulmod */
-static int accel_fp_mul2add(int idx1, int idx2,
+static int accel_fp_mul2add(int idx1, int idx2,
mp_int* kA, mp_int* kB,
ecc_point *R, mp_int* modulus, mp_digit* mp)
{
@@ -3612,15 +4233,15 @@ static int accel_fp_mul2add(int idx1, int idx2,
for (x = 0; ecc_sets[x].size; x++) {
if (y <= (unsigned)ecc_sets[x].size) break;
}
-
+
/* back off if we are on the 521 bit curve */
if (y == 66) --x;
-
+
if ((err = mp_init(&order)) != MP_OKAY) {
mp_clear(&tkb);
mp_clear(&tka);
return err;
- }
+ }
if ((err = mp_read_radix(&order, ecc_sets[x].order, 16)) != MP_OKAY) {
mp_clear(&tkb);
mp_clear(&tka);
@@ -3642,7 +4263,7 @@ static int accel_fp_mul2add(int idx1, int idx2,
mp_clear(&order);
} else {
mp_copy(kA, &tka);
- }
+ }
/* if it's smaller than modulus we fine */
if (mp_unsigned_bin_size(kB) > mp_unsigned_bin_size(modulus)) {
@@ -3651,15 +4272,15 @@ static int accel_fp_mul2add(int idx1, int idx2,
for (x = 0; ecc_sets[x].size; x++) {
if (y <= (unsigned)ecc_sets[x].size) break;
}
-
+
/* back off if we are on the 521 bit curve */
if (y == 66) --x;
-
+
if ((err = mp_init(&order)) != MP_OKAY) {
mp_clear(&tkb);
mp_clear(&tka);
return err;
- }
+ }
if ((err = mp_read_radix(&order, ecc_sets[x].order, 16)) != MP_OKAY) {
mp_clear(&tkb);
mp_clear(&tka);
@@ -3681,16 +4302,16 @@ static int accel_fp_mul2add(int idx1, int idx2,
mp_clear(&order);
} else {
mp_copy(kB, &tkb);
- }
+ }
/* get bitlen and round up to next multiple of FP_LUT */
bitlen = mp_unsigned_bin_size(modulus) << 3;
x = bitlen % FP_LUT;
if (x) {
bitlen += FP_LUT - x;
- }
+ }
lut_gap = bitlen / FP_LUT;
-
+
/* get the k value */
if ((mp_unsigned_bin_size(&tka) > (int)(KB_SIZE - 2)) ||
(mp_unsigned_bin_size(&tkb) > (int)(KB_SIZE - 2)) ) {
@@ -3698,7 +4319,7 @@ static int accel_fp_mul2add(int idx1, int idx2,
mp_clear(&tkb);
return BUFFER_E;
}
-
+
/* store k */
#ifdef WOLFSSL_SMALL_STACK
kb[0] = (unsigned char*)XMALLOC(KB_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -3710,10 +4331,12 @@ static int accel_fp_mul2add(int idx1, int idx2,
if ((err = mp_to_unsigned_bin(&tka, kb[0])) != MP_OKAY) {
mp_clear(&tka);
mp_clear(&tkb);
+#ifdef WOLFSSL_SMALL_STACK
XFREE(kb[0], NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
return err;
}
-
+
/* let's reverse kb so it's little endian */
x = 0;
y = mp_unsigned_bin_size(&tka) - 1;
@@ -3721,8 +4344,8 @@ static int accel_fp_mul2add(int idx1, int idx2,
while ((unsigned)x < y) {
z = kb[0][x]; kb[0][x] = kb[0][y]; kb[0][y] = z;
++x; --y;
- }
-
+ }
+
/* store b */
#ifdef WOLFSSL_SMALL_STACK
kb[1] = (unsigned char*)XMALLOC(KB_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -3830,9 +4453,9 @@ static int accel_fp_mul2add(int idx1, int idx2,
B Second point to multiply
kB What to multiple B by
C [out] Destination point (can overlap with A or B)
- modulus Modulus for curve
+ modulus Modulus for curve
return MP_OKAY on success
-*/
+*/
int ecc_mul2add(ecc_point* A, mp_int* kA,
ecc_point* B, mp_int* kB,
ecc_point* C, mp_int* modulus)
@@ -3840,7 +4463,7 @@ int ecc_mul2add(ecc_point* A, mp_int* kA,
int idx1 = -1, idx2 = -1, err = MP_OKAY, mpInit = 0;
mp_digit mp;
mp_int mu;
-
+
err = mp_init(&mu);
if (err != MP_OKAY)
return err;
@@ -3897,7 +4520,7 @@ int ecc_mul2add(ecc_point* A, mp_int* kA,
mpInit = 1;
err = mp_montgomery_calc_normalization(&mu, modulus);
}
-
+
if (err == MP_OKAY)
/* build the LUT */
err = build_lut(idx1, modulus, &mp, &mu);
@@ -3915,8 +4538,8 @@ int ecc_mul2add(ecc_point* A, mp_int* kA,
err = mp_montgomery_calc_normalization(&mu, modulus);
}
}
-
- if (err == MP_OKAY)
+
+ if (err == MP_OKAY)
/* build the LUT */
err = build_lut(idx2, modulus, &mp, &mu);
}
@@ -3944,7 +4567,7 @@ int ecc_mul2add(ecc_point* A, mp_int* kA,
return err;
}
-#endif
+#endif /* ECC_SHAMIR */
/** ECC Fixed Point mulmod global
k The multiplicand
@@ -3954,8 +4577,8 @@ int ecc_mul2add(ecc_point* A, mp_int* kA,
map [boolean] If non-zero maps the point back to affine co-ordinates,
otherwise it's left in jacobian-montgomery form
return MP_OKAY if successful
-*/
-int ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, mp_int* modulus,
+*/
+int wc_ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, mp_int* modulus,
int map)
{
int idx, err = MP_OKAY;
@@ -3965,13 +4588,13 @@ int ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, mp_int* modulus,
if (mp_init(&mu) != MP_OKAY)
return MP_INIT_E;
-
+
#ifndef HAVE_THREAD_LS
if (initMutex == 0) {
InitMutex(&ecc_fp_lock);
initMutex = 1;
}
-
+
if (LockMutex(&ecc_fp_lock) != 0)
return BAD_MUTEX_E;
#endif /* HAVE_THREAD_LS */
@@ -3993,7 +4616,7 @@ int ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, mp_int* modulus,
}
- if (err == MP_OKAY) {
+ if (err == MP_OKAY) {
/* if it's 2 build the LUT, if it's higher just use the LUT */
if (idx >= 0 && fp_cache[idx].lru_count == 2) {
/* compute mp */
@@ -4004,14 +4627,14 @@ int ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, mp_int* modulus,
mpSetup = 1;
err = mp_montgomery_calc_normalization(&mu, modulus);
}
-
- if (err == MP_OKAY)
+
+ if (err == MP_OKAY)
/* build the LUT */
err = build_lut(idx, modulus, &mp, &mu);
}
}
- if (err == MP_OKAY) {
+ if (err == MP_OKAY) {
if (idx >= 0 && fp_cache[idx].lru_count >= 2) {
if (mpSetup == 0) {
/* compute mp */
@@ -4040,17 +4663,17 @@ static void wc_ecc_fp_free_cache(void)
for (x = 0; x < FP_ENTRIES; x++) {
if (fp_cache[x].g != NULL) {
for (y = 0; y < (1U<clientSalt : ctx->serverSalt;
@@ -4243,7 +4866,7 @@ static void ecc_ctx_init(ecEncCtx* ctx, int flags)
/* allow ecc context reset so user doesn't have to init/free for resue */
-int wc_ecc_ctx_reset(ecEncCtx* ctx, RNG* rng)
+int wc_ecc_ctx_reset(ecEncCtx* ctx, WC_RNG* rng)
{
if (ctx == NULL || rng == NULL)
return BAD_FUNC_ARG;
@@ -4254,7 +4877,7 @@ int wc_ecc_ctx_reset(ecEncCtx* ctx, RNG* rng)
/* alloc/init and set defaults, return new Context */
-ecEncCtx* wc_ecc_ctx_new(int flags, RNG* rng)
+ecEncCtx* wc_ecc_ctx_new(int flags, WC_RNG* rng)
{
int ret = 0;
ecEncCtx* ctx = (ecEncCtx*)XMALLOC(sizeof(ecEncCtx), 0, DYNAMIC_TYPE_ECC);
@@ -4289,7 +4912,7 @@ static int ecc_get_key_sizes(ecEncCtx* ctx, int* encKeySz, int* ivSz,
switch (ctx->encAlgo) {
case ecAES_128_CBC:
*encKeySz = KEY_SIZE_128;
- *ivSz = IV_SIZE_64;
+ *ivSz = IV_SIZE_128;
*blockSz = AES_BLOCK_SIZE;
break;
default:
@@ -4314,7 +4937,7 @@ static int ecc_get_key_sizes(ecEncCtx* ctx, int* encKeySz, int* ivSz,
/* ecc encrypt with shared secret run through kdf
ctx holds non default algos and inputs
- msgSz should be the right size for encAlgo, i.e., already padded
+ msgSz should be the right size for encAlgo, i.e., already padded
return 0 on success */
int wc_ecc_encrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
word32 msgSz, byte* out, word32* outSz, ecEncCtx* ctx)
@@ -4345,9 +4968,9 @@ int wc_ecc_encrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
if (ctx == NULL) { /* use defaults */
ecc_ctx_init(&localCtx, 0);
- ctx = &localCtx;
+ ctx = &localCtx;
}
-
+
ret = ecc_get_key_sizes(ctx, &encKeySz, &ivSz, &keysLen, &digestSz,
&blockSz);
if (ret != 0)
@@ -4368,10 +4991,10 @@ int wc_ecc_encrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
ctx->cliSt = ecCLI_SENT_REQ; /* only do this once */
}
-
+
if (keysLen > ECC_BUFSIZE) /* keys size */
return BUFFER_E;
-
+
if ( (msgSz%blockSz) != 0)
return BAD_PADDING_E;
@@ -4497,14 +5120,14 @@ int wc_ecc_decrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
if (ctx == NULL) { /* use defaults */
ecc_ctx_init(&localCtx, 0);
- ctx = &localCtx;
+ ctx = &localCtx;
}
-
+
ret = ecc_get_key_sizes(ctx, &encKeySz, &ivSz, &keysLen, &digestSz,
&blockSz);
if (ret != 0)
return ret;
-
+
if (ctx->protocol == REQ_RESP_CLIENT) {
offset = keysLen;
keysLen *= 2;
@@ -4520,10 +5143,10 @@ int wc_ecc_decrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
ctx->srvSt = ecSRV_RECV_REQ; /* only do this once */
}
-
+
if (keysLen > ECC_BUFSIZE) /* keys size */
return BUFFER_E;
-
+
if ( ((msgSz-digestSz) % blockSz) != 0)
return BAD_PADDING_E;
@@ -4879,7 +5502,7 @@ int wc_ecc_export_x963_compressed(ecc_key* key, byte* out, word32* outLen)
if (key == NULL || out == NULL || outLen == NULL)
return ECC_BAD_ARG_E;
- if (ecc_is_valid_idx(key->idx) == 0) {
+ if (wc_ecc_is_valid_idx(key->idx) == 0) {
return ECC_BAD_ARG_E;
}
numlen = key->dp->size;
diff --git a/wolfcrypt/src/ed25519.c b/wolfcrypt/src/ed25519.c
index 54dc25b97..2e5f6545e 100644
--- a/wolfcrypt/src/ed25519.c
+++ b/wolfcrypt/src/ed25519.c
@@ -32,652 +32,21 @@
#include
#include
+#include
#ifdef NO_INLINE
#include
#else
#include
#endif
-
-void sc_reduce(byte* s);
-void sc_muladd(byte* s, const byte* a, const byte* b, const byte* c);
-
-/*
-Input:
- s[0]+256*s[1]+...+256^63*s[63] = s
-
-Output:
- s[0]+256*s[1]+...+256^31*s[31] = s mod l
- where l = 2^252 + 27742317777372353535851937790883648493.
- Overwrites s in place.
-*/
-
-void sc_reduce(byte* s)
-{
- int64_t s0 = 2097151 & load_3(s);
- int64_t s1 = 2097151 & (load_4(s + 2) >> 5);
- int64_t s2 = 2097151 & (load_3(s + 5) >> 2);
- int64_t s3 = 2097151 & (load_4(s + 7) >> 7);
- int64_t s4 = 2097151 & (load_4(s + 10) >> 4);
- int64_t s5 = 2097151 & (load_3(s + 13) >> 1);
- int64_t s6 = 2097151 & (load_4(s + 15) >> 6);
- int64_t s7 = 2097151 & (load_3(s + 18) >> 3);
- int64_t s8 = 2097151 & load_3(s + 21);
- int64_t s9 = 2097151 & (load_4(s + 23) >> 5);
- int64_t s10 = 2097151 & (load_3(s + 26) >> 2);
- int64_t s11 = 2097151 & (load_4(s + 28) >> 7);
- int64_t s12 = 2097151 & (load_4(s + 31) >> 4);
- int64_t s13 = 2097151 & (load_3(s + 34) >> 1);
- int64_t s14 = 2097151 & (load_4(s + 36) >> 6);
- int64_t s15 = 2097151 & (load_3(s + 39) >> 3);
- int64_t s16 = 2097151 & load_3(s + 42);
- int64_t s17 = 2097151 & (load_4(s + 44) >> 5);
- int64_t s18 = 2097151 & (load_3(s + 47) >> 2);
- int64_t s19 = 2097151 & (load_4(s + 49) >> 7);
- int64_t s20 = 2097151 & (load_4(s + 52) >> 4);
- int64_t s21 = 2097151 & (load_3(s + 55) >> 1);
- int64_t s22 = 2097151 & (load_4(s + 57) >> 6);
- int64_t s23 = (load_4(s + 60) >> 3);
- int64_t carry0;
- int64_t carry1;
- int64_t carry2;
- int64_t carry3;
- int64_t carry4;
- int64_t carry5;
- int64_t carry6;
- int64_t carry7;
- int64_t carry8;
- int64_t carry9;
- int64_t carry10;
- int64_t carry11;
- int64_t carry12;
- int64_t carry13;
- int64_t carry14;
- int64_t carry15;
- int64_t carry16;
-
- s11 += s23 * 666643;
- s12 += s23 * 470296;
- s13 += s23 * 654183;
- s14 -= s23 * 997805;
- s15 += s23 * 136657;
- s16 -= s23 * 683901;
- s23 = 0;
-
- s10 += s22 * 666643;
- s11 += s22 * 470296;
- s12 += s22 * 654183;
- s13 -= s22 * 997805;
- s14 += s22 * 136657;
- s15 -= s22 * 683901;
- s22 = 0;
-
- s9 += s21 * 666643;
- s10 += s21 * 470296;
- s11 += s21 * 654183;
- s12 -= s21 * 997805;
- s13 += s21 * 136657;
- s14 -= s21 * 683901;
- s21 = 0;
-
- s8 += s20 * 666643;
- s9 += s20 * 470296;
- s10 += s20 * 654183;
- s11 -= s20 * 997805;
- s12 += s20 * 136657;
- s13 -= s20 * 683901;
- s20 = 0;
-
- s7 += s19 * 666643;
- s8 += s19 * 470296;
- s9 += s19 * 654183;
- s10 -= s19 * 997805;
- s11 += s19 * 136657;
- s12 -= s19 * 683901;
- s19 = 0;
-
- s6 += s18 * 666643;
- s7 += s18 * 470296;
- s8 += s18 * 654183;
- s9 -= s18 * 997805;
- s10 += s18 * 136657;
- s11 -= s18 * 683901;
- s18 = 0;
-
- carry6 = (s6 + (1<<20)) >> 21; s7 += carry6; s6 -= carry6 << 21;
- carry8 = (s8 + (1<<20)) >> 21; s9 += carry8; s8 -= carry8 << 21;
- carry10 = (s10 + (1<<20)) >> 21; s11 += carry10; s10 -= carry10 << 21;
- carry12 = (s12 + (1<<20)) >> 21; s13 += carry12; s12 -= carry12 << 21;
- carry14 = (s14 + (1<<20)) >> 21; s15 += carry14; s14 -= carry14 << 21;
- carry16 = (s16 + (1<<20)) >> 21; s17 += carry16; s16 -= carry16 << 21;
-
- carry7 = (s7 + (1<<20)) >> 21; s8 += carry7; s7 -= carry7 << 21;
- carry9 = (s9 + (1<<20)) >> 21; s10 += carry9; s9 -= carry9 << 21;
- carry11 = (s11 + (1<<20)) >> 21; s12 += carry11; s11 -= carry11 << 21;
- carry13 = (s13 + (1<<20)) >> 21; s14 += carry13; s13 -= carry13 << 21;
- carry15 = (s15 + (1<<20)) >> 21; s16 += carry15; s15 -= carry15 << 21;
-
- s5 += s17 * 666643;
- s6 += s17 * 470296;
- s7 += s17 * 654183;
- s8 -= s17 * 997805;
- s9 += s17 * 136657;
- s10 -= s17 * 683901;
- s17 = 0;
-
- s4 += s16 * 666643;
- s5 += s16 * 470296;
- s6 += s16 * 654183;
- s7 -= s16 * 997805;
- s8 += s16 * 136657;
- s9 -= s16 * 683901;
- s16 = 0;
-
- s3 += s15 * 666643;
- s4 += s15 * 470296;
- s5 += s15 * 654183;
- s6 -= s15 * 997805;
- s7 += s15 * 136657;
- s8 -= s15 * 683901;
- s15 = 0;
-
- s2 += s14 * 666643;
- s3 += s14 * 470296;
- s4 += s14 * 654183;
- s5 -= s14 * 997805;
- s6 += s14 * 136657;
- s7 -= s14 * 683901;
- s14 = 0;
-
- s1 += s13 * 666643;
- s2 += s13 * 470296;
- s3 += s13 * 654183;
- s4 -= s13 * 997805;
- s5 += s13 * 136657;
- s6 -= s13 * 683901;
- s13 = 0;
-
- s0 += s12 * 666643;
- s1 += s12 * 470296;
- s2 += s12 * 654183;
- s3 -= s12 * 997805;
- s4 += s12 * 136657;
- s5 -= s12 * 683901;
- s12 = 0;
-
- carry0 = (s0 + (1<<20)) >> 21; s1 += carry0; s0 -= carry0 << 21;
- carry2 = (s2 + (1<<20)) >> 21; s3 += carry2; s2 -= carry2 << 21;
- carry4 = (s4 + (1<<20)) >> 21; s5 += carry4; s4 -= carry4 << 21;
- carry6 = (s6 + (1<<20)) >> 21; s7 += carry6; s6 -= carry6 << 21;
- carry8 = (s8 + (1<<20)) >> 21; s9 += carry8; s8 -= carry8 << 21;
- carry10 = (s10 + (1<<20)) >> 21; s11 += carry10; s10 -= carry10 << 21;
-
- carry1 = (s1 + (1<<20)) >> 21; s2 += carry1; s1 -= carry1 << 21;
- carry3 = (s3 + (1<<20)) >> 21; s4 += carry3; s3 -= carry3 << 21;
- carry5 = (s5 + (1<<20)) >> 21; s6 += carry5; s5 -= carry5 << 21;
- carry7 = (s7 + (1<<20)) >> 21; s8 += carry7; s7 -= carry7 << 21;
- carry9 = (s9 + (1<<20)) >> 21; s10 += carry9; s9 -= carry9 << 21;
- carry11 = (s11 + (1<<20)) >> 21; s12 += carry11; s11 -= carry11 << 21;
-
- s0 += s12 * 666643;
- s1 += s12 * 470296;
- s2 += s12 * 654183;
- s3 -= s12 * 997805;
- s4 += s12 * 136657;
- s5 -= s12 * 683901;
- s12 = 0;
-
- carry0 = s0 >> 21; s1 += carry0; s0 -= carry0 << 21;
- carry1 = s1 >> 21; s2 += carry1; s1 -= carry1 << 21;
- carry2 = s2 >> 21; s3 += carry2; s2 -= carry2 << 21;
- carry3 = s3 >> 21; s4 += carry3; s3 -= carry3 << 21;
- carry4 = s4 >> 21; s5 += carry4; s4 -= carry4 << 21;
- carry5 = s5 >> 21; s6 += carry5; s5 -= carry5 << 21;
- carry6 = s6 >> 21; s7 += carry6; s6 -= carry6 << 21;
- carry7 = s7 >> 21; s8 += carry7; s7 -= carry7 << 21;
- carry8 = s8 >> 21; s9 += carry8; s8 -= carry8 << 21;
- carry9 = s9 >> 21; s10 += carry9; s9 -= carry9 << 21;
- carry10 = s10 >> 21; s11 += carry10; s10 -= carry10 << 21;
- carry11 = s11 >> 21; s12 += carry11; s11 -= carry11 << 21;
-
- s0 += s12 * 666643;
- s1 += s12 * 470296;
- s2 += s12 * 654183;
- s3 -= s12 * 997805;
- s4 += s12 * 136657;
- s5 -= s12 * 683901;
- s12 = 0;
-
- carry0 = s0 >> 21; s1 += carry0; s0 -= carry0 << 21;
- carry1 = s1 >> 21; s2 += carry1; s1 -= carry1 << 21;
- carry2 = s2 >> 21; s3 += carry2; s2 -= carry2 << 21;
- carry3 = s3 >> 21; s4 += carry3; s3 -= carry3 << 21;
- carry4 = s4 >> 21; s5 += carry4; s4 -= carry4 << 21;
- carry5 = s5 >> 21; s6 += carry5; s5 -= carry5 << 21;
- carry6 = s6 >> 21; s7 += carry6; s6 -= carry6 << 21;
- carry7 = s7 >> 21; s8 += carry7; s7 -= carry7 << 21;
- carry8 = s8 >> 21; s9 += carry8; s8 -= carry8 << 21;
- carry9 = s9 >> 21; s10 += carry9; s9 -= carry9 << 21;
- carry10 = s10 >> 21; s11 += carry10; s10 -= carry10 << 21;
-
- s[0] = s0 >> 0;
- s[1] = s0 >> 8;
- s[2] = (s0 >> 16) | (s1 << 5);
- s[3] = s1 >> 3;
- s[4] = s1 >> 11;
- s[5] = (s1 >> 19) | (s2 << 2);
- s[6] = s2 >> 6;
- s[7] = (s2 >> 14) | (s3 << 7);
- s[8] = s3 >> 1;
- s[9] = s3 >> 9;
- s[10] = (s3 >> 17) | (s4 << 4);
- s[11] = s4 >> 4;
- s[12] = s4 >> 12;
- s[13] = (s4 >> 20) | (s5 << 1);
- s[14] = s5 >> 7;
- s[15] = (s5 >> 15) | (s6 << 6);
- s[16] = s6 >> 2;
- s[17] = s6 >> 10;
- s[18] = (s6 >> 18) | (s7 << 3);
- s[19] = s7 >> 5;
- s[20] = s7 >> 13;
- s[21] = s8 >> 0;
- s[22] = s8 >> 8;
- s[23] = (s8 >> 16) | (s9 << 5);
- s[24] = s9 >> 3;
- s[25] = s9 >> 11;
- s[26] = (s9 >> 19) | (s10 << 2);
- s[27] = s10 >> 6;
- s[28] = (s10 >> 14) | (s11 << 7);
- s[29] = s11 >> 1;
- s[30] = s11 >> 9;
- s[31] = s11 >> 17;
-
- /* hush warnings after setting values to 0 */
- (void)s12;
- (void)s13;
- (void)s14;
- (void)s15;
- (void)s16;
- (void)s17;
- (void)s18;
- (void)s19;
- (void)s20;
- (void)s21;
- (void)s22;
- (void)s23;
-}
-
-
-/*
-Input:
- a[0]+256*a[1]+...+256^31*a[31] = a
- b[0]+256*b[1]+...+256^31*b[31] = b
- c[0]+256*c[1]+...+256^31*c[31] = c
-
-Output:
- s[0]+256*s[1]+...+256^31*s[31] = (ab+c) mod l
- where l = 2^252 + 27742317777372353535851937790883648493.
