Merge branch 'master' into zd3963

This commit is contained in:
Eric Blankenhorn
2018-06-20 10:05:20 -05:00
committed by GitHub
128 changed files with 4528 additions and 3682 deletions
+3
View File
@@ -237,3 +237,6 @@ IDE/LINUX-SGX/*.a
wolfcrypt/src/port/intel/qat_test
/mplabx/wolfssl.X/dist/default/
/mplabx/wolfcrypt_test.X/dist/default/
# Arduino Generated Files
/IDE/ARDUINO/wolfSSL
-1
View File
@@ -1 +0,0 @@
Please see the file 'README' in this directory.
+404 -351
View File
File diff suppressed because it is too large Load Diff
+12 -11
View File
@@ -4,22 +4,23 @@
This is a shell script that will re-organize the wolfSSL library to be
compatible with Arduino projects. The Arduino IDE requires a library's source
files to be in the library's root directory with a header file in the name of
the library. This script moves all src/ files to the root wolfssl directory and
creates a stub header file called wolfssl.h.
the library. This script moves all src/ files to the `IDE/ARDUINO/wolfSSL`
directory and creates a stub header file called `wolfssl.h`.
Step 1: To configure wolfSSL with Arduino, enter the following from within the
wolfssl/IDE/ARDUINO directory:
./wolfssl-arduino.sh
`./wolfssl-arduino.sh`
Step 2: Edit <wolfssl-root>/wolfssl/wolfcrypt/settings.h uncomment the define for
WOLFSSL_ARDUINO
Step 2: Edit `<wolfssl-root>/IDE/ARDUINO/wolfSSL/wolfssl/wolfcrypt/settings.h` uncomment the define for `WOLFSSL_ARDUINO`
If building for Intel Galileo platform also uncomment the define for `INTEL_GALILEO`.
also uncomment the define for INTEL_GALILEO if building for that platform
#####Including wolfSSL in Arduino Libraries (for Arduino version 1.6.6)
1. Copy the wolfSSL directory into Arduino/libraries (or wherever Arduino searches for libraries).
2. In the Arduino IDE:
- Go to ```Sketch > Include Libraries > Manage Libraries```. This refreshes your changes to the libraries.
- Next go to ```Sketch > Include Libraries > wolfSSL```. This includes wolfSSL in your sketch.
1. In the Arduino IDE:
- In `Sketch -> Include Library -> Add .ZIP Library...` and choose the
`IDE/ARDUNIO/wolfSSL` folder.
- In `Sketch -> Include Library` choose wolfSSL.
An example wolfSSL client INO sketch exists here: `sketches/wolfssl_client/wolfssl_client.ino`
@@ -1,6 +1,6 @@
/* wolfssl_client.ino
*
* Copyright (C) 2006-2016 wolfSSL Inc.
* Copyright (C) 2006-2018 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
@@ -142,4 +142,3 @@ void loop() {
}
delay(1000);
}
+23 -14
View File
@@ -7,20 +7,29 @@
DIR=${PWD##*/}
if [ "$DIR" = "ARDUINO" ]; then
cp ../../src/*.c ../../
cp ../../wolfcrypt/src/*.c ../../
echo "/* stub header file for Arduino compatibility */" >> ../../wolfssl.h
rm -rf wolfSSL
mkdir wolfSSL
cp ../../src/*.c ./wolfSSL
cp ../../wolfcrypt/src/*.c ./wolfSSL
mkdir wolfSSL/wolfssl
cp ../../wolfssl/*.h ./wolfSSL/wolfssl
mkdir wolfSSL/wolfssl/wolfcrypt
cp ../../wolfssl/wolfcrypt/*.h ./wolfSSL/wolfssl/wolfcrypt
# support misc.c as include in wolfcrypt/src
mkdir ./wolfSSL/wolfcrypt
mkdir ./wolfSSL/wolfcrypt/src
cp ../../wolfcrypt/src/misc.c ./wolfSSL/wolfcrypt/src
# put bio and evp as includes
mv ./wolfSSL/bio.c ./wolfSSL/wolfssl
mv ./wolfSSL/evp.c ./wolfSSL/wolfssl
echo "/* Generated wolfSSL header file for Arduino */" >> ./wolfSSL/wolfssl.h
echo "#include <wolfssl/wolfcrypt/settings.h>" >> ./wolfSSL/wolfssl.h
echo "#include <wolfssl/ssl.h>" >> ./wolfSSL/wolfssl.h
else
echo "ERROR: You must be in the IDE/ARDUINO directory to run this script"
fi
#UPDATED: 19 Apr 2017 to remove bio.c and evp.c from the root directory since
# they are included inline and should not be compiled directly
ARDUINO_DIR=${PWD}
cd ../../
rm bio.c
rm evp.c
cd $ARDUINO_DIR
# end script in the origin directory for any future functionality that may be added.
#End UPDATE: 19 Apr 2017
+183
View File
@@ -0,0 +1,183 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<?fileVersion 4.0.0?><cproject storage_type_id="org.eclipse.cdt.core.XmlProjectDescriptionStorage">
<storageModule moduleId="org.eclipse.cdt.core.settings">
<cconfiguration id="cdt.managedbuild.config.gnu.mentor.nucleus.lib.debug.16169494">
<storageModule buildSystemId="org.eclipse.cdt.managedbuilder.core.configurationDataProvider" id="cdt.managedbuild.config.gnu.mentor.nucleus.lib.debug.16169494" moduleId="org.eclipse.cdt.core.settings" name="Debug">
<externalSettings>
<externalSetting>
<entry flags="VALUE_WORKSPACE_PATH" kind="includePath" name="/wolfcrypt"/>
<entry flags="VALUE_WORKSPACE_PATH" kind="libraryPath" name="/wolfcrypt/Debug"/>
<entry flags="RESOLVED" kind="libraryFile" name="wolfssl" srcPrefixMapping="" srcRootPath=""/>
</externalSetting>
</externalSettings>
<extensions>
<extension id="org.eclipse.cdt.core.ELF" point="org.eclipse.cdt.core.BinaryParser"/>
<extension id="org.eclipse.cdt.core.GASErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GmakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="com.mentor.embedded.toolchains.core.nucleus.FuseErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.CWDLocator" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GCCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
</extensions>
</storageModule>
<storageModule moduleId="cdtBuildSystem" version="4.0.0">
<configuration artifactExtension="a" artifactName="wolfssl" buildArtefactType="org.eclipse.cdt.build.core.buildArtefactType.staticLib" buildProperties="org.eclipse.cdt.build.core.buildArtefactType=org.eclipse.cdt.build.core.buildArtefactType.staticLib,org.eclipse.cdt.build.core.buildType=org.eclipse.cdt.build.core.buildType.debug" cleanCommand="cs-rm -rf" description="" id="cdt.managedbuild.config.gnu.mentor.nucleus.lib.debug.16169494" name="Debug" parent="cdt.managedbuild.config.gnu.mentor.nucleus.lib.debug">
<folderInfo id="cdt.managedbuild.config.gnu.mentor.nucleus.lib.debug.16169494." name="/" resourcePath="">
<toolChain id="cdt.managedbuild.toolchain.gnu.mentor.nucleus.lib.debug.223487397" name="Sourcery CodeBench for Nucleus" superClass="cdt.managedbuild.toolchain.gnu.mentor.nucleus.lib.debug">
<targetPlatform archList="all" binaryParser="org.eclipse.cdt.core.ELF" id="cdt.managedbuild.targetPlatform.gnu.mentor.nucleus.1602489785" isAbstract="false" osList="all" superClass="cdt.managedbuild.targetPlatform.gnu.mentor.nucleus"/>
<builder buildPath="${workspace_loc:/wolfcrypt}/Debug" id="cdt.managedbuild.builder.gnu.mentor.nucleus.1164120304" keepEnvironmentInBuildfile="false" managedBuildOn="true" name="CodeSourcery GNU Builder" superClass="cdt.managedbuild.builder.gnu.mentor.nucleus"/>
<tool id="cdt.managedbuild.tool.gnu.mentor.archiver.nucleus.729368558" name="CodeSourcery GNU Archiver" superClass="cdt.managedbuild.tool.gnu.mentor.archiver.nucleus"/>
<tool id="cdt.managedbuild.tool.gnu.mentor.cpp.compiler.nucleus.1374010562" name="CodeSourcery GNU C++ Compiler" superClass="cdt.managedbuild.tool.gnu.mentor.cpp.compiler.nucleus">
<option id="mentor.gnu.cpp.compiler.option.optimization.level.2002648562" name="Optimization Level" superClass="mentor.gnu.cpp.compiler.option.optimization.level" value="mentor.gnu.cpp.compiler.optimization.level.none" valueType="enumerated"/>
<option id="mentor.gnu.cpp.compiler.option.debugging.level.498021118" name="Debug Level" superClass="mentor.gnu.cpp.compiler.option.debugging.level" value="mentor.gnu.cpp.compiler.debugging.level.max" valueType="enumerated"/>
<option id="mentor.gnu.cpp.compiler.option.indexer_include.2050335782" name="Include paths for indexer" superClass="mentor.gnu.cpp.compiler.option.indexer_include" valueType="includePath">
<listOptionValue builtIn="false" value="${CFG_INCLUDE}"/>
<listOptionValue builtIn="false" value="${SYSTEM_HOME}/./"/>
<listOptionValue builtIn="false" value="${SYSTEM_HOME}/bsp/realview_eb_ct926ejs/include/"/>
<listOptionValue builtIn="false" value="${SYSTEM_HOME}/bsp/realview_eb_ct926ejs/include/bsp/arch/plat-realview_eb/"/>
<listOptionValue builtIn="false" value="${SYSTEM_HOME}/os/arch/arm/tool-csgnu_arm/"/>
<listOptionValue builtIn="false" value="${SYSTEM_HOME}/os/include/"/>
<listOptionValue builtIn="false" value="${SYSTEM_HOME}/os/include/arch/arm/"/>
<listOptionValue builtIn="false" value="${SYSTEM_HOME}/os/include/arch/arm/tool-csgnu_arm/"/>
</option>
</tool>
<tool id="cdt.managedbuild.tool.gnu.mentor.c.compiler.nucleus.2014778929" name="CodeSourcery GNU C Compiler" superClass="cdt.managedbuild.tool.gnu.mentor.c.compiler.nucleus">
<option defaultValue="mentor.gnu.c.optimization.level.none" id="mentor.gnu.c.compiler.option.optimization.level.398007200" name="Optimization Level" superClass="mentor.gnu.c.compiler.option.optimization.level" valueType="enumerated"/>
<option id="mentor.gnu.c.compiler.option.debugging.level.732537986" name="Debug Level" superClass="mentor.gnu.c.compiler.option.debugging.level" value="mentor.gnu.c.debugging.level.max" valueType="enumerated"/>
<option id="mentor.gnu.c.compiler.option.indexer_include.1166025607" name="Include paths for indexer" superClass="mentor.gnu.c.compiler.option.indexer_include" valueType="includePath">
<listOptionValue builtIn="false" value="${CFG_INCLUDE}"/>
<listOptionValue builtIn="false" value="${SYSTEM_HOME}/./"/>
<listOptionValue builtIn="false" value="${SYSTEM_HOME}/bsp/realview_eb_ct926ejs/include/"/>
<listOptionValue builtIn="false" value="${SYSTEM_HOME}/bsp/realview_eb_ct926ejs/include/bsp/arch/plat-realview_eb/"/>
<listOptionValue builtIn="false" value="${SYSTEM_HOME}/os/arch/arm/tool-csgnu_arm/"/>
<listOptionValue builtIn="false" value="${SYSTEM_HOME}/os/include/"/>
<listOptionValue builtIn="false" value="${SYSTEM_HOME}/os/include/arch/arm/"/>
<listOptionValue builtIn="false" value="${SYSTEM_HOME}/os/include/arch/arm/tool-csgnu_arm/"/>
</option>
<option id="mentor.gnu.c.compiler.option.preprocessor.def.symbols.1143748896" name="Defined symbols (-D)" superClass="mentor.gnu.c.compiler.option.preprocessor.def.symbols" valueType="definedSymbols">
<listOptionValue builtIn="false" value="WOLFSSL_USER_SETTINGS"/>
</option>
<option id="mentor.gnu.c.compiler.option.include.paths.194565509" name="Include paths (-I)" superClass="mentor.gnu.c.compiler.option.include.paths" valueType="includePath">
<listOptionValue builtIn="false" value="../../../"/>
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}}&quot;"/>
</option>
<inputType id="cdt.managedbuild.tool.gnu.mentor.c.compiler.nucleus.input.923848555" superClass="cdt.managedbuild.tool.gnu.mentor.c.compiler.nucleus.input"/>
</tool>
<tool id="cdt.managedbuild.tool.gnu.mentor.c.linker.nucleus.1059991805" name="CodeSourcery GNU C Linker" superClass="cdt.managedbuild.tool.gnu.mentor.c.linker.nucleus"/>
<tool id="cdt.managedbuild.tool.gnu.mentor.cpp.linker.nucleus.1339624750" name="CodeSourcery GNU C++ Linker" superClass="cdt.managedbuild.tool.gnu.mentor.cpp.linker.nucleus"/>
<tool id="cdt.managedbuild.tool.gnu.mentor.assembler.nucleus.729188509" name="CodeSourcery GNU Assembler" superClass="cdt.managedbuild.tool.gnu.mentor.assembler.nucleus">
<option id="gnu.both.asm.option.debugging.level.260047724" name="Debug Level" superClass="gnu.both.asm.option.debugging.level" value="gnu.both.asm.debugging.level.max" valueType="enumerated"/>
<inputType id="cdt.managedbuild.tool.gnu.assembler.input.376260780" superClass="cdt.managedbuild.tool.gnu.assembler.input"/>
</tool>
<tool id="com.mentor.embedded.toolchains.core.nucleus.exportgen.process.403073591" name="Nucleus Exports Generator" superClass="com.mentor.embedded.toolchains.core.nucleus.exportgen.process"/>
<tool id="com.mentor.embedded.toolchains.core.nucleus.exportgen.application.645196251" name="Nucleus Exports Generator" superClass="com.mentor.embedded.toolchains.core.nucleus.exportgen.application"/>
</toolChain>
</folderInfo>
<sourceEntries>
<entry excluding="src/src/evp.c|src/src/aes_asm.S|src/benchmark|src/user-crypto|src/src/misc.c" flags="VALUE_WORKSPACE_PATH|RESOLVED" kind="sourcePath" name=""/>
</sourceEntries>
</configuration>
</storageModule>
<storageModule moduleId="org.eclipse.cdt.core.externalSettings">
<externalSettings containerId="system-project;" factoryId="org.eclipse.cdt.core.cfg.export.settings.sipplier"/>
</storageModule>
</cconfiguration>
<cconfiguration id="cdt.managedbuild.config.gnu.mentor.nucleus.lib.release.1927475508">
<storageModule buildSystemId="org.eclipse.cdt.managedbuilder.core.configurationDataProvider" id="cdt.managedbuild.config.gnu.mentor.nucleus.lib.release.1927475508" moduleId="org.eclipse.cdt.core.settings" name="Release">
<externalSettings>
<externalSetting>
<entry flags="VALUE_WORKSPACE_PATH" kind="includePath" name="/wolfcrypt"/>
<entry flags="VALUE_WORKSPACE_PATH" kind="libraryPath" name="/wolfcrypt/Release"/>
<entry flags="RESOLVED" kind="libraryFile" name="wolfssl" srcPrefixMapping="" srcRootPath=""/>
</externalSetting>
</externalSettings>
<extensions>
<extension id="org.eclipse.cdt.core.ELF" point="org.eclipse.cdt.core.BinaryParser"/>
<extension id="org.eclipse.cdt.core.GASErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GmakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="com.mentor.embedded.toolchains.core.nucleus.FuseErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.CWDLocator" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GCCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
</extensions>
</storageModule>
<storageModule moduleId="cdtBuildSystem" version="4.0.0">
<configuration artifactExtension="a" artifactName="wolfssl" buildArtefactType="org.eclipse.cdt.build.core.buildArtefactType.staticLib" buildProperties="org.eclipse.cdt.build.core.buildArtefactType=org.eclipse.cdt.build.core.buildArtefactType.staticLib,org.eclipse.cdt.build.core.buildType=org.eclipse.cdt.build.core.buildType.release" cleanCommand="cs-rm -rf" description="" id="cdt.managedbuild.config.gnu.mentor.nucleus.lib.release.1927475508" name="Release" parent="cdt.managedbuild.config.gnu.mentor.nucleus.lib.release">
<folderInfo id="cdt.managedbuild.config.gnu.mentor.nucleus.lib.release.1927475508." name="/" resourcePath="">
<toolChain id="cdt.managedbuild.toolchain.gnu.mentor.nucleus.lib.release.215643800" name="Sourcery CodeBench for Nucleus" superClass="cdt.managedbuild.toolchain.gnu.mentor.nucleus.lib.release">
<targetPlatform archList="all" binaryParser="org.eclipse.cdt.core.ELF" id="cdt.managedbuild.targetPlatform.gnu.mentor.nucleus.1262083747" isAbstract="false" osList="all" superClass="cdt.managedbuild.targetPlatform.gnu.mentor.nucleus"/>
<builder buildPath="${workspace_loc:/wolfcrypt}/Release" id="cdt.managedbuild.builder.gnu.mentor.nucleus.656729475" keepEnvironmentInBuildfile="false" managedBuildOn="true" name="CodeSourcery GNU Builder" superClass="cdt.managedbuild.builder.gnu.mentor.nucleus"/>
<tool id="cdt.managedbuild.tool.gnu.mentor.archiver.nucleus.1642691673" name="CodeSourcery GNU Archiver" superClass="cdt.managedbuild.tool.gnu.mentor.archiver.nucleus"/>
<tool id="cdt.managedbuild.tool.gnu.mentor.cpp.compiler.nucleus.53089999" name="CodeSourcery GNU C++ Compiler" superClass="cdt.managedbuild.tool.gnu.mentor.cpp.compiler.nucleus">
<option id="mentor.gnu.cpp.compiler.option.optimization.level.1972432162" name="Optimization Level" superClass="mentor.gnu.cpp.compiler.option.optimization.level" value="mentor.gnu.cpp.compiler.optimization.level.most" valueType="enumerated"/>
<option id="mentor.gnu.cpp.compiler.option.debugging.level.1063240694" name="Debug Level" superClass="mentor.gnu.cpp.compiler.option.debugging.level"/>
<option id="mentor.gnu.cpp.compiler.option.indexer_include.482283905" name="Include paths for indexer" superClass="mentor.gnu.cpp.compiler.option.indexer_include" valueType="includePath">
<listOptionValue builtIn="false" value="${CFG_INCLUDE}"/>
<listOptionValue builtIn="false" value="${SYSTEM_HOME}/./"/>
<listOptionValue builtIn="false" value="${SYSTEM_HOME}/bsp/realview_eb_ct926ejs/include/"/>
<listOptionValue builtIn="false" value="${SYSTEM_HOME}/bsp/realview_eb_ct926ejs/include/bsp/arch/plat-realview_eb/"/>
<listOptionValue builtIn="false" value="${SYSTEM_HOME}/os/arch/arm/tool-csgnu_arm/"/>
<listOptionValue builtIn="false" value="${SYSTEM_HOME}/os/include/"/>
<listOptionValue builtIn="false" value="${SYSTEM_HOME}/os/include/arch/arm/"/>
<listOptionValue builtIn="false" value="${SYSTEM_HOME}/os/include/arch/arm/tool-csgnu_arm/"/>
</option>
</tool>
<tool id="cdt.managedbuild.tool.gnu.mentor.c.compiler.nucleus.768508310" name="CodeSourcery GNU C Compiler" superClass="cdt.managedbuild.tool.gnu.mentor.c.compiler.nucleus">
<option defaultValue="mentor.gnu.c.optimization.level.most" id="mentor.gnu.c.compiler.option.optimization.level.1172306433" name="Optimization Level" superClass="mentor.gnu.c.compiler.option.optimization.level" valueType="enumerated"/>
<option id="mentor.gnu.c.compiler.option.debugging.level.1416772866" name="Debug Level" superClass="mentor.gnu.c.compiler.option.debugging.level"/>
<option id="mentor.gnu.c.compiler.option.indexer_include.190263447" name="Include paths for indexer" superClass="mentor.gnu.c.compiler.option.indexer_include" valueType="includePath">
<listOptionValue builtIn="false" value="${CFG_INCLUDE}"/>
<listOptionValue builtIn="false" value="${SYSTEM_HOME}/./"/>
<listOptionValue builtIn="false" value="${SYSTEM_HOME}/bsp/realview_eb_ct926ejs/include/"/>
<listOptionValue builtIn="false" value="${SYSTEM_HOME}/bsp/realview_eb_ct926ejs/include/bsp/arch/plat-realview_eb/"/>
<listOptionValue builtIn="false" value="${SYSTEM_HOME}/os/arch/arm/tool-csgnu_arm/"/>
<listOptionValue builtIn="false" value="${SYSTEM_HOME}/os/include/"/>
<listOptionValue builtIn="false" value="${SYSTEM_HOME}/os/include/arch/arm/"/>
<listOptionValue builtIn="false" value="${SYSTEM_HOME}/os/include/arch/arm/tool-csgnu_arm/"/>
</option>
<option id="mentor.gnu.c.compiler.option.include.paths.378624521" name="Include paths (-I)" superClass="mentor.gnu.c.compiler.option.include.paths" valueType="includePath">
<listOptionValue builtIn="false" value="../../../"/>
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}}&quot;"/>
</option>
<option id="mentor.gnu.c.compiler.option.preprocessor.def.symbols.377672412" name="Defined symbols (-D)" superClass="mentor.gnu.c.compiler.option.preprocessor.def.symbols" valueType="definedSymbols">
<listOptionValue builtIn="false" value="WOLFSSL_USER_SETTINGS"/>
</option>
<inputType id="cdt.managedbuild.tool.gnu.mentor.c.compiler.nucleus.input.390280819" superClass="cdt.managedbuild.tool.gnu.mentor.c.compiler.nucleus.input"/>
</tool>
<tool id="cdt.managedbuild.tool.gnu.mentor.c.linker.nucleus.1383453309" name="CodeSourcery GNU C Linker" superClass="cdt.managedbuild.tool.gnu.mentor.c.linker.nucleus"/>
<tool id="cdt.managedbuild.tool.gnu.mentor.cpp.linker.nucleus.543421555" name="CodeSourcery GNU C++ Linker" superClass="cdt.managedbuild.tool.gnu.mentor.cpp.linker.nucleus"/>
<tool id="cdt.managedbuild.tool.gnu.mentor.assembler.nucleus.115889274" name="CodeSourcery GNU Assembler" superClass="cdt.managedbuild.tool.gnu.mentor.assembler.nucleus">
<option id="gnu.both.asm.option.debugging.level.886431226" name="Debug Level" superClass="gnu.both.asm.option.debugging.level" value="gnu.both.asm.debugging.level.none" valueType="enumerated"/>
<inputType id="cdt.managedbuild.tool.gnu.assembler.input.419671347" superClass="cdt.managedbuild.tool.gnu.assembler.input"/>
</tool>
<tool id="com.mentor.embedded.toolchains.core.nucleus.exportgen.process.278067994" name="Nucleus Exports Generator" superClass="com.mentor.embedded.toolchains.core.nucleus.exportgen.process"/>
<tool id="com.mentor.embedded.toolchains.core.nucleus.exportgen.application.1699281427" name="Nucleus Exports Generator" superClass="com.mentor.embedded.toolchains.core.nucleus.exportgen.application"/>
</toolChain>
</folderInfo>
<sourceEntries>
<entry excluding="src/src/evp.c|src/src/aes_asm.S|src/benchmark|src/user-crypto|src/src/misc.c" flags="VALUE_WORKSPACE_PATH|RESOLVED" kind="sourcePath" name=""/>
</sourceEntries>
</configuration>
</storageModule>
<storageModule moduleId="org.eclipse.cdt.core.externalSettings">
<externalSettings containerId="system-project;" factoryId="org.eclipse.cdt.core.cfg.export.settings.sipplier"/>
</storageModule>
</cconfiguration>
</storageModule>
<storageModule moduleId="cdtBuildSystem" version="4.0.0">
<project id="wolfcrypt.cdt.managedbuild.target.gnu.mentor.nucleus.lib.1763261605" name="Static Library" projectType="cdt.managedbuild.target.gnu.mentor.nucleus.lib"/>
</storageModule>
<storageModule moduleId="scannerConfiguration">
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId=""/>
<scannerConfigBuildInfo instanceId="cdt.managedbuild.config.gnu.mentor.nucleus.lib.release.1927475508;cdt.managedbuild.config.gnu.mentor.nucleus.lib.release.1927475508.;cdt.managedbuild.tool.gnu.mentor.c.compiler.nucleus.768508310;cdt.managedbuild.tool.gnu.mentor.c.compiler.nucleus.input.390280819">
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId="com.mentor.embedded.toolchains.core.nucleus.GCCManagedMakePerProjectProfileC"/>
</scannerConfigBuildInfo>
<scannerConfigBuildInfo instanceId="cdt.managedbuild.config.gnu.mentor.nucleus.lib.debug.16169494;cdt.managedbuild.config.gnu.mentor.nucleus.lib.debug.16169494.;cdt.managedbuild.tool.gnu.mentor.c.compiler.nucleus.2014778929;cdt.managedbuild.tool.gnu.mentor.c.compiler.nucleus.input.923848555">
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId="com.mentor.embedded.toolchains.core.nucleus.GCCManagedMakePerProjectProfileC"/>
</scannerConfigBuildInfo>
</storageModule>
<storageModule moduleId="org.eclipse.cdt.core.LanguageSettingsProviders"/>
<storageModule moduleId="com.mentor.embedded">
<project systemProject="system-project" version="2017.02.1"/>
</storageModule>
<storageModule moduleId="refreshScope"/>
<storageModule moduleId="org.eclipse.cdt.make.core.buildtargets"/>
</cproject>
+33
View File
@@ -0,0 +1,33 @@
<?xml version="1.0" encoding="UTF-8"?>
<projectDescription>
<name>wolfcrypt</name>
<comment></comment>
<projects>
</projects>
<buildSpec>
<buildCommand>
<name>org.eclipse.cdt.managedbuilder.core.genmakebuilder</name>
<triggers>clean,full,incremental,</triggers>
<arguments>
</arguments>
</buildCommand>
<buildCommand>
<name>org.eclipse.cdt.managedbuilder.core.ScannerConfigBuilder</name>
<triggers>full,incremental,</triggers>
<arguments>
</arguments>
</buildCommand>
</buildSpec>
<natures>
<nature>org.eclipse.cdt.core.cnature</nature>
<nature>org.eclipse.cdt.managedbuilder.core.managedBuildNature</nature>
<nature>org.eclipse.cdt.managedbuilder.core.ScannerConfigNature</nature>
</natures>
<linkedResources>
<link>
<name>src</name>
<type>2</type>
<locationURI>PARENT-2-PROJECT_LOC../wolfcrypt</locationURI>
</link>
</linkedResources>
</projectDescription>
+8
View File
@@ -0,0 +1,8 @@
# vim:ft=automake
# included from Top Level Makefile.am
# All paths should be given relative to the root
EXTRA_DIST+= IDE/CSBENCH/.project
EXTRA_DIST+= IDE/CSBENCH/.cproject
EXTRA_DIST+= IDE/CSBENCH/user_settings.h
+22
View File
@@ -0,0 +1,22 @@
#ifndef WOLFSSL_CSBENCH_H
#define WOLFSSL_CSBENCH_H
/* wolfSSL settings */
#define WOLFCRYPT_ONLY
#define USE_FAST_MATH
#define TFM_TIMING_RESISTANT
#define WC_RSA_BLINDING
#define SINGLE_THREADED
#define HAVE_AESGCM
#define NO_ASN_TIME
#define HAVE_ECC
#define ECC_TIMING_RESISTANT
#define WOLFSSL_NUCLEUS
/* wolfSSH settings */
#define WOLFSSH_SFTP
//#define DEBUG_WOLFSSH
#endif
+1
View File
@@ -13,5 +13,6 @@ include IDE/INTIME-RTOS/include.am
include IDE/OPENSTM32/include.am
include IDE/VS-ARM/include.am
include IDE/GCC-ARM/include.am
include IDE/CSBENCH/include.am
EXTRA_DIST+= IDE/IAR-EWARM IDE/MDK-ARM IDE/MDK5-ARM IDE/MYSQL IDE/LPCXPRESSO IDE/HEXIWEAR
+1 -7
View File
@@ -84,6 +84,7 @@ EXTRA_DIST+= wolfssl64.sln
EXTRA_DIST+= valgrind-error.sh
EXTRA_DIST+= gencertbuf.pl
EXTRA_DIST+= README.md
EXTRA_DIST+= ChangeLog.md
EXTRA_DIST+= LICENSING
EXTRA_DIST+= INSTALL
EXTRA_DIST+= IPP
@@ -94,10 +95,6 @@ include wrapper/include.am
include cyassl/include.am
include wolfssl/include.am
include certs/include.am
include certs/1024/include.am
include certs/crl/include.am
include certs/external/include.am
include certs/ocsp/include.am
include doc/include.am
include swig/include.am
@@ -208,6 +205,3 @@ merge-clean:
@find ./ | $(GREP) \.BASE | xargs rm -f
@find ./ | $(GREP) \~$$ | xargs rm -f
dist-hook:
cp $(distdir)/wolfssl/options.h.in $(distdir)/wolfssl/options.h
View File
+100 -1811
View File
File diff suppressed because it is too large Load Diff
Executable → Regular
View File
Executable → Regular
View File
Executable → Regular
View File
Executable → Regular
View File
Executable → Regular
View File
Executable → Regular
View File
+38
View File
@@ -0,0 +1,38 @@
Certificate Revocation List (CRL):
Version 2 (0x1)
Signature Algorithm: sha1WithRSAEncryption
Issuer: /C=US/ST=Montana/L=Bozeman/OU=Engineering/CN=www.nomatch.com/emailAddress=info@wolfssl.com
Last Update: Jun 13 16:02:51 2018 GMT
Next Update: Mar 9 16:02:51 2021 GMT
CRL extensions:
X509v3 CRL Number:
1
No Revoked Certificates.
Signature Algorithm: sha1WithRSAEncryption
60:64:8d:80:20:c1:5e:48:cc:61:ba:31:b1:59:13:21:8c:d0:
ff:a3:ed:70:b0:ba:04:67:df:bb:f0:aa:db:71:85:2d:c3:ae:
ab:79:a0:83:68:df:70:f5:85:1a:8e:7c:6d:91:89:a3:af:ae:
4f:72:05:37:d9:aa:76:a5:86:10:0a:89:7a:d9:06:6a:6b:43:
51:8c:b3:ce:28:79:0c:70:d0:9a:f7:89:a5:ff:5f:4a:08:2f:
ca:3c:83:3e:d2:74:c1:02:37:f9:5d:e8:10:d2:7a:d1:df:b7:
13:40:34:2c:c5:61:71:d7:24:79:46:26:f7:b7:6f:b5:05:8a:
96:d6:a8:89:73:e6:ac:5b:96:df:be:08:6d:2b:2e:da:00:c8:
dc:11:54:c2:b9:f5:80:21:79:98:12:5d:91:bb:54:61:d8:d0:
c1:42:3d:9c:24:d5:11:0e:33:ea:3e:84:66:6e:65:2c:59:c5:
c9:b8:7b:e8:b3:ce:fc:66:d8:cc:68:98:55:9a:ff:54:fe:b0:
74:1f:d7:cc:af:f8:76:b9:ed:cf:46:07:2e:74:0e:50:b9:e9:
46:28:22:82:d7:2b:3c:81:81:e8:12:f1:5c:6e:88:ac:c7:c5:
3c:1d:46:95:ff:9e:fe:7f:38:6c:a6:4d:ac:75:86:d4:4c:8a:
75:e9:a2:88
-----BEGIN X509 CRL-----
MIIB3DCBxQIBATANBgkqhkiG9w0BAQUFADCBgjELMAkGA1UEBhMCVVMxEDAOBgNV
BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFDASBgNVBAsMC0VuZ2luZWVy
aW5nMRgwFgYDVQQDDA93d3cubm9tYXRjaC5jb20xHzAdBgkqhkiG9w0BCQEWEGlu
Zm9Ad29sZnNzbC5jb20XDTE4MDYxMzE2MDI1MVoXDTIxMDMwOTE2MDI1MVqgDjAM
MAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4IBAQBgZI2AIMFeSMxhujGxWRMh
jND/o+1wsLoEZ9+78KrbcYUtw66reaCDaN9w9YUajnxtkYmjr65PcgU32ap2pYYQ
Col62QZqa0NRjLPOKHkMcNCa94ml/19KCC/KPIM+0nTBAjf5XegQ0nrR37cTQDQs
xWFx1yR5Rib3t2+1BYqW1qiJc+asW5bfvghtKy7aAMjcEVTCufWAIXmYEl2Ru1Rh
2NDBQj2cJNURDjPqPoRmbmUsWcXJuHvos878ZtjMaJhVmv9U/rB0H9fMr/h2ue3P
RgcudA5QuelGKCKC1ys8gYHoEvFcboisx8U8HUaV/57+fzhspk2sdYbUTIp16aKI
-----END X509 CRL-----
+38
View File
@@ -0,0 +1,38 @@
Certificate Revocation List (CRL):
Version 2 (0x1)
Signature Algorithm: sha1WithRSAEncryption
Issuer: /C=US/ST=Montana/L=Bozeman/OU=Engineering/CN=www.nomatch.com/emailAddress=info@wolfssl.com
Last Update: Jun 12 23:10:47 2018 GMT
Next Update: Mar 8 23:10:47 2021 GMT
CRL extensions:
X509v3 CRL Number:
1
No Revoked Certificates.
Signature Algorithm: sha1WithRSAEncryption
16:c2:f1:59:3a:bb:50:6c:b0:f8:c4:e8:29:ac:cc:33:a7:e8:
bb:12:88:0b:9b:a0:2f:bf:39:d7:97:c9:9c:17:60:e5:31:5f:
9f:5d:ce:70:ff:1e:aa:6f:5a:72:8c:29:a3:70:3a:bb:33:e5:
2a:c8:61:03:96:3e:96:81:7c:fb:0d:5c:b7:67:b0:44:90:a7:
24:63:9b:df:80:ec:8c:3a:0b:8c:16:2e:09:09:9e:fd:f8:0d:
fa:a5:63:a3:d4:6a:28:10:ab:57:3a:59:e7:1f:84:e5:30:ad:
17:fd:f7:15:c2:75:e8:18:46:c3:5d:2c:4e:6f:ec:bd:8c:fa:
8f:00:9e:4a:1c:c3:0d:cf:2e:24:9a:fc:13:9c:76:91:ac:e0:
87:dd:fa:37:7a:24:72:35:1a:97:56:2f:13:0e:75:11:cd:e2:
41:dd:12:b0:63:2f:01:52:af:dd:63:5d:59:7c:16:ed:a4:bb:
89:d2:42:27:7f:69:c5:09:0c:db:8a:d7:0e:4b:70:ea:1f:17:
68:a5:ac:86:66:25:1c:d4:89:47:8e:64:4f:08:30:35:5e:69:
11:53:21:e9:c6:bd:16:ec:84:51:69:2b:bd:4a:de:65:f1:be:
5d:32:b2:fd:85:0d:d0:47:60:c0:fc:56:d8:d6:7e:05:d2:ac:
0c:44:1f:c7
-----BEGIN X509 CRL-----
MIIB3DCBxQIBATANBgkqhkiG9w0BAQUFADCBgjELMAkGA1UEBhMCVVMxEDAOBgNV
BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFDASBgNVBAsMC0VuZ2luZWVy
aW5nMRgwFgYDVQQDDA93d3cubm9tYXRjaC5jb20xHzAdBgkqhkiG9w0BCQEWEGlu
Zm9Ad29sZnNzbC5jb20XDTE4MDYxMjIzMTA0N1oXDTIxMDMwODIzMTA0N1qgDjAM
MAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4IBAQAWwvFZOrtQbLD4xOgprMwz
p+i7EogLm6AvvznXl8mcF2DlMV+fXc5w/x6qb1pyjCmjcDq7M+UqyGEDlj6WgXz7
DVy3Z7BEkKckY5vfgOyMOguMFi4JCZ79+A36pWOj1GooEKtXOlnnH4TlMK0X/fcV
wnXoGEbDXSxOb+y9jPqPAJ5KHMMNzy4kmvwTnHaRrOCH3fo3eiRyNRqXVi8TDnUR
zeJB3RKwYy8BUq/dY11ZfBbtpLuJ0kInf2nFCQzbitcOS3DqHxdopayGZiUc1IlH
jmRPCDA1XmkRUyHpxr0W7IRRaSu9St5l8b5dMrL9hQ3QR2DA/FbY1n4F0qwMRB/H
-----END X509 CRL-----
+38
View File
@@ -0,0 +1,38 @@
Certificate Revocation List (CRL):
Version 2 (0x1)
Signature Algorithm: sha1WithRSAEncryption
Issuer: /C=US/ST=Montana/L=Bozeman/OU=Engineering/CN=localhost/emailAddress=info@wolfssl.com
Last Update: Jun 13 16:02:51 2018 GMT
Next Update: Mar 9 16:02:51 2021 GMT
CRL extensions:
X509v3 CRL Number:
1
No Revoked Certificates.
