diff --git a/IDE/Renesas/e2studio/RA6M3G/client-wolfssl/wolfssl_thread_entry.h b/IDE/Renesas/e2studio/RA6M3G/client-wolfssl/wolfssl_thread_entry.h old mode 100755 new mode 100644 diff --git a/IDE/Renesas/e2studio/RA6M3G/common/ra6m3g/README.md b/IDE/Renesas/e2studio/RA6M3G/common/ra6m3g/README.md old mode 100755 new mode 100644 diff --git a/IDE/Renesas/e2studio/RA6M3G/server-wolfssl/wolfssl_thread_entry.h b/IDE/Renesas/e2studio/RA6M3G/server-wolfssl/wolfssl_thread_entry.h old mode 100755 new mode 100644 diff --git a/src/ssl.c b/src/ssl.c old mode 100755 new mode 100644 diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c old mode 100755 new mode 100644 diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index c4e60043f..2c7facc55 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -9798,9 +9798,8 @@ void wc_FreeDer(DerBuffer** pDer) #if defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM) -/* Max X509 header length indicates the max length + 2 ('\n', '\0') */ -#define MAX_X509_HEADER_SZ (37 + 2) - +/* Note: If items added make sure MAX_X509_HEADER_SZ is + updated to reflect maximum length */ wcchar BEGIN_CERT = "-----BEGIN CERTIFICATE-----"; wcchar END_CERT = "-----END CERTIFICATE-----"; #ifdef WOLFSSL_CERT_REQ @@ -15369,11 +15368,11 @@ static int EccKeyParamCopy(char** dst, char* src) int wc_EccPublicKeyDecode(const byte* input, word32* inOutIdx, ecc_key* key, word32 inSz) { - int length; int ret; + int version, length; int curve_id = ECC_CURVE_DEF; word32 oidSum, localIdx; - byte tag; + byte tag, isPrivFormat = 0; if (input == NULL || inOutIdx == NULL || key == NULL || inSz == 0) return BAD_FUNC_ARG; @@ -15381,12 +15380,44 @@ int wc_EccPublicKeyDecode(const byte* input, word32* inOutIdx, if (GetSequence(input, inOutIdx, &length, inSz) < 0) return ASN_PARSE_E; - if (GetSequence(input, inOutIdx, &length, inSz) < 0) - return ASN_PARSE_E; + /* Check if ECC private key is being used and skip private portion */ + if (GetMyVersion(input, inOutIdx, &version, inSz) >= 0) { + isPrivFormat = 1; - ret = SkipObjectId(input, inOutIdx, inSz); - if (ret != 0) - return ret; + /* Type private key */ + if (*inOutIdx >= inSz) + return ASN_PARSE_E; + tag = input[*inOutIdx]; + *inOutIdx += 1; + if (tag != 4 && tag != 6 && tag != 7) + return ASN_PARSE_E; + + /* Skip Private Key */ + if (GetLength(input, inOutIdx, &length, inSz) < 0) + return ASN_PARSE_E; + if (length > ECC_MAXSIZE) + return BUFFER_E; + *inOutIdx += length; + + /* Private Curve Header */ + if (*inOutIdx >= inSz) + return ASN_PARSE_E; + tag = input[*inOutIdx]; + *inOutIdx += 1; + if (tag != ECC_PREFIX_0) + return ASN_ECC_KEY_E; + if (GetLength(input, inOutIdx, &length, inSz) <= 0) + return ASN_PARSE_E; + } + /* Standard ECC public key */ + else { + if (GetSequence(input, inOutIdx, &length, inSz) < 0) + return ASN_PARSE_E; + + ret = SkipObjectId(input, inOutIdx, inSz); + if (ret != 0) + return ret; + } if (*inOutIdx >= inSz) { return BUFFER_E; @@ -15541,9 +15572,23 @@ int wc_EccPublicKeyDecode(const byte* input, word32* inOutIdx, return ret; /* get curve id */ - curve_id = wc_ecc_get_oid(oidSum, NULL, 0); - if (curve_id < 0) + if ((ret = CheckCurve(oidSum)) < 0) return ECC_CURVE_OID_E; + else { + curve_id = ret; + } + } + + if (isPrivFormat) { + /* Public Curve Header - skip */ + if (*inOutIdx >= inSz) + return ASN_PARSE_E; + tag = input[*inOutIdx]; + *inOutIdx += 1; + if (tag != ECC_PREFIX_1) + return