diff --git a/.gitignore b/.gitignore index f5e2544123..b96cadc367 100644 --- a/.gitignore +++ b/.gitignore @@ -237,3 +237,6 @@ IDE/LINUX-SGX/*.a wolfcrypt/src/port/intel/qat_test /mplabx/wolfssl.X/dist/default/ /mplabx/wolfcrypt_test.X/dist/default/ + +# Arduino Generated Files +/IDE/ARDUINO/wolfSSL diff --git a/ChangeLog b/ChangeLog deleted file mode 100644 index 87ed824016..0000000000 --- a/ChangeLog +++ /dev/null @@ -1 +0,0 @@ -Please see the file 'README' in this directory. diff --git a/README b/ChangeLog.md similarity index 73% rename from README rename to ChangeLog.md index ace91ea4c9..5e9ed1641d 100644 --- a/README +++ b/ChangeLog.md @@ -1,163 +1,182 @@ -*** Resources *** +# wolfSSL Release x.x.x - wolfSSL website: https://www.wolfssl.com/ - wolfSSL wiki: https://github.com/wolfSSL/wolfssl/wiki - wolfSSL manual: https://wolfssl.com/wolfSSL/Docs-wolfssl-manual-toc.html +* Added AES performance enhancements on AMD processors with build option `./configure --enable-intelasm` - FIPS FAQ: https://www.wolfssl.com/wolfSSL/fips.html +# wolfSSL Release 3.15.0 (06/05/2018) - wolfSSL API: https://wolfssl.com/wolfSSL/Docs-wolfssl-manual-17-wolfssl-api-reference.html - wolfCrypt API: https://wolfssl.com/wolfSSL/Docs-wolfssl-manual-18-wolfcrypt-api-reference.html +Release 3.15.0 of wolfSSL embedded TLS has bug fixes and new features including: - TLS 1.3 https://www.wolfssl.com/docs/tls13/ +* Support for TLS 1.3 Draft versions 23, 26 and 28. +* Add FIPS SGX support! +* Single Precision assembly code added for ARM and 64-bit ARM to enhance performance. +* Improved performance for Single Precision maths on 32-bit. +* Improved downgrade support for the TLS 1.3 handshake. +* Improved TLS 1.3 support from interoperability testing. +* Added option to allow TLS 1.2 to be compiled out to reduce size and enhance security. +* Added option to support Ed25519 in TLS 1.2 and 1.3. +* Update wolfSSL_HMAC_Final() so the length parameter is optional. +* Various fixes for Coverity static analysis reports. +* Add define to use internal struct timeval (USE_WOLF_TIMEVAL_T). +* Switch LowResTimer() to call XTIME instead of time(0) for better portability. +* Expanded OpenSSL compatibility layer with a bevy of new functions. +* Added Renesas CS+ project files. +* Align DH support with NIST SP 800-56A, add wc_DhSetKey_ex() for q parameter. +* Add build option for CAVP self test build (--enable-selftest). +* Expose mp_toradix() when WOLFSSL_PUBLIC_MP is defined. +* Example certificate expiration dates and generation script updated. +* Additional optimizations to trim out unused strings depending on build options. +* Fix for DN tag strings to have “=” when returning the string value to users. +* Fix for wolfSSL_ERR_get_error_line_data return value if no more errors are in the queue. +* Fix for AES-CBC IV value with PIC32 hardware acceleration. +* Fix for wolfSSL_X509_print with ECC certificates. +* Fix for strict checking on URI absolute vs relative path. +* Added crypto device framework to handle PK RSA/ECC operations using callbacks, which adds new build option `./configure --enable-cryptodev` or `WOLF_CRYPTO_DEV`. +* Added devId support to ECC and PKCS7 for hardware based private key. +* Fixes in PKCS7 for handling possible memory leak in some error cases. +* Added test for invalid cert common name when set with `wolfSSL_check_domain_name`. +* Refactor of the cipher suite names to use single array, which contains internal name, IANA name and cipher suite bytes. +* Added new function `wolfSSL_get_cipher_name_from_suite` for getting IANA cipher suite name using bytes. +* Fixes for fsanitize reports. +* Fix for openssl compatibility function `wolfSSL_RSA_verify` to check returned size. +* Fixes and improvements for FreeRTOS AWS. +* Fixes for building openssl compatibility with FreeRTOS. +* Fix and new test for handling match on domain name that may have a null terminator inside. +* Cleanup of the socket close code used for examples, CRL/OCSP and BIO to use single macro `CloseSocket`. +* Refactor of the TLSX code to support returning error codes. +* Added new signature wrapper functions `wc_SignatureVerifyHash` and `wc_SignatureGenerateHash` to allow direct use of hash. +* Improvement to GCC-ARM IDE example. +* Enhancements and cleanups for the ASN date/time code including new API's `wc_GetDateInfo`, `wc_GetCertDates` and `wc_GetDateAsCalendarTime`. +* Fixes to resolve issues with C99 compliance. Added build option `WOLF_C99` to force C99. +* Added a new `--enable-opensslall` option to enable all openssl compatibility features. +* Added new `--enable-webclient` option for enabling a few HTTP API's. +* Added new `wc_OidGetHash` API for getting the hash type from a hash OID. +* Moved `wolfSSL_CertPemToDer`, `wolfSSL_KeyPemToDer`, `wolfSSL_PubKeyPemToDer` to asn.c and renamed to `wc_`. Added backwards compatibility macro for old function names. +* Added new `WC_MAX_SYM_KEY_SIZE` macro for helping determine max key size. +* Added `--enable-enckeys` or (`WOLFSSL_ENCRYPTED_KEYS`) to enable support for encrypted PEM private keys using password callback without having to use opensslextra. +* Added ForceZero on the password buffer after done using it. +* Refactor unique hash types to use same internal values (ex WC_MD5 == WC_HASH_TYPE_MD5). +* Refactor the Sha3 types to use `wc_` naming, while retaining old names for compatibility. +* Improvements to `wc_PBKDF1` to support more hash types and the non-standard extra data option. +* Fix TLS 1.3 with ECC disabled and CURVE25519 enabled. +* Added new define `NO_DEV_URANDOM` to disable the use of `/dev/urandom`. +* Added `WC_RNG_BLOCKING` to indicate block w/sleep(0) is okay. +* Fix for `HAVE_EXT_CACHE` callbacks not being available without `OPENSSL_EXTRA` defined. +* Fix for ECC max bits `MAX_ECC_BITS` not always calculating correctly due to macro order. +* Added support for building and using PKCS7 without RSA (assuming ECC is enabled). +* Fixes and additions for Cavium Nitrox V to support ECC, AES-GCM and HMAC (SHA-224 and SHA3). +* Enabled ECC, AES-GCM and SHA-512/384 by default in (Linux and Windows) +* Added `./configure --enable-base16` and `WOLFSSL_BASE16` configuration option to enable Base16 API's. +* Improvements to ATECC508A support for building without `WOLFSSL_ATMEL` defined. +* Refactor IO callback function names to use `_CTX_` to eliminate confusion about the first parameter. +* Added support for not loading a private key for server or client when `HAVE_PK_CALLBACK` is defined and the private PK callback is set. +* Added new ECC API `wc_ecc_sig_size_calc` to return max signature size for a key size. +* Cleanup ECC point import/export code and added new API `wc_ecc_import_unsigned`. +* Fixes for handling OCSP with non-blocking. +* Added new PK (Primary Key) callbacks for the VerifyRsaSign. The new callbacks API's are `wolfSSL_CTX_SetRsaVerifySignCb` and `wolfSSL_CTX_SetRsaPssVerifySignCb`. +* Added new ECC API `wc_ecc_rs_raw_to_sig` to take raw unsigned R and S and encodes them into ECDSA signature format. +* Added support for `WOLFSSL_STM32F1`. +* Cleanup of the ASN X509 header/footer and XSTRNCPY logic. +* Add copyright notice to autoconf files. (Thanks Brian Aker!) +* Updated the M4 files for autotools. (Thanks Brian Aker!) +* Add support for the cipher suite TLS_DH_anon_WITH_AES256_GCM_SHA384 with test cases. (Thanks Thivya Ashok!) +* Add the TLS alert message unknown_psk_identity (115) from RFC 4279, section 2. (Thanks Thivya Ashok!) +* Fix the case when using TCP with timeouts with TLS. wolfSSL shall be agnostic to network socket behavior for TLS. (DTLS is another matter.) The functions `wolfSSL_set_using_nonblock()` and `wolfSSL_get_using_nonblock()` are deprecated. +* Hush the AR warning when building the static library with autotools. +* Hush the “-pthread” warning when building in some environments. +* Added a dist-hook target to the Makefile to reset the default options.h file. +* Removed the need for the darwin-clang.m4 file with the updates provided by Brian A. +* Renamed the AES assembly file so GCC on the Mac will build it using the preprocessor. +* Add a disable option (--disable-optflags) to turn off the default optimization flags so user may supply their own custom flags. +* Correctly touch the dummy fips.h header. -*** Description *** - -The wolfSSL embedded SSL library (formerly CyaSSL) is a lightweight SSL/TLS -library written in ANSI C and targeted for embedded, RTOS, and -resource-constrained environments - primarily because of its small size, speed, -and feature set. It is commonly used in standard operating environments as well -because of its royalty-free pricing and excellent cross platform support. wolfSSL -supports industry standards up to the current TLS 1.3 and DTLS 1.3 levels, is up -to 20 times smaller than OpenSSL, and offers progressive ciphers such as ChaCha20, -Curve25519, NTRU, and Blake2b. User benchmarking and feedback reports -dramatically better performance when using wolfSSL over OpenSSL. - -wolfSSL is powered by the wolfCrypt library. A version of the wolfCrypt -cryptography library has been FIPS 140-2 validated (Certificate #2425). For -additional information, visit the wolfCrypt FIPS FAQ -(https://www.wolfssl.com/license/fips/) or contact fips@wolfssl.com - -*** Why choose wolfSSL? *** - -There are many reasons to choose wolfSSL as your embedded SSL solution. Some of -the top reasons include size (typical footprint sizes range from 20-100 kB), -support for the newest standards (SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3, -DTLS 1.0, and DTLS 1.2), current and progressive cipher support (including stream -ciphers), multi-platform, royalty free, and an OpenSSL compatibility API to ease -porting into existing applications which have previously used the OpenSSL package. -For a complete feature list, see https://www.wolfssl.com/docs/wolfssl-manual/ch4/ - -*** Notes, Please read *** - -Note 1) -wolfSSL as of 3.6.6 no longer enables SSLv3 by default. wolfSSL also no -longer supports static key cipher suites with PSK, RSA, or ECDH. This means -if you plan to use TLS cipher suites you must enable DH (DH is on by default), -or enable ECC (ECC is on by default), or you must enable static -key cipher suites with - WOLFSSL_STATIC_DH - WOLFSSL_STATIC_RSA - or - WOLFSSL_STATIC_PSK - -though static key cipher suites are deprecated and will be removed from future -versions of TLS. They also lower your security by removing PFS. Since current -NTRU suites available do not use ephemeral keys, WOLFSSL_STATIC_RSA needs to be -used in order to build with NTRU suites. - -When compiling ssl.c, wolfSSL will now issue a compiler error if no cipher suites -are available. You can remove this error by defining WOLFSSL_ALLOW_NO_SUITES -in the event that you desire that, i.e., you're not using TLS cipher suites. - -Note 2) -wolfSSL takes a different approach to certificate verification than OpenSSL -does. The default policy for the client is to verify the server, this means -that if you don't load CAs to verify the server you'll get a connect error, -no signer error to confirm failure (-188). -If you want to mimic OpenSSL behavior of having SSL_connect succeed even if -verifying the server fails and reducing security you can do this by calling: - -wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0); - -before calling wolfSSL_new(); Though it's not recommended. - -*** end Notes *** +If you have questions on any of this, then email us at info@wolfssl.com. +See INSTALL file for build instructions. +More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html -********* wolfSSL Release 3.14.0 (3/02/2018) +# wolfSSL Release 3.14.0 (03/02/2018) Release 3.14.0 of wolfSSL embedded TLS has bug fixes and new features including: -- TLS 1.3 draft 22 and 23 support added -- Additional unit tests for; SHA3, AES-CMAC, Ed25519, ECC, RSA-PSS, AES-GCM -- Many additions to the OpenSSL compatibility layer were made in this release. Some of these being enhancements to PKCS12, WOLFSSL_X509 use, WOLFSSL_EVP_PKEY, and WOLFSSL_BIO operations -- AVX1 and AVX2 performance improvements with ChaCha20 and Poly1305 -- Added i.MX CAAM driver support with Integrity OS support -- Improvements to logging with debugging, including exposing more API calls and adding options to reduce debugging code size -- Fix for signature type detection with PKCS7 RSA SignedData -- Public key call back functions added for DH Agree -- RSA-PSS API added for operating on non inline buffers (separate input and output buffers) -- API added for importing and exporting raw DSA parameters -- Updated DSA key generation to be FIPS 186-4 compliant -- Fix for wolfSSL_check_private_key when comparing ECC keys -- Support for AES Cipher Feedback(CFB) mode added -- Updated RSA key generation to be FIPS 186-4 compliant -- Update added for the ARM CMSIS software pack -- WOLFSSL_IGNORE_FILE_WARN macro added for avoiding build warnings when not working with autotools -- Performance improvements for AES-GCM with AVX1 and AVX2 -- Fix for possible memory leak on error case with wc_RsaKeyToDer function -- Make wc_PKCS7_PadData function available -- Updates made to building SGX on Linux -- STM32 hashing algorithm improvements including clock/power optimizations and auto detection of if SHA2 is supported -- Update static memory feature for FREERTOS use -- Reverse the order that certificates are compared during PKCS12 parse to account for case where multiple certificates have the same matching private key -- Update NGINX port to version 1.13.8 -- Support for HMAC-SHA3 added -- Added stricter ASN checks to enforce RFC 5280 rules. Thanks to the report from Professor Zhenhua Duan, Professor Cong Tian, and Ph.D candidate Chu Chen from Institute of Computing Theory and Technology (ICTT) of Xidian University. -- Option to have ecc_mul2add function public facing -- Getter function wc_PKCS7_GetAttributeValue added for PKCS7 attributes -- Macros NO_AES_128, NO_AES_192, NO_AES_256 added for AES key size selection at compile time -- Support for writing multiple organizations units (OU) and domain components (DC) with CSR and certificate creation -- Support for indefinite length BER encodings in PKCS7 -- Added API for additional validation of prime q in a public DH key -- Added support for RSA encrypt and decrypt without padding +* TLS 1.3 draft 22 and 23 support added +* Additional unit tests for; SHA3, AES-CMAC, Ed25519, ECC, RSA-PSS, AES-GCM +* Many additions to the OpenSSL compatibility layer were made in this release. Some of these being enhancements to PKCS12, WOLFSSL_X509 use, WOLFSSL_EVP_PKEY, and WOLFSSL_BIO operations +* AVX1 and AVX2 performance improvements with ChaCha20 and Poly1305 +* Added i.MX CAAM driver support with Integrity OS support +* Improvements to logging with debugging, including exposing more API calls and adding options to reduce debugging code size +* Fix for signature type detection with PKCS7 RSA SignedData +* Public key call back functions added for DH Agree +* RSA-PSS API added for operating on non inline buffers (separate input and output buffers) +* API added for importing and exporting raw DSA parameters +* Updated DSA key generation to be FIPS 186-4 compliant +* Fix for wolfSSL_check_private_key when comparing ECC keys +* Support for AES Cipher Feedback(CFB) mode added +* Updated RSA key generation to be FIPS 186-4 compliant +* Update added for the ARM CMSIS software pack +* WOLFSSL_IGNORE_FILE_WARN macro added for avoiding build warnings when not working with autotools +* Performance improvements for AES-GCM with AVX1 and AVX2 +* Fix for possible memory leak on error case with wc_RsaKeyToDer function +* Make wc_PKCS7_PadData function available +* Updates made to building SGX on Linux +* STM32 hashing algorithm improvements including clock/power optimizations and auto detection of if SHA2 is supported +* Update static memory feature for FREERTOS use +* Reverse the order that certificates are compared during PKCS12 parse to account for case where multiple certificates have the same matching private key +* Update NGINX port to version 1.13.8 +* Support for HMAC-SHA3 added +* Added stricter ASN checks to enforce RFC 5280 rules. Thanks to the report from Professor Zhenhua Duan, Professor Cong Tian, and Ph.D candidate Chu Chen from Institute of Computing Theory and Technology (ICTT) of Xidian University. +* Option to have ecc_mul2add function public facing +* Getter function wc_PKCS7_GetAttributeValue added for PKCS7 attributes +* Macros NO_AES_128, NO_AES_192, NO_AES_256 added for AES key size selection at compile time +* Support for writing multiple organizations units (OU) and domain components (DC) with CSR and certificate creation +* Support for indefinite length BER encodings in PKCS7 +* Added API for additional validation of prime q in a public DH key +* Added support for RSA encrypt and decrypt without padding See INSTALL file for build instructions. More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html -********* wolfSSL (Formerly CyaSSL) Release 3.13.0 (12/21/2017) +# wolfSSL (Formerly CyaSSL) Release 3.13.0 (12/21/2017) wolfSSL 3.13.0 includes bug fixes and new features, including support for TLS 1.3 Draft 21, performance and footprint optimizations, build fixes, updated examples and project files, and one vulnerability fix. The full list of changes and additions in this release include: -- Fixes for TLS 1.3, support for Draft 21 -- TLS 1.0 disabled by default, addition of “--enable-tlsv10” configure option -- New option to reduce SHA-256 code size at expense of performance +* Fixes for TLS 1.3, support for Draft 21 +* TLS 1.0 disabled by default, addition of “--enable-tlsv10” configure option +* New option to reduce SHA-256 code size at expense of performance (USE_SLOW_SHA256) -- New option for memory reduced build (--enable-lowresource) -- AES-GCM performance improvements on AVX1 (IvyBridge) and AVX2 -- SHA-256 and SHA-512 performance improvements using AVX1/2 ASM -- SHA-3 size and performance optimizations -- Fixes for Intel AVX2 builds on Mac/OSX -- Intel assembly for Curve25519, and Ed25519 performance optimizations -- New option to force 32-bit mode with “--enable-32bit” -- New option to disable all inline assembly with “--disable-asm” -- Ability to override maximum signature algorithms using WOLFSSL_MAX_SIGALGO -- Fixes for handling of unsupported TLS extensions. -- Fixes for compiling AES-GCM code with GCC 4.8.* -- Allow adjusting static I/O buffer size with WOLFMEM_IO_SZ -- Fixes for building without a filesystem -- Removes 3DES and SHA1 dependencies from PKCS#7 -- Adds ability to disable PKCS#7 EncryptedData type (NO_PKCS7_ENCRYPTED_DATA) -- Add ability to get client-side SNI -- Expanded OpenSSL compatibility layer -- Fix for logging file names with OpenSSL compatibility layer enabled, with +* New option for memory reduced build (--enable-lowresource) +* AES-GCM performance improvements on AVX1 (IvyBridge) and AVX2 +* SHA-256 and SHA-512 performance improvements using AVX1/2 ASM +* SHA-3 size and performance optimizations +* Fixes for Intel AVX2 builds on Mac/OSX +* Intel assembly for Curve25519, and Ed25519 performance optimizations +* New option to force 32-bit mode with “--enable-32bit” +* New option to disable all inline assembly with “--disable-asm” +* Ability to override maximum signature algorithms using WOLFSSL_MAX_SIGALGO +* Fixes for handling of unsupported TLS extensions. +* Fixes for compiling AES-GCM code with GCC 4.8.* +* Allow adjusting static I/O buffer size with WOLFMEM_IO_SZ +* Fixes for building without a filesystem +* Removes 3DES and SHA1 dependencies from PKCS#7 +* Adds ability to disable PKCS#7 EncryptedData type (NO_PKCS7_ENCRYPTED_DATA) +* Add ability to get client-side SNI +* Expanded OpenSSL compatibility layer +* Fix for logging file names with OpenSSL compatibility layer enabled, with WOLFSSL_MAX_ERROR_SZ user-overridable -- Adds static memory support to the wolfSSL example client -- Fixes for sniffer to use TLS 1.2 client method -- Adds option to wolfCrypt benchmark to benchmark individual algorithms -- Adds option to wolfCrypt benchmark to display benchmarks in powers +* Adds static memory support to the wolfSSL example client +* Fixes for sniffer to use TLS 1.2 client method +* Adds option to wolfCrypt benchmark to benchmark individual algorithms +* Adds option to wolfCrypt benchmark to display benchmarks in powers of 10 (-base10) -- Updated Visual Studio for ARM builds (for ECC supported curves and SHA-384) -- Updated Texas Instruments TI-RTOS build -- Updated STM32 CubeMX build with fixes for SHA -- Updated IAR EWARM project files -- Updated Apple Xcode projects with the addition of a benchmark example project +* Updated Visual Studio for ARM builds (for ECC supported curves and SHA-384) +* Updated Texas Instruments TI-RTOS build +* Updated STM32 CubeMX build with fixes for SHA +* Updated IAR EWARM project files +* Updated Apple Xcode projects with the addition of a benchmark example project This release of wolfSSL fixes 1 security vulnerability. @@ -170,68 +189,68 @@ who have explicitly enabled static RSA cipher suites with WOLFSSL_STATIC_RSA and use those suites on a host are affected. More information will be available on our website at: - https://wolfssl.com/wolfSSL/security/vulnerabilities.php +https://wolfssl.com/wolfSSL/security/vulnerabilities.php See INSTALL file for build instructions. More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html -********* wolfSSL (Formerly CyaSSL) Release 3.12.2 (10/23/2017) +# wolfSSL (Formerly CyaSSL) Release 3.12.2 (10/23/2017) -Release 3.12.2 of wolfSSL has bug fixes and new features including: +## Release 3.12.2 of wolfSSL has bug fixes and new features including: This release includes many performance improvements with Intel ASM (AVX/AVX2) and AES-NI. New single precision math option to speedup RSA, DH and ECC. Embedded hardware support has been expanded for STM32, PIC32MZ and ATECC508A. AES now supports XTS mode for disk encryption. Certificate improvements for setting serial number, key usage and extended key usage. Refactor of SSL_ and hash types to allow openssl coexistence. Improvements for TLS 1.3. Fixes for OCSP stapling to allow disable and WOLFSSL specific user context for callbacks. Fixes for openssl and MySQL compatibility. Updated Micrium port. Fixes for asynchronous modes. -- Added TLS extension for Supported Point Formats (ec_point_formats) -- Fix to not send OCSP stapling extensions in client_hello when not enabled -- Added new API's for disabling OCSP stapling -- Add check for SIZEOF_LONG with sun and LP64 -- Fixes for various TLS 1.3 disable options (RSA, ECC and ED/Curve 25519). -- Fix to disallow upgrading to TLS v1.3 -- Fixes for wolfSSL_EVP_CipherFinal() when message size is a round multiple of a block size. -- Add HMAC benchmark and expanded AES key size benchmarks -- Added simple GCC ARM Makefile example -- Add tests for 3072-bit RSA and DH. -- Fixed DRAFT_18 define and fixed downgrading with TLS v1.3 -- Fixes to allow custom serial number during certificate generation -- Add method to get WOLFSSL_CTX certificate manager -- Improvement to `wolfSSL_SetOCSP_Cb` to allow context per WOLFSSL object -- Alternate certificate chain support `WOLFSSL_ALT_CERT_CHAINS`. Enables checking cert against multiple CA's. -- Added new `--disable-oldnames` option to allow for using openssl along-side wolfssl headers (without OPENSSL_EXTRA). -- Refactor SSL_ and hashing types to use wolf specific prefix (WOLFSSL and WC_) to allow openssl coexistence. -- Fixes for HAVE_INTEL_MULX -- Cleanup include paths for MySQL cmake build -- Added configure option for building library for wolfSSH (--enable-wolfssh) -- Openssl compatibility layer improvements -- Expanded API unit tests -- Fixes for STM32 crypto hardware acceleration -- Added AES XTS mode (--enable-xts) -- Added ASN Extended Key Usage Support (see wc_SetExtKeyUsage). -- Math updates and added TFM_MIPS speedup. -- Fix for creation of the KeyUsage BitString -- Fix for 8k keys with MySQL compatibility -- Fixes for ATECC508A. -- Fixes for PIC32MZ hashing. -- Fixes and improvements to asynchronous modes for Intel QuickAssist and Cavium Nitrox V. -- Update HASH_DRBG Reseed mechanism and add test case -- Rename the file io.h/io.c to wolfio.h/wolfio.c -- Cleanup the wolfIO_Send function. -- OpenSSL Compatibility Additions and Fixes -- Improvements to Visual Studio DLL project/solution. -- Added function to generate public ECC key from private key -- Added async blocking support for sniffer tool. -- Added wolfCrypt hash tests for empty string and large data. -- Added ability to use of wolf implementation of `strtok` using `USE_WOLF_STRTOK`. -- Updated Micrium uC/OS-III Port -- Updated root certs for OCSP scripts -- New Single Precision math option for RSA, DH and ECC (off by default). See `--enable-sp`. -- Speedups for AES GCM with AESNI (--enable-aesni) -- Speedups for SHA2, ChaCha20/Poly1035 using AVX/AVX2 +* Added TLS extension for Supported Point Formats (ec_point_formats) +* Fix to not send OCSP stapling extensions in client_hello when not enabled +* Added new API's for disabling OCSP stapling +* Add check for SIZEOF_LONG with sun and LP64 +* Fixes for various TLS 1.3 disable options (RSA, ECC and ED/Curve 25519). +* Fix to disallow upgrading to TLS v1.3 +* Fixes for wolfSSL_EVP_CipherFinal() when message size is a round multiple of a block size. +* Add HMAC benchmark and expanded AES key size benchmarks +* Added simple GCC ARM Makefile example +* Add tests for 3072-bit RSA and DH. +* Fixed DRAFT_18 define and fixed downgrading with TLS v1.3 +* Fixes to allow custom serial number during certificate generation +* Add method to get WOLFSSL_CTX certificate manager +* Improvement to `wolfSSL_SetOCSP_Cb` to allow context per WOLFSSL object +* Alternate certificate chain support `WOLFSSL_ALT_CERT_CHAINS`. Enables checking cert against multiple CA's. +* Added new `--disable-oldnames` option to allow for using openssl along-side wolfssl headers (without OPENSSL_EXTRA). +* Refactor SSL_ and hashing types to use wolf specific prefix (WOLFSSL and WC_) to allow openssl coexistence. +* Fixes for HAVE_INTEL_MULX +* Cleanup include paths for MySQL cmake build +* Added configure option for building library for wolfSSH (--enable-wolfssh) +* Openssl compatibility layer improvements +* Expanded API unit tests +* Fixes for STM32 crypto hardware acceleration +* Added AES XTS mode (--enable-xts) +* Added ASN Extended Key Usage Support (see wc_SetExtKeyUsage). +* Math updates and added TFM_MIPS speedup. +* Fix for creation of the KeyUsage BitString +* Fix for 8k keys with MySQL compatibility +* Fixes for ATECC508A. +* Fixes for PIC32MZ hashing. +* Fixes and improvements to asynchronous modes for Intel QuickAssist and Cavium Nitrox V. +* Update HASH_DRBG Reseed mechanism and add test case +* Rename the file io.h/io.c to wolfio.h/wolfio.c +* Cleanup the wolfIO_Send function. +* OpenSSL Compatibility Additions and Fixes +* Improvements to Visual Studio DLL project/solution. +* Added function to generate public ECC key from private key +* Added async blocking support for sniffer tool. +* Added wolfCrypt hash tests for empty string and large data. +* Added ability to use of wolf implementation of `strtok` using `USE_WOLF_STRTOK`. +* Updated Micrium uC/OS-III Port +* Updated root certs for OCSP scripts +* New Single Precision math option for RSA, DH and ECC (off by default). See `--enable-sp`. +* Speedups for AES GCM with AESNI (--enable-aesni) +* Speedups for SHA2, ChaCha20/Poly1035 using AVX/AVX2 -********* wolfSSL (Formerly CyaSSL) Release 3.12.0 (8/04/2017) +# wolfSSL (Formerly CyaSSL) Release 3.12.0 (8/04/2017) -Release 3.12.0 of wolfSSL has bug fixes and new features including: +## Release 3.12.0 of wolfSSL has bug fixes and new features including: - TLS 1.3 with Nginx! TLS 1.3 with ARMv8! TLS 1.3 with Async Crypto! (--enable-tls13) - TLS 1.3 0RTT feature added @@ -286,9 +305,9 @@ See INSTALL file for build instructions. More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html -********* wolfSSL (Formerly CyaSSL) Release 3.11.1 (5/11/2017) +# wolfSSL (Formerly CyaSSL) Release 3.11.1 (5/11/2017) -Release 3.11.1 of wolfSSL is a TLS 1.3 BETA release, which includes: +## Release 3.11.1 of wolfSSL is a TLS 1.3 BETA release, which includes: - TLS 1.3 client and server support for TLS 1.3 with Draft 18 support @@ -300,9 +319,9 @@ See INSTALL file for build instructions. More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html -********* wolfSSL (Formerly CyaSSL) Release 3.11.0 (5/04/2017) +# wolfSSL (Formerly CyaSSL) Release 3.11.0 (5/04/2017) -Release 3.11.0 of wolfSSL has bug fixes and new features including: +## Release 3.11.0 of wolfSSL has bug fixes and new features including: - Code updates for warnings reported by Coverity scans - Testing and warning fixes for FreeBSD on PowerPC @@ -316,7 +335,7 @@ Release 3.11.0 of wolfSSL has bug fixes and new features including: - Added support for HAproxy load balancer - Added option to allow SHA1 with TLS 1.2 for IIS compatibility (WOLFSSL_ALLOW_TLS_SHA1) - Added Curve25519 51-bit Implementation, increasing performance on systems that have 128 bit types -- Fix to not send session ID on server side if session cache is off unless we're echoing +- Fix to not send session ID on server side if session cache is off unless we're echoing session ID as part of session tickets - Fixes for ensuring all default ciphers are setup correctly (see PR #830) - Added NXP Hexiwear example in `IDE/HEXIWEAR`. @@ -324,7 +343,7 @@ session ID as part of session tickets - Fixes for TLS elliptic curve selection on private key import. - Fixes for RNG with Intel rdrand and rdseed speedups. - Improved performance with Intel rdrand to use full 64-bit output -- Added new --enable-intelrand option to indicate use of RDRAND preference for RNG source +- Added new --enable-intelrand option to indicate use of RDRAND preference for RNG source - Removed RNG ARC4 support - Added ECC helpers to get size and id from curve name. - Added ECC Cofactor DH (ECC-CDH) support @@ -346,7 +365,6 @@ session ID as part of session tickets - Added a sanity check for minimum authentication tag size with AES-GCM. Thanks to Yueh-Hsun Lin and Peng Li at KNOX Security at Samsung Research America for suggesting this. - Added a sanity check that subject key identifier is marked as non-critical and a check that no policy OIDS appear more than once in the cert policies extension. Thanks to the report from Professor Zhenhua Duan, Professor Cong Tian, and Ph.D candidate Chu Chen from Institute of Computing Theory and Technology (ICTT) of Xidian University, China. Profs. Zhenhua Duan and Cong Tian are supervisors of Ph.D candidate Chu Chen. - This release of wolfSSL fixes 5 low and 1 medium level security vulnerability. 3 Low level fixes reported by Yueh-Hsun Lin and Peng Li from KNOX Security, Samsung Research America. @@ -356,6 +374,7 @@ This release of wolfSSL fixes 5 low and 1 medium level security vulnerability. Low level fix for memory management with static memory feature enabled. By default static memory is disabled. Thanks to GitHub user hajjihraf for reporting this. + Low level fix for out of bounds write in the function wolfSSL_X509_NAME_get_text_by_NID. This function is not used by TLS or crypto operations but could result in a buffer out of bounds write by one if called explicitly in an application. Discovered by Aleksandar Nikolic of Cisco Talos. http://talosintelligence.com/vulnerability-reports/ Medium level fix for check on certificate signature. There is a case in release versions 3.9.10, 3.10.0 and 3.10.2 where a corrupted signature on a peer certificate would not be properly flagged. Thanks to Wens Lo, James Tsai, Kenny Chang, and Oscar Yang at Castles Technology. @@ -365,9 +384,9 @@ See INSTALL file for build instructions. More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html -********* wolfSSL (Formerly CyaSSL) Release 3.10.2 (2/10/2017) +# wolfSSL (Formerly CyaSSL) Release 3.10.2 (2/10/2017) -Release 3.10.2 of wolfSSL has bug fixes and new features including: +## Release 3.10.2 of wolfSSL has bug fixes and new features including: - Poly1305 Windows macros fix. Thanks to GitHub user Jay Satiro - Compatibility layer expanded with multiple functions added @@ -399,9 +418,10 @@ Low level fix for potential cache attack on RSA operations. If using wolfSSL RSA See INSTALL file for build instructions. More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html -********* wolfSSL (Formerly CyaSSL) Release 3.10.0 (12/21/2016) -Release 3.10.0 of wolfSSL has bug fixes and new features including: +# wolfSSL (Formerly CyaSSL) Release 3.10.0 (12/21/2016) + +## Release 3.10.0 of wolfSSL has bug fixes and new features including: - Added support for SHA224 - Added scrypt feature @@ -436,9 +456,10 @@ https://wolfssl.com/wolfSSL/security/vulnerabilities.php See INSTALL file for build instructions. More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html -********* wolfSSL (Formerly CyaSSL) Release 3.9.10 (9/23/2016) -Release 3.9.10 of wolfSSL has bug fixes and new features including: +# wolfSSL (Formerly CyaSSL) Release 3.9.10 (9/23/2016) + +## Release 3.9.10 of wolfSSL has bug fixes and new features including: - Default configure option changes: 1. DES3 disabled by default @@ -470,14 +491,15 @@ need to update if they utilize AES, RSA private keys, or ECC private keys. Thanks to Gorka Irazoqui Apecechea and Xiaofei Guo from Intel Corporation for the report. More information will be available on our site: - https://wolfssl.com/wolfSSL/security/vulnerabilities.php +https://wolfssl.com/wolfSSL/security/vulnerabilities.php See INSTALL file for build instructions. -More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html +More info can be found on-line at https://wolfssl.com/wolfSSL/Docs.html -********* wolfSSL (Formerly CyaSSL) Release 3.9.8 (7/29/2016) -Release 3.9.8 of wolfSSL has bug fixes and new features including: +# wolfSSL (Formerly CyaSSL) Release 3.9.8 (7/29/2016) + +##Release 3.9.8 of wolfSSL has bug fixes and new features including: - Add support for custom ECC curves. - Add cipher suite ECDHE-ECDSA-AES128-CCM. @@ -519,9 +541,9 @@ Release 3.9.8 of wolfSSL has bug fixes and new features including: See INSTALL file for build instructions. More info can be found on-line at //http://wolfssl.com/wolfSSL/Docs.html - ********* wolfSSL (Formerly CyaSSL) Release 3.9.6 (6/14/2016) +# wolfSSL (Formerly CyaSSL) Release 3.9.6 (6/14/2016) -Release 3.9.6 of wolfSSL has bug fixes and new features including: +##Release 3.9.6 of wolfSSL has bug fixes and new features including: - Add staticmemory feature - Add public wc_GetTime API with base64encode feature @@ -556,14 +578,13 @@ Release 3.9.6 of wolfSSL has bug fixes and new features including: recommend updating to the latest - (1) Code changes for ECC fix can be found at pull requests #411, #416, and #428 - (2) Builds using RSA with using normal math and not RSA_LOW_MEM should update -- Tag 3.9.6w is for a Windows example echoserver fix See INSTALL file for build instructions. More info can be found on-line at //http://wolfssl.com/wolfSSL/Docs.html - ********* wolfSSL (Formerly CyaSSL) Release 3.9.0 (3/18/2016) +# wolfSSL (Formerly CyaSSL) Release 3.9.0 (03/18/2016) -Release 3.9.0 of wolfSSL has bug fixes and new features including: +##Release 3.9.0 of wolfSSL has bug fixes and new features including: - Add new leantls configuration - Add RSA OAEP padding at wolfCrypt level @@ -596,9 +617,9 @@ sized hash fix See INSTALL file for build instructions. More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html - ********* wolfSSL (Formerly CyaSSL) Release 3.8.0 (12/30/2015) +# wolfSSL (Formerly CyaSSL) Release 3.8.0 (12/30/2015) -Release 3.8.0 of wolfSSL has bug fixes and new features including: +##Release 3.8.0 of wolfSSL has bug fixes and new features including: - Example client/server with VxWorks - AESNI use with AES-GCM @@ -619,9 +640,9 @@ recommend updating to the latest See INSTALL file for build instructions. More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html - ********* wolfSSL (Formerly CyaSSL) Release 3.7.0 (10/26/2015) +# wolfSSL (Formerly CyaSSL) Release 3.7.0 (10/26/2015) -Release 3.7.0 of wolfSSL has bug fixes and new features including: +##Release 3.7.0 of wolfSSL has bug fixes and new features including: - ALPN extension support added for HTTP2 connections with --enable-alpn - Change of example/client/client max fragment flag -L -> -F @@ -650,33 +671,33 @@ recommend updating to the latest See INSTALL file for build instructions. More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html - ********* wolfSSL (Formerly CyaSSL) Release 3.6.8 (09/17/2015) +#wolfSSL (Formerly CyaSSL) Release 3.6.8 (09/17/2015) -Release 3.6.8 of wolfSSL fixes two high severity vulnerabilities. It also -includes bug fixes and new features including: +##Release 3.6.8 of wolfSSL fixes two high severity vulnerabilities. +##It also includes bug fixes and new features including: - Two High level security fixes, all users SHOULD update. a) If using wolfSSL for DTLS on the server side of a publicly accessible machine you MUST update. b) If using wolfSSL for TLS on the server side with private RSA keys allowing - ephemeral key exchange without low memory optimizations you MUST update and + ephemeral key exchange without low memory optimziations you MUST update and regenerate the private RSA keys. Please see https://www.wolfssl.com/wolfSSL/Blog/Blog.html for more details - No filesystem build fixes for various configurations - Certificate generation now supports several extensions including KeyUsage, - SKID, AKID, and Certificate Policies + SKID, AKID, and Ceritifcate Policies - CRLs can be loaded from buffers as well as files now -- SHA-512 Certificate Signing generation +- SHA-512 Ceritifcate Signing generation - Fixes for sniffer reassembly processing See INSTALL file for build instructions. More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html - ********* wolfSSL (Formerly CyaSSL) Release 3.6.6 (08/20/2015) +#wolfSSL (Formerly CyaSSL) Release 3.6.6 (08/20/2015) -Release 3.6.6 of wolfSSL has bug fixes and new features including: +##Release 3.6.6 of wolfSSL has bug fixes and new features including: - OpenSSH compatibility with --enable-openssh - stunnel compatibility with --enable-stunnel @@ -692,22 +713,23 @@ Release 3.6.6 of wolfSSL has bug fixes and new features including: size is smaller than the total message size, no user action required. - DTLS duplicate message fixes - Visual Studio project files now support DLL and static builds for 32/64bit. -- Support for new Freescale I/O +- Support for new Freesacle I/O - FreeRTOS FIPS support - No high level security fixes that requires an update though we always recommend updating to the latest See INSTALL file for build instructions. -More information can be found on-line at //http://wolfssl.com/yaSSL/Docs.html +More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html - **************** wolfSSL (Formerly CyaSSL) Release 3.6.0 (06/19/2015) -Release 3.6.0 of wolfSSL has bug fixes and new features including: +#wolfSSL (Formerly CyaSSL) Release 3.6.0 (06/19/2015) + +##Release 3.6.0 of wolfSSL has bug fixes and new features including: - Max Strength build that only allows TLSv1.2, AEAD ciphers, and PFS (Perfect Forward Secrecy). With --enable-maxstrength -- Server side session ticket support, the example server and echoserver use the +- Server side session ticket support, the example server and echosever use the example callback myTicketEncCb(), see wolfSSL_CTX_set_TicketEncCb() - FIPS version submitted for iOS. - TI Crypto Hardware Acceleration @@ -723,8 +745,8 @@ Release 3.6.0 of wolfSSL has bug fixes and new features including: - ECC make key crash fix on RNG failure, ECC users must update. - Improvements to usage of time code. - Improvements to VS solution files. -- GNU Binutils 2.24 (and late 2.23) ld has problems with some debug builds, - to fix an ld error add C_EXTRA_FLAGS="-fdebug-types-section -g1". +- GNU Binutils 2.24 ld has problems with some debug builds, to fix an ld error + add -fdebug-types-section to C_EXTRA_FLAGS - No high level security fixes that requires an update though we always recommend updating to the latest (except note 14, ecc RNG failure) @@ -733,9 +755,22 @@ See INSTALL file for build instructions. More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html - *****************wolfSSL (Formerly CyaSSL) Release 3.4.6 (03/30/2015) +#wolfSSL (Formerly CyaSSL) Release 3.4.8 (04/06/2015) -Release 3.4.6 of wolfSSL has bug fixes and new features including: +##Release 3.4.8 of wolfSSL has bug fixes and new features including: + +- FIPS version submitted for iOS. +- Max Strength build that only allows TLSv1.2, AEAD ciphers, and PFS. +- Improvements to usage of time code. +- Improvements to VS solution files. + +See INSTALL file for build instructions. +More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html + + +#wolfSSL (Formerly CyaSSL) Release 3.4.6 (03/30/2015) + +##Release 3.4.6 of wolfSSL has bug fixes and new features including: - Intel Assembly Speedups using instructions rdrand, rdseed, aesni, avx1/2, rorx, mulx, adox, adcx . They can be enabled with --enable-intelasm. @@ -771,9 +806,9 @@ See INSTALL file for build instructions. More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html - *****************wolfSSL (Formerly CyaSSL) Release 3.4.0 (02/23/2015) +#wolfSSL (Formerly CyaSSL) Release 3.4.0 (02/23/2015) -Release 3.4.0 wolfSSL has bug fixes and new features including: +## Release 3.4.0 wolfSSL has bug fixes and new features including: - wolfSSL API and wolfCrypt API, you can still include the cyassl and ctaocrypt headers which will enable the compatibility APIs for the foreseeable future @@ -797,14 +832,14 @@ Release 3.4.0 wolfSSL has bug fixes and new features including: recommend updating to the latest - ***********CyaSSL Release 3.3.0 (12/05/2014) +# CyaSSL Release 3.3.0 (12/05/2014) - Countermeasuers for Handshake message duplicates, CHANGE CIPHER without FINISHED, and fast forward attempts. Thanks to Karthikeyan Bhargavan from the Prosecco team at INRIA Paris-Rocquencourt for the report. - FIPS version submitted - Removes SSLv2 Client Hello processing, can be enabled with OLD_HELLO_ALLOWED -- User can set minimum downgrade version with CyaSSL_SetMinVersion() +- User can set mimimum downgrade version with CyaSSL_SetMinVersion() - Small stack improvements at TLS/SSL layer - TLS Master Secret generation and Key Expansion are now exposed - Adds client side Secure Renegotiation, * not recommended * @@ -824,9 +859,9 @@ http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions and comments about the new features please check the manual. -***********CyaSSL Release 3.2.0 (09/10/2014) +# CyaSSL Release 3.2.0 (09/10/2014) -Release 3.2.0 CyaSSL has bug fixes and new features including: +#### Release 3.2.0 CyaSSL has bug fixes and new features including: - ChaCha20 and Poly1305 crypto and suites - Small stack improvements for OCSP, CRL, TLS, DTLS @@ -849,9 +884,9 @@ http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions and comments about the new features please check the manual. -************ CyaSSL Release 3.1.0 (07/14/2014) +# CyaSSL Release 3.1.0 (07/14/2014) -Release 3.1.0 CyaSSL has bug fixes and new features including: +#### Release 3.1.0 CyaSSL has bug fixes and new features including: - Fix for older versions of icc without 128-bit type - Intel ASM syntax for AES-NI @@ -867,13 +902,13 @@ Release 3.1.0 CyaSSL has bug fixes and new features including: - Updated example certificates The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions and comments about the new features please check the manual. -************ CyaSSL Release 3.0.2 (05/30/2014) +# CyaSSL Release 3.0.2 (05/30/2014) -Release 3.0.2 CyaSSL has bug fixes and new features including: +#### Release 3.0.2 CyaSSL has bug fixes and new features including: - Added the following cipher suites: * TLS_PSK_WITH_AES_128_GCM_SHA256 @@ -893,13 +928,13 @@ Release 3.0.2 CyaSSL has bug fixes and new features including: - Updated the Hash DRBG and provided a configure option to enable. The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions and comments about the new features please check the manual. -************ CyaSSL Release 3.0.0 (04/29/2014) +# CyaSSL Release 3.0.0 (04/29/2014) -Release 3.0.0 CyaSSL has bug fixes and new features including: +#### Release 3.0.0 CyaSSL has bug fixes and new features including: - FIPS release candidate - X.509 improvements that address items reported by Suman Jana with security @@ -909,13 +944,13 @@ Release 3.0.0 CyaSSL has bug fixes and new features including: - Updated AES-CCM-8 cipher suites to use approved suite numbers. The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions and comments about the new features please check the manual. -************ CyaSSL Release 2.9.4 (04/09/2014) +# CyaSSL Release 2.9.4 (04/09/2014) -Release 2.9.4 CyaSSL has bug fixes and new features including: +#### Release 2.9.4 CyaSSL has bug fixes and new features including: - Security fixes that address items reported by Ivan Fratric of the Google Security Team @@ -931,13 +966,13 @@ Release 2.9.4 CyaSSL has bug fixes and new features including: handling and reduce memory fragmentation on I/O large sizes The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions and comments about the new features please check the manual. -************ CyaSSL Release 2.9.0 (02/07/2014) +# CyaSSL Release 2.9.0 (02/07/2014) -Release 2.9.0 CyaSSL has bug fixes and new features including: +#### Release 2.9.0 CyaSSL has bug fixes and new features including: - Freescale Kinetis RNGB support - Freescale Kinetis mmCAU support - TLS Hello extensions @@ -973,9 +1008,9 @@ User Guide": http://cache.freescale.com/files/32bit/doc/user_guide/CAUAPIUG.pdf -*****************CyaSSL Release 2.8.0 (8/30/2013) +# CyaSSL Release 2.8.0 (8/30/2013) -Release 2.8.0 CyaSSL has bug fixes and new features including: +#### Release 2.8.0 CyaSSL has bug fixes and new features including: - AES-GCM and AES-CCM use AES-NI - NetX default IO callback handlers - IPv6 fixes for DTLS Hello Cookies @@ -989,13 +1024,13 @@ Release 2.8.0 CyaSSL has bug fixes and new features including: The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions and comments about the new features please check the manual. -*****************CyaSSL Release 2.7.0 (6/17/2013) +# CyaSSL Release 2.7.0 (6/17/2013) -Release 2.7.0 CyaSSL has bug fixes and new features including: +#### Release 2.7.0 CyaSSL has bug fixes and new features including: - SNI support for client and server - KEIL MDK-ARM projects - Wildcard check to domain name match, and Subject altnames are checked too @@ -1015,21 +1050,23 @@ Release 2.7.0 CyaSSL has bug fixes and new features including: When compiling with Mingw, libtool may give the following warning due to path conversion errors: - + +``` libtool: link: Could not determine host file name corresponding to ** libtool: link: Continuing, but uninstalled executables may not work. +``` If so, examples and testsuite will have problems when run, showing an error while loading shared libraries. To resolve, please run "make install". The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions and comments about the new features please check the manual. -************** CyaSSL Release 2.6.0 (04/15/2013) +# CyaSSL Release 2.6.0 (04/15/2013) -Release 2.6.0 CyaSSL has bug fixes and new features including: +#### Release 2.6.0 CyaSSL has bug fixes and new features including: - DTLS 1.2 support including AEAD ciphers - SHA-3 finalist Blake2 support, it's fast and uses little resources - SHA-384 cipher suites including ECC ones @@ -1059,7 +1096,7 @@ Release 2.6.0 CyaSSL has bug fixes and new features including: 3) C_EXTRA_FLAGS=-DTFM_NO_ASM , turn off assembly use 4) use clang, it just seems to work 5) play around with no PIC options to force all registers being open, - e.g, --without-pic + e.g., --without-pic 6) if static lib is still a problem try removing fPIE - Many new ./configure switches for option enable/disable for example * rsa @@ -1078,14 +1115,14 @@ Release 2.6.0 CyaSSL has bug fixes and new features including: automake to 1.11 and autoconf to 2.63 The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions and comments about the new features please check the manual. -************** CyaSSL Release 2.5.0 (02/04/2013) +# CyaSSL Release 2.5.0 (02/04/2013) -Release 2.5.0 CyaSSL has bug fixes and new features including: +#### Release 2.5.0 CyaSSL has bug fixes and new features including: - Fix for TLS CBC padding timing attack identified by Nadhem Alfardan and Kenny Paterson: http://www.isg.rhul.ac.uk/tls/ - Microchip PIC32 (MIPS16, MIPS32) support @@ -1126,14 +1163,14 @@ STM32F2 Standard Peripheral Library can be found in the following document: http://www.st.com/internet/com/TECHNICAL_RESOURCES/TECHNICAL_LITERATURE/USER_MANUAL/DM00023896.pdf The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions and comments about the new features please check the manual. -*************** CyaSSL Release 2.4.6 (12/20/2012) +# CyaSSL Release 2.4.6 (12/20/2012) -Release 2.4.6 CyaSSL has bug fixes and a few new features including: +#### Release 2.4.6 CyaSSL has bug fixes and a few new features including: - ECC into main version - Lean PSK build (reduced code size, RAM usage, and stack usage) - FreeBSD CRL monitor support @@ -1154,26 +1191,26 @@ K70 Sub-Family Reference Manual: http://cache.freescale.com/files/microcontrollers/doc/ref_manual/K70P256M150SF3RM.pdf The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions and comments about the new features please check the manual. -*************** CyaSSL Release 2.4.0 (10/10/2012) +# CyaSSL Release 2.4.0 (10/10/2012) -Release 2.4.0 CyaSSL has bug fixes and a few new features including: +#### Release 2.4.0 CyaSSL has bug fixes and a few new features including: - DTLS reliability - Reduced memory usage after handshake - Updated build process The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions and comments about the new features please check the manual. -*************** CyaSSL Release 2.3.0 (8/10/2012) +# CyaSSL Release 2.3.0 (8/10/2012) -Release 2.3.0 CyaSSL has bug fixes and a few new features including: +#### Release 2.3.0 CyaSSL has bug fixes and a few new features including: - AES-GCM crypto and cipher suites - make test cipher suite checks - Subject AltName processing @@ -1185,14 +1222,14 @@ Release 2.3.0 CyaSSL has bug fixes and a few new features including: - DTLS Cookie support, reliability coming soon The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions and comments about the new features please check the manual. -***************CyaSSL Release 2.2.0 (5/18/2012) +# CyaSSL Release 2.2.0 (5/18/2012) -Release 2.2.0 CyaSSL has bug fixes and a few new features including: +#### Release 2.2.0 CyaSSL has bug fixes and a few new features including: - Initial CRL support (--enable-crl) - Initial OCSP support (--enable-ocsp) - Add static ECDH suites @@ -1204,14 +1241,14 @@ Release 2.2.0 CyaSSL has bug fixes and a few new features including: The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions and comments about the new features please check the manual. -***************CyaSSL Release 2.0.8 (2/24/2012) +# CyaSSL Release 2.0.8 (2/24/2012) -Release 2.0.8 CyaSSL has bug fixes and a few new features including: +#### Release 2.0.8 CyaSSL has bug fixes and a few new features including: - A fix for malicious certificates pointed out by Remi Gacogne (thanks) resulting in NULL pointer use. - Respond to renegotiation attempt with no_renegoatation alert @@ -1221,14 +1258,14 @@ Release 2.0.8 CyaSSL has bug fixes and a few new features including: The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions and comments about the new features please check the manual. -************* CyaSSL Release 2.0.6 (1/27/2012) +# CyaSSL Release 2.0.6 (1/27/2012) -Release 2.0.6 CyaSSL has bug fixes and a few new features including: +#### Release 2.0.6 CyaSSL has bug fixes and a few new features including: - Fixes for CA basis constraint check - CTX reference counting - Initial unit test additions @@ -1240,14 +1277,14 @@ Release 2.0.6 CyaSSL has bug fixes and a few new features including: - Export Base64_Encode for general use The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions and comments about the new features please check the manual. -************* CyaSSL Release 2.0.2 (12/05/2011) +# CyaSSL Release 2.0.2 (12/05/2011) -Release 2.0.2 CyaSSL has bug fixes and a few new features including: +#### Release 2.0.2 CyaSSL has bug fixes and a few new features including: - CTaoCrypt Runtime library detection settings when directly using the crypto library - Default certificate generation now uses SHAwRSA and adds SHA256wRSA generation @@ -1257,14 +1294,14 @@ Release 2.0.2 CyaSSL has bug fixes and a few new features including: - Microchip pic32 support The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions and comments about the new features please check the manual. -************* CyaSSL Release 2.0.0rc3 (9/28/2011) +# CyaSSL Release 2.0.0rc3 (9/28/2011) -Release 2.0.0rc3 for CyaSSL has bug fixes and a few new features including: +#### Release 2.0.0rc3 for CyaSSL has bug fixes and a few new features including: - updated autoconf support - better make install and uninstall (uses system directories) - make test / make check @@ -1281,12 +1318,12 @@ changes are required. Special Thanks to Brian Aker for his autoconf, install, and header patches. The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions and comments about the new features please check the manual. -************CyaSSL Release 2.0.0rc2 (6/6/2011) +# CyaSSL Release 2.0.0rc2 (6/6/2011) -Release 2.0.0rc2 for CyaSSL has bug fixes and a few new features including: +#### Release 2.0.0rc2 for CyaSSL has bug fixes and a few new features including: - bug fixes (Alerts, DTLS with DHE) - FreeRTOS