Signature Algorithm: sha1WithRSAEncryption
b9:a1:1b:20:dd:23:b2:20:e4:b5:97:84:21:44:e6:f1:98:0b:
6b:30:22:d2:85:8e:11:19:17:e9:8a:0c:4d:cd:12:61:b0:a1:
62:a0:4a:58:05:e2:b7:ba:50:86:41:8e:46:ae:c5:8a:36:7c:
c8:ea:94:f3:30:53:46:2b:0f:1c:b3:d0:01:f1:ad:47:e1:a8:
18:65:e1:b2:32:8d:4d:31:32:f3:54:92:39:e3:f2:cc:2d:a1:
90:f2:51:79:69:c7:f8:28:ac:53:a9:c2:49:a7:d3:b7:cc:cb:
ac:6f:7d:d5:e5:8e:a1:8f:a6:51:8a:e9:b2:43:e6:5b:7e:e8:
dd:19:a0:00:ba:a3:71:ce:33:a2:bb:77:9c:6d:75:89:fd:1a:
19:da:0a:b4:6a:12:36:e9:cf:e3:83:e1:33:be:41:5b:72:45:
21:11:69:90:aa:72:f7:09:50:cb:d2:d5:df:63:da:7d:0b:29:
5e:c1:cf:cc:d5:11:07:40:92:04:6a:3b:8e:0a:7a:5f:12:f3:
36:d5:fd:af:84:5f:4c:bd:a1:b4:b1:f4:db:d1:03:5a:38:22:
bc:17:7a:ff:39:78:4a:c0:c7:b3:f3:3c:02:84:cd:93:30:5b:
aa:94:11:32:b8:6f:d3:54:7f:16:e8:b4:d7:54:1b:65:2e:7b:
d1:70:bb:e9
-----BEGIN X509 CRL-----
MIIB1TCBvgIBATANBgkqhkiG9w0BAQUFADB8MQswCQYDVQQGEwJVUzEQMA4GA1UE
CAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEUMBIGA1UECwwLRW5naW5lZXJp
bmcxEjAQBgNVBAMMCWxvY2FsaG9zdDEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xm
c3NsLmNvbRcNMTgwNjEzMTYwMjUxWhcNMjEwMzA5MTYwMjUxWqAOMAwwCgYDVR0U
BAMCAQEwDQYJKoZIhvcNAQEFBQADggEBALmhGyDdI7Ig5LWXhCFE5vGYC2swItKF
jhEZF+mKDE3NEmGwoWKgSlgF4re6UIZBjkauxYo2fMjqlPMwU0YrDxyz0AHxrUfh
qBhl4bIyjU0xMvNUkjnj8swtoZDyUXlpx/gorFOpwkmn07fMy6xvfdXljqGPplGK
6bJD5lt+6N0ZoAC6o3HOM6K7d5xtdYn9GhnaCrRqEjbpz+OD4TO+QVtyRSERaZCq
cvcJUMvS1d9j2n0LKV7Bz8zVEQdAkgRqO44Kel8S8zbV/a+EX0y9obSx9NvRA1o4
IrwXev85eErAx7PzPAKEzZMwW6qUETK4b9NUfxbotNdUG2Uue9Fwu+k=
-----END X509 CRL-----
+38
View File
@@ -0,0 +1,38 @@
Certificate Revocation List (CRL):
Version 2 (0x1)
Signature Algorithm: sha1WithRSAEncryption
Issuer: /C=US/ST=Montana/L=Bozeman/OU=Engineering/CN=*localhost/emailAddress=info@wolfssl.com
Last Update: Jun 12 23:10:47 2018 GMT
Next Update: Mar 8 23:10:47 2021 GMT
CRL extensions:
X509v3 CRL Number:
1
No Revoked Certificates.
Signature Algorithm: sha1WithRSAEncryption
79:7e:bd:34:d2:3d:f5:91:b1:79:de:50:c2:26:d5:8e:05:f7:
30:26:bd:2f:dd:6a:a1:cf:15:91:fd:95:30:a7:04:5a:65:33:
e4:fb:63:79:dd:6e:63:bd:d1:55:bd:c8:22:3c:c2:6a:40:38:
75:85:6a:e1:24:a3:99:e3:13:30:c2:cb:15:cc:50:4b:03:87:
b8:90:9c:e8:95:2a:62:1f:ed:33:30:a8:04:9f:67:b7:4c:bd:
31:b3:19:59:18:9c:6d:64:c2:22:d4:8d:8e:7e:98:c2:39:b0:
28:35:ed:8f:37:6b:03:57:3b:ef:e8:28:26:8a:f0:de:8a:21:
e8:c3:d9:68:2e:ee:cb:cb:89:4f:af:4d:37:ad:98:64:38:6e:
d8:87:fb:3b:0b:b6:a5:58:da:5e:f2:81:a1:18:90:d6:1b:f7:
8a:1b:11:3a:6d:55:0c:09:4d:cd:ea:43:01:a4:92:05:50:7e:
b4:1a:8f:54:b2:cb:4c:94:09:e0:85:cc:29:22:e4:5b:29:ee:
65:91:e3:4a:f9:64:19:40:25:17:27:a1:91:2b:2e:18:6d:2a:
26:9a:e3:82:05:a6:0b:67:24:a1:dc:d4:29:ad:47:f0:89:28:
65:da:fe:fc:62:86:47:05:51:54:08:dc:b3:e5:99:48:d6:da:
52:be:85:7c
-----BEGIN X509 CRL-----
MIIB1jCBvwIBATANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJVUzEQMA4GA1UE
CAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEUMBIGA1UECwwLRW5naW5lZXJp
bmcxEzARBgNVBAMMCipsb2NhbGhvc3QxHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29s
ZnNzbC5jb20XDTE4MDYxMjIzMTA0N1oXDTIxMDMwODIzMTA0N1qgDjAMMAoGA1Ud
FAQDAgEBMA0GCSqGSIb3DQEBBQUAA4IBAQB5fr000j31kbF53lDCJtWOBfcwJr0v
3WqhzxWR/ZUwpwRaZTPk+2N53W5jvdFVvcgiPMJqQDh1hWrhJKOZ4xMwwssVzFBL
A4e4kJzolSpiH+0zMKgEn2e3TL0xsxlZGJxtZMIi1I2OfpjCObAoNe2PN2sDVzvv
6CgmivDeiiHow9loLu7Ly4lPr003rZhkOG7Yh/s7C7alWNpe8oGhGJDWG/eKGxE6
bVUMCU3N6kMBpJIFUH60Go9UsstMlAnghcwpIuRbKe5lkeNK+WQZQCUXJ6GRKy4Y
bSommuOCBaYLZySh3NQprUfwiShl2v78YoZHBVFUCNyz5ZlI1tpSvoV8
-----END X509 CRL-----
Binary file not shown.
+3
View File
@@ -0,0 +1,3 @@
-----BEGIN PRIVATE KEY-----
MC4CAQAwBQYDK2VwBCIEIALLg+oVSN6eOx+rCjIui2cYL3VyBkk2pWBdv1+JXJBy
-----END PRIVATE KEY-----
Binary file not shown.
+1 -1
View File
@@ -1,3 +1,3 @@
-----BEGIN PRIVATE KEY-----
MC4CAQAwBQYDK2VwBCIEIBGdNYxa3ommO8aYO1oGaGSRQBqDYB0sKOdR3bqejqIQ
MC4CAQAwBQYDK2VwBCIEICejNCo11Lu44dzY7A/BoNGiXPkG8ERdO5dNvd9KO6NO
-----END PRIVATE KEY-----
+14
View File
@@ -16,3 +16,17 @@ popd
mv ${EXAMPLE}/*.pem .
mv ${EXAMPLE}/*.der .
convert() {
echo -en "\x30\x2e" > ${NAME}-ed25519-priv.der
head -c 48 ${NAME}-ed25519-key.der | tail -c 46 >> ${NAME}-ed25519-priv.der
echo "-----BEGIN PRIVATE KEY-----" > ${NAME}-ed25519-priv.pem
openssl base64 -in ${NAME}-ed25519-priv.der >> ${NAME}-ed25519-priv.pem
echo "-----END PRIVATE KEY-----" >> ${NAME}-ed25519-priv.pem
}
NAME=server convert
NAME=client convert
NAME=root convert
NAME=ca convert
+29
View File
@@ -0,0 +1,29 @@
# vim:ft=automake
# All paths should be given relative to the root
#
EXTRA_DIST += \
certs/ed25519/ca-ed25519.der \
certs/ed25519/ca-ed25519.pem \
certs/ed25519/ca-ed25519-key.der \
certs/ed25519/ca-ed25519-key.pem \
certs/ed25519/ca-ed25519-priv.der \
certs/ed25519/ca-ed25519-priv.pem \
certs/ed25519/client-ed25519.der \
certs/ed25519/client-ed25519.pem \
certs/ed25519/client-ed25519-key.der \
certs/ed25519/client-ed25519-key.pem \
certs/ed25519/client-ed25519-priv.der \
certs/ed25519/client-ed25519-priv.pem \
certs/ed25519/root-ed25519.der \
certs/ed25519/root-ed25519.pem \
certs/ed25519/root-ed25519-key.der \
certs/ed25519/root-ed25519-key.pem \
certs/ed25519/root-ed25519-priv.der \
certs/ed25519/root-ed25519-priv.pem \
certs/ed25519/server-ed25519.der \
certs/ed25519/server-ed25519.pem \
certs/ed25519/server-ed25519-key.der \
certs/ed25519/server-ed25519-key.pem \
certs/ed25519/server-ed25519-priv.der \
certs/ed25519/server-ed25519-priv.pem
Binary file not shown.
+3
View File
@@ -0,0 +1,3 @@
-----BEGIN PRIVATE KEY-----
MC4CAQAwBQYDK2VwBCIEICejNCo11Lu44dzY7A/BoNGiXPkG8ERdO5dNvd9KO6NO
-----END PRIVATE KEY-----
Binary file not shown.
+1 -1
View File
@@ -1,3 +1,3 @@
-----BEGIN PRIVATE KEY-----
MC4CAQAwBQYDK2VwBCIEINjpdrI/H/eIdfXd+HrGSTBu6Z/LnR4rwBjvu3WJ5ndn
MC4CAQAwBQYDK2VwBCIEIAIvxf+6jtDSvwOOdo/IhoBxh5cx4kCs37uQFVJuJKE5
-----END PRIVATE KEY-----
+1
View File
@@ -4,4 +4,5 @@
EXTRA_DIST += \
certs/external/ca-globalsign-root-r3.pem \
certs/external/ca-digicert-ev.pem \
certs/external/baltimore-cybertrust-root.pem
Executable → Regular
+8 -23
View File
@@ -8,6 +8,8 @@ EXTRA_DIST += \
certs/client-cert.pem \
certs/client-keyEnc.pem \
certs/client-key.pem \
certs/client-uri-cert.pem \
certs/client-relative-uri.pem \
certs/ecc-key.pem \
certs/ecc-privkey.pem \
certs/ecc-keyPkcs8Enc.pem \
@@ -63,27 +65,6 @@ EXTRA_DIST += \
certs/server-ecc-self.der \
certs/server-ecc-rsa.der \
certs/server-cert-chain.der
EXTRA_DIST += \
certs/ed25519/ca-ed25519.der \
certs/ed25519/ca-ed25519-key.der \
certs/ed25519/ca-ed25519-key.pem \
certs/ed25519/ca-ed25519.pem \
certs/ed25519/client-ed25519.der \
certs/ed25519/client-ed25519-key.der \
certs/ed25519/client-ed25519-key.pem \
certs/ed25519/client-ed25519.pem \
certs/ed25519/client-ed25519-priv.pem \
certs/ed25519/client-ed25519-priv.pem \
certs/ed25519/root-ed25519.der \
certs/ed25519/root-ed25519-key.der \
certs/ed25519/root-ed25519-key.pem \
certs/ed25519/root-ed25519.pem \
certs/ed25519/server-ed25519.der \
certs/ed25519/server-ed25519-key.der \
certs/ed25519/server-ed25519-key.pem \
certs/ed25519/server-ed25519.pem \
certs/ed25519/server-ed25519-priv.der \
certs/ed25519/server-ed25519-priv.pem
# ECC CA prime256v1
EXTRA_DIST += \
@@ -103,7 +84,11 @@ dist_doc_DATA+= certs/taoCert.txt
EXTRA_DIST+= certs/ntru-key.raw
include certs/1024/include.am
include certs/crl/include.am
include certs/ecc/include.am
include certs/ed25519/include.am
include certs/external/include.am
include certs/ocsp/include.am
include certs/test/include.am
include certs/test-pathlen/include.am
include certs/test/include.am
include certs/ecc/include.am
Executable → Regular
View File
+82 -28
View File
@@ -1,43 +1,97 @@
#!/bin/sh
# Generate CN=localhost, AltName=localhost\0h
echo "step 1 create key"
openssl genrsa -out server-badaltnamenull.key 2048
# Args: 1=FileName, 2=CN, 3=AltName
function build_test_cert_conf {
echo "[ req ]" > $1.conf
echo "prompt = no" >> $1.conf
echo "default_bits = 2048" >> $1.conf
echo "distinguished_name = req_distinguished_name" >> $1.conf
echo "req_extensions = req_ext" >> $1.conf
echo "" >> $1.conf
echo "[ req_distinguished_name ]" >> $1.conf
echo "C = US" >> $1.conf
echo "ST = Montana" >> $1.conf
echo "L = Bozeman" >> $1.conf
echo "OU = Engineering" >> $1.conf
echo "CN = $2" >> $1.conf
echo "emailAddress = info@wolfssl.com" >> $1.conf
echo "" >> $1.conf
echo "[ req_ext ]" >> $1.conf
if [ -n "$3" ]; then
if [[ "$3" != *"DER"* ]]; then
echo "subjectAltName = @alt_names" >> $1.conf
echo "[alt_names]" >> $1.conf
echo "DNS.1 = $3" >> $1.conf
else
echo "subjectAltName = $3" >> $1.conf
fi
fi
}
echo "step 2 create csr"
echo "US\nMontana\nBozeman\nEngineering\nlocalhost\n.\n" | openssl req -new -sha256 -out server-badaltnamenull.csr -key server-badaltnamenull.key -config server-badaltnamenull.conf
# Args: 1=FileName
function generate_test_cert {
rm $1.der
rm $1.pem
echo "step 3 check csr"
openssl req -text -noout -in server-badaltnamenull.csr
echo "step 1 create configuration"
build_test_cert_conf $1 $2 $3
echo "step 4 create cert"
openssl x509 -req -days 1000 -in server-badaltnamenull.csr -signkey server-badaltnamenull.key \
-out server-badaltnamenull.pem -extensions req_ext -extfile server-badaltnamenull.conf
echo "step 2 create csr"
openssl req -new -sha256 -out $1.csr -key ../server-key.pem -config $1.conf
echo "step 5 make human reviewable"
openssl x509 -inform pem -in server-badaltnamenull.pem -text > tmp.pem
mv tmp.pem server-badaltnamenull.pem
echo "step 3 check csr"
openssl req -text -noout -in $1.csr
openssl x509 -inform pem -in server-badaltnamenull.pem -outform der -out server-badaltnamenull.der
echo "step 4 create cert"
openssl x509 -req -days 1000 -sha256 -in $1.csr -signkey ../server-key.pem \
-out $1.pem -extensions req_ext -extfile $1.conf
rm $1.conf
rm $1.csr
if [ -n "$4" ]; then
echo "step 5 generate crl"
mkdir ../crl/demoCA
touch ../crl/demoCA/index.txt
echo "01" > ../crl/crlnumber
openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out crl.revoked -keyfile ../server-key.pem -cert $1.pem
rm ../crl/$1Crl.pem
openssl crl -in crl.revoked -text > tmp.pem
mv tmp.pem ../crl/$1Crl.pem
rm crl.revoked
rm -rf ../crl/demoCA
rm ../crl/crlnumber*
fi
echo "step 6 add cert text information to pem"
openssl x509 -inform pem -in $1.pem -text > tmp.pem
mv tmp.pem $1.pem
echo "step 7 make binary der version"
openssl x509 -inform pem -in $1.pem -outform der -out $1.der
}
# Generate CN=www.nomatch.com, no AltName
echo "step 1 create key"
openssl genrsa -out server-nomatch.key 2048
# Generate Good CN=localhost, Alt=None
generate_test_cert server-goodcn localhost "" 1
echo "step 2 create csr"
echo "US\nMontana\nBozeman\nEngineering\nwww.nomatch.com\n.\n" | openssl req -new -sha256 -out server-nomatch.csr -key server-nomatch.key -config server-nomatch.conf
# Generate Good CN=www.nomatch.com, Alt=localhost
generate_test_cert server-goodalt www.nomatch.com localhost 1
echo "step 3 check csr"
openssl req -text -noout -in server-nomatch.csr
# Generate Good CN=*localhost, Alt=None
generate_test_cert server-goodcnwild *localhost "" 1
echo "step 4 create cert"
openssl x509 -req -days 1000 -in server-nomatch.csr -signkey server-nomatch.key \
-out server-nomatch.pem -extensions req_ext -extfile server-nomatch.conf
# Generate Good CN=www.nomatch.com, Alt=*localhost
generate_test_cert server-goodaltwild www.nomatch.com *localhost 1
echo "step 5 make human reviewable"
openssl x509 -inform pem -in server-nomatch.pem -text > tmp.pem
mv tmp.pem server-nomatch.pem
# Generate Bad CN=localhost\0h, Alt=None
# DG: Have not found a way to properly encode null in common name
generate_test_cert server-badcnnull DER:30:0d:82:0b:6c:6f:63:61:6c:68:6f:73:74:00:68
openssl x509 -inform pem -in server-nomatch.pem -outform der -out server-nomatch.der
# Generate Bad Name CN=www.nomatch.com, Alt=None
generate_test_cert server-badcn www.nomatch.com
# Generate Bad Alt CN=www.nomatch.com, Alt=localhost\0h
generate_test_cert server-badaltnull www.nomatch.com DER:30:0d:82:0b:6c:6f:63:61:6c:68:6f:73:74:00:68
# Generate Bad Alt Name CN=www.nomatch.com, Alt=www.nomatch.com
generate_test_cert server-badaltname www.nomatch.com www.nomatch.com
+32 -10
View File
@@ -20,13 +20,35 @@ EXTRA_DIST += \
EXTRA_DIST += \
certs/test/gen-testcerts.sh \
certs/test/server-badaltnamenull.conf \
certs/test/server-badaltnamenull.csr \
certs/test/server-badaltnamenull.key \
certs/test/server-badaltnamenull.pem \
certs/test/server-badaltnamenull.der \
certs/test/server-nomatch.conf \
certs/test/server-nomatch.csr \
certs/test/server-nomatch.key \
certs/test/server-nomatch.pem \
certs/test/server-nomatch.der
certs/test/server-goodcn.pem \
certs/test/server-goodcn.der \
certs/test/server-goodalt.pem \
certs/test/server-goodalt.der \
certs/test/server-goodcnwild.pem \
certs/test/server-goodcnwild.der \
certs/test/server-goodaltwild.pem \
certs/test/server-goodaltwild.der \
certs/test/server-badcnnull.pem \
certs/test/server-badcnnull.der \
certs/test/server-badcn.pem \
certs/test/server-badcn.der \
certs/test/server-badaltnull.pem \
certs/test/server-badaltnull.der \
certs/test/server-badaltname.der \
certs/test/server-badaltname.pem \
certs/crl/server-goodaltCrl.pem \
certs/crl/server-goodcnCrl.pem \
certs/crl/server-goodaltwildCrl.pem \
certs/crl/server-goodcnwildCrl.pem
EXTRA_DIST += \
certs/test/crit-cert.pem \
certs/test/crit-key.pem \
certs/test/dh1024.der \
certs/test/dh1024.pem \
certs/test/dh512.der \
certs/test/dh512.pem \
certs/test/digsigku.pem \
certs/test/expired-ca.pem \
certs/test/expired-cert.pem \
certs/test/expired-key.pem
Binary file not shown.
+74
View File
@@ -0,0 +1,74 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 18173611275853114373 (0xfc35a32adf422c05)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=www.nomatch.com/emailAddress=info@wolfssl.com
Validity
Not Before: Jun 12 23:10:48 2018 GMT
Not After : Mar 8 23:10:48 2021 GMT
Subject: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=www.nomatch.com/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27:
01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6:
f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75:
f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab:
64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e:
86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25:
4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c:
34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6:
8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc:
40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8:
dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3:
e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9:
64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0:
c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77:
ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4:
b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22:
a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f:
ad:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Alternative Name:
DNS:www.nomatch.com
Signature Algorithm: sha256WithRSAEncryption
50:71:b9:85:03:6e:8b:65:4e:55:8e:36:c6:e6:41:9b:ff:06:
23:e1:11:6f:a0:98:ab:45:da:31:77:f3:85:c7:3e:60:79:f6:
1d:20:52:72:72:d4:e1:67:a7:53:9d:c2:3a:2e:ab:99:a8:3a:
43:3f:77:bb:69:46:94:79:b4:7c:29:63:a0:ae:8d:8e:e3:e8:
60:77:71:a2:c2:df:bd:d2:19:06:40:c0:7e:88:5c:9c:ec:f8:
31:4d:d5:ac:19:a4:cc:08:49:69:47:02:19:50:64:12:01:bd:
c0:57:62:f9:c7:b1:3b:b4:b2:2f:a3:0c:27:92:ba:56:0d:83:
7e:fd:d7:7e:60:82:cd:39:06:70:4b:11:89:c9:1b:7d:a4:47:
b3:fe:66:5a:4c:d7:99:32:44:e3:0a:fc:6c:18:7b:9e:0c:52:
bc:73:67:a8:d8:b9:74:7c:fd:4e:c8:ba:93:6e:1d:79:51:ac:
48:51:78:c6:63:bf:24:2b:25:a2:2f:ca:c2:4a:74:46:82:43:
b9:0a:fb:13:07:29:16:a4:22:ae:f2:52:2d:7f:f7:9b:70:29:
8a:2b:9f:3c:d7:07:bf:3d:41:83:02:05:90:39:85:be:f9:c4:
63:fd:e9:6f:8f:ea:27:89:9a:8d:90:1f:8e:8d:46:ab:c9:c2:
77:f8:d5:29
-----BEGIN CERTIFICATE-----
MIIDpzCCAo+gAwIBAgIJAPw1oyrfQiwFMA0GCSqGSIb3DQEBCwUAMIGCMQswCQYD
VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEUMBIG
A1UECwwLRW5naW5lZXJpbmcxGDAWBgNVBAMMD3d3dy5ub21hdGNoLmNvbTEfMB0G
CSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0xODA2MTIyMzEwNDhaFw0y
MTAzMDgyMzEwNDhaMIGCMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQ
MA4GA1UEBwwHQm96ZW1hbjEUMBIGA1UECwwLRW5naW5lZXJpbmcxGDAWBgNVBAMM
D3d3dy5ub21hdGNoLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNv
bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMCVCOFXQfJxbbfSRUEn
AWXGRa7yvCQwuJXOL07W9hyIvHyf+6hnf/5cnFF194rKB+c1L4/hvXvAL3yrZKgX
/Mpde7rgIeVyLm8uhtiVc9qsG1O5Xz/XGQ0lT+FjY1GLC2Q/rUO4pRxcNLOuAKBj
xfZ/C1loeHOmjBipAm2vwxkBLrgQ48bMQLRpo0YzaYduxLsXpvPo3a1zvHsvIbX9
ZlEMvVSz4W1fHLwjc9EJA4kU0hC5ZMMq0KGWSrzh1Bpbx6DAwWN4D0Q3MDKWgDIj
laF3uhPSl3PiXSXJag3DOWCktLBpQkIJ6dgIvDMgs1gip6rrxOHmYYPF0pbf2dBP
rdcCAwEAAaMeMBwwGgYDVR0RBBMwEYIPd3d3Lm5vbWF0Y2guY29tMA0GCSqGSIb3
DQEBCwUAA4IBAQBQcbmFA26LZU5VjjbG5kGb/wYj4RFvoJirRdoxd/OFxz5gefYd
IFJyctThZ6dTncI6LquZqDpDP3e7aUaUebR8KWOgro2O4+hgd3Giwt+90hkGQMB+
iFyc7PgxTdWsGaTMCElpRwIZUGQSAb3AV2L5x7E7tLIvowwnkrpWDYN+/dd+YILN
OQZwSxGJyRt9pEez/mZaTNeZMkTjCvxsGHueDFK8c2eo2Ll0fP1OyLqTbh15UaxI
UXjGY78kKyWiL8rCSnRGgkO5CvsTBykWpCKu8lItf/ebcCmKK5881we/PUGDAgWQ
OYW++cRj/elvj+oniZqNkB+OjUarycJ3+NUp
-----END CERTIFICATE-----
-17
View File
@@ -1,17 +0,0 @@
[ req ]
default_bits = 2048
distinguished_name = req_distinguished_name
req_extensions = req_ext
[ req_distinguished_name ]
countryName = US
stateOrProvinceName = Montana
localityName = Bozeman
organizationName = Engineering
commonName = www.wolfssl.com
commonName_max = 64
commonName_default = localhost
[ req_ext ]
#subjectAltName = localhost\0h
subjectAltName = DER:30:0d:82:0b:6c:6f:63:61:6c:68:6f:73:74:00:68
-17
View File
@@ -1,17 +0,0 @@
-----BEGIN CERTIFICATE REQUEST-----
MIICyTCCAbECAQAwWzELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAO
BgNVBAcMB0JvemVtYW4xFDASBgNVBAoMC0VuZ2luZWVyaW5nMRIwEAYDVQQDDAls
b2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBWOI9sH7D
UouzlAgOLJgVQEyrHw9nwxeIEqmxfU2kZZcD95DWBzExpT0mbluER8yoj6E3//LY
58aDdASC+x/gxTLWuCNIgF9GWIOfP2TaWj9AHT6mIeklP2z9qJm3Md7UT52xOLkz
0wblZzSjcqEY61c1MGH6xAtfYfWZgmkxej4aAKd7jR1LAXCSIx+EO2WvvA8c5fiS
ozQgftXSM/5437VVSwu4dH4ptRNou/6nXi74cYzO4+/Unh7j/4ggwuvegNdEqeRg
CtASpQalRN+xrqghQaj786t/kBkqH6L0KKzzcsfLi4oE6dJXn4e7SFWgzbRayp5y
a7jal5x/6U+5AgMBAAGgKTAnBgkqhkiG9w0BCQ4xGjAYMBYGA1UdEQQPMA2CC2xv
Y2FsaG9zdABoMA0GCSqGSIb3DQEBCwUAA4IBAQCHfMbbmvXJGKjO6Z6UOkF3f7sa
cB8gEyjm9+Aa8gMQnaWOH8Sw6nGhGNSOVTQUIqt8EohqNCd/jrjZF34mecaJ3ycw
ryt7AGQzQX5uutBLVr55jszVVC8EDKuPzO3jXH6h6ptvSebG/0KL0P+JHL5JvzZ1
wAsTBtnnnrnxCQO3a2SFC4zVyH+LCP+EWehH7Sjt9FtrCIoP+xoM6AJ2tCxb4CHH
A8WGuw36lG78DH6rs4kbh0iCP/pKYrYeG9EBOj6+Bw7WF4ee6QhL0VzHXUcIFjkp
YlVLGBTL6KVjPW4uim1az5F1+HxZTvbAbnPU7f81M2ePmqbFfODYO1KPXycg
-----END CERTIFICATE REQUEST-----
Binary file not shown.
-27
View File
@@ -1,27 +0,0 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEAwVjiPbB+w1KLs5QIDiyYFUBMqx8PZ8MXiBKpsX1NpGWXA/eQ
1gcxMaU9Jm5bhEfMqI+hN//y2OfGg3QEgvsf4MUy1rgjSIBfRliDnz9k2lo/QB0+
piHpJT9s/aiZtzHe1E+dsTi5M9MG5Wc0o3KhGOtXNTBh+sQLX2H1mYJpMXo+GgCn
e40dSwFwkiMfhDtlr7wPHOX4kqM0IH7V0jP+eN+1VUsLuHR+KbUTaLv+p14u+HGM
zuPv1J4e4/+IIMLr3oDXRKnkYArQEqUGpUTfsa6oIUGo+/Orf5AZKh+i9Cis83LH
y4uKBOnSV5+Hu0hVoM20Wsqecmu42pecf+lPuQIDAQABAoIBAEL0a8xfHVa4dCZo
4e0+ph/d127+34/YMILvq5IKSWPfxk8aYS6s6O0/QpDXcJu7XXUV4AeLe+Z/RPBq
sdFF84Eb6QIQXC+UPOoYZuQzyNIQpIyoU/SmE53RfAXPaAPXokm1lG81rHT05BN3
DPR5Eq6VeOqzaYq0bxfFzY4uag02pITGuYMIxuBkJ+q9mu9XTaBWY1mGlD0zqxUZ
LC0dgrWklJFNHNWddrsMl0LDXFRfuxdFmoZT5NBLh+DWgKq/IW+TAqe3lZGVCPFs
cctR3WevykigH5TZmK3gsT98kqe5y9xO+pOpAvNAKeiXVYEREzE+PbsdiLiXbaEy
X1pUB70CgYEA7BSSQqa5duNNwOFp9DcNmMj1VKE2ixhRZi+R7jxHquiyh6IQv7tf
865f8ZA55mPwy5h/Gqin6YdswvkwHUqbEstnQ+BXmcXaI0EY6iZAkSSKbC0ygr3o
yVuRSCJmkCdmb8KIz0yguEjOmbNcavaH9ivE7KS6DhYb65PwyGuCxqsCgYEA0alC
a84cpN59zFTaW85gpq1zeWMbXmkBees8xnygJ4kZw2MkqQSZw+zUFdb9WbltSAsU
Y8eF0SAaShoXfa7BwB2Bnrs7NZMQzZfVmSG5QLF45v+087guN7pgWnmkUQ0G9ijc
oLI5Mn3oMy9UrJ48JUVwYysaacgRa73tMsGZ0ysCgYALrbDWjzzZfsEX6468QATy
K+7G8vqpwtgz/+JuMJkzATPjtcayVWiXu2aPopzaotMEn1SaUwGLceGVe5I/wLMP
KPTAzNZIixsRZ2T+IEpNY8tdMpcvFInxfBAhy2Hbe7d7i9oMtzO0KhXeUJsfx3ZO
XTfupO93Ruy2qKjeoULk5QKBgCDD9O9oHK3fX4WJVT63t/8UaFF2HZbZjjOBgdP7
MgQ7tt0EJ3yKjYVDA7oOCTX2do+lu6AEVHNkMveVsEoh/4GImvM1i4FJ5Hxc2DLA
RHVJxv1CxQK5q+9lnx1EmVtZT9c0d5Zdg/bSGnG1WeRILlocyf2VhOE3NRHDcshV
3TZVAoGAXP0SDgRcA544d0zdw07f9/KgHlYcsJuPGt2F7UzjIZiBivr3yh+EXBw2
xMqRwFnsBeOgvW/i3Je01RjeWZL6M9Lq1ywk2HZtDPnN6dP15LwSS33OBRca5Fk+
CyKDfZHd+8c2wj8hNsxd/D4N7ZVDrU3UNvMslHwGh0PbIaQxcQM=
-----END RSA PRIVATE KEY-----
-72
View File
@@ -1,72 +0,0 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15650401360786530715 (0xd931651e45f8a19b)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=Montana, L=Bozeman, O=Engineering, CN=localhost
Validity
Not Before: May 3 16:02:13 2018 GMT
Not After : Jan 27 16:02:13 2021 GMT
Subject: C=US, ST=Montana, L=Bozeman, O=Engineering, CN=localhost
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c1:58:e2:3d:b0:7e:c3:52:8b:b3:94:08:0e:2c:
98:15:40:4c:ab:1f:0f:67:c3:17:88:12:a9:b1:7d:
4d:a4:65:97:03:f7:90:d6:07:31:31:a5:3d:26:6e:
5b:84:47:cc:a8:8f:a1:37:ff:f2:d8:e7:c6:83:74:
04:82:fb:1f:e0:c5:32:d6:b8:23:48:80:5f:46:58:
83:9f:3f:64:da:5a:3f:40:1d:3e:a6:21:e9:25:3f:
6c:fd:a8:99:b7:31:de:d4:4f:9d:b1:38:b9:33:d3:
06:e5:67:34:a3:72:a1:18:eb:57:35:30:61:fa:c4:
0b:5f:61:f5:99:82:69:31:7a:3e:1a:00:a7:7b:8d:
1d:4b:01:70:92:23:1f:84:3b:65:af:bc:0f:1c:e5:
f8:92:a3:34:20:7e:d5:d2:33:fe:78:df:b5:55:4b:
0b:b8:74:7e:29:b5:13:68:bb:fe:a7:5e:2e:f8:71:
8c:ce:e3:ef:d4:9e:1e:e3:ff:88:20:c2:eb:de:80:
d7:44:a9:e4:60:0a:d0:12:a5:06:a5:44:df:b1:ae:
a8:21:41:a8:fb:f3:ab:7f:90:19:2a:1f:a2:f4:28:
ac:f3:72:c7:cb:8b:8a:04:e9:d2:57:9f:87:bb:48:
55:a0:cd:b4:5a:ca:9e:72:6b:b8:da:97:9c:7f:e9:
4f:b9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Alternative Name:
DNS:localhost
Signature Algorithm: sha1WithRSAEncryption
ae:76:ea:5e:33:2c:cf:16:c8:ec:a2:27:2a:19:b9:22:bb:69:
b4:96:35:f7:25:1c:dd:8b:fb:c4:a8:32:17:89:73:a0:bc:23:
a3:49:d4:fd:1a:d7:fc:bf:87:5d:42:12:4b:20:20:74:47:7e:
7c:97:89:c1:f1:a3:82:3a:58:0b:b4:05:0b:c1:02:da:a6:dc:
ca:6c:60:58:fe:83:1c:fc:ed:c7:bc:96:df:b2:af:31:f5:28:
45:2d:d5:c0:5a:42:95:c3:64:c5:46:5c:cd:8e:d6:7b:fd:9c:
f5:75:44:cc:d6:7e:d8:96:55:5c:00:9f:1f:ac:f1:0a:07:29:
0c:ba:ab:7d:1f:ac:8d:40:55:86:e4:35:1d:11:89:10:8b:c2:
67:ff:99:32:66:f3:5d:4a:c3:37:5e:37:32:40:7b:29:50:25:
e5:c1:d8:df:7b:64:3e:f7:c4:1e:01:88:fe:24:f6:0c:ea:f7:
72:df:1e:72:0c:9b:64:c3:6b:ec:ce:99:b1:75:61:f2:ac:d5:
6f:7b:7d:06:7b:6c:a8:6c:ac:46:37:dd:af:e6:cb:8f:70:d7:
57:e2:38:d9:e6:9a:93:da:53:06:e6:39:c5:79:6a:0a:ac:49:
da:04:a1:60:2f:5f:96:ef:ca:6c:34:62:6c:ac:25:1c:d5:e0:
f7:8e:7c:df
-----BEGIN CERTIFICATE-----
MIIDUzCCAjugAwIBAgIJANkxZR5F+KGbMA0GCSqGSIb3DQEBBQUAMFsxCzAJBgNV
BAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRQwEgYD
VQQKDAtFbmdpbmVlcmluZzESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTE4MDUwMzE2
MDIxM1oXDTIxMDEyNzE2MDIxM1owWzELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01v
bnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFDASBgNVBAoMC0VuZ2luZWVyaW5nMRIw
EAYDVQQDDAlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDBWOI9sH7DUouzlAgOLJgVQEyrHw9nwxeIEqmxfU2kZZcD95DWBzExpT0mbluE
R8yoj6E3//LY58aDdASC+x/gxTLWuCNIgF9GWIOfP2TaWj9AHT6mIeklP2z9qJm3
Md7UT52xOLkz0wblZzSjcqEY61c1MGH6xAtfYfWZgmkxej4aAKd7jR1LAXCSIx+E
O2WvvA8c5fiSozQgftXSM/5437VVSwu4dH4ptRNou/6nXi74cYzO4+/Unh7j/4gg
wuvegNdEqeRgCtASpQalRN+xrqghQaj786t/kBkqH6L0KKzzcsfLi4oE6dJXn4e7
SFWgzbRayp5ya7jal5x/6U+5AgMBAAGjGjAYMBYGA1UdEQQPMA2CC2xvY2FsaG9z
dABoMA0GCSqGSIb3DQEBBQUAA4IBAQCudupeMyzPFsjsoicqGbkiu2m0ljX3JRzd
i/vEqDIXiXOgvCOjSdT9Gtf8v4ddQhJLICB0R358l4nB8aOCOlgLtAULwQLaptzK
bGBY/oMc/O3HvJbfsq8x9ShFLdXAWkKVw2TFRlzNjtZ7/Zz1dUTM1n7YllVcAJ8f
rPEKBykMuqt9H6yNQFWG5DUdEYkQi8Jn/5kyZvNdSsM3XjcyQHspUCXlwdjfe2Q+
98QeAYj+JPYM6vdy3x5yDJtkw2vszpmxdWHyrNVve30Ge2yobKxGN92v5suPcNdX
4jjZ5pqT2lMG5jnFeWoKrEnaBKFgL1+W78psNGJsrCUc1eD3jnzf
-----END CERTIFICATE-----
Binary file not shown.
