mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-11 10:00:54 +02:00
Merge branch 'master' into zd3963
This commit is contained in:
@@ -237,3 +237,6 @@ IDE/LINUX-SGX/*.a
|
||||
wolfcrypt/src/port/intel/qat_test
|
||||
/mplabx/wolfssl.X/dist/default/
|
||||
/mplabx/wolfcrypt_test.X/dist/default/
|
||||
|
||||
# Arduino Generated Files
|
||||
/IDE/ARDUINO/wolfSSL
|
||||
|
||||
+404
-351
File diff suppressed because it is too large
Load Diff
+12
-11
@@ -4,22 +4,23 @@
|
||||
This is a shell script that will re-organize the wolfSSL library to be
|
||||
compatible with Arduino projects. The Arduino IDE requires a library's source
|
||||
files to be in the library's root directory with a header file in the name of
|
||||
the library. This script moves all src/ files to the root wolfssl directory and
|
||||
creates a stub header file called wolfssl.h.
|
||||
the library. This script moves all src/ files to the `IDE/ARDUINO/wolfSSL`
|
||||
directory and creates a stub header file called `wolfssl.h`.
|
||||
|
||||
Step 1: To configure wolfSSL with Arduino, enter the following from within the
|
||||
wolfssl/IDE/ARDUINO directory:
|
||||
|
||||
./wolfssl-arduino.sh
|
||||
`./wolfssl-arduino.sh`
|
||||
|
||||
|
||||
Step 2: Edit <wolfssl-root>/wolfssl/wolfcrypt/settings.h uncomment the define for
|
||||
WOLFSSL_ARDUINO
|
||||
Step 2: Edit `<wolfssl-root>/IDE/ARDUINO/wolfSSL/wolfssl/wolfcrypt/settings.h` uncomment the define for `WOLFSSL_ARDUINO`
|
||||
If building for Intel Galileo platform also uncomment the define for `INTEL_GALILEO`.
|
||||
|
||||
also uncomment the define for INTEL_GALILEO if building for that platform
|
||||
|
||||
#####Including wolfSSL in Arduino Libraries (for Arduino version 1.6.6)
|
||||
1. Copy the wolfSSL directory into Arduino/libraries (or wherever Arduino searches for libraries).
|
||||
2. In the Arduino IDE:
|
||||
- Go to ```Sketch > Include Libraries > Manage Libraries```. This refreshes your changes to the libraries.
|
||||
- Next go to ```Sketch > Include Libraries > wolfSSL```. This includes wolfSSL in your sketch.
|
||||
|
||||
1. In the Arduino IDE:
|
||||
- In `Sketch -> Include Library -> Add .ZIP Library...` and choose the
|
||||
`IDE/ARDUNIO/wolfSSL` folder.
|
||||
- In `Sketch -> Include Library` choose wolfSSL.
|
||||
|
||||
An example wolfSSL client INO sketch exists here: `sketches/wolfssl_client/wolfssl_client.ino`
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
/* wolfssl_client.ino
|
||||
*
|
||||
* Copyright (C) 2006-2016 wolfSSL Inc.
|
||||
* Copyright (C) 2006-2018 wolfSSL Inc.
|
||||
*
|
||||
* This file is part of wolfSSL.
|
||||
*
|
||||
@@ -142,4 +142,3 @@ void loop() {
|
||||
}
|
||||
delay(1000);
|
||||
}
|
||||
|
||||
|
||||
@@ -7,20 +7,29 @@
|
||||
DIR=${PWD##*/}
|
||||
|
||||
if [ "$DIR" = "ARDUINO" ]; then
|
||||
cp ../../src/*.c ../../
|
||||
cp ../../wolfcrypt/src/*.c ../../
|
||||
echo "/* stub header file for Arduino compatibility */" >> ../../wolfssl.h
|
||||
rm -rf wolfSSL
|
||||
mkdir wolfSSL
|
||||
|
||||
cp ../../src/*.c ./wolfSSL
|
||||
cp ../../wolfcrypt/src/*.c ./wolfSSL
|
||||
|
||||
mkdir wolfSSL/wolfssl
|
||||
cp ../../wolfssl/*.h ./wolfSSL/wolfssl
|
||||
mkdir wolfSSL/wolfssl/wolfcrypt
|
||||
cp ../../wolfssl/wolfcrypt/*.h ./wolfSSL/wolfssl/wolfcrypt
|
||||
|
||||
# support misc.c as include in wolfcrypt/src
|
||||
mkdir ./wolfSSL/wolfcrypt
|
||||
mkdir ./wolfSSL/wolfcrypt/src
|
||||
cp ../../wolfcrypt/src/misc.c ./wolfSSL/wolfcrypt/src
|
||||
|
||||
# put bio and evp as includes
|
||||
mv ./wolfSSL/bio.c ./wolfSSL/wolfssl
|
||||
mv ./wolfSSL/evp.c ./wolfSSL/wolfssl
|
||||
|
||||
echo "/* Generated wolfSSL header file for Arduino */" >> ./wolfSSL/wolfssl.h
|
||||
echo "#include <wolfssl/wolfcrypt/settings.h>" >> ./wolfSSL/wolfssl.h
|
||||
echo "#include <wolfssl/ssl.h>" >> ./wolfSSL/wolfssl.h
|
||||
else
|
||||
echo "ERROR: You must be in the IDE/ARDUINO directory to run this script"
|
||||
fi
|
||||
|
||||
#UPDATED: 19 Apr 2017 to remove bio.c and evp.c from the root directory since
|
||||
# they are included inline and should not be compiled directly
|
||||
|
||||
ARDUINO_DIR=${PWD}
|
||||
cd ../../
|
||||
rm bio.c
|
||||
rm evp.c
|
||||
cd $ARDUINO_DIR
|
||||
# end script in the origin directory for any future functionality that may be added.
|
||||
#End UPDATE: 19 Apr 2017
|
||||
|
||||
@@ -0,0 +1,183 @@
|
||||
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
|
||||
<?fileVersion 4.0.0?><cproject storage_type_id="org.eclipse.cdt.core.XmlProjectDescriptionStorage">
|
||||
<storageModule moduleId="org.eclipse.cdt.core.settings">
|
||||
<cconfiguration id="cdt.managedbuild.config.gnu.mentor.nucleus.lib.debug.16169494">
|
||||
<storageModule buildSystemId="org.eclipse.cdt.managedbuilder.core.configurationDataProvider" id="cdt.managedbuild.config.gnu.mentor.nucleus.lib.debug.16169494" moduleId="org.eclipse.cdt.core.settings" name="Debug">
|
||||
<externalSettings>
|
||||
<externalSetting>
|
||||
<entry flags="VALUE_WORKSPACE_PATH" kind="includePath" name="/wolfcrypt"/>
|
||||
<entry flags="VALUE_WORKSPACE_PATH" kind="libraryPath" name="/wolfcrypt/Debug"/>
|
||||
<entry flags="RESOLVED" kind="libraryFile" name="wolfssl" srcPrefixMapping="" srcRootPath=""/>
|
||||
</externalSetting>
|
||||
</externalSettings>
|
||||
<extensions>
|
||||
<extension id="org.eclipse.cdt.core.ELF" point="org.eclipse.cdt.core.BinaryParser"/>
|
||||
<extension id="org.eclipse.cdt.core.GASErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
||||
<extension id="org.eclipse.cdt.core.GmakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
||||
<extension id="com.mentor.embedded.toolchains.core.nucleus.FuseErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
||||
<extension id="org.eclipse.cdt.core.CWDLocator" point="org.eclipse.cdt.core.ErrorParser"/>
|
||||
<extension id="org.eclipse.cdt.core.GCCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
||||
</extensions>
|
||||
</storageModule>
|
||||
<storageModule moduleId="cdtBuildSystem" version="4.0.0">
|
||||
<configuration artifactExtension="a" artifactName="wolfssl" buildArtefactType="org.eclipse.cdt.build.core.buildArtefactType.staticLib" buildProperties="org.eclipse.cdt.build.core.buildArtefactType=org.eclipse.cdt.build.core.buildArtefactType.staticLib,org.eclipse.cdt.build.core.buildType=org.eclipse.cdt.build.core.buildType.debug" cleanCommand="cs-rm -rf" description="" id="cdt.managedbuild.config.gnu.mentor.nucleus.lib.debug.16169494" name="Debug" parent="cdt.managedbuild.config.gnu.mentor.nucleus.lib.debug">
|
||||
<folderInfo id="cdt.managedbuild.config.gnu.mentor.nucleus.lib.debug.16169494." name="/" resourcePath="">
|
||||
<toolChain id="cdt.managedbuild.toolchain.gnu.mentor.nucleus.lib.debug.223487397" name="Sourcery CodeBench for Nucleus" superClass="cdt.managedbuild.toolchain.gnu.mentor.nucleus.lib.debug">
|
||||
<targetPlatform archList="all" binaryParser="org.eclipse.cdt.core.ELF" id="cdt.managedbuild.targetPlatform.gnu.mentor.nucleus.1602489785" isAbstract="false" osList="all" superClass="cdt.managedbuild.targetPlatform.gnu.mentor.nucleus"/>
|
||||
<builder buildPath="${workspace_loc:/wolfcrypt}/Debug" id="cdt.managedbuild.builder.gnu.mentor.nucleus.1164120304" keepEnvironmentInBuildfile="false" managedBuildOn="true" name="CodeSourcery GNU Builder" superClass="cdt.managedbuild.builder.gnu.mentor.nucleus"/>
|
||||
<tool id="cdt.managedbuild.tool.gnu.mentor.archiver.nucleus.729368558" name="CodeSourcery GNU Archiver" superClass="cdt.managedbuild.tool.gnu.mentor.archiver.nucleus"/>
|
||||
<tool id="cdt.managedbuild.tool.gnu.mentor.cpp.compiler.nucleus.1374010562" name="CodeSourcery GNU C++ Compiler" superClass="cdt.managedbuild.tool.gnu.mentor.cpp.compiler.nucleus">
|
||||
<option id="mentor.gnu.cpp.compiler.option.optimization.level.2002648562" name="Optimization Level" superClass="mentor.gnu.cpp.compiler.option.optimization.level" value="mentor.gnu.cpp.compiler.optimization.level.none" valueType="enumerated"/>
|
||||
<option id="mentor.gnu.cpp.compiler.option.debugging.level.498021118" name="Debug Level" superClass="mentor.gnu.cpp.compiler.option.debugging.level" value="mentor.gnu.cpp.compiler.debugging.level.max" valueType="enumerated"/>
|
||||
<option id="mentor.gnu.cpp.compiler.option.indexer_include.2050335782" name="Include paths for indexer" superClass="mentor.gnu.cpp.compiler.option.indexer_include" valueType="includePath">
|
||||
<listOptionValue builtIn="false" value="${CFG_INCLUDE}"/>
|
||||
<listOptionValue builtIn="false" value="${SYSTEM_HOME}/./"/>
|
||||
<listOptionValue builtIn="false" value="${SYSTEM_HOME}/bsp/realview_eb_ct926ejs/include/"/>
|
||||
<listOptionValue builtIn="false" value="${SYSTEM_HOME}/bsp/realview_eb_ct926ejs/include/bsp/arch/plat-realview_eb/"/>
|
||||
<listOptionValue builtIn="false" value="${SYSTEM_HOME}/os/arch/arm/tool-csgnu_arm/"/>
|
||||
<listOptionValue builtIn="false" value="${SYSTEM_HOME}/os/include/"/>
|
||||
<listOptionValue builtIn="false" value="${SYSTEM_HOME}/os/include/arch/arm/"/>
|
||||
<listOptionValue builtIn="false" value="${SYSTEM_HOME}/os/include/arch/arm/tool-csgnu_arm/"/>
|
||||
</option>
|
||||
</tool>
|
||||
<tool id="cdt.managedbuild.tool.gnu.mentor.c.compiler.nucleus.2014778929" name="CodeSourcery GNU C Compiler" superClass="cdt.managedbuild.tool.gnu.mentor.c.compiler.nucleus">
|
||||
<option defaultValue="mentor.gnu.c.optimization.level.none" id="mentor.gnu.c.compiler.option.optimization.level.398007200" name="Optimization Level" superClass="mentor.gnu.c.compiler.option.optimization.level" valueType="enumerated"/>
|
||||
<option id="mentor.gnu.c.compiler.option.debugging.level.732537986" name="Debug Level" superClass="mentor.gnu.c.compiler.option.debugging.level" value="mentor.gnu.c.debugging.level.max" valueType="enumerated"/>
|
||||
<option id="mentor.gnu.c.compiler.option.indexer_include.1166025607" name="Include paths for indexer" superClass="mentor.gnu.c.compiler.option.indexer_include" valueType="includePath">
|
||||
<listOptionValue builtIn="false" value="${CFG_INCLUDE}"/>
|
||||
<listOptionValue builtIn="false" value="${SYSTEM_HOME}/./"/>
|
||||
<listOptionValue builtIn="false" value="${SYSTEM_HOME}/bsp/realview_eb_ct926ejs/include/"/>
|
||||
<listOptionValue builtIn="false" value="${SYSTEM_HOME}/bsp/realview_eb_ct926ejs/include/bsp/arch/plat-realview_eb/"/>
|
||||
<listOptionValue builtIn="false" value="${SYSTEM_HOME}/os/arch/arm/tool-csgnu_arm/"/>
|
||||
<listOptionValue builtIn="false" value="${SYSTEM_HOME}/os/include/"/>
|
||||
<listOptionValue builtIn="false" value="${SYSTEM_HOME}/os/include/arch/arm/"/>
|
||||
<listOptionValue builtIn="false" value="${SYSTEM_HOME}/os/include/arch/arm/tool-csgnu_arm/"/>
|
||||
</option>
|
||||
<option id="mentor.gnu.c.compiler.option.preprocessor.def.symbols.1143748896" name="Defined symbols (-D)" superClass="mentor.gnu.c.compiler.option.preprocessor.def.symbols" valueType="definedSymbols">
|
||||
<listOptionValue builtIn="false" value="WOLFSSL_USER_SETTINGS"/>
|
||||
</option>
|
||||
<option id="mentor.gnu.c.compiler.option.include.paths.194565509" name="Include paths (-I)" superClass="mentor.gnu.c.compiler.option.include.paths" valueType="includePath">
|
||||
<listOptionValue builtIn="false" value="../../../"/>
|
||||
<listOptionValue builtIn="false" value=""${workspace_loc:/${ProjName}}""/>
|
||||
</option>
|
||||
<inputType id="cdt.managedbuild.tool.gnu.mentor.c.compiler.nucleus.input.923848555" superClass="cdt.managedbuild.tool.gnu.mentor.c.compiler.nucleus.input"/>
|
||||
</tool>
|
||||
<tool id="cdt.managedbuild.tool.gnu.mentor.c.linker.nucleus.1059991805" name="CodeSourcery GNU C Linker" superClass="cdt.managedbuild.tool.gnu.mentor.c.linker.nucleus"/>
|
||||
<tool id="cdt.managedbuild.tool.gnu.mentor.cpp.linker.nucleus.1339624750" name="CodeSourcery GNU C++ Linker" superClass="cdt.managedbuild.tool.gnu.mentor.cpp.linker.nucleus"/>
|
||||
<tool id="cdt.managedbuild.tool.gnu.mentor.assembler.nucleus.729188509" name="CodeSourcery GNU Assembler" superClass="cdt.managedbuild.tool.gnu.mentor.assembler.nucleus">
|
||||
<option id="gnu.both.asm.option.debugging.level.260047724" name="Debug Level" superClass="gnu.both.asm.option.debugging.level" value="gnu.both.asm.debugging.level.max" valueType="enumerated"/>
|
||||
<inputType id="cdt.managedbuild.tool.gnu.assembler.input.376260780" superClass="cdt.managedbuild.tool.gnu.assembler.input"/>
|
||||
</tool>
|
||||
<tool id="com.mentor.embedded.toolchains.core.nucleus.exportgen.process.403073591" name="Nucleus Exports Generator" superClass="com.mentor.embedded.toolchains.core.nucleus.exportgen.process"/>
|
||||
<tool id="com.mentor.embedded.toolchains.core.nucleus.exportgen.application.645196251" name="Nucleus Exports Generator" superClass="com.mentor.embedded.toolchains.core.nucleus.exportgen.application"/>
|
||||
</toolChain>
|
||||
</folderInfo>
|
||||
<sourceEntries>
|
||||
<entry excluding="src/src/evp.c|src/src/aes_asm.S|src/benchmark|src/user-crypto|src/src/misc.c" flags="VALUE_WORKSPACE_PATH|RESOLVED" kind="sourcePath" name=""/>
|
||||
</sourceEntries>
|
||||
</configuration>
|
||||
</storageModule>
|
||||
<storageModule moduleId="org.eclipse.cdt.core.externalSettings">
|
||||
<externalSettings containerId="system-project;" factoryId="org.eclipse.cdt.core.cfg.export.settings.sipplier"/>
|
||||
</storageModule>
|
||||
</cconfiguration>
|
||||
<cconfiguration id="cdt.managedbuild.config.gnu.mentor.nucleus.lib.release.1927475508">
|
||||
<storageModule buildSystemId="org.eclipse.cdt.managedbuilder.core.configurationDataProvider" id="cdt.managedbuild.config.gnu.mentor.nucleus.lib.release.1927475508" moduleId="org.eclipse.cdt.core.settings" name="Release">
|
||||
<externalSettings>
|
||||
<externalSetting>
|
||||
<entry flags="VALUE_WORKSPACE_PATH" kind="includePath" name="/wolfcrypt"/>
|
||||
<entry flags="VALUE_WORKSPACE_PATH" kind="libraryPath" name="/wolfcrypt/Release"/>
|
||||
<entry flags="RESOLVED" kind="libraryFile" name="wolfssl" srcPrefixMapping="" srcRootPath=""/>
|
||||
</externalSetting>
|
||||
</externalSettings>
|
||||
<extensions>
|
||||
<extension id="org.eclipse.cdt.core.ELF" point="org.eclipse.cdt.core.BinaryParser"/>
|
||||
<extension id="org.eclipse.cdt.core.GASErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
||||
<extension id="org.eclipse.cdt.core.GmakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
||||
<extension id="com.mentor.embedded.toolchains.core.nucleus.FuseErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
||||
<extension id="org.eclipse.cdt.core.CWDLocator" point="org.eclipse.cdt.core.ErrorParser"/>
|
||||
<extension id="org.eclipse.cdt.core.GCCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
||||
</extensions>
|
||||
</storageModule>
|
||||
<storageModule moduleId="cdtBuildSystem" version="4.0.0">
|
||||
<configuration artifactExtension="a" artifactName="wolfssl" buildArtefactType="org.eclipse.cdt.build.core.buildArtefactType.staticLib" buildProperties="org.eclipse.cdt.build.core.buildArtefactType=org.eclipse.cdt.build.core.buildArtefactType.staticLib,org.eclipse.cdt.build.core.buildType=org.eclipse.cdt.build.core.buildType.release" cleanCommand="cs-rm -rf" description="" id="cdt.managedbuild.config.gnu.mentor.nucleus.lib.release.1927475508" name="Release" parent="cdt.managedbuild.config.gnu.mentor.nucleus.lib.release">
|
||||
<folderInfo id="cdt.managedbuild.config.gnu.mentor.nucleus.lib.release.1927475508." name="/" resourcePath="">
|
||||
<toolChain id="cdt.managedbuild.toolchain.gnu.mentor.nucleus.lib.release.215643800" name="Sourcery CodeBench for Nucleus" superClass="cdt.managedbuild.toolchain.gnu.mentor.nucleus.lib.release">
|
||||
<targetPlatform archList="all" binaryParser="org.eclipse.cdt.core.ELF" id="cdt.managedbuild.targetPlatform.gnu.mentor.nucleus.1262083747" isAbstract="false" osList="all" superClass="cdt.managedbuild.targetPlatform.gnu.mentor.nucleus"/>
|
||||
<builder buildPath="${workspace_loc:/wolfcrypt}/Release" id="cdt.managedbuild.builder.gnu.mentor.nucleus.656729475" keepEnvironmentInBuildfile="false" managedBuildOn="true" name="CodeSourcery GNU Builder" superClass="cdt.managedbuild.builder.gnu.mentor.nucleus"/>
|
||||
<tool id="cdt.managedbuild.tool.gnu.mentor.archiver.nucleus.1642691673" name="CodeSourcery GNU Archiver" superClass="cdt.managedbuild.tool.gnu.mentor.archiver.nucleus"/>
|
||||
<tool id="cdt.managedbuild.tool.gnu.mentor.cpp.compiler.nucleus.53089999" name="CodeSourcery GNU C++ Compiler" superClass="cdt.managedbuild.tool.gnu.mentor.cpp.compiler.nucleus">
|
||||
<option id="mentor.gnu.cpp.compiler.option.optimization.level.1972432162" name="Optimization Level" superClass="mentor.gnu.cpp.compiler.option.optimization.level" value="mentor.gnu.cpp.compiler.optimization.level.most" valueType="enumerated"/>
|
||||
<option id="mentor.gnu.cpp.compiler.option.debugging.level.1063240694" name="Debug Level" superClass="mentor.gnu.cpp.compiler.option.debugging.level"/>
|
||||
<option id="mentor.gnu.cpp.compiler.option.indexer_include.482283905" name="Include paths for indexer" superClass="mentor.gnu.cpp.compiler.option.indexer_include" valueType="includePath">
|
||||
<listOptionValue builtIn="false" value="${CFG_INCLUDE}"/>
|
||||
<listOptionValue builtIn="false" value="${SYSTEM_HOME}/./"/>
|
||||
<listOptionValue builtIn="false" value="${SYSTEM_HOME}/bsp/realview_eb_ct926ejs/include/"/>
|
||||
<listOptionValue builtIn="false" value="${SYSTEM_HOME}/bsp/realview_eb_ct926ejs/include/bsp/arch/plat-realview_eb/"/>
|
||||
<listOptionValue builtIn="false" value="${SYSTEM_HOME}/os/arch/arm/tool-csgnu_arm/"/>
|
||||
<listOptionValue builtIn="false" value="${SYSTEM_HOME}/os/include/"/>
|
||||
<listOptionValue builtIn="false" value="${SYSTEM_HOME}/os/include/arch/arm/"/>
|
||||
<listOptionValue builtIn="false" value="${SYSTEM_HOME}/os/include/arch/arm/tool-csgnu_arm/"/>
|
||||
</option>
|
||||
</tool>
|
||||
<tool id="cdt.managedbuild.tool.gnu.mentor.c.compiler.nucleus.768508310" name="CodeSourcery GNU C Compiler" superClass="cdt.managedbuild.tool.gnu.mentor.c.compiler.nucleus">
|
||||
<option defaultValue="mentor.gnu.c.optimization.level.most" id="mentor.gnu.c.compiler.option.optimization.level.1172306433" name="Optimization Level" superClass="mentor.gnu.c.compiler.option.optimization.level" valueType="enumerated"/>
|
||||
<option id="mentor.gnu.c.compiler.option.debugging.level.1416772866" name="Debug Level" superClass="mentor.gnu.c.compiler.option.debugging.level"/>
|
||||
<option id="mentor.gnu.c.compiler.option.indexer_include.190263447" name="Include paths for indexer" superClass="mentor.gnu.c.compiler.option.indexer_include" valueType="includePath">
|
||||
<listOptionValue builtIn="false" value="${CFG_INCLUDE}"/>
|
||||
<listOptionValue builtIn="false" value="${SYSTEM_HOME}/./"/>
|
||||
<listOptionValue builtIn="false" value="${SYSTEM_HOME}/bsp/realview_eb_ct926ejs/include/"/>
|
||||
<listOptionValue builtIn="false" value="${SYSTEM_HOME}/bsp/realview_eb_ct926ejs/include/bsp/arch/plat-realview_eb/"/>
|
||||
<listOptionValue builtIn="false" value="${SYSTEM_HOME}/os/arch/arm/tool-csgnu_arm/"/>
|
||||
<listOptionValue builtIn="false" value="${SYSTEM_HOME}/os/include/"/>
|
||||
<listOptionValue builtIn="false" value="${SYSTEM_HOME}/os/include/arch/arm/"/>
|
||||
<listOptionValue builtIn="false" value="${SYSTEM_HOME}/os/include/arch/arm/tool-csgnu_arm/"/>
|
||||
</option>
|
||||
<option id="mentor.gnu.c.compiler.option.include.paths.378624521" name="Include paths (-I)" superClass="mentor.gnu.c.compiler.option.include.paths" valueType="includePath">
|
||||
<listOptionValue builtIn="false" value="../../../"/>
|
||||
<listOptionValue builtIn="false" value=""${workspace_loc:/${ProjName}}""/>
|
||||
</option>
|
||||
<option id="mentor.gnu.c.compiler.option.preprocessor.def.symbols.377672412" name="Defined symbols (-D)" superClass="mentor.gnu.c.compiler.option.preprocessor.def.symbols" valueType="definedSymbols">
|
||||
<listOptionValue builtIn="false" value="WOLFSSL_USER_SETTINGS"/>
|
||||
</option>
|
||||
<inputType id="cdt.managedbuild.tool.gnu.mentor.c.compiler.nucleus.input.390280819" superClass="cdt.managedbuild.tool.gnu.mentor.c.compiler.nucleus.input"/>
|
||||
</tool>
|
||||
<tool id="cdt.managedbuild.tool.gnu.mentor.c.linker.nucleus.1383453309" name="CodeSourcery GNU C Linker" superClass="cdt.managedbuild.tool.gnu.mentor.c.linker.nucleus"/>
|
||||
<tool id="cdt.managedbuild.tool.gnu.mentor.cpp.linker.nucleus.543421555" name="CodeSourcery GNU C++ Linker" superClass="cdt.managedbuild.tool.gnu.mentor.cpp.linker.nucleus"/>
|
||||
<tool id="cdt.managedbuild.tool.gnu.mentor.assembler.nucleus.115889274" name="CodeSourcery GNU Assembler" superClass="cdt.managedbuild.tool.gnu.mentor.assembler.nucleus">
|
||||
<option id="gnu.both.asm.option.debugging.level.886431226" name="Debug Level" superClass="gnu.both.asm.option.debugging.level" value="gnu.both.asm.debugging.level.none" valueType="enumerated"/>
|
||||
<inputType id="cdt.managedbuild.tool.gnu.assembler.input.419671347" superClass="cdt.managedbuild.tool.gnu.assembler.input"/>
|
||||
</tool>
|
||||
<tool id="com.mentor.embedded.toolchains.core.nucleus.exportgen.process.278067994" name="Nucleus Exports Generator" superClass="com.mentor.embedded.toolchains.core.nucleus.exportgen.process"/>
|
||||
<tool id="com.mentor.embedded.toolchains.core.nucleus.exportgen.application.1699281427" name="Nucleus Exports Generator" superClass="com.mentor.embedded.toolchains.core.nucleus.exportgen.application"/>
|
||||
</toolChain>
|
||||
</folderInfo>
|
||||
<sourceEntries>
|
||||
<entry excluding="src/src/evp.c|src/src/aes_asm.S|src/benchmark|src/user-crypto|src/src/misc.c" flags="VALUE_WORKSPACE_PATH|RESOLVED" kind="sourcePath" name=""/>
|
||||
</sourceEntries>
|
||||
</configuration>
|
||||
</storageModule>
|
||||
<storageModule moduleId="org.eclipse.cdt.core.externalSettings">
|
||||
<externalSettings containerId="system-project;" factoryId="org.eclipse.cdt.core.cfg.export.settings.sipplier"/>
|
||||
</storageModule>
|
||||
</cconfiguration>
|
||||
</storageModule>
|
||||
<storageModule moduleId="cdtBuildSystem" version="4.0.0">
|
||||
<project id="wolfcrypt.cdt.managedbuild.target.gnu.mentor.nucleus.lib.1763261605" name="Static Library" projectType="cdt.managedbuild.target.gnu.mentor.nucleus.lib"/>
|
||||
</storageModule>
|
||||
<storageModule moduleId="scannerConfiguration">
|
||||
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId=""/>
|
||||
<scannerConfigBuildInfo instanceId="cdt.managedbuild.config.gnu.mentor.nucleus.lib.release.1927475508;cdt.managedbuild.config.gnu.mentor.nucleus.lib.release.1927475508.;cdt.managedbuild.tool.gnu.mentor.c.compiler.nucleus.768508310;cdt.managedbuild.tool.gnu.mentor.c.compiler.nucleus.input.390280819">
|
||||
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId="com.mentor.embedded.toolchains.core.nucleus.GCCManagedMakePerProjectProfileC"/>
|
||||
</scannerConfigBuildInfo>
|
||||
<scannerConfigBuildInfo instanceId="cdt.managedbuild.config.gnu.mentor.nucleus.lib.debug.16169494;cdt.managedbuild.config.gnu.mentor.nucleus.lib.debug.16169494.;cdt.managedbuild.tool.gnu.mentor.c.compiler.nucleus.2014778929;cdt.managedbuild.tool.gnu.mentor.c.compiler.nucleus.input.923848555">
|
||||
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId="com.mentor.embedded.toolchains.core.nucleus.GCCManagedMakePerProjectProfileC"/>
|
||||
</scannerConfigBuildInfo>
|
||||
</storageModule>
|
||||
<storageModule moduleId="org.eclipse.cdt.core.LanguageSettingsProviders"/>
|
||||
<storageModule moduleId="com.mentor.embedded">
|
||||
<project systemProject="system-project" version="2017.02.1"/>
|
||||
</storageModule>
|
||||
<storageModule moduleId="refreshScope"/>
|
||||
<storageModule moduleId="org.eclipse.cdt.make.core.buildtargets"/>
|
||||
</cproject>
|
||||
@@ -0,0 +1,33 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<projectDescription>
|
||||
<name>wolfcrypt</name>
|
||||
<comment></comment>
|
||||
<projects>
|
||||
</projects>
|
||||
<buildSpec>
|
||||
<buildCommand>
|
||||
<name>org.eclipse.cdt.managedbuilder.core.genmakebuilder</name>
|
||||
<triggers>clean,full,incremental,</triggers>
|
||||
<arguments>
|
||||
</arguments>
|
||||
</buildCommand>
|
||||
<buildCommand>
|
||||
<name>org.eclipse.cdt.managedbuilder.core.ScannerConfigBuilder</name>
|
||||
<triggers>full,incremental,</triggers>
|
||||
<arguments>
|
||||
</arguments>
|
||||
</buildCommand>
|
||||
</buildSpec>
|
||||
<natures>
|
||||
<nature>org.eclipse.cdt.core.cnature</nature>
|
||||
<nature>org.eclipse.cdt.managedbuilder.core.managedBuildNature</nature>
|
||||
<nature>org.eclipse.cdt.managedbuilder.core.ScannerConfigNature</nature>
|
||||
</natures>
|
||||
<linkedResources>
|
||||
<link>
|
||||
<name>src</name>
|
||||
<type>2</type>
|
||||
<locationURI>PARENT-2-PROJECT_LOC../wolfcrypt</locationURI>
|
||||
</link>
|
||||
</linkedResources>
|
||||
</projectDescription>
|
||||
@@ -0,0 +1,8 @@
|
||||
# vim:ft=automake
|
||||
# included from Top Level Makefile.am
|
||||
# All paths should be given relative to the root
|
||||
|
||||
EXTRA_DIST+= IDE/CSBENCH/.project
|
||||
EXTRA_DIST+= IDE/CSBENCH/.cproject
|
||||
EXTRA_DIST+= IDE/CSBENCH/user_settings.h
|
||||
|
||||
@@ -0,0 +1,22 @@
|
||||
#ifndef WOLFSSL_CSBENCH_H
|
||||
#define WOLFSSL_CSBENCH_H
|
||||
|
||||
/* wolfSSL settings */
|
||||
#define WOLFCRYPT_ONLY
|
||||
#define USE_FAST_MATH
|
||||
#define TFM_TIMING_RESISTANT
|
||||
#define WC_RSA_BLINDING
|
||||
|
||||
#define SINGLE_THREADED
|
||||
#define HAVE_AESGCM
|
||||
#define NO_ASN_TIME
|
||||
|
||||
#define HAVE_ECC
|
||||
#define ECC_TIMING_RESISTANT
|
||||
#define WOLFSSL_NUCLEUS
|
||||
|
||||
/* wolfSSH settings */
|
||||
#define WOLFSSH_SFTP
|
||||
//#define DEBUG_WOLFSSH
|
||||
|
||||
#endif
|
||||
@@ -13,5 +13,6 @@ include IDE/INTIME-RTOS/include.am
|
||||
include IDE/OPENSTM32/include.am
|
||||
include IDE/VS-ARM/include.am
|
||||
include IDE/GCC-ARM/include.am
|
||||
include IDE/CSBENCH/include.am
|
||||
|
||||
EXTRA_DIST+= IDE/IAR-EWARM IDE/MDK-ARM IDE/MDK5-ARM IDE/MYSQL IDE/LPCXPRESSO IDE/HEXIWEAR
|
||||
|
||||
+1
-7
@@ -84,6 +84,7 @@ EXTRA_DIST+= wolfssl64.sln
|
||||
EXTRA_DIST+= valgrind-error.sh
|
||||
EXTRA_DIST+= gencertbuf.pl
|
||||
EXTRA_DIST+= README.md
|
||||
EXTRA_DIST+= ChangeLog.md
|
||||
EXTRA_DIST+= LICENSING
|
||||
EXTRA_DIST+= INSTALL
|
||||
EXTRA_DIST+= IPP
|
||||
@@ -94,10 +95,6 @@ include wrapper/include.am
|
||||
include cyassl/include.am
|
||||
include wolfssl/include.am
|
||||
include certs/include.am
|
||||
include certs/1024/include.am
|
||||
include certs/crl/include.am
|
||||
include certs/external/include.am
|
||||
include certs/ocsp/include.am
|
||||
include doc/include.am
|
||||
include swig/include.am
|
||||
|
||||
@@ -208,6 +205,3 @@ merge-clean:
|
||||
@find ./ | $(GREP) \.BASE | xargs rm -f
|
||||
@find ./ | $(GREP) \~$$ | xargs rm -f
|
||||
|
||||
dist-hook:
|
||||
cp $(distdir)/wolfssl/options.h.in $(distdir)/wolfssl/options.h
|
||||
|
||||
|
||||
Executable → Regular
Executable → Regular
Executable → Regular
Executable → Regular
Executable → Regular
Executable → Regular
@@ -0,0 +1,38 @@
|
||||
Certificate Revocation List (CRL):
|
||||
Version 2 (0x1)
|
||||
Signature Algorithm: sha1WithRSAEncryption
|
||||
Issuer: /C=US/ST=Montana/L=Bozeman/OU=Engineering/CN=www.nomatch.com/emailAddress=info@wolfssl.com
|
||||
Last Update: Jun 13 16:02:51 2018 GMT
|
||||
Next Update: Mar 9 16:02:51 2021 GMT
|
||||
CRL extensions:
|
||||
X509v3 CRL Number:
|
||||
1
|
||||
No Revoked Certificates.
|
||||
Signature Algorithm: sha1WithRSAEncryption
|
||||
60:64:8d:80:20:c1:5e:48:cc:61:ba:31:b1:59:13:21:8c:d0:
|
||||
ff:a3:ed:70:b0:ba:04:67:df:bb:f0:aa:db:71:85:2d:c3:ae:
|
||||
ab:79:a0:83:68:df:70:f5:85:1a:8e:7c:6d:91:89:a3:af:ae:
|
||||
4f:72:05:37:d9:aa:76:a5:86:10:0a:89:7a:d9:06:6a:6b:43:
|
||||
51:8c:b3:ce:28:79:0c:70:d0:9a:f7:89:a5:ff:5f:4a:08:2f:
|
||||
ca:3c:83:3e:d2:74:c1:02:37:f9:5d:e8:10:d2:7a:d1:df:b7:
|
||||
13:40:34:2c:c5:61:71:d7:24:79:46:26:f7:b7:6f:b5:05:8a:
|
||||
96:d6:a8:89:73:e6:ac:5b:96:df:be:08:6d:2b:2e:da:00:c8:
|
||||
dc:11:54:c2:b9:f5:80:21:79:98:12:5d:91:bb:54:61:d8:d0:
|
||||
c1:42:3d:9c:24:d5:11:0e:33:ea:3e:84:66:6e:65:2c:59:c5:
|
||||
c9:b8:7b:e8:b3:ce:fc:66:d8:cc:68:98:55:9a:ff:54:fe:b0:
|
||||
74:1f:d7:cc:af:f8:76:b9:ed:cf:46:07:2e:74:0e:50:b9:e9:
|
||||
46:28:22:82:d7:2b:3c:81:81:e8:12:f1:5c:6e:88:ac:c7:c5:
|
||||
3c:1d:46:95:ff:9e:fe:7f:38:6c:a6:4d:ac:75:86:d4:4c:8a:
|
||||
75:e9:a2:88
|
||||
-----BEGIN X509 CRL-----
|
||||
MIIB3DCBxQIBATANBgkqhkiG9w0BAQUFADCBgjELMAkGA1UEBhMCVVMxEDAOBgNV
|
||||
BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFDASBgNVBAsMC0VuZ2luZWVy
|
||||
aW5nMRgwFgYDVQQDDA93d3cubm9tYXRjaC5jb20xHzAdBgkqhkiG9w0BCQEWEGlu
|
||||
Zm9Ad29sZnNzbC5jb20XDTE4MDYxMzE2MDI1MVoXDTIxMDMwOTE2MDI1MVqgDjAM
|
||||
MAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4IBAQBgZI2AIMFeSMxhujGxWRMh
|
||||
jND/o+1wsLoEZ9+78KrbcYUtw66reaCDaN9w9YUajnxtkYmjr65PcgU32ap2pYYQ
|
||||
Col62QZqa0NRjLPOKHkMcNCa94ml/19KCC/KPIM+0nTBAjf5XegQ0nrR37cTQDQs
|
||||
xWFx1yR5Rib3t2+1BYqW1qiJc+asW5bfvghtKy7aAMjcEVTCufWAIXmYEl2Ru1Rh
|
||||
2NDBQj2cJNURDjPqPoRmbmUsWcXJuHvos878ZtjMaJhVmv9U/rB0H9fMr/h2ue3P
|
||||
RgcudA5QuelGKCKC1ys8gYHoEvFcboisx8U8HUaV/57+fzhspk2sdYbUTIp16aKI
|
||||
-----END X509 CRL-----
|
||||
@@ -0,0 +1,38 @@
|
||||
Certificate Revocation List (CRL):
|
||||
Version 2 (0x1)
|
||||
Signature Algorithm: sha1WithRSAEncryption
|
||||
Issuer: /C=US/ST=Montana/L=Bozeman/OU=Engineering/CN=www.nomatch.com/emailAddress=info@wolfssl.com
|
||||
Last Update: Jun 12 23:10:47 2018 GMT
|
||||
Next Update: Mar 8 23:10:47 2021 GMT
|
||||
CRL extensions:
|
||||
X509v3 CRL Number:
|
||||
1
|
||||
No Revoked Certificates.
|
||||
Signature Algorithm: sha1WithRSAEncryption
|
||||
16:c2:f1:59:3a:bb:50:6c:b0:f8:c4:e8:29:ac:cc:33:a7:e8:
|
||||
bb:12:88:0b:9b:a0:2f:bf:39:d7:97:c9:9c:17:60:e5:31:5f:
|
||||
9f:5d:ce:70:ff:1e:aa:6f:5a:72:8c:29:a3:70:3a:bb:33:e5:
|
||||
2a:c8:61:03:96:3e:96:81:7c:fb:0d:5c:b7:67:b0:44:90:a7:
|
||||
24:63:9b:df:80:ec:8c:3a:0b:8c:16:2e:09:09:9e:fd:f8:0d:
|
||||
fa:a5:63:a3:d4:6a:28:10:ab:57:3a:59:e7:1f:84:e5:30:ad:
|
||||
17:fd:f7:15:c2:75:e8:18:46:c3:5d:2c:4e:6f:ec:bd:8c:fa:
|
||||
8f:00:9e:4a:1c:c3:0d:cf:2e:24:9a:fc:13:9c:76:91:ac:e0:
|
||||
87:dd:fa:37:7a:24:72:35:1a:97:56:2f:13:0e:75:11:cd:e2:
|
||||
41:dd:12:b0:63:2f:01:52:af:dd:63:5d:59:7c:16:ed:a4:bb:
|
||||
89:d2:42:27:7f:69:c5:09:0c:db:8a:d7:0e:4b:70:ea:1f:17:
|
||||
68:a5:ac:86:66:25:1c:d4:89:47:8e:64:4f:08:30:35:5e:69:
|
||||
11:53:21:e9:c6:bd:16:ec:84:51:69:2b:bd:4a:de:65:f1:be:
|
||||
5d:32:b2:fd:85:0d:d0:47:60:c0:fc:56:d8:d6:7e:05:d2:ac:
|
||||
0c:44:1f:c7
|
||||
-----BEGIN X509 CRL-----
|
||||
MIIB3DCBxQIBATANBgkqhkiG9w0BAQUFADCBgjELMAkGA1UEBhMCVVMxEDAOBgNV
|
||||
BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFDASBgNVBAsMC0VuZ2luZWVy
|
||||
aW5nMRgwFgYDVQQDDA93d3cubm9tYXRjaC5jb20xHzAdBgkqhkiG9w0BCQEWEGlu
|
||||
Zm9Ad29sZnNzbC5jb20XDTE4MDYxMjIzMTA0N1oXDTIxMDMwODIzMTA0N1qgDjAM
|
||||
MAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4IBAQAWwvFZOrtQbLD4xOgprMwz
|
||||
p+i7EogLm6AvvznXl8mcF2DlMV+fXc5w/x6qb1pyjCmjcDq7M+UqyGEDlj6WgXz7
|
||||
DVy3Z7BEkKckY5vfgOyMOguMFi4JCZ79+A36pWOj1GooEKtXOlnnH4TlMK0X/fcV
|
||||
wnXoGEbDXSxOb+y9jPqPAJ5KHMMNzy4kmvwTnHaRrOCH3fo3eiRyNRqXVi8TDnUR
|
||||
zeJB3RKwYy8BUq/dY11ZfBbtpLuJ0kInf2nFCQzbitcOS3DqHxdopayGZiUc1IlH
|
||||
jmRPCDA1XmkRUyHpxr0W7IRRaSu9St5l8b5dMrL9hQ3QR2DA/FbY1n4F0qwMRB/H
|
||||
-----END X509 CRL-----
|
||||
@@ -0,0 +1,38 @@
|
||||
Certificate Revocation List (CRL):
|
||||
Version 2 (0x1)
|
||||
Signature Algorithm: sha1WithRSAEncryption
|
||||
Issuer: /C=US/ST=Montana/L=Bozeman/OU=Engineering/CN=localhost/emailAddress=info@wolfssl.com
|
||||
Last Update: Jun 13 16:02:51 2018 GMT
|
||||
Next Update: Mar 9 16:02:51 2021 GMT
|
||||
CRL extensions:
|
||||
X509v3 CRL Number:
|
||||
1
|
||||
No Revoked Certificates.
|
||||
Signature Algorithm: sha1WithRSAEncryption
|
||||
b9:a1:1b:20:dd:23:b2:20:e4:b5:97:84:21:44:e6:f1:98:0b:
|
||||
6b:30:22:d2:85:8e:11:19:17:e9:8a:0c:4d:cd:12:61:b0:a1:
|
||||
62:a0:4a:58:05:e2:b7:ba:50:86:41:8e:46:ae:c5:8a:36:7c:
|
||||
c8:ea:94:f3:30:53:46:2b:0f:1c:b3:d0:01:f1:ad:47:e1:a8:
|
||||
18:65:e1:b2:32:8d:4d:31:32:f3:54:92:39:e3:f2:cc:2d:a1:
|
||||
90:f2:51:79:69:c7:f8:28:ac:53:a9:c2:49:a7:d3:b7:cc:cb:
|
||||
ac:6f:7d:d5:e5:8e:a1:8f:a6:51:8a:e9:b2:43:e6:5b:7e:e8:
|
||||
dd:19:a0:00:ba:a3:71:ce:33:a2:bb:77:9c:6d:75:89:fd:1a:
|
||||
19:da:0a:b4:6a:12:36:e9:cf:e3:83:e1:33:be:41:5b:72:45:
|
||||
21:11:69:90:aa:72:f7:09:50:cb:d2:d5:df:63:da:7d:0b:29:
|
||||
5e:c1:cf:cc:d5:11:07:40:92:04:6a:3b:8e:0a:7a:5f:12:f3:
|
||||
36:d5:fd:af:84:5f:4c:bd:a1:b4:b1:f4:db:d1:03:5a:38:22:
|
||||
bc:17:7a:ff:39:78:4a:c0:c7:b3:f3:3c:02:84:cd:93:30:5b:
|
||||
aa:94:11:32:b8:6f:d3:54:7f:16:e8:b4:d7:54:1b:65:2e:7b:
|
||||
d1:70:bb:e9
|
||||
-----BEGIN X509 CRL-----
|
||||
MIIB1TCBvgIBATANBgkqhkiG9w0BAQUFADB8MQswCQYDVQQGEwJVUzEQMA4GA1UE
|
||||
CAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEUMBIGA1UECwwLRW5naW5lZXJp
|
||||
bmcxEjAQBgNVBAMMCWxvY2FsaG9zdDEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xm
|
||||
c3NsLmNvbRcNMTgwNjEzMTYwMjUxWhcNMjEwMzA5MTYwMjUxWqAOMAwwCgYDVR0U
|
||||
BAMCAQEwDQYJKoZIhvcNAQEFBQADggEBALmhGyDdI7Ig5LWXhCFE5vGYC2swItKF
|
||||
jhEZF+mKDE3NEmGwoWKgSlgF4re6UIZBjkauxYo2fMjqlPMwU0YrDxyz0AHxrUfh
|
||||
qBhl4bIyjU0xMvNUkjnj8swtoZDyUXlpx/gorFOpwkmn07fMy6xvfdXljqGPplGK
|
||||
6bJD5lt+6N0ZoAC6o3HOM6K7d5xtdYn9GhnaCrRqEjbpz+OD4TO+QVtyRSERaZCq
|
||||
cvcJUMvS1d9j2n0LKV7Bz8zVEQdAkgRqO44Kel8S8zbV/a+EX0y9obSx9NvRA1o4
|
||||
IrwXev85eErAx7PzPAKEzZMwW6qUETK4b9NUfxbotNdUG2Uue9Fwu+k=
|
||||
-----END X509 CRL-----
|
||||
@@ -0,0 +1,38 @@
|
||||
Certificate Revocation List (CRL):
|
||||
Version 2 (0x1)
|
||||
Signature Algorithm: sha1WithRSAEncryption
|
||||
Issuer: /C=US/ST=Montana/L=Bozeman/OU=Engineering/CN=*localhost/emailAddress=info@wolfssl.com
|
||||
Last Update: Jun 12 23:10:47 2018 GMT
|
||||
Next Update: Mar 8 23:10:47 2021 GMT
|
||||
CRL extensions:
|
||||
X509v3 CRL Number:
|
||||
1
|
||||
No Revoked Certificates.
|
||||
Signature Algorithm: sha1WithRSAEncryption
|
||||
79:7e:bd:34:d2:3d:f5:91:b1:79:de:50:c2:26:d5:8e:05:f7:
|
||||
30:26:bd:2f:dd:6a:a1:cf:15:91:fd:95:30:a7:04:5a:65:33:
|
||||
e4:fb:63:79:dd:6e:63:bd:d1:55:bd:c8:22:3c:c2:6a:40:38:
|
||||
75:85:6a:e1:24:a3:99:e3:13:30:c2:cb:15:cc:50:4b:03:87:
|
||||
b8:90:9c:e8:95:2a:62:1f:ed:33:30:a8:04:9f:67:b7:4c:bd:
|
||||
31:b3:19:59:18:9c:6d:64:c2:22:d4:8d:8e:7e:98:c2:39:b0:
|
||||
28:35:ed:8f:37:6b:03:57:3b:ef:e8:28:26:8a:f0:de:8a:21:
|
||||
e8:c3:d9:68:2e:ee:cb:cb:89:4f:af:4d:37:ad:98:64:38:6e:
|
||||
d8:87:fb:3b:0b:b6:a5:58:da:5e:f2:81:a1:18:90:d6:1b:f7:
|
||||
8a:1b:11:3a:6d:55:0c:09:4d:cd:ea:43:01:a4:92:05:50:7e:
|
||||
b4:1a:8f:54:b2:cb:4c:94:09:e0:85:cc:29:22:e4:5b:29:ee:
|
||||
65:91:e3:4a:f9:64:19:40:25:17:27:a1:91:2b:2e:18:6d:2a:
|
||||
26:9a:e3:82:05:a6:0b:67:24:a1:dc:d4:29:ad:47:f0:89:28:
|
||||
65:da:fe:fc:62:86:47:05:51:54:08:dc:b3:e5:99:48:d6:da:
|
||||
52:be:85:7c
|
||||
-----BEGIN X509 CRL-----
|
||||
MIIB1jCBvwIBATANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJVUzEQMA4GA1UE
|
||||
CAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEUMBIGA1UECwwLRW5naW5lZXJp
|
||||
bmcxEzARBgNVBAMMCipsb2NhbGhvc3QxHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29s
|
||||
ZnNzbC5jb20XDTE4MDYxMjIzMTA0N1oXDTIxMDMwODIzMTA0N1qgDjAMMAoGA1Ud
|
||||
FAQDAgEBMA0GCSqGSIb3DQEBBQUAA4IBAQB5fr000j31kbF53lDCJtWOBfcwJr0v
|
||||
3WqhzxWR/ZUwpwRaZTPk+2N53W5jvdFVvcgiPMJqQDh1hWrhJKOZ4xMwwssVzFBL
|
||||
A4e4kJzolSpiH+0zMKgEn2e3TL0xsxlZGJxtZMIi1I2OfpjCObAoNe2PN2sDVzvv
|
||||
6CgmivDeiiHow9loLu7Ly4lPr003rZhkOG7Yh/s7C7alWNpe8oGhGJDWG/eKGxE6
|
||||
bVUMCU3N6kMBpJIFUH60Go9UsstMlAnghcwpIuRbKe5lkeNK+WQZQCUXJ6GRKy4Y
|
||||
bSommuOCBaYLZySh3NQprUfwiShl2v78YoZHBVFUCNyz5ZlI1tpSvoV8
|
||||
-----END X509 CRL-----
|
||||
Binary file not shown.