support - lwIP support @@ -1297,15 +1334,15 @@ Release 2.0.0rc2 for CyaSSL has bug fixes and a few new features including: - and more. This is the 2nd and perhaps final release candidate for version 2. -Please send any comments or questions to support@wolfssl.com. +Please send any comments or questions to support@yassl.com. The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions and comments about the new features please check the manual. -***********CyaSSL Release 2.0.0rc1 (5/2/2011) +# CyaSSL Release 2.0.0rc1 (5/2/2011) -Release 2.0.0rc1 for CyaSSL has many new features including: +#### Release 2.0.0rc1 for CyaSSL has many new features including: - bug fixes - SHA-256 cipher suites - Root Certificate Verification (instead of needing all certs in the chain) @@ -1330,13 +1367,13 @@ Release 2.0.0rc1 for CyaSSL has many new features including: Because of all the new features and the multiple OS, compiler, feature-set options that CyaSSL allows, there may be some configuration fixes needed. -Please send any comments or questions to support@wolfssl.com. +Please send any comments or questions to support@yassl.com. The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions and comments about the new features please check the manual. -****************** CyaSSL Release 1.9.0 (3/2/2011) +# CyaSSL Release 1.9.0 (3/2/2011) Release 1.9.0 for CyaSSL adds bug fixes, improved TLSv1.2 through testing and better hash/sig algo ids, --enable-webServer for the yaSSL embedded web server, @@ -1346,9 +1383,9 @@ more. The CyaSSL manual offering is included in the doc/ directory. For build instructions and comments about the new features please check the manual. -Please send any comments or questions to support@wolfssl.com. +Please send any comments or questions to support@yassl.com. -****************** CyaSSL Release 1.8.0 (12/23/2010) +# CyaSSL Release 1.8.0 (12/23/2010) Release 1.8.0 for CyaSSL adds bug fixes, x509 v3 CA signed certificate generation, a C standard library abstraction layer, lower memory use, increased @@ -1358,12 +1395,12 @@ suites when used in conjunction with an NTRU license and library. The initial CyaSSL manual offering is included in the doc/ directory. For build instructions and comments about the new features please check the manual. -Please send any comments or questions to support@wolfssl.com. +Please send any comments or questions to support@yassl.com. Happy Holidays. -********************* CyaSSL Release 1.6.5 (9/9/2010) +# CyaSSL Release 1.6.5 (9/9/2010) Release 1.6.5 for CyaSSL adds bug fixes and x509 v3 self signed certificate generation. @@ -1376,7 +1413,7 @@ To enable certificate generation support add this option to ./configure An example is included in ctaocrypt/test/test.c and documentation is provided in doc/CyaSSL_Extensions_Reference.pdf item 11. -********************** CyaSSL Release 1.6.0 (8/27/2010) +# CyaSSL Release 1.6.0 (8/27/2010) Release 1.6.0 for CyaSSL adds bug fixes, RIPEMD-160, SHA-512, and RSA key generation. @@ -1399,7 +1436,7 @@ off by default. To turn key generation on add the define CYASSL_KEY_GEN to CyaSSL. -************* CyaSSL Release 1.5.6 (7/28/2010) +# CyaSSL Release 1.5.6 (7/28/2010) Release 1.5.6 for CyaSSL adds bug fixes, compatibility for our JSSE provider, and a fix for GCC builds on some systems. @@ -1411,7 +1448,7 @@ To add AES-NI support add this option to ./configure You'll need GCC 4.4.3 or later to make use of the assembly. -************** CyaSSL Release 1.5.4 (7/7/2010) +# CyaSSL Release 1.5.4 (7/7/2010) Release 1.5.4 for CyaSSL adds bug fixes, support for AES-NI, SHA1 speed improvements from loop unrolling, and support for the Mongoose Web Server. @@ -1423,7 +1460,7 @@ To add AES-NI support add this option to ./configure You'll need GCC 4.4.3 or later to make use of the assembly. -*************** CyaSSL Release 1.5.0 (5/11/2010) +# CyaSSL Release 1.5.0 (5/11/2010) Release 1.5.0 for CyaSSL adds bug fixes, GoAhead WebServer support, sniffer support, and initial swig interface support. @@ -1442,79 +1479,87 @@ WinPcap on windows. A swig interface file is now located in the swig directory for using Python, Java, Perl, and others with CyaSSL. This is initial support and experimental, -please send questions or comments to support@wolfssl.com. +please send questions or comments to support@yassl.com. When doing load testing with CyaSSL, on the echoserver example say, the client machine may run out of tcp ephemeral ports, they will end up in the TIME_WAIT queue, and can't be reused by default. There are generally two ways to fix -this. 1) Reduce the length sockets remain on the TIME_WAIT queue or 2) Allow -items on the TIME_WAIT queue to be reused. +this. + +1. Reduce the length sockets remain on the TIME_WAIT queue OR +2. Allow items on the TIME_WAIT queue to be reused. To reduce the TIME_WAIT length in OS X to 3 seconds (3000 milliseconds) -sudo sysctl -w net.inet.tcp.msl=3000 +`sudo sysctl -w net.inet.tcp.msl=3000` In Linux -sudo sysctl -w net.ipv4.tcp_tw_reuse=1 +`sudo sysctl -w net.ipv4.tcp_tw_reuse=1` allows reuse of sockets in TIME_WAIT -sudo sysctl -w net.ipv4.tcp_tw_recycle=1 +`sudo sysctl -w net.ipv4.tcp_tw_recycle=1` works but seems to remove sockets from TIME_WAIT entirely? -sudo sysctl -w net.ipv4.tcp_fin_timeout=1 +`sudo sysctl -w net.ipv4.tcp_fin_timeout=1` doen't control TIME_WAIT, it controls FIN_WAIT(2) contrary to some posts -******************** CyaSSL Release 1.4.0 (2/18/2010) +# CyaSSL Release 1.4.0 (2/18/2010) Release 1.3.0 for CyaSSL adds bug fixes, better multi TLS/SSL version support through SSLv23_server_method(), and improved documentation in the doc/ folder. For general build instructions doc/Building_CyaSSL.pdf. -******************** CyaSSL Release 1.3.0 (1/21/2010) +# CyaSSL Release 1.3.0 (1/21/2010) Release 1.3.0 for CyaSSL adds bug fixes, a potential security problem fix, better porting support, removal of assert()s, and a complete THREADX port. For general build instructions see rc1 below. -******************** CyaSSL Release 1.2.0 (11/2/2009) +# CyaSSL Release 1.2.0 (11/2/2009) Release 1.2.0 for CyaSSL adds bug fixes and session negotiation if first use is read or write. For general build instructions see rc1 below. -******************** CyaSSL Release 1.1.0 (9/2/2009) +# CyaSSL Release 1.1.0 (9/2/2009) Release 1.1.0 for CyaSSL adds bug fixes, a check against malicious session cache use, support for lighttpd, and TLS 1.2. To get TLS 1.2 support please use the client and server functions: +```c SSL_METHOD *TLSv1_2_server_method(void); SSL_METHOD *TLSv1_2_client_method(void); +``` CyaSSL was tested against lighttpd 1.4.23. To build CyaSSL for use with lighttpd use the following commands from the CyaSSL install dir : +``` ./configure --disable-shared --enable-opensslExtra --enable-fastmath --without-zlib make make openssl-links +``` Then to build lighttpd with CyaSSL use the following commands from the lighttpd install dir: +``` ./configure --with-openssl --with-openssl-includes=/include --with-openssl-libs=/lib LDFLAGS=-lm make +``` On some systems you may get a linker error about a duplicate symbol for MD5_Init or other MD5 calls. This seems to be caused by the lighttpd src file @@ -1523,41 +1568,44 @@ When liblightcomp is linked with the SSL_LIBs the linker may complain about the duplicate symbol. This can be fixed by editing the lighttpd src file md5.c and adding this line to the beginning of the file: -#if 0 +\#if 0 and this line to the end of the file -#endif +\#endif Then from the lighttpd src dir do a: +``` make clean make - +``` If you get link errors about undefined symbols more than likely the actual OpenSSL libraries are found by the linker before the CyaSSL openssl-links that point to the CyaSSL library, causing the linker confusion. This can be fixed by editing the Makefile in the lighttpd src directory and changing the line: -SSL_LIB = -lssl -lcrypto +`SSL_LIB = -lssl -lcrypto` to -SSL_LIB = -lcyassl +`SSL_LIB = -lcyassl` Then from the lighttpd src dir do a: +``` make clean make +``` This should remove any confusion the linker may be having with missing symbols. -For any questions or concerns please contact support@wolfssl.com . +For any questions or concerns please contact support@yassl.com . For general build instructions see rc1 below. -******************CyaSSL Release 1.0.6 (8/03/2009) +# CyaSSL Release 1.0.6 (8/03/2009) Release 1.0.6 for CyaSSL adds bug fixes, an improved session cache, and faster math with a huge code option. @@ -1574,7 +1622,7 @@ the benchmark utility to compare public key operations. For general build instructions see rc1 below. -******************CyaSSL Release 1.0.3 (5/10/2009) +# CyaSSL Release 1.0.3 (5/10/2009) Release 1.0.3 for CyaSSL adds bug fixes and add increased support for OpenSSL compatibility when building other applications. @@ -1585,7 +1633,7 @@ aren't fully implemented at this time but will be for the next release. For general build instructions see rc1 below. -******************CyaSSL Release 1.0.2 (4/3/2009) +# CyaSSL Release 1.0.2 (4/3/2009) Release 1.0.2 for CyaSSL adds bug fixes for a couple I/O issues. Some systems will send a SIGPIPE on socket recv() at any time and this should be handled by @@ -1598,7 +1646,7 @@ aren't fully implemented at this time but will be for the next release. For general build instructions see rc1 below. -*****************CyaSSL Release Candidate 3 rc3-1.0.0 (2/25/2009) +## CyaSSL Release Candidate 3 rc3-1.0.0 (2/25/2009) Release Candidate 3 for CyaSSL 1.0.0 adds bug fixes and adds a project file for @@ -1609,36 +1657,42 @@ lost when cyassl i/o was re-implemented but is now fixed. For general build instructions see rc1 below. -*****************CyaSSL Release Candidate 2 rc2-1.0.0 (1/21/2009) +## CyaSSL Release Candidate 2 rc2-1.0.0 (1/21/2009) Release Candidate 2 for CyaSSL 1.0.0 adds bug fixes and adds two new stream ciphers along with their respective cipher suites. CyaSSL adds support for HC-128 and RABBIT stream ciphers. The new suites are: +``` TLS_RSA_WITH_HC_128_SHA TLS_RSA_WITH_RABBIT_SHA +``` And the corresponding cipher names are +``` HC128-SHA RABBIT-SHA +``` CyaSSL also adds support for building with devkitPro for PPC by changing the library proper to use libogc. The examples haven't been changed yet but if there's interest they can be. Here's an example ./configure to build CyaSSL for devkitPro: +``` ./configure --disable-shared CC=/pathTo/devkitpro/devkitPPC/bin/powerpc-gekko-gcc --host=ppc --without-zlib --enable-singleThreaded RANLIB=/pathTo/devkitpro/devkitPPC/bin/powerpc-gekko-ranlib CFLAGS="-DDEVKITPRO -DGEKKO" +``` For linking purposes you'll need -LDFLAGS="-g -mrvl -mcpu=750 -meabi -mhard-float -Wl,-Map,$(notdir $@).map" +`LDFLAGS="-g -mrvl -mcpu=750 -meabi -mhard-float -Wl,-Map,$(notdir $@).map"` For general build instructions see rc1 below. -********************CyaSSL Release Candidate 1 rc1-1.0.0 (12/17/2008) +## CyaSSL Release Candidate 1 rc1-1.0.0 (12/17/2008) Release Candidate 1 for CyaSSL 1.0.0 contains major internal changes. Several @@ -1649,40 +1703,40 @@ Many thanks to Thierry Fournier for providing these ideas and most of the work. Because of these changes, this release is only a candidate since some problems are probably inevitable on some platform with some I/O use. Please report any problems and we'll try to resolve them as soon as possible. You can contact us -at support@wolfssl.com or todd@wolfssl.com. +at support@yassl.com or todd@yassl.com. Using TomsFastMath by passing --enable-fastmath to ./configure now uses assembly on some platforms. This is new so please report any problems as every compiler, mode, OS combination hasn't been tested. On ia32 all of the registers need to be available so be sure to pass these options to CFLAGS: -CFLAGS="-O3 -fomit-frame-pointer" +`CFLAGS="-O3 -fomit-frame-pointer"` OS X will also need -mdynamic-no-pic added to CFLAGS Also if you're building in shared mode for ia32 you'll need to pass options to LDFLAGS as well on OS X: -LDFLAGS=-Wl,-read_only_relocs,warning +`LDFLAGS=-Wl,-read_only_relocs,warning` This gives warnings for some symbols but seems to work. ---To build on Linux, Solaris, *BSD, Mac OS X, or Cygwin: +#### To build on Linux, Solaris, *BSD, Mac OS X, or Cygwin: ./configure make from the ./testsuite/ directory run ./testsuite -to make a debug build: +#### To make a debug build: ./configure --enable-debug --disable-shared make ---To build on Win32 +#### To build on Win32 Choose (Re)Build All from the project workspace @@ -1692,7 +1746,7 @@ Run the testsuite program -*************************CyaSSL version 0.9.9 (7/25/2008) +# CyaSSL version 0.9.9 (7/25/2008) This release of CyaSSL adds bug fixes, Pre-Shared Keys, over-rideable memory handling, and optionally TomsFastMath. Thanks to Moisés Guimarães for the @@ -1707,12 +1761,12 @@ always seems to be faster. On x86-64 machines with GCC the normal math library may outperform the fast one when using CFLAGS=-m64 because TomsFastMath can't yet use -m64 because of GCCs inability to do 128bit division. - **** UPDATE GCC 4.2.1 can now do 128bit division *** + *** UPDATE GCC 4.2.1 can now do 128bit division *** See notes below (0.2.0) for complete build instructions. -****************CyaSSL version 0.9.8 (5/7/2008) +# CyaSSL version 0.9.8 (5/7/2008) This release of CyaSSL adds bug fixes, client side Diffie-Hellman, and better socket handling. @@ -1720,7 +1774,7 @@ socket handling. See notes below (0.2.0) for complete build instructions. -****************CyaSSL version 0.9.6 (1/31/2008) +# CyaSSL version 0.9.6 (1/31/2008) This release of CyaSSL adds bug fixes, increased session management, and a fix for gnutls. @@ -1728,7 +1782,7 @@ for gnutls. See notes below (0.2.0) for complete build instructions. -****************CyaSSL version 0.9.0 (10/15/2007) +# CyaSSL version 0.9.0 (10/15/2007) This release of CyaSSL adds bug fixes, MSVC 2005 support, GCC 4.2 support, IPV6 support and test, and new test certificates. @@ -1736,7 +1790,7 @@ IPV6 support and test, and new test certificates. See notes below (0.2.0) for complete build instructions. -****************CyaSSL version 0.8.0 (1/10/2007) +# CyaSSL version 0.8.0 (1/10/2007) This release of CyaSSL adds increased socket support, for non-blocking writes, connects, and interrupted system calls. @@ -1744,7 +1798,7 @@ connects, and interrupted system calls. See notes below (0.2.0) for complete build instructions. -****************CyaSSL version 0.6.3 (10/30/2006) +# CyaSSL version 0.6.3 (10/30/2006) This release of CyaSSL adds debug logging to stderr to aid in the debugging of CyaSSL on systems that may not provide the best support. @@ -1762,7 +1816,7 @@ To turn logging back off call CyaSSL_Debugging_OFF() See notes below (0.2.0) for complete build instructions. -*****************CyaSSL version 0.6.2 (10/29/2006) +# CyaSSL version 0.6.2 (10/29/2006) This release of CyaSSL adds TLS 1.1. @@ -1774,7 +1828,7 @@ CyaSSL_check_domain_name() to prevent man in the middle attacks. See notes below (0.2.0) for build instructions. -*****************CyaSSL version 0.6.0 (10/25/2006) +# CyaSSL version 0.6.0 (10/25/2006) This release of CyaSSL adds more SSL functions, better autoconf, nonblocking I/O for accept, connect, and read. There is now an --enable-small configure @@ -1784,7 +1838,7 @@ for the defines. Note that TLS requires HMAC and AES requires TLS. See notes below (0.2.0) for build instructions. -*****************CyaSSL version 0.5.5 (09/27/2006) +# CyaSSL version 0.5.5 (09/27/2006) This mini release of CyaSSL adds better input processing through buffered input and big message support. Added SSL_pending() and some sanity checks on user @@ -1793,28 +1847,28 @@ settings. See notes below (0.2.0) for build instructions. -*****************CyaSSL version 0.5.0 (03/27/2006) +# CyaSSL version 0.5.0 (03/27/2006) This release of CyaSSL adds AES support and minor bug fixes. See notes below (0.2.0) for build instructions. -*****************CyaSSL version 0.4.0 (03/15/2006) +# CyaSSL version 0.4.0 (03/15/2006) This release of CyaSSL adds TLSv1 client/server support and libtool. See notes below for build instructions. -*****************CyaSSL version 0.3.0 (02/26/2006) +# CyaSSL version 0.3.0 (02/26/2006) This release of CyaSSL adds SSLv3 server support and session resumption. See notes below for build instructions. -*****************CyaSSL version 0.2.0 (02/19/2006) +# CyaSSL version 0.2.0 (02/19/2006) This is the first release of CyaSSL and its crypt brother, CTaoCrypt. CyaSSL @@ -1830,21 +1884,21 @@ The first release of CyaSSL supports normal client RSA mode SSLv3 connections with support for SHA-1 and MD5 digests. Ciphers include 3DES and RC4. ---To build on Linux, Solaris, *BSD, Mac OS X, or Cygwin: +#### To build on Linux, Solaris, *BSD, Mac OS X, or Cygwin: ./configure make from the ./testsuite/ directory run ./testsuite -to make a debug build: +#### to make a debug build: ./configure --enable-debug --disable-shared make ---To build on Win32 +#### To build on Win32 Choose (Re)Build All from the project workspace @@ -1857,4 +1911,3 @@ compatibility functions. Please send questions or comments to todd@wolfssl.com - diff --git a/IDE/ARDUINO/README.md b/IDE/ARDUINO/README.md index b16d492e5f..7376c026b4 100644 --- a/IDE/ARDUINO/README.md +++ b/IDE/ARDUINO/README.md @@ -4,22 +4,23 @@ This is a shell script that will re-organize the wolfSSL library to be compatible with Arduino projects. The Arduino IDE requires a library's source files to be in the library's root directory with a header file in the name of -the library. This script moves all src/ files to the root wolfssl directory and -creates a stub header file called wolfssl.h. +the library. This script moves all src/ files to the `IDE/ARDUINO/wolfSSL` +directory and creates a stub header file called `wolfssl.h`. Step 1: To configure wolfSSL with Arduino, enter the following from within the wolfssl/IDE/ARDUINO directory: - ./wolfssl-arduino.sh + `./wolfssl-arduino.sh` -Step 2: Edit /wolfssl/wolfcrypt/settings.h uncomment the define for -WOLFSSL_ARDUINO +Step 2: Edit `/IDE/ARDUINO/wolfSSL/wolfssl/wolfcrypt/settings.h` uncomment the define for `WOLFSSL_ARDUINO` +If building for Intel Galileo platform also uncomment the define for `INTEL_GALILEO`. -also uncomment the define for INTEL_GALILEO if building for that platform - #####Including wolfSSL in Arduino Libraries (for Arduino version 1.6.6) -1. Copy the wolfSSL directory into Arduino/libraries (or wherever Arduino searches for libraries). -2. In the Arduino IDE: - - Go to ```Sketch > Include Libraries > Manage Libraries```. This refreshes your changes to the libraries. - - Next go to ```Sketch > Include Libraries > wolfSSL```. This includes wolfSSL in your sketch. + +1. In the Arduino IDE: + - In `Sketch -> Include Library -> Add .ZIP Library...` and choose the + `IDE/ARDUNIO/wolfSSL` folder. + - In `Sketch -> Include Library` choose wolfSSL. + +An example wolfSSL client INO sketch exists here: `sketches/wolfssl_client/wolfssl_client.ino` diff --git a/IDE/ARDUINO/sketches/wolfssl_client/wolfssl_client.ino b/IDE/ARDUINO/sketches/wolfssl_client/wolfssl_client.ino index 6d52690c2c..879a19109e 100644 --- a/IDE/ARDUINO/sketches/wolfssl_client/wolfssl_client.ino +++ b/IDE/ARDUINO/sketches/wolfssl_client/wolfssl_client.ino @@ -1,6 +1,6 @@ /* wolfssl_client.ino * - * Copyright (C) 2006-2016 wolfSSL Inc. + * Copyright (C) 2006-2018 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -142,4 +142,3 @@ void loop() { } delay(1000); } - diff --git a/IDE/ARDUINO/wolfssl-arduino.sh b/IDE/ARDUINO/wolfssl-arduino.sh index 4da3ff4b6d..2d84f26c0a 100755 --- a/IDE/ARDUINO/wolfssl-arduino.sh +++ b/IDE/ARDUINO/wolfssl-arduino.sh @@ -7,20 +7,29 @@ DIR=${PWD##*/} if [ "$DIR" = "ARDUINO" ]; then - cp ../../src/*.c ../../ - cp ../../wolfcrypt/src/*.c ../../ - echo "/* stub header file for Arduino compatibility */" >> ../../wolfssl.h + rm -rf wolfSSL + mkdir wolfSSL + + cp ../../src/*.c ./wolfSSL + cp ../../wolfcrypt/src/*.c ./wolfSSL + + mkdir wolfSSL/wolfssl + cp ../../wolfssl/*.h ./wolfSSL/wolfssl + mkdir wolfSSL/wolfssl/wolfcrypt + cp ../../wolfssl/wolfcrypt/*.h ./wolfSSL/wolfssl/wolfcrypt + + # support misc.c as include in wolfcrypt/src + mkdir ./wolfSSL/wolfcrypt + mkdir ./wolfSSL/wolfcrypt/src + cp ../../wolfcrypt/src/misc.c ./wolfSSL/wolfcrypt/src + + # put bio and evp as includes + mv ./wolfSSL/bio.c ./wolfSSL/wolfssl + mv ./wolfSSL/evp.c ./wolfSSL/wolfssl + + echo "/* Generated wolfSSL header file for Arduino */" >> ./wolfSSL/wolfssl.h + echo "#include " >> ./wolfSSL/wolfssl.h + echo "#include " >> ./wolfSSL/wolfssl.h else echo "ERROR: You must be in the IDE/ARDUINO directory to run this script" fi - -#UPDATED: 19 Apr 2017 to remove bio.c and evp.c from the root directory since -# they are included inline and should not be compiled directly - -ARDUINO_DIR=${PWD} -cd ../../ -rm bio.c -rm evp.c -cd $ARDUINO_DIR -# end script in the origin directory for any future functionality that may be added. -#End UPDATE: 19 Apr 2017 diff --git a/IDE/CSBENCH/.cproject b/IDE/CSBENCH/.cproject new file mode 100644 index 0000000000..ce3f41cde9 --- /dev/null +++ b/IDE/CSBENCH/.cproject @@ -0,0 +1,183 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/IDE/CSBENCH/.project b/IDE/CSBENCH/.project new file mode 100644 index 0000000000..f3da8d9558 --- /dev/null +++ b/IDE/CSBENCH/.project @@ -0,0 +1,33 @@ + + + wolfcrypt + + + + + + org.eclipse.cdt.managedbuilder.core.genmakebuilder + clean,full,incremental, + + + + + org.eclipse.cdt.managedbuilder.core.ScannerConfigBuilder + full,incremental, + + + + + + org.eclipse.cdt.core.cnature + org.eclipse.cdt.managedbuilder.core.managedBuildNature + org.eclipse.cdt.managedbuilder.core.ScannerConfigNature + + + + src + 2 + PARENT-2-PROJECT_LOC../wolfcrypt + + + diff --git a/IDE/CSBENCH/include.am b/IDE/CSBENCH/include.am new file mode 100644 index 0000000000..2f9241596c --- /dev/null +++ b/IDE/CSBENCH/include.am @@ -0,0 +1,8 @@ +# vim:ft=automake +# included from Top Level Makefile.am +# All paths should be given relative to the root + +EXTRA_DIST+= IDE/CSBENCH/.project +EXTRA_DIST+= IDE/CSBENCH/.cproject +EXTRA_DIST+= IDE/CSBENCH/user_settings.h + diff --git a/IDE/CSBENCH/user_settings.h b/IDE/CSBENCH/user_settings.h new file mode 100644 index 0000000000..428d26df87 --- /dev/null +++ b/IDE/CSBENCH/user_settings.h @@ -0,0 +1,22 @@ +#ifndef WOLFSSL_CSBENCH_H +#define WOLFSSL_CSBENCH_H + +/* wolfSSL settings */ +#define WOLFCRYPT_ONLY +#define USE_FAST_MATH +#define TFM_TIMING_RESISTANT +#define WC_RSA_BLINDING + +#define SINGLE_THREADED +#define HAVE_AESGCM +#define NO_ASN_TIME + +#define HAVE_ECC +#define ECC_TIMING_RESISTANT +#define WOLFSSL_NUCLEUS + +/* wolfSSH settings */ +#define WOLFSSH_SFTP +//#define DEBUG_WOLFSSH + +#endif diff --git a/IDE/include.am b/IDE/include.am index ebea79b3c0..84f49290ff 100644 --- a/IDE/include.am +++ b/IDE/include.am @@ -13,5 +13,6 @@ include IDE/INTIME-RTOS/include.am include IDE/OPENSTM32/include.am include IDE/VS-ARM/include.am include IDE/GCC-ARM/include.am +include IDE/CSBENCH/include.am EXTRA_DIST+= IDE/IAR-EWARM IDE/MDK-ARM IDE/MDK5-ARM IDE/MYSQL IDE/LPCXPRESSO IDE/HEXIWEAR diff --git a/Makefile.am b/Makefile.am index d92dc4462a..036401fbf1 100644 --- a/Makefile.am +++ b/Makefile.am @@ -84,6 +84,7 @@ EXTRA_DIST+= wolfssl64.sln EXTRA_DIST+= valgrind-error.sh EXTRA_DIST+= gencertbuf.pl EXTRA_DIST+= README.md +EXTRA_DIST+= ChangeLog.md EXTRA_DIST+= LICENSING EXTRA_DIST+= INSTALL EXTRA_DIST+= IPP @@ -94,10 +95,6 @@ include wrapper/include.am include cyassl/include.am include wolfssl/include.am include certs/include.am -include certs/1024/include.am -include certs/crl/include.am -include certs/external/include.am -include certs/ocsp/include.am include doc/include.am include swig/include.am @@ -208,6 +205,3 @@ merge-clean: @find ./ | $(GREP) \.BASE | xargs rm -f @find ./ | $(GREP) \~$$ | xargs rm -f -dist-hook: - cp $(distdir)/wolfssl/options.h.in $(distdir)/wolfssl/options.h - diff --git a/NEWS b/NEWS deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/README.md b/README.md index 77fb354413..919e0e935b 100644 --- a/README.md +++ b/README.md @@ -65,1821 +65,110 @@ wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0); before calling wolfSSL_new(); Though it's not recommended. ``` +# wolfSSL Release x.x.x -# wolfSSL Release 3.14.0 (3/02/2018) +* Added AES performance enhancements on AMD processors using Intel ASM instructions -Release 3.14.0 of wolfSSL embedded TLS has bug fixes and new features including: +## Note 3 +``` +The enum values SHA, SHA256, SHA384, SHA512 are no longer available when +wolfSSL is built with --enable-opensslextra (OPENSSL_EXTRA) or with the macro +NO_OLD_SHA_NAMES. These names get mapped to the OpenSSL API for a single call +hash function. Instead the name WC_SHA, WC_SHA256, WC_SHA384 and WC_SHA512 +should be used for the enum name. +``` -* TLS 1.3 draft 22 and 23 support added -* Additional unit tests for; SHA3, AES-CMAC, Ed25519, ECC, RSA-PSS, AES-GCM -* Many additions to the OpenSSL compatibility layer were made in this release. Some of these being enhancements to PKCS12, WOLFSSL_X509 use, WOLFSSL_EVP_PKEY, and WOLFSSL_BIO operations -* AVX1 and AVX2 performance improvements with ChaCha20 and Poly1305 -* Added i.MX CAAM driver support with Integrity OS support -* Improvements to logging with debugging, including exposing more API calls and adding options to reduce debugging code size -* Fix for signature type detection with PKCS7 RSA SignedData -* Public key call back functions added for DH Agree -* RSA-PSS API added for operating on non inline buffers (separate input and output buffers) -* API added for importing and exporting raw DSA parameters -* Updated DSA key generation to be FIPS 186-4 compliant -* Fix for wolfSSL_check_private_key when comparing ECC keys -* Support for AES Cipher Feedback(CFB) mode added -* Updated RSA key generation to be FIPS 186-4 compliant -* Update added for the ARM CMSIS software pack -* WOLFSSL_IGNORE_FILE_WARN macro added for avoiding build warnings when not working with autotools -* Performance improvements for AES-GCM with AVX1 and AVX2 -* Fix for possible memory leak on error case with wc_RsaKeyToDer function -* Make wc_PKCS7_PadData function available -* Updates made to building SGX on Linux -* STM32 hashing algorithm improvements including clock/power optimizations and auto detection of if SHA2 is supported -* Update static memory feature for FREERTOS use -* Reverse the order that certificates are compared during PKCS12 parse to account for case where multiple certificates have the same matching private key -* Update NGINX port to version 1.13.8 -* Support for HMAC-SHA3 added -* Added stricter ASN checks to enforce RFC 5280 rules. Thanks to the report from Professor Zhenhua Duan, Professor Cong Tian, and Ph.D candidate Chu Chen from Institute of Computing Theory and Technology (ICTT) of Xidian University. -* Option to have ecc_mul2add function public facing -* Getter function wc_PKCS7_GetAttributeValue added for PKCS7 attributes -* Macros NO_AES_128, NO_AES_192, NO_AES_256 added for AES key size selection at compile time -* Support for writing multiple organizations units (OU) and domain components (DC) with CSR and certificate creation -* Support for indefinite length BER encodings in PKCS7 -* Added API for additional validation of prime q in a public DH key -* Added support for RSA encrypt and decrypt without padding +# wolfSSL Release x.x.x +* Added AES performance enhancements on AMD processors with build option `./configure --enable-intelasm` +# wolfSSL Release 3.15.0 (06/05/2018) + +Release 3.15.0 of wolfSSL embedded TLS has bug fixes and new features including: + +* Support for TLS 1.3 Draft versions 23, 26 and 28. +* Add FIPS SGX support! +* Single Precision assembly code added for ARM and 64-bit ARM to enhance performance. +* Improved performance for Single Precision maths on 32-bit. +* Improved downgrade support for the TLS 1.3 handshake. +* Improved TLS 1.3 support from interoperability testing. +* Added option to allow TLS 1.2 to be compiled out to reduce size and enhance security. +* Added option to support Ed25519 in TLS 1.2 and 1.3. +* Update wolfSSL_HMAC_Final() so the length parameter is optional. +* Various fixes for Coverity static analysis reports. +* Add define to use internal struct timeval (USE_WOLF_TIMEVAL_T). +* Switch LowResTimer() to call XTIME instead of time(0) for better portability. +* Expanded OpenSSL compatibility layer with a bevy of new functions. +* Added Renesas CS+ project files. +* Align DH support with NIST SP 800-56A, add wc_DhSetKey_ex() for q parameter. +* Add build option for CAVP self test build (--enable-selftest). +* Expose mp_toradix() when WOLFSSL_PUBLIC_MP is defined. +* Example certificate expiration dates and generation script updated. +* Additional optimizations to trim out unused strings depending on build options. +* Fix for DN tag strings to have “=” when returning the string value to users. +* Fix for wolfSSL_ERR_get_error_line_data return value if no more errors are in the queue. +* Fix for AES-CBC IV value with PIC32 hardware acceleration. +* Fix for wolfSSL_X509_print with ECC certificates. +* Fix for strict checking on URI absolute vs relative path. +* Added crypto device framework to handle PK RSA/ECC operations using callbacks, which adds new build option `./configure --enable-cryptodev` or `WOLF_CRYPTO_DEV`. +* Added devId support to ECC and PKCS7 for hardware based private key. +* Fixes in PKCS7 for handling possible memory leak in some error cases. +* Added test for invalid cert common name when set with `wolfSSL_check_domain_name`. +* Refactor of the cipher suite names to use single array, which contains internal name, IANA name and cipher suite bytes. +* Added new function `wolfSSL_get_cipher_name_from_suite` for getting IANA cipher suite name using bytes. +* Fixes for fsanitize reports. +* Fix for openssl compatibility function `wolfSSL_RSA_verify` to check returned size. +* Fixes and improvements for FreeRTOS AWS. +* Fixes for building openssl compatibility with FreeRTOS. +* Fix and new test for handling match on domain name that may have a null terminator inside. +* Cleanup of the socket close code used for examples, CRL/OCSP and BIO to use single macro `CloseSocket`. +* Refactor of the TLSX code to support returning error codes. +* Added new signature wrapper functions `wc_SignatureVerifyHash` and `wc_SignatureGenerateHash` to allow direct use of hash. +* Improvement to GCC-ARM IDE example. +* Enhancements and cleanups for the ASN date/time code including new API's `wc_GetDateInfo`, `wc_GetCertDates` and `wc_GetDateAsCalendarTime`. +* Fixes to resolve issues with C99 compliance. Added build option `WOLF_C99` to force C99. +* Added a new `--enable-opensslall` option to enable all openssl compatibility features. +* Added new `--enable-webclient` option for enabling a few HTTP API's. +* Added new `wc_OidGetHash` API for getting the hash type from a hash OID. +* Moved `wolfSSL_CertPemToDer`, `wolfSSL_KeyPemToDer`, `wolfSSL_PubKeyPemToDer` to asn.c and renamed to `wc_`. Added backwards compatibility macro for old function names. +* Added new `WC_MAX_SYM_KEY_SIZE` macro for helping determine max key size. +* Added `--enable-enckeys` or (`WOLFSSL_ENCRYPTED_KEYS`) to enable support for encrypted PEM private keys using password callback without having to use opensslextra. +* Added ForceZero on the password buffer after done using it. +* Refactor unique hash types to use same internal values (ex WC_MD5 == WC_HASH_TYPE_MD5). +* Refactor the Sha3 types to use `wc_` naming, while retaining old names for compatibility. +* Improvements to `wc_PBKDF1` to support more hash types and the non-standard extra data option. +* Fix TLS 1.3 with ECC disabled and CURVE25519 enabled. +* Added new define `NO_DEV_URANDOM` to disable the use of `/dev/urandom`. +* Added `WC_RNG_BLOCKING` to indicate block w/sleep(0) is okay. +* Fix for `HAVE_EXT_CACHE` callbacks not being available without `OPENSSL_EXTRA` defined. +* Fix for ECC max bits `MAX_ECC_BITS` not always calculating correctly due to macro order. +* Added support for building and using PKCS7 without RSA (assuming ECC is enabled). +* Fixes and additions for Cavium Nitrox V to support ECC, AES-GCM and HMAC (SHA-224 and SHA3). +* Enabled ECC, AES-GCM and SHA-512/384 by default in (Linux and Windows) +* Added `./configure --enable-base16` and `WOLFSSL_BASE16` configuration option to enable Base16 API's. +* Improvements to ATECC508A support for building without `WOLFSSL_ATMEL` defined. +* Refactor IO callback function names to use `_CTX_` to eliminate confusion about the first parameter. +* Added support for not loading a private key for server or client when `HAVE_PK_CALLBACK` is defined and the private PK callback is set. +* Added new ECC API `wc_ecc_sig_size_calc` to return max signature size for a key size. +* Cleanup ECC point import/export code and added new API `wc_ecc_import_unsigned`. +* Fixes for handling OCSP with non-blocking. +* Added new PK (Primary Key) callbacks for the VerifyRsaSign. The new callbacks API's are `wolfSSL_CTX_SetRsaVerifySignCb` and `wolfSSL_CTX_SetRsaPssVerifySignCb`. +* Added new ECC API `wc_ecc_rs_raw_to_sig` to take raw unsigned R and S and encodes them into ECDSA signature format. +* Added support for `WOLFSSL_STM32F1`. +* Cleanup of the ASN X509 header/footer and XSTRNCPY logic. +* Add copyright notice to autoconf files. (Thanks Brian Aker!) +* Updated the M4 files for autotools. (Thanks Brian Aker!) +* Add support for the cipher suite TLS_DH_anon_WITH_AES256_GCM_SHA384 with test cases. (Thanks Thivya Ashok!) +* Add the TLS alert message unknown_psk_identity (115) from RFC 4279, section 2. (Thanks Thivya Ashok!) +* Fix the case when using TCP with timeouts with TLS. wolfSSL shall be agnostic to network socket behavior for TLS. (DTLS is another matter.) The functions `wolfSSL_set_using_nonblock()` and `wolfSSL_get_using_nonblock()` are deprecated. +* Hush the AR warning when building the static library with autotools. +* Hush the “-pthread” warning when building in some environments. +* Added a dist-hook target to the Makefile to reset the default options.h file. +* Removed the need for the darwin-clang.m4 file with the updates provided by Brian A. +* Renamed the AES assembly file so GCC on the Mac will build it using the preprocessor. +* Add a disable option (--disable-optflags) to turn off the default optimization flags so user may supply their own custom flags. +* Correctly touch the dummy fips.h header. + +If you have questions on any of this, then email us at info@wolfssl.com. See INSTALL file for build instructions. More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html - - -# wolfSSL (Formerly CyaSSL) Release 3.13.0 (12/21/2017) - -wolfSSL 3.13.0 includes bug fixes and new features, including support for -TLS 1.3 Draft 21, performance and footprint optimizations, build fixes, -updated examples and project files, and one vulnerability fix. The full list -of changes and additions in this release include: - -* Fixes for TLS 1.3, support for Draft 21 -* TLS 1.0 disabled by default, addition of “--enable-tlsv10” configure option -* New option to reduce SHA-256 code size at expense of performance - (USE_SLOW_SHA256) -* New option for memory reduced build (--enable-lowresource) -* AES-GCM performance improvements on AVX1 (IvyBridge) and AVX2 -* SHA-256 and SHA-512 performance improvements using AVX1/2 ASM -* SHA-3 size and performance optimizations -* Fixes for Intel AVX2 builds on Mac/OSX -* Intel assembly for Curve25519, and Ed25519 performance optimizations -* New option to force 32-bit mode with “--enable-32bit” -* New option to disable all inline assembly with “--disable-asm” -* Ability to override maximum signature algorithms using WOLFSSL_MAX_SIGALGO -* Fixes for handling of unsupported TLS extensions. -* Fixes for compiling AES-GCM code with GCC 4.8.* -* Allow adjusting static I/O buffer size with WOLFMEM_IO_SZ -* Fixes for building without a filesystem -* Removes 3DES and SHA1 dependencies from PKCS#7 -* Adds ability to disable PKCS#7 EncryptedData type (NO_PKCS7_ENCRYPTED_DATA) -* Add ability to get client-side SNI -* Expanded OpenSSL compatibility layer -* Fix for logging file names with OpenSSL compatibility layer enabled, with - WOLFSSL_MAX_ERROR_SZ user-overridable -* Adds static memory support to the wolfSSL example client -* Fixes for sniffer to use TLS 1.2 client method -* Adds option to wolfCrypt benchmark to benchmark individual algorithms -* Adds option to wolfCrypt benchmark to display benchmarks in powers - of 10 (-base10) -* Updated Visual Studio for ARM builds (for ECC supported curves and SHA-384) -* Updated Texas Instruments TI-RTOS build -* Updated STM32 CubeMX build with fixes for SHA -* Updated IAR EWARM project files -* Updated Apple Xcode projects with the addition of a benchmark example project - -This release of wolfSSL fixes 1 security vulnerability. - -wolfSSL is cited in the recent ROBOT Attack by Böck, Somorovsky, and Young. -The paper notes that wolfSSL only gives a weak oracle without a practical -attack but this is still a flaw. This release contains a fix for this report. -Please note that wolfSSL has static RSA cipher suites disabled by default as -of version 3.6.6 because of the lack of perfect forward secrecy. Only users -who have explicitly enabled static RSA cipher suites with WOLFSSL_STATIC_RSA -and use those suites on a host are affected. More information will be -available on our website at: - -https://wolfssl.com/wolfSSL/security/vulnerabilities.php - -See INSTALL file for build instructions. -More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html - - -# wolfSSL (Formerly CyaSSL) Release 3.12.2 (10/23/2017) - -## Release 3.12.2 of wolfSSL has bug fixes and new features including: - -This release includes many performance improvements with Intel ASM (AVX/AVX2) and AES-NI. New single precision math option to speedup RSA, DH and ECC. Embedded hardware support has been expanded for STM32, PIC32MZ and ATECC508A. AES now supports XTS mode for disk encryption. Certificate improvements for setting serial number, key usage and extended key usage. Refactor of SSL_ and hash types to allow openssl coexistence. Improvements for TLS 1.3. Fixes for OCSP stapling to allow disable and WOLFSSL specific user context for callbacks. Fixes for openssl and MySQL compatibility. Updated Micrium port. Fixes for asynchronous modes. - -* Added TLS extension for Supported Point Formats (ec_point_formats) -* Fix to not send OCSP stapling extensions in client_hello when not enabled -* Added new API's for disabling OCSP stapling -* Add check for SIZEOF_LONG with sun and LP64 -* Fixes for various TLS 1.3 disable options (RSA, ECC and ED/Curve 25519). -* Fix to disallow upgrading to TLS v1.3 -* Fixes for wolfSSL_EVP_CipherFinal() when message size is a round multiple of a block size. -* Add HMAC benchmark and expanded AES key size benchmarks -* Added simple GCC ARM Makefile example -* Add tests for 3072-bit RSA and DH. -* Fixed DRAFT_18 define and fixed downgrading with TLS v1.3 -* Fixes to allow custom serial number during certificate generation -* Add method to get WOLFSSL_CTX certificate manager -* Improvement to `wolfSSL_SetOCSP_Cb` to allow context per WOLFSSL object -* Alternate certificate chain support `WOLFSSL_ALT_CERT_CHAINS`. Enables checking cert against multiple CA's. -* Added new `--disable-oldnames` option to allow for using openssl along-side wolfssl headers (without OPENSSL_EXTRA). -* Refactor SSL_ and hashing types to use wolf specific prefix (WOLFSSL and WC_) to allow openssl coexistence. -* Fixes for HAVE_INTEL_MULX -* Cleanup include paths for MySQL cmake build -* Added configure option for building library for wolfSSH (--enable-wolfssh) -* Openssl compatibility layer improvements -* Expanded API unit tests -* Fixes for STM32 crypto hardware acceleration -* Added AES XTS mode (--enable-xts) -* Added ASN Extended Key Usage Support (see wc_SetExtKeyUsage). -* Math updates and added TFM_MIPS speedup. -* Fix for creation of the KeyUsage BitString -* Fix for 8k keys with MySQL compatibility -* Fixes for ATECC508A. -* Fixes for PIC32MZ hashing. -* Fixes and improvements to asynchronous modes for Intel QuickAssist and Cavium Nitrox V. -* Update HASH_DRBG Reseed mechanism and add test case -* Rename the file io.h/io.c to wolfio.h/wolfio.c -* Cleanup the wolfIO_Send function. -* OpenSSL Compatibility Additions and Fixes -* Improvements to Visual Studio DLL project/solution. -* Added function to generate public ECC key from private key -* Added async blocking support for sniffer tool. -* Added wolfCrypt hash tests for empty string and large data. -* Added ability to use of wolf implementation of `strtok` using `USE_WOLF_STRTOK`. -* Updated Micrium uC/OS-III Port -* Updated root certs for OCSP scripts -* New Single Precision math option for RSA, DH and ECC (off by default). See `--enable-sp`. -* Speedups for AES GCM with AESNI (--enable-aesni) -* Speedups for SHA2, ChaCha20/Poly1035 using AVX/AVX2 - - -# wolfSSL (Formerly CyaSSL) Release 3.12.0 (8/04/2017) - -## Release 3.12.0 of wolfSSL has bug fixes and new features including: - -- TLS 1.3 with Nginx! TLS 1.3 with ARMv8! TLS 1.3 with Async Crypto! (--enable-tls13) -- TLS 1.3 0RTT feature added -- Added port for using Intel SGX with Linux -- Update and fix PIC32MZ port -- Additional unit testing for MD5, SHA, SHA224, SHA256, SHA384, SHA512, RipeMd, HMAC, 3DES, IDEA, ChaCha20, ChaCha20Poly1305 AEAD, Camellia, Rabbit, ARC4, AES, RSA, Hc128 -- AVX and AVX2 assembly for improved ChaCha20 performance -- Intel QAT fixes for when using --disable-fastmath -- Update how DTLS handles decryption and MAC failures -- Update DTLS session export version number for --enable-sessionexport feature -- Add additional input argument sanity checks to ARMv8 assembly port -- Fix for making PKCS12 dynamic types match -- Fixes for potential memory leaks when using --enable-fast-rsa -- Fix for when using custom ECC curves and add BRAINPOOLP256R1 test -- Update TI-RTOS port for dependency on new wolfSSL source files -- DTLS multicast feature added, --enable-mcast -- Fix for Async crypto with GCC 7.1 and HMAC when not using Intel QuickAssist -- Improvements and enhancements to Intel QuickAssist support -- Added Xilinx port -- Added SHA3 Keccak feature, --enable-sha3 -- Expand wolfSSL Python wrapper to now include a client side implementation -- Adjust example servers to not treat a peer closed error as a hard error -- Added more sanity checks to fp_read_unsigned_bin function -- Add SHA224 and AES key wrap to ARMv8 port -- Update MQX classics and mmCAU ports -- Fix for potential buffer over read with wolfSSL_CertPemToDer -- Add PKCS7/CMS decode support for KARI with IssuerAndSerialNumber -- Fix ThreadX/NetX warning -- Fixes for OCSP and CRL non blocking sockets and for incomplete cert chain with OCSP -- Added RSA PSS sign and verify -- Fix for STM32F4 AES-GCM -- Added enable all feature (--enable-all) -- Added trackmemory feature (--enable-trackmemory) -- Fixes for AES key wrap and PKCS7 on Windows VS -- Added benchmark block size argument -- Support use of staticmemory with PKCS7 -- Fix for Blake2b build with GCC 5.4 -- Fixes for compiling wolfSSL with GCC version 7, most dealing with switch statement fall through warnings. -- Added warning when compiling without hardened math operations - - -Note: -There is a known issue with using ChaCha20 AVX assembly on versions of GCC earlier than 5.2. This is encountered with using the wolfSSL enable options --enable-intelasm and --enable-chacha. To avoid this issue ChaCha20 can be enabled with --enable-chacha=noasm. -If using --enable-intelasm and also using --enable-sha224 or --enable-sha256 there is a known issue with trying to use -fsanitize=address. - -This release of wolfSSL fixes 1 low level security vulnerability. - -Low level fix for a potential DoS attack on a wolfSSL client. Previously a client would accept many warning alert messages without a limit. This fix puts a limit to the number of warning alert messages received and if this limit is reached a fatal error ALERT_COUNT_E is returned. The max number of warning alerts by default is set to 5 and can be adjusted with the macro WOLFSSL_ALERT_COUNT_MAX. Thanks for the report from Tarun Yadav and Koustav Sadhukhan from Defence Research and Development Organization, INDIA. - - -See INSTALL file for build instructions. -More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html - - -# wolfSSL (Formerly CyaSSL) Release 3.11.1 (5/11/2017) - -## Release 3.11.1 of wolfSSL is a TLS 1.3 BETA release, which includes: - -- TLS 1.3 client and server support for TLS 1.3 with Draft 18 support - -This is strictly a BETA release, and designed for testing and user feedback. -Please send any comments, testing results, or feedback to wolfSSL at -support@wolfssl.com. - -See INSTALL file for build instructions. -More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html - - -# wolfSSL (Formerly CyaSSL) Release 3.11.0 (5/04/2017) - -## Release 3.11.0 of wolfSSL has bug fixes and new features including: - -- Code updates for warnings reported by Coverity scans -- Testing and warning fixes for FreeBSD on PowerPC -- Updates and refactoring done to ASN1 parsing functions -- Change max PSK identity buffer to account for an identity length of 128 characters -- Update Arduino script to handle recent files and additions -- Added support for PKCS#7 Signed Data with ECDSA -- Fix for interoperability with ChaCha20-Poly1305 suites using older draft versions -- DTLS update to allow multiple handshake messages in one DTLS record. Thanks to Eric Samsel over at Welch Allyn for reporting this bug. -- Intel QuickAssist asynchronous support (PR #715 - https://www.wolfssl.com/wolfSSL/Blog/Entries/2017/1/18_wolfSSL_Asynchronous_Intel_QuickAssist_Support.html) -- Added support for HAproxy load balancer -- Added option to allow SHA1 with TLS 1.2 for IIS compatibility (WOLFSSL_ALLOW_TLS_SHA1) -- Added Curve25519 51-bit Implementation, increasing performance on systems that have 128 bit types -- Fix to not send session ID on server side if session cache is off unless we're echoing -session ID as part of session tickets -- Fixes for ensuring all default ciphers are setup correctly (see PR #830) -- Added NXP Hexiwear example in `IDE/HEXIWEAR`. -- Added wolfSSL_write_dup() to create write only WOLFSSL object for concurrent access -- Fixes for TLS elliptic curve selection on private key import. -- Fixes for RNG with Intel rdrand and rdseed speedups. -- Improved performance with Intel rdrand to use full 64-bit output -- Added new --enable-intelrand option to indicate use of RDRAND preference for RNG source -- Removed RNG ARC4 support -- Added ECC helpers to get size and id from curve name. -- Added ECC Cofactor DH (ECC-CDH) support -- Added ECC private key only import / export functions. -- Added PKCS8 create function -- Improvements to TLS layer CTX handling for switching keys / certs. -- Added check for duplicate certificate policy OID in certificates. -- Normal math speed-up to not allocate on mp_int and defer until mp_grow -- Reduce heap usage with fast math when not using ALT_ECC_SIZE -- Fixes for building CRL with Windows -- Added support for inline CRL lookup when HAVE_CRL_IO is defined -- Added port for tenAsys INtime RTOS -- Improvements to uTKernel port (WOLFSSL_uTKERNEL2) -- Updated WPA Supplicant support -- Added support for Nginx -- Update stunnel port for version 5.40 -- Fixes for STM32 hardware crypto acceleration -- Extended test code coverage in bundled test.c -- Added a sanity check for minimum authentication tag size with AES-GCM. Thanks to Yueh-Hsun Lin and Peng Li at KNOX Security at Samsung Research America for suggesting this. -- Added a sanity check that subject key identifier is marked as non-critical and a check that no policy OIDS appear more than once in the cert policies extension. Thanks to the report from Professor Zhenhua Duan, Professor Cong Tian, and Ph.D candidate Chu Chen from Institute of Computing Theory and Technology (ICTT) of Xidian University, China. Profs. Zhenhua Duan and Cong Tian are supervisors of Ph.D candidate Chu Chen. - -This release of wolfSSL fixes 5 low and 1 medium level security vulnerability. - -3 Low level fixes reported by Yueh-Hsun Lin and Peng Li from KNOX Security, Samsung Research America. -- Fix for out of bounds memory access in wc_DhParamsLoad() when GetLength() returns a zero. Before this fix there is a case where wolfSSL would read out of bounds memory in the function wc_DhParamsLoad. -- Fix for DH key accepted by wc_DhAgree when the key was malformed. -- Fix for a double free case when adding CA cert into X509_store. - -Low level fix for memory management with static memory feature enabled. By default static memory is disabled. Thanks to GitHub user hajjihraf for reporting this. - - -Low level fix for out of bounds write in the function wolfSSL_X509_NAME_get_text_by_NID. This function is not used by TLS or crypto operations but could result in a buffer out of bounds write by one if called explicitly in an application. Discovered by Aleksandar Nikolic of Cisco Talos. http://talosintelligence.com/vulnerability-reports/ - -Medium level fix for check on certificate signature. There is a case in release versions 3.9.10, 3.10.0 and 3.10.2 where a corrupted signature on a peer certificate would not be properly flagged. Thanks to Wens Lo, James Tsai, Kenny Chang, and Oscar Yang at Castles Technology. - - -See INSTALL file for build instructions. -More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html - - -# wolfSSL (Formerly CyaSSL) Release 3.10.2 (2/10/2017) - -## Release 3.10.2 of wolfSSL has bug fixes and new features including: - -- Poly1305 Windows macros fix. Thanks to GitHub user Jay Satiro -- Compatibility layer expanded with multiple functions added -- Improve fp_copy performance with ALT_ECC_SIZE -- OCSP updates and improvements -- Fixes for IAR EWARM 8 compiler warnings -- Reduce stack usage with ECC_CACHE_CURVE disabled -- Added ECC export raw for public and private key -- Fix for NO_ASN_TIME build -- Supported curves extensions now populated by default -- Add DTLS build without big integer math -- Fix for static memory feature with wc_ecc_verify_hash_ex and not SHAMIR -- Added PSK interoperability testing to script bundled with wolfSSL -- Fix for Python wrapper random number generation. Compiler optimizations with Python could place the random number in same buffer location each time. Thanks to GitHub user Erik Bray (embray) -- Fix for tests on unaligned memory with static memory feature -- Add macro WOLFSSL_NO_OCSP_OPTIONAL_CERTS to skip optional OCSP certificates -- Sanity checks on NULL arguments added to wolfSSL_set_fd and wolfSSL_DTLS_SetCookieSecret -- mp_jacobi stack use reduced, thanks to Szabi Tolnai for providing a solution to reduce stack usage - - -This release of wolfSSL fixes 2 low and 1 medium level security vulnerability. - -Low level fix of buffer overflow for when loading in a malformed temporary DH file. Thanks to Yueh-Hsun Lin and Peng Li from KNOX Security, Samsung Research America for the report. - -Medium level fix for processing of OCSP response. If using OCSP without hard faults enforced and no alternate revocation checks like OCSP stapling then it is recommended to update. - -Low level fix for potential cache attack on RSA operations. If using wolfSSL RSA on a server that other users can have access to monitor the cache, then it is recommended to update wolfSSL. Thanks to Andreas Zankl, Johann Heyszl and Georg Sigl at Fraunhofer AISEC for the initial report. - -See INSTALL file for build instructions. -More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html - - -# wolfSSL (Formerly CyaSSL) Release 3.10.0 (12/21/2016) - -## Release 3.10.0 of wolfSSL has bug fixes and new features including: - -- Added support for SHA224 -- Added scrypt feature -- Build for Intel SGX use, added in directory IDE/WIN-SGX -- Fix for ChaCha20-Poly1305 ECDSA certificate type request -- Enhance PKCS#7 with ECC enveloped data and AES key wrap support -- Added support for RIOT OS -- Add support for parsing PKCS#12 files -- ECC performance increased with custom curves -- ARMv8 expanded to AArch32 and performance increased -- Added ANSI-X9.63-KDF support -- Port to STM32 F2/F4 CubeMX -- Port to Atmel ATECC508A board -- Removed fPIE by default when wolfSSL library is compiled -- Update to Python wrapper, dropping DES and adding wc_RSASetRNG -- Added support for NXP K82 hardware acceleration -- Added SCR client and server verify check -- Added a disable rng option with autoconf -- Added more tests vectors to test.c with AES-CTR -- Updated DTLS session export version number -- Updated DTLS for 64 bit sequence numbers -- Fix for memory management with TI and WOLFSSL_SMALL_STACK -- Hardening RSA CRT to be constant time -- Fix uninitialized warning with IAR compiler -- Fix for C# wrapper example IO hang on unexpected connection termination - - -This release of wolfSSL fixes a low level security vulnerability. The vulnerability reported was a potential cache attack on RSA operations. If using wolfSSL RSA on a server that other users can have access to monitor the cache, then it is recommended to update wolfSSL. Thanks to Andreas Zankl, Johann Heyszl and Georg Sigl at Fraunhofer AISEC for the report. More information will be available on our site: - -https://wolfssl.com/wolfSSL/security/vulnerabilities.php - -See INSTALL file for build instructions. -More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html - - -# wolfSSL (Formerly CyaSSL) Release 3.9.10 (9/23/2016) - -## Release 3.9.10 of wolfSSL has bug fixes and new features including: - -- Default configure option changes: - 1. DES3 disabled by default - 2. ECC Supported Curves Extension enabled by default - 3. New option Extended Master Secret enabled by default -- Added checking CA certificate path length, and new test certs -- Fix to DSA pre padding and sanity check on R/S