From 1750fe698e859f8a51cb9b9056ecbc6619af3877 Mon Sep 17 00:00:00 2001 From: kaleb-himes Date: Mon, 13 Jul 2015 11:32:59 -0600 Subject: [PATCH 01/35] Name change to LICENSING --- LICENSING | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/LICENSING b/LICENSING index e43bb9f39..9f50165fd 100644 --- a/LICENSING +++ b/LICENSING @@ -1,7 +1,7 @@ -CyaSSL and wolfCrypt are either licensed for use under the GPLv2 or a -standard commercial license. For our users who cannot use CyaSSL under -GPLv2, a commercial license to CyaSSL and wolfCrypt is available. +wolfSSL (formerly known as CyaSSL) and wolfCrypt are either licensed for use +under the GPLv2 or a standard commercial license. For our users who cannot use +wolfSSL under GPLv2, a commercial license to wolfSSL and wolfCrypt is available. Please contact wolfSSL Inc. directly at: Email: licensing@wolfssl.com From 67fd0ebbd41471cd0891fe22eef284d89953aa3a Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Mon, 13 Jul 2015 17:26:04 -0600 Subject: [PATCH 02/35] wolfssl enter msgs on lighty stubs and create a new BN when given a null argument --- src/ssl.c | 34 ++++++++++++++++++++++++++++++---- 1 file changed, 30 insertions(+), 4 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 626436fec..82891e58c 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -11213,15 +11213,20 @@ WOLFSSL_BIGNUM* wolfSSL_BN_bin2bn(const unsigned char* str, int len, { WOLFSSL_MSG("wolfSSL_BN_bin2bn"); + /* if ret is null create a BN */ + if (ret == NULL) { + ret = wolfSSL_BN_new(); + if (ret == NULL) + return NULL; + } + + /* check ret and ret->internal then read in value */ if (ret && ret->internal) { if (mp_read_unsigned_bin((mp_int*)ret->internal, str, len) != 0) { WOLFSSL_MSG("mp_read_unsigned_bin failure"); return NULL; } } - else { - WOLFSSL_MSG("wolfSSL_BN_bin2bn wants return bignum"); - } return ret; } @@ -15160,6 +15165,7 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl) char WOLFSSL_CTX_use_certificate(WOLFSSL_CTX *ctx, WOLFSSL_X509 *x) { (void)ctx; (void)x; + WOLFSSL_ENTER("WOLFSSL_CTX_use_certificate"); return 0; } @@ -15167,6 +15173,7 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl) int WOLFSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *pkey) { (void)ctx; (void)pkey; + WOLFSSL_ENTER("WOLFSSL_CTX_use_PrivateKey"); return 0; } @@ -15174,6 +15181,7 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl) WOLFSSL_BIO *wolfSSL_BIO_new_file(const char *filename, const char *mode) { (void)filename; (void)mode; + WOLFSSL_ENTER("wolfSSL_BIO_new_file"); return NULL; } @@ -15181,28 +15189,33 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl) int wolfSSL_BIO_read_filename(WOLFSSL_BIO *b, const char *name) { (void)b; (void)name; + WOLFSSL_ENTER("wolfSSL_BIO_read_filename"); return 0; } WOLFSSL_BIO_METHOD* WOLFSSL_BIO_s_file(void) { + WOLFSSL_ENTER("WOLFSSL_BIO_s_file"); return NULL; } const char * wolf_OBJ_nid2sn(int n) { (void)n; + WOLFSSL_ENTER("wolf_OBJ_nid2sn"); return 0; } int wolf_OBJ_obj2nid(const WOLFSSL_ASN1_OBJECT *o) { (void)o; + WOLFSSL_ENTER("wolf_OBJ_obj2nid"); return 0; } int wolf_OBJ_sn2nid(const char *sn) { (void)sn; + WOLFSSL_ENTER("wolf_OBJ_osn2nid"); return 0; } @@ -15212,6 +15225,7 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl) (void)x; (void)cb; (void)u; + WOLFSSL_ENTER("PEM_read_bio_DHparams"); return NULL; } @@ -15221,6 +15235,7 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl) (void)x; (void)cb; (void)u; + WOLFSSL_ENTER("PEM_read_bio_WOLFSSL_X509"); return NULL; } @@ -15228,6 +15243,7 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl) int PEM_write_bio_WOLFSSL_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 *x) { (void)bp; (void)x; + WOLFSSL_ENTER("PEM_write_bio_WOLFSSL_X509"); return 0; } @@ -15235,6 +15251,7 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl) long WOLFSSL_CTX_set_tmp_dh(WOLFSSL_CTX *ctx, WOLFSSL_DH *dh) { (void)ctx; (void)dh; + WOLFSSL_ENTER("WOLFSSL_CTX_set_tmp_dh"); return 0; } @@ -15242,12 +15259,14 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl) void wolfSSL_CTX_set_verify_depth(WOLFSSL_CTX *ctx,int depth) { (void)ctx; (void)depth; + WOLFSSL_ENTER("wolfSSL_CTX_set_verify_depth"); } void* WOLFSSL_get_app_data( const WOLFSSL *ssl) { /* checkout exdata stuff... */ (void)ssl; + WOLFSSL_ENTER("WOLFSSL_get_app_data"); return 0; } @@ -15255,10 +15274,12 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl) void WOLFSSL_set_app_data(WOLFSSL *ssl, void *arg) { (void)ssl; (void)arg; + WOLFSSL_ENTER("WOLFSSL_set_app_data"); } WOLFSSL_ASN1_OBJECT * WOLFSSL_X509_NAME_ENTRY_get_object(WOLFSSL_X509_NAME_ENTRY *ne) { (void)ne; + WOLFSSL_ENTER("WOLFSSL_X509_NAME_ENTRY_get_object"); return NULL; } @@ -15266,27 +15287,32 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl) WOLFSSL_X509_NAME_ENTRY *WOLFSSL_X509_NAME_get_entry(WOLFSSL_X509_NAME *name, int loc) { (void)name; (void)loc; + WOLFSSL_ENTER("WOLFSSL_X509_NAME_get_entry"); return NULL; } void WOLFSSL_X509_NAME_free(WOLFSSL_X509_NAME *name){ FreeX509Name(name); + WOLFSSL_ENTER("WOLFSSL_X509_NAME_free"); } void wolfSSL_sk_X509_NAME_pop_free(STACK_OF(WOLFSSL_X509_NAME)* sk, void f (WOLFSSL_X509_NAME*)){ (void) sk; (void) f; + WOLFSSL_ENTER("wolfSSL_sk_X509_NAME_pop_free"); } int wolfSSL_X509_check_private_key(WOLFSSL_X509 *x509, WOLFSSL_EVP_PKEY *key){ (void) x509; (void) key; - return 0; + WOLFSSL_ENTER("wolfSSL_X509_check_private_key"); + return SSL_SUCCESS; } STACK_OF(WOLFSSL_X509_NAME) *wolfSSL_dup_CA_list( STACK_OF(WOLFSSL_X509_NAME) *sk ){ (void) sk; + WOLFSSL_ENTER("wolfSSL_dup_CA_list"); return NULL; } From 7fba0d25f95df4af41604125e21bd7724e8314d2 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Tue, 14 Jul 2015 14:33:00 -0600 Subject: [PATCH 03/35] variable declaration location for VS and avoid empty struct --- src/ssl.c | 7 +++---- wolfssl/ssl.h | 16 +++++++++------- 2 files changed, 12 insertions(+), 11 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 82891e58c..7e40efa64 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -14554,16 +14554,15 @@ int wolfSSL_PEM_write_DSAPrivateKey(FILE *fp, WOLFSSL_DSA *dsa, unsigned char *kstr, int klen, pem_password_cb *cb, void *u) { + byte *der, *pem; + int derSz = 0, pemSz = 0; + (void)enc; (void)kstr; (void)klen; (void)cb; (void)u; - byte *der, *pem; - int derSz = 0, pemSz = 0; - - WOLFSSL_MSG("wolfSSL_PEM_write_DSAPrivateKey"); if (fp == NULL || dsa == NULL || dsa->internal == NULL || diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 58c21e7b9..5b794e079 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -90,15 +90,17 @@ typedef struct WOLFSSL_X509_EXTENSION WOLFSSL_X509_EXTENSION; typedef struct WOLFSSL_ASN1_TIME WOLFSSL_ASN1_TIME; typedef struct WOLFSSL_ASN1_INTEGER WOLFSSL_ASN1_INTEGER; typedef struct WOLFSSL_ASN1_OBJECT WOLFSSL_ASN1_OBJECT; - -typedef struct WOLFSSL_ASN1_STRING{ - #ifdef HAVE_LIGHTY - char* data; - int length; - #endif -} WOLFSSL_ASN1_STRING; typedef struct WOLFSSL_dynlock_value WOLFSSL_dynlock_value; +#ifdef HAVE_LIGHTY + typedef struct WOLFSSL_ASN1_STRING{ + char* data; + int length; + } WOLFSSL_ASN1_STRING; +#else + typedef struct WOLFSSL_ASN1_STRING WOLFSSL_ASN1_STRING; +#endif + #define WOLFSSL_ASN1_UTCTIME WOLFSSL_ASN1_TIME typedef struct WOLFSSL_EVP_PKEY { From 96cf16848c8939576a3206cf0b2094c70bb507f8 Mon Sep 17 00:00:00 2001 From: Nickolas Lapp Date: Tue, 14 Jul 2015 14:56:26 -0600 Subject: [PATCH 04/35] Stunnel Base Commit --- configure.ac | 81 ++++-- src/internal.c | 2 +- src/ssl.c | 493 +++++++++++++++++++++++++++++++------ wolfcrypt/src/coding.c | 19 +- wolfssl/internal.h | 12 +- wolfssl/openssl/asn1.h | 17 ++ wolfssl/openssl/crypto.h | 5 + wolfssl/openssl/dh.h | 7 +- wolfssl/openssl/err.h | 3 +- wolfssl/openssl/opensslv.h | 8 +- wolfssl/openssl/rand.h | 2 + wolfssl/openssl/ssl.h | 53 +++- wolfssl/ssl.h | 94 ++++++- wolfssl/wolfcrypt/coding.h | 3 + 14 files changed, 675 insertions(+), 124 deletions(-) diff --git a/configure.ac b/configure.ac index 96a7aa7a9..a05f9e221 100644 --- a/configure.ac +++ b/configure.ac @@ -1130,21 +1130,6 @@ fi AM_CONDITIONAL([BUILD_SHA], [test "x$ENABLED_SHA" = "xyes"]) -# MD4 -AC_ARG_ENABLE([md4], - [ --enable-md4 Enable MD4 (default: disabled)], - [ ENABLED_MD4=$enableval ], - [ ENABLED_MD4=no ] - ) - -if test "$ENABLED_MD4" = "no" -then - AM_CFLAGS="$AM_CFLAGS -DNO_MD4" -fi - -AM_CONDITIONAL([BUILD_MD4], [test "x$ENABLED_MD4" = "xyes"]) - - # Web Server Build AC_ARG_ENABLE([webserver], [ --enable-webserver Enable Web Server (default: disabled)], @@ -1717,6 +1702,65 @@ then AM_CFLAGS="$AM_CFLAGS -DHAVE_LIGHTY -DHAVE_WOLFSSL_SSL_H=1" fi +# stunnel Support +AC_ARG_ENABLE([stunnel], + [ --enable-stunnel Enable stunnel (default: disabled)], + [ ENABLED_STUNNEL=$enableval ], + [ ENABLED_STUNNEL=no ] + ) +if test "$ENABLED_STUNNEL" = "yes" +then + # Requires opensslextra make sure on + if test "x$ENABLED_OPENSSLEXTRA" = "xno" + then + ENABLED_OPENSSLEXTRA="yes" + AM_CFLAGS="-DOPENSSL_EXTRA $AM_CFLAGS" + fi + + # Requires coding make sure on + if test "x$ENABLED_CODING" = "xno" + then + ENABLED_CODING="yes" + fi + + # For now, requires no fastmath, turn off if on + if test "x$ENABLED_FASTMATH" = "xyes" + then + ENABLED_FASTMATH = "no" + fi + + # Requires sessioncerts make sure on + if test "x$ENABLED_SESSIONCERTS" = "xno" + then + ENABLED_SESSIONCERTS="yes" + AM_CFLAGS="$AM_CFLAGS -DSESSION_CERTS" + fi + + AM_CFLAGS="$AM_CFLAGS -DHAVE_STUNNEL" +fi + + +# MD4 +AC_ARG_ENABLE([md4], + [ --enable-md4 Enable MD4 (default: disabled)], + [ ENABLED_MD4=$enableval ], + [ ENABLED_MD4=no ] + ) + + +if test "$ENABLED_MD4" = "no" +then + #turn on MD4 if using stunnel + if test "x$ENABLED_STUNNEL" = "xyes" + then + ENABLED_MD4="yes" + else + AM_CFLAGS="$AM_CFLAGS -DNO_MD4" + fi +fi + +AM_CONDITIONAL([BUILD_MD4], [test "x$ENABLED_MD4" = "xyes"]) + # PWDBASED has to come after certservice since we want it on w/o explicit on # PWDBASED @@ -1745,7 +1789,11 @@ FASTMATH_DEFAULT=no if test "$host_cpu" = "x86_64" then -FASTMATH_DEFAULT=yes + # fastmath turned off for stunnel by default + if test "x$ENABLED_STUNNEL" = "xno" + then + FASTMATH_DEFAULT=yes + fi fi # fastmath @@ -2218,6 +2266,7 @@ echo " * CODING: $ENABLED_CODING" echo " * MEMORY: $ENABLED_MEMORY" echo " * I/O POOL: $ENABLED_IOPOOL" echo " * LIGHTY: $ENABLED_LIGHTY" +echo " * STUNNEL: $ENABLED_STUNNEL" echo " * ERROR_STRINGS: $ENABLED_ERROR_STRINGS" echo " * DTLS: $ENABLED_DTLS" echo " * Old TLS Versions: $ENABLED_OLD_TLS" diff --git a/src/internal.c b/src/internal.c index b63b1fe2a..ceef2eeab 100644 --- a/src/internal.c +++ b/src/internal.c @@ -4464,7 +4464,7 @@ static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx, #else store->current_cert = NULL; #endif -#ifdef FORTRESS +#if defined(HAVE_FORTRESS) || defined(HAVE_STUNNEL) store->ex_data = ssl; #endif ok = ssl->verifyCallback(0, store); diff --git a/src/ssl.c b/src/ssl.c index 7e40efa64..4e10a3a6e 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -7163,7 +7163,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) WOLFSSL_X509_STORE_CTX* ctx) { (void)ctx; - return 0; + return NULL; } @@ -8787,14 +8787,18 @@ int wolfSSL_set_compression(WOLFSSL* ssl) WOLFSSL_X509_NAME* wolfSSL_X509_get_issuer_name(WOLFSSL_X509* cert) { WOLFSSL_ENTER("X509_get_issuer_name"); - return &cert->issuer; + if(cert) + return &cert->issuer; + return NULL; } WOLFSSL_X509_NAME* wolfSSL_X509_get_subject_name(WOLFSSL_X509* cert) { WOLFSSL_ENTER("X509_get_subject_name"); - return &cert->subject; + if(cert) + return &cert->subject; + return NULL; } @@ -9467,23 +9471,6 @@ WOLFSSL_X509* wolfSSL_X509_load_certificate_file(const char* fname, int format) #ifdef OPENSSL_EXTRA -int wolfSSL_set_ex_data(WOLFSSL* ssl, int idx, void* data) -{ -#ifdef FORTRESS - if (ssl != NULL && idx < MAX_EX_DATA) - { - ssl->ex_data[idx] = data; - return SSL_SUCCESS; - } -#else - (void)ssl; - (void)idx; - (void)data; -#endif - return SSL_FAILURE; -} - - int wolfSSL_set_session_id_context(WOLFSSL* ssl, const unsigned char* id, unsigned int len) { @@ -10130,19 +10117,6 @@ int wolfSSL_COMP_add_compression_method(int method, void* data) } - -int wolfSSL_get_ex_new_index(long idx, void* data, void* cb1, void* cb2, - void* cb3) -{ - (void)idx; - (void)data; - (void)cb1; - (void)cb2; - (void)cb3; - return 0; -} - - void wolfSSL_set_dynlock_create_callback(WOLFSSL_dynlock_value* (*f)( const char*, int)) { @@ -10300,6 +10274,7 @@ int wolfSSL_X509_STORE_CTX_init(WOLFSSL_X509_STORE_CTX* ctx, WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509, STACK_OF(WOLFSSL_X509)* sk) { (void)sk; + WOLFSSL_ENTER(__func__); if (ctx != NULL) { ctx->store = store; ctx->current_cert = x509; @@ -10486,7 +10461,8 @@ long wolfSSL_ASN1_INTEGER_get(const WOLFSSL_ASN1_INTEGER* i) void* wolfSSL_X509_STORE_CTX_get_ex_data(WOLFSSL_X509_STORE_CTX* ctx, int idx) { -#ifdef FORTRESS + WOLFSSL_ENTER(__func__); +#if defined(FORTRESS) || defined(HAVE_STUNNEL) if (ctx != NULL && idx == 0) return ctx->ex_data; #else @@ -10499,24 +10475,13 @@ void* wolfSSL_X509_STORE_CTX_get_ex_data(WOLFSSL_X509_STORE_CTX* ctx, int idx) int wolfSSL_get_ex_data_X509_STORE_CTX_idx(void) { + WOLFSSL_ENTER(__func__); return 0; } -void* wolfSSL_get_ex_data(const WOLFSSL* ssl, int idx) -{ -#ifdef FORTRESS - if (ssl != NULL && idx < MAX_EX_DATA) - return ssl->ex_data[idx]; -#else - (void)ssl; - (void)idx; -#endif - return 0; -} - - -void wolfSSL_CTX_set_info_callback(WOLFSSL_CTX* ctx, void (*f)(void)) +void wolfSSL_CTX_set_info_callback(WOLFSSL_CTX* ctx, + void (*f)(const WOLFSSL* ssl, int type, int val)) { (void)ctx; (void)f; @@ -10529,7 +10494,7 @@ unsigned long wolfSSL_ERR_peek_error(void) } -int wolfSSL_ERR_GET_REASON(int err) +int wolfSSL_ERR_GET_REASON(unsigned long err) { (void)err; return 0; @@ -10550,7 +10515,7 @@ char* wolfSSL_alert_desc_string_long(int alertID) } -char* wolfSSL_state_string_long(WOLFSSL* ssl) +char* wolfSSL_state_string_long(const WOLFSSL* ssl) { (void)ssl; return 0; @@ -10709,23 +10674,6 @@ void* wolfSSL_sk_value(WOLFSSL_X509_REVOKED* rev, int i) /* stunnel 4.28 needs */ -void* wolfSSL_CTX_get_ex_data(const WOLFSSL_CTX* ctx, int d) -{ - (void)ctx; - (void)d; - return 0; -} - - -int wolfSSL_CTX_set_ex_data(WOLFSSL_CTX* ctx, int d, void* p) -{ - (void)ctx; - (void)d; - (void)p; - return SSL_SUCCESS; -} - - void wolfSSL_CTX_sess_set_get_cb(WOLFSSL_CTX* ctx, WOLFSSL_SESSION*(*f)(WOLFSSL*, unsigned char*, int, int*)) { @@ -10783,17 +10731,6 @@ long wolfSSL_SESSION_get_time(const WOLFSSL_SESSION* sess) } -int wolfSSL_CTX_get_ex_new_index(long idx, void* arg, void* a, void* b, - void* c) -{ - (void)idx; - (void)arg; - (void)a; - (void)b; - (void)c; - return 0; -} - #endif /* OPENSSL_EXTRA */ @@ -15318,3 +15255,403 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl) #endif #endif + +#ifdef OPENSSL_EXTRA +void* wolfSSL_CTX_get_ex_data(const WOLFSSL_CTX* ctx, int idx) +{ + WOLFSSL_ENTER(__func__); + #ifdef HAVE_STUNNEL + if(ctx != NULL && idx < MAX_EX_DATA) { + return ctx->ex_data[idx]; + } + #else + (void)ctx; + (void)idx; + #endif + return NULL; +} + + +int wolfSSL_CTX_get_ex_new_index(long idx, void* arg, void* a, void* b, + void* c) +{ + WOLFSSL_ENTER(__func__); + (void)idx; + (void)arg; + (void)a; + (void)b; + (void)c; + return 0; +} + + +int wolfSSL_CTX_set_ex_data(WOLFSSL_CTX* ctx, int idx, void* data) +{ + WOLFSSL_ENTER(__func__); + #ifdef HAVE_STUNNEL + if (ctx != NULL && idx < MAX_EX_DATA) + { + ctx->ex_data[idx] = data; + return SSL_SUCCESS; + } + #else + (void)ctx; + (void)idx; + (void)data; + #endif + return SSL_FAILURE; +} + + +int wolfSSL_set_ex_data(WOLFSSL* ssl, int idx, void* data) +{ + WOLFSSL_ENTER(__func__); +#if defined(FORTRESS) || defined(HAVE_STUNNEL) + if (ssl != NULL && idx < MAX_EX_DATA) + { + ssl->ex_data[idx] = data; + return SSL_SUCCESS; + } +#else + (void)ssl; + (void)idx; + (void)data; +#endif + return SSL_FAILURE; +} + + +int wolfSSL_get_ex_new_index(long idx, void* data, void* cb1, void* cb2, + void* cb3) +{ + WOLFSSL_ENTER(__func__); + (void)idx; + (void)data; + (void)cb1; + (void)cb2; + (void)cb3; + return 0; +} + + +void* wolfSSL_get_ex_data(const WOLFSSL* ssl, int idx) +{ + WOLFSSL_ENTER(__func__); +#if defined(FORTRESS) || defined(HAVE_STUNNEL) + if (ssl != NULL && idx < MAX_EX_DATA) + return ssl->ex_data[idx]; +#else + (void)ssl; + (void)idx; +#endif + return 0; +} +#endif /* OPENSSL_EXTRA */ + + + +/* stunnel compatability functions*/ +#if defined(OPENSSL_EXTRA) && defined(HAVE_STUNNEL) +int wolfSSL_SESSION_set_ex_data(WOLFSSL_SESSION* session, int idx, void* data) +{ + WOLFSSL_ENTER(__func__); + #ifdef HAVE_STUNNEL + if(session != NULL && idx < MAX_EX_DATA) { + session->ex_data[idx] = data; + return SSL_SUCCESS; + } + #else + (void)session; + (void)idx; + (void)data; + #endif + return SSL_FAILURE; +} + + +int wolfSSL_SESSION_get_ex_new_index(long idx, void* data, void* cb1, + void* cb2, void* cb3) +{ + WOLFSSL_ENTER(__func__); + (void)idx; + (void)cb1; + (void)cb2; + (void)cb3; + #ifdef HAVE_STUNNEL + if(XSTRNCMP(data, "redirect index", 14) == 0) { + return 0; + } + else if(XSTRNCMP(data, "addr index", 10) == 0) { + return 1; + } + #else + (void)data; + #endif + return SSL_FAILURE; +} + + +void* wolfSSL_SESSION_get_ex_data(const WOLFSSL_SESSION* session, int idx) +{ + WOLFSSL_ENTER(__func__); + #ifdef HAVE_STUNNEL + if (session != NULL && idx < MAX_EX_DATA) + return session->ex_data[idx]; + #else + (void)session; + (void)idx; + #endif + return NULL; +} + + +WOLFSSL_BIO *wolfSSL_BIO_new_file(const char *filename, const char *mode) +{ + (void) filename; + (void) mode; + return NULL; +} + + +int wolfSSL_CRYPTO_set_mem_ex_functions(void *(*m) (size_t, const char *, int), + void *(*r) (void *, size_t, const char *, + int), void (*f) (void *)) +{ + (void) m; + (void) r; + (void) f; + + return SSL_FAILURE; +} + + +WOLFSSL_DH *wolfSSL_DH_generate_parameters(int prime_len, int generator, + void (*callback) (int, int, void *), void *cb_arg) +{ + (void)prime_len; + (void)generator; + (void)callback; + (void)cb_arg; + return NULL; +} + + +void wolfSSL_ERR_load_crypto_strings(void){} +unsigned long wolfSSL_ERR_peek_last_error(void) +{ + unsigned long l = 0UL; + return l; +} + + +int wolfSSL_FIPS_mode(void) +{ + return SSL_FAILURE; +} + +int wolfSSL_FIPS_mode_set(int r) +{ + (void)r; + return SSL_FAILURE; +} + + +WOLFSSL_DH *wolfSSL_PEM_read_bio_DHparams(WOLFSSL_BIO *bp, WOLFSSL_DH **x, pem_password_cb *cb, void *u) +{ + (void) bp; + (void) x; + (void) cb; + (void) u; + + return NULL; +} + + +int wolfSSL_PEM_write_bio_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 *x) +{ + (void) bp; + (void) x; + return SSL_FAILURE; +} + + +int wolfSSL_RAND_set_rand_method(const void *meth) +{ + (void) meth; + return SSL_FAILURE; +} + + +int wolfSSL_CIPHER_get_bits(const WOLFSSL_CIPHER *c, int *alg_bits) +{ + if(c != NULL && c->ssl != NULL) { + if(alg_bits != NULL) { + *alg_bits = 8 * c->ssl->specs.key_size; + } + return 8 * c->ssl->specs.key_size; + } + return SSL_FAILURE; +} + + +int wolfSSL_sk_X509_NAME_num(const STACK_OF(WOLFSSL_X509_NAME) *s) +{ + (void) s; + return SSL_FAILURE; +} + + +int wolfSSL_sk_X509_num(const STACK_OF(WOLFSSL_X509) *s) +{ + (void) s; + return SSL_FAILURE; +} + + +int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO* bio, WOLFSSL_X509_NAME* nm, + int indent, unsigned long flags) +{ + (void)bio; + (void)nm; + (void)indent; + (void)flags; + return SSL_FAILURE; +} + + +WOLFSSL_ASN1_BIT_STRING* wolfSSL_X509_get0_pubkey_bitstr(const WOLFSSL_X509* x) +{ + (void)x; + return NULL; +} + + +int wolfSSL_CTX_add_session(WOLFSSL_CTX* ctx, WOLFSSL_SESSION* session) +{ + (void)ctx; + (void)session; + return SSL_SUCCESS; +} + + +int wolfSSL_get_state(const WOLFSSL* ssl) +{ + (void)ssl; + return SSL_FAILURE; +} + + +void* wolfSSL_sk_X509_NAME_value(STACK_OF(WOLFSSL_X509_NAME)* sk, int i) +{ + (void)sk; + (void)i; + return NULL; +} + + +void* wolfSSL_sk_X509_value(STACK_OF(WOLFSSL_X509)* sk, int i) +{ + (void)sk; + (void)i; + return NULL; +} + + +int wolfSSL_version(WOLFSSL* ssl) +{ + if (ssl->version.major == SSLv3_MAJOR) { + switch (ssl->version.minor) { + case SSLv3_MINOR : + return SSL3_VERSION; + case TLSv1_MINOR : + case TLSv1_1_MINOR : + case TLSv1_2_MINOR : + return TLS1_VERSION; + default: + return SSL_FAILURE; + } + } + else if (ssl->version.major == DTLS_MAJOR) { + switch (ssl->version.minor) { + case DTLS_MINOR : + case DTLSv1_2_MINOR : + return DTLS1_VERSION; + default: + return SSL_FAILURE; + } + } + return SSL_FAILURE; +} + + +STACK_OF(WOLFSSL_X509)* wolfSSL_get_peer_cert_chain(const WOLFSSL* ssl) +{ + (void)ssl; + return NULL; +} + + +long wolfSSL_CTX_get_options(WOLFSSL_CTX* ctx) +{ + (void)ctx; + return 0; +} + + +WOLFSSL_CTX* wolfSSL_get_SSL_CTX(WOLFSSL* ssl) +{ + return ssl->ctx; +} + +int wolfSSL_X509_NAME_get_sz(WOLFSSL_X509_NAME* name) +{ + if(!name) + return -1; + return name->sz; +} + +#ifndef NO_DH +/* Intialize ctx->dh with dh's params. Return SSL_SUCCESS on ok */ +long wolfSSL_CTX_set_tmp_dh(WOLFSSL_CTX* ctx, WOLFSSL_DH* dh) +{ + int pSz, gSz; + byte *p, *g; + int ret=0; + + pSz = wolfSSL_BN_bn2bin(dh->p, NULL); + gSz = wolfSSL_BN_bn2bin(dh->g, NULL); + + p = XMALLOC(pSz, ctx->heap, DYNAMIC_TYPE_DH); + if(!p) + return MEMORY_E; + + g = XMALLOC(gSz, ctx->heap, DYNAMIC_TYPE_DH); + if(!g) { + XFREE(p, ctx->heap, DYNAMIC_TYPE_DH); + return MEMORY_E; + } + + pSz = wolfSSL_BN_bn2bin(dh->p, p); + gSz = wolfSSL_BN_bn2bin(dh->g, g); + + if(pSz != SSL_FATAL_ERROR && gSz != SSL_FATAL_ERROR) + ret = wolfSSL_CTX_SetTmpDH(ctx, p, pSz, g, gSz); + + if(p) + XFREE(p, ctx->heap, DYNAMIC_TYPE_DH); + if(g) + XFREE(g, ctx->heap, DYNAMIC_TYPE_DH); + + return pSz > 0 && gSz > 0 ? SSL_FATAL_ERROR : ret; +} +#endif /* NO_DH */ + + +const byte* wolfSSL_SESSION_get_id(WOLFSSL_SESSION* sess, unsigned int* idLen) +{ + if(!sess) + return NULL; + *idLen = sess->sessionIDSz; + return sess->sessionID; +} +#endif /* OPENSSL_EXTRA and HAVE_STUNNEL */ diff --git a/wolfcrypt/src/coding.c b/wolfcrypt/src/coding.c index 6ead79caf..61c78b1dc 100644 --- a/wolfcrypt/src/coding.c +++ b/wolfcrypt/src/coding.c @@ -166,8 +166,8 @@ static int CEscape(int escaped, byte e, byte* out, word32* i, word32 max, else basic = base64Encode[e]; - /* check whether to escape */ - if (escaped) { + /* check whether to escape. Only escape for EncodeEsc */ + if (escaped == 1) { switch ((char)basic) { case '+' : plus = 1; @@ -235,8 +235,10 @@ static int DoBase64_Encode(const byte* in, word32 inLen, byte* out, word32 outSz = (inLen + 3 - 1) / 3 * 4; word32 addSz = (outSz + PEM_LINE_SZ - 1) / PEM_LINE_SZ; /* new lines */ - if (escaped) + if (escaped == 1) addSz *= 3; /* instead of just \n, we're doing %0A triplet */ + else if (escaped == 2) + addSz = 0; /* encode without \n */ outSz += addSz; @@ -267,7 +269,8 @@ static int DoBase64_Encode(const byte* in, word32 inLen, byte* out, inLen -= 3; - if ((++n % (PEM_LINE_SZ / 4)) == 0 && inLen) { + /* Insert newline after PEM_LINE_SZ, unless no \n requested */ + if (escaped != 2 && (++n % (PEM_LINE_SZ / 4)) == 0 && inLen) { ret = CEscape(escaped, '\n', out, &i, *outLen, 1); if (ret != 0) break; } @@ -299,10 +302,10 @@ static int DoBase64_Encode(const byte* in, word32 inLen, byte* out, ret = CEscape(escaped, '=', out, &i, *outLen, 1); } - if (ret == 0) + if (ret == 0 && escaped != 2) ret = CEscape(escaped, '\n', out, &i, *outLen, 1); - if (i != outSz && escaped == 0 && ret == 0) + if (i != outSz && escaped != 1 && ret == 0) return ASN_INPUT_E; *outLen = i; @@ -323,6 +326,10 @@ int Base64_EncodeEsc(const byte* in, word32 inLen, byte* out, word32* outLen) return DoBase64_Encode(in, inLen, out, outLen, 1); } +int Base64_Encode_NoNl(const byte* in, word32 inLen, byte* out, word32* outLen) +{ + return DoBase64_Encode(in, inLen, out, outLen, 2); +} #endif /* defined(WOLFSSL_BASE64_ENCODE) */ diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 9664bf0e4..66c0d18cd 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -890,7 +890,7 @@ enum Misc { MAX_WOLFSSL_FILE_SIZE = 1024 * 1024 * 4, /* 4 mb file size alloc limit */ -#ifdef FORTRESS +#if defined(FORTRESS) || defined (HAVE_STUNNEL) MAX_EX_DATA = 3, /* allow for three items of ex_data */ #endif @@ -1612,8 +1612,11 @@ struct WOLFSSL_CTX { #endif /* HAVE_ANON */ #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) pem_password_cb passwd_cb; - void* userdata; + void* userdata; #endif /* OPENSSL_EXTRA */ +#ifdef HAVE_STUNNEL + void* ex_data[MAX_EX_DATA]; +#endif #ifdef HAVE_OCSP WOLFSSL_OCSP ocsp; #endif @@ -1847,6 +1850,9 @@ struct WOLFSSL_SESSION { word16 ticketLen; byte ticket[SESSION_TICKET_LEN]; #endif +#ifdef HAVE_STUNNEL + void* ex_data[MAX_EX_DATA]; +#endif }; @@ -2300,7 +2306,7 @@ struct WOLFSSL { #ifdef KEEP_PEER_CERT WOLFSSL_X509 peerCert; /* X509 peer cert */ #endif -#ifdef FORTRESS +#if defined(FORTRESS) || defined(HAVE_STUNNEL) void* ex_data[MAX_EX_DATA]; /* external data, for Fortress */ #endif #ifdef HAVE_CAVIUM diff --git a/wolfssl/openssl/asn1.h b/wolfssl/openssl/asn1.h index 3f34d7d2c..11cafa840 100644 --- a/wolfssl/openssl/asn1.h +++ b/wolfssl/openssl/asn1.h @@ -1,2 +1,19 @@ /* asn1.h for openssl */ +#ifndef WOLFSSL_ASN1_H_ +#define WOLFSSL_ASN1_H_ +struct WOLFSSL_ASN1_BIT_STRING { + int length; + int type; + char* data; + long flags; +}; + +struct WOLFSSL_ASN1_STRING { + int length; + int type; + char* data; + long flags; +}; + +#endif /* WOLFSSL_ASN1_H_ */ diff --git a/wolfssl/openssl/crypto.h b/wolfssl/openssl/crypto.h index 8f7c6f40e..97360408b 100644 --- a/wolfssl/openssl/crypto.h +++ b/wolfssl/openssl/crypto.h @@ -21,6 +21,11 @@ WOLFSSL_API unsigned long wolfSSLeay(void); #define SSLEAY_VERSION 0x0090600fL #define SSLEAY_VERSION_NUMBER SSLEAY_VERSION +#ifdef HAVE_STUNNEL +#define CRYPTO_set_mem_ex_functions wolfSSL_CRYPTO_set_mem_ex_functions +#define FIPS_mode wolfSSL_FIPS_mode +#define FIPS_mode_set wolfSSL_FIPS_mode_set +#endif /* HAVE_STUNNEL */ #endif /* header */ diff --git a/wolfssl/openssl/dh.h b/wolfssl/openssl/dh.h index 2bdb67522..e38b7f7af 100644 --- a/wolfssl/openssl/dh.h +++ b/wolfssl/openssl/dh.h @@ -11,7 +11,7 @@ extern "C" { #endif -typedef struct WOLFSSL_DH { +struct WOLFSSL_DH { WOLFSSL_BIGNUM* p; WOLFSSL_BIGNUM* g; WOLFSSL_BIGNUM* pub_key; /* openssh deference g^x */ @@ -23,7 +23,7 @@ typedef struct WOLFSSL_DH { * lighttpd src code. */ int length; -} WOLFSSL_DH; +}; WOLFSSL_API WOLFSSL_DH* wolfSSL_DH_new(void); @@ -48,4 +48,7 @@ typedef WOLFSSL_DH DH; } /* extern "C" */ #endif +#ifdef HAVE_STUNNEL +#define DH_generate_parameters wolfSSL_DH_generate_parameters +#endif /* HAVE_STUNNEL */ #endif /* header */ diff --git a/wolfssl/openssl/err.h b/wolfssl/openssl/err.h index 7e7f1eb78..951386868 100644 --- a/wolfssl/openssl/err.h +++ b/wolfssl/openssl/err.h @@ -1,2 +1,3 @@ /* err.h for openssl */ - +#define ERR_load_crypto_strings wolfSSL_ERR_load_crypto_strings +#define ERR_peek_last_error wolfSSL_ERR_peek_last_error diff --git a/wolfssl/openssl/opensslv.h b/wolfssl/openssl/opensslv.h index dc8de4260..067f22658 100644 --- a/wolfssl/openssl/opensslv.h +++ b/wolfssl/openssl/opensslv.h @@ -5,7 +5,13 @@ /* api version compatibility */ -#define OPENSSL_VERSION_NUMBER 0x0090810fL +#ifdef HAVE_STUNNEL + #define OPENSSL_VERSION_NUMBER 0x0090700fL +#else + #define OPENSSL_VERSION_NUMBER 0x0090810fL +#endif + +#define OPENSSL_VERSION_TEXT LIBWOLFSSL_VERSION_STRING #endif /* header */ diff --git a/wolfssl/openssl/rand.h b/wolfssl/openssl/rand.h index c1fa62e1c..bc1f83a88 100644 --- a/wolfssl/openssl/rand.h +++ b/wolfssl/openssl/rand.h @@ -1,4 +1,6 @@ /* rand.h for openSSL */ #include +#include +#define RAND_set_rand_method wolfSSL_RAND_set_rand_method diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index 103d5f217..1613448c7 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -289,7 +289,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; #define X509_get_serialNumber wolfSSL_X509_get_serialNumber -#define ASN1_TIME_pr wolfSSL_ASN1_TIME_pr +#define ASN1_TIME_print wolfSSL_ASN1_TIME_print #define ASN1_INTEGER_cmp wolfSSL_ASN1_INTEGER_cmp #define ASN1_INTEGER_get wolfSSL_ASN1_INTEGER_get @@ -304,7 +304,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; #define SSL_CTX_set_default_passwd_cb_userdata wolfSSL_CTX_set_default_passwd_cb_userdata #define SSL_CTX_set_default_passwd_cb wolfSSL_CTX_set_default_passwd_cb -#define SSL_CTX_set_timeout wolfSSL_CTX_set_timeout +#define SSL_CTX_set_timeout(ctx, to) wolfSSL_CTX_set_timeout(ctx, (unsigned int) to) #define SSL_CTX_set_info_callback wolfSSL_CTX_set_info_callback #define ERR_peek_error wolfSSL_ERR_peek_error @@ -392,7 +392,8 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; #define SSL_CTX_sess_set_remove_cb wolfSSL_CTX_sess_set_remove_cb #define i2d_SSL_SESSION wolfSSL_i2d_SSL_SESSION -#define d2i_SSL_SESSION wolfSSL_d2i_SSL_SESSION +#define d2i_SSL_SESSION(sess, val, length) \ + wolfSSL_d2i_SSL_SESSION(sess, (const unsigned char **)val, length) #define SSL_SESSION_set_timeout wolfSSL_SSL_SESSION_set_timeout #define SSL_SESSION_get_timeout wolfSSL_SESSION_get_timeout #define SSL_SESSION_get_time wolfSSL_SESSION_get_time @@ -433,6 +434,52 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; #endif + +#ifdef HAVE_STUNNEL +#include + +/* defined as: (SSL_ST_ACCEPT|SSL_CB_LOOP), which becomes 0x2001*/ +#define SSL_CB_ACCEPT_LOOP 0x2001 +#define SSL2_VERSION 0x0002 +#define SSL3_VERSION 0x0300 +#define TLS1_VERSION 0x0301 +#define DTLS1_VERSION 0xFEFF +#define SSL23_ST_SR_CLNT_HELLO_A (0x210|0x2000) +#define SSL3_ST_SR_CLNT_HELLO_A (0x110|0x2000) +#define ASN1_STRFLGS_ESC_MSB 4 +#define X509_V_ERR_CERT_REJECTED 28 + +#define BIO_new_file wolfSSL_BIO_new_file +#define PEM_read_bio_DHparams wolfSSL_PEM_read_bio_DHparams +#define PEM_write_bio_X509 wolfSSL_PEM_write_bio_X509 +#define SSL_alert_desc_string_long wolfSSL_alert_desc_string_long +#define SSL_alert_type_string_long wolfSSL_alert_type_string_long +#define SSL_CIPHER_get_bits wolfSSL_CIPHER_get_bits +#define sk_X509_NAME_num wolfSSL_sk_X509_NAME_num +#define sk_X509_num wolfSSL_sk_X509_num +#define