+74
View File
@@ -0,0 +1,74 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 18337557996975909176 (0xfe7c17d779df6938)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=www.nomatch.com/emailAddress=info@wolfssl.com
Validity
Not Before: Jun 12 23:10:48 2018 GMT
Not After : Mar 8 23:10:48 2021 GMT
Subject: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=www.nomatch.com/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27:
01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6:
f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75:
f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab:
64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e:
86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25:
4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c:
34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6:
8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc:
40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8:
dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3:
e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9:
64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0:
c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77:
ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4:
b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22:
a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f:
ad:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Alternative Name:
DNS:localhost
Signature Algorithm: sha256WithRSAEncryption
24:29:6d:72:5e:f9:49:79:0a:c1:d7:bb:c2:eb:b5:4b:f6:b6:
05:e3:99:7a:df:68:ee:8d:94:66:f2:31:1f:9e:c2:86:77:5d:
3b:75:86:9a:98:c1:8b:54:18:ab:9e:13:64:af:5b:b8:35:0c:
d4:e6:dc:3e:03:d9:26:06:75:6b:13:a2:e9:3d:19:0a:65:d7:
e2:1e:c2:67:fe:d7:f0:64:d8:ae:20:c3:81:1b:7f:a4:76:6e:
4a:5c:ae:23:6e:85:32:25:3c:5e:54:7a:bf:49:5a:a2:11:53:
a1:ce:d9:4b:19:ef:1c:ba:0e:f9:8e:c4:da:90:69:2f:ec:87:
08:24:d7:6a:18:63:56:3e:a0:a6:22:f1:e0:10:bd:cc:68:50:
99:e7:4f:51:27:00:da:36:2c:df:26:ab:41:5e:c3:fb:1b:bb:
58:3f:8c:4a:b2:30:71:66:92:9e:05:a1:c9:90:f9:06:0a:79:
33:f4:e3:b9:da:43:38:8f:82:15:1e:98:7a:b8:da:e7:a4:f6:
08:bc:54:c6:7b:64:c2:56:a0:83:f9:c0:d5:60:ba:a3:df:8a:
04:bc:65:d6:82:23:82:50:2f:a9:f6:bd:03:c6:3d:5e:00:b8:
a0:c5:0f:eb:cf:59:67:d9:a3:e1:84:f9:d1:91:65:67:96:93:
b6:0b:15:80
-----BEGIN CERTIFICATE-----
MIIDozCCAougAwIBAgIJAP58F9d532k4MA0GCSqGSIb3DQEBCwUAMIGCMQswCQYD
VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEUMBIG
A1UECwwLRW5naW5lZXJpbmcxGDAWBgNVBAMMD3d3dy5ub21hdGNoLmNvbTEfMB0G
CSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0xODA2MTIyMzEwNDhaFw0y
MTAzMDgyMzEwNDhaMIGCMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQ
MA4GA1UEBwwHQm96ZW1hbjEUMBIGA1UECwwLRW5naW5lZXJpbmcxGDAWBgNVBAMM
D3d3dy5ub21hdGNoLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNv
bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMCVCOFXQfJxbbfSRUEn
AWXGRa7yvCQwuJXOL07W9hyIvHyf+6hnf/5cnFF194rKB+c1L4/hvXvAL3yrZKgX
/Mpde7rgIeVyLm8uhtiVc9qsG1O5Xz/XGQ0lT+FjY1GLC2Q/rUO4pRxcNLOuAKBj
xfZ/C1loeHOmjBipAm2vwxkBLrgQ48bMQLRpo0YzaYduxLsXpvPo3a1zvHsvIbX9
ZlEMvVSz4W1fHLwjc9EJA4kU0hC5ZMMq0KGWSrzh1Bpbx6DAwWN4D0Q3MDKWgDIj
laF3uhPSl3PiXSXJag3DOWCktLBpQkIJ6dgIvDMgs1gip6rrxOHmYYPF0pbf2dBP
rdcCAwEAAaMaMBgwFgYDVR0RBA8wDYILbG9jYWxob3N0AGgwDQYJKoZIhvcNAQEL
BQADggEBACQpbXJe+Ul5CsHXu8LrtUv2tgXjmXrfaO6NlGbyMR+ewoZ3XTt1hpqY
wYtUGKueE2SvW7g1DNTm3D4D2SYGdWsTouk9GQpl1+Iewmf+1/Bk2K4gw4Ebf6R2
bkpcriNuhTIlPF5Uer9JWqIRU6HO2UsZ7xy6DvmOxNqQaS/shwgk12oYY1Y+oKYi
8eAQvcxoUJnnT1EnANo2LN8mq0Few/sbu1g/jEqyMHFmkp4FocmQ+QYKeTP047na
QziPghUemHq42uek9gi8VMZ7ZMJWoIP5wNVguqPfigS8ZdaCI4JQL6n2vQPGPV4A
uKDFD+vPWWfZo+GE+dGRZWeWk7YLFYA=
-----END CERTIFICATE-----
Binary file not shown.
+70
View File
@@ -0,0 +1,70 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 10690824908453597701 (0x945d709ca0465205)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=www.nomatch.com/emailAddress=info@wolfssl.com
Validity
Not Before: Jun 12 23:10:48 2018 GMT
Not After : Mar 8 23:10:48 2021 GMT
Subject: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=www.nomatch.com/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27:
01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6:
f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75:
f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab:
64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e:
86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25:
4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c:
34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6:
8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc:
40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8:
dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3:
e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9:
64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0:
c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77:
ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4:
b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22:
a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f:
ad:d7
Exponent: 65537 (0x10001)
Signature Algorithm: sha256WithRSAEncryption
6b:4d:4f:75:40:7b:1c:c0:08:e7:ae:b1:e7:57:9e:c0:ee:ca:
15:46:e9:e5:02:dd:fb:e1:f3:39:b9:b4:d3:b5:a4:cb:5b:16:
4d:90:43:54:62:8d:d5:58:68:12:35:d7:73:ba:86:33:27:7e:
e7:f4:4b:90:40:f3:e2:62:90:57:08:e0:a6:10:76:62:00:bd:
60:29:dc:52:10:98:bb:81:4c:f7:f8:cf:46:64:66:fa:85:dd:
e0:90:fb:27:3d:74:2f:fb:7c:29:fe:ae:a7:a6:8d:1e:41:d6:
d6:02:90:28:51:fc:ce:87:bc:39:58:d7:94:5a:c6:6c:2c:3f:
dc:99:14:ec:66:43:5f:cf:0b:47:1c:1e:9e:27:05:8b:8e:55:
d8:c0:25:45:40:3b:93:4f:a2:d9:58:ef:c0:c1:57:4c:67:2f:
33:84:01:d0:bc:0a:d0:95:44:ae:eb:f8:fd:68:d5:5a:33:b4:
b3:cb:ad:1b:ce:ec:ae:04:b4:5d:0a:29:ad:2a:66:a5:cf:73:
c3:bf:ce:ce:43:4d:01:ea:e8:45:23:e5:3f:21:22:2e:6e:9b:
22:d0:e8:c9:e2:c9:2c:a5:6a:27:9d:7f:8a:17:ae:c7:3d:54:
6b:bd:85:76:44:e6:16:1f:72:31:a0:75:b8:1f:89:a4:7e:c1:
2d:d0:96:05
-----BEGIN CERTIFICATE-----
MIIDhzCCAm+gAwIBAgIJAJRdcJygRlIFMA0GCSqGSIb3DQEBCwUAMIGCMQswCQYD
VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEUMBIG
A1UECwwLRW5naW5lZXJpbmcxGDAWBgNVBAMMD3d3dy5ub21hdGNoLmNvbTEfMB0G
CSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0xODA2MTIyMzEwNDhaFw0y
MTAzMDgyMzEwNDhaMIGCMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQ
MA4GA1UEBwwHQm96ZW1hbjEUMBIGA1UECwwLRW5naW5lZXJpbmcxGDAWBgNVBAMM
D3d3dy5ub21hdGNoLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNv
bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMCVCOFXQfJxbbfSRUEn
AWXGRa7yvCQwuJXOL07W9hyIvHyf+6hnf/5cnFF194rKB+c1L4/hvXvAL3yrZKgX
/Mpde7rgIeVyLm8uhtiVc9qsG1O5Xz/XGQ0lT+FjY1GLC2Q/rUO4pRxcNLOuAKBj
xfZ/C1loeHOmjBipAm2vwxkBLrgQ48bMQLRpo0YzaYduxLsXpvPo3a1zvHsvIbX9
ZlEMvVSz4W1fHLwjc9EJA4kU0hC5ZMMq0KGWSrzh1Bpbx6DAwWN4D0Q3MDKWgDIj
laF3uhPSl3PiXSXJag3DOWCktLBpQkIJ6dgIvDMgs1gip6rrxOHmYYPF0pbf2dBP
rdcCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAa01PdUB7HMAI566x51eewO7KFUbp
5QLd++HzObm007Wky1sWTZBDVGKN1VhoEjXXc7qGMyd+5/RLkEDz4mKQVwjgphB2
YgC9YCncUhCYu4FM9/jPRmRm+oXd4JD7Jz10L/t8Kf6up6aNHkHW1gKQKFH8zoe8
OVjXlFrGbCw/3JkU7GZDX88LRxwenicFi45V2MAlRUA7k0+i2VjvwMFXTGcvM4QB
0LwK0JVEruv4/WjVWjO0s8utG87srgS0XQoprSpmpc9zw7/OzkNNAeroRSPlPyEi
Lm6bItDoyeLJLKVqJ51/iheuxz1Ua72FdkTmFh9yMaB1uB+JpH7BLdCWBQ==
-----END CERTIFICATE-----
Binary file not shown.
+72
View File
@@ -0,0 +1,72 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 14443731963441436391 (0xc87271b1cfe1d6e7)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=DER:30:0d:82:0b:6c:6f:63:61:6c:68:6f:73:74:00:68/emailAddress=info@wolfssl.com
Validity
Not Before: Jun 12 23:10:47 2018 GMT
Not After : Mar 8 23:10:47 2021 GMT
Subject: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=DER:30:0d:82:0b:6c:6f:63:61:6c:68:6f:73:74:00:68/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27:
01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6:
f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75:
f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab:
64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e:
86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25:
4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c:
34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6:
8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc:
40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8:
dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3:
e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9:
64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0:
c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77:
ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4:
b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22:
a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f:
ad:d7
Exponent: 65537 (0x10001)
Signature Algorithm: sha256WithRSAEncryption
28:2d:4a:7a:b9:22:94:2a:92:90:d8:e8:2b:bc:c5:39:46:03:
c3:16:97:a1:21:1c:8d:19:f9:d2:c5:9f:36:8c:d4:04:b0:69:
cd:2f:28:3f:95:e9:3d:22:e1:b3:c0:f0:73:f3:b8:fa:cb:63:
a4:7d:b9:3c:dc:fc:f1:7e:fd:b0:8b:c6:5e:f2:60:90:51:5a:
94:92:e0:48:04:44:53:4f:73:e5:73:27:c5:54:94:ed:69:a4:
8f:5c:62:0f:fa:3b:4f:c5:2b:d4:26:0d:3c:39:e1:c7:ce:d5:
81:b6:c8:7f:63:e1:7a:de:0f:d2:ca:97:2b:7d:cc:09:53:69:
2c:a4:d8:19:58:ad:eb:48:ce:c7:69:1b:63:57:26:5a:9b:5d:
be:98:9d:58:b2:b3:c0:79:8b:bf:f4:39:f2:a1:5d:30:63:4a:
66:15:1d:8f:a2:e4:83:b2:25:06:74:66:8f:32:b1:5d:a7:7f:
6f:70:f6:4e:2a:10:33:6f:c2:a4:38:34:87:f6:3f:82:a7:a5:
ab:fa:7d:43:38:f6:8d:bc:04:e1:b2:81:10:c7:6a:03:ed:0c:
89:b9:06:b3:61:e4:c1:ca:9e:88:48:39:a6:41:e8:7f:f8:d7:
7d:48:46:fb:9f:53:de:8c:be:6a:25:77:8c:48:bf:a4:7d:b0:
96:dd:d0:86
-----BEGIN CERTIFICATE-----
MIIDyTCCArGgAwIBAgIJAMhycbHP4dbnMA0GCSqGSIb3DQEBCwUAMIGjMQswCQYD
VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEUMBIG
A1UECwwLRW5naW5lZXJpbmcxOTA3BgNVBAMMMERFUjozMDowZDo4MjowYjo2Yzo2
Zjo2Mzo2MTo2Yzo2ODo2Zjo3Mzo3NDowMDo2ODEfMB0GCSqGSIb3DQEJARYQaW5m
b0B3b2xmc3NsLmNvbTAeFw0xODA2MTIyMzEwNDdaFw0yMTAzMDgyMzEwNDdaMIGj
MQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1h
bjEUMBIGA1UECwwLRW5naW5lZXJpbmcxOTA3BgNVBAMMMERFUjozMDowZDo4Mjow
Yjo2Yzo2Zjo2Mzo2MTo2Yzo2ODo2Zjo3Mzo3NDowMDo2ODEfMB0GCSqGSIb3DQEJ
ARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMCVCOFXQfJxbbfSRUEnAWXGRa7yvCQwuJXOL07W9hyIvHyf+6hnf/5cnFF1
94rKB+c1L4/hvXvAL3yrZKgX/Mpde7rgIeVyLm8uhtiVc9qsG1O5Xz/XGQ0lT+Fj
Y1GLC2Q/rUO4pRxcNLOuAKBjxfZ/C1loeHOmjBipAm2vwxkBLrgQ48bMQLRpo0Yz
aYduxLsXpvPo3a1zvHsvIbX9ZlEMvVSz4W1fHLwjc9EJA4kU0hC5ZMMq0KGWSrzh
1Bpbx6DAwWN4D0Q3MDKWgDIjlaF3uhPSl3PiXSXJag3DOWCktLBpQkIJ6dgIvDMg
s1gip6rrxOHmYYPF0pbf2dBPrdcCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAKC1K
erkilCqSkNjoK7zFOUYDwxaXoSEcjRn50sWfNozUBLBpzS8oP5XpPSLhs8Dwc/O4
+stjpH25PNz88X79sIvGXvJgkFFalJLgSAREU09z5XMnxVSU7Wmkj1xiD/o7T8Ur
1CYNPDnhx87VgbbIf2Phet4P0sqXK33MCVNpLKTYGVit60jOx2kbY1cmWptdvpid
WLKzwHmLv/Q58qFdMGNKZhUdj6Lkg7IlBnRmjzKxXad/b3D2TioQM2/CpDg0h/Y/
gqelq/p9Qzj2jbwE4bKBEMdqA+0MibkGs2HkwcqeiEg5pkHof/jXfUhG+59T3oy+
aiV3jEi/pH2wlt3Qhg==
-----END CERTIFICATE-----
View File
Binary file not shown.
+74
View File
@@ -0,0 +1,74 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 14615220398693458350 (0xcad3b184922aa1ae)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=www.nomatch.com/emailAddress=info@wolfssl.com
Validity
Not Before: Jun 13 16:02:51 2018 GMT
Not After : Mar 9 16:02:51 2021 GMT
Subject: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=www.nomatch.com/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27:
01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6:
f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75:
f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab:
64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e:
86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25:
4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c:
34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6:
8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc:
40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8:
dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3:
e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9:
64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0:
c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77:
ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4:
b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22:
a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f:
ad:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Alternative Name:
DNS:localhost
Signature Algorithm: sha256WithRSAEncryption
5a:08:fc:f5:82:0b:a3:9b:8e:d0:95:92:46:df:a1:cd:8a:e5:
c5:57:71:d4:6f:f4:d9:73:66:bc:7e:d9:66:a7:67:c7:29:1c:
8d:d4:33:92:54:f3:7d:fd:5d:ef:b1:a8:07:a6:ee:df:99:f6:
70:56:d2:f6:0b:15:0b:70:6f:da:bd:c4:37:ef:99:f9:b7:f3:
59:70:12:41:f5:72:1c:61:1d:51:6d:22:c5:8c:8b:78:f8:77:
00:11:e3:b2:a6:b7:e9:00:02:f0:e7:8f:e3:50:cb:20:8b:ff:
f5:31:ce:7b:c1:ae:8f:a3:3c:60:81:da:34:6f:5f:d0:45:6d:
bf:c2:69:54:5a:58:d3:57:29:5e:0f:85:d7:73:e1:db:b1:15:
26:a8:66:72:51:d7:e7:b3:b8:87:b1:ab:6c:51:4b:7c:98:c7:
c4:a8:ba:b0:3d:05:b5:95:2e:b5:a4:47:87:cd:86:3d:6c:45:
54:46:63:c8:15:d6:06:39:a3:d6:b1:3f:f7:eb:a0:7c:c1:97:
a9:7f:11:f7:ee:e5:6d:53:90:30:6c:39:0a:6b:0d:d6:8e:eb:
38:9f:bc:09:c1:fc:67:28:4a:fd:59:60:df:d0:19:f9:35:52:
4c:5e:85:98:c5:d4:e9:fe:17:04:22:f8:f1:dd:4b:8f:29:0e:
b5:04:37:c1
-----BEGIN CERTIFICATE-----
MIIDoTCCAomgAwIBAgIJAMrTsYSSKqGuMA0GCSqGSIb3DQEBCwUAMIGCMQswCQYD
VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEUMBIG
A1UECwwLRW5naW5lZXJpbmcxGDAWBgNVBAMMD3d3dy5ub21hdGNoLmNvbTEfMB0G
CSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0xODA2MTMxNjAyNTFaFw0y
MTAzMDkxNjAyNTFaMIGCMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQ
MA4GA1UEBwwHQm96ZW1hbjEUMBIGA1UECwwLRW5naW5lZXJpbmcxGDAWBgNVBAMM
D3d3dy5ub21hdGNoLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNv
bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMCVCOFXQfJxbbfSRUEn
AWXGRa7yvCQwuJXOL07W9hyIvHyf+6hnf/5cnFF194rKB+c1L4/hvXvAL3yrZKgX
/Mpde7rgIeVyLm8uhtiVc9qsG1O5Xz/XGQ0lT+FjY1GLC2Q/rUO4pRxcNLOuAKBj
xfZ/C1loeHOmjBipAm2vwxkBLrgQ48bMQLRpo0YzaYduxLsXpvPo3a1zvHsvIbX9
ZlEMvVSz4W1fHLwjc9EJA4kU0hC5ZMMq0KGWSrzh1Bpbx6DAwWN4D0Q3MDKWgDIj
laF3uhPSl3PiXSXJag3DOWCktLBpQkIJ6dgIvDMgs1gip6rrxOHmYYPF0pbf2dBP
rdcCAwEAAaMYMBYwFAYDVR0RBA0wC4IJbG9jYWxob3N0MA0GCSqGSIb3DQEBCwUA
A4IBAQBaCPz1ggujm47QlZJG36HNiuXFV3HUb/TZc2a8ftlmp2fHKRyN1DOSVPN9
/V3vsagHpu7fmfZwVtL2CxULcG/avcQ375n5t/NZcBJB9XIcYR1RbSLFjIt4+HcA
EeOyprfpAALw54/jUMsgi//1Mc57wa6Pozxggdo0b1/QRW2/wmlUWljTVyleD4XX
c+HbsRUmqGZyUdfns7iHsatsUUt8mMfEqLqwPQW1lS61pEeHzYY9bEVURmPIFdYG
OaPWsT/366B8wZepfxH37uVtU5AwbDkKaw3Wjus4n7wJwfxnKEr9WWDf0Bn5NVJM
XoWYxdTp/hcEIvjx3UuPKQ61BDfB
-----END CERTIFICATE-----
Binary file not shown.
+74
View File
@@ -0,0 +1,74 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 17517463568368655517 (0xf31a884dce75dc9d)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=www.nomatch.com/emailAddress=info@wolfssl.com
Validity
Not Before: Jun 12 23:10:47 2018 GMT
Not After : Mar 8 23:10:47 2021 GMT
Subject: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=www.nomatch.com/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27:
01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6:
f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75:
f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab:
64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e:
86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25:
4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c:
34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6:
8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc:
40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8:
dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3:
e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9:
64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0:
c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77:
ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4:
b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22:
a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f:
ad:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Alternative Name:
DNS:*localhost
Signature Algorithm: sha256WithRSAEncryption
af:29:93:9d:e0:ec:8e:4d:aa:e6:12:90:45:af:56:32:5d:97:
68:21:68:04:8f:82:80:ee:15:46:00:a2:9c:83:a0:f3:44:e3:
95:d6:93:49:30:0e:86:00:fa:1f:8c:c0:63:a2:4b:f5:3b:f8:
81:ce:f2:88:98:18:c3:bc:55:0c:48:69:e0:0b:64:44:1c:6d:
35:5d:cd:75:59:c0:00:d4:19:c8:ba:f1:7f:c6:3c:00:f4:0f:
fe:c2:fa:e8:5c:22:8d:0b:ea:7e:c7:80:d1:01:f3:bb:1a:58:
e5:6e:2a:78:73:61:cb:30:cd:66:79:c3:42:b3:71:1c:4c:39:
13:fd:c5:73:43:25:0d:3d:9b:49:ff:36:53:c7:6a:6f:20:0a:
f5:b0:67:ac:d0:ff:a8:62:25:72:eb:f4:c1:66:30:31:4c:6c:
bb:ab:55:08:36:fb:a3:8d:99:b0:e0:5c:88:09:ba:fe:5c:a0:
94:db:97:bb:1f:01:7c:d8:50:7a:c8:a2:cf:23:d5:a9:84:d5:
86:f9:02:96:1d:73:50:53:f8:f2:14:5b:2a:43:e1:b1:7b:b9:
0e:a4:d9:88:dd:fe:71:41:b9:fd:bc:8e:9b:ad:4a:7e:e6:72:
8b:a3:9b:66:37:84:ef:8e:c0:f6:95:ea:0f:80:e6:27:c0:8b:
6e:91:a1:5a
-----BEGIN CERTIFICATE-----
MIIDojCCAoqgAwIBAgIJAPMaiE3OddydMA0GCSqGSIb3DQEBCwUAMIGCMQswCQYD
VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEUMBIG
A1UECwwLRW5naW5lZXJpbmcxGDAWBgNVBAMMD3d3dy5ub21hdGNoLmNvbTEfMB0G
CSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0xODA2MTIyMzEwNDdaFw0y
MTAzMDgyMzEwNDdaMIGCMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQ
MA4GA1UEBwwHQm96ZW1hbjEUMBIGA1UECwwLRW5naW5lZXJpbmcxGDAWBgNVBAMM
D3d3dy5ub21hdGNoLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNv
bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMCVCOFXQfJxbbfSRUEn
AWXGRa7yvCQwuJXOL07W9hyIvHyf+6hnf/5cnFF194rKB+c1L4/hvXvAL3yrZKgX
/Mpde7rgIeVyLm8uhtiVc9qsG1O5Xz/XGQ0lT+FjY1GLC2Q/rUO4pRxcNLOuAKBj
xfZ/C1loeHOmjBipAm2vwxkBLrgQ48bMQLRpo0YzaYduxLsXpvPo3a1zvHsvIbX9
ZlEMvVSz4W1fHLwjc9EJA4kU0hC5ZMMq0KGWSrzh1Bpbx6DAwWN4D0Q3MDKWgDIj
laF3uhPSl3PiXSXJag3DOWCktLBpQkIJ6dgIvDMgs1gip6rrxOHmYYPF0pbf2dBP
rdcCAwEAAaMZMBcwFQYDVR0RBA4wDIIKKmxvY2FsaG9zdDANBgkqhkiG9w0BAQsF
AAOCAQEArymTneDsjk2q5hKQRa9WMl2XaCFoBI+CgO4VRgCinIOg80TjldaTSTAO
hgD6H4zAY6JL9Tv4gc7yiJgYw7xVDEhp4AtkRBxtNV3NdVnAANQZyLrxf8Y8APQP
/sL66FwijQvqfseA0QHzuxpY5W4qeHNhyzDNZnnDQrNxHEw5E/3Fc0MlDT2bSf82
U8dqbyAK9bBnrND/qGIlcuv0wWYwMUxsu6tVCDb7o42ZsOBciAm6/lyglNuXux8B
fNhQesiizyPVqYTVhvkClh1zUFP48hRbKkPhsXu5DqTZiN3+cUG5/byOm61KfuZy
i6ObZjeE747A9pXqD4DmJ8CLbpGhWg==
-----END CERTIFICATE-----
Binary file not shown.
+70
View File
@@ -0,0 +1,70 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9494820020802705564 (0x83c46080d236589c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=localhost/emailAddress=info@wolfssl.com
Validity
Not Before: Jun 13 16:02:51 2018 GMT
Not After : Mar 9 16:02:51 2021 GMT
Subject: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=localhost/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27:
01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6:
f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75:
f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab:
64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e:
86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25:
4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c:
34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6:
8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc:
40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8:
dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3:
e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9:
64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0:
c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77:
ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4:
b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22:
a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f:
ad:d7
Exponent: 65537 (0x10001)
Signature Algorithm: sha256WithRSAEncryption
00:fe:cb:dd:9b:51:8c:57:e6:e8:8b:96:92:70:0b:c3:e8:15:
c4:f1:fd:e6:39:c7:f8:d5:0d:8e:ae:f7:27:17:46:e3:fd:70:
26:24:d3:61:a7:8b:7e:7b:97:f6:21:30:f4:24:f9:c3:22:76:
a6:68:83:40:ce:9d:69:d7:e4:9e:e5:ff:cf:a3:3e:c0:52:a8:
7e:93:7f:d5:5b:63:37:45:fd:ca:f4:8f:8e:2a:50:ac:80:ce:
4e:2c:1a:3b:ec:ed:8f:ae:4f:09:54:9d:b1:3f:05:bc:cf:24:
3f:f4:9a:1d:4d:dc:ba:33:b0:b4:7a:a6:54:38:de:dc:b4:f1:
27:ce:6f:2c:d0:7e:62:8a:84:af:40:af:d2:2a:1f:40:fe:5e:
14:9d:05:30:2b:4f:7b:95:86:2d:9b:a9:fb:00:eb:1b:a1:fd:
0b:67:de:66:9d:e3:b8:3e:e7:8a:b1:7e:38:3f:0e:db:53:c5:
5d:18:a7:66:49:8e:51:03:3c:6a:cb:fa:1a:ef:83:a7:7b:f2:
23:f9:fb:7d:30:91:7d:c0:3a:63:b9:89:19:9c:bf:8d:f8:5d:
4a:9b:a6:48:02:35:f0:19:ea:92:09:8a:78:7a:09:eb:8c:61:
e7:6a:11:85:a9:a6:a6:fb:94:48:ff:86:4e:c1:13:49:13:a5:
72:b6:25:c8
-----BEGIN CERTIFICATE-----
MIIDeTCCAmGgAwIBAgIJAIPEYIDSNlicMA0GCSqGSIb3DQEBCwUAMHwxCzAJBgNV
BAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRQwEgYD
VQQLDAtFbmdpbmVlcmluZzESMBAGA1UEAwwJbG9jYWxob3N0MR8wHQYJKoZIhvcN
AQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE4MDYxMzE2MDI1MVoXDTIxMDMwOTE2
MDI1MVowfDELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcM
B0JvemVtYW4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMRIwEAYDVQQDDAlsb2NhbGhv
c3QxHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQDAlQjhV0HycW230kVBJwFlxkWu8rwkMLiVzi9O
1vYciLx8n/uoZ3/+XJxRdfeKygfnNS+P4b17wC98q2SoF/zKXXu64CHlci5vLobY
lXParBtTuV8/1xkNJU/hY2NRiwtkP61DuKUcXDSzrgCgY8X2fwtZaHhzpowYqQJt
r8MZAS64EOPGzEC0aaNGM2mHbsS7F6bz6N2tc7x7LyG1/WZRDL1Us+FtXxy8I3PR
CQOJFNIQuWTDKtChlkq84dQaW8egwMFjeA9ENzAyloAyI5Whd7oT0pdz4l0lyWoN
wzlgpLSwaUJCCenYCLwzILNYIqeq68Th5mGDxdKW39nQT63XAgMBAAEwDQYJKoZI
hvcNAQELBQADggEBAAD+y92bUYxX5uiLlpJwC8PoFcTx/eY5x/jVDY6u9ycXRuP9
cCYk02Gni357l/YhMPQk+cMidqZog0DOnWnX5J7l/8+jPsBSqH6Tf9VbYzdF/cr0
j44qUKyAzk4sGjvs7Y+uTwlUnbE/BbzPJD/0mh1N3LozsLR6plQ43ty08SfObyzQ
fmKKhK9Ar9IqH0D+XhSdBTArT3uVhi2bqfsA6xuh/Qtn3mad47g+54qxfjg/DttT
xV0Yp2ZJjlEDPGrL+hrvg6d78iP5+30wkX3AOmO5iRmcv434XUqbpkgCNfAZ6pIJ
inh6CeuMYedqEYWppqb7lEj/hk7BE0kTpXK2Jcg=
-----END CERTIFICATE-----
Binary file not shown.