ASN_ECC_KEY_E; + if (GetLength(input, inOutIdx, &length, inSz) <= 0) + return ASN_PARSE_E; } /* key header */ diff --git a/wolfcrypt/src/coding.c b/wolfcrypt/src/coding.c index f6c814e01..2a8dcb418 100644 --- a/wolfcrypt/src/coding.c +++ b/wolfcrypt/src/coding.c @@ -31,17 +31,26 @@ #include #include #include - +#ifndef NO_ASN + #include /* For PEM_LINE_SZ */ +#endif enum { BAD = 0xFF, /* invalid encoding */ PAD = '=', - PEM_LINE_SZ = 64, BASE64_MIN = 0x2B, BASE16_MIN = 0x30, }; +#ifndef BASE64_LINE_SZ + #ifdef NO_ASN + #define BASE64_LINE_SZ 64 + #else + #define BASE64_LINE_SZ PEM_LINE_SZ + #endif +#endif + #ifdef WOLFSSL_BASE64_DECODE static @@ -91,7 +100,7 @@ int Base64_Decode(const byte* in, word32 inLen, byte* out, word32* outLen) { word32 i = 0; word32 j = 0; - word32 plainSz = inLen - ((inLen + (PEM_LINE_SZ - 1)) / PEM_LINE_SZ ); + word32 plainSz = inLen - ((inLen + (BASE64_LINE_SZ - 1)) / BASE64_LINE_SZ ); int ret; const byte maxIdx = (byte)sizeof(base64Decode) + BASE64_MIN - 1; @@ -291,7 +300,7 @@ static int DoBase64_Encode(const byte* in, word32 inLen, byte* out, int getSzOnly = (out == NULL); word32 outSz = (inLen + 3 - 1) / 3 * 4; - word32 addSz = (outSz + PEM_LINE_SZ - 1) / PEM_LINE_SZ; /* new lines */ + word32 addSz = (outSz + BASE64_LINE_SZ - 1) / BASE64_LINE_SZ; /* new lines */ if (escaped == WC_ESC_NL_ENC) addSz *= 3; /* instead of just \n, we're doing %0A triplet */ @@ -328,8 +337,8 @@ static int DoBase64_Encode(const byte* in, word32 inLen, byte* out, inLen -= 3; - /* Insert newline after PEM_LINE_SZ, unless no \n requested */ - if (escaped != WC_NO_NL_ENC && (++n % (PEM_LINE_SZ/4)) == 0 && inLen) { + /* Insert newline after BASE64_LINE_SZ, unless no \n requested */ + if (escaped != WC_NO_NL_ENC && (++n % (BASE64_LINE_SZ/4)) == 0 && inLen) { ret = CEscape(escaped, '\n', out, &i, *outLen, 1, getSzOnly); if (ret != 0) break; } diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 5e29eda3e..0f495862e 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -120,11 +120,7 @@ #include #include #include -#if defined(WOLFSSL_TEST_CERT) || defined(ASN_BER_TO_DER) - #include -#else - #include -#endif +#include #include #include #include @@ -1286,18 +1282,17 @@ initDefaultName(); #endif /* NO_MAIN_DRIVER */ /* helper to save DER, convert to PEM and save PEM */ -#if !defined(NO_ASN) && (!defined(NO_RSA) || defined(HAVE_ECC)) && \ - (defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN)) +#if !defined(NO_ASN) && (defined(HAVE_ECC) || \ + (!defined(NO_RSA) && (defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN)))) #if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES) -#define SaveDerAndPem(d, dSz, p, pSz, fD, fP, pT, eB) _SaveDerAndPem(d, dSz, p, pSz, fD, fP, pT, eB) +#define SaveDerAndPem(d, dSz, fD, fP, pT, eB) _SaveDerAndPem(d, dSz, fD, fP, pT, eB) #else -#define SaveDerAndPem(d, dSz, p, pSz, fD, fP, pT, eB) _SaveDerAndPem(d, dSz, p, pSz, NULL, NULL, pT, eB) +#define SaveDerAndPem(d, dSz, fD, fP, pT, eB) _SaveDerAndPem(d, dSz, NULL, NULL, pT, eB) #endif static int _SaveDerAndPem(const byte* der, int derSz, - byte* pem, int pemSz, const char* fileDer, - const char* filePem, int pemType, int errBase) + const char* fileDer, const char* filePem, int pemType, int errBase) { #if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES) int ret; @@ -1314,32 +1309,53 @@ static int _SaveDerAndPem(const byte* der, int derSz, } #endif - if (pem && filePem) { +#ifdef WOLFSSL_DER_TO_PEM + if (filePem) { #if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES) XFILE pemFile; #endif - #ifdef WOLFSSL_DER_TO_PEM + byte* pem; + int pemSz; + + /* calculate PEM size */ + pemSz = wc_DerToPem(der, derSz, NULL, 0, pemType); + if (pemSz < 0) { + return pemSz; + } + pem = (byte*)XMALLOC(pemSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (pem == NULL) { + return MEMORY_E; + } + /* Convert to PEM */ pemSz = wc_DerToPem(der, derSz, pem, pemSz, pemType); if (pemSz < 0) { + XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return errBase + 2; } - #endif #if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES) pemFile = XFOPEN(filePem, "wb"); if (!pemFile) { + XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return errBase + 3; } ret = (int)XFWRITE(pem, 1, pemSz, pemFile); XFCLOSE(pemFile); if (ret != pemSz) { + XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return errBase + 4; } #endif + XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); } +#endif /* WOLFSSL_DER_TO_PEM */ /* suppress unused variable warnings */ + (void)der; + (void)derSz; (void)filePem; (void)fileDer; + (void)pemType; + (void)errBase; return 0; } @@ -10357,12 +10373,10 @@ byte GetEntropy(ENTROPY_CMD cmd, byte* out) static const char* certEccRsaPemFile = CERT_PREFIX "certeccrsa.pem"; static const char* certEccRsaDerFile = CERT_PREFIX "certeccrsa.der"; #endif - #ifdef WOLFSSL_KEY_GEN static const char* eccCaKeyPemFile = CERT_PREFIX "ecc-key.pem"; static const char* eccPubKeyDerFile = CERT_PREFIX "ecc-public-key.der"; static const char* eccCaKeyTempFile = CERT_PREFIX "ecc-key.der"; static const char* eccPkcs8KeyDerFile = CERT_PREFIX "ecc-key-pkcs8.der"; - #endif #if defined(WOLFSSL_CERT_GEN) || \ (defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_TEST_CERT)) static const char* certEccDerFile = CERT_PREFIX "certecc.der"; @@ -12229,7 +12243,6 @@ static int rsa_certgen_test(RsaKey* key, RsaKey* keypub, WC_RNG* rng, byte* tmp) { RsaKey caKey; byte* der; - byte* pem = NULL; int ret; Cert* myCert = NULL; int certSz; @@ -12255,10 +12268,6 @@ static int rsa_certgen_test(RsaKey* key, RsaKey* keypub, WC_RNG* rng, byte* tmp) if (der == NULL) { ERROR_OUT(-7619, exit_rsa); } - pem = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,DYNAMIC_TYPE_TMP_BUFFER); - if (pem == NULL) { - ERROR_OUT(-7620, exit_rsa); - } myCert = (Cert*)XMALLOC(sizeof(Cert), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (myCert == NULL) { ERROR_OUT(-7621, exit_rsa); @@ -12337,8 +12346,8 @@ static int rsa_certgen_test(RsaKey* key, RsaKey* keypub, WC_RNG* rng, byte* tmp) FreeDecodedCert(&decode); #endif - ret = SaveDerAndPem(der, certSz, pem, FOURK_BUF, certDerFile, - certPemFile, CERT_TYPE, -5578); + ret = SaveDerAndPem(der, certSz, certDerFile, certPemFile, + CERT_TYPE, -5578); if (ret != 0) { goto exit_rsa; } @@ -12500,8 +12509,8 @@ static int rsa_certgen_test(RsaKey* key, RsaKey* keypub, WC_RNG* rng, byte* tmp) FreeDecodedCert(&decode); #endif - ret = SaveDerAndPem(der, certSz, pem, FOURK_BUF, otherCertDerFile, - otherCertPemFile, CERT_TYPE, -5598); + ret = SaveDerAndPem(der, certSz, otherCertDerFile, otherCertPemFile, + CERT_TYPE, -5598); if (ret != 0) { goto exit_rsa; } @@ -12510,7 +12519,6 @@ exit_rsa: wc_FreeRsaKey(&caKey); XFREE(myCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return ret; @@ -12525,7 +12533,6 @@ static int