-*/
-
-void sc_muladd(byte* s, const byte* a, const byte* b, const byte* c)
-{
- int64_t a0 = 2097151 & load_3(a);
- int64_t a1 = 2097151 & (load_4(a + 2) >> 5);
- int64_t a2 = 2097151 & (load_3(a + 5) >> 2);
- int64_t a3 = 2097151 & (load_4(a + 7) >> 7);
- int64_t a4 = 2097151 & (load_4(a + 10) >> 4);
- int64_t a5 = 2097151 & (load_3(a + 13) >> 1);
- int64_t a6 = 2097151 & (load_4(a + 15) >> 6);
- int64_t a7 = 2097151 & (load_3(a + 18) >> 3);
- int64_t a8 = 2097151 & load_3(a + 21);
- int64_t a9 = 2097151 & (load_4(a + 23) >> 5);
- int64_t a10 = 2097151 & (load_3(a + 26) >> 2);
- int64_t a11 = (load_4(a + 28) >> 7);
- int64_t b0 = 2097151 & load_3(b);
- int64_t b1 = 2097151 & (load_4(b + 2) >> 5);
- int64_t b2 = 2097151 & (load_3(b + 5) >> 2);
- int64_t b3 = 2097151 & (load_4(b + 7) >> 7);
- int64_t b4 = 2097151 & (load_4(b + 10) >> 4);
- int64_t b5 = 2097151 & (load_3(b + 13) >> 1);
- int64_t b6 = 2097151 & (load_4(b + 15) >> 6);
- int64_t b7 = 2097151 & (load_3(b + 18) >> 3);
- int64_t b8 = 2097151 & load_3(b + 21);
- int64_t b9 = 2097151 & (load_4(b + 23) >> 5);
- int64_t b10 = 2097151 & (load_3(b + 26) >> 2);
- int64_t b11 = (load_4(b + 28) >> 7);
- int64_t c0 = 2097151 & load_3(c);
- int64_t c1 = 2097151 & (load_4(c + 2) >> 5);
- int64_t c2 = 2097151 & (load_3(c + 5) >> 2);
- int64_t c3 = 2097151 & (load_4(c + 7) >> 7);
- int64_t c4 = 2097151 & (load_4(c + 10) >> 4);
- int64_t c5 = 2097151 & (load_3(c + 13) >> 1);
- int64_t c6 = 2097151 & (load_4(c + 15) >> 6);
- int64_t c7 = 2097151 & (load_3(c + 18) >> 3);
- int64_t c8 = 2097151 & load_3(c + 21);
- int64_t c9 = 2097151 & (load_4(c + 23) >> 5);
- int64_t c10 = 2097151 & (load_3(c + 26) >> 2);
- int64_t c11 = (load_4(c + 28) >> 7);
- int64_t s0;
- int64_t s1;
- int64_t s2;
- int64_t s3;
- int64_t s4;
- int64_t s5;
- int64_t s6;
- int64_t s7;
- int64_t s8;
- int64_t s9;
- int64_t s10;
- int64_t s11;
- int64_t s12;
- int64_t s13;
- int64_t s14;
- int64_t s15;
- int64_t s16;
- int64_t s17;
- int64_t s18;
- int64_t s19;
- int64_t s20;
- int64_t s21;
- int64_t s22;
- int64_t s23;
- int64_t carry0;
- int64_t carry1;
- int64_t carry2;
- int64_t carry3;
- int64_t carry4;
- int64_t carry5;
- int64_t carry6;
- int64_t carry7;
- int64_t carry8;
- int64_t carry9;
- int64_t carry10;
- int64_t carry11;
- int64_t carry12;
- int64_t carry13;
- int64_t carry14;
- int64_t carry15;
- int64_t carry16;
- int64_t carry17;
- int64_t carry18;
- int64_t carry19;
- int64_t carry20;
- int64_t carry21;
- int64_t carry22;
-
- s0 = c0 + a0*b0;
- s1 = c1 + a0*b1 + a1*b0;
- s2 = c2 + a0*b2 + a1*b1 + a2*b0;
- s3 = c3 + a0*b3 + a1*b2 + a2*b1 + a3*b0;
- s4 = c4 + a0*b4 + a1*b3 + a2*b2 + a3*b1 + a4*b0;
- s5 = c5 + a0*b5 + a1*b4 + a2*b3 + a3*b2 + a4*b1 + a5*b0;
- s6 = c6 + a0*b6 + a1*b5 + a2*b4 + a3*b3 + a4*b2 + a5*b1 + a6*b0;
- s7 = c7 + a0*b7 + a1*b6 + a2*b5 + a3*b4 + a4*b3 + a5*b2 + a6*b1 + a7*b0;
- s8 = c8 + a0*b8 + a1*b7 + a2*b6 + a3*b5 + a4*b4 + a5*b3 + a6*b2 + a7*b1 + a8*b0;
- s9 = c9 + a0*b9 + a1*b8 + a2*b7 + a3*b6 + a4*b5 + a5*b4 + a6*b3 + a7*b2 + a8*b1 + a9*b0;
- s10 = c10 + a0*b10 + a1*b9 + a2*b8 + a3*b7 + a4*b6 + a5*b5 + a6*b4 + a7*b3 + a8*b2 + a9*b1 + a10*b0;
- s11 = c11 + a0*b11 + a1*b10 + a2*b9 + a3*b8 + a4*b7 + a5*b6 + a6*b5 + a7*b4 + a8*b3 + a9*b2 + a10*b1 + a11*b0;
- s12 = a1*b11 + a2*b10 + a3*b9 + a4*b8 + a5*b7 + a6*b6 + a7*b5 + a8*b4 + a9*b3 + a10*b2 + a11*b1;
- s13 = a2*b11 + a3*b10 + a4*b9 + a5*b8 + a6*b7 + a7*b6 + a8*b5 + a9*b4 + a10*b3 + a11*b2;
- s14 = a3*b11 + a4*b10 + a5*b9 + a6*b8 + a7*b7 + a8*b6 + a9*b5 + a10*b4 + a11*b3;
- s15 = a4*b11 + a5*b10 + a6*b9 + a7*b8 + a8*b7 + a9*b6 + a10*b5 + a11*b4;
- s16 = a5*b11 + a6*b10 + a7*b9 + a8*b8 + a9*b7 + a10*b6 + a11*b5;
- s17 = a6*b11 + a7*b10 + a8*b9 + a9*b8 + a10*b7 + a11*b6;
- s18 = a7*b11 + a8*b10 + a9*b9 + a10*b8 + a11*b7;
- s19 = a8*b11 + a9*b10 + a10*b9 + a11*b8;
- s20 = a9*b11 + a10*b10 + a11*b9;
- s21 = a10*b11 + a11*b10;
- s22 = a11*b11;
- s23 = 0;
-
- carry0 = (s0 + (1<<20)) >> 21; s1 += carry0; s0 -= carry0 << 21;
- carry2 = (s2 + (1<<20)) >> 21; s3 += carry2; s2 -= carry2 << 21;
- carry4 = (s4 + (1<<20)) >> 21; s5 += carry4; s4 -= carry4 << 21;
- carry6 = (s6 + (1<<20)) >> 21; s7 += carry6; s6 -= carry6 << 21;
- carry8 = (s8 + (1<<20)) >> 21; s9 += carry8; s8 -= carry8 << 21;
- carry10 = (s10 + (1<<20)) >> 21; s11 += carry10; s10 -= carry10 << 21;
- carry12 = (s12 + (1<<20)) >> 21; s13 += carry12; s12 -= carry12 << 21;
- carry14 = (s14 + (1<<20)) >> 21; s15 += carry14; s14 -= carry14 << 21;
- carry16 = (s16 + (1<<20)) >> 21; s17 += carry16; s16 -= carry16 << 21;
- carry18 = (s18 + (1<<20)) >> 21; s19 += carry18; s18 -= carry18 << 21;
- carry20 = (s20 + (1<<20)) >> 21; s21 += carry20; s20 -= carry20 << 21;
- carry22 = (s22 + (1<<20)) >> 21; s23 += carry22; s22 -= carry22 << 21;
-
- carry1 = (s1 + (1<<20)) >> 21; s2 += carry1; s1 -= carry1 << 21;
- carry3 = (s3 + (1<<20)) >> 21; s4 += carry3; s3 -= carry3 << 21;
- carry5 = (s5 + (1<<20)) >> 21; s6 += carry5; s5 -= carry5 << 21;
- carry7 = (s7 + (1<<20)) >> 21; s8 += carry7; s7 -= carry7 << 21;
- carry9 = (s9 + (1<<20)) >> 21; s10 += carry9; s9 -= carry9 << 21;
- carry11 = (s11 + (1<<20)) >> 21; s12 += carry11; s11 -= carry11 << 21;
- carry13 = (s13 + (1<<20)) >> 21; s14 += carry13; s13 -= carry13 << 21;
- carry15 = (s15 + (1<<20)) >> 21; s16 += carry15; s15 -= carry15 << 21;
- carry17 = (s17 + (1<<20)) >> 21; s18 += carry17; s17 -= carry17 << 21;
- carry19 = (s19 + (1<<20)) >> 21; s20 += carry19; s19 -= carry19 << 21;
- carry21 = (s21 + (1<<20)) >> 21; s22 += carry21; s21 -= carry21 << 21;
-
- s11 += s23 * 666643;
- s12 += s23 * 470296;
- s13 += s23 * 654183;
- s14 -= s23 * 997805;
- s15 += s23 * 136657;
- s16 -= s23 * 683901;
- s23 = 0;
-
- s10 += s22 * 666643;
- s11 += s22 * 470296;
- s12 += s22 * 654183;
- s13 -= s22 * 997805;
- s14 += s22 * 136657;
- s15 -= s22 * 683901;
- s22 = 0;
-
- s9 += s21 * 666643;
- s10 += s21 * 470296;
- s11 += s21 * 654183;
- s12 -= s21 * 997805;
- s13 += s21 * 136657;
- s14 -= s21 * 683901;
- s21 = 0;
-
- s8 += s20 * 666643;
- s9 += s20 * 470296;
- s10 += s20 * 654183;
- s11 -= s20 * 997805;
- s12 += s20 * 136657;
- s13 -= s20 * 683901;
- s20 = 0;
-
- s7 += s19 * 666643;
- s8 += s19 * 470296;
- s9 += s19 * 654183;
- s10 -= s19 * 997805;
- s11 += s19 * 136657;
- s12 -= s19 * 683901;
- s19 = 0;
-
- s6 += s18 * 666643;
- s7 += s18 * 470296;
- s8 += s18 * 654183;
- s9 -= s18 * 997805;
- s10 += s18 * 136657;
- s11 -= s18 * 683901;
- s18 = 0;
-
- carry6 = (s6 + (1<<20)) >> 21; s7 += carry6; s6 -= carry6 << 21;
- carry8 = (s8 + (1<<20)) >> 21; s9 += carry8; s8 -= carry8 << 21;
- carry10 = (s10 + (1<<20)) >> 21; s11 += carry10; s10 -= carry10 << 21;
- carry12 = (s12 + (1<<20)) >> 21; s13 += carry12; s12 -= carry12 << 21;
- carry14 = (s14 + (1<<20)) >> 21; s15 += carry14; s14 -= carry14 << 21;
- carry16 = (s16 + (1<<20)) >> 21; s17 += carry16; s16 -= carry16 << 21;
-
- carry7 = (s7 + (1<<20)) >> 21; s8 += carry7; s7 -= carry7 << 21;
- carry9 = (s9 + (1<<20)) >> 21; s10 += carry9; s9 -= carry9 << 21;
- carry11 = (s11 + (1<<20)) >> 21; s12 += carry11; s11 -= carry11 << 21;
- carry13 = (s13 + (1<<20)) >> 21; s14 += carry13; s13 -= carry13 << 21;
- carry15 = (s15 + (1<<20)) >> 21; s16 += carry15; s15 -= carry15 << 21;
-
- s5 += s17 * 666643;
- s6 += s17 * 470296;
- s7 += s17 * 654183;
- s8 -= s17 * 997805;
- s9 += s17 * 136657;
- s10 -= s17 * 683901;
- s17 = 0;
-
- s4 += s16 * 666643;
- s5 += s16 * 470296;
- s6 += s16 * 654183;
- s7 -= s16 * 997805;
- s8 += s16 * 136657;
- s9 -= s16 * 683901;
- s16 = 0;
-
- s3 += s15 * 666643;
- s4 += s15 * 470296;
- s5 += s15 * 654183;
- s6 -= s15 * 997805;
- s7 += s15 * 136657;
- s8 -= s15 * 683901;
- s15 = 0;
-
- s2 += s14 * 666643;
- s3 += s14 * 470296;
- s4 += s14 * 654183;
- s5 -= s14 * 997805;
- s6 += s14 * 136657;
- s7 -= s14 * 683901;
- s14 = 0;
-
- s1 += s13 * 666643;
- s2 += s13 * 470296;
- s3 += s13 * 654183;
- s4 -= s13 * 997805;
- s5 += s13 * 136657;
- s6 -= s13 * 683901;
- s13 = 0;
-
- s0 += s12 * 666643;
- s1 += s12 * 470296;
- s2 += s12 * 654183;
- s3 -= s12 * 997805;
- s4 += s12 * 136657;
- s5 -= s12 * 683901;
- s12 = 0;
-
- carry0 = (s0 + (1<<20)) >> 21; s1 += carry0; s0 -= carry0 << 21;
- carry2 = (s2 + (1<<20)) >> 21; s3 += carry2; s2 -= carry2 << 21;
- carry4 = (s4 + (1<<20)) >> 21; s5 += carry4; s4 -= carry4 << 21;
- carry6 = (s6 + (1<<20)) >> 21; s7 += carry6; s6 -= carry6 << 21;
- carry8 = (s8 + (1<<20)) >> 21; s9 += carry8; s8 -= carry8 << 21;
- carry10 = (s10 + (1<<20)) >> 21; s11 += carry10; s10 -= carry10 << 21;
-
- carry1 = (s1 + (1<<20)) >> 21; s2 += carry1; s1 -= carry1 << 21;
- carry3 = (s3 + (1<<20)) >> 21; s4 += carry3; s3 -= carry3 << 21;
- carry5 = (s5 + (1<<20)) >> 21; s6 += carry5; s5 -= carry5 << 21;
- carry7 = (s7 + (1<<20)) >> 21; s8 += carry7; s7 -= carry7 << 21;
- carry9 = (s9 + (1<<20)) >> 21; s10 += carry9; s9 -= carry9 << 21;
- carry11 = (s11 + (1<<20)) >> 21; s12 += carry11; s11 -= carry11 << 21;
-
- s0 += s12 * 666643;
- s1 += s12 * 470296;
- s2 += s12 * 654183;
- s3 -= s12 * 997805;
- s4 += s12 * 136657;
- s5 -= s12 * 683901;
- s12 = 0;
-
- carry0 = s0 >> 21; s1 += carry0; s0 -= carry0 << 21;
- carry1 = s1 >> 21; s2 += carry1; s1 -= carry1 << 21;
- carry2 = s2 >> 21; s3 += carry2; s2 -= carry2 << 21;
- carry3 = s3 >> 21; s4 += carry3; s3 -= carry3 << 21;
- carry4 = s4 >> 21; s5 += carry4; s4 -= carry4 << 21;
- carry5 = s5 >> 21; s6 += carry5; s5 -= carry5 << 21;
- carry6 = s6 >> 21; s7 += carry6; s6 -= carry6 << 21;
- carry7 = s7 >> 21; s8 += carry7; s7 -= carry7 << 21;
- carry8 = s8 >> 21; s9 += carry8; s8 -= carry8 << 21;
- carry9 = s9 >> 21; s10 += carry9; s9 -= carry9 << 21;
- carry10 = s10 >> 21; s11 += carry10; s10 -= carry10 << 21;
- carry11 = s11 >> 21; s12 += carry11; s11 -= carry11 << 21;
-
- s0 += s12 * 666643;
- s1 += s12 * 470296;
- s2 += s12 * 654183;
- s3 -= s12 * 997805;
- s4 += s12 * 136657;
- s5 -= s12 * 683901;
- s12 = 0;
-
- carry0 = s0 >> 21; s1 += carry0; s0 -= carry0 << 21;
- carry1 = s1 >> 21; s2 += carry1; s1 -= carry1 << 21;
- carry2 = s2 >> 21; s3 += carry2; s2 -= carry2 << 21;
- carry3 = s3 >> 21; s4 += carry3; s3 -= carry3 << 21;
- carry4 = s4 >> 21; s5 += carry4; s4 -= carry4 << 21;
- carry5 = s5 >> 21; s6 += carry5; s5 -= carry5 << 21;
- carry6 = s6 >> 21; s7 += carry6; s6 -= carry6 << 21;
- carry7 = s7 >> 21; s8 += carry7; s7 -= carry7 << 21;
- carry8 = s8 >> 21; s9 += carry8; s8 -= carry8 << 21;
- carry9 = s9 >> 21; s10 += carry9; s9 -= carry9 << 21;
- carry10 = s10 >> 21; s11 += carry10; s10 -= carry10 << 21;
-
- s[0] = s0 >> 0;
- s[1] = s0 >> 8;
- s[2] = (s0 >> 16) | (s1 << 5);
- s[3] = s1 >> 3;
- s[4] = s1 >> 11;
- s[5] = (s1 >> 19) | (s2 << 2);
- s[6] = s2 >> 6;
- s[7] = (s2 >> 14) | (s3 << 7);
- s[8] = s3 >> 1;
- s[9] = s3 >> 9;
- s[10] = (s3 >> 17) | (s4 << 4);
- s[11] = s4 >> 4;
- s[12] = s4 >> 12;
- s[13] = (s4 >> 20) | (s5 << 1);
- s[14] = s5 >> 7;
- s[15] = (s5 >> 15) | (s6 << 6);
- s[16] = s6 >> 2;
- s[17] = s6 >> 10;
- s[18] = (s6 >> 18) | (s7 << 3);
- s[19] = s7 >> 5;
- s[20] = s7 >> 13;
- s[21] = s8 >> 0;
- s[22] = s8 >> 8;
- s[23] = (s8 >> 16) | (s9 << 5);
- s[24] = s9 >> 3;
- s[25] = s9 >> 11;
- s[26] = (s9 >> 19) | (s10 << 2);
- s[27] = s10 >> 6;
- s[28] = (s10 >> 14) | (s11 << 7);
- s[29] = s11 >> 1;
- s[30] = s11 >> 9;
- s[31] = s11 >> 17;
-
- /* hush warnings after setting values to 0 */
- (void)s12;
- (void)s13;
- (void)s14;
- (void)s15;
- (void)s16;
- (void)s17;
- (void)s18;
- (void)s19;
- (void)s20;
- (void)s21;
- (void)s22;
- (void)s23;
-}
-
-
-/*
- generate an ed25519 key pair.
- returns 0 on success
+/* generate an ed25519 key pair.
+ * returns 0 on success
*/
-int wc_ed25519_make_key(RNG* rng, int keySz, ed25519_key* key)
+int wc_ed25519_make_key(WC_RNG* rng, int keySz, ed25519_key* key)
{
- byte az[64];
- ge_p3 A;
+ byte az[ED25519_PRV_KEY_SIZE];
int ret;
+ ge_p3 A;
if (rng == NULL || key == NULL)
return BAD_FUNC_ARG;
@@ -686,16 +55,25 @@ int wc_ed25519_make_key(RNG* rng, int keySz, ed25519_key* key)
if (keySz != ED25519_KEY_SIZE)
return BAD_FUNC_ARG;
- ret = 0;
- ret |= wc_RNG_GenerateBlock(rng, key->k, 32);
- ret |= wc_Sha512Hash(key->k, 32, az);
- az[0] &= 248;
- az[31] &= 63;
+ ret = wc_RNG_GenerateBlock(rng, key->k, ED25519_KEY_SIZE);
+ if (ret != 0)
+ return ret;
+ ret = wc_Sha512Hash(key->k, ED25519_KEY_SIZE, az);
+ if (ret != 0) {
+ ForceZero(key->k, ED25519_KEY_SIZE);
+ return ret;
+ }
+
+ /* apply clamp */
+ az[0] &= 248;
+ az[31] &= 63; /* same than az[31] &= 127 because of az[31] |= 64 */
az[31] |= 64;
ge_scalarmult_base(&A, az);
ge_p3_tobytes(key->p, &A);
- XMEMMOVE(key->k + 32, key->p, 32);
+
+ /* put public key after private key, on the same buffer */
+ XMEMMOVE(key->k + ED25519_KEY_SIZE, key->p, ED25519_PUB_KEY_SIZE);
return ret;
}
@@ -705,54 +83,83 @@ int wc_ed25519_make_key(RNG* rng, int keySz, ed25519_key* key)
in contains the message to sign
inlen is the length of the message to sign
out is the buffer to write the signature
- outlen [in/out] input size of out buf
- output gets set as the final length of out
+ outLen [in/out] input size of out buf
+ output gets set as the final length of out
key is the ed25519 key to use when signing
return 0 on success
*/
int wc_ed25519_sign_msg(const byte* in, word32 inlen, byte* out,
- word32 *outlen, ed25519_key* key)
+ word32 *outLen, ed25519_key* key)
{
- int ret = 0;
- byte nonce[64];
- byte hram[64];
- byte az[64];
- word32 sigSz;
ge_p3 R;
+ byte nonce[SHA512_DIGEST_SIZE];
+ byte hram[SHA512_DIGEST_SIZE];
+ byte az[ED25519_PRV_KEY_SIZE];
Sha512 sha;
+ int ret;
/* sanity check on arguments */
- if (in == NULL || out == NULL || outlen == NULL || key == NULL)
+ if (in == NULL || out == NULL || outLen == NULL || key == NULL)
return BAD_FUNC_ARG;
/* check and set up out length */
- ret = 0;
- sigSz = wc_ed25519_sig_size(key);
- if (*outlen < sigSz)
- return BAD_FUNC_ARG;
- *outlen = sigSz;
+ if (*outLen < ED25519_SIG_SIZE) {
+ *outLen = ED25519_SIG_SIZE;
+ return BUFFER_E;
+ }
+ *outLen = ED25519_SIG_SIZE;
- /* create nonce to use */
- ret |= wc_Sha512Hash(key->k,32,az);
+ /* step 1: create nonce to use where nonce is r in
+ r = H(h_b, ... ,h_2b-1,M) */
+ ret = wc_Sha512Hash(key->k, ED25519_KEY_SIZE, az);
+ if (ret != 0)
+ return ret;
+
+ /* apply clamp */
az[0] &= 248;
- az[31] &= 63;
+ az[31] &= 63; /* same than az[31] &= 127 because of az[31] |= 64 */
az[31] |= 64;
- ret |= wc_InitSha512(&sha);
- ret |= wc_Sha512Update(&sha, az + 32, 32);
- ret |= wc_Sha512Update(&sha, in, inlen);
- ret |= wc_Sha512Final(&sha, nonce);
+
+ ret = wc_InitSha512(&sha);
+ if (ret != 0)
+ return ret;
+ ret = wc_Sha512Update(&sha, az + ED25519_KEY_SIZE, ED25519_KEY_SIZE);
+ if (ret != 0)
+ return ret;
+ ret = wc_Sha512Update(&sha, in, inlen);
+ if (ret != 0)
+ return ret;
+ ret = wc_Sha512Final(&sha, nonce);
+ if (ret != 0)
+ return ret;
+
sc_reduce(nonce);
+
+ /* step 2: computing R = rB where rB is the scalar multiplication of
+ r and B */
ge_scalarmult_base(&R,nonce);
ge_p3_tobytes(out,&R);
- /* hash scalarmult of nonce + public key + message */
- ret |= wc_InitSha512(&sha);
- ret |= wc_Sha512Update(&sha, out, 32);
- ret |= wc_Sha512Update(&sha, key->p, 32);
- ret |= wc_Sha512Update(&sha, in, inlen);
- ret |= wc_Sha512Final(&sha, hram);
+ /* step 3: hash R + public key + message getting H(R,A,M) then
+ creating S = (r + H(R,A,M)a) mod l */
+ ret = wc_InitSha512(&sha);
+ if (ret != 0)
+ return ret;
+ ret = wc_Sha512Update(&sha, out, ED25519_SIG_SIZE/2);
+ if (ret != 0)
+ return ret;
+ ret = wc_Sha512Update(&sha, key->p, ED25519_PUB_KEY_SIZE);
+ if (ret != 0)
+ return ret;
+ ret = wc_Sha512Update(&sha, in, inlen);
+ if (ret != 0)
+ return ret;
+ ret = wc_Sha512Final(&sha, hram);
+ if (ret != 0)
+ return ret;
+
sc_reduce(hram);
- sc_muladd(out + 32, hram, az, nonce);
+ sc_muladd(out + (ED25519_SIG_SIZE/2), hram, az, nonce);
return ret;
}
@@ -768,45 +175,64 @@ int wc_ed25519_sign_msg(const byte* in, word32 inlen, byte* out,
int wc_ed25519_verify_msg(byte* sig, word32 siglen, const byte* msg,
word32 msglen, int* stat, ed25519_key* key)
{
- int ret;
- word32 sigSz;
- byte h[64];
- byte rcheck[32];
- Sha512 sha;
+ byte rcheck[ED25519_KEY_SIZE];
+ byte h[SHA512_DIGEST_SIZE];
ge_p3 A;
ge_p2 R;
+ int ret;
+ Sha512 sha;
/* sanity check on arguments */
if (sig == NULL || msg == NULL || stat == NULL || key == NULL)
return BAD_FUNC_ARG;
- ret = 0;
+ /* set verification failed by default */
*stat = 0;
- sigSz = wc_ed25519_size(key);
/* check on basics needed to verify signature */
- if (siglen < sigSz)
- return BAD_FUNC_ARG;
- if (sig[63] & 224)
+ if (siglen < ED25519_SIG_SIZE || (sig[ED25519_SIG_SIZE-1] & 224))
return BAD_FUNC_ARG;
+
+ /* uncompress A (public key), test if valid, and negate it */
if (ge_frombytes_negate_vartime(&A, key->p) != 0)
return BAD_FUNC_ARG;
- /* reduce hash of r + public key + message */
- ret |= wc_InitSha512(&sha);
- ret |= wc_Sha512Update(&sha, sig, 32);
- ret |= wc_Sha512Update(&sha, key->p, 32);
- ret |= wc_Sha512Update(&sha, msg, msglen);
- ret |= wc_Sha512Final(&sha, h);
+ /* find H(R,A,M) and store it as h */
+ ret = wc_InitSha512(&sha);
+ if (ret != 0)
+ return ret;
+ ret = wc_Sha512Update(&sha, sig, ED25519_SIG_SIZE/2);
+ if (ret != 0)
+ return ret;
+ ret = wc_Sha512Update(&sha, key->p, ED25519_PUB_KEY_SIZE);
+ if (ret != 0)
+ return ret;
+ ret = wc_Sha512Update(&sha, msg, msglen);
+ if (ret != 0)
+ return ret;
+ ret = wc_Sha512Final(&sha, h);
+ if (ret != 0)
+ return ret;
+
sc_reduce(h);
- /* scalarmult placed in R using hash + A + s */
- ge_double_scalarmult_vartime(&R, h, &A, sig + 32);
- ge_tobytes(rcheck,&R);
+ /*
+ Uses a fast single-signature verification SB = R + H(R,A,M)A becomes
+ SB - H(R,A,M)A saving decompression of R
+ */
+ ret = ge_double_scalarmult_vartime(&R, h, &A, sig + (ED25519_SIG_SIZE/2));
+ if (ret != 0)
+ return ret;
- /* comparison of r created to r in sig */
- ret |= ConstantCompare(rcheck, sig, 32);
- *stat = (ret == 0)? 1: 0;
+ ge_tobytes(rcheck, &R);
+
+ /* comparison of R created to R in sig */
+ ret = ConstantCompare(rcheck, sig, ED25519_SIG_SIZE/2);
+ if (ret != 0)
+ return ret;
+
+ /* set the verification status */
+ *stat = 1;
return ret;
}
@@ -841,47 +267,17 @@ void wc_ed25519_free(ed25519_key* key)
*/
int wc_ed25519_export_public(ed25519_key* key, byte* out, word32* outLen)
{
- word32 keySz;
-
+ /* sanity check on arguments */
if (key == NULL || out == NULL || outLen == NULL)
return BAD_FUNC_ARG;
- keySz = wc_ed25519_size(key);
- if (*outLen < keySz) {
- *outLen = keySz;
+ if (*outLen < ED25519_PUB_KEY_SIZE) {
+ *outLen = ED25519_PUB_KEY_SIZE;
return BUFFER_E;
}
- *outLen = keySz;
- XMEMCPY(out, key->p, keySz);
- return 0;
-}
-
-
-/* internal function for importing uncompressed public keys */
-static int compress_key(byte* out, const byte* xIn, const byte* yIn,
- word32 keySz)
-{
- fe x,y,z;
- ge_p3 g;
- byte bArray[ED25519_KEY_SIZE];
- word32 i;
-
- fe_0(x);
- fe_0(y);
- fe_1(z);
- fe_frombytes(x, xIn);
- fe_frombytes(y, yIn);
-
- fe_copy(g.X, x);
- fe_copy(g.Y, y);
- fe_copy(g.Z, z);
-
- ge_p3_tobytes(bArray, &g);
-
- for (i = 0; i < keySz; i++) {
- out[keySz - 1 - i] = bArray[i];
- }
+ *outLen = ED25519_PUB_KEY_SIZE;
+ XMEMCPY(out, key->p, ED25519_PUB_KEY_SIZE);
return 0;
}
@@ -895,36 +291,35 @@ static int compress_key(byte* out, const byte* xIn, const byte* yIn,
*/
int wc_ed25519_import_public(const byte* in, word32 inLen, ed25519_key* key)
{
- word32 keySz;
int ret;
+ /* sanity check on arguments */
if (in == NULL || key == NULL)
return BAD_FUNC_ARG;
- keySz = wc_ed25519_size(key);
-
- if (inLen < keySz)
+ if (inLen < ED25519_PUB_KEY_SIZE)
return BAD_FUNC_ARG;
/* compressed prefix according to draft
http://www.ietf.org/id/draft-koch-eddsa-for-openpgp-02.txt */
- if (in[0] == 0x40) {
+ if (in[0] == 0x40 && inLen > ED25519_PUB_KEY_SIZE) {
/* key is stored in compressed format so just copy in */
- XMEMCPY(key->p, (in + 1), keySz);
+ XMEMCPY(key->p, (in + 1), ED25519_PUB_KEY_SIZE);
return 0;
}
/* importing uncompressed public key */
- if (in[0] == 0x04) {
+ if (in[0] == 0x04 && inLen > 2*ED25519_PUB_KEY_SIZE) {
/* pass in (x,y) and store compressed key */
- ret = compress_key(key->p, (in+1), (in+1+keySz), keySz);
+ ret = ge_compress_key(key->p, in+1,
+ in+1+ED25519_PUB_KEY_SIZE, ED25519_PUB_KEY_SIZE);
return ret;
}
/* if not specified compressed or uncompressed check key size
if key size is equal to compressed key size copy in key */
- if (inLen == keySz) {
- XMEMCPY(key->p, in, keySz);
+ if (inLen == ED25519_PUB_KEY_SIZE) {
+ XMEMCPY(key->p, in, ED25519_PUB_KEY_SIZE);
return 0;
}
@@ -939,76 +334,129 @@ int wc_ed25519_import_public(const byte* in, word32 inLen, ed25519_key* key)
int wc_ed25519_import_private_key(const byte* priv, word32 privSz,
const byte* pub, word32 pubSz, ed25519_key* key)
{
- word32 keySz;
int ret;
+ /* sanity check on arguments */
if (priv == NULL || pub == NULL || key == NULL)
return BAD_FUNC_ARG;
- keySz = wc_ed25519_size(key);
-
/* key size check */
- if (privSz < keySz || pubSz < keySz)
+ if (privSz < ED25519_KEY_SIZE || pubSz < ED25519_PUB_KEY_SIZE)
return BAD_FUNC_ARG;
- XMEMCPY(key->k, priv, keySz);
+ /* import public key */
ret = wc_ed25519_import_public(pub, pubSz, key);
- XMEMCPY((key->k + keySz), key->p, keySz);
+ if (ret != 0)
+ return ret;
+
+ /* make the private key (priv + pub) */
+ XMEMCPY(key->k, priv, ED25519_KEY_SIZE);
+ XMEMCPY(key->k + ED25519_KEY_SIZE, key->p, ED25519_PUB_KEY_SIZE);
return ret;
}
/*
- outLen should contain the size of out buffer when input. outLen is than set
- to the final output length.
- returns 0 on success
+ export private key only (secret part so 32 bytes)
+ outLen should contain the size of out buffer when input. outLen is than set
+ to the final output length.
+ returns 0 on success
*/
int wc_ed25519_export_private_only(ed25519_key* key, byte* out, word32* outLen)
{
- word32 keySz;
-
/* sanity checks on arguments */
if (key == NULL || out == NULL || outLen == NULL)
return BAD_FUNC_ARG;
- keySz = wc_ed25519_size(key);
- if (*outLen < keySz) {
- *outLen = keySz;
+ if (*outLen < ED25519_KEY_SIZE) {
+ *outLen = ED25519_KEY_SIZE;
return BUFFER_E;
}
- *outLen = keySz;
- XMEMCPY(out, key->k, keySz);
+
+ *outLen = ED25519_KEY_SIZE;
+ XMEMCPY(out, key->k, ED25519_KEY_SIZE);
return 0;
}
+/*
+ export private key, including public part
+ outLen should contain the size of out buffer when input. outLen is than set
+ to the final output length.
+ returns 0 on success
+ */
+int wc_ed25519_export_private(ed25519_key* key, byte* out, word32* outLen)
+{
+ /* sanity checks on arguments */
+ if (key == NULL || out == NULL || outLen == NULL)
+ return BAD_FUNC_ARG;
-/* is the compressed key size in bytes */
+ if (*outLen < ED25519_PRV_KEY_SIZE) {
+ *outLen = ED25519_PRV_KEY_SIZE;
+ return BUFFER_E;
+ }
+
+ *outLen = ED25519_PRV_KEY_SIZE;
+ XMEMCPY(out, key->k, ED25519_PRV_KEY_SIZE);
+
+ return 0;
+}
+
+/* export full private key and public key
+ return 0 on success
+ */
+int wc_ed25519_export_key(ed25519_key* key,
+ byte* priv, word32 *privSz,
+ byte* pub, word32 *pubSz)
+{
+ int ret;
+
+ /* export 'full' private part */
+ ret = wc_ed25519_export_private(key, priv, privSz);
+ if (ret != 0)
+ return ret;
+
+ /* export public part */
+ ret = wc_ed25519_export_public(key, pub, pubSz);
+
+ return ret;
+}
+
+/* returns the private key size (secret only) in bytes */
int wc_ed25519_size(ed25519_key* key)
{
- word32 keySz;
-
if (key == NULL)
return BAD_FUNC_ARG;
- keySz = ED25519_KEY_SIZE;
-
- return keySz;
+ return ED25519_KEY_SIZE;
}
+/* returns the private key size (secret + public) in bytes */
+int wc_ed25519_priv_size(ed25519_key* key)
+{
+ if (key == NULL)
+ return BAD_FUNC_ARG;
+
+ return ED25519_PRV_KEY_SIZE;
+}
+
+/* returns the compressed key size in bytes (public key) */
+int wc_ed25519_pub_size(ed25519_key* key)
+{
+ if (key == NULL)
+ return BAD_FUNC_ARG;
+
+ return ED25519_PUB_KEY_SIZE;
+}
/* returns the size of signature in bytes */
int wc_ed25519_sig_size(ed25519_key* key)
{
- word32 sigSz;
-
if (key == NULL)
return BAD_FUNC_ARG;
- sigSz = ED25519_SIG_SIZE;
-
- return sigSz;
+ return ED25519_SIG_SIZE;
}
#endif /* HAVE_ED25519 */
diff --git a/wolfcrypt/src/error.c b/wolfcrypt/src/error.c
index 48da1ba40..37b78422a 100644
--- a/wolfcrypt/src/error.c
+++ b/wolfcrypt/src/error.c
@@ -319,6 +319,24 @@ const char* wc_GetErrorString(int error)
case MAC_CMP_FAILED_E:
return "MAC comparison failed";
+ case IS_POINT_E:
+ return "ECC is point on curve failed";
+
+ case ECC_INF_E:
+ return " ECC point at infinity error";
+
+ case ECC_PRIV_KEY_E:
+ return " ECC private key is not valid error";
+
+ case SRP_CALL_ORDER_E:
+ return "SRP function called in the wrong order error";
+
+ case SRP_VERIFY_E:
+ return "SRP proof verification error";
+
+ case SRP_BAD_KEY_E:
+ return "SRP bad key values error";
+
default:
return "unknown error number";
diff --git a/wolfcrypt/src/fe_low_mem.c b/wolfcrypt/src/fe_low_mem.c
new file mode 100644
index 000000000..2dc914c81
--- /dev/null
+++ b/wolfcrypt/src/fe_low_mem.c
@@ -0,0 +1,597 @@
+/* fe_low_mem.c
+ *
+ * Copyright (C) 2006-2015 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL. (formerly known as CyaSSL)
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+/* Based from Daniel Beer's public domain word. */
+
+#ifdef HAVE_CONFIG_H
+ #include
+#endif
+
+#include
+
+#if defined(CURVED25519_SMALL) /* use slower code that takes less memory */
+#if defined(HAVE_ED25519) || defined(HAVE_CURVE25519)
+
+#include
+
+#ifdef NO_INLINE
+ #include
+#else
+ #include
+#endif
+
+
+void fprime_copy(byte *x, const byte *a)
+{
+ int i;
+ for (i = 0; i < F25519_SIZE; i++)
+ x[i] = a[i];
+}
+
+
+void fe_copy(fe x, const fe a)
+{
+ int i;
+ for (i = 0; i < F25519_SIZE; i++)
+ x[i] = a[i];
+}
+
+
+/* Double an X-coordinate */
+static void xc_double(byte *x3, byte *z3,
+ const byte *x1, const byte *z1)
+{
+ /* Explicit formulas database: dbl-1987-m
+ *
+ * source 1987 Montgomery "Speeding the Pollard and elliptic
+ * curve methods of factorization", page 261, fourth display
+ * compute X3 = (X1^2-Z1^2)^2
+ * compute Z3 = 4 X1 Z1 (X1^2 + a X1 Z1 + Z1^2)
+ */
+ byte x1sq[F25519_SIZE];
+ byte z1sq[F25519_SIZE];
+ byte x1z1[F25519_SIZE];
+ byte a[F25519_SIZE];
+
+ fe_mul__distinct(x1sq, x1, x1);
+ fe_mul__distinct(z1sq, z1, z1);
+ fe_mul__distinct(x1z1, x1, z1);
+
+ fe_sub(a, x1sq, z1sq);
+ fe_mul__distinct(x3, a, a);
+
+ fe_mul_c(a, x1z1, 486662);
+ fe_add(a, x1sq, a);
+ fe_add(a, z1sq, a);
+ fe_mul__distinct(x1sq, x1z1, a);
+ fe_mul_c(z3, x1sq, 4);
+}
+
+
+/* Differential addition */
+static void xc_diffadd(byte *x5, byte *z5,
+ const byte *x1, const byte *z1,
+ const byte *x2, const byte *z2,
+ const byte *x3, const byte *z3)
+{
+ /* Explicit formulas database: dbl-1987-m3
+ *
+ * source 1987 Montgomery "Speeding the Pollard and elliptic curve
+ * methods of factorization", page 261, fifth display, plus
+ * common-subexpression elimination
+ * compute A = X2+Z2
+ * compute B = X2-Z2
+ * compute C = X3+Z3
+ * compute D = X3-Z3
+ * compute DA = D A
+ * compute CB = C B
+ * compute X5 = Z1(DA+CB)^2
+ * compute Z5 = X1(DA-CB)^2
+ */
+ byte da[F25519_SIZE];
+ byte cb[F25519_SIZE];
+ byte a[F25519_SIZE];
+ byte b[F25519_SIZE];
+
+ fe_add(a, x2, z2);
+ fe_sub(b, x3, z3); /* D */
+ fe_mul__distinct(da, a, b);
+
+ fe_sub(b, x2, z2);
+ fe_add(a, x3, z3); /* C */
+ fe_mul__distinct(cb, a, b);
+
+ fe_add(a, da, cb);
+ fe_mul__distinct(b, a, a);
+ fe_mul__distinct(x5, z1, b);
+
+ fe_sub(a, da, cb);
+ fe_mul__distinct(b, a, a);
+ fe_mul__distinct(z5, x1, b);
+}
+
+
+int curve25519(byte *result, byte *e, byte *q)
+{
+ /* Current point: P_m */
+ byte xm[F25519_SIZE];
+ byte zm[F25519_SIZE] = {1};
+
+ /* Predecessor: P_(m-1) */
+ byte xm1[F25519_SIZE] = {1};
+ byte zm1[F25519_SIZE] = {0};
+
+ int i;
+
+ /* Note: bit 254 is assumed to be 1 */
+ fe_copy(xm, q);
+
+ for (i = 253; i >= 0; i--) {
+ const int bit = (e[i >> 3] >> (i & 7)) & 1;
+ byte xms[F25519_SIZE];
+ byte zms[F25519_SIZE];
+
+ /* From P_m and P_(m-1), compute P_(2m) and P_(2m-1) */
+ xc_diffadd(xm1, zm1, q, f25519_one, xm, zm, xm1, zm1);
+ xc_double(xm, zm, xm, zm);
+
+ /* Compute P_(2m+1) */
+ xc_diffadd(xms, zms, xm1, zm1, xm, zm, q, f25519_one);
+
+ /* Select:
+ * bit = 1 --> (P_(2m+1), P_(2m))
+ * bit = 0 --> (P_(2m), P_(2m-1))
+ */
+ fe_select(xm1, xm1, xm, bit);
+ fe_select(zm1, zm1, zm, bit);
+ fe_select(xm, xm, xms, bit);
+ fe_select(zm, zm, zms, bit);
+ }
+
+ /* Freeze out of projective coordinates */
+ fe_inv__distinct(zm1, zm);
+ fe_mul__distinct(result, zm1, xm);
+ fe_normalize(result);
+ return 0;
+}
+
+
+static void raw_add(byte *x, const byte *p)
+{
+ word16 c = 0;
+ int i;
+
+ for (i = 0; i < F25519_SIZE; i++) {
+ c += ((word16)x[i]) + ((word16)p[i]);
+ x[i] = c;
+ c >>= 8;
+ }
+}
+
+
+static void raw_try_sub(byte *x, const byte *p)
+{
+ byte minusp[F25519_SIZE];
+ word16 c = 0;
+ int i;
+
+ for (i = 0; i < F25519_SIZE; i++) {
+ c = ((word16)x[i]) - ((word16)p[i]) - c;
+ minusp[i] = c;
+ c = (c >> 8) & 1;
+ }
+
+ fprime_select(x, minusp, x, c);
+}
+
+
+static int prime_msb(const byte *p)
+{
+ int i;
+ byte x;
+ int shift = 1;
+ int z = F25519_SIZE - 1;
+
+ /*
+ Test for any hot bits.