+70
View File
@@ -0,0 +1,70 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9769574718208722881 (0x87948071dd77c7c1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=*localhost/emailAddress=info@wolfssl.com
Validity
Not Before: Jun 12 23:10:47 2018 GMT
Not After : Mar 8 23:10:47 2021 GMT
Subject: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=*localhost/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27:
01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6:
f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75:
f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab:
64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e:
86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25:
4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c:
34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6:
8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc:
40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8:
dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3:
e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9:
64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0:
c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77:
ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4:
b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22:
a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f:
ad:d7
Exponent: 65537 (0x10001)
Signature Algorithm: sha256WithRSAEncryption
34:ef:b2:dc:02:ec:6a:b5:58:e6:2b:13:18:30:57:e2:ef:22:
0f:7c:7d:e3:00:77:cc:c4:d9:97:7f:e8:69:f4:87:22:1a:b8:
a1:f2:17:18:94:23:cb:05:c2:90:86:c0:37:6a:90:da:00:70:
dd:de:11:68:48:95:eb:4d:08:1e:73:1e:68:6e:1b:1e:1f:93:
a1:fc:21:05:a7:99:1a:73:0a:88:37:60:f0:ba:8d:b6:b4:3f:
c8:ed:2f:7b:56:9f:a5:c0:00:19:01:e8:e3:d1:06:fc:27:b7:
5d:f5:53:f9:00:6e:d4:f2:31:1c:a3:cd:12:5f:72:38:09:8a:
be:54:e3:6f:15:31:28:c3:c9:09:60:92:a9:c6:e1:66:33:c4:
4d:24:f0:74:8e:87:29:63:67:6b:20:e0:5b:81:04:65:cc:0e:
69:db:7f:e7:93:85:d5:04:26:bb:82:9e:69:61:f2:37:e4:6c:
e2:87:e1:cd:37:40:69:a4:7f:f4:e3:39:d8:fb:2d:53:61:d7:
4d:1d:39:e0:db:0a:10:7c:f3:4e:30:55:ef:3f:8a:8b:4a:47:
99:f5:10:60:78:83:38:90:ab:33:59:45:d2:e6:62:df:3d:cd:
a6:7c:39:91:9c:ae:96:36:b7:7f:c1:46:10:a8:c9:4e:be:66:
6c:61:46:a2
-----BEGIN CERTIFICATE-----
MIIDezCCAmOgAwIBAgIJAIeUgHHdd8fBMA0GCSqGSIb3DQEBCwUAMH0xCzAJBgNV
BAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRQwEgYD
VQQLDAtFbmdpbmVlcmluZzETMBEGA1UEAwwKKmxvY2FsaG9zdDEfMB0GCSqGSIb3
DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0xODA2MTIyMzEwNDdaFw0yMTAzMDgy
MzEwNDdaMH0xCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQH
DAdCb3plbWFuMRQwEgYDVQQLDAtFbmdpbmVlcmluZzETMBEGA1UEAwwKKmxvY2Fs
aG9zdDEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBAMCVCOFXQfJxbbfSRUEnAWXGRa7yvCQwuJXO
L07W9hyIvHyf+6hnf/5cnFF194rKB+c1L4/hvXvAL3yrZKgX/Mpde7rgIeVyLm8u
htiVc9qsG1O5Xz/XGQ0lT+FjY1GLC2Q/rUO4pRxcNLOuAKBjxfZ/C1loeHOmjBip
Am2vwxkBLrgQ48bMQLRpo0YzaYduxLsXpvPo3a1zvHsvIbX9ZlEMvVSz4W1fHLwj
c9EJA4kU0hC5ZMMq0KGWSrzh1Bpbx6DAwWN4D0Q3MDKWgDIjlaF3uhPSl3PiXSXJ
ag3DOWCktLBpQkIJ6dgIvDMgs1gip6rrxOHmYYPF0pbf2dBPrdcCAwEAATANBgkq
hkiG9w0BAQsFAAOCAQEANO+y3ALsarVY5isTGDBX4u8iD3x94wB3zMTZl3/oafSH
Ihq4ofIXGJQjywXCkIbAN2qQ2gBw3d4RaEiV600IHnMeaG4bHh+TofwhBaeZGnMK
iDdg8LqNtrQ/yO0ve1afpcAAGQHo49EG/Ce3XfVT+QBu1PIxHKPNEl9yOAmKvlTj
bxUxKMPJCWCSqcbhZjPETSTwdI6HKWNnayDgW4EEZcwOadt/55OF1QQmu4KeaWHy
N+Rs4ofhzTdAaaR/9OM52PstU2HXTR054NsKEHzzTjBV7z+Ki0pHmfUQYHiDOJCr
M1lF0uZi3z3Npnw5kZyulja3f8FGEKjJTr5mbGFGog==
-----END CERTIFICATE-----
-16
View File
@@ -1,16 +0,0 @@
[ req ]
default_bits = 2048
distinguished_name = req_distinguished_name
req_extensions = req_ext
[ req_distinguished_name ]
countryName = US
stateOrProvinceName = Montana
localityName = Bozeman
organizationName = Engineering
commonName = www.nomatch.com
commonName_max = 64
[ req_ext ]
#subjectAltName = localhost\0h
#subjectAltName = DER:30:0d:82:0b:6c:6f:63:61:6c:68:6f:73:74:00:68
-17
View File
@@ -1,17 +0,0 @@
-----BEGIN CERTIFICATE REQUEST-----
MIICtDCCAZwCAQAwYDELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAO
BgNVBAcMB0JvemVtYW4xFDASBgNVBAoMC0VuZ2luZWVyaW5nMRcwFQYDVQQDDA53
d3cubm9uYW1lLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ1B
JYwNWaXJdfnKJAz61T0m1w6xMGxELhZWjDks49zn98lW8E8wMZtCoguE1feuu9pF
6yGnfRmK2J+4QjeWVejmMqt8SQyJpW8nWCvRpFVha0RFbmT60nuvKMRX68Lku6iU
Vav2KHU+cz4yBj1m9QO6AqzJWQWiLY5t25OBq+EkhWUd9I39rGmF8ba1Bnpus27U
tqRVJ8cmEwnNPc8ihvcN8RsrYdnQNyYIiIUdJIA2iduDE7PeOSY3jT9mtmeWQOHp
l91xh/RGbJWNpLBd66TkreLTnz4zmQMMTzZGj1pdv9B3UFc6mIMNWmLsERRhiOMO
hiaFfEJwFJZBN9PaXYsCAwEAAaAPMA0GCSqGSIb3DQEJDjEAMA0GCSqGSIb3DQEB
CwUAA4IBAQCA0S++HN0qb94u8setTM5akJjpM1b2o4rcrQluFKMel8mMip9hinvG
sPkJL1KB28/O9TcdmMX57zfXBsumxLSpjzmjIqri7fVabcu/kybE2wdNNvM+9ZzT
pNbYhWEhsCS8XAegiApx/JVszmH77GLExuVAY2XqxA7Cy2Ia/qyiR6v0agMd6I4z
T7nlJHBckOOEdJ6cjqy67vqWy+BKwCK/kRnOJuirIeJ+SechS4tXuRrVni0pkDuK
xQ2uHQjpzFR40U6pFGgwZcdR1bvLCWOlC7efS4ayIETZzhOuXTZa4qQ5/IcCyM+N
scJS5z+YQpQMgOs5jj5DWYLUtMs63UmQ
-----END CERTIFICATE REQUEST-----
Binary file not shown.
-27
View File
@@ -1,27 +0,0 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAnUEljA1Zpcl1+cokDPrVPSbXDrEwbEQuFlaMOSzj3Of3yVbw
TzAxm0KiC4TV96672kXrIad9GYrYn7hCN5ZV6OYyq3xJDImlbydYK9GkVWFrREVu
ZPrSe68oxFfrwuS7qJRVq/YodT5zPjIGPWb1A7oCrMlZBaItjm3bk4Gr4SSFZR30
jf2saYXxtrUGem6zbtS2pFUnxyYTCc09zyKG9w3xGyth2dA3JgiIhR0kgDaJ24MT
s945JjeNP2a2Z5ZA4emX3XGH9EZslY2ksF3rpOSt4tOfPjOZAwxPNkaPWl2/0HdQ
VzqYgw1aYuwRFGGI4w6GJoV8QnAUlkE309pdiwIDAQABAoIBAQCKxhIHfUSOvLHj
JRMZbUY/OAZzTcTo1mZBilEmp8nSidculA1wJJyyYmQ0fB6C/G2E20z8Hx2UK+at
VOMCwSXBaVxv3zdr3BDlfbgeu1wliNornoYkkQCs68+zLc+95zMAOx87qPjdNqZm
zaiaCUDR8BYqO2nXQd6oIaSzkKyI+tqTO9zW4NG8Y5zv0waKCjPK9Ep/kze9uC4S
WIp2eYhUb+x60dECDBGI9xvlgeZyP5PMCfCyaZk3CxnLsR4tI9R5WwDgMcjCShJk
3+kHyrtNU8ak2TrfUoh96arHu0HMLFJaJSdxYT9FUSKhKu+fWMn1J36AkxdqntAw
6HATVD4ZAoGBAM0DCqI5BKvmPWdO587+fpPAa76iqQDqqkaAQ94xcGtTYA0yEfbA
V4JFfsCEFm7evteMmJgmDyNNVvnSi/LQhL+ih40Q0LKREYzBiMy3aothQZAYb+Ex
fVllfZhIaWI8q/DoeZ7qohRHFGBA/znav6vls3kE3jRWx0O30eq9cX1tAoGBAMRd
bQNcp2mCm+fe//s5GKXm4ak4zeo077fUCxJly4DE5e2+IGrP+JYwVrJsMuFu/3C1
/6+qCgLS+/08BMQ+e6xmTDJrRXtk9KmDI38tEoqzH8tkAgSTxby771/5uNr7hbgX
LtCCIsxhwSAML0b7M2I8xmEfL3Dmu1q7/GEDAMPXAoGABd/ucBOeNKbWX519OwtD
6Uv8Smwy15nh4z9NspJMHGc5O2eR6DY+y7beGPowAmFTqq2WudVtXZ+bvHDyHbUn
+K3ZoIs4z8UkcZoiJ2uiG/hffpeUrSlT5DnqTXDVxEDk1HR0977Vgis/RDrYlXnV
QEHG0NL44xsRfrlHxKhFFkkCgYB1HsgzliLgQp+c2BxUCkUSRrhXx2LCC5rjSRzl
d0O+5THC8IDDVJIPentrZi+e2CaRYmxDqSbZcmAMNa0eI6p+NHHELMk/hQKMzIPy
ib6ibZ5MILU3Z7AsFuf6labVLeoe1+z7PnNk9fVLmRjlvFR0ho1IRmJ0c5pRzwgE
ENd29wKBgA5WnuCBKF9Kv8H9E1hAuAGXwBxmw9PVeWB63/TAernlOQhF47ra9ExH
GtkZv9D/2tNJaoft1YQ1yhBn7l7rW+vfQYXAOW4yRg0FSOOgefBwN/eTOXVRU9Zg
9LBwnQlvimQUm0GrxLLAseDqFMn/a3x/KxftvF95JGx/1Lscukdz
-----END RSA PRIVATE KEY-----
-69
View File
@@ -1,69 +0,0 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13225619248861184800 (0xb78ad6a26ef08320)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=Montana, L=Bozeman, O=Engineering, CN=www.noname.com
Validity
Not Before: May 24 21:25:38 2018 GMT
Not After : Feb 17 21:25:38 2021 GMT
Subject: C=US, ST=Montana, L=Bozeman, O=Engineering, CN=www.noname.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:9d:41:25:8c:0d:59:a5:c9:75:f9:ca:24:0c:fa:
d5:3d:26:d7:0e:b1:30:6c:44:2e:16:56:8c:39:2c:
e3:dc:e7:f7:c9:56:f0:4f:30:31:9b:42:a2:0b:84:
d5:f7:ae:bb:da:45:eb:21:a7:7d:19:8a:d8:9f:b8:
42:37:96:55:e8:e6:32:ab:7c:49:0c:89:a5:6f:27:
58:2b:d1:a4:55:61:6b:44:45:6e:64:fa:d2:7b:af:
28:c4:57:eb:c2:e4:bb:a8:94:55:ab:f6:28:75:3e:
73:3e:32:06:3d:66:f5:03:ba:02:ac:c9:59:05:a2:
2d:8e:6d:db:93:81:ab:e1:24:85:65:1d:f4:8d:fd:
ac:69:85:f1:b6:b5:06:7a:6e:b3:6e:d4:b6:a4:55:
27:c7:26:13:09:cd:3d:cf:22:86:f7:0d:f1:1b:2b:
61:d9:d0:37:26:08:88:85:1d:24:80:36:89:db:83:
13:b3:de:39:26:37:8d:3f:66:b6:67:96:40:e1:e9:
97:dd:71:87:f4:46:6c:95:8d:a4:b0:5d:eb:a4:e4:
ad:e2:d3:9f:3e:33:99:03:0c:4f:36:46:8f:5a:5d:
bf:d0:77:50:57:3a:98:83:0d:5a:62:ec:11:14:61:
88:e3:0e:86:26:85:7c:42:70:14:96:41:37:d3:da:
5d:8b
Exponent: 65537 (0x10001)
Signature Algorithm: sha1WithRSAEncryption
6d:df:c3:7a:74:32:b6:ba:f5:2c:87:93:6c:64:7c:b9:5f:6e:
79:f3:e7:b2:6a:58:c6:8d:20:9a:f6:46:b1:60:f9:59:59:6f:
22:32:e3:f8:5c:a2:2d:53:84:48:b9:68:6d:2e:59:03:c1:e4:
ad:5b:ce:91:6e:13:bd:5c:71:2a:69:d8:7d:a8:07:cf:6f:83:
0c:05:cf:d4:39:7f:10:3d:35:98:1c:f9:77:26:53:d5:81:f1:
6a:0b:ca:fb:86:f9:6d:bb:92:b9:e0:57:a2:3b:43:14:cc:e0:
75:27:10:c2:50:1d:91:ca:af:f8:36:88:cc:5d:1d:37:77:fe:
1d:ea:b3:d9:94:b6:e4:b1:a7:29:2b:e4:1e:c7:f6:65:1d:59:
d7:e2:2d:01:d2:08:a1:72:a0:b2:f1:3f:9c:fd:27:f9:46:85:
e3:05:a5:34:b0:a6:6c:44:f0:42:16:32:71:2f:cd:82:c2:33:
05:0a:3c:3c:e7:87:17:d7:1f:a9:4e:83:c2:1e:46:a5:0f:7a:
c2:98:f7:98:a1:75:b8:72:26:d9:1b:65:24:f0:f3:d7:2c:9c:
cf:a6:88:c4:8c:56:00:87:16:be:49:28:91:a0:bc:c7:9f:e3:
02:35:fb:0b:39:e3:c0:f9:f3:ed:bb:7d:2e:4c:09:7a:88:53:
b1:16:5c:b4
-----BEGIN CERTIFICATE-----
MIIDQTCCAimgAwIBAgIJALeK1qJu8IMgMA0GCSqGSIb3DQEBBQUAMGAxCzAJBgNV
BAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRQwEgYD
VQQKDAtFbmdpbmVlcmluZzEXMBUGA1UEAwwOd3d3Lm5vbmFtZS5jb20wHhcNMTgw
NTI0MjEyNTM4WhcNMjEwMjE3MjEyNTM4WjBgMQswCQYDVQQGEwJVUzEQMA4GA1UE
CAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEUMBIGA1UECgwLRW5naW5lZXJp
bmcxFzAVBgNVBAMMDnd3dy5ub25hbWUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAnUEljA1Zpcl1+cokDPrVPSbXDrEwbEQuFlaMOSzj3Of3yVbw
TzAxm0KiC4TV96672kXrIad9GYrYn7hCN5ZV6OYyq3xJDImlbydYK9GkVWFrREVu
ZPrSe68oxFfrwuS7qJRVq/YodT5zPjIGPWb1A7oCrMlZBaItjm3bk4Gr4SSFZR30
jf2saYXxtrUGem6zbtS2pFUnxyYTCc09zyKG9w3xGyth2dA3JgiIhR0kgDaJ24MT
s945JjeNP2a2Z5ZA4emX3XGH9EZslY2ksF3rpOSt4tOfPjOZAwxPNkaPWl2/0HdQ
VzqYgw1aYuwRFGGI4w6GJoV8QnAUlkE309pdiwIDAQABMA0GCSqGSIb3DQEBBQUA
A4IBAQBt38N6dDK2uvUsh5NsZHy5X2558+eyaljGjSCa9kaxYPlZWW8iMuP4XKIt
U4RIuWhtLlkDweStW86RbhO9XHEqadh9qAfPb4MMBc/UOX8QPTWYHPl3JlPVgfFq
C8r7hvltu5K54FeiO0MUzOB1JxDCUB2Ryq/4NojMXR03d/4d6rPZlLbksacpK+Qe
x/ZlHVnX4i0B0gihcqCy8T+c/Sf5RoXjBaU0sKZsRPBCFjJxL82CwjMFCjw854cX
1x+pToPCHkalD3rCmPeYoXW4cibZG2Uk8PPXLJzPpojEjFYAhxa+SSiRoLzHn+MC
NfsLOePA+fPtu30uTAl6iFOxFly0
-----END CERTIFICATE-----
+51 -88
View File
@@ -6,53 +6,46 @@
#
#
AC_COPYRIGHT([Copyright (C) 2006-2018 wolfSSL Inc.])
AC_INIT([wolfssl],[3.14.0],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com])
AC_PREREQ([2.63])
AC_INIT([wolfssl],[3.15.0],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[https://www.wolfssl.com])
AC_CONFIG_AUX_DIR([build-aux])
# The following sets CFLAGS and CXXFLAGS to empty if unset on command line.
# We do not want the default "-g -O2" that AC_PROG_CC AC_PROG_CXX sets
# automatically.
# We do not want the default "-g -O2" that AC_PROG_CC sets automatically.
: ${CFLAGS=""}
: ${CXXFLAGS=""}
# Test ar for the "U" option. Should be checked before the libtool macros.
xxx_ar_flags=$((ar --help) 2>&1)
AS_CASE([$xxx_ar_flags],[*'use actual timestamps and uids/gids'*],[: ${AR_FLAGS="Ucru"}])
AC_PROG_CC
AM_PROG_CC_C_O
AC_CANONICAL_HOST
AC_CANONICAL_BUILD
AM_INIT_AUTOMAKE([1.11 -Wall -Werror -Wno-portability foreign tar-ustar subdir-objects no-define color-tests])
AC_PREREQ([2.63])
AC_ARG_PROGRAM
AC_DEFUN([PROTECT_AC_USE_SYSTEM_EXTENSIONS],
[AX_SAVE_FLAGS
AC_LANG_PUSH([C])
AC_USE_SYSTEM_EXTENSIONS
AC_LANG_POP([C])
AX_RESTORE_FLAGS
])
#PROTECT_AC_USE_SYSTEM_EXTENSIONS
AC_CONFIG_MACRO_DIR([m4])
AC_CONFIG_HEADERS([config.h:config.in])dnl Keep filename to 8.3 for MS-DOS.
AM_INIT_AUTOMAKE([1.11 -Wall -Werror -Wno-portability foreign tar-ustar subdir-objects no-define color-tests])
m4_ifdef([AM_SILENT_RULES],[AM_SILENT_RULES([yes])])
AC_ARG_PROGRAM
AC_CONFIG_HEADERS([config.h:config.in])
LT_PREREQ([2.2])
LT_INIT([disable-static win32-dll])
#shared library versioning
WOLFSSL_LIBRARY_VERSION=16:0:0
# | | |
# +------+ | +---+
# | | |
# current:revision:age
# | | |
# | | +- increment if interfaces have been added
# | | set to zero if interfaces have been removed
# | | or changed
# | +- increment if source code has changed
# | set to zero if current is incremented
# +- increment if interfaces have been added, removed or changed
WOLFSSL_LIBRARY_VERSION=17:0:0
# | | |
# +------+ | +---+
# | | |
# current:revision:age
# | | |
# | | +- increment if interfaces have been added
# | | set to zero if interfaces have been removed
# | | or changed
# | +- increment if source code has changed
# | set to zero if current is incremented
# +- increment if interfaces have been added, removed or changed
AC_SUBST([WOLFSSL_LIBRARY_VERSION])
# capture user C_EXTRA_FLAGS from ./configure line, CFLAGS may hold -g -O2 even
@@ -60,57 +53,29 @@ AC_SUBST([WOLFSSL_LIBRARY_VERSION])
USER_C_EXTRA_FLAGS="$C_EXTRA_FLAGS"
USER_CFLAGS="$CFLAGS"
LT_PREREQ([2.2])
LT_INIT([disable-static],[win32-dll])
LT_LANG([C++])
LT_LANG([C])
gl_VISIBILITY
AS_IF([ test -n "$CFLAG_VISIBILITY" ], [
AM_CPPFLAGS="$AM_CPPFLAGS $CFLAG_VISIBILITY"
CPPFLAGS="$CPPFLAGS $CFLAG_VISIBILITY"
])
m4_ifdef([AM_SILENT_RULES],[AM_SILENT_RULES([yes])])
# Moved these size of and type checks before the library checks.
# The library checks add the library to subsequent test compiles
# and in some rare cases, the networking check causes these sizeof
# checks to fail.
AC_CHECK_SIZEOF(long long, 8)
AC_CHECK_SIZEOF(long, 4)
AC_CHECK_TYPES(__uint128_t)
AC_CHECK_FUNCS([gethostbyname])
AC_CHECK_FUNCS([getaddrinfo])
AC_CHECK_FUNCS([gettimeofday])
AC_CHECK_FUNCS([gmtime_r])
AC_CHECK_FUNCS([inet_ntoa])
AC_CHECK_FUNCS([memset])
AC_CHECK_FUNCS([socket])
AC_CHECK_HEADERS([arpa/inet.h])
AC_CHECK_HEADERS([fcntl.h])
AC_CHECK_HEADERS([limits.h])
AC_CHECK_HEADERS([netdb.h])
AC_CHECK_HEADERS([netinet/in.h])
AC_CHECK_HEADERS([stddef.h])
AC_CHECK_HEADERS([sys/ioctl.h])
AC_CHECK_HEADERS([sys/socket.h])
AC_CHECK_HEADERS([sys/time.h])
AC_CHECK_HEADERS([errno.h])
AC_CHECK_LIB(network,socket)
AC_CHECK_SIZEOF([long long])
AC_CHECK_SIZEOF([long])
AC_CHECK_TYPES([__uint128_t])
AC_CHECK_FUNCS([gethostbyname getaddrinfo gettimeofday gmtime_r inet_ntoa memset socket])
AC_CHECK_HEADERS([arpa/inet.h fcntl.h limits.h netdb.h netinet/in.h stddef.h sys/ioctl.h sys/socket.h sys/time.h errno.h])
AC_CHECK_LIB([network],[socket])
AC_C_BIGENDIAN
# mktime check takes forever on some systems, if time supported it would be
# highly unusual for mktime to be missing
#AC_FUNC_MKTIME
AC_PROG_CC
AC_PROG_CC_C_O
AC_PROG_CXX
AC_PROG_INSTALL
AC_TYPE_SIZE_T
AC_TYPE_UINT8_T
AM_PROG_AS
AM_PROG_CC_C_O
LT_LIB_M
OPTIMIZE_CFLAGS="-Os -fomit-frame-pointer"
@@ -120,13 +85,9 @@ DEBUG_CFLAGS="-g -DDEBUG -DDEBUG_WOLFSSL"
LIB_ADD=
LIB_STATIC_ADD=
thread_ls_on=no
# Thread local storage
AX_TLS([
[AM_CFLAGS="$AM_CFLAGS -DHAVE_THREAD_LS"]
[thread_ls_on=yes]
] , [:])
AX_TLS([thread_ls_on=yes],[thread_ls_on=no])
AS_IF([test "x$thread_ls_on" = "xyes"],[AM_CFLAGS="$AM_CFLAGS -DHAVE_THREAD_LS"])
# DEBUG
AX_DEBUG
@@ -135,7 +96,6 @@ AS_IF([test "$ax_enable_debug" = "yes"],
[AM_CFLAGS="$AM_CFLAGS -DNDEBUG"])
# Distro build feature subset (Debian, Ubuntu, etc.)
AC_ARG_ENABLE([distro],
[AS_HELP_STRING([--enable-distro],[Enable wolfSSL distro build (default: disabled)])],
@@ -280,7 +240,7 @@ AS_IF([ test "x$ENABLED_SINGLETHREADED" = "xno" ],[
],[
ENABLED_SINGLETHREADED=yes
])
])
])
AS_IF([ test "x$ENABLED_SINGLETHREADED" = "xyes" ],[ AM_CFLAGS="-DSINGLE_THREADED $AM_CFLAGS" ])
@@ -923,7 +883,7 @@ AC_ARG_ENABLE([armasm],
)
if test "$ENABLED_ARMASM" = "yes" && test "$ENABLED_ASM" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ARMASM"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ARMASM -DWOLFSSL_NO_HASH_RAW"
#Check if mcpu and mfpu values already set if not use default
case $CPPFLAGS in
*mcpu* | *mfpu*)
@@ -3885,6 +3845,20 @@ else
fi
# Support for crypto device hardware
AC_ARG_ENABLE([cryptodev],
[AS_HELP_STRING([--enable-cryptodev],[Enable crypto hardware support (default: disabled)])],
[ ENABLED_CRYPTODEV=$enableval ],
[ ENABLED_CRYPTODEV=no ]
)
if test "$ENABLED_CRYPTODEV" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLF_CRYPTO_DEV"
fi
AM_CONDITIONAL([BUILD_CRYPTODEV], [test "x$ENABLED_CRYPTODEV" = "xyes"])
# Session Export
AC_ARG_ENABLE([sessionexport],
[AS_HELP_STRING([--enable-sessionexport],[Enable export and import of sessions (default: disabled)])],
@@ -4211,7 +4185,6 @@ fi
OPTION_FLAGS="$USER_CFLAGS $USER_C_EXTRA_FLAGS $CPPFLAGS $AM_CFLAGS"
CREATE_HEX_VERSION
AC_SUBST([AM_CPPFLAGS])
AC_SUBST([AM_CFLAGS])
@@ -4222,17 +4195,7 @@ AC_SUBST([LIB_STATIC_ADD])
# FINAL
AC_CONFIG_FILES([stamp-h], [echo timestamp > stamp-h])
AC_CONFIG_FILES([Makefile])
AC_CONFIG_FILES([wolfssl/version.h])
AC_CONFIG_FILES([wolfssl/options.h])
#have options.h and version.h for autoconf fips tag and build
#if test "x$ENABLED_FIPS" = "xyes"
#then
# AC_CONFIG_FILES([cyassl/version.h])
# AC_CONFIG_FILES([cyassl/options.h])
#fi
AC_CONFIG_FILES([support/wolfssl.pc])
AC_CONFIG_FILES([rpm/spec])
AC_CONFIG_FILES([Makefile wolfssl/version.h wolfssl/options.h cyassl/options.h support/wolfssl.pc rpm/spec])
AX_CREATE_GENERIC_CONFIG
AX_AM_JOBSERVER([yes])
+1 -1
View File
@@ -5599,7 +5599,7 @@ WOLFSSL_API int wolfSSL_X509_version(WOLFSSL_X509*);
\sa XFSEEK
*/
WOLFSSL_API WOLFSSL_X509*
wolfSSL_X509_d2i_fp(WOLFSSL_X509** x509, FILE* file);
wolfSSL_X509_d2i_fp(WOLFSSL_X509** x509, XFILE file);
/*!
\ingroup CertsKeys
+5
View File
@@ -68,6 +68,7 @@ bench_tls(args);
#define TEST_PACKET_SIZE 1024
#define SHOW_VERBOSE 0 /* Default output is tab delimited format */
#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER)
static int argShowPeerInfo = 0; /* Show more info about wolfSSL configuration */
static const char* kTestStr =
@@ -864,6 +865,7 @@ int bench_tls(void* args)
/* Return reporting a success */
return (((func_args*)args)->return_code = 0);
}
#endif /* !NO_WOLFSSL_CLIENT && !NO_WOLFSSL_SERVER */
#ifndef NO_MAIN_DRIVER
@@ -873,8 +875,11 @@ int main(int argc, char** argv)
args.argc = argc;
args.argv = argv;
args.return_code = 0;
#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER)
bench_tls(&args);
#endif
return(args.return_code);
}
+10 -5
View File
@@ -660,7 +660,11 @@ static void ClientWrite(WOLFSSL* ssl, char* msg, int msgSz)
}
#endif
}
} while (err == WC_PENDING_E);
} while (err == WOLFSSL_ERROR_WANT_WRITE
#ifdef WOLFSSL_ASYNC_CRYPT
|| err == WC_PENDING_E
#endif
);
if (ret != msgSz) {
printf("SSL_write msg error %d, %s\n", err,
wolfSSL_ERR_error_string(err, buffer));
@@ -925,9 +929,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
int onlyKeyShare = 0;
#ifdef WOLFSSL_TLS13
int noPskDheKe = 0;
#ifdef WOLFSSL_POST_HANDSHAKE_AUTH
int postHandAuth = 0;
#endif
#endif
int updateKeysIVs = 0;
#ifdef WOLFSSL_EARLY_DATA
@@ -2253,8 +2255,8 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
ClientRead(ssl, reply, sizeof(reply)-1, 1);
#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
if (postHandAuth)
#if defined(WOLFSSL_TLS13)
if (updateKeysIVs || postHandAuth)
ClientWrite(ssl, msg, msgSz);
#endif
if (sendGET) { /* get html */
@@ -2631,6 +2633,7 @@ exit:
args.argc = argc;
args.argv = argv;
args.return_code = 0;
#if defined(DEBUG_WOLFSSL) && !defined(WOLFSSL_MDK_SHELL) && !defined(STACK_TRAP)
wolfSSL_Debugging_ON();
@@ -2644,6 +2647,8 @@ exit:
#else
client_test(&args);
#endif
#else
printf("Client not compiled in!\n");
#endif
wolfSSL_Cleanup();
+1
View File
@@ -334,6 +334,7 @@ void echoclient_test(void* args)
args.argc = argc;
args.argv = argv;
args.return_code = 0;
CyaSSL_Init();
#if defined(DEBUG_CYASSL) && !defined(WOLFSSL_MDK_SHELL)
+1
View File
@@ -497,6 +497,7 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
args.argc = argc;
args.argv = argv;
args.return_code = 0;
CyaSSL_Init();
#if defined(DEBUG_CYASSL) && !defined(CYASSL_MDK_SHELL)
+6 -50
View File
@@ -281,46 +281,6 @@ int ServerEchoData(SSL* ssl, int clientfd, int echoData, int block,
return EXIT_SUCCESS;
}
#ifdef WOLFSSL_TLS13
static void NonBlockingServerRead(WOLFSSL* ssl, char* input, int inputLen)
{
int ret, err;
char buffer[CYASSL_MAX_ERROR_SZ];
/* Read data */
do {
err = 0; /* reset error */
ret = SSL_read(ssl, input, inputLen);
if (ret < 0) {
err = SSL_get_error(ssl, 0);
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) break;
}
else
#endif
#ifdef CYASSL_DTLS
if (wolfSSL_dtls(ssl) && err == DECRYPT_ERROR) {
printf("Dropped client's message due to a bad MAC\n");
}
else
#endif
if (err != WOLFSSL_ERROR_WANT_READ) {
printf("SSL_read input error %d, %s\n", err,
ERR_error_string(err, buffer));
err_sys_ex(runWithErrors, "SSL_read failed");
}
}
} while (err == WC_PENDING_E || err == WOLFSSL_ERROR_WANT_READ);
if (ret > 0) {
input[ret] = 0; /* null terminate message */
printf("Client message: %s\n", input);
}
}
#endif
static void ServerRead(WOLFSSL* ssl, char* input, int inputLen)
{
int ret, err;
@@ -352,7 +312,7 @@ static void ServerRead(WOLFSSL* ssl, char* input, int inputLen)
err_sys_ex(runWithErrors, "SSL_read failed");
}
}
} while (err == WC_PENDING_E);
} while (err == WC_PENDING_E || err == WOLFSSL_ERROR_WANT_READ);
if (ret > 0) {
input[ret] = 0; /* null terminate message */
printf("Client message: %s\n", input);
@@ -1627,7 +1587,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
if (postHandAuth) {
SSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER |
SSL_set_verify(ssl, WOLFSSL_VERIFY_PEER |
((usePskPlus) ? WOLFSSL_VERIFY_FAIL_EXCEPT_PSK :
WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT), 0);
if (SSL_CTX_load_verify_locations(ctx, verifyCert, 0)
@@ -1637,7 +1597,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
}
#ifdef WOLFSSL_TRUST_PEER_CERT
if (trustCert) {
if ((ret = wolfSSL_CTX_trust_peer_cert(ctx, trustCert,
if ((ret = wolfSSL_trust_peer_cert(ssl, trustCert,
WOLFSSL_FILETYPE_PEM)) != WOLFSSL_SUCCESS) {
err_sys_ex(runWithErrors, "can't load trusted peer cert "
"file");
@@ -1679,13 +1639,8 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
ServerWrite(ssl, write_msg, write_msg_sz);
#ifdef WOLFSSL_TLS13
if (updateKeysIVs || postHandAuth) {
ServerWrite(ssl, write_msg, write_msg_sz);
if (nonBlocking)
NonBlockingServerRead(ssl, input, sizeof(input)-1);
else
ServerRead(ssl, input, sizeof(input)-1);
}
if (updateKeysIVs || postHandAuth)
ServerRead(ssl, input, sizeof(input)-1);
#endif
}
else {
@@ -1798,6 +1753,7 @@ exit:
args.argc = argc;
args.argv = argv;
args.signal = &ready;
args.return_code = 0;
InitTcpReady(&ready);
#if defined(DEBUG_CYASSL) && !defined(WOLFSSL_MDK_SHELL)
+4
View File
@@ -67,6 +67,7 @@
# changes: deleted the clearing of CFLAGS
AC_DEFUN([AX_HARDEN_LINKER_FLAGS], [
AX_REQUIRE_DEFINED([AX_CHECK_LINK_FLAG])
AC_REQUIRE([AX_VCS_CHECKOUT])
AC_REQUIRE([AX_DEBUG])
@@ -95,6 +96,7 @@
])
AC_DEFUN([AX_HARDEN_CC_COMPILER_FLAGS], [
AX_REQUIRE_DEFINED([AX_APPEND_COMPILE_FLAGS])
AC_REQUIRE([AX_HARDEN_LINKER_FLAGS])
AC_LANG_PUSH([C])
@@ -160,6 +162,7 @@
])
AC_DEFUN([AX_HARDEN_CXX_COMPILER_FLAGS], [
AC_REQUIRE_DEFINED([AX_APPEND_COMPILE_FLAGS])
AC_REQUIRE([AX_HARDEN_CC_COMPILER_FLAGS])
AC_LANG_PUSH([C++])
@@ -227,6 +230,7 @@
])
AC_DEFUN([AX_CC_OTHER_FLAGS], [
AX_REQUIRE_DEFINED([AX_APPEND_COMPILE_FLAGS])
AC_REQUIRE([AX_HARDEN_CC_COMPILER_FLAGS])
AC_LANG_PUSH([C])
+4 -2
View File
@@ -73,8 +73,8 @@ mkdir -p $RPM_BUILD_ROOT/
%{_docdir}/wolfssl/README.txt
%{_libdir}/libwolfssl.la
%{_libdir}/libwolfssl.so
%{_libdir}/libwolfssl.so.16
%{_libdir}/libwolfssl.so.16.0.0
%{_libdir}/libwolfssl.so.17
%{_libdir}/libwolfssl.so.17.0.0
%files devel
%defattr(-,root,root,-)
@@ -287,6 +287,8 @@ mkdir -p $RPM_BUILD_ROOT/
%{_libdir}/pkgconfig/wolfssl.pc
%changelog
* Thu May 31 2018 John Safranek <john@wolfssl.com>
- Update the version number on the library SO file.
