feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge remote-tracking branch 'upstream/master' into tk11899

Browse Source 
# Conflicts:
#	tests/api.c
This commit is contained in:
TakayukiMatsuo
2021-04-14 06:13:46 +09:00
parent 07022eebe7 21faeff478
commit f245ba0ca1
15 changed files with 283 additions and 127 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
IDE/ROWLEY-CROSSWORKS-ARM/kinetis_hw.c
View File

@@ -64,10 +64,10 @@
// UART TX Port, Pin, Mux and Baud
#ifdef FREESCALE_KSDK_BM
#define UART_PORT LPUART0 /* UART Port */
#define UART_TX_PORT PORTA /* UART TX Port */
#define UART_TX_PIN 2U /* UART TX Pin */
#define UART_TX_MUX kPORT_MuxAlt2 /* Kinetis UART pin mux */
#define UART_PORT LPUART4 /* UART Port */
#define UART_TX_PORT PORTC /* UART TX Port */
#define UART_TX_PIN 15U /* UART TX Pin */
#define UART_TX_MUX kPORT_MuxAlt3 /* Kinetis UART pin mux */
#elif defined (WOLFSSL_FRDM_K64)
#define UART_PORT UART0 /* UART Port */
#define UART_TX_PORT PORTB /* UART TX Port */
@@ -91,7 +91,7 @@
/* Note: TWR-K60 is UART3, PTC17 */
/* Note: FRDM-K64 is UART4, PTE24 or UART0 PTB17 for OpenOCD (SIM_SCGC4_UART0_MASK)*/
/* Note: TWR-K64 is UART5, PTE8 */
/* Note: FRDM-K82F is LPUART0 A2, LPUART4 PTC15 */
/* Note: FRDM-K82F is LPUART4 PTC15 Alt3 (OpenOCD UART) */
/***********************************************/

3
IDE/ROWLEY-CROSSWORKS-ARM/wolfssl_ltc.hzp
View File

@@ -159,7 +159,6 @@
<file file_name="drivers/fsl_edma.h" />
<file file_name="drivers/fsl_ewm.c" />
<file file_name="drivers/fsl_ewm.h" />
<file file_name="drivers/fsl_flash.c" />
<file file_name="drivers/fsl_flash.h" />
<file file_name="drivers/fsl_flexbus.c" />
<file file_name="drivers/fsl_flexbus.h" />
@@ -223,8 +222,6 @@
<file file_name="drivers/fsl_ltc.h" />
<file file_name="drivers/fsl_ltc_edma.c" />
<file file_name="drivers/fsl_ltc_edma.h" />
<file file_name="drivers/fsl_mpu.c" />
<file file_name="drivers/fsl_mpu.h" />
<file file_name="drivers/fsl_pdb.c" />
<file file_name="drivers/fsl_pdb.h" />
<file file_name="drivers/fsl_pit.c" />

34
scripts/openssl.test
View File

@@ -2,6 +2,10 @@
#openssl.test
# Enviornment variables used:
# OPENSSL (openssl app to use)
# OPENSSL_ENGINE_ID (engine id if any i.e. "wolfengine")
CERT_DIR="$PWD/$(dirname "$0")/../certs"
if ! test -n "$WOLFSSL_OPENSSL_TEST"; then
@@ -129,17 +133,39 @@ start_openssl_server() {
server_port=$port
found_free_port=0
counter=0
# If OPENSSL_ENGINE_ID has been set then check that the desired engine can
# be loaded successfully and error out if not. Otherwise the OpenSSL app
# will fall back to default engine.
if [ ! -z "${OPENSSL_ENGINE_ID}" ]; then
OUTPUT=`$OPENSSL engine -tt $OPENSSL_ENGINE_ID`
if [ $? != 0 ]; then
printf "not able to load engine\n"
printf "$OPENSSL engine -tt $OPENSSL_ENGINE_ID\n"
do_cleanup
exit 1
else
echo $OUTPUT | grep "available"
if [ $? != 0 ]; then
printf "engine not available\n"
do_cleanup
exit 1
fi
fi
OPENSSL_ENGINE_ID="-engine ${OPENSSL_ENGINE_ID}"
fi
while [ "$counter" -lt 20 ]; do
echo -e "\n# Trying to start $openssl_suite OpenSSL server on port $server_port..."
echo "#"
if [ "$cert_file" != "" ]
then
echo "# " $OPENSSL s_server -accept $server_port -cert $cert_file -key $key_file -quiet -CAfile $ca_file -www -dhparam ${CERT_DIR}/dh2048.pem -verify 10 -verify_return_error -psk $psk_hex -cipher "ALL:eNULL" $openssl_nodhe
$OPENSSL s_server -accept $server_port -cert $cert_file -key $key_file -quiet -CAfile $ca_file -www -dhparam ${CERT_DIR}/dh2048.pem -verify 10 -verify_return_error -psk $psk_hex -cipher "ALL:eNULL" $openssl_nodhe &
echo "# " $OPENSSL s_server -accept $server_port $OPENSSL_ENGINE_ID -cert $cert_file -key $key_file -quiet -CAfile $ca_file -www -dhparam ${CERT_DIR}/dh2048.pem -verify 10 -verify_return_error -psk $psk_hex -cipher "ALL:eNULL" $openssl_nodhe
$OPENSSL s_server -accept $server_port $OPENSSL_ENGINE_ID -cert $cert_file -key $key_file -quiet -CAfile $ca_file -www -dhparam ${CERT_DIR}/dh2048.pem -verify 10 -verify_return_error -psk $psk_hex -cipher "ALL:eNULL" $openssl_nodhe &
else
echo "# " $OPENSSL s_server -accept $server_port -quiet -nocert -www -dhparam ${CERT_DIR}/dh2048.pem -verify 10 -verify_return_error -psk $psk_hex -cipher "ALL:eNULL" $openssl_nodhe
$OPENSSL s_server -accept $server_port -quiet -nocert -www -dhparam ${CERT_DIR}/dh2048.pem -verify 10 -verify_return_error -psk $psk_hex -cipher "ALL:eNULL" $openssl_nodhe &
echo "# " $OPENSSL s_server -accept $server_port $OPENSSL_ENGINE_ID -quiet -nocert -www -dhparam ${CERT_DIR}/dh2048.pem -verify 10 -verify_return_error -psk $psk_hex -cipher "ALL:eNULL" $openssl_nodhe
$OPENSSL s_server -accept $server_port $OPENSSL_ENGINE_ID -quiet -nocert -www -dhparam ${CERT_DIR}/dh2048.pem -verify 10 -verify_return_error -psk $psk_hex -cipher "ALL:eNULL" $openssl_nodhe &
fi
server_pid=$!
# wait to see if s_server successfully starts before continuing