+ As soon as one instance is incountered set shift to 0.
+ */
+ for (i = F25519_SIZE - 1; i >= 0; i--) {
+ shift &= ((shift ^ ((-p[i] | p[i]) >> 7)) & 1);
+ z -= shift;
+ }
+ x = p[z];
+ z <<= 3;
+ shift = 1;
+ for (i = 0; i < 8; i++) {
+ shift &= ((-(x >> i) | (x >> i)) >> (7 - i) & 1);
+ z += shift;
+ }
+
+ return z - 1;
+}
+
+
+void fprime_select(byte *dst, const byte *zero, const byte *one, byte condition)
+{
+ const byte mask = -condition;
+ int i;
+
+ for (i = 0; i < F25519_SIZE; i++)
+ dst[i] = zero[i] ^ (mask & (one[i] ^ zero[i]));
+}
+
+
+void fprime_add(byte *r, const byte *a, const byte *modulus)
+{
+ raw_add(r, a);
+ raw_try_sub(r, modulus);
+}
+
+
+void fprime_sub(byte *r, const byte *a, const byte *modulus)
+{
+ raw_add(r, modulus);
+ raw_try_sub(r, a);
+ raw_try_sub(r, modulus);
+}
+
+
+void fprime_mul(byte *r, const byte *a, const byte *b,
+ const byte *modulus)
+{
+ word16 c = 0;
+ int i,j;
+
+ XMEMSET(r, 0, F25519_SIZE);
+
+ for (i = prime_msb(modulus); i >= 0; i--) {
+ const byte bit = (b[i >> 3] >> (i & 7)) & 1;
+ byte plusa[F25519_SIZE];
+
+ for (j = 0; j < F25519_SIZE; j++) {
+ c |= ((word16)r[j]) << 1;
+ r[j] = c;
+ c >>= 8;
+ }
+ raw_try_sub(r, modulus);
+
+ fprime_copy(plusa, r);
+ fprime_add(plusa, a, modulus);
+
+ fprime_select(r, r, plusa, bit);
+ }
+}
+
+
+void fe_load(byte *x, word32 c)
+{
+ word32 i;
+
+ for (i = 0; i < sizeof(c); i++) {
+ x[i] = c;
+ c >>= 8;
+ }
+
+ for (; i < F25519_SIZE; i++)
+ x[i] = 0;
+}
+
+
+void fe_normalize(byte *x)
+{
+ byte minusp[F25519_SIZE];
+ word16 c;
+ int i;
+
+ /* Reduce using 2^255 = 19 mod p */
+ c = (x[31] >> 7) * 19;
+ x[31] &= 127;
+
+ for (i = 0; i < F25519_SIZE; i++) {
+ c += x[i];
+ x[i] = c;
+ c >>= 8;
+ }
+
+ /* The number is now less than 2^255 + 18, and therefore less than
+ * 2p. Try subtracting p, and conditionally load the subtracted
+ * value if underflow did not occur.
+ */
+ c = 19;
+
+ for (i = 0; i + 1 < F25519_SIZE; i++) {
+ c += x[i];
+ minusp[i] = c;
+ c >>= 8;
+ }
+
+ c += ((word16)x[i]) - 128;
+ minusp[31] = c;
+
+ /* Load x-p if no underflow */
+ fe_select(x, minusp, x, (c >> 15) & 1);
+}
+
+
+void fe_select(byte *dst,
+ const byte *zero, const byte *one,
+ byte condition)
+{
+ const byte mask = -condition;
+ int i;
+
+ for (i = 0; i < F25519_SIZE; i++)
+ dst[i] = zero[i] ^ (mask & (one[i] ^ zero[i]));
+}
+
+
+void fe_add(fe r, const fe a, const fe b)
+{
+ word16 c = 0;
+ int i;
+
+ /* Add */
+ for (i = 0; i < F25519_SIZE; i++) {
+ c >>= 8;
+ c += ((word16)a[i]) + ((word16)b[i]);
+ r[i] = c;
+ }
+
+ /* Reduce with 2^255 = 19 mod p */
+ r[31] &= 127;
+ c = (c >> 7) * 19;
+
+ for (i = 0; i < F25519_SIZE; i++) {
+ c += r[i];
+ r[i] = c;
+ c >>= 8;
+ }
+}
+
+
+void fe_sub(fe r, const fe a, const fe b)
+{
+ word32 c = 0;
+ int i;
+
+ /* Calculate a + 2p - b, to avoid underflow */
+ c = 218;
+ for (i = 0; i + 1 < F25519_SIZE; i++) {
+ c += 65280 + ((word32)a[i]) - ((word32)b[i]);
+ r[i] = c;
+ c >>= 8;
+ }
+
+ c += ((word32)a[31]) - ((word32)b[31]);
+ r[31] = c & 127;
+ c = (c >> 7) * 19;
+
+ for (i = 0; i < F25519_SIZE; i++) {
+ c += r[i];
+ r[i] = c;
+ c >>= 8;
+ }
+}
+
+
+void fe_neg(fe r, const fe a)
+{
+ word32 c = 0;
+ int i;
+
+ /* Calculate 2p - a, to avoid underflow */
+ c = 218;
+ for (i = 0; i + 1 < F25519_SIZE; i++) {
+ c += 65280 - ((word32)a[i]);
+ r[i] = c;
+ c >>= 8;
+ }
+
+ c -= ((word32)a[31]);
+ r[31] = c & 127;
+ c = (c >> 7) * 19;
+
+ for (i = 0; i < F25519_SIZE; i++) {
+ c += r[i];
+ r[i] = c;
+ c >>= 8;
+ }
+}
+
+
+void fe_mul__distinct(byte *r, const byte *a, const byte *b)
+{
+ word32 c = 0;
+ int i;
+
+ for (i = 0; i < F25519_SIZE; i++) {
+ int j;
+
+ c >>= 8;
+ for (j = 0; j <= i; j++)
+ c += ((word32)a[j]) * ((word32)b[i - j]);
+
+ for (; j < F25519_SIZE; j++)
+ c += ((word32)a[j]) *
+ ((word32)b[i + F25519_SIZE - j]) * 38;
+
+ r[i] = c;
+ }
+
+ r[31] &= 127;
+ c = (c >> 7) * 19;
+
+ for (i = 0; i < F25519_SIZE; i++) {
+ c += r[i];
+ r[i] = c;
+ c >>= 8;
+ }
+}
+
+
+void fe_mul(fe r, const fe a, const fe b)
+{
+ byte tmp[F25519_SIZE];
+
+ fe_mul__distinct(tmp, a, b);
+ fe_copy(r, tmp);
+}
+
+
+void fe_mul_c(byte *r, const byte *a, word32 b)
+{
+ word32 c = 0;
+ int i;
+
+ for (i = 0; i < F25519_SIZE; i++) {
+ c >>= 8;
+ c += b * ((word32)a[i]);
+ r[i] = c;
+ }
+
+ r[31] &= 127;
+ c >>= 7;
+ c *= 19;
+
+ for (i = 0; i < F25519_SIZE; i++) {
+ c += r[i];
+ r[i] = c;
+ c >>= 8;
+ }
+}
+
+
+void fe_inv__distinct(byte *r, const byte *x)
+{
+ byte s[F25519_SIZE];
+ int i;
+
+ /* This is a prime field, so by Fermat's little theorem:
+ *
+ * x^(p-1) = 1 mod p
+ *
+ * Therefore, raise to (p-2) = 2^255-21 to get a multiplicative
+ * inverse.
+ *
+ * This is a 255-bit binary number with the digits:
+ *
+ * 11111111... 01011
+ *
+ * We compute the result by the usual binary chain, but
+ * alternate between keeping the accumulator in r and s, so as
+ * to avoid copying temporaries.
+ */
+
+ /* 1 1 */
+ fe_mul__distinct(s, x, x);
+ fe_mul__distinct(r, s, x);
+
+ /* 1 x 248 */
+ for (i = 0; i < 248; i++) {
+ fe_mul__distinct(s, r, r);
+ fe_mul__distinct(r, s, x);
+ }
+
+ /* 0 */
+ fe_mul__distinct(s, r, r);
+
+ /* 1 */
+ fe_mul__distinct(r, s, s);
+ fe_mul__distinct(s, r, x);
+
+ /* 0 */
+ fe_mul__distinct(r, s, s);
+
+ /* 1 */
+ fe_mul__distinct(s, r, r);
+ fe_mul__distinct(r, s, x);
+
+ /* 1 */
+ fe_mul__distinct(s, r, r);
+ fe_mul__distinct(r, s, x);
+}
+
+
+void fe_invert(fe r, const fe x)
+{
+ byte tmp[F25519_SIZE];
+
+ fe_inv__distinct(tmp, x);
+ fe_copy(r, tmp);
+}
+
+
+/* Raise x to the power of (p-5)/8 = 2^252-3, using s for temporary
+ * storage.
+ */
+static void exp2523(byte *r, const byte *x, byte *s)
+{
+ int i;
+
+ /* This number is a 252-bit number with the binary expansion:
+ *
+ * 111111... 01
+ */
+
+ /* 1 1 */
+ fe_mul__distinct(r, x, x);
+ fe_mul__distinct(s, r, x);
+
+ /* 1 x 248 */
+ for (i = 0; i < 248; i++) {
+ fe_mul__distinct(r, s, s);
+ fe_mul__distinct(s, r, x);
+ }
+
+ /* 0 */
+ fe_mul__distinct(r, s, s);
+
+ /* 1 */
+ fe_mul__distinct(s, r, r);
+ fe_mul__distinct(r, s, x);
+}
+
+
+void fe_sqrt(byte *r, const byte *a)
+{
+ byte v[F25519_SIZE];
+ byte i[F25519_SIZE];
+ byte x[F25519_SIZE];
+ byte y[F25519_SIZE];
+
+ /* v = (2a)^((p-5)/8) [x = 2a] */
+ fe_mul_c(x, a, 2);
+ exp2523(v, x, y);
+
+ /* i = 2av^2 - 1 */
+ fe_mul__distinct(y, v, v);
+ fe_mul__distinct(i, x, y);
+ fe_load(y, 1);
+ fe_sub(i, i, y);
+
+ /* r = avi */
+ fe_mul__distinct(x, v, a);
+ fe_mul__distinct(r, x, i);
+}
+
+#endif /* HAVE_CURVE25519 or HAVE_ED25519 */
+#endif /* CURVED25519_SMALL */
diff --git a/wolfcrypt/src/fe_operations.c b/wolfcrypt/src/fe_operations.c
index 5d50517cc..0908a755c 100644
--- a/wolfcrypt/src/fe_operations.c
+++ b/wolfcrypt/src/fe_operations.c
@@ -27,6 +27,7 @@
#include
+#ifndef CURVED25519_SMALL /* run when not defined to use small memory math */
#if defined(HAVE_ED25519) || defined(HAVE_CURVE25519)
#include
@@ -105,6 +106,83 @@ void fe_0(fe h)
}
+int curve25519(byte* q, byte* n, byte* p)
+{
+#if 0
+ unsigned char e[32];
+#endif
+ fe x1;
+ fe x2;
+ fe z2;
+ fe x3;
+ fe z3;
+ fe tmp0;
+ fe tmp1;
+ int pos;
+ unsigned int swap;
+ unsigned int b;
+
+ /* Clamp already done during key generation and import */
+#if 0
+ {
+ unsigned int i;
+ for (i = 0;i < 32;++i) e[i] = n[i];
+ e[0] &= 248;
+ e[31] &= 127;
+ e[31] |= 64;
+ }
+#endif
+
+ fe_frombytes(x1,p);
+ fe_1(x2);
+ fe_0(z2);
+ fe_copy(x3,x1);
+ fe_1(z3);
+
+ swap = 0;
+ for (pos = 254;pos >= 0;--pos) {
+#if 0
+ b = e[pos / 8] >> (pos & 7);
+#else
+ b = n[pos / 8] >> (pos & 7);
+#endif
+ b &= 1;
+ swap ^= b;
+ fe_cswap(x2,x3,swap);
+ fe_cswap(z2,z3,swap);
+ swap = b;
+
+ /* montgomery */
+ fe_sub(tmp0,x3,z3);
+ fe_sub(tmp1,x2,z2);
+ fe_add(x2,x2,z2);
+ fe_add(z2,x3,z3);
+ fe_mul(z3,tmp0,x2);
+ fe_mul(z2,z2,tmp1);
+ fe_sq(tmp0,tmp1);
+ fe_sq(tmp1,x2);
+ fe_add(x3,z3,z2);
+ fe_sub(z2,z3,z2);
+ fe_mul(x2,tmp1,tmp0);
+ fe_sub(tmp1,tmp1,tmp0);
+ fe_sq(z2,z2);
+ fe_mul121666(z3,tmp1);
+ fe_sq(x3,x3);
+ fe_add(tmp0,tmp0,z3);
+ fe_mul(z3,x1,z2);
+ fe_mul(z2,tmp1,tmp0);
+ }
+ fe_cswap(x2,x3,swap);
+ fe_cswap(z2,z3,swap);
+
+ fe_invert(z2,z2);
+ fe_mul(x2,x2,z2);
+ fe_tobytes(q,x2);
+
+ return 0;
+}
+
+
/*
h = f * f
Can overlap h with f.
@@ -1236,14 +1314,11 @@ void fe_neg(fe h,const fe f)
/*
-return 1 if f == 0
-return 0 if f != 0
-
Preconditions:
|f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
*/
-static const unsigned char zero[32];
+static const unsigned char zero[32] = {0};
int fe_isnonzero(const fe f)
{
@@ -1331,4 +1406,5 @@ void fe_cmov(fe f,const fe g,unsigned int b)
f[9] = f9 ^ x9;
}
#endif /* HAVE ED25519 or CURVE25519 */
+#endif /* not defined CURVED25519_SMALL */
diff --git a/wolfcrypt/src/ge_low_mem.c b/wolfcrypt/src/ge_low_mem.c
new file mode 100644
index 000000000..f8dba9266
--- /dev/null
+++ b/wolfcrypt/src/ge_low_mem.c
@@ -0,0 +1,560 @@
+/* ge_low_mem.c
+ *
+ * Copyright (C) 2006-2015 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL. (formerly known as CyaSSL)
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+ /* Based from Daniel Beer's public domain work. */
+
+#ifdef HAVE_CONFIG_H
+ #include
+#endif
+
+#include
+
+#if defined(CURVED25519_SMALL) /* use slower code that takes less memory */
+#if defined(HAVE_ED25519)
+
+#include
+#include
+#ifdef NO_INLINE
+ #include
+#else
+ #include
+#endif
+
+void ed25519_smult(ge_p3 *r, const ge_p3 *a, const byte *e);
+void ed25519_add(ge_p3 *r, const ge_p3 *a, const ge_p3 *b);
+void ed25519_double(ge_p3 *r, const ge_p3 *a);
+
+
+static const byte ed25519_order[F25519_SIZE] = {
+ 0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58,
+ 0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10
+};
+
+/*Arithmetic modulo the group order m = 2^252 +
+ 27742317777372353535851937790883648493 =
+ 7237005577332262213973186563042994240857116359379907606001950938285454250989 */
+
+static const word32 m[32] = {
+ 0xED,0xD3,0xF5,0x5C,0x1A,0x63,0x12,0x58,0xD6,0x9C,0xF7,0xA2,0xDE,0xF9,
+ 0xDE,0x14,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x10
+};
+
+static const word32 mu[33] = {
+ 0x1B,0x13,0x2C,0x0A,0xA3,0xE5,0x9C,0xED,0xA7,0x29,0x63,0x08,0x5D,0x21,
+ 0x06,0x21,0xEB,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+ 0xFF,0xFF,0xFF,0xFF,0x0F
+};
+
+
+int ge_compress_key(byte* out, const byte* xIn, const byte* yIn,
+ word32 keySz)
+{
+ byte tmp[F25519_SIZE];
+ byte parity;
+ byte pt[32];
+ int i;
+
+ fe_copy(tmp, xIn);
+ parity = (tmp[0] & 1) << 7;
+
+ fe_copy(pt, yIn);
+ pt[31] |= parity;
+
+ for(i = 0; i < 32; i++) {
+ out[32-i-1] = pt[i];
+ }
+ (void)keySz;
+ return 0;
+}
+
+
+static word32 lt(word32 a,word32 b) /* 16-bit inputs */
+{
+ unsigned int x = a;
+ x -= (unsigned int) b; /* 0..65535: no; 4294901761..4294967295: yes */
+ x >>= 31; /* 0: no; 1: yes */
+ return x;
+}
+
+
+/* Reduce coefficients of r before calling reduce_add_sub */
+static void reduce_add_sub(word32 *r)
+{
+ word32 pb = 0;
+ word32 b;
+ word32 mask;
+ int i;
+ unsigned char t[32];
+
+ for(i=0;i<32;i++)
+ {
+ pb += m[i];
+ b = lt(r[i],pb);
+ t[i] = r[i]-pb+(b<<8);
+ pb = b;
+ }
+ mask = b - 1;
+ for(i=0;i<32;i++)
+ r[i] ^= mask & (r[i] ^ t[i]);
+}
+
+
+/* Reduce coefficients of x before calling barrett_reduce */
+static void barrett_reduce(word32* r, word32 x[64])
+{
+ /* See HAC, Alg. 14.42 */
+ int i,j;
+ word32 q2[66];
+ word32 *q3 = q2 + 33;
+ word32 r1[33];
+ word32 r2[33];
+ word32 carry;
+ word32 pb = 0;
+ word32 b;
+
+ for (i = 0;i < 66;++i) q2[i] = 0;
+ for (i = 0;i < 33;++i) r2[i] = 0;
+
+ for(i=0;i<33;i++)
+ for(j=0;j<33;j++)
+ if(i+j >= 31) q2[i+j] += mu[i]*x[j+31];
+ carry = q2[31] >> 8;
+ q2[32] += carry;
+ carry = q2[32] >> 8;
+ q2[33] += carry;
+
+ for(i=0;i<33;i++)r1[i] = x[i];
+ for(i=0;i<32;i++)
+ for(j=0;j<33;j++)
+ if(i+j < 33) r2[i+j] += m[i]*q3[j];
+
+ for(i=0;i<32;i++)
+ {
+ carry = r2[i] >> 8;
+ r2[i+1] += carry;
+ r2[i] &= 0xff;
+ }
+
+ for(i=0;i<32;i++)
+ {
+ pb += r2[i];
+ b = lt(r1[i],pb);
+ r[i] = r1[i]-pb+(b<<8);
+ pb = b;
+ }
+
+ /* XXX: Can it really happen that r<0?, See HAC, Alg 14.42, Step 3
+ * r is an unsigned type.
+ * If so: Handle it here!
+ */
+
+ reduce_add_sub(r);
+ reduce_add_sub(r);
+}
+
+
+void sc_reduce(unsigned char x[64])
+{
+ int i;
+ word32 t[64];
+ word32 r[32];
+ for(i=0;i<64;i++) t[i] = x[i];
+ barrett_reduce(r, t);
+ for(i=0;i<32;i++) x[i] = (r[i] & 0xFF);
+}
+
+
+void sc_muladd(byte* out, const byte* a, const byte* b, const byte* c)
+{
+
+ byte s[32];
+ byte e[64];
+
+ XMEMSET(e, 0, sizeof(e));
+ XMEMCPY(e, b, 32);
+
+ /* Obtain e */
+ sc_reduce(e);
+
+ /* Compute s = ze + k */
+ fprime_mul(s, a, e, ed25519_order);
+ fprime_add(s, c, ed25519_order);
+
+ XMEMCPY(out, s, 32);
+}
+
+
+/* Base point is (numbers wrapped):
+ *
+ * x = 151122213495354007725011514095885315114
+ * 54012693041857206046113283949847762202
+ * y = 463168356949264781694283940034751631413
+ * 07993866256225615783033603165251855960
+ *
+ * y is derived by transforming the original Montgomery base (u=9). x
+ * is the corresponding positive coordinate for the new curve equation.
+ * t is x*y.
+ */
+const ge_p3 ed25519_base = {
+ .X = {
+ 0x1a, 0xd5, 0x25, 0x8f, 0x60, 0x2d, 0x56, 0xc9,
+ 0xb2, 0xa7, 0x25, 0x95, 0x60, 0xc7, 0x2c, 0x69,
+ 0x5c, 0xdc, 0xd6, 0xfd, 0x31, 0xe2, 0xa4, 0xc0,
+ 0xfe, 0x53, 0x6e, 0xcd, 0xd3, 0x36, 0x69, 0x21
+ },
+ .Y = {
+ 0x58, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66,
+ 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66,
+ 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66,
+ 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66
+ },
+ .T = {
+ 0xa3, 0xdd, 0xb7, 0xa5, 0xb3, 0x8a, 0xde, 0x6d,
+ 0xf5, 0x52, 0x51, 0x77, 0x80, 0x9f, 0xf0, 0x20,
+ 0x7d, 0xe3, 0xab, 0x64, 0x8e, 0x4e, 0xea, 0x66,
+ 0x65, 0x76, 0x8b, 0xd7, 0x0f, 0x5f, 0x87, 0x67
+ },
+ .Z = {1, 0}
+};
+
+
+const ge_p3 ed25519_neutral = {
+ .X = {0},
+ .Y = {1, 0},
+ .T = {0},
+ .Z = {1, 0}
+};
+
+
+static const byte ed25519_d[F25519_SIZE] = {
+ 0xa3, 0x78, 0x59, 0x13, 0xca, 0x4d, 0xeb, 0x75,
+ 0xab, 0xd8, 0x41, 0x41, 0x4d, 0x0a, 0x70, 0x00,
+ 0x98, 0xe8, 0x79, 0x77, 0x79, 0x40, 0xc7, 0x8c,
+ 0x73, 0xfe, 0x6f, 0x2b, 0xee, 0x6c, 0x03, 0x52
+};
+
+
+/* k = 2d */
+static const byte ed25519_k[F25519_SIZE] = {
+ 0x59, 0xf1, 0xb2, 0x26, 0x94, 0x9b, 0xd6, 0xeb,
+ 0x56, 0xb1, 0x83, 0x82, 0x9a, 0x14, 0xe0, 0x00,
+ 0x30, 0xd1, 0xf3, 0xee, 0xf2, 0x80, 0x8e, 0x19,
+ 0xe7, 0xfc, 0xdf, 0x56, 0xdc, 0xd9, 0x06, 0x24
+};
+
+
+void ed25519_add(ge_p3 *r,
+ const ge_p3 *p1, const ge_p3 *p2)
+{
+ /* Explicit formulas database: add-2008-hwcd-3
+ *
+ * source 2008 Hisil--Wong--Carter--Dawson,
+ * http://eprint.iacr.org/2008/522, Section 3.1
+ * appliesto extended-1
+ * parameter k
+ * assume k = 2 d
+ * compute A = (Y1-X1)(Y2-X2)
+ * compute B = (Y1+X1)(Y2+X2)
+ * compute C = T1 k T2
+ * compute D = Z1 2 Z2
+ * compute E = B - A
+ * compute F = D - C
+ * compute G = D + C
+ * compute H = B + A
+ * compute X3 = E F
+ * compute Y3 = G H
+ * compute T3 = E H
+ * compute Z3 = F G
+ */
+ byte a[F25519_SIZE];
+ byte b[F25519_SIZE];
+ byte c[F25519_SIZE];
+ byte d[F25519_SIZE];
+ byte e[F25519_SIZE];
+ byte f[F25519_SIZE];
+ byte g[F25519_SIZE];
+ byte h[F25519_SIZE];
+
+ /* A = (Y1-X1)(Y2-X2) */
+ fe_sub(c, p1->Y, p1->X);
+ fe_sub(d, p2->Y, p2->X);
+ fe_mul__distinct(a, c, d);
+
+ /* B = (Y1+X1)(Y2+X2) */
+ fe_add(c, p1->Y, p1->X);
+ fe_add(d, p2->Y, p2->X);
+ fe_mul__distinct(b, c, d);
+
+ /* C = T1 k T2 */
+ fe_mul__distinct(d, p1->T, p2->T);
+ fe_mul__distinct(c, d, ed25519_k);
+
+ /* D = Z1 2 Z2 */
+ fe_mul__distinct(d, p1->Z, p2->Z);
+ fe_add(d, d, d);
+
+ /* E = B - A */
+ fe_sub(e, b, a);
+
+ /* F = D - C */
+ fe_sub(f, d, c);
+
+ /* G = D + C */
+ fe_add(g, d, c);
+
+ /* H = B + A */
+ fe_add(h, b, a);
+
+ /* X3 = E F */
+ fe_mul__distinct(r->X, e, f);
+
+ /* Y3 = G H */
+ fe_mul__distinct(r->Y, g, h);
+
+ /* T3 = E H */
+ fe_mul__distinct(r->T, e, h);
+
+ /* Z3 = F G */
+ fe_mul__distinct(r->Z, f, g);
+}
+
+
+void ed25519_double(ge_p3 *r, const ge_p3 *p)
+{
+ /* Explicit formulas database: dbl-2008-hwcd
+ *
+ * source 2008 Hisil--Wong--Carter--Dawson,
+ * http://eprint.iacr.org/2008/522, Section 3.3
+ * compute A = X1^2
+ * compute B = Y1^2
+ * compute C = 2 Z1^2
+ * compute D = a A
+ * compute E = (X1+Y1)^2-A-B
+ * compute G = D + B
+ * compute F = G - C
+ * compute H = D - B
+ * compute X3 = E F
+ * compute Y3 = G H
+ * compute T3 = E H
+ * compute Z3 = F G
+ */
+ byte a[F25519_SIZE];
+ byte b[F25519_SIZE];
+ byte c[F25519_SIZE];
+ byte e[F25519_SIZE];
+ byte f[F25519_SIZE];
+ byte g[F25519_SIZE];
+ byte h[F25519_SIZE];
+
+ /* A = X1^2 */
+ fe_mul__distinct(a, p->X, p->X);
+
+ /* B = Y1^2 */
+ fe_mul__distinct(b, p->Y, p->Y);
+
+ /* C = 2 Z1^2 */
+ fe_mul__distinct(c, p->Z, p->Z);
+ fe_add(c, c, c);
+
+ /* D = a A (alter sign) */
+ /* E = (X1+Y1)^2-A-B */
+ fe_add(f, p->X, p->Y);
+ fe_mul__distinct(e, f, f);
+ fe_sub(e, e, a);
+ fe_sub(e, e, b);
+
+ /* G = D + B */
+ fe_sub(g, b, a);
+
+ /* F = G - C */
+ fe_sub(f, g, c);
+
+ /* H = D - B */
+ fe_neg(h, b);
+ fe_sub(h, h, a);
+
+ /* X3 = E F */
+ fe_mul__distinct(r->X, e, f);
+
+ /* Y3 = G H */
+ fe_mul__distinct(r->Y, g, h);
+
+ /* T3 = E H */
+ fe_mul__distinct(r->T, e, h);
+
+ /* Z3 = F G */
+ fe_mul__distinct(r->Z, f, g);
+}
+
+
+void ed25519_smult(ge_p3 *r_out, const ge_p3 *p, const byte *e)
+{
+ ge_p3 r;
+ int i;
+
+ XMEMCPY(&r, &ed25519_neutral, sizeof(r));
+
+ for (i = 255; i >= 0; i--) {
+ const byte bit = (e[i >> 3] >> (i & 7)) & 1;
+ ge_p3 s;
+
+ ed25519_double(&r, &r);
+ ed25519_add(&s, &r, p);
+
+ fe_select(r.X, r.X, s.X, bit);
+ fe_select(r.Y, r.Y, s.Y, bit);
+ fe_select(r.Z, r.Z, s.Z, bit);
+ fe_select(r.T, r.T, s.T, bit);
+ }
+ XMEMCPY(r_out, &r, sizeof(r));
+}
+
+
+void ge_scalarmult_base(ge_p3 *R,const unsigned char *nonce)
+{
+ ed25519_smult(R, &ed25519_base, nonce);
+}
+
+
+/* pack the point h into array s */
+void ge_p3_tobytes(unsigned char *s,const ge_p3 *h)
+{
+ byte x[F25519_SIZE];
+ byte y[F25519_SIZE];
+ byte z1[F25519_SIZE];
+ byte parity;
+
+ fe_inv__distinct(z1, h->Z);
+ fe_mul__distinct(x, h->X, z1);
+ fe_mul__distinct(y, h->Y, z1);
+
+ fe_normalize(x);
+ fe_normalize(y);
+
+ parity = (x[0] & 1) << 7;
+ fe_copy(s, y);
+ fe_normalize(s);
+ s[31] |= parity;
+}
+
+
+/* pack the point h into array s */
+void ge_tobytes(unsigned char *s,const ge_p2 *h)
+{
+ byte x[F25519_SIZE];
+ byte y[F25519_SIZE];
+ byte z1[F25519_SIZE];
+ byte parity;
+
+ fe_inv__distinct(z1, h->Z);
+ fe_mul__distinct(x, h->X, z1);
+ fe_mul__distinct(y, h->Y, z1);
+
+ fe_normalize(x);
+ fe_normalize(y);
+
+ parity = (x[0] & 1) << 7;
+ fe_copy(s, y);
+ fe_normalize(s);
+ s[31] |= parity;
+}
+
+
+/*
+ Test if the public key can be uncommpressed and negate it (-X,Y,Z,-T)
+ return 0 on success
+ */
+int ge_frombytes_negate_vartime(ge_p3 *p,const unsigned char *s)
+{
+
+ byte parity;
+ byte x[F25519_SIZE];
+ byte y[F25519_SIZE];
+ byte a[F25519_SIZE];
+ byte b[F25519_SIZE];
+ byte c[F25519_SIZE];
+ int ret = 0;
+
+ /* unpack the key s */
+ parity = s[31] >> 7;
+ fe_copy(y, s);
+ y[31] &= 127;
+
+ fe_mul__distinct(c, y, y);
+ fe_mul__distinct(b, c, ed25519_d);
+ fe_add(a, b, f25519_one);
+ fe_inv__distinct(b, a);
+ fe_sub(a, c, f25519_one);
+ fe_mul__distinct(c, a, b);
+ fe_sqrt(a, c);
+ fe_neg(b, a);
+ fe_select(x, a, b, (a[0] ^ parity) & 1);
+
+ /* test that x^2 is equal to c */
+ fe_mul__distinct(a, x, x);
+ fe_normalize(a);
+ fe_normalize(c);
+ ret |= ConstantCompare(a, c, F25519_SIZE);
+
+ /* project the key s onto p */
+ fe_copy(p->X, x);
+ fe_copy(p->Y, y);
+ fe_load(p->Z, 1);
+ fe_mul__distinct(p->T, x, y);
+
+ /* negate, the point becomes (-X,Y,Z,-T) */
+ fe_neg(p->X,p->X);
+ fe_neg(p->T,p->T);
+
+ return ret;
+}
+
+
+int ge_double_scalarmult_vartime(ge_p2* R, const unsigned char *h,
+ const ge_p3 *inA,const unsigned char *sig)
+{
+ ge_p3 p, A;
+ int ret = 0;
+
+ XMEMCPY(&A, inA, sizeof(ge_p3));
+
+ /* find SB */
+ ed25519_smult(&p, &ed25519_base, sig);
+
+ /* find H(R,A,M) * -A */
+ ed25519_smult(&A, &A, h);
+
+ /* SB + -H(R,A,M)A */
+ ed25519_add(&A, &p, &A);
+
+ fe_copy(R->X, A.X);
+ fe_copy(R->Y, A.Y);
+ fe_copy(R->Z, A.Z);
+
+ return ret;
+}
+
+#endif /* HAVE_ED25519 */
+#endif /* CURVED25519_SMALL */
+
diff --git a/wolfcrypt/src/ge_operations.c b/wolfcrypt/src/ge_operations.c
index 2a4885ae8..259b5b144 100644
--- a/wolfcrypt/src/ge_operations.c
+++ b/wolfcrypt/src/ge_operations.c
@@ -28,6 +28,7 @@
#include
+#ifndef CURVED25519_SMALL /* run when not defined to use small memory math */
#ifdef HAVE_ED25519
#include
@@ -51,12 +52,670 @@ Representations:
ge_p1p1 (completed): ((X:Z),(Y:T)) satisfying x=X/Z, y=Y/T
ge_precomp (Duif): (y+x,y-x,2dxy)
*/
+
+
/*
+Input:
+ s[0]+256*s[1]+...+256^63*s[63] = s
+
+Output:
+ s[0]+256*s[1]+...+256^31*s[31] = s mod l
+ where l = 2^252 + 27742317777372353535851937790883648493.