@@ -0,0 +1,3 @@
|
||||
-----BEGIN PRIVATE KEY-----
|
||||
MC4CAQAwBQYDK2VwBCIEIALLg+oVSN6eOx+rCjIui2cYL3VyBkk2pWBdv1+JXJBy
|
||||
-----END PRIVATE KEY-----
|
||||
Binary file not shown.
@@ -1,3 +1,3 @@
|
||||
-----BEGIN PRIVATE KEY-----
|
||||
MC4CAQAwBQYDK2VwBCIEIBGdNYxa3ommO8aYO1oGaGSRQBqDYB0sKOdR3bqejqIQ
|
||||
MC4CAQAwBQYDK2VwBCIEICejNCo11Lu44dzY7A/BoNGiXPkG8ERdO5dNvd9KO6NO
|
||||
-----END PRIVATE KEY-----
|
||||
|
||||
@@ -16,3 +16,17 @@ popd
|
||||
mv ${EXAMPLE}/*.pem .
|
||||
mv ${EXAMPLE}/*.der .
|
||||
|
||||
convert() {
|
||||
echo -en "\x30\x2e" > ${NAME}-ed25519-priv.der
|
||||
head -c 48 ${NAME}-ed25519-key.der | tail -c 46 >> ${NAME}-ed25519-priv.der
|
||||
|
||||
echo "-----BEGIN PRIVATE KEY-----" > ${NAME}-ed25519-priv.pem
|
||||
openssl base64 -in ${NAME}-ed25519-priv.der >> ${NAME}-ed25519-priv.pem
|
||||
echo "-----END PRIVATE KEY-----" >> ${NAME}-ed25519-priv.pem
|
||||
}
|
||||
|
||||
NAME=server convert
|
||||
NAME=client convert
|
||||
NAME=root convert
|
||||
NAME=ca convert
|
||||
|
||||
|
||||
@@ -0,0 +1,29 @@
|
||||
# vim:ft=automake
|
||||
# All paths should be given relative to the root
|
||||
#
|
||||
|
||||
EXTRA_DIST += \
|
||||
certs/ed25519/ca-ed25519.der \
|
||||
certs/ed25519/ca-ed25519.pem \
|
||||
certs/ed25519/ca-ed25519-key.der \
|
||||
certs/ed25519/ca-ed25519-key.pem \
|
||||
certs/ed25519/ca-ed25519-priv.der \
|
||||
certs/ed25519/ca-ed25519-priv.pem \
|
||||
certs/ed25519/client-ed25519.der \
|
||||
certs/ed25519/client-ed25519.pem \
|
||||
certs/ed25519/client-ed25519-key.der \
|
||||
certs/ed25519/client-ed25519-key.pem \
|
||||
certs/ed25519/client-ed25519-priv.der \
|
||||
certs/ed25519/client-ed25519-priv.pem \
|
||||
certs/ed25519/root-ed25519.der \
|
||||
certs/ed25519/root-ed25519.pem \
|
||||
certs/ed25519/root-ed25519-key.der \
|
||||
certs/ed25519/root-ed25519-key.pem \
|
||||
certs/ed25519/root-ed25519-priv.der \
|
||||
certs/ed25519/root-ed25519-priv.pem \
|
||||
certs/ed25519/server-ed25519.der \
|
||||
certs/ed25519/server-ed25519.pem \
|
||||
certs/ed25519/server-ed25519-key.der \
|
||||
certs/ed25519/server-ed25519-key.pem \
|
||||
certs/ed25519/server-ed25519-priv.der \
|
||||
certs/ed25519/server-ed25519-priv.pem
|
||||
Binary file not shown.
@@ -0,0 +1,3 @@
|
||||
-----BEGIN PRIVATE KEY-----
|
||||
MC4CAQAwBQYDK2VwBCIEICejNCo11Lu44dzY7A/BoNGiXPkG8ERdO5dNvd9KO6NO
|
||||
-----END PRIVATE KEY-----
|
||||
Binary file not shown.
@@ -1,3 +1,3 @@
|
||||
-----BEGIN PRIVATE KEY-----
|
||||
MC4CAQAwBQYDK2VwBCIEINjpdrI/H/eIdfXd+HrGSTBu6Z/LnR4rwBjvu3WJ5ndn
|
||||
MC4CAQAwBQYDK2VwBCIEIAIvxf+6jtDSvwOOdo/IhoBxh5cx4kCs37uQFVJuJKE5
|
||||
-----END PRIVATE KEY-----
|
||||
|
||||
Vendored
+1
@@ -4,4 +4,5 @@
|
||||
|
||||
EXTRA_DIST += \
|
||||
certs/external/ca-globalsign-root-r3.pem \
|
||||
certs/external/ca-digicert-ev.pem \
|
||||
certs/external/baltimore-cybertrust-root.pem
|
||||
|
||||
Executable → Regular
+8
-23
@@ -8,6 +8,8 @@ EXTRA_DIST += \
|
||||
certs/client-cert.pem \
|
||||
certs/client-keyEnc.pem \
|
||||
certs/client-key.pem \
|
||||
certs/client-uri-cert.pem \
|
||||
certs/client-relative-uri.pem \
|
||||
certs/ecc-key.pem \
|
||||
certs/ecc-privkey.pem \
|
||||
certs/ecc-keyPkcs8Enc.pem \
|
||||
@@ -63,27 +65,6 @@ EXTRA_DIST += \
|
||||
certs/server-ecc-self.der \
|
||||
certs/server-ecc-rsa.der \
|
||||
certs/server-cert-chain.der
|
||||
EXTRA_DIST += \
|
||||
certs/ed25519/ca-ed25519.der \
|
||||
certs/ed25519/ca-ed25519-key.der \
|
||||
certs/ed25519/ca-ed25519-key.pem \
|
||||
certs/ed25519/ca-ed25519.pem \
|
||||
certs/ed25519/client-ed25519.der \
|
||||
certs/ed25519/client-ed25519-key.der \
|
||||
certs/ed25519/client-ed25519-key.pem \
|
||||
certs/ed25519/client-ed25519.pem \
|
||||
certs/ed25519/client-ed25519-priv.pem \
|
||||
certs/ed25519/client-ed25519-priv.pem \
|
||||
certs/ed25519/root-ed25519.der \
|
||||
certs/ed25519/root-ed25519-key.der \
|
||||
certs/ed25519/root-ed25519-key.pem \
|
||||
certs/ed25519/root-ed25519.pem \
|
||||
certs/ed25519/server-ed25519.der \
|
||||
certs/ed25519/server-ed25519-key.der \
|
||||
certs/ed25519/server-ed25519-key.pem \
|
||||
certs/ed25519/server-ed25519.pem \
|
||||
certs/ed25519/server-ed25519-priv.der \
|
||||
certs/ed25519/server-ed25519-priv.pem
|
||||
|
||||
# ECC CA prime256v1
|
||||
EXTRA_DIST += \
|
||||
@@ -103,7 +84,11 @@ dist_doc_DATA+= certs/taoCert.txt
|
||||
|
||||
EXTRA_DIST+= certs/ntru-key.raw
|
||||
|
||||
include certs/1024/include.am
|
||||
include certs/crl/include.am
|
||||
include certs/ecc/include.am
|
||||
include certs/ed25519/include.am
|
||||
include certs/external/include.am
|
||||
include certs/ocsp/include.am
|
||||
include certs/test/include.am
|
||||
include certs/test-pathlen/include.am
|
||||
include certs/test/include.am
|
||||
include certs/ecc/include.am
|
||||
|
||||
Executable → Regular
+82
-28
@@ -1,43 +1,97 @@
|
||||
#!/bin/sh
|
||||
|
||||
# Generate CN=localhost, AltName=localhost\0h
|
||||
echo "step 1 create key"
|
||||
openssl genrsa -out server-badaltnamenull.key 2048
|
||||
# Args: 1=FileName, 2=CN, 3=AltName
|
||||
function build_test_cert_conf {
|
||||
echo "[ req ]" > $1.conf
|
||||
echo "prompt = no" >> $1.conf
|
||||
echo "default_bits = 2048" >> $1.conf
|
||||
echo "distinguished_name = req_distinguished_name" >> $1.conf
|
||||
echo "req_extensions = req_ext" >> $1.conf
|
||||
echo "" >> $1.conf
|
||||
echo "[ req_distinguished_name ]" >> $1.conf
|
||||
echo "C = US" >> $1.conf
|
||||
echo "ST = Montana" >> $1.conf
|
||||
echo "L = Bozeman" >> $1.conf
|
||||
echo "OU = Engineering" >> $1.conf
|
||||
echo "CN = $2" >> $1.conf
|
||||
echo "emailAddress = info@wolfssl.com" >> $1.conf
|
||||
echo "" >> $1.conf
|
||||
echo "[ req_ext ]" >> $1.conf
|
||||
if [ -n "$3" ]; then
|
||||
if [[ "$3" != *"DER"* ]]; then
|
||||
echo "subjectAltName = @alt_names" >> $1.conf
|
||||
echo "[alt_names]" >> $1.conf
|
||||
echo "DNS.1 = $3" >> $1.conf
|
||||
else
|
||||
echo "subjectAltName = $3" >> $1.conf
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
echo "step 2 create csr"
|
||||
echo "US\nMontana\nBozeman\nEngineering\nlocalhost\n.\n" | openssl req -new -sha256 -out server-badaltnamenull.csr -key server-badaltnamenull.key -config server-badaltnamenull.conf
|
||||
# Args: 1=FileName
|
||||
function generate_test_cert {
|
||||
rm $1.der
|
||||
rm $1.pem
|
||||
|
||||
echo "step 3 check csr"
|
||||
openssl req -text -noout -in server-badaltnamenull.csr
|
||||
echo "step 1 create configuration"
|
||||
build_test_cert_conf $1 $2 $3
|
||||
|
||||
echo "step 4 create cert"
|
||||
openssl x509 -req -days 1000 -in server-badaltnamenull.csr -signkey server-badaltnamenull.key \
|
||||
-out server-badaltnamenull.pem -extensions req_ext -extfile server-badaltnamenull.conf
|
||||
echo "step 2 create csr"
|
||||
openssl req -new -sha256 -out $1.csr -key ../server-key.pem -config $1.conf
|
||||
|
||||
echo "step 5 make human reviewable"
|
||||
openssl x509 -inform pem -in server-badaltnamenull.pem -text > tmp.pem
|
||||
mv tmp.pem server-badaltnamenull.pem
|
||||
echo "step 3 check csr"
|
||||
openssl req -text -noout -in $1.csr
|
||||
|
||||
openssl x509 -inform pem -in server-badaltnamenull.pem -outform der -out server-badaltnamenull.der
|
||||
echo "step 4 create cert"
|
||||
openssl x509 -req -days 1000 -sha256 -in $1.csr -signkey ../server-key.pem \
|
||||
-out $1.pem -extensions req_ext -extfile $1.conf
|
||||
rm $1.conf
|
||||
rm $1.csr
|
||||
|
||||
if [ -n "$4" ]; then
|
||||
echo "step 5 generate crl"
|
||||
mkdir ../crl/demoCA
|
||||
touch ../crl/demoCA/index.txt
|
||||
echo "01" > ../crl/crlnumber
|
||||
openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out crl.revoked -keyfile ../server-key.pem -cert $1.pem
|
||||
rm ../crl/$1Crl.pem
|
||||
openssl crl -in crl.revoked -text > tmp.pem
|
||||
mv tmp.pem ../crl/$1Crl.pem
|
||||
rm crl.revoked
|
||||
rm -rf ../crl/demoCA
|
||||
rm ../crl/crlnumber*
|
||||
fi
|
||||
|
||||
echo "step 6 add cert text information to pem"
|
||||
openssl x509 -inform pem -in $1.pem -text > tmp.pem
|
||||
mv tmp.pem $1.pem
|
||||
|
||||
echo "step 7 make binary der version"
|
||||
openssl x509 -inform pem -in $1.pem -outform der -out $1.der
|
||||
}
|
||||
|
||||
|
||||
# Generate CN=www.nomatch.com, no AltName
|
||||
echo "step 1 create key"
|
||||
openssl genrsa -out server-nomatch.key 2048
|
||||
# Generate Good CN=localhost, Alt=None
|
||||
generate_test_cert server-goodcn localhost "" 1
|
||||
|
||||
echo "step 2 create csr"
|
||||
echo "US\nMontana\nBozeman\nEngineering\nwww.nomatch.com\n.\n" | openssl req -new -sha256 -out server-nomatch.csr -key server-nomatch.key -config server-nomatch.conf
|
||||
# Generate Good CN=www.nomatch.com, Alt=localhost
|
||||
generate_test_cert server-goodalt www.nomatch.com localhost 1
|
||||
|
||||
echo "step 3 check csr"
|
||||
openssl req -text -noout -in server-nomatch.csr
|
||||
# Generate Good CN=*localhost, Alt=None
|
||||
generate_test_cert server-goodcnwild *localhost "" 1
|
||||
|
||||
echo "step 4 create cert"
|
||||
openssl x509 -req -days 1000 -in server-nomatch.csr -signkey server-nomatch.key \
|
||||
-out server-nomatch.pem -extensions req_ext -extfile server-nomatch.conf
|
||||
# Generate Good CN=www.nomatch.com, Alt=*localhost
|
||||
generate_test_cert server-goodaltwild www.nomatch.com *localhost 1
|
||||
|
||||
echo "step 5 make human reviewable"
|
||||
openssl x509 -inform pem -in server-nomatch.pem -text > tmp.pem
|
||||
mv tmp.pem server-nomatch.pem
|
||||
# Generate Bad CN=localhost\0h, Alt=None
|
||||
# DG: Have not found a way to properly encode null in common name
|
||||
generate_test_cert server-badcnnull DER:30:0d:82:0b:6c:6f:63:61:6c:68:6f:73:74:00:68
|
||||
|
||||
openssl x509 -inform pem -in server-nomatch.pem -outform der -out server-nomatch.der
|
||||
# Generate Bad Name CN=www.nomatch.com, Alt=None
|
||||
generate_test_cert server-badcn www.nomatch.com
|
||||
|
||||
# Generate Bad Alt CN=www.nomatch.com, Alt=localhost\0h
|
||||
generate_test_cert server-badaltnull www.nomatch.com DER:30:0d:82:0b:6c:6f:63:61:6c:68:6f:73:74:00:68
|
||||
|
||||
# Generate Bad Alt Name CN=www.nomatch.com, Alt=www.nomatch.com
|
||||
generate_test_cert server-badaltname www.nomatch.com www.nomatch.com
|
||||
|
||||
+32
-10
@@ -20,13 +20,35 @@ EXTRA_DIST += \
|
||||
|
||||
EXTRA_DIST += \
|
||||
certs/test/gen-testcerts.sh \
|
||||
certs/test/server-badaltnamenull.conf \
|
||||
certs/test/server-badaltnamenull.csr \
|
||||
certs/test/server-badaltnamenull.key \
|
||||
certs/test/server-badaltnamenull.pem \
|
||||
certs/test/server-badaltnamenull.der \
|
||||
certs/test/server-nomatch.conf \
|
||||
certs/test/server-nomatch.csr \
|
||||
certs/test/server-nomatch.key \
|
||||
certs/test/server-nomatch.pem \
|
||||
certs/test/server-nomatch.der
|
||||
certs/test/server-goodcn.pem \
|
||||
certs/test/server-goodcn.der \
|
||||
certs/test/server-goodalt.pem \
|
||||
certs/test/server-goodalt.der \
|
||||
certs/test/server-goodcnwild.pem \
|
||||
certs/test/server-goodcnwild.der \
|
||||
certs/test/server-goodaltwild.pem \
|
||||
certs/test/server-goodaltwild.der \
|
||||
certs/test/server-badcnnull.pem \
|
||||
certs/test/server-badcnnull.der \
|
||||
certs/test/server-badcn.pem \
|
||||
certs/test/server-badcn.der \
|
||||
certs/test/server-badaltnull.pem \
|
||||
certs/test/server-badaltnull.der \
|
||||
certs/test/server-badaltname.der \
|
||||
certs/test/server-badaltname.pem \
|
||||
certs/crl/server-goodaltCrl.pem \
|
||||
certs/crl/server-goodcnCrl.pem \
|
||||
certs/crl/server-goodaltwildCrl.pem \
|
||||
certs/crl/server-goodcnwildCrl.pem
|
||||
|
||||
EXTRA_DIST += \
|
||||
certs/test/crit-cert.pem \
|
||||
certs/test/crit-key.pem \
|
||||
certs/test/dh1024.der \
|
||||
certs/test/dh1024.pem \
|
||||
certs/test/dh512.der \
|
||||
certs/test/dh512.pem \
|
||||
certs/test/digsigku.pem \
|
||||
certs/test/expired-ca.pem \
|
||||
certs/test/expired-cert.pem \
|
||||
certs/test/expired-key.pem
|
||||
|
||||
Binary file not shown.
@@ -0,0 +1,74 @@
|
||||
Certificate:
|
||||
Data:
|
||||
Version: 3 (0x2)
|
||||
Serial Number: 18173611275853114373 (0xfc35a32adf422c05)
|
||||
Signature Algorithm: sha256WithRSAEncryption
|
||||
Issuer: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=www.nomatch.com/emailAddress=info@wolfssl.com
|
||||
Validity
|
||||
Not Before: Jun 12 23:10:48 2018 GMT
|
||||
Not After : Mar 8 23:10:48 2021 GMT
|
||||
Subject: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=www.nomatch.com/emailAddress=info@wolfssl.com
|
||||
Subject Public Key Info:
|
||||
Public Key Algorithm: rsaEncryption
|
||||
Public-Key: (2048 bit)
|
||||
Modulus:
|
||||
00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27:
|
||||
01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6:
|
||||
f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75:
|
||||
f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab:
|
||||
64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e:
|
||||
86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25:
|
||||
4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c:
|
||||
34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6:
|
||||
8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc:
|
||||
40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8:
|
||||
dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3:
|
||||
e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9:
|
||||
64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0:
|
||||
c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77:
|
||||
ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4:
|
||||
b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22:
|
||||
a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f:
|
||||
ad:d7
|
||||
Exponent: 65537 (0x10001)
|
||||
X509v3 extensions:
|
||||
X509v3 Subject Alternative Name:
|
||||
DNS:www.nomatch.com
|
||||
Signature Algorithm: sha256WithRSAEncryption
|
||||
50:71:b9:85:03:6e:8b:65:4e:55:8e:36:c6:e6:41:9b:ff:06:
|
||||
23:e1:11:6f:a0:98:ab:45:da:31:77:f3:85:c7:3e:60:79:f6:
|
||||
1d:20:52:72:72:d4:e1:67:a7:53:9d:c2:3a:2e:ab:99:a8:3a:
|
||||
43:3f:77:bb:69:46:94:79:b4:7c:29:63:a0:ae:8d:8e:e3:e8:
|
||||
60:77:71:a2:c2:df:bd:d2:19:06:40:c0:7e:88:5c:9c:ec:f8:
|
||||
31:4d:d5:ac:19:a4:cc:08:49:69:47:02:19:50:64:12:01:bd:
|
||||
c0:57:62:f9:c7:b1:3b:b4:b2:2f:a3:0c:27:92:ba:56:0d:83:
|
||||
7e:fd:d7:7e:60:82:cd:39:06:70:4b:11:89:c9:1b:7d:a4:47:
|
||||
b3:fe:66:5a:4c:d7:99:32:44:e3:0a:fc:6c:18:7b:9e:0c:52:
|
||||
bc:73:67:a8:d8:b9:74:7c:fd:4e:c8:ba:93:6e:1d:79:51:ac:
|
||||
48:51:78:c6:63:bf:24:2b:25:a2:2f:ca:c2:4a:74:46:82:43:
|
||||
b9:0a:fb:13:07:29:16:a4:22:ae:f2:52:2d:7f:f7:9b:70:29:
|
||||
8a:2b:9f:3c:d7:07:bf:3d:41:83:02:05:90:39:85:be:f9:c4:
|
||||
63:fd:e9:6f:8f:ea:27:89:9a:8d:90:1f:8e:8d:46:ab:c9:c2:
|
||||
77:f8:d5:29
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDpzCCAo+gAwIBAgIJAPw1oyrfQiwFMA0GCSqGSIb3DQEBCwUAMIGCMQswCQYD
|
||||
VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEUMBIG
|
||||
A1UECwwLRW5naW5lZXJpbmcxGDAWBgNVBAMMD3d3dy5ub21hdGNoLmNvbTEfMB0G
|
||||
CSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0xODA2MTIyMzEwNDhaFw0y
|
||||
MTAzMDgyMzEwNDhaMIGCMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQ
|
||||
MA4GA1UEBwwHQm96ZW1hbjEUMBIGA1UECwwLRW5naW5lZXJpbmcxGDAWBgNVBAMM
|
||||
D3d3dy5ub21hdGNoLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNv
|
||||
bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMCVCOFXQfJxbbfSRUEn
|
||||
AWXGRa7yvCQwuJXOL07W9hyIvHyf+6hnf/5cnFF194rKB+c1L4/hvXvAL3yrZKgX
|
||||
/Mpde7rgIeVyLm8uhtiVc9qsG1O5Xz/XGQ0lT+FjY1GLC2Q/rUO4pRxcNLOuAKBj
|
||||
xfZ/C1loeHOmjBipAm2vwxkBLrgQ48bMQLRpo0YzaYduxLsXpvPo3a1zvHsvIbX9
|
||||
ZlEMvVSz4W1fHLwjc9EJA4kU0hC5ZMMq0KGWSrzh1Bpbx6DAwWN4D0Q3MDKWgDIj
|
||||
laF3uhPSl3PiXSXJag3DOWCktLBpQkIJ6dgIvDMgs1gip6rrxOHmYYPF0pbf2dBP
|
||||
rdcCAwEAAaMeMBwwGgYDVR0RBBMwEYIPd3d3Lm5vbWF0Y2guY29tMA0GCSqGSIb3
|
||||
DQEBCwUAA4IBAQBQcbmFA26LZU5VjjbG5kGb/wYj4RFvoJirRdoxd/OFxz5gefYd
|
||||
IFJyctThZ6dTncI6LquZqDpDP3e7aUaUebR8KWOgro2O4+hgd3Giwt+90hkGQMB+
|
||||
iFyc7PgxTdWsGaTMCElpRwIZUGQSAb3AV2L5x7E7tLIvowwnkrpWDYN+/dd+YILN
|
||||
OQZwSxGJyRt9pEez/mZaTNeZMkTjCvxsGHueDFK8c2eo2Ll0fP1OyLqTbh15UaxI
|
||||
UXjGY78kKyWiL8rCSnRGgkO5CvsTBykWpCKu8lItf/ebcCmKK5881we/PUGDAgWQ
|
||||
OYW++cRj/elvj+oniZqNkB+OjUarycJ3+NUp
|
||||
-----END CERTIFICATE-----
|
||||
@@ -1,17 +0,0 @@
|
||||
[ req ]
|
||||
default_bits = 2048
|
||||
distinguished_name = req_distinguished_name
|
||||
req_extensions = req_ext
|
||||
|
||||
[ req_distinguished_name ]
|
||||
countryName = US
|
||||
stateOrProvinceName = Montana
|
||||
localityName = Bozeman
|
||||
organizationName = Engineering
|
||||
commonName = www.wolfssl.com
|
||||
commonName_max = 64
|
||||
commonName_default = localhost
|
||||
|
||||
[ req_ext ]
|
||||
#subjectAltName = localhost\0h
|
||||
subjectAltName = DER:30:0d:82:0b:6c:6f:63:61:6c:68:6f:73:74:00:68
|
||||
@@ -1,17 +0,0 @@
|
||||
-----BEGIN CERTIFICATE REQUEST-----
|
||||
MIICyTCCAbECAQAwWzELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAO
|
||||
BgNVBAcMB0JvemVtYW4xFDASBgNVBAoMC0VuZ2luZWVyaW5nMRIwEAYDVQQDDAls
|
||||
b2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBWOI9sH7D
|
||||
UouzlAgOLJgVQEyrHw9nwxeIEqmxfU2kZZcD95DWBzExpT0mbluER8yoj6E3//LY
|
||||
58aDdASC+x/gxTLWuCNIgF9GWIOfP2TaWj9AHT6mIeklP2z9qJm3Md7UT52xOLkz
|
||||
0wblZzSjcqEY61c1MGH6xAtfYfWZgmkxej4aAKd7jR1LAXCSIx+EO2WvvA8c5fiS
|
||||
ozQgftXSM/5437VVSwu4dH4ptRNou/6nXi74cYzO4+/Unh7j/4ggwuvegNdEqeRg
|
||||
CtASpQalRN+xrqghQaj786t/kBkqH6L0KKzzcsfLi4oE6dJXn4e7SFWgzbRayp5y
|
||||
a7jal5x/6U+5AgMBAAGgKTAnBgkqhkiG9w0BCQ4xGjAYMBYGA1UdEQQPMA2CC2xv
|
||||
Y2FsaG9zdABoMA0GCSqGSIb3DQEBCwUAA4IBAQCHfMbbmvXJGKjO6Z6UOkF3f7sa
|
||||
cB8gEyjm9+Aa8gMQnaWOH8Sw6nGhGNSOVTQUIqt8EohqNCd/jrjZF34mecaJ3ycw
|
||||
ryt7AGQzQX5uutBLVr55jszVVC8EDKuPzO3jXH6h6ptvSebG/0KL0P+JHL5JvzZ1
|
||||
wAsTBtnnnrnxCQO3a2SFC4zVyH+LCP+EWehH7Sjt9FtrCIoP+xoM6AJ2tCxb4CHH
|
||||
A8WGuw36lG78DH6rs4kbh0iCP/pKYrYeG9EBOj6+Bw7WF4ee6QhL0VzHXUcIFjkp
|
||||
YlVLGBTL6KVjPW4uim1az5F1+HxZTvbAbnPU7f81M2ePmqbFfODYO1KPXycg
|
||||
-----END CERTIFICATE REQUEST-----
|
||||
Binary file not shown.
@@ -1,27 +0,0 @@
|
||||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEogIBAAKCAQEAwVjiPbB+w1KLs5QIDiyYFUBMqx8PZ8MXiBKpsX1NpGWXA/eQ
|
||||
1gcxMaU9Jm5bhEfMqI+hN//y2OfGg3QEgvsf4MUy1rgjSIBfRliDnz9k2lo/QB0+
|
||||
piHpJT9s/aiZtzHe1E+dsTi5M9MG5Wc0o3KhGOtXNTBh+sQLX2H1mYJpMXo+GgCn
|
||||
e40dSwFwkiMfhDtlr7wPHOX4kqM0IH7V0jP+eN+1VUsLuHR+KbUTaLv+p14u+HGM
|
||||
zuPv1J4e4/+IIMLr3oDXRKnkYArQEqUGpUTfsa6oIUGo+/Orf5AZKh+i9Cis83LH
|
||||
y4uKBOnSV5+Hu0hVoM20Wsqecmu42pecf+lPuQIDAQABAoIBAEL0a8xfHVa4dCZo
|
||||
4e0+ph/d127+34/YMILvq5IKSWPfxk8aYS6s6O0/QpDXcJu7XXUV4AeLe+Z/RPBq
|
||||
sdFF84Eb6QIQXC+UPOoYZuQzyNIQpIyoU/SmE53RfAXPaAPXokm1lG81rHT05BN3
|
||||
DPR5Eq6VeOqzaYq0bxfFzY4uag02pITGuYMIxuBkJ+q9mu9XTaBWY1mGlD0zqxUZ
|
||||
LC0dgrWklJFNHNWddrsMl0LDXFRfuxdFmoZT5NBLh+DWgKq/IW+TAqe3lZGVCPFs
|
||||
cctR3WevykigH5TZmK3gsT98kqe5y9xO+pOpAvNAKeiXVYEREzE+PbsdiLiXbaEy
|
||||
X1pUB70CgYEA7BSSQqa5duNNwOFp9DcNmMj1VKE2ixhRZi+R7jxHquiyh6IQv7tf
|
||||
865f8ZA55mPwy5h/Gqin6YdswvkwHUqbEstnQ+BXmcXaI0EY6iZAkSSKbC0ygr3o
|
||||
yVuRSCJmkCdmb8KIz0yguEjOmbNcavaH9ivE7KS6DhYb65PwyGuCxqsCgYEA0alC
|
||||
a84cpN59zFTaW85gpq1zeWMbXmkBees8xnygJ4kZw2MkqQSZw+zUFdb9WbltSAsU
|
||||
Y8eF0SAaShoXfa7BwB2Bnrs7NZMQzZfVmSG5QLF45v+087guN7pgWnmkUQ0G9ijc
|
||||
oLI5Mn3oMy9UrJ48JUVwYysaacgRa73tMsGZ0ysCgYALrbDWjzzZfsEX6468QATy
|
||||
K+7G8vqpwtgz/+JuMJkzATPjtcayVWiXu2aPopzaotMEn1SaUwGLceGVe5I/wLMP
|
||||
KPTAzNZIixsRZ2T+IEpNY8tdMpcvFInxfBAhy2Hbe7d7i9oMtzO0KhXeUJsfx3ZO
|
||||
XTfupO93Ruy2qKjeoULk5QKBgCDD9O9oHK3fX4WJVT63t/8UaFF2HZbZjjOBgdP7
|
||||
MgQ7tt0EJ3yKjYVDA7oOCTX2do+lu6AEVHNkMveVsEoh/4GImvM1i4FJ5Hxc2DLA
|
||||
RHVJxv1CxQK5q+9lnx1EmVtZT9c0d5Zdg/bSGnG1WeRILlocyf2VhOE3NRHDcshV
|
||||
3TZVAoGAXP0SDgRcA544d0zdw07f9/KgHlYcsJuPGt2F7UzjIZiBivr3yh+EXBw2
|
||||
xMqRwFnsBeOgvW/i3Je01RjeWZL6M9Lq1ywk2HZtDPnN6dP15LwSS33OBRca5Fk+
|
||||
CyKDfZHd+8c2wj8hNsxd/D4N7ZVDrU3UNvMslHwGh0PbIaQxcQM=
|
||||
-----END RSA PRIVATE KEY-----
|
||||
@@ -1,72 +0,0 @@
|
||||
Certificate:
|
||||
Data:
|
||||
Version: 3 (0x2)
|
||||
Serial Number: 15650401360786530715 (0xd931651e45f8a19b)
|
||||
Signature Algorithm: sha1WithRSAEncryption
|
||||
Issuer: C=US, ST=Montana, L=Bozeman, O=Engineering, CN=localhost
|
||||
Validity
|
||||
Not Before: May 3 16:02:13 2018 GMT
|
||||
Not After : Jan 27 16:02:13 2021 GMT
|
||||
Subject: C=US, ST=Montana, L=Bozeman, O=Engineering, CN=localhost
|
||||
Subject Public Key Info:
|
||||
Public Key Algorithm: rsaEncryption
|
||||
Public-Key: (2048 bit)
|
||||
Modulus:
|
||||
00:c1:58:e2:3d:b0:7e:c3:52:8b:b3:94:08:0e:2c:
|
||||
98:15:40:4c:ab:1f:0f:67:c3:17:88:12:a9:b1:7d:
|
||||
4d:a4:65:97:03:f7:90:d6:07:31:31:a5:3d:26:6e:
|
||||
5b:84:47:cc:a8:8f:a1:37:ff:f2:d8:e7:c6:83:74:
|
||||
04:82:fb:1f:e0:c5:32:d6:b8:23:48:80:5f:46:58:
|
||||
83:9f:3f:64:da:5a:3f:40:1d:3e:a6:21:e9:25:3f:
|
||||
6c:fd:a8:99:b7:31:de:d4:4f:9d:b1:38:b9:33:d3:
|
||||
06:e5:67:34:a3:72:a1:18:eb:57:35:30:61:fa:c4:
|
||||
0b:5f:61:f5:99:82:69:31:7a:3e:1a:00:a7:7b:8d:
|
||||
1d:4b:01:70:92:23:1f:84:3b:65:af:bc:0f:1c:e5:
|
||||
f8:92:a3:34:20:7e:d5:d2:33:fe:78:df:b5:55:4b:
|
||||
0b:b8:74:7e:29:b5:13:68:bb:fe:a7:5e:2e:f8:71:
|
||||
8c:ce:e3:ef:d4:9e:1e:e3:ff:88:20:c2:eb:de:80:
|
||||
d7:44:a9:e4:60:0a:d0:12:a5:06:a5:44:df:b1:ae:
|
||||
a8:21:41:a8:fb:f3:ab:7f:90:19:2a:1f:a2:f4:28:
|
||||
ac:f3:72:c7:cb:8b:8a:04:e9:d2:57:9f:87:bb:48:
|
||||
55:a0:cd:b4:5a:ca:9e:72:6b:b8:da:97:9c:7f:e9:
|
||||
4f:b9
|
||||
Exponent: 65537 (0x10001)
|
||||
X509v3 extensions:
|
||||
X509v3 Subject Alternative Name:
|
||||
DNS:localhost
|
||||
Signature Algorithm: sha1WithRSAEncryption
|
||||
ae:76:ea:5e:33:2c:cf:16:c8:ec:a2:27:2a:19:b9:22:bb:69:
|
||||
b4:96:35:f7:25:1c:dd:8b:fb:c4:a8:32:17:89:73:a0:bc:23:
|
||||
a3:49:d4:fd:1a:d7:fc:bf:87:5d:42:12:4b:20:20:74:47:7e:
|
||||
7c:97:89:c1:f1:a3:82:3a:58:0b:b4:05:0b:c1:02:da:a6:dc:
|
||||
ca:6c:60:58:fe:83:1c:fc:ed:c7:bc:96:df:b2:af:31:f5:28:
|
||||
45:2d:d5:c0:5a:42:95:c3:64:c5:46:5c:cd:8e:d6:7b:fd:9c:
|
||||
f5:75:44:cc:d6:7e:d8:96:55:5c:00:9f:1f:ac:f1:0a:07:29:
|
||||
0c:ba:ab:7d:1f:ac:8d:40:55:86:e4:35:1d:11:89:10:8b:c2:
|
||||
67:ff:99:32:66:f3:5d:4a:c3:37:5e:37:32:40:7b:29:50:25:
|
||||
e5:c1:d8:df:7b:64:3e:f7:c4:1e:01:88:fe:24:f6:0c:ea:f7:
|
||||
72:df:1e:72:0c:9b:64:c3:6b:ec:ce:99:b1:75:61:f2:ac:d5:
|
||||
6f:7b:7d:06:7b:6c:a8:6c:ac:46:37:dd:af:e6:cb:8f:70:d7:
|
||||
57:e2:38:d9:e6:9a:93:da:53:06:e6:39:c5:79:6a:0a:ac:49:
|
||||
da:04:a1:60:2f:5f:96:ef:ca:6c:34:62:6c:ac:25:1c:d5:e0:
|
||||
f7:8e:7c:df
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDUzCCAjugAwIBAgIJANkxZR5F+KGbMA0GCSqGSIb3DQEBBQUAMFsxCzAJBgNV
|
||||
BAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRQwEgYD
|
||||
VQQKDAtFbmdpbmVlcmluZzESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTE4MDUwMzE2
|
||||
MDIxM1oXDTIxMDEyNzE2MDIxM1owWzELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01v
|
||||
bnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFDASBgNVBAoMC0VuZ2luZWVyaW5nMRIw
|
||||
EAYDVQQDDAlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
|
||||
AQDBWOI9sH7DUouzlAgOLJgVQEyrHw9nwxeIEqmxfU2kZZcD95DWBzExpT0mbluE
|
||||
R8yoj6E3//LY58aDdASC+x/gxTLWuCNIgF9GWIOfP2TaWj9AHT6mIeklP2z9qJm3
|
||||
Md7UT52xOLkz0wblZzSjcqEY61c1MGH6xAtfYfWZgmkxej4aAKd7jR1LAXCSIx+E
|
||||
O2WvvA8c5fiSozQgftXSM/5437VVSwu4dH4ptRNou/6nXi74cYzO4+/Unh7j/4gg
|
||||
wuvegNdEqeRgCtASpQalRN+xrqghQaj786t/kBkqH6L0KKzzcsfLi4oE6dJXn4e7
|
||||
SFWgzbRayp5ya7jal5x/6U+5AgMBAAGjGjAYMBYGA1UdEQQPMA2CC2xvY2FsaG9z
|
||||
dABoMA0GCSqGSIb3DQEBBQUAA4IBAQCudupeMyzPFsjsoicqGbkiu2m0ljX3JRzd
|
||||
i/vEqDIXiXOgvCOjSdT9Gtf8v4ddQhJLICB0R358l4nB8aOCOlgLtAULwQLaptzK
|
||||
bGBY/oMc/O3HvJbfsq8x9ShFLdXAWkKVw2TFRlzNjtZ7/Zz1dUTM1n7YllVcAJ8f
|
||||
rPEKBykMuqt9H6yNQFWG5DUdEYkQi8Jn/5kyZvNdSsM3XjcyQHspUCXlwdjfe2Q+
|
||||
98QeAYj+JPYM6vdy3x5yDJtkw2vszpmxdWHyrNVve30Ge2yobKxGN92v5suPcNdX
|
||||
4jjZ5pqT2lMG5jnFeWoKrEnaBKFgL1+W78psNGJsrCUc1eD3jnzf
|
||||
-----END CERTIFICATE-----
|
||||
Binary file not shown.