rsa_ecc_certgen_test(WC_RNG* rng, byte* tmp) ecc_key caEccKey; ecc_key caEccKeyPub; byte* der; - byte* pem = NULL; Cert* myCert = NULL; int certSz; size_t bytes3; @@ -12547,10 +12554,6 @@ static int rsa_ecc_certgen_test(WC_RNG* rng, byte* tmp) if (der == NULL) { ERROR_OUT(-7645, exit_rsa); } - pem = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (pem == NULL) { - ERROR_OUT(-7646, exit_rsa); - } myCert = (Cert*)XMALLOC(sizeof(Cert), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (myCert == NULL) { ERROR_OUT(-7647, exit_rsa); @@ -12697,8 +12700,8 @@ static int rsa_ecc_certgen_test(WC_RNG* rng, byte* tmp) FreeDecodedCert(&decode); #endif - ret = SaveDerAndPem(der, certSz, pem, FOURK_BUF, certEccRsaDerFile, - certEccRsaPemFile, CERT_TYPE, -5616); + ret = SaveDerAndPem(der, certSz, certEccRsaDerFile, certEccRsaPemFile, + CERT_TYPE, -5616); if (ret != 0) { goto exit_rsa; } @@ -12710,8 +12713,6 @@ exit_rsa: XFREE(myCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); myCert = NULL; - XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - pem = NULL; XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); der = NULL; @@ -12727,7 +12728,6 @@ static int rsa_keygen_test(WC_RNG* rng) RsaKey genKey; int ret; byte* der = NULL; - byte* pem = NULL; word32 idx = 0; int derSz = 0; #if !defined(WOLFSSL_SP_MATH) && !defined(HAVE_FIPS) @@ -12766,17 +12766,13 @@ static int rsa_keygen_test(WC_RNG* rng) if (der == NULL) { ERROR_OUT(-7665, exit_rsa); } - pem = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (pem == NULL) { - ERROR_OUT(-7666, exit_rsa); - } derSz = wc_RsaKeyToDer(&genKey, der, FOURK_BUF); if (derSz < 0) { ERROR_OUT(-7667, exit_rsa); } - ret = SaveDerAndPem(der, derSz, pem, FOURK_BUF, keyDerFile, keyPemFile, + ret = SaveDerAndPem(der, derSz, keyDerFile, keyPemFile, PRIVATEKEY_TYPE, -5555); if (ret != 0) { goto exit_rsa; @@ -12798,10 +12794,6 @@ static int rsa_keygen_test(WC_RNG* rng) exit_rsa: wc_FreeRsaKey(&genKey); - if (pem != NULL) { - XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - pem = NULL; - } if (der != NULL) { XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); der = NULL; @@ -12816,7 +12808,6 @@ int rsa_test(void) int ret; byte* tmp; byte* der = NULL; - byte* pem = NULL; size_t bytes; WC_RNG rng; RsaKey key; @@ -13698,10 +13689,6 @@ int rsa_test(void) if (der == NULL) { ERROR_OUT(-7758, exit_rsa); } - pem = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,DYNAMIC_TYPE_TMP_BUFFER); - if (pem == NULL) { - ERROR_OUT(-7759, exit_rsa); - } certSz = wc_MakeNtruCert(&myCert, der, FOURK_BUF, public_key, public_key_len, &rng); @@ -13735,8 +13722,8 @@ int rsa_test(void) FreeDecodedCert(&decode); #endif - ret = SaveDerAndPem(der, certSz, pem, FOURK_BUF, "./ntru-cert.der", - "./ntru-cert.pem", CERT_TYPE, -5637); + ret = SaveDerAndPem(der, certSz, "./ntru-cert.der", "./ntru-cert.pem", + CERT_TYPE, -5637); if (ret != 0) { goto exit_rsa; } @@ -13753,8 +13740,6 @@ int rsa_test(void) } #endif - XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - pem = NULL; XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); der = NULL; } @@ -13768,10 +13753,6 @@ int rsa_test(void) if (der == NULL) { ERROR_OUT(-7765, exit_rsa); } - pem = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,DYNAMIC_TYPE_TMP_BUFFER); - if (pem == NULL) { - ERROR_OUT(-7766, exit_rsa); - } if (wc_InitCert(&req)) { ERROR_OUT(-7767, exit_rsa); @@ -13846,8 +13827,8 @@ int