+ Overwrites s in place.
+*/
+void sc_reduce(byte* s)
+{
+ int64_t s0 = 2097151 & load_3(s);
+ int64_t s1 = 2097151 & (load_4(s + 2) >> 5);
+ int64_t s2 = 2097151 & (load_3(s + 5) >> 2);
+ int64_t s3 = 2097151 & (load_4(s + 7) >> 7);
+ int64_t s4 = 2097151 & (load_4(s + 10) >> 4);
+ int64_t s5 = 2097151 & (load_3(s + 13) >> 1);
+ int64_t s6 = 2097151 & (load_4(s + 15) >> 6);
+ int64_t s7 = 2097151 & (load_3(s + 18) >> 3);
+ int64_t s8 = 2097151 & load_3(s + 21);
+ int64_t s9 = 2097151 & (load_4(s + 23) >> 5);
+ int64_t s10 = 2097151 & (load_3(s + 26) >> 2);
+ int64_t s11 = 2097151 & (load_4(s + 28) >> 7);
+ int64_t s12 = 2097151 & (load_4(s + 31) >> 4);
+ int64_t s13 = 2097151 & (load_3(s + 34) >> 1);
+ int64_t s14 = 2097151 & (load_4(s + 36) >> 6);
+ int64_t s15 = 2097151 & (load_3(s + 39) >> 3);
+ int64_t s16 = 2097151 & load_3(s + 42);
+ int64_t s17 = 2097151 & (load_4(s + 44) >> 5);
+ int64_t s18 = 2097151 & (load_3(s + 47) >> 2);
+ int64_t s19 = 2097151 & (load_4(s + 49) >> 7);
+ int64_t s20 = 2097151 & (load_4(s + 52) >> 4);
+ int64_t s21 = 2097151 & (load_3(s + 55) >> 1);
+ int64_t s22 = 2097151 & (load_4(s + 57) >> 6);
+ int64_t s23 = (load_4(s + 60) >> 3);
+ int64_t carry0;
+ int64_t carry1;
+ int64_t carry2;
+ int64_t carry3;
+ int64_t carry4;
+ int64_t carry5;
+ int64_t carry6;
+ int64_t carry7;
+ int64_t carry8;
+ int64_t carry9;
+ int64_t carry10;
+ int64_t carry11;
+ int64_t carry12;
+ int64_t carry13;
+ int64_t carry14;
+ int64_t carry15;
+ int64_t carry16;
+
+ s11 += s23 * 666643;
+ s12 += s23 * 470296;
+ s13 += s23 * 654183;
+ s14 -= s23 * 997805;
+ s15 += s23 * 136657;
+ s16 -= s23 * 683901;
+ s23 = 0;
+
+ s10 += s22 * 666643;
+ s11 += s22 * 470296;
+ s12 += s22 * 654183;
+ s13 -= s22 * 997805;
+ s14 += s22 * 136657;
+ s15 -= s22 * 683901;
+ s22 = 0;
+
+ s9 += s21 * 666643;
+ s10 += s21 * 470296;
+ s11 += s21 * 654183;
+ s12 -= s21 * 997805;
+ s13 += s21 * 136657;
+ s14 -= s21 * 683901;
+ s21 = 0;
+
+ s8 += s20 * 666643;
+ s9 += s20 * 470296;
+ s10 += s20 * 654183;
+ s11 -= s20 * 997805;
+ s12 += s20 * 136657;
+ s13 -= s20 * 683901;
+ s20 = 0;
+
+ s7 += s19 * 666643;
+ s8 += s19 * 470296;
+ s9 += s19 * 654183;
+ s10 -= s19 * 997805;
+ s11 += s19 * 136657;
+ s12 -= s19 * 683901;
+ s19 = 0;
+
+ s6 += s18 * 666643;
+ s7 += s18 * 470296;
+ s8 += s18 * 654183;
+ s9 -= s18 * 997805;
+ s10 += s18 * 136657;
+ s11 -= s18 * 683901;
+ s18 = 0;
+
+ carry6 = (s6 + (1<<20)) >> 21; s7 += carry6; s6 -= carry6 << 21;
+ carry8 = (s8 + (1<<20)) >> 21; s9 += carry8; s8 -= carry8 << 21;
+ carry10 = (s10 + (1<<20)) >> 21; s11 += carry10; s10 -= carry10 << 21;
+ carry12 = (s12 + (1<<20)) >> 21; s13 += carry12; s12 -= carry12 << 21;
+ carry14 = (s14 + (1<<20)) >> 21; s15 += carry14; s14 -= carry14 << 21;
+ carry16 = (s16 + (1<<20)) >> 21; s17 += carry16; s16 -= carry16 << 21;
+
+ carry7 = (s7 + (1<<20)) >> 21; s8 += carry7; s7 -= carry7 << 21;
+ carry9 = (s9 + (1<<20)) >> 21; s10 += carry9; s9 -= carry9 << 21;
+ carry11 = (s11 + (1<<20)) >> 21; s12 += carry11; s11 -= carry11 << 21;
+ carry13 = (s13 + (1<<20)) >> 21; s14 += carry13; s13 -= carry13 << 21;
+ carry15 = (s15 + (1<<20)) >> 21; s16 += carry15; s15 -= carry15 << 21;
+
+ s5 += s17 * 666643;
+ s6 += s17 * 470296;
+ s7 += s17 * 654183;
+ s8 -= s17 * 997805;
+ s9 += s17 * 136657;
+ s10 -= s17 * 683901;
+ s17 = 0;
+
+ s4 += s16 * 666643;
+ s5 += s16 * 470296;
+ s6 += s16 * 654183;
+ s7 -= s16 * 997805;
+ s8 += s16 * 136657;
+ s9 -= s16 * 683901;
+ s16 = 0;
+
+ s3 += s15 * 666643;
+ s4 += s15 * 470296;
+ s5 += s15 * 654183;
+ s6 -= s15 * 997805;
+ s7 += s15 * 136657;
+ s8 -= s15 * 683901;
+ s15 = 0;
+
+ s2 += s14 * 666643;
+ s3 += s14 * 470296;
+ s4 += s14 * 654183;
+ s5 -= s14 * 997805;
+ s6 += s14 * 136657;
+ s7 -= s14 * 683901;
+ s14 = 0;
+
+ s1 += s13 * 666643;
+ s2 += s13 * 470296;
+ s3 += s13 * 654183;
+ s4 -= s13 * 997805;
+ s5 += s13 * 136657;
+ s6 -= s13 * 683901;
+ s13 = 0;
+
+ s0 += s12 * 666643;
+ s1 += s12 * 470296;
+ s2 += s12 * 654183;
+ s3 -= s12 * 997805;
+ s4 += s12 * 136657;
+ s5 -= s12 * 683901;
+ s12 = 0;
+
+ carry0 = (s0 + (1<<20)) >> 21; s1 += carry0; s0 -= carry0 << 21;
+ carry2 = (s2 + (1<<20)) >> 21; s3 += carry2; s2 -= carry2 << 21;
+ carry4 = (s4 + (1<<20)) >> 21; s5 += carry4; s4 -= carry4 << 21;
+ carry6 = (s6 + (1<<20)) >> 21; s7 += carry6; s6 -= carry6 << 21;
+ carry8 = (s8 + (1<<20)) >> 21; s9 += carry8; s8 -= carry8 << 21;
+ carry10 = (s10 + (1<<20)) >> 21; s11 += carry10; s10 -= carry10 << 21;
+
+ carry1 = (s1 + (1<<20)) >> 21; s2 += carry1; s1 -= carry1 << 21;
+ carry3 = (s3 + (1<<20)) >> 21; s4 += carry3; s3 -= carry3 << 21;
+ carry5 = (s5 + (1<<20)) >> 21; s6 += carry5; s5 -= carry5 << 21;
+ carry7 = (s7 + (1<<20)) >> 21; s8 += carry7; s7 -= carry7 << 21;
+ carry9 = (s9 + (1<<20)) >> 21; s10 += carry9; s9 -= carry9 << 21;
+ carry11 = (s11 + (1<<20)) >> 21; s12 += carry11; s11 -= carry11 << 21;
+
+ s0 += s12 * 666643;
+ s1 += s12 * 470296;
+ s2 += s12 * 654183;
+ s3 -= s12 * 997805;
+ s4 += s12 * 136657;
+ s5 -= s12 * 683901;
+ s12 = 0;
+
+ carry0 = s0 >> 21; s1 += carry0; s0 -= carry0 << 21;
+ carry1 = s1 >> 21; s2 += carry1; s1 -= carry1 << 21;
+ carry2 = s2 >> 21; s3 += carry2; s2 -= carry2 << 21;
+ carry3 = s3 >> 21; s4 += carry3; s3 -= carry3 << 21;
+ carry4 = s4 >> 21; s5 += carry4; s4 -= carry4 << 21;
+ carry5 = s5 >> 21; s6 += carry5; s5 -= carry5 << 21;
+ carry6 = s6 >> 21; s7 += carry6; s6 -= carry6 << 21;
+ carry7 = s7 >> 21; s8 += carry7; s7 -= carry7 << 21;
+ carry8 = s8 >> 21; s9 += carry8; s8 -= carry8 << 21;
+ carry9 = s9 >> 21; s10 += carry9; s9 -= carry9 << 21;
+ carry10 = s10 >> 21; s11 += carry10; s10 -= carry10 << 21;
+ carry11 = s11 >> 21; s12 += carry11; s11 -= carry11 << 21;
+
+ s0 += s12 * 666643;
+ s1 += s12 * 470296;
+ s2 += s12 * 654183;
+ s3 -= s12 * 997805;
+ s4 += s12 * 136657;
+ s5 -= s12 * 683901;
+ s12 = 0;
+
+ carry0 = s0 >> 21; s1 += carry0; s0 -= carry0 << 21;
+ carry1 = s1 >> 21; s2 += carry1; s1 -= carry1 << 21;
+ carry2 = s2 >> 21; s3 += carry2; s2 -= carry2 << 21;
+ carry3 = s3 >> 21; s4 += carry3; s3 -= carry3 << 21;
+ carry4 = s4 >> 21; s5 += carry4; s4 -= carry4 << 21;
+ carry5 = s5 >> 21; s6 += carry5; s5 -= carry5 << 21;
+ carry6 = s6 >> 21; s7 += carry6; s6 -= carry6 << 21;
+ carry7 = s7 >> 21; s8 += carry7; s7 -= carry7 << 21;
+ carry8 = s8 >> 21; s9 += carry8; s8 -= carry8 << 21;
+ carry9 = s9 >> 21; s10 += carry9; s9 -= carry9 << 21;
+ carry10 = s10 >> 21; s11 += carry10; s10 -= carry10 << 21;
+
+ s[0] = s0 >> 0;
+ s[1] = s0 >> 8;
+ s[2] = (s0 >> 16) | (s1 << 5);
+ s[3] = s1 >> 3;
+ s[4] = s1 >> 11;
+ s[5] = (s1 >> 19) | (s2 << 2);
+ s[6] = s2 >> 6;
+ s[7] = (s2 >> 14) | (s3 << 7);
+ s[8] = s3 >> 1;
+ s[9] = s3 >> 9;
+ s[10] = (s3 >> 17) | (s4 << 4);
+ s[11] = s4 >> 4;
+ s[12] = s4 >> 12;
+ s[13] = (s4 >> 20) | (s5 << 1);
+ s[14] = s5 >> 7;
+ s[15] = (s5 >> 15) | (s6 << 6);
+ s[16] = s6 >> 2;
+ s[17] = s6 >> 10;
+ s[18] = (s6 >> 18) | (s7 << 3);
+ s[19] = s7 >> 5;
+ s[20] = s7 >> 13;
+ s[21] = s8 >> 0;
+ s[22] = s8 >> 8;
+ s[23] = (s8 >> 16) | (s9 << 5);
+ s[24] = s9 >> 3;
+ s[25] = s9 >> 11;
+ s[26] = (s9 >> 19) | (s10 << 2);
+ s[27] = s10 >> 6;
+ s[28] = (s10 >> 14) | (s11 << 7);
+ s[29] = s11 >> 1;
+ s[30] = s11 >> 9;
+ s[31] = s11 >> 17;
+
+ /* hush warnings after setting values to 0 */
+ (void)s12;
+ (void)s13;
+ (void)s14;
+ (void)s15;
+ (void)s16;
+ (void)s17;
+ (void)s18;
+ (void)s19;
+ (void)s20;
+ (void)s21;
+ (void)s22;
+ (void)s23;
+}
+/*
+Input:
+ a[0]+256*a[1]+...+256^31*a[31] = a
+ b[0]+256*b[1]+...+256^31*b[31] = b
+ c[0]+256*c[1]+...+256^31*c[31] = c
+
+Output:
+ s[0]+256*s[1]+...+256^31*s[31] = (ab+c) mod l
+ where l = 2^252 + 27742317777372353535851937790883648493.
+*/
+void sc_muladd(byte* s, const byte* a, const byte* b, const byte* c)
+{
+ int64_t a0 = 2097151 & load_3(a);
+ int64_t a1 = 2097151 & (load_4(a + 2) >> 5);
+ int64_t a2 = 2097151 & (load_3(a + 5) >> 2);
+ int64_t a3 = 2097151 & (load_4(a + 7) >> 7);
+ int64_t a4 = 2097151 & (load_4(a + 10) >> 4);
+ int64_t a5 = 2097151 & (load_3(a + 13) >> 1);
+ int64_t a6 = 2097151 & (load_4(a + 15) >> 6);
+ int64_t a7 = 2097151 & (load_3(a + 18) >> 3);
+ int64_t a8 = 2097151 & load_3(a + 21);
+ int64_t a9 = 2097151 & (load_4(a + 23) >> 5);
+ int64_t a10 = 2097151 & (load_3(a + 26) >> 2);
+ int64_t a11 = (load_4(a + 28) >> 7);
+ int64_t b0 = 2097151 & load_3(b);
+ int64_t b1 = 2097151 & (load_4(b + 2) >> 5);
+ int64_t b2 = 2097151 & (load_3(b + 5) >> 2);
+ int64_t b3 = 2097151 & (load_4(b + 7) >> 7);
+ int64_t b4 = 2097151 & (load_4(b + 10) >> 4);
+ int64_t b5 = 2097151 & (load_3(b + 13) >> 1);
+ int64_t b6 = 2097151 & (load_4(b + 15) >> 6);
+ int64_t b7 = 2097151 & (load_3(b + 18) >> 3);
+ int64_t b8 = 2097151 & load_3(b + 21);
+ int64_t b9 = 2097151 & (load_4(b + 23) >> 5);
+ int64_t b10 = 2097151 & (load_3(b + 26) >> 2);
+ int64_t b11 = (load_4(b + 28) >> 7);
+ int64_t c0 = 2097151 & load_3(c);
+ int64_t c1 = 2097151 & (load_4(c + 2) >> 5);
+ int64_t c2 = 2097151 & (load_3(c + 5) >> 2);
+ int64_t c3 = 2097151 & (load_4(c + 7) >> 7);
+ int64_t c4 = 2097151 & (load_4(c + 10) >> 4);
+ int64_t c5 = 2097151 & (load_3(c + 13) >> 1);
+ int64_t c6 = 2097151 & (load_4(c + 15) >> 6);
+ int64_t c7 = 2097151 & (load_3(c + 18) >> 3);
+ int64_t c8 = 2097151 & load_3(c + 21);
+ int64_t c9 = 2097151 & (load_4(c + 23) >> 5);
+ int64_t c10 = 2097151 & (load_3(c + 26) >> 2);
+ int64_t c11 = (load_4(c + 28) >> 7);
+ int64_t s0;
+ int64_t s1;
+ int64_t s2;
+ int64_t s3;
+ int64_t s4;
+ int64_t s5;
+ int64_t s6;
+ int64_t s7;
+ int64_t s8;
+ int64_t s9;
+ int64_t s10;
+ int64_t s11;
+ int64_t s12;
+ int64_t s13;
+ int64_t s14;
+ int64_t s15;
+ int64_t s16;
+ int64_t s17;
+ int64_t s18;
+ int64_t s19;
+ int64_t s20;
+ int64_t s21;
+ int64_t s22;
+ int64_t s23;
+ int64_t carry0;
+ int64_t carry1;
+ int64_t carry2;
+ int64_t carry3;
+ int64_t carry4;
+ int64_t carry5;
+ int64_t carry6;
+ int64_t carry7;
+ int64_t carry8;
+ int64_t carry9;
+ int64_t carry10;
+ int64_t carry11;
+ int64_t carry12;
+ int64_t carry13;
+ int64_t carry14;
+ int64_t carry15;
+ int64_t carry16;
+ int64_t carry17;
+ int64_t carry18;
+ int64_t carry19;
+ int64_t carry20;
+ int64_t carry21;
+ int64_t carry22;
+
+ s0 = c0 + a0*b0;
+ s1 = c1 + a0*b1 + a1*b0;
+ s2 = c2 + a0*b2 + a1*b1 + a2*b0;
+ s3 = c3 + a0*b3 + a1*b2 + a2*b1 + a3*b0;
+ s4 = c4 + a0*b4 + a1*b3 + a2*b2 + a3*b1 + a4*b0;
+ s5 = c5 + a0*b5 + a1*b4 + a2*b3 + a3*b2 + a4*b1 + a5*b0;
+ s6 = c6 + a0*b6 + a1*b5 + a2*b4 + a3*b3 + a4*b2 + a5*b1 + a6*b0;
+ s7 = c7 + a0*b7 + a1*b6 + a2*b5 + a3*b4 + a4*b3 + a5*b2 + a6*b1 + a7*b0;
+ s8 = c8 + a0*b8 + a1*b7 + a2*b6 + a3*b5 + a4*b4 + a5*b3 + a6*b2 + a7*b1
+ + a8*b0;
+ s9 = c9 + a0*b9 + a1*b8 + a2*b7 + a3*b6 + a4*b5 + a5*b4 + a6*b3 + a7*b2
+ + a8*b1 + a9*b0;
+ s10 = c10 + a0*b10 + a1*b9 + a2*b8 + a3*b7 + a4*b6 + a5*b5 + a6*b4 + a7*b3
+ + a8*b2 + a9*b1 + a10*b0;
+ s11 = c11 + a0*b11 + a1*b10 + a2*b9 + a3*b8 + a4*b7 + a5*b6 + a6*b5 + a7*b4
+ + a8*b3 + a9*b2 + a10*b1 + a11*b0;
+ s12 = a1*b11 + a2*b10 + a3*b9 + a4*b8 + a5*b7 + a6*b6 + a7*b5 + a8*b4 + a9*b3
+ + a10*b2 + a11*b1;
+ s13 = a2*b11 + a3*b10 + a4*b9 + a5*b8 + a6*b7 + a7*b6 + a8*b5 + a9*b4 + a10*b3
+ + a11*b2;
+ s14 = a3*b11 + a4*b10 + a5*b9 + a6*b8 + a7*b7 + a8*b6 + a9*b5 + a10*b4
+ + a11*b3;
+ s15 = a4*b11 + a5*b10 + a6*b9 + a7*b8 + a8*b7 + a9*b6 + a10*b5 + a11*b4;
+ s16 = a5*b11 + a6*b10 + a7*b9 + a8*b8 + a9*b7 + a10*b6 + a11*b5;
+ s17 = a6*b11 + a7*b10 + a8*b9 + a9*b8 + a10*b7 + a11*b6;
+ s18 = a7*b11 + a8*b10 + a9*b9 + a10*b8 + a11*b7;
+ s19 = a8*b11 + a9*b10 + a10*b9 + a11*b8;
+ s20 = a9*b11 + a10*b10 + a11*b9;
+ s21 = a10*b11 + a11*b10;
+ s22 = a11*b11;
+ s23 = 0;
+
+ carry0 = (s0 + (1<<20)) >> 21; s1 += carry0; s0 -= carry0 << 21;
+ carry2 = (s2 + (1<<20)) >> 21; s3 += carry2; s2 -= carry2 << 21;
+ carry4 = (s4 + (1<<20)) >> 21; s5 += carry4; s4 -= carry4 << 21;
+ carry6 = (s6 + (1<<20)) >> 21; s7 += carry6; s6 -= carry6 << 21;
+ carry8 = (s8 + (1<<20)) >> 21; s9 += carry8; s8 -= carry8 << 21;
+ carry10 = (s10 + (1<<20)) >> 21; s11 += carry10; s10 -= carry10 << 21;
+ carry12 = (s12 + (1<<20)) >> 21; s13 += carry12; s12 -= carry12 << 21;
+ carry14 = (s14 + (1<<20)) >> 21; s15 += carry14; s14 -= carry14 << 21;
+ carry16 = (s16 + (1<<20)) >> 21; s17 += carry16; s16 -= carry16 << 21;
+ carry18 = (s18 + (1<<20)) >> 21; s19 += carry18; s18 -= carry18 << 21;
+ carry20 = (s20 + (1<<20)) >> 21; s21 += carry20; s20 -= carry20 << 21;
+ carry22 = (s22 + (1<<20)) >> 21; s23 += carry22; s22 -= carry22 << 21;
+
+ carry1 = (s1 + (1<<20)) >> 21; s2 += carry1; s1 -= carry1 << 21;
+ carry3 = (s3 + (1<<20)) >> 21; s4 += carry3; s3 -= carry3 << 21;
+ carry5 = (s5 + (1<<20)) >> 21; s6 += carry5; s5 -= carry5 << 21;
+ carry7 = (s7 + (1<<20)) >> 21; s8 += carry7; s7 -= carry7 << 21;
+ carry9 = (s9 + (1<<20)) >> 21; s10 += carry9; s9 -= carry9 << 21;
+ carry11 = (s11 + (1<<20)) >> 21; s12 += carry11; s11 -= carry11 << 21;
+ carry13 = (s13 + (1<<20)) >> 21; s14 += carry13; s13 -= carry13 << 21;
+ carry15 = (s15 + (1<<20)) >> 21; s16 += carry15; s15 -= carry15 << 21;
+ carry17 = (s17 + (1<<20)) >> 21; s18 += carry17; s17 -= carry17 << 21;
+ carry19 = (s19 + (1<<20)) >> 21; s20 += carry19; s19 -= carry19 << 21;
+ carry21 = (s21 + (1<<20)) >> 21; s22 += carry21; s21 -= carry21 << 21;
+
+ s11 += s23 * 666643;
+ s12 += s23 * 470296;
+ s13 += s23 * 654183;
+ s14 -= s23 * 997805;
+ s15 += s23 * 136657;
+ s16 -= s23 * 683901;
+ s23 = 0;
+
+ s10 += s22 * 666643;
+ s11 += s22 * 470296;
+ s12 += s22 * 654183;
+ s13 -= s22 * 997805;
+ s14 += s22 * 136657;
+ s15 -= s22 * 683901;
+ s22 = 0;
+
+ s9 += s21 * 666643;
+ s10 += s21 * 470296;
+ s11 += s21 * 654183;
+ s12 -= s21 * 997805;
+ s13 += s21 * 136657;
+ s14 -= s21 * 683901;
+ s21 = 0;
+
+ s8 += s20 * 666643;
+ s9 += s20 * 470296;
+ s10 += s20 * 654183;
+ s11 -= s20 * 997805;
+ s12 += s20 * 136657;
+ s13 -= s20 * 683901;
+ s20 = 0;
+
+ s7 += s19 * 666643;
+ s8 += s19 * 470296;
+ s9 += s19 * 654183;
+ s10 -= s19 * 997805;
+ s11 += s19 * 136657;
+ s12 -= s19 * 683901;
+ s19 = 0;
+
+ s6 += s18 * 666643;
+ s7 += s18 * 470296;
+ s8 += s18 * 654183;
+ s9 -= s18 * 997805;
+ s10 += s18 * 136657;
+ s11 -= s18 * 683901;
+ s18 = 0;
+
+ carry6 = (s6 + (1<<20)) >> 21; s7 += carry6; s6 -= carry6 << 21;
+ carry8 = (s8 + (1<<20)) >> 21; s9 += carry8; s8 -= carry8 << 21;
+ carry10 = (s10 + (1<<20)) >> 21; s11 += carry10; s10 -= carry10 << 21;
+ carry12 = (s12 + (1<<20)) >> 21; s13 += carry12; s12 -= carry12 << 21;
+ carry14 = (s14 + (1<<20)) >> 21; s15 += carry14; s14 -= carry14 << 21;
+ carry16 = (s16 + (1<<20)) >> 21; s17 += carry16; s16 -= carry16 << 21;
+
+ carry7 = (s7 + (1<<20)) >> 21; s8 += carry7; s7 -= carry7 << 21;
+ carry9 = (s9 + (1<<20)) >> 21; s10 += carry9; s9 -= carry9 << 21;
+ carry11 = (s11 + (1<<20)) >> 21; s12 += carry11; s11 -= carry11 << 21;
+ carry13 = (s13 + (1<<20)) >> 21; s14 += carry13; s13 -= carry13 << 21;
+ carry15 = (s15 + (1<<20)) >> 21; s16 += carry15; s15 -= carry15 << 21;
+
+ s5 += s17 * 666643;
+ s6 += s17 * 470296;
+ s7 += s17 * 654183;
+ s8 -= s17 * 997805;
+ s9 += s17 * 136657;
+ s10 -= s17 * 683901;
+ s17 = 0;
+
+ s4 += s16 * 666643;
+ s5 += s16 * 470296;
+ s6 += s16 * 654183;
+ s7 -= s16 * 997805;
+ s8 += s16 * 136657;
+ s9 -= s16 * 683901;
+ s16 = 0;
+
+ s3 += s15 * 666643;
+ s4 += s15 * 470296;
+ s5 += s15 * 654183;
+ s6 -= s15 * 997805;
+ s7 += s15 * 136657;
+ s8 -= s15 * 683901;
+ s15 = 0;
+
+ s2 += s14 * 666643;
+ s3 += s14 * 470296;
+ s4 += s14 * 654183;
+ s5 -= s14 * 997805;
+ s6 += s14 * 136657;
+ s7 -= s14 * 683901;
+ s14 = 0;
+
+ s1 += s13 * 666643;
+ s2 += s13 * 470296;
+ s3 += s13 * 654183;
+ s4 -= s13 * 997805;
+ s5 += s13 * 136657;
+ s6 -= s13 * 683901;
+ s13 = 0;
+
+ s0 += s12 * 666643;
+ s1 += s12 * 470296;
+ s2 += s12 * 654183;
+ s3 -= s12 * 997805;
+ s4 += s12 * 136657;
+ s5 -= s12 * 683901;
+ s12 = 0;
+
+ carry0 = (s0 + (1<<20)) >> 21; s1 += carry0; s0 -= carry0 << 21;
+ carry2 = (s2 + (1<<20)) >> 21; s3 += carry2; s2 -= carry2 << 21;
+ carry4 = (s4 + (1<<20)) >> 21; s5 += carry4; s4 -= carry4 << 21;
+ carry6 = (s6 + (1<<20)) >> 21; s7 += carry6; s6 -= carry6 << 21;
+ carry8 = (s8 + (1<<20)) >> 21; s9 += carry8; s8 -= carry8 << 21;
+ carry10 = (s10 + (1<<20)) >> 21; s11 += carry10; s10 -= carry10 << 21;
+
+ carry1 = (s1 + (1<<20)) >> 21; s2 += carry1; s1 -= carry1 << 21;
+ carry3 = (s3 + (1<<20)) >> 21; s4 += carry3; s3 -= carry3 << 21;
+ carry5 = (s5 + (1<<20)) >> 21; s6 += carry5; s5 -= carry5 << 21;
+ carry7 = (s7 + (1<<20)) >> 21; s8 += carry7; s7 -= carry7 << 21;
+ carry9 = (s9 + (1<<20)) >> 21; s10 += carry9; s9 -= carry9 << 21;
+ carry11 = (s11 + (1<<20)) >> 21; s12 += carry11; s11 -= carry11 << 21;
+
+ s0 += s12 * 666643;
+ s1 += s12 * 470296;
+ s2 += s12 * 654183;
+ s3 -= s12 * 997805;
+ s4 += s12 * 136657;
+ s5 -= s12 * 683901;
+ s12 = 0;
+
+ carry0 = s0 >> 21; s1 += carry0; s0 -= carry0 << 21;
+ carry1 = s1 >> 21; s2 += carry1; s1 -= carry1 << 21;
+ carry2 = s2 >> 21; s3 += carry2; s2 -= carry2 << 21;
+ carry3 = s3 >> 21; s4 += carry3; s3 -= carry3 << 21;
+ carry4 = s4 >> 21; s5 += carry4; s4 -= carry4 << 21;
+ carry5 = s5 >> 21; s6 += carry5; s5 -= carry5 << 21;
+ carry6 = s6 >> 21; s7 += carry6; s6 -= carry6 << 21;
+ carry7 = s7 >> 21; s8 += carry7; s7 -= carry7 << 21;
+ carry8 = s8 >> 21; s9 += carry8; s8 -= carry8 << 21;
+ carry9 = s9 >> 21; s10 += carry9; s9 -= carry9 << 21;
+ carry10 = s10 >> 21; s11 += carry10; s10 -= carry10 << 21;
+ carry11 = s11 >> 21; s12 += carry11; s11 -= carry11 << 21;
+
+ s0 += s12 * 666643;
+ s1 += s12 * 470296;
+ s2 += s12 * 654183;
+ s3 -= s12 * 997805;
+ s4 += s12 * 136657;
+ s5 -= s12 * 683901;
+ s12 = 0;
+
+ carry0 = s0 >> 21; s1 += carry0; s0 -= carry0 << 21;
+ carry1 = s1 >> 21; s2 += carry1; s1 -= carry1 << 21;
+ carry2 = s2 >> 21; s3 += carry2; s2 -= carry2 << 21;
+ carry3 = s3 >> 21; s4 += carry3; s3 -= carry3 << 21;
+ carry4 = s4 >> 21; s5 += carry4; s4 -= carry4 << 21;
+ carry5 = s5 >> 21; s6 += carry5; s5 -= carry5 << 21;
+ carry6 = s6 >> 21; s7 += carry6; s6 -= carry6 << 21;
+ carry7 = s7 >> 21; s8 += carry7; s7 -= carry7 << 21;
+ carry8 = s8 >> 21; s9 += carry8; s8 -= carry8 << 21;
+ carry9 = s9 >> 21; s10 += carry9; s9 -= carry9 << 21;
+ carry10 = s10 >> 21; s11 += carry10; s10 -= carry10 << 21;
+
+ s[0] = s0 >> 0;
+ s[1] = s0 >> 8;
+ s[2] = (s0 >> 16) | (s1 << 5);
+ s[3] = s1 >> 3;
+ s[4] = s1 >> 11;
+ s[5] = (s1 >> 19) | (s2 << 2);
+ s[6] = s2 >> 6;
+ s[7] = (s2 >> 14) | (s3 << 7);
+ s[8] = s3 >> 1;
+ s[9] = s3 >> 9;
+ s[10] = (s3 >> 17) | (s4 << 4);
+ s[11] = s4 >> 4;
+ s[12] = s4 >> 12;
+ s[13] = (s4 >> 20) | (s5 << 1);
+ s[14] = s5 >> 7;
+ s[15] = (s5 >> 15) | (s6 << 6);
+ s[16] = s6 >> 2;
+ s[17] = s6 >> 10;
+ s[18] = (s6 >> 18) | (s7 << 3);
+ s[19] = s7 >> 5;
+ s[20] = s7 >> 13;
+ s[21] = s8 >> 0;
+ s[22] = s8 >> 8;
+ s[23] = (s8 >> 16) | (s9 << 5);
+ s[24] = s9 >> 3;
+ s[25] = s9 >> 11;
+ s[26] = (s9 >> 19) | (s10 << 2);
+ s[27] = s10 >> 6;
+ s[28] = (s10 >> 14) | (s11 << 7);
+ s[29] = s11 >> 1;
+ s[30] = s11 >> 9;
+ s[31] = s11 >> 17;
+
+ /* hush warnings after setting values to 0 */
+ (void)s12;
+ (void)s13;
+ (void)s14;
+ (void)s15;
+ (void)s16;
+ (void)s17;
+ (void)s18;
+ (void)s19;
+ (void)s20;
+ (void)s21;
+ (void)s22;
+ (void)s23;
+}
+
+
+int ge_compress_key(byte* out, const byte* xIn, const byte* yIn, word32 keySz)
+{
+ fe x,y,z;
+ ge_p3 g;
+ byte bArray[keySz];
+ word32 i;
+
+ fe_0(x);
+ fe_0(y);
+ fe_1(z);
+ fe_frombytes(x, xIn);
+ fe_frombytes(y, yIn);
+
+ fe_copy(g.X, x);
+ fe_copy(g.Y, y);
+ fe_copy(g.Z, z);
+
+ ge_p3_tobytes(bArray, &g);
+
+ for (i = 0; i < keySz; i++) {
+ out[keySz - 1 - i] = bArray[i];
+ }
+
+ return 0;
+}
+
+
+/*
r = p + q
*/
-
void ge_add(ge_p1p1 *r,const ge_p3 *p,const ge_cached *q)
{
fe t0;
@@ -89,7 +748,8 @@ static unsigned char equal(signed char b,signed char c)
static unsigned char negative(signed char b)
{
- unsigned long long x = b; /* 18446744073709551361..18446744073709551615: yes; 0..255: no */
+ unsigned long long x = b; /* 18446744073709551361..18446744073709551615:
+ yes; 0..255: no */
x >>= 63; /* 1: yes; 0: no */
return x;
}
@@ -1482,7 +2142,6 @@ B is the Ed25519 base point (x,4/5) with x positive.