65
src/ssl.c
View File

@@ -10130,13 +10130,6 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c,
goto err;
}
}
else if (gn) {
if (wolfSSL_sk_GENERAL_NAME_push(sk, gn) != WOLFSSL_SUCCESS) {
WOLFSSL_MSG("Error pushing GENERAL_NAME object onto "
"stack.");
goto err;
}
}
ret = sk;
@@ -25313,7 +25306,7 @@ WOLFSSL_X509* wolfSSL_d2i_X509_REQ_bio(WOLFSSL_BIO* bio, WOLFSSL_X509** x509)
#endif
#if !defined(NO_ASN) && !defined(NO_PWDBASED)
#ifndef NO_BIO
#if !defined(NO_BIO) && defined(HAVE_PKCS12)
WC_PKCS12* wolfSSL_d2i_PKCS12_bio(WOLFSSL_BIO* bio, WC_PKCS12** pkcs12)
{
WC_PKCS12* localPkcs12 = NULL;
@@ -25393,7 +25386,7 @@ int wolfSSL_i2d_PKCS12_bio(WOLFSSL_BIO *bio, WC_PKCS12 *pkcs12)
return ret;
}
#endif /* !NO_BIO */
#endif /* !NO_BIO && HAVE_PKCS12 */
/* Copies unencrypted DER key buffer into "der". If "der" is null then the size
* of buffer needed is returned. If *der == NULL then it allocates a buffer.
@@ -25406,6 +25399,7 @@ int wolfSSL_i2d_PrivateKey(const WOLFSSL_EVP_PKEY* key, unsigned char** der)
return wolfSSL_EVP_PKEY_get_der(key, der);
}
#ifdef HAVE_PKCS12
/* Creates a new WC_PKCS12 structure
*
* pass password to use
@@ -25793,6 +25787,7 @@ int wolfSSL_PKCS12_verify_mac(WC_PKCS12 *pkcs12, const char *psw,
return wc_PKCS12_verify_ex(pkcs12, (const byte*)psw, pswLen) == 0 ?
WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
}
#endif /* HAVE_PKCS12 */
#endif /* !NO_ASN && !NO_PWDBASED */
@@ -26019,7 +26014,47 @@ void wolfSSL_X509_STORE_free(WOLFSSL_X509_STORE* store)
XFREE(store, NULL, DYNAMIC_TYPE_X509_STORE);
}
}
/**
* Get ex_data in WOLFSSL_STORE at given index
* @param store a pointer to WOLFSSL_X509_STORE structure
* @param idx Index of ex_data to get data from
* @return void pointer to ex_data on success or NULL on failure
*/
void* wolfSSL_X509_STORE_get_ex_data(WOLFSSL_X509_STORE* store, int idx)
{
WOLFSSL_ENTER("wolfSSL_X509_STORE_get_ex_data");
#ifdef HAVE_EX_DATA
if (store != NULL && idx < MAX_EX_DATA && idx >= 0) {
return wolfSSL_CRYPTO_get_ex_data(&store->ex_data, idx);
}
#else
(void)store;
(void)idx;
#endif
return NULL;
}
/**
* Set ex_data for WOLFSSL_STORE
* @param store a pointer to WOLFSSL_X509_STORE structure
* @param idx Index of ex data to set
* @param data Data to set in ex data
* @return WOLFSSL_SUCCESS on success or WOLFSSL_FAILURE on failure
*/
int wolfSSL_X509_STORE_set_ex_data(WOLFSSL_X509_STORE* store, int idx,
void *data)
{
WOLFSSL_ENTER("wolfSSL_X509_STORE_set_ex_data");
#ifdef HAVE_EX_DATA
if (store != NULL && idx < MAX_EX_DATA) {
return wolfSSL_CRYPTO_set_ex_data(&store->ex_data, idx, data);
}
#else
(void)store;
(void)idx;
(void)data;
#endif
return WOLFSSL_FAILURE;
}
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
#ifdef OPENSSL_EXTRA
@@ -26379,7 +26414,7 @@ static void *wolfSSL_d2i_X509_fp_ex(XFILE file, void **x509, int type)
newx509 = (void *)wolfSSL_d2i_X509_CRL(NULL, fileBuffer, (int)sz);
}
#endif
#if !defined(NO_ASN) && !defined(NO_PWDBASED)
#if !defined(NO_ASN) && !defined(NO_PWDBASED) && defined(HAVE_PKCS12)
else if (type == PKCS12_TYPE) {
if ((newx509 = wc_PKCS12_new()) == NULL) {
goto err_exit;
@@ -26404,7 +26439,7 @@ static void *wolfSSL_d2i_X509_fp_ex(XFILE file, void **x509, int type)
goto _exit;
err_exit:
#if !defined(NO_ASN) && !defined(NO_PWDBASED)
#if !defined(NO_ASN) && !defined(NO_PWDBASED) && defined(HAVE_PKCS12)
if ((newx509 != NULL) && (type == PKCS12_TYPE)) {
wc_PKCS12_free((WC_PKCS12*)newx509);
newx509 = NULL;
@@ -32297,7 +32332,11 @@ int wolfSSL_RAND_bytes(unsigned char* buf, int num)
#endif
WOLFSSL_ENTER("wolfSSL_RAND_bytes");
/* sanity check */
if (buf == NULL || num < 0)
/* return code compliant with OpenSSL */
return 0;
/* if a RAND callback has been set try and use it */
#ifndef WOLFSSL_NO_OPENSSL_RAND_CB
if (wolfSSL_RAND_InitMutex() == 0 && wc_LockMutex(&gRandMethodMutex) == 0) {