rsa_test(void) } derSz = ret; - ret = SaveDerAndPem(der, derSz, pem, FOURK_BUF, certReqDerFile, - certReqPemFile, CERTREQ_TYPE, -5650); + ret = SaveDerAndPem(der, derSz, certReqDerFile, certReqPemFile, + CERTREQ_TYPE, -5650); if (ret != 0) { goto exit_rsa; } @@ -13857,8 +13838,6 @@ int rsa_test(void) ERROR_OUT(-7776, exit_rsa); } - XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - pem = NULL; XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); der = NULL; } @@ -13878,7 +13857,6 @@ exit_rsa: wc_FreeRsaKey(&caKey); #endif - XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_FreeRng(&rng); @@ -14606,7 +14584,6 @@ int dsa_test(void) #ifdef WOLFSSL_KEY_GEN { byte* der; - byte* pem; int derSz = 0; DsaKey derIn; DsaKey genKey; @@ -14631,25 +14608,17 @@ int dsa_test(void) wc_FreeDsaKey(&genKey); return -8011; } - pem = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (pem == NULL) { - XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_FreeDsaKey(&genKey); - return -8012; - } derSz = wc_DsaKeyToDer(&genKey, der, FOURK_BUF); if (derSz < 0) { XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -8013; } - ret = SaveDerAndPem(der, derSz, pem, FOURK_BUF, keyDerFile, - keyPemFile, DSA_PRIVATEKEY_TYPE, -5814); + ret = SaveDerAndPem(der, derSz, keyDerFile, keyPemFile, + DSA_PRIVATEKEY_TYPE, -5814); if (ret != 0) { XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_FreeDsaKey(&genKey); return ret; } @@ -14657,7 +14626,6 @@ int dsa_test(void) ret = wc_InitDsaKey(&derIn); if (ret != 0) { XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_FreeDsaKey(&genKey); return -8014; } @@ -14666,7 +14634,6 @@ int dsa_test(void) ret = wc_DsaPrivateKeyDecode(der, &idx, &derIn, derSz); if (ret != 0) { XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_FreeDsaKey(&derIn); wc_FreeDsaKey(&genKey); return -8015; @@ -14674,7 +14641,6 @@ int dsa_test(void) wc_FreeDsaKey(&derIn); wc_FreeDsaKey(&genKey); - XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); } #endif /* WOLFSSL_KEY_GEN */ @@ -17714,6 +17680,10 @@ int x963kdf_test(void) #ifdef HAVE_ECC +#ifndef ECC_KEYGEN_SIZE + /* size to use for ECC key gen tests */ + #define ECC_KEYGEN_SIZE 32 +#endif #ifdef BENCH_EMBEDDED #define ECC_SHARED_SIZE 128 #else @@ -18212,9 +18182,9 @@ done: static int ecc_test_make_pub(WC_RNG* rng) { ecc_key key; - unsigned char* exportBuf; - unsigned char* tmp; - unsigned char msg[] = "test wolfSSL ECC public gen"; + byte exportBuf[ECC_BUFSIZE]; + byte tmp[ECC_BUFSIZE]; + const byte* msg = (const byte*)"test wolfSSL ECC public gen"; word32 x, tmpSz; int ret = 0; ecc_point* pubPoint = NULL; @@ -18231,33 +18201,15 @@ static int ecc_test_make_pub(WC_RNG* rng) wc_ecc_init_ex(&key, HEAP_HINT, devId); #ifdef USE_CERT_BUFFERS_256 - tmp = (byte*)XMALLOC((size_t)sizeof_ecc_key_der_256, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (tmp == NULL) { - return -9613; - } - exportBuf = (byte*)XMALLOC((size_t)sizeof_ecc_key_der_256, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (exportBuf == NULL) { - XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - return -9614; - } XMEMCPY(tmp, ecc_key_der_256, (size_t)sizeof_ecc_key_der_256); tmpSz = (size_t)sizeof_ecc_key_der_256; #else - tmp = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (tmp == NULL) { - return -9615; - } - exportBuf = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (exportBuf == NULL) { - XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - return -9616; - } file = XFOPEN(eccKeyDerFile, "rb"); if (!file) { ERROR_OUT(-9617, done); } - tmpSz = (word32)XFREAD(tmp, 1, FOURK_BUF, file); + tmpSz = (word32)XFREAD(tmp, 1, sizeof(tmp), file); XFCLOSE(file); #endif /* USE_CERT_BUFFERS_256 */ @@ -18279,7 +18231,7 @@ static int ecc_test_make_pub(WC_RNG* rng) } #ifdef HAVE_ECC_KEY_EXPORT - x = FOURK_BUF; + x = sizeof(exportBuf); ret = wc_ecc_export_private_only(&key, exportBuf, &x); if (ret != 0) { ERROR_OUT(-9621, done); @@ -18293,7 +18245,7 @@ static int ecc_test_make_pub(WC_RNG* rng) ERROR_OUT(-9622, done); } - x = FOURK_BUF; + x = sizeof(exportBuf); ret = wc_ecc_export_x963_ex(&key, exportBuf, &x, 0); if (ret == 0) { ERROR_OUT(-9623, done); @@ -18321,7 +18273,7 @@ static int ecc_test_make_pub(WC_RNG* rng) #ifdef HAVE_ECC_KEY_EXPORT /* export should still fail, is private only key */ - x = FOURK_BUF; + x = sizeof(exportBuf); ret = wc_ecc_export_x963_ex(&key, exportBuf, &x, 0); if (ret == 0) { ERROR_OUT(-9627, done); @@ -18329,13 +18281,13 @@ static int ecc_test_make_pub(WC_RNG* rng) #endif /* HAVE_ECC_KEY_EXPORT */ #if defined(WOLFSSL_CRYPTOCELL) /* create a new key since building private key from public key is unsupported */ - ret = wc_ecc_make_key(rng, 32, &key); + ret = wc_ecc_make_key(rng, ECC_KEYGEN_SIZE, &key); if (ret == 0) { ERROR_OUT(-9628, done); } #endif #ifdef HAVE_ECC_SIGN - tmpSz = FOURK_BUF; + tmpSz = sizeof(tmp); ret = 0; do { #if defined(WOLFSSL_ASYNC_CRYPT) @@ -18369,7 +18321,7 @@ static int ecc_test_make_pub(WC_RNG* rng) TEST_SLEEP(); #ifdef HAVE_ECC_KEY_EXPORT /* exporting the public part should now work */ - x = FOURK_BUF; + x = sizeof(exportBuf); ret = wc_ecc_export_x963_ex(&key, exportBuf, &x, 0); if (ret != 0) { ERROR_OUT(-9632, done); @@ -18381,7 +18333,7 @@ static int ecc_test_make_pub(WC_RNG* rng) #if defined(HAVE_ECC_DHE) && defined(HAVE_ECC_KEY_EXPORT) /* now test private only key with creating a shared secret */ - x = FOURK_BUF; + x = sizeof(exportBuf); ret = wc_ecc_export_private_only(&key, exportBuf, &x); if (ret != 0) { ERROR_OUT(-9633, done); @@ -18396,7 +18348,7 @@ static int ecc_test_make_pub(WC_RNG* rng) } /* check that public export fails with private only key */ - x = FOURK_BUF; + x = sizeof(exportBuf); ret = wc_ecc_export_x963_ex(&key, exportBuf, &x, 0); if (ret == 0) { ERROR_OUT(-9635, done); @@ -18404,7 +18356,7 @@ static int ecc_test_make_pub(WC_RNG* rng) /* make public key for shared secret */ wc_ecc_init_ex(&pub, HEAP_HINT, devId); - ret = wc_ecc_make_key(rng, 32, &pub); + ret = wc_ecc_make_key(rng, ECC_KEYGEN_SIZE, &pub); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &pub.asyncDev, WC_ASYNC_FLAG_NONE); #endif @@ -18413,7 +18365,7 @@ static int ecc_test_make_pub(WC_RNG* rng) } TEST_SLEEP(); - x = FOURK_BUF; + x = sizeof(exportBuf); do { #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); @@ -18433,18 +18385,62 @@ static int ecc_test_make_pub(WC_RNG* rng) done: - XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(exportBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_ecc_del_point_h(pubPoint, HEAP_HINT); wc_ecc_free(&key); return ret; } + +static int ecc_test_key_decode(WC_RNG* rng, int keySize) +{ + int ret; + ecc_key eccKey; + byte tmpBuf[ECC_BUFSIZE]; + word32 tmpSz; + word32 idx; + + ret = wc_ecc_init(&eccKey); + if (ret != 0) { + return ret; + } + ret = wc_ecc_make_key(rng, keySize, &eccKey); + if (ret != 