@@ -0,0 +1,74 @@
|
||||
Certificate:
|
||||
Data:
|
||||
Version: 3 (0x2)
|
||||
Serial Number: 18337557996975909176 (0xfe7c17d779df6938)
|
||||
Signature Algorithm: sha256WithRSAEncryption
|
||||
Issuer: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=www.nomatch.com/emailAddress=info@wolfssl.com
|
||||
Validity
|
||||
Not Before: Jun 12 23:10:48 2018 GMT
|
||||
Not After : Mar 8 23:10:48 2021 GMT
|
||||
Subject: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=www.nomatch.com/emailAddress=info@wolfssl.com
|
||||
Subject Public Key Info:
|
||||
Public Key Algorithm: rsaEncryption
|
||||
Public-Key: (2048 bit)
|
||||
Modulus:
|
||||
00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27:
|
||||
01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6:
|
||||
f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75:
|
||||
f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab:
|
||||
64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e:
|
||||
86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25:
|
||||
4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c:
|
||||
34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6:
|
||||
8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc:
|
||||
40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8:
|
||||
dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3:
|
||||
e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9:
|
||||
64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0:
|
||||
c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77:
|
||||
ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4:
|
||||
b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22:
|
||||
a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f:
|
||||
ad:d7
|
||||
Exponent: 65537 (0x10001)
|
||||
X509v3 extensions:
|
||||
X509v3 Subject Alternative Name:
|
||||
DNS:localhost
|
||||
Signature Algorithm: sha256WithRSAEncryption
|
||||
24:29:6d:72:5e:f9:49:79:0a:c1:d7:bb:c2:eb:b5:4b:f6:b6:
|
||||
05:e3:99:7a:df:68:ee:8d:94:66:f2:31:1f:9e:c2:86:77:5d:
|
||||
3b:75:86:9a:98:c1:8b:54:18:ab:9e:13:64:af:5b:b8:35:0c:
|
||||
d4:e6:dc:3e:03:d9:26:06:75:6b:13:a2:e9:3d:19:0a:65:d7:
|
||||
e2:1e:c2:67:fe:d7:f0:64:d8:ae:20:c3:81:1b:7f:a4:76:6e:
|
||||
4a:5c:ae:23:6e:85:32:25:3c:5e:54:7a:bf:49:5a:a2:11:53:
|
||||
a1:ce:d9:4b:19:ef:1c:ba:0e:f9:8e:c4:da:90:69:2f:ec:87:
|
||||
08:24:d7:6a:18:63:56:3e:a0:a6:22:f1:e0:10:bd:cc:68:50:
|
||||
99:e7:4f:51:27:00:da:36:2c:df:26:ab:41:5e:c3:fb:1b:bb:
|
||||
58:3f:8c:4a:b2:30:71:66:92:9e:05:a1:c9:90:f9:06:0a:79:
|
||||
33:f4:e3:b9:da:43:38:8f:82:15:1e:98:7a:b8:da:e7:a4:f6:
|
||||
08:bc:54:c6:7b:64:c2:56:a0:83:f9:c0:d5:60:ba:a3:df:8a:
|
||||
04:bc:65:d6:82:23:82:50:2f:a9:f6:bd:03:c6:3d:5e:00:b8:
|
||||
a0:c5:0f:eb:cf:59:67:d9:a3:e1:84:f9:d1:91:65:67:96:93:
|
||||
b6:0b:15:80
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDozCCAougAwIBAgIJAP58F9d532k4MA0GCSqGSIb3DQEBCwUAMIGCMQswCQYD
|
||||
VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEUMBIG
|
||||
A1UECwwLRW5naW5lZXJpbmcxGDAWBgNVBAMMD3d3dy5ub21hdGNoLmNvbTEfMB0G
|
||||
CSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0xODA2MTIyMzEwNDhaFw0y
|
||||
MTAzMDgyMzEwNDhaMIGCMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQ
|
||||
MA4GA1UEBwwHQm96ZW1hbjEUMBIGA1UECwwLRW5naW5lZXJpbmcxGDAWBgNVBAMM
|
||||
D3d3dy5ub21hdGNoLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNv
|
||||
bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMCVCOFXQfJxbbfSRUEn
|
||||
AWXGRa7yvCQwuJXOL07W9hyIvHyf+6hnf/5cnFF194rKB+c1L4/hvXvAL3yrZKgX
|
||||
/Mpde7rgIeVyLm8uhtiVc9qsG1O5Xz/XGQ0lT+FjY1GLC2Q/rUO4pRxcNLOuAKBj
|
||||
xfZ/C1loeHOmjBipAm2vwxkBLrgQ48bMQLRpo0YzaYduxLsXpvPo3a1zvHsvIbX9
|
||||
ZlEMvVSz4W1fHLwjc9EJA4kU0hC5ZMMq0KGWSrzh1Bpbx6DAwWN4D0Q3MDKWgDIj
|
||||
laF3uhPSl3PiXSXJag3DOWCktLBpQkIJ6dgIvDMgs1gip6rrxOHmYYPF0pbf2dBP
|
||||
rdcCAwEAAaMaMBgwFgYDVR0RBA8wDYILbG9jYWxob3N0AGgwDQYJKoZIhvcNAQEL
|
||||
BQADggEBACQpbXJe+Ul5CsHXu8LrtUv2tgXjmXrfaO6NlGbyMR+ewoZ3XTt1hpqY
|
||||
wYtUGKueE2SvW7g1DNTm3D4D2SYGdWsTouk9GQpl1+Iewmf+1/Bk2K4gw4Ebf6R2
|
||||
bkpcriNuhTIlPF5Uer9JWqIRU6HO2UsZ7xy6DvmOxNqQaS/shwgk12oYY1Y+oKYi
|
||||
8eAQvcxoUJnnT1EnANo2LN8mq0Few/sbu1g/jEqyMHFmkp4FocmQ+QYKeTP047na
|
||||
QziPghUemHq42uek9gi8VMZ7ZMJWoIP5wNVguqPfigS8ZdaCI4JQL6n2vQPGPV4A
|
||||
uKDFD+vPWWfZo+GE+dGRZWeWk7YLFYA=
|
||||
-----END CERTIFICATE-----
|
||||
Binary file not shown.
@@ -0,0 +1,70 @@
|
||||
Certificate:
|
||||
Data:
|
||||
Version: 3 (0x2)
|
||||
Serial Number: 10690824908453597701 (0x945d709ca0465205)
|
||||
Signature Algorithm: sha256WithRSAEncryption
|
||||
Issuer: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=www.nomatch.com/emailAddress=info@wolfssl.com
|
||||
Validity
|
||||
Not Before: Jun 12 23:10:48 2018 GMT
|
||||
Not After : Mar 8 23:10:48 2021 GMT
|
||||
Subject: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=www.nomatch.com/emailAddress=info@wolfssl.com
|
||||
Subject Public Key Info:
|
||||
Public Key Algorithm: rsaEncryption
|
||||
Public-Key: (2048 bit)
|
||||
Modulus:
|
||||
00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27:
|
||||
01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6:
|
||||
f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75:
|
||||
f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab:
|
||||
64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e:
|
||||
86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25:
|
||||
4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c:
|
||||
34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6:
|
||||
8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc:
|
||||
40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8:
|
||||
dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3:
|
||||
e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9:
|
||||
64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0:
|
||||
c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77:
|
||||
ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4:
|
||||
b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22:
|
||||
a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f:
|
||||
ad:d7
|
||||
Exponent: 65537 (0x10001)
|
||||
Signature Algorithm: sha256WithRSAEncryption
|
||||
6b:4d:4f:75:40:7b:1c:c0:08:e7:ae:b1:e7:57:9e:c0:ee:ca:
|
||||
15:46:e9:e5:02:dd:fb:e1:f3:39:b9:b4:d3:b5:a4:cb:5b:16:
|
||||
4d:90:43:54:62:8d:d5:58:68:12:35:d7:73:ba:86:33:27:7e:
|
||||
e7:f4:4b:90:40:f3:e2:62:90:57:08:e0:a6:10:76:62:00:bd:
|
||||
60:29:dc:52:10:98:bb:81:4c:f7:f8:cf:46:64:66:fa:85:dd:
|
||||
e0:90:fb:27:3d:74:2f:fb:7c:29:fe:ae:a7:a6:8d:1e:41:d6:
|
||||
d6:02:90:28:51:fc:ce:87:bc:39:58:d7:94:5a:c6:6c:2c:3f:
|
||||
dc:99:14:ec:66:43:5f:cf:0b:47:1c:1e:9e:27:05:8b:8e:55:
|
||||
d8:c0:25:45:40:3b:93:4f:a2:d9:58:ef:c0:c1:57:4c:67:2f:
|
||||
33:84:01:d0:bc:0a:d0:95:44:ae:eb:f8:fd:68:d5:5a:33:b4:
|
||||
b3:cb:ad:1b:ce:ec:ae:04:b4:5d:0a:29:ad:2a:66:a5:cf:73:
|
||||
c3:bf:ce:ce:43:4d:01:ea:e8:45:23:e5:3f:21:22:2e:6e:9b:
|
||||
22:d0:e8:c9:e2:c9:2c:a5:6a:27:9d:7f:8a:17:ae:c7:3d:54:
|
||||
6b:bd:85:76:44:e6:16:1f:72:31:a0:75:b8:1f:89:a4:7e:c1:
|
||||
2d:d0:96:05
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDhzCCAm+gAwIBAgIJAJRdcJygRlIFMA0GCSqGSIb3DQEBCwUAMIGCMQswCQYD
|
||||
VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEUMBIG
|
||||
A1UECwwLRW5naW5lZXJpbmcxGDAWBgNVBAMMD3d3dy5ub21hdGNoLmNvbTEfMB0G
|
||||
CSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0xODA2MTIyMzEwNDhaFw0y
|
||||
MTAzMDgyMzEwNDhaMIGCMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQ
|
||||
MA4GA1UEBwwHQm96ZW1hbjEUMBIGA1UECwwLRW5naW5lZXJpbmcxGDAWBgNVBAMM
|
||||
D3d3dy5ub21hdGNoLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNv
|
||||
bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMCVCOFXQfJxbbfSRUEn
|
||||
AWXGRa7yvCQwuJXOL07W9hyIvHyf+6hnf/5cnFF194rKB+c1L4/hvXvAL3yrZKgX
|
||||
/Mpde7rgIeVyLm8uhtiVc9qsG1O5Xz/XGQ0lT+FjY1GLC2Q/rUO4pRxcNLOuAKBj
|
||||
xfZ/C1loeHOmjBipAm2vwxkBLrgQ48bMQLRpo0YzaYduxLsXpvPo3a1zvHsvIbX9
|
||||
ZlEMvVSz4W1fHLwjc9EJA4kU0hC5ZMMq0KGWSrzh1Bpbx6DAwWN4D0Q3MDKWgDIj
|
||||
laF3uhPSl3PiXSXJag3DOWCktLBpQkIJ6dgIvDMgs1gip6rrxOHmYYPF0pbf2dBP
|
||||
rdcCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAa01PdUB7HMAI566x51eewO7KFUbp
|
||||
5QLd++HzObm007Wky1sWTZBDVGKN1VhoEjXXc7qGMyd+5/RLkEDz4mKQVwjgphB2
|
||||
YgC9YCncUhCYu4FM9/jPRmRm+oXd4JD7Jz10L/t8Kf6up6aNHkHW1gKQKFH8zoe8
|
||||
OVjXlFrGbCw/3JkU7GZDX88LRxwenicFi45V2MAlRUA7k0+i2VjvwMFXTGcvM4QB
|
||||
0LwK0JVEruv4/WjVWjO0s8utG87srgS0XQoprSpmpc9zw7/OzkNNAeroRSPlPyEi
|
||||
Lm6bItDoyeLJLKVqJ51/iheuxz1Ua72FdkTmFh9yMaB1uB+JpH7BLdCWBQ==
|
||||
-----END CERTIFICATE-----
|
||||
Binary file not shown.
@@ -0,0 +1,72 @@
|
||||
Certificate:
|
||||
Data:
|
||||
Version: 3 (0x2)
|
||||
Serial Number: 14443731963441436391 (0xc87271b1cfe1d6e7)
|
||||
Signature Algorithm: sha256WithRSAEncryption
|
||||
Issuer: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=DER:30:0d:82:0b:6c:6f:63:61:6c:68:6f:73:74:00:68/emailAddress=info@wolfssl.com
|
||||
Validity
|
||||
Not Before: Jun 12 23:10:47 2018 GMT
|
||||
Not After : Mar 8 23:10:47 2021 GMT
|
||||
Subject: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=DER:30:0d:82:0b:6c:6f:63:61:6c:68:6f:73:74:00:68/emailAddress=info@wolfssl.com
|
||||
Subject Public Key Info:
|
||||
Public Key Algorithm: rsaEncryption
|
||||
Public-Key: (2048 bit)
|
||||
Modulus:
|
||||
00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27:
|
||||
01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6:
|
||||
f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75:
|
||||
f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab:
|
||||
64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e:
|
||||
86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25:
|
||||
4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c:
|
||||
34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6:
|
||||
8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc:
|
||||
40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8:
|
||||
dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3:
|
||||
e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9:
|
||||
64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0:
|
||||
c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77:
|
||||
ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4:
|
||||
b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22:
|
||||
a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f:
|
||||
ad:d7
|
||||
Exponent: 65537 (0x10001)
|
||||
Signature Algorithm: sha256WithRSAEncryption
|
||||
28:2d:4a:7a:b9:22:94:2a:92:90:d8:e8:2b:bc:c5:39:46:03:
|
||||
c3:16:97:a1:21:1c:8d:19:f9:d2:c5:9f:36:8c:d4:04:b0:69:
|
||||
cd:2f:28:3f:95:e9:3d:22:e1:b3:c0:f0:73:f3:b8:fa:cb:63:
|
||||
a4:7d:b9:3c:dc:fc:f1:7e:fd:b0:8b:c6:5e:f2:60:90:51:5a:
|
||||
94:92:e0:48:04:44:53:4f:73:e5:73:27:c5:54:94:ed:69:a4:
|
||||
8f:5c:62:0f:fa:3b:4f:c5:2b:d4:26:0d:3c:39:e1:c7:ce:d5:
|
||||
81:b6:c8:7f:63:e1:7a:de:0f:d2:ca:97:2b:7d:cc:09:53:69:
|
||||
2c:a4:d8:19:58:ad:eb:48:ce:c7:69:1b:63:57:26:5a:9b:5d:
|
||||
be:98:9d:58:b2:b3:c0:79:8b:bf:f4:39:f2:a1:5d:30:63:4a:
|
||||
66:15:1d:8f:a2:e4:83:b2:25:06:74:66:8f:32:b1:5d:a7:7f:
|
||||
6f:70:f6:4e:2a:10:33:6f:c2:a4:38:34:87:f6:3f:82:a7:a5:
|
||||
ab:fa:7d:43:38:f6:8d:bc:04:e1:b2:81:10:c7:6a:03:ed:0c:
|
||||
89:b9:06:b3:61:e4:c1:ca:9e:88:48:39:a6:41:e8:7f:f8:d7:
|
||||
7d:48:46:fb:9f:53:de:8c:be:6a:25:77:8c:48:bf:a4:7d:b0:
|
||||
96:dd:d0:86
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDyTCCArGgAwIBAgIJAMhycbHP4dbnMA0GCSqGSIb3DQEBCwUAMIGjMQswCQYD
|
||||
VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEUMBIG
|
||||
A1UECwwLRW5naW5lZXJpbmcxOTA3BgNVBAMMMERFUjozMDowZDo4MjowYjo2Yzo2
|
||||
Zjo2Mzo2MTo2Yzo2ODo2Zjo3Mzo3NDowMDo2ODEfMB0GCSqGSIb3DQEJARYQaW5m
|
||||
b0B3b2xmc3NsLmNvbTAeFw0xODA2MTIyMzEwNDdaFw0yMTAzMDgyMzEwNDdaMIGj
|
||||
MQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1h
|
||||
bjEUMBIGA1UECwwLRW5naW5lZXJpbmcxOTA3BgNVBAMMMERFUjozMDowZDo4Mjow
|
||||
Yjo2Yzo2Zjo2Mzo2MTo2Yzo2ODo2Zjo3Mzo3NDowMDo2ODEfMB0GCSqGSIb3DQEJ
|
||||
ARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
|
||||
ggEBAMCVCOFXQfJxbbfSRUEnAWXGRa7yvCQwuJXOL07W9hyIvHyf+6hnf/5cnFF1
|
||||
94rKB+c1L4/hvXvAL3yrZKgX/Mpde7rgIeVyLm8uhtiVc9qsG1O5Xz/XGQ0lT+Fj
|
||||
Y1GLC2Q/rUO4pRxcNLOuAKBjxfZ/C1loeHOmjBipAm2vwxkBLrgQ48bMQLRpo0Yz
|
||||
aYduxLsXpvPo3a1zvHsvIbX9ZlEMvVSz4W1fHLwjc9EJA4kU0hC5ZMMq0KGWSrzh
|
||||
1Bpbx6DAwWN4D0Q3MDKWgDIjlaF3uhPSl3PiXSXJag3DOWCktLBpQkIJ6dgIvDMg
|
||||
s1gip6rrxOHmYYPF0pbf2dBPrdcCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAKC1K
|
||||
erkilCqSkNjoK7zFOUYDwxaXoSEcjRn50sWfNozUBLBpzS8oP5XpPSLhs8Dwc/O4
|
||||
+stjpH25PNz88X79sIvGXvJgkFFalJLgSAREU09z5XMnxVSU7Wmkj1xiD/o7T8Ur
|
||||
1CYNPDnhx87VgbbIf2Phet4P0sqXK33MCVNpLKTYGVit60jOx2kbY1cmWptdvpid
|
||||
WLKzwHmLv/Q58qFdMGNKZhUdj6Lkg7IlBnRmjzKxXad/b3D2TioQM2/CpDg0h/Y/
|
||||
gqelq/p9Qzj2jbwE4bKBEMdqA+0MibkGs2HkwcqeiEg5pkHof/jXfUhG+59T3oy+
|
||||
aiV3jEi/pH2wlt3Qhg==
|
||||
-----END CERTIFICATE-----
|
||||
Executable → Regular
Binary file not shown.
@@ -0,0 +1,74 @@
|
||||
Certificate:
|
||||
Data:
|
||||
Version: 3 (0x2)
|
||||
Serial Number: 14615220398693458350 (0xcad3b184922aa1ae)
|
||||
Signature Algorithm: sha256WithRSAEncryption
|
||||
Issuer: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=www.nomatch.com/emailAddress=info@wolfssl.com
|
||||
Validity
|
||||
Not Before: Jun 13 16:02:51 2018 GMT
|
||||
Not After : Mar 9 16:02:51 2021 GMT
|
||||
Subject: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=www.nomatch.com/emailAddress=info@wolfssl.com
|
||||
Subject Public Key Info:
|
||||
Public Key Algorithm: rsaEncryption
|
||||
Public-Key: (2048 bit)
|
||||
Modulus:
|
||||
00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27:
|
||||
01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6:
|
||||
f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75:
|
||||
f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab:
|
||||
64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e:
|
||||
86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25:
|
||||
4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c:
|
||||
34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6:
|
||||
8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc:
|
||||
40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8:
|
||||
dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3:
|
||||
e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9:
|
||||
64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0:
|
||||
c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77:
|
||||
ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4:
|
||||
b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22:
|
||||
a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f:
|
||||
ad:d7
|
||||
Exponent: 65537 (0x10001)
|
||||
X509v3 extensions:
|
||||
X509v3 Subject Alternative Name:
|
||||
DNS:localhost
|
||||
Signature Algorithm: sha256WithRSAEncryption
|
||||
5a:08:fc:f5:82:0b:a3:9b:8e:d0:95:92:46:df:a1:cd:8a:e5:
|
||||
c5:57:71:d4:6f:f4:d9:73:66:bc:7e:d9:66:a7:67:c7:29:1c:
|
||||
8d:d4:33:92:54:f3:7d:fd:5d:ef:b1:a8:07:a6:ee:df:99:f6:
|
||||
70:56:d2:f6:0b:15:0b:70:6f:da:bd:c4:37:ef:99:f9:b7:f3:
|
||||
59:70:12:41:f5:72:1c:61:1d:51:6d:22:c5:8c:8b:78:f8:77:
|
||||
00:11:e3:b2:a6:b7:e9:00:02:f0:e7:8f:e3:50:cb:20:8b:ff:
|
||||
f5:31:ce:7b:c1:ae:8f:a3:3c:60:81:da:34:6f:5f:d0:45:6d:
|
||||
bf:c2:69:54:5a:58:d3:57:29:5e:0f:85:d7:73:e1:db:b1:15:
|
||||
26:a8:66:72:51:d7:e7:b3:b8:87:b1:ab:6c:51:4b:7c:98:c7:
|
||||
c4:a8:ba:b0:3d:05:b5:95:2e:b5:a4:47:87:cd:86:3d:6c:45:
|
||||
54:46:63:c8:15:d6:06:39:a3:d6:b1:3f:f7:eb:a0:7c:c1:97:
|
||||
a9:7f:11:f7:ee:e5:6d:53:90:30:6c:39:0a:6b:0d:d6:8e:eb:
|
||||
38:9f:bc:09:c1:fc:67:28:4a:fd:59:60:df:d0:19:f9:35:52:
|
||||
4c:5e:85:98:c5:d4:e9:fe:17:04:22:f8:f1:dd:4b:8f:29:0e:
|
||||
b5:04:37:c1
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDoTCCAomgAwIBAgIJAMrTsYSSKqGuMA0GCSqGSIb3DQEBCwUAMIGCMQswCQYD
|
||||
VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEUMBIG
|
||||
A1UECwwLRW5naW5lZXJpbmcxGDAWBgNVBAMMD3d3dy5ub21hdGNoLmNvbTEfMB0G
|
||||
CSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0xODA2MTMxNjAyNTFaFw0y
|
||||
MTAzMDkxNjAyNTFaMIGCMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQ
|
||||
MA4GA1UEBwwHQm96ZW1hbjEUMBIGA1UECwwLRW5naW5lZXJpbmcxGDAWBgNVBAMM
|
||||
D3d3dy5ub21hdGNoLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNv
|
||||
bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMCVCOFXQfJxbbfSRUEn
|
||||
AWXGRa7yvCQwuJXOL07W9hyIvHyf+6hnf/5cnFF194rKB+c1L4/hvXvAL3yrZKgX
|
||||
/Mpde7rgIeVyLm8uhtiVc9qsG1O5Xz/XGQ0lT+FjY1GLC2Q/rUO4pRxcNLOuAKBj
|
||||
xfZ/C1loeHOmjBipAm2vwxkBLrgQ48bMQLRpo0YzaYduxLsXpvPo3a1zvHsvIbX9
|
||||
ZlEMvVSz4W1fHLwjc9EJA4kU0hC5ZMMq0KGWSrzh1Bpbx6DAwWN4D0Q3MDKWgDIj
|
||||
laF3uhPSl3PiXSXJag3DOWCktLBpQkIJ6dgIvDMgs1gip6rrxOHmYYPF0pbf2dBP
|
||||
rdcCAwEAAaMYMBYwFAYDVR0RBA0wC4IJbG9jYWxob3N0MA0GCSqGSIb3DQEBCwUA
|
||||
A4IBAQBaCPz1ggujm47QlZJG36HNiuXFV3HUb/TZc2a8ftlmp2fHKRyN1DOSVPN9
|
||||
/V3vsagHpu7fmfZwVtL2CxULcG/avcQ375n5t/NZcBJB9XIcYR1RbSLFjIt4+HcA
|
||||
EeOyprfpAALw54/jUMsgi//1Mc57wa6Pozxggdo0b1/QRW2/wmlUWljTVyleD4XX
|
||||
c+HbsRUmqGZyUdfns7iHsatsUUt8mMfEqLqwPQW1lS61pEeHzYY9bEVURmPIFdYG
|
||||
OaPWsT/366B8wZepfxH37uVtU5AwbDkKaw3Wjus4n7wJwfxnKEr9WWDf0Bn5NVJM
|
||||
XoWYxdTp/hcEIvjx3UuPKQ61BDfB
|
||||
-----END CERTIFICATE-----
|
||||
Binary file not shown.
@@ -0,0 +1,74 @@
|
||||
Certificate:
|
||||
Data:
|
||||
Version: 3 (0x2)
|
||||
Serial Number: 17517463568368655517 (0xf31a884dce75dc9d)
|
||||
Signature Algorithm: sha256WithRSAEncryption
|
||||
Issuer: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=www.nomatch.com/emailAddress=info@wolfssl.com
|
||||
Validity
|
||||
Not Before: Jun 12 23:10:47 2018 GMT
|
||||
Not After : Mar 8 23:10:47 2021 GMT
|
||||
Subject: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=www.nomatch.com/emailAddress=info@wolfssl.com
|
||||
Subject Public Key Info:
|
||||
Public Key Algorithm: rsaEncryption
|
||||
Public-Key: (2048 bit)
|
||||
Modulus:
|
||||
00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27:
|
||||
01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6:
|
||||
f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75:
|
||||
f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab:
|
||||
64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e:
|
||||
86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25:
|
||||
4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c:
|
||||
34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6:
|
||||
8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc:
|
||||
40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8:
|
||||
dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3:
|
||||
e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9:
|
||||
64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0:
|
||||
c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77:
|
||||
ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4:
|
||||
b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22:
|
||||
a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f:
|
||||
ad:d7
|
||||
Exponent: 65537 (0x10001)
|
||||
X509v3 extensions:
|
||||
X509v3 Subject Alternative Name:
|
||||
DNS:*localhost
|
||||
Signature Algorithm: sha256WithRSAEncryption
|
||||
af:29:93:9d:e0:ec:8e:4d:aa:e6:12:90:45:af:56:32:5d:97:
|
||||
68:21:68:04:8f:82:80:ee:15:46:00:a2:9c:83:a0:f3:44:e3:
|
||||
95:d6:93:49:30:0e:86:00:fa:1f:8c:c0:63:a2:4b:f5:3b:f8:
|
||||
81:ce:f2:88:98:18:c3:bc:55:0c:48:69:e0:0b:64:44:1c:6d:
|
||||
35:5d:cd:75:59:c0:00:d4:19:c8:ba:f1:7f:c6:3c:00:f4:0f:
|
||||
fe:c2:fa:e8:5c:22:8d:0b:ea:7e:c7:80:d1:01:f3:bb:1a:58:
|
||||
e5:6e:2a:78:73:61:cb:30:cd:66:79:c3:42:b3:71:1c:4c:39:
|
||||
13:fd:c5:73:43:25:0d:3d:9b:49:ff:36:53:c7:6a:6f:20:0a:
|
||||
f5:b0:67:ac:d0:ff:a8:62:25:72:eb:f4:c1:66:30:31:4c:6c:
|
||||
bb:ab:55:08:36:fb:a3:8d:99:b0:e0:5c:88:09:ba:fe:5c:a0:
|
||||
94:db:97:bb:1f:01:7c:d8:50:7a:c8:a2:cf:23:d5:a9:84:d5:
|
||||
86:f9:02:96:1d:73:50:53:f8:f2:14:5b:2a:43:e1:b1:7b:b9:
|
||||
0e:a4:d9:88:dd:fe:71:41:b9:fd:bc:8e:9b:ad:4a:7e:e6:72:
|
||||
8b:a3:9b:66:37:84:ef:8e:c0:f6:95:ea:0f:80:e6:27:c0:8b:
|
||||
6e:91:a1:5a
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDojCCAoqgAwIBAgIJAPMaiE3OddydMA0GCSqGSIb3DQEBCwUAMIGCMQswCQYD
|
||||
VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEUMBIG
|
||||
A1UECwwLRW5naW5lZXJpbmcxGDAWBgNVBAMMD3d3dy5ub21hdGNoLmNvbTEfMB0G
|
||||
CSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0xODA2MTIyMzEwNDdaFw0y
|
||||
MTAzMDgyMzEwNDdaMIGCMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQ
|
||||
MA4GA1UEBwwHQm96ZW1hbjEUMBIGA1UECwwLRW5naW5lZXJpbmcxGDAWBgNVBAMM
|
||||
D3d3dy5ub21hdGNoLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNv
|
||||
bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMCVCOFXQfJxbbfSRUEn
|
||||
AWXGRa7yvCQwuJXOL07W9hyIvHyf+6hnf/5cnFF194rKB+c1L4/hvXvAL3yrZKgX
|
||||
/Mpde7rgIeVyLm8uhtiVc9qsG1O5Xz/XGQ0lT+FjY1GLC2Q/rUO4pRxcNLOuAKBj
|
||||
xfZ/C1loeHOmjBipAm2vwxkBLrgQ48bMQLRpo0YzaYduxLsXpvPo3a1zvHsvIbX9
|
||||
ZlEMvVSz4W1fHLwjc9EJA4kU0hC5ZMMq0KGWSrzh1Bpbx6DAwWN4D0Q3MDKWgDIj
|
||||
laF3uhPSl3PiXSXJag3DOWCktLBpQkIJ6dgIvDMgs1gip6rrxOHmYYPF0pbf2dBP
|
||||
rdcCAwEAAaMZMBcwFQYDVR0RBA4wDIIKKmxvY2FsaG9zdDANBgkqhkiG9w0BAQsF
|
||||
AAOCAQEArymTneDsjk2q5hKQRa9WMl2XaCFoBI+CgO4VRgCinIOg80TjldaTSTAO
|
||||
hgD6H4zAY6JL9Tv4gc7yiJgYw7xVDEhp4AtkRBxtNV3NdVnAANQZyLrxf8Y8APQP
|
||||
/sL66FwijQvqfseA0QHzuxpY5W4qeHNhyzDNZnnDQrNxHEw5E/3Fc0MlDT2bSf82
|
||||
U8dqbyAK9bBnrND/qGIlcuv0wWYwMUxsu6tVCDb7o42ZsOBciAm6/lyglNuXux8B
|
||||
fNhQesiizyPVqYTVhvkClh1zUFP48hRbKkPhsXu5DqTZiN3+cUG5/byOm61KfuZy
|
||||
i6ObZjeE747A9pXqD4DmJ8CLbpGhWg==
|
||||
-----END CERTIFICATE-----
|
||||
Binary file not shown.
@@ -0,0 +1,70 @@
|
||||
Certificate:
|
||||
Data:
|
||||
Version: 3 (0x2)
|
||||
Serial Number: 9494820020802705564 (0x83c46080d236589c)
|
||||
Signature Algorithm: sha256WithRSAEncryption
|
||||
Issuer: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=localhost/emailAddress=info@wolfssl.com
|
||||
Validity
|
||||
Not Before: Jun 13 16:02:51 2018 GMT
|
||||
Not After : Mar 9 16:02:51 2021 GMT
|
||||
Subject: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=localhost/emailAddress=info@wolfssl.com
|
||||
Subject Public Key Info:
|
||||
Public Key Algorithm: rsaEncryption
|
||||
Public-Key: (2048 bit)
|
||||
Modulus:
|
||||
00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27:
|
||||
01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6:
|
||||
f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75:
|
||||
f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab:
|
||||
64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e:
|
||||
86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25:
|
||||
4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c:
|
||||
34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6:
|
||||
8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc:
|
||||
40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8:
|
||||
dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3:
|
||||
e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9:
|
||||
64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0:
|
||||
c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77:
|
||||
ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4:
|
||||
b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22:
|
||||
a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f:
|
||||
ad:d7
|
||||
Exponent: 65537 (0x10001)
|
||||
Signature Algorithm: sha256WithRSAEncryption
|
||||
00:fe:cb:dd:9b:51:8c:57:e6:e8:8b:96:92:70:0b:c3:e8:15:
|
||||
c4:f1:fd:e6:39:c7:f8:d5:0d:8e:ae:f7:27:17:46:e3:fd:70:
|
||||
26:24:d3:61:a7:8b:7e:7b:97:f6:21:30:f4:24:f9:c3:22:76:
|
||||
a6:68:83:40:ce:9d:69:d7:e4:9e:e5:ff:cf:a3:3e:c0:52:a8:
|
||||
7e:93:7f:d5:5b:63:37:45:fd:ca:f4:8f:8e:2a:50:ac:80:ce:
|
||||
4e:2c:1a:3b:ec:ed:8f:ae:4f:09:54:9d:b1:3f:05:bc:cf:24:
|
||||
3f:f4:9a:1d:4d:dc:ba:33:b0:b4:7a:a6:54:38:de:dc:b4:f1:
|
||||
27:ce:6f:2c:d0:7e:62:8a:84:af:40:af:d2:2a:1f:40:fe:5e:
|
||||
14:9d:05:30:2b:4f:7b:95:86:2d:9b:a9:fb:00:eb:1b:a1:fd:
|
||||
0b:67:de:66:9d:e3:b8:3e:e7:8a:b1:7e:38:3f:0e:db:53:c5:
|
||||
5d:18:a7:66:49:8e:51:03:3c:6a:cb:fa:1a:ef:83:a7:7b:f2:
|
||||
23:f9:fb:7d:30:91:7d:c0:3a:63:b9:89:19:9c:bf:8d:f8:5d:
|
||||
4a:9b:a6:48:02:35:f0:19:ea:92:09:8a:78:7a:09:eb:8c:61:
|
||||
e7:6a:11:85:a9:a6:a6:fb:94:48:ff:86:4e:c1:13:49:13:a5:
|
||||
72:b6:25:c8
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDeTCCAmGgAwIBAgIJAIPEYIDSNlicMA0GCSqGSIb3DQEBCwUAMHwxCzAJBgNV
|
||||
BAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRQwEgYD
|
||||
VQQLDAtFbmdpbmVlcmluZzESMBAGA1UEAwwJbG9jYWxob3N0MR8wHQYJKoZIhvcN
|
||||
AQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE4MDYxMzE2MDI1MVoXDTIxMDMwOTE2
|
||||
MDI1MVowfDELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcM
|
||||
B0JvemVtYW4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMRIwEAYDVQQDDAlsb2NhbGhv
|
||||
c3QxHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3
|
||||
DQEBAQUAA4IBDwAwggEKAoIBAQDAlQjhV0HycW230kVBJwFlxkWu8rwkMLiVzi9O
|
||||
1vYciLx8n/uoZ3/+XJxRdfeKygfnNS+P4b17wC98q2SoF/zKXXu64CHlci5vLobY
|
||||
lXParBtTuV8/1xkNJU/hY2NRiwtkP61DuKUcXDSzrgCgY8X2fwtZaHhzpowYqQJt
|
||||
r8MZAS64EOPGzEC0aaNGM2mHbsS7F6bz6N2tc7x7LyG1/WZRDL1Us+FtXxy8I3PR
|
||||
CQOJFNIQuWTDKtChlkq84dQaW8egwMFjeA9ENzAyloAyI5Whd7oT0pdz4l0lyWoN
|
||||
wzlgpLSwaUJCCenYCLwzILNYIqeq68Th5mGDxdKW39nQT63XAgMBAAEwDQYJKoZI
|
||||
hvcNAQELBQADggEBAAD+y92bUYxX5uiLlpJwC8PoFcTx/eY5x/jVDY6u9ycXRuP9
|
||||
cCYk02Gni357l/YhMPQk+cMidqZog0DOnWnX5J7l/8+jPsBSqH6Tf9VbYzdF/cr0
|
||||
j44qUKyAzk4sGjvs7Y+uTwlUnbE/BbzPJD/0mh1N3LozsLR6plQ43ty08SfObyzQ
|
||||
fmKKhK9Ar9IqH0D+XhSdBTArT3uVhi2bqfsA6xuh/Qtn3mad47g+54qxfjg/DttT
|
||||
xV0Yp2ZJjlEDPGrL+hrvg6d78iP5+30wkX3AOmO5iRmcv434XUqbpkgCNfAZ6pIJ
|
||||
inh6CeuMYedqEYWppqb7lEj/hk7BE0kTpXK2Jcg=
|
||||
-----END CERTIFICATE-----
|
||||
Binary file not shown.
@@ -0,0 +1,70 @@
|
||||
Certificate:
|
||||
Data:
|
||||
Version: 3 (0x2)
|
||||
Serial Number: 9769574718208722881 (0x87948071dd77c7c1)
|
||||
Signature Algorithm: sha256WithRSAEncryption
|
||||
Issuer: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=*localhost/emailAddress=info@wolfssl.com
|
||||
Validity
|
||||
Not Before: Jun 12 23:10:47 2018 GMT
|
||||
Not After : Mar 8 23:10:47 2021 GMT
|
||||
Subject: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=*localhost/emailAddress=info@wolfssl.com
|
||||
Subject Public Key Info:
|
||||
Public Key Algorithm: rsaEncryption
|
||||
Public-Key: (2048 bit)
|
||||
Modulus:
|
||||
00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27:
|
||||
01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6:
|
||||
f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75:
|
||||
f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab:
|
||||
64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e:
|
||||
86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25:
|
||||
4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c:
|
||||
34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6:
|
||||
8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc:
|
||||
40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8:
|
||||
dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3:
|
||||
e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9:
|
||||
64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0:
|
||||
c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77:
|
||||
ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4:
|
||||
b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22:
|
||||
a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f:
|
||||
ad:d7
|
||||
Exponent: 65537 (0x10001)
|
||||
Signature Algorithm: sha256WithRSAEncryption
|
||||
34:ef:b2:dc:02:ec:6a:b5:58:e6:2b:13:18:30:57:e2:ef:22:
|
||||
0f:7c:7d:e3:00:77:cc:c4:d9:97:7f:e8:69:f4:87:22:1a:b8:
|
||||
a1:f2:17:18:94:23:cb:05:c2:90:86:c0:37:6a:90:da:00:70:
|
||||
dd:de:11:68:48:95:eb:4d:08:1e:73:1e:68:6e:1b:1e:1f:93:
|
||||
a1:fc:21:05:a7:99:1a:73:0a:88:37:60:f0:ba:8d:b6:b4:3f:
|
||||
c8:ed:2f:7b:56:9f:a5:c0:00:19:01:e8:e3:d1:06:fc:27:b7:
|
||||
5d:f5:53:f9:00:6e:d4:f2:31:1c:a3:cd:12:5f:72:38:09:8a:
|
||||
be:54:e3:6f:15:31:28:c3:c9:09:60:92:a9:c6:e1:66:33:c4:
|
||||
4d:24:f0:74:8e:87:29:63:67:6b:20:e0:5b:81:04:65:cc:0e:
|
||||
69:db:7f:e7:93:85:d5:04:26:bb:82:9e:69:61:f2:37:e4:6c:
|
||||
e2:87:e1:cd:37:40:69:a4:7f:f4:e3:39:d8:fb:2d:53:61:d7:
|
||||
4d:1d:39:e0:db:0a:10:7c:f3:4e:30:55:ef:3f:8a:8b:4a:47:
|
||||
99:f5:10:60:78:83:38:90:ab:33:59:45:d2:e6:62:df:3d:cd:
|
||||
a6:7c:39:91:9c:ae:96:36:b7:7f:c1:46:10:a8:c9:4e:be:66:
|
||||
6c:61:46:a2
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDezCCAmOgAwIBAgIJAIeUgHHdd8fBMA0GCSqGSIb3DQEBCwUAMH0xCzAJBgNV
|
||||
BAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRQwEgYD
|
||||
VQQLDAtFbmdpbmVlcmluZzETMBEGA1UEAwwKKmxvY2FsaG9zdDEfMB0GCSqGSIb3
|
||||
DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0xODA2MTIyMzEwNDdaFw0yMTAzMDgy
|
||||
MzEwNDdaMH0xCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQH
|
||||
DAdCb3plbWFuMRQwEgYDVQQLDAtFbmdpbmVlcmluZzETMBEGA1UEAwwKKmxvY2Fs
|
||||
aG9zdDEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZI
|
||||
hvcNAQEBBQADggEPADCCAQoCggEBAMCVCOFXQfJxbbfSRUEnAWXGRa7yvCQwuJXO
|
||||
L07W9hyIvHyf+6hnf/5cnFF194rKB+c1L4/hvXvAL3yrZKgX/Mpde7rgIeVyLm8u
|
||||
htiVc9qsG1O5Xz/XGQ0lT+FjY1GLC2Q/rUO4pRxcNLOuAKBjxfZ/C1loeHOmjBip
|
||||
Am2vwxkBLrgQ48bMQLRpo0YzaYduxLsXpvPo3a1zvHsvIbX9ZlEMvVSz4W1fHLwj
|
||||
c9EJA4kU0hC5ZMMq0KGWSrzh1Bpbx6DAwWN4D0Q3MDKWgDIjlaF3uhPSl3PiXSXJ
|
||||
ag3DOWCktLBpQkIJ6dgIvDMgs1gip6rrxOHmYYPF0pbf2dBPrdcCAwEAATANBgkq
|
||||
hkiG9w0BAQsFAAOCAQEANO+y3ALsarVY5isTGDBX4u8iD3x94wB3zMTZl3/oafSH
|
||||
Ihq4ofIXGJQjywXCkIbAN2qQ2gBw3d4RaEiV600IHnMeaG4bHh+TofwhBaeZGnMK
|
||||
iDdg8LqNtrQ/yO0ve1afpcAAGQHo49EG/Ce3XfVT+QBu1PIxHKPNEl9yOAmKvlTj
|
||||
bxUxKMPJCWCSqcbhZjPETSTwdI6HKWNnayDgW4EEZcwOadt/55OF1QQmu4KeaWHy
|
||||
N+Rs4ofhzTdAaaR/9OM52PstU2HXTR054NsKEHzzTjBV7z+Ki0pHmfUQYHiDOJCr
|
||||
M1lF0uZi3z3Npnw5kZyulja3f8FGEKjJTr5mbGFGog==
|
||||
-----END CERTIFICATE-----
|
||||
@@ -1,16 +0,0 @@
|
||||
[ req ]
|
||||
default_bits = 2048
|
||||
distinguished_name = req_distinguished_name
|
||||
req_extensions = req_ext
|
||||
|
||||
[ req_distinguished_name ]
|
||||
countryName = US
|
||||
stateOrProvinceName = Montana
|
||||
localityName = Bozeman
|
||||
organizationName = Engineering
|
||||
commonName = www.nomatch.com
|
||||
commonName_max = 64
|
||||
|
||||
[ req_ext ]
|
||||
#subjectAltName = localhost\0h
|
||||
#subjectAltName = DER:30:0d:82:0b:6c:6f:63:61:6c:68:6f:73:74:00:68
|
||||
@@ -1,17 +0,0 @@
|
||||
-----BEGIN CERTIFICATE REQUEST-----
|
||||
MIICtDCCAZwCAQAwYDELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAO
|
||||
BgNVBAcMB0JvemVtYW4xFDASBgNVBAoMC0VuZ2luZWVyaW5nMRcwFQYDVQQDDA53
|
||||
d3cubm9uYW1lLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ1B
|
||||
JYwNWaXJdfnKJAz61T0m1w6xMGxELhZWjDks49zn98lW8E8wMZtCoguE1feuu9pF
|
||||
6yGnfRmK2J+4QjeWVejmMqt8SQyJpW8nWCvRpFVha0RFbmT60nuvKMRX68Lku6iU
|
||||
Vav2KHU+cz4yBj1m9QO6AqzJWQWiLY5t25OBq+EkhWUd9I39rGmF8ba1Bnpus27U
|
||||
tqRVJ8cmEwnNPc8ihvcN8RsrYdnQNyYIiIUdJIA2iduDE7PeOSY3jT9mtmeWQOHp
|
||||
l91xh/RGbJWNpLBd66TkreLTnz4zmQMMTzZGj1pdv9B3UFc6mIMNWmLsERRhiOMO
|
||||
hiaFfEJwFJZBN9PaXYsCAwEAAaAPMA0GCSqGSIb3DQEJDjEAMA0GCSqGSIb3DQEB
|
||||
CwUAA4IBAQCA0S++HN0qb94u8setTM5akJjpM1b2o4rcrQluFKMel8mMip9hinvG
|
||||
sPkJL1KB28/O9TcdmMX57zfXBsumxLSpjzmjIqri7fVabcu/kybE2wdNNvM+9ZzT
|
||||
pNbYhWEhsCS8XAegiApx/JVszmH77GLExuVAY2XqxA7Cy2Ia/qyiR6v0agMd6I4z
|
||||
T7nlJHBckOOEdJ6cjqy67vqWy+BKwCK/kRnOJuirIeJ+SechS4tXuRrVni0pkDuK
|
||||
xQ2uHQjpzFR40U6pFGgwZcdR1bvLCWOlC7efS4ayIETZzhOuXTZa4qQ5/IcCyM+N
|
||||
scJS5z+YQpQMgOs5jj5DWYLUtMs63UmQ
|
||||
-----END CERTIFICATE REQUEST-----
|
||||
Binary file not shown.