21
src/tls13.c
View File

@@ -5034,6 +5034,11 @@ static int SendTls13Certificate(WOLFSSL* ssl)
byte certReqCtxLen = 0;
byte* certReqCtx = NULL;
#ifdef OPENSSL_EXTRA
WOLFSSL_X509* x509 = NULL;
WOLFSSL_EVP_PKEY* pkey = NULL;
#endif
WOLFSSL_START(WC_FUNC_CERTIFICATE_SEND);
WOLFSSL_ENTER("SendTls13Certificate");
@@ -5044,6 +5049,22 @@ static int SendTls13Certificate(WOLFSSL* ssl)
}
#endif
#ifdef OPENSSL_EXTRA
/* call client cert callback if no cert has been loaded */
if ((ssl->ctx->CBClientCert != NULL) &&
(!ssl->buffers.certificate || !ssl->buffers.certificate->buffer)) {
ret = ssl->ctx->CBClientCert(ssl, &x509, &pkey);
if (ret == 1) {
if ((wolfSSL_CTX_use_certificate(ssl->ctx, x509) == WOLFSSL_SUCCESS) &&
(wolfSSL_CTX_use_PrivateKey(ssl->ctx, pkey) == WOLFSSL_SUCCESS)) {
ssl->options.sendVerify = SEND_CERT;
}
wolfSSL_X509_free(x509);
wolfSSL_EVP_PKEY_free(pkey);
}
}
#endif
if (ssl->options.sendVerify == SEND_BLANK_CERT) {
certSz = 0;
certChainSz = 0;

106
tests/api.c
View File

@@ -5061,7 +5061,7 @@ static void test_wolfSSL_PKCS12(void)
*/
#if defined(OPENSSL_EXTRA) && !defined(NO_DES3) && !defined(NO_FILESYSTEM) && \
!defined(NO_ASN) && !defined(NO_PWDBASED) && !defined(NO_RSA) && \
!defined(NO_SHA)
!defined(NO_SHA) && defined(HAVE_PKCS12)
byte buffer[6000];
char file[] = "./certs/test-servercert.p12";
char order[] = "./certs/ecc-rsa-server.p12";
@@ -28476,6 +28476,28 @@ static void test_wolfSSL_X509_STORE_CTX(void)
X509_STORE_CTX_free(ctx);
}
/* test X509_STORE_get/set_ex_data */
{
int i = 0, tmpData = 99;
void* tmpDataRet;
AssertNotNull(str = X509_STORE_new());
#if defined(HAVE_EX_DATA)
for (i = 0; i < MAX_EX_DATA; i++) {
AssertIntEQ(X509_STORE_set_ex_data(str, i, &tmpData),
WOLFSSL_SUCCESS);
tmpDataRet = (int*)X509_STORE_get_ex_data(str, i);
AssertNotNull(tmpDataRet);
AssertIntEQ(tmpData, *(int*)tmpDataRet);
}
#else
AssertIntEQ(X509_STORE_set_ex_data(str, i, &tmpData),
WOLFSSL_FAILURE);
tmpDataRet = (int*)X509_STORE_get_ex_data(str, i);
AssertNull(tmpDataRet);
#endif
X509_STORE_free(str);
}
printf(resultFmt, passed);
#endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
!defined(NO_FILESYSTEM) && !defined(NO_RSA) */
@@ -31038,7 +31060,10 @@ static void test_wolfSSL_RAND_set_rand_method(void)
printf(testingFmt, "wolfSSL_RAND_set_rand_method()");
AssertIntNE(RAND_status(), 5432);
buf = (byte*)XMALLOC(32 * sizeof(byte), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
AssertIntNE(wolfSSL_RAND_status(), 5432);
AssertIntEQ(*was_cleanup_called, 0);
RAND_cleanup();
AssertIntEQ(*was_cleanup_called, 0);
@@ -31074,6 +31099,8 @@ static void test_wolfSSL_RAND_set_rand_method(void)
RAND_cleanup();
AssertIntEQ(*was_cleanup_called, 0);
XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA && !WOLFSSL_NO_OPENSSL_RAND_CB */
}
@@ -31089,17 +31116,24 @@ static void test_wolfSSL_RAND_bytes(void)
byte *my_buf;
printf(testingFmt, "test_wolfSSL_RAND_bytes()");
/* sanity check */
AssertIntEQ(RAND_bytes(NULL, 16), 0);
AssertIntEQ(RAND_bytes(NULL, 0), 0);
max_bufsize = size4;
my_buf = (byte*)XMALLOC(max_bufsize * sizeof(byte), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
AssertIntEQ(RAND_bytes(my_buf, 0), 1);
AssertIntEQ(RAND_bytes(my_buf, -1), 0);
AssertNotNull(my_buf);
XMEMSET(my_buf, 0, max_bufsize);
AssertIntEQ(wolfSSL_RAND_bytes(my_buf, size1), 1);
AssertIntEQ(wolfSSL_RAND_bytes(my_buf, size2), 1);
AssertIntEQ(wolfSSL_RAND_bytes(my_buf, size3), 1);
AssertIntEQ(wolfSSL_RAND_bytes(my_buf, size4), 1);
AssertIntEQ(RAND_bytes(my_buf, size1), 1);
AssertIntEQ(RAND_bytes(my_buf, size2), 1);
AssertIntEQ(RAND_bytes(my_buf, size3), 1);
AssertIntEQ(RAND_bytes(my_buf, size4), 1);
XFREE(my_buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -31784,15 +31818,6 @@ static void test_wolfSSL_OBJ(void)
ASN1_STRING *asn1 = NULL;
unsigned char *buf_dyn = NULL;
PKCS12 *p12;
int boolRet;
EVP_PKEY *pkey = NULL;
const char *p12_f[] = {
#if !defined(NO_DES3) && !defined(NO_RSA)
"./certs/test-servercert.p12",
#endif
NULL};
printf(testingFmt, "wolfSSL_OBJ()");
AssertIntEQ(OBJ_obj2txt(buf, (int)sizeof(buf), obj, 1), SSL_FAILURE);
@@ -31850,27 +31875,42 @@ static void test_wolfSSL_OBJ(void)
}
for (i = 0; p12_f[i] != NULL; i++)
#ifdef HAVE_PKCS12
{
AssertTrue((fp = XFOPEN(p12_f[i], "rb")) != XBADFILE);
AssertNotNull(p12 = d2i_PKCS12_fp(fp, NULL));
XFCLOSE(fp);
AssertTrue((boolRet = PKCS12_parse(p12, "wolfSSL test", &pkey, &x509, NULL)) > 0);
wc_PKCS12_free(p12);
EVP_PKEY_free(pkey);
x509Name = X509_get_issuer_name(x509);
AssertNotNull(x509Name);
AssertIntNE((numNames = X509_NAME_entry_count(x509Name)), 0);
AssertTrue((bio = BIO_new(BIO_s_mem())) != NULL);
for (j = 0; j < numNames; j++)
PKCS12 *p12;
int boolRet;
EVP_PKEY *pkey = NULL;
const char *p12_f[] = {
#if !defined(NO_DES3) && !defined(NO_RSA)
"./certs/test-servercert.p12",
#endif
NULL};
for (i = 0; p12_f[i] != NULL; i++)
{
AssertNotNull(x509NameEntry = X509_NAME_get_entry(x509Name, j));
AssertNotNull(asn1Name = X509_NAME_ENTRY_get_object(x509NameEntry));
AssertTrue((nid = OBJ_obj2nid(asn1Name)) > 0);
AssertTrue((fp = XFOPEN(p12_f[i], "rb")) != XBADFILE);
AssertNotNull(p12 = d2i_PKCS12_fp(fp, NULL));
XFCLOSE(fp);
AssertTrue((boolRet = PKCS12_parse(p12, "wolfSSL test",
&pkey, &x509, NULL)) > 0);
wc_PKCS12_free(p12);
EVP_PKEY_free(pkey);
x509Name = X509_get_issuer_name(x509);
AssertNotNull(x509Name);
AssertIntNE((numNames = X509_NAME_entry_count(x509Name)), 0);
AssertTrue((bio = BIO_new(BIO_s_mem())) != NULL);
for (j = 0; j < numNames; j++)
{
AssertNotNull(x509NameEntry = X509_NAME_get_entry(x509Name, j));
AssertNotNull(asn1Name =
X509_NAME_ENTRY_get_object(x509NameEntry));
AssertTrue((nid = OBJ_obj2nid(asn1Name)) > 0);
}
BIO_free(bio);
X509_free(x509);
}
BIO_free(bio);
X509_free(x509);
}
#endif /* HAVE_PKCS12 */
printf(resultFmt, passed);
#endif