Preconditions:
a[31] <= 127
*/
-
void ge_scalarmult_base(ge_p3 *h,const unsigned char *a)
{
signed char e[64];
@@ -1610,8 +2269,8 @@ where a = a[0]+256*a[1]+...+256^31 a[31].
and b = b[0]+256*b[1]+...+256^31 b[31].
B is the Ed25519 base point (x,4/5) with x positive.
*/
-
-void ge_double_scalarmult_vartime(ge_p2 *r,const unsigned char *a,const ge_p3 *A,const unsigned char *b)
+int ge_double_scalarmult_vartime(ge_p2 *r, const unsigned char *a,
+ const ge_p3 *A, const unsigned char *b)
{
signed char aslide[256];
signed char bslide[256];
@@ -1661,16 +2320,20 @@ void ge_double_scalarmult_vartime(ge_p2 *r,const unsigned char *a,const ge_p3 *A
ge_p1p1_to_p2(r,&t);
}
+
+ return 0;
}
static const fe d = {
--10913610,13857413,-15372611,6949391,114729,-8787816,-6275908,-3247719,-18696448,-12055116
+-10913610,13857413,-15372611,6949391,114729,
+-8787816,-6275908,-3247719,-18696448,-12055116
} ;
static const fe sqrtm1 = {
--32595792,-7943725,9377950,3500415,12389472,-272473,-25146209,-2005654,326686,11406482
+-32595792,-7943725,9377950,3500415,12389472,
+-272473,-25146209,-2005654,326686,11406482
} ;
@@ -1689,6 +2352,7 @@ int ge_frombytes_negate_vartime(ge_p3 *h,const unsigned char *s)
fe_sub(u,u,h->Z); /* u = y^2-1 */
fe_add(v,v,h->Z); /* v = dy^2+1 */
+
fe_sq(v3,v);
fe_mul(v3,v3,v); /* v3 = v^3 */
fe_sq(h->X,v3);
@@ -1850,7 +2514,8 @@ r = p
*/
static const fe d2 = {
--21827239,-5839606,-30745221,13898782,229458,15978800,-12551817,-6495438,29715968,9444199
+-21827239,-5839606,-30745221,13898782,229458,
+15978800,-12551817,-6495438,29715968,9444199
} ;
@@ -1936,4 +2601,5 @@ void ge_tobytes(unsigned char *s,const ge_p2 *h)
s[31] ^= fe_isnegative(x) << 7;
}
#endif /* HAVE_ED25519 */
+#endif /* not defined CURVED25519_SMALL */
diff --git a/wolfcrypt/src/hash.c b/wolfcrypt/src/hash.c
new file mode 100755
index 000000000..58fce69f8
--- /dev/null
+++ b/wolfcrypt/src/hash.c
@@ -0,0 +1,212 @@
+/* hash.c
+ *
+ * Copyright (C) 2006-2015 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL. (formerly known as CyaSSL)
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+ #include
+#endif
+
+#include
+#include
+#include
+
+#if !defined(WOLFSSL_TI_HASH)
+
+#include
+
+#if !defined(NO_MD5)
+void wc_Md5GetHash(Md5* md5, byte* hash)
+{
+ Md5 save = *md5 ;
+ wc_Md5Final(md5, hash) ;
+ *md5 = save ;
+}
+
+WOLFSSL_API void wc_Md5RestorePos(Md5* m1, Md5* m2) {
+ *m1 = *m2 ;
+}
+
+#endif
+
+#if !defined(NO_SHA)
+int wc_ShaGetHash(Sha* sha, byte* hash)
+{
+ int ret ;
+ Sha save = *sha ;
+ ret = wc_ShaFinal(sha, hash) ;
+ *sha = save ;
+ return ret ;
+}
+
+WOLFSSL_API void wc_ShaRestorePos(Sha* s1, Sha* s2) {
+ *s1 = *s2 ;
+}
+
+int wc_ShaHash(const byte* data, word32 len, byte* hash)
+{
+ int ret = 0;
+#ifdef WOLFSSL_SMALL_STACK
+ Sha* sha;
+#else
+ Sha sha[1];
+#endif
+
+#ifdef WOLFSSL_SMALL_STACK
+ sha = (Sha*)XMALLOC(sizeof(Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ if (sha == NULL)
+ return MEMORY_E;
+#endif
+
+ if ((ret = wc_InitSha(sha)) != 0) {
+ WOLFSSL_MSG("wc_InitSha failed");
+ }
+ else {
+ wc_ShaUpdate(sha, data, len);
+ wc_ShaFinal(sha, hash);
+ }
+
+#ifdef WOLFSSL_SMALL_STACK
+ XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
+ return ret;
+
+}
+
+#endif /* !defined(NO_SHA) */
+
+#if !defined(NO_SHA256)
+int wc_Sha256GetHash(Sha256* sha256, byte* hash)
+{
+ int ret ;
+ Sha256 save = *sha256 ;
+ ret = wc_Sha256Final(sha256, hash) ;
+ *sha256 = save ;
+ return ret ;
+}
+
+WOLFSSL_API void wc_Sha256RestorePos(Sha256* s1, Sha256* s2) {
+ *s1 = *s2 ;
+}
+
+int wc_Sha256Hash(const byte* data, word32 len, byte* hash)
+{
+ int ret = 0;
+#ifdef WOLFSSL_SMALL_STACK
+ Sha256* sha256;
+#else
+ Sha256 sha256[1];
+#endif
+
+#ifdef WOLFSSL_SMALL_STACK
+ sha256 = (Sha256*)XMALLOC(sizeof(Sha256), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ if (sha256 == NULL)
+ return MEMORY_E;
+#endif
+
+ if ((ret = wc_InitSha256(sha256)) != 0) {
+ WOLFSSL_MSG("InitSha256 failed");
+ }
+ else if ((ret = wc_Sha256Update(sha256, data, len)) != 0) {
+ WOLFSSL_MSG("Sha256Update failed");
+ }
+ else if ((ret = wc_Sha256Final(sha256, hash)) != 0) {
+ WOLFSSL_MSG("Sha256Final failed");
+ }
+
+#ifdef WOLFSSL_SMALL_STACK
+ XFREE(sha256, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
+ return ret;
+}
+
+#endif /* !defined(NO_SHA256) */
+
+#endif /* !defined(WOLFSSL_TI_HASH) */
+
+#if defined(WOLFSSL_SHA512)
+int wc_Sha512Hash(const byte* data, word32 len, byte* hash)
+{
+ int ret = 0;
+#ifdef WOLFSSL_SMALL_STACK
+ Sha512* sha512;
+#else
+ Sha512 sha512[1];
+#endif
+
+#ifdef WOLFSSL_SMALL_STACK
+ sha512 = (Sha512*)XMALLOC(sizeof(Sha512), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ if (sha512 == NULL)
+ return MEMORY_E;
+#endif
+
+ if ((ret = wc_InitSha512(sha512)) != 0) {
+ WOLFSSL_MSG("InitSha512 failed");
+ }
+ else if ((ret = wc_Sha512Update(sha512, data, len)) != 0) {
+ WOLFSSL_MSG("Sha512Update failed");
+ }
+ else if ((ret = wc_Sha512Final(sha512, hash)) != 0) {
+ WOLFSSL_MSG("Sha512Final failed");
+ }
+
+#ifdef WOLFSSL_SMALL_STACK
+ XFREE(sha512, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
+ return ret;
+}
+
+#if defined(WOLFSSL_SHA384)
+int wc_Sha384Hash(const byte* data, word32 len, byte* hash)
+{
+ int ret = 0;
+#ifdef WOLFSSL_SMALL_STACK
+ Sha384* sha384;
+#else
+ Sha384 sha384[1];
+#endif
+
+#ifdef WOLFSSL_SMALL_STACK
+ sha384 = (Sha384*)XMALLOC(sizeof(Sha384), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ if (sha384 == NULL)
+ return MEMORY_E;
+#endif
+
+ if ((ret = wc_InitSha384(sha384)) != 0) {
+ WOLFSSL_MSG("InitSha384 failed");
+ }
+ else if ((ret = wc_Sha384Update(sha384, data, len)) != 0) {
+ WOLFSSL_MSG("Sha384Update failed");
+ }
+ else if ((ret = wc_Sha384Final(sha384, hash)) != 0) {
+ WOLFSSL_MSG("Sha384Final failed");
+ }
+
+#ifdef WOLFSSL_SMALL_STACK
+ XFREE(sha384, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
+ return ret;
+}
+
+#endif /* defined(WOLFSSL_SHA384) */
+#endif /* defined(WOLFSSL_SHA512) */
diff --git a/wolfcrypt/src/hmac.c b/wolfcrypt/src/hmac.c
index 8c7e8de2b..50716f5d9 100644
--- a/wolfcrypt/src/hmac.c
+++ b/wolfcrypt/src/hmac.c
@@ -134,31 +134,31 @@ static int InitHmac(Hmac* hmac, int type)
ret = wc_InitSha(&hmac->hash.sha);
break;
#endif
-
+
#ifndef NO_SHA256
case SHA256:
ret = wc_InitSha256(&hmac->hash.sha256);
break;
#endif
-
+
#ifdef WOLFSSL_SHA384
case SHA384:
ret = wc_InitSha384(&hmac->hash.sha384);
break;
#endif
-
+
#ifdef WOLFSSL_SHA512
case SHA512:
ret = wc_InitSha512(&hmac->hash.sha512);
break;
#endif
-
- #ifdef HAVE_BLAKE2
+
+ #ifdef HAVE_BLAKE2
case BLAKE2B_ID:
ret = wc_InitBlake2b(&hmac->hash.blake2b, BLAKE2B_256);
break;
#endif
-
+
default:
return BAD_FUNC_ARG;
}
@@ -287,7 +287,7 @@ int wc_HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length)
break;
#endif
- #ifdef HAVE_BLAKE2
+ #ifdef HAVE_BLAKE2
case BLAKE2B_ID:
{
hmac_block_size = BLAKE2B_BLOCKBYTES;
@@ -367,7 +367,7 @@ static int HmacKeyInnerHash(Hmac* hmac)
break;
#endif
- #ifdef HAVE_BLAKE2
+ #ifdef HAVE_BLAKE2
case BLAKE2B_ID:
ret = wc_Blake2bUpdate(&hmac->hash.blake2b,
(byte*) hmac->ipad,BLAKE2B_BLOCKBYTES);
@@ -438,7 +438,7 @@ int wc_HmacUpdate(Hmac* hmac, const byte* msg, word32 length)
break;
#endif
- #ifdef HAVE_BLAKE2
+ #ifdef HAVE_BLAKE2
case BLAKE2B_ID:
ret = wc_Blake2bUpdate(&hmac->hash.blake2b, msg, length);
if (ret != 0)
@@ -570,7 +570,7 @@ int wc_HmacFinal(Hmac* hmac, byte* hash)
break;
#endif
- #ifdef HAVE_BLAKE2
+ #ifdef HAVE_BLAKE2
case BLAKE2B_ID:
{
ret = wc_Blake2bFinal(&hmac->hash.blake2b, (byte*) hmac->innerHash,
@@ -622,7 +622,7 @@ int wc_HmacInitCavium(Hmac* hmac, int devId)
hmac->devId = devId;
hmac->magic = WOLFSSL_HMAC_CAVIUM_MAGIC;
hmac->data = NULL; /* buffered input data */
-
+
hmac->innerHashKeyed = 0;
return 0;
@@ -650,7 +650,7 @@ static void HmacCaviumFinal(Hmac* hmac, byte* hash)
(byte*)hmac->ipad, hmac->dataLen, hmac->data, hash, &requestId,
hmac->devId) != 0) {
WOLFSSL_MSG("Cavium Hmac failed");
- }
+ }
hmac->innerHashKeyed = 0; /* tell update to start over if used again */
}
@@ -685,7 +685,7 @@ static void HmacCaviumUpdate(Hmac* hmac, const byte* msg, word32 length)
if (hmac->dataLen)
XMEMCPY(tmp, hmac->data, hmac->dataLen);
XMEMCPY(tmp + hmac->dataLen, msg, add);
-
+
hmac->dataLen += add;
XFREE(hmac->data, NULL, DYNAMIC_TYPE_CAVIUM_TMP);
hmac->data = tmp;
@@ -722,14 +722,15 @@ int wolfSSL_GetHmacMaxSize(void)
#ifdef HAVE_HKDF
-#ifndef min
+#ifndef WOLFSSL_HAVE_MIN
+#define WOLFSSL_HAVE_MIN
static INLINE word32 min(word32 a, word32 b)
{
return a > b ? b : a;
}
-#endif /* min */
+#endif /* WOLFSSL_HAVE_MIN */
static INLINE int GetHashSizeByType(int type)
@@ -750,31 +751,31 @@ static INLINE int GetHashSizeByType(int type)
return SHA_DIGEST_SIZE;
break;
#endif
-
+
#ifndef NO_SHA256
case SHA256:
return SHA256_DIGEST_SIZE;
break;
#endif
-
+
#ifdef WOLFSSL_SHA384
case SHA384:
return SHA384_DIGEST_SIZE;
break;
#endif
-
+
#ifdef WOLFSSL_SHA512
case SHA512:
return SHA512_DIGEST_SIZE;
break;
#endif
-
- #ifdef HAVE_BLAKE2
+
+ #ifdef HAVE_BLAKE2
case BLAKE2B_ID:
return BLAKE2B_OUTBYTES;
break;
#endif
-
+
default:
return BAD_FUNC_ARG;
break;
@@ -823,7 +824,7 @@ int wc_HKDF(int type, const byte* inKey, word32 inKeySz,
localSalt = tmp;
saltSz = hashSz;
}
-
+
do {
ret = wc_HmacSetKey(&myHmac, type, localSalt, saltSz);
if (ret != 0)
@@ -875,4 +876,3 @@ int wc_HKDF(int type, const byte* inKey, word32 inKeySz,
#endif /* HAVE_FIPS */
#endif /* NO_HMAC */
-
diff --git a/wolfcrypt/src/include.am b/wolfcrypt/src/include.am
index a6e815427..299921579 100644
--- a/wolfcrypt/src/include.am
+++ b/wolfcrypt/src/include.am
@@ -38,3 +38,11 @@ EXTRA_DIST += \
wolfcrypt/src/fp_sqr_comba_8.i \
wolfcrypt/src/fp_sqr_comba_9.i \
wolfcrypt/src/fp_sqr_comba_small_set.i
+
+EXTRA_DIST += wolfcrypt/src/port/ti/ti-aes.c \
+ wolfcrypt/src/port/ti/ti-des3.c \
+ wolfcrypt/src/port/ti/ti-hash.c \
+ wolfcrypt/src/port/ti/ti-ccm.c \
+ wolfcrypt/src/port/pic32/pic32mz-hash.c
+
+
diff --git a/wolfcrypt/src/integer.c b/wolfcrypt/src/integer.c
index b68ec7ea7..49b3fe195 100644
--- a/wolfcrypt/src/integer.c
+++ b/wolfcrypt/src/integer.c
@@ -33,7 +33,7 @@
/* in case user set USE_FAST_MATH there */
#include
-#ifndef NO_BIG_INT
+#ifndef NO_BIG_INT
#ifndef USE_FAST_MATH
@@ -45,7 +45,35 @@
#endif
#endif
-static void bn_reverse (unsigned char *s, int len);
+#ifdef SHOW_GEN
+ #ifdef FREESCALE_MQX
+ #if MQX_USE_IO_OLD
+ #include
+ #else
+ #include
+ #endif
+ #else
+ #include
+ #endif
+#endif
+
+/* reverse an array, used for radix code */
+static void
+bn_reverse (unsigned char *s, int len)
+{
+ int ix, iy;
+ unsigned char t;
+
+ ix = 0;
+ iy = len - 1;
+ while (ix < iy) {
+ t = s[ix];
+ s[ix] = s[iy];
+ s[iy] = t;
+ ++ix;
+ --iy;
+ }
+}
/* math settings check */
word32 CheckRunTimeSettings(void)
@@ -168,7 +196,7 @@ mp_count_bits (mp_int * a)
/* get number of digits and add that */
r = (a->used - 1) * DIGIT_BIT;
-
+
/* take the last digit and count the bits in it */
q = a->dp[a->used - 1];
while (q > ((mp_digit) 0)) {
@@ -327,25 +355,6 @@ int mp_grow (mp_int * a, int size)
}
-/* reverse an array, used for radix code */
-void
-bn_reverse (unsigned char *s, int len)
-{
- int ix, iy;
- unsigned char t;
-
- ix = 0;
- iy = len - 1;
- while (ix < iy) {
- t = s[ix];
- s[ix] = s[iy];
- s[iy] = t;
- ++ix;
- --iy;
- }
-}
-
-
/* shift right by a certain bit count (store quotient in c, optional
remainder in d) */
int mp_div_2d (mp_int * a, int b, mp_int * c, mp_int * d)
@@ -416,7 +425,7 @@ void mp_zero (mp_int * a)
}
-/* trim unused digits
+/* trim unused digits
*
* This is used to ensure that leading zero digits are
* trimed and the leading "used" digit will be non-zero
@@ -440,7 +449,7 @@ mp_clamp (mp_int * a)
}
-/* swap the elements of two integers, for cases where you can't simply swap the
+/* swap the elements of two integers, for cases where you can't simply swap the
* mp_int pointers around
*/
void
@@ -513,8 +522,8 @@ void mp_rshd (mp_int * a, int b)
/* top [offset into digits] */
top = a->dp + b;
- /* this is implemented as a sliding window where
- * the window is b-digits long and digits from
+ /* this is implemented as a sliding window where
+ * the window is b-digits long and digits from
* the top of the window are copied to the bottom
*
* e.g.
@@ -532,7 +541,7 @@ void mp_rshd (mp_int * a, int b)
*bottom++ = 0;
}
}
-
+
/* remove excess digits */
a->used -= b;
}
@@ -662,7 +671,7 @@ int mp_mul_2d (mp_int * a, int b, mp_int * c)
/* set the carry to the carry bits of the current word */
r = rr;
}
-
+
/* set final carry */
if (r != 0) {
c->dp[(c->used)++] = r;
@@ -765,7 +774,7 @@ int mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y)
mp_clear(&tmpG);
mp_clear(&tmpX);
return err;
-#else
+#else
/* no invmod */
return MP_VAL;
#endif
@@ -793,7 +802,7 @@ int mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y)
dr = mp_reduce_is_2k(P) << 1;
}
#endif
-
+
/* if the modulus is odd or dr != 0 use the montgomery method */
#ifdef BN_MP_EXPTMOD_FAST_C
if (mp_isodd (P) == 1 || dr != 0) {
@@ -813,7 +822,7 @@ int mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y)
}
-/* b = |a|
+/* b = |a|
*
* Simple function copies the input and fixes the sign to positive
*/
@@ -857,16 +866,16 @@ int mp_invmod (mp_int * a, mp_int * b, mp_int * c)
}
-/* computes the modular inverse via binary extended euclidean algorithm,
- * that is c = 1/a mod b
+/* computes the modular inverse via binary extended euclidean algorithm,
+ * that is c = 1/a mod b
*
- * Based on slow invmod except this is optimized for the case where b is
+ * Based on slow invmod except this is optimized for the case where b is
* odd as per HAC Note 14.64 on pp. 610
*/
int fast_mp_invmod (mp_int * a, mp_int * b, mp_int * c)
{
mp_int x, y, u, v, B, D;
- int res, neg;
+ int res, neg, loop_check = 0;
/* 2. [modified] b must be odd */
if (mp_iseven (b) == 1) {
@@ -958,6 +967,10 @@ top:
/* if not zero goto step 4 */
if (mp_iszero (&u) == 0) {
+ if (++loop_check > 4096) {
+ res = MP_VAL;
+ goto LBL_ERR;
+ }
goto top;
}
@@ -1002,7 +1015,7 @@ int mp_invmod_slow (mp_int * a, mp_int * b, mp_int * c)
}
/* init temps */
- if ((res = mp_init_multi(&x, &y, &u, &v,
+ if ((res = mp_init_multi(&x, &y, &u, &v,
&A, &B)) != MP_OKAY) {
return res;
}
@@ -1134,14 +1147,14 @@ top:
goto LBL_ERR;
}
}
-
+
/* too big */
while (mp_cmp_mag(&C, b) != MP_LT) {
if ((res = mp_sub(&C, b, &C)) != MP_OKAY) {
goto LBL_ERR;
}
}
-
+
/* C is now the inverse */
mp_exch (&C, c);
res = MP_OKAY;
@@ -1167,7 +1180,7 @@ int mp_cmp_mag (mp_int * a, mp_int * b)
if (a->used > b->used) {
return MP_GT;
}
-
+
if (a->used < b->used) {
return MP_LT;
}
@@ -1204,7 +1217,7 @@ mp_cmp (mp_int * a, mp_int * b)
return MP_GT;
}
}
-
+
/* compare digits */
if (a->sign == MP_NEG) {
/* if negative compare opposite direction */
@@ -1247,6 +1260,14 @@ void mp_set (mp_int * a, mp_digit b)
a->used = (a->dp[0] != 0) ? 1 : 0;
}
+/* chek if a bit is set */
+int mp_is_bit_set (mp_int *a, mp_digit b)
+{
+ if ((mp_digit)a->used < b/DIGIT_BIT)
+ return 0;
+
+ return (int)((a->dp[b/DIGIT_BIT] >> b%DIGIT_BIT) & (mp_digit)1);
+}
/* c = a mod b, 0 <= c < b */
int
@@ -1299,7 +1320,7 @@ int mp_div(mp_int * a, mp_int * b, mp_int * c, mp_int * d)
}
return res;
}
-
+
/* init our temps */
if ((res = mp_init_multi(&ta, &tb, &tq, &q, 0, 0)) != MP_OKAY) {
return res;
@@ -1309,7 +1330,7 @@ int mp_div(mp_int * a, mp_int * b, mp_int * c, mp_int * d)
mp_set(&tq, 1);
n = mp_count_bits(a) - mp_count_bits(b);
if (((res = mp_abs(a, &ta)) != MP_OKAY) ||
- ((res = mp_abs(b, &tb)) != MP_OKAY) ||
+ ((res = mp_abs(b, &tb)) != MP_OKAY) ||
((res = mp_mul_2d(&tb, n, &tb)) != MP_OKAY) ||
((res = mp_mul_2d(&tq, n, &tq)) != MP_OKAY)) {
goto LBL_ERR;
@@ -1487,8 +1508,8 @@ s_mp_add (mp_int * a, mp_int * b, mp_int * c)
*tmpc++ &= MP_MASK;
}
- /* now copy higher words if any, that is in A+B
- * if A or B has more digits add those in
+ /* now copy higher words if any, that is in A+B
+ * if A or B has more digits add those in
*/
if (min != max) {
for (; i < max; i++) {
@@ -1627,7 +1648,7 @@ mp_sub (mp_int * a, mp_int * b, mp_int * c)
int mp_reduce_is_2k_l(mp_int *a)
{
int ix, iy;
-
+
if (a->used == 0) {
return MP_NO;
} else if (a->used == 1) {
@@ -1640,7 +1661,7 @@ int mp_reduce_is_2k_l(mp_int *a)
}
}
return (iy >= (a->used/2)) ? MP_YES : MP_NO;
-
+
}
return MP_NO;
}
@@ -1651,7 +1672,7 @@ int mp_reduce_is_2k(mp_int *a)
{
int ix, iy, iw;
mp_digit iz;
-
+
if (a->used == 0) {
return MP_NO;
} else if (a->used == 1) {
@@ -1660,7 +1681,7 @@ int mp_reduce_is_2k(mp_int *a)
iy = mp_count_bits(a);
iz = 1;
iw = 1;
-
+
/* Test every bit from the second digit up, must be 1 */
for (ix = DIGIT_BIT; ix < iy; ix++) {
if ((a->dp[iw] & iz) == 0) {
@@ -1717,16 +1738,27 @@ int mp_dr_is_modulus(mp_int *a)
int mp_exptmod_fast (mp_int * G, mp_int * X, mp_int * P, mp_int * Y,
int redmode)
{
- mp_int M[TAB_SIZE], res;
+ mp_int res;
mp_digit buf, mp;
int err, bitbuf, bitcpy, bitcnt, mode, digidx, x, y, winsize;
-
+#ifdef WOLFSSL_SMALL_STACK
+ mp_int* M = NULL;
+#else
+ mp_int M[TAB_SIZE];
+#endif
/* use a pointer to the reduction algorithm. This allows us to use
* one of many reduction algorithms without modding the guts of
* the code with if statements everywhere.