@@ -1,27 +0,0 @@
|
||||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEowIBAAKCAQEAnUEljA1Zpcl1+cokDPrVPSbXDrEwbEQuFlaMOSzj3Of3yVbw
|
||||
TzAxm0KiC4TV96672kXrIad9GYrYn7hCN5ZV6OYyq3xJDImlbydYK9GkVWFrREVu
|
||||
ZPrSe68oxFfrwuS7qJRVq/YodT5zPjIGPWb1A7oCrMlZBaItjm3bk4Gr4SSFZR30
|
||||
jf2saYXxtrUGem6zbtS2pFUnxyYTCc09zyKG9w3xGyth2dA3JgiIhR0kgDaJ24MT
|
||||
s945JjeNP2a2Z5ZA4emX3XGH9EZslY2ksF3rpOSt4tOfPjOZAwxPNkaPWl2/0HdQ
|
||||
VzqYgw1aYuwRFGGI4w6GJoV8QnAUlkE309pdiwIDAQABAoIBAQCKxhIHfUSOvLHj
|
||||
JRMZbUY/OAZzTcTo1mZBilEmp8nSidculA1wJJyyYmQ0fB6C/G2E20z8Hx2UK+at
|
||||
VOMCwSXBaVxv3zdr3BDlfbgeu1wliNornoYkkQCs68+zLc+95zMAOx87qPjdNqZm
|
||||
zaiaCUDR8BYqO2nXQd6oIaSzkKyI+tqTO9zW4NG8Y5zv0waKCjPK9Ep/kze9uC4S
|
||||
WIp2eYhUb+x60dECDBGI9xvlgeZyP5PMCfCyaZk3CxnLsR4tI9R5WwDgMcjCShJk
|
||||
3+kHyrtNU8ak2TrfUoh96arHu0HMLFJaJSdxYT9FUSKhKu+fWMn1J36AkxdqntAw
|
||||
6HATVD4ZAoGBAM0DCqI5BKvmPWdO587+fpPAa76iqQDqqkaAQ94xcGtTYA0yEfbA
|
||||
V4JFfsCEFm7evteMmJgmDyNNVvnSi/LQhL+ih40Q0LKREYzBiMy3aothQZAYb+Ex
|
||||
fVllfZhIaWI8q/DoeZ7qohRHFGBA/znav6vls3kE3jRWx0O30eq9cX1tAoGBAMRd
|
||||
bQNcp2mCm+fe//s5GKXm4ak4zeo077fUCxJly4DE5e2+IGrP+JYwVrJsMuFu/3C1
|
||||
/6+qCgLS+/08BMQ+e6xmTDJrRXtk9KmDI38tEoqzH8tkAgSTxby771/5uNr7hbgX
|
||||
LtCCIsxhwSAML0b7M2I8xmEfL3Dmu1q7/GEDAMPXAoGABd/ucBOeNKbWX519OwtD
|
||||
6Uv8Smwy15nh4z9NspJMHGc5O2eR6DY+y7beGPowAmFTqq2WudVtXZ+bvHDyHbUn
|
||||
+K3ZoIs4z8UkcZoiJ2uiG/hffpeUrSlT5DnqTXDVxEDk1HR0977Vgis/RDrYlXnV
|
||||
QEHG0NL44xsRfrlHxKhFFkkCgYB1HsgzliLgQp+c2BxUCkUSRrhXx2LCC5rjSRzl
|
||||
d0O+5THC8IDDVJIPentrZi+e2CaRYmxDqSbZcmAMNa0eI6p+NHHELMk/hQKMzIPy
|
||||
ib6ibZ5MILU3Z7AsFuf6labVLeoe1+z7PnNk9fVLmRjlvFR0ho1IRmJ0c5pRzwgE
|
||||
ENd29wKBgA5WnuCBKF9Kv8H9E1hAuAGXwBxmw9PVeWB63/TAernlOQhF47ra9ExH
|
||||
GtkZv9D/2tNJaoft1YQ1yhBn7l7rW+vfQYXAOW4yRg0FSOOgefBwN/eTOXVRU9Zg
|
||||
9LBwnQlvimQUm0GrxLLAseDqFMn/a3x/KxftvF95JGx/1Lscukdz
|
||||
-----END RSA PRIVATE KEY-----
|
||||
@@ -1,69 +0,0 @@
|
||||
Certificate:
|
||||
Data:
|
||||
Version: 3 (0x2)
|
||||
Serial Number: 13225619248861184800 (0xb78ad6a26ef08320)
|
||||
Signature Algorithm: sha1WithRSAEncryption
|
||||
Issuer: C=US, ST=Montana, L=Bozeman, O=Engineering, CN=www.noname.com
|
||||
Validity
|
||||
Not Before: May 24 21:25:38 2018 GMT
|
||||
Not After : Feb 17 21:25:38 2021 GMT
|
||||
Subject: C=US, ST=Montana, L=Bozeman, O=Engineering, CN=www.noname.com
|
||||
Subject Public Key Info:
|
||||
Public Key Algorithm: rsaEncryption
|
||||
Public-Key: (2048 bit)
|
||||
Modulus:
|
||||
00:9d:41:25:8c:0d:59:a5:c9:75:f9:ca:24:0c:fa:
|
||||
d5:3d:26:d7:0e:b1:30:6c:44:2e:16:56:8c:39:2c:
|
||||
e3:dc:e7:f7:c9:56:f0:4f:30:31:9b:42:a2:0b:84:
|
||||
d5:f7:ae:bb:da:45:eb:21:a7:7d:19:8a:d8:9f:b8:
|
||||
42:37:96:55:e8:e6:32:ab:7c:49:0c:89:a5:6f:27:
|
||||
58:2b:d1:a4:55:61:6b:44:45:6e:64:fa:d2:7b:af:
|
||||
28:c4:57:eb:c2:e4:bb:a8:94:55:ab:f6:28:75:3e:
|
||||
73:3e:32:06:3d:66:f5:03:ba:02:ac:c9:59:05:a2:
|
||||
2d:8e:6d:db:93:81:ab:e1:24:85:65:1d:f4:8d:fd:
|
||||
ac:69:85:f1:b6:b5:06:7a:6e:b3:6e:d4:b6:a4:55:
|
||||
27:c7:26:13:09:cd:3d:cf:22:86:f7:0d:f1:1b:2b:
|
||||
61:d9:d0:37:26:08:88:85:1d:24:80:36:89:db:83:
|
||||
13:b3:de:39:26:37:8d:3f:66:b6:67:96:40:e1:e9:
|
||||
97:dd:71:87:f4:46:6c:95:8d:a4:b0:5d:eb:a4:e4:
|
||||
ad:e2:d3:9f:3e:33:99:03:0c:4f:36:46:8f:5a:5d:
|
||||
bf:d0:77:50:57:3a:98:83:0d:5a:62:ec:11:14:61:
|
||||
88:e3:0e:86:26:85:7c:42:70:14:96:41:37:d3:da:
|
||||
5d:8b
|
||||
Exponent: 65537 (0x10001)
|
||||
Signature Algorithm: sha1WithRSAEncryption
|
||||
6d:df:c3:7a:74:32:b6:ba:f5:2c:87:93:6c:64:7c:b9:5f:6e:
|
||||
79:f3:e7:b2:6a:58:c6:8d:20:9a:f6:46:b1:60:f9:59:59:6f:
|
||||
22:32:e3:f8:5c:a2:2d:53:84:48:b9:68:6d:2e:59:03:c1:e4:
|
||||
ad:5b:ce:91:6e:13:bd:5c:71:2a:69:d8:7d:a8:07:cf:6f:83:
|
||||
0c:05:cf:d4:39:7f:10:3d:35:98:1c:f9:77:26:53:d5:81:f1:
|
||||
6a:0b:ca:fb:86:f9:6d:bb:92:b9:e0:57:a2:3b:43:14:cc:e0:
|
||||
75:27:10:c2:50:1d:91:ca:af:f8:36:88:cc:5d:1d:37:77:fe:
|
||||
1d:ea:b3:d9:94:b6:e4:b1:a7:29:2b:e4:1e:c7:f6:65:1d:59:
|
||||
d7:e2:2d:01:d2:08:a1:72:a0:b2:f1:3f:9c:fd:27:f9:46:85:
|
||||
e3:05:a5:34:b0:a6:6c:44:f0:42:16:32:71:2f:cd:82:c2:33:
|
||||
05:0a:3c:3c:e7:87:17:d7:1f:a9:4e:83:c2:1e:46:a5:0f:7a:
|
||||
c2:98:f7:98:a1:75:b8:72:26:d9:1b:65:24:f0:f3:d7:2c:9c:
|
||||
cf:a6:88:c4:8c:56:00:87:16:be:49:28:91:a0:bc:c7:9f:e3:
|
||||
02:35:fb:0b:39:e3:c0:f9:f3:ed:bb:7d:2e:4c:09:7a:88:53:
|
||||
b1:16:5c:b4
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDQTCCAimgAwIBAgIJALeK1qJu8IMgMA0GCSqGSIb3DQEBBQUAMGAxCzAJBgNV
|
||||
BAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRQwEgYD
|
||||
VQQKDAtFbmdpbmVlcmluZzEXMBUGA1UEAwwOd3d3Lm5vbmFtZS5jb20wHhcNMTgw
|
||||
NTI0MjEyNTM4WhcNMjEwMjE3MjEyNTM4WjBgMQswCQYDVQQGEwJVUzEQMA4GA1UE
|
||||
CAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEUMBIGA1UECgwLRW5naW5lZXJp
|
||||
bmcxFzAVBgNVBAMMDnd3dy5ub25hbWUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC
|
||||
AQ8AMIIBCgKCAQEAnUEljA1Zpcl1+cokDPrVPSbXDrEwbEQuFlaMOSzj3Of3yVbw
|
||||
TzAxm0KiC4TV96672kXrIad9GYrYn7hCN5ZV6OYyq3xJDImlbydYK9GkVWFrREVu
|
||||
ZPrSe68oxFfrwuS7qJRVq/YodT5zPjIGPWb1A7oCrMlZBaItjm3bk4Gr4SSFZR30
|
||||
jf2saYXxtrUGem6zbtS2pFUnxyYTCc09zyKG9w3xGyth2dA3JgiIhR0kgDaJ24MT
|
||||
s945JjeNP2a2Z5ZA4emX3XGH9EZslY2ksF3rpOSt4tOfPjOZAwxPNkaPWl2/0HdQ
|
||||
VzqYgw1aYuwRFGGI4w6GJoV8QnAUlkE309pdiwIDAQABMA0GCSqGSIb3DQEBBQUA
|
||||
A4IBAQBt38N6dDK2uvUsh5NsZHy5X2558+eyaljGjSCa9kaxYPlZWW8iMuP4XKIt
|
||||
U4RIuWhtLlkDweStW86RbhO9XHEqadh9qAfPb4MMBc/UOX8QPTWYHPl3JlPVgfFq
|
||||
C8r7hvltu5K54FeiO0MUzOB1JxDCUB2Ryq/4NojMXR03d/4d6rPZlLbksacpK+Qe
|
||||
x/ZlHVnX4i0B0gihcqCy8T+c/Sf5RoXjBaU0sKZsRPBCFjJxL82CwjMFCjw854cX
|
||||
1x+pToPCHkalD3rCmPeYoXW4cibZG2Uk8PPXLJzPpojEjFYAhxa+SSiRoLzHn+MC
|
||||
NfsLOePA+fPtu30uTAl6iFOxFly0
|
||||
-----END CERTIFICATE-----
|
||||
+51
-88
@@ -6,53 +6,46 @@
|
||||
#
|
||||
#
|
||||
AC_COPYRIGHT([Copyright (C) 2006-2018 wolfSSL Inc.])
|
||||
AC_INIT([wolfssl],[3.14.0],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com])
|
||||
|
||||
AC_PREREQ([2.63])
|
||||
AC_INIT([wolfssl],[3.15.0],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[https://www.wolfssl.com])
|
||||
AC_CONFIG_AUX_DIR([build-aux])
|
||||
|
||||
# The following sets CFLAGS and CXXFLAGS to empty if unset on command line.
|
||||
# We do not want the default "-g -O2" that AC_PROG_CC AC_PROG_CXX sets
|
||||
# automatically.
|
||||
# We do not want the default "-g -O2" that AC_PROG_CC sets automatically.
|
||||
: ${CFLAGS=""}
|
||||
: ${CXXFLAGS=""}
|
||||
|
||||
# Test ar for the "U" option. Should be checked before the libtool macros.
|
||||
xxx_ar_flags=$((ar --help) 2>&1)
|
||||
AS_CASE([$xxx_ar_flags],[*'use actual timestamps and uids/gids'*],[: ${AR_FLAGS="Ucru"}])
|
||||
|
||||
AC_PROG_CC
|
||||
AM_PROG_CC_C_O
|
||||
AC_CANONICAL_HOST
|
||||
AC_CANONICAL_BUILD
|
||||
|
||||
AM_INIT_AUTOMAKE([1.11 -Wall -Werror -Wno-portability foreign tar-ustar subdir-objects no-define color-tests])
|
||||
AC_PREREQ([2.63])
|
||||
|
||||
AC_ARG_PROGRAM
|
||||
AC_DEFUN([PROTECT_AC_USE_SYSTEM_EXTENSIONS],
|
||||
[AX_SAVE_FLAGS
|
||||
AC_LANG_PUSH([C])
|
||||
AC_USE_SYSTEM_EXTENSIONS
|
||||
AC_LANG_POP([C])
|
||||
AX_RESTORE_FLAGS
|
||||
])
|
||||
#PROTECT_AC_USE_SYSTEM_EXTENSIONS
|
||||
|
||||
AC_CONFIG_MACRO_DIR([m4])
|
||||
|
||||
AC_CONFIG_HEADERS([config.h:config.in])dnl Keep filename to 8.3 for MS-DOS.
|
||||
AM_INIT_AUTOMAKE([1.11 -Wall -Werror -Wno-portability foreign tar-ustar subdir-objects no-define color-tests])
|
||||
m4_ifdef([AM_SILENT_RULES],[AM_SILENT_RULES([yes])])
|
||||
|
||||
AC_ARG_PROGRAM
|
||||
|
||||
AC_CONFIG_HEADERS([config.h:config.in])
|
||||
|
||||
LT_PREREQ([2.2])
|
||||
LT_INIT([disable-static win32-dll])
|
||||
|
||||
#shared library versioning
|
||||
WOLFSSL_LIBRARY_VERSION=16:0:0
|
||||
# | | |
|
||||
# +------+ | +---+
|
||||
# | | |
|
||||
# current:revision:age
|
||||
# | | |
|
||||
# | | +- increment if interfaces have been added
|
||||
# | | set to zero if interfaces have been removed
|
||||
# | | or changed
|
||||
# | +- increment if source code has changed
|
||||
# | set to zero if current is incremented
|
||||
# +- increment if interfaces have been added, removed or changed
|
||||
WOLFSSL_LIBRARY_VERSION=17:0:0
|
||||
# | | |
|
||||
# +------+ | +---+
|
||||
# | | |
|
||||
# current:revision:age
|
||||
# | | |
|
||||
# | | +- increment if interfaces have been added
|
||||
# | | set to zero if interfaces have been removed
|
||||
# | | or changed
|
||||
# | +- increment if source code has changed
|
||||
# | set to zero if current is incremented
|
||||
# +- increment if interfaces have been added, removed or changed
|
||||
AC_SUBST([WOLFSSL_LIBRARY_VERSION])
|
||||
|
||||
# capture user C_EXTRA_FLAGS from ./configure line, CFLAGS may hold -g -O2 even
|
||||
@@ -60,57 +53,29 @@ AC_SUBST([WOLFSSL_LIBRARY_VERSION])
|
||||
USER_C_EXTRA_FLAGS="$C_EXTRA_FLAGS"
|
||||
USER_CFLAGS="$CFLAGS"
|
||||
|
||||
LT_PREREQ([2.2])
|
||||
LT_INIT([disable-static],[win32-dll])
|
||||
LT_LANG([C++])
|
||||
LT_LANG([C])
|
||||
|
||||
gl_VISIBILITY
|
||||
AS_IF([ test -n "$CFLAG_VISIBILITY" ], [
|
||||
AM_CPPFLAGS="$AM_CPPFLAGS $CFLAG_VISIBILITY"
|
||||
CPPFLAGS="$CPPFLAGS $CFLAG_VISIBILITY"
|
||||
])
|
||||
|
||||
m4_ifdef([AM_SILENT_RULES],[AM_SILENT_RULES([yes])])
|
||||
|
||||
# Moved these size of and type checks before the library checks.
|
||||
# The library checks add the library to subsequent test compiles
|
||||
# and in some rare cases, the networking check causes these sizeof
|
||||
# checks to fail.
|
||||
AC_CHECK_SIZEOF(long long, 8)
|
||||
AC_CHECK_SIZEOF(long, 4)
|
||||
AC_CHECK_TYPES(__uint128_t)
|
||||
AC_CHECK_FUNCS([gethostbyname])
|
||||
AC_CHECK_FUNCS([getaddrinfo])
|
||||
AC_CHECK_FUNCS([gettimeofday])
|
||||
AC_CHECK_FUNCS([gmtime_r])
|
||||
AC_CHECK_FUNCS([inet_ntoa])
|
||||
AC_CHECK_FUNCS([memset])
|
||||
AC_CHECK_FUNCS([socket])
|
||||
AC_CHECK_HEADERS([arpa/inet.h])
|
||||
AC_CHECK_HEADERS([fcntl.h])
|
||||
AC_CHECK_HEADERS([limits.h])
|
||||
AC_CHECK_HEADERS([netdb.h])
|
||||
AC_CHECK_HEADERS([netinet/in.h])
|
||||
AC_CHECK_HEADERS([stddef.h])
|
||||
AC_CHECK_HEADERS([sys/ioctl.h])
|
||||
AC_CHECK_HEADERS([sys/socket.h])
|
||||
AC_CHECK_HEADERS([sys/time.h])
|
||||
AC_CHECK_HEADERS([errno.h])
|
||||
AC_CHECK_LIB(network,socket)
|
||||
AC_CHECK_SIZEOF([long long])
|
||||
AC_CHECK_SIZEOF([long])
|
||||
AC_CHECK_TYPES([__uint128_t])
|
||||
AC_CHECK_FUNCS([gethostbyname getaddrinfo gettimeofday gmtime_r inet_ntoa memset socket])
|
||||
AC_CHECK_HEADERS([arpa/inet.h fcntl.h limits.h netdb.h netinet/in.h stddef.h sys/ioctl.h sys/socket.h sys/time.h errno.h])
|
||||
AC_CHECK_LIB([network],[socket])
|
||||
AC_C_BIGENDIAN
|
||||
# mktime check takes forever on some systems, if time supported it would be
|
||||
# highly unusual for mktime to be missing
|
||||
#AC_FUNC_MKTIME
|
||||
|
||||
AC_PROG_CC
|
||||
AC_PROG_CC_C_O
|
||||
AC_PROG_CXX
|
||||
AC_PROG_INSTALL
|
||||
AC_TYPE_SIZE_T
|
||||
AC_TYPE_UINT8_T
|
||||
AM_PROG_AS
|
||||
AM_PROG_CC_C_O
|
||||
LT_LIB_M
|
||||
|
||||
OPTIMIZE_CFLAGS="-Os -fomit-frame-pointer"
|
||||
@@ -120,13 +85,9 @@ DEBUG_CFLAGS="-g -DDEBUG -DDEBUG_WOLFSSL"
|
||||
LIB_ADD=
|
||||
LIB_STATIC_ADD=
|
||||
|
||||
thread_ls_on=no
|
||||
# Thread local storage
|
||||
AX_TLS([
|
||||
[AM_CFLAGS="$AM_CFLAGS -DHAVE_THREAD_LS"]
|
||||
[thread_ls_on=yes]
|
||||
] , [:])
|
||||
|
||||
AX_TLS([thread_ls_on=yes],[thread_ls_on=no])
|
||||
AS_IF([test "x$thread_ls_on" = "xyes"],[AM_CFLAGS="$AM_CFLAGS -DHAVE_THREAD_LS"])
|
||||
|
||||
# DEBUG
|
||||
AX_DEBUG
|
||||
@@ -135,7 +96,6 @@ AS_IF([test "$ax_enable_debug" = "yes"],
|
||||
[AM_CFLAGS="$AM_CFLAGS -DNDEBUG"])
|
||||
|
||||
|
||||
|
||||
# Distro build feature subset (Debian, Ubuntu, etc.)
|
||||
AC_ARG_ENABLE([distro],
|
||||
[AS_HELP_STRING([--enable-distro],[Enable wolfSSL distro build (default: disabled)])],
|
||||
@@ -280,7 +240,7 @@ AS_IF([ test "x$ENABLED_SINGLETHREADED" = "xno" ],[
|
||||
],[
|
||||
ENABLED_SINGLETHREADED=yes
|
||||
])
|
||||
])
|
||||
])
|
||||
|
||||
AS_IF([ test "x$ENABLED_SINGLETHREADED" = "xyes" ],[ AM_CFLAGS="-DSINGLE_THREADED $AM_CFLAGS" ])
|
||||
|
||||
@@ -923,7 +883,7 @@ AC_ARG_ENABLE([armasm],
|
||||
)
|
||||
if test "$ENABLED_ARMASM" = "yes" && test "$ENABLED_ASM" = "yes"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ARMASM"
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ARMASM -DWOLFSSL_NO_HASH_RAW"
|
||||
#Check if mcpu and mfpu values already set if not use default
|
||||
case $CPPFLAGS in
|
||||
*mcpu* | *mfpu*)
|
||||
@@ -3885,6 +3845,20 @@ else
|
||||
fi
|
||||
|
||||
|
||||
# Support for crypto device hardware
|
||||
AC_ARG_ENABLE([cryptodev],
|
||||
[AS_HELP_STRING([--enable-cryptodev],[Enable crypto hardware support (default: disabled)])],
|
||||
[ ENABLED_CRYPTODEV=$enableval ],
|
||||
[ ENABLED_CRYPTODEV=no ]
|
||||
)
|
||||
|
||||
if test "$ENABLED_CRYPTODEV" = "yes"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLF_CRYPTO_DEV"
|
||||
fi
|
||||
AM_CONDITIONAL([BUILD_CRYPTODEV], [test "x$ENABLED_CRYPTODEV" = "xyes"])
|
||||
|
||||
|
||||
# Session Export
|
||||
AC_ARG_ENABLE([sessionexport],
|
||||
[AS_HELP_STRING([--enable-sessionexport],[Enable export and import of sessions (default: disabled)])],
|
||||
@@ -4211,7 +4185,6 @@ fi
|
||||
OPTION_FLAGS="$USER_CFLAGS $USER_C_EXTRA_FLAGS $CPPFLAGS $AM_CFLAGS"
|
||||
|
||||
|
||||
|
||||
CREATE_HEX_VERSION
|
||||
AC_SUBST([AM_CPPFLAGS])
|
||||
AC_SUBST([AM_CFLAGS])
|
||||
@@ -4222,17 +4195,7 @@ AC_SUBST([LIB_STATIC_ADD])
|
||||
|
||||
# FINAL
|
||||
AC_CONFIG_FILES([stamp-h], [echo timestamp > stamp-h])
|
||||
AC_CONFIG_FILES([Makefile])
|
||||
AC_CONFIG_FILES([wolfssl/version.h])
|
||||
AC_CONFIG_FILES([wolfssl/options.h])
|
||||
#have options.h and version.h for autoconf fips tag and build
|
||||
#if test "x$ENABLED_FIPS" = "xyes"
|
||||
#then
|
||||
# AC_CONFIG_FILES([cyassl/version.h])
|
||||
# AC_CONFIG_FILES([cyassl/options.h])
|
||||
#fi
|
||||
AC_CONFIG_FILES([support/wolfssl.pc])
|
||||
AC_CONFIG_FILES([rpm/spec])
|
||||
AC_CONFIG_FILES([Makefile wolfssl/version.h wolfssl/options.h cyassl/options.h support/wolfssl.pc rpm/spec])
|
||||
|
||||
AX_CREATE_GENERIC_CONFIG
|
||||
AX_AM_JOBSERVER([yes])
|
||||
|
||||
@@ -5599,7 +5599,7 @@ WOLFSSL_API int wolfSSL_X509_version(WOLFSSL_X509*);
|
||||
\sa XFSEEK
|
||||
*/
|
||||
WOLFSSL_API WOLFSSL_X509*
|
||||
wolfSSL_X509_d2i_fp(WOLFSSL_X509** x509, FILE* file);
|
||||
wolfSSL_X509_d2i_fp(WOLFSSL_X509** x509, XFILE file);
|
||||
/*!
|
||||
\ingroup CertsKeys
|
||||
|
||||
|
||||
@@ -68,6 +68,7 @@ bench_tls(args);
|
||||
#define TEST_PACKET_SIZE 1024
|
||||
#define SHOW_VERBOSE 0 /* Default output is tab delimited format */
|
||||
|
||||
#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER)
|
||||
static int argShowPeerInfo = 0; /* Show more info about wolfSSL configuration */
|
||||
|
||||
static const char* kTestStr =
|
||||
@@ -864,6 +865,7 @@ int bench_tls(void* args)
|
||||
/* Return reporting a success */
|
||||
return (((func_args*)args)->return_code = 0);
|
||||
}
|
||||
#endif /* !NO_WOLFSSL_CLIENT && !NO_WOLFSSL_SERVER */
|
||||
|
||||
#ifndef NO_MAIN_DRIVER
|
||||
|
||||
@@ -873,8 +875,11 @@ int main(int argc, char** argv)
|
||||
|
||||
args.argc = argc;
|
||||
args.argv = argv;
|
||||
args.return_code = 0;
|
||||
|
||||
#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER)
|
||||
bench_tls(&args);
|
||||
#endif
|
||||
|
||||
return(args.return_code);
|
||||
}
|
||||
|
||||
@@ -660,7 +660,11 @@ static void ClientWrite(WOLFSSL* ssl, char* msg, int msgSz)
|
||||
}
|
||||
#endif
|
||||
}
|
||||
} while (err == WC_PENDING_E);
|
||||
} while (err == WOLFSSL_ERROR_WANT_WRITE
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
|| err == WC_PENDING_E
|
||||
#endif
|
||||
);
|
||||
if (ret != msgSz) {
|
||||
printf("SSL_write msg error %d, %s\n", err,
|
||||
wolfSSL_ERR_error_string(err, buffer));
|
||||
@@ -925,9 +929,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
||||
int onlyKeyShare = 0;
|
||||
#ifdef WOLFSSL_TLS13
|
||||
int noPskDheKe = 0;
|
||||
#ifdef WOLFSSL_POST_HANDSHAKE_AUTH
|
||||
int postHandAuth = 0;
|
||||
#endif
|
||||
#endif
|
||||
int updateKeysIVs = 0;
|
||||
#ifdef WOLFSSL_EARLY_DATA
|
||||
@@ -2253,8 +2255,8 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
||||
|
||||
ClientRead(ssl, reply, sizeof(reply)-1, 1);
|
||||
|
||||
#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
|
||||
if (postHandAuth)
|
||||
#if defined(WOLFSSL_TLS13)
|
||||
if (updateKeysIVs || postHandAuth)
|
||||
ClientWrite(ssl, msg, msgSz);
|
||||
#endif
|
||||
if (sendGET) { /* get html */
|
||||
@@ -2631,6 +2633,7 @@ exit:
|
||||
|
||||
args.argc = argc;
|
||||
args.argv = argv;
|
||||
args.return_code = 0;
|
||||
|
||||
#if defined(DEBUG_WOLFSSL) && !defined(WOLFSSL_MDK_SHELL) && !defined(STACK_TRAP)
|
||||
wolfSSL_Debugging_ON();
|
||||
@@ -2644,6 +2647,8 @@ exit:
|
||||
#else
|
||||
client_test(&args);
|
||||
#endif
|
||||
#else
|
||||
printf("Client not compiled in!\n");
|
||||
#endif
|
||||
wolfSSL_Cleanup();
|
||||
|
||||
|
||||
@@ -334,6 +334,7 @@ void echoclient_test(void* args)
|
||||
|
||||
args.argc = argc;
|
||||
args.argv = argv;
|
||||
args.return_code = 0;
|
||||
|
||||
CyaSSL_Init();
|
||||
#if defined(DEBUG_CYASSL) && !defined(WOLFSSL_MDK_SHELL)
|
||||
|
||||
@@ -497,6 +497,7 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
|
||||
|
||||
args.argc = argc;
|
||||
args.argv = argv;
|
||||
args.return_code = 0;
|
||||
|
||||
CyaSSL_Init();
|
||||
#if defined(DEBUG_CYASSL) && !defined(CYASSL_MDK_SHELL)
|
||||
|
||||
@@ -281,46 +281,6 @@ int ServerEchoData(SSL* ssl, int clientfd, int echoData, int block,
|
||||
return EXIT_SUCCESS;
|
||||
}
|
||||
|
||||
#ifdef WOLFSSL_TLS13
|
||||
static void NonBlockingServerRead(WOLFSSL* ssl, char* input, int inputLen)
|
||||
{
|
||||
int ret, err;
|
||||
char buffer[CYASSL_MAX_ERROR_SZ];
|
||||
|
||||
/* Read data */
|
||||
do {
|
||||
err = 0; /* reset error */
|
||||
ret = SSL_read(ssl, input, inputLen);
|
||||
if (ret < 0) {
|
||||
err = SSL_get_error(ssl, 0);
|
||||
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
if (err == WC_PENDING_E) {
|
||||
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
|
||||
if (ret < 0) break;
|
||||
}
|
||||
else
|
||||
#endif
|
||||
#ifdef CYASSL_DTLS
|
||||
if (wolfSSL_dtls(ssl) && err == DECRYPT_ERROR) {
|
||||
printf("Dropped client's message due to a bad MAC\n");
|
||||
}
|
||||
else
|
||||
#endif
|
||||
if (err != WOLFSSL_ERROR_WANT_READ) {
|
||||
printf("SSL_read input error %d, %s\n", err,
|
||||
ERR_error_string(err, buffer));
|
||||
err_sys_ex(runWithErrors, "SSL_read failed");
|
||||
}
|
||||
}
|
||||
} while (err == WC_PENDING_E || err == WOLFSSL_ERROR_WANT_READ);
|
||||
if (ret > 0) {
|
||||
input[ret] = 0; /* null terminate message */
|
||||
printf("Client message: %s\n", input);
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
static void ServerRead(WOLFSSL* ssl, char* input, int inputLen)
|
||||
{
|
||||
int ret, err;
|
||||
@@ -352,7 +312,7 @@ static void ServerRead(WOLFSSL* ssl, char* input, int inputLen)
|
||||
err_sys_ex(runWithErrors, "SSL_read failed");
|
||||
}
|
||||
}
|
||||
} while (err == WC_PENDING_E);
|
||||
} while (err == WC_PENDING_E || err == WOLFSSL_ERROR_WANT_READ);
|
||||
if (ret > 0) {
|
||||
input[ret] = 0; /* null terminate message */
|
||||
printf("Client message: %s\n", input);
|
||||
@@ -1627,7 +1587,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
|
||||
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
|
||||
#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
|
||||
if (postHandAuth) {
|
||||
SSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER |
|
||||
SSL_set_verify(ssl, WOLFSSL_VERIFY_PEER |
|
||||
((usePskPlus) ? WOLFSSL_VERIFY_FAIL_EXCEPT_PSK :
|
||||
WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT), 0);
|
||||
if (SSL_CTX_load_verify_locations(ctx, verifyCert, 0)
|
||||
@@ -1637,7 +1597,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
|
||||
}
|
||||
#ifdef WOLFSSL_TRUST_PEER_CERT
|
||||
if (trustCert) {
|
||||
if ((ret = wolfSSL_CTX_trust_peer_cert(ctx, trustCert,
|
||||
if ((ret = wolfSSL_trust_peer_cert(ssl, trustCert,
|
||||
WOLFSSL_FILETYPE_PEM)) != WOLFSSL_SUCCESS) {
|
||||
err_sys_ex(runWithErrors, "can't load trusted peer cert "
|
||||
"file");
|
||||
@@ -1679,13 +1639,8 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
|
||||
ServerWrite(ssl, write_msg, write_msg_sz);
|
||||
|
||||
#ifdef WOLFSSL_TLS13
|
||||
if (updateKeysIVs || postHandAuth) {
|
||||
ServerWrite(ssl, write_msg, write_msg_sz);
|
||||
if (nonBlocking)
|
||||
NonBlockingServerRead(ssl, input, sizeof(input)-1);
|
||||
else
|
||||
ServerRead(ssl, input, sizeof(input)-1);
|
||||
}
|
||||
if (updateKeysIVs || postHandAuth)
|
||||
ServerRead(ssl, input, sizeof(input)-1);
|
||||
#endif
|
||||
}
|
||||
else {
|
||||
@@ -1798,6 +1753,7 @@ exit:
|
||||
args.argc = argc;
|
||||
args.argv = argv;
|
||||
args.signal = &ready;
|
||||
args.return_code = 0;
|
||||
InitTcpReady(&ready);
|
||||
|
||||
#if defined(DEBUG_CYASSL) && !defined(WOLFSSL_MDK_SHELL)
|
||||
|
||||
@@ -67,6 +67,7 @@
|
||||
# changes: deleted the clearing of CFLAGS
|
||||
|
||||
AC_DEFUN([AX_HARDEN_LINKER_FLAGS], [
|
||||
AX_REQUIRE_DEFINED([AX_CHECK_LINK_FLAG])
|
||||
AC_REQUIRE([AX_VCS_CHECKOUT])
|
||||
AC_REQUIRE([AX_DEBUG])
|
||||
|
||||
@@ -95,6 +96,7 @@
|
||||
])
|
||||
|
||||
AC_DEFUN([AX_HARDEN_CC_COMPILER_FLAGS], [
|
||||
AX_REQUIRE_DEFINED([AX_APPEND_COMPILE_FLAGS])
|
||||
AC_REQUIRE([AX_HARDEN_LINKER_FLAGS])
|
||||
|
||||
AC_LANG_PUSH([C])
|
||||
@@ -160,6 +162,7 @@
|
||||
])
|
||||
|
||||
AC_DEFUN([AX_HARDEN_CXX_COMPILER_FLAGS], [
|
||||
AC_REQUIRE_DEFINED([AX_APPEND_COMPILE_FLAGS])
|
||||
AC_REQUIRE([AX_HARDEN_CC_COMPILER_FLAGS])
|
||||
AC_LANG_PUSH([C++])
|
||||
|
||||
@@ -227,6 +230,7 @@
|
||||
])
|
||||
|
||||
AC_DEFUN([AX_CC_OTHER_FLAGS], [
|
||||
AX_REQUIRE_DEFINED([AX_APPEND_COMPILE_FLAGS])
|
||||
AC_REQUIRE([AX_HARDEN_CC_COMPILER_FLAGS])
|
||||
|
||||
AC_LANG_PUSH([C])
|
||||
|
||||
+4
-2
@@ -73,8 +73,8 @@ mkdir -p $RPM_BUILD_ROOT/
|
||||
%{_docdir}/wolfssl/README.txt
|
||||
%{_libdir}/libwolfssl.la
|
||||
%{_libdir}/libwolfssl.so
|
||||
%{_libdir}/libwolfssl.so.16
|
||||
%{_libdir}/libwolfssl.so.16.0.0
|
||||
%{_libdir}/libwolfssl.so.17
|
||||
%{_libdir}/libwolfssl.so.17.0.0
|
||||
|
||||
%files devel
|
||||
%defattr(-,root,root,-)
|
||||
@@ -287,6 +287,8 @@ mkdir -p $RPM_BUILD_ROOT/
|
||||
%{_libdir}/pkgconfig/wolfssl.pc
|
||||
|
||||
%changelog
|
||||
* Thu May 31 2018 John Safranek <john@wolfssl.com>
|
||||
- Update the version number on the library SO file.
|
||||
* Fri Mar 02 2018 Jacob Barthelmeh <jacob@wolfssl.com>
|
||||
- Added headder files fips.h, buffer.h, objects.h, rc4.h and example tls_bench.c
|
||||
* Fri Sep 08 2017 Jacob Barthelmeh <jacob@wolfssl.com>
|
||||
|
||||
@@ -62,6 +62,14 @@ do_trap() {
|
||||
trap do_trap INT TERM
|
||||
|
||||
[ ! -x ./examples/client/client ] && echo -e "\n\nClient doesn't exist" && exit 1
|
||||
./examples/client/client -? 2>&1 | grep -- 'Client not compiled in!'
|
||||
if [ $? -eq 0 ]; then
|
||||
exit 0
|
||||
fi
|
||||
./examples/server/server -? 2>&1 | grep -- 'Server not compiled in!'
|
||||
if [ $? -eq 0 ]; then
|
||||
exit 0
|
||||
fi
|
||||
|
||||
# Usual psk server / psk client. This use case is tested in
|
||||
# tests/unit.test and is used here for just checking if PSK is enabled
|
||||
@@ -103,6 +111,21 @@ if [ $? -ne 0 ]; then
|
||||
fi
|
||||
echo ""
|
||||
|
||||
# psk server with non psk client
|
||||
port=0
|
||||
./examples/server/server -j -R $ready_file -p $port &
|
||||
server_pid=$!
|
||||
create_port
|
||||
./examples/client/client -p $port
|
||||
RESULT=$?
|
||||
remove_ready_file
|
||||
if [ $RESULT -ne 0 ]; then
|
||||
echo -e "\n\nClient connection failed"
|
||||
do_cleanup
|
||||
exit 1
|
||||
fi
|
||||
echo ""
|
||||
|
||||
# check fail if no auth, psk server with non psk client
|
||||
echo "Checking fail when not sending peer cert"
|
||||
port=0
|
||||
|
||||
+21
-11
@@ -111,18 +111,28 @@ do_test() {
|
||||
|
||||
trap do_trap INT TERM
|
||||
|
||||
do_test
|
||||
./examples/client/client -? 2>&1 | grep -- 'Client not compiled in!'
|
||||
if [ $? -ne 0 ]; then
|
||||
./examples/server/server -? 2>&1 | grep -- 'Server not compiled in!'
|
||||
if [ $? -ne 0 ]; then
|
||||
RUN_TEST="Y"
|
||||
fi
|
||||
fi
|
||||
|
||||
# Check the client for the extended master secret disable option. If
|
||||
# present we need to run the test twice.
|
||||
options_check=`./examples/client/client -?`
|
||||
case "$options_check" in
|
||||
*$ems_string*)
|
||||
echo -e "\nRepeating resume test without extended master secret..."
|
||||
do_test -n ;;
|
||||
*)
|
||||
;;
|
||||
esac
|
||||
if [ "$RUN_TEST" = "Y" ]; then
|
||||
do_test
|
||||
|
||||
# Check the client for the extended master secret disable option. If
|
||||
# present we need to run the test twice.
|
||||
options_check=`./examples/client/client -?`
|
||||
case "$options_check" in
|
||||
*$ems_string*)
|
||||
echo -e "\nRepeating resume test without extended master secret..."
|
||||
do_test -n ;;
|
||||
*)
|
||||
;;
|
||||
esac
|
||||
fi
|
||||
|
||||
echo -e "\nSuccess!\n"
|
||||
|
||||
|
||||
+43
-1
@@ -14,7 +14,7 @@ counter=0
|
||||
# also let's add some randomness by adding pid in case multiple 'make check's
|
||||
# per source tree
|
||||
ready_file=`pwd`/wolfssl_tls13_ready$$
|
||||
client_file=/tmp/wolfssl_tls13_client$$
|
||||
client_file=`pwd`/wolfssl_tls13_client$$
|
||||
|
||||
echo "ready file $ready_file"
|
||||
|
||||
@@ -70,6 +70,14 @@ do_trap() {
|
||||
trap do_trap INT TERM
|
||||
|
||||
[ ! -x ./examples/client/client ] && echo -e "\n\nClient doesn't exist" && exit 1
|
||||
./examples/client/client -? 2>&1 | grep -- 'Client not compiled in!'
|
||||
if [ $? -eq 0 ]; then
|
||||
exit 0
|
||||
fi
|
||||
./examples/server/server -? 2>&1 | grep -- 'Server not compiled in!'
|
||||
if [ $? -eq 0 ]; then
|
||||
exit 0
|
||||
fi
|
||||
|
||||
# Usual TLS v1.3 server / TLS v1.3 client.
|
||||
echo -e "\n\nTLS v1.3 server with TLS v1.3 client"
|
||||
@@ -137,8 +145,42 @@ if [ $? -ne 0 ]; then
|
||||
exit 1
|
||||
fi
|
||||
echo ""
|
||||
|
||||
echo "Find usable TLS 1.2 cipher suite"
|
||||
for CS in ECDHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES128-GCM-SHA256
|
||||
do
|
||||
echo $CS
|
||||
./examples/client/client -e | grep $CS >/dev/null
|
||||
if [ "$?" = "0" ]; then
|
||||
TLS12_CS=$CS
|
||||
break
|
||||
fi
|
||||
done
|
||||
if [ "$TLS12_CS" != "" ]; then
|
||||
# TLS 1.3 downgrade server and client - no common TLS 1.3 ciphers
|
||||
echo -e "\n\nTLS v1.3 downgrade server and client - no common TLS 1.3 ciphers"
|
||||
port=0
|
||||
SERVER_CS="TLS13-AES256-GCM-SHA384:$TLS12_CS"
|
||||
CLIENT_CS="TLS13-AES128-GCM-SHA256:$TLS12_CS"
|
||||
./examples/server/server -v d -l $SERVER_CS -R $ready_file -p $port &
|
||||
server_pid=$!
|
||||
create_port
|
||||
./examples/client/client -v d -l $CLIENT_CS -p $port
|
||||
RESULT=$?
|
||||
remove_ready_file
|
||||
if [ $RESULT -eq 0 ]; then
|
||||
echo -e "\n\nTLS v1.3 downgrading to TLS v1.2 due to ciphers"
|
||||
do_cleanup
|
||||
exit 1
|
||||
fi
|
||||
echo ""
|
||||
else
|
||||
echo "No usable TLS 1.2 cipher suite found"
|
||||
fi
|
||||
fi
|
||||
|
||||
do_cleanup
|
||||
|
||||
echo -e "\nALL Tests Passed"
|
||||
|
||||
exit 0
|
||||
|
||||
+323
-424
@@ -136,6 +136,7 @@ enum processReply {
|
||||
|
||||
|
||||
#ifndef WOLFSSL_NO_TLS12
|
||||
#if !defined(NO_WOLFSSL_SERVER) || !defined(NO_WOLFSSL_CLIENT)
|
||||
|
||||
/* Server random bytes for TLS v1.3 described downgrade protection mechanism. */
|
||||
static const byte tls13Downgrade[7] = {
|
||||
@@ -143,10 +144,11 @@ static const byte tls13Downgrade[7] = {
|
||||
};
|
||||
#define TLS13_DOWNGRADE_SZ sizeof(tls13Downgrade)
|
||||
|
||||
#endif /* !NO_WOLFSSL_SERVER || !NO_WOLFSSL_CLIENT */
|
||||
|
||||
#ifndef NO_OLD_TLS
|
||||
static int SSL_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz,
|
||||
int content, int verify);
|
||||
int padSz, int content, int verify);
|
||||
|
||||
#endif
|
||||
|
||||
@@ -2735,7 +2737,7 @@ static INLINE void DecodeSigAlg(const byte* input, byte* hashAlgo, byte* hsType)
|
||||
#endif /* !NO_WOLFSSL_SERVER || !NO_CERTS */
|
||||
|
||||
#ifndef WOLFSSL_NO_TLS12
|
||||
|
||||
#if !defined(NO_WOLFSSL_SERVER) || !defined(NO_WOLFSSL_CLIENT)
|
||||
#if !defined(NO_DH) || defined(HAVE_ECC) || \
|
||||
(!defined(NO_RSA) && defined(WC_RSA_PSS))
|
||||
|
||||
@@ -2766,11 +2768,9 @@ static enum wc_HashType HashAlgoToType(int hashAlgo)
|
||||
|
||||
return WC_HASH_TYPE_NONE;
|
||||
}
|
||||
|
||||
#endif /* !NO_DH || HAVE_ECC || (!NO_RSA && WC_RSA_PSS) */
|
||||
|
||||
#endif
|
||||
|
||||
#endif /* !NO_WOLFSSL_SERVER || !NO_WOLFSSL_CLIENT */
|
||||
#endif /* !WOLFSSL_NO_TLS12 */
|
||||
|
||||
#ifndef NO_CERTS
|
||||
|
||||
@@ -2862,6 +2862,7 @@ void FreeX509(WOLFSSL_X509* x509)
|
||||
}
|
||||
|
||||
|
||||
#if !defined(NO_WOLFSSL_SERVER) || !defined(NO_WOLFSSL_CLIENT)
|
||||
/* Encode the signature algorithm into buffer.
|
||||
*
|
||||
* hashalgo The hash algorithm.