values -- Added CTX level RNG for single-threaded builds -- Intel RDSEED enhancements -- ARMv8 hardware acceleration support for AES-CBC/CTR/GCM, SHA-256 -- Arduino support updates -- Added the Extended Master Secret TLS extension - 1. Enabled by default in configure options, API to disable - 2. Added support for Extended Master Secret to sniffer -- OCSP fix with issuer key hash, lookup refactor -- Added support for Frosted OS -- Added support for DTLS over SCTP -- Added support for static memory with wolfCrypt -- Fix to ECC Custom Curve support -- Support for asynchronous wolfCrypt RSA and TLS client -- Added distribution build configure option -- Update the test certificates - -This release of wolfSSL fixes medium level security vulnerabilities. Fixes for -potential AES, RSA, and ECC side channel leaks is included that a local user -monitoring the same CPU core cache could exploit. VM users, hyper-threading -users, and users where potential attackers have access to the CPU cache will -need to update if they utilize AES, RSA private keys, or ECC private keys. -Thanks to Gorka Irazoqui Apecechea and Xiaofei Guo from Intel Corporation for -the report. More information will be available on our site: - -https://wolfssl.com/wolfSSL/security/vulnerabilities.php - -See INSTALL file for build instructions. -More info can be found on-line at https://wolfssl.com/wolfSSL/Docs.html - - -# wolfSSL (Formerly CyaSSL) Release 3.9.8 (7/29/2016) - -##Release 3.9.8 of wolfSSL has bug fixes and new features including: - -- Add support for custom ECC curves. -- Add cipher suite ECDHE-ECDSA-AES128-CCM. -- Add compkey enable option. This option is for compressed ECC keys. -- Add in the option to use test.h without gettimeofday function using the macro - WOLFSSL_USER_CURRTIME. -- Add RSA blinding for private key operations. Enable option of harden which is - on by default. This negates timing attacks. -- Add ECC and TLS support for all SECP, Koblitz and Brainpool curves. -- Add helper functions for static memory option to allow getting optimum buffer - sizes. -- Update DTLS behavior on bad MAC. DTLS silently drops packets with bad MACs now. -- Update fp_isprime function from libtom enchancement/cleanup repository. -- Update sanity checks on inputs and return values for AES-CMAC. -- Update wolfSSL for use with MYSQL v5.6.30. -- Update LPCXpresso eclipse project to not include misc.c when not needed. -- Fix retransmit of last DTLS flight with timeout notification. The last flight - is no longer retransmitted on timeout. -- Fixes to some code in math sections for compressed ECC keys. This includes - edge cases for buffer size on allocation and adjustments for compressed curves - build. The code and full list can be found on github with pull request #456. -- Fix function argument mismatch for build with secure renegotiation. -- X.509 bug fixes for reading in malformed certificates, reported by researchers - at Columbia University -- Fix GCC version 6 warning about hard tabs in poly1305.c. This was a warning - produced by GCC 6 trying to determine the intent of code. -- Fixes for static memory option. Including avoid potential race conditions with - counters, decrement handshake counter correctly. -- Fix anonymous cipher with Diffie Hellman on the server side. Was an issue of a - possible buffer corruption. For information and code see pull request #481. - - -- One high level security fix that requires an update for use with static RSA - cipher suites was submitted. This fix was the addition of RSA blinding for - private RSA operations. We recommend servers who allow static RSA cipher - suites to also generate new private RSA keys. Static RSA cipher suites are - turned off by default. - -See INSTALL file for build instructions. -More info can be found on-line at //http://wolfssl.com/wolfSSL/Docs.html - -# wolfSSL (Formerly CyaSSL) Release 3.9.6 (6/14/2016) - -##Release 3.9.6 of wolfSSL has bug fixes and new features including: - -- Add staticmemory feature -- Add public wc_GetTime API with base64encode feature -- Add AES CMAC algorithm -- Add DTLS sessionexport feature -- Add python wolfCrypt wrapper -- Add ECC encrypt/decrypt benchmarks -- Add dynamic session tickets -- Add eccshamir option -- Add Whitewood netRandom support --with-wnr -- Add embOS port -- Add minimum key size checks for RSA and ECC -- Add STARTTLS support to examples -- Add uTasker port -- Add asynchronous crypto and wolf event support -- Add compile check for misc.c with inline -- Add RNG benchmark -- Add reduction to stack usage with hash-based RNG -- Update STM32F2_CRYPTO port with additional algorithms supported -- Update MDK5 projects -- Update AES-NI -- Fix for STM32 with STM32F2_HASH defined -- Fix for building with MinGw -- Fix ECC math bugs with ALT_ECC_SIZE and key sizes over 256 bit (1) -- Fix certificate buffers github issue #422 -- Fix decrypt max size with RSA OAEP -- Fix DTLS sanity check with DTLS timeout notification -- Fix free of WOLFSSL_METHOD on failure to create CTX -- Fix memory leak in failure case with wc_RsaFunction (2) - -- No high level security fixes that requires an update though we always -recommend updating to the latest -- (1) Code changes for ECC fix can be found at pull requests #411, #416, and #428 -- (2) Builds using RSA with using normal math and not RSA_LOW_MEM should update - -See INSTALL file for build instructions. -More info can be found on-line at //http://wolfssl.com/wolfSSL/Docs.html - -# wolfSSL (Formerly CyaSSL) Release 3.9.0 (03/18/2016) - -##Release 3.9.0 of wolfSSL has bug fixes and new features including: - -- Add new leantls configuration -- Add RSA OAEP padding at wolfCrypt level -- Add Arduino port and example client -- Add fixed point DH operation -- Add CUSTOM_RAND_GENRATE_SEED_OS and CUSTOM_RAND_GENERATE_BLOCK -- Add ECDHE-PSK cipher suites -- Add PSK ChaCha20-Poly1305 cipher suites -- Add option for fail on no peer cert except PSK suites -- Add port for Nordic nRF51 -- Add additional ECC NIST test vectors for 256, 384 and 521 -- Add more granular ECC, Ed25519/Curve25519 and AES configs -- Update to ChaCha20-Poly1305 -- Update support for Freescale KSDK 1.3.0 -- Update DER buffer handling code, refactoring and reducing memory -- Fix to AESNI 192 bit key expansion -- Fix to C# wrapper character encoding -- Fix sequence number issue with DTLS epoch 0 messages -- Fix RNGA with K64 build -- Fix ASN.1 X509 V3 certificate policy extension parsing -- Fix potential free of uninitialized RSA key in asn.c -- Fix potential underflow when using ECC build with FP_ECC -- Fixes for warnings in Visual Studio 2015 build - -- No high level security fixes that requires an update though we always -recommend updating to the latest -- FP_ECC is off by default, users with it enabled should update for the zero -sized hash fix - -See INSTALL file for build instructions. -More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html - -# wolfSSL (Formerly CyaSSL) Release 3.8.0 (12/30/2015) - -##Release 3.8.0 of wolfSSL has bug fixes and new features including: - -- Example client/server with VxWorks -- AESNI use with AES-GCM -- Stunnel compatibility enhancements -- Single shot hash and signature/verify API added -- Update cavium nitrox port -- LPCXpresso IDE support added -- C# wrapper to support wolfSSL use by a C# program -- (BETA version)OCSP stapling added -- Update OpenSSH compatibility -- Improve DTLS handshake when retransmitting finished message -- fix idea_mult() for 16 and 32bit systems -- fix LowResTimer on Microchip ports - -- No high level security fixes that requires an update though we always -recommend updating to the latest - -See INSTALL file for build instructions. -More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html - -# wolfSSL (Formerly CyaSSL) Release 3.7.0 (10/26/2015) - -##Release 3.7.0 of wolfSSL has bug fixes and new features including: - -- ALPN extension support added for HTTP2 connections with --enable-alpn -- Change of example/client/client max fragment flag -L -> -F -- Throughput benchmarking, added scripts/benchmark.test -- Sniffer API ssl_FreeDecodeBuffer added -- Addition of AES_GCM to Sniffer -- Sniffer change to handle unlimited decrypt buffer size -- New option for the sniffer where it will try to pick up decoding after a - sequence number acknowldgement fault. Also includes some additional stats. -- JNI API setter and getter function for jobject added -- User RSA crypto plugin abstraction. An example placed in wolfcrypt/user-crypto -- fix to asn configuration bug -- AES-GCM/CCM fixes. -- Port for Rowley added -- Rowley Crossworks bare metal examples added -- MDK5-ARM project update -- FreeRTOS support updates. -- VXWorks support updates. -- Added the IDEA cipher and support in wolfSSL. -- Update wolfSSL website CA. -- CFLAGS is usable when configuring source. - -- No high level security fixes that requires an update though we always -recommend updating to the latest - -See INSTALL file for build instructions. -More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html - -#wolfSSL (Formerly CyaSSL) Release 3.6.8 (09/17/2015) - -##Release 3.6.8 of wolfSSL fixes two high severity vulnerabilities. -##It also includes bug fixes and new features including: - -- Two High level security fixes, all users SHOULD update. - a) If using wolfSSL for DTLS on the server side of a publicly accessible - machine you MUST update. - b) If using wolfSSL for TLS on the server side with private RSA keys allowing - ephemeral key exchange without low memory optimziations you MUST update and - regenerate the private RSA keys. - - Please see https://www.wolfssl.com/wolfSSL/Blog/Blog.html for more details - -- No filesystem build fixes for various configurations -- Certificate generation now supports several extensions including KeyUsage, - SKID, AKID, and Ceritifcate Policies -- CRLs can be loaded from buffers as well as files now -- SHA-512 Ceritifcate Signing generation -- Fixes for sniffer reassembly processing - -See INSTALL file for build instructions. -More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html - -#wolfSSL (Formerly CyaSSL) Release 3.6.6 (08/20/2015) - -##Release 3.6.6 of wolfSSL has bug fixes and new features including: - -- OpenSSH compatibility with --enable-openssh -- stunnel compatibility with --enable-stunnel -- lighttpd compatibility with --enable-lighty -- SSLv3 is now disabled by default, can be enabled with --enable-sslv3 -- Ephemeral key cipher suites only are now supported by default - To enable static ECDH cipher suites define WOLFSSL_STATIC_DH - To enable static RSA cipher suites define WOLFSSL_STATIC_RSA - To enable static PSK cipher suites define WOLFSSL_STATIC_PSK -- Added QSH (quantum-safe handshake) extension with --enable-ntru -- SRP is now part of wolfCrypt, enable with --enabe-srp -- Certificate handshake messages can now be sent fragmented if the record - size is smaller than the total message size, no user action required. -- DTLS duplicate message fixes -- Visual Studio project files now support DLL and static builds for 32/64bit. -- Support for new Freesacle I/O -- FreeRTOS FIPS support - -- No high level security fixes that requires an update though we always - recommend updating to the latest - -See INSTALL file for build instructions. -More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html - - -#wolfSSL (Formerly CyaSSL) Release 3.6.0 (06/19/2015) - -##Release 3.6.0 of wolfSSL has bug fixes and new features including: - -- Max Strength build that only allows TLSv1.2, AEAD ciphers, and PFS (Perfect - Forward Secrecy). With --enable-maxstrength -- Server side session ticket support, the example server and echosever use the - example callback myTicketEncCb(), see wolfSSL_CTX_set_TicketEncCb() -- FIPS version submitted for iOS. -- TI Crypto Hardware Acceleration -- DTLS fragmentation fixes -- ECC key check validation with wc_ecc_check_key() -- 32bit code options to reduce memory for Curve25519 and Ed25519 -- wolfSSL JNI build switch with --enable-jni -- PicoTCP support improvements -- DH min ephemeral key size enforcement with wolfSSL_CTX_SetMinDhKey_Sz() -- KEEP_PEER_CERT and AltNames can now be used together -- ChaCha20 big endian fix -- SHA-512 signature algorithm support for key exchange and verify messages -- ECC make key crash fix on RNG failure, ECC users must update. -- Improvements to usage of time code. -- Improvements to VS solution files. -- GNU Binutils 2.24 ld has problems with some debug builds, to fix an ld error - add -fdebug-types-section to C_EXTRA_FLAGS - -- No high level security fixes that requires an update though we always - recommend updating to the latest (except note 14, ecc RNG failure) - -See INSTALL file for build instructions. -More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html - - -#wolfSSL (Formerly CyaSSL) Release 3.4.8 (04/06/2015) - -##Release 3.4.8 of wolfSSL has bug fixes and new features including: - -- FIPS version submitted for iOS. -- Max Strength build that only allows TLSv1.2, AEAD ciphers, and PFS. -- Improvements to usage of time code. -- Improvements to VS solution files. - -See INSTALL file for build instructions. -More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html - - -#wolfSSL (Formerly CyaSSL) Release 3.4.6 (03/30/2015) - -##Release 3.4.6 of wolfSSL has bug fixes and new features including: - -- Intel Assembly Speedups using instructions rdrand, rdseed, aesni, avx1/2, - rorx, mulx, adox, adcx . They can be enabled with --enable-intelasm. - These speedup the use of RNG, SHA2, and public key algorithms. -- Ed25519 support at the crypto level. Turn on with --enable-ed25519. Examples - in wolcrypt/test/test.c ed25519_test(). -- Post Handshake Memory reductions. wolfSSL can now hold less than 1,000 bytes - of memory per secure connection including cipher state. -- wolfSSL API and wolfCrypt API fixes, you can still include the cyassl and - ctaocrypt headers which will enable the compatibility APIs for the - foreseeable future -- INSTALL file to help direct users to build instructions for their environment -- For ECC users with the normal math library a fix that prevents a crash when - verify signature fails. Users of 3.4.0 with ECC and the normal math library - must update -- RC4 is now disabled by default in autoconf mode -- AES-GCM and ChaCha20/Poly1305 are now enabled by default to make AEAD ciphers - available without a switch -- External ChaCha-Poly AEAD API, thanks to Andrew Burks for the contribution -- DHE-PSK cipher suites can now be built without ASN or Cert support -- Fix some NO MD5 build issues with optional features -- Freescale CodeWarrior project updates -- ECC curves can be individually turned on/off at build time. -- Sniffer handles Cert Status message and other minor fixes -- SetMinVersion() at the wolfSSL Context level instead of just SSL session level - to allow minimum protocol version allowed at runtime -- RNG failure resource cleanup fix - -- No high level security fixes that requires an update though we always - recommend updating to the latest (except note 6 use case of ecc/normal math) - -See INSTALL file for build instructions. -More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html - - -#wolfSSL (Formerly CyaSSL) Release 3.4.0 (02/23/2015) - -## Release 3.4.0 wolfSSL has bug fixes and new features including: - -- wolfSSL API and wolfCrypt API, you can still include the cyassl and ctaocrypt - headers which will enable the compatibility APIs for the foreseeable future -- Example use of the wolfCrypt API can be found in wolfcrypt/test/test.c -- Example use of the wolfSSL API can be found in examples/client/client.c -- Curve25519 now supported at the wolfCrypt level, wolfSSL layer coming soon -- Improvements in the build configuration under AIX -- Microchip Pic32 MZ updates -- TIRTOS updates -- PowerPC updates -- Xcode project update -- Bidirectional shutdown examples in client/server with -w (wait for full - shutdown) option -- Cycle counts on benchmarks for x86_64, more coming soon -- ALT_ECC_SIZE for reducing ecc heap use with fastmath when also using large RSA - keys -- Various compile warnings -- Scan-build warning fixes -- Changed a memcpy to memmove in the sniffer (if using sniffer please update) -- No high level security fixes that requires an update though we always - recommend updating to the latest - - -# CyaSSL Release 3.3.0 (12/05/2014) - -- Countermeasuers for Handshake message duplicates, CHANGE CIPHER without - FINISHED, and fast forward attempts. Thanks to Karthikeyan Bhargavan from - the Prosecco team at INRIA Paris-Rocquencourt for the report. -- FIPS version submitted -- Removes SSLv2 Client Hello processing, can be enabled with OLD_HELLO_ALLOWED -- User can set mimimum downgrade version with CyaSSL_SetMinVersion() -- Small stack improvements at TLS/SSL layer -- TLS Master Secret generation and Key Expansion are now exposed -- Adds client side Secure Renegotiation, * not recommended * -- Client side session ticket support, not fully tested with Secure Renegotiation -- Allows up to 4096bit DHE at TLS Key Exchange layer -- Handles non standard SessionID sizes in Hello Messages -- PicoTCP Support -- Sniffer now supports SNI Virtual Hosts -- Sniffer now handles non HTTPS protocols using STARTTLS -- Sniffer can now parse records with multiple messages -- TI-RTOS updates -- Fix for ColdFire optimized fp_digit read only in explicit 32bit case -- ADH Cipher Suite ADH-AES128-SHA for EAP-FAST - -The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - -# CyaSSL Release 3.2.0 (09/10/2014) - -#### Release 3.2.0 CyaSSL has bug fixes and new features including: - -- ChaCha20 and Poly1305 crypto and suites -- Small stack improvements for OCSP, CRL, TLS, DTLS -- NTRU Encrypt and Decrypt benchmarks -- Updated Visual Studio project files -- Updated Keil MDK5 project files -- Fix for DTLS sequence numbers with GCM/CCM -- Updated HashDRBG with more secure struct declaration -- TI-RTOS support and example Code Composer Studio project files -- Ability to get enabled cipher suites, CyaSSL_get_ciphers() -- AES-GCM/CCM/Direct support for Freescale mmCAU and CAU -- Sniffer improvement checking for decrypt key setup -- Support for raw ECC key import -- Ability to convert ecc_key to DER, EccKeyToDer() -- Security fix for RSA Padding check vulnerability reported by Intel Security - Advanced Threat Research team - -The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - -# CyaSSL Release 3.1.0 (07/14/2014) - -#### Release 3.1.0 CyaSSL has bug fixes and new features including: - -- Fix for older versions of icc without 128-bit type -- Intel ASM syntax for AES-NI -- Updated NTRU support, keygen benchmark -- FIPS check for minimum required HMAC key length -- Small stack (--enable-smallstack) improvements for PKCS#7, ASN -- TLS extension support for DTLS -- Default I/O callbacks external to user -- Updated example client with bad clock test -- Ability to set optional ECC context info -- Ability to enable/disable DH separate from opensslextra -- Additional test key/cert buffers for CA and server -- Updated example certificates - -The CyaSSL manual is available at: -http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - -# CyaSSL Release 3.0.2 (05/30/2014) - -#### Release 3.0.2 CyaSSL has bug fixes and new features including: - -- Added the following cipher suites: - * TLS_PSK_WITH_AES_128_GCM_SHA256 - * TLS_PSK_WITH_AES_256_GCM_SHA384 - * TLS_PSK_WITH_AES_256_CBC_SHA384 - * TLS_PSK_WITH_NULL_SHA384 - * TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 - * TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 - * TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 - * TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 - * TLS_DHE_PSK_WITH_NULL_SHA256 - * TLS_DHE_PSK_WITH_NULL_SHA384 - * TLS_DHE_PSK_WITH_AES_128_CCM - * TLS_DHE_PSK_WITH_AES_256_CCM -- Added AES-NI support for Microsoft Visual Studio builds. -- Changed small stack build to be disabled by default. -- Updated the Hash DRBG and provided a configure option to enable. - -The CyaSSL manual is available at: -http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - -# CyaSSL Release 3.0.0 (04/29/2014) - -#### Release 3.0.0 CyaSSL has bug fixes and new features including: - -- FIPS release candidate -- X.509 improvements that address items reported by Suman Jana with security - researchers at UT Austin and UC Davis -- Small stack size improvements, --enable-smallstack. Offloads large local - variables to the heap. (Note this is not complete.) -- Updated AES-CCM-8 cipher suites to use approved suite numbers. - -The CyaSSL manual is available at: -http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - -# CyaSSL Release 2.9.4 (04/09/2014) - -#### Release 2.9.4 CyaSSL has bug fixes and new features including: - -- Security fixes that address items reported by Ivan Fratric of the Google - Security Team -- X.509 Unknown critical extensions treated as errors, report by Suman Jana with - security researchers at UT Austin and UC Davis -- Sniffer fixes for corrupted packet length and Jumbo frames -- ARM thumb mode assembly fixes -- Xcode 5.1 support including new clang -- PIC32 MZ hardware support -- CyaSSL Object has enough room to read the Record Header now w/o allocs -- FIPS wrappers for AES, 3DES, SHA1, SHA256, SHA384, HMAC, and RSA. -- A sample I/O pool is demonstrated with --enable-iopool to overtake memory - handling and reduce memory fragmentation on I/O large sizes - -The CyaSSL manual is available at: -http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - -# CyaSSL Release 2.9.0 (02/07/2014) - -#### Release 2.9.0 CyaSSL has bug fixes and new features including: -- Freescale Kinetis RNGB support -- Freescale Kinetis mmCAU support -- TLS Hello extensions - - ECC - - Secure Renegotiation (null) - - Truncated HMAC -- SCEP support - - PKCS #7 Enveloped data and signed data - - PKCS #10 Certificate Signing Request generation -- DTLS sliding window -- OCSP Improvements - - API change to integrate into Certificate Manager - - IPv4/IPv6 agnostic - - example client/server support for OCSP - - OCSP nonces are optional -- GMAC hashing -- Windows build additions -- Windows CYGWIN build fixes -- Updated test certificates -- Microchip MPLAB Harmony support -- Update autoconf scripts -- Additional X.509 inspection functions -- ECC encrypt/decrypt primitives -- ECC Certificate generation - -The Freescale Kinetis K53 RNGB documentation can be found in Chapter 33 of the -K53 Sub-Family Reference Manual: -http://cache.freescale.com/files/32bit/doc/ref_manual/K53P144M100SF2RM.pdf - -Freescale Kinetis K60 mmCAU (AES, DES, 3DES, MD5, SHA, SHA256) documentation -can be found in the "ColdFire/ColdFire+ CAU and Kinetis mmCAU Software Library -User Guide": -http://cache.freescale.com/files/32bit/doc/user_guide/CAUAPIUG.pdf - - -# CyaSSL Release 2.8.0 (8/30/2013) - -#### Release 2.8.0 CyaSSL has bug fixes and new features including: -- AES-GCM and AES-CCM use AES-NI -- NetX default IO callback handlers -- IPv6 fixes for DTLS Hello Cookies -- The ability to unload Certs/Keys after the handshake, CyaSSL_UnloadCertsKeys() -- SEP certificate extensions -- Callback getters for easier resource freeing -- External CYASSL_MAX_ERROR_SZ for correct error buffer sizing -- MacEncrypt and DecryptVerify Callbacks for User Atomic Record Layer Processing -- Public Key Callbacks for ECC and RSA -- Client now sends blank cert upon request if doesn't have one with TLS <= 1.2 - - -The CyaSSL manual is available at: -http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - -# CyaSSL Release 2.7.0 (6/17/2013) - -#### Release 2.7.0 CyaSSL has bug fixes and new features including: -- SNI support for client and server -- KEIL MDK-ARM projects -- Wildcard check to domain name match, and Subject altnames are checked too -- Better error messages for certificate verification errors -- Ability to discard session during handshake verify -- More consistent error returns across all APIs -- Ability to unload CAs at the CTX or CertManager level -- Authority subject id support for Certificate matching -- Persistent session cache functionality -- Persistent CA cache functionality -- Client session table lookups to push serverID table to library level -- Camellia support to sniffer -- User controllable settings for DTLS timeout values -- Sniffer fixes for caching long lived sessions -- DTLS reliability enhancements for the handshake -- Better ThreadX support - -When compiling with Mingw, libtool may give the following warning due to -path conversion errors: - -``` -libtool: link: Could not determine host file name corresponding to ** -libtool: link: Continuing, but uninstalled executables may not work. -``` - -If so, examples and testsuite will have problems when run, showing an -error while loading shared libraries. To resolve, please run "make install". - -The CyaSSL manual is available at: -http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - -# CyaSSL Release 2.6.0 (04/15/2013) - -#### Release 2.6.0 CyaSSL has bug fixes and new features including: -- DTLS 1.2 support including AEAD ciphers -- SHA-3 finalist Blake2 support, it's fast and uses little resources -- SHA-384 cipher suites including ECC ones -- HMAC now supports SHA-512 -- Track memory use for example client/server with -t option -- Better IPv6 examples with --enable-ipv6, before if ipv6 examples/tests were - turned on, localhost only was used. Now link-local (with scope ids) and ipv6 - hosts can be used as well. -- Xcode v4.6 project for iOS v6.1 update -- settings.h is now checked in all *.c files for true one file setting detection -- Better alignment at SSL layer for hardware crypto alignment needs - * Note, SSL itself isn't friendly to alignment with 5 byte TLS headers and - 13 bytes DTLS headers, but every effort is now made to align with the - CYASSL_GENERAL_ALIGNMENT flag which sets desired alignment requirement -- NO_64BIT flag to turn off 64bit data type accumulators in public key code - * Note, some systems are faster with 32bit accumulators -- --enable-stacksize for example client/server stack use - * Note, modern desktop Operating Systems may add bytes to each stack frame -- Updated compression/decompression with direct crypto access -- All ./configure options are now lowercase only for consistency -- ./configure builds default to fastmath option - * Note, if on ia32 and building in shared mode this may produce a problem - with a missing register being available because of PIC, there are at least - 6 solutions to this: - 1) --disable-fastmath , don't use fastmath - 2) --disable-shared, don't build a shared library - 3) C_EXTRA_FLAGS=-DTFM_NO_ASM , turn off assembly use - 4) use clang, it just seems to work - 5) play around with no PIC options to force all registers being open, - e.g., --without-pic - 6) if static lib is still a problem try removing fPIE -- Many new ./configure switches for option enable/disable for example - * rsa - * dh - * dsa - * md5 - * sha - * arc4 - * null (allow NULL ciphers) - * oldtls (only use TLS 1.2) - * asn (no certs or public keys allowed) -- ./configure generates cyassl/options.h which allows a header the user can - include in their app to make sure the same options are set at the app and - CyaSSL level. -- autoconf no longer needs serial-tests which lowers version requirements of - automake to 1.11 and autoconf to 2.63 - -The CyaSSL manual is available at: -http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - - -# CyaSSL Release 2.5.0 (02/04/2013) - -#### Release 2.5.0 CyaSSL has bug fixes and new features including: -- Fix for TLS CBC padding timing attack identified by Nadhem Alfardan and - Kenny Paterson: http://www.isg.rhul.ac.uk/tls/ -- Microchip PIC32 (MIPS16, MIPS32) support -- Microchip MPLAB X example projects for PIC32 Ethernet Starter Kit -- Updated CTaoCrypt benchmark app for embedded systems -- 1024-bit test certs/keys and cert/key buffers -- AES-CCM-8 crypto and cipher suites -- Camellia crypto and cipher suites -- Bumped minimum autoconf version to 2.65, automake version to 1.12 -- Addition of OCSP callbacks -- STM32F2 support with hardware crypto and RNG -- Cavium NITROX support - -CTaoCrypt now has support for the Microchip PIC32 and has been tested with -the Microchip PIC32 Ethernet Starter Kit, the XC32 compiler and -MPLAB X IDE in both MIPS16 and MIPS32 instruction set modes. See the README -located under the /mplabx directory for more details. - -To add Cavium NITROX support do: - -./configure --with-cavium=/home/user/cavium/software - -pointing to your licensed cavium/software directory. Since Cavium doesn't -build a library we pull in the cavium_common.o file which gives a libtool -warning about the portability of this. Also, if you're using the github source -tree you'll need to remove the -Wredundant-decls warning from the generated -Makefile because the cavium headers don't conform to this warning. Currently -CyaSSL supports Cavium RNG, AES, 3DES, RC4, HMAC, and RSA directly at the crypto -layer. Support at the SSL level is partial and currently just does AES, 3DES, -and RC4. RSA and HMAC are slower until the Cavium calls can be utilized in non -blocking mode. The example client turns on cavium support as does the crypto -test and benchmark. Please see the HAVE_CAVIUM define. - -CyaSSL is able to use the STM32F2 hardware-based cryptography and random number -generator through the STM32F2 Standard Peripheral Library. For necessary -defines, see the CYASSL_STM32F2 define in settings.h. Documentation for the -STM32F2 Standard Peripheral Library can be found in the following document: -http://www.st.com/internet/com/TECHNICAL_RESOURCES/TECHNICAL_LITERATURE/USER_MANUAL/DM00023896.pdf - -The CyaSSL manual is available at: -http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - - -# CyaSSL Release 2.4.6 (12/20/2012) - -#### Release 2.4.6 CyaSSL has bug fixes and a few new features including: -- ECC into main version -- Lean PSK build (reduced code size, RAM usage, and stack usage) -- FreeBSD CRL monitor support -- CyaSSL_peek() -- CyaSSL_send() and CyaSSL_recv() for I/O flag setting -- CodeWarrior Support -- MQX Support -- Freescale Kinetis support including Hardware RNG -- autoconf builds use jobserver -- cyassl-config -- Sniffer memory reductions - -Thanks to Brian Aker for the improved autoconf system, make rpm, cyassl-config, -warning system, and general good ideas for improving CyaSSL! - -The Freescale Kinetis K70 RNGA documentation can be found in Chapter 37 of the -K70 Sub-Family Reference Manual: -http://cache.freescale.com/files/microcontrollers/doc/ref_manual/K70P256M150SF3RM.pdf - -The CyaSSL manual is available at: -http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - -# CyaSSL Release 2.4.0 (10/10/2012) - -#### Release 2.4.0 CyaSSL has bug fixes and a few new features including: -- DTLS reliability -- Reduced memory usage after handshake -- Updated build process - -The CyaSSL manual is available at: -http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - - -# CyaSSL Release 2.3.0 (8/10/2012) - -#### Release 2.3.0 CyaSSL has bug fixes and a few new features including: -- AES-GCM crypto and cipher suites -- make test cipher suite checks -- Subject AltName processing -- Command line support for client/server examples -- Sniffer SessionTicket support -- SHA-384 cipher suites -- Verify cipher suite validity when user overrides -- CRL dir monitoring -- DTLS Cookie support, reliability coming soon - -The CyaSSL manual is available at: -http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - - -# CyaSSL Release 2.2.0 (5/18/2012) - -#### Release 2.2.0 CyaSSL has bug fixes and a few new features including: -- Initial CRL support (--enable-crl) -- Initial OCSP support (--enable-ocsp) -- Add static ECDH suites -- SHA-384 support -- ECC client certificate support -- Add medium session cache size (1055 sessions) -- Updated unit tests -- Protection against mutex reinitialization - - -The CyaSSL manual is available at: -http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - - -# CyaSSL Release 2.0.8 (2/24/2012) - -#### Release 2.0.8 CyaSSL has bug fixes and a few new features including: -- A fix for malicious certificates pointed out by Remi Gacogne (thanks) - resulting in NULL pointer use. -- Respond to renegotiation attempt with no_renegoatation alert -- Add basic path support for load_verify_locations() -- Add set Temp EC-DHE key size -- Extra checks on rsa test when porting into - - -The CyaSSL manual is available at: -http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - - -# CyaSSL Release 2.0.6 (1/27/2012) - -#### Release 2.0.6 CyaSSL has bug fixes and a few new features including: -- Fixes for CA basis constraint check -- CTX reference counting -- Initial unit test additions -- Lean and Mean Windows fix -- ECC benchmarking -- SSMTP build support -- Ability to group handshake messages with set_group_messages(ctx/ssl) -- CA cache addition callback -- Export Base64_Encode for general use - -The CyaSSL manual is available at: -http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - - -# CyaSSL Release 2.0.2 (12/05/2011) - -#### Release 2.0.2 CyaSSL has bug fixes and a few new features including: -- CTaoCrypt Runtime library detection settings when directly using the crypto - library -- Default certificate generation now uses SHAwRSA and adds SHA256wRSA generation -- All test certificates now use 2048bit and SHA-1 for better modern browser - support -- Direct AES block access and AES-CTR (counter) mode -- Microchip pic32 support - -The CyaSSL manual is available at: -http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - - -# CyaSSL Release 2.0.0rc3 (9/28/2011) - -#### Release 2.0.0rc3 for CyaSSL has bug fixes and a few new features including: -- updated autoconf support -- better make install and uninstall (uses system directories) -- make test / make check -- CyaSSL headers now in -- CTaocrypt headers now in -- OpenSSL compatibility headers now in -- examples and tests all run from home directory so can use certs in ./certs - (see note 1) - -So previous applications that used the OpenSSL compatibility header - now need to include instead, no other -changes are required. - -Special Thanks to Brian Aker for his autoconf, install, and header patches. - -The CyaSSL manual is available at: -http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - -# CyaSSL Release 2.0.0rc2 (6/6/2011) - -#### Release 2.0.0rc2 for CyaSSL has bug fixes and a few new features including: -- bug fixes (Alerts, DTLS with DHE) -- FreeRTOS support -- lwIP support -- Wshadow warnings removed -- asn public header -- CTaoCrypt public headers now all have ctc_ prefix (the manual is still being - updated to reflect this change) -- and more. - -This is the 2nd and perhaps final release candidate for version 2. -Please send any comments or questions to support@yassl.com. - -The CyaSSL manual is available at: -http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - -# CyaSSL Release 2.0.0rc1 (5/2/2011) - -#### Release 2.0.0rc1 for CyaSSL has many new features including: -- bug fixes -- SHA-256 cipher suites -- Root Certificate Verification (instead of needing all certs in the chain) -- PKCS #8 private key encryption (supports PKCS #5 v1-v2 and PKCS #12) -- Serial number retrieval for x509 -- PBKDF2 and PKCS #12 PBKDF -- UID parsing for x509 -- SHA-256 certificate signatures -- Client and server can send chains (SSL_CTX_use_certificate_chain_file) -- CA loading can now parse multiple certificates per file -- Dynamic memory runtime hooks -- Runtime hooks for logging -- EDH on server side -- More informative error codes -- More informative logging messages -- Version downgrade more robust (use SSL_v23*) -- Shared build only by default through ./configure -- Compiler visibility is now used, internal functions not polluting namespace -- Single Makefile, no recursion, for faster and simpler building -- Turn on all warnings possible build option, warning fixes -- and more. - -Because of all the new features and the multiple OS, compiler, feature-set -options that CyaSSL allows, there may be some configuration fixes needed. -Please send any comments or questions to support@yassl.com. - -The CyaSSL manual is available at: -http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - -# CyaSSL Release 1.9.0 (3/2/2011) - -Release 1.9.0 for CyaSSL adds bug fixes, improved TLSv1.2 through testing and -better hash/sig algo ids, --enable-webServer for the yaSSL embedded web server, -improper AES key setup detection, user cert verify callback improvements, and -more. - -The CyaSSL manual offering is included in the doc/ directory. For build -instructions and comments about the new features please check the manual. - -Please send any comments or questions to support@yassl.com. - -# CyaSSL Release 1.8.0 (12/23/2010) - -Release 1.8.0 for CyaSSL adds bug fixes, x509 v3 CA signed certificate -generation, a C standard library abstraction layer, lower memory use, increased -portability through the os_settings.h file, and the ability to use NTRU cipher -suites when used in conjunction with an NTRU license and library. - -The initial CyaSSL manual offering is included in the doc/ directory. For -build instructions and comments about the new features please check the manual. - -Please send any comments or questions to support@yassl.com. - -Happy Holidays. - - -# CyaSSL Release 1.6.5 (9/9/2010) - -Release 1.6.5 for CyaSSL adds bug fixes and x509 v3 self signed certificate -generation. - -For general build instructions see doc/Building_CyaSSL.pdf. - -To enable certificate generation support add this option to ./configure -./configure --enable-certgen - -An example is included in ctaocrypt/test/test.c and documentation is provided -in doc/CyaSSL_Extensions_Reference.pdf item 11. - -# CyaSSL Release 1.6.0 (8/27/2010) - -Release 1.6.0 for CyaSSL adds bug fixes, RIPEMD-160, SHA-512, and RSA key -generation. - -For general build instructions see doc/Building_CyaSSL.pdf. - -To add RIPEMD-160 support add this option to ./configure -./configure --enable-ripemd - -To add SHA-512 support add this option to ./configure -./configure --enable-sha512 - -To add RSA key generation support add this option to ./configure -./configure --enable-keygen - -Please see ctaocrypt/test/test.c for examples and usage. - -For Windows, RIPEMD-160 and SHA-512 are enabled by default but key generation is -off by default. To turn key generation on add the define CYASSL_KEY_GEN to -CyaSSL. - - -# CyaSSL Release 1.5.6 (7/28/2010) - -Release 1.5.6 for CyaSSL adds bug fixes, compatibility for our JSSE provider, -and a fix for GCC builds on some systems. - -For general build instructions see doc/Building_CyaSSL.pdf. - -To add AES-NI support add this option to ./configure -./configure --enable-aesni - -You'll need GCC 4.4.3 or later to make use of the assembly. - -# CyaSSL Release 1.5.4 (7/7/2010) - -Release 1.5.4 for CyaSSL adds bug fixes, support for AES-NI, SHA1 speed -improvements from loop unrolling, and support for the Mongoose Web Server. - -For general build instructions see doc/Building_CyaSSL.pdf. - -To add AES-NI support add this option to ./configure -./configure --enable-aesni - -You'll need GCC 4.4.3 or later to make use of the assembly. - -# CyaSSL Release 1.5.0 (5/11/2010) - -Release 1.5.0 for CyaSSL adds bug fixes, GoAhead WebServer support, sniffer -support, and initial swig interface support. - -For general build instructions see doc/Building_CyaSSL.pdf. - -To add support for GoAhead WebServer either --enable-opensslExtra or if you -don't want all the features of opensslExtra you can just define GOAHEAD_WS -instead. GOAHEAD_WS can be added to ./configure with CFLAGS=-DGOAHEAD_WS or -you can define it yourself. - -To look at the sniffer support please see the sniffertest app in -sslSniffer/sslSnifferTest. Build with --enable-sniffer on *nix or use the -vcproj files on windows. You'll need to have pcap installed on *nix and -WinPcap on windows. - -A swig interface file is now located in the swig directory for using Python, -Java, Perl, and others with CyaSSL. This is initial support and experimental, -please send questions or comments to support@yassl.com. - -When doing load testing with CyaSSL, on the echoserver example say, the client -machine may run out of tcp ephemeral ports, they will end up in the TIME_WAIT -queue, and can't be reused by default. There are generally two ways to fix -this. - -1. Reduce the length sockets remain on the TIME_WAIT queue OR -2. Allow items on the TIME_WAIT queue to be reused. - - -To reduce the TIME_WAIT length in OS X to 3 seconds (3000 milliseconds) - -`sudo sysctl -w net.inet.tcp.msl=3000` - -In Linux - -`sudo sysctl -w net.ipv4.tcp_tw_reuse=1` - -allows reuse of sockets in TIME_WAIT - -`sudo sysctl -w net.ipv4.tcp_tw_recycle=1` - -works but seems to remove sockets from TIME_WAIT entirely? - -`sudo sysctl -w net.ipv4.tcp_fin_timeout=1` - -doen't control TIME_WAIT, it controls FIN_WAIT(2) contrary to some posts - - -# CyaSSL Release 1.4.0 (2/18/2010) - -Release 1.3.0 for CyaSSL adds bug fixes, better multi TLS/SSL version support -through SSLv23_server_method(), and improved documentation in the doc/ folder. - -For general build instructions doc/Building_CyaSSL.pdf. - -# CyaSSL Release 1.3.0 (1/21/2010) - -Release 1.3.0 for CyaSSL adds bug fixes, a potential security problem fix, -better porting support, removal of assert()s, and a complete THREADX port. - -For general build instructions see rc1 below. - -# CyaSSL Release 1.2.0 (11/2/2009) - -Release 1.2.0 for CyaSSL adds bug fixes and session negotiation if first use is -read or write. - -For general build instructions see rc1 below. - -# CyaSSL Release 1.1.0 (9/2/2009) - -Release 1.1.0 for CyaSSL adds bug fixes, a check against malicious session -cache use, support for lighttpd, and TLS 1.2. - -To get TLS 1.2 support please use the client and server functions: - -```c -SSL_METHOD *TLSv1_2_server_method(void); -SSL_METHOD *TLSv1_2_client_method(void); -``` - -CyaSSL was tested against lighttpd 1.4.23. To build CyaSSL for use with -lighttpd use the following commands from the CyaSSL install dir : - -``` -./configure --disable-shared --enable-opensslExtra --enable-fastmath --without-zlib - -make -make openssl-links -``` - -Then to build lighttpd with CyaSSL use the following commands from the -lighttpd install dir: - -``` -./configure --with-openssl --with-openssl-includes=/include --with-openssl-libs=/lib LDFLAGS=-lm - -make -``` - -On some systems you may get a linker error about a duplicate symbol for -MD5_Init or other MD5 calls. This seems to be caused by the lighttpd src file -md5.c, which defines MD5_Init(), and is included in liblightcomp_la-md5.o. -When liblightcomp is linked with the SSL_LIBs the linker may complain about -the duplicate symbol. This can be fixed by editing the lighttpd src file md5.c -and adding this line to the beginning of the file: - -\#if 0 - -and this line to the end of the file - -\#endif - -Then from the lighttpd src dir do a: - -``` -make clean -make -``` - -If you get link errors about undefined symbols more than likely the actual -OpenSSL libraries are found by the linker before the CyaSSL openssl-links that -point to the CyaSSL library, causing the linker confusion. This can be fixed -by editing the Makefile in the lighttpd src directory and changing the line: - -`SSL_LIB = -lssl -lcrypto` - -to - -`SSL_LIB = -lcyassl` - -Then from the lighttpd src dir do a: - -``` -make clean -make -``` - -This should remove any confusion the linker may be having with missing symbols. - -For any questions or concerns please contact support@yassl.com . - -For general build instructions see rc1 below. - -# CyaSSL Release 1.0.6 (8/03/2009) - -Release 1.0.6 for CyaSSL adds bug fixes, an improved session cache, and faster -math with a huge code option. - -The session cache now defaults to a client mode, also good for embedded servers. -For servers not under heavy load (less than 200 new sessions per minute), define -BIG_SESSION_CACHE. If the server will be under heavy load, define -HUGE_SESSION_CACHE. - -There is now a fasthugemath option for configure. This enables fastmath plus -even faster math by greatly increasing the code size of the math library. Use -the benchmark utility to compare public key operations. - - -For general build instructions see rc1 below. - -# CyaSSL Release 1.0.3 (5/10/2009) - -Release 1.0.3 for CyaSSL adds bug fixes and add increased support for OpenSSL -compatibility when building other applications. - -Release 1.0.3 includes an alpha release of DTLS for both client and servers. -This is only for testing purposes at this time. Rebroadcast and reordering -aren't fully implemented at this time but will be for the next release. - -For general build instructions see rc1 below. - -# CyaSSL Release 1.0.2 (4/3/2009) - -Release 1.0.2 for CyaSSL adds bug fixes for a couple I/O issues. Some systems -will send a SIGPIPE on socket recv() at any time and this should be handled by -the application by turning off SIGPIPE through setsockopt() or returning from -the handler. - -Release 1.0.2 includes an alpha release of DTLS for both client and servers. -This is only for testing purposes at this time. Rebroadcast and reordering -aren't fully implemented at this time but will be for the next release. - -For general build instructions see rc1 below. - -## CyaSSL Release Candidate 3 rc3-1.0.0 (2/25/2009) - - -Release Candidate 3 for CyaSSL 1.0.0 adds bug fixes and adds a project file for -iPhone development with Xcode. cyassl-iphone.xcodeproj is located in the root -directory. This release also includes a fix for supporting other -implementations that bundle multiple messages at the record layer, this was -lost when cyassl i/o was re-implemented but is now fixed. - -For general build instructions see rc1 below. - -## CyaSSL Release Candidate 2 rc2-1.0.0 (1/21/2009) - - -Release Candidate 2 for CyaSSL 1.0.0 adds bug fixes and adds two new stream -ciphers along with their respective cipher suites. CyaSSL adds support for -HC-128 and RABBIT stream ciphers. The new suites are: - -``` -TLS_RSA_WITH_HC_128_SHA -TLS_RSA_WITH_RABBIT_SHA -``` - -And the corresponding cipher names are - -``` -HC128-SHA -RABBIT-SHA -``` - -CyaSSL also adds support for building with devkitPro for PPC by changing the -library proper to use libogc. The examples haven't been changed yet but if -there's interest they can be. Here's an example ./configure to build CyaSSL -for devkitPro: - -``` -./configure --disable-shared CC=/pathTo/devkitpro/devkitPPC/bin/powerpc-gekko-gcc --host=ppc --without-zlib --enable-singleThreaded RANLIB=/pathTo/devkitpro/devkitPPC/bin/powerpc-gekko-ranlib CFLAGS="-DDEVKITPRO -DGEKKO" -``` - -For linking purposes you'll need - -`LDFLAGS="-g -mrvl -mcpu=750 -meabi -mhard-float -Wl,-Map,$(notdir $@).map"` - -For general build instructions see rc1 below. - - -## CyaSSL Release Candidate 1 rc1-1.0.0 (12/17/2008) - - -Release Candidate 1 for CyaSSL 1.0.0 contains major internal changes. Several -areas have optimization improvements, less dynamic memory use, and the I/O -strategy has been refactored to allow alternate I/O handling or Library use. -Many thanks to Thierry Fournier for providing these ideas and most of the work. - -Because of these changes, this release is only a candidate since some problems -are probably inevitable on some platform with some I/O use. Please report any -problems and we'll try to resolve them as soon as possible. You can contact us -at support@yassl.com or todd@yassl.com. - -Using TomsFastMath by passing --enable-fastmath to ./configure now uses assembly -on some platforms. This is new so please report any problems as every compiler, -mode, OS combination hasn't been tested. On ia32 all of the registers need to -be available so be sure to pass these options to CFLAGS: - -`CFLAGS="-O3 -fomit-frame-pointer"` - -OS X will also need -mdynamic-no-pic added to CFLAGS - -Also if you're building in shared mode for ia32 you'll need to pass options to -LDFLAGS as well on OS X: - -`LDFLAGS=-Wl,-read_only_relocs,warning` - -This gives warnings for some symbols but seems to work. - - -#### To build on Linux, Solaris, *BSD, Mac OS X, or Cygwin: - - ./configure - make - - from the ./testsuite/ directory run ./testsuite - -#### To make a debug build: - - ./configure --enable-debug --disable-shared - make - - - -#### To build on Win32 - -Choose (Re)Build All from the project workspace - -Run the testsuite program - - - - - -# CyaSSL version 0.9.9 (7/25/2008) - -This release of CyaSSL adds bug fixes, Pre-Shared Keys, over-rideable memory -handling, and optionally TomsFastMath. Thanks to Moisés Guimarães for the -work on TomsFastMath. - -To optionally use TomsFastMath pass --enable-fastmath to ./configure -Or define USE_FAST_MATH in each project from CyaSSL for MSVC. - -Please use the benchmark routine before and after to see the performance -difference, on some platforms the gains will be little but RSA encryption -always seems to be faster. On x86-64 machines with GCC the normal math library -may outperform the fast one when using CFLAGS=-m64 because TomsFastMath can't -yet use -m64 because of GCCs inability to do 128bit division. - - *** UPDATE GCC 4.2.1 can now do 128bit division *** - -See notes below (0.2.0) for complete build instructions. - - -# CyaSSL version 0.9.8 (5/7/2008) - -This release of CyaSSL adds bug fixes, client side Diffie-Hellman, and better -socket handling. - -See notes below (0.2.0) for complete build instructions. - - -# CyaSSL version 0.9.6 (1/31/2008) - -This release of CyaSSL adds bug fixes, increased session management, and a fix -for gnutls. - -See notes below (0.2.0) for complete build instructions. - - -# CyaSSL version 0.9.0 (10/15/2007) - -This release of CyaSSL adds bug fixes, MSVC 2005 support, GCC 4.2 support, -IPV6 support and test, and new test certificates. - -See notes below (0.2.0) for complete build instructions. - - -# CyaSSL version 0.8.0 (1/10/2007) - -This release of CyaSSL adds increased socket support, for non-blocking writes, -connects, and interrupted system calls. - -See notes below (0.2.0) for complete build instructions. - - -# CyaSSL version 0.6.3 (10/30/2006) - -This release of CyaSSL adds debug logging to stderr to aid in the debugging of -CyaSSL on systems that may not provide the best support. - -If CyaSSL is built with debugging support then you need to call -CyaSSL_Debugging_ON() to turn logging on. - -On Unix use ./configure --enable-debug - -On Windows define DEBUG_CYASSL when building CyaSSL - - -To turn logging back off call CyaSSL_Debugging_OFF() - -See notes below (0.2.0) for complete build instructions. - - -# CyaSSL version 0.6.2 (10/29/2006) - -This release of CyaSSL adds TLS 1.1. - -Note that CyaSSL has certificate verification on by default, unlike OpenSSL. -To emulate OpenSSL behavior, you must call SSL_CTX_set_verify() with -SSL_VERIFY_NONE. In order to have full security you should never do this, -provide CyaSSL with the proper certificates to eliminate impostors and call -CyaSSL_check_domain_name() to prevent man in the middle attacks. - -See notes below (0.2.0) for build instructions. - -# CyaSSL version 0.6.0 (10/25/2006) - -This release of CyaSSL adds more SSL functions, better autoconf, nonblocking -I/O for accept, connect, and read. There is now an --enable-small configure -option that turns off TLS, AES, DES3, HMAC, and ERROR_STRINGS, see configure.in -for the defines. Note that TLS requires HMAC and AES requires TLS. - -See notes below (0.2.0) for build instructions. - - -# CyaSSL version 0.5.5 (09/27/2006) - -This mini release of CyaSSL adds better input processing through buffered input -and big message support. Added SSL_pending() and some sanity checks on user -settings. - -See notes below (0.2.0) for build instructions. - - -# CyaSSL version 0.5.0 (03/27/2006) - -This release of CyaSSL adds AES support and minor bug fixes. - -See notes below (0.2.0) for build instructions. - - -# CyaSSL version 0.4.0 (03/15/2006) - -This release of CyaSSL adds TLSv1 client/server support and libtool. - -See notes below for build instructions. - - -# CyaSSL version 0.3.0 (02/26/2006) - -This release of CyaSSL adds SSLv3 server support and session resumption. - -See notes below for build instructions. - - -# CyaSSL version 0.2.0 (02/19/2006) - - -This is the first release of CyaSSL and its crypt brother, CTaoCrypt. CyaSSL -is written in ANSI C with the idea of a small code size, footprint, and memory -usage in mind. CTaoCrypt can be as small as 32K, and the current client -version of CyaSSL can be as small as 12K. - - -The first release of CTaoCrypt supports MD5, SHA-1, 3DES, ARC4, Big Integer -Support, RSA, ASN parsing, and basic x509 (en/de)coding. - -The first release of CyaSSL supports normal client RSA mode SSLv3 connections -with support for SHA-1 and MD5 digests. Ciphers include 3DES and RC4. - - -#### To build on Linux, Solaris, *BSD, Mac OS X, or Cygwin: - - ./configure - make - - from the ./testsuite/ directory run ./testsuite - -#### to make a debug build: - - ./configure --enable-debug --disable-shared - make - - - -#### To build on Win32 - -Choose (Re)Build All from the project workspace - -Run the testsuite program - - - -*** The next release of CyaSSL will support a server and more OpenSSL -compatibility functions. - - -Please send questions or comments to todd@wolfssl.com diff --git a/certs/ca-ecc-cert.der b/certs/ca-ecc-cert.der old mode 100755 new mode 100644 diff --git a/certs/ca-ecc-key.der b/certs/ca-ecc-key.der old mode 100755 new mode 100644 diff --git a/certs/ca-ecc-key.pem b/certs/ca-ecc-key.pem old mode 100755 new mode 100644 diff --git a/certs/ca-ecc384-cert.der b/certs/ca-ecc384-cert.der old mode 100755 new mode 100644 diff --git a/certs/ca-ecc384-key.der b/certs/ca-ecc384-key.der old mode 100755 new mode 100644 diff --git a/certs/ca-ecc384-key.pem b/certs/ca-ecc384-key.pem old mode 100755 new mode 100644 diff --git a/certs/crl/server-goodaltCrl.pem b/certs/crl/server-goodaltCrl.pem new file mode 100644 index 0000000000..1a2a082a4c --- /dev/null +++ b/certs/crl/server-goodaltCrl.pem @@ -0,0 +1,38 @@ +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/ST=Montana/L=Bozeman/OU=Engineering/CN=www.nomatch.com/emailAddress=info@wolfssl.com + Last Update: Jun 13 16:02:51 2018 GMT + Next Update: Mar 9 16:02:51 2021 GMT + CRL extensions: + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 60:64:8d:80:20:c1:5e:48:cc:61:ba:31:b1:59:13:21:8c:d0: + ff:a3:ed:70:b0:ba:04:67:df:bb:f0:aa:db:71:85:2d:c3:ae: + ab:79:a0:83:68:df:70:f5:85:1a:8e:7c:6d:91:89:a3:af:ae: + 4f:72:05:37:d9:aa:76:a5:86:10:0a:89:7a:d9:06:6a:6b:43: + 51:8c:b3:ce:28:79:0c:70:d0:9a:f7:89:a5:ff:5f:4a:08:2f: + ca:3c:83:3e:d2:74:c1:02:37:f9:5d:e8:10:d2:7a:d1:df:b7: + 13:40:34:2c:c5:61:71:d7:24:79:46:26:f7:b7:6f:b5:05:8a: + 96:d6:a8:89:73:e6:ac:5b:96:df:be:08:6d:2b:2e:da:00:c8: + dc:11:54:c2:b9:f5:80:21:79:98:12:5d:91:bb:54:61:d8:d0: + c1:42:3d:9c:24:d5:11:0e:33:ea:3e:84:66:6e:65:2c:59:c5: + c9:b8:7b:e8:b3:ce:fc:66:d8:cc:68:98:55:9a:ff:54:fe:b0: + 74:1f:d7:cc:af:f8:76:b9:ed:cf:46:07:2e:74:0e:50:b9:e9: + 46:28:22:82:d7:2b:3c:81:81:e8:12:f1:5c:6e:88:ac:c7:c5: + 3c:1d:46:95:ff:9e:fe:7f:38:6c:a6:4d:ac:75:86:d4:4c:8a: + 75:e9:a2:88 +-----BEGIN X509 CRL----- +MIIB3DCBxQIBATANBgkqhkiG9w0BAQUFADCBgjELMAkGA1UEBhMCVVMxEDAOBgNV +BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFDASBgNVBAsMC0VuZ2luZWVy +aW5nMRgwFgYDVQQDDA93d3cubm9tYXRjaC5jb20xHzAdBgkqhkiG9w0BCQEWEGlu +Zm9Ad29sZnNzbC5jb20XDTE4MDYxMzE2MDI1MVoXDTIxMDMwOTE2MDI1MVqgDjAM +MAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4IBAQBgZI2AIMFeSMxhujGxWRMh +jND/o+1wsLoEZ9+78KrbcYUtw66reaCDaN9w9YUajnxtkYmjr65PcgU32ap2pYYQ +Col62QZqa0NRjLPOKHkMcNCa94ml/19KCC/KPIM+0nTBAjf5XegQ0nrR37cTQDQs +xWFx1yR5Rib3t2+1BYqW1qiJc+asW5bfvghtKy7aAMjcEVTCufWAIXmYEl2Ru1Rh +2NDBQj2cJNURDjPqPoRmbmUsWcXJuHvos878ZtjMaJhVmv9U/rB0H9fMr/h2ue3P +RgcudA5QuelGKCKC1ys8gYHoEvFcboisx8U8HUaV/57+fzhspk2sdYbUTIp16aKI +-----END X509 CRL----- diff --git a/certs/crl/server-goodaltwildCrl.pem b/certs/crl/server-goodaltwildCrl.pem new file mode 100644 index 0000000000..a79341530f --- /dev/null +++ b/certs/crl/server-goodaltwildCrl.pem @@ -0,0 +1,38 @@ +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/ST=Montana/L=Bozeman/OU=Engineering/CN=www.nomatch.com/emailAddress=info@wolfssl.com + Last Update: Jun 12 23:10:47 2018 GMT + Next Update: Mar 8 23:10:47 2021 GMT + CRL extensions: + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 16:c2:f1:59:3a:bb:50:6c:b0:f8:c4:e8:29:ac:cc:33:a7:e8: + bb:12:88:0b:9b:a0:2f:bf:39:d7:97:c9:9c:17:60:e5:31:5f: + 9f:5d:ce:70:ff:1e:aa:6f:5a:72:8c:29:a3:70:3a:bb:33:e5: + 2a:c8:61:03:96:3e:96:81:7c:fb:0d:5c:b7:67:b0:44:90:a7: + 24:63:9b:df:80:ec:8c:3a:0b:8c:16:2e:09:09:9e:fd:f8:0d: + fa:a5:63:a3:d4:6a:28:10:ab:57:3a:59:e7:1f:84:e5:30:ad: + 17:fd:f7:15:c2:75:e8:18:46:c3:5d:2c:4e:6f:ec:bd:8c:fa: + 8f:00:9e:4a:1c:c3:0d:cf:2e:24:9a:fc:13:9c:76:91:ac:e0: + 87:dd:fa:37:7a:24:72:35:1a:97:56:2f:13:0e:75:11:cd:e2: + 41:dd:12:b0:63:2f:01:52:af:dd:63:5d:59:7c:16:ed:a4:bb: + 89:d2:42:27:7f:69:c5:09:0c:db:8a:d7:0e:4b:70:ea:1f:17: + 68:a5:ac:86:66:25:1c:d4:89:47:8e:64:4f:08:30:35:5e:69: + 11:53:21:e9:c6:bd:16:ec:84:51:69:2b:bd:4a:de:65:f1:be: + 5d:32:b2:fd:85:0d:d0:47:60:c0:fc:56:d8:d6:7e:05:d2:ac: + 0c:44:1f:c7 +-----BEGIN X509 CRL----- +MIIB3DCBxQIBATANBgkqhkiG9w0BAQUFADCBgjELMAkGA1UEBhMCVVMxEDAOBgNV +BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFDASBgNVBAsMC0VuZ2luZWVy +aW5nMRgwFgYDVQQDDA93d3cubm9tYXRjaC5jb20xHzAdBgkqhkiG9w0BCQEWEGlu +Zm9Ad29sZnNzbC5jb20XDTE4MDYxMjIzMTA0N1oXDTIxMDMwODIzMTA0N1qgDjAM +MAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4IBAQAWwvFZOrtQbLD4xOgprMwz +p+i7EogLm6AvvznXl8mcF2DlMV+fXc5w/x6qb1pyjCmjcDq7M+UqyGEDlj6WgXz7 +DVy3Z7BEkKckY5vfgOyMOguMFi4JCZ79+A36pWOj1GooEKtXOlnnH4TlMK0X/fcV +wnXoGEbDXSxOb+y9jPqPAJ5KHMMNzy4kmvwTnHaRrOCH3fo3eiRyNRqXVi8TDnUR +zeJB3RKwYy8BUq/dY11ZfBbtpLuJ0kInf2nFCQzbitcOS3DqHxdopayGZiUc1IlH +jmRPCDA1XmkRUyHpxr0W7IRRaSu9St5l8b5dMrL9hQ3QR2DA/FbY1n4F0qwMRB/H +-----END X509 CRL----- diff --git a/certs/crl/server-goodcnCrl.pem b/certs/crl/server-goodcnCrl.pem new file mode 100644 index 0000000000..9ebfb08383 --- /dev/null +++ b/certs/crl/server-goodcnCrl.pem @@ -0,0 +1,38 @@ +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/ST=Montana/L=Bozeman/OU=Engineering/CN=localhost/emailAddress=info@wolfssl.com + Last Update: Jun 13 16:02:51 2018 GMT + Next Update: Mar 9 16:02:51 2021 GMT + CRL extensions: + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + b9:a1:1b:20:dd:23:b2:20:e4:b5:97:84:21:44:e6:f1:98:0b: + 6b:30:22:d2:85:8e:11:19:17:e9:8a:0c:4d:cd:12:61:b0:a1: + 62:a0:4a:58:05:e2:b7:ba:50:86:41:8e:46:ae:c5:8a:36:7c: + c8:ea:94:f3:30:53:46:2b:0f:1c:b3:d0:01:f1:ad:47:e1:a8: + 18:65:e1:b2:32:8d:4d:31:32:f3:54:92:39:e3:f2:cc:2d:a1: + 90:f2:51:79:69:c7:f8:28:ac:53:a9:c2:49:a7:d3:b7:cc:cb: + ac:6f:7d:d5:e5:8e:a1:8f:a6:51:8a:e9:b2:43:e6:5b:7e:e8: + dd:19:a0:00:ba:a3:71:ce:33:a2:bb:77:9c:6d:75:89:fd:1a: + 19:da:0a:b4:6a:12:36:e9:cf:e3:83:e1:33:be:41:5b:72:45: + 21:11:69:90:aa:72:f7:09:50:cb:d2:d5:df:63:da:7d:0b:29: + 5e:c1:cf:cc:d5:11:07:40:92:04:6a:3b:8e:0a:7a:5f:12:f3: + 36:d5:fd:af:84:5f:4c:bd:a1:b4:b1:f4:db:d1:03:5a:38:22: + bc:17:7a:ff:39:78:4a:c0:c7:b3:f3:3c:02:84:cd:93:30:5b: + aa:94:11:32:b8:6f:d3:54:7f:16:e8:b4:d7:54:1b:65:2e:7b: + d1:70:bb:e9 +-----BEGIN X509 CRL----- +MIIB1TCBvgIBATANBgkqhkiG9w0BAQUFADB8MQswCQYDVQQGEwJVUzEQMA4GA1UE +CAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEUMBIGA1UECwwLRW5naW5lZXJp +bmcxEjAQBgNVBAMMCWxvY2FsaG9zdDEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xm +c3NsLmNvbRcNMTgwNjEzMTYwMjUxWhcNMjEwMzA5MTYwMjUxWqAOMAwwCgYDVR0U +BAMCAQEwDQYJKoZIhvcNAQEFBQADggEBALmhGyDdI7Ig5LWXhCFE5vGYC2swItKF +jhEZF+mKDE3NEmGwoWKgSlgF4re6UIZBjkauxYo2fMjqlPMwU0YrDxyz0AHxrUfh +qBhl4bIyjU0xMvNUkjnj8swtoZDyUXlpx/gorFOpwkmn07fMy6xvfdXljqGPplGK +6bJD5lt+6N0ZoAC6o3HOM6K7d5xtdYn9GhnaCrRqEjbpz+OD4TO+QVtyRSERaZCq +cvcJUMvS1d9j2n0LKV7Bz8zVEQdAkgRqO44Kel8S8zbV/a+EX0y9obSx9NvRA1o4 +IrwXev85eErAx7PzPAKEzZMwW6qUETK4b9NUfxbotNdUG2Uue9Fwu+k= +-----END X509 CRL----- diff --git a/certs/crl/server-goodcnwildCrl.pem b/certs/crl/server-goodcnwildCrl.pem new file mode 100644 index 0000000000..fb72e1d53a --- /dev/null +++ b/certs/crl/server-goodcnwildCrl.pem @@ -0,0 +1,38 @@ +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/ST=Montana/L=Bozeman/OU=Engineering/CN=*localhost/emailAddress=info@wolfssl.com + Last Update: Jun 12 23:10:47 2018 GMT + Next Update: Mar 8 23:10:47 2021 GMT + CRL extensions: + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 79:7e:bd:34:d2:3d:f5:91:b1:79:de:50:c2:26:d5:8e:05:f7: + 30:26:bd:2f:dd:6a:a1:cf:15:91:fd:95:30:a7:04:5a:65:33: + e4:fb:63:79:dd:6e:63:bd:d1:55:bd:c8:22:3c:c2:6a:40:38: + 75:85:6a:e1:24:a3:99:e3:13:30:c2:cb:15:cc:50:4b:03:87: + b8:90:9c:e8:95:2a:62:1f:ed:33:30:a8:04:9f:67:b7:4c:bd: + 31:b3:19:59:18:9c:6d:64:c2:22:d4:8d:8e:7e:98:c2:39:b0: + 28:35:ed:8f:37:6b:03:57:3b:ef:e8:28:26:8a:f0:de:8a:21: + e8:c3:d9:68:2e:ee:cb:cb:89:4f:af:4d:37:ad:98:64:38:6e: + d8:87:fb:3b:0b:b6:a5:58:da:5e:f2:81:a1:18:90:d6:1b:f7: + 8a:1b:11:3a:6d:55:0c:09:4d:cd:ea:43:01:a4:92:05:50:7e: + b4:1a:8f:54:b2:cb:4c:94:09:e0:85:cc:29:22:e4:5b:29:ee: + 65:91:e3:4a:f9:64:19:40:25:17:27:a1:91:2b:2e:18:6d:2a: + 26:9a:e3:82:05:a6:0b:67:24:a1:dc:d4:29:ad:47:f0:89:28: + 65:da:fe:fc:62:86:47:05:51:54:08:dc:b3:e5:99:48:d6:da: + 52:be:85:7c +-----BEGIN X509 CRL----- +MIIB1jCBvwIBATANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJVUzEQMA4GA1UE +CAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEUMBIGA1UECwwLRW5naW5lZXJp +bmcxEzARBgNVBAMMCipsb2NhbGhvc3QxHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29s +ZnNzbC5jb20XDTE4MDYxMjIzMTA0N1oXDTIxMDMwODIzMTA0N1qgDjAMMAoGA1Ud +FAQDAgEBMA0GCSqGSIb3DQEBBQUAA4IBAQB5fr000j31kbF53lDCJtWOBfcwJr0v +3WqhzxWR/ZUwpwRaZTPk+2N53W5jvdFVvcgiPMJqQDh1hWrhJKOZ4xMwwssVzFBL +A4e4kJzolSpiH+0zMKgEn2e3TL0xsxlZGJxtZMIi1I2OfpjCObAoNe2PN2sDVzvv +6CgmivDeiiHow9loLu7Ly4lPr003rZhkOG7Yh/s7C7alWNpe8oGhGJDWG/eKGxE6 +bVUMCU3N6kMBpJIFUH60Go9UsstMlAnghcwpIuRbKe5lkeNK+WQZQCUXJ6GRKy4Y +bSommuOCBaYLZySh3NQprUfwiShl2v78YoZHBVFUCNyz5ZlI1tpSvoV8 +-----END X509 CRL----- diff --git a/certs/ed25519/ca-ed25519-priv.der b/certs/ed25519/ca-ed25519-priv.der new file mode 100644 index 0000000000..1618c73b2c Binary files /dev/null and b/certs/ed25519/ca-ed25519-priv.der differ diff --git a/certs/ed25519/ca-ed25519-priv.pem b/certs/ed25519/ca-ed25519-priv.pem new file mode 100644 index 0000000000..7edc455eb9 --- /dev/null +++ b/certs/ed25519/ca-ed25519-priv.pem @@ -0,0 +1,3 @@ +-----BEGIN PRIVATE KEY----- +MC4CAQAwBQYDK2VwBCIEIALLg+oVSN6eOx+rCjIui2cYL3VyBkk2pWBdv1+JXJBy +-----END PRIVATE KEY----- diff --git a/certs/ed25519/client-ed25519-priv.der b/certs/ed25519/client-ed25519-priv.der index e5a27a4117..6ca194a933 100644 Binary files a/certs/ed25519/client-ed25519-priv.der and b/certs/ed25519/client-ed25519-priv.der differ diff --git a/certs/ed25519/client-ed25519-priv.pem b/certs/ed25519/client-ed25519-priv.pem index 22f1d7de5a..0104b1620b 100644 --- a/certs/ed25519/client-ed25519-priv.pem +++ b/certs/ed25519/client-ed25519-priv.pem @@ -1,3 +1,3 @@ -----BEGIN PRIVATE KEY----- -MC4CAQAwBQYDK2VwBCIEIBGdNYxa3ommO8aYO1oGaGSRQBqDYB0sKOdR3bqejqIQ +MC4CAQAwBQYDK2VwBCIEICejNCo11Lu44dzY7A/BoNGiXPkG8ERdO5dNvd9KO6NO -----END PRIVATE KEY----- diff --git a/certs/ed25519/gen-ed25519.sh b/certs/ed25519/gen-ed25519.sh index 5bf72adc45..87aa71a420 100755 --- a/certs/ed25519/gen-ed25519.sh +++ b/certs/ed25519/gen-ed25519.sh @@ -16,3 +16,17 @@ popd mv ${EXAMPLE}/*.pem . mv ${EXAMPLE}/*.der . +convert() { + echo -en "\x30\x2e" > ${NAME}-ed25519-priv.der + head -c 48 ${NAME}-ed25519-key.der | tail -c 46 >> ${NAME}-ed25519-priv.der + + echo "-----BEGIN PRIVATE KEY-----" > ${NAME}-ed25519-priv.pem + openssl base64 -in ${NAME}-ed25519-priv.der >> ${NAME}-ed25519-priv.pem + echo "-----END PRIVATE KEY-----" >> ${NAME}-ed25519-priv.pem +} + +NAME=server convert +NAME=client convert +NAME=root convert +NAME=ca convert + diff --git a/certs/ed25519/include.am b/certs/ed25519/include.am new file mode 100644 index 0000000000..3bd79c6d12 --- /dev/null +++ b/certs/ed25519/include.am @@ -0,0 +1,29 @@ +# vim:ft=automake +# All paths should be given relative to the root +# + +EXTRA_DIST += \ + certs/ed25519/ca-ed25519.der \ + certs/ed25519/ca-ed25519.pem \ + certs/ed25519/ca-ed25519-key.der \ + certs/ed25519/ca-ed25519-key.pem \ + certs/ed25519/ca-ed25519-priv.der \ + certs/ed25519/ca-ed25519-priv.pem \ + certs/ed25519/client-ed25519.der \ + certs/ed25519/client-ed25519.pem \ + certs/ed25519/client-ed25519-key.der \ + certs/ed25519/client-ed25519-key.pem \ + certs/ed25519/client-ed25519-priv.der \ + certs/ed25519/client-ed25519-priv.pem \ + certs/ed25519/root-ed25519.der \ + certs/ed25519/root-ed25519.pem \ + certs/ed25519/root-ed25519-key.der \ + certs/ed25519/root-ed25519-key.pem \ + certs/ed25519/root-ed25519-priv.der \ + certs/ed25519/root-ed25519-priv.pem \ + certs/ed25519/server-ed25519.der \ + certs/ed25519/server-ed25519.pem \ + certs/ed25519/server-ed25519-key.der \ + certs/ed25519/server-ed25519-key.pem \ + certs/ed25519/server-ed25519-priv.der \ + certs/ed25519/server-ed25519-priv.pem diff --git a/certs/ed25519/root-ed25519-priv.der b/certs/ed25519/root-ed25519-priv.der new file mode 100644 index 0000000000..6ca194a933 Binary files /dev/null and b/certs/ed25519/root-ed25519-priv.der differ diff --git a/certs/ed25519/root-ed25519-priv.pem b/certs/ed25519/root-ed25519-priv.pem new file mode 100644 index 0000000000..0104b1620b --- /dev/null +++ b/certs/ed25519/root-ed25519-priv.pem @@ -0,0 +1,3 @@ +-----BEGIN PRIVATE KEY----- +MC4CAQAwBQYDK2VwBCIEICejNCo11Lu44dzY7A/BoNGiXPkG8ERdO5dNvd9KO6NO +-----END PRIVATE KEY----- diff --git a/certs/ed25519/server-ed25519-priv.der b/certs/ed25519/server-ed25519-priv.der index a157ffd09c..2245c976d7 100644 Binary files a/certs/ed25519/server-ed25519-priv.der and b/certs/ed25519/server-ed25519-priv.der differ diff --git a/certs/ed25519/server-ed25519-priv.pem b/certs/ed25519/server-ed25519-priv.pem index 6f1e1312fe..86b0d2843a 100644 --- a/certs/ed25519/server-ed25519-priv.pem +++ b/certs/ed25519/server-ed25519-priv.pem @@ -1,3 +1,3 @@ -----BEGIN PRIVATE KEY----- -MC4CAQAwBQYDK2VwBCIEINjpdrI/H/eIdfXd+HrGSTBu6Z/LnR4rwBjvu3WJ5ndn +MC4CAQAwBQYDK2VwBCIEIAIvxf+6jtDSvwOOdo/IhoBxh5cx4kCs37uQFVJuJKE5 -----END PRIVATE KEY----- diff --git a/certs/external/include.am b/certs/external/include.am index 4f242068bb..05bf839682 100644 --- a/certs/external/include.am +++ b/certs/external/include.am @@ -4,4 +4,5 @@ EXTRA_DIST += \ certs/external/ca-globalsign-root-r3.pem \ + certs/external/ca-digicert-ev.pem \ certs/external/baltimore-cybertrust-root.pem diff --git a/certs/include.am b/certs/include.am old mode 100755 new mode 100644 index 7a227aa95b..4964f59de9 --- a/certs/include.am +++ b/certs/include.am @@ -8,6 +8,8 @@ EXTRA_DIST += \ certs/client-cert.pem \ certs/client-keyEnc.pem \ certs/client-key.pem \ + certs/client-uri-cert.pem \ + certs/client-relative-uri.pem \ certs/ecc-key.pem \ certs/ecc-privkey.pem \ certs/ecc-keyPkcs8Enc.pem \ @@ -63,27 +65,6 @@ EXTRA_DIST += \ certs/server-ecc-self.der \ certs/server-ecc-rsa.der \ certs/server-cert-chain.der -EXTRA_DIST += \ - certs/ed25519/ca-ed25519.der \ - certs/ed25519/ca-ed25519-key.der \ - certs/ed25519/ca-ed25519-key.pem \ - certs/ed25519/ca-ed25519.pem \ - certs/ed25519/client-ed25519.der \ - certs/ed25519/client-ed25519-key.der \ - certs/ed25519/client-ed25519-key.pem \ - certs/ed25519/client-ed25519.pem \ - certs/ed25519/client-ed25519-priv.pem \ - certs/ed25519/client-ed25519-priv.pem \ - certs/ed25519/root-ed25519.der \ - certs/ed25519/root-ed25519-key.der \ - certs/ed25519/root-ed25519-key.pem \ - certs/ed25519/root-ed25519.pem \ - certs/ed25519/server-ed25519.der \ - certs/ed25519/server-ed25519-key.der \ - certs/ed25519/server-ed25519-key.pem \ - certs/ed25519/server-ed25519.pem \ - certs/ed25519/server-ed25519-priv.der \ - certs/ed25519/server-ed25519-priv.pem # ECC CA prime256v1 EXTRA_DIST += \ @@ -103,7 +84,11 @@ dist_doc_DATA+= certs/taoCert.txt EXTRA_DIST+= certs/ntru-key.raw +include certs/1024/include.am +include certs/crl/include.am +include certs/ecc/include.am +include certs/ed25519/include.am +include certs/external/include.am +include certs/ocsp/include.am include certs/test/include.am include certs/test-pathlen/include.am -include certs/test/include.am -include certs/ecc/include.am diff --git a/certs/server-ecc.der b/certs/server-ecc.der old mode 100755 new mode 100644 diff --git a/certs/test/gen-testcerts.sh b/certs/test/gen-testcerts.sh index f51942597e..634b621661 100755 --- a/certs/test/gen-testcerts.sh +++ b/certs/test/gen-testcerts.sh @@ -1,43 +1,97 @@ #!/bin/sh -# Generate CN=localhost, AltName=localhost\0h -echo "step 1 create key" -openssl genrsa -out server-badaltnamenull.key 2048 +# Args: 1=FileName, 2=CN, 3=AltName +function build_test_cert_conf { + echo "[ req ]" > $1.conf + echo "prompt = no" >> $1.conf + echo "default_bits = 2048" >> $1.conf + echo "distinguished_name = req_distinguished_name" >> $1.conf + echo "req_extensions = req_ext" >> $1.conf + echo "" >> $1.conf + echo "[ req_distinguished_name ]" >> $1.conf + echo "C = US" >> $1.conf + echo "ST = Montana" >> $1.conf + echo "L = Bozeman" >> $1.conf + echo "OU = Engineering" >> $1.conf + echo "CN = $2" >> $1.conf + echo "emailAddress = info@wolfssl.com" >> $1.conf + echo "" >> $1.conf + echo "[ req_ext ]" >> $1.conf + if [ -n "$3" ]; then + if [[ "$3" != *"DER"* ]]; then + echo "subjectAltName = @alt_names" >> $1.conf + echo "[alt_names]" >> $1.conf + echo "DNS.1 = $3" >> $1.conf + else + echo "subjectAltName = $3" >> $1.conf + fi + fi +} -echo "step 2 create csr" -echo "US\nMontana\nBozeman\nEngineering\nlocalhost\n.\n" | openssl req -new -sha256 -out server-badaltnamenull.csr -key server-badaltnamenull.key -config server-badaltnamenull.conf +# Args: 1=FileName +function generate_test_cert { + rm $1.der + rm $1.pem -echo "step 3 check csr" -openssl req -text -noout -in server-badaltnamenull.csr + echo "step 1 create configuration" + build_test_cert_conf $1 $2 $3 -echo "step 4 create cert" -openssl x509 -req -days 1000 -in server-badaltnamenull.csr -signkey server-badaltnamenull.key \ - -out server-badaltnamenull.pem -extensions req_ext -extfile server-badaltnamenull.conf + echo "step 2 create csr" + openssl req -new -sha256 -out $1.csr -key ../server-key.pem -config $1.conf -echo "step 5 make human reviewable" -openssl x509 -inform pem -in server-badaltnamenull.pem -text > tmp.pem -mv tmp.pem server-badaltnamenull.pem + echo "step 3 check csr" + openssl req -text -noout -in $1.csr -openssl x509 -inform pem -in server-badaltnamenull.pem -outform der -out server-badaltnamenull.der + echo "step 4 create cert" + openssl x509 -req -days 1000 -sha256 -in $1.csr -signkey ../server-key.pem \ + -out $1.pem -extensions req_ext -extfile $1.conf + rm $1.conf + rm $1.csr + + if [ -n "$4" ]; then + echo "step 5 generate crl" + mkdir ../crl/demoCA + touch ../crl/demoCA/index.txt + echo "01" > ../crl/crlnumber + openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out crl.revoked -keyfile ../server-key.pem -cert $1.pem + rm ../crl/$1Crl.pem + openssl crl -in crl.revoked -text > tmp.pem + mv tmp.pem ../crl/$1Crl.pem + rm crl.revoked + rm -rf ../crl/demoCA + rm ../crl/crlnumber* + fi + + echo "step 6 add cert text information to pem" + openssl x509 -inform pem -in $1.pem -text > tmp.pem + mv tmp.pem $1.pem + + echo "step 7 make binary der version" + openssl x509 -inform pem -in $1.pem -outform der -out $1.der +} -# Generate CN=www.nomatch.com, no AltName -echo "step 1 create key" -openssl genrsa -out server-nomatch.key 2048 +# Generate Good CN=localhost, Alt=None +generate_test_cert server-goodcn localhost "" 1 -echo "step 2 create csr" -echo "US\nMontana\nBozeman\nEngineering\nwww.nomatch.com\n.\n" | openssl req -new -sha256 -out server-nomatch.csr -key server-nomatch.key -config server-nomatch.conf +# Generate Good CN=www.nomatch.com, Alt=localhost +generate_test_cert server-goodalt www.nomatch.com localhost 1 -echo "step 3 check csr" -openssl req -text -noout -in server-nomatch.csr +# Generate Good CN=*localhost, Alt=None +generate_test_cert server-goodcnwild *localhost "" 1 -echo "step 4 create cert" -openssl x509 -req -days 1000 -in server-nomatch.csr -signkey server-nomatch.key \ - -out server-nomatch.pem -extensions req_ext -extfile server-nomatch.conf +# Generate Good CN=www.nomatch.com, Alt=*localhost +generate_test_cert server-goodaltwild www.nomatch.com *localhost 1 -echo "step 5 make human reviewable" -openssl x509 -inform pem -in server-nomatch.pem -text > tmp.pem -mv tmp.pem server-nomatch.pem +# Generate Bad CN=localhost\0h, Alt=None +# DG: Have not found a way to properly encode null in common name +generate_test_cert server-badcnnull DER:30:0d:82:0b:6c:6f:63:61:6c:68:6f:73:74:00:68 -openssl x509 -inform pem -in server-nomatch.pem -outform der -out server-nomatch.der +# Generate Bad Name CN=www.nomatch.com, Alt=None +generate_test_cert server-badcn www.nomatch.com +# Generate Bad Alt CN=www.nomatch.com, Alt=localhost\0h +generate_test_cert server-badaltnull www.nomatch.com DER:30:0d:82:0b:6c:6f:63:61:6c:68:6f:73:74:00:68 + +# Generate Bad Alt Name CN=www.nomatch.com, Alt=www.nomatch.com +generate_test_cert server-badaltname www.nomatch.com www.nomatch.com diff --git a/certs/test/include.am b/certs/test/include.am index f62e970842..fd8bc9e1f0 100644 --- a/certs/test/include.am +++ b/certs/test/include.am @@ -20,13 +20,35 @@ EXTRA_DIST += \ EXTRA_DIST += \ certs/test/gen-testcerts.sh \ - certs/test/server-badaltnamenull.conf \ - certs/test/server-badaltnamenull.csr \ - certs/test/server-badaltnamenull.key \ - certs/test/server-badaltnamenull.pem \ - certs/test/server-badaltnamenull.der \ - certs/test/server-nomatch.conf \ - certs/test/server-nomatch.csr \ - certs/test/server-nomatch.key \ - certs/test/server-nomatch.pem \ - certs/test/server-nomatch.der + certs/test/server-goodcn.pem \ + certs/test/server-goodcn.der \ + certs/test/server-goodalt.pem \ + certs/test/server-goodalt.der \ + certs/test/server-goodcnwild.pem \ + certs/test/server-goodcnwild.der \ + certs/test/server-goodaltwild.pem \ + certs/test/server-goodaltwild.der \ + certs/test/server-badcnnull.pem \ + certs/test/server-badcnnull.der \ + certs/test/server-badcn.pem \ + certs/test/server-badcn.der \ + certs/test/server-badaltnull.pem \ + certs/test/server-badaltnull.der \ + certs/test/server-badaltname.der \ + certs/test/server-badaltname.pem \ + certs/crl/server-goodaltCrl.pem \ + certs/crl/server-goodcnCrl.pem \ + certs/crl/server-goodaltwildCrl.pem \ + certs/crl/server-goodcnwildCrl.pem + +EXTRA_DIST += \ + certs/test/crit-cert.pem \ + certs/test/crit-key.pem \ + certs/test/dh1024.der \ + certs/test/dh1024.pem \ + certs/test/dh512.der \ + certs/test/dh512.pem \ + certs/test/digsigku.pem \ + certs/test/expired-ca.pem \ + certs/test/expired-cert.pem \ + certs/test/expired-key.pem diff --git a/certs/test/server-badaltname.der b/certs/test/server-badaltname.der new file mode 100644 index 0000000000..9abc5d65e8 Binary files /dev/null and b/certs/test/server-badaltname.der differ diff --git a/certs/test/server-badaltname.pem b/certs/test/server-badaltname.pem new file mode 100644 index 0000000000..5d4026e5ba --- /dev/null +++ b/certs/test/server-badaltname.pem @@ -0,0 +1,74 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 18173611275853114373 (0xfc35a32adf422c05) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=www.nomatch.com/emailAddress=info@wolfssl.com + Validity + Not Before: Jun 12 23:10:48 2018 GMT + Not After : Mar 8 23:10:48 2021 GMT + Subject: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=www.nomatch.com/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27: + 01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6: + f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75: + f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab: + 64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e: + 86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25: + 4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c: + 34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6: + 8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc: + 40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8: + dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3: + e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9: + 64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0: + c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77: + ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4: + b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22: + a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f: + ad:d7 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Alternative Name: + DNS:www.nomatch.com + Signature Algorithm: sha256WithRSAEncryption + 50:71:b9:85:03:6e:8b:65:4e:55:8e:36:c6:e6:41:9b:ff:06: + 23:e1:11:6f:a0:98:ab:45:da:31:77:f3:85:c7:3e:60:79:f6: + 1d:20:52:72:72:d4:e1:67:a7:53:9d:c2:3a:2e:ab:99:a8:3a: + 43:3f:77:bb:69:46:94:79:b4:7c:29:63:a0:ae:8d:8e:e3:e8: + 60:77:71:a2:c2:df:bd:d2:19:06:40:c0:7e:88:5c:9c:ec:f8: + 31:4d:d5:ac:19:a4:cc:08:49:69:47:02:19:50:64:12:01:bd: + c0:57:62:f9:c7:b1:3b:b4:b2:2f:a3:0c:27:92:ba:56:0d:83: + 7e:fd:d7:7e:60:82:cd:39:06:70:4b:11:89:c9:1b:7d:a4:47: + b3:fe:66:5a:4c:d7:99:32:44:e3:0a:fc:6c:18:7b:9e:0c:52: + bc:73:67:a8:d8:b9:74:7c:fd:4e:c8:ba:93:6e:1d:79:51:ac: + 48:51:78:c6:63:bf:24:2b:25:a2:2f:ca:c2:4a:74:46:82:43: + b9:0a:fb:13:07:29:16:a4:22:ae:f2:52:2d:7f:f7:9b:70:29: + 8a:2b:9f:3c:d7:07:bf:3d:41:83:02:05:90:39:85:be:f9:c4: + 63:fd:e9:6f:8f:ea:27:89:9a:8d:90:1f:8e:8d:46:ab:c9:c2: + 77:f8:d5:29 +-----BEGIN CERTIFICATE----- +MIIDpzCCAo+gAwIBAgIJAPw1oyrfQiwFMA0GCSqGSIb3DQEBCwUAMIGCMQswCQYD +VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEUMBIG +A1UECwwLRW5naW5lZXJpbmcxGDAWBgNVBAMMD3d3dy5ub21hdGNoLmNvbTEfMB0G +CSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0xODA2MTIyMzEwNDhaFw0y +MTAzMDgyMzEwNDhaMIGCMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQ +MA4GA1UEBwwHQm96ZW1hbjEUMBIGA1UECwwLRW5naW5lZXJpbmcxGDAWBgNVBAMM +D3d3dy5ub21hdGNoLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNv +bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMCVCOFXQfJxbbfSRUEn +AWXGRa7yvCQwuJXOL07W9hyIvHyf+6hnf/5cnFF194rKB+c1L4/hvXvAL3yrZKgX +/Mpde7rgIeVyLm8uhtiVc9qsG1O5Xz/XGQ0lT+FjY1GLC2Q/rUO4pRxcNLOuAKBj +xfZ/C1loeHOmjBipAm2vwxkBLrgQ48bMQLRpo0YzaYduxLsXpvPo3a1zvHsvIbX9 +ZlEMvVSz4W1fHLwjc9EJA4kU0hC5ZMMq0KGWSrzh1Bpbx6DAwWN4D0Q3MDKWgDIj +laF3uhPSl3PiXSXJag3DOWCktLBpQkIJ6dgIvDMgs1gip6rrxOHmYYPF0pbf2dBP +rdcCAwEAAaMeMBwwGgYDVR0RBBMwEYIPd3d3Lm5vbWF0Y2guY29tMA0GCSqGSIb3 +DQEBCwUAA4IBAQBQcbmFA26LZU5VjjbG5kGb/wYj4RFvoJirRdoxd/OFxz5gefYd +IFJyctThZ6dTncI6LquZqDpDP3e7aUaUebR8KWOgro2O4+hgd3Giwt+90hkGQMB+ +iFyc7PgxTdWsGaTMCElpRwIZUGQSAb3AV2L5x7E7tLIvowwnkrpWDYN+/dd+YILN +OQZwSxGJyRt9pEez/mZaTNeZMkTjCvxsGHueDFK8c2eo2Ll0fP1OyLqTbh15UaxI +UXjGY78kKyWiL8rCSnRGgkO5CvsTBykWpCKu8lItf/ebcCmKK5881we/PUGDAgWQ +OYW++cRj/elvj+oniZqNkB+OjUarycJ3+NUp +-----END CERTIFICATE----- diff --git a/certs/test/server-badaltnamenull.conf b/certs/test/server-badaltnamenull.conf deleted file mode 100644 index cfca7b7e17..0000000000 --- a/certs/test/server-badaltnamenull.conf +++ /dev/null @@ -1,17 +0,0 @@ -[ req ] -default_bits = 2048 -distinguished_name = req_distinguished_name -req_extensions = req_ext - -[ req_distinguished_name ] -countryName = US -stateOrProvinceName = Montana -localityName = Bozeman -organizationName = Engineering -commonName = www.wolfssl.com -commonName_max = 64 -commonName_default = localhost - -[ req_ext ] -#subjectAltName = localhost\0h -subjectAltName = DER:30:0d:82:0b:6c:6f:63:61:6c:68:6f:73:74:00:68 diff --git a/certs/test/server-badaltnamenull.csr b/certs/test/server-badaltnamenull.csr deleted file mode 100644 index 7ee5658d69..0000000000 --- a/certs/test/server-badaltnamenull.csr +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN CERTIFICATE REQUEST----- -MIICyTCCAbECAQAwWzELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAO -BgNVBAcMB0JvemVtYW4xFDASBgNVBAoMC0VuZ2luZWVyaW5nMRIwEAYDVQQDDAls -b2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBWOI9sH7D -UouzlAgOLJgVQEyrHw9nwxeIEqmxfU2kZZcD95DWBzExpT0mbluER8yoj6E3//LY -58aDdASC+x/gxTLWuCNIgF9GWIOfP2TaWj9AHT6mIeklP2z9qJm3Md7UT52xOLkz -0wblZzSjcqEY61c1MGH6xAtfYfWZgmkxej4aAKd7jR1LAXCSIx+EO2WvvA8c5fiS -ozQgftXSM/5437VVSwu4dH4ptRNou/6nXi74cYzO4+/Unh7j/4ggwuvegNdEqeRg -CtASpQalRN+xrqghQaj786t/kBkqH6L0KKzzcsfLi4oE6dJXn4e7SFWgzbRayp5y -a7jal5x/6U+5AgMBAAGgKTAnBgkqhkiG9w0BCQ4xGjAYMBYGA1UdEQQPMA2CC2xv -Y2FsaG9zdABoMA0GCSqGSIb3DQEBCwUAA4IBAQCHfMbbmvXJGKjO6Z6UOkF3f7sa -cB8gEyjm9+Aa8gMQnaWOH8Sw6nGhGNSOVTQUIqt8EohqNCd/jrjZF34mecaJ3ycw -ryt7AGQzQX5uutBLVr55jszVVC8EDKuPzO3jXH6h6ptvSebG/0KL0P+JHL5JvzZ1 -wAsTBtnnnrnxCQO3a2SFC4zVyH+LCP+EWehH7Sjt9FtrCIoP+xoM6AJ2tCxb4CHH -A8WGuw36lG78DH6rs4kbh0iCP/pKYrYeG9EBOj6+Bw7WF4ee6QhL0VzHXUcIFjkp -YlVLGBTL6KVjPW4uim1az5F1+HxZTvbAbnPU7f81M2ePmqbFfODYO1KPXycg ------END CERTIFICATE REQUEST----- diff --git a/certs/test/server-badaltnamenull.der b/certs/test/server-badaltnamenull.der deleted file mode 100644 index b844057227..0000000000 Binary files a/certs/test/server-badaltnamenull.der and /dev/null differ diff --git a/certs/test/server-badaltnamenull.key b/certs/test/server-badaltnamenull.key deleted file mode 100644 index b7d71ee2bc..0000000000 --- a/certs/test/server-badaltnamenull.key +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEogIBAAKCAQEAwVjiPbB+w1KLs5QIDiyYFUBMqx8PZ8MXiBKpsX1NpGWXA/eQ -1gcxMaU9Jm5bhEfMqI+hN//y2OfGg3QEgvsf4MUy1rgjSIBfRliDnz9k2lo/QB0+ -piHpJT9s/aiZtzHe1E+dsTi5M9MG5Wc0o3KhGOtXNTBh+sQLX2H1mYJpMXo+GgCn -e40dSwFwkiMfhDtlr7wPHOX4kqM0IH7V0jP+eN+1VUsLuHR+KbUTaLv+p14u+HGM -zuPv1J4e4/+IIMLr3oDXRKnkYArQEqUGpUTfsa6oIUGo+/Orf5AZKh+i9Cis83LH -y4uKBOnSV5+Hu0hVoM20Wsqecmu42pecf+lPuQIDAQABAoIBAEL0a8xfHVa4dCZo -4e0+ph/d127+34/YMILvq5IKSWPfxk8aYS6s6O0/QpDXcJu7XXUV4AeLe+Z/RPBq -sdFF84Eb6QIQXC+UPOoYZuQzyNIQpIyoU/SmE53RfAXPaAPXokm1lG81rHT05BN3 -DPR5Eq6VeOqzaYq0bxfFzY4uag02pITGuYMIxuBkJ+q9mu9XTaBWY1mGlD0zqxUZ -LC0dgrWklJFNHNWddrsMl0LDXFRfuxdFmoZT5NBLh+DWgKq/IW+TAqe3lZGVCPFs -cctR3WevykigH5TZmK3gsT98kqe5y9xO+pOpAvNAKeiXVYEREzE+PbsdiLiXbaEy -X1pUB70CgYEA7BSSQqa5duNNwOFp9DcNmMj1VKE2ixhRZi+R7jxHquiyh6IQv7tf -865f8ZA55mPwy5h/Gqin6YdswvkwHUqbEstnQ+BXmcXaI0EY6iZAkSSKbC0ygr3o -yVuRSCJmkCdmb8KIz0yguEjOmbNcavaH9ivE7KS6DhYb65PwyGuCxqsCgYEA0alC -a84cpN59zFTaW85gpq1zeWMbXmkBees8xnygJ4kZw2MkqQSZw+zUFdb9WbltSAsU -Y8eF0SAaShoXfa7BwB2Bnrs7NZMQzZfVmSG5QLF45v+087guN7pgWnmkUQ0G9ijc -oLI5Mn3oMy9UrJ48JUVwYysaacgRa73tMsGZ0ysCgYALrbDWjzzZfsEX6468QATy -K+7G8vqpwtgz/+JuMJkzATPjtcayVWiXu2aPopzaotMEn1SaUwGLceGVe5I/wLMP -KPTAzNZIixsRZ2T+IEpNY8tdMpcvFInxfBAhy2Hbe7d7i9oMtzO0KhXeUJsfx3ZO -XTfupO93Ruy2qKjeoULk5QKBgCDD9O9oHK3fX4WJVT63t/8UaFF2HZbZjjOBgdP7 -MgQ7tt0EJ3yKjYVDA7oOCTX2do+lu6AEVHNkMveVsEoh/4GImvM1i4FJ5Hxc2DLA -RHVJxv1CxQK5q+9lnx1EmVtZT9c0d5Zdg/bSGnG1WeRILlocyf2VhOE3NRHDcshV -3TZVAoGAXP0SDgRcA544d0zdw07f9/KgHlYcsJuPGt2F7UzjIZiBivr3yh+EXBw2 -xMqRwFnsBeOgvW/i3Je01RjeWZL6M9Lq1ywk2HZtDPnN6dP15LwSS33OBRca5Fk+ -CyKDfZHd+8c2wj8hNsxd/D4N7ZVDrU3UNvMslHwGh0PbIaQxcQM= ------END RSA PRIVATE KEY----- diff --git a/certs/test/server-badaltnamenull.pem b/certs/test/server-badaltnamenull.pem deleted file mode 100644 index 61017211c2..0000000000 --- a/certs/test/server-badaltnamenull.pem +++ /dev/null @@ -1,72 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 15650401360786530715 (0xd931651e45f8a19b) - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=US, ST=Montana, L=Bozeman, O=Engineering, CN=localhost - Validity - Not Before: May 3 16:02:13 2018 GMT - Not After : Jan 27 16:02:13 2021 GMT - Subject: C=US, ST=Montana, L=Bozeman, O=Engineering, CN=localhost - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - Public-Key: (2048 bit) - Modulus: - 00:c1:58:e2:3d:b0:7e:c3:52:8b:b3:94:08:0e:2c: - 98:15:40:4c:ab:1f:0f:67:c3:17:88:12:a9:b1:7d: - 4d:a4:65:97:03:f7:90:d6:07:31:31:a5:3d:26:6e: - 5b:84:47:cc:a8:8f:a1:37:ff:f2:d8:e7:c6:83:74: - 04:82:fb:1f:e0:c5:32:d6:b8:23:48:80:5f:46:58: - 83:9f:3f:64:da:5a:3f:40:1d:3e:a6:21:e9:25:3f: - 6c:fd:a8:99:b7:31:de:d4:4f:9d:b1:38:b9:33:d3: - 06:e5:67:34:a3:72:a1:18:eb:57:35:30:61:fa:c4: - 0b:5f:61:f5:99:82:69:31:7a:3e:1a:00:a7:7b:8d: - 1d:4b:01:70:92:23:1f:84:3b:65:af:bc:0f:1c:e5: - f8:92:a3:34:20:7e:d5:d2:33:fe:78:df:b5:55:4b: - 0b:b8:74:7e:29:b5:13:68:bb:fe:a7:5e:2e:f8:71: - 8c:ce:e3:ef:d4:9e:1e:e3:ff:88:20:c2:eb:de:80: - d7:44:a9:e4:60:0a:d0:12:a5:06:a5:44:df:b1:ae: - a8:21:41:a8:fb:f3:ab:7f:90:19:2a:1f:a2:f4:28: - ac:f3:72:c7:cb:8b:8a:04:e9:d2:57:9f:87:bb:48: - 55:a0:cd:b4:5a:ca:9e:72:6b:b8:da:97:9c:7f:e9: - 4f:b9 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Subject Alternative Name: - DNS:localhost - Signature Algorithm: sha1WithRSAEncryption - ae:76:ea:5e:33:2c:cf:16:c8:ec:a2:27:2a:19:b9:22:bb:69: - b4:96:35:f7:25:1c:dd:8b:fb:c4:a8:32:17:89:73:a0:bc:23: - a3:49:d4:fd:1a:d7:fc:bf:87:5d:42:12:4b:20:20:74:47:7e: - 7c:97:89:c1:f1:a3:82:3a:58:0b:b4:05:0b:c1:02:da:a6:dc: - ca:6c:60:58:fe:83:1c:fc:ed:c7:bc:96:df:b2:af:31:f5:28: - 45:2d:d5:c0:5a:42:95:c3:64:c5:46:5c:cd:8e:d6:7b:fd:9c: - f5:75:44:cc:d6:7e:d8:96:55:5c:00:9f:1f:ac:f1:0a:07:29: - 0c:ba:ab:7d:1f:ac:8d:40:55:86:e4:35:1d:11:89:10:8b:c2: - 67:ff:99:32:66:f3:5d:4a:c3:37:5e:37:32:40:7b:29:50:25: - e5:c1:d8:df:7b:64:3e:f7:c4:1e:01:88:fe:24:f6:0c:ea:f7: - 72:df:1e:72:0c:9b:64:c3:6b:ec:ce:99:b1:75:61:f2:ac:d5: - 6f:7b:7d:06:7b:6c:a8:6c:ac:46:37:dd:af:e6:cb:8f:70:d7: - 57:e2:38:d9:e6:9a:93:da:53:06:e6:39:c5:79:6a:0a:ac:49: - da:04:a1:60:2f:5f:96:ef:ca:6c:34:62:6c:ac:25:1c:d5:e0: - f7:8e:7c:df ------BEGIN CERTIFICATE----- -MIIDUzCCAjugAwIBAgIJANkxZR5F+KGbMA0GCSqGSIb3DQEBBQUAMFsxCzAJBgNV -BAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRQwEgYD -VQQKDAtFbmdpbmVlcmluZzESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTE4MDUwMzE2 -MDIxM1oXDTIxMDEyNzE2MDIxM1owWzELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01v -bnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFDASBgNVBAoMC0VuZ2luZWVyaW5nMRIw -EAYDVQQDDAlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB -AQDBWOI9sH7DUouzlAgOLJgVQEyrHw9nwxeIEqmxfU2kZZcD95DWBzExpT0mbluE -R8yoj6E3//LY58aDdASC+x/gxTLWuCNIgF9GWIOfP2TaWj9AHT6mIeklP2z9qJm3 -Md7UT52xOLkz0wblZzSjcqEY61c1MGH6xAtfYfWZgmkxej4aAKd7jR1LAXCSIx+E -O2WvvA8c5fiSozQgftXSM/5437VVSwu4dH4ptRNou/6nXi74cYzO4+/Unh7j/4gg -wuvegNdEqeRgCtASpQalRN+xrqghQaj786t/kBkqH6L0KKzzcsfLi4oE6dJXn4e7 -SFWgzbRayp5ya7jal5x/6U+5AgMBAAGjGjAYMBYGA1UdEQQPMA2CC2xvY2FsaG9z -dABoMA0GCSqGSIb3DQEBBQUAA4IBAQCudupeMyzPFsjsoicqGbkiu2m0ljX3JRzd -i/vEqDIXiXOgvCOjSdT9Gtf8v4ddQhJLICB0R358l4nB8aOCOlgLtAULwQLaptzK -bGBY/oMc/O3HvJbfsq8x9ShFLdXAWkKVw2TFRlzNjtZ7/Zz1dUTM1n7YllVcAJ8f -rPEKBykMuqt9H6yNQFWG5DUdEYkQi8Jn/5kyZvNdSsM3XjcyQHspUCXlwdjfe2Q+ -98QeAYj+JPYM6vdy3x5yDJtkw2vszpmxdWHyrNVve30Ge2yobKxGN92v5suPcNdX -4jjZ5pqT2lMG5jnFeWoKrEnaBKFgL1+W78psNGJsrCUc1eD3jnzf ------END CERTIFICATE----- diff --git a/certs/test/server-badaltnull.der b/certs/test/server-badaltnull.der new file mode 100644 index 0000000000..d65b52e125 Binary files /dev/null and b/certs/test/server-badaltnull.der differ diff --git a/certs/test/server-badaltnull.pem b/certs/test/server-badaltnull.pem new file mode 100644 index 0000000000..af1e9c8777 --- /dev/null +++ b/certs/test/server-badaltnull.pem @@ -0,0 +1,74 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 18337557996975909176 (0xfe7c17d779df6938) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=www.nomatch.com/emailAddress=info@wolfssl.com + Validity + Not Before: Jun 12 23:10:48 2018 GMT + Not After : Mar 8 23:10:48 2021 GMT + Subject: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=www.nomatch.com/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27: + 01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6: + f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75: + f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab: + 64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e: + 86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25: + 4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c: + 34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6: + 8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc: + 40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8: + dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3: + e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9: + 64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0: + c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77: + ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4: + b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22: + a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f: + ad:d7 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Alternative Name: + DNS:localhost + Signature Algorithm: sha256WithRSAEncryption + 24:29:6d:72:5e:f9:49:79:0a:c1:d7:bb:c2:eb:b5:4b:f6:b6: + 05:e3:99:7a:df:68:ee:8d:94:66:f2:31:1f:9e:c2:86:77:5d: + 3b:75:86:9a:98:c1:8b:54:18:ab:9e:13:64:af:5b:b8:35:0c: + d4:e6:dc:3e:03:d9:26:06:75:6b:13:a2:e9:3d:19:0a:65:d7: + e2:1e:c2:67:fe:d7:f0:64:d8:ae:20:c3:81:1b:7f:a4:76:6e: + 4a:5c:ae:23:6e:85:32:25:3c:5e:54:7a:bf:49:5a:a2:11:53: + a1:ce:d9:4b:19:ef:1c:ba:0e:f9:8e:c4:da:90:69:2f:ec:87: + 08:24:d7:6a:18:63:56:3e:a0:a6:22:f1:e0:10:bd:cc:68:50: + 99:e7:4f:51:27:00:da:36:2c:df:26:ab:41:5e:c3:fb:1b:bb: + 58:3f:8c:4a:b2:30:71:66:92:9e:05:a1:c9:90:f9:06:0a:79: + 33:f4:e3:b9:da:43:38:8f:82:15:1e:98:7a:b8:da:e7:a4:f6: + 08:bc:54:c6:7b:64:c2:56:a0:83:f9:c0:d5:60:ba:a3:df:8a: + 04:bc:65:d6:82:23:82:50:2f:a9:f6:bd:03:c6:3d:5e:00:b8: + a0:c5:0f:eb:cf:59:67:d9:a3:e1:84:f9:d1:91:65:67:96:93: + b6:0b:15:80 +-----BEGIN CERTIFICATE----- +MIIDozCCAougAwIBAgIJAP58F9d532k4MA0GCSqGSIb3DQEBCwUAMIGCMQswCQYD +VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEUMBIG +A1UECwwLRW5naW5lZXJpbmcxGDAWBgNVBAMMD3d3dy5ub21hdGNoLmNvbTEfMB0G +CSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0xODA2MTIyMzEwNDhaFw0y +MTAzMDgyMzEwNDhaMIGCMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQ +MA4GA1UEBwwHQm96ZW1hbjEUMBIGA1UECwwLRW5naW5lZXJpbmcxGDAWBgNVBAMM +D3d3dy5ub21hdGNoLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNv +bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMCVCOFXQfJxbbfSRUEn +AWXGRa7yvCQwuJXOL07W9hyIvHyf+6hnf/5cnFF194rKB+c1L4/hvXvAL3yrZKgX +/Mpde7rgIeVyLm8uhtiVc9qsG1O5Xz/XGQ0lT+FjY1GLC2Q/rUO4pRxcNLOuAKBj +xfZ/C1loeHOmjBipAm2vwxkBLrgQ48bMQLRpo0YzaYduxLsXpvPo3a1zvHsvIbX9 +ZlEMvVSz4W1fHLwjc9EJA4kU0hC5ZMMq0KGWSrzh1Bpbx6DAwWN4D0Q3MDKWgDIj +laF3uhPSl3PiXSXJag3DOWCktLBpQkIJ6dgIvDMgs1gip6rrxOHmYYPF0pbf2dBP +rdcCAwEAAaMaMBgwFgYDVR0RBA8wDYILbG9jYWxob3N0AGgwDQYJKoZIhvcNAQEL +BQADggEBACQpbXJe+Ul5CsHXu8LrtUv2tgXjmXrfaO6NlGbyMR+ewoZ3XTt1hpqY +wYtUGKueE2SvW7g1DNTm3D4D2SYGdWsTouk9GQpl1+Iewmf+1/Bk2K4gw4Ebf6R2 +bkpcriNuhTIlPF5Uer9JWqIRU6HO2UsZ7xy6DvmOxNqQaS/shwgk12oYY1Y+oKYi +8eAQvcxoUJnnT1EnANo2LN8mq0Few/sbu1g/jEqyMHFmkp4FocmQ+QYKeTP047na +QziPghUemHq42uek9gi8VMZ7ZMJWoIP5wNVguqPfigS8ZdaCI4JQL6n2vQPGPV4A +uKDFD+vPWWfZo+GE+dGRZWeWk7YLFYA= +-----END CERTIFICATE----- diff --git a/certs/test/server-badcn.der b/certs/test/server-badcn.der new file mode 100644 index 0000000000..867fdb41ac Binary files /dev/null and b/certs/test/server-badcn.der differ diff --git a/certs/test/server-badcn.pem b/certs/test/server-badcn.pem new file mode 100644 index 0000000000..3b761a3688 --- /dev/null +++ b/certs/test/server-badcn.pem @@ -0,0 +1,70 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 10690824908453597701 (0x945d709ca0465205) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=www.nomatch.com/emailAddress=info@wolfssl.com + Validity + Not Before: Jun 12 23:10:48 2018 GMT + Not After : Mar 8 23:10:48 2021 GMT + Subject: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=www.nomatch.com/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27: + 01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6: + f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75: + f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab: + 64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e: + 86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25: + 4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c: + 34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6: + 8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc: + 40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8: + dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3: + e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9: + 64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0: + c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77: + ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4: + b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22: + a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f: + ad:d7 + Exponent: 65537 (0x10001) + Signature Algorithm: sha256WithRSAEncryption + 6b:4d:4f:75:40:7b:1c:c0:08:e7:ae:b1:e7:57:9e:c0:ee:ca: + 15:46:e9:e5:02:dd:fb:e1:f3:39:b9:b4:d3:b5:a4:cb:5b:16: + 4d:90:43:54:62:8d:d5:58:68:12:35:d7:73:ba:86:33:27:7e: + e7:f4:4b:90:40:f3:e2:62:90:57:08:e0:a6:10:76:62:00:bd: + 60:29:dc:52:10:98:bb:81:4c:f7:f8:cf:46:64:66:fa:85:dd: + e0:90:fb:27:3d:74:2f:fb:7c:29:fe:ae:a7:a6:8d:1e:41:d6: + d6:02:90:28:51:fc:ce:87:bc:39:58:d7:94:5a:c6:6c:2c:3f: + dc:99:14:ec:66:43:5f:cf:0b:47:1c:1e:9e:27:05:8b:8e:55: + d8:c0:25:45:40:3b:93:4f:a2:d9:58:ef:c0:c1:57:4c:67:2f: + 33:84:01:d0:bc:0a:d0:95:44:ae:eb:f8:fd:68:d5:5a:33:b4: + b3:cb:ad:1b:ce:ec:ae:04:b4:5d:0a:29:ad:2a:66:a5:cf:73: + c3:bf:ce:ce:43:4d:01:ea:e8:45:23:e5:3f:21:22:2e:6e:9b: + 22:d0:e8:c9:e2:c9:2c:a5:6a:27:9d:7f:8a:17:ae:c7:3d:54: + 6b:bd:85:76:44:e6:16:1f:72:31:a0:75:b8:1f:89:a4:7e:c1: + 2d:d0:96:05 +-----BEGIN CERTIFICATE----- +MIIDhzCCAm+gAwIBAgIJAJRdcJygRlIFMA0GCSqGSIb3DQEBCwUAMIGCMQswCQYD +VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEUMBIG +A1UECwwLRW5naW5lZXJpbmcxGDAWBgNVBAMMD3d3dy5ub21hdGNoLmNvbTEfMB0G +CSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0xODA2MTIyMzEwNDhaFw0y +MTAzMDgyMzEwNDhaMIGCMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQ +MA4GA1UEBwwHQm96ZW1hbjEUMBIGA1UECwwLRW5naW5lZXJpbmcxGDAWBgNVBAMM +D3d3dy5ub21hdGNoLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNv +bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMCVCOFXQfJxbbfSRUEn +AWXGRa7yvCQwuJXOL07W9hyIvHyf+6hnf/5cnFF194rKB+c1L4/hvXvAL3yrZKgX +/Mpde7rgIeVyLm8uhtiVc9qsG1O5Xz/XGQ0lT+FjY1GLC2Q/rUO4pRxcNLOuAKBj +xfZ/C1loeHOmjBipAm2vwxkBLrgQ48bMQLRpo0YzaYduxLsXpvPo3a1zvHsvIbX9 +ZlEMvVSz4W1fHLwjc9EJA4kU0hC5ZMMq0KGWSrzh1Bpbx6DAwWN4D0Q3MDKWgDIj +laF3uhPSl3PiXSXJag3DOWCktLBpQkIJ6dgIvDMgs1gip6rrxOHmYYPF0pbf2dBP +rdcCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAa01PdUB7HMAI566x51eewO7KFUbp +5QLd++HzObm007Wky1sWTZBDVGKN1VhoEjXXc7qGMyd+5/RLkEDz4mKQVwjgphB2 +YgC9YCncUhCYu4FM9/jPRmRm+oXd4JD7Jz10L/t8Kf6up6aNHkHW1gKQKFH8zoe8 +OVjXlFrGbCw/3JkU7GZDX88LRxwenicFi45V2MAlRUA7k0+i2VjvwMFXTGcvM4QB +0LwK0JVEruv4/WjVWjO0s8utG87srgS0XQoprSpmpc9zw7/OzkNNAeroRSPlPyEi +Lm6bItDoyeLJLKVqJ51/iheuxz1Ua72FdkTmFh9yMaB1uB+JpH7BLdCWBQ== +-----END CERTIFICATE----- diff --git a/certs/test/server-badcnnull.der b/certs/test/server-badcnnull.der new file mode 100644 index 0000000000..74a57f4006 Binary files /dev/null and b/certs/test/server-badcnnull.der differ diff --git a/certs/test/server-badcnnull.pem b/certs/test/server-badcnnull.pem new file mode 100644 index 0000000000..a3ffaec6a0 --- /dev/null +++ b/certs/test/server-badcnnull.pem @@ -0,0 +1,72 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 14443731963441436391 (0xc87271b1cfe1d6e7) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=DER:30:0d:82:0b:6c:6f:63:61:6c:68:6f:73:74:00:68/emailAddress=info@wolfssl.com + Validity + Not Before: Jun 12 23:10:47 2018 GMT + Not After : Mar 8 23:10:47 2021 GMT + Subject: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=DER:30:0d:82:0b:6c:6f:63:61:6c:68:6f:73:74:00:68/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27: + 01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6: + f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75: + f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab: + 64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e: + 86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25: + 4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c: + 34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6: + 8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc: + 40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8: + dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3: + e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9: + 64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0: + c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77: + ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4: + b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22: + a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f: + ad:d7 + Exponent: 65537 (0x10001) + Signature Algorithm: sha256WithRSAEncryption + 28:2d:4a:7a:b9:22:94:2a:92:90:d8:e8:2b:bc:c5:39:46:03: + c3:16:97:a1:21:1c:8d:19:f9:d2:c5:9f:36:8c:d4:04:b0:69: + cd:2f:28:3f:95:e9:3d:22:e1:b3:c0:f0:73:f3:b8:fa:cb:63: + a4:7d:b9:3c:dc:fc:f1:7e:fd:b0:8b:c6:5e:f2:60:90:51:5a: + 94:92:e0:48:04:44:53:4f:73:e5:73:27:c5:54:94:ed:69:a4: + 8f:5c:62:0f:fa:3b:4f:c5:2b:d4:26:0d:3c:39:e1:c7:ce:d5: + 81:b6:c8:7f:63:e1:7a:de:0f:d2:ca:97:2b:7d:cc:09:53:69: + 2c:a4:d8:19:58:ad:eb:48:ce:c7:69:1b:63:57:26:5a:9b:5d: + be:98:9d:58:b2:b3:c0:79:8b:bf:f4:39:f2:a1:5d:30:63:4a: + 66:15:1d:8f:a2:e4:83:b2:25:06:74:66:8f:32:b1:5d:a7:7f: + 6f:70:f6:4e:2a:10:33:6f:c2:a4:38:34:87:f6:3f:82:a7:a5: + ab:fa:7d:43:38:f6:8d:bc:04:e1:b2:81:10:c7:6a:03:ed:0c: + 89:b9:06:b3:61:e4:c1:ca:9e:88:48:39:a6:41:e8:7f:f8:d7: + 7d:48:46:fb:9f:53:de:8c:be:6a:25:77:8c:48:bf:a4:7d:b0: + 96:dd:d0:86 +-----BEGIN CERTIFICATE----- +MIIDyTCCArGgAwIBAgIJAMhycbHP4dbnMA0GCSqGSIb3DQEBCwUAMIGjMQswCQYD +VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEUMBIG +A1UECwwLRW5naW5lZXJpbmcxOTA3BgNVBAMMMERFUjozMDowZDo4MjowYjo2Yzo2 +Zjo2Mzo2MTo2Yzo2ODo2Zjo3Mzo3NDowMDo2ODEfMB0GCSqGSIb3DQEJARYQaW5m +b0B3b2xmc3NsLmNvbTAeFw0xODA2MTIyMzEwNDdaFw0yMTAzMDgyMzEwNDdaMIGj +MQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1h +bjEUMBIGA1UECwwLRW5naW5lZXJpbmcxOTA3BgNVBAMMMERFUjozMDowZDo4Mjow +Yjo2Yzo2Zjo2Mzo2MTo2Yzo2ODo2Zjo3Mzo3NDowMDo2ODEfMB0GCSqGSIb3DQEJ +ARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC +ggEBAMCVCOFXQfJxbbfSRUEnAWXGRa7yvCQwuJXOL07W9hyIvHyf+6hnf/5cnFF1 +94rKB+c1L4/hvXvAL3yrZKgX/Mpde7rgIeVyLm8uhtiVc9qsG1O5Xz/XGQ0lT+Fj +Y1GLC2Q/rUO4pRxcNLOuAKBjxfZ/C1loeHOmjBipAm2vwxkBLrgQ48bMQLRpo0Yz +aYduxLsXpvPo3a1zvHsvIbX9ZlEMvVSz4W1fHLwjc9EJA4kU0hC5ZMMq0KGWSrzh +1Bpbx6DAwWN4D0Q3MDKWgDIjlaF3uhPSl3PiXSXJag3DOWCktLBpQkIJ6dgIvDMg +s1gip6rrxOHmYYPF0pbf2dBPrdcCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAKC1K +erkilCqSkNjoK7zFOUYDwxaXoSEcjRn50sWfNozUBLBpzS8oP5XpPSLhs8Dwc/O4 ++stjpH25PNz88X79sIvGXvJgkFFalJLgSAREU09z5XMnxVSU7Wmkj1xiD/o7T8Ur +1CYNPDnhx87VgbbIf2Phet4P0sqXK33MCVNpLKTYGVit60jOx2kbY1cmWptdvpid +WLKzwHmLv/Q58qFdMGNKZhUdj6Lkg7IlBnRmjzKxXad/b3D2TioQM2/CpDg0h/Y/ +gqelq/p9Qzj2jbwE4bKBEMdqA+0MibkGs2HkwcqeiEg5pkHof/jXfUhG+59T3oy+ +aiV3jEi/pH2wlt3Qhg== +-----END CERTIFICATE----- diff --git a/certs/test/server-cert-ecc-badsig.der b/certs/test/server-cert-ecc-badsig.der old mode 100755 new mode 100644 diff --git a/certs/test/server-goodalt.der b/certs/test/server-goodalt.der new file mode 100644 index 0000000000..7ec7392c99 Binary files /dev/null and b/certs/test/server-goodalt.der differ diff --git a/certs/test/server-goodalt.pem b/certs/test/server-goodalt.pem new file mode 100644 index 0000000000..b8950929c7 --- /dev/null +++ b/certs/test/server-goodalt.pem @@ -0,0 +1,74 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 14615220398693458350 (0xcad3b184922aa1ae) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=www.nomatch.com/emailAddress=info@wolfssl.com + Validity + Not Before: Jun 13 16:02:51 2018 GMT + Not After : Mar 9 16:02:51 2021 GMT + Subject: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=www.nomatch.com/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27: + 01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6: + f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75: + f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab: + 64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e: + 86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25: + 4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c: + 34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6: + 8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc: + 40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8: + dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3: + e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9: + 64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0: + c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77: + ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4: + b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22: + a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f: + ad:d7 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Alternative Name: + DNS:localhost + Signature Algorithm: sha256WithRSAEncryption + 5a:08:fc:f5:82:0b:a3:9b:8e:d0:95:92:46:df:a1:cd:8a:e5: + c5:57:71:d4:6f:f4:d9:73:66:bc:7e:d9:66:a7:67:c7:29:1c: + 8d:d4:33:92:54:f3:7d:fd:5d:ef:b1:a8:07:a6:ee:df:99:f6: + 70:56:d2:f6:0b:15:0b:70:6f:da:bd:c4:37:ef:99:f9:b7:f3: + 59:70:12:41:f5:72:1c:61:1d:51:6d:22:c5:8c:8b:78:f8:77: + 00:11:e3:b2:a6:b7:e9:00:02:f0:e7:8f:e3:50:cb:20:8b:ff: + f5:31:ce:7b:c1:ae:8f:a3:3c:60:81:da:34:6f:5f:d0:45:6d: + bf:c2:69:54:5a:58:d3:57:29:5e:0f:85:d7:73:e1:db:b1:15: + 26:a8:66:72:51:d7:e7:b3:b8:87:b1:ab:6c:51:4b:7c:98:c7: + c4:a8:ba:b0:3d:05:b5:95:2e:b5:a4:47:87:cd:86:3d:6c:45: + 54:46:63:c8:15:d6:06:39:a3:d6:b1:3f:f7:eb:a0:7c:c1:97: + a9:7f:11:f7:ee:e5:6d:53:90:30:6c:39:0a:6b:0d:d6:8e:eb: + 38:9f:bc:09:c1:fc:67:28:4a:fd:59:60:df:d0:19:f9:35:52: + 4c:5e:85:98:c5:d4:e9:fe:17:04:22:f8:f1:dd:4b:8f:29:0e: + b5:04:37:c1 +-----BEGIN CERTIFICATE----- +MIIDoTCCAomgAwIBAgIJAMrTsYSSKqGuMA0GCSqGSIb3DQEBCwUAMIGCMQswCQYD +VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEUMBIG +A1UECwwLRW5naW5lZXJpbmcxGDAWBgNVBAMMD3d3dy5ub21hdGNoLmNvbTEfMB0G +CSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0xODA2MTMxNjAyNTFaFw0y +MTAzMDkxNjAyNTFaMIGCMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQ +MA4GA1UEBwwHQm96ZW1hbjEUMBIGA1UECwwLRW5naW5lZXJpbmcxGDAWBgNVBAMM +D3d3dy5ub21hdGNoLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNv +bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMCVCOFXQfJxbbfSRUEn +AWXGRa7yvCQwuJXOL07W9hyIvHyf+6hnf/5cnFF194rKB+c1L4/hvXvAL3yrZKgX +/Mpde7rgIeVyLm8uhtiVc9qsG1O5Xz/XGQ0lT+FjY1GLC2Q/rUO4pRxcNLOuAKBj +xfZ/C1loeHOmjBipAm2vwxkBLrgQ48bMQLRpo0YzaYduxLsXpvPo3a1zvHsvIbX9 +ZlEMvVSz4W1fHLwjc9EJA4kU0hC5ZMMq0KGWSrzh1Bpbx6DAwWN4D0Q3MDKWgDIj +laF3uhPSl3PiXSXJag3DOWCktLBpQkIJ6dgIvDMgs1gip6rrxOHmYYPF0pbf2dBP +rdcCAwEAAaMYMBYwFAYDVR0RBA0wC4IJbG9jYWxob3N0MA0GCSqGSIb3DQEBCwUA +A4IBAQBaCPz1ggujm47QlZJG36HNiuXFV3HUb/TZc2a8ftlmp2fHKRyN1DOSVPN9 +/V3vsagHpu7fmfZwVtL2CxULcG/avcQ375n5t/NZcBJB9XIcYR1RbSLFjIt4+HcA +EeOyprfpAALw54/jUMsgi//1Mc57wa6Pozxggdo0b1/QRW2/wmlUWljTVyleD4XX +c+HbsRUmqGZyUdfns7iHsatsUUt8mMfEqLqwPQW1lS61pEeHzYY9bEVURmPIFdYG +OaPWsT/366B8wZepfxH37uVtU5AwbDkKaw3Wjus4n7wJwfxnKEr9WWDf0Bn5NVJM +XoWYxdTp/hcEIvjx3UuPKQ61BDfB +-----END CERTIFICATE----- diff --git a/certs/test/server-goodaltwild.der b/certs/test/server-goodaltwild.der new file mode 100644 index 0000000000..f574834305 Binary files /dev/null and b/certs/test/server-goodaltwild.der differ diff --git a/certs/test/server-goodaltwild.pem b/certs/test/server-goodaltwild.pem new file mode 100644 index 0000000000..801656bff0 --- /dev/null +++ b/certs/test/server-goodaltwild.pem @@ -0,0 +1,74 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 17517463568368655517 (0xf31a884dce75dc9d) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=www.nomatch.com/emailAddress=info@wolfssl.com + Validity + Not Before: Jun 12 23:10:47 2018 GMT + Not After : Mar 8 23:10:47 2021 GMT + Subject: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=www.nomatch.com/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27: + 01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6: + f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75: + f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab: + 64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e: + 86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25: + 4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c: + 34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6: + 8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc: + 40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8: + dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3: + e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9: + 64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0: + c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77: + ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4: + b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22: + a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f: + ad:d7 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Alternative Name: + DNS:*localhost + Signature Algorithm: sha256WithRSAEncryption + af:29:93:9d:e0:ec:8e:4d:aa:e6:12:90:45:af:56:32:5d:97: + 68:21:68:04:8f:82:80:ee:15:46:00:a2:9c:83:a0:f3:44:e3: + 95:d6:93:49:30:0e:86:00:fa:1f:8c:c0:63:a2:4b:f5:3b:f8: + 81:ce:f2:88:98:18:c3:bc:55:0c:48:69:e0:0b:64:44:1c:6d: + 35:5d:cd:75:59:c0:00:d4:19:c8:ba:f1:7f:c6:3c:00:f4:0f: + fe:c2:fa:e8:5c:22:8d:0b:ea:7e:c7:80:d1:01:f3:bb:1a:58: + e5:6e:2a:78:73:61:cb:30:cd:66:79:c3:42:b3:71:1c:4c:39: + 13:fd:c5:73:43:25:0d:3d:9b:49:ff:36:53:c7:6a:6f:20:0a: + f5:b0:67:ac:d0:ff:a8:62:25:72:eb:f4:c1:66:30:31:4c:6c: + bb:ab:55:08:36:fb:a3:8d:99:b0:e0:5c:88:09:ba:fe:5c:a0: + 94:db:97:bb:1f:01:7c:d8:50:7a:c8:a2:cf:23:d5:a9:84:d5: + 86:f9:02:96:1d:73:50:53:f8:f2:14:5b:2a:43:e1:b1:7b:b9: + 0e:a4:d9:88:dd:fe:71:41:b9:fd:bc:8e:9b:ad:4a:7e:e6:72: + 8b:a3:9b:66:37:84:ef:8e:c0:f6:95:ea:0f:80:e6:27:c0:8b: + 6e:91:a1:5a +-----BEGIN CERTIFICATE----- +MIIDojCCAoqgAwIBAgIJAPMaiE3OddydMA0GCSqGSIb3DQEBCwUAMIGCMQswCQYD +VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEUMBIG +A1UECwwLRW5naW5lZXJpbmcxGDAWBgNVBAMMD3d3dy5ub21hdGNoLmNvbTEfMB0G +CSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0xODA2MTIyMzEwNDdaFw0y +MTAzMDgyMzEwNDdaMIGCMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQ +MA4GA1UEBwwHQm96ZW1hbjEUMBIGA1UECwwLRW5naW5lZXJpbmcxGDAWBgNVBAMM +D3d3dy5ub21hdGNoLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNv +bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMCVCOFXQfJxbbfSRUEn +AWXGRa7yvCQwuJXOL07W9hyIvHyf+6hnf/5cnFF194rKB+c1L4/hvXvAL3yrZKgX +/Mpde7rgIeVyLm8uhtiVc9qsG1O5Xz/XGQ0lT+FjY1GLC2Q/rUO4pRxcNLOuAKBj +xfZ/C1loeHOmjBipAm2vwxkBLrgQ48bMQLRpo0YzaYduxLsXpvPo3a1zvHsvIbX9 +ZlEMvVSz4W1fHLwjc9EJA4kU0hC5ZMMq0KGWSrzh1Bpbx6DAwWN4D0Q3MDKWgDIj +laF3uhPSl3PiXSXJag3DOWCktLBpQkIJ6dgIvDMgs1gip6rrxOHmYYPF0pbf2dBP +rdcCAwEAAaMZMBcwFQYDVR0RBA4wDIIKKmxvY2FsaG9zdDANBgkqhkiG9w0BAQsF +AAOCAQEArymTneDsjk2q5hKQRa9WMl2XaCFoBI+CgO4VRgCinIOg80TjldaTSTAO +hgD6H4zAY6JL9Tv4gc7yiJgYw7xVDEhp4AtkRBxtNV3NdVnAANQZyLrxf8Y8APQP +/sL66FwijQvqfseA0QHzuxpY5W4qeHNhyzDNZnnDQrNxHEw5E/3Fc0MlDT2bSf82 +U8dqbyAK9bBnrND/qGIlcuv0wWYwMUxsu6tVCDb7o42ZsOBciAm6/lyglNuXux8B +fNhQesiizyPVqYTVhvkClh1zUFP48hRbKkPhsXu5DqTZiN3+cUG5/byOm61KfuZy +i6ObZjeE747A9pXqD4DmJ8CLbpGhWg== +-----END CERTIFICATE----- diff --git a/certs/test/server-goodcn.der b/certs/test/server-goodcn.der new file mode 100644 index 0000000000..78edebedce Binary files /dev/null and b/certs/test/server-goodcn.der differ diff --git a/certs/test/server-goodcn.pem b/certs/test/server-goodcn.pem new file mode 100644 index 0000000000..3bcd40ee42 --- /dev/null +++ b/certs/test/server-goodcn.pem @@ -0,0 +1,70 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 9494820020802705564 (0x83c46080d236589c) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=localhost/emailAddress=info@wolfssl.com + Validity + Not Before: Jun 13 16:02:51 2018 GMT + Not After : Mar 9 16:02:51 2021 GMT + Subject: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=localhost/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27: + 01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6: + f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75: + f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab: + 64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e: + 86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25: + 4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c: + 34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6: + 8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc: + 40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8: + dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3: + e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9: + 64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0: + c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77: + ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4: + b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22: + a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f: + ad:d7 + Exponent: 65537 (0x10001) + Signature Algorithm: sha256WithRSAEncryption + 00:fe:cb:dd:9b:51:8c:57:e6:e8:8b:96:92:70:0b:c3:e8:15: + c4:f1:fd:e6:39:c7:f8:d5:0d:8e:ae:f7:27:17:46:e3:fd:70: + 26:24:d3:61:a7:8b:7e:7b:97:f6:21:30:f4:24:f9:c3:22:76: + a6:68:83:40:ce:9d:69:d7:e4:9e:e5:ff:cf:a3:3e:c0:52:a8: + 7e:93:7f:d5:5b:63:37:45:fd:ca:f4:8f:8e:2a:50:ac:80:ce: + 4e:2c:1a:3b:ec:ed:8f:ae:4f:09:54:9d:b1:3f:05:bc:cf:24: + 3f:f4:9a:1d:4d:dc:ba:33:b0:b4:7a:a6:54:38:de:dc:b4:f1: + 27:ce:6f:2c:d0:7e:62:8a:84:af:40:af:d2:2a:1f:40:fe:5e: + 14:9d:05:30:2b:4f:7b:95:86:2d:9b:a9:fb:00:eb:1b:a1:fd: + 0b:67:de:66:9d:e3:b8:3e:e7:8a:b1:7e:38:3f:0e:db:53:c5: + 5d:18:a7:66:49:8e:51:03:3c:6a:cb:fa:1a:ef:83:a7:7b:f2: + 23:f9:fb:7d:30:91:7d:c0:3a:63:b9:89:19:9c:bf:8d:f8:5d: + 4a:9b:a6:48:02:35:f0:19:ea:92:09:8a:78:7a:09:eb:8c:61: + e7:6a:11:85:a9:a6:a6:fb:94:48:ff:86:4e:c1:13:49:13:a5: + 72:b6:25:c8 +-----BEGIN CERTIFICATE----- +MIIDeTCCAmGgAwIBAgIJAIPEYIDSNlicMA0GCSqGSIb3DQEBCwUAMHwxCzAJBgNV +BAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRQwEgYD +VQQLDAtFbmdpbmVlcmluZzESMBAGA1UEAwwJbG9jYWxob3N0MR8wHQYJKoZIhvcN +AQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE4MDYxMzE2MDI1MVoXDTIxMDMwOTE2 +MDI1MVowfDELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcM +B0JvemVtYW4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMRIwEAYDVQQDDAlsb2NhbGhv +c3QxHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQDAlQjhV0HycW230kVBJwFlxkWu8rwkMLiVzi9O +1vYciLx8n/uoZ3/+XJxRdfeKygfnNS+P4b17wC98q2SoF/zKXXu64CHlci5vLobY +lXParBtTuV8/1xkNJU/hY2NRiwtkP61DuKUcXDSzrgCgY8X2fwtZaHhzpowYqQJt +r8MZAS64EOPGzEC0aaNGM2mHbsS7F6bz6N2tc7x7LyG1/WZRDL1Us+FtXxy8I3PR +CQOJFNIQuWTDKtChlkq84dQaW8egwMFjeA9ENzAyloAyI5Whd7oT0pdz4l0lyWoN +wzlgpLSwaUJCCenYCLwzILNYIqeq68Th5mGDxdKW39nQT63XAgMBAAEwDQYJKoZI +hvcNAQELBQADggEBAAD+y92bUYxX5uiLlpJwC8PoFcTx/eY5x/jVDY6u9ycXRuP9 +cCYk02Gni357l/YhMPQk+cMidqZog0DOnWnX5J7l/8+jPsBSqH6Tf9VbYzdF/cr0 +j44qUKyAzk4sGjvs7Y+uTwlUnbE/BbzPJD/0mh1N3LozsLR6plQ43ty08SfObyzQ +fmKKhK9Ar9IqH0D+XhSdBTArT3uVhi2bqfsA6xuh/Qtn3mad47g+54qxfjg/DttT +xV0Yp2ZJjlEDPGrL+hrvg6d78iP5+30wkX3AOmO5iRmcv434XUqbpkgCNfAZ6pIJ +inh6CeuMYedqEYWppqb7lEj/hk7BE0kTpXK2Jcg= +-----END CERTIFICATE----- diff --git a/certs/test/server-goodcnwild.der b/certs/test/server-goodcnwild.der new file mode 100644 index 0000000000..e6ef31417e Binary files /dev/null and b/certs/test/server-goodcnwild.der differ diff --git a/certs/test/server-goodcnwild.pem b/certs/test/server-goodcnwild.pem new file mode 100644 index 0000000000..656604158d --- /dev/null +++ b/certs/test/server-goodcnwild.pem @@ -0,0 +1,70 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 9769574718208722881 (0x87948071dd77c7c1) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=*localhost/emailAddress=info@wolfssl.com + Validity + Not Before: Jun 12 23:10:47 2018 GMT + Not After : Mar 8 23:10:47 2021 GMT + Subject: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=*localhost/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27: + 01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6: + f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75: + f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab: + 64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e: + 86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25: + 4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c: + 34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6: + 8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc: + 40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8: + dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3: + e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9: + 64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0: + c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77: + ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4: + b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22: + a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f: + ad:d7 + Exponent: 65537 (0x10001) + Signature Algorithm: sha256WithRSAEncryption + 34:ef:b2:dc:02:ec:6a:b5:58:e6:2b:13:18:30:57:e2:ef:22: + 0f:7c:7d:e3:00:77:cc:c4:d9:97:7f:e8:69:f4:87:22:1a:b8: + a1:f2:17:18:94:23:cb:05:c2:90:86:c0:37:6a:90:da:00:70: + dd:de:11:68:48:95:eb:4d:08:1e:73:1e:68:6e:1b:1e:1f:93: + a1:fc:21:05:a7:99:1a:73:0a:88:37:60:f0:ba:8d:b6:b4:3f: + c8:ed:2f:7b:56:9f:a5:c0:00:19:01:e8:e3:d1:06:fc:27:b7: + 5d:f5:53:f9:00:6e:d4:f2:31:1c:a3:cd:12:5f:72:38:09:8a: + be:54:e3:6f:15:31:28:c3:c9:09:60:92:a9:c6:e1:66:33:c4: + 4d:24:f0:74:8e:87:29:63:67:6b:20:e0:5b:81:04:65:cc:0e: + 69:db:7f:e7:93:85:d5:04:26:bb:82:9e:69:61:f2:37:e4:6c: + e2:87:e1:cd:37:40:69:a4:7f:f4:e3:39:d8:fb:2d:53:61:d7: + 4d:1d:39:e0:db:0a:10:7c:f3:4e:30:55:ef:3f:8a:8b:4a:47: + 99:f5:10:60:78:83:38:90:ab:33:59:45:d2:e6:62:df:3d:cd: + a6:7c:39:91:9c:ae:96:36:b7:7f:c1:46:10:a8:c9:4e:be:66: + 6c:61:46:a2 +-----BEGIN CERTIFICATE----- +MIIDezCCAmOgAwIBAgIJAIeUgHHdd8fBMA0GCSqGSIb3DQEBCwUAMH0xCzAJBgNV +BAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRQwEgYD +VQQLDAtFbmdpbmVlcmluZzETMBEGA1UEAwwKKmxvY2FsaG9zdDEfMB0GCSqGSIb3 +DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0xODA2MTIyMzEwNDdaFw0yMTAzMDgy +MzEwNDdaMH0xCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQH +DAdCb3plbWFuMRQwEgYDVQQLDAtFbmdpbmVlcmluZzETMBEGA1UEAwwKKmxvY2Fs +aG9zdDEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAMCVCOFXQfJxbbfSRUEnAWXGRa7yvCQwuJXO +L07W9hyIvHyf+6hnf/5cnFF194rKB+c1L4/hvXvAL3yrZKgX/Mpde7rgIeVyLm8u +htiVc9qsG1O5Xz/XGQ0lT+FjY1GLC2Q/rUO4pRxcNLOuAKBjxfZ/C1loeHOmjBip +Am2vwxkBLrgQ48bMQLRpo0YzaYduxLsXpvPo3a1zvHsvIbX9ZlEMvVSz4W1fHLwj +c9EJA4kU0hC5ZMMq0KGWSrzh1Bpbx6DAwWN4D0Q3MDKWgDIjlaF3uhPSl3PiXSXJ +ag3DOWCktLBpQkIJ6dgIvDMgs1gip6rrxOHmYYPF0pbf2dBPrdcCAwEAATANBgkq +hkiG9w0BAQsFAAOCAQEANO+y3ALsarVY5isTGDBX4u8iD3x94wB3zMTZl3/oafSH +Ihq4ofIXGJQjywXCkIbAN2qQ2gBw3d4RaEiV600IHnMeaG4bHh+TofwhBaeZGnMK +iDdg8LqNtrQ/yO0ve1afpcAAGQHo49EG/Ce3XfVT+QBu1PIxHKPNEl9yOAmKvlTj +bxUxKMPJCWCSqcbhZjPETSTwdI6HKWNnayDgW4EEZcwOadt/55OF1QQmu4KeaWHy +N+Rs4ofhzTdAaaR/9OM52PstU2HXTR054NsKEHzzTjBV7z+Ki0pHmfUQYHiDOJCr +M1lF0uZi3z3Npnw5kZyulja3f8FGEKjJTr5mbGFGog== +-----END CERTIFICATE----- diff --git a/certs/test/server-nomatch.conf b/certs/test/server-nomatch.conf deleted file mode 100644 index b53010c379..0000000000 --- a/certs/test/server-nomatch.conf +++ /dev/null @@ -1,16 +0,0 @@ -[ req ] -default_bits = 2048 -distinguished_name = req_distinguished_name -req_extensions = req_ext - -[ req_distinguished_name ] -countryName = US -stateOrProvinceName = Montana -localityName = Bozeman -organizationName = Engineering -commonName = www.nomatch.com -commonName_max = 64 - -[ req_ext ] -#subjectAltName = localhost\0h -#subjectAltName = DER:30:0d:82:0b:6c:6f:63:61:6c:68:6f:73:74:00:68 diff --git a/certs/test/server-nomatch.csr b/certs/test/server-nomatch.csr deleted file mode 100644 index 5fdc8f7777..0000000000 --- a/certs/test/server-nomatch.csr +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN CERTIFICATE REQUEST----- -MIICtDCCAZwCAQAwYDELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAO -BgNVBAcMB0JvemVtYW4xFDASBgNVBAoMC0VuZ2luZWVyaW5nMRcwFQYDVQQDDA53 -d3cubm9uYW1lLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ1B -JYwNWaXJdfnKJAz61T0m1w6xMGxELhZWjDks49zn98lW8E8wMZtCoguE1feuu9pF -6yGnfRmK2J+4QjeWVejmMqt8SQyJpW8nWCvRpFVha0RFbmT60nuvKMRX68Lku6iU -Vav2KHU+cz4yBj1m9QO6AqzJWQWiLY5t25OBq+EkhWUd9I39rGmF8ba1Bnpus27U -tqRVJ8cmEwnNPc8ihvcN8RsrYdnQNyYIiIUdJIA2iduDE7PeOSY3jT9mtmeWQOHp -l91xh/RGbJWNpLBd66TkreLTnz4zmQMMTzZGj1pdv9B3UFc6mIMNWmLsERRhiOMO -hiaFfEJwFJZBN9PaXYsCAwEAAaAPMA0GCSqGSIb3DQEJDjEAMA0GCSqGSIb3DQEB -CwUAA4IBAQCA0S++HN0qb94u8setTM5akJjpM1b2o4rcrQluFKMel8mMip9hinvG -sPkJL1KB28/O9TcdmMX57zfXBsumxLSpjzmjIqri7fVabcu/kybE2wdNNvM+9ZzT -pNbYhWEhsCS8XAegiApx/JVszmH77GLExuVAY2XqxA7Cy2Ia/qyiR6v0agMd6I4z -T7nlJHBckOOEdJ6cjqy67vqWy+BKwCK/kRnOJuirIeJ+SechS4tXuRrVni0pkDuK -xQ2uHQjpzFR40U6pFGgwZcdR1bvLCWOlC7efS4ayIETZzhOuXTZa4qQ5/IcCyM+N -scJS5z+YQpQMgOs5jj5DWYLUtMs63UmQ ------END CERTIFICATE REQUEST----- diff --git a/certs/test/server-nomatch.der b/certs/test/server-nomatch.der deleted file mode 100644 index 0dcf502a06..0000000000 Binary files a/certs/test/server-nomatch.der and /dev/null differ diff --git a/certs/test/server-nomatch.key b/certs/test/server-nomatch.key deleted file mode 100644 index 182b27380a..0000000000 --- a/certs/test/server-nomatch.key +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAnUEljA1Zpcl1+cokDPrVPSbXDrEwbEQuFlaMOSzj3Of3yVbw -TzAxm0KiC4TV96672kXrIad9GYrYn7hCN5ZV6OYyq3xJDImlbydYK9GkVWFrREVu -ZPrSe68oxFfrwuS7qJRVq/YodT5zPjIGPWb1A7oCrMlZBaItjm3bk4Gr4SSFZR30 -jf2saYXxtrUGem6zbtS2pFUnxyYTCc09zyKG9w3xGyth2dA3JgiIhR0kgDaJ24MT -s945JjeNP2a2Z5ZA4emX3XGH9EZslY2ksF3rpOSt4tOfPjOZAwxPNkaPWl2/0HdQ -VzqYgw1aYuwRFGGI4w6GJoV8QnAUlkE309pdiwIDAQABAoIBAQCKxhIHfUSOvLHj -JRMZbUY/OAZzTcTo1mZBilEmp8nSidculA1wJJyyYmQ0fB6C/G2E20z8Hx2UK+at -VOMCwSXBaVxv3zdr3BDlfbgeu1wliNornoYkkQCs68+zLc+95zMAOx87qPjdNqZm -zaiaCUDR8BYqO2nXQd6oIaSzkKyI+tqTO9zW4NG8Y5zv0waKCjPK9Ep/kze9uC4S -WIp2eYhUb+x60dECDBGI9xvlgeZyP5PMCfCyaZk3CxnLsR4tI9R5WwDgMcjCShJk -3+kHyrtNU8ak2TrfUoh96arHu0HMLFJaJSdxYT9FUSKhKu+fWMn1J36AkxdqntAw -6HATVD4ZAoGBAM0DCqI5BKvmPWdO587+fpPAa76iqQDqqkaAQ94xcGtTYA0yEfbA -V4JFfsCEFm7evteMmJgmDyNNVvnSi/LQhL+ih40Q0LKREYzBiMy3aothQZAYb+Ex -fVllfZhIaWI8q/DoeZ7qohRHFGBA/znav6vls3kE3jRWx0O30eq9cX1tAoGBAMRd -bQNcp2mCm+fe//s5GKXm4ak4zeo077fUCxJly4DE5e2+IGrP+JYwVrJsMuFu/3C1 -/6+qCgLS+/08BMQ+e6xmTDJrRXtk9KmDI38tEoqzH8tkAgSTxby771/5uNr7hbgX -LtCCIsxhwSAML0b7M2I8xmEfL3Dmu1q7/GEDAMPXAoGABd/ucBOeNKbWX519OwtD -6Uv8Smwy15nh4z9NspJMHGc5O2eR6DY+y7beGPowAmFTqq2WudVtXZ+bvHDyHbUn -+K3ZoIs4z8UkcZoiJ2uiG/hffpeUrSlT5DnqTXDVxEDk1HR0977Vgis/RDrYlXnV -QEHG0NL44xsRfrlHxKhFFkkCgYB1HsgzliLgQp+c2BxUCkUSRrhXx2LCC5rjSRzl -d0O+5THC8IDDVJIPentrZi+e2CaRYmxDqSbZcmAMNa0eI6p+NHHELMk/hQKMzIPy -ib6ibZ5MILU3Z7AsFuf6labVLeoe1+z7PnNk9fVLmRjlvFR0ho1IRmJ0c5pRzwgE -ENd29wKBgA5WnuCBKF9Kv8H9E1hAuAGXwBxmw9PVeWB63/TAernlOQhF47ra9ExH -GtkZv9D/2tNJaoft1YQ1yhBn7l7rW+vfQYXAOW4yRg0FSOOgefBwN/eTOXVRU9Zg -9LBwnQlvimQUm0GrxLLAseDqFMn/a3x/KxftvF95JGx/1Lscukdz ------END RSA PRIVATE KEY----- diff --git a/certs/test/server-nomatch.pem b/certs/test/server-nomatch.pem deleted file mode 100644 index a1753cbf38..0000000000 --- a/certs/test/server-nomatch.pem +++ /dev/null @@ -1,69 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 13225619248861184800 (0xb78ad6a26ef08320) - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=US, ST=Montana, L=Bozeman, O=Engineering, CN=www.noname.com - Validity - Not Before: May 24 21:25:38 2018 GMT - Not After : Feb 17 21:25:38 2021 GMT - Subject: C=US, ST=Montana, L=Bozeman, O=Engineering, CN=www.noname.com - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - Public-Key: (2048 bit) - Modulus: - 00:9d:41:25:8c:0d:59:a5:c9:75:f9:ca:24:0c:fa: - d5:3d:26:d7:0e:b1:30:6c:44:2e:16:56:8c:39:2c: - e3:dc:e7:f7:c9:56:f0:4f:30:31:9b:42:a2:0b:84: - d5:f7:ae:bb:da:45:eb:21:a7:7d:19:8a:d8:9f:b8: - 42:37:96:55:e8:e6:32:ab:7c:49:0c:89:a5:6f:27: - 58:2b:d1:a4:55:61:6b:44:45:6e:64:fa:d2:7b:af: - 28:c4:57:eb:c2:e4:bb:a8:94:55:ab:f6:28:75:3e: - 73:3e:32:06:3d:66:f5:03:ba:02:ac:c9:59:05:a2: - 2d:8e:6d:db:93:81:ab:e1:24:85:65:1d:f4:8d:fd: - ac:69:85:f1:b6:b5:06:7a:6e:b3:6e:d4:b6:a4:55: - 27:c7:26:13:09:cd:3d:cf:22:86:f7:0d:f1:1b:2b: - 61:d9:d0:37:26:08:88:85:1d:24:80:36:89:db:83: - 13:b3:de:39:26:37:8d:3f:66:b6:67:96:40:e1:e9: - 97:dd:71:87:f4:46:6c:95:8d:a4:b0:5d:eb:a4:e4: - ad:e2:d3:9f:3e:33:99:03:0c:4f:36:46:8f:5a:5d: - bf:d0:77:50:57:3a:98:83:0d:5a:62:ec:11:14:61: - 88:e3:0e:86:26:85:7c:42:70:14:96:41:37:d3:da: - 5d:8b - Exponent: 65537 (0x10001) - Signature Algorithm: sha1WithRSAEncryption - 6d:df:c3:7a:74:32:b6:ba:f5:2c:87:93:6c:64:7c:b9:5f:6e: - 79:f3:e7:b2:6a:58:c6:8d:20:9a:f6:46:b1:60:f9:59:59:6f: - 22:32:e3:f8:5c:a2:2d:53:84:48:b9:68:6d:2e:59:03:c1:e4: - ad:5b:ce:91:6e:13:bd:5c:71:2a:69:d8:7d:a8:07:cf:6f:83: - 0c:05:cf:d4:39:7f:10:3d:35:98:1c:f9:77:26:53:d5:81:f1: - 6a:0b:ca:fb:86:f9:6d:bb:92:b9:e0:57:a2:3b:43:14:cc:e0: - 75:27:10:c2:50:1d:91:ca:af:f8:36:88:cc:5d:1d:37:77:fe: - 1d:ea:b3:d9:94:b6:e4:b1:a7:29:2b:e4:1e:c7:f6:65:1d:59: - d7:e2:2d:01:d2:08:a1:72:a0:b2:f1:3f:9c:fd:27:f9:46:85: - e3:05:a5:34:b0:a6:6c:44:f0:42:16:32:71:2f:cd:82:c2:33: - 05:0a:3c:3c:e7:87:17:d7:1f:a9:4e:83:c2:1e:46:a5:0f:7a: - c2:98:f7:98:a1:75:b8:72:26:d9:1b:65:24:f0:f3:d7:2c:9c: - cf:a6:88:c4:8c:56:00:87:16:be:49:28:91:a0:bc:c7:9f:e3: - 02:35:fb:0b:39:e3:c0:f9:f3:ed:bb:7d:2e:4c:09:7a:88:53: - b1:16:5c:b4 ------BEGIN CERTIFICATE----- -MIIDQTCCAimgAwIBAgIJALeK1qJu8IMgMA0GCSqGSIb3DQEBBQUAMGAxCzAJBgNV -BAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRQwEgYD -VQQKDAtFbmdpbmVlcmluZzEXMBUGA1UEAwwOd3d3Lm5vbmFtZS5jb20wHhcNMTgw -NTI0MjEyNTM4WhcNMjEwMjE3MjEyNTM4WjBgMQswCQYDVQQGEwJVUzEQMA4GA1UE -CAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEUMBIGA1UECgwLRW5naW5lZXJp -bmcxFzAVBgNVBAMMDnd3dy5ub25hbWUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC -AQ8AMIIBCgKCAQEAnUEljA1Zpcl1+cokDPrVPSbXDrEwbEQuFlaMOSzj3Of3yVbw -TzAxm0KiC4TV96672kXrIad9GYrYn7hCN5ZV6OYyq3xJDImlbydYK9GkVWFrREVu -ZPrSe68oxFfrwuS7qJRVq/YodT5zPjIGPWb1A7oCrMlZBaItjm3bk4Gr4SSFZR30 -jf2saYXxtrUGem6zbtS2pFUnxyYTCc09zyKG9w3xGyth2dA3JgiIhR0kgDaJ24MT -s945JjeNP2a2Z5ZA4emX3XGH9EZslY2ksF3rpOSt4tOfPjOZAwxPNkaPWl2/0HdQ -VzqYgw1aYuwRFGGI4w6GJoV8QnAUlkE309pdiwIDAQABMA0GCSqGSIb3DQEBBQUA -A4IBAQBt38N6dDK2uvUsh5NsZHy5X2558+eyaljGjSCa9kaxYPlZWW8iMuP4XKIt -U4RIuWhtLlkDweStW86RbhO9XHEqadh9qAfPb4MMBc/UOX8QPTWYHPl3JlPVgfFq -C8r7hvltu5K54FeiO0MUzOB1JxDCUB2Ryq/4NojMXR03d/4d6rPZlLbksacpK+Qe -x/ZlHVnX4i0B0gihcqCy8T+c/Sf5RoXjBaU0sKZsRPBCFjJxL82CwjMFCjw854cX -1x+pToPCHkalD3rCmPeYoXW4cibZG2Uk8PPXLJzPpojEjFYAhxa+SSiRoLzHn+MC -NfsLOePA+fPtu30uTAl6iFOxFly0 ------END CERTIFICATE----- diff --git a/configure.ac b/configure.ac index 8cae247aa9..52481b9d1c 100644 --- a/configure.ac +++ b/configure.ac @@ -6,53 +6,46 @@ # # AC_COPYRIGHT([Copyright (C) 2006-2018 wolfSSL Inc.]) -AC_INIT([wolfssl],[3.14.0],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com]) - +AC_PREREQ([2.63]) +AC_INIT([wolfssl],[3.15.0],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[https://www.wolfssl.com]) AC_CONFIG_AUX_DIR([build-aux]) # The following sets CFLAGS and CXXFLAGS to empty if unset on command line. -# We do not want the default "-g -O2" that AC_PROG_CC AC_PROG_CXX sets -# automatically. +# We do not want the default "-g -O2" that AC_PROG_CC sets automatically. : ${CFLAGS=""} -: ${CXXFLAGS=""} # Test ar for the "U" option. Should be checked before the libtool macros. xxx_ar_flags=$((ar --help) 2>&1) AS_CASE([$xxx_ar_flags],[*'use actual timestamps and uids/gids'*],[: ${AR_FLAGS="Ucru"}]) +AC_PROG_CC +AM_PROG_CC_C_O AC_CANONICAL_HOST -AC_CANONICAL_BUILD - -AM_INIT_AUTOMAKE([1.11 -Wall -Werror -Wno-portability foreign tar-ustar subdir-objects no-define color-tests]) -AC_PREREQ([2.63]) - -AC_ARG_PROGRAM -AC_DEFUN([PROTECT_AC_USE_SYSTEM_EXTENSIONS], - [AX_SAVE_FLAGS - AC_LANG_PUSH([C]) - AC_USE_SYSTEM_EXTENSIONS - AC_LANG_POP([C]) - AX_RESTORE_FLAGS - ]) -#PROTECT_AC_USE_SYSTEM_EXTENSIONS - AC_CONFIG_MACRO_DIR([m4]) -AC_CONFIG_HEADERS([config.h:config.in])dnl Keep filename to 8.3 for MS-DOS. +AM_INIT_AUTOMAKE([1.11 -Wall -Werror -Wno-portability foreign tar-ustar subdir-objects no-define color-tests]) +m4_ifdef([AM_SILENT_RULES],[AM_SILENT_RULES([yes])]) + +AC_ARG_PROGRAM + +AC_CONFIG_HEADERS([config.h:config.in]) + +LT_PREREQ([2.2]) +LT_INIT([disable-static win32-dll]) #shared library versioning -WOLFSSL_LIBRARY_VERSION=16:0:0 -# | | | -# +------+ | +---+ -# | | | -# current:revision:age -# | | | -# | | +- increment if interfaces have been added -# | | set to zero if interfaces have been removed -# | | or changed -# | +- increment if source code has changed -# | set to zero if current is incremented -# +- increment if interfaces have been added, removed or changed +WOLFSSL_LIBRARY_VERSION=17:0:0 +# | | | +# +------+ | +---+ +# | | | +# current:revision:age +# | | | +# | | +- increment if interfaces have been added +# | | set to zero if interfaces have been removed +# | | or changed +# | +- increment if source code has changed +# | set to zero if current is incremented +# +- increment if interfaces have been added, removed or changed AC_SUBST([WOLFSSL_LIBRARY_VERSION]) # capture user C_EXTRA_FLAGS from ./configure line, CFLAGS may hold -g -O2 even @@ -60,57 +53,29 @@ AC_SUBST([WOLFSSL_LIBRARY_VERSION]) USER_C_EXTRA_FLAGS="$C_EXTRA_FLAGS" USER_CFLAGS="$CFLAGS" -LT_PREREQ([2.2]) -LT_INIT([disable-static],[win32-dll]) -LT_LANG([C++]) -LT_LANG([C]) - gl_VISIBILITY AS_IF([ test -n "$CFLAG_VISIBILITY" ], [ AM_CPPFLAGS="$AM_CPPFLAGS $CFLAG_VISIBILITY" CPPFLAGS="$CPPFLAGS $CFLAG_VISIBILITY" ]) -m4_ifdef([AM_SILENT_RULES],[AM_SILENT_RULES([yes])]) # Moved these size of and type checks before the library checks. # The library checks add the library to subsequent test compiles # and in some rare cases, the networking check causes these sizeof # checks to fail. -AC_CHECK_SIZEOF(long long, 8) -AC_CHECK_SIZEOF(long, 4) -AC_CHECK_TYPES(__uint128_t) -AC_CHECK_FUNCS([gethostbyname]) -AC_CHECK_FUNCS([getaddrinfo]) -AC_CHECK_FUNCS([gettimeofday]) -AC_CHECK_FUNCS([gmtime_r]) -AC_CHECK_FUNCS([inet_ntoa]) -AC_CHECK_FUNCS([memset]) -AC_CHECK_FUNCS([socket]) -AC_CHECK_HEADERS([arpa/inet.h]) -AC_CHECK_HEADERS([fcntl.h]) -AC_CHECK_HEADERS([limits.h]) -AC_CHECK_HEADERS([netdb.h]) -AC_CHECK_HEADERS([netinet/in.h]) -AC_CHECK_HEADERS([stddef.h]) -AC_CHECK_HEADERS([sys/ioctl.h]) -AC_CHECK_HEADERS([sys/socket.h]) -AC_CHECK_HEADERS([sys/time.h]) -AC_CHECK_HEADERS([errno.h]) -AC_CHECK_LIB(network,socket) +AC_CHECK_SIZEOF([long long]) +AC_CHECK_SIZEOF([long]) +AC_CHECK_TYPES([__uint128_t]) +AC_CHECK_FUNCS([gethostbyname getaddrinfo gettimeofday gmtime_r inet_ntoa memset socket]) +AC_CHECK_HEADERS([arpa/inet.h fcntl.h limits.h netdb.h netinet/in.h stddef.h sys/ioctl.h sys/socket.h sys/time.h errno.h]) +AC_CHECK_LIB([network],[socket]) AC_C_BIGENDIAN -# mktime check takes forever on some systems, if time supported it would be -# highly unusual for mktime to be missing -#AC_FUNC_MKTIME -AC_PROG_CC -AC_PROG_CC_C_O -AC_PROG_CXX AC_PROG_INSTALL AC_TYPE_SIZE_T AC_TYPE_UINT8_T AM_PROG_AS -AM_PROG_CC_C_O LT_LIB_M OPTIMIZE_CFLAGS="-Os -fomit-frame-pointer" @@ -120,13 +85,9 @@ DEBUG_CFLAGS="-g -DDEBUG -DDEBUG_WOLFSSL" LIB_ADD= LIB_STATIC_ADD= -thread_ls_on=no # Thread local storage -AX_TLS([ - [AM_CFLAGS="$AM_CFLAGS -DHAVE_THREAD_LS"] - [thread_ls_on=yes] - ] , [:]) - +AX_TLS([thread_ls_on=yes],[thread_ls_on=no]) +AS_IF([test "x$thread_ls_on" = "xyes"],[AM_CFLAGS="$AM_CFLAGS -DHAVE_THREAD_LS"]) # DEBUG AX_DEBUG @@ -135,7 +96,6 @@ AS_IF([test "$ax_enable_debug" = "yes"], [AM_CFLAGS="$AM_CFLAGS -DNDEBUG"]) - # Distro build feature subset (Debian, Ubuntu, etc.) AC_ARG_ENABLE([distro], [AS_HELP_STRING([--enable-distro],[Enable wolfSSL distro build (default: disabled)])], @@ -280,7 +240,7 @@ AS_IF([ test "x$ENABLED_SINGLETHREADED" = "xno" ],[ ],[ ENABLED_SINGLETHREADED=yes ]) - ]) + ]) AS_IF([ test "x$ENABLED_SINGLETHREADED" = "xyes" ],[ AM_CFLAGS="-DSINGLE_THREADED $AM_CFLAGS" ]) @@ -923,7 +883,7 @@ AC_ARG_ENABLE([armasm], ) if test "$ENABLED_ARMASM" = "yes" && test "$ENABLED_ASM" = "yes" then - AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ARMASM" + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ARMASM -DWOLFSSL_NO_HASH_RAW" #Check if mcpu and mfpu values already set if not use default case $CPPFLAGS in *mcpu* | *mfpu*) @@ -3885,6 +3845,20 @@ else fi +# Support for crypto device hardware +AC_ARG_ENABLE([cryptodev], + [AS_HELP_STRING([--enable-cryptodev],[Enable crypto hardware support (default: disabled)])], + [ ENABLED_CRYPTODEV=$enableval ], + [ ENABLED_CRYPTODEV=no ] + ) + +if test "$ENABLED_CRYPTODEV" = "yes" +then + AM_CFLAGS="$AM_CFLAGS -DWOLF_CRYPTO_DEV" +fi +AM_CONDITIONAL([BUILD_CRYPTODEV], [test "x$ENABLED_CRYPTODEV" = "xyes"]) + + # Session Export AC_ARG_ENABLE([sessionexport], [AS_HELP_STRING([--enable-sessionexport],[Enable export and import of sessions (default: disabled)])], @@ -4211,7 +4185,6 @@ fi OPTION_FLAGS="$USER_CFLAGS $USER_C_EXTRA_FLAGS $CPPFLAGS $AM_CFLAGS" - CREATE_HEX_VERSION AC_SUBST([AM_CPPFLAGS]) AC_SUBST([AM_CFLAGS]) @@ -4222,17 +4195,7 @@ AC_SUBST([LIB_STATIC_ADD]) # FINAL AC_CONFIG_FILES([stamp-h], [echo timestamp > stamp-h]) -AC_CONFIG_FILES([Makefile]) -AC_CONFIG_FILES([wolfssl/version.h]) -AC_CONFIG_FILES([wolfssl/options.h]) -#have options.h and version.h for autoconf fips tag and build -#if test "x$ENABLED_FIPS" = "xyes" -#then -# AC_CONFIG_FILES([cyassl/version.h]) -# AC_CONFIG_FILES([cyassl/options.h]) -#fi -AC_CONFIG_FILES([support/wolfssl.pc]) -AC_CONFIG_FILES([rpm/spec]) +AC_CONFIG_FILES([Makefile wolfssl/version.h wolfssl/options.h cyassl/options.h support/wolfssl.pc rpm/spec]) AX_CREATE_GENERIC_CONFIG AX_AM_JOBSERVER([yes]) diff --git a/doc/dox_comments/header_files/ssl.h b/doc/dox_comments/header_files/ssl.h index 4c143c29c8..ed2d0b4989 100644 --- a/doc/dox_comments/header_files/ssl.h +++ b/doc/dox_comments/header_files/ssl.h @@ -5599,7 +5599,7 @@ WOLFSSL_API int wolfSSL_X509_version(WOLFSSL_X509*); \sa XFSEEK */ WOLFSSL_API WOLFSSL_X509* - wolfSSL_X509_d2i_fp(WOLFSSL_X509** x509, FILE* file); + wolfSSL_X509_d2i_fp(WOLFSSL_X509** x509, XFILE file); /*! \ingroup CertsKeys diff --git a/examples/benchmark/tls_bench.c b/examples/benchmark/tls_bench.c index 199ab37550..93b39d9745 100644 --- a/examples/benchmark/tls_bench.c +++ b/examples/benchmark/tls_bench.c @@ -68,6 +68,7 @@ bench_tls(args); #define TEST_PACKET_SIZE 1024 #define SHOW_VERBOSE 0 /* Default output is tab delimited format */ +#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) static int argShowPeerInfo = 0; /* Show more info about wolfSSL configuration */ static const char* kTestStr = @@ -864,6 +865,7 @@ int bench_tls(void* args) /* Return reporting a success */ return (((func_args*)args)->return_code = 0); } +#endif /* !NO_WOLFSSL_CLIENT && !NO_WOLFSSL_SERVER */ #ifndef NO_MAIN_DRIVER @@ -873,8 +875,11 @@ int main(int argc, char** argv) args.argc = argc; args.argv = argv; + args.return_code = 0; +#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) bench_tls(&args); +#endif return(args.return_code); } diff --git a/examples/client/client.c b/examples/client/client.c index b7f2a37c3d..c16d146622 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -660,7 +660,11 @@ static void ClientWrite(WOLFSSL* ssl, char* msg, int msgSz) } #endif } - } while (err == WC_PENDING_E); + } while (err == WOLFSSL_ERROR_WANT_WRITE + #ifdef WOLFSSL_ASYNC_CRYPT + || err == WC_PENDING_E + #endif + ); if (ret != msgSz) { printf("SSL_write msg error %d, %s\n", err, wolfSSL_ERR_error_string(err, buffer)); @@ -925,9 +929,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) int onlyKeyShare = 0; #ifdef WOLFSSL_TLS13 int noPskDheKe = 0; -#ifdef WOLFSSL_POST_HANDSHAKE_AUTH int postHandAuth = 0; -#endif #endif int updateKeysIVs = 0; #ifdef WOLFSSL_EARLY_DATA @@ -2253,8 +2255,8 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) ClientRead(ssl, reply, sizeof(reply)-1, 1); -#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) - if (postHandAuth) +#if defined(WOLFSSL_TLS13) + if (updateKeysIVs || postHandAuth) ClientWrite(ssl, msg, msgSz); #endif if (sendGET) { /* get html */ @@ -2631,6 +2633,7 @@ exit: args.argc = argc; args.argv = argv; + args.return_code = 0; #if defined(DEBUG_WOLFSSL) && !defined(WOLFSSL_MDK_SHELL) && !defined(STACK_TRAP) wolfSSL_Debugging_ON(); @@ -2644,6 +2647,8 @@ exit: #else client_test(&args); #endif +#else + printf("Client not compiled in!\n"); #endif wolfSSL_Cleanup(); diff --git a/examples/echoclient/echoclient.c b/examples/echoclient/echoclient.c index f38b14df67..ffe4bd5ca8 100644 --- a/examples/echoclient/echoclient.c +++ b/examples/echoclient/echoclient.c @@ -334,6 +334,7 @@ void echoclient_test(void* args) args.argc = argc; args.argv = argv; + args.return_code = 0; CyaSSL_Init(); #if defined(DEBUG_CYASSL) && !defined(WOLFSSL_MDK_SHELL) diff --git a/examples/echoserver/echoserver.c b/examples/echoserver/echoserver.c index 3e6bfbd584..37048f82f4 100644 --- a/examples/echoserver/echoserver.c +++ b/examples/echoserver/echoserver.c @@ -497,6 +497,7 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args) args.argc = argc; args.argv = argv; + args.return_code = 0; CyaSSL_Init(); #if defined(DEBUG_CYASSL) && !defined(CYASSL_MDK_SHELL) diff --git a/examples/server/server.c b/examples/server/server.c index b2fa31ad2d..8103a7e01a 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -281,46 +281,6 @@ int ServerEchoData(SSL* ssl, int clientfd, int echoData, int block, return EXIT_SUCCESS; } -#ifdef WOLFSSL_TLS13 -static void NonBlockingServerRead(WOLFSSL* ssl, char* input, int inputLen) -{ - int ret, err; - char buffer[CYASSL_MAX_ERROR_SZ]; - - /* Read data */ - do { - err = 0; /* reset error */ - ret = SSL_read(ssl, input, inputLen); - if (ret < 0) { - err = SSL_get_error(ssl, 0); - - #ifdef WOLFSSL_ASYNC_CRYPT - if (err == WC_PENDING_E) { - ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW); - if (ret < 0) break; - } - else - #endif - #ifdef CYASSL_DTLS - if (wolfSSL_dtls(ssl) && err == DECRYPT_ERROR) { - printf("Dropped client's message due to a bad MAC\n"); - } - else - #endif - if (err != WOLFSSL_ERROR_WANT_READ) { - printf("SSL_read input error %d, %s\n", err, - ERR_error_string(err, buffer)); - err_sys_ex(runWithErrors, "SSL_read failed"); - } - } - } while (err == WC_PENDING_E || err == WOLFSSL_ERROR_WANT_READ); - if (ret > 0) { - input[ret] = 0; /* null terminate message */ - printf("Client message: %s\n", input); - } -} -#endif - static void ServerRead(WOLFSSL* ssl, char* input, int inputLen) { int ret, err; @@ -352,7 +312,7 @@ static void ServerRead(WOLFSSL* ssl, char* input, int inputLen) err_sys_ex(runWithErrors, "SSL_read failed"); } } - } while (err == WC_PENDING_E); + } while (err == WC_PENDING_E || err == WOLFSSL_ERROR_WANT_READ); if (ret > 0) { input[ret] = 0; /* null terminate message */ printf("Client message: %s\n", input); @@ -1627,7 +1587,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) if (postHandAuth) { - SSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER | + SSL_set_verify(ssl, WOLFSSL_VERIFY_PEER | ((usePskPlus) ? WOLFSSL_VERIFY_FAIL_EXCEPT_PSK : WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT), 0); if (SSL_CTX_load_verify_locations(ctx, verifyCert, 0) @@ -1637,7 +1597,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) } #ifdef WOLFSSL_TRUST_PEER_CERT if (trustCert) { - if ((ret = wolfSSL_CTX_trust_peer_cert(ctx, trustCert, + if ((ret = wolfSSL_trust_peer_cert(ssl, trustCert, WOLFSSL_FILETYPE_PEM)) != WOLFSSL_SUCCESS) { err_sys_ex(runWithErrors, "can't load trusted peer cert " "file"); @@ -1679,13 +1639,8 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) ServerWrite(ssl, write_msg, write_msg_sz); #ifdef WOLFSSL_TLS13 - if (updateKeysIVs || postHandAuth) { - ServerWrite(ssl, write_msg, write_msg_sz); - if (nonBlocking) - NonBlockingServerRead(ssl, input, sizeof(input)-1); - else - ServerRead(ssl, input, sizeof(input)-1); - } + if (updateKeysIVs || postHandAuth) + ServerRead(ssl, input, sizeof(input)-1); #endif } else { @@ -1798,6 +1753,7 @@ exit: args.argc = argc; args.argv = argv; args.signal = &ready; + args.return_code = 0; InitTcpReady(&ready); #if defined(DEBUG_CYASSL) && !defined(WOLFSSL_MDK_SHELL) diff --git a/m4/ax_harden_compiler_flags.m4 b/m4/ax_harden_compiler_flags.m4 index c0ee1b17e7..9088556261 100644 --- a/m4/ax_harden_compiler_flags.m4 +++ b/m4/ax_harden_compiler_flags.m4 @@ -67,6 +67,7 @@ # changes: deleted the clearing of CFLAGS AC_DEFUN([AX_HARDEN_LINKER_FLAGS], [ + AX_REQUIRE_DEFINED([AX_CHECK_LINK_FLAG]) AC_REQUIRE([AX_VCS_CHECKOUT]) AC_REQUIRE([AX_DEBUG]) @@ -95,6 +96,7 @@ ]) AC_DEFUN([AX_HARDEN_CC_COMPILER_FLAGS], [ + AX_REQUIRE_DEFINED([AX_APPEND_COMPILE_FLAGS]) AC_REQUIRE([AX_HARDEN_LINKER_FLAGS]) AC_LANG_PUSH([C]) @@ -160,6 +162,7 @@ ]) AC_DEFUN([AX_HARDEN_CXX_COMPILER_FLAGS], [ + AC_REQUIRE_DEFINED([AX_APPEND_COMPILE_FLAGS]) AC_REQUIRE([AX_HARDEN_CC_COMPILER_FLAGS]) AC_LANG_PUSH([C++]) @@ -227,6 +230,7 @@ ]) AC_DEFUN([AX_CC_OTHER_FLAGS], [ + AX_REQUIRE_DEFINED([AX_APPEND_COMPILE_FLAGS]) AC_REQUIRE([AX_HARDEN_CC_COMPILER_FLAGS]) AC_LANG_PUSH([C]) diff --git a/rpm/spec.in b/rpm/spec.in index 05fc27b84f..e54f279cd8 100644 --- a/rpm/spec.in +++ b/rpm/spec.in @@ -73,8 +73,8 @@ mkdir -p $RPM_BUILD_ROOT/ %{_docdir}/wolfssl/README.txt %{_libdir}/libwolfssl.la %{_libdir}/libwolfssl.so -%{_libdir}/libwolfssl.so.16 -%{_libdir}/libwolfssl.so.16.0.0 +%{_libdir}/libwolfssl.so.17 +%{_libdir}/libwolfssl.so.17.0.0 %files devel %defattr(-,root,root,-) @@ -287,6 +287,8 @@ mkdir -p $RPM_BUILD_ROOT/ %{_libdir}/pkgconfig/wolfssl.pc %changelog +* Thu May 31 2018 John Safranek +- Update the version number on the library SO file. * Fri Mar 02 2018 Jacob Barthelmeh - Added headder files fips.h, buffer.h, objects.h, rc4.h and example tls_bench.c * Fri Sep 08 2017 Jacob Barthelmeh diff --git a/scripts/psk.test b/scripts/psk.test index d8a0c3d070..b9c0f21c02 100755 --- a/scripts/psk.test +++ b/scripts/psk.test @@ -62,6 +62,14 @@ do_trap() { trap do_trap INT TERM [ ! -x ./examples/client/client ] && echo -e "\n\nClient doesn't exist" && exit 1 +./examples/client/client -? 2>&1 | grep -- 'Client not compiled in!' +if [ $? -eq 0 ]; then + exit 0 +fi +./examples/server/server -? 2>&1 | grep -- 'Server not compiled in!' +if [ $? -eq 0 ]; then + exit 0 +fi # Usual psk server / psk client. This use case is tested in # tests/unit.test and is used here for just checking if PSK is enabled @@ -103,6 +111,21 @@ if [ $? -ne 0 ]; then fi echo "" + # psk server with non psk client + port=0 + ./examples/server/server -j -R $ready_file -p $port & + server_pid=$! + create_port + ./examples/client/client -p $port + RESULT=$? + remove_ready_file + if [ $RESULT -ne 0 ]; then + echo -e "\n\nClient connection failed" + do_cleanup + exit 1 + fi + echo "" + # check fail if no auth, psk server with non psk client echo "Checking fail when not sending peer cert" port=0 diff --git a/scripts/resume.test b/scripts/resume.test index f948fb5687..c4bd80f1e5 100755 --- a/scripts/resume.test +++ b/scripts/resume.test @@ -111,18 +111,28 @@ do_test() { trap do_trap INT TERM -do_test +./examples/client/client -? 2>&1 | grep -- 'Client not compiled in!' +if [ $? -ne 0 ]; then + ./examples/server/server -? 2>&1 | grep -- 'Server not compiled in!' + if [ $? -ne 0 ]; then + RUN_TEST="Y" + fi +fi -# Check the client for the extended master secret disable option. If -# present we need to run the test twice. -options_check=`./examples/client/client -?` -case "$options_check" in -*$ems_string*) - echo -e "\nRepeating resume test without extended master secret..." - do_test -n ;; -*) - ;; -esac +if [ "$RUN_TEST" = "Y" ]; then + do_test + + # Check the client for the extended master secret disable option. If + # present we need to run the test twice. + options_check=`./examples/client/client -?` + case "$options_check" in + *$ems_string*) + echo -e "\nRepeating resume test without extended master secret..." + do_test -n ;; + *) + ;; + esac +fi echo -e "\nSuccess!\n" diff --git a/scripts/tls13.test b/scripts/tls13.test index 8154d7fdd9..ba999f41f0 100755 --- a/scripts/tls13.test +++ b/scripts/tls13.test @@ -14,7 +14,7 @@ counter=0 # also let's add some randomness by adding pid in case multiple 'make check's # per source tree ready_file=`pwd`/wolfssl_tls13_ready$$ -client_file=/tmp/wolfssl_tls13_client$$ +client_file=`pwd`/wolfssl_tls13_client$$ echo "ready file $ready_file" @@ -70,6 +70,14 @@ do_trap() { trap do_trap INT TERM [ ! -x ./examples/client/client ] && echo -e "\n\nClient doesn't exist" && exit 1 +./examples/client/client -? 2>&1 | grep -- 'Client not compiled in!' +if [ $? -eq 0 ]; then + exit 0 +fi +./examples/server/server -? 2>&1 | grep -- 'Server not compiled in!' +if [ $? -eq 0 ]; then + exit 0 +fi # Usual TLS v1.3 server / TLS v1.3 client. echo -e "\n\nTLS v1.3 server with TLS v1.3 client" @@ -137,8 +145,42 @@ if [ $? -ne 0 ]; then exit 1 fi echo "" + + echo "Find usable TLS 1.2 cipher suite" + for CS in ECDHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES128-GCM-SHA256 + do + echo $CS + ./examples/client/client -e | grep $CS >/dev/null + if [ "$?" = "0" ]; then + TLS12_CS=$CS + break + fi + done + if [ "$TLS12_CS" != "" ]; then + # TLS 1.3 downgrade server and client - no common TLS 1.3 ciphers + echo -e "\n\nTLS v1.3 downgrade server and client - no common TLS 1.3 ciphers" + port=0 + SERVER_CS="TLS13-AES256-GCM-SHA384:$TLS12_CS" + CLIENT_CS="TLS13-AES128-GCM-SHA256:$TLS12_CS" + ./examples/server/server -v d -l $SERVER_CS -R $ready_file -p $port & + server_pid=$! + create_port + ./examples/client/client -v d -l $CLIENT_CS -p $port + RESULT=$? + remove_ready_file + if [ $RESULT -eq 0 ]; then + echo -e "\n\nTLS v1.3 downgrading to TLS v1.2 due to ciphers" + do_cleanup + exit 1 + fi + echo "" + else + echo "No usable TLS 1.2 cipher suite found" + fi fi +do_cleanup + echo -e "\nALL Tests Passed" exit 0 diff --git a/src/internal.c b/src/internal.c index d47316f255..739c730b0c 100644 --- a/src/internal.c +++ b/src/internal.c @@ -136,6 +136,7 @@ enum processReply { #ifndef WOLFSSL_NO_TLS12 +#if !defined(NO_WOLFSSL_SERVER) || !defined(NO_WOLFSSL_CLIENT) /* Server random bytes for TLS v1.3 described downgrade protection mechanism. */ static const byte tls13Downgrade[7] = { @@ -143,10 +144,11 @@ static const byte tls13Downgrade[7] = { }; #define TLS13_DOWNGRADE_SZ sizeof(tls13Downgrade) +#endif /* !NO_WOLFSSL_SERVER || !NO_WOLFSSL_CLIENT */ #ifndef NO_OLD_TLS static int SSL_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, - int content, int verify); + int padSz, int content, int verify); #endif @@ -2735,7 +2737,7 @@ static INLINE void DecodeSigAlg(const byte* input, byte* hashAlgo, byte* hsType) #endif /* !NO_WOLFSSL_SERVER || !NO_CERTS */ #ifndef WOLFSSL_NO_TLS12 - +#if !defined(NO_WOLFSSL_SERVER) || !defined(NO_WOLFSSL_CLIENT) #if !defined(NO_DH) || defined(HAVE_ECC) || \ (!defined(NO_RSA) && defined(WC_RSA_PSS)) @@ -2766,11 +2768,9 @@ static enum wc_HashType HashAlgoToType(int hashAlgo) return WC_HASH_TYPE_NONE; } - #endif /* !NO_DH || HAVE_ECC || (!NO_RSA && WC_RSA_PSS) */ - -#endif - +#endif /* !NO_WOLFSSL_SERVER || !NO_WOLFSSL_CLIENT */ +#endif /* !WOLFSSL_NO_TLS12 */ #ifndef NO_CERTS @@ -2862,6 +2862,7 @@ void FreeX509(WOLFSSL_X509* x509) } +#if !defined(NO_WOLFSSL_SERVER) || !defined(NO_WOLFSSL_CLIENT) /* Encode the signature algorithm into buffer. * * hashalgo The hash algorithm. @@ -2934,10 +2935,12 @@ static void SetDigest(WOLFSSL* ssl, int hashAlgo) } /* switch */ } #endif /* !WOLFSSL_NO_TLS12 && !WOLFSSL_NO_CLIENT_AUTH */ +#endif /* !NO_WOLFSSL_SERVER || !NO_WOLFSSL_CLIENT */ #endif /* !NO_CERTS */ #ifndef NO_RSA #ifndef WOLFSSL_NO_TLS12 +#if !defined(NO_WOLFSSL_SERVER) || !defined(NO_WOLFSSL_CLIENT) static int TypeHash(int hashAlgo) { switch (hashAlgo) { @@ -2961,6 +2964,7 @@ static int TypeHash(int hashAlgo) return 0; } +#endif /* !NO_WOLFSSL_SERVER && !NO_WOLFSSL_CLIENT */ #endif /* !WOLFSSL_NO_TLS12 */ #if defined(WC_RSA_PSS) @@ -7078,6 +7082,7 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) #endif /* WOLFSSL_NO_TLS12 */ +#if !defined(NO_WOLFSSL_SERVER) || !defined(NO_WOLFSSL_CLIENT) /* cipher requirements */ enum { REQUIRES_RSA, @@ -7633,6 +7638,8 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) return 0; } +#endif /* !NO_WOLFSSL_SERVER && !NO_WOLFSSL_CLIENT */ + #ifndef NO_CERTS @@ -7644,6 +7651,7 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) return 1 on success */ int MatchDomainName(const char* pattern, int len, const char* str) { + int ret = 0; char p, s; if (pattern == NULL || str == NULL || len <= 0) @@ -7652,7 +7660,7 @@ int MatchDomainName(const char* pattern, int len, const char* str) while (len > 0) { p = (char)XTOLOWER((unsigned char)*pattern++); - if (p == 0) + if (p == '\0') break; if (p == '*') { @@ -7676,11 +7684,18 @@ int MatchDomainName(const char* pattern, int len, const char* str) return 0; } - if (len > 0) + + if (len > 0) { + str++; len--; + } } - return *str == '\0'; + if (*str == '\0' && len == 0) { + ret = 1; /* success */ + } + + return ret; } @@ -7698,7 +7713,7 @@ int CheckAltNames(DecodedCert* dCert, char* domain) while (altName) { WOLFSSL_MSG("\tindividual AltName check"); - if (MatchDomainName(altName->name,(int)XSTRLEN(altName->name), domain)){ + if (MatchDomainName(altName->name, altName->len, domain)){ match = 1; break; } @@ -7735,8 +7750,7 @@ static int CheckForAltNames(DecodedCert* dCert, char* domain, int* checkCN) while (altName) { WOLFSSL_MSG("\tindividual AltName check"); - if (MatchDomainName(altName->name, (int)XSTRLEN(altName->name), - domain)) { + if (MatchDomainName(altName->name, altName->len, domain)) { match = 1; *checkCN = 0; break; @@ -7946,7 +7960,7 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert) while (cur != NULL) { if (cur->type == ASN_RFC822_TYPE) { DNS_entry* dnsEntry; - int strLen = (int)XSTRLEN(cur->name); + int strLen = cur->len; dnsEntry = (DNS_entry*)XMALLOC(sizeof(DNS_entry), x509->heap, DYNAMIC_TYPE_ALTNAME); @@ -7963,7 +7977,7 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert) XFREE(dnsEntry, x509->heap, DYNAMIC_TYPE_ALTNAME); return MEMORY_E; } - + dnsEntry->len = strLen; XMEMCPY(dnsEntry->name, cur->name, strLen); dnsEntry->name[strLen] = '\0'; @@ -8276,7 +8290,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, } c24to32(input + args->idx, &listSz); args->idx += OPAQUE24_LEN; - if (listSz > MAX_RECORD_SIZE) { + if (listSz > MAX_CERTIFICATE_SZ) { ERROR_OUT(BUFFER_ERROR, exit_ppc); } if ((args->idx - args->begin) + listSz != totalSz) { @@ -11860,173 +11874,6 @@ static int SanityCheckCipherText(WOLFSSL* ssl, word32 encryptSz) return 0; } -#ifndef NO_OLD_TLS - -static INLINE void Md5Rounds(int rounds, const byte* data, int sz) -{ - wc_Md5 md5; - int i; - - wc_InitMd5(&md5); /* no error check on purpose, dummy round */ - - for (i = 0; i < rounds; i++) - wc_Md5Update(&md5, data, sz); - wc_Md5Free(&md5); /* in case needed to release resources */ -} - - - -/* do a dummy sha round */ -static INLINE void ShaRounds(int rounds, const byte* data, int sz) -{ - wc_Sha sha; - int i; - - wc_InitSha(&sha); /* no error check on purpose, dummy round */ - - for (i = 0; i < rounds; i++) - wc_ShaUpdate(&sha, data, sz); - wc_ShaFree(&sha); /* in case needed to release resources */ -} -#endif - -#ifndef WOLFSSL_NO_TLS12 - -#ifndef NO_SHA256 - -static INLINE void Sha256Rounds(int rounds, const byte* data, int sz) -{ - wc_Sha256 sha256; - int i; - - wc_InitSha256(&sha256); /* no error check on purpose, dummy round */ - - for (i = 0; i < rounds; i++) { - wc_Sha256Update(&sha256, data, sz); - /* no error check on purpose, dummy round */ - } - wc_Sha256Free(&sha256); /* in case needed to release resources */ -} - -#endif - - -#ifdef WOLFSSL_SHA384 - -static INLINE void Sha384Rounds(int rounds, const byte* data, int sz) -{ - wc_Sha384 sha384; - int i; - - wc_InitSha384(&sha384); /* no error check on purpose, dummy round */ - - for (i = 0; i < rounds; i++) { - wc_Sha384Update(&sha384, data, sz); - /* no error check on purpose, dummy round */ - } - wc_Sha384Free(&sha384); /* in case needed to release resources */ -} - -#endif - - -#ifdef WOLFSSL_SHA512 - -static INLINE void Sha512Rounds(int rounds, const byte* data, int sz) -{ - wc_Sha512 sha512; - int i; - - wc_InitSha512(&sha512); /* no error check on purpose, dummy round */ - - for (i = 0; i < rounds; i++) { - wc_Sha512Update(&sha512, data, sz); - /* no error check on purpose, dummy round */ - } - wc_Sha512Free(&sha512); /* in case needed to release resources */ -} - -#endif - -#ifdef WOLFSSL_RIPEMD - -static INLINE void RmdRounds(int rounds, const byte* data, int sz) -{ - RipeMd ripemd; - int i; - - (void)wc_InitRipeMd(&ripemd); - - for (i = 0; i < rounds; i++) - (void)wc_RipeMdUpdate(&ripemd, data, sz); -} - -#endif - - -/* Do dummy rounds */ -static INLINE void DoRounds(int type, int rounds, const byte* data, int sz) -{ - (void)rounds; - (void)data; - (void)sz; - - switch (type) { - case no_mac : - break; - -#ifndef NO_OLD_TLS -#ifndef NO_MD5 - case md5_mac : - Md5Rounds(rounds, data, sz); - break; -#endif - -#ifndef NO_SHA - case sha_mac : - ShaRounds(rounds, data, sz); - break; -#endif -#endif - -#ifndef NO_SHA256 - case sha256_mac : - Sha256Rounds(rounds, data, sz); - break; -#endif - -#ifdef WOLFSSL_SHA384 - case sha384_mac : - Sha384Rounds(rounds, data, sz); - break; -#endif - -#ifdef WOLFSSL_SHA512 - case sha512_mac : - Sha512Rounds(rounds, data, sz); - break; -#endif - -#ifdef WOLFSSL_RIPEMD - case rmd_mac : - RmdRounds(rounds, data, sz); - break; -#endif - - default: - WOLFSSL_MSG("Bad round type"); - break; - } -} - - -/* do number of compression rounds on dummy data */ -static INLINE void CompressRounds(WOLFSSL* ssl, int rounds, const byte* dummy) -{ - if (rounds) - DoRounds(ssl->specs.mac_algorithm, rounds, dummy, COMPRESS_LOWER); -} - /* check all length bytes for the pad value, return 0 on success */ static int PadCheck(const byte* a, byte pad, int length) @@ -12042,81 +11889,127 @@ static int PadCheck(const byte* a, byte pad, int length) } -/* get compression extra rounds */ -static INLINE int GetRounds(int pLen, int padLen, int t) +/* Mask the padding bytes with the expected values. + * Constant time implementation - does maximum pad size possible. + * + * data Message data. + * sz Size of the message including MAC and padding and padding length. + * macSz Size of the MAC. + * returns 0 on success, otherwise failure. + */ +static byte MaskPadding(const byte* data, int sz, int macSz) { - int roundL1 = 1; /* round up flags */ - int roundL2 = 1; + int i; + int checkSz = sz - 1; + byte paddingSz = data[sz - 1]; + byte mask; + byte good = ctMaskGT(paddingSz, sz - 1 - macSz); - int L1 = COMPRESS_CONSTANT + pLen - t; - int L2 = COMPRESS_CONSTANT + pLen - padLen - 1 - t; + if (checkSz > TLS_MAX_PAD_SZ) + checkSz = TLS_MAX_PAD_SZ; - L1 -= COMPRESS_UPPER; - L2 -= COMPRESS_UPPER; + for (i = 0; i < checkSz; i++) { + mask = ctMaskLTE(i, paddingSz); + good |= mask & (data[sz - 1 - i] ^ paddingSz); + } - if ( (L1 % COMPRESS_LOWER) == 0) - roundL1 = 0; - if ( (L2 % COMPRESS_LOWER) == 0) - roundL2 = 0; - - L1 /= COMPRESS_LOWER; - L2 /= COMPRESS_LOWER; - - L1 += roundL1; - L2 += roundL2; - - return L1 - L2; + return good; } +/* Mask the MAC in the message with the MAC calculated. + * Constant time implementation - starts looking for MAC where maximum padding + * size has it. + * + * data Message data. + * sz Size of the message including MAC and padding and padding length. + * macSz Size of the MAC data. + * expMac Expected MAC value. + * returns 0 on success, otherwise failure. + */ +static byte MaskMac(const byte* data, int sz, int macSz, byte* expMac) +{ + int i, j; + unsigned char mac[WC_MAX_DIGEST_SIZE]; + int scanStart = sz - 1 - TLS_MAX_PAD_SZ - macSz; + int macEnd = sz - 1 - data[sz - 1]; + int macStart = macEnd - macSz; + int r = 0; + unsigned char started, notEnded; + unsigned char good = 0; + + if (scanStart < 0) + scanStart = 0; + + /* Div on Intel has different speeds depending on value. + * Use a bitwise AND or mod a specific value (converted to mul). */ + if ((macSz & (macSz - 1)) == 0) + r = (macSz - (scanStart - macStart)) & (macSz - 1); +#ifndef NO_SHA + else if (macSz == WC_SHA_DIGEST_SIZE) + r = (macSz - (scanStart - macStart)) % WC_SHA_DIGEST_SIZE; +#endif +#ifdef WOLFSSL_SHA384 + else if (macSz == WC_SHA384_DIGEST_SIZE) + r = (macSz - (scanStart - macStart)) % WC_SHA384_DIGEST_SIZE; +#endif + + XMEMSET(mac, 0, macSz); + for (i = scanStart; i < sz; i += macSz) { + for (j = 0; j < macSz && j + i < sz; j++) { + started = ctMaskGTE(i + j, macStart); + notEnded = ctMaskLT(i + j, macEnd); + mac[j] |= started & notEnded & data[i + j]; + } + } + + if ((macSz & (macSz - 1)) == 0) { + for (i = 0; i < macSz; i++) + good |= expMac[i] ^ mac[(i + r) & (macSz - 1)]; + } +#ifndef NO_SHA + else if (macSz == WC_SHA_DIGEST_SIZE) { + for (i = 0; i < macSz; i++) + good |= expMac[i] ^ mac[(i + r) % WC_SHA_DIGEST_SIZE]; + } +#endif +#ifdef WOLFSSL_SHA384 + else if (macSz == WC_SHA384_DIGEST_SIZE) { + for (i = 0; i < macSz; i++) + good |= expMac[i] ^ mac[(i + r) % WC_SHA384_DIGEST_SIZE]; + } +#endif + + return good; +} /* timing resistant pad/verify check, return 0 on success */ -static int TimingPadVerify(WOLFSSL* ssl, const byte* input, int padLen, int t, - int pLen, int content) +int TimingPadVerify(WOLFSSL* ssl, const byte* input, int padLen, int macSz, + int pLen, int content) { byte verify[WC_MAX_DIGEST_SIZE]; - byte dmy[sizeof(WOLFSSL) >= MAX_PAD_SIZE ? 1 : MAX_PAD_SIZE] = {0}; - byte* dummy = sizeof(dmy) < MAX_PAD_SIZE ? (byte*) ssl : dmy; + byte good; int ret = 0; - (void)dmy; + good = MaskPadding(input, pLen, macSz); + ret = ssl->hmac(ssl, verify, input, pLen - macSz - padLen - 1, padLen, + content, 1); + good |= MaskMac(input, pLen, ssl->specs.hash_size, verify); - if ( (t + padLen + 1) > pLen) { - WOLFSSL_MSG("Plain Len not long enough for pad/mac"); - PadCheck(dummy, (byte)padLen, MAX_PAD_SIZE); - ssl->hmac(ssl, verify, input, pLen - t, content, 1); /* still compare */ - ConstantCompare(verify, input + pLen - t, t); + /* Non-zero on failure. */ + good = ~good; + good &= good >> 4; + good &= good >> 2; + good &= good >> 1; + /* Make ret negative on masking failure. */ + ret -= 1 - good; - return VERIFY_MAC_ERROR; - } - - if (PadCheck(input + pLen - (padLen + 1), (byte)padLen, padLen + 1) != 0) { - WOLFSSL_MSG("PadCheck failed"); - PadCheck(dummy, (byte)padLen, MAX_PAD_SIZE - padLen - 1); - ssl->hmac(ssl, verify, input, pLen - t, content, 1); /* still compare */ - ConstantCompare(verify, input + pLen - t, t); - - return VERIFY_MAC_ERROR; - } - - PadCheck(dummy, (byte)padLen, MAX_PAD_SIZE - padLen - 1); - ret = ssl->hmac(ssl, verify, input, pLen - padLen - 1 - t, content, 1); - - CompressRounds(ssl, GetRounds(pLen, padLen, t), dummy); - - if (ConstantCompare(verify, input + (pLen - padLen - 1 - t), t) != 0) { - WOLFSSL_MSG("Verify MAC compare failed"); - return VERIFY_MAC_ERROR; - } - - /* treat any faulure as verify MAC error */ + /* Treat any faulure as verify MAC error. */ if (ret != 0) ret = VERIFY_MAC_ERROR; return ret; } -#endif /* WOLFSSL_NO_TLS12 */ - int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx) { @@ -12368,8 +12261,8 @@ static INLINE int VerifyMac(WOLFSSL* ssl, const byte* input, word32 msgSz, badPadLen = 1; } PadCheck(dummy, (byte)pad, MAX_PAD_SIZE); /* timing only */ - ret = ssl->hmac(ssl, verify, input, msgSz - digestSz - pad - 1, - content, 1); + ret = ssl->hmac(ssl, verify, input, msgSz - digestSz - pad - 1, pad, + content, 1); if (ConstantCompare(verify, input + msgSz - digestSz - pad - 1, digestSz) != 0) return VERIFY_MAC_ERROR; @@ -12378,7 +12271,7 @@ static INLINE int VerifyMac(WOLFSSL* ssl, const byte* input, word32 msgSz, } } else if (ssl->specs.cipher_type == stream) { - ret = ssl->hmac(ssl, verify, input, msgSz - digestSz, content, 1); + ret = ssl->hmac(ssl, verify, input, msgSz - digestSz, -1, content, 1); if (ConstantCompare(verify, input + msgSz - digestSz, digestSz) != 0){ return VERIFY_MAC_ERROR; } @@ -13118,7 +13011,7 @@ int SendChangeCipher(WOLFSSL* ssl) #ifndef NO_OLD_TLS static int SSL_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, - int content, int verify) + int padLen, int content, int verify) { byte result[WC_MAX_DIGEST_SIZE]; word32 digestSz = ssl->specs.hash_size; /* actual sizes */ @@ -13133,6 +13026,8 @@ static int SSL_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, byte conLen[ENUM_LEN + LENGTH_SZ]; /* content & length */ const byte* macSecret = wolfSSL_GetMacSecret(ssl, verify); + (void)padLen; + #ifdef HAVE_FUZZER if (ssl->fuzzerCb) ssl->fuzzerCb(ssl, in, sz, FUZZ_HMAC, ssl->fuzzerCtx); @@ -13609,8 +13504,8 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input, ERROR_OUT(MEMORY_E, exit_buildmsg); #endif - ret = ssl->hmac(ssl, hmac, output + args->headerSz + args->ivSz, inSz, - type, 0); + ret = ssl->hmac(ssl, hmac, output + args->headerSz + args->ivSz, + inSz, -1, type, 0); XMEMCPY(output + args->idx, hmac, args->digestSz); #ifdef WOLFSSL_SMALL_STACK @@ -13619,8 +13514,8 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input, } else #endif - ret = ssl->hmac(ssl, output + args->idx, output + args->headerSz + args->ivSz, - inSz, type, 0); + ret = ssl->hmac(ssl, output + args->idx, output + + args->headerSz + args->ivSz, inSz, -1, type, 0); #ifdef WOLFSSL_DTLS if (ssl->options.dtls) DtlsSEQIncrement(ssl, CUR_ORDER); @@ -16386,6 +16281,152 @@ void PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, #endif /* WOLFSSL_CALLBACKS */ +#if !defined(NO_CERTS) && (defined(WOLFSSL_TLS13) || \ + !defined(NO_WOLFSSL_CLIENT)) + +/* Decode the private key - RSA, ECC, or Ed25519 - and creates a key object. + * The signature type is set as well. + * The maximum length of a signature is returned. + * + * ssl The SSL/TLS object. + * length The length of a signature. + * returns 0 on success, otherwise failure. + */ +int DecodePrivateKey(WOLFSSL *ssl, word16* length) +{ + int ret = BAD_FUNC_ARG; + int keySz; + word32 idx; + + /* make sure private key exists */ + if (ssl->buffers.key == NULL || ssl->buffers.key->buffer == NULL) { + WOLFSSL_MSG("Private key missing!"); + ERROR_OUT(NO_PRIVATE_KEY, exit_dpk); + } + +#ifndef NO_RSA + ssl->hsType = DYNAMIC_TYPE_RSA; + ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey); + if (ret != 0) { + goto exit_dpk; + } + + WOLFSSL_MSG("Trying RSA private key"); + + /* Set start of data to beginning of buffer. */ + idx = 0; + /* Decode the key assuming it is an RSA private key. */ + ret = wc_RsaPrivateKeyDecode(ssl->buffers.key->buffer, &idx, + (RsaKey*)ssl->hsKey, ssl->buffers.key->length); + if (ret == 0) { + WOLFSSL_MSG("Using RSA private key"); + + /* It worked so check it meets minimum key size requirements. */ + keySz = wc_RsaEncryptSize((RsaKey*)ssl->hsKey); + if (keySz < 0) { /* check if keySz has error case */ + ERROR_OUT(keySz, exit_dpk); + } + + if (keySz < ssl->options.minRsaKeySz) { + WOLFSSL_MSG("RSA key size too small"); + ERROR_OUT(RSA_KEY_SIZE_E, exit_dpk); + } + + /* Return the maximum signature length. */ + *length = (word16)keySz; + + goto exit_dpk; + } +#endif /* !NO_RSA */ + +#ifdef HAVE_ECC +#ifndef NO_RSA + FreeKey(ssl, ssl->hsType, (void**)&ssl->hsKey); +#endif /* !NO_RSA */ + + ssl->hsType = DYNAMIC_TYPE_ECC; + ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey); + if (ret != 0) { + goto exit_dpk; + } + +#ifndef NO_RSA + WOLFSSL_MSG("Trying ECC private key, RSA didn't work"); +#else + WOLFSSL_MSG("Trying ECC private key"); +#endif + + /* Set start of data to beginning of buffer. */ + idx = 0; + /* Decode the key assuming it is an ECC private key. */ + ret = wc_EccPrivateKeyDecode(ssl->buffers.key->buffer, &idx, + (ecc_key*)ssl->hsKey, + ssl->buffers.key->length); + if (ret == 0) { + WOLFSSL_MSG("Using ECC private key"); + + /* Check it meets the minimum ECC key size requirements. */ + keySz = wc_ecc_size((ecc_key*)ssl->hsKey); + if (keySz < ssl->options.minEccKeySz) { + WOLFSSL_MSG("ECC key size too small"); + ERROR_OUT(ECC_KEY_SIZE_E, exit_dpk); + } + + /* Return the maximum signature length. */ + *length = (word16)wc_ecc_sig_size((ecc_key*)ssl->hsKey); + + goto exit_dpk; + } +#endif +#ifdef HAVE_ED25519 + #if !defined(NO_RSA) || defined(HAVE_ECC) + FreeKey(ssl, ssl->hsType, (void**)&ssl->hsKey); + #endif + + ssl->hsType = DYNAMIC_TYPE_ED25519; + ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey); + if (ret != 0) { + goto exit_dpk; + } + + #ifdef HAVE_ECC + WOLFSSL_MSG("Trying ED25519 private key, ECC didn't work"); + #elif !defined(NO_RSA) + WOLFSSL_MSG("Trying ED25519 private key, RSA didn't work"); + #else + WOLFSSL_MSG("Trying ED25519 private key"); + #endif + + /* Set start of data to beginning of buffer. */ + idx = 0; + /* Decode the key assuming it is an ED25519 private key. */ + ret = wc_Ed25519PrivateKeyDecode(ssl->buffers.key->buffer, &idx, + (ed25519_key*)ssl->hsKey, + ssl->buffers.key->length); + if (ret == 0) { + WOLFSSL_MSG("Using ED25519 private key"); + + /* Check it meets the minimum ECC key size requirements. */ + if (ED25519_KEY_SIZE < ssl->options.minEccKeySz) { + WOLFSSL_MSG("ED25519 key size too small"); + ERROR_OUT(ECC_KEY_SIZE_E, exit_dpk); + } + + /* Return the maximum signature length. */ + *length = ED25519_SIG_SIZE; + + goto exit_dpk; + } +#endif /* HAVE_ED25519 */ + + (void)idx; + (void)keySz; + (void)length; +exit_dpk: + return ret; +} + +#endif /* WOLFSSL_TLS13 || !NO_WOLFSSL_CLIENT */ /* client only parts */ #ifndef NO_WOLFSSL_CLIENT @@ -16868,36 +16909,6 @@ void PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, XMEMCPY(ssl->arrays->serverRandom, input + i, RAN_LEN); i += RAN_LEN; - if (!ssl->options.resuming) { -#ifdef WOLFSSL_TLS13 - if (IsAtLeastTLSv1_3(ssl->ctx->method->version)) { - /* TLS v1.3 capable client not allowed to downgrade when - * connecting to TLS v1.3 capable server unless cipher suite - * demands it. - */ - if (XMEMCMP(input + i - (TLS13_DOWNGRADE_SZ + 1), - tls13Downgrade, TLS13_DOWNGRADE_SZ) == 0 && - (*(input + i - 1) == 0 || *(input + i - 1) == 1)) { - SendAlert(ssl, alert_fatal, illegal_parameter); - return VERSION_ERROR; - } - } - else -#endif - if (ssl->ctx->method->version.major == SSLv3_MAJOR && - ssl->ctx->method->version.minor == TLSv1_2_MINOR) { - /* TLS v1.2 capable client not allowed to downgrade when - * connecting to TLS v1.2 capable server. - */ - if (XMEMCMP(input + i - (TLS13_DOWNGRADE_SZ + 1), - tls13Downgrade, TLS13_DOWNGRADE_SZ) == 0 && - *(input + i - 1) == 0) { - SendAlert(ssl, alert_fatal, illegal_parameter); - return VERSION_ERROR; - } - } - } - /* session id */ ssl->arrays->sessionIDSz = input[i++]; @@ -17066,7 +17077,37 @@ void PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, { int ret; - if (ssl->options.resuming) { + if (!ssl->options.resuming) { + byte* down = ssl->arrays->serverRandom + RAN_LEN - + TLS13_DOWNGRADE_SZ - 1; + byte vers = ssl->arrays->serverRandom[RAN_LEN - 1]; + #ifdef WOLFSSL_TLS13 + if (IsAtLeastTLSv1_3(ssl->ctx->method->version)) { + /* TLS v1.3 capable client not allowed to downgrade when + * connecting to TLS v1.3 capable server unless cipher suite + * demands it. + */ + if (XMEMCMP(down, tls13Downgrade, TLS13_DOWNGRADE_SZ) == 0 && + (vers == 0 || vers == 1)) { + SendAlert(ssl, alert_fatal, illegal_parameter); + return VERSION_ERROR; + } + } + else + #endif + if (ssl->ctx->method->version.major == SSLv3_MAJOR && + ssl->ctx->method->version.minor == TLSv1_2_MINOR) { + /* TLS v1.2 capable client not allowed to downgrade when + * connecting to TLS v1.2 capable server. + */ + if (XMEMCMP(down, tls13Downgrade, TLS13_DOWNGRADE_SZ) == 0 && + vers == 0) { + SendAlert(ssl, alert_fatal, illegal_parameter); + return VERSION_ERROR; + } + } + } + else { if (DSH_CheckSessionId(ssl)) { if (SetCipherSpecs(ssl) == 0) { @@ -17097,11 +17138,11 @@ void PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, ssl->options.resuming = 0; /* server denied resumption try */ } } - #ifdef WOLFSSL_DTLS - if (ssl->options.dtls) { - DtlsMsgPoolReset(ssl); - } - #endif + #ifdef WOLFSSL_DTLS + if (ssl->options.dtls) { + DtlsMsgPoolReset(ssl); + } + #endif return SetCipherSpecs(ssl); } @@ -19753,148 +19794,6 @@ exit_scke: } #endif /* HAVE_PK_CALLBACKS */ -/* Decode the private key - RSA, ECC, or Ed25519 - and creates a key object. - * The signature type is set as well. - * The maximum length of a signature is returned. - * - * ssl The SSL/TLS object. - * length The length of a signature. - * returns 0 on success, otherwise failure. - */ -int DecodePrivateKey(WOLFSSL *ssl, word16* length) -{ - int ret = BAD_FUNC_ARG; - int keySz; - word32 idx; - - /* make sure private key exists */ - if (ssl->buffers.key == NULL || ssl->buffers.key->buffer == NULL) { - WOLFSSL_MSG("Private key missing!"); - ERROR_OUT(NO_PRIVATE_KEY, exit_dpk); - } - -#ifndef NO_RSA - ssl->hsType = DYNAMIC_TYPE_RSA; - ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey); - if (ret != 0) { - goto exit_dpk; - } - - WOLFSSL_MSG("Trying RSA private key"); - - /* Set start of data to beginning of buffer. */ - idx = 0; - /* Decode the key assuming it is an RSA private key. */ - ret = wc_RsaPrivateKeyDecode(ssl->buffers.key->buffer, &idx, - (RsaKey*)ssl->hsKey, ssl->buffers.key->length); - if (ret == 0) { - WOLFSSL_MSG("Using RSA private key"); - - /* It worked so check it meets minimum key size requirements. */ - keySz = wc_RsaEncryptSize((RsaKey*)ssl->hsKey); - if (keySz < 0) { /* check if keySz has error case */ - ERROR_OUT(keySz, exit_dpk); - } - - if (keySz < ssl->options.minRsaKeySz) { - WOLFSSL_MSG("RSA key size too small"); - ERROR_OUT(RSA_KEY_SIZE_E, exit_dpk); - } - - /* Return the maximum signature length. */ - *length = (word16)keySz; - - goto exit_dpk; - } -#endif /* !NO_RSA */ - -#ifdef HAVE_ECC -#ifndef NO_RSA - FreeKey(ssl, ssl->hsType, (void**)&ssl->hsKey); -#endif /* !NO_RSA */ - - ssl->hsType = DYNAMIC_TYPE_ECC; - ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey); - if (ret != 0) { - goto exit_dpk; - } - -#ifndef NO_RSA - WOLFSSL_MSG("Trying ECC private key, RSA didn't work"); -#else - WOLFSSL_MSG("Trying ECC private key"); -#endif - - /* Set start of data to beginning of buffer. */ - idx = 0; - /* Decode the key assuming it is an ECC private key. */ - ret = wc_EccPrivateKeyDecode(ssl->buffers.key->buffer, &idx, - (ecc_key*)ssl->hsKey, - ssl->buffers.key->length); - if (ret == 0) { - WOLFSSL_MSG("Using ECC private key"); - - /* Check it meets the minimum ECC key size requirements. */ - keySz = wc_ecc_size((ecc_key*)ssl->hsKey); - if (keySz < ssl->options.minEccKeySz) { - WOLFSSL_MSG("ECC key size too small"); - ERROR_OUT(ECC_KEY_SIZE_E, exit_dpk); - } - - /* Return the maximum signature length. */ - *length = (word16)wc_ecc_sig_size((ecc_key*)ssl->hsKey); - - goto exit_dpk; - } -#endif -#ifdef HAVE_ED25519 - #if !defined(NO_RSA) || defined(HAVE_ECC) - FreeKey(ssl, ssl->hsType, (void**)&ssl->hsKey); - #endif - - ssl->hsType = DYNAMIC_TYPE_ED25519; - ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey); - if (ret != 0) { - goto exit_dpk; - } - - #ifdef HAVE_ECC - WOLFSSL_MSG("Trying ED25519 private key, ECC didn't work"); - #elif !defined(NO_RSA) - WOLFSSL_MSG("Trying ED25519 private key, RSA didn't work"); - #else - WOLFSSL_MSG("Trying ED25519 private key"); - #endif - - /* Set start of data to beginning of buffer. */ - idx = 0; - /* Decode the key assuming it is an ED25519 private key. */ - ret = wc_Ed25519PrivateKeyDecode(ssl->buffers.key->buffer, &idx, - (ed25519_key*)ssl->hsKey, - ssl->buffers.key->length); - if (ret == 0) { - WOLFSSL_MSG("Using ED25519 private key"); - - /* Check it meets the minimum ECC key size requirements. */ - if (ED25519_KEY_SIZE < ssl->options.minEccKeySz) { - WOLFSSL_MSG("ED25519 key size too small"); - ERROR_OUT(ECC_KEY_SIZE_E, exit_dpk); - } - - /* Return the maximum signature length. */ - *length = ED25519_SIG_SIZE; - - goto exit_dpk; - } -#endif /* HAVE_ED25519 */ - - (void)idx; - (void)keySz; - (void)length; -exit_dpk: - return ret; -} - #ifndef WOLFSSL_NO_TLS12 #ifndef WOLFSSL_NO_CLIENT_AUTH @@ -23461,7 +23360,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, args->output, args->sigSz, HashAlgoToType(args->hashAlgo)); if (ret != 0) - return ret; + goto exit_dcv; } else #endif diff --git a/src/ssl.c b/src/ssl.c index 052e794b42..4bd9e1b5ec 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -1147,6 +1147,8 @@ int wolfSSL_negotiate(WOLFSSL* ssl) } #endif + (void)ssl; + WOLFSSL_LEAVE("wolfSSL_negotiate", err); return err; @@ -3366,7 +3368,7 @@ void wolfSSL_EVP_init(void) #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) -void wolfSSL_ERR_print_errors_fp(FILE* fp, int err) +void wolfSSL_ERR_print_errors_fp(XFILE fp, int err) { char data[WOLFSSL_MAX_ERROR_SZ + 1]; @@ -3376,7 +3378,7 @@ void wolfSSL_ERR_print_errors_fp(FILE* fp, int err) } #if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE) -void wolfSSL_ERR_dump_errors_fp(FILE* fp) +void wolfSSL_ERR_dump_errors_fp(XFILE fp) { wc_ERR_print_errors_fp(fp); } @@ -8433,11 +8435,11 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, #ifdef OPENSSL_EXTRA WOLFSSL_METHOD* wolfSSLv23_method(void) { - WOLFSSL_METHOD* m; + WOLFSSL_METHOD* m = NULL; WOLFSSL_ENTER("wolfSSLv23_method"); -#ifndef NO_WOLFSSL_CLIENT +#if !defined(NO_WOLFSSL_CLIENT) m = wolfSSLv23_client_method(); -#else +#elif !defined(NO_WOLFSSL_SERVER) m = wolfSSLv23_server_method(); #endif if (m != NULL) { @@ -11597,12 +11599,15 @@ int wolfSSL_set_compression(WOLFSSL* ssl) WOLFSSL_BIO* wolfSSL_BIO_new_mem_buf(void* buf, int len) { WOLFSSL_BIO* bio = NULL; - if (buf == NULL) + + if (buf == NULL || len < 0) { return bio; + } bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()); - if (bio == NULL) + if (bio == NULL) { return bio; + } bio->memLen = bio->wrSz = len; bio->mem = (byte*)XMALLOC(len, 0, DYNAMIC_TYPE_OPENSSL); @@ -13400,7 +13405,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) } - /* WOLFSSL_SUCCESS on ok */ + /* WOLFSSL_SUCCESS on ok, WOLFSSL_FAILURE on failure */ int wolfSSL_EVP_DigestUpdate(WOLFSSL_EVP_MD_CTX* ctx, const void* data, size_t sz) { @@ -13450,7 +13455,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) break; #endif /* WOLFSSL_SHA512 */ default: - return BAD_FUNC_ARG; + return WOLFSSL_FAILURE; } return WOLFSSL_SUCCESS; @@ -13506,7 +13511,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) break; #endif /* WOLFSSL_SHA512 */ default: - return BAD_FUNC_ARG; + return WOLFSSL_FAILURE; } return WOLFSSL_SUCCESS; @@ -13613,7 +13618,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) { WOLFSSL_ENTER("wolfSSL_ERR_clear_error"); -#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) +#if defined(DEBUG_WOLFSSL) || defined(WOLFSSL_NGINX) wc_ClearErrorNodes(); #endif } @@ -15608,8 +15613,8 @@ WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509* x509) if (wolfSSL_RSA_LoadDer_ex(key->rsa, (const unsigned char*)key->pkey.ptr, key->pkey_sz, WOLFSSL_RSA_LOAD_PUBLIC) != SSL_SUCCESS) { - XFREE(key, x509->heap, DYNAMIC_TYPE_PUBLIC_KEY); wolfSSL_RSA_free(key->rsa); + XFREE(key, x509->heap, DYNAMIC_TYPE_PUBLIC_KEY); return NULL; } } @@ -22526,7 +22531,7 @@ char *wolfSSL_BN_bn2hex(const WOLFSSL_BIGNUM *bn) /* return code compliant with OpenSSL : * 1 if success, 0 if error */ -int wolfSSL_BN_print_fp(FILE *fp, const WOLFSSL_BIGNUM *bn) +int wolfSSL_BN_print_fp(XFILE fp, const WOLFSSL_BIGNUM *bn) { #if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) || defined(DEBUG_WOLFSSL) char *buf; @@ -26564,6 +26569,7 @@ int wolfSSL_EC_POINT_get_affine_coordinates_GFp(const WOLFSSL_EC_GROUP *group, return WOLFSSL_SUCCESS; } +#ifndef WOLFSSL_ATECC508A /* return code compliant with OpenSSL : * 1 if success, 0 if error */ @@ -26628,6 +26634,7 @@ int wolfSSL_EC_POINT_mul(const WOLFSSL_EC_GROUP *group, WOLFSSL_EC_POINT *r, return ret; } +#endif void wolfSSL_EC_POINT_clear_free(WOLFSSL_EC_POINT *p) { @@ -27387,6 +27394,10 @@ WOLFSSL_EVP_PKEY* wolfSSL_PEM_read_bio_PrivateKey(WOLFSSL_BIO* bio, WOLFSSL_ENTER("wolfSSL_PEM_read_bio_PrivateKey"); + if (bio == NULL) { + return pkey; + } + if ((ret = wolfSSL_BIO_pending(bio)) > 0) { memSz = ret; mem = (char*)XMALLOC(memSz, bio->heap, DYNAMIC_TYPE_OPENSSL); @@ -27640,10 +27651,6 @@ int wolfSSL_PEM_write_RSA_PUBKEY(FILE *fp, WOLFSSL_RSA *x) #endif /* NO_FILESYSTEM */ -#endif /* !NO_RSA */ -#endif /* OPENSSL_EXTRA */ - -#if !defined(NO_RSA) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) WOLFSSL_RSA *wolfSSL_d2i_RSAPublicKey(WOLFSSL_RSA **r, const unsigned char **pp, long len) { WOLFSSL_RSA *rsa = NULL; @@ -27699,6 +27706,10 @@ int wolfSSL_i2d_RSAPublicKey(WOLFSSL_RSA *rsa, const unsigned char **pp) } #endif /* #if !defined(HAVE_FAST_RSA) */ +#endif /* !NO_RSA */ +#endif /* OPENSSL_EXTRA */ + +#if !defined(NO_RSA) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) /* return WOLFSSL_SUCCESS if success, WOLFSSL_FATAL_ERROR if error */ int wolfSSL_RSA_LoadDer(WOLFSSL_RSA* rsa, const unsigned char* derBuf, int derSz) { @@ -28643,8 +28654,10 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) return NULL; i = 0; - if (wc_PemGetHeaderFooter(CERT_TYPE, NULL, &footer) != 0) + if (wc_PemGetHeaderFooter(CERT_TYPE, NULL, &footer) != 0) { + XFREE(pem, 0, DYNAMIC_TYPE_PEM); return NULL; + } /* TODO: Inefficient * reading in one byte at a time until see "END CERTIFICATE" @@ -28684,7 +28697,7 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) } #if defined(HAVE_CRL) && !defined(NO_FILESYSTEM) - WOLFSSL_API WOLFSSL_X509_CRL* wolfSSL_PEM_read_X509_CRL(FILE *fp, WOLFSSL_X509_CRL **crl, + WOLFSSL_API WOLFSSL_X509_CRL* wolfSSL_PEM_read_X509_CRL(XFILE fp, WOLFSSL_X509_CRL **crl, pem_password_cb *cb, void *u) { #if defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM) @@ -32922,4 +32935,4 @@ int wolfSSL_i2c_ASN1_INTEGER(WOLFSSL_ASN1_INTEGER *a, unsigned char **pp) } #endif /* !NO_ASN */ -#endif /* OPENSSLEXTRA */ \ No newline at end of file +#endif /* OPENSSLEXTRA */ diff --git a/src/tls.c b/src/tls.c old mode 100755 new mode 100644 index df8ac64f52..b19f4b8949 --- a/src/tls.c +++ b/src/tls.c @@ -852,13 +852,449 @@ int wolfSSL_SetTlsHmacInner(WOLFSSL* ssl, byte* inner, word32 sz, int content, } -/* TLS type HMAC */ -int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, - int content, int verify) +#if !defined(WOLFSSL_NO_HASH_RAW) && !defined(HAVE_FIPS) && \ + !defined(HAVE_SELFTEST) + +/* Update the hash in the HMAC. + * + * hmac HMAC object. + * data Data to be hashed. + * sz Size of data to hash. + * returns 0 on success, otherwise failure. + */ +static int Hmac_HashUpdate(Hmac* hmac, const byte* data, word32 sz) { - Hmac hmac; - int ret = 0; - byte myInner[WOLFSSL_TLS_HMAC_INNER_SZ]; + int ret = BAD_FUNC_ARG; + + switch (hmac->macType) { + #ifndef NO_SHA + case WC_SHA: + ret = wc_ShaUpdate(&hmac->hash.sha, data, sz); + break; + #endif /* !NO_SHA */ + + #ifndef NO_SHA256 + case WC_SHA256: + ret = wc_Sha256Update(&hmac->hash.sha256, data, sz); + break; + #endif /* !NO_SHA256 */ + + #ifdef WOLFSSL_SHA384 + case WC_SHA384: + ret = wc_Sha384Update(&hmac->hash.sha384, data, sz); + break; + #endif /* WOLFSSL_SHA384 */ + + #ifdef WOLFSSL_SHA512 + case WC_SHA512: + ret = wc_Sha512Update(&hmac->hash.sha512, data, sz); + break; + #endif /* WOLFSSL_SHA512 */ + } + + return ret; +} + +/* Finalize the hash but don't put the EOC, padding or length in. + * + * hmac HMAC object. + * hash Hash result. + * returns 0 on success, otherwise failure. + */ +static int Hmac_HashFinalRaw(Hmac* hmac, unsigned char* hash) +{ + int ret = BAD_FUNC_ARG; + + switch (hmac->macType) { + #ifndef NO_SHA + case WC_SHA: + ret = wc_ShaFinalRaw(&hmac->hash.sha, hash); + break; + #endif /* !NO_SHA */ + + #ifndef NO_SHA256 + case WC_SHA256: + ret = wc_Sha256FinalRaw(&hmac->hash.sha256, hash); + break; + #endif /* !NO_SHA256 */ + + #ifdef WOLFSSL_SHA384 + case WC_SHA384: + ret = wc_Sha384FinalRaw(&hmac->hash.sha384, hash); + break; + #endif /* WOLFSSL_SHA384 */ + + #ifdef WOLFSSL_SHA512 + case WC_SHA512: + ret = wc_Sha512FinalRaw(&hmac->hash.sha512, hash); + break; + #endif /* WOLFSSL_SHA512 */ + } + + return ret; +} + +/* Finalize the HMAC by performing outer hash. + * + * hmac HMAC object. + * mac MAC result. + * returns 0 on success, otherwise failure. + */ +static int Hmac_OuterHash(Hmac* hmac, unsigned char* mac) +{ + int ret = BAD_FUNC_ARG; + + switch (hmac->macType) { + #ifndef NO_SHA + case WC_SHA: + ret = wc_InitSha(&hmac->hash.sha); + if (ret == 0) + ret = wc_ShaUpdate(&hmac->hash.sha, (byte*)hmac->opad, + WC_SHA_BLOCK_SIZE); + if (ret == 0) + ret = wc_ShaUpdate(&hmac->hash.sha, (byte*)hmac->innerHash, + WC_SHA_DIGEST_SIZE); + if (ret == 0) + ret = wc_ShaFinal(&hmac->hash.sha, mac); + break; + #endif /* !NO_SHA */ + + #ifndef NO_SHA256 + case WC_SHA256: + ret = wc_InitSha256(&hmac->hash.sha256); + if (ret == 0) + ret = wc_Sha256Update(&hmac->hash.sha256, (byte*)hmac->opad, + WC_SHA256_BLOCK_SIZE); + if (ret == 0) + ret = wc_Sha256Update(&hmac->hash.sha256, + (byte*)hmac->innerHash, + WC_SHA256_DIGEST_SIZE); + if (ret == 0) + ret = wc_Sha256Final(&hmac->hash.sha256, mac); + break; + #endif /* !NO_SHA256 */ + + #ifdef WOLFSSL_SHA384 + case WC_SHA384: + ret = wc_InitSha384(&hmac->hash.sha384); + if (ret == 0) + ret = wc_Sha384Update(&hmac->hash.sha384, (byte*)hmac->opad, + WC_SHA384_BLOCK_SIZE); + if (ret == 0) + ret = wc_Sha384Update(&hmac->hash.sha384, + (byte*)hmac->innerHash, + WC_SHA384_DIGEST_SIZE); + if (ret == 0) + ret = wc_Sha384Final(&hmac->hash.sha384, mac); + break; + #endif /* WOLFSSL_SHA384 */ + + #ifdef WOLFSSL_SHA512 + case WC_SHA512: + ret = wc_InitSha512(&hmac->hash.sha512); + if (ret == 0) + ret = wc_Sha512Update(&hmac->hash.sha512,(byte*)hmac->opad, + WC_SHA512_BLOCK_SIZE); + if (ret == 0) + ret = wc_Sha512Update(&hmac->hash.sha512, + (byte*)hmac->innerHash, + WC_SHA512_DIGEST_SIZE); + if (ret == 0) + ret = wc_Sha512Final(&hmac->hash.sha512, mac); + break; + #endif /* WOLFSSL_SHA512 */ + } + + return ret; +} + +/* Calculate the HMAC of the header + message data. + * Constant time implementation using wc_Sha*FinalRaw(). + * + * hmac HMAC object. + * digest MAC result. + * in Message data. + * sz Size of the message data. + * header Constructed record header with length of handshake data. + * returns 0 on success, otherwise failure. + */ +static int Hmac_UpdateFinal_CT(Hmac* hmac, byte* digest, const byte* in, + word32 sz, byte* header) +{ + byte lenBytes[8]; + int i, j, k; + int blockBits, blockMask; + int realLen, lastBlockLen, macLen, extraLen, eocIndex; + int blocks, safeBlocks, lenBlock, eocBlock; + int maxLen; + int blockSz, padSz; + int ret; + byte extraBlock; + + switch (hmac->macType) { + #ifndef NO_SHA + case WC_SHA: + blockSz = WC_SHA_BLOCK_SIZE; + blockBits = 6; + macLen = WC_SHA_DIGEST_SIZE; + padSz = WC_SHA_BLOCK_SIZE - WC_SHA_PAD_SIZE + 1; + break; + #endif /* !NO_SHA */ + + #ifndef NO_SHA256 + case WC_SHA256: + blockSz = WC_SHA256_BLOCK_SIZE; + blockBits = 6; + macLen = WC_SHA256_DIGEST_SIZE; + padSz = WC_SHA256_BLOCK_SIZE - WC_SHA256_PAD_SIZE + 1; + break; + #endif /* !NO_SHA256 */ + + #ifdef WOLFSSL_SHA384 + case WC_SHA384: + blockSz = WC_SHA384_BLOCK_SIZE; + blockBits = 7; + macLen = WC_SHA384_DIGEST_SIZE; + padSz = WC_SHA384_BLOCK_SIZE - WC_SHA384_PAD_SIZE + 1; + break; + #endif /* WOLFSSL_SHA384 */ + + #ifdef WOLFSSL_SHA512 + case WC_SHA512: + blockSz = WC_SHA512_BLOCK_SIZE; + blockBits = 7; + macLen = WC_SHA512_DIGEST_SIZE; + padSz = WC_SHA512_BLOCK_SIZE - WC_SHA512_PAD_SIZE + 1; + break; + #endif /* WOLFSSL_SHA512 */ + + default: + return BAD_FUNC_ARG; + } + blockMask = blockSz - 1; + + /* Size of data to HMAC if padding length byte is zero. */ + maxLen = WOLFSSL_TLS_HMAC_INNER_SZ + sz - 1 - macLen; + /* Complete data (including padding) has block for EOC and/or length. */ + extraBlock = ctSetLTE((maxLen + padSz) & blockMask, padSz); + /* Total number of blocks for data including padding. */ + blocks = ((maxLen + blockSz - 1) >> blockBits) + extraBlock; + /* Up to last 6 blocks can be hashed safely. */ + safeBlocks = blocks - 6; + + /* Length of message data. */ + realLen = maxLen - in[sz - 1]; + /* Number of message bytes in last block. */ + lastBlockLen = realLen & blockMask; + /* Number of padding bytes in last block. */ + extraLen = ((blockSz * 2 - padSz - lastBlockLen) & blockMask) + 1; + /* Number of blocks to create for hash. */ + lenBlock = (realLen + extraLen) >> blockBits; + /* Block containing EOC byte. */ + eocBlock = realLen >> blockBits; + /* Index of EOC byte in block. */ + eocIndex = realLen & blockMask; + + /* Add length of hmac's ipad to total length. */ + realLen += blockSz; + /* Length as bits - 8 bytes bigendian. */ + c32toa(realLen >> ((sizeof(word32) * 8) - 3), lenBytes); + c32toa(realLen << 3, lenBytes + sizeof(word32)); + + ret = Hmac_HashUpdate(hmac, (unsigned char*)hmac->ipad, blockSz); + if (ret != 0) + return ret; + + XMEMSET(hmac->innerHash, 0, macLen); + + if (safeBlocks > 0) { + ret = Hmac_HashUpdate(hmac, header, WOLFSSL_TLS_HMAC_INNER_SZ); + if (ret != 0) + return ret; + ret = Hmac_HashUpdate(hmac, in, safeBlocks * blockSz - + WOLFSSL_TLS_HMAC_INNER_SZ); + if (ret != 0) + return ret; + } + else + safeBlocks = 0; + + XMEMSET(digest, 0, macLen); + k = safeBlocks * blockSz; + for (i = safeBlocks; i < blocks; i++) { + unsigned char hashBlock[WC_MAX_BLOCK_SIZE]; + unsigned char isEocBlock = ctMaskEq(i, eocBlock); + unsigned char isOutBlock = ctMaskEq(i, lenBlock); + + for (j = 0; j < blockSz; j++, k++) { + unsigned char atEoc = ctMaskEq(j, eocIndex) & isEocBlock; + unsigned char pastEoc = ctMaskGT(j, eocIndex) & isEocBlock; + unsigned char b = 0; + + if (k < WOLFSSL_TLS_HMAC_INNER_SZ) + b = header[k]; + else if (k < maxLen) + b = in[k - WOLFSSL_TLS_HMAC_INNER_SZ]; + + b = ctMaskSel(atEoc, b, 0x80); + b &= ~pastEoc; + b &= ~isOutBlock | isEocBlock; + + if (j >= blockSz - 8) { + b = ctMaskSel(isOutBlock, b, lenBytes[j - (blockSz - 8)]); + } + + hashBlock[j] = b; + } + + ret = Hmac_HashUpdate(hmac, hashBlock, blockSz); + if (ret != 0) + return ret; + ret = Hmac_HashFinalRaw(hmac, hashBlock); + if (ret != 0) + return ret; + for (j = 0; j < macLen; j++) + ((unsigned char*)hmac->innerHash)[j] |= hashBlock[j] & isOutBlock; + } + + ret = Hmac_OuterHash(hmac, digest); + + return ret; +} + +#endif + +#if defined(WOLFSSL_NO_HASH_RAW) || defined(HAVE_FIPS) || \ + defined(HAVE_SELFTEST) || defined(HAVE_BLAKE2) + +/* Calculate the HMAC of the header + message data. + * Constant time implementation using normal hashing operations. + * Update-Final need to be constant time. + * + * hmac HMAC object. + * digest MAC result. + * in Message data. + * sz Size of the message data. + * header Constructed record header with length of handshake data. + * returns 0 on success, otherwise failure. + */ +static int Hmac_UpdateFinal(Hmac* hmac, byte* digest, const byte* in, + word32 sz, byte* header) +{ + byte dummy[WC_MAX_BLOCK_SIZE] = {0}; + int ret; + word32 msgSz, blockSz, macSz, padSz, maxSz, realSz; + word32 currSz, offset; + int msgBlocks, blocks, blockBits; + int i; + + switch (hmac->macType) { + #ifndef NO_SHA + case WC_SHA: + blockSz = WC_SHA_BLOCK_SIZE; + blockBits = 6; + macSz = WC_SHA_DIGEST_SIZE; + padSz = WC_SHA_BLOCK_SIZE - WC_SHA_PAD_SIZE + 1; + break; + #endif /* !NO_SHA */ + + #ifndef NO_SHA256 + case WC_SHA256: + blockSz = WC_SHA256_BLOCK_SIZE; + blockBits = 6; + macSz = WC_SHA256_DIGEST_SIZE; + padSz = WC_SHA256_BLOCK_SIZE - WC_SHA256_PAD_SIZE + 1; + break; + #endif /* !NO_SHA256 */ + + #ifdef WOLFSSL_SHA384 + case WC_SHA384: + blockSz = WC_SHA384_BLOCK_SIZE; + blockBits = 7; + macSz = WC_SHA384_DIGEST_SIZE; + padSz = WC_SHA384_BLOCK_SIZE - WC_SHA384_PAD_SIZE + 1; + break; + #endif /* WOLFSSL_SHA384 */ + + #ifdef WOLFSSL_SHA512 + case WC_SHA512: + blockSz = WC_SHA512_BLOCK_SIZE; + blockBits = 7; + macSz = WC_SHA512_DIGEST_SIZE; + padSz = WC_SHA512_BLOCK_SIZE - WC_SHA512_PAD_SIZE + 1; + break; + #endif /* WOLFSSL_SHA512 */ + + #ifdef HAVE_BLAKE2 + case WC_HASH_TYPE_BLAKE2B: + blockSz = BLAKE2B_BLOCKBYTES; + blockBits = 7; + macSz = BLAKE2B_256; + padSz = 0; + break; + #endif /* HAVE_BLAK2 */ + + default: + return BAD_FUNC_ARG; + } + + msgSz = sz - (1 + in[sz - 1] + macSz); + /* Make negative result 0 */ + msgSz &= ~(0 - (msgSz >> 31)); + realSz = WOLFSSL_TLS_HMAC_INNER_SZ + msgSz; + maxSz = WOLFSSL_TLS_HMAC_INNER_SZ + (sz - 1) - macSz; + + /* Calculate #blocks processed in HMAC for max and real data. */ + blocks = maxSz >> blockBits; + blocks += ((maxSz + padSz) % blockSz) < padSz; + msgBlocks = realSz >> blockBits; + /* #Extra blocks to process. */ + blocks -= msgBlocks + (((realSz + padSz) % blockSz) < padSz); + /* Calculate whole blocks. */ + msgBlocks--; + + ret = wc_HmacUpdate(hmac, header, WOLFSSL_TLS_HMAC_INNER_SZ); + if (ret == 0) { + /* Fill the rest of the block with any available data. */ + currSz = ctMaskLT(msgSz, blockSz) & msgSz; + currSz |= ctMaskGTE(msgSz, blockSz) & blockSz; + currSz -= WOLFSSL_TLS_HMAC_INNER_SZ; + currSz &= ~(0 - (currSz >> 31)); + ret = wc_HmacUpdate(hmac, in, currSz); + offset = currSz; + } + if (ret == 0) { + /* Do the hash operations on a block basis. */ + for (i = 0; i < msgBlocks; i++, offset += blockSz) { + ret = wc_HmacUpdate(hmac, in + offset, blockSz); + if (ret != 0) + break; + } + } + if (ret == 0) + ret = wc_HmacUpdate(hmac, in + offset, msgSz - offset); + if (ret == 0) + ret = wc_HmacFinal(hmac, digest); + if (ret == 0) { + /* Do the dummy hash operations. Do at least one. */ + for (i = 0; i < blocks + 1; i++) { + ret = wc_HmacUpdate(hmac, dummy, blockSz); + if (ret != 0) + break; + } + } + + return ret; +} + +#endif + +int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, int padSz, + int content, int verify) +{ + Hmac hmac; + byte myInner[WOLFSSL_TLS_HMAC_INNER_SZ]; + int ret = 0; if (ssl == NULL) return BAD_FUNC_ARG; @@ -875,14 +1311,41 @@ int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, return ret; ret = wc_HmacSetKey(&hmac, wolfSSL_GetHmacType(ssl), - wolfSSL_GetMacSecret(ssl, verify), ssl->specs.hash_size); + wolfSSL_GetMacSecret(ssl, verify), + ssl->specs.hash_size); if (ret == 0) { - ret = wc_HmacUpdate(&hmac, myInner, sizeof(myInner)); - if (ret == 0) - ret = wc_HmacUpdate(&hmac, in, sz); /* content */ - if (ret == 0) - ret = wc_HmacFinal(&hmac, digest); + /* Constant time verification required. */ + if (verify && padSz >= 0) { +#if !defined(WOLFSSL_NO_HASH_RAW) && !defined(HAVE_FIPS) && \ + !defined(HAVE_SELFTEST) + #ifdef HAVE_BLAKE2 + if (wolfSSL_GetHmacType(ssl) == WC_HASH_TYPE_BLAKE2B) { + ret = Hmac_UpdateFinal(&hmac, digest, in, sz + + ssl->specs.hash_size + padSz + 1, + myInner); + } + else + #endif + { + ret = Hmac_UpdateFinal_CT(&hmac, digest, in, sz + + ssl->specs.hash_size + padSz + 1, + myInner); + } +#else + ret = Hmac_UpdateFinal(&hmac, digest, in, sz + + ssl->specs.hash_size + padSz + 1, + myInner); +#endif + } + else { + ret = wc_HmacUpdate(&hmac, myInner, sizeof(myInner)); + if (ret == 0) + ret = wc_HmacUpdate(&hmac, in, sz); /* content */ + if (ret == 0) + ret = wc_HmacFinal(&hmac, digest); + } } + wc_HmacFree(&hmac); return ret; @@ -3024,7 +3487,7 @@ static int TLSX_PointFormat_Append(PointFormat* list, byte format, void* heap) return ret; } -#ifndef NO_WOLFSSL_CLIENT +#if defined(WOLFSSL_TLS13) || !defined(NO_WOLFSSL_CLIENT) static void TLSX_SupportedCurve_ValidateRequest(WOLFSSL* ssl, byte* semaphore) { @@ -3055,6 +3518,7 @@ static void TLSX_PointFormat_ValidateRequest(WOLFSSL* ssl, byte* semaphore) } #endif + #ifndef NO_WOLFSSL_SERVER static void TLSX_PointFormat_ValidateResponse(WOLFSSL* ssl, byte* semaphore) @@ -3246,6 +3710,9 @@ int TLSX_SupportedCurve_CheckPriority(WOLFSSL* ssl) return 0; } +#endif + +#if defined(WOLFSSL_TLS13) && !defined(WOLFSSL_NO_SERVER_GROUPS_EXT) /* Return the preferred group. * * ssl SSL/TLS object. @@ -3891,7 +4358,7 @@ int TLSX_AddEmptyRenegotiationInfo(TLSX** extensions, void* heap) #ifdef HAVE_SESSION_TICKET -#ifndef NO_WOLFSSL_CLIENT +#if defined(WOLFSSL_TLS13) || !defined(NO_WOLFSSL_CLIENT) static void TLSX_SessionTicket_ValidateRequest(WOLFSSL* ssl) { TLSX* extension = TLSX_Find(ssl->extensions, TLSX_SESSION_TICKET); @@ -3906,7 +4373,7 @@ static void TLSX_SessionTicket_ValidateRequest(WOLFSSL* ssl) } } } -#endif /* NO_WOLFSSL_CLIENT */ +#endif /* WLFSSL_TLS13 || !NO_WOLFSSL_CLIENT */ static word16 TLSX_SessionTicket_GetSize(SessionTicket* ticket, int isRequest) @@ -4751,8 +5218,18 @@ static int TLSX_SupportedVersions_Write(void* data, byte* output, } #ifndef WOLFSSL_TLS13_DRAFT_18 else if (msgType == server_hello || msgType == hello_retry_request) { - output[0] = ssl->version.major; - output[1] = ssl->version.minor; + #ifndef WOLFSSL_TLS13_FINAL + if (ssl->version.major == SSLv3_MAJOR && + ssl->version.minor == TLSv1_3_MINOR) { + output[0] = TLS_DRAFT_MAJOR; + output[1] = TLS_DRAFT_MINOR; + } + else + #endif + { + output[0] = ssl->version.major; + output[1] = ssl->version.minor; + } *pSz += OPAQUE16_LEN; } @@ -4810,34 +5287,38 @@ static int TLSX_SupportedVersions_Parse(WOLFSSL* ssl, byte* input, continue; /* No upgrade allowed. */ - if (ssl->version.minor > minor) + if (minor > ssl->version.minor) continue; /* Check downgrade. */ - if (ssl->version.minor < minor) { + if (minor < ssl->version.minor) { if (!ssl->options.downgrade) continue; if (minor < ssl->options.minDowngrade) continue; - /* Downgrade the version. */ - ssl->version.minor = minor; + if (newMinor == 0 && minor > ssl->options.oldMinor) { + /* Downgrade the version. */ + ssl->version.minor = minor; + } } if (minor >= TLSv1_3_MINOR) { - ssl->options.tls1_3 = 1; - TLSX_Push(&ssl->extensions, TLSX_SUPPORTED_VERSIONS, ssl, - ssl->heap); + if (!ssl->options.tls1_3) { + ssl->options.tls1_3 = 1; + TLSX_Push(&ssl->extensions, TLSX_SUPPORTED_VERSIONS, ssl, + ssl->heap); #ifndef WOLFSSL_TLS13_DRAFT_18 - TLSX_SetResponse(ssl, TLSX_SUPPORTED_VERSIONS); + TLSX_SetResponse(ssl, TLSX_SUPPORTED_VERSIONS); #endif - newMinor = minor; + } + if (minor > newMinor) { + ssl->version.minor = minor; + newMinor = minor; + } } - else if (ssl->options.oldMinor < minor) + else if (minor > ssl->options.oldMinor) ssl->options.oldMinor = minor; - - if (newMinor != 0 && ssl->options.oldMinor != 0) - break; } } #ifndef WOLFSSL_TLS13_DRAFT_18 @@ -7328,7 +7809,7 @@ int TLSX_PskKeModes_Use(WOLFSSL* ssl, byte modes) static word16 TLSX_PostHandAuth_GetSize(byte msgType) { if (msgType == client_hello) - return OPAQUE8_LEN; + return 0; return SANITY_MSG_E; } @@ -7343,10 +7824,10 @@ static word16 TLSX_PostHandAuth_GetSize(byte msgType) */ static word16 TLSX_PostHandAuth_Write(byte* output, byte msgType) { - if (msgType == client_hello) { - *output = 0; - return OPAQUE8_LEN; - } + (void)output; + + if (msgType == client_hello) + return 0; return SANITY_MSG_E; } @@ -7363,15 +7844,11 @@ static word16 TLSX_PostHandAuth_Write(byte* output, byte msgType) static int TLSX_PostHandAuth_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType) { - byte len; + (void)input; if (msgType == client_hello) { - /* Ensure length byte exists. */ - if (length < OPAQUE8_LEN) - return BUFFER_E; - - len = input[0]; - if (length - OPAQUE8_LEN != len || len != 0) + /* Ensure extension is empty. */ + if (length != 0) return BUFFER_E; ssl->options.postHandshakeAuth = 1; @@ -8645,7 +9122,7 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer) } -#ifndef NO_WOLFSSL_CLIENT +#if defined(WOLFSSL_TLS13) || !defined(NO_WOLFSSL_CLIENT) /** Tells the buffered size of extensions to be sent into the client hello. */ int TLSX_GetRequestSize(WOLFSSL* ssl, byte msgType, word16* pLength) @@ -8850,7 +9327,7 @@ int TLSX_WriteRequest(WOLFSSL* ssl, byte* output, byte msgType, word16* pOffset) return ret; } -#endif /* NO_WOLFSSL_CLIENT */ +#endif /* WOLFSSL_TLS13 || !NO_WOLFSSL_CLIENT */ #ifndef NO_WOLFSSL_SERVER @@ -9347,7 +9824,7 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType, #ifdef WOLFSSL_POST_HANDSHAKE_AUTH case TLSX_POST_HANDSHAKE_AUTH: - WOLFSSL_MSG("PSK Key Exchange Modes extension received"); + WOLFSSL_MSG("Post Handshake Authentication extension received"); if (!IsAtLeastTLSv1_3(ssl->version)) break; diff --git a/src/tls13.c b/src/tls13.c old mode 100755 new mode 100644 index 75bc5ddc1c..cb30d0536c --- a/src/tls13.c +++ b/src/tls13.c @@ -80,7 +80,7 @@ #ifdef WOLFSSL_TLS13 #ifdef HAVE_SESSION_TICKET - #include + #include #endif #ifndef WOLFCRYPT_ONLY @@ -2190,6 +2190,127 @@ static int FindSuite(WOLFSSL* ssl, byte* suite) } #endif +#ifndef WOLFSSL_TLS13_DRAFT_18 +#if defined(WOLFSSL_SEND_HRR_COOKIE) && !defined(NO_WOLFSSL_SERVER) +/* Create Cookie extension using the hash of the first ClientHello. + * + * ssl SSL/TLS object. + * hash The hash data. + * hashSz The size of the hash data in bytes. + * returns 0 on success, otherwise failure. + */ +static int CreateCookie(WOLFSSL* ssl, byte* hash, byte hashSz) +{ + int ret; + byte mac[WC_MAX_DIGEST_SIZE]; + Hmac cookieHmac; + byte cookieType; + byte macSz; + +#if !defined(NO_SHA) && defined(NO_SHA256) + cookieType = SHA; + macSz = WC_SHA_DIGEST_SIZE; +#endif /* NO_SHA */ +#ifndef NO_SHA256 + cookieType = WC_SHA256; + macSz = WC_SHA256_DIGEST_SIZE; +#endif /* NO_SHA256 */ + + ret = wc_HmacSetKey(&cookieHmac, cookieType, + ssl->buffers.tls13CookieSecret.buffer, + ssl->buffers.tls13CookieSecret.length); + if (ret != 0) + return ret; + if ((ret = wc_HmacUpdate(&cookieHmac, hash, hashSz)) != 0) + return ret; + if ((ret = wc_HmacFinal(&cookieHmac, mac)) != 0) + return ret; + + /* The cookie data is the hash and the integrity check. */ + return TLSX_Cookie_Use(ssl, hash, hashSz, mac, macSz, 1); +} +#endif + +/* Restart the Hanshake hash with a hash of the previous messages. + * + * ssl The SSL/TLS object. + * returns 0 on success, otherwise failure. + */ +static int RestartHandshakeHash(WOLFSSL* ssl) +{ + int ret; + Hashes hashes; + byte header[HANDSHAKE_HEADER_SZ]; + byte* hash = NULL; + byte hashSz = 0; + + ret = BuildCertHashes(ssl, &hashes); + if (ret != 0) + return ret; + switch (ssl->specs.mac_algorithm) { + #ifndef NO_SHA256 + case sha256_mac: + hash = hashes.sha256; + break; + #endif + #ifdef WOLFSSL_SHA384 + case sha384_mac: + hash = hashes.sha384; + break; + #endif + #ifdef WOLFSSL_TLS13_SHA512 + case sha512_mac: + hash = hashes.sha512; + break; + #endif + } + hashSz = ssl->specs.hash_size; + AddTls13HandShakeHeader(header, hashSz, 0, 0, message_hash, ssl); + + WOLFSSL_MSG("Restart Hash"); + WOLFSSL_BUFFER(hash, hashSz); + +#if defined(WOLFSSL_SEND_HRR_COOKIE) && !defined(NO_WOLFSSL_SERVER) + if (ssl->options.sendCookie) { + byte cookie[OPAQUE8_LEN + WC_MAX_DIGEST_SIZE + OPAQUE16_LEN * 2]; + TLSX* ext; + word32 idx = 0; + + /* Cookie Data = Hash Len | Hash | CS | KeyShare Group */ + cookie[idx++] = hashSz; + XMEMCPY(cookie + idx, hash, hashSz); + idx += hashSz; + cookie[idx++] = ssl->options.cipherSuite0; + cookie[idx++] = ssl->options.cipherSuite; + if ((ext = TLSX_Find(ssl->extensions, TLSX_KEY_SHARE)) != NULL) { + KeyShareEntry* kse = (KeyShareEntry*)ext->data; + c16toa(kse->group, cookie + idx); + idx += OPAQUE16_LEN; + } + return CreateCookie(ssl, cookie, idx); + } +#endif + + ret = InitHandshakeHashes(ssl); + if (ret != 0) + return ret; + ret = HashOutputRaw(ssl, header, sizeof(header)); + if (ret != 0) + return ret; + return HashOutputRaw(ssl, hash, hashSz); +} + +/* The value in the random field of a ServerHello to indicate + * HelloRetryRequest. + */ +static byte helloRetryRequestRandom[] = { + 0xCF, 0x21, 0xAD, 0x74, 0xE5, 0x9A, 0x61, 0x11, + 0xBE, 0x1D, 0x8C, 0x02, 0x1E, 0x65, 0xB8, 0x91, + 0xC2, 0xA2, 0x11, 0x16, 0x7A, 0xBB, 0x8C, 0x5E, + 0x07, 0x9E, 0x09, 0xE2, 0xC8, 0xA8, 0x33, 0x9C +}; +#endif /* WOLFSSL_TLS13_DRAFT_18 */ + #ifndef NO_WOLFSSL_CLIENT #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) /* Setup pre-shared key based on the details in the extension data. @@ -2540,117 +2661,6 @@ int SendTls13ClientHello(WOLFSSL* ssl) return ret; } -#ifndef WOLFSSL_TLS13_DRAFT_18 -#ifdef WOLFSSL_SEND_HRR_COOKIE -/* Create Cookie extension using the hash of the first ClientHello. - * - * ssl SSL/TLS object. - * hash The hash data. - * hashSz The size of the hash data in bytes. - * returns 0 on success, otherwise failure. - */ -static int CreateCookie(WOLFSSL* ssl, byte* hash, byte hashSz) -{ - int ret; - byte mac[WC_MAX_DIGEST_SIZE]; - Hmac cookieHmac; - byte cookieType; - byte macSz; - -#if !defined(NO_SHA) && defined(NO_SHA256) - cookieType = SHA; - macSz = WC_SHA_DIGEST_SIZE; -#endif /* NO_SHA */ -#ifndef NO_SHA256 - cookieType = WC_SHA256; - macSz = WC_SHA256_DIGEST_SIZE; -#endif /* NO_SHA256 */ - - ret = wc_HmacSetKey(&cookieHmac, cookieType, - ssl->buffers.tls13CookieSecret.buffer, - ssl->buffers.tls13CookieSecret.length); - if (ret != 0) - return ret; - if ((ret = wc_HmacUpdate(&cookieHmac, hash, hashSz)) != 0) - return ret; - if ((ret = wc_HmacFinal(&cookieHmac, mac)) != 0) - return ret; - - /* The cookie data is the hash and the integrity check. */ - return TLSX_Cookie_Use(ssl, hash, hashSz, mac, macSz, 1); -} -#endif - -/* Restart the Hanshake hash with a hash of the previous messages. - * - * ssl The SSL/TLS object. - * returns 0 on success, otherwise failure. - */ -static int RestartHandshakeHash(WOLFSSL* ssl) -{ - int ret; - Hashes hashes; - byte header[HANDSHAKE_HEADER_SZ]; - byte* hash = NULL; - byte hashSz = 0; - - ret = BuildCertHashes(ssl, &hashes); - if (ret != 0) - return ret; - switch (ssl->specs.mac_algorithm) { - #ifndef NO_SHA256 - case sha256_mac: - hash = hashes.sha256; - break; - #endif - #ifdef WOLFSSL_SHA384 - case sha384_mac: - hash = hashes.sha384; - break; - #endif - #ifdef WOLFSSL_TLS13_SHA512 - case sha512_mac: - hash = hashes.sha512; - break; - #endif - } - hashSz = ssl->specs.hash_size; - AddTls13HandShakeHeader(header, hashSz, 0, 0, message_hash, ssl); - - WOLFSSL_MSG("Restart Hash"); - WOLFSSL_BUFFER(hash, hashSz); - -#ifdef WOLFSSL_SEND_HRR_COOKIE - if (ssl->options.sendCookie) { - byte cookie[OPAQUE8_LEN + WC_MAX_DIGEST_SIZE + OPAQUE16_LEN * 2]; - TLSX* ext; - word32 idx = 0; - - /* Cookie Data = Hash Len | Hash | CS | KeyShare Group */ - cookie[idx++] = hashSz; - XMEMCPY(cookie + idx, hash, hashSz); - idx += hashSz; - cookie[idx++] = ssl->options.cipherSuite0; - cookie[idx++] = ssl->options.cipherSuite; - if ((ext = TLSX_Find(ssl->extensions, TLSX_KEY_SHARE)) != NULL) { - KeyShareEntry* kse = (KeyShareEntry*)ext->data; - c16toa(kse->group, cookie + idx); - idx += OPAQUE16_LEN; - } - return CreateCookie(ssl, cookie, idx); - } -#endif - - ret = InitHandshakeHashes(ssl); - if (ret != 0) - return ret; - ret = HashOutputRaw(ssl, header, sizeof(header)); - if (ret != 0) - return ret; - return HashOutputRaw(ssl, hash, hashSz); -} -#endif - #ifdef WOLFSSL_TLS13_DRAFT_18 /* handle rocessing of TLS 1.3 hello_retry_request (6) */ /* Parse and handle a HelloRetryRequest message. @@ -2720,18 +2730,6 @@ static int DoTls13HelloRetryRequest(WOLFSSL* ssl, const byte* input, #endif -#ifndef WOLFSSL_TLS13_DRAFT_18 -/* The value in the random field of a ServerHello to indicate - * HelloRetryRequest. - */ -static byte helloRetryRequestRandom[] = { - 0xCF, 0x21, 0xAD, 0x74, 0xE5, 0x9A, 0x61, 0x11, - 0xBE, 0x1D, 0x8C, 0x02, 0x1E, 0x65, 0xB8, 0x91, - 0xC2, 0xA2, 0x11, 0x16, 0x7A, 0xBB, 0x8C, 0x5E, - 0x07, 0x9E, 0x09, 0xE2, 0xC8, 0xA8, 0x33, 0x9C -}; -#endif - /* handle processing of TLS 1.3 server_hello (2) and hello_retry_request (6) */ /* Handle the ServerHello message from the server. * Only a client will receive this message. @@ -3202,16 +3200,6 @@ static int DoTls13CertificateRequest(WOLFSSL* ssl, const byte* input, /* This message is always encrypted so add encryption padding. */ *inOutIdx += ssl->keys.padSz; -#if !defined(NO_WOLFSSL_CLIENT) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) - if (ssl->options.side == WOLFSSL_CLIENT_END && - ssl->options.handShakeState == HANDSHAKE_DONE) { - /* reset handshake states */ - ssl->options.clientState = CLIENT_HELLO_COMPLETE; - ssl->options.connectState = FIRST_REPLY_DONE; - ssl->options.handShakeState = CLIENT_HELLO_COMPLETE; - } -#endif - WOLFSSL_LEAVE("DoTls13CertificateRequest", ret); WOLFSSL_END(WC_FUNC_CERTIFICATE_REQUEST_DO); @@ -3713,8 +3701,14 @@ static int RestartHandshakeHashWithCookie(WOLFSSL* ssl, Cookie* cookie) hrrIdx += 2; c16toa(OPAQUE16_LEN, hrr + hrrIdx); hrrIdx += 2; - hrr[hrrIdx++] = ssl->version.major; - hrr[hrrIdx++] = ssl->version.minor; + /* TODO: [TLS13] Change to ssl->version.major and minor once final. */ + #ifdef WOLFSSL_TLS13_FINAL + hrr[hrrIdx++] = ssl->version.major; + hrr[hrrIdx++] = ssl->version.minor; + #else + hrr[hrrIdx++] = TLS_DRAFT_MAJOR; + hrr[hrrIdx++] = TLS_DRAFT_MINOR; + #endif #endif /* Mandatory Cookie Extension */ c16toa(TLSX_COOKIE, hrr + hrrIdx); @@ -3972,31 +3966,9 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, /* Check that the negotiated ciphersuite matches protocol version. */ if (IsAtLeastTLSv1_3(ssl->version)) { if (ssl->options.cipherSuite0 != TLS13_BYTE) { -#ifndef WOLFSSL_NO_TLS12 - TLSX* ext; - - if (!ssl->options.downgrade) { - WOLFSSL_MSG("Negotiated ciphersuite from lesser version " - "than TLS v1.3"); - return VERSION_ERROR; - } - - WOLFSSL_MSG("Downgrading protocol due to cipher suite"); - - if (pv.minor < ssl->options.minDowngrade) - return VERSION_ERROR; - ssl->version.minor = ssl->options.oldMinor; - - /* Downgrade from TLS v1.3 */ - ssl->options.tls1_3 = 0; - ext = TLSX_Find(ssl->extensions, TLSX_SUPPORTED_VERSIONS); - if (ext != NULL) - ext->resp = 0; -#else WOLFSSL_MSG("Negotiated ciphersuite from lesser version than " "TLS v1.3"); return VERSION_ERROR; -#endif } } /* VerifyServerSuite handles when version is less than 1.3 */ @@ -5855,7 +5827,15 @@ static int DoTls13Finished(WOLFSSL* ssl, const byte* input, word32* inOutIdx, if (*inOutIdx + size + ssl->keys.padSz > totalSz) return BUFFER_E; - if (ssl->options.side == WOLFSSL_CLIENT_END) { + if (ssl->options.handShakeDone) { + ret = DeriveFinishedSecret(ssl, ssl->arrays->clientSecret, + ssl->keys.client_write_MAC_secret); + if (ret != 0) + return ret; + + secret = ssl->keys.client_write_MAC_secret; + } + else if (ssl->options.side == WOLFSSL_CLIENT_END) { /* All the handshake messages have been received to calculate * client and server finished keys. */ @@ -5961,7 +5941,15 @@ static int SendTls13Finished(WOLFSSL* ssl) AddTls13HandShakeHeader(input, finishedSz, 0, finishedSz, finished, ssl); /* make finished hashes */ - if (ssl->options.side == WOLFSSL_CLIENT_END) + if (ssl->options.handShakeDone) { + ret = DeriveFinishedSecret(ssl, ssl->arrays->clientSecret, + ssl->keys.client_write_MAC_secret); + if (ret != 0) + return ret; + + secret = ssl->keys.client_write_MAC_secret; + } + else if (ssl->options.side == WOLFSSL_CLIENT_END) secret = ssl->keys.client_write_MAC_secret; else { /* All the handshake messages have been done to calculate client and @@ -6864,13 +6852,14 @@ static int SanityCheckTls13MsgReceived(WOLFSSL* ssl, byte type) ssl->arrays->psk_keySz != 0) { WOLFSSL_MSG("CertificateRequset received while using PSK"); return SANITY_MSG_E; - return SANITY_MSG_E; } #endif + #ifndef WOLFSSL_POST_HANDSHAKE_AUTH if (ssl->msgsReceived.got_certificate_request) { WOLFSSL_MSG("Duplicate CertificateRequest received"); return DUPLICATE_MSG_E; } + #endif ssl->msgsReceived.got_certificate_request = 1; break; @@ -6878,20 +6867,20 @@ static int SanityCheckTls13MsgReceived(WOLFSSL* ssl, byte type) case certificate_verify: #ifndef NO_WOLFSSL_CLIENT - if (ssl->options.side == WOLFSSL_CLIENT_END && - ssl->options.serverState != SERVER_CERT_COMPLETE) { - WOLFSSL_MSG("No Cert before CertVerify"); - return OUT_OF_ORDER_E; + if (ssl->options.side == WOLFSSL_CLIENT_END) { + if (ssl->options.serverState != SERVER_CERT_COMPLETE) { + WOLFSSL_MSG("No Cert before CertVerify"); + return OUT_OF_ORDER_E; + } + #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) + /* Server's authenticating with PSK must not send this. */ + if (ssl->options.serverState == SERVER_CERT_COMPLETE && + ssl->arrays->psk_keySz != 0) { + WOLFSSL_MSG("CertificateVerify received while using PSK"); + return SANITY_MSG_E; + } + #endif } - #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) - /* Server's authenticating with PSK must not send this. */ - if (ssl->options.side == WOLFSSL_CLIENT_END && - ssl->options.serverState == SERVER_CERT_COMPLETE && - ssl->arrays->psk_keySz != 0) { - WOLFSSL_MSG("CertificateVerify received while using PSK"); - return SANITY_MSG_E; - } - #endif #endif #ifndef NO_WOLFSSL_SERVER if (ssl->options.side == WOLFSSL_SERVER_END) { @@ -7134,47 +7123,61 @@ int DoTls13HandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx, if (ssl->options.tls1_3) { /* Need to hash input message before deriving secrets. */ -#ifndef NO_WOLFSSL_CLIENT - if (type == server_hello && ssl->options.side == WOLFSSL_CLIENT_END) { - if ((ret = DeriveEarlySecret(ssl)) != 0) - return ret; - if ((ret = DeriveHandshakeSecret(ssl)) != 0) - return ret; + #ifndef NO_WOLFSSL_CLIENT + if (ssl->options.side == WOLFSSL_CLIENT_END) { + if (type == server_hello) { + if ((ret = DeriveEarlySecret(ssl)) != 0) + return ret; + if ((ret = DeriveHandshakeSecret(ssl)) != 0) + return ret; - if ((ret = DeriveTls13Keys(ssl, handshake_key, + if ((ret = DeriveTls13Keys(ssl, handshake_key, ENCRYPT_AND_DECRYPT_SIDE, 1)) != 0) { - return ret; + return ret; + } + #ifdef WOLFSSL_EARLY_DATA + if ((ret = SetKeysSide(ssl, DECRYPT_SIDE_ONLY)) != 0) + return ret; + #else + if ((ret = SetKeysSide(ssl, ENCRYPT_AND_DECRYPT_SIDE)) != 0) + return ret; + #endif } - #ifdef WOLFSSL_EARLY_DATA - if ((ret = SetKeysSide(ssl, DECRYPT_SIDE_ONLY)) != 0) - return ret; - #else - if ((ret = SetKeysSide(ssl, ENCRYPT_AND_DECRYPT_SIDE)) != 0) - return ret; - #endif - } - if (type == finished && ssl->options.side == WOLFSSL_CLIENT_END) { - if ((ret = DeriveMasterSecret(ssl)) != 0) - return ret; - #ifdef WOLFSSL_EARLY_DATA - if ((ret = DeriveTls13Keys(ssl, traffic_key, + if (type == finished) { + if ((ret = DeriveMasterSecret(ssl)) != 0) + return ret; + #ifdef WOLFSSL_EARLY_DATA + if ((ret = DeriveTls13Keys(ssl, traffic_key, ENCRYPT_AND_DECRYPT_SIDE, ssl->earlyData == no_early_data)) != 0) { - return ret; - } - #else - if ((ret = DeriveTls13Keys(ssl, traffic_key, + return ret; + } + #else + if ((ret = DeriveTls13Keys(ssl, traffic_key, ENCRYPT_AND_DECRYPT_SIDE, 1)) != 0) { - return ret; + return ret; + } + #endif } - #endif + #ifdef WOLFSSL_POST_HANDSHAKE_AUTH + if (type == certificate_request && + ssl->options.handShakeState == HANDSHAKE_DONE) { + /* reset handshake states */ + ssl->options.clientState = CLIENT_HELLO_COMPLETE; + ssl->options.connectState = FIRST_REPLY_DONE; + ssl->options.handShakeState = CLIENT_HELLO_COMPLETE; + + if (wolfSSL_connect_TLSv13(ssl) != SSL_SUCCESS) + ret = POST_HAND_AUTH_ERROR; + } + #endif } -#endif /* NO_WOLFSSL_CLIENT */ + #endif /* NO_WOLFSSL_CLIENT */ #ifndef NO_WOLFSSL_SERVER #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) - if (type == finished && ssl->options.side == WOLFSSL_SERVER_END) { + if (ssl->options.side == WOLFSSL_SERVER_END && type == finished) { ret = DeriveResumptionSecret(ssl, ssl->session.masterSecret); if (ret != 0) return ret; @@ -7301,6 +7304,7 @@ int DoTls13HandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx, return ret; } +#ifndef NO_WOLFSSL_CLIENT /* The client connecting to the server. * The protocol version is expecting to be TLS v1.3. @@ -7497,14 +7501,9 @@ int wolfSSL_connect_TLSv13(WOLFSSL* ssl) FALL_THROUGH; case FIRST_REPLY_THIRD: - #if !defined(NO_CERTS) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) - if (!ssl->options.sendVerify || !ssl->options.postHandshakeAuth) - #endif - { - if ((ssl->error = SendTls13Finished(ssl)) != 0) { - WOLFSSL_ERROR(ssl->error); - return WOLFSSL_FATAL_ERROR; - } + if ((ssl->error = SendTls13Finished(ssl)) != 0) { + WOLFSSL_ERROR(ssl->error); + return WOLFSSL_FATAL_ERROR; } WOLFSSL_MSG("sent: finished"); @@ -7532,8 +7531,9 @@ int wolfSSL_connect_TLSv13(WOLFSSL* ssl) return WOLFSSL_FATAL_ERROR; /* unknown connect state */ } } +#endif -#if defined(WOLFSSL_SEND_HRR_COOKIE) && !defined(NO_WOLFSSL_SERVER) +#if defined(WOLFSSL_SEND_HRR_COOKIE) /* Send a cookie with the HelloRetryRequest to avoid storing state. * * ssl SSL/TLS object. @@ -7551,6 +7551,7 @@ int wolfSSL_send_hrr_cookie(WOLFSSL* ssl, const unsigned char* secret, if (ssl == NULL || !IsAtLeastTLSv1_3(ssl->version)) return BAD_FUNC_ARG; + #ifndef NO_WOLFSSL_SERVER if (ssl->options.side == WOLFSSL_CLIENT_END) return SIDE_ERROR; @@ -7597,7 +7598,15 @@ int wolfSSL_send_hrr_cookie(WOLFSSL* ssl, const unsigned char* secret, ssl->options.sendCookie = 1; - return WOLFSSL_SUCCESS; + ret = WOLFSSL_SUCCESS; +#else + (void)secret; + (void)secretSz; + + ret = SIDE_ERROR; +#endif + + return ret; } #endif @@ -7783,10 +7792,13 @@ int wolfSSL_allow_post_handshake_auth(WOLFSSL* ssl) int wolfSSL_request_certificate(WOLFSSL* ssl) { int ret; +#ifndef NO_WOLFSSL_SERVER CertReqCtx* certReqCtx; +#endif if (ssl == NULL || !IsAtLeastTLSv1_3(ssl->version)) return BAD_FUNC_ARG; +#ifndef NO_WOLFSSL_SERVER if (ssl->options.side == WOLFSSL_CLIENT_END) return SIDE_ERROR; if (ssl->options.handShakeState != HANDSHAKE_DONE) @@ -7805,16 +7817,24 @@ int wolfSSL_request_certificate(WOLFSSL* ssl) certReqCtx->ctx = certReqCtx->next->ctx + 1; ssl->certReqCtx = certReqCtx; + ssl->msgsReceived.got_certificate = 0; + ssl->msgsReceived.got_certificate_verify = 0; + ssl->msgsReceived.got_finished = 0; + ret = SendTls13CertificateRequest(ssl, &certReqCtx->ctx, certReqCtx->len); if (ret == WANT_WRITE) ret = WOLFSSL_ERROR_WANT_WRITE; else if (ret == 0) ret = WOLFSSL_SUCCESS; +#else + ret = SIDE_ERROR; +#endif + return ret; } #endif /* !NO_CERTS && WOLFSSL_POST_HANDSHAKE_AUTH */ -#if !defined(NO_WOLFSSL_CLIENT) && !defined(WOLFSSL_NO_SERVER_GROUPS_EXT) +#if !defined(WOLFSSL_NO_SERVER_GROUPS_EXT) /* Get the preferred key exchange group. * * ssl The SSL/TLS object. @@ -7824,19 +7844,19 @@ int wolfSSL_request_certificate(WOLFSSL* ssl) */ int wolfSSL_preferred_group(WOLFSSL* ssl) { - int ret; - if (ssl == NULL || !IsAtLeastTLSv1_3(ssl->version)) return BAD_FUNC_ARG; +#ifndef NO_WOLFSSL_CLIENT if (ssl->options.side == WOLFSSL_SERVER_END) return SIDE_ERROR; if (ssl->options.handShakeState != HANDSHAKE_DONE) return NOT_READY_ERROR; /* Return supported groups only. */ - ret = TLSX_SupportedCurve_Preferred(ssl, 1); - - return ret; + return TLSX_SupportedCurve_Preferred(ssl, 1); +#else + return SIDE_ERROR; +#endif } #endif @@ -8253,6 +8273,7 @@ int wolfSSL_write_early_data(WOLFSSL* ssl, const void* data, int sz, int* outSz) if (!IsAtLeastTLSv1_3(ssl->version)) return BAD_FUNC_ARG; +#ifndef NO_WOLFSSL_CLIENT if (ssl->options.side == WOLFSSL_SERVER_END) return SIDE_ERROR; @@ -8267,6 +8288,9 @@ int wolfSSL_write_early_data(WOLFSSL* ssl, const void* data, int sz, int* outSz) if (ret > 0) *outSz = ret; } +#else + return SIDE_ERROR; +#endif WOLFSSL_LEAVE("SSL_write_early_data()", ret); @@ -8287,7 +8311,7 @@ int wolfSSL_write_early_data(WOLFSSL* ssl, const void* data, int sz, int* outSz) */ int wolfSSL_read_early_data(WOLFSSL* ssl, void* data, int sz, int* outSz) { - int ret; + int ret = 0; WOLFSSL_ENTER("wolfSSL_read_early_data()"); @@ -8297,6 +8321,7 @@ int wolfSSL_read_early_data(WOLFSSL* ssl, void* data, int sz, int* outSz) if (!IsAtLeastTLSv1_3(ssl->version)) return BAD_FUNC_ARG; +#ifndef NO_WOLFSSL_SERVER if (ssl->options.side == WOLFSSL_CLIENT_END) return SIDE_ERROR; @@ -8315,6 +8340,9 @@ int wolfSSL_read_early_data(WOLFSSL* ssl, void* data, int sz, int* outSz) } else ret = 0; +#else + return SIDE_ERROR; +#endif WOLFSSL_LEAVE("wolfSSL_read_early_data()", ret); diff --git a/tests/api.c b/tests/api.c index 1d53b3fb1e..baec67e45b 100644 --- a/tests/api.c +++ b/tests/api.c @@ -321,7 +321,7 @@ #include "wolfssl/internal.h" /* for testing SSL_get_peer_cert_chain */ #endif -/* enable testing buffer load functions */ +/* force enable test buffers */ #ifndef USE_CERT_BUFFERS_2048 #define USE_CERT_BUFFERS_2048 #endif @@ -377,7 +377,8 @@ typedef struct testVector { static const char* passed = "passed"; static const char* failed = "failed"; -#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \ + (!defined(NO_WOLFSSL_SERVER) || !defined(NO_WOLFSSL_CLIENT)) static const char* bogusFile = #ifdef _WIN32 "NUL" @@ -385,7 +386,7 @@ static const char* failed = "failed"; "/dev/null" #endif ; -#endif +#endif /* !NO_FILESYSTEM && !NO_CERTS && (!NO_WOLFSSL_SERVER || !NO_WOLFSSL_CLIENT) */ enum { TESTING_RSA = 1, @@ -464,8 +465,12 @@ static void test_wolfSSL_Method_Allocators(void) TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_server_method); TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_client_method); #endif - TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_1_server_method); - TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_1_client_method); + #ifndef NO_WOLFSSL_SERVER + TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_1_server_method); + #endif + #ifndef NO_WOLFSSL_CLIENT + TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_1_client_method); + #endif #endif #ifndef WOLFSSL_NO_TLS12 #ifndef NO_WOLFSSL_SERVER @@ -1147,7 +1152,7 @@ static void test_wolfSSL_EVP_get_cipherbynid(void) *----------------------------------------------------------------------------*/ #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \ !defined(NO_RSA) && !defined(SINGLE_THREADED) && \ - !