6
wolfcrypt/src/ecc.c
View File

@@ -2882,7 +2882,7 @@ static int ecc_mulmod(const mp_int* k, ecc_point* P, ecc_point* Q,
#endif
/* Convert the point to montogmery form.
/* Convert the point to montgomery form.
*
* @param [in] p Point to convert.
* @param [out] r Point in montgomery form.
@@ -4459,10 +4459,14 @@ static int ecc_make_pub_ex(ecc_key* key, ecc_curve_spec* curveIn,
err = MEMORY_E;
}
}
#ifndef FREESCALE_LTC_ECC /* this is done in hardware */
if (err == MP_OKAY) {
/* Use constant time map if compiled in */
err = ecc_map_ex(pub, curve->prime, mp, 1);
}
#else
(void)mp;
#endif
wc_ecc_del_point_ex(base, key->heap);
}

12
wolfcrypt/src/pkcs7.c
View File

@@ -8336,18 +8336,14 @@ static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz,
case WC_PKCS7_DECRYPT_KTRI_2:
#ifndef NO_PKCS7_STREAM
if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz, pkcs7->stream->expected,
&pkiMsg, idx)) != 0) {
if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz,
pkcs7->stream->expected, &pkiMsg, idx)) != 0) {
return ret;
}
rc = wc_PKCS7_GetMaxStream(pkcs7, PKCS7_DEFAULT_PEEK,
in, inSz);
if (rc < 0) {
ret = (int)rc;
break;
if (in != pkiMsg) {
pkiMsgSz = pkcs7->stream->length;
}
pkiMsgSz = (word32)rc;
wc_PKCS7_StreamGetVar(pkcs7, NULL, &sidType, &version);