*/
int (*redux)(mp_int*,mp_int*,mp_digit);
+#ifdef WOLFSSL_SMALL_STACK
+ M = (mp_int*) XMALLOC(sizeof(mp_int) * TAB_SIZE, NULL,
+ DYNAMIC_TYPE_TMP_BUFFER);
+ if (M == NULL)
+ return MP_MEM;
+#endif
+
/* find window size */
x = mp_count_bits (X);
if (x <= 7) {
@@ -1754,6 +1786,10 @@ int mp_exptmod_fast (mp_int * G, mp_int * X, mp_int * P, mp_int * Y,
/* init M array */
/* init first cell */
if ((err = mp_init(&M[1])) != MP_OKAY) {
+#ifdef WOLFSSL_SMALL_STACK
+ XFREE(M, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
return err;
}
@@ -1764,13 +1800,18 @@ int mp_exptmod_fast (mp_int * G, mp_int * X, mp_int * P, mp_int * Y,
mp_clear (&M[y]);
}
mp_clear(&M[1]);
+
+#ifdef WOLFSSL_SMALL_STACK
+ XFREE(M, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
return err;
}
}
/* determine and setup reduction code */
if (redmode == 0) {
-#ifdef BN_MP_MONTGOMERY_SETUP_C
+#ifdef BN_MP_MONTGOMERY_SETUP_C
/* now setup montgomery */
if ((err = mp_montgomery_setup (P, &mp)) != MP_OKAY) {
goto LBL_M;
@@ -1786,7 +1827,7 @@ int mp_exptmod_fast (mp_int * G, mp_int * X, mp_int * P, mp_int * Y,
if (((P->used * 2 + 1) < MP_WARRAY) &&
P->used < (1 << ((CHAR_BIT * sizeof (mp_word)) - (2 * DIGIT_BIT)))) {
redux = fast_mp_montgomery_reduce;
- } else
+ } else
#endif
{
#ifdef BN_MP_MONTGOMERY_REDUCE_C
@@ -1837,7 +1878,7 @@ int mp_exptmod_fast (mp_int * G, mp_int * X, mp_int * P, mp_int * Y,
if ((err = mp_montgomery_calc_normalization (&res, P)) != MP_OKAY) {
goto LBL_RES;
}
-#else
+#else
err = MP_VAL;
goto LBL_RES;
#endif
@@ -1859,7 +1900,8 @@ int mp_exptmod_fast (mp_int * G, mp_int * X, mp_int * P, mp_int * Y,
}
for (x = 0; x < (winsize - 1); x++) {
- if ((err = mp_sqr (&M[(mp_digit)(1 << (winsize - 1))], &M[(mp_digit)(1 << (winsize - 1))])) != MP_OKAY) {
+ if ((err = mp_sqr (&M[(mp_digit)(1 << (winsize - 1))],
+ &M[(mp_digit)(1 << (winsize - 1))])) != MP_OKAY) {
goto LBL_RES;
}
if ((err = redux (&M[(mp_digit)(1 << (winsize - 1))], P, mp)) != MP_OKAY) {
@@ -1998,6 +2040,11 @@ LBL_M:
for (x = 1<<(winsize-1); x < (1 << winsize); x++) {
mp_clear (&M[x]);
}
+
+#ifdef WOLFSSL_SMALL_STACK
+ XFREE(M, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
return err;
}
@@ -2071,7 +2118,7 @@ int fast_mp_montgomery_reduce (mp_int * x, mp_int * n, mp_digit rho)
#ifdef WOLFSSL_SMALL_STACK
W = (mp_word*)XMALLOC(sizeof(mp_word) * MP_WARRAY, 0, DYNAMIC_TYPE_BIGINT);
- if (W == NULL)
+ if (W == NULL)
return MP_MEM;
#endif
@@ -2312,7 +2359,7 @@ void mp_dr_setup(mp_int *a, mp_digit *d)
/* the casts are required if DIGIT_BIT is one less than
* the number of bits in a mp_digit [e.g. DIGIT_BIT==31]
*/
- *d = (mp_digit)((((mp_word)1) << ((mp_word)DIGIT_BIT)) -
+ *d = (mp_digit)((((mp_word)1) << ((mp_word)DIGIT_BIT)) -
((mp_word)a->dp[0]));
}
@@ -2396,35 +2443,35 @@ int mp_reduce_2k(mp_int *a, mp_int *n, mp_digit d)
{
mp_int q;
int p, res;
-
+
if ((res = mp_init(&q)) != MP_OKAY) {
return res;
}
-
- p = mp_count_bits(n);
+
+ p = mp_count_bits(n);
top:
/* q = a/2**p, a = a mod 2**p */
if ((res = mp_div_2d(a, p, &q, a)) != MP_OKAY) {
goto ERR;
}
-
+
if (d != 1) {
/* q = q * d */
- if ((res = mp_mul_d(&q, d, &q)) != MP_OKAY) {
+ if ((res = mp_mul_d(&q, d, &q)) != MP_OKAY) {
goto ERR;
}
}
-
+
/* a = a + q */
if ((res = s_mp_add(a, &q, a)) != MP_OKAY) {
goto ERR;
}
-
+
if (mp_cmp_mag(a, n) != MP_LT) {
s_mp_sub(a, n, a);
goto top;
}
-
+
ERR:
mp_clear(&q);
return res;
@@ -2436,56 +2483,63 @@ int mp_reduce_2k_setup(mp_int *a, mp_digit *d)
{
int res, p;
mp_int tmp;
-
+
if ((res = mp_init(&tmp)) != MP_OKAY) {
return res;
}
-
+
p = mp_count_bits(a);
if ((res = mp_2expt(&tmp, p)) != MP_OKAY) {
mp_clear(&tmp);
return res;
}
-
+
if ((res = s_mp_sub(&tmp, a, &tmp)) != MP_OKAY) {
mp_clear(&tmp);
return res;
}
-
+
*d = tmp.dp[0];
mp_clear(&tmp);
return MP_OKAY;
}
-/* computes a = 2**b
+/* set the b bit of a */
+int
+mp_set_bit (mp_int * a, int b)
+{
+ int i = b / DIGIT_BIT, res;
+
+ if (a->used < (int)(i + 1)) {
+ /* grow a to accomodate the single bit */
+ if ((res = mp_grow (a, i + 1)) != MP_OKAY) {
+ return res;
+ }
+
+ /* set the used count of where the bit will go */
+ a->used = (int)(i + 1);
+ }
+
+ /* put the single bit in its place */
+ a->dp[i] |= ((mp_digit)1) << (b % DIGIT_BIT);
+
+ return MP_OKAY;
+}
+
+/* computes a = 2**b
*
- * Simple algorithm which zeroes the int, grows it then just sets one bit
- * as required.
+ * Simple algorithm which zeroes the int, set the required bit
*/
int
mp_2expt (mp_int * a, int b)
{
- int res;
+ /* zero a as per default */
+ mp_zero (a);
- /* zero a as per default */
- mp_zero (a);
-
- /* grow a to accomodate the single bit */
- if ((res = mp_grow (a, b / DIGIT_BIT + 1)) != MP_OKAY) {
- return res;
- }
-
- /* set the used count of where the bit will go */
- a->used = b / DIGIT_BIT + 1;
-
- /* put the single bit in its place */
- a->dp[b / DIGIT_BIT] = ((mp_digit)1) << (b % DIGIT_BIT);
-
- return MP_OKAY;
+ return mp_set_bit(a, b);
}
-
/* multiply by a digit */
int
mp_mul_d (mp_int * a, mp_digit b, mp_int * c)
@@ -2574,8 +2628,8 @@ mp_sqr (mp_int * a, mp_int * b)
{
#ifdef BN_FAST_S_MP_SQR_C
/* can we use the fast comba multiplier? */
- if ((a->used * 2 + 1) < MP_WARRAY &&
- a->used <
+ if ((a->used * 2 + 1) < MP_WARRAY &&
+ a->used <
(1 << (sizeof(mp_word) * CHAR_BIT - 2*DIGIT_BIT - 1))) {
res = fast_s_mp_sqr (a, b);
} else
@@ -2600,18 +2654,18 @@ int mp_mul (mp_int * a, mp_int * b, mp_int * c)
{
/* can we use the fast multiplier?
*
- * The fast multiplier can be used if the output will
- * have less than MP_WARRAY digits and the number of
+ * The fast multiplier can be used if the output will
+ * have less than MP_WARRAY digits and the number of
* digits won't affect carry propagation
*/
int digs = a->used + b->used + 1;
#ifdef BN_FAST_S_MP_MUL_DIGS_C
if ((digs < MP_WARRAY) &&
- MIN(a->used, b->used) <=
+ MIN(a->used, b->used) <=
(1 << ((CHAR_BIT * sizeof (mp_word)) - (2 * DIGIT_BIT)))) {
res = fast_s_mp_mul_digs (a, b, c, digs);
- } else
+ } else
#endif
#ifdef BN_S_MP_MUL_DIGS_C
res = s_mp_mul (a, b, c); /* uses s_mp_mul_digs */
@@ -2645,24 +2699,24 @@ int mp_mul_2(mp_int * a, mp_int * b)
/* alias for source */
tmpa = a->dp;
-
+
/* alias for dest */
tmpb = b->dp;
/* carry */
r = 0;
for (x = 0; x < a->used; x++) {
-
- /* get what will be the *next* carry bit from the
- * MSB of the current digit
+
+ /* get what will be the *next* carry bit from the
+ * MSB of the current digit
*/
rr = *tmpa >> ((mp_digit)(DIGIT_BIT - 1));
-
+
/* now shift up this digit, add in the carry [from the previous] */
*tmpb++ = ((*tmpa++ << ((mp_digit)1)) | r) & MP_MASK;
-
- /* copy the carry that would be from the source
- * digit into the next iteration
+
+ /* copy the carry that would be from the source
+ * digit into the next iteration
*/
r = rr;
}
@@ -2674,8 +2728,8 @@ int mp_mul_2(mp_int * a, mp_int * b)
++(b->used);
}
- /* now zero any excess digits on the destination
- * that we didn't write to
+ /* now zero any excess digits on the destination
+ * that we didn't write to
*/
tmpb = b->dp + b->used;
for (x = b->used; x < oldused; x++) {
@@ -2695,14 +2749,14 @@ mp_div_3 (mp_int * a, mp_int *c, mp_digit * d)
mp_word w, t;
mp_digit b;
int res, ix;
-
+
/* b = 2**DIGIT_BIT / 3 */
b = (mp_digit) ( (((mp_word)1) << ((mp_word)DIGIT_BIT)) / ((mp_word)3) );
if ((res = mp_init_size(&q, a->used)) != MP_OKAY) {
return res;
}
-
+
q.used = a->used;
q.sign = a->sign;
w = 0;
@@ -2740,7 +2794,7 @@ mp_div_3 (mp_int * a, mp_int *c, mp_digit * d)
mp_exch(&q, c);
}
mp_clear(&q);
-
+
return res;
}
@@ -2751,8 +2805,8 @@ int mp_init_size (mp_int * a, int size)
int x;
/* pad size so there are always extra digits */
- size += (MP_PREC * 2) - (size % MP_PREC);
-
+ size += (MP_PREC * 2) - (size % MP_PREC);
+
/* alloc mem */
a->dp = OPT_CAST(mp_digit) XMALLOC (sizeof (mp_digit) * size, 0,
DYNAMIC_TYPE_BIGINT);
@@ -2775,10 +2829,10 @@ int mp_init_size (mp_int * a, int size)
/* the jist of squaring...
- * you do like mult except the offset of the tmpx [one that
- * starts closer to zero] can't equal the offset of tmpy.
+ * you do like mult except the offset of the tmpx [one that
+ * starts closer to zero] can't equal the offset of tmpy.
* So basically you set up iy like before then you min it with
- * (ty-tx) so that it never happens. You double all those
+ * (ty-tx) so that it never happens. You double all those
* you add in the inner loop
After that loop you do the squares and add them in.
@@ -2808,13 +2862,13 @@ int fast_s_mp_sqr (mp_int * a, mp_int * b)
#ifdef WOLFSSL_SMALL_STACK
W = (mp_digit*)XMALLOC(sizeof(mp_digit) * MP_WARRAY, 0, DYNAMIC_TYPE_BIGINT);
- if (W == NULL)
+ if (W == NULL)
return MP_MEM;
#endif
/* number of output digits to produce */
W1 = 0;
- for (ix = 0; ix < pa; ix++) {
+ for (ix = 0; ix < pa; ix++) {
int tx, ty, iy;
mp_word _W;
mp_digit *tmpy;
@@ -2835,7 +2889,7 @@ int fast_s_mp_sqr (mp_int * a, mp_int * b)
*/
iy = MIN(a->used-tx, ty+1);
- /* now for squaring tx can never equal ty
+ /* now for squaring tx can never equal ty
* we halve the distance since they approach at a rate of 2x
* and we have to round because odd cases need to be executed
*/
@@ -2889,15 +2943,15 @@ int fast_s_mp_sqr (mp_int * a, mp_int * b)
/* Fast (comba) multiplier
*
- * This is the fast column-array [comba] multiplier. It is
- * designed to compute the columns of the product first
- * then handle the carries afterwards. This has the effect
+ * This is the fast column-array [comba] multiplier. It is
+ * designed to compute the columns of the product first
+ * then handle the carries afterwards. This has the effect
* of making the nested loops that compute the columns very
* simple and schedulable on super-scalar processors.
*
- * This has been modified to produce a variable number of
- * digits of output so if say only a half-product is required
- * you don't have to compute the upper half (a feature
+ * This has been modified to produce a variable number of
+ * digits of output so if say only a half-product is required
+ * you don't have to compute the upper half (a feature
* required for fast Barrett reduction).
*
* Based on Algorithm 14.12 on pp.595 of HAC.
@@ -2927,13 +2981,13 @@ int fast_s_mp_mul_digs (mp_int * a, mp_int * b, mp_int * c, int digs)
#ifdef WOLFSSL_SMALL_STACK
W = (mp_digit*)XMALLOC(sizeof(mp_digit) * MP_WARRAY, 0, DYNAMIC_TYPE_BIGINT);
- if (W == NULL)
+ if (W == NULL)
return MP_MEM;
#endif
/* clear the carry */
_W = 0;
- for (ix = 0; ix < pa; ix++) {
+ for (ix = 0; ix < pa; ix++) {
int tx, ty;
int iy;
mp_digit *tmpx, *tmpy;
@@ -2946,7 +3000,7 @@ int fast_s_mp_mul_digs (mp_int * a, mp_int * b, mp_int * c, int digs)
tmpx = a->dp + tx;
tmpy = b->dp + ty;
- /* this is the number of times the loop will iterrate, essentially
+ /* this is the number of times the loop will iterrate, essentially
while (tx++ < a->used && ty-- >= 0) { ... }
*/
iy = MIN(a->used-tx, ty+1);
@@ -3024,7 +3078,7 @@ int s_mp_sqr (mp_int * a, mp_int * b)
/* alias for where to store the results */
tmpt = t.dp + (2*ix + 1);
-
+
for (iy = ix + 1; iy < pa; iy++) {
/* first calculate the product */
r = ((mp_word)tmpx) * ((mp_word)a->dp[iy]);
@@ -3056,7 +3110,7 @@ int s_mp_sqr (mp_int * a, mp_int * b)
/* multiplies |a| * |b| and only computes upto digs digits of result
- * HAC pp. 595, Algorithm 14.12 Modified so you can control how
+ * HAC pp. 595, Algorithm 14.12 Modified so you can control how
* many digits of output are created.
*/
int s_mp_mul_digs (mp_int * a, mp_int * b, mp_int * c, int digs)
@@ -3069,7 +3123,7 @@ int s_mp_mul_digs (mp_int * a, mp_int * b, mp_int * c, int digs)
/* can we use the fast multiplier? */
if (((digs) < MP_WARRAY) &&
- MIN (a->used, b->used) <
+ MIN (a->used, b->used) <
(1 << ((CHAR_BIT * sizeof (mp_word)) - (2 * DIGIT_BIT)))) {
return fast_s_mp_mul_digs (a, b, c, digs);
}
@@ -3091,10 +3145,10 @@ int s_mp_mul_digs (mp_int * a, mp_int * b, mp_int * c, int digs)
/* setup some aliases */
/* copy of the digit from a used within the nested loop */
tmpx = a->dp[ix];
-
+
/* an alias for the destination shifted ix places */
tmpt = t.dp + ix;
-
+
/* an alias for the digits of b */
tmpy = b->dp;
@@ -3139,7 +3193,8 @@ int mp_montgomery_calc_normalization (mp_int * a, mp_int * b)
bits = mp_count_bits (b) % DIGIT_BIT;
if (b->used > 1) {
- if ((res = mp_2expt (a, (b->used - 1) * DIGIT_BIT + bits - 1)) != MP_OKAY) {
+ if ((res = mp_2expt (a, (b->used - 1) * DIGIT_BIT + bits - 1))
+ != MP_OKAY) {
return res;
}
} else {
@@ -3204,7 +3259,7 @@ int s_mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y, int redmode)
/* init M array */
/* init first cell */
if ((err = mp_init(&M[1])) != MP_OKAY) {
- return err;
+ return err;
}
/* now init the second half of the array */
@@ -3222,7 +3277,7 @@ int s_mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y, int redmode)
if ((err = mp_init (&mu)) != MP_OKAY) {
goto LBL_M;
}
-
+
if (redmode == 0) {
if ((err = mp_reduce_setup (&mu, P)) != MP_OKAY) {
goto LBL_MU;
@@ -3233,22 +3288,22 @@ int s_mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y, int redmode)
goto LBL_MU;
}
redux = mp_reduce_2k_l;
- }
+ }
/* create M table
*
- * The M table contains powers of the base,
+ * The M table contains powers of the base,
* e.g. M[x] = G**x mod P
*
- * The first half of the table is not
+ * The first half of the table is not
* computed though accept for M[0] and M[1]
*/
if ((err = mp_mod (G, P, &M[1])) != MP_OKAY) {
goto LBL_MU;
}
- /* compute the value at M[1<<(winsize-1)] by squaring
- * M[1] (winsize-1) times
+ /* compute the value at M[1<<(winsize-1)] by squaring
+ * M[1] (winsize-1) times
*/
if ((err = mp_copy (&M[1], &M[(mp_digit)(1 << (winsize - 1))])) != MP_OKAY) {
goto LBL_MU;
@@ -3256,7 +3311,7 @@ int s_mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y, int redmode)
for (x = 0; x < (winsize - 1); x++) {
/* square it */
- if ((err = mp_sqr (&M[(mp_digit)(1 << (winsize - 1))],
+ if ((err = mp_sqr (&M[(mp_digit)(1 << (winsize - 1))],
&M[(mp_digit)(1 << (winsize - 1))])) != MP_OKAY) {
goto LBL_MU;
}
@@ -3403,7 +3458,7 @@ LBL_M:
int mp_reduce_setup (mp_int * a, mp_int * b)
{
int res;
-
+
if ((res = mp_2expt (a, b->used * 2 * DIGIT_BIT)) != MP_OKAY) {
return res;
}
@@ -3411,7 +3466,7 @@ int mp_reduce_setup (mp_int * a, mp_int * b)
}
-/* reduces x mod m, assumes 0 < x < m**2, mu is
+/* reduces x mod m, assumes 0 < x < m**2, mu is
* precomputed via mp_reduce_setup.
* From HAC pp.604 Algorithm 14.42
*/
@@ -3426,7 +3481,7 @@ int mp_reduce (mp_int * x, mp_int * m, mp_int * mu)
}
/* q1 = x / b**(k-1) */
- mp_rshd (&q, um - 1);
+ mp_rshd (&q, um - 1);
/* according to HAC this optimization is ok */
if (((mp_word) um) > (((mp_digit)1) << (DIGIT_BIT - 1))) {
@@ -3442,8 +3497,8 @@ int mp_reduce (mp_int * x, mp_int * m, mp_int * mu)
if ((res = fast_s_mp_mul_high_digs (&q, mu, &q, um)) != MP_OKAY) {
goto CLEANUP;
}
-#else
- {
+#else
+ {
res = MP_VAL;
goto CLEANUP;
}
@@ -3451,7 +3506,7 @@ int mp_reduce (mp_int * x, mp_int * m, mp_int * mu)
}
/* q3 = q2 / b**(k+1) */
- mp_rshd (&q, um + 1);
+ mp_rshd (&q, um + 1);
/* x = x mod b**(k+1), quick (no division) */
if ((res = mp_mod_2d (x, DIGIT_BIT * (um + 1), x)) != MP_OKAY) {
@@ -3483,7 +3538,7 @@ int mp_reduce (mp_int * x, mp_int * m, mp_int * mu)
goto CLEANUP;
}
}
-
+
CLEANUP:
mp_clear (&q);
@@ -3491,7 +3546,7 @@ CLEANUP:
}
-/* reduces a modulo n where n is of the form 2**p - d
+/* reduces a modulo n where n is of the form 2**p - d
This differs from reduce_2k since "d" can be larger
than a single digit.
*/
@@ -3499,33 +3554,33 @@ int mp_reduce_2k_l(mp_int *a, mp_int *n, mp_int *d)
{
mp_int q;
int p, res;
-
+
if ((res = mp_init(&q)) != MP_OKAY) {
return res;
}
-
- p = mp_count_bits(n);
+
+ p = mp_count_bits(n);
top:
/* q = a/2**p, a = a mod 2**p */
if ((res = mp_div_2d(a, p, &q, a)) != MP_OKAY) {
goto ERR;
}
-
+
/* q = q * d */
- if ((res = mp_mul(&q, d, &q)) != MP_OKAY) {
+ if ((res = mp_mul(&q, d, &q)) != MP_OKAY) {
goto ERR;
}
-
+
/* a = a + q */
if ((res = s_mp_add(a, &q, a)) != MP_OKAY) {
goto ERR;
}
-
+
if (mp_cmp_mag(a, n) != MP_LT) {
s_mp_sub(a, n, a);
goto top;
}
-
+
ERR:
mp_clear(&q);
return res;
@@ -3537,19 +3592,19 @@ int mp_reduce_2k_setup_l(mp_int *a, mp_int *d)
{
int res;
mp_int tmp;
-
+
if ((res = mp_init(&tmp)) != MP_OKAY) {
return res;
}
-
+
if ((res = mp_2expt(&tmp, mp_count_bits(a))) != MP_OKAY) {
goto ERR;
}
-
+
if ((res = s_mp_sub(&tmp, a, d)) != MP_OKAY) {
goto ERR;
}
-
+
ERR:
mp_clear(&tmp);
return res;
@@ -3571,7 +3626,8 @@ s_mp_mul_high_digs (mp_int * a, mp_int * b, mp_int * c, int digs)
/* can we use the fast multiplier? */
#ifdef BN_FAST_S_MP_MUL_HIGH_DIGS_C
if (((a->used + b->used + 1) < MP_WARRAY)
- && MIN (a->used, b->used) < (1 << ((CHAR_BIT * sizeof (mp_word)) - (2 * DIGIT_BIT)))) {
+ && MIN (a->used, b->used) <
+ (1 << ((CHAR_BIT * sizeof (mp_word)) - (2 * DIGIT_BIT)))) {
return fast_s_mp_mul_high_digs (a, b, c, digs);
}
#endif
@@ -3646,17 +3702,17 @@ int fast_s_mp_mul_high_digs (mp_int * a, mp_int * b, mp_int * c, int digs)
if (pa > MP_WARRAY)
return MP_RANGE; /* TAO range check */
-
+
#ifdef WOLFSSL_SMALL_STACK
W = (mp_digit*)XMALLOC(sizeof(mp_digit) * MP_WARRAY, 0, DYNAMIC_TYPE_BIGINT);
- if (W == NULL)
+ if (W == NULL)
return MP_MEM;
#endif
/* number of output digits to produce */
pa = a->used + b->used;
_W = 0;
- for (ix = digs; ix < pa; ix++) {
+ for (ix = digs; ix < pa; ix++) {
int tx, ty, iy;
mp_digit *tmpx, *tmpy;
@@ -3668,7 +3724,7 @@ int fast_s_mp_mul_high_digs (mp_int * a, mp_int * b, mp_int * c, int digs)
tmpx = a->dp + tx;
tmpy = b->dp + ty;
- /* this is the number of times the loop will iterrate, essentially its
+ /* this is the number of times the loop will iterrate, essentially its
while (tx++ < a->used && ty-- >= 0) { ... }
*/
iy = MIN(a->used-tx, ty+1);
@@ -3684,7 +3740,7 @@ int fast_s_mp_mul_high_digs (mp_int * a, mp_int * b, mp_int * c, int digs)
/* make next carry */
_W = _W >> ((mp_word)DIGIT_BIT);
}
-
+
/* setup dest */
olduse = c->used;
c->used = pa;
@@ -3719,7 +3775,7 @@ int mp_set_int (mp_int * a, unsigned long b)
int x, res;
mp_zero (a);
-
+
/* set four bits at a time */
for (x = 0; x < 8; x++) {
/* shift the number up four bits */
@@ -3765,7 +3821,8 @@ int mp_sqrmod (mp_int * a, mp_int * b, mp_int * c)
#endif
-#if defined(HAVE_ECC) || !defined(NO_PWDBASED) || defined(WOLFSSL_SNIFFER) || defined(WOLFSSL_HAVE_WOLFSCEP) || defined(WOLFSSL_KEY_GEN)
+#if defined(HAVE_ECC) || !defined(NO_PWDBASED) || defined(WOLFSSL_SNIFFER) || \
+ defined(WOLFSSL_HAVE_WOLFSCEP) || defined(WOLFSSL_KEY_GEN)
/* single digit addition */
int mp_add_d (mp_int* a, mp_digit b, mp_int* c)
@@ -3825,7 +3882,7 @@ int mp_add_d (mp_int* a, mp_digit b, mp_int* c)
*tmpc++ &= MP_MASK;
}
/* set final carry */
- if (mu != 0 && ix < c->alloc) {
+ if (ix < c->alloc) {
ix++;
*tmpc++ = mu;
}
@@ -3932,7 +3989,7 @@ int mp_sub_d (mp_int * a, mp_digit b, mp_int * c)
#endif /* defined(HAVE_ECC) || !defined(NO_PWDBASED) */
-#if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)
+#if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) || defined(HAVE_ECC)
static const int lnz[16] = {
4, 0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0
@@ -3992,7 +4049,7 @@ static int mp_div_d (mp_int * a, mp_digit b, mp_int * c, mp_digit * d)
mp_int q;
mp_word w;
mp_digit t;
- int res, ix;
+ int res = MP_OKAY, ix;
/* cannot divide by zero */
if (b == 0) {
@@ -4029,35 +4086,39 @@ static int mp_div_d (mp_int * a, mp_digit b, mp_int * c, mp_digit * d)
#endif
/* no easy answer [c'est la vie]. Just division */
- if ((res = mp_init_size(&q, a->used)) != MP_OKAY) {
- return res;
+ if (c != NULL) {
+ if ((res = mp_init_size(&q, a->used)) != MP_OKAY) {
+ return res;
+ }
+
+ q.used = a->used;
+ q.sign = a->sign;
}
-
- q.used = a->used;
- q.sign = a->sign;
+
w = 0;
for (ix = a->used - 1; ix >= 0; ix--) {
w = (w << ((mp_word)DIGIT_BIT)) | ((mp_word)a->dp[ix]);
-
+
if (w >= b) {
t = (mp_digit)(w / b);
w -= ((mp_word)t) * ((mp_word)b);
} else {
t = 0;
}
- q.dp[ix] = (mp_digit)t;
+ if (c != NULL)
+ q.dp[ix] = (mp_digit)t;
}
-
+
if (d != NULL) {
*d = (mp_digit)w;
}
-
+
if (c != NULL) {
mp_clamp(&q);
mp_exch(&q, c);
+ mp_clear(&q);
}
- mp_clear(&q);
-
+
return res;
}
@@ -4067,7 +4128,7 @@ int mp_mod_d (mp_int * a, mp_digit b, mp_digit * c)
return mp_div_d(a, b, NULL, c);
}
-#endif /* defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) */
+#endif /* defined(WOLFSSL_KEY_GEN)||defined(HAVE_COMP_KEY)||defined(HAVE_ECC) */
#ifdef WOLFSSL_KEY_GEN
@@ -4113,11 +4174,11 @@ const mp_digit ltm_prime_tab[] = {
};
-/* Miller-Rabin test of "a" to the base of "b" as described in
+/* Miller-Rabin test of "a" to the base of "b" as described in
* HAC pp. 139 Algorithm 4.24
*
* Sets result to 0 if definitely composite or 1 if probably prime.
- * Randomly the chance of error is no more than 1/4 and often
+ * Randomly the chance of error is no more than 1/4 and often
* very much lower.