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT) + (!defined(NO_WOLFSSL_SERVER) || !defined(NO_WOLFSSL_CLIENT)) #define HAVE_IO_TESTS_DEPENDENCIES #endif @@ -1180,7 +1185,7 @@ static int test_export(WOLFSSL* inSsl, byte* buf, word32 sz, void* userCtx) } #endif -#ifndef NO_WOLFSSL_SERVER +#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) static THREAD_RETURN WOLFSSL_THREAD test_server_nofail(void* args) { SOCKET_T sockfd = 0; @@ -1338,7 +1343,6 @@ done: return 0; #endif } -#endif /* !NO_WOLFSSL_SERVER */ typedef int (*cbType)(WOLFSSL_CTX *ctx, WOLFSSL *ssl); @@ -1487,6 +1491,7 @@ done2: return; } +#endif /* !NO_WOLFSSL_CLIENT && !NO_WOLFSSL_SERVER */ /* SNI / ALPN / session export helper functions */ #if defined(HAVE_SNI) || defined(HAVE_ALPN) || defined(WOLFSSL_SESSION_EXPORT) @@ -1741,7 +1746,7 @@ static void run_wolfssl_client(void* args) defined(WOLFSSL_SESSION_EXPORT) */ #endif /* io tests dependencies */ - +#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) static void test_wolfSSL_read_write(void) { #ifdef HAVE_IO_TESTS_DEPENDENCIES @@ -1802,6 +1807,7 @@ static void test_wolfSSL_read_write(void) #endif } +#endif /* !NO_WOLFSSL_CLIENT && !NO_WOLFSSL_SERVER */ #if defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS) && \ @@ -2971,10 +2977,18 @@ static void test_wolfSSL_PKCS8(void) /* Note that wolfSSL_Init() or wolfCrypt_Init() has been called before these * function calls */ -#ifndef WOLFSSL_NO_TLS12 - AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())); +#ifndef NO_WOLFSSL_CLIENT + #ifndef WOLFSSL_NO_TLS12 + AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())); + #else + AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method())); + #endif #else - AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method())); + #ifndef WOLFSSL_NO_TLS12 + AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method())); + #else + AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method())); + #endif #endif wolfSSL_CTX_set_default_passwd_cb(ctx, &PKCS8TestCallBack); wolfSSL_CTX_set_default_passwd_cb_userdata(ctx, (void*)&flag); @@ -3025,7 +3039,7 @@ static void test_wolfSSL_URI(void) { #if !defined(NO_CERTS) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) \ && (defined(KEEP_PEER_CERT) || defined(SESSION_CERTS) || \ - defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) + defined(OPENSSL_EXTRA)) WOLFSSL_X509* x509; const char uri[] = "./certs/client-uri-cert.pem"; const char badUri[] = "./certs/client-relative-uri.pem"; @@ -3114,11 +3128,19 @@ static int test_wolfSSL_UseOCSPStapling(void) WOLFSSL* ssl; wolfSSL_Init(); +#ifndef NO_WOLFSSL_CLIENT #ifndef WOLFSSL_NO_TLS12 ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()); #else ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()); #endif +#else + #ifndef WOLFSSL_NO_TLS12 + ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method()); + #else + ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method()); + #endif +#endif ssl = wolfSSL_new(ctx); printf(testingFmt, "wolfSSL_UseOCSPStapling()"); @@ -3158,11 +3180,19 @@ static int test_wolfSSL_UseOCSPStaplingV2 (void) WOLFSSL* ssl; wolfSSL_Init(); +#ifndef NO_WOLFSSL_CLIENT #ifndef WOLFSSL_NO_TLS12 ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()); #else ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()); #endif +#else + #ifndef WOLFSSL_NO_TLS12 + ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method()); + #else + ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method()); + #endif +#endif ssl = wolfSSL_new(ctx); printf(testingFmt, "wolfSSL_UseOCSPStaplingV2()"); @@ -14018,7 +14048,7 @@ static int test_wc_ecc_mulmod (void) { int ret = 0; -#if defined(HAVE_ECC) +#if defined(HAVE_ECC) && !defined(WOLFSSL_ATECC508A) ecc_key key1, key2, key3; WC_RNG rng; @@ -14085,7 +14115,7 @@ static int test_wc_ecc_mulmod (void) wc_ecc_free(&key3); -#endif +#endif /* HAVE_ECC && !WOLFSSL_ATECC508A */ return ret; @@ -14621,23 +14651,25 @@ static void test_wc_PKCS7_EncodeDecodeEnvelopedData (void) /* RSA certs and keys. */ #if defined(USE_CERT_BUFFERS_1024) /* Allocate buffer space. */ - rsaCert = (byte*)XMALLOC(ONEK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + AssertNotNull(rsaCert = + (byte*)XMALLOC(ONEK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)); /* Init buffer. */ rsaCertSz = (word32)sizeof_client_cert_der_1024; XMEMCPY(rsaCert, client_cert_der_1024, rsaCertSz); - rsaPrivKey = (byte*)XMALLOC(ONEK_BUF, HEAP_HINT, - DYNAMIC_TYPE_TMP_BUFFER); + AssertNotNull(rsaPrivKey = (byte*)XMALLOC(ONEK_BUF, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER)); rsaPrivKeySz = (word32)sizeof_client_key_der_1024; XMEMCPY(rsaPrivKey, client_key_der_1024, rsaPrivKeySz); #elif defined(USE_CERT_BUFFERS_2048) /* Allocate buffer */ - rsaCert = (byte*)XMALLOC(TWOK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + AssertNotNull(rsaCert = + (byte*)XMALLOC(TWOK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)); /* Init buffer. */ rsaCertSz = (word32)sizeof_client_cert_der_2048; XMEMCPY(rsaCert, client_cert_der_2048, rsaCertSz); - rsaPrivKey = (byte*)XMALLOC(TWOK_BUF, HEAP_HINT, - DYNAMIC_TYPE_TMP_BUFFER); + AssertNotNull(rsaPrivKey = (byte*)XMALLOC(TWOK_BUF, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER)); rsaPrivKeySz = (word32)sizeof_client_key_der_2048; XMEMCPY(rsaPrivKey, client_key_der_2048, rsaPrivKeySz); @@ -14646,13 +14678,14 @@ static void test_wc_PKCS7_EncodeDecodeEnvelopedData (void) certFile = fopen(rsaClientCert, "rb"); AssertNotNull(certFile); rsaCertSz = (word32)FOURK_BUF; - rsaCert = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + AssertNotNull(rsaCert = + (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)); rsaCertSz = (word32)fread(rsaCert, 1, rsaCertSz, certFile); fclose(certFile); keyFile = fopen(rsaClientKey, "rb"); AssertNotNull(keyFile); - rsaPrivKey = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, - DYNAMIC_TYPE_TMP_BUFFER); + AssertNotNull(rsaPrivKey = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER)); rsaPrivKeySz = (word32)FOURK_BUF; rsaPrivKeySz = (word32)fread(rsaPrivKey, 1, rsaPrivKeySz, keyFile); fclose(keyFile); @@ -14664,26 +14697,28 @@ static void test_wc_PKCS7_EncodeDecodeEnvelopedData (void) !defined(NO_SHA256) || !defined(NO_SHA512))) #ifdef USE_CERT_BUFFERS_256 - eccCert = (byte*)XMALLOC(TWOK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + AssertNotNull(eccCert = + (byte*)XMALLOC(TWOK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)); /* Init buffer. */ - eccCertSz = (word32)sizeof_cliecc_cert_der_256; + eccCertSz = (word32)sizeof_cliecc_cert_der_256; XMEMCPY(eccCert, cliecc_cert_der_256, eccCertSz); - eccPrivKey = (byte*)XMALLOC(TWOK_BUF, HEAP_HINT, - DYNAMIC_TYPE_TMP_BUFFER); + AssertNotNull(eccPrivKey = (byte*)XMALLOC(TWOK_BUF, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER)); eccPrivKeySz = (word32)sizeof_ecc_clikey_der_256; XMEMCPY(eccPrivKey, ecc_clikey_der_256, eccPrivKeySz); #else /* File system. */ certFile = fopen(eccClientCert, "rb"); AssertNotNull(certFile); eccCertSz = (word32)FOURK_BUF; - eccCert = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + AssertNotNull(eccCert = + (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)); eccCertSz = (word32)fread(eccCert, 1, eccCertSz, certFile); fclose(certFile); keyFile = fopen(eccClientKey, "rb"); AssertNotNull(keyFile); eccPrivKeySz = (word32)FOURK_BUF; - eccPrivKey = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, - DYNAMIC_TYPE_TMP_BUFFER); + AssertNotNull(eccPrivKey = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER)); eccPrivKeySz = (word32)fread(eccPrivKey, 1, eccPrivKeySz, keyFile); fclose(keyFile); #endif /* USE_CERT_BUFFERS_256 */ @@ -14732,6 +14767,9 @@ static void test_wc_PKCS7_EncodeDecodeEnvelopedData (void) }; /* END pkcs7EnvelopedVector */ printf(testingFmt, "wc_PKCS7_EncodeEnvelopedData()"); + + AssertIntEQ(wc_PKCS7_Init(&pkcs7, HEAP_HINT, devId), 0); + testSz = (int)sizeof(testVectors)/(int)sizeof(pkcs7EnvelopedVector); for (i = 0; i < testSz; i++) { AssertIntEQ(wc_PKCS7_InitWithCert(&pkcs7, (testVectors + i)->cert, @@ -15682,57 +15720,124 @@ static void test_wolfSSL_private_keys(void) static void test_wolfSSL_PEM_PrivateKey(void) { - #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ - !defined(NO_FILESYSTEM) && !defined(NO_RSA) && \ - (defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN)) && \ - defined(USE_CERT_BUFFERS_2048) - const unsigned char* server_key = (const unsigned char*)server_key_der_2048; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ + (!defined(NO_RSA) || defined(HAVE_ECC)) && \ + defined(USE_CERT_BUFFERS_2048) + + BIO* bio = NULL; EVP_PKEY* pkey = NULL; - EVP_PKEY* pkey2 = NULL; - BIO* bio; - unsigned char extra[10]; - int i; + const unsigned char* server_key = (const unsigned char*)server_key_der_2048; - printf(testingFmt, "wolfSSL_PEM_PrivateKey()"); + /* test creating new EVP_PKEY with bad arg */ + AssertNull((pkey = PEM_read_bio_PrivateKey(NULL, NULL, NULL, NULL))); - XMEMSET(extra, 0, sizeof(extra)); - AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); - AssertIntEQ(BIO_set_write_buf_size(bio, 4096), SSL_FAILURE); + /* test loading RSA key using BIO */ +#if !defined(NO_RSA) && !defined(NO_FILESYSTEM) + { + XFILE file; + const char* fname = "./certs/server-key.pem"; + size_t sz; + byte* buf; - AssertNull(d2i_PrivateKey(EVP_PKEY_EC, &pkey, - &server_key, (long)sizeof_server_key_der_2048)); - AssertNull(pkey); + file = XFOPEN(fname, "rb"); + AssertTrue((file != XBADFILE)); + XFSEEK(file, 0, XSEEK_END); + sz = XFTELL(file); + XREWIND(file); + AssertNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE)); + AssertIntEQ(XFREAD(buf, 1, sz, file), sz); + XFCLOSE(file); - AssertNotNull(wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, &pkey, - &server_key, (long)sizeof_server_key_der_2048)); - AssertIntEQ(PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL), - WOLFSSL_SUCCESS); - - /* test of creating new EVP_PKEY */ - AssertNotNull((pkey2 = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL))); - AssertIntEQ((int)XMEMCMP(pkey->pkey.ptr, pkey2->pkey.ptr, pkey->pkey_sz),0); - - /* test of reuse of EVP_PKEY */ - AssertNull(PEM_read_bio_PrivateKey(bio, &pkey, NULL, NULL)); - AssertIntEQ(BIO_pending(bio), 0); - AssertIntEQ(PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL), - SSL_SUCCESS); - AssertIntEQ(BIO_write(bio, extra, 10), 10); /*add 10 extra bytes after PEM*/ - AssertNotNull(PEM_read_bio_PrivateKey(bio, &pkey, NULL, NULL)); - AssertNotNull(pkey); - AssertIntEQ((int)XMEMCMP(pkey->pkey.ptr, pkey2->pkey.ptr, pkey->pkey_sz),0); - AssertIntEQ(BIO_pending(bio), 10); /* check 10 extra bytes still there */ - AssertIntEQ(BIO_read(bio, extra, 10), 10); - for (i = 0; i < 10; i++) { - AssertIntEQ(extra[i], 0); + /* Test using BIO new mem and loading PEM private key */ + AssertNotNull(bio = BIO_new_mem_buf(buf, (int)sz)); + AssertNotNull((pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL))); + XFREE(buf, NULL, DYNAMIC_TYPE_FILE); + BIO_free(bio); + bio = NULL; + EVP_PKEY_free(pkey); + pkey = NULL; } +#endif - BIO_free(bio); - EVP_PKEY_free(pkey); - EVP_PKEY_free(pkey2); + /* test loading ECC key using BIO */ +#if defined(HAVE_ECC) && !defined(NO_FILESYSTEM) + { + XFILE file; + const char* fname = "./certs/ecc-key.pem"; + size_t sz; + byte* buf; + + file = XFOPEN(fname, "rb"); + AssertTrue((file != XBADFILE)); + XFSEEK(file, 0, XSEEK_END); + sz = XFTELL(file); + XREWIND(file); + AssertNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE)); + AssertIntEQ(XFREAD(buf, 1, sz, file), sz); + XFCLOSE(file); + + /* Test using BIO new mem and loading PEM private key */ + AssertNotNull(bio = BIO_new_mem_buf(buf, (int)sz)); + AssertNotNull((pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL))); + XFREE(buf, NULL, DYNAMIC_TYPE_FILE); + BIO_free(bio); + bio = NULL; + EVP_PKEY_free(pkey); + pkey = NULL; + } +#endif + +#if !defined(NO_RSA) && (defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN)) + { + EVP_PKEY* pkey2 = NULL; + unsigned char extra[10]; + int i; + + printf(testingFmt, "wolfSSL_PEM_PrivateKey()"); + + XMEMSET(extra, 0, sizeof(extra)); + + AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); + AssertIntEQ(BIO_set_write_buf_size(bio, 4096), SSL_FAILURE); + + AssertNull(d2i_PrivateKey(EVP_PKEY_EC, &pkey, + &server_key, (long)sizeof_server_key_der_2048)); + AssertNull(pkey); + + AssertNotNull(wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, &pkey, + &server_key, (long)sizeof_server_key_der_2048)); + AssertIntEQ(PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL), + WOLFSSL_SUCCESS); + + /* test creating new EVP_PKEY with good args */ + AssertNotNull((pkey2 = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL))); + AssertIntEQ((int)XMEMCMP(pkey->pkey.ptr, pkey2->pkey.ptr, pkey->pkey_sz),0); + + /* test of reuse of EVP_PKEY */ + AssertNull(PEM_read_bio_PrivateKey(bio, &pkey, NULL, NULL)); + AssertIntEQ(BIO_pending(bio), 0); + AssertIntEQ(PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL), + SSL_SUCCESS); + AssertIntEQ(BIO_write(bio, extra, 10), 10); /*add 10 extra bytes after PEM*/ + AssertNotNull(PEM_read_bio_PrivateKey(bio, &pkey, NULL, NULL)); + AssertNotNull(pkey); + AssertIntEQ((int)XMEMCMP(pkey->pkey.ptr, pkey2->pkey.ptr, pkey->pkey_sz),0); + AssertIntEQ(BIO_pending(bio), 10); /* check 10 extra bytes still there */ + AssertIntEQ(BIO_read(bio, extra, 10), 10); + for (i = 0; i < 10; i++) { + AssertIntEQ(extra[i], 0); + } + + BIO_free(bio); + bio = NULL; + EVP_PKEY_free(pkey); + pkey = NULL; + EVP_PKEY_free(pkey2); + } + #endif /* key is DES encrypted */ - #if !defined(NO_DES3) && defined(WOLFSSL_ENCRYPTED_KEYS) + #if !defined(NO_DES3) && defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_FILESYSTEM) { pem_password_cb* passwd_cb; void* passwd_cb_userdata; @@ -15768,12 +15873,14 @@ static void test_wolfSSL_PEM_PrivateKey(void) AssertIntEQ(SSL_CTX_use_PrivateKey(ctx, pkey), SSL_SUCCESS); EVP_PKEY_free(pkey); + pkey = NULL; BIO_free(bio); + bio = NULL; SSL_CTX_free(ctx); } #endif /* !defined(NO_DES3) */ - #ifdef HAVE_ECC + #if defined(HAVE_ECC) && !defined(NO_FILESYSTEM) { unsigned char buf[2048]; size_t bytes; @@ -15798,12 +15905,18 @@ static void test_wolfSSL_PEM_PrivateKey(void) AssertIntEQ(SSL_CTX_use_PrivateKey(ctx, pkey), SSL_SUCCESS); EVP_PKEY_free(pkey); + pkey = NULL; SSL_CTX_free(ctx); } #endif printf(resultFmt, passed); - #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) */ + + (void)server_key; + (void)bio; + (void)pkey; + +#endif /* OPENSSL_EXTRA && !NO_CERTS && !NO_RSA && USE_CERT_BUFFERS_2048 */ } @@ -16082,6 +16195,7 @@ static void test_wolfSSL_CTX_add_extra_chain_cert(void) } +#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) static void test_wolfSSL_ERR_peek_last_error_line(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ @@ -16185,6 +16299,7 @@ static void test_wolfSSL_ERR_peek_last_error_line(void) #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ !defined(NO_FILESYSTEM) && !defined(DEBUG_WOLFSSL) */ } +#endif #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ !defined(NO_FILESYSTEM) && !defined(NO_RSA) @@ -16663,7 +16778,8 @@ static void test_wolfSSL_msgCb(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ !defined(NO_FILESYSTEM) && defined(DEBUG_WOLFSSL) && \ - defined(HAVE_IO_TESTS_DEPENDENCIES) + defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(NO_WOLFSSL_CLIENT) && \ + !defined(NO_WOLFSSL_SERVER) tcp_ready ready; func_args client_args; @@ -17295,7 +17411,7 @@ static void test_wolfSSL_pseudo_rand(void) #endif } -static void test_wolfSSL_pkcs8(void) +static void test_wolfSSL_PKCS8_Compat(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && defined(HAVE_ECC) PKCS8_PRIV_KEY_INFO* pt; @@ -17514,6 +17630,11 @@ static void test_wolfSSL_BIO_gets(void) printf(testingFmt, "wolfSSL_X509_BIO_gets()"); + /* try with bad args */ + AssertNull(bio = BIO_new_mem_buf(NULL, sizeof(msg))); + AssertNull(bio = BIO_new_mem_buf((void*)msg, -1)); + + /* try with real msg */ AssertNotNull(bio = BIO_new_mem_buf((void*)msg, sizeof(msg))); XMEMSET(buffer, 0, bufferSz); AssertNotNull(BIO_push(bio, BIO_new(BIO_s_bio()))); @@ -18538,14 +18659,16 @@ static void test_wolfSSL_ASN1_TIME_to_generalizedtime(void){ printf(testingFmt, "wolfSSL_ASN1_TIME_to_generalizedtime()"); /* UTC Time test */ - t = (WOLFSSL_ASN1_TIME*)XMALLOC(sizeof(WOLFSSL_ASN1_TIME), NULL, DYNAMIC_TYPE_TMP_BUFFER); + AssertNotNull(t = (WOLFSSL_ASN1_TIME*)XMALLOC(sizeof(WOLFSSL_ASN1_TIME), + NULL, DYNAMIC_TYPE_TMP_BUFFER)); XMEMSET(t->data, 0, ASN_GENERALIZED_TIME_SIZE); - out = (WOLFSSL_ASN1_TIME*)XMALLOC(sizeof(WOLFSSL_ASN1_TIME), NULL, DYNAMIC_TYPE_TMP_BUFFER); + AssertNotNull(out = (WOLFSSL_ASN1_TIME*)XMALLOC(sizeof(WOLFSSL_ASN1_TIME), + NULL, DYNAMIC_TYPE_TMP_BUFFER)); t->data[0] = ASN_UTC_TIME; t->data[1] = ASN_UTC_TIME_SIZE; XMEMCPY(t->data + 2,"050727123456Z",ASN_UTC_TIME_SIZE); - gtime = wolfSSL_ASN1_TIME_to_generalizedtime(t, &out); + AssertNotNull(gtime = wolfSSL_ASN1_TIME_to_generalizedtime(t, &out)); AssertIntEQ(gtime->data[0], ASN_GENERALIZED_TIME); AssertIntEQ(gtime->data[1], ASN_GENERALIZED_TIME_SIZE); AssertStrEQ((char*)gtime->data + 2, "20050727123456Z"); @@ -18557,7 +18680,7 @@ static void test_wolfSSL_ASN1_TIME_to_generalizedtime(void){ t->data[0] = ASN_GENERALIZED_TIME; t->data[1] = ASN_GENERALIZED_TIME_SIZE; XMEMCPY(t->data + 2,"20050727123456Z",ASN_GENERALIZED_TIME_SIZE); - gtime = wolfSSL_ASN1_TIME_to_generalizedtime(t, &out); + AssertNotNull(gtime = wolfSSL_ASN1_TIME_to_generalizedtime(t, &out)); AssertIntEQ(gtime->data[0], ASN_GENERALIZED_TIME); AssertIntEQ(gtime->data[1], ASN_GENERALIZED_TIME_SIZE); AssertStrEQ((char*)gtime->data + 2, "20050727123456Z"); @@ -18915,7 +19038,7 @@ static void test_wc_ecc_get_curve_id_from_params(void) #endif /* NO_CERTS */ #ifdef WOLFSSL_TLS13 -#ifdef WOLFSSL_SEND_HRR_COOKIE +#if defined(WOLFSSL_SEND_HRR_COOKIE) && !defined(NO_WOLFSSL_SERVER) static byte fixedKey[WC_SHA384_DIGEST_SIZE] = { 0, }; #endif #ifdef WOLFSSL_EARLY_DATA @@ -18927,19 +19050,27 @@ static int test_tls13_apis(void) { int ret = 0; #ifndef WOLFSSL_NO_TLS12 +#ifndef NO_WOLFSSL_CLIENT WOLFSSL_CTX* clientTls12Ctx; WOLFSSL* clientTls12Ssl; +#endif +#ifndef NO_WOLFSSL_SERVER WOLFSSL_CTX* serverTls12Ctx; WOLFSSL* serverTls12Ssl; #endif +#endif +#ifndef NO_WOLFSSL_CLIENT WOLFSSL_CTX* clientCtx; WOLFSSL* clientSsl; +#endif +#ifndef NO_WOLFSSL_SERVER WOLFSSL_CTX* serverCtx; WOLFSSL* serverSsl; #ifndef NO_CERTS const char* ourCert = svrCertFile; const char* ourKey = svrKeyFile; #endif +#endif #ifdef WOLFSSL_EARLY_DATA int outSz; #endif @@ -18947,8 +19078,11 @@ static int test_tls13_apis(void) int numGroups = 1; #ifndef WOLFSSL_NO_TLS12 +#ifndef NO_WOLFSSL_CLIENT clientTls12Ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()); clientTls12Ssl = wolfSSL_new(clientTls12Ctx); +#endif +#ifndef NO_WOLFSSL_SERVER serverTls12Ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method()); #ifndef NO_CERTS wolfSSL_CTX_use_certificate_chain_file(serverTls12Ctx, ourCert); @@ -18956,19 +19090,27 @@ static int test_tls13_apis(void) #endif serverTls12Ssl = wolfSSL_new(serverTls12Ctx); #endif +#endif +#ifndef NO_WOLFSSL_CLIENT clientCtx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()); clientSsl = wolfSSL_new(clientCtx); +#endif +#ifndef NO_WOLFSSL_SERVER serverCtx = wolfSSL_CTX_new(wolfTLSv1_3_server_method()); #ifndef NO_CERTS wolfSSL_CTX_use_certificate_chain_file(serverCtx, ourCert); wolfSSL_CTX_use_PrivateKey_file(serverCtx, ourKey, WOLFSSL_FILETYPE_PEM); #endif serverSsl = wolfSSL_new(serverCtx); +#endif #ifdef WOLFSSL_SEND_HRR_COOKIE AssertIntEQ(wolfSSL_send_hrr_cookie(NULL, NULL, 0), BAD_FUNC_ARG); +#ifndef NO_WOLFSSL_CLIENT AssertIntEQ(wolfSSL_send_hrr_cookie(clientSsl, NULL, 0), SIDE_ERROR); +#endif +#ifndef NO_WOLFSSL_SERVER #ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_send_hrr_cookie(serverTls12Ssl, NULL, 0), BAD_FUNC_ARG); #endif @@ -18977,117 +19119,171 @@ static int test_tls13_apis(void) AssertIntEQ(wolfSSL_send_hrr_cookie(serverSsl, fixedKey, sizeof(fixedKey)), WOLFSSL_SUCCESS); #endif +#endif #ifdef HAVE_ECC AssertIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_SECP256R1), BAD_FUNC_ARG); +#ifndef NO_WOLFSSL_SERVER AssertIntEQ(wolfSSL_UseKeyShare(serverSsl, WOLFSSL_ECC_SECP256R1), WOLFSSL_SUCCESS); +#endif +#ifndef NO_WOLFSSL_CLIENT #ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_UseKeyShare(clientTls12Ssl, WOLFSSL_ECC_SECP256R1), WOLFSSL_SUCCESS); #endif AssertIntEQ(wolfSSL_UseKeyShare(clientSsl, WOLFSSL_ECC_SECP256R1), WOLFSSL_SUCCESS); +#endif #elif defined(HAVE_CURVE25519) AssertIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_X25519), BAD_FUNC_ARG); +#ifndef NO_WOLFSSL_SERVER AssertIntEQ(wolfSSL_UseKeyShare(serverSsl, WOLFSSL_ECC_X25519), WOLFSSL_SUCCESS); +#endif +#ifndef NO_WOLFSSL_CLIENT #ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_UseKeyShare(clientTls12Ssl, WOLFSSL_ECC_X25519), WOLFSSL_SUCCESS); #endif AssertIntEQ(wolfSSL_UseKeyShare(clientSsl, WOLFSSL_ECC_X25519), WOLFSSL_SUCCESS); +#endif #else AssertIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_SECP256R1), BAD_FUNC_ARG); +#ifndef NO_WOLFSSL_CLIENT #ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_UseKeyShare(clientTls12Ssl, WOLFSSL_ECC_SECP256R1), NOT_COMPILED_IN); #endif AssertIntEQ(wolfSSL_UseKeyShare(clientSsl, WOLFSSL_ECC_SECP256R1), NOT_COMPILED_IN); +#endif #endif AssertIntEQ(wolfSSL_NoKeyShares(NULL), BAD_FUNC_ARG); +#ifndef NO_WOLFSSL_SERVER AssertIntEQ(wolfSSL_NoKeyShares(serverSsl), SIDE_ERROR); +#endif +#ifndef NO_WOLFSSL_CLIENT #ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_NoKeyShares(clientTls12Ssl), WOLFSSL_SUCCESS); #endif AssertIntEQ(wolfSSL_NoKeyShares(clientSsl), WOLFSSL_SUCCESS); +#endif AssertIntEQ(wolfSSL_CTX_no_ticket_TLSv13(NULL), BAD_FUNC_ARG); +#ifndef NO_WOLFSSL_CLIENT AssertIntEQ(wolfSSL_CTX_no_ticket_TLSv13(clientCtx), SIDE_ERROR); +#endif +#ifndef NO_WOLFSSL_SERVER #ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_CTX_no_ticket_TLSv13(serverTls12Ctx), BAD_FUNC_ARG); #endif AssertIntEQ(wolfSSL_CTX_no_ticket_TLSv13(serverCtx), 0); +#endif AssertIntEQ(wolfSSL_no_ticket_TLSv13(NULL), BAD_FUNC_ARG); +#ifndef NO_WOLFSSL_CLIENT AssertIntEQ(wolfSSL_no_ticket_TLSv13(clientSsl), SIDE_ERROR); +#endif +#ifndef NO_WOLFSSL_SERVER #ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_no_ticket_TLSv13(serverTls12Ssl), BAD_FUNC_ARG); #endif AssertIntEQ(wolfSSL_no_ticket_TLSv13(serverSsl), 0); +#endif AssertIntEQ(wolfSSL_CTX_no_dhe_psk(NULL), BAD_FUNC_ARG); +#ifndef NO_WOLFSSL_CLIENT #ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_CTX_no_dhe_psk(clientTls12Ctx), BAD_FUNC_ARG); #endif - AssertIntEQ(wolfSSL_CTX_no_dhe_psk(serverCtx), 0); AssertIntEQ(wolfSSL_CTX_no_dhe_psk(clientCtx), 0); +#endif +#ifndef NO_WOLFSSL_SERVER + AssertIntEQ(wolfSSL_CTX_no_dhe_psk(serverCtx), 0); +#endif AssertIntEQ(wolfSSL_no_dhe_psk(NULL), BAD_FUNC_ARG); +#ifndef NO_WOLFSSL_CLIENT #ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_no_dhe_psk(clientTls12Ssl), BAD_FUNC_ARG); #endif - AssertIntEQ(wolfSSL_no_dhe_psk(serverSsl), 0); AssertIntEQ(wolfSSL_no_dhe_psk(clientSsl), 0); +#endif +#ifndef NO_WOLFSSL_SERVER + AssertIntEQ(wolfSSL_no_dhe_psk(serverSsl), 0); +#endif AssertIntEQ(wolfSSL_update_keys(NULL), BAD_FUNC_ARG); +#ifndef NO_WOLFSSL_CLIENT #ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_update_keys(clientTls12Ssl), BAD_FUNC_ARG); #endif - AssertIntEQ(wolfSSL_update_keys(serverSsl), BUILD_MSG_ERROR); AssertIntEQ(wolfSSL_update_keys(clientSsl), BUILD_MSG_ERROR); +#endif +#ifndef NO_WOLFSSL_SERVER + AssertIntEQ(wolfSSL_update_keys(serverSsl), BUILD_MSG_ERROR); +#endif #if !defined(NO_CERTS) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) AssertIntEQ(wolfSSL_CTX_allow_post_handshake_auth(NULL), BAD_FUNC_ARG); +#ifndef NO_WOLFSSL_SERVER AssertIntEQ(wolfSSL_CTX_allow_post_handshake_auth(serverCtx), SIDE_ERROR); +#endif +#ifndef NO_WOLFSSL_CLIENT #ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_CTX_allow_post_handshake_auth(clientTls12Ctx), BAD_FUNC_ARG); #endif AssertIntEQ(wolfSSL_CTX_allow_post_handshake_auth(clientCtx), 0); +#endif AssertIntEQ(wolfSSL_allow_post_handshake_auth(NULL), BAD_FUNC_ARG); +#ifndef NO_WOLFSSL_SERVER AssertIntEQ(wolfSSL_allow_post_handshake_auth(serverSsl), SIDE_ERROR); +#endif +#ifndef NO_WOLFSSL_CLIENT #ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_allow_post_handshake_auth(clientTls12Ssl), BAD_FUNC_ARG); #endif AssertIntEQ(wolfSSL_allow_post_handshake_auth(clientSsl), 0); +#endif AssertIntEQ(wolfSSL_request_certificate(NULL), BAD_FUNC_ARG); +#ifndef NO_WOLFSSL_CLIENT AssertIntEQ(wolfSSL_request_certificate(clientSsl), SIDE_ERROR); +#endif +#ifndef NO_WOLFSSL_SERVER #ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_request_certificate(serverTls12Ssl), BAD_FUNC_ARG); #endif AssertIntEQ(wolfSSL_request_certificate(serverSsl), NOT_READY_ERROR); #endif +#endif #ifndef WOLFSSL_NO_SERVER_GROUPS_EXT AssertIntEQ(wolfSSL_preferred_group(NULL), BAD_FUNC_ARG); +#ifndef NO_WOLFSSL_SERVER AssertIntEQ(wolfSSL_preferred_group(serverSsl), SIDE_ERROR); +#endif +#ifndef NO_WOLFSSL_CLIENT #ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_preferred_group(clientTls12Ssl), BAD_FUNC_ARG); #endif AssertIntEQ(wolfSSL_preferred_group(clientSsl), NOT_READY_ERROR); +#endif #endif AssertIntEQ(wolfSSL_CTX_set_groups(NULL, NULL, 0), BAD_FUNC_ARG); +#ifndef NO_WOLFSSL_CLIENT AssertIntEQ(wolfSSL_CTX_set_groups(clientCtx, NULL, 0), BAD_FUNC_ARG); +#endif AssertIntEQ(wolfSSL_CTX_set_groups(NULL, groups, numGroups), BAD_FUNC_ARG); +#ifndef NO_WOLFSSL_CLIENT #ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_CTX_set_groups(clientTls12Ctx, groups, numGroups), BAD_FUNC_ARG); @@ -19097,12 +19293,18 @@ static int test_tls13_apis(void) BAD_FUNC_ARG); AssertIntEQ(wolfSSL_CTX_set_groups(clientCtx, groups, numGroups), WOLFSSL_SUCCESS); +#endif +#ifndef NO_WOLFSSL_SERVER AssertIntEQ(wolfSSL_CTX_set_groups(serverCtx, groups, numGroups), WOLFSSL_SUCCESS); +#endif AssertIntEQ(wolfSSL_set_groups(NULL, NULL, 0), BAD_FUNC_ARG); +#ifndef NO_WOLFSSL_CLIENT AssertIntEQ(wolfSSL_set_groups(clientSsl, NULL, 0), BAD_FUNC_ARG); +#endif AssertIntEQ(wolfSSL_set_groups(NULL, groups, numGroups), BAD_FUNC_ARG); +#ifndef NO_WOLFSSL_CLIENT #ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_set_groups(clientTls12Ssl, groups, numGroups), BAD_FUNC_ARG); @@ -19111,27 +19313,39 @@ static int test_tls13_apis(void) WOLFSSL_MAX_GROUP_COUNT + 1), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_set_groups(clientSsl, groups, numGroups), WOLFSSL_SUCCESS); +#endif +#ifndef NO_WOLFSSL_SERVER AssertIntEQ(wolfSSL_set_groups(serverSsl, groups, numGroups), WOLFSSL_SUCCESS); +#endif #ifdef WOLFSSL_EARLY_DATA AssertIntEQ(wolfSSL_CTX_set_max_early_data(NULL, 0), BAD_FUNC_ARG); +#ifndef NO_WOLFSSL_CLIENT AssertIntEQ(wolfSSL_CTX_set_max_early_data(clientCtx, 0), SIDE_ERROR); +#endif +#ifndef NO_WOLFSSL_SERVER #ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_CTX_set_max_early_data(serverTls12Ctx, 0), BAD_FUNC_ARG); #endif AssertIntEQ(wolfSSL_CTX_set_max_early_data(serverCtx, 0), 0); +#endif AssertIntEQ(wolfSSL_set_max_early_data(NULL, 0), BAD_FUNC_ARG); +#ifndef NO_WOLFSSL_CLIENT AssertIntEQ(wolfSSL_set_max_early_data(clientSsl, 0), SIDE_ERROR); +#endif +#ifndef NO_WOLFSSL_SERVER #ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_set_max_early_data(serverTls12Ssl, 0), BAD_FUNC_ARG); #endif AssertIntEQ(wolfSSL_set_max_early_data(serverSsl, 0), 0); +#endif AssertIntEQ(wolfSSL_write_early_data(NULL, earlyData, sizeof(earlyData), &outSz), BAD_FUNC_ARG); +#ifndef NO_WOLFSSL_CLIENT AssertIntEQ(wolfSSL_write_early_data(clientSsl, NULL, sizeof(earlyData), &outSz), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_write_early_data(clientSsl, earlyData, -1, &outSz), @@ -19139,9 +19353,13 @@ static int test_tls13_apis(void) AssertIntEQ(wolfSSL_write_early_data(clientSsl, earlyData, sizeof(earlyData), NULL), BAD_FUNC_ARG); +#endif +#ifndef NO_WOLFSSL_SERVER AssertIntEQ(wolfSSL_write_early_data(serverSsl, earlyData, sizeof(earlyData), &outSz), SIDE_ERROR); +#endif +#ifndef NO_WOLFSSL_CLIENT #ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_write_early_data(clientTls12Ssl, earlyData, sizeof(earlyData), &outSz), @@ -19150,10 +19368,12 @@ static int test_tls13_apis(void) AssertIntEQ(wolfSSL_write_early_data(clientSsl, earlyData, sizeof(earlyData), &outSz), WOLFSSL_FATAL_ERROR); +#endif AssertIntEQ(wolfSSL_read_early_data(NULL, earlyDataBuffer, sizeof(earlyDataBuffer), &outSz), BAD_FUNC_ARG); +#ifndef NO_WOLFSSL_SERVER AssertIntEQ(wolfSSL_read_early_data(serverSsl, NULL, sizeof(earlyDataBuffer), &outSz), BAD_FUNC_ARG); @@ -19162,9 +19382,13 @@ static int test_tls13_apis(void) AssertIntEQ(wolfSSL_read_early_data(serverSsl, earlyDataBuffer, sizeof(earlyDataBuffer), NULL), BAD_FUNC_ARG); +#endif +#ifndef NO_WOLFSSL_CLIENT AssertIntEQ(wolfSSL_read_early_data(clientSsl, earlyDataBuffer, sizeof(earlyDataBuffer), &outSz), SIDE_ERROR); +#endif +#ifndef NO_WOLFSSL_SERVER #ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_read_early_data(serverTls12Ssl, earlyDataBuffer, sizeof(earlyDataBuffer), &outSz), @@ -19174,17 +19398,26 @@ static int test_tls13_apis(void) sizeof(earlyDataBuffer), &outSz), WOLFSSL_FATAL_ERROR); #endif +#endif +#ifndef NO_WOLFSSL_SERVER wolfSSL_free(serverSsl); wolfSSL_CTX_free(serverCtx); +#endif +#ifndef NO_WOLFSSL_CLIENT wolfSSL_free(clientSsl); wolfSSL_CTX_free(clientCtx); +#endif #ifndef WOLFSSL_NO_TLS12 +#ifndef NO_WOLFSSL_SERVER wolfSSL_free(serverTls12Ssl); wolfSSL_CTX_free(serverTls12Ctx); +#endif +#ifndef NO_WOLFSSL_CLIENT wolfSSL_free(clientTls12Ssl); wolfSSL_CTX_free(clientTls12Ctx); +#endif #endif return ret; @@ -19268,7 +19501,11 @@ static void test_DhCallbacks(void) printf(testingFmt, "test_DhCallbacks"); +#ifndef NO_WOLFSSL_CLIENT AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); +#else + AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); +#endif wolfSSL_CTX_SetDhAgreeCb(ctx, &my_DhCallback); /* load client ca cert */ @@ -19405,7 +19642,8 @@ static void test_DhCallbacks(void) #ifdef HAVE_HASHDRBG -static int test_wc_RNG_GenerateBlock() +#ifdef TEST_RESEED_INTERVAL +static int test_wc_RNG_GenerateBlock_Reseed() { int i, ret; WC_RNG rng; @@ -19426,6 +19664,29 @@ static int test_wc_RNG_GenerateBlock() return ret; } +#endif /* TEST_RESEED_INTERVAL */ + +static int test_wc_RNG_GenerateBlock() +{ + int i, ret; + WC_RNG rng; + byte key[32]; + + ret = wc_InitRng(&rng); + + if (ret == 0) { + for(i = 0; i < 10; i++) { + ret = wc_RNG_GenerateBlock(&rng, key, sizeof(key)); + if (ret != 0) { + break; + } + } + } + + wc_FreeRng(&rng); + + return ret; +} #endif static void test_wolfSSL_X509_CRL(void) @@ -19503,7 +19764,8 @@ static void test_wolfSSL_i2c_ASN1_INTEGER() a->intData[2] = 40; ret = wolfSSL_i2c_ASN1_INTEGER(a, NULL); AssertIntEQ(ret, 1); - pp = (unsigned char*)XMALLOC(ret + 1, NULL, DYNAMIC_TYPE_TMP_BUFFER); + AssertNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL, + DYNAMIC_TYPE_TMP_BUFFER)); tpp = pp; XMEMSET(pp, 0, ret + 1); wolfSSL_i2c_ASN1_INTEGER(a, &pp); @@ -19517,7 +19779,8 @@ static void test_wolfSSL_i2c_ASN1_INTEGER() a->intData[2] = 128; ret = wolfSSL_i2c_ASN1_INTEGER(a, NULL); AssertIntEQ(ret, 2); - pp = (unsigned char*)XMALLOC(ret + 1, NULL, DYNAMIC_TYPE_TMP_BUFFER); + AssertNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL, + DYNAMIC_TYPE_TMP_BUFFER)); tpp = pp; XMEMSET(pp, 0, ret + 1); wolfSSL_i2c_ASN1_INTEGER(a, &pp); @@ -19533,7 +19796,8 @@ static void test_wolfSSL_i2c_ASN1_INTEGER() a->negative = 1; ret = wolfSSL_i2c_ASN1_INTEGER(a, NULL); AssertIntEQ(ret, 1); - pp = (unsigned char*)XMALLOC(ret + 1, NULL, DYNAMIC_TYPE_TMP_BUFFER); + AssertNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL, + DYNAMIC_TYPE_TMP_BUFFER)); tpp = pp; XMEMSET(pp, 0, ret + 1); wolfSSL_i2c_ASN1_INTEGER(a, &pp); @@ -19548,7 +19812,8 @@ static void test_wolfSSL_i2c_ASN1_INTEGER() a->negative = 1; ret = wolfSSL_i2c_ASN1_INTEGER(a, NULL); AssertIntEQ(ret, 1); - pp = (unsigned char*)XMALLOC(ret + 1, NULL, DYNAMIC_TYPE_TMP_BUFFER); + AssertNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL, + DYNAMIC_TYPE_TMP_BUFFER)); tpp = pp; XMEMSET(pp, 0, ret + 1); wolfSSL_i2c_ASN1_INTEGER(a, &pp); @@ -19563,7 +19828,8 @@ static void test_wolfSSL_i2c_ASN1_INTEGER() a->negative = 1; ret = wolfSSL_i2c_ASN1_INTEGER(a, NULL); AssertIntEQ(ret, 2); - pp = (unsigned char*)XMALLOC(ret + 1, NULL, DYNAMIC_TYPE_TMP_BUFFER); + AssertNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL, + DYNAMIC_TYPE_TMP_BUFFER)); tpp = pp; XMEMSET(pp, 0, ret + 1); wolfSSL_i2c_ASN1_INTEGER(a, &pp); @@ -19601,7 +19867,9 @@ void ApiTest(void) test_client_wolfSSL_new(); test_wolfSSL_SetTmpDH_file(); test_wolfSSL_SetTmpDH_buffer(); +#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) test_wolfSSL_read_write(); +#endif test_wolfSSL_dtls_export(); AssertIntEQ(test_wolfSSL_SetMinVersion(), WOLFSSL_SUCCESS); AssertIntEQ(test_wolfSSL_CTX_SetMinVersion(), WOLFSSL_SUCCESS); @@ -19642,7 +19910,9 @@ void ApiTest(void) test_wolfSSL_EVP_PKEY_new_mac_key(); test_wolfSSL_EVP_MD_hmac_signing(); test_wolfSSL_CTX_add_extra_chain_cert(); +#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) test_wolfSSL_ERR_peek_last_error_line(); +#endif test_wolfSSL_set_options(); test_wolfSSL_X509_STORE_CTX(); test_wolfSSL_msgCb(); @@ -19665,7 +19935,7 @@ void ApiTest(void) test_wolfSSL_CTX_set_srp_username(); test_wolfSSL_CTX_set_srp_password(); test_wolfSSL_pseudo_rand(); - test_wolfSSL_pkcs8(); + test_wolfSSL_PKCS8_Compat(); test_wolfSSL_ERR_put_error(); test_wolfSSL_HMAC(); test_wolfSSL_OBJ(); @@ -19854,6 +20124,9 @@ void ApiTest(void) #endif #ifdef HAVE_HASHDRBG + #ifdef TEST_RESEED_INTERVAL + AssertIntEQ(test_wc_RNG_GenerateBlock_Reseed(), 0); + #endif AssertIntEQ(test_wc_RNG_GenerateBlock(), 0); #endif diff --git a/tests/suites.c b/tests/suites.c index bf25430e87..16bf850ce3 100644 --- a/tests/suites.c +++ b/tests/suites.c @@ -703,15 +703,17 @@ int SuiteTest(void) #endif #ifndef NO_PSK #ifndef WOLFSSL_NO_TLS12 - /* add psk cipher suites */ - strcpy(argv0[1], "tests/test-psk.conf"); - printf("starting psk cipher suite tests\n"); - test_harness(&args); - if (args.return_code != 0) { - printf("error from script %d\n", args.return_code); - args.return_code = EXIT_FAILURE; - goto exit; - } + #if !defined(NO_RSA) || defined(HAVE_ECC) + /* add psk cipher suites */ + strcpy(argv0[1], "tests/test-psk.conf"); + printf("starting psk cipher suite tests\n"); + test_harness(&args); + if (args.return_code != 0) { + printf("error from script %d\n", args.return_code); + args.return_code = EXIT_FAILURE; + goto exit; + } + #endif #endif #ifdef WOLFSSL_TLS13 /* add psk extra suites */ diff --git a/tests/test-fails.conf b/tests/test-fails.conf index 32fd0c0e1f..e9fda30214 100644 --- a/tests/test-fails.conf +++ b/tests/test-fails.conf @@ -1,30 +1,61 @@ -# server bad certificate alt name +# server bad certificate common name has null +# DG: Have not found a way to properly encode null in common name -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 --k ./certs/test/server-badaltnamenull.key --c ./certs/test/server-badaltnamenull.pem +-k ./certs/server-key.pem +-c ./certs/test/server-badcnnull.pem -d -# client bad certificate alt name +# client bad certificate common name has null -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 -h localhost --A ./certs/test/server-badaltnamenull.pem +-A ./certs/test/server-badcnnull.pem +-m +-x + +# server bad certificate alternate name has null +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-k ./certs/server-key.pem +-c ./certs/test/server-badaltnull.pem +-d + +# client bad certificate alternate name has null +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-h localhost +-A ./certs/test/server-badaltnull.pem -m -x # server nomatch common name -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 --k ./certs/test/server-nomatch.key --c ./certs/test/server-nomatch.pem +-k ./certs/server-key.pem +-c ./certs/test/server-badcn.pem -d # client nomatch common name -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 -h localhost --A ./certs/test/server-nomatch.pem +-A ./certs/test/server-badcn.pem +-m +-x + +# server nomatch alternate name +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-k ./certs/server-key.pem +-c ./certs/test/server-badaltname.pem +-d + +# client nomatch alternate name +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-h localhost +-A ./certs/test/server-badaltname.pem -m -x diff --git a/tests/test-psk.conf b/tests/test-psk.conf index 4086b3e93d..f4f11b2988 100644 --- a/tests/test-psk.conf +++ b/tests/test-psk.conf @@ -1,15 +1,7 @@ -# server - standard PSK +# server - PSK plus certificates -j -l PSK-CHACHA20-POLY1305 # client- standard PSK -s -l PSK-CHACHA20-POLY1305 - -# server --j --l ECDHE-RSA-AES256-GCM-SHA384:PSK-CHACHA20-POLY1305 - -# client --l ECDHE-RSA-AES256-GCM-SHA384:PSK-CHACHA20-POLY1305 - diff --git a/tests/test.conf b/tests/test.conf index 18cb942e5c..2bee587aee 100644 --- a/tests/test.conf +++ b/tests/test.conf @@ -2246,3 +2246,63 @@ -D certs/dh3072.pem -c certs/client-cert-3072.pem -k certs/client-key-3072.pem + +# server good certificate common name +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-k ./certs/server-key.pem +-c ./certs/test/server-goodcn.pem +-d + +# client good certificate common name +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-h localhost +-A ./certs/test/server-goodcn.pem +-m +-C + +# server good certificate alt name +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-k ./certs/server-key.pem +-c ./certs/test/server-goodalt.pem +-d + +# client good certificate alt name +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-h localhost +-A ./certs/test/server-goodalt.pem +-m +-C + +# server good certificate common name wild +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-k ./certs/server-key.pem +-c ./certs/test/server-goodcnwild.pem +-d + +# client good certificate common name wild +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-h localhost +-A ./certs/test/server-goodcnwild.pem +-m +-C + +# server good certificate alt name wild +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-k ./certs/server-key.pem +-c ./certs/test/server-goodaltwild.pem +-d + +# client good certificate alt name wild +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-h localhost +-A ./certs/test/server-goodaltwild.pem +-m +-C diff --git a/tests/unit.c b/tests/unit.c index 0f1e09adba..aef46d9e4b 100644 --- a/tests/unit.c +++ b/tests/unit.c @@ -71,11 +71,13 @@ int unit_test(int argc, char** argv) goto exit; } +#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) #ifndef SINGLE_THREADED if ( (ret = SuiteTest()) != 0){ printf("suite test failed with %d\n", ret); goto exit; } +#endif #endif SrpTest(); diff --git a/wolfcrypt/src/asm.c b/wolfcrypt/src/asm.c index c409230ecc..91726dd9ad 100644 --- a/wolfcrypt/src/asm.c +++ b/wolfcrypt/src/asm.c @@ -81,17 +81,27 @@ static word32 cpuid_check = 0 ; static word32 cpuid_flags = 0 ; static word32 cpuid_flag(word32 leaf, word32 sub, word32 num, word32 bit) { - int got_intel_cpu=0; + int got_intel_cpu = 0; + int got_amd_cpu = 0; unsigned int reg[5]; reg[4] = '\0' ; cpuid(reg, 0, 0); - if(memcmp((char *)&(reg[EBX]), "Genu", 4) == 0 && - memcmp((char *)&(reg[EDX]), "ineI", 4) == 0 && - memcmp((char *)&(reg[ECX]), "ntel", 4) == 0) { + + /* check for intel cpu */ + if( memcmp((char *)&(reg[EBX]), "Genu", 4) == 0 && + memcmp((char *)&(reg[EDX]), "ineI", 4) == 0 && + memcmp((char *)&(reg[ECX]), "ntel", 4) == 0) { got_intel_cpu = 1; } - if (got_intel_cpu) { + + /* check for AMD cpu */ + if( memcmp((char *)&(reg[EBX]), "Auth", 4) == 0 && + memcmp((char *)&(reg[EDX]), "enti", 4) == 0 && + memcmp((char *)&(reg[ECX]), "cAMD", 4) == 0) { + got_amd_cpu = 1; + } + if (got_intel_cpu || got_amd_cpu) { cpuid(reg, leaf, sub); return((reg[num]>>bit)&0x1) ; } diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c old mode 100755 new mode 100644 index b8eb7b8645..3c74d2f656 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -4203,9 +4203,10 @@ static int GetName(DecodedCert* cert, int nameType) XFREE(emailName, cert->heap, DYNAMIC_TYPE_ALTNAME); return MEMORY_E; } + emailName->len = adv; XMEMCPY(emailName->name, &cert->source[cert->srcIdx], adv); - emailName->name[adv] = 0; + emailName->name[adv] = '\0'; emailName->next = cert->altEmailNames; cert->altEmailNames = emailName; @@ -5547,7 +5548,7 @@ static int ConfirmNameConstraints(Signer* signer, DecodedCert* cert) DNS_entry* name = cert->altNames; while (name != NULL) { if (MatchBaseName(ASN_DNS_TYPE, - name->name, (int)XSTRLEN(name->name), + name->name, name->len, base->name, base->nameSz)) { return 0; } @@ -5560,7 +5561,7 @@ static int ConfirmNameConstraints(Signer* signer, DecodedCert* cert) DNS_entry* name = cert->altEmailNames; while (name != NULL) { if (MatchBaseName(ASN_RFC822_TYPE, - name->name, (int)XSTRLEN(name->name), + name->name, name->len, base->name, base->nameSz)) { return 0; } @@ -5604,7 +5605,7 @@ static int ConfirmNameConstraints(Signer* signer, DecodedCert* cert) while (name != NULL) { matchDns = MatchBaseName(ASN_DNS_TYPE, - name->name, (int)XSTRLEN(name->name), + name->name, name->len, base->name, base->nameSz); name = name->next; } @@ -5619,7 +5620,7 @@ static int ConfirmNameConstraints(Signer* signer, DecodedCert* cert) while (name != NULL) { matchEmail = MatchBaseName(ASN_DNS_TYPE, - name->name, (int)XSTRLEN(name->name), + name->name, name->len, base->name, base->nameSz); name = name->next; } @@ -5700,7 +5701,7 @@ static int DecodeAltNames(byte* input, int sz, DecodedCert* cert) XFREE(dnsEntry, cert->heap, DYNAMIC_TYPE_ALTNAME); return MEMORY_E; } - + dnsEntry->len = strLen; XMEMCPY(dnsEntry->name, &input[idx], strLen); dnsEntry->name[strLen] = '\0'; @@ -5737,7 +5738,7 @@ static int DecodeAltNames(byte* input, int sz, DecodedCert* cert) XFREE(emailEntry, cert->heap, DYNAMIC_TYPE_ALTNAME); return MEMORY_E; } - + emailEntry->len = strLen; XMEMCPY(emailEntry->name, &input[idx], strLen); emailEntry->name[strLen] = '\0'; @@ -5808,7 +5809,7 @@ static int DecodeAltNames(byte* input, int sz, DecodedCert* cert) XFREE(uriEntry, cert->heap, DYNAMIC_TYPE_ALTNAME); return MEMORY_E; } - + uriEntry->len = strLen; XMEMCPY(uriEntry->name, &input[idx], strLen); uriEntry->name[strLen] = '\0'; @@ -10884,8 +10885,11 @@ static int SignCert(int requestSz, int sType, byte* buffer, word32 buffSz, sigSz = MakeSignature(certSignCtx, buffer, requestSz, certSignCtx->sig, MAX_ENCODED_SIG_SZ, rsaKey, eccKey, ed25519Key, rng, sType, heap); - if (sigSz == WC_PENDING_E) + if (sigSz == WC_PENDING_E) { + /* Not free'ing certSignCtx->sig here because it could still be in use + * with async operations. */ return sigSz; + } if (sigSz >= 0) { if (requestSz + MAX_SEQ_SZ * 2 + sigSz > (int)buffSz) diff --git a/wolfcrypt/src/cpuid.c b/wolfcrypt/src/cpuid.c index 6fc30979a9..81f9ab389a 100644 --- a/wolfcrypt/src/cpuid.c +++ b/wolfcrypt/src/cpuid.c @@ -60,16 +60,26 @@ static word32 cpuid_flag(word32 leaf, word32 sub, word32 num, word32 bit) { int got_intel_cpu = 0; + int got_amd_cpu = 0; unsigned int reg[5]; - reg[4] = '\0'; cpuid(reg, 0, 0); + + /* check for Intel cpu */ if (XMEMCMP((char *)&(reg[EBX]), "Genu", 4) == 0 && XMEMCMP((char *)&(reg[EDX]), "ineI", 4) == 0 && XMEMCMP((char *)&(reg[ECX]), "ntel", 4) == 0) { got_intel_cpu = 1; } - if (got_intel_cpu) { + + /* check for AMD cpu */ + if (XMEMCMP((char *)&(reg[EBX]), "Auth", 4) == 0 && + XMEMCMP((char *)&(reg[EDX]), "enti", 4) == 0 && + XMEMCMP((char *)&(reg[ECX]), "cAMD", 4) == 0) { + got_amd_cpu = 1; + } + + if (got_intel_cpu || got_amd_cpu) { cpuid(reg, leaf, sub); return ((reg[num] >> bit) & 0x1); } @@ -98,4 +108,3 @@ return cpuid_flags; } #endif - diff --git a/wolfcrypt/src/cryptodev.c b/wolfcrypt/src/cryptodev.c new file mode 100644 index 0000000000..80179e0e13 --- /dev/null +++ b/wolfcrypt/src/cryptodev.c @@ -0,0 +1,207 @@ +/* cryptodev.c + * + * Copyright (C) 2006-2018 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +/* This framework provides a central place for crypto hardware integration + using the devId scheme. If not supported return `NOT_COMPILED_IN`. */ + +#ifdef HAVE_CONFIG_H + #include +#endif + +#include + +#ifdef WOLF_CRYPTO_DEV + +#include +#include +#include + + +/* TODO: Consider linked list with mutex */ +#ifndef MAX_CRYPTO_DEVICES +#define MAX_CRYPTO_DEVICES 8 +#endif + +typedef struct CryptoDev { + int devId; + CryptoDevCallbackFunc cb; + void* ctx; +} CryptoDev; +static CryptoDev gCryptoDev[MAX_CRYPTO_DEVICES]; + +static CryptoDev* wc_CryptoDev_FindDevice(int devId) +{ + int i; + for (i=0; idevId = devId; + dev->cb = cb; + dev->ctx = ctx; + + return 0; +} + +void wc_CryptoDev_UnRegisterDevice(int devId) +{ + CryptoDev* dev = wc_CryptoDev_FindDevice(devId); + if (dev) { + XMEMSET(dev, 0, sizeof(*dev)); + dev->devId = INVALID_DEVID; + } +} + +#ifndef NO_RSA +int wc_CryptoDev_Rsa(const byte* in, word32 inLen, byte* out, + word32* outLen, int type, RsaKey* key, WC_RNG* rng) +{ + int ret = NOT_COMPILED_IN; + CryptoDev* dev; + + /* locate registered callback */ + dev = wc_CryptoDev_FindDevice(key->devId); + if (dev) { + if (dev->cb) { + wc_CryptoInfo cryptoInfo; + XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo)); + cryptoInfo.algo_type = WC_ALGO_TYPE_PK; + cryptoInfo.pk.type = WC_PK_TYPE_RSA; + cryptoInfo.pk.rsa.in = in; + cryptoInfo.pk.rsa.inLen = inLen; + cryptoInfo.pk.rsa.out = out; + cryptoInfo.pk.rsa.outLen = outLen; + cryptoInfo.pk.rsa.type = type; + cryptoInfo.pk.rsa.key = key; + cryptoInfo.pk.rsa.rng = rng; + + ret = dev->cb(key->devId, &cryptoInfo, dev->ctx); + } + } + + return ret; +} +#endif /* !NO_RSA */ + +#ifdef HAVE_ECC +int wc_CryptoDev_Ecdh(ecc_key* private_key, ecc_key* public_key, + byte* out, word32* outlen) +{ + int ret = NOT_COMPILED_IN; + CryptoDev* dev; + + /* locate registered callback */ + dev = wc_CryptoDev_FindDevice(private_key->devId); + if (dev) { + if (dev->cb) { + wc_CryptoInfo cryptoInfo; + XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo)); + cryptoInfo.algo_type = WC_ALGO_TYPE_PK; + cryptoInfo.pk.type = WC_PK_TYPE_ECDH; + cryptoInfo.pk.ecdh.private_key = private_key; + cryptoInfo.pk.ecdh.public_key = public_key; + cryptoInfo.pk.ecdh.out = out; + cryptoInfo.pk.ecdh.outlen = outlen; + + ret = dev->cb(private_key->devId, &cryptoInfo, dev->ctx); + } + } + + return ret; +} + +int wc_CryptoDev_EccSign(const byte* in, word32 inlen, byte* out, + word32 *outlen, WC_RNG* rng, ecc_key* key) +{ + int ret = NOT_COMPILED_IN; + CryptoDev* dev; + + /* locate registered callback */ + dev = wc_CryptoDev_FindDevice(key->devId); + if (dev) { + if (dev->cb) { + wc_CryptoInfo cryptoInfo; + XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo)); + cryptoInfo.algo_type = WC_ALGO_TYPE_PK; + cryptoInfo.pk.type = WC_PK_TYPE_ECDSA_SIGN; + cryptoInfo.pk.eccsign.in = in; + cryptoInfo.pk.eccsign.inlen = inlen; + cryptoInfo.pk.eccsign.out = out; + cryptoInfo.pk.eccsign.outlen = outlen; + cryptoInfo.pk.eccsign.rng = rng; + cryptoInfo.pk.eccsign.key = key; + + ret = dev->cb(key->devId, &cryptoInfo, dev->ctx); + } + } + + return ret; +} + +int wc_CryptoDev_EccVerify(const byte* sig, word32 siglen, + const byte* hash, word32 hashlen, int* res, ecc_key* key) +{ + int ret = NOT_COMPILED_IN; + CryptoDev* dev; + + /* locate registered callback */ + dev = wc_CryptoDev_FindDevice(key->devId); + if (dev) { + if (dev->cb) { + wc_CryptoInfo cryptoInfo; + XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo)); + cryptoInfo.algo_type = WC_ALGO_TYPE_PK; + cryptoInfo.pk.type = WC_PK_TYPE_ECDSA_VERIFY; + cryptoInfo.pk.eccverify.sig = sig; + cryptoInfo.pk.eccverify.siglen = siglen; + cryptoInfo.pk.eccverify.hash = hash; + cryptoInfo.pk.eccverify.hashlen = hashlen; + cryptoInfo.pk.eccverify.res = res; + cryptoInfo.pk.eccverify.key = key; + + ret = dev->cb(key->devId, &cryptoInfo, dev->ctx); + } + } + + return ret; +} +#endif /* HAVE_ECC */ + +#endif /* WOLF_CRYPTO_DEV */ diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c old mode 100755 new mode 100644 index 9801a51c56..8daa52e639 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -122,6 +122,10 @@ ECC Curve Sizes: #include #endif +#ifdef WOLF_CRYPTO_DEV + #include +#endif + #ifdef NO_INLINE #include #else @@ -2793,6 +2797,14 @@ int wc_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out, return BAD_FUNC_ARG; } +#ifdef WOLF_CRYPTO_DEV + if (private_key->devId != INVALID_DEVID) { + err = wc_CryptoDev_Ecdh(private_key, public_key, out, outlen); + if (err != NOT_COMPILED_IN) + return err; + } +#endif + /* type valid? */ if (private_key->type != ECC_PRIVATEKEY && private_key->type != ECC_PRIVATEKEY_ONLY) { @@ -3127,12 +3139,6 @@ static int wc_ecc_gen_k(WC_RNG* rng, int size, mp_int* k, mp_int* order) if (err == 0) err = mp_read_unsigned_bin(k, (byte*)buf, size); - /* quick sanity check to make sure we're not dealing with a 0 key */ - if (err == MP_OKAY) { - if (mp_iszero(k) == MP_YES) - err = MP_ZERO_E; - } - /* the key should be smaller than the order of base point */ if (err == MP_OKAY) { if (mp_cmp(k, order) != MP_LT) { @@ -3140,6 +3146,12 @@ static int wc_ecc_gen_k(WC_RNG* rng, int size, mp_int* k, mp_int* order) } } + /* quick sanity check to make sure we're not dealing with a 0 key */ + if (err == MP_OKAY) { + if (mp_iszero(k) == MP_YES) + err = MP_ZERO_E; + } + ForceZero(buf, ECC_MAXSIZE); #ifdef WOLFSSL_SMALL_STACK XFREE(buf, NULL, DYNAMIC_TYPE_ECC_BUFFER); @@ -3279,6 +3291,8 @@ static int wc_ecc_make_pub_ex(ecc_key* key, ecc_curve_spec* curveIn, wc_ecc_curve_free(curve); } +#else + (void)curveIn; #endif /* WOLFSSL_ATECC508A */ /* change key state if public part is cached */ @@ -3355,7 +3369,7 @@ int wc_ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key, int curve_id) /* populate key->pubkey */ err = mp_read_unsigned_bin(key->pubkey.x, key->pubkey_raw, ECC_MAX_CRYPTO_HW_SIZE); - if (err = MP_OKAY) + if (err == MP_OKAY) err = mp_read_unsigned_bin(key->pubkey.y, key->pubkey_raw + ECC_MAX_CRYPTO_HW_SIZE, ECC_MAX_CRYPTO_HW_SIZE); @@ -3495,8 +3509,10 @@ int wc_ecc_init_ex(ecc_key* key, void* heap, int devId) XMEMSET(key, 0, sizeof(ecc_key)); key->state = ECC_STATE_NONE; -#ifdef PLUTON_CRYPTO_ECC +#if defined(PLUTON_CRYPTO_ECC) || defined(WOLF_CRYPTO_DEV) key->devId = devId; +#else + (void)devId; #endif #ifdef WOLFSSL_ATECC508A @@ -3532,8 +3548,6 @@ int wc_ecc_init_ex(ecc_key* key, void* heap, int devId) /* handle as async */ ret = wolfAsync_DevCtxInit(&key->asyncDev, WOLFSSL_ASYNC_MARKER_ECC, key->heap, devId); -#else - (void)devId; #endif return ret; @@ -3568,7 +3582,7 @@ static int wc_ecc_sign_hash_hw(const byte* in, word32 inlen, if (key->devId != INVALID_DEVID) /* use hardware */ #endif { - int keysize = key->dp->size; + word32 keysize = (word32)key->dp->size; /* Check args */ if (keysize > ECC_MAX_CRYPTO_HW_SIZE || inlen != keysize || @@ -3613,6 +3627,7 @@ static int wc_ecc_sign_hash_hw(const byte* in, word32 inlen, err = wc_ecc_sign_hash_ex(in, inlen, rng, key, r, s); } #endif + (void)rng; return err; } @@ -3641,6 +3656,14 @@ int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen, return ECC_BAD_ARG_E; } +#ifdef WOLF_CRYPTO_DEV + if (key->devId != INVALID_DEVID) { + err = wc_CryptoDev_EccSign(in, inlen, out, outlen, rng, key); + if (err != NOT_COMPILED_IN) + return err; + } +#endif + #ifdef WOLFSSL_ASYNC_CRYPT err = wc_ecc_alloc_async(key); if (err != 0) @@ -3904,20 +3927,40 @@ int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, WC_RNG* rng, /* don't use async for key, since we don't support async return here */ if ((err = wc_ecc_init_ex(&pubkey, key->heap, INVALID_DEVID)) == MP_OKAY) { + mp_int b; + + if (err == MP_OKAY) { + err = mp_init(&b); + } + #ifdef WOLFSSL_CUSTOM_CURVES /* if custom curve, apply params to pubkey */ - if (key->idx == ECC_CUSTOM_IDX) { + if (err == MP_OKAY && key->idx == ECC_CUSTOM_IDX) { err = wc_ecc_set_custom_curve(&pubkey, key->dp); } #endif + if (err == MP_OKAY) { + /* Generate blinding value - non-zero value. */ + do { + if (++loop_check > 64) { + err = RNG_FAILURE_E; + break; + } + + err = wc_ecc_gen_k(rng, key->dp->size, &b, curve->order); + } + while (err == MP_ZERO_E); + loop_check = 0; + } + for (; err == MP_OKAY;) { if (++loop_check > 64) { err = RNG_FAILURE_E; break; } err = wc_ecc_make_key_ex(rng, key->dp->size, &pubkey, - key->dp->id); + key->dp->id); if (err != MP_OKAY) break; /* find r = x1 mod n */ @@ -3933,30 +3976,50 @@ int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, WC_RNG* rng, mp_forcezero(&pubkey.k); } else { - /* find s = (e + xr)/k */ + /* find s = (e + xr)/k + = b.(e/k.b + x.r/k.b) */ + + /* k = k.b */ + err = mp_mulmod(&pubkey.k, &b, curve->order, &pubkey.k); + if (err != MP_OKAY) break; + + /* k = 1/k.b */ err = mp_invmod(&pubkey.k, curve->order, &pubkey.k); if (err != MP_OKAY) break; - /* s = xr */ + /* s = x.r */ err = mp_mulmod(&key->k, r, curve->order, s); if (err != MP_OKAY) break; - /* s = e + xr */ + /* s = x.r/k.b */ + err = mp_mulmod(&pubkey.k, s, curve->order, s); + if (err != MP_OKAY) break; + + /* e = e/k.b */ + err = mp_mulmod(&pubkey.k, e, curve->order, e); + if (err != MP_OKAY) break; + + /* s = e/k.b + x.r/k.b + = (e + x.r)/k.b */ err = mp_add(e, s, s); if (err != MP_OKAY) break; - /* s = e + xr */ - err = mp_mod(s, curve->order, s); + /* s = b.