129
wolfcrypt/src/port/nxp/ksdk_port.c
View File

@@ -129,9 +129,9 @@ int mp_mul(mp_int *A, mp_int *B, mp_int *C)
#endif
/* unsigned multiply */
uint8_t *ptrA = (uint8_t *)XMALLOC(LTC_MAX_INT_BYTES, 0, DYNAMIC_TYPE_BIGINT);
uint8_t *ptrB = (uint8_t *)XMALLOC(LTC_MAX_INT_BYTES, 0, DYNAMIC_TYPE_BIGINT);
uint8_t *ptrC = (uint8_t *)XMALLOC(LTC_MAX_INT_BYTES, 0, DYNAMIC_TYPE_BIGINT);
uint8_t *ptrA = (uint8_t *)XMALLOC(LTC_MAX_INT_BYTES, NULL, DYNAMIC_TYPE_BIGINT);
uint8_t *ptrB = (uint8_t *)XMALLOC(LTC_MAX_INT_BYTES, NULL, DYNAMIC_TYPE_BIGINT);
uint8_t *ptrC = (uint8_t *)XMALLOC(LTC_MAX_INT_BYTES, NULL, DYNAMIC_TYPE_BIGINT);
if (ptrA && ptrB && ptrC) {
uint16_t sizeA, sizeB;
@@ -179,17 +179,15 @@ int mp_mul(mp_int *A, mp_int *B, mp_int *C)
int mp_mod(mp_int *a, mp_int *b, mp_int *c)
{
int res = MP_OKAY;
#if defined(FREESCALE_LTC_TFM_RSA_4096_ENABLE)
int szA, szB;
szA = mp_unsigned_bin_size(a);
szB = mp_unsigned_bin_size(b);
if ((szA <= LTC_MAX_INT_BYTES) && (szB <= LTC_MAX_INT_BYTES))
{
#endif /* FREESCALE_LTC_TFM_RSA_4096_ENABLE */
int neg = 0;
uint8_t *ptrA = (uint8_t *)XMALLOC(LTC_MAX_INT_BYTES, 0, DYNAMIC_TYPE_BIGINT);
uint8_t *ptrB = (uint8_t *)XMALLOC(LTC_MAX_INT_BYTES, 0, DYNAMIC_TYPE_BIGINT);
uint8_t *ptrC = (uint8_t *)XMALLOC(LTC_MAX_INT_BYTES, 0, DYNAMIC_TYPE_BIGINT);
uint8_t *ptrA = (uint8_t *)XMALLOC(LTC_MAX_INT_BYTES, NULL, DYNAMIC_TYPE_BIGINT);
uint8_t *ptrB = (uint8_t *)XMALLOC(LTC_MAX_INT_BYTES, NULL, DYNAMIC_TYPE_BIGINT);
uint8_t *ptrC = (uint8_t *)XMALLOC(LTC_MAX_INT_BYTES, NULL, DYNAMIC_TYPE_BIGINT);
#ifndef WOLFSSL_SP_MATH
/* get sign for the result */
@@ -233,12 +231,15 @@ int mp_mod(mp_int *a, mp_int *b, mp_int *c)
if (ptrC) {
XFREE(ptrC, NULL, DYNAMIC_TYPE_BIGINT);
}
#if defined(FREESCALE_LTC_TFM_RSA_4096_ENABLE)
}
else {
#if defined(FREESCALE_LTC_TFM_RSA_4096_ENABLE)
res = wolfcrypt_mp_mod(a, b, c);
#else
res = NOT_COMPILED_IN;
#endif
}
#endif /* FREESCALE_LTC_TFM_RSA_4096_ENABLE */
return res;
}
@@ -246,15 +247,13 @@ int mp_mod(mp_int *a, mp_int *b, mp_int *c)
int mp_invmod(mp_int *a, mp_int *b, mp_int *c)
{
int res = MP_OKAY;
#if defined(FREESCALE_LTC_TFM_RSA_4096_ENABLE)
int szA, szB;
szA = mp_unsigned_bin_size(a);
szB = mp_unsigned_bin_size(b);
if ((szA <= LTC_MAX_INT_BYTES) && (szB <= LTC_MAX_INT_BYTES)) {
#endif
uint8_t *ptrA = (uint8_t *)XMALLOC(LTC_MAX_INT_BYTES, 0, DYNAMIC_TYPE_BIGINT);
uint8_t *ptrB = (uint8_t *)XMALLOC(LTC_MAX_INT_BYTES, 0, DYNAMIC_TYPE_BIGINT);
uint8_t *ptrC = (uint8_t *)XMALLOC(LTC_MAX_INT_BYTES, 0, DYNAMIC_TYPE_BIGINT);
uint8_t *ptrA = (uint8_t *)XMALLOC(LTC_MAX_INT_BYTES, NULL, DYNAMIC_TYPE_BIGINT);
uint8_t *ptrB = (uint8_t *)XMALLOC(LTC_MAX_INT_BYTES, NULL, DYNAMIC_TYPE_BIGINT);
uint8_t *ptrC = (uint8_t *)XMALLOC(LTC_MAX_INT_BYTES, NULL, DYNAMIC_TYPE_BIGINT);
if (ptrA && ptrB && ptrC) {
uint16_t sizeA, sizeB, sizeC;
@@ -290,12 +289,14 @@ int mp_invmod(mp_int *a, mp_int *b, mp_int *c)
if (ptrC) {
XFREE(ptrC, NULL, DYNAMIC_TYPE_BIGINT);
}
#if defined(FREESCALE_LTC_TFM_RSA_4096_ENABLE)
}
else {
#if defined(FREESCALE_LTC_TFM_RSA_4096_ENABLE)
res = wolfcrypt_mp_invmod(a, b, c);
#else
res = NOT_COMPILED_IN;
#endif
}
#endif /* FREESCALE_LTC_TFM_RSA_4096_ENABLE */
return res;
}
@@ -303,13 +304,11 @@ int mp_invmod(mp_int *a, mp_int *b, mp_int *c)
int mp_mulmod(mp_int *a, mp_int *b, mp_int *c, mp_int *d)
{
int res = MP_OKAY;
#if defined(FREESCALE_LTC_TFM_RSA_4096_ENABLE)
int szA, szB, szC;
szA = mp_unsigned_bin_size(a);
szB = mp_unsigned_bin_size(b);
szC = mp_unsigned_bin_size(c);
if ((szA <= LTC_MAX_INT_BYTES) && (szB <= LTC_MAX_INT_BYTES) && (szC <= LTC_MAX_INT_BYTES)) {
#endif /* FREESCALE_LTC_TFM_RSA_4096_ENABLE */
mp_int t;
uint8_t *ptrA = (uint8_t *)XMALLOC(LTC_MAX_INT_BYTES, NULL, DYNAMIC_TYPE_BIGINT);
@@ -317,8 +316,8 @@ int mp_mulmod(mp_int *a, mp_int *b, mp_int *c, mp_int *d)
uint8_t *ptrC = (uint8_t *)XMALLOC(LTC_MAX_INT_BYTES, NULL, DYNAMIC_TYPE_BIGINT);
uint8_t *ptrD = (uint8_t *)XMALLOC(LTC_MAX_INT_BYTES, NULL, DYNAMIC_TYPE_BIGINT);
/* if A or B is negative, subtract abs(A) or abs(B) from modulus to get positive integer representation of the
* same number */
/* if A or B is negative, subtract abs(A) or abs(B) from modulus to get
* positive integer representation of the same number */
res = mp_init(&t);
#ifndef WOLFSSL_SP_MATH
if (a->sign) {
@@ -347,7 +346,8 @@ int mp_mulmod(mp_int *a, mp_int *b, mp_int *c, mp_int *d)