|
||||
@@ -2934,10 +2935,12 @@ static void SetDigest(WOLFSSL* ssl, int hashAlgo)
|
||||
} /* switch */
|
||||
}
|
||||
#endif /* !WOLFSSL_NO_TLS12 && !WOLFSSL_NO_CLIENT_AUTH */
|
||||
#endif /* !NO_WOLFSSL_SERVER || !NO_WOLFSSL_CLIENT */
|
||||
#endif /* !NO_CERTS */
|
||||
|
||||
#ifndef NO_RSA
|
||||
#ifndef WOLFSSL_NO_TLS12
|
||||
#if !defined(NO_WOLFSSL_SERVER) || !defined(NO_WOLFSSL_CLIENT)
|
||||
static int TypeHash(int hashAlgo)
|
||||
{
|
||||
switch (hashAlgo) {
|
||||
@@ -2961,6 +2964,7 @@ static int TypeHash(int hashAlgo)
|
||||
|
||||
return 0;
|
||||
}
|
||||
#endif /* !NO_WOLFSSL_SERVER && !NO_WOLFSSL_CLIENT */
|
||||
#endif /* !WOLFSSL_NO_TLS12 */
|
||||
|
||||
#if defined(WC_RSA_PSS)
|
||||
@@ -7078,6 +7082,7 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
|
||||
|
||||
#endif /* WOLFSSL_NO_TLS12 */
|
||||
|
||||
#if !defined(NO_WOLFSSL_SERVER) || !defined(NO_WOLFSSL_CLIENT)
|
||||
/* cipher requirements */
|
||||
enum {
|
||||
REQUIRES_RSA,
|
||||
@@ -7633,6 +7638,8 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
|
||||
return 0;
|
||||
}
|
||||
|
||||
#endif /* !NO_WOLFSSL_SERVER && !NO_WOLFSSL_CLIENT */
|
||||
|
||||
|
||||
#ifndef NO_CERTS
|
||||
|
||||
@@ -7644,6 +7651,7 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
|
||||
return 1 on success */
|
||||
int MatchDomainName(const char* pattern, int len, const char* str)
|
||||
{
|
||||
int ret = 0;
|
||||
char p, s;
|
||||
|
||||
if (pattern == NULL || str == NULL || len <= 0)
|
||||
@@ -7652,7 +7660,7 @@ int MatchDomainName(const char* pattern, int len, const char* str)
|
||||
while (len > 0) {
|
||||
|
||||
p = (char)XTOLOWER((unsigned char)*pattern++);
|
||||
if (p == 0)
|
||||
if (p == '\0')
|
||||
break;
|
||||
|
||||
if (p == '*') {
|
||||
@@ -7676,11 +7684,18 @@ int MatchDomainName(const char* pattern, int len, const char* str)
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (len > 0)
|
||||
|
||||
if (len > 0) {
|
||||
str++;
|
||||
len--;
|
||||
}
|
||||
}
|
||||
|
||||
return *str == '\0';
|
||||
if (*str == '\0' && len == 0) {
|
||||
ret = 1; /* success */
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
@@ -7698,7 +7713,7 @@ int CheckAltNames(DecodedCert* dCert, char* domain)
|
||||
while (altName) {
|
||||
WOLFSSL_MSG("\tindividual AltName check");
|
||||
|
||||
if (MatchDomainName(altName->name,(int)XSTRLEN(altName->name), domain)){
|
||||
if (MatchDomainName(altName->name, altName->len, domain)){
|
||||
match = 1;
|
||||
break;
|
||||
}
|
||||
@@ -7735,8 +7750,7 @@ static int CheckForAltNames(DecodedCert* dCert, char* domain, int* checkCN)
|
||||
while (altName) {
|
||||
WOLFSSL_MSG("\tindividual AltName check");
|
||||
|
||||
if (MatchDomainName(altName->name, (int)XSTRLEN(altName->name),
|
||||
domain)) {
|
||||
if (MatchDomainName(altName->name, altName->len, domain)) {
|
||||
match = 1;
|
||||
*checkCN = 0;
|
||||
break;
|
||||
@@ -7946,7 +7960,7 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
|
||||
while (cur != NULL) {
|
||||
if (cur->type == ASN_RFC822_TYPE) {
|
||||
DNS_entry* dnsEntry;
|
||||
int strLen = (int)XSTRLEN(cur->name);
|
||||
int strLen = cur->len;
|
||||
|
||||
dnsEntry = (DNS_entry*)XMALLOC(sizeof(DNS_entry), x509->heap,
|
||||
DYNAMIC_TYPE_ALTNAME);
|
||||
@@ -7963,7 +7977,7 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
|
||||
XFREE(dnsEntry, x509->heap, DYNAMIC_TYPE_ALTNAME);
|
||||
return MEMORY_E;
|
||||
}
|
||||
|
||||
dnsEntry->len = strLen;
|
||||
XMEMCPY(dnsEntry->name, cur->name, strLen);
|
||||
dnsEntry->name[strLen] = '\0';
|
||||
|
||||
@@ -8276,7 +8290,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
|
||||
}
|
||||
c24to32(input + args->idx, &listSz);
|
||||
args->idx += OPAQUE24_LEN;
|
||||
if (listSz > MAX_RECORD_SIZE) {
|
||||
if (listSz > MAX_CERTIFICATE_SZ) {
|
||||
ERROR_OUT(BUFFER_ERROR, exit_ppc);
|
||||
}
|
||||
if ((args->idx - args->begin) + listSz != totalSz) {
|
||||
@@ -11860,173 +11874,6 @@ static int SanityCheckCipherText(WOLFSSL* ssl, word32 encryptSz)
|
||||
return 0;
|
||||
}
|
||||
|
||||
#ifndef NO_OLD_TLS
|
||||
|
||||
static INLINE void Md5Rounds(int rounds, const byte* data, int sz)
|
||||
{
|
||||
wc_Md5 md5;
|
||||
int i;
|
||||
|
||||
wc_InitMd5(&md5); /* no error check on purpose, dummy round */
|
||||
|
||||
for (i = 0; i < rounds; i++)
|
||||
wc_Md5Update(&md5, data, sz);
|
||||
wc_Md5Free(&md5); /* in case needed to release resources */
|
||||
}
|
||||
|
||||
|
||||
|
||||
/* do a dummy sha round */
|
||||
static INLINE void ShaRounds(int rounds, const byte* data, int sz)
|
||||
{
|
||||
wc_Sha sha;
|
||||
int i;
|
||||
|
||||
wc_InitSha(&sha); /* no error check on purpose, dummy round */
|
||||
|
||||
for (i = 0; i < rounds; i++)
|
||||
wc_ShaUpdate(&sha, data, sz);
|
||||
wc_ShaFree(&sha); /* in case needed to release resources */
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifndef WOLFSSL_NO_TLS12
|
||||
|
||||
#ifndef NO_SHA256
|
||||
|
||||
static INLINE void Sha256Rounds(int rounds, const byte* data, int sz)
|
||||
{
|
||||
wc_Sha256 sha256;
|
||||
int i;
|
||||
|
||||
wc_InitSha256(&sha256); /* no error check on purpose, dummy round */
|
||||
|
||||
for (i = 0; i < rounds; i++) {
|
||||
wc_Sha256Update(&sha256, data, sz);
|
||||
/* no error check on purpose, dummy round */
|
||||
}
|
||||
wc_Sha256Free(&sha256); /* in case needed to release resources */
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
|
||||
#ifdef WOLFSSL_SHA384
|
||||
|
||||
static INLINE void Sha384Rounds(int rounds, const byte* data, int sz)
|
||||
{
|
||||
wc_Sha384 sha384;
|
||||
int i;
|
||||
|
||||
wc_InitSha384(&sha384); /* no error check on purpose, dummy round */
|
||||
|
||||
for (i = 0; i < rounds; i++) {
|
||||
wc_Sha384Update(&sha384, data, sz);
|
||||
/* no error check on purpose, dummy round */
|
||||
}
|
||||
wc_Sha384Free(&sha384); /* in case needed to release resources */
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
|
||||
#ifdef WOLFSSL_SHA512
|
||||
|
||||
static INLINE void Sha512Rounds(int rounds, const byte* data, int sz)
|
||||
{
|
||||
wc_Sha512 sha512;
|
||||
int i;
|
||||
|
||||
wc_InitSha512(&sha512); /* no error check on purpose, dummy round */
|
||||
|
||||
for (i = 0; i < rounds; i++) {
|
||||
wc_Sha512Update(&sha512, data, sz);
|
||||
/* no error check on purpose, dummy round */
|
||||
}
|
||||
wc_Sha512Free(&sha512); /* in case needed to release resources */
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_RIPEMD
|
||||
|
||||
static INLINE void RmdRounds(int rounds, const byte* data, int sz)
|
||||
{
|
||||
RipeMd ripemd;
|
||||
int i;
|
||||
|
||||
(void)wc_InitRipeMd(&ripemd);
|
||||
|
||||
for (i = 0; i < rounds; i++)
|
||||
(void)wc_RipeMdUpdate(&ripemd, data, sz);
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
|
||||
/* Do dummy rounds */
|
||||
static INLINE void DoRounds(int type, int rounds, const byte* data, int sz)
|
||||
{
|
||||
(void)rounds;
|
||||
(void)data;
|
||||
(void)sz;
|
||||
|
||||
switch (type) {
|
||||
case no_mac :
|
||||
break;
|
||||
|
||||
#ifndef NO_OLD_TLS
|
||||
#ifndef NO_MD5
|
||||
case md5_mac :
|
||||
Md5Rounds(rounds, data, sz);
|
||||
break;
|
||||
#endif
|
||||
|
||||
#ifndef NO_SHA
|
||||
case sha_mac :
|
||||
ShaRounds(rounds, data, sz);
|
||||
break;
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#ifndef NO_SHA256
|
||||
case sha256_mac :
|
||||
Sha256Rounds(rounds, data, sz);
|
||||
break;
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_SHA384
|
||||
case sha384_mac :
|
||||
Sha384Rounds(rounds, data, sz);
|
||||
break;
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_SHA512
|
||||
case sha512_mac :
|
||||
Sha512Rounds(rounds, data, sz);
|
||||
break;
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_RIPEMD
|
||||
case rmd_mac :
|
||||
RmdRounds(rounds, data, sz);
|
||||
break;
|
||||
#endif
|
||||
|
||||
default:
|
||||
WOLFSSL_MSG("Bad round type");
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/* do number of compression rounds on dummy data */
|
||||
static INLINE void CompressRounds(WOLFSSL* ssl, int rounds, const byte* dummy)
|
||||
{
|
||||
if (rounds)
|
||||
DoRounds(ssl->specs.mac_algorithm, rounds, dummy, COMPRESS_LOWER);
|
||||
}
|
||||
|
||||
|
||||
/* check all length bytes for the pad value, return 0 on success */
|
||||
static int PadCheck(const byte* a, byte pad, int length)
|
||||
@@ -12042,81 +11889,127 @@ static int PadCheck(const byte* a, byte pad, int length)
|
||||
}
|
||||
|
||||
|
||||
/* get compression extra rounds */
|
||||
static INLINE int GetRounds(int pLen, int padLen, int t)
|
||||
/* Mask the padding bytes with the expected values.
|
||||
* Constant time implementation - does maximum pad size possible.
|
||||
*
|
||||
* data Message data.
|
||||
* sz Size of the message including MAC and padding and padding length.
|
||||
* macSz Size of the MAC.
|
||||
* returns 0 on success, otherwise failure.
|
||||
*/
|
||||
static byte MaskPadding(const byte* data, int sz, int macSz)
|
||||
{
|
||||
int roundL1 = 1; /* round up flags */
|
||||
int roundL2 = 1;
|
||||
int i;
|
||||
int checkSz = sz - 1;
|
||||
byte paddingSz = data[sz - 1];
|
||||
byte mask;
|
||||
byte good = ctMaskGT(paddingSz, sz - 1 - macSz);
|
||||
|
||||
int L1 = COMPRESS_CONSTANT + pLen - t;
|
||||
int L2 = COMPRESS_CONSTANT + pLen - padLen - 1 - t;
|
||||
if (checkSz > TLS_MAX_PAD_SZ)
|
||||
checkSz = TLS_MAX_PAD_SZ;
|
||||
|
||||
L1 -= COMPRESS_UPPER;
|
||||
L2 -= COMPRESS_UPPER;
|
||||
for (i = 0; i < checkSz; i++) {
|
||||
mask = ctMaskLTE(i, paddingSz);
|
||||
good |= mask & (data[sz - 1 - i] ^ paddingSz);
|
||||
}
|
||||
|
||||
if ( (L1 % COMPRESS_LOWER) == 0)
|
||||
roundL1 = 0;
|
||||
if ( (L2 % COMPRESS_LOWER) == 0)
|
||||
roundL2 = 0;
|
||||
|
||||
L1 /= COMPRESS_LOWER;
|
||||
L2 /= COMPRESS_LOWER;
|
||||
|
||||
L1 += roundL1;
|
||||
L2 += roundL2;
|
||||
|
||||
return L1 - L2;
|
||||
return good;
|
||||
}
|
||||
|
||||
/* Mask the MAC in the message with the MAC calculated.
|
||||
* Constant time implementation - starts looking for MAC where maximum padding
|
||||
* size has it.
|
||||
*
|
||||
* data Message data.
|
||||
* sz Size of the message including MAC and padding and padding length.
|
||||
* macSz Size of the MAC data.
|
||||
* expMac Expected MAC value.
|
||||
* returns 0 on success, otherwise failure.
|
||||
*/
|
||||
static byte MaskMac(const byte* data, int sz, int macSz, byte* expMac)
|
||||
{
|
||||
int i, j;
|
||||
unsigned char mac[WC_MAX_DIGEST_SIZE];
|
||||
int scanStart = sz - 1 - TLS_MAX_PAD_SZ - macSz;
|
||||
int macEnd = sz - 1 - data[sz - 1];
|
||||
int macStart = macEnd - macSz;
|
||||
int r = 0;
|
||||
unsigned char started, notEnded;
|
||||
unsigned char good = 0;
|
||||
|
||||
if (scanStart < 0)
|
||||
scanStart = 0;
|
||||
|
||||
/* Div on Intel has different speeds depending on value.
|
||||
* Use a bitwise AND or mod a specific value (converted to mul). */
|
||||
if ((macSz & (macSz - 1)) == 0)
|
||||
r = (macSz - (scanStart - macStart)) & (macSz - 1);
|
||||
#ifndef NO_SHA
|
||||
else if (macSz == WC_SHA_DIGEST_SIZE)
|
||||
r = (macSz - (scanStart - macStart)) % WC_SHA_DIGEST_SIZE;
|
||||
#endif
|
||||
#ifdef WOLFSSL_SHA384
|
||||
else if (macSz == WC_SHA384_DIGEST_SIZE)
|
||||
r = (macSz - (scanStart - macStart)) % WC_SHA384_DIGEST_SIZE;
|
||||
#endif
|
||||
|
||||
XMEMSET(mac, 0, macSz);
|
||||
for (i = scanStart; i < sz; i += macSz) {
|
||||
for (j = 0; j < macSz && j + i < sz; j++) {
|
||||
started = ctMaskGTE(i + j, macStart);
|
||||
notEnded = ctMaskLT(i + j, macEnd);
|
||||
mac[j] |= started & notEnded & data[i + j];
|
||||
}
|
||||
}
|
||||
|
||||
if ((macSz & (macSz - 1)) == 0) {
|
||||
for (i = 0; i < macSz; i++)
|
||||
good |= expMac[i] ^ mac[(i + r) & (macSz - 1)];
|
||||
}
|
||||
#ifndef NO_SHA
|
||||
else if (macSz == WC_SHA_DIGEST_SIZE) {
|
||||
for (i = 0; i < macSz; i++)
|
||||
good |= expMac[i] ^ mac[(i + r) % WC_SHA_DIGEST_SIZE];
|
||||
}
|
||||
#endif
|
||||
#ifdef WOLFSSL_SHA384
|
||||
else if (macSz == WC_SHA384_DIGEST_SIZE) {
|
||||
for (i = 0; i < macSz; i++)
|
||||
good |= expMac[i] ^ mac[(i + r) % WC_SHA384_DIGEST_SIZE];
|
||||
}
|
||||
#endif
|
||||
|
||||
return good;
|
||||
}
|
||||
|
||||
/* timing resistant pad/verify check, return 0 on success */
|
||||
static int TimingPadVerify(WOLFSSL* ssl, const byte* input, int padLen, int t,
|
||||
int pLen, int content)
|
||||
int TimingPadVerify(WOLFSSL* ssl, const byte* input, int padLen, int macSz,
|
||||
int pLen, int content)
|
||||
{
|
||||
byte verify[WC_MAX_DIGEST_SIZE];
|
||||
byte dmy[sizeof(WOLFSSL) >= MAX_PAD_SIZE ? 1 : MAX_PAD_SIZE] = {0};
|
||||
byte* dummy = sizeof(dmy) < MAX_PAD_SIZE ? (byte*) ssl : dmy;
|
||||
byte good;
|
||||
int ret = 0;
|
||||
|
||||
(void)dmy;
|
||||
good = MaskPadding(input, pLen, macSz);
|
||||
ret = ssl->hmac(ssl, verify, input, pLen - macSz - padLen - 1, padLen,
|
||||
content, 1);
|
||||
good |= MaskMac(input, pLen, ssl->specs.hash_size, verify);
|
||||
|
||||
if ( (t + padLen + 1) > pLen) {
|
||||
WOLFSSL_MSG("Plain Len not long enough for pad/mac");
|
||||
PadCheck(dummy, (byte)padLen, MAX_PAD_SIZE);
|
||||
ssl->hmac(ssl, verify, input, pLen - t, content, 1); /* still compare */
|
||||
ConstantCompare(verify, input + pLen - t, t);
|
||||
/* Non-zero on failure. */
|
||||
good = ~good;
|
||||
good &= good >> 4;
|
||||
good &= good >> 2;
|
||||
good &= good >> 1;
|
||||
/* Make ret negative on masking failure. */
|
||||
ret -= 1 - good;
|
||||
|
||||
return VERIFY_MAC_ERROR;
|
||||
}
|
||||
|
||||
if (PadCheck(input + pLen - (padLen + 1), (byte)padLen, padLen + 1) != 0) {
|
||||
WOLFSSL_MSG("PadCheck failed");
|
||||
PadCheck(dummy, (byte)padLen, MAX_PAD_SIZE - padLen - 1);
|
||||
ssl->hmac(ssl, verify, input, pLen - t, content, 1); /* still compare */
|
||||
ConstantCompare(verify, input + pLen - t, t);
|
||||
|
||||
return VERIFY_MAC_ERROR;
|
||||
}
|
||||
|
||||
PadCheck(dummy, (byte)padLen, MAX_PAD_SIZE - padLen - 1);
|
||||
ret = ssl->hmac(ssl, verify, input, pLen - padLen - 1 - t, content, 1);
|
||||
|
||||
CompressRounds(ssl, GetRounds(pLen, padLen, t), dummy);
|
||||
|
||||
if (ConstantCompare(verify, input + (pLen - padLen - 1 - t), t) != 0) {
|
||||
WOLFSSL_MSG("Verify MAC compare failed");
|
||||
return VERIFY_MAC_ERROR;
|
||||
}
|
||||
|
||||
/* treat any faulure as verify MAC error */
|
||||
/* Treat any faulure as verify MAC error. */
|
||||
if (ret != 0)
|
||||
ret = VERIFY_MAC_ERROR;
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
#endif /* WOLFSSL_NO_TLS12 */
|
||||
|
||||
|
||||
int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx)
|
||||
{
|
||||
@@ -12368,8 +12261,8 @@ static INLINE int VerifyMac(WOLFSSL* ssl, const byte* input, word32 msgSz,
|
||||
badPadLen = 1;
|
||||
}
|
||||
PadCheck(dummy, (byte)pad, MAX_PAD_SIZE); /* timing only */
|
||||
ret = ssl->hmac(ssl, verify, input, msgSz - digestSz - pad - 1,
|
||||
content, 1);
|
||||
ret = ssl->hmac(ssl, verify, input, msgSz - digestSz - pad - 1, pad,
|
||||
content, 1);
|
||||
if (ConstantCompare(verify, input + msgSz - digestSz - pad - 1,
|
||||
digestSz) != 0)
|
||||
return VERIFY_MAC_ERROR;
|
||||
@@ -12378,7 +12271,7 @@ static INLINE int VerifyMac(WOLFSSL* ssl, const byte* input, word32 msgSz,
|
||||
}
|
||||
}
|
||||
else if (ssl->specs.cipher_type == stream) {
|
||||
ret = ssl->hmac(ssl, verify, input, msgSz - digestSz, content, 1);
|
||||
ret = ssl->hmac(ssl, verify, input, msgSz - digestSz, -1, content, 1);
|
||||
if (ConstantCompare(verify, input + msgSz - digestSz, digestSz) != 0){
|
||||
return VERIFY_MAC_ERROR;
|
||||
}
|
||||
@@ -13118,7 +13011,7 @@ int SendChangeCipher(WOLFSSL* ssl)
|
||||
|
||||
#ifndef NO_OLD_TLS
|
||||
static int SSL_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz,
|
||||
int content, int verify)
|
||||
int padLen, int content, int verify)
|
||||
{
|
||||
byte result[WC_MAX_DIGEST_SIZE];
|
||||
word32 digestSz = ssl->specs.hash_size; /* actual sizes */
|
||||
@@ -13133,6 +13026,8 @@ static int SSL_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz,
|
||||
byte conLen[ENUM_LEN + LENGTH_SZ]; /* content & length */
|
||||
const byte* macSecret = wolfSSL_GetMacSecret(ssl, verify);
|
||||
|
||||
(void)padLen;
|
||||
|
||||
#ifdef HAVE_FUZZER
|
||||
if (ssl->fuzzerCb)
|
||||
ssl->fuzzerCb(ssl, in, sz, FUZZ_HMAC, ssl->fuzzerCtx);
|
||||
@@ -13609,8 +13504,8 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
|
||||
ERROR_OUT(MEMORY_E, exit_buildmsg);
|
||||
#endif
|
||||
|
||||
ret = ssl->hmac(ssl, hmac, output + args->headerSz + args->ivSz, inSz,
|
||||
type, 0);
|
||||
ret = ssl->hmac(ssl, hmac, output + args->headerSz + args->ivSz,
|
||||
inSz, -1, type, 0);
|
||||
XMEMCPY(output + args->idx, hmac, args->digestSz);
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
@@ -13619,8 +13514,8 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
|
||||
}
|
||||
else
|
||||
#endif
|
||||
ret = ssl->hmac(ssl, output + args->idx, output + args->headerSz + args->ivSz,
|
||||
inSz, type, 0);
|
||||
ret = ssl->hmac(ssl, output + args->idx, output +
|
||||
args->headerSz + args->ivSz, inSz, -1, type, 0);
|
||||
#ifdef WOLFSSL_DTLS
|
||||
if (ssl->options.dtls)
|
||||
DtlsSEQIncrement(ssl, CUR_ORDER);
|
||||
@@ -16386,6 +16281,152 @@ void PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo,
|
||||
|
||||
#endif /* WOLFSSL_CALLBACKS */
|
||||
|
||||
#if !defined(NO_CERTS) && (defined(WOLFSSL_TLS13) || \
|
||||
!defined(NO_WOLFSSL_CLIENT))
|
||||
|
||||
/* Decode the private key - RSA, ECC, or Ed25519 - and creates a key object.
|
||||
* The signature type is set as well.
|
||||
* The maximum length of a signature is returned.
|
||||
*
|
||||
* ssl The SSL/TLS object.
|
||||
* length The length of a signature.
|
||||
* returns 0 on success, otherwise failure.
|
||||
*/
|
||||
int DecodePrivateKey(WOLFSSL *ssl, word16* length)
|
||||
{
|
||||
int ret = BAD_FUNC_ARG;
|
||||
int keySz;
|
||||
word32 idx;
|
||||
|
||||
/* make sure private key exists */
|
||||
if (ssl->buffers.key == NULL || ssl->buffers.key->buffer == NULL) {
|
||||
WOLFSSL_MSG("Private key missing!");
|
||||
ERROR_OUT(NO_PRIVATE_KEY, exit_dpk);
|
||||
}
|
||||
|
||||
#ifndef NO_RSA
|
||||
ssl->hsType = DYNAMIC_TYPE_RSA;
|
||||
ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey);
|
||||
if (ret != 0) {
|
||||
goto exit_dpk;
|
||||
}
|
||||
|
||||
WOLFSSL_MSG("Trying RSA private key");
|
||||
|
||||
/* Set start of data to beginning of buffer. */
|
||||
idx = 0;
|
||||
/* Decode the key assuming it is an RSA private key. */
|
||||
ret = wc_RsaPrivateKeyDecode(ssl->buffers.key->buffer, &idx,
|
||||
(RsaKey*)ssl->hsKey, ssl->buffers.key->length);
|
||||
if (ret == 0) {
|
||||
WOLFSSL_MSG("Using RSA private key");
|
||||
|
||||
/* It worked so check it meets minimum key size requirements. */
|
||||
keySz = wc_RsaEncryptSize((RsaKey*)ssl->hsKey);
|
||||
if (keySz < 0) { /* check if keySz has error case */
|
||||
ERROR_OUT(keySz, exit_dpk);
|
||||
}
|
||||
|
||||
if (keySz < ssl->options.minRsaKeySz) {
|
||||
WOLFSSL_MSG("RSA key size too small");
|
||||
ERROR_OUT(RSA_KEY_SIZE_E, exit_dpk);
|
||||
}
|
||||
|
||||
/* Return the maximum signature length. */
|
||||
*length = (word16)keySz;
|
||||
|
||||
goto exit_dpk;
|
||||
}
|
||||
#endif /* !NO_RSA */
|
||||
|
||||
#ifdef HAVE_ECC
|
||||
#ifndef NO_RSA
|
||||
FreeKey(ssl, ssl->hsType, (void**)&ssl->hsKey);
|
||||
#endif /* !NO_RSA */
|
||||
|
||||
ssl->hsType = DYNAMIC_TYPE_ECC;
|
||||
ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey);
|
||||
if (ret != 0) {
|
||||
goto exit_dpk;
|
||||
}
|
||||
|
||||
#ifndef NO_RSA
|
||||
WOLFSSL_MSG("Trying ECC private key, RSA didn't work");
|
||||
#else
|
||||
WOLFSSL_MSG("Trying ECC private key");
|
||||
#endif
|
||||
|
||||
/* Set start of data to beginning of buffer. */
|
||||
idx = 0;
|
||||
/* Decode the key assuming it is an ECC private key. */
|
||||
ret = wc_EccPrivateKeyDecode(ssl->buffers.key->buffer, &idx,
|
||||
(ecc_key*)ssl->hsKey,
|
||||
ssl->buffers.key->length);
|
||||
if (ret == 0) {
|
||||
WOLFSSL_MSG("Using ECC private key");
|
||||
|
||||
/* Check it meets the minimum ECC key size requirements. */
|
||||
keySz = wc_ecc_size((ecc_key*)ssl->hsKey);
|
||||
if (keySz < ssl->options.minEccKeySz) {
|
||||
WOLFSSL_MSG("ECC key size too small");
|
||||
ERROR_OUT(ECC_KEY_SIZE_E, exit_dpk);
|
||||
}
|
||||
|
||||
/* Return the maximum signature length. */
|
||||
*length = (word16)wc_ecc_sig_size((ecc_key*)ssl->hsKey);
|
||||
|
||||
goto exit_dpk;
|
||||
}
|
||||
#endif
|
||||
#ifdef HAVE_ED25519
|
||||
#if !defined(NO_RSA) || defined(HAVE_ECC)
|
||||
FreeKey(ssl, ssl->hsType, (void**)&ssl->hsKey);
|
||||
#endif
|
||||
|
||||
ssl->hsType = DYNAMIC_TYPE_ED25519;
|
||||
ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey);
|
||||
if (ret != 0) {
|
||||
goto exit_dpk;
|
||||
}
|
||||
|
||||
#ifdef HAVE_ECC
|
||||
WOLFSSL_MSG("Trying ED25519 private key, ECC didn't work");
|
||||
#elif !defined(NO_RSA)
|
||||
WOLFSSL_MSG("Trying ED25519 private key, RSA didn't work");
|
||||
#else
|
||||
WOLFSSL_MSG("Trying ED25519 private key");
|
||||
#endif
|
||||
|
||||
/* Set start of data to beginning of buffer. */
|
||||
idx = 0;
|
||||
/* Decode the key assuming it is an ED25519 private key. */
|
||||
ret = wc_Ed25519PrivateKeyDecode(ssl->buffers.key->buffer, &idx,
|
||||
(ed25519_key*)ssl->hsKey,
|
||||
ssl->buffers.key->length);
|
||||
if (ret == 0) {
|
||||
WOLFSSL_MSG("Using ED25519 private key");
|
||||
|
||||
/* Check it meets the minimum ECC key size requirements. */
|
||||
if (ED25519_KEY_SIZE < ssl->options.minEccKeySz) {
|
||||
WOLFSSL_MSG("ED25519 key size too small");
|
||||
ERROR_OUT(ECC_KEY_SIZE_E, exit_dpk);
|
||||
}
|
||||
|
||||
/* Return the maximum signature length. */
|
||||
*length = ED25519_SIG_SIZE;
|
||||
|
||||
goto exit_dpk;
|
||||
}
|
||||
#endif /* HAVE_ED25519 */
|
||||
|
||||
(void)idx;
|
||||
(void)keySz;
|
||||
(void)length;
|
||||
exit_dpk:
|
||||
return ret;
|
||||
}
|
||||
|
||||
#endif /* WOLFSSL_TLS13 || !NO_WOLFSSL_CLIENT */
|
||||
|
||||
/* client only parts */
|
||||
#ifndef NO_WOLFSSL_CLIENT
|
||||
@@ -16868,36 +16909,6 @@ void PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo,
|
||||
XMEMCPY(ssl->arrays->serverRandom, input + i, RAN_LEN);
|
||||
i += RAN_LEN;
|
||||
|
||||
if (!ssl->options.resuming) {
|
||||
#ifdef WOLFSSL_TLS13
|
||||
if (IsAtLeastTLSv1_3(ssl->ctx->method->version)) {
|
||||
/* TLS v1.3 capable client not allowed to downgrade when
|
||||
* connecting to TLS v1.3 capable server unless cipher suite
|
||||
* demands it.
|
||||
*/
|
||||
if (XMEMCMP(input + i - (TLS13_DOWNGRADE_SZ + 1),
|
||||
tls13Downgrade, TLS13_DOWNGRADE_SZ) == 0 &&
|
||||
(*(input + i - 1) == 0 || *(input + i - 1) == 1)) {
|
||||
SendAlert(ssl, alert_fatal, illegal_parameter);
|
||||
return VERSION_ERROR;
|
||||
}
|
||||
}
|
||||
else
|
||||
#endif
|
||||
if (ssl->ctx->method->version.major == SSLv3_MAJOR &&
|
||||
ssl->ctx->method->version.minor == TLSv1_2_MINOR) {
|
||||
/* TLS v1.2 capable client not allowed to downgrade when
|
||||
* connecting to TLS v1.2 capable server.
|
||||
*/
|
||||
if (XMEMCMP(input + i - (TLS13_DOWNGRADE_SZ + 1),
|
||||
tls13Downgrade, TLS13_DOWNGRADE_SZ) == 0 &&
|
||||
*(input + i - 1) == 0) {
|
||||
SendAlert(ssl, alert_fatal, illegal_parameter);
|
||||
return VERSION_ERROR;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/* session id */
|
||||
ssl->arrays->sessionIDSz = input[i++];
|
||||
|
||||
@@ -17066,7 +17077,37 @@ void PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo,
|
||||
{
|
||||
int ret;
|
||||
|
||||
if (ssl->options.resuming) {
|
||||
if (!ssl->options.resuming) {
|
||||
byte* down = ssl->arrays->serverRandom + RAN_LEN -
|
||||
TLS13_DOWNGRADE_SZ - 1;
|
||||
byte vers = ssl->arrays->serverRandom[RAN_LEN - 1];
|
||||
#ifdef WOLFSSL_TLS13
|
||||
if (IsAtLeastTLSv1_3(ssl->ctx->method->version)) {
|
||||
/* TLS v1.3 capable client not allowed to downgrade when
|
||||
* connecting to TLS v1.3 capable server unless cipher suite
|
||||
* demands it.
|
||||
*/
|
||||
if (XMEMCMP(down, tls13Downgrade, TLS13_DOWNGRADE_SZ) == 0 &&
|
||||
(vers == 0 || vers == 1)) {
|
||||
SendAlert(ssl, alert_fatal, illegal_parameter);
|
||||
return VERSION_ERROR;
|
||||
}
|
||||
}
|
||||
else
|
||||
#endif
|
||||
if (ssl->ctx->method->version.major == SSLv3_MAJOR &&
|
||||
ssl->ctx->method->version.minor == TLSv1_2_MINOR) {
|
||||
/* TLS v1.2 capable client not allowed to downgrade when
|
||||
* connecting to TLS v1.2 capable server.
|
||||
*/
|
||||
if (XMEMCMP(down, tls13Downgrade, TLS13_DOWNGRADE_SZ) == 0 &&
|
||||
vers == 0) {
|
||||
SendAlert(ssl, alert_fatal, illegal_parameter);
|
||||
return VERSION_ERROR;
|
||||
}
|
||||
}
|
||||
}
|
||||
else {
|
||||
if (DSH_CheckSessionId(ssl)) {
|
||||
if (SetCipherSpecs(ssl) == 0) {
|
||||
|
||||
@@ -17097,11 +17138,11 @@ void PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo,
|
||||
ssl->options.resuming = 0; /* server denied resumption try */
|
||||
}
|
||||
}
|
||||
#ifdef WOLFSSL_DTLS
|
||||
if (ssl->options.dtls) {
|
||||
DtlsMsgPoolReset(ssl);
|
||||
}
|
||||
#endif
|
||||
#ifdef WOLFSSL_DTLS
|
||||
if (ssl->options.dtls) {
|
||||
DtlsMsgPoolReset(ssl);
|
||||
}
|
||||
#endif
|
||||
|
||||
return SetCipherSpecs(ssl);
|
||||
}
|
||||
@@ -19753,148 +19794,6 @@ exit_scke:
|
||||
}
|
||||
#endif /* HAVE_PK_CALLBACKS */
|
||||
|
||||
/* Decode the private key - RSA, ECC, or Ed25519 - and creates a key object.
|
||||
* The signature type is set as well.
|
||||
* The maximum length of a signature is returned.
|
||||
*
|
||||
* ssl The SSL/TLS object.
|
||||
* length The length of a signature.
|
||||
* returns 0 on success, otherwise failure.
|
||||
*/
|
||||
int DecodePrivateKey(WOLFSSL *ssl, word16* length)
|
||||
{
|
||||
int ret = BAD_FUNC_ARG;
|
||||
int keySz;
|
||||
word32 idx;
|
||||
|
||||
/* make sure private key exists */
|
||||
if (ssl->buffers.key == NULL || ssl->buffers.key->buffer == NULL) {
|
||||
WOLFSSL_MSG("Private key missing!");
|
||||
ERROR_OUT(NO_PRIVATE_KEY, exit_dpk);
|
||||
}
|
||||
|
||||
#ifndef NO_RSA
|
||||
ssl->hsType = DYNAMIC_TYPE_RSA;
|
||||
ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey);
|
||||
if (ret != 0) {
|
||||
goto exit_dpk;
|
||||
}
|
||||
|
||||
WOLFSSL_MSG("Trying RSA private key");
|
||||
|
||||
/* Set start of data to beginning of buffer. */
|
||||
idx = 0;
|
||||
/* Decode the key assuming it is an RSA private key. */
|
||||
ret = wc_RsaPrivateKeyDecode(ssl->buffers.key->buffer, &idx,
|
||||
(RsaKey*)ssl->hsKey, ssl->buffers.key->length);
|
||||
if (ret == 0) {
|
||||
WOLFSSL_MSG("Using RSA private key");
|
||||
|
||||
/* It worked so check it meets minimum key size requirements. */
|
||||
keySz = wc_RsaEncryptSize((RsaKey*)ssl->hsKey);
|
||||
if (keySz < 0) { /* check if keySz has error case */
|
||||
ERROR_OUT(keySz, exit_dpk);
|
||||
}
|
||||
|
||||
if (keySz < ssl->options.minRsaKeySz) {
|
||||
WOLFSSL_MSG("RSA key size too small");
|
||||
ERROR_OUT(RSA_KEY_SIZE_E, exit_dpk);
|
||||
}
|
||||
|
||||
/* Return the maximum signature length. */
|
||||
*length = (word16)keySz;
|
||||
|
||||
goto exit_dpk;
|
||||
}
|
||||
#endif /* !NO_RSA */
|
||||
|
||||
#ifdef HAVE_ECC
|
||||
#ifndef NO_RSA
|
||||
FreeKey(ssl, ssl->hsType, (void**)&ssl->hsKey);
|
||||
#endif /* !NO_RSA */
|
||||
|
||||
ssl->hsType = DYNAMIC_TYPE_ECC;
|
||||
ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey);
|
||||
if (ret != 0) {
|
||||
goto exit_dpk;
|
||||
}
|
||||
|
||||
#ifndef NO_RSA
|
||||
WOLFSSL_MSG("Trying ECC private key, RSA didn't work");
|
||||
#else
|
||||
WOLFSSL_MSG("Trying ECC private key");
|
||||
#endif
|
||||
|
||||
/* Set start of data to beginning of buffer. */
|
||||
idx = 0;
|
||||
/* Decode the key assuming it is an ECC private key. */
|
||||
ret = wc_EccPrivateKeyDecode(ssl->buffers.key->buffer, &idx,
|
||||
(ecc_key*)ssl->hsKey,
|
||||
ssl->buffers.key->length);
|
||||
if (ret == 0) {
|
||||
WOLFSSL_MSG("Using ECC private key");
|
||||
|
||||
/* Check it meets the minimum ECC key size requirements. */
|
||||
keySz = wc_ecc_size((ecc_key*)ssl->hsKey);
|
||||
if (keySz < ssl->options.minEccKeySz) {
|
||||
WOLFSSL_MSG("ECC key size too small");
|
||||
ERROR_OUT(ECC_KEY_SIZE_E, exit_dpk);
|
||||
}
|
||||
|
||||
/* Return the maximum signature length. */
|
||||
*length = (word16)wc_ecc_sig_size((ecc_key*)ssl->hsKey);
|
||||
|
||||
goto exit_dpk;
|
||||
}
|
||||
#endif
|
||||
#ifdef HAVE_ED25519
|
||||
#if !defined(NO_RSA) || defined(HAVE_ECC)
|
||||
FreeKey(ssl, ssl->hsType, (void**)&ssl->hsKey);
|
||||
#endif
|
||||
|
||||
ssl->hsType = DYNAMIC_TYPE_ED25519;
|
||||
ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey);
|
||||
if (ret != 0) {
|
||||
goto exit_dpk;
|
||||
}
|
||||
|
||||
#ifdef HAVE_ECC
|
||||
WOLFSSL_MSG("Trying ED25519 private key, ECC didn't work");
|
||||
#elif !defined(NO_RSA)
|
||||
WOLFSSL_MSG("Trying ED25519 private key, RSA didn't work");
|
||||
#else
|
||||
WOLFSSL_MSG("Trying ED25519 private key");
|
||||
#endif
|
||||
|
||||
/* Set start of data to beginning of buffer. */
|
||||
idx = 0;
|
||||
/* Decode the key assuming it is an ED25519 private key. */
|
||||
ret = wc_Ed25519PrivateKeyDecode(ssl->buffers.key->buffer, &idx,
|
||||
(ed25519_key*)ssl->hsKey,
|
||||
ssl->buffers.key->length);
|
||||
if (ret == 0) {
|
||||
WOLFSSL_MSG("Using ED25519 private key");
|
||||
|
||||
/* Check it meets the minimum ECC key size requirements. */
|
||||
if (ED25519_KEY_SIZE < ssl->options.minEccKeySz) {
|
||||
WOLFSSL_MSG("ED25519 key size too small");
|
||||
ERROR_OUT(ECC_KEY_SIZE_E, exit_dpk);
|
||||
}
|
||||
|
||||
/* Return the maximum signature length. */
|
||||
*length = ED25519_SIG_SIZE;
|
||||
|
||||
goto exit_dpk;
|
||||
}
|
||||
#endif /* HAVE_ED25519 */
|
||||
|
||||
(void)idx;
|
||||
(void)keySz;
|
||||
(void)length;
|
||||
exit_dpk:
|
||||
return ret;
|
||||
}
|
||||
|
||||
#ifndef WOLFSSL_NO_TLS12
|
||||
|
||||
#ifndef WOLFSSL_NO_CLIENT_AUTH
|
||||
@@ -23461,7 +23360,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
||||
args->output, args->sigSz,
|
||||
HashAlgoToType(args->hashAlgo));
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
goto exit_dcv;
|
||||
}
|
||||
else
|
||||
#endif
|
||||
|
||||
@@ -1147,6 +1147,8 @@ int wolfSSL_negotiate(WOLFSSL* ssl)
|
||||
}
|
||||
#endif
|
||||
|
||||
(void)ssl;
|
||||
|
||||
WOLFSSL_LEAVE("wolfSSL_negotiate", err);
|
||||
|
||||
return err;
|
||||
@@ -3366,7 +3368,7 @@ void wolfSSL_EVP_init(void)
|
||||
|
||||
#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
|
||||
|
||||
void wolfSSL_ERR_print_errors_fp(FILE* fp, int err)
|
||||
void wolfSSL_ERR_print_errors_fp(XFILE fp, int err)
|
||||
{
|
||||
char data[WOLFSSL_MAX_ERROR_SZ + 1];
|
||||
|
||||
@@ -3376,7 +3378,7 @@ void wolfSSL_ERR_print_errors_fp(FILE* fp, int err)
|
||||
}
|
||||
|
||||
#if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)
|
||||
void wolfSSL_ERR_dump_errors_fp(FILE* fp)
|
||||
void wolfSSL_ERR_dump_errors_fp(XFILE fp)
|
||||
{
|
||||
wc_ERR_print_errors_fp(fp);
|
||||
}
|
||||
@@ -8433,11 +8435,11 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
|
||||
|
||||
#ifdef OPENSSL_EXTRA
|
||||
WOLFSSL_METHOD* wolfSSLv23_method(void) {
|
||||
WOLFSSL_METHOD* m;
|
||||
WOLFSSL_METHOD* m = NULL;
|
||||
WOLFSSL_ENTER("wolfSSLv23_method");
|
||||
#ifndef NO_WOLFSSL_CLIENT
|
||||
#if !defined(NO_WOLFSSL_CLIENT)
|
||||
m = wolfSSLv23_client_method();
|
||||
#else
|
||||
#elif !defined(NO_WOLFSSL_SERVER)
|
||||
m = wolfSSLv23_server_method();
|
||||
#endif
|
||||
if (m != NULL) {
|
||||
@@ -11597,12 +11599,15 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
|
||||
WOLFSSL_BIO* wolfSSL_BIO_new_mem_buf(void* buf, int len)
|
||||
{
|
||||
WOLFSSL_BIO* bio = NULL;
|
||||
if (buf == NULL)
|
||||
|
||||
if (buf == NULL || len < 0) {
|
||||
return bio;
|
||||
}
|
||||
|
||||
bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem());
|
||||
if (bio == NULL)
|
||||
if (bio == NULL) {
|
||||
return bio;
|
||||
}
|
||||
|
||||
bio->memLen = bio->wrSz = len;
|
||||
bio->mem = (byte*)XMALLOC(len, 0, DYNAMIC_TYPE_OPENSSL);
|
||||
@@ -13400,7 +13405,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
|
||||
}
|
||||
|
||||
|
||||
/* WOLFSSL_SUCCESS on ok */
|
||||
/* WOLFSSL_SUCCESS on ok, WOLFSSL_FAILURE on failure */
|
||||
int wolfSSL_EVP_DigestUpdate(WOLFSSL_EVP_MD_CTX* ctx, const void* data,
|
||||
size_t sz)
|
||||
{
|
||||
@@ -13450,7 +13455,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
|
||||
break;
|
||||
#endif /* WOLFSSL_SHA512 */
|
||||
default:
|
||||
return BAD_FUNC_ARG;
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
|
||||
return WOLFSSL_SUCCESS;
|
||||
@@ -13506,7 +13511,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
|
||||
break;
|
||||
#endif /* WOLFSSL_SHA512 */
|
||||
default:
|
||||
return BAD_FUNC_ARG;
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
|
||||
return WOLFSSL_SUCCESS;
|
||||
@@ -13613,7 +13618,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
|
||||
{
|
||||
WOLFSSL_ENTER("wolfSSL_ERR_clear_error");
|
||||
|
||||
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
|
||||
#if defined(DEBUG_WOLFSSL) || defined(WOLFSSL_NGINX)
|
||||
wc_ClearErrorNodes();
|
||||
#endif
|
||||
}
|
||||
@@ -15608,8 +15613,8 @@ WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509* x509)
|
||||
if (wolfSSL_RSA_LoadDer_ex(key->rsa,
|
||||
(const unsigned char*)key->pkey.ptr, key->pkey_sz,
|
||||
WOLFSSL_RSA_LOAD_PUBLIC) != SSL_SUCCESS) {
|
||||
XFREE(key, x509->heap, DYNAMIC_TYPE_PUBLIC_KEY);
|
||||
wolfSSL_RSA_free(key->rsa);
|
||||
XFREE(key, x509->heap, DYNAMIC_TYPE_PUBLIC_KEY);
|
||||
return NULL;
|
||||
}
|
||||
}
|
||||
@@ -22526,7 +22531,7 @@ char *wolfSSL_BN_bn2hex(const WOLFSSL_BIGNUM *bn)
|
||||
/* return code compliant with OpenSSL :
|
||||
* 1 if success, 0 if error
|
||||
*/
|
||||
int wolfSSL_BN_print_fp(FILE *fp, const WOLFSSL_BIGNUM *bn)
|
||||
int wolfSSL_BN_print_fp(XFILE fp, const WOLFSSL_BIGNUM *bn)
|
||||
{
|
||||
#if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) || defined(DEBUG_WOLFSSL)
|
||||
char *buf;
|
||||
@@ -26564,6 +26569,7 @@ int wolfSSL_EC_POINT_get_affine_coordinates_GFp(const WOLFSSL_EC_GROUP *group,
|
||||
return WOLFSSL_SUCCESS;
|
||||
}
|
||||
|
||||
#ifndef WOLFSSL_ATECC508A
|
||||
/* return code compliant with OpenSSL :
|
||||
* 1 if success, 0 if error
|
||||
*/
|
||||
@@ -26628,6 +26634,7 @@ int wolfSSL_EC_POINT_mul(const WOLFSSL_EC_GROUP *group, WOLFSSL_EC_POINT *r,
|
||||
|
||||
return ret;
|
||||
}
|
||||
#endif
|
||||
|
||||
void wolfSSL_EC_POINT_clear_free(WOLFSSL_EC_POINT *p)
|
||||
{
|
||||
@@ -27387,6 +27394,10 @@ WOLFSSL_EVP_PKEY* wolfSSL_PEM_read_bio_PrivateKey(WOLFSSL_BIO* bio,
|
||||
|
||||
WOLFSSL_ENTER("wolfSSL_PEM_read_bio_PrivateKey");
|
||||
|
||||
if (bio == NULL) {
|
||||
return pkey;
|
||||
}
|
||||
|
||||
if ((ret = wolfSSL_BIO_pending(bio)) > 0) {
|
||||
memSz = ret;
|
||||
mem = (char*)XMALLOC(memSz, bio->heap, DYNAMIC_TYPE_OPENSSL);
|
||||
@@ -27640,10 +27651,6 @@ int wolfSSL_PEM_write_RSA_PUBKEY(FILE *fp, WOLFSSL_RSA *x)
|
||||
|
||||
#endif /* NO_FILESYSTEM */
|
||||
|
||||
#endif /* !NO_RSA */
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
|
||||
#if !defined(NO_RSA) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
|
||||
WOLFSSL_RSA *wolfSSL_d2i_RSAPublicKey(WOLFSSL_RSA **r, const unsigned char **pp, long len)
|
||||
{
|
||||
WOLFSSL_RSA *rsa = NULL;
|
||||
@@ -27699,6 +27706,10 @@ int wolfSSL_i2d_RSAPublicKey(WOLFSSL_RSA *rsa, const unsigned char **pp)
|
||||
}
|
||||
#endif /* #if !defined(HAVE_FAST_RSA) */
|
||||
|
||||
#endif /* !NO_RSA */
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
|
||||
#if !defined(NO_RSA) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
|
||||
/* return WOLFSSL_SUCCESS if success, WOLFSSL_FATAL_ERROR if error */
|
||||
int wolfSSL_RSA_LoadDer(WOLFSSL_RSA* rsa, const unsigned char* derBuf, int derSz)
|
||||
{
|
||||
@@ -28643,8 +28654,10 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl)
|
||||
return NULL;
|
||||
|
||||
i = 0;
|
||||
if (wc_PemGetHeaderFooter(CERT_TYPE, NULL, &footer) != 0)
|
||||
if (wc_PemGetHeaderFooter(CERT_TYPE, NULL, &footer) != 0) {
|
||||
XFREE(pem, 0, DYNAMIC_TYPE_PEM);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
/* TODO: Inefficient
|
||||
* reading in one byte at a time until see "END CERTIFICATE"
|
||||
@@ -28684,7 +28697,7 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl)
|
||||
}
|
||||
|
||||
#if defined(HAVE_CRL) && !defined(NO_FILESYSTEM)
|
||||
WOLFSSL_API WOLFSSL_X509_CRL* wolfSSL_PEM_read_X509_CRL(FILE *fp, WOLFSSL_X509_CRL **crl,
|
||||
WOLFSSL_API WOLFSSL_X509_CRL* wolfSSL_PEM_read_X509_CRL(XFILE fp, WOLFSSL_X509_CRL **crl,
|
||||
pem_password_cb *cb, void *u)
|
||||
{
|
||||
#if defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM)
|
||||
@@ -32922,4 +32935,4 @@ int wolfSSL_i2c_ASN1_INTEGER(WOLFSSL_ASN1_INTEGER *a, unsigned char **pp)
|
||||
}
|
||||
#endif /* !NO_ASN */
|
||||
|
||||
#endif /* OPENSSLEXTRA */
|
||||
#endif /* OPENSSLEXTRA */
|
||||
|
||||
@@ -852,13 +852,449 @@ int wolfSSL_SetTlsHmacInner(WOLFSSL* ssl, byte* inner, word32 sz, int content,
|
||||
}
|
||||
|
||||
|
||||
/* TLS type HMAC */
|
||||
int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz,
|
||||
int content, int verify)
|
||||
#if !defined(WOLFSSL_NO_HASH_RAW) && !defined(HAVE_FIPS) && \
|
||||
!defined(HAVE_SELFTEST)
|
||||
|
||||
/* Update the hash in the HMAC.