* Fri Mar 02 2018 Jacob Barthelmeh <jacob@wolfssl.com>
- Added headder files fips.h, buffer.h, objects.h, rc4.h and example tls_bench.c
* Fri Sep 08 2017 Jacob Barthelmeh <jacob@wolfssl.com>
+23
View File
@@ -62,6 +62,14 @@ do_trap() {
trap do_trap INT TERM
[ ! -x ./examples/client/client ] && echo -e "\n\nClient doesn't exist" && exit 1
./examples/client/client -? 2>&1 | grep -- 'Client not compiled in!'
if [ $? -eq 0 ]; then
exit 0
fi
./examples/server/server -? 2>&1 | grep -- 'Server not compiled in!'
if [ $? -eq 0 ]; then
exit 0
fi
# Usual psk server / psk client. This use case is tested in
# tests/unit.test and is used here for just checking if PSK is enabled
@@ -103,6 +111,21 @@ if [ $? -ne 0 ]; then
fi
echo ""
# psk server with non psk client
port=0
./examples/server/server -j -R $ready_file -p $port &
server_pid=$!
create_port
./examples/client/client -p $port
RESULT=$?
remove_ready_file
if [ $RESULT -ne 0 ]; then
echo -e "\n\nClient connection failed"
do_cleanup
exit 1
fi
echo ""
# check fail if no auth, psk server with non psk client
echo "Checking fail when not sending peer cert"
port=0
+21 -11
View File
@@ -111,18 +111,28 @@ do_test() {
trap do_trap INT TERM
do_test
./examples/client/client -? 2>&1 | grep -- 'Client not compiled in!'
if [ $? -ne 0 ]; then
./examples/server/server -? 2>&1 | grep -- 'Server not compiled in!'
if [ $? -ne 0 ]; then
RUN_TEST="Y"
fi
fi
# Check the client for the extended master secret disable option. If
# present we need to run the test twice.
options_check=`./examples/client/client -?`
case "$options_check" in
*$ems_string*)
echo -e "\nRepeating resume test without extended master secret..."
do_test -n ;;
*)
;;
esac
if [ "$RUN_TEST" = "Y" ]; then
do_test
# Check the client for the extended master secret disable option. If
# present we need to run the test twice.
options_check=`./examples/client/client -?`
case "$options_check" in
*$ems_string*)
echo -e "\nRepeating resume test without extended master secret..."
do_test -n ;;
*)
;;
esac
fi
echo -e "\nSuccess!\n"
+43 -1
View File
@@ -14,7 +14,7 @@ counter=0
# also let's add some randomness by adding pid in case multiple 'make check's
# per source tree
ready_file=`pwd`/wolfssl_tls13_ready$$
client_file=/tmp/wolfssl_tls13_client$$
client_file=`pwd`/wolfssl_tls13_client$$
echo "ready file $ready_file"
@@ -70,6 +70,14 @@ do_trap() {
trap do_trap INT TERM
[ ! -x ./examples/client/client ] && echo -e "\n\nClient doesn't exist" && exit 1
./examples/client/client -? 2>&1 | grep -- 'Client not compiled in!'
if [ $? -eq 0 ]; then
exit 0
fi
./examples/server/server -? 2>&1 | grep -- 'Server not compiled in!'
if [ $? -eq 0 ]; then
exit 0
fi
# Usual TLS v1.3 server / TLS v1.3 client.
echo -e "\n\nTLS v1.3 server with TLS v1.3 client"
@@ -137,8 +145,42 @@ if [ $? -ne 0 ]; then
exit 1
fi
echo ""
echo "Find usable TLS 1.2 cipher suite"
for CS in ECDHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES128-GCM-SHA256
do
echo $CS
./examples/client/client -e | grep $CS >/dev/null
if [ "$?" = "0" ]; then
TLS12_CS=$CS
break
fi
done
if [ "$TLS12_CS" != "" ]; then
# TLS 1.3 downgrade server and client - no common TLS 1.3 ciphers
echo -e "\n\nTLS v1.3 downgrade server and client - no common TLS 1.3 ciphers"
port=0
SERVER_CS="TLS13-AES256-GCM-SHA384:$TLS12_CS"
CLIENT_CS="TLS13-AES128-GCM-SHA256:$TLS12_CS"
./examples/server/server -v d -l $SERVER_CS -R $ready_file -p $port &
server_pid=$!
create_port
./examples/client/client -v d -l $CLIENT_CS -p $port
RESULT=$?
remove_ready_file
if [ $RESULT -eq 0 ]; then
echo -e "\n\nTLS v1.3 downgrading to TLS v1.2 due to ciphers"
do_cleanup
exit 1
fi
echo ""
else
echo "No usable TLS 1.2 cipher suite found"
fi
fi
do_cleanup
echo -e "\nALL Tests Passed"
exit 0
+323 -424
View File
@@ -136,6 +136,7 @@ enum processReply {
#ifndef WOLFSSL_NO_TLS12
#if !defined(NO_WOLFSSL_SERVER) || !defined(NO_WOLFSSL_CLIENT)
/* Server random bytes for TLS v1.3 described downgrade protection mechanism. */
static const byte tls13Downgrade[7] = {
@@ -143,10 +144,11 @@ static const byte tls13Downgrade[7] = {
};
#define TLS13_DOWNGRADE_SZ sizeof(tls13Downgrade)
#endif /* !NO_WOLFSSL_SERVER || !NO_WOLFSSL_CLIENT */
#ifndef NO_OLD_TLS
static int SSL_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz,
int content, int verify);
int padSz, int content, int verify);
#endif
@@ -2735,7 +2737,7 @@ static INLINE void DecodeSigAlg(const byte* input, byte* hashAlgo, byte* hsType)
#endif /* !NO_WOLFSSL_SERVER || !NO_CERTS */
#ifndef WOLFSSL_NO_TLS12
#if !defined(NO_WOLFSSL_SERVER) || !defined(NO_WOLFSSL_CLIENT)
#if !defined(NO_DH) || defined(HAVE_ECC) || \
(!defined(NO_RSA) && defined(WC_RSA_PSS))
@@ -2766,11 +2768,9 @@ static enum wc_HashType HashAlgoToType(int hashAlgo)
return WC_HASH_TYPE_NONE;
}
#endif /* !NO_DH || HAVE_ECC || (!NO_RSA && WC_RSA_PSS) */
#endif
#endif /* !NO_WOLFSSL_SERVER || !NO_WOLFSSL_CLIENT */
#endif /* !WOLFSSL_NO_TLS12 */
#ifndef NO_CERTS
@@ -2862,6 +2862,7 @@ void FreeX509(WOLFSSL_X509* x509)
}
#if !defined(NO_WOLFSSL_SERVER) || !defined(NO_WOLFSSL_CLIENT)
/* Encode the signature algorithm into buffer.
*
* hashalgo The hash algorithm.
@@ -2934,10 +2935,12 @@ static void SetDigest(WOLFSSL* ssl, int hashAlgo)
} /* switch */
}
#endif /* !WOLFSSL_NO_TLS12 && !WOLFSSL_NO_CLIENT_AUTH */
#endif /* !NO_WOLFSSL_SERVER || !NO_WOLFSSL_CLIENT */
#endif /* !NO_CERTS */
#ifndef NO_RSA
#ifndef WOLFSSL_NO_TLS12
#if !defined(NO_WOLFSSL_SERVER) || !defined(NO_WOLFSSL_CLIENT)
static int TypeHash(int hashAlgo)
{
switch (hashAlgo) {
@@ -2961,6 +2964,7 @@ static int TypeHash(int hashAlgo)
return 0;
}
#endif /* !NO_WOLFSSL_SERVER && !NO_WOLFSSL_CLIENT */
#endif /* !WOLFSSL_NO_TLS12 */
#if defined(WC_RSA_PSS)
@@ -7078,6 +7082,7 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
#endif /* WOLFSSL_NO_TLS12 */
#if !defined(NO_WOLFSSL_SERVER) || !defined(NO_WOLFSSL_CLIENT)
/* cipher requirements */
enum {
REQUIRES_RSA,
@@ -7633,6 +7638,8 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
return 0;
}
#endif /* !NO_WOLFSSL_SERVER && !NO_WOLFSSL_CLIENT */
#ifndef NO_CERTS
@@ -7644,6 +7651,7 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
return 1 on success */
int MatchDomainName(const char* pattern, int len, const char* str)
{
int ret = 0;
char p, s;
if (pattern == NULL || str == NULL || len <= 0)
@@ -7652,7 +7660,7 @@ int MatchDomainName(const char* pattern, int len, const char* str)
while (len > 0) {
p = (char)XTOLOWER((unsigned char)*pattern++);
if (p == 0)
if (p == '\0')
break;
if (p == '*') {
@@ -7676,11 +7684,18 @@ int MatchDomainName(const char* pattern, int len, const char* str)
return 0;
}
if (len > 0)
if (len > 0) {
str++;
len--;
}
}
return *str == '\0';
if (*str == '\0' && len == 0) {
ret = 1; /* success */
}
return ret;
}
@@ -7698,7 +7713,7 @@ int CheckAltNames(DecodedCert* dCert, char* domain)
while (altName) {
WOLFSSL_MSG("\tindividual AltName check");
if (MatchDomainName(altName->name,(int)XSTRLEN(altName->name), domain)){
if (MatchDomainName(altName->name, altName->len, domain)){
match = 1;
break;
}
@@ -7735,8 +7750,7 @@ static int CheckForAltNames(DecodedCert* dCert, char* domain, int* checkCN)
while (altName) {
WOLFSSL_MSG("\tindividual AltName check");
if (MatchDomainName(altName->name, (int)XSTRLEN(altName->name),
domain)) {
if (MatchDomainName(altName->name, altName->len, domain)) {
match = 1;
*checkCN = 0;
break;
@@ -7946,7 +7960,7 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
while (cur != NULL) {
if (cur->type == ASN_RFC822_TYPE) {
DNS_entry* dnsEntry;
int strLen = (int)XSTRLEN(cur->name);
int strLen = cur->len;
dnsEntry = (DNS_entry*)XMALLOC(sizeof(DNS_entry), x509->heap,
DYNAMIC_TYPE_ALTNAME);
@@ -7963,7 +7977,7 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
XFREE(dnsEntry, x509->heap, DYNAMIC_TYPE_ALTNAME);
return MEMORY_E;
}
dnsEntry->len = strLen;
XMEMCPY(dnsEntry->name, cur->name, strLen);
dnsEntry->name[strLen] = '\0';
@@ -8276,7 +8290,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
}
c24to32(input + args->idx, &listSz);
args->idx += OPAQUE24_LEN;
if (listSz > MAX_RECORD_SIZE) {
if (listSz > MAX_CERTIFICATE_SZ) {
ERROR_OUT(BUFFER_ERROR, exit_ppc);
}
if ((args->idx - args->begin) + listSz != totalSz) {
@@ -11860,173 +11874,6 @@ static int SanityCheckCipherText(WOLFSSL* ssl, word32 encryptSz)
return 0;
}
#ifndef NO_OLD_TLS
static INLINE void Md5Rounds(int rounds, const byte* data, int sz)
{
wc_Md5 md5;
int i;
wc_InitMd5(&md5); /* no error check on purpose, dummy round */
for (i = 0; i < rounds; i++)
wc_Md5Update(&md5, data, sz);
wc_Md5Free(&md5); /* in case needed to release resources */
}
/* do a dummy sha round */
static INLINE void ShaRounds(int rounds, const byte* data, int sz)
{
wc_Sha sha;
int i;
wc_InitSha(&sha); /* no error check on purpose, dummy round */
for (i = 0; i < rounds; i++)
wc_ShaUpdate(&sha, data, sz);
wc_ShaFree(&sha); /* in case needed to release resources */
}
#endif
#ifndef WOLFSSL_NO_TLS12
#ifndef NO_SHA256
static INLINE void Sha256Rounds(int rounds, const byte* data, int sz)
{
wc_Sha256 sha256;
int i;
wc_InitSha256(&sha256); /* no error check on purpose, dummy round */
for (i = 0; i < rounds; i++) {
wc_Sha256Update(&sha256, data, sz);
/* no error check on purpose, dummy round */
}
wc_Sha256Free(&sha256); /* in case needed to release resources */
}
#endif
#ifdef WOLFSSL_SHA384
static INLINE void Sha384Rounds(int rounds, const byte* data, int sz)
{
wc_Sha384 sha384;
int i;
wc_InitSha384(&sha384); /* no error check on purpose, dummy round */
for (i = 0; i < rounds; i++) {
wc_Sha384Update(&sha384, data, sz);
/* no error check on purpose, dummy round */
}
wc_Sha384Free(&sha384); /* in case needed to release resources */
}
#endif
#ifdef WOLFSSL_SHA512
static INLINE void Sha512Rounds(int rounds, const byte* data, int sz)
{
wc_Sha512 sha512;
int i;
wc_InitSha512(&sha512); /* no error check on purpose, dummy round */
for (i = 0; i < rounds; i++) {
wc_Sha512Update(&sha512, data, sz);
/* no error check on purpose, dummy round */
}
wc_Sha512Free(&sha512); /* in case needed to release resources */
}
#endif
#ifdef WOLFSSL_RIPEMD
static INLINE void RmdRounds(int rounds, const byte* data, int sz)
{
RipeMd ripemd;
int i;
(void)wc_InitRipeMd(&ripemd);
for (i = 0; i < rounds; i++)
(void)wc_RipeMdUpdate(&ripemd, data, sz);
}
#endif
/* Do dummy rounds */
static INLINE void DoRounds(int type, int rounds, const byte* data, int sz)
{
(void)rounds;
(void)data;
(void)sz;
switch (type) {
case no_mac :
break;
#ifndef NO_OLD_TLS
#ifndef NO_MD5
case md5_mac :
Md5Rounds(rounds, data, sz);
break;
#endif
#ifndef NO_SHA
case sha_mac :
ShaRounds(rounds, data, sz);
break;
#endif
#endif
#ifndef NO_SHA256
case sha256_mac :
Sha256Rounds(rounds, data, sz);
break;
#endif
#ifdef WOLFSSL_SHA384
case sha384_mac :
Sha384Rounds(rounds, data, sz);
break;
#endif
#ifdef WOLFSSL_SHA512
case sha512_mac :
Sha512Rounds(rounds, data, sz);
break;
#endif
#ifdef WOLFSSL_RIPEMD
case rmd_mac :
RmdRounds(rounds, data, sz);
break;
#endif
default:
WOLFSSL_MSG("Bad round type");
break;
}
}
/* do number of compression rounds on dummy data */
static INLINE void CompressRounds(WOLFSSL* ssl, int rounds, const byte* dummy)
{
if (rounds)
DoRounds(ssl->specs.mac_algorithm, rounds, dummy, COMPRESS_LOWER);
}
/* check all length bytes for the pad value, return 0 on success */
static int PadCheck(const byte* a, byte pad, int length)
@@ -12042,81 +11889,127 @@ static int PadCheck(const byte* a, byte pad, int length)
}
/* get compression extra rounds */
static INLINE int GetRounds(int pLen, int padLen, int t)
/* Mask the padding bytes with the expected values.
* Constant time implementation - does maximum pad size possible.
*
* data Message data.
* sz Size of the message including MAC and padding and padding length.
* macSz Size of the MAC.
* returns 0 on success, otherwise failure.
*/
static byte MaskPadding(const byte* data, int sz, int macSz)
{
int roundL1 = 1; /* round up flags */
int roundL2 = 1;
int i;
int checkSz = sz - 1;
byte paddingSz = data[sz - 1];
byte mask;
byte good = ctMaskGT(paddingSz, sz - 1 - macSz);
int L1 = COMPRESS_CONSTANT + pLen - t;
int L2 = COMPRESS_CONSTANT + pLen - padLen - 1 - t;
if (checkSz > TLS_MAX_PAD_SZ)
checkSz = TLS_MAX_PAD_SZ;
L1 -= COMPRESS_UPPER;
L2 -= COMPRESS_UPPER;
for (i = 0; i < checkSz; i++) {
mask = ctMaskLTE(i, paddingSz);
good |= mask & (data[sz - 1 - i] ^ paddingSz);
}
if ( (L1 % COMPRESS_LOWER) == 0)
roundL1 = 0;
if ( (L2 % COMPRESS_LOWER) == 0)
roundL2 = 0;
L1 /= COMPRESS_LOWER;
L2 /= COMPRESS_LOWER;
L1 += roundL1;
L2 += roundL2;
return L1 - L2;
return good;
}
/* Mask the MAC in the message with the MAC calculated.
* Constant time implementation - starts looking for MAC where maximum padding
* size has it.
*
* data Message data.
* sz Size of the message including MAC and padding and padding length.
* macSz Size of the MAC data.
* expMac Expected MAC value.
* returns 0 on success, otherwise failure.
*/
static byte MaskMac(const byte* data, int sz, int macSz, byte* expMac)
{
int i, j;
unsigned char mac[WC_MAX_DIGEST_SIZE];
int scanStart = sz - 1 - TLS_MAX_PAD_SZ - macSz;
int macEnd = sz - 1 - data[sz - 1];
int macStart = macEnd - macSz;
int r = 0;
unsigned char started, notEnded;
unsigned char good = 0;
if (scanStart < 0)
scanStart = 0;
/* Div on Intel has different speeds depending on value.
* Use a bitwise AND or mod a specific value (converted to mul). */
if ((macSz & (macSz - 1)) == 0)
r = (macSz - (scanStart - macStart)) & (macSz - 1);
#ifndef NO_SHA
else if (macSz == WC_SHA_DIGEST_SIZE)
r = (macSz - (scanStart - macStart)) % WC_SHA_DIGEST_SIZE;
#endif
#ifdef WOLFSSL_SHA384
else if (macSz == WC_SHA384_DIGEST_SIZE)
r = (macSz - (scanStart - macStart)) % WC_SHA384_DIGEST_SIZE;
#endif
XMEMSET(mac, 0, macSz);
for (i = scanStart; i < sz; i += macSz) {
for (j = 0; j < macSz && j + i < sz; j++) {
started = ctMaskGTE(i + j, macStart);
notEnded = ctMaskLT(i + j, macEnd);
mac[j] |= started & notEnded & data[i + j];
}
}
if ((macSz & (macSz - 1)) == 0) {
for (i = 0; i < macSz; i++)
good |= expMac[i] ^ mac[(i + r) & (macSz - 1)];
}
#ifndef NO_SHA
else if (macSz == WC_SHA_DIGEST_SIZE) {
for (i = 0; i < macSz; i++)
good |= expMac[i] ^ mac[(i + r) % WC_SHA_DIGEST_SIZE];
}
#endif
#ifdef WOLFSSL_SHA384
else if (macSz == WC_SHA384_DIGEST_SIZE) {
for (i = 0; i < macSz; i++)
good |= expMac[i] ^ mac[(i + r) % WC_SHA384_DIGEST_SIZE];
}
#endif
return good;
}
/* timing resistant pad/verify check, return 0 on success */
static int TimingPadVerify(WOLFSSL* ssl, const byte* input, int padLen, int t,
int pLen, int content)
int TimingPadVerify(WOLFSSL* ssl, const byte* input, int padLen, int macSz,
int pLen, int content)
{
byte verify[WC_MAX_DIGEST_SIZE];
byte dmy[sizeof(WOLFSSL) >= MAX_PAD_SIZE ? 1 : MAX_PAD_SIZE] = {0};
byte* dummy = sizeof(dmy) < MAX_PAD_SIZE ? (byte*) ssl : dmy;
byte good;
int ret = 0;
(void)dmy;
good = MaskPadding(input, pLen, macSz);
ret = ssl->hmac(ssl, verify, input, pLen - macSz - padLen - 1, padLen,
content, 1);
good |= MaskMac(input, pLen, ssl->specs.hash_size, verify);
if ( (t + padLen + 1) > pLen) {
WOLFSSL_MSG("Plain Len not long enough for pad/mac");
PadCheck(dummy, (byte)padLen, MAX_PAD_SIZE);
ssl->hmac(ssl, verify, input, pLen - t, content, 1); /* still compare */
ConstantCompare(verify, input + pLen - t, t);
/* Non-zero on failure. */
good = ~good;
good &= good >> 4;
good &= good >> 2;
good &= good >> 1;
/* Make ret negative on masking failure. */
ret -= 1 - good;
return VERIFY_MAC_ERROR;
}
if (PadCheck(input + pLen - (padLen + 1), (byte)padLen, padLen + 1) != 0) {
WOLFSSL_MSG("PadCheck failed");
PadCheck(dummy, (byte)padLen, MAX_PAD_SIZE - padLen - 1);
ssl->hmac(ssl, verify, input, pLen - t, content, 1); /* still compare */
ConstantCompare(verify, input + pLen - t, t);
return VERIFY_MAC_ERROR;
}
PadCheck(dummy, (byte)padLen, MAX_PAD_SIZE - padLen - 1);
ret = ssl->hmac(ssl, verify, input, pLen - padLen - 1 - t, content, 1);
CompressRounds(ssl, GetRounds(pLen, padLen, t), dummy);
if (ConstantCompare(verify, input + (pLen - padLen - 1 - t), t) != 0) {
WOLFSSL_MSG("Verify MAC compare failed");
return VERIFY_MAC_ERROR;
}
/* treat any faulure as verify MAC error */
/* Treat any faulure as verify MAC error. */
if (ret != 0)
ret = VERIFY_MAC_ERROR;
return ret;
}
#endif /* WOLFSSL_NO_TLS12 */
int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx)
{
@@ -12368,8 +12261,8 @@ static INLINE int VerifyMac(WOLFSSL* ssl, const byte* input, word32 msgSz,
badPadLen = 1;
}
PadCheck(dummy, (byte)pad, MAX_PAD_SIZE); /* timing only */
ret = ssl->hmac(ssl, verify, input, msgSz - digestSz - pad - 1,
content, 1);
ret = ssl->hmac(ssl, verify, input, msgSz - digestSz - pad - 1, pad,
content, 1);
if (ConstantCompare(verify, input + msgSz - digestSz - pad - 1,
digestSz) != 0)
return VERIFY_MAC_ERROR;
@@ -12378,7 +12271,7 @@ static INLINE int VerifyMac(WOLFSSL* ssl, const byte* input, word32 msgSz,
}
}
else if (ssl->specs.cipher_type == stream) {
ret = ssl->hmac(ssl, verify, input, msgSz - digestSz, content, 1);
ret = ssl->hmac(ssl, verify, input, msgSz - digestSz, -1, content, 1);
if (ConstantCompare(verify, input + msgSz - digestSz, digestSz) != 0){
return VERIFY_MAC_ERROR;
}
@@ -13118,7 +13011,7 @@ int SendChangeCipher(WOLFSSL* ssl)
#ifndef NO_OLD_TLS
static int SSL_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz,
int content, int verify)
int padLen, int content, int verify)
{
byte result[WC_MAX_DIGEST_SIZE];
word32 digestSz = ssl->specs.hash_size; /* actual sizes */
@@ -13133,6 +13026,8 @@ static int SSL_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz,
byte conLen[ENUM_LEN + LENGTH_SZ]; /* content & length */
const byte* macSecret = wolfSSL_GetMacSecret(ssl, verify);
(void)padLen;
#ifdef HAVE_FUZZER
if (ssl->fuzzerCb)
ssl->fuzzerCb(ssl, in, sz, FUZZ_HMAC, ssl->fuzzerCtx);
@@ -13609,8 +13504,8 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
ERROR_OUT(MEMORY_E, exit_buildmsg);
#endif
ret = ssl->hmac(ssl, hmac, output + args->headerSz + args->ivSz, inSz,
type, 0);
ret = ssl->hmac(ssl, hmac, output + args->headerSz + args->ivSz,
inSz, -1, type, 0);
XMEMCPY(output + args->idx, hmac, args->digestSz);
#ifdef WOLFSSL_SMALL_STACK
@@ -13619,8 +13514,8 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
}
else
#endif
ret = ssl->hmac(ssl, output + args->idx, output + args->headerSz + args->ivSz,
inSz, type, 0);
ret = ssl->hmac(ssl, output + args->idx, output +
args->headerSz + args->ivSz, inSz, -1, type, 0);
#ifdef WOLFSSL_DTLS
if (ssl->options.dtls)
DtlsSEQIncrement(ssl, CUR_ORDER);
@@ -16386,6 +16281,152 @@ void PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo,
#endif /* WOLFSSL_CALLBACKS */
#if !defined(NO_CERTS) && (defined(WOLFSSL_TLS13) || \
!defined(NO_WOLFSSL_CLIENT))
/* Decode the private key - RSA, ECC, or Ed25519 - and creates a key object.
* The signature type is set as well.
* The maximum length of a signature is returned.
*
* ssl The SSL/TLS object.
* length The length of a signature.
* returns 0 on success, otherwise failure.
*/
int DecodePrivateKey(WOLFSSL *ssl, word16* length)
{
int ret = BAD_FUNC_ARG;
int keySz;
word32 idx;
/* make sure private key exists */
if (ssl->buffers.key == NULL || ssl->buffers.key->buffer == NULL) {
WOLFSSL_MSG("Private key missing!");
ERROR_OUT(NO_PRIVATE_KEY, exit_dpk);
}
#ifndef NO_RSA
ssl->hsType = DYNAMIC_TYPE_RSA;
ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey);
if (ret != 0) {
goto exit_dpk;
}
WOLFSSL_MSG("Trying RSA private key");
/* Set start of data to beginning of buffer. */
idx = 0;
/* Decode the key assuming it is an RSA private key. */
ret = wc_RsaPrivateKeyDecode(ssl->buffers.key->buffer, &idx,
(RsaKey*)ssl->hsKey, ssl->buffers.key->length);
if (ret == 0) {
WOLFSSL_MSG("Using RSA private key");
/* It worked so check it meets minimum key size requirements. */
keySz = wc_RsaEncryptSize((RsaKey*)ssl->hsKey);
if (keySz < 0) { /* check if keySz has error case */
ERROR_OUT(keySz, exit_dpk);
}
if (keySz < ssl->options.minRsaKeySz) {
WOLFSSL_MSG("RSA key size too small");
ERROR_OUT(RSA_KEY_SIZE_E, exit_dpk);
}
/* Return the maximum signature length. */
*length = (word16)keySz;
goto exit_dpk;
}
#endif /* !NO_RSA */
#ifdef HAVE_ECC
#ifndef NO_RSA
FreeKey(ssl, ssl->hsType, (void**)&ssl->hsKey);
#endif /* !NO_RSA */
ssl->hsType = DYNAMIC_TYPE_ECC;
ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey);
if (ret != 0) {
goto exit_dpk;
}
#ifndef NO_RSA
WOLFSSL_MSG("Trying ECC private key, RSA didn't work");
#else
WOLFSSL_MSG("Trying ECC private key");
#endif
/* Set start of data to beginning of buffer. */
idx = 0;
/* Decode the key assuming it is an ECC private key. */
ret = wc_EccPrivateKeyDecode(ssl->buffers.key->buffer, &idx,
(ecc_key*)ssl->hsKey,
ssl->buffers.key->length);
if (ret == 0) {
WOLFSSL_MSG("Using ECC private key");
/* Check it meets the minimum ECC key size requirements. */
keySz = wc_ecc_size((ecc_key*)ssl->hsKey);
if (keySz < ssl->options.minEccKeySz) {
WOLFSSL_MSG("ECC key size too small");
ERROR_OUT(ECC_KEY_SIZE_E, exit_dpk);
}
/* Return the maximum signature length. */
*length = (word16)wc_ecc_sig_size((ecc_key*)ssl->hsKey);
goto exit_dpk;
}
#endif
#ifdef HAVE_ED25519
#if !defined(NO_RSA) || defined(HAVE_ECC)
FreeKey(ssl, ssl->hsType, (void**)&ssl->hsKey);
#endif
ssl->hsType = DYNAMIC_TYPE_ED25519;
ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey);
if (ret != 0) {
goto exit_dpk;
}
#ifdef HAVE_ECC
WOLFSSL_MSG("Trying ED25519 private key, ECC didn't work");
#elif !defined(NO_RSA)
WOLFSSL_MSG("Trying ED25519 private key, RSA didn't work");
#else
WOLFSSL_MSG("Trying ED25519 private key");
#endif
/* Set start of data to beginning of buffer. */
idx = 0;
/* Decode the key assuming it is an ED25519 private key. */
ret = wc_Ed25519PrivateKeyDecode(ssl->buffers.key->buffer, &idx,
(ed25519_key*)ssl->hsKey,
ssl->buffers.key->length);
if (ret == 0) {
WOLFSSL_MSG("Using ED25519 private key");
/* Check it meets the minimum ECC key size requirements. */
if (ED25519_KEY_SIZE < ssl->options.minEccKeySz) {
WOLFSSL_MSG("ED25519 key size too small");
ERROR_OUT(ECC_KEY_SIZE_E, exit_dpk);
}
/* Return the maximum signature length. */
*length = ED25519_SIG_SIZE;
goto exit_dpk;
}
#endif /* HAVE_ED25519 */
(void)idx;
(void)keySz;
(void)length;
exit_dpk:
return ret;
}
#endif /* WOLFSSL_TLS13 || !NO_WOLFSSL_CLIENT */
/* client only parts */
#ifndef NO_WOLFSSL_CLIENT
@@ -16868,36 +16909,6 @@ void PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo,
XMEMCPY(ssl->arrays->serverRandom, input + i, RAN_LEN);
i += RAN_LEN;
if (!ssl->options.resuming) {
#ifdef WOLFSSL_TLS13
if (IsAtLeastTLSv1_3(ssl->ctx->method->version)) {
/* TLS v1.3 capable client not allowed to downgrade when
* connecting to TLS v1.3 capable server unless cipher suite
* demands it.
*/
if (XMEMCMP(input + i - (TLS13_DOWNGRADE_SZ + 1),
tls13Downgrade, TLS13_DOWNGRADE_SZ) == 0 &&
(*(input + i - 1) == 0 || *(input + i - 1) == 1)) {
SendAlert(ssl, alert_fatal, illegal_parameter);
return VERSION_ERROR;
}
}
else
#endif
if (ssl->ctx->method->version.major == SSLv3_MAJOR &&
ssl->ctx->method->version.minor == TLSv1_2_MINOR) {
/* TLS v1.2 capable client not allowed to downgrade when
* connecting to TLS v1.2 capable server.
*/
if (XMEMCMP(input + i - (TLS13_DOWNGRADE_SZ + 1),
tls13Downgrade, TLS13_DOWNGRADE_SZ) == 0 &&
*(input + i - 1) == 0) {
SendAlert(ssl, alert_fatal, illegal_parameter);
return VERSION_ERROR;
}
}
}
/* session id */
ssl->arrays->sessionIDSz = input[i++];
@@ -17066,7 +17077,37 @@ void PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo,
{
int ret;
if (ssl->options.resuming) {
if (!ssl->options.resuming) {
byte* down = ssl->arrays->serverRandom + RAN_LEN -
TLS13_DOWNGRADE_SZ - 1;
byte vers = ssl->arrays->serverRandom[RAN_LEN - 1];
#ifdef WOLFSSL_TLS13
if (IsAtLeastTLSv1_3(ssl->ctx->method->version)) {
/* TLS v1.3 capable client not allowed to downgrade when
* connecting to TLS v1.3 capable server unless cipher suite
* demands it.
*/
if (XMEMCMP(down, tls13Downgrade, TLS13_DOWNGRADE_SZ) == 0 &&
(vers == 0 || vers == 1)) {
SendAlert(ssl, alert_fatal, illegal_parameter);
return VERSION_ERROR;
}
}
else
#endif
if (ssl->ctx->method->version.major == SSLv3_MAJOR &&
ssl->ctx->method->version.minor == TLSv1_2_MINOR) {
/* TLS v1.2 capable client not allowed to downgrade when
* connecting to TLS v1.2 capable server.
*/
if (XMEMCMP(down, tls13Downgrade, TLS13_DOWNGRADE_SZ) == 0 &&
vers == 0) {
SendAlert(ssl, alert_fatal, illegal_parameter);
return VERSION_ERROR;
}
}
}
else {
if (DSH_CheckSessionId(ssl)) {
if (SetCipherSpecs(ssl) == 0) {
@@ -17097,11 +17138,11 @@ void PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo,
ssl->options.resuming = 0; /* server denied resumption try */
}
}
#ifdef WOLFSSL_DTLS
if (ssl->options.dtls) {
DtlsMsgPoolReset(ssl);
}
#endif
#ifdef WOLFSSL_DTLS
if (ssl->options.dtls) {
DtlsMsgPoolReset(ssl);
}
#endif
return SetCipherSpecs(ssl);
}
@@ -19753,148 +19794,6 @@ exit_scke:
}
#endif /* HAVE_PK_CALLBACKS */
/* Decode the private key - RSA, ECC, or Ed25519 - and creates a key object.
* The signature type is set as well.
* The maximum length of a signature is returned.
*
* ssl The SSL/TLS object.
* length The length of a signature.
* returns 0 on success, otherwise failure.