/* (A*B)mod C = ((A mod C) * (B mod C)) mod C */
if (res == MP_OKAY && LTC_PKHA_CompareBigNum(ptrA, sizeA, ptrC, sizeC) >= 0) {
if (kStatus_Success !=
LTC_PKHA_ModRed(LTC_BASE, ptrA, sizeA, ptrC, sizeC, ptrA, &sizeA, kLTC_PKHA_IntegerArith))
LTC_PKHA_ModRed(LTC_BASE, ptrA, sizeA, ptrC, sizeC, ptrA,
&sizeA, kLTC_PKHA_IntegerArith))
{
res = MP_VAL;
}
@@ -355,16 +355,18 @@ int mp_mulmod(mp_int *a, mp_int *b, mp_int *c, mp_int *d)
if (res == MP_OKAY && (LTC_PKHA_CompareBigNum(ptrB, sizeB, ptrC, sizeC) >= 0))
{
if (kStatus_Success !=
LTC_PKHA_ModRed(LTC_BASE, ptrB, sizeB, ptrC, sizeC, ptrB, &sizeB, kLTC_PKHA_IntegerArith))
LTC_PKHA_ModRed(LTC_BASE, ptrB, sizeB, ptrC, sizeC, ptrB,
&sizeB, kLTC_PKHA_IntegerArith))
{
res = MP_VAL;
}
}
if (res == MP_OKAY) {
if (kStatus_Success != LTC_PKHA_ModMul(LTC_BASE, ptrA, sizeA, ptrB, sizeB, ptrC, sizeC, ptrD, &sizeD,
kLTC_PKHA_IntegerArith, kLTC_PKHA_NormalValue,
kLTC_PKHA_NormalValue, kLTC_PKHA_TimingEqualized))
if (kStatus_Success != LTC_PKHA_ModMul(LTC_BASE, ptrA, sizeA,
ptrB, sizeB, ptrC, sizeC, ptrD, &sizeD,
kLTC_PKHA_IntegerArith, kLTC_PKHA_NormalValue,
kLTC_PKHA_NormalValue, kLTC_PKHA_TimingEqualized))
{
res = MP_VAL;
}
@@ -394,12 +396,15 @@ int mp_mulmod(mp_int *a, mp_int *b, mp_int *c, mp_int *d)
#ifndef USE_FAST_MATH
mp_clear(&t);
#endif
#if defined(FREESCALE_LTC_TFM_RSA_4096_ENABLE)
}
else {
#if defined(FREESCALE_LTC_TFM_RSA_4096_ENABLE)
res = wolfcrypt_mp_mulmod(a, b, c, d);
#else
res = NOT_COMPILED_IN;
#endif
}
#endif /* FREESCALE_LTC_TFM_RSA_4096_ENABLE */
return res;
}
@@ -407,12 +412,12 @@ int mp_mulmod(mp_int *a, mp_int *b, mp_int *c, mp_int *d)
int mp_exptmod(mp_int *G, mp_int *X, mp_int *P, mp_int *Y)
{
int res = MP_OKAY;
#if defined(FREESCALE_LTC_TFM_RSA_4096_ENABLE)
int szA, szB, szC;
mp_int tmp;
/* if G cannot fit into LTC_PKHA, reduce it */
szA = mp_unsigned_bin_size(G);
#if defined(FREESCALE_LTC_TFM_RSA_4096_ENABLE)
if (szA > LTC_MAX_INT_BYTES) {
res = mp_init(&tmp);
if (res != MP_OKAY)
@@ -423,18 +428,19 @@ int mp_exptmod(mp_int *G, mp_int *X, mp_int *P, mp_int *Y)
G = &tmp;
szA = mp_unsigned_bin_size(G);
}
#endif
szB = mp_unsigned_bin_size(X);
szC = mp_unsigned_bin_size(P);
if ((szA <= LTC_MAX_INT_BYTES) && (szB <= LTC_MAX_INT_BYTES) && (szC <= LTC_MAX_INT_BYTES)) {
#endif /* FREESCALE_LTC_TFM_RSA_4096_ENABLE */
if ((szA <= LTC_MAX_INT_BYTES) && (szB <= LTC_MAX_INT_BYTES) &&
(szC <= LTC_MAX_INT_BYTES))
{
mp_int t;
uint16_t sizeG, sizeX, sizeP;
uint8_t *ptrG = (uint8_t *)XMALLOC(LTC_MAX_INT_BYTES, 0, DYNAMIC_TYPE_BIGINT);
uint8_t *ptrX = (uint8_t *)XMALLOC(LTC_MAX_INT_BYTES, 0, DYNAMIC_TYPE_BIGINT);
uint8_t *ptrP = (uint8_t *)XMALLOC(LTC_MAX_INT_BYTES, 0, DYNAMIC_TYPE_BIGINT);
uint8_t *ptrG = (uint8_t *)XMALLOC(LTC_MAX_INT_BYTES, NULL, DYNAMIC_TYPE_BIGINT);
uint8_t *ptrX = (uint8_t *)XMALLOC(LTC_MAX_INT_BYTES, NULL, DYNAMIC_TYPE_BIGINT);
uint8_t *ptrP = (uint8_t *)XMALLOC(LTC_MAX_INT_BYTES, NULL, DYNAMIC_TYPE_BIGINT);
/* if G is negative, add modulus to convert to positive number for LTC */
res = mp_init(&t);
@@ -454,7 +460,8 @@ int mp_exptmod(mp_int *G, mp_int *X, mp_int *P, mp_int *Y)
if (res == MP_OKAY)
res = ltc_get_lsb_bin_from_mp_int(ptrP, P, &sizeP);
/* if number if greater that modulo, we must first reduce due to LTC requirement on modular exponentiaton */
/* if number if greater that modulo, we must first reduce due to
LTC requirement on modular exponentiation */
/* it needs number less than modulus. */
/* we can take advantage of modular arithmetic rule that: A^B mod C = ( (A mod C)^B ) mod C
and so we do first (A mod N) : LTC does not give size requirement on A versus N,
@@ -462,7 +469,8 @@ int mp_exptmod(mp_int *G, mp_int *X, mp_int *P, mp_int *Y)
*/
/* if G >= P then */
if (res == MP_OKAY && LTC_PKHA_CompareBigNum(ptrG, sizeG, ptrP, sizeP) >= 0) {
res = (int)LTC_PKHA_ModRed(LTC_BASE, ptrG, sizeG, ptrP, sizeP, ptrG, &sizeG, kLTC_PKHA_IntegerArith);
res = (int)LTC_PKHA_ModRed(LTC_BASE, ptrG, sizeG, ptrP, sizeP,
ptrG, &sizeG, kLTC_PKHA_IntegerArith);
if (res != kStatus_Success) {
res = MP_VAL;
@@ -470,8 +478,9 @@ int mp_exptmod(mp_int *G, mp_int *X, mp_int *P, mp_int *Y)
}
if (res == MP_OKAY) {
res = (int)LTC_PKHA_ModExp(LTC_BASE, ptrG, sizeG, ptrP, sizeP, ptrX, sizeX, ptrP, &sizeP,
kLTC_PKHA_IntegerArith, kLTC_PKHA_NormalValue, kLTC_PKHA_TimingEqualized);
res = (int)LTC_PKHA_ModExp(LTC_BASE, ptrG, sizeG, ptrP, sizeP,
ptrX, sizeX, ptrP, &sizeP, kLTC_PKHA_IntegerArith,