|
||||
*
|
||||
* hmac HMAC object.
|
||||
* data Data to be hashed.
|
||||
* sz Size of data to hash.
|
||||
* returns 0 on success, otherwise failure.
|
||||
*/
|
||||
static int Hmac_HashUpdate(Hmac* hmac, const byte* data, word32 sz)
|
||||
{
|
||||
Hmac hmac;
|
||||
int ret = 0;
|
||||
byte myInner[WOLFSSL_TLS_HMAC_INNER_SZ];
|
||||
int ret = BAD_FUNC_ARG;
|
||||
|
||||
switch (hmac->macType) {
|
||||
#ifndef NO_SHA
|
||||
case WC_SHA:
|
||||
ret = wc_ShaUpdate(&hmac->hash.sha, data, sz);
|
||||
break;
|
||||
#endif /* !NO_SHA */
|
||||
|
||||
#ifndef NO_SHA256
|
||||
case WC_SHA256:
|
||||
ret = wc_Sha256Update(&hmac->hash.sha256, data, sz);
|
||||
break;
|
||||
#endif /* !NO_SHA256 */
|
||||
|
||||
#ifdef WOLFSSL_SHA384
|
||||
case WC_SHA384:
|
||||
ret = wc_Sha384Update(&hmac->hash.sha384, data, sz);
|
||||
break;
|
||||
#endif /* WOLFSSL_SHA384 */
|
||||
|
||||
#ifdef WOLFSSL_SHA512
|
||||
case WC_SHA512:
|
||||
ret = wc_Sha512Update(&hmac->hash.sha512, data, sz);
|
||||
break;
|
||||
#endif /* WOLFSSL_SHA512 */
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
/* Finalize the hash but don't put the EOC, padding or length in.
|
||||
*
|
||||
* hmac HMAC object.
|
||||
* hash Hash result.
|
||||
* returns 0 on success, otherwise failure.
|
||||
*/
|
||||
static int Hmac_HashFinalRaw(Hmac* hmac, unsigned char* hash)
|
||||
{
|
||||
int ret = BAD_FUNC_ARG;
|
||||
|
||||
switch (hmac->macType) {
|
||||
#ifndef NO_SHA
|
||||
case WC_SHA:
|
||||
ret = wc_ShaFinalRaw(&hmac->hash.sha, hash);
|
||||
break;
|
||||
#endif /* !NO_SHA */
|
||||
|
||||
#ifndef NO_SHA256
|
||||
case WC_SHA256:
|
||||
ret = wc_Sha256FinalRaw(&hmac->hash.sha256, hash);
|
||||
break;
|
||||
#endif /* !NO_SHA256 */
|
||||
|
||||
#ifdef WOLFSSL_SHA384
|
||||
case WC_SHA384:
|
||||
ret = wc_Sha384FinalRaw(&hmac->hash.sha384, hash);
|
||||
break;
|
||||
#endif /* WOLFSSL_SHA384 */
|
||||
|
||||
#ifdef WOLFSSL_SHA512
|
||||
case WC_SHA512:
|
||||
ret = wc_Sha512FinalRaw(&hmac->hash.sha512, hash);
|
||||
break;
|
||||
#endif /* WOLFSSL_SHA512 */
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
/* Finalize the HMAC by performing outer hash.
|
||||
*
|
||||
* hmac HMAC object.
|
||||
* mac MAC result.
|
||||
* returns 0 on success, otherwise failure.
|
||||
*/
|
||||
static int Hmac_OuterHash(Hmac* hmac, unsigned char* mac)
|
||||
{
|
||||
int ret = BAD_FUNC_ARG;
|
||||
|
||||
switch (hmac->macType) {
|
||||
#ifndef NO_SHA
|
||||
case WC_SHA:
|
||||
ret = wc_InitSha(&hmac->hash.sha);
|
||||
if (ret == 0)
|
||||
ret = wc_ShaUpdate(&hmac->hash.sha, (byte*)hmac->opad,
|
||||
WC_SHA_BLOCK_SIZE);
|
||||
if (ret == 0)
|
||||
ret = wc_ShaUpdate(&hmac->hash.sha, (byte*)hmac->innerHash,
|
||||
WC_SHA_DIGEST_SIZE);
|
||||
if (ret == 0)
|
||||
ret = wc_ShaFinal(&hmac->hash.sha, mac);
|
||||
break;
|
||||
#endif /* !NO_SHA */
|
||||
|
||||
#ifndef NO_SHA256
|
||||
case WC_SHA256:
|
||||
ret = wc_InitSha256(&hmac->hash.sha256);
|
||||
if (ret == 0)
|
||||
ret = wc_Sha256Update(&hmac->hash.sha256, (byte*)hmac->opad,
|
||||
WC_SHA256_BLOCK_SIZE);
|
||||
if (ret == 0)
|
||||
ret = wc_Sha256Update(&hmac->hash.sha256,
|
||||
(byte*)hmac->innerHash,
|
||||
WC_SHA256_DIGEST_SIZE);
|
||||
if (ret == 0)
|
||||
ret = wc_Sha256Final(&hmac->hash.sha256, mac);
|
||||
break;
|
||||
#endif /* !NO_SHA256 */
|
||||
|
||||
#ifdef WOLFSSL_SHA384
|
||||
case WC_SHA384:
|
||||
ret = wc_InitSha384(&hmac->hash.sha384);
|
||||
if (ret == 0)
|
||||
ret = wc_Sha384Update(&hmac->hash.sha384, (byte*)hmac->opad,
|
||||
WC_SHA384_BLOCK_SIZE);
|
||||
if (ret == 0)
|
||||
ret = wc_Sha384Update(&hmac->hash.sha384,
|
||||
(byte*)hmac->innerHash,
|
||||
WC_SHA384_DIGEST_SIZE);
|
||||
if (ret == 0)
|
||||
ret = wc_Sha384Final(&hmac->hash.sha384, mac);
|
||||
break;
|
||||
#endif /* WOLFSSL_SHA384 */
|
||||
|
||||
#ifdef WOLFSSL_SHA512
|
||||
case WC_SHA512:
|
||||
ret = wc_InitSha512(&hmac->hash.sha512);
|
||||
if (ret == 0)
|
||||
ret = wc_Sha512Update(&hmac->hash.sha512,(byte*)hmac->opad,
|
||||
WC_SHA512_BLOCK_SIZE);
|
||||
if (ret == 0)
|
||||
ret = wc_Sha512Update(&hmac->hash.sha512,
|
||||
(byte*)hmac->innerHash,
|
||||
WC_SHA512_DIGEST_SIZE);
|
||||
if (ret == 0)
|
||||
ret = wc_Sha512Final(&hmac->hash.sha512, mac);
|
||||
break;
|
||||
#endif /* WOLFSSL_SHA512 */
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
/* Calculate the HMAC of the header + message data.
|
||||
* Constant time implementation using wc_Sha*FinalRaw().
|
||||
*
|
||||
* hmac HMAC object.
|
||||
* digest MAC result.
|
||||
* in Message data.
|
||||
* sz Size of the message data.
|
||||
* header Constructed record header with length of handshake data.
|
||||
* returns 0 on success, otherwise failure.
|
||||
*/
|
||||
static int Hmac_UpdateFinal_CT(Hmac* hmac, byte* digest, const byte* in,
|
||||
word32 sz, byte* header)
|
||||
{
|
||||
byte lenBytes[8];
|
||||
int i, j, k;
|
||||
int blockBits, blockMask;
|
||||
int realLen, lastBlockLen, macLen, extraLen, eocIndex;
|
||||
int blocks, safeBlocks, lenBlock, eocBlock;
|
||||
int maxLen;
|
||||
int blockSz, padSz;
|
||||
int ret;
|
||||
byte extraBlock;
|
||||
|
||||
switch (hmac->macType) {
|
||||
#ifndef NO_SHA
|
||||
case WC_SHA:
|
||||
blockSz = WC_SHA_BLOCK_SIZE;
|
||||
blockBits = 6;
|
||||
macLen = WC_SHA_DIGEST_SIZE;
|
||||
padSz = WC_SHA_BLOCK_SIZE - WC_SHA_PAD_SIZE + 1;
|
||||
break;
|
||||
#endif /* !NO_SHA */
|
||||
|
||||
#ifndef NO_SHA256
|
||||
case WC_SHA256:
|
||||
blockSz = WC_SHA256_BLOCK_SIZE;
|
||||
blockBits = 6;
|
||||
macLen = WC_SHA256_DIGEST_SIZE;
|
||||
padSz = WC_SHA256_BLOCK_SIZE - WC_SHA256_PAD_SIZE + 1;
|
||||
break;
|
||||
#endif /* !NO_SHA256 */
|
||||
|
||||
#ifdef WOLFSSL_SHA384
|
||||
case WC_SHA384:
|
||||
blockSz = WC_SHA384_BLOCK_SIZE;
|
||||
blockBits = 7;
|
||||
macLen = WC_SHA384_DIGEST_SIZE;
|
||||
padSz = WC_SHA384_BLOCK_SIZE - WC_SHA384_PAD_SIZE + 1;
|
||||
break;
|
||||
#endif /* WOLFSSL_SHA384 */
|
||||
|
||||
#ifdef WOLFSSL_SHA512
|
||||
case WC_SHA512:
|
||||
blockSz = WC_SHA512_BLOCK_SIZE;
|
||||
blockBits = 7;
|
||||
macLen = WC_SHA512_DIGEST_SIZE;
|
||||
padSz = WC_SHA512_BLOCK_SIZE - WC_SHA512_PAD_SIZE + 1;
|
||||
break;
|
||||
#endif /* WOLFSSL_SHA512 */
|
||||
|
||||
default:
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
blockMask = blockSz - 1;
|
||||
|
||||
/* Size of data to HMAC if padding length byte is zero. */
|
||||
maxLen = WOLFSSL_TLS_HMAC_INNER_SZ + sz - 1 - macLen;
|
||||
/* Complete data (including padding) has block for EOC and/or length. */
|
||||
extraBlock = ctSetLTE((maxLen + padSz) & blockMask, padSz);
|
||||
/* Total number of blocks for data including padding. */
|
||||
blocks = ((maxLen + blockSz - 1) >> blockBits) + extraBlock;
|
||||
/* Up to last 6 blocks can be hashed safely. */
|
||||
safeBlocks = blocks - 6;
|
||||
|
||||
/* Length of message data. */
|
||||
realLen = maxLen - in[sz - 1];
|
||||
/* Number of message bytes in last block. */
|
||||
lastBlockLen = realLen & blockMask;
|
||||
/* Number of padding bytes in last block. */
|
||||
extraLen = ((blockSz * 2 - padSz - lastBlockLen) & blockMask) + 1;
|
||||
/* Number of blocks to create for hash. */
|
||||
lenBlock = (realLen + extraLen) >> blockBits;
|
||||
/* Block containing EOC byte. */
|
||||
eocBlock = realLen >> blockBits;
|
||||
/* Index of EOC byte in block. */
|
||||
eocIndex = realLen & blockMask;
|
||||
|
||||
/* Add length of hmac's ipad to total length. */
|
||||
realLen += blockSz;
|
||||
/* Length as bits - 8 bytes bigendian. */
|
||||
c32toa(realLen >> ((sizeof(word32) * 8) - 3), lenBytes);
|
||||
c32toa(realLen << 3, lenBytes + sizeof(word32));
|
||||
|
||||
ret = Hmac_HashUpdate(hmac, (unsigned char*)hmac->ipad, blockSz);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
|
||||
XMEMSET(hmac->innerHash, 0, macLen);
|
||||
|
||||
if (safeBlocks > 0) {
|
||||
ret = Hmac_HashUpdate(hmac, header, WOLFSSL_TLS_HMAC_INNER_SZ);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
ret = Hmac_HashUpdate(hmac, in, safeBlocks * blockSz -
|
||||
WOLFSSL_TLS_HMAC_INNER_SZ);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
}
|
||||
else
|
||||
safeBlocks = 0;
|
||||
|
||||
XMEMSET(digest, 0, macLen);
|
||||
k = safeBlocks * blockSz;
|
||||
for (i = safeBlocks; i < blocks; i++) {
|
||||
unsigned char hashBlock[WC_MAX_BLOCK_SIZE];
|
||||
unsigned char isEocBlock = ctMaskEq(i, eocBlock);
|
||||
unsigned char isOutBlock = ctMaskEq(i, lenBlock);
|
||||
|
||||
for (j = 0; j < blockSz; j++, k++) {
|
||||
unsigned char atEoc = ctMaskEq(j, eocIndex) & isEocBlock;
|
||||
unsigned char pastEoc = ctMaskGT(j, eocIndex) & isEocBlock;
|
||||
unsigned char b = 0;
|
||||
|
||||
if (k < WOLFSSL_TLS_HMAC_INNER_SZ)
|
||||
b = header[k];
|
||||
else if (k < maxLen)
|
||||
b = in[k - WOLFSSL_TLS_HMAC_INNER_SZ];
|
||||
|
||||
b = ctMaskSel(atEoc, b, 0x80);
|
||||
b &= ~pastEoc;
|
||||
b &= ~isOutBlock | isEocBlock;
|
||||
|
||||
if (j >= blockSz - 8) {
|
||||
b = ctMaskSel(isOutBlock, b, lenBytes[j - (blockSz - 8)]);
|
||||
}
|
||||
|
||||
hashBlock[j] = b;
|
||||
}
|
||||
|
||||
ret = Hmac_HashUpdate(hmac, hashBlock, blockSz);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
ret = Hmac_HashFinalRaw(hmac, hashBlock);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
for (j = 0; j < macLen; j++)
|
||||
((unsigned char*)hmac->innerHash)[j] |= hashBlock[j] & isOutBlock;
|
||||
}
|
||||
|
||||
ret = Hmac_OuterHash(hmac, digest);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
#if defined(WOLFSSL_NO_HASH_RAW) || defined(HAVE_FIPS) || \
|
||||
defined(HAVE_SELFTEST) || defined(HAVE_BLAKE2)
|
||||
|
||||
/* Calculate the HMAC of the header + message data.
|
||||
* Constant time implementation using normal hashing operations.
|
||||
* Update-Final need to be constant time.
|
||||
*
|
||||
* hmac HMAC object.
|
||||
* digest MAC result.
|
||||
* in Message data.
|
||||
* sz Size of the message data.
|
||||
* header Constructed record header with length of handshake data.
|
||||
* returns 0 on success, otherwise failure.
|
||||
*/
|
||||
static int Hmac_UpdateFinal(Hmac* hmac, byte* digest, const byte* in,
|
||||
word32 sz, byte* header)
|
||||
{
|
||||
byte dummy[WC_MAX_BLOCK_SIZE] = {0};
|
||||
int ret;
|
||||
word32 msgSz, blockSz, macSz, padSz, maxSz, realSz;
|
||||
word32 currSz, offset;
|
||||
int msgBlocks, blocks, blockBits;
|
||||
int i;
|
||||
|
||||
switch (hmac->macType) {
|
||||
#ifndef NO_SHA
|
||||
case WC_SHA:
|
||||
blockSz = WC_SHA_BLOCK_SIZE;
|
||||
blockBits = 6;
|
||||
macSz = WC_SHA_DIGEST_SIZE;
|
||||
padSz = WC_SHA_BLOCK_SIZE - WC_SHA_PAD_SIZE + 1;
|
||||
break;
|
||||
#endif /* !NO_SHA */
|
||||
|
||||
#ifndef NO_SHA256
|
||||
case WC_SHA256:
|
||||
blockSz = WC_SHA256_BLOCK_SIZE;
|
||||
blockBits = 6;
|
||||
macSz = WC_SHA256_DIGEST_SIZE;
|
||||
padSz = WC_SHA256_BLOCK_SIZE - WC_SHA256_PAD_SIZE + 1;
|
||||
break;
|
||||
#endif /* !NO_SHA256 */
|
||||
|
||||
#ifdef WOLFSSL_SHA384
|
||||
case WC_SHA384:
|
||||
blockSz = WC_SHA384_BLOCK_SIZE;
|
||||
blockBits = 7;
|
||||
macSz = WC_SHA384_DIGEST_SIZE;
|
||||
padSz = WC_SHA384_BLOCK_SIZE - WC_SHA384_PAD_SIZE + 1;
|
||||
break;
|
||||
#endif /* WOLFSSL_SHA384 */
|
||||
|
||||
#ifdef WOLFSSL_SHA512
|
||||
case WC_SHA512:
|
||||
blockSz = WC_SHA512_BLOCK_SIZE;
|
||||
blockBits = 7;
|
||||
macSz = WC_SHA512_DIGEST_SIZE;
|
||||
padSz = WC_SHA512_BLOCK_SIZE - WC_SHA512_PAD_SIZE + 1;
|
||||
break;
|
||||
#endif /* WOLFSSL_SHA512 */
|
||||
|
||||
#ifdef HAVE_BLAKE2
|
||||
case WC_HASH_TYPE_BLAKE2B:
|
||||
blockSz = BLAKE2B_BLOCKBYTES;
|
||||
blockBits = 7;
|
||||
macSz = BLAKE2B_256;
|
||||
padSz = 0;
|
||||
break;
|
||||
#endif /* HAVE_BLAK2 */
|
||||
|
||||
default:
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
msgSz = sz - (1 + in[sz - 1] + macSz);
|
||||
/* Make negative result 0 */
|
||||
msgSz &= ~(0 - (msgSz >> 31));
|
||||
realSz = WOLFSSL_TLS_HMAC_INNER_SZ + msgSz;
|
||||
maxSz = WOLFSSL_TLS_HMAC_INNER_SZ + (sz - 1) - macSz;
|
||||
|
||||
/* Calculate #blocks processed in HMAC for max and real data. */
|
||||
blocks = maxSz >> blockBits;
|
||||
blocks += ((maxSz + padSz) % blockSz) < padSz;
|
||||
msgBlocks = realSz >> blockBits;
|
||||
/* #Extra blocks to process. */
|
||||
blocks -= msgBlocks + (((realSz + padSz) % blockSz) < padSz);
|
||||
/* Calculate whole blocks. */
|
||||
msgBlocks--;
|
||||
|
||||
ret = wc_HmacUpdate(hmac, header, WOLFSSL_TLS_HMAC_INNER_SZ);
|
||||
if (ret == 0) {
|
||||
/* Fill the rest of the block with any available data. */
|
||||
currSz = ctMaskLT(msgSz, blockSz) & msgSz;
|
||||
currSz |= ctMaskGTE(msgSz, blockSz) & blockSz;
|
||||
currSz -= WOLFSSL_TLS_HMAC_INNER_SZ;
|
||||
currSz &= ~(0 - (currSz >> 31));
|
||||
ret = wc_HmacUpdate(hmac, in, currSz);
|
||||
offset = currSz;
|
||||
}
|
||||
if (ret == 0) {
|
||||
/* Do the hash operations on a block basis. */
|
||||
for (i = 0; i < msgBlocks; i++, offset += blockSz) {
|
||||
ret = wc_HmacUpdate(hmac, in + offset, blockSz);
|
||||
if (ret != 0)
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (ret == 0)
|
||||
ret = wc_HmacUpdate(hmac, in + offset, msgSz - offset);
|
||||
if (ret == 0)
|
||||
ret = wc_HmacFinal(hmac, digest);
|
||||
if (ret == 0) {
|
||||
/* Do the dummy hash operations. Do at least one. */
|
||||
for (i = 0; i < blocks + 1; i++) {
|
||||
ret = wc_HmacUpdate(hmac, dummy, blockSz);
|
||||
if (ret != 0)
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, int padSz,
|
||||
int content, int verify)
|
||||
{
|
||||
Hmac hmac;
|
||||
byte myInner[WOLFSSL_TLS_HMAC_INNER_SZ];
|
||||
int ret = 0;
|
||||
|
||||
if (ssl == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
@@ -875,14 +1311,41 @@ int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz,
|
||||
return ret;
|
||||
|
||||
ret = wc_HmacSetKey(&hmac, wolfSSL_GetHmacType(ssl),
|
||||
wolfSSL_GetMacSecret(ssl, verify), ssl->specs.hash_size);
|
||||
wolfSSL_GetMacSecret(ssl, verify),
|
||||
ssl->specs.hash_size);
|
||||
if (ret == 0) {
|
||||
ret = wc_HmacUpdate(&hmac, myInner, sizeof(myInner));
|
||||
if (ret == 0)
|
||||
ret = wc_HmacUpdate(&hmac, in, sz); /* content */
|
||||
if (ret == 0)
|
||||
ret = wc_HmacFinal(&hmac, digest);
|
||||
/* Constant time verification required. */
|
||||
if (verify && padSz >= 0) {
|
||||
#if !defined(WOLFSSL_NO_HASH_RAW) && !defined(HAVE_FIPS) && \
|
||||
!defined(HAVE_SELFTEST)
|
||||
#ifdef HAVE_BLAKE2
|
||||
if (wolfSSL_GetHmacType(ssl) == WC_HASH_TYPE_BLAKE2B) {
|
||||
ret = Hmac_UpdateFinal(&hmac, digest, in, sz +
|
||||
ssl->specs.hash_size + padSz + 1,
|
||||
myInner);
|
||||
}
|
||||
else
|
||||
#endif
|
||||
{
|
||||
ret = Hmac_UpdateFinal_CT(&hmac, digest, in, sz +
|
||||
ssl->specs.hash_size + padSz + 1,
|
||||
myInner);
|
||||
}
|
||||
#else
|
||||
ret = Hmac_UpdateFinal(&hmac, digest, in, sz +
|
||||
ssl->specs.hash_size + padSz + 1,
|
||||
myInner);
|
||||
#endif
|
||||
}
|
||||
else {
|
||||
ret = wc_HmacUpdate(&hmac, myInner, sizeof(myInner));
|
||||
if (ret == 0)
|
||||
ret = wc_HmacUpdate(&hmac, in, sz); /* content */
|
||||
if (ret == 0)
|
||||
ret = wc_HmacFinal(&hmac, digest);
|
||||
}
|
||||
}
|
||||
|
||||
wc_HmacFree(&hmac);
|
||||
|
||||
return ret;
|
||||
@@ -3024,7 +3487,7 @@ static int TLSX_PointFormat_Append(PointFormat* list, byte format, void* heap)
|
||||
return ret;
|
||||
}
|
||||
|
||||
#ifndef NO_WOLFSSL_CLIENT
|
||||
#if defined(WOLFSSL_TLS13) || !defined(NO_WOLFSSL_CLIENT)
|
||||
|
||||
static void TLSX_SupportedCurve_ValidateRequest(WOLFSSL* ssl, byte* semaphore)
|
||||
{
|
||||
@@ -3055,6 +3518,7 @@ static void TLSX_PointFormat_ValidateRequest(WOLFSSL* ssl, byte* semaphore)
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
#ifndef NO_WOLFSSL_SERVER
|
||||
|
||||
static void TLSX_PointFormat_ValidateResponse(WOLFSSL* ssl, byte* semaphore)
|
||||
@@ -3246,6 +3710,9 @@ int TLSX_SupportedCurve_CheckPriority(WOLFSSL* ssl)
|
||||
return 0;
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
#if defined(WOLFSSL_TLS13) && !defined(WOLFSSL_NO_SERVER_GROUPS_EXT)
|
||||
/* Return the preferred group.
|
||||
*
|
||||
* ssl SSL/TLS object.
|
||||
@@ -3891,7 +4358,7 @@ int TLSX_AddEmptyRenegotiationInfo(TLSX** extensions, void* heap)
|
||||
|
||||
#ifdef HAVE_SESSION_TICKET
|
||||
|
||||
#ifndef NO_WOLFSSL_CLIENT
|
||||
#if defined(WOLFSSL_TLS13) || !defined(NO_WOLFSSL_CLIENT)
|
||||
static void TLSX_SessionTicket_ValidateRequest(WOLFSSL* ssl)
|
||||
{
|
||||
TLSX* extension = TLSX_Find(ssl->extensions, TLSX_SESSION_TICKET);
|
||||
@@ -3906,7 +4373,7 @@ static void TLSX_SessionTicket_ValidateRequest(WOLFSSL* ssl)
|
||||
}
|
||||
}
|
||||
}
|
||||
#endif /* NO_WOLFSSL_CLIENT */
|
||||
#endif /* WLFSSL_TLS13 || !NO_WOLFSSL_CLIENT */
|
||||
|
||||
|
||||
static word16 TLSX_SessionTicket_GetSize(SessionTicket* ticket, int isRequest)
|
||||
@@ -4751,8 +5218,18 @@ static int TLSX_SupportedVersions_Write(void* data, byte* output,
|
||||
}
|
||||
#ifndef WOLFSSL_TLS13_DRAFT_18
|
||||
else if (msgType == server_hello || msgType == hello_retry_request) {
|
||||
output[0] = ssl->version.major;
|
||||
output[1] = ssl->version.minor;
|
||||
#ifndef WOLFSSL_TLS13_FINAL
|
||||
if (ssl->version.major == SSLv3_MAJOR &&
|
||||
ssl->version.minor == TLSv1_3_MINOR) {
|
||||
output[0] = TLS_DRAFT_MAJOR;
|
||||
output[1] = TLS_DRAFT_MINOR;
|
||||
}
|
||||
else
|
||||
#endif
|
||||
{
|
||||
output[0] = ssl->version.major;
|
||||
output[1] = ssl->version.minor;
|
||||
}
|
||||
|
||||
*pSz += OPAQUE16_LEN;
|
||||
}
|
||||
@@ -4810,34 +5287,38 @@ static int TLSX_SupportedVersions_Parse(WOLFSSL* ssl, byte* input,
|
||||
continue;
|
||||
|
||||
/* No upgrade allowed. */
|
||||
if (ssl->version.minor > minor)
|
||||
if (minor > ssl->version.minor)
|
||||
continue;
|
||||
/* Check downgrade. */
|
||||
if (ssl->version.minor < minor) {
|
||||
if (minor < ssl->version.minor) {
|
||||
if (!ssl->options.downgrade)
|
||||
continue;
|
||||
|
||||
if (minor < ssl->options.minDowngrade)
|
||||
continue;
|
||||
|
||||
/* Downgrade the version. */
|
||||
ssl->version.minor = minor;
|
||||
if (newMinor == 0 && minor > ssl->options.oldMinor) {
|
||||
/* Downgrade the version. */
|
||||
ssl->version.minor = minor;
|
||||
}
|
||||
}
|
||||
|
||||
if (minor >= TLSv1_3_MINOR) {
|
||||
ssl->options.tls1_3 = 1;
|
||||
TLSX_Push(&ssl->extensions, TLSX_SUPPORTED_VERSIONS, ssl,
|
||||
ssl->heap);
|
||||
if (!ssl->options.tls1_3) {
|
||||
ssl->options.tls1_3 = 1;
|
||||
TLSX_Push(&ssl->extensions, TLSX_SUPPORTED_VERSIONS, ssl,
|
||||
ssl->heap);
|
||||
#ifndef WOLFSSL_TLS13_DRAFT_18
|
||||
TLSX_SetResponse(ssl, TLSX_SUPPORTED_VERSIONS);
|
||||
TLSX_SetResponse(ssl, TLSX_SUPPORTED_VERSIONS);
|
||||
#endif
|
||||
newMinor = minor;
|
||||
}
|
||||
if (minor > newMinor) {
|
||||
ssl->version.minor = minor;
|
||||
newMinor = minor;
|
||||
}
|
||||
}
|
||||
else if (ssl->options.oldMinor < minor)
|
||||
else if (minor > ssl->options.oldMinor)
|
||||
ssl->options.oldMinor = minor;
|
||||
|
||||
if (newMinor != 0 && ssl->options.oldMinor != 0)
|
||||
break;
|
||||
}
|
||||
}
|
||||
#ifndef WOLFSSL_TLS13_DRAFT_18
|
||||
@@ -7328,7 +7809,7 @@ int TLSX_PskKeModes_Use(WOLFSSL* ssl, byte modes)
|
||||
static word16 TLSX_PostHandAuth_GetSize(byte msgType)
|
||||
{
|
||||
if (msgType == client_hello)
|
||||
return OPAQUE8_LEN;
|
||||
return 0;
|
||||
|
||||
return SANITY_MSG_E;
|
||||
}
|
||||
@@ -7343,10 +7824,10 @@ static word16 TLSX_PostHandAuth_GetSize(byte msgType)
|
||||
*/
|
||||
static word16 TLSX_PostHandAuth_Write(byte* output, byte msgType)
|
||||
{
|
||||
if (msgType == client_hello) {
|
||||
*output = 0;
|
||||
return OPAQUE8_LEN;
|
||||
}
|
||||
(void)output;
|
||||
|
||||
if (msgType == client_hello)
|
||||
return 0;
|
||||
|
||||
return SANITY_MSG_E;
|
||||
}
|
||||
@@ -7363,15 +7844,11 @@ static word16 TLSX_PostHandAuth_Write(byte* output, byte msgType)
|
||||
static int TLSX_PostHandAuth_Parse(WOLFSSL* ssl, byte* input, word16 length,
|
||||
byte msgType)
|
||||
{
|
||||
byte len;
|
||||
(void)input;
|
||||
|
||||
if (msgType == client_hello) {
|
||||
/* Ensure length byte exists. */
|
||||
if (length < OPAQUE8_LEN)
|
||||
return BUFFER_E;
|
||||
|
||||
len = input[0];
|
||||
if (length - OPAQUE8_LEN != len || len != 0)
|
||||
/* Ensure extension is empty. */
|
||||
if (length != 0)
|
||||
return BUFFER_E;
|
||||
|
||||
ssl->options.postHandshakeAuth = 1;
|
||||
@@ -8645,7 +9122,7 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
|
||||
}
|
||||
|
||||
|
||||
#ifndef NO_WOLFSSL_CLIENT
|
||||
#if defined(WOLFSSL_TLS13) || !defined(NO_WOLFSSL_CLIENT)
|
||||
|
||||
/** Tells the buffered size of extensions to be sent into the client hello. */
|
||||
int TLSX_GetRequestSize(WOLFSSL* ssl, byte msgType, word16* pLength)
|
||||
@@ -8850,7 +9327,7 @@ int TLSX_WriteRequest(WOLFSSL* ssl, byte* output, byte msgType, word16* pOffset)
|
||||
return ret;
|
||||
}
|
||||
|
||||
#endif /* NO_WOLFSSL_CLIENT */
|
||||
#endif /* WOLFSSL_TLS13 || !NO_WOLFSSL_CLIENT */
|
||||
|
||||
#ifndef NO_WOLFSSL_SERVER
|
||||
|
||||
@@ -9347,7 +9824,7 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType,
|
||||
|
||||
#ifdef WOLFSSL_POST_HANDSHAKE_AUTH
|
||||
case TLSX_POST_HANDSHAKE_AUTH:
|
||||
WOLFSSL_MSG("PSK Key Exchange Modes extension received");
|
||||
WOLFSSL_MSG("Post Handshake Authentication extension received");
|
||||
|
||||
if (!IsAtLeastTLSv1_3(ssl->version))
|
||||
break;
|
||||
|
||||
Executable → Regular
+248
-220
@@ -80,7 +80,7 @@
|
||||
|
||||
#ifdef WOLFSSL_TLS13
|
||||
#ifdef HAVE_SESSION_TICKET
|
||||
#include <sys/time.h>
|
||||
#include <wolfssl/wolfcrypt/wc_port.h>
|
||||
#endif
|
||||
|
||||
#ifndef WOLFCRYPT_ONLY
|
||||
@@ -2190,6 +2190,127 @@ static int FindSuite(WOLFSSL* ssl, byte* suite)
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifndef WOLFSSL_TLS13_DRAFT_18
|
||||
#if defined(WOLFSSL_SEND_HRR_COOKIE) && !defined(NO_WOLFSSL_SERVER)
|
||||
/* Create Cookie extension using the hash of the first ClientHello.
|
||||
*
|
||||
* ssl SSL/TLS object.
|
||||
* hash The hash data.
|
||||
* hashSz The size of the hash data in bytes.
|
||||
* returns 0 on success, otherwise failure.
|
||||
*/
|
||||
static int CreateCookie(WOLFSSL* ssl, byte* hash, byte hashSz)
|
||||
{
|
||||
int ret;
|
||||
byte mac[WC_MAX_DIGEST_SIZE];
|
||||
Hmac cookieHmac;
|
||||
byte cookieType;
|
||||
byte macSz;
|
||||
|
||||
#if !defined(NO_SHA) && defined(NO_SHA256)
|
||||
cookieType = SHA;
|
||||
macSz = WC_SHA_DIGEST_SIZE;
|
||||
#endif /* NO_SHA */
|
||||
#ifndef NO_SHA256
|
||||
cookieType = WC_SHA256;
|
||||
macSz = WC_SHA256_DIGEST_SIZE;
|
||||
#endif /* NO_SHA256 */
|
||||
|
||||
ret = wc_HmacSetKey(&cookieHmac, cookieType,
|
||||
ssl->buffers.tls13CookieSecret.buffer,
|
||||
ssl->buffers.tls13CookieSecret.length);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
if ((ret = wc_HmacUpdate(&cookieHmac, hash, hashSz)) != 0)
|
||||
return ret;
|
||||
if ((ret = wc_HmacFinal(&cookieHmac, mac)) != 0)
|
||||
return ret;
|
||||
|
||||
/* The cookie data is the hash and the integrity check. */
|
||||
return TLSX_Cookie_Use(ssl, hash, hashSz, mac, macSz, 1);
|
||||
}
|
||||
#endif
|
||||
|
||||
/* Restart the Hanshake hash with a hash of the previous messages.
|
||||
*
|
||||
* ssl The SSL/TLS object.
|
||||
* returns 0 on success, otherwise failure.
|
||||
*/
|
||||
static int RestartHandshakeHash(WOLFSSL* ssl)
|
||||
{
|
||||
int ret;
|
||||
Hashes hashes;
|
||||
byte header[HANDSHAKE_HEADER_SZ];
|
||||
byte* hash = NULL;
|
||||
byte hashSz = 0;
|
||||
|
||||
ret = BuildCertHashes(ssl, &hashes);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
switch (ssl->specs.mac_algorithm) {
|
||||
#ifndef NO_SHA256
|
||||
case sha256_mac:
|
||||
hash = hashes.sha256;
|
||||
break;
|
||||
#endif
|
||||
#ifdef WOLFSSL_SHA384
|
||||
case sha384_mac:
|
||||
hash = hashes.sha384;
|
||||
break;
|
||||
#endif
|
||||
#ifdef WOLFSSL_TLS13_SHA512
|
||||
case sha512_mac:
|
||||
hash = hashes.sha512;
|
||||
break;
|
||||
#endif
|
||||
}
|
||||
hashSz = ssl->specs.hash_size;
|
||||
AddTls13HandShakeHeader(header, hashSz, 0, 0, message_hash, ssl);
|
||||
|
||||
WOLFSSL_MSG("Restart Hash");
|
||||
WOLFSSL_BUFFER(hash, hashSz);
|
||||
|
||||
#if defined(WOLFSSL_SEND_HRR_COOKIE) && !defined(NO_WOLFSSL_SERVER)
|
||||
if (ssl->options.sendCookie) {
|
||||
byte cookie[OPAQUE8_LEN + WC_MAX_DIGEST_SIZE + OPAQUE16_LEN * 2];
|
||||
TLSX* ext;
|
||||
word32 idx = 0;
|
||||
|
||||
/* Cookie Data = Hash Len | Hash | CS | KeyShare Group */
|
||||
cookie[idx++] = hashSz;
|
||||
XMEMCPY(cookie + idx, hash, hashSz);
|
||||
idx += hashSz;
|
||||
cookie[idx++] = ssl->options.cipherSuite0;
|
||||
cookie[idx++] = ssl->options.cipherSuite;
|
||||
if ((ext = TLSX_Find(ssl->extensions, TLSX_KEY_SHARE)) != NULL) {
|
||||
KeyShareEntry* kse = (KeyShareEntry*)ext->data;
|
||||
c16toa(kse->group, cookie + idx);
|
||||
idx += OPAQUE16_LEN;
|
||||
}
|
||||
return CreateCookie(ssl, cookie, idx);
|
||||
}
|
||||
#endif
|
||||
|
||||
ret = InitHandshakeHashes(ssl);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
ret = HashOutputRaw(ssl, header, sizeof(header));
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
return HashOutputRaw(ssl, hash, hashSz);
|
||||
}
|
||||
|
||||
/* The value in the random field of a ServerHello to indicate
|
||||
* HelloRetryRequest.
|
||||
*/
|
||||
static byte helloRetryRequestRandom[] = {
|
||||
0xCF, 0x21, 0xAD, 0x74, 0xE5, 0x9A, 0x61, 0x11,
|
||||
0xBE, 0x1D, 0x8C, 0x02, 0x1E, 0x65, 0xB8, 0x91,
|
||||
0xC2, 0xA2, 0x11, 0x16, 0x7A, 0xBB, 0x8C, 0x5E,
|
||||
0x07, 0x9E, 0x09, 0xE2, 0xC8, 0xA8, 0x33, 0x9C
|
||||
};
|
||||
#endif /* WOLFSSL_TLS13_DRAFT_18 */
|
||||
|
||||
#ifndef NO_WOLFSSL_CLIENT
|
||||
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
|
||||
/* Setup pre-shared key based on the details in the extension data.
|
||||
@@ -2540,117 +2661,6 @@ int SendTls13ClientHello(WOLFSSL* ssl)
|
||||
return ret;
|
||||
}
|
||||
|
||||
#ifndef WOLFSSL_TLS13_DRAFT_18
|
||||
#ifdef WOLFSSL_SEND_HRR_COOKIE
|
||||
/* Create Cookie extension using the hash of the first ClientHello.
|
||||
*
|
||||
* ssl SSL/TLS object.
|
||||
* hash The hash data.
|
||||
* hashSz The size of the hash data in bytes.
|
||||
* returns 0 on success, otherwise failure.
|
||||
*/
|
||||
static int CreateCookie(WOLFSSL* ssl, byte* hash, byte hashSz)
|
||||
{
|
||||
int ret;
|
||||
byte mac[WC_MAX_DIGEST_SIZE];
|
||||
Hmac cookieHmac;
|
||||
byte cookieType;
|
||||
byte macSz;
|
||||
|
||||
#if !defined(NO_SHA) && defined(NO_SHA256)
|
||||
cookieType = SHA;
|
||||
macSz = WC_SHA_DIGEST_SIZE;
|
||||
#endif /* NO_SHA */
|
||||
#ifndef NO_SHA256
|
||||
cookieType = WC_SHA256;
|
||||
macSz = WC_SHA256_DIGEST_SIZE;
|
||||
#endif /* NO_SHA256 */
|
||||
|
||||
ret = wc_HmacSetKey(&cookieHmac, cookieType,
|
||||
ssl->buffers.tls13CookieSecret.buffer,
|
||||
ssl->buffers.tls13CookieSecret.length);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
if ((ret = wc_HmacUpdate(&cookieHmac, hash, hashSz)) != 0)
|
||||
return ret;
|
||||
if ((ret = wc_HmacFinal(&cookieHmac, mac)) != 0)
|
||||
return ret;
|
||||
|
||||
/* The cookie data is the hash and the integrity check. */
|
||||
return TLSX_Cookie_Use(ssl, hash, hashSz, mac, macSz, 1);
|
||||
}
|
||||
#endif
|
||||
|
||||
/* Restart the Hanshake hash with a hash of the previous messages.
|
||||
*
|
||||
* ssl The SSL/TLS object.
|
||||
* returns 0 on success, otherwise failure.