(e + x.r)/k.b + = (e + x.r)/k */ + err = mp_mulmod(s, &b, curve->order, s); if (err != MP_OKAY) break; /* s = (e + xr)/k */ - err = mp_mulmod(s, &pubkey.k, curve->order, s); + err = mp_mod(s, curve->order, s); + if (err != MP_OKAY) break; if (mp_iszero(s) == MP_NO) break; } } wc_ecc_free(&pubkey); + mp_clear(&b); + mp_free(&b); } } @@ -4028,7 +4091,7 @@ int wc_ecc_free(ecc_key* key) return 0; } -#ifndef WOLFSSL_SP_MATH +#if !defined(WOLFSSL_SP_MATH) && !defined(WOLFSSL_ATECC508A) #ifdef ECC_SHAMIR /** Computes kA*A + kB*B = C using Shamir's Trick @@ -4253,7 +4316,7 @@ int ecc_mul2add(ecc_point* A, mp_int* kA, } #endif /* ECC_SHAMIR */ -#endif +#endif /* !WOLFSSL_SP_MATH && !WOLFSSL_ATECC508A */ #ifdef HAVE_ECC_VERIFY @@ -4291,6 +4354,14 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash, return ECC_BAD_ARG_E; } +#ifdef WOLF_CRYPTO_DEV + if (key->devId != INVALID_DEVID) { + err = wc_CryptoDev_EccVerify(sig, siglen, hash, hashlen, res, key); + if (err != NOT_COMPILED_IN) + return err; + } +#endif + #ifdef WOLFSSL_ASYNC_CRYPT err = wc_ecc_alloc_async(key); if (err != 0) @@ -4325,6 +4396,13 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash, key->state = ECC_STATE_VERIFY_DO; err = wc_ecc_verify_hash_ex(r, s, hash, hashlen, res, key); + + #ifndef WOLFSSL_ASYNC_CRYPT + /* done with R/S */ + mp_clear(r); + mp_clear(s); + #endif + if (err < 0) { break; } @@ -4333,10 +4411,6 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash, case ECC_STATE_VERIFY_RES: key->state = ECC_STATE_VERIFY_RES; err = 0; - - /* done with R/S */ - mp_clear(r); - mp_clear(s); break; default: @@ -4431,7 +4505,8 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash, err = atcatls_verify(hash, sigRS, key->pubkey_raw, (bool*)res); if (err != ATCA_SUCCESS) { return BAD_COND_E; - } + } + (void)hashlen; #else @@ -4664,12 +4739,12 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash, #endif /* HAVE_ECC_VERIFY */ #ifdef HAVE_ECC_KEY_IMPORT -#ifndef WOLFSSL_ATECC508A /* import point from der */ int wc_ecc_import_point_der(byte* in, word32 inLen, const int curve_idx, ecc_point* point) { int err = 0; +#ifndef WOLFSSL_ATECC508A int compressed = 0; int keysize; byte pointType; @@ -4800,9 +4875,16 @@ int wc_ecc_import_point_der(byte* in, word32 inLen, const int curve_idx, mp_clear(point->z); } +#else + err = NOT_COMPILED_IN; + (void)in; + (void)inLen; + (void)curve_idx; + (void)point; +#endif /* !WOLFSSL_ATECC508A */ + return err; } -#endif /* !WOLFSSL_ATECC508A */ #endif /* HAVE_ECC_KEY_IMPORT */ #ifdef HAVE_ECC_KEY_EXPORT @@ -5835,6 +5917,8 @@ static int wc_ecc_import_raw_private(ecc_key* key, const char* qx, #ifdef WOLFSSL_ATECC508A /* TODO: Implement equiv call to ATECC508A */ err = BAD_COND_E; + (void)d; + (void)encType; #else diff --git a/wolfcrypt/src/include.am b/wolfcrypt/src/include.am index 315388e125..cf181f82fe 100644 --- a/wolfcrypt/src/include.am +++ b/wolfcrypt/src/include.am @@ -63,6 +63,10 @@ EXTRA_DIST += wolfcrypt/src/port/ti/ti-aes.c \ wolfcrypt/src/port/caam/caam_doc.pdf \ wolfcrypt/src/port/st/stm32.c +if BUILD_CRYPTODEV +src_libwolfssl_la_SOURCES += wolfcrypt/src/cryptodev.c +endif + if BUILD_CAVIUM src_libwolfssl_la_SOURCES += wolfcrypt/src/port/cavium/cavium_nitrox.c diff --git a/wolfcrypt/src/logging.c b/wolfcrypt/src/logging.c index 0fdab26542..cc7d1545ce 100644 --- a/wolfcrypt/src/logging.c +++ b/wolfcrypt/src/logging.c @@ -711,7 +711,7 @@ int wc_ERR_remove_state(void) #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) /* empties out the error queue into the file */ -void wc_ERR_print_errors_fp(FILE* fp) +void wc_ERR_print_errors_fp(XFILE fp) { WOLFSSL_ENTER("wc_ERR_print_errors_fp"); diff --git a/wolfcrypt/src/misc.c b/wolfcrypt/src/misc.c index 8cfe780aea..f5017e356c 100644 --- a/wolfcrypt/src/misc.c +++ b/wolfcrypt/src/misc.c @@ -311,6 +311,48 @@ STATIC INLINE word32 btoi(byte b) } +/* Constant time - mask set when a > b. */ +STATIC INLINE byte ctMaskGT(int a, int b) +{ + return (((word32)a - b - 1) >> 31) - 1; +} + +/* Constant time - mask set when a >= b. */ +STATIC INLINE byte ctMaskGTE(int a, int b) +{ + return (((word32)a - b ) >> 31) - 1; +} + +/* Constant time - mask set when a < b. */ +STATIC INLINE byte ctMaskLT(int a, int b) +{ + return (((word32)b - a - 1) >> 31) - 1; +} + +/* Constant time - mask set when a <= b. */ +STATIC INLINE byte ctMaskLTE(int a, int b) +{ + return (((word32)b - a ) >> 31) - 1; +} + +/* Constant time - mask set when a == b. */ +STATIC INLINE byte ctMaskEq(int a, int b) +{ + return 0 - (a == b); +} + +/* Constant time - select b when mask is set and a otherwise. */ +STATIC INLINE byte ctMaskSel(byte m, byte a, byte b) +{ + return (a & ~m) | (b & m); +} + +/* Constant time - bit set when a <= b. */ +STATIC INLINE byte ctSetLTE(int a, int b) +{ + return ((word32)a - b - 1) >> 31; +} + #undef STATIC diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c index 807d90e00f..23072bab1e 100644 --- a/wolfcrypt/src/pkcs7.c +++ b/wolfcrypt/src/pkcs7.c @@ -247,8 +247,8 @@ int wc_PKCS7_Init(PKCS7* pkcs7, void* heap, int devId) XMEMSET(pkcs7, 0, sizeof(PKCS7)); pkcs7->heap = heap; + pkcs7->devId = devId; - (void)devId; /* silence unused warning */ return 0; } @@ -259,7 +259,7 @@ int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* cert, word32 certSz) { int ret = 0; void* heap; - + int devId; if (pkcs7 == NULL || (cert == NULL && certSz != 0)) { return BAD_FUNC_ARG; @@ -270,9 +270,11 @@ int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* cert, word32 certSz) #else heap = pkcs7->heap; #endif + devId = pkcs7->devId; XMEMSET(pkcs7, 0, sizeof(PKCS7)); pkcs7->heap = heap; + pkcs7->devId = devId; if (cert != NULL && certSz > 0) { #ifdef WOLFSSL_SMALL_STACK @@ -590,9 +592,9 @@ static int wc_PKCS7_RsaSign(PKCS7* pkcs7, byte* in, word32 inSz, ESD* esd) RsaKey* privKey = &stack_privKey; #endif - if (pkcs7 == NULL || pkcs7->privateKey == NULL || pkcs7->rng == NULL || - in == NULL || esd == NULL) + if (pkcs7 == NULL || pkcs7->rng == NULL || in == NULL || esd == NULL) { return BAD_FUNC_ARG; + } #ifdef WOLFSSL_SMALL_STACK privKey = (RsaKey*)XMALLOC(sizeof(RsaKey), NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -600,14 +602,17 @@ static int wc_PKCS7_RsaSign(PKCS7* pkcs7, byte* in, word32 inSz, ESD* esd) return MEMORY_E; #endif - ret = wc_InitRsaKey(privKey, pkcs7->heap); - + ret = wc_InitRsaKey_ex(privKey, pkcs7->heap, pkcs7->devId); if (ret == 0) { - idx = 0; - ret = wc_RsaPrivateKeyDecode(pkcs7->privateKey, &idx, privKey, - pkcs7->privateKeySz); + if (pkcs7->privateKey != NULL && pkcs7->privateKeySz > 0) { + idx = 0; + ret = wc_RsaPrivateKeyDecode(pkcs7->privateKey, &idx, privKey, + pkcs7->privateKeySz); + } + else if (pkcs7->devId == INVALID_DEVID) { + ret = BAD_FUNC_ARG; + } } - if (ret == 0) { ret = wc_RsaSSL_Sign(in, inSz, esd->encContentDigest, sizeof(esd->encContentDigest), @@ -639,9 +644,9 @@ static int wc_PKCS7_EcdsaSign(PKCS7* pkcs7, byte* in, word32 inSz, ESD* esd) ecc_key* privKey = &stack_privKey; #endif - if (pkcs7 == NULL || pkcs7->privateKey == NULL || pkcs7->rng == NULL || - in == NULL || esd == NULL) + if (pkcs7 == NULL || pkcs7->rng == NULL || in == NULL || esd == NULL) { return BAD_FUNC_ARG; + } #ifdef WOLFSSL_SMALL_STACK privKey = (ecc_key*)XMALLOC(sizeof(ecc_key), NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -649,14 +654,17 @@ static int wc_PKCS7_EcdsaSign(PKCS7* pkcs7, byte* in, word32 inSz, ESD* esd) return MEMORY_E; #endif - ret = wc_ecc_init_ex(privKey, pkcs7->heap, INVALID_DEVID); - + ret = wc_ecc_init_ex(privKey, pkcs7->heap, pkcs7->devId); if (ret == 0) { - idx = 0; - ret = wc_EccPrivateKeyDecode(pkcs7->privateKey, &idx, privKey, - pkcs7->privateKeySz); + if (pkcs7->privateKey != NULL && pkcs7->privateKeySz > 0) { + idx = 0; + ret = wc_EccPrivateKeyDecode(pkcs7->privateKey, &idx, privKey, + pkcs7->privateKeySz); + } + else if (pkcs7->devId == INVALID_DEVID) { + ret = BAD_FUNC_ARG; + } } - if (ret == 0) { outSz = sizeof(esd->encContentDigest); ret = wc_ecc_sign_hash(in, inSz, esd->encContentDigest, @@ -1033,9 +1041,9 @@ int wc_PKCS7_EncodeSignedData(PKCS7* pkcs7, byte* output, word32 outputSz) if (pkcs7 == NULL || pkcs7->content == NULL || pkcs7->contentSz == 0 || pkcs7->encryptOID == 0 || pkcs7->hashOID == 0 || pkcs7->rng == 0 || pkcs7->singleCert == NULL || pkcs7->singleCertSz == 0 || - pkcs7->privateKey == NULL || pkcs7->privateKeySz == 0 || - output == NULL || outputSz == 0) + output == NULL || outputSz == 0) { return BAD_FUNC_ARG; + } #ifdef WOLFSSL_SMALL_STACK esd = (ESD*)XMALLOC(sizeof(ESD), NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -1309,7 +1317,7 @@ static int wc_PKCS7_RsaVerify(PKCS7* pkcs7, byte* sig, int sigSz, XMEMSET(digest, 0, MAX_PKCS7_DIGEST_SZ); - ret = wc_InitRsaKey(key, pkcs7->heap); + ret = wc_InitRsaKey_ex(key, pkcs7->heap, pkcs7->devId); if (ret != 0) { #ifdef WOLFSSL_SMALL_STACK XFREE(digest, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -1321,6 +1329,7 @@ static int wc_PKCS7_RsaVerify(PKCS7* pkcs7, byte* sig, int sigSz, if (wc_RsaPublicKeyDecode(pkcs7->publicKey, &scratch, key, pkcs7->publicKeySz) < 0) { WOLFSSL_MSG("ASN RSA key decode error"); + wc_FreeRsaKey(key); #ifdef WOLFSSL_SMALL_STACK XFREE(digest, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -1384,7 +1393,7 @@ static int wc_PKCS7_EcdsaVerify(PKCS7* pkcs7, byte* sig, int sigSz, XMEMSET(digest, 0, MAX_PKCS7_DIGEST_SZ); - ret = wc_ecc_init_ex(key, pkcs7->heap, INVALID_DEVID); + ret = wc_ecc_init_ex(key, pkcs7->heap, pkcs7->devId); if (ret != 0) { #ifdef WOLFSSL_SMALL_STACK XFREE(digest, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -1396,6 +1405,7 @@ static int wc_PKCS7_EcdsaVerify(PKCS7* pkcs7, byte* sig, int sigSz, if (wc_EccPublicKeyDecode(pkcs7->publicKey, &idx, key, pkcs7->publicKeySz) < 0) { WOLFSSL_MSG("ASN ECDSA key decode error"); + wc_ecc_free(key); #ifdef WOLFSSL_SMALL_STACK XFREE(digest, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -1854,7 +1864,6 @@ int wc_PKCS7_VerifySignedData(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz) pkcs7->der = (byte*)XMALLOC(len, pkcs7->heap, DYNAMIC_TYPE_PKCS7); if (pkcs7->der == NULL) return MEMORY_E; - len = 0; ret = wc_BerToDer(pkiMsg, pkiMsgSz, pkcs7->der, &len); if (ret < 0) return ret; @@ -2124,6 +2133,7 @@ int wc_PKCS7_VerifySignedData(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz) typedef struct WC_PKCS7_KARI { DecodedCert* decoded; /* decoded recip cert */ void* heap; /* user heap, points to PKCS7->heap */ + int devId; /* device ID for HW based private key */ ecc_key* recipKey; /* recip key (pub | priv) */ ecc_key* senderKey; /* sender key (pub | priv) */ byte* senderKeyExport; /* sender ephemeral key DER */ @@ -2136,6 +2146,9 @@ typedef struct WC_PKCS7_KARI { word32 sharedInfoSz; /* size of ECC-CMS-SharedInfo encoded */ byte ukmOwner; /* do we own ukm buffer? 1:yes, 0:no */ byte direction; /* WC_PKCS7_ENCODE | WC_PKCS7_DECODE */ + byte decodedInit : 1; /* indicates decoded was initialized */ + byte recipKeyInit : 1; /* indicates recipKey was initialized */ + byte senderKeyInit : 1; /* indicates senderKey was initialized */ } WC_PKCS7_KARI; @@ -2247,8 +2260,12 @@ static WC_PKCS7_KARI* wc_PKCS7_KariNew(PKCS7* pkcs7, byte direction) kari->sharedInfo = NULL; kari->sharedInfoSz = 0; kari->direction = direction; + kari->decodedInit = 0; + kari->recipKeyInit = 0; + kari->senderKeyInit = 0; kari->heap = pkcs7->heap; + kari->devId = pkcs7->devId; return kari; } @@ -2263,15 +2280,18 @@ static int wc_PKCS7_KariFree(WC_PKCS7_KARI* kari) heap = kari->heap; if (kari->decoded) { - FreeDecodedCert(kari->decoded); + if (kari->decodedInit) + FreeDecodedCert(kari->decoded); XFREE(kari->decoded, heap, DYNAMIC_TYPE_PKCS7); } if (kari->senderKey) { - wc_ecc_free(kari->senderKey); + if (kari->senderKeyInit) + wc_ecc_free(kari->senderKey); XFREE(kari->senderKey, heap, DYNAMIC_TYPE_PKCS7); } if (kari->recipKey) { - wc_ecc_free(kari->recipKey); + if (kari->recipKeyInit) + wc_ecc_free(kari->recipKey); XFREE(kari->recipKey, heap, DYNAMIC_TYPE_PKCS7); } if (kari->senderKeyExport) { @@ -2317,12 +2337,9 @@ static int wc_PKCS7_KariParseRecipCert(WC_PKCS7_KARI* kari, const byte* cert, cert == NULL || certSz == 0) return BAD_FUNC_ARG; - if (kari->direction == WC_PKCS7_DECODE && - (key == NULL || keySz == 0)) - return BAD_FUNC_ARG; - /* decode certificate */ InitDecodedCert(kari->decoded, (byte*)cert, certSz, kari->heap); + kari->decodedInit = 1; ret = ParseCert(kari->decoded, CA_TYPE, NO_VERIFY, 0); if (ret < 0) return ret; @@ -2333,10 +2350,12 @@ static int wc_PKCS7_KariParseRecipCert(WC_PKCS7_KARI* kari, const byte* cert, return BAD_FUNC_ARG; } - ret = wc_ecc_init_ex(kari->recipKey, kari->heap, INVALID_DEVID); + ret = wc_ecc_init_ex(kari->recipKey, kari->heap, kari->devId); if (ret != 0) return ret; + kari->recipKeyInit = 1; + /* get recip public key */ if (kari->direction == WC_PKCS7_ENCODE) { @@ -2348,9 +2367,13 @@ static int wc_PKCS7_KariParseRecipCert(WC_PKCS7_KARI* kari, const byte* cert, } /* get recip private key */ else if (kari->direction == WC_PKCS7_DECODE) { - - idx = 0; - ret = wc_EccPrivateKeyDecode(key, &idx, kari->recipKey, keySz); + if (key != NULL && keySz > 0) { + idx = 0; + ret = wc_EccPrivateKeyDecode(key, &idx, kari->recipKey, keySz); + } + else if (kari->devId == INVALID_DEVID) { + ret = BAD_FUNC_ARG; + } if (ret != 0) return ret; @@ -2384,10 +2407,12 @@ static int wc_PKCS7_KariGenerateEphemeralKey(WC_PKCS7_KARI* kari, WC_RNG* rng) kari->senderKeyExportSz = kari->decoded->pubKeySize; - ret = wc_ecc_init_ex(kari->senderKey, kari->heap, INVALID_DEVID); + ret = wc_ecc_init_ex(kari->senderKey, kari->heap, kari->devId); if (ret != 0) return ret; + kari->senderKeyInit = 1; + ret = wc_ecc_make_key_ex(rng, kari->recipKey->dp->size, kari->senderKey, kari->recipKey->dp->id); if (ret != 0) @@ -2986,7 +3011,7 @@ static int wc_CreateRecipientInfo(const byte* cert, word32 certSz, #endif /* EncryptedKey */ - ret = wc_InitRsaKey(pubKey, 0); + ret = wc_InitRsaKey_ex(pubKey, heap, INVALID_DEVID); if (ret != 0) { FreeDecodedCert(decoded); #ifdef WOLFSSL_SMALL_STACK @@ -3250,7 +3275,7 @@ static int wc_PKCS7_GenerateIV(PKCS7* pkcs7, WC_RNG* rng, byte* iv, word32 ivSz) if (rnd == NULL) return MEMORY_E; - ret = wc_InitRng_ex(rnd, pkcs7->heap, INVALID_DEVID); + ret = wc_InitRng_ex(rnd, pkcs7->heap, pkcs7->devId); if (ret != 0) { XFREE(rnd, pkcs7->heap, DYNAMIC_TYPE_RNG); return ret; @@ -3384,7 +3409,7 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz) } /* generate random content encryption key */ - ret = wc_InitRng_ex(&rng, pkcs7->heap, INVALID_DEVID); + ret = wc_InitRng_ex(&rng, pkcs7->heap, pkcs7->devId); if (ret != 0) return ret; @@ -3712,7 +3737,7 @@ static int wc_PKCS7_DecodeKtri(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz, } #endif - ret = wc_InitRsaKey(privKey, 0); + ret = wc_InitRsaKey_ex(privKey, NULL, INVALID_DEVID); if (ret != 0) { #ifdef WOLFSSL_SMALL_STACK XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -3721,11 +3746,17 @@ static int wc_PKCS7_DecodeKtri(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz, return ret; } - keyIdx = 0; - ret = wc_RsaPrivateKeyDecode(pkcs7->privateKey, &keyIdx, privKey, - pkcs7->privateKeySz); + if (pkcs7->privateKey != NULL && pkcs7->privateKeySz > 0) { + keyIdx = 0; + ret = wc_RsaPrivateKeyDecode(pkcs7->privateKey, &keyIdx, privKey, + pkcs7->privateKeySz); + } + else if (pkcs7->devId == INVALID_DEVID) { + ret = BAD_FUNC_ARG; + } if (ret != 0) { WOLFSSL_MSG("Failed to decode RSA private key"); + wc_FreeRsaKey(privKey); #ifdef WOLFSSL_SMALL_STACK XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(privKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -3735,7 +3766,7 @@ static int wc_PKCS7_DecodeKtri(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz, /* decrypt encryptedKey */ #ifdef WC_RSA_BLINDING - ret = wc_InitRng_ex(&rng, pkcs7->heap, INVALID_DEVID); + ret = wc_InitRng_ex(&rng, pkcs7->heap, pkcs7->devId); if (ret == 0) { ret = wc_RsaSetRNG(privKey, &rng); } @@ -3823,10 +3854,12 @@ static int wc_PKCS7_KariGetOriginatorIdentifierOrKey(WC_PKCS7_KARI* kari, return ASN_EXPECT_0_E; /* get sender ephemeral public ECDSA key */ - ret = wc_ecc_init_ex(kari->senderKey, kari->heap, INVALID_DEVID); + ret = wc_ecc_init_ex(kari->senderKey, kari->heap, kari->devId); if (ret != 0) return ret; + kari->senderKeyInit = 1; + /* length-1 for unused bits counter */ ret = wc_ecc_import_x963(pkiMsg + (*idx), length - 1, kari->senderKey); if (ret != 0) @@ -4155,6 +4188,9 @@ static int wc_PKCS7_DecodeKari(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz, pkcs7->privateKeySz); if (ret != 0) { wc_PKCS7_KariFree(kari); + #ifdef WOLFSSL_SMALL_STACK + XFREE(encryptedKey, NULL, DYNAMIC_TYPE_PKCS7); + #endif return ret; } @@ -4380,8 +4416,7 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg, int explicitOctet; if (pkcs7 == NULL || pkcs7->singleCert == NULL || - pkcs7->singleCertSz == 0 || pkcs7->privateKey == NULL || - pkcs7->privateKeySz == 0) + pkcs7->singleCertSz == 0) return BAD_FUNC_ARG; if (pkiMsg == NULL || pkiMsgSz == 0 || @@ -5012,6 +5047,7 @@ int wc_PKCS7_DecodeEncryptedData(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz, /* go back and check the version now that attribs have been processed */ if ((haveAttribs == 0 && version != 0) || (haveAttribs == 1 && version != 2) ) { + XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7); WOLFSSL_MSG("Wrong PKCS#7 EncryptedData version"); return ASN_VERSION_E; } diff --git a/wolfcrypt/src/pwdbased.c b/wolfcrypt/src/pwdbased.c old mode 100755 new mode 100644 diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c index 92234de522..0a9bafbb73 100644 --- a/wolfcrypt/src/random.c +++ b/wolfcrypt/src/random.c @@ -1499,7 +1499,25 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) return 0; } +#elif defined(WOLFSSL_NUCLEUS) +#include "nucleus.h" +#include "kernel/plus_common.h" +#warning "potential for not enough entropy, currently being used for testing" +int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) +{ + int i; + srand(NU_Get_Time_Stamp()); + + for (i = 0; i < sz; i++ ) { + output[i] = rand() % 256; + if ((i % 8) == 7) { + srand(NU_Get_Time_Stamp()); + } + } + + return 0; +} #elif defined(WOLFSSL_VXWORKS) #include diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c index e44a7222de..a4a7adcb06 100644 --- a/wolfcrypt/src/rsa.c +++ b/wolfcrypt/src/rsa.c @@ -190,6 +190,9 @@ int wc_RsaFlattenPublicKey(RsaKey* key, byte* a, word32* aSz, byte* b, #include #include +#ifdef WOLF_CRYPTO_DEV + #include +#endif #ifdef NO_INLINE #include #else @@ -237,8 +240,6 @@ int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId) return BAD_FUNC_ARG; } - (void)devId; - XMEMSET(key, 0, sizeof(RsaKey)); key->type = RSA_TYPE_UNKNOWN; @@ -251,6 +252,12 @@ int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId) key->rng = NULL; #endif +#ifdef WOLF_CRYPTO_DEV + key->devId = devId; +#else + (void)devId; +#endif + #ifdef WOLFSSL_ASYNC_CRYPT #ifdef WOLFSSL_CERT_GEN XMEMSET(&key->certSignCtx, 0, sizeof(CertSignCtx)); @@ -263,8 +270,6 @@ int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId) if (ret != 0) return ret; #endif /* WC_ASYNC_ENABLE_RSA */ -#else - (void)devId; #endif /* WOLFSSL_ASYNC_CRYPT */ ret = mp_init_multi(&key->n, &key->e, NULL, NULL, NULL, NULL); @@ -1512,7 +1517,7 @@ static int wc_RsaFunctionAsync(const byte* in, word32 inLen, byte* out, } #endif /* WOLFSSL_ASYNC_CRYPT && WC_ASYNC_ENABLE_RSA */ -#ifdef WC_RSA_NO_PADDING +#if defined(WC_RSA_DIRECT) || defined(WC_RSA_NO_PADDING) /* Function that does the RSA operation directly with no padding. * * in buffer to do operation on @@ -1606,7 +1611,7 @@ int wc_RsaDirect(byte* in, word32 inLen, byte* out, word32* outSz, return ret; } -#endif /* WC_RSA_NO_PADDING */ +#endif /* WC_RSA_DIRECT || WC_RSA_NO_PADDING */ int wc_RsaFunction(const byte* in, word32 inLen, byte* out, @@ -1619,6 +1624,15 @@ int wc_RsaFunction(const byte* in, word32 inLen, byte* out, return BAD_FUNC_ARG; } +#ifdef WOLF_CRYPTO_DEV + if (key->devId != INVALID_DEVID) { + ret = wc_CryptoDev_Rsa(in, inLen, out, outLen, type, key, rng); + if (ret != NOT_COMPILED_IN) + return ret; + ret = 0; /* reset error code and try using software */ + } +#endif + #ifndef NO_RSA_BOUNDS_CHECK if (type == RSA_PRIVATE_DECRYPT && key->state == RSA_STATE_DECRYPT_EXPTMOD) { @@ -2268,10 +2282,21 @@ int wc_RsaPSS_Sign_ex(const byte* in, word32 inLen, byte* out, word32 outLen, int wc_RsaEncryptSize(RsaKey* key) { + int ret; + if (key == NULL) { return BAD_FUNC_ARG; } - return mp_unsigned_bin_size(&key->n); + + ret = mp_unsigned_bin_size(&key->n); + +#ifdef WOLF_CRYPTO_DEV + if (ret == 0 && key->devId != INVALID_DEVID) { + ret = 2048/8; /* hardware handles, use 2048-bit as default */ + } +#endif + + return ret; } diff --git a/wolfcrypt/src/sha.c b/wolfcrypt/src/sha.c index 3a4a973763..d800e2d9b9 100644 --- a/wolfcrypt/src/sha.c +++ b/wolfcrypt/src/sha.c @@ -431,6 +431,26 @@ int wc_ShaUpdate(wc_Sha* sha, const byte* data, word32 len) return 0; } +int wc_ShaFinalRaw(wc_Sha* sha, byte* hash) +{ +#ifdef LITTLE_ENDIAN_ORDER + word32 digest[WC_SHA_DIGEST_SIZE / sizeof(word32)]; +#endif + + if (sha == NULL || hash == NULL) { + return BAD_FUNC_ARG; + } + +#ifdef LITTLE_ENDIAN_ORDER + ByteReverseWords((word32*)digest, (word32*)sha->digest, WC_SHA_DIGEST_SIZE); + XMEMCPY(hash, digest, WC_SHA_DIGEST_SIZE); +#else + XMEMCPY(hash, sha->digest, WC_SHA_DIGEST_SIZE); +#endif + + return 0; +} + int wc_ShaFinal(wc_Sha* sha, byte* hash) { byte* local; diff --git a/wolfcrypt/src/sha256.c b/wolfcrypt/src/sha256.c index 731e1605fd..bd234c4f0a 100644 --- a/wolfcrypt/src/sha256.c +++ b/wolfcrypt/src/sha256.c @@ -765,6 +765,27 @@ static int InitSha256(wc_Sha256* sha256) return XTRANSFORM(sha256); } + int wc_Sha256FinalRaw(wc_Sha256* sha256, byte* hash) + { + #ifdef LITTLE_ENDIAN_ORDER + word32 digest[WC_SHA256_DIGEST_SIZE / sizeof(word32)]; + #endif + + if (sha256 == NULL || hash == NULL) { + return BAD_FUNC_ARG; + } + + #ifdef LITTLE_ENDIAN_ORDER + ByteReverseWords((word32*)digest, (word32*)sha256->digest, + WC_SHA256_DIGEST_SIZE); + XMEMCPY(hash, digest, WC_SHA256_DIGEST_SIZE); + #else + XMEMCPY(hash, sha256->digest, WC_SHA256_DIGEST_SIZE); + #endif + + return 0; + } + int wc_Sha256Final(wc_Sha256* sha256, byte* hash) { int ret; diff --git a/wolfcrypt/src/sha512.c b/wolfcrypt/src/sha512.c index 9def455764..a39bd8379d 100644 --- a/wolfcrypt/src/sha512.c +++ b/wolfcrypt/src/sha512.c @@ -695,6 +695,27 @@ static INLINE int Sha512Final(wc_Sha512* sha512) return 0; } +int wc_Sha512FinalRaw(wc_Sha512* sha512, byte* hash) +{ +#ifdef LITTLE_ENDIAN_ORDER + word64 digest[WC_SHA512_DIGEST_SIZE / sizeof(word64)]; +#endif + + if (sha512 == NULL || hash == NULL) { + return BAD_FUNC_ARG; + } + +#ifdef LITTLE_ENDIAN_ORDER + ByteReverseWords64((word64*)digest, (word64*)sha512->digest, + WC_SHA512_DIGEST_SIZE); + XMEMCPY(hash, digest, WC_SHA512_DIGEST_SIZE); +#else + XMEMCPY(hash, sha512->digest, WC_SHA512_DIGEST_SIZE); +#endif + + return 0; +} + int wc_Sha512Final(wc_Sha512* sha512, byte* hash) { int ret; @@ -2588,6 +2609,27 @@ int wc_Sha384Update(wc_Sha384* sha384, const byte* data, word32 len) } +int wc_Sha384FinalRaw(wc_Sha384* sha384, byte* hash) +{ +#ifdef LITTLE_ENDIAN_ORDER + word64 digest[WC_SHA384_DIGEST_SIZE / sizeof(word64)]; +#endif + + if (sha384 == NULL || hash == NULL) { + return BAD_FUNC_ARG; + } + +#ifdef LITTLE_ENDIAN_ORDER + ByteReverseWords64((word64*)digest, (word64*)sha384->digest, + WC_SHA384_DIGEST_SIZE); + XMEMCPY(hash, digest, WC_SHA384_DIGEST_SIZE); +#else + XMEMCPY(hash, sha384->digest, WC_SHA384_DIGEST_SIZE); +#endif + + return 0; +} + int wc_Sha384Final(wc_Sha384* sha384, byte* hash) { int ret; diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c index b0d2c1998a..ab1d1e73df 100644 --- a/wolfcrypt/src/wc_port.c +++ b/wolfcrypt/src/wc_port.c @@ -64,6 +64,10 @@ #include #endif +#ifdef WOLF_CRYPTO_DEV + #include +#endif + #ifdef _MSC_VER /* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */ #pragma warning(disable: 4996) @@ -82,6 +86,10 @@ int wolfCrypt_Init(void) if (initRefCount == 0) { WOLFSSL_ENTER("wolfCrypt_Init"); + #ifdef WOLF_CRYPTO_DEV + wc_CryptoDev_Init(); + #endif + #ifdef WOLFSSL_ASYNC_CRYPT ret = wolfAsync_HardwareStart(); if (ret != 0) { @@ -212,7 +220,8 @@ int wolfCrypt_Cleanup(void) return ret; } -#if !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) +#if !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) && \ + !defined(WOLFSSL_NUCLEUS) /* File Handling Helpers */ /* returns 0 if file found, -1 if no files or negative error */ diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 9205ad7992..4d6f929d4f 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -43,7 +43,7 @@ #include #include -#ifdef WOLFSSL_TEST_CERT +#if defined(WOLFSSL_TEST_CERT) || defined(ASN_BER_TO_DER) #include #else #include @@ -119,6 +119,9 @@ #ifdef WOLFSSL_IMX6_CAAM_BLOB #include #endif +#ifdef WOLF_CRYPTO_DEV + #include +#endif #define WOLFSSL_MISC_INCLUDED #include @@ -341,6 +344,9 @@ int blob_test(void); #endif int misc_test(void); +#ifdef WOLF_CRYPTO_DEV +int cryptodev_test(void); +#endif /* General big buffer size for many tests. */ #define FOURK_BUF 4096 @@ -960,6 +966,13 @@ initDefaultName(); else printf( "misc test passed!\n"); +#ifdef WOLF_CRYPTO_DEV + if ( (ret = cryptodev_test()) != 0) + return err_sys("crypto dev test failed!\n", ret); + else + printf( "crypto dev test passed!\n"); +#endif + #ifdef WOLFSSL_ASYNC_CRYPT wolfAsync_DevClose(&devId); #endif @@ -8690,7 +8703,7 @@ static int rsa_sig_test(RsaKey* key, word32 keyLen, int modLen, WC_RNG* rng) * -101 = USER_CRYPTO_ERROR */ if (ret == 0) -#elif defined(WOLFSSL_ASYNC_CRYPT) +#elif defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_DEV) /* async may not require RNG */ if (ret != 0 && ret != MISSING_RNG_E) #elif defined(HAVE_FIPS) || defined(WOLFSSL_ASYNC_CRYPT) || \ @@ -12996,8 +13009,8 @@ int openssl_test(void) int openSSL_evpMD_test(void) { + int ret = 0; #if !defined(NO_SHA256) && !defined(NO_SHA) - int ret ; WOLFSSL_EVP_MD_CTX* ctx; WOLFSSL_EVP_MD_CTX* ctx2; @@ -13006,45 +13019,56 @@ int openSSL_evpMD_test(void) ret = EVP_DigestInit(ctx, EVP_sha256()); if (ret != SSL_SUCCESS) { - return -7600; + ret = -7600; + goto openSSL_evpMD_test_done; } ret = EVP_MD_CTX_copy(ctx2, ctx); if (ret != SSL_SUCCESS) { - return -7601; + ret = -7601; + goto openSSL_evpMD_test_done; } if (EVP_MD_type(EVP_sha256()) != EVP_MD_CTX_type(ctx2)) { - return -7602; + ret = -7602; + goto openSSL_evpMD_test_done; } ret = EVP_DigestInit(ctx, EVP_sha1()); if (ret != SSL_SUCCESS) { - return -7603; + ret = -7603; + goto openSSL_evpMD_test_done; } if (EVP_MD_type(EVP_sha256()) != EVP_MD_CTX_type(ctx2)) { - return -7604; + ret = -7604; + goto openSSL_evpMD_test_done; } ret = EVP_MD_CTX_copy_ex(ctx2, ctx); if (ret != SSL_SUCCESS) { - return -7605; + ret = -7605; + goto openSSL_evpMD_test_done; } if (EVP_MD_type(EVP_sha256()) == EVP_MD_CTX_type(ctx2)) { - return -7606; + ret = -7606; + goto openSSL_evpMD_test_done; } if (EVP_MD_type(EVP_sha1()) != EVP_MD_CTX_type(ctx2)) { - return -7607; + ret = -7607; + goto openSSL_evpMD_test_done; } + ret = 0; /* got to success state without jumping to end with a fail */ + +openSSL_evpMD_test_done: EVP_MD_CTX_destroy(ctx); EVP_MD_CTX_destroy(ctx2); #endif /* NO_SHA256 */ - return 0; + return ret; } #ifdef DEBUG_SIGN @@ -13065,19 +13089,19 @@ static void show(const char *title, const char *p, unsigned int s) { #define ERR_BASE_PKEY -5000 int openssl_pkey0_test(void) { + int ret = 0; #if !defined(NO_RSA) && !defined(HAVE_USER_RSA) && !defined(NO_SHA) byte* prvTmp; byte* pubTmp; int prvBytes; int pubBytes; - RSA *prvRsa; - RSA *pubRsa; - EVP_PKEY *prvPkey; - EVP_PKEY *pubPkey; - EVP_PKEY_CTX *enc; - EVP_PKEY_CTX *dec; + RSA *prvRsa = NULL; + RSA *pubRsa = NULL; + EVP_PKEY *prvPkey = NULL; + EVP_PKEY *pubPkey = NULL; + EVP_PKEY_CTX *enc = NULL; + EVP_PKEY_CTX *dec = NULL; - int ret; byte in[] = "Everyone gets Friday off."; byte out[256]; size_t outlen; @@ -13094,8 +13118,10 @@ int openssl_pkey0_test(void) if (prvTmp == NULL) return ERR_BASE_PKEY-1; pubTmp = (byte*)XMALLOC(FOURK_BUFF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (pubTmp == NULL) + if (pubTmp == NULL) { + XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); return ERR_BASE_PKEY-2; + } #ifdef USE_CERT_BUFFERS_1024 XMEMCPY(prvTmp, client_key_der_1024, sizeof_client_key_der_1024); @@ -13110,41 +13136,46 @@ int openssl_pkey0_test(void) #else keyFile = fopen(cliKey, "rb"); if (!keyFile) { + XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); + XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); err_sys("can't open ./certs/client-key.der, " "Please run from wolfSSL home dir", ERR_BASE_PKEY-3); - XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); return ERR_BASE_PKEY-3; } prvBytes = (int)fread(prvTmp, 1, (int)FOURK_BUFF, keyFile); fclose(keyFile); keypubFile = fopen(cliKeypub, "rb"); if (!keypubFile) { + XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); + XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); err_sys("can't open ./certs/client-cert.der, " "Please run from wolfSSL home dir", -4); - XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); return ERR_BASE_PKEY-4; } pubBytes = (int)fread(pubTmp, 1, (int)FOURK_BUFF, keypubFile); fclose(keypubFile); - #endif /* USE_CERT_BUFFERS */ +#endif /* USE_CERT_BUFFERS */ prvRsa = wolfSSL_RSA_new(); pubRsa = wolfSSL_RSA_new(); if((prvRsa == NULL) || (pubRsa == NULL)){ - printf("error with RSA_new\n"); - return ERR_BASE_PKEY-10; + printf("error with RSA_new\n"); + ret = ERR_BASE_PKEY-10; + goto openssl_pkey0_test_done; } ret = wolfSSL_RSA_LoadDer_ex(prvRsa, prvTmp, prvBytes, WOLFSSL_RSA_LOAD_PRIVATE); if(ret != SSL_SUCCESS){ - printf("error with RSA_LoadDer_ex\n"); - return ERR_BASE_PKEY-11; + printf("error with RSA_LoadDer_ex\n"); + ret = ERR_BASE_PKEY-11; + goto openssl_pkey0_test_done; } ret = wolfSSL_RSA_LoadDer_ex(pubRsa, pubTmp, pubBytes, WOLFSSL_RSA_LOAD_PUBLIC); if(ret != SSL_SUCCESS){ - printf("error with RSA_LoadDer_ex\n"); - return ERR_BASE_PKEY-12; + printf("error with RSA_LoadDer_ex\n"); + ret = ERR_BASE_PKEY-12; + goto openssl_pkey0_test_done; } keySz = (size_t)RSA_size(pubRsa); @@ -13152,37 +13183,43 @@ int openssl_pkey0_test(void) pubPkey = wolfSSL_PKEY_new(); if((prvPkey == NULL) || (pubPkey == NULL)){ printf("error with PKEY_new\n"); - return ERR_BASE_PKEY-13; + ret = ERR_BASE_PKEY-13; + goto openssl_pkey0_test_done; } ret = wolfSSL_EVP_PKEY_set1_RSA(prvPkey, prvRsa); ret += wolfSSL_EVP_PKEY_set1_RSA(pubPkey, pubRsa); if(ret != 2){ printf("error with PKEY_set1_RSA\n"); - return ERR_BASE_PKEY-14; + ret = ERR_BASE_PKEY-14; + goto openssl_pkey0_test_done; } dec = EVP_PKEY_CTX_new(prvPkey, NULL); enc = EVP_PKEY_CTX_new(pubPkey, NULL); if((dec == NULL)||(enc==NULL)){ printf("error with EVP_PKEY_CTX_new\n"); - return ERR_BASE_PKEY-15; + ret = ERR_BASE_PKEY-15; + goto openssl_pkey0_test_done; } ret = EVP_PKEY_decrypt_init(dec); if (ret != 1) { printf("error with decrypt init\n"); - return ERR_BASE_PKEY-16; + ret = ERR_BASE_PKEY-16; + goto openssl_pkey0_test_done; } ret = EVP_PKEY_encrypt_init(enc); if (ret != 1) { printf("error with encrypt init\n"); - return ERR_BASE_PKEY-17; + ret = ERR_BASE_PKEY-17; + goto openssl_pkey0_test_done; } XMEMSET(out, 0, sizeof(out)); ret = EVP_PKEY_encrypt(enc, out, &outlen, in, sizeof(in)); if (ret != 1) { printf("error encrypting msg\n"); - return ERR_BASE_PKEY-18; + ret = ERR_BASE_PKEY-18; + goto openssl_pkey0_test_done; } show("encrypted msg", out, outlen); @@ -13191,7 +13228,8 @@ int openssl_pkey0_test(void) ret = EVP_PKEY_decrypt(dec, plain, &outlen, out, keySz); if (ret != 1) { printf("error decrypting msg\n"); - return ERR_BASE_PKEY-19; + ret = ERR_BASE_PKEY-19; + goto openssl_pkey0_test_done; } show("decrypted msg", plain, outlen); @@ -13199,28 +13237,33 @@ int openssl_pkey0_test(void) ret = EVP_PKEY_decrypt_init(dec); if (ret != 1) { printf("error with decrypt init\n"); - return ERR_BASE_PKEY-30; + ret = ERR_BASE_PKEY-30; + goto openssl_pkey0_test_done; } ret = EVP_PKEY_encrypt_init(enc); if (ret != 1) { printf("error with encrypt init\n"); - return ERR_BASE_PKEY-31; + ret = ERR_BASE_PKEY-31; + goto openssl_pkey0_test_done; } if (EVP_PKEY_CTX_set_rsa_padding(dec, RSA_PKCS1_PADDING) <= 0) { - printf("first set rsa padding error\n"); - return ERR_BASE_PKEY-32; + printf("first set rsa padding error\n"); + ret = ERR_BASE_PKEY-32; + goto openssl_pkey0_test_done; } #ifndef HAVE_FIPS if (EVP_PKEY_CTX_set_rsa_padding(dec, RSA_PKCS1_OAEP_PADDING) <= 0){ printf("second set rsa padding error\n"); - return ERR_BASE_PKEY-33; + ret = ERR_BASE_PKEY-33; + goto openssl_pkey0_test_done; } if (EVP_PKEY_CTX_set_rsa_padding(enc, RSA_PKCS1_OAEP_PADDING) <= 0) { printf("third set rsa padding error\n"); - return ERR_BASE_PKEY-34; + ret = ERR_BASE_PKEY-34; + goto openssl_pkey0_test_done; } #endif @@ -13228,7 +13271,8 @@ int openssl_pkey0_test(void) ret = EVP_PKEY_encrypt(enc, out, &outlen, in, sizeof(in)); if (ret != 1) { printf("error encrypting msg\n"); - return ERR_BASE_PKEY-35; + ret = ERR_BASE_PKEY-35; + goto openssl_pkey0_test_done; } show("encrypted msg", out, outlen); @@ -13237,11 +13281,15 @@ int openssl_pkey0_test(void) ret = EVP_PKEY_decrypt(dec, plain, &outlen, out, keySz); if (ret != 1) { printf("error decrypting msg\n"); - return ERR_BASE_PKEY-36; + ret = ERR_BASE_PKEY-36; + goto openssl_pkey0_test_done; } show("decrypted msg", plain, outlen); + ret = 0; /* made it to this point without error then set success */ +openssl_pkey0_test_done: + wolfSSL_RSA_free(prvRsa); wolfSSL_RSA_free(pubRsa); EVP_PKEY_free(pubPkey); @@ -13252,8 +13300,7 @@ int openssl_pkey0_test(void) XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); #endif /* NO_RSA */ - return 0; - + return ret; } @@ -13454,9 +13501,10 @@ int openssl_evpSig_test() #else keyFile = fopen(cliKey, "rb"); if (!keyFile) { + XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); + XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); err_sys("can't open ./certs/client-key.der, " "Please run from wolfSSL home dir", -40); - XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); return ERR_BASE_EVPSIG-3; } prvBytes = (int)fread(prvTmp, 1, (int)FOURK_BUFF, keyFile); @@ -19247,6 +19295,129 @@ int misc_test(void) return 0; } +#ifdef WOLF_CRYPTO_DEV + +/* Example custom context for crypto callback */ +typedef struct { + int exampleVar; /* example, not used */ +} myCryptoDevCtx; + + +/* Example crypto dev callback function that calls software version */ +static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) +{ + int ret = NOT_COMPILED_IN; /* return this to bypass HW and use SW */ + myCryptoDevCtx* myCtx = (myCryptoDevCtx*)ctx; + + if (info == NULL) + return BAD_FUNC_ARG; + + if (info->algo_type == WC_ALGO_TYPE_PK) { + #ifdef DEBUG_WOLFSSL + printf("CryptoDevCb: Pk Type %d\n", info->pk.type); + #endif + + #ifndef NO_RSA + if (info->pk.type == WC_PK_TYPE_RSA) { + /* set devId to invalid, so software is used */ + info->pk.rsa.key->devId = INVALID_DEVID; + + switch (info->pk.rsa.type) { + case RSA_PUBLIC_ENCRYPT: + case RSA_PUBLIC_DECRYPT: + /* perform software based RSA public op */ + ret = wc_RsaFunction( + info->pk.rsa.in, info->pk.rsa.inLen, + info->pk.rsa.out, info->pk.rsa.outLen, + info->pk.rsa.type, info->pk.rsa.key, info->pk.rsa.rng); + break; + case RSA_PRIVATE_ENCRYPT: + case RSA_PRIVATE_DECRYPT: + /* perform software based RSA private op */ + ret = wc_RsaFunction( + info->pk.rsa.in, info->pk.rsa.inLen, + info->pk.rsa.out, info->pk.rsa.outLen, + info->pk.rsa.type, info->pk.rsa.key, info->pk.rsa.rng); + break; + } + + /* reset devId */ + info->pk.rsa.key->devId = devIdArg; + } + #endif /* !NO_RSA */ + #ifdef HAVE_ECC + if (info->pk.type == WC_PK_TYPE_ECDSA_SIGN) { + /* set devId to invalid, so software is used */ + info->pk.eccsign.key->devId = INVALID_DEVID; + + ret = wc_ecc_sign_hash( + info->pk.eccsign.in, info->pk.eccsign.inlen, + info->pk.eccsign.out, info->pk.eccsign.outlen, + info->pk.eccsign.rng, info->pk.eccsign.key); + + /* reset devId */ + info->pk.eccsign.key->devId = devIdArg; + } + else if (info->pk.type == WC_PK_TYPE_ECDSA_VERIFY) { + /* set devId to invalid, so software is used */ + info->pk.eccverify.key->devId = INVALID_DEVID; + + ret = wc_ecc_verify_hash( + info->pk.eccverify.sig, info->pk.eccverify.siglen, + info->pk.eccverify.hash, info->pk.eccverify.hashlen, + info->pk.eccverify.res, info->pk.eccverify.key); + + /* reset devId */ + info->pk.eccverify.key->devId = devIdArg; + } + else if (info->pk.type == WC_PK_TYPE_ECDH) { + /* set devId to invalid, so software is used */ + info->pk.ecdh.private_key->devId = INVALID_DEVID; + + ret = wc_ecc_shared_secret( + info->pk.ecdh.private_key, info->pk.ecdh.public_key, + info->pk.ecdh.out, info->pk.ecdh.outlen); + + /* reset devId */ + info->pk.ecdh.private_key->devId = devIdArg; + } + #endif /* HAVE_ECC */ + } + + (void)myCtx; + + return ret; +} + +int cryptodev_test(void) +{ + int ret = 0; + myCryptoDevCtx myCtx; + + /* example data for callback */ + myCtx.exampleVar = 1; + + /* set devId to something other than INVALID_DEVID */ + devId = 1; + ret = wc_CryptoDev_RegisterDevice(devId, myCryptoDevCb, &myCtx); + +#ifndef NO_RSA + if (ret == 0) + ret = rsa_test(); +#endif +#ifdef HAVE_ECC + if (ret == 0) + ret = ecc_test(); +#endif + + /* reset devId */ + devId = INVALID_DEVID; + + return ret; +} +#endif /* WOLF_CRYPTO_DEV */ + + #undef ERROR_OUT #else diff --git a/wolfssl/internal.h b/wolfssl/internal.h index c1ac96531b..9c5beadbf7 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -1095,10 +1095,6 @@ enum Misc { PAD_MD5 = 48, /* pad length for finished */ PAD_SHA = 40, /* pad length for finished */ MAX_PAD_SIZE = 256, /* maximum length of padding */ - COMPRESS_DUMMY_SIZE = 64, /* compression dummy round size */ - COMPRESS_CONSTANT = 13, /* compression calc constant */ - COMPRESS_UPPER = 55, /* compression calc numerator */ - COMPRESS_LOWER = 64, /* compression calc denominator */ LENGTH_SZ = 2, /* length field for HMAC, data only */ VERSION_SZ = 2, /* length of proctocol version */ @@ -1181,6 +1177,7 @@ enum Misc { OPAQUE8_LEN + WC_MAX_DIGEST_SIZE, MAX_REQUEST_SZ = 256, /* Maximum cert req len (no auth yet */ SESSION_FLUSH_COUNT = 256, /* Flush session cache unless user turns off */ + TLS_MAX_PAD_SZ = 255, /* Max padding in TLS */ #ifdef HAVE_FIPS MAX_SYM_KEY_SIZE = AES_256_KEY_SIZE, @@ -1556,6 +1553,8 @@ WOLFSSL_LOCAL int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, word32 helloSz, byte* extMsgType); #endif +int TimingPadVerify(WOLFSSL* ssl, const byte* input, int padLen, int t, + int pLen, int content); enum { @@ -1981,7 +1980,7 @@ WOLFSSL_LOCAL void TLSX_FreeAll(TLSX* list, void* heap); WOLFSSL_LOCAL int TLSX_SupportExtensions(WOLFSSL* ssl); WOLFSSL_LOCAL int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isRequest); -#ifndef NO_WOLFSSL_CLIENT +#if defined(WOLFSSL_TLS13) || !defined(NO_WOLFSSL_CLIENT) WOLFSSL_LOCAL int TLSX_GetRequestSize(WOLFSSL* ssl, byte msgType, word16* pLength); WOLFSSL_LOCAL int TLSX_WriteRequest(WOLFSSL* ssl, byte* output, @@ -2145,9 +2144,9 @@ WOLFSSL_LOCAL int TLSX_UsePointFormat(TLSX** extensions, byte point, WOLFSSL_LOCAL int TLSX_ValidateSupportedCurves(WOLFSSL* ssl, byte first, byte second); WOLFSSL_LOCAL int TLSX_SupportedCurve_CheckPriority(WOLFSSL* ssl); +#endif WOLFSSL_LOCAL int TLSX_SupportedCurve_Preferred(WOLFSSL* ssl, int checkSupported); -#endif #endif /* HAVE_SUPPORTED_CURVES */ @@ -2859,7 +2858,7 @@ WOLFSSL_SESSION* GetSession(WOLFSSL*, byte*, byte); WOLFSSL_LOCAL int SetSession(WOLFSSL*, WOLFSSL_SESSION*); -typedef int (*hmacfp) (WOLFSSL*, byte*, const byte*, word32, int, int); +typedef int (*hmacfp) (WOLFSSL*, byte*, const byte*, word32, int, int, int); #ifndef NO_CLIENT_CACHE WOLFSSL_SESSION* GetSessionClient(WOLFSSL*, const byte*, int); @@ -3948,7 +3947,7 @@ WOLFSSL_LOCAL int GrowInputBuffer(WOLFSSL* ssl, int size, int usedLength); #ifndef NO_TLS WOLFSSL_LOCAL int MakeTlsMasterSecret(WOLFSSL*); WOLFSSL_LOCAL int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, - word32 sz, int content, int verify); + word32 sz, int padSz, int content, int verify); #endif #ifndef NO_WOLFSSL_CLIENT diff --git a/wolfssl/openssl/bn.h b/wolfssl/openssl/bn.h index b1097e8824..d51450e7b1 100644 --- a/wolfssl/openssl/bn.h +++ b/wolfssl/openssl/bn.h @@ -110,7 +110,7 @@ WOLFSSL_API int wolfSSL_BN_is_prime_ex(const WOLFSSL_BIGNUM*, int, WOLFSSL_API WOLFSSL_BN_ULONG wolfSSL_BN_mod_word(const WOLFSSL_BIGNUM*, WOLFSSL_BN_ULONG); #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) - WOLFSSL_API int wolfSSL_BN_print_fp(FILE*, const WOLFSSL_BIGNUM*); + WOLFSSL_API int wolfSSL_BN_print_fp(XFILE, const WOLFSSL_BIGNUM*); #endif WOLFSSL_API int wolfSSL_BN_rshift(WOLFSSL_BIGNUM*, const WOLFSSL_BIGNUM*, int); WOLFSSL_API WOLFSSL_BIGNUM *wolfSSL_BN_CTX_get(WOLFSSL_BN_CTX *ctx); diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 705944ceff..93a5c39043 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -1227,9 +1227,9 @@ enum { /* wolfSSL extension, provide last error from SSL_get_error since not using thread storage error queue */ #include -WOLFSSL_API void wolfSSL_ERR_print_errors_fp(FILE*, int err); +WOLFSSL_API void wolfSSL_ERR_print_errors_fp(XFILE, int err); #if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE) -WOLFSSL_API void wolfSSL_ERR_dump_errors_fp(FILE* fp); +WOLFSSL_API void wolfSSL_ERR_dump_errors_fp(XFILE fp); #endif #endif @@ -1540,7 +1540,7 @@ WOLFSSL_API void wolfSSL_X509_CRL_free(WOLFSSL_X509_CRL *crl); #ifndef NO_FILESYSTEM #ifndef NO_STDIO_FILESYSTEM WOLFSSL_API WOLFSSL_X509* - wolfSSL_X509_d2i_fp(WOLFSSL_X509** x509, FILE* file); + wolfSSL_X509_d2i_fp(WOLFSSL_X509** x509, XFILE file); #endif WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_load_certificate_file(const char* fname, int format); @@ -2347,7 +2347,6 @@ WOLFSSL_API int wolfSSL_set_SessionTicket_cb(WOLFSSL*, CallbackSessionTicket, void*); #endif /* NO_WOLFSSL_CLIENT */ -#ifndef NO_WOLFSSL_SERVER #define WOLFSSL_TICKET_NAME_SZ 16 #define WOLFSSL_TICKET_IV_SZ 16 @@ -2360,6 +2359,8 @@ enum TicketEncRet { WOLFSSL_TICKET_RET_CREATE /* existing ticket ok and create new one */ }; +#ifndef NO_WOLFSSL_SERVER + typedef int (*SessionTicketEncCb)(WOLFSSL*, unsigned char key_name[WOLFSSL_TICKET_NAME_SZ], unsigned char iv[WOLFSSL_TICKET_IV_SZ], @@ -2571,7 +2572,7 @@ WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509(WOLFSSL_BIO *bp, WOLFSSL_X50 WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509_AUX (WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u); #ifndef NO_FILESYSTEM -WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_PEM_read_X509_CRL(FILE *fp, WOLFSSL_X509_CRL **x, +WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_PEM_read_X509_CRL(XFILE fp, WOLFSSL_X509_CRL **x, pem_password_cb *cb, void *u); #endif diff --git a/wolfssl/version.h b/wolfssl/version.h index 0af5fb25f4..2382770581 100644 --- a/wolfssl/version.h +++ b/wolfssl/version.h @@ -28,8 +28,8 @@ extern "C" { #endif -#define LIBWOLFSSL_VERSION_STRING "3.14.0" -#define LIBWOLFSSL_VERSION_HEX 0x03014000 +#define LIBWOLFSSL_VERSION_STRING "3.15.0" +#define LIBWOLFSSL_VERSION_HEX 0x03015000 #ifdef __cplusplus } diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index 35b372355b..039ee34fac 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -439,6 +439,7 @@ typedef struct DNS_entry DNS_entry; struct DNS_entry { DNS_entry* next; /* next on DNS list */ int type; /* i.e. ASN_DNS_TYPE */ + int len; /* actual DNS len */ char* name; /* actual DNS name */ }; diff --git a/wolfssl/wolfcrypt/asn_public.h b/wolfssl/wolfcrypt/asn_public.h index 9bd337effc..a3c914a581 100644 --- a/wolfssl/wolfcrypt/asn_public.h +++ b/wolfssl/wolfcrypt/asn_public.h @@ -100,11 +100,15 @@ enum Ctc_Encoding { CTC_PRINTABLE = 0x13 /* printable */ }; +#ifndef WC_CTC_MAX_ALT_SIZE + #define WC_CTC_MAX_ALT_SIZE 16384 +#endif + enum Ctc_Misc { CTC_COUNTRY_SIZE = 2, CTC_NAME_SIZE = 64, CTC_DATE_SIZE = 32, - CTC_MAX_ALT_SIZE = 16384, /* may be huge */ + CTC_MAX_ALT_SIZE = WC_CTC_MAX_ALT_SIZE, /* may be huge, default: 16384 */ CTC_SERIAL_SIZE = 16, #ifdef WOLFSSL_CERT_EXT /* AKID could contains: hash + (Option) AuthCertIssuer,AuthCertSerialNum diff --git a/wolfssl/wolfcrypt/cryptodev.h b/wolfssl/wolfcrypt/cryptodev.h new file mode 100644 index 0000000000..98be93cb4b --- /dev/null +++ b/wolfssl/wolfcrypt/cryptodev.h @@ -0,0 +1,114 @@ +/* cryptodev.h + * + * Copyright (C) 2006-2018 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +#ifndef _WOLF_CRYPTO_DEV_H_ +#define _WOLF_CRYPTO_DEV_H_ + +#include + +#ifdef __cplusplus + extern "C" { +#endif + +#ifdef WOLF_CRYPTO_DEV + +#ifndef NO_RSA + #include +#endif +#ifdef HAVE_ECC + #include +#endif + +/* Crypto Information Structure for callbacks */ +typedef struct wc_CryptoInfo { + int algo_type; /* enum wc_AlgoType */ + struct { + int type; /* enum wc_PkType */ + union { + #ifndef NO_RSA + struct { + const byte* in; + word32 inLen; + byte* out; + word32* outLen; + int type; + RsaKey* key; + WC_RNG* rng; + } rsa; + #endif + #ifdef HAVE_ECC + struct { + ecc_key* private_key; + ecc_key* public_key; + byte* out; + word32* outlen; + } ecdh; + struct { + const byte* in; + word32 inlen; + byte* out; + word32 *outlen; + WC_RNG* rng; + ecc_key* key; + } eccsign; + struct { + const byte* sig; + word32 siglen; + const byte* hash; + word32 hashlen; + int* res; + ecc_key* key; + } eccverify; + #endif + }; + } pk; +} wc_CryptoInfo; + +typedef int (*CryptoDevCallbackFunc)(int devId, wc_CryptoInfo* info, void* ctx); + +WOLFSSL_LOCAL void wc_CryptoDev_Init(void); + +WOLFSSL_API int wc_CryptoDev_RegisterDevice(int devId, CryptoDevCallbackFunc cb, void* ctx); +WOLFSSL_API void wc_CryptoDev_UnRegisterDevice(int devId); + + +#ifndef NO_RSA +WOLFSSL_LOCAL int wc_CryptoDev_Rsa(const byte* in, word32 inLen, byte* out, + word32* outLen, int type, RsaKey* key, WC_RNG* rng); +#endif /* !NO_RSA */ + +#ifdef HAVE_ECC +WOLFSSL_LOCAL int wc_CryptoDev_Ecdh(ecc_key* private_key, ecc_key* public_key, + byte* out, word32* outlen); + +WOLFSSL_LOCAL int wc_CryptoDev_EccSign(const byte* in, word32 inlen, byte* out, + word32 *outlen, WC_RNG* rng, ecc_key* key); + +WOLFSSL_LOCAL int wc_CryptoDev_EccVerify(const byte* sig, word32 siglen, + const byte* hash, word32 hashlen, int* res, ecc_key* key); +#endif /* HAVE_ECC */ + +#endif /* WOLF_CRYPTO_DEV */ + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* _WOLF_CRYPTO_DEV_H_ */ diff --git a/wolfssl/wolfcrypt/ecc.h b/wolfssl/wolfcrypt/ecc.h index f6fdf219b1..54c92aa096 100644 --- a/wolfssl/wolfcrypt/ecc.h +++ b/wolfssl/wolfcrypt/ecc.h @@ -122,7 +122,7 @@ enum { /* max crypto hardware size */ #ifdef WOLFSSL_ATECC508A ECC_MAX_CRYPTO_HW_SIZE = ATECC_KEY_SIZE, /* from port/atmel/atmel.h */ - ECC_MAX_CRYPTO_HW_PUBKEY_SIZE = (ATECC_KEY_SIZE*2) + ECC_MAX_CRYPTO_HW_PUBKEY_SIZE = (ATECC_KEY_SIZE*2), #elif defined(PLUTON_CRYPTO_ECC) ECC_MAX_CRYPTO_HW_SIZE = 32, #endif @@ -319,7 +319,7 @@ struct ecc_key { int slot; /* Key Slot Number (-1 unknown) */ byte pubkey_raw[ECC_MAX_CRYPTO_HW_PUBKEY_SIZE]; #endif -#ifdef PLUTON_CRYPTO_ECC +#if defined(PLUTON_CRYPTO_ECC) || defined(WOLF_CRYPTO_DEV) int devId; #endif #ifdef WOLFSSL_ASYNC_CRYPT diff --git a/wolfssl/wolfcrypt/include.am b/wolfssl/wolfcrypt/include.am index 6e84ed9d55..95221ef1da 100644 --- a/wolfssl/wolfcrypt/include.am +++ b/wolfssl/wolfcrypt/include.am @@ -61,7 +61,8 @@ nobase_include_HEADERS+= \ wolfssl/wolfcrypt/pkcs12.h \ wolfssl/wolfcrypt/wolfmath.h \ wolfssl/wolfcrypt/sha3.h \ - wolfssl/wolfcrypt/cpuid.h + wolfssl/wolfcrypt/cpuid.h \ + wolfssl/wolfcrypt/cryptodev.h noinst_HEADERS+= \ wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h \ diff --git a/wolfssl/wolfcrypt/logging.h b/wolfssl/wolfcrypt/logging.h index cbff0fa64f..19ea0e5cd3 100644 --- a/wolfssl/wolfcrypt/logging.h +++ b/wolfssl/wolfcrypt/logging.h @@ -112,7 +112,7 @@ WOLFSSL_API void wolfSSL_Debugging_OFF(void); WOLFSSL_API int wc_SetLoggingHeap(void* h); WOLFSSL_API int wc_ERR_remove_state(void); #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) - WOLFSSL_API void wc_ERR_print_errors_fp(FILE* fp); + WOLFSSL_API void wc_ERR_print_errors_fp(XFILE fp); #endif #endif /* OPENSSL_EXTRA || DEBUG_WOLFSSL_VERBOSE */ diff --git a/wolfssl/wolfcrypt/misc.h b/wolfssl/wolfcrypt/misc.h index ea86dd7076..7cf4cff2af 100644 --- a/wolfssl/wolfcrypt/misc.h +++ b/wolfssl/wolfcrypt/misc.h @@ -91,6 +91,15 @@ void ato24(const byte* c, word32* u24); void ato32(const byte* c, word32* u32); word32 btoi(byte b); + +WOLFSSL_LOCAL byte ctMaskGT(int a, int b); +WOLFSSL_LOCAL byte ctMaskGTE(int a, int b); +WOLFSSL_LOCAL byte ctMaskLT(int a, int b); +WOLFSSL_LOCAL byte ctMaskLTE(int a, int b); +WOLFSSL_LOCAL byte ctMaskEq(int a, int b); +WOLFSSL_LOCAL byte ctMaskSel(byte m, byte a, byte b); +WOLFSSL_LOCAL byte ctSetLTE(int a, int b); + #endif /* NO_INLINE */ diff --git a/wolfssl/wolfcrypt/pkcs7.h b/wolfssl/wolfcrypt/pkcs7.h index 513c6d7b2b..e17bf2eecb 100644 --- a/wolfssl/wolfcrypt/pkcs7.h +++ b/wolfssl/wolfcrypt/pkcs7.h @@ -133,6 +133,7 @@ typedef struct PKCS7 { int encryptOID; /* key encryption algorithm OID */ int keyWrapOID; /* key wrap algorithm OID */ int keyAgreeOID; /* key agreement algorithm OID */ + int devId; /* device ID for HW based private key */ byte issuerHash[KEYID_SIZE]; /* hash of all alt Names */ byte issuerSn[MAX_SN_SZ]; /* singleCert's serial number */ byte publicKey[MAX_RSA_INT_SZ + MAX_RSA_E_SZ ];/*MAX RSA key size (m + e)*/ diff --git a/wolfssl/wolfcrypt/port/caam/wolfcaam_sha.h b/wolfssl/wolfcrypt/port/caam/wolfcaam_sha.h index cb4b087811..95ddf55bfa 100644 --- a/wolfssl/wolfcrypt/port/caam/wolfcaam_sha.h +++ b/wolfssl/wolfcrypt/port/caam/wolfcaam_sha.h @@ -28,6 +28,8 @@ #include +#define WOLFSSL_NO_HASH_RAW + #ifndef WC_CAAM_CTXLEN /* last 8 bytes of context is for length */ #define WC_CAAM_CTXLEN 8 diff --git a/wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h b/wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h index 1eae5837af..354c832c4c 100644 --- a/wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h +++ b/wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h @@ -196,6 +196,8 @@ int wc_Pic32DesCrypt(word32 *key, int keyLen, word32 *iv, int ivLen, #endif #ifdef WOLFSSL_PIC32MZ_HASH +#define WOLFSSL_NO_HASH_RAW + int wc_Pic32Hash(const byte* in, int inLen, word32* out, int outLen, int algo); int wc_Pic32HashCopy(hashUpdCache* src, hashUpdCache* dst); #endif diff --git a/wolfssl/wolfcrypt/port/st/stm32.h b/wolfssl/wolfcrypt/port/st/stm32.h index 2c82b4760a..40629aaf65 100644 --- a/wolfssl/wolfcrypt/port/st/stm32.h +++ b/wolfssl/wolfcrypt/port/st/stm32.h @@ -24,6 +24,8 @@ #ifdef STM32_HASH +#define WOLFSSL_NO_HASH_RAW + /* Generic STM32 Hashing Function */ /* Supports CubeMX HAL or Standard Peripheral Library */ diff --git a/wolfssl/wolfcrypt/port/ti/ti-hash.h b/wolfssl/wolfcrypt/port/ti/ti-hash.h index 361993896b..d42404e01e 100644 --- a/wolfssl/wolfcrypt/port/ti/ti-hash.h +++ b/wolfssl/wolfcrypt/port/ti/ti-hash.h @@ -33,6 +33,8 @@ #define WOLFSSL_MAX_HASH_SIZE 64 #endif +#define WOLFSSL_NO_HASH_RAW + typedef struct { byte *msg; word32 used; diff --git a/wolfssl/wolfcrypt/rsa.h b/wolfssl/wolfcrypt/rsa.h index a11b016eb4..380072d9e2 100644 --- a/wolfssl/wolfcrypt/rsa.h +++ b/wolfssl/wolfcrypt/rsa.h @@ -121,6 +121,9 @@ struct RsaKey { #ifdef WC_RSA_BLINDING WC_RNG* rng; /* for PrivateDecrypt blinding */ #endif +#ifdef WOLF_CRYPTO_DEV + int devId; +#endif #ifdef WOLFSSL_ASYNC_CRYPT WC_ASYNC_DEV asyncDev; #ifdef WOLFSSL_CERT_GEN @@ -149,7 +152,7 @@ WOLFSSL_API int wc_FreeRsaKey(RsaKey* key); WOLFSSL_LOCAL int wc_InitRsaHw(RsaKey* key); #endif /* WOLFSSL_XILINX_CRYPT */ -WOLFSSL_LOCAL int wc_RsaFunction(const byte* in, word32 inLen, byte* out, +WOLFSSL_API int wc_RsaFunction(const byte* in, word32 inLen, byte* out, word32* outLen, int type, RsaKey* key, WC_RNG* rng); WOLFSSL_API int wc_RsaPublicEncrypt(const byte* in, word32 inLen, byte* out, @@ -235,9 +238,13 @@ WOLFSSL_API int wc_RsaPrivateDecrypt_ex(const byte* in, word32 inLen, WOLFSSL_API int wc_RsaPrivateDecryptInline_ex(byte* in, word32 inLen, byte** out, RsaKey* key, int type, enum wc_HashType hash, int mgf, byte* label, word32 lableSz); +#if defined(WC_RSA_DIRECT) || defined(WC_RSA_NO_PADDING) WOLFSSL_API int wc_RsaDirect(byte* in, word32 inLen, byte* out, word32* outSz, RsaKey* key, int type, WC_RNG* rng); +#endif + #endif /* HAVE_FIPS*/ + WOLFSSL_API int wc_RsaFlattenPublicKey(RsaKey*, byte*, word32*, byte*, word32*); WOLFSSL_API int wc_RsaExportKey(RsaKey* key, diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index a966db6f0c..b1fdd76986 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -1678,6 +1678,11 @@ extern void uITRON4_free(void *p) ; #define KEEP_PEER_CERT #endif +/* RAW hash function APIs are not implemented with ARMv8 hardware acceleration*/ +#ifdef WOLFSSL_ARMASM + #undef WOLFSSL_NO_HASH_RAW + #define WOLFSSL_NO_HASH_RAW +#endif #ifdef __cplusplus } /* extern "C" */ diff --git a/wolfssl/wolfcrypt/sha.h b/wolfssl/wolfcrypt/sha.h index a6a9284ee1..f782bfe6b9 100644 --- a/wolfssl/wolfcrypt/sha.h +++ b/wolfssl/wolfcrypt/sha.h @@ -123,6 +123,7 @@ typedef struct wc_Sha { WOLFSSL_API int wc_InitSha(wc_Sha*); WOLFSSL_API int wc_InitSha_ex(wc_Sha* sha, void* heap, int devId); WOLFSSL_API int wc_ShaUpdate(wc_Sha*, const byte*, word32); +WOLFSSL_API int wc_ShaFinalRaw(wc_Sha*, byte*); WOLFSSL_API int wc_ShaFinal(wc_Sha*, byte*); WOLFSSL_API void wc_ShaFree(wc_Sha*); diff --git a/wolfssl/wolfcrypt/sha256.h b/wolfssl/wolfcrypt/sha256.h index 4ea49d0afc..3beb9457e4 100644 --- a/wolfssl/wolfcrypt/sha256.h +++ b/wolfssl/wolfcrypt/sha256.h @@ -139,6 +139,7 @@ typedef struct wc_Sha256 { WOLFSSL_API int wc_InitSha256(wc_Sha256*); WOLFSSL_API int wc_InitSha256_ex(wc_Sha256*, void*, int); WOLFSSL_API int wc_Sha256Update(wc_Sha256*, const byte*, word32); +WOLFSSL_API int wc_Sha256FinalRaw(wc_Sha256*, byte*); WOLFSSL_API int wc_Sha256Final(wc_Sha256*, byte*); WOLFSSL_API void wc_Sha256Free(wc_Sha256*); diff --git a/wolfssl/wolfcrypt/sha512.h b/wolfssl/wolfcrypt/sha512.h index c899ac77e8..66fd5676f3 100644 --- a/wolfssl/wolfcrypt/sha512.h +++ b/wolfssl/wolfcrypt/sha512.h @@ -116,6 +116,7 @@ typedef struct wc_Sha512 { WOLFSSL_API int wc_InitSha512(wc_Sha512*); WOLFSSL_API int wc_InitSha512_ex(wc_Sha512*, void*, int); WOLFSSL_API int wc_Sha512Update(wc_Sha512*, const byte*, word32); +WOLFSSL_API int wc_Sha512FinalRaw(wc_Sha512*, byte*); WOLFSSL_API int wc_Sha512Final(wc_Sha512*, byte*); WOLFSSL_API void wc_Sha512Free(wc_Sha512*); @@ -152,6 +153,7 @@ typedef wc_Sha512 wc_Sha384; WOLFSSL_API int wc_InitSha384(wc_Sha384*); WOLFSSL_API int wc_InitSha384_ex(wc_Sha384*, void*, int); WOLFSSL_API int wc_Sha384Update(wc_Sha384*, const byte*, word32); +WOLFSSL_API int wc_Sha384FinalRaw(wc_Sha384*, byte*); WOLFSSL_API int wc_Sha384Final(wc_Sha384*, byte*); WOLFSSL_API void wc_Sha384Free(wc_Sha384*); diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h old mode 100755 new mode 100644 index 7008abb50d..235a0d3c3b --- a/wolfssl/wolfcrypt/types.h +++ b/wolfssl/wolfcrypt/types.h @@ -102,7 +102,7 @@ (defined(LP64) || defined(_LP64)) /* LP64 with GNU GCC compiler is reserved for when long int is 64 bits * and int uses 32 bits. When using Solaris Studio sparc and __sparc are - * avialable for 32 bit detection but __sparc64__ could be missed. This + * available for 32 bit detection but __sparc64__ could be missed. This * uses LP64 for checking 64 bit CPU arch. */ typedef word64 wolfssl_word; #define WC_64BIT_CPU @@ -201,7 +201,7 @@ /* idea to add global alloc override by Moises Guimaraes */ /* default to libc stuff */ /* XREALLOC is used once in normal math lib, not in fast math lib */ - /* XFREE on some embeded systems doesn't like free(0) so test */ + /* XFREE on some embedded systems doesn't like free(0) so test */ #if defined(HAVE_IO_POOL) WOLFSSL_API void* XMALLOC(size_t n, void* heap, int type); WOLFSSL_API void* XREALLOC(void *p, size_t n, void* heap, int type); @@ -496,6 +496,17 @@ MIN_STACK_BUFFER = 8 }; + + /* Algorithm Types */ + enum wc_AlgoType { + WC_ALGO_TYPE_NONE = 0, + WC_ALGO_TYPE_HASH = 1, + WC_ALGO_TYPE_CIPHER = 2, + WC_ALGO_TYPE_PK = 3, + + WC_ALGO_TYPE_MAX = WC_ALGO_TYPE_PK + }; + /* hash types */ enum wc_HashType { WC_HASH_TYPE_NONE = 0, @@ -518,7 +529,7 @@ }; /* cipher types */ - enum CipherTypes { + enum wc_CipherType { WC_CIPHER_NONE = 0, WC_CIPHER_AES = 1, WC_CIPHER_AES_CBC = 2, @@ -530,10 +541,25 @@ WC_CIPHER_DES = 8, WC_CIPHER_CHACHA = 9, WC_CIPHER_HC128 = 10, + WC_CIPHER_IDEA = 11, WC_CIPHER_MAX = WC_CIPHER_HC128 }; + /* PK=public key (asymmetric) based algorithms */ + enum wc_PkType { + WC_PK_TYPE_NONE = 0, + WC_PK_TYPE_RSA = 1, + WC_PK_TYPE_DH = 2, + WC_PK_TYPE_ECDH = 3, + WC_PK_TYPE_ECDSA_SIGN = 4, + WC_PK_TYPE_ECDSA_VERIFY = 5, + WC_PK_TYPE_ED25519 = 6, + WC_PK_TYPE_CURVE25519 = 7, + + WC_PK_TYPE_MAX = WC_PK_TYPE_CURVE25519 + }; + /* settings detection for compile vs runtime math incompatibilities */ enum { diff --git a/wolfssl/wolfcrypt/wc_port.h b/wolfssl/wolfcrypt/wc_port.h index 7490b08de7..9a6333a1fe 100644 --- a/wolfssl/wolfcrypt/wc_port.h +++ b/wolfssl/wolfcrypt/wc_port.h @@ -35,7 +35,8 @@ /* Detect if compiler supports C99. "NO_WOLF_C99" can be defined in * user_settings.h to disable checking for C99 support. */ -#if !defined(WOLF_C99) && defined(__STDC_VERSION__) && !defined(NO_WOLF_C99) +#if !defined(WOLF_C99) && defined(__STDC_VERSION__) && \ + !defined(WOLFSSL_ARDUINO) && !defined(NO_WOLF_C99) #if __STDC_VERSION__ >= 199901L #define WOLF_C99 #endif @@ -292,7 +293,8 @@ WOLFSSL_API int wolfCrypt_Cleanup(void); #define XBADFILE NULL #define XFGETS fgets - #if !defined(USE_WINDOWS_API) && !defined(NO_WOLFSSL_DIR) + #if !defined(USE_WINDOWS_API) && !defined(NO_WOLFSSL_DIR)\ + && !defined(WOLFSSL_NUCLEUS) #include #include #include @@ -306,7 +308,7 @@ WOLFSSL_API int wolfCrypt_Cleanup(void); #define MAX_PATH 256 #endif -#if !defined(NO_WOLFSSL_DIR) +#if !defined(NO_WOLFSSL_DIR) && !defined(WOLFSSL_NUCLEUS) typedef struct ReadDirCtx { #ifdef USE_WINDOWS_API WIN32_FIND_DATAA FindFileData;