0) { + wc_ecc_free(&eccKey); + return ret; + } + + tmpSz = sizeof(tmpBuf); + ret = wc_EccKeyToDer(&eccKey, tmpBuf, tmpSz); + wc_ecc_free(&eccKey); + if (ret < 0) { + return ret; + } + tmpSz = ret; + + ret = wc_ecc_init(&eccKey); + if (ret != 0) { + return ret; + } + idx = 0; + ret = wc_EccPrivateKeyDecode(tmpBuf, &idx, &eccKey, tmpSz); + wc_ecc_free(&eccKey); + if (ret != 0) { + return ret; + } + + ret = wc_ecc_init(&eccKey); + if (ret != 0) { + return 0; + } + + idx = 0; + ret = wc_EccPublicKeyDecode(tmpBuf, &idx, &eccKey, tmpSz); + wc_ecc_free(&eccKey); + + return ret; +} #endif /* HAVE_ECC_KEY_IMPORT */ - -#ifdef WOLFSSL_KEY_GEN static int ecc_test_key_gen(WC_RNG* rng, int keySize) { int ret = 0; @@ -18452,20 +18448,9 @@ static int ecc_test_key_gen(WC_RNG* rng, int keySize) #ifdef HAVE_PKCS8 word32 pkcs8Sz; #endif - byte* der; - byte* pem; + byte der[ECC_BUFSIZE]; ecc_key userA; - der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (der == NULL) { - return -9638; - } - pem = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (pem == NULL) { - XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - return -9639; - } - ret = wc_ecc_init_ex(&userA, HEAP_HINT, devId); if (ret != 0) goto done; @@ -18483,19 +18468,19 @@ static int ecc_test_key_gen(WC_RNG* rng, int keySize) goto done; TEST_SLEEP(); - derSz = wc_EccKeyToDer(&userA, der, FOURK_BUF); + derSz = wc_EccKeyToDer(&userA, der, sizeof(der)); if (derSz < 0) { ERROR_OUT(derSz, done); } - ret = SaveDerAndPem(der, derSz, pem, FOURK_BUF, eccCaKeyTempFile, - eccCaKeyPemFile, ECC_PRIVATEKEY_TYPE, -8347); + ret = SaveDerAndPem(der, derSz, eccCaKeyTempFile, eccCaKeyPemFile, + ECC_PRIVATEKEY_TYPE, -8347); if (ret != 0) { goto done; } /* test export of public key */ - derSz = wc_EccPublicKeyToDer(&userA, der, FOURK_BUF, 1); + derSz = wc_EccPublicKeyToDer(&userA, der, sizeof(der), 1); if (derSz < 0) { ERROR_OUT(derSz, done); } @@ -18503,8 +18488,7 @@ static int ecc_test_key_gen(WC_RNG* rng, int keySize) ERROR_OUT(-9640, done); } - ret = SaveDerAndPem(der, derSz, NULL, 0, eccPubKeyDerFile, - NULL, 0, -8348); + ret = SaveDerAndPem(der, derSz, eccPubKeyDerFile, NULL, 0, -8348); if (ret != 0) { goto done; } @@ -18521,8 +18505,7 @@ static int ecc_test_key_gen(WC_RNG* rng, int keySize) ERROR_OUT(-9641, done); } - ret = SaveDerAndPem(der, derSz, NULL, 0, eccPkcs8KeyDerFile, - NULL, 0, -8349); + ret = SaveDerAndPem(der, derSz, eccPkcs8KeyDerFile, NULL, 0, -8349); if (ret != 0) { goto done; } @@ -18530,13 +18513,10 @@ static int ecc_test_key_gen(WC_RNG* rng, int keySize) done: - XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_ecc_free(&userA); return ret; } -#endif /* WOLFSSL_KEY_GEN */ static int ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerifyCount, int curve_id, const ecc_set_type* dp) @@ -18911,7 +18891,17 @@ static int ecc_test_curve(WC_RNG* rng, int keySize) } #endif -#ifdef WOLFSSL_KEY_GEN + ret = ecc_test_key_decode(rng, keySize); + if (ret < 0) { + if (ret == ECC_CURVE_OID_E) { + /* ignore error for curves not found */ + } + else { + printf("ecc_test_key_decode %d failed!: %d\n", keySize, ret); + return ret; + } + } + ret = ecc_test_key_gen(rng, keySize); if (ret < 0) { if (ret == ECC_CURVE_OID_E) { @@ -18922,7 +18912,6 @@ static int ecc_test_curve(WC_RNG* rng, int keySize) return ret; } } -#endif return 0; } @@ -19432,7 +19421,7 @@ static int ecc_def_curve_test(WC_RNG *rng) goto done; } - ret = wc_ecc_make_key(rng, 