X509_NAME_print_ex wolfSSL_X509_NAME_print_ex +#define X509_get0_pubkey_bitstr wolfSSL_X509_get0_pubkey_bitstr +#define SSL_CTX_get_options wolfSSL_CTX_get_options + +#define SSL_CTX_flush_sessions wolfSSL_flush_sessions +#define SSL_CTX_add_session wolfSSL_CTX_add_session +#define SSL_get_SSL_CTX wolfSSL_get_SSL_CTX +#define SSL_CTX_set_tmp_dh wolfSSL_CTX_set_tmp_dh +#define SSL_version wolfSSL_version +#define SSL_get_state wolfSSL_get_state +#define SSL_state_string_long wolfSSL_state_string_long +#define SSL_get_peer_cert_chain wolfSSL_get_peer_cert_chain +#define sk_X509_NAME_value wolfSSL_sk_X509_NAME_value +#define sk_X509_value wolfSSL_sk_X509_value +#define SSL_SESSION_get_ex_data wolfSSL_SESSION_get_ex_data +#define SSL_SESSION_set_ex_data wolfSSL_SESSION_set_ex_data +#define SSL_SESSION_get_ex_new_index wolfSSL_SESSION_get_ex_new_index +#define SSL_SESSION_get_id wolfSSL_SESSION_get_id +typedef struct CRYPTO_EX_DATA CRYPTO_EX_DATA; +typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING; + +#endif /* HAVE_STUNNEL */ + #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 5b794e079..d3d4a4aa3 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -92,14 +92,10 @@ typedef struct WOLFSSL_ASN1_INTEGER WOLFSSL_ASN1_INTEGER; typedef struct WOLFSSL_ASN1_OBJECT WOLFSSL_ASN1_OBJECT; typedef struct WOLFSSL_dynlock_value WOLFSSL_dynlock_value; -#ifdef HAVE_LIGHTY - typedef struct WOLFSSL_ASN1_STRING{ - char* data; - int length; - } WOLFSSL_ASN1_STRING; -#else - typedef struct WOLFSSL_ASN1_STRING WOLFSSL_ASN1_STRING; -#endif +typedef struct WOLFSSL_ASN1_STRING WOLFSSL_ASN1_STRING; +typedef struct WOLFSSL_dynlock_value WOLFSSL_dynlock_value; +typedef struct WOLFSSL_DH WOLFSSL_DH; +typedef struct WOLFSSL_ASN1_BIT_STRING WOLFSSL_ASN1_BIT_STRING; #define WOLFSSL_ASN1_UTCTIME WOLFSSL_ASN1_TIME @@ -148,6 +144,7 @@ typedef struct WOLFSSL_X509_REVOKED { typedef struct WOLFSSL_X509_OBJECT { union { char* ptr; + WOLFSSL_X509 *x509; WOLFSSL_X509_CRL* crl; /* stunnel dereference */ } data; } WOLFSSL_X509_OBJECT; @@ -342,7 +339,7 @@ WOLFSSL_API int wolfSSL_dtls(WOLFSSL* ssl); WOLFSSL_API int wolfSSL_dtls_set_peer(WOLFSSL*, void*, unsigned int); WOLFSSL_API int wolfSSL_dtls_get_peer(WOLFSSL*, void*, unsigned int*); -WOLFSSL_API int wolfSSL_ERR_GET_REASON(int err); +WOLFSSL_API int wolfSSL_ERR_GET_REASON(unsigned long err); WOLFSSL_API char* wolfSSL_ERR_error_string(unsigned long,char*); WOLFSSL_API void wolfSSL_ERR_error_string_n(unsigned long e, char* buf, unsigned long sz); @@ -526,14 +523,15 @@ WOLFSSL_API void wolfSSL_CTX_set_default_passwd_cb_userdata(WOLFSSL_CTX*, WOLFSSL_API void wolfSSL_CTX_set_default_passwd_cb(WOLFSSL_CTX*, pem_password_cb); -WOLFSSL_API void wolfSSL_CTX_set_info_callback(WOLFSSL_CTX*, void (*)(void)); +WOLFSSL_API void wolfSSL_CTX_set_info_callback(WOLFSSL_CTX*, + void (*)(const WOLFSSL* ssl, int type, int val)); WOLFSSL_API unsigned long wolfSSL_ERR_peek_error(void); WOLFSSL_API int wolfSSL_GET_REASON(int); WOLFSSL_API char* wolfSSL_alert_type_string_long(int); WOLFSSL_API char* wolfSSL_alert_desc_string_long(int); -WOLFSSL_API char* wolfSSL_state_string_long(WOLFSSL*); +WOLFSSL_API char* wolfSSL_state_string_long(const WOLFSSL*); WOLFSSL_API WOLFSSL_RSA* wolfSSL_RSA_generate_key(int, unsigned long, void(*)(int, int, void*), void*); @@ -646,11 +644,16 @@ enum { X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD = 20, X509_V_ERR_CERT_HAS_EXPIRED = 21, X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD = 22, - + X509_V_ERR_CERT_REJECTED = 23, X509_V_OK = 0, + XN_FLAG_SPC_EQ = (1 << 23), + XN_FLAG_ONELINE = 0, + CRYPTO_LOCK = 1, - CRYPTO_NUM_LOCKS = 10 + CRYPTO_NUM_LOCKS = 10, + + ASN1_STRFLGS_ESC_MSB = 4 }; /* extras end */ @@ -1541,6 +1544,71 @@ WOLFSSL_API STACK_OF(WOLFSSL_X509_NAME) *wolfSSL_dup_CA_list( STACK_OF(WOLFSSL_X #endif +#ifdef HAVE_STUNNEL + +WOLFSSL_API WOLFSSL_BIO *wolfSSL_BIO_new_file(const char *filename, const char *mode); + +WOLFSSL_API int wolfSSL_CRYPTO_set_mem_ex_functions(void *(*m) (size_t, const char *, int), + void *(*r) (void *, size_t, const char *, int), void (*f) (void *)); + +WOLFSSL_API WOLFSSL_DH *wolfSSL_DH_generate_parameters(int prime_len, int generator, + void (*callback) (int, int, void *), void *cb_arg); + +WOLFSSL_API void wolfSSL_ERR_load_crypto_strings(void); + +WOLFSSL_API unsigned long wolfSSL_ERR_peek_last_error(void); + +WOLFSSL_API int wolfSSL_FIPS_mode(void); + +WOLFSSL_API int wolfSSL_FIPS_mode_set(int r); + +WOLFSSL_API WOLFSSL_DH *wolfSSL_PEM_read_bio_DHparams(WOLFSSL_BIO *bp, + WOLFSSL_DH **x, pem_password_cb *cb, void *u); + +WOLFSSL_API int wolfSSL_PEM_write_bio_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 *x); + +WOLFSSL_API int wolfSSL_RAND_set_rand_method(const void *meth); + +WOLFSSL_API int wolfSSL_CIPHER_get_bits(const WOLFSSL_CIPHER *c, int *alg_bits); + +WOLFSSL_API int wolfSSL_sk_X509_NAME_num(const STACK_OF(WOLFSSL_X509_NAME) *s); + +WOLFSSL_API int wolfSSL_sk_X509_num(const STACK_OF(WOLFSSL_X509) *s); + +WOLFSSL_API int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO*,WOLFSSL_X509_NAME*,int,unsigned long); + +WOLFSSL_API WOLFSSL_ASN1_BIT_STRING* wolfSSL_X509_get0_pubkey_bitstr( + const WOLFSSL_X509*); + +WOLFSSL_API int wolfSSL_CTX_add_session(WOLFSSL_CTX*, WOLFSSL_SESSION*); + +WOLFSSL_API WOLFSSL_CTX* wolfSSL_get_SSL_CTX(WOLFSSL* ssl); + +WOLFSSL_API int wolfSSL_version(WOLFSSL*); + +WOLFSSL_API int wolfSSL_get_state(const WOLFSSL*); + +WOLFSSL_API void* wolfSSL_sk_X509_NAME_value(STACK_OF(WOLFSSL_X509_NAME)*, int); + +WOLFSSL_API void* wolfSSL_sk_X509_value(STACK_OF(WOLFSSL_X509)*, int); + +WOLFSSL_API STACK_OF(WOLFSSL_X509)* wolfSSL_get_peer_cert_chain(const WOLFSSL*); + +WOLFSSL_API long wolfSSL_CTX_get_options(WOLFSSL_CTX* ctx); + +WOLFSSL_API void* wolfSSL_SESSION_get_ex_data(const WOLFSSL_SESSION*, int); + +WOLFSSL_API int wolfSSL_SESSION_set_ex_data(WOLFSSL_SESSION*, int, void*); + +WOLFSSL_API int wolfSSL_SESSION_get_ex_new_index(long,void*,void*,void*,void*); + +WOLFSSL_API int wolfSSL_X509_NAME_get_sz(WOLFSSL_X509_NAME*); + +WOLFSSL_API long wolfSSL_CTX_set_tmp_dh(WOLFSSL_CTX*, WOLFSSL_DH*); + +WOLFSSL_API const unsigned char* wolfSSL_SESSION_get_id(WOLFSSL_SESSION*, unsigned int*); +#endif /* HAVE_STUNNEL */ + #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/wolfssl/wolfcrypt/coding.h b/wolfssl/wolfcrypt/coding.h index 286e437a4..b92921bd8 100644 --- a/wolfssl/wolfcrypt/coding.h +++ b/wolfssl/wolfcrypt/coding.h @@ -48,6 +48,9 @@ WOLFSSL_API int Base64_Decode(const byte* in, word32 inLen, byte* out, WOLFSSL_API int Base64_EncodeEsc(const byte* in, word32 inLen, byte* out, word32* outLen); + WOLFSSL_API + int Base64_Encode_NoNl(const byte* in, word32 inLen, byte* out, + word32* outLen); #endif #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || defined(HAVE_FIPS) From 4b1e87f9d02b41cc8bfa75b02c583246c14ee554 Mon Sep 17 00:00:00 2001 From: John Safranek Date: Tue, 14 Jul 2015 21:17:20 -0700 Subject: [PATCH 05/35] update the wolfSSL FIPS VS IDE project files and README --- IDE/WIN/README.txt | 21 ++++++++++++++++++--- IDE/WIN/test.vcxproj | 17 ++++++++--------- IDE/WIN/wolfssl-fips.vcxproj | 24 ++++++++---------------- 3 files changed, 34 insertions(+), 28 deletions(-) diff --git a/IDE/WIN/README.txt b/IDE/WIN/README.txt index d2ed0faaa..81695ded9 100644 --- a/IDE/WIN/README.txt +++ b/IDE/WIN/README.txt @@ -3,7 +3,7 @@ First, if you did not get the FIPS files with your archive, you must contact wolfSSL to obtain them. -# On Building the wolfssl-fips project +# Building the wolfssl-fips project The wolfCrypt FIPS library for Windows is a part of the wolfSSL library. It must be built as a static library. @@ -14,10 +14,25 @@ There are two functions added to the library that are used as markers in memory for the in-core memory check of the code. WPO consolidates them into a single function. WPO also optimizes away the automatic FIPS entry function. -A project using the library must disable - Each of the source files inside the FIPS boundary defines their own code and constant section. The code section names start with ".fipsA$" and the constant section names start with ".fipsB$". Each subsection has a letter to organize them in a secific order. This specific ordering puts marker functions and constants on either end of the boundary so it can be hashed. + +# In Core Memory Test + +The In Core Memory test calculates a checksum (HMAC-SHA256) of the wolfCrypt +FIPS library code and constant data and compares it with a known value in +the code. + +The Randomized Base Address setting doesn't cause any problems because +(I believe) that the addrsses in the executable are all offsets from the base +rather than absolute addresses. + +The "verifyCore" check value in the source fips_test.c needs to be updated when +building the code. The POS performs this check and the default failure callback +will print out the calculated checksum. When developing your code, copy this +value and paste it back into your code in the verifyCore initializer then +rebuild the code. When statically linking, you may have to recalculate your +check value when changing your application. diff --git a/IDE/WIN/test.vcxproj b/IDE/WIN/test.vcxproj index 47681399b..38e264b20 100644 --- a/IDE/WIN/test.vcxproj +++ b/IDE/WIN/test.vcxproj @@ -111,7 +111,7 @@ Disabled ..\..\;%(AdditionalIncludeDirectories) - WIN32;_DEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;%(PreprocessorDefinitions) + WIN32;_DEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;%(PreprocessorDefinitions) EnableFastChecks MultiThreadedDebugDLL @@ -130,7 +130,7 @@ Disabled ..\..\;%(AdditionalIncludeDirectories) - WIN32;_DEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;%(PreprocessorDefinitions) + WIN32;_DEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;%(PreprocessorDefinitions) EnableFastChecks MultiThreadedDebugDLL @@ -147,7 +147,7 @@ ..\..\;%(AdditionalIncludeDirectories) - WIN32;NDEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;%(PreprocessorDefinitions) + WIN32;NDEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;%(PreprocessorDefinitions) MultiThreadedDLL Level3 @@ -167,7 +167,7 @@ ..\..\;%(AdditionalIncludeDirectories) - WIN32;NDEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;%(PreprocessorDefinitions) + WIN32;NDEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;%(PreprocessorDefinitions) MultiThreadedDLL Level3 @@ -181,14 +181,13 @@ true true UseLinkTimeCodeGeneration - false Disabled ..\..\;%(AdditionalIncludeDirectories) - WIN32;_DEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;WOLFSSL_DLL;%(PreprocessorDefinitions) + WIN32;_DEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;WOLFSSL_DLL;%(PreprocessorDefinitions) EnableFastChecks MultiThreadedDebugDLL @@ -207,7 +206,7 @@ Disabled ..\..\;%(AdditionalIncludeDirectories) - WIN32;_DEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;WOLFSSL_DLL;%(PreprocessorDefinitions) + WIN32;_DEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;WOLFSSL_DLL;%(PreprocessorDefinitions) EnableFastChecks MultiThreadedDebugDLL @@ -224,7 +223,7 @@ ..\..\;%(AdditionalIncludeDirectories) - WIN32;NDEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;WOLFSSL_DLL;%(PreprocessorDefinitions) + WIN32;NDEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;WOLFSSL_DLL;%(PreprocessorDefinitions) MultiThreadedDLL Level3 @@ -244,7 +243,7 @@ ..\..\;%(AdditionalIncludeDirectories) - WIN32;NDEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;WOLFSSL_DLL;%(PreprocessorDefinitions) + WIN32;NDEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;WOLFSSL_DLL;%(PreprocessorDefinitions) MultiThreadedDLL Level3 diff --git a/IDE/WIN/wolfssl-fips.vcxproj b/IDE/WIN/wolfssl-fips.vcxproj index b1a68ebac..c63c79bd1 100644 --- a/IDE/WIN/wolfssl-fips.vcxproj +++ b/IDE/WIN/wolfssl-fips.vcxproj @@ -120,7 +120,7 @@ Disabled ./;../../;%(AdditionalIncludeDirectories) - OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions) + OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions) EnableFastChecks MultiThreadedDebugDLL Level4 @@ -132,7 +132,7 @@ Disabled ./;../../;%(AdditionalIncludeDirectories) - OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;BUILDING_WOLFSSL;WOLFSSL_DLL;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions) + OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;BUILDING_WOLFSSL;WOLFSSL_DLL;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions) true EnableFastChecks MultiThreadedDebugDLL @@ -145,7 +145,7 @@ Disabled ./;../../;%(AdditionalIncludeDirectories) - OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions) + OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions) EnableFastChecks MultiThreadedDebugDLL Level4 @@ -157,7 +157,7 @@ Disabled ./;../../;%(AdditionalIncludeDirectories) - OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;BUILDING_WOLFSSL;WOLFSSL_DLL;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions) + OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;BUILDING_WOLFSSL;WOLFSSL_DLL;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions) EnableFastChecks MultiThreadedDebugDLL Level4 @@ -175,7 +175,7 @@ MaxSpeed true ./;../../;%(AdditionalIncludeDirectories) - OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions) + OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions) MultiThreadedDLL true Level3 @@ -187,7 +187,7 @@ MaxSpeed true ./;../../;%(AdditionalIncludeDirectories) - OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;BUILDING_WOLFSSL;WOLFSSL_DLL;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions) + OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;BUILDING_WOLFSSL;WOLFSSL_DLL;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions) MultiThreadedDLL true Level3 @@ -199,7 +199,7 @@ MaxSpeed true ./;../../;%(AdditionalIncludeDirectories) - OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions) + OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions) MultiThreadedDLL true Level3 @@ -212,7 +212,7 @@ MaxSpeed true ./;../../;%(AdditionalIncludeDirectories) - OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;BUILDING_WOLFSSL;WOLFSSL_DLL;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions) + OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;BUILDING_WOLFSSL;WOLFSSL_DLL;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions) MultiThreadedDLL true Level3 @@ -261,34 +261,26 @@ $(IntDir)ctaocrypt\ - - - - - - - - From 55677aa5ae10944aa9778839cc2e0870466affc4 Mon Sep 17 00:00:00 2001 From: Chris Conlon Date: Wed, 15 Jul 2015 11:56:14 -0600 Subject: [PATCH 06/35] fix BLAKE2b cyassl compat header includes --- cyassl/ctaocrypt/blake2-impl.h | 2 +- cyassl/ctaocrypt/blake2-int.