*/
int DecodePrivateKey(WOLFSSL *ssl, word16* length)
{
int ret = BAD_FUNC_ARG;
int keySz;
word32 idx;
/* make sure private key exists */
if (ssl->buffers.key == NULL || ssl->buffers.key->buffer == NULL) {
WOLFSSL_MSG("Private key missing!");
ERROR_OUT(NO_PRIVATE_KEY, exit_dpk);
}
#ifndef NO_RSA
ssl->hsType = DYNAMIC_TYPE_RSA;
ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey);
if (ret != 0) {
goto exit_dpk;
}
WOLFSSL_MSG("Trying RSA private key");
/* Set start of data to beginning of buffer. */
idx = 0;
/* Decode the key assuming it is an RSA private key. */
ret = wc_RsaPrivateKeyDecode(ssl->buffers.key->buffer, &idx,
(RsaKey*)ssl->hsKey, ssl->buffers.key->length);
if (ret == 0) {
WOLFSSL_MSG("Using RSA private key");
/* It worked so check it meets minimum key size requirements. */
keySz = wc_RsaEncryptSize((RsaKey*)ssl->hsKey);
if (keySz < 0) { /* check if keySz has error case */
ERROR_OUT(keySz, exit_dpk);
}
if (keySz < ssl->options.minRsaKeySz) {
WOLFSSL_MSG("RSA key size too small");
ERROR_OUT(RSA_KEY_SIZE_E, exit_dpk);
}
/* Return the maximum signature length. */
*length = (word16)keySz;
goto exit_dpk;
}
#endif /* !NO_RSA */
#ifdef HAVE_ECC
#ifndef NO_RSA
FreeKey(ssl, ssl->hsType, (void**)&ssl->hsKey);
#endif /* !NO_RSA */
ssl->hsType = DYNAMIC_TYPE_ECC;
ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey);
if (ret != 0) {
goto exit_dpk;
}
#ifndef NO_RSA
WOLFSSL_MSG("Trying ECC private key, RSA didn't work");
#else
WOLFSSL_MSG("Trying ECC private key");
#endif
/* Set start of data to beginning of buffer. */
idx = 0;
/* Decode the key assuming it is an ECC private key. */
ret = wc_EccPrivateKeyDecode(ssl->buffers.key->buffer, &idx,
(ecc_key*)ssl->hsKey,
ssl->buffers.key->length);
if (ret == 0) {
WOLFSSL_MSG("Using ECC private key");
/* Check it meets the minimum ECC key size requirements. */
keySz = wc_ecc_size((ecc_key*)ssl->hsKey);
if (keySz < ssl->options.minEccKeySz) {
WOLFSSL_MSG("ECC key size too small");
ERROR_OUT(ECC_KEY_SIZE_E, exit_dpk);
}
/* Return the maximum signature length. */
*length = (word16)wc_ecc_sig_size((ecc_key*)ssl->hsKey);
goto exit_dpk;
}
#endif
#ifdef HAVE_ED25519
#if !defined(NO_RSA) || defined(HAVE_ECC)
FreeKey(ssl, ssl->hsType, (void**)&ssl->hsKey);
#endif
ssl->hsType = DYNAMIC_TYPE_ED25519;
ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey);
if (ret != 0) {
goto exit_dpk;
}
#ifdef HAVE_ECC
WOLFSSL_MSG("Trying ED25519 private key, ECC didn't work");
#elif !defined(NO_RSA)
WOLFSSL_MSG("Trying ED25519 private key, RSA didn't work");
#else
WOLFSSL_MSG("Trying ED25519 private key");
#endif
/* Set start of data to beginning of buffer. */
idx = 0;
/* Decode the key assuming it is an ED25519 private key. */
ret = wc_Ed25519PrivateKeyDecode(ssl->buffers.key->buffer, &idx,
(ed25519_key*)ssl->hsKey,
ssl->buffers.key->length);
if (ret == 0) {
WOLFSSL_MSG("Using ED25519 private key");
/* Check it meets the minimum ECC key size requirements. */
if (ED25519_KEY_SIZE < ssl->options.minEccKeySz) {
WOLFSSL_MSG("ED25519 key size too small");
ERROR_OUT(ECC_KEY_SIZE_E, exit_dpk);
}
/* Return the maximum signature length. */
*length = ED25519_SIG_SIZE;
goto exit_dpk;
}
#endif /* HAVE_ED25519 */
(void)idx;
(void)keySz;
(void)length;
exit_dpk:
return ret;
}
#ifndef WOLFSSL_NO_TLS12
#ifndef WOLFSSL_NO_CLIENT_AUTH
@@ -23461,7 +23360,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
args->output, args->sigSz,
HashAlgoToType(args->hashAlgo));
if (ret != 0)
return ret;
goto exit_dcv;
}
else
#endif
+33 -20
View File
@@ -1147,6 +1147,8 @@ int wolfSSL_negotiate(WOLFSSL* ssl)
}
#endif
(void)ssl;
WOLFSSL_LEAVE("wolfSSL_negotiate", err);
return err;
@@ -3366,7 +3368,7 @@ void wolfSSL_EVP_init(void)
#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
void wolfSSL_ERR_print_errors_fp(FILE* fp, int err)
void wolfSSL_ERR_print_errors_fp(XFILE fp, int err)
{
char data[WOLFSSL_MAX_ERROR_SZ + 1];
@@ -3376,7 +3378,7 @@ void wolfSSL_ERR_print_errors_fp(FILE* fp, int err)
}
#if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)
void wolfSSL_ERR_dump_errors_fp(FILE* fp)
void wolfSSL_ERR_dump_errors_fp(XFILE fp)
{
wc_ERR_print_errors_fp(fp);
}
@@ -8433,11 +8435,11 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
#ifdef OPENSSL_EXTRA
WOLFSSL_METHOD* wolfSSLv23_method(void) {
WOLFSSL_METHOD* m;
WOLFSSL_METHOD* m = NULL;
WOLFSSL_ENTER("wolfSSLv23_method");
#ifndef NO_WOLFSSL_CLIENT
#if !defined(NO_WOLFSSL_CLIENT)
m = wolfSSLv23_client_method();
#else
#elif !defined(NO_WOLFSSL_SERVER)
m = wolfSSLv23_server_method();
#endif
if (m != NULL) {
@@ -11597,12 +11599,15 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
WOLFSSL_BIO* wolfSSL_BIO_new_mem_buf(void* buf, int len)
{
WOLFSSL_BIO* bio = NULL;
if (buf == NULL)
if (buf == NULL || len < 0) {
return bio;
}
bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem());
if (bio == NULL)
if (bio == NULL) {
return bio;
}
bio->memLen = bio->wrSz = len;
bio->mem = (byte*)XMALLOC(len, 0, DYNAMIC_TYPE_OPENSSL);
@@ -13400,7 +13405,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
}
/* WOLFSSL_SUCCESS on ok */
/* WOLFSSL_SUCCESS on ok, WOLFSSL_FAILURE on failure */
int wolfSSL_EVP_DigestUpdate(WOLFSSL_EVP_MD_CTX* ctx, const void* data,
size_t sz)
{
@@ -13450,7 +13455,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
break;
#endif /* WOLFSSL_SHA512 */
default:
return BAD_FUNC_ARG;
return WOLFSSL_FAILURE;
}
return WOLFSSL_SUCCESS;
@@ -13506,7 +13511,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
break;
#endif /* WOLFSSL_SHA512 */
default:
return BAD_FUNC_ARG;
return WOLFSSL_FAILURE;
}
return WOLFSSL_SUCCESS;
@@ -13613,7 +13618,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
{
WOLFSSL_ENTER("wolfSSL_ERR_clear_error");
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
#if defined(DEBUG_WOLFSSL) || defined(WOLFSSL_NGINX)
wc_ClearErrorNodes();
#endif
}
@@ -15608,8 +15613,8 @@ WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509* x509)
if (wolfSSL_RSA_LoadDer_ex(key->rsa,
(const unsigned char*)key->pkey.ptr, key->pkey_sz,
WOLFSSL_RSA_LOAD_PUBLIC) != SSL_SUCCESS) {
XFREE(key, x509->heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL_RSA_free(key->rsa);
XFREE(key, x509->heap, DYNAMIC_TYPE_PUBLIC_KEY);
return NULL;
}
}
@@ -22526,7 +22531,7 @@ char *wolfSSL_BN_bn2hex(const WOLFSSL_BIGNUM *bn)
/* return code compliant with OpenSSL :
* 1 if success, 0 if error
*/
int wolfSSL_BN_print_fp(FILE *fp, const WOLFSSL_BIGNUM *bn)
int wolfSSL_BN_print_fp(XFILE fp, const WOLFSSL_BIGNUM *bn)
{
#if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) || defined(DEBUG_WOLFSSL)
char *buf;
@@ -26564,6 +26569,7 @@ int wolfSSL_EC_POINT_get_affine_coordinates_GFp(const WOLFSSL_EC_GROUP *group,
return WOLFSSL_SUCCESS;
}
#ifndef WOLFSSL_ATECC508A
/* return code compliant with OpenSSL :
* 1 if success, 0 if error
*/
@@ -26628,6 +26634,7 @@ int wolfSSL_EC_POINT_mul(const WOLFSSL_EC_GROUP *group, WOLFSSL_EC_POINT *r,
return ret;
}
#endif
void wolfSSL_EC_POINT_clear_free(WOLFSSL_EC_POINT *p)
{
@@ -27387,6 +27394,10 @@ WOLFSSL_EVP_PKEY* wolfSSL_PEM_read_bio_PrivateKey(WOLFSSL_BIO* bio,
WOLFSSL_ENTER("wolfSSL_PEM_read_bio_PrivateKey");
if (bio == NULL) {
return pkey;
}
if ((ret = wolfSSL_BIO_pending(bio)) > 0) {
memSz = ret;
mem = (char*)XMALLOC(memSz, bio->heap, DYNAMIC_TYPE_OPENSSL);
@@ -27640,10 +27651,6 @@ int wolfSSL_PEM_write_RSA_PUBKEY(FILE *fp, WOLFSSL_RSA *x)
#endif /* NO_FILESYSTEM */
#endif /* !NO_RSA */
#endif /* OPENSSL_EXTRA */
#if !defined(NO_RSA) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
WOLFSSL_RSA *wolfSSL_d2i_RSAPublicKey(WOLFSSL_RSA **r, const unsigned char **pp, long len)
{
WOLFSSL_RSA *rsa = NULL;
@@ -27699,6 +27706,10 @@ int wolfSSL_i2d_RSAPublicKey(WOLFSSL_RSA *rsa, const unsigned char **pp)
}
#endif /* #if !defined(HAVE_FAST_RSA) */
#endif /* !NO_RSA */
#endif /* OPENSSL_EXTRA */
#if !defined(NO_RSA) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
/* return WOLFSSL_SUCCESS if success, WOLFSSL_FATAL_ERROR if error */
int wolfSSL_RSA_LoadDer(WOLFSSL_RSA* rsa, const unsigned char* derBuf, int derSz)
{
@@ -28643,8 +28654,10 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl)
return NULL;
i = 0;
if (wc_PemGetHeaderFooter(CERT_TYPE, NULL, &footer) != 0)
if (wc_PemGetHeaderFooter(CERT_TYPE, NULL, &footer) != 0) {
XFREE(pem, 0, DYNAMIC_TYPE_PEM);
return NULL;
}
/* TODO: Inefficient
* reading in one byte at a time until see "END CERTIFICATE"
@@ -28684,7 +28697,7 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl)
}
#if defined(HAVE_CRL) && !defined(NO_FILESYSTEM)
WOLFSSL_API WOLFSSL_X509_CRL* wolfSSL_PEM_read_X509_CRL(FILE *fp, WOLFSSL_X509_CRL **crl,
WOLFSSL_API WOLFSSL_X509_CRL* wolfSSL_PEM_read_X509_CRL(XFILE fp, WOLFSSL_X509_CRL **crl,
pem_password_cb *cb, void *u)
{
#if defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM)
@@ -32922,4 +32935,4 @@ int wolfSSL_i2c_ASN1_INTEGER(WOLFSSL_ASN1_INTEGER *a, unsigned char **pp)
}
#endif /* !NO_ASN */
#endif /* OPENSSLEXTRA */
#endif /* OPENSSLEXTRA */
Executable → Regular
+522 -45
View File
@@ -852,13 +852,449 @@ int wolfSSL_SetTlsHmacInner(WOLFSSL* ssl, byte* inner, word32 sz, int content,
}
/* TLS type HMAC */
int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz,
int content, int verify)
#if !defined(WOLFSSL_NO_HASH_RAW) && !defined(HAVE_FIPS) && \
!defined(HAVE_SELFTEST)
/* Update the hash in the HMAC.
*
* hmac HMAC object.
* data Data to be hashed.
* sz Size of data to hash.
* returns 0 on success, otherwise failure.
*/
static int Hmac_HashUpdate(Hmac* hmac, const byte* data, word32 sz)
{
Hmac hmac;
int ret = 0;
byte myInner[WOLFSSL_TLS_HMAC_INNER_SZ];
int ret = BAD_FUNC_ARG;
switch (hmac->macType) {
#ifndef NO_SHA
case WC_SHA:
ret = wc_ShaUpdate(&hmac->hash.sha, data, sz);
break;
#endif /* !NO_SHA */
#ifndef NO_SHA256
case WC_SHA256:
ret = wc_Sha256Update(&hmac->hash.sha256, data, sz);
break;
#endif /* !NO_SHA256 */
#ifdef WOLFSSL_SHA384
case WC_SHA384:
ret = wc_Sha384Update(&hmac->hash.sha384, data, sz);
break;
#endif /* WOLFSSL_SHA384 */
#ifdef WOLFSSL_SHA512
case WC_SHA512:
ret = wc_Sha512Update(&hmac->hash.sha512, data, sz);
break;
#endif /* WOLFSSL_SHA512 */
}
return ret;
}
/* Finalize the hash but don't put the EOC, padding or length in.
*
* hmac HMAC object.
* hash Hash result.
* returns 0 on success, otherwise failure.
*/
static int Hmac_HashFinalRaw(Hmac* hmac, unsigned char* hash)
{
int ret = BAD_FUNC_ARG;
switch (hmac->macType) {
#ifndef NO_SHA
case WC_SHA:
ret = wc_ShaFinalRaw(&hmac->hash.sha, hash);
break;
#endif /* !NO_SHA */
#ifndef NO_SHA256
case WC_SHA256:
ret = wc_Sha256FinalRaw(&hmac->hash.sha256, hash);
break;
#endif /* !NO_SHA256 */
#ifdef WOLFSSL_SHA384
case WC_SHA384:
ret = wc_Sha384FinalRaw(&hmac->hash.sha384, hash);
break;
#endif /* WOLFSSL_SHA384 */
#ifdef WOLFSSL_SHA512
case WC_SHA512:
ret = wc_Sha512FinalRaw(&hmac->hash.sha512, hash);
break;
#endif /* WOLFSSL_SHA512 */
}
return ret;
}
/* Finalize the HMAC by performing outer hash.
*
* hmac HMAC object.
* mac MAC result.
* returns 0 on success, otherwise failure.
*/
static int Hmac_OuterHash(Hmac* hmac, unsigned char* mac)
{
int ret = BAD_FUNC_ARG;
switch (hmac->macType) {
#ifndef NO_SHA
case WC_SHA:
ret = wc_InitSha(&hmac->hash.sha);
if (ret == 0)
ret = wc_ShaUpdate(&hmac->hash.sha, (byte*)hmac->opad,
WC_SHA_BLOCK_SIZE);
if (ret == 0)
ret = wc_ShaUpdate(&hmac->hash.sha, (byte*)hmac->innerHash,
WC_SHA_DIGEST_SIZE);
if (ret == 0)
ret = wc_ShaFinal(&hmac->hash.sha, mac);
break;
#endif /* !NO_SHA */
#ifndef NO_SHA256
case WC_SHA256:
ret = wc_InitSha256(&hmac->hash.sha256);
if (ret == 0)
ret = wc_Sha256Update(&hmac->hash.sha256, (byte*)hmac->opad,
WC_SHA256_BLOCK_SIZE);
if (ret == 0)
ret = wc_Sha256Update(&hmac->hash.sha256,
(byte*)hmac->innerHash,
WC_SHA256_DIGEST_SIZE);
if (ret == 0)
ret = wc_Sha256Final(&hmac->hash.sha256, mac);
break;
#endif /* !NO_SHA256 */
#ifdef WOLFSSL_SHA384
case WC_SHA384:
ret = wc_InitSha384(&hmac->hash.sha384);
if (ret == 0)
ret = wc_Sha384Update(&hmac->hash.sha384, (byte*)hmac->opad,
WC_SHA384_BLOCK_SIZE);
if (ret == 0)
ret = wc_Sha384Update(&hmac->hash.sha384,
(byte*)hmac->innerHash,
WC_SHA384_DIGEST_SIZE);
if (ret == 0)
ret = wc_Sha384Final(&hmac->hash.sha384, mac);
break;
#endif /* WOLFSSL_SHA384 */
#ifdef WOLFSSL_SHA512
case WC_SHA512:
ret = wc_InitSha512(&hmac->hash.sha512);
if (ret == 0)
ret = wc_Sha512Update(&hmac->hash.sha512,(byte*)hmac->opad,
WC_SHA512_BLOCK_SIZE);
if (ret == 0)
ret = wc_Sha512Update(&hmac->hash.sha512,
(byte*)hmac->innerHash,
WC_SHA512_DIGEST_SIZE);
if (ret == 0)
ret = wc_Sha512Final(&hmac->hash.sha512, mac);
break;
#endif /* WOLFSSL_SHA512 */
}
return ret;
}
/* Calculate the HMAC of the header + message data.
* Constant time implementation using wc_Sha*FinalRaw().
*
* hmac HMAC object.
* digest MAC result.
* in Message data.
* sz Size of the message data.
* header Constructed record header with length of handshake data.
* returns 0 on success, otherwise failure.
*/
static int Hmac_UpdateFinal_CT(Hmac* hmac, byte* digest, const byte* in,
word32 sz, byte* header)
{
byte lenBytes[8];
int i, j, k;
int blockBits, blockMask;
int realLen, lastBlockLen, macLen, extraLen, eocIndex;
int blocks, safeBlocks, lenBlock, eocBlock;
int maxLen;
int blockSz, padSz;
int ret;
byte extraBlock;
switch (hmac->macType) {
#ifndef NO_SHA
case WC_SHA:
blockSz = WC_SHA_BLOCK_SIZE;
blockBits = 6;
macLen = WC_SHA_DIGEST_SIZE;
padSz = WC_SHA_BLOCK_SIZE - WC_SHA_PAD_SIZE + 1;
break;
#endif /* !NO_SHA */
#ifndef NO_SHA256
case WC_SHA256:
blockSz = WC_SHA256_BLOCK_SIZE;
blockBits = 6;
macLen = WC_SHA256_DIGEST_SIZE;
padSz = WC_SHA256_BLOCK_SIZE - WC_SHA256_PAD_SIZE + 1;
break;
#endif /* !NO_SHA256 */
#ifdef WOLFSSL_SHA384
case WC_SHA384:
blockSz = WC_SHA384_BLOCK_SIZE;
blockBits = 7;
macLen = WC_SHA384_DIGEST_SIZE;
padSz = WC_SHA384_BLOCK_SIZE - WC_SHA384_PAD_SIZE + 1;
break;
#endif /* WOLFSSL_SHA384 */
#ifdef WOLFSSL_SHA512
case WC_SHA512:
blockSz = WC_SHA512_BLOCK_SIZE;
blockBits = 7;
macLen = WC_SHA512_DIGEST_SIZE;
padSz = WC_SHA512_BLOCK_SIZE - WC_SHA512_PAD_SIZE + 1;
break;
#endif /* WOLFSSL_SHA512 */
default:
return BAD_FUNC_ARG;
}
blockMask = blockSz - 1;
/* Size of data to HMAC if padding length byte is zero. */
maxLen = WOLFSSL_TLS_HMAC_INNER_SZ + sz - 1 - macLen;
/* Complete data (including padding) has block for EOC and/or length. */
extraBlock = ctSetLTE((maxLen + padSz) & blockMask, padSz);
/* Total number of blocks for data including padding. */
blocks = ((maxLen + blockSz - 1) >> blockBits) + extraBlock;
/* Up to last 6 blocks can be hashed safely. */
safeBlocks = blocks - 6;
/* Length of message data. */
realLen = maxLen - in[sz - 1];
/* Number of message bytes in last block. */
lastBlockLen = realLen & blockMask;
/* Number of padding bytes in last block. */
extraLen = ((blockSz * 2 - padSz - lastBlockLen) & blockMask) + 1;
/* Number of blocks to create for hash. */
lenBlock = (realLen + extraLen) >> blockBits;
/* Block containing EOC byte. */
eocBlock = realLen >> blockBits;
/* Index of EOC byte in block. */
eocIndex = realLen & blockMask;
/* Add length of hmac's ipad to total length. */
realLen += blockSz;
/* Length as bits - 8 bytes bigendian. */
c32toa(realLen >> ((sizeof(word32) * 8) - 3), lenBytes);
c32toa(realLen << 3, lenBytes + sizeof(word32));
ret = Hmac_HashUpdate(hmac, (unsigned char*)hmac->ipad, blockSz);
if (ret != 0)
return ret;
XMEMSET(hmac->innerHash, 0, macLen);
if (safeBlocks > 0) {
ret = Hmac_HashUpdate(hmac, header, WOLFSSL_TLS_HMAC_INNER_SZ);
if (ret != 0)
return ret;
ret = Hmac_HashUpdate(hmac, in, safeBlocks * blockSz -
WOLFSSL_TLS_HMAC_INNER_SZ);
if (ret != 0)
return ret;
}
else
safeBlocks = 0;
XMEMSET(digest, 0, macLen);
k = safeBlocks * blockSz;
for (i = safeBlocks; i < blocks; i++) {
unsigned char hashBlock[WC_MAX_BLOCK_SIZE];
unsigned char isEocBlock = ctMaskEq(i, eocBlock);
unsigned char isOutBlock = ctMaskEq(i, lenBlock);
for (j = 0; j < blockSz; j++, k++) {
unsigned char atEoc = ctMaskEq(j, eocIndex) & isEocBlock;
unsigned char pastEoc = ctMaskGT(j, eocIndex) & isEocBlock;
unsigned char b = 0;
if (k < WOLFSSL_TLS_HMAC_INNER_SZ)
b = header[k];
else if (k < maxLen)
b = in[k - WOLFSSL_TLS_HMAC_INNER_SZ];
b = ctMaskSel(atEoc, b, 0x80);
b &= ~pastEoc;
b &= ~isOutBlock | isEocBlock;
if (j >= blockSz - 8) {
b = ctMaskSel(isOutBlock, b, lenBytes[j - (blockSz - 8)]);
}
hashBlock[j] = b;
}
ret = Hmac_HashUpdate(hmac, hashBlock, blockSz);
if (ret != 0)
return ret;
ret = Hmac_HashFinalRaw(hmac, hashBlock);
if (ret != 0)
return ret;
for (j = 0; j < macLen; j++)
((unsigned char*)hmac->innerHash)[j] |= hashBlock[j] & isOutBlock;
}
ret = Hmac_OuterHash(hmac, digest);
return ret;
}
#endif
#if defined(WOLFSSL_NO_HASH_RAW) || defined(HAVE_FIPS) || \
defined(HAVE_SELFTEST) || defined(HAVE_BLAKE2)
/* Calculate the HMAC of the header + message data.
* Constant time implementation using normal hashing operations.
* Update-Final need to be constant time.
*
* hmac HMAC object.
* digest MAC result.
* in Message data.
* sz Size of the message data.
* header Constructed record header with length of handshake data.
* returns 0 on success, otherwise failure.
*/
static int Hmac_UpdateFinal(Hmac* hmac, byte* digest, const byte* in,
word32 sz, byte* header)
{
byte dummy[WC_MAX_BLOCK_SIZE] = {0};
int ret;
word32 msgSz, blockSz, macSz, padSz, maxSz, realSz;
word32 currSz, offset;
int msgBlocks, blocks, blockBits;
int i;
switch (hmac->macType) {
#ifndef NO_SHA
case WC_SHA:
blockSz = WC_SHA_BLOCK_SIZE;
blockBits = 6;
macSz = WC_SHA_DIGEST_SIZE;
padSz = WC_SHA_BLOCK_SIZE - WC_SHA_PAD_SIZE + 1;
break;
#endif /* !NO_SHA */
#ifndef NO_SHA256
case WC_SHA256:
blockSz = WC_SHA256_BLOCK_SIZE;
blockBits = 6;
macSz = WC_SHA256_DIGEST_SIZE;
padSz = WC_SHA256_BLOCK_SIZE - WC_SHA256_PAD_SIZE + 1;
break;
#endif /* !NO_SHA256 */
#ifdef WOLFSSL_SHA384
case WC_SHA384:
blockSz = WC_SHA384_BLOCK_SIZE;
blockBits = 7;
macSz = WC_SHA384_DIGEST_SIZE;
padSz = WC_SHA384_BLOCK_SIZE - WC_SHA384_PAD_SIZE + 1;
break;
#endif /* WOLFSSL_SHA384 */
#ifdef WOLFSSL_SHA512
case WC_SHA512:
blockSz = WC_SHA512_BLOCK_SIZE;
blockBits = 7;
macSz = WC_SHA512_DIGEST_SIZE;
padSz = WC_SHA512_BLOCK_SIZE - WC_SHA512_PAD_SIZE + 1;
break;
#endif /* WOLFSSL_SHA512 */
#ifdef HAVE_BLAKE2
case WC_HASH_TYPE_BLAKE2B:
blockSz = BLAKE2B_BLOCKBYTES;
blockBits = 7;
macSz = BLAKE2B_256;
padSz = 0;
break;
#endif /* HAVE_BLAK2 */
default:
return BAD_FUNC_ARG;
}
msgSz = sz - (1 + in[sz - 1] + macSz);
/* Make negative result 0 */
msgSz &= ~(0 - (msgSz >> 31));
realSz = WOLFSSL_TLS_HMAC_INNER_SZ + msgSz;
maxSz = WOLFSSL_TLS_HMAC_INNER_SZ + (sz - 1) - macSz;
/* Calculate #blocks processed in HMAC for max and real data. */
blocks = maxSz >> blockBits;
blocks += ((maxSz + padSz) % blockSz) < padSz;
msgBlocks = realSz >> blockBits;
/* #Extra blocks to process. */
blocks -= msgBlocks + (((realSz + padSz) % blockSz) < padSz);
/* Calculate whole blocks. */
msgBlocks--;
ret = wc_HmacUpdate(hmac, header, WOLFSSL_TLS_HMAC_INNER_SZ);
if (ret == 0) {
/* Fill the rest of the block with any available data. */
currSz = ctMaskLT(msgSz, blockSz) & msgSz;
currSz |= ctMaskGTE(msgSz, blockSz) & blockSz;
currSz -= WOLFSSL_TLS_HMAC_INNER_SZ;
currSz &= ~(0 - (currSz >> 31));
ret = wc_HmacUpdate(hmac, in, currSz);
offset = currSz;
}
if (ret == 0) {
/* Do the hash operations on a block basis. */
for (i = 0; i < msgBlocks; i++, offset += blockSz) {
ret = wc_HmacUpdate(hmac, in + offset, blockSz);
if (ret != 0)
break;
}
}
if (ret == 0)
ret = wc_HmacUpdate(hmac, in + offset, msgSz - offset);
if (ret == 0)
ret = wc_HmacFinal(hmac, digest);
if (ret == 0) {
/* Do the dummy hash operations. Do at least one. */
for (i = 0; i < blocks + 1; i++) {
ret = wc_HmacUpdate(hmac, dummy, blockSz);
if (ret != 0)
break;
}
}
return ret;
}
#endif
int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, int padSz,
int content, int verify)
{
Hmac hmac;
byte myInner[WOLFSSL_TLS_HMAC_INNER_SZ];
int ret = 0;
if (ssl == NULL)
return BAD_FUNC_ARG;
@@ -875,14 +1311,41 @@ int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz,
return ret;
ret = wc_HmacSetKey(&hmac, wolfSSL_GetHmacType(ssl),
wolfSSL_GetMacSecret(ssl, verify), ssl->specs.hash_size);
wolfSSL_GetMacSecret(ssl, verify),
ssl->specs.hash_size);
if (ret == 0) {
ret = wc_HmacUpdate(&hmac, myInner, sizeof(myInner));
if (ret == 0)
ret = wc_HmacUpdate(&hmac, in, sz); /* content */
if (ret == 0)
ret = wc_HmacFinal(&hmac, digest);
/* Constant time verification required. */
if (verify && padSz >= 0) {
#if !defined(WOLFSSL_NO_HASH_RAW) && !defined(HAVE_FIPS) && \
!defined(HAVE_SELFTEST)
#ifdef HAVE_BLAKE2
if (wolfSSL_GetHmacType(ssl) == WC_HASH_TYPE_BLAKE2B) {
ret = Hmac_UpdateFinal(&hmac, digest, in, sz +
ssl->specs.hash_size + padSz + 1,
myInner);
}
else
#endif
{
ret = Hmac_UpdateFinal_CT(&hmac, digest, in, sz +
ssl->specs.hash_size + padSz + 1,
myInner);
}
#else
ret = Hmac_UpdateFinal(&hmac, digest, in, sz +
ssl->specs.hash_size + padSz + 1,
myInner);
#endif
}
else {
ret = wc_HmacUpdate(&hmac, myInner, sizeof(myInner));
if (ret == 0)
ret = wc_HmacUpdate(&hmac, in, sz); /* content */
if (ret == 0)
ret = wc_HmacFinal(&hmac, digest);
}
}
wc_HmacFree(&hmac);
return ret;
@@ -3024,7 +3487,7 @@ static int TLSX_PointFormat_Append(PointFormat* list, byte format, void* heap)
return ret;
}
#ifndef NO_WOLFSSL_CLIENT
#if defined(WOLFSSL_TLS13) || !defined(NO_WOLFSSL_CLIENT)
static void TLSX_SupportedCurve_ValidateRequest(WOLFSSL* ssl, byte* semaphore)
{
@@ -3055,6 +3518,7 @@ static void TLSX_PointFormat_ValidateRequest(WOLFSSL* ssl, byte* semaphore)
}
#endif
#ifndef NO_WOLFSSL_SERVER
static void TLSX_PointFormat_ValidateResponse(WOLFSSL* ssl, byte* semaphore)
@@ -3246,6 +3710,9 @@ int TLSX_SupportedCurve_CheckPriority(WOLFSSL* ssl)
return 0;
}
#endif
#if defined(WOLFSSL_TLS13) && !defined(WOLFSSL_NO_SERVER_GROUPS_EXT)
/* Return the preferred group.
*
* ssl SSL/TLS object.
@@ -3891,7 +4358,7 @@ int TLSX_AddEmptyRenegotiationInfo(TLSX** extensions, void* heap)
#ifdef HAVE_SESSION_TICKET
#ifndef NO_WOLFSSL_CLIENT
#if defined(WOLFSSL_TLS13) || !defined(NO_WOLFSSL_CLIENT)
static void TLSX_SessionTicket_ValidateRequest(WOLFSSL* ssl)
{
TLSX* extension = TLSX_Find(ssl->extensions, TLSX_SESSION_TICKET);
@@ -3906,7 +4373,7 @@ static void TLSX_SessionTicket_ValidateRequest(WOLFSSL* ssl)
}
}
}
#endif /* NO_WOLFSSL_CLIENT */
#endif /* WLFSSL_TLS13 || !NO_WOLFSSL_CLIENT */
static word16 TLSX_SessionTicket_GetSize(SessionTicket* ticket, int isRequest)
@@ -4751,8 +5218,18 @@ static int TLSX_SupportedVersions_Write(void* data, byte* output,
}
#ifndef WOLFSSL_TLS13_DRAFT_18
else if (msgType == server_hello || msgType == hello_retry_request) {
output[0] = ssl->version.major;
output[1] = ssl->version.minor;
#ifndef WOLFSSL_TLS13_FINAL
if (ssl->version.major == SSLv3_MAJOR &&
ssl->version.minor == TLSv1_3_MINOR) {
output[0] = TLS_DRAFT_MAJOR;
output[1] = TLS_DRAFT_MINOR;
}
else
#endif
{
output[0] = ssl->version.major;
output[1] = ssl->version.minor;
}
*pSz += OPAQUE16_LEN;
}
@@ -4810,34 +5287,38 @@ static int TLSX_SupportedVersions_Parse(WOLFSSL* ssl, byte* input,
continue;
/* No upgrade allowed. */
if (ssl->version.minor > minor)
if (minor > ssl->version.minor)
continue;
/* Check downgrade. */
if (ssl->version.minor < minor) {
if (minor < ssl->version.minor) {
if (!ssl->options.downgrade)
continue;
if (minor < ssl->options.minDowngrade)
continue;
/* Downgrade the version. */
ssl->version.minor = minor;
if (newMinor == 0 && minor > ssl->options.oldMinor) {
/* Downgrade the version. */
ssl->version.minor = minor;
}
}
if (minor >= TLSv1_3_MINOR) {
ssl->options.tls1_3 = 1;
TLSX_Push(&ssl->extensions, TLSX_SUPPORTED_VERSIONS, ssl,
ssl->heap);
if (!ssl->options.tls1_3) {
ssl->options.tls1_3 = 1;
TLSX_Push(&ssl->extensions, TLSX_SUPPORTED_VERSIONS, ssl,
ssl->heap);
#ifndef WOLFSSL_TLS13_DRAFT_18
TLSX_SetResponse(ssl, TLSX_SUPPORTED_VERSIONS);
TLSX_SetResponse(ssl, TLSX_SUPPORTED_VERSIONS);
#endif
newMinor = minor;
}
if (minor > newMinor) {
ssl->version.minor = minor;
newMinor = minor;
}
}
else if (ssl->options.oldMinor < minor)
else if (minor > ssl->options.oldMinor)
ssl->options.oldMinor = minor;
if (newMinor != 0 && ssl->options.oldMinor != 0)
break;
}
}
#ifndef WOLFSSL_TLS13_DRAFT_18
@@ -7328,7 +7809,7 @@ int TLSX_PskKeModes_Use(WOLFSSL* ssl, byte modes)
static word16 TLSX_PostHandAuth_GetSize(byte msgType)
{
if (msgType == client_hello)
return OPAQUE8_LEN;
return 0;
return SANITY_MSG_E;
}
@@ -7343,10 +7824,10 @@ static word16 TLSX_PostHandAuth_GetSize(byte msgType)
*/
static word16 TLSX_PostHandAuth_Write(byte* output, byte msgType)
{
if (msgType == client_hello) {
*output = 0;
return OPAQUE8_LEN;
}
(void)output;
if (msgType == client_hello)
return 0;
return SANITY_MSG_E;
}
@@ -7363,15 +7844,11 @@ static word16 TLSX_PostHandAuth_Write(byte* output, byte msgType)
static int TLSX_PostHandAuth_Parse(WOLFSSL* ssl, byte* input, word16 length,
byte msgType)
{
byte len;
(void)input;
if (msgType == client_hello) {
/* Ensure length byte exists. */
if (length < OPAQUE8_LEN)
return BUFFER_E;
len = input[0];
if (length - OPAQUE8_LEN != len || len != 0)
/* Ensure extension is empty. */
if (length != 0)
return BUFFER_E;
ssl->options.postHandshakeAuth = 1;
@@ -8645,7 +9122,7 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
}
#ifndef NO_WOLFSSL_CLIENT
#if defined(WOLFSSL_TLS13) || !defined(NO_WOLFSSL_CLIENT)
/** Tells the buffered size of extensions to be sent into the client hello. */
int TLSX_GetRequestSize(WOLFSSL* ssl, byte msgType, word16* pLength)
@@ -8850,7 +9327,7 @@ int TLSX_WriteRequest(WOLFSSL* ssl, byte* output, byte msgType, word16* pOffset)
return ret;
}
#endif /* NO_WOLFSSL_CLIENT */
#endif /* WOLFSSL_TLS13 || !NO_WOLFSSL_CLIENT */
#ifndef NO_WOLFSSL_SERVER
@@ -9347,7 +9824,7 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType,
#ifdef WOLFSSL_POST_HANDSHAKE_AUTH
case TLSX_POST_HANDSHAKE_AUTH:
WOLFSSL_MSG("PSK Key Exchange Modes extension received");
WOLFSSL_MSG("Post Handshake Authentication extension received");
if (!IsAtLeastTLSv1_3(ssl->version))
break;
Executable → Regular
+248 -220
View File
@@ -80,7 +80,7 @@
#ifdef WOLFSSL_TLS13
#ifdef HAVE_SESSION_TICKET
#include <sys/time.h>
#include <wolfssl/wolfcrypt/wc_port.h>
#endif
#ifndef WOLFCRYPT_ONLY
@@ -2190,6 +2190,127 @@ static int FindSuite(WOLFSSL* ssl, byte* suite)
}
#endif
#ifndef WOLFSSL_TLS13_DRAFT_18
#if defined(WOLFSSL_SEND_HRR_COOKIE) && !defined(NO_WOLFSSL_SERVER)
/* Create Cookie extension using the hash of the first ClientHello.
*
* ssl SSL/TLS object.
* hash The hash data.
* hashSz The size of the hash data in bytes.
* returns 0 on success, otherwise failure.
*/
static int CreateCookie(WOLFSSL* ssl, byte* hash, byte hashSz)
{
int ret;
byte mac[WC_MAX_DIGEST_SIZE];
Hmac cookieHmac;
byte cookieType;
byte macSz;
#if !defined(NO_SHA) && defined(NO_SHA256)
cookieType = SHA;
macSz = WC_SHA_DIGEST_SIZE;
#endif /* NO_SHA */
#ifndef NO_SHA256
cookieType = WC_SHA256;
macSz = WC_SHA256_DIGEST_SIZE;
#endif /* NO_SHA256 */
ret = wc_HmacSetKey(&cookieHmac, cookieType,
ssl->buffers.tls13CookieSecret.buffer,
ssl->buffers.tls13CookieSecret.length);
if (ret != 0)
return ret;
if ((ret = wc_HmacUpdate(&cookieHmac, hash, hashSz)) != 0)
return ret;
if ((ret = wc_HmacFinal(&cookieHmac, mac)) != 0)
return ret;
/* The cookie data is the hash and the integrity check. */
return TLSX_Cookie_Use(ssl, hash, hashSz, mac, macSz, 1);
}
#endif
/* Restart the Hanshake hash with a hash of the previous messages.
*
* ssl The SSL/TLS object.
* returns 0 on success, otherwise failure.
*/
static int RestartHandshakeHash(WOLFSSL* ssl)
{
int ret;
Hashes hashes;
byte header[HANDSHAKE_HEADER_SZ];
byte* hash = NULL;
byte hashSz = 0;
ret = BuildCertHashes(ssl, &hashes);
if (ret != 0)
return ret;
switch (ssl->specs.mac_algorithm) {
#ifndef NO_SHA256
case sha256_mac:
hash = hashes.sha256;
break;
#endif
#ifdef WOLFSSL_SHA384
case sha384_mac:
hash = hashes.sha384;
break;
#endif
#ifdef WOLFSSL_TLS13_SHA512
case sha512_mac:
hash = hashes.sha512;
break;
#endif
}
hashSz = ssl->specs.hash_size;
AddTls13HandShakeHeader(header, hashSz, 0, 0, message_hash, ssl);
WOLFSSL_MSG("Restart Hash");
WOLFSSL_BUFFER(hash, hashSz);
#if defined(WOLFSSL_SEND_HRR_COOKIE) && !defined(NO_WOLFSSL_SERVER)
if (ssl->options.sendCookie) {
byte cookie[OPAQUE8_LEN + WC_MAX_DIGEST_SIZE + OPAQUE16_LEN * 2];
TLSX* ext;
word32 idx = 0;
/* Cookie Data = Hash Len | Hash | CS | KeyShare Group */
cookie[idx++] = hashSz;
XMEMCPY(cookie + idx, hash, hashSz);
idx += hashSz;
cookie[idx++] = ssl->options.cipherSuite0;
cookie[idx++] = ssl->options.cipherSuite;
if ((ext = TLSX_Find(ssl->extensions, TLSX_KEY_SHARE)) != NULL) {
KeyShareEntry* kse = (KeyShareEntry*)ext->data;
c16toa(kse->group, cookie + idx);
idx += OPAQUE16_LEN;
}
return CreateCookie(ssl, cookie, idx);
}
#endif
ret = InitHandshakeHashes(ssl);
if (ret != 0)
return ret;
ret = HashOutputRaw(ssl, header, sizeof(header));
if (ret != 0)
return ret;
return HashOutputRaw(ssl, hash, hashSz);
}
/* The value in the random field of a ServerHello to indicate
* HelloRetryRequest.
*/
static byte helloRetryRequestRandom[] = {
0xCF, 0x21, 0xAD, 0x74, 0xE5, 0x9A, 0x61, 0x11,
0xBE, 0x1D, 0x8C, 0x02, 0x1E, 0x65, 0xB8, 0x91,
0xC2, 0xA2, 0x11, 0x16, 0x7A, 0xBB, 0x8C, 0x5E,
0x07, 0x9E, 0x09, 0xE2, 0xC8, 0xA8, 0x33, 0x9C
};
#endif /* WOLFSSL_TLS13_DRAFT_18 */
#ifndef NO_WOLFSSL_CLIENT
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
/* Setup pre-shared key based on the details in the extension data.