|
||||
*/
|
||||
static int RestartHandshakeHash(WOLFSSL* ssl)
|
||||
{
|
||||
int ret;
|
||||
Hashes hashes;
|
||||
byte header[HANDSHAKE_HEADER_SZ];
|
||||
byte* hash = NULL;
|
||||
byte hashSz = 0;
|
||||
|
||||
ret = BuildCertHashes(ssl, &hashes);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
switch (ssl->specs.mac_algorithm) {
|
||||
#ifndef NO_SHA256
|
||||
case sha256_mac:
|
||||
hash = hashes.sha256;
|
||||
break;
|
||||
#endif
|
||||
#ifdef WOLFSSL_SHA384
|
||||
case sha384_mac:
|
||||
hash = hashes.sha384;
|
||||
break;
|
||||
#endif
|
||||
#ifdef WOLFSSL_TLS13_SHA512
|
||||
case sha512_mac:
|
||||
hash = hashes.sha512;
|
||||
break;
|
||||
#endif
|
||||
}
|
||||
hashSz = ssl->specs.hash_size;
|
||||
AddTls13HandShakeHeader(header, hashSz, 0, 0, message_hash, ssl);
|
||||
|
||||
WOLFSSL_MSG("Restart Hash");
|
||||
WOLFSSL_BUFFER(hash, hashSz);
|
||||
|
||||
#ifdef WOLFSSL_SEND_HRR_COOKIE
|
||||
if (ssl->options.sendCookie) {
|
||||
byte cookie[OPAQUE8_LEN + WC_MAX_DIGEST_SIZE + OPAQUE16_LEN * 2];
|
||||
TLSX* ext;
|
||||
word32 idx = 0;
|
||||
|
||||
/* Cookie Data = Hash Len | Hash | CS | KeyShare Group */
|
||||
cookie[idx++] = hashSz;
|
||||
XMEMCPY(cookie + idx, hash, hashSz);
|
||||
idx += hashSz;
|
||||
cookie[idx++] = ssl->options.cipherSuite0;
|
||||
cookie[idx++] = ssl->options.cipherSuite;
|
||||
if ((ext = TLSX_Find(ssl->extensions, TLSX_KEY_SHARE)) != NULL) {
|
||||
KeyShareEntry* kse = (KeyShareEntry*)ext->data;
|
||||
c16toa(kse->group, cookie + idx);
|
||||
idx += OPAQUE16_LEN;
|
||||
}
|
||||
return CreateCookie(ssl, cookie, idx);
|
||||
}
|
||||
#endif
|
||||
|
||||
ret = InitHandshakeHashes(ssl);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
ret = HashOutputRaw(ssl, header, sizeof(header));
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
return HashOutputRaw(ssl, hash, hashSz);
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_TLS13_DRAFT_18
|
||||
/* handle rocessing of TLS 1.3 hello_retry_request (6) */
|
||||
/* Parse and handle a HelloRetryRequest message.
|
||||
@@ -2720,18 +2730,6 @@ static int DoTls13HelloRetryRequest(WOLFSSL* ssl, const byte* input,
|
||||
#endif
|
||||
|
||||
|
||||
#ifndef WOLFSSL_TLS13_DRAFT_18
|
||||
/* The value in the random field of a ServerHello to indicate
|
||||
* HelloRetryRequest.
|
||||
*/
|
||||
static byte helloRetryRequestRandom[] = {
|
||||
0xCF, 0x21, 0xAD, 0x74, 0xE5, 0x9A, 0x61, 0x11,
|
||||
0xBE, 0x1D, 0x8C, 0x02, 0x1E, 0x65, 0xB8, 0x91,
|
||||
0xC2, 0xA2, 0x11, 0x16, 0x7A, 0xBB, 0x8C, 0x5E,
|
||||
0x07, 0x9E, 0x09, 0xE2, 0xC8, 0xA8, 0x33, 0x9C
|
||||
};
|
||||
#endif
|
||||
|
||||
/* handle processing of TLS 1.3 server_hello (2) and hello_retry_request (6) */
|
||||
/* Handle the ServerHello message from the server.
|
||||
* Only a client will receive this message.
|
||||
@@ -3202,16 +3200,6 @@ static int DoTls13CertificateRequest(WOLFSSL* ssl, const byte* input,
|
||||
/* This message is always encrypted so add encryption padding. */
|
||||
*inOutIdx += ssl->keys.padSz;
|
||||
|
||||
#if !defined(NO_WOLFSSL_CLIENT) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
|
||||
if (ssl->options.side == WOLFSSL_CLIENT_END &&
|
||||
ssl->options.handShakeState == HANDSHAKE_DONE) {
|
||||
/* reset handshake states */
|
||||
ssl->options.clientState = CLIENT_HELLO_COMPLETE;
|
||||
ssl->options.connectState = FIRST_REPLY_DONE;
|
||||
ssl->options.handShakeState = CLIENT_HELLO_COMPLETE;
|
||||
}
|
||||
#endif
|
||||
|
||||
WOLFSSL_LEAVE("DoTls13CertificateRequest", ret);
|
||||
WOLFSSL_END(WC_FUNC_CERTIFICATE_REQUEST_DO);
|
||||
|
||||
@@ -3713,8 +3701,14 @@ static int RestartHandshakeHashWithCookie(WOLFSSL* ssl, Cookie* cookie)
|
||||
hrrIdx += 2;
|
||||
c16toa(OPAQUE16_LEN, hrr + hrrIdx);
|
||||
hrrIdx += 2;
|
||||
hrr[hrrIdx++] = ssl->version.major;
|
||||
hrr[hrrIdx++] = ssl->version.minor;
|
||||
/* TODO: [TLS13] Change to ssl->version.major and minor once final. */
|
||||
#ifdef WOLFSSL_TLS13_FINAL
|
||||
hrr[hrrIdx++] = ssl->version.major;
|
||||
hrr[hrrIdx++] = ssl->version.minor;
|
||||
#else
|
||||
hrr[hrrIdx++] = TLS_DRAFT_MAJOR;
|
||||
hrr[hrrIdx++] = TLS_DRAFT_MINOR;
|
||||
#endif
|
||||
#endif
|
||||
/* Mandatory Cookie Extension */
|
||||
c16toa(TLSX_COOKIE, hrr + hrrIdx);
|
||||
@@ -3972,31 +3966,9 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
||||
/* Check that the negotiated ciphersuite matches protocol version. */
|
||||
if (IsAtLeastTLSv1_3(ssl->version)) {
|
||||
if (ssl->options.cipherSuite0 != TLS13_BYTE) {
|
||||
#ifndef WOLFSSL_NO_TLS12
|
||||
TLSX* ext;
|
||||
|
||||
if (!ssl->options.downgrade) {
|
||||
WOLFSSL_MSG("Negotiated ciphersuite from lesser version "
|
||||
"than TLS v1.3");
|
||||
return VERSION_ERROR;
|
||||
}
|
||||
|
||||
WOLFSSL_MSG("Downgrading protocol due to cipher suite");
|
||||
|
||||
if (pv.minor < ssl->options.minDowngrade)
|
||||
return VERSION_ERROR;
|
||||
ssl->version.minor = ssl->options.oldMinor;
|
||||
|
||||
/* Downgrade from TLS v1.3 */
|
||||
ssl->options.tls1_3 = 0;
|
||||
ext = TLSX_Find(ssl->extensions, TLSX_SUPPORTED_VERSIONS);
|
||||
if (ext != NULL)
|
||||
ext->resp = 0;
|
||||
#else
|
||||
WOLFSSL_MSG("Negotiated ciphersuite from lesser version than "
|
||||
"TLS v1.3");
|
||||
return VERSION_ERROR;
|
||||
#endif
|
||||
}
|
||||
}
|
||||
/* VerifyServerSuite handles when version is less than 1.3 */
|
||||
@@ -5855,7 +5827,15 @@ static int DoTls13Finished(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
||||
if (*inOutIdx + size + ssl->keys.padSz > totalSz)
|
||||
return BUFFER_E;
|
||||
|
||||
if (ssl->options.side == WOLFSSL_CLIENT_END) {
|
||||
if (ssl->options.handShakeDone) {
|
||||
ret = DeriveFinishedSecret(ssl, ssl->arrays->clientSecret,
|
||||
ssl->keys.client_write_MAC_secret);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
|
||||
secret = ssl->keys.client_write_MAC_secret;
|
||||
}
|
||||
else if (ssl->options.side == WOLFSSL_CLIENT_END) {
|
||||
/* All the handshake messages have been received to calculate
|
||||
* client and server finished keys.
|
||||
*/
|
||||
@@ -5961,7 +5941,15 @@ static int SendTls13Finished(WOLFSSL* ssl)
|
||||
AddTls13HandShakeHeader(input, finishedSz, 0, finishedSz, finished, ssl);
|
||||
|
||||
/* make finished hashes */
|
||||
if (ssl->options.side == WOLFSSL_CLIENT_END)
|
||||
if (ssl->options.handShakeDone) {
|
||||
ret = DeriveFinishedSecret(ssl, ssl->arrays->clientSecret,
|
||||
ssl->keys.client_write_MAC_secret);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
|
||||
secret = ssl->keys.client_write_MAC_secret;
|
||||
}
|
||||
else if (ssl->options.side == WOLFSSL_CLIENT_END)
|
||||
secret = ssl->keys.client_write_MAC_secret;
|
||||
else {
|
||||
/* All the handshake messages have been done to calculate client and
|
||||
@@ -6864,13 +6852,14 @@ static int SanityCheckTls13MsgReceived(WOLFSSL* ssl, byte type)
|
||||
ssl->arrays->psk_keySz != 0) {
|
||||
WOLFSSL_MSG("CertificateRequset received while using PSK");
|
||||
return SANITY_MSG_E;
|
||||
return SANITY_MSG_E;
|
||||
}
|
||||
#endif
|
||||
#ifndef WOLFSSL_POST_HANDSHAKE_AUTH
|
||||
if (ssl->msgsReceived.got_certificate_request) {
|
||||
WOLFSSL_MSG("Duplicate CertificateRequest received");
|
||||
return DUPLICATE_MSG_E;
|
||||
}
|
||||
#endif
|
||||
ssl->msgsReceived.got_certificate_request = 1;
|
||||
|
||||
break;
|
||||
@@ -6878,20 +6867,20 @@ static int SanityCheckTls13MsgReceived(WOLFSSL* ssl, byte type)
|
||||
|
||||
case certificate_verify:
|
||||
#ifndef NO_WOLFSSL_CLIENT
|
||||
if (ssl->options.side == WOLFSSL_CLIENT_END &&
|
||||
ssl->options.serverState != SERVER_CERT_COMPLETE) {
|
||||
WOLFSSL_MSG("No Cert before CertVerify");
|
||||
return OUT_OF_ORDER_E;
|
||||
if (ssl->options.side == WOLFSSL_CLIENT_END) {
|
||||
if (ssl->options.serverState != SERVER_CERT_COMPLETE) {
|
||||
WOLFSSL_MSG("No Cert before CertVerify");
|
||||
return OUT_OF_ORDER_E;
|
||||
}
|
||||
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
|
||||
/* Server's authenticating with PSK must not send this. */
|
||||
if (ssl->options.serverState == SERVER_CERT_COMPLETE &&
|
||||
ssl->arrays->psk_keySz != 0) {
|
||||
WOLFSSL_MSG("CertificateVerify received while using PSK");
|
||||
return SANITY_MSG_E;
|
||||
}
|
||||
#endif
|
||||
}
|
||||
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
|
||||
/* Server's authenticating with PSK must not send this. */
|
||||
if (ssl->options.side == WOLFSSL_CLIENT_END &&
|
||||
ssl->options.serverState == SERVER_CERT_COMPLETE &&
|
||||
ssl->arrays->psk_keySz != 0) {
|
||||
WOLFSSL_MSG("CertificateVerify received while using PSK");
|
||||
return SANITY_MSG_E;
|
||||
}
|
||||
#endif
|
||||
#endif
|
||||
#ifndef NO_WOLFSSL_SERVER
|
||||
if (ssl->options.side == WOLFSSL_SERVER_END) {
|
||||
@@ -7134,47 +7123,61 @@ int DoTls13HandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
|
||||
|
||||
if (ssl->options.tls1_3) {
|
||||
/* Need to hash input message before deriving secrets. */
|
||||
#ifndef NO_WOLFSSL_CLIENT
|
||||
if (type == server_hello && ssl->options.side == WOLFSSL_CLIENT_END) {
|
||||
if ((ret = DeriveEarlySecret(ssl)) != 0)
|
||||
return ret;
|
||||
if ((ret = DeriveHandshakeSecret(ssl)) != 0)
|
||||
return ret;
|
||||
#ifndef NO_WOLFSSL_CLIENT
|
||||
if (ssl->options.side == WOLFSSL_CLIENT_END) {
|
||||
if (type == server_hello) {
|
||||
if ((ret = DeriveEarlySecret(ssl)) != 0)
|
||||
return ret;
|
||||
if ((ret = DeriveHandshakeSecret(ssl)) != 0)
|
||||
return ret;
|
||||
|
||||
if ((ret = DeriveTls13Keys(ssl, handshake_key,
|
||||
if ((ret = DeriveTls13Keys(ssl, handshake_key,
|
||||
ENCRYPT_AND_DECRYPT_SIDE, 1)) != 0) {
|
||||
return ret;
|
||||
return ret;
|
||||
}
|
||||
#ifdef WOLFSSL_EARLY_DATA
|
||||
if ((ret = SetKeysSide(ssl, DECRYPT_SIDE_ONLY)) != 0)
|
||||
return ret;
|
||||
#else
|
||||
if ((ret = SetKeysSide(ssl, ENCRYPT_AND_DECRYPT_SIDE)) != 0)
|
||||
return ret;
|
||||
#endif
|
||||
}
|
||||
#ifdef WOLFSSL_EARLY_DATA
|
||||
if ((ret = SetKeysSide(ssl, DECRYPT_SIDE_ONLY)) != 0)
|
||||
return ret;
|
||||
#else
|
||||
if ((ret = SetKeysSide(ssl, ENCRYPT_AND_DECRYPT_SIDE)) != 0)
|
||||
return ret;
|
||||
#endif
|
||||
}
|
||||
|
||||
if (type == finished && ssl->options.side == WOLFSSL_CLIENT_END) {
|
||||
if ((ret = DeriveMasterSecret(ssl)) != 0)
|
||||
return ret;
|
||||
#ifdef WOLFSSL_EARLY_DATA
|
||||
if ((ret = DeriveTls13Keys(ssl, traffic_key,
|
||||
if (type == finished) {
|
||||
if ((ret = DeriveMasterSecret(ssl)) != 0)
|
||||
return ret;
|
||||
#ifdef WOLFSSL_EARLY_DATA
|
||||
if ((ret = DeriveTls13Keys(ssl, traffic_key,
|
||||
ENCRYPT_AND_DECRYPT_SIDE,
|
||||
ssl->earlyData == no_early_data)) != 0) {
|
||||
return ret;
|
||||
}
|
||||
#else
|
||||
if ((ret = DeriveTls13Keys(ssl, traffic_key,
|
||||
return ret;
|
||||
}
|
||||
#else
|
||||
if ((ret = DeriveTls13Keys(ssl, traffic_key,
|
||||
ENCRYPT_AND_DECRYPT_SIDE, 1)) != 0) {
|
||||
return ret;
|
||||
return ret;
|
||||
}
|
||||
#endif
|
||||
}
|
||||
#endif
|
||||
#ifdef WOLFSSL_POST_HANDSHAKE_AUTH
|
||||
if (type == certificate_request &&
|
||||
ssl->options.handShakeState == HANDSHAKE_DONE) {
|
||||
/* reset handshake states */
|
||||
ssl->options.clientState = CLIENT_HELLO_COMPLETE;
|
||||
ssl->options.connectState = FIRST_REPLY_DONE;
|
||||
ssl->options.handShakeState = CLIENT_HELLO_COMPLETE;
|
||||
|
||||
if (wolfSSL_connect_TLSv13(ssl) != SSL_SUCCESS)
|
||||
ret = POST_HAND_AUTH_ERROR;
|
||||
}
|
||||
#endif
|
||||
}
|
||||
#endif /* NO_WOLFSSL_CLIENT */
|
||||
#endif /* NO_WOLFSSL_CLIENT */
|
||||
|
||||
#ifndef NO_WOLFSSL_SERVER
|
||||
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
|
||||
if (type == finished && ssl->options.side == WOLFSSL_SERVER_END) {
|
||||
if (ssl->options.side == WOLFSSL_SERVER_END && type == finished) {
|
||||
ret = DeriveResumptionSecret(ssl, ssl->session.masterSecret);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
@@ -7301,6 +7304,7 @@ int DoTls13HandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx,
|
||||
return ret;
|
||||
}
|
||||
|
||||
#ifndef NO_WOLFSSL_CLIENT
|
||||
|
||||
/* The client connecting to the server.
|
||||
* The protocol version is expecting to be TLS v1.3.
|
||||
@@ -7497,14 +7501,9 @@ int wolfSSL_connect_TLSv13(WOLFSSL* ssl)
|
||||
FALL_THROUGH;
|
||||
|
||||
case FIRST_REPLY_THIRD:
|
||||
#if !defined(NO_CERTS) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
|
||||
if (!ssl->options.sendVerify || !ssl->options.postHandshakeAuth)
|
||||
#endif
|
||||
{
|
||||
if ((ssl->error = SendTls13Finished(ssl)) != 0) {
|
||||
WOLFSSL_ERROR(ssl->error);
|
||||
return WOLFSSL_FATAL_ERROR;
|
||||
}
|
||||
if ((ssl->error = SendTls13Finished(ssl)) != 0) {
|
||||
WOLFSSL_ERROR(ssl->error);
|
||||
return WOLFSSL_FATAL_ERROR;
|
||||
}
|
||||
WOLFSSL_MSG("sent: finished");
|
||||
|
||||
@@ -7532,8 +7531,9 @@ int wolfSSL_connect_TLSv13(WOLFSSL* ssl)
|
||||
return WOLFSSL_FATAL_ERROR; /* unknown connect state */
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(WOLFSSL_SEND_HRR_COOKIE) && !defined(NO_WOLFSSL_SERVER)
|
||||
#if defined(WOLFSSL_SEND_HRR_COOKIE)
|
||||
/* Send a cookie with the HelloRetryRequest to avoid storing state.
|
||||
*
|
||||
* ssl SSL/TLS object.
|
||||
@@ -7551,6 +7551,7 @@ int wolfSSL_send_hrr_cookie(WOLFSSL* ssl, const unsigned char* secret,
|
||||
|
||||
if (ssl == NULL || !IsAtLeastTLSv1_3(ssl->version))
|
||||
return BAD_FUNC_ARG;
|
||||
#ifndef NO_WOLFSSL_SERVER
|
||||
if (ssl->options.side == WOLFSSL_CLIENT_END)
|
||||
return SIDE_ERROR;
|
||||
|
||||
@@ -7597,7 +7598,15 @@ int wolfSSL_send_hrr_cookie(WOLFSSL* ssl, const unsigned char* secret,
|
||||
|
||||
ssl->options.sendCookie = 1;
|
||||
|
||||
return WOLFSSL_SUCCESS;
|
||||
ret = WOLFSSL_SUCCESS;
|
||||
#else
|
||||
(void)secret;
|
||||
(void)secretSz;
|
||||
|
||||
ret = SIDE_ERROR;
|
||||
#endif
|
||||
|
||||
return ret;
|
||||
}
|
||||
#endif
|
||||
|
||||
@@ -7783,10 +7792,13 @@ int wolfSSL_allow_post_handshake_auth(WOLFSSL* ssl)
|
||||
int wolfSSL_request_certificate(WOLFSSL* ssl)
|
||||
{
|
||||
int ret;
|
||||
#ifndef NO_WOLFSSL_SERVER
|
||||
CertReqCtx* certReqCtx;
|
||||
#endif
|
||||
|
||||
if (ssl == NULL || !IsAtLeastTLSv1_3(ssl->version))
|
||||
return BAD_FUNC_ARG;
|
||||
#ifndef NO_WOLFSSL_SERVER
|
||||
if (ssl->options.side == WOLFSSL_CLIENT_END)
|
||||
return SIDE_ERROR;
|
||||
if (ssl->options.handShakeState != HANDSHAKE_DONE)
|
||||
@@ -7805,16 +7817,24 @@ int wolfSSL_request_certificate(WOLFSSL* ssl)
|
||||
certReqCtx->ctx = certReqCtx->next->ctx + 1;
|
||||
ssl->certReqCtx = certReqCtx;
|
||||
|
||||
ssl->msgsReceived.got_certificate = 0;
|
||||
ssl->msgsReceived.got_certificate_verify = 0;
|
||||
ssl->msgsReceived.got_finished = 0;
|
||||
|
||||
ret = SendTls13CertificateRequest(ssl, &certReqCtx->ctx, certReqCtx->len);
|
||||
if (ret == WANT_WRITE)
|
||||
ret = WOLFSSL_ERROR_WANT_WRITE;
|
||||
else if (ret == 0)
|
||||
ret = WOLFSSL_SUCCESS;
|
||||
#else
|
||||
ret = SIDE_ERROR;
|
||||
#endif
|
||||
|
||||
return ret;
|
||||
}
|
||||
#endif /* !NO_CERTS && WOLFSSL_POST_HANDSHAKE_AUTH */
|
||||
|
||||
#if !defined(NO_WOLFSSL_CLIENT) && !defined(WOLFSSL_NO_SERVER_GROUPS_EXT)
|
||||
#if !defined(WOLFSSL_NO_SERVER_GROUPS_EXT)
|
||||
/* Get the preferred key exchange group.
|
||||
*
|
||||
* ssl The SSL/TLS object.
|
||||
@@ -7824,19 +7844,19 @@ int wolfSSL_request_certificate(WOLFSSL* ssl)
|
||||
*/
|
||||
int wolfSSL_preferred_group(WOLFSSL* ssl)
|
||||
{
|
||||
int ret;
|
||||
|
||||
if (ssl == NULL || !IsAtLeastTLSv1_3(ssl->version))
|
||||
return BAD_FUNC_ARG;
|
||||
#ifndef NO_WOLFSSL_CLIENT
|
||||
if (ssl->options.side == WOLFSSL_SERVER_END)
|
||||
return SIDE_ERROR;
|
||||
if (ssl->options.handShakeState != HANDSHAKE_DONE)
|
||||
return NOT_READY_ERROR;
|
||||
|
||||
/* Return supported groups only. */
|
||||
ret = TLSX_SupportedCurve_Preferred(ssl, 1);
|
||||
|
||||
return ret;
|
||||
return TLSX_SupportedCurve_Preferred(ssl, 1);
|
||||
#else
|
||||
return SIDE_ERROR;
|
||||
#endif
|
||||
}
|
||||
#endif
|
||||
|
||||
@@ -8253,6 +8273,7 @@ int wolfSSL_write_early_data(WOLFSSL* ssl, const void* data, int sz, int* outSz)
|
||||
if (!IsAtLeastTLSv1_3(ssl->version))
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
#ifndef NO_WOLFSSL_CLIENT
|
||||
if (ssl->options.side == WOLFSSL_SERVER_END)
|
||||
return SIDE_ERROR;
|
||||
|
||||
@@ -8267,6 +8288,9 @@ int wolfSSL_write_early_data(WOLFSSL* ssl, const void* data, int sz, int* outSz)
|
||||
if (ret > 0)
|
||||
*outSz = ret;
|
||||
}
|
||||
#else
|
||||
return SIDE_ERROR;
|
||||
#endif
|
||||
|
||||
WOLFSSL_LEAVE("SSL_write_early_data()", ret);
|
||||
|
||||
@@ -8287,7 +8311,7 @@ int wolfSSL_write_early_data(WOLFSSL* ssl, const void* data, int sz, int* outSz)
|
||||
*/
|
||||
int wolfSSL_read_early_data(WOLFSSL* ssl, void* data, int sz, int* outSz)
|
||||
{
|
||||
int ret;
|
||||
int ret = 0;
|
||||
|
||||
WOLFSSL_ENTER("wolfSSL_read_early_data()");
|
||||
|
||||
@@ -8297,6 +8321,7 @@ int wolfSSL_read_early_data(WOLFSSL* ssl, void* data, int sz, int* outSz)
|
||||
if (!IsAtLeastTLSv1_3(ssl->version))
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
#ifndef NO_WOLFSSL_SERVER
|
||||
if (ssl->options.side == WOLFSSL_CLIENT_END)
|
||||
return SIDE_ERROR;
|
||||
|
||||
@@ -8315,6 +8340,9 @@ int wolfSSL_read_early_data(WOLFSSL* ssl, void* data, int sz, int* outSz)
|
||||
}
|
||||
else
|
||||
ret = 0;
|
||||
#else
|
||||
return SIDE_ERROR;
|
||||
#endif
|
||||
|
||||
WOLFSSL_LEAVE("wolfSSL_read_early_data()", ret);
|
||||
|
||||
|
||||
+365
-92
File diff suppressed because it is too large
Load Diff
+11
-9
@@ -703,15 +703,17 @@ int SuiteTest(void)
|
||||
#endif
|
||||
#ifndef NO_PSK
|
||||
#ifndef WOLFSSL_NO_TLS12
|
||||
/* add psk cipher suites */
|
||||
strcpy(argv0[1], "tests/test-psk.conf");
|
||||
printf("starting psk cipher suite tests\n");
|
||||
test_harness(&args);
|
||||
if (args.return_code != 0) {
|
||||
printf("error from script %d\n", args.return_code);
|
||||
args.return_code = EXIT_FAILURE;
|
||||
goto exit;
|
||||
}
|
||||
#if !defined(NO_RSA) || defined(HAVE_ECC)
|
||||
/* add psk cipher suites */
|
||||
strcpy(argv0[1], "tests/test-psk.conf");
|
||||
printf("starting psk cipher suite tests\n");
|
||||
test_harness(&args);
|
||||
if (args.return_code != 0) {
|
||||
printf("error from script %d\n", args.return_code);
|
||||
args.return_code = EXIT_FAILURE;
|
||||
goto exit;
|
||||
}
|
||||
#endif
|
||||
#endif
|
||||
#ifdef WOLFSSL_TLS13
|
||||
/* add psk extra suites */
|
||||
|
||||
+39
-8
@@ -1,30 +1,61 @@
|
||||
# server bad certificate alt name
|
||||
# server bad certificate common name has null
|
||||
# DG: Have not found a way to properly encode null in common name
|
||||
-v 3
|
||||
-l ECDHE-RSA-AES128-GCM-SHA256
|
||||
-k ./certs/test/server-badaltnamenull.key
|
||||
-c ./certs/test/server-badaltnamenull.pem
|
||||
-k ./certs/server-key.pem
|
||||
-c ./certs/test/server-badcnnull.pem
|
||||
-d
|
||||
|
||||
# client bad certificate alt name
|
||||
# client bad certificate common name has null
|
||||
-v 3
|
||||
-l ECDHE-RSA-AES128-GCM-SHA256
|
||||
-h localhost
|
||||
-A ./certs/test/server-badaltnamenull.pem
|
||||
-A ./certs/test/server-badcnnull.pem
|
||||
-m
|
||||
-x
|
||||
|
||||
# server bad certificate alternate name has null
|
||||
-v 3
|
||||
-l ECDHE-RSA-AES128-GCM-SHA256
|
||||
-k ./certs/server-key.pem
|
||||
-c ./certs/test/server-badaltnull.pem
|
||||
-d
|
||||
|
||||
# client bad certificate alternate name has null
|
||||
-v 3
|
||||
-l ECDHE-RSA-AES128-GCM-SHA256
|
||||
-h localhost
|
||||
-A ./certs/test/server-badaltnull.pem
|
||||
-m
|
||||
-x
|
||||
|
||||
# server nomatch common name
|
||||
-v 3
|
||||
-l ECDHE-RSA-AES128-GCM-SHA256
|
||||
-k ./certs/test/server-nomatch.key
|
||||
-c ./certs/test/server-nomatch.pem
|
||||
-k ./certs/server-key.pem
|
||||
-c ./certs/test/server-badcn.pem
|
||||
-d
|
||||
|
||||
# client nomatch common name
|
||||
-v 3
|
||||
-l ECDHE-RSA-AES128-GCM-SHA256
|
||||
-h localhost
|
||||
-A ./certs/test/server-nomatch.pem
|
||||
-A ./certs/test/server-badcn.pem
|
||||
-m
|
||||
-x
|
||||
|
||||
# server nomatch alternate name
|
||||
-v 3
|
||||
-l ECDHE-RSA-AES128-GCM-SHA256
|
||||
-k ./certs/server-key.pem
|
||||
-c ./certs/test/server-badaltname.pem
|
||||
-d
|
||||
|
||||
# client nomatch alternate name
|
||||
-v 3
|
||||
-l ECDHE-RSA-AES128-GCM-SHA256
|
||||
-h localhost
|
||||
-A ./certs/test/server-badaltname.pem
|
||||
-m
|
||||
-x
|
||||
|
||||
|
||||
+1
-9
@@ -1,15 +1,7 @@
|
||||
# server - standard PSK
|
||||
# server - PSK plus certificates
|
||||
-j
|
||||
-l PSK-CHACHA20-POLY1305
|
||||
|
||||
# client- standard PSK
|
||||
-s
|
||||
-l PSK-CHACHA20-POLY1305
|
||||
|
||||
# server
|
||||
-j
|
||||
-l ECDHE-RSA-AES256-GCM-SHA384:PSK-CHACHA20-POLY1305
|
||||
|
||||
# client
|
||||
-l ECDHE-RSA-AES256-GCM-SHA384:PSK-CHACHA20-POLY1305
|
||||
|
||||
|
||||
@@ -2246,3 +2246,63 @@
|
||||
-D certs/dh3072.pem
|
||||
-c certs/client-cert-3072.pem
|
||||
-k certs/client-key-3072.pem
|
||||
|
||||
# server good certificate common name
|
||||
-v 3
|
||||
-l ECDHE-RSA-AES128-GCM-SHA256
|
||||
-k ./certs/server-key.pem
|
||||
-c ./certs/test/server-goodcn.pem
|
||||
-d
|
||||
|
||||
# client good certificate common name
|
||||
-v 3
|
||||
-l ECDHE-RSA-AES128-GCM-SHA256
|
||||
-h localhost
|
||||
-A ./certs/test/server-goodcn.pem
|
||||
-m
|
||||
-C
|
||||
|
||||
# server good certificate alt name
|
||||
-v 3
|
||||
-l ECDHE-RSA-AES128-GCM-SHA256
|
||||
-k ./certs/server-key.pem
|
||||
-c ./certs/test/server-goodalt.pem
|
||||
-d
|
||||
|
||||
# client good certificate alt name
|
||||
-v 3
|
||||
-l ECDHE-RSA-AES128-GCM-SHA256
|
||||
-h localhost
|
||||
-A ./certs/test/server-goodalt.pem
|
||||
-m
|
||||
-C
|
||||
|
||||
# server good certificate common name wild
|
||||
-v 3
|
||||
-l ECDHE-RSA-AES128-GCM-SHA256
|
||||
-k ./certs/server-key.pem
|
||||
-c ./certs/test/server-goodcnwild.pem
|
||||
-d
|
||||
|
||||
# client good certificate common name wild
|
||||
-v 3
|
||||
-l ECDHE-RSA-AES128-GCM-SHA256
|
||||
-h localhost
|
||||
-A ./certs/test/server-goodcnwild.pem
|
||||
-m
|
||||
-C
|
||||
|
||||
# server good certificate alt name wild
|
||||
-v 3
|
||||
-l ECDHE-RSA-AES128-GCM-SHA256
|
||||
-k ./certs/server-key.pem
|
||||
-c ./certs/test/server-goodaltwild.pem
|
||||
-d
|
||||
|
||||
# client good certificate alt name wild
|
||||
-v 3
|
||||
-l ECDHE-RSA-AES128-GCM-SHA256
|
||||
-h localhost
|
||||
-A ./certs/test/server-goodaltwild.pem
|
||||
-m
|
||||
-C
|
||||
|
||||
@@ -71,11 +71,13 @@ int unit_test(int argc, char** argv)
|
||||
goto exit;
|
||||
}
|
||||
|
||||
#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER)
|
||||
#ifndef SINGLE_THREADED
|
||||
if ( (ret = SuiteTest()) != 0){
|
||||
printf("suite test failed with %d\n", ret);
|
||||
goto exit;
|
||||
}
|
||||
#endif
|
||||
#endif
|
||||
|
||||
SrpTest();
|
||||
|
||||
+15
-5
@@ -81,17 +81,27 @@ static word32 cpuid_check = 0 ;
|
||||
static word32 cpuid_flags = 0 ;
|
||||
|
||||
static word32 cpuid_flag(word32 leaf, word32 sub, word32 num, word32 bit) {
|
||||
int got_intel_cpu=0;
|
||||
int got_intel_cpu = 0;
|
||||
int got_amd_cpu = 0;
|
||||
unsigned int reg[5];
|
||||
|
||||
reg[4] = '\0' ;
|
||||
cpuid(reg, 0, 0);
|
||||
if(memcmp((char *)&(reg[EBX]), "Genu", 4) == 0 &&
|
||||
memcmp((char *)&(reg[EDX]), "ineI", 4) == 0 &&
|
||||
memcmp((char *)&(reg[ECX]), "ntel", 4) == 0) {
|
||||
|
||||
/* check for intel cpu */
|
||||
if( memcmp((char *)&(reg[EBX]), "Genu", 4) == 0 &&
|
||||
memcmp((char *)&(reg[EDX]), "ineI", 4) == 0 &&
|
||||
memcmp((char *)&(reg[ECX]), "ntel", 4) == 0) {
|
||||
got_intel_cpu = 1;
|
||||
}
|
||||
if (got_intel_cpu) {
|
||||
|
||||
/* check for AMD cpu */
|
||||
if( memcmp((char *)&(reg[EBX]), "Auth", 4) == 0 &&
|
||||
memcmp((char *)&(reg[EDX]), "enti", 4) == 0 &&
|
||||
memcmp((char *)&(reg[ECX]), "cAMD", 4) == 0) {
|
||||
got_amd_cpu = 1;
|
||||
}
|
||||
if (got_intel_cpu || got_amd_cpu) {
|
||||
cpuid(reg, leaf, sub);
|
||||
return((reg[num]>>bit)&0x1) ;
|
||||
}
|
||||
|
||||
Executable → Regular
+13
-9
@@ -4203,9 +4203,10 @@ static int GetName(DecodedCert* cert, int nameType)
|
||||
XFREE(emailName, cert->heap, DYNAMIC_TYPE_ALTNAME);
|
||||
return MEMORY_E;
|
||||
}
|
||||
emailName->len = adv;
|
||||
XMEMCPY(emailName->name,
|
||||
&cert->source[cert->srcIdx], adv);
|
||||
emailName->name[adv] = 0;
|
||||
emailName->name[adv] = '\0';
|
||||
|
||||
emailName->next = cert->altEmailNames;
|
||||
cert->altEmailNames = emailName;
|
||||
@@ -5547,7 +5548,7 @@ static int ConfirmNameConstraints(Signer* signer, DecodedCert* cert)
|
||||
DNS_entry* name = cert->altNames;
|
||||
while (name != NULL) {
|
||||
if (MatchBaseName(ASN_DNS_TYPE,
|
||||
name->name, (int)XSTRLEN(name->name),
|
||||
name->name, name->len,
|
||||
base->name, base->nameSz)) {
|
||||
return 0;
|
||||
}
|
||||
@@ -5560,7 +5561,7 @@ static int ConfirmNameConstraints(Signer* signer, DecodedCert* cert)
|
||||
DNS_entry* name = cert->altEmailNames;
|
||||
while (name != NULL) {
|
||||
if (MatchBaseName(ASN_RFC822_TYPE,
|
||||
name->name, (int)XSTRLEN(name->name),
|
||||
name->name, name->len,
|
||||
base->name, base->nameSz)) {
|
||||
return 0;
|
||||
}
|
||||
@@ -5604,7 +5605,7 @@ static int ConfirmNameConstraints(Signer* signer, DecodedCert* cert)
|
||||
|
||||
while (name != NULL) {
|
||||
matchDns = MatchBaseName(ASN_DNS_TYPE,
|
||||
name->name, (int)XSTRLEN(name->name),
|
||||
name->name, name->len,
|
||||
base->name, base->nameSz);
|
||||
name = name->next;
|
||||
}
|
||||
@@ -5619,7 +5620,7 @@ static int ConfirmNameConstraints(Signer* signer, DecodedCert* cert)
|
||||
|
||||
while (name != NULL) {
|
||||
matchEmail = MatchBaseName(ASN_DNS_TYPE,
|
||||
name->name, (int)XSTRLEN(name->name),
|
||||
name->name, name->len,
|
||||
base->name, base->nameSz);
|
||||
name = name->next;
|
||||
}
|
||||
@@ -5700,7 +5701,7 @@ static int DecodeAltNames(byte* input, int sz, DecodedCert* cert)
|
||||
XFREE(dnsEntry, cert->heap, DYNAMIC_TYPE_ALTNAME);
|
||||
return MEMORY_E;
|
||||
}
|
||||
|
||||
dnsEntry->len = strLen;
|
||||
XMEMCPY(dnsEntry->name, &input[idx], strLen);
|
||||
dnsEntry->name[strLen] = '\0';
|
||||
|
||||
@@ -5737,7 +5738,7 @@ static int DecodeAltNames(byte* input, int sz, DecodedCert* cert)
|
||||
XFREE(emailEntry, cert->heap, DYNAMIC_TYPE_ALTNAME);
|
||||
return MEMORY_E;
|
||||
}
|
||||
|
||||
emailEntry->len = strLen;
|
||||
XMEMCPY(emailEntry->name, &input[idx], strLen);
|
||||
emailEntry->name[strLen] = '\0';
|
||||
|
||||
@@ -5808,7 +5809,7 @@ static int DecodeAltNames(byte* input, int sz, DecodedCert* cert)
|
||||
XFREE(uriEntry, cert->heap, DYNAMIC_TYPE_ALTNAME);
|
||||
return MEMORY_E;
|
||||
}
|
||||
|
||||
uriEntry->len = strLen;
|
||||
XMEMCPY(uriEntry->name, &input[idx], strLen);
|
||||
uriEntry->name[strLen] = '\0';
|
||||
|
||||
@@ -10884,8 +10885,11 @@ static int SignCert(int requestSz, int sType, byte* buffer, word32 buffSz,
|
||||
|
||||
sigSz = MakeSignature(certSignCtx, buffer, requestSz, certSignCtx->sig,
|
||||
MAX_ENCODED_SIG_SZ, rsaKey, eccKey, ed25519Key, rng, sType, heap);
|
||||
if (sigSz == WC_PENDING_E)
|
||||
if (sigSz == WC_PENDING_E) {
|
||||
/* Not free'ing certSignCtx->sig here because it could still be in use
|
||||
* with async operations. */
|
||||
return sigSz;
|
||||
}
|
||||
|
||||
if (sigSz >= 0) {
|
||||
if (requestSz + MAX_SEQ_SZ * 2 + sigSz > (int)buffSz)
|
||||
|
||||
+12
-3
@@ -60,16 +60,26 @@
|
||||
static word32 cpuid_flag(word32 leaf, word32 sub, word32 num, word32 bit)
|
||||
{
|
||||
int got_intel_cpu = 0;
|
||||
int got_amd_cpu = 0;
|
||||
unsigned int reg[5];
|
||||
|
||||
reg[4] = '\0';
|
||||
cpuid(reg, 0, 0);
|
||||
|
||||
/* check for Intel cpu */
|
||||
if (XMEMCMP((char *)&(reg[EBX]), "Genu", 4) == 0 &&
|
||||
XMEMCMP((char *)&(reg[EDX]), "ineI", 4) == 0 &&
|
||||
XMEMCMP((char *)&(reg[ECX]), "ntel", 4) == 0) {
|
||||
got_intel_cpu = 1;
|
||||
}
|
||||
if (got_intel_cpu) {
|
||||
|
||||
/* check for AMD cpu */
|
||||
if (XMEMCMP((char *)&(reg[EBX]), "Auth", 4) == 0 &&
|
||||
XMEMCMP((char *)&(reg[EDX]), "enti", 4) == 0 &&
|
||||
XMEMCMP((char *)&(reg[ECX]), "cAMD", 4) == 0) {
|
||||
got_amd_cpu = 1;
|
||||
}
|
||||
|
||||
if (got_intel_cpu || got_amd_cpu) {
|
||||
cpuid(reg, leaf, sub);
|
||||
return ((reg[num] >> bit) & 0x1);
|
||||
}
|
||||
@@ -98,4 +108,3 @@
|
||||
return cpuid_flags;
|
||||
}
|
||||
#endif
|
||||
|
||||
|
||||
@@ -0,0 +1,207 @@
|
||||
/* cryptodev.c
|
||||
*
|
||||
* Copyright (C) 2006-2018 wolfSSL Inc.
|
||||
*
|
||||
* This file is part of wolfSSL.