kLTC_PKHA_NormalValue, kLTC_PKHA_TimingEqualized);
if (res != kStatus_Success) {
res = MP_VAL;
@@ -498,17 +507,20 @@ int mp_exptmod(mp_int *G, mp_int *X, mp_int *P, mp_int *Y)
#ifndef USE_FAST_MATH
mp_clear(&t);
#endif
#if defined(FREESCALE_LTC_TFM_RSA_4096_ENABLE)
}
else {
#if defined(FREESCALE_LTC_TFM_RSA_4096_ENABLE)
res = wolfcrypt_mp_exptmod(G, X, P, Y);
#else
res = NOT_COMPILED_IN;
#endif
}
#ifndef USE_FAST_MATH
if (szA > LTC_MAX_INT_BYTES)
mp_clear(&tmp);
#endif
#endif /* FREESCALE_LTC_TFM_RSA_4096_ENABLE */
return res;
}
@@ -575,7 +587,7 @@ static const uint8_t ltc_ecc256_modulus[32] = {
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF};
static const uint8_t ltc_ecc256_r2modn[32] = {
static const uint8_t ltc_ecc256_r2modn[32] = { /* R^2 mod N */
0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF,
0xFF, 0xFB, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFD, 0xFF, 0xFF, 0xFF, 0x04, 0x00, 0x00, 0x00};
@@ -696,7 +708,7 @@ static int ltc_get_ecc_specs(const uint8_t **modulus, const uint8_t **r2modn,
(1==map, 0 == leave in projective)
return MP_OKAY on success
*/
int wc_ecc_mulmod_ex(mp_int *k, ecc_point *G, ecc_point *R, mp_int* a,
int wc_ecc_mulmod_ex(const mp_int *k, ecc_point *G, ecc_point *R, mp_int* a,
mp_int *modulus, int map, void* heap)
{
ltc_pkha_ecc_point_t B;
@@ -707,9 +719,6 @@ int wc_ecc_mulmod_ex(mp_int *k, ecc_point *G, ecc_point *R, mp_int* a,
status_t status;
int res;
(void)a;
(void)heap;
uint8_t Gxbin[LTC_MAX_ECC_BITS / 8];
uint8_t Gybin[LTC_MAX_ECC_BITS / 8];
uint8_t kbin[LTC_MAX_INT_BYTES];
@@ -719,6 +728,9 @@ int wc_ecc_mulmod_ex(mp_int *k, ecc_point *G, ecc_point *R, mp_int* a,
const uint8_t *bCurveParam;
const uint8_t *r2modn;
(void)a;
(void)heap;
if (k == NULL || G == NULL || R == NULL || modulus == NULL) {
return ECC_BAD_ARG_E;
}
@@ -726,26 +738,32 @@ int wc_ecc_mulmod_ex(mp_int *k, ecc_point *G, ecc_point *R, mp_int* a,
szModulus = mp_unsigned_bin_size(modulus);
szkbin = mp_unsigned_bin_size(k);
res = ltc_get_from_mp_int(kbin, k, szkbin);
/* make sure LTC big number variable is large enough */
if (szModulus > LTC_MAX_INT_BYTES / 2) {
return MP_MEM;
}
res = ltc_get_from_mp_int(kbin, (mp_int*)k, szkbin);
if (res == MP_OKAY)
res = ltc_get_from_mp_int(Gxbin, G->x, szModulus);
if (res == MP_OKAY)
res = ltc_get_from_mp_int(Gybin, G->y, szModulus);
if (res != MP_OKAY)
return res;
size = szModulus;
/* find LTC friendly parameters for the selected curve */
if (0 != ltc_get_ecc_specs(&modbin, &r2modn, &aCurveParam, &bCurveParam, size)) {
if (ltc_get_ecc_specs(&modbin, &r2modn, &aCurveParam, &bCurveParam, size) != 0) {
return ECC_BAD_ARG_E;
}
B.X = &Gxbin[0];
B.Y = &Gybin[0];
status = LTC_PKHA_ECC_PointMul(LTC_BASE, &B, kbin, szkbin, modbin, r2modn, aCurveParam, bCurveParam, size,
kLTC_PKHA_TimingEqualized, kLTC_PKHA_IntegerArith, &B, &point_of_infinity);
status = LTC_PKHA_ECC_PointMul(LTC_BASE, &B, kbin, szkbin, modbin, r2modn,
aCurveParam, bCurveParam, size, kLTC_PKHA_TimingEqualized,
kLTC_PKHA_IntegerArith, &B, &point_of_infinity);
if (status != kStatus_Success) {
return MP_VAL;
}
@@ -768,7 +786,7 @@ int wc_ecc_mulmod_ex(mp_int *k, ecc_point *G, ecc_point *R, mp_int* a,
return res;
}
int wc_ecc_mulmod_ex2(mp_int* k, ecc_point *G, ecc_point *R, mp_int* a,
int wc_ecc_mulmod_ex2(const mp_int* k, ecc_point *G, ecc_point *R, mp_int* a,
mp_int* modulus, mp_int* order, WC_RNG* rng, int map,
void* heap)
{
@@ -817,8 +835,8 @@ int wc_ecc_point_add(ecc_point *mG, ecc_point *mQ, ecc_point *mR, mp_int *m)
B.X = Qxbin;
B.Y = Qybin;
status = LTC_PKHA_ECC_PointAdd(LTC_BASE, &A, &B, modbin, r2modn, aCurveParam, bCurveParam, size,
kLTC_PKHA_IntegerArith, &A);
status = LTC_PKHA_ECC_PointAdd(LTC_BASE, &A, &B, modbin, r2modn,
aCurveParam, bCurveParam, size, kLTC_PKHA_IntegerArith, &A);
if (status != kStatus_Success) {
res = MP_VAL;
}
@@ -1131,7 +1149,8 @@ status_t LTC_PKHA_Curve25519ComputeY(ltc_pkha_ecc_point_t *ltcPoint)
/* if type is set, the input point p is in Montgomery curve coordinates,
so there is a map to Weierstrass curve */
/* q output point is always in Montgomery curve coordinates */
int nxp_ltc_curve25519(ECPoint *q, const byte *n, const ECPoint *p, fsl_ltc_ecc_coordinate_system_t type)
int nxp_ltc_curve25519(ECPoint *q, const byte *n, const ECPoint *p,
fsl_ltc_ecc_coordinate_system_t type)
{
status_t status;
ltc_pkha_ecc_point_t ltcPoint;