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/cyassl/ctaocrypt/blake2-impl.h b/cyassl/ctaocrypt/blake2-impl.h index fc5ec3a49..de6ed273b 100644 --- a/cyassl/ctaocrypt/blake2-impl.h +++ b/cyassl/ctaocrypt/blake2-impl.h @@ -36,7 +36,7 @@ #define CTAOCRYPT_BLAKE2_IMPL_H #include -#include +#include #endif /* CTAOCRYPT_BLAKE2_IMPL_H */ diff --git a/cyassl/ctaocrypt/blake2-int.h b/cyassl/ctaocrypt/blake2-int.h index 07ea8e745..9dadaadcb 100644 --- a/cyassl/ctaocrypt/blake2-int.h +++ b/cyassl/ctaocrypt/blake2-int.h @@ -37,7 +37,7 @@ #define CTAOCRYPT_BLAKE2_INT_H #include -#include +#include #endif /* CTAOCRYPT_BLAKE2_INT_H */ From 763e9370bf1bc6d771ccbdef16357492a3f71c0c Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Wed, 15 Jul 2015 13:48:31 -0600 Subject: [PATCH 07/35] WOLFSSL_STUB log for debug message --- src/ssl.c | 30 +++++++++++++++++++++++++++++- wolfssl/wolfcrypt/logging.h | 5 +++++ 2 files changed, 34 insertions(+), 1 deletion(-) diff --git a/src/ssl.c b/src/ssl.c index 7e40efa64..3dbd22bbd 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -15158,6 +15158,9 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl) unsigned char *wolfSSL_SHA1(const unsigned char *d, size_t n, unsigned char *md) { (void) *d; (void) n; (void) *md; + WOLFSSL_ENTER("wolfSSL_SHA1"); + WOLFSSL_STUB("wolfssl_SHA1"); + return NULL; } @@ -15165,6 +15168,7 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl) (void)ctx; (void)x; WOLFSSL_ENTER("WOLFSSL_CTX_use_certificate"); + WOLFSSL_STUB("WOLFSSL_CTX_use_certificate"); return 0; } @@ -15173,6 +15177,7 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl) (void)ctx; (void)pkey; WOLFSSL_ENTER("WOLFSSL_CTX_use_PrivateKey"); + WOLFSSL_STUB("WOLFSSL_CTX_use_PrivateKey"); return 0; } @@ -15181,6 +15186,7 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl) (void)filename; (void)mode; WOLFSSL_ENTER("wolfSSL_BIO_new_file"); + WOLFSSL_STUB("wolfSSL_BIO_new_file"); return NULL; } @@ -15189,18 +15195,22 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl) (void)b; (void)name; WOLFSSL_ENTER("wolfSSL_BIO_read_filename"); + WOLFSSL_STUB("wolfSSL_BIO_read_filename"); return 0; } WOLFSSL_BIO_METHOD* WOLFSSL_BIO_s_file(void) { WOLFSSL_ENTER("WOLFSSL_BIO_s_file"); + WOLFSSL_STUB("WOLFSSL_BIO_s_file"); + return NULL; } const char * wolf_OBJ_nid2sn(int n) { (void)n; WOLFSSL_ENTER("wolf_OBJ_nid2sn"); + WOLFSSL_STUB("wolf_OBJ_nid2sn"); return 0; } @@ -15208,6 +15218,7 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl) int wolf_OBJ_obj2nid(const WOLFSSL_ASN1_OBJECT *o) { (void)o; WOLFSSL_ENTER("wolf_OBJ_obj2nid"); + WOLFSSL_STUB("wolf_OBJ_obj2nid"); return 0; } @@ -15215,6 +15226,7 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl) int wolf_OBJ_sn2nid(const char *sn) { (void)sn; WOLFSSL_ENTER("wolf_OBJ_osn2nid"); + WOLFSSL_STUB("wolf_OBJ_osn2nid"); return 0; } @@ -15225,6 +15237,7 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl) (void)cb; (void)u; WOLFSSL_ENTER("PEM_read_bio_DHparams"); + WOLFSSL_STUB("PEM_read_bio_DHparams"); return NULL; } @@ -15235,6 +15248,7 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl) (void)cb; (void)u; WOLFSSL_ENTER("PEM_read_bio_WOLFSSL_X509"); + WOLFSSL_STUB("PEM_read_bio_WOLFSSL_X509"); return NULL; } @@ -15243,6 +15257,7 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl) (void)bp; (void)x; WOLFSSL_ENTER("PEM_write_bio_WOLFSSL_X509"); + WOLFSSL_STUB("PEM_write_bio_WOLFSSL_X509"); return 0; } @@ -15251,14 +15266,17 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl) (void)ctx; (void)dh; WOLFSSL_ENTER("WOLFSSL_CTX_set_tmp_dh"); + WOLFSSL_STUB("WOLFSSL_CTX_set_tmp_dh"); return 0; } - void wolfSSL_CTX_set_verify_depth(WOLFSSL_CTX *ctx,int depth) { + void wolfSSL_CTX_set_verify_depth(WOLFSSL_CTX *ctx, int depth) { (void)ctx; (void)depth; WOLFSSL_ENTER("wolfSSL_CTX_set_verify_depth"); + WOLFSSL_STUB("wolfSSL_CTX_set_verify_depth"); + } void* WOLFSSL_get_app_data( const WOLFSSL *ssl) @@ -15266,6 +15284,7 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl) /* checkout exdata stuff... */ (void)ssl; WOLFSSL_ENTER("WOLFSSL_get_app_data"); + WOLFSSL_STUB("WOLFSSL_get_app_data"); return 0; } @@ -15274,11 +15293,13 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl) (void)ssl; (void)arg; WOLFSSL_ENTER("WOLFSSL_set_app_data"); + WOLFSSL_STUB("WOLFSSL_set_app_data"); } WOLFSSL_ASN1_OBJECT * WOLFSSL_X509_NAME_ENTRY_get_object(WOLFSSL_X509_NAME_ENTRY *ne) { (void)ne; WOLFSSL_ENTER("WOLFSSL_X509_NAME_ENTRY_get_object"); + WOLFSSL_STUB("WOLFSSL_X509_NAME_ENTRY_get_object"); return NULL; } @@ -15287,6 +15308,7 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl) (void)name; (void)loc; WOLFSSL_ENTER("WOLFSSL_X509_NAME_get_entry"); + WOLFSSL_STUB("WOLFSSL_X509_NAME_get_entry"); return NULL; } @@ -15294,24 +15316,30 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl) void WOLFSSL_X509_NAME_free(WOLFSSL_X509_NAME *name){ FreeX509Name(name); WOLFSSL_ENTER("WOLFSSL_X509_NAME_free"); + WOLFSSL_STUB("WOLFSSL_X509_NAME_free"); } void wolfSSL_sk_X509_NAME_pop_free(STACK_OF(WOLFSSL_X509_NAME)* sk, void f (WOLFSSL_X509_NAME*)){ (void) sk; (void) f; WOLFSSL_ENTER("wolfSSL_sk_X509_NAME_pop_free"); + WOLFSSL_STUB("wolfSSL_sk_X509_NAME_pop_free"); } int wolfSSL_X509_check_private_key(WOLFSSL_X509 *x509, WOLFSSL_EVP_PKEY *key){ (void) x509; (void) key; WOLFSSL_ENTER("wolfSSL_X509_check_private_key"); + WOLFSSL_STUB("wolfSSL_X509_check_private_key"); + return SSL_SUCCESS; } STACK_OF(WOLFSSL_X509_NAME) *wolfSSL_dup_CA_list( STACK_OF(WOLFSSL_X509_NAME) *sk ){ (void) sk; WOLFSSL_ENTER("wolfSSL_dup_CA_list"); + WOLFSSL_STUB("wolfSSL_dup_CA_list"); + return NULL; } diff --git a/wolfssl/wolfcrypt/logging.h b/wolfssl/wolfcrypt/logging.h index 0b124835b..2e604080d 100644 --- a/wolfssl/wolfcrypt/logging.h +++ b/wolfssl/wolfcrypt/logging.h @@ -46,9 +46,13 @@ typedef void (*wolfSSL_Logging_cb)(const int logLevel, WOLFSSL_API int wolfSSL_SetLoggingCb(wolfSSL_Logging_cb log_function); #ifdef DEBUG_WOLFSSL + /* a is prepended to m and b is appended, creating a log msg a + m + b */ + #define WOLFSSL_LOG_CAT(a, m, b) #a " " m " " #b void WOLFSSL_ENTER(const char* msg); void WOLFSSL_LEAVE(const char* msg, int ret); + #define WOLFSSL_STUB(m) \ + WOLFSSL_MSG(WOLFSSL_LOG_CAT(wolfSSL Stub, m, not implemented)) void WOLFSSL_ERROR(int); void WOLFSSL_MSG(const char* msg); @@ -57,6 +61,7 @@ WOLFSSL_API int wolfSSL_SetLoggingCb(wolfSSL_Logging_cb log_function); #define WOLFSSL_ENTER(m) #define WOLFSSL_LEAVE(m, r) + #define WOLFSSL_STUB(m) #define WOLFSSL_ERROR(e) #define WOLFSSL_MSG(m) From 0b3bc289ae880d938d882378af4b9c0fc68c73c1 Mon Sep 17 00:00:00 2001 From: toddouska Date: Wed, 15 Jul 2015 13:44:09 -0700 Subject: [PATCH 08/35] fix enable stunnel help alignment --- configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index a05f9e221..7bb1b769f 100644 --- a/configure.ac +++ b/configure.ac @@ -1704,7 +1704,7 @@ fi # stunnel Support AC_ARG_ENABLE([stunnel], - [ --enable-stunnel Enable stunnel (default: disabled)], + [ --enable-stunnel Enable stunnel (default: disabled)], [ ENABLED_STUNNEL=$enableval ], [ ENABLED_STUNNEL=no ] ) From bffecfbc2dc55c1b3a0c0da8c86ab497ad5a884f Mon Sep 17 00:00:00 2001 From: kaleb-himes Date: Wed, 15 Jul 2015 15:33:49 -0600 Subject: [PATCH 09/35] New AES structure size increased, update mcapi context to encompass --- mcapi/crypto.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mcapi/crypto.h b/mcapi/crypto.h index 7a960d855..82b4d0249 100644 --- a/mcapi/crypto.h +++ b/mcapi/crypto.h @@ -163,7 +163,7 @@ enum { /* AES */ typedef struct CRYPT_AES_CTX { - int holder[70]; /* big enough to hold internal, but check on init */ + int holder[74]; /* big enough to hold internal, but check on init */ } CRYPT_AES_CTX; /* key */ From 8eaac3de472e76a181f6b48ed3f78ed05b81f2d2 Mon Sep 17 00:00:00 2001 From: toddouska Date: Wed, 15 Jul 2015 15:01:48 -0700 Subject: [PATCH 10/35] fix clang redef --- wolfssl/ssl.h | 1 - 1 file changed, 1 deletion(-) diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index d3d4a4aa3..465647a1a 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -90,7 +90,6 @@ typedef struct WOLFSSL_X509_EXTENSION WOLFSSL_X509_EXTENSION; typedef struct WOLFSSL_ASN1_TIME WOLFSSL_ASN1_TIME; typedef struct WOLFSSL_ASN1_INTEGER WOLFSSL_ASN1_INTEGER; typedef struct WOLFSSL_ASN1_OBJECT WOLFSSL_ASN1_OBJECT; -typedef struct WOLFSSL_dynlock_value WOLFSSL_dynlock_value; typedef struct WOLFSSL_ASN1_STRING WOLFSSL_ASN1_STRING; typedef struct WOLFSSL_dynlock_value WOLFSSL_dynlock_value; From ffb73bc3d5c4cd087875a40b33df330237a777d5 Mon Sep 17 00:00:00 2001 From: toddouska Date: Wed, 15 Jul 2015 16:25:49 -0700 Subject: [PATCH 11/35] fix no newline in openssl/ecdsa.h --- wolfssl/openssl/ecdsa.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/wolfssl/openssl/ecdsa.h b/wolfssl/openssl/ecdsa.h index 22b2d4cda..a92841fff 100644 --- a/wolfssl/openssl/ecdsa.h +++ b/wolfssl/openssl/ecdsa.h @@ -35,4 +35,5 @@ WOLFSSL_API int wolfSSL_ECDSA_do_verify(const unsigned char *dgst, } /* extern "C" */ #endif -#endif /* header */ \ No newline at end of file +#endif /* header */ + From 8cb19492031989a57de5a5ec29c92a58c63a9b9d Mon Sep 17 00:00:00 2001 From: John Safranek Date: Wed, 15 Jul 2015 16:27:50 -0700 Subject: [PATCH 12/35] fix some build warnings from VS --- src/ssl.c | 16 ++++++++-------- wolfssl/openssl/ecdh.h | 2 +- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 146c4f56d..efd30e6d6 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -11514,11 +11514,11 @@ int wolfSSL_BN_add(WOLFSSL_BIGNUM *r, WOLFSSL_BIGNUM *a, WOLFSSL_BIGNUM *b) int wolfSSL_BN_is_prime_ex(const WOLFSSL_BIGNUM *bn, int nbchecks, WOLFSSL_BN_CTX *ctx, WOLFSSL_BN_GENCB *cb) { + int res; + (void)ctx; (void)cb; - int res; - WOLFSSL_MSG("wolfSSL_BN_is_prime_ex"); if (bn == NULL || bn->internal == NULL) { @@ -13150,13 +13150,13 @@ int wolfSSL_PEM_write_buf_RSAPrivateKey(RSA* rsa, const EVP_CIPHER* cipher, unsigned char* passwd, int len, byte **pem, int *plen) { + byte *der, *tmp; + int der_max_len = 0, derSz = 0; + (void)cipher; (void)passwd; (void)len; - byte *der, *tmp; - int der_max_len = 0, derSz = 0; - WOLFSSL_MSG("wolfSSL_PEM_write_buf_RSAPrivateKey"); if (pem == NULL || plen == NULL || rsa == NULL || rsa->internal == NULL) { @@ -13231,15 +13231,15 @@ int wolfSSL_PEM_write_RSAPrivateKey(FILE *fp, WOLFSSL_RSA *rsa, unsigned char *kstr, int klen, pem_password_cb *cb, void *u) { + byte* pem; + int plen, ret; + (void)enc; (void)kstr; (void)klen; (void)cb; (void)u; - byte *pem; - int plen, ret; - WOLFSSL_MSG("wolfSSL_PEM_write_RSAPrivateKey"); if (fp == NULL || rsa == NULL || rsa->internal == NULL) { diff --git a/wolfssl/openssl/ecdh.h b/wolfssl/openssl/ecdh.h index b5583dd93..57d9e2e37 100644 --- a/wolfssl/openssl/ecdh.h +++ b/wolfssl/openssl/ecdh.h @@ -7,7 +7,7 @@ #include #ifdef __cplusplus -extern C { +extern "C" { #endif From 84a5087bd75e69c0688f499250d51839eaaac715 Mon Sep 17 00:00:00 2001 From: toddouska Date: Wed, 15 Jul 2015 16:35:23 -0700 Subject: [PATCH 13/35] resume script cleans up /tmp ready file --- scripts/resume.test | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/scripts/resume.test b/scripts/resume.test index e4b0a6eb3..17bfd8c9f 100755 --- a/scripts/resume.test +++ b/scripts/resume.test @@ -7,6 +7,15 @@ resume_port=11112 no_pid=-1 server_pid=$no_pid + +remove_ready_file() { + if test -e /tmp/wolfssl_server_ready; then + echo -e "removing exisitng server_ready file" + rm /tmp/wolfssl_server_ready + fi +} + + do_cleanup() { echo "in cleanup" @@ -15,6 +24,7 @@ do_cleanup() { echo "killing server" kill -9 $server_pid fi + remove_ready_file } do_trap() { @@ -27,10 +37,7 @@ trap do_trap INT TERM echo -e "\nStarting example server for resume test...\n" -if test -e /tmp/wolfssl_server_ready; then - echo -e "removing exisitng server_ready file" - rm /tmp/wolfssl_server_ready -fi +remove_ready_file ./examples/server/server -r -R -p $resume_port & server_pid=$! @@ -51,6 +58,7 @@ fi wait $server_pid server_result=$? +remove_ready_file if [ $server_result != 0 ] then From 5a00e4b72b5fb1e35ade47cb50ccfbe2327a3260 Mon Sep 17 00:00:00 2001 From: toddouska Date: Thu, 16 Jul 2015 10:18:08 -0700 Subject: [PATCH 14/35] use full ivSz with ecc encrypt --- wolfcrypt/src/ecc.c | 2 +- wolfssl/wolfcrypt/ecc.h | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index 42411a7b8..a65e343df 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -4912,7 +4912,7 @@ static int ecc_get_key_sizes(ecEncCtx* ctx, int* encKeySz, int* ivSz, switch (ctx->encAlgo) { case ecAES_128_CBC: *encKeySz = KEY_SIZE_128; - *ivSz = IV_SIZE_64; + *ivSz = IV_SIZE_128; *blockSz = AES_BLOCK_SIZE; break; default: diff --git a/wolfssl/wolfcrypt/ecc.h b/wolfssl/wolfcrypt/ecc.h index 9908ff9e8..3da99ec64 100644 --- a/wolfssl/wolfcrypt/ecc.h +++ b/wolfssl/wolfcrypt/ecc.h @@ -231,6 +231,7 @@ enum { KEY_SIZE_128 = 16, KEY_SIZE_256 = 32, IV_SIZE_64 = 8, + IV_SIZE_128 = 16, EXCHANGE_SALT_SZ = 16, EXCHANGE_INFO_SZ = 23 }; From 53fb9188e7ab0f31b1ec1b029576fe0995599880 Mon Sep 17 00:00:00 2001 From: "John M. Schanck" Date: Thu, 16 Jul 2015 15:43:50 -0400 Subject: [PATCH 15/35] Use ntru functions from stable libntruencrypt api ntru_crypto_external_drbg_instantiate has been renamed to ntru_crypto_drbg_external_instantiate in the 1.0.0 release of libntruencrypt. Made various other small changes to build against libntruencrypt. --- IDE/MDK5-ARM/Projects/CryptBenchmark/benchmark.c | 2 +- IDE/MDK5-ARM/Projects/CryptTest/test.c | 2 +- configure.ac | 6 +++--- src/internal.c | 14 +++++++------- src/tls.c | 8 ++++---- wolfcrypt/benchmark/benchmark.c | 2 +- wolfcrypt/src/asn.c | 2 +- wolfcrypt/test/test.c | 2 +- 8 files changed, 19 insertions(+), 19 deletions(-) diff --git a/IDE/MDK5-ARM/Projects/CryptBenchmark/benchmark.c b/IDE/MDK5-ARM/Projects/CryptBenchmark/benchmark.c index 417ae3177..fa13b8b80 100644 --- a/IDE/MDK5-ARM/Projects/CryptBenchmark/benchmark.c +++ b/IDE/MDK5-ARM/Projects/CryptBenchmark/benchmark.c @@ -52,7 +52,7 @@ #include "cavium_ioctl.h" #endif #ifdef HAVE_NTRU - #include "ntru_crypto.h" + #include "libntruencrypt/ntru_crypto.h" #endif #if defined(CYASSL_MDK_ARM) diff --git a/IDE/MDK5-ARM/Projects/CryptTest/test.c b/IDE/MDK5-ARM/Projects/CryptTest/test.c index ac5c775b2..167832eae 100644 --- a/IDE/MDK5-ARM/Projects/CryptTest/test.c +++ b/IDE/MDK5-ARM/Projects/CryptTest/test.c @@ -101,7 +101,7 @@ #endif #ifdef HAVE_NTRU - #include "ntru_crypto.h" + #include "libntruencrypt/ntru_crypto.h" #endif #ifdef HAVE_CAVIUM #include "cavium_sysdep.h" diff --git a/configure.ac b/configure.ac index 7bb1b769f..f076e453c 100644 --- a/configure.ac +++ b/configure.ac @@ -1397,9 +1397,9 @@ AC_ARG_WITH([ntru], [ AC_MSG_CHECKING([for NTRU]) CPPFLAGS="$CPPFLAGS -DHAVE_NTRU -DHAVE_QSH -DHAVE_TLS_EXTENSIONS" - LIBS="$LIBS -lNTRUEncrypt" + LIBS="$LIBS -lntruencrypt" - AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include ]], [[ ntru_crypto_drbg_instantiate(0, 0, 0, 0, 0); ]])], [ ntru_linked=yes ],[ ntru_linked=no ]) + AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include ]], [[ ntru_crypto_drbg_instantiate(0, 0, 0, 0, 0); ]])], [ ntru_linked=yes ],[ ntru_linked=no ]) if test "x$ntru_linked" == "xno" ; then if test "x$withval" != "xno" ; then @@ -1412,7 +1412,7 @@ AC_ARG_WITH([ntru], LDFLAGS="$AM_LDFLAGS -L$tryntrudir/lib" CPPFLAGS="$CPPFLAGS -I$tryntrudir/include" - AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include ]], [[ ntru_crypto_drbg_instantiate(0, 0, 0, 0, 0); ]])], [ ntru_linked=yes ],[ ntru_linked=no ]) + AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include ]], [[ ntru_crypto_drbg_instantiate(0, 0, 0, 0, 0); ]])], [ ntru_linked=yes ],[ ntru_linked=no ]) if test "x$ntru_linked" == "xno" ; then AC_MSG_ERROR([NTRU isn't found. diff --git a/src/internal.c b/src/internal.c index ceef2eeab..fa4208c44 100644 --- a/src/internal.c +++ b/src/internal.c @@ -41,7 +41,7 @@ #endif #ifdef HAVE_NTRU - #include "ntru_crypto.h" + #include "libntruencrypt/ntru_crypto.h" #endif #if defined(DEBUG_WOLFSSL) || defined(SHOW_SECRETS) || defined(CHACHA_AEAD_TEST) @@ -247,7 +247,7 @@ static int QSH_FreeAll(WOLFSSL* ssl) static RNG* rng; static wolfSSL_Mutex* rngMutex; -static word32 GetEntropy(unsigned char* out, unsigned long long num_bytes) +static word32 GetEntropy(unsigned char* out, word32 num_bytes) { int ret = 0; @@ -265,7 +265,7 @@ static word32 GetEntropy(unsigned char* out, unsigned long long num_bytes) } ret |= LockMutex(rngMutex); - ret |= wc_RNG_GenerateBlock(rng, out, (word32)num_bytes); + ret |= wc_RNG_GenerateBlock(rng, out, num_bytes); ret |= UnLockMutex(rngMutex); if (ret != 0) @@ -10623,7 +10623,7 @@ static int NtruSecretEncrypt(QSHKey* key, byte* bufIn, word32 inSz, } /* set up ntru drbg */ - ret = ntru_crypto_external_drbg_instantiate(GetEntropy, &drbg); + ret = ntru_crypto_drbg_external_instantiate(GetEntropy, &drbg); if (ret != DRBG_OK) return NTRU_DRBG_ERROR; @@ -10670,7 +10670,7 @@ static int NtruSecretDecrypt(QSHKey* key, byte* bufIn, word32 inSz, /* set up drbg */ - ret = ntru_crypto_external_drbg_instantiate(GetEntropy, &drbg); + ret = ntru_crypto_drbg_external_instantiate(GetEntropy, &drbg); if (ret != DRBG_OK) return NTRU_DRBG_ERROR; @@ -10805,7 +10805,7 @@ static word32 QSH_MaxSecret(QSHKey* key) } if (isNtru) { - ret = ntru_crypto_external_drbg_instantiate(GetEntropy, &drbg); + ret = ntru_crypto_drbg_external_instantiate(GetEntropy, &drbg); if (ret != DRBG_OK) return NTRU_DRBG_ERROR; ret = ntru_crypto_ntru_encrypt(drbg, key->pub.length, @@ -11251,7 +11251,7 @@ static word32 QSH_KeyExchangeWrite(WOLFSSL* ssl, byte isServer) return NO_PEER_KEY; } - rc = ntru_crypto_external_drbg_instantiate(GetEntropy, &drbg); + rc = ntru_crypto_drbg_external_instantiate(GetEntropy, &drbg); if (rc != DRBG_OK) { #ifdef WOLFSSL_SMALL_STACK XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER); diff --git a/src/tls.c b/src/tls.c index 5a070f667..39f36bb17 100644 --- a/src/tls.c +++ b/src/tls.c @@ -37,7 +37,7 @@ #endif #ifdef HAVE_NTRU - #include "ntru_crypto.h" + #include "libntruencrypt/ntru_crypto.h" #include #endif #ifdef HAVE_QSH @@ -2836,7 +2836,7 @@ static word16 TLSX_Write(TLSX* list, byte* output, byte* semaphore, #ifdef HAVE_NTRU -static word32 GetEntropy(unsigned char* out, unsigned long long num_bytes) +static word32 GetEntropy(unsigned char* out, word32 num_bytes) { int ret = 0; @@ -2854,7 +2854,7 @@ static word32 GetEntropy(unsigned char* out, unsigned long long num_bytes) } ret |= LockMutex(rngMutex); - ret |= wc_RNG_GenerateBlock(rng, out, (word32)num_bytes); + ret |= wc_RNG_GenerateBlock(rng, out, num_bytes); ret |= UnLockMutex(rngMutex); if (ret != 0) @@ -2947,7 +2947,7 @@ int TLSX_CreateNtruKey(WOLFSSL* ssl, int type) WOLFSSL_MSG("Unknown type for creating NTRU key"); return -1; } - ret = ntru_crypto_external_drbg_instantiate(GetEntropy, &drbg); + ret = ntru_crypto_drbg_external_instantiate(GetEntropy, &drbg); if (ret != DRBG_OK) { WOLFSSL_MSG("NTRU drbg instantiate failed\n"); return ret; diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c index 891ce0bf9..e68af6177 100644 --- a/wolfcrypt/benchmark/benchmark.c +++ b/wolfcrypt/benchmark/benchmark.c @@ -71,7 +71,7 @@ #include "cavium_ioctl.h" #endif #ifdef HAVE_NTRU - #include "ntru_crypto.h" + #include "libntruencrypt/ntru_crypto.h" #endif #if defined(WOLFSSL_MDK_ARM) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 01fd2eaca..8537ed5d2 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -49,7 +49,7 @@ #endif #ifdef HAVE_NTRU - #include "ntru_crypto.h" + #include "libntruencrypt/ntru_crypto.h" #endif #if defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384) diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 6286e3eac..c96d836a6 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -115,7 +115,7 @@ #endif #ifdef HAVE_NTRU - #include "ntru_crypto.h" + #include "libntruencrypt/ntru_crypto.h" #endif #ifdef HAVE_CAVIUM #include "cavium_sysdep.h" From c6003c33bbd9f9141832ef2ab008ea52bd1ab09d Mon Sep 17 00:00:00 2001 From: lchristina26 Date: Thu, 16 Jul 2015 14:19:11 -0600 Subject: [PATCH 16/35] fix disable filesystem errors --- src/ssl.c | 5 +++++ wolfssl/openssl/bn.h | 4 +++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/src/ssl.c b/src/ssl.c index efd30e6d6..e15d574fa 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -11613,6 +11613,7 @@ char *wolfSSL_BN_bn2hex(const WOLFSSL_BIGNUM *bn) return buf; } +#ifndef NO_FILESYSTEM /* return code compliant with OpenSSL : * 1 if success, 0 if error */ @@ -11638,6 +11639,7 @@ int wolfSSL_BN_print_fp(FILE *fp, const WOLFSSL_BIGNUM *bn) return SSL_SUCCESS; } +#endif /* !defined(NO_FILESYSTEM) */ #else /* defined(HAVE_ECC) */ @@ -11650,6 +11652,7 @@ char *wolfSSL_BN_bn2hex(const WOLFSSL_BIGNUM *bn) return (char*)""; } +#ifndef NO_FILESYSTEM /* return code compliant with OpenSSL : * 1 if success, 0 if error */ @@ -11662,6 +11665,8 @@ int wolfSSL_BN_print_fp(FILE *fp, const WOLFSSL_BIGNUM *bn) return SSL_SUCCESS; } +#endif /* !defined(NO_FILESYSTEM) */ + #endif /*(defined(WOLFSSL_KEY_GEN)||defined(HAVE_COMP_KEY))&&defined(HAVE_ECC)*/ WOLFSSL_BIGNUM *wolfSSL_BN_CTX_get(WOLFSSL_BN_CTX *ctx) diff --git a/wolfssl/openssl/bn.h b/wolfssl/openssl/bn.h index 225e6976d..c56a3cfca 100644 --- a/wolfssl/openssl/bn.h +++ b/wolfssl/openssl/bn.h @@ -77,7 +77,9 @@ WOLFSSL_API int wolfSSL_BN_is_prime_ex(const WOLFSSL_BIGNUM*, int, WOLFSSL_BN_CTX*, WOLFSSL_BN_GENCB*); WOLFSSL_API WOLFSSL_BN_ULONG wolfSSL_BN_mod_word(const WOLFSSL_BIGNUM*, WOLFSSL_BN_ULONG); -WOLFSSL_API int wolfSSL_BN_print_fp(FILE*, const WOLFSSL_BIGNUM*); +#ifndef NO_FILESYSTEM + WOLFSSL_API int wolfSSL_BN_print_fp(FILE*, const WOLFSSL_BIGNUM*); +#endif WOLFSSL_API int wolfSSL_BN_rshift(WOLFSSL_BIGNUM*, const WOLFSSL_BIGNUM*, int); WOLFSSL_API WOLFSSL_BIGNUM *wolfSSL_BN_CTX_get(WOLFSSL_BN_CTX *ctx); WOLFSSL_API void wolfSSL_BN_CTX_start(WOLFSSL_BN_CTX *ctx); From e698c12530454e9b52a2e2877c290e0c955e217f Mon Sep 17 00:00:00 2001 From: kaleb-himes Date: Thu, 16 Jul 2015 15:31:36 -0600 Subject: [PATCH 17/35] ecc_encrypt + hkdf requires aes --- configure.ac | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/configure.ac b/configure.ac index 7bb1b769f..63b2fca90 100644 --- a/configure.ac +++ b/configure.ac @@ -1000,6 +1000,10 @@ AC_ARG_ENABLE([aes], if test "$ENABLED_AES" = "no" then AM_CFLAGS="$AM_CFLAGS -DNO_AES" + if test "$ENABLED_ECC_ENCRYPT" = "yes" + then + AC_MSG_ERROR([cannot enable eccencrypt and hkdf without aes.]) + fi if test "$ENABLED_AESGCM" = "yes" then AC_MSG_ERROR([AESGCM requires AES.]) From 5409c171e44f5341d23a99df1f3a2f6fcb217c02 Mon Sep 17 00:00:00 2001 From: John Safranek Date: Thu, 16 Jul 2015 16:38:48 -0700 Subject: [PATCH 18/35] In wolfSSL_BN_mod_word, typecast error code to a unsigned output like in emulated function. --- src/ssl.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index e15d574fa..d00ed60ac 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -11553,25 +11553,25 @@ WOLFSSL_BN_ULONG wolfSSL_BN_mod_word(const WOLFSSL_BIGNUM *bn, if (bn == NULL || bn->internal == NULL) { WOLFSSL_MSG("bn NULL error"); - return SSL_FATAL_ERROR; + return (WOLFSSL_BN_ULONG)SSL_FATAL_ERROR; } if (mp_init_multi(&mod, &res, NULL, NULL, NULL, NULL) != MP_OKAY) { WOLFSSL_MSG("mp_init error"); - return SSL_FATAL_ERROR; + return (WOLFSSL_BN_ULONG)SSL_FATAL_ERROR; } if (mp_set_int(&mod, w) != MP_OKAY) { WOLFSSL_MSG("mp_set_int error"); mp_clear(&mod); - return SSL_FATAL_ERROR; + return (WOLFSSL_BN_ULONG)SSL_FATAL_ERROR; } if (mp_mod((mp_int*)bn->internal, &mod, &res) != MP_OKAY) { WOLFSSL_MSG("mp_add_d error"); mp_clear(&mod); mp_clear(&res); - return SSL_FATAL_ERROR; + return (WOLFSSL_BN_ULONG)SSL_FATAL_ERROR; } ret = res.dp[0]; From 9b81e41856fccb3a8ebbbd392476584f9edb491c Mon Sep 17 00:00:00 2001 From: toddouska Date: Thu, 16 Jul 2015 16:46:37 -0700 Subject: [PATCH 19/35] merge pull request 96 --- configure.ac | 9 +- src/ssl.c | 290 +++++++++++++++++-------------------- wolfcrypt/src/coding.c | 28 ++-- wolfssl/openssl/ssl.h | 33 +++-- wolfssl/ssl.h | 41 +++--- wolfssl/wolfcrypt/coding.h | 6 + 6 files changed, 200 insertions(+), 207 deletions(-) diff --git a/configure.ac b/configure.ac index 63b2fca90..96b6b4e39 100644 --- a/configure.ac +++ b/configure.ac @@ -1730,7 +1730,7 @@ then # For now, requires no fastmath, turn off if on if test "x$ENABLED_FASTMATH" = "xyes" then - ENABLED_FASTMATH = "no" + ENABLED_FASTMATH="no" fi # Requires sessioncerts make sure on @@ -1740,6 +1740,13 @@ then AM_CFLAGS="$AM_CFLAGS -DSESSION_CERTS" fi + # Requires crls, make sure on + if test "x$ENABLED_CRL" = "xno" + then + ENABLED_CRL="yes" + AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL" + AM_CONDITIONAL([BUILD_CRL], [test "x$ENABLED_CRL" = "xyes"]) + fi AM_CFLAGS="$AM_CFLAGS -DHAVE_STUNNEL" fi diff --git a/src/ssl.c b/src/ssl.c index e15d574fa..86fa7f8f4 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -7109,8 +7109,14 @@ int wolfSSL_set_compression(WOLFSSL* ssl) void wolfSSL_set_shutdown(WOLFSSL* ssl, int opt) { - (void)ssl; - (void)opt; + WOLFSSL_ENTER("wolfSSL_set_shutdown"); + if(ssl==NULL) { + WOLFSSL_MSG("Shutdown not set. ssl is null"); + return; + } + + ssl->options.sentNotify = (opt&SSL_SENT_SHUTDOWN) > 0; + ssl->options.closeNotify = (opt&SSL_RECEIVED_SHUTDOWN) > 0; } @@ -9490,9 +9496,14 @@ void wolfSSL_set_connect_state(WOLFSSL* ssl) int wolfSSL_get_shutdown(const WOLFSSL* ssl) { + WOLFSSL_ENTER("wolfSSL_get_shutdown"); +#ifdef HAVE_STUNNEL + return (ssl->options.sentNotify << 1) | (ssl->options.closeNotify); +#else return (ssl->options.isClosed || ssl->options.connReset || ssl->options.sentNotify); +#endif } @@ -10274,7 +10285,7 @@ int wolfSSL_X509_STORE_CTX_init(WOLFSSL_X509_STORE_CTX* ctx, WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509, STACK_OF(WOLFSSL_X509)* sk) { (void)sk; - WOLFSSL_ENTER(__func__); + WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_init"); if (ctx != NULL) { ctx->store = store; ctx->current_cert = x509; @@ -10461,7 +10472,7 @@ long wolfSSL_ASN1_INTEGER_get(const WOLFSSL_ASN1_INTEGER* i) void* wolfSSL_X509_STORE_CTX_get_ex_data(WOLFSSL_X509_STORE_CTX* ctx, int idx) { - WOLFSSL_ENTER(__func__); + WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_get_ex_data"); #if defined(FORTRESS) || defined(HAVE_STUNNEL) if (ctx != NULL && idx == 0) return ctx->ex_data; @@ -10475,7 +10486,7 @@ void* wolfSSL_X509_STORE_CTX_get_ex_data(WOLFSSL_X509_STORE_CTX* ctx, int idx) int wolfSSL_get_ex_data_X509_STORE_CTX_idx(void) { - WOLFSSL_ENTER(__func__); + WOLFSSL_ENTER("wolfSSL_get_ex_data_X509_STORE_CTX_idx"); return 0; } @@ -15106,32 +15117,24 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl) return NULL; } - char WOLFSSL_CTX_use_certificate(WOLFSSL_CTX *ctx, WOLFSSL_X509 *x) { + char wolfSSL_CTX_use_certificate(WOLFSSL_CTX *ctx, WOLFSSL_X509 *x) { (void)ctx; (void)x; - WOLFSSL_ENTER("WOLFSSL_CTX_use_certificate"); - WOLFSSL_STUB("WOLFSSL_CTX_use_certificate"); + WOLFSSL_ENTER("wolfSSL_CTX_use_certificate"); + WOLFSSL_STUB("wolfSSL_CTX_use_certificate"); return 0; } - int WOLFSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *pkey) { + int wolfSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *pkey) { (void)ctx; (void)pkey; - WOLFSSL_ENTER("WOLFSSL_CTX_use_PrivateKey"); - WOLFSSL_STUB("WOLFSSL_CTX_use_PrivateKey"); + WOLFSSL_ENTER("wolfSSL_CTX_use_PrivateKey"); + WOLFSSL_STUB("wolfSSL_CTX_use_PrivateKey"); return 0; } - WOLFSSL_BIO *wolfSSL_BIO_new_file(const char *filename, const char *mode) { - (void)filename; - (void)mode; - WOLFSSL_ENTER("wolfSSL_BIO_new_file"); - WOLFSSL_STUB("wolfSSL_BIO_new_file"); - - return NULL; - } int wolfSSL_BIO_read_filename(WOLFSSL_BIO *b, const char *name) { (void)b; @@ -15142,9 +15145,9 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl) return 0; } - WOLFSSL_BIO_METHOD* WOLFSSL_BIO_s_file(void) { - WOLFSSL_ENTER("WOLFSSL_BIO_s_file"); - WOLFSSL_STUB("WOLFSSL_BIO_s_file"); + WOLFSSL_BIO_METHOD* wolfSSL_BIO_s_file(void) { + WOLFSSL_ENTER("wolfSSL_BIO_s_file"); + WOLFSSL_STUB("wolfSSL_BIO_s_file"); return NULL; } @@ -15173,16 +15176,6 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl) return 0; } - WOLFSSL_DH *PEM_read_bio_DHparams(WOLFSSL_BIO *bp, WOLFSSL_DH **x, pem_password_cb *cb, void *u) { - (void)bp; - (void)x; - (void)cb; - (void)u; - WOLFSSL_ENTER("PEM_read_bio_DHparams"); - WOLFSSL_STUB("PEM_read_bio_DHparams"); - - return NULL; - } WOLFSSL_X509 *PEM_read_bio_WOLFSSL_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u) { (void)bp; @@ -15195,24 +15188,6 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl) return NULL; } - int PEM_write_bio_WOLFSSL_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 *x) { - (void)bp; - (void)x; - WOLFSSL_ENTER("PEM_write_bio_WOLFSSL_X509"); - WOLFSSL_STUB("PEM_write_bio_WOLFSSL_X509"); - - return 0; - } - - long WOLFSSL_CTX_set_tmp_dh(WOLFSSL_CTX *ctx, WOLFSSL_DH *dh) { - (void)ctx; - (void)dh; - WOLFSSL_ENTER("WOLFSSL_CTX_set_tmp_dh"); - WOLFSSL_STUB("WOLFSSL_CTX_set_tmp_dh"); - - return 0; - } - void wolfSSL_CTX_set_verify_depth(WOLFSSL_CTX *ctx, int depth) { (void)ctx; (void)depth; @@ -15221,44 +15196,44 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl) } - void* WOLFSSL_get_app_data( const WOLFSSL *ssl) + void* wolfSSL_get_app_data( const WOLFSSL *ssl) { /* checkout exdata stuff... */ (void)ssl; - WOLFSSL_ENTER("WOLFSSL_get_app_data"); - WOLFSSL_STUB("WOLFSSL_get_app_data"); + WOLFSSL_ENTER("wolfSSL_get_app_data"); + WOLFSSL_STUB("wolfSSL_get_app_data"); return 0; } - void WOLFSSL_set_app_data(WOLFSSL *ssl, void *arg) { + void wolfSSL_set_app_data(WOLFSSL *ssl, void *arg) { (void)ssl; (void)arg; - WOLFSSL_ENTER("WOLFSSL_set_app_data"); - WOLFSSL_STUB("WOLFSSL_set_app_data"); + WOLFSSL_ENTER("wolfSSL_set_app_data"); + WOLFSSL_STUB("wolfSSL_set_app_data"); } - WOLFSSL_ASN1_OBJECT * WOLFSSL_X509_NAME_ENTRY_get_object(WOLFSSL_X509_NAME_ENTRY *ne) { + WOLFSSL_ASN1_OBJECT * wolfSSL_X509_NAME_ENTRY_get_object(WOLFSSL_X509_NAME_ENTRY *ne) { (void)ne; - WOLFSSL_ENTER("WOLFSSL_X509_NAME_ENTRY_get_object"); - WOLFSSL_STUB("WOLFSSL_X509_NAME_ENTRY_get_object"); + WOLFSSL_ENTER("wolfSSL_X509_NAME_ENTRY_get_object"); + WOLFSSL_STUB("wolfSSL_X509_NAME_ENTRY_get_object"); return NULL; } - WOLFSSL_X509_NAME_ENTRY *WOLFSSL_X509_NAME_get_entry(WOLFSSL_X509_NAME *name, int