*/
static int mp_prime_miller_rabin (mp_int * a, mp_int * b, int *result)
@@ -4131,7 +4192,7 @@ static int mp_prime_miller_rabin (mp_int * a, mp_int * b, int *result)
/* ensure b > 1 */
if (mp_cmp_d(b, 1) != MP_GT) {
return MP_VAL;
- }
+ }
/* get n1 = a - 1 */
if ((err = mp_init_copy (&n1, a)) != MP_OKAY) {
@@ -4196,7 +4257,7 @@ LBL_N1:mp_clear (&n1);
}
-/* determines if an integers is divisible by one
+/* determines if an integers is divisible by one
* of the first PRIME_SIZE primes or not
*
* sets result to 0 if not, 1 if yes
@@ -4225,6 +4286,70 @@ static int mp_prime_is_divisible (mp_int * a, int *result)
return MP_OKAY;
}
+static const int USE_BBS = 1;
+
+int mp_rand_prime(mp_int* N, int len, WC_RNG* rng, void* heap)
+{
+ int err, res, type;
+ byte* buf;
+
+ if (N == NULL || rng == NULL)
+ return MP_VAL;
+
+ /* get type */
+ if (len < 0) {
+ type = USE_BBS;
+ len = -len;
+ } else {
+ type = 0;
+ }
+
+ /* allow sizes between 2 and 512 bytes for a prime size */
+ if (len < 2 || len > 512) {
+ return MP_VAL;
+ }
+
+ /* allocate buffer to work with */
+ buf = (byte*)XMALLOC(len, heap, DYNAMIC_TYPE_RSA);
+ if (buf == NULL) {
+ return MP_MEM;
+ }
+ XMEMSET(buf, 0, len);
+
+ do {
+#ifdef SHOW_GEN
+ printf(".");
+ fflush(stdout);
+#endif
+ /* generate value */
+ err = wc_RNG_GenerateBlock(rng, buf, len);
+ if (err != 0) {
+ XFREE(buf, heap, DYNAMIC_TYPE_RSA);
+ return err;
+ }
+
+ /* munge bits */
+ buf[0] |= 0x80 | 0x40;
+ buf[len-1] |= 0x01 | ((type & USE_BBS) ? 0x02 : 0x00);
+
+ /* load value */
+ if ((err = mp_read_unsigned_bin(N, buf, len)) != MP_OKAY) {
+ XFREE(buf, heap, DYNAMIC_TYPE_RSA);
+ return err;
+ }
+
+ /* test */
+ if ((err = mp_prime_is_prime(N, 8, &res)) != MP_OKAY) {
+ XFREE(buf, heap, DYNAMIC_TYPE_RSA);
+ return err;
+ }
+ } while (res == MP_NO);
+
+ XMEMSET(buf, 0, len);
+ XFREE(buf, heap, DYNAMIC_TYPE_RSA);
+
+ return MP_OKAY;
+}
/*
* Sets result to 1 if probably prime, 0 otherwise
@@ -4388,17 +4513,17 @@ int mp_gcd (mp_int * a, mp_int * b, mp_int * c)
/* swap u and v to make sure v is >= u */
mp_exch(&u, &v);
}
-
+
/* subtract smallest from largest */
if ((res = s_mp_sub(&v, &u, &v)) != MP_OKAY) {
goto LBL_V;
}
-
+
/* Divide out all factors of two */
if ((res = mp_div_2d(&v, mp_cnt_lsb(&v), &v, NULL)) != MP_OKAY) {
goto LBL_V;
- }
- }
+ }
+ }
/* multiply by 2**k which we divided out at the beginning */
if ((res = mp_mul_2d (&u, k, c)) != MP_OKAY) {
@@ -4411,16 +4536,17 @@ LBL_U:mp_clear (&v);
return res;
}
-
-
#endif /* WOLFSSL_KEY_GEN */
-#ifdef HAVE_ECC
+#if defined(HAVE_ECC) || defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)
/* chars used in radix conversions */
-const char *mp_s_rmap = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz+/";
+const char *mp_s_rmap = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ\
+ abcdefghijklmnopqrstuvwxyz+/";
+#endif
+#ifdef HAVE_ECC
/* read a string [ASCII] in a given radix */
int mp_read_radix (mp_int * a, const char *str, int radix)
{
@@ -4435,8 +4561,8 @@ int mp_read_radix (mp_int * a, const char *str, int radix)
return MP_VAL;
}
- /* if the leading digit is a
- * minus set the sign to negative.
+ /* if the leading digit is a
+ * minus set the sign to negative.
*/
if (*str == '-') {
++str;
@@ -4447,7 +4573,7 @@ int mp_read_radix (mp_int * a, const char *str, int radix)
/* set the integer to the default of zero */
mp_zero (a);
-
+
/* process each digit of the string */
while (*str) {
/* if the radix < 36 the conversion is case insensitive
@@ -4461,9 +4587,9 @@ int mp_read_radix (mp_int * a, const char *str, int radix)
}
}
- /* if the char was found in the map
+ /* if the char was found in the map
* and is less than the given radix add it
- * to the number, otherwise exit the loop.
+ * to the number, otherwise exit the loop.
*/
if (y < radix) {
if ((res = mp_mul_d (a, (mp_digit) radix, a)) != MP_OKAY) {
@@ -4477,16 +4603,128 @@ int mp_read_radix (mp_int * a, const char *str, int radix)
}
++str;
}
-
+
/* set the sign only if a != 0 */
if (mp_iszero(a) != 1) {
a->sign = neg;
}
return MP_OKAY;
}
-
#endif /* HAVE_ECC */
+#if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)
+
+/* returns size of ASCII representation */
+int mp_radix_size (mp_int *a, int radix, int *size)
+{
+ int res, digs;
+ mp_int t;
+ mp_digit d;
+
+ *size = 0;
+
+ /* special case for binary */
+ if (radix == 2) {
+ *size = mp_count_bits (a) + (a->sign == MP_NEG ? 1 : 0) + 1;
+ return MP_OKAY;
+ }
+
+ /* make sure the radix is in range */
+ if (radix < 2 || radix > 64) {
+ return MP_VAL;
+ }
+
+ if (mp_iszero(a) == MP_YES) {
+ *size = 2;
+ return MP_OKAY;
+ }
+
+ /* digs is the digit count */
+ digs = 0;
+
+ /* if it's negative add one for the sign */
+ if (a->sign == MP_NEG) {
+ ++digs;
+ }
+
+ /* init a copy of the input */
+ if ((res = mp_init_copy (&t, a)) != MP_OKAY) {
+ return res;
+ }
+
+ /* force temp to positive */
+ t.sign = MP_ZPOS;
+
+ /* fetch out all of the digits */
+ while (mp_iszero (&t) == MP_NO) {
+ if ((res = mp_div_d (&t, (mp_digit) radix, &t, &d)) != MP_OKAY) {
+ mp_clear (&t);
+ return res;
+ }
+ ++digs;
+ }
+ mp_clear (&t);
+
+ /* return digs + 1, the 1 is for the NULL byte that would be required. */
+ *size = digs + 1;
+ return MP_OKAY;
+}
+
+/* stores a bignum as a ASCII string in a given radix (2..64) */
+int mp_toradix (mp_int *a, char *str, int radix)
+{
+ int res, digs;
+ mp_int t;
+ mp_digit d;
+ char *_s = str;
+
+ /* check range of the radix */
+ if (radix < 2 || radix > 64) {
+ return MP_VAL;
+ }
+
+ /* quick out if its zero */
+ if (mp_iszero(a) == 1) {
+ *str++ = '0';
+ *str = '\0';
+ return MP_OKAY;
+ }
+
+ if ((res = mp_init_copy (&t, a)) != MP_OKAY) {
+ return res;
+ }
+
+ /* if it is negative output a - */
+ if (t.sign == MP_NEG) {
+ ++_s;
+ *str++ = '-';
+ t.sign = MP_ZPOS;
+ }
+
+ digs = 0;
+ while (mp_iszero (&t) == 0) {
+ if ((res = mp_div_d (&t, (mp_digit) radix, &t, &d)) != MP_OKAY) {
+ mp_clear (&t);
+ return res;
+ }
+ *str++ = mp_s_rmap[d];
+ ++digs;
+ }
+
+ /* reverse the digits of the string. In this case _s points
+ * to the first digit [exluding the sign] of the number]
+ */
+ bn_reverse ((unsigned char *)_s, digs);
+
+ /* append a NULL so the string is properly terminated */
+ *str = '\0';
+
+ mp_clear (&t);
+ return MP_OKAY;
+}
+
+#endif /* defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) */
+
#endif /* USE_FAST_MATH */
#endif /* NO_BIG_INT */
diff --git a/wolfcrypt/src/logging.c b/wolfcrypt/src/logging.c
index 321530616..f2d155bb0 100644
--- a/wolfcrypt/src/logging.c
+++ b/wolfcrypt/src/logging.c
@@ -90,7 +90,11 @@ void wolfSSL_Debugging_OFF(void)
#ifdef DEBUG_WOLFSSL
#ifdef FREESCALE_MQX
- #include
+ #if MQX_USE_IO_OLD
+ #include
+ #else
+ #include
+ #endif
#else
#include /* for default printf stuff */
#endif
diff --git a/wolfcrypt/src/md4.c b/wolfcrypt/src/md4.c
index 720627fbf..c428610ef 100644
--- a/wolfcrypt/src/md4.c
+++ b/wolfcrypt/src/md4.c
@@ -35,14 +35,15 @@
#endif
-#ifndef min
+#ifndef WOLFSSL_HAVE_MIN
+#define WOLFSSL_HAVE_MIN
static INLINE word32 min(word32 a, word32 b)
{
return a > b ? b : a;
}
-#endif /* min */
+#endif /* WOLFSSL_HAVE_MIN */
void wc_InitMd4(Md4* md4)
diff --git a/wolfcrypt/src/md5.c b/wolfcrypt/src/md5.c
index b7affcf0c..fbf732add 100644
--- a/wolfcrypt/src/md5.c
+++ b/wolfcrypt/src/md5.c
@@ -28,6 +28,10 @@
#if !defined(NO_MD5)
+#if defined(WOLFSSL_TI_HASH)
+ /* #include included by wc_port.c */
+#else
+
#ifdef WOLFSSL_PIC32MZ_HASH
#define wc_InitMd5 wc_InitMd5_sw
#define wc_Md5Update wc_Md5Update_sw
@@ -166,15 +170,15 @@
#else /* CTaoCrypt software implementation */
-#ifndef min
+#ifndef WOLFSSL_HAVE_MIN
+#define WOLFSSL_HAVE_MIN
static INLINE word32 min(word32 a, word32 b)
{
return a > b ? b : a;
}
-#endif /* min */
-
+#endif /* WOLFSSL_HAVE_MIN */
void wc_InitMd5(Md5* md5)
{
@@ -388,4 +392,6 @@ int wc_Md5Hash(const byte* data, word32 len, byte* hash)
return 0;
}
+#endif /* WOLFSSL_TI_HASH */
+
#endif /* NO_MD5 */
diff --git a/wolfcrypt/src/misc.c b/wolfcrypt/src/misc.c
index 58483ab6c..8a79a4c29 100644
--- a/wolfcrypt/src/misc.c
+++ b/wolfcrypt/src/misc.c
@@ -25,6 +25,9 @@
#include
+#ifndef WOLF_CRYPT_MISC_C
+#define WOLF_CRYPT_MISC_C
+
#include
/* inlining these functions is a huge speed increase and a small size decrease,
@@ -194,3 +197,5 @@ STATIC INLINE int ConstantCompare(const byte* a, const byte* b, int length)
}
#undef STATIC
+
+#endif /* WOLF_CRYPT_MISC_C */
diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c
index babb7b9dd..c581cf5fb 100644
--- a/wolfcrypt/src/pkcs7.c
+++ b/wolfcrypt/src/pkcs7.c
@@ -36,12 +36,15 @@
#include
#endif
-#ifndef min
+#ifndef WOLFSSL_HAVE_MIN
+#define WOLFSSL_HAVE_MIN
+
static INLINE word32 min(word32 a, word32 b)
{
return a > b ? b : a;
}
-#endif
+
+#endif /* WOLFSSL_HAVE_MIN */
/* placed ASN.1 contentType OID into *output, return idx on success,
@@ -185,7 +188,7 @@ int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* cert, word32 certSz)
XMEMCPY(pkcs7->publicKey, dCert->publicKey, dCert->pubKeySize);
pkcs7->publicKeySz = dCert->pubKeySize;
- XMEMCPY(pkcs7->issuerHash, dCert->issuerHash, SHA_SIZE);
+ XMEMCPY(pkcs7->issuerHash, dCert->issuerHash, KEYID_SIZE);
pkcs7->issuer = dCert->issuerRaw;
pkcs7->issuerSz = dCert->issuerRawLen;
XMEMCPY(pkcs7->issuerSn, dCert->serial, dCert->serialSz);
@@ -942,7 +945,7 @@ int wc_PKCS7_VerifySignedData(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz)
/* create ASN.1 fomatted RecipientInfo structure, returns sequence size */
WOLFSSL_LOCAL int wc_CreateRecipientInfo(const byte* cert, word32 certSz,
int keyEncAlgo, int blockKeySz,
- RNG* rng, byte* contentKeyPlain,
+ WC_RNG* rng, byte* contentKeyPlain,
byte* contentKeyEnc,
int* keyEncSz, byte* out, word32 outSz)
{
@@ -1016,7 +1019,7 @@ WOLFSSL_LOCAL int wc_CreateRecipientInfo(const byte* cert, word32 certSz,
issuerSz = decoded->issuerRawLen;
issuerSeqSz = SetSequence(issuerSz, issuerSeq);
- if (decoded->serial == NULL || decoded->serialSz == 0) {
+ if (decoded->serialSz == 0) {
WOLFSSL_MSG("DecodedCert missing serial number");
FreeDecodedCert(decoded);
#ifdef WOLFSSL_SMALL_STACK
@@ -1163,8 +1166,8 @@ WOLFSSL_LOCAL int wc_CreateRecipientInfo(const byte* cert, word32 certSz,
/* build PKCS#7 envelopedData content type, return enveloped size */
int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
{
- int i, ret = 0, idx = 0;
- int totalSz = 0, padSz = 0, desOutSz = 0;
+ int i, ret, idx = 0;
+ int totalSz, padSz, desOutSz;
int contentInfoSeqSz, outerContentTypeSz, outerContentSz;
byte contentInfoSeq[MAX_SEQ_SZ];
@@ -1175,9 +1178,8 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
byte envDataSeq[MAX_SEQ_SZ];
byte ver[MAX_VERSION_SZ];
- RNG rng;
+ WC_RNG rng;
int contentKeyEncSz, blockKeySz;
- int dynamicFlag = 0;
byte contentKeyPlain[MAX_CONTENT_KEY_LEN];
#ifdef WOLFSSL_SMALL_STACK
byte* contentKeyEnc;
@@ -1297,34 +1299,26 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
return BAD_FUNC_ARG;
}
- /* allocate encrypted content buffer, pad if necessary, PKCS#7 padding */
+ /* allocate encrypted content buffer and PKCS#7 padding */
padSz = DES_BLOCK_SIZE - (pkcs7->contentSz % DES_BLOCK_SIZE);
desOutSz = pkcs7->contentSz + padSz;
- if (padSz != 0) {
- plain = (byte*)XMALLOC(desOutSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (plain == NULL) {
+ plain = (byte*)XMALLOC(desOutSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ if (plain == NULL) {
#ifdef WOLFSSL_SMALL_STACK
- XFREE(recip, NULL, DYNAMMIC_TYPE_TMP_BUFFER);
+ XFREE(recip, NULL, DYNAMMIC_TYPE_TMP_BUFFER);
#endif
- return MEMORY_E;
- }
- XMEMCPY(plain, pkcs7->content, pkcs7->contentSz);
- dynamicFlag = 1;
+ return MEMORY_E;
+ }
+ XMEMCPY(plain, pkcs7->content, pkcs7->contentSz);
- for (i = 0; i < padSz; i++) {
- plain[pkcs7->contentSz + i] = padSz;
- }
-
- } else {
- plain = pkcs7->content;
- desOutSz = pkcs7->contentSz;
+ for (i = 0; i < padSz; i++) {
+ plain[pkcs7->contentSz + i] = padSz;
}
encryptedContent = (byte*)XMALLOC(desOutSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (encryptedContent == NULL) {
- if (dynamicFlag)
- XFREE(plain, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ XFREE(plain, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#ifdef WOLFSSL_SMALL_STACK
XFREE(recip, NULL, DYNAMMIC_TYPE_TMP_BUFFER);
#endif
@@ -1341,8 +1335,7 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
if (contentEncAlgoSz == 0) {
XFREE(encryptedContent, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (dynamicFlag)
- XFREE(plain, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ XFREE(plain, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#ifdef WOLFSSL_SMALL_STACK
XFREE(recip, NULL, DYNAMMIC_TYPE_TMP_BUFFER);
#endif
@@ -1360,8 +1353,7 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
if (ret != 0) {
XFREE(encryptedContent, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (dynamicFlag)
- XFREE(plain, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ XFREE(plain, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#ifdef WOLFSSL_SMALL_STACK
XFREE(recip, NULL, DYNAMMIC_TYPE_TMP_BUFFER);
#endif
@@ -1378,8 +1370,7 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
if (ret != 0) {
XFREE(encryptedContent, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (dynamicFlag)
- XFREE(plain, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ XFREE(plain, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#ifdef WOLFSSL_SMALL_STACK
XFREE(recip, NULL, DYNAMMIC_TYPE_TMP_BUFFER);
#endif
@@ -1415,8 +1406,7 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
if (totalSz > (int)outputSz) {
WOLFSSL_MSG("Pkcs7_encrypt output buffer too small");
XFREE(encryptedContent, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (dynamicFlag)
- XFREE(plain, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ XFREE(plain, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#ifdef WOLFSSL_SMALL_STACK
XFREE(recip, NULL, DYNAMMIC_TYPE_TMP_BUFFER);
#endif
@@ -1454,8 +1444,7 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
ForceZero(contentKeyPlain, MAX_CONTENT_KEY_LEN);
- if (dynamicFlag)
- XFREE(plain, NULL, DYNAMMIC_TYPE_TMP_BUFFER);
+ XFREE(plain, NULL, DYNAMMIC_TYPE_TMP_BUFFER);
XFREE(encryptedContent, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#ifdef WOLFSSL_SMALL_STACK
diff --git a/wolfcrypt/src/port/ti/ti-aes.c b/wolfcrypt/src/port/ti/ti-aes.c
new file mode 100644
index 000000000..91d11a590
--- /dev/null
+++ b/wolfcrypt/src/port/ti/ti-aes.c
@@ -0,0 +1,549 @@
+/* port/ti/ti-aes.c
+ *
+ * Copyright (C) 2006-2015 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL. (formerly known as CyaSSL)
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+ #include
+#endif
+
+#include
+
+#ifndef NO_AES
+
+
+#if defined(WOLFSSL_TI_CRYPT)
+#include
+#include
+
+#include
+#include
+#include
+
+#include "inc/hw_aes.h"
+#include "inc/hw_memmap.h"
+#include "inc/hw_ints.h"
+#include "driverlib/aes.h"
+#include "driverlib/sysctl.h"
+#include "driverlib/rom_map.h"
+#include "driverlib/rom.h"
+
+static int AesSetIV(Aes* aes, const byte* iv)
+{
+ if (aes == NULL)
+ return BAD_FUNC_ARG;
+
+ if (iv)
+ XMEMCPY(aes->reg, iv, AES_BLOCK_SIZE);
+ else
+ XMEMSET(aes->reg, 0, AES_BLOCK_SIZE);
+
+ return 0;
+}
+
+WOLFSSL_API int wc_AesSetKey(Aes* aes, const byte* key, word32 len, const byte* iv,
+ int dir)
+{
+ if(!wolfSSL_TI_CCMInit())return 1 ;
+ if ((aes == NULL) || (key == NULL) || (iv == NULL))
+ return BAD_FUNC_ARG;
+ if(!((dir == AES_ENCRYPTION) || (dir == AES_DECRYPTION)))
+ return BAD_FUNC_ARG;
+
+ switch(len) {
+ case 16: aes->keylen = AES_CFG_KEY_SIZE_128BIT ; break ;
+ case 24: aes->keylen = AES_CFG_KEY_SIZE_192BIT ; break ;
+ case 32: aes->keylen = AES_CFG_KEY_SIZE_256BIT ; break ;
+ default: return BAD_FUNC_ARG;
+ }
+
+ XMEMCPY(aes->key, key, len) ;
+ #ifdef WOLFSSL_AES_COUNTER
+ aes->left = 0;
+ #endif /* WOLFSSL_AES_COUNTER */
+ return AesSetIV(aes, iv);
+}
+
+#define AES_CFG_MODE_CTR_NOCTR AES_CFG_MODE_CTR+100
+#define IS_ALIGN16(p) (((unsigned int)(p)&0xf) == 0)
+
+static int AesAlign16(Aes* aes, byte* out, const byte* in, word32 sz, word32 dir, word32 mode)
+{
+ wolfSSL_TI_lockCCM() ;
+ ROM_AESReset(AES_BASE);
+ ROM_AESConfigSet(AES_BASE, (aes->keylen | dir |
+ (mode==AES_CFG_MODE_CTR_NOCTR ? AES_CFG_MODE_CTR : mode)));
+ ROM_AESIVSet(AES_BASE, (uint32_t *)aes->reg);
+ ROM_AESKey1Set(AES_BASE, (uint32_t *)aes->key, aes->keylen);
+ if((dir == AES_CFG_DIR_DECRYPT)&& (mode == AES_CFG_MODE_CBC))
+ /* if input and output same will overwrite input iv */
+ XMEMCPY(aes->tmp, in + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
+ ROM_AESDataProcess(AES_BASE, (uint32_t *)in, (uint32_t *)out, sz);
+ wolfSSL_TI_unlockCCM() ;
+
+ /* store iv for next call */
+ if(mode == AES_CFG_MODE_CBC){
+ if(dir == AES_CFG_DIR_ENCRYPT)
+ XMEMCPY(aes->reg, out + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
+ else
+ XMEMCPY(aes->reg, aes->tmp, AES_BLOCK_SIZE);
+ }
+
+ if(mode == AES_CFG_MODE_CTR) {
+ do {
+ int i ;
+ for (i = AES_BLOCK_SIZE - 1; i >= 0; i--) {
+ if (++((byte *)aes->reg)[i])
+ break ;
+ }
+ sz -= AES_BLOCK_SIZE ;
+ } while((int)sz > 0) ;
+ }
+
+ return 0 ;
+}
+
+static int AesProcess(Aes* aes, byte* out, const byte* in, word32 sz, word32 dir, word32 mode)
+{
+ const byte * in_p ; byte * out_p ;
+ word32 size ;
+ #define TI_BUFFSIZE 1024
+ byte buff[TI_BUFFSIZE] ;
+
+ if ((aes == NULL) || (in == NULL) || (out == NULL))
+ return BAD_FUNC_ARG;
+ if(sz % AES_BLOCK_SIZE)
+ return BAD_FUNC_ARG;
+
+ while(sz > 0) {
+ size = sz ; in_p = in ; out_p = out ;
+ if(!IS_ALIGN16(in)){
+ size = sz>TI_BUFFSIZE ? TI_BUFFSIZE : sz ;
+ XMEMCPY(buff, in, size) ;
+ in_p = (const byte *)buff ;
+ }
+ if(!IS_ALIGN16(out)){
+ size = sz>TI_BUFFSIZE ? TI_BUFFSIZE : sz ;
+ out_p = buff ;
+ }
+
+ AesAlign16(aes, out_p, in_p, size, dir, mode) ;
+
+ if(!IS_ALIGN16(out)){
+ XMEMCPY(out, buff, size) ;
+ }
+ sz -= size ; in += size ; out += size ;
+ }
+
+ return 0 ;
+}
+
+WOLFSSL_API int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
+{
+ return AesProcess(aes, out, in, sz, AES_CFG_DIR_ENCRYPT, AES_CFG_MODE_CBC) ;
+}
+
+WOLFSSL_API int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
+{
+ return AesProcess(aes, out, in, sz, AES_CFG_DIR_DECRYPT, AES_CFG_MODE_CBC) ;
+}
+
+#ifdef WOLFSSL_AES_COUNTER
+WOLFSSL_API void wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
+{
+ char out_block[AES_BLOCK_SIZE] ;
+ int odd ;
+ int even ;
+ char *tmp ; /* (char *)aes->tmp, for short */
+
+ tmp = (char *)aes->tmp ;
+ if(aes->left) {
+ if((aes->left + sz) >= AES_BLOCK_SIZE){
+ odd = AES_BLOCK_SIZE - aes->left ;
+ } else {
+ odd = sz ;
+ }
+ XMEMCPY(tmp+aes->left, in, odd) ;
+ if((odd+aes->left) == AES_BLOCK_SIZE){
+ AesProcess(aes, (byte *)out_block, (byte const *)tmp, AES_BLOCK_SIZE,
+ AES_CFG_DIR_ENCRYPT, AES_CFG_MODE_CTR) ;
+ XMEMCPY(out, out_block+aes->left, odd) ;
+ aes->left = 0 ;
+ XMEMSET(tmp, 0x0, AES_BLOCK_SIZE) ;
+ }
+ in += odd ;
+ out+= odd ;
+ sz -= odd ;
+ }
+ odd = sz % AES_BLOCK_SIZE ; /* if there is tail flagment */
+ if(sz / AES_BLOCK_SIZE) {
+ even = (sz/AES_BLOCK_SIZE)*AES_BLOCK_SIZE ;
+ AesProcess(aes, out, in, even, AES_CFG_DIR_ENCRYPT, AES_CFG_MODE_CTR);
+ out += even ;
+ in += even ;
+ }
+ if(odd) {
+ XMEMSET(tmp+aes->left, 0x0, AES_BLOCK_SIZE - aes->left) ;
+ XMEMCPY(tmp+aes->left, in, odd) ;
+ AesProcess(aes, (byte *)out_block, (byte const *)tmp, AES_BLOCK_SIZE,
+ AES_CFG_DIR_ENCRYPT,
+ AES_CFG_MODE_CTR_NOCTR /* Counter mode without counting IV */
+ );
+ XMEMCPY(out, out_block+aes->left,odd) ;
+ aes->left += odd ;
+ }
+}
+#endif
+
+/* AES-DIRECT */
+#if defined(WOLFSSL_AES_DIRECT)
+WOLFSSL_API void wc_AesEncryptDirect(Aes* aes, byte* out, const byte* in)
+{
+ AesProcess(aes, out, in, AES_BLOCK_SIZE, AES_CFG_DIR_ENCRYPT, AES_CFG_MODE_CBC) ;
+}
+WOLFSSL_API void wc_AesDecryptDirect(Aes* aes, byte* out, const byte* in)
+{
+ AesProcess(aes, out, in, AES_BLOCK_SIZE, AES_CFG_DIR_DECRYPT, AES_CFG_MODE_CBC) ;
+}
+WOLFSSL_API int wc_AesSetKeyDirect(Aes* aes, const byte* key, word32 len,
+ const byte* iv, int dir)
+{
+ return(wc_AesSetKey(aes, key, len, iv, dir)) ;
+}
+#endif
+
+
+#if defined(HAVE_AESGCM) || defined(HAVE_AESCCM)
+
+static int AesAuthSetKey(Aes* aes, const byte* key, word32 keySz)
+{
+ byte nonce[AES_BLOCK_SIZE];
+
+ if ((aes == NULL) || (key == NULL))
+ return BAD_FUNC_ARG ;
+ if (!((keySz == 16) || (keySz == 24) || (keySz == 32)))
+ return BAD_FUNC_ARG ;
+
+ XMEMSET(nonce, 0, sizeof(nonce));
+ return wc_AesSetKey(aes, key, keySz, nonce, AES_ENCRYPTION);
+}
+
+
+static int AesAuthArgCheck(Aes* aes, byte* out, const byte* in, word32 inSz,
+ const byte* nonce, word32 nonceSz,
+ const byte* authTag, word32 authTagSz,
+ const byte* authIn, word32 authInSz, word32 *M, word32 *L)
+{
+ (void) authInSz ;
+ if((aes == NULL)||(nonce == NULL)||(authTag== NULL)||(authIn == NULL))
+ return BAD_FUNC_ARG;
+ if((inSz != 0) && ((out == NULL)||(in == NULL)))
+ return BAD_FUNC_ARG;
+
+ switch(authTagSz){
+ case 4:
+ *M = AES_CFG_CCM_M_4; break ;
+ case 6:
+ *M = AES_CFG_CCM_M_6; break ;
+ case 8:
+ *M = AES_CFG_CCM_M_8; break ;
+ case 10:
+ *M = AES_CFG_CCM_M_10; break ;
+ case 12:
+ *M = AES_CFG_CCM_M_12; break ;
+ case 14:
+ *M = AES_CFG_CCM_M_14; break ;
+ case 16:
+ *M = AES_CFG_CCM_M_16; break ;
+ default:
+ return 1 ;
+ }
+
+ switch(nonceSz){
+ case 7:
+ *L = AES_CFG_CCM_L_8; break ;
+ case 8:
+ *L = AES_CFG_CCM_L_7; break ;
+ case 9:
+ *L = AES_CFG_CCM_L_6; break ;
+ case 10:
+ *L = AES_CFG_CCM_L_5; break ;
+ case 11:
+ *L = AES_CFG_CCM_L_4; break ;
+ case 12:
+ *L = AES_CFG_CCM_L_3; break ;
+ case 13:
+ *L = AES_CFG_CCM_L_2; break ;
+ case 14:
+ *L = AES_CFG_CCM_L_1; break ;
+ default:
+ return 1;
+ }
+ return 0 ;
+}
+
+static void AesAuthSetIv(Aes *aes, const byte *nonce, word32 len, word32 L, int mode) {
+
+ if(mode == AES_CFG_MODE_CCM){
+ XMEMSET(aes->reg, 0, 16) ;
+ switch(L){
+ case AES_CFG_CCM_L_8:
+ aes->reg[0] = 0x7; break ;
+ case AES_CFG_CCM_L_7:
+ aes->reg[0] = 0x6; break ;
+ case AES_CFG_CCM_L_6:
+ aes->reg[0] = 0x5; break ;
+ case AES_CFG_CCM_L_5:
+ aes->reg[0] = 0x4; break ;
+ case AES_CFG_CCM_L_4:
+ aes->reg[0] = 0x3; break ;
+ case AES_CFG_CCM_L_3:
+ aes->reg[0] = 0x2; break ;
+ case AES_CFG_CCM_L_2:
+ aes->reg[0] = 0x1; break ;
+ case AES_CFG_CCM_L_1:
+ aes->reg[0] = 0x0; break ;