4
wolfcrypt/src/port/st/stm32.c
View File

@@ -646,7 +646,7 @@ static int stm32_get_ecc_specs(const uint8_t **prime, const uint8_t **coef,
(1==map, 0 == leave in projective)
return MP_OKAY on success
*/
int wc_ecc_mulmod_ex(mp_int *k, ecc_point *G, ecc_point *R, mp_int* a,
int wc_ecc_mulmod_ex(const mp_int *k, ecc_point *G, ecc_point *R, mp_int* a,
mp_int *modulus, int map, void* heap)
{
PKA_ECCMulInTypeDef pka_mul;
@@ -725,7 +725,7 @@ int wc_ecc_mulmod_ex(mp_int *k, ecc_point *G, ecc_point *R, mp_int* a,
return res;
}
int wc_ecc_mulmod_ex2(mp_int* k, ecc_point *G, ecc_point *R, mp_int* a,
int wc_ecc_mulmod_ex2(const mp_int* k, ecc_point *G, ecc_point *R, mp_int* a,
mp_int* modulus, mp_int* order, WC_RNG* rng, int map,
void* heap)
{

2
wolfcrypt/src/sp_int.c
View File

@@ -8874,7 +8874,7 @@ static int _sp_exptmod_nct(sp_int* b, sp_int* e, sp_int* m, sp_int* r)
/* Sqaure until we find bit that is 1 or there's less than a
* window of bits left.
*/
while ((i >= 0) || (c >= winBits)) {
while (err == MP_OKAY && ((i >= 0) || (c >= winBits))) {
sp_digit n2 = n;
int c2 = c;
int i2 = i;

2
wolfssl/openssl/ssl.h
View File

@@ -602,6 +602,8 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
#define X509_STORE_set_flags wolfSSL_X509_STORE_set_flags
#define X509_STORE_get1_certs wolfSSL_X509_STORE_get1_certs
#define X509_STORE_get_by_subject wolfSSL_X509_STORE_get_by_subject
#define X509_STORE_set_ex_data wolfSSL_X509_STORE_set_ex_data
#define X509_STORE_get_ex_data wolfSSL_X509_STORE_get_ex_data
#define X509_STORE_CTX_get1_issuer wolfSSL_X509_STORE_CTX_get1_issuer
#define X509_STORE_CTX_set_time wolfSSL_X509_STORE_CTX_set_time
#define X509_VERIFY_PARAM_new wolfSSL_X509_VERIFY_PARAM_new

4
wolfssl/ssl.h
View File

@@ -1667,6 +1667,10 @@ WOLFSSL_API void* wolfSSL_X509_STORE_CTX_get_ex_data(
WOLFSSL_X509_STORE_CTX* ctx, int idx);
WOLFSSL_API int wolfSSL_X509_STORE_CTX_set_ex_data(WOLFSSL_X509_STORE_CTX* ctx,
int idx, void *data);
WOLFSSL_API void* wolfSSL_X509_STORE_get_ex_data(
WOLFSSL_X509_STORE* store, int idx);
WOLFSSL_API int wolfSSL_X509_STORE_set_ex_data(WOLFSSL_X509_STORE* store,
int idx, void *data);
WOLFSSL_API void wolfSSL_X509_STORE_CTX_set_depth(WOLFSSL_X509_STORE_CTX* ctx,
int depth);
WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_STORE_CTX_get0_current_issuer(

7
wolfssl/wolfcrypt/settings.h
View File

@@ -1178,8 +1178,11 @@ extern void uITRON4_free(void *p) ;
/* the LTC PKHA hardware limit is 2048 bits (256 bytes) for integer arithmetic.
the LTC_MAX_INT_BYTES defines the size of local variables that hold big integers. */
#ifndef LTC_MAX_INT_BYTES
#define LTC_MAX_INT_BYTES (256)
/* size is multiplication of 2 big ints */
#if !defined(NO_RSA) || !defined(NO_DH)
#define LTC_MAX_INT_BYTES (256*2)
#else
#define LTC_MAX_INT_BYTES (48*2)
#endif
/* This FREESCALE_LTC_TFM_RSA_4096_ENABLE macro can be defined.

5
wolfssl/wolfcrypt/tfm.h
View File

@@ -70,6 +70,11 @@
#define TFM_X86_64
#endif
#endif
#if defined(__aarch64__) && defined(__APPLE__)
#if !defined(TFM_AARCH_64) && !defined(TFM_NO_ASM)
#define TFM_AARCH_64
#endif
#endif
#if defined(TFM_X86_64) || defined(TFM_AARCH_64)
#if !defined(FP_64BIT)
#define FP_64BIT