loc) { + WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_get_entry(WOLFSSL_X509_NAME *name, int loc) { (void)name; (void)loc; - WOLFSSL_ENTER("WOLFSSL_X509_NAME_get_entry"); - WOLFSSL_STUB("WOLFSSL_X509_NAME_get_entry"); + WOLFSSL_ENTER("wolfSSL_X509_NAME_get_entry"); + WOLFSSL_STUB("wolfSSL_X509_NAME_get_entry"); return NULL; } - void WOLFSSL_X509_NAME_free(WOLFSSL_X509_NAME *name){ + void wolfSSL_X509_NAME_free(WOLFSSL_X509_NAME *name){ FreeX509Name(name); - WOLFSSL_ENTER("WOLFSSL_X509_NAME_free"); - WOLFSSL_STUB("WOLFSSL_X509_NAME_free"); + WOLFSSL_ENTER("wolfSSL_X509_NAME_free"); + WOLFSSL_STUB("wolfSSL_X509_NAME_free"); } void wolfSSL_sk_X509_NAME_pop_free(STACK_OF(WOLFSSL_X509_NAME)* sk, void f (WOLFSSL_X509_NAME*)){ @@ -15292,7 +15267,7 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl) #ifdef OPENSSL_EXTRA void* wolfSSL_CTX_get_ex_data(const WOLFSSL_CTX* ctx, int idx) { - WOLFSSL_ENTER(__func__); + WOLFSSL_ENTER("wolfSSL_CTX_get_ex_data"); #ifdef HAVE_STUNNEL if(ctx != NULL && idx < MAX_EX_DATA) { return ctx->ex_data[idx]; @@ -15308,7 +15283,7 @@ void* wolfSSL_CTX_get_ex_data(const WOLFSSL_CTX* ctx, int idx) int wolfSSL_CTX_get_ex_new_index(long idx, void* arg, void* a, void* b, void* c) { - WOLFSSL_ENTER(__func__); + WOLFSSL_ENTER("wolfSSL_CTX_get_ex_new_index"); (void)idx; (void)arg; (void)a; @@ -15320,7 +15295,7 @@ int wolfSSL_CTX_get_ex_new_index(long idx, void* arg, void* a, void* b, int wolfSSL_CTX_set_ex_data(WOLFSSL_CTX* ctx, int idx, void* data) { - WOLFSSL_ENTER(__func__); + WOLFSSL_ENTER("wolfSSL_CTX_set_ex_data"); #ifdef HAVE_STUNNEL if (ctx != NULL && idx < MAX_EX_DATA) { @@ -15338,7 +15313,7 @@ int wolfSSL_CTX_set_ex_data(WOLFSSL_CTX* ctx, int idx, void* data) int wolfSSL_set_ex_data(WOLFSSL* ssl, int idx, void* data) { - WOLFSSL_ENTER(__func__); + WOLFSSL_ENTER("wolfSSL_set_ex_data"); #if defined(FORTRESS) || defined(HAVE_STUNNEL) if (ssl != NULL && idx < MAX_EX_DATA) { @@ -15357,7 +15332,7 @@ int wolfSSL_set_ex_data(WOLFSSL* ssl, int idx, void* data) int wolfSSL_get_ex_new_index(long idx, void* data, void* cb1, void* cb2, void* cb3) { - WOLFSSL_ENTER(__func__); + WOLFSSL_ENTER("wolfSSL_get_ex_new_index"); (void)idx; (void)data; (void)cb1; @@ -15369,7 +15344,7 @@ int wolfSSL_get_ex_new_index(long idx, void* data, void* cb1, void* cb2, void* wolfSSL_get_ex_data(const WOLFSSL* ssl, int idx) { - WOLFSSL_ENTER(__func__); + WOLFSSL_ENTER("wolfSSL_get_ex_data"); #if defined(FORTRESS) || defined(HAVE_STUNNEL) if (ssl != NULL && idx < MAX_EX_DATA) return ssl->ex_data[idx]; @@ -15382,22 +15357,94 @@ void* wolfSSL_get_ex_data(const WOLFSSL* ssl, int idx) #endif /* OPENSSL_EXTRA */ +#if defined(HAVE_LIGHTY) || defined(HAVE_STUNNEL) +WOLFSSL_BIO *wolfSSL_BIO_new_file(const char *filename, const char *mode) { + (void)filename; + (void)mode; + WOLFSSL_ENTER("wolfSSL_BIO_new_file"); + WOLFSSL_STUB("wolfSSL_BIO_new_file"); + + return NULL; +} + + +WOLFSSL_DH *wolfSSL_PEM_read_bio_DHparams(WOLFSSL_BIO *bp, WOLFSSL_DH **x, pem_password_cb *cb, void *u) +{ + (void) bp; + (void) x; + (void) cb; + (void) u; + + WOLFSSL_ENTER("wolfSSL_PEM_read_bio_DHparams"); + WOLFSSL_STUB("wolfSSL_PEM_read_bio_DHparams"); + + return NULL; +} + +int PEM_write_bio_WOLFSSL_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 *x) { + (void)bp; + (void)x; + WOLFSSL_ENTER("PEM_write_bio_WOLFSSL_X509"); + WOLFSSL_STUB("PEM_write_bio_WOLFSSL_X509"); + + return 0; +} + + +#ifndef NO_DH +/* Intialize ctx->dh with dh's params. Return SSL_SUCCESS on ok */ +long wolfSSL_CTX_set_tmp_dh(WOLFSSL_CTX* ctx, WOLFSSL_DH* dh) +{ + int pSz, gSz; + byte *p, *g; + int ret=0; + + WOLFSSL_ENTER("wolfSSL_CTX_set_tmp_dh"); + + if(!ctx || !dh) + return BAD_FUNC_ARG; + + /* Get needed size for p and g */ + pSz = wolfSSL_BN_bn2bin(dh->p, NULL); + gSz = wolfSSL_BN_bn2bin(dh->g, NULL); + + if(pSz <= 0 || gSz <= 0) + return SSL_FATAL_ERROR; + + p = XMALLOC(pSz, ctx->heap, DYNAMIC_TYPE_DH); + if(!p) + return MEMORY_E; + + g = XMALLOC(gSz, ctx->heap, DYNAMIC_TYPE_DH); + if(!g) { + XFREE(p, ctx->heap, DYNAMIC_TYPE_DH); + return MEMORY_E; + } + + pSz = wolfSSL_BN_bn2bin(dh->p, p); + gSz = wolfSSL_BN_bn2bin(dh->g, g); + + if(pSz >= 0 && gSz >= 0) /* Conversion successful */ + ret = wolfSSL_CTX_SetTmpDH(ctx, p, pSz, g, gSz); + + XFREE(p, ctx->heap, DYNAMIC_TYPE_DH); + XFREE(g, ctx->heap, DYNAMIC_TYPE_DH); + + return pSz > 0 && gSz > 0 ? ret : SSL_FATAL_ERROR; +} +#endif /* NO_DH */ +#endif /* HAVE_LIGHTY || HAVE_STUNNEL */ + /* stunnel compatability functions*/ #if defined(OPENSSL_EXTRA) && defined(HAVE_STUNNEL) int wolfSSL_SESSION_set_ex_data(WOLFSSL_SESSION* session, int idx, void* data) { - WOLFSSL_ENTER(__func__); - #ifdef HAVE_STUNNEL + WOLFSSL_ENTER("wolfSSL_SESSION_set_ex_data"); if(session != NULL && idx < MAX_EX_DATA) { session->ex_data[idx] = data; return SSL_SUCCESS; } - #else - (void)session; - (void)idx; - (void)data; - #endif return SSL_FAILURE; } @@ -15405,43 +15452,26 @@ int wolfSSL_SESSION_set_ex_data(WOLFSSL_SESSION* session, int idx, void* data) int wolfSSL_SESSION_get_ex_new_index(long idx, void* data, void* cb1, void* cb2, void* cb3) { - WOLFSSL_ENTER(__func__); + WOLFSSL_ENTER("wolfSSL_SESSION_get_ex_new_index"); (void)idx; (void)cb1; (void)cb2; (void)cb3; - #ifdef HAVE_STUNNEL if(XSTRNCMP(data, "redirect index", 14) == 0) { return 0; } else if(XSTRNCMP(data, "addr index", 10) == 0) { return 1; } - #else - (void)data; - #endif return SSL_FAILURE; } void* wolfSSL_SESSION_get_ex_data(const WOLFSSL_SESSION* session, int idx) { - WOLFSSL_ENTER(__func__); - #ifdef HAVE_STUNNEL + WOLFSSL_ENTER("wolfSSL_SESSION_get_ex_data"); if (session != NULL && idx < MAX_EX_DATA) return session->ex_data[idx]; - #else - (void)session; - (void)idx; - #endif - return NULL; -} - - -WOLFSSL_BIO *wolfSSL_BIO_new_file(const char *filename, const char *mode) -{ - (void) filename; - (void) mode; return NULL; } @@ -15489,25 +15519,6 @@ int wolfSSL_FIPS_mode_set(int r) } -WOLFSSL_DH *wolfSSL_PEM_read_bio_DHparams(WOLFSSL_BIO *bp, WOLFSSL_DH **x, pem_password_cb *cb, void *u) -{ - (void) bp; - (void) x; - (void) cb; - (void) u; - - return NULL; -} - - -int wolfSSL_PEM_write_bio_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 *x) -{ - (void) bp; - (void) x; - return SSL_FAILURE; -} - - int wolfSSL_RAND_set_rand_method(const void *meth) { (void) meth; @@ -15517,13 +15528,14 @@ int wolfSSL_RAND_set_rand_method(const void *meth) int wolfSSL_CIPHER_get_bits(const WOLFSSL_CIPHER *c, int *alg_bits) { + int ret = SSL_FAILURE; if(c != NULL && c->ssl != NULL) { + ret = 8 * c->ssl->specs.key_size; if(alg_bits != NULL) { - *alg_bits = 8 * c->ssl->specs.key_size; + *alg_bits = ret; } - return 8 * c->ssl->specs.key_size; } - return SSL_FAILURE; + return ret; } @@ -15643,47 +15655,13 @@ int wolfSSL_X509_NAME_get_sz(WOLFSSL_X509_NAME* name) return name->sz; } -#ifndef NO_DH -/* Intialize ctx->dh with dh's params. Return SSL_SUCCESS on ok */ -long wolfSSL_CTX_set_tmp_dh(WOLFSSL_CTX* ctx, WOLFSSL_DH* dh) -{ - int pSz, gSz; - byte *p, *g; - int ret=0; - - pSz = wolfSSL_BN_bn2bin(dh->p, NULL); - gSz = wolfSSL_BN_bn2bin(dh->g, NULL); - - p = XMALLOC(pSz, ctx->heap, DYNAMIC_TYPE_DH); - if(!p) - return MEMORY_E; - - g = XMALLOC(gSz, ctx->heap, DYNAMIC_TYPE_DH); - if(!g) { - XFREE(p, ctx->heap, DYNAMIC_TYPE_DH); - return MEMORY_E; - } - - pSz = wolfSSL_BN_bn2bin(dh->p, p); - gSz = wolfSSL_BN_bn2bin(dh->g, g); - - if(pSz != SSL_FATAL_ERROR && gSz != SSL_FATAL_ERROR) - ret = wolfSSL_CTX_SetTmpDH(ctx, p, pSz, g, gSz); - - if(p) - XFREE(p, ctx->heap, DYNAMIC_TYPE_DH); - if(g) - XFREE(g, ctx->heap, DYNAMIC_TYPE_DH); - - return pSz > 0 && gSz > 0 ? SSL_FATAL_ERROR : ret; -} -#endif /* NO_DH */ - const byte* wolfSSL_SESSION_get_id(WOLFSSL_SESSION* sess, unsigned int* idLen) { - if(!sess) + if(!sess || !idLen) { + WOLFSSL_MSG("Bad func args. Please provide idLen"); return NULL; + } *idLen = sess->sessionIDSz; return sess->sessionID; } diff --git a/wolfcrypt/src/coding.c b/wolfcrypt/src/coding.c index 61c78b1dc..f4d919255 100644 --- a/wolfcrypt/src/coding.c +++ b/wolfcrypt/src/coding.c @@ -167,7 +167,7 @@ static int CEscape(int escaped, byte e, byte* out, word32* i, word32 max, basic = base64Encode[e]; /* check whether to escape. Only escape for EncodeEsc */ - if (escaped == 1) { + if (escaped == WC_ESC_NL_ENC) { switch ((char)basic) { case '+' : plus = 1; @@ -235,9 +235,9 @@ static int DoBase64_Encode(const byte* in, word32 inLen, byte* out, word32 outSz = (inLen + 3 - 1) / 3 * 4; word32 addSz = (outSz + PEM_LINE_SZ - 1) / PEM_LINE_SZ; /* new lines */ - if (escaped == 1) + if (escaped == WC_ESC_NL_ENC) addSz *= 3; /* instead of just \n, we're doing %0A triplet */ - else if (escaped == 2) + else if (escaped == WC_NO_NL_ENC) addSz = 0; /* encode without \n */ outSz += addSz; @@ -245,7 +245,7 @@ static int DoBase64_Encode(const byte* in, word32 inLen, byte* out, /* if escaped we can't predetermine size for one pass encoding, but * make sure we have enough if no escapes are in input */ if (outSz > *outLen) return BAD_FUNC_ARG; - + while (inLen > 2) { byte b1 = in[j++]; byte b2 = in[j++]; @@ -270,7 +270,7 @@ static int DoBase64_Encode(const byte* in, word32 inLen, byte* out, inLen -= 3; /* Insert newline after PEM_LINE_SZ, unless no \n requested */ - if (escaped != 2 && (++n % (PEM_LINE_SZ / 4)) == 0 && inLen) { + if (escaped != WC_NO_NL_ENC && (++n % (PEM_LINE_SZ/4)) == 0 && inLen){ ret = CEscape(escaped, '\n', out, &i, *outLen, 1); if (ret != 0) break; } @@ -288,47 +288,47 @@ static int DoBase64_Encode(const byte* in, word32 inLen, byte* out, byte e3 = (byte)((b2 & 0xF) << 2); ret = CEscape(escaped, e1, out, &i, *outLen, 0); - if (ret == 0) + if (ret == 0) ret = CEscape(escaped, e2, out, &i, *outLen, 0); if (ret == 0) { /* third */ if (twoBytes) ret = CEscape(escaped, e3, out, &i, *outLen, 0); - else + else ret = CEscape(escaped, '=', out, &i, *outLen, 1); } /* fourth always pad */ if (ret == 0) ret = CEscape(escaped, '=', out, &i, *outLen, 1); - } + } - if (ret == 0 && escaped != 2) + if (ret == 0 && escaped != WC_NO_NL_ENC) ret = CEscape(escaped, '\n', out, &i, *outLen, 1); if (i != outSz && escaped != 1 && ret == 0) - return ASN_INPUT_E; + return ASN_INPUT_E; *outLen = i; - return ret; + return ret; } /* Base64 Encode, PEM style, with \n line endings */ int Base64_Encode(const byte* in, word32 inLen, byte* out, word32* outLen) { - return DoBase64_Encode(in, inLen, out, outLen, 0); + return DoBase64_Encode(in, inLen, out, outLen, WC_STD_ENC); } /* Base64 Encode, with %0A esacped line endings instead of \n */ int Base64_EncodeEsc(const byte* in, word32 inLen, byte* out, word32* outLen) { - return DoBase64_Encode(in, inLen, out, outLen, 1); + return DoBase64_Encode(in, inLen, out, outLen, WC_ESC_NL_ENC); } int Base64_Encode_NoNl(const byte* in, word32 inLen, byte* out, word32* outLen) { - return DoBase64_Encode(in, inLen, out, outLen, 2); + return DoBase64_Encode(in, inLen, out, outLen, WC_NO_NL_ENC); } #endif /* defined(WOLFSSL_BASE64_ENCODE) */ diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index 1613448c7..80864e824 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -408,25 +408,21 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; #define SSL_CB_HANDSHAKE_START 0x10 -#define X509_NAME_free WOLFSSL_X509_NAME_free -#define SSL_CTX_use_certificate WOLFSSL_CTX_use_certificate -#define SSL_CTX_use_PrivateKey WOLFSSL_CTX_use_PrivateKey -#define BIO_new_file wolfSSL_BIO_new_file +#define X509_NAME_free wolfSSL_X509_NAME_free +#define SSL_CTX_use_certificate wolfSSL_CTX_use_certificate +#define SSL_CTX_use_PrivateKey wolfSSL_CTX_use_PrivateKey #define BIO_read_filename wolfSSL_BIO_read_filename -#define BIO_s_file WOLFSSL_BIO_s_file +#define BIO_s_file wolfSSL_BIO_s_file #define OBJ_nid2sn wolf_OBJ_nid2sn #define OBJ_obj2nid wolf_OBJ_obj2nid #define OBJ_sn2nid wolf_OBJ_sn2nid -#define PEM_read_bio_DHparams PEM_read_bio_DHparams #define PEM_read_bio_X509 PEM_read_bio_WOLFSSL_X509 -#define PEM_write_bio_X509 PEM_write_bio_WOLFSSL_X509 -#define SSL_CTX_set_tmp_dh WOLFSSL_CTX_set_tmp_dh #define SSL_CTX_set_verify_depth wolfSSL_CTX_set_verify_depth -#define SSL_get_app_data WOLFSSL_get_app_data -#define SSL_set_app_data WOLFSSL_set_app_data +#define SSL_get_app_data wolfSSL_get_app_data +#define SSL_set_app_data wolfSSL_set_app_data #define X509_NAME_entry_count wolfSSL_X509_NAME_entry_count -#define X509_NAME_ENTRY_get_object WOLFSSL_X509_NAME_ENTRY_get_object -#define X509_NAME_get_entry WOLFSSL_X509_NAME_get_entry +#define X509_NAME_ENTRY_get_object wolfSSL_X509_NAME_ENTRY_get_object +#define X509_NAME_get_entry wolfSSL_X509_NAME_get_entry #define sk_X509_NAME_pop_free wolfSSL_sk_X509_NAME_pop_free #define SHA1 wolfSSL_SHA1 #define X509_check_private_key wolfSSL_X509_check_private_key @@ -434,6 +430,15 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; #endif +#if defined(HAVE_STUNNEL) || defined(HAVE_LIGHTY) + +#define PEM_read_bio_DHparams wolfSSL_PEM_read_bio_DHparams +#define PEM_write_bio_X509 PEM_write_bio_WOLFSSL_X509 +#define SSL_CTX_set_tmp_dh wolfSSL_CTX_set_tmp_dh +#define BIO_new_file wolfSSL_BIO_new_file + + +#endif /* HAVE_STUNNEL || HAVE_LIGHTY */ #ifdef HAVE_STUNNEL #include @@ -449,9 +454,6 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; #define ASN1_STRFLGS_ESC_MSB 4 #define X509_V_ERR_CERT_REJECTED 28 -#define BIO_new_file wolfSSL_BIO_new_file -#define PEM_read_bio_DHparams wolfSSL_PEM_read_bio_DHparams -#define PEM_write_bio_X509 wolfSSL_PEM_write_bio_X509 #define SSL_alert_desc_string_long wolfSSL_alert_desc_string_long #define SSL_alert_type_string_long wolfSSL_alert_type_string_long #define SSL_CIPHER_get_bits wolfSSL_CIPHER_get_bits @@ -464,7 +466,6 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; #define SSL_CTX_flush_sessions wolfSSL_flush_sessions #define SSL_CTX_add_session wolfSSL_CTX_add_session #define SSL_get_SSL_CTX wolfSSL_get_SSL_CTX -#define SSL_CTX_set_tmp_dh wolfSSL_CTX_set_tmp_dh #define SSL_version wolfSSL_version #define SSL_get_state wolfSSL_get_state #define SSL_state_string_long wolfSSL_state_string_long diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 465647a1a..397a91b68 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -1513,26 +1513,23 @@ typedef struct WOLFSSL_X509_NAME_ENTRY { #include +#include -WOLFSSL_API void WOLFSSL_X509_NAME_free(WOLFSSL_X509_NAME *name); -WOLFSSL_API char WOLFSSL_CTX_use_certificate(WOLFSSL_CTX *ctx, WOLFSSL_X509 *x); -WOLFSSL_API int WOLFSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *pkey); -WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_new_file(const char *filename, const char *mode); +WOLFSSL_API void wolfSSL_X509_NAME_free(WOLFSSL_X509_NAME *name); +WOLFSSL_API char wolfSSL_CTX_use_certificate(WOLFSSL_CTX *ctx, WOLFSSL_X509 *x); +WOLFSSL_API int wolfSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *pkey); WOLFSSL_API int wolfSSL_BIO_read_filename(WOLFSSL_BIO *b, const char *name); -WOLFSSL_API WOLFSSL_BIO_METHOD* WOLFSSL_BIO_s_file(void); +WOLFSSL_API WOLFSSL_BIO_METHOD* wolfSSL_BIO_s_file(void); /* These