+ }
+ XMEMCPY(((byte *)aes->reg)+1, nonce, len) ;
+ } else {
+ byte *b = (byte *)aes->reg ;
+ XMEMSET(aes->reg, 0, AES_BLOCK_SIZE);
+ XMEMCPY(aes->reg, nonce, len);
+ b[AES_BLOCK_SIZE-4] = 0 ;
+ b[AES_BLOCK_SIZE-3] = 0 ;
+ b[AES_BLOCK_SIZE-2] = 0 ;
+ b[AES_BLOCK_SIZE-1] = 1 ;
+ }
+}
+
+#define RoundUp16(n) ((n+15)&0xfffffff0)
+#define FREE_ALL \
+ if(in_save) XFREE(in_save, NULL, DYNAMIC_TYPE_TMP_BUFFER);\
+ if(out_save) XFREE(out_save, NULL, DYNAMIC_TYPE_TMP_BUFFER);\
+ if(authIn_save)XFREE(authIn_save, NULL, DYNAMIC_TYPE_TMP_BUFFER);\
+ if(nonce_save) XFREE(nonce_save, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+
+static int AesAuthEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
+ const byte* nonce, word32 nonceSz,
+ byte* authTag, word32 authTagSz,
+ const byte* authIn, word32 authInSz, int mode)
+{
+ word32 M, L ;
+ byte *in_a, *in_save ;
+ byte *out_a, *out_save ;
+ byte *authIn_a, *authIn_save ;
+ byte *nonce_a, *nonce_save ;
+ word32 tmpTag[4] ;
+ int ret ;
+
+ if(AesAuthArgCheck(aes, out, in, inSz, nonce, nonceSz, authTag, authTagSz, authIn, authInSz, &M, &L)
+ == BAD_FUNC_ARG)return BAD_FUNC_ARG ;
+
+ /* 16 byte padding */
+ in_save = NULL ; out_save = NULL ; authIn_save = NULL ; nonce_save = NULL ;
+ if((inSz%16)==0){
+ in_save = NULL ; in_a = (byte *)in ;
+ out_save = NULL ; out_a = out ;
+ } else {
+ if((in_save = XMALLOC(RoundUp16(inSz), NULL, DYNAMIC_TYPE_TMP_BUFFER)) == NULL){
+ FREE_ALL; return MEMORY_E ; }
+ in_a = in_save ; XMEMSET(in_a, 0, RoundUp16(inSz)) ; XMEMCPY(in_a, in, inSz) ;
+
+ if((out_save = XMALLOC(RoundUp16(inSz), NULL, DYNAMIC_TYPE_TMP_BUFFER)) == NULL){
+ FREE_ALL; return MEMORY_E ; }
+ out_a = out_save ;
+ }
+
+ if((authInSz%16)==0){
+ authIn_save = NULL ; authIn_a = (byte *)authIn ;
+ } else {
+ if((authIn_save = XMALLOC(RoundUp16(authInSz), NULL, DYNAMIC_TYPE_TMP_BUFFER)) == NULL){
+ FREE_ALL; return MEMORY_E ; }
+ authIn_a = authIn_save ; XMEMSET(authIn_a, 0, RoundUp16(authInSz)) ; XMEMCPY(authIn_a, authIn, authInSz) ;
+ }
+
+ if((nonceSz%16)==0){
+ nonce_save = NULL ; nonce_a = (byte *)nonce ;
+ } else {
+ if((nonce_save = XMALLOC(RoundUp16(nonceSz), NULL, DYNAMIC_TYPE_TMP_BUFFER)) == NULL){
+ FREE_ALL; return MEMORY_E; }
+ nonce_a = nonce_save ; XMEMSET(nonce_a, 0, RoundUp16(nonceSz)) ; XMEMCPY(nonce_a, nonce, nonceSz) ;
+ }
+
+ /* do aes-ccm */
+ AesAuthSetIv(aes, nonce, nonceSz, L, mode) ;
+ ROM_AESReset(AES_BASE);
+ ROM_AESConfigSet(AES_BASE, (aes->keylen | AES_CFG_DIR_ENCRYPT |
+ AES_CFG_CTR_WIDTH_128 |
+ mode | ((mode== AES_CFG_MODE_CCM) ? (L | M) : 0 ))) ;
+ ROM_AESIVSet(AES_BASE, aes->reg);
+ ROM_AESKey1Set(AES_BASE, aes->key, aes->keylen);
+ ret = ROM_AESDataProcessAuth(AES_BASE, (unsigned int*)in_a, (unsigned int *)out_a, inSz,
+ (unsigned int*)authIn_a, authInSz, (unsigned int *)tmpTag);
+ if(ret == false){
+ XMEMSET(out, 0, inSz) ;
+ XMEMSET(authTag, 0, authTagSz) ;
+ } else {
+ XMEMCPY(out, out_a, inSz) ;
+ XMEMCPY(authTag, tmpTag, authTagSz) ;
+ }
+
+ FREE_ALL;
+ return 0 ;
+}
+
+static int AesAuthDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
+ const byte* nonce, word32 nonceSz,
+ const byte* authTag, word32 authTagSz,
+ const byte* authIn, word32 authInSz, int mode)
+{
+ word32 M, L ;
+ byte *in_a, *in_save ;
+ byte *out_a, *out_save ;
+ byte *authIn_a, *authIn_save ;
+ byte *nonce_a, *nonce_save ;
+ word32 tmpTag[4] ;
+ bool ret ;
+
+ if(AesAuthArgCheck(aes, out, in, inSz, nonce, nonceSz, authTag, authTagSz, authIn, authInSz, &M, &L)
+ == BAD_FUNC_ARG)return BAD_FUNC_ARG ;
+
+ /* 16 byte padding */
+ in_save = NULL ; out_save = NULL ; authIn_save = NULL ; nonce_save = NULL ;
+ if((inSz%16)==0){
+ in_save = NULL ; in_a = (byte *)in ;
+ out_save = NULL ; out_a = out ;
+ } else {
+ if((in_save = XMALLOC(RoundUp16(inSz), NULL, DYNAMIC_TYPE_TMP_BUFFER)) == NULL){
+ FREE_ALL; return MEMORY_E;}
+ in_a = in_save ; XMEMSET(in_a, 0, RoundUp16(inSz)) ; XMEMCPY(in_a, in, inSz) ;
+
+ if((out_save = XMALLOC(RoundUp16(inSz), NULL, DYNAMIC_TYPE_TMP_BUFFER)) == NULL){
+ FREE_ALL; return MEMORY_E;}
+ out_a = out_save ;
+ }
+
+ if((authInSz%16)==0){
+ authIn_save = NULL ; authIn_a = (byte *)authIn ;
+ } else {
+ if((authIn_save = XMALLOC(RoundUp16(authInSz), NULL, DYNAMIC_TYPE_TMP_BUFFER)) == NULL){
+ FREE_ALL; return MEMORY_E; }
+ authIn_a = authIn_save ; XMEMSET(authIn_a, 0, RoundUp16(authInSz)) ; XMEMCPY(authIn_a, authIn, authInSz) ;
+ }
+
+ if((nonceSz%16)==0){
+ nonce_save = NULL ; nonce_a = (byte *)nonce ;
+ } else {
+ if((nonce_save = XMALLOC(RoundUp16(nonceSz), NULL, DYNAMIC_TYPE_TMP_BUFFER)) == NULL){
+ FREE_ALL; return MEMORY_E; }
+ nonce_a = nonce_save ; XMEMSET(nonce_a, 0, RoundUp16(nonceSz)) ; XMEMCPY(nonce_a, nonce, nonceSz) ;
+ }
+
+ /* do aes-ccm */
+ AesAuthSetIv(aes, nonce, nonceSz, L, mode) ;
+ ROM_AESReset(AES_BASE);
+ ROM_AESConfigSet(AES_BASE, (aes->keylen | AES_CFG_DIR_DECRYPT |
+ AES_CFG_CTR_WIDTH_128 |
+ mode | ((mode== AES_CFG_MODE_CCM) ? (L | M) : 0 ))) ;
+ ROM_AESIVSet(AES_BASE, aes->reg);
+ ROM_AESKey1Set(AES_BASE, aes->key, aes->keylen);
+ ret = ROM_AESDataProcessAuth(AES_BASE, (unsigned int*)in_a, (unsigned int *)out_a, inSz,
+ (unsigned int*)authIn_a, authInSz, (unsigned int *)tmpTag);
+ if((ret == false) || (XMEMCMP(authTag, tmpTag, authTagSz) != 0)){
+ XMEMSET(out, 0, inSz) ;
+ ret = false ;
+ } else {
+ XMEMCPY(out, out_a, inSz) ;
+ }
+
+ FREE_ALL ;
+ return ret==true ? 0 : 1 ;
+}
+#endif
+
+
+#ifdef HAVE_AESGCM
+WOLFSSL_API int wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len)
+{
+ return AesAuthSetKey(aes, key, len) ;
+}
+
+WOLFSSL_API int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
+ const byte* iv, word32 ivSz,
+ byte* authTag, word32 authTagSz,
+ const byte* authIn, word32 authInSz)
+{
+ return AesAuthEncrypt(aes, out, in, sz, iv, ivSz, authTag, authTagSz,
+ authIn, authInSz, AES_CFG_MODE_GCM_HY0CALC) ;
+}
+WOLFSSL_API int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
+ const byte* iv, word32 ivSz,
+ const byte* authTag, word32 authTagSz,
+ const byte* authIn, word32 authInSz)
+{
+ return AesAuthDecrypt(aes, out, in, sz, iv, ivSz, authTag, authTagSz,
+ authIn, authInSz, AES_CFG_MODE_GCM_HY0CALC) ;
+}
+
+WOLFSSL_API int wc_GmacSetKey(Gmac* gmac, const byte* key, word32 len)
+{
+ return AesAuthSetKey(&gmac->aes, key, len) ;
+}
+
+WOLFSSL_API int wc_GmacUpdate(Gmac* gmac, const byte* iv, word32 ivSz,
+ const byte* authIn, word32 authInSz,
+ byte* authTag, word32 authTagSz)
+{
+ return AesAuthEncrypt(&gmac->aes, NULL, NULL, 0, iv, ivSz, authTag, authTagSz,
+ authIn, authInSz, AES_CFG_MODE_GCM_HY0CALC) ;
+}
+
+#endif /* HAVE_AESGCM */
+
+#ifdef HAVE_AESCCM
+WOLFSSL_API void wc_AesCcmSetKey(Aes* aes, const byte* key, word32 keySz)
+{
+ AesAuthSetKey(aes, key, keySz) ;
+}
+
+WOLFSSL_API void wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
+ const byte* nonce, word32 nonceSz,
+ byte* authTag, word32 authTagSz,
+ const byte* authIn, word32 authInSz)
+{
+ AesAuthEncrypt(aes, out, in, inSz, nonce, nonceSz, authTag, authTagSz,
+ authIn, authInSz, AES_CFG_MODE_CCM) ;
+}
+
+WOLFSSL_API int wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
+ const byte* nonce, word32 nonceSz,
+ const byte* authTag, word32 authTagSz,
+ const byte* authIn, word32 authInSz)
+{
+ return AesAuthDecrypt(aes, out, in, inSz, nonce, nonceSz, authTag, authTagSz,
+ authIn, authInSz, AES_CFG_MODE_CCM) ;
+}
+#endif /* HAVE_AESCCM */
+
+#endif /* WOLFSSL_TI_CRYPT */
+
+#endif /* NO_AES */
+
+
+
diff --git a/wolfcrypt/src/port/ti/ti-ccm.c b/wolfcrypt/src/port/ti/ti-ccm.c
new file mode 100644
index 000000000..65a51350e
--- /dev/null
+++ b/wolfcrypt/src/port/ti/ti-ccm.c
@@ -0,0 +1,82 @@
+/* port/ti/ti_ccm.c
+ *
+ * Copyright (C) 2006-2015 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL. (formerly known as CyaSSL)
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+ #include
+#endif
+
+#include
+
+#if defined(WOLFSSL_TI_CRYPT) || defined(WOLFSSL_TI_HASH)
+
+#include "wolfssl/wolfcrypt/port/ti/ti-ccm.h"
+#include
+#include
+
+#include "driverlib/sysctl.h"
+#include "driverlib/rom_map.h"
+#include "driverlib/rom.h"
+
+#ifndef SINGLE_THREADED
+#include
+ static wolfSSL_Mutex TI_CCM_Mutex ;
+#endif
+
+#define TIMEOUT 500000
+#define WAIT(stat) { volatile int i ; for(i=0; i
+#endif
+
+#include
+
+#ifndef NO_DES
+
+#if defined(WOLFSSL_TI_CRYPT)
+#include
+#include
+
+#include
+#include
+#include
+
+#include "inc/hw_des.h"
+#include "inc/hw_memmap.h"
+#include "inc/hw_ints.h"
+#include "driverlib/des.h"
+#include "driverlib/sysctl.h"
+#include "driverlib/rom_map.h"
+#include "driverlib/rom.h"
+
+static int DesSetIV(Des* des, const byte* iv, int tri)
+{
+ if (des == NULL)
+ return BAD_FUNC_ARG;
+
+ if (iv)
+ XMEMCPY(des->reg, iv, tri == DES_CFG_TRIPLE ? DES3_IVLEN : DES_IVLEN);
+ else
+ XMEMSET(des->reg, 0, tri == DES_CFG_TRIPLE ? DES3_IVLEN : DES_IVLEN);
+
+ return 0;
+}
+
+static int DesSetKey(Des* des, const byte* key, const byte* iv,int dir, int tri)
+{
+ if(!wolfSSL_TI_CCMInit())return 1 ;
+ if ((des == NULL) || (key == NULL) || (iv == NULL))
+ return BAD_FUNC_ARG;
+ if(!((dir == DES_ENCRYPTION) || (dir == DES_DECRYPTION)))
+ return BAD_FUNC_ARG;
+
+ XMEMCPY(des->key, key, tri == DES_CFG_SINGLE ? DES_KEYLEN : DES3_KEYLEN) ;
+ return DesSetIV(des, iv, tri);
+}
+
+static int DesCbcAlign16(Des* des, byte* out, const byte* in, word32 sz, word32 dir, word32 tri)
+{
+
+ wolfSSL_TI_lockCCM() ;
+ ROM_DESReset(DES_BASE);
+ ROM_DESConfigSet(DES_BASE, (dir | DES_CFG_MODE_CBC | tri));
+ ROM_DESIVSet(DES_BASE, (uint32_t*)des->reg);
+ ROM_DESKeySet(DES_BASE,(uint32_t*)des->key);
+ if(dir == DES_CFG_DIR_DECRYPT)
+ /* if input and output same will overwrite input iv */
+ XMEMCPY(des->tmp, in + sz - DES_BLOCK_SIZE, DES_BLOCK_SIZE);
+ ROM_DESDataProcess(DES_BASE, (uint32_t *)in, (uint32_t *)out, sz);
+ wolfSSL_TI_unlockCCM() ;
+
+ /* store iv for next call */
+ if(dir == DES_CFG_DIR_ENCRYPT)
+ XMEMCPY(des->reg, out + sz - DES_BLOCK_SIZE, DES_BLOCK_SIZE);
+ else
+ XMEMCPY(des->reg, des->tmp, DES_BLOCK_SIZE);
+
+ return 0 ;
+}
+
+#define IS_ALIGN16(p) (((unsigned int)(p)&0xf) == 0)
+
+static int DesCbc(Des* des, byte* out, const byte* in, word32 sz, word32 dir, word32 tri)
+{
+ const byte * in_p ; byte * out_p ;
+ word32 size ;
+ #define TI_BUFFSIZE 1024
+ byte buff[TI_BUFFSIZE] ;
+ if ((des == NULL) || (in == NULL) || (out == NULL))
+ return BAD_FUNC_ARG;
+ if(sz % DES_BLOCK_SIZE)
+ return BAD_FUNC_ARG;
+
+ while(sz > 0) {
+ size = sz ; in_p = in ; out_p = out ;
+ if(!IS_ALIGN16(in)){
+ size = sz>TI_BUFFSIZE ? TI_BUFFSIZE : sz ;
+ XMEMCPY(buff, in, size) ;
+ in_p = (const byte *)buff ;
+ }
+ if(!IS_ALIGN16(out)){
+ size = sz>TI_BUFFSIZE ? TI_BUFFSIZE : sz ;
+ out_p = (byte *)buff ;
+ }
+
+ DesCbcAlign16(des, out_p, in_p, size, dir, tri) ;
+
+ if(!IS_ALIGN16(out)){
+ XMEMCPY(out, buff, size) ;
+ }
+ sz -= size ; in += size ; out += size ;
+ }
+ return 0 ;
+}
+
+WOLFSSL_API int wc_Des_SetKey(Des* des, const byte* key, const byte* iv,int dir)
+{
+ return DesSetKey(des, key, iv, dir, DES_CFG_SINGLE) ;
+}
+
+WOLFSSL_API void wc_Des_SetIV(Des* des, const byte* iv)
+{
+ DesSetIV(des, iv, DES_CFG_SINGLE) ;
+}
+
+WOLFSSL_API int wc_Des3_SetKey(Des3* des, const byte* key, const byte* iv,int dir)
+{
+ return DesSetKey((Des *)des, key, iv, dir, DES_CFG_TRIPLE) ;
+}
+
+WOLFSSL_API int wc_Des3_SetIV(Des3* des, const byte* iv)
+{
+ return DesSetIV((Des *)des, iv, DES_CFG_TRIPLE) ;
+}
+
+
+WOLFSSL_API int wc_Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz)
+{
+ return DesCbc(des, out, in, sz, DES_CFG_DIR_ENCRYPT, DES_CFG_SINGLE) ;
+}
+
+WOLFSSL_API int wc_Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz)
+{
+ return DesCbc(des, out, in, sz, DES_CFG_DIR_DECRYPT, DES_CFG_SINGLE) ;
+}
+
+WOLFSSL_API int wc_Des_CbcDecryptWithKey(byte* out, const byte* in, word32 sz,
+ const byte* key, const byte* iv)
+{
+ (void)out; (void)in; (void)sz; (void)key; (void)iv ;
+ return -1 ;
+}
+
+WOLFSSL_API int wc_Des3_CbcEncrypt(Des3* des, byte* out, const byte* in, word32 sz)
+{
+ return DesCbc((Des *)des, out, in, sz, DES_CFG_DIR_ENCRYPT, DES_CFG_TRIPLE) ;
+}
+
+WOLFSSL_API int wc_Des3_CbcDecrypt(Des3* des, byte* out, const byte* in, word32 sz)
+{
+ return DesCbc((Des *)des, out, in, sz, DES_CFG_DIR_DECRYPT, DES_CFG_TRIPLE) ;
+}
+
+WOLFSSL_API int wc_Des3_CbcDecryptWithKey(byte* out, const byte* in, word32 sz,
+ const byte* key, const byte* iv)
+{
+ (void)out; (void)in; (void)sz; (void)key; (void)iv ;
+ return -1 ;
+ }
+
+
+#endif /* WOLFSSL_TI_CRYPT */
+
+#endif /* NO_DES */
diff --git a/wolfcrypt/src/port/ti/ti-hash.c b/wolfcrypt/src/port/ti/ti-hash.c
new file mode 100755
index 000000000..56526af86
--- /dev/null
+++ b/wolfcrypt/src/port/ti/ti-hash.c
@@ -0,0 +1,317 @@
+/* port/ti/ti-hash.c
+ *
+ * Copyright (C) 2006-2015 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL. (formerly known as CyaSSL)
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+
+#ifdef HAVE_CONFIG_H
+ #include
+#endif
+
+#include
+
+#include
+
+#if defined(WOLFSSL_TI_HASH)
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+#include
+#include
+
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+
+#ifndef TI_DUMMY_BUILD
+#include "inc/hw_memmap.h"
+#include "inc/hw_shamd5.h"
+#include "inc/hw_ints.h"
+#include "driverlib/shamd5.h"
+#include "driverlib/sysctl.h"
+#include "driverlib/rom_map.h"
+#include "driverlib/rom.h"
+#else
+#define SHAMD5_ALGO_MD5 1
+#define SHAMD5_ALGO_SHA1 2
+#define SHAMD5_ALGO_SHA256 3
+bool wolfSSL_TI_CCMInit(void) { return true ; }
+#endif
+
+static int hashInit(wolfssl_TI_Hash *hash) {
+ if(!wolfSSL_TI_CCMInit())return 1 ;
+ hash->used = 0 ;
+ hash->msg = 0 ;
+ hash->len = 0 ;
+ return 0 ;
+}
+
+static int hashUpdate(wolfssl_TI_Hash *hash, const byte* data, word32 len)
+{
+ void *p ;
+
+ if((hash== NULL) || (data == NULL))return BAD_FUNC_ARG;
+
+ if(hash->len < hash->used+len) {
+ if(hash->msg == NULL) {
+ p = XMALLOC(hash->used+len, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ } else {
+ p = XREALLOC(hash->msg, hash->used+len, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ }
+ if(p == 0)return 1 ;
+ hash->msg = p ;
+ hash->len = hash->used+len ;
+ }
+ XMEMCPY(hash->msg+hash->used, data, len) ;
+ hash->used += len ;
+ return 0 ;
+}
+
+static int hashGetHash(wolfssl_TI_Hash *hash, byte* result, word32 algo, word32 hsize)
+{
+ uint32_t h[16] ;
+#ifndef TI_DUMMY_BUILD
+ wolfSSL_TI_lockCCM() ;
+ ROM_SHAMD5Reset(SHAMD5_BASE);
+ ROM_SHAMD5ConfigSet(SHAMD5_BASE, algo);
+ ROM_SHAMD5DataProcess(SHAMD5_BASE,
+ (uint32_t *)hash->msg, hash->used, h);
+ wolfSSL_TI_unlockCCM() ;
+#else
+ (void) hash ;
+ (void) algo ;
+#endif
+ XMEMCPY(result, h, hsize) ;
+
+ return 0 ;
+}
+
+static void hashRestorePos(wolfssl_TI_Hash *h1, wolfssl_TI_Hash *h2) {
+ h1->used = h2->used ;
+}
+
+static int hashFinal(wolfssl_TI_Hash *hash, byte* result, word32 algo, word32 hsize)
+{
+ hashGetHash(hash, result, algo, hsize) ;
+ XFREE(hash->msg, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ hashInit(hash) ;
+ return 0 ;
+}
+
+static int hashHash(const byte* data, word32 len, byte* hash, word32 algo, word32 hsize)
+{
+ int ret = 0;
+#ifdef WOLFSSL_SMALL_STACK
+ wolfssl_TI_Hash* hash_desc;
+#else
+ wolfssl_TI_Hash hash_desc[1];
+#endif
+
+#ifdef WOLFSSL_SMALL_STACK
+ hash_desc = (wolfssl_TI_Hash*)XMALLOC(sizeof(wolfssl_TI_Hash), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ if (hash_desc == NULL)
+ return MEMORY_E;
+#endif
+
+ if ((ret = hashInit(hash_desc)) != 0) {
+ WOLFSSL_MSG("Hash Init failed");
+ }
+ else {
+ hashUpdate(hash_desc, data, len);
+ hashFinal(hash_desc, hash, algo, hsize);
+ }
+
+#ifdef WOLFSSL_SMALL_STACK
+ XFREE(hash, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
+ return ret;
+}
+
+static int hashFree(wolfssl_TI_Hash *hash)
+{
+ XFREE(hash->msg, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ hashInit(hash) ;
+ return 0 ;
+}
+
+#if !defined(NO_MD5)
+WOLFSSL_API void wc_InitMd5(Md5* md5)
+{
+ if (md5 == NULL)
+ return ;
+ hashInit((wolfssl_TI_Hash *)md5) ;
+}
+
+WOLFSSL_API void wc_Md5Update(Md5* md5, const byte* data, word32 len)
+{
+ hashUpdate((wolfssl_TI_Hash *)md5, data, len) ;
+}
+
+WOLFSSL_API void wc_Md5Final(Md5* md5, byte* hash)
+{
+ hashFinal((wolfssl_TI_Hash *)md5, hash, SHAMD5_ALGO_MD5, MD5_DIGEST_SIZE) ;
+}
+
+WOLFSSL_API void wc_Md5GetHash(Md5* md5, byte* hash)
+{
+ hashGetHash((wolfssl_TI_Hash *)md5, hash, SHAMD5_ALGO_MD5, MD5_DIGEST_SIZE) ;
+}
+
+WOLFSSL_API void wc_Md5RestorePos(Md5* m1, Md5* m2) {
+ hashRestorePos((wolfssl_TI_Hash *)m1, (wolfssl_TI_Hash *)m2) ;
+}
+
+WOLFSSL_API int wc_Md5Hash(const byte*data, word32 len, byte*hash)
+{
+ return hashHash(data, len, hash, SHAMD5_ALGO_MD5, MD5_DIGEST_SIZE) ;
+}
+
+WOLFSSL_API void wc_Md5Free(Md5* md5)
+{
+ hashFree((wolfssl_TI_Hash *)md5) ;
+}
+
+#endif /* NO_MD5 */
+
+#if !defined(NO_SHA)
+WOLFSSL_API int wc_InitSha(Sha* sha)
+{
+ if (sha == NULL)
+ return 1 ;
+ return hashInit((wolfssl_TI_Hash *)sha) ;
+}
+
+WOLFSSL_API int wc_ShaUpdate(Sha* sha, const byte* data, word32 len)
+{
+ return hashUpdate((wolfssl_TI_Hash *)sha, data, len) ;
+}
+
+WOLFSSL_API int wc_ShaFinal(Sha* sha, byte* hash)
+{
+ return hashFinal((wolfssl_TI_Hash *)sha, hash, SHAMD5_ALGO_SHA1, SHA_DIGEST_SIZE) ;
+}
+
+WOLFSSL_API int wc_ShaGetHash(Sha* sha, byte* hash)
+{
+ return hashGetHash(sha, hash, SHAMD5_ALGO_SHA1, SHA_DIGEST_SIZE) ;
+}
+
+WOLFSSL_API void wc_ShaRestorePos(Sha* s1, Sha* s2) {
+ hashRestorePos((wolfssl_TI_Hash *)s1, (wolfssl_TI_Hash *)s2) ;
+}
+
+WOLFSSL_API int wc_ShaHash(const byte*data, word32 len, byte*hash)
+{
+ return hashHash(data, len, hash, SHAMD5_ALGO_SHA1, SHA_DIGEST_SIZE) ;
+}
+
+WOLFSSL_API void wc_ShaFree(Sha* sha)
+{
+ hashFree((wolfssl_TI_Hash *)sha) ;
+}
+
+#endif /* NO_SHA */
+
+#if defined(HAVE_SHA224)
+WOLFSSL_API int wc_InitSha224(Sha224* sha224)
+{
+ if (sha224 == NULL)
+ return 1 ;
+ return hashInit((wolfssl_TI_Hash *)sha224) ;
+}
+
+WOLFSSL_API int wc_Sha224Update(Sha224* sha224, const byte* data, word32 len)
+{
+ return hashUpdate((wolfssl_TI_Hash *)sha224, data, len) ;
+}
+
+WOLFSSL_API int wc_Sha224Final(Sha224* sha224, byte* hash)
+{
+ return hashFinal((wolfssl_TI_Hash *)sha224, hash, SHAMD5_ALGO_SHA224, SHA224_DIGEST_SIZE) ;
+}
+
+WOLFSSL_API int wc_Sha224GetHash(Sha224* sha224, byte* hash)
+{
+ return hashGetHash(sha224, hash, SHAMD5_ALGO_SHA224, SHA224_DIGEST_SIZE) ;
+}
+
+WOLFSSL_API void wc_Sha224RestorePos(Sha224* s1, Sha224* s2) {
+ hashRestorePos((wolfssl_TI_Hash *)s1, (wolfssl_TI_Hash *)s2) ;
+}
+
+WOLFSSL_API int wc_Sha224Hash(const byte* data, word32 len, byte*hash)
+{
+ return hashHash(data, len, hash, SHAMD5_ALGO_SHA224, SHA224_DIGEST_SIZE) ;
+}
+
+WOLFSSL_API void wc_Sha224Free(Sha224* sha224)
+{
+ hashFree((wolfssl_TI_Hash *)sha224) ;
+}
+
+#endif /* HAVE_SHA224 */
+
+#if !defined(NO_SHA256)
+WOLFSSL_API int wc_InitSha256(Sha256* sha256)
+{
+ if (sha256 == NULL)
+ return 1 ;
+ return hashInit((wolfssl_TI_Hash *)sha256) ;
+}
+
+WOLFSSL_API int wc_Sha256Update(Sha256* sha256, const byte* data, word32 len)
+{
+ return hashUpdate((wolfssl_TI_Hash *)sha256, data, len) ;
+}
+
+WOLFSSL_API int wc_Sha256Final(Sha256* sha256, byte* hash)
+{
+ return hashFinal((wolfssl_TI_Hash *)sha256, hash, SHAMD5_ALGO_SHA256, SHA256_DIGEST_SIZE) ;
+}
+
+WOLFSSL_API int wc_Sha256GetHash(Sha256* sha256, byte* hash)
+{
+ return hashGetHash(sha256, hash, SHAMD5_ALGO_SHA256, SHA256_DIGEST_SIZE) ;
+}
+
+WOLFSSL_API void wc_Sha256RestorePos(Sha256* s1, Sha256* s2) {
+ hashRestorePos((wolfssl_TI_Hash *)s1, (wolfssl_TI_Hash *)s2) ;
+}
+
+WOLFSSL_API int wc_Sha256Hash(const byte* data, word32 len, byte*hash)
+{
+ return hashHash(data, len, hash, SHAMD5_ALGO_SHA256, SHA256_DIGEST_SIZE) ;
+}
+
+WOLFSSL_API void wc_Sha256Free(Sha256* sha256)
+{
+ hashFree((wolfssl_TI_Hash *)sha256) ;
+}
+
+#endif
+
+#endif
diff --git a/wolfcrypt/src/pwdbased.c b/wolfcrypt/src/pwdbased.c
index b222774e4..b9764d8d0 100644
--- a/wolfcrypt/src/pwdbased.c
+++ b/wolfcrypt/src/pwdbased.c
@@ -57,16 +57,18 @@
#include
#endif
-#ifndef min
+#ifndef WOLFSSL_HAVE_MIN
+#define WOLFSSL_HAVE_MIN
static INLINE word32 min(word32 a, word32 b)
{
return a > b ? b : a;
}
-#endif /* min */
+#endif /* WOLFSSL_HAVE_MIN */
+#ifndef NO_SHA
/* PBKDF1 needs at least SHA available */
int wc_PBKDF1(byte* output, const byte* passwd, int pLen, const byte* salt,
int sLen, int iterations, int kLen, int hashType)
@@ -129,6 +131,7 @@ int wc_PBKDF1(byte* output, const byte* passwd, int pLen, const byte* salt,
return 0;
}
+#endif /* NO_SHA */
int GetDigestSize(int hashType)
@@ -141,9 +144,11 @@ int GetDigestSize(int hashType)
hLen = MD5_DIGEST_SIZE;
break;
#endif
+#ifndef NO_SHA
case SHA:
hLen = SHA_DIGEST_SIZE;
break;
+#endif
#ifndef NO_SHA256
case SHA256:
hLen = SHA256_DIGEST_SIZE;
@@ -263,10 +268,12 @@ int GetPKCS12HashSizes(int hashType, word32* v, word32* u)
*u = MD5_DIGEST_SIZE;
break;
#endif
+#ifndef NO_SHA
case SHA:
*v = SHA_BLOCK_SIZE;
*u = SHA_DIGEST_SIZE;
break;
+#endif
#ifndef NO_SHA256
case SHA256:
*v = SHA256_BLOCK_SIZE;
@@ -312,6 +319,7 @@ int DoPKCS12Hash(int hashType, byte* buffer, word32 totalLen,
}
break;
#endif /* NO_MD5 */
+#ifndef NO_SHA
case SHA:
{
Sha sha;
@@ -327,6 +335,7 @@ int DoPKCS12Hash(int hashType, byte* buffer, word32 totalLen,
}
}
break;
+#endif /* NO_SHA */
#ifndef NO_SHA256
case SHA256:
{
diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c
index 85f96d3c4..dbf608f2e 100755
--- a/wolfcrypt/src/random.c
+++ b/wolfcrypt/src/random.c
@@ -39,32 +39,33 @@ int wc_GenerateSeed(OS_Seed* os, byte* seed, word32 sz)
}
#ifdef HAVE_CAVIUM
- int wc_InitRngCavium(RNG* rng, int i)
+ int wc_InitRngCavium(WC_RNG* rng, int i)
{
return InitRngCavium(rng, i);
}
#endif
-int wc_InitRng(RNG* rng)
+int wc_InitRng(WC_RNG* rng)
{
return InitRng_fips(rng);
}
-int wc_RNG_GenerateBlock(RNG* rng, byte* b, word32 sz)
+int wc_RNG_GenerateBlock(WC_RNG* rng, byte* b, word32 sz)
{
return RNG_GenerateBlock_fips(rng, b, sz);
}
-int wc_RNG_GenerateByte(RNG* rng, byte* b)
+int wc_RNG_GenerateByte(WC_RNG* rng, byte* b)
{
return RNG_GenerateByte(rng, b);
}
#if defined(HAVE_HASHDRBG) || defined(NO_RC4)
- int wc_FreeRng(RNG* rng)
+
+ int wc_FreeRng(WC_RNG* rng)
{
return FreeRng_fips(rng);
}
@@ -100,8 +101,8 @@ int wc_RNG_GenerateByte(RNG* rng, byte* b)
#include
#include