32, &key); + ret = wc_ecc_make_key(rng, ECC_KEYGEN_SIZE, &key); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE); #endif @@ -19754,22 +19743,23 @@ static int ecc_test_cert_gen(WC_RNG* rng) #ifdef WOLFSSL_TEST_CERT DecodedCert decode; #endif - byte* der; - byte* pem = NULL; +#ifdef WOLFSSL_SMALL_STACK + byte* der = NULL; +#else + byte der[FOURK_BUF]; +#endif ecc_key caEccKey; ecc_key certPubKey; XMEMSET(&caEccKey, 0, sizeof(caEccKey)); XMEMSET(&certPubKey, 0, sizeof(certPubKey)); +#ifdef WOLFSSL_SMALL_STACK der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (der == NULL) { - ERROR_OUT(-9817, exit); - } - pem = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (pem == NULL) { ERROR_OUT(-9818, exit); } +#endif /* Get cert private key */ #ifdef ENABLE_ECC384_CERT_GEN_TEST @@ -19820,7 +19810,7 @@ static int ecc_test_cert_gen(WC_RNG* rng) ERROR_OUT(-9823, exit); } - ret = wc_ecc_make_key(rng, 32, &certPubKey); + ret = wc_ecc_make_key(rng, ECC_KEYGEN_SIZE, &certPubKey); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &certPubKey.asyncDev, WC_ASYNC_FLAG_NONE); #endif @@ -19920,19 +19910,19 @@ static int ecc_test_cert_gen(WC_RNG* rng) FreeDecodedCert(&decode); #endif - ret = SaveDerAndPem(der, certSz, pem, FOURK_BUF, certEccDerFile, - certEccPemFile, CERT_TYPE, -6735); + ret = SaveDerAndPem(der, certSz, certEccDerFile, certEccPemFile, + CERT_TYPE, -6735); if (ret != 0) { goto exit; } exit: +#ifdef WOLFSSL_SMALL_STACK + XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#endif wc_ecc_free(&certPubKey); wc_ecc_free(&caEccKey); - XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - return ret; } #endif /* WOLFSSL_CERT_GEN */ @@ -19949,7 +19939,7 @@ static int ecc_test_allocator(WC_RNG* rng) ERROR_OUT(-9833, exit); } - ret = wc_ecc_make_key(rng, 32, key); + ret = wc_ecc_make_key(rng, ECC_KEYGEN_SIZE, key); if (ret != 0) { ERROR_OUT(-9834, exit); } @@ -20149,7 +20139,7 @@ int ecc_encrypt_test(void) if (ret != 0) goto done; - ret = wc_ecc_make_key(&rng, 32, &userA); + ret = wc_ecc_make_key(&rng, ECC_KEYGEN_SIZE, &userA); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &userA.asyncDev, WC_ASYNC_FLAG_NONE); #endif @@ -20157,7 +20147,7 @@ int ecc_encrypt_test(void) ret = -10001; goto done; } - ret = wc_ecc_make_key(&rng, 32, &userB); + ret = wc_ecc_make_key(&rng, ECC_KEYGEN_SIZE, &userB); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &userB.asyncDev, WC_ASYNC_FLAG_NONE); #endif diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index 6bdda029b..686d09c29 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -326,6 +326,8 @@ enum Misc_ASN { /* Maximum DER digest size */ MAX_DER_DIGEST_ASN_SZ = MAX_ENCODED_DIG_ASN_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ, /* Maximum DER digest ASN header size */ + /* Max X509 header length indicates the max length + 2 ('\n', '\0') */ + MAX_X509_HEADER_SZ = (37 + 2), /* Maximum PEM Header/Footer Size */ #ifdef WOLFSSL_CERT_GEN #ifdef WOLFSSL_CERT_REQ /* Max encoded cert req attributes length */ @@ -377,7 +379,8 @@ enum Misc_ASN { PKCS5_SALT_SZ = 8, - PEM_LINE_LEN = 80, /* PEM line max + fudge */ + PEM_LINE_SZ = 64, /* Length of Base64 encoded line, not including new line */ + PEM_LINE_LEN = PEM_LINE_SZ + 12, /* PEM line max + fudge */ }; diff --git a/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs b/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs old mode 100755 new mode 100644