are to be merged shortly */ WOLFSSL_API const char * wolf_OBJ_nid2sn(int n); WOLFSSL_API int wolf_OBJ_obj2nid(const WOLFSSL_ASN1_OBJECT *o); WOLFSSL_API int wolf_OBJ_sn2nid(const char *sn); -WOLFSSL_API WOLFSSL_DH *PEM_read_bio_DHparams(WOLFSSL_BIO *bp, WOLFSSL_DH **x, pem_password_cb *cb, void *u); WOLFSSL_API WOLFSSL_X509 *PEM_read_bio_WOLFSSL_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u); -WOLFSSL_API int PEM_write_bio_WOLFSSL_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 *x); -WOLFSSL_API long WOLFSSL_CTX_set_tmp_dh(WOLFSSL_CTX *ctx, WOLFSSL_DH *dh); WOLFSSL_API void wolfSSL_CTX_set_verify_depth(WOLFSSL_CTX *ctx,int depth); -WOLFSSL_API void* WOLFSSL_get_app_data( const WOLFSSL *ssl); -WOLFSSL_API void WOLFSSL_set_app_data(WOLFSSL *ssl, void *arg); -WOLFSSL_API WOLFSSL_ASN1_OBJECT * WOLFSSL_X509_NAME_ENTRY_get_object(WOLFSSL_X509_NAME_ENTRY *ne); -WOLFSSL_API WOLFSSL_X509_NAME_ENTRY *WOLFSSL_X509_NAME_get_entry(WOLFSSL_X509_NAME *name, int loc); +WOLFSSL_API void* wolfSSL_get_app_data( const WOLFSSL *ssl); +WOLFSSL_API void wolfSSL_set_app_data(WOLFSSL *ssl, void *arg); +WOLFSSL_API WOLFSSL_ASN1_OBJECT * wolfSSL_X509_NAME_ENTRY_get_object(WOLFSSL_X509_NAME_ENTRY *ne); +WOLFSSL_API WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_get_entry(WOLFSSL_X509_NAME *name, int loc); WOLFSSL_API void wolfSSL_sk_X509_NAME_pop_free(STACK_OF(WOLFSSL_X509_NAME)* sk, void f (WOLFSSL_X509_NAME*)); WOLFSSL_API unsigned char *wolfSSL_SHA1(const unsigned char *d, size_t n, unsigned char *md); WOLFSSL_API int wolfSSL_X509_check_private_key(WOLFSSL_X509*, WOLFSSL_EVP_PKEY*); @@ -1542,12 +1539,22 @@ WOLFSSL_API STACK_OF(WOLFSSL_X509_NAME) *wolfSSL_dup_CA_list( STACK_OF(WOLFSSL_X #endif #endif +#if defined(HAVE_STUNNEL) || defined(HAVE_LIGHTY) + +WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_new_file(const char *filename, const char *mode); +WOLFSSL_API long wolfSSL_CTX_set_tmp_dh(WOLFSSL_CTX*, WOLFSSL_DH*); +WOLFSSL_API WOLFSSL_DH *wolfSSL_PEM_read_bio_DHparams(WOLFSSL_BIO *bp, + WOLFSSL_DH **x, pem_password_cb *cb, void *u); +WOLFSSL_API int PEM_write_bio_WOLFSSL_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 *x); + + +#endif /* HAVE_STUNNEL || HAVE_LIGHTY */ + #ifdef HAVE_STUNNEL -WOLFSSL_API WOLFSSL_BIO *wolfSSL_BIO_new_file(const char *filename, const char *mode); -WOLFSSL_API int wolfSSL_CRYPTO_set_mem_ex_functions(void *(*m) (size_t, const char *, int), +WOLFSSL_API int wolfSSL_CRYPTO_set_mem_ex_functions(void *(*m) (size_t, const char *, int), void *(*r) (void *, size_t, const char *, int), void (*f) (void *)); WOLFSSL_API WOLFSSL_DH *wolfSSL_DH_generate_parameters(int prime_len, int generator, @@ -1561,11 +1568,6 @@ WOLFSSL_API int wolfSSL_FIPS_mode(void); WOLFSSL_API int wolfSSL_FIPS_mode_set(int r); -WOLFSSL_API WOLFSSL_DH *wolfSSL_PEM_read_bio_DHparams(WOLFSSL_BIO *bp, - WOLFSSL_DH **x, pem_password_cb *cb, void *u); - -WOLFSSL_API int wolfSSL_PEM_write_bio_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 *x); - WOLFSSL_API int wolfSSL_RAND_set_rand_method(const void *meth); WOLFSSL_API int wolfSSL_CIPHER_get_bits(const WOLFSSL_CIPHER *c, int *alg_bits); @@ -1603,7 +1605,6 @@ WOLFSSL_API int wolfSSL_SESSION_get_ex_new_index(long,void*,void*,void*,void*); WOLFSSL_API int wolfSSL_X509_NAME_get_sz(WOLFSSL_X509_NAME*); -WOLFSSL_API long wolfSSL_CTX_set_tmp_dh(WOLFSSL_CTX*, WOLFSSL_DH*); WOLFSSL_API const unsigned char* wolfSSL_SESSION_get_id(WOLFSSL_SESSION*, unsigned int*); #endif /* HAVE_STUNNEL */ diff --git a/wolfssl/wolfcrypt/coding.h b/wolfssl/wolfcrypt/coding.h index b92921bd8..cb9bde0b8 100644 --- a/wolfssl/wolfcrypt/coding.h +++ b/wolfssl/wolfcrypt/coding.h @@ -41,6 +41,12 @@ WOLFSSL_API int Base64_Decode(const byte* in, word32 inLen, byte* out, #ifdef WOLFSSL_BASE64_ENCODE + enum Escaped { + WC_STD_ENC = 0, /* normal \n line ending encoding */ + WC_ESC_NL_ENC, /* use escape sequence encoding */ + WC_NO_NL_ENC /* no encoding at all */ + }; /* Encoding types */ + /* encode isn't */ WOLFSSL_API int Base64_Encode(const byte* in, word32 inLen, byte* out, From 11f1159e3005a17691d421ce1741ad1335ae35c3 Mon Sep 17 00:00:00 2001 From: kaleb-himes Date: Fri, 17 Jul 2015 09:30:25 -0600 Subject: [PATCH 20/35] fortress relies on aes disallowed pair --- configure.ac | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/configure.ac b/configure.ac index 96b6b4e39..7f132c0f1 100644 --- a/configure.ac +++ b/configure.ac @@ -1000,6 +1000,10 @@ AC_ARG_ENABLE([aes], if test "$ENABLED_AES" = "no" then AM_CFLAGS="$AM_CFLAGS -DNO_AES" + if test "$ENABLED_FORTRESS" = "yes" + then + AC_MSG_ERROR([fortress requires aes]) + fi if test "$ENABLED_ECC_ENCRYPT" = "yes" then AC_MSG_ERROR([cannot enable eccencrypt and hkdf without aes.]) From bae8c6fd504270ce26513bf5e206a1b49ab08a41 Mon Sep 17 00:00:00 2001 From: toddouska Date: Fri, 17 Jul 2015 09:14:58 -0700 Subject: [PATCH 21/35] add openssh ./configure build --- configure.ac | 53 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 53 insertions(+) diff --git a/configure.ac b/configure.ac index 7f132c0f1..7f07764dd 100644 --- a/configure.ac +++ b/configure.ac @@ -148,12 +148,24 @@ then fi +# OpenSSH compatibility Build +AC_ARG_ENABLE([openssh], + [AS_HELP_STRING([--enable-openssh],[Enable OpenSSH compatibility build (default: disabled)])], + [ENABLED_OPENSSH=$enableval], + [ENABLED_OPENSSH=no]) + + # OPENSSL Extra Compatibility AC_ARG_ENABLE([opensslextra], [ --enable-opensslextra Enable extra OpenSSL API, size+ (default: disabled)], [ ENABLED_OPENSSLEXTRA=$enableval ], [ ENABLED_OPENSSLEXTRA=no ] ) +if test "$ENABLED_OPENSSH" = "yes" +then + ENABLED_OPENSSLEXTRA="yes" +fi + if test "$ENABLED_OPENSSLEXTRA" = "yes" then AM_CFLAGS="-DOPENSSL_EXTRA $AM_CFLAGS" @@ -194,6 +206,11 @@ AC_ARG_ENABLE([fortress], [ ENABLED_FORTRESS=no ] ) +if test "$ENABLED_OPENSSH" = "yes" +then + ENABLED_FORTRESS="yes" +fi + if test "$ENABLED_FORTRESS" = "yes" then AM_CFLAGS="$AM_CFLAGS -DFORTRESS -DWOLFSSL_ALWAYS_VERIFY_CB -DOPENSSL_EXTRA -DWOLFSSL_DES_ECB -DWOLFSSL_AES_COUNTER -DWOLFSSL_AES_DIRECT -DWOLFSSL_DER_LOAD -DWOLFSSL_SHA512 -DWOLFSSL_SHA384 -DWOLFSSL_KEY_GEN" @@ -481,6 +498,11 @@ AC_ARG_ENABLE([nullcipher], [ ENABLED_NULL_CIPHER=no ] ) +if test "$ENABLED_OPENSSH" = "yes" +then + ENABLED_NULL_CIPHER="yes" +fi + if test "$ENABLED_NULL_CIPHER" = "yes" then AM_CFLAGS="$AM_CFLAGS -DHAVE_NULL_CIPHER" @@ -493,6 +515,11 @@ AC_ARG_ENABLE([ripemd], [ ENABLED_RIPEMD=no ] ) +if test "$ENABLED_OPENSSH" = "yes" +then + ENABLED_RIPEMD="yes" +fi + if test "$ENABLED_RIPEMD" = "yes" then AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RIPEMD" @@ -536,6 +563,11 @@ then ENABLED_SHA512=no fi +if test "$ENABLED_OPENSSH" = "yes" +then + ENABLED_SHA512="yes" +fi + if test "$ENABLED_SHA512" = "yes" then AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA512 -DWOLFSSL_SHA384" @@ -637,6 +669,11 @@ AC_ARG_ENABLE([dsa], [ ENABLED_DSA=no ] ) +if test "$ENABLED_OPENSSH" = "yes" +then + ENABLED_DSA="yes" +fi + if test "$ENABLED_DSA" = "no" then AM_CFLAGS="$AM_CFLAGS -DNO_DSA" @@ -666,6 +703,11 @@ then ENABLED_ECC=no fi +if test "$ENABLED_OPENSSH" = "yes" +then + ENABLED_ECC="yes" +fi + if test "$ENABLED_ECC" = "yes" then AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256 -DECC_SHAMIR" @@ -901,6 +943,11 @@ AC_ARG_ENABLE([dh], [ ENABLED_DH=yes ] ) +if test "$ENABLED_OPENSSH" = "yes" +then + ENABLED_DH="yes" +fi + if test "$ENABLED_DH" = "no" then AM_CFLAGS="$AM_CFLAGS -DNO_DH" @@ -1079,6 +1126,11 @@ AC_ARG_ENABLE([arc4], [ ENABLED_ARC4=no ] ) +if test "$ENABLED_OPENSSH" = "yes" +then + ENABLED_ARC4="yes" +fi + if test "$ENABLED_ARC4" = "no" then AM_CFLAGS="$AM_CFLAGS -DNO_RC4" @@ -2236,6 +2288,7 @@ echo echo " Features " echo " * Single threaded: $ENABLED_SINGLETHREADED" echo " * Filesystem: $ENABLED_FILESYSTEM" +echo " * OpenSSH Build: $ENABLED_OPENSSH" echo " * OpenSSL Extra API: $ENABLED_OPENSSLEXTRA" echo " * Max Strength Build: $ENABLED_MAXSTRENGTH" echo " * fastmath: $ENABLED_FASTMATH" From cb3873ea03ad3cb4aafea0814a271b33abed6ad3 Mon Sep 17 00:00:00 2001 From: Nickolas Lapp Date: Fri, 17 Jul 2015 15:05:04 -0600 Subject: [PATCH 22/35] Configure options to allow stunnel to use fastmath --- configure.ac | 15 +++------------ 1 file changed, 3 insertions(+), 12 deletions(-) diff --git a/configure.ac b/configure.ac index 44779a3f2..2633301eb 100644 --- a/configure.ac +++ b/configure.ac @@ -1783,12 +1783,6 @@ then ENABLED_CODING="yes" fi - # For now, requires no fastmath, turn off if on - if test "x$ENABLED_FASTMATH" = "xyes" - then - ENABLED_FASTMATH="no" - fi - # Requires sessioncerts make sure on if test "x$ENABLED_SESSIONCERTS" = "xno" then @@ -1803,7 +1797,8 @@ then AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL" AM_CONDITIONAL([BUILD_CRL], [test "x$ENABLED_CRL" = "xyes"]) fi - AM_CFLAGS="$AM_CFLAGS -DHAVE_STUNNEL" + # Stunnel requires timing resistant for stack reasons + AM_CFLAGS="$AM_CFLAGS -DHAVE_STUNNEL -DTFM_TIMING_RESISTANT" fi @@ -1856,11 +1851,7 @@ FASTMATH_DEFAULT=no if test "$host_cpu" = "x86_64" then - # fastmath turned off for stunnel by default - if test "x$ENABLED_STUNNEL" = "xno" - then - FASTMATH_DEFAULT=yes - fi + FASTMATH_DEFAULT=yes fi # fastmath From 262f5f87cb72d1f171aadc7157211a826474801d Mon Sep 17 00:00:00 2001 From: toddouska Date: Fri, 17 Jul 2015 14:52:03 -0700 Subject: [PATCH 23/35] remove auto timing resistant with stunnel --- configure.ac | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/configure.ac b/configure.ac index 2633301eb..e183a81fb 100644 --- a/configure.ac +++ b/configure.ac @@ -1797,8 +1797,7 @@ then AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL" AM_CONDITIONAL([BUILD_CRL], [test "x$ENABLED_CRL" = "xyes"]) fi - # Stunnel requires timing resistant for stack reasons - AM_CFLAGS="$AM_CFLAGS -DHAVE_STUNNEL -DTFM_TIMING_RESISTANT" + AM_CFLAGS="$AM_CFLAGS -DHAVE_STUNNEL" fi From 2d021489b34e6c470fecb8a31b3e541fec66537d Mon Sep 17 00:00:00 2001 From: toddouska Date: Fri, 17 Jul 2015 15:37:15 -0700 Subject: [PATCH 24/35] fix SetMinDhKey_Sz() implementation defines --- src/ssl.c | 59 +++++++++++++++++++++++++++---------------------------- 1 file changed, 29 insertions(+), 30 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 8132ac566..0b3ed2213 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -521,6 +521,35 @@ int wolfSSL_CTX_SetTmpDH(WOLFSSL_CTX* ctx, const unsigned char* p, int pSz, return SSL_SUCCESS; } + +int wolfSSL_CTX_SetMinDhKey_Sz(WOLFSSL_CTX* ctx, word16 keySz) +{ + if (ctx == NULL || keySz > 16000 || keySz % 8 != 0) + return BAD_FUNC_ARG; + + ctx->minDhKeySz = keySz / 8; + return SSL_SUCCESS; +} + + +int wolfSSL_SetMinDhKey_Sz(WOLFSSL* ssl, word16 keySz) +{ + if (ssl == NULL || keySz > 16000 || keySz % 8 != 0) + return BAD_FUNC_ARG; + + ssl->options.minDhKeySz = keySz / 8; + return SSL_SUCCESS; +} + + +int wolfSSL_GetDhKey_Sz(WOLFSSL* ssl) +{ + if (ssl == NULL) + return BAD_FUNC_ARG; + + return (ssl->options.dhKeySz * 8); +} + #endif /* !NO_DH */ @@ -4055,36 +4084,6 @@ int wolfSSL_CTX_SetTmpDH_file(WOLFSSL_CTX* ctx, const char* fname, int format) return wolfSSL_SetTmpDH_file_wrapper(ctx, NULL, fname, format); } - -int wolfSSL_CTX_SetMinDhKey_Sz(WOLFSSL_CTX* ctx, word16 keySz) -{ - if (ctx == NULL || keySz > 16000 || keySz % 8 != 0) - return BAD_FUNC_ARG; - - ctx->minDhKeySz = keySz / 8; - return SSL_SUCCESS; -} - - -int wolfSSL_SetMinDhKey_Sz(WOLFSSL* ssl, word16 keySz) -{ - if (ssl == NULL || keySz > 16000 || keySz % 8 != 0) - return BAD_FUNC_ARG; - - ssl->options.minDhKeySz = keySz / 8; - return SSL_SUCCESS; -} - - -int wolfSSL_GetDhKey_Sz(WOLFSSL* ssl) -{ - if (ssl == NULL) - return BAD_FUNC_ARG; - - return (ssl->options.dhKeySz * 8); -} - - #endif /* NO_DH */ From 51f177fdb7a813843452e9de3771564748bbbaf2 Mon Sep 17 00:00:00 2001 From: toddouska Date: Fri, 17 Jul 2015 15:41:51 -0700 Subject: [PATCH 25/35] bump dev version --- configure.ac | 2 +- support/wolfssl.pc | 2 +- wolfssl/version.h | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/configure.ac b/configure.ac index e183a81fb..e66b68718 100644 --- a/configure.ac +++ b/configure.ac @@ -6,7 +6,7 @@ # # -AC_INIT([wolfssl],[3.6.1],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com]) +AC_INIT([wolfssl],[3.6.2],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com]) AC_CONFIG_AUX_DIR([build-aux]) diff --git a/support/wolfssl.pc b/support/wolfssl.pc index 024f117ab..f95d19b7a 100644 --- a/support/wolfssl.pc +++ b/support/wolfssl.pc @@ -5,6 +5,6 @@ includedir=${prefix}/include Name: wolfssl Description: wolfssl C library. -Version: 3.6.1 +Version: 3.6.2 Libs: -L${libdir} -lwolfssl Cflags: -I${includedir} diff --git a/wolfssl/version.h b/wolfssl/version.h index 6ec106bab..f5a990a10 100644 --- a/wolfssl/version.h +++ b/wolfssl/version.h @@ -26,8 +26,8 @@ extern "C" { #endif -#define LIBWOLFSSL_VERSION_STRING "3.6.1" -#define LIBWOLFSSL_VERSION_HEX 0x03006001 +#define LIBWOLFSSL_VERSION_STRING "3.6.2" +#define LIBWOLFSSL_VERSION_HEX 0x03006002 #ifdef __cplusplus } From 6d619ade1391309d7c20de2dd8d072d347f9e59b Mon Sep 17 00:00:00 2001 From: Nickolas Lapp Date: Fri, 17 Jul 2015 17:28:17 -0600 Subject: [PATCH 26/35] Fix stunnel warning --- wolfssl/openssl/ssl.