|
||||
*
|
||||
* wolfSSL is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 3 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* wolfSSL is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
/* This framework provides a central place for crypto hardware integration
|
||||
using the devId scheme. If not supported return `NOT_COMPILED_IN`. */
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
#include <config.h>
|
||||
#endif
|
||||
|
||||
#include <wolfssl/wolfcrypt/settings.h>
|
||||
|
||||
#ifdef WOLF_CRYPTO_DEV
|
||||
|
||||
#include <wolfssl/wolfcrypt/cryptodev.h>
|
||||
#include <wolfssl/wolfcrypt/error-crypt.h>
|
||||
#include <wolfssl/wolfcrypt/logging.h>
|
||||
|
||||
|
||||
/* TODO: Consider linked list with mutex */
|
||||
#ifndef MAX_CRYPTO_DEVICES
|
||||
#define MAX_CRYPTO_DEVICES 8
|
||||
#endif
|
||||
|
||||
typedef struct CryptoDev {
|
||||
int devId;
|
||||
CryptoDevCallbackFunc cb;
|
||||
void* ctx;
|
||||
} CryptoDev;
|
||||
static CryptoDev gCryptoDev[MAX_CRYPTO_DEVICES];
|
||||
|
||||
static CryptoDev* wc_CryptoDev_FindDevice(int devId)
|
||||
{
|
||||
int i;
|
||||
for (i=0; i<MAX_CRYPTO_DEVICES; i++) {
|
||||
if (gCryptoDev[i].devId == devId)
|
||||
return &gCryptoDev[i];
|
||||
}
|
||||
return NULL;
|
||||
}
|
||||
|
||||
void wc_CryptoDev_Init(void)
|
||||
{
|
||||
int i;
|
||||
for (i=0; i<MAX_CRYPTO_DEVICES; i++)
|
||||
gCryptoDev[i].devId = INVALID_DEVID;
|
||||
}
|
||||
|
||||
int wc_CryptoDev_RegisterDevice(int devId, CryptoDevCallbackFunc cb, void* ctx)
|
||||
{
|
||||
/* find existing or new */
|
||||
CryptoDev* dev = wc_CryptoDev_FindDevice(devId);
|
||||
if (dev == NULL)
|
||||
dev = wc_CryptoDev_FindDevice(INVALID_DEVID);
|
||||
|
||||
if (dev == NULL)
|
||||
return BUFFER_E; /* out of devices */
|
||||
|
||||
dev->devId = devId;
|
||||
dev->cb = cb;
|
||||
dev->ctx = ctx;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
void wc_CryptoDev_UnRegisterDevice(int devId)
|
||||
{
|
||||
CryptoDev* dev = wc_CryptoDev_FindDevice(devId);
|
||||
if (dev) {
|
||||
XMEMSET(dev, 0, sizeof(*dev));
|
||||
dev->devId = INVALID_DEVID;
|
||||
}
|
||||
}
|
||||
|
||||
#ifndef NO_RSA
|
||||
int wc_CryptoDev_Rsa(const byte* in, word32 inLen, byte* out,
|
||||
word32* outLen, int type, RsaKey* key, WC_RNG* rng)
|
||||
{
|
||||
int ret = NOT_COMPILED_IN;
|
||||
CryptoDev* dev;
|
||||
|
||||
/* locate registered callback */
|
||||
dev = wc_CryptoDev_FindDevice(key->devId);
|
||||
if (dev) {
|
||||
if (dev->cb) {
|
||||
wc_CryptoInfo cryptoInfo;
|
||||
XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo));
|
||||
cryptoInfo.algo_type = WC_ALGO_TYPE_PK;
|
||||
cryptoInfo.pk.type = WC_PK_TYPE_RSA;
|
||||
cryptoInfo.pk.rsa.in = in;
|
||||
cryptoInfo.pk.rsa.inLen = inLen;
|
||||
cryptoInfo.pk.rsa.out = out;
|
||||
cryptoInfo.pk.rsa.outLen = outLen;
|
||||
cryptoInfo.pk.rsa.type = type;
|
||||
cryptoInfo.pk.rsa.key = key;
|
||||
cryptoInfo.pk.rsa.rng = rng;
|
||||
|
||||
ret = dev->cb(key->devId, &cryptoInfo, dev->ctx);
|
||||
}
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
#endif /* !NO_RSA */
|
||||
|
||||
#ifdef HAVE_ECC
|
||||
int wc_CryptoDev_Ecdh(ecc_key* private_key, ecc_key* public_key,
|
||||
byte* out, word32* outlen)
|
||||
{
|
||||
int ret = NOT_COMPILED_IN;
|
||||
CryptoDev* dev;
|
||||
|
||||
/* locate registered callback */
|
||||
dev = wc_CryptoDev_FindDevice(private_key->devId);
|
||||
if (dev) {
|
||||
if (dev->cb) {
|
||||
wc_CryptoInfo cryptoInfo;
|
||||
XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo));
|
||||
cryptoInfo.algo_type = WC_ALGO_TYPE_PK;
|
||||
cryptoInfo.pk.type = WC_PK_TYPE_ECDH;
|
||||
cryptoInfo.pk.ecdh.private_key = private_key;
|
||||
cryptoInfo.pk.ecdh.public_key = public_key;
|
||||
cryptoInfo.pk.ecdh.out = out;
|
||||
cryptoInfo.pk.ecdh.outlen = outlen;
|
||||
|
||||
ret = dev->cb(private_key->devId, &cryptoInfo, dev->ctx);
|
||||
}
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
int wc_CryptoDev_EccSign(const byte* in, word32 inlen, byte* out,
|
||||
word32 *outlen, WC_RNG* rng, ecc_key* key)
|
||||
{
|
||||
int ret = NOT_COMPILED_IN;
|
||||
CryptoDev* dev;
|
||||
|
||||
/* locate registered callback */
|
||||
dev = wc_CryptoDev_FindDevice(key->devId);
|
||||
if (dev) {
|
||||
if (dev->cb) {
|
||||
wc_CryptoInfo cryptoInfo;
|
||||
XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo));
|
||||
cryptoInfo.algo_type = WC_ALGO_TYPE_PK;
|
||||
cryptoInfo.pk.type = WC_PK_TYPE_ECDSA_SIGN;
|
||||
cryptoInfo.pk.eccsign.in = in;
|
||||
cryptoInfo.pk.eccsign.inlen = inlen;
|
||||
cryptoInfo.pk.eccsign.out = out;
|
||||
cryptoInfo.pk.eccsign.outlen = outlen;
|
||||
cryptoInfo.pk.eccsign.rng = rng;
|
||||
cryptoInfo.pk.eccsign.key = key;
|
||||
|
||||
ret = dev->cb(key->devId, &cryptoInfo, dev->ctx);
|
||||
}
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
int wc_CryptoDev_EccVerify(const byte* sig, word32 siglen,
|
||||
const byte* hash, word32 hashlen, int* res, ecc_key* key)
|
||||
{
|
||||
int ret = NOT_COMPILED_IN;
|
||||
CryptoDev* dev;
|
||||
|
||||
/* locate registered callback */
|
||||
dev = wc_CryptoDev_FindDevice(key->devId);
|
||||
if (dev) {
|
||||
if (dev->cb) {
|
||||
wc_CryptoInfo cryptoInfo;
|
||||
XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo));
|
||||
cryptoInfo.algo_type = WC_ALGO_TYPE_PK;
|
||||
cryptoInfo.pk.type = WC_PK_TYPE_ECDSA_VERIFY;
|
||||
cryptoInfo.pk.eccverify.sig = sig;
|
||||
cryptoInfo.pk.eccverify.siglen = siglen;
|
||||
cryptoInfo.pk.eccverify.hash = hash;
|
||||
cryptoInfo.pk.eccverify.hashlen = hashlen;
|
||||
cryptoInfo.pk.eccverify.res = res;
|
||||
cryptoInfo.pk.eccverify.key = key;
|
||||
|
||||
ret = dev->cb(key->devId, &cryptoInfo, dev->ctx);
|
||||
}
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
#endif /* HAVE_ECC */
|
||||
|
||||
#endif /* WOLF_CRYPTO_DEV */
|
||||
Executable → Regular
+112
-28
@@ -122,6 +122,10 @@ ECC Curve Sizes:
|
||||
#include <wolfssl/wolfcrypt/hash.h>
|
||||
#endif
|
||||
|
||||
#ifdef WOLF_CRYPTO_DEV
|
||||
#include <wolfssl/wolfcrypt/cryptodev.h>
|
||||
#endif
|
||||
|
||||
#ifdef NO_INLINE
|
||||
#include <wolfssl/wolfcrypt/misc.h>
|
||||
#else
|
||||
@@ -2793,6 +2797,14 @@ int wc_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out,
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
#ifdef WOLF_CRYPTO_DEV
|
||||
if (private_key->devId != INVALID_DEVID) {
|
||||
err = wc_CryptoDev_Ecdh(private_key, public_key, out, outlen);
|
||||
if (err != NOT_COMPILED_IN)
|
||||
return err;
|
||||
}
|
||||
#endif
|
||||
|
||||
/* type valid? */
|
||||
if (private_key->type != ECC_PRIVATEKEY &&
|
||||
private_key->type != ECC_PRIVATEKEY_ONLY) {
|
||||
@@ -3127,12 +3139,6 @@ static int wc_ecc_gen_k(WC_RNG* rng, int size, mp_int* k, mp_int* order)
|
||||
if (err == 0)
|
||||
err = mp_read_unsigned_bin(k, (byte*)buf, size);
|
||||
|
||||
/* quick sanity check to make sure we're not dealing with a 0 key */
|
||||
if (err == MP_OKAY) {
|
||||
if (mp_iszero(k) == MP_YES)
|
||||
err = MP_ZERO_E;
|
||||
}
|
||||
|
||||
/* the key should be smaller than the order of base point */
|
||||
if (err == MP_OKAY) {
|
||||
if (mp_cmp(k, order) != MP_LT) {
|
||||
@@ -3140,6 +3146,12 @@ static int wc_ecc_gen_k(WC_RNG* rng, int size, mp_int* k, mp_int* order)
|
||||
}
|
||||
}
|
||||
|
||||
/* quick sanity check to make sure we're not dealing with a 0 key */
|
||||
if (err == MP_OKAY) {
|
||||
if (mp_iszero(k) == MP_YES)
|
||||
err = MP_ZERO_E;
|
||||
}
|
||||
|
||||
ForceZero(buf, ECC_MAXSIZE);
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(buf, NULL, DYNAMIC_TYPE_ECC_BUFFER);
|
||||
@@ -3279,6 +3291,8 @@ static int wc_ecc_make_pub_ex(ecc_key* key, ecc_curve_spec* curveIn,
|
||||
wc_ecc_curve_free(curve);
|
||||
}
|
||||
|
||||
#else
|
||||
(void)curveIn;
|
||||
#endif /* WOLFSSL_ATECC508A */
|
||||
|
||||
/* change key state if public part is cached */
|
||||
@@ -3355,7 +3369,7 @@ int wc_ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key, int curve_id)
|
||||
/* populate key->pubkey */
|
||||
err = mp_read_unsigned_bin(key->pubkey.x, key->pubkey_raw,
|
||||
ECC_MAX_CRYPTO_HW_SIZE);
|
||||
if (err = MP_OKAY)
|
||||
if (err == MP_OKAY)
|
||||
err = mp_read_unsigned_bin(key->pubkey.y,
|
||||
key->pubkey_raw + ECC_MAX_CRYPTO_HW_SIZE,
|
||||
ECC_MAX_CRYPTO_HW_SIZE);
|
||||
@@ -3495,8 +3509,10 @@ int wc_ecc_init_ex(ecc_key* key, void* heap, int devId)
|
||||
XMEMSET(key, 0, sizeof(ecc_key));
|
||||
key->state = ECC_STATE_NONE;
|
||||
|
||||
#ifdef PLUTON_CRYPTO_ECC
|
||||
#if defined(PLUTON_CRYPTO_ECC) || defined(WOLF_CRYPTO_DEV)
|
||||
key->devId = devId;
|
||||
#else
|
||||
(void)devId;
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_ATECC508A
|
||||
@@ -3532,8 +3548,6 @@ int wc_ecc_init_ex(ecc_key* key, void* heap, int devId)
|
||||
/* handle as async */
|
||||
ret = wolfAsync_DevCtxInit(&key->asyncDev, WOLFSSL_ASYNC_MARKER_ECC,
|
||||
key->heap, devId);
|
||||
#else
|
||||
(void)devId;
|
||||
#endif
|
||||
|
||||
return ret;
|
||||
@@ -3568,7 +3582,7 @@ static int wc_ecc_sign_hash_hw(const byte* in, word32 inlen,
|
||||
if (key->devId != INVALID_DEVID) /* use hardware */
|
||||
#endif
|
||||
{
|
||||
int keysize = key->dp->size;
|
||||
word32 keysize = (word32)key->dp->size;
|
||||
|
||||
/* Check args */
|
||||
if (keysize > ECC_MAX_CRYPTO_HW_SIZE || inlen != keysize ||
|
||||
@@ -3613,6 +3627,7 @@ static int wc_ecc_sign_hash_hw(const byte* in, word32 inlen,
|
||||
err = wc_ecc_sign_hash_ex(in, inlen, rng, key, r, s);
|
||||
}
|
||||
#endif
|
||||
(void)rng;
|
||||
|
||||
return err;
|
||||
}
|
||||
@@ -3641,6 +3656,14 @@ int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen,
|
||||
return ECC_BAD_ARG_E;
|
||||
}
|
||||
|
||||
#ifdef WOLF_CRYPTO_DEV
|
||||
if (key->devId != INVALID_DEVID) {
|
||||
err = wc_CryptoDev_EccSign(in, inlen, out, outlen, rng, key);
|
||||
if (err != NOT_COMPILED_IN)
|
||||
return err;
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
err = wc_ecc_alloc_async(key);
|
||||
if (err != 0)
|
||||
@@ -3904,20 +3927,40 @@ int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, WC_RNG* rng,
|
||||
|
||||
/* don't use async for key, since we don't support async return here */
|
||||
if ((err = wc_ecc_init_ex(&pubkey, key->heap, INVALID_DEVID)) == MP_OKAY) {
|
||||
mp_int b;
|
||||
|
||||
if (err == MP_OKAY) {
|
||||
err = mp_init(&b);
|
||||
}
|
||||
|
||||
#ifdef WOLFSSL_CUSTOM_CURVES
|
||||
/* if custom curve, apply params to pubkey */
|
||||
if (key->idx == ECC_CUSTOM_IDX) {
|
||||
if (err == MP_OKAY && key->idx == ECC_CUSTOM_IDX) {
|
||||
err = wc_ecc_set_custom_curve(&pubkey, key->dp);
|
||||
}
|
||||
#endif
|
||||
|
||||
if (err == MP_OKAY) {
|
||||
/* Generate blinding value - non-zero value. */
|
||||
do {
|
||||
if (++loop_check > 64) {
|
||||
err = RNG_FAILURE_E;
|
||||
break;
|
||||
}
|
||||
|
||||
err = wc_ecc_gen_k(rng, key->dp->size, &b, curve->order);
|
||||
}
|
||||
while (err == MP_ZERO_E);
|
||||
loop_check = 0;
|
||||
}
|
||||
|
||||
for (; err == MP_OKAY;) {
|
||||
if (++loop_check > 64) {
|
||||
err = RNG_FAILURE_E;
|
||||
break;
|
||||
}
|
||||
err = wc_ecc_make_key_ex(rng, key->dp->size, &pubkey,
|
||||
key->dp->id);
|
||||
key->dp->id);
|
||||
if (err != MP_OKAY) break;
|
||||
|
||||
/* find r = x1 mod n */
|
||||
@@ -3933,30 +3976,50 @@ int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, WC_RNG* rng,
|
||||
mp_forcezero(&pubkey.k);
|
||||
}
|
||||
else {
|
||||
/* find s = (e + xr)/k */
|
||||
/* find s = (e + xr)/k
|
||||
= b.(e/k.b + x.r/k.b) */
|
||||
|
||||
/* k = k.b */
|
||||
err = mp_mulmod(&pubkey.k, &b, curve->order, &pubkey.k);
|
||||
if (err != MP_OKAY) break;
|
||||
|
||||
/* k = 1/k.b */
|
||||
err = mp_invmod(&pubkey.k, curve->order, &pubkey.k);
|
||||
if (err != MP_OKAY) break;
|
||||
|
||||
/* s = xr */
|
||||
/* s = x.r */
|
||||
err = mp_mulmod(&key->k, r, curve->order, s);
|
||||
if (err != MP_OKAY) break;
|
||||
|
||||
/* s = e + xr */
|
||||
/* s = x.r/k.b */
|
||||
err = mp_mulmod(&pubkey.k, s, curve->order, s);
|
||||
if (err != MP_OKAY) break;
|
||||
|
||||
/* e = e/k.b */
|
||||
err = mp_mulmod(&pubkey.k, e, curve->order, e);
|
||||
if (err != MP_OKAY) break;
|
||||
|
||||
/* s = e/k.b + x.r/k.b
|
||||
= (e + x.r)/k.b */
|
||||
err = mp_add(e, s, s);
|
||||
if (err != MP_OKAY) break;
|
||||
|
||||
/* s = e + xr */
|
||||
err = mp_mod(s, curve->order, s);
|
||||
/* s = b.(e + x.r)/k.b
|
||||
= (e + x.r)/k */
|
||||
err = mp_mulmod(s, &b, curve->order, s);
|
||||
if (err != MP_OKAY) break;
|
||||
|
||||
/* s = (e + xr)/k */
|
||||
err = mp_mulmod(s, &pubkey.k, curve->order, s);
|
||||
err = mp_mod(s, curve->order, s);
|
||||
if (err != MP_OKAY) break;
|
||||
|
||||
if (mp_iszero(s) == MP_NO)
|
||||
break;
|
||||
}
|
||||
}
|
||||
wc_ecc_free(&pubkey);
|
||||
mp_clear(&b);
|
||||
mp_free(&b);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -4028,7 +4091,7 @@ int wc_ecc_free(ecc_key* key)
|
||||
return 0;
|
||||
}
|
||||
|
||||
#ifndef WOLFSSL_SP_MATH
|
||||
#if !defined(WOLFSSL_SP_MATH) && !defined(WOLFSSL_ATECC508A)
|
||||
#ifdef ECC_SHAMIR
|
||||
|
||||
/** Computes kA*A + kB*B = C using Shamir's Trick
|
||||
@@ -4253,7 +4316,7 @@ int ecc_mul2add(ecc_point* A, mp_int* kA,
|
||||
}
|
||||
|
||||
#endif /* ECC_SHAMIR */
|
||||
#endif
|
||||
#endif /* !WOLFSSL_SP_MATH && !WOLFSSL_ATECC508A */
|
||||
|
||||
|
||||
#ifdef HAVE_ECC_VERIFY
|
||||
@@ -4291,6 +4354,14 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
|
||||
return ECC_BAD_ARG_E;
|
||||
}
|
||||
|
||||
#ifdef WOLF_CRYPTO_DEV
|
||||
if (key->devId != INVALID_DEVID) {
|
||||
err = wc_CryptoDev_EccVerify(sig, siglen, hash, hashlen, res, key);
|
||||
if (err != NOT_COMPILED_IN)
|
||||
return err;
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
err = wc_ecc_alloc_async(key);
|
||||
if (err != 0)
|
||||
@@ -4325,6 +4396,13 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
|
||||
key->state = ECC_STATE_VERIFY_DO;
|
||||
|
||||
err = wc_ecc_verify_hash_ex(r, s, hash, hashlen, res, key);
|
||||
|
||||
#ifndef WOLFSSL_ASYNC_CRYPT
|
||||
/* done with R/S */
|
||||
mp_clear(r);
|
||||
mp_clear(s);
|
||||
#endif
|
||||
|
||||
if (err < 0) {
|
||||
break;
|
||||
}
|
||||
@@ -4333,10 +4411,6 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
|
||||
case ECC_STATE_VERIFY_RES:
|
||||
key->state = ECC_STATE_VERIFY_RES;
|
||||
err = 0;
|
||||
|
||||
/* done with R/S */
|
||||
mp_clear(r);
|
||||
mp_clear(s);
|
||||
break;
|
||||
|
||||
default:
|
||||
@@ -4431,7 +4505,8 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
|
||||
err = atcatls_verify(hash, sigRS, key->pubkey_raw, (bool*)res);
|
||||
if (err != ATCA_SUCCESS) {
|
||||
return BAD_COND_E;
|
||||
}
|
||||
}
|
||||
(void)hashlen;
|
||||
|
||||
#else
|
||||
|
||||
@@ -4664,12 +4739,12 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
|
||||
#endif /* HAVE_ECC_VERIFY */
|
||||
|
||||
#ifdef HAVE_ECC_KEY_IMPORT
|
||||
#ifndef WOLFSSL_ATECC508A
|
||||
/* import point from der */
|
||||
int wc_ecc_import_point_der(byte* in, word32 inLen, const int curve_idx,
|
||||
ecc_point* point)
|
||||
{
|
||||
int err = 0;
|
||||
#ifndef WOLFSSL_ATECC508A
|
||||
int compressed = 0;
|
||||
int keysize;
|
||||
byte pointType;
|
||||
@@ -4800,9 +4875,16 @@ int wc_ecc_import_point_der(byte* in, word32 inLen, const int curve_idx,
|
||||
mp_clear(point->z);
|
||||
}
|
||||
|
||||
#else
|
||||
err = NOT_COMPILED_IN;
|
||||
(void)in;
|
||||
(void)inLen;
|
||||
(void)curve_idx;
|
||||
(void)point;
|
||||
#endif /* !WOLFSSL_ATECC508A */
|
||||
|
||||
return err;
|
||||
}
|
||||
#endif /* !WOLFSSL_ATECC508A */
|
||||
#endif /* HAVE_ECC_KEY_IMPORT */
|
||||
|
||||
#ifdef HAVE_ECC_KEY_EXPORT
|
||||
@@ -5835,6 +5917,8 @@ static int wc_ecc_import_raw_private(ecc_key* key, const char* qx,
|
||||
#ifdef WOLFSSL_ATECC508A
|
||||
/* TODO: Implement equiv call to ATECC508A */
|
||||
err = BAD_COND_E;
|
||||
(void)d;
|
||||
(void)encType;
|
||||
|
||||
#else
|
||||
|
||||
|
||||
@@ -63,6 +63,10 @@ EXTRA_DIST += wolfcrypt/src/port/ti/ti-aes.c \
|
||||
wolfcrypt/src/port/caam/caam_doc.pdf \
|
||||
wolfcrypt/src/port/st/stm32.c
|
||||
|
||||
if BUILD_CRYPTODEV
|
||||
src_libwolfssl_la_SOURCES += wolfcrypt/src/cryptodev.c
|
||||
endif
|
||||
|
||||
if BUILD_CAVIUM
|
||||
src_libwolfssl_la_SOURCES += wolfcrypt/src/port/cavium/cavium_nitrox.c
|
||||
|
||||
|
||||
@@ -711,7 +711,7 @@ int wc_ERR_remove_state(void)
|
||||
|
||||
#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
|
||||
/* empties out the error queue into the file */
|
||||
void wc_ERR_print_errors_fp(FILE* fp)
|
||||
void wc_ERR_print_errors_fp(XFILE fp)
|
||||
{
|
||||
WOLFSSL_ENTER("wc_ERR_print_errors_fp");
|
||||
|
||||
|
||||
@@ -311,6 +311,48 @@ STATIC INLINE word32 btoi(byte b)
|
||||
}
|
||||
|
||||
|
||||
/* Constant time - mask set when a > b. */
|
||||
STATIC INLINE byte ctMaskGT(int a, int b)
|
||||
{
|
||||
return (((word32)a - b - 1) >> 31) - 1;
|
||||
}
|
||||
|
||||
/* Constant time - mask set when a >= b. */
|
||||
STATIC INLINE byte ctMaskGTE(int a, int b)
|
||||
{
|
||||
return (((word32)a - b ) >> 31) - 1;
|
||||
}
|
||||
|
||||
/* Constant time - mask set when a < b. */
|
||||
STATIC INLINE byte ctMaskLT(int a, int b)
|
||||
{
|
||||
return (((word32)b - a - 1) >> 31) - 1;
|
||||
}
|
||||
|
||||
/* Constant time - mask set when a <= b. */
|
||||
STATIC INLINE byte ctMaskLTE(int a, int b)
|
||||
{
|
||||
return (((word32)b - a ) >> 31) - 1;
|
||||
}
|
||||
|
||||
/* Constant time - mask set when a == b. */
|
||||
STATIC INLINE byte ctMaskEq(int a, int b)
|
||||
{
|
||||
return 0 - (a == b);
|
||||
}
|
||||
|
||||
/* Constant time - select b when mask is set and a otherwise. */
|
||||
STATIC INLINE byte ctMaskSel(byte m, byte a, byte b)
|
||||
{
|
||||
return (a & ~m) | (b & m);
|
||||
}
|
||||
|
||||
/* Constant time - bit set when a <= b. */
|
||||
STATIC INLINE byte ctSetLTE(int a, int b)
|
||||
{
|
||||
return ((word32)a - b - 1) >> 31;
|
||||
}
|
||||
|
||||
|
||||
#undef STATIC
|
||||
|
||||
|
||||
+82
-46
@@ -247,8 +247,8 @@ int wc_PKCS7_Init(PKCS7* pkcs7, void* heap, int devId)
|
||||
|
||||
XMEMSET(pkcs7, 0, sizeof(PKCS7));
|
||||
pkcs7->heap = heap;
|
||||
pkcs7->devId = devId;
|
||||
|
||||
(void)devId; /* silence unused warning */
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -259,7 +259,7 @@ int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* cert, word32 certSz)
|
||||
{
|
||||
int ret = 0;
|
||||
void* heap;
|
||||
|
||||
int devId;
|
||||
|
||||
if (pkcs7 == NULL || (cert == NULL && certSz != 0)) {
|
||||
return BAD_FUNC_ARG;
|
||||
@@ -270,9 +270,11 @@ int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* cert, word32 certSz)
|
||||
#else
|
||||
heap = pkcs7->heap;
|
||||
#endif
|
||||
devId = pkcs7->devId;
|
||||
|
||||
XMEMSET(pkcs7, 0, sizeof(PKCS7));
|
||||
pkcs7->heap = heap;
|
||||
pkcs7->devId = devId;
|
||||
|
||||
if (cert != NULL && certSz > 0) {
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
@@ -590,9 +592,9 @@ static int wc_PKCS7_RsaSign(PKCS7* pkcs7, byte* in, word32 inSz, ESD* esd)
|
||||
RsaKey* privKey = &stack_privKey;
|
||||
#endif
|
||||
|
||||
if (pkcs7 == NULL || pkcs7->privateKey == NULL || pkcs7->rng == NULL ||
|
||||
in == NULL || esd == NULL)
|
||||
if (pkcs7 == NULL || pkcs7->rng == NULL || in == NULL || esd == NULL) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
privKey = (RsaKey*)XMALLOC(sizeof(RsaKey), NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
@@ -600,14 +602,17 @@ static int wc_PKCS7_RsaSign(PKCS7* pkcs7, byte* in, word32 inSz, ESD* esd)
|
||||
return MEMORY_E;
|
||||
#endif
|
||||
|
||||
ret = wc_InitRsaKey(privKey, pkcs7->heap);
|
||||
|
||||
ret = wc_InitRsaKey_ex(privKey, pkcs7->heap, pkcs7->devId);
|
||||
if (ret == 0) {
|
||||
idx = 0;
|
||||
ret = wc_RsaPrivateKeyDecode(pkcs7->privateKey, &idx, privKey,
|
||||
pkcs7->privateKeySz);
|
||||
if (pkcs7->privateKey != NULL && pkcs7->privateKeySz > 0) {
|
||||
idx = 0;
|
||||
ret = wc_RsaPrivateKeyDecode(pkcs7->privateKey, &idx, privKey,
|
||||
pkcs7->privateKeySz);
|
||||
}
|
||||
else if (pkcs7->devId == INVALID_DEVID) {
|
||||
ret = BAD_FUNC_ARG;
|
||||
}
|
||||
}
|
||||
|
||||
if (ret == 0) {
|
||||
ret = wc_RsaSSL_Sign(in, inSz, esd->encContentDigest,
|
||||
sizeof(esd->encContentDigest),
|
||||
@@ -639,9 +644,9 @@ static int wc_PKCS7_EcdsaSign(PKCS7* pkcs7, byte* in, word32 inSz, ESD* esd)
|
||||
ecc_key* privKey = &stack_privKey;
|
||||
#endif
|
||||
|
||||
if (pkcs7 == NULL || pkcs7->privateKey == NULL || pkcs7->rng == NULL ||
|
||||
in == NULL || esd == NULL)
|
||||
if (pkcs7 == NULL || pkcs7->rng == NULL || in == NULL || esd == NULL) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
privKey = (ecc_key*)XMALLOC(sizeof(ecc_key), NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
@@ -649,14 +654,17 @@ static int wc_PKCS7_EcdsaSign(PKCS7* pkcs7, byte* in, word32 inSz, ESD* esd)
|
||||
return MEMORY_E;
|
||||
#endif
|
||||
|
||||
ret = wc_ecc_init_ex(privKey, pkcs7->heap, INVALID_DEVID);
|
||||
|
||||
ret = wc_ecc_init_ex(privKey, pkcs7->heap, pkcs7->devId);
|
||||
if (ret == 0) {
|
||||
idx = 0;
|
||||
ret = wc_EccPrivateKeyDecode(pkcs7->privateKey, &idx, privKey,
|
||||
pkcs7->privateKeySz);
|
||||
if (pkcs7->privateKey != NULL && pkcs7->privateKeySz > 0) {
|
||||
idx = 0;
|
||||
ret = wc_EccPrivateKeyDecode(pkcs7->privateKey, &idx, privKey,
|
||||
pkcs7->privateKeySz);
|
||||
}
|
||||
else if (pkcs7->devId == INVALID_DEVID) {
|
||||
ret = BAD_FUNC_ARG;
|
||||
}
|
||||
}
|
||||
|
||||
if (ret == 0) {
|
||||
outSz = sizeof(esd->encContentDigest);
|
||||
ret = wc_ecc_sign_hash(in, inSz, esd->encContentDigest,
|
||||
@@ -1033,9 +1041,9 @@ int wc_PKCS7_EncodeSignedData(PKCS7* pkcs7, byte* output, word32 outputSz)
|
||||
if (pkcs7 == NULL || pkcs7->content == NULL || pkcs7->contentSz == 0 ||
|
||||
pkcs7->encryptOID == 0 || pkcs7->hashOID == 0 || pkcs7->rng == 0 ||
|
||||
pkcs7->singleCert == NULL || pkcs7->singleCertSz == 0 ||
|
||||
pkcs7->privateKey == NULL || pkcs7->privateKeySz == 0 ||
|
||||
output == NULL || outputSz == 0)
|
||||
output == NULL || outputSz == 0) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
esd = (ESD*)XMALLOC(sizeof(ESD), NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
@@ -1309,7 +1317,7 @@ static int wc_PKCS7_RsaVerify(PKCS7* pkcs7, byte* sig, int sigSz,
|
||||
|
||||
XMEMSET(digest, 0, MAX_PKCS7_DIGEST_SZ);
|
||||
|
||||
ret = wc_InitRsaKey(key, pkcs7->heap);
|
||||
ret = wc_InitRsaKey_ex(key, pkcs7->heap, pkcs7->devId);
|
||||
if (ret != 0) {
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(digest, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
@@ -1321,6 +1329,7 @@ static int wc_PKCS7_RsaVerify(PKCS7* pkcs7, byte* sig, int sigSz,
|
||||
if (wc_RsaPublicKeyDecode(pkcs7->publicKey, &scratch, key,
|
||||
pkcs7->publicKeySz) < 0) {
|
||||
WOLFSSL_MSG("ASN RSA key decode error");
|
||||
wc_FreeRsaKey(key);
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(digest, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
@@ -1384,7 +1393,7 @@ static int wc_PKCS7_EcdsaVerify(PKCS7* pkcs7, byte* sig, int sigSz,
|
||||
|
||||
XMEMSET(digest, 0, MAX_PKCS7_DIGEST_SZ);
|
||||
|
||||
ret = wc_ecc_init_ex(key, pkcs7->heap, INVALID_DEVID);
|
||||
ret = wc_ecc_init_ex(key, pkcs7->heap, pkcs7->devId);
|
||||
if (ret != 0) {
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(digest, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
@@ -1396,6 +1405,7 @@ static int wc_PKCS7_EcdsaVerify(PKCS7* pkcs7, byte* sig, int sigSz,
|
||||
if (wc_EccPublicKeyDecode(pkcs7->publicKey, &idx, key,
|
||||
pkcs7->publicKeySz) < 0) {
|
||||
WOLFSSL_MSG("ASN ECDSA key decode error");
|
||||
wc_ecc_free(key);
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(digest, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
@@ -1854,7 +1864,6 @@ int wc_PKCS7_VerifySignedData(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz)
|
||||
pkcs7->der = (byte*)XMALLOC(len, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
|
||||
if (pkcs7->der == NULL)
|
||||
return MEMORY_E;
|
||||
len = 0;
|
||||
ret = wc_BerToDer(pkiMsg, pkiMsgSz, pkcs7->der, &len);
|
||||
if (ret < 0)
|
||||
return ret;
|
||||
@@ -2124,6 +2133,7 @@ int wc_PKCS7_VerifySignedData(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz)
|
||||
typedef struct WC_PKCS7_KARI {
|
||||
DecodedCert* decoded; /* decoded recip cert */
|
||||
void* heap; /* user heap, points to PKCS7->heap */
|
||||
int devId; /* device ID for HW based private key */
|
||||
ecc_key* recipKey; /* recip key (pub | priv) */
|
||||
ecc_key* senderKey; /* sender key (pub | priv) */
|
||||
byte* senderKeyExport; /* sender ephemeral key DER */
|
||||
@@ -2136,6 +2146,9 @@ typedef struct WC_PKCS7_KARI {
|
||||
word32 sharedInfoSz; /* size of ECC-CMS-SharedInfo encoded */
|
||||
byte ukmOwner; /* do we own ukm buffer? 1:yes, 0:no */
|
||||
byte direction; /* WC_PKCS7_ENCODE | WC_PKCS7_DECODE */
|
||||
byte decodedInit : 1; /* indicates decoded was initialized */
|
||||
byte recipKeyInit : 1; /* indicates recipKey was initialized */
|
||||
byte senderKeyInit : 1; /* indicates senderKey was initialized */
|
||||
} WC_PKCS7_KARI;
|
||||
|
||||
|
||||
@@ -2247,8 +2260,12 @@ static WC_PKCS7_KARI* wc_PKCS7_KariNew(PKCS7* pkcs7, byte direction)
|
||||
kari->sharedInfo = NULL;
|
||||
kari->sharedInfoSz = 0;
|
||||
kari->direction = direction;
|
||||
kari->decodedInit = 0;
|
||||
kari->recipKeyInit = 0;
|
||||
kari->senderKeyInit = 0;
|
||||
|
||||
kari->heap = pkcs7->heap;
|
||||
kari->devId = pkcs7->devId;
|
||||
|
||||
return kari;
|
||||
}
|
||||
@@ -2263,15 +2280,18 @@ static int wc_PKCS7_KariFree(WC_PKCS7_KARI* kari)
|
||||
heap = kari->heap;
|
||||
|
||||
if (kari->decoded) {
|
||||
FreeDecodedCert(kari->decoded);
|
||||
if (kari->decodedInit)
|
||||
FreeDecodedCert(kari->decoded);
|
||||
XFREE(kari->decoded, heap, DYNAMIC_TYPE_PKCS7);
|
||||
}
|
||||
if (kari->senderKey) {
|
||||
wc_ecc_free(kari->senderKey);
|
||||
if (kari->senderKeyInit)
|
||||
wc_ecc_free(kari->senderKey);
|
||||
XFREE(kari->senderKey, heap, DYNAMIC_TYPE_PKCS7);
|
||||
}
|
||||
if (kari->recipKey) {
|
||||
wc_ecc_free(kari->recipKey);
|
||||
if (kari->recipKeyInit)
|
||||
wc_ecc_free(kari->recipKey);
|
||||
XFREE(kari->recipKey, heap, DYNAMIC_TYPE_PKCS7);
|
||||
}
|
||||
if (kari->senderKeyExport) {
|
||||
@@ -2317,12 +2337,9 @@ static int wc_PKCS7_KariParseRecipCert(WC_PKCS7_KARI* kari, const byte* cert,
|
||||
cert == NULL || certSz == 0)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
if (kari->direction == WC_PKCS7_DECODE &&
|
||||
(key == NULL || keySz == 0))
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
/* decode certificate */
|
||||
InitDecodedCert(kari->decoded, (byte*)cert, certSz, kari->heap);
|
||||
kari->decodedInit = 1;
|
||||
ret = ParseCert(kari->decoded, CA_TYPE, NO_VERIFY, 0);
|
||||
if (ret < 0)
|
||||
return ret;
|
||||
@@ -2333,10 +2350,12 @@ static int wc_PKCS7_KariParseRecipCert(WC_PKCS7_KARI* kari, const byte* cert,
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
ret = wc_ecc_init_ex(kari->recipKey, kari->heap, INVALID_DEVID);
|
||||
ret = wc_ecc_init_ex(kari->recipKey, kari->heap, kari->devId);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
|
||||
kari->recipKeyInit = 1;
|
||||
|
||||
/* get recip public key */
|
||||
if (kari->direction == WC_PKCS7_ENCODE) {
|
||||
|
||||
@@ -2348,9 +2367,13 @@ static int wc_PKCS7_KariParseRecipCert(WC_PKCS7_KARI* kari, const byte* cert,
|
||||
}
|
||||
/* get recip private key */
|
||||
else if (kari->direction == WC_PKCS7_DECODE) {
|
||||
|
||||
idx = 0;
|
||||
ret = wc_EccPrivateKeyDecode(key, &idx, kari->recipKey, keySz);
|
||||
if (key != NULL && keySz > 0) {
|
||||
idx = 0;
|
||||
ret = wc_EccPrivateKeyDecode(key, &idx, kari->recipKey, keySz);
|
||||
}
|
||||
else if (kari->devId == INVALID_DEVID) {
|
||||
ret = BAD_FUNC_ARG;
|
||||
}
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
|
||||
@@ -2384,10 +2407,12 @@ static int wc_PKCS7_KariGenerateEphemeralKey(WC_PKCS7_KARI* kari, WC_RNG* rng)
|
||||
|
||||
kari->senderKeyExportSz = kari->decoded->pubKeySize;
|
||||
|
||||
ret = wc_ecc_init_ex(kari->senderKey, kari->heap, INVALID_DEVID);
|
||||
ret = wc_ecc_init_ex(kari->senderKey, kari->heap, kari->devId);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
|
||||
kari->senderKeyInit = 1;
|
||||
|
||||
ret = wc_ecc_make_key_ex(rng, kari->recipKey->dp->size,
|
||||
kari->senderKey, kari->recipKey->dp->id);
|
||||
if (ret != 0)
|
||||
@@ -2986,7 +3011,7 @@ static int wc_CreateRecipientInfo(const byte* cert, word32 certSz,
|
||||
#endif
|
||||
|
||||
/* EncryptedKey */
|
||||
ret = wc_InitRsaKey(pubKey, 0);
|
||||
ret = wc_InitRsaKey_ex(pubKey, heap, INVALID_DEVID);
|
||||
if (ret != 0) {
|
||||
FreeDecodedCert(decoded);
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
@@ -3250,7 +3275,7 @@ static int wc_PKCS7_GenerateIV(PKCS7* pkcs7, WC_RNG* rng, byte* iv, word32 ivSz)
|
||||
if (rnd == NULL)
|
||||
return MEMORY_E;
|
||||
|
||||
ret = wc_InitRng_ex(rnd, pkcs7->heap, INVALID_DEVID);
|
||||
ret = wc_InitRng_ex(rnd, pkcs7->heap, pkcs7->devId);
|
||||
if (ret != 0) {
|
||||
XFREE(rnd, pkcs7->heap, DYNAMIC_TYPE_RNG);
|
||||
return ret;
|
||||
@@ -3384,7 +3409,7 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
|
||||
}
|
||||
|
||||
/* generate random content encryption key */
|
||||
ret = wc_InitRng_ex(&rng, pkcs7->heap, INVALID_DEVID);
|
||||
ret = wc_InitRng_ex(&rng, pkcs7->heap, pkcs7->devId);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
|
||||
@@ -3712,7 +3737,7 @@ static int wc_PKCS7_DecodeKtri(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz,
|
||||
}
|
||||
#endif
|
||||
|
||||
ret = wc_InitRsaKey(privKey, 0);
|
||||
ret = wc_InitRsaKey_ex(privKey, NULL, INVALID_DEVID);
|
||||
if (ret != 0) {
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
@@ -3721,11 +3746,17 @@ static int wc_PKCS7_DecodeKtri(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz,
|
||||
return ret;
|
||||
}
|
||||
|
||||
keyIdx = 0;
|
||||
ret = wc_RsaPrivateKeyDecode(pkcs7->privateKey, &keyIdx, privKey,
|
||||
pkcs7->privateKeySz);
|
||||
if (pkcs7->privateKey != NULL && pkcs7->privateKeySz > 0) {
|
||||
keyIdx = 0;
|
||||
ret = wc_RsaPrivateKeyDecode(pkcs7->privateKey, &keyIdx, privKey,
|
||||
pkcs7->privateKeySz);
|
||||
}
|
||||
else if (pkcs7->devId == INVALID_DEVID) {
|
||||
ret = BAD_FUNC_ARG;
|
||||
}
|
||||
if (ret != 0) {
|
||||
WOLFSSL_MSG("Failed to decode RSA private key");
|
||||
wc_FreeRsaKey(privKey);
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(privKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
@@ -3735,7 +3766,7 @@ static int wc_PKCS7_DecodeKtri(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz,
|
||||
|
||||
/* decrypt encryptedKey */
|
||||
#ifdef WC_RSA_BLINDING
|
||||
ret = wc_InitRng_ex(&rng, pkcs7->heap, INVALID_DEVID);
|
||||
ret = wc_InitRng_ex(&rng, pkcs7->heap, pkcs7->devId);
|
||||
if (ret == 0) {
|
||||
ret = wc_RsaSetRNG(privKey, &rng);
|
||||
}
|
||||
@@ -3823,10 +3854,12 @@ static int wc_PKCS7_KariGetOriginatorIdentifierOrKey(WC_PKCS7_KARI* kari,
|
||||
return ASN_EXPECT_0_E;
|
||||
|
||||
/* get sender ephemeral public ECDSA key */
|
||||
ret = wc_ecc_init_ex(kari->senderKey, kari->heap, INVALID_DEVID);
|
||||
ret = wc_ecc_init_ex(kari->senderKey, kari->heap, kari->devId);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
|
||||
kari->senderKeyInit = 1;
|
||||
|
||||
/* length-1 for unused bits counter */
|
||||
ret = wc_ecc_import_x963(pkiMsg + (*idx), length - 1, kari->senderKey);
|
||||
if (ret != 0)
|
||||
@@ -4155,6 +4188,9 @@ static int wc_PKCS7_DecodeKari(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz,
|
||||
pkcs7->privateKeySz);
|
||||
if (ret != 0) {
|
||||
wc_PKCS7_KariFree(kari);
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(encryptedKey, NULL, DYNAMIC_TYPE_PKCS7);
|
||||
#endif
|
||||
return ret;
|
||||
}
|
||||
|
||||
@@ -4380,8 +4416,7 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg,
|
||||
int explicitOctet;
|
||||
|
||||
if (pkcs7 == NULL || pkcs7->singleCert == NULL ||
|
||||
pkcs7->singleCertSz == 0 || pkcs7->privateKey == NULL ||
|
||||
pkcs7->privateKeySz == 0)
|
||||
pkcs7->singleCertSz == 0)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
if (pkiMsg == NULL || pkiMsgSz == 0 ||
|
||||
@@ -5012,6 +5047,7 @@ int wc_PKCS7_DecodeEncryptedData(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz,
|
||||
/* go back and check the version now that attribs have been processed */
|
||||
if ((haveAttribs == 0 && version != 0) ||
|
||||
(haveAttribs == 1 && version != 2) ) {
|
||||
XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
|
||||
WOLFSSL_MSG("Wrong PKCS#7 EncryptedData version");
|
||||
return ASN_VERSION_E;
|
||||
}
|
||||
|
||||
Executable → Regular
@@ -1499,7 +1499,25 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
|
||||
|
||||
return 0;
|
||||
}
|
||||
#elif defined(WOLFSSL_NUCLEUS)
|
||||
#include "nucleus.h"
|
||||
#include "kernel/plus_common.h"
|
||||
|
||||
#warning "potential for not enough entropy, currently being used for testing"
|
||||
int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
|
||||
{
|
||||
int i;
|
||||
srand(NU_Get_Time_Stamp());
|
||||
|
||||
for (i = 0; i < sz; i++ ) {
|
||||
output[i] = rand() % 256;
|
||||
if ((i % 8) == 7) {
|
||||
srand(NU_Get_Time_Stamp());
|
||||
}
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
#elif defined(WOLFSSL_VXWORKS)
|
||||
|
||||
#include <randomNumGen.h>
|
||||
|
||||
+32
-7
@@ -190,6 +190,9 @@ int wc_RsaFlattenPublicKey(RsaKey* key, byte* a, word32* aSz, byte* b,
|
||||
|
||||
#include <wolfssl/wolfcrypt/random.h>
|
||||
#include <wolfssl/wolfcrypt/logging.h>
|
||||
#ifdef WOLF_CRYPTO_DEV
|
||||
#include <wolfssl/wolfcrypt/cryptodev.h>
|
||||
#endif
|
||||
#ifdef NO_INLINE
|
||||
#include <wolfssl/wolfcrypt/misc.h>
|
||||
#else
|
||||
@@ -237,8 +240,6 @@ int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId)
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
(void)devId;
|
||||
|
||||
XMEMSET(key, 0, sizeof(RsaKey));
|
||||
|
||||
key->type = RSA_TYPE_UNKNOWN;
|
||||
@@ -251,6 +252,12 @@ int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId)
|
||||
key->rng = NULL;
|
||||
#endif
|
||||
|
||||
#ifdef WOLF_CRYPTO_DEV
|
||||
key->devId = devId;
|
||||
#else
|
||||
(void)devId;
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
#ifdef WOLFSSL_CERT_GEN
|
||||
XMEMSET(&key->certSignCtx, 0, sizeof(CertSignCtx));
|
||||
@@ -263,8 +270,6 @@ int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId)
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
#endif /* WC_ASYNC_ENABLE_RSA */
|
||||
#else
|
||||
(void)devId;
|
||||
#endif /* WOLFSSL_ASYNC_CRYPT */
|
||||
|
||||
ret = mp_init_multi(&key->n, &key->e, NULL, NULL, NULL, NULL);
|
||||
@@ -1512,7 +1517,7 @@ static int wc_RsaFunctionAsync(const byte* in, word32 inLen, byte* out,
|
||||
}
|
||||
#endif /* WOLFSSL_ASYNC_CRYPT && WC_ASYNC_ENABLE_RSA */
|
||||
|
||||
#ifdef WC_RSA_NO_PADDING
|
||||
#if defined(WC_RSA_DIRECT) || defined(WC_RSA_NO_PADDING)
|
||||
/* Function that does the RSA operation directly with no padding.
|
||||
*
|
||||
* in buffer to do operation on
|
||||
@@ -1606,7 +1611,7 @@ int wc_RsaDirect(byte* in, word32 inLen, byte* out, word32* outSz,
|
||||
|
||||
return ret;
|
||||
}
|
||||
#endif /* WC_RSA_NO_PADDING */
|
||||
#endif /* WC_RSA_DIRECT || WC_RSA_NO_PADDING */
|
||||
|
||||
|
||||
int wc_RsaFunction(const byte* in, word32 inLen, byte* out,
|
||||
@@ -1619,6 +1624,15 @@ int wc_RsaFunction(const byte* in, word32 inLen, byte* out,
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
#ifdef WOLF_CRYPTO_DEV
|
||||
if (key->devId != INVALID_DEVID) {
|
||||
ret = wc_CryptoDev_Rsa(in, inLen, out, outLen, type, key, rng);
|
||||
if (ret != NOT_COMPILED_IN)
|
||||
return ret;
|
||||
ret = 0; /* reset error code and try using software */
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifndef NO_RSA_BOUNDS_CHECK
|
||||
if (type == RSA_PRIVATE_DECRYPT &&
|
||||
key->state == RSA_STATE_DECRYPT_EXPTMOD) {
|
||||
@@ -2268,10 +2282,21 @@ int wc_RsaPSS_Sign_ex(const byte* in, word32 inLen, byte* out, word32 outLen,
|
||||
|
||||
int wc_RsaEncryptSize(RsaKey* key)
|
||||
{
|
||||
int ret;
|
||||
|
||||
if (key == NULL) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
return mp_unsigned_bin_size(&key->n);
|
||||
|
||||
ret = mp_unsigned_bin_size(&key->n);
|
||||
|
||||
#ifdef WOLF_CRYPTO_DEV
|
||||
if (ret == 0 && key->devId != INVALID_DEVID) {
|
||||
ret = 2048/8; /* hardware handles, use 2048-bit as default */
|
||||
}
|
||||
#endif
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user