@@ -2540,117 +2661,6 @@ int SendTls13ClientHello(WOLFSSL* ssl)
return ret;
}
#ifndef WOLFSSL_TLS13_DRAFT_18
#ifdef WOLFSSL_SEND_HRR_COOKIE
/* Create Cookie extension using the hash of the first ClientHello.
*
* ssl SSL/TLS object.
* hash The hash data.
* hashSz The size of the hash data in bytes.
* returns 0 on success, otherwise failure.
*/
static int CreateCookie(WOLFSSL* ssl, byte* hash, byte hashSz)
{
int ret;
byte mac[WC_MAX_DIGEST_SIZE];
Hmac cookieHmac;
byte cookieType;
byte macSz;
#if !defined(NO_SHA) && defined(NO_SHA256)
cookieType = SHA;
macSz = WC_SHA_DIGEST_SIZE;
#endif /* NO_SHA */
#ifndef NO_SHA256
cookieType = WC_SHA256;
macSz = WC_SHA256_DIGEST_SIZE;
#endif /* NO_SHA256 */
ret = wc_HmacSetKey(&cookieHmac, cookieType,
ssl->buffers.tls13CookieSecret.buffer,
ssl->buffers.tls13CookieSecret.length);
if (ret != 0)
return ret;
if ((ret = wc_HmacUpdate(&cookieHmac, hash, hashSz)) != 0)
return ret;
if ((ret = wc_HmacFinal(&cookieHmac, mac)) != 0)
return ret;
/* The cookie data is the hash and the integrity check. */
return TLSX_Cookie_Use(ssl, hash, hashSz, mac, macSz, 1);
}
#endif
/* Restart the Hanshake hash with a hash of the previous messages.
*
* ssl The SSL/TLS object.
* returns 0 on success, otherwise failure.
*/
static int RestartHandshakeHash(WOLFSSL* ssl)
{
int ret;
Hashes hashes;
byte header[HANDSHAKE_HEADER_SZ];
byte* hash = NULL;
byte hashSz = 0;
ret = BuildCertHashes(ssl, &hashes);
if (ret != 0)
return ret;
switch (ssl->specs.mac_algorithm) {
#ifndef NO_SHA256
case sha256_mac:
hash = hashes.sha256;
break;
#endif
#ifdef WOLFSSL_SHA384
case sha384_mac:
hash = hashes.sha384;
break;
#endif
#ifdef WOLFSSL_TLS13_SHA512
case sha512_mac:
hash = hashes.sha512;
break;
#endif
}
hashSz = ssl->specs.hash_size;
AddTls13HandShakeHeader(header, hashSz, 0, 0, message_hash, ssl);
WOLFSSL_MSG("Restart Hash");
WOLFSSL_BUFFER(hash, hashSz);
#ifdef WOLFSSL_SEND_HRR_COOKIE
if (ssl->options.sendCookie) {
byte cookie[OPAQUE8_LEN + WC_MAX_DIGEST_SIZE + OPAQUE16_LEN * 2];
TLSX* ext;
word32 idx = 0;
/* Cookie Data = Hash Len | Hash | CS | KeyShare Group */
cookie[idx++] = hashSz;
XMEMCPY(cookie + idx, hash, hashSz);
idx += hashSz;
cookie[idx++] = ssl->options.cipherSuite0;
cookie[idx++] = ssl->options.cipherSuite;
if ((ext = TLSX_Find(ssl->extensions, TLSX_KEY_SHARE)) != NULL) {
KeyShareEntry* kse = (KeyShareEntry*)ext->data;
c16toa(kse->group, cookie + idx);
idx += OPAQUE16_LEN;
}
return CreateCookie(ssl, cookie, idx);
}
#endif
ret = InitHandshakeHashes(ssl);
if (ret != 0)
return ret;
ret = HashOutputRaw(ssl, header, sizeof(header));
if (ret != 0)
return ret;
return HashOutputRaw(ssl, hash, hashSz);
}
#endif
#ifdef WOLFSSL_TLS13_DRAFT_18
/* handle rocessing of TLS 1.3 hello_retry_request (6) */
/* Parse and handle a HelloRetryRequest message.
@@ -2720,18 +2730,6 @@ static int DoTls13HelloRetryRequest(WOLFSSL* ssl, const byte* input,
#endif
#ifndef WOLFSSL_TLS13_DRAFT_18
/* The value in the random field of a ServerHello to indicate
* HelloRetryRequest.
*/
static byte helloRetryRequestRandom[] = {
0xCF, 0x21, 0xAD, 0x74, 0xE5, 0x9A, 0x61, 0x11,
0xBE, 0x1D, 0x8C, 0x02, 0x1E, 0x65, 0xB8, 0x91,
0xC2, 0xA2, 0x11, 0x16, 0x7A, 0xBB, 0x8C, 0x5E,
0x07, 0x9E, 0x09, 0xE2, 0xC8, 0xA8, 0x33, 0x9C
};
#endif
/* handle processing of TLS 1.3 server_hello (2) and hello_retry_request (6) */
/* Handle the ServerHello message from the server.
* Only a client will receive this message.
@@ -3202,16 +3200,6 @@ static int DoTls13CertificateRequest(WOLFSSL* ssl, const byte* input,
/* This message is always encrypted so add encryption padding. */
*inOutIdx += ssl->keys.padSz;
#if !defined(NO_WOLFSSL_CLIENT) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
if (ssl->options.side == WOLFSSL_CLIENT_END &&
ssl->options.handShakeState == HANDSHAKE_DONE) {
/* reset handshake states */
ssl->options.clientState = CLIENT_HELLO_COMPLETE;
ssl->options.connectState = FIRST_REPLY_DONE;
ssl->options.handShakeState = CLIENT_HELLO_COMPLETE;
}
#endif
WOLFSSL_LEAVE("DoTls13CertificateRequest", ret);
WOLFSSL_END(WC_FUNC_CERTIFICATE_REQUEST_DO);
@@ -3713,8 +3701,14 @@ static int RestartHandshakeHashWithCookie(WOLFSSL* ssl, Cookie* cookie)
hrrIdx += 2;
c16toa(OPAQUE16_LEN, hrr + hrrIdx);
hrrIdx += 2;
hrr[hrrIdx++] = ssl->version.major;
hrr[hrrIdx++] = ssl->version.minor;
/* TODO: [TLS13] Change to ssl->version.major and minor once final. */
#ifdef WOLFSSL_TLS13_FINAL
hrr[hrrIdx++] = ssl->version.major;
hrr[hrrIdx++] = ssl->version.minor;
#else
hrr[hrrIdx++] = TLS_DRAFT_MAJOR;
hrr[hrrIdx++] = TLS_DRAFT_MINOR;
#endif
#endif
/* Mandatory Cookie Extension */
c16toa(TLSX_COOKIE, hrr + hrrIdx);
@@ -3972,31 +3966,9 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
/* Check that the negotiated ciphersuite matches protocol version. */
if (IsAtLeastTLSv1_3(ssl->version)) {
if (ssl->options.cipherSuite0 != TLS13_BYTE) {
#ifndef WOLFSSL_NO_TLS12
TLSX* ext;
if (!ssl->options.downgrade) {
WOLFSSL_MSG("Negotiated ciphersuite from lesser version "
"than TLS v1.3");
return VERSION_ERROR;
}
WOLFSSL_MSG("Downgrading protocol due to cipher suite");
if (pv.minor < ssl->options.minDowngrade)
return VERSION_ERROR;
ssl->version.minor = ssl->options.oldMinor;
/* Downgrade from TLS v1.3 */
ssl->options.tls1_3 = 0;
ext = TLSX_Find(ssl->extensions, TLSX_SUPPORTED_VERSIONS);
if (ext != NULL)
ext->resp = 0;
#else
WOLFSSL_MSG("Negotiated ciphersuite from lesser version than "
"TLS v1.3");
return VERSION_ERROR;
#endif
}
}
/* VerifyServerSuite handles when version is less than 1.3 */
@@ -5855,7 +5827,15 @@ static int DoTls13Finished(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
if (*inOutIdx + size + ssl->keys.padSz > totalSz)
return BUFFER_E;
if (ssl->options.side == WOLFSSL_CLIENT_END) {
if (ssl->options.handShakeDone) {
ret = DeriveFinishedSecret(ssl, ssl->arrays->clientSecret,
ssl->keys.client_write_MAC_secret);
if (ret != 0)
return ret;
secret = ssl->keys.client_write_MAC_secret;
}
else if (ssl->options.side == WOLFSSL_CLIENT_END) {
/* All the handshake messages have been received to calculate
* client and server finished keys.
*/
@@ -5961,7 +5941,15 @@ static int SendTls13Finished(WOLFSSL* ssl)
AddTls13HandShakeHeader(input, finishedSz, 0, finishedSz, finished, ssl);
/* make finished hashes */
if (ssl->options.side == WOLFSSL_CLIENT_END)
if (ssl->options.handShakeDone) {
ret = DeriveFinishedSecret(ssl, ssl->arrays->clientSecret,
ssl->keys.client_write_MAC_secret);
if (ret != 0)
return ret;
secret = ssl->keys.client_write_MAC_secret;
}
else if (ssl->options.side == WOLFSSL_CLIENT_END)
secret = ssl->keys.client_write_MAC_secret;
else {
/* All the handshake messages have been done to calculate client and
@@ -6864,13 +6852,14 @@ static int SanityCheckTls13MsgReceived(WOLFSSL* ssl, byte type)
ssl->arrays->psk_keySz != 0) {
WOLFSSL_MSG("CertificateRequset received while using PSK");
return SANITY_MSG_E;
return SANITY_MSG_E;
}
#endif
#ifndef WOLFSSL_POST_HANDSHAKE_AUTH
if (ssl->msgsReceived.got_certificate_request) {
WOLFSSL_MSG("Duplicate CertificateRequest received");
return DUPLICATE_MSG_E;
}
#endif
ssl->msgsReceived.got_certificate_request = 1;
break;
@@ -6878,20 +6867,20 @@ static int SanityCheckTls13MsgReceived(WOLFSSL* ssl, byte type)
case certificate_verify:
#ifndef NO_WOLFSSL_CLIENT
if (ssl->options.side == WOLFSSL_CLIENT_END &&
ssl->options.serverState != SERVER_CERT_COMPLETE) {
WOLFSSL_MSG("No Cert before CertVerify");
return OUT_OF_ORDER_E;
if (ssl->options.side == WOLFSSL_CLIENT_END) {
if (ssl->options.serverState != SERVER_CERT_COMPLETE) {
WOLFSSL_MSG("No Cert before CertVerify");
return OUT_OF_ORDER_E;
}
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
/* Server's authenticating with PSK must not send this. */
if (ssl->options.serverState == SERVER_CERT_COMPLETE &&
ssl->arrays->psk_keySz != 0) {
WOLFSSL_MSG("CertificateVerify received while using PSK");
return SANITY_MSG_E;
}
#endif
}
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
/* Server's authenticating with PSK must not send this. */
if (ssl->options.side == WOLFSSL_CLIENT_END &&
ssl->options.serverState == SERVER_CERT_COMPLETE &&
ssl->arrays->psk_keySz != 0) {
WOLFSSL_MSG("CertificateVerify received while using PSK");
return SANITY_MSG_E;
}
#endif
#endif
#ifndef NO_WOLFSSL_SERVER
if (ssl->options.side == WOLFSSL_SERVER_END) {
@@ -7134,47 +7123,61 @@ int DoTls13HandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
if (ssl->options.tls1_3) {
/* Need to hash input message before deriving secrets. */
#ifndef NO_WOLFSSL_CLIENT
if (type == server_hello && ssl->options.side == WOLFSSL_CLIENT_END) {
if ((ret = DeriveEarlySecret(ssl)) != 0)
return ret;
if ((ret = DeriveHandshakeSecret(ssl)) != 0)
return ret;
#ifndef NO_WOLFSSL_CLIENT
if (ssl->options.side == WOLFSSL_CLIENT_END) {
if (type == server_hello) {
if ((ret = DeriveEarlySecret(ssl)) != 0)
return ret;
if ((ret = DeriveHandshakeSecret(ssl)) != 0)
return ret;
if ((ret = DeriveTls13Keys(ssl, handshake_key,
if ((ret = DeriveTls13Keys(ssl, handshake_key,
ENCRYPT_AND_DECRYPT_SIDE, 1)) != 0) {
return ret;
return ret;
}
#ifdef WOLFSSL_EARLY_DATA
if ((ret = SetKeysSide(ssl, DECRYPT_SIDE_ONLY)) != 0)
return ret;
#else
if ((ret = SetKeysSide(ssl, ENCRYPT_AND_DECRYPT_SIDE)) != 0)
return ret;
#endif
}
#ifdef WOLFSSL_EARLY_DATA
if ((ret = SetKeysSide(ssl, DECRYPT_SIDE_ONLY)) != 0)
return ret;
#else
if ((ret = SetKeysSide(ssl, ENCRYPT_AND_DECRYPT_SIDE)) != 0)
return ret;
#endif
}
if (type == finished && ssl->options.side == WOLFSSL_CLIENT_END) {
if ((ret = DeriveMasterSecret(ssl)) != 0)
return ret;
#ifdef WOLFSSL_EARLY_DATA
if ((ret = DeriveTls13Keys(ssl, traffic_key,
if (type == finished) {
if ((ret = DeriveMasterSecret(ssl)) != 0)
return ret;
#ifdef WOLFSSL_EARLY_DATA
if ((ret = DeriveTls13Keys(ssl, traffic_key,
ENCRYPT_AND_DECRYPT_SIDE,
ssl->earlyData == no_early_data)) != 0) {
return ret;
}
#else
if ((ret = DeriveTls13Keys(ssl, traffic_key,
return ret;
}
#else
if ((ret = DeriveTls13Keys(ssl, traffic_key,
ENCRYPT_AND_DECRYPT_SIDE, 1)) != 0) {
return ret;
return ret;
}
#endif
}
#endif
#ifdef WOLFSSL_POST_HANDSHAKE_AUTH
if (type == certificate_request &&
ssl->options.handShakeState == HANDSHAKE_DONE) {
/* reset handshake states */
ssl->options.clientState = CLIENT_HELLO_COMPLETE;
ssl->options.connectState = FIRST_REPLY_DONE;
ssl->options.handShakeState = CLIENT_HELLO_COMPLETE;
if (wolfSSL_connect_TLSv13(ssl) != SSL_SUCCESS)
ret = POST_HAND_AUTH_ERROR;
}
#endif
}
#endif /* NO_WOLFSSL_CLIENT */
#endif /* NO_WOLFSSL_CLIENT */
#ifndef NO_WOLFSSL_SERVER
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
if (type == finished && ssl->options.side == WOLFSSL_SERVER_END) {
if (ssl->options.side == WOLFSSL_SERVER_END && type == finished) {
ret = DeriveResumptionSecret(ssl, ssl->session.masterSecret);
if (ret != 0)
return ret;
@@ -7301,6 +7304,7 @@ int DoTls13HandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx,
return ret;
}
#ifndef NO_WOLFSSL_CLIENT
/* The client connecting to the server.
* The protocol version is expecting to be TLS v1.3.
@@ -7497,14 +7501,9 @@ int wolfSSL_connect_TLSv13(WOLFSSL* ssl)
FALL_THROUGH;
case FIRST_REPLY_THIRD:
#if !defined(NO_CERTS) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
if (!ssl->options.sendVerify || !ssl->options.postHandshakeAuth)
#endif
{
if ((ssl->error = SendTls13Finished(ssl)) != 0) {
WOLFSSL_ERROR(ssl->error);
return WOLFSSL_FATAL_ERROR;
}
if ((ssl->error = SendTls13Finished(ssl)) != 0) {
WOLFSSL_ERROR(ssl->error);
return WOLFSSL_FATAL_ERROR;
}
WOLFSSL_MSG("sent: finished");
@@ -7532,8 +7531,9 @@ int wolfSSL_connect_TLSv13(WOLFSSL* ssl)
return WOLFSSL_FATAL_ERROR; /* unknown connect state */
}
}
#endif
#if defined(WOLFSSL_SEND_HRR_COOKIE) && !defined(NO_WOLFSSL_SERVER)
#if defined(WOLFSSL_SEND_HRR_COOKIE)
/* Send a cookie with the HelloRetryRequest to avoid storing state.
*
* ssl SSL/TLS object.
@@ -7551,6 +7551,7 @@ int wolfSSL_send_hrr_cookie(WOLFSSL* ssl, const unsigned char* secret,
if (ssl == NULL || !IsAtLeastTLSv1_3(ssl->version))
return BAD_FUNC_ARG;
#ifndef NO_WOLFSSL_SERVER
if (ssl->options.side == WOLFSSL_CLIENT_END)
return SIDE_ERROR;
@@ -7597,7 +7598,15 @@ int wolfSSL_send_hrr_cookie(WOLFSSL* ssl, const unsigned char* secret,
ssl->options.sendCookie = 1;
return WOLFSSL_SUCCESS;
ret = WOLFSSL_SUCCESS;
#else
(void)secret;
(void)secretSz;
ret = SIDE_ERROR;
#endif
return ret;
}
#endif
@@ -7783,10 +7792,13 @@ int wolfSSL_allow_post_handshake_auth(WOLFSSL* ssl)
int wolfSSL_request_certificate(WOLFSSL* ssl)
{
int ret;
#ifndef NO_WOLFSSL_SERVER
CertReqCtx* certReqCtx;
#endif
if (ssl == NULL || !IsAtLeastTLSv1_3(ssl->version))
return BAD_FUNC_ARG;
#ifndef NO_WOLFSSL_SERVER
if (ssl->options.side == WOLFSSL_CLIENT_END)
return SIDE_ERROR;
if (ssl->options.handShakeState != HANDSHAKE_DONE)
@@ -7805,16 +7817,24 @@ int wolfSSL_request_certificate(WOLFSSL* ssl)
certReqCtx->ctx = certReqCtx->next->ctx + 1;
ssl->certReqCtx = certReqCtx;
ssl->msgsReceived.got_certificate = 0;
ssl->msgsReceived.got_certificate_verify = 0;
ssl->msgsReceived.got_finished = 0;
ret = SendTls13CertificateRequest(ssl, &certReqCtx->ctx, certReqCtx->len);
if (ret == WANT_WRITE)
ret = WOLFSSL_ERROR_WANT_WRITE;
else if (ret == 0)
ret = WOLFSSL_SUCCESS;
#else
ret = SIDE_ERROR;
#endif
return ret;
}
#endif /* !NO_CERTS && WOLFSSL_POST_HANDSHAKE_AUTH */
#if !defined(NO_WOLFSSL_CLIENT) && !defined(WOLFSSL_NO_SERVER_GROUPS_EXT)
#if !defined(WOLFSSL_NO_SERVER_GROUPS_EXT)
/* Get the preferred key exchange group.
*
* ssl The SSL/TLS object.
@@ -7824,19 +7844,19 @@ int wolfSSL_request_certificate(WOLFSSL* ssl)
*/
int wolfSSL_preferred_group(WOLFSSL* ssl)
{
int ret;
if (ssl == NULL || !IsAtLeastTLSv1_3(ssl->version))
return BAD_FUNC_ARG;
#ifndef NO_WOLFSSL_CLIENT
if (ssl->options.side == WOLFSSL_SERVER_END)
return SIDE_ERROR;
if (ssl->options.handShakeState != HANDSHAKE_DONE)
return NOT_READY_ERROR;
/* Return supported groups only. */
ret = TLSX_SupportedCurve_Preferred(ssl, 1);
return ret;
return TLSX_SupportedCurve_Preferred(ssl, 1);
#else
return SIDE_ERROR;
#endif
}
#endif
@@ -8253,6 +8273,7 @@ int wolfSSL_write_early_data(WOLFSSL* ssl, const void* data, int sz, int* outSz)
if (!IsAtLeastTLSv1_3(ssl->version))
return BAD_FUNC_ARG;
#ifndef NO_WOLFSSL_CLIENT
if (ssl->options.side == WOLFSSL_SERVER_END)
return SIDE_ERROR;
@@ -8267,6 +8288,9 @@ int wolfSSL_write_early_data(WOLFSSL* ssl, const void* data, int sz, int* outSz)
if (ret > 0)
*outSz = ret;
}
#else
return SIDE_ERROR;
#endif
WOLFSSL_LEAVE("SSL_write_early_data()", ret);
@@ -8287,7 +8311,7 @@ int wolfSSL_write_early_data(WOLFSSL* ssl, const void* data, int sz, int* outSz)
*/
int wolfSSL_read_early_data(WOLFSSL* ssl, void* data, int sz, int* outSz)
{
int ret;
int ret = 0;
WOLFSSL_ENTER("wolfSSL_read_early_data()");
@@ -8297,6 +8321,7 @@ int wolfSSL_read_early_data(WOLFSSL* ssl, void* data, int sz, int* outSz)
if (!IsAtLeastTLSv1_3(ssl->version))
return BAD_FUNC_ARG;
#ifndef NO_WOLFSSL_SERVER
if (ssl->options.side == WOLFSSL_CLIENT_END)
return SIDE_ERROR;
@@ -8315,6 +8340,9 @@ int wolfSSL_read_early_data(WOLFSSL* ssl, void* data, int sz, int* outSz)
}
else
ret = 0;
#else
return SIDE_ERROR;
#endif
WOLFSSL_LEAVE("wolfSSL_read_early_data()", ret);
+365 -92
View File
File diff suppressed because it is too large Load Diff
+11 -9
View File
@@ -703,15 +703,17 @@ int SuiteTest(void)
#endif
#ifndef NO_PSK
#ifndef WOLFSSL_NO_TLS12
/* add psk cipher suites */
strcpy(argv0[1], "tests/test-psk.conf");
printf("starting psk cipher suite tests\n");
test_harness(&args);
if (args.return_code != 0) {
printf("error from script %d\n", args.return_code);
args.return_code = EXIT_FAILURE;
goto exit;
}
#if !defined(NO_RSA) || defined(HAVE_ECC)
/* add psk cipher suites */
strcpy(argv0[1], "tests/test-psk.conf");
printf("starting psk cipher suite tests\n");
test_harness(&args);
if (args.return_code != 0) {
printf("error from script %d\n", args.return_code);
args.return_code = EXIT_FAILURE;
goto exit;
}
#endif
#endif
#ifdef WOLFSSL_TLS13
/* add psk extra suites */
+39 -8
View File
@@ -1,30 +1,61 @@
# server bad certificate alt name
# server bad certificate common name has null
# DG: Have not found a way to properly encode null in common name
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-k ./certs/test/server-badaltnamenull.key
-c ./certs/test/server-badaltnamenull.pem
-k ./certs/server-key.pem
-c ./certs/test/server-badcnnull.pem
-d
# client bad certificate alt name
# client bad certificate common name has null
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-h localhost
-A ./certs/test/server-badaltnamenull.pem
-A ./certs/test/server-badcnnull.pem
-m
-x
# server bad certificate alternate name has null
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-k ./certs/server-key.pem
-c ./certs/test/server-badaltnull.pem
-d
# client bad certificate alternate name has null
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-h localhost
-A ./certs/test/server-badaltnull.pem
-m
-x
# server nomatch common name
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-k ./certs/test/server-nomatch.key
-c ./certs/test/server-nomatch.pem
-k ./certs/server-key.pem
-c ./certs/test/server-badcn.pem
-d
# client nomatch common name
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-h localhost
-A ./certs/test/server-nomatch.pem
-A ./certs/test/server-badcn.pem
-m
-x
# server nomatch alternate name
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-k ./certs/server-key.pem
-c ./certs/test/server-badaltname.pem
-d
# client nomatch alternate name
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-h localhost
-A ./certs/test/server-badaltname.pem
-m
-x
+1 -9
View File
@@ -1,15 +1,7 @@
# server - standard PSK
# server - PSK plus certificates
-j
-l PSK-CHACHA20-POLY1305
# client- standard PSK
-s
-l PSK-CHACHA20-POLY1305
# server
-j
-l ECDHE-RSA-AES256-GCM-SHA384:PSK-CHACHA20-POLY1305
# client
-l ECDHE-RSA-AES256-GCM-SHA384:PSK-CHACHA20-POLY1305
+60
View File
@@ -2246,3 +2246,63 @@
-D certs/dh3072.pem
-c certs/client-cert-3072.pem
-k certs/client-key-3072.pem
# server good certificate common name
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-k ./certs/server-key.pem
-c ./certs/test/server-goodcn.pem
-d
# client good certificate common name
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-h localhost
-A ./certs/test/server-goodcn.pem
-m
-C
# server good certificate alt name
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-k ./certs/server-key.pem
-c ./certs/test/server-goodalt.pem
-d
# client good certificate alt name
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-h localhost
-A ./certs/test/server-goodalt.pem
-m
-C
# server good certificate common name wild
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-k ./certs/server-key.pem
-c ./certs/test/server-goodcnwild.pem
-d
# client good certificate common name wild
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-h localhost
-A ./certs/test/server-goodcnwild.pem
-m
-C
# server good certificate alt name wild
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-k ./certs/server-key.pem
-c ./certs/test/server-goodaltwild.pem
-d
# client good certificate alt name wild
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-h localhost
-A ./certs/test/server-goodaltwild.pem
-m
-C
+2
View File
@@ -71,11 +71,13 @@ int unit_test(int argc, char** argv)
goto exit;
}
#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER)
#ifndef SINGLE_THREADED
if ( (ret = SuiteTest()) != 0){
printf("suite test failed with %d\n", ret);
goto exit;
}
#endif
#endif
SrpTest();
+15 -5
View File
@@ -81,17 +81,27 @@ static word32 cpuid_check = 0 ;
static word32 cpuid_flags = 0 ;
static word32 cpuid_flag(word32 leaf, word32 sub, word32 num, word32 bit) {
int got_intel_cpu=0;
int got_intel_cpu = 0;
int got_amd_cpu = 0;
unsigned int reg[5];
reg[4] = '\0' ;
cpuid(reg, 0, 0);
if(memcmp((char *)&(reg[EBX]), "Genu", 4) == 0 &&
memcmp((char *)&(reg[EDX]), "ineI", 4) == 0 &&
memcmp((char *)&(reg[ECX]), "ntel", 4) == 0) {
/* check for intel cpu */
if( memcmp((char *)&(reg[EBX]), "Genu", 4) == 0 &&
memcmp((char *)&(reg[EDX]), "ineI", 4) == 0 &&
memcmp((char *)&(reg[ECX]), "ntel", 4) == 0) {
got_intel_cpu = 1;
}
if (got_intel_cpu) {
/* check for AMD cpu */
if( memcmp((char *)&(reg[EBX]), "Auth", 4) == 0 &&
memcmp((char *)&(reg[EDX]), "enti", 4) == 0 &&
memcmp((char *)&(reg[ECX]), "cAMD", 4) == 0) {
got_amd_cpu = 1;
}
if (got_intel_cpu || got_amd_cpu) {
cpuid(reg, leaf, sub);
return((reg[num]>>bit)&0x1) ;
}
Executable → Regular
+13 -9
View File
@@ -4203,9 +4203,10 @@ static int GetName(DecodedCert* cert, int nameType)
XFREE(emailName, cert->heap, DYNAMIC_TYPE_ALTNAME);
return MEMORY_E;
}
emailName->len = adv;
XMEMCPY(emailName->name,
&cert->source[cert->srcIdx], adv);
emailName->name[adv] = 0;
emailName->name[adv] = '\0';
emailName->next = cert->altEmailNames;
cert->altEmailNames = emailName;
@@ -5547,7 +5548,7 @@ static int ConfirmNameConstraints(Signer* signer, DecodedCert* cert)
DNS_entry* name = cert->altNames;
while (name != NULL) {
if (MatchBaseName(ASN_DNS_TYPE,
name->name, (int)XSTRLEN(name->name),
name->name, name->len,
base->name, base->nameSz)) {
return 0;
}
@@ -5560,7 +5561,7 @@ static int ConfirmNameConstraints(Signer* signer, DecodedCert* cert)
DNS_entry* name = cert->altEmailNames;
while (name != NULL) {
if (MatchBaseName(ASN_RFC822_TYPE,
name->name, (int)XSTRLEN(name->name),
name->name, name->len,
base->name, base->nameSz)) {
return 0;
}
@@ -5604,7 +5605,7 @@ static int ConfirmNameConstraints(Signer* signer, DecodedCert* cert)
while (name != NULL) {
matchDns = MatchBaseName(ASN_DNS_TYPE,
name->name, (int)XSTRLEN(name->name),
name->name, name->len,
base->name, base->nameSz);
name = name->next;
}
@@ -5619,7 +5620,7 @@ static int ConfirmNameConstraints(Signer* signer, DecodedCert* cert)
while (name != NULL) {
matchEmail = MatchBaseName(ASN_DNS_TYPE,
name->name, (int)XSTRLEN(name->name),
name->name, name->len,
base->name, base->nameSz);
name = name->next;
}
@@ -5700,7 +5701,7 @@ static int DecodeAltNames(byte* input, int sz, DecodedCert* cert)
XFREE(dnsEntry, cert->heap, DYNAMIC_TYPE_ALTNAME);
return MEMORY_E;
}
dnsEntry->len = strLen;
XMEMCPY(dnsEntry->name, &input[idx], strLen);
dnsEntry->name[strLen] = '\0';
@@ -5737,7 +5738,7 @@ static int DecodeAltNames(byte* input, int sz, DecodedCert* cert)
XFREE(emailEntry, cert->heap, DYNAMIC_TYPE_ALTNAME);
return MEMORY_E;
}
emailEntry->len = strLen;
XMEMCPY(emailEntry->name, &input[idx], strLen);
emailEntry->name[strLen] = '\0';
@@ -5808,7 +5809,7 @@ static int DecodeAltNames(byte* input, int sz, DecodedCert* cert)
XFREE(uriEntry, cert->heap, DYNAMIC_TYPE_ALTNAME);
return MEMORY_E;
}
uriEntry->len = strLen;
XMEMCPY(uriEntry->name, &input[idx], strLen);
uriEntry->name[strLen] = '\0';
@@ -10884,8 +10885,11 @@ static int SignCert(int requestSz, int sType, byte* buffer, word32 buffSz,
sigSz = MakeSignature(certSignCtx, buffer, requestSz, certSignCtx->sig,
MAX_ENCODED_SIG_SZ, rsaKey, eccKey, ed25519Key, rng, sType, heap);
if (sigSz == WC_PENDING_E)
if (sigSz == WC_PENDING_E) {
/* Not free'ing certSignCtx->sig here because it could still be in use
* with async operations. */
return sigSz;
}
if (sigSz >= 0) {
if (requestSz + MAX_SEQ_SZ * 2 + sigSz > (int)buffSz)
+12 -3
View File
@@ -60,16 +60,26 @@
static word32 cpuid_flag(word32 leaf, word32 sub, word32 num, word32 bit)
{
int got_intel_cpu = 0;
int got_amd_cpu = 0;
unsigned int reg[5];
reg[4] = '\0';
cpuid(reg, 0, 0);
/* check for Intel cpu */
if (XMEMCMP((char *)&(reg[EBX]), "Genu", 4) == 0 &&
XMEMCMP((char *)&(reg[EDX]), "ineI", 4) == 0 &&
XMEMCMP((char *)&(reg[ECX]), "ntel", 4) == 0) {
got_intel_cpu = 1;
}
if (got_intel_cpu) {
/* check for AMD cpu */
if (XMEMCMP((char *)&(reg[EBX]), "Auth", 4) == 0 &&
XMEMCMP((char *)&(reg[EDX]), "enti", 4) == 0 &&
XMEMCMP((char *)&(reg[ECX]), "cAMD", 4) == 0) {
got_amd_cpu = 1;
}
if (got_intel_cpu || got_amd_cpu) {
cpuid(reg, leaf, sub);
return ((reg[num] >> bit) & 0x1);
}
@@ -98,4 +108,3 @@
return cpuid_flags;
}
#endif
+207
View File
@@ -0,0 +1,207 @@
/* cryptodev.c
*
* Copyright (C) 2006-2018 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/* This framework provides a central place for crypto hardware integration
using the devId scheme. If not supported return `NOT_COMPILED_IN`. */
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <wolfssl/wolfcrypt/settings.h>
#ifdef WOLF_CRYPTO_DEV
#include <wolfssl/wolfcrypt/cryptodev.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
#include <wolfssl/wolfcrypt/logging.h>
/* TODO: Consider linked list with mutex */
#ifndef MAX_CRYPTO_DEVICES
#define MAX_CRYPTO_DEVICES 8
#endif
typedef struct CryptoDev {
int devId;
CryptoDevCallbackFunc cb;
void* ctx;
} CryptoDev;
static CryptoDev gCryptoDev[MAX_CRYPTO_DEVICES];
static CryptoDev* wc_CryptoDev_FindDevice(int devId)
{
int i;
for (i=0; i<MAX_CRYPTO_DEVICES; i++) {
if (gCryptoDev[i].devId == devId)
return &gCryptoDev[i];
}
return NULL;
}
void wc_CryptoDev_Init(void)
{
int i;
for (i=0; i<MAX_CRYPTO_DEVICES; i++)
gCryptoDev[i].devId = INVALID_DEVID;
}
int wc_CryptoDev_RegisterDevice(int devId, CryptoDevCallbackFunc cb, void* ctx)
{
/* find existing or new */
CryptoDev* dev = wc_CryptoDev_FindDevice(devId);
if (dev == NULL)
dev = wc_CryptoDev_FindDevice(INVALID_DEVID);
if (dev == NULL)
return BUFFER_E; /* out of devices */
dev->devId = devId;
dev->cb = cb;
dev->ctx = ctx;
return 0;
}
void wc_CryptoDev_UnRegisterDevice(int devId)
{
CryptoDev* dev = wc_CryptoDev_FindDevice(devId);
if (dev) {
XMEMSET(dev, 0, sizeof(*dev));
dev->devId = INVALID_DEVID;
}
}
#ifndef NO_RSA
int wc_CryptoDev_Rsa(const byte* in, word32 inLen, byte* out,
word32* outLen, int type, RsaKey* key, WC_RNG* rng)
{
int ret = NOT_COMPILED_IN;
CryptoDev* dev;
/* locate registered callback */
dev = wc_CryptoDev_FindDevice(key->devId);
if (dev) {
if (dev->cb) {
wc_CryptoInfo cryptoInfo;
XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo));
cryptoInfo.algo_type = WC_ALGO_TYPE_PK;
cryptoInfo.pk.type = WC_PK_TYPE_RSA;
cryptoInfo.pk.rsa.in = in;
cryptoInfo.pk.rsa.inLen = inLen;
cryptoInfo.pk.rsa.out = out;
cryptoInfo.pk.rsa.outLen = outLen;
cryptoInfo.pk.rsa.type = type;
cryptoInfo.pk.rsa.key = key;
cryptoInfo.pk.rsa.rng = rng;
ret = dev->cb(key->devId, &cryptoInfo, dev->ctx);
}
}
return ret;
}
#endif /* !NO_RSA */
#ifdef HAVE_ECC
int wc_CryptoDev_Ecdh(ecc_key* private_key, ecc_key* public_key,
byte* out, word32* outlen)
{
int ret = NOT_COMPILED_IN;
CryptoDev* dev;
/* locate registered callback */
dev = wc_CryptoDev_FindDevice(private_key->devId);
if (dev) {
if (dev->cb) {
wc_CryptoInfo cryptoInfo;
XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo));
cryptoInfo.algo_type = WC_ALGO_TYPE_PK;
cryptoInfo.pk.type = WC_PK_TYPE_ECDH;
cryptoInfo.pk.ecdh.private_key = private_key;
cryptoInfo.pk.ecdh.public_key = public_key;
cryptoInfo.pk.ecdh.out = out;
cryptoInfo.pk.ecdh.outlen = outlen;
ret = dev->cb(private_key->devId, &cryptoInfo, dev->ctx);
}
}
return ret;
}
int wc_CryptoDev_EccSign(const byte* in, word32 inlen, byte* out,
word32 *outlen, WC_RNG* rng, ecc_key* key)
{
int ret = NOT_COMPILED_IN;
CryptoDev* dev;
/* locate registered callback */
dev = wc_CryptoDev_FindDevice(key->devId);
if (dev) {
if (dev->cb) {
wc_CryptoInfo cryptoInfo;
XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo));
cryptoInfo.algo_type = WC_ALGO_TYPE_PK;
cryptoInfo.pk.type = WC_PK_TYPE_ECDSA_SIGN;
cryptoInfo.pk.eccsign.in = in;
cryptoInfo.pk.eccsign.inlen = inlen;
cryptoInfo.pk.eccsign.out = out;
cryptoInfo.pk.eccsign.outlen = outlen;
cryptoInfo.pk.eccsign.rng = rng;
cryptoInfo.pk.eccsign.key = key;
ret = dev->cb(key->devId, &cryptoInfo, dev->ctx);
}
}
return ret;
}
int wc_CryptoDev_EccVerify(const byte* sig, word32 siglen,
const byte* hash, word32 hashlen, int* res, ecc_key* key)
{
int ret = NOT_COMPILED_IN;
CryptoDev* dev;
/* locate registered callback */
dev = wc_CryptoDev_FindDevice(key->devId);
if (dev) {
if (dev->cb) {
wc_CryptoInfo cryptoInfo;
XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo));
cryptoInfo.algo_type = WC_ALGO_TYPE_PK;
cryptoInfo.pk.type = WC_PK_TYPE_ECDSA_VERIFY;
cryptoInfo.pk.eccverify.sig = sig;
cryptoInfo.pk.eccverify.siglen = siglen;
cryptoInfo.pk.eccverify.hash = hash;
cryptoInfo.pk.eccverify.hashlen = hashlen;
cryptoInfo.pk.eccverify.res = res;
cryptoInfo.pk.eccverify.key = key;
ret = dev->cb(key->devId, &cryptoInfo, dev->ctx);
}
}
return ret;
}
#endif /* HAVE_ECC */
#endif /* WOLF_CRYPTO_DEV */
Executable → Regular
+112 -28
View File
@@ -122,6 +122,10 @@ ECC Curve Sizes:
#include <wolfssl/wolfcrypt/hash.h>
#endif
#ifdef WOLF_CRYPTO_DEV
#include <wolfssl/wolfcrypt/cryptodev.h>
#endif
#ifdef NO_INLINE
#include <wolfssl/wolfcrypt/misc.h>
#else
@@ -2793,6 +2797,14 @@ int wc_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out,
return BAD_FUNC_ARG;
}
#ifdef WOLF_CRYPTO_DEV
if (private_key->devId != INVALID_DEVID) {
err = wc_CryptoDev_Ecdh(private_key, public_key, out, outlen);
if (err != NOT_COMPILED_IN)
return err;
}
#endif
/* type valid? */
if (private_key->type != ECC_PRIVATEKEY &&
private_key->type != ECC_PRIVATEKEY_ONLY) {
@@ -3127,12 +3139,6 @@ static int wc_ecc_gen_k(WC_RNG* rng, int size, mp_int* k, mp_int* order)
if (err == 0)
err = mp_read_unsigned_bin(k, (byte*)buf, size);
/* quick sanity check to make sure we're not dealing with a 0 key */
if (err == MP_OKAY) {
if (mp_iszero(k) == MP_YES)
err = MP_ZERO_E;
}
/* the key should be smaller than the order of base point */
if (err == MP_OKAY) {
if (mp_cmp(k, order) != MP_LT) {
@@ -3140,6 +3146,12 @@ static int wc_ecc_gen_k(WC_RNG* rng, int size, mp_int* k, mp_int* order)
}
}
/* quick sanity check to make sure we're not dealing with a 0 key */
if (err == MP_OKAY) {
if (mp_iszero(k) == MP_YES)
err = MP_ZERO_E;
}
ForceZero(buf, ECC_MAXSIZE);
#ifdef WOLFSSL_SMALL_STACK
XFREE(buf, NULL, DYNAMIC_TYPE_ECC_BUFFER);
@@ -3279,6 +3291,8 @@ static int wc_ecc_make_pub_ex(ecc_key* key, ecc_curve_spec* curveIn,
wc_ecc_curve_free(curve);
}
#else
(void)curveIn;
#endif /* WOLFSSL_ATECC508A */
/* change key state if public part is cached */
@@ -3355,7 +3369,7 @@ int wc_ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key, int curve_id)
/* populate key->pubkey */
err = mp_read_unsigned_bin(key->pubkey.x, key->pubkey_raw,
ECC_MAX_CRYPTO_HW_SIZE);
if (err = MP_OKAY)
if (err == MP_OKAY)
err = mp_read_unsigned_bin(key->pubkey.y,
key->pubkey_raw + ECC_MAX_CRYPTO_HW_SIZE,
ECC_MAX_CRYPTO_HW_SIZE);
@@ -3495,8 +3509,10 @@ int wc_ecc_init_ex(ecc_key* key, void* heap, int devId)
XMEMSET(key, 0, sizeof(ecc_key));
key->state = ECC_STATE_NONE;
#ifdef PLUTON_CRYPTO_ECC
#if defined(PLUTON_CRYPTO_ECC) || defined(WOLF_CRYPTO_DEV)
key->devId = devId;
#else
(void)devId;
#endif
#ifdef WOLFSSL_ATECC508A
@@ -3532,8 +3548,6 @@ int wc_ecc_init_ex(ecc_key* key, void* heap, int devId)
/* handle as async */
ret = wolfAsync_DevCtxInit(&key->asyncDev, WOLFSSL_ASYNC_MARKER_ECC,
key->heap, devId);
#else
(void)devId;
#endif
return ret;
@@ -3568,7 +3582,7 @@ static int wc_ecc_sign_hash_hw(const byte* in, word32 inlen,
if (key->devId != INVALID_DEVID) /* use hardware */
#endif
{
int keysize = key->dp->size;
word32 keysize = (word32)key->dp->size;
/* Check args */
if (keysize > ECC_MAX_CRYPTO_HW_SIZE || inlen != keysize ||
@@ -3613,6 +3627,7 @@ static int wc_ecc_sign_hash_hw(const byte* in, word32 inlen,
err = wc_ecc_sign_hash_ex(in, inlen, rng, key, r, s);
}
#endif
(void)rng;
return err;
}
@@ -3641,6 +3656,14 @@ int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen,
return ECC_BAD_ARG_E;
}
#ifdef WOLF_CRYPTO_DEV
if (key->devId != INVALID_DEVID) {
err = wc_CryptoDev_EccSign(in, inlen, out, outlen, rng, key);
if (err != NOT_COMPILED_IN)
return err;
}
#endif
#ifdef WOLFSSL_ASYNC_CRYPT
err = wc_ecc_alloc_async(key);
if (err != 0)
@@ -3904,20 +3927,40 @@ int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, WC_RNG* rng,
/* don't use async for key, since we don't support async return here */
if ((err = wc_ecc_init_ex(&pubkey, key->heap, INVALID_DEVID)) == MP_OKAY) {
mp_int b;
if (err == MP_OKAY) {
err = mp_init(&b);
}
#ifdef WOLFSSL_CUSTOM_CURVES
/* if custom curve, apply params to pubkey */
if (key->idx == ECC_CUSTOM_IDX) {
if (err == MP_OKAY && key->idx == ECC_CUSTOM_IDX) {
err = wc_ecc_set_custom_curve(&pubkey, key->dp);
}
#endif
if (err == MP_OKAY) {
/* Generate blinding value - non-zero value. */
do {
if (++loop_check > 64) {
err = RNG_FAILURE_E;
break;
}
err = wc_ecc_gen_k(rng, key->dp->size, &b, curve->order);
}
while (err == MP_ZERO_E);
loop_check = 0;
}
for (; err == MP_OKAY;) {
if (++loop_check > 64) {
err = RNG_FAILURE_E;
break;
}
err = wc_ecc_make_key_ex(rng, key->dp->size, &pubkey,
key->dp->id);
key->dp->id);
if (err != MP_OKAY) break;
/* find r = x1 mod n */
@@ -3933,30 +3976,50 @@ int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, WC_RNG* rng,
mp_forcezero(&pubkey.k);
}
else {
/* find s = (e + xr)/k */
/* find s = (e + xr)/k
= b.(e/k.b + x.r/k.b) */
/* k = k.b */
err = mp_mulmod(&pubkey.k, &b, curve->order, &pubkey.k);
if (err != MP_OKAY) break;
/* k = 1/k.b */
err = mp_invmod(&pubkey.k, curve->order, &pubkey.k);
if (err != MP_OKAY) break;
/* s = xr */
/* s = x.r */
err = mp_mulmod(&key->k, r, curve->order, s);
if (err != MP_OKAY) break;
/* s = e + xr */
/* s = x.r/k.b */
err = mp_mulmod(&pubkey.k, s, curve->order, s);
if (err != MP_OKAY) break;
/* e = e/k.b */
err = mp_mulmod(&pubkey.k, e, curve->order, e);
if (err != MP_OKAY) break;
/* s = e/k.b + x.r/k.b
= (e + x.r)/k.b */
err = mp_add(e, s, s);
if (err != MP_OKAY) break;
/* s = e + xr */
err = mp_mod(s, curve->order, s);
/* s = b.(e + x.r)/k.b
= (e + x.r)/k */
err = mp_mulmod(s, &b, curve->order, s);
if (err != MP_OKAY) break;
/* s = (e + xr)/k */
err = mp_mulmod(s, &pubkey.k, curve->order, s);
err = mp_mod(s, curve->order, s);
if (err != MP_OKAY) break;
if (mp_iszero(s) == MP_NO)
break;
}
}
wc_ecc_free(&pubkey);
mp_clear(&b);
mp_free(&b);
}
}
@@ -4028,7 +4091,7 @@ int wc_ecc_free(ecc_key* key)
return 0;
}
#ifndef WOLFSSL_SP_MATH
#if !defined(WOLFSSL_SP_MATH) && !defined(WOLFSSL_ATECC508A)
#ifdef ECC_SHAMIR
/** Computes kA*A + kB*B = C using Shamir's Trick
@@ -4253,7 +4316,7 @@ int ecc_mul2add(ecc_point* A, mp_int* kA,
}
#endif /* ECC_SHAMIR */
#endif
#endif /* !WOLFSSL_SP_MATH && !WOLFSSL_ATECC508A */
#ifdef HAVE_ECC_VERIFY
@@ -4291,6 +4354,14 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
return ECC_BAD_ARG_E;
}
#ifdef WOLF_CRYPTO_DEV
if (key->devId != INVALID_DEVID) {
err = wc_CryptoDev_EccVerify(sig, siglen, hash, hashlen, res, key);
if (err != NOT_COMPILED_IN)
return err;
}
#endif
#ifdef WOLFSSL_ASYNC_CRYPT
err = wc_ecc_alloc_async(key);
if (err != 0)
@@ -4325,6 +4396,13 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
key->state = ECC_STATE_VERIFY_DO;
err = wc_ecc_verify_hash_ex(r, s, hash, hashlen, res, key);
#ifndef WOLFSSL_ASYNC_CRYPT
/* done with R/S */
mp_clear(r);
mp_clear(s);
#endif
if (err < 0) {
break;
}
@@ -4333,10 +4411,6 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
case ECC_STATE_VERIFY_RES:
key->state = ECC_STATE_VERIFY_RES;
err = 0;
/* done with R/S */
mp_clear(r);
mp_clear(s);
break;
default:
@@ -4431,7 +4505,8 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
err = atcatls_verify(hash, sigRS, key->pubkey_raw, (bool*)res);
if (err != ATCA_SUCCESS) {
return BAD_COND_E;
}
}
(void)hashlen;
#else
@@ -4664,12 +4739,12 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
#endif /* HAVE_ECC_VERIFY */
#ifdef HAVE_ECC_KEY_IMPORT
#ifndef WOLFSSL_ATECC508A
/* import point from der */
int wc_ecc_import_point_der(byte* in, word32 inLen, const int curve_idx,
ecc_point* point)
{
int err = 0;
#ifndef WOLFSSL_ATECC508A
int compressed = 0;
int keysize;
byte pointType;
@@ -4800,9 +4875,16 @@ int wc_ecc_import_point_der(byte* in, word32 inLen, const int curve_idx,
mp_clear(point->z);
}
#else
err = NOT_COMPILED_IN;
(void)in;
(void)inLen;
(void)curve_idx;
(void)point;
#endif /* !WOLFSSL_ATECC508A */
return err;
}
#endif /* !WOLFSSL_ATECC508A */
#endif /* HAVE_ECC_KEY_IMPORT */
#ifdef HAVE_ECC_KEY_EXPORT
@@ -5835,6 +5917,8 @@ static int wc_ecc_import_raw_private(ecc_key* key, const char* qx,
#ifdef WOLFSSL_ATECC508A
/* TODO: Implement equiv call to ATECC508A */
err = BAD_COND_E;
(void)d;
(void)encType;
#else
+4
View File
@@ -63,6 +63,10 @@ EXTRA_DIST += wolfcrypt/src/port/ti/ti-aes.c \
wolfcrypt/src/port/caam/caam_doc.pdf \
wolfcrypt/src/port/st/stm32.c
if BUILD_CRYPTODEV
src_libwolfssl_la_SOURCES += wolfcrypt/src/cryptodev.c
endif
if BUILD_CAVIUM
src_libwolfssl_la_SOURCES += wolfcrypt/src/port/cavium/cavium_nitrox.c
+1 -1
View File
@@ -711,7 +711,7 @@ int wc_ERR_remove_state(void)
#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
/* empties out the error queue into the file */
void wc_ERR_print_errors_fp(FILE* fp)
void wc_ERR_print_errors_fp(XFILE fp)
{
WOLFSSL_ENTER("wc_ERR_print_errors_fp");
+42
View File
@@ -311,6 +311,48 @@ STATIC INLINE word32 btoi(byte b)
}
/* Constant time - mask set when a > b. */
STATIC INLINE byte ctMaskGT(int a, int b)
{
return (((word32)a - b - 1) >> 31) - 1;
}
/* Constant time - mask set when a >= b. */
STATIC INLINE byte ctMaskGTE(int a, int b)
{
return (((word32)a - b ) >> 31) - 1;
}
/* Constant time - mask set when a < b. */
STATIC INLINE byte ctMaskLT(int a, int b)
{
return (((word32)b - a - 1) >> 31) - 1;
}
/* Constant time - mask set when a <= b. */
STATIC INLINE byte ctMaskLTE(int a, int b)
{
return (((word32)b - a ) >> 31) - 1;
}
/* Constant time - mask set when a == b. */
STATIC INLINE byte ctMaskEq(int a, int b)
{
return 0 - (a == b);
}
/* Constant time - select b when mask is set and a otherwise. */
STATIC INLINE byte ctMaskSel(byte m, byte a, byte b)
{
return (a & ~m) | (b & m);
}
/* Constant time - bit set when a <= b. */
STATIC INLINE byte ctSetLTE(int a, int b)
{
return ((word32)a - b - 1) >> 31;
}
#undef STATIC
+82 -46
View File
@@ -247,8 +247,8 @@ int wc_PKCS7_Init(PKCS7* pkcs7, void* heap, int devId)
XMEMSET(pkcs7, 0, sizeof(PKCS7));
pkcs7->heap = heap;
pkcs7->devId = devId;
(void)devId; /* silence unused warning */
return 0;
}
@@ -259,7 +259,7 @@ int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* cert, word32 certSz)
{
int ret = 0;
void* heap;
int devId;
if (pkcs7 == NULL || (cert == NULL && certSz != 0)) {
return BAD_FUNC_ARG;
@@ -270,9 +270,11 @@ int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* cert, word32 certSz)
#else
heap = pkcs7->heap;
#endif
devId = pkcs7->devId;
XMEMSET(pkcs7, 0, sizeof(PKCS7));
pkcs7->heap = heap;
pkcs7->devId = devId;
if (cert != NULL && certSz > 0) {
#ifdef WOLFSSL_SMALL_STACK
@@ -590,9 +592,9 @@ static int wc_PKCS7_RsaSign(PKCS7* pkcs7, byte* in, word32 inSz, ESD* esd)
RsaKey* privKey = &stack_privKey;
#endif
if (pkcs7 == NULL || pkcs7->privateKey == NULL || pkcs7->rng == NULL ||
in == NULL || esd == NULL)
if (pkcs7 == NULL || pkcs7->rng == NULL || in == NULL || esd == NULL) {
return BAD_FUNC_ARG;
}
#ifdef WOLFSSL_SMALL_STACK
privKey = (RsaKey*)XMALLOC(sizeof(RsaKey), NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -600,14 +602,17 @@ static int wc_PKCS7_RsaSign(PKCS7* pkcs7, byte* in, word32 inSz, ESD* esd)
return MEMORY_E;
#endif
ret = wc_InitRsaKey(privKey, pkcs7->heap);
ret = wc_InitRsaKey_ex(privKey, pkcs7->heap, pkcs7->devId);
if (ret == 0) {
idx = 0;
ret = wc_RsaPrivateKeyDecode(pkcs7->privateKey, &idx, privKey,
pkcs7->privateKeySz);
if (pkcs7->privateKey != NULL && pkcs7->privateKeySz > 0) {
idx = 0;
ret = wc_RsaPrivateKeyDecode(pkcs7->privateKey, &idx, privKey,
pkcs7->privateKeySz);
}
else if (pkcs7->devId == INVALID_DEVID) {
ret = BAD_FUNC_ARG;
}
}
if (ret == 0) {
ret = wc_RsaSSL_Sign(in, inSz, esd->encContentDigest,
sizeof(esd->encContentDigest),
@@ -639,9 +644,9 @@ static int wc_PKCS7_EcdsaSign(PKCS7* pkcs7, byte* in, word32 inSz, ESD* esd)
ecc_key* privKey = &stack_privKey;
#endif
if (pkcs7 == NULL || pkcs7->privateKey == NULL || pkcs7->rng == NULL ||
in == NULL || esd == NULL)
if (pkcs7 == NULL || pkcs7->rng == NULL || in == NULL || esd == NULL) {
return BAD_FUNC_ARG;
}
#ifdef WOLFSSL_SMALL_STACK
privKey = (ecc_key*)XMALLOC(sizeof(ecc_key), NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -649,14 +654,17 @@ static int wc_PKCS7_EcdsaSign(PKCS7* pkcs7, byte* in, word32 inSz, ESD* esd)
return MEMORY_E;
#endif
ret = wc_ecc_init_ex(privKey, pkcs7->heap, INVALID_DEVID);
ret = wc_ecc_init_ex(privKey, pkcs7->heap, pkcs7->devId);
if (ret == 0) {
idx = 0;
ret = wc_EccPrivateKeyDecode(pkcs7->privateKey, &idx, privKey,
pkcs7->privateKeySz);
if (pkcs7->privateKey != NULL && pkcs7->privateKeySz > 0) {
idx = 0;
ret = wc_EccPrivateKeyDecode(pkcs7->privateKey, &idx, privKey,
pkcs7->privateKeySz);
}
else if (pkcs7->devId == INVALID_DEVID) {
ret = BAD_FUNC_ARG;
}
}
if (ret == 0) {
outSz = sizeof(esd->encContentDigest);
ret = wc_ecc_sign_hash(in, inSz, esd->encContentDigest,
@@ -1033,9 +1041,9 @@ int wc_PKCS7_EncodeSignedData(PKCS7* pkcs7, byte* output, word32 outputSz)
if (pkcs7 == NULL || pkcs7->content == NULL || pkcs7->contentSz == 0 ||
pkcs7->encryptOID == 0 || pkcs7->hashOID == 0 || pkcs7->rng == 0 ||
pkcs7->singleCert == NULL || pkcs7->singleCertSz == 0 ||
pkcs7->privateKey == NULL || pkcs7->privateKeySz == 0 ||
output == NULL || outputSz == 0)
output == NULL || outputSz == 0) {
return BAD_FUNC_ARG;
}
#ifdef WOLFSSL_SMALL_STACK
esd = (ESD*)XMALLOC(sizeof(ESD), NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -1309,7 +1317,7 @@ static int wc_PKCS7_RsaVerify(PKCS7* pkcs7, byte* sig, int sigSz,
XMEMSET(digest, 0, MAX_PKCS7_DIGEST_SZ);
ret = wc_InitRsaKey(key, pkcs7->heap);
ret = wc_InitRsaKey_ex(key, pkcs7->heap, pkcs7->devId);
if (ret != 0) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(digest, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -1321,6 +1329,7 @@ static int wc_PKCS7_RsaVerify(PKCS7* pkcs7, byte* sig, int sigSz,
if (wc_RsaPublicKeyDecode(pkcs7->publicKey, &scratch, key,
pkcs7->publicKeySz) < 0) {
WOLFSSL_MSG("ASN RSA key decode error");
wc_FreeRsaKey(key);
#ifdef WOLFSSL_SMALL_STACK
XFREE(digest, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -1384,7 +1393,7 @@ static int wc_PKCS7_EcdsaVerify(PKCS7* pkcs7, byte* sig, int sigSz,
XMEMSET(digest, 0, MAX_PKCS7_DIGEST_SZ);
ret = wc_ecc_init_ex(key, pkcs7->heap, INVALID_DEVID);
ret = wc_ecc_init_ex(key, pkcs7->heap, pkcs7->devId);
if (ret != 0) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(digest, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -1396,6 +1405,7 @@ static int wc_PKCS7_EcdsaVerify(PKCS7* pkcs7, byte* sig, int sigSz,
if (wc_EccPublicKeyDecode(pkcs7->publicKey, &idx, key,
pkcs7->publicKeySz) < 0) {
WOLFSSL_MSG("ASN ECDSA key decode error");
wc_ecc_free(key);
#ifdef WOLFSSL_SMALL_STACK
XFREE(digest, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -1854,7 +1864,6 @@ int wc_PKCS7_VerifySignedData(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz)
pkcs7->der = (byte*)XMALLOC(len, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
if (pkcs7->der == NULL)
return MEMORY_E;
len = 0;
ret = wc_BerToDer(pkiMsg, pkiMsgSz, pkcs7->der, &len);
if (ret < 0)
return ret;
@@ -2124,6 +2133,7 @@ int wc_PKCS7_VerifySignedData(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz)
typedef struct WC_PKCS7_KARI {
DecodedCert* decoded; /* decoded recip cert */
void* heap; /* user heap, points to PKCS7->heap */
int devId; /* device ID for HW based private key */
ecc_key* recipKey; /* recip key (pub | priv) */
ecc_key* senderKey; /* sender key (pub | priv) */
byte* senderKeyExport; /* sender ephemeral key DER */
@@ -2136,6 +2146,9 @@ typedef struct WC_PKCS7_KARI {
word32 sharedInfoSz; /* size of ECC-CMS-SharedInfo encoded */
byte ukmOwner; /* do we own ukm buffer? 1:yes, 0:no */
byte direction; /* WC_PKCS7_ENCODE | WC_PKCS7_DECODE */
byte decodedInit : 1; /* indicates decoded was initialized */
byte recipKeyInit : 1; /* indicates recipKey was initialized */
byte senderKeyInit : 1; /* indicates senderKey was initialized */
} WC_PKCS7_KARI;
@@ -2247,8 +2260,12 @@ static WC_PKCS7_KARI* wc_PKCS7_KariNew(PKCS7* pkcs7, byte direction)
kari->sharedInfo = NULL;
kari->sharedInfoSz = 0;
kari->direction = direction;
kari->decodedInit = 0;
kari->recipKeyInit = 0;
kari->senderKeyInit = 0;
kari->heap = pkcs7->heap;
kari->devId = pkcs7->devId;
return kari;
}
@@ -2263,15 +2280,18 @@ static int wc_PKCS7_KariFree(WC_PKCS7_KARI* kari)
heap = kari->heap;
if (kari->decoded) {
FreeDecodedCert(kari->decoded);
if (kari->decodedInit)
FreeDecodedCert(kari->decoded);
XFREE(kari->decoded, heap, DYNAMIC_TYPE_PKCS7);
}
if (kari->senderKey) {
wc_ecc_free(kari->senderKey);
if (kari->senderKeyInit)
wc_ecc_free(kari->senderKey);
XFREE(kari->senderKey, heap, DYNAMIC_TYPE_PKCS7);
}
if (kari->recipKey) {
wc_ecc_free(kari->recipKey);
if (kari->recipKeyInit)
wc_ecc_free(kari->recipKey);
XFREE(kari->recipKey, heap, DYNAMIC_TYPE_PKCS7);
}
if (kari->senderKeyExport) {
@@ -2317,12 +2337,9 @@ static int wc_PKCS7_KariParseRecipCert(WC_PKCS7_KARI* kari, const byte* cert,
cert == NULL || certSz == 0)
return BAD_FUNC_ARG;
if (kari->direction == WC_PKCS7_DECODE &&
(key == NULL || keySz == 0))
return BAD_FUNC_ARG;
/* decode certificate */
InitDecodedCert(kari->decoded, (byte*)cert, certSz, kari->heap);
kari->decodedInit = 1;
ret = ParseCert(kari->decoded, CA_TYPE, NO_VERIFY, 0);
if (ret < 0)
return ret;
@@ -2333,10 +2350,12 @@ static int wc_PKCS7_KariParseRecipCert(WC_PKCS7_KARI* kari, const byte* cert,
return BAD_FUNC_ARG;
}
ret = wc_ecc_init_ex(kari->recipKey, kari->heap, INVALID_DEVID);
ret = wc_ecc_init_ex(kari->recipKey, kari->heap, kari->devId);
if (ret != 0)
return ret;
kari->recipKeyInit = 1;
/* get recip public key */
if (kari->direction == WC_PKCS7_ENCODE) {
@@ -2348,9 +2367,13 @@ static int wc_PKCS7_KariParseRecipCert(WC_PKCS7_KARI* kari, const byte* cert,
}
/* get recip private key */
else if (kari->direction == WC_PKCS7_DECODE) {
idx = 0;
ret = wc_EccPrivateKeyDecode(key, &idx, kari->recipKey, keySz);
if (key != NULL && keySz > 0) {
idx = 0;
ret = wc_EccPrivateKeyDecode(key, &idx, kari->recipKey, keySz);
}
else if (kari->devId == INVALID_DEVID) {
ret = BAD_FUNC_ARG;
}
if (ret != 0)
return ret;
@@ -2384,10 +2407,12 @@ static int wc_PKCS7_KariGenerateEphemeralKey(WC_PKCS7_KARI* kari, WC_RNG* rng)
kari->senderKeyExportSz = kari->decoded->pubKeySize;
ret = wc_ecc_init_ex(kari->senderKey, kari->heap, INVALID_DEVID);
ret = wc_ecc_init_ex(kari->senderKey, kari->heap, kari->devId);
if (ret != 0)
return ret;
kari->senderKeyInit = 1;
ret = wc_ecc_make_key_ex(rng, kari->recipKey->dp->size,
kari->senderKey, kari->recipKey->dp->id);
if (ret != 0)
@@ -2986,7 +3011,7 @@ static int wc_CreateRecipientInfo(const byte* cert, word32 certSz,
#endif
/* EncryptedKey */
ret = wc_InitRsaKey(pubKey, 0);
ret = wc_InitRsaKey_ex(pubKey, heap, INVALID_DEVID);
if (ret != 0) {
FreeDecodedCert(decoded);
#ifdef WOLFSSL_SMALL_STACK
@@ -3250,7 +3275,7 @@ static int wc_PKCS7_GenerateIV(PKCS7* pkcs7, WC_RNG* rng, byte* iv, word32 ivSz)
if (rnd == NULL)
return MEMORY_E;
ret = wc_InitRng_ex(rnd, pkcs7->heap, INVALID_DEVID);
ret = wc_InitRng_ex(rnd, pkcs7->heap, pkcs7->devId);
if (ret != 0) {
XFREE(rnd, pkcs7->heap, DYNAMIC_TYPE_RNG);
return ret;
@@ -3384,7 +3409,7 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
}
/* generate random content encryption key */
ret = wc_InitRng_ex(&rng, pkcs7->heap, INVALID_DEVID);
ret = wc_InitRng_ex(&rng, pkcs7->heap, pkcs7->devId);
if (ret != 0)
return ret;
@@ -3712,7 +3737,7 @@ static int wc_PKCS7_DecodeKtri(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz,
}
#endif
ret = wc_InitRsaKey(privKey, 0);
ret = wc_InitRsaKey_ex(privKey, NULL, INVALID_DEVID);
if (ret != 0) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -3721,11 +3746,17 @@ static int wc_PKCS7_DecodeKtri(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz,
return ret;
}
keyIdx = 0;
ret = wc_RsaPrivateKeyDecode(pkcs7->privateKey, &keyIdx, privKey,
pkcs7->privateKeySz);
if (pkcs7->privateKey != NULL && pkcs7->privateKeySz > 0) {
keyIdx = 0;
ret = wc_RsaPrivateKeyDecode(pkcs7->privateKey, &keyIdx, privKey,
pkcs7->privateKeySz);
}
else if (pkcs7->devId == INVALID_DEVID) {
ret = BAD_FUNC_ARG;
}
if (ret != 0) {
WOLFSSL_MSG("Failed to decode RSA private key");
wc_FreeRsaKey(privKey);
#ifdef WOLFSSL_SMALL_STACK
XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(privKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -3735,7 +3766,7 @@ static int wc_PKCS7_DecodeKtri(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz,
/* decrypt encryptedKey */
#ifdef WC_RSA_BLINDING
ret = wc_InitRng_ex(&rng, pkcs7->heap, INVALID_DEVID);
ret = wc_InitRng_ex(&rng, pkcs7->heap, pkcs7->devId);
if (ret == 0) {
ret = wc_RsaSetRNG(privKey, &rng);
}
@@ -3823,10 +3854,12 @@ static int wc_PKCS7_KariGetOriginatorIdentifierOrKey(WC_PKCS7_KARI* kari,
return ASN_EXPECT_0_E;
/* get sender ephemeral public ECDSA key */
ret = wc_ecc_init_ex(kari->senderKey, kari->heap, INVALID_DEVID);
ret = wc_ecc_init_ex(kari->senderKey, kari->heap, kari->devId);
if (ret != 0)
return ret;
kari->senderKeyInit = 1;
/* length-1 for unused bits counter */
ret = wc_ecc_import_x963(pkiMsg + (*idx), length - 1, kari->senderKey);
if (ret != 0)
@@ -4155,6 +4188,9 @@ static int wc_PKCS7_DecodeKari(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz,
pkcs7->privateKeySz);
if (ret != 0) {
wc_PKCS7_KariFree(kari);
#ifdef WOLFSSL_SMALL_STACK
XFREE(encryptedKey, NULL, DYNAMIC_TYPE_PKCS7);
#endif
return ret;
}
@@ -4380,8 +4416,7 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg,
int explicitOctet;
if (pkcs7 == NULL || pkcs7->singleCert == NULL ||
pkcs7->singleCertSz == 0 || pkcs7->privateKey == NULL ||
pkcs7->privateKeySz == 0)
pkcs7->singleCertSz == 0)
return BAD_FUNC_ARG;
if (pkiMsg == NULL || pkiMsgSz == 0 ||
@@ -5012,6 +5047,7 @@ int wc_PKCS7_DecodeEncryptedData(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz,
/* go back and check the version now that attribs have been processed */
if ((haveAttribs == 0 && version != 0) ||
(haveAttribs == 1 && version != 2) ) {
XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
WOLFSSL_MSG("Wrong PKCS#7 EncryptedData version");
return ASN_VERSION_E;
}
Executable → Regular
View File
+18
View File
@@ -1499,7 +1499,25 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
return 0;
}
#elif defined(WOLFSSL_NUCLEUS)
#include "nucleus.h"
#include "kernel/plus_common.h"
#warning "potential for not enough entropy, currently being used for testing"
int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
{
int i;
srand(NU_Get_Time_Stamp());
for (i = 0; i < sz; i++ ) {
output[i] = rand() % 256;
if ((i % 8) == 7) {
srand(NU_Get_Time_Stamp());
}
}
return 0;
}
#elif defined(WOLFSSL_VXWORKS)
#include <randomNumGen.h>
+32 -7
View File
@@ -190,6 +190,9 @@ int wc_RsaFlattenPublicKey(RsaKey* key, byte* a, word32* aSz, byte* b,
#include <wolfssl/wolfcrypt/random.h>
#include <wolfssl/wolfcrypt/logging.h>
#ifdef WOLF_CRYPTO_DEV
#include <wolfssl/wolfcrypt/cryptodev.h>
#endif
#ifdef NO_INLINE
#include <wolfssl/wolfcrypt/misc.h>
#else
@@ -237,8 +240,6 @@ int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId)
return BAD_FUNC_ARG;
}
(void)devId;
XMEMSET(key, 0, sizeof(RsaKey));
key->type = RSA_TYPE_UNKNOWN;
@@ -251,6 +252,12 @@ int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId)
key->rng = NULL;
#endif
#ifdef WOLF_CRYPTO_DEV
key->devId = devId;
#else
(void)devId;
#endif
#ifdef WOLFSSL_ASYNC_CRYPT
#ifdef WOLFSSL_CERT_GEN
XMEMSET(&key->certSignCtx, 0, sizeof(CertSignCtx));
@@ -263,8 +270,6 @@ int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId)
if (ret != 0)
return ret;
#endif /* WC_ASYNC_ENABLE_RSA */
#else
(void)devId;
#endif /* WOLFSSL_ASYNC_CRYPT */
ret = mp_init_multi(&key->n, &key->e, NULL, NULL, NULL, NULL);
@@ -1512,7 +1517,7 @@ static int wc_RsaFunctionAsync(const byte* in, word32 inLen, byte* out,
}
#endif /* WOLFSSL_ASYNC_CRYPT && WC_ASYNC_ENABLE_RSA */
#ifdef WC_RSA_NO_PADDING
#if defined(WC_RSA_DIRECT) || defined(WC_RSA_NO_PADDING)
/* Function that does the RSA operation directly with no padding.
*
* in buffer to do operation on
@@ -1606,7 +1611,7 @@ int wc_RsaDirect(byte* in, word32 inLen, byte* out, word32* outSz,
return ret;
}
#endif /* WC_RSA_NO_PADDING */
#endif /* WC_RSA_DIRECT || WC_RSA_NO_PADDING */
int wc_RsaFunction(const byte* in, word32 inLen, byte* out,
@@ -1619,6 +1624,15 @@ int wc_RsaFunction(const byte* in, word32 inLen, byte* out,
return BAD_FUNC_ARG;
}
#ifdef WOLF_CRYPTO_DEV
if (key->devId != INVALID_DEVID) {
ret = wc_CryptoDev_Rsa(in, inLen, out, outLen, type, key, rng);
if (ret != NOT_COMPILED_IN)
return ret;
ret = 0; /* reset error code and try using software */
}
#endif
#ifndef NO_RSA_BOUNDS_CHECK
if (type == RSA_PRIVATE_DECRYPT &&
key->state == RSA_STATE_DECRYPT_EXPTMOD) {
@@ -2268,10 +2282,21 @@ int wc_RsaPSS_Sign_ex(const byte* in, word32 inLen, byte* out, word32 outLen,
int wc_RsaEncryptSize(RsaKey* key)
{
int ret;
if (key == NULL) {
return BAD_FUNC_ARG;
}
return mp_unsigned_bin_size(&key->n);
ret = mp_unsigned_bin_size(&key->n);
#ifdef WOLF_CRYPTO_DEV
if (ret == 0 && key->devId != INVALID_DEVID) {
ret = 2048/8; /* hardware handles, use 2048-bit as default */
}
#endif
return ret;
}

Some files were not shown because too many files have changed in this diff Show More