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index 80864e824..e8495535a 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -476,9 +476,11 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; #define SSL_SESSION_set_ex_data wolfSSL_SESSION_set_ex_data #define SSL_SESSION_get_ex_new_index wolfSSL_SESSION_get_ex_new_index #define SSL_SESSION_get_id wolfSSL_SESSION_get_id +#define CRYPTO_dynlock_value WOLFSSL_dynlock_value typedef struct CRYPTO_EX_DATA CRYPTO_EX_DATA; typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING; + #endif /* HAVE_STUNNEL */ #ifdef __cplusplus From a4c7b8eb07144909c3526e75af38ea8831d9518d Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Fri, 17 Jul 2015 18:19:36 -0600 Subject: [PATCH 27/35] version number to use with Lighttpd compatibility --- wolfssl/openssl/opensslv.h | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/wolfssl/openssl/opensslv.h b/wolfssl/openssl/opensslv.h index 067f22658..e569ec52a 100644 --- a/wolfssl/openssl/opensslv.h +++ b/wolfssl/openssl/opensslv.h @@ -5,13 +5,15 @@ /* api version compatibility */ -#ifdef HAVE_STUNNEL +#if defined(HAVE_STUNNEL) || defined(HAVE_LIGHTY) + /* version number can be increased for Lighty after compatibility for ECDH + is added */ #define OPENSSL_VERSION_NUMBER 0x0090700fL #else #define OPENSSL_VERSION_NUMBER 0x0090810fL #endif -#define OPENSSL_VERSION_TEXT LIBWOLFSSL_VERSION_STRING +#define OPENSSL_VERSION_TEXT LIBWOLFSSL_VERSION_STRING #endif /* header */ From 03172818a13dd3a8081b9a8b85460a3feb6d611d Mon Sep 17 00:00:00 2001 From: Nickolas Lapp Date: Mon, 20 Jul 2015 14:37:57 -0600 Subject: [PATCH 28/35] Changes to remove last warnings from Stunnel --- src/ssl.c | 2 +- wolfssl/openssl/crypto.h | 3 +++ wolfssl/openssl/ssl.h | 4 +--- wolfssl/ssl.h | 4 +++- 4 files changed, 8 insertions(+), 5 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 0b3ed2213..958a382e9 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -15449,7 +15449,7 @@ int wolfSSL_SESSION_set_ex_data(WOLFSSL_SESSION* session, int idx, void* data) int wolfSSL_SESSION_get_ex_new_index(long idx, void* data, void* cb1, - void* cb2, void* cb3) + void* cb2, CRYPTO_free_func* cb3) { WOLFSSL_ENTER("wolfSSL_SESSION_get_ex_new_index"); (void)idx; diff --git a/wolfssl/openssl/crypto.h b/wolfssl/openssl/crypto.h index 97360408b..034b1cfe1 100644 --- a/wolfssl/openssl/crypto.h +++ b/wolfssl/openssl/crypto.h @@ -25,6 +25,9 @@ WOLFSSL_API unsigned long wolfSSLeay(void); #define CRYPTO_set_mem_ex_functions wolfSSL_CRYPTO_set_mem_ex_functions #define FIPS_mode wolfSSL_FIPS_mode #define FIPS_mode_set wolfSSL_FIPS_mode_set +typedef struct CRYPTO_EX_DATA CRYPTO_EX_DATA; +typedef void (CRYPTO_free_func)(void*parent, void*ptr, CRYPTO_EX_DATA *ad, int idx, + long argl, void* argp); #endif /* HAVE_STUNNEL */ #endif /* header */ diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index e8495535a..cae159e55 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -392,8 +392,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; #define SSL_CTX_sess_set_remove_cb wolfSSL_CTX_sess_set_remove_cb #define i2d_SSL_SESSION wolfSSL_i2d_SSL_SESSION -#define d2i_SSL_SESSION(sess, val, length) \ - wolfSSL_d2i_SSL_SESSION(sess, (const unsigned char **)val, length) +#define d2i_SSL_SESSION wolfSSL_d2i_SSL_SESSION #define SSL_SESSION_set_timeout wolfSSL_SSL_SESSION_set_timeout #define SSL_SESSION_get_timeout wolfSSL_SESSION_get_timeout #define SSL_SESSION_get_time wolfSSL_SESSION_get_time @@ -477,7 +476,6 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; #define SSL_SESSION_get_ex_new_index wolfSSL_SESSION_get_ex_new_index #define SSL_SESSION_get_id wolfSSL_SESSION_get_id #define CRYPTO_dynlock_value WOLFSSL_dynlock_value -typedef struct CRYPTO_EX_DATA CRYPTO_EX_DATA; typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING; diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 397a91b68..25b86a6c5 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -1553,6 +1553,7 @@ WOLFSSL_API int PEM_write_bio_WOLFSSL_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 *x); #ifdef HAVE_STUNNEL +#include WOLFSSL_API int wolfSSL_CRYPTO_set_mem_ex_functions(void *(*m) (size_t, const char *, int), void *(*r) (void *, size_t, const char *, int), void (*f) (void *)); @@ -1601,7 +1602,8 @@ WOLFSSL_API void* wolfSSL_SESSION_get_ex_data(const WOLFSSL_SESSION*, int); WOLFSSL_API int wolfSSL_SESSION_set_ex_data(WOLFSSL_SESSION*, int, void*); -WOLFSSL_API int wolfSSL_SESSION_get_ex_new_index(long,void*,void*,void*,void*); +WOLFSSL_API int wolfSSL_SESSION_get_ex_new_index(long,void*,void*,void*, + CRYPTO_free_func*); WOLFSSL_API int wolfSSL_X509_NAME_get_sz(WOLFSSL_X509_NAME*); From 922df2cfb394af8d4ee517f30d1813d46a1901cd Mon Sep 17 00:00:00 2001 From: toddouska Date: Mon, 20 Jul 2015 16:08:55 -0700 Subject: [PATCH 29/35] allow bigger rsa key gen w/o sanity check error on invmod() --- wolfcrypt/src/integer.c | 2 +- wolfcrypt/src/tfm.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/wolfcrypt/src/integer.c b/wolfcrypt/src/integer.c index 00685acfc..3fb8054fe 100644 --- a/wolfcrypt/src/integer.c +++ b/wolfcrypt/src/integer.c @@ -955,7 +955,7 @@ top: /* if not zero goto step 4 */ if (mp_iszero (&u) == 0) { - if (++loop_check > 1024) { + if (++loop_check > 4096) { res = MP_VAL; goto LBL_ERR; } diff --git a/wolfcrypt/src/tfm.c b/wolfcrypt/src/tfm.c index 3391693ae..5c089edde 100755 --- a/wolfcrypt/src/tfm.c +++ b/wolfcrypt/src/tfm.c @@ -932,7 +932,7 @@ top: /* if not zero goto step 4 */ if (fp_iszero (&u) == FP_NO) { - if (++loop_check > 1024) /* bad input */ + if (++loop_check > 4096) /* bad input */ return FP_VAL; goto top; } From 4916ae72bc1f3f6cc0bac51bcaa2909a5c5e1160 Mon Sep 17 00:00:00 2001 From: toddouska Date: Mon, 20 Jul 2015 16:47:03 -0700 Subject: [PATCH 30/35] custom release notes --- README | 13 ++++++++++++- README.md | 12 ++++++++++++ 2 files changed, 24 insertions(+), 1 deletion(-) diff --git a/README b/README index c7245ecbc..74abbb0e8 100644 --- a/README +++ b/README @@ -34,7 +34,18 @@ before calling wolfSSL_new(); Though it's not recommended. *** end Notes *** -wolfSSL (Formerly CyaSSL) Release 3.6.0 (06/19/2015) +wolfSSL (Formerly CyaSSL) Release 3.6.2 (07/20/2015) + +Release 3.6.2 of wolfSSL is an intermediate custom release including: + +- OpenSSH compatibility with --enable-openssh +- stunnel compatibility with --enable-stunnel +- lighttpd compatibility with --enable-lighty + +See INSTALL file for build instructions. +More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html + + **************** wolfSSL (Formerly CyaSSL) Release 3.6.0 (06/19/2015) Release 3.6.0 of wolfSSL has bug fixes and new features including: diff --git a/README.md b/README.md index 7b7d57ce8..edbfb9d35 100644 --- a/README.md +++ b/README.md @@ -38,6 +38,18 @@ before calling wolfSSL_new(); Though it's not recommended. - GNU Binutils 2.24 ld has problems with some debug builds, to fix an ld error add -fdebug-types-section to C_EXTRA_FLAGS +#wolfSSL (Formerly CyaSSL) Release 3.6.2 (07/20/2015) + +##Release 3.6.2 of wolfSSL is an intermediate custom release including: + +- OpenSSH compatibility with --enable-openssh +- stunnel compatibility with --enable-stunnel +- lighttpd compatibility with --enable-lighty + +See INSTALL file for build instructions. +More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html + + #wolfSSL (Formerly CyaSSL) Release 3.6.0 (06/19/2015) ##Release 3.6.0 of wolfSSL has bug fixes and new features including: From 8499f816c693529f628dc062b0b2085284ad77b7 Mon Sep 17 00:00:00 2001 From: toddouska Date: Tue, 21 Jul 2015 11:10:28 -0700 Subject: [PATCH 31/35] fix potential resource leaks --- src/ssl.c | 34 +++++++++++----------------------- 1 file changed, 11 insertions(+), 23 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 958a382e9..1cc079d9c 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -3447,8 +3447,10 @@ int wolfSSL_CTX_load_verify_locations(WOLFSSL_CTX* ctx, const char* file, #ifdef WOLFSSL_SMALL_STACK name = (char*)XMALLOC(MAX_FILENAME_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (name == NULL) + if (name == NULL) { + closedir(dir); return MEMORY_E; + } #endif while ( ret == SSL_SUCCESS && (entry = readdir(dir)) != NULL) { @@ -10780,6 +10782,7 @@ int wolfSSL_cmp_peer_cert_to_file(WOLFSSL* ssl, const char *fname) WOLFSSL_X509* peer_cert = &ssl->peerCert; buffer fileDer; + fileDer.buffer = 0; file = XFOPEN(fname, "rb"); if (file == XBADFILE) return SSL_BAD_FILE; @@ -10805,7 +10808,6 @@ int wolfSSL_cmp_peer_cert_to_file(WOLFSSL* ssl, const char *fname) info->set = 0; info->ctx = ctx; info->consumed = 0; - fileDer.buffer = 0; if ((myBuffer != NULL) && (sz > 0) && @@ -11158,11 +11160,14 @@ int wolfSSL_BN_bn2bin(const WOLFSSL_BIGNUM* bn, unsigned char* r) WOLFSSL_BIGNUM* wolfSSL_BN_bin2bn(const unsigned char* str, int len, WOLFSSL_BIGNUM* ret) { + int weOwn = 0; + WOLFSSL_MSG("wolfSSL_BN_bin2bn"); /* if ret is null create a BN */ if (ret == NULL) { ret = wolfSSL_BN_new(); + weOwn = 1; if (ret == NULL) return NULL; } @@ -11171,6 +11176,8 @@ WOLFSSL_BIGNUM* wolfSSL_BN_bin2bn(const unsigned char* str, int len, if (ret && ret->internal) { if (mp_read_unsigned_bin((mp_int*)ret->internal, str, len) != 0) { WOLFSSL_MSG("mp_read_unsigned_bin failure"); + if (weOwn) + wolfSSL_BN_free(ret); return NULL; } } @@ -11421,20 +11428,11 @@ int wolfSSL_BN_lshift(WOLFSSL_BIGNUM *r, const WOLFSSL_BIGNUM *bn, int n) { WOLFSSL_MSG("wolfSSL_BN_lshift"); - if (bn == NULL || bn->internal == NULL) { + if (r == NULL || r->internal == NULL || bn == NULL || bn->internal == NULL){ WOLFSSL_MSG("bn NULL error"); return SSL_FAILURE; } - /* create new bn for res, if not done before */ - if (r == NULL) - r = wolfSSL_BN_new(); - - if (r == NULL) { - WOLFSSL_MSG("bn new error"); - return SSL_FAILURE; - } - if (mp_mul_2d((mp_int*)bn->internal, n, (mp_int*)r->internal) != MP_OKAY) { WOLFSSL_MSG("mp_mul_2d error"); return SSL_FAILURE; @@ -11450,20 +11448,11 @@ int wolfSSL_BN_rshift(WOLFSSL_BIGNUM *r, const WOLFSSL_BIGNUM *bn, int n) { WOLFSSL_MSG("wolfSSL_BN_rshift"); - if (bn == NULL || bn->internal == NULL) { + if (r == NULL || r->internal == NULL || bn == NULL || bn->internal == NULL){ WOLFSSL_MSG("bn NULL error"); return SSL_FAILURE; } - /* create new bn for res, if not done before */ - if (r == NULL) - r = wolfSSL_BN_new(); - - if (r == NULL) { - WOLFSSL_MSG("bn new error"); - return SSL_FAILURE; - } - if (mp_div_2d((mp_int*)bn->internal, n, (mp_int*)r->internal, NULL) != MP_OKAY) { WOLFSSL_MSG("mp_mul_2d error"); @@ -11471,7 +11460,6 @@ int wolfSSL_BN_rshift(WOLFSSL_BIGNUM *r, const WOLFSSL_BIGNUM *bn, int n) } return SSL_SUCCESS; - } /* return code compliant with OpenSSL : From e7dd5c4b8f57274572587e781de4dbe9d6c19619 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Tue, 21 Jul 2015 16:55:42 -0600 Subject: [PATCH 32/35] add setting client cipher list --- tests/test-qsh.conf | 3 +++ tests/test.conf | 3 +++ 2 files changed, 6 insertions(+) diff --git a/tests/test-qsh.conf b/tests/test-qsh.conf index 8261f147d..0f59c428f 100644 --- a/tests/test-qsh.conf +++ b/tests/test-qsh.conf @@ -2018,4 +2018,7 @@ -c ./certs/ntru-cert.pem -k ./certs/ntru-key.raw +# client TLSv1.2 NTRU_AES128 +-v 3 +-l QSH:NTRU-AES128-SHA diff --git a/tests/test.conf b/tests/test.conf index 963db7b06..9e6d0674a 100644 --- a/tests/test.conf +++ b/tests/test.conf @@ -2018,4 +2018,7 @@ -c ./certs/ntru-cert.pem -k ./certs/ntru-key.raw +# client TLSv1.2 NTRU_AES128 +-v 3 +-l NTRU-AES128-SHA From c169a113aed6053b17f46440d4f9dbde100b5b1a Mon Sep 17 00:00:00 2001 From: John Safranek Date: Wed, 22 Jul 2015 11:20:45 -0700 Subject: [PATCH 33/35] for Windows build, clean up warnings and a couple variable declarations --- src/ssl.c | 14 +++++------ wolfcrypt/src/ecc.c | 58 ++++++++++++++++++++++----------------------- 2 files changed, 35 insertions(+), 37 deletions(-) mode change 100644 => 100755 wolfcrypt/src/ecc.c diff --git a/src/ssl.c b/src/ssl.c index 1cc079d9c..24591613b 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -13911,8 +13911,6 @@ int wolfSSL_EC_GROUP_get_degree(const WOLFSSL_EC_GROUP *group) return SSL_FAILURE; break; } - - return SSL_FAILURE; } /* return code compliant with OpenSSL : @@ -14087,11 +14085,11 @@ int wolfSSL_EC_POINT_mul(const WOLFSSL_EC_GROUP *group, WOLFSSL_EC_POINT *r, const WOLFSSL_BIGNUM *n, const WOLFSSL_EC_POINT *q, const WOLFSSL_BIGNUM *m, WOLFSSL_BN_CTX *ctx) { + mp_int prime; + (void)ctx; (void)n; - mp_int prime; - WOLFSSL_ENTER("wolfSSL_EC_POINT_mul"); if (group == NULL || r == NULL || r->internal == NULL || @@ -14153,8 +14151,9 @@ int wolfSSL_EC_POINT_cmp(const WOLFSSL_EC_GROUP *group, const WOLFSSL_EC_POINT *a, const WOLFSSL_EC_POINT *b, WOLFSSL_BN_CTX *ctx) { - (void)ctx; int ret; + + (void)ctx; WOLFSSL_ENTER("wolfSSL_EC_POINT_cmp"); @@ -14411,10 +14410,11 @@ int wolfSSL_ECDH_compute_key(void *out, size_t outlen, void *(*KDF) (const void *in, size_t inlen, void *out, size_t *outlen)) { - (void)KDF; word32 len; - WOLFSSL_ENTER("wolfSSL_ECDH_compute_key"); + (void)KDF; + + WOLFSSL_ENTER("wolfSSL_ECDH_compute_key"); if (out == NULL || pub_key == NULL || pub_key->internal == NULL || ecdh == NULL || ecdh->internal == NULL) { diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c old mode 100644 new mode 100755 index a65e343df..9d1d0dae0 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -2597,26 +2597,25 @@ int wc_ecc_export_point_der(const int curve_idx, ecc_point* point, byte* out, return MEMORY_E; #endif - do { - /* pad and store x */ - XMEMSET(buf, 0, ECC_BUFSIZE); - ret = mp_to_unsigned_bin(point->x, buf + + /* pad and store x */ + XMEMSET(buf, 0, ECC_BUFSIZE); + ret = mp_to_unsigned_bin(point->x, buf + (numlen - mp_unsigned_bin_size(point->x))); - if (ret != MP_OKAY) - break; - XMEMCPY(out+1, buf, numlen); + if (ret != MP_OKAY) + goto done; + XMEMCPY(out+1, buf, numlen); - /* pad and store y */ - XMEMSET(buf, 0, ECC_BUFSIZE); - ret = mp_to_unsigned_bin(point->y, buf + + /* pad and store y */ + XMEMSET(buf, 0, ECC_BUFSIZE); + ret = mp_to_unsigned_bin(point->y, buf + (numlen - mp_unsigned_bin_size(point->y))); - if (ret != MP_OKAY) - break; - XMEMCPY(out+1+numlen, buf, numlen); + if (ret != MP_OKAY) + goto done; + XMEMCPY(out+1+numlen, buf, numlen); - *outLen = 1 + 2*numlen; - } while (0); + *outLen = 1 + 2*numlen; +done: #ifdef WOLFSSL_SMALL_STACK XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif @@ -2665,26 +2664,25 @@ int wc_ecc_export_x963(ecc_key* key, byte* out, word32* outLen) return MEMORY_E; #endif - do { - /* pad and store x */ - XMEMSET(buf, 0, ECC_BUFSIZE); - ret = mp_to_unsigned_bin(key->pubkey.x, + /* pad and store x */ + XMEMSET(buf, 0, ECC_BUFSIZE); + ret = mp_to_unsigned_bin(key->pubkey.x, buf + (numlen - mp_unsigned_bin_size(key->pubkey.x))); - if (ret != MP_OKAY) - break; - XMEMCPY(out+1, buf, numlen); + if (ret != MP_OKAY) + goto done; + XMEMCPY(out+1, buf, numlen); - /* pad and store y */ - XMEMSET(buf, 0, ECC_BUFSIZE); - ret = mp_to_unsigned_bin(key->pubkey.y, + /* pad and store y */ + XMEMSET(buf, 0, ECC_BUFSIZE); + ret = mp_to_unsigned_bin(key->pubkey.y, buf + (numlen - mp_unsigned_bin_size(key->pubkey.y))); - if (ret != MP_OKAY) - break; - XMEMCPY(out+1+numlen, buf, numlen); + if (ret != MP_OKAY) + goto done; + XMEMCPY(out+1+numlen, buf, numlen); - *outLen = 1 + 2*numlen; - } while (0); + *outLen = 1 + 2*numlen; +done: #ifdef WOLFSSL_SMALL_STACK XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif From 4cdece20fbd17969177f259a286a73c6e2c27efe Mon Sep 17 00:00:00 2001 From: John Safranek Date: Wed, 22 Jul 2015 11:52:42 -0700 Subject: [PATCH 34/35] change SetCurve return type to int, as used --- wolfcrypt/src/asn.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 8537ed5d2..78a849ab1 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -2735,7 +2735,7 @@ WOLFSSL_LOCAL word32 SetExplicit(byte number, word32 len, byte* output) #if defined(HAVE_ECC) && (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN)) -static word32 SetCurve(ecc_key* key, byte* output) +static int SetCurve(ecc_key* key, byte* output) { /* curve types */ From 5fe7a1b89ab0b3dee9cbe0adeeb35e536a4c9849 Mon Sep 17 00:00:00 2001 From: toddouska Date: Wed, 22 Jul 2015 13:32:56 -0700 Subject: [PATCH 35/35] have fastmath use negative error codes for consistent <0 error detection --- wolfssl/wolfcrypt/tfm.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/wolfssl/wolfcrypt/tfm.h b/wolfssl/wolfcrypt/tfm.h index 50e9712e7..2467069b3 100644 --- a/wolfssl/wolfcrypt/tfm.h +++ b/wolfssl/wolfcrypt/tfm.h @@ -257,10 +257,10 @@ #define FP_NEG 1 /* return codes */ -#define FP_OKAY 0 -#define FP_VAL 1 -#define FP_MEM 2 -#define FP_NOT_INF 3 +#define FP_OKAY 0 +#define FP_VAL -1 +#define FP_MEM -2 +#define FP_NOT_INF -3 /* equalities */ #define FP_LT -1 /* less than */